Cd boot issue, boot.conf
Hello! Do you know why bootloader ignores option "set device cd0a" on etc/boot.conf while booting from cd? It's always asking me about root device. I'm trying to build livecd from snapshot and I'usinf GENERIC kernel, all works fine, except what I must specify boot device each time. Thanks in advance. My /etc/boot.conf on cd: set image /bsd set device cd0a set timeout 5 Opions to build iso: -no-iso-translate -R -T -allow-leading-dots -l -d -D -N -b cdbr -boot-load-size 4 -c boot.catalog -no-emul-boot -o /tmp/livecd.iso ./
Cd boot issue, boot.conf
Hello! Do you know why bootloader ignores option "set device cd0a" on etc/boot.conf while booting from cd? It's always asking me about root device. I'm trying to build livecd from snapshot and I'usinf GENERIC kernel, all works fine, except what I must specify boot device each time. Thanks in advance. My /etc/boot.conf on cd: set image /bsd set device cd0a set timeout 5 Opions to build iso: -no-iso-translate -R -T -allow-leading-dots -l -d -D -N -b cdbr -boot-load-size 4 -c boot.catalog -no-emul-boot -o /tmp/livecd.iso ./
Re: Olivebsd liveCD and using swap partitions
01.04.08, 17:06, "Mark Gary" <[EMAIL PROTECTED]>: > I hope this question is relevant here in this group. > I've just downloaded the Olivebsd CD, to try it out on my Laptop. > I've got a 500Mb free partition doing nothing. Can that be > utilised as a swap partition to be used when the CD is running, > or is it possible to create a swap file on a FAT32 partition(or even > better, is it possible to use a windows pagefile which is not > located on an NTFS partition? http://www.openbsd.org/faq/faq14.html#SwapFile > Note that my laptop is currently exclusivly used by Windows XP. > Thanks > Mark
Do I need to switch to MP system?
Hello! We have OpenBSD acting as router+IPsec vpn concentrator. Our company expanding, so I noticed what "interrupt" in top sometimes jumps to 30-40%, and always about ~25% in average. Server is DL360 server with bge0 and bge1. So I want to upgrade to newer multicore system. Can it help? Is it possible to assigne one NIC to one core, and other to another?
OSPFd and ipsec routes
Hello! Can ospfd redistribute routes in Encap table `netstat -nr -f encap` ? Are they considering static? There is no such info in ospfd.conf...
Re: Do I need to switch to MP system?
Probably sound strange, but when I have switched to MP kernel server load droped to ~1% of interrupts. So looks like MP kernel has worse userspace performance, but better interrupt handling. 02.04.08, 00:29, "Stuart Henderson" <[EMAIL PROTECTED]>: > On 2008-04-01, B A <[EMAIL PROTECTED]> wrote: > > We have OpenBSD acting as router+IPsec vpn concentrator. > > Our company expanding, so I noticed what "interrupt" in top sometimes > > jumps to 30-40%, and always about ~25% in average. > > Server is DL360 server with bge0 and bge1. > > So I want to upgrade to newer multicore system. > > Can it help? Is it possible to assigne one NIC to one core, > > and other to another? > It isn't possible. Look for the fastest CPUs, not the highest > number of cores, and run a uniprocessor kernel. > I'm not sure if they're valid, but I've read suggestions that > amd64 CPUs may be better for this type of workload due to > the larger L1 (not L2) cache. > If you feel like testing, compare i386 and amd64 kernels and > post the results, there are people who would be interested to > know... > If you currently run a pre-4.2 OS, upgrade it, you should see > improved performance just by doing this.
Re: What's the status of kernel patch supporting Intel I/OAT tech?
You can check sources http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_em.c?rev=1.181&content-type=text/x-cvsweb-markup and looks like there is no OAT there. 10.04.08, 16:59, "hu st" <[EMAIL PROTECTED]>: > Hi, > Intel I/OAT is a good tech for network performance, > see http://www.intel.com/go/ioat. > Linux e1000 driver has a patch for FreeBSD, see > http://sourceforge.net/project/platformdownload.php?group_id=42302 > What's the status of OpenBSD patch? > Regards > Frank > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com
hdparm -E to change cdrom speed?
Hello! Which tool should I use to change cdrom speed? Looking for hdparm -E equivalent, looks like atactl can't, or I missing something?
Kernel trap with custom ramdisk
Hello! I'm trying to build custom kernel+ramdisk for my router. But I'm getting: panic: pmap_enter: missing kernel PTP! Stopped at 0x0d47ba08: leave Any ideas what I did wrong? I build 5 meg ramdisk, I can't even boot larger ramdisk's, system just immediately rebooting. Thank you.
Re: Kernel trap with custom ramdisk
> You tried building a custom ramdisk and then came to misc asking > for help despite the archives are full of detailed instructions telling > you NOT TO DO THAT. This is the funniest reason I ever hear. So if something dosn't work, do not do that. Nice :-) BTW with 5 megs ramdisk all works fine. > Regards > Johan M:son
Re: Kernel trap with custom ramdisk
Surely I have read FAQ, especially '5 - Building the System from Source' but there is no section about building custom ramdisk. Probably one should be included, so you see less *dumb* questions about it. Obviously people need to build them for many reasons, like completely in RAM internet kiosk and so on. 29.04.08, 19:13, "Dave Anderson" <[EMAIL PROTECTED]>: > OpenBSD comes with excellent documentation, and the developers (and just > about everyone else here) expect you to read the relevant parts before > posting here. If you've read the FAQ, you have no excuse for not > knowing that (unlike, e.g., Linux) OpenBSD is an integrated system with > its options and configuration chosen by the developers to work well > together in essentially all cases, so tinkering is not supported -- if > you go there, you're on your own. Because of this, questions like yours > are taken as an indication that you haven't done your homework and are > trying to get other people to do it for you. > Dave
Re: Kernel trap with custom ramdisk
Thanks all for suggestions. I have got finally what I want. I have created base ramdisk about 4Megs, then I'm fetching all other daemont/tools into the mfs disk ang run them. This solution works for now. 30.04.08, 01:58, "Daniel Ouellet" <[EMAIL PROTECTED]> > I guess what people try to tell you is that if you try to do custom > kernel, you are on your own. That was said already. > However, not knowing the problem you try to solved doesn't help either > trying to answer your question. > If they only think you need or want is a mount point that would be in > RAM and that you could use as a ramdisk, nothing special is needed and > sure not any custom kernel for this. > So, not knowing what you want to solved, is hard to offer anything good, > but you will not get help on doing custom kernel here really. This is > not Linux world. > Now if you only want a ram mount space, you can just read: > http://www.openbsd.org/cgi-bin/man.cgi?query=fstab&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html > As an example, right from the man page: > Change in /etc/fstab > #/dev/sd0f /tmp ffs rw,nodev,nosuid 1 2 > swap /tmp mfs rw,nodev,nosuid,-s=153600 0 0 > Would give you a mfs file system in ram, just like a ram disk. > It's that simple to do really and will be accessible right from reboot > as well. > Just for fun, a few years ago also, I did a RaidFrame setup where one > disk was the real drive and the second was RAM. Why, well simple. When > the system boot, the disk are not in sync, so the RaidFrame rebuilt the > mirror from the disk to the ram and then the sync was complete, I drop > the mount for the disk and yes the mirror was broken again, but then all > was running form RAM at that point going forward and it was simple and > fast like hell. That was for experiment and fun and it works. But it was > a pain to setup. Simple to use and very simple idea if you want. Works > well, but paint o setup the first time. > I might do that again when the new OpenBSD replacement for RaidFrame is > complete in the future that is already started, but not at the moment. > Anyway, just the mfs solution above might just be what you are after. > Not knowing your problem, I don't know if that would be it or not. > Give it a try anyway. Couldn't be simpler and sure nothing custom is > needed for that. > If that's not what you are after, then soryy for the noice and just hit > delete. > Best, > Daniel
PF and states of connections with same src port
Hello! I have question about PF. I have just found interesting behavior of of PF. For example if I fix source port and run from my PC: echo 'aaa' | nc -p www.my.rerver 80 I got response. But if I just run this command again - connection stuck. I should wait about 1 min to be able make connection with same src port. Looks like ps states didn'd imediately removed after FIN send. Directly connected PC haven't show such behavior, I got response immediately. Am I wrong or something about PF? How can fix this behavior? Thank you.
Re: PF and states of connections with same src port
I found this notes http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c?rev=1.559&content-type=text/x-cvsweb-markup Will try upgrade (I'm running 4.1) and see 02.05.08, 20:21, "Kian Mohageri" <[EMAIL PROTECTED]>: > States aren't purged immediately. Take a look at the timeout values, > specifically tcp.closed. > -Kian
Re: Debian libssl security (OpenSSH safe?)
Yes. Not good idea to modify sources just for satisfying automatic testings tool. Good lesson! 13.05.08, 21:53, "Marc Espie" <[EMAIL PROTECTED]>: > On Tue, May 13, 2008 at 09:41:00PM +0400, B A wrote: > > Can't find relation between bug in openssl deb package and valgring. > > There is no such info in the original link as I see (DSA-1571-1). > > Cold you be more specific and informative? > > Thank you. > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516
Re: Debian libssl security (OpenSSH safe?)
Can't find relation between bug in openssl deb package and valgring. There is no such info in the original link as I see (DSA-1571-1). Cold you be more specific and informative? Thank you. 13.05.08, 21:00, "Marc Espie" <[EMAIL PROTECTED]>: > More details show that someone seriously fucked up in debian. > Trusting automated reporting tools like valgrind is fairly dangerous. > I'm saddened that people still don't learn. > `but this is a serious security warning. This MUST be fixed, valgrind canNOT > be wrong.' > duh... well, it can, like every tool out there that understands the > source only so far... better than some humans, granted, but hopefully > not better (yet) than the people who write serious software...
Re: How to overwrite MSS value in SYN packets?
Now I tested wuth very simply topology: just 2 pc's and switch One OpenBSD another Linux with web server. Now I have only one line in my pf.conf: scrub all max-mss 1400 fragment reassemble This is wget downloading 1K file tcp, and I see mss 1460 in very first packet from my OpenBSD box tcpdump -i eth0 -n host 10.137.8.104 and port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 17:00:57.532589 IP 10.137.8.104.30290 > 10.137.9.55.80: S 568783555:568783555(0) win 16384 17:00:57.533068 IP 10.137.9.55.80 > 10.137.8.104.30290: S 347064380:347064380(0) ack 568783556 win 5792 17:00:57.532720 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 1 win 16384 17:00:57.532792 IP 10.137.8.104.30290 > 10.137.9.55.80: P 1:105(104) ack 1 win 16384 17:00:57.532800 IP 10.137.9.55.80 > 10.137.8.104.30290: . ack 105 win 46 17:00:57.532863 IP 10.137.9.55.80 > 10.137.8.104.30290: P 1:234(233) ack 105 win 46 17:00:57.532876 IP 10.137.9.55.80 > 10.137.8.104.30290: . 234:3130(2896) ack 105 win 46 17:00:57.53 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 1682 win 14936 17:00:57.533344 IP 10.137.9.55.80 > 10.137.8.104.30290: . 3130:7474(4344) ack 105 win 46 17:00:57.533699 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 4578 win 12040 17:00:57.533706 IP 10.137.9.55.80 > 10.137.8.104.30290: P 7474:10370(2896) ack 105 win 46 17:00:57.533709 IP 10.137.9.55.80 > 10.137.8.104.30290: P 10370:10474(104) ack 105 win 46 17:00:57.533898 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 6026 win 16384 17:00:57.534079 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 8922 win 14936 17:00:57.534201 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 10474 win 14832 17:00:57.534532 IP 10.137.8.104.30290 > 10.137.9.55.80: F 105:105(0) ack 10474 win 16384 17:00:57.534552 IP 10.137.9.55.80 > 10.137.8.104.30290: F 10474:10474(0) ack 106 win 46 17:00:57.534705 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 10475 win 16384 18 packets captured 18 packets received by filter 0 packets dropped by kernel 04.06.08, 05:22, "jean-philippe luiggi" <[EMAIL PROTECTED]>: > On Tue, 03 Jun 2008 18:35:35 +0400 > B A <[EMAIL PROTECTED]> wrote: > > tcpdump output: > > > > 03:17:15.390852 192.168.133.200.42631 > 217.76.32.61.80: S > > 669277748:669277748(0) win 16384 > 0,nop,nop,timestamp 2675320559 0> [tos 0x10] > > 03:17:15.512524 217.76.32.61.80 > 192.168.133.200.42631: S > > 81853979:81853979(0) ack 669277749 win 64240 > > 03:17:15.512625 192.168.133.200.42631 > > so I see 1460 packets. No ? > > > Hello, > I did some test here on an OpenBSD 4.3 using the same setup as you > (pf+217.76.32.61) and all is fine. The network stack works as > expected. > Do you've a scheme of the topology you use ? > What is the interface you're using for capture ? > Is 192.168.133.200 an internal interface of the box connected to > Internet or do you've another network box between 192.168.133.200 and > 217.76.32.61 ? > With regards, > Jean-Philippe.
Re: How to overwrite MSS value in SYN packets?
07.06.08, 21:04, "Alexey Suslikov" <[EMAIL PROTECTED]>: > [EMAIL PROTECTED] wrote: > > Now I tested wuth very simply topology: just 2 pc's and switch > > One OpenBSD another Linux with web server. > > Now I have only one line in my pf.conf: > > > > scrub all max-mss 1400 fragment reassemble > This one-liner will not work unless you have corresponding > pass rule in your pf.conf, so I highly suspect what you even > have packet filter disabled. > Do you have pf=YES in /etc/rc.conf.local? Yes. I have. bash-3.2# pfctl -sr scrub all no-df random-id max-mss 1400 fragment reassemble pass in quick all flags S/SA keep state pass out quick all flags S/SA keep state > Also, topology you have will not route packets as you told us > before. Yes. I made it simplie to understand. Now I have only one BSD as client ftching one file from linux box. > And we don't really like linux tcpdumps here so very few will > speak up and help. If you can't get OpenBSD box to work > please provide OpenBSD tcpdump output. Ok. Here is openbsd tcpdump. But I still see len 1440 packets. 03:57:54.035986 192.168.133.200.9901 > 192.168.133.1.80: S [tcp sum ok] 1790495358:1790495358(0) win 16384 (ttl 64, id 55493, len 64) 03:57:54.036047 192.168.133.1.80 > 192.168.133.200.9901: S [tcp sum ok] 2480387518:2480387518(0) ack 1790495359 win 5792 (DF) (ttl 64, id 0, len 60) 03:57:54.036080 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 1 win 16384 (ttl 64, id 40579, len 52) 03:57:54.036210 192.168.133.200.9901 > 192.168.133.1.80: P 1:70(69) ack 1 win 16384 (ttl 64, id 7424, len 121) 03:57:54.036257 192.168.133.1.80 > 192.168.133.200.9901: . [tcp sum ok] ack 70 win 46 (DF) (ttl 64, id 35838, len 52) 03:57:54.040971 192.168.133.1.80 > 192.168.133.200.9901: P 1:229(228) ack 70 win 46 (DF) (ttl 64, id 35839, len 280) 03:57:54.040976 192.168.133.1.80 > 192.168.133.200.9901: . 229:1617(1388) ack 70 win 46 (DF) (ttl 64, id 35840, len 1440) 03:57:54.040979 192.168.133.1.80 > 192.168.133.200.9901: . 1617:3005(1388) ack 70 win 46 (DF) (ttl 64, id 35841, len 1440) 03:57:54.041009 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 1617 win 14768 (ttl 64, id 64488, len 52) 03:57:54.041066 192.168.133.1.80 > 192.168.133.200.9901: . 3005:4393(1388) ack 70 win 46 (DF) (ttl 64, id 35842, len 1440) 03:57:54.041076 192.168.133.1.80 > 192.168.133.200.9901: . 4393:5781(1388) ack 70 win 46 (DF) (ttl 64, id 35843, len 1440) 03:57:54.041080 192.168.133.1.80 > 192.168.133.200.9901: . 5781:7169(1388) ack 70 win 46 (DF) (ttl 64, id 35844, len 1440) 03:57:54.041106 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 4393 win 11992 (ttl 64, id 23140, len 52) 03:57:54.041158 192.168.133.1.80 > 192.168.133.200.9901: P 7169:8557(1388) ack 70 win 46 (DF) (ttl 64, id 35845, len 1440) 03:57:54.041163 192.168.133.1.80 > 192.168.133.200.9901: . 8557:9945(1388) ack 70 win 46 (DF) (ttl 64, id 35846, len 1440) 03:57:54.041166 192.168.133.1.80 > 192.168.133.200.9901: FP 9945:10469(524) ack 70 win 46 (DF) (ttl 64, id 35847, len 576) 03:57:54.041189 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 7169 win 9216 (ttl 64, id 19692, len 52) 03:57:54.041242 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 9945 win 6440 (ttl 64, id 11042, len 52) 03:57:54.041292 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 10470 win 5916 (ttl 64, id 19856, len 52) 03:57:54.041463 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 10470 win 16384 (ttl 64, id 18257, len 52) 03:57:54.044006 192.168.133.200.9901 > 192.168.133.1.80: F [tcp sum ok] 70:70(0) ack 10470 win 16384 (ttl 64, id 44491, len 52) 03:57:54.044058 192.168.133.1.80 > 192.168.133.200.9901: . [tcp sum ok] ack 71 win 46 (DF) (ttl 64, id 0, len 52) > - Alexey.
Intel 82575GB NIC doesn't work
Hello! Looks like there is no support for 82575GB NIC in OpenBSD kernel. I got something like "Intel PRO/1000 QP (82575GB)" rev 0x02 at pci10 dev 0 function 0 not configured" But I found this link for FreeBSD driver http://downloadcenter.intel.com/Detail_Desc.aspx?ProductID=2874&DwnldID=15815&lang=eng Is there any really quick and easy way to make this driver work in OpenBSD ?
