Re: OpenBSD forked

[SJP Lists]

On 18 June 2012 15:46, Raymond Lillard  wrote:
> On 06/17/2012 12:31 PM, Peter J. Philipp wrote:
>>
>> Having followed OpenBSD for quite some time I noticed that good developers
>> come and go.  They come in, make something great happen, and disappear
>> again.
>> Also there have been forks and I also noticed that no fork gets a light
>> judgment.  Rightfully so.  And then I always appreciated the permanent
>>
>> element in OpenBSD that guides our attention to areas we as users and
>> sideliners don't always see immediately.  I'll keep buying CD's when
>> available
>> and I do donations here and there when I feel like it, and I don't regret
>> it.
>
>
> ditto.
>
> I almost always remain silent in political matters,
> (relating to OpenBSD that is).
>
> I will list some reasons why I am not going anywhere
> soon for a "free" OS.  I have been using, donating
> hardware and purchasing CDs since 3.0.
>
>
> Reason 1:  Legacy Architectures
> I have many "legacy " machines in service because they
> can be acquired for next to free (sometimes just free).
>
> These legacy machines are very good at exposing subtle
> bugs not found by compiling and running on Intel/AMD
> hardware.
>
> Since these legacy architectures are "strange" in the
> i386/AMD64 context, exploiters are unlikely to bother
> with them.  None of my Internet facing machines are on
> popular architectures.
>
> I have seen attackers come and leave as soon as they
> figure out what they are up against.  The combination
> of OpenBSD and uncommon architectures is a very tough
> nut to crack.
>
>
> Reason 2:  Security
> This is an unknown.  All FOSS claims to be free, fast
> and secure.  Even Microsoft claims to be secure. Maybe
> the new team will be as fanatical as Theo, likely not
> if their FAQ is to be believed.  Their reputation for
> security will be revealed with the passage of time.
>
>
> Reason 3:  Crypto
> I don't know where the new project is located, but
> they seem to have a server in Southfield, MI USA and
> another in Denmark. I hope none of the developers is
> subject to US export laws regarding cryptography and
> that the code is maintained on servers also not subject
> to those laws.
>
> Just look at the recent MegaUpLoad case.  That case
> is reportedly about a bunch of ripped off movies.
> I have googled a bit and have not found a physical
> location for the project or its code.
>
>
> Reason 4:  Stability
> The new project FAQ states they intend to be "less
> restrictive with the codebase when it comes to
> experimenting with features."  Maybe in the long run
> some of the new features may be introduced into OBSD,
> but in the near term I expect much instability given
> the broad range of deeply embedded things they intend
> to change.
>
>
> Reason 1 is a big problem for me and my crusty old war
> horses.  Reasons 2 & 3 may be unfounded, the secrecy
> here (there are no developer names listed on the project
> web site) is not very confidence building.   As to
> reason 4, I am only mildly interested in fast.  I want
> correct and stable execution above all else.  For this
> reason I expect to continue with OBSD for a long time.
>
> I do have considerable sympathy for clearing GNU out
> of the code base though.
>
> Now going back into lurker mode.
> Regards,
> Ray

The secretive nature is concerning.  But I hope that this situation
can somehow turn out to be beneficial to both projects in the long
term.

As long as my favourite and most relied upon OS continues to evolve, I
will be happy.  And I will certainly continue to buy from and donate
to the OpenBSD project where possible.


Shane

Re: Qemu and audio input?

[Tomas Bodzar]

On Sun, Jun 17, 2012 at 9:43 PM, Alexandre Ratchov  wrote:
> On Thu, Jun 14, 2012 at 12:54:49PM +0200, Tomas Bodzar wrote:
>> Hi all,
>>
>> have someone working audio input with Qemu on OpenBSD?
>
> IIRC, sdl is play-only. Adding a sndio backend could add
> record-only support (and possibly better play-only support as
> well). Qemu is not weired so writing one wouldn't be very
> complicated. But see below.
>
>> qemu-system-i386 -audio-help shows that there are two drivers
>> available (sdl and wav), but both states 'Does not support capture'.
>> In Windows 7 guest it shows mic device, but I used qemu-system-i386
>> -soundhw hda . so it's just presented or is that really
>> working?
>>
>> Can find things like this
>> https://www.redhat.com/archives/libvir-list/2011-January/msg00335.html
>> , but there is not hda-duplex in OpenBSD Qemu and searching in
>> archives doesn't return results yet either.
>>
>> Any tips?
>>
>
> Full-duplex is different. Qemu emulates a eap(4) device, ie pci
> audio device that does DMA block by block. The N-th block in the
> record stream is recorded while the N-th block of the play stream
> is played. That's what any software on the gest would expect.
> Obviously, this can't work because the host requires some buffering
> as well. So there's no way to get full-duplex audio in a emulator
> that uses a eap(4) style device as model for audio. Unless we let
> play and record streams out of sync, in which case full-duplex
> won't be very useful. If so it's easier to emulate two devices, one
> for playback and one for recording.
>
> The same applies to synchronization, e.g., audio-video
> synchronization in the case of a play-only device in the guest.
>
> What do you try to do?

If audio input/output will be working then it's possible to use
Microsoft Office Communicator and/or Lync for Live meetings. Just idea
for now as it can end quite complicated. But in same time it probably
means that support for audio input is missing in more ports/apps,
right?

>
> -- Alexandre

Re: OpenBSD forked

[Raymond Lillard]

On 06/17/2012 12:31 PM, Peter J. Philipp wrote:

Having followed OpenBSD for quite some time I noticed that good developers
come and go.  They come in, make something great happen, and disappear again.
Also there have been forks and I also noticed that no fork gets a light
judgment.  Rightfully so.  And then I always appreciated the permanent
element in OpenBSD that guides our attention to areas we as users and
sideliners don't always see immediately.  I'll keep buying CD's when available
and I do donations here and there when I feel like it, and I don't regret it.


ditto.

I almost always remain silent in political matters,
(relating to OpenBSD that is).

I will list some reasons why I am not going anywhere
soon for a "free" OS.  I have been using, donating
hardware and purchasing CDs since 3.0.


Reason 1:  Legacy Architectures
I have many "legacy " machines in service because they
can be acquired for next to free (sometimes just free).

These legacy machines are very good at exposing subtle
bugs not found by compiling and running on Intel/AMD
hardware.

Since these legacy architectures are "strange" in the
i386/AMD64 context, exploiters are unlikely to bother
with them.  None of my Internet facing machines are on
popular architectures.

I have seen attackers come and leave as soon as they
figure out what they are up against.  The combination
of OpenBSD and uncommon architectures is a very tough
nut to crack.


Reason 2:  Security
This is an unknown.  All FOSS claims to be free, fast
and secure.  Even Microsoft claims to be secure. Maybe
the new team will be as fanatical as Theo, likely not
if their FAQ is to be believed.  Their reputation for
security will be revealed with the passage of time.


Reason 3:  Crypto
I don't know where the new project is located, but
they seem to have a server in Southfield, MI USA and
another in Denmark. I hope none of the developers is
subject to US export laws regarding cryptography and
that the code is maintained on servers also not subject
to those laws.

Just look at the recent MegaUpLoad case.  That case
is reportedly about a bunch of ripped off movies.
I have googled a bit and have not found a physical
location for the project or its code.


Reason 4:  Stability
The new project FAQ states they intend to be "less
restrictive with the codebase when it comes to
experimenting with features."  Maybe in the long run
some of the new features may be introduced into OBSD,
but in the near term I expect much instability given
the broad range of deeply embedded things they intend
to change.


Reason 1 is a big problem for me and my crusty old war
horses.  Reasons 2 & 3 may be unfounded, the secrecy
here (there are no developer names listed on the project
web site) is not very confidence building.   As to
reason 4, I am only mildly interested in fast.  I want
correct and stable execution above all else.  For this
reason I expect to continue with OBSD for a long time.

I do have considerable sympathy for clearing GNU out
of the code base though.

Now going back into lurker mode.
Regards,
Ray

Re: errors compiling webkit on lemote

[Bryan Irvine]

On Jun 16, 2012, at 12:45 AM, Janne Johansson  wrote:

> 2012/6/15 Bryan Irvine :
>> On Fri, Jun 15, 2012 at 2:15 AM, Janne Johansson 
wrote:
>>> The ulimits will ultimately be capped by the platform MAXDSIZ, which
>>> for mipses probably is 1G:
>>>
>>> ./arch/mips64/include/vmparam.h:#define MAXDSIZ
>>> (1*1024*1024*1024)  /* max data size */
>>>
>>> ..so that's where "ulimit -d unlimited" will allow at most.
>>
>> Ah, that explains why messing with ulimit didn't seem to make any
difference.
>>
>> Would adjusting that help me in this case?
>
> Can't say. One thing for sure is that the limits are there to make
> sure small-mem systems (32-bits CPUs) dont have their kernel, stack,
> heap, libs and memorymapped I/O areas overlap for any program. Perhaps
> you can up it a bit perhaps not, best way would be to try.
>
> There is a neat dungeon of stuff to read and learn in order to figure
> out what the maximum size for any given platform would be and how it
> affects max stack size, brk() sizes and what not. You are likely to be
> eaten by a grue. =)

Many many grues! I kind of tried a few experiments. Most of them ended badly
the rest didn't affect anything at all. *sigh*

Re: 8-ports serial card compatible with OpenBSD

[Nick Holland]

On 06/17/12 18:24, Jiri B wrote:
> Hello,
> 
> could anybody recommend OpenBSD compatible 8-ports serial card? I'd like
> to build a small console server.
> 
> Thank you.
> 
> jirib

So cheap, it's worth a try:
http://www.newegg.com/Product/Product.aspx?Item=N82E16815124099
I bought a few of these cards a few years back.  They didn't work.  Then
somewhere around 4.8 or 4.9, support for the chip I had was added, but
the older card I had didn't work on anything under than a P4, and even
there, it caused a huge interrupt storm, slowed the machine down and
drastically increased power consumption.  On a P3 or slower system (inc.
macppc or sparc64), the system just hung as it spun up the serial ports.
 Then, somewhere before 5.1, iirc, something fixed that and now it works
nicely on anything I've put it in.

BUT:
This is not the card I ordered.  Same vendor, same price point, but the
card has clearly been revised.  So I can't tell you if THIS card works.
 I keep getting tempted to buy one, but I also look at the older card
still in the box on my shelf...and think...sheesh, when I buy this one,
it will be revised a week later, and nothing will be gained by anyone.

Nick.

Novedades

[novedades]

[IMAGE]

Fundamentos teóricos de la Educación Física

Este libro recoge justamente lo que su nombre indica, los fundamentos de
nuestra asignatura. Lo que toda persona que haya terminado la Educación
Secundaria Obligatoria deber?saber a lo largo de su vida adulta.

Es un solo libro para toda la ESO y el Bachillerato. Lo utilizas como
herramienta de lectura y escritura cuando te parezca bien en tu
programación.

Un libro de referencia sobre la actividad física y lo motriz.

Un excelente libro para cualquier persona interesada en lo deportivo.

Una magnífica obra para aquellos que quieren saber y entender los porqués
de la actividad física y la la íntima relación de la Educación Física con
los valores y el deporte.

Está escrito de manera pedagógica, clara y fácil de entender

ver muestra

Índice
Bloque 1: condición física
• La actividad física
• El calentamiento
• Los estiramientos
• Condición física y capacidades físicas básicas
• La fuerza
• La resistencia
• La velocidad
• La flexibilidad
Bloque 2: condición física
• Cualidades motrices: el movimiento coordinado
• El equilibrio
• La coordinación
Bloque 3: educación física y salud
• El cuerpo humano: bases anatómicas y fisiológicas
• Postura corporal
• Nutrición y entrenamiento
• Relajación
• Primeros auxilios
• Planificación para un programa de entrenamiento
Bloque 4
• La Educación Física en la historia
• Educación Física y deporte
• El movimiento Olímpico

[IMAGE]

[IMAGE] [IMAGE] [IMAGE]

Sesiones:

Minuto a minuto, día a día, la Programación y todas las Sesiones del año.
Una herramienta indispensable para el maestro / profesor que te
permitirdóa planificar todas tus clases a lo largo del curso escolar.

Una carpeta de anillas por Ciclo. Una hoja por Sesión, fácil de sacar de
la carpeta y llevártela contigo al gimnasio o al patio. Desde primero de
Primaria, hasta 1.º de Bachillerato. ver muestra

Sesiones

[IMAGE]

Para dase de baja hacer click aquí

Re: OpenBSD forked

[Rob Pierce]

11 1010101

- Original Message -
From: "Peter J. Philipp" 
To: "Theo de Raadt" 
Cc: open...@laufenberg.ch, t...@tedunangst.com, misc@openbsd.org
Sent: Sunday, June 17, 2012 3:31:36 PM
Subject: Re: OpenBSD forked

Re: can i tune the bind/resolver timeout time?

[Philip Guenther]

On Sun, Jun 17, 2012 at 8:35 AM, johnw  wrote:
...
> and can i config the resolver do not search the "local domain"?
> man resolv.conf say i can config the "domain" and "search" option in
> /etc/resolv.conf
> but can i tell the resolver, never try to search those domain?

I often run with
   search .

in my resolv.conf  to get that effect.


Philip Guenther

8-ports serial card compatible with OpenBSD

[Jiri B]

Hello,

could anybody recommend OpenBSD compatible 8-ports serial card? I'd like
to build a small console server.

Thank you.

jirib

Re: OpenBSD forked

[Benny Lofgren]

On 2012-06-17 21.31, Peter J. Philipp wrote:
> And then I always appreciated the permanent 
> element in OpenBSD that guides our attention to areas we as users and 
> sideliners don't always see immediately.  I'll keep buying CD's when available
> and I do donations here and there when I feel like it, and I don't regret it.

+1

/B

-- 
internetlabbet.se / work:   +46 8 551 124 80  / "Words must
Benny Lofgren/  mobile: +46 70 718 11 90 /   be weighed,
/   fax:+46 8 551 124 89/not counted."
   /email:  benny -at- internetlabbet.se

Re: Qemu and audio input?

[Alexandre Ratchov]

On Thu, Jun 14, 2012 at 12:54:49PM +0200, Tomas Bodzar wrote:
> Hi all,
> 
> have someone working audio input with Qemu on OpenBSD?

IIRC, sdl is play-only. Adding a sndio backend could add
record-only support (and possibly better play-only support as
well). Qemu is not weired so writing one wouldn't be very
complicated. But see below.

> qemu-system-i386 -audio-help shows that there are two drivers
> available (sdl and wav), but both states 'Does not support capture'.
> In Windows 7 guest it shows mic device, but I used qemu-system-i386
> -soundhw hda . so it's just presented or is that really
> working?
> 
> Can find things like this
> https://www.redhat.com/archives/libvir-list/2011-January/msg00335.html
> , but there is not hda-duplex in OpenBSD Qemu and searching in
> archives doesn't return results yet either.
> 
> Any tips?
> 

Full-duplex is different. Qemu emulates a eap(4) device, ie pci
audio device that does DMA block by block. The N-th block in the
record stream is recorded while the N-th block of the play stream
is played. That's what any software on the gest would expect.
Obviously, this can't work because the host requires some buffering
as well. So there's no way to get full-duplex audio in a emulator
that uses a eap(4) style device as model for audio. Unless we let
play and record streams out of sync, in which case full-duplex
won't be very useful. If so it's easier to emulate two devices, one
for playback and one for recording.

The same applies to synchronization, e.g., audio-video
synchronization in the case of a play-only device in the guest.

What do you try to do?

-- Alexandre

Re: OpenBSD forked

[Peter J. Philipp]

On Sun, Jun 17, 2012 at 12:24:38PM -0600, Theo de Raadt wrote:
> make of it what you will.
> 
> it's too stressfull. perhaps i should become an ex-OpenBSD
> developer too, those people seem to have much more glamourous
> lives...

Having followed OpenBSD for quite some time I noticed that good developers
come and go.  They come in, make something great happen, and disappear again.
Also there have been forks and I also noticed that no fork gets a light
judgement.  Rightfully so.  And then I always appreciated the permanent 
element in OpenBSD that guides our attention to areas we as users and 
sideliners don't always see immediately.  I'll keep buying CD's when available
and I do donations here and there when I feel like it, and I don't regret it.
If I were you I'd stay for as long as the salary is good and if there is more
money to go around employ some people in Calgary or something.  Made in Canada
is great!  I just can't see you working for google or microsoft :-P.


-peter

Re: Idea for apmd

[Jes]

El Fri, 1 Jun 2012 19:44:26 +0200
Juan Francisco Cantero Hurtado  escribió:

> On Thu, May 31, 2012 at 11:21:20PM +, Stuart Henderson wrote:
> > On 2012-05-31, Ted Unangst  wrote:
> > > On Thu, May 31, 2012 at 08:28, Tomas Bodzar wrote:
> > >> On Thu, May 31, 2012 at 3:45 AM, Juan Francisco Cantero Hurtado
> > >>  wrote:
> > >
> > >>> This is important because when I open a web page with a lot of
> > >>> javascript, the browser is very slow. Also when I compile
> > >>> something with "make -j1", apmd doesn't raise the speed of my
> > >>> CPU, I need use "make -j4" for raising the cpu speed to 2700Mhz.
> > >>
> > >> What shows top, vmstat, systat about %sys, %usr, %idle during
> > >> that time? Because you can have 800MHz of CPU, but %usr and/or
> > >> %sys can be eg. only 20% so there's no reason to switch to
> > >> higher frequency.
> > >
> > > apmd scaling works like crap with more than one cpu.  This was
> > > fixed, then unfixed, but you can get the code from cvs if you
> > > like.
> > >
> > >
> >
> > conflicts. if anyone wants it they could grab it from
> > junkpile.org/apmd.diff
>
> Thanks for the patch!
>
> I've been using the version 1.51 of apmd.c since yesterday. I can feel
> the difference with respect to the last version of apmd.
>
> Is it possible to add a new option to apmd for to select between the
> new and the old code?. I mean, eg: -C for use the "new" code with
> better SMP support and -O for "compatibility mode" with the old code
> for people with problematic machines.
>
> Cheers.
>

Thanks for this patch. My thinkpad had the same problem as the reported
one by Juan Francisco , but now it runs smoothly.

I'd like to ask for more features like configurable thresholds for
increase and reduce the cpu. Maybe with a couple of sysctls or with
options for apmd. Is it easy?

Thanks.

Jes

Re: OpenBSD forked

[Theo de Raadt]

>On Sun, Jun 17, 2012 at 16:14, Peter Laufenberg wrote:
>>>Funny thing is, I've never been upset about the 20+ OpenBSD and
>>>ex-OpenBSD developers who now work for google.
>> 
>> Do they still work on OpenBSD and contribute back?
>
>yes.  some more, some less.

first off, I do not understand the word "back" that Peter used.

they simply "contribute" by making changes in our tree.  they don't
"contribute back".  using "back" implies that what they work on at
google has anything to do with openbsd.  none of us know if that is
the case, and if it is, so what?

they are free to do anything they want.

google is their job.  other people have jobs too :-)

those openbsd developers who work there, and also do commits here, do
so out of passion, and fully cooperate with the other developers to
move a source tree forward.  that's good enough for us.  other people
work at other jobs, and the same happens.

secondly, what strikes me as very interesting is that almost all
developers who get new jobs -- at google or elsewhere -- tell their
co-developers that they are in the midst of a life-changing moment in
their lives, and that will get busy and not be of as much use in the
next while.

except that did not happen for the crew marco hired.

in that case, secrecy was paramount.

in that case, they got busy and did not tell the people they were
working with.  they effectively abandoned the projects that were
active in the tree headed to the next release, and left other
developers hanging out to dry -- by not telling them that 5+ of them
were suddenly not capable of helping.

as a group, they chose to be ex-OpenBSD developers, by their actions
of not participating with partners they had promised to develop
with.

even now, some active OpenBSD developers are judging me for my
reaction, and I can understand the uncertainly of their position.

make of it what you will.

it's too stressfull. perhaps i should become an ex-OpenBSD
developer too, those people seem to have much more glamourous
lives...

Re: pf-smp alpha on freebsd

[Ted Unangst]

On Sun, Jun 17, 2012 at 11:43, Holger Glaess wrote:

> i dident wont start about smp on openbsd but
> 
> what about this porject ?

Did you read the part below?  I think it's pretty clear this project
isn't going to have much relevance for OpenBSD.

> From the very beginning of the project it was clear, that code is going
> to diverge significantly from original OpenBSD code. OpenBSD has always
> developed pf without taking into account that code can ever get
> multithreaded, thus quite a lot needed to be changed. Thus, I've started
> with removing the "#ifdef __FreeBSD__" from the code, and later I didn't
> hesitate even a fraction of second if I wanted to toss some code. The pros
> is that now code is much more readable and understandible then in head,
> the cons is that diff between us and OpenBSD is huge, although amount
> of shared code is huge, too. So, later on only manual merging of features
> from OpenBSD is possible and bulk imports of entire pf into FreeBSD are
> no longer possible.

Re: OpenBSD forked

[Ted Unangst]

On Sun, Jun 17, 2012 at 16:14, Peter Laufenberg wrote:
>>Funny thing is, I've never been upset about the 20+ OpenBSD and
>>ex-OpenBSD developers who now work for google.
> 
> Do they still work on OpenBSD and contribute back?

yes.  some more, some less.

työskennellään yhdessä

[Kery Nieminen]

Hei,





Nimeni on Kery Nieminen ja haluaisin kertoa miten 
multigrainknackebrod.blogspot.com


voi sijoittua vielä paremmin Googlessa.





Olen hakukoneoptimoinnin asiantuntija ja työskentelen SEO Finland 
–yrityksessä.


Tehdessäni tutkimusta eräille kollegoilleni, löysin 
sähköpostiosoitteesi


ja päätin ottaa yhteyttä välittömästi.





Jos olet kiinnostunut, lähettäisin mielelläni lisätietoa ja 
yksityiskohtia


yhteistyön toteuttamisesta.





Kiittäen,





Kery


seofinland.net

Re: OpenBSD forked

[Jay Patel]

I meant . Theo is right. Truth hurts. :D

wrv

[qztuw]

base64 encoded Mime section invalid - length (0) was wrong.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
mibspsal.jpg]

can i tune the bind/resolver timeout time?

[johnw]

HI, i use openbsd/i386, and use /usr/sbin/bind act as dns server.
can i tune the gethostbyname timeout time?
(tunning system or bind)

and can i config the resolver do not search the "local domain"?
man resolv.conf say i can config the "domain" and "search" option in
/etc/resolv.conf
but can i tell the resolver, never try to search those domain?
when i use gethostbyname("nothis.domain"), it will search nothis.domain
then search nothis.domain.local.domain
can i tell the gethostbyname just only search nothis.domain?

thank you.

Re: filtering recipients for a secondary mx using smtpd

[Gilles Chehade]

On Fri, Jun 15, 2012 at 08:57:21PM +0200, Joel Carnat wrote:
> Hi,
> 
> Using OpenBSD 5.1, I have configured OpenSMTPD to act as a secondary MX.
> I have configured this, in smtpd.conf:
>   # secondary mx
>   map "v2mx" { source db "/etc/mail/v2mx.db" }
>   accept from all for virtual "v2mx" relay
> 
> And this, in /etc/mail/v2mx:
>   hotmail.com accept
> 
> The smtpd can now relay properly for that particular domain (which I don't
> really aim to use but this is just a test:). But I would like smtpd to filter
> the acceptable RCPT ; so that I don't get my mail queue filled with junk
> recipients.
> 
> Can I, and how, tell smtpd to only accept "joel.car...@hotmail.com" for such
> "secondary mx".
> 

sadly this is not yet doable, it's in the plans though

Gilles

-- 
Gilles Chehade

https://www.poolp.org | http://pool.ps  @poolpOrg

Re: OpenBSD forked

[Peter Laufenberg]

>Funny thing is, I've never been upset about the 20+ OpenBSD and
>ex-OpenBSD developers who now work for google.

Do they still work on OpenBSD and contribute back?

-- p

Re: SIL-3512 supported?

[Fabian]

Well, it was needed in my case, but it might not be needed in your case. As I
understand, this chipset is used in a couple of no-name cards.

There is a small DOS utility on the SiliconImage website, where you get the
latest BIOS images for the card, in the support section. The steps needed are
described there in detail. It is pretty straightforward.

I am using the latest non-RAID BIOS.

Fabian

On Sat, Jun 16, 2012 at 03:06:19PM +0200, LEVAI Daniel wrote:
> Can you tell me what steps are involved in doing that? Do you need a
> proprietary software for it, or is it doable from its configuration
> ui?

pf-smp alpha on freebsd

[Holger Glaess]

hi

i dident wont start about smp on openbsd but

what about this porject ?

[quote]
Hello, networkers!

  [net@ in Cc, but further discussion should go on pf@]

  As you already probably know, or some may be don't yet know, the pf(4)
subsystem in FreeBSD is currently working under a single mutex. This mutex
is acquired right at the beginning of any packet processing, and is dropped
at the end. While one thread is in pf(4) all other threads are blocked on
that mutex.

  Meanwhile modern computers are getting more and more cores, and modern
network cards getting more MSI interrupts, each serviced by a separate kernel
thread in FreeBSD. So the single pf lock, which I call "the pf Giant" :), is
getting a point of hard contention.

  Three and a half months ago I've started on a project "SMP-friendly pf",
which recently have entered alpha stage. As you see from the subject of this
mail, this is call for testing.


  Willing to test?

  The code lives in projects/pf/head branch in the SVN, and can be checked
out with:

  svn checkout http://svn.freebsd.org/base/projects/pf/head pflock

, where argument "pflock" is just directory name for checked out sources.
  Then you need to build world and kernel from that branch and install them.
The branch projects/pf/head gets head merged to it quite often, so if you
run head world with a revision equal (or at least close) to last merge, then
you don't need to install world, however rebuilding pfctl and snmp_pf from
that branch is necessary.
  If you are about to run this alpha pf on any important box, then you
definitely need to establish safety measures: have a second box running
stable/9 or head as carp(4) backup, ready to kick in, in case if new pf
panics. pfsync(4) connection should also be established between new and
backup boxes. pfsync(4) in the new code is wire compatible with stable/9
or head.
  I'm already running it on routers with 100k - 200k state entries, and
forwarding 20k - 40k pps. If you are brave, you should try, too :) Good
luck and report any problems to me!


  Interested in details?

  From the very beginning of the project it was clear, that code is going
to diverge significantly from original OpenBSD code. OpenBSD has always
developed pf without taking into account that code can ever get
multithreaded, thus quite a lot needed to be changed. Thus, I've started
with removing the "#ifdef __FreeBSD__" from the code, and later I didn't
hesitate even a fraction of second if I wanted to toss some code. The pros
is that now code is much more readable and understandible then in head,
the cons is that diff between us and OpenBSD is huge, although amount
of shared code is huge, too. So, later on only manual merging of features
from OpenBSD is possible and bulk imports of entire pf into FreeBSD are
no longer possible.

  The locking scheme is the following:
- There is an rwlock(9) that protects rules and all kind of data that isn't
  modified by forwarding threads. Forwarding threads reader lock it, ioctl()
  and other reconfiguring events write lock it.
- The states and key states storage had moved from RB-trees to hashes, with
  separate mutexes per hash slot. This should give us decent parallelism
  when forwarding packets.
- Source nodes storage moved to hash with per-slot locking.
- pfsync(4) got separate mutex.
- fragment reassembly got separate mutex.

  Apart from the above key changes, many other optimisations and fixes done.
The entire diff is 22k lines large. You can view the projects history here:

http://svnweb.freebsd.org/base/projects/pf/head/?view=log

(the beginning is on page 2 now, at r232042) I had tried to make informative
commit messages.

-- 
Totus tuus, Glebius.

[/quote]

holger

Re: Using bridge and carp interfaces with pf rules

[carlopmart]

On 06/16/2012 12:24 PM, carlopmart wrote:

Hi all,

I have setup a bridge between two interfaces in a pair of OpenBSD fws.
This bridge needs to use an IP address and a carp interface to act as a
gateway for two physical nets using same network range, but it doesn't
works.

My config:

/etc/hostname.em6
up

/etc/hostname.em7
inet 172.25.60.1 255.255.255.240

/etc/hostname.bridge0
add em6 add em7 -blocknonip em6 -blocknonip em7 -stp em6 -stp em7
fwddelay 4 up

and my pf rules are simple:

pass in quick on em6 all
pass out quick on em6 all

block in on em7 all
block out on em7 all

pass in quick on em7 proto tcp from any to any port 80 \
flags S/SA keep state

and pfctl -vvsr:

@2 pass in quick on em6 all flags S/SA keep state
@3 pass out quick on em6 all flags S/SA keep state
@4 block drop in log quick on ! lo0 inet6 from ::1 to any
@5 block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any
@6 block drop in log quick on ! em0 inet from 172.25.50.0/27 to any
@7 block drop in log quick inet from 172.25.50.3 to any prio 0
@8 block drop in log quick on em0 inet6 from fe80::250:56ff:fe2a:ac29 to
any prio 0
@9 block drop in log quick on ! em1 inet from 172.25.80.0/28 to any
@10 block drop in log quick inet from 172.25.80.1 to any prio 0
@11 block drop in log quick on em1 inet6 from fe80::250:56ff:fe38:9a33
to any prio 0
@12 block drop in log quick on ! em7 inet from 172.25.60.0/28 to any
@13 block drop in log quick inet from 172.25.60.1 to any prio 0
@14 block drop in log quick on em7 inet6 from fe80::250:56ff:fe16:8fb1
to any prio 0
@15 block drop quick inet6 all

I can see how packets flows vi em7 interface but not in em6, and in em6
are blocked by rule 13 (antispoof rule)...

What am I doing wrong??


Ok, problem soved... I need to enable stp in bridge interface.


--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: Hello

[STeve Andre']

On 06/17/12 03:53, Favour Andrew wrote:

Hello Dear! I wish you a good day; I looked through your profile at web
page and decided to write you a message to inform you that I am
interested in knowing more about you. I'm sure that you are very
intelligent and nice looking person. It would be great to learn more
about you! I'm sure we can find something in common and begin a long time
relationship. I’m looking only for serious relationship and business
partner, Please if you are also interested in developing a relationship
with me, don't border to write me mail back, that will be easier for me
to reply you quickly! With my pictures at least for you to see what I
look like. Though I am not photogenic, I expect to read your mail at my
private email address soon. Regards Favour.




so, you're into spikes...

Camaras Digitales, Memorias, Pendrives Toda lo necesario para compensar el regalo que te olvidaste!!

[Bonus Cupon]

Si no podes visualizar este mail, ingresa a:
http://news1.bonuscupon.com.ar/r.html?uid=1.1c.29hh.ng.ae9g1c8g1m

Paga $799 por Samsung VG 110 c/ 12.7mp SOLO POR HOY!!!

[Bonus Cupon]

Si no podes visualizar este mail, ingresa a:
http://news1.bonuscupon.com.ar/r.html?uid=1.1a.29hh.mj.6opcwqj8b2

Re: fvwm will not start since 12 June snapshot

[Matthieu Herrb]

On Sat, Jun 16, 2012 at 11:20:33PM -0500, eagir...@cox.net wrote:
> Since the 12 June snapshot I have been unable to run fvwm, either
> from xdm or using startx.  Dmesg and Xorg.log below.

It should be fixed in the next snapshot.
> --
> Ed Ahlsen-Girard
> Ft. Walton Beach FL
> 
> OpenBSD 5.1-current (GENERIC) #231: Tue Jun 12 18:31:26 MDT 2012
> t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz ("GenuineIntel" 686-class) 2.66 GHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
> real mem  = 1072713728 (1023MB)
> avail mem = 1044353024 (995MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 09/23/03, BIOS32 rev. 0 @ 0xffe90, 
> SMBIOS rev. 2.3 @ 0xf0450 (56 entries)
> bios0: vendor Dell Computer Corporation version "A08" date 09/23/2003
> bios0: Dell Computer Corporation Dimension 4550
> acpi0 at bios0: rev 0
> acpi0: sleep states S0 S1 S3 S4 S5
> acpi0: tables DSDT FACP SSDT APIC BOOT ASF!
> acpi0: wakeup devices VBTN(S4) PCI0(S3) USB0(S3) USB1(S3) USB2(S3) PCI1(S5) 
> KBD_(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: apic clock running at 132MHz
> ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
> ioapic0: misconfigured as apic 0, remapped to apid 8
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 2 (PCI1)
> acpicpu0 at acpi0
> acpibtn0 at acpi0: VBTN
> bios0: ROM list: 0xc/0xf800 0xcf800/0x800 0xe/0x1800 0xe1800/0x2800
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82845G Host" rev 0x01
> intelagp0 at pchb0
> agp0 at intelagp0: aperture at 0xe800, size 0x800
> ppb0 at pci0 dev 1 function 0 "Intel 82845G AGP" rev 0x01
> pci1 at ppb0 bus 1
> vga1 at pci1 dev 0 function 0 "NVIDIA GeForce4 MX 420" rev 0xa3
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: apic 8 int 16
> uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: apic 8 int 19
> uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: apic 8 int 18
> ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: apic 8 int 23
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ppb1 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x81
> pci2 at ppb1 bus 2
> cmpci0 at pci2 dev 0 function 0 "C-Media Electronics CMI8738/C3DX Audio" rev 
> 0x10: apic 8 int 21
> audio0 at cmpci0
> opl at cmpci0 not configured
> mpu at cmpci0 not configured
> vendor "Broadcom", unknown product 0x4212 (class communications subclass 
> modem, rev 0x02) at pci2 dev 1 function 0 not configured
> fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VE" rev 0x81, i82562: apic 8 int 
> 20, address 00:07:e9:c3:c0:ba
> inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
> ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x01
> pciide0 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x01: DMA, channel 
> 0 configured to compatibility, channel 1 configured to compatibility
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA, 57220MB, 117187500 sectors
> wd1 at pciide0 channel 0 drive 1: 
> wd1: 16-sector PIO, LBA, 76319MB, 156301488 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
> wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0: <_NEC, DVD+RW ND-1100A, 10GE> ATAPI 5/cdrom 
> removable
> wd2 at pciide0 channel 1 drive 1: 
> wd2: 16-sector PIO, LBA, 76319MB, 156301488 sectors
> cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
> wd2(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 5
> ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x01: apic 8 int 
> 17
> iic0 at ichiic0
> spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2700CL2.5
> spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC2700CL2.5
> usb1 at uhci0: USB revision 1.0
> uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb2 at uhci1: USB revision 1.0
> uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb3 at uhci2: USB revision 1.0
> uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> isa0 at ichpcib0
> isadma0 at isa0
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pms0 at pckbc0 (aux slot)
> pckbc0: using irq 12 for aux slot
> wsmouse0 at pms0 mux 0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> lpt0 at isa0 port 0x378/4 irq 7
> npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
>