Internet e-Mail Gateway Notification

[IEG Notifier]

ATTENTION - Possible viruses were detected in an e-mail message you
recently sent.  The infected message was quarantined and will not be
delivered.  Please cleanse your machine and resend.  Please contact your
IT support center if you have any questions regarding this action.

The message headers are attached.


List:APS - Virus in Subject
Found the expression "Re: Extended Mail" 1 times, at 1 points each, for
an expression score of 1 points.
=
Total Message Score: 1 points.
Received: from 137.91.102.90
by ieg.apsc.com with ESMTP (Tumbleweed eMail Firewall SMTP Relay); Mon, 
24 Oct 2005 22:17:13 -0700
X-Server-Uuid: 1D92C1AB-6C0E-4DFC-8817-FB1C1826CC3F
Received: from aps.com (71-35-33-71.phnx.qwest.net [71.35.33.71])
by deimos.apsc.com (8.11.7p1+Sun/8.11.7) with ESMTP id j9P5HCF07711
for <[EMAIL PROTECTED]>; Mon, 24 Oct 2005 22:17:12 -0700 (MST)
Message-ID: <[EMAIL PROTECTED]>
From: misc@openbsd.org
To: [EMAIL PROTECTED]
Subject: Re: Extended Mail
Date: Mon, 24 Oct 2005 22:17:15 -0700
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-MMS-Spam-Filter-ID: A2005102501_4.00.0003_2.0.4,4.0-7
X-TMWD-Spam-Summary: SEV=0.9; DFV=A2005102501; IFV=2.0.4,4.0-7; RPD=4.00.0003; 
RPDID=303030312E30413039303230362E34333544424337352E303033432D422D4156316455594E634144616E38396E773979424843773D3D;
 ENG=IBF; TS=20051025051717; CAT=NONE; CON=NONE;
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Received: from 137.91.102.90 by ieg.apsc.com with ESMTP (Tumbleweed
 eMail Firewall SMTP Relay); Mon, 24 Oct 2005 22:17:13 -0700
X-Server-Uuid: 1D92C1AB-6C0E-4DFC-8817-FB1C1826CC3F
Received: from aps.com (71-35-33-71.phnx.qwest.net [71.35.33.71]) by
 deimos.apsc.com (8.11.7p1+Sun/8.11.7) with ESMTP id j9P5HCF07711 for
 <[EMAIL PROTECTED]>; Mon, 24 Oct 2005 22:17:12 -0700 (MST)
Message-ID: <[EMAIL PROTECTED]>
From: misc@openbsd.org
To: [EMAIL PROTECTED]
Subject: Re: Extended Mail
Date: Mon, 24 Oct 2005 22:17:15 -0700
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-MMS-Spam-Filter-ID: A2005102501_4.00.0003_2.0.4,4.0-7
X-TMWD-Spam-Summary: SEV=0.9; DFV=A2005102501; IFV=2.0.4,4.0-7;
 RPD=4.00.0003;
RPDID=303030312E30413039303230362E34333544424337352E303033432D422D4156316455594E634144616E38396E773979424843773D3D;
 ENG=IBF; TS=20051025051717; CAT=NONE; CON=NONE;
Content-Type: multipart/mixed;
 boundary="=_NextPart_000_0016=_NextPart_000_0016"

This is a multi-part message in MIME format.

Re: RAID controller + disklabel = out of bounds

[Marco Peereboom]

dlg and I had a look at this and we concur with Jon.  You can move a single
disk RAID 0 from behind the ami controller and use it as a single disk.  What
you can't do is going the other way around (from SATA controller to RAID 0).
After reading your email we gathered it is what you did.

Can you please confirm that these were your installation steps?

On Mon, Oct 24, 2005 at 03:39:58PM -0700, Jon Simola wrote:
> On 10/24/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> 
> > i got an LSI MegaRAID SATA 300-8X a couple weeks ago and i
> > noticed it was not quite "behaving".
> 
> I've not had any problems with mine, yet.
> 
> > ami0: out of bounds 390,716,864 - 1 >= 388,671,488
> >
> > so apparently the controller did not grok the last little
> > portion of the disk i had attached, but the machine i had
> > installed the 3.8 snapshot from had done so just fine.
> 
> Probably because the SATA drive configured as an array (and then
> exported as a SCSI device) on the ami card has different geometry than
> when natively plugged into a SATA controller. And the fact that the
> card gobbles up a little bit of space on each drive to store the array
> config.
> 
> > to work around this i've made sure to only allocate less than
> > the 388,671,488 sectors that the controller is seeing. now
> > things are running fine.
> 
> Wipe and recreate the partition/slice/disklabel from scratch. The
> on-disk configuration doesn't match what the controller thinks it
> should be.
> 
> --
> Jon Simola
> Systems Administrator
> ABC Communications

wi w/pcmcia card(s) panic on Toshiba Sat Pro 430 cdt - openbsd 3.7

[Aaron]

Description:
At least two different pcmcia wireless lan cards cause wi to panic on a
Toshiba Satellite Pro 430 CDT running OpenBSD 3.7. Other PCMCIA cards
(neither are wireless cards although) work acceptably.

Checks performed:
-Looked @ src/sys/dev/ic/if_wi.c revs and did not see any major changes
since 3.7 that would likely solve such a problem. No, I didn't try
current, for this reason.
-Tried other cards. A DWL D-link 650 also causes panic. Cards that don't
use wi driver (2 different modems work under PCMCIA w/their respective
drivers)
-Tried in both PCMCIA slots
-Looked for similar problems with wi on all BSDs. Found other panics
with wi. Most of these reported problems I was unable to find any
updates on the thread. Maybe there is an answer that didn't make it back
to lists.
-3.8 current install dist (from 10/24/2005) also panics
-Tried NetBSD -current (20051019Z and 20051016Z). Having
unrelated panic. Giving up for now since I am not nearly as familar with
Net, but if someone thinks it would make a big difference in diagnosing
this problem, I can pursue it further.

DMESG:
OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium (P54C) ("GenuineIntel" 586-class) 120 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8
cpu0: F00F bug workaround installed
real mem  = 16556032 (16168K)
avail mem = 7004160 (6840K)
using 227 buffers containing 929792 bytes (908K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(63) BIOS, date 02/24/99
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 100%
apm0: AC on, battery charge high, charging, estimated 3:49 hours
pcibios at bios0 function 0x1a not configured
bios0: ROM list: 0xc/0xc000
cpu0 at mainbus0
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
vga0 at isa0 port 0x3b0/48 iomem 0xa/131072
wsdisplay0 at vga0: console (80x25, vt100 emulation), using wskbd0
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 1296MB, 2654280 sectors
wd0(wdc0:0:0): using BIOS timings
sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01
midi0 at sb0: 
audio0 at sb0
opl0 at sb0: model OPL3
midi1 at opl0: 
pcppi0 at isa0 port 0x61
midi2 at pcppi0: 
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
pcic0 at isa0 port 0x3e0/2 iomem 0xd/65536
pcic0 controller 0:  has sockets A and B
pcmcia0 at pcic0 controller 0 socket 0
pcmcia1 at pcic0 controller 0 socket 1
pcic0: irq 3, polling enabled
biomask ef45 netmask ef45 ttymask ffcf
pctr: 586-class performance counters and user-level cycle counter
enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
WARNING: / was not properly unmounted
Stopped at  Debugger+0x4:   leave
ddb> pcmcia_verbose0=0x1
ddb>


DDB output on panic (pcmcia_verbose) with ps and trace:

Now for card which causes panic when using wi driver
#
#
# pcmcia0: CIS version PC Card Standard 5.0
pcmcia0: CIS info: Symbol Technologies, LA4111 Spectrum24 Wireless LAN
PC Card,0pcmcia0: Manufacturer code 0x14d, product 0x1
pcmcia0: function 0: network adapter, ccr addr 3e0 mask 7
pcmcia0: function 0, config table entry 1: I/O card; irq mask ;
iomask 7, ilwi0 at pcmcia0 function 0 "Symbol Technologies, LA4111
Spectrum24 Wireless LAN 0Stopped at  Xprot:  pushl   $0x4
ddb> ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT   COMMAND
 17029  1  17029  0  3 0x40184  select sendmail
   419  1419  0  3  0x4086  ttyin  sh
 15215  1  15215  0  3  0x4082  ttyin  getty
 23401  1  23401  0  3  0x4082  ttyin  getty
 18899  1  18899  0  3  0x4082  ttyin  getty
  3533  1   3533  0  3  0x4082  ttyin  getty
 29548  1  29548  0  3  0x4082  ttyin  sh
 20202  1  20202  0  30x84  select cron
 14022  1  14022  0  30x84  kqread apmd
  2089  1   2089  0  3   0x180  select inetd
 16018  21431  21431 73  2   0x184 syslogd
 21431  1  21431  0  30x84  netio  syslogd
11  0  0  0  30x100204  crypto_wa  crypto
10  0  0  0  30x100204  aiodoned   aiodoned
 9  0  0  0  20x100204 update
 8  0  0  0  30x100204  cleanercleaner
 7  0  0  0  30x100204  reaper reaper
  

Re: Setting up ftpd

[Greg Thomas]

On 10/24/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> I'd like to have my OpenBSD system run an anonymous FTP server, so I
> have /etc/rc.conf.local with the flags for ftpd.
>
> They are:
>
> # -A Anonymous only
> # -l -l Full logging
> # -P Permit illegal port numbers, guard against attacks
> # -U Log concurrent session to /var/run/utmp so who(1) works
> # -S Log downloads to /var/log/ftpd when this file exists (I made it)
> # -d Debug logging
>
> ftpd_flags="-A -l -l -P -U -S -d"
>
> With the file /var/log/ftpd, I made it owned by _ftpd and in group
> _ftpd, with permissions -rw-r-. Is that correct?
>
> And I made a user ftp:
>
> Enter password []:
> Set the password so that user cannot logon? (y/n) [n]: y
>
> Name: ftp
> Password: 
> Fullname: Anonymous FTP User
> Uid: 1001
> Gid: 1001 (ftp)
> Groups: ftp
> Login Class: auth-ftp-defaults
> HOME: /home/ftp
> Shell: /sbin/nologin
> OK? (y/n) [y]:
> Added user ``ftp''
> Copy files from /etc/skel to /home/ftp
> Add another user? (y/n) [y]: n
> Goodbye!


With a cursory glance I don't think you read all of the -A part of the man
page.

Greg

Re: TERM=wsvt25 with wscons?

[[EMAIL PROTECTED]]

On 10/25/05, Olivier Mehani <[EMAIL PROTECTED]> wrote:
> > I should get a book on bash and read up on all this.
>
> What about man bash ? ;)

What, and have the convenience of a free book and reference manual
instead of having to buy a book?  No way!  ;-)

j/k

For some reason it didn't occur to me.  Some day I'll be hit with a
clue bat and things will be OK.

Cheers,
James

Setting up ftpd

[[EMAIL PROTECTED]]

Hello,

I'd like to have my OpenBSD system run an anonymous FTP server, so I
have /etc/rc.conf.local with the flags for ftpd.

They are:

# -A Anonymous only
# -l -l Full logging
# -P Permit illegal port numbers, guard against attacks
# -U Log concurrent session to /var/run/utmp so who(1) works
# -S Log downloads to /var/log/ftpd when this file exists (I made it)
# -d Debug logging

ftpd_flags="-A -l -l -P -U -S -d"

With the file /var/log/ftpd, I made it owned by _ftpd and in group
_ftpd, with permissions -rw-r-.  Is that correct?

And I made a user ftp:

Enter password []:
Set the password so that user cannot logon? (y/n) [n]: y

Name:ftp
Password:
Fullname:Anonymous FTP User
Uid: 1001
Gid: 1001 (ftp)
Groups:  ftp
Login Class: auth-ftp-defaults
HOME:/home/ftp
Shell:   /sbin/nologin
OK? (y/n) [y]:
Added user ``ftp''
Copy files from /etc/skel to /home/ftp
Add another user? (y/n) [y]: n
Goodbye!


Is that correct?  When prompted for the password, I just hit enter,
because normally anonymous ftp users can enter no password or just
their email address or whatever.  What does "Set the password so that
user cannot logon" mean?  It would not accept 'n' for an answer (I
thought that would mean the anonymous ftp user would need to enter a
specific password), but I presume this means that the user ftp cannot
logon to the system through a terminal, which of course is what I want
and why the shell should be /sbin/nologin, right?

I modifed the /home/ftp directory as instructed by the man page for ftpd:

bash-3.00$ ls -al
total 20
dr-xr-xr-x  5 root  wheel  512 Oct 25 09:15 .
drwxr-xr-x  4 root  wheel  512 Oct 25 09:10 ..
dr-x--x--x  2 root  wheel  512 Oct 25 09:13 bin
dr-x--x--x  2 root  wheel  512 Oct 25 09:13 etc
dr-xr-xr-x  2 root  wheel  512 Oct 25 09:13 pub
bash-3.00$


Is that what it should be?  (Group wheel?)

I deleted the .login, .profile, .cshrc and whatever other files were
there in the /home/ftp directory, since presumably they are not
needed.


Thanks very much for your comments and suggestions.

James

Re: RAID controller + disklabel = out of bounds

[Marco Peereboom]

I'll look into this.  Thanks for the useful report.

On Mon, Oct 24, 2005 at 04:38:27PM -0500, [EMAIL PROTECTED] wrote:
> heya,
> 
> i got an LSI MegaRAID SATA 300-8X a couple weeks ago and i
> noticed it was not quite "behaving". by this i mean that i had
> a 200GB disk on which i had installed a 3.8 snapshot and i
> plugged it into the RAID controller and booted the machine. it
> loaded the kernel just fine, but when it came time to check
> the filesystems, i got a blue kernel message that said:
> 
> ami0: out of bounds 390,716,864 - 1 >= 388,671,488
> 
> so apparently the controller did not grok the last little
> portion of the disk i had attached, but the machine i had
> installed the 3.8 snapshot from had done so just fine.
> 
> i then tried to reinstall onto that disk from the CD drive i
> have attached to the machine with the RAID controller in it.
> when it came time to create the partitions with disklabel, i
> got the same error as before and it occurred when my /home
> partition was being initialized.
> 
> to work around this i've made sure to only allocate less than
> the 388,671,488 sectors that the controller is seeing. now
> things are running fine.
> 
> i don't know if this qualifies as a "bug", but my ear is
> really bothering me and i suddenly want to kill Captain Kirk.
> 
> here's my dmesg:
> 
> OpenBSD 3.8-current (GENERIC.MP) #338: Sat Oct  8 12:43:21 MDT
> 2005
>
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
> cpu0: Intel Pentium III ("GenuineIntel" 686-class) 1 GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
> real mem  = 268017664 (261736K)
> avail mem = 237666304 (232096K)
> using 3297 buffers containing 13504512 bytes (13188K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(00) BIOS, date 04/23/03, BIOS32
> rev. 0 @ 0xfdba0
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown, estimated 0:00 hours
> apm0: APM get event: interface not connected (3)
> apm0: APM get event: interface not connected (3)
> apm0: disconnected
> apm0: flags 30102 dobusy 0 doidle 0
> pcibios0 at bios0: rev 2.1 @ 0xf/0x1
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4b70/192 (10 entries)
> pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4
> SouthBridge" rev 0x00)
> pcibios0: PCI bus #0 is the last bus
> bios0: ROM list: 0xc/0x8000 0xc8000/0x2200 0xca800/0x1000
> 0xcb800/0x1000
> ipmi at mainbus0 not configured
> mainbus0: Intel MP Specification (Version 1.4) (AMI 
> CNB30LE )
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: apic clock running at 132 MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel Pentium III ("GenuineIntel" 686-class) 1 GHz
> cpu1:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
> mainbus0: bus 0 is type PCI   
> mainbus0: bus 1 is type PCI   
> mainbus0: bus 2 is type PCI   
> mainbus0: bus 3 is type ISA   
> ioapic0 at mainbus0: apid 8 pa 0xfec0, version 11, 16 pins
> ioapic1 at mainbus0: apid 9 pa 0xfec01000, version 11, 16 pins
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06
> pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06
> pci1 at pchb1 bus 1
> ppb0 at pci1 dev 3 function 0 vendor "Intel", unknown product
> 0x0335 rev 0x07
> pci2 at ppb0 bus 2
> ami0 at pci2 dev 14 function 0 "Symbios Logic MegaRAID SATA
> 8x" rev 0x07: apic 9 int 7 (irq 10) LSI 3008/32b
> ami0: FW 813G, BIOS vH425, 128MB RAM
> ami0: 1 channels, 0 FC loops, 1 logical drives
> scsibus0 at ami0: 40 targets
> sd0 at scsibus0 targ 0 lun 0:  SCSI2
> 0/direct fixed
> sd0: 189781MB, 189781 cyl, 64 head, 32 sec, 512 bytes/sec,
> 388671488 sec total
> scsibus1 at ami0: 16 targets
> vga1 at pci0 dev 1 function 0 "ATI Rage XL" rev 0x27
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> fxp0 at pci0 dev 4 function 0 "Intel 82557" rev 0x08, i82559:
> apic 9 int 4 (irq 9), address 00:e0:81:04:64:96
> inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
> fxp1 at pci0 dev 5 function 0 "Intel 82557" rev 0x08, i82559:
> apic 9 int 5 (irq 5), address 00:e0:81:04:64:97
> inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
> pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4
> SouthBridge" rev 0x50
> pciide0 at pci0 dev 15 function 1 "ServerWorks OSB4 IDE" rev
> 0x00: DMA
> atapiscsi0 at pciide0 channel 0 drive 0
> scsibus2 at atapiscsi0: 2 targets
> cd0 at scsibus2 targ 0 lun 0: 
> SCSI0 5/cdrom removable
> cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
> ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB"
> rev 0x04: apic 8 int 10 (irq 10), version 1.0, legacy support
> usb0 at ohci0: USB revision 1.0
> uhub0 at usb0
> uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
> uhub0: 2 ports with 2 removable, self powered
> isa0 at pcib0
> isadm

Re: RAID controller + disklabel = out of bounds

[Jon Simola]

On 10/24/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

> i got an LSI MegaRAID SATA 300-8X a couple weeks ago and i
> noticed it was not quite "behaving".

I've not had any problems with mine, yet.

> ami0: out of bounds 390,716,864 - 1 >= 388,671,488
>
> so apparently the controller did not grok the last little
> portion of the disk i had attached, but the machine i had
> installed the 3.8 snapshot from had done so just fine.

Probably because the SATA drive configured as an array (and then
exported as a SCSI device) on the ami card has different geometry than
when natively plugged into a SATA controller. And the fact that the
card gobbles up a little bit of space on each drive to store the array
config.

> to work around this i've made sure to only allocate less than
> the 388,671,488 sectors that the controller is seeing. now
> things are running fine.

Wipe and recreate the partition/slice/disklabel from scratch. The
on-disk configuration doesn't match what the controller thinks it
should be.

--
Jon Simola
Systems Administrator
ABC Communications

Re: TERM=wsvt25 with wscons?

[Olivier Mehani]

On Tue, 25 Oct 2005 07:19:30 +1000
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:

> I should get a book on bash and read up on all this.

What about man bash ? ;)

-- 
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1

RAID controller + disklabel = out of bounds

[dick]

heya,

i got an LSI MegaRAID SATA 300-8X a couple weeks ago and i
noticed it was not quite "behaving". by this i mean that i had
a 200GB disk on which i had installed a 3.8 snapshot and i
plugged it into the RAID controller and booted the machine. it
loaded the kernel just fine, but when it came time to check
the filesystems, i got a blue kernel message that said:

ami0: out of bounds 390,716,864 - 1 >= 388,671,488

so apparently the controller did not grok the last little
portion of the disk i had attached, but the machine i had
installed the 3.8 snapshot from had done so just fine.

i then tried to reinstall onto that disk from the CD drive i
have attached to the machine with the RAID controller in it.
when it came time to create the partitions with disklabel, i
got the same error as before and it occurred when my /home
partition was being initialized.

to work around this i've made sure to only allocate less than
the 388,671,488 sectors that the controller is seeing. now
things are running fine.

i don't know if this qualifies as a "bug", but my ear is
really bothering me and i suddenly want to kill Captain Kirk.

here's my dmesg:

OpenBSD 3.8-current (GENERIC.MP) #338: Sat Oct  8 12:43:21 MDT
2005
   
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 1 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
real mem  = 268017664 (261736K)
avail mem = 237666304 (232096K)
using 3297 buffers containing 13504512 bytes (13188K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 04/23/03, BIOS32
rev. 0 @ 0xfdba0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown, estimated 0:00 hours
apm0: APM get event: interface not connected (3)
apm0: APM get event: interface not connected (3)
apm0: disconnected
apm0: flags 30102 dobusy 0 doidle 0
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4b70/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4
SouthBridge" rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x2200 0xca800/0x1000
0xcb800/0x1000
ipmi at mainbus0 not configured
mainbus0: Intel MP Specification (Version 1.4) (AMI 
CNB30LE )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 132 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel Pentium III ("GenuineIntel" 686-class) 1 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
mainbus0: bus 0 is type PCI   
mainbus0: bus 1 is type PCI   
mainbus0: bus 2 is type PCI   
mainbus0: bus 3 is type ISA   
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 11, 16 pins
ioapic1 at mainbus0: apid 9 pa 0xfec01000, version 11, 16 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06
pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06
pci1 at pchb1 bus 1
ppb0 at pci1 dev 3 function 0 vendor "Intel", unknown product
0x0335 rev 0x07
pci2 at ppb0 bus 2
ami0 at pci2 dev 14 function 0 "Symbios Logic MegaRAID SATA
8x" rev 0x07: apic 9 int 7 (irq 10) LSI 3008/32b
ami0: FW 813G, BIOS vH425, 128MB RAM
ami0: 1 channels, 0 FC loops, 1 logical drives
scsibus0 at ami0: 40 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI2
0/direct fixed
sd0: 189781MB, 189781 cyl, 64 head, 32 sec, 512 bytes/sec,
388671488 sec total
scsibus1 at ami0: 16 targets
vga1 at pci0 dev 1 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp0 at pci0 dev 4 function 0 "Intel 82557" rev 0x08, i82559:
apic 9 int 4 (irq 9), address 00:e0:81:04:64:96
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci0 dev 5 function 0 "Intel 82557" rev 0x08, i82559:
apic 9 int 5 (irq 5), address 00:e0:81:04:64:97
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4
SouthBridge" rev 0x50
pciide0 at pci0 dev 15 function 1 "ServerWorks OSB4 IDE" rev
0x00: DMA
atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0: 
SCSI0 5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB"
rev 0x04: apic 8 int 10 (irq 10), version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using 

Re: TERM=wsvt25 with wscons?

[[EMAIL PROTECTED]]

> For bash, as I use it:
> .bash_profile -> interactive, login shell
> .bashrc -> interactive, non login shell
>
> Since I want all interactive bash shells to have the same environment,
> I just (sym)link .bash_profile to .bashrc
>
> bash(1) has more detailed information.

Thank you, this is great.  I had no idea .bash_profile and .bashrc
were for different purposes.

I should get a book on bash and read up on all this.

Cheers
James

Allowing roadwarrior connections from aggressive and main mode clients?

[Sean Knox]

[I didn't get much response on the openbsd-ipsec list, so I'm reposting 
here]



I'm having problems allowing roadwarrior connections from aggressive and
  main mode clients to connect isakmpd at the same time. At the moment,
I can only allow one, either main mode or aggressive by specifying a
"Default" ISAKMP SA negotiation root, a la:


[Phase 1]
Default = road-aggressive
#Default= road-main-mode


If I don't specify a default phase 1 connection, isakmpd uses the
road-main-mode connection:

160001.993149 Default exchange_setup_p1: expected exchange type ID_PROT
got AGGRESSIVE


I've tried setting the Phase 1 Local-Addresses to listen on different
IPs, but isakmpd still uses the road-main-mode connection for incoming
aggressive connections. Can isakmpd be configured to accepted main mode 
*and* aggressive mode clients?


thanks,
sk


(connection settings from isakmpd.conf below)

--- from isakmpd.conf ---

[Phase 1]
#Default= road-aggressive-p1
#Default= road-main-mode-p1

[Phase 2]
Passive-Connections=roadwarriors-aggr,roadwarriors-main

##
## Phase 1 definitions
##

[road-aggressive-p1]
Phase   = 1
Local-Address   = 10.10.10.1
Configuration   = aggr-mode-psk
Authentication  = supersecretpw
Flags   = IKECFG


[road-main-mode-p1]
Phase   = 1
Local-Address   = 10.10.10.2
Configuration   = main-mode-rsa
Flags   = IKECFG

#
## Phase 2 definitions
#


[roadwarriors-aggr]
Phase   = 2
Configuration   = Default-quick-mode
Local-ID= lan
Remote-ID   = anybody
ISAKMP-peer = road-aggressive-p1


[roadwarriors-main]
Phase   = 2
Configuration   = Default-quick-mode
Local-ID= lan
Remote-ID   = anybody
ISAKMP-peer = road-main-p1

#
## IDs
#

[anybody]
ID-type=IPV4_ADDR
Address=0.0.0.0

[lan]
ID-type = IPV4_ADDR_SUBNET
Network = 192.168.5.0
Netmask = 255.255.255.0\

Re: TERM=wsvt25 with wscons?

[Jimmy Scott]

On Mon, Oct 24, 2005 at 08:53:35PM +0100, Stuart Henderson wrote:
>
> --On 25 October 2005 05:10 +1000, [EMAIL PROTECTED] wrote:
>
> >What I'd like to do is have my TERM environment variable set to wsvt25
> >for all users forever, and XTERM set to xterm-xfree86 for all users
> >forever.
>
> The environment variable is still called TERM in X.
>
> >I've grepped through /etc and I can't find where environment variables
> >are set, either.  So (my user account shell is bash) I set TERM=wsvt25
> >in .bash_profile, and when I login I get the "declare " messages,
> >but it ignores TERM and XTERM that I set, with TERM set to vt220.
>
> I don't know bash well but in ksh, you need to make the xterm a login
> shell in order to use .profile (by setting loginShell resource to true,
> or using -ls in the xterm command line). Displaying some output will
> prove whether it's being run.
>
> Also, did you remember to export the variable?
>
> >I like colorls and color syntax highlighting when using emacs on a
> >console, so that's why I want wsvt25.
>
> You might be able to use some xterm variant at the console too,
> actually. Works for me with mutt on the console of a Zaurus..
>
>

For bash, as I use it:
.bash_profile -> interactive, login shell
.bashrc -> interactive, non login shell

Since I want all interactive bash shells to have the same environment,
I just (sym)link .bash_profile to .bashrc

bash(1) has more detailed information.

Kind regards,
Jimmy Scott

--
People usually get what's coming to them ... unless it's been mailed.

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: TERM=wsvt25 with wscons?

[[EMAIL PROTECTED]]

[Forgot to CC the list]

> I don't know bash well but in ksh, you need to make the xterm a login
> shell in order to use .profile (by setting loginShell resource to true,
> or using -ls in the xterm command line). Displaying some output will
> prove whether it's being run.

I'm not aware of the resources like loginShell -- where are they?

> Also, did you remember to export the variable?

I did, thanks.

> You might be able to use some xterm variant at the console too,
> actually. Works for me with mutt on the console of a Zaurus..

Would I write (instead of where it has vt220 or whatever)
xterm-xfree86 in /etc/ttys to get this?  Would this also make it
automatically a login shell?

Could you also point me to the man pages or FAQs where the resources
and things like using xterm at the console, etc, are described?

Cheers.

Re: Large partition

[Otto Moerbeek]

On Mon, 24 Oct 2005, Nick Nauwelaerts wrote:

> On Mon, 24 Oct 2005 11:42:45 +0200 (CEST)
> Beck Zoltan Gyula <[EMAIL PROTECTED]> wrote:
> 
> >   I would like to ask if it is possible to use a large, more than 2T
> > diskarray or CCD?
> >   In FAQ: "14.7 - What are the issues regarding large
> > drives with OpenBSD?
> > 
> > OpenBSD supports an individual file system of up to 231-1, or
> > 2,147,483,647 sectors, and as each sector is 512 bytes, that's a tiny
> > amount less than 1T."
> 
> I might be wrong, it's been a while. But if I'm not mistaken I did
> successfully mount a 5TB partition over nfs from a netapp unit. If
> that's the storage you require, you might be more interested in those
> units (with an added bonus that they come up in less than a minute after
> an unclean shutdown).
> 
> And if you really want the maximum size for partitions on OpenBSD (just
> under 1TB), then don't forget to read up on fsck memory usage.

And don't forget another thing.

There's also the issue of disk size. You might have a disk that is
larger than 1TB, and try to create partitions smaller than 1TB.

In theory that should not work, since a partition that crosses the 1TB
boundary or is completely beyond 1TB causes sign wraps in block
numbers. 

But in practise it may work. Due to some luck, the SCSI code converts
the block numbers in such a way that the sign wrap does not occur, or
at least its effects are reversed. I managed to create 900GB and a
300GB partition on a 1.2TB RAID0, that worked fine. 

THAT IS NOT A GUARANTEE.

The very hard limit to disk and partition size is 2TB. To be safe,
Both should be smaller than 1TB.

-Otto

Re: TERM=wsvt25 with wscons?

[Stuart Henderson]

--On 25 October 2005 05:10 +1000, [EMAIL PROTECTED] wrote:


What I'd like to do is have my TERM environment variable set to wsvt25
for all users forever, and XTERM set to xterm-xfree86 for all users
forever.


The environment variable is still called TERM in X.


I've grepped through /etc and I can't find where environment variables
are set, either.  So (my user account shell is bash) I set TERM=wsvt25
in .bash_profile, and when I login I get the "declare " messages,
but it ignores TERM and XTERM that I set, with TERM set to vt220.


I don't know bash well but in ksh, you need to make the xterm a login 
shell in order to use .profile (by setting loginShell resource to true, 
or using -ls in the xterm command line). Displaying some output will 
prove whether it's being run.


Also, did you remember to export the variable?


I like colorls and color syntax highlighting when using emacs on a
console, so that's why I want wsvt25.


You might be able to use some xterm variant at the console too, 
actually. Works for me with mutt on the console of a Zaurus..

Re: TERM=wsvt25 with wscons?

[Olivier Mehani]

On Tue, 25 Oct 2005 05:10:13 +1000
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:

> What I'd like to do is have my TERM environment variable set to wsvt25
> for all users forever,

See ttys(5) which describes the format of the /etc/ttys file:
 The third field is the type of terminal usually connected to that
TTY line, normally the one found in the termcap(5) database file.  The
envi- ronment variable TERM is initialized with the value by either
getty(8) or login(1).

> and XTERM set to xterm-xfree86 for all users
> forever.

>From xterm(1):
   termName (class TermName)
   Specifies the terminal type name to be set in the TERM
environ- ment variable.

Set this resource to whatever you would like in the general Xresource
file.

-- 
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1

Systems 2005 Munchen

[Wim Vandeputte]

Hi,

like last year we'll have an OpenBSD booth at the Systems expo in Munchen
Germany

See http://www.systems-world.de/id/7672/cubesig/2994fecce6538ab8f4acfd1cb55ecf7b

You can watch us under http://bsdcam.deam.org/

I'm not sure if I can make it (infected with some jummy flu) but the
loyal booth slaves have 3.8 CDs, Tshirts and posters

Any volunteers who are willing to drop by and help out for half a day,
please contact [EMAIL PROTECTED]

Wim.
/* still pumping out 3.8 packages */

-- 
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=   
https://kd85.com/notforsale.html
 --

TERM=wsvt25 with wscons?

[[EMAIL PROTECTED]]

Hello, I'm new to OpenBSD so I don't really know what I'm doing, nor
have I probably checked all the man pages I should have, since I don't
know which ones to check.  I've looked at wscons, wsconsctl and
wsdisplay.

What I'd like to do is have my TERM environment variable set to wsvt25
for all users forever, and XTERM set to xterm-xfree86 for all users
forever.

I've grepped through /etc and I can't find where environment variables
are set, either.  So (my user account shell is bash) I set TERM=wsvt25
in .bash_profile, and when I login I get the "declare " messages,
but it ignores TERM and XTERM that I set, with TERM set to vt220.

I like colorls and color syntax highlighting when using emacs on a
console, so that's why I want wsvt25.  If I could have a higher
resolution that would be nice too, but is there a wsvt50 or something
like that?  Is it possible to have a color framebuffer console at
1024x768x256 colors?

Also with XTERM=xterm-xfree86 (advice from the colorls package
maintainer) is that correct now with X being X.org and not XFree86?

Thanks very much.
James

Re: DISKLESS tutorial that need feedback

[Matthew Weigel]

Bachman Kharazmi wrote:
> First, please keep this off the ML since it's not of relevance to get
> public.

Actually, I'm discussing what came up on the mailing list, rather than
your document proper.  My messages, if you'll recall, were directed
towards someone else's comments.

> I'm very grateful that you care actually. So please can you tell me
> exactly what you would like changed on the current doc. Explain with
> details so I can follow and try to understand everything.

I'll try to send you comments later tonight or tomorrow; I'm very busy and
my Internet access is limited right now, though.
-- 
 Matthew Weigel
 hacker
 [EMAIL PROTECTED]

Re: Large partition

[Nick Nauwelaerts]

On Mon, 24 Oct 2005 11:42:45 +0200 (CEST)
Beck Zoltan Gyula <[EMAIL PROTECTED]> wrote:

>   I would like to ask if it is possible to use a large, more than 2T
> diskarray or CCD?
>   In FAQ: "14.7 - What are the issues regarding large
> drives with OpenBSD?
> 
> OpenBSD supports an individual file system of up to 231-1, or
> 2,147,483,647 sectors, and as each sector is 512 bytes, that's a tiny
> amount less than 1T."

I might be wrong, it's been a while. But if I'm not mistaken I did
successfully mount a 5TB partition over nfs from a netapp unit. If
that's the storage you require, you might be more interested in those
units (with an added bonus that they come up in less than a minute after
an unclean shutdown).

And if you really want the maximum size for partitions on OpenBSD (just
under 1TB), then don't forget to read up on fsck memory usage.

// nick

Re: Intel 6300ESB SATA

[Nick Nauwelaerts]

On Mon, 24 Oct 2005 10:25:07 -0600
Sibastien Taylor <[EMAIL PROTECTED]> wrote:

> I do have one question about the following lines though:
> 
> dkcsum: wd0 matches BIOS drive 0x80
> wd1: no disk label
> dkcsum: wd1 matches BIOS drive 0x81
> dkcsum: wd1 matches BIOS drive 0x82 IGNORED
> wd2: no disk label
> dkcsum: wd2 matches BIOS drive 0x81 IGNORED
> dkcsum: wd2 matches BIOS drive 0x82
> root on wd0a

I was those as well when I added 4 new drives to my system. I my case
the drives were brand new and had no data on them, after I fdisk'ed &
disklabel'ed them the warning  was gone. So I guess it's related to some
kind of checksum in the MBR or the partition table or something.
I figure if you dd the the first few sectors from one raw hdd device to
another you might get this as well, not sure though.

> They do seem to work right now, but should this be a cause for
> concern? Might wd1 come up as wd2 and vice versa under some
> conditions?

Not if you don't touch anything. Changing kernel parameters with either
config or on the boot> prompt might result in that. Moving the drives to
different channels or adding/removing drives can cause them to move as
well. If you really don't want that you can hardcode wd* drives to
pciide* locations.

// nick

Re: root on raidframe

[Ikmal Ahmad]

Aha... I manage to do the basic installation using raid1(mirror).
As attach was the method that I use :)
Will put it in my page later.

Any comment are welcome :)

On 10/24/05, Ken Gunderson <[EMAIL PROTECTED]> wrote:
> On Sun, 23 Oct 2005 22:42:35 -0400
> Nick Holland <[EMAIL PROTECTED]> wrote:
>
> > Ken Gunderson wrote:
> > > Greets:
> > >
> > > I've been exploring root on raidframe w/a pair of mirrored disks.  Once
> > > I bring something like this up I then go ahead and do my best to break
> > > it, test out recovery scenarios, etc.
> >
> > smart.  VERY smart. :)
>
> Thnx;-)
>
> > > Which brings me to the question
> > > at hand.
> > >
> > > Following a hard failure the system must perfomr a parity check on
> > > the raid volume(s) prior to fsck'ing and completing booting.  Depending
> > > on disk size, speed, and number of volumes, this can easly require a
> > > few hours of wait time before being able to bring the system back
> > > online.
> > >
> > > Now my question is whether there is some way to shorten
> > > this delay that I'm missing?
> >
> > yes.
> > RAIDframe as absolutely little as you NEED to.
> >
> > Soft-mirroring (or hardware-mirroring, for that matter) more than you
> > absolutely need to is foolish.
> >
> > Let's look at a simple mail server for an example (since you didn't
> > describe your app):
>
> The application in this case is a routing firewall/proxy server for a 3
> legged network configuration.  Resources to implement a carp setup are
> not available.  The objective for the system:
>
> 1)  to be as self healing as possible
> 2) minimize downtime resulting from this single point of failure failing
> 3) maximiz capability for remote system management
> 4) minimizing requrement for assistance from on site personnel.
>
> /home, /tmp and /var/tmp are inconsequential.  No users on this system.
> But the system will be doing smtp relaying  and in the unlikely event
> some malicious type was able to induce obsd to crash I'd like to have
> the packets logged... Logging to remote machine is good practice but not
> an option at present.  So we've got a large /var on this puppy.  Hence
> the long wait.  Otherwise if just for perimeter firewall/router a
> diskless setup would probably be best.
>
> I've done some testing w/the /etc/rc backgound parity hack and the box
> comes up after a hard failure in about 1/2 hour.  Which isn't too bad
> compared to the 1.5 -2 hours otherwise.
>
> For the sake of experimentation the raid conf is presently:
>
> 512M / mirror
> 2048M swap stripped
> couple hundred gigs mirrored for everything else.
>
> Thanks for your insights.  Appreciate the constructive input.
>
> --
> Best regards,
>
> Ken Gunderson
>
> Q: Because it reverses the logical flow of conversation.
> A: Why is putting a reply at the top of the message frowned upon?
>

--
Thanks & Regards,
Ikmal aka EvoIVGSR

http://www.leakage.org/
http://root.justdied.com/mylife/
http://www.openbsd.org.my/
http://mirrors.mybsd.org.my/
 OpenBSD 3.7 RAID 
==

 1 - Install as minimal OpenBSD.
Only install this 4 main file.
[x] bsd
[x] bsd.rd
[x] base37.tgz
[x] etc37.tgz
[x] comp37.tgz
 And install openbsd as usual.
 Here by OpenBSD disk structure.
# disklabel wd0
# using MBR partition 3: type A6 off 63 (0x3f) size 80292807 (0x4c92bc7)
# /dev/rwd0c:

16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
  a:210.1M  0.0M  4.2BSD   2048 16384  328 # Cyl 
0*-   426
  c:  39205.7M  0.0M  unused  0 0  # Cyl 0 
- 79655


 Note: For 1st slice I only use 210Mb.

 2 - Disk layout
# fdisk wd0
Disk: wd0   geometry: 4998/255/63 [80292870 Sectors]
Offset: 0   Signature: 0xAA55
 Starting   Ending   LBA Info:
 #: idC   H  S -C   H  S [   start:  size   ]

 0: 000   0  0 -0   0  0 [   0:   0 ] unused
 1: 000   0  0 -0   0  0 [   0:   0 ] unused
 2: 000   0  0 -0   0  0 [   0:   0 ] unused
*3: A60   1  1 - 4997 254 63 [  63:80292807 ] OpenBSD

# fdisk wd1
Disk: wd1   geometry: 4998/255/63 [80292870 Sectors]
Offset: 0   Signature: 0xAA55
 Starting   Ending   LBA Info:
 #: idC   H  S -C   H  S [   start:  size   ]

*0: 070   1  1 - 2549 254 63 [  63:40965687 ] 
HPFS/QNX/AUX
 1: 0F 2550   0  1 - 4497 254 63 [40965750:31294620 ] Extended 
LBA
 2: 77 4498   0  1 - 4996 254 63 [72260370: 8016435 ] 
 3: 000   0  0 -0   0  0 [   

Re: Carp & scp loosing connection

[Jon Hart]

On Mon, Oct 24, 2005 at 10:48:03AM -0400, Monah Baki wrote:
> Solved it,
> 
> had to switch
> 
> pass in quick on $int_if all
> pass out quick on $int_if all
> 
> to 
> 
> pass in quick on $int_if all keep state
> pass out quick on $int_if all keep state

Is there any particular reason you are using 'quick' on most of your
rules?  There are certain situations that quick is needed or
recommended, but I'm of the school that using quick on all of your rules
just leads to unnecessary confusion.   

Also, I'm not too sure what your intention was surrounding the ordering
of your rules.  The most common way is to put all your 'default block'
rules at the top of your ruleset and all the specific allow rules
following those.  When you've got default block rules peppered
throughout your ruleset, it'll quickly become fault prone and difficult
to manage.  IMO, of course.

There was a thread some time ago that (I believe) discussed using
'quick' in large/complicated rulesets to speed up processing.  I'm not
100% sure what the consensus was, but I think what part of it boiled
down to was that the benefits that you gain by using quick are far
outweighed by those of having a tight and easy to manage ruleset.

http://marc.theaimsgroup.com/?l=openbsd-pf&m=111522051104764&w=2

-jon

Re: Intel 6300ESB SATA

[Sébastien Taylor]

With this patch applied (and the pci interrupt router patch from  
Brad)  The system locks
up after finding wd1 which is the first sata drive on the 6300ESB.  I  
don't have a dmesg
handy right now, but if you'd like it I can get it for you, but like  
you mentioned in another

email, Alexander's suggestion was correct.


Le 05-10-23 ` 17:59, Jonathan Gray a icrit :


On Sun, Oct 23, 2005 at 05:15:29PM -0600, Sibastien Taylor wrote:


I am having problems having two SATA disks recognized by OpenBSD, the
6300ESB
controller is found and seems to be configured properly but I get the
error:

pciide2: couldn't map channel 0 cmd regs
pciide2: couldn't map channel 1 cmd regs

I'm assuming that this is from failing to DMA map the two SATA
disks?  This controller
is listed as supported in pciide(4) and I see no mention of issues of
DMA or otherwise
with this chipset though I did see someone mention that it caused a
system hang in
3.5 though that obviously seems to be fixed now since this system is
stable and install
successfully onto a standard PATA disk.

My dmesg is bellow, any help would be greatly appreciated.



Give this diff a go.

Index: pciide.c
===
RCS file: /cvs/src/sys/dev/pci/pciide.c,v
retrieving revision 1.216
diff -u -p -r1.216 pciide.c
--- pciide.c22 Oct 2005 23:13:26 -1.216
+++ pciide.c23 Oct 2005 23:58:08 -
@@ -2063,6 +2063,8 @@ chansetup:
 /* SATA setup */
 if (sc->sc_pp->ide_product ==  
PCI_PRODUCT_INTEL_82801EB_SATA ||
 sc->sc_pp->ide_product ==  
PCI_PRODUCT_INTEL_82801ER_SATA ||
+sc->sc_pp->ide_product ==  
PCI_PRODUCT_INTEL_6300ESB_SATA ||
+sc->sc_pp->ide_product ==  
PCI_PRODUCT_INTEL_6300ESB_SATA2 ||
 sc->sc_pp->ide_product ==  
PCI_PRODUCT_INTEL_82801FBM_SATA ||
 sc->sc_pp->ide_product ==  
PCI_PRODUCT_INTEL_82801FB_SATA ||
 sc->sc_pp->ide_product ==  
PCI_PRODUCT_INTEL_82801FR_SATA ||

Re: Intel 6300ESB SATA

[Sébastien Taylor]

That did the trick, thank you.  The BIOS has three modes for the  
SATA, I picked the
SATA Legacy mode which claims to only support two SATA drives from  
the original
SATA Enhanced mode which claims to support two SATA drives plus  
another four
PATA drives.  I forget what the third mode was and it's not in the  
manual I'm reading

right now and the machine is not in reach right now.

I do have one question about the following lines though:

dkcsum: wd0 matches BIOS drive 0x80
wd1: no disk label
dkcsum: wd1 matches BIOS drive 0x81
dkcsum: wd1 matches BIOS drive 0x82 IGNORED
wd2: no disk label
dkcsum: wd2 matches BIOS drive 0x81 IGNORED
dkcsum: wd2 matches BIOS drive 0x82
root on wd0a

They do seem to work right now, but should this be a cause for concern?
Might wd1 come up as wd2 and vice versa under some conditions?

I will play around with the other SATA BIOS options to see what  
happens as

soon as I get a chance, and I'll let the list know what I find.

Thanks for all the help.

PS,  in case anyone cares to know it's an MSI P1-102A2M system linked  
bellow.
(http://www.msi.com.tw/program/products/server/svr/pro_svr_detail.php? 
UID=551)



Le 05-10-24 ` 01:20, Alexander Yurchenko a icrit :


On Sun, Oct 23, 2005 at 05:15:29PM -0600, S?bastien Taylor wrote:


I am having problems having two SATA disks recognized by OpenBSD, the
6300ESB
controller is found and seems to be configured properly but I get the
error:

pciide2: couldn't map channel 0 cmd regs
pciide2: couldn't map channel 1 cmd regs



try to play with your bios settings wrt sata.

--
   Alexander Yurchenko

Re: Limiting Shell Access Damage (was Guruness)

[Bob Beck]

Everything said to this point is very good...
> 
> A typical attack vector, however, for 1000+ account sites is a 
> compromised account. You can assume at least 5 per 1000 accounts are 
> compromised or have easily guessable passwords. Those will not heed your 
> policy forms whatever you do. You can mitigate the risk by separating 
> systems and limiting account access. When this is not possible, 
> ProPolice, W^X, StackGhost, etc will come in very handy.
> 

This is partly poo.  ProPolice, W^X etc, will not help you from a
compromised account. They may help in keeping that compromised account
from escalating priviledge, but not from getting in.  if you are
running a public server it is absolutely necessary to make sure your
passwords are not easily guessable. We do this with the "passwordcheck"
program set up in login.conf. (See login.conf(8) for details). Now the
gotcha is that while you need to be effective in what you check, being
too simplisticly effecive in a password checker will reduce the search
space so much that brute forcing the password becomes easy. (thinks like
saying an 8 character password must have 4 numbers in it is really dumb).

I've posted my checking script here before. Check the archives.

-Bob

Re: DISKLESS tutorial that need feedback

[Matthew Weigel]

Bachman Kharazmi wrote:

>> > So a script that sync one of the clients from server, and then all the
>> > other clients can sync from that up2date client.
>>
>> Are we still talking about diskless clients?  Why on earth would you
>> synchronize them over the network, so that they have to perform NFS
>> reads
>> and writes to effect the changes?
> yes, the whole doc is about diskless clients. when having a diskless
> environment one need to keep all account related stuff synced, that
> includes passwords group etc..

Yes, but why would you sync files from the clients, with all the network
traffic that entails, rather than running it locally on the server?  If
accounts are to be synchronized, why wouldn't you use something like yp,
LDAP, etc. to share accounts rather than transmit master.passwd files over
the network?

> other things that need to he synced in such env is time.

Yes, but that doesn't require separate per-client files.

My point is that for a lot of situations where "diskless clients" come up
as a potential solution, a single RO filesystem can reasonably be shared
across clients for most things.
-- 
 Matthew Weigel
 hacker
 [EMAIL PROTECTED]

Re: coredump

[Jonathan Glaschke]

On Mon, Oct 24, 2005 at 03:38:40PM +0200, Gabucino wrote:
> Hi.
>
> What could prevent a (threading) program to dump core on OpenBSD/i386 3.5 ?
> ulimit -c is unlimited. I can catch the segfault in gdb, but that's not
> the question.
>
> --
> Gabucino
>

You can limit the coredump size with the option "coredumpsize" in
/etc/login.conf. If you set it to zero no core file will be written.

Jonathan

--
 | /"\   ASCII Ribbon   | Jonathan Glaschke - Lorenz-Goertz-Stra_e 71,
 | \ / Campaign Against | 41238 Moenchengladbach, Germany;
 |  XHTML In Mail   | jabber: [EMAIL PROTECTED]
 | / \ And News | http://jonathan-glaschke.de/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Carp & scp loosing connection

[Monah Baki]

Solved it,

had to switch

pass in quick on $int_if all
pass out quick on $int_if all

to 

pass in quick on $int_if all keep state
pass out quick on $int_if all keep state


On Fri, 21 Oct 2005 16:37:54 -0400, Monah Baki wrote
> Sorry all it's a Soekris net4801
> 
> Thank you
> 
> On Fri, 21 Oct 2005 13:47:05 -0400, Monah Baki wrote
> > Hi all,
> > 
> > I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One 
> > solaris 10 server is behind them. When I try to scp a 600MB file 
> > from 1 solaris server outside the network to the solaris server 
> > behind the net4801, I get "network error: connection reset by peer" error.
> > If I halt the master carp and the backup becomes master, no problem 
> > all 600MB gets transfered. I then went ahead and deleted the file 
> > and rebooted the the master, the current Master switched to backup,
> >  and I did the copy a "network error: connection reset by peer" 
> > showed up.
> > 
> > My pf.conf file on both machines are identical.
> > 
> > Thank you.
> > 
> > /etc/pf.conf
> > -
> > ext_if="sis0"
> > int_if="sis1"
> > ext_net="104.83.19.0/24"
> > int_net="172.16.0.0/24"
> > 
> > carp5="carp5"
> > 
> > ross="172.16.0.3"
> > ross_int_webzone="172.16.0.4"
> > 
> > tcp_services="{22, 80}"
> > dns_services="{53}"
> > 
> > set timeout interval 10
> > set timeout frag 30
> > set block-policy return
> > set loginterface sis0
> > set skip on lo0
> > 
> > # scrub in all
> > 
> > nat on $ext_if from $int_net to any -> $ext_if static-port
> > 
> > rdr on $ext_if proto tcp from any to $carp5 port 22 -> 
> > $ross_int_webzone port 22
> > 
> > # Deny all packets
> > block in on sis0 all
> > 
> > pass in quick on $int_if all
> > pass out quick on $int_if all
> > 
> > pass in quick on $ext_if inet proto tcp from any to any port $tcp_services
> > flags S/SA keep state
> > pass out quick on $ext_if inet proto tcp from any to any port 
$tcp_services
> > flags S/SA keep state
> > 
> > pass in quick on $carp5 inet proto tcp from any to any port 
> > $tcp_services keep state pass out quick on $carp5 inet proto tcp 
> > from any to any port $tcp_services keep state
> > 
> > pass quick on lo0 all
> > 
> > pass quick on { sis2 } proto pfsync
> > pass in quick on { sis0 sis1 } proto carp keep state
> > 
> > # Filter rules for sis0 outbound
> > block out on sis0 all
> > 
> > # pass in all
> > # pass out all
> > 
> > My master carp has the following:
> > -
> >  ifconfig carp5 create
> >  ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244
> > netmask 255.255.255.0
> > 
> > My backup carp has the following:
> > -
> >  ifconfig carp5 create
> >  ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128 
104.83.19.244
> > netmask 255.255.255.0

Re: Auto start KDE in OBSD 3.7

[Helio Santana]

Sorry,
I found this document...

http://www.openbsdsupport.org/KDM.html

and my KDE is working ok as the default login manager.

Thanks,
Helio.

El lun, 24-10-2005 a las 14:03 +0200, Jasper Lievisse Adriaanse
escribiC3:
> On Mon, 24 Oct 2005 12:51:55 +0100
> Helio Santana <[EMAIL PROTECTED]> wrote:
> 
> > Hello,
> > I am newbie on OBSD. I've installed a new system (3.7), afterboot and
> > adduser... then I changed xdm_flags to "" in /etc/rc.conf. When my
> > system starts, show me the login screen. All is ok. WHOW, it's very
> > easy... :) I feel happy.
> > 
> > Now, I decided to install KDE, and login again in text mode
> > (xdm_flags=NO). When my kdebase package is downloaded an installed on my
> > system, I do "startkde". WONDERFULL! KDE is working on my system. All is
> > working OK. Really it's very easy.
> > 
> > My problems started when I try to auto-start KDE on my system.
> > I searched in google, but nothing of the solutions I've found works...
> > How can I do this?... I think this must be trivial... but I don't know
> > what to do.
> > 
> > Thanks in advance,
> > Helio.
> > 
> If I remember correctly you should use KDM as your login manager, and then
> enable auto-login in KDM.
> 
> Cheers,
> Jasper

Re: Large partition

[tony sarendal]

On 24/10/05, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> --On 24 October 2005 13:34 +0200, Beck Zoltan Gyula wrote:
>
> > I must install a file server so I need minimal 2T disk space. So I
> > need to choose an other operating system :(
>
> 2T is a lot of files to put in a single directory. And of course, where
> you work with multiple directories, each can be on a separate
> partition...
>

I thought fsck on 300GB was painful. 2TB...

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: coredump

[Gabucino]

Jasper Lievisse Adriaanse wrote:
> > What could prevent a (threading) program to dump core on OpenBSD/i386 3.5 ?
> > ulimit -c is unlimited. I can catch the segfault in gdb, but that's not
> > the question.
> First try upgrading to 3.7 or 3.8 and see if the problem occurs there
> too.

Thanks, but that's currently out of question. Besides I don't think this was
such a difficult question.

-- 
Gabucino
MPlayer Core Team

Re: coredump

[Jasper Lievisse Adriaanse]

On Mon, 24 Oct 2005 15:38:40 +0200
Gabucino <[EMAIL PROTECTED]> wrote:

> Hi.
> 
> What could prevent a (threading) program to dump core on OpenBSD/i386 3.5 ?
> ulimit -c is unlimited. I can catch the segfault in gdb, but that's not
> the question.
> 
> -- 
> Gabucino
> 
First try upgrading to 3.7 or 3.8 and see if the problem occurs there
too.

Cheers,
Jasper


-- 
"Security is decided by quality" -- Theo de Raadt

Re: coredump

[Hannah Schroeter]

Hello!

On Mon, Oct 24, 2005 at 03:38:40PM +0200, Gabucino wrote:
>What could prevent a (threading) program to dump core on OpenBSD/i386 3.5 ?
>ulimit -c is unlimited. I can catch the segfault in gdb, but that's not
>the question.

Core files are written into the current working directory, so perhaps
there's a lack of space or a lack of write permissions to the directory.

Or is there any setuid/setgid involved?

Kind regards,

Hannah.

Re: OpenOffice.org 2.0 works on OpenBSD

[Hannah Schroeter]

Hello!

On Mon, Oct 24, 2005 at 09:31:11AM -0400, Roy Morris wrote:
>Sure, I think the ones I found were

>A. unless you want to see this error over and over do a touch /etc/mnttab

You could also touch /emul/linux/etc/mnttab to not pollute the native
OpenBSD filesystem namespace.

>[...]

Kind regards,

Hannah.

coredump

[Gabucino]

Hi.

What could prevent a (threading) program to dump core on OpenBSD/i386 3.5 ?
ulimit -c is unlimited. I can catch the segfault in gdb, but that's not
the question.

-- 
Gabucino

Re: OpenOffice.org 2.0 works on OpenBSD

[Roy Morris]

Sure, I think the ones I found were

A. unless you want to see this error over and over do a touch /etc/mnttab
B. I needed to add the --root and --dbpath like so
alias rpm='rpm --ignoreos --ignorearch --nodeps --noscripts --root 
/emul/linux --dbpath /var/lib/rpm' 

C. I found I was able to add rpms one at a time, but when using *.rpm for 
install the rpm program
would core dump. I suggest maybe trying find -name "*.rpm" -exec blah blah 
instead .. 

Mine works fine here .. I have done it on my desktop and laptop. 




> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] Behalf Of
> Uwe Dippel
> Sent: Saturday, October 22, 2005 11:36 PM
> To: misc@openbsd.org
> Subject: Re: OpenOffice.org 2.0 works on OpenBSD
> 
> 
> On Thu, 20 Oct 2005 19:47:43 -0400, Roy Morris wrote:
> 
> > Confirmed! Works on 3.7-stable. There were a few items which you may
> > or may not want to include in your blog, If your interested 
> let me know 
> > I'll send them to you.
> 
> Go ahead, share them with us, please, as well. Some are 
> looking forward to
> get OpenOffice to work and if you found a few items worth 
> noting to that
> behalf, help us.
> 
> Uwe

Re: Limiting Shell Access Damage (was Guruness)

[Hannah Schroeter]

Hello!

On Thu, Oct 20, 2005 at 11:01:55PM +0200, Jesper Louis Andersen wrote:
>[... what looks like good advice ...]

>A typical attack vector, however, for 1000+ account sites is a 
>compromised account. You can assume at least 5 per 1000 accounts are 
>compromised or have easily guessable passwords. Those will not heed your 
>policy forms whatever you do. You can mitigate the risk by separating 
>systems and limiting account access. When this is not possible, 
>ProPolice, W^X, StackGhost, etc will come in very handy.

You can mitigate the risk of guessable passwords by checking passwords
on change, using the minpasswordlen and passwordcheck fields of
login.conf. Set passwordtries to 0 so the user can't override the
password policy by insisting on the bad password.

>[...]

Kind regards,

Hannah.

mirror in Erlangen is down

[Alexander von Gernler]

Hi crowd,

openbsd.informatik.uni-erlangen.de, also known under many aliases
(ftp3.de, www.de, rsync.de, anoncvs2.de) is currently down due to
hardware problems.

It is not clear yet when the machine will go online again, as I am
currently not around in Erlangen, and have to examine the hardware
first.

Please use another mirror from now on.  I will report when the machine
is back online again.

Sorry,
-- 
Alexander "grunk" von Gernler   PGP key 0xEBC27515
http://www.de.openbsd.org/ -- Free, functional, secure

Re: ipmi(4)

[Schöberle Dániel]

 
> Cool, what can I do?
> Test!  We need wide testing on systems that have IPMI.  I bet 
> there has to be
> some tuning to work around timing differences between 
> platforms.  The current
> code was tested on Intel, Dell and Sun boards.

Works here on a Dell SC1425, i386:
(will try amd64 later)

$ sysctl hw.sensors
hw.sensors.0=ipmi0, Temp, OK, temp, 36.00 degC / 96.80 degF
hw.sensors.1=ipmi0, Temp, OK, temp, 50.00 degC / 122.00 degF
hw.sensors.2=ipmi0, Planar Temp, OK, temp, 31.00 degC / 87.80 degF
hw.sensors.3=ipmi0, VRD 0 Temp, OK, temp, 27.00 degC / 80.60 degF
hw.sensors.4=ipmi0, VRD 1 Temp, OK, temp, 26.00 degC / 78.80 degF
hw.sensors.5=ipmi0, CMOS Battery, OK, volts_dc, 3.10 V
hw.sensors.6=ipmi0, Fan 1, OK, fanrpm, 3300 RPM
hw.sensors.7=ipmi0, Fan 2A, OK, fanrpm, 7500 RPM
hw.sensors.8=ipmi0, Fan 2B, OK, fanrpm, 5400 RPM
hw.sensors.9=ipmi0, Fan 3A, OK, fanrpm, 7350 RPM
hw.sensors.10=ipmi0, Fan 3B, OK, fanrpm, 5325 RPM
hw.sensors.11=ipmi0, Fan 4A, OK, fanrpm, 7125 RPM
hw.sensors.12=ipmi0, Fan 4B, OK, fanrpm, 5250 RPM
hw.sensors.13=ipmi0, Fan 5A, OK, fanrpm, 7500 RPM
hw.sensors.14=ipmi0, Fan 5B, OK, fanrpm, 5175 RPM
hw.sensors.15=ipmi0, Intrusion, OK, indicator, Off

dmesg:
OpenBSD 3.8-current (GENERIC) #7: Mon Oct 24 13:27:32 CEST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID
real mem  = 536195072 (523628K)
avail mem = 482385920 (471080K)
using 4278 buffers containing 26910720 bytes (26280K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 01/18/05, BIOS32 rev. 0 @ 0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbf50/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xb000! 0xcb000/0x1800 0xec000/0x4000!
ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7710 SMCH" rev 0x09
ppb0 at pci0 dev 2 function 0 "Intel E7710 MCH PCIE" rev 0x09
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci2 at ppb1 bus 2
em0 at pci2 dev 4 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 11, 
address 00:14:22:72:27:22
vendor "Intel", unknown product 0x0326 (class system subclass interrupt, rev 
0x09) at pci1 dev 0 function 1 not configured
ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09
pci3 at ppb2 bus 3
em1 at pci3 dev 7 function 0 "Intel PRO/1000MT (82546EB)" rev 0x01: irq 5, 
address 00:02:a5:48:f0:70
em2 at pci3 dev 7 function 1 "Intel PRO/1000MT (82546EB)" rev 0x01: irq 10, 
address 00:02:a5:48:f0:71
vendor "Intel", unknown product 0x0327 (class system subclass interrupt, rev 
0x09) at pci1 dev 0 function 3 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB" rev 0x02: irq 6
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 4 ports with 4 removable, self powered
ppb3 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2
pci4 at ppb3 bus 4
em3 at pci4 dev 3 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 3, 
address 00:14:22:72:27:23
vga1 at pci4 dev 13 function 0 "ATI Radeon VE QY" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 
configured to native-PCI, channel 1 configured to native-PCI
pciide1: using irq 5 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 38146MB, 78125000 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pck

why interface down?

[Sergey Viuchny]

we have box whith obsd3.7
2 interfaces on it
 
used as smtp( proxy...) gate

sometimes dc1 dies
ifconfig shows it up but realy no any traffic
i can "heal" it (if) by just down and again up

logs are empty

can anybody help?

__

ifconfig -a
lo0: flags=8049 mtu 33224
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
dc0: flags=8843 mtu 1500
address: 00:80:48:fb:e2:07
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet xx.xx.xx.xx netmask 0xffc0 broadcast xx.xx.xx.xx
inet6 xx%dc0 prefixlen 64 scopeid 0x1
dc1: flags=8843 mtu 1500
address: 00:80:48:fb:7a:96
media: Ethernet 100baseTX full-duplex
status: active
inet xx.xx.xx.xx netmask 0xff00 broadcast xx.xx.xx.xx
inet6 xx%dc1 prefixlen 64 scopeid 0x2
pflog0: flags=141 mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536

Re: Auto start KDE in OBSD 3.7

[Helio Santana]

> If I remember correctly you should use KDM as your login manager, and then
> enable auto-login in KDM.
Thanks, but how can I do KDM my default login manager?
Cheers,
Helio.

Re: Limiting Shell Access Damage (was Guruness)

[Jesper Louis Andersen]

Will H. Backman wrote:


Turning this into a learning experience:  Does anyone have any hints or
advice about hardening OpenBSD for shell accounts.  Do people tweak
things other than the login.conf settings?  I have to deal with student
shell accounts where students are learning to program and often create
problems by accident.


Apart from login.conf(5):

It is really hard on UNIX(tm) systems to protect a system if users are 
conspiring to kill it. Therefore, the first rule should be to trust your 
users to a certain extent. Assume that the students are not dumb, but 
know that they will create code where malloc()'s are not free()'d 
(Leading to 800+Mb memory usage for a single process, login.conf(5) is 
your friend). Also, they will, after talking with their old somewhat 
nutty professor, attempt to write a simple protocol implementation in 
which every new incoming UDP packet results in a fork() being made


Filesystem quotas can help a lot. So can process accounting in 
post-mortem analysis. A single odd-process-reaper running via cron(1) 
can do wonders to those 99%CPU spinning Matlab processes running under 
Linux-emulation where theres no source code fix. Remember to generalize 
the reaper and let the process accounting data be the guide of what to add.


Do not underestimate the power of policy. A student having signed the 
Acceptable-Use-Policy form will not conspire as much against the system 
since the consequence is account deletion. Many computer users are 
accustomed to environments where there is a single user on a PC.


A typical attack vector, however, for 1000+ account sites is a 
compromised account. You can assume at least 5 per 1000 accounts are 
compromised or have easily guessable passwords. Those will not heed your 
policy forms whatever you do. You can mitigate the risk by separating 
systems and limiting account access. When this is not possible, 
ProPolice, W^X, StackGhost, etc will come in very handy.


Monitoring is also something you should ponder about. In general, 
students need the freedom to play -- they are in this to learn, so you 
should give them the freedom, but use policy enforcement if they abuse 
the freedom given. Network and filesystems can be monitored easily as 
well as memory, interrupt counts etc. The monitoring will make you able 
to act when something goes wrong in a quick manner. Beware of 
micro-management though.

Re: Auto start KDE in OBSD 3.7

[Jasper Lievisse Adriaanse]

On Mon, 24 Oct 2005 12:51:55 +0100
Helio Santana <[EMAIL PROTECTED]> wrote:

> Hello,
> I am newbie on OBSD. I've installed a new system (3.7), afterboot and
> adduser... then I changed xdm_flags to "" in /etc/rc.conf. When my
> system starts, show me the login screen. All is ok. WHOW, it's very
> easy... :) I feel happy.
> 
> Now, I decided to install KDE, and login again in text mode
> (xdm_flags=NO). When my kdebase package is downloaded an installed on my
> system, I do "startkde". WONDERFULL! KDE is working on my system. All is
> working OK. Really it's very easy.
> 
> My problems started when I try to auto-start KDE on my system.
> I searched in google, but nothing of the solutions I've found works...
> How can I do this?... I think this must be trivial... but I don't know
> what to do.
> 
> Thanks in advance,
> Helio.
> 
If I remember correctly you should use KDM as your login manager, and then
enable auto-login in KDM.

Cheers,
Jasper


-- 
"Security is decided by quality" -- Theo de Raadt

Re: filtering trunked Interfaces with PF

[Siju George]

On 10/24/05, Henning Brauer <[EMAIL PROTECTED]> wrote:
> * Siju George <[EMAIL PROTECTED]> [2005-10-22 09:24]:
> > Hi all,
> >
> > When I build a trunk like
> >
> > # ifconfig rl0 up
> > # ifconfig rl1 up
> > # ifconfig trunk0 create trunkport rl0 trunkport rl1
> > # ifconfig trunk0 192.168.1.200 netmask 255.255.255.0 up
> >
> > in upcomming 3.8 release.
> >
> > Will I be able to use pf rules like
> >
> > pass in on trunk0 proto tcp from 172.16.0.0/12 to any keep state.
> >
> > to filter traffic through rl0 and rl1
>
> yes.
>
> > or will I have to put rl0 & rl1 on the same interface group and write
> > the pf rule for the interface group?
>
> no.
>

Thankyou so much Henning for the reply :-)

Kind Regards

Siju

Re: Problem instaling OpenBSD on IBM xSeries 336

[David Gwynne]

On 23/10/2005, at 7:29 PM, Luka Macura wrote:


Hello all,

Thank you for hint, amd64 architecture does work on our HW !
Everything was instaled fine (I instaled latest snapshot). But we have
another problem.

When I look into BIOS, there is no possibility to do good irq routing.
BIOS groups almost all devices to irq3 :( I can change irq, but I  
cannot

change number of devices on this interrupt. There is IRQ for both
internal ethernet broadcom cards, IRQ for PCIx slot, HDD, ... and  
more.


Can you try booting the i386 GENERIc kernel with pcibios disabled?  
And like Stuart Henderson suggested, can you also try the GENERIC.MP  
kernel. If that gets stuck at pcibios too, try disabling it on the mp  
kernel as well.




I think this is very bad. I do not know if it is due to this simple  
irq

but we have this problems:

- disk operations are VERY slow (does not matter, no problem for  
us, it

is firewall).
- entire traffic is going thru cpu0. Cpu1 is unused. I think that  
if two

cards are on another irq, it could be possible
- througnput of entire system with large packets is somewhere at
120mbps. After it, CPU0 spend all time in interrupts.
- I think this machine should be firewalling at much more speed.

Please can you help me ? Is there any chance how to change irq if BIOS
routes it bad? Or is there another way how to use both CPUs for
firewalling?

Thank you very much !

Here is dmesg:
OpenBSD 3.8-current (GENERIC.MP) #556: Sat Oct 15 14:22:53 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/ 
GENERIC.MP

real mem = 1073319936 (1048164K)
avail mem = 908791808 (887492K)
using 22937 buffers containing 107540480 bytes (105020K) of memory
mainbus0 (root)
mainbus0: Intel MP Specification (Version 1.4) (IBM ENSW X336 SMP)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(TM) CPU 3.20GHz, 3200.57 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3 
6,CFLUS

H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 27107Hz
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(TM) CPU 3.20GHz, 3200.12 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3 
6,CFLUS

H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG
cpu1: 2MB 64b/line 8-way L2 cache
mpbios: bus 0 is type PCI
mpbios: bus 1 is type PCI
mpbios: bus 2 is type PCI
mpbios: bus 3 is type PCI
mpbios: bus 4 is type PCI
mpbios: bus 5 is type PCI
mpbios: bus 6 is type PCI
mpbios: bus 7 is type PCI
mpbios: bus 8 is type ISA
ioapic0 at mainbus0 apid 14: pa 0x81ba7f24, version 20, 24  
pins
ioapic1 at mainbus0 apid 13: pa 0x81ba7e24, version 20, 24  
pins
ioapic2 at mainbus0 apid 12: pa 0x81ba7d24, version 20, 24  
pins

mpbios: can't find ioapic 0
mpbios: can't find ioapic 0
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "Intel E7710 SMCH" rev 0x0c
"Intel E7710 MCH ERR" rev 0x0c at pci0 dev 0 function 1 not configured
ppb0 at pci0 dev 2 function 0 "Intel E7710 MCH PCIE" rev 0x0c
pci1 at ppb0 bus 2
ppb1 at pci0 dev 4 function 0 "Intel E7710 MCH PCIE" rev 0x0c
pci2 at ppb1 bus 3
ppb2 at pci2 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci3 at ppb2 bus 4
mpt0 at pci3 dev 1 function 0 "Symbios Logic 53c1030" rev 0x08:  
apic 13

int 4 (irq 10)
mpt0: sending FW Upload request to IOC (size: 36, img size: 69956)
mpt0: IM support: 4
scsibus0 at mpt0: 16 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI2
0/direct fixed
sd0: 139898MB, 139898 cyl, 16 head, 128 sec, 512 bytes/sec, 286511104
sec total
mpt0: target 0 Asynchronous at 0MHz width 8bit offset 0 QAS 0 DT 0  
IU 0

ppb3 at pci2 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09
pci4 at ppb3 bus 5
em0 at pci4 dev 1 function 0 "Intel PRO/1000MT (82545GM)" rev 0x04:  
apic

12 int 0 (irq 10), address 00:0e:0c:9c:07:13
ppb4 at pci0 dev 6 function 0 "Intel E7710 MCH PCIE" rev 0x0c
pci5 at ppb4 bus 6
bge0 at pci5 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1
(0x4101): apic 14 int 16 (irq 10) address 00:14:5e:0b:3e:ea
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb5 at pci0 dev 7 function 0 "Intel E7710 MCH PCIE" rev 0x0c
pci6 at ppb5 bus 7
bge1 at pci6 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1
(0x4101): apic 14 int 16 (irq 10) address 00:14:5e:0b:3e:eb
brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
vendor "Intel", unknown product 0x359b (class system subclass
miscellaneous, rev 0x0c) at pci0 dev 8 function 0 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02:  
apic 14

int 16 (irq 10)
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02:  
apic 14

int 19 (irq 7)
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports 

Auto start KDE in OBSD 3.7

[Helio Santana]

Hello,
I am newbie on OBSD. I've installed a new system (3.7), afterboot and
adduser... then I changed xdm_flags to "" in /etc/rc.conf. When my
system starts, show me the login screen. All is ok. WHOW, it's very
easy... :) I feel happy.

Now, I decided to install KDE, and login again in text mode
(xdm_flags=NO). When my kdebase package is downloaded an installed on my
system, I do "startkde". WONDERFULL! KDE is working on my system. All is
working OK. Really it's very easy.

My problems started when I try to auto-start KDE on my system.
I searched in google, but nothing of the solutions I've found works...
How can I do this?... I think this must be trivial... but I don't know
what to do.

Thanks in advance,
Helio.

Re: Large partition

[Stuart Henderson]

--On 24 October 2005 13:34 +0200, Beck Zoltan Gyula wrote:


I must install a file server so I need minimal 2T disk space. So I
need to choose an other operating system :(


2T is a lot of files to put in a single directory. And of course, where 
you work with multiple directories, each can be on a separate 
partition...

Re: Large partition

[Jasper Lievisse Adriaanse]

On Mon, 24 Oct 2005 13:34:31 +0200 (CEST)
Beck Zoltan Gyula <[EMAIL PROTECTED]> wrote:

> I must install a file server so I need minimal 2T disk space. So I need to
> choose an other operating system :(

Well, you can have 2TB of storage. As long as you spread it over several
partitions, right?

Cheers,
Jasper

> 
> On Mon, 24 Oct 2005, Nick Holland wrote:
> 
> > Beck Zoltan Gyula wrote:
> > > Hi!
> > >
> > >   I would like to ask if it is possible to use a large, more than 2T
> > > diskarray or CCD?
> > >   In FAQ: "14.7 - What are the issues regarding large
> > > drives with OpenBSD?
> > >
> > > OpenBSD supports an individual file system of up to 231-1, or
> > > 2,147,483,647 sectors, and as each sector is 512 bytes, that's a tiny
> > > amount less than 1T."
> > >
> > >   It's true I can't use my 2T partition?
> > >
> > >   Best Regards
> > > Bzg
> >
> > 2TB is greater than 1TB, so yes, it can not be one file system.
> >
> > it COULD (and probably SHOULD) be multiple file systems on one array.
> >
> > I can think of lots of apps which might need more than 1TB.
> > I can't think of many apps which need more than 1TB now that might not
> > some day need more than 10TB.
> >
> > It is probably easier to bolt-on new partitions later than to rebuild on
> > a new array later.  Plan for multiple partitions now...
> >
> > Nick.
> 


-- 
"Security is decided by quality" -- Theo de Raadt

Re: Large partition

[Beck Zoltan Gyula]

I must install a file server so I need minimal 2T disk space. So I need to
choose an other operating system :(

On Mon, 24 Oct 2005, Nick Holland wrote:

> Beck Zoltan Gyula wrote:
> > Hi!
> >
> >   I would like to ask if it is possible to use a large, more than 2T
> > diskarray or CCD?
> >   In FAQ: "14.7 - What are the issues regarding large
> > drives with OpenBSD?
> >
> > OpenBSD supports an individual file system of up to 231-1, or
> > 2,147,483,647 sectors, and as each sector is 512 bytes, that's a tiny
> > amount less than 1T."
> >
> >   It's true I can't use my 2T partition?
> >
> >   Best Regards
> > Bzg
>
> 2TB is greater than 1TB, so yes, it can not be one file system.
>
> it COULD (and probably SHOULD) be multiple file systems on one array.
>
> I can think of lots of apps which might need more than 1TB.
> I can't think of many apps which need more than 1TB now that might not
> some day need more than 10TB.
>
> It is probably easier to bolt-on new partitions later than to rebuild on
> a new array later.  Plan for multiple partitions now...
>
> Nick.

Re: DISKLESS tutorial that need feedback

[Matthew Weigel]

Bachman Kharazmi wrote:
> On 10/23/05, Matthew Weigel <[EMAIL PROTECTED]> wrote:
>> Well, except that hard links are filesystem specific, you can't cross
>> filesystem boundaries with one.
>>
>> Also, depending on design, you probably actually want a single RO
>> filesystem to serve as / for all diskless clients, and have smaller
>> per-client RW volumes (like /etc) or per-user RW volumes (so each
>> machine
>> is identical and everyone can use each machine).
> uhm, so it would be possible sharing all dirs except /etc?

That's not what I said, no.  Having clarified that point, I don't think I
need to respond to what you wrote below where you presumed to know my
answer to that question.

> Each machine is identical?

In terms of FS layout, what software is available where, etc.- yes.  It's
one approach for some problems - depending on design, like I said.

> yes maybe in that case that would work. But where I'm going to use my
> doc is a uni env where all the clients are not identical. Even if they
> were, what would you do if hw failed on one  of clients?

I'm having a bit of trouble imagining what hardware failures could be
"handled" by a change to filesystem layout.  Regardless, I'll note that I
was responding to the proposition that *everything*, from / on down, could
be shared from one NFS export.  In the cases where *that* seems like a
good idea, what I describe is better.  If sharing that much doesn't, then
what I describe may not, either.

> So a script that sync one of the clients from server, and then all the
> other clients can sync from that up2date client.

Are we still talking about diskless clients?  Why on earth would you
synchronize them over the network, so that they have to perform NFS reads
and writes to effect the changes?

> Remeber that if the purpose is 'personal' thin clients you would
> confuse ppl saving tons of files in everyones /home.

I confess to being confused by what you're saying here.
-- 
 Matthew Weigel
 hacker
 [EMAIL PROTECTED]

Re: root on raidframe

[Nick Holland]

Ken Gunderson wrote:
...
> The application in this case is a routing firewall/proxy server for a 3
> legged network configuration.  Resources to implement a carp setup are
> not available.  The objective for the system:
> 
> 1)  to be as self healing as possible
> 2) minimize downtime resulting from this single point of failure failing
> 3) maximiz capability for remote system management
> 4) minimizing requrement for assistance from on site personnel.  
> 
> /home, /tmp and /var/tmp are inconsequential.  No users on this system.
> But the system will be doing smtp relaying  and in the unlikely event
> some malicious type was able to induce obsd to crash I'd like to have
> the packets logged... Logging to remote machine is good practice but not
> an option at present.  So we've got a large /var on this puppy.  Hence
> the long wait.  Otherwise if just for perimeter firewall/router a
> diskless setup would probably be best.
> 
> I've done some testing w/the /etc/rc backgound parity hack and the box
> comes up after a hard failure in about 1/2 hour.  Which isn't too bad
> compared to the 1.5 -2 hours otherwise.
> 
> For the sake of experimentation the raid conf is presently:
> 
> 512M / mirror
> 2048M swap stripped
> couple hundred gigs mirrored for everything else.
> 
> Thanks for your insights.  Appreciate the constructive input.

ooo...firewall.  That should be REALLY easy. :)
(oops.  just went back and re-read it and noticed the "/proxy" part.
That skews the rest of this.  kinda.  Well, consider the suggestions
anyway...)

You shouldn't end up mirroring more than about 350MB.  Seriously.
(ok, MAYBE 512MB.)

/ 70M
/usr 140M
/home 30M
/var 30M
/tmp 20M

NO swap.  Firewalls shouldn't swap.  PF won't swap, anyway.

you end up installing JUST base38.tgz, etc38.tgz, and bsd.rd

Yes, the machine ends up being not self-sufficient, but that's pretty
much true of most RAIDframe systems -- you have to build the kernel on
another machine anyway.

If you want to have some non-mirrored, unmounted partitions for storing
upgrade files on or other stuff, fine...but DON'T MIRROR THE REST OF
YOUR DISK.

[I don't think the proxy cache would need to be mirrored.  yes, you
would end up rebuilding it if you lose a disk, but that's probably the
least of your problems]


OR..consider a non-RAIDframe design I've been using lately:
  Two disks, say wd0 and wd1

First disk can be small.  Partition it up as small as comfortable.

Second disk (wd1) is bigger (40G, maybe) and mirrors..er..duplicates the
partitioning of the first disk, but also has a huge "/backup" partition,
which is mounted as part of rc.local, NOT fstab.

Nightly, the ALTROOT process duplicates your / partition (and thus, your
/etc files).  /etc/daily.local includes a step which makes a .tgz file
holding /var and /etc contents on /backup, with a date code (i.e.,
backup2005-10-22.tgz).  weekly.local dumps/restores the rest of wd0's
partitions over to wd1, and make sure you have the bootloader installed
on wd1 properly.

NOW...you have rotated backups (sorta...they still are on the same
machine, so far from ideal, but better than what you are doing at the
moment, I bet! :), two disks that could each do the job of running the
machine, and a back door if you do an upgrade that goes poorly.

I've done this on two different kinds of machines so far, both, it turns
out, could boot from the second disk if I unplugged the primary.  SO, if
the primary fails completely, the system still comes up.  Worst case, if
the primary fails but not completely, you have to remove it, but don't
have to rejumper the second drive, however, you HAVE to verify your
machine's BIOS will do this properly.  BTW: some of those cheap,
pseudo-RAID cards may help here, as the BIOSs are generally designed to
boot from the second channel if the first is unbootable.

The simplicity factor on this one is a big selling point for me. :)

I'm doing this with a few DNS servers at our office, they have a 40G
drive as the second drive.  The /backup partition has been collecting
over two months of backup*.tgz files and still hasn't passed 2% of the
available disk space.  One doesn't even have to worry about the /backup
partition filling at that rate -- the machine will be replaced long
before /backup filled...and I've got a copy of EVERY configuration the
machine has ever had.

Nick.

Re: Large partition

[Rod.. Whitworth]

On Mon, 24 Oct 2005 11:42:45 +0200 (CEST), Beck Zoltan Gyula wrote:

>Hi!
>
>  I would like to ask if it is possible to use a large, more than 2T
>diskarray or CCD?
>  In FAQ: "14.7 - What are the issues regarding large
>drives with OpenBSD?
>
>OpenBSD supports an individual file system of up to 231-1, or
>2,147,483,647 sectors, and as each sector is 512 bytes, that's a tiny
>amount less than 1T."
>
>  It's true I can't use my 2T partition?
>
>  Best Regards
>Bzg
>
>

Do you think the FAQ tells lies?
You did the math.

For more info STFA. It has been discussed this week.
Research!

>From the land "down under": Australia.
Do we look  from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

Re: Large partition

[Nick Holland]

Beck Zoltan Gyula wrote:
> Hi!
> 
>   I would like to ask if it is possible to use a large, more than 2T
> diskarray or CCD?
>   In FAQ: "14.7 - What are the issues regarding large
> drives with OpenBSD?
> 
> OpenBSD supports an individual file system of up to 231-1, or
> 2,147,483,647 sectors, and as each sector is 512 bytes, that's a tiny
> amount less than 1T."
> 
>   It's true I can't use my 2T partition?
> 
>   Best Regards
> Bzg

2TB is greater than 1TB, so yes, it can not be one file system.

it COULD (and probably SHOULD) be multiple file systems on one array.

I can think of lots of apps which might need more than 1TB.
I can't think of many apps which need more than 1TB now that might not
some day need more than 10TB.

It is probably easier to bolt-on new partitions later than to rebuild on
a new array later.  Plan for multiple partitions now...

Nick.

Re: filtering trunked Interfaces with PF

[Henning Brauer]

* Siju George <[EMAIL PROTECTED]> [2005-10-22 09:24]:
> Hi all,
> 
> When I build a trunk like
> 
> # ifconfig rl0 up
> # ifconfig rl1 up
> # ifconfig trunk0 create trunkport rl0 trunkport rl1
> # ifconfig trunk0 192.168.1.200 netmask 255.255.255.0 up
> 
> in upcomming 3.8 release.
> 
> Will I be able to use pf rules like
> 
> pass in on trunk0 proto tcp from 172.16.0.0/12 to any keep state.
> 
> to filter traffic through rl0 and rl1

yes.

> or will I have to put rl0 & rl1 on the same interface group and write
> the pf rule for the interface group?

no.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Large partition

[Beck Zoltan Gyula]

Hi!

  I would like to ask if it is possible to use a large, more than 2T
diskarray or CCD?
  In FAQ: "14.7 - What are the issues regarding large
drives with OpenBSD?

OpenBSD supports an individual file system of up to 231-1, or
2,147,483,647 sectors, and as each sector is 512 bytes, that's a tiny
amount less than 1T."

  It's true I can't use my 2T partition?

  Best Regards
Bzg

Re: Intel 6300ESB SATA

[Alexander Yurchenko]

On Sun, Oct 23, 2005 at 05:15:29PM -0600, S?bastien Taylor wrote:
> I am having problems having two SATA disks recognized by OpenBSD, the  
> 6300ESB
> controller is found and seems to be configured properly but I get the  
> error:
> 
> pciide2: couldn't map channel 0 cmd regs
> pciide2: couldn't map channel 1 cmd regs

try to play with your bios settings wrt sata.

-- 
   Alexander Yurchenko

Re: passwd: /sbin/nologin --- not working for me

[morla]

thank u all, (this comes a little late, sorry i had no internet con.)
i seem to have totally forgotten about the passwd-db. YES i have edited 
them all with vi

i removed my entrys and did them again with vipw.
now all works very fine :)

thx morla