Re: 'netstat: invalid address (30000) ???" on 4.1-current i386 binary snapshot

[Adriaan]

On 6/28/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote:


On Thu, 28 Jun 2007, Adriaan wrote:

> On a freshly installed binary snapshot "netstat -an -f inet6" shows
> "netstat: invalid address (3) ???"

thanks for the report, we can reproduce and are looking into this

-Otto


[snip]

I reinstalled a couple of  binary snapshot starting from May 30th. Of
the ones I still have, the last one without this error is

# dmesg | head -6
OpenBSD 4.1-current (GENERIC) #235: Sun Jun  3 17:29:47 MDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
real mem  = 133791744 (127MB)
avail mem = 121368576 (115MB)
# netstat -and-f inet6
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
tcp6   0  0  ::1.587*.*LISTEN
tcp6   0  0  ::1.25 *.*LISTEN
tcp6   0  0  *.22   *.*LISTEN
tcp6   0  0  *.37   *.*LISTEN
tcp6   0  0  *.13   *.*LISTEN
tcp6   0  0  *.113  *.*LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
udp6   0  0  ::1.512*.*
---

The first one showing this error is:

# dmesg | head -6
OpenBSD 4.1-current (GENERIC) #257: Fri Jun  8 14:18:54 MDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
real mem  = 133791744 (127MB)
avail mem = 121364480 (115MB)
# netstat -an -f inet6
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
tcp6   0  0  ::1.587*.*LISTEN
tcp6   0  0  ::1.25 *.*LISTEN
tcp6   0  0  *.22   *.*LISTEN
tcp6   0  0  *.37   *.*LISTEN
tcp6   0  0  *.13   *.*LISTEN
tcp6   0  0  *.113  *.*LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
udp6   0  0  ::1.512*.*
netstat: invalid address (3)
???

That limits the time frame to about  5 days.
IIn case you need more info, the serial console log of these installs
is at http://siralas.nl/serial.log-netstat3error.txt

=Adriaan==

Re: kerberos - incorrect net address

[Björn Sandell]

On Tue, 03 Jul 2007 03:39:51 +
"Douglas Maus" <[EMAIL PROTECTED]> wrote:

> Could someone help me understand IP addresses, DNS, and
> Kerberos on OpenBSD?
>
> I was getting "incorrect net address" when trying to kinit,
> and I found that switching 2 lines in /etc/hosts
> putting first
>  10.0.1.201 auth.my.realm auth
> before
>  ::1 auth.my.realm auth
> fixed this, but I don't understand this and I suspect this means
> I'm doing something else wrong.

When kinit asks for a ticket i encodes the hosts address in the
request. The KDC then compares the encoded address with the address in
the IP-header and if they don't match you'll get this error.

> I started the kdc: # /usr/libexec/kdc &
>
> but when I tried
>  # kinit admin
>   or
>  # kinit admin --no-address
> I got "incorrect net address"

Options goes before the pricipal, i.e.

# kinit --no-addresses admin

There are some configuration options that affects this as well; search
krb5.conf(5)

--
Bjvrn Sandell   Chalmers University of Technology
IT Services   www.chalmers.se/its  +46 (0)31 772 1000
No one ever says, 'I can't read that ASCII E-mail you sent me.'

Re: : acpi suspend?

[Raimo Niskanen]

If I may extend the question a bit...

How are the chances that "hibernate" (to swap) will be implemented
in the (relatively near) future>? 

I just bought a used ThinkPad T23, it comes with XP and the BIOS
does not look like a Phoenix BIOS, so it seems hibernation needs
OS support the XP way. Have not tried fully the tips about
ThinkPad T20..22 hibernation to DOS partition yet. It is in
the pipeline. Any tips are welcome anyway...



On Mon, Jul 02, 2007 at 06:21:39PM +0200, Artur Grabowski wrote:
> "Vim Visual" <[EMAIL PROTECTED]> writes:
> 
> > "How are the chances that "suspend" is implemented in ACPI for 
> > 4.2??"
> 
> 1%
> 
> I had a prototype almost working at one point, messed it up without
> saving the working version, then never had time or energy to go back
> to it and noone else has picked it up.
> 
> //art

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: 'netstat: invalid address (30000) ???" on 4.1-current i386 binary snapshot

[Adriaan]

On 7/3/07, Adriaan <[EMAIL PROTECTED]> wrote:

On 6/28/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote:
>
> On Thu, 28 Jun 2007, Adriaan wrote:
>
> > On a freshly installed binary snapshot "netstat -an -f inet6" shows
> > "netstat: invalid address (3) ???"
>
> thanks for the report, we can reproduce and are looking into this
>
> -Otto
>
[snip]

I reinstalled a couple of  binary snapshot starting from May 30th. Of
the ones I still have, the last one without this error is

# dmesg | head -6
OpenBSD 4.1-current (GENERIC) #235: Sun Jun  3 17:29:47 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
real mem  = 133791744 (127MB)
avail mem = 121368576 (115MB)
# netstat -and-f inet6
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
tcp6   0  0  ::1.587*.*LISTEN
tcp6   0  0  ::1.25 *.*LISTEN
tcp6   0  0  *.22   *.*LISTEN
tcp6   0  0  *.37   *.*LISTEN
tcp6   0  0  *.13   *.*LISTEN
tcp6   0  0  *.113  *.*LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
udp6   0  0  ::1.512*.*
---

The first one showing this error is:

 # dmesg | head -6
OpenBSD 4.1-current (GENERIC) #257: Fri Jun  8 14:18:54 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
real mem  = 133791744 (127MB)
avail mem = 121364480 (115MB)
# netstat -an -f inet6
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
tcp6   0  0  ::1.587*.*LISTEN
tcp6   0  0  ::1.25 *.*LISTEN
tcp6   0  0  *.22   *.*LISTEN
tcp6   0  0  *.37   *.*LISTEN
tcp6   0  0  *.13   *.*LISTEN
tcp6   0  0  *.113  *.*LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
udp6   0  0  ::1.512*.*
netstat: invalid address (3)
???

That limits the time frame to about  5 days.
IIn case you need more info, the serial console log of these installs
is at http://siralas.nl/serial.log-netstat3error.txt


The issue disappeared from the latest snapshot ;)

$ dmesg | head -6
OpenBSD 4.1-current (GENERIC) #315: Mon Jul  2 13:24:20 MDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
real mem  = 133791744 (127MB)
avail mem = 121819136 (116MB)
$ netstat -an -f inet6
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
tcp6   0  0  ::1.587*.*LISTEN
tcp6   0  0  ::1.25 *.*LISTEN
tcp6   0  0  *.515  *.*LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
udp6   0  0  ::1.512*.*
$

=Adriaan=

PML4 address

[Constantine Kousoulos]

I'm trying to determine PLM4's address on OpenBSD-4.1 Release on amd64. 
So, i'm looking into sys/arch/amd64/amd64/locore.S.


There is a point where PML4 is set (line 519):

/*
 * 3. Load %cr3 with pointer to PML4.
 */
movl%esi,%eax
movl%eax,%cr3

I do a backwards search to find the latest value that %esi was loaded 
and find this (line 389):


/* Clear tables */
movl%edi,%esi
addl$PGOFSET,%esi
andl$~PGOFSET,%esi

So, i need to find the value of %edi. Register %edi was last set here 
(line 381):


/* Save the symbols (if loaded). */
movlRELOC(esym),%eax
testl   %eax,%eax
jz  1f
subl$KERNBASE_LO,%eax   /* XXX */
movl%eax,%edi

esym is defined here (line 195):

_C_LABEL(esym): .quad   0   # ptr to end of syms

If 'esym' equals to zero, then %eax seems to get loaded with a negative 
address (movl	RELOC(esym),%eax) that equals to -8000. I am 
aware that OpenBSD-amd64 is build with the gcc flag "-mcmodel=kernel". 
Does this mean that the address -8000 is translated to 
8000? Or does 'esym' get a non-zero value from somewhere else?


Thanks,
Constantine

Re: Trunk(4), vlan problems

[Fredrik Carlsson]

> Hi,
>
> I'm trying to set up an OpenBSD router against two switches (failover
solution), the switches have a cable between them.
>
> em0 - connects to switch01 port 1 (switch01 addr: 10.10.1.18)
> em1 - connects to switch02 port 1 (switch02 addr: 10.10.1.19)
> switch 1 and 2 has a management vlan tagged on port 1
>
> Now if i create vlan1 and use em0 as vlandev i can ping both switch01
and switch02, but if i create a failover trunk with em0 and em1 and use
trunk0 as vlandev is don't work
>
> trunk0: flags=8802 mtu 1500
> lladdr 00:0e:0c:db:3f:48
> trunk: trunkproto failover
> trunkport em1
> trunkport em0 master
> groups: trunk
> media: Ethernet autoselect
> status: active
> vlan1: flags=8843 mtu 1500
> lladdr 00:0e:0c:db:3f:48
> description: VLAN 1, Management
> vlan: 1 priority: 0 parent interface: trunk0
> groups: vlan
> inet 10.10.1.17 netmask 0xfff0 broadcast 10.10.1.31
> inet6 fe80::20e:cff:fedb:3f48%vlan1 prefixlen 64 scopeid 0xe
>
> If i ping the openbsd machine from the switch and listen on the trunk0
interface i see this:
> 23:21:18.907451 802.1Q vid 1 pri 0 arp who-has 10.10.1.17 tell
10.10.1.18
>
> but if i listen to vlan1 that is connected to trunk0 i don't see any
traffic.
>
> What am I doing wrong?
>
> Best regards
> Fredrik Carlsson
>
>


I did some more testing,

If i drop the tagging in the interfaces on the switch against the openbsd
machine and use them as ordinary ports and assign an IP addr to trunk0
everything work fine. The switches has a vlan-trunk between them so that
works as well. I unplugged the interfaces in trunk0 to test the
connectivity between the switches and everything works.

The problem seems to be when i attach a vlan to trunk0, the traffic don't
go to trunk0. The vlan config works when I'm not using trunk(4), can this
be a bug in trunk(4)?

Any ideas?

Re: Trunk(4), vlan problems

[Stuart Henderson]

On 2007/07/03 11:48, Fredrik Carlsson wrote:
> > trunk0: flags=8802 mtu 1500
> > vlan1: flags=8843 mtu 1500

this is strange, where is the decode of the flags?

In-Reply-To: <[EMAIL PROTECTED]>
ahh... perhaps your mail client ate them.

anyway, 8802 means your trunk0 is not ifconfig'd "up".

Re: Trunk(4), vlan problems

[Fredrik Carlsson]

> On 2007/07/03 11:48, Fredrik Carlsson wrote:
>> > trunk0: flags=8802 mtu 1500
>> > vlan1: flags=8843 mtu 1500
>
> this is strange, where is the decode of the flags?
>
> In-Reply-To: <[EMAIL PROTECTED]>
> ahh... perhaps your mail client ate them.
>
> anyway, 8802 means your trunk0 is not ifconfig'd "up".
>
>

Thanks, "up" was missing, it is working now.

I replied from another computer so i copied the text into a webclient.

// Fredrik

Insertion of compact flash w/ pcmcia card == kernel panic w/ 4.1-STABLE or 4.1-CURRENT

[openbsd fan]

Reading the wd man page, I assumed that flash cards were supported in
Openbsd 4.1.  This particular combo of SanDisk's CompactFlash PC Card
Adapter model SDAD-38-A10 with two different SanDisk compactflash
cards generated kernel panic as soon as the compact flash cards were
inserted into a Thinkpad X60s with 4.1-CURRENT and a Thinkpad X32 with
4.1-STABLE.

I tested this same combo with a third laptop with OpenBSD 3.8 and I
was finally able to mount the compact flash.

Enclosed dmesg w/ trace and ps for the Thinkpad X60s with 4.1-CURRENT:

OpenBSD 4.1-current (GENERIC.MP.acpi) #0: Mon Jun 11 14:37:11 CEST 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP.acpi
cpu0: Intel(R) Core(TM) Duo CPU L2500 @ 1.83GHz ("GenuineIntel"
686-class) 1.83 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
real mem  = 2137419776 (2038MB)
avail mem = 2051452928 (1956MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/16/07, BIOS32 rev. 0 @
0xfd690, SMBIOS rev. 2.4 @ 0xe0010 (67 entries)
bios0: LENOVO 1702H7U
pcibios0 at bios0: rev 2.1 @ 0xfd620/0x9e0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #22 is the last bus
bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000
0xdc000/0x4000! 0xe/0x1!
acpi0 at mainbus0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT SSDT SSDT
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) Duo CPU L2500 @ 1.83GHz ("GenuineIntel"
686-class) 1.83 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: duplicate apic id, remapped to apid 2
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 0 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0: EC__
acpicpu0 at acpi0 C3, C2
acpicpu1 at acpi0 C3, C2
acpitz0 at acpi0, critical temperature: 127 degC
acpitz1 at acpi0, critical temperature: 97 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0: model: 93P5030 serial:  4492 type: LION oem: SONY
acpibat1 at acpi0: BAT1: not present
acpibat2 at acpi0: BAT2: not present
acpiac0 at acpi0: AC unit online
acpidock0 at acpi0: GDCK: not docked (0)
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b1c06000b1c
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1833 MHz (1148 mV): speeds: 1833, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03: aperture
at 0xee10, size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02:
apic 2 int 17 (irq 11)
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Analog Devices AD1981HD (rev. 2.0), HDA version 1.0
azalia0: RIRB time out
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02
pci1 at ppb0 bus 2
em0 at pci1 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00:
apic 2 int 16 (irq 11), address 00:16:d3:32:eb:43
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02
pci2 at ppb1 bus 3
wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02:
apic 2 int 17 (irq 11), MoW1, address 00:19:d2:28:0b:06
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02
pci3 at ppb2 bus 4
ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02
pci4 at ppb3 bus 12
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2
int 16 (irq 11)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 2
int 17 (irq 11)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 2
int 18 (irq 11)
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 2
int 19 (irq 11)
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 2
int 19 (irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci5 at ppb4 bus 21
cbb0 at pci5 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xb4: apic 2
int 16 (irq 11)
"Ricoh 5C552 Firewire" rev 0x09 at pci5 dev 0 function 1 not configured
sdhc0 at pci5 dev 0 function 2 "Ricoh

Re: Bad performance on ThinkPad T41 (-current checked out on July 1)

[Martin Toft]

On Tue, Jul 03, 2007 at 04:32:13PM +1000, Jonathan Gray wrote:
> Include the output of 'atactl wd0' perhaps you have something like
> caching turned off.  Also you can't hope for similiar results if you
> use different programs on both systems.

Disk I/O is the only test where I use different programs (hdparm and
dd), as I couldn't find a port/package of hdparm for OpenBSD.  Still, I
think the results are so different that they set of "alarm bells" --
8.5-8.7 MB/s vs. 45-46 MB/s.

Thanks for your interest my case.

Here is the output from "atactl wd0". It looks like I have caching
turned on (read look-ahead and write cache):

Model: WDC WD1200BEVE-11UYT0, Rev: 01.04A01, Serial #:  WD-WXE407324062
Device type: ATA, fixed
Cylinders: 16383, heads: 16, sec/track: 63, total sectors: 234441648
Device capabilities:
ATA standby timer values
IORDY operation
IORDY disabling
Device supports the following standards:
ATA-1 ATA-2 ATA-3 ATA-4 ATA-5 ATA-6 ATA-7 
Master password revision code 0xfffe
Device supports the following command sets:
NOP command
READ BUFFER command
WRITE BUFFER command
Host Protected Area feature set
Read look-ahead
Write cache
Power Management feature set
Security Mode feature set
SMART feature set
Flush Cache Ext command
Flush Cache command
Device Configuration Overlay feature set
48bit address feature set
Automatic Acoustic Management feature set
Set Max security extension commands
Advanced Power Management feature set
DOWNLOAD MICROCODE command
IDLE IMMEDIATE with UNLOAD FEATURE
SMART self-test
SMART error logging
Device has enabled the following command sets/features:
NOP command
READ BUFFER command
WRITE BUFFER command
Host Protected Area feature set
Read look-ahead
Write cache
Power Management feature set
SMART feature set
Flush Cache Ext command
Flush Cache command
Device Configuration Overlay feature set
48bit address feature set
Advanced Power Management feature set
DOWNLOAD MICROCODE command

Martin

Re: Bad performance on ThinkPad T41 (-current checked out on July 1)

[Jonathan Gray]

On Tue, Jul 03, 2007 at 01:49:09PM +0200, Martin Toft wrote:
> On Tue, Jul 03, 2007 at 04:32:13PM +1000, Jonathan Gray wrote:
> > Include the output of 'atactl wd0' perhaps you have something like
> > caching turned off.  Also you can't hope for similiar results if you
> > use different programs on both systems.
> 
> Disk I/O is the only test where I use different programs (hdparm and
> dd), as I couldn't find a port/package of hdparm for OpenBSD.  Still, I
> think the results are so different that they set of "alarm bells" --
> 8.5-8.7 MB/s vs. 45-46 MB/s.

Well at least use dd in both cases and use the same kinds of buffered
or unbuffered devices/files.

I imagine the results will be diferrent if you dd from a file to
/dev/null for example.

Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server

[Siju George]

Hi,

I am on a MS Windows XP system behind an OpenBSD 4.0 firewall.
All outbound TCP, UDP and ICMP traffic from the LAN is let out through PF.

I am able to connect to another Fortigate IPSEC VPN Server on the
Internet using Forticlient on the same XP system but no data
communication happens between them.

I tried connecting from a network that is not firewalled by OpenBSD
and the VPN connection to the same Fortigate Server is working fine
and I am able to access the internal machines.

Is there any other traffic I should allow other than TCP,UDP,ICMP on
the firewall to connect and pass traffic between the Fortigate VPN
server and the XP system using Forticlient?

Thankyou so much

Kind Regards

Siju

Re: Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server

[Vijay Sankar]

On Tuesday 03 July 2007 07:36, Siju George wrote:
> Hi,
>
> I am on a MS Windows XP system behind an OpenBSD 4.0 firewall.
> All outbound TCP, UDP and ICMP traffic from the LAN is let out
> through PF.
>
> I am able to connect to another Fortigate IPSEC VPN Server on the
> Internet using Forticlient on the same XP system but no data
> communication happens between them.
>
> I tried connecting from a network that is not firewalled by OpenBSD
> and the VPN connection to the same Fortigate Server is working fine
> and I am able to access the internal machines.
>
> Is there any other traffic I should allow other than TCP,UDP,ICMP on
> the firewall to connect and pass traffic between the Fortigate VPN
> server and the XP system using Forticlient?

Are you using NAT or is ip forwarding turned on, in the firewall? Also, 
is NAT Traversal turned on Fortigate?


>
> Thankyou so much
>
> Kind Regards
>
> Siju
>
>
> !DSPAM:1,468a440f148616107113666!

-- 
Vijay Sankar
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: +1 (204) 885-9535, E-Mail: [EMAIL PROTECTED]

Re: Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server

[Peter N. M. Hansteen]

"Siju George" <[EMAIL PROTECTED]> writes:

> I tried connecting from a network that is not firewalled by OpenBSD
> and the VPN connection to the same Fortigate Server is working fine
> and I am able to access the internal machines.

Sounds almost like you need to pass at least one of the protocols gre
and esp between the vpn hosts.  I know at least some of the Cisco VPN
products require both.

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

bgp router setup

[Erich]

hi,

anybody can tell howto create a good redundant bgp router setup? right
now i have 2 uplinks, both announcing a full table,
and one bgp router with its own AS.
Now, the questions is how a redundant setup would look like. would it
make sence to use carp devices? or is it better
to setup some kind of ibgp with an route reflector? how would such a
setup look like?

thx in advance,

erich

Re: 'netstat: invalid address (30000) ???" on 4.1-current i386 binary snapshot

[Otto Moerbeek]

On Tue, 3 Jul 2007, Adriaan wrote:

> On 7/3/07, Adriaan <[EMAIL PROTECTED]> wrote:
> > On 6/28/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote:
> > >
> > > On Thu, 28 Jun 2007, Adriaan wrote:
> > >
> > > > On a freshly installed binary snapshot "netstat -an -f inet6" shows
> > > > "netstat: invalid address (3) ???"
> > >
> > > thanks for the report, we can reproduce and are looking into this
> > >
> > > -Otto
> > >
> > [snip]
> > 
> > I reinstalled a couple of  binary snapshot starting from May 30th. Of
> > the ones I still have, the last one without this error is
> > 
> > # dmesg | head -6
> > OpenBSD 4.1-current (GENERIC) #235: Sun Jun  3 17:29:47 MDT 2007
> > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> > cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz
> > cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
> > real mem  = 133791744 (127MB)
> > avail mem = 121368576 (115MB)
> > # netstat -and-f inet6
> > Active Internet connections (including servers)
> > Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
> > tcp6   0  0  ::1.587*.*LISTEN
> > tcp6   0  0  ::1.25 *.*LISTEN
> > tcp6   0  0  *.22   *.*LISTEN
> > tcp6   0  0  *.37   *.*LISTEN
> > tcp6   0  0  *.13   *.*LISTEN
> > tcp6   0  0  *.113  *.*LISTEN
> > Active Internet connections (including servers)
> > Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
> > udp6   0  0  ::1.512*.*
> > ---
> > 
> > The first one showing this error is:
> > 
> >  # dmesg | head -6
> > OpenBSD 4.1-current (GENERIC) #257: Fri Jun  8 14:18:54 MDT 2007
> > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> > cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz
> > cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
> > real mem  = 133791744 (127MB)
> > avail mem = 121364480 (115MB)
> > # netstat -an -f inet6
> > Active Internet connections (including servers)
> > Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
> > tcp6   0  0  ::1.587*.*LISTEN
> > tcp6   0  0  ::1.25 *.*LISTEN
> > tcp6   0  0  *.22   *.*LISTEN
> > tcp6   0  0  *.37   *.*LISTEN
> > tcp6   0  0  *.13   *.*LISTEN
> > tcp6   0  0  *.113  *.*LISTEN
> > Active Internet connections (including servers)
> > Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
> > udp6   0  0  ::1.512*.*
> > netstat: invalid address (3)
> > ???
> > 
> > That limits the time frame to about  5 days.
> > IIn case you need more info, the serial console log of these installs
> > is at http://siralas.nl/serial.log-netstat3error.txt
> 
> The issue disappeared from the latest snapshot ;)

Yeah, thanks again for the report. I should have mentioned the errors was
fixed a few days ago, in response to your report.

-Otto
> 
> $ dmesg | head -6
> OpenBSD 4.1-current (GENERIC) #315: Mon Jul  2 13:24:20 MDT 2007
>[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz
> cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
> real mem  = 133791744 (127MB)
> avail mem = 121819136 (116MB)
> $ netstat -an -f inet6
> Active Internet connections (including servers)
> Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
> tcp6   0  0  ::1.587*.*LISTEN
> tcp6   0  0  ::1.25 *.*LISTEN
> tcp6   0  0  *.515  *.*LISTEN
> Active Internet connections (including servers)
> Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
> udp6   0  0  ::1.512*.*
> $
> 
> =Adriaan=

dhcp question

[mgb]

List,

I have a 4.1 GENERIC machine acting as DHCP server, serving out IP 
addresses to 7 diskless client machines.  Each client machine needs to 
be pushed a different configuration file in order to start a process 
once booted.  There is a chance that any number of clients may be 
replaced at any time.


My initial thinking was to define a range of 7 IP addresses in 
dhcpd.conf so when the client has got an IP it can then request a file 
named as the clients IP address from the server.  However if a client 
needs replacing the new client will dhcp for an address but dhcpd will 
complain (justifiably) that there are no spare addresses (the lease-time 
being 1 day).


So if I defined a large pool of IP addresses in dhcpd.conf that would 
avert the problem described above, however I'm struggling to think of a 
solution on how would clients would request the correct configuration 
file? and how could I handle new clients replacing broken ones with 
regard to dishing out the correct configuration file?


Apologies for such woolly posting, I'm just hoping for some inspired ideas.

Thanks for your time

Re: dhcp question

[Will Maier]

On Tue, Jul 03, 2007 at 02:45:00PM +0100, mgb wrote:
> So if I defined a large pool of IP addresses in dhcpd.conf that
> would avert the problem described above, however I'm struggling to
> think of a solution on how would clients would request the correct
> configuration file? and how could I handle new clients replacing
> broken ones with regard to dishing out the correct configuration
> file?

Use lladdrs, not IP addresses, to name or serve the files. This is
how most PXE setups work. See pxeboot(8) for some discussion.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

trunk, carp

[Fredrik Carlsson]

Hi again,

My setup looks like this:

[em0, em1]-trunk0 <- vlan2 <- carp2
[em2, em3]-trunk1 <- vlan104 <- carp104

If don't use carp at all everything works fine, but when i add carp to
trunk0 and trunk1 it takes a few seconds and the box hangs and a poweroff
reboot is needed.

If only one carp device exists the machine works but as soon as i add two
it hangs.

Even if I made some config error the machine should not hang.

trunk0: flags=8943 mtu 1500
lladdr 00:0e:0c:db:3f:48
trunk: trunkproto failover
trunkport em1 active
trunkport em0 master,active
groups: trunk
media: Ethernet autoselect
status: active
inet6 fe80::20e:cff:fedb:3f48%trunk0 prefixlen 64 scopeid 0xa
trunk1: flags=8943 mtu 1500
lladdr 00:0e:0c:db:3f:4a
trunk: trunkproto failover
trunkport em3 active
trunkport em2 master,active
groups: trunk
media: Ethernet autoselect
status: active
inet6 fe80::20e:cff:fedb:3f4a%trunk1 prefixlen 64 scopeid 0xb
vlan1: flags=8943 mtu 1500
lladdr 00:0e:0c:db:3f:48
vlan: 1 priority: 0 parent interface: trunk0
groups: vlan
inet6 fe80::20e:cff:fedb:3f48%vlan1 prefixlen 64 scopeid 0xc
vlan2: flags=8943 mtu 1500
lladdr 00:0e:0c:db:3f:4a
vlan: 2 priority: 0 parent interface: trunk1
groups: vlan
inet6 fe80::20e:cff:fedb:3f4a%vlan2 prefixlen 64 scopeid 0xe
carp1: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev vlan1 vhid 1 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x16
inet 10.10.1.17 netmask 0xfff0 broadcast 10.10.1.31
carp2: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev vlan2 vhid 1 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:101%carp2 prefixlen 64 scopeid 0x17
inet 10.10.1.33 netmask 0xfff0 broadcast 10.10.1.47

// Fredrik

Re: dhcp question

[Jacob Yocom-Piatt]

mgb wrote:

List,

I have a 4.1 GENERIC machine acting as DHCP server, serving out IP 
addresses to 7 diskless client machines.  Each client machine needs to 
be pushed a different configuration file in order to start a process 
once booted.  There is a chance that any number of clients may be 
replaced at any time.


My initial thinking was to define a range of 7 IP addresses in 
dhcpd.conf so when the client has got an IP it can then request a file 
named as the clients IP address from the server.  However if a client 
needs replacing the new client will dhcp for an address but dhcpd will 
complain (justifiably) that there are no spare addresses (the 
lease-time being 1 day).




since these clients are probably wired, why not lower the lease time to, 
say, 30 minutes? this would allow you to rotate machines pretty easily 
and have the new one pickup shortly after the old one is removed. 
depends on how quickly you're planning to rotate the dhcp clients. 30 
minutes of time between disconnecting one (maybe b/c it's broken?) and 
reconnecting another to take its place seems reasonable.


if this doesn't cut it fish around for a way to terminate dhcp leases as 
a function of whether the diskless services are active for a given 
client. maybe RADIUS could be helpful... don't have much experience here.


cheers,
jake

So if I defined a large pool of IP addresses in dhcpd.conf that would 
avert the problem described above, however I'm struggling to think of 
a solution on how would clients would request the correct 
configuration file? and how could I handle new clients replacing 
broken ones with regard to dishing out the correct configuration file?


Apologies for such woolly posting, I'm just hoping for some inspired 
ideas.


Thanks for your time

Re: trunk, carp

[Reyk Floeter]

On Tue, Jul 03, 2007 at 03:57:20PM +0200, Fredrik Carlsson wrote:
> Hi again,
> 
> My setup looks like this:
> 
> [em0, em1]-trunk0 <- vlan2 <- carp2
> [em2, em3]-trunk1 <- vlan104 <- carp104
> 
> If don't use carp at all everything works fine, but when i add carp to
> trunk0 and trunk1 it takes a few seconds and the box hangs and a poweroff
> reboot is needed.
> 

can you show the command sequence you are using?
what openbsd release are you using, can you send a dmesg?
please try to get some more details, try to find a way to reproduce it.

use the list [EMAIL PROTECTED] for bug reports or open a pr with
sendbug(1) (see the manpage for details).

> If only one carp device exists the machine works but as soon as i add two
> it hangs.
> 
> Even if I made some config error the machine should not hang.
> 
> trunk0: flags=8943 mtu 1500
> lladdr 00:0e:0c:db:3f:48
> trunk: trunkproto failover
> trunkport em1 active
> trunkport em0 master,active
> groups: trunk
> media: Ethernet autoselect
> status: active
> inet6 fe80::20e:cff:fedb:3f48%trunk0 prefixlen 64 scopeid 0xa
> trunk1: flags=8943 mtu 1500
> lladdr 00:0e:0c:db:3f:4a
> trunk: trunkproto failover
> trunkport em3 active
> trunkport em2 master,active
> groups: trunk
> media: Ethernet autoselect
> status: active
> inet6 fe80::20e:cff:fedb:3f4a%trunk1 prefixlen 64 scopeid 0xb
> vlan1: flags=8943 mtu 1500
> lladdr 00:0e:0c:db:3f:48
> vlan: 1 priority: 0 parent interface: trunk0
> groups: vlan
> inet6 fe80::20e:cff:fedb:3f48%vlan1 prefixlen 64 scopeid 0xc
> vlan2: flags=8943 mtu 1500
> lladdr 00:0e:0c:db:3f:4a
> vlan: 2 priority: 0 parent interface: trunk1
> groups: vlan
> inet6 fe80::20e:cff:fedb:3f4a%vlan2 prefixlen 64 scopeid 0xe
> carp1: flags=8843 mtu 1500
> lladdr 00:00:5e:00:01:01
> carp: MASTER carpdev vlan1 vhid 1 advbase 1 advskew 0
> groups: carp
> inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x16
> inet 10.10.1.17 netmask 0xfff0 broadcast 10.10.1.31
> carp2: flags=8843 mtu 1500
> lladdr 00:00:5e:00:01:01
> carp: MASTER carpdev vlan2 vhid 1 advbase 1 advskew 0
> groups: carp
> inet6 fe80::200:5eff:fe00:101%carp2 prefixlen 64 scopeid 0x17
> inet 10.10.1.33 netmask 0xfff0 broadcast 10.10.1.47
> 
> // Fredrik

Re: : : acpi suspend?

[Raimo Niskanen]

On Tue, Jul 03, 2007 at 09:44:09AM +0200, Raimo Niskanen wrote:
> If I may extend the question a bit...
> 
> How are the chances that "hibernate" (to swap) will be implemented
> in the (relatively near) future>? 
> 
> I just bought a used ThinkPad T23, it comes with XP and the BIOS
> does not look like a Phoenix BIOS, so it seems hibernation needs
> OS support the XP way. Have not tried fully the tips about
> ThinkPad T20..22 hibernation to DOS partition yet. It is in
> the pipeline. Any tips are welcome anyway...
> 

For the record.

Hibernation using /usr/ports/sysutils/tphdisk on a type 0x16
(OS/2 hidden) partition works just fine for a ThinkPad T23
dual-booting OpenBSD and Windows XP. Even if the hibernation
partition is not the first on the disk, which is good
because XP wants to be the first on the disk.

It is apparently a Phoenix BIOS in disguise.

XP does not use BIOS hibernation. It implements it on its own.

I still think hibernation without BIOS support (to swap) would
be a nifty feature, but realize laptops are not the primary
target for OpenBSD (laptops are still cool to boast with).



> 
> 
> On Mon, Jul 02, 2007 at 06:21:39PM +0200, Artur Grabowski wrote:
> > "Vim Visual" <[EMAIL PROTECTED]> writes:
> > 
> > > "How are the chances that "suspend" is implemented in ACPI for 
> > > 4.2??"
> > 
> > 1%
> > 
> > I had a prototype almost working at one point, messed it up without
> > saving the working version, then never had time or energy to go back
> > to it and noone else has picked it up.
> > 
> > //art
> 
> -- 
> 
> / Raimo Niskanen, Erlang/OTP, Ericsson AB

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

IPSec Road Warriors

[Georg Buschbeck]

Hi,

we are running an OpenBSD 4.0 Firewall/VPN Cluster (CARP).
One of my collegues connects with a DrayTek 2700 Router to the Internet,
and this router is establishing an IPSec-Tunnel to our Firewall-
Cluster. The Tunnel is stable,
besides the 24-Hour disconnect. The IP of the DrayTek changes, and
the Tunnel isn't set up again.

my ipsec.conf:

--snip--
ike dynamic  esp from 10.0.0.0/24 to 10.1.1.0/24 local  peer
myhost.ath.cx\
main auth hmac-sha1  enc 3des group modp1024\
quick auth hmac-sha1 enc aes \
srcid myID dstid hisID \
psk abcdefg
--snap--

the manual-page says "dynamic for roadwarriors".
the error message my vpn-endpoint is:

--snip--
Jul  3 09:09:25 bonnie isakmpd[24104]: dropped message from
84.186.179.171 port 500 due to notification type NO_PROPOSAL_CHOSEN
--snap--

after flushing and reloading the /etc/ipsec.conf, the connection is
established.

any ideas, what i can do?

Thx!



Mit freundlichen Gr|_en

Georg Buschbeck
Information Technology

THOMAS DAILY GmbH
Adlerstra_e 19
79098 Freiburg
Deutschland
T  + 49 761 3 85 59 170
F  + 49 761 3 85 59 550
E  [EMAIL PROTECTED]
www.thomas-daily.de

Geschdftsf|hrer/Managing Directors:
Wendy Thomas, Susanne Larbig
Handelsregister Freiburg i.Br., HRB 3947




Mit freundlichen Gr|_en

Georg Buschbeck
Information Technology

THOMAS DAILY GmbH
Adlerstra_e 19
79098 Freiburg
Deutschland
T  + 49 761 3 85 59 170
F  + 49 761 3 85 59 550
E  [EMAIL PROTECTED]
www.thomas-daily.de

Geschdftsf|hrer/Managing Directors:
Wendy Thomas, Susanne Larbig
Handelsregister Freiburg i.Br., HRB 3947

sensorsd says the sensor is within limit, but it's not...

[Per-Olov Sjöholm]

Hi Misc


I am probably missing something, but what..


sensorsd says in the syslog that the sensor is "within limits" even though
a "sysctl -a|grep sensor" shows that it is not.


Are there any known bugs? I have checked the list and cannot find anything
related to this... I run a Dell PE830 on OpenBSD 4.0 stable (latest update in
May 25:th). I have these sensors which appears to always show the correct
values running a "sysctl -a|grep sensor".
hw.sensors.0=ipmi0, Temp, 43.00 degC, OK
hw.sensors.1=ipmi0, Planar Temp, 38.00 degC, OK
hw.sensors.2=ipmi0, CMOS Battery, 3.13 V DC, OK
hw.sensors.3=ipmi0, Back Fan, 2204 RPM, OK
hw.sensors.4=ipmi0, Intrusion, Off, OK
hw.sensors.5=ami0, sd0, drive online, OK



>From sensords.conf
hw.sensors.0:high=42C:command=/bin/echo "test test"|/usr/bin/mailx -s "Sensor
warning: CPU temp over %2 bla bla bla" MYEMAIL
hw.sensors.1:high=39C:command=/bin/echo "test test"|/usr/bin/mailx -s "Sensor
warning: Chassie temp over %2 bla bla bla" MYEMAIL


Starting sensorsd and look at /var/log/daemon
Jul  3 16:12:22 xanadu sensorsd[14634]: hw.sensors.0: within limits, value:
43.00 degC
Jul  3 16:12:22 xanadu sensorsd[14634]: hw.sensors.1: within limits, value:
38.00 degC


I assume I receive no reports as the daemon say the sensor wrongly is within
the limits


A dmesg follows below my autosignature

Thanks in advance
Per-Olov
--
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
GPG key:
http://keyserv.nic-se.se:11371/pks/lookup?op=get&search=0xCFB4BBE94DB283CE


OpenBSD 4.0-stable (GENERIC) #0: Fri May 25 21:07:24 CEST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.81 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16
real mem  = 536182784 (523616K)
avail mem = 481148928 (469872K)
using 4256 buffers containing 26910720 bytes (26280K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 08/22/06, BIOS32 rev. 0 @ 0xffe90,
SMBIOS rev. 2.3 @ 0xfa3d0 (48 entries)
bios0: Dell Computer Corporation PowerEdge 830
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb900/208 (11 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00)
pcibios0: PCI bus #8 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1600 0xca800/0x2600
0xec000/0x4000!
ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7230 MCH" rev 0x00
ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel 41210 PCIE-PCIX" rev 0x09
pci2 at ppb1 bus 2
em0 at pci2 dev 4 function 0 "Intel PRO/1000MT (82546GB)" rev 0x03: irq 3,
address 00:0e:0c:72:4b:a2
em1 at pci2 dev 4 function 1 "Intel PRO/1000MT (82546GB)" rev 0x03: irq 11,
address 00:0e:0c:72:4b:a3
ppb2 at pci1 dev 0 function 2 "Intel 41210 PCIE-PCIX" rev 0x09
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01
pci4 at ppb3 bus 4
ppb4 at pci4 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci5 at ppb4 bus 5
ami0 at pci5 dev 2 function 0 "Symbios Logic MegaRAID" rev 0x01: irq 10
ami0: LSI 523, 32b, FW 713R, BIOS vG121, 64MB RAM
ami0: 1 channels, 0 FC loops, 1 logical drives
scsibus0 at ami0: 40 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI2 0/direct fixed
sd0: 476935MB, 476935 cyl, 64 head, 32 sec, 512 bytes/sec, 976762880 sec
total
scsibus1 at ami0: 16 targets
ppb5 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01
pci6 at ppb5 bus 6
bge0 at pci6 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1
(0x4101): irq 3, address 00:12:3f:2a:3e:b8
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb6 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01
pci7 at ppb6 bus 7
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 5
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb7 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xe1
pci8 at ppb7 bus 8
vga1 at pci8 dev 5 function 0 "XGI Technology Volari Z7"

Re: : : : Troubleshooting PCMCIA modem 3Com 3CXM756

[Raimo Niskanen]

On Thu, Jun 14, 2007 at 10:22:50AM +0200, Raimo Niskanen wrote:
> Hi again, sorry to bother you again but who else would know?
> Can ayone make an educated guess on what has the best
> possibility to work for OpenBSD 4.1: 
> * US Robotics USB modem
> * Other USB modem (Sweex)
> * ZONET ZFM5600 MODEM PC-CARD that is supposed "have drivers" for Linux
> * Any Serial line modem (Sweex) that claims to do AT commands

For the archives:

The ZONET ZFM5600 MODEM PC-CARD works perfectly with OpenBSD (4.1).
It has a hardware-only Intel chipset. I would have posted
a dmsg snipplet if I had the machine here.


-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: Bad performance on ThinkPad T41 (-current checked out on July 1)

[Martin Toft]

On Tue, Jul 03, 2007 at 10:20:18PM +1000, Jonathan Gray wrote:
> On Tue, Jul 03, 2007 at 01:49:09PM +0200, Martin Toft wrote:
> > Disk I/O is the only test where I use different programs (hdparm and
> > dd), as I couldn't find a port/package of hdparm for OpenBSD.
> > Still, I think the results are so different that they set off "alarm
> > bells" -- 8.5-8.7 MB/s vs. 45-46 MB/s.
> 
> Well at least use dd in both cases and use the same kinds of buffered
> or unbuffered devices/files.
> 
> I imagine the results will be diferrent if you dd from a file to
> /dev/null for example.

You're absolutely right.  On OpenBSD, dd'ing a file actually gives an OK
result:

$ dd if=KNOPPIX_V5.0.1CD-2006-09-25-DA.iso of=/dev/null
1433280+0 records in
1433280+0 records out
733839360 bytes transferred in 22.626 secs (32432248 bytes/sec)

30.93 MB/s that is.  As I can't figure out how to mount my OpenBSD
partitions on KNOPPIX, I can't do the same test in that environment.
Thanks for pointing out that the previous comparison was unfair. 

It seems that I can't really be disappointed with my OpenBSD disk I/O
now, only the system's number crunching abilities.  I would like to
remind you, that I could squeeze a lot more CPU power out of the laptop
with OpenBSD -current about a month ago, so in some way, I suspect that
some crucial code has been changed in the meantime.

Martin

Re: trunk, carp

[Fredrik Carlsson]

> On Tue, Jul 03, 2007 at 03:57:20PM +0200, Fredrik Carlsson wrote:
>> Hi again,
>>
>> My setup looks like this:
>>
>> [em0, em1]-trunk0 <- vlan2 <- carp2
>> [em2, em3]-trunk1 <- vlan104 <- carp104
>>
>> If don't use carp at all everything works fine, but when i add carp to
>> trunk0 and trunk1 it takes a few seconds and the box hangs and a
>> poweroff
>> reboot is needed.
>>
>
> can you show the command sequence you are using?
> what openbsd release are you using, can you send a dmesg?
> please try to get some more details, try to find a way to reproduce it.
>
> use the list [EMAIL PROTECTED] for bug reports or open a pr with
> sendbug(1) (see the manpage for details).
>
>> If only one carp device exists the machine works but as soon as i add
>> two
>> it hangs.
>>
>> Even if I made some config error the machine should not hang.
>>
>> trunk0: flags=8943 mtu
>> 1500
>> lladdr 00:0e:0c:db:3f:48
>> trunk: trunkproto failover
>> trunkport em1 active
>> trunkport em0 master,active
>> groups: trunk
>> media: Ethernet autoselect
>> status: active
>> inet6 fe80::20e:cff:fedb:3f48%trunk0 prefixlen 64 scopeid 0xa
>> trunk1: flags=8943 mtu
>> 1500
>> lladdr 00:0e:0c:db:3f:4a
>> trunk: trunkproto failover
>> trunkport em3 active
>> trunkport em2 master,active
>> groups: trunk
>> media: Ethernet autoselect
>> status: active
>> inet6 fe80::20e:cff:fedb:3f4a%trunk1 prefixlen 64 scopeid 0xb
>> vlan1: flags=8943 mtu
>> 1500
>> lladdr 00:0e:0c:db:3f:48
>> vlan: 1 priority: 0 parent interface: trunk0
>> groups: vlan
>> inet6 fe80::20e:cff:fedb:3f48%vlan1 prefixlen 64 scopeid 0xc
>> vlan2: flags=8943 mtu
>> 1500
>> lladdr 00:0e:0c:db:3f:4a
>> vlan: 2 priority: 0 parent interface: trunk1
>> groups: vlan
>> inet6 fe80::20e:cff:fedb:3f4a%vlan2 prefixlen 64 scopeid 0xe
>> carp1: flags=8843 mtu 1500
>> lladdr 00:00:5e:00:01:01
>> carp: MASTER carpdev vlan1 vhid 1 advbase 1 advskew 0
>> groups: carp
>> inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x16
>> inet 10.10.1.17 netmask 0xfff0 broadcast 10.10.1.31
>> carp2: flags=8843 mtu 1500
>> lladdr 00:00:5e:00:01:01
>> carp: MASTER carpdev vlan2 vhid 1 advbase 1 advskew 0
>> groups: carp
>> inet6 fe80::200:5eff:fe00:101%carp2 prefixlen 64 scopeid 0x17
>> inet 10.10.1.33 netmask 0xfff0 broadcast 10.10.1.47
>>
>> // Fredrik
>>
>

Hi,

Release: OpenBSD 4.1, with all avalible patches.

It is not that hard to reproduce:
add carp1 - works, system works fine
add carp2 - it hangs after about 5-10 second.

/etc/hostname.em<0-3>:
up

/etc/hostname.trunk0
trunkproto failover trunkport em0 trunkport em1 up

/etc/hostname.trunk1
trunkproto failover trunkport em2 trunkport em3 up

/etc/hostname.vlan1
vlan 1 vlandev trunk0

/etc/hostname.vlan2
vlan 2 vlandev trunk1

/etc/hostname.carp1
inet 10.10.1.17 255.255.255.240 NONE vhid 1 carpdev vlan1 pass password1

/etc/hostname.carp1
inet 10.10.1.33 255.255.255.240 NONE vhid 2 carpdev vlan1 pass password1

I will send a PR later, the machine is not connected to Internet.

// Fredrik
OpenBSD 4.1-stable (ZTHN-FW01.MP) #2: Tue Jul  3 09:36:02 CEST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 536215552 (523648K)
avail mem = 446967808 (436492K)
using 13142 buffers containing 53829632 bytes (52568K) of memory
mainbus0 (root)
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfa5b0 (48 entries)
bios0: Dell Computer Corporation PowerEdge 860
acpi at mainbus0 not configured
ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4
mainbus0: Intel MP Specification (Version 1.4)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Pentium(R) D CPU 3.00GHz, 3000.54 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,NXE,LON
G
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Pentium(R) D CPU 3.00GHz, 3000.12 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,NXE,LON
G
cpu1: 2MB 64b/line 8-way L2 cache
mpbios: bus 0 is type PCI
mpbios: bus 1 is type PCI
mpbios: bus 2 is type PCI
mpbios: bus 3 is type PCI
mpbios: bus 4 is type PCI
mpbios: bus 5 is type PCI
mpbios: bus 6 is type PCI
mpbios: bus 7 is type PCI
mpbios: bus 8 is type ISA
ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
ioapic1 at mainbus0 apid 3 pa 0xfec1, version 20, 24 pins
ioapic1: misconfigured as apic 0, remapped to apid 3
pci0 at mainbus0 bus 0: configur

Commerces à vendre

[Jacques Gerrand]

Bonjour,

Vous vendez votre fond de commerce ?
Vous souhaitez acquirir un fond de commerce ?

Consultez ou inscrivez gratuitement votre annonce dachat ou de vente
de fond de commerce sur www.vente-fonds-commerce.fr.

Dans lattente de votre prochaine visite,
Veuillez agrier nos sinchres salutations.

Liquipe Vente-Fonds-Commerce.fr
www.vente-fonds-commerce.fr
[EMAIL PROTECTED]

Offre riservie exclusivement aux entreprises.

Conformiment ` la Loi Informatique et Libertis parue au Journal Officiel
du 6 janvier 1978, vous disposez d'un droit d'acchs, de rectification, et
d'opposition aux donnies personnelles vous concernant. Pour ne plus
recevoir d'informations de notre part, Cliquez ici

sk(4): Marvell 88E1011 not working with 4.1

[Heinrich Rebehn]

Hi folks,

Since i upgraded our firewall to 4.1, i have severe problems with the 
Marvell 88E1011 Gigabit interface. netstat shows thousands of ierrs 
after 15 minutes of uptime. No Problems with 4.0. Is this a known issue? 
I found only one relevant posting 
http://archives.neohapsis.com/archives/openbsd/2007-06/0744.html but 
this guy reported "no carrier".


Any ideas?



# ifconfig sk0
sk0: flags=8843 mtu 1500
lladdr 00:0c:6e:d8:b0:d8
media: Ethernet 100baseTX full-duplex
status: active
inet6 fe80::20c:6eff:fed8:b0d8%sk0 prefixlen 64 scopeid 0x1

I noticed that the full-duplex light on the switch is flashing, but 
trying to swith sk0 ti half-duplex only resulted in:


# ifconfig sk0 mediaopt half-duplex
ifconfig: SIOCSIFMEDIA: Invalid argument

But then again, automatic media selection worked without problems on 4.0.

# uptime
 4:59PM  up 7 mins, 1 user, load averages: 1.45, 0.92, 0.44
# netstat -in
NameMtu   Network Address  Ipkts IerrsOpkts 
Oerrs Colls
lo0 33224  254 0  254 
0 0
lo0 33224 127/8   127.0.0.1  254 0  254 
0 0
lo0 33224 ::1/128 ::1254 0  254 
0 0
lo0 33224 fe80::%lo0/ fe80::1%lo0254 0  254 
0 0
sk0 150000:0c:6e:d8:b0:d8   214243  2540   204093 
0 0
sk0 1500  fe80::%sk0/ fe80::20c:6eff:fe   214243  2540   204093 
0 0
xl0 150000:04:76:a0:43:bd26904 014979 
0 0
xl0 1500  fe80::%xl0/ fe80::204:76ff:fe26904 014979 
0 0
xl0 1500  192.168.34/ 192.168.34.100   26904 014979 
0 0
pflog0* 332240 0 5558 
0 0
enc0*   1536 0 00 
0 0
vlan0   150000:0c:6e:d8:b0:d898660 098595 
0 0
vlan0   1500  fe80::%vlan fe80::20c:6eff:fe98660 098595 
0 0
vlan0   1500  134.102.176 134.102.176.250  98660 098595 
0 0
vlan1   150000:0c:6e:d8:b0:d879384 083536 
0 0
vlan1   1500  fe80::%vlan fe80::20c:6eff:fe79384 083536 
0 0
vlan1   1500  134.102.186 134.102.186.20   79384 083536 
0 0
vlan2   150000:0c:6e:d8:b0:d8 8303 0   26 
0 0
vlan2   1500  fe80::%vlan fe80::20c:6eff:fe 8303 0   26 
0 0
vlan2   1500  172.21/16   172.21.1.88303 0   26 
0 0
vlan3   150000:0c:6e:d8:b0:d827716 021810 
0 0
vlan3   1500  fe80::%vlan fe80::20c:6eff:fe27716 021810 
0 0
vlan3   1500  192.168.33/ 192.168.33.250   27716 021810 
0 0
vlan5   150000:0c:6e:d8:b0:d8  186 0  135 
0 0
vlan5   1500  fe80::%vlan fe80::20c:6eff:fe  186 0  135 
0 0
vlan5   1500  192.168.32/ 192.168.32.250 186 0  135 
0 0
tun01500 0 00 
0 0
tun01500  10.8.0.1/32 10.8.0.1 0 00 
0 0


OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.60GHz ("GenuineIntel" 686-class) 2.61 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR

real mem  = 1072459776 (1047324K)
avail mem = 971186176 (948424K)
using 4278 buffers containing 53747712 bytes (52488K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 12/12/03, BIOS32 rev. 0 @ 0xf0010, 
SMBIOS rev. 2.3 @ 0xf04a0 (68 entries)

bios0: ASUSTeK Computer Inc. P4P800
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5100/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x800
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82865G/PE/P CPU-I/0-1" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 82865G/PE/P CPU-AGP" rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Rage 128 Pro TF" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powere

HP proliant DL140-G3 install problems

[Doros Eracledes]

I am trying to install 4.1 amd64 on a proliant DL140-G3 server and have
various problems.

I've found on previous postings that the axe and uberry driver are
causing a problem and the kernel fails to load.

What I've done until now is to install openbsd 4.1 on another machine
update and recompile the kernel after removing the following options
from it:

#uberry*at uhub?# Research In Motion Blackberry
#axe*   at uhub?# ASIX Electronics AX88172 USB
Ethernet

#pckbc0 at isa? # PC keyboard controller
#pckbd* at pckbc?   # PC keyboard
#pms* at pckbc? # PS/2 mouse for wsmouse
#pmsi*  at pckbc?   # PS/2 "Intelli"mouse for
wsmouse

After removing the ps2 keyboard and mouse controller from the kernel
machine boots normally and keyboard and mouse is detected (seems like
there is a USB to PS2 bridge).
PS2 keyboard and mouse would make the machine to take very long time to
boot (trying to initialize keyboard controller)
 i386 install shows up the same behaviour.

I've tried the above using a 4.1-current install and now I need to try
the same with 4.1-stable.

Is it possible that we get patches to allow 4.1-stable install CD to be
able to install directly on the DL140-G3 machine?


Here is an 4.1-current (i386) dmesg:

OpenBSD 4.1-current (TEL) #7: Mon Jul  2 20:21:22 EEST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/TELXXX
cpu0: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz ("GenuineIntel" 686-class)
1.60 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2
,CX16,xTPR
real mem  = 2146050048 (2095752K)
avail mem = 1844817920 (1801580K)
using 4278 buffers containing 214855680 bytes (209820K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xfd361,
SMBIOS rev. 2.31 @ 0xdc010 (57 entries)
bios0: HP ProLiant DL140 G3
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd360/0xca0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdde0/512 (30 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev
0x00)
pcibios0: PCI bus #16 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1600
0xca800/0x1600 0xdc000/0x4000!
acpi at mainbus0 not configured
mainbus0: Intel MP Specification (Version 1.4)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 265 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz ("GenuineIntel" 686-class)
1.60 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2
,CX16,xTPR
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz ("GenuineIntel" 686-class)
1.60 GHz
cpu2:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2
,CX16,xTPR
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz ("GenuineIntel" 686-class)
1.60 GHz
cpu3:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2
,CX16,xTPR
mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 2 is type PCI
mainbus0: bus 14 is type PCI
mainbus0: bus 15 is type PCI
mainbus0: bus 16 is type PCI
mainbus0: bus 17 is type ISA
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 5 pa 0xfec8, version 20, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 5000X Host" rev 0x31
ppb0 at pci0 dev 2 function 0 "Intel 5000 PCIE" rev 0x31
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01
pci3 at ppb2 bus 3
ppb3 at pci1 dev 0 function 3 "Intel 6321ESB PCIE-PCIX" rev 0x01
pci4 at ppb3 bus 5
ppb4 at pci0 dev 3 function 0 "Intel 5000 PCIE" rev 0x31
pci5 at ppb4 bus 6
ppb5 at pci0 dev 4 function 0 "Intel 5000X PCIE" rev 0x31
pci6 at ppb5 bus 8
ppb6 at pci0 dev 5 function 0 "Intel 5000 PCIE" rev 0x31
pci7 at ppb6 bus 9
ppb7 at pci0 dev 6 function 0 "Intel 5000 PCIE" rev 0x31
pci8 at ppb7 bus 10
ppb8 at pci0 dev 7 function 0 "Intel 5000 PCIE" rev 0x31
pci9 at ppb8 bus 11
pchb1 at pci0 dev 16 function 0 "Intel 5000 Error Reporting" rev 0x31
pchb2 at pci0 dev 16 function 1 "Intel 5000 Error Reporting" rev 0x31
pchb3 at pci0 dev 16 function 2 "Intel 5000 Error Reporting" rev 0x31
pchb4 at pci0 dev 17 function 0 "Intel 5000 Reserved" rev 0x31
pchb5 at pci0 dev 19 function 0 "Intel 5000 Reserved" rev 0x31
pchb6 at pci0 dev 21 function 0 "Intel 5000 FBD" rev

IPSec Road Warriors

[Georg Buschbeck]

Hi,

we are running an OpenBSD 4.0 Firewall/VPN Cluster (CARP).
One of my collegues connects with a DrayTek 2700 Router to the Internet,
and this router is establishing an IPSec-Tunnel to our Firewall-
Cluster. The Tunnel is stable,
besides the 24-Hour disconnect. The IP of the DrayTek changes, and
the Tunnel isn't set up again.

my ipsec.conf:

--snip--
ike dynamic  esp from 10.0.0.0/24 to 10.1.1.0/24 local  peer
myhost.ath.cx\
main auth hmac-sha1  enc 3des group modp1024\
quick auth hmac-sha1 enc aes \
srcid myID dstid hisID \
psk abcdefg
--snap--

the manual-page says "dynamic for roadwarriors".
the error message my vpn-endpoint is:

--snip--
Jul  3 09:09:25 bonnie isakmpd[24104]: dropped message from
84.186.179.171 port 500 due to notification type NO_PROPOSAL_CHOSEN
--snap--

after flushing and reloading the /etc/ipsec.conf, the connection is
established.

any ideas, what i can do?

Thx!



Mit freundlichen Gr|_en

Georg Buschbeck
Information Technology

THOMAS DAILY GmbH
Adlerstra_e 19
79098 Freiburg
Deutschland
T  + 49 761 3 85 59 170
F  + 49 761 3 85 59 550
E  [EMAIL PROTECTED]
www.thomas-daily.de

Geschdftsf|hrer/Managing Directors:
Wendy Thomas, Susanne Larbig
Handelsregister Freiburg i.Br., HRB 3947

Re: Intel xeon fails to boot with 4.1 release

[Austin Hook]

Hi Chris,

   Thanks!

   What kind of an issue was it?  You just had to increase the
VM_PHYSSEG_MAX definition, or was that a misdirection?

Austin



   BTW, way, how long does it take for such patches to show up in either
the 4.1 or patch branch corrections lists on the web site?

Austin



On Sat, 30 Jun 2007, Chris Kuethe wrote:

> On 6/29/07, Austin Hook <[EMAIL PROTECTED]> wrote:
> > Trying to set up a fairly heavy duty web server I encountered boot
> > problems with this fairly new machine using the release CD ROM.  Using the
> > -c command at the boot prompt I already see error messages, before it
> > gives me the UKC> ...
> >
> > UVM_PAGE_PHYSLOAD: unable to load physical memory segment
> > 5 segments allocated, ignoring 0x7fa9a -> 0x7fad0
> > Increase VM_PHYSSEG_MAX
> >
> > and repeats this two more times for ranges like:
> >0x7fb1a -> 0x7fb2c
>
> I just committed a patch to 4.0-stable and 4.1-stable which may help.
>
> CK
>
> --
> GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: HP proliant DL140-G3 install problems

[Reyk Floeter]

On Tue, Jul 03, 2007 at 04:18:35PM +0100, Doros Eracledes wrote:
> I am trying to install 4.1 amd64 on a proliant DL140-G3 server and have
> various problems.
> 
> I've found on previous postings that the axe and uberry driver are
> causing a problem and the kernel fails to load.
> 
> What I've done until now is to install openbsd 4.1 on another machine
> update and recompile the kernel after removing the following options
> from it:
> 

same thing on the DL145-G3 (the opteron version). there is something
wrong with the usb attach code, i started looking into this but i
didn't fix it yet.

you don't have to recompile the kernel, just boot into UKC and type
disable axe
...

you can also modify the kernel image without recompiling it by running
config -f -e bsd.rd
from a system running the same arch.

see the manpages boot_config(8), boot(8), and config(8)

> #uberry*  at uhub?# Research In Motion Blackberry
> #axe* at uhub?# ASIX Electronics AX88172 USB
> Ethernet
> 
> #pckbc0   at isa? # PC keyboard controller
> #pckbd*   at pckbc?   # PC keyboard
> #pms*   at pckbc? # PS/2 mouse for wsmouse
> #pmsi*at pckbc?   # PS/2 "Intelli"mouse for
> wsmouse
> 
> After removing the ps2 keyboard and mouse controller from the kernel
> machine boots normally and keyboard and mouse is detected (seems like
> there is a USB to PS2 bridge).
> PS2 keyboard and mouse would make the machine to take very long time to
> boot (trying to initialize keyboard controller)
>  i386 install shows up the same behaviour.
> 
> I've tried the above using a 4.1-current install and now I need to try
> the same with 4.1-stable.
> 
> Is it possible that we get patches to allow 4.1-stable install CD to be
> able to install directly on the DL140-G3 machine?
>

see above, use config(8)

reyk
 
> 
> Here is an 4.1-current (i386) dmesg:
> 
> OpenBSD 4.1-current (TEL) #7: Mon Jul  2 20:21:22 EEST 2007
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/TELXXX

  ^^^ FOR PORN?

> cpu0: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz ("GenuineIntel" 686-class)
> 1.60 GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
> CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2
> ,CX16,xTPR
> real mem  = 2146050048 (2095752K)
> avail mem = 1844817920 (1801580K)
> using 4278 buffers containing 214855680 bytes (209820K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xfd361,
> SMBIOS rev. 2.31 @ 0xdc010 (57 entries)
> bios0: HP ProLiant DL140 G3
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> apm0: flags 30102 dobusy 0 doidle 1
> pcibios0 at bios0: rev 2.1 @ 0xfd360/0xca0
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdde0/512 (30 entries)
> pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev
> 0x00)
> pcibios0: PCI bus #16 is the last bus
> bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1600
> 0xca800/0x1600 0xdc000/0x4000!
> acpi at mainbus0 not configured
> mainbus0: Intel MP Specification (Version 1.4)
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: apic clock running at 265 MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz ("GenuineIntel" 686-class)
> 1.60 GHz
> cpu1:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
> CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2
> ,CX16,xTPR
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz ("GenuineIntel" 686-class)
> 1.60 GHz
> cpu2:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
> CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2
> ,CX16,xTPR
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz ("GenuineIntel" 686-class)
> 1.60 GHz
> cpu3:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
> CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2
> ,CX16,xTPR
> mainbus0: bus 0 is type PCI
> mainbus0: bus 1 is type PCI
> mainbus0: bus 2 is type PCI
> mainbus0: bus 14 is type PCI
> mainbus0: bus 15 is type PCI
> mainbus0: bus 16 is type PCI
> mainbus0: bus 17 is type ISA
> ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
> ioapic1 at mainbus0: apid 5 pa 0xfec8, version 20, 24 pins
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel 5000X Host" rev 0x31
> ppb0 at pci0 dev 2 function 0 "Intel 5000 PCIE" rev 0x31
> pci1 at ppb0 bus 1
> ppb1 at pci1 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01
> pci2 at ppb1 bus 2
> ppb2 at pci2 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01
> pci3 at ppb2 bus 3
> ppb3 at pci1 dev 0 function 3 "Intel 6321ESB PCIE-PCIX" rev 0x01
> pci4 

Re: kerberos - incorrect net address

[Douglas Maus]

My previous message was probably a bit dense, so I'll try my best to get right
to the point.

kerberos kinit was failing, giving me the error "incorrect net address"
The kdc.log file indicated that the request was coming from ::1 (the IPv6 
loopback,
is that right?)

After much looking, I found that I could get it to succeed with
just one change:
I changed my /etc/hosts file, so it read only:
 10.0.1.202 auth.my.realm auth
 ::1 auth.my.realm auth
(so that 10.0.1.202 was first, instead of ::1)
kinit then succeeded

My questions are:
It works, but I'm betting it's not the 'right thing to do'
so, what is? Where else should I look?

I'm trying to understand how kinit came up with ::1,
so that maybe I can figure out the 'right way to fix it'
(I'm not a developer, but) I'm guessing since kinit needs
to get a default IP address, it first gets a hostname
(maybe gethostbyname() or something like it) and then
does some sort of lookup from hostname to address
(maybe res_query() or something like it)
I'm guessing that the hostname to address is the problem,

would this explain why changing /etc/hosts worked?

Thanks

Re: Intel xeon fails to boot with 4.1 release

[Chris Kuethe]

On 7/3/07, Austin Hook <[EMAIL PROTECTED]> wrote:

Hi Chris,

   Thanks!

   What kind of an issue was it?  You just had to increase the
VM_PHYSSEG_MAX definition, or was that a misdirection?


Just had to increase VM_PHYSSEG_MAX.


   BTW, way, how long does it take for such patches to show up in either
the 4.1 or patch branch corrections lists on the web site?


That's a manual process to put patches and errata up. It wasn't clear
that we needed to actually issue a separate patch for this, since we
haven't heard of very many machines being affected by this... only two
reported machines so far that need more than 5 segments.

CK

--
GDB has a 'break' feature; why doesn't it have 'fix' too?

Changing IO or memory value

[Leon Komloši]

Does anone have idea how to put certain value to a certain IO location 
from operating system. Is there some kind of debug or something?


I need to read IO location 0x09030, change and then write it back.


 Leon Komlosi

Re: Changing IO or memory value

[Paul de Weerd]

On Tue, Jul 03, 2007 at 09:06:29PM +0200, Leon Komlo?i wrote:
| Does anone have idea how to put certain value to a certain IO location
| from operating system. Is there some kind of debug or something?
|
| I need to read IO location 0x09030, change and then write it back.

I don't know of a portable way to do this, but if you're on i386, you
may find i386_get_ioperm(2) useful.

Cheers,

Paul 'WEiRD' de Weerd

--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: trunk, carp

[Fredrik Carlsson]

Reyk Floeter wrote:

On Tue, Jul 03, 2007 at 03:57:20PM +0200, Fredrik Carlsson wrote:
  

Hi again,

My setup looks like this:

[em0, em1]-trunk0 <- vlan2 <- carp2
[em2, em3]-trunk1 <- vlan104 <- carp104

If don't use carp at all everything works fine, but when i add carp to
trunk0 and trunk1 it takes a few seconds and the box hangs and a poweroff
reboot is needed.




can you show the command sequence you are using?
what openbsd release are you using, can you send a dmesg?
please try to get some more details, try to find a way to reproduce it.

use the list [EMAIL PROTECTED] for bug reports or open a pr with
sendbug(1) (see the manpage for details).

  

If only one carp device exists the machine works but as soon as i add two
it hangs.

Even if I made some config error the machine should not hang.

trunk0: flags=8943 mtu 1500
lladdr 00:0e:0c:db:3f:48
trunk: trunkproto failover
trunkport em1 active
trunkport em0 master,active
groups: trunk
media: Ethernet autoselect
status: active
inet6 fe80::20e:cff:fedb:3f48%trunk0 prefixlen 64 scopeid 0xa
trunk1: flags=8943 mtu 1500
lladdr 00:0e:0c:db:3f:4a
trunk: trunkproto failover
trunkport em3 active
trunkport em2 master,active
groups: trunk
media: Ethernet autoselect
status: active
inet6 fe80::20e:cff:fedb:3f4a%trunk1 prefixlen 64 scopeid 0xb
vlan1: flags=8943 mtu 1500
lladdr 00:0e:0c:db:3f:48
vlan: 1 priority: 0 parent interface: trunk0
groups: vlan
inet6 fe80::20e:cff:fedb:3f48%vlan1 prefixlen 64 scopeid 0xc
vlan2: flags=8943 mtu 1500
lladdr 00:0e:0c:db:3f:4a
vlan: 2 priority: 0 parent interface: trunk1
groups: vlan
inet6 fe80::20e:cff:fedb:3f4a%vlan2 prefixlen 64 scopeid 0xe
carp1: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev vlan1 vhid 1 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x16
inet 10.10.1.17 netmask 0xfff0 broadcast 10.10.1.31
carp2: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev vlan2 vhid 1 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:101%carp2 prefixlen 64 scopeid 0x17
inet 10.10.1.33 netmask 0xfff0 broadcast 10.10.1.47

// Fredrik




I was not able to use sendbug, but i copied the information and sent it 
to [EMAIL PROTECTED]


Any ideas what could cause my problem?

// Fredrik

Re: Setting up a virtual hosting machine w. SSH/SFTP accounts - pitfalls/experiences?

[Brian Candler]

> > >You don't want user 1's web applications to be able to access data in user
> > >2's web application storage space. 
> > I will only be using mod_php. In the past, without the user shell 
> > accounts, this has worked rather well for me in combination with the 
> > "open_base_dir" directive in the VirtualHost.
> > This binds PHP's abilities to the specified directory (or directories) 
> > for that specific virtual host.
> > 
> > Am I overlooking something with that setup?
> > I get the impression from your reply this might be rather unsafe?

A timely note:
http://www.theregister.co.uk/2007/07/03/mpack_reloaded/

'SANS Institute researchers conclude. "Check if your hosting company uses
chroot and/or suExec because that is the only way to make sure that your own
web site will not be compromised by other users sharing the same physical
server."'

Re: Soekris net5501 IPsec performance?

[Chris Cappuccio]

Christian Weisgerber [EMAIL PROTECTED] wrote:
> 
> As reported ad nauseum, the vpn1411 doesn't work reliably in earlier
> Soekrises.  Whether this still applies to the net5501 is a valid
> question.
> 

The only common piece between the 4501 and the 4801 was the ethernet chip.
Everything else was different.  The 5501 is totally different from either
of the older models.

Freebsd seems to think they have some significant driver improvements for
speed and stability.  Or, well, the story goes that hifn hired somebody
to write a driver for freebsd and linux.  Presumably they gave this person
access to chip engineers to work out various issues.

Chris

Access Control Mechanism (DAC x MAC)

[João Salvatti]

Hi all,

Having Read about computer security, one of the parts that mostly
called up my atention were the access control mechanisms. I've found
out that the mechanism used by mostly of the Unix-like systems is DAC
(Discretionary Access Control) and as I could see OpenBSD fits in that
mechanism as well. But the literature says that there is a more
sophisticated mechanism, called MAC (Mandatory Access Control). In my
studies, all the papers I have read explain that
MAC is much more sophiscitated that DAC. Thus I would like to know
from you why OpenBSD does not implement this type of mechanism.

Thanks.

Re: HP proliant DL140-G3 install problems

[Jonathan Gray]

On Tue, Jul 03, 2007 at 06:26:42PM +0200, Reyk Floeter wrote:
> On Tue, Jul 03, 2007 at 04:18:35PM +0100, Doros Eracledes wrote:
> > I am trying to install 4.1 amd64 on a proliant DL140-G3 server and have
> > various problems.
> > 
> > I've found on previous postings that the axe and uberry driver are
> > causing a problem and the kernel fails to load.
> > 
> > What I've done until now is to install openbsd 4.1 on another machine
> > update and recompile the kernel after removing the following options
> > from it:
> > 
> 
> same thing on the DL145-G3 (the opteron version). there is something
> wrong with the usb attach code, i started looking into this but i
> didn't fix it yet.

This was fixed two months ago by miod in -current.
http://marc.info/?l=openbsd-cvs&m=117760690012315&w=2

Re: Access Control Mechanism (DAC x MAC)

[Jacob Yocom-Piatt]

Joco Salvatti wrote:

Hi all,

Having Read about computer security, one of the parts that mostly
called up my atention were the access control mechanisms. I've found
out that the mechanism used by mostly of the Unix-like systems is DAC
(Discretionary Access Control) and as I could see OpenBSD fits in that
mechanism as well. But the literature says that there is a more
sophisticated mechanism, called MAC (Mandatory Access Control). In my
studies, all the papers I have read explain that
MAC is much more sophiscitated that DAC. Thus I would like to know
from you why OpenBSD does not implement this type of mechanism.



if you've ever played the mortal combat games, this post conjures to 
mind the sound that occurs immediately prior to a fatality...



Thanks.

Re: Access Control Mechanism (DAC x MAC)

[RW]

On Tue, 3 Jul 2007 22:32:01 -0300, Joco Salvatti wrote:

>Hi all,
>
>Having Read about computer security, one of the parts that mostly
>called up my atention were the access control mechanisms. I've found
>out that the mechanism used by mostly of the Unix-like systems is DAC
>(Discretionary Access Control) and as I could see OpenBSD fits in that
>mechanism as well. But the literature says that there is a more
>sophisticated mechanism, called MAC (Mandatory Access Control). In my
>studies, all the papers I have read explain that
>MAC is much more sophiscitated that DAC. Thus I would like to know
>from you why OpenBSD does not implement this type of mechanism.
>
>Thanks.
>
STFA!
or
JFGI!
About the third or fourth hit will tell you.

Doing your own research before asking here is strongly recommended.

Rod/
>From the land "down under": Australia.
Do we look  from up over?

Re: sensorsd says the sensor is within limit, but it's not...

[Constantine A. Murenin]

On 03/07/07, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:

Hi Misc


I am probably missing something, but what..


sensorsd says in the syslog that the sensor is "within limits" even though
a "sysctl -a|grep sensor" shows that it is not.


Are there any known bugs? I have checked the list and cannot find anything
related to this... I run a Dell PE830 on OpenBSD 4.0 stable (latest update

in

May 25:th). I have these sensors which appears to always show the correct
values running a "sysctl -a|grep sensor".
hw.sensors.0=ipmi0, Temp, 43.00 degC, OK
hw.sensors.1=ipmi0, Planar Temp, 38.00 degC, OK
hw.sensors.2=ipmi0, CMOS Battery, 3.13 V DC, OK
hw.sensors.3=ipmi0, Back Fan, 2204 RPM, OK
hw.sensors.4=ipmi0, Intrusion, Off, OK
hw.sensors.5=ami0, sd0, drive online, OK



From sensords.conf
hw.sensors.0:high=42C:command=/bin/echo "test test"|/usr/bin/mailx -s

"Sensor

warning: CPU temp over %2 bla bla bla" MYEMAIL
hw.sensors.1:high=39C:command=/bin/echo "test test"|/usr/bin/mailx -s

"Sensor

warning: Chassie temp over %2 bla bla bla" MYEMAIL


Starting sensorsd and look at /var/log/daemon
Jul  3 16:12:22 xanadu sensorsd[14634]: hw.sensors.0: within limits, value:
43.00 degC
Jul  3 16:12:22 xanadu sensorsd[14634]: hw.sensors.1: within limits, value:
38.00 degC


I assume I receive no reports as the daemon say the sensor wrongly is

within

the limits



Please, check the manual page for your system [0], specifically, the
following:

Sensors that provide status (such as from bio(4), esm(4), or ipmi(4)) do
not require boundary values specified (that otherwise will be ignored)
and simply trigger on status transitions.

In other words, for those sensors that provide the status themselves,
the keywords "high" and "low" in sensorsd.conf have no effect. This
limitation was removed at c2k7 [1], and the newest sensorsd in OpenBSD
4.1-current allows you to set your own limits for any sensor, and
ignore the status that the sensor device itself provides.

So if you need this functionality, you may wish to upgrade to OpenBSD
4.1-current.

Alternatively, you may upgrade to OpenBSD 4.1-stable that has the new
two-level sensor framework, and then manually update sensorsd to
4.1-current (files /usr/src/{etc/sensorsd.conf,usr.sbin/sensorsd/*}),
compiling and installing it afterwards  -- sensorsd in 4.1-current as
of today is source-code-compatible with 4.1-stable (note that it is
not binary compatible). However, please be warned that mixing
4.1-stable and 4.1-current is not officially supported, so use it at
your own risk! (Even though it works for me in this specific case with
sensorsd.)

Cheers,
Constantine. :)

[0]
http://www.openbsd.org/cgi-bin/man.cgi?query=sensorsd.conf&sektion=5&manpath=
OpenBSD+4.0

[1]
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/sensorsd/sensorsd.c#rev1.3
2

Re: Access Control Mechanism (DAC x MAC)

[Lars Hansson]

Joco Salvatti wrote:


MAC is much more sophiscitated that DAC. Thus I would like to know
from you why OpenBSD does not implement this type of mechanism.


More sophisticated != better.
The longer answer is in the archives.

---
Lars Hansson

Re: Access Control Mechanism (DAC x MAC)

[Theo de Raadt]

> Having Read about computer security, one of the parts that mostly
> called up my atention were the access control mechanisms. I've found
> out that the mechanism used by mostly of the Unix-like systems is DAC
> (Discretionary Access Control) and as I could see OpenBSD fits in that
> mechanism as well. But the literature says that there is a more
> sophisticated mechanism, called MAC (Mandatory Access Control). In my
> studies, all the papers I have read explain that
> MAC is much more sophiscitated that DAC. Thus I would like to know
> from you why OpenBSD does not implement this type of mechanism.

Because it is dumb, and due to it's complexity it impliments a serious
systems lifetime trap for system administrators --- most of who are
not much smarter than a sack of hammers (excluding those of you
reading this, of course).

Look, complexity does not avert risk.  Ever.  Period.

PacSec 2007 Call For Papers (Nov. 29/30, deadline July 27)

[Dragos Ruiu]

PacSec CALL FOR PAPERS

World Security Pros To Converge on Japan

   TOKYO, Japan -- To address the increasing importance of
   information security in Japan, the best known figures in the
   international security industry will get together with leading
   Japanese researchers to share best practices and technology.
   The most significant new discoveries about computer network
   hack attacks will be presented at the fifth annual PacSec
   conference to be discussed.

   The PacSec meeting provides an opportunity for foreign
   specialists to be exposed to Japanese innovation and markets
   and collaborate on practical solutions to computer security
   issues. In a relaxed setting with a mixture of material
   bilingually translated in both English and Japanese the eminent
   technologists can socialize and attend training sessions.

   Announcing the opportunity to submit papers for the PacSec 2007
   network security training conference. The conference will be
   held November 29-30th in Tokyo. The conference focuses on
   emerging information security tutorials - it will be a bridge
   between the international and Japanese information security
   technology communities..

   Please make your paper proposal submissions before July 27th,
   2007. Slides for the papers must be submitted by October 1st
   2007. The conference is November 29th and 30th 2007, presenters
   need to be available in the days before to meet with
   interpreters.

   A some invited papers have been confirmed, but a limited number
   of speaking slots are still available. The conference is
   responsible for travel and accomodations for the speakers. If
   you have a proposal for a tutorial session then please email a
   synopsis of the material and your biography, papers and,
   speaking background to secwest07 [at] pacsec.jp . Tutorials are
   one hour in length, but with simultaneous translation should be
   approximately 45 minutes in English, or Japanese. Only slides
   will be needed for the October paper deadline, full text does
   not have to be submitted.

   The PacSec conference consists of tutorials on technical
   details about current issues, innovative techniques and best
   practices in the information security realm. The audiences are
   a multi-national mix of professionals involved on a daily basis
   with security work: security product vendors, programmers,
   security officers, and network administrators. We give
   preference to technical details and education for a technical
   audience.

   The conference itself is a single track series of presentations
   in a lecture theater environment. The presentations offer
   speakers the opportunity to showcase on-going research and
   collaborate with peers while educating and highlighting
   advancements in security products and techniques. The focus is
   on innovation, tutorials, and education instead of product
   pitches. Some commercial content is tolerated, but it needs to
   be backed up by a technical presenter - either giving a
   valuable tutorial and best practices instruction or detailing
   significant new technology in the products.

   Paper proposals should consist of the following information:

   1) Presenter, and geographical location (country of
   origin/passport) and contact info (e-mail, postal address,
   phone, fax).

   2) Employer and/or affiliations.

   3) Brief biography, list of publications and papers.

   4) Any significant presentation and educational
   experience/background.

   5) Topic synopsis, Proposed paper title, and a one paragraph
   description.

   6) Reason why this material is innovative or significant or an
   important tutorial.

   7) Where else has this material been presented or submitted?

   8) Optionally, any samples of prepared material or outlines
   ready.

   Please forward the above information to secwest07 [at]
   pacsec.jp to be considered for placement on the speaker roster.

cheers,
--dr

P.s. Some other dates of interest are announced:

CanSecWest 2008 March 19-21 see http://cansecwest.com
EUSecWest 2008 May 21/22 see http://eusecwest

P.P.S.

Also as a friendly reminder, CCC Camp is Aug 8 -12 2008, see 
http://events.ccc.de/camp/2007/Intro (Hi Julia et al...) 

Happy Independence Day and  Canada Day,

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, JapanNovember 29/30 - 2007http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp