Re: Laptop Recommendations?
Thinkpads are used often by folks wanting to get that penguin OS going also. Brian On 11/10/2016 4:34 PM, STeve Andre' wrote: On 11/10/16 00:47, Nathan Koch wrote: Greetings Fair BSD Wizards, I am new to the lists. I am currently shopping for a new Xmas present for myself and am looking for a laptop that's portable and lightweight. Preferably fast, cheap (close to free), light, and secure. If you have any recommendations before the stormy winter hits the prairies please let me know. Thank you. Nate Sailing the South Saskatchewan. I have used ThinkPads with great success: - T60p: everything worked - W500: everything worked - W541: camera and SDHC cards wern't working last time I checked, which was a while ago. Everything else is fine. Well, maybe the docking adaptor is still problematic. - A31p: which is now long obsolete, but it worked well. W500's can be had on ebay in the $280 class range, then add extra mem and a large disk, etc. --STeve Andre
Re: bootable OpenBSD USB stick from windows?
On 2/11/2013 5:51 PM, Heptas Torres wrote: > Hello > I have an old laptop with no CD-ROM but can boot from USB. Given that > I only have access to a windows machine to burn an iso image, do you > know of an easy way (e.g. some windows programa) to create a bootable > OpenBSD USB stick which I can then use to install OpenBSD on my old > laptop? > -heptas > > If windows has something like dd, maybe you can write the floppy image to your usb.
Two minor problems with install under -current
I did a new install today of -current on my amd64 box. I ran into two issues during the install. These were not show stoppers as I was able to finish. First, when I attempted to pull down the file sets from the defaulted mirror, the files were not found. Second, when I switched my pull down of the file sets to ftp.openbsd.org, I had a: non-recoverable failure in name resolution for bsd.rd. I later grabbed this from ftp3.usa.openbsd.org. Just an FYI. And I do like the new install for a few reasons: 1) correctly determines that I want the snapshot directory 2) offers a great selection of options at the beginning and offers some nice default options 3) appears to run faster Anyway, keep up the great work. Thanks, Brian
building a new openBSD box
Well, my box is getting pretty old, and I'd like a faster compile time of openoffice, so I am in the process of building a new machine. I want to make sure my assumptions on this build are correct before I dump money on hardware that is unlikely to be supported. I am planning on building either an intel xeon based machine or amd Opteron/Phenom based machine as long as I can avoid any nvidia parts. Since this is a workstation, I would like 3D acceleration, so I should stick with ATI video cards, right? Here are some motherboards I am looking at: http://www.newegg.com/Product/Product.aspx?Item=N82E16813131378 http://www.newegg.com/Product/Product.aspx?Item=N82E16813128384 I am currently running an old Tyan board with a AMD64 CPU. It's worked well, but I'm afraid if I buy the upgraded version of this board that it will not be supported. The newer version uses Nvidia chipsets, which is this board: http://www.newegg.com/Product/Product.aspx?Item=N82E16813151062 Any suggestions? I don't want to build a machine that is unlikely to be supported. Thanks, Brian
Re: amd64/grub package?
--- On Sat, 5/30/09, Donald Allen wrote: > You have to install a second-stage bootloader, so why not > use one > bootloader to do the whole job rather than two? That's > what. > So port is over. No one is stopping you.
Re: RAIDFrame woes with -current. Seeking debug advice
Josh, I experienced this same problem during a recent migration to RAIDframe Auto-configuration. I had a RAID 1 root auto-configured RAID set, and a RAID 0 auto-configured set. The source tree I was using dates back to August 5th so it is obviously outside of your 12-hour window. However, I pinpointed my hang due to a CD-ROM being connected to the IDE port on the motherboard. Without the CD-ROM drive, the RAIDframe Auto-configure would proceed as expected. I don't know if this will help, considering I do not have a dmesg on hand. The server is already deployed and I cannot experiment with CD-ROM drive insertion/removal. I can tell you that the offending CD-ROM drive is a LITE-ON CD-ROM Drive model LTN-483S if that is of any consequence. And yes, RAID_AUTOCONFIG is set in the kernel config. Without it, the RAIDframe would proceed as expected with or without the CD-ROM drive. -Brian Josh Grosse wrote: [snip] > The symptom: hang after normal kernel message: "Kernelized RAIDframe Activated" [snip] > atapiscsi0 at pciide0 channel 1 drive 0 > scsibus0 at atapiscsi0: 2 targets > cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable [snip] [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Help! I'm having Linux foisted on me! (PF queuing woes)
Joshua Smith wrote: > Out of curiosity what are these two extremely rare cases? [snip] One example off the top of my head (and ipsec.conf(5)) is the enc0 interface. You wouldn't set your state-policy to this, but each individual rule would use if-bound to prevent traffic from going out your egress when an IPsec SA is removed/expires before the state is removed/expires (think isakmpd and the various reasons an SA can disappear). Of course, if I am wrong and if-bound shouldn't be used in this case, ipsec.conf(5) should be updated appropriately. -Brian [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: daap/mdns multicast problems
Jonathan Kent wrote: [snip] > I'm pretty certain its not pf getting in the way so my guess here is > that I need multicast routing enabled?? Been googling for info on this > to see if that was the case but can't find much on this of help. Of > course I could be completely off here :o) > > Any pointers greatly received. [snip] At first glance, the following sysctl variables in /etc/sysctl.conf may help: net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets Both are disabled by default. If you have already enabled these, then please disregard my message. If not, try: sysctl net.inet.ip.mforwarding=1 net.inet6.ip6.mforwarding=1 -Brian [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Network Time Synchronization using timed or ntpd or a Combination?
Boris Goldberg wrote: [snip] > There are pros and cons in the "demon" and in the "cron" schema. I > decided to use cron and I know why. Every sysadmin/architect should make > that decision for *his* systems (and know why). "Home users" should > probably stay with the default (ntpd), but they are usually using Windows > and cheap "hardware" firewalls anyway. ;) [snip] I hate beating a dead horse, but this one needs one more whack. OpenNTPD runs as a 'daemon,' yes, but it does so using privilege separation and other goodies. The network code runs as a normal user, isolated from other users. This is superior to running rdate AS ROOT from a cronjob. OpenNTPD does not open any TCP or UDP ports by default. It is true that rdate has about 63% less lines of code than ntpd and is older, and may have had more code audits performed; However, ntpd is new code, written with security in mind, runs as a normal user (privilege separated for the most part) and has superior time keeping ability. Your advice about not running a daemon if it's possible to do the task otherwise may be true with a (bloated) daemon such as ntp.org ntpd, however, with OpenNTPD the tables are turned. It is far safer to run the 'daemon' than to perform the task otherwise. That being said, it is up to the individual users to decide what to do. Hopefully this above explanation will help those who don't necessarily understand the risks of running programs as root vice daemons which execute code with proper separation of privileges. -Brian [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: About Xen: maybe a reiterative question but ..
Hi! I think you are missing the point about x86 hardware being a mess. Theo made an excellent point about the architecture itself having so many filthy quirks. If a VM is compromised through any means, that attacker can now leverage the dirty architecture to bypass the hypervisors (supposed) isolation techniques. If the attacker can utilize the VM to infiltrate the hypervisor, even more damage can be done. The entire point is this: You cannot increase security by putting more things on one physical server. You can run your different 'Application Domains' on different physical servers. That is much closer to security than through obscurity. -Brian L. V. Lammert wrote: > At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote: >> > Certainly there is a small, compount risk increase due to multiple OS >> > images involved, but the OS images must be analyzed independently >> FIRST, >> > and THOSE risks addressed. >> >> Certainly you pulled that assesment out of your ass. > > I thought it was obvious, .. but I know you have beter things on your > mind. I DO mind you liking my ass, however - ain't gonna happen. > >> > **IF** OBSD were available as a host OS, that would be good security. >> >> You must be more qualified with regards to the actual code than I am >> because I flat out don't believe this at all. > > Believe what? OBSD is secure? I thought you were proud of the project? > Sheesh! If our leader doesn't believe OBSD is secure, we ALL better be > running for cover. Linux, anyone? > > If you're saying that OBSD will never be modified to run AS a XEN > hypervisor, that's probably a true statement. No need to corrupt a > decent OS with GPL s/w. > >> > If not, then security issues compound due to multiple guest OSs and >> each set >> > of inherent vulnerabilities. >> >> security issues and protections do not add up like numbers. > > Sure they do. If I'm running Windoze as a guest OS, there are hundreds > or thousands of possible vulnerabilities. If I'm runng OBSD as a guest > OS, guess what (I hope you don't have to??) - few to none. There is no > way to 'compound threat [interaction]', but that doesn't detract from > the basic truth - the lower the risk/number of vulnerabilities of the > OS, the better off you are. As a corollary, you might also say that > there is no way to improve the security of a server without improving > the security of the OS. > >> > No matter how you twist the logic, however, a VM provides a good >> level of >> > application domain security, from the standpoint that each set of >> domain >> > users and applications can only see the services provided within that >> > domain guest OS. >> >> The phrase "application domain security" is a cover-up statement that >> means "I have already decided to run the multiple things on one box >> because I am cheap, and I need to invent reasons why I can continue >> doing so". > > Huh?? Do you know what an application domain is? Guess not - here's a > definition: > > Application + Users + Access Method = Application Domain > > Examples: File/Print, httpd, DB, . . . > > The more discrete the security model (i.e. File/Print users are not > valid on the httpd server) the better. > > Lee [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: About Xen: maybe a reiterative question but ..
L. V. Lammert wrote: > On Wed, 24 Oct 2007, Brian wrote: > >> Hi! >> >> I think you are missing the point about x86 hardware being a mess. Theo >> made an excellent point about the architecture itself having so many >> filthy quirks. If a VM is compromised through any means, that attacker >> can now leverage the dirty architecture to bypass the hypervisors >> (supposed) isolation techniques. If the attacker can utilize the VM to >> infiltrate the hypervisor, even more damage can be done. >> >> The entire point is this: You cannot increase security by putting more >> things on one physical server. You can run your different 'Application >> Domains' on different physical servers. That is much closer to security >> than through obscurity. >> >> -Brian >> > Hi! > > Sorry, it's YOU that missed the point! I never said or made any comparison > to physical machines - the entirety of that I said is: > > "Running services/application domains in VMs increases security." As I > said in a previous email, only an idiot would think that separatey > physical machines would NOT increase security, and I give this crowd much > more credit than that so I did not bother to include such information. > > I still stand by my original statement. Running application 'domains' in > VMs instead of on a single server increases security. > > Lee Quoted directly from your first e-mail on this subject: "Virtualization provides near absolute security - DOM0 is not visible to the user at all, only passing network traffic and handling kernel calls. The security comes about in that each DOMU is totally isolated from the the others, while the core DOM0 is isolated from any attacks." Your first sentence is provoking these responses. You cannot make this claim unless you are 100% certain the virtualization layer is bug free. If theres a bug in the virtualization layer that allows a NORMAL USER [1] in any of the guests to compromise the VM layer, host, or any of the guests, the user has just escalated his privileges through a vector that would never have been there outside of this VM environment. Do you see what we're saying now? You are adding a complex layer of software to isolate things, when in fact you have no guarantee this layer cannot cause an escalation by a normal user. All of the theoretical attack vectors are exactly that: theoretical. But by adding complex layers does not guarantee any increase in security. If your application 'domains' are properly isolated on a single server, by privilege separation and chroot'ing processes, all you have left to worry about is that NORMAL USER escalating his privileges through some unknown bug in the OS you choose to run. You do not have to worry about the complex VM layer having its own set of unknown bugs. So, in the end, you are still not getting the point. There are possible attack vectors in both single server setups, and virtualized setups. By making the claim that security is increased by virtualizing is fundamentally wrong. You just don't know of or have heard of any significant holes in the virtualization layers yet (minus vmware tools). -Brian [1] Think Dom0's job of virtualizing hardware for the guests. If there is some obscure bug in the Dom0's code, it could be possible for the normal user inside the guest to provoke this bug through the guest OS into causing DoS or possibly worse. I don't know of any bugs myself, but the attack vector may exist and can become an entire class of security holes. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: lookup option in /etc/resolv.conf ignored
Make sure you have restarted Firefox after making changes to /etc/resolv.conf. Specifically, the application-level DNS cache will contain old data if you have not restarted it. This bit me for 3 minutes straight after needing to redirect an address. Karel Kulhavy wrote: > I want to make my OS return 127.0.0.1 on google-analytics.com and > ad.doubleclick.net to speed up the work with Sourceforge. > > I put > 127.0.0.1 google-analytics.com > 127.0.0.1 ad.doubleclick.net > into /etc/hosts > > and checked that /etc/resolv.conf contains > lookup file bind > > According to man resolv.conf this should result in /etc/hosts having priority > over the DNS system. However, it simply doesn't work. Both Firefox and the > "host" command behave as if I didn't do anything. > > Why doesn't it work when man resolv.conf says it should? > > CL< [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Compliments and Knob Question
That thing on the door is a handle. A knob would let you adjust how far the door opens, how much it resists being opened, whether or not it shuts itself (and how quickly) and how far you have to turn the handle to get it to start opening. Clearly most doors work just fine without knobs. Tech knob discussion, how about a nice boring dictionary answer. 1 a*:* a rounded protuberance *:* lump b*:* a small rounded ornament or handle 2*:* a rounded usually isolated hill or mountain This seems that a knob doesn't have to be useful. Brian
Re: Compliments and Knob Question
Richard Toohey wrote: On 5/12/2007, at 7:09 PM, Richard Toohey wrote: On 5/12/2007, at 4:24 PM, L wrote: Question about buttons and knobs.. What exactly is a knob? [cut] it simpler. For example the CP command is just a knob for copy.. My understanding of knob is an option or a switch. I guess the meaning is like a music console - all those knobs you can turn to fiddle with sound. Like this stuff ... http://digitalmedia.oreilly.com/2005/01/26/synthedit1_0105.html Lots and lots and LOTS of knobs all to fiddle with sound. I always thought of the BGP routing protocol as the ultimate example of software knobbage. Brian
Re: no 4.2-stable package updates??
So why does that "majority" not provide the skills or the money to support that facility? Maybe you should use something else that panders to your appetite. Completely unable to resist a great setup presented above, is the software really free then? Brian
Re: Merging 2 ADSL lines
Jussi Peltola wrote: On Thu, Dec 27, 2007 at 10:13:11AM -0600, L. V. Lammert wrote: It is possible to share ADSL lines for oubound traffic, .. but no provider I have seen will allow bonding for incoming traffic (e.g. a mail server). Isn't that easily solved with DNS round robin in the case of mail and web servers? I have seen this with sdsl, here is a link from a UK guy that did it. http://www.automatedhome.co.uk/Internet/ADSL-Bonding-How-To-and-Review.html Brian
k9copy
Anyone in the process of porting over k9copy from the freebsd ports tree? Thanks, Brian Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
amd64 assembly registers behavior and function calls
Are register values preserved between function calls on amd64? I'm pretty sure they are whipped out on i386, but I'm sure about amd64. Do I need to write parameters to %rbp offset, then follow the x86-abi for registers to write to before making the function call? When I disassemble C code, it looks like the parameters are written to %rbp, then to the registers per the x86-84 abi, and then the function is called? Is this the preferred way to write function calls? And I would use the same method to save the return value in %rax, right? Thanks, Brian Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Suggested PF Setup when using BitTorrent?
Is there any suggested PF setup when using BitTorrent? Right now, the biggest problem I have when using BitTorrent is watchdog timeouts. Thanks, Brian Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: Suggested PF Setup when using BitTorrent?
--- Leonardo Rodrigues <[EMAIL PROTECTED]> wrote: > Maybe those watchdog timeouts have nothing to do with bittorrent, and > are probably more related to nic problems. Have you tried running your > torrent client with a different network card? I have run into the same issue with my onboard nic card, which doesn't work as well as my sk nic. I'm not sure how to debug the issue. I just started using pf, so my original question still stands. Is there a preferred rule set for pf when using BitTorrent? Thanks, Brian Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: Suggested PF Setup when using BitTorrent?
--- Stuart Henderson <[EMAIL PROTECTED]> wrote:
> On 2008/01/06 17:50, Brian wrote:
> > --- Leonardo Rodrigues <[EMAIL PROTECTED]> wrote:
> >
> > > Maybe those watchdog timeouts have nothing to do with bittorrent, and
> > > are probably more related to nic problems. Have you tried running your
> > > torrent client with a different network card?
> >
> > I have run into the same issue with my onboard nic card, which doesn't work
> as
> > well as my sk nic. I'm not sure how to debug the issue.
>
> Sounds like it may be missing interrupts. I would start by using
> ACPI ("boot -c" at the boot loader prompt, then at UKC "disable apm"
> and "enable acpi").
>
> Where's the dmesg?
OpenBSD 4.2-current (GENERIC) #1: Sun Dec 30 18:50:44 MST 2007
:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1073278976 (1023MB)
avail mem = 1030647808 (982MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.2 @ 0xf (39 entries)
bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 02/17/2005
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP MCFG APIC
acpi0: wakeup devices HUB0(S5) XVR0(S5) XVR1(S5) XVR2(S5) XVR3(S5) USB0(S3)
USB2(S3) MMAC(S5) MMCI(S5) UAR1(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (HUB0)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature 70 degC
acpibtn0 at acpi0: PWRB
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Athlon(tm) 64 Processor 3000+, 1808.54 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: AMD erratum 113 detected and fixed
cpu0: AMD erratum 89 present, BIOS upgrade may be required
pci0 at mainbus0 bus 0: configuration mode 1
"NVIDIA nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 "NVIDIA nForce4 ISA" rev 0xa3
nviic0 at pci0 dev 1 function 1 "NVIDIA nForce4 SMBus" rev 0xa2
iic0 at nviic0
adt0 at iic0 addr 0x2e: sch5017 rev 0x89
spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL2.5
spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC3200CL2.5
iic1 at nviic0
adt1 at iic1 addr 0x2e: sch5017 rev 0x89
spdmem2 at iic1 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL2.5
spdmem3 at iic1 addr 0x51: 512MB DDR SDRAM non-parity PC3200CL2.5
ohci0 at pci0 dev 2 function 0 "NVIDIA nForce4 USB" rev 0xa2: irq 5, version
1.0, legacy support
ehci0 at pci0 dev 2 function 1 "NVIDIA nForce4 USB" rev 0xa3: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "NVIDIA EHCI root hub" rev 2.00/1.00 addr 1
auich0 at pci0 dev 4 function 0 "NVIDIA nForce4 AC97" rev 0xa2: irq 5, nForce4
AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0)
audio0 at auich0
pciide0 at pci0 dev 6 function 0 "NVIDIA nForce4 IDE" rev 0xa2: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 7 function 0 "NVIDIA nForce4 SATA" rev 0xa3: DMA
pciide1: using irq 11 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0:
wd0: 16-sector PIO, LBA48, 35304MB, 72303840 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide1 channel 1 drive 0:
wd1: 16-sector PIO, LBA48, 305245MB, 625142448 sectors
wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide2 at pci0 dev 8 function 0 "NVIDIA nForce4 SATA" rev 0xa3: DMA
pciide2: using irq 10 for native-PCI interrupt
ppb0 at pci0 dev 9 function 0 "NVIDIA nForce4 PCI-PCI" rev 0xa2
pci1 at ppb0 bus 1
"ATI Rage XL" rev 0x27 at pci1 dev 5 function 0 not configured
"VIA VT6306 FireWire" rev 0x80 at pci1 dev 6 function 0 not configured
"Creative Labs SoundBlaster Audigy LS" rev 0x00 at pci1 dev 9 function 0 not
configured
skc0 at pci1 dev 10 function 0 "D-Link Systems DGE-530T A1" rev 0x11, Yukon
Lite (0x9): irq 5
sk0 at skc0 port A: address 00:15:e9:2e:28:e6
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
nfe0 at pci0 dev 10 function 0 "NVIDIA CK804 LAN" rev 0xa3: irq 11, address
00:e0:81:56:8f:67
eephy1 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 1
ppb1 at pci0 dev 11 function 0 "NVIDIA nForce4 PCIE" rev 0xa3
pci2 at ppb1 bus 2
ppb2 at pci0 dev 12 function 0 "NVIDIA nForce4 PCIE" rev 0xa3
pci3 at ppb2 bu
Re: Suggested PF Setup when using BitTorrent?
--- Max Hayden Chiz <[EMAIL PROTECTED]> wrote: > Perhaps this problem is specific to my configuration (or specific to > DOCSIS cable modems). But if it makes Brian (or someone else's > problem) go away, then it is likely that this problem is not unique. > > --MHC > Let me read through the documentation to figure out how to set this up. I am running a cable modem as well. Here are my bittorrent settings: --minport 13000 --maxport 14000 --max_initiate 15 --max_allow_in 15 --max_upload_rate 25 --max_uploads 5 Give me some time to figure out the altq and pf. I have only used pf for a week, so I'm still learning it. Thanks, Brian Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: Why do clients running BitTorrent make my router's latency go through the roof?
--- Max Hayden Chiz <[EMAIL PROTECTED]> wrote: > > My original test was capped at 384Kbps (i.e. 48KBps). I have tried it > with 256Kbps (32KBps), 128Kbps (16KBps), etc. I have also managed to > sustain HTTP and FTP connections to my server at 500+Kbps for days at > a time with no problems before. If upload was a problem, I would > expect this usage situation to cause problems as well. More > importantly, I do not experience the latency when I am simply > "seeding" (only uploading). I only have this problem when BitTorrent > is making large numbers of connections to download. > > I had some extra time today, and swapped out the OpenBSD box for a > NetGear router. I am no longer experiencing the latency problem. I > will continue monitoring the problem for another 48 hours or so, but > my initial conclusion is that the problem is with the OpenBSD box. > Either this is a hardware problem with my box, or it is a software > bug. Given the number of posts experiencing difficulty with > BitTorrent I am inclined toward the latter as opposed to the former. > > I'm going to see if I can get another OpenBSD box to test this on, but > it won't be a Blade100. I can also try adding an extra network card > and not using gem0 (the interface with the problem). But that's the > best I'm going to be able to do from this end. > > --MHC How are you testing for latency, so I can duplicate on my side? I am running through a Netgear RP614v3 to a Motorola SB5100 cable modem. My nic card is: skc0 at pci1 dev 10 function 0 "D-Link Systems DGE-530T A1" rev 0x11, Yukon Lite (0x9): irq 5 sk0 at skc0 port A: address 00:15:e9:2e:28:e6 I'm just running pf with this config: block in pass out I hope to re-write my config this weekend per the suggestions to use altq. I just need to read the documentation, but pf will be running locally. Once I figure it out, I wanted to replace my Netgear with a soerkis box running openBSD. Now, I had the timeouts before enabling pf, and I haven't seen them lately, but I haven't been aggressively downloading with bittorrent either. I hope to test this weekend once I figure out what I need to do to provide meaningful results. Thanks, Brian Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Using Altq?
I read the following document: http://www.undeadly.org/cgi?action=article&sid=20061109202501 and I understand the general concepts, but I have a few questions. * How do I determine my actual up and down provided to me from my service provider? * How do I make a decision as to what queue method to use: cbq, priq, or hfsc? Basically, I want to attempt to avoid getting watchdog timeouts on my bittorrent connections. Thanks, Brian Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: anyone have a port of cacti?
Richard Daemon wrote: anyone have a port of cacti? www.cacti.net Heres a link to the freebsd port if you want to have a hack at it.. http://www.freebsd.org/cgi/cvsweb.cgi/ports/net-mgmt/cacti/ Brian
Re: Using Altq?
--- Chris Kuethe <[EMAIL PROTECTED]> wrote: > > Get a better NIC or a NIC with a better driver? I've used re(4), > nfe(4), sis(4), fxp(4), and em(4) with bittorrent all without watchdog > timeouts. And when I got the re(4), it was less than $20 for something > that could do better than 100Mbps. Try acpi like Daniel suggests? I tried acpi (I disabled apm via boot -c and acpi was all ready enabled); I received watchdog timeouts today. I switched to the onboard nfe, and I will try again. The watchdog timeouts took place on my skc. I'm not sure what to write in a bug report for this problem. Here's the dmesg: OpenBSD 4.2-current (GENERIC) #0: Sun Jan 27 12:34:41 MST 2008 :/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1073278976 (1023MB) avail mem = 1030623232 (982MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.2 @ 0xf (39 entries) bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 02/17/2005 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP MCFG APIC acpi0: wakeup devices HUB0(S5) XVR0(S5) XVR1(S5) XVR2(S5) XVR3(S5) USB0(S3) USB2(S3) MMAC(S5) MMCI(S5) UAR1(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (HUB0) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 70 degC acpibtn0 at acpi0: PWRB cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3000+, 1808.54 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 113 detected and fixed cpu0: AMD erratum 89 present, BIOS upgrade may be required pci0 at mainbus0 bus 0: configuration mode 1 "NVIDIA nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 "NVIDIA nForce4 ISA" rev 0xa3 nviic0 at pci0 dev 1 function 1 "NVIDIA nForce4 SMBus" rev 0xa2 iic0 at nviic0 adt0 at iic0 addr 0x2e: sch5017 rev 0x89 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL2.5 spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC3200CL2.5 iic1 at nviic0 adt1 at iic1 addr 0x2e: sch5017 rev 0x89 spdmem2 at iic1 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL2.5 spdmem3 at iic1 addr 0x51: 512MB DDR SDRAM non-parity PC3200CL2.5 ohci0 at pci0 dev 2 function 0 "NVIDIA nForce4 USB" rev 0xa2: irq 5, version 1.0, legacy support ehci0 at pci0 dev 2 function 1 "NVIDIA nForce4 USB" rev 0xa3: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "NVIDIA EHCI root hub" rev 2.00/1.00 addr 1 auich0 at pci0 dev 4 function 0 "NVIDIA nForce4 AC97" rev 0xa2: irq 5, nForce4 AC97 ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0) audio0 at auich0 pciide0 at pci0 dev 6 function 0 "NVIDIA nForce4 IDE" rev 0xa2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 7 function 0 "NVIDIA nForce4 SATA" rev 0xa3: DMA pciide1: using irq 11 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 35304MB, 72303840 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide1 channel 1 drive 0: wd1: 16-sector PIO, LBA48, 305245MB, 625142448 sectors wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 pciide2 at pci0 dev 8 function 0 "NVIDIA nForce4 SATA" rev 0xa3: DMA pciide2: using irq 10 for native-PCI interrupt ppb0 at pci0 dev 9 function 0 "NVIDIA nForce4 PCI-PCI" rev 0xa2 pci1 at ppb0 bus 1 "ATI Rage XL" rev 0x27 at pci1 dev 5 function 0 not configured "VIA VT6306 FireWire" rev 0x80 at pci1 dev 6 function 0 not configured "Creative Labs SoundBlaster Audigy LS" rev 0x00 at pci1 dev 9 function 0 not configured skc0 at pci1 dev 10 function 0 "D-Link Systems DGE-530T A1" rev 0x11, Yukon Lite (0x9): irq 5 sk0 at skc0 port A: address 00:15:e9:2e:28:e6 eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 nfe0 at pci0 dev 10 function 0 "NVIDIA CK804 LAN" rev 0xa3: irq 11, address 00:e0:81:56:8f:67 eephy1 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 1 ppb1 at pci0 dev 11 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci2 at ppb1 bus 2 ppb2 at pci0 dev 12 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci3 at ppb2 bus 3 ppb3 at pci0 dev 13 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci4 at ppb3 bus 4 bge0 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1 (0x4101): irq 11, address 00:e0:81:56:8f:66 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb4 at pci0 dev 14 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci5 at ppb4 bus 5 vga1 at pci5 dev 0 function 0 "NVIDIA GeForce 6600 GT" rev
Re: running mail server at home
Lori Barfield wrote: consumer IP space is really a problem for outgoing mail. at the very least, all the majors will add spam points to your messages and so your mail is a lot more likely to be bulked. even resold IP space at large colos is treated that way by default, and it causes heartburn for businesses. just having reverse DNS isn't good enough, either, because if it has a name that "looks" like dynamic IP space, that can also get your mail treated with prejudice. it's best to own your own reverse DNS so you can give it a realistic look. you can try to work with the major ISPs to get your IP(s) whitelisted, and try to convince folks to take them off their no-no lists as well, but that can be very time consuming and you'll have mixed results. bottom line is, check out the reputation of your IP space before buying it. you don't want the problem to start with. ...lori Gewt an ISP that doesnt block it and youre fine, Ive been using speakeasy for years, theyre pricey but they stay out of the way. Brian
Re: running mail server at home
Douglas A. Tutty wrote: Well, as always, it depends. What do _you_ mean by a mail server? Do you mean that you want people to mail you directly and your mail to go out to the internet directly and bypass your ISP? If so, you'll need a fixed IP and help from you ISP since they normall block this for home users. Hey, my ISP says that their connection is only for one computer that I can't run a network on their hookup. I guess they've never heard of UNIX and masquerading. I run a mailserver in that I can mail internally and externally. However, the mail all goes out to my ISP's smart host and comes in with fetchmail. Doug. A p3 is plenty unless youre doing a VERY large quantity of mail.. Re the IP thing, a static IP and an ISP that doesn't block and is willing to change a reverse dns entry to match the forward are what I have done, seems to have worked ok for me. Smarthosting is not for me, I'll deliver direct.. Brian
x.org pci stuff
Is work being done on this for openBSD: http://www.x.org/wiki/PciReworkProposal I ask because I do not see openBSD listed. Thanks, Brian Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: take threads off the table
--- Marco Peereboom <[EMAIL PROTECTED]> wrote: > If you want to run more of the same you fork. > > Threads usefulness are limited in scope. Threads dangers are endless. > Nonetheless there are good reasons for threading; just not as many as > people give it credit for. Ssh is not one of those use cases where > threading is important. Please listen to this guy. He does a lot of great stuff, and you're taking his time away from creating more great stuff. Brian Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: rtorrent + OpenBSD = freeze
--- Daniel Andersson <[EMAIL PROTECTED]> wrote: > Hi! > > I tried OpenBSD last autumn but had some trouble running rtorrent. For the longest time, I ran the port net/BitTorrent with a script, and I recently solved some hardware related issues I had with it. But I never had system freezes. Yesterday, I switched over the net/ktorrent since it supports encryption, which I am finding I need for some very low seeded torrents, where all the seeds are running encryption. I have not experienced any system freezes with net/ktorrent, and I would definitely recommend it. Brian Note: I still run the default fvwm. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: rtorrent + OpenBSD = freeze
--- Pierre Riteau <[EMAIL PROTECTED]> wrote: > I have seen this freeze with both xl(4) and nfe(4). Maybe it's time folks start posting their dmesg. Brian Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
OpenBSD Wireless Router and Nintendo DS
I'm having trouble connecting to my OpenBSD wireless router with my
Nintendo DS handheld. Here is some general information about my setup.
uname -a:
OpenBSD lordnikon.thehomerow.net 4.0 GENERIC#1107 i386
ifconfig ral0:
ral0: flags=8943 mtu
1500
lladdr 00:30:4f:4c:0c:9b
media: IEEE802.11 autoselect hostap (autoselect mode 11b hostap)
status: active
ieee80211: nwid Mother2 chan 2 bssid 00:30:4f:4c:0c:9b nwkey 100dBm
inet6 fe80::230:4fff:fe4c:c9b%ral0 prefixlen 64 scopeid 0x2
inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
The DS is giving me an "Error Code: 51300" message when it tries to test
the connection. I've found some forums that mention this might be a
problem with the DS not gracefully dropping to the 1-2 Mbps connection
rate that it requires (for some odd reason).
The available media options for ral0 to set 1 or 2 Mbps connection rates
are DS1 and DS2. I've tried all combinations of these media options, no
mode setting, and mode 11b. I tried 11b because there were also some
mentions of the DS not dropping to an 11b connection if 11g is present
too.
I've also tried specifying different channels for the wireless card. I
tried 1, 11, and 12 with no success.
I was suggested to put the wireless card into "mixed" mode, but I'm not
exactly sure if there's a way to specify this, or this is what no mode
setting defaults to on a card that is capable of both 11b and 11g.
If anyone has any ideas, I would really appreciate it. I've posted this
problem on two different forums and still haven't been able to solve it.
Thanks!
-Brian
Figured I'd attach my dmesg for good measure...
OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Sempron(tm) Processor 2500+ ("AuthenticAMD" 686-class, 256KB
L2 cache) 1.41 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
real mem = 468938752 (457948K)
avail mem = 419680256 (409844K)
using 4256 buffers containing 23547904 bytes (22996K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 09/12/05, BIOS32 rev. 0 @
0xf0010, SMBIOS rev. 2.3 @ 0xf0530 (54 entries)
bios0: ASUSTeK Computer Inc. K8V-MX
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf58b0/208 (11 entries)
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8237 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8200 0xc8800/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA K8M800 Host" rev 0x00
pchb1 at pci0 dev 0 function 1 "VIA K8M800 Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA K8M800 Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA K8M800 Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA K8M800 Host" rev 0x00
pchb5 at pci0 dev 0 function 7 "VIA K8M800 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA S3 Unichrome PRO IGP" rev 0x01:
aperture at 0xf400, size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp0 at pci0 dev 11 function 0 "Intel 8255x" rev 0x08, i82559: irq 11,
address 00:02:b3:1d:32:81
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
ral0 at pci0 dev 13 function 0 "Ralink RT2661" rev 0x00: irq 5, address
00:30:4f:4c:0c:9b
ral0: MAC/BBP RT2661B, RF RT2529 (MIMO XR)
pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA
pciide0: using irq 10 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide1 channel 0 drive 0:
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide1 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0
5/cdrom removable
cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 10
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00,
Problem with a URL
I am trying to open up this url with firefox on openbsd -current, but there is a problem with accessing the site. Is there a problem with doing the lookups with url's that start with dashes: http://-amaya-.deviantart.com/ Thanks, Brian Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
xenocara
I am updating my system, and I have just read about xenocara in -current. Do I just build this over my pre-existing X.org? I wasn't quite sure from the README. And is there anything special I need to do with ports and packages? Thanks.
Re: where port installs have theire packages placed
Juan Miscaro wrote: [...] > I currently have the PACKAGE_REPOSITORY variable set to > > /home/ftp/4.2/packages > > but when I installed a port its package ended up under: > > /home/ftp/4.2/packages/i386/all > > How can I correct this? After a glance at bsd.port.mk, it looks like you'll have to use a link: mkdir /home/ftp/4.2/packages/i386 ln -s .. /home/ftp/4.2/packages/i386/all Some ports will create a no-arch directory for architecture-independent packages. However, the two arch-independent ports I tested still create the package hard link in i386/all/. There may be some things I have missed so take it for what it's worth. -Brian [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
sk driver
I thought the issue with the watchdog timing out was fixed. I was seeding a torrent file this morning, so when I came home and turned it off, I received these errors: sk0: watchdog timeout sk0: cannot stop transfer of Tx descriptors I am running a kernel compiled as of last Saturday. Here's my dmesg: OpenBSD 4.0 (GENERIC) #0: Sat Sep 2 14:06:26 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1073278976 (1048124K) avail mem = 907919360 (886640K) using 22937 buffers containing 107536384 bytes (105016K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.2 @ 0xf (39 entries) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3000+, 1808.55 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 "NVIDIA nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 "NVIDIA nForce4 ISA" rev 0xa3 nviic0 at pci0 dev 1 function 1 "NVIDIA nForce4 SMBus" rev 0xa2 iic0 at nviic0 adt0 at iic0 addr 0x2e: sch5017 rev 0x89 iic1 at nviic0 adt1 at iic1 addr 0x2e: sch5017 rev 0x89 ohci0 at pci0 dev 2 function 0 "NVIDIA nForce4 USB" rev 0xa2: irq 5, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 10 ports with 10 removable, self powered ehci0 at pci0 dev 2 function 1 "NVIDIA nForce4 USB" rev 0xa3: irq 10 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1 uhub1: 10 ports with 10 removable, self powered auich0 at pci0 dev 4 function 0 "NVIDIA nForce4 AC97" rev 0xa2: irq 5, nForce4 AC97 ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0) audio0 at auich0 pciide0 at pci0 dev 6 function 0 "NVIDIA nForce4 IDE" rev 0xa2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 7 function 0 "NVIDIA nForce4 SATA" rev 0xa3: DMA pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 35304MB, 72303840 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide1 channel 1 drive 0: wd1: 16-sector PIO, LBA48, 305245MB, 625142448 sectors wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 pciide2 at pci0 dev 8 function 0 "NVIDIA nForce4 SATA" rev 0xa3: DMA pciide2: using irq 11 for native-PCI interrupt ppb0 at pci0 dev 9 function 0 "NVIDIA nForce4 PCI-PCI" rev 0xa2 pci1 at ppb0 bus 1 "ATI Rage XL" rev 0x27 at pci1 dev 5 function 0 not configured "VIA VT6306 FireWire" rev 0x80 at pci1 dev 6 function 0 not configured skc0 at pci1 dev 10 function 0 "D-Link Systems DGE-530T A1" rev 0x11, Marvell Yukon Lite (0x9): irq 5 sk0 at skc0 port A, address 00:15:e9:2e:28:e6 eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 nfe0 at pci0 dev 10 function 0 "NVIDIA CK804 LAN" rev 0xa3: irq 11, address 00:e0:81:56:8f:67 eephy1 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 1 ppb1 at pci0 dev 11 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci2 at ppb1 bus 2 ppb2 at pci0 dev 12 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci3 at ppb2 bus 3 ppb3 at pci0 dev 13 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci4 at ppb3 bus 4 bge0 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1 (0x4101): irq 11, address 00:e0:81:56:8f:66 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb4 at pci0 dev 14 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci5 at ppb4 bus 5 vga1 at pci5 dev 0 function 0 "NVIDIA GeForce 6600 GT" rev 0xa2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pchb0 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00 pchb1 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00 pchb2 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00 pchb3 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 umass0 at uhub0 port 6 configuration 1 inte
drm at vga1?
What is this? drm at vga1 unsupported I cannot find a man page for it. Thanks. Here's my complete dmesg: OpenBSD 4.4-current (GENERIC) #1: Sun Aug 10 17:55:52 MST 2008 @:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1059348480 (1010MB) avail mem = 1028325376 (980MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf (39 entries) bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 11/14/2006 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP SSDT SRAT APIC acpi0: wakeup devices HUB0(S5) XVR0(S5) XVR1(S5) XVR2(S5) XVR3(S5) USB0(S3) USB2(S3) MMAC(S5) MMCI(S5) UAR1(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (HUB0) acpicpu0 at acpi0: PSS acpitz0 at acpi0: critical temperature 100 degC acpibtn0 at acpi0: PWRB cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3000+, 1808.54 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 113 detected and fixed cpu0: AMD erratum 89 present, BIOS upgrade may be required cpu0: Cool'n'Quiet K8 1808 MHz: speeds: 1800 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 "NVIDIA nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 "NVIDIA nForce4 ISA" rev 0xa3 nviic0 at pci0 dev 1 function 1 "NVIDIA nForce4 SMBus" rev 0xa2 iic0 at nviic0 adt0 at iic0 addr 0x2e: sch5017 rev 0x89 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL2.5 spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC3200CL2.5 iic1 at nviic0 adt1 at iic1 addr 0x2e: sch5017 rev 0x89 spdmem2 at iic1 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL2.5 spdmem3 at iic1 addr 0x51: 512MB DDR SDRAM non-parity PC3200CL2.5 ohci0 at pci0 dev 2 function 0 "NVIDIA nForce4 USB" rev 0xa2: irq 11, version 1.0, legacy support ehci0 at pci0 dev 2 function 1 "NVIDIA nForce4 USB" rev 0xa3: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "NVIDIA EHCI root hub" rev 2.00/1.00 addr 1 auich0 at pci0 dev 4 function 0 "NVIDIA nForce4 AC97" rev 0xa2: irq 5, nForce4 AC97 ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0) audio0 at auich0 pciide0 at pci0 dev 6 function 0 "NVIDIA nForce4 IDE" rev 0xf2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 7 function 0 "NVIDIA nForce4 SATA" rev 0xf3: DMA pciide1: using irq 11 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 35304MB, 72303840 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide1 channel 1 drive 0: wd1: 16-sector PIO, LBA48, 305245MB, 625142448 sectors wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 pciide2 at pci0 dev 8 function 0 "NVIDIA nForce4 SATA" rev 0xf3: DMA pciide2: using irq 10 for native-PCI interrupt ppb0 at pci0 dev 9 function 0 "NVIDIA nForce4 PCI-PCI" rev 0xa2 pci1 at ppb0 bus 1 "ATI Rage XL" rev 0x27 at pci1 dev 5 function 0 not configured "VIA VT6306 FireWire" rev 0x80 at pci1 dev 6 function 0 not configured "Creative Labs SoundBlaster Audigy LS" rev 0x00 at pci1 dev 9 function 0 not configured skc0 at pci1 dev 10 function 0 "D-Link Systems DGE-530T A1" rev 0x11, Yukon Lite (0x9): irq 5 sk0 at skc0 port A: address 00:15:e9:2e:28:e6 eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 nfe0 at pci0 dev 10 function 0 "NVIDIA CK804 LAN" rev 0xa3: irq 11, address 00:e0:81:56:8f:67 eephy1 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 1 ppb1 at pci0 dev 11 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci2 at ppb1 bus 2 ppb2 at pci0 dev 12 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci3 at ppb2 bus 3 ppb3 at pci0 dev 13 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci4 at ppb3 bus 4 bge0 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1 (0x4101): irq 11, address 00:e0:81:56:8f:66 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb4 at pci0 dev 14 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci5 at ppb4 bus 5 vga1 at pci5 dev 0 function 0 "NVIDIA GeForce 6600 GT" rev 0xa2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) drm at vga1 unsupported pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00 pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00 pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00 kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00 isa0
Story Behind 4.4 T-Shirt?
I'm just curious what the story is behind the new t-shirt coming out. I thought Sun was becoming more open. Thanks, Brian
eSATA support?
I'm thinking about picking up an eSATA pci card and backing up my data to an external hd over eSATA using rsync. Is this supported? Thanks, Brian
CARP multicast and ADSL bridge
Hello, After much reading of man pages, FAQs and googling, I have come up against a dead end. I have a dual redundant CARP setup on 2 sparc64 boxes running 4.3, with an Ovislink OV303 ADSL bridge for internet connectivity. All ports are connected to the bridge with a procurve 1800-24g semi-intelligent switch. The problems are that the multicast CARP packets are getting forwarded over the bridge and running up my very limited bandwidth cap (which, of course, is no one's problem but my own) and more importantly is causing my ADSL connection to be dropped every 10-15 minutes. The tech at the ISP diagnosed the problem, and I wouldn't have believed it if I hadn't verified the behaviour myself. As soon as I disable CARP on the external interface and the CARP announce packets stop, the connection stays up for days. With CARP running, I would sometimes be down for hours, with the ADSL connection going up for a second, and dropping right away. I tried to do multicast filtering on the ADSL port, but my switch isn't intelligent enough, and the ADSL device won't filter in bridge mode. The only thing I could think to do is to put the 2 CARP ports on a seperate VLAN and route the CARP multicast packets through that, but my attempts to use pf to rdr the multicast packets to a separate vlan0 interface have not been successful. Is there a magical way to resolve my situation without buying a more expensive switch? I thought it would be worth asking before shutting up and hacking together a possibly stupid VLAN tagging solution in ip_carp. Thanks for your patience. -Brian Marshall
Re: CARP multicast and ADSL bridge
Thank you all for the kind advice. Carppeer is exactly what I need. I'll implement it as soon as I have an opportunity to upgrade to 4.4, since it doesn't seem to be in 4.3. I'll post config once I verify that I have it set up properly. -Brian Marshall
Re: Modern operating systems are flawed by design, including OpenBSD.
--- On Thu, 10/23/08, mak maxie <[EMAIL PROTECTED]> wrote: > From: mak maxie <[EMAIL PROTECTED]> > Subject: Modern operating systems are flawed by design, including OpenBSD. > To: misc@openbsd.org > Date: Thursday, October 23, 2008, 3:54 AM > http://www.computerworld.com.au/index.php?id=264209080&rid=-219 > > Microsoft Windows is the only operating that supports > signed binaries. This is the same dude that still hasn't provided good answers to djbdns as to what supposedly was found wrong with their dns program. Here's the related thread: http://marc.info/?t=1219834&r=1&w=2
Re: bash for root?
--- On Tue, 12/2/08, Ted Unangst <[EMAIL PROTECTED]> wrote: > > Install bash statically linked. That's all. > > Never make a mistake. That's all. Exactly. I don't get this thread. I mean, I could understand BASH as an option when openBSD was moving off of csh back in the day. But ksh works pretty much just like BASH, so I just don't get this. Is this just minor growing pains of someone coming over from linux?
Problem Compiling xenocara
Once I moved xenocara's source to /usr/xenocara. I have been unable to
compile. It looks like a Makefile still points to /usr/src/xenocara.
Here's my error message:
# make build
make distrib-dirs
mtree -qdef /usr/xenocara/etc/mtree/BSD.x11.dist -p / -U
cd /usr/xenocara/share/mk && exec make X11BASE=/usr/X11R6 install
install -c -o root -g bin -m 444 automake.dep bsd.xconf.mk bsd.xorg.mk
/usr/X11R6/share/mk
cd /usr/xenocara/util/macros && make -f Makefile.bsd-wrapper && exec make -f
Makefile.bsd-wrapper install
exec make
make: don't know how to make /usr/src/xenocara/util/macros/Makefile.am. Stop in
/usr/xenocara/util/macros/obj.
*** Error code 2
Stop in /usr/xenocara/util/macros (line 124 of /usr/X11R6/share/mk/bsd.xorg.mk).
*** Error code 1
Stop in /usr/xenocara (line 32 of Makefile).
Looks like the Makefile in /usr/xenocara/util/macros/obj still points to
/usr/src/xenocara :
srcdir = /usr/src/xenocara/util/macros
top_srcdir = /usr/src/xenocara/util/macros
VPATH = /usr/src/xenocara/util/macros
ACLOCAL = ${SHELL} /usr/src/xenocara/util/macros/missing --run aclocal-1.9
AMTAR = ${SHELL} /usr/src/xenocara/util/macros/missing --run tar
AUTOCONF = ${SHELL} /usr/src/xenocara/util/macros/missing --run autoconf
AUTOHEADER = ${SHELL} /usr/src/xenocara/util/macros/missing --run autoheader
AUTOMAKE = ${SHELL} /usr/src/xenocara/util/macros/missing --run automake-1.9
Any suggestions for what I can do fix this problem? Do I need to maintain the
xenocara source both in /usr/src/xenocara and /usr/xenocara?
Thanks,
Brian
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: Problem Compiling xenocara
--- On Mon, 5/12/08, Philippe Meunier <[EMAIL PROTECTED]> wrote: > > >Any suggestions for what I can do fix this problem? > > rm -rf /usr/xobj/* > cd /usr/xenocara > make bootstrap > make obj > make build > > Works for me. The first step is what you missed, I think. Thanks. I was skipping the first step. Brian
Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning
--- On Wed, 7/9/08, STeve Andre' <[EMAIL PROTECTED]> wrote: > > I expect the OpenBSD response will be excellent, and out on > its own timeframe. I have to agree with this guy. The openBSD team all ways goes above and beyond what we see other vendors do. The solutions have lasting value, rather then quick fixes that break a year later. Anybody else remember the nvidia close driver issue that Theo had foreseen years before it happened? Trust these guys. They will deliver. Brian
Re: UPDATE: mozilla-firefox-3.0
--- On Thu, 7/17/08, Marco Peereboom <[EMAIL PROTECTED]> wrote: > > I haven't even begun being harsh towards java and/or > flash. The problem with flash is that you just cannot get away from it on the web these days. A lot of sites use it. gnash is an okay solution, but I still cannot view a lot of content. And I'm not happy that netflix went with a ms solution for their instant viewing content, which is worse. The whole flash situation just sucks. Brian
Re: BIND and CNAME-ing
But can't you overwrite in cache both the A and NS record to re-direct the whole domain with an answer and authority answer spoofed from the NS server? Isn't this the other poisoning problem that really hasn't been spoken about much? However, then you would need to have a NS to redirect with. Please correct me if I'm wrong. --- On Mon, 7/28/08, Parvinder Bhasin <[EMAIL PROTECTED]> wrote: > From: Parvinder Bhasin <[EMAIL PROTECTED]> > Subject: Re: BIND and CNAME-ing > To: "Paul de Weerd" <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED], "Almir Karic" <[EMAIL PROTECTED]>, "openbsdML" > > Date: Monday, July 28, 2008, 11:27 AM > Thanks Paul!!! > Wow!!! is the only thing that comes to my mind. Didn't > even know that > DNAME existed. > I will definately read up on it. > > Thanks a bunch! > -Parvinder Bhasin > > On Jul 25, 2008, at 12:14 AM, Paul de Weerd wrote: > > > On Thu, Jul 24, 2008 at 04:49:55PM -0700, Parvinder > Bhasin wrote: > >> Thanks guys for clearing this up. So in short you > cannot CNAME an > >> entire > >> domain (domain.com IN CNAME google.com > < can't do ). > > > > You should google for DNAME some time. Then form your > own opinion on > > the topic matter ;) > > > > Cheers, > > > > Paul 'WEiRD' de Weerd > > > > -- > >> > [<++>-]<+++.>+++[<-->-]<.>+++[<+ > > > +++>-]<.>++[<>-]<+.--.[-] > > http://www.weirdnet.nl/
Intel's Open Source Policy Doesn't Make Sense
I am still working on drafting up a response to Intel's decision to not be open. But for your reading pleasure: http://news.com.com/Intel+lowers+the+boom+on+marketing,+IT+departments/2100-1014_3-6112412.html Looks like AMD has taken 26% of Intel's server market since 2003. And Intel is cutting employees as a result. Well, that's pushing a relationship that just might not hold. Nevertheless, it appears Intel is overstaffed. If you can just slice 10 thousand people, something is obviously wrong. Why would Intel take any action to further reduce it's server market? And why do Intel laptops cost more than AMD laptops? I just don't get it. I once heard that Intel does more thorough testing of their chips, but who cares if you cannot use them? And it looks like Dell is using AMD now: http://www.eweek.com/article2/0,1895,1964621,00.asp What does Intel gain by not being open? I am puzzled. I am not an engineer, so is there something that I am overlooking? Cheers, Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Intel Firmware and Open Source
Intel should provide documentation to the open source community. Documentation will allow developers to write reliable drivers. Intel should have an open license for its firmware, so that the firmware can be freely distributed. Earlier this week, a co-worker told me that his Intel wifi card would not stay connected to the network. My co-worker runs Windows, which is far from open. I suggested he talk to IT to obtain a non-Intel wifi card. I have also suggested to a friend that buys IT products for a bank to switch to AMD. I also suggested he switch to other vendors for his wifi cards. I cannot convince you to open up your documentation. I can tell everyone to avoid Intel products. I will suggest alternatives to Intel to those that run Windows. No longer is Intel a choice. However, if you embrace the open source community, then Intel becomes a choice. I would rather spend extra on an open source friendly company than a non-open source company. Cheers, Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Thanks (USB umass device)
I plugged in my attache' USB drive in today, and it worked. scsibus2 at umass1: 2 targets sd4 at scsibus2 targ 1 lun 0: SCSI0 0/direct removable sd4: 117MB, 117 cyl, 64 head, 32 sec, 512 bytes/sec, 239872 sec total Thanks for fixing this issue. I had posted about it not working well over a year ago. Thanks, Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
ifnet (frequency of updates)
I am stuck trying to find a piece of kernel code. I am trying to find the kernel function(s) that update the ifnet structure post the initial boot sequence. I found the initial setup in /usr/src/sys/kern/init_main.c, and I have been reviewing /usr/src/sys/net/if.c. At this point, I am not concerned with userland apps that update ifnet. I am probably overlooking something. Any man page read suggestions or other source files to look in? What I am trying to do is figure out a way to capture the ifnet structure members atomically (I'm experimenting.) In if.c, the network hardware devices are blocked (with splnet()) when ifnet is updated or member is deleted from the list. I do not know if it makes sense to block the device while walking the list and copying it in userland. Any suggestions are appreciated. I am new to this, so it's taking a long time. Thanks, Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
SATA
I know SATA is not as good as SCSI, but the new motherboard I picked up has SATA using NVIDIA, which I take is not supported accroding to pciide. Does NVIDIA SATA fall into the same realm of cheap controllers like Adaptec? If so, then I should assume no future SATA support on this board, and I will just pick up IDE drives. Thanks, Brian __ Discover Yahoo! Find restaurants, movies, travel and more fun for the weekend. Check it out! http://discover.yahoo.com/weekend.html
Re: Theo gave an interview to Forbes Mag. about Linux
I thought the "interview" was good. It just didn't read like an interview like the one linked to from undeadly. I used linux a year before moving over to openBSD, and the two are night and day. openBSD is well organized with very good code. linux is a disaster to navigate (horrible man pages and docs), install (it's pretty looking, but you have no clue what is going on behind the scenes), too many distros (which one is good?), and work with (do you YUM, RPMs, etc to upgrade?). And I like the fact that Theo will tell you straight out if you are doing something stupid. The developers here are honest and will tell you when something isn't worth your time. Anyway, cheers for being honest and straight forward. Brian --- "J. Lievisse Adriaanse" <[EMAIL PROTECTED]> wrote: > Theo gave an interview to Forbes Magazine, in which he stated: "It's > terrible," De Raadt says. "Everyone is using it, and they don't realize how > bad it is. And the Linux people will just stick with it and add to it rather > than stepping back and saying, 'This is garbage and we should fix it.'" > > Nice to read though as an ex-Linsux'er :) > > Jasper > > -- > "checking whether you're still watching...probaly not :-)" > /usr/ports/x11/wmx configure script. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Printers?
What do you guys recommend I use for a printer? I currently have an Epson that just doesn't work well with apsfilter. It uses way too much ink and is very slow. I would be looking for laser printer under $300. Any suggestions? Thanks, Brian
Re: Honesty needed...
Matt Juszczak wrote: Hi all, Some of you have read my posts from the previous few days but I am really stuck right now. Sorry if this is repeated information for anyone. We're running FreeBSD at work on our main mail server, which is now crashing 2 times per day. I need to find a new solution soon, or I could risk losing my job which would really stink. The machine itself is fine, and I know this because 1) I've tested the memory and 2) This problem I am experiencing is occuring on more than one machine. OpenBSD is known for its stability, and I'm wondering what everyone's opinion on stability would be with a SuperMicro Dual Xeon 3.06 ghz (SMP) and 4 GM RAM, running postfix with LDAP and 10,000 users. If I can get a stable system up and running I'll be really happy. Apparently, there is something called a ttwakeup bug and there's some SMP code problems in FreeBSD 5.4 that wasn't apparent in 4.11 (which is why that runs stable for me) causing all these problems. I would hope that with the branch off of OpenBSD these problems wouldn't exist in the OS. Any responses would be appreciated :) Regards, Matt OpenBSD SMP support is pretty new, see http://www.openbsd.org/faq/faq8.html#SMP. It isn't super mature on FreeBSD either. Brian
[Fwd: Re: spamd and comcast]
In response to the how would it increase cost question, anytime a provider has to deal with more spam it costs more money, additional manpower to process abuse complaints, additional bandwidth, server space etc. Brian
Marc Espie Interview
I just read the interview at:
http://mongers.org/openbsd/interview-espie-ports
And one thing that jumped out at me was:
"The perl modules are there so that someone could write some cool tools
directly."
Now, I just started to learn PERL yesterday. And one thing I would love to be
able to do would be to glob the package I am pulling down.
For example, I would love to just write:
pkg_add -v ${PKG_PATH}/mozilla-firefox*.tgz
Is this possible using the perl modules mentioned above?
Thanks,
Brian
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html
Re: sniffer
Hannah Schroeter wrote: Hello! On Tue, Jul 19, 2005 at 05:20:43PM +0300, [EMAIL PROTECTED] wrote: I need to sniff a network segment and I need to sniff both headers and data. Because tcpdump captures only headers its unsuitable for the task. No. Read the manpage, look for the option -s. [...] Kind regards, Hannah. Yep -s0 is definitely the tool to see data. Brian
(g)as on amd64
Is there anything special I need to do for assembly on amd64? I am having trouble with the following code: .data msg: .ascii "Hello\n" len = . - msg .text .global _start _syscall: int $0x80 ret _start: xor %rax, %rax cdq push $len push $msg push $1 movb $4,%al call _syscall push $0 movb $1,%al call _syscall Here is how I am attempting to assemble the above: as -o test1.o test1.s ld -e _start -o test1 test1.o I tried elf2olf -o openbsd test1, but I receive this error: elf2olf: test1: Exec format error. Is there something that I am missing that I need to do on amd64? Thanks, Brian Note: NASM is not an option since it's not available on amd64; there isn't a port of YASM available yet. And I ran into problems trying to compile the YASM's source. Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Still stuck with this assembly stuff (amd64)
int $0x80 push $0 movb $1, %al push %rax int $0x80 Any links or man pages to read would be helpful? I have all ready info as, and it's pretty old, but it's still useful. When I type in test1, the program appears to just exit, but nothing is printed to STDOUT. Thanks, Brian Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: Still stuck with this assembly stuff (amd64)
Thanks. I just wasn't sure if my problem was an openBSD problem or an assembly problem. It's definitely the later. And I just found the amd64 ABI, which is making the problems clear for me. Pushing those args on the stack is definitely wrong. Anyway, I appreciate the feedback. And thanks Art for pointing out that the assembly was wrong. That put me on the right track to finding a solution. The recent threads about the notes section just confused me and put me down the wrong track. Thanks, Brian --- STeve Andre' <[EMAIL PROTECTED]> wrote: > > Brian, its always good idea to learn stuff, but this isn't the right > place to talk about assembly problems. One of the newsgroups > devoted to programming would be a far better source, or one of > the many web forums out there. > > As someone said, compiling programs and looking at the code > is a great way of seeing how things are done. Thats one of the > ways I learned, quite some time ago with Digital Research C, an > awful compiler that gave me lots of pain... > > The other thing you might want to think about is getting experience > on a simpler cpu, perhaps the z80. There are tons and tons of > documents on it, and I'm pretty sure that you could write stuff and > then run it on an emulator, faster than the hardware I had, back > when I used them. > > At any rate, misc@ isn't the best place for your questions. I'm sure > there are some assembler freaks out there who would just love to > talk with you and help out. > > --STeve Andre' > > Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: Speed isn't everything, luckily for OpenBSD.
--- MikeM <[EMAIL PROTECTED]> wrote: > On 7/22/2005 at 9:10 PM Nick Holland wrote: > > | There is just *no* way to explain just how wacked Linux looks to > | someone who is having to go from OpenBSD to Linux for some stuff > | at work. Wow. > | You'd swear it was written by an unorganized mob with no central > | control or plan at all. Oh, wait... > = > > Software tends to take on the architecture of the organization that > created it. > Fortunately, the group here stands fast and creates good stuff. You have to respect a group that will tell you straight out that you are making mistakes. I actually solved my little assembly problem thanks to the approach the developers take here. Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Text editor
If you install the port vim, it comes with vimtutor. You just type: $ /usr/local/bin/vimtutor And the tutor is pretty good. It helped me out. Brian Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: 3.8 beta requests
I am not sure if this is related. But when I code assembly to pass a double precision floating point value (%xmm0) to printf, my program will crash without a stack frame. I am fine for passing strings and integers. Here's the simple code: .section .data str: .string "%f\n" test: .float 2.5 .section .text .extern printf .global main main: push %rbp # set-up stack frame movq %rsp, %rbp# will fault without this movl $str, %edi movl $test, %eax cvtss2sd (%rax), %xmm0 movq $1, %rax call printf movq $1, %rax xorq %rdi, %rdi syscall If I remove the stack frame, this code will fault every time. Now, according to the amd64 ABI, I shouldn't need a stack frame. Now, gcc compiles with stack frames, but this does appear to be a memory bug. I'm just not sure where to go next to research this further. Here's my dmesg: OpenBSD 3.8-beta (GENERIC) #210: Sat Aug 13 20:20:15 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1073278976 (1048124K) avail mem = 909148160 (887840K) using 22937 buffers containing 107536384 bytes (105016K) of memory mainbus0 (root) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3000+, 1808.55 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 "Nvidia nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured "Nvidia nForce4 ISA" rev 0xa3 at pci0 dev 1 function 0 not configured "Nvidia nForce4 SMBus" rev 0xa2 at pci0 dev 1 function 1 not configured ohci0 at pci0 dev 2 function 0 "Nvidia nForce4 USB" rev 0xa2: irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Nvidia OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 10 ports with 10 removable, self powered ehci0 at pci0 dev 2 function 1 "Nvidia nForce4 USB" rev 0xa3: irq 11 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: Nvidia EHCI root hub, rev 2.00/1.00, addr 1 uhub1: 10 ports with 10 removable, self powered auich0 at pci0 dev 4 function 0 "Nvidia nForce4 AC97" rev 0xa2: irq 11, nForce4 AC97 ac97: codec id 0x414c4760 (Avance Logic ALC655) audio0 at auich0 pciide0 at pci0 dev 6 function 0 "Nvidia nForce4 IDE" rev 0xa2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 7 function 0 "Nvidia nForce4 SATA 1" rev 0xa3: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 35304MB, 72303840 sectors pciide1: channel 1 ignored (not responding; disabled or no drives?) pciide2 at pci0 dev 8 function 0 "Nvidia nForce4 SATA 2" rev 0xa3: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide2: using irq 11 for native-PCI interrupt pciide2: channel 0 ignored (not responding; disabled or no drives?) pciide2: channel 1 ignored (not responding; disabled or no drives?) ppb0 at pci0 dev 9 function 0 "Nvidia nForce4 PCI-PCI" rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "VIA VT6306 FireWire" rev 0x80 at pci1 dev 6 function 0 not configured "Nvidia CK804 LAN" rev 0xa3 at pci0 dev 10 function 0 not configured ppb1 at pci0 dev 11 function 0 "Nvidia nForce4 PCIE" rev 0xa3 pci2 at ppb1 bus 2 ppb2 at pci0 dev 12 function 0 "Nvidia nForce4 PCIE" rev 0xa3 pci3 at ppb2 bus 3 ppb3 at pci0 dev 13 function 0 "Nvidia nForce4 PCIE" rev 0xa3 pci4 at ppb3 bus 4 bge0 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1 (0x4101): irq 5 address 00:e0:81:56:8f:66 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb4 at pci0 dev 14 function 0 "Nvidia nForce4 PCIE" rev 0xa3 pci5 at ppb4 bus 5 pchb0 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00 pchb1 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00 pchb2 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00 pchb3 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0:
Re: openbsd and the money -solutions
--- Deanna Phillips <[EMAIL PROTECTED]> wrote: > That said, I think a wall of shame page on the OpenSSH site > might be a good idea: one listing all those big companies > mentioned that have never donated a dime. Negative PR might > result in more donations than managers receiving the minor > annoyance message forwarded to them, which they'll simply delete > and forget about. Too bad openSSH couldn't just require a license fee for openSSH to be included in OS's besides openBSD that are sold for money. This would include corporate use as well. So if IBM wanted to include openSSH in one of its products sold to someone, they would have to pay openSSH to include it in their product or kick back to the openSSH team some percentage of the revenue generated by that product. Of course, the license would have to be written so the openSSH team is not obligated to do support. If IBM wanted their employees to use openSSH, they would have to pay a site license fee. Of course, home users (non-business) and universities would be excluded. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: openbsd and the money -solutions
--- "Spruell, Darren-Perot" <[EMAIL PROTECTED]> wrote: > Better approach. How about said companies belly up and support the group > that enables them (in part) to enjoy the financial success they have? Because there is no reason for them to. Here's what would happen: 1) license change comes out 2) IT looks for alternative program 3) IT provides figures to finance for either the alternative program, the new license, or in house development 4) finance runs some cash flow analysis and sits down with the CIO and CFO based on the results 5) suggestion is provided to management I work in finance. There is no reason to provide funding from a business standpoint. What does the business gain? Corporations basically have a free development team. Sure they cannot dictate requests, but the code quality is high and the product works well. Honestly, unless the openSSH team mandates funding, no one will cough up cash. And the license price has to be the sweet spot, where it isn't too high that no funding is received and not too low that it doesn't accomplish anything. And Theo from his messages doesn't want the direction of the program dictated to him by folks that donate. No corporation is gonna provide funding unless they get something out of it. I think Theo needs to put his foot down on this issue. I would think of openSSH as separate from openBSD. I would not advocate changing licenses on the rest of openBSD. Of course, the downside is that some of the corporations might withhold documentation needed for driver development unless the license is lifted. Cheers, Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
odd dmesg
I just did a fresh install of 3.9-current. And part of the dmesg is coming
across oddly. I am not sure what else to say about it. It's the iic0 and
iic1.
Check it out:
OpenBSD 3.9-current (GENERIC) #670: Sat Apr 1 23:34:55 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) 64 Processor 3000+ ("AuthenticAMD" 686-class, 512KB L2
cache) 1.81 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
real mem = 1073246208 (1048092K)
avail mem = 972591104 (949796K)
using 4278 buffers containing 53764096 bytes (52504K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(ad) BIOS, date 02/17/05, BIOS32 rev. 0 @ 0xfa780
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xcc54
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfcb20/288 (16 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 17 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0xf000 0xd/0x1800 0xd2000/0x1600
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
"NVIDIA nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 "NVIDIA nForce4 ISA" rev 0xa3
nviic0 at pci0 dev 1 function 1 "NVIDIA nForce4 SMBus" rev 0xa2
iic0 at nviic0
"sch5017" at iic0 addr 0x2e not configured
iic0: addr 0x2e 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 09=00
0a=00 0b=00 0c=00 0d=00 0e=00 0f=00 10=00 11=00 12=00 13=00 14=00 15=00 16=00
17=00 18=00 19=00 1a=00 1b=00 1c=00 1d=00 1e=00 1f=ec 20=65 21=7a 22=c2 23=c4
24=c1 25=24 26=2a 27=26 28=24 29=05 33=00 34=00 35=00 36=00 37=00 38=00 39=00
3a=00 3b=00 3c=00 3d=00 3e=5c 3f=89 40=05 41=00 42=00 43=00 44=00 46=00 48=00
4a=00 4c=00 4e=81 4f=7f 50=81 51=7f 52=81 53=7f 5c=62 5d=62 5e=62 5f=9b 60=9b
61=9b 62=00 63=00 64=80 65=80 66=80 67=37 68=37 69=37 6a=64 6b=64 6c=64 6d=44
6e=40 6f=00 73=09 74=09 75=09 76=09 77=09 78=09 79=00 7a=10 7b=00 7c=40 7d=00
7e=00 7f=1c 80=00 81=a4 82=00 83=00 84=ef 85=cb 86=67 87=24 88=d3 89=00 8a=4d
8b=4d 8c=0b 8d=0b 8e=0d 8f=00 90=cc 91=04 92=04 93=04 94=0c 95=0c 96=0c 97=5a
98=f1 99=bf 9a=af 9b=00 9d=00 9f=00 a0=00 a1=00 a2=0c a3=00 a4=02 a5=00 a6=00
a7=0b a8=0b a9=fe ab=fe b1=00 b2=00 b3=00 b4=00 b5=00 b6=28 b7=28 b8=0e b9=0e
ba=2b bb=2b bc=00 bd=00 be=00 bf=00 c0=00 c1=00 c2=00 c3=00 c4=00 c5=00 c6=00
c7=00 c8=00 c9=00 ca=00 cb=00 cc=00 cd=00 ce=00 cf=00 d0=00 d1=00 d2=00 d3=00
d4=00 d5=00 d6=00 d7=00 d8=00 d9=00 da=00 db=00 dc=00 dd=00 de=00 df=00 e0=00
e1=00 e2=00 e3=00 e4=00 e5=00 e6=00 e7=00 e8=00 e9=00 ea=00 eb=00 ec=00 ed=00
ee=00 ef=00 f0=00 f1=00 f2=00 f3=00 f4=00 f5=00 f6=00 f7=00 f8=00 f9=00 fa=00
fb=00 fc=00 fd=00 fe=00 ff=00: sch5017
iic1 at nviic0
"sch5017" at iic1 addr 0x2e not configured
iic1: addr 0x2e 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 09=00
0a=00 0b=00 0c=00 0d=00 0e=00 0f=00 10=00 11=00 12=00 13=00 14=00 15=00 16=00
17=00 18=00 19=00 1a=00 1b=00 1c=00 1d=00 1e=00 1f=ec 20=65 21=7a 22=c2 23=c4
24=c1 25=24 26=2b 27=27 28=24 29=05 33=00 34=00 35=00 36=00 37=00 38=00 39=00
3a=00 3b=00 3c=00 3d=00 3e=5c 3f=89 40=05 41=00 42=00 43=00 44=00 46=00 48=00
4a=00 4c=00 4e=81 4f=7f 50=81 51=7f 52=81 53=7f 5c=62 5d=62 5e=62 5f=9b 60=9b
61=9b 62=00 63=00 64=80 65=80 66=80 67=37 68=37 69=37 6a=64 6b=64 6c=64 6d=44
6e=40 6f=00 73=09 74=09 75=09 76=09 77=09 78=09 79=00 7a=10 7b=00 7c=40 7d=00
7e=00 7f=1c 80=00 81=a4 82=00 83=00 84=b2 85=22 86=40 87=16 88=83 89=00 8a=4d
8b=4d 8c=0b 8d=0b 8e=0d 8f=00 90=cc 91=04 92=04 93=04 94=0c 95=0c 96=0c 97=5a
98=f1 99=bf 9a=af 9b=00 9d=00 9f=00 a0=00 a1=00 a2=0c a3=00 a4=02 a5=00 a6=00
a7=0b a8=0b a9=fe ab=fe b1=00 b2=00 b3=00 b4=00 b5=00 b6=28 b7=28 b8=0e b9=0e
ba=2b bb=2b bc=00 bd=00 be=00 bf=00 c0=00 c1=00 c2=00 c3=00 c4=00 c5=00 c6=00
c7=00 c8=00 c9=00 ca=00 cb=00 cc=00 cd=00 ce=00 cf=00 d0=00 d1=00 d2=00 d3=00
d4=00 d5=00 d6=00 d7=00 d8=00 d9=00 da=00 db=00 dc=00 dd=00 de=00 df=00 e0=00
e1=00 e2=00 e3=00 e4=00 e5=00 e6=00 e7=00 e8=00 e9=00 ea=00 eb=00 ec=00 ed=00
ee=00 ef=00 f0=00 f1=00 f2=00 f3=00 f4=00 f5=00 f6=00 f7=00 f8=00 f9=00 fa=00
fb=00 fc=00 fd=00 fe=00 ff=00: sch5017
ohci0 at pci0 dev 2 function 0 "NVIDIA nForce4 USB" rev 0xa2: irq 5, version
1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 10 ports with 10 removable, self powered
ehci0 at pci0 dev 2 function 1 "NVIDIA nForce4 USB" rev 0xa3: irq 10
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
uhub1: 10 ports with 10 removable, self powered
auich0 at pci0 dev 4 function 0 "NVIDIA nForce4 AC97" rev 0xa2: irq 5, nForce4
AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655)
audio0 at auich0
pciide0 at pci0
Re: odd dmesg
--- Theo de Raadt <[EMAIL PROTECTED]> wrote: > > On iic bus 0, you have a sch5017 chip at address 0x2e for which we do > not have a driver yet: > > http://ftp.smsc.com/main/datasheets/5017.pdf > start at page 230 > > Your other iic bus appears has the same chip, or maybe it is two iic > busses wired together. > Thanks. I started to dig in /usr/src/sys/dev/i2c, and, I think, I found the function that is resulting in my dmesg dump for iic. The result seems to be coming from /usr/src/sys/dev/i2c/i2c_scan.c (function icc_dump). If I am following the source code correctly, it looks like the setup for iic is: pci->iic->individual iic drivers. Looks like the drivers have a parent/child relationship. Each driver writes to the following structures: cfattach (which contains the malloc size of struct xx_softc) cfdriver which are a part of cfdata and the drivers also write to struct sensor. The drivers also contain the registers per their docs. It looks like reads are performed on the register using iic_exec() at the address of the device, which is passed down from the parent as a parameter (void *aux). In this case, I guess the driver for all iic devices. The drivers look to contain match, attach, and refresh functions. Where I seem to be lost is how the driver data coming from the calls to iic_exec ends up in sysctl. And if I were to write a driver based on the previous drivers all ready in /usr/src/sys/dev/i2c, how would I debug it? And I still am not sure how I would add it to the kernel since I have all ways used GENERIC. I guess I can dig through the config man pages. I have never written a driver, so I am clueless. I guess I'll keep digging, but thanks for the help. Cheers, Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Moving a file mount point
--- Karl Kopp <[EMAIL PROTECTED]> wrote: > Hi All, > > I've setup a Cisco replacement using OpenBSD and OpenBGPd and man, this > thing FLIES :) I paid almost $3k AUD recently for another 64MB of RAM for > our Cisco 2610 and it was still struggling under the load of 6 - 8mb/sec! > The new OpenBSD box is running at less that 2% CPU pushing 20mb/sec - and > cost less than the RAM alone :) > > One thing I need to do urgently tho is move my /var mount - I'm not 100% how > to do this on a running box with the least amount of down time. Any hints / > advice would be greatly appreciated! > > Thanks > Karl Does this help: http://www.openbsd.org/faq/faq14.html#NewDisk I am not sure what you mean by move. Move where? I assume you meant to a new drive, so the FAQ above should help. Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: When would you NOT use OpenBSD?
--- Daniel Ouellet <[EMAIL PROTECTED]> wrote: > So, the argument of "Vendor support is a sometimes criteria." really > doesn't mean ANYTHING to me anymore and real life example proved it many > times over! Paid vendor support is a feel good thing like insurance. When it comes time for them to help you out, you get screwed. Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
FYI: sch5017
It's looking good. Thanks Roman for letting me help out. Only two problems
persist:
1) we get the list twice due to the nviic detecting two iic's
2) register 0x20 is +5 VTR, which differs from the adt chip
Here are the results as of pulling down the CVS this weekend:
hw.sensors.0=adt0, +2.5Vin, 1.32 V DC
hw.sensors.1=adt0, Vccp, 1.43 V DC
hw.sensors.2=adt0, Vcc, 3.35 V DC
hw.sensors.3=adt0, +5V, 5.13 V DC
hw.sensors.4=adt0, +12V, 12.00 V DC
hw.sensors.5=adt0, Remote1 Temp, 31.00 degC
hw.sensors.6=adt0, Internal Temp, 38.00 degC
hw.sensors.7=adt0, Remote2 Temp, 33.00 degC
hw.sensors.8=adt0, TACH1, 3832 RPM
hw.sensors.9=adt0, TACH2, 2204 RPM
hw.sensors.12=adt1, +2.5Vin, 1.32 V DC
hw.sensors.13=adt1, Vccp, 1.43 V DC
hw.sensors.14=adt1, Vcc, 3.35 V DC
hw.sensors.15=adt1, +5V, 5.10 V DC
hw.sensors.16=adt1, +12V, 12.06 V DC
hw.sensors.17=adt1, Remote1 Temp, 31.00 degC
hw.sensors.18=adt1, Internal Temp, 38.00 degC
hw.sensors.19=adt1, Remote2 Temp, 33.00 degC
hw.sensors.20=adt1, TACH1, 3829 RPM
hw.sensors.21=adt1, TACH2, 2204 RPM
here's the dmesg:
OpenBSD 3.9-current (GENERIC) #26: Fri Apr 14 16:10:03 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) 64 Processor 3000+ ("AuthenticAMD" 686-class, 512KB L2
cache) 1.81 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
real mem = 1073246208 (1048092K)
avail mem = 972591104 (949796K)
using 4278 buffers containing 53764096 bytes (52504K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(ad) BIOS, date 02/17/05, BIOS32 rev. 0 @ 0xfa780
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xcc54
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfcb20/288 (16 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 17 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0xf000 0xd/0x1800 0xd2000/0x1600
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
"NVIDIA nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 "NVIDIA nForce4 ISA" rev 0xa3
nviic0 at pci0 dev 1 function 1 "NVIDIA nForce4 SMBus" rev 0xa2
iic0 at nviic0
adt0 at iic0 addr 0x2e: sch5017 rev 0x89
iic1 at nviic0
adt1 at iic1 addr 0x2e: sch5017 rev 0x89
ohci0 at pci0 dev 2 function 0 "NVIDIA nForce4 USB" rev 0xa2: irq 5, version
1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 10 ports with 10 removable, self powered
ehci0 at pci0 dev 2 function 1 "NVIDIA nForce4 USB" rev 0xa3: irq 10
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
uhub1: 10 ports with 10 removable, self powered
auich0 at pci0 dev 4 function 0 "NVIDIA nForce4 AC97" rev 0xa2: irq 5, nForce4
AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655)
audio0 at auich0
pciide0 at pci0 dev 6 function 0 "NVIDIA nForce4 IDE" rev 0xa2: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 7 function 0 "NVIDIA nForce4 SATA" rev 0xa3: DMA
pciide1: using irq 10 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0:
wd0: 16-sector PIO, LBA48, 35304MB, 72303840 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide1 channel 1 drive 0:
wd1: 16-sector PIO, LBA48, 305245MB, 625142448 sectors
wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide2 at pci0 dev 8 function 0 "NVIDIA nForce4 SATA" rev 0xa3: DMA
pciide2: using irq 11 for native-PCI interrupt
ppb0 at pci0 dev 9 function 0 "NVIDIA nForce4 PCI-PCI" rev 0xa2
pci1 at ppb0 bus 1
"ATI Rage XL" rev 0x27 at pci1 dev 5 function 0 not configured
"VIA VT6306 FireWire" rev 0x80 at pci1 dev 6 function 0 not configured
skc0 at pci1 dev 10 function 0 "D-Link Systems DGE-530T" rev 0x11, Marvell
Yukon Lite (0x9): irq 5
sk0 at skc0 port A, address 00:15:e9:2e:28:e6
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
nfe0 at pci0 dev 10 function 0 "NVIDIA CK804 LAN" rev 0xa3: irq 11, address
00:e0:81:56:8f:67
eephy1 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 1
ppb1 at pci0 dev 11 function 0 "NVIDIA nForce4 PCIE" rev 0xa3
pci2 at ppb1 bus 2
ppb2 at pci0 dev 12 function 0 "NVIDIA nForce4 PCIE" rev 0xa3
pci3 at ppb2 bus 3
ppb3 at pci0 dev 13 function 0 "NVIDIA nForce4 PCIE" rev 0xa3
pci4 at ppb3 bus 4
bge0 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1 (0x4101):
irq 11, address 00:e0:81:56:8f:66
brgphy0 at bge0 phy 1: BCM5750 10/100/1000bas
inet6(4)
I am working on some IPv4 & IPv6 Interoperability stuff, and I hit a brick wall trying to get an IPv6 UDP server to receive IPv4 packets. It looks like that piece was taken out per inet6(4): "OpenBSD does not route IPv4 traffic to an AF_INET6 socket. The particu- lar behavior in RFC 2553 is intentionally omitted for security reasons presented above. If both IPv4 and IPv6 traffic need to be accepted, lis- ten to two sockets." So if I want to add IPv6 functionality to an existing app, I would convert the current IPv4 stuff to use getaddrinfo, and I would just open two sockets by walking the link list provided by getaddrinfo, right? I wouldn't try to receive IPv4 traffic on an IPv6 socket for openBSD. Now, I have done a cursory review of docs via google for converting IPv4 apps to IPv6, but I haven't looked at the security issues with coding for both. Besides searching securityfocus, is there another site I should be reading for IPv6? Is KAME still relevant to the openBSD implementation? Cheers, Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: OPENBSD_3_9 won't build
--- [EMAIL PROTECTED] wrote: > Hello evrybody. > > I installed box booting from PXE and then with lastest snapshot. > After that I used: > > # export [EMAIL PROTECTED]:/cvs > # cd /usr; cvs checkout -P -rOPENBSD_3_9 src This is stable, not current. You upgrade a snapshot with current; you don't go backwards to stable. The FAQ link I give belows shows the progression; it's in 5.3.2. 5.3.3 goes into a lot more depth, but below is a simple update of the source tree. This does not update X or ports though. # cd /usr/src # cvs -q up -Pd <-- to update your cvs to -current (afer you have an initial /usr/src tree) It's better to download from the ftp sites the gzipped tree instead of cvs'ing the whole thing. The FAQ goes into detail about this. > > and then successfuly installed new kernel with; > > # cd /usr/src/sys/arch/i386/conf > # config GENERIC > # cd ../compile/GENERIC > # make depend > # make > # make install > To be safe, you want to: # make clean && make depend && make It's a good habit to make clean every time. > And then rebooted PC. After than I tried to compile userland" > > # rm -rf /usr/obj/ > # cd /usr/src > # make obj > # make build > You skipped a step: # cd /usr/src/etc && env DESTDIR=/ make distrib-dirs Please read this FAQ for details: http://www.openbsd.org/faq/faq5.html#Bld > But it won't compile. Of course it won't. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
priv sep in syslogd
I am in the process of making syslogd more protocol independent (IPv4 & IPv6). I am just about ready to add a priviledged fuction for getnameinfo, but what I do not understand is why the the DNS lookups are priviledged separated. I do understand the security piece talked about in the getnameinfo(3) man page. And I have read through the CVS comments. I understand the socketpair must_read's and must_write's. But before I finalize anything, I want to make sure I understand the security assumptions. Can someone fill me in? I am using getaddrinfo and binding two sockets: udp and udp6 per inet6. I have modified cvthname to handle IPv4 and IPv6 (passing in a struct sockaddr_storage and using inet_pton), save for the hostname look up since I need to call a priviledged function for getnameinfo instead of gethostbyaddr (which is only IPv4). I still have some additional IPv4 only stuff that I need to clean up. And I need to clean up the code I did write. And I need to verify that the current pipe stuff can be removed as well since the code looks to only use the socketpairs. Finally, I need to test it. Thanks, brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Red Black Trees
I am reading through the tree(3), and I need some clarification. If I want to
correctly remove an element from a red black tree that I have found and free
it's memory allocation, this code should work, right?
find.i = 400;
n = RB_FIND(inttree, &head, &find);
if (n != NULL) {
n = RB_REMOVE(inttree, &head, n);
free(n);
} else if (n == NULL)
(void)printf("satisfied NULL check\n");
I ask because the man page is clear for splay trees, but I am not certain for
Red Black trees. I looked at /usr/include/sys/tree.h, and I did not find any
explicit free's.
I assume that since RB_REMOVE will provide me with a pointer to the removed
element, that all I need to do is free it.
Also, is the above the most efficient way to find and remove an element from a
red black tree?
Cheers,
Brian
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
kvm symbols
I am currently going through the netstat code, and I see it makes a lot of use of kvm. I take it that the preferred method for looking up kernel data would be sysctl. Now, I am stuck in the kvm code. I have no idea where I can find a list of kernel symbols that can be placed into nl struct. Is there is man page or header file that lists the kernel symbols and what they represent? sysctl has very good documentation and makes finding sysctl symbols easy. Thanks, Brian
Re: 3.6 caching resolver
Rod.. Whitworth wrote: On Thu, 5 May 2005 10:31:56 -0700 (PDT), Brian W. wrote: Anyone else notice this performing slowly. I did a tcpdump and it appears localhost gets queried 2-3 times before a packet goes out. I see quite a few delays and some failures to resolve that work with one or two retries. I am using the default config file. It is a bit annoying for me but I know to retry. The windows only users on the LAN get a bit testy about "server not responding" messages (or whatever it says) from their browsers From the land "down under": Australia. Do we look from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. I did the 3.6 patch, that helped a little but its still pokey. Its a p2-350 with 128 megs. I'll have to do some comparison testing, either Freebsd on this hardware, or openbsd on a 1.2G p3. Brian
stat(1) first appeared in openBSD 3.8?
I think the HISTORY section is wrong. But I do not know what it supposed to read. http://www.openbsd.org/cgi-bin/man.cgi?query=stat&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html Cheers, Brian Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail
[Fwd: Re: IMAP servers]
Is the Thunderbird problem you refer to here something like it taking a couple minutes after opening the client before you can actually see new messages? Brian Received: from shear.ucar.edu (shear.ucar.edu [192.43.244.163]) by entwistle.sonicboom.org (8.13.3/8.13.1) with ESMTP id j4MM3nC5095878 for <[EMAIL PROTECTED]>; Sun, 22 May 2005 15:03:49 -0700 (PDT) (envelope-from [EMAIL PROTECTED]) Received: from openbsd.org (localhost.ucar.edu [127.0.0.1]) by shear.ucar.edu (8.13.3/8.13.3) with ESMTP id j4MLslGA030318; Sun, 22 May 2005 15:54:47 -0600 (MDT) Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by shear.ucar.edu (8.13.3/8.13.3) with ESMTP id j4ML19Ww007587 (version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO) for ; Sun, 22 May 2005 15:01:10 -0600 (MDT) Received: from [192.168.1.22] (209-204-170-165.dsl.static.sonic.net [209.204.170.165]) (authenticated bits=0) by a.mail.sonic.net (8.13.3/8.13.3) with ESMTP id j4ML17tj028149 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Sun, 22 May 2005 14:01:08 -0700 Message-ID: <[EMAIL PROTECTED]> Date: Sun, 22 May 2005 14:01:07 -0700 From: Raymond Lillard <[EMAIL PROTECTED]> User-Agent: Mozilla Thunderbird 1.0.2-1.3.3 (X11/20050513) X-Accept-Language: en-us, en MIME-Version: 1.0 To: misc@openbsd.org Subject: Re: IMAP servers References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> In-Reply-To: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Loop: misc@openbsd.org Precedence: list Sender: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on entwistle.sonicboom.org X-Spam-Status: No, score=-2.6 required=2.8 tests=BAYES_00 autolearn=ham version=3.0.3 X-Spam-Level: Nico Meijer wrote: > Hi Gaby, >>What do you use to do IMAP under OpenBSD? > > I switched from Dovecot to Courier-imap when Thunderbird started having > problems with it. I like both servers. Dovecot has since added a parameter in the config file to enable a work-around for the thunderbird problem. Ray
Re: Azalia problem: no sound
Azalia codec problem as well with my new ATI card: azalia0 at pci1 dev 0 function 1 "ATI Radeon HD 4000 HD Audio" rev 0x00: apic 8 int 17 (irq 10) azalia0: no supported codecs azalia0: initialization failure, detaching full dmesg below: OpenBSD 4.7-beta (GENERIC.MP) #78: Wed Jan 27 19:29:21 MST 2010 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2644086784 (2521MB) avail mem = 2565267456 (2446MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f6a4000 (62 entries) bios0: vendor Intel Corp. version "S3420GP.86B.01.00.0027.091120091739" date 09/11/2009 bios0: Intel Corporation S3420GP acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC MCFG HPET SLIT SPCR WDDT SSDT SSDT HEST BERT ERST EINJ acpi0: wakeup devices MRP1(S5) MRP2(S5) MRP3(S4) MRP4(S4) ILAN(S5) EHC2(S5) PEX0(S5) PEX1(S5) PEX2(S5) PEX3(S5) PEX4(S5) PEX6(S5) PEX7(S5) EHC1(S5) IP2P(S5) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz, 2533.65 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz, 2533.30 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu1: 256KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz, 2533.30 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu2: 256KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz, 2533.30 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu3: 256KB 64b/line 8-way L2 cache cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz, 2533.30 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu4: 256KB 64b/line 8-way L2 cache cpu5 at mainbus0: apid 3 (application processor) cpu5: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz, 2533.30 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu5: 256KB 64b/line 8-way L2 cache cpu6 at mainbus0: apid 5 (application processor) cpu6: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz, 2533.30 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu6: 256KB 64b/line 8-way L2 cache cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz, 2533.30 MHz cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu7: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (MRP1) acpiprt2 at acpi0: bus 1 (MRP3) acpiprt3 at acpi0: bus 2 (PEX0) acpiprt4 at acpi0: bus 3 (PEX4) acpiprt5 at acpi0: bus 4 (PEX6) acpiprt6 at acpi0: bus 6 (IP2P) acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpicpu4 at acpi0: C3, C1, PSS acpicpu5 at acpi0: C3, C1, PSS acpicpu6 at acpi0: C3, C1, PSS acpicpu7 at acpi0: C3, C1, PSS acpibtn0 at acpi0: SLPB ipmi at mainbus0 not configured cpu0: unknown i686 model 0x1e, can't get bus clock cpu0: EST: PSS not yet available for this processor pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core DMI" rev 0x11 ppb0 at pci0 dev 5 function 0 "Intel Core PCIE" rev 0x11: apic 8 int 16 (irq 11) pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Radeon HD 4650" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci1 dev 0 function 1 "ATI Radeon HD 4000 HD Audio" rev 0x00: apic 8 int 17 (irq 10) azalia0: no supported codecs azalia0: initialization failure, detaching "Intel Core Management" rev 0x11 at pci0 dev 8 function 0 not configured "Intel Core Scratch" rev 0x11 at pci0 dev 8 function 1 not configured "Intel Core Cont
FOSDEM 2019 - Distributions Devroom Call for Participation
The Distributions devroom will take place Sunday 3 February 2019 at FOSDEM, in Brussels, Belgium at the Université Libre de Bruxelles. As more and more workloads are being considered for containerization in the future and are finally landing in virtualized environments today, distributions remain a critical success factor and are more important than ever. Containers, like virtual machines, are not magical and rely on piles of software being assembled in a way that is repeatable, reliable, and functional. This is at the very heart of the problem that distributions have always solved. Each distribution is responsible for building, testing, and releasing software as well as managing the lifecycle of each application in the collection. Additionally, distributions do very important work in ensuring that various versions of upstream software work well together and can co-exist. Distributions are also, often responsible, for "de-vendoring" upstream software so that security fixes can be applied more quickly. We welcome submissions targeted at contributors interested in issues unique to distributions, especially in the following topics: # Topics and Areas of Focus ## Focus Areas - The ways that distribution technologies can be leveraged to allow for easier creation of a multi-verse of artifacts from single source trees. This includes the increasing move toward self-contained applications and providing multiple non-parallel installed versions of software. - Efforts being made in shared environments around Build/Test/Release cycles. - Topics related to the delivery problem as it impacts updates in terms of both size and rollback/reliability are expected to be featured. ## Additional Topic Ideas - Distribution and Community collaborations, eg: how does code flow from developers to end users across communities, ensuring trust and code audibility - Automating building software for redistribution to minimize human involvement, eg: bots that branch and build software, bots that participate as team members extending human involvement - Cross-distribution collaboration on common issues, eg: content distribution, infrastructure, and documentation - Growing distribution communities, eg: onboarding new users, helping new contributors learn community values and technology, increasing contributor technical skills, recognizing and rewarding contribution - Principals of Rolling Releases, Long Term Supported Releases (LTS), Feature gated releases, and calendar releases - Distribution construction, installation, deployment, packaging and content management - Balancing new code and active upstreams verus security updates, back porting and minimization of user breaking changes - Delivering architecture independent software universally across architectures within the confines of distribution systems - Effectively communicating the difference in experience across architectures for developers, packagers, and users - Working with vendors and including them in the community - The future of distributions, emerging trends and evolving user demands from the idea of a platform Ideal submissions are actionable and opinionated. Submissions may be in the form of 25 or 50 minute talks, panel sessions, round-table discussions, or Birds of a Feather (BoF) sessions. Dates -- Submission Deadline: 02-Dec-2018 @ 2359 GMT Acceptance Notification: 7-Dec-2018 Final Schedule Posted: 14-Dec-2018 How to submit -- Visit https://penta.fosdem.org/submission/FOSDEM19 1.) If you do not have an account, create one here 2.) Click 'Create Event' 3.) Enter your presentation details 4.) Be sure to select the Distributions Devroom track! 5.) Submit What to include --- - The title of your submission - A 1-paragraph Abstract - A longer description including the benefit of your talk to your target audience, including a definition of your target audience. - Approximate length / type of submission (talk, BoF, ...) - Links to related websites/blogs/talk material (if any) Administrative Notes We will be live-streaming and recording the Distributions Devroom. Presenting at FOSDEM implies permission to record your session and distribute the recording afterwards. All videos will be made available under the standard FOSDEM content license (CC-BY). If you have any questions, feel free to contact the devroom organizers: distributions-devr...@lists.fosdem.org (https://lists.fosdem.org/listinfo/distributions-devroom) Cheers! Brian Exelbierd (twitter: @bexelbie) and Brian Stinson (twitter: @bstinsonmhk) for and on behalf of The Distributions Devroom Program Committee
Re: OpenBSD VPS hoster with unlimited/limited nonfiltered traffic
Try setting sysctl kern.timecounter.hardware=tsc on the OpenBSD vmm guest and run ntpd. I have not tried without ntpd but I know without using tsc, time skews too much. > On Apr 19, 2020, at 10:25 AM, Martin wrote: > > Thanks all of you guys for suggestions. > > Just one question to OpenBSD VMM based VPS hosters. I use vmd with OBSD 6.6 > and Debian guests locally just for testing and stuck with clock > synchronization issue with both guests. > > Will I encounter the same issue with clock synchronization on VMM based VPSes? > > Martin > > > ‐‐‐ Original Message ‐‐‐ >> On Saturday, April 18, 2020 12:20 AM, j3s wrote: >> >>> On 4/10/20 4:51 AM, Martin wrote: >>> >>> I'm looking for relatively cheap VPS with OpenBSD installation support and >>> with ~1Tb of unfiltered traffic. In any words all in/out VPS ports must be >>> opened by default. >>> Any recommendations? >> >> Ohai. Co-founder of Cyberia Computer Club here - we're a US-based >> nonprofit - part of our deal is providing good & open services. >> >> We host our own hardware in a US datacenter, and offer OpenBSD VMs for >> decent prices. You can see the whole shtick at https://capsul.org >> >> No filtering or snooping, you just get a box on a public IPv4 and that's it. >> >> Just wanted to toss my own hat in the ring! >> >> j3s > >
Re: multihomed routing issue
Try something like this in pf.conf: pass in on hvn1 proto tcp from to (hvn1) port 22 reply-to 10.0.0.1@hvn1 The reason you have to do this is because you have the same router address on hvn0 and hvn1 (10.0.0.1). Another option is to use route tables. Let me know if you have any questions. I run a lot of OpenBSD in Azure. -Brian > On Apr 26, 2020, at 12:03 PM, 4642 <4...@protonmail.com> wrote: > > Hi, I have created a OpenBSD 6.6 VM in the Azures cloud that I plan to use > as a Firewall, I had planned on using carp but I can't get it working in > Azure so I think I can use an Internal load balancer to achieve my aim of > having two redundany OBSD Firewalls in Azure. The problem I have is that the > Azure Internal Load Balancer requires a health probe to work. So I create a > load balancer health probe and set it to the SSH service on my FW Host and > set it to every 5 seconds. I can see the traffic on my FW but the health > probe doesn't work and I think it's because the traffic from the Azure > discover ip "168.63.129.16" that is doing the probe is coming from within the > azure nextwork, hitting my internal nic and then onto the ssh service ? and > then finally leaving but on the external interface. > > tcpdump -n -e -ttt -i pflog0 -v > tcpdump: WARNING: snaplen raised from 116 to 160 > tcpdump: listening on pflog0, link-type PFLOG > Apr 26 15:59:30.082436 rule 1/(match) [uid 0, pid 44293] block out on hvn0: > [orig src 10.x.x.36:22, dst 168.63.129.16:54762] 10.x.x.4.65324 > > 168.63.129.16.54762: S [bad tcp cksum 9d0b! -> 9e14] 252441079:252441079(0) > ack 3958895254 win 16384 (DF) (ttl 64, > id 2960, len 52, bad ip cksum 0! -> 52f0) > > Rule 1 = block log all > 168.63.129.16 = Azure Discovery Address > 10.x.x.4 = My External IP on hvn0 > 10.x.x.36 = My Internal IP on hvn1 > > I tried changing the state rules to allow the traffic out on the external > interface and I thought I had it working earlier today by changing > state-policy from if-bound to floating but I can't reproduce that again for > some reason... anyway it didn't seem to work. > I think I really just need to force the traffic back out the Internal > interface but I just don't know how to do that ? > > If anyone could help me it would be really appreciated. > Thanks > > Keith
Re: IPv4 traffic over IPv6 tunnel approach
>From your description, you want to pass IPv4 inside a tunnel that has an outer >protocol of IPv6. Your resulting hostname.gif0 looks like the exact opposite >of your description (IPv6 inside the tunnel with IPv4 outer). Clarify what you need please. Provide your existing hostname.if files for the other interfaces if you need to. > On May 8, 2020, at 3:09 PM, Martin wrote: > > Last thing I have to understand about gif(4) and IPv6 tunneling. > > Should I set gif(4) 'inet6 alias' = the same IPv6 of the local end of IPv6 > tunnel interface or just set 'inet6 alias' for gif(4) in tunnel's IPv6 subnet? > > Martin > > ‐‐‐ Original Message ‐‐‐ >>> On Friday, May 8, 2020 4:41 PM, Tom Smyth >>> wrote: >> Hi Martin, >> If I understand your question correctly >> you need 2 endpoints to the tunnel... >> for gif(4) or any gre((4) based tunnel >> you need the interface setup on both the client and the server (gateway) >> if you have a gateway serving multiple clients... then you need one >> interface per client that you intend to connect >> Thanks >> Tom Smyth >>> On Fri, 8 May 2020 at 17:38, Martin martin...@protonmail.com wrote: >>> Thanks for confirmation. >>> Hope I understand gif(4) functionality right from its configuration. Can I >>> set /etc/hostname.gif0 from client's side only like below: >>> /etc/hostname.gif0 >>> tunnel 10.20.30.40 195.203.212.221 >>> inet6 alias 2001:05a8::0001::::8542 128 >>> dest 2001:05a8::0001::::8541 >>> where >>> tunnel 10.20.30.40 is client's address, 195.203.212.221 gateway machine >>> egress IPv4 >>> inet6 alias is the same IPv6 address of client's IPv6 local interface or an >>> IPv6 address in the same subnet. >>> dest IPv6 is a destination IPv6 interface address of gateway machine. >>> Do I need to setup gif0 on gateway machine to have encapsulation working? >>> Martin >>> ‐‐‐ Original Message ‐‐‐ On Friday, May 8, 2020 1:43 PM, Kristjan Komlosi kristjan.koml...@gmail.com wrote: gif(4) should work fine, as it's designed to do what you described. The best approach depends on the level of security you want to achieve. IPIP tunnels aren't encrypted... regards, kristjan On 5/8/20 3:32 PM, Martin wrote: > I have IPv6 unidirectional tunnel between two machines. One of them is > gateway, another one is a client. > The goal is to route IPv4 packets over IPv6 tunnel from client to gateway > and NAT IPv4 packet to egress on gateway machine. > May I use gif(4) for it or what is the best approach to traverse IPv4 > packets over IPv6 tun? > Martin >> -- >> Kindest regards, >> Tom Smyth.
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
At risk of responding without having read through the entire website, it seems to mostly be about OpenBSD's exploit mitigations, and nothing else. But OpenBSD does a lot of other things well, like doing lots of code reviews, having a culture of writing code with an eye toward security in the first place, providing API's that are more difficult for developers to misuse (strlcat, pledge), and generally good design like building things with privilege separation in lots of places. OpenBSD also has lots of mitigations, but then so do other OS'es. Mitigations have always been and will probably always be a controversial and fraught topic. That's because mitigations are just that - they're *mitigations*. For the most part they're not supposed to provide more-or-less impenetrable security barriers like with privilege separation, memory safe languages, etc. They're just there to make an attacker's life harder and their chances of success lower than otherwise. For this reason, they're subject to an endless arms race, with developers always introducing new and interesting mitigations, and exploit writers always researching fun and bizarre ways to work around them. The best an OS can do is to stay as close to the state of the art as possible. So, there's probably some valid criticisms in there (I haven't read through them all), but "some of OpenBSD's exploit mitigations have some issues" is not grounds to say that OpenBSD is bad or insecure, as a blanket statement. OpenBSD has a lot of great things going for it. My 2 cents, BW On Thu, 07 May 2020 07:00:15 -0700 wrote Dear OpenBSD fans, Can you please comment negative appraisal from the following website: https://isopenbsdsecu.re/quotes/ I did not want to hurt anyone, just looking for a secure OS and OpenBSD looked very nice to me before I have found this website. Kind Regards
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
If any widely-used open source software had government backdoors in it, nobody in the know would be telling folks about it in random IRC chat rooms. BW On Mon, 11 May 2020 18:13:35 -0700 wrote I was told on the chat that Linux GNU software has hardly visible NSA backdoors and IMHO most funding for Linux seems to be from USA ? Only single Linus person alone is paid about 30 times more per year by Linux foundation than the whole OpenBSD foundation total fundraising goal, not sure if it is an indication of Linux be more corporation sponsored and oriented.Is not USA a beneficiary of big transnational corporation and capital?
Re: Setting permanent neighbor entry
Do it in hostname.if. You’ll win the race. > On May 26, 2020, at 2:14 PM, Demi M. Obenour wrote: > > On 2020-05-26 09:34, Kanto Andria wrote: >> Hello, >> man ndp is probably another solution >> >>On Tuesday, May 26, 2020, 9:17:25 a.m. EDT, Tommy Nevtelen >> wrote: >> >>> On 26/05/2020 11.38, Demi M. Obenour wrote: >>> What is the OpenBSD equivalent to this Linux command? >>> >>> ip neighbor add 2001:db8::1 dev xnf0 lladdr fe:ff:ff:ff:ff:ff router nud >>> permanent >>> >>> It doesn’t need to be a single command. If the existing userspace >>> tooling does not support this, is it possible to do it via the >>> kernel APIs? >> man arp > > I already tried this, but it does not work if there is already > an entry. Removing it and re-adding it is racy: a new entry might > appear before I can override it. > > Sincerely, > > Demi >
Re: About pf max-src-conn-rate
What do you do with table in other rules? If you’re doing nothing, you
need to do something like block additional connections, or adjust the pass rule
to include from !
Run: pfctl -t smtp -T show
Does it show the offending IP? If so, the rule worked as you defined it.
> On May 27, 2020, at 8:30 AM, Walter Alejandro Iglesias
> wrote:
>
> Another question about pf.
>
> Perhaps I don't fully understand how connection rate is calculated.
>
> The following line in /etc/pf.conf:
>
> pass in log inet proto tcp to any port { smtp smtps } synproxy state \
>(max-src-conn-rate 5/30, overload flush global)
>
> Shouldn't avoid this happen?
>
> In /var/log/maillog
>
> May 27 10:55:05 server smtpd[30272]: 1a931fba4746f485 smtp connected
> address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
> May 27 10:55:06 server smtpd[30272]: 1a931fba4746f485 smtp failed-command
> command="RCPT TO:" result="550 Invalid recipient:
> "
> May 27 10:55:06 server smtpd[30272]: 1a931fba4746f485 smtp disconnected
> reason=disconnect
> May 27 10:55:06 server smtpd[30272]: 1a931fbbc5c841e4 smtp connected
> address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
> May 27 10:55:06 server smtpd[30272]: 1a931fbbc5c841e4 smtp failed-command
> command="RCPT TO:" result="550 Invalid recipient:
> "
> May 27 10:55:07 server smtpd[30272]: 1a931fbbc5c841e4 smtp disconnected
> reason=disconnect
> May 27 10:55:07 server smtpd[30272]: 1a931fbc9f586ee6 smtp connected
> address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
> May 27 10:55:07 server smtpd[30272]: 1a931fbc9f586ee6 smtp failed-command
> command="RCPT TO:" result="550 Invalid recipient:
> "
> May 27 10:55:07 server smtpd[30272]: 1a931fbc9f586ee6 smtp disconnected
> reason=disconnect
> May 27 10:55:07 server smtpd[30272]: 1a931fbdf6b23f59 smtp connected
> address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
>
> [...] Complete here with 311 entries with the same time interval.
>
> May 27 10:59:11 server smtpd[30272]: 1a9320f8f8726fab smtp disconnected
> reason=disconnect
> May 27 10:59:11 server smtpd[30272]: 1a9320f9e3e281ab smtp connected
> address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
> May 27 10:59:11 server smtpd[30272]: 1a9320f9e3e281ab smtp failed-command
> command="RCPT TO:" result="550 Invalid recipient:
> "
> May 27 10:59:12 server smtpd[30272]: 1a9320f9e3e281ab smtp disconnected
> reason=disconnect
> May 27 10:59:12 server smtpd[30272]: 1a9320fa851b3e31 smtp connected
> address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
> May 27 10:59:12 server smtpd[30272]: 1a9320fa851b3e31 smtp failed-command
> command="RCPT TO:" result="550 Invalid recipient:
> "
> May 27 10:59:12 server smtpd[30272]: 1a9320fa851b3e31 smtp disconnected
> reason=disconnect
> May 27 10:59:13 server smtpd[30272]: 1a9320fbe3f04434 smtp connected
> address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
> May 27 10:59:13 server smtpd[30272]: 1a9320fbe3f04434 smtp failed-command
> command="RCPT TO:" result="550 Invalid recipient:
> "
> May 27 10:59:13 server smtpd[30272]: 1a9320fbe3f04434 smtp disconnected
> reason=disconnect
> May 27 10:59:13 server smtpd[30272]: 1a9320fc4f172f88 smtp connected
> address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
> May 27 10:59:14 server smtpd[30272]: 1a9320fc4f172f88 smtp failed-command
> command="RCPT TO:" result="550 Invalid recipient:
> "
> --
>
> A total of *323* connections from the same IP at less than a 1/4 second
> interval during more than four minutes.
>
Re: About pf max-src-conn-rate
Keep in mind operations using pfctl such as reloading rule set or table from
file, any IP’s caught in the smtp table by the max-src-conn-rate will be
flushed depending on your command line.
> On May 27, 2020, at 4:29 PM, Walter Alejandro Iglesias
> wrote:
>
> Hello Brian,
>
>> On Wed, May 27, 2020 at 02:35:46PM -0400, Brian Brombacher wrote:
>> What do you do with table in other rules? If you’re doing nothing,
>> you need to do something like block additional connections, or adjust the
>> pass rule to include from !
>
> You're right. I forgot to mention I have these lines before:
>
> table persist file "/path/to/smtp.txt"
> block in log quick inet proto tcp from to any port { smtp smtps }
>
>>
>> Run: pfctl -t smtp -T show
>>
>> Does it show the offending IP? If so, the rule worked as you defined it.
>>
>>
>
> I run a cron script that parses my log files and also add the offending
> IPs to that table. To be sure the max-src-conn-rate adds those IPs to
> the table I'll have to create an alternative table just to test.
>
>
Re: Restore pf tables metadata after a reboot
No reason to expire ssh brute force. They will never stop. Manual flush if someone accidentally locked themselves out. Just my two cents :) > On Jun 4, 2020, at 12:48 AM, Anatoli wrote: > > >> >> Even then it seems that some of them turn up again pretty much >> instantly after expiry. > > You could update the expire time on each new connection/port scan > attempt. This way you could put say 4 days expire time and block these > IPs on all ports on all your systems and new connection attempts would > update the expire for all the systems. > > 4 days is because 5 days is a typical timeout for a temporary error for > SMTP. It may happen that someone used for 24hs a cloud instance and > then got banned by the cloud provider, the IP used for > spam/scans/attacks could be reused for another client for a legit > activity. So if that new client for the old IP sends to your client some > important mail, it's not lost and doesn't generate an undeliverable mail > report, it just takes some days to reach the destination (with retries > by the origin server). > > 4 weeks looks excessive for cloud shared IPs. > > >> On 30/5/20 07:25, Peter Nicolai Mathias Hansteen wrote: >> >> 30. mai 2020 kl. 11:54 skrev Walter Alejandro Iglesias : >>> >>> The problem is most system administrators out there do very little. If >>> you were getting spam or attacks from some IP, even if you report the >>> issue to the respective whois abuse@ address, chances are attacks from >>> that IP won't stop next week, nor even next month. >>> >>> So, in general terms, I would refrain as much as possible from hurry to >>> expiring addresses. Just my opinion. >> >> Yes, there are a lot of systems out there that seem to be not really >> maintained at all. After years of advocating 24 hour expiry some time back I >> went to four weeks on the ssh brutes blacklist. Even then it seems that some >> of them turn up again pretty much instantly after expiry. >> >> All the best, >> >> — >> Peter N. M. Hansteen, member of the first RFC 1149 implementation team >> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ >> "Remember to set the evil bit on all malicious network traffic" >> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. >> >> >> >> >
Re: Relayd with TLS and non-TLS backends - bug
> On Jun 11, 2020, at 4:28 PM, Toyam Cox wrote:
>
> Hello Misc,
>
> Full config at end of email.
>
> I've discussed the below in #openbsd on freenode, and was told to come
> here. At present, I have a setup where I need multiple unrelated
> servers under a single IP address. I used relayd to do https
> interception, read the Host header, and make decisions.
>
> The very relevant part of my config is this:
>
> forward to port 80
> forward with tls to port 443
>
> The order here does not matter (unlike most relayd configs, I know,
> but I've tested in my configuration and it works).
>
> When I have "with tls" on that second line, I see error lines like:
> relay web, session 3 (1 active), 0, [redacted] -> 10.0.0.102:80, TLS
> handshake error: handshake failed: error:14FFF3E7:SSL
> routines:(UNKNOWN)SSL_internal:unknown failure occurred, GET:
> Undefined error: 0
>
> and, unhelpfully, relayd responds with no response. There is no
> return. Or, as curl puts it: curl: (52) Empty reply from server
>
> When I remove "with tls" then I successfully reach the http backend,
> but since the https backend requires ssl, that connection no longer
> works. So it seems that 'with tls" affects all "forward" clauses, not
> just the one to which it's attached.
>
> I believe this to be a bug.
>
> cat >/etc/relayd.conf < table { "10.0.0.101" }
> table { "10.0.0.102" }
> # obviously obfuscated some values
>
> interval 5
> timeout 1000
>
> log connection
>
> http protocol web {
> return error
>
> match header set "X-Client-IP" value "$REMOTE_ADDR:$REMOTE_PORT"
> match header set "X-Forwarded-For" value "$REMOTE_ADDR"
> match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
>
> http websockets
> pass request quick header "Host" value "myhost.example.com" path
> "/Client/*" forward to
> pass request quick header "Host" value "otherhost.example.com" forward
> to
>
> block
> }
>
> relay web {
> listen on 10.0.0.100 port 443 tls
> protocol web
>
> forward to port 80 check http "/webservice.asmx" code 405
> forward with tls to port 443 check https
> "/Client/SupportedBrowsers.html" host "myhost.example.com" code 200
> }
> EOF
>
Not to change topics too drastically :)
Consider running the backend connection over a different encrypted transport,
such as mesh iked(8) or upcoming wg(4). It’s super easy to setup, and
compatible with the other server OS. Go further into the “SDN realm” with
everything encapsulated in vxlan(4) for even more flexibility, including
long-haul internet endpoints across varying firewall and NAT designs. Pimp out
the configs of your networking groups’ routers to de-encapsulate and decrypt
the traffic for even more performance and compatibility. Anything is possible
as a front-end relay server with OpenBSD.
Why? Well for one, you save on many rounds of TLS negotiation. Upcoming
performance enhancements to the networking stack will only help scale this
method of relaying to more and more acceptable levels compared to non-encrypted
networking. My subjective net gain is simplicity, security, performance, and
flexibility.
-Brian
Re: Relayd with TLS and non-TLS backends - bug
> On Jul 3, 2020, at 9:46 PM, Daniel Jakots wrote: > > On Fri, 3 Jul 2020 20:25:12 -0400, Brian Brombacher > wrote: > >> My subjective net gain is simplicity, security, performance, and >> flexibility. > > I don't think adding ipsec (or a mesh vpn) into the mix achieve that but > ymmv. > Subjective is right :) He has two hosts. IPsec from one to the other. Pre-negotiated encrypted channel. MTU 1400 or so... Four round-trip TCP packets to get the request on the backend... if the HTTP request is smaller than say 1300 bytes, to be really safe. How is that slower? -Brian
Re: relayd multiple listen on same redirect
> On Jul 3, 2020, at 3:34 AM, Kapetanakis Giannis
> wrote:
>
> Hi,
>
> My setup in relayd is like this:
>
> redirect radius {
> listen on $radius_addr udp port radius interface $ext_if
> pftag RELAYD_radius
> sticky-address
> forward to mode least-states check icmp demote carp
> }
>
> redirect radacct {
> listen on $radius_addr udp port radacct interface $ext_if
> pftag RELAYD_radius
> sticky-address
> forward to mode least-states check icmp demote carp
> }
>
> I want to combine it in one redirect but the redirect forwards it to the
> first port defined in listen for both radius and radacct ports.
>
> redirect radius {
> listen on $radius_addr udp port radius interface $ext_if
> listen on $radius_addr udp port radacct interface $ext_if
> pftag RELAYD_radius
> sticky-address
> forward to mode least-states check icmp demote carp
> }
>
> Is there another way to do this or do I have to stick with two redirects?
>
> thanks,
>
> Giannis
Hi Giannis,
I have not tested your config or my advice for your config; however, my
assumptions are sticky-address is needed per udp port conversation for radius.
By contrast, if sticky was needed for the combination of both radius/radacct on
same backend host per source address or address/port, you cannot achieve that
reliably with least-states. I don’t know the radius protocols enough to know
the requirements.
Here’s my question after all that dribbling:
Have you tried using either of the following config options?
forward to destination
forward to nat
IIRC, in the past I had multiple TCP relay ports going to their specified ports
on the backend. I only needed to split things by address family (v4/6) for my
own purposes. I cannot remember if the directives above took port into
consideration. It might not be a far stretch to make that feasible with code
changes but I haven’t seen the relayd code paths in question so that’s a
complete guess (but I’m on my way to check ;). Also since I concentrated on
TCP relays, I don’t know how effective these directives would be for redirects.
My end config has separate relays per TCP service except passive FTP relaying.
Also, make sure your pf.conf has the right anchor. Only mentioning it because
your original email skips this detail. I doubt this would be missing if you
have a working setup already, so ignore if so.
Cheers,
Brian
Re: strlcpy version speed tests?
>> On Jul 1, 2020, at 1:14 PM, gwes wrote: >> >> On 7/1/20 8:05 AM, Luke Small wrote: >> I spoke to my favorite university computer science professor who said >> ++n is faster than n++ because the function needs to store the initial >> value, increment, then return the stored value in the former case, >> while the later merely increments, and returns the value. Apparently, >> he is still correct on modern hardware. > For decades the ++ and *p could be out of order, in different > execution units, writes speculatively queued, assigned to aliased registers, > etc, etc, etc. > > Geoff Steckel Hey Luke, I love the passion but try to focus your attention on the fact that their are multiple architectures supported and compiler optimizations are key here. Go with Marc’s approach using arch/ asm. Implementations can be made over time for the various arch’s, if such an approach is desirable by the project. You can pull a well-optimized version based on your code, for your arch, and then slim it down a bunch. Cheers, Brian [Not a project developer. Just an observer.]
Re: Relayd with TLS and non-TLS backends - bug
> On Jun 11, 2020, at 4:28 PM, Toyam Cox wrote:
>
> Hello Misc,
>
> Full config at end of email.
>
> I've discussed the below in #openbsd on freenode, and was told to come
> here. At present, I have a setup where I need multiple unrelated
> servers under a single IP address. I used relayd to do https
> interception, read the Host header, and make decisions.
>
> The very relevant part of my config is this:
>
> forward to port 80
> forward with tls to port 443
>
> The order here does not matter (unlike most relayd configs, I know,
> but I've tested in my configuration and it works).
>
> When I have "with tls" on that second line, I see error lines like:
> relay web, session 3 (1 active), 0, [redacted] -> 10.0.0.102:80, TLS
> handshake error: handshake failed: error:14FFF3E7:SSL
> routines:(UNKNOWN)SSL_internal:unknown failure occurred, GET:
> Undefined error: 0
>
> and, unhelpfully, relayd responds with no response. There is no
> return. Or, as curl puts it: curl: (52) Empty reply from server
>
> When I remove "with tls" then I successfully reach the http backend,
> but since the https backend requires ssl, that connection no longer
> works. So it seems that 'with tls" affects all "forward" clauses, not
> just the one to which it's attached.
>
> I believe this to be a bug.
>
> cat >/etc/relayd.conf < table { "10.0.0.101" }
> table { "10.0.0.102" }
> # obviously obfuscated some values
>
> interval 5
> timeout 1000
>
> log connection
>
> http protocol web {
> return error
>
> match header set "X-Client-IP" value "$REMOTE_ADDR:$REMOTE_PORT"
> match header set "X-Forwarded-For" value "$REMOTE_ADDR"
> match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
>
> http websockets
> pass request quick header "Host" value "myhost.example.com" path
> "/Client/*" forward to
> pass request quick header "Host" value "otherhost.example.com" forward
> to
>
> block
> }
>
> relay web {
> listen on 10.0.0.100 port 443 tls
> protocol web
>
> forward to port 80 check http "/webservice.asmx" code 405
> forward with tls to port 443 check https
> "/Client/SupportedBrowsers.html" host "myhost.example.com" code 200
> }
> EOF
>
Hi Toyam,
Split http and https into two separate relay stanzas.
The “with tls” will be needed on your https relay and not the http backhaul. I
believe this gets what you want.
I do not think this is a bug, but perhaps a design choice by the developers.
Cheers,
Brian
Re: Relayd with TLS and non-TLS backends - bug
> On Jul 3, 2020, at 7:17 PM, Henry Bonath wrote: > > Daniel, > > Thanks for taking the time to test this out. > I just reloaded a test machine from scratch with -current and > installed the HAProxy 2.0.15-4f39279 package. > I loaded a very basic config file, and am also seeing the same exact > issue on this one as well. > Very strange that you are not - > Would you mind sharing any additional details of your config file? > Is there anything special about the certificate you have on the backend > server? > > I would love to understand what is going on here and what the > difference is with my experience. > >> On Thu, Jul 2, 2020 at 4:38 PM Daniel Jakots wrote: >> >> On Thu, 2 Jul 2020 14:00:48 -0400, Henry Bonath >> wrote: >> >>> Note the missing Client Hello on the 6.7 machine as it jumps to >>> Application Data straight away. >>> Configuration files for HAProxy are identical on both systems. >>> >>> I'm currently spinning up a machine on -CURRENT just to see if there >>> is any difference, >>> as there is a newer version of HAProxy in packages under Snapshots. >>> >>> I was initially going to try to reach out to the package maintainer >>> for HAProxy but if this is happening in Relayd, then this "feels >>> like" a de-facto bug. I wonder if NGINX would exhibit the same >>> behavior. >>> >>> Has anyone else experienced such behavior with Load-Balancing TLS >>> Backends since upgrading to 6.7? >> >> I don't use TLS for my backend (the only backend I use nowadays is on >> localhost) so I can't speak for 6.7 (I only use -current, and when >> -current was 6.7, I didn't test that). >> >> I just tested my -current haproxy using another -current host of mine >> running nginx as a backend with TLS and it worked fine. >> >> backend https >> option forwardfor >> server web1 ln.chown.me:443 check ssl verify none >> >> and also with "verify required ca-file /etc/ssl/cert.pem" >> >> >> Maybe some libressl fix happened on -current was not deemed critical >> enough to be backported to 6.7? >> >> Cheers, >> Daniel > This thread is conflating two issues: 1) Henry’s original relayd.conf is wrong. Notice the TLS connection attempt to port 80 in his relayd logs. This will never work. See my email regarding two relays required. 2) There was conversation about a compatibility issue with LibreSSL in 6.7 release. Check the archives.
Re: ls -R bug?
Hmm... /bin/ls, a utility that has existed since 1960’s. This is not a bug. https://en.m.wikipedia.org/wiki/Ls > On Jul 4, 2020, at 3:02 PM, Richard Ipsum wrote: > > Hi, > > Output of ls -R between OpenBSD and GNU coreutils seems to differ, > OpenBSD ls -R will apparently list "hidden" directories like .git, > whereas GNU coreutils will not, is this expected behaviour or a bug? > > Thanks, > Richard >
Re: ls -R bug?
> On Jul 4, 2020, at 3:38 PM, Ottavio Caruso > wrote: > > On Sat, 4 Jul 2020 at 19:59, Richard Ipsum wrote: >> >> Hi, >> >> Output of ls -R between OpenBSD and GNU coreutils seems to differ, >> OpenBSD ls -R will apparently list "hidden" directories like .git, >> whereas GNU coreutils will not, is this expected behaviour or a bug? >> > > Funny, because this seems to validate what you are reporting: > > oc@OpenBSD:~$ ls -R > oc-backup test > > ./.local/share: > xorg > > ./.local/share/xorg: > Xorg.0.log Xorg.0.log.old > > ./oc-backup: > docs mbox > > ./oc-backup/docs: > bgpd.confman-todo patch.patch root-mail > bug oc-mail robots.txt sudo.log > > ./test: > dmesg fstab index.html uyiuyi > filefstab.dos ls.ps > file.bakfstab.tropenbsd-tips-wip > file.orig fstab.unix test.wav > > > > However: > > oc@OpenBSD:~$ mkdir .hidden > oc@OpenBSD:~$ touch .hidden/test-file > oc@OpenBSD:~$ ls -R > > > > It looks like "ls -R" is showing some hidden directories but not all. > > -- > Ottavio Caruso > man ls man ksh
