Random kernel panics when using a Blu-Ray drive

[Matthew Dempsky]

I installed a Blu-Ray drive into my OpenBSD desktop today (running May
13th amd64 snapshot) and have been playing around with it some.
However, somewhat regularly running disklabel cd1 or mount
/dev/cd1a /mnt causes a kernel panic.  I've seen it happen with both
DVDs and Blu-Rays, though I haven't yet seen any panics while
accessing files on an already mounted disc.

The most recent kernel panic output was:

panic: kernel diagnostic assertion xa-state == ATA_S_SETUP failed:
file ../../../../dev/pci/ahci.c, line 2354
Stopped at Debugger+0x5: leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb trace
Debugger() at Debugger+0x5
panic() at panic+0x122
__assert() at __assert+0x21
ahci_ata_cmd() at ahci_ata_cmd+0x10c
ata_exec() at ata_exec+0xe
scsi_xs_exec() at scsi_xs_exec+0x24
scsi_xs_sync() at scsi_xs_sync+0x6f
scsi_scsi_cmd() at scsi_scsi_cmd+0x8f
scsi_test_unit_ready() at scsi_test_unit_ready+0x43
cdopen() at cdopen+0x193
spec_open() at spec_open+0x14f
spec_vnoperate() at spec_vnoperate+0x14
VOP_OPEN() at VOP_OPEN+0x31
vn_open() at vn_open+0x199
sys_open() at sys_open+0xff
syscall() at syscall+0x23a
--- syscall (number 5) ---
end of kernel
end trace frame: 0x7f7bc840, count: -16
acpi_pdirpa+0x3fdbba:
ddb

(I know, no ps output; I'm trying to get a copy, but I already had to
manually type the above, and the computer's not running anything
interesting when it happens.  Not even X.)

Anyway, dmesg below.  I'm currently using the SP kernel just to rule
out the chances of race-conditions; I've seen the problem with the MP
kernel too.

OpenBSD 4.7-current (GENERIC) #31827: Wed May 12 01:57:23 MDT 2010
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 3180859392 (3033MB)
avail mem = 3082412032 (2939MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe8590 (56 entries)
bios0: vendor Intel Corp. version IDG4510H.86A.0101.2009.0526.1006
date 05/26/2009
bios0: Intel Corporation DG45ID
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC MCFG ASF! HPET
acpi0: wakeup devices P0P1(S3) UAR1(S3) UAR3(S5) P0P2(S3) USB0(S3)
USB1(S3) USB2(S3) EUSB(S3) USB3(S3) USB4(S3) USBE(S3) PEX0(S4)
PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) GBE_(S4) USB5(S3) PWRB(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 3000.27 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu0: 6MB 64b/line 16-way L2 cache
cpu0: apic clock running at 333MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P2)
acpiprt2 at acpi0: bus -1 (PEX0)
acpiprt3 at acpi0: bus -1 (PEX1)
acpiprt4 at acpi0: bus -1 (PEX2)
acpiprt5 at acpi0: bus -1 (PEX3)
acpiprt6 at acpi0: bus -1 (PEX4)
acpicpu0 at acpi0:, C3, C2, C1, PSS
acpibtn0 at acpi0: PWRB
cpu0: Enhanced SpeedStep 3000 MHz: speeds: 2997, 1998 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel G45 Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel G45 Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xc000, size 0x1000
inteldrm0 at vga1: apic 0 int 16 (irq 11)
drm0 at inteldrm0
Intel G45 Video rev 0x03 at pci0 dev 2 function 1 not configured
vendor Intel, unknown product 0x2e24 (class communications subclass
miscellaneous, rev 0x03) at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 Intel ICH10 R BM LF rev 0x00: apic 0
int 20 (irq 10), address 00:1c:c0:9b:9f:f0
uhci0 at pci0 dev 26 function 0 Intel 82801JI USB rev 0x00: apic 0
int 16 (irq 11)
uhci1 at pci0 dev 26 function 1 Intel 82801JI USB rev 0x00: apic 0
int 21 (irq 3)
uhci2 at pci0 dev 26 function 2 Intel 82801JI USB rev 0x00: apic 0
int 18 (irq 11)
ehci0 at pci0 dev 26 function 7 Intel 82801JI USB rev 0x00: apic 0
int 18 (irq 11)
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801JI HD Audio rev 0x00:
apic 0 int 22 (irq 10)
azalia0: codecs: IDT 92HD73E1, Intel/0x2803, using IDT 92HD73E1
audio0 at azalia0
uhci3 at pci0 dev 29 function 0 Intel 82801JI USB rev 0x00: apic 0
int 23 (irq 3)
uhci4 at pci0 dev 29 function 1 Intel 82801JI USB rev 0x00: apic 0
int 19 (irq 11)
uhci5 at pci0 dev 29 function 2 Intel 82801JI USB rev 0x00: apic 0
int 18 (irq 11)
ehci1 at pci0 dev 29 function 7 Intel 82801JI USB rev 0x00: apic 0
int 23 (irq 3)
ehci1: timed out waiting for BIOS
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 

Re: OpenBSD 4.7 Released, May 19 2010

[André]

ThanX for the great stuff!

-- 
Andri 

Re: A codec with a BSD Licence

[Stas Miasnikou]

Rod Whitworth P?P8QP5Q:

I saw news that told me that Google was opensourcing the VP8 codec and
using it on Youtube.

The good news is that the licence is a BSD style one,
http://www.webmproject.org/license/software/

and they require contributors submitting code to agree to it being
distributed with the same terms and for the author to grant free use
with no patent fees etc
(http://code.google.com/legal/individual-cla-v1.0.html) before code
will be accepted by Google.

So we should be able to use it and not have to worry about the flasher
junk.

Hopefully I will be able to watch OpenBSD devs' presentations at
conferences that are out of reach for me, in better video. The slides
are best for reference but the action shots and off-the-cuff comments
are great and sometimes very funny.

So, on the day of OpenBSD's latest release there comes a BSD licenced
codec.


http://x264dev.multimedia.cx/?p=377


R/

*** NOTE *** Please DO NOT CC me. I am subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Re: A codec with a BSD Licence

[Rod Whitworth]

On Thu, 20 May 2010 10:09:56 +0300, Stas Miasnikou wrote:

 So, on the day of OpenBSD's latest release there comes a BSD licenced
 codec.

http://x264dev.multimedia.cx/?p=377

And?

*** NOTE *** Please DO NOT CC me. I am subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Re: OpenBSD 4.7 pkg_add error

[wim wauters]

L. V. Lammert wrote:

On Thu, 20 May 2010, Andreas Gerdd wrote:

  

# PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.7/packages/i386/
# pkg_add -vvi nano

Nano installation stucked at 76%, did not move for a long time,
then I terminated the process by CTRLC,



The main repository is getting hammered, .. try a 2nd or 3rd level mirror.
  


And you might have to delete the partial package folder (as displayed in 
your error message),
in order to be able to install the package again. Don't worry, it'll let 
you know if you do :-)



--
With Friendly Regards,
Wim Wauters T/A Unisoft Design

Fixed cost IT helpdesk and proactive IT maintenance
for professionals  small to medium size businesses
http://www.UnisoftDesign.co.uk

Data Recovery  Password Recovery
Online storage  Remote Backups
http://www.DataServices247.com

Tel. 0871 559 0812
Fax. 0871 900 7824


PS.  DataServices247.co.uk is coming 'soon' :-)




Lee

make(1): should := expand twice?

[Joachim Schipper]

Makefile:

A=This is the variable A
FOO=$$A
BAR:=$$A

test:
echo '${FOO}'
echo '${BAR}'

I expected, and GNU make gives,

echo '$A'
$A
echo '$A'
$A

However, our make gives

echo '$A'
$A
echo 'This is the variable A'
This is the variable A

Is this sensible, a historical accident that should be preserved, or a
bug? I, at least, was rather surprised...

Joachim

Re: make(1): should := expand twice?

[Joachim Schipper]

On Thu, May 20, 2010 at 11:11:51AM +0200, Joachim Schipper wrote:
 Makefile:
 
 A=This is the variable A
 FOO=$$A
 BAR:=$$A
 
 test:
   echo '${FOO}'
   echo '${BAR}'
 
 I expected, and GNU make gives,
 
 echo '$A'
 $A
 echo '$A'
 $A
 
 However, our make gives
 
 echo '$A'
 $A
 echo 'This is the variable A'
 This is the variable A
 
 Is this sensible, a historical accident that should be preserved, or a
 bug? I, at least, was rather surprised...

An addendum to the above: := really does expand exactly twice (and not
until done), although this is not obvious from the above. Consider:

A=$$B
B=b
FOO=$$A
BAR:=$$A

test:
echo '${FOO}'
echo '${BAR}'

This results in (with our make):

echo '$A'
$A
echo '$B'
$B

Joachim

=?windows-1252?Q?PMS_DE_M=C9XICO_LO_INVITA_AL:SEMINARIO_DE_ALMACENES_E_INVENTARIOS_PARA_MEJOR_CONTROL??=

[Lic. Marla Kolovos]

[IMAGE]

!Promocisn Especial a Grupos!

Mayores informes responda este correo electrsnico con los siguientes
datos.

Empresa:

Nombre:

Telifono:

Email:

Nzmero de Interesados:

Y en breve le haremos llegar la informacisn completa del evento.

O bien comunmquense a nuestros telifonos un ejecutivo con gusto le
atendera

Tels. (33) 8851-2365, (33)8851-2741, (33)3125-4658.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
Mixico o bien un usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJAAlmacen
Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE Almacen
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia y no es intencisn de la empresa la inconformidad del
receptor.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
almacenes.jpg]

Os Maiores Segredos da Disney

[Silvia - Grupo K.L.A. Portugal]

Jim Cunningham

 Caso nao visualize correctamente este e-mail, por 
favor clique AQUI. http://www.mpiece.com/kla_abr10/redireciona1.php

Bom dia,

Como estC!?

Quero chamar a sua atenC'C#o para um evento muito Especial que nC3s
da K.L.A. EducaC'C#o Empresarial vamos realizar com Jim Cunningham no
prC3ximo dia 28 de Maio no Hotel Real PalC!cio em Lisboa.

SerC! um dia inteiro, em que teremos a oportunidade de estar face a
face com uma das maiores autoridades em estratC)gias de serviC'os de
qualidade do mundo. Directamente da Disney University, a K.L.A. traz a
Portugal o SeminC!rio Internacional - Como Criar e Manter ServiC'os de
Alto Desempenho.

Cuma ocasiC#o C:nica, este Evento C) acessC-vel apenas a um grupo
de 100 lC-deres empresariais. Ainda temos alguns lugares, e C) por
entender que pode interessar-se em fazer parte deste grupo selecto que
tomo a liberdade de enviar pessoalmente para si esta mensagem.

ConheC'a os detalhes deste evento e inscreva-se hoje mesmo no site -
www.klaportugal.com/disney
 http://www.mpiece.com/kla_abr10/redireciona2.php

Com os meus cumprimentos,

SC-lvia Costa

Grupo K.L.A

Av. Liberdade, 110, 1B: Andar

Lisboa - Portugal

Tlm: 929 141944 

Este e-mail foi enviado para 
misc@openbsd.org

Todas as marcas apresentadas sC#o propriedade dos seus representantes
legais.

Se por algum acaso o seu nome estC! incluC-do
nesta lista por erro ou gostaria de 

ser removido desta lista, por
 favor 

envie um e-mail 
com

Anular na linha de

assunto



--


--
Powered by PHPlist, www.phplist.com --

[demime 1.01d removed an attachment of type image/png which had a name of 
powerphplist.png]

Re: Random kernel panics when using a Blu-Ray drive

[Matthew Dempsky]

On Wed, May 19, 2010 at 11:44 PM, Matthew Dempsky matt...@dempsky.org wrote:
 ahci_ata_cmd() at ahci_ata_cmd+0x10c
 ata_exec() at ata_exec+0xe
 scsi_xs_exec() at scsi_xs_exec+0x24
 scsi_xs_sync() at scsi_xs_sync+0x6f

I poked around a bunch at this, and have a bit more information to
report.  With some luck, maybe it's of some use to someone with actual
knowledge of how SCSI, AHCI, et al actually fit together.

I've found the most reliable way to kernel panic is to insert a BD,
and then run disklabel cd1 repeatedly while the drive initially
scans the disc.  (Simply running disklabel cd1 if the disc was
already in at boot time doesn't seem to trigger it.)

Immediately after running the last disklabel cd1 command before
panic, in the kernel output I get:

ahci0.3: ahci_ata_get_xfer got slot 17
ahci0.3: interrupt: 4001TFES,DHRS
ahci0.3: error slot 17, TFD: 6851ERR, SERR: 0, DIAG: 0

(At this point xa-state is set to ATA_S_ERROR on line 1862 of ahci.c.)

ahci0.3: slot 17 is complete (error)

This error propagates back to scsi_xs_sync, which calls scsi_xs_error
to interpret the error.  This calls scsi_interpret_sense:

cd1(ahci0:3:0): Check Condition (error 0x70) on opcode 0x0
SENSE KEY: Unit Attention

and eventually falls through to calling scsi_delay on line 1473 of
scsi_base.c, which returns ERESTART.

Finally, scsi_xs_sync then loops calling scsi_xs_exec again with the
same (now errored) xs it got from scsi_scsi_cmd, which eventually
reaches ahci_ata_cmd and kernel panics because xa-status ==
ATA_S_ERROR.

Anyway, that's where I'm stuck.

Re: How to work around this compiler bug

[Christopher Zimmermann]

Hi,

I got another problem compiling some strange C++ code with gcc
3.5; still from opal:

std::string a(std::string(A::Class()));

results in:
error: cannot use `::' in parameter declaration

the actual code in opal looks like this:

#define OPAL_DEFINE_COMMAND(command, entity, func) \
  class entity##_##command : public command \
  { \
public: virtual void Process(OpalPresentity  presentity) { 
dynamic_castentity (presentity).func(*this); } \

  }; \
  static PFactoryOpalPresentityCommand::Workerentity##_##command \

s_entity##_##command(PDefaultPFactoryKey(entity::Class())+typeid(command).name())


I have no clue what this is actually about. So I would be really
happy if someone could help me out in changing this piece of code
into something gcc 3.5 understands.


Christopher

Re: [patch] Re: fdisk and bootable flag

[Jason McIntyre]

On Wed, May 12, 2010 at 03:17:07PM +0200, Thomas Pfaff wrote:
 On Tue, 11 May 2010 22:14:26 +0200
 Thomas Pfaff tpf...@tp76.info wrote:
 
  On Tue, 11 May 2010 12:34:28 -0700 (PDT)
  stupidmail4me stupidmail...@yahoo.com wrote:
   
   Anyone know how to edit the default MBR record so fdisk -iy creates
   one partition with no bootable flag, or how to unset the bootable flag?
  
  I think the following should do it:
  
  fdisk: 1 flag partition 0
  
  I suppose the man page should mention that this operation can take on
  a second operand.
  
 
 diff if this should be mentioned.  It was in fact mentioned in the man
 page but the text was commented out.  Not sure why.
 
 Index: fdisk.8
 ===
 RCS file: /cvs/src/sbin/fdisk/fdisk.8,v
 retrieving revision 1.69
 diff -u -p -r1.69 fdisk.8
 --- fdisk.8   27 Mar 2010 13:56:49 -  1.69
 +++ fdisk.8   12 May 2010 13:15:04 -
 @@ -303,14 +303,14 @@ may be appended to indicate bytes, kilob
  The special size value
  .Sq *
  will cause the partition to be sized to use the remainder of the disk.
 -.It Cm flag Ar #
 +.It Cm flag Ar # Op Ar value
  Make the given MBR partition table entry bootable.
  Only one entry can be marked bootable.
  .\ If you wish to boot from an extended
  .\ MBR partition, you will need to mark the MBR partition table entry for 
 the
  .\ extended MBR partition as bootable.
 -.\ If an optional value is given, the MBR partition is marked with the given
 -.\ value, and other MBR partitions are not touched.
 +If an optional value is given, the MBR partition is marked with the given
 +value, and other MBR partitions are not touched.
  .It Cm update
  Update the machine MBR bootcode and 0xAA55 signature in the memory copy
  of the currently selected boot block.

a slightly different version of this diff now committed.
jmc

Re: DISKLESS kernel for moving an install to a larger disk

[Henning Brauer]

there is plain no need for a special diskless kernel any more, generic
figures out where it was booted from, the ramdisks don't need to.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: How to work around this compiler bug

[Landry Breuil]

On Thu, May 20, 2010 at 3:18 PM, Christopher Zimmermann
madro...@zakweb.de wrote:
 Hi,

 I got another problem compiling some strange C++ code with gcc
 3.5; still from opal:

Again... what are you trying to achieve ? What's wrong with net/opal
and x11/gnome/ekiga ports/packages ?

Landry

Resilient RAID

[John Rowe]

I need an inexpensive OpenBSD system that will survive a disk failure,
to act as a firewall.

My understanding from the on-line documentation and the list archives is
that the new RAID system, softraid, does not support having the root
partition on RAID meaning that if the system disk fails the machine
crashes. 

Is this (still) correct?


If so, the installation notes for 4.7 suggest against using RAIDframe
(and even mis-spell the hyperlink!), which raises two further questions:

What is the most recent OpenBSD release that does support and document
installing on to RAID?

Should I install that version or am I best off trying to adapt its
installation instructions for 4.7?

Thanks

John

1980 1999 bu xe 9 xa 1989

[ti 99 1992]

http://SWARTZ7301.bestinternetdancer.com

Re: dmesg FW-8750 with 4G from 4.7-current

[Henning Brauer]

* Massimo Lusetti mass...@cedoc.mo.it [2010-05-19 14:46]:
 On Wed, 19 May 2010 13:32:19 +0200
 Robert rob...@openbsd.pap.st wrote:
 
  This is the expected behaviour.
  Check the mailinglist-archives for details. (hint: bigmem)
 
 Thanks for the hint, looking for infos.

argh, no. bigmem isn't useable as of now or it would be default.

the difference being PCI space mostly. only have 32bit adressing ake
4G for mem AND pci etc, ya know.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: How to work around this compiler bug

[Christopher Zimmermann]

On 05/20/10 15:52, Landry Breuil wrote:

On Thu, May 20, 2010 at 3:18 PM, Christopher Zimmermann
madro...@zakweb.de  wrote:

Hi,

I got another problem compiling some strange C++ code with gcc
3.5; still from opal:


Again... what are you trying to achieve ? What's wrong with net/opal
and x11/gnome/ekiga ports/packages ?


I'm doing some work on opal and would like to do it on OpenBSD. Formerly 
I did it on Debian. What I worked on was improving the SBC codec, adding 
stereo support to opal and g711 PLC.


Compiling with the 4.2 g++ from ports works fine, but then even the 
ptlib hello world sample fails at runtime. Using gcc 3.5 at least this 
ptlib sample works fine.



Cheers,

Christopher

Re: Resilient RAID

[Henning Brauer]

* John Rowe r...@excc.ex.ac.uk [2010-05-20 16:02]:
 I need an inexpensive OpenBSD system that will survive a disk failure,
 to act as a firewall.

wrong approach, see below

 My understanding from the on-line documentation and the list archives is
 that the new RAID system, softraid, does not support having the root
 partition on RAID meaning that if the system disk fails the machine
 crashes. 
 
 Is this (still) correct?

yes. it'll change eventually.

 If so, the installation notes for 4.7 suggest against using RAIDframe
 (and even mis-spell the hyperlink!), which raises two further questions:
 
 What is the most recent OpenBSD release that does support and document
 installing on to RAID?

none.

it's pointless anyway. use two machines and carp, et voila, resilent
against a lot more things than just disk failures.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: A codec with a BSD Licence

[Jacob Meuser]

B0;258;0cOn Thu, May 20, 2010 at 10:09:56AM +0300, Stas Miasnikou wrote:

 http://x264dev.multimedia.cx/?p=377

keep in mind that is from a x264/ffmpeg developer.  so I'll bite,
x264/ffmpeg developers are jack-ass idiots.  complaints from
them about poor documentation or shit changes too much should
just be laughed at, since they do the same.

anyway,

  VP8 is definitely better compression-wise than Theora an Dirac, so
  if it's claim to being patent-free does stand up, it's an upgrade
  with regard to patent-free video formats.

and that's what matters.  considering the ffmpeg devs also claimed
theora's code could be considered to fall under other MPEG patents,
and no lawsuits were filed, I find it unlikely google will face much
legal issues.  and if they do, well, it'll be interesting to see
google and ms duel it out ...

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: [SOLVED] How to work around this compiler bug

[Christopher Zimmermann]

Hey, I could work around this issue. Thanks for you help so far!!

If you are interested see below.


On 05/20/10 15:54, Marc Espie wrote:
 On Thu, May 20, 2010 at 03:18:39PM +0200, Christopher Zimmermann wrote:
 There's no gcc 3.5.

ok, that's true, its 3.3.5 of course.

 std::string a(std::string(A::Class()));

 results in:
 error: cannot use `::' in parameter declaration

 gcc 3.3.5 can't understand chains of constructors relying on temporaries,
 use intermediate variables.

I think I got that.

 e.g.,

 A::Class tmp;
 std:string a(tmp);

Class() is a method of every class in ptlib/opal, which just
returns a string as identifier for that class. (See below for the
code)
So declaring A::Class tmp does not really make sense, does it?

 (the double std::string is non-sensical, btw)

As I said, I tried to strip down the offending code as much as
possible to find out what the compiler is actually complaining
about. The original snippet of code looked like this:

 SNIP ===
#define OPAL_DEFINE_COMMAND(command, entity, func) \
  class entity##_##command : public command \
  { \
public: virtual void Process(OpalPresentity  presentity) { 
dynamic_castentity (presentity).func(*this); } \

  }; \
  static PFactoryOpalPresentityCommand::Workerentity##_##command \

s_entity##_##command(PDefaultPFactoryKey(entity::Class())+typeid(command).name())
 SNIP ===


As I understand it now, the compiler would need to create a
temporary instance of 'entity' to make the call to ::Class(), but
gcc 3.3.5 is not able to do this?

I now tried to fix it this way:


 SNIP ===
#define OPAL_DEFINE_COMMAND(command, entity, func) \
  class entity##_##command : public command \
  { \
public: virtual void Process(OpalPresentity  presentity) { 
dynamic_castentity (presentity).func(*this); } \

  }; \
  entity tmp; \
  static PFactoryOpalPresentityCommand::Workerentity##_##command \

s_entity##_##command(PDefaultPFactoryKey(tmp.Class())+typeid(command).name()) 



OPAL_DEFINE_COMMAND(OpalSetLocalPresenceCommand, OpalPresentity, 
Internal_SendLocalPresence);

 SNIP ===


this doesn't work because:

`OpalPresentity::OpalPresentity()' is protected
within this context cannot declare variable `tmp' to be of type
`OpalPresentity' because the following virtual functions are
abstract:
   virtual bool OpalPresentity::Open()
   virtual bool OpalPresentity::IsOpen() const
   virtual bool OpalPresentity::Close()

 I'm willing to help, but can you at least double check what you type ?


Now anyway this is where the ::Class() method is defined:

 SNIP ===
#define PCLASSINFO(cls, par) \
  public: \
typedef cls P_thisClass; \
static inline const char * Class() \
  { return #cls; } \
 SNIP ===


Since PCLASSINFO gets called with the 'OpalPresenty' as parameter
for 'cls' I could just remove the 'entity::Class()' thingy and
replace it by '#entity':


 SNIP ===
#define OPAL_DEFINE_COMMAND(command, entity, func) \
  class entity##_##command : public command \
  { \
public: virtual void Process(OpalPresentity  presentity) { 
dynamic_castentity (presentity).func(*this); } \

  }; \
  static PFactoryOpalPresentityCommand::Workerentity##_##command \
  s_entity##_##command(PDefaultPFactoryKey(#entity)+typeid(command).name())
 SNIP ===



g, that was too easy. I tried to fix this for several days
now. Sometimes you just need to know where to look.


Anyway thank you very much for your inspiration ;)


Cheers,

Christopher

Re: Openbsd 4.6 free ram

[Adam M. Dutko]

 This list is NOT a handholding bureau for lazy people.


Dangit!  I knew I was subscribed to the wrong list...

Computer land regala celulares que no te los ganen ven por el tuyo

[Computerland]

 http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdDEUJCEhXVAoKUQAF

 Ofertas
http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdD0UJCEhXVAoKUQAF

 Noticias
http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdDkUJCEhXVAoKUQAF

 Novedades
http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdAUUJCEhXVAoKUQAF

 **
http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdD0UJCEhXVAoKUQAF
**

 http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdD0UJCEhXVAoKUQAF

 mas informacion
http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdD0UJCEhXVAoKUQAF

 http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdD0UJCEhXVAoKUQAF

 mas informacion
http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdD0UJCEhXVAoKUQAF

 http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdD0UJCEhXVAoKUQAF

 mas informacion
http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdD0UJCEhXVAoKUQAF

 http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFdAEUJCEhXVAoKUQAF

 Todos los precios publicados son mC!s IVA y sujetos a disponibilidad

 **COMPUTERLAND 

 Gabriel CastaC1os No. 9

 Col. Arcos Vallarta

 Guadalajara Jalisco

 Tel: 01(33) 3915-**

 Horarios:

 Lunes a viernes:

 9:00 am a 2:30 pm / 4:00 pm a 7:00pm

 SC!bados: 10:00 am a 2:00 pm



center
Para darse de baja de esta lista visite
http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFcDEUJCEhXVAoKUQAF

Para actualizar sus preferencias visite
http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFcCEUJCEhXVAoKUQAF

Para reenviar esto a un amigo visite
http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFcC0UJCEhXVAoKUQAF

a
href='http://www.computerlandnews.info/lt.php?id=ZR4GBAAOBwFcD0UJCEhXVAoKUQAFPolmtica
De Privacidad/a



/center


--
Powered by Wadil Works, www.wadilworks.com --

Re: dmesg FW-8750 with 4G from 4.7-current

[Massimo Lusetti]

On Thu, 20 May 2010 16:07:31 +0200
Henning Brauer lists-open...@bsws.de wrote:

 argh, no. bigmem isn't useable as of now or it would be default.
 
 the difference being PCI space mostly. only have 32bit adressing ake
 4G for mem AND pci etc, ya know.

yep, reading archives and commit logs I have come to the decision to
leave it to the defaults.

I expect to mail dmesg@ on monday or tuesday when the box will be
released.

Cheers
-- 
Massimo

Re: Resilient RAID

[Xavier Beaudouin]

 What is the most recent OpenBSD release that does support and document
 installing on to RAID?

 none.

 it's pointless anyway. use two machines and carp, et voila, resilent
 against a lot more things than just disk failures.

And if you don't want to suffer because of a harddisk failure you can also use
flashrd to make the openbsd stuff on a DOM, a Compact Flash or even an USB
key.

/Xavier

Re: Resilient RAID

[Martin Pelikán]

If your firewall has to run in not so hostile conditions like sub-zero
temperatures or large temp differences over short time (typically
right under the roof), consider using flash memory (CF-ATA converters
being available around 20 USD) instead of hard disk + eventually mfs
for some logging or so. We're running and know about hundreds of
settings like this without any serious problems and very minimal
percentage of failures.

2010/5/20, Henning Brauer lists-open...@bsws.de:
 * John Rowe r...@excc.ex.ac.uk [2010-05-20 16:02]:
 I need an inexpensive OpenBSD system that will survive a disk failure,
 to act as a firewall.

 wrong approach, see below

 My understanding from the on-line documentation and the list archives is
 that the new RAID system, softraid, does not support having the root
 partition on RAID meaning that if the system disk fails the machine
 crashes.

 Is this (still) correct?

 yes. it'll change eventually.

 If so, the installation notes for 4.7 suggest against using RAIDframe
 (and even mis-spell the hyperlink!), which raises two further questions:

 What is the most recent OpenBSD release that does support and document
 installing on to RAID?

 none.

 it's pointless anyway. use two machines and carp, et voila, resilent
 against a lot more things than just disk failures.

 --
 Henning Brauer, h...@bsws.de, henn...@openbsd.org
 BS Web Services, http://bsws.de
 Full-Service ISP - Secure Hosting, Mail and DNS Services
 Dedicated Servers, Rootservers, Application Hosting




--
Martin PelikC!n, Steadynet
E-mail: martin.peli...@gmail.com, gpg key  0x7176E4C9
Tel: +420 724 818 573
Jabber: sztor...@jabber.cz
web: http://cap.potazmo.cz/

Польша,Эстония,Мальта.без личной подачи!

[Сергей]

PPP;QQP0,P-Q
QPP=P8Q,PP0P;QQP0.P1P5P7 P;P8QP=PP9 P?PP4P0QP8!
P!PP4P5P9Q
QP2P8P5 P?QPP1P;P5PP=QP
QP5P3P8PP=P0P(PQQP7P8Q,PPP;P4P0P2P8Q,PP0P2P:P0P7)
-PP8P7P0 PP4P=PP:QP0QP=P0Q ,Q
P;QP6P5P1P=P0Q 15/30 b 180 P5P2QP Q

P;P8QP=PP9 P?PP4P0QP5P9 P2 P:PP=Q
QP;QQ
QP2P.
-PP8P7P0 PQP;QQP8 ,Q
P;QP6P5P1P=P0Q 30/90-200 P5P2QP Q
 P;P8QP=PP9
P?PP4P0QP5P9 P2 P:PP=Q
QP;QQ
QP2P .250 P5P2QP P1P5P7 P?PP4P0QP8.
-PP8P7P0 PQP;QQP8 ,Q
P;QP6P5P1P=P0Q 90/180 -250 P5P2QP Q

P;P8QP=PP9 P?PP4P0QP5P9 ,400 P1P5P7 P7P0QPP4P0 P2
P:PP=Q
QP;QQ
QP2P
-PP8P7P0 PQP;QQP8 ,Q
P;QP6P5P1P=P0Q 180/360-400 P5P2QP Q

P;P8QP=PP9 P?PP4P0QP5P9 P2 P:PP=Q
QP;QQ
QP2P .600 P5P2QP P1P5P7
P7P0QPP4P0 P2 P:PP=Q
QP;QQ
QP2P.
PP8P=P8PP0P;QP=QP9  P?P0P:P5Q P4PP:QPP5P=QPP2  !
PP8QP0P9,PPP=P:PP=P3,QP9P2P0P=Q.PQP5QP=P0P,P$P8P;P;P8P?P8P=Q,PP=
P4P8Q,PP=P4PP=P5P7P8Q,PP7QP0P8P;Q.
+380919024301
alexma...@ukr.net

Re: A codec with a BSD Licence

[Ted Unangst]

On Thu, May 20, 2010 at 10:23 AM, Jacob Meuser jake...@sdf.lonestar.org
wrote:
 and that's what matters.  considering the ffmpeg devs also claimed
 theora's code could be considered to fall under other MPEG patents,
 and no lawsuits were filed, I find it unlikely google will face much
 legal issues.  and if they do, well, it'll be interesting to see
 google and ms duel it out ...

Considering theora's 0% adoption rate, I'm not sure who would have
been sued.  And x264 hasn't been sued either to my knowledge, but for
some reason everybody is still scared of those patents.

Re: Resilient RAID

[Henning Brauer]

* Xavier Beaudouin k...@oav.net [2010-05-20 17:34]:
 And if you don't want to suffer because of a harddisk failure you can also use
 flashrd to make the openbsd stuff on a DOM, a Compact Flash or even an USB
 key.

1) flashrd and friends are bullshit, just use your CF/DOM/Whatever
   like a regular harddisk. the write cycle myth is just a myth these
   days, the current stuff copes transparently.

2) flash never fails, right. fuck redundancy, I have flash!

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Where is OpenBSD/LibSpec/Build.pm?

[Eric d'Alibut]

In a fresh install of the new 4.7 release I cvs'd the ports tree and
started to try some builds, but immediately ran into a can't locate
[...] in @INC error referencing the Subject file.

This popped in shells/tcsh and also devel/gperf.

Thoughts? Help? (I am back looking at obsd after a long time out of
the fold! g)


Best regards,

-- 
No no no, my fish's name is Eric, Eric the fish. He's an halibut. I am
not a looney! Why should I be tarred with the epithet looney merely
because I have a pet halibut?

Re: HA: pair of firewalls, 2 switches and 1 server

[Axel Rau]

Am 20.05.2010 um 00:04 schrieb Henning Brauer:


* Axel Rau axel@chaos1.de [2010-05-19 10:34]:

Now the question: Can I put a trunk on top of a carp?


you put carp on top of the trunk of course.

OK.
Can I have a trunk connected to 2 different switches then?

Axel
---
axel@chaos1.de  PGP-Key:29E99DD6  +49 151 2300 9283  computing @
chaos claudius

Re: HA: pair of firewalls, 2 switches and 1 server

[Graham Allan]

On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
 Am 20.05.2010 um 00:04 schrieb Henning Brauer:
 
 * Axel Rau axel@chaos1.de [2010-05-19 10:34]:
 Now the question: Can I put a trunk on top of a carp?
 
 you put carp on top of the trunk of course.
 OK.
 Can I have a trunk connected to 2 different switches then?
 
Not normally. Some higher-end switches can support this, eg the
HP Procurve switches running their K-series software can do something
they call distributed trunking (and no doubt Cisco and other vendors all
call it something else). But as I think you were talking about using
cheapish Netgear switches it's unlikely to be possible.

-- 
-
Graham Allan
School of Physics and Astronomy - University of Minnesota
-

Re: HA: pair of firewalls, 2 switches and 1 server

[Henning Brauer]

* Graham Allan al...@physics.umn.edu [2010-05-20 19:23]:
 On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
  Am 20.05.2010 um 00:04 schrieb Henning Brauer:
  
  * Axel Rau axel@chaos1.de [2010-05-19 10:34]:
  Now the question: Can I put a trunk on top of a carp?
  
  you put carp on top of the trunk of course.
  OK.
  Can I have a trunk connected to 2 different switches then?
  
 Not normally. Some higher-end switches can support this, eg the
 HP Procurve switches running their K-series software can do something
 they call distributed trunking (and no doubt Cisco and other vendors all
 call it something else). But as I think you were talking about using
 cheapish Netgear switches it's unlikely to be possible.

well, lacp usually doesn't work across switches. but lacp is not the
only mode trunk supports. roundrobin definately works across switches
- how well might depend on your switches. works well for me on
procurve with E-series software which doesn't do distributed trunking
afair.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: Where is OpenBSD/LibSpec/Build.pm?

[Henning Brauer]

* Eric d'Alibut eric.hali...@gmail.com [2010-05-20 19:02]:
 In a fresh install of the new 4.7 release I cvs'd the ports tree and
 started to try some builds, but immediately ran into a can't locate
 [...] in @INC error referencing the Subject file.

/usr/libdata/perl5/OpenBSD/LibSpec/Build.pm

but that is current. 4.7 doesn't have it. as in, you have something
-current in your mix (pbly ports) and mixing release/stable is not
supported.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Un amigo te envio un sms

[Hola]

[IMAGE] Mexico Jueves 20 de Mayo

Gracias por tu amistad te deseo lo mejor

Haga click en la imagen para ver el mensaje

Enviado por: Escucha el mensaje de voz que te envio espero que te
acuerdes de mi jajajaja

Para reproducir el mensaje de voz presiona aca

[IMAGE]

Numero de tarjeta: [IMAGE]

Terra Mexico, S.A. ) Copyright 2010.

[IMAGE]

[IMAGE]

[IMAGE]

Re: Where is OpenBSD/LibSpec/Build.pm?

[Eric d'Alibut]

On Thu, May 20, 2010 at 1:31 PM, Henning Brauer lists-open...@bsws.de wrote:

 but that is current. 4.7 doesn't have it. as in, you have something
 -current in your mix (pbly ports) and mixing release/stable is not
 supported.

So I need a tag in my cvs co command.

I grabbed the missing Build.pm from the web cvs. How can I change
@INC, if that's not too bonehead a question, or if that's even a good
idea?


-- 
No no no, my fish's name is Eric, Eric the fish. He's an halibut. I am
not a looney! Why should I be tarred with the epithet looney merely
because I have a pet halibut?

http://1id.com/contact/=bob.bernstein

雅虎關鍵字 Google關鍵字g 任選十組字 只要 8000元g

[給 公司負責人 的一封信]

bb

Re: HA: pair of firewalls, 2 switches and 1 server

[Jussi Peltola]

On Thu, May 20, 2010 at 07:28:55PM +0200, Henning Brauer wrote:
 * Graham Allan al...@physics.umn.edu [2010-05-20 19:23]:
  On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
   Am 20.05.2010 um 00:04 schrieb Henning Brauer:
   
   * Axel Rau axel@chaos1.de [2010-05-19 10:34]:
   Now the question: Can I put a trunk on top of a carp?
   
   you put carp on top of the trunk of course.
   OK.
   Can I have a trunk connected to 2 different switches then?
   
  Not normally. Some higher-end switches can support this, eg the
  HP Procurve switches running their K-series software can do something
  they call distributed trunking (and no doubt Cisco and other vendors all
  call it something else). But as I think you were talking about using
  cheapish Netgear switches it's unlikely to be possible.
 
 well, lacp usually doesn't work across switches. but lacp is not the
 only mode trunk supports. roundrobin definately works across switches
 - how well might depend on your switches. works well for me on
 procurve with E-series software which doesn't do distributed trunking
 afair.
 
How about the warnings about packet reordering and interactions with
TCP? I'd guess it's not really such a big issue if you have two
identical switches and routers. But shouldn't the hash based trunk modes
work just fine, too (with the caveat that some flows will stop working
completely if the other switch fails in some ways while roundrobin will
cause half of the packets to be blackholed, keeping badly degraded
connectivity)

Also, the switches need to be separate; connecting them directly may
cause learned MACs to flap between the real host port and the cable
between the switches and make the trunk receive its own traffic on the
other port.

Fail-over trunk should work just fine, too. But see the following
paragraphs...

If you want reliability, do not use cheap switches. Switch power
supplies are not the failure mode you want to avoid. I don't remember
seeing very many at all, however I've seen lots of crappy ones lose
their config or stop forwarding completely while keeping the link up.

I have two identical core switches in one (not really so critical at
all) place running OSPF, with a bunch of routers connecting to both
switches for redundancy. Works pretty well and there has even been a
config reset incident, which didn't break anything - because OSPF can
detect link failures. Trying to do the same all the way to the end hosts
(i.e.  without a routing protocol) is pretty difficult.

One pseudo solution is to run a bridge instead of trunk on the 2
interfaces and use STP for fail-over; I find that too yucky to solve a
problem that doesn't really exist (just buy a reliable switch with a
redundant power supply or connect the single one to a good UPS)

However, if you need to ask if you can run a trunk on top of a carp, do
yourself a favor and use a single switch. There will be less downtime.

Jussi Peltola

Re: Where is OpenBSD/LibSpec/Build.pm?

[Henning Brauer]

* Eric d'Alibut eric.hali...@gmail.com [2010-05-20 20:01]:
 On Thu, May 20, 2010 at 1:31 PM, Henning Brauer lists-open...@bsws.de wrote:
 
  but that is current. 4.7 doesn't have it. as in, you have something
  -current in your mix (pbly ports) and mixing release/stable is not
  supported.
 
 So I need a tag in my cvs co command.
 
 I grabbed the missing Build.pm from the web cvs. How can I change
 @INC, if that's not too bonehead a question, or if that's even a good
 idea?

the most naive and terrible idea presented here in the last few
minutes.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: HA: pair of firewalls, 2 switches and 1 server

[Henning Brauer]

* Jussi Peltola pe...@pelzi.net [2010-05-20 20:07]:
 On Thu, May 20, 2010 at 07:28:55PM +0200, Henning Brauer wrote:
  * Graham Allan al...@physics.umn.edu [2010-05-20 19:23]:
   On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
Am 20.05.2010 um 00:04 schrieb Henning Brauer:

* Axel Rau axel@chaos1.de [2010-05-19 10:34]:
Now the question: Can I put a trunk on top of a carp?

you put carp on top of the trunk of course.
OK.
Can I have a trunk connected to 2 different switches then?

   Not normally. Some higher-end switches can support this, eg the
   HP Procurve switches running their K-series software can do something
   they call distributed trunking (and no doubt Cisco and other vendors all
   call it something else). But as I think you were talking about using
   cheapish Netgear switches it's unlikely to be possible.
  
  well, lacp usually doesn't work across switches. but lacp is not the
  only mode trunk supports. roundrobin definately works across switches
  - how well might depend on your switches. works well for me on
  procurve with E-series software which doesn't do distributed trunking
  afair.
  
 How about the warnings about packet reordering and interactions with
 TCP?

never ran into such issues. too lazy right now to check wether trunk
deals with that in roundrobin or wether i just got lucky.

 I'd guess it's not really such a big issue if you have two
 identical switches and routers. But shouldn't the hash based trunk modes
 work just fine, too (with the caveat that some flows will stop working
 completely if the other switch fails in some ways while roundrobin will
 cause half of the packets to be blackholed, keeping badly degraded
 connectivity)

err. wait. if the switch fails for real the link goes down and the
port is just taken out of the active ports on the trunk.

now there are of course more subtle ways of failure that could lead to
the above scenario. but how likely is that really? and would this
issue be your real problem then?
 
 Also, the switches need to be separate; connecting them directly may
 cause learned MACs to flap between the real host port and the cable
 between the switches and make the trunk receive its own traffic on the
 other port.

that is the may depend on your switch part. I have not seen any
problems with interconnected procurves, 5300XL series.

 Fail-over trunk should work just fine, too.

indeed.

 If you want reliability, do not use cheap switches. Switch power
 supplies are not the failure mode you want to avoid. I don't remember
 seeing very many at all, however I've seen lots of crappy ones lose
 their config or stop forwarding completely while keeping the link up.

guess i lack the cheap shit switch experience.

i do have experience with expensive shit switches tho. they suck in
many different ways, never seen the behaviour you describe above tho.

but then, ever since using said procurves, that is history.

 I have two identical core switches in one (not really so critical at
 all) place running OSPF, with a bunch of routers connecting to both
 switches for redundancy. Works pretty well and there has even been a
 config reset incident, which didn't break anything - because OSPF can
 detect link failures. Trying to do the same all the way to the end hosts
 (i.e.  without a routing protocol) is pretty difficult.

i would never ever run any L3 on switches.

 However, if you need to ask if you can run a trunk on top of a carp, do
 yourself a favor and use a single switch. There will be less downtime.

that is something i could subscribe to :)

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: Where is OpenBSD/LibSpec/Build.pm?

[Eric d'Alibut]

On Thu, May 20, 2010 at 2:09 PM, Henning Brauer lists-open...@bsws.de wrote:

 the most naive and terrible idea presented here in the last few
 minutes.

I kinda knew that the minute I hit 'Send.'  g

d/l'ing a new ports tree as I type.

Thanks again,

-- 
No no no, my fish's name is Eric, Eric the fish. He's an halibut. I am
not a looney! Why should I be tarred with the epithet looney merely
because I have a pet halibut?

Re: HA: pair of firewalls, 2 switches and 1 server

[Henning Brauer]

* Henning Brauer lists-open...@bsws.de [2010-05-20 20:23]:
 * Jussi Peltola pe...@pelzi.net [2010-05-20 20:07]:
  On Thu, May 20, 2010 at 07:28:55PM +0200, Henning Brauer wrote:
   * Graham Allan al...@physics.umn.edu [2010-05-20 19:23]:
On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
 Am 20.05.2010 um 00:04 schrieb Henning Brauer:
 
 * Axel Rau axel@chaos1.de [2010-05-19 10:34]:
 Now the question: Can I put a trunk on top of a carp?
 
 you put carp on top of the trunk of course.
 OK.
 Can I have a trunk connected to 2 different switches then?
 
Not normally. Some higher-end switches can support this, eg the
HP Procurve switches running their K-series software can do something
they call distributed trunking (and no doubt Cisco and other vendors all
call it something else). But as I think you were talking about using
cheapish Netgear switches it's unlikely to be possible.
   
   well, lacp usually doesn't work across switches. but lacp is not the
   only mode trunk supports. roundrobin definately works across switches
   - how well might depend on your switches. works well for me on
   procurve with E-series software which doesn't do distributed trunking
   afair.
   
  How about the warnings about packet reordering and interactions with
  TCP?
 
 never ran into such issues. too lazy right now to check wether trunk
 deals with that in roundrobin or wether i just got lucky.

uh, I just checked and... I am actually running failover. oups.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: HA: pair of firewalls, 2 switches and 1 server

[Jussi Peltola]

On Thu, May 20, 2010 at 08:17:48PM +0200, Henning Brauer wrote:
  I have two identical core switches in one (not really so critical at
  all) place running OSPF, with a bunch of routers connecting to both
  switches for redundancy. Works pretty well and there has even been a
  config reset incident, which didn't break anything - because OSPF can
  detect link failures. Trying to do the same all the way to the end hosts
  (i.e.  without a routing protocol) is pretty difficult.
 
 i would never ever run any L3 on switches.
 
Bad wording on my part, the routers run OSPF and the switches are dumb
L2 devices.

Still, without OSPF et al there would be no way to detect a crappy
switch failing in funny ways, which was my point.

As an extra note, if you do get a crappy switch, be very careful with
its management interface. The cheapest ones have unbelievably slow CPUs
that are easily overloaded by broadcasts making the whole thing stop
responding. Even worse, the interrupt load seems to trigger some other
bugs, like LACP mysteriously failing and disabling one port on a trunk
and blackholing half of your traffic (this happened on a ZyXEL GS-4024,
which has otherwise totally Just Worked as a L2 switch for years) or
even the whole switch ASIC crashing after a broadcast storm and
requiring a reboot (though the management CPU was still responding
through the out of band ether and serial port after the storm was gone)

Also, it's a very obvious DoS; a malicious person needs to send a rather
small amount of BPDUs to overload the tiny CPU and the cheap switches
obviously have no rate limiting for packets going to the CPU (only on
all broadcasts). So, blocking BPDUs from non-trusted devices should be
enabled (but that should probably be done anyway.)

Even among trusted devices STP and LACP involve the shitty code
running on the underpowered management CPU, and that is not the part
that shines in the cheap switches. Static link aggregation works OK.

Re: [SOLVED] How to work around this compiler bug

[David Coppa]

On Thu, 20 May 2010, Christopher Zimmermann wrote:

 after preprocessing it looks like this:
 
 void setUseProxy( bool v )
 {
 QSettings( QCoreApplication::organizationName().isEmpty() ?
 Last.fm : QCoreApplication::organizationName() ).setValue(
 ProxyEnabled, v ? 1 : 0 );
 }
 
 I don't know why, but just adding a return before every
 SharedQSettings( stopped g++ 3.3.5 from complaining.
 
 Does this help?

That did the trick.

Thank you!
-dav

Re: HA: pair of firewalls, 2 switches and 1 server

[Graham Allan]

On Thu, May 20, 2010 at 08:17:48PM +0200, Henning Brauer wrote:
 * Jussi Peltola pe...@pelzi.net [2010-05-20 20:07]:
 
  If you want reliability, do not use cheap switches. Switch power
  supplies are not the failure mode you want to avoid. I don't remember
  seeing very many at all, however I've seen lots of crappy ones lose
  their config or stop forwarding completely while keeping the link up.
 
 guess i lack the cheap shit switch experience.
 
 i do have experience with expensive shit switches tho. they suck in
 many different ways, never seen the behaviour you describe above tho.
 
 but then, ever since using said procurves, that is history.

I agree with the don't use cheap switches statement. If you look at
the price of (eg) used procurve 2824's then I don't see why anyone would
use Netgear or suchlike.

It's also good to have a switch with a real management interface that can
help you tell what's going on.

Graham

sqRE:tungstjen jewelry from chinagrg�

[LGM Jewelry]

y

Dear Sir or Madam,

We are tungsten,ceramic jewelry and watches manufacturer in mainland China. We
supply jewelry and watches with good quality and low price.
We are mainly a OEM factory.We have two factory in mainland China,we have many
clients in USA.And we have been doing OEM for GMA,benchmark for many years.So
far,we are the most professional manufactory in tungsten and ceramic rings and
watch field. we are confident in saying all our products are in A-one
quality.
We manufacture and export various of kinds of tungsten,ceramic
Watches,rings,bracelets,pendants,badges,which can be inlaid with gold, silver
and diamond, as well as laser patterns.We can also do your own design, from a
whole watch(rings) to a watch bezel (link), even small and complicated
components,we can OEM for you.
You are also invited to visit our web: www.lgmjewelry.com  on which you could
find all range of our products.
Should there be any of our items being of your interest, please do feel free
to contact us.
Any other enquiry please free to contact me at: i...@lgmjewelry.com

  Thanks and regards



Ivan / Marketing Dept.
Lingengmin Jewelry limited.
Tel : 8613480611780
Fax: 8675527375590
Mail1:  i...@lgmjewelry.com
Msn: lingm2...@hotmail.com
Skype: lingm2006
Website: http://www.lgmjewelry.com
ADD  :  No.605, building A1, Fu Yong  Hua Yuan , Fuyong town, Bao'an,
Shenzhen, Guangdong,China 518103


2010-05-21 00:25:2608e3--0b02--5871--24fb

[demime 1.01d removed an attachment with a content-type header it could not 
parse.]
[Content-Type: application; name=rings and watches.jpg]

Re: HA: pair of firewalls, 2 switches and 1 server

[Axel Rau]

Am 20.05.2010 um 20:17 schrieb Henning Brauer:



However, if you need to ask if you can run a trunk on top of a carp,

This was an academic question to keep the thread running (-;

do
yourself a favor and use a single switch. There will be less
downtime.


that is something i could subscribe to :)

I try to keep things simple usually. Thanks to all for the advice.

Axel
---
axel@chaos1.de  PGP-Key:29E99DD6  +49 151 2300 9283  computing @
chaos claudius

Re: HA: pair of firewalls, 2 switches and 1 server

[Reyk Floeter]

On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
 Now the question: Can I put a trunk on top of a carp?
 
 you put carp on top of the trunk of course.
 OK.
 Can I have a trunk connected to 2 different switches then?
 

yes, i did this many times using trunk in failover mode.  this is
actually the main reason why i implemented failover mode: for l2
redundancy.  i even normally use it in combination with VLANs.

to explain it using your artwork:

  +---+  +--+   

   
  |   |+-+   |  |   

   
  +fw1++ sw1 +---+  |   

   
 carp0|   +--+ +-+-+-+em0|  |   

   
  |   |  |   |   |  |   

   
  +-+-+  |  ++   |  |   

   
||  ||Server|   

   
  +-+-+  +--|--+ | fbsd |   

   
  |   | |  | |  |   

   
  |   +-+  +-+-+-+   |  |   

   
  +fw2++ sw2 +---+  |   

   
 carp0|   |+-+em1|  |   

   
  +---+  +--+   

   

let's assume that fw1 and fw2 are connected with em1 and em2, em1 is
connected to sw1 and em2 is connected to sw2 on each fw.  fbsd server
sits in vlan2, the uplink is in vlan1 connected to the same switches
(you might also have other physical switches for the uplink, which is
also fairly common, which would just require to move vlan1 to another
trunk or physical iface).

the switches don't need any special configuration, no trunks on the
switch and no stacking or similar.  they just need to be in the same
VLANs, so a simple interlink between them is all you need.  failover
mode means that the trunk only uses one active link at a time (the
first trunkport you add and so on) as long as the link is up.  this is
works nicely with any kind of switches, is safe to use and doesn't
cause any loops, address conflicts etc..  i use procurve switches
(now: hp networking e-series), but there is no need for distributed
trunking or tricks like this with failover mode.

fw1# ifconfig em0 up
fw1# ifconfig em1 up
fw1# ifconfig trunk0 trunkport em0 trunkport em1 trunkproto failover up
fw1# ifconfig vlan1 vlandev trunk0 descr UPLINK 10.1.1.2/24
fw1# ifconfig vlan2 vlandev trunk0 descr SERVERLAN 10.1.2.2/24
fw1# ifconfig carp1 vhid 1 carpdev vlan1 10.1.1.1/24
fw1# ifconfig carp2 vhid 2 carpdev vlan2 10.1.2.1/24

fw2# ifconfig em0 up
fw2# ifconfig em1 up
fw2# ifconfig trunk0 trunkport em0 trunkport em1 trunkproto failover up
fw2# ifconfig vlan1 vlandev trunk0 descr UPLINK 10.1.1.3/24
fw2# ifconfig vlan2 vlandev trunk0 descr SERVERLAN 10.1.2.3/24
fw2# ifconfig carp1 vhid 1 carpdev vlan1 advskew 100 10.1.1.1/24
fw2# ifconfig carp2 vhid 2 carpdev vlan2 advskew 100 10.1.2.1/24

and you can also move the pfsync traffic over the same trunk:

fw1# ifconfig vlan240 vlandev trunk0 192.168.240.2/24 up
fw1# ifconfig pfsync0 syncdev vlan240 up

fw2# ifconfig vlan240 vlandev trunk0 192.168.240.3/24 up
fw2# ifconfig pfsync0 syncdev vlan240 up

reyk

Re: HA: pair of firewalls, 2 switches and 1 server

[Jussi Peltola]

I do this too. In addition to the previously mentioned problems with
cheap switches losing their configs (and vlans) you should make sure the
active interfaces are all on one switch so that the link between them
isn't uselessly used; this will also avoid an unpleasant split brain
event if that link ever happens to fail. But in this case you will also
have to very carefully check the other switch stays properly configured so
the backup interfaces will actually pass the traffic you want.

Linux's bonding module has an arp monitor which solves some of these
problems, but the implementation is so hackish (as usual there...) that
I'd rather not use it in production. arping and ifstated might do the
same on openbsd, but I'm not sure if that will work when the interfaces
are trunk ports. I'll need to check this when I have time.

Re: A codec with a BSD Licence

[ropers]

On 20 May 2010 18:37, Ted Unangst ted.unan...@gmail.com wrote:
 Considering theora's 0% adoption rate,

Wikipedia/Wikimedia Commons used to be a 100% Theora shop when it came
to video, but I'm no longer up to date, and things might have changed.

regards,
--ropers

Re:

[patrick kristensen]

2010/5/17 J.C. Roberts list-...@designtools.org:
 On Fri, 14 May 2010 17:11:16 +0200 patrick kristensen
 kristensenpatri...@gmail.com wrote:
 Hi

 I have 4.6-RELEASE on a lenovo x200s system with Ericsson F3507g
 Mobile Broadband Module installed (mini-pci express wwan adapter).
 On FreeBSD the device is detected by the cdce(4) driver which creates
 an ue0 ethernet interface. On 4.6-RELEASE install this does not
 happen.
 The cdce(4) appeared in openBSD 4.1 and following the changelog from
 4.1 to -current, cdce(4) should be in generic.
 Do I need to modload anything for cdce to load?


 It seems you forgot to post your dmesg and the output of `usbdevs -vd`


 --
 The OpenBSD Journal - http://www.undeadly.org


I have  upgraded to 4.7-release and later 4.7-current but cdce does not load.
The output from dmesg and usbdevs for -release and -current is:


dmesg on 4.7-release

LITY
wd0: 1-sector PIO, LBA48, 61057MB, 125045424 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-U20N, HX12 ATAPI
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 6
Intel 82801I SMBus rev 0x03 at pci0 dev 31 function 3 not configured
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
rd0: fixed, 4480 blocks
Ericsson Ericsson F3507g Mobile Broadband Minicard Composite Device
rev 2.00/0.00 addr 2 at uhub1 port 4 not configured
uhub8 at uhub0 port 5 vendor 0x17ef product 0x1005 rev 2.00/0.01 addr 2
Chicony Electronics Co., Ltd. product 0x480c rev 2.00/31.34 addr 3
at uhub0 port 6 not configured
vendor 0x08ff Fingerprint Sensor rev 2.00/17.03 addr 2 at uhub3 port
1 not configured
softraid0 at root
root on rd0a swap on rd0b dump on rd0b
syncing disks... done
rebooting...
OpenBSD 4.7 (GENERIC.MP) #130: Wed Mar 17 20:48:50 MDT 2010
   dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3175813120 (3028MB)
avail mem = 3083743232 (2940MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (68 entries)
bios0: vendor LENOVO version 6DET58WW (3.08 ) date 08/20/2009
bios0: LENOVO 74663RG
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT
SSDT TCPA DMAR SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP0(S4) EXP1(S4)
EXP2(S4) EXP3(S4) USB0(S3) USB3(S3) USB5(S3) EHC0(S3) EHC1(S3)
HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU L9400 @ 1.86GHz, 1862.24 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,C
X16,xTPR,NXE,LONG
cpu0: 6MB 64b/line 16-way L2 cache
cpu0: apic clock running at 265MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU L9400 @ 1.86GHz, 1862.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,C
X16,xTPR,NXE,LONG
cpu1: 6MB 64b/line 16-way L2 cache
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 104 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T4649 serial72 type LION oem SANYO
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK docked (15)
cpu0: Enhanced SpeedStep 1862 MHz: speeds: 1867, 1866, 1600, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07
vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x07
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 

Re: HA: pair of firewalls, 2 switches and 1 server

[Axel Rau]

Thanks for this detailed elaboration, Reyk.
A few questions:

Am 20.05.2010 um 22:07 schrieb Reyk Floeter:


On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:

Now the question: Can I put a trunk on top of a carp?


you put carp on top of the trunk of course.

OK.
Can I have a trunk connected to 2 different switches then?



yes, i did this many times using trunk in failover mode.  this is
actually the main reason why i implemented failover mode: for l2
redundancy.  i even normally use it in combination with VLANs.

to explain it using your artwork:

 +---+  +--+
 |   |+-+   |  |
 +fw1++ sw1 +---+  |
carp0|   +--+ +-+-+-+em0|  |
 |   |  |   |   |  |
 +-+-+  |  ++   |  |
   ||  ||Server|
 +-+-+  +--|--+ | fbsd |
 |   | |  | |  |
 |   +-+  +-+-+-+   |  |
 +fw2++ sw2 +---+  |
carp0|   |+-+em1|  |
 +---+  +--+

let's assume that fw1 and fw2 are connected with em1 and em2, em1 is
connected to sw1 and em2 is connected to sw2 on each fw.  fbsd server
sits in vlan2, the uplink is in vlan1 connected to the same switches
(you might also have other physical switches for the uplink, which is
also fairly common, which would just require to move vlan1 to another
trunk or physical iface).

the switches don't need any special configuration, no trunks on the
switch and no stacking or similar.  they just need to be in the same
VLANs, so a simple interlink between them is all you need.

You mean a physical connection between sw1 and sw2?

 failover
mode means that the trunk only uses one active link at a time (the
first trunkport you add and so on) as long as the link is up.  this is
works nicely with any kind of switches, is safe to use and doesn't
cause any loops, address conflicts etc..  i use procurve switches
(now: hp networking e-series), but there is no need for distributed
trunking or tricks like this with failover mode.

fw1# ifconfig em0 up
fw1# ifconfig em1 up
fw1# ifconfig trunk0 trunkport em0 trunkport em1 trunkproto failover
up
fw1# ifconfig vlan1 vlandev trunk0 descr UPLINK 10.1.1.2/24
fw1# ifconfig vlan2 vlandev trunk0 descr SERVERLAN 10.1.2.2/24
fw1# ifconfig carp1 vhid 1 carpdev vlan1 10.1.1.1/24
fw1# ifconfig carp2 vhid 2 carpdev vlan2 10.1.2.1/24

fw2# ifconfig em0 up
fw2# ifconfig em1 up
fw2# ifconfig trunk0 trunkport em0 trunkport em1 trunkproto failover
up
fw2# ifconfig vlan1 vlandev trunk0 descr UPLINK 10.1.1.3/24
fw2# ifconfig vlan2 vlandev trunk0 descr SERVERLAN 10.1.2.3/24
fw2# ifconfig carp1 vhid 1 carpdev vlan1 advskew 100 10.1.1.1/24
fw2# ifconfig carp2 vhid 2 carpdev vlan2 advskew 100 10.1.2.1/24


On fbsd, I set default gw to 10.1.1.1 ?

But a trunk would have no counter parts. How does this fit in?

fbsd# ifconfig em0 up
fbsd# ifconfig em1 up
fbsd# ifconfig lagg0 laggproto failover laggport em0 laggport em1 \
10.1.2.10 netmask 255.255.255.0
?

Axel
---
axel@chaos1.de  PGP-Key:29E99DD6  +49 151 2300 9283  computing @
chaos claudius

OpenBSD 4.7 as VPN Gateway for Road Warriors, Preferred Configuration

[dontek]

Hey guys:

 

I'm looking for a little direction here, as the preferred method of setting
up a VPN for these types of connections seems to have changed many times
throughout the version history of OpenBSD and changes to IPSec, isakmpd, pf,
etc..

 

So as you've probably gleaned from the subject, I want multiple clients to
be able to connect to the OpenBSD 4.7 VPN Gateway.  I'd also like to use
DHCP over IPSec.

 

I've found many examples via Google.  Some are using isakmpd.conf, while
others use the isakmpd -K switch and defer to ipsec.conf for configuration.

 

In my situation with multiple Road Warriors, is one way more correct than
the other..?  Easier..?

 

What's the preferred method in the day of OpenBSD 4.7?

 

Thanks,

 

don..

Re: HA: pair of firewalls, 2 switches and 1 server

[Reyk Floeter]

On Thu, May 20, 2010 at 11:31:22PM +0300, Jussi Peltola wrote:
 I do this too. In addition to the previously mentioned problems with
 cheap switches losing their configs (and vlans) you should make sure the
 active interfaces are all on one switch so that the link between them
 isn't uselessly used; this will also avoid an unpleasant split brain
 event if that link ever happens to fail. But in this case you will also
 have to very carefully check the other switch stays properly configured so
 the backup interfaces will actually pass the traffic you want.
 

don't mix up cheap switches with crap switches.  actually, some very
expensive switches are really crappy indeed.  but i don't see your
problems, you just have to take care a little bit and don't try to
run your highly redundant high-performance firewall cluster with a
bunch of SOHO linksys switches (oh wait, they're cisco now).

but there is no real problem, trunk failover with carp + pfsync and
redundant switches works very well and i have installed it in many
different highly available production sites.  it is hard to make it
not work unless you configure your switches wrong - eg. by cascading
the redundant switches to other uplink switches and creating some
weird loops.

 Linux's bonding module has an arp monitor which solves some of these
 problems, but the implementation is so hackish (as usual there...) that
 I'd rather not use it in production. arping and ifstated might do the
 same on openbsd, but I'm not sure if that will work when the interfaces
 are trunk ports. I'll need to check this when I have time.
 

why not?  trunk is just a normal ethernet interface.

the linux bondage trick sounds hackish, but link detection protocols
like udld or bfd should help here on the ethernet level.  many managed
switches support one of these protocols and i'd like to do this on the
openbsd side at some point to alter the link state based on optional
uni-/bidirectional link detection.

reyk

Re:

[J.C. Roberts]

On Thu, 20 May 2010 23:17:25 +0200 patrick kristensen
kristensenpatri...@gmail.com wrote:
 2010/5/17 J.C. Roberts list-...@designtools.org:
  On Fri, 14 May 2010 17:11:16 +0200 patrick kristensen
  kristensenpatri...@gmail.com wrote:
  Hi
 
  I have 4.6-RELEASE on a lenovo x200s system with Ericsson F3507g
  Mobile Broadband Module installed (mini-pci express wwan adapter).
  On FreeBSD the device is detected by the cdce(4) driver which
  creates an ue0 ethernet interface. On 4.6-RELEASE install this
  does not happen.
  The cdce(4) appeared in openBSD 4.1 and following the changelog
  from 4.1 to -current, cdce(4) should be in generic.
  Do I need to modload anything for cdce to load?
 
 
  It seems you forgot to post your dmesg and the output of `usbdevs
  -vd`
 
 
  --
  The OpenBSD Journal - http://www.undeadly.org
 
 
 I have  upgraded to 4.7-release and later 4.7-current but cdce does
 not load. The output from dmesg and usbdevs for -release and -current
 is:
 
 
...
 OpenBSD 4.7-current (GENERIC.MP) #229: Wed May 12 02:02:27 MDT 2010
 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
...
 umodem0 at uhub1 port 4 configuration 1 interface 1 Ericsson Ericsson
 F3507g Mobile Broadband Minicard Composite Device rev 2.00/0.00 addr
 2
 umodem0: data interface 2, has CM over data, has break
 umodem0: status change notification available
 ucom0 at umodem0
 umodem1 at uhub1 port 4 configuration 1 interface 3 Ericsson Ericsson
 F3507g Mobile Broadband Minicard Composite Device rev 2.00/0.00 addr
 2
 umodem1: data interface 4, has CM over data, has break
 umodem1: status change notification available
 ucom1 at umodem1
 umodem2 at uhub1 port 4 configuration 1 interface 9 Ericsson Ericsson
 F3507g Mobile Broadband Minicard Composite Device rev 2.00/0.00 addr
 2
 umodem2: data interface 12, has CM over data, has break
 umodem2: no data interface
...
 
 usbdevs -vd (4.7-current)
...
 Controller /dev/usb1:
 addr 1: high speed, self powered, config 1, EHCI root hub(0x),
 Intel(0x8086), rev 1.00
   uhub1
  port 1 powered
  port 2 powered
  port 3 powered
  port 4 addr 2: high speed, power 20 mA, config 1, Ericsson F3507g
 Mobile Broadband Minicard Composite Device(0x1900), Ericsson(0x0bdb),
 rev 0.00, iSerialNumber 3541430209963360
umodem0
umodem1
umodem2
  port 5 powered
  port 6 powered


Though I have and have read the mostly useless marketing material
touting the features of the Erricsson F3507g, I haven't been able to
find any real specs. It seems to be very similar feature-wise to the
Qalcomm Gobi-1000 and Gobi-2000 (MDM1000 and MDM2000 chipsets), but I
am yet to find any claim that the Erricson F3507g uses Qaulcom parts,
or for that matter, uses Qualcomm logic cores. It doesn't matter all
that much since the above tells me the device is most likely usable in
OpenBSD as is.

Two of the three umodem(4) have serial ports attached (ucom(4)) so all
you need to do is configure ppp(8) or pppd(8) to talk to one of those
serial ports (/dev/cuaU?). You should probably read the umsm(4) for
more info and an example chat script.

A lot of similar EVDO/HSPA devices are built in the same way in the
sense of providing more than one serial port, but only one of them is
usable with ppp/pppd. The other supposed serial port speaks a
proprietary protocol and is used for management purposes. Typically,
the proprietary protocol is either Qualcomm QMI or Qualcomm DM. Due to
various leaks (read: google android), portions of the proprietary
protocol have been figured out by the linux camp, but it's still a work
in progress. Some details were posted here:
http://blogs.gnome.org/dcbw/2010/04/

jcr

-- 
The OpenBSD Journal - http://www.undeadly.org

Re: HA: pair of firewalls, 2 switches and 1 server

[Tomoyuki Sakurai]

On Tue, May 18, 2010 at 10:32 PM, Axel Rau axel@chaos1.de wrote:

 Yes, but what carps/trunks do I need?

I'm doing carp(4)+pfsync(4)+bridge(4)+vether(4)+trunk(4)+ospfd(8) for
L3/L2 redundancy.

Part of my config can be found at:
http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=6318

You need additional two OSPF routers for L3 redundancy (claudio@
explained why in a paper).

-- 
Tomoyuki Sakurai

Opportunity: (176) Client Server/Application Architect

[Partha Hazarika]

GDI InfoTech, Inc. has immediate opening for a Client Server/Application
Architect with client based in Albany, NY. This is a 18+ months
opportunity.

 

Job Title   : Client Server/Application
Architect (176)
Location   : Albany, NY
Duration   : 18+ months

 

Required:

 An Associate's Degree (or higher) 

 Five to eight years experience designing and implementing large
scale C/S open systems environments.

 Minimum five years experience in Visual Studio .Net or Visual
Basic 6.0 (or latest version).

 Minimum five years experience in COM+

 

Desirable:
Two or more years working with Oracle databases.

 Three or more years experience designing, developing 
deploying n-tier .Net web apps, coding in VB.NET.  Experience with ASP
to ASP.NET conversion a plus.  

 Two or more years experience developing Web applications using
HTML and ASP, including management, installation  migration of
components to IIS  APP servers.

 Two or more years experience creating and documenting system
architecture in the capacity of lead architect, preferably utilizing
ASP, VB6, COM+ and .Net.  This experience should include developing and
deploying COM objects in an MTS/COM+ environment.

 Three or more years experience analyzing business processes and
workflows, and working with non-technical staff to develop system
specifications and resolve problems.  Experience in Human Services
related projects such as Food Stamps, Welfare to Work, Public Assistance
a plus.

 Three or more years development experience using web
application security protocols and techniques.   Siteminder or LDAP
knowledge a plus.

 Two or more years experience mentoring and training developers
in areas such as system architecture, design patterns, common system
utilities, etc.

 

Three Professional references required:

 Reference Name (Required):

 Title (Optional):

 Company Name (Required):

 Phone Number (Required include area code):

 E-mail address  (Optional):

 Professional Relationship: (Optional):

 

If you or any of your contacts are a fit for the requirement and are
interested in pursuing this opportunity, please email me your resume in
word format, your availability and salary/ rate requirements, a number
to reach you and a convenient time to call.

 

Regards,

Kris Kumar

kku...@gdii.com mailto:kku...@gdii.com 

734-418-2236

Re: obsd as domU?

[Kenneth R Westerback]

On Wed, Jan 13, 2010 at 10:10:16AM -0700, Diana Eichert wrote:
 Chuckle, try to troubleshoot a network issue when it is in a
 virtual network.  Lots of fun, not.
 
 diana

Better yet, get told by management NOT to troubleshoot but let the
outsourcers do it. While your whole hospital is down for 7 hours.

Not that that would really happen.

 Ken