Re: dhclient release a lease?
Currently there is no facility in dhclient(8) to issue RELEASE messages. I had no recollection of adding such a thing, and a quick confirmed there is no DHCPRELEASE related code. Ergh. OK thanks, that's super annoying that it's not there. Which signal(s) are used elsewhere to trigger RELEASE? Goggle is not coughing up an obvious answer. :-) It varies, IIRC on at least on other linux or bsd distro sending HUP took a more literal approach ("hang up and leave") and sent a DHCP release before nuking its lease cache, and I'm pretty sure somewhere else you could send "SIGUSR2" or something.
dhclient release a lease?
How do I get dhclient to release its DHCP lease? I want to be clear that I'm not interested in having it RENEW the lease but RELEASE it- in other words send the signal to the DHCP server "I'm going bye-bye, go ahead and put this IP address back in your free pool". Other versions of dhclient on other OSs have commandline arguments that activate this behavior, or will accept SIGHUP or some other variant signal, but I can't figure out how to make this happen on openbsd.
pkg question: dnsmasq alternatives?
We have various OpenBSD machines acting as gateways for NAT LANs. We need a handful of services for these, mainly a dhcp server that can do mac-based fixed addressing, dns server that can attach and reverse names associated with these fixed addresses, dns black-holeing, the ability to intercept dns lookups on non-existent domains when the ISP replies with a spam server instead of nx, and PXE/tftp server. We've been using dnsmasq for years since it provides a one-stop-shop for most of the stuff we need, and while we're fairly happy with it, I always like to ask around periodically to see if for any of the stuff we do a better way has come about. So to cut to the chase, does anyone know of and/or have experience with other packages that do the sorts of things dnsmasq does that it might be worth switching to? (We're only looking at packages). One-stop-shop type programs are obviously preferred to managing a bunch of different stuff. Thanks in advance.
Re: mini itx from intel
FYI- My 2820 won't boot reliably headless without an HDMI dummy plug attached (such as http://www.amazon.com/CompuLab-fit-Headless-Display-Emulator/dp/B00FLZXGJ6), even with the latest BIOS. These seem to be hit or miss in a headless configuration, and not everyone has the HDMI boot failure issue, so you may luck out. I sent an email to the list a few days ago about a board we have that has issues booting without an hdmi display attached, but I didn't get any responses. We don't have a boot 'failure' per se (the board technically boots fine with no display), rather if there's no screen attached during boot then it completely disables video and never recognizes a screen attached later, ie; you have to reboot to get video back. Do these 'dummy plugs' help solve issues like that? And/or is there a way to 'kickstart' the video back in to life without having to reboot?
Re: redirect spkr to headphone jack?
Could you show the output of "mixerctl -v" ? inputs.dac-0:1=126,126 inputs.dac-2:3=126,126 inputs.dac-4:5=126,126 inputs.dac-6:7=126,126 record.adc-2:3_mute=off [ off on ] record.adc-2:3=125,125 record.adc-0:1_mute=off [ off on ] record.adc-0:1=125,125 inputs.mix_source=line-in,mic2,hp,line { line-in mic2 hp line } inputs.mix_line-in=120,120 inputs.mix_mic2=120,120 inputs.mix_hp=120,120 inputs.mix_line=120,120 inputs.mix2_source=dac-0:1,mix { dac-0:1 mix } inputs.mix3_source=dac-2:3,mix { dac-2:3 mix } inputs.mix4_source=dac-4:5,mix { dac-4:5 mix } inputs.mix5_source=dac-6:7,mix { dac-6:7 mix } outputs.line_source=mix2 [ mix2 ] outputs.line_mute=off [ off on ] outputs.line_dir=output [ none output input ] outputs.line_boost=off [ off on ] outputs.line_eapd=on [ off on ] outputs.line-in_source=mix3 [ mix2 mix3 mix4 mix5 mix8 ] outputs.line-in_mute=off [ off on ] inputs.line-in=85,85 outputs.line-in_dir=input [ none output input input-vr0 input-vr50 input-vr80 input-vr100 ] outputs.mic2_source=mix5 [ mix2 mix3 mix4 mix5 mix8 ] outputs.mic2_mute=off [ off on ] inputs.mic2=85,85 outputs.mic2_dir=input-vr80 [ none output input input-vr0 input-vr50 input-vr80 input-vr100 ] outputs.mic2_boost=off [ off on ] outputs.spkr_source=mix8 [ mix2 mix3 mix4 mix5 mix8 ] outputs.spkr_mute=on [ off on ] outputs.spkr_dir=output [ none output input input-vr0 input-vr50 input-vr80 input-vr100 ] outputs.hp_source=mix4 [ mix2 mix3 mix4 mix5 mix8 ] outputs.hp_mute=off [ off on ] inputs.hp=85,85 outputs.hp_dir=output [ none output input input-vr0 input-vr50 input-vr80 input-vr100 ] outputs.hp_boost=off [ off on ] outputs.hp_eapd=on [ off on ] record.adc-0:1_source=line-in,mic2,hp,line,mix,mic { line-in mic2 hp line mix mic } record.adc-2:3_source=line-in,mic2,hp,line,mix { line-in mic2 hp line mix } inputs.dac-8:9=126,126 inputs.mix8_source=dac-8:9,mix { dac-8:9 mix } outputs.line_sense=plugged [ unplugged plugged ] outputs.line-in_sense=unplugged [ unplugged plugged ] outputs.spkr_muters=line,line-in { line line-in } outputs.master=128,128 outputs.master.mute=off [ off on ] outputs.master.slaves=dac-0:1,dac-4:5,line,spkr,hp,dac-8:9 { dac-0:1 dac-2:3 dac-4:5 dac-6:7 line line-in mic2 spkr hp dac-8:9 } record.volume=125,125 record.volume.mute=off [ off on ] record.volume.slaves=adc-2:3,adc-0:1 { adc-2:3 adc-0:1 line-in mic2 spkr hp }
Re: redirect spkr to headphone jack?
The pc-speakers and the sound card are different circuits. Right, I know that. What I'm wondering is if there's some magic incantation for mixerctl or some other utility that will let output intended for the console speaker to be 'copied' or otherwise redirected to the headphone/line output. OpenBSD console can only use the pc-speaker as the console beep and there's no way to emulate it using the sound-card. I'm not sure if 'emulation' is what I'm looking for. I mean, one way or another the system is sending a sine wave down that path that causes the motherboard speaker to beep (normally). Surely there's some way to make it send that signal to the chip running the jacks on the back, right? Maybe if not via a utility then via tweaking a custom kernel? Could you show the output of "mixerctl -v" ? Sure, but gimme a few hours. I don't have the machine in front of me at the moment.
Re: OpenBSD Home Server: Hints and Advices
It's gonna be behind a 3020j surge protector A $20 spikebar will NOT protect this machine from a lightning strike that hits the pole in front of your house. Take a different view: Mirrored drives and RAID are not really for data protection, they're so you can keep operating in face of (some types of) hardware failure. Indeed, but in reality doesn't it do both? Not unless you have a very narrow definition of 'data protection'. RAID won't protect you against bad software corrupting your files, or accidental 'rm -rf' The files are currently strewn over a couple of machines all over the house. I intended on deleting them once pushed to the server A single copy of your files is not a "backup" no matter what definition of the word you're using.
Re: OpenBSD Home Server: Hints and Advices
Well, isn't your NAS already a backup? No. At least, not really. Any "online" backup (in other words, an actively running machine) is always subject to issues that could destroy your data. The power supply could go bad and fry your drives, software issues could cause silent corruption, and you could always accidentally just delete files. The only really good backup is an offline one, preferably stored in a fireproof safe.
HDMI video initialization issue
We have a system with only HDMI and displayport video outputs. If the system is booted with no HDMI cable attached, and then the cable is attached after the system is up, video is completely nonfunctional until the system is rebooted. (We don't have any displayport displays or cables to test that side of things). I know HDMI can be a pain a lot of times and that this is most likely some sort of bios issue and not OpenBSD's fault, but does anyone know if there's a way to reinitialize the video back into life after the machine is already up and running? (the system is totally functional besides video, we can ssh in and do whatever).
redirect spkr to headphone jack?
We have a system with NO physical internal speaker of any kind. Audio otherwise works from the headphone/line jack, playing wave files with aucat and messing with mixerctl all work as expected, but there are no 'beeps' (can't get a terminal bell using echo, can't get anything from wsconsctl, nothing's muted in mixerctl). Is there an easy way to redirect the "pc-speaker" to output via the headphone/line jack?
Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)
In what way? If you mean the hypervisor does not provide adequate separation between VMs then that is not really an issue as I control the host and all VMs. If any are compromised then I have bigger issues. The most secure system should be the host, not the guest. A super secure guest inside a VM doesn't help much if the insecure host is compromised.
Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)
At this point, the FreeBSD camp would point out that they have ZFS for infinite flexibility in building multi-terabyte storage pools, That said, both modern SSDs and multi-terabyte spinning platters are handled quite well, thank you, by FFS2 on OpenBSD As an aside, people sometimes confuse ZFS with XFS or GlusterFS or other stuff. ZFS is designed around extreme data reliability and integrity, not huge array size or high end performance. ZFS is an all-in-one disk+filesystem that incorporates partitions, multi-parity RAID, backups, and directory structure into one unified thing. It features raid-write-hole prevention, triple-redundant checksumming of both data and metadata, built-in block duplication, advanced journaling, atomic copy-on-write, and the ability to snapshot arbitrary parts of the system which can then be rolled back after a problem, among other things. ZFS is far more than something that 'just handles multi-terabyte pools'. Now, whether a home user NEEDS all these reliability features is a different question, but if you decide you do, OpenBSD (along with most other *nixs) doesn't have anything remotely comparable. That said for FreeBSD and ZFS you want at least 4GB of ram anyways. This is a common misconception. The ARC wants to cache your entire array in ram if it can, so it will expand to fill whatever's available. You can run ZFS with limited ram, you'll just see a performance hit if you try to do lots of random reads on things that aren't cached.
Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)
I have found in the archives that in general you can recommend OpenBSD to anyone without any background to start tinkering with. So, there might be no benefit of a learning curve of FreeBSD --> OpenBSD, as I, may have wrongly guessed? OpenBSD is about as easy to pick up as any other *nix, so long as you understand the fundamentals (ie; how to navigate a system using a command line, etc). The only thing that tends to throw people off is that OpenBSD uses a somewhat non-standard way of dividing disks up into partitions. A lot of people use both systems regularly (myself included) and can offer their thoughts about their personal gripes for each, but you'll have to post using a non-disposable email address for people to reply to directly since no one wants to start an on-list flamewar over this stuff. You might also want to subscribe/post this question to "freebsd-questi...@freebsd.org" (their equivalent list to "misc@openbsd.org") What I'd like is a secure wireless router and a file server In general, one of OpenBSD's main strengths is security whereas one of FreeBSD's main strengths is storage. For example, FreeBSD needs a lot more futzing to really lock down properly, and OpenBSD lacks things like ZFS (and the extreme reliability options it provides). Can it handle both roles, router and file server Well it depends a lot on what you're considering "modest loads". If this is a home system serving half a dozen devices, only pushing a megabit or two of net data, and only hosting a single drive for file sharing with no fancy options, then basically any hardware that still boots will handle both roles. (Like literally, a Pentium II or III will work fine). is it a good idea to have one device for these 2 roles in the first place? Maybe. It depends a lot on your risk/cost assessment. Personally I always advocate for a router/firewall to be a dedicated device and put all your other services hosted on other hardware inside your LAN. That way you can lock down the router for security but still let your other systems run whatever they need to without messing around. However, if you have money/size/power constraints then mixed solutions are sometimes the lesser of many evils. OpenBSD and FreeBSD are both perfectly capable of serving both the router and file server roles if you don't need the advanced features of the other. Although if you do, and you really only want an all-in-one device, then you should probably sit down and try to decide if security or storage options are more important to you and start from there. As a side note though, either way I would strongly advocate splitting out the wifi into an external WAP connected to the router via ethernet. Internal wifi cards always seem to be a pain on any *nix system- there are about a billion chipsets and drivers seem to like breaking for random reasons. Also, separate devices means you don't have to compromise for physical location- the WAP can go wherever it gets the best signal strength and the router can go where ever it's easiest to administrate and/or interface with your ISP.
Re: console color
OK, thanks. After some searching based on this info and some messing around, it looks like 'export TERM=ansi' and setting t_Co=8 will get me limited colors in vim without screwing anything up.
console color
Can someone give be a brief rundown on how OpenBSD handles color on console? Commands like "echo -e '\033[32mfoo\033[0m'" produces dark green text as expected, but "echo -e '\033[92mfoo\033[0m'" comes out white instead of light green, and I can't seem to get vim to do syntax coloring at all (I've copied over configs that work on other machines, both t_Co=16 and t_Co=8, but everything always displays plain white). $TERM is the standard vt220. Am I doing something wrong, or does local console just have very limited color support?
Re: speedup shutdown
The two daemons you refer to, treat SIGHUP as a "please re-read your configuration files and restart". This is semi-common. This happens to also be the two daemons you are testing this with, causing some confusino. Not everything, but some things will still be running. It wasn't just syslogd and sshd, -HUP also doesn't shut down any of the pflogd/dhclient/cron stuff either. The only process it actually stops is sndiod, all the others restart on their own. After running commands #1, #3 and #5; almost everything should be killed. Command #1 should take care of the vast majority of daemons started at boot; #3 and #5 are to catch the ones that aren't. Well, -TERM stops every PID I typed in (the four I didn't being init, two ksh's and ps itself), so I'm not sure where that leave me. I guess it's some kind of timing thing or race condition? Also, FWIW, tapping the power button at this point yields a two second delay before it does anything (down from the previous ten). Not sure if that's useful information or not.
Re: speedup shutdown
The two daemons you refer to, treat SIGHUP as a "please re-read your configuration files and restart". This is semi-common. This happens to also be the two daemons you are testing this with, causing some confusino. Not everything, but some things will still be running. It wasn't just syslogd and sshd, -HUP also doesn't shut down any of the pflogd/dhclient/cron stuff either. The only process it actually stops is sndiod, all the others restart on their own. After running commands #1, #3 and #5; almost everything should be killed. Command #1 should take care of the vast majority of daemons started at boot; #3 and #5 are to catch the ones that aren't. Well, -TERM stops every PID I typed in (the four I didn't being init, two ksh's and ps itself), so I'm not sure where that leave me. I guess it's some kind of timing thing or race condition?
Re: speedup shutdown
I took that to mean: 1) run (presumably as root) 'time sh /etc/rc shutdown' 2) check 'ps -aux' to see what's still running 3) 'kill -HUP [PID]' for each of the remaining processes 4) check 'ps -aux' again 5) 'kill -TERM [PID]' for each of the remaining processes 6) check 'ps -aux' again Yes. Perhaps it isn't clear that I would *expect* stuff to still be running at step 4, and thus for shutdown like this to take at least 5 seconds. If the next step, the one you didn't describe the results of, killing daemons with SIGTERM, OK, maybe this is where the communication gap is. Sending HUP to sshd and syslogd and everything was effectively a no-op since they'd all just immediately restart. I looped between (3) and (4) for a bit then gave up. I assumed I was doing something wrong when by this point the state of the system was identical to (0). Just to be doubly clear, is it expected behavior that at (4) everything will still be running? (In the mean time, I'll try continuing on through (6) anyway and see what happens).
Re: update/upgrade
If availability is critical you might consider redundancy with CARP/pfsync. It's not critical enough to be worth dealing that. Going down for like 15 minutes is fine, but most of a day is not. In a perfect world we're looking for an update mechanism similar in speed and ease to other OSs where you can run a one liner on the live system which automatically downloads and installs a few files and reboots. I'm trying to get as close to that as possible without having to create and maintain a whole home-grown custom procedure. It looks like the M:tier thing is pretty close, my only concern is how long it'll last before the maintainers lose interest and the project gets abandoned.
Re: speedup shutdown
"time sh /etc/rc shutdown". See what's still running. kill -HUP everything except init and your session and see what's still running 5 seconds later. Hmm, you truncated the suggested steps... You wrote: "Hmm? How about replicate the process and observe the results? "time sh /etc/rc shutdown". See what's still running. kill -HUP everything except init and your session and see what's still running 5 seconds later. Then again with kill -TERM. Whatever still standing is slowing you down; for each one figure out whether and when it should have died." I took that to mean: 1) run (presumably as root) 'time sh /etc/rc shutdown' 2) check 'ps -aux' to see what's still running 3) 'kill -HUP [PID]' for each of the remaining processes 4) check 'ps -aux' again 5) 'kill -TERM [PID]' for each of the remaining processes 6) check 'ps -aux' again I appear to be hung up near the beginning. 'sh /etc/rc shutdown' doesn't appear to do anything, since it returns instantly and the ps output from (2) is identical to ps output from before 'sh /etc/rc shutdown'. (3) "doesn't work" in the sense that it doesn't appear to actually stop [m]any services (presumably because I didn't do something correctly before this point). Like I said, I'm missing something. There were a couple assumptions in there somewhere that I'm not picking up on. What exactly am I supposed to do in what order?
Re: update/upgrade
Does your embedded storage run NOR/NAND or something like SDHC Memory Cards? If your systems are running SDHC you can easily create clones with a laptop& the DD utility. A couple of them do, but it doesn't matter in this case. The main issue with compiling is that it can effectively knock the system offline for hours which isn't acceptable. Any process that involves shutting the machine off or booting into a separate OS image has the same problem. It's just a question of minimizing downtime.
Re: update/upgrade
"world" as you appear to be using it isn't an OpenBSDism, ugh. You're right, you're right... I'm also managing several FreeBSD projects and I'm getting things mixed up. Let me go through the man pages again and try to sort things out in my head.
Re: speedup shutdown
Hmm? How about replicate the process and observe the results? Well, I wasn't sure if that was the exact/entire process or just a summary. "time sh /etc/rc shutdown". See what's still running. kill -HUP everything except init and your session and see what's still running 5 seconds later. OK I'll try that, thanks. I'm missing something. Logged in as root, 'sh /etc/rc shutdown' returns instantly and according 'ps' everything's still running. Trying to then kill -HUP half the processes doesn't work (they just restart).
Re: update/upgrade
You think the master builds are done on a machine that is identical to yours at home? Obviously not, but that doesn't have any bearing on what I said. Build a -stable release on a same platform faster machine. Now unpack the .tgz files on the target machines, copy in /bsd, /bsd.rd, reboot. ta-da, patched machine. None of your configuration is touched by this process. Maybe I'm unclear on what building -stable actually does. Correct me if I'm wrong, but "world" encompasses a lot more than just the kernel and ramdisk, right? Simply replacing just those two alone isn't fully keeping on top of things.
Re: speedup shutdown
Hmm? How about replicate the process and observe the results? Well, I wasn't sure if that was the exact/entire process or just a summary. "time sh /etc/rc shutdown". See what's still running. kill -HUP everything except init and your session and see what's still running 5 seconds later. OK I'll try that, thanks.
Re: speedup shutdown
For power off via button, init runs "sh /etc/rc shutdown", then sends all processes a SIGHUP, then waits 5 seconds. If there are any processes still alive it'll send SIGTERM and wait another 5 seconds. If any are still alive at that point it'll send'em all SIGKILL and wait another 5 seconds. It'll then tell the kernel to halt the system. Is there a way to watch this process as it's happening to see where the holdup is? Watching it in general wouldn't be a bad idea. I guess a large part of the issue is not so much that it takes 10 seconds, but that there's no confirmation or indication that it's actually doing anything. It just sits there like it ignored you and you can continue typing at the command line. There's no output or anything until the "syncing disks" line finally pops up.
Re: speedup shutdown
So, slow /etc/rc.d/* script delaying the /etc/rc shutdown step? Or do you have some daemon which isn't killed by its rc.d script, nor by SIGHUP, thus requiring SIGTERM and at least 10 seconds? This is a test system and it's pretty stock right now. Aside from the standard services like pf and ntp the only installed pkg is I think dnsmasq. It's possible there's something wrong there but I'm not sure where I should start looking.
Re: update/upgrade
As it was already stated in @misc, I don't think I got that message. (?) mtier is probably as safe as relying on openbsd code. I'm not worried so much about safety in the sense of compromised code, but rather the practicalities of setting up a workflow that depends on something that can disappear at any time without notice. Their website has zero information about them as a company or who (if any) of them are also OpenBSD devs or what. It also looks like they only started a couple years ago.
Re: update/upgrade
You do that part on a bigger box, build releases there, and use these to update the low power devices. That doesn't really help the situation. These machines don't have identical setups so you'd still have to do a lot of manual merging and/or write and maintain a library of custom merge scripts for them.
Re: update/upgrade
https://stable.mtier.org/ A cli update program that applies binary patches is pretty much perfect, but I'm not sure we want to rely on a 3rd party for that service. (And I know that a built-in update program is probably never going to happen).
Re: update/upgrade
Snapshots? Something like this? http://www.bsdnow.tv/tutorials/stable-iso Well, preferably something that doesn't require the machines to go offline for a while.
update/upgrade
We have a bunch of low power embedded devices that we'd like to keep reasonably up to date, but the disk space and cpu overhead of tracking -stable is kind of a nonstarter. Is there another/better way of doing things these days? (Other than applying dozens of patches manually).
Re: rc.shutdown powerdown
On Sep 20 4:36 PM, Fred wrote: On 09/20/15 20:58, Quartz wrote: Powerdown went away in July 2014. The FAQ needs to be updated then: http://www.openbsd.org/faq/faq10.html "rc.shutdown /etc/rc.shutdown is a script that is run at shutdown. Anything you want done before the system shuts down should be added to this file. If you have apm, you can also set "powerdown=YES", which will give you the equivalent of "shutdown -p". " rc.shutdown is still needed if you need to run tasks before the reboot(8), halt(8), or when init(8) is signalled to shut the system down. I'm aware of what rc.shutdown is for. My issue is that the FAQ still suggests people add the poweroff parameter.
speedup shutdown
I have a machine where tapping the front panel power button correctly halts and powers off the machine however there's a solid 10 second delay after I press the button before anything happens. Is there any way to speed this process up?
Re: rc.shutdown powerdown
Powerdown went away in July 2014. The FAQ needs to be updated then: http://www.openbsd.org/faq/faq10.html "rc.shutdown /etc/rc.shutdown is a script that is run at shutdown. Anything you want done before the system shuts down should be added to this file. If you have apm, you can also set "powerdown=YES", which will give you the equivalent of "shutdown -p". "
rc.shutdown powerdown
Can someone explain in better detail what exactly the "powerdown=" line in rc.shutdown does? I have a few machines that range from full apm/acpi support to hardly none, but that line doesn't seem to affect anything on any of them, regardless what it's set to or if it's omitted completely.
Re: Cheap hardware for router, perhaps fileserver?
is seeing as I'm unlikely to get any more than "up to" 76Mbps from my ISP's fibre anyway, Effectively any hardware that still boots will work as a home router. A 500mhz Pentium III with 64mb ram can handle a 100mbps connection without breaking a sweat. Decide what you want to do about a fileserver first, that's the deciding factor for hardware. CuBox armv7 without having to be too inventive and using binary blobs from odd places for bootloaders and whatnot Do be aware that i386 and amd64 are the more tested platforms by a wide margin. The further you go into niche territory the more stuff will stop working and the more you'll have to mess around. and what good deals there are, I spent rather more on a mini-ITX PC system with a loud fan Again, home router duties require negligible horsepower. If you don't need much from the fileserver front you can probably build a machine from parts in your basement (can't beat free), or you could easily get away with a lower cost low power passively-cooled itx system.
Re: make bootable CD by bootable USB
hi all . i make bootable openbsd USB stick by ordinaly installatin . if i can make bootable CD from this USB , it is very happy . are there any methods ? is linux's isolinux or so possible ? is it very difficult to solve ? Just for clarification, are you trying to make a customized 'live' OpenBSD CD that will boot into a fully functional state, or are you just trying to install OpenBSD from a CD onto a drive?
Re: pf vs mp
I think you are focusing on the thing that will probably give you less problems, the CPU. These kind of systems tend to have problems with a lot of things, *before* you ever get to the CPU. Such as? These aren't going to be doing hardly any disk IO and they don't need fancy graphics, so assuming they have a good quality chipset handling the ethernet ports I can't think of much else that will really get in the way. Unless you're talking plan bad build quality or something. Don't expect top notch performance from them, specially under heavy loads. I'm not, that's why I was trying to sort out the single vs multi core issue to try to get the best out of it we could.
Re: pf vs mp
Is it not possible to buy two or three representative models and test them to find out which of celeron, atom, or amd is fastest? Well as restrictive as our requirements are, there are still a few too many options for that. I kinda wanted to narrow it down some more first.
Re: pf vs mp
As I said before, I think information is getting lost here in the discussion. The issue is we need something that fits within certain restrictive thermal/size/power/noise limits; these are all fanless setups and some might even be battery powered. And when I say "fanless" I mean *completely* fanless, there won't even be any fans in the chassis or power supply, so low TDP is super important, and that ends up meaning low performance. It's not clear to me yet how close to the margin we'll end up being.
Re: pf vs mp
I red all thoughts till now and my advice is if you are going to buy a new hardware now (year 2015) take multi core CPU. The OpenBSD just get better every day and if you follow tech@, source-changes@ and misc@ you already know that our beloved OS soon or later will spread load on all CPU/CORES (device drivers, TCP/IP stack, pf and so on). That's a good point in general, but this is an embedded project and it's pretty much set once made, so future expansion or upgrades aren't really a selling point.
Re: pf vs mp
The short answer is, unless you can guarantee that pf will have its own core and no other process will race against it (you can't), then go for the mp. OK, so after more info you're switching to the mp side? If that's true then all the latest recommendations from this afternoon forwards are in favor of mp.
Re: pf vs mp
The recommendation that people use SP kernels for networking is no longer valid. Ah, thank you for mentioning this explicitly. I had a memory of this kicking around at the bottom of my subconscious. I knew there was something else about this issue but couldn't put my finger on it.
Re: pf vs mp
On a more serious note, I don't see how one can actually buy faster single-core performance for this purpose. If the question was more detailed, describing specific models of machines, we'd be able to show it makes no financial sense. The cheapest stuff is good enough. As I said before, I think information is getting lost here in the discussion. The issue is we need something that fits within certain restrictive thermal/size/power/noise limits; these are all fanless setups and some might even be battery powered. The sort of questions I'm facing are like do we go for a single core Celeron or a multicore Atom or what. I understand that the gross performance of a top of the line Xeon or whatever will make this issue moot, but we can't afford something like that for this project.
Re: pf vs mp
Maybe this webpage would help you make an informed choice? https://calomel.org/pf_config.html That looks like a good reference for setting up pf and the right way to architect your pf.conf, but it doesn't appear to address any of the cpu threading issues I'm trying to figure out. Thanks though, I'll keep a copy of that in my files, it might help when we finally set this system up.
Re: pf vs mp
I'm sorry I'm not familiar with either of the processor's you're describing. In the vague terms you have given, I haven't described any specific models yet, I'm being a little vague because I was looking more for general guidance than having the list debate the pros and cons of dozens of different specific motherboards. The sort of stuff we're looking at are various Intel Atoms, Celerons, modern Pentium lines (eg, N3700), and a variety of things from AMD. There's a wide range here, so I'm trying to figure out where we should start looking first. I am 100% that the answer is use the multicore setup. OK
Re: pf vs mp
but the short answer is to use the multi-processor system. The single core will perform better when you care nothing about your performance, the multi-core system will perform better the only time you care at all about performance. I think some information is getting lost here. I'm not comparing single vs multi core operation in a purely mathematical sense on identical hardware. I'm trying to decide between a setup that uses a relatively fast single core vs a setup that uses slower multi cores. In aggregate the multiple cores have more processing power than the fast single, but in isolation are notably slower. The workload is mainly pf, and given that pf is currently single threaded, I'm trying to figure out if the other stuff on the box causes enough overhead that going with slower multi cores will end up being faster in the end or not.
Re: pf vs mp
not paying a context-switching tax during these simultaneous load events will make a bigger difference than any other single factor. I guess that's what I was getting at in my original poorly worded question: at what point do context switches negate the benefit of a faster single core (given a situation where the machine is only running a handful of services). I realize that's hard to answer without first providing extensive hardware and use case details though.
Re: pf vs mp
Dhcp, no. DNS, yes. Also, does a local DNS resolver really consume that much cpu that it would see any notable effect from having another core? I thought that was more a RAM thing.
Re: pf vs mp
A small office isn't that much different from a home server. It's not actually a small office, that's just the best analogy I could think of. I see, that more than really wanting to know if you'd be ok with mp, you're seeking validation to go through with a single core. Well... that's kind of the same thing though, isn't it? Hypothetically, if I have a single core with a speed of "1" vs say a dual core where each core has a speed of ".75", I'm getting the impression that the dual will end up being likely slower, given that pf is currently single threaded and the other stuff isn't accounting for much overhead. Even though the total computational power of the dual core would be 50% more, that extra power is effectively unusable. If you're only using pf, dhcpd and dns server, it will work. But don't expect it to scale too well if your small office becomes a medium sized office. Again, it's not actually an office, and it won't need to scale, at least not by much.
Re: pf vs mp
are we talking home router here or something more specialized? A little more specialized. It's a sort of embedded system and it needs to fit within some size/thermal/watts/noise constraints. It needs to serve something roughly equivalent to a small office. now if i needed a gateway/firewall for say 50 machines it would be different. dns, ntp, dhcp would all be moved to other machines on the network This has to be one physical box.
Re: pf vs mp
For an OpenBSD machine acting as a gateway/firewall/router with a handful of related tasks (pf, dhcp server, etc) would mp yield anything? Of course, yes. Just because PF doesn't get any benefits (yet) from MP, it doesn't mean these other programs won't. Sorry that was unclear wording on my part. This machine is 95% pf routing with some dhcp/dns on the side- AFAIK those won't account for much so if there's nothing else there wouldn't really be a benefit going multicore, right?
pf vs mp
Quick question: I need to make a decision between a faster single core and a slower multicore. The faq currently states that pf gets no improvement from mp. Is this still correct/current information? Presumably it would see no benefit from hyperthreading either, right? For an OpenBSD machine acting as a gateway/firewall/router with a handful of related tasks (pf, dhcp server, etc) would mp yield anything?
Re: bluetooth keyboard [was:Re: Intel Edison]
Just out of curiosity, are there any plans to support bluetooth at some point in the future?
Re: bluetooth keyboard [was:Re: Intel Edison]
If the dongle is just a bluetooth radio and expects the host to take care of parts of bluetooth (device peering etc), then OpenBSD can't use the keyboard. OK, I think that answers it for me then. Thanks.
Re: bluetooth keyboard [was:Re: Intel Edison]
:>OpenBSD doesn't support bluetooth on any hardware. : :Does that also include usb->bluetooth dongles for wireless keyboards? : That includes all forms of bluetooth where it is presented to the OS. If it fakes a keyboard, and shows up as a ukbd, then that driver will be used. Well I guess that was my question, perhaps worded badly. Basically, let's say I buy a bluetooth keyboard. Let's say it's a fancy model and is nice enough to come with a generic usb->bluetooth nub/dongle thingy I can plug in if my computer doesn't already have bluetooth capabilities. I plug it in. Does the keyboard then present to the OS as a raw keyboard, or does it present as some kind of special bluetooth device? I don't know what level of hardware abstraction is being used here.
Re: Intel Edison
Dongle for wireless device doesn't work that way. The dongle pretend to be the device and take care of all the communication. From the OS point of view, using a wired usb keyboard or a wireless keyboard using a dongle is the same thing. Also, bluetooth keyboard doesn't provide dongle. I wasn't referring to one of those RF-dongles from Logitech, but a usb gizmo that specifically creates a bluetooth 'network' that actual real bluetooth devices can connect to, for example http://www.amazon.com/dp/B007Q45EF4
Re: Intel Edison
OpenBSD doesn't support bluetooth on any hardware. Does that also include usb->bluetooth dongles for wireless keyboards?
Re: SuperMicro thin mini itx?
Contact their support department. I ended up doing that anyway earlier this morning. If I don't hear back from them maybe I'll try calling tomorrow or something. They're actually pretty good about answering questions on the phone, even on the first call. They did get back to me via email, and the answer is "no". We'll have to look into substitutes next week I guess.
Re: SuperMicro thin mini itx?
Why would you contact their marketing department? That's silly. Well because I assume that marketing encompasses sales, and the sales department kinda ought to know what products the company sells. Contact their support department. I ended up doing that anyway earlier this morning. If I don't hear back from them maybe I'll try calling tomorrow or something.
Re: SuperMicro thin mini itx?
From Supermicro website: http://www.supermicro.nl/products/motherboard/ATOM/ http://www.supermicro.nl/products/embedded/embedded_motherboard.cfm I know they sell Atom-based boards and various embedded boards, but just because it's Atom and/or embedded doesn't automatically mean it conforms to the thin-mini-itx standard. X9SBAA-F That one doesn't qualify either. Same issue with a high stack and no DC plug.
Re: SuperMicro thin mini itx?
Try the X10SBA Doesn't appear to fit the bill, unfortunately. That hdmi+displayport stack is too high, and while it has onboard DC12V it's missing the standardized plug on the back. Given that no one else has responded, I'm assuming that SuperMicro just doesn't make boards in this form factor, which is disappointing given how many other embedded solutions they offer. We'll probably have to go with an Intel model or something. Oh well.
SuperMicro thin mini itx?
We need to build some OpenBSD-based network devices that we'd strongly prefer to be based on SuperMicro hardware. Does anyone know offhand if they offer any products that conform to the Thin-Mini-ITX standard? Their website is unhelpful and so far their marketing email hasn't responded to inquiries.
Re: Repartitioning
And... here's an about 25 minute long video tutorial on how to do what I think you want. Yes I probably had better things to do, but nothing came to mind that seemed more fun... :-) Thank you so much! A full walkthrough always helps. There are some comments inline on what happens and why. Btw, you worry too much about your typing. Going slow is totally fine, anyone watching can just speed it up and/or skip around. Unfortunately I don't know much about video formats and editing, so this is straight from VirtualBox in webm format, whatever that is. webm is a new(ish) format Google whipped up to try to skirt around some patents and avoid all the copyright crap revolving around other formats. It's been around for a few years now, so any half-assed player can handle it. Feel free to ask me on or off list if you have any questions or run into any problems! 1) Thank you for (accidentally) reminding me that unmounting /usr may stop some programs from working. I sometimes forget that "core" utilities like vim et al live in /usr/* on most systems. 2) I notice you use 'halt -p' directly, even in multi-user mode. Isn't it safer to use 'shutdown'?
Re: Repartitioning
Also, another question: this system keeps nothing in the user's home directories past a few dot files. /home is using less than 1m of space. Would it be safe from a security/reliability standpoint to just move the home folders directly into / ?
Re: Repartitioning
You've stated you have a 10GB disk, and that this is 4.9. The disklabel(8) man page at 4.9 described the automatic layout at that time: Yeah, that's what we have. You have stated that /usr/src and /usr/obj are unused, /var is full, and /usr/local (used for packages and some infrastructure components) is nearly empty. Yep. The disklabel(8) tool is used to delete and create partitions. So part of the reason I started this thread is that I want to be clear since OpenBSD has two different kinds of "partitions". For what I'm doing, on an i386 platform, I don't need to mess with fdisk at all... Is that correct? would allow you to grow /usr with growfs(8). growfs is like other partition expanders in that can only expand "forward" and not "backward", right? As in, I couldn't nuke src and obj and then use growfs to expand home into that space. Assuming that's right, I'm probably going to make a new /var partition rather than expand an existing one. so you may need to do some backup / restore to external media, Honestly, there's so much free unused space that I can directly copy everything to it's final destination right off the bat. The best practice for moving of FFS filesystems is through the use of dump(8)/restore(8). I'm not sure that's what I want to be doing in my case. Especially when collapsing the /usr/* stuff down into just /usr, a simple cp or tar would be better, no? FAQ 14 may also be helpful, as it lays out the basics of disk management. Yeah I read all that first, but it doesn't answer a lot of specifics.
Re: Repartitioning
... in that order. This order could be not identical with the harddisk order. If I'm not mistaken, watching install operation, I think the / partition is the first followed by /home. Somebody correct me if I'm wrong. I've looked at the layout on this machine a dozen times. Cross reference with man disklabel if you don't believe me. One man already asked you for disklabel output. That WAS the disklabel output (minus sizes and offsets). When I next get a chance to ssh into it from somewhere else I'll copy the actual output, but the exact blocks shouldn't really matter for all this.
Re: Repartitioning
Maybe I missed it, but if you supply the output of disklabel and df, it would be easier to give advice. The machine isn't in front of me right now, but the partition setup was using the 'wizard' defaults. In other words: /, /tmp, /var, /usr, /usr/X11R6, /usr/local, /usr/src, /usr/obj, and /home, in that order. All the usr's (except x11) and home are set for a couple gigs each but only using a few hundred megs collectively. /var is a few hundred megs and close to full. Nuking src and obj will free up a lot, but I think it would make more sense to collapse all the usr stuff into just /usr, move home into where var currently is, and move var into the new space.
Re: Current USB Wifi status
it is actually not worth buying a new standalone access point unless you can install specifically OpenBSD on it, and temporary reuse of an old access point is sub-optimal now matter what you (re)flash on it, most firmwares including third party are vulnerable and suffer from the same reliability and hardware limitations. There's a difference between a wifi *access point* and a wifi *router*. You can't install much of anything on an access point, it's basically just a bridge. They only have one ethernet port on the back and like maybe a couple megs of ram if that, enough to handle basic password/encryption and not much else. They have about the same reliability issues as an unmanaged ethernet switch (ie; not a lot). As for routers, depending on what you have, it's not too hard to reflash them into what is basically a wap. The crummy software is the source of 99% of their problems, but if you replace that with a simple bridge firmware they clear right up. I've never seen even the shittiest of linksys units fail because of actual hardware issues. As far as hardware limitations go, you're not going to be getting any more bandwidth out of a g/n/ac/whatever pci card vs the same class standalone device. The processor of the wap or flashed router won't be managing any states or anything, so there's not much of a difference there. Personally I wouldn't recommend buying a wifi router to turn it into a wap, but that's because it's a waste of money. Repurposing an old one is fine, as is buying a new wap. I've seen plenty of people do this and these things have run flawlessly for years.
Re: Current USB Wifi status
So, Stuart's comment is still valid. I will stop looking for a USB solution, and instead see if I can find a low power chassis with a PCI slot. While more expensive, it is probably money well invested. It might be worth buying/reusing a standalone access point (perhaps reflashing a linksys router or something) and connecting via ethernet cable. That way you have more flexibility in choosing locations: ie, the OpenBSD router can be somewhere that's convenient for interfacing with your ISP's equipment, and the wap can be somewhere with good reception. 'course, then you have two boxes to deal with, so it's a trade off.
Re: Repartitioning
How about taking some directory that is currently under /var (depending on what you're doing with the machine, maybe log or www or mysql or something?) and moving the contents to /usr/obj or /usr/src (or if they're together on disk, remove /usr/obj and /usr/src and create a new partition covering the space that was used by both)? (Then change the mountpoint in /etc/fstab). If that gives you enough capacity, that might be easier than some big shuffle-around. That's kinda half-assing it for us, as that would still leave like three partitions around that are 95% empty consuming over a third of the disk. If I'm going to be redoing things, I might as well do it all at once.
Re: Repartitioning
You could also make a raw image of the disk and run a copy of that image in qemu on another computer, something which would give you a chance to do some experimenting with growfs(8)& friends without having to risk anything. Oh, now that's a really good idea actually, I never thought of that. Would that also work for VirtualBox or some other VM? VB can be weird about disk images.
Re: Repartitioning
- nuke usr/X11R6, That will end up with five partitions: /, /tmp, /home, /usr, and /var Also, this machine doesn't have X, FWIW.
Re: Repartitioning
there is no easy way to shrink or move filesystems, only copying their contents. depending on where /var is, your ability to grow it may be limited. Disklabel puts /var as the third partition. I wasn't really expecting to be able to grow it directly. I think what I'd like to do is - copy the contents of the /usr/local and /usr/X11R6 partitions over to dirs in /usr - backup contents of /var somewhere else temporarily - wipe /var partition and turn it into /home, and copy the old /home contents over - nuke usr/X11R6, /usr/local, /usr/src, /usr/obj, and the old /home (they're all adjacent partitions) - use that space to make a new /var That will end up with five partitions: /, /tmp, /home, /usr, and /var
Re: Repartitioning
(though when you start looking at how much it costs to power the thing, it's still not free, and at some point it might have been cheaper to replace it with something else. I don't think it really works that way for mechanical hard drives. At least, taking a quick look at the drive pile and comparing a few, there's an old 15gb ide that consumes .3 amps each for both rails, vs a couple 1tb sata drives that use .5 - .75 for both. Unless you're talking about replacing a mechanical with an SSD I don't think power consumption is really an issue. And depending on how expensive that SSD is compared to a bargain bin old mech, it may be a while before you catch up, especially if the machine isn't on 24/7.
Re: Repartitioning
First of all, you have a machine that is running a very old version of OpenBSD. You have a lot of upgrades to do, and since you have other issues (partitioning), you probably just want to reinstall and start over using your current knowledge of your disk layout needs. Well that's kind of the thing. The machine is mainly used for messing around and testing stuff, so it has a bunch of random things installed that will be a pain to move over. Additionally, we occasionally use it to verify things against older OpenBSD specifically (like, 4.9 was still using Apache for example). Upgrading is certainly possible, it's just a question of which will cause more pain in the end- that or repartitioning. Since you are working on a 10G hard disk, you might want to consider replacing that just because of its age (I say, as glance over at my crate of 20G and smaller HDs), and 10G disks are just plain slow compared to modern disks. That will be a problem eventually yes. This machine doesn't have a lot of disk activity though so so far the drive's been holding up. Speed isn't that big of a deal. The general answer to your question, however, is the "growfs" command. growfs will let you expand an off-line file system with additional space immediately adjoining the end of the partition. OK that's the general answer providing we replace the disk with a bigger one though, right? Is there a good way to use the same disk? Again, the issue is not that the disk is full, but that's it half empty and split up in a way that we can't really use the space.
Repartitioning
We have an older system running 4.9 that acts as a sort of dev/test/scratch machine for messing around. When it was set up it we threw a 10gb drive in there and did a generic install with all the defaults. Over time, as we've used this for various stuff, we've realized that that partitioning scheme turned out to be decidedly non optimal. /usr/obj and /usr/src are eating up a gig each but only have 2kb of data on them (this machine has never compiled anything). /home and /usr/local are using less than 45mb combined. Meanwhile /var was only set up at a few hundred megs and is bursting at the seams. Over half the drive's capacity is being wasted. I'm not super familiar with how OpenBSD does disks and all of the caveats. How easy would it be to nuke some of these partitions and recombine the space? Is it something that could be done with a couple fdisk commands or would it involve a lot of screwing around? I've looked though the manual regarding fdisk and disklabel but I'm still not sure I really understand how everything works together.
Re: Installed 5.7/amd64, now "No acceptable DHCPOFFERS received."
On first boot it gave me "No acceptable DHCPOFFERS received." When you say "first boot", do you mean booting the install media or booting the installed OS afterwards? Usually, a complaint about an *acceptable* offer specifically means that your dhclient.config is requiring certain parameters that your ISP's dhcp server isn't providing. In other words, it's getting an offer but won't use it. Additionally, I've had problems before with certain ISPs where they do something such that setting a 'require' parameter of any sort causes dhclient to always complain the offer isn't acceptable. It's possible that your config got messed up after the upgrade or that coincidentally your ISP changed something on their end at the same time. If it's not already, try changing dhclient.conf to be just a simple "request routers, subnet-mask, broadcast-address, domain-name-servers;" and see if that works. On the other hand, if that error popped up while booted from the install media, I'm not sure what that means. I've seen weird stuff like that when certain bios features mess with the networking, like VLANs or board-level VPN. That board does IPMI shared over one of the two ethernet ports, right? Try messing with the settings for that.
Re: Maybe OT: OpenSSH connection failure unless verbose
The point was to use ps on the *server* not on the client. So I was thinking you should use ps *on that server* to see if you could see signs of another connection attempt reaching it and then for some reason failing to give you an interactive shell. Ah ok. Yes I totally misunderstood you- I thought you meant check ps on the client to see if it was actually spawning an ssh process. In other words, it might be that there's some race condition on the server that you sometimes fail to reach, such that ssh -v slows things down just enough to avoid the race. That's possible. I'm not convinced it's on their end though, you'd think they'd have noticed by now ssh connections hanging all the time. Of course, it's also possible that you're seeing network problems, They do some weird stuff with their systems sometimes. Half their stuff is in house and the other half is cloud, and it's not always coherent. Additionally, there's always the possibility that I've somehow configured my firewalls in a weird way. in which case something like tcpdump would be a better source of clues (assuming that you can trace all the way to the server on a good day). Traceroute specifically doesn't yield much: outside of my ISP it bounces off over a dozen boxes with no host names before disappearing into a black hole (magic cloud issues I'm sure). Filtering with tcpdump can be annoying since what I filter for isn't always what comes back due to all the dns redirection. I do seem to be able to see at least most of the packets though I think. If you are on an openbsd machine which is running sshd OK. This works on their linux server.
Re: Maybe OT: OpenSSH connection failure unless verbose
Exactly. Probably ps -l (or maybe install and use pstree). Do you get new processes with sshd as a parent? I never get that. When ssh-ing into another machine I just get a single ssh process that's a direct child of the bash for that tty, there's never an sshd anywhere. When you use ps -l you will only see processes with a controlling terminal. This assumes I'm running ps without any command line arguments. But the PPID column relates each process to its parent process. If you start at any arbitrary process and trace back to its parent, and then to that process's parent, you will eventually find a PPID for a process that did not show up in ps -l. That will probably be the process id of sshd. I know how ps works :) On OSX, an outbound ssh connection spawns a single 'ssh' process, which is a child of bash. bash is a child of login. login is a child of Terminal. Terminal is a child of the launchd process for my account. That launchd process is a child of the master launchd process, PID 1. The (abbreviated) output of ps looks like this: TTY USER RUSER PPID PID COMMAND ?? root root 0 1 launchd ?? Quartz Quartz 1 208 launchd ?? Quartz Quartz 208 241 Terminal s000 root Quartz 241 246 login s000 Quartz Quartz 246 249 -bash s000 Quartz Quartz 249 3212 ssh On OSX, "sshd" is the receiving server side of the ssh connection. It only runs when I have an ssh connection INTO my machine, not when I'm connecting to someone else. The only other ssh related process is "ssh-agent", but that's always running no matter what. Or: ps -lx | grep 'ssh[d]' Not sure what OS / version of grep you're using. On OSX this yields no output even when ssh processes are running. If I shorten the regex to just 'ssh' I see the ssh process and ssh-agent which I mentioned above.
Re: Maybe OT: OpenSSH connection failure unless verbose
good day: "ssh user@server" = works just like it should What about "ssh -v user@server" on a good day? That works exactly as expected. ssh-ing in right now And more specifically, if you run ssh -v on both a good day and a bad day, what does diff between the two outputs show? IIRC, not much... I think I did that before once or twice. It's been OK today so I'll have to wait to confirm.
Re: Maybe OT: OpenSSH connection failure unless verbose
If you are only creating one ssh connection, does "good day" mean you have succeeded just once? No, I mean that I can ssh in without having to pass -v on the command line. In other words, it works the way it normally should. More specifically: good day: "ssh user@server" = works just like it should bad day: "ssh user@server" = no connection, no output... just hangs. "ssh -v user@server" = prints the expected debug info and connects as it should (...usually. Sometimes I have to specify -vv)
Re: Maybe OT: OpenSSH connection failure unless verbose
ktrace and tcpdump. I should have mentioned that the laptop is using OpenSSH but it's OSX not OpenBSD. ktrace was replaced with I think dtrace on OSX a while ago, so I'll have to look into how to get that set up. As for tcpdump, I'm not sure what I'd be looking for there. Most of the connection meat would be encrypted anyway though, wouldn't it? more generally, see where it's stopping. the pattern of traffic should be roughly the same. two packets that way, one packet this way, etc. perhaps you can determine if the client is waiting for the server, or the server for the client, or if only packets of 1337 bytes cause trouble, etc. OK fair enough I guess. I'll have to record several sessions to different machines along with a broken session to the server, then compare the whole lot side by side. Knowing my luck it'll be fine for the next few days until I've forgotten and then go bad again.
Re: Maybe OT: OpenSSH connection failure unless verbose
That's a good question, I'm not actually sure if I've ever opened two connections to it at once. For better or worse today is a "good" day so I'll have to wait to test this. If you are only creating one ssh connection, does "good day" mean you have succeeded just once? No, I mean that I can ssh in without having to pass -v on the command line. In other words, it works the way it normally should. Not sure what you mean here about "fresh processes", do you want me to look at the output of ps or something else? Exactly. Probably ps -l (or maybe install and use pstree). Do you get new processes with sshd as a parent? I never get that. When ssh-ing into another machine I just get a single ssh process that's a direct child of the bash for that tty, there's never an sshd anywhere.
Re: Maybe OT: OpenSSH connection failure unless verbose
ktrace and tcpdump. I should have mentioned that the laptop is using OpenSSH but it's OSX not OpenBSD. ktrace was replaced with I think dtrace on OSX a while ago, so I'll have to look into how to get that set up. As for tcpdump, I'm not sure what I'd be looking for there. Most of the connection meat would be encrypted anyway though, wouldn't it?
Re: Maybe OT: OpenSSH connection failure unless verbose
If you have one connection established to that server which is functioning (perhaps with -v on the client ssh) can you get the problem to occur with a second connection to that server? That's a good question, I'm not actually sure if I've ever opened two connections to it at once. For better or worse today is a "good" day so I'll have to wait to test this. If so, can you take a look at whether you are getting any fresh processes from your second connection attempts when they stall? (The question is: how far does a stalled attempt reach before it runs into this problem?) Not sure what you mean here about "fresh processes", do you want me to look at the output of ps or something else?
Maybe OT: OpenSSH connection failure unless verbose
I'm not sure if this is the right place to ask about this, but I can't seem to find an ssh-specific mailing list or web forum anywhere. I have a bog standard setup between a laptop and a local university that uses a bog standard id_rsa key for password-less access; to the best of my knowledge there's nothing remotely unusual about the ssh configuration on the laptop (I'm less sure about the university server since I don't have access to its config). About maybe 1/3 of the days I try to log into the server, the ssh connection hangs forever with no output UNLESS -v is specified on the command line, in which case it works totally fine. This is completely repeatable: no verbose, no worky (but only on bad days; on good days it works fine regardless). I've only ever experienced this problem with the connection to this one university, ssh otherwise works as expected connecting to every other machine. Searching the web for info is worthless because the first thing everybody tells you to do when debugging a connection issue is enable verbose, which obviously doesn't help me here. Likewise, I can't even confirm if anyone else has even experienced this sort of failure before since searching for connection/failure/verbose related keywords yields nothing but self-help related noise. I have limited access to their server too- I don't have and can't get a password (it's key only), so I don't know where to even start figuring this out. Any ideas?
Re: Intel Atom?
Off-the-shelf yes, home no, it's just a specialized setup with some odd requirements. We're fine with paying for good quality components but there's no need to overpay for something that offers a bunch of stuff we don't need, especially when we're going to be building several of these. I'm just trying to find the best balance, and I'm hoping that upper-mid-range Atoms are where it's at. Well, did you solve it? Not in two days :) I'm still doing research and trying to figure out what's even worth looking at. I'll start ordering and receiving components over the next week or so, but it'll be the end of the month easy before we've decided on the right combination of parts and can start rolling things out to the next stage. What's your useful idea to bring to other readers? Not sure what you're asking here? Do you have any experience related to this that we would like to read on? Well I mean I've been assembling systems since the late 90's, been using OpenBSD as the OS of choice for network appliances for roughly 10 years or so, and been very interested in small form factor computers for a while (I've been big on laptops from back when they were still kind of a waste of money). Not sure how different this is from any other tech guy though, but this list isn't the place for an auto-bio anyway. If you have specific questions I can try to answer. Jumping topics like a recently released person, hopefully you were not wasting everybody's time on the list. Well, I'm sorry you think that starting a whopping two threads in a row is indicative of being mentally disabled and/or a criminal. The two main questions I had were pretty much answered, so it wasn't a waste of time for me at least.
Re: new (nasty) spam pattern
Any cluebats? Not sure if it will help your specific situation, but you could look into server side "grey listing". This will cause your mail server to temporarily reject mail from them, forcing them to try again a couple hours later. Fly-by-night spam places almost never bother to resubmit, so it's pretty effective (it cut down my spam to under 5% literally overnight). https://en.wikipedia.org/wiki/Greylisting
Re: Intel Atom?
yet the original poster is obviously looking for COTS consumer electronics general purpose inexpensive mini-ITX mainboards for home router project. Off-the-shelf yes, home no, it's just a specialized setup with some odd requirements. We're fine with paying for good quality components but there's no need to overpay for something that offers a bunch of stuff we don't need, especially when we're going to be building several of these. I'm just trying to find the best balance, and I'm hoping that upper-mid-range Atoms are where it's at.
Re: Intel Atom?
ECC RAM always helps in the long term, It helps yes, but for a router I wonder if it makes a significant difference. if the board is collocated It's in-house. but I'd not have IMPI& serial BIOS (out of band) access. Both of those aren't necessary for this project. If you want to use X, Always consider a spare monitor& keyboard attached / around the system just in case. We don't need X, but do need local console / KVM. It will need a case fan (or two for redundancy) because the CPU is fanless and produces enough heat (about 15-20 W TDP) and even without a Radeon added (20 W more) inside, the system can not rely on free air convection in a tower / desktop small form factor (mini-ITX) case. Don't use external brick / micro / pico type PSU units, those are not offering any benefit over stock SFX/ATX form factor and are less than reliable to say the least not mention interchangeable. The PSU is one of the least reliable system blocks. The reason I'm asking about Atoms ITXs in the first place is that physical size is a major constraint for this project and a micro ATX case or larger is a non-starter. It's even proving hard to find an SFX/TFX case that's compact enough (and isn't shit). We're pretty much looking at some sort of "open mesh" compact case design with a compact PSU, like a pico+MiniBox M350, Antec ISK110, or Silverstone PT13B + a thin-ITX motherboard with bult-in dc power. In such a cramped situation the low heat output of an Atom seems a better choice than a full sized Core. (See my other thread on this list about using NICs with multiple jacks). Also, you're the first person I've seen who's said that pico's aren't reliable. We have one that's several years old that's still going strong. I'm curious what your experiences have been? but you'll miss the chance to learn and use the advanced capabilities or more reliable components on board. That's not really an issue, we have and use Supermicro stuff all the time. In fact there's a couple old P8SCT-based 1U severs I'm trying to sell off as we speak. and don't buy used That's a given. There is absolutely no point in considering SSD for this system. Maybe. This system also needs to act as a PXE boot server for a variety of clients, so it needs several gigs of storage space for all the images, and that storage needs to be fast enough that the clients can boot in a sane time frame. I'm not sure if random 16gb thumb drives will really cut it.
Re: Intel Atom?
Recommendation for a very capable router are C2750/C2758 Supermicro So, do you think we'd *need* a board like that? The reason I ask is that they're nearly twice the price of other dual-gigE Atom boards, and the ECC SODIMMs don't help. If you're saying that an old D525 can handle our traffic needs and is well supported, I'm don't think springing for this board makes sense.
Re: Intel Atom?
Here's the dmesg for my Tor exit relay, which runs on a D2700. It moves about 2.0-4.5 MB/s in each direction. Hmmm that's nowhere near as fast as what we do, and not even as fast as a P3. It seems to be running at full capacity doing so, I don't know much about tor. When you say "full capacity", do you mean the hardware was maxed out, or that you were doing the most that the tor network would allow you?
Re: Intel Atom?
FWIW here's the DMESG from the system I just put in place. pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x0bf3 rev 0x04 ehci0: timed out waiting for BIOS xhci0 at pci2 dev 0 function 0 vendor "Etron", unknown product 0x7052 ehci1: timed out waiting for BIOS I admit I'm not great at reading DMESGs, but these are the sorts of things that worry me.
Re: Intel Atom?
I just deployed an OpenBSD 5.7 firewall/router/dhcp/dns using this motherboard: http://www.newegg.com/Product/Product.aspx?Item=N82E16813157417 As a side question, is that a female usb connector planted vertically right on the motherboard? It uses the Intel Atom D2550 1.86GHz 2-Core chip and has dual 1000 Mbps Intel NICs on the motherboard. I am running the amd64 binaries on it and it's serving its purpose really well. How hard have you pushed the network IO?
Re: Intel Atom?
I just posted a dmesg from a SuperMicro motherboard with 8-core Intel Atom C2758. Yeah, I've heard about that board. I think it's a tad overkill for our situation though :) Depending on how you configure your disks the 8-core C2758 should be able to saturate a single gig-e nic. Our system will be mainly a router rather than a file server, so I'm mostly concerned with how well it would handle network-to-network rather than disk-to-network. Lemme put it a different way: a 500mhz P3 can handle pf on a saturated 100bt connection no sweat. I know Atoms are slower clock-for-clock, how do they compare (in general) and are there any OpenBSD specific concerns?
Re: Intel Atom?
There's a huge range of Atom processors. Some are 32-bit only single- core, there are models which are 64-bit capable and multi-core. There are a wide range of clock speeds, cache sizes, and bus speeds. I know, I was mainly looking for general opinion about support and performance. IIRC, back in ~08-09 when Atoms first came out there used to be issues with maybe DMA or something that caused some models to be way slower than specs would indicate, and I was wondering if that was mostly a thing of the past, or if ACPI/64bit/MP/whatever doesn't work right on certain model lines or something. Or basically any issue software or hardware that would make some models not be able to handle high traffic.
Intel Atom?
What's Intel Atom support like these days? I remember they used to be a little weird. Are they handled pretty much like any other x86 chip now or are some things still unsupported? Are they capable of handling pf on a saturated 100-base-t connection? How about gig-e?
Re: Firewall question: is using a NIC with multiple jacks considered insecure?
These days you have "bypass" features in hardware that allow packets to flow from one interface to another even if the firewall is turned off. Can you elaborate on this? Also, that brings up another point wrt motherboards with multiple jacks; are bios attacks something to worry about? Having said that, just throwing random chipsets into the mix is probably not the right solution. You may actually be increasing your attack surface. That's always a possibility yes. If this is a real concern for you, The thing is I don't really know if this should be a realistic concern, that's why I'm asking. A motherboard with multiple ports would certainly be more convenient, but it's not worth it if it would compromise security.