Re: How to figure out the error location?

[Insan Praja SW]

Hi,
On Mon, 24 May 2010 12:31:56 +0700, Bret S. Lambert  
 wrote:



On Mon, May 24, 2010 at 12:52:39AM +0200, Roger Schreiter wrote:

Hi,

we've been running a BGP router on OpenBSD for
the months without problems.

Now it crashed two times within 4 days. After the
second crash, I could have a look on the screen:

   uvm_fault (0xd088cfc0, 0x6c4e2000, 0, 1) -> e
   kernel: page fault trap, code=0
   Stopped at  pool_do_get+0x11b:   movl   0(%ebx),%eax

Is there any mean to figure out, which driver did cause
the problem?


Yes, by following the instructions which accompanied this message.

WTF is it with people unable to do that lately?


There is a 4xFE-NIC from D-Link (interface ste0 .. 3),
whose driver seems to be new at OpenBSD-4.6.



Maybe OOT, but I suggest your replace D-link 4xFE with something else.. It  
has some problem with PF. I've replace mine a long time ago.



Should I try updating to OpenBSD-4.7?


Regards,
Roger.



Regards,


Insan
--
insandotpraja(at)gmaildotcom

Re: mount_portal on 4.7+

[Joachim Schipper]

On Mon, May 24, 2010 at 03:07:27AM +0400, ba...@yandex.ru wrote:
> mount_portal work? if yes, then give some working(tested) example for fs, 
> please

To the best of my knowledge, it hasn't been seriously used/maintained in
ages. It may work, but use something else if at all possible.

Joachim

rdomain, mpe, ldpd, OpenBGPD and PF

[Insan Praja SW]

Hi Misc@,
Before I begin to test OpenBGPD mpls VPN support on current, is there any  
hints on route-leaking, and an example/hints to make a complete setup MPLS  
cloud and MPLS/VPN on a network.


In my later experiences using OpenBSD, I use pf with rtable to make a  
VPN-like network without isolation on the network. Now I need to know if  
there are ways to have a semi-isolated network when using rdomain or  
anything like it.


Thanks,



Insan Praja
--
insandotpraja(at)gmaildotcom

Re: 4.7 pf: quick and rdr-to/nat-to

[Rene Maroufi]

On Mon, May 24, 2010 at 01:24:26AM +0400, Vadim Jukov wrote:
> 
> Then maybe, you'll show us output of:
> 
> 1. cat /etc/pf.conf
> 2. pfctl -f /etc/pf.conf && pfctl -sr
> 3. pfctl -o none -f /etc/pf.conf && pfctl -sr

Today it works without the quick. I don't know why, but it works now.

Sorry for the noise.

Cheers
Rene
-- 
Reni Maroufi
i...@maroufi.net

a secure web server

[Jozsi Vadkan]

I want to use a secure web server on OpenBSD.

It would serve only static html filest, no cgi, no php, etc.

It just have to be secure, no need to be fast, just secure [only using
it with https].

What would be the best web server software?

nginx?
apache?
lighthttpd?

Thank you for any proposals.

Have a nice day!

Re: a secure web server

[Dave Wilson]

On 24/05/2010 11:44, Jozsi Vadkan wrote:
> I want to use a secure web server on OpenBSD.
> 
> It would serve only static html filest, no cgi, no php, etc.
> 
> It just have to be secure, no need to be fast, just secure [only using
> it with https].
> 
> What would be the best web server software?
> 
> nginx?
> apache?
> lighthttpd?
> 
> Thank you for any proposals.
> 
> Have a nice day!
> 

Handily, there happens to be just such a web server that comes as part
of the standard OpenBSD install. Secure, chrooted, supports SSL, sane
defaults out of the box. See man httpd(8), or take a look at
http://www.openbsd.org/cgi-bin/man.cgi?query=httpd

http://www.openbsd.org/faq/faq10.html#HTTPS will also help, and deals
specifically with setting up an SSL-enabled server.

As a side note, might I humbly recommend that in future a certain amount
of Googling, or even just browsing around the FAQ by hand, might bring
better results than just asking this list, which generally prefers to
focus on more complex issues, ie ones not already well-documented in the
man pages, the FAQ, and answered repeatedly in the archives of this list.

Cheers,

Si1entDave

-- 

Yes, I know, I've just defeated my own argument by giving him his
answers on a platter, and thus reinforcing said behaviour, but what the
hell, its a nice sunny day here in Coventry. I'm in a good mood :-)

Re: a secure web server

[Francesco Vollero]

Il 24/05/10 12.44, Jozsi Vadkan ha scritto:

I want to use a secure web server on OpenBSD.

   

It's a real generalistic idea.

It would serve only static html filest, no cgi, no php, etc.

It just have to be secure, no need to be fast, just secure [only using
it with https].

   

What you mean with "secure"?
Not vulnerable to any attacks?
Can resist to DDoS of thousands machines?
Noone found that you set "asd" or "asdasd" as root password?


What would be the best web server software?

nginx?
   
It's a reverse proxy and referring to proxy definition implement a light 
webserver. Have a small footprint and someone[1] say fast because 
implement nonblocking I/O.

apache?
   

maybe yes, but it's more than you need

lighthttpd?
   

better no.

Thank you for any proposals.

Have a nice day!

   

[1] https://calomel.org/nginx.html

Re: a secure web server

[Jordi Espasa Clofent]

http://www.openbsd.org/faq/faq1.html#Included

"Our improved and secured version of the Apache 1.3 web server. The 
OpenBSD team has added default chrooting, privilege revocation, and 
other security-related improvements. Also includes mod_ssl and DSO 
support. "


The httpd included by default in the system is exactly what your are 
looking for.

;)

--
I must not fear. Fear is the mind-killer. Fear is the little-death that 
brings total obliteration. I will face my fear. I will permit it to pass 
over me and through me. And when it has gone past I will turn the inner 
eye to see its path. Where the fear has gone there will be nothing. Only 
I will remain.


Bene Gesserit Litany Against Fear.

Re:

[patrick kristensen]

2010/5/24 J.C. Roberts :
> On Mon, 24 May 2010 00:00:07 +0200 patrick kristensen
>  wrote:
>> I have managed to get a working connection with the following script
>>
>>
>> /etc/ppp/ppp.conf
>>
>> default:
>>  set log Phase Chat LCP IPCP CCP tun command
>>  set device /dev/cuaU0
>>  set speed 460800
>>  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK
>> ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
>>
>> esp:
>>   set device /dev/cuaU0
>>   set speed 460800
>>   set timeout 0
>>   set dial "ABORT BUSY TIMEOUT 5 \
>>   \"\" \
>>   AT OK-AT-OK \
>>   AT+CPIN=\\\"7291\\\" OK-AT-OK \
>>   AT+CFUN=1 OK-AT-OK \
>>   AT+CGDCONT=1,\\\"IP\\\",\\\"movistar.es\\\" OK-AT-OK \
>>   \\dATDT*99***1# TIMEOUT 30 CONNECT"
>>
>>
>>   set ifaddr 0 81.47.192.13 255.255.255.255
>>   add default HISADDR
>>   enable dns
>>
>> # ./.
>>
>> Setting 'set ifaddr to 0.0.0.0/0 0.0.0.0/0 255.255.255.255' gave me an
>> ipadress to MYADDR but i did not get a route.
>> Setting 'set ifaddr 0.0.0.0/0 194.179.1.100 (which was DNS)
>> 255.255.255.255' made it possible to nslookup movistar.es.
>> After nslookup the APN and hardcoding the ip to HISADDR i got a
>> working connection.
>> The APN (Movistar (Telefonica) Spain) is correct
>> (http://www.vysoo.com/apn.php#415 and other sources). (I have not been
>> able to find other data networks for movistar as with your example
>> with Verizon)
>> This setup works so far (i can ping external addresses).
>> My understanding of ppp(8) is that it should have been enough to 'set
>> ifaddr 0 0 255.255.255.255 (0)' and 'add default HISADDR' (if the
>> CGDCONT is correct).
>> I appreciate any input on the script and log.
>
> It seems your routing is hosed. As the ppp(8) manual states, if you
> use "add" it will not overwrite your default route (typically stored
> in /etc/mygate). When you want to overwrite the default route, you need
> to use "add!" such as:
>
>add! default HISADDR
>
> Typically, you want to overwrite the default route, but note, you'll
> probably see some harmless warnings for routes that ppp cannot
> overwrite (such as IPv6 when it's not supported by your provider).
>
> As for setting up the interface addresses, you should define all four
> parts, rather than defining only three as you have done above.
>
>set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0
>   part#1 part#2 part#3  part#4
>
> In your script above, your part#1 of "0" is *DEMANDING* that your
> address be 0.0.0.0/32 and nothing else, or in other words, you are
> *DEMANDING* that you become the default route for the remote system.
> Needless to say the remote system will just laugh at you and refuse
> to change it's default route (i.e. address your end as 0.0.0.0).
>
> Setting the netmask (part#3) to 0.0.0.0 forces ppp to assign an
> appropriate netmask. Since it is a point-to-point link and some
> operating systems/kernels do not understand a POINTTOPOINT netmask,
> you'll typically end up with 255.255.255.255 or 255.255.255.0 for the
> netmask of your tun0 interface *even* if the remote gateway address is
> outside of the netmask.
>
> Using part#4 is important. This the address you *SUGGEST* that your
> side should be, but you *DEMAND* your side gets and address defined by
> part#1 (the /0 netmask on part#1 says any IP address).
>
> Additionally, part#4 is also the "trigger" address when using '-auto'
> mode to connect or reconnect.
>
> Lastly, there's no point in defining 'device' 'speed' and 'dial' in the
> "default:" section of your config file since you are redefining them in
> the "esp:" section.
>
> Once you have the above corrected, look at your CHAP settings. Though
> you were able to negotiate IP addresses (according to the log), it
> seems your provider wanted to use CHAP authentication. If you made the
> previous corrections and you still cannot connect, then you may need
> to use CHAP:
>
>set authname myusername
>set authkey mypassword
>set login
>
> Not all providers require PAP/CHAP authentication through 'authname'
> 'authkey' and 'login' because the real authentication is being done by
> device identifiers (MEID and/or IMEI).
>
>jcr
>
> --
> The OpenBSD Journal - http://www.undeadly.org
>

I used the 'add! default' and the 'TRIGGER ADDR' in several attempts
but removed them when they didnt seem to change anything, however i
understand that they should be there.

Setting 'set ifaddr 0.0.0.0/0 0.0.0.0-255.255.255.254 0.0.0.0 0.0.0.0'
works however i can still not set HISADDR to '0.0.0.0/0' to get an
ipaddres offer to HISADDR. I assume setting a range has the same
affect as setting HISADDR with changeable bits but i dont understand
why 0.0.0.0/0 or any variation doesnt give me an address.

These set ifaddr does not work
0.0.0.0/0 0.0.0.0/0 0.0.0.0 0.0.0.0
0.0.0.0/0 0.0.0.0/32 0.0.0.0 0.0.0.0
0.0.0.0 0.0.0.0 0.0.0.0.0 0.0.0.0
0.0.0.0/0 0.0

Re: rdomain, mpe, ldpd, OpenBGPD and PF

[Claudio Jeker]

On Mon, May 24, 2010 at 05:23:00PM +0700, Insan Praja SW wrote:
> Hi Misc@,
> Before I begin to test OpenBGPD mpls VPN support on current, is
> there any hints on route-leaking, and an example/hints to make a
> complete setup MPLS cloud and MPLS/VPN on a network.
> 
> In my later experiences using OpenBSD, I use pf with rtable to make
> a VPN-like network without isolation on the network. Now I need to
> know if there are ways to have a semi-isolated network when using
> rdomain or anything like it.

Passing traffic between VPNs is either done in pf(4) by setting the rtable
on a rule or by importing routes in BGP (import/export-target).
The first method is much more flexible but more static.

First of all you need the attached diff to play with the kernel MPLS part.
With that in you can start playing with the various parts.
1. You need to MPLS enable the interfaces that do MPLS
   In my test I use a vlan for this:
# more /etc/hostname.vlan2003 
vlan 2003 vlandev sis0
inet 10.83.128.26 255.255.255.248 NONE
mpls

2. Then it is best to have a loopback interface:
# more /etc/hostname.lo1
inet 10.83.66.23 255.255.255.255 NONE

3. LDP config:
router-id 10.83.66.23
distribution independent
retention liberal
advertisement unsolicited
interface lo1 {
}
interface vlan2003 {
}

4. I use ospfd as IGP, there is nothing special needed here.

5. create a rdomain 1:
# more /etc/hostname.vlan2017
rdomain 1
vlan 2017 vlandev sis0
inet 192.168.220.1 255.255.255.0

6. create a mpe(4) in rdomain 1:
# more /etc/hostname.mpe0
rdomain 1 mplslabel 543
inet 10.83.66.129 255.255.255.255

Note: it is necessary to have an IP on mpe(4) but it does not matter which
one you pick. I normaly use the loopback IP but maybe using the vlan2017
IP would be smarter.

7. BGP config:
AS 65003
router-id 10.83.66.23
listen on 10.83.66.23
rdomain 1 {
descr "CUSTOMER1"
rd 65003:1
import-target rt 65003:1
export-target rt 65003:1
depend on mpe0
network 192.168.220/24
}
group ibgp {
announce IPv4 unicast
announce IPv4 vpn
remote-as 65003
local-address 10.83.66.23
neighbor 10.83.66.2 {
descr c2
}
}

Start ospfd, bgpd, and ldpd and hope for the best (check that all sessions
come up). Setup something similar on a second system.
Use e.g. ping -V1 -I 192.168.220.1 192.168.221.1 to test the VPN.

It is possible to use gif/gre instead of LDP -- just use a gre interface
in point 1 and skip everyting that needs LDP.

-- 
:wq Claudio

Index: sbin/ifconfig/ifconfig.8
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
retrieving revision 1.200
diff -u -p -r1.200 ifconfig.8
--- sbin/ifconfig/ifconfig.87 May 2010 06:17:34 -   1.200
+++ sbin/ifconfig/ifconfig.824 May 2010 12:48:34 -
@@ -347,6 +347,11 @@ this directive is used to select between
 and 802.11g
 .Pq Dq 11g
 operating modes.
+.It Cm mpls
+Enable Multiprotocol Label Switching (MPLS) on the interface. It will be
+able to send and receive MPLS traffic.
+.It Fl mpls
+Disable MPLS on the interface.
 .It Cm mtu Ar value
 Set the MTU for this device to the given
 .Ar value .
Index: sbin/ifconfig/ifconfig.c
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.232
diff -u -p -r1.232 ifconfig.c
--- sbin/ifconfig/ifconfig.c6 May 2010 12:58:40 -   1.232
+++ sbin/ifconfig/ifconfig.c6 May 2010 20:34:51 -
@@ -191,6 +191,7 @@ voidunsetmediaopt(const char *, int);
 void   setmediainst(const char *, int);
 void   settimeslot(const char *, int);
 void   timeslot_status(void);
+void   setifmpls(const char *, int);
 void   setmpelabel(const char *, int);
 void   setvlantag(const char *, int);
 void   setvlanprio(const char *, int);
@@ -346,6 +347,8 @@ const structcmd {
{ "-rtlabel",   -1, 0,  setifrtlabel },
{ "range",  NEXTARG,0,  setatrange },
{ "phase",  NEXTARG,0,  setatphase },
+   { "mpls",   IFXF_MPLS,  0,  setifxflags },
+   { "-mpls",  -IFXF_MPLS, 0,  setifxflags },
{ "mplslabel",  NEXTARG,0,  setmpelabel },
{ "advbase",NEXTARG,0,  setcarp_advbase },
{ "advskew",NEXTARG,0,  setcarp_advskew },
@@ -3252,6 +3255,7 @@ mpe_status(void)
printf("\tmpls label: %d\n", shim.shim_label);
 }
 
+/* ARGSUSED */
 void
 setmpelabel(const char *val, int d)
 {
Index: 

Re: rdomain, mpe, ldpd, OpenBGPD and PF

[Insan Praja SW]

Hi Claudio,
Thanks, I'll report back to you after I'm done with my first test.

On Mon, 24 May 2010 20:11:46 +0700, Claudio Jeker  
 wrote:



On Mon, May 24, 2010 at 05:23:00PM +0700, Insan Praja SW wrote:

Hi Misc@,
Before I begin to test OpenBGPD mpls VPN support on current, is
there any hints on route-leaking, and an example/hints to make a
complete setup MPLS cloud and MPLS/VPN on a network.

In my later experiences using OpenBSD, I use pf with rtable to make
a VPN-like network without isolation on the network. Now I need to
know if there are ways to have a semi-isolated network when using
rdomain or anything like it.


Passing traffic between VPNs is either done in pf(4) by setting the  
rtable

on a rule or by importing routes in BGP (import/export-target).
The first method is much more flexible but more static.

First of all you need the attached diff to play with the kernel MPLS  
part.

With that in you can start playing with the various parts.
1. You need to MPLS enable the interfaces that do MPLS
   In my test I use a vlan for this:
# more /etc/hostname.vlan2003
vlan 2003 vlandev sis0
inet 10.83.128.26 255.255.255.248 NONE
mpls

2. Then it is best to have a loopback interface:
# more /etc/hostname.lo1
inet 10.83.66.23 255.255.255.255 NONE

3. LDP config:
router-id 10.83.66.23
distribution independent
retention liberal
advertisement unsolicited
interface lo1 {
}
interface vlan2003 {
}

4. I use ospfd as IGP, there is nothing special needed here.

5. create a rdomain 1:
# more /etc/hostname.vlan2017
rdomain 1
vlan 2017 vlandev sis0
inet 192.168.220.1 255.255.255.0

6. create a mpe(4) in rdomain 1:
# more /etc/hostname.mpe0
rdomain 1 mplslabel 543
inet 10.83.66.129 255.255.255.255

Note: it is necessary to have an IP on mpe(4) but it does not matter  
which

one you pick. I normaly use the loopback IP but maybe using the vlan2017
IP would be smarter.

7. BGP config:
AS 65003
router-id 10.83.66.23
listen on 10.83.66.23
rdomain 1 {
descr "CUSTOMER1"
rd 65003:1
import-target rt 65003:1
export-target rt 65003:1
depend on mpe0
network 192.168.220/24
}
group ibgp {
announce IPv4 unicast
announce IPv4 vpn
remote-as 65003
local-address 10.83.66.23
neighbor 10.83.66.2 {
descr c2
}
}

Start ospfd, bgpd, and ldpd and hope for the best (check that all  
sessions

come up). Setup something similar on a second system.
Use e.g. ping -V1 -I 192.168.220.1 192.168.221.1 to test the VPN.

It is possible to use gif/gre instead of LDP -- just use a gre interface
in point 1 and skip everyting that needs LDP.


Thanks,


--
insandotpraja(at)gmaildotcom

problems with CARP

[Stefano Sasso]

Hi all,
I have some problems with CARP (I can't get it working).

this is my current configuration:

# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding=1

# sysctl net.inet.carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=2

# cat /etc/hostname.carp1
inet 172.16.0.1 255.255.255.0 172.16.0.255 vhid 2 pass carppasswd carpdev em1

# cat /etc/hostname.em1
inet 172.16.0.3 255.255.255.0

(pf is disabled)

# ifconfig carp1
carp1: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:02
priority: 0
carp: MASTER carpdev em1 vhid 2 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0x8
inet 172.16.0.1 netmask 0xff00 broadcast 172.16.0.255

from the carp device I'm able to ping 172.16.0.1, but from a client I
can't (but I can ping 172.16.0.3).
But in the client I have an arp entry for 172.16.0.1 (correctly
referring to 00:0:5e:00:01:02)

when I tcpdump to em1 I can see carp advertisement:
16:47:21.223303 CARPv2-advertise 36: vhid=2 advbase=1 advskew=0
demote=0 (DF) [tos 0x10]
but when I tcpdump on carp1 I can't see anything.

any hint?

thanks,
stefano

Fırsat ürünlerinde yüzde 50 indirim ve kargo ücretsiz

[Halens]

Halens T|rkiye : Kvyalt} Mevki Cemal Ulusoy
Caddesi Asena Sok. No : 9 Kat : 3 34197
Yenibosna / ]stanbul T|rkiye
 CEO: Matthias Fink, Ticaret Sicil Numaras} 694704



HALENS DANI^MA HATTI
09:30 - 12:30 / 13:30 - 17:30
 i...@halens.com.tr








Telif hakk} 2009 Quelle T|rkiye tekstil ve
 Elektronik Online Shop Limited ^irketi'ne aittir.

Bu maili d|zg|n gvremiyorsan}z t}klay}n}z.
\yelikten g}kmak istiyorsan}z t}klay}n}z.
Tasar}m : Kollektif

Toshiba L505D-S5983 ACPI

[Michael Seney]

I have to disable ACPI in order to boot OpenBSD 4.7 on this laptop. I
don't really mind but can this harm the hardware?

Re: Toshiba L505D-S5983 ACPI

[Jan Stary]

On May 24 11:29:51, Michael Seney wrote:
> I have to disable ACPI in order to boot OpenBSD 4.7 on this laptop. I
> don't really mind but can this harm the hardware?

Of course; things burn. Nice laptop you got there ...
I can take it under my protection for $1000 a week.

Re: OpenBGP: 3 doubts regarding localpref, rib out and announcement

[Eduardo Meyer]

On Sun, May 23, 2010 at 3:10 PM, Henning Brauer  wrote:
>> match to $peer_2 prefix X.Y.Z.0/23 set localpref +50
>>
>> But it wont work as I need. Please remember X.Y.Z.0/23 is announced by me.
>
> localpref for outgoing? that is useless. localpref is, well, local,
> and not transmitted to the peer. and since you're setting it outbound
> (after all route decisions) it is a noop.

I believe I was not clear. I need to set a certain prefix of mine with
a higher localpref. It's not expected to be transmitted to the peer,
it's a local router policy decision to set localpref for a local /23.

Today I do this with pf route-to.

pass route-to peer2_ip from x.y.z.0/23 to any

> sounds like you're after sh ri out nei foo

Thats excactly what I wanted, thank you a lot Brauer.

>
>> Finally, my last doubt. I want to re-announce the bogon prefix I get
>> from cymru projet to by internal BGP servers. I do "announce all" but
>> the bogon list prefixes I get from cymru don't get announced. I
>> managed to " set community delete NO_EXPORT" since I believed the
>> NO_EXPORT community cymru sends me is the cause of non-reannouncement
>> on "announce all" desired behavior.
>> However its still dont get announced to my peers.
>
> i bet this is an invalid nexthop case. set nexthop-self might be
> required.

That's why I like talking to whom knows. You are absolutely right,
thank you again :) I could export it setting it to a reachable
nexthop.

But now I tried something else which did not work.

My scenario:

group "cymru" {
 ...
 set community $myasn:6
 ...
 peer $cymru1 {
   ...
   ...
 }
 peer $cymru2 {
   ...
 }
}

#match from any community $myasn:6 set community delete NO_EXPORT #
[1] works great
match to $transit_peer1 community $myasn:6 set community delete
NO_EXPORT # [2] wont work, never gets deleted

My intention: export selectively what I get from group cymru, by
selectively removing the NO_EXPORT community.

If I comment [1] and uncomment [2] the rule wont match. [1] always match fine...

In fact I tested a number o rules and nome with "match to .. set X"
worked, when I am dealing with a prefix I got from someone else (not
announced by be).

What am I missing?


-- 
===
Eduardo Meyer
pessoal: dudu.me...@gmail.com
profissional: ddm.farmac...@saude.gov.br

Re: Toshiba L505D-S5983 ACPI

[Paul Irofti]

On Mon, May 24, 2010 at 11:29:51AM -0400, Michael Seney wrote:
> I have to disable ACPI in order to boot OpenBSD 4.7 on this laptop. I
> don't really mind but can this harm the hardware?
> 

Why do you have to disable it? What's the panic/problem etc.

dmesg, acpidump...

Implementing ntop - Last Version

[Rovercy de Oliveira]

Hi all,



That's a pleasure got in the OpenBSD main list, that is my first time.
But I thing anyone has a question like that. The problem is: I am trying
to implement ntop in OpenBSD, but the version we have on repository
"pkg" is very old, and the interface of that version is a little bit
over. As we are a security company that offer OpenBSD as a service the
actual ntop is totally out of the customers expect.



I have already tried to compile the source code to OpenBSD, but it
doesn't works at all. So what is the hint in my case?



Thanks a lot in advanced!



Att,
--
Rovercy








Este comunicado, incluindo seus anexos, e de uso exclusivo do destinatario e
pode conter informacoes confidenciais e/ou privilegiadas. Se voce nao e o
destinatario  designado, qualquer uso, copia, divulgacao, veiculacao ou
distribuicao e estritamente proibida. Por favor notifique o remetente
imediatamente, respondendo este  email, apague esta mensagem e destrua todas
as copias.

This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If you are
not the intended recipient, please notify the sender immediately by return
e-mail, delete this communication and destroy all copies.

Recommended 802.11g adapter

[Piotr Komborski]

Hello,

I'm going to set OpenBSD based AP on ALIX board.  I've red ral(4) and ath(4)
manpages but mentioned mPCI card models are really hard to find on the
market. I found only Ralink RT2800 based Sparklan WMIR-200N which is too
expensive for me (60$).
Can anybody recommend me 802.11g miniPCI card that is able to work in host
AP mode?

regards

Piotr

Introducing Acrobat Dynamic PDF 2010

[Niki Buitenrust Hettema]

Experience a better way to connect people, ideas and 
information. 

Acrobat Dynamic PDF 2010 enables you to connect, interact, and engage in 
powerful new ways. Streamline how you work, collaborate more easily, and create 
high impact communications. Designed to meet the needs of today's business, 
Acrobat Dynamic PDF helps you get more done - easier, faster, better. 

Key features: 

+ Reliably create and distribute PDF documents and forms.
+ Protect documents and accelerate information exchange with PDF.
+ Deliver the richest, most engaging PDF communications anytime, 
anywhere. 

To learn more about new features and how to install this 
best-of-breed application, you can: 

+ Go to
http://signupway.ru/track/redirect.asp?siteid=4879&aff=11994 
Acobat Dynamic PDF 2010
+ Get your options, download, install and boost your works productivity.
 
As a complementary, you are offered a chance to get a full 
version of Office suite for your office work convenience. 
http://signupway.ru/track/redirect.asp?siteid=4879&aff=11994 

DOWNLOAD ACROBAT DYNAMIC PDF 2010 TODAY  

Thanks and best regards, 

Acrobat Dynamic PDF 

This email was sent by:
Steelcase Store
901 44th Street SE
Grand Rapids, MI, 49508-7505, US
Update Your Profile: 
http://cl.exct.net/profile_center.aspx?s=fe2b157070670c7b761175&mid=fec1157470630074&j=fe581575716c06797d13&l=fe8c16797760077572&jb=ffcf14&ju=Update
 Your Profile: 
http://cl.exct.net/profile_center.aspx?s=fe2b157070670c7b761175&mid=fec1157470630074&j=fe581575716c06797d13&l=fe8c16797760077572&jb=ffcf14&ju=

parution de Amarré à un corps-mort de Jean-Pierre Barbier Jardet

[info]

Madame, Monsieur,
Nous sommes heureux de vous informer de la parution de AmarrC) C  un
corps-mort de Jean-Pierre Barbier Jardet. Toutes les informations que vous
souhaiteriez recevoir concernant son acquisition sont consignC)es dans le
document que vous pourrez dC)rouler ci-aprC(s et au bas duquel nous vous
offrons la suite de cette missive.




Jean-Pierre Barbier-Jardet, psychanalyste, romancier, poC(te, est lbauteur
dbune Euvre forte, au style ciselC). Ses romans sont authentiquement un
thC)C"tre des passions de la chair et de la difficultC) dbC*tre. Sulfureux
parfois, ils associent et une analyse des sentiments dbune grande finesse et
une geste C)rotique tendue ; vaine ou non, la recherche de lbamour, dans sa
variante homosexuelle,  donne lieu C  une narration originale et intelligente.
Nous vous en conseillons vivement la lecture et plus particuliC(rement AmarrC)
C  un corps-mort.Collection LittC)rature.
CorrC)lats dans le genre chez Orizons (voir notre site et son catalogue) :
FranC'ois G. BUSSAC, Les GarC'ons sensibles
Patrick CARDON : Le Grand Ecart ou tous les garC'ons sbappellent Ali
GC)rard GLATT : LbImpasse HC)loC/se

Avec nos remerciements pour votre attention.
Daniel Cohen, directeur dbOrizons

editionsorizons.com

Paris, ce mois de mai 2010

Re:

[J.C. Roberts]

I realize you must be frustrated while learning something new, but I am
frustrated by you not paying attention. Now let's look at what I wrote
one more time:

>>  set ifaddr  10.0.0.1/0  10.0.0.2/0  0.0.0.0  0.0.0.0
>>  part#1  part#2  part#3   part#4

The first chunk of part#1, namely '10.0.0.1', says I want my IP address
to be 10.0.0.1 but the second chunk of part#1, namely the '/0', is a
netmask which says I will accept any IP address the remote system wants
me to use on my side.

The first chunk of part#2, namely '10.0.0.2', says I want the remote
side to use IP address 10.0.0.2 but the second chunk of part#2, namely
the '/0', says I will accept any IP address the remote system wants to
use on their side.

The IP addresses (and netmasks) stated in part#1 and part#2 are
important. They should never be the same, and they should never be set
to default route address ('0.0.0.0'). This is why two separate private
IP addresses are used in the above (10.0.0.1 and 10.0.0.2), and also why
the netmask '/0' in CIDR notation allows for the remote side to pick any
address it wants to use for *both* your IP address and its IP address.

If you forget the CIDR notation netmask on part#1 or part#2, you are
DEMANDING that the specified address be used, and if the other side
disagrees, your side will disconnect.

The part#3 is the netmask assigned on my side to the resulting
connection after we negotiate addresses. Links between two systems made
with Point to Point Protocol (ppp) are "weird" in comparison to typical
network links, and some operating systems do not have a specific
PointToPoint netmask in the network stack, so the netmask must be
faked. Using '0.0.0.0' as the part#3 netmask tells the ppp program to
use what is available and the result is ppp will typically set the
netmask to '255.255.255.255' automatically.

The part#4 is the trigger address which controls when ppp will try to 
establish a connection. Since we set part#4 to the equivalent of "any
address" namely '0.0.0.0' any attempt to contact another system will
result in ppp automatically establishing the connection. The thing to
realize is 0.0.0.0 is roughly equivalent to a default route.

The stuff you are doing is just plain wrong:

>  set ifaddr 0.0.0.0/0  0.0.0.0-255.255.255.254  0.0.0.0  0.0.0.0
>>part#1  part#2  part#3   part#4

Prior to negotiating address, you are saying your IP address will
initially be 0.0.0.0 and the remote IP address will also initially be
0.0.0.0  The problem is, when two systems have the same IP address you
have a conflict. Additionally, since 0.0.0.0 equates to the default
route, this is very bad. Needless to say, the ppp(8) software is
compensating for your mistakes and doing the best it can with your
broken config.

In the second chunk of your part#1, namely '/0', this netmask says that
you will accept any IP address the other side wants you to use. This is
good.

In the second chunk of part#3, namely '-255.255.255.254' is using the
wrong syntax. The ppp(8) program might interpret this as a range of
addresses, or might interpret it as a pair of addresses, or it might
interpret it as a netmask. You should use simple CIDR notation as
described in the ppp man page. 

If ppp(8) is interpreting this bad second chunk of part#3 as a netmask,
the you are *DEMANDING* that the remote system use 0.0.0.0 or 0.0.0.1 as
its IP address, and if the remote side refuses to use one of those two
addresses, then you will disconnect.


jcr

Re:

[patrick kristensen]

I didn't get the importance of having different addresses in part#1
and #2 and assumed from 'ifconfig tun0' [ ... ] inet 95.124.11.167 -->
10.0.0.2 netmask 0xfff [ ... ] that HISADDR did not change to a
valid one. I should have understood you were telling me the correct
syntax literally. I see that this configuration works and i understand
the syntax.
Sorry this took longer time than it should and thanks for following through.
I have found a great resource in 'Absolute OpenBSD: UNIX for the
Practical Paranoid' (ISBN 1886411999) and of course this was a great
first impression from this mailing list. I will try not to abuse it.
All the best to you

2010/5/24, J.C. Roberts :
>
> I realize you must be frustrated while learning something new, but I am
> frustrated by you not paying attention. Now let's look at what I wrote
> one more time:
>
>>>  set ifaddr  10.0.0.1/0  10.0.0.2/0  0.0.0.0  0.0.0.0
>>>  part#1  part#2  part#3   part#4
>
> The first chunk of part#1, namely '10.0.0.1', says I want my IP address
> to be 10.0.0.1 but the second chunk of part#1, namely the '/0', is a
> netmask which says I will accept any IP address the remote system wants
> me to use on my side.
>
> The first chunk of part#2, namely '10.0.0.2', says I want the remote
> side to use IP address 10.0.0.2 but the second chunk of part#2, namely
> the '/0', says I will accept any IP address the remote system wants to
> use on their side.
>
> The IP addresses (and netmasks) stated in part#1 and part#2 are
> important. They should never be the same, and they should never be set
> to default route address ('0.0.0.0'). This is why two separate private
> IP addresses are used in the above (10.0.0.1 and 10.0.0.2), and also why
> the netmask '/0' in CIDR notation allows for the remote side to pick any
> address it wants to use for *both* your IP address and its IP address.
>
> If you forget the CIDR notation netmask on part#1 or part#2, you are
> DEMANDING that the specified address be used, and if the other side
> disagrees, your side will disconnect.
>
> The part#3 is the netmask assigned on my side to the resulting
> connection after we negotiate addresses. Links between two systems made
> with Point to Point Protocol (ppp) are "weird" in comparison to typical
> network links, and some operating systems do not have a specific
> PointToPoint netmask in the network stack, so the netmask must be
> faked. Using '0.0.0.0' as the part#3 netmask tells the ppp program to
> use what is available and the result is ppp will typically set the
> netmask to '255.255.255.255' automatically.
>
> The part#4 is the trigger address which controls when ppp will try to
> establish a connection. Since we set part#4 to the equivalent of "any
> address" namely '0.0.0.0' any attempt to contact another system will
> result in ppp automatically establishing the connection. The thing to
> realize is 0.0.0.0 is roughly equivalent to a default route.
>
> The stuff you are doing is just plain wrong:
>
>>  set ifaddr 0.0.0.0/0  0.0.0.0-255.255.255.254  0.0.0.0  0.0.0.0
>>>part#1  part#2  part#3   part#4
>
> Prior to negotiating address, you are saying your IP address will
> initially be 0.0.0.0 and the remote IP address will also initially be
> 0.0.0.0  The problem is, when two systems have the same IP address you
> have a conflict. Additionally, since 0.0.0.0 equates to the default
> route, this is very bad. Needless to say, the ppp(8) software is
> compensating for your mistakes and doing the best it can with your
> broken config.
>
> In the second chunk of your part#1, namely '/0', this netmask says that
> you will accept any IP address the other side wants you to use. This is
> good.
>
> In the second chunk of part#3, namely '-255.255.255.254' is using the
> wrong syntax. The ppp(8) program might interpret this as a range of
> addresses, or might interpret it as a pair of addresses, or it might
> interpret it as a netmask. You should use simple CIDR notation as
> described in the ppp man page.
>
> If ppp(8) is interpreting this bad second chunk of part#3 as a netmask,
> the you are *DEMANDING* that the remote system use 0.0.0.0 or 0.0.0.1 as
> its IP address, and if the remote side refuses to use one of those two
> addresses, then you will disconnect.
>
>
>   jcr

Re: Recommended 802.11g adapter

[Alexander Kršek]

Hello,

I have Alix 2D3 (and another 2D13) with Tonze PC-620C miniPCI. It mostly
works ok, but I am still hunting some problem - one or two times for a
month it falls to ddb> prompt. I build OpenBSD completelly from cvs just
about every month - it seems it is time for new build of -current.

Best regards,
Alexander

# ifconfig ral0
ral0: flags=8943 mtu
1500
lladdr 00:17:b7:30:41:ab
priority: 4
groups: wlan
media: IEEE802.11 autoselect mode 11g hostap
status: active
ieee80211: nwid  chan 7 bssid 00:17:b7:30:41:ab wpapsk
0x wpaprotos wpa1,wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher
ccmp 100dBm
inet 192.168.254.1 netmask 0xff00 broadcast 192.168.254.255
inet  netmask 0xfff8 broadcast 

# dmesg
OpenBSD 4.7-current (FLASHRD) #19: Wed Apr 14 23:29:29 CEST 2010
r...@kraken.gremlin.cz:/usr/src/sys/arch/i386/compile/FLASHRD
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD"
586-class) 499 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 268009472 (255MB)
avail mem = 247640064 (236MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/10/07, BIOS32 rev. 0 @ 0xfceb2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x33
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10,
address 00:0d:b9:17:23:d4
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 10 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11,
address 00:0d:b9:17:23:d5
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr2 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12,
address 00:0d:b9:17:23:d6
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
ral0 at pci0 dev 12 function 0 "Ralink RT2561S" rev 0x00: irq 9, address
00:17:b7:30:41:ab
ral0: MAC/BBP RT2561C, RF RT2527
glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 3,
32-bit 3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 1-sector PIO, LBA, 3599MB, 7372512 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 15,
version 1.0, legacy support
ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1
biomask e1ef netmask ffef ttymask 
mtrr: K6-family MTRR support (2 registers)
nvram: invalid checksum
rd0: fixed, 6080 blocks
umass0 at uhub0 port 1 configuration 1 interface 0 "Kingston
DataTraveler 2.0" rev 2.00/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI2
0/direct removable
sd0: 7643MB, 512 bytes/sec, 15654848 sec total
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
root on rd0a swap on rd0b dump on rd0b
clock: unknown CMOS layout


On Mon, 2010-05-24 at 22:10 +0200, Piotr Komborski wrote:
> Hello,
> 
> I'm going to set OpenBSD based AP on ALIX board.  I've red ral(4) and ath(4)
> manpages but mentioned mPCI card models are really hard to find on the
> market. I found only Ralink RT2800 based Sparklan WMIR-200N which is too
> expensive for me (60$).
> Can anybody recommend me 802.11g miniPCI card that is able to work in host
> AP mode?
> 
> regards
> 
> Piotr

Re: Recommended 802.11g adapter

[Nenhum_de_Nos]

On Mon, May 24, 2010 17:10, Piotr Komborski wrote:
> Hello,
>
> I'm going to set OpenBSD based AP on ALIX board.  I've red ral(4) and
> ath(4)
> manpages but mentioned mPCI card models are really hard to find on the
> market. I found only Ralink RT2800 based Sparklan WMIR-200N which is too
> expensive for me (60$).
> Can anybody recommend me 802.11g miniPCI card that is able to work in host
> AP mode?

never tested on OpenBSD, but I have a ral usb nic that runs ok on freebsd
(pfsense), if you have usb on this alix.

http://www.tp-link.com/products/productDetails.asp?class=wlan&pmodel=TL-WN321G

matheus

-- 
We will call you cygnus,
The God of balance you shall be

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

http://en.wikipedia.org/wiki/Posting_style

Re: Traffic redirect no longer working

[Lars Hecking]

lheck...@users.sourceforge.net writes:
>  I've used the same pf.conf for years with only minimal changes, but 4.7
>  broke it, and I can't seem to fix it.
> 
>  The OBSD machine is a firwall between a cable modem and a private IP LAN.
>  Previously, I used these rules to allow ssh access from specific Internet
>  hosts to a machine in the LAN:
> 
> rdr on $ext_if proto tcp from $work_hosts to any port ssh -> $ssh_host
> pass in quick on $ext_if proto tcp \
>  from $work_hosts to $ssh_host port ssh flags S/SA modulate state
> 
>  In 4.7, I changed this to
> 
> match in on $ext_if proto tcp from $work_hosts to any port ssh rdr-to 
> $ssh_host
> pass in quick on $ext_if proto tcp \
>  from $work_hosts to $ssh_host port ssh flags S/SA modulate state
> 
>  What happens now when I try to connect to $ssh_host from the Internet is 
> quite
>  weird:
>  - no blocked packets are logged
>  - on the firewall's LAN-side interface, a tcpdump shows the ssh connection
>being forwarded to $ssh_host
>  - on $ssh_host, tcpdump shows the incoming ssh connection
>  - sshd on $ssh_host does not "pick up"
> 
>  I can ssh from the firewall to $ssh_host just fine; I haven't tested ssh
>  from Internet to firewall (with suitable pass rule). What am I missing?
>  I guess that some packet information isn't being rewritten correctly or
>  completely.

 I still haven't gotten any further.

 Thanks to Scott, Neal, and Peter's BSDCan slides, I have rewritten chunks
 of pf.conf so that it's fully up to date wrt 4.7. The subject of my post
 is actually incorrect because the redirect is working, which I can verify
 with tcpdumps of the gateway external and internal interface, pflog, and
 tcpdump on the target host's interface.

 Looking at the tcpdumps in wireshark, I only see one-way traffic on the
 ssh port, i.e. only SYN, but no ACK. It doesn't matter whether the target
 is e.g a Linux or FreeBSD host. Any idea why this would be happening?
 
 I can ssh from the outside to the gw (with suitable pass rules), and from
 the gw to the internal host. All these observations taken together make
 it look like pf is mucking up the packets in transit.

 I'm stumped. All other aspects of the pf config appear to work fine.



---
This message and any attachments may contain Cypress (or its
subsidiaries) confidential information. If it has been received
in error, please advise the sender and immediately delete this
message.
---

Creating a mpe interface

[Robert "Bruce" Carleton]

I'm having trouble creating a mpe interface on OpenBSD 4.7.  What I've done so
far is recompile the kernel with option MPLS.  I've also enabled forwarding
and mpls in the /etc/sysctl.conf.  I've also been able to configure and start
ldpd and use "ldpctl show" to display the status of ldpd.  I used "config -e
/bsd" to enable the mpe driver.  I'm experimenting under Sun VirtualBox if
that makes a difference.

Going from mpe(4), I'm trying to run the command "ifconfig mpe0 create".  It
throws the error "SIOCIFCREATE: Invalid argument".  The mpe(4) man page
doesn't suggest any additional command line arguments.

Does anyone have any suggestions?

Thanks in advance,

--Bruce

Re: Creating a mpe interface

[Bret S. Lambert]

On Mon, May 24, 2010 at 05:34:18PM -0700, Robert Bruce Carleton wrote:
> I'm having trouble creating a mpe interface on OpenBSD 4.7.  What I've done so
> far is recompile the kernel with option MPLS.  I've also enabled forwarding
> and mpls in the /etc/sysctl.conf.  I've also been able to configure and start
> ldpd and use "ldpctl show" to display the status of ldpd.  I used "config -e
> /bsd" to enable the mpe driver.  I'm experimenting under Sun VirtualBox if
> that makes a difference.
> 
> Going from mpe(4), I'm trying to run the command "ifconfig mpe0 create".  It
> throws the error "SIOCIFCREATE: Invalid argument".  The mpe(4) man page
> doesn't suggest any additional command line arguments.
> 
> Does anyone have any suggestions?
> 

$ grep -n mpe GENERIC 
105:#pseudo-device  mpe # MPLS PE interface
^

Uncomment that in sys/conf/GENERIC and recompile your kernel,
if you haven't already done so.

> Thanks in advance,
> 
>   --Bruce

Re:

[J.C. Roberts]

On Tue, 25 May 2010 00:54:53 +0200 patrick kristensen
 wrote:
> 2010/5/24, J.C. Roberts :
> >
> > I realize you must be frustrated while learning something new, but
> > I am frustrated by you not paying attention. Now let's look at what
> > I wrote one more time:
> >
> >>>  set ifaddr  10.0.0.1/0  10.0.0.2/0  0.0.0.0  0.0.0.0
> >>>  part#1  part#2  part#3   part#4
> >
> > The first chunk of part#1, namely '10.0.0.1', says I want my IP
> > address to be 10.0.0.1 but the second chunk of part#1, namely the
> > '/0', is a netmask which says I will accept any IP address the
> > remote system wants me to use on my side.
> >
> > The first chunk of part#2, namely '10.0.0.2', says I want the remote
> > side to use IP address 10.0.0.2 but the second chunk of part#2,
> > namely the '/0', says I will accept any IP address the remote
> > system wants to use on their side.
> >
> > The IP addresses (and netmasks) stated in part#1 and part#2 are
> > important. They should never be the same, and they should never be
> > set to default route address ('0.0.0.0'). This is why two separate
> > private IP addresses are used in the above (10.0.0.1 and 10.0.0.2),
> > and also why the netmask '/0' in CIDR notation allows for the
> > remote side to pick any address it wants to use for *both* your IP
> > address and its IP address.
> >
> > If you forget the CIDR notation netmask on part#1 or part#2, you are
> > DEMANDING that the specified address be used, and if the other side
> > disagrees, your side will disconnect.
> >
> > The part#3 is the netmask assigned on my side to the resulting
> > connection after we negotiate addresses. Links between two systems
> > made with Point to Point Protocol (ppp) are "weird" in comparison
> > to typical network links, and some operating systems do not have a
> > specific PointToPoint netmask in the network stack, so the netmask
> > must be faked. Using '0.0.0.0' as the part#3 netmask tells the ppp
> > program to use what is available and the result is ppp will
> > typically set the netmask to '255.255.255.255' automatically.
> >
> > The part#4 is the trigger address which controls when ppp will try
> > to establish a connection. Since we set part#4 to the equivalent of
> > "any address" namely '0.0.0.0' any attempt to contact another
> > system will result in ppp automatically establishing the
> > connection. The thing to realize is 0.0.0.0 is roughly equivalent
> > to a default route.
> >
> > The stuff you are doing is just plain wrong:
> >
> >>  set ifaddr 0.0.0.0/0  0.0.0.0-255.255.255.254  0.0.0.0  0.0.0.0
> >>>part#1  part#2  part#3   part#4
> >
> > Prior to negotiating address, you are saying your IP address will
> > initially be 0.0.0.0 and the remote IP address will also initially
> > be 0.0.0.0  The problem is, when two systems have the same IP
> > address you have a conflict. Additionally, since 0.0.0.0 equates to
> > the default route, this is very bad. Needless to say, the ppp(8)
> > software is compensating for your mistakes and doing the best it
> > can with your broken config.
> >
> > In the second chunk of your part#1, namely '/0', this netmask says
> > that you will accept any IP address the other side wants you to
> > use. This is good.
> >
> > In the second chunk of part#2, namely '-255.255.255.254' is using
> > the wrong syntax. The ppp(8) program might interpret this as a
> > range of addresses, or might interpret it as a pair of addresses,
> > or it might interpret it as a netmask. You should use simple CIDR
> > notation as described in the ppp man page.
> >
> > If ppp(8) is interpreting this bad second chunk of part#2 as a
> > netmask, the you are *DEMANDING* that the remote system use 0.0.0.0
> > or 0.0.0.1 as its IP address, and if the remote side refuses to use
> > one of those two addresses, then you will disconnect.
> >
> >
> > jcr
> >
>
> I didn't get the importance of having different addresses in part#1
> and #2 and assumed from 'ifconfig tun0' [ ... ] inet 95.124.11.167 -->
> 10.0.0.2 netmask 0xfff [ ... ] that HISADDR did not change to a
> valid one. I should have understood you were telling me the correct
> syntax literally. I see that this configuration works and i understand
> the syntax.
>
> Sorry this took longer time than it should and thanks for following
> through. I have found a great resource in 'Absolute OpenBSD: UNIX for
> the Practical Paranoid' (ISBN 1886411999) and of course this was a
> great first impression from this mailing list. I will try not to
> abuse it. All the best to you
> 

Heck, in my last two paragraphs I put part#3 instead of part#2
(corrected above) but you still understood it. ;)

The Absolute OpenBSD is good but parts of it are now outdated, but this
is to be expected.

As for ppp(8), the ppp.conf file gives you full control of a a fairly
complex Finite State Machine (FSM), so the man page is long and takes
some effort to understand. Once you know the basics, pp

slow network performance with realtek 8111D

[Gabriel Read]

Using iperf, I get around 300 mbits/s. between my openbsd machine and
my windows xp machine and also to my imac with os x.  I tried the
kernel tweaks mentioned here:
https://calomel.org/network_performance.html, but they did not help a
whole lot (before tweaks I was getting around 220 mbits/s).

In comparison, the same machine running ubuntu 10.4 server edition
gets around 880 mbits/s according to iperf.  Are there any other
things I can try?  Is this possibly a limitation of the openbsd
driver?

One last thing to note: for the heck of it, I tried an intel pro 1000
pci card and the results were about the same, around 200-300 mbits/s.
I don't have the card in it at the moment so I don't have a dmesg with
it.  This makes me think that it might not be specific to the driver.
In the bios, I have the option of disabling hyper-threading for the
atom processor (it is enabled by default and was setup with bsd.mp).
I turned off hyper-threading and booted up the generic
single-processor kernel and the results didn't change.

Any help would be apreciated.
Thanks, Gabe Read

Here is my dmesg output:

OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz ("GenuineIntel" 686-class) 1.60 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,xTPR
real mem  = 1061453824 (1012MB)
avail mem = 1019740160 (972MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/06/09, SMBIOS rev. 2.6 @
0xe91f0 (42 entries)
bios0: vendor Intel Corp. version "JT94510H.86A.0025.2009.0306.1639"
date 03/06/2009
bios0: Intel Corporation D945GSEJT
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC MCFG SSDT SSDT SSDT SSDT
acpi0: wakeup devices P0P2(S4) PEGP(S4) USB0(S3) USB1(S3) USB2(S3)
USB3(S3) EHCI(S3) MC97(S4) P0P1(S4) PS2K(S3) PS2M(S3) UAR1(S3)
UAR2(S3) P0P4(S4) P0P5(S4) P0P6(S4) PWRB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P2)
acpiprt2 at acpi0: bus 5 (P0P1)
acpiprt3 at acpi0: bus 1 (P0P4)
acpiprt4 at acpi0: bus 2 (P0P5)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: PWRB
acpivideo0 at acpi0: IGD_
acpivout0 at acpivideo0: DD01
acpivout1 at acpivideo0: DD02
acpivout2 at acpivideo0: DD03
acpivout3 at acpivideo0: DD04
bios0: ROM list: 0xc/0xec00! 0xcf000/0x1000
cpu0: Enhanced SpeedStep 1597 MHz: speeds: 1600, 1333, 1067, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GME Host" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82945GME Video" rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 2 int 16 (irq 11)
drm0 at inteldrm0
"Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02:
apic 2 int 16 (irq 11)
azalia0: codecs: Realtek ALC662
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x03: RTL8168D/8111D
(0x2800), apic 2 int 16 (irq 11), address 00:1c:c0:df:45:73
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02
pci4 at ppb3 bus 4
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2
int 23 (irq 10)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 2
int 19 (irq 11)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 2
int 18 (irq 7)
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 2
int 16 (irq 11)
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 2
int 23 (irq 10)
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci5 at ppb4 bus 5
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 31 function 2 "Intel 82801GBM SATA" rev 0x02: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 2 int 19 (irq 11) for native-PCI interrupt
wd0 at pcii

Re: Recommended 802.11g adapter

[Piotr Komborski]

Hi,

What kind of Ralink chipset does it have?Alix has a usb port but I prefer
miniPCI.

Thank you

2010/5/25 Nenhum_de_Nos 

> On Mon, May 24, 2010 17:10, Piotr Komborski wrote:
> > Hello,
> >
> > I'm going to set OpenBSD based AP on ALIX board.  I've red ral(4) and
> > ath(4)
> > manpages but mentioned mPCI card models are really hard to find on the
> > market. I found only Ralink RT2800 based Sparklan WMIR-200N which is too
> > expensive for me (60$).
> > Can anybody recommend me 802.11g miniPCI card that is able to work in
> host
> > AP mode?
>
> never tested on OpenBSD, but I have a ral usb nic that runs ok on freebsd
> (pfsense), if you have usb on this alix.
>
>
> http://www.tp-link.com/products/productDetails.asp?class=wlan&pmodel=TL-WN321G
>
> matheus
>
> --
> We will call you cygnus,
> The God of balance you shall be
>
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
> http://en.wikipedia.org/wiki/Posting_style
>
>


-- 
Pozdrawiam
--
Piotr Komborski