Re: WiFi BCM43224 not configured!
On Wed, Jun 17, 2015 at 4:48 AM, Jérémie Courrèges-Anglas j...@wxcvbn.org wrote: Stefan Sperling s...@stsp.name writes: On Wed, Jun 17, 2015 at 12:47:57PM +0200, Jérémie Courrèges-Anglas wrote: IIUC BCM43* nics could have been supported if development efforts hadn't been killed by licensing issues. I doubt there are developers who want to work on this anymore. You're probably referring to the b43 Linux driver story from years ago. Our bwi(4) has nothing to do with that. It was ported from DragonflyBSD. I was thinking about bcw(4). That was an interesting experience. I hope to never repeat it. -- Jon
Re: Crash cart console adapters compatible with OpenBSD?
On Thu, Jan 15, 2015 at 9:27 AM, Jon Simola jsim...@gmail.com wrote: You could try looking for a KVM over IP that supports VNC. To explain better, this would be in a private /30 network just so you can VNC from laptop to the KVM. -- Jon
Re: Crash cart console adapters compatible with OpenBSD?
On Thu, Jan 15, 2015 at 8:38 AM, Alan McKay alan.mc...@gmail.com wrote: Hey folks, I'm looking for something like this that I can plug into a network debugging laptop to get console access to servers in a rack. Ideally the laptop would run OpenBSD or in a pinch Linux. You could try looking for a KVM over IP that supports VNC. http://www.adder.com/products/categories/kvm-over-ip is one company I found doing a quick search. Absolutely no experience with them, not a recommendation, just an observation that such a thing exists. Also I'm scared to look for a price. -- Jon
Re: IP bridge was briefly working now is not, OpenBSD 4.8, amd64, bridge from PC wifi to Beagleboard
On Mon, Dec 20, 2010 at 3:20 PM, brett brett.ma...@gmail.com wrote: r...@beagleboard:~# route add default gw 192.168.10.12 netmask 255.255.255.0 dev usb0 Don't set a netmask on your default route. You're adding a route for 0.0.0.0/24. r...@beagleboard:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface default 192.168.10.12 255.255.255.0 UG0 00 usb0 192.168.10.0* 255.255.255.0 U 0 00 usb0 Shows up right there on the default line. A default route should have a Genmask of 0.0.0.0 (says so in the man page). All the IRB/CRB nonsense is just distracting. -- Jon
Re: Backup disk over USB good idea??
On Thu, Dec 17, 2009 at 9:31 AM, Mauro Rezzonico l...@ch23.org wrote: Joakim Aronius wrote: I added a big disk over USB which I use for backup (mounted on /backup). Well don't do that! Mount under /usr/backup, or /var/backup, or /tmp/backup or whatever! And/Or wrap the backup script with something that checks for the mount. Horrible shell script example: FSMOUNT=`mount | grep -c backup` if [ $FSMOUNT -ne 1 ]; then echo Backup partition not mounted, aborting exit 1 fi if [ $FSMOUNT -eq 1 ]; then echo Backup partition found, continuing fi Amusing results of disk unmounting itself during the backup left to the reader. -- Jon
Re: IBM 520KByte sector size scsi drives
On Thu, Sep 10, 2009 at 10:46 AM, Marco Peereboom sl...@peereboom.us wrote: I would love to get my hands on such a drive :-) EMC uses the same magic; they cram stuff in the additional 8 bytes. I inherited a couple of shelves from an old EMC setup, and ended up using Seagate's SeaTools Enterprise Edition to reformat them from 520 to 512 byte sectors. It looks like it can do 512, 520, 1024, or user defined bytes per block. If you actually want one, I've got some old 9GB 80pin Seagate Cheetahs I could convert, or I might even have one of the 36GB FibreChannel drives from the EMC shelf that wasn't converted. As an aside, I used a shelf with ten of the 36GB drives to see if they would be reasonably useful as a softraid set. Worked great, but the operating cost would have been about $200/year -- Jon
Re: Can't ping top-level public IP subnets
On Tue, Feb 3, 2009 at 3:56 PM, Vivek Ayer vivek.a...@gmail.com wrote: Since I'm in control of a public IP, I'm supposed to set the netmask for the ext_if on my openbsd router to 255.255.0.0 not 255.255.255.0. Would that solve the mysterious ping problem? Actually a not-mysterious routing problem. The entity that assigned you the IP address would have also provided you with an IP, a netmask and a gateway IP, possibly DNS servers as well. You would have to check with them (commonly one of network admin, DHCP server, or ISP). -- Jon
Re: ospf unexpectedly changing to EXSTA
On Fri, Aug 8, 2008 at 2:17 AM, clifford bailey [EMAIL PROTECTED] wrote: Finally my ospf config: hello-interval 1 router-dead-time 2 Those timings might be a little agressive for VMs to handle, as missing a single hello could cause all sorts of excitement with the default SPF timer values. -- Jon
Re: QLogic 2200 with Sun T3 FC Raid and OpenBSD
On 7/30/08, Khalid Schofield [EMAIL PROTECTED] wrote: Any luck with QLA2200's and OpenBSD? I ran one as an experiment for a while, using an old EMC shelf full of 36GB drives. Similar story, trying to boot with the array attached would stop while trying to probe the drives. Had to use the Seagate drive utilities (Seatools Enterprise) to reformat the drives with 512byte sectors instead of 528byte. Then everything worked great. -- Jon
Re: Is there a badblocks-equivalent for OpenBSD?
On 4/18/08, ropers [EMAIL PROTECTED] wrote: Sometimes I find myself in need of a disk checking utility that can check both disks with known *and unknown* filesystems, and/or that can check even currently unpartitioned space on a disk. Not claiming to be an optimal solution (dd is faster), but does a read pass across the entire partition: $ sudo md5 /dev/rwd0c MD5 (/dev/rwd0c) = a85c2c67475f983a98007fd9a47378b7 Run it again and compare the hashes if you're worried. Works on floppies too, broken ones can't be read: $ sudo md5 /dev/fd0c md5: /dev/fd0c: read error: Input/output error $ tail -n1 /var/log/messages Apr 18 13:13:29 gamma /bsd: fd0c: hard error reading fsbn 0 of 0-3 (st0 40abnrml st1 20bad_crc st2 20bad_crc cyl 0 head 0 sec 1) In OpenBSD the 'c' partition covers the entire disk, so you'll probably want that most of the time. dd is very useful for this as well, but read the man pages carefully. -- Jon
Re: OpenBSD router - CARP to VRRP
On 10/3/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm trying to set up an OpenBSD (4.2 snapshot) router as a VRRP neighbor to a Juniper M7i (JunOS version 7.5R2). ... Does anyone know if there's a tweakable option to fix this, or if it's even possible to do this at all (is CARP compatible with regular VRRP)? No, please see the sidebar at http://www.openbsd.org/lyrics.html#35 for details. -- Jon
Re: list of all files in the filesystem
On 9/7/07, Tom Bombadil [EMAIL PROTECTED] wrote: But is there any way to get a list of all files in the filesystem without using 'find'? tar cvfX /dev/null /mnt filelist.txt or perhaps ls -R /mnt mtree(8) might also be useful, depending on what you're trying to accomplish. But the best method would be using find(8), perhaps using some of the directory walk options would speed things up for you. -- Jon
Re: carp on a /30?
On 6/13/07, David Newman [EMAIL PROTECTED] wrote: In the example given here: http://www.openbsd.org/faq/pf/carp.html Each physical interface has two IPv4 addresses, one for a shared IP and one for the interface address. That would require a /29 or shorter to accommodate these two addresses, plus at least one address on the other side of the link. Only in the diagram. The actual configuration examples do not have IPs on the physical interfaces, just the carp interfaces (note the carpdev parameter). Is there some means of getting CARP to work where one side of the pf box sits on a /30? -- Jon
Re: Problem with a URL
On 5/17/07, Peter Hessler [EMAIL PROTECTED] wrote: Its not just starting with a dash, I also cannot open ones that end the host section with a dash (ke-.deviantart.com) On 2007 May 17 (Thu) at 10:46:01 -0700 (-0700), Brian wrote: :I am trying to open up this url with firefox on openbsd -current, but there is :a problem with accessing the site. Is there a problem with doing the lookups :with url's that start with dashes: : :http://-amaya-.deviantart.com/ RFC962 (and several other places) say that: No blank or space characters are permitted as part of a name. No distinction is made between upper and lower case. The first character must be an alpha character. The last character must not be a minus sign or period. -- Jon
Re: anyone using zoneminder.com on OpenBSD?
On 4/23/07, Paul Pruett [EMAIL PROTECTED] wrote: Appears to be a low prices for a 16port capture card, has anyone tried the ProVideo series with OpenBSD? Not personally, I did play around with a bktr878 on a Hauppauge something or other, it worked fine but I never was able to figure out the tuner settings. That card looks like a pretty simple bunch of 878s behind a PCI bridge, so I can't imagine any problems. 16 ports looks (and sounds) like it's done by input switching on the 878. -- Jon
Re: bcw(4) is gone
On 4/6/07, Stefan Sperling [EMAIL PROTECTED] wrote: Yes they did: http://bcm-v4.sipsolutions.net/ I've spent some time reading it today, for the occasion. It seems to be lacking some details, e.g. the section describing how to attach the backplane bridge of the chip [1] says to turn on the clock crystal and links to a section called Clock Control, but that section is completely empty... It's a pain, I was constantly comparing the v4 specs at the URL you mentioned above and the older v3 specs at http://bcm-specs.sipsolutions.net/ to try and figure out how to get anything done. I am impressed beyond belief that the bcm43xx crew managed to build a driver and/or reverse engineer that hardware. -- Jon
Re: no AMANDA: backing up to a remote tape
On 3/30/07, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote: NOTE: TAPE=/dev/nrst0 here so it doesn't rewind after tar-ing That's your problem. unset TAPE, or just use the default /dev/rst0 device. (hysterical raisins and all) -- Jon
Re: interface order with multiple cards of same type
On 3/26/07, Aaron Martinez [EMAIL PROTECTED] wrote: My question is. I have OBSD 4.0 running on an Asus p3b-F with 6 pci slots that i'm wanting to use as a router/firewall. I have 5 fxp interfaces in the machine inserted starting from the bottom pci slot up. A second related question, in the above example, how exactly does OBSD choose the interface number? I was under the impression it used the slot to assign the interface number which is why i was so surprised to see that fxp0 the third slot, fxp2 was in the top (occupied) slot and fxp4 was in the bottom. I have all of the pci slots set to auto in the bios if that makes any difference. They are enumerated in the order they are located on the bus. The Asus P3B-F motherboard has (IIRC) 4 master and 2 slave PCI slots, where the slave slots are actually wired the same as a corresponding master. I believe the last 2 (furthest from the CPU) are the slaves, but you'd have to check the motherboard manual. Forcing the PCI slots in the BIOS, instead of leaving them set at auto, should at least get them up in the same order every time. Otherwise, the BIOS could randomly shuffle the actual interrupt routed to the A,B,C,D pins on every boot. At least, that's my experience, based on messing with nearly the same setup a few years ago. (Read: I'm not a PCI expert, but it worked for me) -- Jon
Re: hotplugd umass kernel crash
On 12/21/06, Michael [EMAIL PROTECTED] wrote: Got no serial cable available right now so I made some photos... :D http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1679.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1680.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1681.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1682.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1683.jpg Noone got an idea what I can do about this? Currently the whole system crashes when starting hotplugd... please look at the images for error messages. Try to help yourself by helping the developers. The pics are nice, but they are 2304x1728 and 1.7MB each (and out of focus, your camera doesn't like taking pics of a CRT). I got bored waiting for them to load on the fibre connection at work. What are you plugging in and where? Have you tried a different USB port? Have you removed all other USB devices? Have you tried plugging in the device without hotplugd running? Plugging in the device before turning the computer on? What do your hotplugd scripts look like? Can you manually do what you're trying to do without hotplugd? My wild guess based on what little information you've provided is that you're trying to plug some kind of memory card into a broken card reader. Please provide more details, including descriptions of the hardware and a step by step process that can reproduce the problem. -- Jon
Re: Slightly OT: DNS force client to use authoritative
On 12/18/06, Karl R. Balsmeier [EMAIL PROTECTED] wrote: Is there a specific way to set a name server so that clients are always *forced* to use an autoritative name server? Clients can not (or at least, should not) talk directly to authoritative name servers. Clients make their DNS requests with the recursion desired bit set, and should only speak to recursive resolvers. Those recursive resolvers make their requests without the recursion desired bit set and speak to authoritative servers, starting with the root servers. Some DNS servers, such as BIND, can run in both roles simultaneously with a single daemon. Others, such as djbdns, run seperate servers for each type of service (tinydns for authoritative, dnscache for a recursive resolver). -- Jon
Re: SATA 'backplanes'
On 11/30/06, L. V. Lammert [EMAIL PROTECTED] wrote: seems like these 'SATA Backplanes' would be better space wise Backplanes, in general, are something I really appreciate. Better cooling and cabling, and quite good for storage density. Spend time and the extra money getting a backplane with management ability. Some backplanes don't even have working flashing lights... Not that I've ever had to explain why the expensive server doesn't look like it's doing anything. -- Jon
Re: spamd [-c maxcon]
On 11/28/06, Daniel Ouellet [EMAIL PROTECTED] wrote: Is there a reason why it's not possible to start spamd with example spamd -c 1000 in /usr/src/libexec/spamd/spamd.c: #define MAXCON 800 Not a big deal, but I just couldn't do this. spamd(8) says the default is 800, which is actually a compiled-in limit and is quite generous for most situations. The consequences of raising it are not immediately obvious, but I imagine could be entertaining. -- Jon
Re: Driver for BCM4318
On 11/4/06, Jon Simola [EMAIL PROTECTED] wrote: On 10/4/06, Theo de Raadt [EMAIL PROTECTED] wrote: The Broadcom 802.11 chipsets are the bastards of the industry. They are the most complicated and difficult to program. http://bcm-specs.sipsolutions.net, and it's been rather enjoyable so far. Thanks for the challenge, and for OpenBSD in general. Just a followup, I've been making some steady progress. I'm hoping to have the thing sending packets this weekend. My current code and some example output is up and available at http://proteus.mecha.com/bcw/ - take heed, the code is certainly a bit messy at this point. -- Jon
Re: Upgrade to 4.0 - fsck freezes system.
On 11/7/06, Price, Joe [EMAIL PROTECTED] wrote: We're trying our first upgrade to 4.0 and fsck during the upgrade process seems to freeze the machine. wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors a: 47185884963 4.2BSD 2048 16384 328 # Cyl 0*-468113 real mem = 133787648 (130652K) avail mem = 115355648 (112652K) You may not have enough memory to fsck a single 250GB-ish partition, which would explain why fsck crashes both during the upgrade and at the command line. -- Jon
Re: Driver for BCM4318
On 10/4/06, Theo de Raadt [EMAIL PROTECTED] wrote: The Broadcom 802.11 chipsets are the bastards of the industry. They are the most complicated and difficult to program. Broadcom's division is not interested in helping at all. A Linux team has managed to mostly reverse engineer a subset of the functionality and chip versions. That information can be found at: http://bcm-specs.sipsolutions.net/ http://bcm43xx.berlios.de/ Naturally... anyone can read this stuff, learn from it, and then from their knowledge write a BSD licensed driver. There is enough information there to create a driver, at least for some varients of the chips. As I said, it is probably the most complicated chip in the industry, and the specification is harrowing.. but it can be done, since the Linux people managed to produce a driver. Inside the OpenBSD developer community Broadcom wireless is not currently on anyone's plans. Drivers for other chips will be written first. Therefore it would be nice if someone from the outside took on this project. After reading over the specs repeatedly, spending many nights studying their tangled tales and twisted methods, I have to agree with Theo: It would take an idiot to try writing a driver for these Broadcom chipsets. It would take an idiot to try doing it using only a laptop with a minipci card. #dmesg | grep ^bcw bcw0 at pci3 dev 2 function 0 Broadcom BCM4318 rev 0x02: irq 10, address 00:14:a5:75:58:df # ifconfig bcw0 bcw0: flags=8a43UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:14:a5:75:58:df media: IEEE802.11 autoselect status: no network ieee80211: nwid 0dBm inet6 fe80::214:a5ff:fe75:58df%bcw0 prefixlen 64 scopeid 0x1 I have become that idiot. Experienced developers will observe that making a network card do the above is pretty simple, the hard part is making bits fly around the air. And I've been using this as a hobby to fill my time for the last few evenings, learning a lot about the kernel and network drivers. I'm not going to make any promises that this will eventually do anything more than occupy space on my hard drive. That said, I have a couple questions that I hope can be answered. 1. How are device driver names chosen? Was bcw a good choice? 2. Do these Broadcom chipsets exist on PCI cards? I've only found miniPCI ones, and that has led me to consider purchasing one of the miniPCI to PCI bridge cards and grabbing a few cheap OEM cards off ebay to get at least a couple different ones. Good luck! I sure need that. I spent many days in my youth doing hardware bit bashing in assembly with less detailed docs than the ones at http://bcm-specs.sipsolutions.net, and it's been rather enjoyable so far. Thanks for the challenge, and for OpenBSD in general. -- Jon
Re: miniPCI adapters
On 11/1/06, Bryan [EMAIL PROTECTED] wrote: Do adapters have chipsets in them as well? I mean, according to the picture, it would appear pretty simple. Just move the contacts to the correct connections on the PCI slot. http://www.routerboard.com/rb11.html is $19 from a decent company in Latvia, might be easier if you're in Europe. They also have full length PCI cards with eight miniPCI slots, which bring to mind several interesting uses. Plus, I can replace the shitty Intel 29xx-based cards in my Dell laptops. I thought I was doing good swapping the Broadcom out of my HP laptop for one of those Intel 2915AWG cards :) At least it works better than the Broadcom. -- Jon
Re: kevent sample code?
On 10/30/06, stuartv [EMAIL PROTECTED] wrote: Can anyone point me at some sample code for kevent. I am trying to write a program that will watch a file for a write and can then read the new lines and act upon them. So far, I get the first event but not subsequent events. tail(1) uses kevent for following a file, I can't imagine any simpler examples. -- Jon
Re: Microsoft Optical USB mouse
On 10/26/06, Jon Simola [EMAIL PROTECTED] wrote: I've been playing with my USB mouse, trying to get it to work. I've found one message in the archives (unanswered) asking about this exact mouse, a Microsoft Comfort Optical Mouse 3000. Just an update, if this attracts anyone with more USB knowledge than myself. I've rebuilt the kernel with all the appropriate USB debugging turned on (in ums.c and uhidev.c, build with -DUSB_DEBUG and -DUHIDEV_DEBUG), and followed through the whole uhid initialize and attach functions. I've been able to figure out that it might be possible to make it work by following the method used for the Graphire tablets, but that is obviously not desirable. I've stuck the dmesg output when plugging the mouse in up at (30KB): http://proteus.mecha.com/laptop/MSOpt3K.txt Hopefully I've provided enough useful details for someone to give me a kick in the right direction. -- Jon
Microsoft Optical USB mouse
I've been playing with my USB mouse, trying to get it to work. I've found one message in the archives (unanswered) asking about this exact mouse, a Microsoft Comfort Optical Mouse 3000. I'd like to get this working, and would appreciate any applications of a cluestick or other ideas. It is probed by the kernel: uhidev0 at uhub1 port 2 configuration 1 interface 0 uhidev0: Microsoft Microsoft Optical Mouse with Tilt Wheel, rev 2.00/1.20, addr 2, iclass 3/1 uhidev0: 24 report ids ums0 at uhidev0 reportid 17: 3 buttons and Z dir. wsmouse1 at ums0 mux 0 uhid0 at uhidev0 reportid 18: input=0, output=0, feature=1 uhid1 at uhidev0 reportid 19: input=1, output=0, feature=0 uhid2 at uhidev0 reportid 23: input=0, output=0, feature=1 uhid3 at uhidev0 reportid 24: input=0, output=0, feature=1 usbdevs -dv shows Controller /dev/usb1: addr 1: full speed, self powered, config 1, OHCI root hub(0x), ATI(0x1002), rev 1.00 uhub1 port 1 powered port 2 addr 2: low speed, power 100 mA, config 1, Microsoft Optical Mouse with Tilt Wheel(0x00d1), Microsoft(0x045e), rev 1.20 uhidev0 port 3 powered port 4 powered I've added the USB dev to /usr/src/sys/dev/usb/usbdevs and rebuilt the header files and the kernel, noting the message in the file that it won't help. It did add an extra Microsoft in the probe message, as it would seem to be expected. I've attached the diff, if there is any interest: Index: usbdevs === RCS file: /cvs/src/sys/dev/usb/usbdevs,v retrieving revision 1.226 diff -c -r1.226 usbdevs *** usbdevs 2006/10/19 16:53:48 1.226 --- usbdevs 2006/10/27 04:19:57 *** *** 1501,1506 --- 1501,1507 product MICROSOFT INETPRO 0x002b Internet Keyboard Pro product MICROSOFT MN510 0x006e MN510 Wireless product MICROSOFT MN110 0x007a 10/100 Ethernet + product MICROSOFT OPTICAL 0x00d1 Optical Mouse /* Microtech products */ product MICROTECH SCSIDB250x0004 SCSI-DB25 And a full dmesg: OpenBSD 4.0-current (GENERIC) #1: Wed Oct 25 14:24:34 PDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1071902720 (1046780K) avail mem = 906502144 (885256K) using 22937 buffers containing 107397120 bytes (104880K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.31 @ 0xd7810 (34 entries) bios0: Hewlett-Packard Pavilion dv8000 (EP454UA#ABL) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Turion(tm) 64 Mobile Technology ML-37, 1994.54 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: PowerNow! K8 1994 MHz: speeds: 2000 1800 1600 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x01 ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200M rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 4 function 0 ATI RS480 PCIE rev 0x00 pci2 at ppb1 bus 2 ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x00: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x00: irq 11, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x00: irq 11 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 8 ports with 8 removable, self powered piixpm0 at pci0 dev 20 function 0 ATI IXP400 SMBus rev 0x11: SMI iic0 at piixpm0 pciide0 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x00: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: HTS541080G9AT00 wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd1 at pciide0 channel 0 drive 1: HTS541080G9AT00 wd1: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5 wd1(pciide0:0:1): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CD/DVDW TS-L532M, HR08 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x00 ppb2 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x00 pci3 at ppb2 bus 6 iwi0 at pci3 dev 2 function 0 Intel
Re: OpenBSD Audio series other than bsdtalk ?
On 10/25/06, Douglas Hunter [EMAIL PROTECTED] wrote: Other than bsdtalk, NYCBUG and some rare one off taster programmes are there any recordings of talks about OpenBSD (OGG or MP3) available on the web ? I'm really hoping someone recorded Theo's talk at the CUUG last night. I've seen the slides from a few presentations floating around, but audio to accompy them would be icing on the cake. -- Jon
Re: nmea Warning
On 10/20/06, Marc Balmer [EMAIL PROTECTED] wrote: Would I be correct in assuming the warning is probably due to a weak fix by the GPS device? The sensor state is documented in nmea(4). Okay, so it's just passing along the GPS's warning, not interpreting results. Time to get a better GPS. Thanks for the wonderful nmea stuff. -- Jon
nmea Warning
-- Jon
nmea Warning
(Feeling rather stupid after the blank email, apologies) I grabbed an older GPS from that Microsoft Streets and Trips software and plugged it into my laptop to try the nmea sensor stuff. The sticker says it's a GPS-360, mfg by Pharos USA with a SiRF chipset. There looks to be a small bug in the dmesg display (it runs into my USB headset): uplcom0 at uhub0 port 1 uplcom0: Prolific Technology Inc. USB-Serial Controller, rev 1.10/3.00, addr 2 uaudio0 at uhub1 port 2 configuration 1 interface 0ucom0 at uplcom0 : Logitech Logitech USB Headset, rev 1.10/10.13, addr 2 uaudio0: ignored input endpoint of type adaptive uaudio0: audio rev 1.00, 6 mixer controls audio0 at uaudio0 uhidev0 at uhub1 port 2 configuration 1 interface 3 uhidev0: Logitech Logitech USB Headset, rev 1.10/10.13, addr 2, iclass 3/0 uhid0 at uhidev0: input=2, output=0, feature=0 After some fiddling trying to figure out the proper port to use: # nmeaattach cuaU0 # sysctl hw.sensors hw.sensors.0=nmea0, GPS, -0.66 secs, WARNING, Thu Oct 19 17:28:19.435 Would I be correct in assuming the warning is probably due to a weak fix by the GPS device? -- Jon
Re: Spamd - whitelist of mis-behaving SMTP server POOLS
On 10/19/06, Steve Williams [EMAIL PROTECTED] wrote: I am 99% sure that I have seen on the internet SOMEWHERE a whitelist of servers that are like this. I thought Bob Beck had forwarded one at one point in time, but I can only find his post regarding the tarfile he maintains for the zombie hosts. greylisting.org ? Bob, if you are listening, what do you do at the U of A to handle these mis-behaving server pools? Anyone else?? I whitelist the block manually after someone notices. Sometimes it's obvious (your example was a simple /24), sometimes it takes a few tries because the pool is so large. The list from greylisting.org fixes the well-known mail pools. -- Jon
Re: [ami] Unable to set Hot Spare on MegaRAID SATA 300-8x
On 10/13/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: That is, I am running firmware version 813G. [According to the LSILogic website, it was released on 2005.03.11, and is now 5 versions old.] Okay, I'm trying this with an LSI 300-8X, 814B/H431 firmware, with an AMD64 4.0 snapshot from early Sept. Currently downloading the Oct 14th snap to try as well. I'm running into some rather worrying problems, some of which duplicate your results. Create a new RAID5 with 3 disks and one hot spare in the bios/web interface works fine. bioctl lists the drives properly. Failing a drive (by removing it) causes the array to degrade, but there is no automatic rebuild onto the hot spare. Replacing the failed drive starts a rebuild immediately, without using the hot spare. Rebooting causes the rebuild to start over. Now I'm feeling stupid, because I could have sworn that the controller would rebuild onto a hot spare before. -- Jon
Re: [ami] Unable to set Hot Spare on MegaRAID SATA 300-8x
On 10/13/06, [EMAIL PROTECTED] That is, I am running firmware version 813G. [According to the LSILogic website, it was released on 2005.03.11, and is now 5 versions old.] I've got a spare with 813G, and my production one is 813J, fixed a few little issues. Do you have a BBU on that card? Without a BBU, and with the card's cache set to WriteThru, trying to set a hot spare with bioctl would lock up my controller, requiring a hard power cycle and the entertaining fsck of large filesystems. ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x07: irq 5 LSI 3008 32b ami0: FW 813J, BIOS vH430, 128MB RAM Problem summary (problems with bioctl -H on a SATA 300-8x) === To summarize (I've included the full test case below) - I can now use bioctl -H to set an Unused drive to Hot spare. However, despite showing as hot spare in *both* bioctl and the LSI boot menu, when I fail a drive in my RAID array, the hot spare fails to behave as such (it will not be integrated into the degraded RAID array). It gets worse - once a drive has been set as a hot spare through bioctl, it can never be changed back to unused, nor can it be properly set as a hotspare through the LSI boot menu. Essentially that slot is now unusable. The only solution that I have found is to Clear configuration from the LSI boot menu (which then requires reinstall of the contents of the drives). That sounds bad. I'm going to try and replicate that with my spare stuff next week as I certainly don't want to be bit by that problem on my production hardware. One other question, when you say you replace the manually failed drive, are you using an absolute virgin disk? I seem to recall that the card might remember the disk as a previously failed drive (based on finding a previous config on the disk) and be reluctant to believe it's a good disk. Oh, thanks for the extremely detailed report. It'll certainly help me try and replicate your results. -- Jon
Re: testing HFCS
On 10/13/06, S t i n g r a y [EMAIL PROTECTED] wrote: altq on $extif hfsc bandwidth 640Kb queue {others www msn https smtp} whats happening ? should it limit it to 188Kb fixed ? as i set the upperlimit. I'm going to guess you're queueing on the wrong interface. -- Jon
Re: problems using HFSC with pf
On 10/12/06, S t i n g r a y [EMAIL PROTECTED] wrote: i am facing problems using hfsc with PF. That would be the first problem. Mention of HFSC was scrubbed from the PF FAQ at http://www.openbsd.org/faq/pf/queueing.html for good reason. Everything I learned about HFSC was from other web sites and lots of experimentation. I have working configs, but in the time I've spent figuring them out I've also figured out that HFSC is not a better method of queueing. It solves a couple of *very* specific problems that the vast majority of people will never run across. pfctl -f /etc/pf.conf pfctl: the sum of the child bandwidth higher than parent root_fxp0 pfctl: linkshare sc exceeds parent's sc /etc/pf.conf:21: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded althoug my pf.conf looks like this .. altq on $extif hfsc bandwidth 512Kb queue { www, msn, https, smtp, def } queue www bandwidth 20% queue msn bandwidth 20% queue https bandwidth 20% queue smtp bandwidth 20% queue def hfsc(default) I can see a couple potential problems, your queues have no hfsc definitions. Be careful with %'s in any bandwidth, as it may not be taken as a percent of what you wanted (interface, root queue, parent queue). I'd suggest using CBQ for this as you are defining 4 classes of traffic. HFSC, if you get it working, will be far more complex than you need for something simple like this. -- Jon
Re: OpenBSD 4.0 as a PostgreSQL Database Server
On 10/11/06, Sam Fourman Jr. [EMAIL PROTECTED] wrote: For those of you that are knowledgeable, and have the time to respond does anyone see any troubles with this hardware selection? I am mostly concerned with the raid Controller selection I am expecting it to have raid 5 across 16 drives with 1 spare You might want to evaluate a multilayer RAID setup with that many drives. I've found 0+1 (striped mirrors) and 0+5 to perform as well as plain RAID 5 but suffer a non-noticable degredation when a drive fails. In an odd note, my 0+1 array on an LSI card actually got faster everytime I pulled out a drive. 16 Raid Drives Western Digital 200GB WD2000JS SATA II 7200RPM 8MB - OEM Get the Raid Edition drives from WD. 1.2million hours MTBF at either 80% or 100% duty cycle. Their consumer-grade drives are only spec'd for 20% duty cycle, and are also less tolerant to temperature (thermal gradient and max operating temp). Raid Card Areca ARC-1260 16-Port PCI Express x8 SATA 3Gb/s RAID Controller - Retail Heard nothing but good stuff about the Areca cards. -- Jon
Re: one drive in a raid 0 failed, can I save any data?
On 6/1/06, John Brahy [EMAIL PROTECTED] wrote: For a couple weeks I was running without backups and one of the drives died. Is there a way to recover any of the data from the drives? The easy answer is No. If the dead drive just has some hard errors and won't fsck, you might be able to force the stripe set back together in a read-only mode and copy off potentially bad data. The hard answer is how much time you want to waste before deciding the easy answer was enough? IF you only had 2 drives in the RAID0, the file is smaller than the stripe size, and it was not fragmented, you've got a 50% chance it's on the good drive. Good luck finding it, you'll have to re-invent filesystem utilities or sift through the entire contents of the drive. Anything beyond that involves heavy wizardry. From various database files you might be able to extract raw data rows, running strings will show you ascii text, tar and most files have a recognizable header that you might be able to find. You'll be writing your own tools from scratch and learning far more than you wanted to about filesystems and file formats. -- Jon Simola (who spent a week recovering single files from the inside of archives after someone formatted and recycled the drive)
Re: Keep carp interfaces in sync, WAS: problems with carp and vlans
On 4/19/06, Lars Weste [EMAIL PROTECTED] wrote: hostname.carp2 !ifconfig bge0 up !ifconfig vlan0 create !ifconfig vlan0 vlan 3 vlandev bge0 up vhid 1 carpdev vlan0 192.168.0.1 192.168.1.255 netmask 255.255.254.0 I use the seperate hostname.if files instead of loading raw ifconfig commands. /etc/netstart does start physical interfaces, then vlans and finally carp. From memory: hostname.em0 up hostname.em2 inet 10.0.0.1 255.255.255.0 NONE hostname.vlan100 vlan 100 vlandev em0 up hostname.carp100 vhid 100 carpdev vlan100 inet 192.168.1.254 255.255.255.0 NONE hostname.carp204 vhid 204 carpdev em2 inet 10.0.0.100 255.255.255.0 NONE Can someone clarify if it will work with 3.9 without ifstated? I'm running my routers from a 3.9 snapshot generated a couple days before 3.9 was tagged in CVS, and I've had no problems with carp on vlan on em. Did the failover tests and everything worked extremely well. One of the coworkers was online from home and didn't notice that I had pulled cables. I have had some network issues with bge interfaces, but I only have those in an NFS server so it's quite a different traffic pattern. You may want to try forcing speed and duplex, that fixed one of my bge problems. -- Jon Simola Systems Administrator ABC Communications
Re: Multi Firewalls Admin
On 4/17/06, xanadu [EMAIL PROTECTED] wrote: I have to remote admin 54 OpenBSD firewalls. What tools can help me for that (Monitoring, Updates or PF broadcasts, getting firewalls logs, automate processes, ...), is there all in one ? I believe you're looking for Jr Network Admin, still not available as a package yet. If you can't find one (check behind the filing cabinets), you'll want to investigate snmp, syslog, cron, rsync, your favourite scripting language, and perhaps a nice monitoring solution (I've used Cacti, Nagois, and Argus at various times). -- Jon Simola Systems Administrator ABC Communications
Re: ami on AMD64 - hard lockups on write; 3.9 -current
On 4/7/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Others are using these cards; are there known firmware problems that could be related? ami0: LSI 3008, 32b, FW 813G, BIOS vH425, 128MB RAM I updated mine to 813J which solved some minor little issues and didn't solve others (notably hard lock when promoting drives to hot spare). Company doesn't want to spring for a spare power supply so I haven't been able to try replicating that on my spare hardware yet. -- Jon Simola Systems Administrator ABC Communications
Re: LSI Raid Card
On 3/29/06, Gaby vanhegan [EMAIL PROTECTED] wrote: Am I still going to be able to use the nice blink functions in bioctl? I'd like to know which drive my RAID card thinks has died... You'd have to get a backplane with safte or ses that the card can talk to. The drive enclosures you linked to are dumb sleds. They do have activity lights, so you could always perform some heavy drive activity and, by a process of elimination, the one without the blinking activity light is the failed drive. -- Jon Simola Systems Administrator ABC Communications
Re: QoS with Multiple VLANs + HTTP Proxy
On 3/28/06, Jason Dixon [EMAIL PROTECTED] wrote: I have a site with an OpenBSD firewall pair routing 12 internal VLANs (11 client networks, 1 DMZ). All of the client HTTP traffic is redirected to a Squid proxy on the DMZ. I'm using altq with cbq for queuing all of the outbound traffic, but I can't seem to wrap my head around a good way of queueing while using the proxy. I've got basically the same setup, with more vlans and I'm only proxying SMTP/POP3 into the DMZ. With the current ruleset, clients are properly assigned to the http_out queue, but then the connection from the proxy is going to duplicate their traffic in altq. Even if don't queue outbound traffic from the proxy, the packets are going to be counted towards the default queue, skewing my totals. Has anyone come up with an effective QoS design for dealing with proxies handling multiple networks? I'm not sure what the problem is here. Clients get thrown into an http_out queue on the DMZ interface, and the squid proxy will be put into a seperate http_out interface on the public-facing interface. So yes, client HTTP traffic will pass through your router twice (Client - DMZ, DMZ - public) using different queues on different interfaces as you've described. You mention totals, are you trying to do traffic accounting and getting caught on something? (Note: I would post the ruleset, but it's over 600 lines long.) Mine is a similar size, mostly NAT and RDR rules for client-DMZ traffic. -- Jon Simola Systems Administrator ABC Communications
Re: Strange carp issues
On 3/17/06, Adam D. Morley [EMAIL PROTECTED] wrote: As another experiment I moved advbase on FW2 to '2' for all carps, but the base is how often. skew is priority. No, advbase is integer seconds between advertisements, advskew is fractional seconds. Taken together, advbase and advskew are an 8.8 bit fixed point number allowing you to specify advertisment intervals between 4ms and 255.996s (in theory anyways, setting advskew to 240 or above is used with preempting as a magic number). Around line 610 of ip_carp.c: ch_tv.tv_sec = ch-carp_advbase; ch_tv.tv_usec = ch-carp_advskew * 100 / 256; -- Jon Simola Systems Administrator ABC Communications
Re: EPIA issues...
On 3/6/06, poncenby smythe [EMAIL PROTECTED] wrote: It is an EPIA 5000 with a 160gb HDD. I have disconnected the fan. Could it be the temperature... hw.sensors.1=viaenv0, TSENS2, temp, 59.90 degC / 139.82 degF the top temp. I have seen for TSENS2 is 60.60 degC. Why not reconnect the fan and see if that helps? I've got a feeling the little box will just give up or even worse blow up. Melt down, most likely. -- Jon Simola Systems Administrator ABC Communications
Re: mp3 via printer port
On 2/28/06, David Terrell [EMAIL PROTECTED] wrote: Once I was watching photos from OpenBSD hackaton and saw there that people listened mp3's by sending them to the lpt port. How is it possible to do? Can somebody describe it in details. Not via the printer port, but via lpd: http://patrick.wagstrom.net/old/weblog/archives/000128.html Heh, I was trying to remember how to wire up the resistor ladder and op-amp for nostalgia's sake. -- Jon Simola Systems Administrator ABC Communications
Re: Best Dual AMD Opteron Motherboard for OpenBSD Found??
dev 25 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb7 at pci0 dev 25 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 lm0 at isa0 port 0x290/8: W83627HF dkcsum: sd0 matches BIOS drive 0x80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02 -- Jon Simola Systems Administrator ABC Communications
Re: PF or BPF
On 2/13/06, Dave Feustel [EMAIL PROTECTED] wrote: On Monday 13 February 2006 12:45, Ted Unangst wrote: On 2/13/06, Dave Feustel [EMAIL PROTECTED] wrote: What can BPF do that PF can not? different things. OK, I'll bite. Such as? (this might be a loong, drawnout thread, but I've got time :-)) man 4 bpf The Berkeley Packet Filter provides a raw interface to data link layers in a protocol-independent fashion. man 8 pfctl Packet filtering restricts the types of packets that pass through network interfaces entering or leaving the host based on filter rules as de- scribed in pf.conf(5). There, thread over. -- Jon Simola Systems Administrator ABC Communications
Re: RAID card recommendations
On 1/11/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have not used any of the SATA, but would consider that an option. I've got a couple of the LSI 300-8X SATA cards. They certainly perform wonderfully and at a good pricepoint. I had run into a problem on SMP AMD64 with ccb timeouts locking up the box, which is doing some heavy NFS and DB. Upgrading the firmware seems to have cleared that up (knock on wood). # grep ami0 /var/run/dmesg.boot ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 8x rev 0x07: apic 4 int 0 (irq 5) LSI 3008 32b ami0: FW 813J, BIOS vH430, 128MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets scsibus1 at ami0: 16 targets # bioctl -i ami0 Volume Status Size Device ami0 0 Online 89072256 sd0 RAID10 0 Online 300018565120 0:1.0 noencl Maxtor 7L300S0 BANC 1 Online 300018565120 0:0.0 noencl Maxtor 7L300S0 BANC 2 Online 300018565120 0:3.0 noencl Maxtor 7L300S0 BANC 3 Online 300018565120 0:2.0 noencl Maxtor 7L300S0 BANC 4 Online 300018565120 0:4.0 noencl Maxtor 7L300S0 BANC 5 Online 300018565120 0:5.0 noencl Maxtor 7L300S0 BANC ami0 1 Unused 300018565120 0:6.0 noencl Maxtor 7L300S0 BANC ami0 2 Unused 300018565120 0:7.0 noencl Maxtor 7L300S0 BANC -- Jon Simola Systems Administrator ABC Communications
Re: Just confirming: no way to do a pf rdr based on hostname?
On 12/12/05, Peter Landry [EMAIL PROTECTED] wrote: I'm thinking that I can't do it. In that case, my options seem to be 1) use different external IP's for each website, and redirect to different internal servers based on IP 2) redirect all web traffic to the legacy ISA system, which will then redirect based on hostname. I'm hesitant to use up all our IPs for option 1, but I'm thinking option 2 is even worse... Are there any options I haven't thought of? Use squid in acceleration mode (reverse proxy)? -- Jon Simola Systems Administrator ABC Communications
Re: LSI 300-8x problems
function 0 AMD 8131 PCIX rev 0x12 pci2 at ppb1 bus 3 bge0 at pci2 dev 9 function 0 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): apic 3 int 0 (irq 5) address 00:e0:81:2e:d3:50 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 9 function 1 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): apic 3 int 1 (irq 10) address 00:e0:81:2e:d3:51 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 aapic0 at pci0 dev 10 function 1 AMD 8131 PCIX IOAPIC rev 0x01 ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x12 pci3 at ppb2 bus 1 ppb3 at pci3 dev 3 function 0 vendor Intel, unknown product 0x0335 rev 0x07 pci4 at ppb3 bus 2 ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 8x rev 0x07: apic 4 int 0 (irq 5) LSI 3008/32b ami0: FW 813G, BIOS vH425, 128MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 858306MB, 109418 cyl, 255 head, 63 sec, 512 bytes/sec, 1757810688 sec total scsibus1 at ami0: 16 targets aapic1 at pci0 dev 11 function 1 AMD 8131 PCIX IOAPIC rev 0x01 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 pchb4 at pci0 dev 25 function 0 AMD AMD64 HyperTransport rev 0x00 pchb5 at pci0 dev 25 function 1 AMD AMD64 Address Map rev 0x00 pchb6 at pci0 dev 25 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb7 at pci0 dev 25 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 lm0 at isa0 port 0x290/8: W83627HF dkcsum: sd0 matches BIOS drive 0x80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02 -- Jon Simola Systems Administrator ABC Communications
Re: FTPd and MFS
On 11/14/05, Steve B [EMAIL PROTECTED] wrote: problem I am faced with is how to implement MFS for a predefined user and their associated /home/username directory. Maybe I'm missing something, but is there any reason MFS wouldn't work? /sbin/mount_mfs -s 512000 swap /home/username -- Jon Simola Systems Administrator ABC Communications
Re: Limit filesharing traffic with PF
On 11/4/05, Christoph Egger [EMAIL PROTECTED] wrote: The P2P traffic can be identified this way: - The source IP from one client is always the same - The client establishes lots of connections to many destination IP adresses Use synproxy, max-src-states, and overload tables. Automagically locks out agressive clients such as viruses and P2P users (and people browsing Fark photoshop threads). For bonus points, script the addition of the MAC address to your switching ACLs. -- Jon Simola Systems Administrator ABC Communications
Re: RAID controller + disklabel = out of bounds
On 10/24/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: i got an LSI MegaRAID SATA 300-8X a couple weeks ago and i noticed it was not quite behaving. I've not had any problems with mine, yet. ami0: out of bounds 390,716,864 - 1 = 388,671,488 so apparently the controller did not grok the last little portion of the disk i had attached, but the machine i had installed the 3.8 snapshot from had done so just fine. Probably because the SATA drive configured as an array (and then exported as a SCSI device) on the ami card has different geometry than when natively plugged into a SATA controller. And the fact that the card gobbles up a little bit of space on each drive to store the array config. to work around this i've made sure to only allocate less than the 388,671,488 sectors that the controller is seeing. now things are running fine. Wipe and recreate the partition/slice/disklabel from scratch. The on-disk configuration doesn't match what the controller thinks it should be. -- Jon Simola Systems Administrator ABC Communications
Re: vlan, carp, dhcpd
On 8/15/05, Christopher JS Vance [EMAIL PROTECTED] wrote: On 3.7, I am now wanting to replace the gateway between vlans by a pair of machines running carp over each vlan, but I still want to use dhcpd to allocate addresses to machines on each vlan. Does somebody have a setup like this working? I was trying a few months ago, after a few of the developers during the Hackathon suggested that it should work fine. I'd like to pretend I'm not an idiot, but I couldn't get it working. Should I tell dhcpd it's using the carp interfaces or the vlan ones? What network masks should I give the carp and vlan interfaces? Should I give the vlan interfaces an IP address at all? My thinking (and I read through the dhcpd/carp code to try and verify this) is that the carp interface doesn't receive all broadcast packets (except arp), so the dhcp would have to be listening on the vlan device. I did some tcpdump'ing on various interfaces to check that out, and the dhcp requests were visible on the physical em1 and vlan130 interfaces, but not the carp130 device. I configured carp130 as x.x.130.254/24 carpdev vlan130, vlan130 as x.x.130.253/24 vlan 130 vlandev em1, and started the dhcpd listening on vlan130. dhcpd was logging DHCPDISCOVER but not replying with anything. Same as your result. I'm getting back to building a new router and that is a feature I need working, so I'm about to take another stab at it in the next week or two. If somebody can share appropriate fragments of their working /etc/hostname.* stuff, together with relevant hints for dhcpd, etc., that would be real nice. Ta muchly. My sentiments, exactly. -- Jon Simola Systems Administrator ABC Communications
Re: x86 rings?
On 8/4/05, Ed White [EMAIL PROTECTED] wrote: Is there any plan to use x86 cpus rings (0..3) to improve OpenBSD security? /usr/src/sys/arch/i386/i386/machdep.c has: #if defined(I486_CPU) || defined(I586_CPU) || defined(I686_CPU) /* * On a 486 or above, enable ring 0 write protection. */ if (cpu_class = CPUCLASS_486) lcr0(rcr0() | CR0_WP); #endif and sys_machdep.c does checks to ensure that the LDT only has user descriptors in ring 3. From my x86 assembly days, I found that I never used ring 1 or 2, and it seems to be the same way with OpenBSD. Unneccessarily complexities with little or no added security benefits. -- Jon Simola Systems Administrator ABC Communications