Re: Please send email directly to misc@openBSD.org (no cc please)
On Nov 16, 2007 7:20 AM, Weldon Goree [EMAIL PROTECTED] wrote: On Fri, 2007-11-16 at 00:28 -0500, Piet Slaghekke wrote: I like to filter my openBSD emails and the only way I can do it is if everyone send their email with misc@openBSD.org in the To field. Please send email To misc@openBSD.org and do not CC it to this address. Thanks! If only there were mail clients that allowed one to filter on To: or Cc:... Can people please only mail stuff to misc that I'm interested in? Doh.
Re: Does Xenocara requires sets x*42.tgz
Hi, On 16/11/2007, Zoong PHAM [EMAIL PROTECTED] wrote: The reason is the X sets don't have window manager cwm. Where did you get this idea from? It's in the sets. -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: Please send email directly to misc@openBSD.org (no cc please)
On 16/11/2007, at 7:20 PM, Weldon Goree wrote: If only there were mail clients that allowed one to filter on To: or Cc:... And automatically added sarcasm dripping /sarcasm tags?
Softraid Experimentation
Hi there, I am playing with softraid. So far it seems very good. I have a 3 disk volume. If I remove one disk from the machine and boot it up, this is the result: ---8--- # dmesg | grep softraid0 softraid0 at root softraid0: not assembling partial disk that used to be volume 0 # bioctl softraid0 # ---8--- Is this correct behavior or is that part not implemented yet? Ideally the volume should continue to function but in some degraded state? Is that right? Thanks -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: nptd regression in 4.2
On Fri, Nov 16, 2007 at 12:40:29PM +0100, frantisek holop wrote: hmm, on Fri, Nov 16, 2007 at 12:30:00PM +0100, Toni Mueller said that could someone test this before i submit a bug report? I've removed the '-s' flag for this reason, although I would very much prefer to have it in place in the case that I have net access. I don't know whether it would be feasible for ntpd to see whether there's an appropriate route, and whether the relevant interfaces are up. it definitely worked in 4.1 even with -s. It is this commit, which manages to keep the outging buffer full. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/client.c.diff?r1=1.75r2=1.76f=h Reverting it makes the problem go away. Still thinking how to solve this. -Otto
Re: nptd regression in 4.2
Hi, On Fri, 16.11.2007 at 11:43:38 +0100, frantisek holop [EMAIL PROTECTED] wrote: i have upgraded to 4.2 and because i am frequently without net access i see the following: at startup time ntpd just hangs indefinitely and must be terminated. yes. ntpd_flags=-s could someone test this before i submit a bug report? I've removed the '-s' flag for this reason, although I would very much prefer to have it in place in the case that I have net access. I don't know whether it would be feasible for ntpd to see whether there's an appropriate route, and whether the relevant interfaces are up. Best, --Toni++
nptd regression in 4.2
hi there, i have upgraded to 4.2 and because i am frequently without net access i see the following: at startup time ntpd just hangs indefinitely and must be terminated. /etc/rc.conf.local: ntpd_flags=-s /etc/hostname.rl0: dhcp NONE NONE NONE otherwise a stock 4.2 install. could someone test this before i submit a bug report? -f -- so you think you can tell heaven from hell.
Re: nptd regression in 4.2
On Fri, Nov 16, 2007 at 11:43:38AM +0100, frantisek holop wrote: hi there, i have upgraded to 4.2 and because i am frequently without net access i see the following: at startup time ntpd just hangs indefinitely and must be terminated. /etc/rc.conf.local: ntpd_flags=-s /etc/hostname.rl0: dhcp NONE NONE NONE otherwise a stock 4.2 install. could someone test this before i submit a bug report? -f -- so you think you can tell heaven from hell. I can reproduce. If there's no active network interface, the poll() in main() generates a POLLOUT event (because there's a request to send out), but msgbuf_write() returns 0, so the outgoing request stays in the buffer, causing a loop, because the next poll will generate a POLLOUT event. Are you sure this did not happen before? I'll think about a diff. -Otto
Re: Performance problem with CF card on AMD CS5536 IDE
Hi Jan, Sorry for the delay, I overlooked your reply If I use exactly the same commands / mount options as you I get less than 1MB/s I know that I cannot expect a good performance with the CF card, but 5MB/s would just be fine :-) What else can I try? Greetings Stefan My config: fstab: /dev/rd0a / ffs rw,noatime 0 0 # kernel rd/rootfs /dev/svnd0a /usrffs noauto,ro,noatime,nodev 0 0 /dev/svnd1a /usr/local/sepp ffs noauto,ro,noatime,nodev 0 0 /dev/wd0a/var/firmware ffs rw,noatime,nodev 1 1 /dev/wd0b noneswap sw 0 0 /dev/wd0d /etc/nonvol ffs ro,noatime,nodev 1 1 /dev/wd0e /var/ldap ffs rw,softdep,noatime,nodev 1 1 # /dev/wd0f /var/mailqueue ffs rw,noatime,nodev,softdep 1 1 # /dev/wd0g /var/logffs rw,noatime,nodev 1 1 # swap /tmp mfs rw,nodev,nosuid,noatime,async,-s=50 0 0 # /tmp in rd /dev/wd0m /var/mailstoreffs rw 1 1 [14:05:44] [EMAIL PROTECTED]:/(0)# fdisk wd0 Disk: wd0 geometry: 1007/64/63 [4060224 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] 0: 000 0 0 -0 0 0 [ 0: 0 ] unused 1: 000 0 0 -0 0 0 [ 0: 0 ] unused 2: 000 0 0 -0 0 0 [ 0: 0 ] unused *3: A60 1 1 - 1006 63 63 [ 63: 4060161 ] OpenBSD [14:06:56] [EMAIL PROTECTED]:/(0)# disklabel wd0 # Inside MBR partition 3: type A6 start 63 size 4060161 # /dev/rwd0c: type: ESDI disk: ESDI/IDE disk label: Turbo Industrial flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 4030 total sectors: 4062240 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] a:524160 3120768 4.2BSD 2048 16384 328 # Cyl 3096 - 3615 b:52409763swap # Cyl 0*- 519 c: 4062240 0 unused 0 0 # Cyl 0 - 4029 d:262080524160 4.2BSD 2048 16384 260 # Cyl 520 - 779 e:262080786240 4.2BSD 2048 16384 260 # Cyl 780 - 1039 f: 1048320 1048320 4.2BSD 2048 16384 328 # Cyl 1040 - 2079 g: 1024128 2096640 4.2BSD 2048 16384 328 # Cyl 2080 - 3095 m:409248 3644928 4.2BSD 2048 16384 328 # Cyl 3616 - 4021 [14:08:07] [EMAIL PROTECTED]:/(0)# dd if=/var/firmware/libcrypto_p.a of=/var/mailqueue/foo bs=1024 11844+1 records in 11844+1 records out 12128466 bytes transferred in 16.971 secs (714653 bytes/sec) - Original Message - From: Jan Stary [EMAIL PROTECTED] To: Stefan Klein [EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 9:27 AM Subject: Re: Performance problem with CF card on AMD CS5536 IDE atactl wd0 identify Model: Turbo Industrial CF Card, Rev: YUAN1026, Serial #: F0300134 Device type: ATA, fixed Cylinders: 4030, heads: 16, sec/track: 63, total sectors: 4062240 Device capabilities: IORDY operation IORDY disabling Is this really the _whole_ output of atactl identify? Mine is much longer, actually saying the capabilities ... Yes, on the ARInfotek it actually is longer, stating the capabilities up to ata-5 (but I do not have one here now...) My CF card also shows the capability of 'write cache' - do you have it enabled? Try enabling softdep on un the filesystem, and mount it using async,noatime. Does that speed things up? Well? (I will compare with my output when I get home to my ALIX.) See at bottom. It shows a throughput of about 5M/s. Anyway, if disk speed is a concern for you, then you don't want to e using a CF card in the first place ... Jan # uname -a OpenBSD gw.stare.cz 4.1 GENERIC#0 i386 # dmesg OpenBSD 4.1-stable (GENERIC) #0: Wed Oct 10 15:34:57 CEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 259284992 (253208K) avail mem = 228904960 (223540K) using 3195 buffers containing 13086720 bytes (12780K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 08/21/07, BIOS32 rev. 0 @ 0xfa960 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdfb4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf40/112 (5 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 5 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: no compatible PCI
Re: nptd regression in 4.2
On Fri, Nov 16, 2007 at 04:25:40PM +0100, Henning Brauer wrote: * Toni Mueller [EMAIL PROTECTED] [2007-11-16 12:39]: Hi, On Fri, 16.11.2007 at 11:43:38 +0100, frantisek holop [EMAIL PROTECTED] wrote: i have upgraded to 4.2 and because i am frequently without net access i see the following: at startup time ntpd just hangs indefinitely and must be terminated. yes. ntpd_flags=-s could someone test this before i submit a bug report? I've removed the '-s' flag for this reason, although I would very much prefer to have it in place in the case that I have net access. I don't know whether it would be feasible for ntpd to see whether there's an appropriate route, and whether the relevant interfaces are up. the problem is the dns lookup that blocks the parent process. i have an idea how to solve that, but as usual, short of time. In my test case dns is not the real problem, the dns requests are failing as they should. See the diff I sent earlier. -Otto
Re: Please send email directly to misc@openBSD.org (no cc please)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Weldon Goree Sent: 16 November 2007 08:20 AM To: Piet Slaghekke Cc: misc@openbsd.org Subject: Re: Please send email directly to misc@openBSD.org (no cc please) On Fri, 2007-11-16 at 00:28 -0500, Piet Slaghekke wrote: I like to filter my openBSD emails and the only way I can do it is if everyone send their email with misc@openBSD.org in the To field. Please send email To misc@openBSD.org and do not CC it to this address. Thanks! If only there were mail clients that allowed one to filter on To: or Cc:... I would like the moon to move closer to the Earth please, so I can study it more effectively. Why did the Apollo guys not think of this? Think of the fuel savings!
Re: Does Xenocara requires sets x*42.tgz
On Friday, 16 November 2007 at 10:52:41 +, Edd Barrett wrote: On 16/11/2007, Zoong PHAM [EMAIL PROTECTED] wrote: The reason is the X sets don't have window manager cwm. Where did you get this idea from? It's in the sets. Sorry about the confusion, I missed that. It is really in the X sets. Thanks. Zoong
Re: nptd regression in 4.2
On Fri, Nov 16, 2007 at 01:13:42PM +0100, Otto Moerbeek wrote:
On Fri, Nov 16, 2007 at 12:40:29PM +0100, frantisek holop wrote:
hmm, on Fri, Nov 16, 2007 at 12:30:00PM +0100, Toni Mueller said that
could someone test this before i submit a bug report?
I've removed the '-s' flag for this reason, although I would very much
prefer to have it in place in the case that I have net access. I don't
know whether it would be feasible for ntpd to see whether there's an
appropriate route, and whether the relevant interfaces are up.
it definitely worked in 4.1 even with -s.
It is this commit, which manages to keep the outging buffer full.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/client.c.diff?r1=1.75r2=1.76f=h
Reverting it makes the problem go away.
Still thinking how to solve this.
-Otto
This seems to work for me,
-Otto
Index: client.c
===
RCS file: /cvs/src/usr.sbin/ntpd/client.c,v
retrieving revision 1.76
diff -u -p -r1.76 client.c
--- client.c1 May 2007 07:40:45 - 1.76
+++ client.c16 Nov 2007 12:37:25 -
@@ -123,7 +123,8 @@ client_query(struct ntp_peer *p)
int tos = IPTOS_LOWDELAY;
if (p-addr == NULL client_nextaddr(p) == -1) {
- set_next(p, scale_interval(INTERVAL_QUERY_AGGRESSIVE));
+ set_next(p, MAX(SETTIME_TIMOUT,
+ scale_interval(INTERVAL_QUERY_AGGRESSIVE)));
return (0);
}
@@ -140,8 +141,8 @@ client_query(struct ntp_peer *p)
if (errno == ECONNREFUSED || errno == ENETUNREACH ||
errno == EHOSTUNREACH || errno == EADDRNOTAVAIL) {
client_nextaddr(p);
- set_next(p,
- scale_interval(INTERVAL_QUERY_AGGRESSIVE));
+ set_next(p, MAX(SETTIME_TIMOUT,
+ scale_interval(INTERVAL_QUERY_AGGRESSIVE)));
return (-1);
} else
fatal(client_query connect);
Index: ntpd.c
===
RCS file: /cvs/src/usr.sbin/ntpd/ntpd.c,v
retrieving revision 1.52
diff -u -p -r1.52 ntpd.c
--- ntpd.c 13 Sep 2007 20:34:12 - 1.52
+++ ntpd.c 16 Nov 2007 12:37:25 -
@@ -193,12 +193,24 @@ main(int argc, char *argv[])
fatal(daemon);
}
- if (nfds 0 (pfd[PFD_PIPE].revents POLLOUT))
- if (msgbuf_write(ibuf-w) 0) {
+ if (nfds 0 (pfd[PFD_PIPE].revents POLLOUT)) {
+ int ret;
+
+ if ((ret = msgbuf_write(ibuf-w)) 0) {
log_warn(pipe write error (to child));
quit = 1;
}
-
+ if (ret == 0 lconf.settime) {
+ lconf.settime = 0;
+ timeout = INFTIM;
+ log_init(lconf.debug);
+ log_debug(could not send request, skipping
+ initial time setting);
+ if (!lconf.debug)
+ if (daemon(1, 0))
+ fatal(daemon);
+ }
+ }
if (nfds 0 pfd[PFD_PIPE].revents POLLIN) {
nfds--;
if (dispatch_imsg(lconf) == -1)
Re: Softraid Experimentation
On 16/11/2007, Nick Guenther [EMAIL PROTECTED] wrote: Hijacking the thread a bit: I'll say :P Do all your disks need to be the same size to use softraid? softraid(4) and bioctl(8) do not mention anything about that. I assume so. I could not work out a way of rebuilding inconsistent volumes either, but what I see so far looks very promising compared to raidframe. For what it is worth, here are my tests: http://vext01.blogspot.com/2007/11/playing-with-new-softraid-driver-in.html -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: nptd regression in 4.2
On Fri, Nov 16, 2007 at 12:38:03PM +0100, Otto Moerbeek wrote: On Fri, Nov 16, 2007 at 11:43:38AM +0100, frantisek holop wrote: hi there, i have upgraded to 4.2 and because i am frequently without net access i see the following: at startup time ntpd just hangs indefinitely and must be terminated. /etc/rc.conf.local: ntpd_flags=-s /etc/hostname.rl0: dhcp NONE NONE NONE otherwise a stock 4.2 install. could someone test this before i submit a bug report? -f -- so you think you can tell heaven from hell. I can reproduce. If there's no active network interface, the poll() in main() generates a POLLOUT event (because there's a request to send out), but msgbuf_write() returns 0, so the outgoing request stays in the buffer, causing a loop, because the next poll will generate a POLLOUT event. This analysis is not completely correct (the send acually succeeds). It seems new requests are stuffed into the buffer or so... Are you sure this did not happen before? I'll think about a diff. -Otto
isakmpd: lost vpn connection
I have a problem with ipsec/isakmpd. I have setup about 20 vpn's to various other sites, all using tunnel mode ( active ). All but one are working fine. One connection exhibits the following behaviour: After isakmpd starts, the vpn starts correctly, main and quick mode are successfully negotiated and I can ping or ssh the remote site. I can see the route with netstat -rnf encap and the SA and FLOW corresponding to this vpn in ipsecctl -s output. When I leave the connection idle for some time, the routing entry vanishes, as do the flow and sa in ipsecctl output. When I ping the remote site, I get 'no route to host'. isakmpd does not try to restart the connection: using tcpdump on the external interface I see no packets travelling to the remote site. Here is a trace rom isakmpd.pcap, showing the last packets before the vpn connection fails: 12:34:49.770248 yyy.yyy.96.195.500 xxx.xxx.193.254.500: [udp sum ok] isakmp v1.0 exchange INFO cookie: b10f8a7f26c972af-aaae3029f2561bf8 msgid: c6de5870 len: 92 payload: HASH len: 24 payload: NOTIFICATION len: 32 notification: STATUS_DPD_R_U_THERE seq 2013739885 [ttl 0] (id 1, len 120) 12:34:49.770670 xxx.xxx.193.254.500 yyy.yyy.96.195.500: [udp sum ok] isakmp v1.0 exchange INFO cookie: b10f8a7f26c972af-aaae3029f2561bf8 msgid: 1dd317ee len: 84 payload: HASH len: 24 payload: NOTIFICATION len: 32 notification: STATUS_DPD_R_U_THERE_ACK seq 2013739885 [ttl 0] (id 1, len 112) 12:35:49.811361 yyy.yyy.96.195.500 xxx.xxx.193.254.500: [udp sum ok] isakmp v1.0 exchange INFO cookie: b10f8a7f26c972af-aaae3029f2561bf8 msgid: 5cd1ec2c len: 92 payload: HASH len: 24 payload: NOTIFICATION len: 32 notification: STATUS_DPD_R_U_THERE seq 2013739886 [ttl 0] (id 1, len 120) 12:35:49.811751 xxx.xxx.193.254.500 yyy.yyy.96.195.500: [udp sum ok] isakmp v1.0 exchange INFO cookie: b10f8a7f26c972af-aaae3029f2561bf8 msgid: dedfee25 len: 84 payload: HASH len: 24 payload: NOTIFICATION len: 32 notification: STATUS_DPD_R_U_THERE_ACK seq 2013739886 [ttl 0] (id 1, len 112) 12:36:23.879320 yyy.yyy.96.195.500 xxx.xxx.193.254.500: [udp sum ok] isakmp v1.0 exchange INFO cookie: b10f8a7f26c972af-aaae3029f2561bf8 msgid: b4875e25 len: 76 payload: HASH len: 24 payload: DELETE len: 16 DOI: 1(IPSEC) proto: IPSEC_ESP nspis: 1 SPI: 0x7a08d616 [ttl 0] (id 1, len 104) 12:36:23.891020 yyy.yyy.96.195.500 xxx.xxx.193.254.500: [udp sum ok] isakmp v1.0 exchange INFO cookie: b10f8a7f26c972af-aaae3029f2561bf8 msgid: 1c7e734f len: 92 payload: HASH len: 24 payload: DELETE len: 28 DOI: 1(IPSEC) proto: ISAKMP nspis: 1 cookie: b10f8a7f26c972af-aaae3029f2561bf8 [ttl 0] (id 1, len 120) xxx.xxx is my local external ip address, yyy.yyy is the remote peer. So after a few R_U_THERE exchanges, the remote site deletes the SA ( or at least that is what I think it does ). Consequently, the routing entries on my local machine disappear, as said above. Under normal circumstances, my machine ( isakmpd ) immediately restarts the connection, which completes without problem. But sometimes, id does not. In thiese cases, the above shown messages are the last I see. After killing and restarting isakmpd, the vpn is established without problems. One strange observation I can add. I dumped the isakmpd state with echo S /var/runisakmpd.fifo, I get the following: SA name: VPN-1 (Phase 2) src: xxx.xxx.193.254 dst: aaa.aaa.aaa.aaa Lifetime: 2000 seconds Soft timeout in 1597 seconds Hard timeout in 1803 seconds Lifetime: 20 kilobytes Flags 0x000b SPI 0: 11fd2770 SPI 1: af8ec4b7 Transform: IPsec ESP Encryption key length: 16 Authentication key length: 16 Encryption algorithm: AES-128 (CBC) Authentication algorithm: HMAC-MD5 SA name: VPN-1 (Phase 2) src: 87.234.193.254 dst: bbb.bbb.bbb.bbb Lifetime: 3600 seconds Soft timeout in 911 seconds Hard timeout in 1372 seconds Flags 0x0003 SPI 0: 88cce18f SPI 1: 93baf3e0 Transform: IPsec ESP Encryption key length: 24 Authentication key length: 20 Encryption algorithm: 3DES Authentication algorithm: HMAC-SHA1 I find no phase 1 entry for VPN-1, but two phase 2 entries, and both have destination address ( aaa.aaa.aaa.aaa and bbb.bbb.bbb.bbb ) which have nothing to do with the peer address of VPN-1. These to addresses are the peer addresses of two of my other vpns. My policy file is just default, my openBSD is 4.1. Presumeably this is a configuration error, but I have no idea what to look for. Thanks Christoph
Re: Please send email directly to misc@openBSD.org (no cc please)
(-:
Ok, Ok I love the responses to this request and I get the point (-:
Not such a good request.
I have listed the responses here (-: (note: classifications are the
sole opinion of this writer and may or may not be shared by others)
thanks everyone for the help on the removing a list users questions,
I greatly appreciate it! (-:
Helpful (thanks Han Tonnere!)
I've been struggling with this as well, and you really can't ask all
those people to comply with your wishes.
You should use a mailfilter, for example like this with maildrop:
R='/home/han/Mail'
# Drop all messages to misc@ in their own specific mailbox.
if (/^Sender:[EMAIL PROTECTED]/)
to $R/openbsd-misc
# You don't want to miss you are CC-ed after all. You just don't # want
them in your maildir.
if ( /^(Cc|To).*(openbsd|misc|tech|bugs|gnats|source-changes)@/)
{
to $R/cc
}
# This line is for all the mail that passed the filter to $R/Maildir
# Han
What about fixing your filter instead? If you use e.g. procmail, you
just need to use the TO spec.
Tonnerre
Funny
I would like the moon to move closer to the Earth please, so I can
study it more effectively. Why did the Apollo guys not think of this?
Think of the fuel savings!
Friendly and inviting (-: (Sorry about that, I didn't mean to offend
you Nick, I have by no means tried to come over as a mail list etiquette
expert, just trying to get my needs met, but you are right this may have
been offensive to others)
wow. You ask one novice question and you become an expert on mail list
etiquette? You have the nerve to dictate how people help you for free?
You can't imagine how offensive that is.
I've got a really interesting idea for a filter...
Nick.
Can people please only mail stuff to misc that I'm interested in?
Doh.
Re: nptd regression in 4.2
Otto Moerbeek wrote: On Fri, Nov 16, 2007 at 11:43:38AM +0100, frantisek holop wrote: i have upgraded to 4.2 and because i am frequently without net access i see the following: at startup time ntpd just hangs indefinitely and must be terminated. Are you sure this did not happen before? I'm quite certain that this issue has indeed existed for a while now, though I cannot say since when exactly. Has beaten me a few times, for example when using a local nameserver in dhclient.conf (supersede domain-name-server 127.0.0.1), but forgetting to enable named in rc.conf.local... For now, I'm using rdate (for the big leap) + ntpd. /Alexander
Re: Performance problem with CF card on AMD CS5536 IDE
On 2007/11/16 14:10, Stefan Klein wrote: Sorry for the delay, I overlooked your reply If I use exactly the same commands / mount options as you I get less than 1MB/s I know that I cannot expect a good performance with the CF card, but 5MB/s would just be fine :-) You can expect very good performance in some circumstances (e.g. random reads). What else can I try? A different card .. I just tried with two different random cards from my desk, one is 3x the speed of the other. It's not a CF, but by far the slowest flash device I have is an industrial DOM. Really painfully slow - untarring baseXX.tgz takes getting on for an hour. You might do better with consumer cards ..
Re: nptd regression in 4.2
hmm, on Fri, Nov 16, 2007 at 12:30:00PM +0100, Toni Mueller said that could someone test this before i submit a bug report? I've removed the '-s' flag for this reason, although I would very much prefer to have it in place in the case that I have net access. I don't know whether it would be feasible for ntpd to see whether there's an appropriate route, and whether the relevant interfaces are up. it definitely worked in 4.1 even with -s. -f -- so crowded in here, i must go outside to change my mind!
Re: Please send email directly to misc@openBSD.org (no cc please)
Piet Slaghekke wrote: I like to filter my openBSD emails and the only way I can do it is if everyone send their email with misc@openBSD.org in the To field. Please send email To misc@openBSD.org and do not CC it to this address. Thanks! wow. You ask one novice question and you become an expert on mail list etiquette? You have the nerve to dictate how people help you for free? You can't imagine how offensive that is. I've got a really interesting idea for a filter... Nick.
Re: Please send email directly to misc@openBSD.org (no cc please)
Piet Slaghekke wrote:
I like to filter my openBSD emails and the only way I can do it
is if everyone send their email with misc@openBSD.org in the
To field.
Please send email To misc@openBSD.org and do not CC it to this
address.
Thanks!
I've been struggeling with this as well, and you really can't ask
all those people to comply with your wishes.
You should use a mailfilter, for example like this with maildrop:
R='/home/han/Mail'
# Drop all messages to misc@ in their own specific mailbox.
if (/^Sender:[EMAIL PROTECTED]/)
to $R/openbsd-misc
# You don't want to miss you are CC-ed after all. You just don't
# want them in your maildir.
if ( /^(Cc|To).*(openbsd|misc|tech|bugs|gnats|source-changes)@/)
{
to $R/cc
}
# This line is for all the mail that passed the filter
to $R/Maildir
# Han
Re: Please send email directly to misc@openBSD.org (no cc please)
On Fri, 2007-11-16 at 00:28 -0500, Piet Slaghekke wrote: I like to filter my openBSD emails and the only way I can do it is if everyone send their email with misc@openBSD.org in the To field. Please send email To misc@openBSD.org and do not CC it to this address. Thanks! If only there were mail clients that allowed one to filter on To: or Cc:...
Re: Softraid Experimentation
On Fri, Nov 16, 2007 at 11:01:13AM -0500, Nick Guenther wrote: On 11/16/07, Edd Barrett [EMAIL PROTECTED] wrote: Hi there, I am playing with softraid. So far it seems very good. Hijacking the thread a bit: Do all your disks need to be the same size to use softraid? softraid(4) and bioctl(8) do not mention anything about that. No you don't. Softraid will complain about asymmetric disks on creation time but it does not limit the user in any way. -Nick
Re: Softraid Experimentation
On 11/16/07, Edd Barrett [EMAIL PROTECTED] wrote: Hi there, I am playing with softraid. So far it seems very good. Hijacking the thread a bit: Do all your disks need to be the same size to use softraid? softraid(4) and bioctl(8) do not mention anything about that. -Nick
Re: Softraid Experimentation
On Fri, Nov 16, 2007 at 04:45:04PM +, Edd Barrett wrote: On 16/11/2007, Nick Guenther [EMAIL PROTECTED] wrote: Hijacking the thread a bit: I'll say :P Do all your disks need to be the same size to use softraid? softraid(4) and bioctl(8) do not mention anything about that. I assume so. I could not work out a way of rebuilding inconsistent volumes either, but what I see so far looks very promising compared to raidframe. For what it is worth, here are my tests: http://vext01.blogspot.com/2007/11/playing-with-new-softraid-driver-in.html Neat but I think your expectations of RAID are slightly off. When you corrupt the disk from underneath softraid it can not detect that at runtime. The only hope you have is that the metadata got corrupt so that at least you get warned that something went severely wrong. You did find a bug; that is removing the disk and rebooting it and then reinserting it. I am not sure how you did it but it should have complained that your raid set is only partially there. Can you elaborate on you actual steps and describe what remove means? -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: Helping with Softraid testing
I'll take this as the documentation isn't good enough. Can you point me to the area that isn't clear? On Fri, Nov 16, 2007 at 11:29:20AM -0700, Chris Cameron wrote: I'm in a good position to test Softraid on an AMD and an UltraSPARC, however I've realized I don't know a lot about it (what -exactly- it's working to accomplish, and commands to use). Is there an overview of Softraid to get me started so I can be of some use? Chris
Re: Helping with Softraid testing
On 11/16/07, Chris Cameron [EMAIL PROTECTED] wrote: I'm in a good position to test Softraid on an AMD and an UltraSPARC, however I've realized I don't know a lot about it (what -exactly- it's working to accomplish, and commands to use). Is there an overview of Softraid to get me started so I can be of some use? RAID lets you cat disks together in a variety of ways: for redundancy, for extending the sizes, c. softraid is a new feature just released in 4.2 that supports on of these ways: 'mirroring'. Mirroring writes every piece of data to multiple disks, so that if any of them fail the data is not lost, and the disk can be replaced more or less transparently. You'll need to get a bunch of harddrives of different and the same sizes, and plug them all in. Then follow the instructions here: http://www.openbsd.org/cgi-bin/man.cgi?query=softraidsektion=4 It would help to read this too: http://www.openbsd.org/cgi-bin/man.cgi?query=bioctlsektion=8 -Nick
Re: Please send email directly to misc@openBSD.org (no cc please)
(-:
OK, OK, I love the responses to this request and I get the point (-: Not
such a good request.
I have listed the responses here (-: *(note: classifications are the sole
opinion of this writer and may or may not be shared by others)*
**
*thanks everyone for the help on the **removing a list users questions,
I greatly appreciate it! (-:*
*Helpful (thanks Han Tonnere!)*
I've been struggling with this as well, and you really can't ask all those
people to comply with your wishes.
You should use a mailfilter, for example like this with maildrop:
R='/home/han/Mail'
# Drop all messages to misc@ in their own specific mailbox.
if (/^Sender:[EMAIL PROTECTED]/)
to $R/openbsd-misc
# You don't want to miss you are CC-ed after all. You just don't # want them
in your maildir.
if ( /^(Cc|To).*(openbsd|misc|tech|bugs|gnats|source-changes)@/)
{
to $R/cc
}
# This line is for all the mail that passed the filter to $R/Maildir
# Han
What about fixing your filter instead? If you use e.g. procmail, you just
need to use the TO spec.
Tonnerre
*Funny*
I would like the moon to move closer to the Earth please, so I can study it
more effectively. Why did the Apollo guys not think of this? Think of the
fuel savings!
*Friendly and inviting* (-: (Sorry about that, I didn't mean to offend you
Nick, I have by no means tried to come over as a mail list etiquette expert,
just trying to get my needs met, but you are right this may have been
offensive to others)
wow. You ask one novice question and you become an expert on mail list
etiquette? You have the nerve to dictate how people help you for free?
You can't imagine how offensive that is.
I've got a really interesting idea for a filter...
Nick.
Can people please only mail stuff to misc that I'm interested in?
Doh.
securing OpenBSD wireless network
Hi gang, So I'm setting up my first wireless network for a small business with OpenBSD acting as internet gateway. I am familiar with OpenBSD as gateway but not in the wireless context. I picked myself up a card that the docs say is supported (Linksys WMP54G) and will be installing 4.2 from my CD this evening. At this point I'm asking myself the obvious question. How do I secure my network? I see the authpf is used a lot but is there anything else I can do? What of VPN? If so, what implementation? My client stations will be Ubuntu Linux. Thank you in advance to any responders, // juan Get a sneak peak at messages with a handy reading pane with All new Yahoo! Mail: http://mail.yahoo.ca
Re: removing a list of users
On Nov 16, 2007 2:14 AM, Darrin Chandler [EMAIL PROTECTED] wrote: On Thu, Nov 15, 2007 at 09:23:45PM +0100, Andreas Andersson wrote: -BEGIN PGP MESSAGE- Charset: ISO-8859-1 Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org hQIOA3JHLODoc6ABEAf/QtOL5xonPKEmfNLk5P5Th+BOAceBZJ1VsTcjk2t5BA7y lJic+p5m+/2Ej7BlX8Fwxsa0U+9KxAMf2ifkE3XBPVp2Zi2Ulp8Ja1UAE/ft0+0w Lleyp+2u21EfZ3LR2C6xX5tUL86JOPojLSH/RJf2KU9YyWUcK6od26ji8iYbAho9 z/R0GCNCTUE89utikHfi2NO+O/25p7D1iglRXEAr9Ro/guJ1ZdJqr5bAoN95gmZy ygusJmrl7cDSZTsBIc+j5idi3zMg2ezyiOo7VgYx/EtRdJkAhv5qyYg/7FJYx+2g vu6C6H92z2Vc/WIHfhe3ARCkilQzL+mI/Ra+p3rzZggAt3O1ok1isDp+w/LTGHsg Iywb7soZstvOBTmUsTUsnksL9mzjEIxU2lIffxcOdClythzs2h/OUNJK8XzTCmai gwH9TNk4iH7lzoRVEIVXvBStAQEZSDQ6uCQ2+OWEEuIsqPYujkS7FT/ZVSE8qMk5 Giszbq3b81KRg/a4U+QPZswK8cIYKcClZ0lmcA0vp32uWZfN/b+TC6yGEcmzcfsc i1IiZwskexV9w6rASfattZ85qA0HCfuUaal1Bj6EjPyD4L9SNLg6Skqbd0KAV92S LGW9c9/7lWqzKe+39xwX4a92Xvj4bCMCSjqHOTXRkUiNrulFwSWnjOOqDcf9zStp HdLpAW8yo2KlkvZSvMlRmo/bXha3qkJQY/Nh0UT6lo2WJa7UcipQryuQFBWQH0sR ygN7WWKZHvyiq3jIh8M7u1UZkQqqDyMq1QuOQ5HmJECvq5hr9b4rvXRb4a20PiqS OobkHha1noscHRPItJbBkCg0z47OZoPa7aKw+CcnQ9LjHZsTaG+Xu8aTkiyHGQ8h VlG9kiMfmDWGOyLcebRJuSWO1yc+sZHQXVsESs/DnsxTQMJBHfAj65kMpt1EIsx8 MZMDx3AeswIsFpMaPPkfGqlr3HoZ5FyCJufg6dMtz7hAZpFB3oPG1kPTitPjWypY 3NbF0kBpsoKlqm6jv4Dm6uHPqrLklvzSNnftqA6QnrVKcJq8DL+cLogQt7SI5gcZ u7gYIfYIGDPsEc/gkdcOiXDFzZal7lU8nWQ9w+Z66wBvwvQlPU/orhSdxkWgRUwH K6JEug6kpaJAhzYlW/zYK1HAtU7hTWOeajGl1//zmwbVe1tmQJdIAzrlqg+X4oLL 9tH5wVsB22z703KaL+q7Ex9SedD1A8xIjdNRqxoWkwvFhsc89yCF7d/CkzpklV2M gdV5jvm1+MbKMaeUG7Vnyn78WCQom/tkWRrCXUFzr5ivmZy47hW8oMAhdvzAyVn6 V8sGO7Epp6qVrAxyTQdj4Z+kFiyEs6jvpS/ILnbl2oBIrs0fVdtUH3/ZXqXGngT4 pwRKkuBpSUA6FlkBzlYR/nsMdA== =OoOR -END PGP MESSAGE- Yes, except you should HRPItJbBkCg0z47OZoPa7aKA== also. hahaha That was the best one this year :-) I just got out of a 1 week long depression I was in :- lol --Siju
IPsec and 4.2
Hi all, I try since a few days to setting up IPsec for my wireless network. The internet gateway has a ral(4) device : [EMAIL PROTECTED]: ~ $ ifconfig ral0 ral0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:18:f8:a5:f3:34 description: WLAN Link groups: wlan media: IEEE802.11 autoselect hostap (autoselect mode 11b hostap) status: active ieee80211: nwid NUFNUFNUF chan 11 bssid 00:18:f8:a5:f3:34 100dBm inet6 fe80::218:f8ff:fea5:f334%ral0 prefixlen 64 scopeid 0x4 inet 192.168.4.1 netmask 0xff00 broadcast 192.168.4.255 In /etc/ipsec.conf I have : ike from any to 192.168.4.10 psk test I start isakmpd and I load rules with ipsecctl : [EMAIL PROTECTED]: ~ $ sudo isakmpd -K [EMAIL PROTECTED] : ~ $ sudo ipsecctl -vf /etc/ipsec.conf C set [Phase 1]:192.168.4.10=peer-192.168.4.10 force C set [peer-192.168.4.10]:Phase=1 force C set [peer-192.168.4.10]:Address=192.168.4.10 force C set [peer-192.168.4.10]:Authentication=test force C set [peer-192.168.4.10]:Configuration=mm-192.168.4.10 force C set [mm-192.168.4.10]:EXCHANGE_TYPE=ID_PROT force C add [mm-192.168.4.10]:Transforms=AES-SHA force C set [IPsec-0.0.0.0/0-192.168.4.10]:Phase=2 force C set [IPsec-0.0.0.0/0-192.168.4.10]:ISAKMP-peer=peer-192.168.4.10 force C set [IPsec-0.0.0.0 /0-192.168.4.10]:Configuration=qm-0.0.0.0/0- 192.168.4.10 force C set [IPsec-0.0.0.0/0-192.168.4.10]:Local-ID=lid-0.0.0.0 /0 force C set [IPsec-0.0.0.0/0-192.168.4.10]:Remote-ID=rid-192.168.4.10 force C set [qm-0.0.0.0/0-192.168.4.10]:EXCHANGE_TYPE=QUICK_MODE force C set [qm-0.0.0.0/0-192.168.4.10]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force C set [lid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force C set [lid-0.0.0.0/0]:Network= 0.0.0.0 force C set [lid-0.0.0.0/0]:Netmask=0.0.0.0 force C set [rid-192.168.4.10]:ID-type=IPV4_ADDR force C set [rid-192.168.4.10]:Address=192.168.4.10 force C add [Phase 2]:Connections=IPsec-0.0.0.0/0-192.168.4.10 On the other side, my laptop has an iwi device. IPsec is configured that way : ike from any to any peer 192.168.4.1 psk test I start IPsec the same way than the gateway : [EMAIL PROTECTED]: ~ $ sudo isakmpd -K [EMAIL PROTECTED]: ~ $ sudo ipsecctl -vf /etc/pf.conf C set [Phase 1]: 192.168.4.1=peer-192.168.4.1 force C set [peer-192.168.4.1]:Phase=1 force C set [peer-192.168.4.1]:Address=192.168.4.1 force C set [peer-192.168.4.1]:Authentication=test force C set [peer-192.168.4.1]:Configuration=mm-192.168.4.1 force C set [mm-192.168.4.1]:EXCHANGE_TYPE=ID_PROT force C add [mm-192.168.4.1]:Transforms=AES-SHA force C set [IPsec-0.0.0.0/0- 0.0.0.0/0]:Phase=2 http://0.0.0.0/0%5D:Phase=2force C set [IPsec-0.0.0.0/0-0.0.0.0/0]:ISAKMP-peer=peer-192.168.4.1http://0.0.0.0/0%5D:ISAKMP-peer=peer-192.168.4.1force C set [IPsec-0.0.0.0/0- 0.0.0.0/0]:Configuration=qm-0.0.0.0/0-0.0.0.0/0http://0.0.0.0/0%5D:Configuration=qm-0.0.0.0/0-0.0.0.0/0force C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Local-ID=lid-0.0.0.0/0http://0.0.0.0/0%5D:Local-ID=lid-0.0.0.0/0force C set [IPsec-0.0.0.0/0- 0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0http://0.0.0.0/0%5D:Remote-ID=rid-0.0.0.0/0force C set [qm-0.0.0.0/0-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODEhttp://0.0.0.0/0%5D:EXCHANGE_TYPE=QUICK_MODEforce C set [qm-0.0.0.0/0- 0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITEhttp://0.0.0.0/0%5D:Suites=QM-ESP-AES-SHA2-256-PFS-SUITEforce C set [lid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force C set [lid-0.0.0.0/0]:Network=0.0.0.0 force C set [lid-0.0.0.0/0]:Netmask= 0.0.0.0 force C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force C set [rid-0.0.0.0/0]:Network=0.0.0.0 force C set [rid-0.0.0.0/0]:Netmask= 0.0.0.0 force C add [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0 C set [Phase 1]:192.168.4.1=peer-192.168.4.1 force C set [peer-192.168.4.1]:Phase=1 force C set [peer-192.168.4.1 ]:Address=192.168.4.1 force C set [peer-192.168.4.1]:Authentication=test force C set [peer-192.168.4.1]:Configuration=mm-192.168.4.1 force C set [mm-192.168.4.1]:EXCHANGE_TYPE=ID_PROT force C add [mm-192.168.4.1]:Transforms=AES-SHA force C set [IPsec-::/0-::/0]:Phase=2 force C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-192.168.4.1 force C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force C set [lid-::/0]:Network=:: force C set [lid-::/0]:Netmask=:: force C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force C set [rid-::/0]:Network=:: force C set [rid-::/0]:Netmask=:: force C add [Phase 2]:Connections=IPsec-::/0-::/0 [EMAIL PROTECTED]: ~ $ sudo ipsecctl -sa FLOWS: flow esp in from 0.0.0.0/0 to 0.0.0.0/0 peer 192.168.4.1 srcid 192.168.4.10/32 dstid 192.168.4.1/32 type use flow esp out from 0.0.0.0/0 to 0.0.0.0/0 peer 192.168.4.1 srcid 192.168.4.10/32 dstid 192.168.4.1/32 type require SAD: esp tunnel from
Re: Softraid Experimentation
On Fri, Nov 16, 2007 at 10:42:11AM +, Edd Barrett wrote: Hi there, I am playing with softraid. So far it seems very good. I have a 3 disk volume. If I remove one disk from the machine and boot it up, this is the result: ---8--- # dmesg | grep softraid0 softraid0 at root softraid0: not assembling partial disk that used to be volume 0 # bioctl softraid0 # ---8--- Is this correct behavior or is that part not implemented yet? Ideally the volume should continue to function but in some degraded state? Is that right? This is a feature I have not implemented yet. It is part of the rebuild strategy that I am working out. Surprisingly this is one of the hardest issues in the stack. Thanks -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: Using CBQ with variable upload bandwidth
I have to agree with Girish. Take some time and find out the average bandwidth for your link. Then set the higher priority users a higher percentage of the total amount than the other users. You could also use a script. If you know what the current upload bandwidth amount is then you could vary the altq on $ExtIf bandwidth 744Kb line to reflect this. If the rest of the queues are setup to use a percentage of the primary bandwidth amount then every thing will fall into line. Lastly, refresh pf for the new settings to take effect. Reference: http://calomel.org/pf_hfsc.html -- Calomel @ http://calomel.org Open Source Research and Reference On Fri, Nov 16, 2007 at 12:15:29PM +0530, Girish Venkatachalam wrote: On 08:00:08 Nov 16, Jonathan Stewart wrote: I though about doing something like that but the usable upload is so variable that 60% could completely knock the normal_folk off when it gets congested. I have 256kbit up right now and get anywhere from as low as 64kbit to 160kbit+ actual throughput depending on how busy the system is. If PF had a weighted round robin queuing system that would be almost perfect because then it would scale with the amount of bandwidth available. Ideally something that says if one queue has priority 5 and another 3 for every 5 packets sent from the first one 3 are sent from the other, unless there is something wrong with that I'm missing (other than increased jitter.) What is stopping you from using the priority field with HFSC? And why don't you determine the average uplink bandwidth statistically? If you measure it for a week or so and mark out the variance and figure out the standard deviation or some such thing...then you can do what you want. From my experience with ADSL links I find that there is usually not much variance in the uplink path. Is my reasoning correct? regards, Girish
Helping with Softraid testing
I'm in a good position to test Softraid on an AMD and an UltraSPARC, however I've realized I don't know a lot about it (what -exactly- it's working to accomplish, and commands to use). Is there an overview of Softraid to get me started so I can be of some use? Chris
Re: Excess interrupts using ALTQ
Fernando,
Doing a quick google search I see other people have also reported problems
with the on board Broadcom BCM5708 on the dells. Can you try another
network card like the Intel Pro/1000 MT (OpenBSD interface name: em0) ?
My place of business transfers an average of 450Mbit with OpenBSD 4.1/4.2
with ALTQ (HFSC) without issue. CPU usage for the interrupts are around 33%
on a amd64 2.2GHz.
--
Calomel @ http://calomel.org
Open Source Research and Reference
On Mon, Nov 12, 2007 at 02:05:54PM -0300, Fernando Braga wrote:
Hi,
I've setup a bridge over a 200Mb link, and everytime I turn ALTQ on,
top shows interrupts at 99.2%. If I flush queue (pfctl -Fq), interrupt
usage drop to 35% instantly. I've also noticed that only cpu0 is able
to handle interrupts.
Is there a way to minimize interrupts usage in this configuration ?
My pf.conf is:
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
ext_if=bnx0
int_if=bnx1
table network-int persist { 200.254.131.128/25 }
table redes-biz persist file /etc/pf.biz
set skip on lo
set limit states 75
scrub in
altq on $int_if bandwidth 1000Mb hfsc queue { local, embratel }
altq on $ext_if bandwidth 1000Mb hfsc queue { local, embratel }
queue local bandwidth 100Mb hfsc
queue embratel bandwidth 200Mb hfsc(ecn realtime 200Mb upperlimit
200Mb )\
{ Q-pri Q-icmp Q-vpn Q-biz Q-mail Q-http Q-ftp Q-def }
queue Q-pri bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb
upperlimit 180Mb) priority 7
queue Q-icmp bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb
upperlimit 30Mb) priority 7
queue Q-vpn bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb
upperlimit 180Mb) priority 6
queue Q-biz bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb
upperlimit 180Mb) priority 6
queue Q-mail bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb
upperlimit 180Mb) priority 4
queue Q-http bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb
upperlimit 180Mb) priority 4
queue Q-ftp bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb
upperlimit 180Mb) priority 4
queue Q-def bandwidth 25Mb hfsc(defaultlinkshare 25Mb
upperlimit 128Mb) priority 0
block in log
pass out
antispoof quick for { lo $ext_if }
pass in quick on lo0 no state
## Regras de merovingio -- bridge
pass in on $ext_if proto tcp to ($ext_if) port ssh queue(local)
pass in on $int_if
queue(Q-def Q-pri) label int-DEFA
pass in on $int_if proto icmp
queue(Q-icmp ) label int-ICMP
pass in on $int_if proto gre
queue(Q-vpn ) label int-VPN-gre
pass in on $int_if proto esp
queue(Q-vpn ) label int-VPN-esp
pass in on $int_if proto ah
queue(Q-vpn ) label int-VPN-ah
pass in on $int_if proto l2tp
queue(Q-vpn ) label int-VPN-l2tp
pass in on $int_if proto { tcp udp } to port { 500 4500 }
queue(Q-vpn ) label int-VPN-ipsec
pass in on $int_if proto { tcp udp } to port { pptp }
queue(Q-vpn ) label int-VPN-pptp
pass in on $int_if proto tcp to port { snmp }
queue(Q-icmp Q-pri) label int-ICMP-snmp
pass in on $int_if proto tcp to port { www}
queue(Q-http Q-pri) label int-HTTP
pass in on $int_if proto tcp to port { https }
queue(Q-biz Q-pri) label int-BIZZ-https
pass in on $int_if proto { tcp udp } to port { domain ntp } queue(
Q-pri) label int-PRII
pass in on $int_if to redes-biz
queue(Q-biz Q-pri) label int-BIZZ-redes
pass in on $int_if proto tcp to port { smtp pop3 imap 465 995 }
queue(Q-mail q-pri) label int-MAIL
pass in on $ext_if
queue(Q-def Q-pri) label ext-DEFA
pass in on $ext_if proto icmp
queue(Q-icmp ) label ext-ICMP
pass in on $ext_if proto gre
queue(Q-vpn ) label ext-VPN-gre
pass in on $ext_if proto esp
queue(Q-vpn ) label ext-VPN-esp
pass in on $ext_if proto ah
queue(Q-vpn ) label ext-VPN-ah
pass in on $ext_if proto l2tp
queue(Q-vpn ) label ext-VPN-l2tp
pass in on $ext_if proto { tcp udp } to port { 500 4500 }
queue(Q-vpn ) label ext-VPN-ipsec
pass in on $ext_if proto { tcp udp } to port { pptp }
queue(Q-vpn ) label ext-VPN-pptp
pass in on $ext_if proto tcp to port { snmp }
queue(Q-icmp Q-pri) label ext-ICMP-snmp
pass in on $ext_if proto tcp to port { www}
queue(Q-http Q-pri) label ext-HTTP
pass in on $ext_if proto tcp to port { https }
queue(Q-biz Q-pri) label ext-BIZZ-https
pass in on $ext_if proto { tcp udp } to port { domain ntp } queue(
Q-pri) label ext-PRII
pass in on $ext_if from redes-biz
queue(Q-biz Q-pri) label ext-BIZZ-https
pass in on $ext_if proto tcp to port { smtp pop3 imap 465 995 }
queue(Q-mail q-pri) label ext-MAIL
dmesg follows:
OpenBSD 4.2 (GENERIC.MP) #1378: Tue Aug 28 10:48:58 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3488907264 (3327MB)
avail mem = 3373899776 (3217MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xcffbc000 (62 entries)
bios0: vendor Dell Inc. version 1.3.7 date 03/26/2007
bios0:
Re: Slow Performance on Encrypted svnd
instead of pondering problems with using the whole disk, you could just use svnd with a file.
Re: Performance problem with CF card on AMD CS5536 IDE
I have a SanDisk Extreme III 2GB (at least I think it's III) in my Soekris net5501 : [EMAIL PROTECTED] $ dd if=/dev/zero of=nulls bs=65536 count=1600 1600+0 records in 1600+0 records out 104857600 bytes transferred in 8.604 secs (12186647 bytes/sec) [EMAIL PROTECTED] $ dd if=nulls of=/dev/null bs=65536 1600+0 records in 1600+0 records out 104857600 bytes transferred in 9.118 secs (11499110 bytes/sec) [EMAIL PROTECTED] $ dmesg | grep SanDisk wd0 at pciide0 channel 0 drive 0: SanDisk SDCFX3-2048 [EMAIL PROTECTED] $ uname -a OpenBSD tuna.zrh.weirdnet.ch 4.2 GENERIC#452 i386 [EMAIL PROTECTED] $ sysctl hw hw.machine=i386 hw.model=Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) hw.ncpu=1 ... It's pretty fast, especially considering it's CF on not the worlds fastest machine. Cheers, Paul 'WEiRD' de Weerd On Fri, Nov 16, 2007 at 04:02:32PM +, Christian Weisgerber wrote: | Stefan Klein [EMAIL PROTECTED] wrote: | | If I use exactly the same commands / mount options as you I get less than | 1MB/s | | I know that I cannot expect a good performance with the CF card, but 5MB/s | would just be fine :-) | | I've started playing with a CF in a bigger machine, and the results | are rather disappointing. | | wd1 at pciide2 channel 0 drive 0: TRANSCEND | wd1: 1-sector PIO, LBA, 7775MB, 15924384 sectors | wd1(pciide2:0:0): using PIO mode 4, Ultra-DMA mode 4 | | This is a new 266x CF. Write performance is in the 200..300 kB/s | range. It takes six hours or so to copy the OpenBSD CVS repository | on that drive. Sequential read performance tops out at about | 2300 kB/s. Random access read throughput--running CVS checkouts | in parallel, local and NFS--ends at ~1750 kB/s. | | Interestingly, the older and supposedly slower CF in my Soekris 5501 | | wd0 at pciide0 channel 0 drive 0: SanDisk SDCFH-1024 | wd0: 4-sector PIO, LBA, 977MB, 2001888 sectors | wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 | | reads sequentially at just short of 5 MB/s. | | I suspect the main performance factor to be the N-sector capability. | The Transcend generates an interrupt for each 512-byte sector (which | eats a ridiculous share of CPU on my Opteron box), the SanDisk a | fourth of that. | | IIRC, the SanDisk above is from their Ultra II line. I wonder | how the newer Extreme III and Extreme IV perform. | | -- | Christian naddy Weisgerber [EMAIL PROTECTED] | -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: Softraid Experimentation
On 11/16/07, Marco Peereboom [EMAIL PROTECTED] wrote: On Fri, Nov 16, 2007 at 11:01:13AM -0500, Nick Guenther wrote: Hijacking the thread a bit: Do all your disks need to be the same size to use softraid? softraid(4) and bioctl(8) do not mention anything about that. No you don't. Softraid will complain about asymmetric disks on creation time but it does not limit the user in any way. So what happens in that case? If data is written to the end of the larger disk, is it just silently not mirrored on the smaller? -Nick
Re: Performance problem with CF card on AMD CS5536 IDE
IIRC, the SanDisk above is from their Ultra II line. I wonder how the newer Extreme III and Extreme IV perform. In my reply to Stefan, it's a SanDisk Extreme III (2GB). Jan
Re: Ion3 port is obsolete
Who is talking about using windows apps? I just said I ported it work in cygwin so that I don't have to use windows at work. GNU userland beats even MS cli commands. why cygwin not uwin or sfu?? cygwin is such a poor performer _ Get free emoticon packs and customisation from Windows Live. http://www.pimpmylive.co.uk
Re: Softraid Experimentation
Oh I guess I should elaborate on that :-) What happens is that the larger disks gets coerced into a smaller size. So you lose the excess capacity at the end of the disk. I am actually working on a raid concat that you can use to claim all unused space and make it into a larger disk but my first priority is getting softraid up to snuff so that we can get it enabled. When that happens we can move forward with new raid types and other neat features. On Fri, Nov 16, 2007 at 01:34:57PM -0500, Nick Guenther wrote: On 11/16/07, Marco Peereboom [EMAIL PROTECTED] wrote: On Fri, Nov 16, 2007 at 11:01:13AM -0500, Nick Guenther wrote: Hijacking the thread a bit: Do all your disks need to be the same size to use softraid? softraid(4) and bioctl(8) do not mention anything about that. No you don't. Softraid will complain about asymmetric disks on creation time but it does not limit the user in any way. So what happens in that case? If data is written to the end of the larger disk, is it just silently not mirrored on the smaller? -Nick
Re: Performance problem with CF card on AMD CS5536 IDE
On Nov 16 20:07:16, Paul de Weerd wrote: I have a SanDisk Extreme III 2GB (at least I think it's III) in my Soekris net5501 : [EMAIL PROTECTED] $ dd if=/dev/zero of=nulls bs=65536 count=1600 1600+0 records in 1600+0 records out 104857600 bytes transferred in 8.604 secs (12186647 bytes/sec) [EMAIL PROTECTED] $ dd if=nulls of=/dev/null bs=65536 1600+0 records in 1600+0 records out 104857600 bytes transferred in 9.118 secs (11499110 bytes/sec) [EMAIL PROTECTED] $ dmesg | grep SanDisk wd0 at pciide0 channel 0 drive 0: SanDisk SDCFX3-2048 [EMAIL PROTECTED] $ uname -a OpenBSD tuna.zrh.weirdnet.ch 4.2 GENERIC#452 i386 [EMAIL PROTECTED] $ sysctl hw hw.machine=i386 hw.model=Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) hw.ncpu=1 On Nov 16 20:16:57, Jan Stary wrote: IIRC, the SanDisk above is from their Ultra II line. I wonder how the newer Extreme III and Extreme IV perform. In my reply to Stefan, it's a SanDisk Extreme III (2GB). ... and here it is running the same commands as Paul, on an ALIX.1C Jan $ dd if=/dev/zero of=nulls bs=65536 count=1600 1600+0 records in 1600+0 records out 104857600 bytes transferred in 7.678 secs (13655702 bytes/sec) $ dd if=nulls of=/dev/null bs=65536 1600+0 records in 1600+0 records out 104857600 bytes transferred in 11.862 secs (8839294 bytes/sec) $ dd if=nulls of=/dev/null bs=65536 1600+0 records in 1600+0 records out 104857600 bytes transferred in 11.596 secs (9042519 bytes/sec) $ dd if=nulls of=/dev/null bs=65536 1600+0 records in 1600+0 records out 104857600 bytes transferred in 11.443 secs (9162770 bytes/sec) $ uname -a OpenBSD gw.stare.cz 4.1 GENERIC#0 i386 $ sysctl hw hw.machine=i386 hw.model=Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) hw.ncpu=1 hw.byteorder=1234 hw.physmem=259284992 hw.usermem=259280896 hw.pagesize=4096 hw.disknames=wd0 hw.diskcount=1 ...
Re: Slow Performance on Encrypted svnd
On Nov 16, 2007 12:36 AM, Clint Pachl [EMAIL PROTECTED] wrote: Nonetheless, the bonnie++ results may provide some insight to the problem for an experienced guru. What I found interesting is that the CPU usage is really low for writes and rewrites when svnd is backed by the whole disk. This is also the slowest configuration. Generally speaking this would mean that the CPU is waiting on I/O completion instead of doing actual work. Maybe I should run an OpenBSD in a WMare and see what's wrong... (that is if I weren't so lazy ^^)
Re: Softraid Experimentation
On 16/11/2007, Marco Peereboom [EMAIL PROTECTED] wrote: You did find a bug; that is removing the disk and rebooting it and then reinserting it. I am not sure how you did it but it should have complained that your raid set is only partially there. Can you elaborate on you actual steps and describe what remove means? Well I did this in qemu, so I just halted the VM and booted it again with one disk absent. This should be the same as physically detaching the disk in a real system. Does this help? Thanks for the great work. I'll be around to test if I am needed. -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: Helping with Softraid testing
I thought the manpage was just covering things that worked well, and in the code itself were things waiting to be tested better. It shows a 3 chunk raid 1 setup, but doesn't mention anything about hot standby. I'm not aware of 3 disk RAID 1 otherwise. Also, for some reason (I think past misc@ posts) I was under the impression that this would be similar to Vinum. From what I'm hearing back it's actually a RAIDFrame replacement. The manpage doesn't really go over it's final goal. Testing related: I saw your message on the 15th asking for help. I plan to run that through a SPARC machine, but I'm not sure if there are different ways to poke at the new code. Will different underlying hardware (besides architecture) make a difference, or is this a layer above that? Chris Marco Peereboom wrote: I'll take this as the documentation isn't good enough. Can you point me to the area that isn't clear? On Fri, Nov 16, 2007 at 11:29:20AM -0700, Chris Cameron wrote: I'm in a good position to test Softraid on an AMD and an UltraSPARC, however I've realized I don't know a lot about it (what -exactly- it's working to accomplish, and commands to use). Is there an overview of Softraid to get me started so I can be of some use? Chris
Re: Helping with Softraid testing
On Fri, Nov 16, 2007 at 01:26:32PM -0700, Chris Cameron wrote: I thought the manpage was just covering things that worked well, and in the code itself were things waiting to be tested better. It shows a 3 chunk raid 1 setup, but doesn't mention anything about hot standby. I'm not aware of 3 disk RAID 1 otherwise. Also, for some reason (I think past misc@ posts) I was under the impression that this would be similar to Vinum. From what I'm hearing back it's actually a RAIDFrame replacement. The manpage doesn't really go over it's final goal. Current goal is to get to a functional raid 1 and then we'll move on to the rest. Testing related: I saw your message on the 15th asking for help. I plan to run that through a SPARC machine, but I'm not sure if there are different ways to poke at the new code. Will different underlying hardware (besides architecture) make a difference, or is this a layer above that? It does a little. Some drivers are more reliable than other under failure conditions. The crappy part is that there is only so much we can do under certain circumstances. I do care to see reports though. Chris Marco Peereboom wrote: I'll take this as the documentation isn't good enough. Can you point me to the area that isn't clear? On Fri, Nov 16, 2007 at 11:29:20AM -0700, Chris Cameron wrote: I'm in a good position to test Softraid on an AMD and an UltraSPARC, however I've realized I don't know a lot about it (what -exactly- it's working to accomplish, and commands to use). Is there an overview of Softraid to get me started so I can be of some use? Chris
Re: Performance problem with CF card on AMD CS5536 IDE
My sandisks are quite fast (8MB/s or more, though I just had to throw a fairly new SDCFJ-1024 out with read errors?!) - I have a newish kingston which is slow (1.5MB/s elite pro cf/1GB-S 50x) - and a bunch of assorted old 32-64MB cards, the majority of which are reasonably quick (fujifilm, sandisk and pqi come to mind)
Re: Using CBQ with variable upload bandwidth
On 2007/11/16 12:49, Calomel wrote: I have to agree with Girish. Take some time and find out the average bandwidth for your link. ... You could also use a script. If you know what the current upload bandwidth amount is then you could vary the altq on $ExtIf bandwidth 744Kb line to reflect this. Say you have a 10Mb ethernet feed, plugged into an unmanaged switch with a bunch of other people in the building connecting to other ports, who sometimes use up all available bandwidth on the uplink, and other times use nothing. Now you want to take whatever of that uplink is available to you, and share it fairly between users, giving priority to some over others. Obviously if you set a queue at 10Mb you'll have problems sometimes. But if you set it at the average, you'll A) miss out on a lot of bandwidth most of the time and B) still have problems when the connection is heavily used by people in the building who aren't downstream of your PF box. Similar sort of deal with a normal shared-access satellite system. Someone please correct me if I'm wrong, but I think that congestion is defined as bw wanted bw configured on the interface in the 'altq on' definition. Problem there is you can't tell what is available at a given time. From what you quoted Jonathan: Queues with a higher priority are preferred during congestion over queues with a lower priority as long as both queues share the same parent OpenBSD's pf.conf(5) fits a little more information into about the same space: Priq queues with a higher priority are always served first. Cbq and Hfsc queues with a higher priority are preferred in the case of overload. I don't think it's possible to do exactly what's wanted with the existing altq disciplines. Priq would starve out lower priority queues; cbq/hfsc would have the problem that they can't identify an overload on this sort of uplink.
Re: Hardware for PF - more general questions
hasn't that been talked about a dozen times lately... * Richard Wilson [EMAIL PROTECTED] [2007-11-14 11:33]: I recall hearing tell (on here I think) that amd64 is a better arch for routing, because of better interrupt handling or somesuch. Is this true? i386 used too be much better. it is time this gets tested again. I am under the impression that if I want to do BGP, I need 1GB of RAM for the routing tables and whatnot. Given RAM is so cheap, and I'd like some future-proofing, is there any use in getting 2G instead? why not... more than 2G probably hurts more than it helps, but 2g should be fine. so should one. Is PF capable of making good use of multiple processors with GENERIC.MP, no or am I better off with a single faster CPU? yes I'm currently looking at a Dell PE860 (1U, Quad core [EMAIL PROTECTED], 1G RAM) or a Dell PE SC1435 (1U, Dual core [EMAIL PROTECTED], 1G RAM). They're near enough the same price, so its just a question of what will be best suited to running PF. My ignorant thought would be that 4 cores is better than 2, but if PF only uses one core perhaps if the Opteron has better interrupt handling then AMD would be the better choice. Is it relevant that the Xeon has 2x4MB cache and the Opteron has 2x1MB? more cache could help quite a bit. on the other hand, opteron has way faster memory access, that helps too... -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Slow Performance on Encrypted svnd
On 11/16/07, Ted Unangst [EMAIL PROTECTED] wrote: instead of pondering problems with using the whole disk, you could just use svnd with a file. Yeah but doesn't this hint at some horrible inefficiency in the stack somewhere? -Nick
Re: Slow Performance on Encrypted svnd
On Nov 16, 2007 1:32 PM, Ted Unangst [EMAIL PROTECTED] wrote: instead of pondering problems with using the whole disk, you could just use svnd with a file. Well, I think he just found the itch. Now the question is whether he'll scratch it, or will someone else find it interesting enough to scratch. -- This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. http://www.youtube.com/watch?v=tGvHNNOLnCk Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Slow Performance on Encrypted svnd
On 11/16/07, Nick Guenther [EMAIL PROTECTED] wrote: On 11/16/07, Ted Unangst [EMAIL PROTECTED] wrote: instead of pondering problems with using the whole disk, you could just use svnd with a file. Yeah but doesn't this hint at some horrible inefficiency in the stack somewhere? it hints at using tools the wrong way leading to poor results.
ospfd fib vs database
I have ospf running between OpenBSD 4.2 GENERIC.MP#304 i386 and a 1721
Cisco running c1700-k9o3sy7-mz.123-23.bin. ospfctl show fib ospf
shows 2 networks, the loopbacks and the gre link however ospfctl show
database area 0.0.0.0 shows only the loopbacks, why doesn't the
database show the gre link, and how is there an ospf route in the fib
when its not in the database?
Thank you for any help
# ospfctl show data area 0.0.0.0
Router Link States (Area 0.0.0.0)
Link ID Adv Router Age Seq# Checksum
192.168.179.1 192.168.179.1 988 0x8003 0xe33b
192.168.179.2 192.168.179.2 959 0x802e 0x0fbe
# ospfctl show fib osp
flags: * = valid, O = OSPF, C = Connected, S = Static
Flags Destination Nexthop
*O 172.16.0.0/30172.16.0.2
*O 192.168.179.2/32 172.16.0.2
# ifconfig gre0 inet
gre0: flags=9011UP,POINTOPOINT,LINK0,MULTICAST mtu 1476
groups: gre
physical address inet X -- X
inet 172.16.0.1 -- 172.16.0.2 netmask 0xfffc
# cat /etc/ospfd.conf
router-id 192.168.179.1
area 0.0.0.0 {
interface lo1:192.168.179.1
interface gre0
}
Router#sho run | b ospf
router ospf 179
router-id 192.168.179.2
log-adjacency-changes
network 172.16.0.0 0.0.15.255 area 0
network 192.168.179.0 0.0.0.255 area 0
--
-Lawrence
-Student ID 1028219
Support for 3ware 3W 8x00 (8006-2LP) in 4.2
Hi, I was wondering if the 3ware 8006-2LP is supported in 4.2. The http://www.openbsd.org/i386.html page only lists 5x00, 6x00 and 7x00 as supported devices, but the man page says that 8000 is supported as well. (just trying to find a cheap SATA hardware raid card...) Thanks ! Pawel.
Re: securing OpenBSD wireless network
On Nov 16, 2007 2:39 PM, Juan Miscaro [EMAIL PROTECTED] wrote:
Hi gang,
So I'm setting up my first wireless network for a small business with
OpenBSD acting as internet gateway. I am familiar with OpenBSD as
gateway but not in the wireless context. I picked myself up a card
that the docs say is supported (Linksys WMP54G) and will be installing
4.2 from my CD this evening.
At this point I'm asking myself the obvious question. How do I secure
my network? I see the authpf is used a lot but is there anything else
I can do? What of VPN? If so, what implementation?
My client stations will be Ubuntu Linux.
Thank you in advance to any responders,
// juan
Get a sneak peak at messages with a handy reading pane with All new
Yahoo! Mail: http://mail.yahoo.ca
I combined authpf with OpenVPN, using some big hints from some easily
google-able places. Even though WEP and WPA aren't supported by
OpenBSD, I still wanted to have authenticated and encrypted traffic.
This might be overkill for some but it works for me.
After setting up the wireless interface to dhcpd a private netblock, I
locked it down with pf:
block in on $wlan_if
pass in on $wlan_if proto udp to port { bootps, bootpc }
pass in on $wlan_if proto udp to ($wlan_if:0) port domain
pass in on $wlan_if proto tcp to ($wlan_if:0) port ssh
Then I setup authpf to allow authenticated users the ability to
connect to the VPN:
pass in on $wlan_if proto udp from authpf_users to ($wlan_if:0) port 1194
Next I configured OpenVPN in routed mode. It hands out IPs from yet
another private netblock I have permanently attached to lo1.
Finally, I treat the tun0 interface like a semi-trusted wired
interface in pf and apply my standard list of allowable client
applications:
client_if = { sk0, tun0 }
pass in on $client_if proto udp to port $udp_client_ports
pass in on $client_if proto tcp to port $tcp_client_ports
This obviously isn't my full pf.conf, and care must be taken because
the rules are highly dependent on order. My initial setup took nearly
a full day to configure and troubleshoot, since I had to get pf,
authpf, dhcpd, named, and OpenVPN to all cooperate. I found that
selectively allowing and denying ICMP was of great assistance while
testing pf rules and tcpdump to be essential when I had other services
misconfigured.
Windows and OS X OpenVPN clients are readily available and
configuration is easy if you understood what you were doing when
setting up the OpenVPN server.
Although I feel like I've got a good handle on all the interactions
here, I'm no professional and if there are any gaping holes in this
setup, I am eager to hear about them. I plan to investigate IPSEC in
the near future, which may be an alternative.
--david
Re: Support for 3ware 3W 8x00 (8006-2LP) in 4.2
On 16 Nov 2007 at 16:36, Pawel Veselov wrote: Hi, I was wondering if the 3ware 8006-2LP is supported in 4.2. The http://www.openbsd.org/i386.html page only lists 5x00, 6x00 and 7x00 as supported devices, but the man page says that 8000 is supported as well. (just trying to find a cheap SATA hardware raid card...) Thanks ! Pawel. Executive summary: Find another card or use soft-raid. The long answer: The redundancy provided by a RAID set is merely a stop-gap measure -- it allows to avoid a hard crash and perform the necessary maintenance on your terms (i.e. when it is more convenient). It is not a panacea against disk failure, which almost inevitably will eventually occur given heavy enough usage and/or harsh environmental conditions. Therefore, the health monitoring and any live maintenace capabilities provided by the card are probably its most important features. Unfortunately, due to pigheadedness of 3ware marketing team, neither of these capabilities are available to OSS -- they exist strictly in form of binary blobs for a very few platforms. Moreover, certain critical RAID functionality (e.g. background rebuild) has been moved from the card firmware and into the binary blob. Therefore, using one of these cards in a server you are flying TOTALLY BLIND. (BTW, even on their supported platforms they leave a lot to be desired: recently I've lost critical data during a cold reboot of a long-running server with a 3ware mirror set, as BOTH drives had developed serious hardware flaws that the card did not detect until the full reboot! Apparently they do NOT do SMART monitoring of connected drives...) - System Administrator[EMAIL PROTECTED] Bitwise Internet Technologies, Inc. 22 Drydock Avenue tel: (617) 737-1837 Boston, MA 02210 fax: (617) 439-4941
Re: Support for 3ware 3W 8x00 (8006-2LP) in 4.2
On Fri, Nov 16, 2007 at 08:15:22PM -0500, System Administrator wrote: On 16 Nov 2007 at 16:36, Pawel Veselov wrote: (just trying to find a cheap SATA hardware raid card...) Executive summary: Find another card or use soft-raid. The long answer: The redundancy provided by a RAID set is merely a stop-gap measure -- it allows to avoid a hard crash and perform the necessary maintenance on your terms (i.e. when it is more convenient). It is not a panacea against disk failure, which almost inevitably will eventually occur given heavy enough usage and/or harsh environmental conditions. Therefore, the health monitoring and any live maintenace capabilities provided by the card are probably its most important features. [snip problems with the 3ware card] Then what card would be suggested that will provide the necessary support (as outlined) for SATA drives? Assuming that there will be a price range, what would that range look like? Doug.
Re: Performance problem with CF card on AMD CS5536 IDE
Christian Weisgerber [EMAIL PROTECTED] wrote: I've started playing with a CF in a bigger machine, and the results are rather disappointing. [...] So I briefly switched the CF cards. * The SanDisk does on the order of 15 MB/s read, 10 MB/s write in the amd64. Without monopolizing the CPU. * The Transcend sucks as badly in the Soekris as it does in the amd64. Writing goes up to 500 kB/s, reading drops to 1.5 MB/s. * When I put the Transcend in my noname USB CF reader, it performs more reasonably, 7 MB/s or so. Clearly, not all CF cards are created equal. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Problem with ftp-proxy and pf... Can connect but cannot list, put, or get files from ftp server!
Hello,
I just had a server crash luckily I had all my configurations backed
up. So anyways I restore everything to the same way it was before the
server crash however pf and ftp-proxy isn't working the way it used
to. I installed using the same openbsd cds when I previously installed
it so everything should be the same.
I am using this openbsd (v4.1) machine as a router, I have a ftp
server behind the router that people from the internet need to be able
to access and I need to be able to access public ftp's from machines
behind my router.
The weird thing is that I can connect from the internet to my ftp
machine that is behind the router (openbsd computer) but I cannot
list, put, or get files! I am also having the exact same symptons
connecting to public ftps from machines behind the router (openbsd
computer), I can connect to them no problem but I cannot list, put, or
get files from them.
This is the same exact pf configuration I had before my machine went
down and yes I am running two instances of ftp-proxy to make this
work. The first instance of ftp proxy is configured to proxy
connections to my internel ftp server and I have that running as
`ftp-proxy -R 192.168.10.9 -p 21 -b my public ip`... The second
instance of ftp proxy is for connections going out to the internet
which is `ftp-proxy -p 8021 127.0.0.1`.
Below is my pf.conf
# Macros: define common values, so they can be referenced and changed easily.
ext_if=bge0 # External interface
ext_ip=my pub ip# External IP
ext_carp_if=carp0 # External carp interface
ext_carp_ip=my shared pub ip # External carp IP
ext_ifs={ $ext_if $ext_carp_if }# All external interfaces
int_if=bge1 # Internal interface
int_carp_if0=carp1# Internal carp interface 1
int_carp_if1=carp2# Internal carp interface 2
carp_ifs={ $ext_if $int_if }# Interfaces which do carp
loop_if=lo0 # Loopback Interface
bridge_if=bridge0 # Brige Interface
tap_if=tap0 # Tap Interface
pflog_if=pflog0 # Pflog Interface
pfsync_if=xl0 # Pfsync infterface
int_ifs={ $int_if $int_carp_if0 $int_carp_if1 \
$loop_if $bridge_if $tap_if $pflog_if \
$pfsync_if }# All internal interfaces
external_addr=192.168.1.1 # External Address
internal_net=192.168.10.0/24 # Internal Network
icmp_types={0, 3, 4, 8, 11, 12} # Allowed ICMP Types
no_route={ 127.0.0.0/8, 192.168.0.0/24, \
172.16.0.0/12, 10.0.0.0/8 }# Non routable IPs
# SERVERS #
ftp_server=192.168.10.9
mail_server=192.168.10.9
# Tables: similar to macros, but more flexible for many addresses.
#table foo { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 }
# Options: tune the behavior of pf, defaults given
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit {states 1, frags 5000} # Sets hard limits
used on memory pools
set loginterface $ext_if# Which interface to log
set optimization normal # Optimize engine for network
set block-policy drop # Default behavior of
block policy
set require-order yes # Enforce ordering of statements
set fingerprints /etc/pf.os # Fingerprints
set debug loud # Level of debug
set skip on $loop_if# Disable pf on which devices
# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
scrub in on $ext_ifs all fragment reassemble
trying cwm while running ion
My system boots to xdm I login to ion. Is there any way I could try out cwm while I am running ion? Thanks.
