Re: strange lockups
On 05/11/12 03:21, Stuart Henderson wrote: On 2012-05-11, Adam Jacob Mulleradam-openbsd-m...@adam.gs wrote: On 5/10/12 4:24 AM, JC)rC)mie CourrC(ges-Anglas wrote: Please see http://www.openbsd.org/faq/faq2.html and http://www.openbsd.org/report.html Regards. Hi, I did do a sendbug, but i'm not sure if gnats@ goes anywhere (seems query-pr page is broken?). Possibly not at the moment. In any event, this is the ddb output of ps/show registers. I'm fairly reliably able to reproduce this, if there is any more information I can gather, let me know. Dmesg (no. 3 on http://www.openbsd.org/report.html) is really important. Ideally send one from the working previous version too which you might find in old logs (/var/log/messages*). Sorry, that was in the sendbug, I removed it when I sent to the list. Unfortunately/fortunately the box was up for so long prior to upgrading that there's no dmesg and the remote syslog archives don't catch things from so early on in the boot so I only have the 5.1 dmesg :/ OpenBSD 5.1 (GENERIC) #181: Sun Feb 12 09:35:53 MST 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 2146172928 (2046MB) avail mem = 2074972160 (1978MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfa3d0 (48 entries) bios0: vendor Secure Computing version A02 date 03/29/2006 bios0: Secure Computing Sidewinder G2 acpi0 at bios0: rev 0 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC SPCR HPET MCFG acpi0: wakeup devices PCI0(S5) PES1(S5) PEP0(S5) PXHA(S5) PEP1(S5) PEP2(S5) PCIS(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU 2.66GHz, 2667.13 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CNXT-ID,CX16,xTPR,NXE,LONG,LAHF cpu0: 256KB 64b/line 4-way L2 cache cpu0: apic clock running at 133MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 ioapic1 at mainbus0: apid 2 pa 0xfec1, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apid 2 acpihpet0 at acpi0: 14318179 Hz acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PES1) acpiprt2 at acpi0: bus 2 (PEP0) acpiprt3 at acpi0: bus 3 (PXHA) acpiprt4 at acpi0: bus 5 (PEP1) acpiprt5 at acpi0: bus 6 (PEP2) acpiprt6 at acpi0: bus 7 (PCIS) acpicpu0 at acpi0 ipmi at mainbus0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel E7230 Host rev 0x00 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 Intel 6702PXH PCIE-PCIX rev 0x09 pci3 at ppb2 bus 3 ppb3 at pci3 dev 2 function 0 IBM 133 PCIX-PCIX rev 0x02 pci4 at ppb3 bus 4 em0 at pci4 dev 4 function 0 Intel PRO/1000MT QP (82546EB) rev 0x01: apic 2 int 3, address 00:04:23:c2:9f:24 em1 at pci4 dev 4 function 1 Intel PRO/1000MT QP (82546EB) rev 0x01: apic 2 int 2, address 00:04:23:c2:9f:25 em2 at pci4 dev 6 function 0 Intel PRO/1000MT QP (82546EB) rev 0x01: apic 2 int 1, address 00:04:23:c2:9f:26 em3 at pci4 dev 6 function 1 Intel PRO/1000MT QP (82546EB) rev 0x01: apic 2 int 0, address 00:04:23:c2:9f:27 ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci5 at ppb4 bus 5 bge0 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): apic 1 int 16, address 00:13:72:fc:ae:1b brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb5 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci6 at ppb5 bus 6 bge1 at pci6 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): apic 1 int 17, address 00:13:72:fc:ae:1c brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb6 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xe1 pci7 at ppb6 bus 7 vga1 at pci7 dev 5 function 0 XGI Technology Volari Z7 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8240N, 1.10 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 1 int 20 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: ST31500341AS wd0: 16-sector PIO, LBA48, 1430799MB, 2930277168 sectors wd0(pciide1:0:0): using
Re: strange lockups
I have further isolated this. I disabled/removed basically all custom configuration I had on the system, and was still able to trigger it. This: em3: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:04:23:c2:9f:27 priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active -=[~]=- -=[Fri May 11]=- -=[22:46:55]=- [root@charon]# ifconfig em3 lladdr 00:04:23:c2:9f:ff -=[~]=- -=[Fri May 11]=- -=[22:47:11]=- [root@charon]# ifconfig em2 up -=[~]=- -=[Fri May 11]=- -=[22:47:13]=- [root@charon]# ifconfig em3 up -=[~]=- -=[Fri May 11]=- -=[22:47:16]=- [root@charon]# ifconfig em3 down -=[~]=- -=[Fri May 11]=- -=[22:47:20]=- [root@charon]# ifconfig em3 lladdr 00:04:23:c2:9f:27 -=[~]=- -=[Fri May 11]=- -=[22:47:29]=- [root@charon]# ifconfig em3 up Write failed: Broken pipe Shared connection to 10.0.12.14 closed. Now, em3 has a conflicting address with another box in the same vlan. This is/was managed with a script that hooks into dhclient (replaces dhclient-script) and was relying on the PREINIT actions (now removed) to change the ll address on the interface. http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c.diff?r1=1.138;r2=1.139 That was, I guess, not so useless for me :) In any event, it seems that even in this situation, the box really shouldn't hang like this, still no idea why that happens. -Adam On 5/10/12 11:46 PM, Adam Jacob Muller wrote: On 5/10/12 4:24 AM, JC)rC)mie CourrC(ges-Anglas wrote: Please see http://www.openbsd.org/faq/faq2.html and http://www.openbsd.org/report.html Regards. Hi, I did do a sendbug, but i'm not sure if gnats@ goes anywhere (seems query-pr page is broken?). In any event, this is the ddb output of ps/show registers. I'm fairly reliably able to reproduce this, if there is any more information I can gather, let me know. -=[~]=- -=[Thu May 10]=- -=[21:30:46]=- [root@charon]# ifconfig em2 up -=[~]=- -=[Thu May 10]=- -=[21:30:49]=- [root@charon]# uptime 9:30PM up 2 mins, 1 user, load averages: 1.38, 0.50, 0.19 -=[~]=- -=[Thu May 10]=- -=[21:30:52]=- [root@charon]# ifconfig em3 up ^EB^EStopped at Debugger+0x5: leave ddb show panic the kernel did not panic ddb ps PID PPID PGRPUID S FLAGS WAIT COMMAND *31458 2782 31458 0 7 0ifconfig 2782 1 2782 0 30x80 wait bash 9835 1 9835 0 30x80 ttyin getty 28249 1 28249 0 30x80 ttyin getty 1429 1 1429 0 30x80 ttyin getty 12859 1 12859 0 30x80 ttyin getty 15689 1 15689 0 30x80 ttyin getty 21720 1 21720 0 30x80 selectcron 22103 15791 15791 0 30x80 nanosleep perl 15791 1 15791 0 30x80 poll collectd 17486 1711 1711 77 30x80 poll dhcpd 32181 15104 27517 90 30x80 kqreadospf6d 22133 15104 27517 90 30x80 kqreadospf6d 4380 27517 27517 0 30x80 piperdtee 15104 27517 27517 0 20x80ospf6d 27517 11636 27517 0 30x88 pause sh 7865 22621 4001 83 30x80 poll ntpd 22621 4001 4001 83 30x80 poll ntpd 11636 1 11636 0 30x80 selectscreen 1711 22145 1711 77 30x80 poll dhcpd 4001 26301 4001 0 30x80 poll ntpd 22145 1 22145 0 30x80 selectscreen 20753 11069 20753 0 30x80 netconphp 11069 1 11069 0 30x80 selectscreen 26301 1 26301 0 30x80 selectscreen 23181 1 23181556 30x80 selectnrpe 13812 30502 30502 91 20x80snmpd 30502 23345 30502 0 30x80 kqreadsnmpd 24114 6566 24114 0 30x80 nanosleep php 24896 12320 24896 0 30x80 nanosleep php 30324 26717 30324 0 30x80 nanosleep php 23345 1 23345 0 30x80 selectscreen 2939 17720 2939 0 30x80 nanosleep php 26717 1 26717 0 30x80 selectscreen 12320 1 12320 0 30x80 selectscreen 6566 1 6566 0 30x80 selectscreen 17720 1 17720 0 30x80 selectscreen 20349 31546 20349 0 30x80 poll syslog-ng 31546 1 13174 0 30x80 wait syslog-ng 22116 1 22116 99 30x80 poll sndiod 12536 1 12536 0 30x80 selectinetd 21142 13495 13495507 30x80 kqread
strange lockups
Hi, I have a few OpenBSD boxes, including two firewalls at my house that I just upgraded to 5.1. Unfortunately post-upgrade I seem to have triggered some unusual condition with them where they go completely unresponsive (network/console don't respond at all). Keyboard lights do continue to work and i'm able to enter ddb with the ctrl-alt-esq sequence. Sadly, I'm not so versed in kernel debugging, and OpenBSD kernel debugging even less so, if I had a panic backtrace or similar I could get somewhere but as-is, i'm somewhat lost for what information I need to make a good bug report (I think its a bug). I'm obviously being very nebulous with this email, I apologize for that. Hopefully someone can point me in the right direction so I can gather the required information to make a proper investigation and bug report, if warranted. The short and highly incomplete version of the issue i'm seeing is that some network commands (even as simple as ifconfig x up -- or down/up) trigger the hang. I'm fairly confident i'm not dealing with a hardware problem as I have two different boxes that I can cause this on. Thanks in advance for any information you can offer to help, -Adam
Re: strange lockups
On 05/10/12 04:24, JC)rC)mie CourrC(ges-Anglas wrote: Please see http://www.openbsd.org/faq/faq2.html and http://www.openbsd.org/report.html Regards. Hi, Thanks for that. So i'm basically looking for ps/registers since I don't have any panic message? I was able to get that far, but it did not seem that that would be enough useful information to diagnose the issue. I'll gather the information tonight. -Adam
Re: strange lockups
On 5/10/12 4:24 AM, JC)rC)mie CourrC(ges-Anglas wrote: Please see http://www.openbsd.org/faq/faq2.html and http://www.openbsd.org/report.html Regards. Hi, I did do a sendbug, but i'm not sure if gnats@ goes anywhere (seems query-pr page is broken?). In any event, this is the ddb output of ps/show registers. I'm fairly reliably able to reproduce this, if there is any more information I can gather, let me know. -=[~]=- -=[Thu May 10]=- -=[21:30:46]=- [root@charon]# ifconfig em2 up -=[~]=- -=[Thu May 10]=- -=[21:30:49]=- [root@charon]# uptime 9:30PM up 2 mins, 1 user, load averages: 1.38, 0.50, 0.19 -=[~]=- -=[Thu May 10]=- -=[21:30:52]=- [root@charon]# ifconfig em3 up ^EB^EStopped at Debugger+0x5: leave ddb show panic the kernel did not panic ddb ps PID PPID PGRPUID S FLAGS WAIT COMMAND *31458 2782 31458 0 7 0ifconfig 2782 1 2782 0 30x80 wait bash 9835 1 9835 0 30x80 ttyin getty 28249 1 28249 0 30x80 ttyin getty 1429 1 1429 0 30x80 ttyin getty 12859 1 12859 0 30x80 ttyin getty 15689 1 15689 0 30x80 ttyin getty 21720 1 21720 0 30x80 selectcron 22103 15791 15791 0 30x80 nanosleep perl 15791 1 15791 0 30x80 poll collectd 17486 1711 1711 77 30x80 poll dhcpd 32181 15104 27517 90 30x80 kqreadospf6d 22133 15104 27517 90 30x80 kqreadospf6d 4380 27517 27517 0 30x80 piperdtee 15104 27517 27517 0 20x80ospf6d 27517 11636 27517 0 30x88 pause sh 7865 22621 4001 83 30x80 poll ntpd 22621 4001 4001 83 30x80 poll ntpd 11636 1 11636 0 30x80 selectscreen 1711 22145 1711 77 30x80 poll dhcpd 4001 26301 4001 0 30x80 poll ntpd 22145 1 22145 0 30x80 selectscreen 20753 11069 20753 0 30x80 netconphp 11069 1 11069 0 30x80 selectscreen 26301 1 26301 0 30x80 selectscreen 23181 1 23181556 30x80 selectnrpe 13812 30502 30502 91 20x80snmpd 30502 23345 30502 0 30x80 kqreadsnmpd 24114 6566 24114 0 30x80 nanosleep php 24896 12320 24896 0 30x80 nanosleep php 30324 26717 30324 0 30x80 nanosleep php 23345 1 23345 0 30x80 selectscreen 2939 17720 2939 0 30x80 nanosleep php 26717 1 26717 0 30x80 selectscreen 12320 1 12320 0 30x80 selectscreen 6566 1 6566 0 30x80 selectscreen 17720 1 17720 0 30x80 selectscreen 20349 31546 20349 0 30x80 poll syslog-ng 31546 1 13174 0 30x80 wait syslog-ng 22116 1 22116 99 30x80 poll sndiod 12536 1 12536 0 30x80 selectinetd 21142 13495 13495507 30x80 kqreadqmgr 16697 13495 13495507 30x80 kqreadpickup 13495 1 13495 0 30x80 kqreadmaster 17383 15889 15889 75 30x80 poll bgpd 2491 15889 15889 75 30x80 poll bgpd 15889 1 15889 0 20x80bgpd 30554 15678 15678 90 30x80 kqreadospf6d 19811 15678 15678 90 30x80 kqreadospf6d 15678 1 15678 0 20x80ospf6d 29524 1 29524 0 30x80 selectsshd 26501 5231 5231 70 30x80 selectnamed 5231 1 5231 0 30x80 netio named 21867 29781 29781 74 30x80 bpf pflogd 29781 1 29781 0 30x80 netio pflogd 9811 2867 2867 73 30x80 poll syslogd 2867 1 2867 0 30x80 netio syslogd 11 0 0 0 30x100200 aiodoned aiodoned 10 0 0 0 30x100200 syncerupdate 9 0 0 0 30x100200 cleaner cleaner 8 0 0 0 30x100200 reaperreaper 7 0 0 0 30x100200 pgdaemon pagedaemon 6 0 0 0 30x100200 bored crypto 5 0 0 0 30x100200 pftm pfpurge 4 0 0
Re: using lynx to manage router
On May 22, 2008, at 4:09 PM, Default User wrote: On Wed, 2008-05-21 at 00:36 +0200, ropers wrote: s/EMCAScript/ECMAScript 2008/5/21 ropers [EMAIL PROTECTED]: 2008/5/20 Default User [EMAIL PROTECTED]: Hello! I would like to use lynx to manage my local small lan router. I can manage a broadband modem that way. But the router webpage expects to be managed by a graphical browser, so the initial control webpage just shows up as unintelligible garbage. Since I run command line only, I do not want to activate X, install a graphical browser, and run X, with all the overhead and security issues, just to manage a simple router. Is there another way text-only way to accomplish this (ie, ssh etc.)? Thanks for any advice. Since you apparently *require* a text-only browser, have you tried these: ELinks Links w3m Wikipedia also lists edbrowse, but it doesn't appear to be in ports, so YMMV trying to get it to work on OpenBSD. If you *don't* really *require* a text-only/console browser, ie. if there is e.g. a chance to enable SSH on your modem (some of these run Linux...), then you'll have to give more details. Another solution that I could think of might be to use curl/wget to fetch the pages you want, and then to write a program/shell script to transmogrify the page to something you can use. Of course, in the extreme this might require partially implementing an EMCAScript interpreter -- assuming that that's what's really missing; not being able to see the colourful images should not be much of an issue, but most text-based browsers not grokking EMCAScript probably would be. Hope this helps, --ropers Thanks for the suggestions, but no luck. Unfortunately, none of the text browsers I tried (lynx, links, elinks, links+, w3m) worked. The router's internal webpage is !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 TANSITIONAL//EN. It seems to require javascript (ECMAscript), which may well be the problem. SSH to port 22 does not work (it just times out), and telnet replies connection refused. I am not up to compiling external applications; I try to stick with what's in the OpenBSD packages collection. And of course, the manufacturer's website was absolutely clueless. So, it seems that I can either: 1) just manage the router from another computer with another OS. 2) activate X on the OpenBSD computer and install a graphical browser. If I choose option #2, what what graphical browser would have the least overhead, and above all, do the least damage to my security? I know it's not OpenBSD's fault that the router's control webpage requires javascript, but I am surprised that there doesn't seem to be a simpler, less insecure alternative. Oh, well - so much for security . . . 3) Stop using closed crappy proprietary routers? You obviously have the acumen to install and use openbsd. Why not use OpenBSD as your gateway machine? for mild to moderate connections one of the cheap soekris running on a compact flash card works fantastically IMO. -Adam
Re: using lynx to manage router
On May 22, 2008, at 8:44 PM, Ted Unangst wrote: On 5/22/08, Default User [EMAIL PROTECTED] wrote: If I choose option #2, what what graphical browser would have the least overhead, and above all, do the least damage to my security? I know it's not OpenBSD's fault that the router's control webpage requires javascript, but I am surprised that there doesn't seem to be a simpler, less insecure alternative. Oh, well - so much for security . . . You are expecting your router to attack your browser? I think you need a new router. More like insecure javascripting leading to XSS attacks? Not something that can't occur sans javascript, but making the entire interface javascriptish definitely complicates things. Plus, it's internal only, so why does the web interface need secure handling? -Adam
Re: glxsb?
On May 22, 2008, at 9:27 PM, K K wrote: On Tue, May 20, 2008 at 4:34 PM, Paul de Weerd [EMAIL PROTECTED] wrote: glxsb (4/i386) - Geode LX Security Block crypto accelerator In other words, there's onboard crypto support in these machines that is supported in OpenBSD. You may not need a separate accelerator. Thanks for the reminder, I forgot the (slightly more expensive) Net5501 had this chip :) Does this just automagically accelerate anything using entropy or AES? Is there any way to temporarily disable acceleration to run benchmarks? Thanks, Kevin I was under the impression that kern.usercrypto did this. it seems to have a negligible affect on my net5501 I do have a glxsb -=[~]=- -=[Thu May 22]=- -=[21:58:20]=- [EMAIL PROTECTED] (set -ex;sysctl kern.usercrypto=1;openssl speed -evp aes-256-cbc;sysctl kern.usercrypto=0;openssl speed -evp aes-256-cbc) + sysctl kern.usercrypto=1 kern.usercrypto: 1 - 1 + openssl speed -evp aes-256-cbc To get the most accurate results, try to run this program when this computer is idle. Doing aes-256-cbc for 3s on 16 size blocks: 721327 aes-256-cbc's in 2.71s Doing aes-256-cbc for 3s on 64 size blocks: 216391 aes-256-cbc's in 2.91s Doing aes-256-cbc for 3s on 256 size blocks: 54838 aes-256-cbc's in 2.85s Doing aes-256-cbc for 3s on 1024 size blocks: 13739 aes-256-cbc's in 2.86s Doing aes-256-cbc for 3s on 8192 size blocks: 1722 aes-256-cbc's in 2.94s OpenSSL 0.9.7j 04 May 2006 built on: date not available options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: information not available available timing options: USE_TOD HZ=100 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-cbc 4257.29k 4765.26k 4923.10k 4920.21k 4802.25k + sysctl kern.usercrypto=0 kern.usercrypto: 1 - 0 + openssl speed -evp aes-256-cbc To get the most accurate results, try to run this program when this computer is idle. Doing aes-256-cbc for 3s on 16 size blocks: 758660 aes-256-cbc's in 2.84s Doing aes-256-cbc for 3s on 64 size blocks: 212083 aes-256-cbc's in 2.84s Doing aes-256-cbc for 3s on 256 size blocks: 55383 aes-256-cbc's in 2.87s Doing aes-256-cbc for 3s on 1024 size blocks: 13931 aes-256-cbc's in 2.88s Doing aes-256-cbc for 3s on 8192 size blocks: 1749 aes-256-cbc's in 2.88s OpenSSL 0.9.7j 04 May 2006 built on: date not available options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: information not available available timing options: USE_TOD HZ=100 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-cbc 4268.50k 4773.03k 4944.93k 4961.86k 4970.08k -=[~]=- -=[Thu May 22]=- -=[21:59:29]=- [EMAIL PROTECTED] grep glxsb /var/run/dmesg.boot glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
Re: Is NV supposed to be SLOW?
On May 3, 2008, at 4:47 PM, Nenhum_de_Nos wrote: On Sat, May 3, 2008 at 4:18 PM, Marco Peereboom [EMAIL PROTECTED] wrote: Yes. NVIDIA refuses to make a useful open source driver. It is barely functional and it generally sucks really really bad. Stay away from NVIDIA when doing open source. by any means this is criticism, just for information only. so, for open source should I look for what in graphics subject ? I had bad time using ATi some time ago so I bought nVidia. but there is no luck in running 64bits FreeBSD on it :( if you have any info on this please :) thanks, matheus -- We will call you cygnus, The God of balance you shall be To hijack this slightly, what would one consider the best video card to work with OSS? -Adam
Re: minimac on openbsd
On Apr 25, 2008, at 8:42 PM, Aaron Glenn wrote: On Sun, Mar 23, 2008 at 6:15 AM, sonjaya [EMAIL PROTECTED] wrote: Also default minimac is only 1 ethernet how to add another ethernet can support in minimac and openbsd. I'd find a low power switch capable of dot1q tagging and use the single ethernet port as a trunk port on the macmini. but if power is an issue adding another device is silly; get a soekris (or something cheaper) with multiple ethernet ports. aaron.glenn Curious if you have any hardware recommendations here? I have a specific need for one of these, it would be very useful. -Adam
Re: Netflow Reflector -or- Re-writing UDP packets using dup-to
It is not my understanding that dup-to rewrites the source address of the packet. It should serve your needs, well. -Adam On Apr 6, 2008, at 11:47 PM, Eric Pancer wrote: We are taking netflow from various Cisco devices throughout our enterprise to argus-3.0 running on OpenBSD 4.2. Unfortunately we've also got some Cisco products in our environment that require us to have netflow sent to more than 2 versions, which means we need a netflow reflector built. I understand the dup-to syntax in pf.conf(5) but it may not meet the requirements for the reason that we wish not to re-write the source IP address (as our netflow aggregation depends on the source address of those packets). Has anyone ever crafted a UDP reflector which could re-write the destination address while keeping the source address intact? If you have done it using pf(4), were there any hurdles that you had to jump through to get things working? Thanks in advance, - Eric -- ``...don't you know, black is this years pink.''
Re: pop-before-smtp and spamd
NAT. -Adam On Feb 27, 2008, at 3:49 AM, Stefan Wollny wrote: Adam, could you please point to where to find more information on why pop- before-smtp is highly insecure? Or provide here a little bit of background information? It would be really appreciated. Thank you! -STEFAN -Urspr|ngliche Nachricht- Von: Adam Jacob Muller [EMAIL PROTECTED] Gesendet: 27.02.08 05:57:42 An: Juan Miscaro [EMAIL PROTECTED] CC: Cameron Schaus [EMAIL PROTECTED], misc@openbsd.org Betreff: Re: pop-before-smtp and spamd pop-before-smtp is highly insecure. Use SMTP auth. -Adam On Feb 26, 2008, at 6:33 PM, Juan Miscaro wrote: --- Cameron Schaus [EMAIL PROTECTED] wrote: Juan Miscaro wrote: Are there standard solutions for dealing with the obvious collision between pop-before-smtp and spamd (in greylisting mode)? I know many will say to use SMTP AUTH but right now I want to try to get my current setup to work. My first idea was to hack the pop-before-smtp Perl script to have the thing (daemon) add connecting/authenticating sender IPs to a pf whitelist table. I'm running OpenBSD 4.2 (stable) with Postfix 2.5. Why not use port 587 to send mail, instead of port 25, and only allow SMTP Auth from this port. Right now I'm talking about using pop-before-smtp. /juan Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/ -- Mit freundlichen Gr|_en, STEFAN WOLLNY --- Regulatory Reporting Consultancy Tel.: +49 (0) 177 655 7875 Mail: [EMAIL PROTECTED]
Re: pop-before-smtp and spamd
pop-before-smtp is highly insecure. Use SMTP auth. -Adam On Feb 26, 2008, at 6:33 PM, Juan Miscaro wrote: --- Cameron Schaus [EMAIL PROTECTED] wrote: Juan Miscaro wrote: Are there standard solutions for dealing with the obvious collision between pop-before-smtp and spamd (in greylisting mode)? I know many will say to use SMTP AUTH but right now I want to try to get my current setup to work. My first idea was to hack the pop-before-smtp Perl script to have the thing (daemon) add connecting/authenticating sender IPs to a pf whitelist table. I'm running OpenBSD 4.2 (stable) with Postfix 2.5. Why not use port 587 to send mail, instead of port 25, and only allow SMTP Auth from this port. Right now I'm talking about using pop-before-smtp. /juan Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
