Re: ftp-proxy upgrade instructions

[Camiel Dobbelaar]

On Wed, 16 Nov 2005, Moritz Grimm wrote:
> Moritz Grimm wrote:
> > Using the parameter ``-q "(q_med, q_pri)"'' does not result in any error
> > message, however, I have no proof whether this works or not. Actually, 
> [...]
> > Hm, and while I'm at it ... how can things like these be properly tested and
> > debugged in the first place? Other than making educated guesses with 
> [...]
> 
> Replying to myself here ... I found out that I can get the rules inserted by
> ftp-proxy with
> 
> pfctl -a ftp-proxy/x.y -vvsr
> 
> and it looks like the queue statements were accepted. However, the ACKs
> definitely don't end up in q_pri but my default queue (q_def). I compared that
> to what happens when i use "-q q_low", and indeed, everything ends up there
> with only one queue name as the argument.
> 
> Now I'm just a bit confused, but at least I know that maybe, in theory, it
> could work the way I want. :-)

Your testing is correct.  ftp-proxy does not understand the queue() syntax 
like pfctl does, so only one queue name for now.


--
Cam

Re: Problem with ISAKMPD

[Brian A. Seklecki]

Are you expiring lifetime on bandwidth or time?  Probably the defaults
of whatever transforms suite you're using.

Try manually defining it?  If you expire on time, say...10 minutes, you
can tcpdump for udp 500 on either side at the expected time and watch
the renegotiation.

Maybe UDP packets are getting lost at renegotiation time.  I had that
problem once with pf where i was exhausing the max default states at
10,000 and new states were being refused with ICMP.

~BAS

On Sun, 2005-11-13 at 20:45, James Mackinnon wrote:
> Hey everyone
> 
> I am hoping I am posting this to the correct list
> 
> I am running an AMD 2200+ w/ 512mb of ram and all intel pro cards in my main
> location.
> 
> I have 14 other locations connecting back to this 1 location and each location
> creates 3 tunnels to this system as I have
> 3 internal network segments I want available via VPN
> 
> Platforms are:
> 
> Main system: OpenBSD 3.7 Stable
> Remote locations: OpenBSD 3.5 and some OpenBSD 3.7
> 
> at first, all locations come up fine, but then in approx 1 hour, 3 units stop
> communicating to the main firewall.
> 
> They all have the same config (minor changes based on location and assigned
> ips of course).
> 
> I was planning to finally get rid of my main checkpoint box and complete my
> migration to BSD but I had to revert back do to lack of time i had left to go
> back in case of an issue.
> 
> 
> My Main location is on Fiber
> All branches on DSL (pretty much same provider)
> 
> My main location has approx 50VPN Connection entries in it.
> My Branches connect to 3 VPN's.
> 
> Example branch isakmpd.conf file
> 
> [Phase 1]
> 12.12.12.12= peer-loc1
> 13.13.13.13= peer-loc2
> 14.14.14.14= peer-loc3
> 
> 
> [Phase 2]
> Connections=LOC1-SEG1, LOC1-SEG2, LOC1-SEG3, LOC2-SEG1, LOC3-SEG1
> 
> [peer-loc1]
> Phase=  1
> Transport=  udp
> Address=12.12.12.12
> Configuration=  Default-main-mode
> Authentication= MYSUPERPASS
> 
> [peer-loc2]
> Phase=  1
> Transport=  udp
> Address=13.13.13.13
> Configuration=  Default-main-mode
> Authentication= MYSUPERPASS
> 
> [peer-loc3]
> Phase=  1
> Transport=  udp
> Address=14.14.14.14
> Configuration=  Default-main-mode
> Authentication= MYSUPERPASS
> 
> [LOC1-SEG1]
> Phase=  2
> ISAKMP-peer=peer-loc1
> Configuration=  Default-quick-mode
> Local-ID=   Loc-Network
> Remote-ID=  loc1-seg1-Network
> 
> [LOC1-SEG2]
> Phase=  2
> ISAKMP-peer=peer-loc1
> Configuration=  Default-quick-mode
> Local-ID=   Loc-Network
> Remote-ID=  loc1-seg2-Network
> 
> [LOC1-SEG3]
> Phase=  2
> ISAKMP-peer=peer-loc1
> Configuration=  Default-quick-mode
> Local-ID=   Loc-Network
> Remote-ID=  loc1-seg3-Network
> 
> [LOC2-SEG1]
> Phase=  2
> ISAKMP-peer=peer-loc2
> Configuration=  Default-quick-mode
> Local-ID=   Loc-Network
> Remote-ID=  loc2-seg1-Network
> 
> [LOC3-SEG1]
> Phase=  2
> ISAKMP-peer=peer-loc3
> configuration=  Default-quick-mode
> Local-ID=   Loc-Network
> Remote-ID=  loc3-seg1-Network
> 
> [loc1-seg1-Network]
> ID-type=IPV4_ADDR_SUBNET
> Network=10.20.22.0
> Netmask=255.255.255.0
> 
> [loc1-seg2-Network]
> ID-type=IPV4_ADDR_SUBNET
> Network=10.20.23.0
> Netmask=255.255.255.0
> 
> [loc1-seg3-Network]
> ID-type=IPV4_ADDR_SUBNET
> Network=10.20.24.0
> Netmask=255.255.255.0
> 
> [loc2-seg1-Network]
> ID-type=IPV4_ADDR_SUBNET
> Network=10.20.21.0
> Netmask=255.255.255.0
> 
> [loc3-seg1-Network]
> ID-type=IPV4_ADDR_SUBNET
> Network=10.20.20.0
> Netmask=255.255.255.0
> 
> 
> [Loc-Network]
> ID-type=IPV4_ADDR_SUBNET
> Network=10.20.25.0
> Netmask=255.255.255.0
> 
> [Default-main-mode]
> DOI=IPSEC
> EXCHANGE_TYPE=  ID_PROT
> Transforms= 3DES-SHA
> 
> [Default-quick-mode]
> DOI=IPSEC
> EXCHANGE_TYPE=  QUICK_MODE
> Suites= QM-ESP-3DES-SHA-SUITE
> 
> 
> My isakmpd.policy file
> 
> Keynote-version: 2
> Authorizer: "POLICY"
> Conditions: app_domain == "IPsec policy" &&
> esp_present == "yes" &&
> esp_enc_alg != "null" -> "true";
> 
> 
> 
> 
> I have run isakmpd -L , which I am still reviewing but most errors are below
> 
> Nov 13 04:01:14 fw2 isakmpd[16014]: transport_send_messages: giving up on
> message 0x3c066800, exchange fw01
> Nov 13 04:01:14 fw2 isakmpd[16014]: transport_send_messages: either this
> message did not reach the other peer
> Nov 13 04:01:14 fw2 isakmpd[16014]: transport_send_messages: or the
> responsemessage did not reach us back
> 
> Nov 13 05:41:46 fw2 isakmpd[16014]: dropped message from fw01 port 500 due to
> notification type PAYLOAD_MALFORMED
> Nov 13 05:41:46 fw2 isakmpd[16014]: message_parse_payloads: reserved field
> non-zero: ca
> Nov 13 05:41:46 fw2 isakmpd[16014]: dropped message from fw01 port 500 due to
> notification type PAYLOAD_MALFORMED
> Nov 13 21:09:52 fw2 isakmpd[3312]: message_recv: invalid coo

Re: Tyan Thunder LE SMP issues

[Lokkju]

Sorry, given in this context means someone is letting me play with
them to see if I can get them working with OpenBSD.  They display
equivalent crashes in NetBSD - I have not tried FreeBSD or any linux
distros.  As for Memcheck86+, I can leave it running for over 24 hours
with no issues, and no errors reported.


On 11/16/05, Brian A. Seklecki <[EMAIL PROTECTED]> wrote:
> Why were they given to you? Something wrong with them perhaps.  Try
> booting Memtest86+ ISO and let it ride for a while?
>
> Try another kernel from another OS?  Try a non MP kernel?
>
> ~BAS
>
> On Wed, 2005-11-16 at 22:01, Lokkju wrote:
> > Hey all, hoping someone might be able to point me in some sort of 
> > direction...
> >
> > I recently was given two BOXX brand 1u servers, both of which are the
> > exact same - Tyan Thunder LE 2510 dual proc motherboards, with two
> > 867Mhz chips per board, and 4 256MB ram sticks per board.  The rest
> > you can get from the dmesg.
> >
> > Anyway, I have been trying to get OpenBSD to run on them, and I
> > continuously have problems on processor 1 - and no, it does not matter
> > WHICH processor is in slot 1.  I usually get an apm error, but
> > sometimes I get tcp related, or copyout related, or other errors - all
> > ending up with me dumped into ddb.  These are usually "stopped"
> > errors, not panics.  In this case, the error is a apm_cpu_idle stopped
> > error.
> >
> > So, here it goes - the dmesg, the trace on each processor, and the ps
> > - as I side note, I can almost always instigate this crash by trying
> > to untar something big - especially is I use verbose mode.
> >
> > PANIC
> > 
> > # Stopped at  apm_cpu_idle+0x4a:  leal0xfff4(%ebp),%esp
> > ddb{0}> show panic
> > the kernel did not panic
> >
> > DMESG
> > *
> > OpenBSD 3.8 (GENERIC.MP) #298: Sat Sep 10 15:51:54 MDT 2005
> > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
> > cpu0: Intel Pentium III ("GenuineIntel" 686-class) 864 MHz
> > cpu0: 
> > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,S
> > ER,MMX,FXSR,SSE
> > real mem  = 1073324032 (1048168K)
> > avail mem = 972730368 (949932K)
> > using 4278 buffers containing 53768192 bytes (52508K) of memory
> > mainbus0 (root)
> > bios0 at mainbus0: AT/286+(00) BIOS, date 10/31/00, BIOS32 rev. 0 @ 0xfdba0
> > apm0 at bios0: Power Management spec V1.2
> > apm0: AC on, battery charge unknown, estimated 0:00 hours
> > apm0: APM get event: interface not connected (3)
> > apm0: APM get event: interface not connected (3)
> > apm0: disconnected
> > apm0: flags 30102 dobusy 0 doidle 0
> > pcibios0 at bios0: rev 2.1 @ 0xf/0x1
> > pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5200/192 (10 entries)
> > pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4 SouthBridge" 
> > rev
> >  0x00)
> > pcibios0: PCI bus #0 is the last bus
> > bios0: ROM list: 0xc/0x8000 0xc8000/0x1000
> > ainbus0: Intel MP Specification (Version 1.4) (AMI  CNB30LE )
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: apic clock running at 132 MHz
> > cpu1 at mainbus0: apid 1 (application processor)
> > cpu1: Intel Pentium III ("GenuineIntel" 686-class) 864 MHz
> > cpu1: 
> > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,S
> > ER,MMX,FXSR,SSE
> > mainbus0: bus 0 is type PCI
> > mainbus0: bus 1 is type PCI
> > mainbus0: bus 2 is type ISA
> > ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 16 pins
> > ioapic1 at mainbus0: apid 5 pa 0xfec01000, version 11, 16 pins
> > pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> > pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06
> > pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06
> > pci1 at pchb1 bus 1
> > vga1 at pci0 dev 1 function 0 "ATI Rage XL" rev 0x27
> > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> > wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> > fxp0 at pci0 dev 4 function 0 "Intel 82557" rev 0x08, i82559: apic 5 int 4 
> > (irq
> >   11), address 00:e0:81:01:cb:ca
> > inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
> > pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev 0x50
> > pciide0 at pci0 dev 15 function 1 "ServerWorks OSB4 IDE" rev 0x00: DMA
> > wd0 at pciide0 channel 0 drive 0: 
> > wd0: 16-sector PIO, LBA, 58644MB, 120103200 sectors
> > wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
> > ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB" rev 0x04: apic 
> > 4 in
> > t 10 (irq 10), version 1.0, legacy support
> > usb0 at ohci0: USB revision 1.0
> > uhub0 at usb0
> > uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
> > uhub0: 4 ports with 4 removable, self powered
> > isa0 at pcib0
> > isadma0 at isa0
> > pckbc0 at isa0 port 0x60/5
> > pckbd0 at pckbc0 (kbd slot)
> > pckbc0: using irq 1 for kbd slot
> > wskbd0 at pckbd0: console keyboard, using wsdisplay0
> > pmsi0 at pckbc0 (aux slot)
> > pckbc0: using irq 12 for a

New Thread [ was Re: timekeeping on Soekris net4801 w/ ntpd.

[J Moore]

3.8]
Reply-To: 

On Wed, Nov 16, 2005 at 08:38:34AM -0700, the unit calling itself Spruell, 
Darren-Perot wrote:
> From: Ted Walther [mailto:[EMAIL PROTECTED]
> > On Wed, Nov 16, 2005 at 08:51:12AM +0100, Otto Moerbeek wrote:
> > >This "adujsting by" information is not available to ntpd. ntpd
> > >requests an adjustment using the adjtim(2) system call. The argument
> > >is the actual offset. It is up to the kernel to decide how fast the
> > >adjustment will be done. 
> > 
> > Ah.  In that case, I'd like to see the following syslog lines:
> > 
> > Tue Nov 15 20:31:33 NTPD clock is 60.000356s behind, calling adjtim()
> > ...
> > Tue Nov 15 22:48:33 NTPD clock is 1.001856s ahead, calling adjtim()
> 
> And I'd like a gold-plated commode.
> 
> What gives anyone the impression that things like this are up for public
> input and democratic vote?
> 
> This is one of the stupidest points that has ever been brought to the list. 

Ah - another self-proclaimed authority & list-Nazi. Well, gee - we've 
all been waiting for you to weigh in on this, and clue us in on what's 
appropriate for discussion, and what's not. I'm so glad that you finally 
resolved this.
 
> Live with the log message. It's functional as it is. It's been working for
> months. It was unclear to one guy who couldn't grok what it was trying to
> say.

Uh-oh... Darren made a boo-boo. There was more than one. 

Hey - did you actually read the thread, or did you think that was 
unnecessary to make your call? 

> Don't make stupid suggestions as to what you'd like it to aesthetically
> appear as. Especially when you don't understand the implications of what
> you're asking for.

Make no mistake, square pants: This post has *nothing* to do with the 
log entry. This post is about callin' you down - I'm callin' you a 
friggin' moron.
 
> And if you don't like it, feel free to edit the source code and compile your
> way to happiness.

Gong! goofed again... already been covered.

BMA,
Jay

Re: RAIDFrame, failed component

[Brian A. Seklecki]

> I'm not sure what to make of 'component1'.  It's not an explicit

For some reason, RAIDFrame refers to a missing drive "component1"
whenever the RAID device is initialized and the drive is absent. 

~BAS

> device, did you use that string your raid0.conf?  The first slot in
> these commands should refer to an explicit device.

Re: Tyan Thunder LE SMP issues

[Brian A. Seklecki]

Why were they given to you? Something wrong with them perhaps.  Try
booting Memtest86+ ISO and let it ride for a while?

Try another kernel from another OS?  Try a non MP kernel?

~BAS

On Wed, 2005-11-16 at 22:01, Lokkju wrote:
> Hey all, hoping someone might be able to point me in some sort of direction...
> 
> I recently was given two BOXX brand 1u servers, both of which are the
> exact same - Tyan Thunder LE 2510 dual proc motherboards, with two
> 867Mhz chips per board, and 4 256MB ram sticks per board.  The rest
> you can get from the dmesg.
> 
> Anyway, I have been trying to get OpenBSD to run on them, and I
> continuously have problems on processor 1 - and no, it does not matter
> WHICH processor is in slot 1.  I usually get an apm error, but
> sometimes I get tcp related, or copyout related, or other errors - all
> ending up with me dumped into ddb.  These are usually "stopped"
> errors, not panics.  In this case, the error is a apm_cpu_idle stopped
> error.
> 
> So, here it goes - the dmesg, the trace on each processor, and the ps
> - as I side note, I can almost always instigate this crash by trying
> to untar something big - especially is I use verbose mode.
> 
> PANIC
> 
> # Stopped at  apm_cpu_idle+0x4a:  leal0xfff4(%ebp),%esp
> ddb{0}> show panic
> the kernel did not panic
> 
> DMESG
> *
> OpenBSD 3.8 (GENERIC.MP) #298: Sat Sep 10 15:51:54 MDT 2005
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
> cpu0: Intel Pentium III ("GenuineIntel" 686-class) 864 MHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,S
> ER,MMX,FXSR,SSE
> real mem  = 1073324032 (1048168K)
> avail mem = 972730368 (949932K)
> using 4278 buffers containing 53768192 bytes (52508K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(00) BIOS, date 10/31/00, BIOS32 rev. 0 @ 0xfdba0
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown, estimated 0:00 hours
> apm0: APM get event: interface not connected (3)
> apm0: APM get event: interface not connected (3)
> apm0: disconnected
> apm0: flags 30102 dobusy 0 doidle 0
> pcibios0 at bios0: rev 2.1 @ 0xf/0x1
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5200/192 (10 entries)
> pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4 SouthBridge" 
> rev
>  0x00)
> pcibios0: PCI bus #0 is the last bus
> bios0: ROM list: 0xc/0x8000 0xc8000/0x1000
> ainbus0: Intel MP Specification (Version 1.4) (AMI  CNB30LE )
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: apic clock running at 132 MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel Pentium III ("GenuineIntel" 686-class) 864 MHz
> cpu1: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,S
> ER,MMX,FXSR,SSE
> mainbus0: bus 0 is type PCI
> mainbus0: bus 1 is type PCI
> mainbus0: bus 2 is type ISA
> ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 16 pins
> ioapic1 at mainbus0: apid 5 pa 0xfec01000, version 11, 16 pins
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06
> pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06
> pci1 at pchb1 bus 1
> vga1 at pci0 dev 1 function 0 "ATI Rage XL" rev 0x27
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> fxp0 at pci0 dev 4 function 0 "Intel 82557" rev 0x08, i82559: apic 5 int 4 
> (irq
>   11), address 00:e0:81:01:cb:ca
> inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
> pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev 0x50
> pciide0 at pci0 dev 15 function 1 "ServerWorks OSB4 IDE" rev 0x00: DMA
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA, 58644MB, 120103200 sectors
> wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
> ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB" rev 0x04: apic 4 
> in
> t 10 (irq 10), version 1.0, legacy support
> usb0 at ohci0: USB revision 1.0
> uhub0 at usb0
> uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
> uhub0: 4 ports with 4 removable, self powered
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pmsi0 at pckbc0 (aux slot)
> pckbc0: using irq 12 for aux slot
> wsmouse0 at pmsi0 mux 0
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0: 
> spkr0 at pcppi0
> sysbeep0 at pcppi0
> npx0 at isa0 port 0xf0/16: using exception 16
> pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> pccom0: console
> pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
> biomask 0 netmask 0 ttymask 0
> pctr: 686-class user-level performance counters enabled
> mtrr: Pentium Pro MTRR support
> dkcsum: wd0 matches BIOS drive 0x80
> root on wd0a
>

Re: OpenBSD 3.8 X.org on Sun Blade 100

[Brian A. Seklecki]

Wait...1280x1024 or 1600x1200 w/ 8MB of RAM?  Is that right? Onboard
video only occupies 8MB?

(II) ATI(0): Using Block 1 MMIO aperture at 0x00426000.
(II) ATI(0): MMIO write caching enabled.
(--) ATI(0): 8192 kB of SDRAM (1:1) detected (using 8191 kB).
(WW) ATI(0): Cannot shadow an accelerated frame buffer.
(II) ATI(0): Engine XCLK 115.000 MHz;  Refresh rate code 10.
(--) ATI(0): Internal programmable clock generator detected.
(--) ATI(0): Reference clock 29.500 MHz.

Try adding "DefaultDepth24"  to your "Screen" section?

It doesn't seem to automatically be picking a modeline.

Xorg/XFree don't shine.

~BAS

On Wed, 2005-11-16 at 18:35, Simon Morgan wrote:
> Hi,
> 
> I have a Sun Blade 100 and have just installed OpenBSD 3.8 on it and so far 
> I'm
> very impressed. NetBSD, the supposed king of multi-platform, doesn't
> even support the keyboard! This is 5 year old hardware!
> 
> Anyway, the problem I'm having is with X.org. Whenever I try and run it my
> monitor spits out an "out of sync" error and the only way (AFAIK to regain a
> usable console is to shutdown the machine and boot it up again. Depending
> on the settings I use I'll either get a sub-error bitching about the 
> frequencies
> or about the resolution (it complains that it's "> 1280x1024", which it 
> isn't).
> 
> I've trawled the mailing list archives and tried all the suggestions (mainly
> setting reference_clock) to no avail and was hoping that somebody here who
> knows more about X and/or Sun hardware could offer some insight.
> 
> I've uploaded my xorg.conf and Xorg.0.log to
> http://16hz.net/~simon/SunBlade100/ in the hope that it will be of some use.
> If I've neglected to mention any pertinent information then please do say
> and I'll be happy to give it.
> 
> Many thanks.
> 
> Simon

Re: slightly OT: TCP checksum and RFC conformity

[Tobias Weingartner]

On Thursday, November 17, Andreas Bartelt wrote:
> 
> As much better algorithms for error detection are known and PC 
> performance (and also Internet traffic) has increased a lot since the 
> introduction of TCP - do you think that the original checksum algorithm 
> is still the best choice in terms of a reliability/performance tradeoff?

Nope, it is not.  But that's the reason it's called a "standard".  You
get some good, and some bad with them.  Welcome to the real world...

--Toby.

carp + no ip address on iface (only master can receive acks)

[Alex Strawman]

one small problem with carp and ip-less interfaces..

scenario: you have no ip address bound to each of the real interfaces,
and carp is sharing the one address for you (isp only gives you 1
address).

only the master can craft packets out (assuming this shared carp'ed
address is the external).

ok, now this makes sense, how is the next hop meant to send packets
back? it sends them to the mac address the carp0 is broadcasting,
which the master happily accepts, only to see its not in its state
table, and drops it.

the backup system doesn't get it's acks back..

is there currently a way around this?

i bashed a quick thing to route via the other system (via pfsync
interface), and if the host is down or this box (the backup) becomes a
master, then remove the route and resort back to the default (via the
carp0 interface, which the next hop will now reply too, or should i
say, the carp0 will now accept to/from)

buts thats fair hokey


Alex

Re: Macppc G3 Powerbook - Install Fails

[Sam Vaughan]

On 16/11/2005, at 12:43 PM, Bob Ababurko wrote:

If this is an oldworld (before circa 1988) you cannot boot from a  
cd. Google your model to see if it is.  Otherwise, you could try to  
boot the laptop while pressing cmd+opt+shift+delete to skip the  
first bootable deviceI believe it is something like that.


You may also look into the ramdisk booting method, if your machine  
will not boot off of a cd.


Good Luck,
bob


For what it's worth, OpenBSD will run on a bronze keyboard Powerbook G3
333MHz - the model prior to the first one with Firewire ports.  I had to
try several times to get it to recognise the CD, but I think that was
thanks to a flaky CD drive.  dmesg below.

Sam

[ using 308668 bytes of bsd ELF symbol table ]
console out [ATY,264LTProA]console in [keyboard] ADB found
using parent ATY,LTProParent:: memaddr 8100 size 100, :  
consaddr 8100, : ioaddr 80881000, size 1000: memtag 8800, iotag  
8800: width 1024 linebytes 1024 height 768 depth 8

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights  
reserved.
Copyright (c) 1995-2005 OpenBSD. All rights reserved.  http:// 
www.OpenBSD.org


OpenBSD 3.7 (GENERIC) #225: Sun Mar 20 00:55:39 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/macppc/compile/GENERIC
real mem = 402653184 (393216K)
avail mem = 360964096 (352504K)
using 1254 buffers containing 20131840 bytes of memory
mainbus0 (root)
cpu0 at mainbus0: 750 (Revision 0x8202): 333 MHz: 512KB backside cache
mpcpcibr0 at mainbus0: grackle, Revision 0x40
pci0 at mpcpcibr0 bus 0
pchb0 at pci0 dev 0 function 0 "Motorola MPC106 PCI" rev 0x40
ohci0 at pci0 dev 14 function 0 "AT&T/Lucent USB" rev 0x12: irq 28,  
version 1.0

usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: AT&T/Lucent OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
macobio0 at pci0 dev 16 function 0 "Apple Paddington" rev 0x00
macintr0 at macobio0
zsc0 at macobio0: irq 15,16
zstty0 at zsc0 channel 0
zstty1 at zsc0 channel 1
awacs0 at macobio0: irq 17,8,9 speaker
audio0 at awacs0
adb0 at macobio0 irq 18: via-pmu 3 targets
aed0 at adb0 addr 0: ADB Event device
akbd0 at adb0 addr 2: PowerBook G4 keyboard (Inverted T)
wskbd0 at akbd0 (mux 1 ignored for console): console keyboard
ams0 at adb0 addr 3: EMP trackpad  2-button, 400 dpi
wsmouse0 at ams0 mux 0
abtn0 at adb0 addr 7: brightness/volume/eject buttons
apm0 at adb0: battery flags 0x5, 100% charged
wdc0 at macobio0 irq 13: DMA
wd0 at wdc0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 4645MB, 9514260 sectors
wd0(wdc0:0:0): using BIOS timings, DMA mode 2
mediabay0 at macobio0 irq 29
wdc1 at mediabay0 offset 0x21000 irq 14: DMA
atapiscsi0 at wdc1 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/ 
cdrom removable

cd0(wdc1:0:0): using BIOS timings, DMA mode 2
bm0 at macobio0 irq 42,33: address 00:50:e4:00:af:41
ukphy0 at bm0 phy 0: Generic IEEE 802.3u media interface
ukphy0: OUI 0x080017, model 0x0001, rev. 0
vgafb0 at pci0 dev 17 function 0 "ATI Mach64 LI" rev 0xdc, mmio
wsdisplay0 at vgafb0: console (std, vt100 emulation), using wskbd0
cbb0 at pci0 dev 19 function 0 "Texas Instruments PCI1211 CardBus"  
rev 0x00: irq 22

cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 1 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
bootpath: '/pci/mac-io/[EMAIL PROTECTED]/[EMAIL PROTECTED]/bsd'
boot device: wd0.
root on wd0a
rootdev=0x0 rrootdev=0xb00 rawdev=0xb02

Tyan Thunder LE SMP issues

[Lokkju]

Hey all, hoping someone might be able to point me in some sort of direction...

I recently was given two BOXX brand 1u servers, both of which are the
exact same - Tyan Thunder LE 2510 dual proc motherboards, with two
867Mhz chips per board, and 4 256MB ram sticks per board.  The rest
you can get from the dmesg.

Anyway, I have been trying to get OpenBSD to run on them, and I
continuously have problems on processor 1 - and no, it does not matter
WHICH processor is in slot 1.  I usually get an apm error, but
sometimes I get tcp related, or copyout related, or other errors - all
ending up with me dumped into ddb.  These are usually "stopped"
errors, not panics.  In this case, the error is a apm_cpu_idle stopped
error.

So, here it goes - the dmesg, the trace on each processor, and the ps
- as I side note, I can almost always instigate this crash by trying
to untar something big - especially is I use verbose mode.

PANIC

# Stopped at  apm_cpu_idle+0x4a:  leal0xfff4(%ebp),%esp
ddb{0}> show panic
the kernel did not panic

DMESG
*
OpenBSD 3.8 (GENERIC.MP) #298: Sat Sep 10 15:51:54 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 864 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,S
ER,MMX,FXSR,SSE
real mem  = 1073324032 (1048168K)
avail mem = 972730368 (949932K)
using 4278 buffers containing 53768192 bytes (52508K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 10/31/00, BIOS32 rev. 0 @ 0xfdba0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown, estimated 0:00 hours
apm0: APM get event: interface not connected (3)
apm0: APM get event: interface not connected (3)
apm0: disconnected
apm0: flags 30102 dobusy 0 doidle 0
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5200/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4 SouthBridge" rev
 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000
ainbus0: Intel MP Specification (Version 1.4) (AMI  CNB30LE )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 132 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel Pentium III ("GenuineIntel" 686-class) 864 MHz
cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,S
ER,MMX,FXSR,SSE
mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 2 is type ISA
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 16 pins
ioapic1 at mainbus0: apid 5 pa 0xfec01000, version 11, 16 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06
pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06
pci1 at pchb1 bus 1
vga1 at pci0 dev 1 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp0 at pci0 dev 4 function 0 "Intel 82557" rev 0x08, i82559: apic 5 int 4 (irq
  11), address 00:e0:81:01:cb:ca
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev 0x50
pciide0 at pci0 dev 15 function 1 "ServerWorks OSB4 IDE" rev 0x00: DMA
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 58644MB, 120103200 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB" rev 0x04: apic 4 in
t 10 (irq 10), version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 0 netmask 0 ttymask 0
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
WARNING: / was not properly unmounted
Stopped at  apm_cpu_idle+0x4a:  leal0xfff4(%ebp),%esp

PS
***
db{0}> ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT   COMMAND
  12120  24238  24238  0  7   0x2004006 gzip
  24238  24978  24238  0  3   0x2004086  piperd tar
  24978  14077  24978  0  3   0x2004086  pause  ksh
  14077286  14077   1000  3   0x2004086

Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[Lars Hansson]

On Wed, 2005-11-16 at 01:09 -0800, Ted Walther wrote:
> Ah.  In that case, I'd like to see the following syslog lines:

It's not going to change.

---
Lars Hansson

PPPoE performance test...

[Marco Castillo]

Dear Juuso:
Searching over the internet, I found an e-mail about some performance 
test
you run with PPPoE over OpenBSD. This e-mail is dated Dec 2, 2002. Currently
I'm installing some PPPoE access servers in the headquarters of a client of
mine. This client now is requesting us some performance tests for PPPoE, but
being honest, I can't find an affordable way to configure hundreds and even
thousands of concurrent pppoe client connections for such a test. As I read
in your e-mail, I was wondering if you have a more clever methodology for
doing this that you may share with us.
Any help or enlightment you may give us would be greatly appreciated.

Thank you in advance for your kind reply.

Regards.

Ing. Marco Antonio Castillo
Chief Design Engineer
Van Der Kaaden IT Consulting
Guatemala, Guatemala C.A.
tel: +502 59186971
e-mail: [EMAIL PROTECTED]
sip: [EMAIL PROTECTED]

Re: slightly OT: TCP checksum and RFC conformity

[Damien Miller]

On Thu, 17 Nov 2005, Andreas Bartelt wrote:

As much better algorithms for error detection are known and PC performance 
(and also Internet traffic) has increased a lot since the introduction of TCP 
- do you think that the original checksum algorithm is still the best choice 
in terms of a reliability/performance tradeoff?


If you care about errors creeping in from the link-layer, then you can run 
IPsec AH. Most people don't care, because their link layers are pretty 
good. People with bad link layers tend to implement decent error detection 
and correction there.


E.g.

[EMAIL PROTECTED] djm]$ netstat -sp ip | grep -E '(bad.*checksum|total packets)'
61092730 total packets received
0 bad header checksums

Given that a) stronger mechanisms exist if you want to use them, b) this 
isn't a problem in real life and c) OpenBSD isn't going to make unilateral 
TCP changes that break its ability to speak to everyone else on the 
Internet, you should probably find a different windmill to attack :)


-d

Re: Problems / questions about CARP

[Dag Richards]

try doing a tcpdump -i pfsync0


you should see traffic if not make sure the iface shows something like
this in a ifconfig

pfsync0: flags=41 mtu 1348
pfsync: syncdev: em1 syncpeer: 192.168.10.3 maxupd: 128


also
tcpdump -n -e -ttt -i pflog0
can show hints about where your rules are obeying you without consulting 
the do_what_I_mean bit.




Chad M Stewart wrote:

On Nov 16, 2005, at 3:57 PM, Tobias Walkowiak wrote:

I just set up 2 redundant firewalls that use CARP / pfsync. I ran  
into the

fact that everything works fine but when shutting down the MASTER, the
BACKUP doesn't take over the states of the connections. Is that  
intended or
did I do something wrong? I configured my systems exactly the way  the 
man

pages and tutorials told me and I'm not using ifstated.



Something is wrong.  I've setup such a environment and it works,  state 
passes between the firewalls.  If state is not passing then  something 
is wrong with the configuration.


Search the archives of this list and/or the pf list.

-Chad



What I hoped is that even the whole master can fail without being  
noticed

for the existing sessions.

TIA
--
tobias

Re: slightly OT: TCP checksum and RFC conformity

[chefren]

On 11/17/05 00:39, Andreas Bartelt wrote:


As much better algorithms for error detection are known


What's better? Can those algorithms run with only a few hardware gates at 10Gbit 
speeds too?


> and PC  performance (and also Internet traffic) has increased a lot since the

introduction of TCP


And "internet speed", didn't that increase too? Don't you think there is some 
balance there?


> - do you think that the original checksum algorithm

is still the best choice in terms of a reliability/performance tradeoff?


It's good enough and eh, "compatible", it's clueless to try to develop an 
incompatible version of TCP, that won't be TCP but something else.


+++chefren

Re: Problems / questions about CARP

[Chad M Stewart]

On Nov 16, 2005, at 3:57 PM, Tobias Walkowiak wrote:

I just set up 2 redundant firewalls that use CARP / pfsync. I ran  
into the

fact that everything works fine but when shutting down the MASTER, the
BACKUP doesn't take over the states of the connections. Is that  
intended or
did I do something wrong? I configured my systems exactly the way  
the man

pages and tutorials told me and I'm not using ifstated.


Something is wrong.  I've setup such a environment and it works,  
state passes between the firewalls.  If state is not passing then  
something is wrong with the configuration.


Search the archives of this list and/or the pf list.

-Chad



What I hoped is that even the whole master can fail without being  
noticed

for the existing sessions.

TIA
--
tobias

Re: slightly OT: TCP checksum and RFC conformity

[Andreas Bartelt]

Hi,

Ted Unangst wrote:
...

good luck communicating with other tcp devices after you change your
checksum to md5.  the point is to be fast and catch some errors. 
also, type end-to-end into google.




thanks for the interesting paper. I now understand why it makes sense to 
use a checksum at link layer which catches only "most" errors, because 
not all applications require full protection against random errors. I 
also understand that error detection/error correction is always a 
performance tradeoff, which also depends on the reliability requirements 
and the latency of the connection.


As you know, TCP has been adapted to changing requirements in the past 
via TCP options, which also provide a fallback mechanism. RFC 1146 is 
about alternate TCP checksums (I don't know how good they are), but I've 
found no clues about actual implementations of them. Please tell me, did 
I just search at the wrong places?



2) no - so why not skip TCP checksum calculation at all? (at least for
incoming seqments this wouldn't break a thing besides the RFC itself).



because then you don't detect errors.



That's exactly my point. My basic assumption was that the TCP checksum 
doesn't provide enough protection against random errors. By googling for 
'crc tcp checksum disagree' I've found a paper which seems to confirm this.


The tcp(4) man page says "The TCP protocol provides a reliable, 
flow-controlled, two-way transmission of data." It doesn't say "The TCP 
protocol provides a reliable, ..., only if shit doesn't happen".


As much better algorithms for error detection are known and PC 
performance (and also Internet traffic) has increased a lot since the 
introduction of TCP - do you think that the original checksum algorithm 
is still the best choice in terms of a reliability/performance tradeoff?


regards,
Andreas

OpenBSD 3.8 X.org on Sun Blade 100

[Simon Morgan]

Hi,

I have a Sun Blade 100 and have just installed OpenBSD 3.8 on it and so far I'm
very impressed. NetBSD, the supposed king of multi-platform, doesn't
even support the keyboard! This is 5 year old hardware!

Anyway, the problem I'm having is with X.org. Whenever I try and run it my
monitor spits out an "out of sync" error and the only way (AFAIK to regain a
usable console is to shutdown the machine and boot it up again. Depending
on the settings I use I'll either get a sub-error bitching about the frequencies
or about the resolution (it complains that it's "> 1280x1024", which it isn't).

I've trawled the mailing list archives and tried all the suggestions (mainly
setting reference_clock) to no avail and was hoping that somebody here who
knows more about X and/or Sun hardware could offer some insight.

I've uploaded my xorg.conf and Xorg.0.log to
http://16hz.net/~simon/SunBlade100/ in the hope that it will be of some use.
If I've neglected to mention any pertinent information then please do say
and I'll be happy to give it.

Many thanks.

Simon

Re: slightly OT: TCP checksum and RFC conformity

[Christian Weisgerber]

Andreas Bartelt <[EMAIL PROTECTED]> wrote:

> I was wondering why such a simple checksum algorithm is implemented in 
> TCP. I suppose, it's because of the slow CPU performance many years ago. 
> This algorithm looks so unreliable to me that it even can't protect 
> against some pretty simple errors, which (I suppose) also could occur 

The idea is to protect against lost, duplicated, or reordered
packets.  If the underlying medium suffers from bit errors, the
link layer should handle those.  For example, Ethernet frames include
a 32-bit CRC, which makes it possible to recognize and discard
corrupted packets.

-- 
Christian "naddy" Weisgerber  [EMAIL PROTECTED]

Parallel printing OK - USB printing Fail

[Per-Olov Sjöholm]

Hi

When I used an older server (Dell 400SC + OpenBSD 3.7) I had a parallel port 
on it and a PS level3 compatible printer. A started "lpd" and a printcap like 
the one below worked like a charm. Starting samba picked up this printer for 
use from windows perfectly without any ghostscript stuff or other external 
software.
--snip--
lp|local line printer:\
   :sh:\
   :sf:\
   :lp=/dev/lpa0:sd=/var/spool/output:lf=/var/log/lpd-errs:
--snip--


Now..
My new server (Dell 830 + OpenBSD 3.8) have EXACTLY the same config but no 
parallel port. So the USB connection is instead used between the printer and 
the server. The only thing I have changed is "lpa0" to "ulpt0" 
in /etc/printcap. And this based on the messages in /var/log/messages when I 
plugged in the printer.
--snip--
Nov 16 23:45:15 xanadu /bsd: ulpt0 at uhub3 port 3 configuration 1 interface 0
Nov 16 23:45:15 xanadu /bsd:
Nov 16 23:45:15 xanadu /bsd: ulpt0: Brother HL-5050, rev 2.00/1.00, addr 2, 
iclass 7/1
Nov 16 23:45:15 xanadu /bsd: ulpt0: using bi-directional mode
--snip-- 

I can only see that running "lpq" give me  bunch of messages in queue that 
never comes out on the printer. And it also says "waiting for lp to become 
ready (offline ?)". It Does not matter if I use the "lpc" to enable it. It 
still says that it is offline.



It simply does not work on USB. What man page have I missed to read. Or what 
other thing is it that I don't understand about USB and printing.

Suggestions *very* much appreciated.


Thanks in advance
/Per-Olov
-- 
GPG keyID: 4DB2 83CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

AMD64 - panic: fp_save ipi didn't

[Marshall Midden]

I don't know if the e-mail went out.  The company is trying to "save all 
e-mail" and several days later some of it bounces and some of it just gets 
lost.  Maybe I'm just paranoid.  Anyways, here is a fix needed for dual AMD64.  
(i.e. delete about 9 lines?)
   
  To: [EMAIL PROTECTED]
Subject: panic: fp_save ipi didn't
From: [EMAIL PROTECTED]
Cc: 
Reply-To: [EMAIL PROTECTED]
X-sendbug-version: 3.97
  
>Submitter-Id: net
>Originator: Marshall M. Midden
>Organization: XIOtech.com
>Synopsis: Loop in amd64/fpu.c not long enough.
>Severity: serious
>Priority: medium
>Category: amd64
>Class:  sw-bug
>Release: 3.8
>Environment:
 System  : OpenBSD 3.8
 Architecture: OpenBSD.amd64
 Machine : amd64
>Description:
 Push dual opteron hard with "NetCell SyncRAID(TM) SR5000 R3-5" and
 compiling multiple /usr/ports directories gives panic: fp_save ipi didn't
>How-To-Repeat:
 While running a machine I put together with 2004 August purchased parts
 (current company CTO bought before he left DELL, 15+ months ago, to
 have something to do during his off-time -- which didn't happen due to
 starting here) and it has/had problems when "pushed" hard.
   If the "NetCell SyncRAID(TM) SR5000 R3-5" is not used, it runs fine.
 If it is used for /usr/ports, /usr/src, etc... and one does a "make
 build" in /usr/ports, /usr/ports/devel, ports/x11, and ports/www at
 the same time (with BATCH set, and one has CLEANDEPENDS set when one
 does the make clean before starting), it would crash in less than 10
 minutes. (If only 3 running, it might go for an hour -- presuming you
 keep an eye on it, starting "make -i build" in other directories.)
   Note: started with 3.8, cvs update to current HEAD yesterday, hoping.
   Crash -- panic: fp_save ipi didn't
 --
 The code in /sys/arch/amd64/amd64/fpu.c:
 #ifdef DIAGNOSTIC
   {
spincount++;
if (spincount > 1000) {
 panic("fp_save ipi didn't");
}
   }
 #else
   __splbarrier(); /* XXX replace by generic barrier */
   ;
 #endif
 --
 ***
 I compiled a kernel with DIAGNOSTIC *** NOT *** set, and it has run
 ***
 for over 17 hours in a loop starting/stopping/cleaning/building with
 load average staying typically between 5 and 7.
   I would say (guessing): a) there is something that the PCI raid card is
 doing to hang something for a very long time.  b) The opterons are too
 fast for such a simplistic delay methodology.
   The beast: Luan Li case PC-73SLB, Antec True550EPS12V power supply, ATI
 Radeon 9800 XT AGP, Tyan K8W motherboard, Two AMD opteron 242 @ 1.4 ghz,
 8 dimms of Kingston KRX3200K2 memory (nice heat sinks and ecc), Sondy DVD,
 and 5 port IDE raid controller from NetCell with 5 IDE 160gb western digital
 drives, and from the motherboard 2 IDE - 160gb seagate drives.
   I am spoiled now.  I don't want to give this machine up -- CTO is in India
 for a few more days.  I requested $20K-$25k for building my own toy in next
 years budget -- grumble, knowing it'll be cut, grumble again.
  --
OpenBSD 3.8-current (ARGH) #1: Tue Nov 15 17:24:01 CST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/ARGH
real mem = 3455643648 (3374652K)
avail mem = 2963320832 (2893868K)
using 22937 buffers containing 345772032 bytes (337668K) of memory
mainbus0 (root)
mainbus0: Intel MP Specification (Version 1.4) (TYAN RHAPSODY)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Opteron(tm) Processor 240, 1394.58 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199191600Hz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Opteron(tm) Processor 240, 1394.34 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
mpbios: bus 0 is type PCI   
mpbios: bus 1 is type PCI   
mpbios: bus 2 is type PCI   
mpbios: bus 3 is type PCI   
mpbios: bus 4 is type PCI   
mpbios: bus 5 is type PCI   
mpbios: bus 6 is type ISA   
ioapic0 at mainbus0 apid 2: pa 0x858e7f24, version 11, 24 pins
ioapic1 at mainbus0 apid 3: pa 0x858e7e24, version 11, 4 pins
ioapic2 at mainbus0 apid 4: pa 0x858e7d24, version 11, 4 pins
pci0 at mainbus0 bus 0: c

Re: OT: Quad Ethernet cards feedback on OpenBSD

[Bill]

Back in the summer when I was making this same decision, someone had
gotten some cards in from a vendor to test out... they were the SK
cards and I think they had gotten in a dual and a quad (marvell I am
thinking).  

I ended up going with Intel Pro quads, but since then there has been
talk of those not being right anymore.

I forget who had the cards... I am looking at getting a few more, so I
am interested in the results of this too.



On Wed, 16 Nov 2005 17:13:08 -0500
Daniel Ouellet <[EMAIL PROTECTED]> spake:

> Sorry for this off topic question. Looking at the archive, SK (Henning 
> love them! (;>) is what look likes the best Ethernet cards to use, a few 
> months ago anyway. The network cards are changing so quickly that what 
> was true 6 months ago, may well not be today.
> 
> For quad, can someone confirmed, deny or offer alternative known to work 
> well before I get 12 of them. Hopefully I may be able to fit them into 
> the Sun X2100, but will see.
> 
> Also, any issue to run a minimum of 100 VLan on them? I didn't see issue 
> in the archive, so I take it as been no problem! I don't think of any.
> 
> Any other suggestions is also welcome, I am more concern at the 
> efficiency of the cards as they will be routing and supporting many VLan 
> and PF will in some of the setup use individual VLan firewall 
> configuration, up to 125 in one case. Will see if I can make that work 
> well, not sure of my possible success, but will see...
> 
> Thanks for your time.
> 


-- 

Bill Chmura
Director of Internet Technology
Explosivo ITG
Wolcott, CT

p: 860.621.8693
e: [EMAIL PROTECTED]
w. http://www.explosivo.com

Re: ftp-proxy upgrade instructions

[Moritz Grimm]

Moritz Grimm wrote:
Using the parameter ``-q "(q_med, q_pri)"'' does not result in any error 
message, however, I have no proof whether this works or not. Actually, 

[...]
Hm, and while I'm at it ... how can things like these be properly tested 
and debugged in the first place? Other than making educated guesses with 

[...]

Replying to myself here ... I found out that I can get the rules 
inserted by ftp-proxy with


pfctl -a ftp-proxy/x.y -vvsr

and it looks like the queue statements were accepted. However, the ACKs 
definitely don't end up in q_pri but my default queue (q_def). I 
compared that to what happens when i use "-q q_low", and indeed, 
everything ends up there with only one queue name as the argument.


Now I'm just a bit confused, but at least I know that maybe, in theory, 
it could work the way I want. :-)



Moritz

OT: Quad Ethernet cards feedback on OpenBSD

[Daniel Ouellet]

Sorry for this off topic question. Looking at the archive, SK (Henning 
love them! (;>) is what look likes the best Ethernet cards to use, a few 
months ago anyway. The network cards are changing so quickly that what 
was true 6 months ago, may well not be today.


For quad, can someone confirmed, deny or offer alternative known to work 
well before I get 12 of them. Hopefully I may be able to fit them into 
the Sun X2100, but will see.


Also, any issue to run a minimum of 100 VLan on them? I didn't see issue 
in the archive, so I take it as been no problem! I don't think of any.


Any other suggestions is also welcome, I am more concern at the 
efficiency of the cards as they will be routing and supporting many VLan 
and PF will in some of the setup use individual VLan firewall 
configuration, up to 125 in one case. Will see if I can make that work 
well, not sure of my possible success, but will see...


Thanks for your time.

Re: Problems / questions about CARP

[Eli K. Breen]

I've seen this problem as well, when shutting down to single-user mode, 
the arp on the adapter stays active, yet no IP protocols are usable b/c 
the NIC loses it's IP addresses and then refuses to relinquish control 
of the carp interface to the BACKUP - This is a huge bug IMHO.


You'll also see the following spewed out to the console upon shutting 
down (to Single-User mode), this appears in /var/log/messages and on the 
console of the machine shut down to S.U. mode.


kernel: carp_input: received len 20 < sizeof(struct carp_header)


-E-

Tobias Walkowiak wrote:

I just set up 2 redundant firewalls that use CARP / pfsync. I ran into the
fact that everything works fine but when shutting down the MASTER, the
BACKUP doesn't take over the states of the connections. Is that intended or
did I do something wrong? I configured my systems exactly the way the man
pages and tutorials told me and I'm not using ifstated.

What I hoped is that even the whole master can fail without being noticed
for the existing sessions.

TIA

Re: Filesystem redundancy

[Joachim Schipper]

On Wed, Nov 16, 2005 at 02:01:01PM +0100, Per-Erik Persson wrote:
> AFS would handle your storage in a redundant and distributed way where 
> you "easily" can add and remove a machine.
> But this is not a thing you set up in an afternoon :-)
> People seems to be afraid of it since it's complexity.
> But when the work is done you wonder why people pay huge amounts for NAS 
> and similar things that sometimes doesn't work nearly as good as the 
> glossy brochure promised.
> It scales good but the performance I don't know about.
> 
> A while ago there where some discussions on the list about openafs, has 
> someone written a complete or at least half done installation guide yet?

I am sorry, could you elaborate? I recall, from my last look at OpenAFS,
that there was no way to replicate a live, read-write filesystem in
real time.

It did offer distributed/redundant read-only filesystems, and it seemed
quite easy to add some servers - but I saw no distributed, redundant
read-write filesystems. Am I just stupid? Behind? (Admittedly, the
OpenAFS documentation on the site seems out of date...)

There should be a semi-automatic installation script in the archives,
no more than a week (and probably much less) after 3.8-release came out.

Joachim

Re: ftp-proxy upgrade instructions

[Moritz Grimm]

(Moved from tech@ to misc@)

Camiel Dobbelaar wrote:

ftp-proxy in -current has been replaced with a new one that was previously
called pftpx.


Very nice, thanks! Works as expected and easier to use than the old one.

I have one issue, though, which I cannot seem be able to figure out on 
my own.


Using the parameter ``-q "(q_med, q_pri)"'' does not result in any error 
message, however, I have no proof whether this works or not. Actually, 
my tests suggest that it does not what I want it to do -- my test 
should've shown about 60-70 kb/s in the q_pri queue, but all it got was 
some 1 kb/s trickling from some other states... not a very reliable way 
of testing, though.


Is this supposed to work? If yes, what is the proper syntax?

Hm, and while I'm at it ... how can things like these be properly tested 
and debugged in the first place? Other than making educated guesses with 
pfctl -vvsq or pftop (which doesn't work well with HFSC, so it's no use 
in my case), I have yet to figure out how to find out whether a state is 
using a certain (set of) queue(s) or not.


Any insight appreciated a lot!


Thanks in advance,

Moritz

Re: Booting without keyboard

[Roy Morris]

Jasper Lievisse Adriaanse wrote:


On Wed, 16 Nov 2005 15:03:10 +0100
Mailinglist <[EMAIL PROTECTED]> wrote:

[...]
 

IB4m new to OpenBSD. IB4m reading many articels and howtos over the last 
to weeks.
   


The FAQ is a _very_ good starting point.

Cheers,
Jasper


 


how about this, I thought it was very cool
http://www.weirdnet.nl/openbsd/serial/

Re: RAIDFrame, failed component

[Kurt B. Kaiser]

"Dennis S.Davidoff" <[EMAIL PROTECTED]> writes:

> How to reconfigure RAIDFrame to use another hdd? Earler I have such
> configuration with NON-existent hdd (wd2):
>
> ...
> START disks
> /dev/wd1e
> /dev/wd2e
> ...
>
> Now, I need to replace non-existent wd2e with wd0e. Disklabel for wd0
> identical to wd1e. After reading raidctl(8) I did following:
>
> raidctl -a /dev/wd0e raid0
> raidctl -vF component1 raid0
> raidctl -P raid0
>
> Again after reboot I've got failed ``component1':
>
> # raidctl -vs raid0
> raid0 Components:
>/dev/wd1e: optimal
>   component1: failed
> No spares.

It seems you weren't successful in adding wd0e as a spare.  But if you
were,

raidctl -r /dev/wd0e raid0

to remove it.

Modify your raid0.conf:
START disks
/dev/wd1e
/dev/wd0e
...

raidctl -Rv /dev/wd0e raid0
raidctl -Pv raid0

to reconstruct directly onto wd0e.

I'm not sure what to make of 'component1'.  It's not an explicit
device, did you use that string your raid0.conf?  The first slot in
these commands should refer to an explicit device.

-- 
KBK

Problems / questions about CARP

[Tobias Walkowiak]

I just set up 2 redundant firewalls that use CARP / pfsync. I ran into the
fact that everything works fine but when shutting down the MASTER, the
BACKUP doesn't take over the states of the connections. Is that intended or
did I do something wrong? I configured my systems exactly the way the man
pages and tutorials told me and I'm not using ifstated.

What I hoped is that even the whole master can fail without being noticed
for the existing sessions.

TIA
-- 
tobias

Re: Filesystem redundancy

[Tobias Weingartner]

On Wednesday, November 16, "Will H. Backman" wrote:
> 
> Maybe OpenBSD can merge with OpenVMS, which should be easy given that
> four of the letters are already the same.  OpenVMS has some amazing
> clustering capabilities.

It's actually 5 letters... and if *you* can't even get that
much right, how the *HELL* is such a merge ever going to get
properly done!?!  :)

--Toby.

Re: slightly OT: TCP checksum and RFC conformity

[Ted Unangst]

On 11/16/05, Andreas Bartelt <[EMAIL PROTECTED]> wrote:
> I was wondering why such a simple checksum algorithm is implemented in
> TCP. I suppose, it's because of the slow CPU performance many years ago.

and that's the way the great tcp gods of old said it must be.

> In RFC 1122 I've read that the TCP checksum MUST (the usual caps lock
> problem...) be implemented:

i'm not sure if you're serious or not, but MUST has a particular meaning.

> So I'm wondering why it MUST be calulated:
> is it necessary to implement a checksum in TCP because reliability at
> layer 2 is insufficient in practice? I see only two possible answers to
> this question:
> 1) yes - than it's a very old reliability bug and should be fixed,
> because sooner or later the TCP checksum won't catch a random error
> pattern in a segment. (should it be fixed by always using an alternate
> TCP checksum option, i.e. a MD5 hash? Or by improving layer 2
> reliability in hardware?) [btw, netstat -sp tcp shows me that there
> sometimes are TCP checksum errors - 23 errors in 9 days on a slow DSL link]

good luck communicating with other tcp devices after you change your
checksum to md5.  the point is to be fast and catch some errors. 
also, type end-to-end into google.

> 2) no - so why not skip TCP checksum calculation at all? (at least for
> incoming seqments this wouldn't break a thing besides the RFC itself).

because then you don't detect errors.

Re: Openbsd and vsftpd with virtual users

[Alexandre Anriot]

> Hello,
> 
> I'd like to install vsftpd with virtual users on my openbsd system.
> I read the documentation and at step 2 it says:
> 
> "Step 2) Create a PAM file which uses your new database.
> 
> See the example file vsftpd.pam. It contains two lines:
> auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
> account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
> 
> This tells PAM to authenticate users using our new database. Copy this
> PAM
> file to the PAM directory - typically /etc/pam.d/
> cp vsftpd.pam /etc/pam.d/ftp"
> 
> The problem is that there is no pam.d with OpenBsd.

> I read elsewhere that some people say that ldap could be used but I'd
> like to know if there is a simple way to configure vsftpd with virtual
> users that requires a minimal configuration.

vsftpd's virtual users support is working with pam_userdb or pam_pwdfile
PAM modules, and there's no way to use this feature without PAM.
 
> Also, I'd like to know how to start the server after I installed it
> through the ports because I didn't find so far.

You can launch it either from the command line by calling it (if you
have listen=Yes in the config file) or through inetd with:

ftp stream tcp nowait root ${LOCALBASE}/sbin/vsftpd vsftpd

You can take a look at the documentation for details (run it with TCP
WRAPPERS etc.)

Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[Kurt B. Kaiser]

Nick Holland <[EMAIL PROTECTED]> writes:

>>'adjusting local clock rate to compensate XXs offset"
>   12345678901234567890123456789012345678901234567890
> Oh, come on.

[...]

> Log entries should be clear and short:
>
>  1 2 3 4 5 6 7
> 1234567890123456789012345678901234567890123456789012345678901234567890
> Nov 15 16:16:16 fluffy ntpd[18366]: adjusting local clock by -0.137358s

And fit on one line when possible.  Excellent point.

> fits nicely in an 80 col screen (and my 72 char message width).  Now,
> let's look at yours:
>
> Nov 15 16:16:16 fluffy ntpd[18366]: adjusting local clock rate to
> compensate -0.137358s offset
>
> Whoopsie, you wrapped.  Your wording sucks, too.  You convey no more
> info, just as confusing, and you made the message WORSE on at least two
> separate ways.   BT.  You lose.

 1 2 3 4 5 6 7
123456789012345678901234567890123456789012345678901234567890123456789012
Nov 15 16:16:16 fluffy ntpd[18366]: adj rate to reduce -0.137358s offset

The key word here is 'rate'.  The current msg implies adjusting the time.

That was one of the flaws in the original ntpd, it would step the time
frequently in response to server jitter, often overshot and stepped back
in the opposite direction after a bit.  Time wasn't monotonic, and what
showed up in the log files was time steps.

The new implementation is much better.  Thanks, Henning!

> If there is something worse than the general level of illiteracy in the
> computer industry, it has to be the people PRETENDING to be
> sophisticated in human communications who are actually quite inept at
> it.  "Discussions" like this one go so far to demonstrate this...
>
> Nick.
> (doing my darnedest to prove my own point)

:-)

-- 
KBK

Jim. I think he twitched!

Re: problem with dynamic linking on amd64 or expected behaviour?

[Eric Faurot]

oops, I might have spoken a bit too quick: I didn't see the recent ld.so changes
and I didn't realize my amd64 snapshot was so old. I'll try with a
more recent one.

Sorry for the noise.

Eric.

Re: Booting without keyboard

[Jasper Lievisse Adriaanse]

On Wed, 16 Nov 2005 15:03:10 +0100
Mailinglist <[EMAIL PROTECTED]> wrote:

[...]
> IB4m new to OpenBSD. IB4m reading many articels and howtos over the last 
> to weeks.
The FAQ is a _very_ good starting point.

Cheers,
Jasper


-- 
"Security is decided by quality" -- Theo de Raadt

Re: OpenBSD 3.8, booting ERR M

[horst bernatzki]

hi

try an different start point of the cyls in fdisk, 1 (or 10 instead of 0).

i fixed that problem also with an different boot loader, GAG in my case, after 
the 
ERR-boot-phenomen.

cheers
horst



On Mon, 14 Nov 2005 23:42:03 +0100
pizeta <[EMAIL PROTECTED]> wrote:

> Hi, i'm not english but i hope you'll understand
> 
> the problem is: ERR M when booting, but let's start from beginning
> 
> I have a pii 350MHz, 4Gb hard disk and i want to install openbsd 3.8, so i
> created a boot cd, followed the instruction and everthing was fine with this
> settings:
> entire disk for openbsd
> wd0a 100M /
> wd0b 150M swap
> wd0d 200M /tmp
> wd0e 300M /var
> wd0f 2G /usr
> wd0g remaining /home
> installation from ftp with
> bsd
> bsd.rd
> base38.tgz
> etc38.tgz
> comp38.tgz
> man38.tgz
> misc38.tgz
> i selected no x server
> 
> Once finished the installation "he" suggested me to type halt and reboot from
> hd:
> 
> Using drive 0, partition3;
> Loading...
> ERR M
> 
> i read a topic like this so i tried:
> 
> # mount /dev/wd0a /mnt
> # mount /dev/wd0f /mnt/usr
> (this isn't really necessary because when i mount wd0a i see /usr mounted too,
> maybe just because they are on the same partition with different labels)
> # rm -rf /mnt/boot
> # cp /mnt/usr/mdec/boot /mnt/boot
> # /mnt/usr/mdec/installboot -v /mnt/boot /mnt/usr/mdec/biosboot wd0
> 
> the output was:
> 
> boot: /mnt/boot
> proto: /usr/mdec/biosboot
> device: /dev/rwd0c
> /usr/mdec/biosboot: entry point 0
> proto bootblock size 512
> /mnt/boot is 3 blocks x 12384 bytes
> fs block shift 2; part offset 63; inode block 24; offset 1576
> using MBR partition 3: type 166 (0xa6) offset 63 (0x3f)
> 
> 
> booting and holding shift:
> !Using drive 0, partition 3;
> !Loading;...
> ERR M
> 
> 
> if i type
> boot> boot hd0a:/bsd
> booting hd0a:/bsd: \
> and nothing appens
> 
> boot> machine diskinfo
> Disk   BIOS#Type   CylsHeads   Secs  Flags  Checksum
> fd00x0 *none*80   2   18  0x4 0x0
> hd0   0x00   label524 255   63  0x2
> 0xcada9542
> cd0   0x9flabel0 0   00xa 0x0
> 
> 
> don't know what to do
> 
> [demime 1.01d removed an attachment of type application/pgp-signature]

Do you have any solutions to the following problem

[Sathurappanaicker, Sathees - ETA CTR]

Unable to open character set file 8859-1! Unable to open font width file
Courier! Unable to open font width file Courier-Bold! Unable to open
font width file Courier-Oblique! Unable to open font width file
Courier-BoldOblique! Unable to open font width file Times-Roman! Unable
to open font width file Times-Bold! Unable to open font width file
Times-Italic! Unable to open font width file Times-BoldItalic! Unable to
open font width file Helvetica! Unable to open font width file
Helvetica-Bold! Unable to open font width file Helvetica-Oblique! Unable
to open font width file Helvetica-BoldOblique! Unable to open font width
file Symbol! Unable to open font width file Symbol! Unable to open font
width file Symbol! Unable to open font width file Symbol!



Please send reply if you had the answer

problem with dynamic linking on amd64 or expected behaviour?

[Eric Faurot]

Hi,

I am stuck on the following dynamic linking problem: python-expat has
a pyexpat.so module that contains a complete expat implementation
(1.95.8). Now there is the _cairo.so python that depends on
libcairo.so and libfreetype.so (found in /usr/X11R6/lib) which in turn
is linked to /usr/X11R6/lib/libexpat.so.5.0 (1.95.6). With python on
amd64...

>>> import pyexpat; import cairo

... seems to work (maybe not for long though), but...

>>> import cairo; import pyexpat

... segfaults during pyexpat importation, because pyexpat init code
calls an XML_* function that is resolved in libexpat.so.5.0 (dlopen-ed
by cairo.so) instead of pyexpat.so.

The funny thing is that problem does not happen on powerpc. So, I
suspect that this is a "feature" of the dynamic linker, using a wrong
search path for symbols on amd64. I have tried to investigate a bit
but I am not knowledgeable enough about the linking business. Anyway,
I have traced of the ld.so activity for the different cases: (names
are --)

http://ekyo.nerim.net/openbsd/

The segfault happens at pyexpat.c:1970 "MYCONST(XML_ERROR_UNBOUND_PREFIX);".
XML_ErrorString() returns NULL in /usr/X11R6/lib/libexpat.so.5.0,
crashing strlen later.

Eric.

Re: Filesystem redundancy

[Will H. Backman]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Marco Peereboom
> Sent: Wednesday, November 16, 2005 11:41 AM
> To: knitti
> Cc: Julian Smith; misc@openbsd.org
> Subject: Re: Filesystem redundancy
> 
> This is actually pretty common believe it or not.  This does not
> provide filesystem redundancy though.  What this provides is a
> mechanism to have multiple servers to touch the same disks.  There
> clearly is some danger here since you can't have multiple machines
> touching the same filesystem.  So what people tend to do is have some
> sort of monitoring application check if the other machine is still
> up; when it dies it simply takes over the filesystem from the failed
> machine.
> 
> There is even an opensource product called "Fail Safe" that provides
> the monitoring app functionality.  Last time I used it, it wasn't
> very robust but it did have all the required knobs to make such a
> thing work.
> 
> /marco
> 
> On Nov 16, 2005, at 7:35 AM, knitti wrote:
> 
> > There are SCSI enclosures with the ability to connect to two
different
> > SCSI buses, so they can be accessed from two different machines.
> >  I _think_ the SCSI architecture could allow more than one host
> > adapter on a bus. _But_ I never heard someone did this. I presume it
> > would also depend on the host adapter and the driver.
> >
> >
> > --knitti

Maybe OpenBSD can merge with OpenVMS, which should be easy given that
four of the letters are already the same.  OpenVMS has some amazing
clustering capabilities.

Re: Filesystem redundancy

[Marco Peereboom]

This is actually pretty common believe it or not.  This does not  
provide filesystem redundancy though.  What this provides is a  
mechanism to have multiple servers to touch the same disks.  There  
clearly is some danger here since you can't have multiple machines  
touching the same filesystem.  So what people tend to do is have some  
sort of monitoring application check if the other machine is still  
up; when it dies it simply takes over the filesystem from the failed  
machine.


There is even an opensource product called "Fail Safe" that provides  
the monitoring app functionality.  Last time I used it, it wasn't  
very robust but it did have all the required knobs to make such a  
thing work.


/marco

On Nov 16, 2005, at 7:35 AM, knitti wrote:


There are SCSI enclosures with the ability to connect to two different
SCSI buses, so they can be accessed from two different machines.
 I _think_ the SCSI architecture could allow more than one host
adapter on a bus. _But_ I never heard someone did this. I presume it
would also depend on the host adapter and the driver.


--knitti

Re: OpenBSD 3.8 & Bugzilla - does anyone have this running ok?

[Trystan Negus]

Thanks - that page looks like a good place to start. It'll be useful 
stuff to know about anyway - I'll start reading.


Much appreciated

Trystan

Alexander Farber wrote:

IMHO when you get situations like this:

On 11/16/05, Trystan Negus <[EMAIL PROTECTED]> wrote:
  

Symptom: Using a browser, configuration pages occasionally (1 in 5
refreshes, more or less) return an error 500 page, coupled with
'Premature end of script headers' error in Apache's error log. No errors
in /var/log/messages. Refresh the page, and all works fineuntil a
number of refreshes (or config page links) later.



then you have to ensure that you have just 1 Apache child running
(httpd -X) before you start further debugging/troubleshooting:
http://perl.apache.org/docs/1.0/guide/debug.html

Re: pre defined macro

[Will H. Backman]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> David fire
> Sent: Wednesday, November 16, 2005 10:29 AM
> To: misc@openbsd.org
> Subject: pre defined macro
> 
> hi
> i almost finish my network the only think i need to finish is a way to
> tell
> to PF what it the default gateway
> look:
> pass in on $int_if route-to \
> ($ext_if1 """defualt gateway ) from $lan_net to any keep state
> how i can tell that to the pf 
> thanks
> David

I think you are talking about the "egress" group.  I think 3.8 puts any
interface that connects to a default route into that group.

Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[Spruell, Darren-Perot]

From: Ted Walther [mailto:[EMAIL PROTECTED]
> On Wed, Nov 16, 2005 at 08:51:12AM +0100, Otto Moerbeek wrote:
> >This "adujsting by" information is not available to ntpd. ntpd
> >requests an adjustment using the adjtim(2) system call. The argument
> >is the actual offset. It is up to the kernel to decide how fast the
> >adjustment will be done. 
> 
> Ah.  In that case, I'd like to see the following syslog lines:
> 
> Tue Nov 15 20:31:33 NTPD clock is 60.000356s behind, calling adjtim()
> ...
> Tue Nov 15 22:48:33 NTPD clock is 1.001856s ahead, calling adjtim()

And I'd like a gold-plated commode.

What gives anyone the impression that things like this are up for public
input and democratic vote?

This is one of the stupidest points that has ever been brought to the list. 

Live with the log message. It's functional as it is. It's been working for
months. It was unclear to one guy who couldn't grok what it was trying to
say. 

Don't make stupid suggestions as to what you'd like it to aesthetically
appear as. Especially when you don't understand the implications of what
you're asking for.

And if you don't like it, feel free to edit the source code and compile your
way to happiness.

DS

pre defined macro

[David fire]

hi
i almost finish my network the only think i need to finish is a way to tell
to PF what it the default gateway
look:
pass in on $int_if route-to \
($ext_if1 """defualt gateway ) from $lan_net to any keep state
how i can tell that to the pf 
thanks
David

Re: Filesystem redundancy

[Martin Schröder]

On 2005-11-16 11:08:51 +, Julian Smith wrote:
> One way of handling this would be to write a filesystem that copies the
> contents of modified files over a network before close() returns. That
> way, as long as a SMTP server (say) checks the return from close()
> before telling the sender that it has received everything ok, we can
> avoid any single point of failure. If the data is copied to all the
> other machines in a CARP `family', then we should end up with perfectly
> syncronised machines, each of which can take over at any time. The
> obvious downside is potential speed problems.

Check out DRBD. Remote, shared RAID1. Sadly, it's Linux only.

Best
Martin
-- 
http://www.tm.oneiros.de

Re: OpenBSD 3.8 and IPA

[MK]

Hello again

I wrote to the author of IPA - Andrey Simonenko and described him our 
problem. He answered that he is currently working on new version of IPA.
To solve problem quickly he has released a patch which modify IPA 1.3.6 to 
work in OpenBSD 3.8. I tried it and it works. According to Andrey the 
problem is caused by new format of PF rule which now has two bytes and 
packet counters - one for original direction of packet and another one for 
reverse direction. Which could be probably use in future to measure outgoing 
and incoming traffic separatelly in one rule where is keep state statement.

The patch now sums both directions so it works as before.
I placed the patch to my site, you can download it from: 
http://www.kubikcz.net/ipa-1.3.6.diff ( in the diff is maybe wrong line, I 
used line 176 instead of 173 and file has been patched successfuly )


Finally I'd like to thanks to Andrey very much for his great work.

MK

- Original Message - 
From: "Spruell, Darren-Perot" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, November 15, 2005 11:52 PM
Subject: Re: OpenBSD 3.8 and IPA



From: MK [mailto:[EMAIL PROTECTED]

worked fine. But now in OpenBSD 3.8 it seems that IPA doesn't work
correctly. I can compile it, run it but the IPA can't see any
traffic. I
have same config file as before. I think that something had
to change in new
version of OpenBSD so IPA can't extract traffic from pf
rules.


I've noticed the same issue. Mine was on a snapshot several weeks ago
(3.8-current).

The IPA accounting rules just show 0, even when the rule counters 
increment

for monitored pf rules.

DS

RAIDFrame, failed component

[Dennis S.Davidoff]

Hi all.

How to reconfigure RAIDFrame to use another hdd? Earler I have such
configuration with NON-existent hdd (wd2):

...
START disks
/dev/wd1e
/dev/wd2e
...

Now, I need to replace non-existent wd2e with wd0e. Disklabel for wd0
identical to wd1e. After reading raidctl(8) I did following:

raidctl -a /dev/wd0e raid0
raidctl -vF component1 raid0
raidctl -P raid0

Again after reboot I've got failed ``component1':

# raidctl -vs raid0
raid0 Components:
   /dev/wd1e: optimal
  component1: failed
No spares.
Component label for /dev/wd1e:
   Row: 0, Column: 0, Num Rows: 1, Num Columns: 2
   Version: 2, Serial Number: 777, Mod Counter: 329
   Clean: No, Status: 0
   sectPerSU: 128, SUsPerPU: 1, SUsPerRU: 1
   Queue size: 100, blocksize: 512, numBlocks: 156038272
   RAID Level: 1
   Autoconfig: Yes
   Root partition: Yes
   Last configured as: raid0
component1 status is: failed.  Skipping label.
Parity status: DIRTY
Reconstruction is 100% complete.
Parity Re-write is 100% complete.
Copyback is 100% complete.
#

What's wrong? How to replace invalid component wd2e with wd0e?
Thanks for any advice.

-- 
Sincerely,
Dennis

Openbsd and vsftpd with virtual users

[Mikael Jirari]

Hello,

I'd like to install vsftpd with virtual users on my openbsd system.
I read the documentation and at step 2 it says:

"Step 2) Create a PAM file which uses your new database.

See the example file vsftpd.pam. It contains two lines:
auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd_login

This tells PAM to authenticate users using our new database. Copy this
PAM
file to the PAM directory - typically /etc/pam.d/
cp vsftpd.pam /etc/pam.d/ftp"

The problem is that there is no pam.d with OpenBsd.

I read elsewhere that some people say that ldap could be used but I'd
like to know if there is a simple way to configure vsftpd with virtual
users that requires a minimal configuration.

Also, I'd like to know how to start the server after I installed it
through the ports because I didn't find so far.

Thanx

Re: Booting without keyboard

[Mailinglist]

Jasper Lievisse Adriaanse schrieb:


On Wed, 16 Nov 2005 15:03:10 +0100
Mailinglist <[EMAIL PROTECTED]> wrote:

[...]
 

IB4m new to OpenBSD. IB4m reading many articels and howtos over the last 
to weeks.
   


The FAQ is a _very_ good starting point.

Cheers,
Jasper


 


Im reading _and_ the FAQ too

slightly OT: TCP checksum and RFC conformity

[Andreas Bartelt]

Hi all,

I was wondering why such a simple checksum algorithm is implemented in 
TCP. I suppose, it's because of the slow CPU performance many years ago. 
This algorithm looks so unreliable to me that it even can't protect 
against some pretty simple errors, which (I suppose) also could occur 
randomly (but obviously very seldomly in practice).


In RFC 1122 I've read that the TCP checksum MUST (the usual caps lock 
problem...) be implemented:

...
4.2.2.7 TCP Checksum: RFC-793 Section 3.1

Unlike the UDP checksum (see Section 4.1.3.4), the TCP checksum is 
never optional. The sender MUST generate it and the receiver MUST check it.

...

So I'm wondering why it MUST be calulated:
is it necessary to implement a checksum in TCP because reliability at 
layer 2 is insufficient in practice? I see only two possible answers to 
this question:
1) yes - than it's a very old reliability bug and should be fixed, 
because sooner or later the TCP checksum won't catch a random error 
pattern in a segment. (should it be fixed by always using an alternate 
TCP checksum option, i.e. a MD5 hash? Or by improving layer 2 
reliability in hardware?) [btw, netstat -sp tcp shows me that there 
sometimes are TCP checksum errors - 23 errors in 9 days on a slow DSL link]
2) no - so why not skip TCP checksum calculation at all? (at least for 
incoming seqments this wouldn't break a thing besides the RFC itself).


I know that some new NICs do checksum calculation in hardware for 
performance reasons, but this has nothing to do with the actual problem 
(if there even is a necessity to calculate a checksum at transport layer).


Please correct me if my assumptions or conclusions are wrong.

regards,
Andreas

Re: carpdev

[Stuart Henderson]

--On 16 November 2005 15:41 +0200, kalkin wrote:


"ifconfig: carpdev bad value"


from  (the page that tells you the 
address of the mailing list)...


"Include important information:
   Don't waste everyone's time with a hopelessly incomplete question. 
No one other than you has the information needed to resolve your 
problem, it is better to provide more information than needed than one 
detail too little. Any question should include at least the version of 
OpenBSD (i.e., "3.2-stable", "3.3-current as of July 20, 2003"). Any 
hardware related questions should mention the platform (i.e., sparc, 
alpha, etc.), and provide a full dmesg(8). Hardware model numbers, 
unfortunately, don't indicate much about the actual content of a 
particular machine or accessory, and are useless to anyone who doesn't 
have that exact machine sitting where they can easily recognize it. The 
dmesg(8) tells us exactly what is IN your machine, not what stickers 
are on the outside."


You might be using an OS version which doesn't have carpdev, but nobody 
can tell you that unless you provide the requested information.

Re: Booting without keyboard

[Mailinglist]

Jasper Lievisse Adriaanse schrieb:


On Tue, 15 Nov 2005 19:34:34 +0100
Mailinglist <[EMAIL PROTECTED]> wrote:

 


Hello List,

can someone tell me how to set up openbsd running without a keyboard?

Thanks!

   


1. Configure your BIOS if necessary;
 


BIOS was configured.


2. Pull the keyboard plug from your computer;
3. Boot OpenBSD.
4. Use a serial console (i.e. for the installation) or SSH to manage your
  computer.
 


I use serial console now. Thanks for help.


Gosh, how hard can that be? And you couldn't even think of that yourself?
 

IB4m new to OpenBSD. IB4m reading many articels and howtos over the last 
to weeks.

Nevertheless I have lacks in handling OpenBSD.
Perhaps I shell figure out my problems better in the future.


Jasper

Sharity-light under OpenBSD 3.8

[Jon Krom]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



Dear all @ misc @ openbsd,

I'm having a problem running Sharity-light under OpenBSD 3.8.

I'm fairly new to this particular BSD variant, so I probably made some
mistakes in configuring the system and/or the application.  I did,
however, search the man-pages, the news groups and google, but to no
avail.  Somewhere I must have overlooked the relevant document, I
suppose.

Just to be clear about the versions: I used OpenBSD 3.8, from the CD
set, and Sharity-light from the ports collection from that same CD set.
Similar, all other related software (e.g. the portmapper) comes from
these CDs or from the ports collection.

The problem is as follows: I try to use Sharity-light (executable:
shlight) to mount a directory from a samba server on a different
computer (named storage), but I get the following error message:

  # shlight //storage/PUBLIC /mnt -n
  error connecting to server: [23] Too many open files in system

It is not 100% clear to me if "system" in this message refers to the
samba server or the local machine.  On the other hand, I can access the
samba server from other platforms (Windows, Linux) without problems and
the samba server itself sees no need to report anything.  I believe
therefore that this error message refers to the local OpenBSD machine.

What did I do wrong ?
Jon
Comment: Processed by Mailcrypt 3.5.6 

iD8DBQFDezeFvPMkaamjV8QRAr3GAKC3uQjGTy7mSQWgz3a8WcQDbpovAwCfSQMx
qCKn6e3oA8sbHyLS2z01o4c=
=w8Cj
-END PGP SIGNATURE-

carpdev

[kalkin]

can any one help me regarding a problem with carp ?
I am trying to configure 2 servers to work with carp for redundancy and 
balance load and when I'm trying to configure carp I'm geting the 
following message:

"ifconfig: carpdev bad value"

I was using the folowing command line:
ifconfig carp0 create
ifconfig carp0 vhid 1 pass xx carpdev re0 x.x.x.1/30

If any one can help me with carp please mail me at [EMAIL PROTECTED]
Best regards,
kalkin

Re: Filesystem redundancy

[knitti]

There are SCSI enclosures with the ability to connect to two different
SCSI buses, so they can be accessed from two different machines.
 I _think_ the SCSI architecture could allow more than one host
adapter on a bus. _But_ I never heard someone did this. I presume it
would also depend on the host adapter and the driver.


--knitti

Re: Filesystem redundancy

[Per-Erik Persson]

AFS would handle your storage in a redundant and distributed way where 
you "easily" can add and remove a machine.

But this is not a thing you set up in an afternoon :-)
People seems to be afraid of it since it's complexity.
But when the work is done you wonder why people pay huge amounts for NAS 
and similar things that sometimes doesn't work nearly as good as the 
glossy brochure promised.

It scales good but the performance I don't know about.

A while ago there where some discussions on the list about openafs, has 
someone written a complete or at least half done installation guide yet?


Julian Smith wrote:


I've been wondering about how to cope with random hardware failures when
data is being received from a WAN and written to local storage. As I
understand it, CARP(4) will enable any one of N machines to handle
incoming requests, so hardware failure of up to N-1 machines will be
handled.

But if each of these machines writes received data (e.g. emails) to a
shared hard drive, then we are back to a single point of failure (if
each machine writes to its own individual hard drive(s) then we end up
with no sharing of data). We can make the drive use RAID, but RAID
controllers can also fail.

One way of handling this would be to write a filesystem that copies the
contents of modified files over a network before close() returns. That
way, as long as a SMTP server (say) checks the return from close()
before telling the sender that it has received everything ok, we can
avoid any single point of failure. If the data is copied to all the
other machines in a CARP `family', then we should end up with perfectly
syncronised machines, each of which can take over at any time. The
obvious downside is potential speed problems.

This has the nice property that the unit of replacement is individual
machines, with no need for complicated and expensive hardware like
Network Addressed Storage/RAID. If something fails, install a fresh
machine, sync its hard drives a few times with one of the other machines
(whose contents will be changing due to incoming data from the WAN),
temporarily turn off the WAN, sync a final time, and restore the WAN.

I've written a simple test library dupfs that does this by intercepting
open() and close() with LD_PRELOAD, using system( "rsync ...") to do the
synronisation, and it works in trivial test cases. Any simple-minded
file-locking by dupfs would lead to deadlock I think, so something else
(CARP?) would have to ensure that only one of a number of machines was
active at any time.

I expected there to be standard solutions to this sort of problem, but I
was unable to find anything which didn't involve expensive hardware.
ISPs seem to accept that they will suffer downtime due to hardware
failure, and occasionally lose emails.

So, am I barking up the wrong tree here? What am I missing?

- Julian

Re: Accounting with "ac" in /etc/monthly

[Jason McIntyre]

On Sun, Nov 13, 2005 at 12:20:31AM -0500, Hugo Villeneuve wrote:
> 
> wtmp is rotated every 7 days by newsyslog. It's the same frequency
> has /etc/weekly but they are totally unrelated events.
> 

oops. thanks for pointing this out.

> If someone wants to use "ac" in /etc/{weekly,monthly}, he _has_ to
> change the wtmp entry in newsyslog.conf.
> 
> The not proper method but the easyest is to make the log rotate an
> hour after the scripts are run. That way you know you have almost
> the right amount of data for "ac" at the time the script is running.
> 
> For weekly something like: $W6D4
> For monthly: $M1D6
> 
> (I did not test. If "ac" is to be run before updatedb in weekly,
> it is easier to guess when it will be run than after updatedb.)
> 

this will work well enough, and i eventually settled on the $W6D4 fix.
see below also..

> The proper method would be to run "ac" at the same time wtmp is
> rotated. (Either weekly/monthly rotates the file or newsyslog runs
> a command to mail an "ac" report.)
> 

this is not so simple. if newsyslog(8) executes ac(8), it will run *after*
truncation, giving a 0.00 accounting time.

if however we ask weekly(8) to truncate wtmp after ac(8) runs, there is
also an issue:

newsyslog -F /var/log/wtmp

would work, but relies on there being an entry for wtmp in
/etc/newsyslog. and if there is, it will be rotated at some other time
anyway.

so i think your first suggestion works best.

thanks again
jmc

Re: Marvell 8053 Based NIC

[Johan M:son Lindman]

On Wednesday 16 November 2005 08.22, you wrote:
> I am attempting an install of OpenBSD 3.8 on a machine with an Marvell
> Yukon 8053 based four port PCIe NIC and am encountering the following error
> (from syslog) Has anyone had luck with this NIC?

1. Entire dmesg please, snippets of dmesgs are not very helpful.
2. Could you please try -current, that way you will see if this problem has 
been fixed recently.
3. If in doubt please read http://www.openbsd.org/report.html


Regards
Johan M:son Lindman

Re: OpenBSD 3.8, booting ERR M

[Nick Holland]

pizeta wrote:
...
> Once finished the installation "he" suggested me to type halt and reboot from
> hd:
> 
> Using drive 0, partition3;
> Loading...
> ERR M

yikes.  This morning, I responded to a similar message, said this kind
of problem almost never happens anymore...and after hitting "SEND", see
ANOTHER "ERR M" message.

> i read a topic like this so i tried:
> 
> # mount /dev/wd0a /mnt
> # mount /dev/wd0f /mnt/usr
> (this isn't really necessary because when i mount wd0a i see /usr mounted too,
> maybe just because they are on the same partition with different labels)

that needs elaboration.
You said you had a separate /usr partition, so it would need to be
explicitly mounted.  Something isn't right here...show us what you are
seeing, rather than summarizing it for us...

> # rm -rf /mnt/boot
> # cp /mnt/usr/mdec/boot /mnt/boot
> # /mnt/usr/mdec/installboot -v /mnt/boot /mnt/usr/mdec/biosboot wd0

yep, proper process, HOWEVER this *is* what happened during the install,
since it failed there, something is going seriously wrong.  Repeating it
will most likely result in the same thing going wrong.

> the output was:
> 
> boot: /mnt/boot
> proto: /usr/mdec/biosboot
> device: /dev/rwd0c
> /usr/mdec/biosboot: entry point 0
> proto bootblock size 512
> /mnt/boot is 3 blocks x 12384 bytes

I'm hoping you mistyped that "12384" manually.  SHOULD be 16384. :)

> fs block shift 2; part offset 63; inode block 24; offset 1576
> using MBR partition 3: type 166 (0xa6) offset 63 (0x3f)
> 
> 
> booting and holding shift:
> !Using drive 0, partition 3;
> !Loading;...
> ERR M

you certainly follwed the instructions. :)


> 
> if i type
> boot> boot hd0a:/bsd
> booting hd0a:/bsd: \
> and nothing appens

ouch.  That's bad.  Problem is bigger than boot blocks, then.

> boot> machine diskinfo
> Disk   BIOS#Type   CylsHeads   Secs  Flags  Checksum
> fd00x0 *none*80   2   18  0x4 0x0
> hd0   0x00   label524 255   63  0x2
> 0xcada9542
> cd0   0x9flabel0 0   00xa 0x0
> 
> 
> don't know what to do
> 
> [demime 1.01d removed an attachment of type application/pgp-signature]


Were it me, I'd start with a whole different computer -- new disk, new
computer, everything different.  I think you have a broken computer, but
I can't say for sure how.  Assuming the other machine works (if it
doesn't, I think you are making a subtle error, but I sure can't tell
what it is at the moment...)

Assuming the other machine works, move the HD from the working machine
to the non-working machine, see if that works.  If that does, try
reinstalling it.  I'm guessing you have a bad hard disk, but there is
always the possibility of a BIOS incompatability that has escaped
thousands of computers of testing so far.  Speaking of which, might be
worth trying to get a BIOS upgrade for your machine...

Nick.

Filesystem redundancy

[Julian Smith]

I've been wondering about how to cope with random hardware failures when
data is being received from a WAN and written to local storage. As I
understand it, CARP(4) will enable any one of N machines to handle
incoming requests, so hardware failure of up to N-1 machines will be
handled.

But if each of these machines writes received data (e.g. emails) to a
shared hard drive, then we are back to a single point of failure (if
each machine writes to its own individual hard drive(s) then we end up
with no sharing of data). We can make the drive use RAID, but RAID
controllers can also fail.

One way of handling this would be to write a filesystem that copies the
contents of modified files over a network before close() returns. That
way, as long as a SMTP server (say) checks the return from close()
before telling the sender that it has received everything ok, we can
avoid any single point of failure. If the data is copied to all the
other machines in a CARP `family', then we should end up with perfectly
syncronised machines, each of which can take over at any time. The
obvious downside is potential speed problems.

This has the nice property that the unit of replacement is individual
machines, with no need for complicated and expensive hardware like
Network Addressed Storage/RAID. If something fails, install a fresh
machine, sync its hard drives a few times with one of the other machines
(whose contents will be changing due to incoming data from the WAN),
temporarily turn off the WAN, sync a final time, and restore the WAN.

I've written a simple test library dupfs that does this by intercepting
open() and close() with LD_PRELOAD, using system( "rsync ...") to do the
synronisation, and it works in trivial test cases. Any simple-minded
file-locking by dupfs would lead to deadlock I think, so something else
(CARP?) would have to ensure that only one of a number of machines was
active at any time.

I expected there to be standard solutions to this sort of problem, but I
was unable to find anything which didn't involve expensive hardware.
ISPs seem to accept that they will suffer downtime due to hardware
failure, and occasionally lose emails.

So, am I barking up the wrong tree here? What am I missing?

- Julian

-- 
http://www.op59.net/

Ivanhoe Insider for November 16, 2005

[Webdoctor at Ivanhoe Newswire]

Medical Breakthroughs: Ivanhoe Insider
Reported by Ivanhoe Broadcast News

Click here to search Ivanhoe.com

Premium Content In Archives

  1. Is Wheat Destroying Your Bones?
In-Depth Doctor's Interview
That there is a small but real portion of people with osteoporosis
who have it as a consequence of celiac disease. "The numbers are high
enough to justify screening everybody with osteoporosis for celiac
disease and those patients who have osteoporosis as a result of
celiac disease will improve have their symptoms improves when they go
on a gluten-free diet," explains William Stenson, M.D., a
gastroenterologist at Washington University School of Medicine in St.
Louis. He recommends that people with osteoporosis have one of two
blood tests available for celiac disease. Full News Report>

  * Autism: Causes, and Behavorial and Drug Therapy
Executive Summary
Discovering that your child has autism can be an overwhelming
experience. However, as the number of children with autism has
accelerated, so have the types of therapies being offered. Many focus
on the behavioral aspects of autism disorders, such as drug and
non-drug treatments to ease aggression and increase learning
capacity. As well, strides are being made to address the concerns of
what causes autism -- vaccinations, genetics? Full News Report>

  * Pregnancy and Weight Loss
In-Depth Doctor's Interview
There are three very strong studies that suggest the amount of weight
gained during the pregnancy is the predominant factor of how
successful women are going to be at losing their weight. Oregon
Health & Science University's Jane Harrison-Hohner explains the
attention that should be paid to weight gain at specific points of
pregnancy and proper use of exercise after the baby is born. Full
News Report>

Have a request for special coverage?
Click here to submit it to our editors.

Nov. 16, 2005
News Flashes

Vaccine for Pancreatic Cancer FREE

Sugar for Stress FREE

Antidepressant Cheers SAD Patients FREE

Dogs Good for Your Heart! FREE

Race and Income's Impact on Heart Care FREE

DBIS Home

Click to View the Latest Video Clips

Gas Mask Sensor

More Fuel-Efficient Cars

Hi-Tech Typing

  Premium Content in Archives Please note: Premium articles are only
  available to paid subscribers. Get more information or sign up
  here.

  E-mail a FriendTo stop receiving only the Wednesday Ivanhoe
  Insider, click here. To stop receiving both the Wednesday Ivanhoe
  Insider and the Monday First to Know Bulletin, click here and
  unsubscribe your e-mail address.

  What's New | News Flash | Discussion | Search/Archives | Ivanhoe
  FAQ
  E-mail Medical Alerts! | Our TV Partners | Awards | Useful Links |
  Play It Again, Please

  Contents copyright ) 1995-2005 Ivanhoe Broadcast News, Inc.
  No part of this newsletter may be reproduced without permission.

Re: Macppc G3 Powerbook - Install Fails

[Gaby vanhegan]

On 16 Nov 2005, at 01:43, Bob Ababurko wrote:

> If this is an oldworld (before circa 1988) you cannot boot from a  
> cd. Google your model to see if it is.  Otherwise, you could try to  
> boot the laptop while pressing cmd+opt+shift+delete to skip the  
> first bootable deviceI believe it is something like that.

I think if you hold down the C key whilst booting, it might do it.

Gaby

--
Junkets for bunterish lickspittles since 1998!
[EMAIL PROTECTED]
http://vanhegan.net/sudoku/
http://weblog.vanhegan.net/

Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[Denis Doroshenko]

ahead, behind?.. come on. are syslog messages some kind
of belletristic literature? how about the following?

Tue Nov 15 20:31:33 ntpd adjtime(-60.000356)

i know, the case is actually closed, just kidding :-)

On 11/16/05, Ted Walther <[EMAIL PROTECTED]> wrote:
> I'd like to see the following syslog lines:
>
> Tue Nov 15 20:31:33 NTPD clock is 60.000356s behind, calling adjtim()
> ...
> Tue Nov 15 22:48:33 NTPD clock is 1.001856s ahead, calling adjtim()

Re: Compressed File System

[Joachim Schipper]

On Tue, Nov 15, 2005 at 11:01:30PM -0500, ICMan wrote:
> Hello all,
> 
> Is there any way to create a compressed file system, using gzip or bzip, 
> or some other mechanism?  I have some huge text files that I am working 
> with that compress nicely, but to work with them requires insane amounts 
> of disk.
> 
> Thanks in advance.

Not as far as I know, but there are quite a few editors that will, when
asked nicely, work with compressed files (please note that the 'swap
file' they use is typically not compressed, so it still costs some
space...) And any script-based processing is trivially modified by
putting a gzip pipe in front.

Is there a good reason not just to use gzip/gunzip?

Joachim

Re: OpenBSD 3.8 & Bugzilla - does anyone have this running ok?

[Alexander Farber]

IMHO when you get situations like this:

On 11/16/05, Trystan Negus <[EMAIL PROTECTED]> wrote:
> Symptom: Using a browser, configuration pages occasionally (1 in 5
> refreshes, more or less) return an error 500 page, coupled with
> 'Premature end of script headers' error in Apache's error log. No errors
> in /var/log/messages. Refresh the page, and all works fineuntil a
> number of refreshes (or config page links) later.

then you have to ensure that you have just 1 Apache child running
(httpd -X) before you start further debugging/troubleshooting:
http://perl.apache.org/docs/1.0/guide/debug.html

OpenBSD 3.8 & Bugzilla - does anyone have this running ok?

[Trystan Negus]

Hi. Have a really annoying problem with running Bugzilla (2.18.4 or the 
latest 2.20) on OpenBSD 3.8 - I've already posted to the Mozilla 
webtools group, and the response I received was along the lines of "not 
a bug - never get this with other OSs - probably an OpenBSD problem - 
never tested on that" and replies have now dried up...so I'm hoping 
another OpenBSD user has had the same problems as me: Does anyone have 
Bugzilla working ok on OpenBSD 3.8? Did you get the following error at 
some point, and how did you fix it? Any help gratefully received.


Summary of the problem:

System: 500MHz generic Dell, 320MB, lots of disk space, ethernet, 
OpenBSD 3.8, Bugzilla 2.20 (or 2.18.4 - both exhibit same issue) running 
under non-chrooted Apache + all the required and optional Perl modules 
(a few weren't in the OBSD packages, so had to use the perl package 
system). The system is otherwise as first installed, except for samba & 
mysql packages.


Symptom: Using a browser, configuration pages occasionally (1 in 5 
refreshes, more or less) return an error 500 page, coupled with 
'Premature end of script headers' error in Apache's error log. No errors 
in /var/log/messages. Refresh the page, and all works fineuntil a 
number of refreshes (or config page links) later.


Other stuff: Not using mod_perl; LogLevel Warn is already in httpd.conf. 
Problem only seems to happen if a user is logged in. I briefly thought 
I'd accidentally fixed it - and it does seem to reduce the frequency - 
by inserting syslog calls in prudent places: maybe there's a timing 
issue or maybe it's a red herring. Since reproduction of the error is 
somewhat inconsistent, and my perl knowledge is 0.1 (I can work some 
stuff out, but there's the obvious learning curve), it's a bit difficult 
to find the error.


My next step would be to get a Perl book and throw in a billion trace 
calls, but I was hoping to avoid that!


Cheers,

Trystan

Re: Problem with Flashboot when running make (3.8)

[Simon H]

Thanks Stuart

Stuart Henderson wrote:

--On 15 November 2005 21:33 +, Simon H wrote:


1. Since I'm working off a 3.8 release, is it still necessary to
apply the supplied patches?  (just noticed they're over 2 years old
and tried applying it and it failed on chunk14).


Mine work fine without the patches.


I figured that would be the case considering the age of the patches 
file.  Perhaps djm should update the readme or perhaps modify the 
patches file accordingly?



2. Am I perhaps not getting everything dynamically linked due to
something I'm not doing during the build process?



Yes, that's it. You can confirm this with 'file' on files in your obj 
tree that would normally be statically linked (say, files in /bin).


Checked several files in /bin and they all seemed to be "dynamically 
linked (uses shared libs)"


I was really quite convinced that this was my main problem but now I'm 
not so sure, but then what else could add a requirement for so much 
space?  Unless perhaps all the files aren't dynamically linked, that 
should be.  Is there anyway to check the process or the results further 
to ensure I have what I should have? or to provide stop checks to 
highlight errors happening?



I then copied mk-MINI.conf to /etc


Yeah, my bloop reading the var in the build.sh...Just a typo, it is 
mk-mini.conf


mk-mini.conf (not mk-MINI.conf) if you're using the supplied build.sh. 
(I usually ended up reinstating the now-commented-out 'make release' bit 
as I had problems without it). Haven't built one since 3.7-ish now (I 
try and use large enough flashcards to do a straight install nowadays).


Try building by hand if you can't persuade build.sh to behave.


What kind of problems where you having?  Similar to mine?

I'll probably give that a try, thanks.




One more change I made was to add to more nics into the initial-conf
to suite the 4801's 3 nics.



You don't need all 3 in initial-conf (unless you don't intend to create 
/conf/* on the flashcard).


Unless you want to customise the compiled-in files, you /could/ just use 
flashboot-bindist and save a lot of time. (don't forget if you need some 
extra binaries, you have the option of placing them in /conf/* to be 
copied across, though it's not so tidy that way).


Thanks for the tips...much appreciated!

--
Simon H

Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[Ted Walther]

On Wed, Nov 16, 2005 at 08:51:12AM +0100, Otto Moerbeek wrote:

This "adujsting by" information is not available to ntpd. ntpd
requests an adjustment using the adjtim(2) system call. The argument
is the actual offset. It is up to the kernel to decide how fast the
adjustment will be done. 


Ah.  In that case, I'd like to see the following syslog lines:

Tue Nov 15 20:31:33 NTPD clock is 60.000356s behind, calling adjtim()
...
Tue Nov 15 22:48:33 NTPD clock is 1.001856s ahead, calling adjtim()

Ted

--
 It's not true unless it makes you laugh,   
but you don't understand it until it makes you weep.


Eukleia: Ted Walther
Address: 5690 Pioneer Ave, Burnaby, BC  V5H2X6 (Canada)
Contact: 604-430-4973
Website: http://reactor-core.org/
Puritan: Purity of faith, Purity of doctrine
Puritan: Sola Scriptura, Tota Scriptura

 Love is a sharp sword.  Hold it by the right end.

Compressed File System

[ICMan]

Hello all,

Is there any way to create a compressed file system, using gzip or bzip, 
or some other mechanism?  I have some huge text files that I am working 
with that compress nicely, but to work with them requires insane amounts 
of disk.


Thanks in advance.

Re: Code comprehension

[Otto Moerbeek]

On Wed, 16 Nov 2005, Bruno Carnazzi wrote:

>   Hi All,
> 
> I'm a junior system administrator, working on free operating system
> such as Linux and recently OpenBSD. I really enjoy OpenBSD for its
> simplicity, concisness and security. I've got a small experience of C
> programming, from my studies. I'd like to understand deeply the
> conception of this system, through reading and understanding his code.
> I consider it's a big work, lots of thing to learn. I suppose some
> people already take this way, so I'd like to know if someone has
> advice to give in this way ? Where to start ? A tool from the userland
> ? Directly attack the kernel (!!) or something else ? Prerequisite ?

My advice would be to start in whatever part interests you. Curiosity
will guide you through src. If you are overwhelmed, start by looking
at the more simple programs in userland. Read the man pages of the
command, try to match behaviour to code or vice versa. Study the man
pages of the library and system calls being done. Continue with the
study of the implementation of these. Do not forget that quite some
kernel functions are documented in section 9.

Another way is to watch the cvs mailing list and check what changes
are done to the system. Trying to understand the changes will teach
you a lot.

As for books that might help, there are a few listed on
http://www.openbsd.org/books.html

"The Design and Implementation of the 4.4 BSD Operating System" will
give you the big picture and quite some details as well.

-Otto