Re: Can't SSH into CARP'd system from the outside

2008-10-19 Thread Girish Venkatachalam 
On 21:26:51 Oct 18, Vivek Ayer wrote:
 
 [demime 1.01d removed an attachment of type application/octet-stream which 
 had a name of pf.conf]
 
 [demime 1.01d removed an attachment of type application/x-trash which had a 
 name of pf.conf.BAK]
 

This list does not allow attachments.

You can either copy paste them into the mail text or use a mail client
like mutt.

-Girish

Re: Can't SSH into CARP'd system from the outside

2008-10-19 Thread Girish Venkatachalam 
On 22:45:49 Oct 18, Vivek Ayer wrote:
 Actually, I feel kind of stupid for asking the question. Of course you
 can never ssh into the virtual carp interface, which is what I was
 trying to do. SSHing into the physical interface still works no
 problem. Then again, it would be Yay..CARP is working 100%.
 

You can of course use the CARP virtual interface. In fact you are
supposed to use that if you setup CARP. ;)

 The only thing you can do to the CARP interface (which is the public
 IP in this case) is ping it, right? 

No. For all practical purposes that is the IP address you should use.

 Granted all the redirection to my
 web server still works, and the carp interface is actually the domain
 IP, will I just be able to type the domain in a web browser and watch
 http come up? By this, I mean:
 
 INTERNET -- CARP0 --- Routers 1 and 2 --- CARP1  SWITCH ---
 CARP3 --- Web Servers 1 and 2.
 
 I'm going to be CARPing my web servers as well. So how would this
 work? Public IP request would go to one of the two routers which would
 redirect to one of the two web servers? Basically, how would http or
 named interact with the virtual interface?
 

You can find a good writeup on CARP here.

http://www.openbsd.org/faq/pf/carp.html

I have not properly understood your setup but I can give you some ideas.

CARP does not redirect IP traffic. That is handled separately. However
by virtue of CARP IP being virtual the redirection is handled by CARP
itself.

You need to think a lot on the lines of inbound or outbound CAP load
balancing/fail-over.

If it is a web server you probably need inbound fail-over.

Then CARP handles everything for you if you access the CARP virtual IP.

OpenBSD gives you several other ways to redirect traffic. relayd(8)
and pf(4) trickery using route-to come to mind.

I would rather that I do fail-over with CARP and load balancing with
relayd and leave route-to alone...

The choice is yours.

-Girish

Porting driver from Linux

2008-10-19 Thread Maciej Piechotka 
I'd like to port a driver from Linux and/or write it from scratch.
1. How hard is it? It would be my first touch with kernel programming
(well - may be except Hello World modules).
2. Is it anything I have to know (except C, APIs and GPL-license)?

Best regards
-- 
I've probably left my head... somewhere. Please wait untill I find it.
Homepage (pl_PL): http://uzytkownik.jogger.pl/
(GNU/)Linux User: #425935 (see http://counter.li.org/)

NAJNEVEROVATNIJA PONUDA

2008-10-19 Thread MP3 ENGLESKI ZA USPUT 
 - This mail is a HTML mail. Not all elements could be shown in plain text
mode. -

Kurs engleskog jezika za slusanje usput



Kurs je u formatu MP3 na 5 CD-a i omogucava ljudima koji su stalno u pokretu i
nemaju mnogo vremena da budu kuci pored svog racunara da uz pomoc najnovijih
metoda nauce engleski jezik. Na ovaj nacin engleski jezik mozete uciti u
kolima, na putu od kuce do posla i obrnuto, dok trcite ili setate, dok
putujete ili se odmarate u prirodi, dakle  na svom diskmenu ili MP3 player-u
engleski jezik cete moci uciti na bilo kom mestu. Vreme u toku dana
predvidjeno ucenje engleskog jezika nije standardno, dakle mozete sami
planirati koliko cete i gde preslusavati materijal sa CD-a. Rezultati ce biti
bolji ukoliko imate kontinuitet u preslusavanju nasih CD-a, sto znaci ukoliko
cesce budete slusali materijal brze cete savladati engleski jezik.
Ukoliko porucite ovu nesvakidasnju ponudu
na poklon cete dobiti i knjigu i prirucnik u jpg formatu
, gde cete moci da proverite sve ono sto ste naucili ili da naucite nesto
novo.
Promotivna ponuda kursa engleskog jezika za slusanje usput ( srpska verzija )
kosta 1380,00 dinara.
U cenu jesu uracunati PTT troskovi slanja paketa, sto znaci da Vi placate samo
cenu koja je iznad navedena, tj. 1380,00
..
Placanje je pouzecem, dakle po preuzimanju paketa.
Ukoliko zelite da porucite ovu nasu specijalnu ponudu potrebno je da dostavite
Vase ime i prezime, adresu, mesto, postanski broj i broj telefona i paket ce
biti kod Vas u roku od 48 sati.
Porudzbine slati iskljucivo na e-mail adrese:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]

Default Apache chroot problem.

2008-10-19 Thread Zbigniew Sobczyński 
Hi,

I'm running OpenBSD 4.3 (GENERIC) with standard httpd Apache/1.3.29
(Unix).
I need to use on my machines phpsysinfo script as necessary
information table that may be accessed remotely.
So i made directory in Apache document root /phpsysinfo and I gave
necessary rights to it. And it works. PHP is installed and runned
within Apache - so it works.

But. There is a problem. It works only when I un-chroot httpd. I need
to add this flag: httpd_flags=-u for httpd in /etc/rc.local.conf to
make it work properly.
Unfortunately :) PHP script is generating the SYSCALL functions or
something (sorry, I am not a PHP programmer) to root FS system
libraries. Especially devices state logs (dmesg).
Additionally it's querying the standard shell applications such as
uname or who.

Is there any normal way to run it with un-chrooting the Apache?
Any kind of help will be appreciated :)


P Please don't print this e-mail unless you really need to.

Best Regards,
Zbigniew Sobczyqski
[EMAIL PROTECTED]
GG: 1334213
JabberID: zetbee
Skype: zetbeee

Re: Default Apache chroot problem.

2008-10-19 Thread Chris Bennett 

Zbigniew SobczyEski wrote:

Hi,

I'm running OpenBSD 4.3 (GENERIC) with standard httpd Apache/1.3.29
(Unix).
I need to use on my machines phpsysinfo script as necessary
information table that may be accessed remotely.
So i made directory in Apache document root /phpsysinfo and I gave
necessary rights to it. And it works. PHP is installed and runned
within Apache - so it works.

But. There is a problem. It works only when I un-chroot httpd. I need
to add this flag: httpd_flags=-u for httpd in /etc/rc.local.conf to
make it work properly.
Unfortunately :) PHP script is generating the SYSCALL functions or
something (sorry, I am not a PHP programmer) to root FS system
libraries. Especially devices state logs (dmesg).
Additionally it's querying the standard shell applications such as
uname or who.

Is there any normal way to run it with un-chrooting the Apache?
Any kind of help will be appreciated :)


P Please don't print this e-mail unless you really need to.

Best Regards,
Zbigniew Sobczyqski
[EMAIL PROTECTED]
GG: 1334213
JabberID: zetbee
Skype: zetbeee

  
Most applications can be chrooted by bringing the needed files inside of 
the chroot, copying the directory structure outside the chroot,

but inside it. (as in /var/www/etc to get what appears to be /etc).
But it sounds like this may need to be run outside of the chroot and 
then copy the results into directories inside the chroot to be read by 
another script inside of the chroot.

(Or put the results into a database and read that instead of files)
A cron can be used to either run the main script directly, or to check 
for a request by the script inside the chroot.


Of course, you could also just run un-chrooted Apache.

Good Luck,
Chris Bennett

Re: Can't SSH into CARP'd system from the outside

2008-10-19 Thread Stuart Henderson 
On 2008-10-19, Vivek Ayer [EMAIL PROTECTED] wrote:
 The only thing you can do to the CARP interface (which is the public
 IP in this case) is ping it, right?

No, you can run services on it too.

Re: Can't SSH into CARP'd system from the outside

2008-10-19 Thread Jason Dixon 
On Sun, Oct 19, 2008 at 01:04:35PM +0530, Girish Venkatachalam wrote:
 On 22:45:49 Oct 18, Vivek Ayer wrote:
  Actually, I feel kind of stupid for asking the question. Of course you
  can never ssh into the virtual carp interface, which is what I was
  trying to do. SSHing into the physical interface still works no
  problem. Then again, it would be Yay..CARP is working 100%.

You can do most things with a CARP interface that you can with a regular
interface.  Exceptions would be applications that rely on bpf.
 
 You can of course use the CARP virtual interface. In fact you are
 supposed to use that if you setup CARP. ;)

For services that you want to failover, yes.  For administrative
purposes (i.e. ssh access), probably not.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: 4.4 Packages

2008-10-19 Thread L. V. Lammert 
On Sat, 18 Oct 2008, new_guy wrote:

 First time I've pre-ordered. Wondering when the 4.4 PKG_PATHs will be
 available so that I can add packages?
 --
Nov 1, of course, .. that's why it's called a release date.

In the meantime, use your disks.

Lee

==
 Leland V. Lammert[EMAIL PROTECTED]
  Chief ScientistOmnitec Corporation
 Network/Internet Consultants www.omnitec.net
==

Re: Porting driver from Linux

2008-10-19 Thread Ross Cameron 
Im afraid that you're going to have to re-write the driver from
scratch (without being inspired by the GPLed one) the OpenBSD kernel
developers wont include GPLed code into the core of the OS.

Are you 100% sure that the driver doesn't already exist in -current?
What piece of hardware is this?

On Sun, Oct 19, 2008 at 11:19 AM, Maciej Piechotka
[EMAIL PROTECTED] wrote:
 I'd like to port a driver from Linux and/or write it from scratch.
 1. How hard is it? It would be my first touch with kernel programming
 (well - may be except Hello World modules).
 2. Is it anything I have to know (except C, APIs and GPL-license)?

 Best regards
 --
 I've probably left my head... somewhere. Please wait untill I find it.
 Homepage (pl_PL): http://uzytkownik.jogger.pl/
 (GNU/)Linux User: #425935 (see http://counter.li.org/)

Re: Can't SSH into CARP'd system from the outside

2008-10-19 Thread Vivek Ayer 
Here's my pf.conf:
#   $OpenBSD: pf.conf,v 1.35 2008/02/29 17:04:55 reyk Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

# macros
ext_if = re0 # External Interface (169.229.158.0/24)
int_if = xl0 # Internal Interface (192.168.1.0/24)
localnet = $int_if:network
webserver = 192.168.1.50
webports = { http , https }
tcp_services = { ssh }
icmp_types = echoreq
carpdevs = { carp0 , carp1 }
syncdev = { re1 }
ssh_allowed = 192.168.1.100
carp_mcast = 224.0.0.18

# extra tweaks
set skip on lo
set block-policy return
set loginterface $ext_if
scrub in

# nat/rdr
nat on $ext_if from $localnet to any - ($ext_if)
nat on $int_if proto tcp from $localnet to $webserver port $webports - $int_if
no nat on $int_if proto tcp from $int_if to $localnet
rdr on $ext_if proto tcp from any to any port $webports - $webserver
rdr on $int_if proto tcp from $localnet to $ext_if port $webports - $webserver

# pass rules
block in
pass out keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if
pass in on $ext_if inet proto tcp from any to ($ext_if) \
   port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto tcp from any to $webserver port $webports \
   flags S/SA synproxy state
pass on $carpdevs proto carp keep state
pass quick on $ext_if proto carp \
   from $ext_if:network to $carp_mcast keep state
pass on $syncdev proto pfsync
pass in on $int_if from $ssh_allowed to self keep state (no-sync)
antispoof quick for { lo $int_if }


Here's my pf.conf.BAK:
#   $OpenBSD: pf.conf,v 1.35 2008/02/29 17:04:55 reyk Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

# macros
ext_if = re0 # External Interface (169.229.158.0/24)
int_if = xl0 # Internal Interface (192.168.1.0/24)
localnet = $int_if:network
webserver = 192.168.1.50
webports = { http , https }
tcp_services = { ssh }
icmp_types = echoreq

# extra tweaks
set skip on lo
set block-policy return
set loginterface $ext_if
scrub in

# nat/rdr
nat on $ext_if from $localnet to any - ($ext_if)
nat on $int_if proto tcp from $localnet to $webserver port $webports - $int_if
no nat on $int_if proto tcp from $int_if to $localnet
rdr on $ext_if proto tcp from any to any port $webports - $webserver
rdr on $int_if proto tcp from $localnet to $ext_if port $webports - $webserver

# pass rules
block in
pass out keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if
pass in on $ext_if inet proto tcp from any to ($ext_if) \
   port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto tcp from any to $webserver port $webports \
   flags S/SA synproxy state
antispoof quick for { lo $int_if }

I still don't think it makes sense sshing into your carp interface. I
mean, if you ssh once and you're in one machine, but then the next
time, you're in another. Anyways, take a look and see what can be
done. pf.conf is my current CARP setup, while pf.conf.BAK is before I
setup CARP.

Thanks,
Vivek

On Sun, Oct 19, 2008 at 6:53 AM, Jason Dixon [EMAIL PROTECTED] wrote:
 On Sun, Oct 19, 2008 at 01:04:35PM +0530, Girish Venkatachalam wrote:
 On 22:45:49 Oct 18, Vivek Ayer wrote:
  Actually, I feel kind of stupid for asking the question. Of course you
  can never ssh into the virtual carp interface, which is what I was
  trying to do. SSHing into the physical interface still works no
  problem. Then again, it would be Yay..CARP is working 100%.

 You can do most things with a CARP interface that you can with a regular
 interface.  Exceptions would be applications that rely on bpf.

 You can of course use the CARP virtual interface. In fact you are
 supposed to use that if you setup CARP. ;)

 For services that you want to failover, yes.  For administrative
 purposes (i.e. ssh access), probably not.

 --
 Jason Dixon
 DixonGroup Consulting
 http://www.dixongroup.net/

Re: Can't SSH into CARP'd system from the outside

2008-10-19 Thread Bryan Irvine 
snip

 # pass rules
 block in
 pass out keep state
 pass in inet proto icmp all icmp-type $icmp_types keep state
 pass in quick on $int_if
 pass in on $ext_if inet proto tcp from any to ($ext_if) \
   port $tcp_services flags S/SA keep state
 pass in on $ext_if inet proto tcp from any to $webserver port $webports \
   flags S/SA synproxy state
 pass on $carpdevs proto carp keep state
 pass quick on $ext_if proto carp \
   from $ext_if:network to $carp_mcast keep state
 pass on $syncdev proto pfsync
 pass in on $int_if from $ssh_allowed to self keep state (no-sync)
 antispoof quick for { lo $int_if }

snip

you've blocked in and then explicitly passed traffic only to $ext_if.

 -B

New cpuid code to test

2008-10-19 Thread Tobias Weingartner 
Hello all,

I'd love to get another round of cpuid testing done (i386/amd64).
The code is available at: http://www.tepid.org/~weingart/cpuid.c
I'd appreciate it if people could do something like the following
on their i386 and amd64 boxes:

make cpuid  ./cpuid | mail -s 'cpuid output' [EMAIL PROTECTED]


Thanks,

--Toby.

Re: Can't SSH into CARP'd system from the outside

2008-10-19 Thread Vivek Ayer 
So you're saying I need to explicitly pass traffic to $carpdevs too?
Would that let me ssh into the carp interface then?

On Sun, Oct 19, 2008 at 2:52 PM, Bryan Irvine [EMAIL PROTECTED] wrote:
 snip

 # pass rules
 block in
 pass out keep state
 pass in inet proto icmp all icmp-type $icmp_types keep state
 pass in quick on $int_if
 pass in on $ext_if inet proto tcp from any to ($ext_if) \
   port $tcp_services flags S/SA keep state
 pass in on $ext_if inet proto tcp from any to $webserver port $webports \
   flags S/SA synproxy state
 pass on $carpdevs proto carp keep state
 pass quick on $ext_if proto carp \
   from $ext_if:network to $carp_mcast keep state
 pass on $syncdev proto pfsync
 pass in on $int_if from $ssh_allowed to self keep state (no-sync)
 antispoof quick for { lo $int_if }

 snip

 you've blocked in and then explicitly passed traffic only to $ext_if.

  -B

Issues with RT.FM AnonCVS

2008-10-19 Thread Aaron W. Hsu 
Has anyone else had trouble doing checkouts and updates from rt.fm? 

arcfide:27$ pwd   
/usr/xenocara/distrib/sets/lists/xshare
arcfide:28$ sudo cvs -q -d [EMAIL PROTECTED]:/cvs up -Pd 
cvs [server aborted]: EOF while looking for end of string
in RCS file /cvs/xenocara/distrib/sets/lists/xshare/mi,v
arcfide:29$ sudo cvs -d [EMAIL PROTECTED]:/cvs \
-q up -Pd
U mi
arcfide:30$

What's up?

Aaron Hsu

Votre compte en ligne est suspendu

2008-10-19 Thread Desjardins 
[IMAGE]

Votre compte en ligne est suspendu !


Depuis le 20 janvier 2008, Desjardins ` amiliori la procidure de
connexion ` AcchsD Internet et AcchsD Affaires.

La sicuriti en ligne

Une situation nous oblige ` bloquer temporairement l'acchs ` vos
solutions en ligne.

Pour continuer ` utiliser nos services en lignes vous devez mettre `
jours les paramjtres de
sicuriti dans votre compte AcchsD avant le : 21/10/2008 .

Je veux mettre ` jour mes paramjtres de sicuriti

Nous espirons remidier ` la situation rapidement et vous remercions de
votre comprihension.



Your online services are temporarily unavailable.

To continue to use our online services you must update the security of
your AcchsD account
before : 21/10/2008 .

I want to upgrade the security of my account

We apologize for any inconvenience and thank you for your patience.

Copyright ) 1996-2007, Mouvement des caisses Desjardins. Tous droits
riservis.

Re: Issues with RT.FM AnonCVS

2008-10-19 Thread C. Bensend 
 Has anyone else had trouble doing checkouts and updates from rt.fm?

   arcfide:27$ pwd
   /usr/xenocara/distrib/sets/lists/xshare
   arcfide:28$ sudo cvs -q -d [EMAIL PROTECTED]:/cvs up -Pd
 cvs [server aborted]: EOF while looking for end of string
 in RCS file /cvs/xenocara/distrib/sets/lists/xshare/mi,v
 arcfide:29$ sudo cvs -d [EMAIL PROTECTED]:/cvs \
 -q up -Pd
   U mi
   arcfide:30$

Yeah, I've had issues in the past day or two with rt.fm...  I was
going to give it another day or two and then drop them a note.

Benny


-- 
You have the sex appeal of a school bus fire.
 -- Greg Geraldo

Re: Installing OpenBSD 4.4 AMD64 with more than 4GB

2008-10-19 Thread Erik Carlseen 

Erik Carlseen wrote:

Erik Carlseen wrote:

Ted Unangst wrote:
On Fri, Oct 17, 2008 at 2:21 PM, Erik Carlseen [EMAIL PROTECTED] 
wrote:
 
Does anyone know if this issue has been resolved? I'm trying to 
boot and
OpenBSD 4.4 AMD64 CD on an HP BL465c-G1 (dual Opteron 2216HE CPUs, 
8GB RAM)

and getting the following during the boot process (this is transcribed
manually, so I apologize in advance for any typos):

  CD-ROM: 9F
  Loading /4.4/AMD64/CDBOOT
  probing: pc0 com0 com1 mem[637K 255M 256M 2814M 4853M a20=on]
  disk: fd0 fd1 hd0+* cd0
   OpenBSD/amd64 CDBOOT 2.01
  boot machine memory
  Region 0: type 1 at 0x0 for 637KB
  Region 1: type 2 at 0x9f400 for 3KB
  Region 2: type 2 at 0xf for 64KB
  Region 3: type 1 at 0x10 for 261120KB
  Region 4: type 1 at 0x1000 for 262144KB
  Region 5: type 1 at 0x2000 for 2881851KB
  Region 6: type 3 at 0xcfe4efc0 for 32KB
  Region 7: type 1 at 0xcfe56fc0 for 4 KB
  Region 8: type 2 at 0xcfe57fc0 for 1696KB
  Region 9: type 2 at 0xfec0 for 1024KB
  Region 10: type 2 at 0xfee0 for 64KB
  Region 11: type 2 at 0xffc0 for 4096KB
  Region 12: type 1 at 0x10 for 4980732KB



Something like machine memory [EMAIL PROTECTED] here.  Check
the numbers, and I've never actually tried this.
  
Ted, thanks for the suggestion... I new think I've gotten the hang of 
this removing memory blocks thing but it hasn't gotten me very far 
(see below).

  Low ram: 637KB  High ram: 3405115KB
  Total free memory: 8386488KB
  boot boot
  booting cd0a:/4.4/amd64/bsd.rd: 2561344+548422+2799208+0+492560
[80+259200+161660]=0xa82360
  entry point at 0x1001e0 [7205c766, 3404, 2448b12, 840a304]
  Ignoring 4863MB above 4GB
  panic: init_x86_64: can't find end of memory

  The operating system has halted.   Please press any key to reboot.

Is there any way to get this to start, other than driving my lazy 
self 100

miles to the data center and yanking 4GB out of it?

Any help, thoughts, and criticism that doesn't involve suicide 
booths  is

appreciated.

-Erik




I started out getting rid of Region 12 with this command:

   machine memory [EMAIL PROTECTED]

No dice - same problem. So in addition to axing Region 12, I tried 
paring down Region 5 bit-by-bit (pun semi-intended), to the point 
where I was eliminating it completely:


   machine memory [EMAIL PROTECTED]
   machine memory [EMAIL PROTECTED]

Yes, I rounded the value up a bit - there seems to be a rounding 
error in the amount of memory reported; this seems to get rid of it 
without affecting the next block. In any case, it still wouldn't 
boot. I got extreme and eliminated Regions 5, 6, and 12:


   machine memory [EMAIL PROTECTED]
   machine memory [EMAIL PROTECTED]
   machine memory [EMAIL PROTECTED]

I'm down to just under 256MB of RAM and I'm still stuck on the same 
error during the boot process. It's still exactly the same as 
transcribed below, except that the Ignoring 4863MB above 4GB 
message is no longer there (for obvious reasons).


Any additional ideas would be appreciated.

-Erik


Apparently I've fixed my own problem - I needed to also delete the 
memory at Region 6 with this command:

   machine memory [EMAIL PROTECTED]
I'll try adding back in some of the other regions and post my results 
to the list in case anyone else winds up with the same problem.


-Erik

OK, here are the boot commands I used to get the installation process 
going (munged slightly so they don't get deleted as e-mail addresses):


  machine memory -0x1c000 [at] = 0x1
  machine memory -0x1000 [at] 0xcfe56fc0
  machine memory -0xafe4f000 [at] 0x2000
  machine memory [EMAIL PROTECTED]

This eliminated all but about 256MB of RAM. After the installation 
completed, I experimented a bit and found that I only needed the 
following line in boot.conf:


  machine memory -0x1000 [at] 0xcfe56fc0

Your mileage may vary. In fact, your mileage will almost certainly vary 
unless you're using a very similar machine, chipset, etc.


Here's the rub, though - it's still not using the 4GB of RAM at 
0x1. My dmesg output is below. If any kernel hacker is slumming 
over here in misc land and wants to take a crack at this machine, I can 
probably arrange remote access (e-mail me).


-Erik



OpenBSD 4.4 (GENERIC) #1562: Tue Aug 12 17:15:53 MDT 2008
   [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 3474673664 (3313MB)
avail mem = 3371139072 (3214MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xee000 (64 entries)
bios0: vendor HP version A13 date 09/23/2007
bios0: HP ProLiant BL465c G1
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC   BERT HEST
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 2 (IPPB)
acpiprt1 at acpi0: bus 0 (PCI0)
acpiprt2 at acpi0: bus 5 (EXBA)
acpiprt3 at acpi0: bus 12 (EXBB)
acpiprt4 at acpi0: bus 20 (SASB)
acpiprt5 at acpi0: bus 22 (EXBD)
acpiprt6 at

Re: Record for total number of rigs running OpenBSD

2008-10-19 Thread sonjaya 
On Fri, Oct 17, 2008 at 11:42 PM, Vivek Ayer [EMAIL PROTECTED] wrote:
 Hi guys,

 Just wanted to let you folks know that my lab, due to my insistence,
 is now running OpenBSD on 5 rigs:

 2 CARP/pfsync firewalls
 1 DNS Server
 2 CARP/pfsync/load-sharing web servers (sparc64)

 I'm sure there's people out there that have more rigs running it. I'd
 just like to know. If things go smoothly with these, I'll definitely
 pitch in money for the 4.5 release (put 4.3 to the test first).

 Cheers from Berkeley, the birthplace of BSD,
 Vivek


hii ..

1 dns server on compaq desktop pro
2 gateway on compaq desktop pro
2 proxy  on compaq deskto pro
1 vpn gateway on compaq desktop pro
1 web server + proxy + database ( radius  mysql ) on mac  mini intel .



-- 
sonjaya
http://idsale.blogspot.com
http://www.pojokdomain.com(sell  buy domain with free )

Slow file access on Compact Flash

2008-10-19 Thread Uwe Dippel 

[I read all postings in the archive AFAIK]

Just started with CF on embedded hardware advertised to run OpenBSD; 
ARInfoTek. It does run OpenBSD very well!
Now I want the embedded system to run off CF; the board has a CF socket 
to be wd0.
4.2 runs out of the box, but with very slow access of files. The CF is 
reasonably fast, though, with ~6MB at 'dd'. But once it has to access 
files for r/w, it gets very slow.
I found some postings that 4.3 would be better, but the install of 4.3 
here mainly -stalled- and took a good hour, from a local ftp-site.

locate.updatedb is incredibly fast, while some file extraction takes ages.
It looks like a large, single, file copies very fast, similar to 'dd'. 
But opening a file for r/w seems to take ages. Something like

tar -C /tmp -xzphf etc43.tgz
takes a minute, easily. And etc43.tgz is only 1.2MB.
Copying of this file is quick:
$ date   cp etc43.tgz demo  date
Mon Oct 20 11:29:15 SGT 2008
Mon Oct 20 11:29:16 SGT 2008

Any hint welcome,

Uwe



OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 500 
MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 527785984 (503MB)
avail mem = 502276096 (479MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/23/08, BIOS32 rev. 0 @ 0xfaf00
apm0 at bios0: Power Management spec V1.2 (slowidle)
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0xdb74
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdaf0/128 (6 entries)
pcibios0: PCI Exclusive IRQs: 5 7 10 11
pcibios0: no compatible PCI ICU found: ICU vendor 0x1022 product 0x2090
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xef000/0x1000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x31
vga1 at pci0 dev 1 function 1 AMD Geode LX Video rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 0, 32-bit 
3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: ULTIMATE CF CARD 4GB
wd0: 1-sector PIO, LBA, 3967MB, 8124480 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 7, version 1.0, 
legacy support
ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 7
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
ppb0 at pci0 dev 18 function 0 Pericom PCI-PCI rev 0x00
pci1 at ppb0 bus 1
fxp0 at pci1 dev 12 function 0 Intel 82559ER rev 0x10, i82551: irq 5, address 
00:14:b7:00:26:6a
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci1 dev 13 function 0 Intel 82559ER rev 0x10, i82551: irq 11, 
address 00:14:b7:00:26:6b
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
fxp2 at pci1 dev 14 function 0 Intel 82559ER rev 0x10, i82551: irq 10, 
address 00:14:b7:00:26:6c
inphy2 at fxp2 phy 1: i82555 10/100 PHY, rev. 4
fxp3 at pci0 dev 19 function 0 Intel 82559ER rev 0x10, i82551: irq 11, 
address 00:14:b7:00:26:69
inphy3 at fxp3 phy 1: i82555 10/100 PHY, rev. 4
isa0 at glxpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbdprobe: reset response 0xfa
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
biomask f3cf netmask ffef ttymask ffef
mtrr: K6-family MTRR support (2 registers)
uplcom0 at uhub1 port 1 Prolific Technology Inc. USB-Serial Controller rev 
1.10/3.00 addr 2
ucom0 at uplcom0
uhidev0 at uhub1 port 2 configuration 1 interface 0 NOVATEK USB Multimedia 
Keyboard rev 1.10/1.00 addr 3
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes, country code 33
wskbd0 at ukbd0 mux 1
wskbd0: connecting to wsdisplay0
uhidev1 at uhub1 port 2 configuration 1 interface 1 NOVATEK USB Multimedia 
Keyboard rev 1.10/1.00 addr 3
uhidev1: iclass 3/0, 3 report ids
uhid0 at uhidev1 reportid 2: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 3: input=3, output=0, feature=0
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

Re: Testing rthreads

2008-10-19 Thread Philip Guenther 
On Fri, Oct 17, 2008 at 12:52 AM, Raimo Niskanen
[EMAIL PROTECTED] wrote:
 I have also found patches (#3, #4 and #7) by Philip Guenther in
 the archives of this list from May 4.

 Can anyone enlighten me about if these/which patches still
 are useful or if there are fresher ones or if the
 4.4 release kernel or the -current kernel already
 contains some of them...

Ooog, the May 4th ones are a bit out of date.  Several of them have
been merged, others revised.  I posted a revised version of the thread
signal handling patch on Sep 17th.  I have some stuff beyond that, but
I need to merge the feedback I've already received and do some more
testing before I send it out anywhere.


 Or even better, what is the preferred way to test
 rthreads for an application? I will build the application
 from source and will happily patch the build?

As Ted observed, there's no need to rebuild.  I do most my testing via
LD_LIBRARY_PATH.  I.e., in $HOME/lib I have a copy of librthread.so
under the name libpthread.so.11.0, so if I start a program with
LD_LIBRARY_PATH=$HOME/lib in its environment, then it uses rthreads
instead of user-level threads.  That works as long as the program (a)
isn't setuid, and (b) doesn't itself mishandle LD_LIBRARY_PATH.


Philip Guenther

Tftp-proxy

2008-10-19 Thread Steve B 
I'm in need of a little help (and probably a lot of sleep). I have been
tweaking my PF due to a need for some added functionality. My last task was
to add tftp-proxy so I can backup my Cisco DSL router to my TFTP server. I
read the man page and inserted the necessary rules, but alas she's not
working and I cannot quite see my error. My TFTP server lives inside the LAN
on 192.168.1.5 and I had added the following rules. What am I missing here?

 Translation ###
# no rdr on lo0 from any to any
 nat-anchor ftp-proxy/*
 nat on egress from (self)   to any tag EGRESS - ($ext_if:0)
 nat on egress from $wire_if:network to any tag EGRESS - ($ext_if:0)
 no nat on $ext_if to port tftp
 rdr-anchor ftp-proxy/*
 rdr-anchor tftp-proxy/*
 rdr on $ext_if proto udp from any to any port tftp - 127.0.0.1 port 6969

# $ext_if inbound
 pass in   on $ext_if inet proto icmp from any   to $ext_if
icmp-type 8 code 0
 pass in quick on $ext_if inet proto tcp from ftp-auth to $ext_ip port 21
flags S/SA keep state
 pass in quick on $ext_if inet proto tcp from any to $ext_if port ssh flags
S/SA synproxy state (max 10, source-track rule, max-src-conn 10,
max-src-nodes 5,
max-src-conn-rate 3/30, overload ssh-bruteforce flush global)
 pass in quick on $ext_if inet proto udp from ftp-auth to $ext_ip keep
state

# $wire_if outbound
 pass out log on $wire_if inet proto tcp  from $wire_if to $wire_if:network
flags S/SAFR modulate state
 pass out on $wire_if inet proto tcpto $ftp_server port
21 user proxy flags S/SA keep state
 pass out log on $wire_if inet proto udp  from $wire_if to $wire_if:network
keep state
 pass out on $wire_if inet proto udpto $ftp_server keep
state
 pass out log on $wire_if inet proto icmp from $wire_if to $wire_if:network
icmp-type 8 code 0 keep state
 anchor ftp-proxy/*
 anchor tftp-proxy/*