OT: Re: Help with lpd and XP
One reason I have read about is that there where problems with buggy printservers that did not clear the out downloaded fonts and other things.(especially these on a laserjet) Setting the the filesize to something "invalid" would lead the software to do a small soft reboot and clear up settings from the previous printjob. A really ugly solution that could lead the unixbased printserver to start to buffer for a 4Gb file in the worst case. Greg Thomas wrote: On 12/11/05, Garance A Drosihn <[EMAIL PROTECTED]> wrote: At 10:25 AM -0800 12/4/05, Greg Thomas wrote: On 12/4/05, Steve Murdoch <[EMAIL PROTECTED]> wrote: > > Any issues I had printing from XP went away when I enabled > LPR Byte counting in the LPR port settings. Any ideas why that is? Apparently Windows (in general) does not like to keep a byte-count for a file. It is not a saved attribute of a file, so "something" (I don't know what) has to count the bytes. This is overhead, so it defaults to off. I know little about windows, so that description might not be 100% accurate. However, I do know about unix implementations of lpd. When a file is transferred, the remote side first says how many bytes it is going to transfer, and it then transfers that amount of data. The RFC for lpr implies that you can put in a zero for the length, in which case lpd will just keep reading until the end-of-file condition. But in fact there are no implementations of lpd for unix which actually do that (well, none that I've noticed at least. I guess lprNG might, I haven't checked that one). If you tell lpd you're going to send zero bytes, then by golly it thinks you will send a zero-byte data file. So if you don't turn on LPR byte-counting, then these Windows implementations will send the 'count' field to zero, which should work according to RFC 1179, but won't in fact work with most implementations of lpd for Unix. Cool. Thanks for the explanation and it makes complete sense because the queue on the server always stuck at 0 bytes. I do know that the lpd on the little wireless print server I have doesn't require byte counting from XP boxes. Greg
Re: wicontrol: specify both ssid and bssid as a client
> there are three access points that i can pick up that have the same > ssid. is there a way to specify the mac address of the access point i > wish to use? Yes, read wi(4) and ifconfig(8). I doubt you need wicontrol at all.
ethereal
Hello misc, Has someone compiled the ethereal? If so, you do can help me. When I try to compile that source I get a message that I don't have the GTK+2 and GLIB2 installed on my system, but I DO have they. So if anyone passed through this problem, please, HELP ME!!! =] Hugs -- Ricardo Lucas
Re: ethereal
On Mon, Dec 12, 2005 at 08:10:43AM -0200, Ricardo Lucas wrote: > Hello misc, > > Has someone compiled the ethereal? If so, you do can help me. > When I try to compile that source I get a message that I don't have the > GTK+2 and GLIB2 installed on my system, but I DO have they. > So if anyone passed through this problem, please, HELP ME!!! =] First, try to understand just *why* ethereal is not available as a port. See http://marc.theaimsgroup.com/?l=openbsd-ports-cvs&m=108984209100775&w=2, for example. That being said, could you post pkg_info output and the actual error? Joachim
Re: removing old files - /usr grows with each release
On Sun, Dec 11, 2005 at 06:45:59PM +0100, Andreas Bartelt wrote:
> My goal is to savely remove all files from older releases, which aren't
> needed anymore.
This is simple scripts which gets at least two arguments. First is
filelist from your current running system and the second is directory
which should be scanned for some old stuff. If filelist is a signle
dash (`-') clean-up reads from standard input.
Filelist can be generated (useful if you are running OpenBSD-current)
from `makeflist' script and directly send to clean-up which can check
`sbin' directory for obsolete files:
# ( cd /usr/src/distrib/sets && sh makeflist ) | \
sh clean-up - sbin > review-remove.txt
After upgrade to newer release or snapshot from tgz sets you can create
filelist with tar(1):
$ echo base??.tgz man??.tgz | xargs -n1 tar -ztf > current.txt
$ sh clean-up current.txt sbin usr/share > review-remove.txt
You _must_ carefuly review output file from clean-up and remove lines
with files and directories which should not be removed from your system.
After review xargs(1) utility can simply wipeout obolete stuff:
# cat review-remove.txt | ( cd ${DESTDIR:=/} && xargs rm )
References:
1. http://kubek.no-ip.org/~hns/downloads/bsd/sh.clean-up
--
best regards
q#
Re: Part 2: What it be helpful if...
Joachim Schipper math.uu.nl> writes: > Now, this does not mean I agree with the original poster - but he wrote > something sensible and even mostly grammatically correct, which merits > at least a sensible response. Were you under the influence of drugs while reading it because it seemed like a stream of incoherent gibberish to me?
Re: afterboot(8) message missing?
On Sun, Dec 11, 2005 at 12:00:16PM +0100, Tobias Ulmer wrote: > On 3.7, when you loged in as root, there was a nice message saying you should > read afterboot(8). This message did disappear in 3.8 and it's not in recent > snapshots if I remember correctly. > My guess is that it was just forgotten when changing from csh to ksh. > Nothing very important, but anyway, here is a fix: > i think you are referring to /usr/src/etc/root/root.mail, which is left sitting in root's mailbox after an install. it does not happen every time root logs in. jmc
Re: removing old files - /usr grows with each release
Hi, Matthias Kilian wrote: ... You could (ab)use the checkflist script in /usr/src/distrib sets, as mentioned in release(8): # cd /usr/src/distrib/sets # DESTDIR=/ sh checkflist > foo Thanks for pointing me to release(8). In the end, I followed the steps described in release(8) and replaced the old /usr tree with the RELEASEDIR/usr tree. Afterwards, I reinstalled the previously installed ports. Besides the time required for a full 'make build', it was pretty easy and didn't require much user interaction. (disk usage after replacing /usr and reinstalling the same ports I was using before) df -h ... /dev/wd0e 359M277M 63.9M81%/usr Thanks a lot for all answers. regards, Andreas
Re: afterboot(8) message missing?
On Mon, Dec 12, 2005 at 12:03:32PM +, Jason McIntyre wrote: > i think you are referring to /usr/src/etc/root/root.mail, which is left > sitting in root's mailbox after an install. > > it does not happen every time root logs in. > > jmc > > No, but to the dot.login and dot.profile files in the same directory. # chsh -s /bin/csh root (login on a console as root) login: root Password: (snip) Read the afterboot(8) man page ... uran# Do the same with ksh and there won't be a message. Since ksh is the new standard shell, so I thought this might be missing. Tobias
Re: afterboot(8) message missing?
On Mon, Dec 12, 2005 at 01:38:57PM +0100, Tobias Ulmer wrote: > > No, but to the dot.login and dot.profile files in the same directory. > > # chsh -s /bin/csh root > (login on a console as root) > login: root > Password: > (snip) > Read the afterboot(8) man page ... > uran# > > Do the same with ksh and there won't be a message. Since ksh is the new > standard shell, so I thought this might be missing. > oh, i didn't know that happened. what a horrible thing. just add it to dot.profile if you really want it. i don't see the point of making it default, it is so awful. jmc
Re: acpi related confusion
> Well, you'd be wrong. Development is just starting. my mistake, sorry about that. In general, I was being relative with "dating" it...I just remembered that sometime between the release of 3.7 and 3.8 that the beginnings of support was being discussed. I could be wrong there too. I am glad though that the project is taking the whole thing cautiously. It may make the dev process longer, but I'm sure it'll be worth it in the end. thanks. ryanc
Re: Ethernet Trunking
On Tue, Nov 29, 2005 at 11:03:28PM +0400, Bruno Carnazzi wrote: > Hi all, > > I'm looking at the link aggregation feature (man trunk(4)) of OpenBSD > 3.8. In my case, I'd like to use it on Ethernet interfaces : should > the switch be configured in a special way or is it level-2 transparent > ? I mostly use Cisco 2950 switches... What are the differences between > 'round-robin' and 'none' protocol ? I've read this : > http://www.onlamp.com/pub/a/bsd/2005/10/20/openbsd_3_8.html?page=1. > This let me think that the configuration shown is a kind of "ARP load > balancing" (1 IP@ for 2 MAC@). Am I right or it is something else > (Virtual MAC@ or...) ? > > >From my experience, trunk(4) doesn't require support from switches. In case of round-robin, outgoing traffic is distributed through aggregated NICs; incoming traffic is received from all aggregated NICs, which requires support from switch, but doesn't break trunk(4)'s usability. failover can be fully functional without switch support, and `none' just disables traffic without destroying device. (un)fortunately, i'm not experienced in Cisco's hardware ;) - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: afterboot(8) message missing?
On Mon, Dec 12, 2005 at 12:55:52PM +0001, Jason McIntyre wrote: > On Mon, Dec 12, 2005 at 01:38:57PM +0100, Tobias Ulmer wrote: > > > > No, but to the dot.login and dot.profile files in the same directory. > > > > # chsh -s /bin/csh root > > (login on a console as root) > > login: root > > Password: > > (snip) > > Read the afterboot(8) man page ... > > uran# > > > > Do the same with ksh and there won't be a message. Since ksh is the new > > standard shell, so I thought this might be missing. > > > > oh, i didn't know that happened. what a horrible thing. Yep, I couldn't sleep 3 days because of this! > just add it to dot.profile if you really want it. That won't help... > i don't see the point of making it default, it is so awful. That shows that you have never read afterboot(8), because in this awesome man page you will be told, not to log in as root and use su or sudo instead ;-)) > > jmc > Have fun, Tobias (EOT)
Re: afterboot(8) message missing?
On 12/12/05, Tobias Ulmer <[EMAIL PROTECTED]> wrote: > On Mon, Dec 12, 2005 at 12:55:52PM +0001, Jason McIntyre wrote: > > On Mon, Dec 12, 2005 at 01:38:57PM +0100, Tobias Ulmer wrote: > > > > > > No, but to the dot.login and dot.profile files in the same directory. > > > > > > # chsh -s /bin/csh root > > > (login on a console as root) > > > login: root > > > Password: > > > (snip) > > > Read the afterboot(8) man page ... > > > uran# > > > > > > Do the same with ksh and there won't be a message. Since ksh is the new > > > standard shell, so I thought this might be missing. > > > > > > > oh, i didn't know that happened. what a horrible thing. > > Yep, I couldn't sleep 3 days because of this! > > > just add it to dot.profile if you really want it. > > That won't help... > > > i don't see the point of making it default, it is so awful. > > That shows that you have never read afterboot(8), because in this > awesome man page you will be told, not to log in as root and use > su or sudo instead ;-)) +1 afterboot(8) rulez. :-) Cheers, Constantine.
Re: Transparent ISP proxy problem or PF problem
Hi again, Steve. > With any potential MTU issue I always start with something like > "ping -vDs 1472 arenabg.com" from various hosts and routers. > As you vary the sizes you should receive either an echo-reply or a > packet-too-big (confirm with a packet sniffer). If you don't receive any > reply > you might have found why and where PathMTU is broken. > I tried the ping test. Here are some results --- pinging from the OpenBSD router --- $ ping -vDs 1472 arenabg.com PING arenabg.com (82.101.72.23): 1472 data bytes 1480 bytes from 82.101.72.23: icmp_seq=0 ttl=57 time=15.371 ms --- pinging from the OpenBSD router --- $ ping -vDs 1473 arenabg.com PING arenabg.com (82.101.72.24): 1473 data bytes ping: sendto: Message too long ping: wrote arenabg.com 1501 chars, ret=-1 --- pinging from a machine behind the router --- $ ping -vds 1472 arenabg.com PING arenabg.com (82.101.72.24) 1472(1500) bytes of data. 1480 bytes from pleasure-dome.arenabg.com (82.101.72.24): icmp_seq=1 ttl=56 time=28.1 ms --- pinging from a machine behind the router --- $ ping -vds 1473 arenabg.com PING arenabg.com (82.101.72.23) 1473(1501) bytes of data. # no reply is recieved - 100% packet loss --- pinging from a machine outside my network --- $ ping -vDs 1472 arenabg.com PING arenabg.com (82.101.72.24): 1472 data bytes 1480 bytes from 82.101.72.24: icmp_seq=0 ttl=61 time=6.288 ms --- pinging from a machine outside my network --- $ ping -vDs 1473 arenabg.com PING arenabg.com (82.101.72.23): 1473 data bytes ping: sendto: Message too long The last results are from a machine that is not in my provider's network either. I'd be happy if you could post some comment on this. Does this mean that there is a PMTU problem with my OBSD router? Thanks, Alexander
Re: Part 2: What it be helpful if...
On Mon, Dec 12, 2005 at 11:28:43AM +, Simon Morgan wrote: > Joachim Schipper math.uu.nl> writes: > > Now, this does not mean I agree with the original poster - but he wrote > > something sensible and even mostly grammatically correct, which merits > > at least a sensible response. > > Were you under the influence of drugs while reading it because it seemed > like a stream of incoherent gibberish to me? Well, I *am* Dutch... ;-) Joachim
Will spamd work with db on a RAM disk?
Will spamd work if /var/db/spamd is a symbolic link to a file on a RAM disk? I noticed that spamd uses quite a bit of disk I/O (on a box that is bound by disk I/O). Is it safe to make a backup copy of the file while spamd is running? I'm willing to trade the possibility of losing 30 minutes of greylist data for a lower disk load. I couldn't find any docs on the format of the db file spamd uses and I couldn't figure it out from a quick scan of the spamd.c source. Awesome concept, btw. Thanks, m
Re: Will spamd work with db on a RAM disk?
Quoting Mark Bucciarelli <[EMAIL PROTECTED]>: Will spamd work if /var/db/spamd is a symbolic link to a file on a RAM disk? I noticed that spamd uses quite a bit of disk I/O (on a box that is bound by disk I/O). Is it safe to make a backup copy of the file while spamd is running? I'm willing to trade the possibility of losing 30 minutes of greylist data for a lower disk load. I couldn't find any docs on the format of the db file spamd uses and I couldn't figure it out from a quick scan of the spamd.c source. Awesome concept, btw. Thanks, m
Re: Will spamd work with db on a RAM disk?
Quoting Mark Bucciarelli <[EMAIL PROTECTED]>: Will spamd work if /var/db/spamd is a symbolic link to a file on a RAM disk? I noticed that spamd uses quite a bit of disk I/O (on a box that is bound by disk I/O). Spamd uses Berkeley DB - if your disk file is large you will use plenty of I/O to it. Rather than screwing with a ramdisk, try changing the kernel's bufcachepct to use more of your physmem for cacheing that file. i.e. if your machine is just doing spamd, allocate a lot more of your ram for this by increasing bufcachepct in the kernel - just don't crank it up so much your system has no ram available to do anything else. Short synopsis: # config -e -o /nbsd /bsd OpenBSD 3.8-current (GENERIC) #48: Thu Dec 8 22:10:46 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC Enter 'help' for information ukc> cachepct bufcachepercent = 10 ukc> cachepct 50 bufcachepercent = 50 ukc> quit Saving modified kernel. # cp /bsd /obsd # mv /nbsd /bsd # reboot -Bob -Bob
Re: ethereal
> Has someone compiled the ethereal? If so, you do can help me. > When I try to compile that source I get a message that I don't have the > GTK+2 and GLIB2 installed on my system, but I DO have they. > So if anyone passed through this problem, please, HELP ME!!! =] No, not for a long time. I would however, recommend ettercap. It's in ports. > Hugs uhh hugs back? I guess... ;) --Bryan
Re: Will spamd work with db on a RAM disk?
On Mon, Dec 12, 2005 at 09:35:20AM -0700, [EMAIL PROTECTED] wrote: > Spamd uses Berkeley DB - if your disk file is large you will use > plenty of I/O to it. Ok, so looks like my options are: (1) take spamd down, call db_checkpoint, copy files, restart spamd (2) mess around with db_hotbackup. > if your machine is just doing spamd, allocate a lot more of your ram > for this by increasing bufcachepct in the kernel Unfortunately, it's doing a lot of other stuff at the moment so I don't think this will help much. m
Re: Will spamd work with db on a RAM disk?
On Mon, 12 Dec 2005 12:28:34 -0500, Mark Bucciarelli <[EMAIL PROTECTED]> wrote: >On Mon, Dec 12, 2005 at 09:35:20AM -0700, [EMAIL PROTECTED] wrote: > >> Spamd uses Berkeley DB - if your disk file is large you will use >> plenty of I/O to it. > >Ok, so looks like my options are: > >(1) take spamd down, call db_checkpoint, copy files, restart spamd > >(2) mess around with db_hotbackup. > >> if your machine is just doing spamd, allocate a lot more of your ram >> for this by increasing bufcachepct in the kernel > >Unfortunately, it's doing a lot of other stuff at the moment so I don't >think this will help much. > >m Please think about what Bob suggested for a moment and then look at your reply. -The overhead and resource usage of creating/maintaining a ram disk is greater than simply increasing the physmem allocation for caching files. JCR
Re: Will spamd work with db on a RAM disk?
On Mon, Dec 12, 2005 at 09:46:59AM -0800, J. C. Roberts wrote: > Please think about what Bob suggested for a moment and then look at your > reply. -The overhead and resource usage of creating/maintaining a ram > disk is greater than simply increasing the physmem allocation for > caching files. I did think about it, but maybe incorrectly. I figured the kernel would not be smart enough to give a strong preference to caching the files that are getting written to (/var/db/spamd) over those files that are getting read a lot (SpamAssassin and ClamAV). I figured that's why he qualified his suggestion with spamd being the only running on the box. Or are you saying that caching the reads would help with the I/O bottle neck just as effectively? I would be surprised by that, especially since it's RAID1. m
Re: ethereal
Thank's for the hint man. I will not install this pkg. Thank's again. 2005/12/12, Joachim Schipper <[EMAIL PROTECTED]>: > > On Mon, Dec 12, 2005 at 08:10:43AM -0200, Ricardo Lucas wrote: > > Hello misc, > > > > Has someone compiled the ethereal? If so, you do can help me. > > When I try to compile that source I get a message that I don't have the > > GTK+2 and GLIB2 installed on my system, but I DO have they. > > So if anyone passed through this problem, please, HELP ME!!! =] > > First, try to understand just *why* ethereal is not available as a port. > See > http://marc.theaimsgroup.com/?l=openbsd-ports-cvs&m=108984209100775&w=2, > for example. > > That being said, could you post pkg_info output and the actual error? > >Joachim > > -- Ricardo Lucas
Re: Part 2: What it be helpful if...
SImon Morgan is a comlete waste of life.. to let his curisng intimidate you for speaking your mind, as he is aloowed to spam this list with vulgarity like a 7 year old how just learned a four letter word, you are free to speak your mind as well. Usually people that curse, are not articulate enough to say what they are feeling... As in simons case it propbably has to do with his miserable existance and lack of intellect as well. Simon I am not judging you.. I am just saying. I feel sorry for you. And maybe you are not a person who cares about those around them, but some of us on this list have the ability to communicate with each other in a manner of respect ... something your daddy never taught you obviously. On 12/12/05, Joachim Schipper <[EMAIL PROTECTED]> wrote: > On Mon, Dec 12, 2005 at 11:28:43AM +, Simon Morgan wrote: > > Joachim Schipper math.uu.nl> writes: > > > Now, this does not mean I agree with the original poster - but he wrote > > > something sensible and even mostly grammatically correct, which merits > > > at least a sensible response. > > > > Were you under the influence of drugs while reading it because it seemed > > like a stream of incoherent gibberish to me? > > Well, I *am* Dutch... ;-) > > Joachim
Re: Will spamd work with db on a RAM disk?
> Or are you saying that caching the reads would help with the I/O bottle > neck just as effectively? I would be surprised by that, especially > since it's RAID1. > HorseCookies. Think about it. The slowest ram on earth [1] runs rings around the fastest raid stuff you can find. Disk is slower than memory. If you're I/O bound *and not memory bound* crank up bufcachepct. The *and not memory bound* is the part I meant about "not doing anything else" - because I know you're not going to be memory bound running spamd [2]. -Bob [1] Please don't try to find me ram as slow as your disk. I don't want to know :) [2] assuming you're running a machine from the century of the fruit bat. Yes, you can be memory bound running spamd on a 12 megabyte cyrix 386 or something like that
dhcpd and static entries
I have a dhcp'd network, with static entries for a ton of machines.
The problem is that the range is for .10 - .254, and the static entries
are scattered throughout. When a random client requests an address,
dhcpd will give out a staticly defined entry. So when the static entry
machine comes back, the two machines fight each other for the address.
Moving the static entries to outside the range is unfeasable right
now. And it doesn't address the issue of 'machine was on a different
dhcp network with an address that happens to be staticly defined on
ours'.
Why does dhcpd give out addresses that are currently in use, and why
does it give out staticly defined addresses? Shouldn't it remove the
static entries from the dynamic pool?
Sanitized portions of config:
shared-network LOCAL-NET {
option domain-name "example.com";
option domain-name-servers 10.0.0.1;
option nis-domain "example.nis";
option nis-servers nis.example.com;
option ntp-servers ntp.example.com;
option time-offset -28800; # PST
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.1;
range 10.0.0.10 10.0.0.254;
}
group {
use-host-decl-names on;
# host1.example.com 10.0.0.15
host host1.example.com { hardware ethernet \
00:0f:1f:f7:7d:64; fixed-address host1.example.com; }
# host2.example.com 10.0.0.20
host host2.example.com { hardware ethernet \
02:A0:98:01:F5:B4; fixed-address host2.example.com; }
# host3.example.com 10.0.0.29
host host3.example.com { hardware ethernet \
00:0F:1F:F7:78:B6; fixed- address host3.example.com; }
}
}
--
Workers of the world, arise! You have nothing to lose but your
chairs.
Re: dhcpd and static entries
This is with -current dhcpd within the last month.
On Mon, 12 Dec 2005 12:15:37 -0800
Peter Hessler <[EMAIL PROTECTED]> wrote:
: I have a dhcp'd network, with static entries for a ton of machines.
: The problem is that the range is for .10 - .254, and the static
: entries are scattered throughout. When a random client requests an
: address, dhcpd will give out a staticly defined entry. So when the
: static entry machine comes back, the two machines fight each other
: for the address.
:
: Moving the static entries to outside the range is unfeasable right
: now. And it doesn't address the issue of 'machine was on a different
: dhcp network with an address that happens to be staticly defined on
: ours'.
:
: Why does dhcpd give out addresses that are currently in use, and why
: does it give out staticly defined addresses? Shouldn't it remove the
: static entries from the dynamic pool?
:
:
: Sanitized portions of config:
:
: shared-network LOCAL-NET {
: option domain-name "example.com";
: option domain-name-servers 10.0.0.1;
:
: option nis-domain "example.nis";
: option nis-servers nis.example.com;
: option ntp-servers ntp.example.com;
: option time-offset -28800; # PST
:
: subnet 10.0.0.0 netmask 255.255.255.0 {
: option routers 10.0.0.1;
:
: range 10.0.0.10 10.0.0.254;
: }
:
: group {
: use-host-decl-names on;
: # host1.example.com 10.0.0.15
:host host1.example.com { hardware ethernet \
: 00:0f:1f:f7:7d:64; fixed-address host1.example.com; }
: # host2.example.com 10.0.0.20
: host host2.example.com { hardware ethernet \
: 02:A0:98:01:F5:B4; fixed-address host2.example.com; }
: # host3.example.com 10.0.0.29
: host host3.example.com { hardware ethernet \
: 00:0F:1F:F7:78:B6; fixed- address host3.example.com; }
:}
: }
:
:
:
: --
: Workers of the world, arise! You have nothing to lose but your
: chairs.
:
--
Sex without love is an empty experience, but, as empty experiences go,
it's one of the best.
-- Woody Allen
Re: Will spamd work with db on a RAM disk?
On Mon, 12 Dec 2005 13:10:19 -0500, Mark Bucciarelli <[EMAIL PROTECTED]> wrote: >On Mon, Dec 12, 2005 at 09:46:59AM -0800, J. C. Roberts wrote: > >> Please think about what Bob suggested for a moment and then look at your >> reply. -The overhead and resource usage of creating/maintaining a ram >> disk is greater than simply increasing the physmem allocation for >> caching files. > >I did think about it, but maybe incorrectly. > >I figured the kernel would not be smart enough to give a strong >preference to caching the files that are getting written to >(/var/db/spamd) over those files that are getting read a lot >(SpamAssassin and ClamAV). I figured that's why he qualified his >suggestion with spamd being the only running on the box. > >Or are you saying that caching the reads would help with the I/O bottle >neck just as effectively? I would be surprised by that, especially >since it's RAID1. > >m First of all, Bob suggested mucking around with buttons. You will see such suggestions *very* rarely from developers and kernel tweaking is generally discouraged. The defaults are there for a reason and were created/tested by folks who know the system a lot better than you and I combined. If you ever get a suggestion on this list to start twisting knobs and pushing buttons, make sure it's from a credible source and don't be surprised if said credible source decides to send you the suggestion privately off-list. There may be limitations to the approach Bob mentioned such as dependencies on how much physical memory you have in the box. I'm not sure how/if UBC has changed this... -A lot has changed since Feb 2004 but you might find this *old* post enlightening: http://www.monkey.org/openbsd/archive/misc/0402/msg00888.html Either way, Bob's suggestion of increasing bufcachepercent from 10% to 50% is a hypothetical example, so don't take the value as a hard fact since it might even be over-kill for your needs. The only way you'll find out is to run some tests for yourself. Unfortunately, you are the only one on this list that knows your memory and data set sizes as well as other system information, loads and requirements. Even if you provide the details, you'll still need to do your own testing... As you stated, your goal of a RAM Disk is use RAM to reduce Disk I/O on a system that is bound by disk I/O. -This is the reason why caching to RAM was invented. The type of RAID you're running really has nothing to do with it save one exception; if you are truly in need of better performance on a system that is disk I/O bound yet runs RAID1 as you indicated, why not run RAID0 to (help) solve your I/O problem? Are you running RAIDframe or hardware RAID? Any chance of adding a disk and using RAID5? Better/more caching in your RAID controller? Personally, I'd first test/benchmark a base install system. You might be pleasantly surprised by the results and not need to do anything else. Next I'd try the tweak Bob provided and test again, compare the results (I'm betting Bob's right). If it provides marked improvements that satisfy your requirements, try tweaking the value around a bit and run more tests. If I was still outside of my requirements, I'd probably throw more/better hardware at the problem before trying to do something esoteric in software. -Every time I try to get clever, the only thing I manage to prove is that my feet aren't bullet proof. ;-) Kind Regards, JCR
Re: dhcpd and static entries
On 12/12/05, Peter Hessler <[EMAIL PROTECTED]> wrote:
>
> This is with -current dhcpd within the last month.
>
> On Mon, 12 Dec 2005 12:15:37 -0800
> Peter Hessler <[EMAIL PROTECTED]> wrote:
>
> : I have a dhcp'd network, with static entries for a ton of machines.
> : The problem is that the range is for .10 - .254, and the static
> : entries are scattered throughout. When a random client requests an
> : address, dhcpd will give out a staticly defined entry. So when the
> : static entry machine comes back, the two machines fight each other
> : for the address.
> :
> : Moving the static entries to outside the range is unfeasable right
> : now. And it doesn't address the issue of 'machine was on a different
> : dhcp network with an address that happens to be staticly defined on
> : ours'.
> :
> : Why does dhcpd give out addresses that are currently in use, and why
> : does it give out staticly defined addresses? Shouldn't it remove the
> : static entries from the dynamic pool?
Because you're static ips are within your dynamic pool, just setup the
static addresses so they're outside the dynamic range. Your server is
misconfigured otherwise.
:
> : Sanitized portions of config:
> :
> : shared-network LOCAL-NET {
> : option domain-name "example.com";
> : option domain-name-servers 10.0.0.1;
> :
> : option nis-domain "example.nis";
> : option nis-servers nis.example.com;
> : option ntp-servers ntp.example.com;
> : option time-offset -28800; # PST
> :
> : subnet 10.0.0.0 netmask 255.255.255.0 {
> : option routers 10.0.0.1;
> :
> : range 10.0.0.10 10.0.0.254;
> : }
> :
> : group {
> : use-host-decl-names on;
> : # host1.example.com 10.0.0.15
> :host host1.example.com { hardware ethernet \
> : 00:0f:1f:f7:7d:64; fixed-address host1.example.com; }
> : # host2.example.com 10.0.0.20
> : host host2.example.com { hardware ethernet \
> : 02:A0:98:01:F5:B4; fixed-address host2.example.com; }
> : # host3.example.com 10.0.0.29
> : host host3.example.com { hardware ethernet \
> : 00:0F:1F:F7:78:B6; fixed- address host3.example.com; }
> :}
> : }
> :
> :
> :
> : --
> : Workers of the world, arise! You have nothing to lose but your
> : chairs.
> :
>
>
> --
> Sex without love is an empty experience, but, as empty experiences go,
> it's one of the best.
> -- Woody Allen
>
>
--
Abe Al-Saleh
I love deadlines. I like the whooshing
sound they make as they fly by.
--Douglas Adams
Re: dhcpd and static entries
On Mon, 12 Dec 2005 13:59:23 -0700 Abraham Al-Saleh <[EMAIL PROTECTED]> wrote: : On 12/12/05, Peter Hessler <[EMAIL PROTECTED]> wrote: : > : : > : Moving the static entries to outside the range is unfeasable right : > : now. And it doesn't address the issue of 'machine was on a : > : different dhcp network with an address that happens to be : > : staticly defined on ours'. : > : : > : Why does dhcpd give out addresses that are currently in use, and : > : why does it give out staticly defined addresses? Shouldn't it : > : remove the static entries from the dynamic pool? : : : Because you're static ips are within your dynamic pool, just setup : the static addresses so they're outside the dynamic range. Your : server is misconfigured otherwise. So its a feature, not a bug? Note the paragraph before the one you addressed, it says "can't happen". Would adding such a feature (maybe off by default, but configurable in command line/conf file) be accepted? -- "Here at the Phone Company, we serve all kinds of people; from Presidents and Kings to the scum of the earth ..."
how to set vsftpd with virtual users?
Hello, I was searching in the web for many days without finding the answer to my problem. I4m trying to install an ftp server in my box using vsftpd with virtual users and I use for it the example provided in vsftpd web for make a ftp server with virtual users. I suppose that the problem is with PAM because OpenBSD does not implement yet (I believe) pam_userdb.so. Then I try to use pam_unix.so to use auth and account features. I try the same in OpenBSD and FreeBSD but with both I have the same problem... pam_userdb is a file that can be found in a linux system but not in a BSD one... how can I solve this?... is a good idea to use pam_unix? Someone installed vsftpd with this kind of configuration having success? Thanks for your attention. Here is the README provided by vsftpd website: This example shows how to set up vsftpd / PAM with "virtual users". A virtual user is a user login which does not exist as a real login on the system. Virtual users can therefore be more secure than real users, beacuse a compromised account can only use the FTP server. Virtual users are often used to serve content that should be accessible to untrusted users, but not generally accessible to the public. Step 1) Create the virtual users database. We are going to use pam_userdb to authenticate the virtual users. This needs a username / password file in "db" format - a common database format. To create a "db" format file, first create a plain text files with the usernames and password on alternating lines. See example file "logins.txt" - this specifies "tom" with password "foo" and "fred" with password "bar". Whilst logged in as root, create the actual database file like this: db_load -T -t hash -f logins.txt /etc/vsftpd_login.db (Requires the Berkeley db program installed). NOTE: Many systems have multiple versions of "db" installed, so you may need to use e.g. db3_load for correct operation. This is known to affect some Debian systems. The core issue is that pam_userdb expects its login database to be a specific db version (often db3, whereas db4 may be installed on your system). This will create /etc/vsftpd_login.db. Obviously, you may want to make sure the permissions are restricted: chmod 600 /etc/vsftpd_login.db For more information on maintaing your login database, look around for documentation on "Berkeley DB", e.g. http://www.sleepycat.com/docs/utility/index.html Step 2) Create a PAM file which uses your new database. See the example file vsftpd.pam. It contains two lines: auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login account required /lib/security/pam_userdb.so db=/etc/vsftpd_login This tells PAM to authenticate users using our new database. Copy this PAM file to the PAM directory - typically /etc/pam.d/ cp vsftpd.pam /etc/pam.d/ftp Step 3) Set up the location of the files for the virtual users. useradd -d /home/ftpsite virtual ls -ld /home/ftpsite (which should give): drwx--3 virtual virtual 4096 Jul 30 00:39 /home/ftpsite We have created a user called "virtual" with a home directory "/home/ftpsite". Let's add some content to this download area: cp /etc/hosts /home/ftpsite chown virtual.virtual /home/ftpsite/hosts Step 4) Create your vsftpd.conf config file. See the example in this directory. Let's go through it line by line: anonymous_enable=NO local_enable=YES This disables anonymous FTP for security, and enables non-anonymous FTP (which is what virtual users use). write_enable=NO anon_upload_enable=NO anon_mkdir_write_enable=NO anon_other_write_enable=NO These ensure that for security purposes, no write commands are allowed. chroot_local_user=YES This makes sure that the virtual user is restricted to the virtual FTP area /home/ftpsite we set up above. guest_enable=YES guest_username=virtual The guest_enable is very important - it activates virtual users! And guest_username says that all virtual users are mapped to the real user "virtual" that we set up above. This will also determine where on the filesystem the virtual users end up - the home directory of the user "virtual", /home/ftpsite. listen=YES listen_port=10021 This puts vsftpd in "standalone" mode - i.e. not running from an inetd. This means you just run the vsftpd executable and it will start up. This also makes vsftpd listen for FTP requests on the non-standard port of 10021 (FTP is usually 21). pasv_min_port=3 pasv_max_port=30999 These put a port range on passive FTP incoming requests - very useful if you are configuring a firewall. Copy the example vsftpd.conf file to /etc: cp vsftpd.conf /etc/ Step 5) Start up vsftpd. Go to the directory with the vsftpd binary in it, and: ./vsftpd If all is well, the command will sit there. If all is not well, you will likely see some error message. Step 6) Test. Launch another shell session (or background vsftpd with CTRL-Z
Re: dhcpd and static entries
On 12/12/05, Peter Hessler <[EMAIL PROTECTED]> wrote: > > On Mon, 12 Dec 2005 13:59:23 -0700 > Abraham Al-Saleh <[EMAIL PROTECTED]> wrote: > > : On 12/12/05, Peter Hessler <[EMAIL PROTECTED]> wrote: > : > : > : > : Moving the static entries to outside the range is unfeasable right > : > : now. And it doesn't address the issue of 'machine was on a > : > : different dhcp network with an address that happens to be > : > : staticly defined on ours'. > : > : > : > : Why does dhcpd give out addresses that are currently in use, and > : > : why does it give out staticly defined addresses? Shouldn't it > : > : remove the static entries from the dynamic pool? > : > : > : Because you're static ips are within your dynamic pool, just setup > : the static addresses so they're outside the dynamic range. Your > : server is misconfigured otherwise. > > > So its a feature, not a bug? Note the paragraph before the one you > addressed, it says "can't happen". > > Would adding such a feature (maybe off by default, but configurable in > command line/conf file) be accepted? I don't know, but it sounds pretty useless to me, your issue is a misconfiguration. If you can't fix the misconfiguration, then it's a policy problem, and you get to hold the peices.
Re: dhcpd and static entries
On 12. des. 2005, at 21.22, Peter Hessler wrote:
This is with -current dhcpd within the last month.
On Mon, 12 Dec 2005 12:15:37 -0800
Peter Hessler <[EMAIL PROTECTED]> wrote:
: I have a dhcp'd network, with static entries for a ton of machines.
: The problem is that the range is for .10 - .254, and the static
: entries are scattered throughout. When a random client requests an
: address, dhcpd will give out a staticly defined entry. So when the
: static entry machine comes back, the two machines fight each other
: for the address.
:
: Moving the static entries to outside the range is unfeasable right
: now. And it doesn't address the issue of 'machine was on a
different
: dhcp network with an address that happens to be staticly defined on
: ours'.
:
: Why does dhcpd give out addresses that are currently in use, and why
: does it give out staticly defined addresses? Shouldn't it remove
the
: static entries from the dynamic pool?
:
:
: Sanitized portions of config:
:
: shared-network LOCAL-NET {
: option domain-name "example.com";
: option domain-name-servers 10.0.0.1;
:
: option nis-domain "example.nis";
: option nis-servers nis.example.com;
: option ntp-servers ntp.example.com;
: option time-offset -28800; # PST
:
: subnet 10.0.0.0 netmask 255.255.255.0 {
: option routers 10.0.0.1;
:
: range 10.0.0.10 10.0.0.254;
: }
:
: group {
: use-host-decl-names on;
: # host1.example.com 10.0.0.15
:host host1.example.com { hardware ethernet \
: 00:0f:1f:f7:7d:64; fixed-address host1.example.com; }
: # host2.example.com 10.0.0.20
: host host2.example.com { hardware ethernet \
: 02:A0:98:01:F5:B4; fixed-address host2.example.com; }
: # host3.example.com 10.0.0.29
: host host3.example.com { hardware ethernet \
: 00:0F:1F:F7:78:B6; fixed- address host3.example.com; }
:}
: }
:
I believe OpenBSD's dhcpd is based on ISC's implementation, in which
case:
static entries are in the global scope and independent of any pool
declaration. The error is one of configuration: you've defined static
entries and dynamic pool overlapping = you've told it to use the IP
addresses twice.
At a pinch, the option ping-check, might help you out if your address
space utilisation is not too large.
/Pete
Re: dhcpd and static entries
Peter Hessler wrote: > I have a dhcp'd network, with static entries for a ton of machines. > The problem is that the range is for .10 - .254, and the static entries > are scattered throughout. When a random client requests an address, > dhcpd will give out a staticly defined entry. So when the static entry > machine comes back, the two machines fight each other for the address. Hi Peter As has been said, this is not a correct configuration, and dhcpd will complain (at least does on freebsd). To mitigate the problem you might want to set a short max-lease-time for the whole range and a unlimited one for each host with a fixed-address (e.g. one week or more). So the lease of the static address should remain bound until the client comes back. Next step, of course, should be to sort out that network. If it's not possible to move the fixed-address clients out, maybe you could move the dynamic-address clients to the upper half and then split the network. Or assign them to a totally new network segment. Or enlarge the segment to 10.0.0.0/22 and serve dynamic addresses from the upper 3 segments only. Or ... In the end you will be wanting a pool and a group definition. hth /m
Just confirming: no way to do a pf rdr based on hostname?
Hi All, We're migrating an old Microsoft ISA Server system to OpenBSD pf. First off, before I ask any questions, kudos to everyone -- Installing OpenBSD 3.8 was a very pleasant, painless experience for someone who's never used it before. Setting up pf/nat was also extraordinarily easy. The docs are great. That aside, the only thing that I haven't been able to migrate yet is ISA's ability to redirect web requests coming in on the same IP to different machines based on the host name. IE- www.a.com (IP 123.123.0.1) gets redirected to the internal IP 192.168.0.1 while www.b.com (also IP 123.123.0.1) gets redirected to the internal IP 192.168.0.2. I haven't found anything in the docs, and all the list archive questions I've found were specific to ipnat, not pf. I'm thinking that I can't do it. In that case, my options seem to be 1) use different external IP's for each website, and redirect to different internal servers based on IP 2) redirect all web traffic to the legacy ISA system, which will then redirect based on hostname. I'm hesitant to use up all our IPs for option 1, but I'm thinking option 2 is even worse... Are there any options I haven't thought of? Thanks for any advice... Peter L.
ettercap
I've installed the port of ettercap. but when I try to use it I get this erros: Loading plugins... ettercap:./ec_triton.so: undefined symbol 'Host_In_LAN' ettercap: ./ec_triton.so: can't resolve reference 'Host_In_LAN' ettercap:./ec_triton.so: undefined symbol 'Options' ettercap: ./ec_triton.so: can't resolve reference 'Options' ettercap:./ec_triton.so: undefined symbol 'number_of_hosts_in_lan' ettercap: ./ec_triton.so: can't resolve reference 'number_of_hosts_in_lan' ettercap:./ec_triton.so: undefined symbol 'Plugin_Register' lazy binding failed! Ooops !! Somewhere in the stack a pointer got crazy... [ettercap] Segmentation Fault... I wondering if someone could help me here! Hugs for all -- Ricardo Lucas
Re: Part 2: What it be helpful if...
Michael Steinfeld gmail.com> writes: > SImon Morgan is a comlete waste of life.. to let his curisng > intimidate you for speaking your mind, as he is aloowed to spam this > list with vulgarity like a 7 year old how just learned a four letter > word, you are free to speak your mind as well. Get a grip. It was meant as a joke and Joachim seems to have taken it in the manner it was intended.
Re: Just confirming: no way to do a pf rdr based on hostname?
On 12/12/05, Peter Landry <[EMAIL PROTECTED]> wrote: > I'm thinking that I can't do it. In that case, my options seem to be 1) > use different external IP's for each website, and redirect to different > internal servers based on IP 2) redirect all web traffic to the legacy > ISA system, which will then redirect based on hostname. I'm hesitant to > use up all our IPs for option 1, but I'm thinking option 2 is even > worse... Are there any options I haven't thought of? Use squid in acceleration mode (reverse proxy)? -- Jon Simola Systems Administrator ABC Communications
Re: Just confirming: no way to do a pf rdr based on hostname?
On 12. des. 2005, at 22.44, Peter Landry wrote: Hi All, We're migrating an old Microsoft ISA Server system to OpenBSD pf. First off, before I ask any questions, kudos to everyone -- Installing OpenBSD 3.8 was a very pleasant, painless experience for someone who's never used it before. Setting up pf/nat was also extraordinarily easy. The docs are great. That aside, the only thing that I haven't been able to migrate yet is ISA's ability to redirect web requests coming in on the same IP to different machines based on the host name. IE- www.a.com (IP 123.123.0.1) gets redirected to the internal IP 192.168.0.1 while www.b.com (also IP 123.123.0.1) gets redirected to the internal IP 192.168.0.2. I haven't found anything in the docs, and all the list archive questions I've found were specific to ipnat, not pf. I'm thinking that I can't do it. In that case, my options seem to be 1) use different external IP's for each website, and redirect to different internal servers based on IP 2) redirect all web traffic to the legacy ISA system, which will then redirect based on hostname. I'm hesitant to use up all our IPs for option 1, but I'm thinking option 2 is even worse... Are there any options I haven't thought of? Thanks for any advice... Peter L. You need to examine at the application layer for 'routing' such http requests, I'd take a look at reverse proxy'ing with either apache (in the base system) or squid in the packages. Either of those should be able to listen on your firewall's external interface, and forwarding http requests inbound based on HTTP1.1 hostnames within the requests. /Pete
Re: Just confirming: no way to do a pf rdr based on hostname?
Peter Landry wrote: > I'm thinking that I can't do it. In that case, my options seem to be 1) > use different external IP's for each website, and redirect to different > internal servers based on IP 2) redirect all web traffic to the legacy > ISA system, which will then redirect based on hostname. I'm hesitant to > use up all our IPs for option 1, but I'm thinking option 2 is even > worse... Are there any options I haven't thought of? On the risk of getting roasted alive: install a reverse proxy (apache, squid, perlbal) on the FW? That would hold for ssl traffic, too (except perlbal). Though scenario 1 seems more straightforward. /m
Re: Just confirming: no way to do a pf rdr based on hostname?
Peter Landry wrote: Hi All, We're migrating an old Microsoft ISA Server system to OpenBSD pf. First off, before I ask any questions, kudos to everyone -- Installing OpenBSD 3.8 was a very pleasant, painless experience for someone who's never used it before. Setting up pf/nat was also extraordinarily easy. The docs are great. That aside, the only thing that I haven't been able to migrate yet is ISA's ability to redirect web requests coming in on the same IP to different machines based on the host name. IE- www.a.com (IP 123.123.0.1) gets redirected to the internal IP 192.168.0.1 while www.b.com (also IP 123.123.0.1) gets redirected to the internal IP 192.168.0.2. I haven't found anything in the docs, and all the list archive questions I've found were specific to ipnat, not pf. I'm thinking that I can't do it. In that case, my options seem to be 1) use different external IP's for each website, and redirect to different internal servers based on IP 2) redirect all web traffic to the legacy ISA system, which will then redirect based on hostname. I'm hesitant to use up all our IPs for option 1, but I'm thinking option 2 is even worse... Are there any options I haven't thought of? Thanks for any advice... Peter L. Pf just doesn't operate at that level. You'll need something interpreting the http protocol. Perhaps there's a tool out there to do that job and integrate with pf, but I don't know what it is. -- Darrin Chandler [EMAIL PROTECTED] http://www.stilyagin.com/
Re: Just confirming: no way to do a pf rdr based on hostname?
On 12/12/05, Peter Landry <[EMAIL PROTECTED]> wrote: > ... Are there any options I haven't thought of? httpd in reverse proxy mode? CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Just confirming: no way to do a pf rdr based on hostname?
Peter Landry wrote: Hi All, We're migrating an old Microsoft ISA Server system to OpenBSD pf. First off, before I ask any questions, kudos to everyone -- Installing OpenBSD 3.8 was a very pleasant, painless experience for someone who's never used it before. Setting up pf/nat was also extraordinarily easy. The docs are great. That aside, the only thing that I haven't been able to migrate yet is ISA's ability to redirect web requests coming in on the same IP to different machines based on the host name. IE- www.a.com (IP 123.123.0.1) gets redirected to the internal IP 192.168.0.1 while www.b.com (also IP 123.123.0.1) gets redirected to the internal IP 192.168.0.2. I haven't found anything in the docs, and all the list archive questions I've found were specific to ipnat, not pf. I'm thinking that I can't do it. In that case, my options seem to be 1) use different external IP's for each website, and redirect to different internal servers based on IP 2) redirect all web traffic to the legacy ISA system, which will then redirect based on hostname. I'm hesitant to use up all our IPs for option 1, but I'm thinking option 2 is even worse... Are there any options I haven't thought of? Thanks for any advice... Peter L. Hi Peter, I don't think there is an easy way to deal with this in pf, but the httpd(8) that comes with OpenBSD can easily deal with using apache's Redirect directive or virtual host configurations to give you the same transparent effect for the end user. Or would it be possible to use squid to do http proxying? Hope this might be of some use. Fred
Re: ettercap
> I wondering if someone could help me here! Might be a better way in the archives, but... edit ettercap/patches/patch-src_ec_plugins_c change the inserted line to always be true, e.g.: -#if defined(OPENBSD) || defined(MACOSX) +#if 1 #define SYM_PREFIX "_" // for the symbols loaded with dlsym #else #define SYM_PREFIX "" make clean make make install works for me on i386 3.8 release. Well, kindof. I still get loads of symbol errors on startup from the plugins, but the basic sniffer works. regards, Duncan
Re: Just confirming: no way to do a pf rdr based on hostname?
On Monday 12 December 2005 22:44, Peter Landry wrote: Just something i heard, and didn't even look into: 1) "reverse" proxy 2) have apache act as a proxy with redirect. Just some ideas to look into and comment on by more knowledgeable ;) -- viq -- Zobacz finalistki Miss World!!! >>> http://link.interia.pl/f18e8
Re: Just confirming: no way to do a pf rdr based on hostname?
On Mon, Dec 12, 2005 at 04:44:05PM -0500, Peter Landry wrote: > That aside, the only thing that I haven't been able to migrate yet is > ISA's ability to redirect web requests coming in on the same IP to > different machines based on the host name. IE- www.a.com (IP > 123.123.0.1) gets redirected to the internal IP 192.168.0.1 while > www.b.com (also IP 123.123.0.1) gets redirected to the internal IP > 192.168.0.2. > I'm thinking that I can't do it. In that case, my options seem to be 1) > use different external IP's for each website, and redirect to different > internal servers based on IP 2) redirect all web traffic to the legacy > ISA system, which will then redirect based on hostname. I'm hesitant to > use up all our IPs for option 1, but I'm thinking option 2 is even > worse... Are there any options I haven't thought of? You are right in that pf doesn't do http. You can, however, use pf to transparently send traffic to a proxy server on localhost or elsewhere - and a good proxy will do what you want. (This is called a reverse proxy.) Joachim
Re: Just confirming: no way to do a pf rdr based on hostname?
On 12/12/05, Peter Landry <[EMAIL PROTECTED]> wrote: > Hi All, > We're migrating an old Microsoft ISA Server system to OpenBSD pf. First > off, before I ask any questions, kudos to everyone -- Installing OpenBSD > 3.8 was a very pleasant, painless experience for someone who's never > used it before. Setting up pf/nat was also extraordinarily easy. The > docs are great. Welcome, glad to hear you enjoyed it so far. > > That aside, the only thing that I haven't been able to migrate yet is > ISA's ability to redirect web requests coming in on the same IP to > different machines based on the host name. IE- www.a.com (IP > 123.123.0.1) gets redirected to the internal IP 192.168.0.1 while > www.b.com (also IP 123.123.0.1) gets redirected to the internal IP > 192.168.0.2. This is application level filtering and such, pf doesn't do that. > > I haven't found anything in the docs, and all the list archive questions > I've found were specific to ipnat, not pf. > > I'm thinking that I can't do it. In that case, my options seem to be 1) > use different external IP's for each website, and redirect to different > internal servers based on IP 2) redirect all web traffic to the legacy > ISA system, which will then redirect based on hostname. I'm hesitant to > use up all our IPs for option 1, but I'm thinking option 2 is even > worse... Are there any options I haven't thought of? I would suggest looking at squid for reverse proxying. It's transparent, and you can have pf redirect all port 80 traffic to squid, which will then decide where to route the http request based on what site they asked for. This would also help protect your web servers from various attacks (but not all) since they wouldn't be talking directly with your web server, as well as squid being in a chroot and running as an unprivileged user. You could also setup squid to do caching which would reduce the load on your web server if need be. Good luck, Jason
Re: Network problem
Am Samstag 10 Dezember 2005 21:40 schrieben Sie: > On 12/10/05, Sebastian Schucht <[EMAIL PROTECTED]> wrote: > > I have an Problem end no Idea for a Solution. I use an OpenBSD > > cerberos.chaos 3.5 GENERIC#0 i386 System as an Gateway and if I am ping > > from the Net to this Gateway I Have good pingtimes of: > > > > 10 packets transmitted, 10 received, 0% packet loss, time 9014ms > > rtt min/avg/max/mdev = 0.171/0.206/0.430/0.077 ms > > > > but if I ping back to my linux box I have bad pingtimes of: > > > > 10 packets transmitted, 10 packets received, 0.0% packet loss > > round-trip min/avg/max/std-dev = 0.335/3.925/7.437/2.378 ms > > > > I can see this behavior on all connections and interfaces. It also occurs > > if I shut down packetfiltering. And also all routes looking fine. > > > > Have anyone an Idea why this behavior happens? > > until proven otherwise (you _could_ give more info) its one of: > - upstream full How can I check this? - The Bsd-Box is runing on an empty Net ... to mutch treffic is not the reason and the swtches working fine. > - duplex mismatch no, I have nailed it to the right configurations. And the Interfaces do not counting errors. > - bad hardware all Interfaces have also the same behaviar if they work alone in the box > - a rat died on your heatsink Thats right, but not the Problem > > > --knitti with fullly attatched Interfaces the ifconfig returns: lo0: flags=8049 mtu 33224 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 de0: flags=8863 mtu 1500 address: 00:40:05:a3:33:a2 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.2.254 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::240:5ff:fea3:33a2%de0 prefixlen 64 scopeid 0x1 bge0: flags=8843 mtu 1500 address: 00:09:5b:8e:54:ef media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.10.254 netmask 0xff00 broadcast 192.168.10.255 inet6 fe80::209:5bff:fe8e:54ef%bge0 prefixlen 64 scopeid 0x2 vr0: flags=8843 mtu 1500 address: 00:50:ba:b2:1e:12 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.254 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::250:baff:feb2:1e12%vr0 prefixlen 64 scopeid 0x3 xl0: flags=8802 mtu 1500 address: 00:50:04:ee:c8:a5 media: Ethernet autoselect (none) status: no carrier rl0: flags=8843 mtu 1500 address: 00:40:f4:63:63:3d media: Ethernet autoselect (100baseTX full-duplex) status: active inet XXX.100.40.69 netmask 0xff00 broadcast 141.100.40.255 inet XXX.100.40.70 netmask 0xff00 broadcast XXX.100.40.255 inet XXX.100.40.71 netmask 0xff00 broadcast XXX.100.40.255 inet XXX.100.40.72 netmask 0xff00 broadcast XXX.100.40.255 inet XXX.100.40.73 netmask 0xff00 broadcast XXX.100.40.255 inet XXX.100.40.74 netmask 0xff00 broadcast XXX.100.40.255 inet XXX.100.40.75 netmask 0xff00 broadcast XXX.100.40.255 inet XXX.100.40.76 netmask 0xff00 broadcast XXX.100.40.255 inet XXX.100.40.77 netmask 0xff00 broadcast XXX.100.40.255 inet XXX.100.40.78 netmask 0xff00 broadcast XXX.100.40.255 inet XXX.100.40.79 netmask 0xff00 broadcast XXX.100.40.255 pflog0: flags=141 mtu 33224 pfsync0: flags=0<> mtu 2020 enc0: flags=0<> mtu 1536 the route -n show command returns Routing tables Internet: Destination GatewayFlags default XXX.100.40.254 UG 127.0.0.0127.0.0.1 UG 127.0.0.1127.0.0.1 UH XXX.100.40.0 link#5 U XXX.100.40.650:a0:c9:0:6e:e4UH XXX.100.40.70127.0.0.1 UGH XXX.100.40.71127.0.0.1 UGH XXX.100.40.72127.0.0.1 UGH XXX.100.40.73127.0.0.1 UGH XXX.100.40.74127.0.0.1 UGH XXX.100.40.75127.0.0.1 UGH XXX.100.40.76127.0.0.1 UGH XXX.100.40.77127.0.0.1 UGH XXX.100.40.78127.0.0.1 UGH XXX.100.40.79127.0.0.1 UGH XXX.100.40.254 0:3:9f:17:84:7 UH 192.168.1.0 link#3 U 192.168.1.52 0:c:f1:ad:4c:b7UH 192.168.1.53 0:c:f1:ad:4c:d8UH 192.168.1.254127.0.0.1 UGH 192.168.2.0 link#1 U 192.168.2.1060:a:95:d3:1:a4 UH 192.168.2.1230:11:d8:22:db:6UH 192.168.2.2500:f:66:4c:c7:9fUH 192.168.2.2510:f:66:4c:c7:a2UH 192.168.2.2540:40:5:a3:33:a2UH 192.168.10.0 link#2 U 192.168.10.1 0:c:6e:bd:b7:dfUH 224.0.0.0127.0.0.1 U Internet6: Destination GatewayFlags default ::1UG default ::1UG ::1 ::1UH ::127.0.0.0 ::1UG ::224.0.0.0
Re: ettercap
> Might be a better way in the archives, but... > > edit ettercap/patches/patch-src_ec_plugins_c > > change the inserted line to always be true, e.g.: > -#if defined(OPENBSD) || defined(MACOSX) > +#if 1 > #define SYM_PREFIX "_" // for the symbols loaded with dlsym > #else > #define SYM_PREFIX "" That's wrong. And you quoted the wrong patch, the actual patch does this and it's correct as-is: -#if defined(OPENBSD) || defined(MACOSX) +#if defined(OPENBSD) && !defined(__ELF__) || defined(MACOSX) What you did is force "_" to be prepended to every symbol for dynamic loading which will fail on your machine (the plugin errors you see are because of this), it's only meant for a.out.
Problems with mod_gzip and 3.8
Hello, I'm having problems with mod_gzip package and OpenBSD 3.8 (i386). After installing the package and properly configuring it all, it doesn't work. And without any noticeable error :( We have here a 3.6 installation working perfectly with mod_gzip and the same conf: php + mysql and mod_gzip. I've checked the /mod_gzip_status and it says all it's OK (available and working). I've tried to log the mod_gzip response, but nothing (it doesn't log anything at all). I've configured mod_gzip to not remove the working files, and I can see then on /var/www/tmp but... the files ain't compressed. I have no clues about what it's happening. Someone has experienced problems with mod_gzip and OpenBSD 3.8? Any comment will be very appreciated. Thanks you. regards, Juanjo -- Desarrollo y sistemas: http://www.usebox.net/ Pagina Personal: http://www.usebox.net/jjm/
Re: ethereal
http://www.linbsd.org/ethereal_on_openbsd37.html Feel free to ignore some of the more "so&so is insecure, kay" as they are highly short on insight. :D At one time Sendmail was considered to be the most insecure service. -Ober On Mon, 12 Dec 2005, Ricardo Lucas wrote: Thank's for the hint man. I will not install this pkg. Thank's again. 2005/12/12, Joachim Schipper <[EMAIL PROTECTED]>: On Mon, Dec 12, 2005 at 08:10:43AM -0200, Ricardo Lucas wrote: Hello misc, Has someone compiled the ethereal? If so, you do can help me. When I try to compile that source I get a message that I don't have the GTK+2 and GLIB2 installed on my system, but I DO have they. So if anyone passed through this problem, please, HELP ME!!! =] First, try to understand just *why* ethereal is not available as a port. See http://marc.theaimsgroup.com/?l=openbsd-ports-cvs&m=108984209100775&w=2, for example. That being said, could you post pkg_info output and the actual error? Joachim -- Ricardo Lucas
Re: ettercap
Hi, That's wrong. And you quoted the wrong patch, the actual patch does this and it's correct as-is: -#if defined(OPENBSD) || defined(MACOSX) +#if defined(OPENBSD) && !defined(__ELF__) || defined(MACOSX) except it doesn't work, exactly as the OP described. I tested it before replying and it was broken as it was in 3.7 when I last tried it. With the re-patch it worked (sorta). What you did is force "_" to be prepended to every symbol for dynamic loading which will fail on your machine (the plugin errors you see are because of this), it's only meant for a.out. I know. It's a nasty hack, it's the wrong hack, but it does turn a totally broken ettercap into a partially broken one. Last time I needed ettercap I was in a hurry and found this got me by. Duncan
Re: ettercap
> >That's wrong. And you quoted the wrong patch, the actual patch does > >this and it's correct as-is: > >-#if defined(OPENBSD) || defined(MACOSX) > >+#if defined(OPENBSD) && !defined(__ELF__) || defined(MACOSX) > > except it doesn't work, exactly as the OP described. I tested it before > replying and it was broken as it was in 3.7 when I last tried it. With > the re-patch it worked (sorta). That was a totally different problem, which has been fixed correctly in -current, check CVS. CVSROOT:/cvs Module name:ports Changes by: [EMAIL PROTECTED]2005/11/26 14:17:54 Modified files: net/ettercap : Makefile net/ettercap/patches: patch-configure Log message: switch from undocumented, obsolete -rdynamic cc arg to -Wl,--export-dynamic. This makes main prog syms visible to plugins and now they work. prompted by and okay sturm@
Re: my multipath routing questions... SOLVED!
On Thu, Dec 08, 2005 at 02:14:45PM -0700, andrew fresh wrote:
> On Fri, Dec 02, 2005 at 04:08:13PM -0700, andrew fresh wrote:
> > I am getting 3 different DDB's. Mostly "kernel: page fault trap,
> > code=0" and "Panic: rtfree 2". I have also gotten some "Panic: sbdrop",
> > but not since I got the serial console attached. When I got the sbdrop,
> > trace showed calls to pf_* but I did not write it down as I thought I
> > would see it again with the
> > serial console.
> >
> > It seems to DDB anywhere from 5 minutes to 90 minutes after a reboot.
> > Once I got 6.5 hours, but mostly closer to 10 minutes. The only thing
> > that seems to make a difference is disabling pf, I am up 17.5 hours now
> > with pf disabled.
> >
> > DMESG and the trace/ps from the DDBs are below.
>
> They are actually available in the archives so as not to waste
> bandwidth.
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=113356535818065&w=2
the whole thread is here:
http://marc.theaimsgroup.com/?t=1125791&r=1&w=2
> > > > or something with 'route-to' in pf?
>
> It appears that it is the route-to that is causing it to crash.
I believe my router has been crashing because I was generating routing
loops the way I was using route-to.
It appears after a route-to, the packet then gets re-evaluated by
additional rules including additional route-to rules (as it probably
should).
If I have this rule
pass out on { san0, san1, san2, san3 } route-to {
(san0, 10.0.0.1), (san1, 10.1.1.1),
(san2, 10.2.2.1), (san3, 10.3.3.1)
} round-robin
If san0 is the default route that the kernel picks (no kernel
multipath), I think it does something like this:
First packet hits san0 and gets routed out san0.
Second packet hits san0 and gets routed to san1, then san0, then san2,
then san0, then san3, then san0, and out san0.
Third packet hits san0 and gets routed to san1, and out san1.
Fourth packet hits san0 and gets routed to san2, then san1, then san2,
and out san2
Fifth packet kits san0 and gets routed to san3 then san2, then san3, and
out san3.
Sixth packet hits san0 and gets routed out san0.
Seventh packet hits san0 and gets routed to san1, then san2, then san1,
then san3, then san0, then san2, and out san2.
At some point, the loop becomes long enough to cause ddbs. With
multiple packets at once, the round robining may be able to get the
loops even longer.
I don't know what the proper fix for this would be if anything, but
something that says "Rule X has already rerouted this packet, there may
be a loop somewhere" error message would be nicer than a page fault, or
rtfree 2 ddb.
I could also be completely wrong as to the cause of the crashes, but
this seems to be a fairly good guess.
I resolved the crashing by adding some tagging smarts to the rule:
pass out on { san0, san1, san2, san3 } route-to {
(san0, 10.0.0.1), (san1, 10.1.1.1),
(san2, 10.2.2.1), (san3, 10.3.3.1)
} round-robin tag ROUTED ! tagged ROUTED
This has so far made the load balancing work very well, and it has gone
for over 48 hours and not DDB'd yet.
l8rZ,
--
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
Proud member: http://www.mad-techies.org
BOFH excuse of the day: Dyslexics retyping hosts file on servers
Re: Just confirming: no way to do a pf rdr based on hostname?
Peter Landry wrote: Hi All, We're migrating an old Microsoft ISA Server system to OpenBSD pf. First off, before I ask any questions, kudos to everyone -- Installing OpenBSD 3.8 was a very pleasant, painless experience for someone who's never used it before. Setting up pf/nat was also extraordinarily easy. The docs are great. That aside, the only thing that I haven't been able to migrate yet is ISA's ability to redirect web requests coming in on the same IP to different machines based on the host name. IE- www.a.com (IP 123.123.0.1) gets redirected to the internal IP 192.168.0.1 while www.b.com (also IP 123.123.0.1) gets redirected to the internal IP 192.168.0.2. I haven't found anything in the docs, and all the list archive questions I've found were specific to ipnat, not pf. I'm thinking that I can't do it. In that case, my options seem to be 1) use different external IP's for each website, and redirect to different internal servers based on IP 2) redirect all web traffic to the legacy ISA system, which will then redirect based on hostname. I'm hesitant to use up all our IPs for option 1, but I'm thinking option 2 is even worse... Are there any options I haven't thought of? Thanks for any advice... Peter L. Apache reverse proxy works well.
Re: Just confirming: no way to do a pf rdr based on hostname?
Peter Landry wrote: Hi All, We're migrating an old Microsoft ISA Server system to OpenBSD pf. First off, before I ask any questions, kudos to everyone -- Installing OpenBSD 3.8 was a very pleasant, painless experience for someone who's never used it before. Setting up pf/nat was also extraordinarily easy. The docs are great. That aside, the only thing that I haven't been able to migrate yet is ISA's ability to redirect web requests coming in on the same IP to different machines based on the host name. IE- www.a.com (IP 123.123.0.1) gets redirected to the internal IP 192.168.0.1 while www.b.com (also IP 123.123.0.1) gets redirected to the internal IP 192.168.0.2. I haven't found anything in the docs, and all the list archive questions I've found were specific to ipnat, not pf. I'm thinking that I can't do it. In that case, my options seem to be 1) use different external IP's for each website, and redirect to different internal servers based on IP 2) redirect all web traffic to the legacy ISA system, which will then redirect based on hostname. I'm hesitant to use up all our IPs for option 1, but I'm thinking option 2 is even worse... Are there any options I haven't thought of? Thanks for any advice... Peter L. This can not be achieved with pf (since pf does not know about the http protocol, where name based virtual hosting happends), but you could use apache with mod_proxy or perhaps squid (perhaps other http proxies exists). /jtm
OpenNTPD does not 'pull-in' wrong time
[Background: we now received the second batch of Proliant ML-350G4p with dual core Xeon. I had pointed out earlier that bsd.mp performs a miscalculation of the time-stamp by 2:1 on ML350G4. This is unresolved despite all efforts and input; but goes into another thread.] On the ML350G4p the time with bsd is 99.99% correct; with bsd.mp it is off by around 5% (one hour per day). I started openNTPD when the difference was around 1 hour, three days ago. >From then on, it has given regular messages (/var/log/daemon) about its adjustments. But instead of gradually closing the gap, the gap has continuously widened and now I am off by around 3 hours and the adjustment message is at 9300 seconds. When it started, this was around 4000 seconds. Conclusion: openntpd is not able to 'pull in' the wrong time; it rather only notes it and tries to adjust to an ever wider gap. Probably it regulation parameters are fixed, and it cannot adjust a larger disparity. Any hint welcome, Uwe
Re: OpenNTPD does not 'pull-in' wrong time
Uwe Dippel wrote: > [Background: we now received the second batch of Proliant ML-350G4p with > dual core Xeon. I had pointed out earlier that bsd.mp performs a > miscalculation of the time-stamp by 2:1 on ML350G4. This is unresolved > despite all efforts and input; but goes into another thread.] > On the ML350G4p the time with bsd is 99.99% correct; with bsd.mp it is off > by around 5% (one hour per day). > I started openNTPD when the difference was around 1 hour, three days ago. > From then on, it has given regular messages (/var/log/daemon) about its > adjustments. But instead of gradually closing the gap, the gap has > continuously widened and now I am off by around 3 hours and the adjustment > message is at 9300 seconds. When it started, this was around 4000 seconds. > > Conclusion: openntpd is not able to 'pull in' the wrong time; it rather > only notes it and tries to adjust to an ever wider gap. > Probably it regulation parameters are fixed, and it cannot adjust a larger > disparity. > > Any hint welcome, > > Uwe 1) set time properly, using rdate or ntpd -s. 2) now how does it do? There is a problem in 3.8-release, probably before, though I didn't notice it myself, where huge time errors would never correct themselves, but rather, it would settle happily on a very wrong time. This has been fixed in -current (though it still may take days to close a large gap, but at least, it closes.). HOWEVER, you may be dealing with a drift that is much bigger than ntpd is designed to handle. Don't expect ntpd to make sense of a wildly drifting clock, it is only designed to provide little nudges in the right direction, not rework the entire clock hardware and software to compensate for a problem. Nick.
safte() device detected but no counters in sysctl
I upgraded one of my Dell Poweredge 1550/1000's to 3.8-release yesterday
and noticed that a safte device was found but there are no counters in sysctl:
# sysctl hw
hw.machine=i386
hw.model=Intel Pentium III ("GenuineIntel" 686-class)
hw.ncpu=1
hw.byteorder=1234
hw.physmem=536391680
hw.usermem=536027136
hw.pagesize=4096
hw.disknames=sd0,cd0,fd0
hw.diskcount=3
hw.cpuspeed=998
dmesg:
OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 1 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 536391680 (523820K)
avail mem = 482537472 (471228K)
using 4278 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 12/10/04, BIOS32 rev. 0 @ 0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc730/128 (6 entries)
pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4 SouthBridge" rev
0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x6000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20HE Host" rev 0x23
pci1 at pchb0 bus 1
pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20HE Host" rev 0x01
pchb2 at pci0 dev 0 function 2 "ServerWorks I/O Bridge" rev 0x01
pchb3 at pci0 dev 0 function 3 "ServerWorks I/O Bridge" rev 0x01
pci2 at pchb3 bus 2
ahc1 at pci2 dev 5 function 0 "Adaptec AIC-7899 U160" rev 0x01: irq 5
scsibus0 at ahc1: 16 targets
sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed
sd0: 17366MB, 29550 cyl, 2 head, 601 sec, 512 bytes/sec, 35566478 sec total
safte0 at scsibus0 targ 6 lun 0: SCSI2
3/processor fixed
ahc2 at pci2 dev 5 function 1 "Adaptec AIC-7899 U160" rev 0x01: irq 3
scsibus1 at ahc2: 16 targets
fxp0 at pci0 dev 1 function 0 "Intel 82557" rev 0x08, i82559: irq 11, address
00:06:5b:04:3f:a0
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci0 dev 2 function 0 "Intel 82557" rev 0x08, i82559: irq 10, address
00:06:5b:04:3f:a1
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci0 dev 3 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev 0x50
pciide0 at pci0 dev 15 function 1 "ServerWorks OSB4 IDE" rev 0x00: DMA
atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0: SCSI0 5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB" rev 0x04: irq 7,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask f3ed netmask ffed ttymask ffef
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
ahc1: target 0 using 16bit transfers
ahc1: target 0 synchronous at 80.0MHz DT, offset = 0x3f
dkcsum: sd0 matches BIOS drive 0x80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
---
Lars Hansson
Softdep related panic on 3.8-release
I'm one of the admins of a 3.8-release system that has developed
a problem with softdeps, judging by the panic listed below. The
system has done this twice in less than a week. Someone who got
to the machine after the first crash said that the system was
frozen at the syncing disks message. The system was pingable
and services like ftp initially answer but thats all. Looking
at the system after the second crash, it was at a login prompt
on the console, but non-responsive.
Looking for the panic message, I found something on a FreeBSD
list: http://www.freebsd.org/cgi/query-pr.cgi?pr=15063
Looking at ffs_softdep.c rev 1.63 there are two changes from
FreeBSD but I've not yet figured out just what those fix or if
these relate to my problem.
I apologize for not having more data here, but from what I've
seen, the error occurs without giving a lot of data.
Any thoughts?
Thanks, STeve Andre'
[panic message]
Dec 9 14:36:00 grex /bsd: panic: softdep_write_inodeblock: indirect pointer
#0 mismatch 0 != 0
Dec 9 14:36:00 grex /bsd: Starting stack trace...
Dec 9 14:36:00 grex /bsd: panic(d649de84,d649de84,e88e9d5c,e88e9db4,e91d3740)
at panic+0x71
Dec 9 14:36:00 grex /bsd: panic(d050a940,d0509dd7,0,0,0) at panic+0x71
Dec 9 14:36:00 grex /bsd:
initiate_write_inodeblock(e9ce206c,d6a55f1c,d0f93000,0,e88e9e0c) at
initiate_write_inodeblock+0x3c1
Dec 9 14:36:00 grex /bsd:
softdep_disk_io_initiation(d6a55f1c,7fff,e88e9e5c,d021ae58) at
softdep_disk_io_initiation+0x66
Dec 9 14:36:00 grex /bsd: spec_strategy(e88e9e64,1,e88e9e5c,d067a2f4,0) at
spec_strategy+0x42
Dec 9 14:36:00 grex /bsd: spec_vnoperate(e88e9e64,40,e88e9e7c,80,d0580b80) at
spec_vnoperate+0x16
Dec 9 14:36:00 grex /bsd:
VOP_STRATEGY(d6a55f1c,d6a13d94,e88e9ebc,d02eed92,d6a13d94) at
VOP_STRATEGY+0x25
Dec 9 14:36:00 grex /bsd: bwrite(d6a55f1c,d6a9a40c,1,0,d6a13d24) at
bwrite+0xac
Dec 9 14:36:00 grex /bsd: spec_vnoperate(e88e9ed4,1,0,d6a72354,d0580bc0) at
spec_vnoperate+0x16
Dec 9 14:36:00 grex /bsd: VOP_BWRITE(d6a55f1c,0,1,0) at VOP_BWRITE+0x25
Dec 9 14:36:00 grex /bsd:
ffs_fsync(e88e9f24,d6a13d24,10052,d6a27004,d05806c0) at ffs_fsync+0x1df
Dec 9 14:36:00 grex /bsd:
VOP_FSYNC(d6a13d24,d6a36000,3,d6a27004,0,12,d6a27004) at VOP_FSYNC+0x34
Dec 9 14:36:00 grex /bsd: sched_sync(d6a27004) at sched_sync+0x100
Dec 9 14:36:00 grex /bsd: Bad frame pointer: 0xd06f1ed8
Dec 9 14:36:00 grex /bsd: End of stack trace.
[dmesg]
Dec 12 21:24:57 grex /bsd: OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT
2005
Dec 12 21:24:57 grex /bsd:
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
Dec 12 21:24:57 grex /bsd: cpu0: AMD Athlon(TM) XP ("AuthenticAMD" 686-class,
512KB L2 cache) 2.09 GHz
Dec 12 21:24:57 grex /bsd: cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
Dec 12 21:24:57 grex /bsd: cpu0: AMD Powernow: FID
Dec 12 21:24:57 grex /bsd: real mem = 536436736 (523864K)
Dec 12 21:24:57 grex /bsd: avail mem = 482582528 (471272K)
Dec 12 21:24:57 grex /bsd: using 4278 buffers containing 26923008 bytes
(26292K) of memory
Dec 12 21:24:57 grex /bsd: mainbus0 (root)
Dec 12 21:24:57 grex /bsd: bios0 at mainbus0: AT/286+(4a) BIOS, date 11/05/02,
BIOS32 rev. 0 @ 0xf16f0
Dec 12 21:24:57 grex /bsd: apm0 at bios0: Power Management spec V1.2
Dec 12 21:24:57 grex /bsd: apm0: AC on, battery charge unknown
Dec 12 21:24:57 grex /bsd: apm0: flags 30102 dobusy 0 doidle 1
Dec 12 21:24:57 grex /bsd: pcibios0 at bios0: rev 2.1 @ 0xf/0x1db2
Dec 12 21:24:57 grex /bsd: pcibios0: PCI IRQ Routing Table rev 1.0 @
0xf1cd0/224 (12 entries)
Dec 12 21:24:57 grex /bsd: pcibios0: PCI Interrupt Router at 000:17:0 ("VIA
VT82C586 ISA" rev 0x00)
Dec 12 21:24:57 grex /bsd: pcibios0: PCI bus #1 is the last bus
Dec 12 21:24:57 grex /bsd: bios0: ROM list: 0xc/0x8000 0xc8000/0x5400
Dec 12 21:24:57 grex /bsd: cpu0 at mainbus0
Dec 12 21:24:57 grex /bsd: pci0 at mainbus0 bus 0: configuration mode 1 (no
bios)
Dec 12 21:24:57 grex /bsd: pchb0 at pci0 dev 0 function 0 "VIA VT8377 PCI" rev
0x00
Dec 12 21:24:57 grex /bsd: ppb0 at pci0 dev 1 function 0 "VIA VT8235 AGP" rev
0x00
Dec 12 21:24:57 grex /bsd: pci1 at ppb0 bus 1
Dec 12 21:24:57 grex /bsd: "VIA VT6306 FireWire" rev 0x80 at pci0 dev 7
function 0 not configured
Dec 12 21:24:57 grex /bsd: pciide0 at pci0 dev 8 function 0 "Promise PDC20376"
rev 0x02: DMA
Dec 12 21:24:57 grex /bsd: pciide0: using irq 11 for native-PCI interrupt
Dec 12 21:24:57 grex /bsd: bge0 at pci0 dev 9 function 0 "Broadcom BCM5702X"
rev 0x02, BCM5703 A2 (0x1002): irq 10 address 00:e0:18:d3:6f:3f
Dec 12 21:24:57 grex /bsd: brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT
PHY, rev. 2
Dec 12 21:24:57 grex /bsd: vga1 at pci0 dev 12 function 0 "Matrox MGA 1064SG
220MHz" rev 0x02
Dec 12 21:24:57 grex /bsd: wsdisplay0 at vga1 mux 1: console (80x25, vt100
emulation)
Dec 12 21:24:57 grex /bsd: wsdisplay0: screen 1-5 added (80x25, vt100
emulation)
Dec 12 21:24:57 grex /bsd: ahc1 at pci0 dev
Re: safte() device detected but no counters in sysctl
It only provides insertion and removal bits. OpenBSD does not do
anything with those (yet).
On Dec 12, 2005, at 10:53 PM, Lars Hansson wrote:
I upgraded one of my Dell Poweredge 1550/1000's to 3.8-release
yesterday
and noticed that a safte device was found but there are no counters
in sysctl:
# sysctl hw
hw.machine=i386
hw.model=Intel Pentium III ("GenuineIntel" 686-class)
hw.ncpu=1
hw.byteorder=1234
hw.physmem=536391680
hw.usermem=536027136
hw.pagesize=4096
hw.disknames=sd0,cd0,fd0
hw.diskcount=3
hw.cpuspeed=998
dmesg:
OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 1 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
6,MMX,FXSR,SSE
real mem = 536391680 (523820K)
avail mem = 482537472 (471228K)
using 4278 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 12/10/04, BIOS32 rev. 0 @
0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc730/128 (6 entries)
pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4
SouthBridge" rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x6000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20HE Host" rev 0x23
pci1 at pchb0 bus 1
pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20HE Host" rev 0x01
pchb2 at pci0 dev 0 function 2 "ServerWorks I/O Bridge" rev 0x01
pchb3 at pci0 dev 0 function 3 "ServerWorks I/O Bridge" rev 0x01
pci2 at pchb3 bus 2
ahc1 at pci2 dev 5 function 0 "Adaptec AIC-7899 U160" rev 0x01: irq 5
scsibus0 at ahc1: 16 targets
sd0 at scsibus0 targ 0 lun 0: SCSI3 0/
direct fixed
sd0: 17366MB, 29550 cyl, 2 head, 601 sec, 512 bytes/sec, 35566478
sec total
safte0 at scsibus0 targ 6 lun 0:
SCSI2 3/processor fixed
ahc2 at pci2 dev 5 function 1 "Adaptec AIC-7899 U160" rev 0x01: irq 3
scsibus1 at ahc2: 16 targets
fxp0 at pci0 dev 1 function 0 "Intel 82557" rev 0x08, i82559: irq
11, address 00:06:5b:04:3f:a0
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci0 dev 2 function 0 "Intel 82557" rev 0x08, i82559: irq
10, address 00:06:5b:04:3f:a1
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci0 dev 3 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev
0x50
pciide0 at pci0 dev 15 function 1 "ServerWorks OSB4 IDE" rev 0x00: DMA
atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0: SCSI0 5/cdrom
removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB" rev
0x04: irq 7, version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask f3ed netmask ffed ttymask ffef
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
ahc1: target 0 using 16bit transfers
ahc1: target 0 synchronous at 80.0MHz DT, offset = 0x3f
dkcsum: sd0 matches BIOS drive 0x80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
---
Lars Hansson
Re: safte() device detected but no counters in sysctl
On 13/12/2005, at 2:53 PM, Lars Hansson wrote:
I upgraded one of my Dell Poweredge 1550/1000's to 3.8-release
yesterday
and noticed that a safte device was found but there are no counters
in sysctl:
# sysctl hw
hw.machine=i386
hw.model=Intel Pentium III ("GenuineIntel" 686-class)
hw.ncpu=1
hw.byteorder=1234
hw.physmem=536391680
hw.usermem=536027136
hw.pagesize=4096
hw.disknames=sd0,cd0,fd0
hw.diskcount=3
hw.cpuspeed=998
Hey Lars,
A safte(4) device can present an arbitrary set of params available
for querying, but the ones we use to populate hw.sensors with are not
guaranteed to be present on all safte devices. It's quite normal for
a safte device to have no sensors in hw.sensors. The only thing I can
remember we're missing is the sensors for the disk slots. I might
unslack in the next few days and code that up.
If your machine has leds on the drive slots you should be able to
blink them with bioctl -b.
Sorry to disappoint.
dlg
Re: safte() device detected but no counters in sysctl
On Tue, 13 Dec 2005 16:49:34 +1000 David Gwynne <[EMAIL PROTECTED]> wrote: > A safte(4) device can present an arbitrary set of params available > for querying, but the ones we use to populate hw.sensors with are not > guaranteed to be present on all safte devices. Ah, I guess the Dell doesnt provide those params then. Bummer. > Sorry to disappoint. Hey, no dissapointment here. You guys are doing a great job. --- Lars Hansson
Re: Problems with mod_gzip and 3.8
see recent posts to tech about apache 2 and zlib. probably related. On 12/12/05, Juan J. Martmnez <[EMAIL PROTECTED]> wrote: > Hello, > > I'm having problems with mod_gzip package and OpenBSD 3.8 (i386).
