Re: Libperl 18?
On Mon, Feb 13, 2017 at 02:29:01AM +, Bryan C. Everly wrote: > I have been trying to nuke and pave my daily driver's OpenBSD partition > since Feb 5. Trying to install libproxy failed on a bad major (I have 17.1 > and it wants 18.0) for libperl. > > I figured this was the normal behavior I have seen from time to time > running snapshots and I would just wait for the next refresh of the > snapshot. I did and I reinstalled the bad and userland tools from it but > I'm still seeing the problem. > > Are we having problems with perl in the userland build? Should be libperl.so.18.0 from perl 5.24.1 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/sets/lists/base/mi.diff?r1=1.818&r2=1.819&f=h What's the date of the snapshot you installed? $ ftp -o- ftp://ftp3.usa.openbsd.org/pub/OpenBSD/snapshots/amd64/base60.tgz | tar tzvf - | grep libperl ... -r--r--r-- 1 root bin5722739 Feb 12 12:44 ./usr/lib/libperl.so.18.0
Re: Forget mod_perl. I'm going to try to move to FastCGI and base http
On Tue, Oct 04, 2016 at 12:20:33PM -0400, Raul Miller wrote: > On Tue, Oct 4, 2016 at 8:48 AM, Marc Espie wrote: > > There's also a whole fucking manpage bundled with PerlDancer explaining in > > some details all the possible deployment options. > > Related, though, is that a lot (but not all) of this documentation > assumes the reader understands how to use mod_perl -- and incorporates > its documentation by reference, or by implication. This is getting off-topic for misc@, but the Plack and mod_perl are fairly low-level so I don't think it's unfair to expect a reader who is converting from one to the other to be familiar with them. Then again, the PSGI spec is not incredibly dense. https://metacpan.org/pod/PSGI And the FAQ seems to answer questions expecting, what seemed to me, a reasonable knowledge level. https://metacpan.org/pod/distribution/PSGI/PSGI/FAQ.pod > People who don't understand that are probably expected to either > figure it out for themselves, or migrate to some other environment > (which might account for some of the popularity of node.js, rails and > python). While the page at http://plackperl.org/ could possibly be a bit friendlier, it does have links to explain what it is and how it works, plus links to something like 18 higher-level frameworks that support PSGI, likely via Plack, I think the hope is more that you might find the Task::Kensho link off of the metacpan.org main page and from there follow the links to some of the many perl web development frameworks that exist. https://metacpan.org/pod/Task::Kensho#Task::Kensho::WebDev:-Web-Development (I am in the middle of doing this at work, so may not have a good handle on how someone new sees things) l8rZ, -- andrew - http://afresh1.com At the source of every error which is blamed on the computer, you will find at least two human errors, including the error of blaming it on the computer.
Re: Forget mod_perl. I'm going to try to move to FastCGI and base http
I gave a talk about moving from mod_perl to Plack and FastCGI at the local perlmonger group. It was fairly straight forward and there are a fair number of options on the CPAN, although I'm unsure which have ports. http://cvs.afresh1.com/~andrew/talks/cgi_to_psgi_pdx_pm/ There is also some potentially useful information in this article https://github.com/reyk/httpd/wiki/Migrating-a-perl-CGI-application-such-as-B ugzilla On September 29, 2016 12:19:50 PM PDT, Chris Bennett wrote: >Thanks to stu@, he's informed me that mod_perl is a big problem for >OpenBSD modernising its Perl forward. >So I'm going to try and move to FastCGI. > >I can't find any info online about transition from mod_perl to FastCGI, >so I'll have to work that out myself. Any useful links would be >appreciated. > >Since I have been using Apache, I haven't paid any attention to base >http. > >I have written modules to allow people to setup to make a purchase for >online content, be transferred over to PayPal, pay. >PayPal then sends me payment details which I have to send back to >verify >status of purchase. After that I create a username and password and >email those plus a link to the customer. > >Privately, I have several databases that I use to form project assembly >pieces that can then be combined in different ways to produce final, >different complete project. Project labor is also worked out similarly. > >I also run two forums on outside software. > >I use PostgreSQL. I use Apache's httpd.conf and other confs to match >Locations to the appropriate modules. > >Are there any problems getting something like this to work with base >httpd? I run several different sites. >The manual pages seem a little terse and unrevealing to me. > >I'm going to go study FastCGI myself now. > >Could anyone share some httpd.confs with me that do what I'm trying to >accomplish? > >Any help appreciated, >Chris Bennett -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Reading /etc/shells - Check /etc/master.passwd - Password file busy
On Sat, Apr 23, 2016 at 06:42:06PM -0400, Nick wrote: > Check /etc/master.passwd > Password file busy > # > > I have checked both /etc/passwd, /etc/master.passwd and I cannot see any > issues with it. This means that you're not able to open /etc/ptmp for some reason, likely because the file already exists (because adduser tries to open the file O_CREAT|O_EXCL). l8rZ, -- andrew - http://afresh1.com Unix is very simple, but it takes a genius to understand the simplicity. -- Dennis Ritchie
Re: Reached some limit with sockets?
On Sat, Feb 20, 2016 at 08:06:57PM +0100, Federico Giannici wrote: > In a server (OpenBSD amd64 5.7) with many concurrent perl programs that have > to open a lot of SSH connections, I get many errors like this: > > connect() on closed socket GEN136 at > /usr/local/libdata/perl5/site_perl/Net/SSH/Perl.pm line 216. > > Maybe at some point no more sockets can be opened because of some limit is > reached? > > I already tried to set these in sysctl.conf: > > kern.maxfiles=2 > kern.somaxconn=1024 Since you don't provide much information about how many simultaneous connections you are making or how many you are making per-second, it's really hard to guess what might be going on. However, the maxfiles limit here may give some indication to the amount so my guess is that you are hitting the pf state limit. The default state purging interval is 10 seconds, and the default state limit is 10,000 states. I'd suggest looking at the output of pfctl -si when you're having the issue. $ doas pfctl -sa | grep -e ^states -e interval interval 10s stateshard limit1 (note that I don't actually have an OpenBSD 5.7 machine, so these numbers may not have been the same back then)
Re: GUI Designer
On Mon, Feb 22, 2016 at 02:21:01PM +, Daniel Boyd wrote: > But here's??my question: every now and > then I like to makea quick and dirty GUI app. ??In Windows, I was??using > Netbeans/Java/Swing. ??What do youguys use for a simple GUI with a > visualdesigner? In perl, I for one usually end up just writing a quick web app using Mojolicious::Lite* or some other framework. Doesn't exactly answer your question, but I haven't had a desire to write a GUI app in quite a few years. * The p5-Mojo package from http://mojolicious.org/perldoc/Mojolicious/Lite l8rZ, -- andrew - http://afresh1.com Life's unfair - but root password helps!
Re: Unix::Pledge perl module
On Thu, Nov 19, 2015 at 04:19:19PM -0500, Richard Farr wrote: > I've put together a simple CPAN module that allows you to use pledge(2) > in your Perl programs. Of course it will only work on -current. Way cool! I too have been working on this a bit. Sorry that I got distracted from actually putting it someplace public. https://github.com/afresh1/OpenBSD-Pledge One benefit of mine is that OpenBSD-Pledge.t is a bit further fleshed out. I do need to do a fair amount of work on the docs still, but I will be looking for OKs to import it into base before long. I think there is definitely room in the ecosystem for more than one tool, especially if other operating systems adopt pledge. l8rZ, -- andrew - http://afresh1.com I wish life had an UNDO function.
Re: installation of Perl on OpenBSD 5.8 with perlbrew fails due crypt.h
On Tue, Nov 03, 2015 at 02:03:34PM -0200, Alceu Rodrigues de Freitas Junior wrote: > Hello Andrew, > > Em 02-11-2015 23:52, Andrew Fresh escreveu: > >Yes, we don't support many of the algorithms that the tests attempt to > >use. I should probably push this patch upstream (with improvements) but > >have not yet had time. > > > >https://github.com/afresh1/OpenBSD-perl/blob/master/patches/GOOD/fix_crypt_t ests.patch > > > > I took a look at your patch but didn't understand the objective of it. > > There are some comments as "# Use Blowfish", do you mean using > Crypt::Blowfish crypt function instead? No, from `man 3 crypt` Blowfish crypt The Blowfish version of crypt has 128 bits of salt in order to make building dictionaries of common passwords space consuming. ... The version number, the logarithm of the number of rounds and the concatenation of salt and hashed password are separated by the ‘$’ character. An encoded ‘8’ would specify 256 rounds. A valid Blowfish password looks like this: “$2b$12$FPWWO2RJ3CK4FINTw0Hi8OiPKJcX653gzSS.jqltHFMxyDmmQ0Hqq”. > Maybe a conditional block from Test::More help with that (including skipping > the test at all) would help, based on the osname from Config module. Perhaps, although with that patch the tests pass. I am sure I'll come up with something. > >That would be helpful, along with specific versions of perl you are > >trying to install. > > Here it goes: > Use of uninitialized value in substr at op/crypt.t line 43. > substr outside of string at op/crypt.t line 43. > I tried to install the latest perl available (5.22.0). This looks like the errors the patch addresses, so yes, something changed in 5.8. The other crypt's got tedu'd http://marc.info/?l=openbsd-cvs&m=142835341405554&w=2 l8rZ, -- andrew - http://afresh1.com If your computer says, "Printer out of Paper," this problem cannot be resolved by continuously clicking the "OK" button.
Re: installation of Perl on OpenBSD 5.8 with perlbrew fails due crypt.h
On Mon, Nov 02, 2015 at 10:06:18PM -0200, Alceu Rodrigues de Freitas Junior wrote: > My name is Alceu and I'm a newbie with OpenBSD. I hope I reached the right > mailing list to ask about compiling Perl with perlbrew on OpenBSD. Seems a reasonable place. I've successfully installed quite a few versions of perl using plenv, not perlbrew, but I think that plenv does not run the test suite. > Is there any change to crypt.h on version 5.8? It seems the errors are due > differences on the interface. Yes, we don't support many of the algorithms that the tests attempt to use. I should probably push this patch upstream (with improvements) but have not yet had time. https://github.com/afresh1/OpenBSD-perl/blob/master/patches/GOOD/fix_crypt_tests.patch > Unfortunately I don't have the exact error messages, but I can try to > reproduce the errors again if needed. That would be helpful, along with specific versions of perl you are trying to install. l8rZ, -- andrew - http://afresh1.com Full-time system administration is a delicate balance between proactiveness and laziness. -- jhorwitz from use.perl.org
Re: cannot install Padre (a Perl IDE) for first run on OpenBSD?
On Fri, Jun 12, 2015 at 06:45:54PM +0900, Joel Rees wrote: > 2015/06/12 14:10 "ertetlen barmok" : > > Padre requires a perl built using threads > > Hmm. No threads in the system supplied perl? This is correct. Threads causes a significant performance hit, often in the 20% range and "The use of interpreter-based threads in perl is officially discouraged." so we do not enable it in the system perl. http://perldoc.perl.org/threads.html > I'm not sure if it's still the case, but the perl community used to > recomend having a parallel install of perl when you need things the system > supplied perl doesn't have. That would also be my recommendation. I do want the system perl in OpenBSD to be as generally useful as possible, and unfortunately Padre is the one actually useful thing I know of that requires perl threads. For this use I too would recommend a parallel installation. I have had good luck with plenv on OpenBSD https://github.com/tokuhirom/plenv and have heard good things about perlbrew although have not tried it. http://perlbrew.pl/ l8rZ, -- andrew - http://afresh1.com I think I understand, but my stubborn brain refuses to admit it until I beat it into submission by proof upon proof. -- Michael Shiloh
Re: .kshrc Definitions under X
On Sun, Apr 05, 2015 at 10:50:47PM -0300, Henrique Lengler wrote: > And it is called in ~.profile with this: > . /home/henri/.kshrc > > The problem is that these definitions work out of X, in the console, > logged as the same user (henri) but don't work under X. > I open a xterm window and and type clr, I receive: > /bin/ksh: clr: not found > But out of X it works, can someone help me to make this thing work > normally? What I have done is set "ENV=$HOME/.kshrc" in .profile, then whenever you open a new shell, it will use that file as a shell startup file. $ man ksh | grep -A2 '^ *ENV' ENVIf this parameter is found to be set after any profile files are executed, the expanded value is used as a shell startup file. It typically contains function and alias definitions. l8rZ, -- andrew - http://afresh1.com The 3 great virtues of a programmer: Laziness, Impatience, and Hubris. --Larry Wall
Re: Getting errors during security(8) maintenance
On Thu, Mar 26, 2015 at 03:42:07PM +0100, Ingo Schwarze wrote: > Hi Andrew (or any other developer), > > OK to commit the following fix? > > Note that chomping after splitting is important because split > drops trailing empty fields. A blank home_dir is valid? I will defer to others on that but seems surprising to me. Although I haven't had time to apply the patch and try it, the implementation looks sane given that above is as expected. OK afresh1@ > Index: security > === > RCS file: /cvs/src/libexec/security/security,v > retrieving revision 1.32 > diff -u -p -r1.32 security > --- security 4 Dec 2014 00:07:21 - 1.32 > +++ security 26 Mar 2015 14:23:53 - > @@ -336,7 +336,16 @@ sub find_homes { > nag !(open my $fh, '<', $filename), > "open: $filename: $!" > and return []; > - my $homes = [ map [ @{[split /:/]}[0,2,5] ], <$fh> ]; > + my $homes = []; > + while (<$fh>) { > + my $entry = [ @{[split /:/]}[0,2,5] ]; > + chomp; > + nag !defined $entry->[2], > + "Incomplete line \"$_\" in $filename." > + and next; > + chomp $entry->[2]; > + push @$homes, $entry; > + } > close $fh; > return $homes; > } -- andrew - http://afresh1.com Unix is very simple, but it takes a genius to understand the simplicity. -- Dennis Ritchie
Re: xHCI not configured on Intel 7 series
On Sun, Nov 09, 2014 at 03:54:50PM -0500, Joe Gidi wrote: > I see that xHCI has been enabled in -current and I'd like to start testing > on my system, but the driver is not attaching: > > "Intel 7 Series xHCI" rev 0x04 at pci0 dev 20 function 0 not configured > OpenBSD 5.6-current (GENERIC.MP) #544: Fri Nov 7 10:36:24 MST 2014 This Nov 7th amd64 snapshot did not catch the commit that enabled xHCI. If you wait for the next snapshot or build a kernel yourself you may have better luck. l8rZ, -- andrew - http://afresh1.com Software doesn't do what you want it to do, it does what you tell it do. -- Stefan G. Weichinger.
Re: Requested upstream patch to use OpenBSD's malloc
On Sat, May 31, 2014 at 12:09:09PM -0700, Andrew Fresh wrote: > I opened a ticket with upstream to use OpenBSD's malloc by default. > > https://rt.perl.org/Public/Bug/Display.html?id=122000 You will be happy to know this was merged to bleed today. http://perl5.git.perl.org/perl.git/commitdiff/9be9e8a734382a4f2852efc22debe8e98e91eee9 Many thanks to Tony Cook and all the people who put in a good word. l8rZ, -- andrew - http://afresh1.com Instructions are just another man's opinion of how to do something. -- Weldboy #DPWisdom
Requested upstream patch to use OpenBSD's malloc
I opened a ticket with upstream to use OpenBSD's malloc by default. https://rt.perl.org/Public/Bug/Display.html?id=122000 Perl was setup to use perl's malloc on OpenBSD by default in 2010. https://rt.perl.org/Public/Bug/Display.html?id=75742 The perl in OpenBSD base has always used OpenBSD's malloc, and I believe that is what OpenBSD users will expect, even building perl themselves. If you have opinions that may sway the perl5-porters, please chime in on the above ticket #122000. l8rZ, -- andrew - http://afresh1.com People who invent random theories which only defend the vendor must have been beaten as children. Beaten with sticks. At least, that's my theory. -- Theo De Raadt
AlphaStation 200 -- dmesg
Not that anyone in particular cares, but a dmesg! [ using 655088 bytes of bsd ELF symbol table ] consinit: not using prom console Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2014 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 5.5 (GENERIC) #124: Tue Mar 4 17:48:56 MST 2014 dera...@alpha.openbsd.org:/usr/src/sys/arch/alpha/compile/GENERIC AlphaStation 200 4/166, 166MHz 8192 byte page size, 1 processor. real mem = 167772160 (160MB) rsvd mem = 2048000 (1MB) avail mem = 154181632 (147MB) mainbus0 at root cpu0 at mainbus0: ID 0 (primary), 21064-0 (pass 2 or 2.1) apecs0 at mainbus0: DECchip 21071 Core Logic chipset apecs0: DC21071-CA pass 2, 64-bit memory bus apecs0: DC21071-DA pass 2 pci0 at apecs0 bus 0 siop0 at pci0 dev 6 function 0 "Symbios Logic 53c810" rev 0x02: isa irq 11 scsibus0 at siop0: 8 targets, initiator 7 sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed serial.SEAGATE_SX373405LC_3EK154CA_22326FU8 sd0: 70007MB, 512 bytes/sector, 143374738 sectors cd0 at scsibus0 targ 4 lun 0: SCSI2 5/cdrom removable probe(siop0:4:1): scsi message reject, message sent was 0x0 probe(siop0:4:2): scsi message reject, message sent was 0x0 probe(siop0:4:3): scsi message reject, message sent was 0x0 probe(siop0:4:4): scsi message reject, message sent was 0x0 probe(siop0:4:5): scsi message reject, message sent was 0x0 probe(siop0:4:6): scsi message reject, message sent was 0x0 probe(siop0:4:7): scsi message reject, message sent was 0x0 sio0 at pci0 dev 7 function 0 "Intel 82378IB ISA" rev 0x03 de0 at pci0 dev 11 function 0 "DEC 21040" rev 0x23, DEC 21040 pass 2.3: isa irq 5, address 08:00:2b:e4:f4:33 isa0 at sio0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 mux 1 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x3bc/4 irq 7 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec mcclock0 at isa0 port 0x70/2: mc146818 or compatible stray isa irq 3 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets siop0: target 0 now using tagged 8 bit 10.0 MHz 8 REQ/ACK offset xfers root on sd0a (6cac48c33b73b217.a) swap on sd0b dump on sd0b WARNING: preposterous clock chip time -- CHECK AND RESET THE DATE! stray isa irq 3 $ usbdevs -v usbdevs: no USB controllers found $ pcidump Domain /dev/pci0: 0:6:0: Symbios Logic 53c810 0:7:0: Intel 82378IB ISA 0:11:0: DEC 21040 $ sysctl hw hw.machine=alpha hw.model=AlphaStation 200 4/166 hw.ncpu=1 hw.byteorder=1234 hw.pagesize=8192 hw.disknames=sd0:6cac48c33b73b217,cd0:,fd0: hw.diskcount=3 hw.physmem=165724160 hw.usermem=165707776 hw.ncpufound=1 hw.allowpowerdown=1 $ mixerctl $ audioctl $ apm $ md5 -ttt MD5 time trial. Processing 100 1-byte blocks... Digest = f0843f04c524250749d014a8152920ec Time = 1072.322473 seconds Speed = 9325552.948660 bytes/second
Re: Panic booting AlphaStation 200 -- solved
On Sat, Mar 08, 2014 at 04:43:25PM -0700, Andrew Fresh wrote: > apecs0 at mainbus0: DECchip 21071 Core Logic chipset > apecs0: DC21071-CA pass 2, 64-bit memory bus > apecs0: DC21071-DA pass 2 > panic: trap Good news! I fixed this by updating the firmware from v4.28 to v7.0. l8rZ, -- andrew - http://afresh1.com Beta. Software undergoes beta testing shortly before it's released. Beta is Latin for "still doesn't work."
Panic booting AlphaStation 200
I was recently given an AlphaStation 200 to run OpenBSD on, it's a bit slow, but I got it installed. bsd.rd boots just fine and I can install, but the real kernel panics. This is my first install on this machine so I would totally believe bad hardware or jumpers that need changing. Any suggestions? l8rZ, -- andrew - http://afresh1.com rebooting... halted CPU 0 halt code = 5 HALT instruction executed PC = fc580118 CPU 0 booting (boot dka0.0.0.6.0 -flags A) block 0 of dka0.0.0.6.0 is a valid boot block reading 15 blocks from dka0.0.0.6.0 bootstrap code read in base = 1f6000, image_start = 0, image_bytes = 1e00 initializing HWRPB at 2000 initializing page table at 1e8000 initializing machine state setting affinity to the primary CPU jumping to bootstrap code OpenBSD/Alpha Primary Boot OpenBSD/alpha boot 1.10 VMS PAL rev: 0x100010530 OSF PAL rev: 0x100020123 Switch to OSF PAL code succeeded. Loading bsd... [ using 655088 bytes of bsd ELF symbol table ] consinit: not using prom console Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2014 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 5.5 (GENERIC) #124: Tue Mar 4 17:48:56 MST 2014 dera...@alpha.openbsd.org:/usr/src/sys/arch/alpha/compile/GENERIC AlphaStation 200 4/166, 166MHz 8192 byte page size, 1 processor. real mem = 167772160 (160MB) rsvd mem = 2064384 (1MB) avail mem = 154165248 (147MB) mainbus0 at root cpu0 at mainbus0: ID 0 (primary), 21064-1 (pass 3) apecs0 at mainbus0: DECchip 21071 Core Logic chipset apecs0: DC21071-CA pass 2, 64-bit memory bus apecs0: DC21071-DA pass 2 panic: trap Stopped at Debugger+0x4: ret zero,(ra) Debugger(6, fcc8b658, 1, 8, 3, 8) at Debugger+0x4 panic(?, 1, 0, 2, fc1f9b70, fe08) at panic+0xb8 trap(?, ?, ?, ?, ?, fe08) at trap+0xd4 XentMM(?, ?, ?, ?, ?, fe08) at XentMM+0x20 sio_intr_setup(?, ?, 1, ?, ?, fe08) at sio_intr_setup+0x12c pci_2100_a50_pickintr(?, ?, 1, ?, ?, fe08) at pci_2100_a50_pickintr +0xc8 apecsattach(?, ?, ?, ?, ?, fe08) at apecsattach+0x2a0 config_attach(?, ?, ?, fe0ec100, ?, fe08) at config_attach+ 0x244 RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb> trace Debugger(6, fcc8b658, 1, 8, 3, 8) at Debugger+0x4 panic(?, 1, 0, 2, fc1f9b70, fe08) at panic+0xb8 trap(?, ?, ?, ?, ?, fe08) at trap+0xd4 XentMM(?, ?, ?, ?, ?, fe08) at XentMM+0x20 sio_intr_setup(?, ?, 1, ?, ?, fe08) at sio_intr_setup+0x12c pci_2100_a50_pickintr(?, ?, 1, ?, ?, fe08) at pci_2100_a50_pickintr +0xc8 apecsattach(?, ?, ?, ?, ?, fe08) at apecsattach+0x2a0 config_attach(?, ?, ?, fe0ec100, ?, fe08) at config_attach+ 0x244 ddb> ps PID PPID PGRPUID S FLAGS WAIT COMMAND *0 -1 0 0 7 0x200swapper ddb>
Re: dzen2 with cwm
On Fri, Mar 22, 2013 at 10:36:32AM +, James Griffin wrote: > I was wondering if anyone uses dzen2 with OpenBSD (-current). If so > I'd be really interested to see some examples of setups and scripts. I put mine here: https://gist.github.com/afresh1/5095884 The statusbar is just CPU, memory and battery but easy enough to add other things. The bit that automatically adjusts to multiple screens is handier (haven't tied it to dock/undock yet but perhaps someday). l8rZ, -- andrew - http://afresh1.com Whatever happened to the days when hacking started at the cerebral cortex and not the keyboard? -- Sid from UserFriendly.org
Re: My first macppc install going poorly as well
On Mon, Sep 03, 2012 at 09:31:25PM +0400, Kirill Bychkov wrote: > On Sun, September 2, 2012 22:44, Kirill Bychkov wrote: > > On Sun, September 2, 2012 20:24, Andrew Fresh wrote: > >> It is a Power Mac G5 Dual 1.8GHz with the NVIDIA GeForceFX 5200 Ultra > >> video card. I believe the original "Q37" but could be a June 2004 > >> model, no idea how to tell for sure. > >> https://en.wikipedia.org/wiki/Power_Mac_G5 > > Go to OpenFirmware and then try "dev /cpus" and "ls". I will show you info > about CPU. OpenFirmware says my PowerPC,G5@0 is cpu-version 0039020 which according to the Internet is a I did need to dev /cpus/PowerPC,G5 then ".properties" to get the cpu-version, but thank you for the pointer. > I had a look at > http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/macppc/macppc/cpu.c?rev=1.67 > and see only 970FX processors mentioned. As I understand 970 != 970FX. My G5 > have 970, as OpenFirmware shows. M.B. problem is hiding in it? Based on some old netbsd supported model lists I believe you are correct that 970 != 970FX. Looking up the serial number on Apple's website http://support.apple.com/specs/ it claims I have a "Power Mac G5 (June 2004)" version http://support.apple.com/kb/SP80 which is supposed to have the 970FX http://www.apple-history.com/g5_june_04 But unfortunately it seems that is not the case because my 0039020 is a 970 not a 970FX http://everythingapple.blogspot.com/2004/11/130-nm-g5-is-alive-and-well.html l8rZ, -- andrew - http://afresh1.com Computer programmers know how to use their hardware.
My first macppc install going poorly as well
I got a nice G5 from work and would like to run OpenBSD macppc on it. However, when I attempt to install I get to what is described as step 4 for i386 and amd64 in the FAQ: booting hd0a:/bsd 4464500+838332 [58+204240+181750]=0x56cfd0 http://openbsd.org/faq/faq14.html#Boot386 Except that line does not fully complete and the screen goes blank white. I get the same results booting from CDs from 4.9, 5.1 and a fairly recent snapshot. The Apple Service Diagnostic disk claims everything is in great shape. It is a Power Mac G5 Dual 1.8GHz with the NVIDIA GeForceFX 5200 Ultra video card. I believe the original "Q37" but could be a June 2004 model, no idea how to tell for sure. https://en.wikipedia.org/wiki/Power_Mac_G5 Any suggestions? Did I just get a bad one? If I had a dmesg to attach I wouldn't be asking this question. :-) l8rZ, -- andrew - http://afresh1.com Life's unfair - but root password helps!
Re: Dmesg for thinkpad x220 tablet
On Mon, May 09, 2011 at 11:25:51AM -0300, Christiano F. Haesbaert wrote: > Hi, does anyone have a dmesg for a thinkpad x220 ? I got one for the x220 tablet I got to set up today. Attached are dmesg from both the amd64 and i386 kernels as well as the output from sysctl hw and glxinfo. The touch pad does paste when using left+right click to emulate the third button. The touchscreen didn't work in the default install, but I didn't have time to try to make it work. l8rZ, -- andrew - http://afresh1.com Microsoft Windows: Proof that P.T. Barnum was correct OpenBSD 4.9-current (GENERIC.MP) #111: Wed May 11 10:41:28 MDT 2011 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 4176080896 (3982MB) avail mem = 4050870272 (3863MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xbae23000 (66 entries) bios0: vendor LENOVO version "8DET41WW (1.11 )" date 03/28/2011 bios0: LENOVO 4294CTO acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT UEFI UEFI UEFI acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.65 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.26 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG cpu1: 256KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.26 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG cpu2: 256KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.26 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG cpu3: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus 5 (EXP4) acpiprt5 at acpi0: bus 13 (EXP5) acpiprt6 at acpi0: bus -1 (EXP7) acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpipwrres0 at acpi0: PUBS acpitz0 at acpi0: critical temperature 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model "42T4879" serial 9051 type LION oem "SANYO" acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: GDCK docked (15) cpu0: Enhanced SpeedStep 2691 MHz: speeds: 2701, 2700, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09 vga1 at pci0 dev 2 function 0 "Intel GT2+ Video" rev 0x09 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp at vga1 not configured "Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured "Intel 6 Series KT" rev 0x04 at pci0 dev 22 function 3 not configured em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: apic 2 int 20, address f0:de:f1:5c:c6:4b ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: apic 2 int 22 azalia0: codecs: Conexant/0x506e, Intel/0x2805, using Conexant/0x506e audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: apic 2 int 16 pci1 at ppb0 bus 2 ppb1 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb4: apic 2 int 17 pci2 at ppb1 bus 3 iwn0 at pci2 dev 0 function 0 "Intel Centrino Ultimate-N 6300" rev 0x35: apic 2 int 17, MIMO 3T3R, MoW, address 00:24:d7:ba:22:b8 ppb2 at p
Re: Creating release using site48.tgz
On Mon, May 09, 2011 at 05:28:12PM -0700, Stefan N wrote: > Thanks. By the way, I don't see the release directory inside the source > file(/usr/src) directory. > Does it mean that I need to create directory mkdir /usr/release first if my > source files is at /usr/src? The release man page does describe creating RELEASEDIR # mkdir -p ${DESTDIR} ${RELEASEDIR} I generally set RELEASEDIR=/usr/release, but it can really be a path anywhere you want your sets. The important part is that site48.tgz is in the same directory as the rest of the install sets. l8rZ, -- andrew - http://afresh1.com Computer Science: solving today's problems tomorrow.
Re: Creating release using site48.tgz
On Mon, May 09, 2011 at 04:59:17PM -0700, Stefan N wrote: > Are my steps correct? Close, but install sets are created in /usr/release and extracted relative to root so you need something more like this: tar -czf /usr/release/site48.tgz etc/pf.conf etc/rc.firsttime etc/backup.sh Although I would also recommend creating site49.tgz and installing 4.9. l8rZ, -- andrew - http://afresh1.com There are two ways to write error-free programs; only the third one works.
Re: OpenBSD Torrents - Tracker + Seed Hosting Needed
On Wed, Mar 30, 2011 at 12:45:49PM -0700, Andrew Fresh wrote: > I currently run the OpenBSD torrent tracker at > http://openbsd.somedomain.net > as well as the primary seeder but due to external circumstances I am no > longer able to continue hosting it. > > I am looking for someone interested and able to take this over. Happily I have found several volunteers, just need to do the work of moving it. Thank's to everyone for their offers of help. l8rZ, -- andrew - http://afresh1.com Hit any user to continue.
OpenBSD Torrents - Tracker + Seed Hosting Needed
I currently run the OpenBSD torrent tracker at http://openbsd.somedomain.net as well as the primary seeder but due to external circumstances I am no longer able to continue hosting it. I am looking for someone interested and able to take this over. I am more than happy to help with administration of the tracker and seeding, but can no longer host it. The best candidate would be someone who already has a local OpenBSD mirror because this requires just a few things more than having a mirror. Below is described what I am using, but can also help set up a different system. * Running the tracker. It is currently a PHPBTTracker which requires PHP and MySQL, it does use mod_rewrite to do some pretty urls but that is not required. There may be better tracker software out now, but I've used this one since 2005 and it seems to work fine. It isn't currently on the same machine as the seeder and could really be anywhere. I can point openbsd.somedomain.net at a new address or you can use a new url and I can set up a redirect. * Creating the torrents. I have a collection of perl and shell scripts that create the torrents. Just pass a directory containing the files to be seeded and they will generate a torrent, compare it the existing torrent and if it is different, add it to the tracker and update the seeding client. There is another script that monitors the mirror log and when the mirror process switches to another directory regenerates the torrent. * Seeding the torrents. I am currently using Transmission for seeding, I was using the official Python BitTorrent client, but it was too much of a hog. The script above takes care of adding and removing torrents. So far Transmission seems to work well. * Changing version numbers for current and previous releases every 6 months. (This is the only manual step) If you already have a mirror you probably don't need to do this. I don't have a specific time frame when the transition needs to be complete, but I was hoping to have it done already. If I can't find a replacement soon, this service will have to go away, and the list will again be inundated with "why aren't there torrents" questions every 6 months. Let me know if you are interested and if so we can start working out the details. l8rZ, -- andrew - http://afresh1.com Computer Science: solving today's problems tomorrow.
Re: Why I left OpenBSD
On Thu, Jun 10, 2010 at 11:28:40AM +0300, Dexter Tomisson wrote: > http://www.trollaxor.com/2010/06/why-i-left-openbsd.html On Wed, Jun 16, 2010 at 11:24:01AM +1000, Ted wrote: > http://www.trollaxor.com/2010/06/why-i-almost-gave-openbsd-10-didnt.html Since for some reason this thread is still here, I will copy and paste what I believe to be the most relevant text on either of those pages. It is duplicated on both, but I will only quote it once. Disclaimer This site contains works of fiction. If you don't realize that you're reading fiction, you shouldn't be here. l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net - Twitter: @AFreshOne BOFH excuse of the day: Our POP server was kidnapped by a weasel.
Re: Help contacting Richard Stallman
On Wed, May 26, 2010 at 02:52:50PM -0500, Vanessa Kraus wrote: > For what it's worth, I am on a good number of oss lists (including > Linux), and there are no other mentions of RMS anywhere. Also FWIW, saw a lot of OpenBSD + RMS chatter on the Twitter in the last 24 hours. http://search.twitter.com/search?ands=openbsd&phrase=&ors=stallman+rms Just stay away from the rest of the thread you may end up linked to. l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net - Twitter: @AFreshOne BOFH excuse of the day: Someone's tie is caught in the printer, and if anything else gets printed, he'll be in it too.
Re: 4.6 patch support
On Mon, Mar 22, 2010 at 01:36:45PM +0200, Andreas Gerdd wrote: > I've an OpenBSD 4.6-Stable system. I wanted to ask how long will > OBSD4.6 has patch/update support? If you already follow -stable, it is the same process to upgrade to newer release. The main differences are that you get newer versions of packages and when you run sysmerge it asks a few more questions. There may be a few other small things, but they should all be mentioned in the upgrade guide. It confuses me when people want support for older versions. Somehow they can follow -stable but upgrading to a new release is too hard? Perhaps they assume that as long as the fixes are committed to the -stable cvs tag, the -release code on their machine somehow magically has it because the version numbers are the same. l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net - Twitter: @AFreshOne BOFH excuse of the day: secretary plugged hairdryer into UPS
Re: 802.11QinQ support
On Wed, Mar 03, 2010 at 06:36:05PM +0200, Ross Cameron wrote: > Does anyone know off hand if OpenBSD 4.6 or -CURRENT supports > 802.1QinQ aka netsted VLans? > > If so, how do I configure it as I've tried the usual "ifconfig vlan? > create" and tried stipulating that the secondary VLan's parent > interface it the primary VLan interface. But this doesn't seem to work > :( I have been able to QinQ. # ifconfig vlan101 vlandev bce0 # ifconfig vlan201 vlandev vlan101 vlan101: flags=8843 mtu 1500 vlan: 101 priority: 0 parent interface: bce0 vlan201: flags=8843 mtu 1496 vlan: 201 priority: 0 parent interface: vlan101 A tcpdump when I actually tried it showed the nested vlans although I seem to have lost them. l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net - Twitter: @AFreshOne BOFH excuse of the day: sticky bit has come loose
Re: Recommend T1 Card for 4.6
On Wed, Jan 06, 2010 at 03:27:23PM -0700, Brandan Rowley wrote: > Thanks Andrew, Steve and David for your replies. You're welcome. > I did check the man pages for WAN devices and did a little research. > Here's what I found: > > *Accoom Networks Artery T1/E1 WAN interfaces (art) (G) This is the one I heard about. Supposedly good stuff, but were announced a month after I got my san cards so I didn't get to try to buy any. > *SBE (formerly Lan Media Corporation) SSI (T1)/HSSI/DS1/DS3 WAN > interfaces (lmc) (G) Haven't heard anything memorable about or tried. > *Sangoma Technologies AFT T1/E1 WAN interfaces (san) (G) This (A102u) I have working on 4.6 $ dmesg | grep -e OpenBSD -e san OpenBSD 4.6-stable (GENERIC.MP) #7: Tue Nov 24 10:26:10 MST 2009 san0 at pci0 dev 4 function 0 "Sangoma A10x" rev 0x01 apic 3 int 1 (irq 11) san1 at pci0 dev 8 function 0 "Sangoma A10x" rev 0x01 apic 3 int 6 (irq 10) $ ifconfig | grep ^san san0: flags=8051 mtu 1500 san1: flags=8051 mtu 1500 san2: flags=8051 mtu 1500 san3: flags=8051 mtu 1500 > Sangoma has a ton of links and info, but Sangoma has not supported > OpenBSD since 2007 as per the man page. I did purchase a Sangoma A101 > which is not recognized by 4.6 and the drivers won't install without > error. The Sangoma installation instructions on the internet are for > OpenBSD3.6 which seems pretty dated. > > Steve, How did you get your Sangoma card to work? Is it an A101u? I > believe the one I purchased was an A101c which Sangoma said replaced the > A101u. I have several of the A102u, but if I remove the daughter board it is magically an A101u, tho I have not tried that on 4.6, but did (successfully) in earlier versions. I have several messages in the archives and on gnats from when I was getting them going, but when I upgraded to 4.6 they just "worked" same as they have since I installed them. They actually seem to DDB less and less as I upgrade to newer versions of OpenBSD. Not that they would ever DDB often, generally only if I reboot instead of halt and powercycle or if something goes on with an AT&T line and they run their automated tests. One of their tests used to cause it, and may still, but I haven't had reason to find out. l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net BOFH excuse of the day: Incorrectly configured static routes on the corerouters.
Re: Recommend T1 Card for 4.6
On Wed, Jan 06, 2010 at 01:01:26PM -0700, Brandan Rowley wrote: > Is there anyone using a T1 card for data on 4.6? Perhaps a T1 to > Ethernet converter? I'm interested to find out how others have resolved > this and what hardware was used. We're using a Soekris 5501. I am (still) using Sangoma cards. They work "fine" but a warm boot instead of a cold boot sometimes causes a DDB. I have not tried any other solutions on OpenBSD. I do know there was another card that I believe an OpenBSD developer was helping make but I don't know that there was ever a product you could purchase. l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net BOFH excuse of the day: Melting hard drives
Re: Again, OpenBSD r0x! Thank you.
On Thu, Dec 31, 2009 at 09:13:45AM +1100, Aaron Mason wrote: > Hang on... isn't ftp_proxy defined in rc.conf? It is, but I had already set ftpproxy_flags="" in rc.conf.local so users could ftp out, so I needed a second instance for inbound connections. http://www.openbsd.org/faq/pf/ftp.html#natserver "Note that if you want to run ftp-proxy(8) to protect an FTP server as well as allow clients to FTP out from behind the firewall that two instances of ftp-proxy will be required." If I did only need the one, I could have done a similar thing in rc.conf.local as I did in rc.local, just setting ftpproxy_flags instead of starting the additional instance. l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net BOFH excuse of the day: root rot
Again, OpenBSD r0x! Thank you.
Setting up a new firewall, OpenBSD is making it easy. in /etc/pf.macros ftp_int=$srv01 ftp_ext=$external01 ftp_port=21 in /etc/pf.conf include "/etc/pf.macros" ... # NAT/Filter Rules for FTP Server (additon to above) pass in on egress proto tcp to $ftp_ext port $ftp_port pass out on internal proto tcp to $ftp_int port $ftp_port user proxy in /etc/rc.local . /etc/pf.macros echo -n ' ftp-proxy (internal)'; /usr/sbin/ftp-proxy -R $ftp_int -p $ftp_port -b $ftp_ext Thank you! (for that and much more) l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net A printer consists of three main parts: the case, the jammed paper tray and the blinking red light.
Re: Crash diagnosis
On Mon, Jun 08, 2009 at 03:56:48PM +0100, Gaby Vanhegan wrote: > I have a machine that is running 4.3 bsd.mp, MySQL and one single site > of PHP scripts which keep crashing. The frustrating thing is that it > doesn't panic the kernel so I can't get any DDB output, the machine > just locks up. Looking at it over the KVM it just shows the login > prompt with the cursor flashing but not responding. > Any suggestions about how I can try and figure out what's killing it? My guess would be since you mention 4.3 and Apache, that you are running out of amap. $ vmstat -m | grep '^ *UVM amap' Compare MemUse to the Limit. Since updating to 4.5 I haven't had the problem. This worked for Nagios. * * * * * /usr/local/libexec/nagios/check_amap > /dev/null || /home/andrew/apachectl stop wait start #!/bin/sh . /usr/local/libexec/nagios/utils.sh _sizes=`vmstat -m | awk '/^ *UVM amap/ { gsub("K", " "); print $4 " " $6}'` _free=`dc -e "5 k ${_sizes} sm sc lm lc - lm / 100 * f" | sed -e 's/\.*0*$//'` if [ ${_free%.*} -lt 25 ]; then echo WARNING: less than 25% amap free [${_free}%]! exit $STATE_WARNING fi if [ ${_free%.*} -lt 10 ]; then echo CRITICAL: less than 10% amap free [${_free}%]! exit $STATE_CRITICAL fi echo OK: [${_free}%] free exit $STATE_OK and you probably need $ diff -u /usr/sbin/apachectl apachectl --- /usr/sbin/apachectl Tue May 5 21:44:28 2009 +++ apachectl Wed Nov 19 09:49:28 2008 @@ -153,6 +153,19 @@ fi fi ;; +wait) +echo -n "$0 $ARG: " +while [ $RUNNING -eq 1 ]; do +if kill -0 $PID 2>/dev/null ; then +#echo -n . +sleep 1 +else +STATUS="httpd (pid $PID) not running" +RUNNING=0 +fi +done +echo ' httpd stopped' +;; status) $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' ;; l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net BOFH excuse of the day: Our ISP is having {switching,routing,SMDS,frame relay} problems
Re: promiscuous mode
On Tue, May 19, 2009 at 01:03:40PM -0700, Philip Guenther wrote: > On Tue, May 19, 2009 at 11:51 AM, Fortunato > wrote: > ... > > Is there a way to set the flags to PROMISC for an interface? > > What problem are you trying to solve? Although not the original poster, and this is not his problem, I had a need to set an interface to PROMISC and I used tcpdump fxp0 host 1.1.1.1 to accomplish it which seemed a kludge. I was testing some point to mulit-point wireless bridges. We ended up being able to load test 7 clients from one laptop, and could scale it further but ran out of places to mount the client equipment. Setup is like this: Iperf endpoint & DHCP server Switch AP Wireless Links Multiple Clients Switch (with vlans) OpenBSD Laptop to Trunk port on switch So, I did something like this to create vlans for the number of clients I want to test: local _count=3 local _start=1 for _v in `jot $_count $(( $_start + 100 ))`; do echo Start vlan$_v _lladdr="lladdr 00:11:22`echo $_v | sed -e 's/\(.\)/:0\1/g'`" ifconfig vlan$_v vlandev $_vlandev $_lladdr dhclient vlan$_v & done The lladdr change is because the DHCP server will not hand out multiple addresses if the vlans have the same MAC. The switch with vlans is configured as such: interface FastEthernet0/1 switchport access vlan 101 ! interface FastEthernet0/2 switchport access vlan 102 ! ... ! interface GigabitEthernet0/1 switchport mode trunk ! The laptop is plugged into the gigabit port on the switch, the different pieces of client equipment are plugged into the different FastEthernet ports. Then I run iperf simultaneously, bound to each vlan with an IP. #!/bin/sh local _host=iperf.server for _int in `ifconfig vlan 2>/dev/null | awk '/^vlan/ { sub(":","",$1); print $1 }' | sort`; do local _ip=`ifconfig $_int | awk '/inet / { print $2 }'` local _last=`echo $_int | sed -e 's/^.*\(..\)$/\1/'` local _port=$(( $_last + 5000 )) if [ ! -z $_ip ]; then iperf -B $_ip -p $_port -c $_host $@ | { local _line while read _line; do echo $_int: $_line done } & fi done wait l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net BOFH excuse of the day: A plumber is needed, the network drain is clogged
Re: Why so cool OS doesn't have vuln database?
On Fri, May 15, 2009 at 10:39:06PM +0500, Yuriy Grishin wrote: > I've installed OpenBSD 4.5 on my home gateway. > Random pids and critical files permission are really cool. > I just confused a little bit because I haven't found any way to check the > vulnerabilities of my configuration. http://www.openbsd.org/errata45.html > Are there any? If you changed something from the base system, then you have to manage any vulnerabilities from those changes on your own. l8rZ, -- andrew - ICQ# 253198 - Jabber: and...@rraz.net BOFH excuse of the day: 50% of the manual is in .pdf readme files
Edgeport/421 (TI version) serial is ugen
I recently got an Edgeport/421 (4 USB, 2 RS-232 DB-9, 1 parallel) that seemed like it would be really handy since this computer is legacy free and doesn't have any serial ports and having serial ports would be really handy. http://www.digi.com/products/usb/edgeport.jsp Everything seems to work great. Except the serial ports. Are there any suggestions on what I might need to do to make the serial ports work? >From looking and then taking it apart, it appears to be the newer TI version that is mostly just a TUSB5052 with one of the free ports hooked to a USB Parallel port. http://focus.ti.com/docs/prod/folders/print/tusb5052.html Is there already a USB serial driver that supports the TUSB5052 chip that I can just add the detection to? I am currently looking at uticom.c, but it claims: "XXX: multiport chips are not supported yet" More information if it helps. Snipped from a dmesg with UGEN_DEBUG set and ugendebug set to 10: uhub3 at uhub1 port 3 "Inside Out Networks product 0x028c" rev 1.10/1.51 addr 2 ulpt0 at uhub3 port 5 configuration 1 interface 0 "Inside Out Networks Edgeport/(4)21 Parallel" rev 1.00/1.00 addr 3 ulpt0: using bi-directional mode ugen0 at uhub3 port 6 "Inside Out Networks Edgeport/421" rev 1.10/0.01 addr 4 ugen_set_config: ugen0 to configno 1, sc=0x80127000 ugen_set_config: ifaceno 0 ugen_set_config: endptno 0, endpt=0x81(1,128), sce=0x80127468 ugen_set_config: endptno 1, endpt=0x01(1,0), sce=0x80127310 ugen_set_config: endptno 2, endpt=0x82(2,128), sce=0x80127718 ugen_set_config: endptno 3, endpt=0x02(2,0), sce=0x801275c0 ugen_set_config: endptno 4, endpt=0x87(7,128), sce=0x80128488 Some of the output from usbdevs -vd: Controller /dev/usb1: port 3 addr 2: full speed, self powered, config 1, product 0x028c(0x028c), Inside Out Networks(0x1608), rev 1.51 uhub3 port 1 powered port 2 powered port 3 powered port 4 powered port 5 addr 3: full speed, power 98 mA, config 1, Edgeport/(4)21 Parallel(0x000b), Inside Out Networks(0x1608), rev 1.00 ulpt0 port 6 addr 4: full speed, self powered, config 1, Edgeport/421(0x020c), Inside Out Networks(0x1608), rev 0.01, iSerialNumber V50419195-0 ugen0 I did ask the Google, and marc.info, and although I did find the Linux and Sun drivers that Digi provides, I did not find anything that was useful to me. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: the butane lighter causes the pincushioning
Re: Missing security announcements
On Thu, Nov 13, 2008 at 12:55:36PM -0500, Ted Unangst wrote: > On Thu, Nov 13, 2008 at 12:35 PM, Aaron W. Hsu <[EMAIL PROTECTED]> wrote: > > Is security-announce an open list? If not, give me access and I'll > > keep it reasonably up to date, give or take a day or so of release of > > the Security Errata on the website, unless there is an even faster way > > of checking it out, such as CVS. > > It is moderated, and really, outsiders should not be posting to it > because then it appears that they have some position of authority. > The only person who should be posting to the list is the person who > made the fix, because they are the security contact. When people > reply, it is important they are talking to the right person. I just wrote something quick in perl that scrapes the errata pages of the two most recent releases and sends a nicely formatted email for any that are have change since the last check. It does require a couple of packages be installed (p5-libwww and p5-HTML-Tree) but if there were enough interest from someone who could do something with it, I could probably make it work with just what is available in the base system. There are lots of ways to break something that scrapes html, but it is at least automated. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] #!/usr/bin/perl -T use strict; use warnings; %ENV = (); #Additional modules needed use LWP::Simple; # pkg_add p5-libwww use HTML::TreeBuilder;# pkg_add p5-HTML-Tree # Core modules use Text::Wrap; use Fcntl ':flock'; # import LOCK_* constants # should end with a / my $base_url = 'http://www.OpenBSD.org/'; my $start_page = 'errata.html'; my $sender= '[EMAIL PROTECTED]'; my $recipient = '[EMAIL PROTECTED]'; # should end with a / my $base_dir = '/home/andrew/.openbsd_errata_notifier/'; my $max_versions_to_process = 2; #*#*# Nothing to change beyond this point #*#*# my $tree = HTML::TreeBuilder->new(); my $content = get( $base_url . $start_page ) or die "Could't get [$start_page]: $!"; $tree->parse($content)->eof; my @errata_urls; foreach my $link ( @{ $tree->extract_links('a') } ) { my ( $url, $element, $attr, $tag ) = @{$link}; if ( $url =~ /^errata\d+\.html\Z/xms ) { push @errata_urls, $base_url . $url; } } $tree->delete; my $processed = 0; URL: foreach my $url ( reverse @errata_urls ) { $processed++; last URL if $processed > $max_versions_to_process; my $tree = HTML::TreeBuilder->new(); my $content = get($url) or die "Couldn't get [$url]: $!"; $tree->parse($content)->eof; my $title = $tree->find('title')->as_trimmed_text; my ($version) = $title =~ /\b ( \d+ \. \d ) \b/xms; foreach my $entry ( reverse $tree->find('ul')->find('li') ) { my $errata = process_errata_entry($entry); $errata->{version} = $version; $errata->{url} = $url; my $message = format_errata_message($errata); my $file= make_errata_dir($errata); if ( should_send( $message, $file ) ) { mail($message); } } $tree->delete; } sub process_errata_entry { my ($errata) = @_; my $id = $errata->find('a')->attr('name'); my ( $num, $type, $date ) = split /:\s*/xms, $errata->find('strong')->as_trimmed_text; my $arch = $errata->find('i')->as_trimmed_text; my %errata = ( id => $id, number => $num, type => $type, date => $date, arch => $arch, ); foreach my $content ( $errata->content_list ) { if ( ref $content eq 'HTML::Element' ) { if ( my $href = $content->attr('href') ) { if ( $href =~ m{ftp\.openbsd\.org.*patch\Z}ixms ) { $errata{patch} = { href => $href, text => $content->as_trimmed_text, }; $content->delete; } elsif ( $href =~ m{CVE-} ) { push @{ $errata{cve} }, { href => $href, text => $content->as_trimmed_text, }; $content->delete; } } } } foreach my $br ( $errata->find('br') ) { $br->replace_with("\n"); } my @descr = split /\n/, $errata->as_text; shift @descr; pop @descr; foreach my $m (@descr) { $m =~ s/^\s+//xms; $m =~ s/\.\W+\Z/\./xms; } $errata{description} = [EMAIL PROTECTED]; return \%errata; } sub mail { my ($message) = @_; open( my $sendmail, "|/usr/sbin/sendmail -oi -t -odq" ) or die "Can't fork for sendmail: $!\n"; print $sendmail $message; close $sendmail or warn "sendmail didn't close nicely"; } sub format_errata_message { my ($errata) = @_; my $message = <<"EOL"; From: $sender To: $recipient EOL $message .= 'Subject: Ope
Re: Multipath to CISCO
On Wed, Nov 05, 2008 at 09:40:02AM +, Stuart Henderson wrote: > On 2008-11-05, Mikel Lindsaar <[EMAIL PROTECTED]> wrote: > > The other option I believe would be using PF to round robin the packets on > > both destinations using route-to rules. Would this work? > > it should, but you might need to make the rules stateless ("no state"). > It works, and you do. # san2 and san3 are in interface group att att_if0="san2" att_if1="san3" pass in log on att to self pass in on att to $my_net no state flags any pass out on att from { $my _net self } no state flags any pass out on { $att_if0 $att_if1 } route-to { \ ($att_if0 $att_if0:peer) \ ($att_if1 $att_if1:peer) \ } round-robin from $my_net tag ROUTED ! tagged ROUTED \ no state flags any pass out on att to att:network this is on a multiple AT&T T1 link, but it should work mostly the same. However, you probably won't have the :peer address and will have to specify the address. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: Typo in the code
Re: vendor list (was: dmesg IBM x3650 OpenBSD 4.3 )
On Mon, Oct 13, 2008 at 10:28:37AM -0700, Charles Smith wrote: > > to create a web section listing the reasonable and bastard vendors? > > I think it would be useful in two points: > > > > * helps to OpenBSD community to choose the right hardware > > * make good or bad publicity depending on real vendor's position > > > > Anyway it's only an idea. > > +1 > I very like the idea. > Check the archives, it has been tried in the past. http://vendorwatch.org/ According to the Internet Archive's Wayback Machine, they have been reviving it since somewhere between February and June 2007. Apparently too many people are like me and think that it is a good idea, but don't have to time to maintain it. (definitely read the archives before even imagining that you would consider suggesting that it be maintained by developers) l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: Sysadmin accidentally destroyed pager with a large hammer.
Re: Weird pkg_info behavior?
On Tue, Sep 30, 2008 at 10:47:56PM -0400, Nick Guenther wrote: > If you are looking for package descriptions, install the ports tree > and read the Makefiles. Also, if you are lazy/not on an OpenBSD box, > most of the descriptions are available at > http://www.openbsd.org/4.3_packages/. or even http://openports.se/search.php?so=vim l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: internet is needed to catch the etherbunny
OpenOSPFd fails to form adjancy if remote router-id changes
The problem I am seeing is that if I don't specify a router-id in ospfd.conf, then if the highest IP on a peer router changes the automatic Router ID, the session fails to start with a "failed to form adjacency with " error. Is this expected behavior? I can solve it by setting the router-id in ospfd.conf, but that means I have to customize it for each individual host, and can't have an ospfd.conf for the role. I would include a full dmesg, but I have seen this since 4.2 on different hardware, and for this test, these are just Soekris NET4801, so there are plenty of dmesg in the archives. I have just finally had enough time to ask about it. Here is a description of how to repeat the problem as well as log messages. If there is any more information I should gather, let me know. Both Hosts: Soekris 4801 running: OpenBSD 4.4-current (GENERIC) #1038: Thu Sep 4 14:53:02 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC Crossover cable between Host1:sis1 and Host2:sis1. No other cables connected, except serial console. --- BEGIN /etc/rc.conf.local --- ospfd_flags="" --- END /etc/rc.conf.local --- --- BEGIN /etc/sysctl.conf --- net.inet.ip.forwarding=1 --- END /etc/sysctl.conf --- --- BEGIN /etc/ospfd.conf --- area 0.0.0.0 { interface sis0 interface sis1 } --- END /etc/ospfd.conf --- Host1: /etc/hostname.sis0:inet 10.33.100.1 255.255.255.0 NONE /etc/hostname.sis1:inet 10.33.1.2 255.255.255.0 NONE Host2: /etc/hostname.sis0:inet 10.33.0.1 255.255.255.0 NONE /etc/hostname.sis1:inet 10.33.1.1 255.255.255.0 NONE /etc/hostname.lo2:inet 10.0.100.1 255.255.255.0 NONE Action: On Host1: # ospfctl s | grep Router Router ID: 10.33.1.2 # ospfctl s nei ID Pri StateDeadTime Address Iface Uptime 10.33.1.1 1 FULL/BCKUP 00:00:38 10.33.1.1 sis1 00:00:22 On Host2: # ospfctl s | grep Router Router ID: 10.0.100.1 # mv /etc/hostname.lo2 /etc/hostname.lo2.orig && \ sed -e 's/10.0.100.1/10.0.99.1/' /etc/hostname.lo2.orig > /etc/hostname.lo2 # reboot # ospfctl s | grep Router Router ID: 10.0.99.1 # ospfctl s nei ID Pri StateDeadTime Address Iface Uptime 10.33.1.2 1 INIT/OTHER 00:00:38 10.33.1.2 sis1 - # grep ospf /var/log/daemon Sep 5 14:11:39 Host2 ospfd[497]: startup Sep 5 14:15:22 Host2 ospfd[8572]: startup On Host1 after a reboot of Host2: # ospfctl s nei ID Pri StateDeadTime Address Iface Uptime 10.0.100.1 1 EXSTA/OTHER 00:00:35 10.33.1.1 sis1 - # grep ospf /var/log/daemon Aug 8 14:11:22 Host1 ospfd[13083]: startup Aug 8 14:20:58 Host1 ospfd[26289]: nbr_adj_timer: failed to form adjacency with 10.0.100.1 Aug 8 14:21:58 Host1 ospfd[26289]: nbr_adj_timer: failed to form adjacency with 10.0.100.1 l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: Internet shut down due to maintenance
Re: Azalia - Realtek/0x0885 - plays, but no sound
On Tue, Jun 10, 2008 at 01:43:06AM -0700, Predrag Punosevac wrote: > alemao wrote: > Look the output from mixerctl and adjust things like > > outputs.master=248,248 ( I think this is by default something like 128,128) > > and few other which are self explanatory. > I have the similar audio card and I had the same problem. Ok, This is crazy. Yesterday, I started composing an email to ask pretty much the same question. (no sound from azalia). Today I have sound, thanks to this list (This time being Peiter and Predrag). I don't know how this list does it, but it is not the first time my questions have been answered as I was getting ready to ask them. Thank you all very much. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: We had to turn off that service to comply with the CDA Bill.
Re: Window Manager
On Tue, May 06, 2008 at 01:18:06PM +0300, Paul Irofti wrote: > On Sun, May 04, 2008 at 09:29:42PM -0300, Gonzalo Lionel Rodriguez wrote: > > I dont know if it is the place to ask it, but that window manager uses? And > > why? > > I use cwm (its in base) I have to agree with this one. It is in base and it keeps getting better and better (it is the reason I am running snapshots on my desktop instead of -stable) l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: Incorrectly configured static routes on the corerouters.
Re: spamd fake MX
On Thu, Apr 10, 2008 at 02:07:43PM +1000, Rod Whitworth wrote: > Reality check please. > > I see quite a few attempts to access port 25 on boxes that don't have > externally listening smtpd. They show up in firewall logs. > > It is a possibility to let spamd listen (as usual, redirected from 25 > to 8025, or even on 25 itself) and feed the IP over to my real MX using > the spamd sync capability? > > I think so but I may just need a cluebat if there is some reson not to. http://www.hungryhacker.com/articles/misc/spamd I have been meaning to set this up, and then sync the IPs to my actual mail servers so they can be blacklisted. I just haven't had time. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: high pressure system failure
Re: Installing apsfilter package fails
On Thu, Mar 20, 2008 at 07:43:10AM -0700, Ed Flecko wrote: > Thank you Preston. > > You said, "If I remember correctly, you need to have the x-base > package installed > for the libiconv / gettext dependencies to be met. It's an issue with > 4.2." > > How did you know that? Is there a "source" that I should reference > that I'm not aware of to "keep up" on the latest idiosyncrasies, bugs, > etc.??? There actually is a "source" for this sort of thing. I think Nick puts a lot of time into it too. http://www.openbsd.org/faq/upgrade42.html l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: The Token fell out of the ring. Call us when you find it.
Re: route-to performance problem
On Fri, Oct 05, 2007 at 06:49:31PM -0400, Chris Smith wrote: > On Friday 05 October 2007, andrew fresh wrote: > OK, I'm still tagging, but it does seem that doing the route-to on ingress is > a working scenario. Oh good. I am glad that worked. > > You may also want some of the rules like are shown in the FAQ > > http://www.openbsd.org/faq/pf/pools.html > > > > To ensure that packets with a source address belonging to $ext_if1 are > > always routed to $ext_gw1 (and similarly for $ext_if2 and $ext_gw2), the > > following two lines should be included in the ruleset: > > > > pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 \ > >to any > > pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 \ > >to any > > > > I am NOT sure that I am correct, but this may give you something else to > > try. > > I'm having trouble grokking that example, and also thinking that whatever > it's > doing may not be necessary for a non-pool setup. Any confirmation? What this does is make sure that any packets coming from the IP of one of the interfaces (that are the NAT IPs) go out the correct interface. So you would add this in addition to the other rules. It probably won't do anything, but it might. pass out on $ext_if route-to ($wow_8_if $wow_8_gw) from $wow_8_if pass out on $wow_8_if route-to ($ext_if $ext_gw) from $ext_gw Adding the third interface gets slightly more confusing. I got it working in testing and I am going to install one (that does round-robin, but that isn't important) on Tuesday. Then I am going to have to work on an ifstated setup for failover and I am not looking forward to that :-) > > I also think tcpdump on the different external interfaces when you are > > trying this would probably help a lot. > > That was I using to see what interface the packets were traversing. Did you see any packets coming out the wrong interface? For example, packets with the $ext_if IP coming out of $wow_8_if? That is what I would have expected from your ruleset (mebbe). l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: your process is not ISO 9000 compliant
Re: route-to performance problem
On Fri, Oct 05, 2007 at 11:40:07AM -0400, Chris Smith wrote: > The performance issue is that normal web access is horrifically slow, yet > when > doing a download test the results show the proper bandwidth. It takes a while for the packets to figure out how to get through the router, once they do, the states are set up and everything works as it should. I can see that. > Basic scenario is 2 internal interfaces (2 separate subnets) and three > external (gateway) interfaces (a T1 line - the default gateway, a 4Mb/s cable > line, and an 8Mb/s cable line). My current testing is just using one system > to route-to one of the non-default gateways. This means that each interface has a separate subnet with separate gateways and all that? What is $ext_if and what is $wow_8_if? You seem to use them kind of randomly in your ruleset below. I am guessing that $ext_if is the T1 (default gateway) and that $wow_8_if is one of the cable lines. I think your problem is that if you route-to on your outbound interface it happens after NAT. NAT and route-to on egress is I think a bad combination. That it works at all is to me more surprising than that it is slow. > Simplified ruleset: > == > nat on $ext_if inet tag WOW_8_NAT tagged WOW_8 -> $wow_8_ad1 > nat on $ext_if inet from $s3_if:network to any -> $ext_ad > > pass in on $s3_if inet from $s3_if:network to !$alt_if flags S/SA keep state > pass in on $s3_if inet from $orion7 to !$alt_if flags S/SA keep state tag W > OW_8 > > pass out on $s3_if from any to $s3_if:network flags S/SA keep state > > pass out on $ext_if all keep state flags S/SA > pass out on $ext_if route-to ( $wow_8_if $wow_8_gw ) all keep state flags > S/SA > tagged WOW_8_NAT > == Perhaps try this (I didn't): (and keep state is default now so that simplifies the rules) == nat on $ext_if inet from $s3_if:network to any -> $ext_ad nat on $wow_8_if inet from $s3_if:network to any -> $wow_8_ad1 pass in on $s3_if inet from $s3_if:network to !$alt_if pass in on $s3_if route-to ( $wow_8_if $wow_8_gw ) \ inet from $orion7 to !$alt_if pass out on $s3_if from any to $s3_if:network pass out on $ext_if pass out on $wow_8_if == You may also want some of the rules like are shown in the FAQ http://www.openbsd.org/faq/pf/pools.html To ensure that packets with a source address belonging to $ext_if1 are always routed to $ext_gw1 (and similarly for $ext_if2 and $ext_gw2), the following two lines should be included in the ruleset: pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 \ to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 \ to any I am NOT sure that I am correct, but this may give you something else to try. I also think tcpdump on the different external interfaces when you are trying this would probably help a lot. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: Not enough interrupts
Re: sendmail SMTP auth
On Thu, Aug 09, 2007 at 03:34:09PM -0400, Mike Erdely wrote: > 1. Put 'WANT_SMTPAUTH=1' in your /etc/mk.conf file. > 2. Extract src.tar.gz to /usr/src. 2a. pkg_add cyrus-sasl > 3. Rebuild sendmail. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: sticktion
Re: Strange crashes started this morning
On Thu, Jun 21, 2007 at 03:02:52PM -0700, Ted Unangst wrote: > On 6/21/07, andrew fresh <[EMAIL PROTECTED]> wrote: > >I have several routers that have been running great for many months. > >(even better since I upgraded to 4.1 on them oround May 4th) > > > >OpenBSD 4.1-stable (GENERIC.MP) #0: Fri May 4 21:56:51 MST 2007 > > > >This morning, one of them went down and nagios paged me. Getting to > >work, I just thought it was odd, looked at the trace and restarted it > >and went home. About half an hour later, it happened again. I again > > what happens if you push c and enter? Finally got to find out. The router DDBd again. It isn't all that useful. ddb{1}> c kernel: page fault trap, code=0 Stopped at db_read_bytes+0x14: movb0(%edx),%al ddb{0}> c kernel: page fault trap, code=0 Stopped at db_read_bytes+0x14: movb0(%edx),%al And that same thing for the 10 or so times I tried it. Below is the log, the first bit is the first time is DDBd, I didn't get the full trace that time, but within about 5 minutes it did it again and did get the trace, ps and even a show registers. It has been OK again for about an hour, but if there is something else that would probide more information, please let me know and if it happens again I can try that. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] "When the grammar checker identifies an error, it suggests a correction and can even makes some changes for you." - Microsoft Word for Windows 2.0 User's Guide. =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2007.07.23 13:10:58 =~=~=~=~=~=~=~=~=~=~=~= ddb{0}> ddb{0}> sh panic the kernel did not panic ddb{0}> trace db_read_bytes(0,1,e7f2fd5c,2,0) at db_read_bytes+0x14 db_get_value(0,1,0,d067dbc3,0) at db_get_value+0x19 db_disasm(0,0,d033f310,0,50) at db_disasm+0x1d db_print_loc_and_inst(0,e7f2fe14,e7f2fe2c,d0473534,0) at db_print_loc_and_inst+ 0x2d db_trap(6,0,e7f2fe4c,d04642dd,1) at db_trap+0x75 kdb_trap(6,0,e7f2fe94,50) at kdb_trap+0xe8 trap() at trap+0xa1 --- trap (number 6) --- (null)(0,d1229240,0,e7f2e000,0) at 0 softclock(e7f20058,e7f20010,10,e7f20010,e7f2e000) at softclock+0x22c Bad frame pointer: 0xe7f2ff20 ddb{0}> boot sync syncing disks... panic: tsleep: not SONPROC Stopped at Debugger+0x4: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb{0}> boot sync rebooting... >> OpenBSD/i386 BOOT 2.10 boot> booting hd0a:/bsd: \|/-\|/-5611032\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/+882424 [52+286400-\|/-\|/-\|/-\|/-+266500\|/-\|/-\|/-\|/-\]=0x6b867c entry point at 0x200120* [ using 553324 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2007 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.1-stable (GENERIC.MP) #0: Fri May 4 21:56:51 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel Pentium III ("GenuineIntel" 686-class) 732 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 536436736 (523864K) avail mem = 481710080 (470420K) using 4278 buffers containing 26943488 bytes (26312K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 08/04/03, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xfafc0 (51 entries) bios0: Dell Computer Corporation PowerEdge 2450 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc2c0/144 (7 entries) pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks OSB4" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x6000 0xec000/0x4000! acpi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 1 (boot processor) cpu0: apic clock running at 132 MHz cpu1 at mainbus0: apid 0 (application processor) cpu1: Intel Pentium III ("GenuineIntel" 686-class) 732 MHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 4 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 16 pins ioapic0: misconfigured as apic 0, remapped to apid 2 ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins ioapic1: misconfigured as apic 0, remapped to apid 3 esm0 a
Re: Strange crashes started this morning
On Fri, Jun 22, 2007 at 11:27:11PM -0400, Alex Feldman wrote: > Hi Andrew > > You crash dump doesn't show that it crashed on san driver. I'm saying that > this is not the problem with san driver but it doesn't show any driver > related function in crash trace. I do not see that either. However, I am not familier with the internals of the OpenBSD kernel. Theo is, and he seems to think it is a san issue. At this point I trust his judgment above yours. My suggestion would be to provide the documentation that the OpenBSD team is looking for so that they can prove one way or another where the problems are and improve the code for everyone. > For both Andrew and Richard: > 1. If you can send me the crash trace that includes san driver function that > will be helpful. I expect that it would, unfortunatly, I cannot reproduce this problem on command. It only happened the one day so far and I have no idea what caused it. How about, while waiting for more information on this problem, you see if you can do anything about a problem I can repeat. It causes me no end of trouble because it makes both routers DDB any time I soft boot them. That means I can't upgrade the version of OpenBSD on them remotely. This I attribute to the san stuff because it doesn't happen in any of the other machines I am running OpenBSD on. You may notice that the trace for this one also doesn't reference any san driver calls. You can see it in bug number 5404: http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=5404 In bug 4484, someone else seems to have had similar issues: http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=4484 Who knows, getting the OpenBSD developers the documentation they need so they can fix that issue will coincidently fix the one I am complaining about now. > 2. Can you send me the configuration for ppp/Wanpipe and details instruction > how to get this crash; I'll try to resolve this issue. Here is the configuration on the interfaces that seemed to cause the issue this last time. They are they only lines I have that are PROTO=ppp, the rest are HDLC (PROTO=cisco). $ sudo sanconfig san2 ALEX2 Hardware configuration for san2: AFT-A102 : SLOT=8 : BUS=0 : IRQ=10 : CPU=A : PORT=PRI Interface configuration for san2: MEDIA=T1 LCODE=B8ZS FRAME=ESF TECLOCK=Normal LBO=0db ACTIVE_CH=all PROTO=ppp $ sudo sanconfig san3 ALEX2 Hardware configuration for san3: AFT-A102 : SLOT=8 : BUS=0 : IRQ=10 : CPU=B : PORT=PRI Interface configuration for san3: MEDIA=T1 LCODE=B8ZS FRAME=ESF TECLOCK=Normal LBO=0db ACTIVE_CH=all PROTO=ppp For the other, I will just quote what I wrote before. > From: andrew fresh [mailto:[EMAIL PROTECTED] > > There are two resons I believe it is the Sangoma driver causing the > > problem. > > > > The first is the message from Theo that you can read in the archives > > here: > > > > http://marc.info/?l=openbsd-misc&m=118246162917905&w=2 > > > > where he said "I suggest you call [Sangoma]". > > > > > > The second being the logs. They are in the messages linked above, but > > just before the router locked up there were san messages in > > /var/log/messages and on the console there is "san2: LCP keepalive > > timeout". And this: > > I am not > > sure what triggers this problem and it has not happened again since the > > times mentioned in that email so it is fairly difficult to debug. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: Pentium FDIV bug
Re: Strange crashes started this morning
On Fri, Jun 22, 2007 at 04:45:34PM -0400, Alex Feldman wrote: > Hello Andrew, > > I'm sorry for the delay. I don't have always time to got through mailing > list. > It is not so clear that the crash related to Sangoma driver. I would like to > see the crash dump at that moment. This will help me to resolve the issue. I included the trace and other information in my original message to the list. You can see it in the archives here: http://marc.info/?l=openbsd-misc&m=118245939832197&w=2 I also submitted that information to [EMAIL PROTECTED] from [EMAIL PROTECTED] There are two resons I believe it is the Sangoma driver causing the problem. The first is the message from Theo that you can read in the archives here: http://marc.info/?l=openbsd-misc&m=118246162917905&w=2 where he said "I suggest you call [Sangoma]". The second being the logs. They are in the messages linked above, but just before the router locked up there were san messages in /var/log/messages and on the console there is "san2: LCP keepalive timeout". Is there some additional information that you need that I can provide? I believe everything is in that first message linked above. I am not sure what triggers this problem and it has not happened again since the times mentioned in that email so it is fairly difficult to debug. I worry that it will happen when I am not available to restart it and so would like to get it resolved. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] A printer consists of three main parts: the case, the jammed paper tray and the blinking red light.
Re: Strange crashes started this morning
On Thu, Jun 21, 2007 at 03:29:04PM -0600, Theo de Raadt wrote: > Sangoma has made it pretty clear (by ignoring problem reports > from our developers) that they don't care at all. > > I suggest you call them, and add your voice there. I certainly will. Unfortunately I think these cards showed up on the same day that the announcement about accoom.kd85.com showed up in my mailbox. Is there anyone in particular I should ask to speak with there or just anyone who answers the phone? > Otherwise, I suggest that everyone running Sangoma projects > learn from this experience... I certainly would recommend a different card. I am trying to replace some of these with an ethernet connection but getting anything other than T1s has been a problem here. When I do get this fast ethernet line, does anyone want to trade 5 dual port san(4) cards for 3 dual port art(4)? :-) Otherwise I will have to try to get a budget approved to just replace them. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] At the source of every error which is blamed on the computer, you will find at least two human errors, including the error of blaming it on the computer.
Strange crashes started this morning
I have several routers that have been running great for many months. (even better since I upgraded to 4.1 on them oround May 4th) OpenBSD 4.1-stable (GENERIC.MP) #0: Fri May 4 21:56:51 MST 2007 This morning, one of them went down and nagios paged me. Getting to work, I just thought it was odd, looked at the trace and restarted it and went home. About half an hour later, it happened again. I again thought it weird and restarted it. Then, about an hour and a half later it did it again and I captured a ps and trace and within a few minutes, while I was still logging and watching, it ddb'ed again and I got another ps and trace. (see the end of the email for the log with the dmesg in between) Now it appears to be a real problem, but I am not sure what would be causing it. I haven't changed anything on the routers in several days and that was only adding a script to ping some hosts regularly to crontab. That is the only change since upgrading. The other router which is the same hardware (but connected to different lines) has been fine. It sounds similar to these messages, but they were not enough to give me ideas of what could be causing it. http://marc.info/?l=openbsd-bugs&m=117855291725222&w=2 http://marc.info/?l=openbsd-misc&m=117204993326219&w=2 I see "san2: LCP keepalive timeout" output to the console and the below in /var/log/messages right around when it locked up but the traces don't seem to have anything to do with the network. Jun 21 06:05:05 rrlhcrtr0200 /bsd: san3: T1 YELLOW ON Jun 21 06:05:05 rrlhcrtr0200 /bsd: san3: T1 disconnected! Jun 21 06:05:05 rrlhcrtr0200 /bsd: san3: Link connecting... Jun 21 06:40:56 rrlhcrtr0200 syslogd: start Jun 21 07:15:44 rrlhcrtr0200 /bsd: san3: T1 LB activation code received. Jun 21 07:15:44 rrlhcrtr0200 /bsd: san3: Unknown signal (15). Jun 21 07:15:59 rrlhcrtr0200 /bsd: san3: T1 LB deactivation code received. Jun 21 07:16:04 rrlhcrtr0200 /bsd: san3: T1 LB deactivation code received. Jun 21 07:16:08 rrlhcrtr0200 /bsd: san3: Unknown signal (09). Jun 21 07:16:08 rrlhcrtr0200 /bsd: san3: Unknown signal (15). Jun 21 07:16:15 rrlhcrtr0200 /bsd: san2: T1 LB activation code received. Jun 21 07:16:15 rrlhcrtr0200 /bsd: san2: Unknown signal (15). Jun 21 07:16:39 rrlhcrtr0200 /bsd: san2: T1 LB deactivation code received. Jun 21 08:08:49 rrlhcrtr0200 syslogd: start Jun 21 09:26:53 rrlhcrtr0200 /bsd: san2: T1 AIS ON Jun 21 09:26:53 rrlhcrtr0200 /bsd: san2: T1 disconnected! Jun 21 09:26:53 rrlhcrtr0200 /bsd: san2: Link connecting... Jun 21 09:26:54 rrlhcrtr0200 /bsd: san2: T1 RED ON Jun 21 09:30:51 rrlhcrtr0200 syslogd: start Jun 21 09:39:51 rrlhcrtr0200 /bsd: san2: T1 AIS ON Jun 21 09:39:51 rrlhcrtr0200 /bsd: san2: T1 disconnected! Jun 21 09:39:51 rrlhcrtr0200 /bsd: san2: Link connecting... Jun 21 09:39:52 rrlhcrtr0200 /bsd: san2: T1 RED ON Jun 21 09:50:21 rrlhcrtr0200 syslogd: start Jun 21 09:50:21 rrlhcrtr0200 syslogd: start Here is the output from ifconfig if it could prove useful: $ ifconfig lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa fxp0: flags=8843 mtu 1500 lladdr 00:b0:d0:20:8a:b1 groups: internal media: Ethernet autoselect (100baseTX full-duplex) status: active inet 66.185.224.2 netmask 0xffe0 broadcast 66.185.224.31 inet6 fe80::2b0:d0ff:fe20:8ab1%fxp0 prefixlen 64 scopeid 0x1 fxp1: flags=8802 mtu 1500 lladdr 00:50:8b:5e:e7:ac media: Ethernet autoselect (none) status: no carrier fxp2: flags=8843 mtu 1500 lladdr 00:50:8b:5e:e7:ad media: Ethernet autoselect (100baseTX full-duplex) status: active inet 10.1.1.2 netmask 0xff00 broadcast 10.1.1.255 inet6 fe80::250:8bff:fe5e:e7ad%fxp2 prefixlen 64 scopeid 0x3 san0: flags=8051 mtu 1500 description: T1 to Sprint groups: sprint external media: TDM t1 inet 144.228.193.62 --> 144.228.193.61 netmask 0xfffc inet6 fe80::2b0:d0ff:fe20:8ab1%san0 -> prefixlen 64 scopeid 0x4 san1: flags=8051 mtu 1500 description: T1 to Sprint groups: sprint external media: TDM t1 inet 144.228.193.74 --> 144.228.193.73 netmask 0xfffc inet6 fe80::2b0:d0ff:fe20:8ab1%san1 -> prefixlen 64 scopeid 0x5 san2: flags=8051 mtu 1500 description: T1 to AT&T sppp: phase network groups: att external media: TDM t1 ppp inet 12.124.16.22 --> 12.124.16.21 netmask 0xfffc inet6 fe80::2b0:d0ff:fe20:8ab1%san2 -> prefixlen 64 scopeid 0x6 san3: flags=8051 mtu 1500 description: T1 to AT&T sppp: phase network groups: att external media: TDM t1 ppp inet 12.124.17.122 --> 12.124.17.121 netmask 0xfffc inet6 fe80::2b0:d0ff:fe20:8ab1%san3 -> prefixlen 64 scopeid 0x7 pflog0: flags=141 mtu 33224 enc0: flags=0<> mtu 1536 lo1: flags=
OpenBSD 4.1 Torrents
Probably everyone knows already, but I just wanted to get the word out that there are OpenBSD 4.1 torrents now on the torrent site: http://openbsd.somedomain.net/index.php?version=4.1 So far they are mostly just the files off of the CDs, but as I get synced up, the package torrents will update. l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: The Borg tried to assimilate your system. Resistance is futile.
Re: -current sensorsd doesn't work for me
I am CC'ing tech@ not because I like to crosspost, but because I believe this to be the end of a conversation on misc@ and the start of a discussion on tech@ about hopefully getting this changed. On Sat, Jan 13, 2007 at 10:11:24AM -0500, Constantine A. Murenin wrote: > On 12/01/07, andrew fresh <[EMAIL PROTECTED]> wrote: > >I am trying to shut down my laptop using the voltage sensors. > >Unfortunatly I can't test this with a generic kernel because all my > >sensors on my only -current box come from the ACPI subsystem. > > > >The problem is, the limits don't seems to work: > > > >$ sysctl hw.sensors.acpibat0.volt1 > >hw.sensors.acpibat0.volt1=7.96 VDC (current voltage), OK > >$ tail -3 /etc/sensorsd.conf > >hw.sensors.acpibat0.volt1:low=8V:high=9V no matter what I set, sensorsd always says "within limits". > sensorsd.conf(5) says [that's how it is supposed to work] > > The following patch will allow you to set high and low values for > volt0 and volt1 on acpibat in sensorsd: I think would prefer this patch, or something like it, just in case I want to override the choices someone made for other sensors. I believe this diff adds useful functionality without losing anything. However, I am NOT a C programmer, so I may have screwed something up. Index: sensorsd.c === RCS file: /cvs/src/usr.sbin/sensorsd/sensorsd.c,v retrieving revision 1.27 diff -u -r1.27 sensorsd.c --- sensorsd.c 6 Jan 2007 18:17:06 - 1.27 +++ sensorsd.c 13 Jan 2007 18:15:12 - @@ -218,7 +218,9 @@ * status had failed so warn about it */ if (newstatus == SENSOR_S_UNKNOWN) newstatus = SENSOR_S_WARN; - else if (newstatus == SENSOR_S_UNSPEC) { + else if (newstatus == SENSOR_S_UNSPEC || + limit->upper != LLONG_MAX || + limit->lower != LLONG_MIN) { if (sensor.value > limit->upper || sensor.value < limit->lower) newstatus = SENSOR_S_CRIT; Index: sensorsd.conf.5 === RCS file: /cvs/src/usr.sbin/sensorsd/sensorsd.conf.5,v retrieving revision 1.10 diff -u -r1.10 sensorsd.conf.5 --- sensorsd.conf.5 28 Dec 2006 10:04:27 - 1.10 +++ sensorsd.conf.5 13 Jan 2007 18:15:12 - @@ -58,8 +58,8 @@ .Xr esm 4 , or .Xr ipmi 4 ) -do not require boundary values specified (that otherwise will be -ignored) and simply trigger on status transitions. +do not require boundary values specified and simply trigger on status +transitions unless you specify either boundry. .Pp The command is executed on transitions out of, and back into, given limits. Tokens in the command are substituted as follows: === l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: (l)user error
-current sensorsd doesn't work for me
I am trying to shut down my laptop using the voltage sensors. Unfortunatly I can't test this with a generic kernel because all my sensors on my only -current box come from the ACPI subsystem. The problem is, the limits don't seems to work: $ sysctl hw.sensors.acpibat0.volt1 hw.sensors.acpibat0.volt1=7.96 VDC (current voltage), OK $ tail -3 /etc/sensorsd.conf hw.sensors.acpibat0.volt1:low=8V:high=9V #:command=/etc/sensorsd/shutdown "%2" "%3" $ sudo sensorsd -d ^C $ tail -1 /var/log/messages Jan 12 18:25:24 trin sensorsd[15369]: hw.sensors.acpibat0.volt1: within limits, value: 7.96 V DC $ I think that should trip the low limit. I changed it to "low=5V:high=9V" and it works as expected. The log says it is within limits. But, if I change the entry in sensorsd.conf to "low=5V:high=6V" (should trip the high limit) it still claims the sensors are within limits. Am I doing something stupid? The diff for the acpi kernel --- GENERIC Fri Jan 5 18:54:24 2007 +++ ACPIThu Jan 11 21:20:37 2007 @@ -57,19 +57,19 @@ eisa0 at mainbus0 pci* at mainbus0 -#optionACPIVERBOSE -#optionACPI_ENABLE +option ACPIVERBOSE +option ACPI_ENABLE -acpi0 at mainbus? disable -#acpitimer*at acpi? -#acpihpet* at acpi? -#acpiac* at acpi? -#acpibat* at acpi? -#acpibtn* at acpi? -#acpicpu* at acpi? -acpiec*at acpi?disable +acpi0 at mainbus? +acpitimer* at acpi? +acpihpet* at acpi? +acpiac*at acpi? +acpibat* at acpi? +acpibtn* at acpi? +acpicpu* at acpi? +acpiec*at acpi? acpiprt* at acpi? -#acpitz* at acpi? +acpitz*at acpi? option PCIVERBOSE option EISAVERBOSE and my DMESG OpenBSD 4.0-current (ACPI) #1: Thu Jan 11 21:42:30 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ACPI cpu0: Intel(R) Pentium(R) M processor 1.30GHz ("GenuineIntel" 686-class) 1.30 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 real mem = 1063415808 (1038492K) avail mem = 961875968 (939332K) using 4256 buffers containing 53293056 bytes (52044K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(d8) BIOS, date 12/01/05, BIOS32 rev. 0 @ 0xfd6a0, SMBIOS rev. 2.3 @ 0xd8010 (17 entries) bios0: Sony Corporation VGN-TX770P apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6a0/0x960 pcibios0: PCI BIOS has 17 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801FBM LPC" rev 0x00) pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0x1! 0xd8000/0x4000! 0xdc000/0x4000! acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP APIC BOOT MCFG SSDT SSDT SSDT SSDT acpitimer0 at acpi0: can't identify bus acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table FACP not configured acpi device at acpi0 from table APIC not configured acpi device at acpi0 from table BOOT not configured acpi device at acpi0 from table MCFG not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 0 (PEGP) acpiprt2 at acpi0: bus 6 (PCIB) acpiec0 at acpi0: EC0_ acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibat0 at acpi0: BAT1: model: serial: type: LION oem: Sony Corp. acpiac0 at acpi0: AC unit online acpicpu0 at acpi0: CPU0: 1300, 1000, 800, 600 MHz acpitz0 at acpi0, critical temperature: 99 degC cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82915GM/PM/GMS Host" rev 0x03 vga1 at pci0 dev 2 function 0 "Intel 82915GM/GMS Video" rev 0x03: aperture at 0xb008, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "Intel 82915GM/GMS Video" rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801FB HD Audio" rev 0x03: irq 10 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek ALC260 (rev. 3.0), HDA version 1.0 azalia0: codec: 0x04x/0x14f1 (rev. 0.0), HDA version 0.9 azalia0: codec[1]: No support for modem function groups azalia0: codec[1]: No audio function groups audio0 at azalia0 uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x03: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x03: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable,
Nagios check_hw_sensors for the new two level sensors
I am doing better this time, I saw that the sensors output changed, and I am running -current on my laptop :-) However, that doesn't give me a lot of sensors to try, so if you are using Nagios and -current or just want to try it, grab version 1.22 of check_hw_sensors and let me know about anything that is broken. If you do have problems, if you could include the output from sysctl hw.sensors with any reports, I can see what I can do. The latest version is available here: http://openbsd.somedomain.net/nagios/check_hw_sensors.html and should still work on older versions of OpenBSD. A direct download link for 1.22 is here: http://openbsd.somedomain.net/nagios/check_hw_sensors-1.22.tar.gz l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: The hardware bus needs a new token.
Re: What it this mean?
On Mon, Dec 11, 2006 at 09:16:50AM -0700, Carlos A. Garcia G wrote: > i have recived a mail from the server with this information > > Checking setuid/setgid files and devices: > Setuid/device find errors: > find: /tmp/PerlIO_W32319: No such file or directory > > what is it? and what can i do to fix the problem? Since amazingly no one else has written in with the "correct" answer: This output comes from the "daily insecurity output" email. It is caused by the find for new/updated set[ug]id files in /etc/security. It is generated when find attempts to enter a directory that was there when listing the contents parent directory but was removed before find had a chance to traverse it. I get these errors regularly on my servers running mimedefang as there are generally quite a few directories in /var/spool/mimedefang that get created and deleted quickly. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Communications satellite used by the military for star wars.
New version of check_hw_sensors to support the sysctl hw.sensors output changes
Ahh the joys of not enough time to follow -current. I am finally working on upgrading my machines to 4.0 and have found that in sysctl.c v1.135[1], Otto changed the output to be simpler[2]. However, I was using some of the output that is now gone for my Nagios check[3] so the old version is broken. That means there is now a new version[4] available that works on OpenBSD 4.0. I have not done extensive testing, but it seems to work so far. [1] http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/sysctl/sysctl.c.diff?r1=1.134&r2=1.135&f=h [2] http://marc.theaimsgroup.com/?l=openbsd-cvs&m=114948953703830&w=2 [3] http://openbsd.somedomain.net/nagios/check_hw_sensors.html [4] http://openbsd.somedomain.net/nagios/check_hw_sensors-1.21.tar.gz l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Atilla the Hub
OpenBSD 4.0 torrents available
Torrents for OpenBSD 4.0 are now available from: http://openbsd.somedomain.net/index.php?version=4.0 Not everything is synced yet, but the mirror is running and new torrents will be posted as they are generated. The only things that should really change are the package torrents and additional architectures. As the torrents are unofficial, I would recommend that you grab a CKSUM or MD5 file from an official mirror and check it against the files that you downloaded. http://www.openbsd.org/ftp.html Please, be sure to donate to the project. http://www.openbsd.org/donations.html The paypal subscriptions are very convenient. Latest version torrents are generally available here: http://openbsd.somedomain.net/index.php?version=latest+release and of course, all available torrents are listed on the main page: http://openbsd.somedomain.net/ l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: permission denied
Thank you OpenBSD, the sensors framework ROX!
I just want to say thank you to the OpenBSD team. Over the weekend, one of our OpenBSD servers[1] had a fan die. Thanks to the sensors framework, and the Nagios[2] plugin I wrote[3], I found out it was broken, and I could also tell that the rest of the fans in the server were doing a fine job keeping it cool. That means I was able to replace the fan at my convienience. Without the sensors framework, I would probably not have noticed the fan being out until more fans died and the server overheated. [1] It one of our Internet routers, running OpenBGPd[4] [2] http://www.nagios.org [3] I swear this isn't an advertisement, but here's the link[5] [4] Thanks for OpenBGPd too! [5] http://openbsd.somedomain.net/nagios/ l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Stale file handle (next time use Tupperware(tm)!)
Re: Run script on cd insertion
On Fri, Aug 04, 2006 at 04:13:26PM -0700, Michael Coulter wrote: > On Tue, Aug 01, 2006 at 02:28:25PM -0700, andrew fresh wrote: > > I am in need the ability to run a script when a cd is inserted. I am > > not finding any way of getting notified when that happens, so I am > > asking here. If not, I can just loop cdio info and check for a disk. > > > > Is there something that will run a script when I insert a CD? > > If you grab a copy of INF-8090.pdf, have a look at Appendix E. > It would probably require a little bit of programming, but > if you want to do this nicely, it appears to be the right way. That doc says that: Current ATAPI implementations do not support queuing nor overlap, so the immediate mode must be used. and that: The Immediate mode allows the host to periodically poll the device to find events and examine status. So it sounds like no matter what you have to poll for the disk being inserted. It MAY be less work for the system if that feature were added somewhere and then hotplug (or something) were notified, but for my purpose, when not burning disks there is plenty of CPU so for now while [ true ]; do burn_disc; sleep 3; done is a good enough solution. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Someone was smoking in the computer room and set off the halon systems.
Re: Run script on cd insertion
On Wed, Aug 02, 2006 at 07:29:42PM -0500, L. V. Lammert wrote: > At 12:16 PM 8/2/2006 -0700, andrew fresh wrote: > >> I never checked for CD's, but hotplugd might say something when it is > >> inserted, I know it works for USB disks. > > > >AFAIK hotplug only works for drives not disks. My testing just now > >shows that hotplugd does not see an event when I put in a CD > > You're on the wrong track: > > http://research.silmaril.ie/autoruncd/ that assumes you have something like this installed on your linux box. http://autorun.sourceforge.net/ And, although in the sourceforge category it claims "Operating System: All POSIX (Linux/BSD/UNIX-like OSes), Linux", it appears that they really mean linux. It also appears, from what little C++ I can guess the meaning of, that it just loops, checking the cd devices to see if they are ready and mounts them if they are. http://autorun.cvs.sourceforge.net/autorun/autorun/autorun.cc?revision=1.5&view=markup l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Traceroute says that there is a routing problem in the backbone. It's not our problem.
Re: Run script on cd insertion
On Tue, Aug 01, 2006 at 08:53:15PM -0400, Jeff Quast wrote: > On 8/1/06, andrew fresh <[EMAIL PROTECTED]> wrote: > >I am in need the ability to run a script when a cd is inserted. I am > >not finding any way of getting notified when that happens, so I am > >asking here. If not, I can just loop cdio info and check for a disk. > > > >Is there something that will run a script when I insert a CD? > > > > I never checked for CD's, but hotplugd might say something when it is > inserted, I know it works for USB disks. AFAIK hotplug only works for drives not disks. My testing just now shows that hotplugd does not see an event when I put in a CD > If it doesn't, and you write a patch to make it say something, it > might be appreciated. ya, that takes more C than I know at the moment, or that I have time to learn. > Of course, I would never do anything with it. But for headless > systems, it might be nice 'feature' for very certain situations. > > Never mentioned what you need it for.. What I am using it for is a CD burning machine. We are an ISP and have a CD that we give to our customers. It has a wizard that sets up their windows box to dial up and configures their email client. It also has some other software on it that we find handy if they don't have to download. Firefox, Thunderbird, AVG Antivirus, Windows service packs, stuff that is faster to drive and get a CD than it is to download over a modem. Most people don't need this, so it has not been cost effective to have them professionally pressed. Plus, doing it ourselves allows us to put new versions of the software on the disk more frequently. I have a script that uses the new cd burning capabilities of cdio to burn an iso onto a CD. For now I just have to have a loop that checks for a disk and burns it if one is inserted, what I would prefer is to just have the script run when a CD is put in. --- BEGIN burn_disk --- #!/bin/sh # You can run this like: # while [ true ]; do burn_disk ; sleep 3 ; done export DISC=cd0 export ISO=rraz.iso TRACK=`cdio -s info 2> /dev/null | cut -d " " -f 1` if [ X"$TRACK" = X"" ]; then echo No CD inserted, abort! exit 255 fi if [ "$TRACK" -gt 0 ]; then echo disk is not blank, abort! echo "o2EC" > /dev/speaker cdio eject exit 255 fi if [ "$TRACK" -eq 0 ]; then echo Disk is blank, we are go for burn! cdio tao $ISO if [ $? -eq 0 ]; then echo "o3l10c.cf.." > /dev/speaker cdio eject else echo Error with burn! echo "o2EC" > /dev/speaker cdio eject exit 255 fi fi --- END burn_disk --- l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Robotic tape changer mistook operator's tie for a backup tape.
Run script on cd insertion
I am in need the ability to run a script when a cd is inserted. I am not finding any way of getting notified when that happens, so I am asking here. If not, I can just loop cdio info and check for a disk. Is there something that will run a script when I insert a CD? l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Sand fleas eating the Internet cables
Re: Nagios check_bioctl available
On Sun, Jul 30, 2006 at 03:03:26AM +0200, Wijnand Wiersma wrote: > 2006/7/29, andrew fresh <[EMAIL PROTECTED]>: > >One thing I ran into is that bioctl needs to run as root to get access > >to /dev/bio, even for read only access. Is there a way to query bioctl > >without needing root? > > Well, I think you only need the status of the drives and that is > availlable using sysctl hw.sensors in current (you already mentioned > sysctl). A monitoring system should not use the capabilities of > bioctl, it just needs to know the status and report that. If that is the case, then this check will become obsolete. That would be nice! I will have to go put -current on my test box and try it out. As it is, on my 3.9-stable box, the output from sysctl if it is available does not seem very reliable: hw.sensors.29=esm0, Drive 0, drive, online hw.sensors.30=esm0, Drive 1, drive, online hw.sensors.31=esm0, Drive 2, drive, unknown hw.sensors.32=esm0, Drive 3, drive, unknown hw.sensors.33=esm0, Drive 4, drive, online hw.sensors.34=esm0, Drive 5, drive, online hw.sensors.35=esm0, Drive 6, drive, unknown hw.sensors.36=esm0, Drive 7, drive, unknown $ sudo bioctl ami0 Password: Volume Status Size Device ami0 0 Online 8984199168 sd0 RAID1 0 Online 8984199168 0:0.0 safte0 1 Online 8984199168 0:1.0 safte0 ami0 1 Online36234592256 sd1 RAID10 0 Online18117296128 0:3.0 safte0 1 Online18117296128 0:4.0 safte0 2 Online18117296128 0:5.0 safte0 3 Online18117296128 0:8.0 safte0 ami0 2 Hot spare 8984199168 0:2.0 safte0 ami0 3 Hot spare 18117296128 0:9.0 safte0 The rest of the sensors seem mostly correct though, and there are sure enough of them! $ sysctl hw.sensors | tail -1 hw.sensors.99=safte0, temp1, OK, temp, 27.78 degC / 82.00 degF Also, on another box that has external disk box connected with ses, I don't get any status for those disks in sysctl. The disks that are actually in the server are using safte and those show up in sysctl. I don't know why, so now I have this check :-) > Now that I think of it, I should add support to the upwatch monitoring > system too, but I am not that lucky to have hardware to actually test > it :-) If the information is available in sysctl in 4.0, that would be the check to integrate. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: dynamic software linking table corrupted
Re: Nagios check_bioctl available
On Fri, Jul 28, 2006 at 09:17:28PM -0500, Marco Peereboom wrote: > andrew fresh wrote: > >I have written a perl script that parses the output from bioctl and > >returns it in a format that Nagios can use. > > Sweet :-) Thanks! > >One thing I ran into is that bioctl needs to run as root to get access > >to /dev/bio, even for read only access. Is there a way to query bioctl > >without needing root? > > No! dang! oh well, sudo is a good enough solution then. > >Also, in biovar.h, both a raid volume and a disk can be "Offline". > >However, I am not sure what that means. Currently it is a WARNING, but > >I don't know what status it should be set to. > > If 2 or more physical disks of a RAID 5 are offline a volume will be > marked offline as well. An offline RAID 5 is obviously a critical > event. Hope this makes sense since I am not exactly sure what you are > asking. I will change Offline to be a CRITICAL error. and here is the new version: http://openbsd.somedomain.net/nagios/check_bioctl-1.4.tar.gz However, I guess my question is what would cause a disk to be Offline? There is a separate status for Failed, and I could see the RAID being Offline if too many disks had Failed. Are there any other status that should be different? They seemed to be fairly straight forward, but there may be good arguments for them to be changed. my %Status_Map = ( Online => 'OK', Offline => 'CRITICAL', Degraded=> 'CRITICAL', Failed => 'CRITICAL', Building=> 'WARNING', Rebuild => 'WARNING', 'Hot spare' => 'OK', Unused => 'OK', Scrubbing => 'WARNING', Invalid => 'CRITICAL', ); l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Windows 95 undocumented "feature"
Nagios check_bioctl available
I have written a perl script that parses the output from bioctl and returns it in a format that Nagios can use. check_bioctl is avaliable here: http://openbsd.somedomain.net/nagios/check_bioctl-1.3.tar.gz It is useful to me, and so I thought it might be useful to someone else. I wrote this on OpenBSD 3.9 and tested on Dell PERC 3/DC controllers using the ami driver. It should work just fine on other versions of OpenBSD as well as with other cards and drivers. If you do run into trouble, send me the output from bioctl on the system you are having trouble with and I can try to help. Patches to fix problems would be even better. One thing I ran into is that bioctl needs to run as root to get access to /dev/bio, even for read only access. Is there a way to query bioctl without needing root? Also, in biovar.h, both a raid volume and a disk can be "Offline". However, I am not sure what that means. Currently it is a WARNING, but I don't know what status it should be set to. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/biovar.h?rev=1.25&content-type=text/x-cvsweb-markup If anyone knows what the "Offline" status means, I would sure like to know. An additional useful feature is that you can specify multiple devices to check in a single check /usr/local/libexec/nagios/check_bioctl -d ami0 -d ami1 Output is similar to below, except with NAGIOS_OUTPUT set to 1 in the source (as it usually is) all output is on a single line separated with and it hides any devices that are OK because Nagios has a limit on the length of a response. CRITICAL (1): ami0 sd1 Degraded WARNING (1): ami0 0:8.0 Rebuild OK (7): ami0 sd0 Online ami0 0:0.0 Online ami0 0:1.0 Online ami0 0:3.0 Online ami0 0:4.0 Online ami0 0:5.0 Online ami0 0:2.0 Hot spare I currently configure it something like this: $ grep check_bioctl /etc/sudoers /etc/nrpe.cfg /etc/sudoers:_nrpe ALL = NOPASSWD:/usr/local/libexec/nagios/check_bioctl -d ami0 /etc/nrpe.cfg:command[check_bioctl]=/usr/bin/sudo /usr/local/libexec/nagios/check_bioctl -d ami0 Also available is check_hw_sensors for checking of sysctl hw.sensors from Nagios. http://openbsd.somedomain.net/nagios/ l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: YOU HAVE AN I/O ERROR -> Incompetent Operator error
Re: Sound card with supported digital out
On Sat, May 27, 2006 at 08:18:59PM +0200, Jan Johansson wrote: > andrew fresh <[EMAIL PROTECTED]> wrote: > > I have tried one of those, I had forgotten about that. The > > problem with the USB digital output that I have tried is that > > it does not do AC3/DTS passthrough, all it does is output 2 > > channel PCM over the optical digital connection. > > > > I believe the one I tried was a Turtle Beach Audio Advantage > > Micro. If there is USB audio that will do AC3/DTS passthrough > > on OpenBSD, I would be happy with that. > > I have a Sinovoice UAC-05 which identifies like this > > uaudio0 at uhub0 port 2 configuration 1 interface 0: ABC C-Media USB > Headphone Set, rev 1.10/1.00, addr 2 > uaudio0: audio rev 1.00, 8 mixer controls > audio0 at uaudio0 I found the Turtle Beach AudioAdvantage Micro that I tried before: uaudio0 at uhub0 port 1 configuration 1 interface 0: C-Media INC. USB Audio, rev 1.10/0.10, addr 2 uaudio0: audio rev 1.00, 4 mixer controls audio1 at uaudio0 and a Creative USB SoundBlaster Model SB0270: uaudio0: audio rev 1.00, 3 mixer controls audio1 at uaudio0 uhidev1 at uhub1 port 2 configuration 1 interface 3 uhidev1: Creative Labs USB Audio, rev 1.10/1.00, addr 2, iclass 3/0 uhid0 at uhidev1: input=3, output=3, feature=0 > it is connected to my NAD T-760 receiver using a toslink > (optical) cable. Mine connects to my Yamaha RX-V1400 through optical. > In the following examples I use "Gladiator" (region 2). > To get DTS on the receiver: > To get Dolby Digital on the receiver: > (On "Shrek" (region 1) I had to use -aid to get DTS.) I am trying an Xvid with AC3 5.1 encoded into it (the machine I have that can get close enough to the reciever doesn't have a DVD drive) doing $ mplayer I get: == Opening audio decoder: [liba52] AC3 decoding with liba52 Using SSE optimized IMDCT transform AC3: 5.1 (3f+2r+lfe) 48000 Hz 448.0 kbit/s Using MMX optimized resampler AUDIO: 48000 Hz, 2 ch, s16le, 448.0 kbit/29.17% (ratio: 56000->192000) Selected audio codec: [a52] afm:liba52 (AC3-liba52) == which I believe means that it sees the file is AC3 5.1 but it is decoding it to 2ch s16le and outputting it to the headphone jack. when I $ mplayer -ac hwac3 I get: == Forced audio codec: hwac3 Opening audio decoder: [hwac3] AC3/DTS pass-through S/PDIF No accelerated IMDCT transform found hwac3: switched to AC3, 448000 bps, 48000 Hz AUDIO: 48000 Hz, 2 ch, ac3, 448.0 kbit/29.17% (ratio: 56000->192000) Selected audio codec: [hwac3] afm:hwac3 (AC3 through S/PDIF) == Mplayer claims it is converting it to 2ch AC3, but according to this, it is just lying: http://marc.theaimsgroup.com/?l=mplayer-users&m=114837108311020&w=2 "mplayer was throwing me a red herring by telling me it was playing 2-channel when in fact hwac3 was sending the full raw audio to the amp." So, I tried 2 different files, one with 5.1ch and one with 2ch. My reciever shows that it is recieving the correct number of channels depending on the file. > Hope this helps. It did! It got me to try it again and I see now that It Just Works![1] I get AC3 passthrough working correctly with both sound cards. w00 h00! [1] unlike the linux box I have that claims to pass through AC3 but instead just sends garbage to the reciever. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: We already sent around a notice about that.
Re: PHP vs Mason vs Ruby vs JSP/Tomcat
On Mon, May 22, 2006 at 11:53:27PM +0100, Craig Skinner wrote: > *) Mason > - not practical in chroot without half of CPAN, so what is the point? > > I am leaning towards Mason behind a reverse Squid proxy I would think that if you use mason with mod_perl[1] instead of running it as a CGI, you don't need anything (even perl) in the chroot. You do need to tell Apache to pre-load whatever modules you want to use when it starts, but I don't recall that being TOO difficult. It has been a while since I played with mod_perl but that is what I remember, I could be wrong. I do know that I am using perl modules from mod_perl that are not inside the chroot. [1] http://www.masonbook.com/book/chapter-7.mhtml l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: There isn't any problem
Re: Sound card with supported digital out
On Sat, May 20, 2006 at 05:46:42AM +0200, Jan Johansson wrote: > andrew fresh <[EMAIL PROTECTED]> wrote: > > Is there a supported sound card that supports digital outputs? > > I think your best bet is USB audio. I have a simple USB audio > stick that does optic digital signal or headphones under OpenBSD. > I have tried one of those, I had forgotten about that. The problem with the USB digital output that I have tried is that it does not do AC3/DTS passthrough, all it does is output 2 channel PCM over the optical digital connection. I believe the one I tried was a Turtle Beach Audio Advantage Micro. If there is USB audio that will do AC3/DTS passthrough on OpenBSD, I would be happy with that. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: wrong polarity of neutron flow
Sound card with supported digital out
Is there a supported sound card that supports digital outputs? I am trying to build a media pc that is similar to GeeXboX[2]. Pretty much just minimal system that will netboot and get mplayer running, but on an OS I like, OpenBSD :-) However, I want to be able to do AC3 and DTS passthrough and I am not sure if any digital audio out is supported on any cards in OpenBSD. Looking though the cards listed on i386.html[3] and searching the archives, I didn't find any support for digital outputs. On the SBLive! and Audigy cards that I have, emu(4)[1] claims not to support the S/PDIF. I do see that the Turtle Beach Santa Cruz is supposed to be supported by clcs(4)[4] and clcs(4) doesn't say that the S/PDIF out is not supported so I am not sure. Thank you for any information. [1] http://www.openbsd.org/cgi-bin/man.cgi?query=emu&arch=i386&sektion=4 [2] http://geexbox.org/ [3] http://www.openbsd.org/i386.html [4] http://www.openbsd.org/cgi-bin/man.cgi?query=clcs&arch=i386&sektion=4 l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Your packets were eaten by the terminator
Re: Problems while replacing Cisco 3640 with OpenBSD and OpenBGPd (LONG)
On Wed, Feb 22, 2006 at 05:08:15PM +0100, Henning Brauer wrote: > * andrew fresh <[EMAIL PROTECTED]> [2006-02-17 23:57]: > > I have a Cisco router I am trying to replace. I will describe the Cisco > > box, the replacement OpenBSD router, the setup and finally what issues I > > am having. The bgpd.conf contents are at the bottom of the email. If > > there is some additional information that would be useful, please let me > > know. > > this has been tracked down to be an incorrect nexthop in private mail > exchange - in short, the joys of iBGP. It actually ended up being my own stupidity. I finally had time to finish testing the last change, back to no "set nexthop" in bgpd.conf. For the archives, what caused the issue was me trying to do something fancy. I had multiple routes to the same networks and I set those up with ifconfig -mpath. Kernel multipath does not yet work, and it really confused bgpd. With the multiple routes to the same networks removed, everything works as expected and OpenBGPd has made me very happy! Now all I have to do is finish my migration from eigrp to ospf so I can get rid of the static routes on my OpenBSD routers and all will be good. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: somebody was calculating pi on the server
Nagios plugin to check hw.sensors
I monitor most of the stuff around here with Nagios, and, with the new sensors framework that gives me a whole bunch of stuff to monitor. But, I found there wasn't an easy way to monitor them remotely. So, I put some work into a Nagios plugin. It is a bit rough yet, so patches are welcomed. So far, it has been working fairly well. The exception being one of the machines I am using it on (a Dell PowerEdge 2450) doesn't show the same sensors everytime I restart. It is probably an issue with the machine, not the plugin though. Details and download are here: http://openbsd.somedomain.net/nagios/ l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: short leg on process table
ospfd.conf example inheritance problem
I was trying to set default auth-type and auth-md and ran into some trouble. Doing some debugging, I tried just uncommenting part of the example ospfd.conf and have found it doesn't work. Here is what I did: ospfd.conf.orig is the v1.2 available here: http://www.openbsd.org/cgi-bin/cvsweb/src/etc/ospfd.conf?rev=1.2&content-type=text/x-cvsweb-markup $ sudo diff -u ospfd.conf.orig ospfd.conf --- ospfd.conf.orig Wed Apr 12 14:57:51 2006 +++ ospfd.conf Wed Apr 12 14:58:09 2006 @@ -9,8 +9,8 @@ # spf-delay 1 # spf-holdtime 5 -# auth-key $password -# auth-type simple +auth-key $password +auth-type simple # hello-interval 10 # metric 10 # retransmit-interval 5 $ sudo ospfd -n /etc/ospfd.conf:12: syntax error /etc/ospfd.conf:23: unknown interface em0 /etc/ospfd.conf:35: unknown interface em2 /etc/ospfd.conf:37: syntax error $ sudo head -12 ospfd.conf | tail -1 auth-key $password I don't have em0 or em2, so the rest of the errors are mostly expected but the line 12 syntax error seems odd since all I did was uncomment those options. I also don't have an em1, but ospfd doesn't error on that. I can't tell for sure from the man page, but the example looks like it should work, but it doesn't. Is this the expected behaviour? I have tried on 3.8-stable as well as a 3.9 snapshot from March second with the same results. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: backup tape overwritten with copy of system manager's favourite CD
Re: Can net-snmp show the interface description for ifAlias?
On Thu, Feb 23, 2006 at 05:51:24PM -0700, andrew fresh wrote: > Is it possible to get net-snmp's snmpd to return an interface > description for ifAlias[1]? If so, how? Well, nevermind, it got my interest up so here is a way that "works". It doesn't check for bad input as well as it probably should. But the stuff that is passed in is never actually used as a shell command so although it might through some strange errors I don't think it is a security risk. However, cfgmaker from MRTG doesn't think that it should check for ifAlias because there is no Vendor returned by default and so it can't even attempt to match it. But, change cfgmaker to always query ifAlias and w00 h00 my configs now have descriptions! Anyway, mostly for the archives, here is how it ends up: add something like this into your snmpd.conf pass .1.3.6.1.2.1.31.1.1.1.18 /usr/local/libexec/ifAlias and this script in /usr/local/libexec/ifAlias --- BEGIN --- #!/bin/sh # $RedRiver: ifAlias,v 1.3 2006/02/24 03:47:59 andrew Exp $ BASE='.1.3.6.1.2.1.31.1.1.1.18' # The whitespace here for the grep needs to be a tab set -A INTERFACES `ifconfig | grep -v "^" | sed 's/:.*$//'` if [ "$1" = "-s" ]; then #echo $* >> /tmp/passtest.log exit 0 fi REQ=$2 ID=${REQ##${BASE}.} if [ "X${REQ}" = "X${BASE}" ]; then ID=0 fi if [ "$1" = "-n" ]; then INDEX=$ID ID=$(( $ID + 1 )) else INDEX=$(( $ID - 1 )) fi if [ "X$ID" = "X" ] || [ "X$ID" = "X0" ] || [ "X$ID" = "X-1" ]; then exit 0 fi INTERFACE=${INTERFACES[$INDEX]} echo ${BASE}.${ID} if [ "X${INTERFACE}" = "X" ]; then echo noSuchName exit 0 fi echo "string" echo `ifconfig ${INTERFACE} | grep description | \ sed -e 's/^.*description:.//'` exit 0 --- END --- l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: The file system is full of it
Can net-snmp show the interface description for ifAlias?
Is it possible to get net-snmp's snmpd to return an interface description for ifAlias[1]? If so, how? I am sure that it is, but I am hoping that someone has an example because I am not sure how to figure out how to match it to the interfaces ifIndex value. It looks like net-snmp 5.2 there is going to be some ifXTable support for Red Hat. However, I only want ifAlias for MRTG, so has anyone done anything like that? or does this need to go on my "free time" list? It appears that the entries in ifTable[3] are in the same order that ifconfig outputs. Does anyone know if that is the case for sure? If so, a script to do what I want shouldn't be too tough. I tried adding this to my /etc/snmpd.conf: # A good attemt, too bad it failed. exec .1.3.6.1.2.1.31.1.1.1.18 /home/andrew/ifAlias where the ifAlias script is this: #!/bin/sh # The whitespace in the grep is a tab INTERFACES=`ifconfig | grep -v "^ " | sed 's/:.*$//'` for i in ${INTERFACES}; do ifconfig $i | grep description | sed -e 's/^.*description:.//' done Unfortunanately, that doesn't work :-( $ snmpwalk -v1 -c public testhost .1.3.6.1.2.1.31.1.1.1.18 IF-MIB::ifAlias.1.1 = Wrong Type (should be OCTET STRING): INTEGER: 1 IF-MIB::ifAlias.2.1 = STRING: /home/andrew/ifAlias IF-MIB::ifAlias.3.1 = STRING: IF-MIB::ifAlias.100.1 = Wrong Type (should be OCTET STRING): INTEGER: 1 IF-MIB::ifAlias.101.1 = STRING: No such file or directory IF-MIB::ifAlias.102.1 = Wrong Type (should be OCTET STRING): INTEGER: 0 IF-MIB::ifAlias.103.1 = STRING: So, that probably means writing a script to do pass through control[5] and that looks to be a bit of a pain, so I am hoping someone has one already. [1] .1.3.6.1.2.1.31.1.1.1.18 [2] [2] .iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifAlias [3] .1.3.6.1.2.1.2.2 [4] [4] .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable [5] look here[6] for MIP-Specific Extension Commands [6] http://www.net-snmp.net/docs/man/snmpd.conf.html l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: Police are examining all internet packets in the search for a narco-net-trafficker
Problems while replacing Cisco 3640 with OpenBSD and OpenBGPd (LONG)
I have a Cisco router I am trying to replace. I will describe the Cisco box, the replacement OpenBSD router, the setup and finally what issues I am having. The bgpd.conf contents are at the bottom of the email. If there is some additional information that would be useful, please let me know. The old Cisco router (CiscoRTR01) is a 3640 with 128 megs of memory. It has 4 T1's out to the internet, 2 from Sprint (AS1239) and 2 from AT&T (AS7018). Each pair of lines has a BGP session associated with it. However, it needs replacing because it is too slow to deal with the number of pps as well as handle all of the BGP sessions. In addition, I have to do major filtering of the BGP feeds because of memory limits. There is also a second router (RTR05), this one running OpenBSD and OpenBGPd and working very well. This router has 4 T1's as well, but they are all from Frontier Communications (AS7011) so there is only a single BGP session here. The two routers also have an iBGP session between them. Both OpenBSD routers are as close to identical hardware as I could get them. Both are Dell PowerEdge 2450's with 512M ram, dual 733s, 2 Sangoma A102u cards and an additional dual port fxp card as well as the on board fxp. Both are running OpenBSD 3.8-stable. Currently with GENERIC kernal, not GENERIC-MP although I get the same issues with GENERIC-MP. The new OpenBSD router (RTR01) is supposed to be a drop in replacement for the Cisco box. As it is now, everything seems to work except the Cisco box is straining to keep up. When I swap in the OpenBSD box, everything appears to come up, all the T1's come up (although one of the Sprint lines takes quite a while) and all 3 bgp sessions come up (and get in sync amazingly faster than the Cisco box). However, all routes show up as 'Incomplete' with a ? at the end of bgpctl s rib: RTR01 $ bgpctl s rib 199.104.207.8 all flags: * = Valid, > = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin *>199.104.207.0/2466.185.224.3 10029 1239 5650 5650 7011 ? * 199.104.207.0/2466.185.224.3 100 0 7018 5650 5650 7011 ? 66.185.224.3 is the default gateway on RTR01. If I just do 'bgpctl s rib', looking through, I did not see any routes that did not have a '?' at the end. I didn't grep for that while the box was up though so I am not sure that there weren't some. On RTR05, while this new router is not plugged in, I get what I would expect: RTR05 $ bgpctl s rib 199.104.207.8 all flags: * = Valid, > = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin *>199.104.128.0/17216.190.36.145 100 0 7011 5650 6461 26978 2900 i But once the new RTR01 is plugged in, I get this on RTR05 (and I can no longer get to the Internet): RTR05 $ bgpctl s rib 199.104.207.8 all flags: * = Valid, > = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin I*> 199.104.207.0/24216.190.36.145 10029 1239 5650 5650 7011 ? AS5650 is also Frontier, but the second AS on any of the AS paths out of RTR05. When RTR01 is plugged in, but RTR05 is not, I get the same issues with the default gateway being chosen and the '?' indicating Incomplete. However I don't have output from 'bgpctl s rib 199.104.207.8' all when that is happening, so I do not remember what the aspath is. On the new RTR01 all of the sessions come up and I get lots of prefixes: $ bgpctl s Neighbor ASMsgRcvdMsgSentOutQ Up/Down State/PrefixRcvd AS 7018 AT&T 7018 33342 15 0 00:05:39 175331 AS 1239 Sprint1239 33232 11 0 00:04:17 176981 AS 22429 rrlhcrtr050 22429 34629 56030 0 00:06:45 13144 It seems that I should get more routes from RTR05 but I could be wrong. BGP seems to work well on RTR05 as well: $ bgpctl s Neighbor ASMsgRcvdMsgSentOutQ Up/Down State/PrefixRcvd AS 7011 Frontier (EL 7011 55893 1924 0 15:57:53 12 AS 22429 rrlhcrtr100 22429 104162 120304 0 00:00:46 174008 My problem appears to be an issue with the routes recieved on RTR01 being marked as 'Incomplete' but I am not sure how to figure out why that would be. RTR01 bgpd.conf: #macros rrlhcrtr0500=66.185.224.9 # global configuration AS 22429 router-id 66.185.224.1 network 66.185.224.0/20 # neighbors and peers group "peering AS22429" { set weight 50 remote-as 22429 local-address 66.185.224.1 neighbor $rrlhcrtr0500 { descr "AS 22429 rrlhcrtr0500" } } neighbor 144.228.242.172 { remote-as 1239 descr "AS 1239 Sprint" local-address 66.185.239.55 multihop
Re: OT marc.theaimsgroup.com
On Tue, Jan 24, 2006 at 01:48:12AM -0500, Daniel Ouellet wrote: > Sorry to have to asked this, but I fell at a lots now. > > Is there an other location a kind sole could provide me to access their > content? Looking for the various openbsd lists here. > > Or an other archive list that is as friendly to use as well. I have been using gmane recently. > Look likes the site was very slow, then on/off time to time, and now for > a week, I am totally cut off from it. Same results from here, slow, on/off, and hasn't worked for about a week. What is odd is that www.theaimsgroup.com works fine. $ lynx marc.theaimsgroup.com Looking up marc.theaimsgroup.com first Looking up marc.theaimsgroup.com Making HTTP connection to marc.theaimsgroup.com Alert!: Unable to connect to remote host. lynx: Can't access startfile http://marc.theaimsgroup.com/ $ telnet marc.theaimsgroup.com 80 Trying 66.92.20.25... telnet: connect to address 66.92.20.25: Connection timed out $ ping -c 5 marc.theaimsgroup.com PING marc.theaimsgroup.com (66.92.20.25): 56 data bytes --- marc.theaimsgroup.com ping statistics --- 5 packets transmitted, 0 packets received, 100.0% packet loss $ traceroute marc.theaimsgroup.com traceroute to marc.theaimsgroup.com (66.92.20.25), 64 hops max, 40 byte packets 1 rrlhcrtr2003 (66.185.225.1) 0.547 ms 0.500 ms 0.501 ms 2 rrlhcrtr0501 (66.185.224.9) 0.248 ms 0.261 ms 0.253 ms 3 216.190.36.145 (216.190.36.145) 1.944 ms 216.190.36.133 (216.190.36.133) 1.831 ms 216.190.36.145 (216.190.36.145) 1.928 ms 4 p10-2.gw01.lsvl.eli.net (70.98.98.153) 6.37 ms 5.851 ms 5.899 ms 5 srp3-0.cr01.lsvl.eli.net (208.186.20.161) 6.106 ms 5.760 ms 5.941 ms 6 p9-0.cr02.lsan.eli.net (207.173.114.34) 13.664 ms 13.637 ms 13.697 ms 7 srp3-0.cr01.lsan.eli.net (208.186.20.209) 18.544 ms 27.363 ms 13.492 ms 8 p9-0.cr02.sntd.eli.net (207.173.114.54) 22.712 ms 22.623 ms 22.689 ms 9 srp3-0.cr01.sntd.eli.net (208.186.21.33) 28.576 ms 25.138 ms 22.692 ms 10 so-0-0-0--0.er01.plal.eli.net (207.173.114.138) 27.929 ms 24.519 ms 33.84 ms 11 paix.ge-0-2-0.cr2.sfo1.speakeasy.net (198.32.176.49) 23.608 ms 23.441 ms 32.316 ms 12 fe-0-3-1.cr2.wdc1.speakeasy.net (69.17.83.38) 85.1 ms 83.236 ms 82.813 ms 13 220.ge-3-0.er1.wdc1.speakeasy.net (69.17.83.46) 91.320 ms 87.299 ms 84.863 ms 14 dsl092-171-210.wdc2.dsl.speakeasy.net (66.92.171.210) 93.724 ms 94.754 ms 106.813 ms 15 * * * 16 * * * 17 * * * l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: High nuclear activity in your area.
Re: my multipath routing questions... SOLVED!
On Thu, Dec 08, 2005 at 02:14:45PM -0700, andrew fresh wrote: > On Fri, Dec 02, 2005 at 04:08:13PM -0700, andrew fresh wrote: > > I am getting 3 different DDB's. Mostly "kernel: page fault trap, > > code=0" and "Panic: rtfree 2". I have also gotten some "Panic: sbdrop", > > but not since I got the serial console attached. When I got the sbdrop, > > trace showed calls to pf_* but I did not write it down as I thought I > > would see it again with the > > serial console. > > > > It seems to DDB anywhere from 5 minutes to 90 minutes after a reboot. > > Once I got 6.5 hours, but mostly closer to 10 minutes. The only thing > > that seems to make a difference is disabling pf, I am up 17.5 hours now > > with pf disabled. > > > > DMESG and the trace/ps from the DDBs are below. > > They are actually available in the archives so as not to waste > bandwidth. > http://marc.theaimsgroup.com/?l=openbsd-misc&m=113356535818065&w=2 the whole thread is here: http://marc.theaimsgroup.com/?t=1125791&r=1&w=2 > > > > or something with 'route-to' in pf? > > It appears that it is the route-to that is causing it to crash. I believe my router has been crashing because I was generating routing loops the way I was using route-to. It appears after a route-to, the packet then gets re-evaluated by additional rules including additional route-to rules (as it probably should). If I have this rule pass out on { san0, san1, san2, san3 } route-to { (san0, 10.0.0.1), (san1, 10.1.1.1), (san2, 10.2.2.1), (san3, 10.3.3.1) } round-robin If san0 is the default route that the kernel picks (no kernel multipath), I think it does something like this: First packet hits san0 and gets routed out san0. Second packet hits san0 and gets routed to san1, then san0, then san2, then san0, then san3, then san0, and out san0. Third packet hits san0 and gets routed to san1, and out san1. Fourth packet hits san0 and gets routed to san2, then san1, then san2, and out san2 Fifth packet kits san0 and gets routed to san3 then san2, then san3, and out san3. Sixth packet hits san0 and gets routed out san0. Seventh packet hits san0 and gets routed to san1, then san2, then san1, then san3, then san0, then san2, and out san2. At some point, the loop becomes long enough to cause ddbs. With multiple packets at once, the round robining may be able to get the loops even longer. I don't know what the proper fix for this would be if anything, but something that says "Rule X has already rerouted this packet, there may be a loop somewhere" error message would be nicer than a page fault, or rtfree 2 ddb. I could also be completely wrong as to the cause of the crashes, but this seems to be a fairly good guess. I resolved the crashing by adding some tagging smarts to the rule: pass out on { san0, san1, san2, san3 } route-to { (san0, 10.0.0.1), (san1, 10.1.1.1), (san2, 10.2.2.1), (san3, 10.3.3.1) } round-robin tag ROUTED ! tagged ROUTED This has so far made the load balancing work very well, and it has gone for over 48 hours and not DDB'd yet. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: Dyslexics retyping hosts file on servers
Re: my multipath routing questions...
On Fri, Dec 02, 2005 at 04:08:13PM -0700, andrew fresh wrote: > I am getting 3 different DDB's. Mostly "kernel: page fault trap, > code=0" and "Panic: rtfree 2". I have also gotten some "Panic: sbdrop", > but not since I got the serial console attached. When I got the sbdrop, > trace showed calls to pf_* but I did not write it down as I thought I > would see it again with the > serial console. > > It seems to DDB anywhere from 5 minutes to 90 minutes after a reboot. > Once I got 6.5 hours, but mostly closer to 10 minutes. The only thing > that seems to make a difference is disabling pf, I am up 17.5 hours now > with pf disabled. > > DMESG and the trace/ps from the DDBs are below. They are actually available in the archives so as not to waste bandwidth. http://marc.theaimsgroup.com/?l=openbsd-misc&m=113356535818065&w=2 > > > or something with 'route-to' in pf? It appears that it is the route-to that is causing it to crash. (czn is the interface group of all of the T1s) This works: set skip on { lo } scrub in all fragment reassemble block drop log all pass on czn all pass on fxp0 all as does this (although this makes data transfers VERY slow): set skip on { lo } block drop log all pass on czn all pass in on san0 reply-to (san0 216.190.36.133) inet all keep state pass in on san1 reply-to (san1 216.190.36.137) inet all keep state pass in on san2 reply-to (san2 216.190.36.141) inet all keep state pass in on san3 reply-to (san3 216.190.36.145) inet all keep state pass on fxp0 all But it crashes when my rules are this: set skip on { lo } block drop log all pass on czn all pass out on czn route-to { \ (san0 216.190.36.133), \ (san1 216.190.36.137), \ (san2 216.190.36.141), \ (san3 216.190.36.145)\ } round-robin inet all pass on fxp0 all or this: set skip on { lo } scrub in all fragment reassemble block drop log all pass on czn all pass out on san0 route-to { \ (san0 216.190.36.133),\ (san1 216.190.36.137),\ (san2 216.190.36.141),\ (san3 216.190.36.145) \ } round-robin inet all pass out on san1 route-to { \ (san0 216.190.36.133),\ (san1 216.190.36.137),\ (san2 216.190.36.141),\ (san3 216.190.36.145) \ } round-robin inet all pass out on san2 route-to { \ (san0 216.190.36.133),\ (san1 216.190.36.137),\ (san2 216.190.36.141),\ (san3 216.190.36.145) \ } round-robin inet all pass out on san3 route-to { \ (san0 216.190.36.133),\ (san1 216.190.36.137),\ (san2 216.190.36.141),\ (san3 216.190.36.145) \ } round-robin inet all pass on fxp0 all Is there something that I am obviously doing wrong? Is there some way I can load balance outbound traffic across these 4 interfaces in a different wat? Should I submit this as a bug report? l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: Sticky bits on disk.
ospfd and virtual links
I just want to make sure that virtual links are not yet supported in ospfd. I don't see anything in the ospfd.conf(5) or ospfd(8) so I assume not, but I did see that Claudio mentioned[1] testing it at the hackathon, so it may well be that I just don't understand the man page. I do have to say that in my testing, ospfd is really schweet. Takes about 10 seconds to route around a downed t1 link, it is so kewl! [1] http://marc.theaimsgroup.com/?l=openbsd-tech&m=111695163015683&w=2 l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: stop bit received
Re: my multipath routing questions...
On Wed, Nov 30, 2005 at 01:33:14PM +0100, Claudio Jeker wrote: First I want to say thank you very much to Claudio, I appreciate the response and using pf sure seems like it SHOULD work, but it keeps crashing on me :-( Sorry this is so long, but I wanted to provide as much information as possible. If there is any other information that will help, I will do my best to provide it. > On Tue, Nov 29, 2005 at 11:26:49PM -0700, andrew fresh wrote: > > I want to load balancing across those 4 T1s and it is sounding like I > > will not be able to do that and will have to figure out how to get these > > 4 new lines into my old cisco router. > > It could be possible to use trunk with sppp but that needs some patching. > At least a round-robin trunk should be possible. Dang that would be handy, because using PF as below, I have 2 different boxes that DDB on me. It seems like maybe they DDB when they get too much outbound traffic, but I have not been able to determine what causes it apart from having PF enabled. Ifstated being enabled or disabled doesn't seem to make a difference. Neither do hardware changes. Same issues with both the bsd and bsd.mp kernels. I am getting 3 different DDB's. Mostly "kernel: page fault trap, code=0" and "Panic: rtfree 2". I have also gotten some "Panic: sbdrop", but not since I got the serial console attached. When I got the sbdrop, trace showed calls to pf_* but I did not write it down as I thought I would see it again with the serial console. It seems to DDB anywhere from 5 minutes to 90 minutes after a reboot. Once I got 6.5 hours, but mostly closer to 10 minutes. The only thing that seems to make a difference is disabling pf, I am up 17.5 hours now with pf disabled. DMESG and the trace/ps from the DDBs are below. > > or do I have to do weird things with ifstated(8) (like 16 states for the > > 4 lines and lots of route add/delete statements)? > > You most probably need ifstated to make sure that failed routes get > removed (if link is down). I wish it were automatic, but it seems to work, although I need more testing. $ wc -l /etc/ifstated.conf 258 /etc/ifstated.conf > > or something with 'route-to' in pf? > > http://marc.theaimsgroup.com/?l=openbsd-misc&m=112831360613745&w=2 > > > > This seems to work in my test environment: > > # t1s is an interface group containing all of the links to that provider > > pass out on t1s route-to { \ > > (san0 10.35.0.2) \ > > (san1 10.35.1.2) \ > > (san2 10.35.2.2) \ > > (san3 10.35.3.2) \ > > } round-robin keep state > > pass in on san0 reply-to (san0 10.35.0.2) keep state > > pass in on san1 reply-to (san1 10.35.1.2) keep state > > pass in on san2 reply-to (san2 10.35.2.2) keep state > > pass in on san3 reply-to (san3 10.35.3.2) keep state > > I would probably do it the same way. > I'm not sure if pf pays attetion to the link state of route-to interfaces. This is my entire pf.conf (apart from macro definitions), it is as simple as I could make it. -- pf.conf set skip on { lo } scrub in block in pass out keep state # inet is an interface group containing all 4 of the san interfaces pass out on inet route-to { \ ($inet_if0 $inet_dest0) \ ($inet_if1 $inet_dest1) \ ($inet_if2 $inet_dest2) \ ($inet_if3 $inet_dest3) \ } round-robin keep state pass in on $inet_if0 reply-to ($inet_if0 $inet_dest0) keep state pass in on $inet_if1 reply-to ($inet_if1 $inet_dest1) keep state pass in on $inet_if2 reply-to ($inet_if2 $inet_dest2) keep state pass in on $inet_if3 reply-to ($inet_if3 $inet_dest3) keep state pass on $int_if -- dmesg from the first box OpenBSD 3.8-stable (GENERIC.MP) #0: Thu Nov 3 14:39:08 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel Pentium III Xeon ("GenuineIntel" 686-class) 699 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 1073319936 (1048164K) avail mem = 972726272 (949928K) using 4278 buffers containing 53768192 bytes (52508K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 07/07/04, BIOS32 rev. 0 @ 0xffe90 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc350/208 (11 entries) pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4 SouthBridge" rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0xe00 mainbus0: Intel MP Specification (Version 1.4) (DELL POWEREDGE A2) cpu0 at mainbus0: apid 1 (boot processor) cpu0: apic clock running at 99 MHz cpu1 at mainbus0: apid 0 (application processor) cpu1: Intel Pentium III Xeon ("GenuineIntel" 686-class) 699 MHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,M
my multipath routing questions...
Hijacking this thread, cuZ now I am worried . . . . > On Mon, Nov 28, 2005 at 11:46:56PM -0800, David Ulevitch wrote: > > I'd like to hear how people are using OpenOSPFd I will prbly use OpenOSPFd in the future, but at the moment, my question is about using OpenBGPd and multiple lines from the same provider. I am getting 4 T1s from a single provider. Issues with local telco "facilities" for T3's and other things are causing me problems with getting anything different. I am going to end up with something like this: san0-\ san1-\\ all connected to a single provider san2-// san3-/ Now, I assume I will have a single BGP session with them. (I have very little information for lines that are supposed to be installed tomorrow morning at 9am). Right now I have a cisco 3640 that has 2 T1's from AT&T and 2 from Sprint, it has enough trouble with those which is why I want to replace it with an OpenBSD box. I am going to have an iBGP session with the 3640 and an eBGP session with my new provider. I will be adding 20Mb over ethernet at some point in the fairly near future (if they can ever get it installed) and will hopefully be getting rid of the 3640 at that point. The OpenBSD router will not be doing any NAT, it will be passing public IPs. This is what has me worried: On Tue, Nov 29, 2005 at 03:33:07PM +0100, Claudio Jeker wrote: > There is no kernel support for multipath routing. I want to load balancing across those 4 T1s and it is sounding like I will not be able to do that and will have to figure out how to get these 4 new lines into my old cisco router. Unfortunately trunk(4) doesn't work with san interfaces :-( and that is how it looked possible to do the bonding/inverse muxing that I was going for. $ ifconfig trunk0 trunkport san0 trunkport san1 ifconfig: SIOCSTRUNKPORT: Protocol not supported It would be really kewl to use the trunk(4) interface for the BGP peer address, since it now does failover, it would be up as long as any individual lines were up. It would be even kewler if it would be able to change the weighting on that interface depending on the number of lines in the trunk, but I guess I am dreaming again. I guess I am looking for something like 'ip load-sharing per-packet' in cisco terms. But my real question is: How do I get OpenBSD to treat those 4 T1s as a single line and share the load across them? or, how do I get a reasonable approximation from OpenBSD? Also, with those 4 T1s, I want to make sure that in case any of the 4 go down, the BGP session will stay up. With a cisco box, I just bind the session to a loopback address, add routes for each interface and it will choose one of the interfaces that is up to get to the destination. How do I do this with OpenBSD? Will the BGP session just work when I solve the load balancing issue? or do I have to do weird things with ifstated(8) (like 16 states for the 4 lines and lots of route add/delete statements)? or something with 'route-to' in pf? http://marc.theaimsgroup.com/?l=openbsd-misc&m=112831360613745&w=2 This seems to work in my test environment: # t1s is an interface group containing all of the links to that provider pass out on t1s route-to { \ (san0 10.35.0.2) \ (san1 10.35.1.2) \ (san2 10.35.2.2) \ (san3 10.35.3.2) \ } round-robin keep state pass in on san0 reply-to (san0 10.35.0.2) keep state pass in on san1 reply-to (san1 10.35.1.2) keep state pass in on san2 reply-to (san2 10.35.2.2) keep state pass in on san3 reply-to (san3 10.35.3.2) keep state l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: telnet: Unable to connect to remote host: Connection refused
Sangoma AFT A104 PCI supported by the san driver?
Is the Sangoma AFT A104[1] PCI card supported? I assume if it is, it would be supported by the san[2] driver, but all I see listed in the man page are the A101 and A102[3]. I am guessing since they have different spec sheets, that they are different enough cards that it doesn't work, but I couldn't find anything about the A104 in the archives, although I did see the A101 and A102. It appears from if_san_front_end.h[4] that it is unlikely, but I thought I would ask. It could just get detected as UNKNOWN and work anyway or maybe someone has a small patch to make it detect and then it works. [1] http://www.sangoma.com/products/p_aft-104-specs.htm [2] http://www.openbsd.org/cgi-bin/man.cgi?query=san [3] http://www.sangoma.com/products/p_aft-et1-specs.htm [4] http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_san_front_end.h?rev=1.4&content-type=text/x-cvsweb-markup l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: secretary plugged hairdryer into UPS
Unoffical OpenBSD 3.8 torrents available
There are some unoffical 3.8 torrents now available. Packages will be available as they finish rsyncing. http://openbsd.somedomain.net/index.php?version=latest+release As always, I recommend you check the MD5 or CKSUMs against the MD5 or CKSUM files you get from an official mirror http://www.openbsd.org/ftp.html There is also a perl script avalable that will keep the torrents up to date using the rss feed. http://openbsd.somedomain.net/files/ l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: NOTICE: alloc: /dev/null: filesystem full
Re: SBE wanPMC-xT3E3 support
I am going to post again in hopes that someone has possibly found something because I don't want to have to buy a Cisco box. My first T3 is going to be installed sometime in the near future and I want to be prepared for it when it shows up. I did get the recommendation for something like an AT-TN1000 from Allied Telesyn, and I have sent them an email to see if it will work in this case, but I have not heard anything yet. I will be pursuing that. http://www.alliedtelesyn.com/products/details.aspx?518 Is there a T3 card that is supported by OpenBSD? The only one I see on http://www.openbsd.org/i386.html is the SBEi wanPCI-1T3, and that one has been EOLed and their new one does not appear to be supported. I know the wanPCI-1T3 should work, so if someone knows where to get those, I would appreciate the information. l8rZ, On Mon, Aug 22, 2005 at 12:16:19PM -0700, andrew fresh wrote: > I am wondering if the wanPMC-xT3E3 from SBE is supported. > http://www.sbei.net/content/products/wan/wanpmc_xt3e3/ > > Obviously with an adaptor like the adaptPCI-PMC > http://www.sbei.net/content/products/platforms/adaptpci_pmc/ > > They have recently taken the wanPCI-1T3 off of their site, and I am > assuming EOL'd it, although I have not talked to them about it yet. > > The Ethernet controller is Intel's 21143TD 10/100 LAN Controller which > is different than the DEC 21140 Ethernet chip that is listed in the > lmc(4) man page. > > Based on > > if (PCI_CHIPID(pa->pa_id) != PCI_PRODUCT_DEC_21140) > return 0; > > from if_lmc_obsd.c I am assuming it is not supported, but I am not a C > programmer, and especially not drivers. > > Unfortunately, I am not able to purchase one to see if it works at this > point so I am hoping someone here knows. > > Does anyone know of a vendor that sells the SBE products and is OpenBSD > friendly, preferably one who has donated to the project? If not, a > decent vendor for SBE at all? > > Is there another T3 card that is supported by OpenBSD? > -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: We already sent around a notice about that.
SBE wanPMC-xT3E3 support
I am wondering if the wanPMC-xT3E3 from SBE is supported. http://www.sbei.net/content/products/wan/wanpmc_xt3e3/ Obviously with an adaptor like the adaptPCI-PMC http://www.sbei.net/content/products/platforms/adaptpci_pmc/ They have recently taken the wanPCI-1T3 off of their site, and I am assuming EOL'd it, although I have not talked to them about it yet. The Ethernet controller is Intel's 21143TD 10/100 LAN Controller which is different than the DEC 21140 Ethernet chip that is listed in the lmc(4) man page. Based on if (PCI_CHIPID(pa->pa_id) != PCI_PRODUCT_DEC_21140) return 0; from if_lmc_obsd.c I am assuming it is not supported, but I am not a C programmer, and especially not drivers. Unfortunately, I am not able to purchase one to see if it works at this point so I am hoping someone here knows. Does anyone know of a vendor that sells the SBE products and is OpenBSD friendly, preferably one who has donated to the project? If not, a decent vendor for SBE at all? Is there another T3 card that is supported by OpenBSD? l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: filesystem not big enough for Jumbo Kernel Patch
isakmpd.conf man page additions
I am attaching a diff to the isakmpd.conf man page that I hope clarifies using certificate based authentication. I found the information in the archives, and I thought they might be better documented in the man page. I believe the changes to be correct, but please do not take my word on it as I am new to IPSec. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: boss forgot system password --- isakmpd.conf.5.orig Mon Aug 15 11:24:10 2005 +++ isakmpd.conf.5 Mon Aug 15 12:22:53 2005 @@ -886,12 +886,13 @@ # Incoming phase 1 negotiations are multiplexed on the source IP address [Phase 1] 10.1.0.1= ISAKMP-peer-west +10.1.0.3= ISAKMP-peer-north # These connections are walked over after config file parsing and told # to the application layer so that it will inform us when traffic wants to # pass over them. This means we can do on-demand keying. [Phase 2] -Connections= IPsec-east-west +Connections= IPsec-east-west,IPsec-east-north # Default values are commented out. [ISAKMP-peer-west] @@ -905,6 +906,20 @@ Authentication=mekmitasdigoat #Flags= +# This connection uses certifiates, it assumes you have generated a valid +# certificate from your "Private-key", that includes the "subjectAltName" +# as used in the ID-east section and placed it in the "Cert-directory". +[ISAKMP-peer-north] +Phase= 1 +#Transport=udp +Local-address= 10.1.0.2 +Address= 10.1.0.3 +#Port= isakmp +#Port= 500 +Configuration= RSA_SIG-phase-1-configuration +ID=ID-east +#Flags= + [IPsec-east-west] Phase= 2 ISAKMP-peer= ISAKMP-peer-west @@ -929,6 +944,19 @@ EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-AES-SHA-PFS-SUITE +# Phase 1 description (Main Mode) using AUTHENTICATION_METHOD= RSA_SIG +# RSA_SIG is needed when using certificates for authentication + +[RSA_SIG-phase-1-configuration] +EXCHANGE_TYPE= ID_PROT +Transforms=3DES-SHA-RSA_SIG + +# The values here are what would be used by default in this configuration +# if an ID was not specified in the ISAKMP-peer-north section. +[ID-east] +ID-type= IPV4_ADDR +Address= 10.1.0.2 + # Data for an IKE mode-config peer [asn1_dn//C=SE/L=SomeCity/O=SomeCompany/CN=SomePeer.company.com] Address= 192.168.1.123 @@ -983,6 +1011,13 @@ GROUP_DESCRIPTION= MODP_1024 Life= Default-phase-1-lifetime +[DES-MD5-RSA_SIG] +ENCRYPTION_ALGORITHM= DES_CBC +HASH_ALGORITHM=MD5 +AUTHENTICATION_METHOD= RSA_SIG +GROUP_DESCRIPTION= MODP_1024 +Life= Default-phase-1-lifetime + [DES-SHA] ENCRYPTION_ALGORITHM= DES_CBC HASH_ALGORITHM=SHA @@ -990,6 +1025,13 @@ GROUP_DESCRIPTION= MODP_1024 Life= Default-phase-1-lifetime +[DES-SHA-RSA_SIG] +ENCRYPTION_ALGORITHM= DES_CBC +HASH_ALGORITHM=SHA +AUTHENTICATION_METHOD= RSA_SIG +GROUP_DESCRIPTION= MODP_1024 +Life= Default-phase-1-lifetime + # 3DES [3DES-SHA] @@ -999,6 +1041,13 @@ GROUP_DESCRIPTION= MODP_1024 Life= Default-phase-1-lifetime +[3DES-SHA-RSA_SIG] +ENCRYPTION_ALGORITHM= 3DES_CBC +HASH_ALGORITHM=SHA +AUTHENTICATION_METHOD= RSA_SIG +GROUP_DESCRIPTION= MODP_1024 +Life= Default-phase-1-lifetime + # Blowfish [BLF-SHA] @@ -1006,6 +1055,14 @@ KEY_LENGTH=128,96:192 HASH_ALGORITHM=SHA AUTHENTICATION_METHOD= PRE_SHARED +GROUP_DESCRIPTION= MODP_1024 +Life= Default-phase-1-lifetime + +[BLF-SHA-RSA_SIG] +ENCRYPTION_ALGORITHM= BLOWFISH_CBC +KEY_LENGTH=128,96:192 +HASH_ALGORITHM=SHA +AUTHENTICATION_METHOD= RSA_SIG GROUP_DESCRIPTION= MODP_1024 Life= Default-phase-1-lifetime
Re: isakmpd with certificates, I found the goat
On Fri, Aug 12, 2005 at 02:16:40PM -0700, andrew fresh wrote: > I am trying to get isakmpd to create a tunnel with certificates It works now, although I need to get a working policy. "In isakmpd.conf, remember to use a -RSA_SIG transform for MainMode" http://marc.theaimsgroup.com/?l=openbsd-misc&m=104045774627096&w=2 Now I just need to figure out why it needs that and what it means. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: Plumber mistook routing panel for decorative wall fixture
isakmpd with certificates, I must be missing the goat
I am not sure if I need to sacrifice a goat or a chicken to get this working, but I am sure it is something stupid that I am doing that is causing the problem. I am trying to get isakmpd to create a tunnel with certificates, and although I have it working well with preshared keys, I am unable to figure out what I am doing wrong, so I am here asking for help. I believe I have all the information I have on what I have done to try to make it work, what is not working and the different config files here: http://openbsd.somedomain.net/isakmpd_with_certs/ If there is any further information that I am missing that would help with solving this, please let me know. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: Firmware update in the coffee machine
Re: Requesting an change in the installer
On Fri, Aug 05, 2005 at 01:48:13PM -0700, Tim Leslie wrote: > After determining nomenclature, why not have a detect in the install, > and then ask a question with the detected kernel as the default? ala > > > Do you want to use the single (sp) or multiprocessor (mp) kernel? [detected] > My thoughts would be more along the lines of keeping track of bsd* that are downloaded during install, then ask which of those you would like as default. That would reduce the magical CPU count code required. The rest I would agree with. This would allow you to NOT download the bsd.{mp|sp|up|??} and it would link the other. > This would streamline things a bit, I think. I agree. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: Electrons on a bender
OpenBSD torrent updating script available
There is now a script available to help keep your OpenBSD torrents up to date. There are details on how to use it available at: http://openbsd.somedomain.net/files/ You can use it to help seed, to keep up to date with the latest packages for the current release or anything in between. It works with the torrents available from: http://openbsd.somedomain.net/ Also available on the same site is a port for BitTorrent 4.0.1 for OpenBSD 3.6 and 3.7. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: loop found in loop in redundant loopback
OpenBSD 3.7 Torrents are now available
You can get OpenBSD 3.7 from the torrent site here: http://openbsd.somedomain.net/index.php?version=latest+release quick links: AMD 64: http://openbsd.somedomain.net/torrents/OpenBSD_3_7_amd64-2005-05-19-1824.torrent i386: http://openbsd.somedomain.net/torrents/OpenBSD_3_7_i386-2005-05-19-2115.torrent Anything else you should be able to get from the url above. Not all architectures are synced yet, but they are going. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: Your computer's union contract is set to expire at midnight.
Re: OpenBSD Torrents available
On Tue, May 17, 2005 at 04:49:37AM -0600, jared r r spiegel wrote: > On Mon, May 16, 2005 at 04:45:11PM -0700, andrew fresh wrote: > > We have set up an site from which you can get OpenBSD Torrents. > > > > The torrents are generated automatically on a server that is > > rsynced to ftp3.usa.openbsd.org every 4 hours. > > that's cool, but would it make sense to use > 4h? Maybe, I wasn't sure, and it seems to get a fair number of new snapshots whenever it syncs, so it seems to be a workable amount of time. I will look into changing timing of updates as time goes on. The reason I chose 4 hours is that seemed to be what most of the CVS mirrors chose as a sync time and I didn't have any other gauges. > when the contents of a specific $arch directory changes, > does that render out a new .torrent file and update the > link in the -current section on the www; or does it just > overwrite the same name of the torrent? > > if it is the latter, and you're seeding the torrent for > may 12th i386 -current; and then the rsync updates that > dir and a new .torrent is made, and then i d/l the new > one and join it, do we collide or do we just not see > each other (like, the torrent in the tracker is by > hash of contents or something?) When the contents of a dir change, it generates a new torrent (that is the date part of the filename), that means the old torrent is out of date, however, on the torrent clients I have tested, downloading the new torrent will not start your download over, it will just download the changed pieces. However, as far as the tracker goes, it doesn't actually care about the filename, it just cares about the info hash, which is does change, and what actually renders the old torrent out of date. I am hoping if I have time, to write up a script that is available for download that will watch the RSS feed for new torrents that you want, check what you have, remove the old one and download the new one. I don't know how that will screw with different torrent clients though. > can i suggest that the torrents only have the subdir > instead of OpenBSD/subdir? I will definately consider this, I guess I just wasn't sure what the best layout for them was, and during my testing, doing it with OpenBSD/subdir caused all of the files to end up in the OpenBSD dir as they appear on the FTP server. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: not enough memory, go get system upgrade
OpenBSD Torrents available
OpenBSD Users: We have set up an site from which you can get OpenBSD Torrents. The site is http://openbsd.somedomain.net. The torrents are generated automatically on a server that is rsynced to ftp3.usa.openbsd.org every 4 hours. We are also seeding current torrents from that server. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] Proud member: http://www.mad-techies.org BOFH excuse of the day: monitor resolution too high