Re: When will be created a great desktop experience for OpenBSD?
@ Steve > One point I didn't see in RFC's post is stability. When I used OpenBSD > back in 2010, subjectively it seemed more stable, more consistent, and > less surprising than any Linux I'd ever used (and of course than any > Windows I'd ever used). If my computer were just for web browsing, > social networking, email, and storing photos and videos, Ubuntu or Mint > would be stable enough. But the way I work, I often have over 50 > windows open. I can't afford the massive instability bestowed by "we do > it all for you" user interfaces. This is also true. In my experience with Gnome, KDE, et. al., these fancy configuration menus and wizards generally wind up being leaky abstractions. Writing a simple format into /etc/hostname.if has in my experience had far fewer caveats than NetworkManager or nm-applet. I had mostly addressed stability in terms of UI/UX design, but in the broader software quality meaning of the word it's a good point. I would be fine with using a fancy tool to configure everything... if it worked and was consistent. So far the only such tool I've found to deliver on that (actually functioning and being consistent) is OpenBSD's /etc/.
Re: When will be created a great desktop experience for OpenBSD?
I'd like to chime in here, on a slightly different subject. I think the OP (Clark) raises a point, but I suggest he's coming it from the wrong angle. I think there's something here to discuss that I have not seen mentioned in this thread thus far. TL;DR: the OpenBSD (and friends) way of thinking is falling further and further out of fashion with respect to mainstream computing -- I justify this statement, posit on the need for action, and propose a starting point. Disclaimer 1: I use OpenBSD at various points to refer to the piece of code, to the development philosophy, to the development team, and to the community of users. I try to make clear which I am referencing; sorry if it's confusing. Disclaimer 2: I am not an OpenBSD developer. I have contributed only in very minor ways. I don't speak on behalf of anyone other than myself as a user of OpenBSD. If it seems at points that I am speaking on behalf of "OpenBSD" (by any of the previous definitions), I intend that as an appeal to my perception of what the community of users and developers feels and thinks, based on my interactions with them here and elsewhere. If I am wrong in this respect, I invite corrections. It certainly seems that there is a great disconnect from the canonical (small c) definition of "great desktop experience", and the OpenBSD (and friends) definition. I feel that the broader notion of what a "great desktop experience" means within the context of the 2019 zeitgeist has trended towards pandering to the user, in my view to the point of being patronizing. "The users cannot be trusted to manage their own files, it's too hard and will confuse them." "The users cannot be trusted to install their own programs, it's too hard and will confuse them." ... "The users cannot be trusted to make decisions, it's too hard and will confuse them." You get the picture (hopefully). Part of this is perhaps because the users are "bad at using computers". I think most anyone who has helped a computer-illiterate family member or friend with any technology related problem for more than 5 minutes will see the truth in this statement. But I think it's not the users fault; many might argue "but if the users would only learn X, Y, an Z DE/WM/OS/app/etc". I feel that many _do_ argue this, with all the talk these days of "pushing the envelope", "modern UX", "innovation", and so on in big blinking neon letters. Ultimately, what this means is telling the users "yup, you learned $paradigm, but now we have $paradigm++ because it's the new big thing". If you're a corporate user on a box you don't control, or you just don't have the experience to do systems administration on your own, you have to suck it up and deal with it. That probably won't be a relateable sentiment to nearly anyone likely to ever read this document. But as a thought experiment, let's imagine if vi got a fresh now UX paradigm every year or so, and let's pretend for the sake of argument that we can't patch it or revert. I think all of us would not want to use such a program very much. vi takes a while to learn, and while I (as a diehard vim user) would argue against the notion of the vi paradigm as the One True Way to edit text, it is certainly a very powerful tool... because of the time put in to build muscle memory and intuition about it, knowing that that knowledge will be applicable to vi implementations for decades to come. Without the ability to trust that time spent front-loading learning will not be wasted when $paradigm goes to $paradigm++ in a year, who would ever invest effort into learning more than the bare minimum? Remember that the typical computer user sees their box the way most of us probably see our cars. It doesn't matter how it works, as long as it does, but nobody wants a car where the gas and brake pedals switch every second Tuesday and you wake up one morning to discover the head unit is now entirely in Sumerian. It would seem that this creates a self-perpetuating feedback loop. The users have a difficult time using the software because they don't learn it, so the software changes to accommodate the users better, which further puts folks off of ever learning any of it very well (by punishing the ones who try). I suggest that this trend has become so prolific that it has seeped into the general human population's consciousness around how interacting with computers works. Think about it. How many software packages do you know of where a user could learn how to use it well once and have that knowledge be applicable for years or decades thereafter? This is something we expect (as technical folk) of shells and editors, scripting languages, and so on, but it is not something that the layperson using a GUI can now or at any point in the past reasonably expect. Remember also, that every developer was one a user at some point. It sure seems that the wall you have to climb over to go from user to developer keeps getting higher and higher every year. There are several
Re: Xorg blanks until I switch to a TTY and back on 6.5
On Mon, Apr 29, 2019 at 05:05:25PM +1000, Jonathan Gray wrote: > On Sun, Apr 28, 2019 at 07:26:54PM -0400, Charles wrote: > > Hello list, > > > > Ever since the new inteldrm driver got merged into -current, shortly > > before the 6.5 release, I'm seeing an odd new behavior on my Thinkpad > > T430 -- when an external display is connected, Xorg blanks all screens > > (but the mouse can still be seen) until I switch to a TTY and back with > > (i.e. C-A-F4 then C-A-F5) after which point it goes back to normal. > > > > I'm glad the new inteldrm driver got merged, since it fixes several > > other video issues I was having. This problem is very minor since the > > workaround is just a few extra keystrokes when I dock or undock, but it > > is nevertheless annoying. > > > > Is anyone else experiencing this issue on third gen core-I series Intel > > chips with integrated graphics? Or on any other chips for that matter? > > > > I checked Xorg.0.log and didn't see anything suspicious. I also tried > > disabling monitor hotplugging via Xorg.conf, but I either did it wrong > > or it had no effect. > > > > I would attach xorg logs and dmesg, but AFAIK misc@ does not allow > > attachments, and I don't want to annoy people with that much inline > > info. > > Does this help? > > Index: sys/dev/pci/drm/drm_fb_helper.c > === > RCS file: /cvs/src/sys/dev/pci/drm/drm_fb_helper.c,v > retrieving revision 1.13 > diff -u -p -r1.13 drm_fb_helper.c > --- sys/dev/pci/drm/drm_fb_helper.c 14 Apr 2019 10:14:51 - 1.13 > +++ sys/dev/pci/drm/drm_fb_helper.c 29 Apr 2019 06:58:25 - > @@ -575,6 +575,9 @@ static bool drm_fb_helper_is_bound(struc > #ifdef notyet > if (READ_ONCE(dev->master)) > return false; > +#else > + if (!SPLAY_EMPTY(>files)) > + return false; > #endif > > drm_for_each_crtc(crtc, dev) { This appears to have done the trick. I tested with two displays that were affected by the originally noted issue. I will continue running with this patch for a while and report back if the issue re-appears, or there are other relevant developments. Thank you for the patch. ~ Charles
Xorg blanks until I switch to a TTY and back on 6.5
Hello list, Ever since the new inteldrm driver got merged into -current, shortly before the 6.5 release, I'm seeing an odd new behavior on my Thinkpad T430 -- when an external display is connected, Xorg blanks all screens (but the mouse can still be seen) until I switch to a TTY and back with (i.e. C-A-F4 then C-A-F5) after which point it goes back to normal. I'm glad the new inteldrm driver got merged, since it fixes several other video issues I was having. This problem is very minor since the workaround is just a few extra keystrokes when I dock or undock, but it is nevertheless annoying. Is anyone else experiencing this issue on third gen core-I series Intel chips with integrated graphics? Or on any other chips for that matter? I checked Xorg.0.log and didn't see anything suspicious. I also tried disabling monitor hotplugging via Xorg.conf, but I either did it wrong or it had no effect. I would attach xorg logs and dmesg, but AFAIK misc@ does not allow attachments, and I don't want to annoy people with that much inline info. Thanks, ~ Charles
Re: Emacs in console: Meta key problem
init.el: (set-input-mode t nil t) On 3/19/24 03:07, Irek Szcześniak wrote: Hi, I would like to use Emacs in the console, but the problem is the Meta key. I'm using OpenBSD 7.4 GENERIC.MP#1397 amd64 with regular PC keyboards where I got used to the left Alt as the Meta key. I know that instead of using Meta (e.g., Alt+x), I can prefix with Esc, and then press x. However, I would like to get the left Alt work the way I'm used to. But how? Supposedly, this should work: wsconsctl keyboard.encoding=us.metaesc However, it doesn't work for me, and I don't know how to diagnose the problem. I can use Emacs (emacs -nw) in xterm and cwm (from there I can ssh to a different system and can use Emacs with the left Alt key allright), where I had to tweak the .Xdefaults: XTerm*eightBitInput: false XTerm*eightBitOutput: true How to get the console work the way I want? Thanks & best, Irek
Re: OT: mail retrieval software
Hi, Grateful if anyone could recommend a mail retrieval program which does not require a local SMTP service like fetchmail does. From the fetchmail man page : -m command | --mda command (Keyword: mda) You can force mail to be passed to an MDA directly (rather than forwarded to port 25) with the --mda or -m option. Best regards, Charles Longeau
Re: Macppc G3 Powerbook - Install Fails
On Tue, 2005-11-15 at 20:49, Roy Morris wrote: Martin Reindl wrote: How should the hardware know that it should boot from CD? Press 'C' or switch-appel-o-f to get into OF and boot from there as described in the docs. Thanks we have tried all the examples in the docs. We get to the ofw prompt and have tried boot cd:,ofwboot /3.8/macppc/bsd.rd and putting the two files on the hard drive and booting using boot hd:,ofwboot bsd.rd no go on any of them. I don't know if this will help, but I just did this on a bluewhite PowerMac. Try: boot hd:,ofwboot bsd leave off the .rd. Worked for us. -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079
3.8 panic on boot (rd0)
Hello all, I have an older i386 pc that I've been using as my home firewall for some years now. It currently runs 3.3 and I was hoping to do an upgrade, so I did go ahead and buy the full CD set (impressive packaging, btw) after having trouble with boot floppies (marginal drive) and the boot CD ISO. However, the kernel panics every time I try and boot the 3.8 CD. I've also tried 3.7, 3.6 and 3.5 boot CDs that I downloaded from the OpenBSD ftp server. Hardware seems fine; I ran memtest86+ for a day and it did about 30 passes with no errors, I tried different CD-ROM drives, different IDE cables, removed all network cards, etc., but still it panics in the same place (right after rd0: fixed, 3800 blocks). CPU is an AMD K6-2-500 clocked down to 300 - temperature is fine (about 110F), mainboard is an old Epox. On the suggestion of a bsdforums.org user, I tried downloading bsd.rd and booting that from the 3.3 install, and that failed. I'm guessing it has something to do with the exec format changing; perhaps the old loader doesn't understand the new kernel exec format? rebooting... boot /bsd.rd booting hd0a:/bsd.rd: failed(79). will try /obsd boot ls bsd.rd -rwxr-xr-x 0,0 4658297 hd0a:bsd.rd boot ls obsd -rwxr-xr-x 0,0 2487309 hd0a:obsd boot ...snip... gw# cd / gw# file bsd.rd bsd.rd: ELF 32-bit LSB executable, Intel 80386, version 1, statically linked, not stripped gw# file obsd obsd: OpenBSD/i386 demand paged executable not stripped gw# I have this thing hooked up via serial now, so if someone can point me in the right direction (how to get a dump when booting from CD, how to look at that dump, etc.), I will gladly do so. I have also included the 3.3 dmesg below. Thanks, Charles _ Here is the partial boot message booting 3.8: OpenBSD/i386 CDBOOT 1.04 boot booting cd0a:/3.8/i386/bsd.rd: 4369156+828044 [52+151072+137381]=0x53b600 entry point at 0x100120 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.8 (RAMDISK_CD) #794: Sat Sep 10 15:58:32 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: AMD-K6(tm) 3D processor (AuthenticAMD 586-class) 301 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX real mem = 133799936 (130664K) avail mem = 116502528 (113772K) using 1658 buffers containing 6791168 bytes (6632K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(ee) BIOS, date 01/03/00, BIOS32 rev. 0 @ 0xfb390 apm0 at bios0: Power Management spec V1.2 apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xb80c pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdde0/128 (6 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C586 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT82C598 PCI rev 0x04 ppb0 at pci0 dev 1 function 0 VIA VT82C598 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Rage Pro rev 0x5c wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 VIA VT82C586 ISA rev 0x47 pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x06: ATA33, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 72004 AP wd0: 32-sector PIO, LBA, 1916MB, 3924360 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SAMSUNG, CD-ROM SC-148F, F007 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 7 function 2 VIA VT83C572 USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered VIA VT82C586 Power rev 0x10 at pci0 dev 7 function 3 not configured sis0 at pci0 dev 17 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 10, address 00:09:5b:22:4a:ee nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 xl0 at pci0 dev 18 function 0 3Com 3c900 10Base-T rev 0x00: irq 5, address 00:a0:24:ce:11:02 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask fbc5 netmask ffe5 ttymask ffe7 rd0: fixed, 3800 blocks fatal page fault in supervisor mode trap type 6 code 2 eip d02b9015 cs 50 eflags 10002 cr2 1ffec1c6 cpl a0 panic: trap type 6, code=2, pc=d02b9015 syncing disks
trouble with ports
I have continual trouble installing from ports. I am under the impression that I cd to the proper directory in my ports tree, type make install and the package should install. In more than 50% of the cases in which I attempt this, it appears to download and build the package, but towards the end of the process I get failures 'Error code 1' mostly. Here is the latest of them for BerkeleyDB: === === Building package for db-3.1.17p4 Unknown element: @pkgpath databases/db/v3,no_tcl === Cleaning for db-3.1.17p4 rm -f /usr/ports/packages/powerpc/all/db-3.1.17p4.tgz *** Error code 1 Stop in /usr/ports/databases/db/v3 (line 2051 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/databases/db/v3 (line 1274 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/databases/db (line 108 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk). I can't help but feel that I am missing something fundamental, perhaps these messages will be meaningful to those with more experience than I. This is OpenBSD 3.8 installed on a G3 Mac. thanks, --charlie -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079
Re: 3.8 panic on boot (rd0)
Leaving the history intact, following up below. An offlist reply suggested trying a more recent snapshot of -current. It also paniced in the same place. On Sat, 7 Jan 2006, Kenneth R Westerback wrote: On Sat, Jan 07, 2006 at 03:23:15PM -0500, Charles Sprickman wrote: Hello all, I have an older i386 pc that I've been using as my home firewall for some years now. It currently runs 3.3 and I was hoping to do an upgrade, so I did go ahead and buy the full CD set (impressive packaging, btw) after having trouble with boot floppies (marginal drive) and the boot CD ISO. However, the kernel panics every time I try and boot the 3.8 CD. I've also tried 3.7, 3.6 and 3.5 boot CDs that I downloaded from the OpenBSD ftp server. Hardware seems fine; I ran memtest86+ for a day and it did about 30 passes with no errors, I tried different CD-ROM drives, different IDE cables, removed all network cards, etc., but still it panics in the same place (right after rd0: fixed, 3800 blocks). CPU is an AMD K6-2-500 clocked down to 300 - temperature is fine (about 110F), mainboard is an old Epox. On the suggestion of a bsdforums.org user, I tried downloading bsd.rd and booting that from the 3.3 install, and that failed. I'm guessing it has something to do with the exec format changing; perhaps the old loader doesn't understand the new kernel exec format? rebooting... boot /bsd.rd booting hd0a:/bsd.rd: failed(79). will try /obsd boot ls bsd.rd -rwxr-xr-x 0,0 4658297 hd0a:bsd.rd boot ls obsd -rwxr-xr-x 0,0 2487309 hd0a:obsd boot ...snip... gw# cd / gw# file bsd.rd bsd.rd: ELF 32-bit LSB executable, Intel 80386, version 1, statically linked, not stripped gw# file obsd obsd: OpenBSD/i386 demand paged executable not stripped gw# I have this thing hooked up via serial now, so if someone can point me in the right direction (how to get a dump when booting from CD, how to look at that dump, etc.), I will gladly do so. I have also included the 3.3 dmesg below. Thanks, Charles _ I'd suggest trying a 3.8 snapshot as well, to make sure it hasn't already been fixed in -current. I grabbed a snapshot from 1/19 today and burned the mini cd boot iso. Same thing. Where do I go from here to troubleshoot this? It does panic, but I'm not sure how to get a dump when booting off of cd. Thanks, Charles latest boot messages follow, then the older boot messages from 3.8 are still intact below. boot booting cd0a:/3.9/i386/bsd.rd: 4429460+740764 [52+154592+141324]=0x5369c4 entry point at 0x100120 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.9-beta (RAMDISK_CD) #1001: Thu Jan 19 12:49:57 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: AMD-K6(tm) 3D processor (AuthenticAMD 586-class) 301 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX real mem = 133799936 (130664K) avail mem = 116531200 (113800K) using 1658 buffers containing 6791168 bytes (6632K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(ee) BIOS, date 01/03/00, BIOS32 rev. 0 @ 0xfb390 apm0 at bios0: Power Management spec V1.2 apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xb80c pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdde0/128 (6 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C586 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT82C598 PCI rev 0x04 ppb0 at pci0 dev 1 function 0 VIA VT82C598 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Rage Pro rev 0x5c wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 VIA VT82C586 ISA rev 0x47 pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x06: ATA33, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 72004 AP wd0: 32-sector PIO, LBA, 1916MB, 3924360 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SAMSUNG, CD-ROM SC-148F, F007 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 7 function 2 VIA VT83C572 USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered VIA VT82C586 Power rev 0x10 at pci0 dev 7 function 3 not configured sis0 at pci0 dev 17 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:09:5b:22:4a:ee nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 xl0 at pci0 dev 18 function 0 3Com 3c900 10Base-T rev 0x00: irq 5, address 00:a0:24:ce:11:02 isa0 at pcib0
kernel debugging when booted off install cd
Hello all, I'm still not able to get OpenBSD 3.4-3.8 loaded on my old firewall box. It either freezes or panics when probing (or creating?) rd0, which I assume is the ramdisk used in the install. It runs 3.3 fine. So rather than just asking some random questions, I'd like to know how to save a dump when booting off of the install CD. I do have a serial console available (set tty com0). If getting a dump isn't possible, I'd then like to know how to get into the kernel debugger. I figure that I can gather information that's more helpful this way. Thanks, Charles
Re: kernel debugging when booted off install cd
On Fri, 3 Feb 2006, Rogier Krieger wrote: On 2/3/06, Charles Sprickman [EMAIL PROTECTED] wrote: It either freezes or panics when probing (or creating?) rd0, which I assume is the ramdisk used in the install. It runs 3.3 fine. Perhaps you need to look at the FAQ if you're running i386: upgrading/reinstalling OpenBSD/i386 using bsd.rd-a.out [1]. Excellent, I did not know how to boot an ELF kernel from the a.out bootloader. If that doesn't solve your problem, a dmesg would be your best bet. Information from a panic (trace/ps, obtained through the debugger you get dropped into) would also be helpful. Since you mentioned you have a serial console available, I recommend using it to file a report. OK, so I grabbed the 3.5 bsd.rd-a.out and I get the same results. Instant panic, and then a reboot. dump to 1001 dump error 19 How can I go about getting it to crash into the debugger? Thanks, Charles Upon freezes, I usually try to boot into the UKC to set the verbose option. Typically, this gave me a hint in devices to disable. As a sidenote: my own usual culprit is the ahc(4) driver. That said, this only happens with two machines, each having an nVidia nForce2 chipset. Given that you mentioned rd0 as a problem point, I doubt you are having the same underlying problem. Cheers, Rogier References: 1. OpenBSD FAQ - Upgrading/reinstalling OpenBSD/i386 using bsd.rd-a.out http://www.openbsd.org/faq/faq4.html#bsdrdaout -- If you don't know where you're going, any road will get you there.
Re: kernel debugging when booted off install cd
On Sun, 5 Feb 2006, Nick Holland wrote: Charles Sprickman wrote: Hello all, I'm still not able to get OpenBSD 3.4-3.8 loaded on my old firewall box. It either freezes or panics when probing (or creating?) rd0, which I assume is the ramdisk used in the install. It runs 3.3 fine. So rather than just asking some random questions, I'd like to know how to save a dump when booting off of the install CD. I do have a serial console available (set tty com0). If getting a dump isn't possible, I'd then like to know how to get into the kernel debugger. I figure that I can gather information that's more helpful this way. You aren't going to get nor save a dump when booting off the install CD. You really don't want a panicked kernel writing to your good data disks, do you? In this case, I don't mind. I've got another box in it's place so I'm prepared to do anything I need to do to get this running a current version of OBSD. The install kernels don't have all the bells and whistles of the production kernel, that's how they fit on floppies and such. Got it, so there's absolutely no way to dump to a disk? It looks like it tries to... I also don't have another box handy to build a custom 3.8 kernel on. And I also wonder if a non-rd kernel would panic, as the panic happens as it tries to deal with the ramdisk... Use your serial cable to capture the output of the boot process. THAT will tell us much more about your hardware. I've got a thread here: http://marc.theaimsgroup.com/?t=11366659953r=1w=2 I reposted since I just wanted to get the basics on getting a dump in OBSD. I figured once I had that, I could actually file a PR or something. A completely Wild A..ed Guess, based on the symptoms, you may have way too little RAM for the newer kernels (16M will get you running still, but 32M is a practical minimum) and floating point emulation broke after 3.3 on i386 (translation: no more 486sx or 80386 w/o 80387 support). If I were to bet, I'd say you probably have no FPU on your machine. It's old, but not that old. I've got 128MB of RAM. Processor is an AMD K6-2/500 clocked down to 300. VIA chipset. I've had memtest86+ go through about a dozen runs with no errors. 3.3 works flawlessly. Not sure where to go from here... Thanks, Charles Nick.
Re: gunzip changes lastmod time?
Hello, 2007/4/19, Frank Bax [EMAIL PROTECTED]: On an older box still running 3.5; gunzip/gzip does not change lastmod time; but on 4.0 [release] gunzip changes the lastmod time. What's the reason for this change? This was a bug and it has been fixed. For more info, please see : http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5417 Best regards, Charles Longeau
CREA-PROMO.COM vous offre l'étude eMarketing de votre site commercial !
Ce courriel vous est envoyi par www.crea-promo.com - S'il ne s'affiche pas correctement Cliquez sur ce lien http://www.crea-promo.com/lists/lt.php?id=MEoEUgZXB09XB00AVlxb http://www.crea-promo.com/lists/lt.php?id=MEoEUgZXB09XB00AVlxb Pour recommander ce message ` un ami, Cliquez sur http://www.crea-promo.com/lists/lt.php?id=MEoEUgZXBk9XB00AVlxb Conformiment ` l'article 34 de la loi n078-17 du 6 janvier 1978 relative ` l'informatique, aux fichiers et aux libertis, Vous disposez d'un droit d'acchs, de rectification des donnies nominatives vous concernant. Diclaration CNIL N0 1260916 Si vous souhaitez difinitivement ne plus recevoir de courriel de www.crea-promo.com : Cliquez sur http://www.crea-promo.com/lists/lt.php?id=MEoEUgZXCU9XB00AVlxb -- Powered by PHPlist, www.phplist.com --
CREA-PROMO.COM vous offre l'étude eMarketing de votre site commercial !
Ce courriel vous est envoyi par www.crea-promo.com - S'il ne s'affiche pas correctement Cliquez sur ce lien http://www.crea-promo.com/lists/lt.php?id=MEoEXwJRBU9XA00AVlxb http://www.crea-promo.com/lists/lt.php?id=MEoEXwJRBU9XA00AVlxb Pour recommander ce message ` un ami, Cliquez sur http://www.crea-promo.com/lists/lt.php?id=MEoEXwJRBE9XA00AVlxb Conformiment ` l'article 34 de la loi n078-17 du 6 janvier 1978 relative ` l'informatique, aux fichiers et aux libertis, Vous disposez d'un droit d'acchs, de rectification des donnies nominatives vous concernant. Diclaration CNIL N0 1260916 Si vous souhaitez difinitivement ne plus recevoir de courriel de www.crea-promo.com : Cliquez sur http://www.crea-promo.com/lists/lt.php?id=MEoEXwJRB09XA00AVlxb -- Powered by PHPlist, www.phplist.com --
Re: wi: ifconfig txpower wrong for non 100mW wireless cards?
EE/RF pedant here (there had to be one, right?). However, I doubt that e.g. subtracting 3dBm is sufficient, say Without going into detail, it needs to be said that dB is a relative measurement while dBm is absolute. Thus, one would state that 3 dB is subtracted from X dBm in order to represent half power (which is what you were getting at with the 200 - 100 mW issue). Simple example: 15 dBm = 31.623 mW, 12 dBm = 15.829 mW (indeed, 3 dB down is half power on a linear scale). 3 dBm, however is 1.995 mW. Subtracting 3 dBm from 15 dBm would then give you 14.72 dBm (29.628 mW). Not obvious? Yes. Important? Definitely. While I'm at it an OT(?) question: Does somebody know how to _simply_ (using a multimeter or an old 20MHz scope) measure the power output of a wireless NIC? Just a rough (+-10mW) estimate would suffice. The antennae are external so I have access to the SMA. Then I could measure the mapping myself. To simply answer, no. You cannot absolutely measure transmitted RF power without a calibrated receiver of some sort (e.g. a commercial RF power meter... see Agilent), two antennas with known directivity patterns and known efficiencies, and/or a 2D motorized az/el stage such that you can easily rotate one of the two antennas and integrate the received power. If you have, however, two known antennas with known gains (say, Hyperlink patch antennas), and you know - or can estimate - the insertion loss in the cables and coax connectors, and a second wireless NIC with software you believe is giving you approximate values of received power, you can use the Friis equation to find the transmitted power. This will put you within 10 dBm/mW easily. http://en.wikipedia.org/wiki/Friis_Transmission_Equation Any other questions related to this I can answer off-list. Cheers, Charles
ClamAV compile fails
Hi, I have an OpenBSD 3.8 mail server running Postfix, amavisd-new, SpamAssassin and ClamAV. ClamAV was installed via ports ( I think ) and is version .88. I am trying to upgrade it to version .88.3. I cannot get it to build from source code. I found what I thought to be exactly my problem at flakshak.com: === 1.1 ClamAV 0.88.3 Compilation Issues on OpenBSD 3.9 ClamAV fails to compile from the source codesnip. In order to fix this, you must edit the Configure script (before running ./configure) and find the OpenBSD section. Open up configure with your favorite editor, and search for openbsd* and find a line that looks like LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS -pthread Replace all -pthread with -lpthread and Viola! === I did this but still get this result from 'make': === gcc -g -O2 -o .libs/clamd output.o cfgparser.o getopt.o memory.o misc.o options.o clamd.o tcpserver.o localserver.o session.o thrmgr.o server-th.o scanner.o others.o clamuko.o dazukoio_compat12.o dazukoio.o -L../libclamav/.libs -lclamav -lz -lpthread -lc_r -Wl,-rpath,/usr/local/lib ld: cannot find -lc_r *** Error code 1 Stop in /usr/src/clamav-0.88.3/clamd (line 326 of Makefile). *** Error code 1 Stop in /usr/src/clamav-0.88.3 (line 374 of Makefile). *** Error code 1 Stop in /usr/src/clamav-0.88.3 (line 233 of Makefile). === I'm going to have to update this on a regular basis and need to figure out how to do it so I'm looking for some pointers, please. thanks, --charlie -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079
Kernel panic
We have a G3 mac here running mail/dns and this morning it died. I had to reboot it, so I wasn't able to run trace or ps. Any clues as to what may have happened? I don't see anything in my logs. from dmesg: === kern dsi on addr 3c200068 iar 304430 panic: trap type 300 at 304430 (uvm_unmap_remove+0x1c4) lr 304500 Stopped at Debugger+0x10: lwz\M-hX=8\M-hX\M^X r0,20(r1) RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! [ using 323864 bytes of bsd ELF symbol table ] console out [ATY,Rage128y]console in [keyboard] USB and ADB found, using USB : memaddr 8400 size 400, : consaddr 8400, : ioaddr 8092, size 2: memtag 8000, iotag 8000: width 640 linebytes 640 height 480 depth 8 === -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079
newsyslog.conf help?
Hi, All my logs rotate as expected except 1, my amavisd.log. My newsyslog.conf file follows and I have the amavisd.log set up the same as the rest of them. I have no idea what's wrong, any suggestions? thanks, -- # # configuration file for newsyslog # # logfile_name owner:group mode count size when flags /var/cron/log root:wheel 600 3 10 * Z /var/log/aculog uucp:dialer 660 7 * 24Z /var/log/authlogroot:wheel 640 7 * 168 Z /var/log/daemon 640 5 30 * Z /var/log/lpd-errs 640 7 10 * Z /var/log/maillog600 7 * 24Z /var/log/messages 644 5 30 * Z /var/log/secure 600 7 * 168 Z /var/log/wtmp 644 7 * 168 ZB /var/log/xferlog640 7 250 * Z /var/log/ppp.log640 7 250 * Z /var/log/pflog 600 3 250 * ZB /var/run/pflogd.pid /var/amavisd/logs/amavisd.log _amavisd:_amavisd 644 5 * 24Z /var/amavisd/clamav/log/clamd.log _amavisd:_amavisd 644 5 * 168 Z ~ Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079
Re: newsyslog.conf help?
On Thu, 2006-08-17 at 20:54, Garance A Drosihn wrote: At 5:56 PM -0400 8/17/06, Charles Farinella wrote: Hi, All my logs rotate as expected except 1, my amavisd.log. My newsyslog.conf file follows and I have the amavisd.log set up the same as the rest of them. I have no idea what's wrong, any suggestions? Try running newsyslog by hand, and include the '-v' option, so you get a more verbose output of what it thinks is going on. That might be helpful. It seems to be ignoring the log in question. # newsyslog -v /var/cron/log 3Z: size (KB): 6.04 [10] -- skipping /var/log/authlog 7Z: age (hr): 39 [168] -- skipping /var/log/daemon 5Z: size (KB): 15.18 [30] -- skipping /var/log/maillog 7Z: age (hr): 23 [24] -- skipping /var/log/messages 5Z: size (KB): 10.79 [30] -- skipping /var/log/secure 7Z: age (hr): 5541 [168] -- skipping /var/log/wtmp 7ZB: age (hr): 69 [168] -- skipping /var/log/xferlog 7Z: size (KB): 0.00 [250] -- skipping /var/amavisd/clamav/log/clamd.log 5Z: age (hr): 49 [168] -- skipping -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079
Re: newsyslog.conf help?
On Thu, 2006-08-17 at 18:35, Bryan Irvine wrote: can you port the output of syslogd -d? --Bryan On 17 Aug 2006 17:56:40 -0400, Charles Farinella [EMAIL PROTECTED] wrote: Hi, All my logs rotate as expected except 1, my amavisd.log. My newsyslog.conf file follows and I have the amavisd.log set up the same as the rest of them. I have no idea what's wrong, any suggestions? thanks, -- # # configuration file for newsyslog # # logfile_name owner:group mode count size when flags /var/cron/log root:wheel 600 3 10 * Z /var/log/aculog uucp:dialer 660 7 *24Z /var/log/authlogroot:wheel 640 7 *168 Z /var/log/daemon 640 5 30 * Z /var/log/lpd-errs 640 7 10 * Z /var/log/maillog600 7 *24Z /var/log/messages 644 5 30 * Z /var/log/secure 600 7 *168 Z /var/log/wtmp 644 7 *168 ZB /var/log/xferlog640 7 250 * Z /var/log/ppp.log640 7 250 * Z /var/log/pflog 600 3 250 * ZB /var/run/pflogd.pid /var/amavisd/logs/amavisd.log _amavisd:_amavisd 644 5 *24Z /var/amavisd/clamav/log/clamd.log _amavisd:_amavisd 644 5 *168 Z # syslogd -d syslogd: bind: Address already in use syslogd: bind: Address already in use syslogd: connect: Socket is already connected syslogd: connect: Socket is already connected can't open /dev/klog (16) off running init [priv]: msg PRIV_CONFIG_MODIFIED received [priv]: msg PRIV_OPEN_CONFIG received cfline(*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages, f, *) [priv]: msg PRIV_OPEN_LOG received cfline(kern.debug;syslog,user.info /var/log/messages, f, *) cfline(auth.info /var/log/authlog, f, *) [priv]: msg PRIV_OPEN_LOG received cfline(authpriv.debug /var/log/secure, f, *) [priv]: msg PRIV_OPEN_LOG received cfline(cron.info /var/cron/log, f, *) [priv]: msg PRIV_OPEN_LOG received cfline(daemon.info /var/log/daemon, f, *) [priv]: msg PRIV_OPEN_LOG received cfline(ftp.info /var/log/xferlog, f, *) [priv]: msg PRIV_OPEN_LOG received cfline(lpr.debug /var/log/lpd-errs, f, *) [priv]: msg PRIV_OPEN_LOG received syslogd: priv_open_log failed syslogd: /var/log/lpd-errs: No such file or directory syslogd: /var/log/lpd-errs: No such file or directory cfline(mail.info /var/log/maillog, f, *) [priv]: msg PRIV_OPEN_LOG received cfline(*.emerg *, f, *) 7 6 X 5 X 6 X 5 5 X X X 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages X X X X 6 X X X X X X X X X X X X X X X X X X X X FILE: /var/log/authlog X X X X X X X X X X 7 X X X X X X X X X X X X X X FILE: /var/log/secure X X X X X X X X X 6 X X X X X X X X X X X X X X X FILE: /var/cron/log X X X 6 X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/daemon X X X X X X X X X X X 6 X X X X X X X X X X X X X FILE: /var/log/xferlog X X X X X X 7 X X X X X X X X X X X X X X X X X X UNUSED: X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: logmsg: pri 056, flags 0x4, from mail, msg syslogd: restart Logging to FILE /var/log/messages syslogd: restarted [priv]: msg PRIV_DONE_CONFIG_PARSE received -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079
Re: Sun SMP Hardware [was RE: Version 4.0 release ]
I've gotten a few replies with people interested in parting with E450s, 250s, 280s, and 220s (I have an Ultra 2 to throw onto the pile, for what its worth). So far, every reply has been, It's yours if you pay to ship it. If any devs would find any of these useful, or know of a dev who would find them useful, please let me know. I'm happy to get this rolling--either by myself or with the help of others. Count me in; I will help pay shipping as well.
More donations for hardware
Good day misc@, Seeing as how quickly kettenis@ received a second Blade 1k after the donations request a few weeks back, I thought we should try it again. Of personal interest to me are the following: GPS for timing (mbalmer@), and GSM/GPRS (jolan@) HSDPA/UMTS (fkr@) device support. If anyone is interested in helping with one or more of these areas, remember, it only takes a little money from a few people to buy hardware. Please contact me off-list regarding rough donation amount and area of interest so I can see which one(s) of these we can take off of want.html and get the developers the hardware they need. After a few days I'll reply to you and let you know what the consensus is, and how/where to put your money so it's used for the correct purchase. I have already selected devices in each of these categories and know the approximate costs (75-200 EUR/USD ea. depending on category). I'll chip in 50 EUR/USD to the categories which receive most interest. Let's do it! Best regards, Charles
yacc rebuild
Good afternoon! So, before the next make build I must rebuild the yacc alone. I would like to know how can I rebuild yacc. I searched in old errata patches, Makefiles, bsd.*.mk files. In my previous logfile (2008.07.07/src_make_build) I see, that by yacc the make cleandir is used: rm -f yacc.cat1 ... rm -f .depend ...tags So is this correct? cd usr.bin/yacc make obj make cleandir make depend make make install In general, how can I ascertain, what kind of make Phony Targets must I use? I didn't read through the whole stuff (docs, all Makefiles, etc) yet, so I rejoice at a link too. Thank You!
neomagic and the needs-update entries
Good afternoon! In xenocara/MODULES file a needs-update entry, eg by neomagic, can provoke errors, like PR pending/5836 [0]? The PR in short: On i386 ThinkPad 600X (NeoMagic 256ZX NM2360) doesn't work WindowMaker since 2008.04.10 (or before too, that was my first test after 4.3 RELEASE branch fork.) With 4.3 RELEASE works. The very odd thing: cwm, fvwm; and icewm from ports work. All application works, that I use. WindowMaker didn't change since 2007.09.15. After branch fork in xenocara/MODULES file the neomagic has been updated two times: on 2008.03.19 from 1.1.1 to 1.2.0 and on 2008.05.21 to 1.2.1. In xenocara/driver/xf86-video-neomagic/ directory remained 1.1.1. The needs-update appeared with 1.2.0. Are they not in sync? Is this rate major update? Are the needs-update entries like as public todo lists? [0]: http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5836 Synopsis and Subject: wmaker on ThinkPad600X Fatal server error
Re: neomagic and the needs-update entries
--- On Sat, 7/12/08, Charles Smith [EMAIL PROTECTED] wrote: From: Charles Smith [EMAIL PROTECTED] Subject: neomagic and the needs-update entries To: misc@openbsd.org Date: Saturday, July 12, 2008, 6:09 PM Good afternoon! In xenocara/MODULES file a needs-update entry, eg by neomagic, can provoke errors, like PR pending/5836 [0]? The PR in short: On i386 ThinkPad 600X (NeoMagic 256ZX NM2360) doesn't work WindowMaker since 2008.04.10 (or before too, that was my first test after 4.3 RELEASE branch fork.) With 4.3 RELEASE works. The very odd thing: cwm, fvwm; and icewm from ports work. All application works, that I use. WindowMaker didn't change since 2007.09.15. After branch fork in xenocara/MODULES file the neomagic has been updated two times: on 2008.03.19 from 1.1.1 to 1.2.0 and on 2008.05.21 to 1.2.1. In xenocara/driver/xf86-video-neomagic/ directory remained 1.1.1. The needs-update appeared with 1.2.0. Are they not in sync? Is this rate major update? Are the needs-update entries like as public todo lists? [0]: http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5836 Synopsis and Subject: wmaker on ThinkPad600X Fatal server error These found today: [1] [2] On FreeBSD 7.0 X.org 7.3. ThinkPad600 Neomagic Wmaker and GNUStep application problem. icewm works. Very likewise than by me on OpenBSD. I don't know if it helps. [1] http://permalink.gmane.org/gmane.os.freebsd.questions/225666 [2] http://permalink.gmane.org/gmane.os.freebsd.questions/225665
pf examples needed
I have an OpenBSD 3.9 machine with a public IP providing NAT and firewalling for our internal network. It has 3 interfaces: dc0: public ip from internet X.X.X.25 dc1: 192.168.100.x to internal network. This works well. dc2: 192.168.200.x -- to Windows server. I need to allow public access to the Windows server connected to dc2 (one port only). Currently I have a private network address assigned to dc2 and a public one (X.X.X.26) assigned to the machine connected to it. I need to know how to access the X.X.X.26 machine from the internet. My attempts at redirecting with pf rules haven't been successful so far, and I'm not sure that's how I should be approaching it. I've been playing with this for a few days, and am kind of lost, so any advice, pointers to docs, examples, etc. would be very much appreciated. thanks, --charlie -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] voice: 603.924.6079 fax: 603.924.8668
Re: pf examples needed
Thanks to all for the help. Martin Toft wrote: On Tue, Jan 16, 2007 at 09:32:02AM -0500, Charles Farinella wrote: I have an OpenBSD 3.9 machine with a public IP providing NAT and firewalling for our internal network. It has 3 interfaces: dc0: public ip from internet X.X.X.25 dc1: 192.168.100.x to internal network. This works well. dc2: 192.168.200.x -- to Windows server. I need to allow public access to the Windows server connected to dc2 (one port only). Currently I have a private network address assigned to dc2 and a public one (X.X.X.26) assigned to the machine connected to it. You should put a private 192.168.200.x IP address on the Windows box, not a global X.X.X.26 address. Afterwards, do a simple port forwarding (redirection in pf language) at the OpenBSD box, e.g. I currently have it set up like this: dc0 = X.X.X.25 dc2 = 192.168.200.254 test_box = 192.168.25.123 services = { ssh, smtp, http, https } I have the following in my pf.conf: rdr pass on dc0 proto tcp from any to X.X.X.25 port 80 - 192.168.25.122 port 80 If I ssh into the X.X.X.25 box I can access the test_box on port 80. I cannot access X.X.X.25 port 80 however. I've been using pfctl -f /etc/pf.conf to reload my rules. I see no reference in my pflog to any attempts to access port 80 on X.X.X.25. Remember to set up a default route on the Windows box (it should of course use the OpenBSD box as its default route). Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default192.168.25.254 UGS 07 - ne3 loopback localhost.localnet UGRS00 33224 lo0 localhost.localnet localhost.localnet UH 09 33224 lo0 192.168.25/24 link#1 UC 00 - ne3 192.168.25.254 00:18:f8:08:b4:27 UHLc0 592 - ne3 BASE-ADDRESS.MCAST localhost.localnet URS 00 33224 lo0 Is this correct? Thanks again. --charlie -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] voice: 603.924.6079 fax: 603.924.8668
Re: pf examples needed
Charles Farinella wrote: Thanks to all for the help. Martin Toft wrote: On Tue, Jan 16, 2007 at 09:32:02AM -0500, Charles Farinella wrote: I have an OpenBSD 3.9 machine with a public IP providing NAT and firewalling for our internal network. It has 3 interfaces: dc0: public ip from internet X.X.X.25 dc1: 192.168.100.x to internal network. This works well. dc2: 192.168.200.x -- to Windows server. I need to allow public access to the Windows server connected to dc2 (one port only). Currently I have a private network address assigned to dc2 and a public one (X.X.X.26) assigned to the machine connected to it. You should put a private 192.168.200.x IP address on the Windows box, not a global X.X.X.26 address. Afterwards, do a simple port forwarding (redirection in pf language) at the OpenBSD box, e.g. I currently have it set up like this: dc0 = X.X.X.25 dc2 = 192.168.200.254 test_box = 192.168.25.123 oops, my error, sorry. That should be 192.168.200.123 services = { ssh, smtp, http, https } I have the following in my pf.conf: rdr pass on dc0 proto tcp from any to X.X.X.25 port 80 - 192.168.25.122 port 80 If I ssh into the X.X.X.25 box I can access the test_box on port 80. I cannot access X.X.X.25 port 80 however. I've been using pfctl -f /etc/pf.conf to reload my rules. I see no reference in my pflog to any attempts to access port 80 on X.X.X.25. Remember to set up a default route on the Windows box (it should of course use the OpenBSD box as its default route). Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default192.168.25.254 UGS 07 - ne3 loopback localhost.localnet UGRS00 33224 lo0 localhost.localnet localhost.localnet UH 09 33224 lo0 192.168.25/24 link#1 UC 00 - ne3 192.168.25.254 00:18:f8:08:b4:27 UHLc0 592 - ne3 BASE-ADDRESS.MCAST localhost.localnet URS 00 33224 lo0 Is this correct? Thanks again. --charlie -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] voice: 603.924.6079 fax: 603.924.8668
Re: pf examples needed [solved]
Charles Farinella wrote: On Tue, Jan 16, 2007 at 09:32:02AM -0500, Charles Farinella wrote: I have an OpenBSD 3.9 machine with a public IP providing NAT and firewalling for our internal network. It has 3 interfaces: dc0: public ip from internet X.X.X.25 dc1: 192.168.100.x to internal network. This works well. dc2: 192.168.200.x -- to Windows server. I need to allow public access to the Windows server connected to dc2 (one port only). Currently I have a private network address assigned to dc2 and a public one (X.X.X.26) assigned to the machine connected to it. I have this working, thanks for the help. :-) = # Network interfaces external = dc0 internal = dc1 dmz = dc2 # Address ranges int_add = 192.168.100.0/24 dmz_add = 192.168.200.0/24 ext_add = X.X.X.25 rdr pass log (all) on $external proto tcp from any to $external port 80 - 192.168.200.122 port 80 rdr pass log (all) on $internal proto tcp from any to $external port 80 - 192.168.200.122 port 80 == I actually had it working and didn't realize it as I was accessing the server via dc1 and only had the dc0 rule set. Martin Toft tipped me off when he pointed that out to me, and indeed checking from a machine outside of our network confirmed that. Creating the internal redirect has solved my problem. Thanks again. --charlie -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] voice: 603.924.6079 fax: 603.924.8668
vendor list (was: dmesg IBM x3650 OpenBSD 4.3 )
to create a web section listing the reasonable and bastard vendors? I think it would be useful in two points: * helps to OpenBSD community to choose the right hardware * make good or bad publicity depending on real vendor's position Anyway it's only an idea. +1 I very like the idea.
root.mail at Nov 1
Index: src/etc/root/root.mail === RCS file: /cvs/src/etc/root/root.mail,v retrieving revision 1.87 diff -u -r1.87 root.mail --- src/etc/root/root.mail 24 Jun 2009 06:46:07 - 1.87 +++ src/etc/root/root.mail 30 Sep 2009 14:03:07 - @@ -1,6 +1,6 @@ -From dera...@do-not-reply.openbsd.org Thu Oct 1 06:46:46 MDT 2009 +From dera...@do-not-reply.openbsd.org Sun Nov 1 06:46:46 MDT 2009 Return-Path: root -Date: Oct 1 06:46:46 MDT 2009 +Date: Nov 1 06:46:46 MDT 2009 From: dera...@do-not-reply.openbsd.org (Theo de Raadt) To: root Subject: Welcome to OpenBSD 4.6!
Re: root.mail at Nov 1
--- On Wed, 9/30/09, Miod Vallat m...@online.fr wrote: It's too late for this. Yes, I have realised this too after sending. Sorry for the noise.
minor bump is src/.../shlib_version
Good afternoon! When there is a major bump in src/.../shlib_version files, snapshots sets must be correspond with snapshots packages. For example: src/lib/libkrb5/shlib_version src/gnu/lib/libiberty/shlib_version src/lib/libc/shlib_version src/lib/libm/shlib_version Maybe with minor bump too? At UTC 2009.06.26 21:06 and 21:09 there was minor bump in src/lib/libc/shlib_version and src/lib/libm/shlib_version. i386 packages are from 2009.10.26 beforenoon.
major bump note in faq/current.html
Can we ask in the future something similar at src/*/shlib_version major bumps? Index: current.html === RCS file: /cvs/www/faq/current.html,v retrieving revision 1.221 diff -u -r1.221 current.html --- current.html 27 May 2010 14:11:42 - 1.221 +++ current.html 27 May 2010 17:48:08 - @@ -43,6 +43,7 @@ lia href=#201005252010/05/25 - new config(8) for kernel builds/a lia href=#201005262010/05/26 - gcc4 for amd64 and sparc64/a lia href=#20100526a2010/05/26 - f77 moved to ports/a +lia href=#20100526b2010/05/26 - major bump/a !-- New additions go on the bottom, please -- /ul @@ -234,6 +235,12 @@ /usr/share/man/cat1/f77.0 /usr/share/man/cat1/g77.0 /b/pre/blockquote +a name=20100526b/a +h32010/05/26 - Major bump/h3 +Major bump at 2010.05.26 14:39 UTC. +Pay attention: snapshots packages must be correspond with snapshots sets at major level. +See: a href=http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/shlib_version;cvsweb/a +and a href=http://marc.info/?l=openbsd-cvsm=127488492723928w=2;commit log message/a. hr a href= index.htmlimg height= 24 width= 24 src= ../images/back.gif border= 0 alt=[back]/a
Re: major bump note in faq/current.html
Thank you for the polite answers. On Thu, May 27, 2010 at 10:58 AM, Charles Smith chasm_...@gmx.com wrote: Can we ask in the future something similar at src/*/shlib_version major bumps? Can we ask in the present that you actually describe what problem you're trying to solve when you suggest extra work? You know, we just might be able to come up with an easier way to solve your problem. Philip Guenther Sure, sorry for fault. Of course I read the sources-changes@ maillist among others. This is the sole place, where from what i hear about major bumps. In most times i remember, but yesterday i forgot and so pkg_add -ui failed. Besides forgetfulness it can be missing time to read sources-changes@, so bad timing to upgrade. Together with sloppy reading the commit log messages. Is this would redundancy? Not practical? I thought maybe some people can more easily review/look back faq/current.html, which is more short, than the lot of mails on sources-changes@ without informative subjects. pkg_add -ui fail is enough practical. Yes, so current.html grows fat, and at 4.8 release must remove these notes. This is drawback. How many major bumps are yearly? 4-6? Of course yours decision.
Re: major bump note in faq/current.html
Or maybe just send a heads up mail to m...@.
Re: major bump note in faq/current.html
Nowadays I'm using snapshots, but it can be current also, it is imo unimportant within aspect. Sometimes, seldom, I see on sources-changes@ major bumps. I mark the precise date, when the major bump happened. At the next upgrade i pay big attention that my base system must correspond with snapshots packages. Not newer, not older, but accurately identical. I accomplish my upgrade only when the prebuilt packages get ready (after the marked date, with new major). I wouldn't undertake to build from ports my all (or some) installed packages. This was the very first occasion, that i forgot about major bump, and after the unguarded upgrade pkg_add -ui of course told it, because the prebuilt packages was made with the old major base system. My starting point was 05.12 base system, packages 05.13 or 05.20. Major bump happened at 05.21 and 05.26. My end point 05.27 base system and 05.25 packages: conflict because the intermediate major bump (05.26). If no claim seperate noting major bumps, I accept and solve, and we forget the idea. No problem. Or I'm misunderstanding something? Thank you for the nice answers.
Re: major bump note in faq/current.html
- Original Message - From: Vadim Zhukov 2010/5/28 Charles Smith chasm_...@gmx.com: Or maybe just send a heads up mail to m...@. You do not need to bother about ABI changes if you're using -STABLE(thanks to developers). And if you're using -CURRENT, you'redefinitely advised to monitor source-changes@, no?-- WBR, Vadim Zhukov Yes, it remains this solution.
Re: major bump note in faq/current.html
Can we ask in the future something similar at src/*/shlib_version major bumps? to avoid ``pkg_add -u'' complaining about bad major/minor I do the following: - check that my mirror is up to date ie ``ls'' to make sure all files belong to the same snap you mean: all files=${mirror}/pub/OpenBSD/snapshots/${arch}/* ? You don't care comparing the 3 date (major bump, base sets, packages)? - update to base (using the installer or just reboot and untar base file sets) Yes. - apply changes in current.html Yes + sysmerge -s etc47.tgz, sysmerge -x xetc47.tgz - pkg_add -ui this should always work and you don't have to care about bumps. Always or almost always? It doesn't depends on major bump? Major bumps are infrequent, but sometimes happen.
Re: preserving editor files
- Original Message - From: Jean-FranC'ois SIMON Sent: 09/08/10 08:50 PM To: openbsd-misc Subject: preserving editor files Hi All, At start-up the OS stays several minutes on preserving editor files. Could you please inform me what to do about this what is the system then doing ? Is it normal ? Thanks regards By me happens this when the machine on which is the ntpd is running, is not available, no network or hasnot booted up yet. Yes, it waits several minutes.
Novice browser questions
Is the absence of a graphical browser from the base system a statement that any attempt to do such things as look at stuff on youtube is inherently unsafe? Is tor considered a safe way to do anonymous browsing, or does openbsd recommend an alternative?
Strange line in the routing table after carp failover?
Hi, I have a pair of routers running OpenBSD 4.2 release, each with four ethernet interfaces (fxp0, fxp1, fxp2, fxp3) and carp on all four interfaces. fxp0 and fxp1 are /30 networks over which I run BGP sessions to our upstream providers. Router A is the primary machine with advskew 0 and Router B is the backup machine with advskew 50. When I unplug an ethernet connection on Router A to simulate a failure, all of the carp interfaces become MASTER and the BGP sessions are re-established, as expected. However, I am experiencing some strange behaviour. When the backup router is active, traffic destined for the Internet (through the BGP peers) doesn't reach it's destination and ICMP TTL expired messages are received back from Router B. Looking at the routing table, the following line appears on Router B when it becomes carp MASTER: Destination Gateway Flags RefsUse Mtu Interface 80.x.y.154 00:00:5e:00:01:01 UHLc1 2 - lo0 This entry does not appear on Router A when it is in operation (and routing traffic correctly). Could this interesting-looking router be something associated with the routing loop I'm seeing? I appreciate that I may not have provided enough information for a correct diagnosis of the problem. I will be happy to provide more details on request. Many Thanks, Charlie
Re: Strange line in the routing table after carp failover?
I've been looking into this some more. Are there any issues which CARP/OpenBGPd when machines in the CARP group do not have an IP address of their own - ie. they have only a shared CARP address? I find that in this situation, when the CARP master fails the backup router correctly becomes master and re-establishes BGP sessions. However, the CARP shared IP address appears in the routing/arp table bound to the localhost interface. This creates a really nasty routing loop. 'route -n show -inet' gives this line: DestGateway Flags Refs Use Mtu Interface 80.x.y.154 00:00:5e:00:01:01 UHLc 1 2 -lo0 If I assign each router an IP address in addition to the CARP shared address, this problem does not appear. Thanks, Charlie
Re: Strange line in the routing table after carp failover?
yes,that is the result of games carp plays with routes (which it shouldn not, imo, but anyway). it should finally work as advertised in -current even with unnumbered carpdevs. Hi Henning, Thanks for the quick response. I will update to -current tomorrow and let you know how I get on. All the best, Charlie
Re: Strange line in the routing table after carp failover?
yes,that is the result of games carp plays with routes (which it shouldn not, imo, but anyway). it should finally work as advertised in -current even with unnumbered carpdevs. Hi Henning, Updating to -current did the trick. Thanks very much. What was the problem here? Charlie
Re: Server
Hello, It will depend what you want to do with your server. Firstly, I suggest you to remove your graphic card if you can. It will make noise and heat for nothing and will increase your power consumption. If you need a simple home server, to store/share files on your network, set-up your owncloud and/or run a database for personal developments, I think your hardware is good. I can't say if OpenBSD is the best system for your use as we don't know your use. OpenBSD can run a database (postgresql, mysql, redis, mongo..), but the performance will depend of your workload. Best regards, Charles RAPENNE 2013/3/13 Andi andiro...@gmail.com: Hello everybody, I'm thinking about putting the openBSD 5.2, in a desktop machine, in order to make this a server. The hardware configuration is: intel i3, 1TB of HD, nvidia 9800. But I'm wondering about this, if it will be good idea? If it's recommended... if openBSD is good to run a database... etc Any sugestion, critict, whatever... feel free to answer. Best regards, ..:: Andi ::..
Re: First macppc install, sensors question
Hi, I don't have much experience with Macppc but I think x86 rules should apply. Usually an idle temperature is under 65°C with fan not at maximum speed. Not idle, If your CPU is getting more than 90°C, there is problably something wrong with your cooling system. The temperatures you show are normal. Regards Charles 2013/4/17 Tor Houghton t...@bogus.net: Hello, I found and repurposed an old PowerBook6,4 yesterday. Thanks all who worked on the macppc port. The onboard BCM4306 appears to be working just fine after running fw_update too. I have a question regarding the onboard temperature sensors; they are currently reading: hw.sensors.adt0.temp0=38.00 degC (Remote) hw.sensors.adt0.temp1=38.00 degC (Internal) hw.sensors.adt0.temp2=52.00 degC (Remote) First of all, what are they measuring (where)? And secondly, what is considered to be oops, too hot? It won't be doing anything but shift network traffic in and out of its gem0 and bwi0 interfaces (it's repurposed as a firewall/IPv6 gateway). Kind regards, Tor
Re: Xephyr bug with Firefox
I also run Firefox in Xephyr - on debian 32bit. I _often_ have had the capslock or shift get stuck, and I too always had to restart Xephyr. IIRC it always got stuck when I alt-tab away from (or back to) Xephyr (maybe because I hit the shift key accidentally? or maybe the capslock was on? ) I hope you can find an answer; please let me know. If you file a bug, please forward it to me /or send me a link. Thanks Charles
Re: Ruby on Rails and the chrooted nginx(8)
Hi Please someone correct me if I'm wrong, but I don't think using Nginx with chroot is useful when dealing with proxy_pass or fastcgi application. If your RoR app is compromised, it won't be chrooted as it's not running in a chroot. All nginx will do is serving static files. Regards 2013/6/9 openda...@hushmail.com: Hi, Is anybody here running Ruby on Rails in the chrooted nginx(8) and know if it's worth the hassle? I notice the docs saying: Some applications are pretty simple, and chroot(2)ing them makes sense. Others are very complex, and are either not worth the effort of forcing them into a chroot(2), or by the time you copy enough of the system into the chroot, you have lost the benefit of the chroot(2) environment. -- http://www.openbsd.org/faq/faq10.html#httpdchroot O.D.
Re: Snapshot shasum mismatch
On 06/25/13 16:25, toby wrote: Hi there, I just wondered if anyone else had found that the shasums on the latest (24/06/13) snapshots are wrong. I've just tried upgrading from all the different mirrors here in the UK got shasum errors for all the non X parts from the Oxford mirror, the Bytemark mirror and the mirrorservice one... Here are some examples: SHA256 (base53.tgz) = b46c621ae4be7183ab90279d887748d69b4822a309ede81067abbe7adf0b7c5c fd29dadcf424335e8614745e5dd6a9a88ad8b893decc4b5b4c0ffed26dda891c base53.tgz SHA256 (bsd) = 630e5b962a035abe5f25161895bd375979d6907b438d439ccb8e43a7d80f89e0 2de329fc109816fd8a810b0d6a411bad3710f8bb476f213ffc9e3d5d20ac2db2 bsd SHA256 (bsd.mp) = fbca7ad263c42a0265ddce05b030a9168e3d74bbac0fd3195acc75ec301e5040 af34f3faeeb26d8d7f22ed44edeb90fd17980c64d3148c44b4ec6ebcb416341a bsd.mp SHA256 (comp53.tgz) = 6229bbb09a5c1a4d5d761b86c133c15e688abc85c3e6adc6421aa46c651505f7 e0323c01d3a15016d7a0e390420a9518211542ba8e8380b3be5bae2aab7ad718 comp53.tgz SHA256 (etc53.tgz) = 443f72e113ec652574965e9c43b17644e96080d609e16db59d972fcfdb7a8ec4 d43c6f648586a6c1f1123df42693fb0ea6378c11d18c6f275374fa04ed6eb435 etc53.tgz SHA256 (game53.tgz) = 4fa2e9027a6c54a98bf6bc220a0cf385a9f53b5e0aea5067bcb3a57946bc51f6 5b3ed56e84fdae1576df27649a756cb5ac1cc88fb295bbae618623525836903f game53.tgz SHA256 (man53.tgz) = 5f3cfea012a5d44bb70197f2cd8c7febc5a9eccdd6a791774bbafe0d33e96602 1ab44139148acc480a21765f5d30bc3d94d7b18349019aa0e04069aa64293909 man53.tgz But, strangely enough, their all good for the rd kernel, the x* series and the install isos. Also the erroneous shasums are consistent across all three mirrors... Having never encountered this issue before I'm not too sure how suspicious I should be Kind regards, Toby I had the same problem yesterday. I'm not sure if it's a real problem or a hack.
Re: goaccess 0.5
On the FAQ of the project website, you will find a how-to compile it on OpenBSD, you need to edit 2 or 3 files before compiling it. 2013/7/9 Tony Berth tonybe...@googlemail.com: is anyone using goaccess 0.5 with 5.2 or 5.3? When running './configure' I get: checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... ./install-sh -c -d checking for gawk... no checking for mawk... no checking for nawk... no checking for awk... awk checking whether make sets $(MAKE)... yes checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for style of include used by make... GNU checking dependency style of gcc... gcc3 checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for GLIB2... yes checking for refresh in -lncurses... yes checking for new_menu in -lmenu... yes checking for g_free in -lglib-2.0... no configure: error: glib-2.x is missing
Re: Request for Funding our Electricity
Le 2013-12-21 01:08, Theo de Raadt a écrit : I am resending this request for funding our electricity bills because it is not yet resolved. We really need even more funding beyond that, because otherwise all of this is simply unsustainable. This request is the smallest we can make. --- Hi everyone. The OpenBSD project uses a lot of electricity for running the development and build machines. A number of logistical reasons prevents us from moving the machines to another location which might offer space/power for free, so let's not allow the conversation to go that way. We are looking for a Canadian company who will take on our electrical expenses -- on their books, rather than on our books. We would be happiest to find someone who will do this on an annual recurring basis. That way the various OpenBSD efforts can be supported, yet written off as an off-site operations cost by such a company. If we reduce this cost, it will leave more money for other parts of the project. We think that a Canadian company is the best choice for accounting reasons. If a company in some other jurisdiction feels they can also do this successfully, we'd be very happy to hear from them as well. I am not going to disclose the actual numbers here. Please contact me for details if serious. Thanks. Hello, I think this could be great if OpenBSD had somewhere on their website a goal/objectif about the money to rise, and the % of advancement of it. The FreeBSD Foundation is doing this, I think this is very effective as you know if they really lack some founds or if they are near their objective. I tried this method for one little project of mine involving some costs (~ 400 € / year), after yelling every year please give some money, this doesn't run for free... I put a visual show of my needs, then I got 40% of my funds the day I put the advancement image of the fundraising. Thank you everyone for doing what you do for OpenBSD :) Kind Regards
Re: unreliable connections
Hello, I would suggest a DNS problem. Do you rsync directly to an ip address or are you using avec domain name ? That would explain why the first only is failing and not the second one. The DNS server you use may have some problems during the night. If you don't use a domain name, this can't be this. If you use one, you can add it to /etc/hosts to by-pass it. If this continue to fail, the problem is elsewhere. I have been monitoring some public dns servers of ISP (with smokeping) and some of them were unrealiable during the night. Regards De: Chris SmithEnvoyé: mercredi 22 janvier 2014 16:23À: Stuart HendersonCc: OpenBSD-MiscObjet: Re: unreliable connections On Mon, Jan 20, 2014 at 11:31 AM, Chris Smith obsd_m...@chrissmith.org wrote: have moved the block all to the beginning of the ruleset to see if it will make any difference Unfortunately no difference. The attempt to rsync the first directory failed last night, second one worked fine. Any other ideas? Thanks, Chris
network roaming convenience
Hi, I'm looking to create or cobble together functionality that automates network connections as a user roams around with a laptop. The idea is to respond to changing network availability: wifi network is known, so connect, or cable was plugged in, or connect for the first time and remember, etc). On Linux, this is provided by program called NetworkManager. I'm pretty sure it's are Linux-specific and, anyway, it depends on DBus (a separate messaging system). I was hoping to create something a little more self contained. I did explore a couple of avenues. One was the wiconfig script mentioned on Undeadly a while back. This didn't connect, seemingly because it tried to use WEP, not WPA. I didn't want to debug a shell script to find out why. Another possibility is using ifstated. However it looks like WiFi interfaces are always up, even in the no network state, so it's unclear whether the required state transitions would actually happen But I haven't verified that, so I can't dismiss this as a solution. An argument could be made that this is of marginal utilty. How hard is it to use ifconfig, anyway? But I figured it might be an interesting exercise and may be a nice convenience. Any advice, or discussion would be appreciated. Chuck
Re: network roaming convenience
On Jul 18, 2014, at 3:09 PM, Stuart Henderson s...@spacehopper.org wrote: On 2014-07-17, Daniel Melameth dan...@melameth.com wrote: It should have tried WEP first and, if that failed, WPA. ifconfig in -current can now discern WEP or WPA so this can readily be improved. ...as long as you have a wifi nic where ifconfig scan works, for example not Intel Centrino Advanced-N 6205 rev 0x34... Out of curiosity, what happens? Does this mean you’re flying blind when you parachute in somewhere and want to know what wi-fi networks are around? On my machine, which uses iwn, “ifconfig scan” does work, but there is an odd behavior that wiconfig happens to trigger, at least in my environment. Configuring the interface for WPA manually (or via hostname.if) works fine, but I had trouble with wiconfig until I increased its connect timeout value. This was due to an odd set of circumstances. wiconfig attempts to configure the interface with WPA, waits for a bit and, if the connection isn’t successful, tries again with WEP. My machine doesn'tt connect within the wiconfig's 3 second timeout interval, and then things get weird. After the second connection attempt (with WEP, using the “nwkey” param), the connect fails again (my AP only does WPA). After this, the interface cannot connect successfully with WPA until after a reboot. I first noticed this behavior with wiconfig and determined what it was doing specifically with help from wiconfig’s author. To confirm what was going on, I issued the same sequence of “ifconfig” invocations manually. Sure enough, an ifconfig with the nwkey parameter was a buzzkill: it prevented connection with a subsequent “ifconfig” invocation: one that certainly works if it is the first ifconfig that happens. This is certainly a corner case, but it did trip me up.
Re: network roaming convenience
On Jul 22, 2014, at 12:59 AM, Stuart Henderson s...@spacehopper.org wrote: Out of curiosity, what happens? It prints the status, iwn0: flags=8847UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 8c:70:5a:62:b7:f8 priority: 4 groups: wlan egress media: IEEE802.11 autoselect (DS1 mode 11g) status: active ieee80211: nwid TP-LINK_8F014A chan 6 bssid f8:1a:67:8f:01:4a 189dB then there's a 30 second pause during which the led flashes, then ifconfig exits without further output. Then I have to ifconfig iwn0 down, ifconfig iwn0 up, and start dhclient again which has exited due to the interface state change Yeah, that is interesting. I didnt really notice it before, but scan doesnt return anything if Im connected to my network, but the act of doing it changes the status from active to no network. Then it returns a list if invoked again. I thought I might run scan periodically to check connectivity, but the act of doing so seems to knock me off the air. A related wrinkle is that the status never changes to no network if the AP is powered off. So you cant check actively (with scan anyway) and you cant be informed passively if youve moved out of range. Darn. About the only thing I noticed was that the mode listed in the media line changes. Not sure thats actually indicative of anything While I don't dispute that this behaviour is a bug, it doesn't seem right for the script to be doing this, surely if you know the password you should also know if wep is needed? It would seem safer generally to only use the expected protocol. True. wiconfigs author is open to changing how this works. Apparently, in an upcoming OBSD release, ifconfig will display the security offered by the AP. Do you need a full reboot at this point, or does restarting the interface (ifconfig down+up) work? Do you get anything interesting (look in /var/log/messages) if ifconfig iwn0 debug is set? Turns out, no. What I needed to do was clear the WEP key (by using the -nwkey parameter) and then the interface was usable. A subsequent ifconfig with wpakey specified got me connected.
Re: Package installation
The need for multiple versions of an application on one machine doesn't manifest that often. Asking the system to tie itself into knots for this purpose is likely to result in bloat, convolution and less reliability. Some contexts support and indeed encourage the notion of many versions. For instance, the Ruby Version Manager (RVM) allows different versions of the Ruby interpreter and its attendant libraries to be in use at a given time. It seems to work perfectly well, but one has to wonder if this is really a good thing. Do you really want the mental overload that results from having to deal with multiple versions of a language, library, API, user tool, or whatever? The original poster might want to consider whether this kind of thing is necessary or desirable. It sounds symptomatic of half-baked ideas about what needs to be accomplished and how to accomplish it. Also worth considering is OpenBSD's stance on how to maintain a system. You are encouraged to refresh the system at six month intervals and, in so doing, become familiar with the nature of the software you're running. Chances are, the version they've packaged works well enough, probably better than older incarnations. Incidentally, you can learn what files comprise a package with: pkg_info -L package-name You can learn about the package related commands by typing: apropos pkg_ And then reading the listed manpages. As always with OpenBSD, these documents are of high quality. Chuck On Aug 2, 2014, at 4:17 AM, Gustav Fransson Nyvell gus...@nyvell.se wrote: On 08/02/14 13:13, Gustav Fransson Nyvell wrote: On 08/02/14 12:54, Marc Espie wrote: On Sat, Aug 02, 2014 at 12:26:06PM +0200, Gustav Fransson Nyvell wrote: Hi, there, I wanted to run something by you, mkay. About package management. I wonder if this has been shouted at already. I remember from SunOS that packages are installed in a different manner than let's say Red Hat and of course OpenBSD. They install it in the form /pkgs/PROGRAM/VERSION, example /pkgs/gimp/1.0. GoboLinux does this. I think this has some advantages over installing /usr/local/bin/gimp1.1 and /usr/local/bin/gimp2.0. What do you think? What have you said? Ready to be shouted at; This puts more strain on the file system actually, which is probably the main reason we don't do it. Also, there is generally a lot of churning to do to make the package self-contained. As far as policy goes, having stuff set up like that looks more flexible, but it is a fallacy. Instead of having the distribution solve issues concerning incompatible versions and updates, the toll falls instead on the individual sysadmin, to make sure things they have work together. It can lead to security nightmares, because it's so simple to have the newer version alongside the old version that sticky points of updating take much longer to resolve. It's a bit like having mitigation measures that you can turn on and off... if it's possible to turn these off, there's not enough incentive to actually fix issues. Likewise for packages. By making it somewhat LESS convenient to install several versions of the same piece of software, we make it more important to do timely updates. Also, we don't have the manpower to properly manage lots of distinct versions of the same software. So this kind of setup would be detrimental to actually testing stuff. I guess there could be both. But I think that if there's a security issue with one version of a software then there quite possibly are multiple ways of limiting the impact of that issue. Disallowing multiple versions to force people to upgrade is not really a good reason, from how I see it. Old software will always have more holes, because they're older and more well observed, but they have qualities, too, like speed. GIMP-1.0 is amazing on Lenovo X41 from 2005, but probably has bugs. Of course none of these systems will stop someone who wants to run version x of a software. Maybe something entirely different is needed? Okay, maybe I should complain about the status quo... thing is when packages install in /var, /usr, /etc and /opt they're so spread out it's hard to know what is what. This might be because I'm new but/and scripts can find orphan files in this structures, but you need the scripts for that. Having everything in /pkgs/PKG/VER would not cause this splatter. P! rograms without dependees (i.e. non-libs, non-utilprograms) could fit in this structure without any extra filesystem magic. Well, the grass is always greener. BTW, you create multiple versions by your mere existence. There are lots of old versions laying around, but they can't be installed together right now. -- This e-mail is confidential and may not be shared with anyone other than recipient(s) without written permission from sender.
ifconfig command for IPv6 tunnel
Hi, I'm experimenting with using IPv6 via a tunnel broker provided by an ISP. The tunnel works, but I want to confirm my understanding of the commands they gave me to set it up. These are the commands: ifconfig gif0 tunnel 50.1.94.112 72.52.104.74 ifconfig gif0 inet6 alias 2001:470:1f04:204::2 2001:470:1f04:204::1 prefixlen 128 route -n add -inet6 default 2001:470:1f04:204::1 The first and third commands make sense to me; they set up an IPv4 tunnel interface and a default route for IPv6. After reading the ifconfig(8) man page) I think I sort of understand what the second one does. Side note: the two IPv6 addresses provided by the tunnel broker are defined, in their terminology, as follows: prefix::1 is the server IPv6 address and prefix::2 is the client IPv6 address. Given that, I think the following is true: - prefix::1 is the local address of the interface on the IPv6 network. - The alias parameter is superfluous in this case. I tried it without that and got the same result: an operating tunnel. - Because gif0 is a point-to-point interface, prefix::2 (the server IP) is interpreted as the dest_address parameter mentioned in the ifconfig(8) man page. - dest_address is the far end of the tunnel and, for point-to-point links, serves as the gateway. In this case, it leads to the broader IPv6 universe. Any confirmation, clarification or correction is much appreciated. Chuck
Re: ifconfig command for IPv6 tunnel
On Aug 19, 2014, at 9:38 PM, Adam Thompson athom...@athompso.net wrote: IIRC from my experimentation, you've got it exactly right. Some tunnel brokers give you subnet masks that certain versions of OpenBSD don't like - that turns out to not actually matter, just use whatever ifconfig(8) want. Point in case: HE recommends using /64 for PtP links, but OpenBSD 5.x requires /128. Since HE allocates an entire /64 per tunnel, there is no danger in configuring it more narrowly on the client end. Thanks for the info. As it happens, I am also using a tunnel provided by HE. The hostname.if(5) syntax that finally worked for me on 5.4-RELEASE was (slightly anonymized) description HE_TUNNEL_FREMONT tunnel 184.70.48.XXX dest 64.71.128.83 inet6 2001:470::X::2 dest 2001:470::X::1 prefixlen 128 which perhaps adds some clarity, or perhaps confuses, depending on your point of view. I can't remember whether (in the non-BGP case) I added the route command as !route -n add -inet6 default 2001:470:1f04:204::1 to the hostname.gif0 file, or if I added it to /etc/mygate - one or the other should work, anyway. I haven't gotten to the point of making this configuration permanent, but the example above makes sense. My initial effort is toward a larger goal of getting a small network of pure IPv6 hosts connected. My current thinking on how to do this is (in admittedly vague and incomplete terms) is: use a machine connected to the tunnel broker as a bridge. Other machines would connect to it and perform address auto configuration, using the prefix of the HE provided network. To accomplish this, the bridge machine would run the daemon that hands out these prefixes, which I think is called rtadvd Comments on this approach (or alternatives) are welcome. Finally, is this the place to discuss these kinds of network setup puzzles? I happen to be using OpenBSD, but this kind of task really is at the intersection of operating system specifics and the more general practice of network design. Chuck
Re: ifconfig command for IPv6 tunnel
On Aug 20, 2014, at 7:43 AM, Adam Thompson athom...@athompso.net wrote: I know - I could tell by the addresses you provided :-). So much for *my* anonymity... ;-) Basically, yes. Although you have a router (does things with IP packets), not a bridge (does things with Ethernet frames) - that's a huge difference. I don't think I've ever relied on address autoconfig - it looks very nice in theory but has some limitations in practice. I would test everything using static IPs and static routes first, and then move on to rtadvd. HE assigns two blocks of addresses with every tunnel - the point-to-point tunnel addresses and the Routed IPv6 Prefixes. You want to use the IPv6 Tunnel Endpoints on the gif0 tunnel, which is presumably built on top of $external_if , and you want to use the Routed IPv6 Prefixes on $internal_if. Note that is perfectly valid to have public IPv6 addresses running on the same subnet as private (RFC1918) IPv4 addresses - IPv4 traffic gets NAT'd, IPv6 traffic merely gets routed. rtadvd: Yes, one thing at a time. Static IPs first. router vs. bridge: good point. Because I those routed IPv6 Prefixes are available, there are two networks in play, so it's routing and not bridging. I was initially operating under the assumption that there was one network for both the tunnel endpoint and the other hosts, so I thought bridge!. But that isn't the case. Do beware that your pf ruleset must pass IPv6 traffic without NAT'ing it... I think this is the default now, not sure. This, I will have to dig into. I wasn't aware that PF was enabled. But I suspect you can't get very far in these setups without it. Another responder provided some PF rules to try, so I can study those.
Re: ifconfig command for IPv6 tunnel
On Aug 20, 2014, at 4:15 AM, Ed Hynan eh_l...@optonline.net wrote: On Tue, 19 Aug 2014, Charles Musser wrote: - prefix::1 is the local address of the interface on the IPv6 network. No, *::2 is local. Ah, yes. Despite my best efforts at copyediting, I had the meanings of *::1 and *::2 reversed. - The alias parameter is superfluous in this case. I tried it without that and got the same result: an operating tunnel. If it works, ifconfig is being smart, but why not make your intent explicit? The tunnel is across the ip4 addresses; this command adds aliases, or close enough. Stated another way: the alias keyword doesn't do any harm here, but using it makes things harder to understand because this isn't actually an alias; it's a local address and a remote address and this pair comprises the endpoints of a point-to-point link. It's ambiguous when you write the server IP because the remote end of the tunnel is a server, and if you're configuring a router rather than a host then that's a server too. Addr *:2 is local in that it's an address of your gif(4) interface. The ifconfig(8) synopsis is simpler than gif configuration, but yes *::2 is like dest_address. Just to clarify, this setup is currently a host, not a router. Given all that, ::2 is the local address and ::1 is remote. Doesn't that make ::1 the dest_address? Note: possible beating of dead horse here. Feel free to say: stop obsessing over the syntax of this command, dummy. Addr *::1 is remote. Try 'netstat -nvrf inet6 | grep 2001:' and find that *::1 has the G (gateway) flag, and host *::2 has a route to *::1. Output of that is: default2001:470:1f04:204::1 UGS6 146 - 8 gif0 2001:470:1f04:204::1 2001:470:1f04:204::2 UH 1 0 - 4 gif0 2001:470:1f04:204::2 link#6 UHL0 0 - 4 lo0 This is different than what you describe, but it makes sense. I think. Also look at something using the interface, maybe ntpd. Look at the address with 'netstat -nvf inet6 | grep 123' (no -r there), and see that *::2 is local. Output is: Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 2001:470:1f04:204::2.32069 2001:200:dff:fff1:216:3eff:feb1:44d7.80 ESTABLISHED tcp6 0 0 2001:470:1f04:204::2.7 2001:200:dff:fff1:216:3eff:feb1:44d7.80 ESTABLISHED tcp6 0 0 2001:470:1f04:204::2.30221 2001:200:dff:fff1:216:3eff:feb1:44d7.80 ESTABLISHED tcp6 0 0 2001:470:1f04:204::2.3173 2001:200:dff:fff1:216:3eff:feb1:44d7.80 ESTABLISHED tcp6 0 0 2001:470:1f04:204::2.27980 2001:200:dff:fff1:216:3eff:feb1:44d7.80 ESTABLISHED tcp6 0 0 2001:470:1f04:204::2.48945 2001:200:dff:fff1:216:3eff:feb1:44d7.80 ESTABLISHED This seems to confirm what you said. The local endpoint is indeed *::2.
Re: ifconfig command for IPv6 tunnel
On Aug 20, 2014, at 2:25 PM, Ed Hynan eh_l...@optonline.net wrote: Although this is a little more complex on gif than e.g. an ethernet interface, alias is at least similar. On a more straightforward type interface, alias is used adding additional addresses (BTW, not OpenBSD specific, the alias keyword is similar for {Net,Free}BSD; and, apparently dissimilar on Linux). Think of the IPv6 addrs as 'additional' after IPv4 tunnel addrs for conceptual satisfaction. OK, got it. I am at peace. Output of that is: default2001:470:1f04:204::1 UGS 6 146 - 8 gif0 2001:470:1f04:204::1 2001:470:1f04:204::2 UH 10 - 4 gif0 2001:470:1f04:204::2 link#6 UHL 00 - 4 lo0 This is different than what you describe, but it makes sense. I think. Is it different? Your output shows what I intended to describe. Line 1 with G flag shows that 'gateway' addr *::1 is default route and line 2 with H flag shows 'host' addr *::2 has/is a route to *::1 (didn't I suggest that clearly on my 1st coffee? I think I did). Upon reflection, it does match what you said. My coffee consumption, or lack thereof, influenced my comprehension here. Looks good. Since this is a host never mind rtadvd (I had mentioned that). You'll want to handle IPv6 in pf generally. Since you didn't mention it I suppose you're not strictly firewalling; you would have mentioned allowing proto 41 for the ip4 remote endpoint or maybe you've got that all set. I don't now, but that's the goal. At this point, I need to forage for some hardware to try building a router. I had a perfectly good beige box with numerous interfaces that I threw out recently. Party foul. Once I get that, then I probably will have PF-specific questions.
addresses and routes configured via rtsol
I set up a small network in which an OpenBSD machine serves as a router for a collection of IPv6-only clients. Many thanks to previous responders to my questions on tunneling with gif(4). This rudimentary setup is working well: a client machine acquires an address via SLAAC and can access the IPv6 Internet. I am curious, however, about the addresses and routes that get installed on the client machine. The setup straightforward. The router is connected to an IPv6 tunnel on the Internet-facing side (using a gif(4) interface), it has IPv6 forwarding enabled, and is running rtadvd on the inward-facing interface. Note that rtadvd is using its internal defaults; I didn't create a configuration file for it because the man page The interface info and routing table is at the end of this mail and I've annotated lines of interest with numbers in brackets so that referencing these entries in questions would be clearer. The questions are: 1.) In addition to the self-assigned link-local address, the client's interface has two other addresses, both having the network prefix supplied by the router (annotation [1]). One has the same suffix as that of the link-local address. The other, marked autoconfprivacy, is different and changes periodically (certainly on every reboot). I assume this address is formed with the rules defined in RFC 4941. As I interpret it, the RFC suggests a scheme that employs different addresses for server-oriented tasks and client-oriented tasks. The idea is that a predicable address is suitable for the former, while a randomized one is for the latter. Is that what's happening here? According to netstat(1), this seems to be the case. While surfing the web, the local address always seems to be the one with the autoconfprivacy attribute. Is rtsol(8) in charge of implementing this policy? 2.) A corollary to the above question is how the privacy address gets used for outbound connections. My assumption of how interfaces with multiple addresses behave is this: the interface will accept connections for any address it has been assigned, but will use the canonical one for connections that are initiated through that interface. Is this correct? Does IPv6 have the notion of aliases at all? If it does, how do you know which one is the canonical address. If not, how do outbound connection end up with the correct, i.e. private, local address? 3.) The default route (annotation [2]) mystified me at first, before I realized that the gateway address was the link-local address of the router. I was aware of link-local addresses in IPv6, but I was unsure of their application and didn't expect them to come into play here. I expected the gateway to be the IPv6 address I assigned to the router's inward facing interface. It seems logical that the router's link-local address works, but why was it chosen? 4.) The /64 network route for my network has the gateway specified as link#1 (annotation [3]). What are the link family of interfaces? These must be different than routes that specify one of the link-layer addresses, but how? Thanks, Chuck Output of ifconfig em0 and netstat -nrf inet6, with [annotations]: em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr f0:de:f1:78:d5:4c priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet6 fe80::f2de:f1ff:fe78:d54c%em0 prefixlen 64 scopeid 0x1 inet6 2001:470:1f05:204:f2de:f1ff:fe78:d54c prefixlen 64 autoconf pltime 604280 vltime 2591480 [1] inet6 2001:470:1f05:204:1039:d2fd:9b56:709 prefixlen 64 autoconf autoconfprivacy pltime 77124 vltime 595610 [1] Internet6: DestinationGatewayFlags Refs Use Mtu Prio Iface ::/104 ::1UGRS 0 0 - 8 lo0 ::/96 ::1UGRS 0 0 - 8 lo0 defaultfe80::92e2:baff:fe2b:b008%em0 UG 0 156 -56 em0 [2] ::1::1UH14 0 33144 4 lo0 ::127.0.0.0/104::1UGRS 0 0 - 8 lo0 ::224.0.0.0/100::1UGRS 0 0 - 8 lo0 ::255.0.0.0/104::1UGRS 0 0 - 8 lo0 :::0.0.0.0/96 ::1UGRS 0 0 - 8 lo0 2001:470:1f05:204::/64 link#1 UC 1 0 - 4 em0 [3] 2001:470:1f05:204::1 90:e2:ba:2b:b0:08 UHLc 0 30 - 4 em0 2001:470:1f05:204:24c5:ec52:ca52:a9e7 f0:de:f1:78:d5:4c UHL 00
LACP problem
I'm trying to get LACP working over 2 ports (em0, em1). I've done this successfully with FreeBSD and 4 ports on the same switch so I know it can be done, I just can't get it working with OpenBSD. I'm hoping I've just botched the config somewhere. The switch is a TP-LINK TL-SG3424, latest firmware available, and LACP is set to passive for the two ports (I've tried active, too). hostname.em0: mtu 9000 up hostname,em1: mtu 9000 up hostname.trunk0: trunkport em0 trunkport em1 trunkproto lacp inet 10.1.2.1 255.255.255.0 NONE >From my reading of the man pages that's all I need to do, and ifconfig seems to agree: em0: flags=8b43mtu 9000 lladdr 0c:c4:7a:d9:ea:d0 index 5 priority 0 llprio 3 trunk: trunkdev trunk0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active em1: flags=8b43 mtu 9000 lladdr 0c:c4:7a:d9:ea:d0 index 6 priority 0 llprio 3 trunk: trunkdev trunk0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active trunk0: flags=8843 mtu 9000 lladdr 0c:c4:7a:d9:ea:d0 index 11 priority 0 llprio 3 trunk: trunkproto lacp trunk id: [(8000,0c:c4:7a:d9:ea:d0,405C,,), (8000,30:b5:c2:07:81:4a,0CF3,,)] trunkport em1 trunkport em0 active,collecting,distributing groups: trunk media: Ethernet autoselect status: active inet 10.1.2.1 netmask 0xff00 broadcast 10.1.2.255 The trunk is there, seems to be configured the right way, but the second port doesn't come up. If I pull the cable on em0, em1 comes up, put the cable back, em0 doesn't join the trunk. Have I botched the config somewhere? Or is there some incompatibility going on between OpenBSD and the switch? And if it's the latter, how do I get some diagnostic information to work out what's going on? Thanks! OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr 1 13:45:56 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17134788608 (16341MB) avail mem = 16610807808 (15841MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7f4d8000 (53 entries) bios0: vendor American Megatrends Inc. version "1.1a" date 08/27/2015 bios0: Supermicro A1SAi acpi0 at bios0: rev 2 acpi0: sleep states S0 S5 acpi0: tables DSDT FACP FPDT FIDT SPMI MCFG WDAT UEFI APIC BDAT HPET SSDT HEST BERT ERST EINJ acpi0: wakeup devices PEX1(S0) PEX2(S0) PEX3(S0) PEX4(S0) EHC1(S0) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) CPU C2550 @ 2.40GHz, 2400.44 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu0: 1MB 64b/line 16-way L2 cache cpu0: TSC frequency 2400438240 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU C2550 @ 2.40GHz, 2400.01 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu1: 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Atom(TM) CPU C2550 @ 2.40GHz, 2400.01 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu2: 1MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Atom(TM) CPU C2550 @ 2.40GHz, 2400.01 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu3: 1MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
Re: LACP problem
On 09/06/2017 04:07, Lyndon Nerenberg wrote: > The first step is to have the switch display its idea of the LACP > configuration and status. That's turning into a bit of a mission Seems TP-LINK don't set an enable password by default so I can't get what I need via ssh until I've set that. To set it I need to connect to the console port, which means finding the cable and a serial-to-USB adapter. I have all the above (somewhere), it's just going to take some time. Is there no other diagnostic information I can get from the OpenBSD side?
Re: LACP problem
On 10/06/2017 19:15, Lyndon Nerenberg wrote: > Not really, other than running tcpdump on the two interfaces and > examining the LACP protocol packets to try to discover why the > negotiation is acting the way it is. OK, that sounds like an even deeper rabbit-hole. > Also, if you don't have the enable password, how did you configure > LACP on the switch to begin with? Fair question: via the web UI. That would imply it's not just a front-end for the CLI, which implies another set of potential security issues. Not an issue for this network, but certainly something to consider in future.
Re: LACP problem
On 09/06/2017 04:07, Lyndon Nerenberg wrote: > The first step is to have the switch display its idea of the LACP > configuration and status. I haven't a clue how a TP-LINK does that, but on > our Junipers it's 'show lacp interfaces'. So I finally found my serial cable TL-SG3424#show lacp internal Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in active mode P - Device is in passive mode [...] Channel group 6 LACP port AdminOperPort Port Port Flags StatePriorityKey Key Number State Gi1/0/9 SP Up 32768 0x6 0xf60 0x90x3c Gi1/0/10 SP Down 32768 0x6 0 0xa0x44 TL-SG3424#show lacp neighbor Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in active mode P - Device is in passive mode [...] Channel group 6 LACP port Admin Oper PortPort Port Flags Priority Dev ID KeyKeyNumber State Gi1/0/9 SA 32768 0cc4.7ad9.ead0 0 0x405c 0x5 0x3d Gi1/0/10 SP 0 .. 0 0 0 0 I'm not sure if any of that is informative in any way?
Re: l2tp and openbsd 6.1
Should've also mentioned this oddity: So, if the firewall rules are uncommented (where I get the below error) no IP address found for pppx:network /etc/pf.conf:102: could not parse host specification no IP address found for pppx:network /etc/pf.conf:103: could not parse host specification no IP address found for pppx:network /etc/pf.conf:106: could not parse host specification And reboot, I can't connect. However, if I comment out those lines and then save/reload then uncomment, I can connect just fine. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Charles Amstutz Sent: Friday, October 6, 2017 10:04 AM To: 'misc@openbsd.org' <misc@openbsd.org> Subject: Re: l2tp and openbsd 6.1 Hello Noth, "Try pppx instead of pppx0, it'll work in pf.conf, including as a macro." I did!! I found another article that talked about the group. After reading this: http://frankgroeneveld.nl/2015/08/16/configuring-l2tp-over-ipsec-on-openbsd-for-mac-os-x-clients/ However, I still get this error if I try to reload the firewall and no vpn client is established (thus the pppx group or pppx0 interface doesn't exist yet)... this is the same if I use pppx or pppx0 no IP address found for pppx:network /etc/pf.conf:102: could not parse host specification no IP address found for pppx:network /etc/pf.conf:103: could not parse host specification no IP address found for pppx:network /etc/pf.conf:106: could not parse host specification If I remove :network, the same errors: no IP address found for pppx /etc/pf.conf:102: could not parse host specification no IP address found for pppx /etc/pf.conf:103: could not parse host specification no IP address found for pppx /etc/pf.conf:106: could not parse host specification However, if I comment out those lines, connect, then uncomment out the lines, things work as they should (it appears) It also seems as if I can't connect if I have those lines uncommented after a reboot. Many strange things. Thanks for the help everyone, I'm going to continue to research.
Re: l2tp and openbsd 6.1
Hello Noth, "Try pppx instead of pppx0, it'll work in pf.conf, including as a macro." I did!! I found another article that talked about the group. After reading this: http://frankgroeneveld.nl/2015/08/16/configuring-l2tp-over-ipsec-on-openbsd-for-mac-os-x-clients/ However, I still get this error if I try to reload the firewall and no vpn client is established (thus the pppx group or pppx0 interface doesn't exist yet)... this is the same if I use pppx or pppx0 no IP address found for pppx:network /etc/pf.conf:102: could not parse host specification no IP address found for pppx:network /etc/pf.conf:103: could not parse host specification no IP address found for pppx:network /etc/pf.conf:106: could not parse host specification If I remove :network, the same errors: no IP address found for pppx /etc/pf.conf:102: could not parse host specification no IP address found for pppx /etc/pf.conf:103: could not parse host specification no IP address found for pppx /etc/pf.conf:106: could not parse host specification However, if I comment out those lines, connect, then uncomment out the lines, things work as they should (it appears) It also seems as if I can't connect if I have those lines uncommented after a reboot. Many strange things. Thanks for the help everyone, I'm going to continue to research.
Re: LACP problem [SOLVED]
Just in case someone has the same problem and finds this thread, the solution was to reboot the switch. That was it - no other changes required.
l2tp and openbsd 6.1
Hello everyone, I'm new to this list and l2tp/openbsd (but do have working UNIX/Linux knowledge). After searching the previous forum posts (and the internet) I have found a lot of information on l2tp ipsec.conf connection strings. However, I can't get android to connect. I keep getting IKE negotiation failed errors. I've looked at sites such as: http://bluepilltech.blogspot.com/2017/02/openbsd-l2tp-over-ipsec-android-601-ios.html https://www.authbsd.com/blog/?p=20 http://daemonforums.org/showthread.php?t=10326 https://rzemieniecki.wordpress.com/2014/05/28/debugging-ipsec-on-openbsd-invalid_cookie/ https://man.openbsd.org/npppd.conf.5 https://blog.gordonturner.com/2016/12/10/openbsd-6-0-vpn-endpoint-for-ios-and-osx/ https://marc.info/?l=openbsd-misc=145922338026396=2 https://marc.info/?l=openbsd-misc=145614573528471=2 https://www.mail-archive.com/misc@openbsd.org/msg145747.html ... etc I can get IOS to connect, but I can't get android 7 to connect. I've read that android has bugs with the vpn client in 6.x and 7.x (not sure if it is fixed in 8 or not). However, what is confusing is it connections just fine To my windows l2tp server. Bug tracker: https://issuetracker.google.com/issues/37074640#c35 My goal: Setup openbsd to work with IOS/android/windows/whatever. My questions. 1) Can you have more than one ike line in ipsec.conf? from my presumption of looking at sites on the internet, you can, however, I am not sure. https://www.authbsd.com/blog/?p=20 makes it seem like you can, unless it is just two examples 2) Every time I read a site that says, "this configuration worked for me on android", it doesn't work for me. I presume it is my lack of understanding, though, I'm not ruling out the possible android bug. I appreciate any help. Here is my ipsec.conf (this allows IOS to connect) public_ip = "x.x.x.x" ike passive esp transport \ proto udp from $public_ip to any port 1701 \ main auth "hmac-sha1" enc "aes" group modp1024\ quick auth "hmac-sha1" enc "aes" \ psk "PSK-GOES-HERE" Here is my npppd.conf authentication LOCAL type local { users-file "/etc/npppd/npppd-users" } tunnel L2TP protocol l2tp { listen on 0.0.0.0 listen on :: } ipcp IPCP { pool-address 10.0.0.101-10.0.0.254 dns-servers x.x.x.x } # use pppx(4) interface. use an interface per a ppp session. interface pppx0 address 10.0.0.1 ipcp IPCP bind tunnel from L2TP authenticated by LOCAL to pppx0
Re: l2tp and openbsd 6.1
Hello Sterling, Thanks for the response. I changed it to ike passive esp transport \ proto udp from $public_ip to any port 1701 \ main auth "hmac-sha1" enc "aes-256" group modp1024\ quick auth "hmac-sha1" enc "aes-256" \ PSK "PSK-GOES-HERE" and still no luck. I found out that Android 8 will connect (using aes). I am dumpping pflog0 and seeing no blocks. However, that doesn't mean it still isn't a potential pf problem I guess. However, if IOS and android 8 would connect, I would think that would rule a pf problem? Is there a way to turn on additional debugging? I'm using isakmpd -K in rc.conf.local, so not using isakmpd.policy/.conf (from my understanding) Everything in /var/log/messages is just from npppd. Unless I'm reading it wrong, there doesn't appear to be any errors. -Original Message- From: Sterling Archer [mailto:deb...@gmail.com] Sent: Monday, October 2, 2017 5:35 PM To: Charles Amstutz <charl...@infinitesys.com> Cc: misc@openbsd.org Subject: Re: l2tp and openbsd 6.1 On Mon, Oct 2, 2017 at 10:03 PM, Charles Amstutz <charl...@infinitesys.com> wrote: > Hello everyone, > > I'm new to this list and l2tp/openbsd (but do have working UNIX/Linux > knowledge). After searching the previous forum posts (and the internet) I > have found a lot of information on l2tp ipsec.conf connection strings. > However, I can't get android to connect. I keep getting IKE negotiation > failed errors. > > I've looked at sites such as: > > http://bluepilltech.blogspot.com/2017/02/openbsd-l2tp-over-ipsec-andro > id-601-ios.html > https://www.authbsd.com/blog/?p=20 > http://daemonforums.org/showthread.php?t=10326 > https://rzemieniecki.wordpress.com/2014/05/28/debugging-ipsec-on-openb > sd-invalid_cookie/ > https://man.openbsd.org/npppd.conf.5 > https://blog.gordonturner.com/2016/12/10/openbsd-6-0-vpn-endpoint-for- > ios-and-osx/ > https://marc.info/?l=openbsd-misc=145922338026396=2 > https://marc.info/?l=openbsd-misc=145614573528471=2 > https://www.mail-archive.com/misc@openbsd.org/msg145747.html > ... etc > > > I can get IOS to connect, but I can't get android 7 to connect. I've > read that android has bugs with the vpn client in 6.x and 7.x (not > sure if it is fixed in 8 or not). However, what is confusing is it > connections just fine To my windows l2tp server. Bug tracker: > https://issuetracker.google.com/issues/37074640#c35 > > > My goal: Setup openbsd to work with IOS/android/windows/whatever. > > My questions. > > > 1) Can you have more than one ike line in ipsec.conf? from my > presumption of looking at sites on the internet, you can, however, I am not > sure. > > https://www.authbsd.com/blog/?p=20 makes it seem like you can, unless > it is just two examples > > > 2) Every time I read a site that says, "this configuration worked for me > on android", it doesn't work for me. I presume it is my lack of > understanding, though, I'm not ruling out the possible android bug. > > > I appreciate any help. > > > > Here is my ipsec.conf (this allows IOS to connect) > > public_ip = "x.x.x.x" > > > > ike passive esp transport \ > > proto udp from $public_ip to any port 1701 \ > > main auth "hmac-sha1" enc "aes" group modp1024\ > > quick auth "hmac-sha1" enc "aes" \ > > psk "PSK-GOES-HERE" > > Here is my npppd.conf > > > > authentication LOCAL type local { > > users-file "/etc/npppd/npppd-users" > > } > > > > tunnel L2TP protocol l2tp { > > listen on 0.0.0.0 > > listen on :: > > } > > > > ipcp IPCP { > > pool-address 10.0.0.101-10.0.0.254 > > dns-servers x.x.x.x > > } > > > > # use pppx(4) interface. use an interface per a ppp session. > > interface pppx0 address 10.0.0.1 ipcp IPCP > > bind tunnel from L2TP authenticated by LOCAL to pppx0 I'm able to connect using a similar setup, but using aes-256 instead of aes as encoding in ipsec.conf. -- :wq!
Re: l2tp and openbsd 6.1
Yes, I would like to know this as well, it seems annoying that Android 8/4.x and IOS can connect, but not windows 10 (I haven't tried earlier windows 10) and android 7. Its either a user error (which I am willing to admit) or something very annoying. Especially when my l2tp PSK windows server can accept connections from anything it seems. I would like to get this figured out. I appreciate all of the suggestions, but I still can't get android 7 to connect, no matter which encryption, authentication or modp I use. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of lilit-aibolit Sent: Wednesday, October 4, 2017 2:46 AM To: misc@openbsd.org Cc: Charles Amstutz <charl...@infinitesys.com>; yasu...@yasuoka.net Subject: Re: l2tp and openbsd 6.1 Hi, with l2tp I have situation when iOS and Android devices could connect but Windows 7 and Windows 10 couldn't. Is it possible to adjust ipsec.conf somehow so it could accept connection from Windows clients too? Or is there a way to adjust some settings in Windows so it will work with current ipsec.conf? I also noticed that I have to add pass rule for tun0 to PF explicitly: - pass on tun0 all instead of having just: - set skip on { lo0, tun0 } Here is ipsec.conf: ike passive esp transport \ proto udp from a.b.x.y to any port 1701 \ main auth hmac-sha1 enc aes group modp1024 \ quick auth hmac-sha1 enc aes \ psk "password" Here is npppd.conf: authentication LOCAL type local { users-file "/etc/npppd/npppd-users" } tunnel L2TP protocol l2tp { listen on x.x.y.y } ipcp IPCP { pool-address 192.168.222.2-192.168.222.254 dns-servers 192.168.a.b } interface tun0 address 192.168.222.1 ipcp IPCP bind tunnel from L2TP authenticated by LOCAL to tun0 Log from Android: Oct 2 16:22:39 gw npppd[10826]: l2tpd ctrl=4 logtype=Started RecvSCCRQ from=192.38.129.182:41634/udp tunnel_id=4/4667 protocol=1.0 winsize=1 hostname=anonymous vendor=(no vendorname) firm= Oct 2 16:22:40 gw npppd[10826]: l2tpd ctrl=4 call=7962 logtype=PPPBind ppp=3 Oct 2 16:22:41 gw npppd[10826]: ppp id=3 layer=base logtype=TUNNELSTART user="xxx" duration=1sec layer2=L2TP layer2from=192.38.129.182:41634 auth=MS-CHAP-V2 ip=192.168.222.110 iface=tun0 Oct 2 16:22:41 gw /bsd: pipex: ppp=3 iface=tun0 protocol=L2TP id=7962 PIPEX is ready. Oct 2 16:22:41 gw npppd[10826]: ppp id=3 layer=base Using pipex=yes Log from IPhone6s: Oct 2 16:13:13 gw isakmpd[24211]: attribute_unacceptable: HASH_ALGORITHM: got SHA2_256, expected SHA Oct 2 16:13:13 gw isakmpd[24211]: attribute_unacceptable: GROUP_DESCRIPTION: got MODP_2048, expected MODP_1024 Oct 2 16:13:13 gw isakmpd[24211]: attribute_unacceptable: HASH_ALGORITHM: got MD5, expected SHA Oct 2 16:13:13 gw isakmpd[24211]: attribute_unacceptable: HASH_ALGORITHM: got SHA2_512, expected SHA Oct 2 16:13:13 gw isakmpd[24211]: attribute_unacceptable: HASH_ALGORITHM: got SHA2_256, expected SHA Oct 2 16:13:13 gw isakmpd[24211]: attribute_unacceptable: GROUP_DESCRIPTION: got MODP_1536, expected MODP_1024 Oct 2 16:13:13 gw isakmpd[24211]: attribute_unacceptable: HASH_ALGORITHM: got MD5, expected SHA Oct 2 16:13:13 gw isakmpd[24211]: attribute_unacceptable: HASH_ALGORITHM: got SHA2_256, expected SHA Oct 2 16:13:14 gw npppd[10826]: l2tpd ctrl=3 logtype=Started RecvSCCRQ from=192.38.129.182:65367/udp tunnel_id=3/7 protocol=1.0 winsize=4 hostname=xxx-iPhone vendor=(no vendorname) firm= Oct 2 16:13:14 gw npppd[10826]: l2tpd ctrl=3 call=11161 logtype=PPPBind ppp=2 Oct 2 16:13:18 gw npppd[10826]: ppp id=2 layer=base logtype=TUNNELSTART user="xxx" duration=4sec layer2=L2TP layer2from=192.38.129.182:65367 auth=MS-CHAP-V2 ip=192.168.222.110 iface=tun0 Oct 2 16:13:18 gw /bsd: pipex: ppp=2 iface=tun0 protocol=L2TP id=11161 PIPEX is ready. Oct 2 16:13:18 gw npppd[10826]: ppp id=2 layer=base Using pipex=yes Log from IPhone4s: Oct 2 15:55:55 gw npppd[10826]: l2tpd ctrl=1 logtype=Started RecvSCCRQ from=37.73.241.124:59028/udp tunnel_id=1/15 protocol=1.0 winsize=4 hostname=xxx vendor=(no vendorname) firm= Oct 2 15:55:55 gw npppd[10826]: l2tpd ctrl=1 call=5660 logtype=PPPBind ppp=0 Oct 2 15:55:58 gw npppd[10826]: ppp id=0 layer=base logtype=TUNNELSTART user="xxx" duration=3sec layer2=L2TP layer2from=37.73.241.124:59028 auth=MS-CHAP-V2 ip=192.168.222.101 iface=tun0 Oct 2 15:55:58 gw npppd[10826]: ppp id=0 layer=base Using pipex=yes Oct 2 15:55:58 gw /bsd: pipex: ppp=0 iface=tun0 protocol=L2TP id=5660 PIPEX is ready. And unsuccessful connection from Win7: Oct 4 10:12:37 gw isakmpd[24211]: attribute_unacceptable: GROUP_DESCRIPTION: got MODP_2048, expected MODP_1024 Oct 4 10:12:37 gw isakmpd[24211]: attribute_unacceptable: ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC Oct 4 10:12:37 gw isakmpd[24211]: attribute_unacceptable: ENCRYPTION_ALGORITHM: got 3DES
Re: l2tp and openbsd 6.1
This works as well: Pass in quick on pppx0 Pass out quick on pppx0 This doesn't work Pass in quick on pppx0 from pppx0 as it complains there is no IP. Assigning pppx0 to a variable doesn't work either. Neither does setting it to be dynamic. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Charles Amstutz Sent: Thursday, October 5, 2017 10:44 AM To: 'misc@openbsd.org' <misc@openbsd.org> Subject: Re: l2tp and openbsd 6.1 Here is a related but new question, If pppx0 only exists when someone is vpn'ed in. How do people handle this in pf? If you don't define rules, packets get blocked on it. But if there is no connect, pf complains about pppx0 not having a firewall. The only thing that seems to work is set skip on pppx0. But then no rules process on it. Has anyone ran into this? how did you handle it.
Re: l2tp and openbsd 6.1
Here is a related but new question, If pppx0 only exists when someone is vpn'ed in. How do people handle this in pf? If you don't define rules, packets get blocked on it. But if there is no connect, pf complains about pppx0 not having a firewall. The only thing that seems to work is set skip on pppx0. But then no rules process on it. Has anyone ran into this? how did you handle it.
ThinkPad X220 Trackpoint Pointer Wheel Emulation Issues
First off, I'm new around here, so my apologies in advance if this is the wrong list or I've formatted something incorrectly. I've recently installed OpenBSD 6.3 on my Thinkpad X220. I'm happy to report that almost everything seems to work the way it should (suspend/resume, wireless, volume controls, etc.). However, I've been having some difficulty with the TrackPoint. The TrackPoint works fine as a pointing device, however the "WS Pointer Wheel Emulation" emulation feature is not working. For those unfamiliar, this allows the middle mouse button to be held down, and while it is held, the TrackPoint can be used to scroll vertically or horizontally. After conducting some research, I have written the following script to set the appropriate xinput properties to properly enable the pointer wheel emulation functionality: #!/bin/sh xinput set-prop /dev/wsmouse "WS Pointer Wheel Emulation" 1 xinput set-prop /dev/wsmouse "WS Pointer Wheel Emulation Button" 2 xinput set-prop /dev/wsmouse "WS Pointer Wheel Emulation Axes" 6 7 4 5 xinput set-prop /dev/wsmouse "WS Pointer Wheel Emulation Timeout" 500 xinput set-prop /dev/wsmouse "WS Pointer Wheel Emulation Inertia" 20 I have tried many different variations on the input parameters. One interesting behavior I have discovered is that if I set the emulation axes to "4 5 0 0" then I can scroll up and down by moving the track point left or right by holding the middle mouse button. However, when I use "6 7 4 5" or "0 0 4 5", the up and down scrolling generally does not work at all (occasionally jumping in the direction the trackpoint was pushed). I have spent several days troubleshooting this issue and haven't had any luck. I think this may be a bug, but I wanted to see if anyone else had similar issues and knew of a solution before submitting a bug report. I am under the impression that this list does not permit attachments, so I will refrain from attaching the full output of dmesg and other long logs, but I will include the output of some commands that I think might be relevant. Finally, I tried digging into some of the source code for Xenocara and the wsmouse drive. Unfortunately, my knowledge of OpenBSD and Xorg are insufficient to draw any useful conclusions. However, I think the following files may be relevant / a good starting point for someone more knowledgeable than I: * xenocara/driver/xf86-input-ws/include/ws-properties.h * xenocara/driver/xf86-input-ws/src/emuwheel.c I would really appreciate any suggestions to troubleshoot further. Charles ### possibly relevant output follows nessus$ dmesg | grep -i mouse wsmouse0 at pms0 mux 0 nessus$ dmesg | grep -i ws wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) wskbd0 at pckbd0: console keyboard, using wsdisplay0 wsmouse0 at pms0 mux 0 nessus$ xinput ⎡ Virtual core pointer id=2 [master pointer (3)] ⎜ ↳ Virtual core XTEST pointer id=4 [slave pointer (2)] ⎜ ↳ /dev/wsmouse id=7 [slave pointer (2)] ⎣ Virtual core keyboard id=3 [master keyboard (2)] ↳ Virtual core XTEST keyboard id=5 [slave keyboard (3)] ↳ /dev/wskbd id=6 [slave keyboard (3)] nessus$ xinput list-props /dev/wsmouse Device '/dev/wsmouse': Device Enabled (140): 1 Coordinate Transformation Matrix (141): 1.00, 0.00, 0.00, 0.00, 1.00, 0.00, 0.00, 0.00, 1.00 Device Accel Profile (253): 0 Device Accel Constant Deceleration (254): 1.00 Device Accel Adaptive Deceleration (255): 1.00 Device Accel Velocity Scaling (256): 10.00 WS Pointer Middle Button Emulation (257): 2 WS Pointer Middle Button Timeout (258): 50 WS Pointer Wheel Emulation (259): 1 WS Pointer Wheel Emulation Axes (260): 4, 5, 0, 0 WS Pointer Wheel Emulation Inertia (261): 20 WS Pointer Wheel Emulation Timeout (262): 500 WS Pointer Wheel Emulation Button (263): 2 nessus$ cat /etc/X11/xorg.conf nessus$ X -version X.Org X Server 1.19.6 Release Date: 2017-12-20 X Protocol Version 11, Revision 0 Build Operating System: OpenBSD 6.3 amd64 Current Operating System: OpenBSD nessus.domain_redacted 6.3 GENERIC.MP#107 amd64 Build Date: 24 March 2018 02:38:24PM Current version of pixman: 0.34.0 Before reporting problems, check http://wiki.x.org to make sure that you have the latest version.
Re: ThinkPad X220 Trackpoint Pointer Wheel Emulation Issues
> The jumping up and down vertically should have been fixed via this > commit from @bru: > https://github.com/openbsd/xenocara/commit/a011f4db8a6b02f5b298f8b631330764f40aa037 Confirming that installing the new 6.4 release (which includes the linked patch) fixes the issue. For the sake of future Googlers or archive readers, this is all that was required for me to get pointer wheel emulation working as it should on the Thinkpad X220 under OpenBSD 6.4: xinput set-prop /dev/wsmouse "WS Pointer Wheel Emulation" 1 xinput set-prop /dev/wsmouse "WS Pointer Wheel Emulation Button" 2 Thank you Jake and Matthias for your help! Charles
Re: Thinkpad T430 random power off while sleeping
> I have a similar issue with the X220, the problem is a watchdog > timer, > that I suspect is in the Intel ME. It expires without being reset > and > forces the machine to restart. Or at least that is the cause of > that > happening on my X230's. I've ripped a few of them apart and > analyzed > their guts and found only the CPU and a few other chips are active > during suspend. I've probed all the buses of those other chips and > none > make a peep when the machine reboots, the only chip left active is > the > Intel ME chunk of the CPU, and for obvious reasons, I have no idea > what > it is doing, so I suspect it is the culprit. I think there is at least some aspect of software at play here however. I did not experience these issues while running Debian 9 on the machine. It could be that Linux uses some horrible hack to make suspend work reliably, but it does nevertheless work. > I gave up on the work a few months ago since it seemed easier to > just > accept that suspend isn't going to work and just use suspend-to-disk > or > just shut the machine down completely. I had intended to use suspend-to-disk with this machine, but I found that applications that use hardware acceleration (namely Firefox) do not function after resuming from suspend to disk. The specific symptom is that the application's window is just black with no visible contents. Restarting it does nothing. This is very likely a problem with inteldrm. Disabling hardware acceleration in FF fixes the problem, but makes it almost unusably slow. > If you want to do more, and have > access to a Windows machine, you can try pulling apart the Lenovo > drivers to see what the Lenovo-specific ACPI driver is doing when > the > machine goes into suspend. I don't, but I had planned to throw Windows on a spare disk and see if updating the firmware / BIOS / playing with the proprietary driver helps or yields any useful information. ... Maybe I should look at running coreboot on the T430, since it's supported now. Thanks for your detailed response!
OpenBSD/landisk on J-core/J2 based systems?
I'm curious to know if anyone involved with OpenBSD/landisk has any comments on J-core[1]? It claims to implement SuperH and capability to boot Linux on an FPGA. To that end, has anyone tried booting OpenBSD/landisk on a J2 based system? One of my hobbies is obscure architectures, and OpenBSD/landisk seemed like and interesting one; I stumbled across J-core while researching for background on the SH-4 CPU. It seems like targeting (relatively) readily available FPGA development boards would make SuperH compatible systems much more accessible to those interested in the landisk port. 1 - http://j-core.org/
Thinkpad T430 random power off while sleeping
Closing the lid on the T430 causes OpenBSD to suspend, as per my setting for machdep.lidaction=1. This usually works as expected, but occasionally I take my laptop out of my bag to find it sitting on the xenodm login screen, not suspended, with the lid closed, having lost power and rebooted at some point after being suspended. I would like to collect further information so a bug report can be filed, but I feel that the above description alone is insufficient to constitute a useful bug report. To that end, I would like to solicit advice on what information can be collected and what debugging steps can be taken so that I can write a useful bug report. I'm running the 6.4 release, and I have run fw_update and syspatch periodically since install. I previously asked for help on r/openbsd[1], but still have not been able to either resolve the problem or gather sufficient information for a bug report. ~ Charles 1 - https://old.reddit.com/r/openbsd/comments/9v0u4w/t430_wakes_from_suspend_with_lid_closed/
calmwm mouse stuck inside of window
A slight issue I've noticed with calmwm (under OpenBSD 6.4) is that the mouse can occasionally get "stuck" inside of a window, and can't be moved out of it. This most often seems to occur with modal dialogs (in particular, most of the configuration dialogs for graphics/ipe exhibit this behavior, but I've seen it occur in other programs as well. The specific symptom seems to be that moving the mouse beyond the edge of an effected window causes it to "teleport" back to the exact center of the window. Also, affected windows cannot be lowered by using the window- cycle binding, as they immediate re-capture focus. However, the menu- window binding can be used to search for another window and raise it, and lowering the entire group of the effected group allows it to be switched away from. I'm not sure if this is a bug or intended behavior, but if it is the latter I feel there should be a config flag to disable it (I would be willing to do the legwork if someone knowledgeable with CWM can guide me). I believe the issue lies in client.c in the fragments noted below, as this is the only place that the mouse position seems to be modified. That said, my xlib skills are not very good, and I haven't worked with the CWM codebase before. ~ Charles ... struct client_ctx * client_init(Window win, struct screen_ctx *sc, int active) { ... if (wattr.map_state != IsViewable) { client_placecalc(cc); ... static void client_placecalc(struct client_ctx *cc) { ... if (cc->hint.flags & (USPosition | PPosition)) { if (cc->geom.x >= sc->view.w) cc->geom.x = sc->view.w - cc->bwidth - 1; if (cc->geom.x + cc->geom.w + cc->bwidth <= 0) cc->geom.x = -(cc->geom.w + cc->bwidth - 1); if (cc->geom.y >= sc->view.h) cc->geom.x = sc->view.h - cc->bwidth - 1; if (cc->geom.y + cc->geom.h + cc->bwidth <= 0) cc->geom.y = -(cc->geom.h + cc->bwidth - 1); } else { struct geom area; int xmouse, ymouse; xu_ptr_getpos(sc->rootwin, , ); area = screen_area(sc, xmouse, ymouse, CWM_GAP); area.w += area.x; area.h += area.y; xmouse = MAX(xmouse, area.x) - cc->geom.w / 2; ymouse = MAX(ymouse, area.y) - cc->geom.h / 2; xmouse = MAX(xmouse, area.x); ymouse = MAX(ymouse, area.y); xslack = area.w - cc->geom.w - cc->bwidth * 2; yslack = area.h - cc->geom.h - cc->bwidth * 2; if (xslack >= area.x) { cc->geom.x = MAX(MIN(xmouse, xslack), area.x); } else { cc->geom.x = area.x; cc->geom.w = area.w; } if (yslack >= area.y) { cc->geom.y = MAX(MIN(ymouse, yslack), area.y); } else { cc->geom.y = area.y; cc->geom.h = area.h; } } ...
Re: Questions about Carp / PF / PFSync
> Charles Amstutz(charl...@binary.net) on 2019.01.30 23:16:17 +: > > Hello > > > > We are running into an issue with a lot of dropped packets where states > are failing to be created. We have noticed that it coincides with a fair > amount > of congestion, around 10-15/s according to 'pfctl -si'. > > > > We finally tried disabling our Carp Interfaces (we are using carp for > > failover) > and the problem seems to completely go away. We have 53 carp interfaces > on these two boxes and are just looking for some input on what might be > causing an issue like this, where having carp interfaces enabled is causing > such high congestion. > > > > We are running OpenBSD 6.4. > > > > Thanks, > > Set sysctl net.inet.carp.log=7 (and activate carp again). > What does it show (in /var/log/messages)? > > Also, whats the output of > > sysctl net.inet.ip.ifq.drops > sysctl net.inet6.ip6.ifq.drops > netstat -m > pfctl -vsi > > ? > > > Hello, here are the results > > /var/log/messages > > With the logging we notice what is typical add entry attempts for arp > > > sysctl net.inet.ip.ifq.drops > > net.inet.ip.ifq.drops=0 > > sysctl net.inet6.ip6.ifq.drops > > net.inet6.ip6.ifq.drops=0 > > netstat –m > > 297 mbufs in use: > 200 mbufs allocated to data > 4 mbufs allocated to packet headers > 93 mbufs allocated to socket names and addresses > 17/104 mbuf 2048 byte clusters in use (current/peak) > 99/555 mbuf 2112 byte clusters in use (current/peak) > 0/40 mbuf 4096 byte clusters in use (current/peak) > 0/56 mbuf 8192 byte clusters in use (current/peak) > 0/14 mbuf 9216 byte clusters in use (current/peak) > 0/30 mbuf 12288 byte clusters in use (current/peak) > 0/24 mbuf 16384 byte clusters in use (current/peak) > 0/48 mbuf 65536 byte clusters in use (current/peak) > 5236/6856/524288 Kbytes allocated to network (current/peak/max) > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines > > pfctl –vsi > > Status: Enabled for 1 days 20:18:23 Debug: err > > Hostid: 0x30e5b38f > Checksum: 0x0930fa9e7e5a8c4562c3c5b488715989 > > > State Table Total Rate > current entries 7400 > half-open tcp136 > searches 486306276 3048.9/s > inserts 21891932 137.3/s > removals21884532 137.2/s > Source Tracking Table > current entries0 > searches 00.0/s > inserts00.0/s > removals 00.0/s > Counters > match 39904360 250.2/s > bad-offset 00.0/s > fragment 00.0/s > short 40.0/s > normalize 10.0/s > memory 00.0/s > bad-timestamp 00.0/s > congestion 1777154 11.1/s > ip-option 00.0/s > proto-cksum00.0/s > state-mismatch 41850.0/s > state-insert 00.0/s > state-limit00.0/s > src-limit 00.0/s > synproxy 00.0/s > translate 00.0/s > no-route 00.0/s > Limit Counters > max states per rule00.0/s > max-src-states 00.0/s > max-src-nodes 00.0/s > max-src-conn 00.0/s > max-src-conn-rate 00.0/s > overload table insertion 00.0/s > overload flush states 00.0/s > synfloods detected 00.0/s > syncookies sent00.0/s > syncookies validated 00.0/s > > Adaptive Syncookies Watermarks > start 25000 states > end12500 states The actual problem that we are seeing is that OpenBSD is failing to create states for some network connections. Has anyone seen anything like this? At this point, it may not be a pf problem, but it is constant.
Re: Questions about Carp / PF / PFSync
> Not sure if it will give any additional clues but can you show dmesg please? Sure, however, they are quite lengthy, are you wanting the whole thing? I apologize not sure of protocol here.
Re: Questions about Carp / PF / PFSync
> On 2019/02/22 20:45, Charles Amstutz wrote: > > > Not sure if it will give any additional clues but can you show dmesg > please? > > > > Sure, however, they are quite lengthy, are you wanting the whole thing? I > apologize not sure of protocol here. > > Yes please, the whole thing is fine (and preferable to cutting bits out and > accidentally trimming something that might have been useful!). Alright, here it is. Please note, the Public IPs have been scrubbed Load Balancer 2: lb2:someguy {59} dmesg OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8531312640 (8136MB) avail mem = 8263491584 (7880MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec170 (79 entries) bios0: vendor American Megatrends Inc. version "3.0" date 04/24/2015 bios0: Supermicro X10SLM-F acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT SSDT SSDT MCFG PRAD HPET SSDT SSDT SPMI DMAR EINJ ERST HEST BERT acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP05(S4) GLAN(S4) EHC1(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz, 3100.61 MHz, 06-3c-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz, 3100.01 MHz, 06-3c-03 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz, 3100.00 MHz, 06-3c-03 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz, 3100.01 MHz, 06-3c-03 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 2 (RP01) acpiprt5 at acpi0: bus 4 (RP02) acpiprt6 at acpi0: bus -1 (RP03) acpiprt7 at acpi0: bus -1 (RP05) acpiec0 at acpi0: not present acpicpu0 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PG00, resource for PEG0 acpipwrres1 at acpi0: PG01, resource for PEG1 acpipwrres2 at acpi0: PG02, resource for PEG2 acpipwrres3 at acpi0: FN00, resource for FAN0 acpipwrres4 at acpi0: FN01, resource for FAN1 acpipwrres5 at acpi0: FN02, resource for FAN2 acpipwrres6 at acpi0: FN03, resource for FAN3 acpipwrres7 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0: critical t
Re: Questions about Carp / PF / PFSync
Charles Amstutz(charl...@binary.net) on 2019.01.30 23:16:17 +: > Hello > > We are running into an issue with a lot of dropped packets where states are > failing to be created. We have noticed that it coincides with a fair amount > of congestion, around 10-15/s according to 'pfctl -si'. > > We finally tried disabling our Carp Interfaces (we are using carp for > failover) and the problem seems to completely go away. We have 53 carp > interfaces on these two boxes and are just looking for some input on what > might be causing an issue like this, where having carp interfaces enabled is > causing such high congestion. > > We are running OpenBSD 6.4. > > Thanks, Set sysctl net.inet.carp.log=7 (and activate carp again). What does it show (in /var/log/messages)? Also, whats the output of sysctl net.inet.ip.ifq.drops sysctl net.inet6.ip6.ifq.drops netstat -m pfctl -vsi ? Hello, here are the results /var/log/messages With the logging we notice what is typical add entry attempts for arp sysctl net.inet.ip.ifq.drops net.inet.ip.ifq.drops=0 sysctl net.inet6.ip6.ifq.drops net.inet6.ip6.ifq.drops=0 netstat –m 297 mbufs in use: 200 mbufs allocated to data 4 mbufs allocated to packet headers 93 mbufs allocated to socket names and addresses 17/104 mbuf 2048 byte clusters in use (current/peak) 99/555 mbuf 2112 byte clusters in use (current/peak) 0/40 mbuf 4096 byte clusters in use (current/peak) 0/56 mbuf 8192 byte clusters in use (current/peak) 0/14 mbuf 9216 byte clusters in use (current/peak) 0/30 mbuf 12288 byte clusters in use (current/peak) 0/24 mbuf 16384 byte clusters in use (current/peak) 0/48 mbuf 65536 byte clusters in use (current/peak) 5236/6856/524288 Kbytes allocated to network (current/peak/max) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines pfctl –vsi Status: Enabled for 1 days 20:18:23 Debug: err Hostid: 0x30e5b38f Checksum: 0x0930fa9e7e5a8c4562c3c5b488715989 State Table Total Rate current entries 7400 half-open tcp136 searches 486306276 3048.9/s inserts 21891932 137.3/s removals21884532 137.2/s Source Tracking Table current entries0 searches 00.0/s inserts00.0/s removals 00.0/s Counters match 39904360 250.2/s bad-offset 00.0/s fragment 00.0/s short 40.0/s normalize 10.0/s memory 00.0/s bad-timestamp 00.0/s congestion 1777154 11.1/s ip-option 00.0/s proto-cksum00.0/s state-mismatch 41850.0/s state-insert 00.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s translate 00.0/s no-route 00.0/s Limit Counters max states per rule00.0/s max-src-states 00.0/s max-src-nodes 00.0/s max-src-conn 00.0/s max-src-conn-rate 00.0/s overload table insertion 00.0/s overload flush states 00.0/s synfloods detected 00.0/s syncookies sent00.0/s syncookies validated 00.0/s Adaptive Syncookies Watermarks start 25000 states end12500 states
Re: Questions about Carp / PF / PFSync
Charles Amstutz(charl...@binary.net) on 2019.01.30 23:16:17 +: > Hello > > We are running into an issue with a lot of dropped packets where states are > failing to be created. We have noticed that it coincides with a fair amount > of congestion, around 10-15/s according to 'pfctl -si'. > > We finally tried disabling our Carp Interfaces (we are using carp for > failover) and the problem seems to completely go away. We have 53 carp > interfaces on these two boxes and are just looking for some input on what > might be causing an issue like this, where having carp interfaces enabled is > causing such high congestion. > > We are running OpenBSD 6.4. > > Thanks, Set sysctl net.inet.carp.log=7 (and activate carp again). What does it show (in /var/log/messages)? Also, whats the output of sysctl net.inet.ip.ifq.drops sysctl net.inet6.ip6.ifq.drops netstat -m pfctl -vsi ? /var/log/messages With the logging we notice what is typical add entry attempts for arp sysctl net.inet.ip.ifq.drops net.inet.ip.ifq.drops=0 sysctl net.inet6.ip6.ifq.drops net.inet6.ip6.ifq.drops=0 netstat –m 297 mbufs in use: 200 mbufs allocated to data 4 mbufs allocated to packet headers 93 mbufs allocated to socket names and addresses 17/104 mbuf 2048 byte clusters in use (current/peak) 99/555 mbuf 2112 byte clusters in use (current/peak) 0/40 mbuf 4096 byte clusters in use (current/peak) 0/56 mbuf 8192 byte clusters in use (current/peak) 0/14 mbuf 9216 byte clusters in use (current/peak) 0/30 mbuf 12288 byte clusters in use (current/peak) 0/24 mbuf 16384 byte clusters in use (current/peak) 0/48 mbuf 65536 byte clusters in use (current/peak) 5236/6856/524288 Kbytes allocated to network (current/peak/max) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines pfctl –vsi Status: Enabled for 1 days 20:18:23 Debug: err Hostid: 0x30e5b38f Checksum: 0x0930fa9e7e5a8c4562c3c5b488715989 State Table Total Rate current entries 7400 half-open tcp136 searches 486306276 3048.9/s inserts 21891932 137.3/s removals21884532 137.2/s Source Tracking Table current entries0 searches 00.0/s inserts00.0/s removals 00.0/s Counters match 39904360 250.2/s bad-offset 00.0/s fragment 00.0/s short 40.0/s normalize 10.0/s memory 00.0/s bad-timestamp 00.0/s congestion 1777154 11.1/s ip-option 00.0/s proto-cksum00.0/s state-mismatch 41850.0/s state-insert 00.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s translate 00.0/s no-route 00.0/s Limit Counters max states per rule00.0/s max-src-states 00.0/s max-src-nodes 00.0/s max-src-conn 00.0/s max-src-conn-rate 00.0/s overload table insertion 00.0/s overload flush states 00.0/s synfloods detected 00.0/s syncookies sent00.0/s syncookies validated 00.0/s Adaptive Syncookies Watermarks start 25000 states end12500 states
Questions about Carp / PF / PFSync
Hello We are running into an issue with a lot of dropped packets where states are failing to be created. We have noticed that it coincides with a fair amount of congestion, around 10-15/s according to 'pfctl -si'. We finally tried disabling our Carp Interfaces (we are using carp for failover) and the problem seems to completely go away. We have 53 carp interfaces on these two boxes and are just looking for some input on what might be causing an issue like this, where having carp interfaces enabled is causing such high congestion. We are running OpenBSD 6.4. Thanks,
The future of NetBSD
it is or is not acceptable to commit changes that do not change functionality; when multiple changed must be batched in one commit; etc. Right now it is difficult to sort the wheat from the chaff. In addition, there must be standards of review. I must repeat a point I've made earlier. The current management of the project is not going to either fix the project's problems, or lead the project to solutions. They are going to maintain the status quo, and nothing else. If the project is to rise from its charred stump, this management must be disbanded and replaced wholesale. Anything less is a non-solution. -- To some of you, I would like to apologize. There *are* NetBSD developers doing good work even now. I'd like to particularly recognize and thank those working on kernel locking and UVM problems; wireless support (though I'm not sure what happened to my extensive set of rtw bug fixes); Bluetooth; G5; and improved ARM support. This is all good stuff. In the bigger picture, though, the project needs to do a lot more. -- - Charles Hannum - past founder, developer, president and director of The NetBSD Project and The NetBSD Foundation; sole proprietor of The NetBSD Mission; proprietor of The NetBSD CD Project. [I'm CCing this to FreeBSD and OpenBSD lists in order to share it with the wider *BSD community, not to start a flame war. I hope that people reading it have the tact to be respectful of their peers, and consider how some of these issues may apply to them as well.]
Re: The future of NetBSD
On Thu, Aug 31, 2006 at 12:01:07AM -0500, [EMAIL PROTECTED] wrote: A chicken running around sans head is quite active. Not really the same thing as productive. What you don't see is that NetBSD is the chicken in your analogy.
Re: The future of NetBSD
On Thu, Aug 31, 2006 at 05:44:00PM +0200, Johnny Billquist wrote: Andy Ruhl wrote: On 8/31/06, Thorsten Glaser [EMAIL PROTECTED] wrote: BSD is about an operating system, not about a kernel. Bingo. Good point. This point is lost sometimes. I believe NetBSD has the proper philosophy in regards to the entire OS as well. I don't want apache built in, for instance. This is a silly definition (imho) which I first heard Stallman use, but seems to be spreading. Every book on operating systems that I own, or have read, defines an operating system as the kernel. Different applications, including even shells, are not the operating system. But that's just my opinion, of course. But most of all, I don't see the relevance of bringing the discussion down to a hair-splitting of what an operating system is. Actually, defining (poorly) the OS to include so much else has been a liability for NetBSD in many ways. It has massively slowed the adoption of new software versions (e.g. GCC), for one. It also contributed to the perception that a better package system and automatic updates were not a serious issue.
Re: The future of NetBSD
On Fri, Sep 01, 2006 at 10:40:01AM -0700, Spruell, Darren-Perot wrote: Like, what docs does a vendor engineering division give to the developers who write the drivers internally? They don't give them bad docs. They give them functional, useful docs. Does it need to be stated that any project wanting to compose useful support for the same hardware shouldn't get the same level of docs? Sorry, but that's the core fallacy in your argument. In many cases, there are no functional, useful docs. They just don't exist. Certainly this is a problem in itself.
Re: The future of NetBSD
On Fri, Sep 01, 2006 at 01:08:13AM +0200, Matthias Kilian wrote: They don't have to write device drivers at all, they just should write good documentation. Unfortunately, the documentation often isn't so hot either. I'll give you an example. Even with both code and documentation from Realtek, we still had to reverse engineer how some parts of the RTL8180 work. And though it works now, our understanding is still incomplete. It is far easier for a manufacturer to spew out a Windows driver in-house, where they have direct access to the people who designed the hardware, so this is what they do. The Windows driver model is pretty much designed around this approach. What we really want is not just documentation, but support from their engineers. The Linux community is starting to get this in some places.
Re: The future of NetBSD
On Fri, Sep 01, 2006 at 12:16:59PM -0700, Spruell, Darren-Perot wrote: From: Charles M. Hannum [mailto:[EMAIL PROTECTED] On Fri, Sep 01, 2006 at 10:40:01AM -0700, Spruell, Darren-Perot wrote: Like, what docs does a vendor engineering division give to the developers who write the drivers internally? They don't give them bad docs. They give them functional, useful docs. Does it need to be stated that any project wanting to compose useful support for the same hardware shouldn't get the same level of docs? Sorry, but that's the core fallacy in your argument. In many cases, there are no functional, useful docs. They just don't exist. Certainly this is a problem in itself. Certainly it is. So why bother resorting to vendor-supplied drivers (OSS or blob) derived from originally piss-poor docs in the first place? If the docs are bad, then the results of those docs are derivatively worse as a result. That's not actually true. You're still using the fallacy that the vendor driver is written based on the documentation -- but in fact there are other inputs, like discussion with the hardware engineers. Sometimes there are pieces you just can't get from the documentation, because they're not there, but they are present in the driver. In the current climate, having both is almost always better than having only one -- and certainly having the code is better than having nothing. I'm not against harassing the hardware vendors to do better.
Fin de votre Inscription
Nous sommes disoli de vous voir partir. Vous ne faites plus parti de notre base. C'est le dernier message que vous recevez de nous. Nous vous avons ajouti ` notre Liste noire, ce qui signifie que notre systhme ne pourra plus vous envoyer tout autre courrier ilectronique, sans intervention manuelle de notre administrateur. S'il y a une erreur dans ces informations, vous pouvez vous riabonner: Veuillez aller ` http://www.crea-promo.com/lists/?p=subscribe et suivez les itapes. Merci