Filtering other network layer protocols with PF
Hi, I have an AT fiber connection at home that relies on a crappy, proprietary, and insecure [1] router that does proprietary authentication with upstream equipment via EAP over 802.1x. Some folks have figured out how to bypass it by putting the AT router behind their actual firewalls and proxying the 802.1x packets to/from the AT device, thus faking out the upstream gateway. Unfortunately, the common solution [2] for this is Linux-specific and relies on their PF_RING stuff. I was hoping to proxy this protocol in OpenBSD without having to use something slow like pcap. As far as I can tell from reading man pages, PF does not support this network layer protocol (0x888E). Does anybody have any ideas on how I might efficiently capture these packets and copy them to another interface? Chris [1] https://www.nomotion.net/blog/sharknatto/ [2] https://github.com/jaysoffian/eap_proxy
Re: PPPoE / isakmpd race
On Wed, Feb 17, 2016 at 1:38 AM, Stuart Hendersonwrote: > > A more generic (but more complicated) approach would be to use ifstated > to wait until the interface is up before running isakmpd. Stu, Thanks a bunch for this suggestion. This turned out to be the ticket! It works like a champ. For anyone who may stumble upon this in the mail archive, looking for a solution, here's what works for me: First, remove isakmpd_flags=<...> from your /etc/rc.conf.local. We want ifstated(8) to start isakmpd(8), not rc(8) directly. Next, add this to your rc.conf.local to start ifstated: ifstated_flags="" Finally, create an /etc/ifstated.conf. Mine is simple. It looks for "status: active" in the ifconfig output, and it pings a router two hops up from me that should always be online: init-state pppoe_status pppoe_check = '( "ifconfig pppoe0 | grep \"status: active\" && ping -q -c 1 -w 2 NNN.NNN.NNN.NNN > /dev/null" every 10)' # Check to see if we're online. state pppoe_status { if $pppoe_check { set-state pppoe_online } if ! $pppoe_check { set-state pppoe_offline } } state pppoe_online { init { run "ifconfig pppoe0 | mail -s 'PPPoE is UP' root@localhost" run "pkill isakmpd; sleep 2; isakmpd -K; sleep 1; ipsecctl -f /etc/ipsec.conf" } if ! $pppoe_check { set-state pppoe_offline } } state pppoe_offline { init { run "ifconfig pppoe0 | mail -s 'PPPoE is down' root@localhost" } if $pppoe_check { set-state pppoe_online } }
Re: PPPoE / isakmpd race
Yes, the Listen-on is static. Unfortunately, changing the 0.0.0.0 in hostname.pppoe0 breaks PPPoE. I think I could work around this in netstart by simply sleeping until the link comes up (or a pre-defined timer elapses) but I'm struggling to come up with a more generic approach. There might be more than one PPPoE interface and more than one tunnel/PPP dependency that needs to be accounted for. Perhaps another approach is to rework netstart to block up to [configurable] seconds after bringing up any PPPoE connection before continuing. This could default to no blocking but a maximum block period could be defined in rc.conf.local for those who have PPPoE dependencies. Chris On Tue, Feb 16, 2016 at 7:46 AM, Stuart Hendersonwrote: > Is the address in "Listen-on" a static address for this connection? > > If so, you should be able to use it directly in hostname.pppoe0 > instead of 0.0.0.0, and that might well solve this.
PPPoE / isakmpd race
Hi, I recently set up a site-to-site IPsec VPN on an OpenBSD firewall/router that connects to the public Internet via PPPoE. I've noticed that the VPN does not come up properly upon system boot because of what appears to be a race condition between the PPPoE connection and isakmpd start. I say "race" but it's really a race that isakmpd always wins. When isakmpd starts up, I see this in the logs: Feb 14 23:42:24 sainthelena isakmpd[27969]: udp_create: no matching listener found Feb 14 23:42:24 sainthelena isakmpd[27969]: exchange_establish: transport "udp" for peer "peer-XX.XXX.XX.X" could not be created If I kill isakmpd and start it again manually, then run 'ipsecctl -f /etc/ipsec.conf', the VPN comes up and functions correctly. I am still very new to IPSec and PPPoE under OpenBSD but I suspect that the failure is happening because the external interface (pppoe0) does not yet have a PPP session established and has no IP to bind to. I've tried removing isakmpd_flags from rc.conf.local and starting isakmpd via a ! command in /etc/hostname.pppoe0 but that didn't seem to work--same results. I suspect this is because ifconfig does not block when the PPP connection is first set up and the isakmpd is executing prematurely. I'm curious if anybody has any work-arounds or if this is something that should be formally reported to bugs@. -- My /etc/ipsec.conf, sanitized: ike dynamic esp from { 10.50.0.0/24 } to { 10.20.0.0/22 10.40.0.0/24 10.240.0.0/22 10.176.0.0/12 \ 10.239.0.0/22 10.208.0.0/12 10.21.0.0/22 172.24.96.0/22 \ 10.30.0.0/20 10.70.0.0/24 10.80.0.0/22 172.20.0.0/22 } \ peer XXX..com \ main auth hmac-sha1 enc aes-256 group modp1024 lifetime 8h \ quick auth hmac-sha1 enc aes-256 group none lifetime 1h \ srcid AA.AAA.AAA dstid XX.XXX.XX.X psk "SECRET_HERE" -- My /etc/hostname.pppoe0, sanitized: inet 0.0.0.0 255.255.255.255 NONE \ pppoedev vlan0 authproto pap \ authname 'XXX@' authkey 'SECRET_HERE' up dest 0.0.0.1 !/sbin/route add default -ifp pppoe0 0.0.0.1 -- My /etc/rc.conf.local: dhcpd_flags=em1 em2 pf=YES isakmpd_flags="-K" ipsec=YES -- My /etc/isakmpd/isakmpd.conf: NOTE: I've tried using the interface name here (pppoe0) in lieu of my IP address. I've also removed this file entirely. All variants produce the same results [General] Listen-on=63.226.194.238 -- dmesg: OpenBSD 5.9 (GENERIC.MP) #1870: Mon Feb 8 17:34:23 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2130640896 (2031MB) avail mem = 2061930496 (1966MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (364 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 07/30/2013 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) S10F(S3) S11F(S3) S12F(S3) S13F(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz, 1999.98 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,HV,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 65MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz, 2000.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,HV,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz, 1999.98 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,HV,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Xeon(R) CPU E5-2620 0 @
AX.25
It's been a few years since anybody has asked this. Is anybody working on an AX.25 implementation for OpenBSD? Just passed my Extra exam and would like to start doing some packet radio soon. Would love to put OpenBSD 23km up like this guy did with Linux: http://vpizza.org/~jmeehan/balloon/ Chris KE7OVL
Re: OpenBSD - High Performance 1u box
Sun X2200 with Intel PCI-e NIC(s) works great here. Buy two and use CARP for redundancy. Chris On 6/10/07, Pui Edylie [EMAIL PROTECTED] wrote: Good Day, I am building a 1u box for OpenBGP with PF. Any hardware recommendation so it can achieved the best throughput/performance? Thank you -e
Re: Sun Fire X2100, GigaBit Fiber?
Check out the Intel PRO/1000 PF. While it's not mentioned as supported in amd64, many of its brethren are. It might be worth a try. http://www.intel.com/network/connectivity/products/pro1000pf_dualport_server_adapter.htm Chris On 2/7/07, Steven Xiao [EMAIL PROTECTED] wrote: Hi, I really want to use one of those Sun Fire X2100, X2100 M2 or X2200 to build a firewall for my network. But my problem is that my network is a fiber connection running Gigabit. It seems that all these boxes have only PCI-E X8 slot(s) for fiber network card(s). My questions are: 1) Sun also sells a fiber gigabit card with X2100 ... (Sun Dual Gigabit Ethernet PCI-E MMF Adapter). But this card is not supported in OpenBSD 4.0. Am I right? Is there a plan to support it in the near futher? 2) If I get a M2 box, say, X2100 M2 with two PCI-E X8 slots and get two PCI-E fiber network cards, say, HP NC373F PCI Express Multifunction Gigabit server adapter (1000baseSX) which is supported per openbsd document. Would that work? Thanks for any inputs. Steven
OpenBSD under Parallels Desktop
Hi, Has anybody been able to run OpenBSD 4.0 or newer under Parallels Desktop? Booting the 3.9 media works just fine and I am able to install the OS. Booting 4.0 (or newer snapshots) media results in a lock-up of the VM at the (I)nstall/(U)pgrade prompt. I'd post a dmesg(1) but I'm unable to select text in the VM. I'm running the latest build (3120) of Parallels Desktop under Mac OS X 10.4.8. The next thing to try is an manual upgrade by CVS source to -CURRENT, I suppose... Chris
Re: OpenBSD under Parallels Desktop
On 1/26/07, Peter Valchev [EMAIL PROTECTED] wrote: Indeed, this was caused by the pckbd diff referred to in the other email, which was built in the snapshots you tried. As of today's snapshot, it includes a newer iteration of this diff, which should fix the problem. Thanks, Peter. That fixed the problem nicely. I'm now installing today's snapshot under Parallels on my Mac. I'm absolutely amazed at how fast OpenBSD runs under this VM. Very exciting! Chris
Re: Which crypto card for Soekris 4801?
On 1/15/07, Heinrich Rebehn [EMAIL PROTECTED] wrote: Hi all, which crypto cards actually work in a soekris 4801 under OpenBSD? You're going to have a hard time finding supported Mini-PCI cards, other than the HiFn stuff. Instead, check out the Commel motherboards: http://www.commell-sys.com/Product/SBC/ITX-662.HTM This one has the C3 chip which is listed as supported here: http://www.openbsd.org/crypto.html#hardware If it's performance that you're after, you're going to have a struggle with that Soekris. Chris
Re: Thinkpad Fingerprint Sensors
Sorry for the thread revival but this looks interesting. These guys claim to have a GPL'ed driver for the fingerprint reader: http://sourceforge.net/projects/thinkfinger Chris On 12/13/06, Chris Kuethe [EMAIL PROTECTED] wrote: On 12/13/06, Marc Balmer [EMAIL PROTECTED] wrote: * Michael wrote: Hi, will there be any support for the fingerprint sensor on the newer Thinkpads (anytime soon)? Linux: http://toe.ch/~tsa/ibm-fingerprint/ http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader http://www.qrivy.net/~michael/blua/ Vendor SDKs: Linux: http://www.upek.com/support/dl_linux_bsp.asp FreeBSD: http://www.upek.com/support/dl_freeBSD_bsp.asp These are binary only (BLOB) drivers w/o source code. If you can find source code that would be better. With the current state of affairs (no source code, only BLOB) you will never get support for this device in OpenBSD . If you're still curious though, there is a fairly stagnant project at sourceforge that might offer some insight into what you're asking for - fvs.sourceforge.net. Sometimes you can find the sensor docs - like for authentec - but many times there are very significant errors (like with authentec). I started hacking on an authentec driver some years ago. I was getting data back from the sensor but then I stopped caring. UPEK and DigitalPersona seemed quite unwilling to release enough register documentation to make an open, multiplatform driver a worthwhile pursuit - even if you did buy the SDK. They're free to build closed, windows-only software, and you're free to ignore them. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
State table not recovering on CARP backup machine
Hi All, We saw a strange issue today with two of our CARP'ed firewalls. At two different points in the afternoon, the state table suddenly jumped from it's normal level of around 30,000 entries to the limit of 200,000 entries. As expected, no new states could be created. We drove to our datacenter, logged into to the primary machine and flushed the state table. Strangely, the output from pfctl was something like Cleared 26 state entries or some similarly small number. At this point, the state count creeped back up to its normal level of around 30k entries. Our network went back to normal and we drove back to the office. I bumped the state limit up on our CARP master to 60 and then attempted to copy the pf.conf to the CARP backup server. The scp timed out. I haven't yet made it back to the datacenter but my guess is that the state table is still full on that machine. This is really strange. Wouldn't pfsync clear out the state tables on the backup host when the primary host was cleared with 'pfctl -F state'? Has anybody experienced sudden surges of state entries like this? Denial of service attack perhaps? Also, I just noticed some strange entries in /var/log/messages: Jan 15 15:57:15 fw-01 /bsd: carp666: ip_output failed: 65 Jan 15 15:57:15 fw-01 /bsd: carp667: ip_output failed: 65 Jan 15 15:57:15 fw-01 /bsd: carp668: ip_output failed: 65 Jan 15 15:57:15 fw-01 /bsd: carp669: ip_output failed: 65 Googling didn't yield anything interesting (beyond CARP source code) for this error. Does anybody have any ideas? Chris OpenBSD 4.0-current (GENERIC) #744: Fri Nov 10 16:16:08 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 3757633536 (3669564K) avail mem = 3223883776 (3148324K) using 22937 buffers containing 375971840 bytes (367160K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfcfe0 (52 entries) bios0: Sun Microsystems Sun Fire X2200 M2 ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca2/2 spacing 1 cpu0 at mainbus0: (uniprocessor) cpu0: Dual-Core AMD Opteron(tm) Processor 2214, 2211.65 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 NVIDIA MCP55 Memory rev 0xa2 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 NVIDIA MCP55 ISA rev 0xa3 nviic0 at pci0 dev 1 function 1 NVIDIA MCP55 SMBus rev 0xa3 iic0 at nviic0: disabled to avoid ipmi0 interactions iic1 at nviic0: disabled to avoid ipmi0 interactions ohci0 at pci0 dev 2 function 0 NVIDIA MCP55 USB rev 0xa1: irq 15, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 10 ports with 10 removable, self powered ehci0 at pci0 dev 2 function 1 NVIDIA MCP55 USB rev 0xa2: irq 7 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1 uhub1: 10 ports with 10 removable, self powered pciide0 at pci0 dev 4 function 0 NVIDIA MCP55 IDE rev 0xa1: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 5 function 0 NVIDIA MCP55 SATA rev 0xa3: DMA pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: HDT722525DLA380 wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide1 channel 1 drive 0: HDT722525DLA380 wd1: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 ppb0 at pci0 dev 6 function 0 NVIDIA MCP55 PCI-PCI rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ASPEED Technology AST2000 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) nfe0 at pci0 dev 8 function 0 NVIDIA MCP55 LAN rev 0xa3: irq 11, address 00:16:36:76:43:f7 eephy0 at nfe0 phy 2: Marvell 88E1149 Gigabit PHY, rev. 1 nfe1 at pci0 dev 9 function 0 NVIDIA MCP55 LAN rev 0xa3: irq 5, address 00:16:36:76:43:f8 eephy1 at nfe1 phy 3: Marvell 88E1149 Gigabit PHY, rev. 1 ppb1 at pci0 dev 10 function 0 NVIDIA MCP55 PCIE rev 0xa3 pci2 at ppb1 bus 2 ppb2 at pci0 dev 11 function 0 NVIDIA MCP55 PCIE rev 0xa3 pci3 at ppb2 bus 3 ppb3 at pci0 dev 12 function 0 NVIDIA MCP55 PCIE rev 0xa3 pci4 at ppb3 bus 4 ppb4 at pci0 dev 13 function 0 NVIDIA MCP55 PCIE rev 0xa3 pci5 at ppb4 bus 5 ppb5 at pci5 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xb5 pci6 at ppb5 bus 6 bge0 at pci6 dev 4 function 0 Broadcom BCM5715 rev 0xa3, BCM5715 A3 (0x9003): irq 15, address 00:16:36:76:43:f5 brgphy0 at bge0
Re: OT Was: Wanted: OpenBSD Systems Administrator
On 1/3/07, Kenny Mann [EMAIL PROTECTED] wrote: His response was a bit rude, however at least the courtesy was made to attempt a reading on the rules page. He made the best decision he could given the information he had. Hi All, I apologize if my posting offended anyone. That really was not my intent. I *do* read this list regularly, attend OpenBSD-related conferences, send e-mail to hardware manufacturers, etc. I assure you, I'm not some headhunter drone, just another sysadmin like most of you. Regarding the questionaire, I hear your objections and will not be including this on future job postings elsewhere. The quiz is lame, yes, I agree. We've had problems in the past with hires who looked great on paper and even interviews but could not come up with a simple solution to a simple problem to save their asses. The quiz was an attempt to weed out slackers, Unabomber types, and others who could not cut the mustard in a business environment. So, I'll leave it at that and get back to OpenBSD-specific discussion as usual. Chris
Wanted: OpenBSD Systems Administrator
Hi Folks, I hope you will excuse the commercial nature of this post; I figured that this is the best place to find what we are looking for. Backcountry.com is seeking an OpenBSD and Linux systems administrator to join its Systems and Networks Engineering team. Qualified applicants will have solid experience configuring and maintaining OpenBSD- and Linux-based servers in a production environment. We're a close-knit group, so a positive, cooperative attitude and the ability to function as part of a team are extremely important. Requirements: * Configuring and maintaining OpenBSD and Linux in a 24/7/365 production environment * Solid UNIX systems and network security fundamentals * Excellent understanding of the OSI seven layer model and TCP/IP networking * Experience working with hardware and software RAID devices * Stateful packet filtering with pf and iptables * Configuration and tuning of Apache and PostgreSQL * Datacenter operations (cabling, racking, organizing) Additional Preferred Skills: * CARP, pfsync, VLANs, and trunking * Configuration of layer 3 managed switches, eg. Foundry FastIron * Configuration of layer 4-7 application switches, eg. Foundry ServerIron * Asterisk PBX; * GFS or other distributed file system technologies; Considerations: This position is based in Park City, Utah and is full-time and benefits eligible. Benefits include paid time off, paid holidays, floating holidays, subsidized medical insurance, voluntary coverage (dental, short-term disability, supplemental accident), 401K, annual profit sharing, employee gear discount, employee referral program, flexible hours, casual dress, discounted season passes, and transferable day ski passes. To Apply: Send resume, salary history, and answers to the following screening questions to [EMAIL PROTECTED] with Systems Administrator in the subject line. Screening Questions: 1. Based on the following statements (props to Lewis Carroll), answer the following questions: a. What can you logically conclude from these statements? b. Explain how you came to this conclusion (bonus points for using symbolic logic). The statements: * No birds, except ostriches, are 9 feet high. * There are no birds in this aviary that belong to anyone but me. * No ostrich lives on mince pies. * I have no birds less than 9 feet high. 2. Describe some differences between OpenBSD's and Linux's init(8). 3. Design a scalable e-mail architecture to support 1,000 users and 2MM+ incoming and 200,000 outgoing e-mails/day. You may be as brief or as verbose as you like. Architectural drawings, server, network, and software specs are encouraged but not required. 4. Your home network has a single pf-based firewall machine between your internal LAN and the general internet. The firewall machine has two network interfaces: external (sk0) and internal (sk1). This firewall takes a default-deny stance to *ALL* network traffic. You have a machine on your internal LAN, puffy, that wants to talk to www.backcountry.com on TCP ports 80 and 443. Given the following pf macros, write the appropriate rule(s) that will allow puffy to surf www.backcountry.com: external_if=sk0 internal_if=sk1 puffy_ip=10.0.0.67 backcountry_ip=166.70.146.69 5. What are your top three innate strengths that you don't even have to try at? 6. What is a genuine weakness that you strive to improve upon? (don't twist a positive into a negative) 7. What is your desired salary range? 8. Why do you want to work at Backcountry.com? We Are an Equal Opportunity Employer
Re: Wanted: OpenBSD Systems Administrator
And who appointed you list manager? My post was permitted based on my reading of the rules in http://www.openbsd.org/mail.html. Chrris On 1/2/07, Diana Eichert [EMAIL PROTECTED] wrote: Okay, enough is enough, no more employment want ad stuff. Funny how I can ignore the stupid lamer posts, but I find employment want ad posts deplorable enough to reply. go figure. diana
Re: nagios check_carp for OpenBSD carp(4)
On 12/15/06, Brian A. Seklecki [EMAIL PROTECTED] wrote: Thoughts? Strategies? Ideas? --- Ask the machine directly? Ask an adjacent machine? Joel Knight just released an updated OpenBSD SNMP MIB that supports reading data from the sensors framework. Perhaps he could be persuaded to add support for CARP state detection? :) Chris
Re: em(4) Intel PRO/1000PT Dual Port
On 8/17/06, Kyle George [EMAIL PROTECTED] wrote: Speaking of em(4), does the Intel PRO/1000PT dual-port PCIe card work on 3.9 i386? I can't speak for 3.9 i386 but it seems to work fine on amd64 late 3.9 and 4.0 snapshots.
More than 255 vhid's w/ CARP
Hi All, We're setting up some VLAN routers using a pair of machines. We have a bunch of VLANs and we're using CARP to provide redunancy. Currently, there is a carpNNN interface built on top of every vlanNNN interface, which are themselves built on the actual ethernet interface. We're using VLAN IDs as high as 1000. The CARP vhid's, however, can only go as high as 255 per ifconfig(8). Is there a way to increase this number to match the VLAN limit (4096, I believe)? Or, perhaps we're doing this wrong and we should be using the same vhid for every CARP interface? Can somebody enlighten me? thanks, Chris
Intel PRO/1000 PT
Hi, Is the Intel PRO/1000 PT still non-functional under our favorite OS? I searced around and found a message from Darrian Hale in late April that said he was having kernel panics with this NIC. Has anything changed? I have some Sun X2100s that I want to use as routers and the only missing bit is a good 2-port gigabit NIC that fits in the X2100's single PCI Express (8x) slot. thanks, Chris
Re: Laptop recommendations
I'm still looking for a laptop. Does anybody know of a laptop that will do at least 1600x___ resolution and have rudimentary power management (ie., I can pull the AC plug and the laptop does not lock up)? Chris On 5/29/06, Theo de Raadt [EMAIL PROTECTED] wrote: On 5/26/06, Christopher Snell [EMAIL PROTECTED] wrote: It seems like every major laptop manufacturer is locked into Intel CPU, graphics, WiFi, and sound and that there's no chance in hell that Intel will release specs on these. What is the future of laptop support for free Unicies? Will SpeedStep ever be reverse engineered? Are we forever doomed to barely-working laptops? umm, the graphics and sound for intel chipsets are completely documented. the correct way to use speedstep (est) is through acpi, which is also documented, even though we should now pretty much support every est cpu at least basically. the situation with wifi could be better, but if you download the firmware it works. you have either misappraised the situation, or your defintion of barely working is very different than most people's. Intel is changing their ways. They got seriously hurt by NVidia and ATI taking over the video market, while simultaneously AMD hurt them on the processor side. The real enemy today is Nvidia (and ATI). Intel is trying to release documentation and open up as fast as they can to stay in the market. It's almost pathetic, but yes, it is benefiting us (as it should, and thus, us running on their machines benefits them, as it should).
Re: Laptop recommendations
On 5/11/06, Chris Cappuccio [EMAIL PROTECTED] wrote: I always run across cheap/free/lying around dell laptops that work great. The sound works, the wireless might work, and suspend usually works. Right now I have a dell latitude c400, they're on ebay for $300, the thing weighs 2.5 pounds, it's very small. It's a bummer for folks like me who depend on corporate purchasing to get their laptops. I feel lucky that my employer will at least listen to my request to get Lenovo over Dell. eBay is not going to be an option for them. So, me and every other purchaser of new equipment is stuck with two options at the moment: 1) Buy an outdated laptop that can do 1024x768 (or similar) at best 2) Buy a modern laptop that can do 1440x900 but have no working power management and have to deal with a laptop that locks up when the power cord is unplugged. It seems like every major laptop manufacturer is locked into Intel CPU, graphics, WiFi, and sound and that there's no chance in hell that Intel will release specs on these. What is the future of laptop support for free Unicies? Will SpeedStep ever be reverse engineered? Are we forever doomed to barely-working laptops? I've never felt more motivated to write Intel and give them my corporate mouthful. Chris
Re: traffic shaping question.
On 5/23/06, S t i n g r a y [EMAIL PROTECTED] wrote: I want to do traffic shaping as per protocol basis so if i give a certian bandwith to HTTP protocole , isnt there any way i can diffrenciate between HTTP webpages HTTP downloads of huge .iso files ? Sure, set your HTTP daemon to listen on two ports (say, ports 80 and 81). Make the ISO images available through port 81 only and use traffic shaping to limit bandwidth from that port. Chris
Re: PHP vs Mason vs Ruby vs JSP/Tomcat
Can we please end this crappy, off-topic thread right now? Thank you. Chris
Intel 945GM + Dell Latitude D620 resolution woes
Hi All, I'm having a hell of a time trying to get this Dell Latitude D620 to run at 1440x900 resolution. Dimitry Andric's recent 945GM patches got me closer (no more Xorg BusID errors) but I still can't get 1440x900 going. I'm using the 915resolution port to patch BIOS mode 5a to 1440x900x24 but Xorg is still not seeing this as a valid resolution: (II) I810(0): Monitor0: Using hsync range of 28.00-72.00 kHz (II) I810(0): Monitor0: Using vrefresh range of 43.00-60.00 Hz (II) I810(0): Not using mode 1440x900 (no mode of this name) (--) I810(0): Virtual size is 1024x768 (pitch 1024) (**) I810(0): Built-in mode 1024x768 (**) I810(0): Built-in mode 800x600 (**) I810(0): Built-in mode 640x480 I'm patching in /etc/rc.securelevel like this: if [ -x /usr/local/sbin/915resolution ]; then echo 'Starting 915resolution...' /usr/local/sbin/915resolution 5a 1440 900 32 fi Running '915resolution -l' after patching (in single-user mode) does list 1440x900 at 8, 16, and 32bpp depths. Here are the relevant log and config files: http://saba.island.nu/openbsd/D620-dmesg.txt http://saba.island.nu/openbsd/Xorg.0.log.txt http://saba.island.nu/openbsd/xorg.conf.txt Thanks in advance for any advice that you all might provide. Chris
Re: Intel 945GM + Dell Latitude D620 resolution woes
On 5/22/06, Christopher Snell [EMAIL PROTECTED] wrote: I'm having a hell of a time trying to get this Dell Latitude D620 to run at 1440x900 resolution. Dimitry Andric's recent 945GM patches got me closer (no more Xorg BusID errors) [...] Doh. I researched Dell's site and noticed that two variants of the same model are sold: one has WXGA+ resolution (1440x900) and the other only has WXGA resolution (1280x800). I monkeyed around with 915resolution and my xorg.conf and was able to get it running in 1280x800 resolution. My employers are thrifty and it doesn't surprise me that they bought the cheaper version. If anybody needs working configs for this laptop, they can be found here: http://saba.island.nu/openbsd/latitude-d620/ Note, you'll need to run the latest 3.9 snapshot if you want X.org and your 3945G-based wifi to work. There are still some issues with this laptop. Noteably, shutdown(8) does not reboot nor power-off the machine properly. It hangs with the power on. I'll post more about this later. Chris
Dell Latitude D620 lock-ups
Hi, Well, now that I have the video issues resolved, I want to track down the source of the lock-ups that I am seeing while running this laptop and today's snapshot. Anything power-related (unplugging power cord, adjusting screen brightness, attempting to suspend, etc.) locks the laptop up cold. Attempting to reboot via 'shutdown -r' causes the OS to stop but does not reboot the machine. Similarly, 'shutdown -p' does not power down the machine. I'm also seeing lock-ups randomly as I work. I'm not a kernel developer but I am willing to work with anyone to resolve these issues. I'm comfortable patching and building kernels, testing, whatever. I see that there is apparently an OpenBSD developer here in Utah. I'd be happy to loan the laptop to him/her if they can fix these things. On the plus side, X.org is working nicely and Damien's wpi(4) driver is kicking ass. Thanks, Chris
OBDII, Anyone?
Hi All, Has anybody done any work to port Freediag (http://freediag.sourceforge.net/) to OpenBSD or to write similar ODBII software for our favorite OS? Googling did not yield anything useful. For those that don't already know, ODBII is the nifty hardware interface present in many automobiles manufactured since the mid-1990s, which allows you to read diagnostic and performance metrics from your car's computer systems. Interface dongles can be home built (http://www.planetfall.com/~jeff/obdii/) or purchased cheaply. Freediag reads its data over the serial port but is very Linux-specific at the moment. :( Chris