Re: build a release

[banana split]

> I'm not sure that building the system from source is the primary target
sorry, why? what is the primary way? I've learnt many many things


> (Hint; use snapshots)
man pages & faqs are amazing so it is quite impossible that things go wrong.
however there are no snapshots since 6 may and because many interesting things
were added to the tree building from the source was the only way to get in
touch with new stuff.

> Search the fine archives, as mentioned in the fine FAQ (if you have not
> already done so).
>
> http://marc.info/?l=openbsd-misc
> http://marc.info/?l=openbsd-misc&s=error+code+ignored
my bad! my apologies! it will never happen!

Re: uvm_mapent_alloc: out of static map entries on 4.3 i386

[Kevin]

On Thu, May 15, 2008 at 7:07 PM, Ted Unangst <[EMAIL PROTECTED]> wrote:
> On 5/15/08, Kevin <[EMAIL PROTECTED]> wrote:
>> All,
>>
>>  I'm getting quite a lot of these errors in /var/log/messages and can't
>>  seem to find an appropriate fix in the archives:
>>
>>  May 14 21:05:54 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>  May 14 21:57:47 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>  May 14 23:00:05 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>  May 15 07:27:53 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>  May 15 07:39:59 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>
>>  N.B. This machine serves mirror content for various F/OSS projects in
>>  addition to standard www content, so it quite often has >350 users
>>  concurrently connected downloading mirrored content (in addition to
>>  visitors who're actually visiting the site).
>
> Are you using squid as well?  You may try doing something like
> restarting apache.
Funny you should ask. Yes and no. We are proxying some of the site's
content, but it's with apache's mod_proxy.

(No way around this from what we can see as it solves some business
needs in terms of content delivery and is an easy fix to an otherwise
vexing problem.)

Restarting apache always solves the problem, but that's hardly a fix.
Sure, I could crontab it to do so automatically and just periodically
kick everyone off, but that's super yucky and still doesn't really
*solve* the problem I'd feel good about that being the only answer
if this were 1998, and we were running IIS on Windows NT 4.0. :-)

> The problem seems related to certain long running processes with
> fragmented address spaces.
I'll go out on a limb and assume this is the case since some of the
files being downloaded are certainly ~100mb or more... some are entire
DVD ISOs. I'd say these downloads qualify as "long running processes,"
no?

> Basically, in order to manage address spaces, the kernel keeps track
> of a bunch of maps.  Entries in these maps are stored in... map
> entries.  In certain situations, the kernel can't wait to allocate a
> map entry, so it grabs one from a static list.  Previously, when they
> ran out, the kernel paniced.  Now it just says uh oh.  The kernel will
> merrily go on making more static entries as needed.
>
> I'd keep track of how often the message appears.  At some point, it
> should stop.  But it's not really alarming, unless it continues to
> print that continuously.

It isn't alarming per se, but the sites on the server *definitely*
stop accepting new visitors at some point. This seems to correlate
directly to the uvm_mapent_alloc log events.

If it were only the mirror visitors who were getting turned away that
would be one thing, but it's actually interfering with regular
traffic, too. :-(

In short, I'm trying to find a way to:
1.) serve the oodles of mirror content (since we ourselves rely so
heavily on F/OSS we want to make sure the mirrors are running both for
ourselves and others) and
2.) also keep our normal site traffic humming along, too.

I'm hoping to get to the point where "It Just Works", and it sure
seems like the server itself has the horsepower to do it.

If the CPUs were sweating hard or we were swapping heavily, it would
make sense, but for it to be knuckling under what seems to me to be
relatively light load seems like there's something else I can do to
make it happy.

Knobs, dials, levers, custom kernels, and custom apache builds they
may be, but at this point I'm open to just about anything and
everything including witch doctors, Chinese herbalists, and/or
exorcists to get the problem solved. :-)


Thanks much,
Kevin

Re: ipsec home network to colo server

[Claer]

On Thu, May 15 2008 at 09:09, Lord Sporkton wrote:

> 2008/5/14 Lord Sporkton <[EMAIL PROTECTED]>:
> > 2008/5/14 scott learmonth <[EMAIL PROTECTED]>:
> >>> On Tue, May 13, 2008 at 5:41 PM, Lord Sporkton <[EMAIL PROTECTED]>
> >>> wrote:
>  I am trying to set up a ipsec link between my home network(private ip
>   network behind dynamic public ip)
>   and my colo server(single public static ip). I was a bit unclear on
>   how to set up a tunnel between a static
>   and dynamic ip
> 
>   interesting traffic:
>   208.70.72.13 -> 10.0.0.0/16
> 
> 
>   My sad seems to set up ok, however afterward i get no flows and can not
>  pass
>   data, ive checked out logs, and ipsecctl -m, but see nothing of use.
> 
>   Below is data i believe relevant, if anything else is requested i will
>   do my best to post it back in a timely fashion
>   thank you
> 
> 
>   colo server:
> 
>   # uname -a
>   OpenBSD angie.sporkton.com 4.3 GENERIC#846 i386
>   # cat /etc/ipsec.conf
> 
>   ike passive from 208.70.72.13 to 10.0.0.0/16 \
>  aggressive auth hmac-sha1 enc 3des group modp1024   \
>  quick auth hmac-sha1 enc 3des \
>  srcid "angie.sporkton.com" dstid "fire.sporkton.com" \
>  psk "password"
>   # ipsecctl -sa
>   FLOWS:
>   No flows
> 
>   SAD:
>   esp tunnel from 67.159.171.204 to 208.70.72.13 spi 0x26974f0d auth
>   hmac-sha1 enc 3des-cbc
>   esp tunnel from 208.70.72.13 to 67.159.171.204 spi 0xeac5bef2 auth
>   hmac-sha1 enc 3des-cbc
>   #
> 
>   ipsecctl -m output:
> 
>   sadb_getspi: satype esp vers 2 len 10 seq 9 pid 7557
>  address_src: 67.159.171.204
>  address_dst: 208.70.72.13
>  spirange: min 0x0100 max 0x
>   sadb_getspi: satype esp vers 2 len 10 seq 9 pid 7557
>  sa: spi 0x581ea1f0 auth none enc none
>  state mature replay 0 flags 0
>  address_src: 67.159.171.204
>  address_dst: 208.70.72.13
>   sadb_add: satype esp vers 2 len 50 seq 10 pid 7557
>  sa: spi 0xe4968f00 auth hmac-sha1 enc 3des-cbc
>  state mature replay 16 flags 4
>  lifetime_hard: alloc 0 bytes 0 add 1200 first 0
>  lifetime_soft: alloc 0 bytes 0 add 1080 first 0
>  address_src: 208.70.72.13
>  address_dst: 67.159.171.204
>  key_auth: bits 160: e7ee5eafe49c95cafc506ba1ba6c174a584e4859
>  key_encrypt: bits 192:
>  65c174f84e389d2022ffbf9c1f152348d7b7f708ef757014
>  identity_src: type fqdn id 0: angie.sporkton.com
>  identity_dst: type fqdn id 0: fire.sporkton.com
>  src_mask: 255.255.255.255
>  dst_mask: 255.255.0.0
>  protocol: proto 0 flags 0
>  flow_type: type unknown direction out
>  src_flow: 208.70.72.13
>  dst_flow: 10.0.0.0
>   sadb_add: satype esp vers 2 len 42 seq 10 pid 7557
>  sa: spi 0xe4968f00 auth hmac-sha1 enc 3des-cbc
>  state mature replay 16 flags 4
>  lifetime_hard: alloc 0 bytes 0 add 1200 first 0
>  lifetime_soft: alloc 0 bytes 0 add 1080 first 0
>  address_src: 208.70.72.13
>  address_dst: 67.159.171.204
>  identity_src: type fqdn id 0: angie.sporkton.com
>  identity_dst: type fqdn id 0: fire.sporkton.com
>  src_mask: 255.255.255.255
>  dst_mask: 255.255.0.0
>  protocol: proto 0 flags 0
>  flow_type: type unknown direction out
>  src_flow: 208.70.72.13
>  dst_flow: 10.0.0.0
>   sadb_update: satype esp vers 2 len 50 seq 11 pid 7557
>  sa: spi 0x581ea1f0 auth hmac-sha1 enc 3des-cbc
>  state mature replay 16 flags 4
>  lifetime_hard: alloc 0 bytes 0 add 1200 first 0
>  lifetime_soft: alloc 0 bytes 0 add 1080 first 0
>  address_src: 67.159.171.204
>  address_dst: 208.70.72.13
>  key_auth: bits 160: c2beffabe156d0dbaca586e730694a4ff3cc4ef5
>  key_encrypt: bits 192:
>  496cd320b35638d36dd8f899b8ce76c150840092db466715
>  identity_src: type fqdn id 0: fire.sporkton.com
>  identity_dst: type fqdn id 0: angie.sporkton.com
>  src_mask: 255.255.0.0
>  dst_mask: 255.255.255.255
>  protocol: proto 0 flags 0
>  flow_type: type unknown direction in
>  src_flow: 10.0.0.0
>  dst_flow: 208.70.72.13
>   sadb_update: satype esp vers 2 len 42 seq 11 pid 7557
>  sa: spi 0x581ea1f0 auth hmac-sha1 enc 3des-cbc
>  state mature replay 16 flags 4
>  lifetime_hard: alloc 0 bytes 0 add 1200 first 0
>    

Asia Resort Market Review

[David Kan]

Dear ,

We are in the development of Victoo - Free Tourism & Hospitality
Management Resources. I hope you like to join this online community at
www.victoo.com.

Below is our 3 market report documents of Victoo's Free Resources
Sharing:

Asia Resort Market Review A special report from Horwath HTL about Resort
Market Trends in Thailand, Philippine, Vietnam, Malaysia, Indonesia.

The Future Of The Hotel Industry "It doesn’t do as much as we can dream.
I don’t know if we’ll ever solve that one . . .” This is what one hotel
senior executive recently told us when we asked how technology was
constraining his bus..."As part of our ongoing quest to ensure we deliver
future-proof technology, we commissioned research with Inspire Resources
in the second half of 2007 to find out exactly what the industry was
dreaming about.

Vietnam Development in Travel & Tourism Economic liberalization has
become the dominant theme in Vietnam’s narrative as an emerging market.
Its transformation into a free-market, consumer-based society is marked
with the telltale signs of success: the country’s economic growth rate of
8% is steadily lifting its population of 85+ million into a middle-income
society; the poverty rate has been reduced to less than 20%; and the
literacy rate is above 90%.

Pls do not hesitate to post your comment on Bulletin Board of Victoo
Community.

Best Regards,

David Kan
Chief Editor - Victoo.com.
Tourism & Hospitality Management Resources.

Email: [EMAIL PROTECTED]
Http://www.victoo.com

--
Thank for your time and hope you get helpful things with this email.
If you don't want to receive this email, click UNSUBSCRIBEURL.
powered by phplist v 2.10.4, ) tincan ltd

updating ports after OS update

[Robert Urban]

Hi Folks,

in the upgrade guide there is a description of how to update packages after 
the OS has been updated.  The command mentioned is (with the appropriate env 
variable(s) set):


# pkg_add -ui -F update -F updatedepends

What do I need to do about the numerous ports I built and installed?  Do 
they need to be updated manually?


Also, I'm currently running 4.1, and would like to get to 4.3.  I guess I 
will need to do this in two hops.  Can I postpone package updating until 
I've finished updating the OS to 4.3?


cheers,

Robert Urban

Re: uvm_mapent_alloc: out of static map entries on 4.3 i386

[Ted Unangst]

On 5/15/08, Kevin <[EMAIL PROTECTED]> wrote:
> All,
>
>  I'm getting quite a lot of these errors in /var/log/messages and can't
>  seem to find an appropriate fix in the archives:
>
>  May 14 21:05:54 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>  May 14 21:57:47 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>  May 14 23:00:05 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>  May 15 07:27:53 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>  May 15 07:39:59 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>
>  N.B. This machine serves mirror content for various F/OSS projects in
>  addition to standard www content, so it quite often has >350 users
>  concurrently connected downloading mirrored content (in addition to
>  visitors who're actually visiting the site).

Are you using squid as well?  You may try doing something like
restarting apache.

The problem seems related to certain long running processes with
fragmented address spaces.

Basically, in order to manage address spaces, the kernel keeps track
of a bunch of maps.  Entries in these maps are stored in... map
entries.  In certain situations, the kernel can't wait to allocate a
map entry, so it grabs one from a static list.  Previously, when they
ran out, the kernel paniced.  Now it just says uh oh.  The kernel will
merrily go on making more static entries as needed.

I'd keep track of how often the message appears.  At some point, it
should stop.  But it's not really alarming, unless it continues to
print that continuously.

Re: PF Congestion and state table question

[Chris Kuethe]

On Thu, May 15, 2008 at 5:02 PM, nuffnough <[EMAIL PROTECTED]> wrote:
> 2008/5/9 Thomas Althoff <[EMAIL PROTECTED]>:
>
>
>  > I don't recall Henning's rule, search the archive something like X times
>  > your number of nics.
>
>  I completely misread this to mean "Hennings rule of misc is Search the
>  archive X times your number of nics before posting your question."

enc0, lo0 and pflog0 count as nics for the purposes of this rule. :)


-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: PF Congestion and state table question

[nuffnough]

2008/5/9 Thomas Althoff <[EMAIL PROTECTED]>:

> I don't recall Henning's rule, search the archive something like X times
> your number of nics.

I completely misread this to mean "Hennings rule of misc is Search the
archive X times your number of nics before posting your question."

Re: uvm_mapent_alloc: out of static map entries on 4.3 i386

[Darrian Hale]

Based on that netstat output, things look OK on your system.  On some
of my heavier loaded
systems, I will see the peak mbuf use hit the max.

Good luck, and as I said if you come up with something better, please
let me know.

-Darrian

On Thu, May 15, 2008 at 2:59 PM, Kevin <[EMAIL PROTECTED]> wrote:
> I see Allen beat me to the reply with the requested netstat data
> below, but in the mean time, I'm going to do the unthinkable and build
> a custom kernel with your mods and see where the chips fall. :-)
>
> Thanks for the suggestion.
>
> Kevin
>
>
>
> On Thu, May 15, 2008 at 2:45 PM, Allen <[EMAIL PROTECTED]> wrote:
>> On Thu, May 15, 2008 at 2:00 PM, Darrian Hale <[EMAIL PROTECTED]> wrote:
>>> What output to you get from 'netstat -m'?
>>
>> 2867 mbufs in use:
>>2566 mbufs allocated to data
>>274 mbufs allocated to packet headers
>>27 mbufs allocated to socket names and addresses
>> 1129/5450/6144 mbuf clusters in use (current/peak/max)
>> 13028 Kbytes allocated to network (22% in use)
>> 0 requests for memory denied
>> 0 requests for memory delayed
>> 0 calls to protocol drain routines
>>
>>
>>
>>> I might get yelled at for this as you mentioned people seem to hate
>>> custom kernels.
>>>
>>> But i've had good luck with the following options, I'm not sure which
>>> are still relevant, but they help.
>>>
>>> option NKMEMPAGES_MAX=81920
>>> option NKMEMPAGES=81920
>>> option MAX_KMAPENT=8192
>>>
>>> I've always received that error you described on any high load openbsd
>>> box.  Even with the above changes,
>>> you will eventually get the same error as your new limits are reached.
>>>
>>> If you come up with any better solutions, please let me know, i'd be
>>> very interested to hear them.
>>>
>>> -Darrian
>>>
>>> On Thu, May 15, 2008 at 10:29 AM, Kevin <[EMAIL PROTECTED]> wrote:
 All,

 I'm getting quite a lot of these errors in /var/log/messages and can't
 seem to find an appropriate fix in the archives:

 May 14 21:05:54 svr02 /bsd: uvm_mapent_alloc: out of static map entries
 May 14 21:57:47 svr02 /bsd: uvm_mapent_alloc: out of static map entries
 May 14 23:00:05 svr02 /bsd: uvm_mapent_alloc: out of static map entries
 May 15 07:27:53 svr02 /bsd: uvm_mapent_alloc: out of static map entries
 May 15 07:39:59 svr02 /bsd: uvm_mapent_alloc: out of static map entries

 N.B. This machine serves mirror content for various F/OSS projects in
 addition to standard www content, so it quite often has >350 users
 concurrently connected downloading mirrored content (in addition to
 visitors who're actually visiting the site).


 These messages correspond almost exactly with two things:

 1.) the sites having quite a few visitors
 2.) the sites becoming unavailable. In most cases, it fixes itself
 when the freeloaders (errr downloaders ;-) complete their file
 transfers.


 Possibly worth noting:

 1.) We've had to crank various settings in Apache to keep serving
 traffic, as the stock settings were too low: we were reaching the max
 daemons for Apache so new visitors were just out-of-luck.
 2.) When the system begins to knuckle under load, I'm taking a
 snapshot of various bits like the following.

 Here's one example:
 load averages:  0.45,  0.47,  0.4007:40:00
 247 processes: 245 idle, 2 on processor
 CPU0 states:  7.2% user,  0.0% nice,  2.6% system,  2.2% interrupt, 88.0% 
 idle
 CPU1 states:  3.6% user,  0.0% nice,  0.3% system,  1.9% interrupt, 94.3% 
 idle
 Memory: Real: 339M/737M act/tot  Free: 1272M  Swap: 0K/518M used/tot


 From the archives this seems to be something for which a fix *used* to
 be cranking up the following:

 maxusers 64
 option BUFCACHEPERCENT=25
 option MULTIPROCESSOR
 option MAX_KMAPENT=4000


 This hardly seems a real fix though--especially given everyone's
 hatred of knobs, custom kernels, and such though I'm certainly open to
 it if we can continue to keep the sites--and the mirrors--up.

 I think I've mentioned everything noteworthy though cluestick
 applications are welcome.

 Thanks,
 Kevin




 Here's the dmesg for any interested parties:


 OpenBSD 4.3 (GENERIC.MP) #2: Fri Apr 11 09:00:02 PDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
 cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel"
 686-class) 1.27 GHz
 cpu0: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
 real mem  = 2146992128 (2047MB)
 avail mem = 2067959808 (1972MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 01/25/02, BIOS32 rev. 0 @
 0xffe90, SMBIOS rev. 2.3 @ 0xfae20 (49 entries)
 bios0: vendor Dell Computer Corporation version "A06" date 01/25/2002

Re: uvm_mapent_alloc: out of static map entries on 4.3 i386

[Kevin]

I see Allen beat me to the reply with the requested netstat data
below, but in the mean time, I'm going to do the unthinkable and build
a custom kernel with your mods and see where the chips fall. :-)

Thanks for the suggestion.

Kevin



On Thu, May 15, 2008 at 2:45 PM, Allen <[EMAIL PROTECTED]> wrote:
> On Thu, May 15, 2008 at 2:00 PM, Darrian Hale <[EMAIL PROTECTED]> wrote:
>> What output to you get from 'netstat -m'?
>
> 2867 mbufs in use:
>2566 mbufs allocated to data
>274 mbufs allocated to packet headers
>27 mbufs allocated to socket names and addresses
> 1129/5450/6144 mbuf clusters in use (current/peak/max)
> 13028 Kbytes allocated to network (22% in use)
> 0 requests for memory denied
> 0 requests for memory delayed
> 0 calls to protocol drain routines
>
>
>
>> I might get yelled at for this as you mentioned people seem to hate
>> custom kernels.
>>
>> But i've had good luck with the following options, I'm not sure which
>> are still relevant, but they help.
>>
>> option NKMEMPAGES_MAX=81920
>> option NKMEMPAGES=81920
>> option MAX_KMAPENT=8192
>>
>> I've always received that error you described on any high load openbsd
>> box.  Even with the above changes,
>> you will eventually get the same error as your new limits are reached.
>>
>> If you come up with any better solutions, please let me know, i'd be
>> very interested to hear them.
>>
>> -Darrian
>>
>> On Thu, May 15, 2008 at 10:29 AM, Kevin <[EMAIL PROTECTED]> wrote:
>>> All,
>>>
>>> I'm getting quite a lot of these errors in /var/log/messages and can't
>>> seem to find an appropriate fix in the archives:
>>>
>>> May 14 21:05:54 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>> May 14 21:57:47 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>> May 14 23:00:05 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>> May 15 07:27:53 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>> May 15 07:39:59 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>>
>>> N.B. This machine serves mirror content for various F/OSS projects in
>>> addition to standard www content, so it quite often has >350 users
>>> concurrently connected downloading mirrored content (in addition to
>>> visitors who're actually visiting the site).
>>>
>>>
>>> These messages correspond almost exactly with two things:
>>>
>>> 1.) the sites having quite a few visitors
>>> 2.) the sites becoming unavailable. In most cases, it fixes itself
>>> when the freeloaders (errr downloaders ;-) complete their file
>>> transfers.
>>>
>>>
>>> Possibly worth noting:
>>>
>>> 1.) We've had to crank various settings in Apache to keep serving
>>> traffic, as the stock settings were too low: we were reaching the max
>>> daemons for Apache so new visitors were just out-of-luck.
>>> 2.) When the system begins to knuckle under load, I'm taking a
>>> snapshot of various bits like the following.
>>>
>>> Here's one example:
>>> load averages:  0.45,  0.47,  0.4007:40:00
>>> 247 processes: 245 idle, 2 on processor
>>> CPU0 states:  7.2% user,  0.0% nice,  2.6% system,  2.2% interrupt, 88.0% 
>>> idle
>>> CPU1 states:  3.6% user,  0.0% nice,  0.3% system,  1.9% interrupt, 94.3% 
>>> idle
>>> Memory: Real: 339M/737M act/tot  Free: 1272M  Swap: 0K/518M used/tot
>>>
>>>
>>> From the archives this seems to be something for which a fix *used* to
>>> be cranking up the following:
>>>
>>> maxusers 64
>>> option BUFCACHEPERCENT=25
>>> option MULTIPROCESSOR
>>> option MAX_KMAPENT=4000
>>>
>>>
>>> This hardly seems a real fix though--especially given everyone's
>>> hatred of knobs, custom kernels, and such though I'm certainly open to
>>> it if we can continue to keep the sites--and the mirrors--up.
>>>
>>> I think I've mentioned everything noteworthy though cluestick
>>> applications are welcome.
>>>
>>> Thanks,
>>> Kevin
>>>
>>>
>>>
>>>
>>> Here's the dmesg for any interested parties:
>>>
>>>
>>> OpenBSD 4.3 (GENERIC.MP) #2: Fri Apr 11 09:00:02 PDT 2008
>>>[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
>>> cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel"
>>> 686-class) 1.27 GHz
>>> cpu0: 
>>> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
>>> real mem  = 2146992128 (2047MB)
>>> avail mem = 2067959808 (1972MB)
>>> mainbus0 at root
>>> bios0 at mainbus0: AT/286+ BIOS, date 01/25/02, BIOS32 rev. 0 @
>>> 0xffe90, SMBIOS rev. 2.3 @ 0xfae20 (49 entries)
>>> bios0: vendor Dell Computer Corporation version "A06" date 01/25/2002
>>> bios0: Dell Computer Corporation PowerEdge 2550
>>> acpi0 at bios0: rev 0
>>> acpi0: tables DSDT FACP APIC SPCR
>>> acpi0: wakeup devices PCI1(S5) PCI2(S5) PCI0(S5)
>>> acpitimer0 at acpi0: 3579545 Hz, 32 bits
>>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>>> cpu0 at mainbus0: apid 1 (boot processor)
>>> cpu0: apic clock running at 132MHz
>>> cpu1 at mainbus0: apid 0 (application processor)
>>> cpu1: Intel(R) Pentium(R) 

Re: uvm_mapent_alloc: out of static map entries on 4.3 i386

[Allen]

On Thu, May 15, 2008 at 2:00 PM, Darrian Hale <[EMAIL PROTECTED]> wrote:
> What output to you get from 'netstat -m'?

2867 mbufs in use:
2566 mbufs allocated to data
274 mbufs allocated to packet headers
27 mbufs allocated to socket names and addresses
1129/5450/6144 mbuf clusters in use (current/peak/max)
13028 Kbytes allocated to network (22% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines



> I might get yelled at for this as you mentioned people seem to hate
> custom kernels.
>
> But i've had good luck with the following options, I'm not sure which
> are still relevant, but they help.
>
> option NKMEMPAGES_MAX=81920
> option NKMEMPAGES=81920
> option MAX_KMAPENT=8192
>
> I've always received that error you described on any high load openbsd
> box.  Even with the above changes,
> you will eventually get the same error as your new limits are reached.
>
> If you come up with any better solutions, please let me know, i'd be
> very interested to hear them.
>
> -Darrian
>
> On Thu, May 15, 2008 at 10:29 AM, Kevin <[EMAIL PROTECTED]> wrote:
>> All,
>>
>> I'm getting quite a lot of these errors in /var/log/messages and can't
>> seem to find an appropriate fix in the archives:
>>
>> May 14 21:05:54 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>> May 14 21:57:47 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>> May 14 23:00:05 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>> May 15 07:27:53 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>> May 15 07:39:59 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>>
>> N.B. This machine serves mirror content for various F/OSS projects in
>> addition to standard www content, so it quite often has >350 users
>> concurrently connected downloading mirrored content (in addition to
>> visitors who're actually visiting the site).
>>
>>
>> These messages correspond almost exactly with two things:
>>
>> 1.) the sites having quite a few visitors
>> 2.) the sites becoming unavailable. In most cases, it fixes itself
>> when the freeloaders (errr downloaders ;-) complete their file
>> transfers.
>>
>>
>> Possibly worth noting:
>>
>> 1.) We've had to crank various settings in Apache to keep serving
>> traffic, as the stock settings were too low: we were reaching the max
>> daemons for Apache so new visitors were just out-of-luck.
>> 2.) When the system begins to knuckle under load, I'm taking a
>> snapshot of various bits like the following.
>>
>> Here's one example:
>> load averages:  0.45,  0.47,  0.4007:40:00
>> 247 processes: 245 idle, 2 on processor
>> CPU0 states:  7.2% user,  0.0% nice,  2.6% system,  2.2% interrupt, 88.0% 
>> idle
>> CPU1 states:  3.6% user,  0.0% nice,  0.3% system,  1.9% interrupt, 94.3% 
>> idle
>> Memory: Real: 339M/737M act/tot  Free: 1272M  Swap: 0K/518M used/tot
>>
>>
>> From the archives this seems to be something for which a fix *used* to
>> be cranking up the following:
>>
>> maxusers 64
>> option BUFCACHEPERCENT=25
>> option MULTIPROCESSOR
>> option MAX_KMAPENT=4000
>>
>>
>> This hardly seems a real fix though--especially given everyone's
>> hatred of knobs, custom kernels, and such though I'm certainly open to
>> it if we can continue to keep the sites--and the mirrors--up.
>>
>> I think I've mentioned everything noteworthy though cluestick
>> applications are welcome.
>>
>> Thanks,
>> Kevin
>>
>>
>>
>>
>> Here's the dmesg for any interested parties:
>>
>>
>> OpenBSD 4.3 (GENERIC.MP) #2: Fri Apr 11 09:00:02 PDT 2008
>>[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
>> cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel"
>> 686-class) 1.27 GHz
>> cpu0: 
>> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
>> real mem  = 2146992128 (2047MB)
>> avail mem = 2067959808 (1972MB)
>> mainbus0 at root
>> bios0 at mainbus0: AT/286+ BIOS, date 01/25/02, BIOS32 rev. 0 @
>> 0xffe90, SMBIOS rev. 2.3 @ 0xfae20 (49 entries)
>> bios0: vendor Dell Computer Corporation version "A06" date 01/25/2002
>> bios0: Dell Computer Corporation PowerEdge 2550
>> acpi0 at bios0: rev 0
>> acpi0: tables DSDT FACP APIC SPCR
>> acpi0: wakeup devices PCI1(S5) PCI2(S5) PCI0(S5)
>> acpitimer0 at acpi0: 3579545 Hz, 32 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 1 (boot processor)
>> cpu0: apic clock running at 132MHz
>> cpu1 at mainbus0: apid 0 (application processor)
>> cpu1: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel"
>> 686-class) 1.27 GHz
>> cpu1: 
>> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
>> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 16 pins
>> ioapic0: misconfigured as apic 0, remapped to apid 2
>> ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins
>> ioapic1: misconfigured as apic 0, remapped to apid 3
>> acpiprt0 at acpi0: bus 0 (PCI1

Re: OpenBGPD decision process non deterministic ?

[Uli Bornhauser]

Hi Daniel,

I reviewed the code and think that OpenBGPD supports only the behavior of
Cisco routers when bgp deterministic-med is disabled, cp. 
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094925.shtml
Cisco determinsitic-med attribute description .

Is there anybody who can confirm this?

Uli


DanielLyons wrote:
> 
> The OpenBGPD client stores paths in a list associated to an adress prefix.
> If a new route is learnt, the best path is reevaluated via prefix_evaluate
> in rde_decide.c. 
> prefix_evaluate looks for the right place to insert a new path in the list
> by comparing the new path with the others one at the time via prefix_cmp,
> starting from the end of the list.
> 
> This procedure seems to be non deterministic.
> 

-- 
View this message in context: 
http://www.nabble.com/OpenBGPD-decision-process-non-deterministic---tp16743362p17262947.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: uvm_mapent_alloc: out of static map entries on 4.3 i386

[Darrian Hale]

What output to you get from 'netstat -m'?

I might get yelled at for this as you mentioned people seem to hate
custom kernels.

But i've had good luck with the following options, I'm not sure which
are still relevant, but they help.

option NKMEMPAGES_MAX=81920
option NKMEMPAGES=81920
option MAX_KMAPENT=8192

I've always received that error you described on any high load openbsd
box.  Even with the above changes,
you will eventually get the same error as your new limits are reached.

If you come up with any better solutions, please let me know, i'd be
very interested to hear them.

-Darrian

On Thu, May 15, 2008 at 10:29 AM, Kevin <[EMAIL PROTECTED]> wrote:
> All,
>
> I'm getting quite a lot of these errors in /var/log/messages and can't
> seem to find an appropriate fix in the archives:
>
> May 14 21:05:54 svr02 /bsd: uvm_mapent_alloc: out of static map entries
> May 14 21:57:47 svr02 /bsd: uvm_mapent_alloc: out of static map entries
> May 14 23:00:05 svr02 /bsd: uvm_mapent_alloc: out of static map entries
> May 15 07:27:53 svr02 /bsd: uvm_mapent_alloc: out of static map entries
> May 15 07:39:59 svr02 /bsd: uvm_mapent_alloc: out of static map entries
>
> N.B. This machine serves mirror content for various F/OSS projects in
> addition to standard www content, so it quite often has >350 users
> concurrently connected downloading mirrored content (in addition to
> visitors who're actually visiting the site).
>
>
> These messages correspond almost exactly with two things:
>
> 1.) the sites having quite a few visitors
> 2.) the sites becoming unavailable. In most cases, it fixes itself
> when the freeloaders (errr downloaders ;-) complete their file
> transfers.
>
>
> Possibly worth noting:
>
> 1.) We've had to crank various settings in Apache to keep serving
> traffic, as the stock settings were too low: we were reaching the max
> daemons for Apache so new visitors were just out-of-luck.
> 2.) When the system begins to knuckle under load, I'm taking a
> snapshot of various bits like the following.
>
> Here's one example:
> load averages:  0.45,  0.47,  0.4007:40:00
> 247 processes: 245 idle, 2 on processor
> CPU0 states:  7.2% user,  0.0% nice,  2.6% system,  2.2% interrupt, 88.0% idle
> CPU1 states:  3.6% user,  0.0% nice,  0.3% system,  1.9% interrupt, 94.3% idle
> Memory: Real: 339M/737M act/tot  Free: 1272M  Swap: 0K/518M used/tot
>
>
> From the archives this seems to be something for which a fix *used* to
> be cranking up the following:
>
> maxusers 64
> option BUFCACHEPERCENT=25
> option MULTIPROCESSOR
> option MAX_KMAPENT=4000
>
>
> This hardly seems a real fix though--especially given everyone's
> hatred of knobs, custom kernels, and such though I'm certainly open to
> it if we can continue to keep the sites--and the mirrors--up.
>
> I think I've mentioned everything noteworthy though cluestick
> applications are welcome.
>
> Thanks,
> Kevin
>
>
>
>
> Here's the dmesg for any interested parties:
>
>
> OpenBSD 4.3 (GENERIC.MP) #2: Fri Apr 11 09:00:02 PDT 2008
>[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
> cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel"
> 686-class) 1.27 GHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
> real mem  = 2146992128 (2047MB)
> avail mem = 2067959808 (1972MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 01/25/02, BIOS32 rev. 0 @
> 0xffe90, SMBIOS rev. 2.3 @ 0xfae20 (49 entries)
> bios0: vendor Dell Computer Corporation version "A06" date 01/25/2002
> bios0: Dell Computer Corporation PowerEdge 2550
> acpi0 at bios0: rev 0
> acpi0: tables DSDT FACP APIC SPCR
> acpi0: wakeup devices PCI1(S5) PCI2(S5) PCI0(S5)
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 1 (boot processor)
> cpu0: apic clock running at 132MHz
> cpu1 at mainbus0: apid 0 (application processor)
> cpu1: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel"
> 686-class) 1.27 GHz
> cpu1: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 16 pins
> ioapic0: misconfigured as apic 0, remapped to apid 2
> ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins
> ioapic1: misconfigured as apic 0, remapped to apid 3
> acpiprt0 at acpi0: bus 0 (PCI1)
> acpiprt1 at acpi0: bus 1 (PCI2)
> acpiprt2 at acpi0: bus 2 (PCI0)
> acpiprt3 at acpi0: bus 3 (I960)
> acpicpu0 at acpi0
> acpicpu1 at acpi0
> bios0: ROM list: 0xc/0x8000 0xcc000/0x8000 0xec000/0x4000!
> esm0 at mainbus0
> esm0: PowerEdge 2550 Embedded Server Management 5.50
> esm0: Primary System Backplane 1.30
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20HE Host" rev 0x23
> pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20HE Host" rev 0x01
> pci1 at pchb1 bus 2
> ppb0 at pci1 dev 2 function 0 "

Re: pf-nat help

[Karl Karlsson]

Have you added your openbsd box internal ip in you laptops /etc/mygate and
thus have an default route set?

softraid device mismatch

[Frank Garcia]

Greetings--

I have 4 SATA disks configured as 2 raid-1 arrays on a 4.3 box (i386).

# bioctl -c 1 -l /dev/sd0a,/dev/sd1a softraid0
# bioctl -c 1 -l /dev/sd2a,/dev/sd3a softraid0

sd0a and sd1a are sd4, sd2a and sd3a are sd5:
# bioctl softraid0  

Volume  Status   Size Device  
softraid0 0 Online   750153704448 sd5 RAID1
  0 Online   750153704448 0:0.0   noencl 
  1 Online   750153704448 0:1.0   noencl 
softraid0 1 Online   750153704448 sd4 RAID1
  0 Online   750153704448 1:0.0   noencl 
  1 Online   750153704448 1:1.0   noencl 

All was perfect until a reboot... now even though the output from bioctl is the 
same, sd0a and sd1a are really sd5, and sd2a and sd3a are sd4, according to 
'vmstat iostat' during an 'fsck -fy /dev/sd4a':


4 usersLoad  0.42  0.30  0.32  Thu May 15 13:06:42 2008

Device   rKByteswKBytesrtps   wtps sec
wd00  0   0  0 0.0
cd00  0   0  0 0.0
sd00  0   0  0 0.0
sd10  0   0  0 0.0
sd213656  0 220  0 0.2
sd313924  0 220  0 0.2
sd427580  0 439  0 0.4
sd50  0   0  0 0.0
Totals 55160  0 879  0 0.9

And the data for sd4a is really on sd2 and sd3, as verified by physically 
removing disks sd0 and sd1 and seeing what's there on the next boot. And bioctl 
shows sd4 or sd5 even when only one pair of disks is in the machine and 
softraid puts the new array on sd2.

So far, this hasn't caused a problem as far as the data goes. I noticed it 
after copying tens of gigs over to the array. The only effect seems to be a 
mismatch between the device used by softraid and the label reported by bioctl 
after the first boot since array creation. Is having two arrays with softraid 
safe yet?

Frank

Re: build a release

[Alexander Hall]

banana split wrote:

hi all,

slowly by slowly I'm approaching to openbsd.
I've made some humble progress in this last month and I've a couple of
questions concerning the building the system from sources.


I'm not sure that building the system from source is the primary target 
when learning openbsd, however you seem to have succeeded, so...


(Hint; use snapshots)



1)
the $RELEASEDIR is filled with *.tgz after issued the make release but I have
these (ignored) errors at the end:

.
cd /usr/src/etc/../distrib/sets && exec  sh maketars 43
base: done.
comp: done.
etc: done.
game: done.
man: done.
misc: done.
cp /usr/dest/snapshot/*bsd* /usr/rel
cp /usr/dest/snapshot/*boot* /usr/rel
cp /usr/dest/snapshot/cdbr /usr/rel
cp /usr/dest/snapshot/*BOOT* /usr/rel
cp: /usr/dest/snapshot/*BOOT*: No such file or directory
*** Error code 1 (ignored)
cp /usr/dest/snapshot/cd*.iso /usr/rel
cp /usr/dest/snapshot/Packages /usr/rel
cp: /usr/dest/snapshot/Packages: No such file or directory
*** Error code 1 (ignored)
cp /usr/dest/snapshot/INSTALL.* /usr/rel
cp /usr/dest/snapshot/*.fs /usr/dest/snapshot/*.fs.gz /usr/rel
cp: /usr/dest/snapshot/*.fs.gz: No such file or directory
*** Error code 1 (ignored)
cd /usr/rel;  md5 *bsd!(*.gz) *boot* cdbr *BOOT* INSTALL.* Packages *.fs
*.iso *.gz *.tgz > MD5
md5: cannot open *BOOT*: No such file or directory
md5: cannot open Packages: No such file or directory
md5: cannot open *.gz: No such file or directory
cd /usr/rel && sort -o MD5 MD5

(ignored): any explanation is welcomed


All of the files above does not exist on all architectures.
Search the fine archives, as mentioned in the fine FAQ (if you have not 
already done so).


http://marc.info/?l=openbsd-misc
http://marc.info/?l=openbsd-misc&s=error+code+ignored


2)
after made the release I clean all the stuff around in the following way:

rm $RELEASEDIR
rm $DESTDIR
rm -rf /usr/obj/*


Seems ok to me, if you want to clean it all up.


cd /usr/src && make clean


If you ran "make obj", then this step should be unneccesary, since no 
files are then place within the source tree (only obj symlinks, but I do 
not think "make clean" removes those anyway).


/Alexander

Re: More details show that someone seriously fucked up in debian. [Was: Re: Debian libssl security (OpenSSH safe?)]

[Damien Miller]

On Wed, 14 May 2008, chefren wrote:

> On 5/13/08 7:08 PM, Marc Espie wrote:
> 
> > More details show that someone seriously fucked up in debian.
> 
> Well, this Kurt has seriously asked for details on the relevant openssl-dev
> list:
> 
> http://marc.info/?l=openssl-dev&m=114651085826293&w=2
> 
> And see what "arrogant as usual" Ben Laurie states:
> 
> http://www.links.org/?p=327
>
> "they should contribute their patches upstream to the package
> maintainers. Had Debian done this in this case, we (the OpenSSL Team)
> would have fallen about laughing, and once we had got our breath back,
> told them what a terrible idea this was."
>
> Kurt has clearly done so,

No, he hasn't. A question posed to a predominatly users' mailing list is
not the same as a proper bug report and patch submission. Vendors,
especially the size of Debian, should be held to a high standard of 
behaviour. Critically, he didn't identify that he was considering removing
these lines *for every user of Debian*.

> and I know personally of another totally
> ignored patch from our company and I have heard in the past about
> OpenBSD people trying to send patches to OpenSSL maintainers to no
> avail.

Speaking as someone who has done the last two revs of the OpenBSD libssl,
I haven't tried to upstream our changes - they OpenBSD specific things
like using /dev/arandom and /dev/crypto. I think that any serious patch
we sent would have a good chance of inclusion.

> The OpenSSL maintainers have proven not to read their mail, they aren't
> interested in cleaning up their big mess.
>
> Laurie also states "never fix a bug you dont understand" and this
> OpenSSL "hero" seems to forget that something that seems smart and OK
> now and here can be plain bad and ugly when looked at with some more
> distance or knowledge.

No, he is 100% correct. Vendors "adding value" to security software 
when they lack basic code comprehension skills is simply dangerous to
their users. It is surprising that this should be controversial.

> His "Adding uninitialised memory to it can do no harm and might do
> some good, which is why we do it." is pure arrogant and shortsighted
> shit to me.

Congratulations, you have just demonstrated youself to be the same
category of incomprehension as the Debian developers.

-d

uvm_mapent_alloc: out of static map entries on 4.3 i386

[Kevin]

All,

I'm getting quite a lot of these errors in /var/log/messages and can't
seem to find an appropriate fix in the archives:

 May 14 21:05:54 svr02 /bsd: uvm_mapent_alloc: out of static map entries
 May 14 21:57:47 svr02 /bsd: uvm_mapent_alloc: out of static map entries
 May 14 23:00:05 svr02 /bsd: uvm_mapent_alloc: out of static map entries
 May 15 07:27:53 svr02 /bsd: uvm_mapent_alloc: out of static map entries
 May 15 07:39:59 svr02 /bsd: uvm_mapent_alloc: out of static map entries

N.B. This machine serves mirror content for various F/OSS projects in
addition to standard www content, so it quite often has >350 users
concurrently connected downloading mirrored content (in addition to
visitors who're actually visiting the site).


These messages correspond almost exactly with two things:

1.) the sites having quite a few visitors
2.) the sites becoming unavailable. In most cases, it fixes itself
when the freeloaders (errr downloaders ;-) complete their file
transfers.


Possibly worth noting:

1.) We've had to crank various settings in Apache to keep serving
traffic, as the stock settings were too low: we were reaching the max
daemons for Apache so new visitors were just out-of-luck.
2.) When the system begins to knuckle under load, I'm taking a
snapshot of various bits like the following.

Here's one example:
load averages:  0.45,  0.47,  0.4007:40:00
247 processes: 245 idle, 2 on processor
CPU0 states:  7.2% user,  0.0% nice,  2.6% system,  2.2% interrupt, 88.0% idle
CPU1 states:  3.6% user,  0.0% nice,  0.3% system,  1.9% interrupt, 94.3% idle
Memory: Real: 339M/737M act/tot  Free: 1272M  Swap: 0K/518M used/tot


>From the archives this seems to be something for which a fix *used* to
be cranking up the following:

 maxusers 64
 option BUFCACHEPERCENT=25
 option MULTIPROCESSOR
 option MAX_KMAPENT=4000


This hardly seems a real fix though--especially given everyone's
hatred of knobs, custom kernels, and such though I'm certainly open to
it if we can continue to keep the sites--and the mirrors--up.

I think I've mentioned everything noteworthy though cluestick
applications are welcome.

Thanks,
Kevin




Here's the dmesg for any interested parties:


OpenBSD 4.3 (GENERIC.MP) #2: Fri Apr 11 09:00:02 PDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel"
686-class) 1.27 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 2146992128 (2047MB)
avail mem = 2067959808 (1972MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/25/02, BIOS32 rev. 0 @
0xffe90, SMBIOS rev. 2.3 @ 0xfae20 (49 entries)
bios0: vendor Dell Computer Corporation version "A06" date 01/25/2002
bios0: Dell Computer Corporation PowerEdge 2550
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SPCR
acpi0: wakeup devices PCI1(S5) PCI2(S5) PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 1 (boot processor)
cpu0: apic clock running at 132MHz
cpu1 at mainbus0: apid 0 (application processor)
cpu1: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel"
686-class) 1.27 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 16 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins
ioapic1: misconfigured as apic 0, remapped to apid 3
acpiprt0 at acpi0: bus 0 (PCI1)
acpiprt1 at acpi0: bus 1 (PCI2)
acpiprt2 at acpi0: bus 2 (PCI0)
acpiprt3 at acpi0: bus 3 (I960)
acpicpu0 at acpi0
acpicpu1 at acpi0
bios0: ROM list: 0xc/0x8000 0xcc000/0x8000 0xec000/0x4000!
esm0 at mainbus0
esm0: PowerEdge 2550 Embedded Server Management 5.50
esm0: Primary System Backplane 1.30
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20HE Host" rev 0x23
pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20HE Host" rev 0x01
pci1 at pchb1 bus 2
ppb0 at pci1 dev 2 function 0 "Intel i960 RM PCI-PCI" rev 0x02
pci2 at ppb0 bus 3
ahc0 at pci2 dev 4 function 0 "Adaptec AIC-7899 U160" rev 0x01: apic 3
int 15 (irq 11)
scsibus0 at ahc0: 16 targets
ahc1 at pci2 dev 4 function 1 "Adaptec AIC-7899 U160" rev 0x01: apic 3
int 14 (irq 10)
scsibus1 at ahc1: 16 targets
fxp0 at pci1 dev 4 function 0 "Intel 8255x" rev 0x08, i82559: apic 3
int 0 (irq 5), address 00:06:5b:3b:61:27
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
pchb2 at pci0 dev 0 function 2 "ServerWorks CNB20HE Host" rev 0x01
pchb3 at pci0 dev 0 function 3 "ServerWorks CNB20HE Host" rev 0x01
pci3 at pchb3 bus 1
bge0 at pci3 dev 8 function 0 "Broadcom BCM5700" rev 0x12, BCM5700 B2
(0x7102): apic 3 int 1 (irq 10), address 00:06:5b:3b:61:28
brgphy0 at bge0 phy 1: BCM5401 10/100/1000baseT PHY, rev. 3
gdt0 at pci0 dev 4 function 0 "Vortex GDT6x18RD" rev 0x00: apic 3 in

Openbsd 4.3 ar5006eg wireless

[romeofx romeofx]

i had atheros ar5006eg wireless card
[bsd] # ifconfig ath0
ath0: flags=8822 mtu 1500
lladdr xx:xx:xx:xx:xx:xx
groups: wlan
media: IEEE802.11 autoselect
status: no network
ieee80211: nwid ""
and dmesg
[bsd] # dmesg |grep ath0
ath0 at pci2 dev 0 function 0 "Atheros AR5424" rev 0x01: irq 10
ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR5_ETSIC, address xx:xx:xx:xx:xx:xx
my wireless is doesnt work :(

and i was search about that on google be first i found somethings

http://blog.chinaunix.net/u/184/showart_474722.html

cd madwifi-ng-r2756+ar5007/hal
cp -R * /usr/src/sys/contrib/dev/ath/

they was do that with freebsd... how i can do that on openbsd ?

i am looking everywhere for fix that i think it is about hal prob, i am
waiting here i hope i will get help from here

Panic booting 4.3/amd64 after install

[Don Jackson]

I just installed 4.3 on a machine, a clean install (not an upgrade).

Here is what happens when I attempt to boot after the install
finishes, any advice?

booting hd0a:/bsd: 4411696+1062081+747032+0+557080 [80+389616+243431]=0xb12c40
entry point at 0x1001e0 [7205c766, 3404, 24448b12, 9ba0a304]??[
using 633896 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2008 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 4.3 (GENERIC) #1368: Wed Mar 12 11:05:31 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 2147020800 (2047MB)
avail mem = 2073399296 (1977MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf9830 (63 entries)
bios0: vendor American Megatrends Inc.V2.05 version "080010" date 05/23/2006
bios0: TYAN S2881 Thunder K8SR Mainboard
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP OEMB ASF!
acpi0: wakeup devices PCI1(S4) USB0(S4) USB1(S4) PS2K(S1) PS2M(S1)
UAR1(S1) UAR2(S1) GOLA(S4) GLAN(S4) GOLB(S4) SMBC(S4) AC97(S4)
MODM(S4) PWRB(S1)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 3 (PCI1)
acpiprt2 at acpi0: bus 2 (GOLA)
acpiprt3 at acpi0: bus 1 (GOLB)
acpicpu0 at acpi0: PSS
index.buf out of bounds: 255/21

1337 Called: \_SB_.PCI0.SBRG.CGLD
  arg0:  0x80008020 cnt:01 stk:00 objref: 0x8004a908
index:
 [\_SB_.PCI0.SBRG.LDN_] 0x8004a908 cnt:01 stk:00 field:
bitpos=0038 bitlen=0008 ref1:4ac08 ref2:4ab08 [IndexField]
 [\_SB_.PCI0.SBRG.INDX] 0x8004ac08 cnt:19 stk:00 field:
bitpos= bitlen=0008 ref1:4ae08 ref2:0 [Field]
 [\_SB_.PCI0.SBRG.IOID] 0x8004ae08 cnt:03 stk:00 opregion: 01,002e,2
 [\_SB_.PCI0.SBRG.DATA] 0x8004ab08 cnt:19 stk:00 field:
bitpos=0008 bitlen=0008 ref1:4ae08 ref2:0 [Field]
 [\_SB_.PCI0.SBRG.IOID] 0x8004ae08 cnt:03 stk:00 opregion: 01,002e,2
1105 Called: \_SB_.PCI0.SBRG.ENFG
  arg0:  0x80008520 cnt:01 stk:00 objref: 0x8004b288
index:
 [\_SB_.PCI0.SBRG.CGLD] 0x8004b288 cnt:01 stk:00 method: 01
1146 Called: \_SB_.PCI0.SBRG.UHID
  arg0:  0x80008320 cnt:01 stk:00 integer: 1
0b0e Called: \_SB_.PCI0.SBRG.UAR2._HID
panic: aml_die aml_derefvalue:1407
Stopped at  Debugger+0x5:   leave
Debugger() at Debugger+0x5
panic() at panic+0x12a
_aml_die() at _aml_die+0xdc
aml_derefvalue() at aml_derefvalue+0x271
aml_evalterm() at aml_evalterm+0x32
aml_parseterm() at aml_parseterm+0x4d
aml_parseref() at aml_parseref+0x2b9
aml_parseop() at aml_parseop+0xf9
aml_parseterm() at aml_parseterm+0x3f
aml_callmethod() at aml_callmethod+0x3a
end trace frame: 0x80c18310, count: 0
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> trace
Debugger() at Debugger+0x5
panic() at panic+0x12a
_aml_die() at _aml_die+0xdc
aml_derefvalue() at aml_derefvalue+0x271
aml_evalterm() at aml_evalterm+0x32
aml_parseterm() at aml_parseterm+0x4d
aml_parseref() at aml_parseref+0x2b9
aml_parseop() at aml_parseop+0xf9
aml_parseterm() at aml_parseterm+0x3f
aml_callmethod() at aml_callmethod+0x3a
aml_evalmethod() at aml_evalmethod+0x59
aml_derefvalue() at aml_derefvalue+0x7e
aml_derefvalue() at aml_derefvalue+0x11c
aml_derefvalue() at aml_derefvalue+0x11c
aml_evalterm() at aml_evalterm+0x32
aml_parseterm() at aml_parseterm+0x4d
aml_parseref() at aml_parseref+0x127
aml_parseop() at aml_parseop+0xf9
aml_parseterm() at aml_parseterm+0x3f
aml_callmethod() at aml_callmethod+0x3a
aml_evalmethod() at aml_evalmethod+0x59
aml_derefvalue() at aml_derefvalue+0x7e
aml_derefvalue() at aml_derefvalue+0x11c
aml_evalterm() at aml_evalterm+0x32
aml_parseterm() at aml_parseterm+0x4d
aml_parseif() at aml_parseif+0xa3
aml_parseop() at aml_parseop+0xf9
aml_parseterm() at aml_parseterm+0x3f
aml_callmethod() at aml_callmethod+0x3a
aml_evalmethod() at aml_evalmethod+0x59
aml_derefvalue() at aml_derefvalue+0x7e
aml_derefvalue() at aml_derefvalue+0x11c
aml_evalterm() at aml_evalterm+0x32
aml_parseterm() at aml_parseterm+0x4d
aml_parseref() at aml_parseref+0x2b9
aml_parseop() at aml_parseop+0xf9
aml_parseterm() at aml_parseterm+0x3f
aml_callmethod() at aml_callmethod+0x3a
aml_evalmethod() at aml_evalmethod+0x59
aml_evalnode() at aml_evalnode+0xe0
acpi_foundhid() at acpi_foundhid+0x29
aml_find_node() at aml_find_node+0x88
aml_find_node() at aml_find_node+0x7d
aml_find_node() at aml_find_node+0x7d
aml_find_node() at aml_find_node+0x7d
aml_find_node() at aml_find_node+0x7d
acpi_attach() at acpi_attach+0x4cc
config_attach() at config_attach+0x11b
bios_attach() at bios_attach+0xf3
config_attach() at config_attach+0x11b
mainbus_attach() at mainbus_attach+0x5a
config_attach() at config_attach+0x11b
cpu_configure() at cpu_configure+0x1c
main() at main+0x3b2
end trace frame: 0x0, count: -54
ddb> ps
   PID   PPID   PGRPUID  S   FLAGS  WAI

Re: ipsec home network to colo server

[Lord Sporkton]

2008/5/14 Lord Sporkton <[EMAIL PROTECTED]>:
> 2008/5/14 scott learmonth <[EMAIL PROTECTED]>:
>>> On Tue, May 13, 2008 at 5:41 PM, Lord Sporkton <[EMAIL PROTECTED]>
>>> wrote:
 I am trying to set up a ipsec link between my home network(private ip
  network behind dynamic public ip)
  and my colo server(single public static ip). I was a bit unclear on
  how to set up a tunnel between a static
  and dynamic ip

  interesting traffic:
  208.70.72.13 -> 10.0.0.0/16


  My sad seems to set up ok, however afterward i get no flows and can not
 pass
  data, ive checked out logs, and ipsecctl -m, but see nothing of use.

  Below is data i believe relevant, if anything else is requested i will
  do my best to post it back in a timely fashion
  thank you


  colo server:

  # uname -a
  OpenBSD angie.sporkton.com 4.3 GENERIC#846 i386
  # cat /etc/ipsec.conf

  ike passive from 208.70.72.13 to 10.0.0.0/16 \
 aggressive auth hmac-sha1 enc 3des group modp1024   \
 quick auth hmac-sha1 enc 3des \
 srcid "angie.sporkton.com" dstid "fire.sporkton.com" \
 psk "password"
  # ipsecctl -sa
  FLOWS:
  No flows

  SAD:
  esp tunnel from 67.159.171.204 to 208.70.72.13 spi 0x26974f0d auth
  hmac-sha1 enc 3des-cbc
  esp tunnel from 208.70.72.13 to 67.159.171.204 spi 0xeac5bef2 auth
  hmac-sha1 enc 3des-cbc
  #

  ipsecctl -m output:

  sadb_getspi: satype esp vers 2 len 10 seq 9 pid 7557
 address_src: 67.159.171.204
 address_dst: 208.70.72.13
 spirange: min 0x0100 max 0x
  sadb_getspi: satype esp vers 2 len 10 seq 9 pid 7557
 sa: spi 0x581ea1f0 auth none enc none
 state mature replay 0 flags 0
 address_src: 67.159.171.204
 address_dst: 208.70.72.13
  sadb_add: satype esp vers 2 len 50 seq 10 pid 7557
 sa: spi 0xe4968f00 auth hmac-sha1 enc 3des-cbc
 state mature replay 16 flags 4
 lifetime_hard: alloc 0 bytes 0 add 1200 first 0
 lifetime_soft: alloc 0 bytes 0 add 1080 first 0
 address_src: 208.70.72.13
 address_dst: 67.159.171.204
 key_auth: bits 160: e7ee5eafe49c95cafc506ba1ba6c174a584e4859
 key_encrypt: bits 192:
 65c174f84e389d2022ffbf9c1f152348d7b7f708ef757014
 identity_src: type fqdn id 0: angie.sporkton.com
 identity_dst: type fqdn id 0: fire.sporkton.com
 src_mask: 255.255.255.255
 dst_mask: 255.255.0.0
 protocol: proto 0 flags 0
 flow_type: type unknown direction out
 src_flow: 208.70.72.13
 dst_flow: 10.0.0.0
  sadb_add: satype esp vers 2 len 42 seq 10 pid 7557
 sa: spi 0xe4968f00 auth hmac-sha1 enc 3des-cbc
 state mature replay 16 flags 4
 lifetime_hard: alloc 0 bytes 0 add 1200 first 0
 lifetime_soft: alloc 0 bytes 0 add 1080 first 0
 address_src: 208.70.72.13
 address_dst: 67.159.171.204
 identity_src: type fqdn id 0: angie.sporkton.com
 identity_dst: type fqdn id 0: fire.sporkton.com
 src_mask: 255.255.255.255
 dst_mask: 255.255.0.0
 protocol: proto 0 flags 0
 flow_type: type unknown direction out
 src_flow: 208.70.72.13
 dst_flow: 10.0.0.0
  sadb_update: satype esp vers 2 len 50 seq 11 pid 7557
 sa: spi 0x581ea1f0 auth hmac-sha1 enc 3des-cbc
 state mature replay 16 flags 4
 lifetime_hard: alloc 0 bytes 0 add 1200 first 0
 lifetime_soft: alloc 0 bytes 0 add 1080 first 0
 address_src: 67.159.171.204
 address_dst: 208.70.72.13
 key_auth: bits 160: c2beffabe156d0dbaca586e730694a4ff3cc4ef5
 key_encrypt: bits 192:
 496cd320b35638d36dd8f899b8ce76c150840092db466715
 identity_src: type fqdn id 0: fire.sporkton.com
 identity_dst: type fqdn id 0: angie.sporkton.com
 src_mask: 255.255.0.0
 dst_mask: 255.255.255.255
 protocol: proto 0 flags 0
 flow_type: type unknown direction in
 src_flow: 10.0.0.0
 dst_flow: 208.70.72.13
  sadb_update: satype esp vers 2 len 42 seq 11 pid 7557
 sa: spi 0x581ea1f0 auth hmac-sha1 enc 3des-cbc
 state mature replay 16 flags 4
 lifetime_hard: alloc 0 bytes 0 add 1200 first 0
 lifetime_soft: alloc 0 bytes 0 add 1080 first 0
 address_src: 67.159.171.204
 address_dst: 208.70.72.13
 identity_src: type fqdn id 0: fire.sporkton.com
 identity_dst: type fqdn id 0: angie.sporkton.com
 src_mask: 

Patch for FAQ 7.3

[Mark Zimmerman]

OK, enough whining about this. Here is a suggested patch for FAQ 7.3
if anyone wants it:


Index: www/faq/faq7.html
===
RCS file: /cvs/www/faq/faq7.html,v
retrieving revision 1.78
diff -u -r1.78 faq7.html
--- www/faq/faq7.html   1 Mar 2008 11:31:08 -   1.78
+++ www/faq/faq7.html   15 May 2008 15:34:38 -
@@ -105,9 +105,37 @@
 7.3 - Clearing the console each time a user logs out.
 
 
-To do this you must add a line in 
+To do this you must modify the stanza in 
+http://www.openbsd.org/cgi-bin/man.cgi?query=gettytab&sektion=5";>/etc/gettytab(5)
+that refers to your console.
+
+First, look at the console line in
+http://www.openbsd.org/cgi-bin/man.cgi?query=ttys&sektion=5";>/etc/ttys(5)
+to determine the argument passed to
+http://www.openbsd.org/cgi-bin/man.cgi?query=getty&sektion=8";>getty(8).
+Starting with version 4.3, this is likely to be "std.9600". 
"Pc" was used in older
+releases.
+
+Then, append the string ":cl=\E[H\E[2J:" to the appropriate
+entry in
 http://www.openbsd.org/cgi-bin/man.cgi?query=gettytab&sektion=5";>/etc/gettytab(5).
-Change the current section:
+For example,
+
+
+2|std.9600|9600-baud:\
+:sp#9600:
+
+
+
+becomes
+
+
+2|std.9600|9600-baud:\
+:sp#9600:cl=\E[H\E[2J:
+
+
+
+or, for older releases:
 
 
 P|Pc|Pc console:\
@@ -115,14 +143,15 @@
 
 
 
-adding the line ":cl=\E[H\E[2J:" at the end, so that
-it ends up looking like this:
+becomes
 
 
 P|Pc|Pc console:\
-:np:sp#9600:\
-   :cl=\E[H\E[2J:
+:np:sp#9600:cl=\E[H\E[2J:
 
+
+
+This is not guaranteed to work on all architectures and hardware.
 
 
 

ahci0 can't see SATA DVD: "atascsi_atapi_cmd_done, timeout"

[Matthew L. Shobe]

Hello,

With the BIOS's compatibility mode disabled, the -current ahci0 has
trouble finding my DVD on a cold boot. Linux can see it, however.

Exerpts first:

Cold boot, compatibility mode disabled:

ahci0 at pci0 dev 31 function 2 "Intel 82801H AHCI" rev 0x02: apic 2 int 19 
(irq 11), AHCI 1.1
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct fixed
sd0: 476940MB, 60801 cyl, 255 head, 63 sec, 512 bytes/sec, 976773168 sec total
ahci0: stopping the port, softreset slot 2 was still active.
atascsi_atapi_cmd_done, timeout
ahci0: stopping the port, softreset slot 4 was still active.
atascsi_atapi_cmd_done, timeout
ahci0: stopping the port, softreset slot 6 was still active.
atascsi_atapi_cmd_done, timeout

Warm boot, switching to compatibility mode:

pciide1 at pci0 dev 31 function 2 "Intel 82801H SATA" rev 0x02: DMA, channel 0 
configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 2 int 19 (irq 11) for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 476940MB, 976773168 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide1 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI 5/cdrom 
removable
cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5

Second warm boot, compatibility mode disabled again:

ahci0 at pci0 dev 31 function 2 "Intel 82801H AHCI" rev 0x02: apic 2 int 19 
(irq 11), AHCI 1.1
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct fixed
sd0: 476940MB, 60801 cyl, 255 head, 63 sec, 512 bytes/sec, 976773168 sec total
cd0 at scsibus0 targ 1 lun 0:  ATAPI 5/cdrom 
removable

There it is! Something about this sequence makes ahci0 happy, because
this is the only way I can get it to see the DVD. Any ideas or
cluebats?

Full dmesgs:

Cold boot, compatibility mode disabled:

OpenBSD 4.3-current (GENERIC.MP) #31: Tue May 13 06:18:09 PDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3462197248 (3301MB)
avail mem = 3347341312 (3192MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe32f0 (39 entries)
bios0: vendor Intel Corp. version "MQ96510J.86A.1709.2007.1010.1926" date 
10/10/2007
bios0: Intel Corporation DG965RY
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC WDDT MCFG ASF! HPET SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S4) UAR2(S4) ILAN(S4) PEGP(S4) 
PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) UHC1(S3) UHC2(S3) 
UHC3(S3) UHC4(S3) EHCI(S3) EHC2(S3) UH42(S3) UHC5(S3) AZAL(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2397.88 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 266MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2397.61 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 4MB 64b/line 16-way L2 cache
ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 6 (P32_)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus 2 (PEX1)
acpiprt4 at acpi0: bus 3 (PEX2)
acpiprt5 at acpi0: bus 4 (PEX3)
acpiprt6 at acpi0: bus 5 (PEX4)
acpiprt7 at acpi0: bus -1 (PEX5)
acpicpu0 at acpi0: FVS, 2394, 1596 MHz
acpicpu1 at acpi0: FVS, 2394, 1596 MHz
acpibtn0 at acpi0: SLPB
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "Intel 82G965 Host" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82G965 Video" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: aperture at 0xd000, size 0x1000
"Intel 82G965 Video" rev 0x02 at pci0 dev 2 function 1 not configured
"Intel 82G965 HECI" rev 0x02 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel ICH8 IGP C" rev 0x02: apic 2 int 20 (irq 
9), address 00:19:d1:70:4d:73
uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: apic 2 int 16 (irq 
11)
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: apic 2 int 21 (irq 
10)
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: apic 2 int 18 (irq 
11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 82801H HD Audio" rev 0x02: apic 2 int 
22 (irq 9)
azalia0: codec[s]: Sigmatel/0x7618
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x02: apic 2 int 17 (irq 
255)
pci1 at ppb

Re: ppp adds default route when nobody asks it to

[Denis Doroshenko]

On Thu, May 15, 2008 at 5:05 PM, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> On Thu, May 15, 2008 at 01:20:02PM +0300, Denis Doroshenko wrote:
>
>> that's it. but when i run ppp and issue "dial mobile" it connects and
>> adds a default route:
>>
>> $ netstat -rnf inet
>> Routing tables
>>
>> Internet:
>> DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
>> default212.47.101.26  UH 00 - 4 tun0
>> default10.19.255.126  UGS1   12 - 4 ath0
>> ...
>>
>> why does it do that? manual and google say that it would do that in
>> case appropriate ppp.conf section included something like:
>>
>> add default HISADDR
>>
>> but in my case i don't want ppp to add a default route! not that there
>> is no ppp.linkup and ppp.linkdown as well. this route is also tough
>> enough to remove:
>>
>> # route delete default 212.47.101.26
>> route: writing to routing socket: No such process
>> delete net default: gateway 212.47.101.26: not in table
>> #
>>
>> may be somebody has seen this before and knows how to say to ppp to
>> stay away from the routing table?
>
> Try adding the nodefaultroute option.  I agree that it shouldn't happen
> if you don't specify the defaultroute option.

are you sure you're talking about ppp(8) and not pppd(8). AFAIK,
nodefaultroute is an option of pppd(8).

Re: ppp adds default route when nobody asks it to

[Douglas A. Tutty]

On Thu, May 15, 2008 at 01:20:02PM +0300, Denis Doroshenko wrote:
 
> that's it. but when i run ppp and issue "dial mobile" it connects and
> adds a default route:
> 
> $ netstat -rnf inet
> Routing tables
> 
> Internet:
> DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
> default212.47.101.26  UH 00 - 4 tun0
> default10.19.255.126  UGS1   12 - 4 ath0
> ...
> 
> why does it do that? manual and google say that it would do that in
> case appropriate ppp.conf section included something like:
> 
> add default HISADDR
> 
> but in my case i don't want ppp to add a default route! not that there
> is no ppp.linkup and ppp.linkdown as well. this route is also tough
> enough to remove:
> 
> # route delete default 212.47.101.26
> route: writing to routing socket: No such process
> delete net default: gateway 212.47.101.26: not in table
> #
> 
> may be somebody has seen this before and knows how to say to ppp to
> stay away from the routing table?

Try adding the nodefaultroute option.  I agree that it shouldn't happen
if you don't specify the defaultroute option.

doug.

Re: Debian libssl security (OpenSSH safe?)

[Douglas A. Tutty]

On Thu, May 15, 2008 at 12:53:06AM +, Jussi Peltola wrote:
> On Wed, May 14, 2008 at 05:30:18PM -0700, Ben Calvert wrote:
> > On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
> > >On Thu, May 15, 2008 at 01:45:51AM +0200, raven wrote:
 
> > do people actually allow remote root access ?  for more than 5 minutes  
> > after install?
> 
> Too many people still use SSH public keys for root in automated scripts.
> Besides, cracking your normal user account can result in just as bad
> consequences as cracking the root account, especially if you su or sudo
> to root...
> 

Remember that in linux/debian, files don't inheret the ownership of the
directory into which they are placed.  Therefore, e.g for copying backup
files from one box to another with rsync, if a normal user does it
(assuming that user has write permission to, e.g. on debian
/var/local/backup, then the files end up owned by that user.  The user
can't change the ownership to root.  This may not seem like a huge
problem for e.g. tarballs that protect the ownership and permissions of
files but for regular files, eg copies from /etc, then its an issue.
Also, during restore, if that uid is either not the same user or no user
at all, things can get interesting.

Better to have root have ssh access to the backup repository box for
rsyncing the backups.

Root has to do the backups since debian packages don't come set up for
"operator" to be able to read otherwise unreadable files.

Doug.

Re: pf-nat help

[Jason Dixon]

On May 15, 2008, at 9:00 AM, Gregory Edigarov wrote:



are you sure your pf is enabled?
pfctl -e



And make sure you've actually run "sysctl -w  
net.inet.ip.forwarding=1", not just edited the sysctl.conf file.


---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: Debian libssl security (OpenSSH safe?)

[Darrin Chandler]

On Thu, May 15, 2008 at 05:44:32PM +0800, Tim Post wrote:
> On Thu, 2008-05-15 at 10:02 +0100, Dave Ewart wrote:
> 
> > Debian (and thus also Ubuntu) have released updated openssh packages
> > which include a new tool called ssh-vulnkey which can be used to check
> > the running system[1] for vulnerable keys: ssh-vulnkey works similarly
> > to the Perl script in the Debian announcement. 
> 
> That is not 100% effective (afiak). Its still advised that you toss any
> key that you are not 100% certain came from a non-effected system for
> every user.
> 
> They can always go back in once your sure that they are safe.

Can you explain why that's not effective? Do you know ssh-vulnkey (or
the Perl script) does not reliably detect bad keys?

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

build a release

[banana split]

hi all,

slowly by slowly I'm approaching to openbsd.
I've made some humble progress in this last month and I've a couple of
questions concerning the building the system from sources.

1)
the $RELEASEDIR is filled with *.tgz after issued the make release but I have
these (ignored) errors at the end:

.
cd /usr/src/etc/../distrib/sets && exec  sh maketars 43
base: done.
comp: done.
etc: done.
game: done.
man: done.
misc: done.
cp /usr/dest/snapshot/*bsd* /usr/rel
cp /usr/dest/snapshot/*boot* /usr/rel
cp /usr/dest/snapshot/cdbr /usr/rel
cp /usr/dest/snapshot/*BOOT* /usr/rel
cp: /usr/dest/snapshot/*BOOT*: No such file or directory
*** Error code 1 (ignored)
cp /usr/dest/snapshot/cd*.iso /usr/rel
cp /usr/dest/snapshot/Packages /usr/rel
cp: /usr/dest/snapshot/Packages: No such file or directory
*** Error code 1 (ignored)
cp /usr/dest/snapshot/INSTALL.* /usr/rel
cp /usr/dest/snapshot/*.fs /usr/dest/snapshot/*.fs.gz /usr/rel
cp: /usr/dest/snapshot/*.fs.gz: No such file or directory
*** Error code 1 (ignored)
cd /usr/rel;  md5 *bsd!(*.gz) *boot* cdbr *BOOT* INSTALL.* Packages *.fs
*.iso *.gz *.tgz > MD5
md5: cannot open *BOOT*: No such file or directory
md5: cannot open Packages: No such file or directory
md5: cannot open *.gz: No such file or directory
cd /usr/rel && sort -o MD5 MD5

(ignored): any explanation is welcomed

2)
after made the release I clean all the stuff around in the following way:

rm $RELEASEDIR
rm $DESTDIR
rm -rf /usr/obj/*
cd /usr/src && make clean

is it correct?

thank you.

Re: pf-nat help

[Gregory Edigarov]

Jesus Sanchez wrote:

Gregory Edigarov escribis:

Jesus Sanchez wrote:

Hi, I'm using OpenBSD 4.2.

I'm triying to get a very unsafe-simple ruleset to make a nat between a
laptop and my OpenBSD box. From my OpenBSD box I have two nics:

OpenBSD box:
rl0 (witch gets a IP from dhcp and gets to the internet via ADSL)
sk0 (directly connected to the laptop via one cable)

I seted the int_if ip statically as 192.168.1.1 (the laptop have 
asigned

192.168.1.2 and they see each other without problem, and I can do FTP
transfers and stuff like that)

I have set the sysctl net.inet.ip.forwarding=1

my pf.conf  (very unsafe and very simple, only to try this)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

ext_if = "rl0"
int_if = "sk0"
localnetwork = "${int_if}:network"

scrub in all

nat on $ext_if from $localnetwork to any -> (ext_if)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

then I make on the laptop (wich uses rl0):

ifconfig rl0 inet 192.168.1.2

but in the laptop I don't have internet at all, it see the OpenBSD
box as 192.168.1.1 but nothing more.

What I'm doing wrong?

Thanks for your time
-Jesus



nat pass on $ext_if from $localnetwork to any -> (ext_if)


or, add these two lines to the end of your pf.conf:
block all
pass all


I tried that and still same thing. Nothing changes with theese rules.


are you sure your pf is enabled?
pfctl -e

--
With best regards,
Gregory Edigarov

Re: pf-nat help

[Jason Dixon]

On May 15, 2008, at 8:09 AM, Jesus Sanchez wrote:

Hi, I'm using OpenBSD 4.2.

I'm triying to get a very unsafe-simple ruleset to make a nat  
between a

laptop and my OpenBSD box. From my OpenBSD box I have two nics:

OpenBSD box:
rl0 (witch gets a IP from dhcp and gets to the internet via ADSL)
sk0 (directly connected to the laptop via one cable)

I seted the int_if ip statically as 192.168.1.1 (the laptop have  
asigned

192.168.1.2 and they see each other without problem, and I can do FTP
transfers and stuff like that)

I have set the sysctl net.inet.ip.forwarding=1

my pf.conf  (very unsafe and very simple, only to try this)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

ext_if = "rl0"
int_if = "sk0"
localnetwork = "${int_if}:network"

scrub in all

nat on $ext_if from $localnetwork to any -> (ext_if)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

then I make on the laptop (wich uses rl0):

ifconfig rl0 inet 192.168.1.2

but in the laptop I don't have internet at all, it see the OpenBSD
box as 192.168.1.1 but nothing more.

What I'm doing wrong?



ext_if = "rl0"
int_if = "sk0"

scrub in all

nat on $ext_if from $int_if:network to any -> ($ext_if)


Read the PF FAQ and pf.conf(5).  Your use of macros is very broken.  I  
think you're confusing it with shell syntax.


---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: pf-nat help

[Jesus Sanchez]

Gregory Edigarov escribis:

Jesus Sanchez wrote:

Hi, I'm using OpenBSD 4.2.

I'm triying to get a very unsafe-simple ruleset to make a nat between a
laptop and my OpenBSD box. From my OpenBSD box I have two nics:

OpenBSD box:
rl0 (witch gets a IP from dhcp and gets to the internet via ADSL)
sk0 (directly connected to the laptop via one cable)

I seted the int_if ip statically as 192.168.1.1 (the laptop have asigned
192.168.1.2 and they see each other without problem, and I can do FTP
transfers and stuff like that)

I have set the sysctl net.inet.ip.forwarding=1

my pf.conf  (very unsafe and very simple, only to try this)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

ext_if = "rl0"
int_if = "sk0"
localnetwork = "${int_if}:network"

scrub in all

nat on $ext_if from $localnetwork to any -> (ext_if)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

then I make on the laptop (wich uses rl0):

ifconfig rl0 inet 192.168.1.2

but in the laptop I don't have internet at all, it see the OpenBSD
box as 192.168.1.1 but nothing more.

What I'm doing wrong?

Thanks for your time
-Jesus



nat pass on $ext_if from $localnetwork to any -> (ext_if)


or, add these two lines to the end of your pf.conf:
block all
pass all


I tried that and still same thing. Nothing changes with theese rules.

Thanks for your time
-Jesus

Re: pf-nat help

[Girish Venkatachalam]

On 14:09:57 May 15, Jesus Sanchez wrote:
>
> nat on $ext_if from $localnetwork to any -> (ext_if)
>

How about changing this line to read

 nat on $ext_if from $localnetwork to any -> ($ext_if:0)

-Girish

xfce4 Terminal very slow - A workaround

[Josh]

Hello,

I just experienced a bad problem with xfce's Terminal behaving very 
slowly in xfce 4.4.2 on openbsd 4.3 whenever it was resized, or had to 
be re-drawn (ie, switching workspaces).


In xorg.conf, I put this:

Section "Extensions"
Option  "Composite" "Disable"
EndSection

(If you don't already have an xorg.conf, then try running X --config to 
make one)


And that fixed it for me, now its nice and fast. It appears to be a bug 
in Terminal.


Cheers,
Josh

Re: Debian libssl security (OpenSSH safe?)

[Stuart Henderson]

On 2008-05-15, Ben Calvert <[EMAIL PROTECTED]> wrote:
> and it only applies if you're using keys _without_passphrase_.

Passphrases protect your on-disk copy of the key. The key can be
re-encrypted with a different key, or decrypted and written out, it's
still the same key. If you "ssh-keygen -p", you don't need to change
authorized_keys files on all the hosts where your key is listed.

The metasploit generated keys are obviously not encrypted, so there
are sets of private keys floating round for each of 1Kb DSA, 2Kb and
now 4Kb RSA...

> do people actually allow remote root access ?  for more than 5 minutes  
> after install?

Yes, though "PermitRootLogin without-password" is not uncommon, so that
those pesky insecure passwords can't be used, only allowing the nice
secure private keys instead. Oh wait...

Anyone know if it's possible to require more than one type of
authentication, e.g. _both_ password and key-based? I didn't see a
way, but may have missed something.

pf-nat help

[Jesus Sanchez]

Hi, I'm using OpenBSD 4.2.

I'm triying to get a very unsafe-simple ruleset to make a nat between a
laptop and my OpenBSD box. From my OpenBSD box I have two nics:

OpenBSD box:
rl0 (witch gets a IP from dhcp and gets to the internet via ADSL)
sk0 (directly connected to the laptop via one cable)

I seted the int_if ip statically as 192.168.1.1 (the laptop have asigned
192.168.1.2 and they see each other without problem, and I can do FTP
transfers and stuff like that)

I have set the sysctl net.inet.ip.forwarding=1

my pf.conf  (very unsafe and very simple, only to try this)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

ext_if = "rl0"
int_if = "sk0"
localnetwork = "${int_if}:network"

scrub in all

nat on $ext_if from $localnetwork to any -> (ext_if)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

then I make on the laptop (wich uses rl0):

ifconfig rl0 inet 192.168.1.2

but in the laptop I don't have internet at all, it see the OpenBSD
box as 192.168.1.1 but nothing more.

What I'm doing wrong?

Thanks for your time
-Jesus

ppp adds default route when nobody asks it to

[Denis Doroshenko]

hi,

i hit a strange thing. my ppp.conf is short:

default:
 set log Phase Chat LCP IPCP CCP tun command
 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK
ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"

mobile:
 set device /dev/ttyU0
 set dial "ABORT ERROR ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
   \"\" ATZ OK-ATZ-OK AT+CGDCONT=1,\\\"IP\\\",\\\"internet\\\"
OK \\dATD\\T TIMEOUT 40 CONNECT"
 set phone "*99#"
 set speed 460800
 set timeout 0

that's it. but when i run ppp and issue "dial mobile" it connects and
adds a default route:

$ netstat -rnf inet
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default212.47.101.26  UH 00 - 4 tun0
default10.19.255.126  UGS1   12 - 4 ath0
...

why does it do that? manual and google say that it would do that in
case appropriate ppp.conf section included something like:

add default HISADDR

but in my case i don't want ppp to add a default route! not that there
is no ppp.linkup and ppp.linkdown as well. this route is also tough
enough to remove:

# route delete default 212.47.101.26
route: writing to routing socket: No such process
delete net default: gateway 212.47.101.26: not in table
#

may be somebody has seen this before and knows how to say to ppp to
stay away from the routing table?

thanks!

Re: Debian libssl security (OpenSSH safe?)

[Tim Post]

On Thu, 2008-05-15 at 10:02 +0100, Dave Ewart wrote:

> Debian (and thus also Ubuntu) have released updated openssh packages
> which include a new tool called ssh-vulnkey which can be used to check
> the running system[1] for vulnerable keys: ssh-vulnkey works similarly
> to the Perl script in the Debian announcement. 

That is not 100% effective (afiak). Its still advised that you toss any
key that you are not 100% certain came from a non-effected system for
every user.

They can always go back in once your sure that they are safe.

> I believe the original assessment was correct: *all* systems running SSH
> ought to check for these vulnerable keys, not just those systems running
> Debian or derivatives. 

Correct, It is a user propagated issue. Its best to just chuck all keys
for now and put them back as you're sure that they did not come from a
buggy keygen.

>  Yes, it's Debian's "fault", but we all have to
> manage the consequences.

Shit happens :)

-- 
Monkey + Typewriter = Echoreply ( http://echoreply.us )

Re: Debian libssl security (OpenSSH safe?)

[Dave Ewart]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thursday, 15.05.2008 at 07:11 +0200, Otto Moerbeek wrote:

> On Wed, May 14, 2008 at 07:43:25PM -0700, Darrin Chandler wrote:
> 
> > On Wed, May 14, 2008 at 10:22:11PM -0400, Ted Unangst wrote:
> > > On 5/14/08, Ben Calvert <[EMAIL PROTECTED]> wrote:
> > > > On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
> > > > > Are you sure that's a decent analysis? If you have a
> > > > > non-debian system with the full number of keys available, what
> > > > > are the chances that you've landed on one of the 32767 keys?
> > > > > Not very likely. So that analysis seems alarmist and
> > > > > sensational to me.
> > > 
> > > Because nobody would ever run ssh-keygen on their ubuntu desktop
> > > and copy that to authorized_keys on another computer.
> > 
> > Sure. Lots of those keys out there already. So is something like
> > ssh-vulnkey the right approach? I do have a couple of users on one
> > of my boxes. Mind, they're all good OpenBSD people and I really hope
> > their keys didn't come from a debian box. It'll be nice to find out
> > that the keys are ok.
> 
> You can use the perl script in the debian announcement to check host
> keys and user keys. 

For info

Debian (and thus also Ubuntu) have released updated openssh packages
which include a new tool called ssh-vulnkey which can be used to check
the running system[1] for vulnerable keys: ssh-vulnkey works similarly
to the Perl script in the Debian announcement.  The package has also had
an additional option added to sshd_config which blacklists (i.e. stops
use of) these vulnerable keys.  Once updated, Debian and Ubuntu systems
will reject connections based on these vulnerable keys.

One of my machines at home is an Ubuntu laptop and my OpenBSD box had a
copy of its public key in ~/.ssh/authorized_keys so that logging into it
is simpler from the laptop - if this box were exposed to the world, then
it would only take 32,000 attempts to get into it, if my username is
known.  I've removed the vulnerable public key from the OpenBSD box now.

I believe the original assessment was correct: *all* systems running SSH
ought to check for these vulnerable keys, not just those systems running
Debian or derivatives.  Yes, it's Debian's "fault", but we all have to
manage the consequences.  If only Debian and Ubuntu's openssh is
updated, then they will be *more* secure than non-updated OpenBSD,
Solaris, Red Hat Linux etc.

Cheers,

Dave.

[1] It checks host keys and also the contents of authorized_keys

- -- 
Dave Ewart
iD8DBQFIK/wbbpQs/WlN43ARAnKvAJ4pYbbhW4pCYvp7hqApTCqr43BWmwCg864Q
xBTY5bfIl4KLiSsYsDMplS8=
=5mhX
-END PGP SIGNATURE-

Re: All memory not recognized (4GB) - AMD64 Snapshot, Macbook 3,1

[Clint Pachl]

alemao wrote:

Hi,

I installed OpenBSD/amd64 snapshot on a Macbook 3,1 (Late 2007).
It recognizes both processors but not all memory (3GB instead of 4).
There's something i can do?
  


No. Read the archives or Google it.

Re: geom network driver times out on sparc 4.2?

[Sevan / Venture37]

> And dumb me, I didn't consider OBP as helping the install too.
> So the questions remain if I can install OBP without Solaris, and if I'll
have to crack open the case.
> I'll see...

>From the OBP update page:
"Note 1: This utility is *not* OS-dependent.  The list of releases shown under
the
   "Solaris Release" and "SunOS Release" sections may not be complete:
The
   absence of a valid Solaris Release or SunOS  Release from the lists
above
   does not preclude the installation of this patch against the
hardware."



_
Be a Hero and Win with Iron Man
http://clk.atdmt.com/UKM/go/msnnkmgl001009ukm/direct/01/