Re: Dell servers
We run a bunch of R320s with intel ix(4) 10GE cards. Work fine. The onboard raid is mfi or something IIRC, but it works also. 2013/10/11 Friedrich Locke friedrich.lo...@gmail.com Is anyone running OBSD 5.3 on Dell R*** series servers ? What about 10G etherner devices ? And Storage ? Is there any concern when buying these machines ? Thanks in advance. -- May the most significant bit of your life be positive.
Re: Dell servers
I have no problem on multiple couples of R320, except the BCM5720 which cause my OpenBSD to freeze. Waiting for 5.4 improvements :) -- Best regards, Loïc BLOT, UNIX systems, security and network engineer http://www.unix-experience.fr Le jeudi 10 octobre 2013 à 20:54 -0700, Chris Cappuccio a écrit : If they have PCI-Express slots, 10G ethernet isn't a problem. If they have supported SATA or SCSI controllers, storage isn't an issue. Dell's RAID controllers tend to be well supported under OpenBSD Friedrich Locke [friedrich.lo...@gmail.com] wrote: Is anyone running OBSD 5.3 on Dell R*** series servers ? What about 10G etherner devices ? And Storage ? Is there any concern when buying these machines ? Thanks in advance. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Intel i7-4770 + z87 chipset - drm error, re0 is missing lladdr, unknown + not configured
On 10/11/13 01:28, Jonathan Gray wrote: On Thu, Oct 10, 2013 at 05:48:43PM -0400, RD Thrush wrote: I noticed some anomalies in the dmesg on this new system. 1. error: [drm:pid0:i915_write32] *ERROR* Unknown unclaimed register before writing to 10 That should be harmless, and will go away when we update to newer upstream i915 code that clears the error on driver init. 2. dhclient doesn't work with the onboard nic (possibly since the lladdr is 0:0:0:0:0:0. 3. (1) 'unknown' product(ppb0) 4. (3) 'not configured' items (Intel 8 Series (xHCI|MEI|SMBus) Index: ichiic.c === RCS file: /cvs/src/sys/dev/pci/ichiic.c,v retrieving revision 1.30 diff -u -p -r1.30 ichiic.c --- ichiic.c 2 Mar 2013 06:56:16 - 1.30 +++ ichiic.c 11 Oct 2013 05:12:13 - @@ -90,6 +90,7 @@ const struct pci_matchid ichiic_ids[] = { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_6300ESB_SMB }, { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_6321ESB_SMB }, { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_7SERIES_SMB }, + { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_8SERIES_SMB }, { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801AA_SMB }, { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801AB_SMB }, { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801BA_SMB }, Thanks, this patch removed the SMBus unknown from the dmesg. See my next post for full dmesg.
Re: Intel i7-4770 + z87 chipset - drm error, re0 is missing lladdr, unknown + not configured
On 10/11/13 01:05, Jonathan Gray wrote: On Thu, Oct 10, 2013 at 05:48:43PM -0400, RD Thrush wrote: I noticed some anomalies in the dmesg on this new system. 1. error: [drm:pid0:i915_write32] *ERROR* Unknown unclaimed register before writing to 10 2. dhclient doesn't work with the onboard nic (possibly since the lladdr is 0:0:0:0:0:0. There is no support for Realtek 8168G/8111G devices, here is a diff which apparently lacks some critical part required to make it work as it didn't work for the last person who tried it. Index: re.c === RCS file: /cvs/src/sys/dev/ic/re.c,v retrieving revision 1.144 diff -u -p -r1.144 re.c --- re.c 5 Oct 2013 22:59:57 - 1.144 +++ re.c 9 Oct 2013 01:21:41 - @@ -223,6 +223,8 @@ static const struct re_revision { { RL_HWREV_8101,RTL8101 }, { RL_HWREV_8101E, RTL8101E }, { RL_HWREV_8102E, RTL8102E }, + { RL_HWREV_8106E, RTL8106E }, + { RL_HWREV_8106E_SPIN1, RTL8106E }, { RL_HWREV_8401E, RTL8401E }, { RL_HWREV_8402,RTL8402 }, { RL_HWREV_8411,RTL8411 }, @@ -238,6 +240,10 @@ static const struct re_revision { { RL_HWREV_8168C_SPIN2, RTL8168C/8111C }, { RL_HWREV_8168CP, RTL8168CP/8111CP }, { RL_HWREV_8168F, RTL8168F/8111F }, + { RL_HWREV_8168G, RTL8168G/8111G }, + { RL_HWREV_8168G_SPIN1, RTL8168G/8111G }, + { RL_HWREV_8168G_SPIN2, RTL8168G/8111G }, + { RL_HWREV_8168G_SPIN4, RTL8168G/8111G }, { RL_HWREV_8105E, RTL8105E }, { RL_HWREV_8105E_SPIN1, RTL8105E }, { RL_HWREV_8168D, RTL8168D/8111D }, @@ -846,6 +852,8 @@ re_attach(struct rl_softc *sc, const cha case RL_HWREV_8402: case RL_HWREV_8105E: case RL_HWREV_8105E_SPIN1: + case RL_HWREV_8106E: + case RL_HWREV_8106E_SPIN1: sc-rl_flags |= RL_FLAG_INVMAR | RL_FLAG_PHYWAKE | RL_FLAG_PHYWAKE_PM | RL_FLAG_PAR | RL_FLAG_DESCV2 | RL_FLAG_MACSTAT | RL_FLAG_CMDSTOP | RL_FLAG_AUTOPAD | @@ -892,6 +900,15 @@ re_attach(struct rl_softc *sc, const cha RL_FLAG_PAR | RL_FLAG_DESCV2 | RL_FLAG_MACSTAT | RL_FLAG_CMDSTOP | RL_FLAG_AUTOPAD | RL_FLAG_NOJUMBO; break; + case RL_HWREV_8168G: + case RL_HWREV_8168G_SPIN1: + case RL_HWREV_8168G_SPIN2: + case RL_HWREV_8168G_SPIN4: + sc-rl_flags |= RL_FLAG_INVMAR | RL_FLAG_PHYWAKE | + RL_FLAG_PAR | RL_FLAG_DESCV2 | RL_FLAG_MACSTAT | + RL_FLAG_CMDSTOP | RL_FLAG_AUTOPAD | RL_FLAG_NOJUMBO | + RL_FLAG_EARLYOFF; + break; case RL_HWREV_8169_8110SB: case RL_HWREV_8169_8110SBL: case RL_HWREV_8169_8110SCd: @@ -1974,6 +1991,7 @@ re_init(struct ifnet *ifp) { struct rl_softc *sc = ifp-if_softc; u_int16_t cfg; + uint32_trxcfg; int s; union { u_int32_t align_dummy; @@ -2058,7 +2076,10 @@ re_init(struct ifnet *ifp) CSR_WRITE_1(sc, RL_EARLY_TX_THRESH, 16); - CSR_WRITE_4(sc, RL_RXCFG, RL_RXCFG_CONFIG); + rxcfg = RL_RXCFG_CONFIG; + if (sc-rl_flags RL_FLAG_EARLYOFF) + rxcfg |= RL_RXCFG_EARLYOFF; + CSR_WRITE_4(sc, RL_RXCFG, rxcfg); /* Program promiscuous mode and multicast filters. */ re_iff(sc); Index: rtl81x9reg.h === RCS file: /cvs/src/sys/dev/ic/rtl81x9reg.h,v retrieving revision 1.76 diff -u -p -r1.76 rtl81x9reg.h --- rtl81x9reg.h 17 Mar 2013 20:47:23 - 1.76 +++ rtl81x9reg.h 3 Aug 2013 13:54:57 - @@ -186,8 +186,14 @@ #define RL_HWREV_8105E 0x4080 #define RL_HWREV_8105E_SPIN1 0x40C0 #define RL_HWREV_84020x4400 +#define RL_HWREV_8106E 0x4480 +#define RL_HWREV_8106E_SPIN1 0x4490 #define RL_HWREV_8168F 0x4800 #define RL_HWREV_84110x4880 +#define RL_HWREV_8168G 0x4c00 +#define RL_HWREV_8168G_SPIN1 0x4c10 +#define RL_HWREV_8168G_SPIN2 0x5090 +#define RL_HWREV_8168G_SPIN4 0x5c80 #define RL_HWREV_81390x6000 #define RL_HWREV_8139A 0x7000 #define RL_HWREV_8139AG 0x7080 @@ -277,6 +283,7 @@ #define RL_RXCFG_RX_RUNT 0x0010 #define RL_RXCFG_RX_ERRPKT 0x0020 #define RL_RXCFG_WRAP0x0080 +#define RL_RXCFG_EARLYOFF0x0100 #define RL_RXCFG_MAXDMA 0x0700 #define RL_RXCFG_BURSZ 0x1800 #define RL_RXCFG_FIFOTHRESH 0xE000 @@ -847,6 +854,7 @@ struct rl_softc { #define RL_FLAG_AUTOPAD 0x4000 #define RL_FLAG_LINK0x8000
Re: Intel hd4000 - no Xvideo support
Jonathan Gray [j...@jsg.id.au] wrote: There is only very basic shadowfb support for ivy bridge graphics in 5.3. To use opengl/xv and co you need to be using 5.4 or -current. SNA will not yet work, do not use it. I'm starting to think my problem with shm not working has to do with my installation and not a particular laptop. But I am really confused about exactly what in my installation is causing the problem. Sorry for the noise.
Re: Intel i7-4770 + z87 chipset - drm error, re0 is missing lladdr, unknown + not configured
On Fri, Oct 11, 2013 at 02:39:30AM -0400, RD Thrush wrote: On 10/11/13 01:05, Jonathan Gray wrote: On Thu, Oct 10, 2013 at 05:48:43PM -0400, RD Thrush wrote: I noticed some anomalies in the dmesg on this new system. 1. error: [drm:pid0:i915_write32] *ERROR* Unknown unclaimed register before writing to 10 2. dhclient doesn't work with the onboard nic (possibly since the lladdr is 0:0:0:0:0:0. There is no support for Realtek 8168G/8111G devices, here is a diff which apparently lacks some critical part required to make it work as it didn't work for the last person who tried it. Index: re.c === RCS file: /cvs/src/sys/dev/ic/re.c,v retrieving revision 1.144 diff -u -p -r1.144 re.c --- re.c5 Oct 2013 22:59:57 - 1.144 +++ re.c9 Oct 2013 01:21:41 - @@ -223,6 +223,8 @@ static const struct re_revision { { RL_HWREV_8101,RTL8101 }, { RL_HWREV_8101E, RTL8101E }, { RL_HWREV_8102E, RTL8102E }, + { RL_HWREV_8106E, RTL8106E }, + { RL_HWREV_8106E_SPIN1, RTL8106E }, { RL_HWREV_8401E, RTL8401E }, { RL_HWREV_8402,RTL8402 }, { RL_HWREV_8411,RTL8411 }, @@ -238,6 +240,10 @@ static const struct re_revision { { RL_HWREV_8168C_SPIN2, RTL8168C/8111C }, { RL_HWREV_8168CP, RTL8168CP/8111CP }, { RL_HWREV_8168F, RTL8168F/8111F }, + { RL_HWREV_8168G, RTL8168G/8111G }, + { RL_HWREV_8168G_SPIN1, RTL8168G/8111G }, + { RL_HWREV_8168G_SPIN2, RTL8168G/8111G }, + { RL_HWREV_8168G_SPIN4, RTL8168G/8111G }, { RL_HWREV_8105E, RTL8105E }, { RL_HWREV_8105E_SPIN1, RTL8105E }, { RL_HWREV_8168D, RTL8168D/8111D }, @@ -846,6 +852,8 @@ re_attach(struct rl_softc *sc, const cha case RL_HWREV_8402: case RL_HWREV_8105E: case RL_HWREV_8105E_SPIN1: + case RL_HWREV_8106E: + case RL_HWREV_8106E_SPIN1: sc-rl_flags |= RL_FLAG_INVMAR | RL_FLAG_PHYWAKE | RL_FLAG_PHYWAKE_PM | RL_FLAG_PAR | RL_FLAG_DESCV2 | RL_FLAG_MACSTAT | RL_FLAG_CMDSTOP | RL_FLAG_AUTOPAD | @@ -892,6 +900,15 @@ re_attach(struct rl_softc *sc, const cha RL_FLAG_PAR | RL_FLAG_DESCV2 | RL_FLAG_MACSTAT | RL_FLAG_CMDSTOP | RL_FLAG_AUTOPAD | RL_FLAG_NOJUMBO; break; + case RL_HWREV_8168G: + case RL_HWREV_8168G_SPIN1: + case RL_HWREV_8168G_SPIN2: + case RL_HWREV_8168G_SPIN4: + sc-rl_flags |= RL_FLAG_INVMAR | RL_FLAG_PHYWAKE | + RL_FLAG_PAR | RL_FLAG_DESCV2 | RL_FLAG_MACSTAT | + RL_FLAG_CMDSTOP | RL_FLAG_AUTOPAD | RL_FLAG_NOJUMBO | + RL_FLAG_EARLYOFF; + break; case RL_HWREV_8169_8110SB: case RL_HWREV_8169_8110SBL: case RL_HWREV_8169_8110SCd: @@ -1974,6 +1991,7 @@ re_init(struct ifnet *ifp) { struct rl_softc *sc = ifp-if_softc; u_int16_t cfg; + uint32_trxcfg; int s; union { u_int32_t align_dummy; @@ -2058,7 +2076,10 @@ re_init(struct ifnet *ifp) CSR_WRITE_1(sc, RL_EARLY_TX_THRESH, 16); - CSR_WRITE_4(sc, RL_RXCFG, RL_RXCFG_CONFIG); + rxcfg = RL_RXCFG_CONFIG; + if (sc-rl_flags RL_FLAG_EARLYOFF) + rxcfg |= RL_RXCFG_EARLYOFF; + CSR_WRITE_4(sc, RL_RXCFG, rxcfg); /* Program promiscuous mode and multicast filters. */ re_iff(sc); Index: rtl81x9reg.h === RCS file: /cvs/src/sys/dev/ic/rtl81x9reg.h,v retrieving revision 1.76 diff -u -p -r1.76 rtl81x9reg.h --- rtl81x9reg.h17 Mar 2013 20:47:23 - 1.76 +++ rtl81x9reg.h3 Aug 2013 13:54:57 - @@ -186,8 +186,14 @@ #define RL_HWREV_8105E 0x4080 #define RL_HWREV_8105E_SPIN1 0x40C0 #define RL_HWREV_8402 0x4400 +#define RL_HWREV_8106E 0x4480 +#define RL_HWREV_8106E_SPIN1 0x4490 #define RL_HWREV_8168F 0x4800 #define RL_HWREV_8411 0x4880 +#define RL_HWREV_8168G 0x4c00 +#define RL_HWREV_8168G_SPIN1 0x4c10 +#define RL_HWREV_8168G_SPIN2 0x5090 +#define RL_HWREV_8168G_SPIN4 0x5c80 #define RL_HWREV_8139 0x6000 #define RL_HWREV_8139A 0x7000 #define RL_HWREV_8139AG0x7080 @@ -277,6 +283,7 @@ #define RL_RXCFG_RX_RUNT 0x0010 #define RL_RXCFG_RX_ERRPKT 0x0020 #define RL_RXCFG_WRAP 0x0080 +#define RL_RXCFG_EARLYOFF 0x0100 #define RL_RXCFG_MAXDMA0x0700 #define RL_RXCFG_BURSZ 0x1800 #defineRL_RXCFG_FIFOTHRESH 0xE000 @@ -847,6 +854,7 @@ struct rl_softc { #defineRL_FLAG_AUTOPAD
Re: why icmp timestamping is enabled by default ?
On Fri, Oct 11, 2013 at 08:44:36AM +0600, ??? wrote: 2013/10/10 Philip Guenther guent...@gmail.com: On Thu, Oct 10, 2013 at 4:30 AM, ??? chipits...@gmail.com wrote: I use ntp already. So everyone can predict what your machine would have sent in response to an ICMP timestamp query, meaning that turning it off doesn't hide anything. I am about to switch icmp timestamps off (security people are afraid of that setting), Cargo cult security. it is known behavior of security people. just curious what was the purpose of it. Oddly enough, the RFC that defines it (RFC792) has a reference about that. by purpose I mean common use scenarios, like we enable ssh by default, because it is used in routine administration and automation tasks, not because of RFC we enable icmp destination unreachable, because it is used commonly in PMTU mechanisms, not because it is mentioned in some RFC or you enable everything found in RFC ? you must be odd if so. I am not that odd. The better question is why block it? What is the attack vector? You start with ICMP timestamps, next you block ICMP echo then all of ICMP and by that break the internet. I waste way to much time with situations where I can't debug network issues because people block important internet control messages. So if there is not a well known threat (e.g. source routing or the fameous IPv6 rtr-0 header) it should not be disbale just for a bit of a warm fuzzy feeling. -- :wq Claudio
Routedomains are not working with ipv6
Hello Openbsd mailing list I like very much the implementation of VRF in openbsd. It works great with ipv4. It seems buggy with ipv6. cat /etc/hostname.vlan425 rdomain 30 172.18.25.1/24 vlan 425 vlandev xl0 inet6 2001::2/64 IPV6 address is configured but routing is broken. [ since it seems we dont use the right routing domain] vlan425: trying to send packet on wrong domain. if 30 vs. mbuf 0, AF 24 If I try to configure the routing domain, then I get an inet6: bad value after few minutes [ the prompt hangs for a while] [root@carolo olpeleri]# ifconfig rdomain 30 inet6 2001::2/64 vlan 425 vlandev xl0 ifconfig: inet6: bad value [root@carolo olpeleri]# Bug?
Re: Dell servers
I have couple of R620 in production with ix(4) as 10G NICs. You might want to disable cores you don't need and HTT (I'v done it half way). No problems so far. Below is an old dmesg with HTT disabled (else it shows up 16 cores). OpenBSD 5.3 (GENERIC.MP) #55: Fri Mar 1 09:13:04 MST 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8508014592 (8113MB) avail mem = 8259039232 (7876MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries) bios0: vendor Dell Inc. version 1.3.6 date 09/11/2012 bios0: Dell Inc. PowerEdge R620 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC SPCR HPET DM__ MCFG WD__ SLIC ERST HEST BERT EINJ TCPA PC__ SRAT SSDT acpi0: wakeup devices PCI0(S5) PCI1(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.50 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu1 at mainbus0: apid 32 (application processor) cpu1: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 1200.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu1: 256KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu2: 256KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 34 (application processor) cpu3: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 1200.00 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu3: 256KB 64b/line 8-way L2 cache cpu4 at mainbus0: apid 4 (application processor) cpu4: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu4: 256KB 64b/line 8-way L2 cache cpu5 at mainbus0: apid 36 (application processor) cpu5: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 1200.00 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu5: 256KB 64b/line 8-way L2 cache cpu6 at mainbus0: apid 6 (application processor) cpu6: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 3400.00 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu6: 256KB 64b/line 8-way L2 cache cpu7 at mainbus0: apid 38 (application processor) cpu7: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz, 2490.94 MHz cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC cpu7: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 1 pa 0xfec3f000, version 20, 24 pins ioapic1: misconfigured as apic 15, remapped to apid 1 ioapic2 at mainbus0: apid 2 pa 0xfec7f000, version 20, 24 pins ioapic2: misconfigured as apic 15, remapped to apid 2 acpihpet0 at acpi0: 14318179 Hz acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PEX1) acpiprt2 at acpi0: bus -1 (PE1C) acpiprt3 at acpi0: bus 3 (PEX2) acpiprt4 at acpi0: bus 2 (PEX3) acpiprt5 at acpi0: bus 4 (PEX4) acpiprt6 at acpi0: bus -1 (PEX5) acpiprt7 at acpi0: bus 9 (PEX6) acpiprt8 at acpi0: bus 8 (PEX7) acpiprt9 at acpi0: bus 64 (PCI1)
Re: Routedomains are not working with ipv6
It doesn't work at all. I am working on it, have some things working (but not enough to commit and enable everything). On 2013 Oct 11 (Fri) at 09:54:51 +0200 (+0200), Olivier PELERIN wrote: :Hello Openbsd mailing list : :I like very much the implementation of VRF in openbsd. It works great with :ipv4. It seems buggy with ipv6. : :cat /etc/hostname.vlan425 :rdomain 30 172.18.25.1/24 vlan 425 vlandev xl0 :inet6 2001::2/64 : :IPV6 address is configured but routing is broken. [ since it seems we dont :use the right routing domain] : :vlan425: trying to send packet on wrong domain. if 30 vs. mbuf 0, AF 24 : :If I try to configure the routing domain, then I get an inet6: bad value after :few minutes [ the prompt hangs for a while] : :[root@carolo olpeleri]# ifconfig rdomain 30 inet6 2001::2/64 vlan 425 vlandev :xl0 :ifconfig: inet6: bad value :[root@carolo olpeleri]# : :Bug? : -- Physicists do it with charm.
Re: No console output on 5.4-Current
On 2013-10-10, Bryan Chapman br...@honeypoocakes.net wrote: The only thing I see in /var/log/messages was on the end of the dmesg I posted: Oct 10 03:28:21 mystic /bsd: drm: initializing kernel modesetting (PITCAIRN 0x1002:0x6819 0x174B:0xE221). Oct 10 03:28:21 mystic /bsd: radeondrm0: VRAM: 2048M 0x - 0x7FFF (2048M used) Oct 10 03:28:21 mystic /bsd: radeondrm0: GTT: 512M 0x8000 - 0x9FFF Oct 10 03:28:21 mystic /bsd: ttm_pool_mm_shrink_init stub Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:si_init_microcode] *ERROR* si_cp: Failed to load firmware radeon-pitcairn_pfp Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:si_startup] *ERROR* Failed to load firmware! Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:si_init] *ERROR* disabling GPU acceleration Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:radeon_bo_unpin] *ERROR* 0xfe81b6de32b0 unpin not necessary Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:radeon_bo_unpin] *ERROR* 0xfe81b6de32b0 unpin not necessary Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:si_init] *ERROR* radeon: MC ucode required for NI+. Oct 10 03:28:21 mystic /bsd: : Fatal error during GPU init Oct 10 03:28:21 mystic /bsd: radeon_hwmon_fini stub Oct 10 03:28:21 mystic /bsd: drm: radeon: finishing device. Oct 10 03:28:21 mystic /bsd: Finalizing pool allocator Oct 10 03:28:21 mystic /bsd: ttm_pool_mm_shrink_fini stub Oct 10 03:28:21 mystic /bsd: drm: Zone kernel: Used memory at exit: 0 kiB Oct 10 03:28:21 mystic /bsd: drm: Zone dma32: Used memory at exit: 0 kiB Oct 10 03:28:21 mystic /bsd: drm: radeon: ttm finalized Oct 10 03:28:21 mystic /bsd: drm0 detached Oct 10 03:28:21 mystic /bsd: radeondrm0 detached Oct 10 03:28:21 mystic /bsd: vga1 at pci1 dev 0 function 0 ATI Radeon HD 7850 rev 0x00 Oct 10 03:28:21 mystic /bsd: wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation), using wskbd0 Oct 10 03:28:21 mystic /bsd: wskbd1: connecting to wsdisplay0 Oct 10 03:28:21 mystic /bsd: wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Is there another place to look or debug to turn on? -Bryan You should get more information from a kernel built with 'option DRMDEBUG'.
Re: altq on multiple interfaces
Hi, A question for Henning I think? Do you know if your new super duper HENQ queuing subsystem would allow this? I.e. to queue on the underlying physical (or trunk) interface which all the VLAN interfaces sit upon? This would be amazing as this would mean that you could finally share your total downstream WAN bandwidth across all of your internal VLAN subnets without having to slice up a fixed portion of the bandwidth allocation to each one for the egress of each internal interface. Crossing my fingers and toes! ;) PS; hopefully gonna start testing your diff soon, as soon as I get my new hardware in November. Cheers, Andy. On 09/10/13 16:14, Andy wrote: On Wed 09 Oct 2013 13:53:06 BST, Andy wrote: On Wed 09 Oct 2013 12:29:48 BST, Leonardo Lombardo wrote: Thanks for your reply Andy. What if I have: - multiple VLANs on an internal IF Just have a different set of queues for each 'on vlanX' etc. - have a limited bandwidth on external (say 10/10Mbit/s) Do as was suggested, have a smaller bandwidth for the WAN traffic (100Mbit in the example). Just change that to 10Mbit. and I want to share the external bandwidth among all VLANs giving some IPs (from different VLANs) each a bandwidth guarantee ? You cannot share the 'download' bandwidth across all internal VLANS for the inbound direction, you have to divide it out so that the egress bandwith of each of the internal VLANs sum to the total ingress bandwidth of your WAN. This is a horrible limitation which I *hate* :( Thinking about it, this might not be true.. After-all the packets egress the physical underlying interface so I wonder if its possible to 'queue' on the physical interface 'on emX' for example underneath the 802.1Q tagging, such that all the traffic for all VLANs on top of that phys interface would go through the same queues! If that were the case it would be wonderful :) and I would be changing my own topology immediately to take advantage of having all my different internal nets share the same WAN downstream bandwidth! Someone on here who knows OpenBSD better than me might know if this is possible? You can share the upstream bandwith however as this can be all applied to the single WAN interface. Remember you can only queue egress, not ingress. Sorry if I was not clear in my original question... Thanks
Re: No console output on 5.4-Current
On Fri, Oct 11, 2013 at 09:32:13AM +, Stuart Henderson wrote: On 2013-10-10, Bryan Chapman br...@honeypoocakes.net wrote: The only thing I see in /var/log/messages was on the end of the dmesg I posted: Oct 10 03:28:21 mystic /bsd: drm: initializing kernel modesetting (PITCAIRN 0x1002:0x6819 0x174B:0xE221). Oct 10 03:28:21 mystic /bsd: radeondrm0: VRAM: 2048M 0x - 0x7FFF (2048M used) Oct 10 03:28:21 mystic /bsd: radeondrm0: GTT: 512M 0x8000 - 0x9FFF Oct 10 03:28:21 mystic /bsd: ttm_pool_mm_shrink_init stub Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:si_init_microcode] *ERROR* si_cp: Failed to load firmware radeon-pitcairn_pfp Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:si_startup] *ERROR* Failed to load firmware! Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:si_init] *ERROR* disabling GPU acceleration Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:radeon_bo_unpin] *ERROR* 0xfe81b6de32b0 unpin not necessary Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:radeon_bo_unpin] *ERROR* 0xfe81b6de32b0 unpin not necessary Oct 10 03:28:21 mystic /bsd: error: [drm:pid0:si_init] *ERROR* radeon: MC ucode required for NI+. Oct 10 03:28:21 mystic /bsd: : Fatal error during GPU init Oct 10 03:28:21 mystic /bsd: radeon_hwmon_fini stub Oct 10 03:28:21 mystic /bsd: drm: radeon: finishing device. Oct 10 03:28:21 mystic /bsd: Finalizing pool allocator Oct 10 03:28:21 mystic /bsd: ttm_pool_mm_shrink_fini stub Oct 10 03:28:21 mystic /bsd: drm: Zone kernel: Used memory at exit: 0 kiB Oct 10 03:28:21 mystic /bsd: drm: Zone dma32: Used memory at exit: 0 kiB Oct 10 03:28:21 mystic /bsd: drm: radeon: ttm finalized Oct 10 03:28:21 mystic /bsd: drm0 detached Oct 10 03:28:21 mystic /bsd: radeondrm0 detached Oct 10 03:28:21 mystic /bsd: vga1 at pci1 dev 0 function 0 ATI Radeon HD 7850 rev 0x00 Oct 10 03:28:21 mystic /bsd: wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation), using wskbd0 Oct 10 03:28:21 mystic /bsd: wskbd1: connecting to wsdisplay0 Oct 10 03:28:21 mystic /bsd: wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Is there another place to look or debug to turn on? -Bryan You should get more information from a kernel built with 'option DRMDEBUG'. In this case just install the firmware and reboot, DRMDEBUG isn't going to help and is overly verbose unless a few things are turned off. There is no 2d or 3d acceleration with radeonsi parts like pitcairn however because it requires a version of EGL with the drm/gbm platform instead of the x11 platform, the glamor library and a version of mesa compiled with llvm as the mesa radeonsi driver has a hard dep on llvm. I attempted to provide alternative paths to the linux only udev code in libgbm and co but didn't end up with a useable X session when testing glamor on a northern islands card. AMD don't support the usual xorg type acceleration for radeonsi, only glamor. And sadly it seems the mesa/3d driver is unuseable without glamor as well...
Re: Routedomains are not working with ipv6
Thanks Peter, Good to know. Do we have a timeframe? Regards Olivier Date: Fri, 11 Oct 2013 10:44:39 +0200 From: phess...@openbsd.org To: olivier_pele...@hotmail.com CC: misc@openbsd.org Subject: Re: Routedomains are not working with ipv6 It doesn't work at all. I am working on it, have some things working (but not enough to commit and enable everything). On 2013 Oct 11 (Fri) at 09:54:51 +0200 (+0200), Olivier PELERIN wrote: :Hello Openbsd mailing list : :I like very much the implementation of VRF in openbsd. It works great with :ipv4. It seems buggy with ipv6. : :cat /etc/hostname.vlan425 :rdomain 30 172.18.25.1/24 vlan 425 vlandev xl0 :inet6 2001::2/64 : :IPV6 address is configured but routing is broken. [ since it seems we dont :use the right routing domain] : :vlan425: trying to send packet on wrong domain. if 30 vs. mbuf 0, AF 24 : :If I try to configure the routing domain, then I get an inet6: bad value after :few minutes [ the prompt hangs for a while] : :[root@carolo olpeleri]# ifconfig rdomain 30 inet6 2001::2/64 vlan 425 vlandev :xl0 :ifconfig: inet6: bad value :[root@carolo olpeleri]# : :Bug? : -- Physicists do it with charm.
Re: Routedomains are not working with ipv6
No timeframe as of yet. I plan on committing some pieces of it, and when it's ready we'll enable it. On 2013 Oct 11 (Fri) at 12:34:41 +0200 (+0200), Olivier PELERIN wrote: :Thanks Peter, : :Good to know. Do we have a timeframe? : :Regards : :Olivier : : : Date: Fri, 11 Oct 2013 10:44:39 +0200 : From: phess...@openbsd.org : To: olivier_pele...@hotmail.com : CC: misc@openbsd.org : Subject: Re: Routedomains are not working with ipv6 : : It doesn't work at all. : : I am working on it, have some things working (but not enough to commit : and enable everything). : : : : On 2013 Oct 11 (Fri) at 09:54:51 +0200 (+0200), Olivier PELERIN wrote: : :Hello Openbsd mailing list : : : :I like very much the implementation of VRF in openbsd. It works great with : :ipv4. It seems buggy with ipv6. : : : :cat /etc/hostname.vlan425 : :rdomain 30 172.18.25.1/24 vlan 425 vlandev xl0 : :inet6 2001::2/64 : : : :IPV6 address is configured but routing is broken. [ since it seems we dont : :use the right routing domain] : : : :vlan425: trying to send packet on wrong domain. if 30 vs. mbuf 0, AF 24 : : : :If I try to configure the routing domain, then I get an inet6: bad value after : :few minutes [ the prompt hangs for a while] : : : :[root@carolo olpeleri]# ifconfig rdomain 30 inet6 2001::2/64 vlan 425 vlandev : :xl0 : :ifconfig: inet6: bad value : :[root@carolo olpeleri]# : : : :Bug? : : : : -- : Physicists do it with charm. : : -- Tonight's the night: Sleep in a eucalyptus tree.
Re: why icmp timestamping is enabled by default ?
2013/10/11 Claudio Jeker cje...@diehard.n-r-g.com: On Fri, Oct 11, 2013 at 08:44:36AM +0600, ??? wrote: 2013/10/10 Philip Guenther guent...@gmail.com: On Thu, Oct 10, 2013 at 4:30 AM, ??? chipits...@gmail.com wrote: I use ntp already. So everyone can predict what your machine would have sent in response to an ICMP timestamp query, meaning that turning it off doesn't hide anything. I am about to switch icmp timestamps off (security people are afraid of that setting), Cargo cult security. it is known behavior of security people. just curious what was the purpose of it. Oddly enough, the RFC that defines it (RFC792) has a reference about that. by purpose I mean common use scenarios, like we enable ssh by default, because it is used in routine administration and automation tasks, not because of RFC we enable icmp destination unreachable, because it is used commonly in PMTU mechanisms, not because it is mentioned in some RFC or you enable everything found in RFC ? you must be odd if so. I am not that odd. The better question is why block it? What is the attack vector? You start with ICMP timestamps, next you block ICMP echo then all of ICMP and by that break the internet. I waste way to much time with situations where I can't debug network issues because people block important internet control messages. So if there is not a well known threat (e.g. source routing or the fameous IPv6 rtr-0 header) it should not be disbale just for a bit of a warm fuzzy feeling. icmp dest unreach, frag required (3/4) is very important, I'm not going to block it. kinda fed up with poorly configured networks as well. icmp echo request/reply, i.e. ping/pong is also important, when people do not see ping responce, they beleive host is down. I'm also not going to block it. actually, I'm not going to block icmp at all, I was curious why net.inet.icmp.tstamprepl=1 by default. -- :wq Claudio
Re: Intel i7-4770 + z87 chipset - drm error, re0 is missing lladdr, unknown + not configured
On 10/11/13 03:18, Jonathan Gray wrote: On Fri, Oct 11, 2013 at 02:39:30AM -0400, RD Thrush wrote: On 10/11/13 01:05, Jonathan Gray wrote: On Thu, Oct 10, 2013 at 05:48:43PM -0400, RD Thrush wrote: I noticed some anomalies in the dmesg on this new system. 1. error: [drm:pid0:i915_write32] *ERROR* Unknown unclaimed register before writing to 10 2. dhclient doesn't work with the onboard nic (possibly since the lladdr is 0:0:0:0:0:0. There is no support for Realtek 8168G/8111G devices, here is a diff which apparently lacks some critical part required to make it work as it didn't work for the last person who tried it. Index: re.c === RCS file: /cvs/src/sys/dev/ic/re.c,v retrieving revision 1.144 diff -u -p -r1.144 re.c --- re.c5 Oct 2013 22:59:57 - 1.144 +++ re.c9 Oct 2013 01:21:41 - @@ -223,6 +223,8 @@ static const struct re_revision { { RL_HWREV_8101,RTL8101 }, { RL_HWREV_8101E, RTL8101E }, { RL_HWREV_8102E, RTL8102E }, + { RL_HWREV_8106E, RTL8106E }, + { RL_HWREV_8106E_SPIN1, RTL8106E }, { RL_HWREV_8401E, RTL8401E }, { RL_HWREV_8402,RTL8402 }, { RL_HWREV_8411,RTL8411 }, @@ -238,6 +240,10 @@ static const struct re_revision { { RL_HWREV_8168C_SPIN2, RTL8168C/8111C }, { RL_HWREV_8168CP, RTL8168CP/8111CP }, { RL_HWREV_8168F, RTL8168F/8111F }, + { RL_HWREV_8168G, RTL8168G/8111G }, + { RL_HWREV_8168G_SPIN1, RTL8168G/8111G }, + { RL_HWREV_8168G_SPIN2, RTL8168G/8111G }, + { RL_HWREV_8168G_SPIN4, RTL8168G/8111G }, { RL_HWREV_8105E, RTL8105E }, { RL_HWREV_8105E_SPIN1, RTL8105E }, { RL_HWREV_8168D, RTL8168D/8111D }, @@ -846,6 +852,8 @@ re_attach(struct rl_softc *sc, const cha case RL_HWREV_8402: case RL_HWREV_8105E: case RL_HWREV_8105E_SPIN1: + case RL_HWREV_8106E: + case RL_HWREV_8106E_SPIN1: sc-rl_flags |= RL_FLAG_INVMAR | RL_FLAG_PHYWAKE | RL_FLAG_PHYWAKE_PM | RL_FLAG_PAR | RL_FLAG_DESCV2 | RL_FLAG_MACSTAT | RL_FLAG_CMDSTOP | RL_FLAG_AUTOPAD | @@ -892,6 +900,15 @@ re_attach(struct rl_softc *sc, const cha RL_FLAG_PAR | RL_FLAG_DESCV2 | RL_FLAG_MACSTAT | RL_FLAG_CMDSTOP | RL_FLAG_AUTOPAD | RL_FLAG_NOJUMBO; break; + case RL_HWREV_8168G: + case RL_HWREV_8168G_SPIN1: + case RL_HWREV_8168G_SPIN2: + case RL_HWREV_8168G_SPIN4: + sc-rl_flags |= RL_FLAG_INVMAR | RL_FLAG_PHYWAKE | + RL_FLAG_PAR | RL_FLAG_DESCV2 | RL_FLAG_MACSTAT | + RL_FLAG_CMDSTOP | RL_FLAG_AUTOPAD | RL_FLAG_NOJUMBO | + RL_FLAG_EARLYOFF; + break; case RL_HWREV_8169_8110SB: case RL_HWREV_8169_8110SBL: case RL_HWREV_8169_8110SCd: @@ -1974,6 +1991,7 @@ re_init(struct ifnet *ifp) { struct rl_softc *sc = ifp-if_softc; u_int16_t cfg; + uint32_trxcfg; int s; union { u_int32_t align_dummy; @@ -2058,7 +2076,10 @@ re_init(struct ifnet *ifp) CSR_WRITE_1(sc, RL_EARLY_TX_THRESH, 16); - CSR_WRITE_4(sc, RL_RXCFG, RL_RXCFG_CONFIG); + rxcfg = RL_RXCFG_CONFIG; + if (sc-rl_flags RL_FLAG_EARLYOFF) + rxcfg |= RL_RXCFG_EARLYOFF; + CSR_WRITE_4(sc, RL_RXCFG, rxcfg); /* Program promiscuous mode and multicast filters. */ re_iff(sc); Index: rtl81x9reg.h === RCS file: /cvs/src/sys/dev/ic/rtl81x9reg.h,v retrieving revision 1.76 diff -u -p -r1.76 rtl81x9reg.h --- rtl81x9reg.h17 Mar 2013 20:47:23 - 1.76 +++ rtl81x9reg.h3 Aug 2013 13:54:57 - @@ -186,8 +186,14 @@ #define RL_HWREV_8105E 0x4080 #define RL_HWREV_8105E_SPIN1 0x40C0 #define RL_HWREV_8402 0x4400 +#define RL_HWREV_8106E 0x4480 +#define RL_HWREV_8106E_SPIN1 0x4490 #define RL_HWREV_8168F 0x4800 #define RL_HWREV_8411 0x4880 +#define RL_HWREV_8168G 0x4c00 +#define RL_HWREV_8168G_SPIN1 0x4c10 +#define RL_HWREV_8168G_SPIN2 0x5090 +#define RL_HWREV_8168G_SPIN4 0x5c80 #define RL_HWREV_8139 0x6000 #define RL_HWREV_8139A 0x7000 #define RL_HWREV_8139AG0x7080 @@ -277,6 +283,7 @@ #define RL_RXCFG_RX_RUNT 0x0010 #define RL_RXCFG_RX_ERRPKT 0x0020 #define RL_RXCFG_WRAP 0x0080 +#define RL_RXCFG_EARLYOFF 0x0100 #define RL_RXCFG_MAXDMA0x0700 #define RL_RXCFG_BURSZ 0x1800 #defineRL_RXCFG_FIFOTHRESH 0xE000 @@ -847,6 +854,7 @@ struct rl_softc { #defineRL_FLAG_AUTOPAD 0x4000 #defineRL_FLAG_LINK0x8000 #define
dump(8) and permissions
Hi all, I've been using dump for backup a bunch of systems and I've noticed that there are some areas it can't access: DUMP: Can't fts_read /var/audit: Permission denied DUMP: Can't fts_read /var/authpf: Permission denied DUMP: Can't fts_read /var/backups: Permission denied DUMP: Can't fts_read /var/crash: Permission denied DUMP: Can't fts_read /var/cron/atjobs: Permission denied DUMP: Can't fts_read /var/cron/tabs: Permission denied DUMP: Can't fts_read /var/db/ldap: Permission denied DUMP: Can't fts_read /var/db/yubikey: Permission denied DUMP: Can't fts_read /var/games/hackdir/save: Permission denied DUMP: Can't fts_read /var/named/etc: Permission denied DUMP: Can't fts_read /var/run/mysql: Permission denied DUMP: Can't fts_read /var/spool/clientmqueue: Permission denied DUMP: Can't fts_read /var/spool/ftp/bin: Permission denied DUMP: Can't fts_read /var/spool/ftp/etc: Permission denied DUMP: Can't fts_read /var/spool/ftp/hidden: Permission denied DUMP: Can't fts_read /var/spool/mqueue: Permission denied DUMP: Can't fts_read /var/spool/smtpd: Permission denied I'm dump'ing remotely with: /sbin/dump -0auf The user being used to run is a member of the group 'operator'. What can be the problem ? So far I've thought of these: - because I'm doing this on live system? - in dump(8), in the BUGS section there is this notice: When dumping a list of files or subdirectories, access privileges are required to scan the directory (as this is done via the fts(3) routines rather than directly accessing the filesystem). cheers, --rodolfo
Re: dump(8) and permissions
On Fri, Oct 11, 2013 at 01:59:33PM +0100, Rodolfo Gouveia wrote: Hi all, I've been using dump for backup a bunch of systems and I've noticed that there are some areas it can't access: DUMP: Can't fts_read /var/audit: Permission denied DUMP: Can't fts_read /var/authpf: Permission denied DUMP: Can't fts_read /var/backups: Permission denied DUMP: Can't fts_read /var/crash: Permission denied DUMP: Can't fts_read /var/cron/atjobs: Permission denied DUMP: Can't fts_read /var/cron/tabs: Permission denied DUMP: Can't fts_read /var/db/ldap: Permission denied DUMP: Can't fts_read /var/db/yubikey: Permission denied DUMP: Can't fts_read /var/games/hackdir/save: Permission denied DUMP: Can't fts_read /var/named/etc: Permission denied DUMP: Can't fts_read /var/run/mysql: Permission denied DUMP: Can't fts_read /var/spool/clientmqueue: Permission denied DUMP: Can't fts_read /var/spool/ftp/bin: Permission denied DUMP: Can't fts_read /var/spool/ftp/etc: Permission denied DUMP: Can't fts_read /var/spool/ftp/hidden: Permission denied DUMP: Can't fts_read /var/spool/mqueue: Permission denied DUMP: Can't fts_read /var/spool/smtpd: Permission denied I'm dump'ing remotely with: /sbin/dump -0auf The user being used to run is a member of the group 'operator'. What can be the problem ? So far I've thought of these: - because I'm doing this on live system? - in dump(8), in the BUGS section there is this notice: When dumping a list of files or subdirectories, access privileges are required to scan the directory (as this is done via the fts(3) routines rather than directly accessing the filesystem). Try `su' to your user on that system and try to `ls -lR' those dirs, I suppose he won't be able to do that. j.
Re: why icmp timestamping is enabled by default ?
chipits...@gmail.com wrote: actually, I'm not going to block icmp at all, I was curious why net.inet.icmp.tstamprepl=1 by default. So you can run timed, of course. As others have said, the time is not a secret. -- Christian naddy Weisgerber na...@mips.inka.de
Re: dump(8) and permissions
On Fri, Oct 11, 2013 at 09:04:16AM -0400, Jiri B wrote: Try `su' to your user on that system and try to `ls -lR' those dirs, I suppose he won't be able to do that. j. Thanks Jiri. Indeed he can't. I've looked at this closer and I found out that on some machines dump doesn't give any error even though the user 'backup' can't list the contents of the folder: $ whoami backup $ ls -lhd /var/audit drwxrws--- 2 root wheel 512B Mar 13 2013 /var/audit $ ls -lhR /var/audit ls: audit: Permission denied The difference I found between those machines is the partition layout. Machine with no errors: $ mount /dev/sd0a on / type ffs (local) /dev/sd0g on /home type ffs (local, nodev, nosuid) /dev/sd0d on /tmp type ffs (local, nodev, nosuid) /dev/sd0f on /usr type ffs (local, nodev) /dev/sd0e on /var type ffs (local, nodev, nosuid) Machine with errors: $ mount /dev/sd0a on / type ffs (local) So the difference is that when '/var' is a real partition, dump doesn't complain at all. Does this make sense?
Re: dump(8) and permissions
On Fri, Oct 11, 2013 at 02:38:23PM +0100, Rodolfo Gouveia wrote: On Fri, Oct 11, 2013 at 09:04:16AM -0400, Jiri B wrote: Try `su' to your user on that system and try to `ls -lR' those dirs, I suppose he won't be able to do that. j. Thanks Jiri. Indeed he can't. I've looked at this closer and I found out that on some machines dump doesn't give any error even though the user 'backup' can't list the contents of the folder: $ whoami backup $ ls -lhd /var/audit drwxrws--- 2 root wheel 512B Mar 13 2013 /var/audit $ ls -lhR /var/audit ls: audit: Permission denied As 'backup' user is not in 'wheel' group, not he is obviously 'root', hehe, he is out of luck. j.
Re: dump(8) and permissions
Rodolfo Gouveia wrote: On Fri, Oct 11, 2013 at 09:04:16AM -0400, Jiri B wrote: Try `su' to your user on that system and try to `ls -lR' those dirs, I suppose he won't be able to do that. j. Thanks Jiri. Indeed he can't. I've looked at this closer and I found out that on some machines dump doesn't give any error even though the user 'backup' can't list the contents of the folder: $ whoami backup $ ls -lhd /var/audit drwxrws--- 2 root wheel 512B Mar 13 2013 /var/audit $ ls -lhR /var/audit ls: audit: Permission denied The difference I found between those machines is the partition layout. Machine with no errors: $ mount /dev/sd0a on / type ffs (local) /dev/sd0g on /home type ffs (local, nodev, nosuid) /dev/sd0d on /tmp type ffs (local, nodev, nosuid) /dev/sd0f on /usr type ffs (local, nodev) /dev/sd0e on /var type ffs (local, nodev, nosuid) Machine with errors: $ mount /dev/sd0a on / type ffs (local) So the difference is that when '/var' is a real partition, dump doesn't complain at all. Does this make sense? Possibly, yes, but I don't think you're supplying all information necessary to determine that. The exact command you run isn't clear to me. e.g. when specifying 'files-to-dump' as: 1) a list of files and directories, I expect the user running dump to need sufficient access to be able to make a backup of each of the individual files and directories. 2) a mountpoint, I suspect the underlying device node is accessed to make the backup. Guess what ? $ ls -l /dev/sd0a brw-r- 1 root operator4, 0 May 7 19:13 /dev/sd0a AFAICT device nodes are readable by the operator group an thus can be backed up by members of that group. To the best of my knowledge dump can be used to backup whole filesystems by accessing them through the underlying device node as a member of the operator group. Also see dump(8) and the FAQ.
Re: dump(8) and permissions
On Fri, Oct 11, 2013 at 04:56:35PM +0200, Remco wrote: Possibly, yes, but I don't think you're supplying all information necessary to determine that. The exact command you run isn't clear to me. Here it is, on the machine without errors: $ id uid=1001(backup) gid=1001(backup) groups=1001(backup), 5(operator) $ /sbin/dump -0auf /tmp/var.dump /var DUMP: Date of this level 0 dump: Fri Oct 11 16:21:30 2013 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rsd0e (/var) to /tmp/var.dump DUMP: mapping (Pass I) [regular files] DUMP: mapping (Pass II) [directories] DUMP: estimated 107345 tape blocks. DUMP: Volume 1 started at: Fri Oct 11 16:21:35 2013 DUMP: dumping (Pass III) [directories] DUMP: dumping (Pass IV) [regular files] DUMP: 114670 tape blocks on 1 volume DUMP: Date of this level 0 dump: Fri Oct 11 16:21:30 2013 DUMP: Volume 1 completed at: Fri Oct 11 16:22:04 2013 DUMP: Volume 1 took 0:00:29 DUMP: Volume 1 transfer rate: 3954 KB/s DUMP: Date this dump completed: Fri Oct 11 16:22:04 2013 DUMP: Average transfer rate: 3954 KB/s DUMP: level 0 dump on Fri Oct 11 16:21:30 2013 DUMP: Closing /tmp/var.dump DUMP: DUMP IS DONE $ mount /dev/sd0a on / type ffs (local) /dev/sd0g on /home type ffs (local, nodev, nosuid) /dev/sd0d on /tmp type ffs (local, nodev, nosuid) /dev/sd0f on /usr type ffs (local, nodev) /dev/sd0e on /var type ffs (local, nodev, nosuid) Now on the other one: $ id uid=1003(backup) gid=1003(backup) groups=1003(backup), 5(operator) $ /sbin/dump -0auf /tmp/var.dump /var DUMP: Ignoring u flag for subdir dump DUMP: Dumping sub files/directories from / DUMP: Dumping file/directory /var DUMP: Date of this level 0 dump: Fri Oct 11 16:22:57 2013 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rsd0a (/) to /tmp/var.dump DUMP: mapping (Pass I) [regular files] DUMP: Can't fts_read /var/audit: Permission denied DUMP: Can't fts_read /var/authpf: Permission denied DUMP: Can't fts_read /var/backups: Permission denied DUMP: Can't fts_read /var/crash: Permission denied DUMP: Can't fts_read /var/cron/atjobs: Permission denied DUMP: Can't fts_read /var/cron/tabs: Permission denied DUMP: Can't fts_read /var/db/ldap: Permission denied DUMP: Can't fts_read /var/db/pkg/libart-2.3.21: Permission denied DUMP: Can't fts_read /var/db/pkg/png-1.5.10: Permission denied DUMP: Can't fts_read /var/db/pkg/rrdtool-1.2.30p3: Permission denied DUMP: Can't fts_read /var/db/pkg/symon-2.85: Permission denied DUMP: Can't fts_read /var/db/pkg/libxml-2.7.8p6: Permission denied DUMP: Can't fts_read /var/db/pkg/femail-0.98: Permission denied DUMP: Can't fts_read /var/db/pkg/femail-chroot-0.98p1: Permission denied [snip] DUMP: Can't fts_read /var/postfix: Permission denied DUMP: mapping (Pass II) [directories] DUMP: estimated 68170 tape blocks. DUMP: Volume 1 started at: Fri Oct 11 16:22:57 2013 DUMP: dumping (Pass III) [directories] DUMP: dumping (Pass IV) [regular files] DUMP: 68342 tape blocks on 1 volume DUMP: Date of this level 0 dump: Fri Oct 11 16:22:57 2013 DUMP: Volume 1 completed at: Fri Oct 11 16:23:06 2013 DUMP: Volume 1 took 0:00:09 DUMP: Volume 1 transfer rate: 7593 KB/s DUMP: Date this dump completed: Fri Oct 11 16:23:06 2013 DUMP: Average transfer rate: 7593 KB/s DUMP: Closing /tmp/var.dump DUMP: DUMP IS DONE $ mount /dev/sd0a on / type ffs (local) So that pertains 1). 2) a mountpoint, I suspect the underlying device node is accessed to make the backup. Guess what ? $ ls -l /dev/sd0a brw-r- 1 root operator4, 0 May 7 19:13 /dev/sd0a AFAICT device nodes are readable by the operator group an thus can be backed up by members of that group. To the best of my knowledge dump can be used to backup whole filesystems by accessing them through the underlying device node as a member of the operator group. Now that you explained it like that, I can see what's happening. It works when there is a partition because of the permissions of the device itself and not of the filesystem. Thank you! cheers, --rodolfo
Re: Looking for good, small, canadian version laptop suggestions
Hi guys, I am looking for some suggestions for a good, small quite laptop. I was looking at futureshop.ca and bestbuy.ca. I currently have an HP dv3 For OpenBSD, I would never buy something at FutureShop or BestBuy; those are all consumer-oriented Designed For Windows 8 laptops. I either buy Lenovo ThinkPads from an authorized reseller (e.g. the x201t sitting in front of me, and many of the OpenBSD developers use various models of Thinkpad), or I buy off-lease (trailing-edge) Dell Latitude/Precision laptops directly from Dell - see www.dfsdirect.ca for their off-lease selection. The Latitude E4000 series are all quite small and light, are readily available, and AFAIK are fully supported. Right now I'm running 5.3-RELEASE on a Latitude D630 with no issues at all, and IIRC the E4500 should be fully supported as well. Many people cringe at the thought of a used laptop, but note that DFS will offer a 1-year warranty, which is exactly what you get buying consumer-grade laptops from a retail big-box store anyway. My favourite part of the Latitude E series (and most Precision models, too) is that if you get the optional docking base, you can then run dual-DVI off the laptop! -- -Adam Thompson athom...@athompso.net
Re: Intel i7-4770 + z87 chipset - drm error, re0 is missing lladdr, unknown + not configured
On 10/10/13 17:48, RD Thrush wrote: I noticed some anomalies in the dmesg on this new system. 1. error: [drm:pid0:i915_write32] *ERROR* Unknown unclaimed register before writing to 10 2. dhclient doesn't work with the onboard nic (possibly since the lladdr is 0:0:0:0:0:0. 3. (1) 'unknown' product(ppb0) 4. (3) 'not configured' items (Intel 8 Series (xHCI|MEI|SMBus) I've appended the dmesg, pcidump, biosdecode, dmidecode, and acpidump detail. I'll be happy to gather more data, test patches, ... TIA. FWIW, I've collected some additional dmesg info from recent versions of freebsd and linux mint at the following links: http://arp.thrush.com/openbsd/z87-a/data/freebsd-10.0-alpha5/dmesg.serial-console http://arp.thrush.com/openbsd/z87-a/data/mint15/dmesg freebsd seemed to have the same re0 problems originally noted although I didn't pursue it since it hung before giving a console prompt. mint15 worked a little better but I don't know enough linux to get more than basic info. X info is at http://arp.thrush.com/openbsd/z87-a/data/mint15/Xorg.0.log
Re: Looking for good, small, canadian version laptop suggestions
On 10/11/2013 06:10 PM, Adam Thompson wrote: Hi guys, I am looking for some suggestions for a good, small quite laptop. I was looking at futureshop.ca and bestbuy.ca. I currently have an HP dv3 For OpenBSD, I would never buy something at FutureShop or BestBuy; those are all consumer-oriented Designed For Windows 8 laptops. I either buy Lenovo ThinkPads from an authorized reseller (e.g. the x201t sitting in front of me, and many of the OpenBSD developers use various models of Thinkpad), or I buy off-lease (trailing-edge) Dell Latitude/Precision laptops directly from Dell - see www.dfsdirect.ca for their off-lease selection. The Latitude E4000 series are all quite small and light, are readily available, and AFAIK are fully supported. Right now I'm running 5.3-RELEASE on a Latitude D630 with no issues at all, and IIRC the E4500 should be fully supported as well. Many people cringe at the thought of a used laptop, but note that DFS will offer a 1-year warranty, which is exactly what you get buying consumer-grade laptops from a retail big-box store anyway. My favourite part of the Latitude E series (and most Precision models, too) is that if you get the optional docking base, you can then run dual-DVI off the laptop! Thanks very much this is very helpful I will keep it in mind. In the mean time I stumbled across this http://solaptop.com/en/products/laptops/ it is pretty cool and the price is right I think I will give it a try when they start taking orders that is. I have two small Shuttles using the Atom D2700 with SSDs and they are really snappy and quiet. I wished they made a proper laptop with an Atom no fans and noise but proper keyboard etc.. and these have solar batteries as well nice :). Thanks for the list of machines and the model numbers. I agree futureshop and bestbuy are consumer vendors getting extended specs is impossibly from their web sites and sometimes even the manuals on the product maker site does not contain the version number or the type of the WIFI card. It is a bit of a hit and miss kind of thing, which is why I posted here, and with the new secure boot it is only getting more difficult to figure out what will work or not. Cheers and thanks again. George
Re: dump(8) and permissions
On Fri, Oct 11, 2013 at 04:56:36PM +0100, Rodolfo Gouveia wrote: On Fri, Oct 11, 2013 at 04:56:35PM +0200, Remco wrote: Possibly, yes, but I don't think you're supplying all information necessary to determine that. The exact command you run isn't clear to me. Here it is, on the machine without errors: $ id uid=1001(backup) gid=1001(backup) groups=1001(backup), 5(operator) $ /sbin/dump -0auf /tmp/var.dump /var DUMP: Date of this level 0 dump: Fri Oct 11 16:21:30 2013 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rsd0e (/var) to /tmp/var.dump DUMP: mapping (Pass I) [regular files] DUMP: mapping (Pass II) [directories] DUMP: estimated 107345 tape blocks. DUMP: Volume 1 started at: Fri Oct 11 16:21:35 2013 DUMP: dumping (Pass III) [directories] DUMP: dumping (Pass IV) [regular files] DUMP: 114670 tape blocks on 1 volume DUMP: Date of this level 0 dump: Fri Oct 11 16:21:30 2013 DUMP: Volume 1 completed at: Fri Oct 11 16:22:04 2013 DUMP: Volume 1 took 0:00:29 DUMP: Volume 1 transfer rate: 3954 KB/s DUMP: Date this dump completed: Fri Oct 11 16:22:04 2013 DUMP: Average transfer rate: 3954 KB/s DUMP: level 0 dump on Fri Oct 11 16:21:30 2013 DUMP: Closing /tmp/var.dump DUMP: DUMP IS DONE $ mount /dev/sd0a on / type ffs (local) /dev/sd0g on /home type ffs (local, nodev, nosuid) /dev/sd0d on /tmp type ffs (local, nodev, nosuid) /dev/sd0f on /usr type ffs (local, nodev) /dev/sd0e on /var type ffs (local, nodev, nosuid) Now on the other one: $ id uid=1003(backup) gid=1003(backup) groups=1003(backup), 5(operator) $ /sbin/dump -0auf /tmp/var.dump /var DUMP: Ignoring u flag for subdir dump DUMP: Dumping sub files/directories from / DUMP: Dumping file/directory /var DUMP: Date of this level 0 dump: Fri Oct 11 16:22:57 2013 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rsd0a (/) to /tmp/var.dump DUMP: mapping (Pass I) [regular files] DUMP: Can't fts_read /var/audit: Permission denied DUMP: Can't fts_read /var/authpf: Permission denied DUMP: Can't fts_read /var/backups: Permission denied DUMP: Can't fts_read /var/crash: Permission denied DUMP: Can't fts_read /var/cron/atjobs: Permission denied DUMP: Can't fts_read /var/cron/tabs: Permission denied DUMP: Can't fts_read /var/db/ldap: Permission denied DUMP: Can't fts_read /var/db/pkg/libart-2.3.21: Permission denied DUMP: Can't fts_read /var/db/pkg/png-1.5.10: Permission denied DUMP: Can't fts_read /var/db/pkg/rrdtool-1.2.30p3: Permission denied DUMP: Can't fts_read /var/db/pkg/symon-2.85: Permission denied DUMP: Can't fts_read /var/db/pkg/libxml-2.7.8p6: Permission denied DUMP: Can't fts_read /var/db/pkg/femail-0.98: Permission denied DUMP: Can't fts_read /var/db/pkg/femail-chroot-0.98p1: Permission denied [snip] DUMP: Can't fts_read /var/postfix: Permission denied DUMP: mapping (Pass II) [directories] DUMP: estimated 68170 tape blocks. DUMP: Volume 1 started at: Fri Oct 11 16:22:57 2013 DUMP: dumping (Pass III) [directories] DUMP: dumping (Pass IV) [regular files] DUMP: 68342 tape blocks on 1 volume DUMP: Date of this level 0 dump: Fri Oct 11 16:22:57 2013 DUMP: Volume 1 completed at: Fri Oct 11 16:23:06 2013 DUMP: Volume 1 took 0:00:09 DUMP: Volume 1 transfer rate: 7593 KB/s DUMP: Date this dump completed: Fri Oct 11 16:23:06 2013 DUMP: Average transfer rate: 7593 KB/s DUMP: Closing /tmp/var.dump DUMP: DUMP IS DONE $ mount /dev/sd0a on / type ffs (local) So that pertains 1). 2) a mountpoint, I suspect the underlying device node is accessed to make the backup. Guess what ? $ ls -l /dev/sd0a brw-r- 1 root operator4, 0 May 7 19:13 /dev/sd0a AFAICT device nodes are readable by the operator group an thus can be backed up by members of that group. To the best of my knowledge dump can be used to backup whole filesystems by accessing them through the underlying device node as a member of the operator group. Now that you explained it like that, I can see what's happening. It works when there is a partition because of the permissions of the device itself and not of the filesystem. Thank you! So is it related to permissions on partition device? If so wow, I didn't know how it works... j.
OpenBSD site SSL
Hi. Would it be possible to get SSL on the OpenBSD website(s)? It would be just a couple lines to change in nginx.conf/httpd.conf. SSL certificates are free from Startcom and cheap from other vendors. It would be really nice to have, even if it's not the default. I feel naked viewing the site over plain http. Thanks.
Re: OpenBSD site SSL
John Darrah writes: Hi. Would it be possible to get SSL on the OpenBSD website(s)? It would be just a couple lines to change in nginx.conf/httpd.conf. SSL certificates are free from Startcom and cheap from other vendors. It would be really nice to have, even if it's not the default. I feel naked viewing the site over plain http. Thanks. If you want encrypted access to the OpenBSD web site, do a CVS checkout and view it locally...