Re: [OOT]a way to gather AS numbers ?
I was wondering if there is a way to collect all of the european AS numbers ? I took a look at the RIPE website, and I found nothing close to what I want to do. whois(1) was not of much help either. http://iana.org/assignments/as-numbers/ Grep for RIPE. The ultimate goal is to have a list of all the AS running free software for their routers, as I'll soon be on the look for a job (well, it's a heuristic like another one !) The IANA list will tell you which ranges were assigned to which RIR; you'll have to query the RIR via WHOIS to determine registrant. I'm not really familiar with the mechanisms that make the internet tick, so if I missed a clue, or am just being awfully rude, feel free to lart me. The IANA allocates number resources to the Regional Internet Registries, who in turn allocate to registrants in their region. See http://www.iana.org and http://www.nro.net for more information. cheers, Matt
Re: BIND and /var/arandom missing fix]
To have them work the partition can not be mounted nodev, which /var is. I shoukd have said it fails if it doesn't work. A simple test was to run Why not make /var/named its own partition? I.e., one mounted without nodev. cheers, Matt
Re: About Xen: maybe a reiterative question but ..
Some but not all. If you buy a Dell 2950 quad and load it up with 8 Gig. You can spend $500 on an ESX 3i license and run 10 - 15 512 MB OpenBSD single processor VMs. The difference here is that you can max out the duty cycle on the box where as a single OS running on the same Iron won't do that. For ESX it's designed for you to max out the hardware I think you're off on price by almost an order of magnitude (ESX runs about $3k per CPU socket, iirc). I don't disagree with your point, though; virtualizing under-utilized hardware can save you money and electricity. --Matt
Re: OpenBSD PR #5239 and #5577
I use OpenBSD 4.2-current on IBM ThinkPad X60, and face similar issue mentioned in PRs' #5239, and #5577 - as soon as I insert a PCMCIA card in the slot (mine is Sierra Wireless AirCard 555), the kernel panics. This happens if I boot with the card in the slot, or if I insert the card in the slot when the machine is up and running. I can confirm the same behavior on my T60p. Inserting Cisco Aeronet 340 and 350 cards causes the kernel to panic. If the card is in the slot at boot, when the kernel gets to it in boot up, it panics, too. I haven't had a chance to record the trace / ps dumps yet...
Re: Quad ethernet card
best simulation is recording your real-world traffic using tcpdump and then use tcpreplay. but that is tricky too. Henning has something in saying that most of the tools aren't great, in the end all benchmarks are artificial in some measure. Replaying traffic is equally artificial as it's only indicative of the traffic you recorded - which is likely to be biased towards whatever was happening at the time on your LAN. Also worth noting is that if you're generating traffic from a single host, you're bound by the interrupt rates that host is capable of. Generate traffic from multiple sources if you really want to gauge high load. --Matt
Re: Bidirectional translation for DNS and WWW servers
rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:50:bf:3a:2e:66 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 64.142.102.8 netmask 0xff00 broadcast 64.142.102.255 inet6 fe80::250:bfff:fe3a:2e66%rl0 prefixlen 64 scopeid 0x1 binat on rl0 from $scarlett to any - $pub_scarlett binat on rl0 from $shelly to any - $pub_shelly binat on rl0 from $www_ip to any - $pub_www the external addresses you're pointing to in your binat statements, you have them configured as aliases to your external interface (rl0), right? (one can't tell from ifconfig output unless you run 'ifconfig rl0' explicitly) --Matt
Re: Bidirectional translation for DNS and WWW servers
I'm having NAT problems; could someone examine my pf file and make some recommendations? (Yes, Nat is well documented. I'm not here because of issues with clarity. Thanks; Well, for starters, you have three 'nat' statements that you probably meant to be 'binat' statements. #NAT and Binat nat on rl0 from $int_block to any - $ext_ip nat on rl0 from $scarlett to any - $pub_scarlett nat on rl0 from $shelly to any - $pub_shelly nat on rl0 from $www_ip to any - $pub_www beyond that, you'll have to be more specific as to what your NAT problems are. --Matt
Re: About commands
$ fdisk -l displaying all partitions of a HD man disklabel. $ df -h displaying all partitions with size and use man df. Not to be pedantic, but df displays mounted filesystems, not all partitions. cheers, Matt
Re: micro atx motherboard recommendations?
Just looking for a recommendation on a good/cheap (but not necessarily fast) microatx motherboard. Or possibly, one of those via motherboards, but needs to fit in an atx case. I _think_ the mini-itx form factor of the VIA EPIA motherboards will fit in ATX cases, but I've never tried it. That said, I've had good luck running OpenBSD on the two EPIA systems I have, the ML6000EA (fanless 600mhz) and the PD1 (1ghz, dual vr-based NICs). Dmesgs if yer interested: http://www.damnskippy.org/openbsd/dmesg.ml6000ea http://www.damnskippy.org/openbsd/dmesg.pd1000 cheers, Matt
Re: Lenovo Thinkpad T43p won't do external VGA output properly
Interesting. I hadn't tried using the external VGA output on my laptop. I'm seeing pretty much what you describe, only I find that if I set the Boot Display Device in the BIOS to VGA+LCD, then I get external video output on the monitor. There's output in X, too. Even the Fn-F7 toggling seems to work. --Matt --On Wednesday, January 10, 2007 03:46:59 PM +0100 Jonathan Thornburg [EMAIL PROTECTED] wrote: Hi, I'm running OpenBSD 3.9-stable on a Lenovo (formerly IBM) Thinkpad T43p. X (X.org 6.9.0) works fine either (a) without any /etc/X11/xorg.conf, or (b) using the /etc/X11/xorg.conf from http://www.enting.se/T43/xorg.conf (which is linked from the T43 entry in http://www.openbsd.org/i386-laptop.html). All the behavior I describe below is identical for (a) and (b). The built-in LCD display works fine at 1600x1200. My problem is that I can't get external video output properly. There seem to be two cases (neither one of which fits my definition of properly): * If, in the BIOS setup, I set Boot Display Device to LCD, then I can get 1600x1200 VGA output when booting and before I start X, but I get no external video output at all once I start X. * If, in the BIOS setup, I set Boot Display Device to VGA+LCD or VGA+DVI+LCD, then I get no external video output when booting and before I start X, but when I start X I get only 640x480 resolution (and matching external video output). Does anyone know how to get a T43p to simultaneously * run X, * use a decent screen resolution (minimum 1024x768, prefer 1280x1024 and/or 1600x1200) * send this video to the external VGA connector so I can display things on a video projector Here are my dmesg and the /etc/X11/xorg.conf from (b) above: === begin dmesg === OpenBSD 3.9-stable (GENERIC) #9: Tue Jan 9 16:30:11 CET 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUS H,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 cpu0: Enhanced SpeedStep 1600 MHz (1356 mV): speeds: 2130, 1800, 1600, 1400, 1200, 1000, 800, 600 MHz real mem = 2145886208 (2095592K) avail mem = 1951961088 (1906212K) using 4278 buffers containing 107397120 bytes (104880K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(8d) BIOS, date 09/15/05, BIOS32 rev. 0 @ 0xfd760 apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 97% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6f0/0x910 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1600 0xd1800/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82915GM/PM/GMS Host rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82915PM/GM PCIE rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI FireGL V3200 rev 0x80 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03 pci2 at ppb1 bus 2 bge0 at pci2 dev 0 function 0 Broadcom BCM5751M rev 0x11, BCM5750 B1 (0x4101): irq 11, address 00:01:6c:e9:50:d0 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb2 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x03 pci3 at ppb2 bus 3 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: irq 11 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 11 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3 pci4 at ppb3 bus 4 cbb0 at pci4 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: irq 11 ath0 at pci4 dev 2 function 0 Atheros AR5212 (IBM MiniPCI) rev 0x01: irq 11 ath0: AR5213 5.9 phy 4.3 rf5112 3.6, WOR2W, address 00:14:a4:5c:7f:a5 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 5 device 0
Re: Bind performance
I can't reach that value with a Dell OptiPlex GX280 w/ onboard bge(4) MP kernel, net.inet.ip.ifq.maxlen=250, 4.0 or -current, doesn't matter. Collision count increases monotonically. Stops forwarding packets, etc. Switching to em(4) carries limit to ~25k to ~30k. consider trying to increase ifq.maxlen higher than that and see if it helps. It did for me. --Matt
kernel crash on 3.9
Hi, We've had one of our firewalls crash. I've included ps and trace output below, along with the dmesg. Thanks! --Matt kernel: page fault trap, code=0 Stopped at ip_output+0x7e0: testb$0x5,0x34(%eax) ddb ps PID PPIDPGRP UID S FLAGS WAITCOMMAND 3612 24433 11482 0 2 0x4004 perl 5019 11482 11482 0 3 0x4084 piperd mail 6835 11482 11482 0 3 0x4084 piperd tee 24433 11482 11482 0 3 0x4084 pause sh 11482 9074 11482 0 3 0x4084 pause sh 9074 4906 11482 0 30x84 piperd cron 5139 15139 0 3 0x4086 ttyin getty 25257 1 25257 0 3 0x40184 select sendmail 28426 1 28426 0 3 0x4086 ttyin getty 10636 1 10636 0 3 0x4086 ttyin getty 19975 1 19975 0 3 0x4086 ttyin getty 22453 1 22453 0 3 0x4086 ttyin getty 4906 14906 0 30x84 select cron 14416 1 14416 0 30x84 select sshd 3601 13601 0 3 0x184 select inetd 2715 13271 13271 74 3 0x184 bpf pflogd 13271 1 13271 0 30x84 netio pflogd 28383 22192219 73 3 0x184 pollsyslogd 2219 12219 0 30x84 netio syslogd 17 0 0 0 30x100204 crypto_wa crypto 16 0 0 0 30x100204 aiodonedaiodoned 15 0 0 0 30x100204 syncer update 14 0 0 0 30x100204 cleaner cleaner 13 0 0 0 30x100204 reaper reaper 12 0 0 0 30x100204 pgdaemonpagedaemon 11 0 0 0 30x100204 pftmpfpurge 10 0 0 0 30x100204 timeout sensors 9 0 0 0 30x100204 usbevt usb4 8 0 0 0 30x100204 usbevt usb3 7 0 0 0 30x100204 usbevt usb2 6 0 0 0 30x100204 usbevt usb1 5 0 0 0 30x100204 usbtsk usbtask 4 0 0 0 30x100204 usbevt usb0 3 0 0 0 30x100204 apmev apm0 2 0 0 0 20x100204 kmthread 1 0 1 0 3 0x4084 waitinit 0 -1 0 0 3 0x80204 scheduler swapper ddb trace ip_output(e849cd00,0,0,2,d05dc4a8,0,d070bb94,d01e5e39) at ip_output+0x7e0 pfsync_sendout_mbuf(d05dc2e0,e849cd00,,3500,0) at pfsync_sendout_mbuf+0x106 pfsync_sendout(d05dc2e0,0,d64a45fc,e896939c,e84195e8) at pfsync_sendout+0x57 pfsync_pack_state(1,e84195e8,1,d689fa00) at pfsync_pack_state+0x95 pf_insert_state(d0faba00,e84195e8,2,d070bcfc) at pf_insert_state+0x14b pf_test_udp(d070bd0c,d070bd04,1,d0faba00,d640e300) at pf_test_udp+0x597 pf_test(1,d103d400,d070be2c,0) at pf_test+0xc27 ipv4_input(d640e300,d028bca9,50,296) at ipv4_input+0x121 ipintr(58,60010,380010,d0700010,d070a000) at ipintr+0x67 Bad frame pointer: 0xd070be44 Here's the dmesg: OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 536387584 (523816K) avail mem = 482426880 (471120K) using 4278 buffers containing 26923008 bytes (26292K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(66) BIOS, date 04/13/04, BIOS32 rev. 0 @ 0xfb7f0 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdf64 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/208 (11 entries) pcibios0: PCI Exclusive IRQs: 3 5 9 10 11 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371SB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xca000/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82875P Host rev 0x02 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 9 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2
Re: Via EPIA boards
serious question: can one get systems of this class with 'features' like ECC memory? Not 100% sure, but I do not think so. There's no mention of ECC memory support on VIA's webpages dedicated to the EPIA line. Also, the memory selector tool on crucial.com lists non-ecc memory only. --Matt
Re: Via EPIA boards
1. How well supported are the C3 boards such as the M1? My home firewall is running on a PD1. Similar to the M1, except with two NICs. NICs are supported. I don't think Xorg supports the VIA graphics chip, but doesn't matter to me. http://www.logicsupply.com/product_info.php/cPath/78_76/products_id/234 2. I'd like to switch to a nice 1U case. Logicsupply has Casetronic and Morex cases which are nice; gtweb.net also has some. Other recommendations? I bought mine from Logicsupply, along with a decent little Morex case. (I'd give ya a link to it, but it looks like Logicsupply doesn't carry my model case any more). 4. Are the C7 boards supported in 3.9? I'm running a 3.9 beta snapshot from January-ish. --Matt
Re: (newbie) a network related question
but isn't a way to route and translate connections via a existing static IP address? To have 'internal' IPs acting as static in their own right? How do ISPs 'create' their own static IPs? You don't 'create' an IP address; the address is assigned. Basically, from the IANA to the Regional Internet Registries, and from the Registries to the ISPs, and from the ISPs to the users. Sounds like you need to request additional IP addresses from your ISP. --Matt
Re: Openbgpd kernel tuning
monitoring the congestion counter in pfctl -si helps a lot. you don't want too long queues tho, that is contraproductive. What are the consequences of ifq set too large? --Matt
Re: Very high interrupts on a supermicro machine.
Right now my box is doing ~28,000pps per direction per interface (out public, in public, out internal, in internal), totalling around 112kpps. It doesn't seem to want to go any higher than that. I've just tried moving the internal connection off of the dualport PCI-X card and onto the internal nic, and it hasn't made a difference. I'd be a little confused if two syskonnect cards would have double the performance of what I have in the machine right now... at these packet rates I am not surprised by sk(4) performing more than twice as good as others. I've got a different P4-based SuperMicro motherboard that I've been troubleshooting, too. It's not seeing the weird PCI interrupt routing error message that dormando described, I'm just getting heavy PF congestion with moderate 12Mb/s 12k pps traffic rates. In benchmarking with an sk card replacing one of the onboard em's, I saw a definite improvement, but still encountered congestion around 15~20Mb/s. Not to generalize, but in my case, evidence points to this SuperMicro motherboard being pretty craptastic. Incidentally, for the boxes based on this motherboard that I have in production, I used the Henning's recommended value for net.inet.ip.ifq.maxlen, and saw a significant reduction in my congestion counter rate. 15~30/s versus 100's. cheers, --Matt
Re: OpenBSD Metastore: New kit, thanks
what i can't really understand is, why bother making a tool like this, if you are afraid that it is going to be used, or that someone will ssh scan you from taiwan? so let's just block all the non us countries or what? I'm not afraid that it's going to be used. I _want_ it to be used, I never suggested otherwise. I'm not blocking non-US countries, I'm blocking shitholes. The more people blackhole shitholes, the better off the world is in the long run, this provides shitholes with an incentive to no longer be shitholes. (What do you mean, I can't through the magick of PF's ordered filtering, you could allow all inbound on port 80, and THEN block your desired ranges.
Re: Sun Ultra 5 as a firewall?
Is anyone on the list running an Ultra 5 as firewall? I would like to move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. My main concern is wondering if the Ultra 5 is slow enough to become a bottleneck from one interface to another interface. However, I know some of you run Soekris boxen and 486's for firewalls, so I may be just fine. I ran my home firewall off an Ultra5/333mhz... it was plenty fast for passing packets (used an fxp pci card for the second interface). Felt kinda sluggish for compiling, and disk I/O was pretty bleh. Not sure how it'd scale in terms of packets per second. cheers, Matt
Re: Honesty needed...
According to http://www.freebsd.org/security/ the current estimated EOL for 4.11 is January 31, 2007 That said, since you think IPF is causing problems, have your tried disabling IPF and running either ipfilter or PF (or doing the filtering on a dedicated firewall box)? --Matt --On Tuesday, June 28, 2005 15:10:16 -0400 Matt Juszczak [EMAIL PROTECTED] wrote: What's wrong with FreeBSD 4.11? You said it's stable for you. OpenBSD is going to be a big change for you on short notice with little testing. Everyone says the 4.x branch is much more stable than the 5.x branch anyway. It is, but its unsupported. If I go back to 4.11, within 6 months I would have to go back to 5.x anyway. I'd rather not waste time doing that.
