Re: ipsec between openbsd 4.0 and checkpoint

[Claer]

On Thu, Mar 29 2007 at 44:08, Sebastian Reitenbach wrote:
> Hi list,
Hi,

> I have a problem to setup an ipsec tunnel between my openbsd box and a
> checkpoint firewall.
[...]
> I had no problem to get a tunnel working between two openbsd 4.0 hosts with
> the above configuration file, so I think my problem can only be the timings 
> of the renegotiations. What are the default renegotiation timings, and where 
> should i configure these?

The default SA lifetime are described in the man page of isakmpd.conf :

   [General]
   Default-phase-1-lifetime=   3600,60:86400
   Default-phase-2-lifetime=   1200,60:86400

OpenBSD will accept lifetimes between 60 and 86400 seconds with a
default of 1 hour for phase 1 and 20 minutes for phase 2.
As you wrote, default Checkpoint lifetime are 1440 min for phase 1
(86400 seconds) and 3600 seconds for phase 2. I doubt it's a lifetime
problem. 

The configuration should work, at least it works here between Checkpoint
R61 and OpenBSD 4.0.
Could you provide us some error messages pleas? Messages from the Checkpoint 
side
would help too :)

Claer

prioritize internet browse than download

[kintaro oe]

Hi Guys,

Is it possible to prioritize Internet browsing than downloading a file like 
downloading installers or iso files? It eats up our network bandwidth. Any 
advice? Thanks!


cheers,

kintaro Oe
 
-
Sucker-punch spam with award-winning protection.
 Try the free Yahoo! Mail Beta.

Re: "ROOTBACKUP=1" corruption problems on amd64 (OPENBSD_4_0)

[Otto Moerbeek]

On Thu, 29 Mar 2007, Didier Wiroth wrote:

> Hello,
> I'm using ROOTBACKUP=1 to have daily backups on several boxes running
> amd64 OPENBSD_4_0.
> Actually I noticed that on 1 box (the hardware is +/- 3 month old), the
> partition is *always* corrupted after the backup.
> The corruption happens every day. 
> 
> Does anyone have an idea what could be the problem?

You're copying a life filessytem. Inconsitencies are to be expected.
It's the reason why fsck is run.

-Otto

> 
> I'm using a LSI Megaraid controller (see dmesg below), here is the
> output.
> #bioctl ami0
> Volume  Status   Size Device
>  ami0 0 Online   10485760 sd0 RAID5
>   0 Online   400083124224 0:0.0   noencl  3.AE>
>   1 Online   400083124224 0:1.0   noencl  3.AE>
>   2 Online   400083124224 0:2.0   noencl  3.AE>
>   3 Online   400083124224 0:3.0   noencl  3.AE>
>   4 Online   400083124224 0:4.0   noencl  3.AE>
>  ami0 1 Online2097152 sd1 RAID0
>   0 Online   400083124224 0:0.0   noencl  3.AE>
>   1 Online   400083124224 0:1.0   noencl  3.AE>
>   2 Online   400083124224 0:2.0   noencl  3.AE>
>   3 Online   400083124224 0:3.0   noencl  3.AE>
>   4 Online   400083124224 0:4.0   noencl  3.AE>
>  ami0 2 Online   73924608 sd2 RAID5
>   0 Online   400083124224 0:0.0   noencl  3.AE>
>   1 Online   400083124224 0:1.0   noencl  3.AE>
>   2 Online   400083124224 0:2.0   noencl  3.AE>
>   3 Online   400083124224 0:3.0   noencl  3.AE>
>   4 Online   400083124224 0:4.0   noencl  3.AE>
>  ami0 3 Online   739451600896 sd3 RAID5
>   0 Online   400083124224 0:0.0   noencl  3.AE>
>   1 Online   400083124224 0:1.0   noencl  3.AE>
>   2 Online   400083124224 0:2.0   noencl  3.AE>
>   3 Online   400083124224 0:3.0   noencl  3.AE>
>   4 Online   400083124224 0:4.0   noencl  3.AE>
>  ami0 4 Hot spare400083124224 0:5.0   noencl  3.AE>
> 
> Here is the daily mail report I get:
> Backing up root filesystem:
> 
> copying /dev/rsd0a to /dev/rsd0h
> 262139+1 records in
> 262139+1 records out
> 2147443200 bytes transferred in 548.279 secs (3916696 bytes/sec)
> ** /dev/rsd0h
> ** Last Mounted on /
> ** Phase 1 - Check Blocks and Sizes
> ** Phase 2 - Check Pathnames
> ** Phase 3 - Check Connectivity
> ** Phase 4 - Check Reference Counts
> UNREF FILE I=103073  OWNER=root MODE=100555
> SIZE=282672 MTIME=Feb 13 08:58 2007
> CLEAR? yes
> 
> UNREF FILE I=103086  OWNER=root MODE=100555
> SIZE=106928 MTIME=Feb 13 08:58 2007
> CLEAR? yes
> 
> UNREF FILE I=103113  OWNER=root MODE=100500
> SIZE=255536 MTIME=Feb 13 08:58 2007
> CLEAR? yes
> 
> ** Phase 5 - Check Cyl groups
> FREE BLK COUNT(S) WRONG IN SUPERBLK
> SALVAGE? yes
> 
> SUMMARY INFORMATION BAD
> SALVAGE? yes
> 
> BLK(S) MISSING IN BIT MAPS
> SALVAGE? yes
> 
> 3116 files, 24391 used, 1007208 free (280 frags, 125866 blocks, 0.0%
> fragmentation)
> 
> MARK FILE SYSTEM CLEAN? yes
>  end snip --
> 
> Here is the dmesg:
> OpenBSD 4.0-stable (GENERIC.MP) #0: Mon Jan  8 12:54:22 CET 2007
>  
> [EMAIL PROTECTED]:/home/sources/src/sys/arch/amd64/compile/G
> ENERIC.MP
> real mem = 2146562048 (2096252K)
> avail mem = 1834729472 (1791728K)
> using 22937 buffers containing 214863872 bytes (209828K) of memory
> mainbus0 (root)
> bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0690 (74 entries)
> bios0: stem manufacturer P5WDG2 WS PRO
> mainbus0: Intel MP Specification (Version 1.4) (INTELPRO )
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2404.44 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
> CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,LONG
> cpu0: 4MB 64b/line 16-way L2 cache
> cpu0: apic clock running at 267MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2404.11 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
> CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,LONG
> cpu1: 4MB 64b/line 16-way L2 cache
> mpbios: bus 0 is type PCI
> mpbios: bus 1 is type PCI
> mpbios: bus 2 is type PCI
> mpbios: bus 3 is type PCI
> mpbios: bus 4 is type PCI
> mpbios: bus 5 is type PCI
> mpbios: bus 6 is type ISA
> ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins
> ioapic1 at mainbus0 apid 3 pa 0xfec1, version 20, 24 pins
> pci0 at mainbus0 bus 0: co

Re: prioritize internet browse than download

[Kamil Monticolo]

On Thu, 29 Mar 2007 01:25:26 -0700 (PDT)
kintaro oe <[EMAIL PROTECTED]> wrote:

> Hi Guys,
> 
> Is it possible to prioritize Internet browsing than downloading a file like 
> downloading installers or iso files? It eats up our network bandwidth. Any 
> advice? Thanks!

man pf.conf
/QUEUE

Re: prioritize internet browse than download

[Siju George]

On 3/29/07, Kamil Monticolo <[EMAIL PROTECTED]> wrote:

On Thu, 29 Mar 2007 01:25:26 -0700 (PDT)
kintaro oe <[EMAIL PROTECTED]> wrote:

> Hi Guys,
>
> Is it possible to prioritize Internet browsing than downloading a file like 
downloading installers or iso files? It eats up our network bandwidth. Any advice? 
Thanks!

man pf.conf
/QUEUE



this is good for limiting bandwidth based on ( source and destination
) domain names, IP address, port numbers, protocols, IP versions etc.

but PF cannot process URLs and filter/queue using file types like
*.iso, *.msi, *.exe, *.wmv, *.mpe etc.

kind Regards

Siju

Siju

Re: prioritize internet browse than download

[stefan hoffmann]

hi,

kintaro oe wrote:

Is it possible to prioritize Internet browsing than downloading a file like 
downloading installers or iso files? It eats up our network bandwidth. Any 
advice? Thanks!

Take a look at squid and its delay pools. That should do it.


mfG
--> stefan <--

Re: Not getting much bandwidth through the firewall

[Claudio Jeker]

On Thu, Mar 29, 2007 at 02:18:30AM -0400, Kyle George wrote:
> On Wed, 28 Mar 2007, Watson Crick wrote:
> 
> >I've got OpenBSD 4.0 (release) on a laptop setup up as a router between 
> >2 subnets, and providing internet access through a 3rd nic to a DSL 
> >modem. The problem is the bandwidth between the two subnets.  I'm only 
> >getting a maximum of about 500 KB/s between two 100mbit cards. Top shows 
> >~70% interrupt (~29% idle) while these transfers are going on. I don't 
> >know what the bottleneck is in the system.  Are the Linksys PCMCIA nics 
> >crappy? Did I screw something else up?
> 
> Try http://www.openbsd.org/faq/faq6.html#Tuning.
> 
> Increase net.inet.tcp.{send,recv}space.
> 
> Try this before worrying about your hardware.
> 

The send and receive socket buffer space has nothing to do with forwarding
performance. This will only affect connections from and to the box itself.

I think the bigger problem are the PCMCIA nics. PCMCIA is a slow bus
comparable to ISA and most PCMCIA cards are evil old clones of already
terrible MAC chips. Also check the duplex mode -- autonegotiation can
fail with older cards.

-- 
:wq Claudio

Re: Long WEP key

[Sunnz]

I am curious about this too, so if anyone got the link it would be
great to post it, thanks.

So VPN is the way to go if you really want to secure your wireless network?

2007/3/29, Nick ! <[EMAIL PROTECTED]>:

On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
> Maxime DERCHE wrote:
> > IMHO you should think to configure your AP to provide a WAP-based
> > encryption...
>
> WAP-based encryption? Do you mean WPA?

And to answer the original question: because OpenBSD doesn't support
WPA, and Theo has claimed somewhere that I can never find the link to
that WPA gives a false sense of security anyway.

-Nick





--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Re: Long WEP key

[Lars Hansson]

Sunnz wrote:

So VPN is the way to go if you really want to secure your wireless network?


VPN only secures traffic to and from the gateway, not *among* machines 
connected to the AP. If your AP is OpenBSD then VPN would work but most 
off-the-shelf AP's cant act as VPN endpoints and for those WEP and WPA 
are the only ways to secure your all your wireless traffic.


---
Lars Hansson

Re: Long WEP key

[Sunnz]

Then is it possible/practical to connect to a VPN machine on your LAN
and use the VPN's machines connection?

For a simplistic example, say I've got a wireless router gateway, with
a cable connected OpenBSD server, and I connect to the server 's VPN
via the router wirelessly from my laptop.

2007/3/29, Lars Hansson <[EMAIL PROTECTED]>:

Sunnz wrote:
> So VPN is the way to go if you really want to secure your wireless network?

VPN only secures traffic to and from the gateway, not *among* machines
connected to the AP. If your AP is OpenBSD then VPN would work but most
off-the-shelf AP's cant act as VPN endpoints and for those WEP and WPA
are the only ways to secure your all your wireless traffic.

---
Lars Hansson





--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Re: Long WEP key

[Stuart Henderson]

On 2007/03/29 21:44, Sunnz wrote:
> I am curious about this too, so if anyone got the link it would be
> great to post it, thanks.
> 
> So VPN is the way to go if you really want to secure your wireless network?

VPN is good at adding privacy and authentication protection to
transmitted data. I'm not sure you can really use 'really secure'
when you're talking about 802.11 DSSS, though.

One point to note is that the network management frames are
unprotected (even with WPA).

Re: prioritize internet browse than download

[Kamil Monticolo]

On Thu, 29 Mar 2007 16:12:07 +0530
"Siju George" <[EMAIL PROTECTED]> wrote:

> On 3/29/07, Kamil Monticolo <[EMAIL PROTECTED]> wrote:
> > On Thu, 29 Mar 2007 01:25:26 -0700 (PDT)
> > kintaro oe <[EMAIL PROTECTED]> wrote:
> >
> > > Hi Guys,
> > >
> > > Is it possible to prioritize Internet browsing than downloading a file 
> > > like downloading installers or iso files? It eats up our network 
> > > bandwidth. Any advice? Thanks!
> >
> > man pf.conf
> > /QUEUE
> >
> 
> this is good for limiting bandwidth based on ( source and destination
> ) domain names, IP address, port numbers, protocols, IP versions etc.
> 
> but PF cannot process URLs and filter/queue using file types like
> *.iso, *.msi, *.exe, *.wmv, *.mpe etc.
> 
> kind Regards
> 
> Siju
> 
> Siju
> 
Sorry, You are right. I misunderstanding that a bit.
Kamil Monticolo

"The move" Closing party

[the move]

The move (100m voor sotto's)
Buke 182 /// 9620 ZOTTEGEM

Vrijdag 30 maart '07   'Closing party'

The move is overgenomen door nieuwe eigenaars (hun bedoeling is nog niet
bekend).  Nu vrijdag is 'the move' de laatste maal open met resident dj
benny.
Wij danken iedereen die 'the move' bezocht heeft en hopen dat jullie er nu
vrijdag voor de laatste maal nog eens zullen bij zijn.

Alle dranken gratis en a volonti: INKOM 10
Dj Benny

Greetz "The Move crew"

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
sluiting movekl.JPG]

Re: Long WEP key

[Nick !]

On 3/29/07, Sunnz <[EMAIL PROTECTED]> wrote:

2007/3/29, Nick ! <[EMAIL PROTECTED]>:
> On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
> > Maxime DERCHE wrote:
> > > IMHO you should think to configure your AP to provide a WAP-based
> > > encryption...
> >
> > WAP-based encryption? Do you mean WPA?
>
> And to answer the original question: because OpenBSD doesn't support
> WPA, and Theo has claimed somewhere that I can never find the link to
> that WPA gives a false sense of security anyway.
>
I am curious about this too, so if anyone got the link it would be
great to post it, thanks.


Here you go:

-- Forwarded message --
From: Jon Radel <[EMAIL PROTECTED]>
Date: Mar 29, 2007 1:17 AM
Subject: Re: Long WEP key
To: Nick ! <[EMAIL PROTECTED]>



Nick ! wrote:

Theo has claimed somewhere that I can never find the link to


http://www.tjrforum.com/archive/index.php/t-2513.html gives a quote but
I can't find the original source.

e-mail

[Valeriy Mamayev]

Good afternoon, COMCAST.NET,

I ask to make working entering and outcoming mail Outlook Express to authorize.

My name: brandglobe
The password: topbrand2005
Independently to make mail working could not.
Many thanks to you.
All kindest.

My e-mail: [EMAIL PROTECTED]

Valeriy Mamayev

Re: "ROOTBACKUP=1" corruption problems on amd64 (OPENBSD_4_0)

[Darrin Chandler]

On Thu, Mar 29, 2007 at 09:11:36AM +0200, Didier Wiroth wrote:
> Hello,
> I'm using ROOTBACKUP=1 to have daily backups on several boxes running
> amd64 OPENBSD_4_0.
> Actually I noticed that on 1 box (the hardware is +/- 3 month old), the
> partition is *always* corrupted after the backup.
> The corruption happens every day. 
> 
> Does anyone have an idea what could be the problem?

Here's a guess: you updated your system, but haven't rebooted since
building userland. If that's the case, reboot and I bet the next backup
is a *lot* cleaner.

If that's not the case, then what Otto said. ;)

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: Long WEP key

[Sunnz]

Hmmm had Theo ever talked about this on the list?

I think many people are/will find this to be very strange... WPA is
considered as "broken" and "insecure", which is understandable for a
OS that focuses on security... but it _does_ provide WEP, a even more
broken, insecure solution?

2007/3/29, Nick ! <[EMAIL PROTECTED]>:

On 3/29/07, Sunnz <[EMAIL PROTECTED]> wrote:
> 2007/3/29, Nick ! <[EMAIL PROTECTED]>:
> > On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
> > > Maxime DERCHE wrote:
> > > > IMHO you should think to configure your AP to provide a WAP-based
> > > > encryption...
> > >
> > > WAP-based encryption? Do you mean WPA?
> >
> > And to answer the original question: because OpenBSD doesn't support
> > WPA, and Theo has claimed somewhere that I can never find the link to
> > that WPA gives a false sense of security anyway.
> >
> I am curious about this too, so if anyone got the link it would be
> great to post it, thanks.

Here you go:

-- Forwarded message --
From: Jon Radel <[EMAIL PROTECTED]>
Date: Mar 29, 2007 1:17 AM
Subject: Re: Long WEP key
To: Nick ! <[EMAIL PROTECTED]>


> Nick ! wrote:
>
> Theo has claimed somewhere that I can never find the link to

http://www.tjrforum.com/archive/index.php/t-2513.html gives a quote but
I can't find the original source.





--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Notre dossier spécial informatique et télécom. Recevez votre devis en 48H.

[Votre conseiller du Guide des Prestataires]

Ce message est au format HTML. Si vous ne parvenez pas ` le lire, cliquez
ici.

[IMAGE]

GESTION D'ENTREPRISE

MARKETING ET COMMUNICATION

NOUVELLES TECHNOLOGIES

GESTION DU PERSONNEL

LOGISTIQUE ET EQUIPEMENT

VEHICULES ET UTILITAIRES

BOUTIQUE EN LIGNE

[IMAGE]

Informatique, Tilicom, Tiliphonie,
Vidio Surveillance, Giolocalisation, Infogirence.

Autant de nouveaux domaines et de nouvelles technologies qui peuvent
booster votre activiti, vous aider ` amiliorer votre productiviti ` une
seule et mjme condition : Travailler avec le bon prestataire !

Travaillez-vous aujourd'hui avec le bon prestataire ?

Consultez la liste de prestataires que nous vous conseillons sur cet
e- mail.

Trouvez le bon prestataire en quelques clics !

Ne perdez plus de temps ` rechercher et comparer vos prestataires !

Sur chacune de nos fiches prestataires, vous verrez en temps riel la
notation du prestataire par les clients l'ayant dhj` pratiqui et le
nombre de connexion sur sa page. Aprhs, il ne vous reste plus qu'` faire
une ou plusieurs demandes gratuites de devis et on s'occupe de vous !

Nos conseillers sont ` votre disposition toute la semaine de 09h00 `
18h00 pour vous renseigner et vous guider dans le choix de vos
prestataires
PLUS DE 200 PRESTATAIRES SUR 55 SERVICES 24H/24 - 7J/7

www.guidedesprestataires.com



Silectionnez parmi nos prestataires labellisis en cochant dans les
annonces ci-dessous



Vous disirez accider aux donnies de votre entreprise de n'importe oy?
C'est possible avec nos solutions NOMADE !
Etes-vous contraint de rester au bureau pour accider aux donnies de votre
entreprise? Pas du tout ! Que vous soyez en diplacement, chez vous ou en
dimonstration chez un client vous pouvez accider aux donnies de
l'entreprise 24 h/24 et 7j/7 en toute sicuriti.

Dicouvrez les solutions IC CENTREX d\'IC TELECOM
Trouvez les meilleures solutions pour vos installations tiliphoniques.
Dicouvrez de nouvelles technologies avec IC CENTREX, votre tiliphonie par
voie IP.

AMPTECH couvre l\'ensemble des services informatique de votre entreprise.
Du dipannage rapide ` la prestaation spicialisie.
AMPTECH couvre l"ensemble des besoins informatique d'une entreprise. Les
spicialitis de ce prestataire est tout d'abord le dipannage informatique,
l'assistance a distance, les sauvegardes en lignes pour une meilleure
sicuriti, l'hibergement de site Internet. AMPTECH vous offre un mois sur
votre contrat d'assistance !

La tili-assistance pour une meilleure gestion de votre parc informatique
Avec la multiplication des virus, des problhmes de messagerie, de Spam et
autres, vous jtes tous les jours confrontis ` divers problhmes
informatiques. La tili-assistance permet de prendre le contrtle de votre
parc informatique et de risoudre votre problhme en moins de 5 MN !

Tiliphonie mobile pour professionnels. Dicouvrez les illimitis de
Bouygues Tilicom
Des forfaits illimitis en tiliphonie mobile, adaptis a toutes les
entreprises de la plus petite ` la plus grande.Profitez des offres et
tiliphonie mobile ` partir de 59  ht par mois.Avec ALTER TELCOM
dicouvrez la mobiliti sur PDA(ordinateur de poche)avec des forfait ` 19
ht / mois !

MA VISION : Le spicialiste de la vidio IP
Gardez un oeil sur votre activiti avec la Vidio sur IP

Dopez vos ventes en communiquant par fax
Envoyez vos tilicopies depuis n'importe quels logiciels en quelques
clics...

VISIBLESITE: Les solutions de Rifirencement!
Amiliorez votre visibiliti sur les principaux moteurs de recherche!

Simplifiez votre messagerie avec MICROSOFT EXCHANGE!
Au bureau ou en diplacement, consultez votre messagerie MICROSOFT
EXCHANGE. Pas d'installation, pas de serveur, pas de soucis!

BSI conseil 100% impression!
Dicouvrez des tilicopieurs professionnels: Le tout en un!

ACPL France: Opirateur en tilicommunication et en infogirance
Confiez la gestion et le diveloppement de votre informatique ` des
spicialistes

Trouvez des solutions pour financer votre parc informatique!
FIPARC: votre solution locative informatique et tilicom.



LES INCONTOURNABLES
Silectionnez parmi nos prestataires labellisis en cochant dans les
annonces ci-dessous



Assurance: Payez-vous le meilleur prix ?
AUDIT CHORUS CONSEIL est un bureau d'itude spicialisi en audit des
risques des assurances. Que vous soyez ` la recherche de Mutuelle, d'une
assurance privoyance ou simplement pour l'assurance des bris de machines,
AUDIT CHORUS est le prestataire qu'il vous faut.

Une iquipe soudie, en parfait accord!
Dicouvrez toutes les formations nicessaires ` la gestion de votre
personnel. Que vous soyez dirigeant, cadre ou manager trouvez la solution
grbce aux formations sur mesure de KEY CONCEPT.

Gio-localiser pour mieux girer!
OCEAN, la mithode de g

Re: Not getting much bandwidth through the firewall

[Siju George]

On 3/29/07, Kyle George <[EMAIL PROTECTED]> wrote:

On Wed, 28 Mar 2007, Watson Crick wrote:

> I've got OpenBSD 4.0 (release) on a laptop setup up as a router between
> 2 subnets, and providing internet access through a 3rd nic to a DSL
> modem. The problem is the bandwidth between the two subnets.  I'm only
> getting a maximum of about 500 KB/s between two 100mbit cards. Top shows
> ~70% interrupt (~29% idle) while these transfers are going on. I don't
> know what the bottleneck is in the system.  Are the Linksys PCMCIA nics
> crappy? Did I screw something else up?

Try http://www.openbsd.org/faq/faq6.html#Tuning.

Increase net.inet.tcp.{send,recv}space.



It says

 "You would normally use this to allow for routing or connection
problems. Of course, for it to be most effective, both sides of the
connection need to use similar values."

If you have an ISP that gives you IP aadrees ( using PPPOE ) it there
a way to measure or detect the valuse on the ISP's side?

The main problem being the support personnel mostly doesnot know these
things :-(

Thankyou so much

kind regards

Siju

Apple hardware support?

[David Given]

Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as
the Macbook?

I can't imagine it would be particularly hard; there'd need to be a way of
loading and running a kernel via EFI, and then tweaking the hardware
detection.

The reason why I ask is that I've been eyeing the new Apple TV with a certain
amount of interest. For only 150 UKP, you get a rather nice little box with
very low power requirements and some decent hardware, which would be ideal as
a home server. And I know the hardware is very similar to the Macbook. And,
of
course, the best server software is OpenBSD.

--
bbb o=o=o< o=o=o=o=o=
o=o=o<o=o=o=
 bbb
http://www.cowlark.com
bbbbbbbbbbbbbbbbbbb
b "Thou who might be our Father, who perhaps may be in Heaven, hallowed be
b Thy Name, if Name Thou hast and any desire to see it hallowed..." ---
b _Creatures of Light and Darkness_

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Apple hardware support?

[Greg Thomas]

On 3/29/07, David Given <[EMAIL PROTECTED]> wrote:

Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as
the Macbook?



Scan the freakin' email archives.  There are several recent notes
about the laptops, nothing about the AppleTV yet that I've noticed.

Greg

Re: Not getting much bandwidth through the firewall

[Stuart Henderson]

On 2007/03/29 22:55, Siju George wrote:
> On 3/29/07, Kyle George <[EMAIL PROTECTED]> wrote:
> >On Wed, 28 Mar 2007, Watson Crick wrote:
> >
> >> I've got OpenBSD 4.0 (release) on a laptop setup up as a router between
> >> 2 subnets, and providing internet access through a 3rd nic to a DSL
> >> modem. The problem is the bandwidth between the two subnets.  I'm only
> >> getting a maximum of about 500 KB/s between two 100mbit cards. Top shows
> >> ~70% interrupt (~29% idle) while these transfers are going on. I don't
> >> know what the bottleneck is in the system.  Are the Linksys PCMCIA nics
> >> crappy? Did I screw something else up?
> >
> >Try http://www.openbsd.org/faq/faq6.html#Tuning.
> >
> >Increase net.inet.tcp.{send,recv}space.
> >
> 
> It says
> 
>  "You would normally use this to allow for routing or connection
> problems. Of course, for it to be most effective, both sides of the
> connection need to use similar values."
> 
> If you have an ISP that gives you IP aadrees ( using PPPOE ) it there
> a way to measure or detect the valuse on the ISP's side?

The ISP don't normally have anything to do with this (excepting any
connections to their servers) (but see below about proxies). The relevant
settings are those on the endpoints of the TCP connection.

You might want to increase {send,recv}space if you have a connection
which has high bandwidth *and* high latency (i.e. ping times). But
it will only make a difference when you connect to servers which also
have high window sizes configured; often busy servers don't since it
increases the memory requirements.

If you're interested to see how altering this looks from the
perspective of network packets, run tcpdump(8) and watch how the
values in TCP SYN packets change as you vary the sysctl values
and make connections.

If there is a proxy in the path between you and the "real"
endpoint, the TCP endpoints are then your machine and that proxy.
In those cases, the ISP (or whoever) does have control over these
tuning parameters.

Re: Apple hardware support?

[Tasmanian Devil]

Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as
the Macbook?


The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to
enable ACPI with "config -ef bsd.mp" (or on the boot prompt).


I can't imagine it would be particularly hard; there'd need to be a way of
loading and running a kernel via EFI, and then tweaking the hardware
detection.


EFI emulates a normal PC BIOS if there's no Mac OS X on the harddisk.
OpenBSD boots fine (though it doesn't feel like booting if no monitor
is attached, but you can emulate one easily with a dongle, and
automatic restart on power failure needs a little software trick).


And, of course, the best server software is OpenBSD.


That's true! :-)

Tas.

Re: Apple hardware support?

[Tasmanian Devil]

Scan the freakin' email archives.  There are several recent notes
about the laptops, nothing about the AppleTV yet that I've noticed.


I just searched a bit about this Apple TV: It might be necessary to
remove the harddisk to copy OpenBSD on it, but otherwise it could work
(as a server, not as a multimedia device).

An interesting link I found:
http://www.roughlydrafted.com/RD/RDM.Tech.Q1.07/E1D8A057-6FBB-4269-A348-27AF9010FB19.html

Tas.

Re: Apple hardware support?

[Otto Moerbeek]

On Thu, 29 Mar 2007, David Given wrote:

> Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as
> the Macbook?
> 
> I can't imagine it would be particularly hard; there'd need to be a way of
> loading and running a kernel via EFI, and then tweaking the hardware
> detection.

Work on your imagination and don't jump to conclusions.

Apple managed to make i386 hardware that is slightly different than
other PC hardware and with it own set of quircks/bugs. Some progress
has been made, but depending on the model and processor (e.g. Core Duo
vs Core Duo 2) the Apple Intels either works mostly or don't work
(yet). 

> The reason why I ask is that I've been eyeing the new Apple TV with a certain
> amount of interest. For only 150 UKP, you get a rather nice little box with
> very low power requirements and some decent hardware, which would be ideal as
> a home server. And I know the hardware is very similar to the Macbook. And,
> of
> course, the best server software is OpenBSD.

Similar hardware is not enough to know. The devil is in the details.
Sending an Apple TV to an interested developer might speed things up. 

-Otto

Re: Apple hardware support?

[Otto Moerbeek]

On Thu, 29 Mar 2007, Tasmanian Devil wrote:

> > Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as
> > the Macbook?
> 
> The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to
> enable ACPI with "config -ef bsd.mp" (or on the boot prompt).

This is not true. At least it has been reported that the MacBook Pro
with Core Due 2 processor does not run.
> 
> > I can't imagine it would be particularly hard; there'd need to be a way of
> > loading and running a kernel via EFI, and then tweaking the hardware
> > detection.
> 
> EFI emulates a normal PC BIOS if there's no Mac OS X on the harddisk.
> OpenBSD boots fine (though it doesn't feel like booting if no monitor
> is attached, but you can emulate one easily with a dongle, and
> automatic restart on power failure needs a little software trick).

BTW, you can install OpenBSD on a BootCamp partition. After creating
the Bootcamp partition using the wizard, boot using the OpenBSD CD,
and in the fdisk step in the installer, set the partition type to A6,
make it active and update the MBR. 

-Otto

Re: Not getting much bandwidth through the firewall

[Bryan Irvine]

The send and receive socket buffer space has nothing to do with forwarding
performance. This will only affect connections from and to the box itself.


but don't routed packets go to and from the box itself?

My download speeds on my mythtv/ubuntu system jumped from 1.5Mb/s to
12Mb/s after increasing those on my firewall.


I think the bigger problem are the PCMCIA nics. PCMCIA is a slow bus
comparable to ISA and most PCMCIA cards are evil old clones of already
terrible MAC chips. Also check the duplex mode -- autonegotiation can
fail with older cards.


I tend to agree that the problem is likely here.  Laptops tend to not
have superfast bus speeds.

I also wonder if he actually meant that capital B.  500KB isn't too
shabby (what's that 4Mb?) while 500Kb isn't so good.  If he's actually
pushing 4Mb through his laptops crappy old pcmcia that may be as good
as it gets.

--Bryan

Re: Apple hardware support?

[Tasmanian Devil]

> > Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as
> > the Macbook?
>
> The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to
> enable ACPI with "config -ef bsd.mp" (or on the boot prompt).

This is not true. At least it has been reported that the MacBook Pro
with Core Due 2 processor does not run.


Oh, sorry, I didn't know that. Thank you for correcting me!

Tas.

Re: Not getting much bandwidth through the firewall

[Henning Brauer]

* Bryan Irvine <[EMAIL PROTECTED]> [2007-03-29 21:11]:
> >The send and receive socket buffer space has nothing to do with forwarding
> >performance. This will only affect connections from and to the box itself.
> 
> but don't routed packets go to and from the box itself?

they don't go to or thru the socket buffers you increased.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: Long WEP key

[smith]

I'd be more scared of the hacker that can bypass wep,

than the average joe without wep.

The hacker knows how to exploit your wep-decrypted network traffic,

the average joe doesn't even if it were plain-text data.

Re: Long WEP key

[Jeremy Huiskamp]

On 29-Mar-07, at 9:59 AM, Nick ! wrote:



Nick ! wrote:

Theo has claimed somewhere that I can never find the link to


http://www.tjrforum.com/archive/index.php/t-2513.html gives a quote  
but

I can't find the original source.


I'd like to hear an actual developer position on that statement.  I  
read it as a criticism of the way WPA is used more than of the  
protocol itself.  As in, it's of little value to encrypt the traffic  
if you allow anybody to access it.  If Theo was saying that it sucks  
even when you're using some sufficient form of authentication (other  
than that it's maybe too complicated), I'd love to have it explained.


Jeremy

Re: Long WEP key

[Siegbert Marschall]

Well,

> I'd be more scared of the hacker that can bypass wep,
>
> than the average joe without wep.
>
> The hacker knows how to exploit your wep-decrypted network traffic,
>
> the average joe doesn't even if it were plain-text data.
>
it's not always about sniffing something, sometimes it's about
access only.
If somebody does something bad with my unencrypted access-point
using my internet-access, here in germany I am liable.
If I configure feeble WEP64/40 I am not since there is at least
some "protection" to be illegaly bypassed before the network can
be used.

Same with your car, leave the door open and the key in the lock for
everybody even minor to drive and the accident will be your problem
since the car hasn't been stolen. Lock the car and not matter if you
can short and open the thing with your fingers only it's a different
story since the car is "stolen".

So even though WEP is trash, from certain points of view it's a usefull
as a cheap padlock on the garden hood so the next neighbours children
don't kill themself with the axe or whatever is in there. If they
break the window and get in there, it's their problem. Not that this
is a lot more difficult then cracking WEP. /pun Cracking windows just
makes more noise.

Of course this is all a bit simplified but maybe some of the people
here declaring that WEP is trash and shouldn't be used wake up and
see that even "trashy" protection has it's use as long as it offers
"some" protection.

-sm

Re: Long WEP key

[Siegbert Marschall]

Hi,

> I'd like to hear an actual developer position on that statement.  I
> read it as a criticism of the way WPA is used more than of the
> protocol itself.  As in, it's of little value to encrypt the traffic
> if you allow anybody to access it.  If Theo was saying that it sucks
> even when you're using some sufficient form of authentication (other
> than that it's maybe too complicated), I'd love to have it explained.
>
not in the mood to search for it, but I've seen people demonstrating
that WPA is as useless as WEP, just different approach and different
software. WPA2 is a bit better but there are still a few underlying
"design flaws" which make the whole stuff on it's own rather insecure.
can't recall though that anybody had WPA2 exploited at the time but
that's more then a year in the past so I wouldn't trust it.

however, google should find the stuff somewhere, it was demonstrated
on a few events, docs should be on the net, no need to bother theo
with this.

-sm

Re: Not getting much bandwidth through the firewall

[Ted Unangst]

On 3/29/07, Siju George <[EMAIL PROTECTED]> wrote:

On 3/29/07, Kyle George <[EMAIL PROTECTED]> wrote:
> On Wed, 28 Mar 2007, Watson Crick wrote:
>
> > I've got OpenBSD 4.0 (release) on a laptop setup up as a router between
> > 2 subnets, and providing internet access through a 3rd nic to a DSL
> > modem. The problem is the bandwidth between the two subnets.  I'm only
> > getting a maximum of about 500 KB/s between two 100mbit cards. Top



If you have an ISP that gives you IP aadrees ( using PPPOE ) it there
a way to measure or detect the valuse on the ISP's side?


why the hell does the isp matter routing when between two local subnets?

Re: login_ldap

[Joachim Schipper]

On Wed, Mar 28, 2007 at 12:45:04PM -0400, Mike Erdely wrote:
> What I've decided to do since I can't make this work ('cause I'm an 
> idiot) and pserver is insecure and sucks, I'm going to set local 
> passwords for users that require pserver that are different from their 
> LDAP password.  That way, their LDAP password won't go in the clear.
 
Just another thought I had 1/2 a second after hitting 'send'...

Maybe SSH tunneling and/or authpf is useful here? You could get fancy
with a full VPN - IPsec is well-supported by OpenBSD, and can be made to
work on other systems, and OpenVPN is easy to install - but forwarding
2401/tcp most likely suffices.

Joachim

Re: login_ldap

[Joachim Schipper]

On Wed, Mar 28, 2007 at 12:45:04PM -0400, Mike Erdely wrote:
> Joachim Schipper wrote:
> >On Tue, Mar 27, 2007 at 04:49:05PM -0400, Mike Erdely wrote:
> >>I'm trying to get login_ldap to work with cvs pserver (run out of inetd).
> >I think you are misunderstanding some things, or doing something that
> >doesn't work; however, since I've never tried to set up a pserver, you'd
> >best check what I'm going to say next.
> 
> I tried to give as much info as I could...
> 
> >First, read login.conf(5), and note that just adding the above isn't
> >going to help any. You must define a new login class, at least, and
> >change master.passwd(5) to make sure the appropriate user has your newly
> >defined login class (the value of 'appropriate' depends on whether or
> >not the stuff below is correct...).
> 
> I did read login.conf(5) and I must have missed something.  But, I think 
> you're not understanding how this stuff works:

Quite possibly, hence the above caveat.

> 1. I installed the login_ldap package.
> 2. I added a ldap section to login.conf
> 3. I configured my users to be part of the ldap class (using vipw). 
> Users have no local password set.
> 4. I tested using CVS over SSH and it works as expected.
> 5. I tried using pserver and cannot authenticate.
> 6. I set a local password that is different from my ldap password (ssh 
> still uses ldap.  sudo still uses ldap).
> 7. I tried pserver and was able to authenticate with the local password 
> but not ldap's password.
> 
> I had previously had a similar problem with ftp until I made this change 
> to login.conf:
> - auth-ftp-defaults:auth-ftp=password:
> + auth-ftp-defaults:auth-ftp=-ldap:
> 
> >Then, you should have whatever daemon your users use to connect with the
> >usual BSD login mechanism (which might be called bsdauth, or whatever).
> >I don't believe GNU CVS does that, and OpenCVS doesn't do authentication
> >at all. Your best bet is probably setting up ssh; sshd uses the BSD
> >authentication routines by default.
> 
> You would think that the daemon would use "the usual BSD login 
> mechanism" but ftpd doesn't.  And pserver running out of inetd doesn't 
> either.  I don't know if the fact that I'm using inetd for pserver has 
> any bearing on this issue, but I thought giving all information would be 
> helpful.

Actually, ftpd does. inetd doesn't do authentication at all, and
pserver... well, see below.

> I know my "best bet" is using ssh.  I'd much rather use ssh.  But you 
> can't always do what you want.  Some of my 50 developers are using COTS 
> development tools that ONLY know pserver.  They don't like it either, 
> but it's required for the project they're working on.  So, while pserver 
> sucks, it's necessary in this case.
> 
> >However, unless I am sorely mistaken, by this point, there's no need to
> >set up inetd and what you have is a CVS repository, but *not* a pserver.
> 
> What I've decided to do since I can't make this work ('cause I'm an 
> idiot) and pserver is insecure and sucks, I'm going to set local 
> passwords for users that require pserver that are different from their 
> LDAP password.  That way, their LDAP password won't go in the clear.

That is a good solution. The problem is, in fact, rather simple: pserver
does, in fact, not use bsd authentication. This is documented in
http://ximbiot.com/cvs/manual/cvs-1.12.13/cvs_2.html#SEC31 and
elsewhere; however, that page also suggests that you could create a
custom password file. Maybe a small script is in order (get 'cvspass'
from LDAP, format text file, mv it over the old one, repeat every x
minutes)?

Anyway, good luck, and let us know if you have any more problems.

Joachim

Re: May I have a cluestick, please?

[Joachim Schipper]

On Wed, Mar 28, 2007 at 03:52:44PM -0400, STeve Andre' wrote:
>I have a -current system thats working just fine as a web
> server. Everything is working as it should, save for updating
> the wtmp for logins.
> 
>The last entry in the wtmp was the reboot for going live--
> since then logins work as expected but there is no record
> of them.
> 
>Suggestions as to what to look for, to fix this?  File perms
> aren't a problem, and nothing seems unusual to me.  This
> is a -current system compiled on March 14th.

Not that I have any particular idea, but what constitutes a 'login'?

Joachim

Re: Long WEP key

[Joachim Schipper]

On Thu, Mar 29, 2007 at 10:22:36PM +1000, Sunnz wrote:
> Then is it possible/practical to connect to a VPN machine on your LAN
> and use the VPN's machines connection?
> 
> For a simplistic example, say I've got a wireless router gateway, with
> a cable connected OpenBSD server, and I connect to the server 's VPN
> via the router wirelessly from my laptop.

Yes, this would work. There are still some issues [1], but it would work.

Joachim

[1] For one, it doesn't prevent someone from just flooding the AP...

Re: ntpd not synching

[Joachim Schipper]

On Thu, Mar 29, 2007 at 09:13:56AM +0200, Otto Moerbeek wrote:
> On Wed, 28 Mar 2007, [EMAIL PROTECTED] wrote:
> 
> > hi,
> > 
> > On Tue, Mar 27, 2007 at 01:49:16PM +0200, Otto Moerbeek wrote:
> >  
> > > It looks like your clock drifts more that ntpd can compensate. Please
> > > share some details on your setup, like the dmesg.  Also, if you remove
> > > the drift file, you must reboot, since otherwise the existing
> > > frequency compensations stays in effect. 
> > 
> > ok, i cleared the drift-file and rebooted. as near as i can
> > figure (i had to boot multiple times, and unclean at that) this
> > is what happend slightly bfore/during/after the last boot (the times 
> > are so screwed i can't really make it out).
> 
> Yep, this configrms it. Your clock is drifting so much that ntpd can't
> keep up. I'm afraid there's not a lot I can do about that.

Unless I'm very confused, though, repeated use of something like
rdate(8) will work, or, rather, 'work'...

Joachim

Re: SMP causing uvm_fault

[Jon Steel]

Hi

Ive finally got the current version running and the problem below has
disappeared. I was wondering however if the problem has actually been
solved.

The line of code that Im crashing on is line 3005 of pmap.c in version 4.0:

3005if (pve->pv_ptp && (PDE(pve->pv_pmap,
3006 pdei(pve->pv_va)) & PG_FRAME) !=
3007 VM_PAGE_TO_PHYS(pve->pv_ptp)) {

Specifically its crashing on PDE(pve->pv_pmap, pdei(pve->pv_val) because
of a page fault. This code has disappeared in -current, but does anybody
who was working on this section of code now why I was having this
problem or if its been fixed?

Thank you

Jonathan  Steel


Jon Steel wrote:
> Hi
>
> Im having a very similar problem as the one reported in Bug Query 5374.
> Im trying to solve the problem but Im finding it very hard to even get
> started. Is there somewhere besides the code that I can start to try and
> understand how SMP is being handled?
>
> http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=5374
>
> I can usually duplicate the crash by running the follwing script several
> times concurrently.
>
> #!/usr/bin/perl
>
> system("tcpdump -i em1 -w /var/crashTest1.pcap&");
> system("tcpdump -i em1 -w /var/crashTest2.pcap&");
> system("tcpdump -i em1 -w /var/crashTest3.pcap&");
> system("tcpdump -i em1 -w /var/crashTest4.pcap&");
> system("tcpdump -i em1 -w /var/crashTest5.pcap&");
> system("tcpdump -i em1 -w /var/crashTest6.pcap&");
> system("tcpdump -i em1 -w /var/crashTest7.pcap&");
>
> while (1) {
> system("nmap 192.168.66.90&");
> }
>
> Then after about an hour, when you try and reboot, I get an error:
>
> uvm_fault(0x..., 0x..., 0, 1) -> e
> kernel: page fault trap, code = 0
> stopped at pmap_page_remove_86+0x114:
> 0(%eax, %edx, 4), %eax
>
> The trace output is:
>
> pmap_page_remove_86(d0d31420,c0,e9b57e2c,d04adeb9,e99f) at 
> pmap_page_remove_86+0x114
> uvm_vnp_terminate(d8034e04,0,0,0,0,14,0,d7e95004) at uvm_vnpterminate+0x31f
> uvm_attach(d8034e04,0,2,0,d7f38378) at uvn_attach+0x2b5
> uvm_unmap_detach(d7e959a4,0,d7f3841c,1) at uvm_unmap_detach+-x62
> uvmspace_free(d7f38378,6,d08120e0) at uvmspace_free+0xfd
> uvm_exit(d7fbb868,14,8,286) at uvm_exit+0x19
> reaper(d80df430) at reaper+0x90
> Bad frame pointer: 0xd0913eb8
>
>
> A couple times the error has also occured on its own without saying
> 'reboot' when running a ton of nmaps and tcpdumps at the same time.
>
> This trace is remarkably similar to the one in Bug Query 5374.
> Additionally I am using the same processor as he is. There is an unkown
> core statement in my dmesg but both cores seem to be working correctly.
> Here is my dmesg:
>
> OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
> cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz ("GenuineIntel" 686-class)
> 2.13 GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
> LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16
> real mem  = 2145869824 (2095576K)
> avail mem = 1949290496 (1903604K)
> using 4256 buffers containing 107397120 bytes (104880K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(e6) BIOS, date 10/30/06, BIOS32 rev. 0 @
> 0xfd470, SMB IOS rev. 2.51 @ 0x7feea000 (33 entries)
> bios0: Supermicro PDSMi
> pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90
> pcibios0: PCI BIOS has 20 Interrupt Routing table entries
> pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00)
> pcibios0: PCI bus #15 is the last bus
> bios0: ROM list: 0xc/0xb000 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x1000
> ipmi at mainbus0 not configured
> mainbus0: Intel MP Specification (Version 1.4) (INTELMUKILTEO)
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: unknown Core FSB_FREQ value 0 (0x4208)
> cpu0: apic clock running at 266 MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz ("GenuineIntel" 686-class)
> 2.13 GHz
> cpu1:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
> LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16
> mainbus0: bus 0 is type PCI
> mainbus0: bus 9 is type PCI
> mainbus0: bus 10 is type PCI
> mainbus0: bus 13 is type PCI
> mainbus0: bus 14 is type PCI
> mainbus0: bus 15 is type PCI
> mainbus0: bus 16 is type ISA
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
> ioapic1 at mainbus0: apid 3 pa 0xfec1, version 20, 24 pins
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel E7230 MCH" rev 0xc0
> ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0xc0
> pci1 at ppb0 bus 1
> ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01
> pci2 at ppb1 bus 9
> ppb2 at pci2 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
> pci3 at ppb2 bus 10
> em0 at pci3 dev 1 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: apic
> 3 int 0  (ir

GENERIC config failed in current

[Jon Steel]

Hi

When I installed the current version of the source, my computer froze
when starting up after the message "mtrr: Pentium Pro MTRR support".
When I used the GENERIC config file that came with 4.0, everything
worked fine. Just wanted to let the developers know in case there is an
issue. My dmesg is included below.

Thanks

Jonathan Steel


OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
 cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz ("GenuineIntel" 686-class)
 2.13 GHz
 cpu0:
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
 LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16
 real mem  = 2145869824 (2095576K)
 avail mem = 1949290496 (1903604K)
 using 4256 buffers containing 107397120 bytes (104880K) of memory
 mainbus0 (root)
 bios0 at mainbus0: AT/286+(e6) BIOS, date 10/30/06, BIOS32 rev. 0 @
 0xfd470, SMB IOS rev. 2.51 @ 0x7feea000 (33 entries)
 bios0: Supermicro PDSMi
 pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90
 pcibios0: PCI BIOS has 20 Interrupt Routing table entries
 pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00)
 pcibios0: PCI bus #15 is the last bus
 bios0: ROM list: 0xc/0xb000 0xcb000/0x1000 0xcc000/0x1000
0xcd000/0x1000
 ipmi at mainbus0 not configured
 mainbus0: Intel MP Specification (Version 1.4) (INTELMUKILTEO)
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: unknown Core FSB_FREQ value 0 (0x4208)
 cpu0: apic clock running at 266 MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz ("GenuineIntel" 686-class)
 2.13 GHz
 cpu1:
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
 LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16
 mainbus0: bus 0 is type PCI
 mainbus0: bus 9 is type PCI
 mainbus0: bus 10 is type PCI
 mainbus0: bus 13 is type PCI
 mainbus0: bus 14 is type PCI
 mainbus0: bus 15 is type PCI
 mainbus0: bus 16 is type ISA
 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
 ioapic1 at mainbus0: apid 3 pa 0xfec1, version 20, 24 pins
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 pchb0 at pci0 dev 0 function 0 "Intel E7230 MCH" rev 0xc0
 ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0xc0
 pci1 at ppb0 bus 1
 ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01
 pci2 at ppb1 bus 9
 ppb2 at pci2 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
 pci3 at ppb2 bus 10
 em0 at pci3 dev 1 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: apic
 3 int 0  (irq 11), address 00:0e:0c:b6:80:9e
 "Intel IOxAPIC" rev 0x09 at pci2 dev 0 function 1 not configured
 ppb3 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01
 pci4 at ppb3 bus 13
 em1 at pci4 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: apic
 2 int 16  (irq 11), address 00:30:48:8a:ca:f8
 ppb4 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01
 pci5 at ppb4 bus 14
 em2 at pci5 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic
 2 int 17  (irq 11), address 00:30:48:8a:ca:f9
 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 2 int
 23 (irq  10)
 usb0 at uhci0: USB revision 1.0
 uhub0 at usb0
 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
 uhub0: 2 ports with 2 removable, self powered
 uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 2 int
 19 (irq  11)
 usb1 at uhci1: USB revision 1.0
 uhub1 at usb1
 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
 uhub1: 2 ports with 2 removable, self powered
 uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 2 int
 18 (irq  5)
 usb2 at uhci2: USB revision 1.0
 uhub2 at usb2
 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
 uhub2: 2 ports with 2 removable, self powered
 uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 2 int
 16 (irq  11)
 usb3 at uhci3: USB revision 1.0
 uhub3 at usb3
 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
 uhub3: 2 ports with 2 removable, self powered
 ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 2 int
 23 (irq  10)
 usb4 at ehci0: USB revision 2.0
 uhub4 at usb4
 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
 uhub4: 8 ports with 8 removable, self powered
 ppb5 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xe1
 pci6 at ppb5 bus 15
 vga1 at pci6 dev 0 function 0 "ATI ES1000" rev 0x02
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM
disabled
 pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA,
 channel 0 c onfigured to compatibility, channel 1 configured to
 compatibility
 atapiscsi0 at pciide0 channel 0 drive 0
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom
 removable
 cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
 pciide0: channel 1 disabled (no drives)
 

Re: Not getting much bandwidth through the firewall

[Stefan Kell]

Hi,

 Original-Nachricht 
Datum: Wed, 28 Mar 2007 20:30:39 -0700 (PDT)
Von: Watson Crick <[EMAIL PROTECTED]>
An: misc@openbsd.org
Betreff: Not getting much bandwidth through the firewall

> Hi,
> 
> I've got OpenBSD 4.0 (release) on a laptop setup up as a router between 2
> subnets, and providing internet access through a 3rd nic to a DSL modem.
> The problem is the bandwidth between the two subnets.  I'm only getting a
> maximum of about 500 KB/s between two 100mbit cards.
> Top shows ~70% interrupt (~29% idle) while these transfers are going on.
> I don't know what the bottleneck is in the system.  Are the Linksys PCMCIA
> nics crappy? Did I screw something else up?
> 
> As a test I turned off pf and did ftp transfers from the OpenBSD machine
> to/from each subnet, and the bandwidth was still limited to ~500 KB/s, so I
> don't think it's anything in my pf setup.
> 
> Thanks  
> 

There is a big difference in performance between 16bit and 32bit PCMCIA-Cards. 
From my experience you won't get anything higher as 1000KByte/sec from a 16bit 
card. I don't know the linksys cards but you should test your setup with two 
32bit cards. And this has probably nothing to do with operating systems.

Regards

Stefan Kell

Re: Apple hardware support?

[Mike Erdely]

Otto Moerbeek wrote:

On Thu, 29 Mar 2007, Tasmanian Devil wrote:

The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to
enable ACPI with "config -ef bsd.mp" (or on the boot prompt).

This is not true. At least it has been reported that the MacBook Pro
with Core Due 2 processor does not run.


Tas is right.  I have my MacBook Pro Core 2 Duo dual booting with OS X 
and OpenBSD (snap around 3/10).  I _think_ my installation process was 
this (since I didn't do make release with -current):

 1. Install 4.0 from the CD.
 2. Copy an ACPI-enabled bsd.rd to a CDROM, boot to OpenBSD and copy to 
the hard drive.

 3. Reboot and boot to bsd.rd and install the snapshot using FTP.

Note: Wifi did not work.  Video used VESA driver.  I didn't test much 
else.  Next time I get a chance, I'll send a dmesg to [EMAIL PROTECTED]



BTW, you can install OpenBSD on a BootCamp partition. After creating
the Bootcamp partition using the wizard, boot using the OpenBSD CD,
and in the fdisk step in the installer, set the partition type to A6,
make it active and update the MBR. 


I did this.

-ME

Re: SMP causing uvm_fault

[Jon Steel]

I forgot to add:

In the log of pmap.c I found

revision 1.97
date: 2007/02/20 21:15:01;  author: tom;  state: Exp;  lines: +204 -500
Revert PAE pmap for now, until the strange bug is found.  This stops
the freezes many of us are seeing (especially on amd64 machines running
OpenBSD/i386).

Much testing by nick@ (as always - thanks!), hugh@, ian@, kettenis@
and Sam Smith (s (at) msmith (dot) net).

Requested by, input from, and ok deraadt@  ok art@, kettenis@, miod@


What is "the strange bug"?

Thanks again


Jon Steel wrote:
> Hi
>
> Ive finally got the current version running and the problem below has
> disappeared. I was wondering however if the problem has actually been
> solved.
>
> The line of code that Im crashing on is line 3005 of pmap.c in version 4.0:
>
> 3005if (pve->pv_ptp && (PDE(pve->pv_pmap,
> 3006 pdei(pve->pv_va)) & PG_FRAME) !=
> 3007 VM_PAGE_TO_PHYS(pve->pv_ptp)) {
>
> Specifically its crashing on PDE(pve->pv_pmap, pdei(pve->pv_val) because
> of a page fault. This code has disappeared in -current, but does anybody
> who was working on this section of code now why I was having this
> problem or if its been fixed?
>
> Thank you
>
> Jonathan  Steel
>
>
> Jon Steel wrote:
>   
>> Hi
>>
>> Im having a very similar problem as the one reported in Bug Query 5374.
>> Im trying to solve the problem but Im finding it very hard to even get
>> started. Is there somewhere besides the code that I can start to try and
>> understand how SMP is being handled?
>>
>> http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=5374
>>
>> I can usually duplicate the crash by running the follwing script several
>> times concurrently.
>>
>> #!/usr/bin/perl
>>
>> system("tcpdump -i em1 -w /var/crashTest1.pcap&");
>> system("tcpdump -i em1 -w /var/crashTest2.pcap&");
>> system("tcpdump -i em1 -w /var/crashTest3.pcap&");
>> system("tcpdump -i em1 -w /var/crashTest4.pcap&");
>> system("tcpdump -i em1 -w /var/crashTest5.pcap&");
>> system("tcpdump -i em1 -w /var/crashTest6.pcap&");
>> system("tcpdump -i em1 -w /var/crashTest7.pcap&");
>>
>> while (1) {
>> system("nmap 192.168.66.90&");
>> }
>>
>> Then after about an hour, when you try and reboot, I get an error:
>>
>> uvm_fault(0x..., 0x..., 0, 1) -> e
>> kernel: page fault trap, code = 0
>> stopped at pmap_page_remove_86+0x114:
>> 0(%eax, %edx, 4), %eax
>>
>> The trace output is:
>>
>> pmap_page_remove_86(d0d31420,c0,e9b57e2c,d04adeb9,e99f) at 
>> pmap_page_remove_86+0x114
>> uvm_vnp_terminate(d8034e04,0,0,0,0,14,0,d7e95004) at uvm_vnpterminate+0x31f
>> uvm_attach(d8034e04,0,2,0,d7f38378) at uvn_attach+0x2b5
>> uvm_unmap_detach(d7e959a4,0,d7f3841c,1) at uvm_unmap_detach+-x62
>> uvmspace_free(d7f38378,6,d08120e0) at uvmspace_free+0xfd
>> uvm_exit(d7fbb868,14,8,286) at uvm_exit+0x19
>> reaper(d80df430) at reaper+0x90
>> Bad frame pointer: 0xd0913eb8
>>
>>
>> A couple times the error has also occured on its own without saying
>> 'reboot' when running a ton of nmaps and tcpdumps at the same time.
>>
>> This trace is remarkably similar to the one in Bug Query 5374.
>> Additionally I am using the same processor as he is. There is an unkown
>> core statement in my dmesg but both cores seem to be working correctly.
>> Here is my dmesg:
>>
>> OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006
>> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
>> cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz ("GenuineIntel" 686-class)
>> 2.13 GHz
>> cpu0:
>> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
>> LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16
>> real mem  = 2145869824 (2095576K)
>> avail mem = 1949290496 (1903604K)
>> using 4256 buffers containing 107397120 bytes (104880K) of memory
>> mainbus0 (root)
>> bios0 at mainbus0: AT/286+(e6) BIOS, date 10/30/06, BIOS32 rev. 0 @
>> 0xfd470, SMB IOS rev. 2.51 @ 0x7feea000 (33 entries)
>> bios0: Supermicro PDSMi
>> pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90
>> pcibios0: PCI BIOS has 20 Interrupt Routing table entries
>> pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00)
>> pcibios0: PCI bus #15 is the last bus
>> bios0: ROM list: 0xc/0xb000 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x1000
>> ipmi at mainbus0 not configured
>> mainbus0: Intel MP Specification (Version 1.4) (INTELMUKILTEO)
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: unknown Core FSB_FREQ value 0 (0x4208)
>> cpu0: apic clock running at 266 MHz
>> cpu1 at mainbus0: apid 1 (application processor)
>> cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz ("GenuineIntel" 686-class)
>> 2.13 GHz
>> cpu1:
>> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
>> LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16
>> mainbus0: bus 0 is type PCI
>> mainbus0: bus 9 is type PCI
>> mainbus0: bus 10 is type PCI
>> mainbus0: bus 13 is type PCI
>> mainbus0:

[OT] Re: Long WEP key

[Damon McMahon]

From: "Nick !" <[EMAIL PROTECTED]>
Date: 29 March 2007 2:16:31 PM
To: OpenBSD-Misc 
Subject: Re: Long WEP key


On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:


Maxime DERCHE wrote:
> IMHO you should think to configure your AP to provide a WAP-based
> encryption...

WAP-based encryption? Do you mean WPA?



And to answer the original question: because OpenBSD doesn't support
WPA, and Theo has claimed somewhere that I can never find the link to
that WPA gives a false sense of security anyway.

-Nick



From most of my reading a few months ago WPA-PSK is considered  
reasonably secure provided the pre-shared key is long enough... for  
some reason I can't find my references, but from memory depending on  
the source a minimum of around 34 to 39 random ASCII characters (50+  
alphanumeric characters) is quoted.


Obviously that's a very long passphrase in anyone's language and  
that's the problem. Most people (understandably) choose a passphrase  
at most one-third that length and in this situation WPA-PSK may be  
considered even less secure than the (deservedly) derided WEP.

Re: Long WEP key

[Henning Brauer]

* Siegbert Marschall <[EMAIL PROTECTED]> [2007-03-29 22:13]:
> If somebody does something bad with my unencrypted access-point
> using my internet-access, here in germany I am liable.

no, you're not. it's not that easy. (and I just leave mine wide open)

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: Video choppy with mplayer and vlc under xenocara?

[Travers Buda]

* viq <[EMAIL PROTECTED]> [2007-03-29 23:10:41]:

> Did anyone experience this? My box was able to play videos fine even
> when compiling under old XF4, and now after switching to xenocara both
> mplayer and vlc don't play videos smoothly...
> dmesg.boot attached, any other info I should provide?

I have a multi-head setup (mga,) and the xvideo extension is now only present 
on screen 0 with the new xenocara. You can check with "xvinfo." I have not 
looked into this.

-- 
Travers Buda

Re: Apple hardware support?

[David Given]

Mike Erdely wrote:
[...]
> Tas is right.  I have my MacBook Pro Core 2 Duo dual booting with OS X
> and OpenBSD (snap around 3/10).  I _think_ my installation process was
> this (since I didn't do make release with -current):
>  1. Install 4.0 from the CD.
>  2. Copy an ACPI-enabled bsd.rd to a CDROM, boot to OpenBSD and copy to
> the hard drive.
>  3. Reboot and boot to bsd.rd and install the snapshot using FTP.
>
> Note: Wifi did not work.  Video used VESA driver.  I didn't test much
> else.  Next time I get a chance, I'll send a dmesg to [EMAIL PROTECTED]

Good to know --- that means there's probably enough there to work, although
there's no guarantee that the Apple TV uses sane hardware with OpenBSD
drivers.

It's also worth pointing out that the Apple EFI implementation is... uh...
basic, and doesn't have things in it like the EFI shell, and until recently
didn't even have the legacy BIOS emulation. Which means there's no guarantee
that the Apple TV has it. Which means I may need a mechanism for booting the
OpenBSD kernel directly from EFI --- I don't suppose anyone has been thinking
about this? Or GPT partition table support?

If I'm really lucky the Apple TV EFI implementation will have a legacy BIOS
that will happily boot an MBR disk if it sees one. Do I really think that'll
happen? Hell no.

I suppose the only thing to do would be to get one and try it.

There only mention of Apple on the website is in relation to the macppc port,
BTW.

--
bbb o=o=o< o=o=o=o=o=
o=o=o<o=o=o=
 bbb
http://www.cowlark.com
bbbbbbbbbbbbbbbbbbb
b "Parents let children ride bicycles on the street. But parents do not
b allow children to hear vulgar words. Therefore we can deduce that cursing
b is more dangerous than being hit by a car." --- Scott Adams

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

dmesg for 29 10/100 Ethernet Ports in one PC

[Sam Fourman Jr.]

hello misc@

I bought a collection of old quad port NICS from Ebay and put them in
a old gateway server, just to see what would happen.

Everything worked great the only trouble I had was *if* the plug and
play os option in bios was set to yes. the GENERIC kernel will panic
on boot up, however with the plug and play os option in bios set to NO
I get the following dmesg.

anyone have any ideas on how to use pf to basically emulate a 10/100
switch (with built in firewall support :) )

any ideas are welcome.

Sam Fourman Jr.

below is a dmesg

OpenBSD 4.1-current (GENERIC) #1445: Thu Mar 22 11:06:59 MDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 400 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem  = 402223104 (392796K)
avail mem = 358932480 (350520K)
using 4278 buffers containing 20234240 bytes (19760K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 03/01/99, BIOS32 rev. 0 @
0xfd840, SMBIOS rev. 2.2 @ 0xf2590 (29 entries)
bios0: Gateway ALR 7200
pcibios0 at bios0: rev 2.1 @ 0xfd840/0x7c0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdef0/240 (13 entries)
pcibios0: PCI Interrupt Router at 000:02:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #9 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x5000 0xcd000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
pcib0 at pci0 dev 2 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 2 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 2 function 2 "Intel 82371AB USB" rev 0x01: irq 11
piixpm0 at pci0 dev 2 function 3 "Intel 82371AB Power" rev 0x02: SMI
iic0 at piixpm0
fxp0 at pci0 dev 3 function 0 "Intel 8255x" rev 0x05, i82558: irq 9,
address 00:c0:0d:00:85:f4
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
vga1 at pci0 dev 4 function 0 "Cirrus Logic CL-GD5430" rev 0x22
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 5 function 0 "DEC 21150 PCI-PCI" rev 0x04
pci2 at ppb1 bus 2
ahc0 at pci2 dev 1 function 0 "Adaptec AIC-7890/1 U2" rev 0x00: irq 9
scsibus0 at ahc0: 16 targets
sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct fixed
sd0: 4134MB, 8205 cyl, 6 head, 171 sec, 512 bytes/sec, 8467200 sec total
ppb2 at pci2 dev 4 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci3 at ppb2 bus 3
dc0 at pci3 dev 4 function 0 "DEC 21142/3" rev 0x30: irq 9, address
00:c0:95:e1:03:28
dcphy0 at dc0 phy 31: internal PHY
dc1 at pci3 dev 5 function 0 "DEC 21142/3" rev 0x30: irq 9, address
00:c0:95:e1:03:29
dcphy1 at dc1 phy 31: internal PHY
dc2 at pci3 dev 6 function 0 "DEC 21142/3" rev 0x30: irq 10, address
00:c0:95:e1:03:2a
dcphy2 at dc2 phy 31: internal PHY
dc3 at pci3 dev 7 function 0 "DEC 21142/3" rev 0x30: irq 11, address
00:c0:95:e1:03:2b
dcphy3 at dc3 phy 31: internal PHY
ppb3 at pci2 dev 5 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci4 at ppb3 bus 4
dc4 at pci4 dev 4 function 0 "DEC 21142/3" rev 0x41: irq 9, address
00:c0:95:e2:4f:04
dcphy4 at dc4 phy 31: internal PHY
dc5 at pci4 dev 5 function 0 "DEC 21142/3" rev 0x41: irq 10, address
00:c0:95:e2:4f:05
dcphy5 at dc5 phy 31: internal PHY
dc6 at pci4 dev 6 function 0 "DEC 21142/3" rev 0x41: irq 11, address
00:c0:95:e2:4f:06
dcphy6 at dc6 phy 31: internal PHY
dc7 at pci4 dev 7 function 0 "DEC 21142/3" rev 0x41: irq 9, address
00:c0:95:e2:4f:07
dcphy7 at dc7 phy 31: internal PHY
ppb4 at pci2 dev 6 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci5 at ppb4 bus 5
dc8 at pci5 dev 4 function 0 "DEC 21142/3" rev 0x30: irq 10, address
00:c0:95:e0:bb:40
dcphy8 at dc8 phy 31: internal PHY
dc9 at pci5 dev 5 function 0 "DEC 21142/3" rev 0x30: irq 11, address
00:c0:95:e0:bb:41
dcphy9 at dc9 phy 31: internal PHY
dc10 at pci5 dev 6 function 0 "DEC 21142/3" rev 0x30: irq 9, address
00:c0:95:e0:bb:42
dcphy10 at dc10 phy 31: internal PHY
dc11 at pci5 dev 7 function 0 "DEC 21142/3" rev 0x30: irq 9, address
00:c0:95:e0:bb:43
dcphy11 at dc11 phy 31: internal PHY
ppb5 at pci2 dev 7 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci6 at ppb5 bus 6
de0 at pci6 dev 4 function 0 "DEC 21140" rev 0x22, Cogent EM440TX
21140A pass 2.2: irq 11, address 00:00:d1:1f:d0:11
de1 at pci6 dev 5 function 0 "DEC 21140" rev 0x22de2 at pci6 dev 6
function 0 "DEC 21140" rev 0x22de3 at pci6 dev 7 function 0 "DEC
21140" rev 0x22ahc1 at pci2 dev 9 function 0 "Adaptec AIC-7890/1 U2"
rev 0x00: irq 9
scsibus1 at ahc1: 16 targets
cd0 at scsibus1 targ 5 lun 0:  SCSI2
5/cdrom removable
ppb6 at pci0 dev 18 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci7 at ppb6 bus 7
de4 at pci7 dev 4 function 0 "DEC 21140" rev 0x22, Cogent EM44

Re: Long WEP key

[Adam Hawes]

> Right. As long as we understand that it sucks, it's OK to use? I know
> when I think about securing my data I'm interested in keeping only the
> average joes out.

I don't know about you, but I use wireless security as an extra layer.
It might suck, but it keeps the next door neighbour's laptop from
authenticating on my network without his (or my) permission. I just
tunnel a VPN over the top and route that through to the wired side.

Safe, secure, and it keeps average joe schmuck from always logging
onto my network then coming and complaining that i am "hacking his
laptop" when he sees it log onto my network.

WEP/WPA have their uses, just not in security.  If you understand that
you dont' get any security you can add another layer! If you don't
understand it, then you're probably not qualified to be deploying a
wireless network anyway.

> Maybe it's OK to run telnetd so long as it's on port 10023 too?

Not funny: I've seen people advise moving the port number of all
sorts of services for "security" then recommending turning off
all of the inconvenient security options in the daemon now that it
is "securly on another port that nobody will ever think to look at,
and if they do they won't know what server is there anyway".
This was from a supposed IT security expert..

A

Re: dmesg for 29 10/100 Ethernet Ports in one PC

[Stuart Henderson]

On 2007/03/29 18:57, Sam Fourman Jr. wrote:
> anyone have any ideas on how to use pf to basically emulate a 10/100
> switch (with built in firewall support :) )

bridge(4), brconfig(8).

Re: dmesg for 29 10/100 Ethernet Ports in one PC

[Nick Holland]

Sam Fourman Jr. wrote:
> hello misc@
> 
> I bought a collection of old quad port NICS from Ebay and put them in
> a old gateway server, just to see what would happen.
> 
> Everything worked great the only trouble I had was *if* the plug and
> play os option in bios was set to yes. the GENERIC kernel will panic
> on boot up, however with the plug and play os option in bios set to NO
> I get the following dmesg.
> 
> anyone have any ideas on how to use pf to basically emulate a 10/100
> switch (with built in firewall support :) )
> 
> any ideas are welcome.
> 
> Sam Fourman Jr.

you have me beat there (I've done 20 dc(4) ports, 5xQuads a
few years ago).  Seven PCI slots? (assuming your fxp is on-board.
Took me a while to find #29. :)   Wow.

Bridge 'em all together, you got yourself an unmanaged switch.
Add filtering, you got yourself something that is pretty
sophisticated, but before you get too carried away, keep in mind
you probably will run out of PCI bus bandwidth long before you
saturate more than a few of those NICs...  Plus, those things
generate a fair amount of heat, make sure air is flowing through
there while you are playing with it, hate to have you smoke a bunch
of cards you had plans for while having fun...


I simplified your dmesg a bit, I was having trouble finding a bunch
of the NICs due to odd wrapping problems.

fxp0 at pci0 dev 3 function 0 "Intel 8255x" rev 0x05, i82558: irq 9,
dc0 at pci3 dev 4 function 0 "DEC 21142/3" rev 0x30: irq 9, address
dc1 at pci3 dev 5 function 0 "DEC 21142/3" rev 0x30: irq 9, address
dc2 at pci3 dev 6 function 0 "DEC 21142/3" rev 0x30: irq 10, address
dc3 at pci3 dev 7 function 0 "DEC 21142/3" rev 0x30: irq 11, address
dc4 at pci4 dev 4 function 0 "DEC 21142/3" rev 0x41: irq 9, address
dc5 at pci4 dev 5 function 0 "DEC 21142/3" rev 0x41: irq 10, address
dc6 at pci4 dev 6 function 0 "DEC 21142/3" rev 0x41: irq 11, address
dc7 at pci4 dev 7 function 0 "DEC 21142/3" rev 0x41: irq 9, address
dc8 at pci5 dev 4 function 0 "DEC 21142/3" rev 0x30: irq 10, address
dc9 at pci5 dev 5 function 0 "DEC 21142/3" rev 0x30: irq 11, address
dc10 at pci5 dev 6 function 0 "DEC 21142/3" rev 0x30: irq 9, address
dc11 at pci5 dev 7 function 0 "DEC 21142/3" rev 0x30: irq 9, address
de0 at pci6 dev 4 function 0 "DEC 21140" rev 0x22, Cogent EM440TX
de1 at pci6 dev 5 function 0 "DEC 21140" rev 0x22
de2 at pci6 dev 6 function 0 "DEC 21140" rev 0x22
de3 at pci6 dev 7 function 0 "DEC 21140" rev 0x22
de4 at pci7 dev 4 function 0 "DEC 21140" rev 0x22, Cogent EM440TX
de5 at pci7 dev 5 function 0 "DEC 21140" rev 0x22
de6 at pci7 dev 6 function 0 "DEC 21140" rev 0x22
de7 at pci7 dev 7 function 0 "DEC 21140" rev 0x22
de8 at pci8 dev 4 function 0 "DEC 21140" rev 0x22, Cogent EM440TX
de9 at pci8 dev 5 function 0 "DEC 21140" rev 0x22
de10 at pci8 dev 6 function 0 "DEC 21140" rev 0x22
de11 at pci8 dev 7 function 0 "DEC 21140" rev 0x22
de12 at pci9 dev 4 function 0 "DEC 21140" rev 0x22, Cogent EM440TX
de13 at pci9 dev 5 function 0 "DEC 21140" rev 0x22
de14 at pci9 dev 6 function 0 "DEC 21140" rev 0x22
de15 at pci9 dev 7 function 0 "DEC 21140" rev 0x22


NICk.

Re: [OT] Re: Long WEP key

[Sunnz]

Actually I always uses a sha1sum of a random file that I have and I
make sure I have that file on all my computers... should be random and
long enough?

2007/3/30, Damon McMahon <[EMAIL PROTECTED]>:

> From: "Nick !" <[EMAIL PROTECTED]>
> Date: 29 March 2007 2:16:31 PM
> To: OpenBSD-Misc 
> Subject: Re: Long WEP key
>
>
> On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
>
>> Maxime DERCHE wrote:
>> > IMHO you should think to configure your AP to provide a WAP-based
>> > encryption...
>>
>> WAP-based encryption? Do you mean WPA?
>>
>
> And to answer the original question: because OpenBSD doesn't support
> WPA, and Theo has claimed somewhere that I can never find the link to
> that WPA gives a false sense of security anyway.
>
> -Nick
>

 From most of my reading a few months ago WPA-PSK is considered
reasonably secure provided the pre-shared key is long enough... for
some reason I can't find my references, but from memory depending on
the source a minimum of around 34 to 39 random ASCII characters (50+
alphanumeric characters) is quoted.

Obviously that's a very long passphrase in anyone's language and
that's the problem. Most people (understandably) choose a passphrase
at most one-third that length and in this situation WPA-PSK may be
considered even less secure than the (deservedly) derided WEP.





--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Re: [OT] Re: Long WEP key

[Jeremy Huiskamp]

The obvious problem with that is that you're only choosing a limited  
character and we all know it now ;).  Also, what's your definition of  
"random file"?


Jeremy

On 29-Mar-07, at 9:58 PM, Sunnz wrote:

Actually I always uses a sha1sum of a random file that I have and I
make sure I have that file on all my computers... should be random and
long enough?

2007/3/30, Damon McMahon <[EMAIL PROTECTED]>:

> From: "Nick !" <[EMAIL PROTECTED]>
> Date: 29 March 2007 2:16:31 PM
> To: OpenBSD-Misc 
> Subject: Re: Long WEP key
>
>
> On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
>
>> Maxime DERCHE wrote:
>> > IMHO you should think to configure your AP to provide a WAP- 
based

>> > encryption...
>>
>> WAP-based encryption? Do you mean WPA?
>>
>
> And to answer the original question: because OpenBSD doesn't  
support
> WPA, and Theo has claimed somewhere that I can never find the  
link to

> that WPA gives a false sense of security anyway.
>
> -Nick
>

 From most of my reading a few months ago WPA-PSK is considered
reasonably secure provided the pre-shared key is long enough... for
some reason I can't find my references, but from memory depending on
the source a minimum of around 34 to 39 random ASCII characters (50+
alphanumeric characters) is quoted.

Obviously that's a very long passphrase in anyone's language and
that's the problem. Most people (understandably) choose a passphrase
at most one-third that length and in this situation WPA-PSK may be
considered even less secure than the (deservedly) derided WEP.





--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Re: Long WEP key

[Lars Hansson]

Jeremy Huiskamp wrote:

I'd like to hear an actual developer position on that statement.


Check the archives for Reyk's comments on WPA. It will be in OpenBSD one 
day because, secure or not, it is gaining traction and is/will be 
required by  many AP's (especially "enterprise" AP's).


---
Lars Hansson

Re: [OT] Re: Long WEP key

[Jeremy Huiskamp]

Um, excuse my poor writing.  I meant ".. choosing from a limited  
character set ..."


On 29-Mar-07, at 10:35 PM, I wrote:
The obvious problem with that is that you're only choosing a  
limited character and we all know it now ;).  Also, what's your  
definition of "random file"?


Jeremy

On 29-Mar-07, at 9:58 PM, Sunnz wrote:

Actually I always uses a sha1sum of a random file that I have and I
make sure I have that file on all my computers... should be random  
and

long enough?

2007/3/30, Damon McMahon <[EMAIL PROTECTED]>:

> From: "Nick !" <[EMAIL PROTECTED]>
> Date: 29 March 2007 2:16:31 PM
> To: OpenBSD-Misc 
> Subject: Re: Long WEP key
>
>
> On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
>
>> Maxime DERCHE wrote:
>> > IMHO you should think to configure your AP to provide a WAP- 
based

>> > encryption...
>>
>> WAP-based encryption? Do you mean WPA?
>>
>
> And to answer the original question: because OpenBSD doesn't  
support
> WPA, and Theo has claimed somewhere that I can never find the  
link to

> that WPA gives a false sense of security anyway.
>
> -Nick
>

 From most of my reading a few months ago WPA-PSK is considered
reasonably secure provided the pre-shared key is long enough... for
some reason I can't find my references, but from memory depending on
the source a minimum of around 34 to 39 random ASCII characters (50+
alphanumeric characters) is quoted.

Obviously that's a very long passphrase in anyone's language and
that's the problem. Most people (understandably) choose a passphrase
at most one-third that length and in this situation WPA-PSK may be
considered even less secure than the (deservedly) derided WEP.





--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Re: dmesg for 29 10/100 Ethernet Ports in one PC

[J.C. Roberts]

On Thursday 29 March 2007 16:57, Sam Fourman Jr. wrote:
> Everything worked great the only trouble I had was *if* the plug and
> play os option in bios was set to yes. the GENERIC kernel will panic
> on boot up, however with the plug and play os option in bios set to
> NO I get the following dmesg.

Sam,

You didn't specifically mention model numbers, so I'm unable to check if 
this is even applicable; you might want to try making sure each of the 
cards is running current firmware. Depending on the mfg age (and/or 
firmware revision), this *might* make a difference to plug-n-play. Same 
is true for your system bios firmware.

It's a long shot but worth a try.

Also clearing the system cache of ACPI data in the bios, then adding the 
cards one at a time might help to get past the pnp conflict (i.e. 
conflict is stored).

The largest test I've done was years ago with 20+ ports with various 
brands of NIC's. It works but you need to realize the limitations of 
your PCI buses. If you try to do max bandwidth across all ports, you 
can expect poor performance since you will be saturating the PCI buses.

-jcr

Re: Not getting much bandwidth through the firewall

[Siju George]

On 3/30/07, Ted Unangst <[EMAIL PROTECTED]> wrote:

On 3/29/07, Siju George <[EMAIL PROTECTED]> wrote:
> On 3/29/07, Kyle George <[EMAIL PROTECTED]> wrote:
> > On Wed, 28 Mar 2007, Watson Crick wrote:
> >
> > > I've got OpenBSD 4.0 (release) on a laptop setup up as a router between
> > > 2 subnets, and providing internet access through a 3rd nic to a DSL
> > > modem. The problem is the bandwidth between the two subnets.  I'm only
> > > getting a maximum of about 500 KB/s between two 100mbit cards. Top

> If you have an ISP that gives you IP aadrees ( using PPPOE ) it there
> a way to measure or detect the valuse on the ISP's side?

why the hell does the isp matter routing when between two local subnets?



:-) I was asking another thing

I have an Internet Connection 1Mbps.
If I connect a Windows XP tp it I get about 800Kbps Speed but on
OpenBSD it never Goes beyond 380Kbps.

I have another ISP with 1 Mbps Speed Connection.
Both Windows XP and OpenBSD shows aroungd 800 Kbps Speed when
Connected Directly to it.

So was just wondering what the cause is :-)
Just wondering if

Increasing net.inet.tcp.{send,recv}space.

would solve the problem.

Thanks tedu for your response :-)

Kind Regards

Siju

Re: dmesg for 29 10/100 Ethernet Ports in one PC

[Reyk Floeter]

On Thu, Mar 29, 2007 at 06:57:17PM -0500, Sam Fourman Jr. wrote:
> hello misc@
> 
> I bought a collection of old quad port NICS from Ebay and put them in
> a old gateway server, just to see what would happen.
> 
> Everything worked great the only trouble I had was *if* the plug and
> play os option in bios was set to yes. the GENERIC kernel will panic
> on boot up, however with the plug and play os option in bios set to NO
> I get the following dmesg.
> 

fun!

> anyone have any ideas on how to use pf to basically emulate a 10/100
> switch (with built in firewall support :) )
> 

your "backplane" will be a bit slow...

> any ideas are welcome.
> 
> Sam Fourman Jr.
> 

feedback about tests with the new RSTP bridge code is welcome...
(simply start a bridge, add all ports, enable stp on all ports [rstp
is the new default], and plug in some random ethernet devices, dhcp
servers and whatever).

reyk

> below is a dmesg
> 
> OpenBSD 4.1-current (GENERIC) #1445: Thu Mar 22 11:06:59 MDT 2007
>[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 400 MHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
> real mem  = 402223104 (392796K)
> avail mem = 358932480 (350520K)
> using 4278 buffers containing 20234240 bytes (19760K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+ BIOS, date 03/01/99, BIOS32 rev. 0 @
> 0xfd840, SMBIOS rev. 2.2 @ 0xf2590 (29 entries)
> bios0: Gateway ALR 7200
> pcibios0 at bios0: rev 2.1 @ 0xfd840/0x7c0
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdef0/240 (13 entries)
> pcibios0: PCI Interrupt Router at 000:02:0 ("Intel 82371FB ISA" rev 0x00)
> pcibios0: PCI bus #9 is the last bus
> bios0: ROM list: 0xc/0x8000 0xc8000/0x5000 0xcd000/0x800
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
> ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
> pci1 at ppb0 bus 1
> pcib0 at pci0 dev 2 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
> pciide0 at pci0 dev 2 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
> channel 0 wired to compatibility, channel 1 wired to compatibility
> pciide0: channel 0 disabled (no drives)
> pciide0: channel 1 disabled (no drives)
> uhci0 at pci0 dev 2 function 2 "Intel 82371AB USB" rev 0x01: irq 11
> piixpm0 at pci0 dev 2 function 3 "Intel 82371AB Power" rev 0x02: SMI
> iic0 at piixpm0
> fxp0 at pci0 dev 3 function 0 "Intel 8255x" rev 0x05, i82558: irq 9,
> address 00:c0:0d:00:85:f4
> inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
> vga1 at pci0 dev 4 function 0 "Cirrus Logic CL-GD5430" rev 0x22
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> ppb1 at pci0 dev 5 function 0 "DEC 21150 PCI-PCI" rev 0x04
> pci2 at ppb1 bus 2
> ahc0 at pci2 dev 1 function 0 "Adaptec AIC-7890/1 U2" rev 0x00: irq 9
> scsibus0 at ahc0: 16 targets
> sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct fixed
> sd0: 4134MB, 8205 cyl, 6 head, 171 sec, 512 bytes/sec, 8467200 sec total
> ppb2 at pci2 dev 4 function 0 "DEC 21152 PCI-PCI" rev 0x03
> pci3 at ppb2 bus 3
> dc0 at pci3 dev 4 function 0 "DEC 21142/3" rev 0x30: irq 9, address
> 00:c0:95:e1:03:28
> dcphy0 at dc0 phy 31: internal PHY
> dc1 at pci3 dev 5 function 0 "DEC 21142/3" rev 0x30: irq 9, address
> 00:c0:95:e1:03:29
> dcphy1 at dc1 phy 31: internal PHY
> dc2 at pci3 dev 6 function 0 "DEC 21142/3" rev 0x30: irq 10, address
> 00:c0:95:e1:03:2a
> dcphy2 at dc2 phy 31: internal PHY
> dc3 at pci3 dev 7 function 0 "DEC 21142/3" rev 0x30: irq 11, address
> 00:c0:95:e1:03:2b
> dcphy3 at dc3 phy 31: internal PHY
> ppb3 at pci2 dev 5 function 0 "DEC 21152 PCI-PCI" rev 0x03
> pci4 at ppb3 bus 4
> dc4 at pci4 dev 4 function 0 "DEC 21142/3" rev 0x41: irq 9, address
> 00:c0:95:e2:4f:04
> dcphy4 at dc4 phy 31: internal PHY
> dc5 at pci4 dev 5 function 0 "DEC 21142/3" rev 0x41: irq 10, address
> 00:c0:95:e2:4f:05
> dcphy5 at dc5 phy 31: internal PHY
> dc6 at pci4 dev 6 function 0 "DEC 21142/3" rev 0x41: irq 11, address
> 00:c0:95:e2:4f:06
> dcphy6 at dc6 phy 31: internal PHY
> dc7 at pci4 dev 7 function 0 "DEC 21142/3" rev 0x41: irq 9, address
> 00:c0:95:e2:4f:07
> dcphy7 at dc7 phy 31: internal PHY
> ppb4 at pci2 dev 6 function 0 "DEC 21152 PCI-PCI" rev 0x03
> pci5 at ppb4 bus 5
> dc8 at pci5 dev 4 function 0 "DEC 21142/3" rev 0x30: irq 10, address
> 00:c0:95:e0:bb:40
> dcphy8 at dc8 phy 31: internal PHY
> dc9 at pci5 dev 5 function 0 "DEC 21142/3" rev 0x30: irq 11, address
> 00:c0:95:e0:bb:41
> dcphy9 at dc9 phy 31: internal PHY
> dc10 at pci5 dev 6 function 0 "DEC 21142/3" rev 0x30: irq 9, address
> 00:c0:95:e0:bb:42
> dcphy10 at dc10 phy 31: internal PHY
> dc11 at pci5 dev 7 function 0 "DEC 21142/3" rev 0x30: irq 9, address
> 00:c0:95:e0:bb:43
> dcphy11 at dc11 phy 31: internal PHY
> ppb5 at pci2 dev 7 function 0 "DEC 21152 PCI-PCI" rev 0x03
> pci6 at ppb5 bus 6
> de

Re: dmesg for 29 10/100 Ethernet Ports in one PC

[J.C. Roberts]

On Thursday 29 March 2007 21:06, J.C. Roberts wrote:
> On Thursday 29 March 2007 16:57, Sam Fourman Jr. wrote:
> > Everything worked great the only trouble I had was *if* the plug
> > and play os option in bios was set to yes. the GENERIC kernel will
> > panic on boot up, however with the plug and play os option in bios
> > set to NO I get the following dmesg.
>
> Sam,
>
> You didn't specifically mention model numbers, so I'm unable to check
> if this is even applicable; you might want to try making sure each of
> the cards is running current firmware. Depending on the mfg age
> (and/or firmware revision), this *might* make a difference to
> plug-n-play. Same is true for your system bios firmware.
>
> It's a long shot but worth a try.
>
> Also clearing the system cache of ACPI data in the bios, then adding
> the cards one at a time might help to get past the pnp conflict (i.e.
> conflict is stored).
>
> The largest test I've done was years ago with 20+ ports with various
> brands of NIC's. It works but you need to realize the limitations of
> your PCI buses. If you try to do max bandwidth across all ports, you
> can expect poor performance since you will be saturating the PCI
> buses.
>
> -jcr

crap! s/ACPI/ESCD

The problematic configuration data can be cached/stored in the Extended 
System Configuration Data (ECSD) not the ACPI. Sorry for the brain 
fade.

jcr

Re: encrypted svnd and disk throughput

[Tobias Weingartner]

In article <[EMAIL PROTECTED]>, Jacob Yocom-Piatt wrote:
>  MachineSize K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP  
>  databank.x 300M 18877  91 22440  71 11985  77 20317  75 30745  68 

--

You have a 150MB (roughly) machine?

>  processor and 1 GB of 400 MHz DDR2 RAM on i386 4.0-release.

Oh, nope.

>  if there is anything further that i can do to up the write and read 
>  speeds of these drives besides what i've mentioned above, please let me 
>  know.

Use a larger test case to test your hypothesis.

>  using 4256 buffers containing 53764096 bytes (52504K) of memory

So, out of your 300MB test, 52MB was likely cached in various ways.


That being said, svnd/vnd devices have not really been optimized for
speed.  They are there and work, but could likely stand to be changed
and developed significantly.

-- 
 [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax

Re: Long WEP key

[Simon Effenberg]

On Fri, Mar 30, 2007 at 01:03:32AM +0200, Henning Brauer wrote:
> * Siegbert Marschall <[EMAIL PROTECTED]> [2007-03-29 22:13]:
> > If somebody does something bad with my unencrypted access-point
> > using my internet-access, here in germany I am liable.
> 
> no, you're not. it's not that easy. (and I just leave mine wide open)

How do you know that?

http://www.ifross.de/ifross_html/art28.pdf (sorry all in german)

The last chapter.

I thought about it like Siegbert does. But I'm not sure all about.

-- 
GnuPG: 5755FB64

Per aspera ad astra.

Re: Long WEP key

[Eric Dillenseger]

On Fri, Mar 30, 2007 at 10:51:23AM +0800, Lars Hansson wrote:
> Jeremy Huiskamp wrote:
> >I'd like to hear an actual developer position on that statement.
> 
> Check the archives for Reyk's comments on WPA. It will be in OpenBSD one 
> day because, secure or not, it is gaining traction and is/will be 
> required by  many AP's (especially "enterprise" AP's).
> 
> ---
> Lars Hansson
> 

Why bother adding WPA when you can turn many wlan cards into AP-mode and
have an OpenBSD box serve wireless computers with IPsec capabilities.
You then have an AP with many more capabilities than any
linksys/netgear/whatever AP.

And btw, as I can't control radio waves, I consider it inherently
insecure. Therefore I don't leave sensitive data traveling in the air.

-- 
"Linux is for Windows(c) haters while BSD is for UNIX lovers".
http://teardrop.free.fr/

Re: Apple hardware support?

[Otto Moerbeek]

On Thu, 29 Mar 2007, Mike Erdely wrote:

> Otto Moerbeek wrote:
> > On Thu, 29 Mar 2007, Tasmanian Devil wrote:
> > > The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to
> > > enable ACPI with "config -ef bsd.mp" (or on the boot prompt).
> > This is not true. At least it has been reported that the MacBook Pro
> > with Core Due 2 processor does not run.
> 
> Tas is right.  I have my MacBook Pro Core 2 Duo dual booting with OS X and
> OpenBSD (snap around 3/10).  I _think_ my installation process was this (since
> I didn't do make release with -current):
>  1. Install 4.0 from the CD.
>  2. Copy an ACPI-enabled bsd.rd to a CDROM, boot to OpenBSD and copy to the
> hard drive.
>  3. Reboot and boot to bsd.rd and install the snapshot using FTP.

That's different than the report fom Jason Dixon. He was trying
current bsd.rd. Anyway, as you mention some problems remain. To me the
most annyoing is the UKC prompt not working, which means you can't
enable ACPI on a stock bsd.rd and you have to compile a bsd.rd with
ACPI enabled.

Other than that my MacBook (with Core Duo (no 2)) works quite ok,
apart from the sound and wireless, which do not work.  Even X works,
but you'll have to use the 915 resolution port to get native
resolution. 

-Otto

> 
> Note: Wifi did not work.  Video used VESA driver.  I didn't test much else.
> Next time I get a chance, I'll send a dmesg to [EMAIL PROTECTED]
> 
> > BTW, you can install OpenBSD on a BootCamp partition. After creating
> > the Bootcamp partition using the wizard, boot using the OpenBSD CD,
> > and in the fdisk step in the installer, set the partition type to A6,
> > make it active and update the MBR. 
> 
> I did this.
> 
> -ME

Re: encrypted svnd and disk throughput

[Tasmanian Devil]

have done a bit of testing with bonnie++ on encrypted svnd devices


Very interesting devices, I made first tests with them, too.


if anyone else has gotten similar performance results i'd like to see them.


Yes, I had similar results. I had a MySQL database running on an
encrypted SVND, and though I didn't measured it precisely, I had
roughly 15 seconds for a query with the database files on the
encrypted device and roughly 5 seconds for the same query with the
files directly on the harddisk.

But it all depends on what you want to do with it. If you have static
files, e.g. for a download page on a webserver, you can copy them to a
RAM disk (mfs) before starting the webserver (add a GB RAM if
necessary), and you won't care about the svnd speed anymore as it's
get read only once at startup.

In my case, which will most probably be a MySQL database, I'll
experiment also with a RAM disk soon: I'll create the RAM disk with
the database files from the encrypted disk and start MySQL with the
files in RAM (which should be quite fast as long as there's enough
RAM) and copy them back with a script after shutting down MySQL.
Additionally I'll run a second MySQL server as a slave, probably as a
first test even on the same machine, for database replication directly
to the encrypted disk. Performance is quite unimportant for the
replication server in my case and it doesn't affect the master at all,
it just reads the master's log files (from the RAM disk) and keeps a
database copy for the case of power failure.

I'm quite sure there are more workarounds depending of what you want
to do with your encrypted data, but if you want want to use
encryption, it will always be slower on the same hardware. That's the
price for encryption, at least that's how I see it.

Tas.

Re: [OT] Long WEP key

[Adam Hawes]

> > no, you're not. it's not that easy. (and I just leave mine
> wide open)

As far as I know, if you leave it open you're not liable because
you cannot prove who would have strolled by.  If you put any
sort of security at all to prevent outsiders it can be reasonably
assumed that you were the person who did whatever you did...

Now, I am not a lawyer but I have had interesting discussions with
legal types about it.  There is mixed views and there was no precedent
last we discussed it.

A

AVG 7.0 für Lotus Notes fand einen Virus im Anhang:

[F1EDVLOTUSSRV/GRAZ/PEWAG]

Von: misc@openbsd.org
An: [EMAIL PROTECTED]
Eingangsdatum: 29.03.2007 07:28:37
Betreff: [SPAM detected by Phion] Returned mail: Data format error
Virus Virus identifiziert: I-Worm/Mydoom.O erkannt im Anhang pewag.com.zip