Re: What should I do with a remote AIX machine if I accidentally chmod /usr/bin/ksh?
On 8/30/11 6:15 PM, Marcos Ariel Laufer wrote: I didn't mean evangelizing, but you never know who might be a future donator, after all OpenBSD needs donations Donor, not donator. Mehma
ftpd server
Hello I have a ftpd server box, OBSD-4.9, and pflog shows: Aug 29 10:11:03.520900 rule 3/(match) pass in on rl0: 190.87.195.241.2732 192.168.5.2.21: S 2008995709:2008995709(0) win 65535 mss 1452,nop,nop,sackOK Aug 29 10:15:52.825409 rule 3/(match) pass in on rl0: 190.87.195.241.3190 192.168.5.2.21: S 409025537:409025537(0) win 65535 mss 1452,nop,nop,sackOK Aug 29 10:27:40.085461 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 2719210498:2719210554(56) ack 2008995823 win 17424 (DF) [tos 0x10] Aug 29 10:28:44.085510 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:29:48.085560 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:30:52.085653 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:31:56.085655 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:32:29.475695 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 2719185758:2719185814(56) ack 409025651 win 17424 [tos 0x10] Aug 29 10:33:00.085705 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:33:33.475738 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:34:04.085762 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:34:37.475788 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:35:08.085806 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: R 57:57(0) ack 1 win 0 (DF) [tos 0x10] Aug 29 10:35:41.475843 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:36:45.475901 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:37:49.475947 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:38:53.476001 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:39:57.476044 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: R 57:57(0) ack 1 win 0 [tos 0x10] pf rules are: set skip on lo block in log all block out log all pass out log quick on rl0 pass in log quick on rl0 proto tcp from any to port {20 21 22} antispoof quick log for rl0 pass# to establish keep-state It look for me, that somebody send code over port 21, then ftpd respond over port 21, and pf stops sftp! I have seen that normal behaviour of ftpd is logged on random ports; as effect of ftp_proxy. Is it happening something weird here? Thanks so much.
Re: ftpd server
2011/8/31 fqui nonez fquinon...@gmail.com: Hello I have a ftpd server box, OBSD-4.9, and pflog shows: Aug 29 10:11:03.520900 rule 3/(match) pass in on rl0: 190.87.195.241.2732 192.168.5.2.21: S 2008995709:2008995709(0) win 65535 mss 1452,nop,nop,sackOK Aug 29 10:15:52.825409 rule 3/(match) pass in on rl0: 190.87.195.241.3190 192.168.5.2.21: S 409025537:409025537(0) win 65535 mss 1452,nop,nop,sackOK Aug 29 10:27:40.085461 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 2719210498:2719210554(56) ack 2008995823 win 17424 (DF) [tos 0x10] Aug 29 10:28:44.085510 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:29:48.085560 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:30:52.085653 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:31:56.085655 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:32:29.475695 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 2719185758:2719185814(56) ack 409025651 win 17424 [tos 0x10] Aug 29 10:33:00.085705 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:33:33.475738 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:34:04.085762 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:34:37.475788 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:35:08.085806 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: R 57:57(0) ack 1 win 0 (DF) [tos 0x10] Aug 29 10:35:41.475843 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:36:45.475901 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:37:49.475947 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:38:53.476001 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:39:57.476044 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: R 57:57(0) ack 1 win 0 [tos 0x10] pf rules are: set skip on lo block in log all block out log all pass out log quick on rl0 pass in log quick on rl0 proto tcp from any to port {20 21 22} antispoof quick log for rl0 pass B B B B B B # to establish keep-state Hi, please read how the ftp protocol works and which port should be enable in/out from your server http://slacksite.com/other/ftp.html http://www.freesoft.org/CIE/Topics/69.htm Regards -- Matteo Filippetto http://www.op83.eu
Re: bgpctl shiw rib out displaying incorrect information
flags destination gateway lpref med aspath origin AI* 10.0.1.0/24 172.29.1.200 100 0 i current1# What is incorrect on this ?
Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?
Hi all, Is not so hard at it seems: http://www.openbsd.org/faq/faq1.html Why is Apache included? It isn't needed by many people! Because the developers want it. Why isn't a newer version of Apache included? The license on newer versions is unacceptable. If you need/want another httpd, go to the ports and fetch what you want. And shut up the noise please.
Re: bgpctl shiw rib out displaying incorrect information
Le Wed, 31 Aug 2011 07:19:15 +0200, Tony Sarendal t...@polarcap.org a C)crit : Hi, current1# cat /etc/bgpd.conf AS 65001 network 10.0.1.0/24 current1# bgpctl show rib nei 172.29.1.52 out flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI* 10.0.1.0/24 172.29.1.200 100 0 i So you announce (A) via IBGP (I) the route 10.0.1.0/24, looks good no?. current2# bgpctl show rib nei 172.29.1.51 in flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin I* 10.0.1.0/24 172.29.1.51100 0 i And you receive the route via IBGP (I), looks good too. Where is the problem? Regards.
Re: ftpd server
On 31/08/2011, at 7:16 PM, matteo filippetto wrote: 2011/8/31 fqui nonez fquinon...@gmail.com: Hello I have a ftpd server box, OBSD-4.9, and pflog shows: Aug 29 10:11:03.520900 rule 3/(match) pass in on rl0: 190.87.195.241.2732 192.168.5.2.21: S 2008995709:2008995709(0) win 65535 mss 1452,nop,nop,sackOK Aug 29 10:15:52.825409 rule 3/(match) pass in on rl0: 190.87.195.241.3190 192.168.5.2.21: S 409025537:409025537(0) win 65535 mss 1452,nop,nop,sackOK Aug 29 10:27:40.085461 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 2719210498:2719210554(56) ack 2008995823 win 17424 (DF) [tos 0x10] Aug 29 10:28:44.085510 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:29:48.085560 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:30:52.085653 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:31:56.085655 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:32:29.475695 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 2719185758:2719185814(56) ack 409025651 win 17424 [tos 0x10] Aug 29 10:33:00.085705 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:33:33.475738 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:34:04.085762 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:34:37.475788 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:35:08.085806 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: R 57:57(0) ack 1 win 0 (DF) [tos 0x10] Aug 29 10:35:41.475843 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:36:45.475901 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:37:49.475947 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:38:53.476001 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:39:57.476044 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: R 57:57(0) ack 1 win 0 [tos 0x10] pf rules are: set skip on lo block in log all block out log all pass out log quick on rl0 pass in log quick on rl0 proto tcp from any to port {20 21 22} antispoof quick log for rl0 pass B B B B B B # to establish keep-state Hi, please read how the ftp protocol works and which port should be enable in/out from your server http://slacksite.com/other/ftp.html http://www.freesoft.org/CIE/Topics/69.htm You may also find this useful: http://home.nuug.no/~peter/pf/en/ftpproblem.html Regards -- Matteo Filippetto http://www.op83.eu
Re: ftpd server
Hi, You will find your solution here : http://www.openbsd.org/faq/pf/ftp.html Best regards, Wesley MOUEDINE ASSABY http://mouedine.net/ruleset49.aspx On Tue, 30 Aug 2011 23:38:41 -0700, fqui nonez fquinon...@gmail.com wrote: Hello I have a ftpd server box, OBSD-4.9, and pflog shows: Aug 29 10:11:03.520900 rule 3/(match) pass in on rl0: 190.87.195.241.2732 192.168.5.2.21: S 2008995709:2008995709(0) win 65535 mss 1452,nop,nop,sackOK Aug 29 10:15:52.825409 rule 3/(match) pass in on rl0: 190.87.195.241.3190 192.168.5.2.21: S 409025537:409025537(0) win 65535 mss 1452,nop,nop,sackOK Aug 29 10:27:40.085461 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 2719210498:2719210554(56) ack 2008995823 win 17424 (DF) [tos 0x10] Aug 29 10:28:44.085510 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:29:48.085560 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:30:52.085653 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:31:56.085655 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:32:29.475695 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 2719185758:2719185814(56) ack 409025651 win 17424 [tos 0x10] Aug 29 10:33:00.085705 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:33:33.475738 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:34:04.085762 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:34:37.475788 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:35:08.085806 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: R 57:57(0) ack 1 win 0 (DF) [tos 0x10] Aug 29 10:35:41.475843 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:36:45.475901 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:37:49.475947 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:38:53.476001 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:39:57.476044 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: R 57:57(0) ack 1 win 0 [tos 0x10] pf rules are: set skip on lo block in log all block out log all pass out log quick on rl0 pass in log quick on rl0 proto tcp from any to port {20 21 22} antispoof quick log for rl0 pass # to establish keep-state It look for me, that somebody send code over port 21, then ftpd respond over port 21, and pf stops sftp! I have seen that normal behaviour of ftpd is logged on random ports; as effect of ftp_proxy. Is it happening something weird here? Thanks so much.
Re: bgpctl shiw rib out displaying incorrect information
On Wed, Aug 31, 2011 at 9:51 AM, Patrick Lamaiziere patf...@davenulle.orgwrote: Le Wed, 31 Aug 2011 07:19:15 +0200, Tony Sarendal t...@polarcap.org a icrit : Hi, current1# cat /etc/bgpd.conf AS 65001 network 10.0.1.0/24 current1# bgpctl show rib nei 172.29.1.52 out flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI* 10.0.1.0/24 172.29.1.200 100 0 i So you announce (A) via IBGP (I) the route 10.0.1.0/24, looks good no?. current2# bgpctl show rib nei 172.29.1.51 in flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin I* 10.0.1.0/24 172.29.1.51100 0 i And you receive the route via IBGP (I), looks good too. Where is the problem? Sender says next hop = 172.29.1.100, receiver says .51. show rib out in this case shows incorrect nexthop. Regards Tony
Re: bgpctl shiw rib out displaying incorrect information
Hi Am 31.08.2011 10:23, schrieb Tony Sarendal: Sender says next hop = 172.29.1.100, receiver says .51. show rib out in this case shows incorrect nexthop. Well thats kind of the point of having set nexthop self in the config...
Re: bgpctl shiw rib out displaying incorrect information
On Wed, Aug 31, 2011 at 11:01 AM, Andre Keller a...@list.ak.cx wrote: Hi Am 31.08.2011 10:23, schrieb Tony Sarendal: Sender says next hop = 172.29.1.100, receiver says .51. show rib out in this case shows incorrect nexthop. Well thats kind of the point of having set nexthop self in the config... You are missing the point, completely. bgpctl show rib out displays incorrect information. Regards Tony
Re: Quad-Gigabit 1U mini-itx board recommendations?
Henrique Antsnio Evaristo skrev 2011-08-30 09:08: Humm, nice ... I was interested in knowing the power consumption of that setup. Do you have any possibility to provide that ? Thanks. Best regards, Henrique We're using 1U chassis: http://mini-itx.com/store/?c=33#p3809 Around 45-50W under normal load with the built-in power supply (250W) and an IDE flash drive. There's a new version of the 1U chassis with a 80 PLUS-certified power supply: http://mini-itx.com/store/?c=33#C2-RACK-V2 /Johan
static IP
Cannot configure internet with static IP address hostname.fc0 inet IP mask and nothing works. They gave me login and password, may be this is the case? -- igor denisov.
vpn with a win7 workstation
Hi What is the best way to build a vpn between an OpenBSD 4.9 gateway and a Win7 workstation ? Thank you very much for your advices. All the best, Wesley M.
IP address
Lot of thanks to all who tried to help denisovigor1...@rambler.ru. I should read the FAQ first, problem is solved.
Especial�zate e ins�rtate en el mercado laboral con un click
Si no puede ver este anuncio, haga click aqum Especialmzate e insirtate en el mercado laboral con un click Cursos en Mixico Cursos en Mixico Cursos en Mixico Cursos en Mixico Cursos en Mixico Cursos en Mixico Cursos en Mixico Cursos en Mixico Para mayor informacisn, llene sus datos haciendo click aqum [IMAGE] Logo de Direct Publiweb Registre gratuitamente a un amigo. Remuivase aqum. Emarketing - Paginas Web - Presentaciones Interactivas -- --
Re: vpn with a win7 workstation
On Wed, Aug 31, 2011 at 6:30 PM, Wesley M. open...@e-solutions.re wrote: What is the best way to build a vpn between an OpenBSD 4.9 gateway and a Win7 workstation ? I got this working here on our network, both for Win7 and Ubuntu clients going to an OpenBSD gateway. On the gateway, have /etc/ipsec.conf say something like # roadwarrior ike passive esp from any to gateway.ip.address peer any psk your-rand0m-password-here ike passive esp from gateway.ip.address to any psk your-rand0m-password-here And on your Win7 client, get Shrew VPN[0] and add a configuration with the following auth: Phase 1: - Exchange type: main - DH Exchange: group 2 - Cipher algorithm: aes - Cipher key length: 256 Bits - Hash algorithm: sha1 Phase 2: - Transform length: aes - Transform key length: 256 Bits - HMAC algorithm: sha1 - PFS Exchange: group 2 - Compression algorithm: deflate Policy: - add a topology entry that matches your internal network [0] http://www.shrew.net/download/vpn -- Zak B. Elep || orangeandbronze.com 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D
Re: vpn with a win7 workstation
Ok, thank you a lot for your replay. Have you ever try to use ikev2 ? using iked and so win7 have ikev2 support. I tried to use it (iked) but no success... :( If you can take a eye on it. Cheers, Wesley M. On Wed, 31 Aug 2011 19:07:49 +0800, Zak Elep zak.e...@orangeandbronze.com wrote: On Wed, Aug 31, 2011 at 6:30 PM, Wesley M. open...@e-solutions.re wrote: What is the best way to build a vpn between an OpenBSD 4.9 gateway and a Win7 workstation ? I got this working here on our network, both for Win7 and Ubuntu clients going to an OpenBSD gateway. On the gateway, have /etc/ipsec.conf say something like # roadwarrior ike passive esp from any to gateway.ip.address peer any psk your-rand0m-password-here ike passive esp from gateway.ip.address to any psk your-rand0m-password-here And on your Win7 client, get Shrew VPN[0] and add a configuration with the following auth: Phase 1: - Exchange type: main - DH Exchange: group 2 - Cipher algorithm: aes - Cipher key length: 256 Bits - Hash algorithm: sha1 Phase 2: - Transform length: aes - Transform key length: 256 Bits - HMAC algorithm: sha1 - PFS Exchange: group 2 - Compression algorithm: deflate Policy: - add a topology entry that matches your internal network [0] http://www.shrew.net/download/vpn
Re: Building xxxterm and chromium
That sounds more like crappy DNS or filtered Internet. I can't speak for chromium but webkit likes = 256 files = 16384 stack. Adsuck can go a long way making the surfing experience better too. BTW you can't update things willy nilly, you have to do pretty much all of it at once. On Tue, Aug 30, 2011 at 11:37:18PM -0500, Bryan wrote: I am using the latest build of OpenBSD/amd64 (dated Aug 30). I have been using Chrome recently, as it appeared to be a little more stable (the 12.x was anyway). The only annoying issue is that often, I will try to surf to a page, and the browser just sits there, and spins and spins and spins. The site isn't down, it just acts like it doesn't know what to do 'sending request' is all I get, if that. Tonight, I built 13.0.782.215, but as pkg_tools is trying to create the package, I receive the following error: Error: Libraries in packing-lists in the ports tree and libraries from installed packages don't match. And it appeared that 'nss' and 'nspr' were not checked to see if they are updated. So I built them manually. No problem. Now, when I start chrome, my homepage comes up, but I can't do anything else. No other sites will load, not yahoo.com, fark.com, gmail, etc. These sites are not down, and I can't tell why chrome just refuses to function. Sometimes, I can fix it by hitting refresh a few times on the current page. building xxxterm, first gnutls received the above error, looking for an updated 'hogweed' and 'nettle', I did a bit of hunting, and found libnettle, and built it. Then I built gnutls, and then xxxterm. I got them built, but shouldn't the build look for these issues, and 'update' to the later version? My mk.conf isn't pulling packages, and I'm using a -current from less than two hours ago... If there is any other info I can provide, please ask. my current ulimit values, and dmesg are below. Bryan P.S. Wouldn't you know, after I installed chrome, and rebooted, the above issue has gone away... for now... well, it's better than Firefox... ulimit -a # ulimit -a time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes) 8388608 stack(kbytes)8192 lockedmem(kbytes)2700382 memory(kbytes) 8089788 nofiles(descriptors) 128 processes1310 root@laptop-openbsd /usr/ports/www/xxxterm # exit brakeb@laptop-openbsd ~ $ ulimit -a time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes) 2097152 stack(kbytes)4096 lockedmem(kbytes)2700382 memory(kbytes) 8089788 nofiles(descriptors) 256 processes256 dmesg: OpenBSD 5.0-current (GENERIC.MP) #78: Tue Aug 30 22:00:22 CDT 2011 root@laptop-openbsd:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8538869760 (8143MB) avail mem = 8297443328 (7913MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf6530 (57 entries) bios0: vendor Dell Inc. version A24 date 08/19/2010 bios0: Dell Inc. Latitude E6500 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET DMAR APIC ASF! MCFG SLIC SSDT acpi0: wakeup devices PCI0(S4) PCIE(S4) USB1(S0) USB2(S0) USB3(S0) USB4(S0) USB5(S0) USB6(S0) EHC2(S0) EHCI(S0) AZ AL(S3) RP01(S4) RP02(S4) RP03(S4) RP04(S3) RP05(S3) RP06(S5) LID_(S3) PBTN(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU P8800 @ 2.66GHz, 2660.36 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS, HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG cpu0: 3MB 64b/line 8-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU P8800 @ 2.66GHz, 2660.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS, HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG cpu1: 3MB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 3 (PCIE) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 11 (RP01) acpiprt3 at acpi0: bus 12 (RP02) acpiprt4 at acpi0: bus 13 (RP03) acpiprt5 at acpi0: bus 14 (RP04) acpiprt6 at acpi0: bus -1 (RP05) acpiprt7 at acpi0: bus -1 (RP06) acpiprt8 at acpi0: bus 0 (PCI0) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpitz0 at acpi0: critical temperature is 107 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: PBTN acpibtn2 at acpi0: SBTN acpiac0 at acpi0: AC unit
Re: static IP
First, check the syntax refering to hostname.if(5) openbsd manual guide Did you configure it during installation process or after installation process was done? What do you mean by giving you login and password? Which user did you use to configure IP address? Did you login as root or as another user and use sudo to configure it? From: igor denisov denisovigor1...@rambler.ru To: misc@openbsd.org Sent: Wednesday, August 31, 2011 6:04 PM Subject: static IP Cannot configure internet with static IP address hostname.fc0 inet IP mask and nothing works. They gave me login and password, may be this is the case? -- igor denisov.
Re: Building xxxterm and chromium
On Wed, Aug 31, 2011 at 06:23, Marco Peereboom sl...@peereboom.us wrote: That sounds more like crappy DNS or filtered Internet. I can't speak for chromium but webkit likes = 256 files = 16384 stack. Adsuck can go a long way making the surfing experience better too. BTW you can't update things willy nilly, you have to do pretty much all of it at once. My Internet is ATT U-verse, so you may be right about the crappy DNS. I will try changing it to OpenDNS or Google's DNS and see if that helps... I only updated nss and nspr because the build process for chrome didn't. Shouldn't the build process have checked for the newer version and built it? I haven't tried xxxterm. I really tried to build xxxterm because I couldn't get chrome to work, and was wanting to send an e-mail to the list. If it's better than firefox and chrome, and has fine controls of cookies/javascript natively or through plugins, I'll give it a serious try... I usually do an update on a regular basis (2-3 times a week). pkg_add -vvui -F update -F updatedepends and that does whatever updates I regularly use ( I try to shy away from building things like LibreOffice and java) But for things like qemu, and chrome, I usually use the ones in ports... I pull src, xenocara, and ports at the same time. Did a build to update to 30 August, then ran 'pkg_add -u', then went and built Chrome, since the 12.x didn't get updated from the build. That was the only reason I got the error. Should I have uninstalled the 12.x chrome, then ran 'make install', vice 'make update'?
Re: Building xxxterm and chromium
On Wed, 31 Aug 2011, Bryan wrote: On Wed, Aug 31, 2011 at 06:23, Marco Peereboom sl...@peereboom.us wrote: That sounds more like crappy DNS or filtered Internet. I can't speak for chromium but webkit likes = 256 files = 16384 stack. Adsuck can go a long way making the surfing experience better too. BTW you can't update things willy nilly, you have to do pretty much all of it at once. My Internet is ATT U-verse, so you may be right about the crappy DNS. I will try changing it to OpenDNS or Google's DNS and see if that helps... I only updated nss and nspr because the build process for chrome didn't. Shouldn't the build process have checked for the newer version and built it? Your issue comes from something else (pkg_create(1)). Current chrome builds fine with the older version of nss/nspr afaik. Next time, try: make PKG_CREATE_NO_CHECKS=Yes package Also use ports@ next time for these kind of questions. -- Antoine
Re: Building xxxterm and chromium
On Wed, Aug 31, 2011 at 08:32:23AM -0500, Bryan wrote: On Wed, Aug 31, 2011 at 06:23, Marco Peereboom sl...@peereboom.us wrote: That sounds more like crappy DNS or filtered Internet. I can't speak for chromium but webkit likes = 256 files = 16384 stack. Adsuck can go a long way making the surfing experience better too. BTW you can't update things willy nilly, you have to do pretty much all of it at once. My Internet is ATT U-verse, so you may be right about the crappy DNS. I will try changing it to OpenDNS or Google's DNS and see if that helps... I only updated nss and nspr because the build process for chrome didn't. Shouldn't the build process have checked for the newer version and built it? I haven't tried xxxterm. I really tried to build xxxterm because I couldn't get chrome to work, and was wanting to send an e-mail to the list. If it's better than firefox and chrome, and has fine controls of cookies/javascript natively or through plugins, I'll give it a serious try... No plugins but it offers fine grained JS and cookie control. Here is the man page: https://opensource.conformal.com/cgi-bin/man-cgi?xxxterm I usually do an update on a regular basis (2-3 times a week). pkg_add -vvui -F update -F updatedepends and that does whatever updates I regularly use ( I try to shy away from building things like LibreOffice and java) But for things like qemu, and chrome, I usually use the ones in ports... I pull src, xenocara, and ports at the same time. Did a build to update to 30 August, then ran 'pkg_add -u', then went and built Chrome, since the 12.x didn't get updated from the build. That was the only reason I got the error. Should I have uninstalled the 12.x chrome, then ran 'make install', vice 'make update'?
Re: What should I do with a remote AIX machine if I accidentally chmod 644-ed the /usr/bin/ksh?
On Wed, Aug 31, 2011 at 12:02 AM, Tomas Bodzar tomas.bod...@gmail.comwrote: On Mon, Aug 29, 2011 at 11:23 PM, lancebaynes87 lancebayne...@zoho.com wrote: Are there any solutions? B I can't SSH to it anymore, because it asks for password. B Does anybody knows a solution for this problem?? If you have a NIM server, you could see about pushing the ksh file from it. That should reinstall the ksh binary with the appropriate permissions.
Re: OT:Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?
On Tue, Aug 30, 2011 at 19:51, frantisek holop min...@obiit.org wrote: why would i _not_ use another free alternative with a spotless security record, that has small, isolated processes communicating with each other in chroot, outputting very nice logs, having human readable configuration with fantastic documentation and as an added bonus an amazing mailing list where the author himself helps you out in difficult situations? http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/ It seems that none of the other daemons were a good fit. Cue OpenSMTPd.
Re: OT:Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?
On Wed, Aug 31, 2011 at 10:11:52AM -0400, swilly wrote: On Tue, Aug 30, 2011 at 19:51, frantisek holop min...@obiit.org wrote: why would i _not_ use another free alternative with a spotless security record, that has small, isolated processes communicating with each other in chroot, outputting very nice logs, having human readable configuration with fantastic documentation and as an added bonus an amazing mailing list where the author himself helps you out in difficult situations? http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/ It seems that none of the other daemons were a good fit. Cue OpenSMTPd. I think he was mentionning Postfix. http://kerneltrap.org/mailarchive/openbsd-misc/2008/11/10/4051954 Gilles -- Gilles Chehade http://www.poolp.org/http://u.poolp.org/~gilles/
Re: bgpctl shiw rib out displaying incorrect information
Why are you using set nexthop self and then trying to change that with the filter allow quick to 172.29.1.52 set nexthop 172.29.1.200. If you don't want your nexthop to be yourself don't tell bgpd to do that. On Wed, Aug 31, 2011 at 4:08 AM, Tony Sarendal t...@polarcap.org wrote: On Wed, Aug 31, 2011 at 11:01 AM, Andre Keller a...@list.ak.cx wrote: Hi Am 31.08.2011 10:23, schrieb Tony Sarendal: Sender says next hop = 172.29.1.100, receiver says .51. show rib out in this case shows incorrect nexthop. Well thats kind of the point of having set nexthop self in the config... You are missing the point, completely. bgpctl show rib out displays incorrect information. Regards Tony
Re: OT:Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?
hmm, on Wed, Aug 31, 2011 at 04:23:18PM +0200, Gilles Chehade said that http://kerneltrap.org/mailarchive/openbsd-misc/2008/11/10/4051954 a mail you will probably never forgive me :] good luck with the project :] -f -- i know someone with the exact same name! really? who?
Re: OT:Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?
On Wed, Aug 31, 2011 at 04:32:14PM +0200, frantisek holop wrote: hmm, on Wed, Aug 31, 2011 at 04:23:18PM +0200, Gilles Chehade said that http://kerneltrap.org/mailarchive/openbsd-misc/2008/11/10/4051954 a mail you will probably never forgive me :] Not at all, I just recalled that rant because your name is uncommon enough :-) good luck with the project :] Thanks Gilles -- Gilles Chehade http://www.poolp.org/http://u.poolp.org/~gilles/
Re: bgpctl shiw rib out displaying incorrect information
On Wed, Aug 31, 2011 at 4:24 PM, Josh Hoppes josh.hop...@gmail.com wrote: Why are you using set nexthop self and then trying to change that with the filter allow quick to 172.29.1.52 set nexthop 172.29.1.200. If you don't want your nexthop to be yourself don't tell bgpd to do that. To show a bug in bgpctl/bgpd (or where ever it may be). Dont you want to be able to trust the information bgpctl gives you ? Regards Tony
Re: Quad-Gigabit 1U mini-itx board recommendations?
On Aug 30, 2011, at 3:08 AM, Henrique Antsnio Evaristo wrote: Humm, nice ... I was interested in knowing the power consumption of that setup. Do you have any possibility to provide that ? Thanks. Best regards, Henrique Henrique, I will be in a position to post on power consumption of my current setup in a couple of weeks, when we transition to a new power distribution unit. http://mitxpc.com/proddetail.asp?prod=ER1UX7SPEHD525FIO This is booted from CF with an additional two Gig-E ports from a SuperMicro PCIe card. I would expect power consumption to be similar for each side. --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Quad-Gigabit 1U mini-itx board recommendations?
On Aug 30, 2011, at 3:18 AM, Paul de Weerd wrote: Are you putting two boards in one case for redundancy / high availability ? So that, when one fails the other can ... be taken down too to fix the first one ? Paul, As far as I can tell. The two sides are fully independent of each other. As long as the cabling is long enough to slide out the case, each side can be worked on without affecting the other. --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Quad-Gigabit 1U mini-itx board recommendations?
On Aug 30, 2011, at 2:03 AM, Johan Linner wrote: We're running OpenBSD 4.9 on: http://www.mini-itx.com/store/?c=47#jnc92-330 with Jetway 3x Gigabit LAN Motherboard Modules: http://www.mini-itx.com/store/?c=34#modules Works great. Johan, Thanks for the info! --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Quad-Gigabit 1U mini-itx board recommendations?
On Aug 30, 2011, at 9:47 AM, Stuart Henderson wrote: On 2011-08-29, Paul Suh pl...@goodeast.com wrote: I'm looking for a mini-ITX motherboard with at least 4 x Gig-E ports. I would like to fit two of them into a 1U, dual mini-ITX case to have a CARP/SASYNC pair with connections to external, internal, and DMZ zones. http://www.casetronic.com/product_d.php?id=16 I strongly recommend against that type of chassis for two redundant firewalls, I think it's better to use two short depth boxes back-to-back (with ports on the front, like supermicro 503L-200), or some type of chassis where you can at least swap the PSUs without taking both machines down. If the hardware requirements were lower something like the Yawarra cases for PCEngines alix boards aren't bad (two in a single 1U case, but they can be removed independently) but that's not going to be good for 4x1Gb. Stuart, Thanks, I know that two short cases back-to-back would be better (in fact I have a very nice single short depth case in there right now), but other equipment on the other side makes that setup infeasible. Space is kinda tight and I don't want to have to start paying for a whole other rack. Because it's a data center with multiple machines behind the routers I really want something that can support ~500 Gbps so that we can use the full speed that we are paying for. --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Quad-Gigabit 1U mini-itx board recommendations?
2011/8/31 Paul Suh pl...@goodeast.com: a data center with multiple machines behind the routers I really want something that can support ~500 Gbps so that we can use the full speed that we 500 _G_bps? Please tell us when you've found something that can handle that. :-) Best Martin
Re: Quad-Gigabit 1U mini-itx board recommendations?
On Aug 30, 2011, at 2:34 AM, Martin Schrvder wrote: 2011/8/30 Paul Suh pl...@goodeast.com: I'm looking for a mini-ITX motherboard with at least 4 x Gig-E ports. I would Not a board, but full computers: http://www.lannerinc.com/Embedded_Computing/All-Purpose_Box_Computers/LEC-212 6 http://www.lannerinc.com/Embedded_Computing/All-Purpose_Box_Computers/LEC-202 6 http://www.lannerinc.com/x86_Network_Appliances/x86_Desktop_Appliances/FW-753 0 http://www.lannerinc.com/x86_Network_Appliances/x86_Desktop_Appliances/FW-753 5 Martin, These look very interesting, but I haven't been able to locate where to buy any of them on a small scale. Do you know of a good distributor for them? --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: What should I do with a remote AIX machine if I accidentally chmod /usr/bin/ksh?
Is the server far away from you? The only way to properly fixx this issue is to boot in single mode! --Original Message-- From: Marcos Ariel Laufer Sender: owner-m...@openbsd.org To: Abel Abraham Camarillo Ojeda Cc: Lars Hansson Cc: misc@openbsd.org Subject: Re: What should I do with a remote AIX machine if I accidentally chmod /usr/bin/ksh? Sent: Aug 31, 2011 05:15 Abel Abraham Camarillo Ojeda wrote: On Tue, Aug 30, 2011 at 6:41 PM, Marcos Ariel Laufer mar...@ipversion4.com wrote: .. and , maybe, just maybe, the help he gets could be the 'miracle' he needs to consider OpenBSD his OS of choice.. The miracle he needs to be _converted_, because he will think that here are a bunch of guys with nothing to do. We don't need to go there evangelizing. I didn't mean evangelizing, but you never know who might be a future donator, after all OpenBSD needs donations Sent from my BlackBerry. wireless device
Re: Building xxxterm and chromium
hmm, on Wed, Aug 31, 2011 at 08:32:23AM -0500, Bryan said that On Wed, Aug 31, 2011 at 06:23, Marco Peereboom sl...@peereboom.us wrote: That sounds more like crappy DNS or filtered Internet. I can't speak for chromium but webkit likes = 256 files = 16384 stack. Adsuck can go a long way making the surfing experience better too. BTW you can't update things willy nilly, you have to do pretty much all of it at once. My Internet is ATT U-verse, so you may be right about the crappy DNS. I will try changing it to OpenDNS or Google's DNS and see if that helps... give pdnsd a try. one realises how slow dns can be without a nice cache. -f -- history repeats itself because nobody listens.
Re: Building xxxterm and chromium
On Wed, Aug 31, 2011 at 06:32:20PM +0200, frantisek holop wrote: hmm, on Wed, Aug 31, 2011 at 08:32:23AM -0500, Bryan said that On Wed, Aug 31, 2011 at 06:23, Marco Peereboom sl...@peereboom.us wrote: That sounds more like crappy DNS or filtered Internet. I can't speak for chromium but webkit likes = 256 files = 16384 stack. Adsuck can go a long way making the surfing experience better too. BTW you can't update things willy nilly, you have to do pretty much all of it at once. My Internet is ATT U-verse, so you may be right about the crappy DNS. I will try changing it to OpenDNS or Google's DNS and see if that helps... give pdnsd a try. one realises how slow dns can be without a nice cache. adsuck! -f -- history repeats itself because nobody listens.
Re: Building xxxterm and chromium
hmm, on Wed, Aug 31, 2011 at 11:43:28AM -0500, Marco Peereboom said that My Internet is ATT U-verse, so you may be right about the crappy DNS. I will try changing it to OpenDNS or Google's DNS and see if that helps... give pdnsd a try. one realises how slow dns can be without a nice cache. adsuck! sure, one can use adsuck with pdnsd as well :] adsuck(1): All non-spoofed responses are cached for the duration of the provided DNS TTL (Time To Live). The cache will be purged when adsuck receives a HUP or USR1 signal. See the SIGNALS section for more details. does All non-spoofed responses include negatives (nxdomains)? also, is the cache written to disk (for surviving reboots)? -f -- sharp wits, like sharp knives, often cut their owner.
My thoughts on OpenBSD - is advocacy working ?
I was posting to advoc...@openbsd.org, but only SPAM seems to function on that list? http://youcanlinux.wordpress.com/my-thoughts-on-openbsd/ 31 Aug 2011 I was driving home Sunday and there was a Lamborghini Diablo VT driving nearby. I caught up to it and it made an unusual soundb. very distinctive, quite unlike anything Ibve ever heard beforeb it was smooth and yet it wasnbt anything youbd think to ever expect from a plain automobile. It was a raspy sound, a beckoning sound. I first pondered how much the fine motorcar might have cost, then I thought, it must cost a lot to keep that motor finely tuned. I thought about the quality and attention-to-detail that the Italian workers put into making this fine motorcar. I thought I had damaged my dual-core system about a month ago, at least. It wouldnbt start up and I tried pushing the power button and no luck. I decided to buy very inexpensive testing equipment. I didnbt like the idea of waiting for it to arrive, but it finally did. I had never done this before, and imagine my surprise when the power supply started up! I connected it all back together and was glad I hadnbt re-tasked the hard drive and thrown away my partimage backup files. So i was updating Fedora and it crashed, for the second time, after an update. I think of the uncompromising quality of that fine Italian motorcar and I think of a similar attention-to-detail of OpenBSD. Yeah, so what if i drive an old beat-up car, it works great for me and never has to be rebooted and it does what I expect, it gets me from one place to another. I want reliability and quality from an OS. Itbs not really all that valid to compare that Lamborghini motorcar with the OpenBSD operating system, except to say that in both cases I think the uncompromising commitment to quality and attention-to-detail shine through, Although one canbt convert a Ford car to a Lamborghini motorcar, you can transform your computer to a high-performance machine. You can download OpenBSD for free, and although you arenbt required to spend the $50 to buy a CD set, if you consider that it goes to defray operating and development costs, itbs a drop in the bucket compared to a tune-up for a Lamborghini, and isnbt it important to keep your computer running at peak efficiency ? Regards, Daniel Villarreal http://youcanlinux.org/
Re: Thanks a lot to all devs of OpenBSD
Why not ? Sure it's easier to control a group if it's small. You can also delegate authority to experienced people for different areas. This is currently done in openbsd. The BSD community is very small compared to Linux. As an example, in Mauritius, there are 2 BSD users (Mac OS X doesn't count :-)). I know around 40 local Linux users. Since it's so small, users can't expect developers to be able to shoulder all the responsibilities. Aside from donations/ buying CDs, we have to run -current and test patches that developers would like to push into the next release, even if we don't know programming. A well-tested diff has very few chances of causing regressions that could end up in a release. That's a _HUGE_ way to help developers. On Sun, Aug 28, 2011 at 02:52:19PM -0500, J Sisson wrote: On Sun, Aug 28, 2011 at 2:43 PM, Loganaden Velvindron logana...@devio.uswrote: If other BSDs worked this way, they would have been successful in attracting a larger userbase. They have the means to do it with their larger developer community. This begs the question of whether or not their developer community would be as large if they held higher standards...
Re: Thanks a lot to all devs of OpenBSD
On Sun, Aug 28, 2011 at 10:31:15PM +0200, ropers wrote: On Sun, Aug 28, 2011 at 2:43 PM, Loganaden Velvindron wrote: If other BSDs worked this way, they would have been successful in attracting a larger userbase. They have the means to do it with their larger developer community. On 28 August 2011 21:52, J Sisson wrote: This begs the question of whether or not their developer community would be as large if they held higher standards... Moreover, it also begets another question: If FreeBSD and NetBSD really adopted the values and practices of OpenBSD, then what would be their raison d'?tre, given that OpenBSD already exists? Having a rock-solid -current doesn't mean the src will be the same. The BSDs have some diverging technical goals, and this reflects in their commit activity. This would certainly help them to identify bugs early in their release cycle. (Incidentally, it occurs to me that the previously quoted War and Peace^W^W^W link http://lists.freebsd.org/pipermail/freebsd-arch/2011-August/011412.html (which I didn't read in its entirety) is basically an attempt to marshal people into making FreeBSD adopt the values and practices of Linux) There's no way this could happen right now. FreeBSD doesn't have the huge commercial backing of IBM/Oracle/HP/$GIANT_LINUX_VENDOR. The vast majority of BSD developers are doing this in their spare time. One differentiating factor is the quality. It's well known that BSDs are ``more technical correct.'' They can only consolidate their userbase by putting up quality releases that would make it hard for users to move to Linux.
OpenBGPD: high CPU with huge routing tables
Hi, I've looked for a mailing list for OpenBGPD but come up empty. If there's a better place to report this, please let me know. I'm using OpenBGPD as a fairly large route collector. In total, about 75 neighbors announcing ~21 million prefixes. This is openbgpd-4.9.20110612_1 running on FreeBSD (latest from ports collection). # bgpctl show ip bgp memory RDE memory statistics 456227 IPv4 unicast network entries using 17.4M of memory 912454 rib entries using 55.7M of memory 42436670 prefix entries using 2.5G of memory 3270891 BGP path attribute entries using 374M of memory 102926 BGP AS-PATH attribute entries using 4.6M of memory, and holding 3270891 references 10722 BGP attributes entries using 419K of memory and holding 9317049 references 10721 BGP attributes using 123K of memory RIB using 3.0G of memory I find that during start-up, the CPU of the route decision engine process is steady between 90-100%. During this time, bgpctl hangs. This lasts at least 45 minutes. I believe most of the CPU is spent in path_lookup(), traversing the linked list in pathtable.path_hashtbl[]. I think a suitable fix would be to increase the hash table sizes (rde.c:152): u_int32_t peerhashsize = 64; u_int32_t pathhashsize = 1024; u_int32_t attrhashsize = 512; u_int32_t nexthophashsize = 64; It seems like it would also make sense to have these variables exposed to the user somehow. Maybe optional config knobs like this: hashsize peer 64 hashsize path 1024 hashsize attr 512 hashsize nexthop 64 In addition, we could use the hash as an easy check for inequality. This would optimize the check for path_compare() where we only care about equality. There are a couple cases like this: -if (peer == asp-peer path_compare(aspath, asp) == 0) +if (peer == asp-peer path_equal(aspath, asp)) int path_equal(struct rde_aspath *a, struct rde_aspath *b) { if (a-hash != b-hash) return 0; else return path_compare(a, b) == 0; } This change should probably be coupled with a better hash calculation. Finally, I was surprised to see double the prefix entry count. I carry 21M routes (add up the last column of bgpctl show). Yet, the output above shows 42M prefix entries. I do not modify the prefixes at all; my rule set contains only deny to any; allow from any. Thoughts? Thanks for OpenBGPD! -- kevin brintnall Network Engineer, CenturyLink
Social Technologies, este 30 de Septiembre
[IMAGE] WSI, Pms de Mixico Adsmedia presentan: Congreso Nacional Internet Marketing Evolution Presentando las tematicas y tendencias mas innovadoras que le permitan desarrollar una estrategia de MKT Digital apropiada a su necesidad. Presentacisn Exclusiva: 30 de Septiembre Ciudad de Mixico Traemos los mejores eventos para usted, conozca los beneficios de capacitarse con los mejores! Empresa Registrada ante la STPS Reg. COLG640205CP30005 Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico !Solicite Mayores Informes! Por favor responda este e-mail con los datos siguientes. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: En breve recibira la informacisn completa de este inigualable evento. Comunmquese a los telifonos y con gusto uno de nuestros ejecutivos le atendera. Telifonos: (0133) 8851-2365, (0133) 8851-2741, (0133) 1568-4647. Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org /spancomo usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJAMKT Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJAMKT Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of imageevo002.jpg]
Areca alarm silencing with bioctl
I have Areca 1210 and 1220 RAID Controllers in a number of OpenBSD servers. The arc man page says arc supports alarm control and monitoring of volumes configured on the controllers via the bio(4) interface and the bioctl(8) utility. However, when I try to silence an alarm, I get the following: # bioctl -a s arc0 bioctl: BIOCALARM: Operation not permitted One thought I had was that the card's bios has a password that needs to be entered for certain functions. Is this required here? If so, how? Am I doing something else wrong? --TimH OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar 2 06:57:49 MST 2011 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2145255424 (2045MB) avail mem = 2074124288 (1978MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.51 @ 0x7feea000 (33 entries) bios0: vendor Phoenix Technologies LTD version 6.00 date 08/27/2007 bios0: Supermicro PDSML acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP MCFG APIC BOOT SPCR SSDT acpi0: wakeup devices DEV1(S5) EXP1(S5) EXP5(S5) EXP6(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) USB3(S4) USB4(S4) EUSB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xf000, bus 0-14 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz, 1995.25 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG cpu0: 1MB 64b/line 4-way L2 cache cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz, 1995.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG cpu1: 1MB 64b/line 4-way L2 cache ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (DEV1) acpiprt2 at acpi0: bus 9 (EXP1) acpiprt3 at acpi0: bus 13 (EXP5) acpiprt4 at acpi0: bus 14 (EXP6) acpiprt5 at acpi0: bus 15 (PCIB) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: PWRB ipmi at mainbus0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel E7230 Host rev 0xc0 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0xc0: apic 2 int 16 (irq 7) pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel IOP333 PCIE-PCIX rev 0x00 pci2 at ppb1 bus 2 arc0 at pci2 dev 14 function 0 Areca ARC-1220 rev 0x00: apic 2 int 18 (irq 5) arc0: 8 ports, 256MB SDRAM, firmware V1.49 2010-12-02 scsibus0 at arc0: 16 targets sd0 at scsibus0 targ 0 lun 0: Areca, ARC-1220-VOL#00, R001 SCSI3 0/direct fixed sd0: 1430511MB, 512 bytes/sec, 2929686528 sec total ppb2 at pci1 dev 0 function 2 Intel IOP333 PCIE-PCIX rev 0x00 pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: apic 2 int 17 (irq 11) pci4 at ppb3 bus 9 ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01: apic 2 int 17 (irq 11) pci5 at ppb4 bus 13 em0 at pci5 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: apic 2 int 16 (irq 7), address 00:30:48:9b:10:80 ppb5 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01: apic 2 int 16 (irq 7) pci6 at ppb5 bus 14 em1 at pci6 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: apic 2 int 17 (irq 11), address 00:30:48:9b:10:81 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int 23 (irq 10) uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int 19 (irq 11) uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 2 int 18 (irq 5) uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 2 int 16 (irq 7) ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: apic 2 int 23 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb6 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xe1 pci7 at ppb6 bus 15 vga1 at pci7 dev 0 function 0 XGI Technology Volari Z7 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: apic 2 int 19 (irq 11) iic0 at ichiic0 lm1 at iic0 addr 0x2d: W83627HF wbng0 at iic0 addr 0x2f: w83793g spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM ECC PC2-5300CL5 spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM ECC PC2-5300CL5 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI
baja de peso ya con achieva
Conozca el nuevo sitio de Achieva hablenos a nuestras oficinas en Monterrey o visite la zona de contacto y pregunte todas sus dudas Si no puedes ver las imagenes pulsa (mostrar imagenes)