alternative for logging pf to syslog

[Daniel E. Hassler]

After reading the Packet Logging Through Syslog section of the pf FAQ 
I decided to try a different approach. Now that it's working (for my 
system and needs) I'm wondering 1) Is it (relatively) safe? 2) Is it 
useful to others? and 3) Did I re-invent something already available I 
missed?

Here's a quick description.

#!/usr/bin/perl -WT
use strict;
#---
#
# pflogger logs to syslog(3), IN REAL TIME, packets logged by pf(4).
# This is done by by invoking tcpdump(8) on the pflog(4) interface
# and piping the output to logger(1).
#
# In effect pflogger is really just the shell command:
#
# (tcpdump -lent -i pflog0 21 | \
#logger -p user.info -t pflogger) /dev/null 21 
#
# but with both tcpdump and logger running as daemon processes, logger 
running
# unprivileged, and no shell process providing glue.
# Once setup even the perl interpreter process running this script is gone.
#
#--

See attachment for full script.

Thanks,

-- 
  _   _   _
   __| | __ _ _ __   | |__   __ _ ___ ___| | ___ _ __
  / _` |/ _` | '_ \  | '_ \ / _` / __/ __| |/ _ \ '__|
 | (_| | (_| | | | | | | | | (_| \__ \__ \ |  __/ |
  \__,_|\__,_|_| |_| |_| |_|\__,_|___/___/_|\___|_|

 [EMAIL PROTECTED]
#!/usr/bin/perl -WT
use strict;
#---
#
# pflogger logs to syslog(3), IN REAL TIME, packets logged by pf(4).
# This is done by by invoking tcpdump(8) on the pflog(4) interface
# and piping the output to logger(1).
#
# In effect pflogger is really just the shell command:
#
# (tcpdump -lent -i pflog0 21 | \
#   logger -p user.info -t pflogger) /dev/null 21 
#
# but with both tcpdump and logger running as daemon processes, logger running
# unprivileged, and no shell process providing glue.
# Once setup even the perl interpreter process running this script is gone.
#
#---
use constant LOGGRP = '_syslogd';  # unprivileged group
use constant LOGUSR = '_syslogd';  # unprivileged user
use constant TCPUSR = '_tcpdump';  # tcpdump unprivileged
use constant PIDFILE = '/var/run/pflogger.pid';# daemon's pidfile
use constant SETSID = 147; # from sys/syscall.h
use constant MAXFD = 1023; # open files hard limit
use constant CDDIR = '/var/empty'; # daemon's directory
use constant DMASK = 0177; # daemon's umask

#use ABSOLUTELY_NOTHING_ELSE# a design goal
#require ABSOLUTELY_NOTHING # a design goal

$ENV{PATH} = '/usr/sbin:/usr/bin';  # taint safe path

if (scalar @ARGV) { die USE: pflogger\nNo arguments!\n; } # USE
if ( $ ) { die pflogger: got root?\n; }  # need root!

my $lgid;
if ( ( $lgid = getgrnam(LOGGRP) )  0 ) { die pflogger: getgrnam: $!\n; }
my $luid;
if ( ( $luid = getpwnam(LOGUSR) )  0 ) { die pflogger: getpwnam: $!\n; }

if ( -e PIDFILE ) {

check_pidfile() or die pflogger: check_pidfile error\n;
}

daemonize() or die pflogger: daemonize error\n;

my $child = open( STDOUT, |- );   # open pipe: parent|child

if ( $child  0 ) { # parent: exec tcpdump

open(STDERR, STDOUT);   # STDERR to child - like shell's 21

# CAUTION: tcpdump needs to run as root to read pflog0.
# Choose tcpdump(8) flags carefully please!
# These flags are not ARGV or config file options by design.
# 
exec( 'tcpdump', '-lent', '-i', 'pflog0' ) or die $!\n;

} elsif ( $child == 0 ) {   # child: exec logger (unprivileged)

# drop privilege - uid last - no more changes after that
# set then check - perl silently ignores set error.
#
$) = $lgid; if ( $) != $lgid ) { exit($!); }# egid
$( = $lgid; if ( $( != $lgid ) { exit($!); }# gid
$ = $luid; if ( $ != $luid ) { exit($!); }# euid
$ = $luid; if ( $ != $luid ) { exit($!); }# uid

exec( 'logger', '-p', 'user.info', '-t', 'pflogger' ) or exit($!);

} elsif  ( $child  0 ) { die open pipe failed: $!\n; }

# /* NOTREACHED */

#---
#   SUBROUTINE DEFINITIONS BELOW
#---
sub check_pidfile() # check for and kill existing process
{
my $rv = 0; # 0 for error, 1 for success
my $err = ;   # diagnostic messages

LCB: {
if ( open(IN, '', PIDFILE) == 0 ) {# open

   

Re: alternative for logging pf to syslog

[Theo de Raadt]

 After reading the Packet Logging Through Syslog section of the pf FAQ 
 I decided to try a different approach. Now that it's working (for my 
 system and needs) I'm wondering 1) Is it (relatively) safe? 2) Is it 
 useful to others? and 3) Did I re-invent something already available I 
 missed?

Well, you have found a great way to slow your machine down when it
hits serious traffic load.

We believe that packet logging via syslog is the wrong method.

That is why pf was redesigned to not use that mechanism of logging
itself, and it instead uses the pflog interface.  See, that way the
low level parts of the system know when someone is actually trying to
get log results, so that we don't waste time pushing them out there.

Re: IDS solution

[edgarz]

Reyk Floeter wrote:

hi,

On Tue, Mar 21, 2006 at 02:50:35PM -0300, Hutger H. wrote:


I've been looking for a consolidated IDS solution that I can deploy in
my network. Snort is really a good option but currently it seems that
they are charging for updates, it that true? I'd like to find out a free
of charge Linux, or BSD, solution that can works as good as snort works
and, rather with some successful deployment cases.




an alternative approach to snort is bro, which uses a bsd-style license.

http://www.bsd-ids.org/

Are you sure about it? Domain not found.



the c++ code is a bit ugly, but the system is very powerful, supports
snort rules and is also supported by most of the hybrid IDS frameworks
(like prelude-ids). bro claims that their own context-based rule
language is even more powerful than the snort stuff.

reyk

Re: ADSL with pppoa (over ATM)

[Simon Slaytor]

My understanding is that to operate in 'full bridge mode' requires pppoe 
support from the provider. Which is where this thread started.


Donald J. Ankney wrote:

Has anybody done this through a full bridge? My Actiontech isn't 
nearly as friendly with it's options...


Simon Slaytor wrote:


Half Bridge mode is your friend here.

Not sure if the D-Link supports this mode however, Google is less 
than helpful. Essentially in half bridge mode the modem handles the 
PPPoA authentication with the ISP, as in NAT mode obtaining an IP 
address from the remote provider as normal. Unlike NAT mode however 
the modem then leases out this exact same IP address to the connected 
ethernet host, thereby presenting the external IP directly to your 
external ethernet port. Finally the modem begins to transparently 
bridge the ADSL/Ethernet connections.


I can vouch for Zoom X3/4 and ADSL Nation X-Modems working in this 
mode without issue.

donation

[Grégoire Welraeds]

following this post
http://undeadly.org/cgi?action=articlesid=20060321034114 I wanted
to make a donation to the openbsd project. Unfortunatly, paypall does
not accept Amex from Belgium. Is there any other way I can make a
donation using this type of card?

TIA
Greg

Re: DRAC vs iLo

[Craig Skinner]

On Wed, Mar 22, 2006 at 08:30:07AM +0100, Srebrenko Sehic wrote:
  Who wins in the OpenBSD world?  DRAC (Dell Remote Admin Card) or iLo
  (HP's Integrated Lights Out)?  We're looking at new servers and are
  wondering if these are worth the cash, or which is the one to go for?
 
 I've never used DRAC, but ILO (the real deal, like in HP360G4) is
 pretty solid. Stay away from the el-cheapo variants found in DL145 and
 the like. You might want to purchase the Advanced pack, since that
 gives you fancy stuff like remote ISO mount from you workstation. I've
 also used Sun's ILOM. HP's is still better IMHO.
 

Real Weasel might be another option:

http://www.realweasel.com/

Re: IDS solution

[Stef K]

On 22/03/06, edgarz [EMAIL PROTECTED] wrote:
 Reyk Floeter wrote:
  hi,
 
  On Tue, Mar 21, 2006 at 02:50:35PM -0300, Hutger H. wrote:
 
 I've been looking for a consolidated IDS solution that I can deploy in
 my network. Snort is really a good option but currently it seems that
 they are charging for updates, it that true? I'd like to find out a free
 of charge Linux, or BSD, solution that can works as good as snort works
 and, rather with some successful deployment cases.
 
 
 
  an alternative approach to snort is bro, which uses a bsd-style license.
 
http://www.bsd-ids.org/
 Are you sure about it? Domain not found.

 
  the c++ code is a bit ugly, but the system is very powerful, supports
  snort rules and is also supported by most of the hybrid IDS frameworks
  (like prelude-ids). bro claims that their own context-based rule
  language is even more powerful than the snort stuff.
 
  reyk



No, the link is http://www.bro-ids.org/

Re: IDS solution

[Huzeyfe Onal]

not bsd-ids.org, try  http://www.bro-ids.org/ address.


On 3/22/06, edgarz [EMAIL PROTECTED] wrote:

 Reyk Floeter wrote:
  hi,
 
  On Tue, Mar 21, 2006 at 02:50:35PM -0300, Hutger H. wrote:
 
 I've been looking for a consolidated IDS solution that I can deploy in
 my network. Snort is really a good option but currently it seems that
 they are charging for updates, it that true? I'd like to find out a free
 of charge Linux, or BSD, solution that can works as good as snort works
 and, rather with some successful deployment cases.
 
 
 
  an alternative approach to snort is bro, which uses a bsd-style license.
 
http://www.bsd-ids.org/
 Are you sure about it? Domain not found.

 
  the c++ code is a bit ugly, but the system is very powerful, supports
  snort rules and is also supported by most of the hybrid IDS frameworks
  (like prelude-ids). bro claims that their own context-based rule
  language is even more powerful than the snort stuff.
 
  reyk




--
Huzeyfe VNAL
---
First Turkish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/catalog/qmail/

[OT] Looking for work in the UK

[Craig Skinner]

Hi list,

I'm actively looking for new employment in the UK.

A few quick points here:

*) 4 years comm OpenBSD/Linux/UNIX expr for an ISP  software house.
*) tech support  sys admin
*) DNS, SMTP, IMAP, POP, FTP, SQL, SSH, backups,
*) web hosting and some php, javascript, html, jsp,
*) scripting with shell, sed, awk, expect,
*) ADSL, SDSL, Leased Lines, colo, servers, desktops, routers,

I think that's enough to say in a public forum.

If anyone would like to contact me off list with anything that you
stumble across, be it perm/temp/contract, that would be great.

I appologise for the off topic nature of this post.

Craig.

RAID label problem?

[Xavier Mertens]

Hi,

I'm busy to set up a box with 2 x 80GB disks in RAID1.
I'm following the procedures found online but, once the RAID is initialized, I 
got the follow error while trying to partition it:

Write new label?: [y]
disklabel: ioctl DIOCWDINFO: No space left on device
disklabel: unable to write label

The RAID is up, consistant:

# raidctl -s raid0
raid0 Components:
   /dev/wd0d: optimal
   /dev/wd1d: optimal
No spares.
Parity status: clean
Reconstruction is 100% complete.
Parity Re-write is 100% complete.
Copyback is 100% complete.

disklabel report the following:

# disklabel -E raid0
disklabel: Can't get bios geometry: Device not configured


Initial label editor (enter '?' for help at any prompt)
 p
device: /dev/rraid0c
type: RAID
disk: raid
label: fictitious
bytes/sector: 512
sectors/track: 128
tracks/cylinder: 8
sectors/cylinder: 1024
cylinders: 156417
total sectors: 160171392
free sectors: 160171392
rpm: 3600


16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
  a: 4358414031416925149  unused  0 0  # Cyl 
1383715*-1809342*
  c: 160171392 0  unused  0 0  # Cyl 0 -156417*

I create my partition, exit with q

Xavier
--
 SELECT * FROM users WHERE clue  0;
0 rows returned

Re: donation

[Kamil Andrusz]

Grigoire Welraeds [EMAIL PROTECTED]:

 following this post
 http://undeadly.org/cgi?action=articlesid=20060321034114 I wanted
 to make a donation to the openbsd project. Unfortunatly, paypall does
 not accept Amex from Belgium. Is there any other way I can make a
 donation using this type of card?
You could try https://https.openbsd.org/cgi-bin/order.eu
and use the Make a Donation field ;)

Regards,
Kamil Andrusz
-- 
It's just a matter of opinion.

Re: ADSL with pppoa (over ATM)

[mike]

On Tue, 21 Mar 2006 20:53:41 +
Simon Slaytor [EMAIL PROTECTED] wrote:

 Half Bridge mode is your friend here.
 
 Not sure if the D-Link supports this mode however, Google is less
 than helpful. Essentially in half bridge mode the modem handles the
 PPPoA authentication with the ISP, as in NAT mode obtaining an IP
 address from the remote provider as normal. Unlike NAT mode however
 the modem then leases out this exact same IP address to the connected
 ethernet host, thereby presenting the external IP directly to your
 external ethernet port. Finally the modem begins to transparently
 bridge the ADSL/Ethernet connections.
 
 I can vouch for Zoom X3/4 and ADSL Nation X-Modems working in this
 mode without issue.
 
 
My Aethra Starbridge-EU works fine in half-bridge, although I had to
set VCI=0 in the modem, whatever that is.

I would much rather have my ext_if assigned the routable ip, and do all
of the nat and rdr from pf :)

Mike

Re: donation

[Wim Vandeputte]

Dear Greg,

 following this post
 http://undeadly.org/cgi?action=articlesid=20060321034114 I wanted
 to make a donation to the openbsd project. Unfortunatly, paypall does
 not accept Amex from Belgium. Is there any other way I can make a
 donation using this type of card?

You are far better off to use the donation button on the international
website run by the Computershop of Calgary:

https://https.openbsd.org/cgi-bin/order

-- 
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=   
https://kd85.com/notforsale.html
 --

Re: telldir(), etc: prevent memory leak

[Joshua Sandbrook]

Just today I found my openbsd server curiously stalled... not completely
dead, could switch consoles, ping it.. but otherwise unresponsive.

Found out that smbd was eating huge amounts of memory, and I put the crash
down to smbd.

I applied ( by hand, patch did not work ) the patches Paul wrote.. and now
smbd is behaving in a more sane fashion, though still seems to be very
slowly climbing in memory useage, though nothing like it was before.

It was climbing at around 1Mb of ram per second before hand, now it is
only using 6mb of ram ( started at 2.7 ish mb of ram ) according to top.

So either there is still some memory leakage in telldir and friends, or
smbd has other memory leaks in it, or this is just normal behaviour for
smbd.

But the patch definately put a stop on the rapid memory consumtion.

Thanks Paul

Re: donation

[Grégoire Welraeds]

this is what I did and it seems it worked.
Thank you.

On 3/22/06, Kamil Andrusz [EMAIL PROTECTED] wrote:
 Grigoire Welraeds [EMAIL PROTECTED]:

  following this post
  http://undeadly.org/cgi?action=articlesid=20060321034114 I wanted
  to make a donation to the openbsd project. Unfortunatly, paypall does
  not accept Amex from Belgium. Is there any other way I can make a
  donation using this type of card?
 You could try https://https.openbsd.org/cgi-bin/order.eu
 and use the Make a Donation field ;)

 Regards,
 Kamil Andrusz
 --
 It's just a matter of opinion.



--
Grigoire Welraeds
--

3.8 iBook G3 XDM fr kbd KDM segfault

[Pailloncy Jean-Gerard]

Hi,

I have installed OpenBSD 3.8 release on my iBook G3 300 MHz 288Gb.
Dual boot with MacOS X.3 and OpenBSD.
I install KDE base  utils.
I setup xorg to use 32 thousand colors for the display and the ATI  
video card.


Problem 1: french kdb in kde
I have a french keyboard. Even by downloading from the net (kind of  
linux) a new keyboard layout which work a little better that the  
release one, I have the key '' in place of '@#', the key back- 
delete do a forward-delete. Pretty annoying.
Not directly an OpenBSD fault, but if anyone has the information, I  
will thank him to guide me.


Problem 2: french kbd in xdm
I try to use xdm, but I do not know how to specify my french  
keyboard. To enter the password with different layout is not easy.


Problem 3: segmentation fault in kdm
Then I try kdm. I get a segfault each time I launch it.

I have attach gdb output and dmesg.
The dmesg is a little strange, there is some king of output mix.

Cordialement,
Jean-Girard Pailloncy

$ gdb /usr/local/bin/kdm
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and  
you are
welcome to change it and/or distribute copies of it under certain  
conditions.

Type show copying to see the conditions.
There is absolutely no warranty for GDB.  Type show warranty for  
details.
This GDB was configured as powerpc-unknown-openbsd3.8...(no  
debugging symbols found)


(gdb) run
Starting program: /usr/local/bin/kdm

Program received signal SIGSEGV, Segmentation fault.
0x2b024f44 in ?? ()
(gdb) bt
#0  0x2b024f44 in ?? ()
#1  0x2b024eb4 in ?? ()
Previous frame identical to this frame (corrupt stack?)

$ dmesg
TA, CD-ROM CR-175, 5AAE SCSI0 5/cdrom removable
cd0(wdc1:0:0): using BIOS timings, DMA mode 2
wdc2 at macobio0 irq 21: DMA
wi0 at macobio0 irq 57:
wi0: Firmware 8.70 variant 1, address 00:30:65:17:87:39
ohci0 at pci1 dev 24 function 0 Apple USB rev 0x00: irq 27, version  
1.0

usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Apple OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ohci1 at pci1 dev 25 function 0 Apple USB rev 0x00: irq 0, version 1.0
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: Apple OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
mpcpcibr2 at mainbus0: uni-north, Revision 0xff
pci2 at mpcpcibr2 bus 0
pchb2 at pci2 dev 11 function 0 Apple Uni-N Eth rev 0x00
gem0 at pci2 dev 15 function 0 Apple GMAC rev 0x00: irq 41, address  
00:0a:27:8d:f6:64

bmtphy0 at gem0 phy 0: BCM5201 10/100 PHY, rev. 2
uhidev0 at uhub0 port 1 configuration 1 interface 0
uhidev0: Logitech Optical USB Mouse, rev 2.00/3.40, addr 2, iclass 3/1
ums0 at uhidev0: 3 buttons and Z dir.
wsmouse1 at ums0 mux 0
bootpath: '/[EMAIL PROTECTED]/[EMAIL PROTECTED]/[EMAIL PROTECTED]/[EMAIL 
PROTECTED]/bsd'
boot device: wd0.
root on wd0a
rootdev=0x0 rrootdev=0xb00 rawdev=0xb02
syncing disks... done
rebooting

[ using 323864 bytes of bsd ELF symbol table ]
console out [ATY,RageM_Lp]console in [keyboard] ADB found
: memaddr 9100 size 100, : consaddr 9100, : ioaddr  
9002, size 2: memtag 8000, iotag 8000: width 800 linebytes  
800 height 600 depth 8

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights  
reserved.
Copyright (c) 1995-2005 OpenBSD. All rights reserved.  http:// 
www.OpenBSD.org


OpenBSD 3.8 (GENERIC) #425: Sat Sep 10 15:49:26 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/macppc/compile/GENERIC
real mem = 301989888 (294912K)
avail mem = 265064448 (258852K)
using 1254 buffers containing 15097856 bytes of memory
mainbus0 (root)
cpu0 at mainbus0: 750 (Revision 0x8300): 299 MHz: 512KB backside cache
memc0 at mainbus0: uni-n
mpcpcibr0 at mainbus0: uni-north, Revision 0xff
pci0 at mpcpcibr0 bus 0
pchb0 at pci0 dev 11 function 0 Apple Uni-N AGP rev 0x00
vgafb0 at pci0 dev 16 function 0 ATI Mach64 LN rev 0x64, mmio
wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation)
mpcpcibr1 at mainbus0: uni-north, Revision 0x0
pci1 at mpcpcibr1 bus 0
pchb1 at pci1 dev 11 function 0 Apple Uni-N rev 0x00
macobio0 at pci1 dev 23 function 0 Apple Keylargo rev 0x02
openpic0 at macobio0: version 0x4614
macgpio0 at macobio0
macgpio1 at macgpio0 irq 47
programmer-switch at macgpio0 not configured
extint-gpio12 at macgpio0 not configured
zsc0 at macobio0: irq 22,50
zstty0 at zsc0 channel 0
zstty1 at zsc0 channel 1
adb0 at macobio0 irq 25: via-pmu , 3 targets
aed0 at adb0 addr 0: ADB Event device
akbd0 at adb0 addr 2: iBook keyboard with inverted T (ISO layout)
wskbd0 at akbd0: console keyboard, using wsdisplay0
ams0 at adb0 addr 3: EMP trackpad tpad 2-button, 400 dpi
wsmouse0 at ams0 mux 0
abtn0 at adb0 addr 7: brightness/volume/eject buttons
apm0 at adb0: battery flags 0x5, 99% charged
ki2c0 at macobio0
wdc0 at macobio0 irq 19: DMA
wd0 at wdc0 channel 0 drive 0: IBM-DARA-212000
wd0: 16-sector PIO, LBA, 11513MB, 23579136 sectors
wd0(wdc0:0:0): 

Re: ADSL with pppoa (over ATM)

[Craig Skinner]

On Wed, Mar 22, 2006 at 04:29:56AM -0600, mike wrote:
  
 My Aethra Starbridge-EU works fine in half-bridge, although I had to
 set VCI=0 in the modem, whatever that is.

You need to set the VPI  VCI, encapsulation  modulation. It is
different for many countries depending on how the telcos deceide to run
their network. See:

http://www.patton.com/support/faqs_detail.asp?id=142
http://www.adslguide.org.uk/qanda.asp?faq=DSLHardware

 
 I would much rather have my ext_if assigned the routable ip, and do all
 of the nat and rdr from pf :)

As you seem to have a static IP on the router's WAN, your ISP will
probably be able to provide a /30 routeable LAN for the asking!

eg: I have 84.19.247.29/32 on the WAN of the router, and 84.19.247.232/29
as a routeable LAN.

remote data backup

[Marco Fretz]

hello

i had a well known problem, but no idea how to build a correct
solution.

we have a lot of linux and bsd servers at our isp. i have to backup data
from these systems to a remote system.

the backup server (storage server) has access to remote systems (data
sources) over ssh and public key auth (a user named backup exists on all
systems). 

my problem, this user has no access to some files
in /etc, /usr/local/etc, and so on. so what to do?

i build a script that runs locally on all system over root cronjob. the
script backs up all data in a tar file on the local machine. 

my problem now i had to transfer the whole tar archive (on some systems
over 8 GB) to my backupserver every day twice (packup period).

is there a way with rdiff-backup to start rdiff-backup on remote machine
with root access (by sudo)?

thanks a lot

regards marco

Re: embedded computers with RS485

[Steve Fairhead]

 anyone knows where i can find embedded computers with RS485 ports on
board, where i can run OBSD? 

 PC/104 CPU boards quite commonly have at least one serial port
switchable from RS-232 to RS-485. Try Googling for +CPU +RS485 +PC104, and
you should find plenty. 

 I was looking for something similar to the Soekris ones, i found some in
www.acrosser.com but they have to much unuseful stuff. Anyway to find
something runable with OBSD in the PC104 world should be a try and error
thing, and to much money to make those tests. 

Understood. You might then consider using a board you're happy with, and
using an external RS-232 to RS-485 converter. It's common to use the modem
control lines (RTS etc) to control the bus state, whether internally or
externally, so should make little difference. It may also give you the
option of an opto-isolated RS-485 bus, which is often a Good Thing in such
cases, and usually essential when routing the bus further than the next
desk.

If I can help further, let me know off-list. We're probably way OT.

HTH,

Steve
http://www.fivetrees.com

Re: remote data backup

[Stuart Henderson]

On 2006/03/22 13:24, Marco Fretz wrote:
 my problem, this user has no access to some files
 in /etc, /usr/local/etc, and so on. so what to do?

Give the user read-access to those files...?

 my problem now i had to transfer the whole tar archive (on some systems
 over 8 GB) to my backupserver every day twice (packup period).

If you're compressing the tar, stop doing that, and give the delta
compression (rsync-type algorithms) a chance to work.

 is there a way with rdiff-backup to start rdiff-backup on remote machine
 with root access (by sudo)?

Yes, see rdiff-backup's manual page ('remote operation' section).

Re: alternative for logging pf to syslog

[Theo de Raadt]

 Isn't the load a function of what I choose to log in pf.conf?

I'm not talking system load.  The logging operation you have created
is expensive.

Re: remote data backup

[Joachim Schipper]

On Wed, Mar 22, 2006 at 01:24:33PM +0100, Marco Fretz wrote:
 hello
 
 i had a well known problem, but no idea how to build a correct
 solution.
 
 we have a lot of linux and bsd servers at our isp. i have to backup data
 from these systems to a remote system.
 
 the backup server (storage server) has access to remote systems (data
 sources) over ssh and public key auth (a user named backup exists on all
 systems). 
 
 my problem, this user has no access to some files
 in /etc, /usr/local/etc, and so on. so what to do?
 
 i build a script that runs locally on all system over root cronjob. the
 script backs up all data in a tar file on the local machine. 
 
 my problem now i had to transfer the whole tar archive (on some systems
 over 8 GB) to my backupserver every day twice (packup period).
 
 is there a way with rdiff-backup to start rdiff-backup on remote machine
 with root access (by sudo)?

Probably, but is the basis of the problem not that the backup user has
insufficient priviliges?

It might be a better solution to use public-key authentication for root,
limited to executing a single command. The rdiff-backup docs seem to
include this solution.

Joachim

Re: remote data backup

[Marco Fretz]

hello

thanks for your answer

may you explain me the thing with the delta compression?

i want to backup some files incremental over ssh with tar. is that
possible? and is it possible to sudo the tar process on the remote
machine?

thanks, best regards
marco

On Wed, 2006-03-22 at 13:06 +, Stuart Henderson wrote:
 On 2006/03/22 13:24, Marco Fretz wrote:
  my problem, this user has no access to some files
  in /etc, /usr/local/etc, and so on. so what to do?
 
 Give the user read-access to those files...?
 
  my problem now i had to transfer the whole tar archive (on some systems
  over 8 GB) to my backupserver every day twice (packup period).
 
 If you're compressing the tar, stop doing that, and give the delta
 compression (rsync-type algorithms) a chance to work.
 
  is there a way with rdiff-backup to start rdiff-backup on remote machine
  with root access (by sudo)?
 
 Yes, see rdiff-backup's manual page ('remote operation' section).

Re: remote data backup

[Craig Skinner]

Marco Fretz wrote:

hello

i build a script that runs locally on all system over root cronjob. the
script backs up all data in a tar file on the local machine. 


my problem now i had to transfer the whole tar archive (on some systems
over 8 GB) to my backupserver every day twice (packup period).



Take a look at rsnapshot in ports, it is probably exactly what you need.

Re: ADSL with pppoa (over ATM)

[Luca Losio]

On 3/22/06, Simon Slaytor [EMAIL PROTECTED] wrote:
 My understanding is that to operate in 'full bridge mode' requires pppoe
 support from the provider. Which is where this thread started.

Not pppoe, but pppoa

Re: remote data backup

[Marco Fretz]

ok =) right. i had some problems that me have the same solution. i need
a backup solution with the following features:

- smallest network traffic
- smallest load on remote machines
- preserved file permissions
- only small configuration on remote machines
- restoring data until 7 days ago (7 day generation)
- root login on remote machines is disabled

is there any solution? =)

i think there have to be a way like this: rdiff-backup over ssh and run
the remote rdiff-backup with sudo. but how?

thanks a lot


On Wed, 2006-03-22 at 14:16 +0100, Joachim Schipper wrote:
 On Wed, Mar 22, 2006 at 01:24:33PM +0100, Marco Fretz wrote:
  hello
  
  i had a well known problem, but no idea how to build a correct
  solution.
  
  we have a lot of linux and bsd servers at our isp. i have to backup data
  from these systems to a remote system.
  
  the backup server (storage server) has access to remote systems (data
  sources) over ssh and public key auth (a user named backup exists on all
  systems). 
  
  my problem, this user has no access to some files
  in /etc, /usr/local/etc, and so on. so what to do?
  
  i build a script that runs locally on all system over root cronjob. the
  script backs up all data in a tar file on the local machine. 
  
  my problem now i had to transfer the whole tar archive (on some systems
  over 8 GB) to my backupserver every day twice (packup period).
  
  is there a way with rdiff-backup to start rdiff-backup on remote machine
  with root access (by sudo)?
 
 Probably, but is the basis of the problem not that the backup user has
 insufficient priviliges?
 
 It might be a better solution to use public-key authentication for root,
 limited to executing a single command. The rdiff-backup docs seem to
 include this solution.
 
   Joachim

Re: remote data backup

[Stuart Henderson]

On 2006/03/22 14:15, Marco Fretz wrote:
 may you explain me the thing with the delta compression?

rsync, rdiff-backup and some other programs use an algorithm which sends
only the differences between files. this is called delta compression.
'delta' refers to the change in value, it's mathematical notation:
http://en.wikipedia.org/wiki/Delta_(letter) 

This is different to what's normally called 'incremental backup' where
you determine which files are updated or new since the last backup, and
store a complete copy of them.

 i want to backup some files incremental over ssh with tar. is that
 possible?

Yes. You can use find(1) to select files changed since the last run
have tar(1) add just those files, outputted to stdout, and pipe it over
an ssh session. This way avoids temporary files on the machine you're
backing up, but if you have large files with small changes it's not
bandwidth-efficient.

$ find /some.dir -newer /tmp/last.backup | tar czf - -I - | ssh some.host cat 
 /tmp/backup.tar.gz  touch /tmp/last.backup

You can have tar(1) create one big uncompressed temporary archive on the
machine being backed up, and rsync it across (by default, this uses ssh).
This obviously uses a lot of space for a temporary file, but possibly
saves bandwidth over the first method.

Or you can use a tool designed for the job, something like rsync or
diff-backup, and not worry about tar files at all.
about tar files at all.

 and is it possible to sudo the tar process on the remote machine?

Yes, of course it is, just be careful how you set everything up so you
don't give full root access without a password.

Re: IDS solution

[Reyk Floeter]

On Wed, Mar 22, 2006 at 10:54:04AM +0100, Huzeyfe Onal wrote:
 not bsd-ids.org, try  http://www.bro-ids.org/ address.
 

yes, sorry for this typo ;)

reyk

Re: remote data backup

[Antoine Jacoutot]

Selon Marco Fretz [EMAIL PROTECTED]:
 ok =) right. i had some problems that me have the same solution. i need
 a backup solution with the following features:

dump(8) via ssh with a user included in the operator group.

Re: remote data backup

[Joachim Schipper]

On Wed, Mar 22, 2006 at 02:46:10PM +0100, Marco Fretz wrote:
 ok =) right. i had some problems that me have the same solution. i need
 a backup solution with the following features:
 
 - smallest network traffic
 - smallest load on remote machines
 - preserved file permissions
 - only small configuration on remote machines
 - restoring data until 7 days ago (7 day generation)
 - root login on remote machines is disabled
 
 is there any solution? =)
 
 i think there have to be a way like this: rdiff-backup over ssh and run
 the remote rdiff-backup with sudo. but how?

There is no solution that satisfies all. For instance, a rsync-based
solution (such as rdiff-backup) typically uses much more CPU (and, to a
lesser extent, memory) than a simpler solution based on tar or dump. On
the other hand, it does use less bandwidth.

On the third hand, though, if you want to write your backups (only) to
an external medium, 'rolling' backups become very problematic. The
'dump' scheme was invented at a time when backups were written to tape,
and is quite good for that purpose.

Additionally, dump-based solutions on most systems can get away with
only having 'operator' priviliges, which is still a lot, but less than
'root'. Rsync will require full root priviliges (via sudo or otherwise)
or a lot of configuration.

As to just running the remote side with sudo, that shouldn't be too
hard. A quick look at the documentation did not suggest this was
possible by setting a configuration flag, but one should be able to
change the source code to work as desired.

Then again, as I proposed upthread, a public key for root which will
only run a single command is probably a better solution.

Joachim

Re: remote data backup

[Joachim Schipper]

On Wed, Mar 22, 2006 at 02:15:58PM +0100, Marco Fretz wrote:
 hello
 
 thanks for your answer
 
 may you explain me the thing with the delta compression?
 
 i want to backup some files incremental over ssh with tar. is that
 possible? and is it possible to sudo the tar process on the remote
 machine?

As pointed out, this is possible. However, as an extra clarification:

Rsync is good at only sending the differences in files. This means rsync
(and, by extension, rdiff-backup) works very well on large files where
little changes.

This is the case for uncompressed tar files - they will differ only in
the files and headers that were actually changed since the last backup.

However, compressed (and, worse, encrypted) tar files are a different
story, as a changed header may cause a 'cascade' effect, changing lots
of bits. In this case, using rsync will amount to a very expensive way
of copying the whole file.

So, if you want to go with rsync-a-tar-file, make sure it is not
compressed or encrypted beforehand. (Though running the rsync protocol
itself over an encrypted link is very, very good idea.)

Joachim

problem with rdiff-backup and permissions

[Marco Fretz]

hello

i involve the following command on my backup server. on the remote
machine i set up backup user in sudoers to allow execute of rdiff-backup
--server without password.

# rdiff-backup -v2 --remote-schema ssh -C %s 'sudo /usr/bin/rdiff-
backup --server' [EMAIL PROTECTED]::/etc test/

after successful backup i made an ls in test/ and noticed that all files
are owned by the user initiated the command (named backup).

why that and what can i do to preserve the permissions?


greets and thanks
 marco

Re: RAID label problem?

[Greg Oster]

Xavier Mertens writes:
 Hi,
 
 I'm busy to set up a box with 2 x 80GB disks in RAID1.
 I'm following the procedures found online but, once the RAID is initialized, 
 I got the follow error while trying to partition it:
 
 Write new label?: [y]
 disklabel: ioctl DIOCWDINFO: No space left on device
 disklabel: unable to write label
 
 The RAID is up, consistant:
 
 # raidctl -s raid0
 raid0 Components:
/dev/wd0d: optimal
/dev/wd1d: optimal
 No spares.
 Parity status: clean
 Reconstruction is 100% complete.
 Parity Re-write is 100% complete.
 Copyback is 100% complete.
 
 disklabel report the following:
 
 # disklabel -E raid0
 disklabel: Can't get bios geometry: Device not configured
  
  
   
 Initial label editor (enter '?' for help at any prompt)
  p
 device: /dev/rraid0c
 type: RAID
 disk: raid
 label: fictitious
 bytes/sector: 512
 sectors/track: 128
 tracks/cylinder: 8
 sectors/cylinder: 1024
 cylinders: 156417
 total sectors: 160171392
 free sectors: 160171392
 rpm: 3600
  
  
   
 16 partitions:
 # sizeoffset  fstype [fsize bsize  cpg]
   a: 4358414031416925149  unused  0 0  # Cyl 1383715*-180
 9342*
   c: 160171392 0  unused  0 0  # Cyl 0 -15641
 7*

435841403 + 1416925149 = 1852766552 which is greater than 160171392
by 1692595160.  If you fix the offset of 'a', I suspect things will 
be happier.

Later...

Greg Oster

Re: RAID label problem?

[Xavier Mertens]

Well, I already tried to create only a small partition:

# disklabel -E raid0
disklabel: Can't get bios geometry: Device not configured


Initial label editor (enter '?' for help at any prompt)
 p
device: /dev/rraid0c
type: RAID
disk: raid
label: fictitious
bytes/sector: 512
sectors/track: 128
tracks/cylinder: 8
sectors/cylinder: 1024
cylinders: 156417
total sectors: 160171392
free sectors: 160171392
rpm: 3600


16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
  a: 4358414031416925149  unused  0 0  # Cyl 
1383715*-1809342*
  c: 160171392 0  unused  0 0  # Cyl 0 -156417*
 d a
 a a
offset: [0]
size: [160171392] 200m
FS type: [4.2BSD]
 p
device: /dev/rraid0c
type: RAID
disk: raid
label: fictitious
bytes/sector: 512
sectors/track: 128
tracks/cylinder: 8
sectors/cylinder: 1024
cylinders: 156417
total sectors: 160171392
free sectors: 159761792
rpm: 3600


16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
  a:409600 0  4.2BSD   2048 16384   16 # Cyl 0 -   399
  c: 160171392 0  unused  0 0  # Cyl 0 -156417*
 q
Write new label?: [y] y
disklabel: ioctl DIOCWDINFO: No space left on device
disklabel: unable to write label
#


Xavier
--
Dear customer, we located the problem...
It's between the keyboard and the chair!

On Wed, 22 Mar 2006, Greg Oster wrote:

 Xavier Mertens writes:
  Hi,
  
  I'm busy to set up a box with 2 x 80GB disks in RAID1.
  I'm following the procedures found online but, once the RAID is 
  initialized, 
  I got the follow error while trying to partition it:
  
  Write new label?: [y]
  disklabel: ioctl DIOCWDINFO: No space left on device
  disklabel: unable to write label
  
  The RAID is up, consistant:
  
  # raidctl -s raid0
  raid0 Components:
 /dev/wd0d: optimal
 /dev/wd1d: optimal
  No spares.
  Parity status: clean
  Reconstruction is 100% complete.
  Parity Re-write is 100% complete.
  Copyback is 100% complete.
  
  disklabel report the following:
  
  # disklabel -E raid0
  disklabel: Can't get bios geometry: Device not configured
  
   
  
   

  Initial label editor (enter '?' for help at any prompt)
   p
  device: /dev/rraid0c
  type: RAID
  disk: raid
  label: fictitious
  bytes/sector: 512
  sectors/track: 128
  tracks/cylinder: 8
  sectors/cylinder: 1024
  cylinders: 156417
  total sectors: 160171392
  free sectors: 160171392
  rpm: 3600
  
   
  
   

  16 partitions:
  # sizeoffset  fstype [fsize bsize  cpg]
a: 4358414031416925149  unused  0 0  # Cyl 
  1383715*-180
  9342*
c: 160171392 0  unused  0 0  # Cyl 0 
  -15641
  7*
 
 435841403 + 1416925149 = 1852766552 which is greater than 160171392
 by 1692595160.  If you fix the offset of 'a', I suspect things will 
 be happier.
 
 Later...
 
 Greg Oster

Re: RAID label problem?

[Otto Moerbeek]

On Wed, 22 Mar 2006, Xavier Mertens wrote:

 16 partitions:
 # sizeoffset  fstype [fsize bsize  cpg]
   a: 4358414031416925149  unused  0 0  # Cyl 
 1383715*-1809342*
   c: 160171392 0  unused  0 0  # Cyl 0 
 -156417*
 
 I create my partition, exit with q
 
 Xavier
 --
  SELECT * FROM users WHERE clue  0;
 0 rows returned

You better run fdisk -i raid0 first. You are seeing the remains
of an old disklabel, probably.

-Otto

dhcp option 82

[Lars Weste]

Hi,

I do not think so, but does the openbsd dhcpd can handle dhcp requests 
that contain that option 82, that can be added by dhcp relays on switches 
to the originating dhcp request from the client.
haven't found anything on that in the manual, so I want to make sure that 
i am right, or better wrong, before exchanging my dhcpd with isc-dhcpd.

cheers
lars

-- 
Echte DSL-Flatrate dauerhaft f|r 0,- Euro*!
Feel free mit GMX DSL! http://www.gmx.net/de/go/dsl

Re: RAID label problem?

[Greg Oster]

Xavier Mertens writes:
 Well, I already tried to create only a small partition:
[snip]
  p
 device: /dev/rraid0c
 type: RAID
 disk: raid
 label: fictitious
 bytes/sector: 512
 sectors/track: 128
 tracks/cylinder: 8
 sectors/cylinder: 1024
 cylinders: 156417
 total sectors: 160171392
 free sectors: 159761792
 rpm: 3600
  
  
   
 16 partitions:
 # sizeoffset  fstype [fsize bsize  cpg]
   a:409600 0  4.2BSD   2048 16384   16 # Cyl 0 -   39
 9
   c: 160171392 0  unused  0 0  # Cyl 0 -15641
 7*
  q
 Write new label?: [y] y
 disklabel: ioctl DIOCWDINFO: No space left on device
 disklabel: unable to write label

What does 'raidctl -s raid0' say?  There are not may places in the 
DIOCWDINFO code path where ENOSPC is returned... but one of them is 
in raidstrategy().

Later...

Greg Oster

Re: Strange pthread/kernel interaction

[Jan Engelhardt]

No. This is as it should be, because -lpthread does threads in *one*
kernel process, so it has to intercept blocking operations so it can
switch to another thread instead, or call select/poll/kevent if
needed, so not all threads hang if *one* executes a blocking
operation.

 How could I help the high CPU usage then? The device driver read
 routine always prematurely exits because IO_NDELAY is set (and
 there's nothing to read - so EWOULDBLOCK is returned).

the real syscall symbols are available as _thread_sys_read and so on.
you'll also need to clear non-blocking with _thread_sys_fcntl.


If I would now use _thread_sys_read and so on, then the main thread
would block (as expected), but due to the implementation, control is
not passed to other threads (because of blocking on _thread_sys_read())
as far as I understand.

It looks like I am not able to do threading and blocking at the same
time, that's where I am stuck.


Jan Engelhardt
-- 
| Software Engineer and Linux/Unix Network Administrator

Free shipping all over the world / Frais de port gratuits

[Abebooks / Enfer.com]

Abebooks.fr/Enfer.com

Free shipping all over the world until the end of March 2006 / En mars 2006,
frais
de port gratuits
Hello,
Until the end of March 2006, FREE SHIPPING for any order placed on
Abebooks/Enfer.com, no
minimum of purchase and for a shipping in maritime economic mode for Europe,
for United States, for
Asia, for Africa, for Australia, finally for the whole world!
Our catalogue has been just updated on Abebooks, you can consult it entirely
while clicking HERE or
on the headings below to find the book youre looking for, more than 1700
titles on line:

Bonjour,
En mars 2006, FRAIS DE PORT GRATUITS pour toute commande passie sur
Abebooks/Enfer.com,
sans minimum d'achat et pour un envoi en mode iconomique maritime `
destination de l'Europe, des
Etats Unis, de lAsie, de lAustralie, dAfrique , enfin dans le monde
entier!
Notre catalogue vient d'jtre mis ` jour sur Abebooks, vous pouvez le consulter
entihrement en
cliquant ICI ou sur les rubriques ci-dessous pour dicouvrir le livre que vous
recherchez, plus de 1700
titres en ligne:

Catalogues :
Actualitis-Histoire / History
Art Erotique / Erotic Art
Bande Dessinie / Comics Books
Bande Dessinie - Illustration  /
Illustrated Art Books
Bande Dessinie Erotique /
Erotic Comics Books
Beaux-Livres  / Fine Books
Biographies / Biographies 
Memories
Cartes Postales irotiques /
Erotic Postcards
Dessins Erotiques / Erotic
Drawings
Dictionnaires irotiques / Erotic
Dictionaries
Gravures Irotiques / Erotic Art
Print
Littirature Irotique / Erotic
Literature
Littirature irotique en anglais
/English Erotic Fiction
Monographies / Monographies
Photographie - Cinima / Photo
- Cinema
Photographie Irotique / Erotic Photo
Revues BD  / Comics Magazines
Revues BD irotique / Erotic
Comics
Revues Erotiques / Erotic Magazines
Sexologie - Sexualiti / Sexology
- Sexuality
Science-fiction - Fantastique /
Fantasy


The team of enfer.com
L'iquipe d'enfer.com
Abebooks.fr/Enfer.com

Take a look too at our site on the Internet : Enfer.com
N'oubliez pas de consulter igalement notre site : Enfer.com

Editions Dominique Leroy
3, rue Docteur Andri Ragot, B.P. 313
89103 Sens Cedex, France - Tel.: 33 (0)3 86 64 15 24
e-mail: [EMAIL PROTECTED]





==
Message composi et expidii avec la version Freeware de Sarbacane.,
le logiciel d'e-mailing professionnel pour Windows de GOTO Software.
Attention, GOTO n'est responsable ni du contenu de ce message ni du fait
qu'il vous a iti expidii. Pour toute question au sujet de ce message,
merci de prendre contact avec l'expiditeur.
==

asynchronous RPC mechanism

[Gustavo Rios]

Dear folks,

i have choosen openbsd as my plataform of choice for deploying a
service that will have to handle RPC processing in an asynchronous
fashion. I got surprised when i see that the RPC library that comes
with OpenBSD does not support Async processing. I tried to build my
own routine and found it was no easy task.

Does anybody know about an async RPC mechanism i could use (any library)?

Thanks a lot for your time and cooperation.

Best regards.

Re: telldir(), etc: prevent memory leak

[Paul Thorn]

On Wed, 22 Mar 2006, Joshua Sandbrook wrote:


Just today I found my openbsd server curiously stalled... not completely
dead, could switch consoles, ping it.. but otherwise unresponsive.

Found out that smbd was eating huge amounts of memory, and I put the crash
down to smbd.

I applied ( by hand, patch did not work ) the patches Paul wrote..


Yeah. I was having issues with my mail client (silly line wrapping
and general corruption). There is a much cleaner patch offered
(against -current) on the tech list:

  http://marc.theaimsgroup.com/?l=openbsd-techm=114275248318690w=2

This one should work if run through patch. Don't know if it will apply
against a 3.8 source tree, but I did test to ensure that it worked
from the mailing list against -current. If it doesn't apply, please 
let me know, and I'll be happy to clean it up and try again.



and now
smbd is behaving in a more sane fashion, though still seems to be very
slowly climbing in memory useage, though nothing like it was before.

It was climbing at around 1Mb of ram per second before hand, now it is
only using 6mb of ram ( started at 2.7 ish mb of ram ) according to top.


That's about what I was experiencing, too. Leakage much worse if the
directories were highly populated, but still slow leakage for
smaller dirs, too. After the patch, some transitory memory usage,
but typically it remains stable for me.


So either there is still some memory leakage in telldir and friends, or
smbd has other memory leaks in it, or this is just normal behaviour for
smbd.


I concentrated on the biggest culprit in my particular install. I'm 
quite sure that smbd probably leaks in other places, too, and I

may not have caught all places in dirent that may leak if used ...
oddly. Perhaps I should go on another hunt if there is interest in
the community.


But the patch definately put a stop on the rapid memory consumtion.


Glad it was useful to someone!


Thanks Paul


Most welcome. Hopefully the openbsd guys will provide feedback on
it when they find some time, especially if it needs any further work 
to get it acceptable for inclusion into 3.9.


Cheers,
 - Paul

Going nuts with wireless (ath(4) in this case)

[Moritz Grimm]

Hello,


today, I wasted tons of money (from my perspective) ... First, I bought 
a D-Link DWL-G650. Turns out it was revision C with an AR5213 on it ... 
the driver complained about the RF radio not being supported. After lots 
of whining in the store, I got to replace it with a Netgear WG511T. 
Before breaking any seals of the packaging, I called Netgear tech 
support to ask for what they built into this card, with s/n 
foo-blah-bar. Turns out they couldn't tell, really, so I asked whether 
there are any different revisions of that card, i.e. whether it ever 
changed. They say no, it's been always the same and I figured that was 
good enough. Oh well, I thought wrong. Same AR5213, same unsupported RF 
radio. ARGH! No way I'm going to be able to get this one replaced, with 
broken seals in the package.


It seems that it's virtually impossible to get a working/supported 
wireless card these days ... damn those vendors who change hardware 
without notice, and damn Netgear for lying to me. :-(( And not to 
mention that useless, new wireless bridge that is doing nothing ... at 
least it has 3 shiny blue LEDs.


Now I figured, what the hell; let's try and make it supported. My 
wishful thinking and simply cranking the supported revisions of ath(4) 
allowed the driver to attach, but that's as far as it goes. I can mess 
around with ifconfig, setting any channel other than 6 isn't possible 
and I'm getting this should not happen-errors.


Since I was too stupid to save the kernel output earlier, it's now 
garbled ... impressive, how stuff in memory survives power-cycles in 
dmesg (all the numbers are okay, otherwise I wouldn't bother pasting this:)


A4heros C/mmunications, In\M-c., AR5001--, Wireless LAN 
Reference Card

: irq 11
ath0: AR5213 7.9 phy 4.5 rf2112a 5.6 FCC2A*, address 00:0f:b5:ef:5e:a0
ath0: device timeowt
ar5k_ar5212_nic_wakeup: failed to resume |he AR5212 (acain)
avh0: Unable to reset h\M-ardware; hal status 3671035180
ath0: device timeowt
[...]

:-)

My experimentation did some weird stuff to OpenBSD, which is why I'm 
running a sane kernel again.


Anyways, I'm obviously not getting anywhere, and driver hacking still is 
a closed book to me. However, I'm quite interested in learning more, or 
at least try and help someone who's further down this road by testing 
patches etc. In case I'm alone with this, I'd highly appreciate some 
pointers on how to get started. I don't remember, was Atheros a nice or 
an evil company? How can I get the information I need to get this to work?


Thanks for your time,


Moritz

Re: telldir(), etc: prevent memory leak

[Otto Moerbeek]

On Wed, 22 Mar 2006, Paul Thorn wrote:

 Most welcome. Hopefully the openbsd guys will provide feedback on
 it when they find some time, especially if it needs any further work to get it
 acceptable for inclusion into 3.9.

It won't make 3.9, which is already in production. But reviewing and
tsting the diff is on my list.

I'm a bit worried you are breaking documented behaviour (the opendir,
readdir, telldir, closedir, opendir, seekdir case).  But most other
platforms (except NetBSD) do not seem to give this guarantee, so maybe
it is ok to drop it. 

A comment I can give now is that I prefer the lists manipulations to
be done using the list macros from queue(3). You might wanna take a
look at the freebsd code. 

-Otto

CGI security: in addition to chroot

[dick]

i'm putting a machine into production in the next week or two that uses binary
CGI scripts. i want to add additional layers of security beyond having apache
chroot-ed in case the binaries decide to run amok. things that occur to me as a
good idea are systrace and sbox (see http://stein.cshl.org/software/sbox/ ), but
i don't have much experience with either of these.

if anyone has experience with either of these two solutions in production, i
would appreciate being informed about such. this machine will be colocated so
i'm very keen on having everything worked out before it goes into production.
feel free to contact me off-list if you like.

cheers,
jake

Sendmail security problem

[Raul Aldaz]

Hi,

Any comment about this? (see sendmail.org).




Este correo electrsnico y la informacisn contenida en el mismo es de
 caracter confidencial y esta sometida al secreto profesional, dirigiindose
 exclusivamente al destinatario mencionado en el encabezamiento, cuyos datos
 forman parte de un fichero responsabilidad del GRUPO CARRERAS  y cuya
 finalidad es contactar con el titular de los datos a travis del correo
 electrsnico. Le informamos que cuenta con los derechos de acceso,
 rectificacisn y cancelacisn, que podra ejercitar  mediante el envmo de un e-
 mail a la siguiente direccion: [EMAIL PROTECTED]
 Si  el  receptor de la comunicacisn no fuera el destinatario, le informamos
 que cualquier divulgacisn, copia,  distribucisn  o utilizacisn  no
 autorizada de la informacisn contenida en la misma esta prohibida por la
 legislacisn vigente.

http://www.grupocarreras.com

Re: remote data backup

[Rod.. Whitworth]

On Wed, 22 Mar 2006 15:54:08 +0100, Joachim Schipper wrote:

So, if you want to go with rsync-a-tar-file, make sure it is not
compressed or encrypted beforehand. (Though running the rsync protocol
itself over an encrypted link is very, very good idea.)


I do this for a client which has a zipfile of about 20MB which used to
be delivered by courier from head office to retail stores. It had all
the binaries used by the back-office computer plus stock files,
inevntories etc.

Now the zip files is copied from the master at head office to an
OpenBSD box where it is unzipped to a directory. Then the stores
connect at an appointed time and use rsync over ssh to update their
local copies.

Don't forget the C option in ssh (use -e ssh -C in the rsync options)
which is too computationally expensive on a fast LAN but is ideal for
lower speed links. For example,  head office in my client has 1536/256
ADSL and the stores have 256/64 and it speeds up very well.
HTH.
Rod

From the land down under: Australia.
Do we look umop apisdn from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

Re: asynchronous RPC mechanism

[Hannah Schroeter]

Hello!

On Wed, Mar 22, 2006 at 01:21:06PM -0300, Gustavo Rios wrote:
Dear folks,

i have choosen openbsd as my plataform of choice for deploying a
service that will have to handle RPC processing in an asynchronous
fashion. I got surprised when i see that the RPC library that comes
with OpenBSD does not support Async processing. I tried to build my
own routine and found it was no easy task.

Does anybody know about an async RPC mechanism i could use (any library)?

Thanks a lot for your time and cooperation.

I'm doing something like that, but I just use simple self-made protocols
and multiplex them with libevent. A little C++ framework above it, and
it's quite usable.

Best regards.

Kind regards,

Hannah.

Re: ADSL with pppoa (over ATM)

[Luca Losio]

 I used to have one of these.

 On your external NIC, use DHCP, and that is it.

 The DLink does the PPPoA stuff and issues the WAN IP address to your
 DHCP card.

 You can still telnet to the DLink on 192.168.0.1 at the same time as
 your link being up.


mmm...I tried switching off dhcp server on the modem, issued a
dhcpclient xl1 but I can't get a dhcp response

A couple of questions about ural(4) and hostap mode

[Giuseppe Argentieri]

Hi, I'm going to buy a Linksys WUSB54G v4 wireless adapter and I'd like
to use it to set up an access point with hostapd (but not only for this
purpose, of course)

I read in the man pages that:

The ural driver supports automatic control of the transmit speed in BSS
mode only.  Therefore the use of a ural adapter in Host AP mode is
discouraged. [ural(4) -current]

So, it seems that if I put ural(4) in hostap mode I can't get automatic
change of the trasmission rate. The question is: what kind of problems I
will face imposing a fixed speed? Will the other stations deassociate
whenever the signal strength goes under a certain limit? I will be
forced to use the minimum speed? Are there any workarounds for this
issue?


P.S.:
Well, more than a couple of question, I see...


-- 
http://swpat.ffii.org/

Giuseppe Argentieri

Re: Removing a misconfigured list member? [EMAIL PROTECTED]: Undelivered Mail Returned to Sender]

[Hannah Schroeter]

Hello!

On Wed, Mar 22, 2006 at 07:55:39AM +0059, Han Boetes wrote:
Keith Richardson wrote:
 Hannah wrote:
  Mailing to [EMAIL PROTECTED] didn't work either (similar loop error
  message). So could one please remove [EMAIL PROTECTED] from the mailing 
  lists?

  Sorry for mailing the list itself, but I didn't find a more specific
  contact for that on http://www.openbsd.org/mail.html.

 I think you wanted [EMAIL PROTECTED] if I remember majordomo's 
 email correctly.

Check the headers of any email from the openbsd mailinglists ;-)

There're no List-foo headers, just Sender: [EMAIL PROTECTED] But
then, there's no guarantee that the sender or envelope from is the best
address to reach a human list administrator. So I'd suggest adding a
reference to such to the mail.html page.

I'll try how forwarding my original mail to owner-... works out.

# Han

Kind regards,

Hannah.

Re: Going nuts with wireless (ath(4) in this case)

[Greg Thomas]

On 3/22/06, Moritz Grimm [EMAIL PROTECTED] wrote:

 today, I wasted tons of money (from my perspective) ... First, I bought
 a D-Link DWL-G650. Turns out it was revision C with an AR5213 on it ...
 the driver complained about the RF radio not being supported. After lots
 of whining in the store, I got to replace it with a Netgear WG511T.
 Before breaking any seals of the packaging, I called Netgear tech
 support to ask for what they built into this card, with s/n
 foo-blah-bar. Turns out they couldn't tell, really, so I asked whether
 there are any different revisions of that card, i.e. whether it ever
 changed. They say no, it's been always the same and I figured that was
 good enough. Oh well, I thought wrong. Same AR5213, same unsupported RF
 radio. ARGH! No way I'm going to be able to get this one replaced, with
 broken seals in the package.



 A4heros C/mmunications, In\M-c., AR5001--, Wireless LAN
 Reference Card
 : irq 11
 ath0: AR5213 7.9 phy 4.5 rf2112a 5.6 FCC2A*, address 00:0f:b5:ef:5e:a0
 ath0: device timeowt
 ar5k_ar5212_nic_wakeup: failed to resume |he AR5212 (acain)
 avh0: Unable to reset h\M-ardware; hal status 3671035180
 ath0: device timeowt
 [...]

 :-)

 My experimentation did some weird stuff to OpenBSD, which is why I'm
 running a sane kernel again.

 Anyways, I'm obviously not getting anywhere, and driver hacking still is
 a closed book to me. However, I'm quite interested in learning more, or
 at least try and help someone who's further down this road by testing
 patches etc. In case I'm alone with this, I'd highly appreciate some
 pointers on how to get started. I don't remember, was Atheros a nice or
 an evil company? How can I get the information I need to get this to work?


First off I'll say that I feel your pain.  But I haven't had any
problem finding AR5211 and AR5212 devices as you can see in the
archives I have two at the moment, a Netgear WAB501 and a Cisco.  With
a snapshot of a week or so ago I get similar messages as above along
with a panic on boot.  Unfortunately right now the team is pretty busy
getting the release together.  I have received a couple of patches but
nothing has worked yet.

Greg

Re: ADSL with pppoa (over ATM)

[Craig Skinner]

On Wed, Mar 22, 2006 at 07:14:23PM +0100, Luca Losio wrote:
  I used to have one of these.
 
  On your external NIC, use DHCP, and that is it.
 
  The DLink does the PPPoA stuff and issues the WAN IP address to your
  DHCP card.
 
  You can still telnet to the DLink on 192.168.0.1 at the same time as
  your link being up.
 
 
 mmm...I tried switching off dhcp server on the modem, issued a
 dhcpclient xl1 but I can't get a dhcp response
 

Leave the DHCP server enabled on the DLink, and enable your NIC via
DHCP. Job done.

Unplug the phone line and reboot the router, your NIC will get a
192.168.0.2 address, plug the phone line in and it will get issued the
public WAN IP from the router.

The router was designed for Windoze users, and they wouldn't mess about
with static setups.

I now use a ZyXEL and have my ISP allocate a routeable LAN, which is
better, but not doable with the DLink model that you have.

Re: Strange pthread/kernel interaction

[Hannah Schroeter]

Hi!

On Wed, Mar 22, 2006 at 04:30:28PM +0100, Jan Engelhardt wrote:
 How could I help the high CPU usage then? The device driver read
 routine always prematurely exits because IO_NDELAY is set (and
 there's nothing to read - so EWOULDBLOCK is returned).

Which device do you use? Does that not support poll/select/kqueue
properly? Because if it did, the pthread library would probably do the
right thing (on EWOULDBLOCK, suspend the thread, and sometimes use
kqueue or similar to find out when it can re-schedule the thread again).

the real syscall symbols are available as _thread_sys_read and so on.
you'll also need to clear non-blocking with _thread_sys_fcntl.

If I would now use _thread_sys_read and so on, then the main thread
would block (as expected), but due to the implementation, control is
not passed to other threads (because of blocking on _thread_sys_read())
as far as I understand.

It looks like I am not able to do threading and blocking at the same
time, that's where I am stuck.

I've just explained it to someone else what I did in cases like that.
Short summary: fork processes for the really blocking stuff (disk I/O,
device I/O), do the high level logic and network I/O in the parent,
communicate requests/responses to the children, using e.g. socketpair
(they're fast enough). So this maps the blocking I/O done in the
children to socketpair I/O which you *can* select/poll/kqueue/epoll on,
e.g. using libevent. Or even using OpenBSD's userland pthread, having a
thread block on reading responses from the socketpair.

Jan Engelhardt

Kind regards,

Hannah.

SGI O2

[Bachman Kharazmi]

I've two SGI O2 R12000 at home from today for experimental use.
They've 32 of them unused at my uni so the admin said it was ok to
take two :)

Now I've problems installing osbd 3.8, I've choosed the cdboot
installation method.
First I : 'resetenv' then setenv OSLoader=boot and setenv OSLoadFilename=/bsd.rd
Then I choose Install program from CDrom in the maintaining menu.

What I can see on the screen is all the boot arguments at top (from
the environment).

OpenBSD/sgi Arcbios boot
Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd
Loading ELF64 file
0xfff... Loading symbol table
Start at 0x
ARCS32 Firmware Version 1.10
SR=34010080
Found SGI-IP32, setting up.
And here it freeze, nothing else happens.

any ideas are welcome, /bkw
--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

Re: SGI O2

[Miod Vallat]

 What I can see on the screen is all the boot arguments at top (from
 the environment).
 
 OpenBSD/sgi Arcbios boot
 Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd
 Loading ELF64 file
 0xfff... Loading symbol table
 Start at 0x
 ARCS32 Firmware Version 1.10
 SR=34010080
 Found SGI-IP32, setting up.
 And here it freeze, nothing else happens.

I'll bet you did not connect a serial console to the machine.

Miod

Re: Strange pthread/kernel interaction

[Jan Engelhardt]

 How could I help the high CPU usage then? The device driver read
 routine always prematurely exits because IO_NDELAY is set (and
 there's nothing to read - so EWOULDBLOCK is returned).

Which device do you use? Does that not support poll/select/kqueue
properly? Because if it did, [...]

I need to implement that function. Thanks for the hint!
(btw, device is: rpldev from http://ttyrpld.sf.net/)



Jan Engelhardt
-- 

Re: SGI O2

[Bachman Kharazmi]

you're right, I missed that line in INSTALL.sgi.

and the worst is that none of my laptops have RS232 ports even if I've
a serialcable.

I hope there're USB-RS232 converters available.

the world is not always fair.
/bkw
On 22/03/06, Miod Vallat [EMAIL PROTECTED] wrote:
  What I can see on the screen is all the boot arguments at top (from
  the environment).
 
  OpenBSD/sgi Arcbios boot
  Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd
  Loading ELF64 file
  0xfff... Loading symbol table
  Start at 0x
  ARCS32 Firmware Version 1.10
  SR=34010080
  Found SGI-IP32, setting up.
  And here it freeze, nothing else happens.

 I'll bet you did not connect a serial console to the machine.

 Miod



--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

Re: SGI O2

[Timo Schoeler]

thus Bachman Kharazmi spake:

you're right, I missed that line in INSTALL.sgi.

and the worst is that none of my laptops have RS232 ports even if I've
a serialcable.

I hope there're USB-RS232 converters available.

the world is not always fair.

^

said the man who got two O2/R12k for free ;)


/bkw

Re: SGI O2

[Darrin Chandler]

Bachman Kharazmi wrote:


you're right, I missed that line in INSTALL.sgi.

and the worst is that none of my laptops have RS232 ports even if I've
a serialcable.

I hope there're USB-RS232 converters available.
 



You can get converters. Not all of them connect DSR/DTR.

--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: Site indexing application

[Frank Denis]

Le Tue, Mar 21, 2006 at 02:18:10PM +0200, Gabriel George POPA ecrivait :

Frank Denis wrote:


Yes, very interesting. But I was looking for a very secure, highly 
proven solution, prepackaged for OpenBSD with Apache chrooted.


 Well, Hyper Estraier is far from being a beta project. It's an evolution
of Estraier, itself based upon Snatcher, whoose work began 6 years ago. The
code is very clean, it works and it's fast.

 The code of Mnogosearch (and DPsearch since it's based upon it) is messy and
designed in a totally insecure and unreliable way. I had a hard time last
year with it in order to add various hacks to have it work with our blog web
site (skyblog.com). There were many ways to get it die with segmentation
faults. And the indexer wasn't always able to resume its activity after a
crash. Plus Mnogosearch doesn't scale as well as advertised.
 OTOH, Hyper Estraier scales really well.
 
 It just needs an OpenBSD port.


--
Frank Denis - frank [at] nailbox.fr
Young Nails / Akzentz nail tech

Re: SGI O2

[Jasper Lievisse Adriaanse]

On Wed, 22 Mar 2006 21:37:45 +0100
Bachman Kharazmi [EMAIL PROTECTED] wrote:

 you're right, I missed that line in INSTALL.sgi.

 and the worst is that none of my laptops have RS232 ports even if I've
 a serialcable.

 I hope there're USB-RS232 converters available.
That should do the trick, but you must have a null modem cable otherwise
you still won't be able to see much ;-)


 the world is not always fair.
 /bkw
 On 22/03/06, Miod Vallat [EMAIL PROTECTED] wrote:
   What I can see on the screen is all the boot arguments at top (from
   the environment).
  
   OpenBSD/sgi Arcbios boot
   Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd
   Loading ELF64 file
   0xfff... Loading symbol table
   Start at 0x
   ARCS32 Firmware Version 1.10
   SR=34010080
   Found SGI-IP32, setting up.
   And here it freeze, nothing else happens.
 
  I'll bet you did not connect a serial console to the machine.
 
  Miod
 


 --
 ##
 BKW - Bachman Kharazmi
 bahkha AT gmail DOT com
 uin: #24089491
 SWEDEN
 ##



--
Humppa is a serious thing!

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: SGI O2

[Bachman Kharazmi]

ah!
my obsd fw is a generic pc which has serial port, I'll try to move
everything near it.

I might be a lucky guy anyway...
/bkw
On 22/03/06, Darrin Chandler [EMAIL PROTECTED] wrote:
 Bachman Kharazmi wrote:

 you're right, I missed that line in INSTALL.sgi.
 
 and the worst is that none of my laptops have RS232 ports even if I've
 a serialcable.
 
 I hope there're USB-RS232 converters available.
 
 

 You can get converters. Not all of them connect DSR/DTR.

 --
 Darrin Chandler|  Phoenix BSD Users Group
 [EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
 http://www.stilyagin.com/  |




--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

Re: SGI O2

[Stuart Henderson]

On 2006/03/22 21:37, Bachman Kharazmi wrote:
 I hope there're USB-RS232 converters available.

'see also' section of ucom(4).

The ones looking like http://tinyurl.com/sxgxo are usually Cypress
and /not/ yet supported, the older bulkier-looking ones are more likely
to work.

Re: SGI O2

[Bachman Kharazmi]

cool, it booted and I'm setting up my disk now :)
thanks guys for all your replies.
/bkw
On 22/03/06, Bachman Kharazmi [EMAIL PROTECTED] wrote:
 I've two SGI O2 R12000 at home from today for experimental use.
 They've 32 of them unused at my uni so the admin said it was ok to
 take two :)

 Now I've problems installing osbd 3.8, I've choosed the cdboot
 installation method.
 First I : 'resetenv' then setenv OSLoader=boot and setenv 
 OSLoadFilename=/bsd.rd
 Then I choose Install program from CDrom in the maintaining menu.

 What I can see on the screen is all the boot arguments at top (from
 the environment).

 OpenBSD/sgi Arcbios boot
 Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd
 Loading ELF64 file
 0xfff... Loading symbol table
 Start at 0x
 ARCS32 Firmware Version 1.10
 SR=34010080
 Found SGI-IP32, setting up.
 And here it freeze, nothing else happens.

 any ideas are welcome, /bkw



--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

Stability of bge on 3.8 SMP

[Daniel Hamlin]

I have a server acting as a router/firewall (dmesg below) that stopped 
passing traffic on one network card after being up for ~4 months.  The 
card was unpingable, and I believe the console said watchdog timeout.  
Since the connection was down, I didn't take the time to write down the 
message, but instead rebooted the system.  Two days later the same thing 
happened.  I currently attribute it to bad hardware and have swapped out 
the server with another identical one.  I'm not asking for the problem 
to be solved, since I know I don't have enough information, rather I 
want to know if I should use a different network card.  Should I just 
use the single processor kernel?  Or is there a 
work-around/configuration change that will guarantee me stability with 
this configuration?


I found this while searching Google:
http://www.armorlogic.com/openbsd_information_server_compatibility_list.html?action=detailid=dl580g3

which says OpenBSD 3.8 can boot on the machine, but seems to have 
various issues related to multiprocessor support and on-board Broadcom 
network interfaces.


Thanks!

Dan


# cat hostname.bge0
inet www.xxx.yyy.zzz 255.255.255.252 NONE
# cat hostname.bge1
inet aaa.bbb.ccc.ddd 255.255.255.248 NONE

# ifconfig -a
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33192
   groups: lo
   inet 127.0.0.1 netmask 0xff00
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:e0:81:30:ba:30
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet www.xxx.yyy.zzz netmask 0xfffc broadcast snip
   inet6 snipbge0 prefixlen 64 scopeid 0x1
bge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:e0:81:30:ba:31
   groups: egress
   media: Ethernet autoselect (1000baseT full-duplex)
   status: active
   inet aaa.bbb.ccc.ddd netmask 0xfff8 broadcast snip
   inet6 snipbge1 prefixlen 64 scopeid 0x2
pflog0: flags=141UP,RUNNING,PROMISC mtu 33192
pfsync0: flags=0 mtu 1348
enc0: flags=0 mtu 1536


OpenBSD 3.8 (GENERIC.MP) #504: Sat Sep 10 16:02:38 MDT 2005
   [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4227395584 (4128316K)
avail mem = 3632812032 (3547668K)
using 22937 buffers containing 422948864 bytes (413036K) of memory
mainbus0 (root)
mainbus0: Intel MP Specification (Version 1.4) (TYAN S2881   )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Opteron(tm) Processor 248, 2191.74 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199220473Hz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Opteron(tm) Processor 248, 2191.43 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
mpbios: bus 0 is type PCI  
mpbios: bus 1 is type PCI  
mpbios: bus 2 is type PCI  
mpbios: bus 3 is type PCI  
mpbios: bus 4 is type ISA  
ioapic0 at mainbus0 apid 2: pa 0x86cbde24, version 11, 24 pins

ioapic1 at mainbus0 apid 3: pa 0x86cbdd24, version 11, 4 pins
ioapic2 at mainbus0 apid 4: pa 0x86cbdc24, version 11, 4 pins
pci0 at mainbus0 bus 0: configuration mode 1
ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07
pci1 at ppb0 bus 3
ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: apic 2 int 19 
(irq 10), version 1.0, legacy support

usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: apic 2 int 19 
(irq 10), version 1.0, legacy support

usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
vga1 at pci1 dev 6 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
AMD AMD8111 LPC rev 0x05 at pci0 dev 7 function 0 not configured
pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility

pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SAMSUNG, CD-ROM SN-124, N103 SCSI0 
5/cdrom 

Re: ADSL with pppoa (over ATM)

[mike]

On Wed, 22 Mar 2006 11:14:07 +
Craig Skinner [EMAIL PROTECTED] wrote:

 On Wed, Mar 22, 2006 at 04:29:56AM -0600, mike wrote:
   
  My Aethra Starbridge-EU works fine in half-bridge, although I had to
  set VCI=0 in the modem, whatever that is.
 
 You need to set the VPI  VCI, encapsulation  modulation. It is
 different for many countries depending on how the telcos deceide to
 run their network. See:
 
 http://www.patton.com/support/faqs_detail.asp?id=142
 http://www.adslguide.org.uk/qanda.asp?faq=DSLHardware
 
I was mistaken, my VPI=0, VCI=35 per my ISP. 
Note that this is in Wisconsin, USA, so the above link's table is not
quite correct, as it lists the USA's VPI as 8, which also was the
modem's default.
  
  I would much rather have my ext_if assigned the routable ip, and do
  all of the nat and rdr from pf :)
 
 As you seem to have a static IP on the router's WAN, your ISP will
 probably be able to provide a /30 routeable LAN for the asking!
 
 eg: I have 84.19.247.29/32 on the WAN of the router, and
 84.19.247.232/29 as a routeable LAN.
 
 
A /30 would be nice, but I have no complaints with a dynamic /32,
dyndns, and then rdr'ing ssh  smtp via pf.

Re: SGI O2

[Bachman Kharazmi]

After I downloaded the sets successfully and the rest of the
installation went fine I tried to reboot the system, what happens
after reboot is nothing. No boot ,  but I can enter the maintaing
menu.

Maybe of these lines have to be changed in console(maintain menu):
SystemPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(8)
OSLoadPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(0)

In case that's my problem I don't know which one to change.
printenv is pasted bellow.

System Maintenance Menu

1) Start System
2) Install System Software
3) Run Diagnostics
4) Recover System
5) Enter Command Monitor

Option? 5
Command Monitor.  Type exit to return to the menu.
 printenv
AutoLoad=Yes
diskless=0
dbaud=9600
volume=80
sgilogo=y
monitor=h
TimeZone=PST8PDT
netaddr=192.0.2.1
crt_option=1
SystemPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(8)
OSLoadPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(0)
OSLoader=boot
OSLoadFilename=/bsd.rd
OSLoadOptions=auto
console=d
ConsoleOut=serial(0)
ConsoleIn=serial(0)
cpufreq=270
eaddr=08:00:69:0e:9b:ab
videostatus=illegal_env_var
On 22/03/06, Bachman Kharazmi [EMAIL PROTECTED] wrote:
 cool, it booted and I'm setting up my disk now :)
 thanks guys for all your replies.
 /bkw
 On 22/03/06, Bachman Kharazmi [EMAIL PROTECTED] wrote:
  I've two SGI O2 R12000 at home from today for experimental use.
  They've 32 of them unused at my uni so the admin said it was ok to
  take two :)
 
  Now I've problems installing osbd 3.8, I've choosed the cdboot
  installation method.
  First I : 'resetenv' then setenv OSLoader=boot and setenv 
  OSLoadFilename=/bsd.rd
  Then I choose Install program from CDrom in the maintaining menu.
 
  What I can see on the screen is all the boot arguments at top (from
  the environment).
 
  OpenBSD/sgi Arcbios boot
  Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd
  Loading ELF64 file
  0xfff... Loading symbol table
  Start at 0x
  ARCS32 Firmware Version 1.10
  SR=34010080
  Found SGI-IP32, setting up.
  And here it freeze, nothing else happens.
 
  any ideas are welcome, /bkw

Re: ADSL with pppoa (over ATM)

[Chris 'Xenon' Hanson]

mike wrote:

http://www.patton.com/support/faqs_detail.asp?id=142
http://www.adslguide.org.uk/qanda.asp?faq=DSLHardware
I was mistaken, my VPI=0, VCI=35 per my ISP. 
Note that this is in Wisconsin, USA, so the above link's table is not

quite correct, as it lists the USA's VPI as 8, which also was the
modem's default.


  VPI/VCI numbers vary all over the US, so that table is about worthless. Here in 
Colorado, on Qwest, I believe we are 0,32.


--
 Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/
 I set the wheels in motion, turn up all the machines, activate the programs,
  and run behind the scenes. I set the clouds in motion, turn up light and 
sound,
  activate the window, and watch the world go 'round. -Prime Mover, Rush.

Sporadic kernel panic booting old i386 hardware, 3.7 GENERIC

[Damon McMahon]

Greetings,

For the second time in a week the following kernel panic has occured
on boot. In between these two events the firewall has booted many
times without issue.

booting hd0a:/bsd: 4686336+945680 [52+241344+223335]=0x5d08e0
entry point at 0x100120

[ using 465104 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2005 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 3.7 (GENERIC) #1: Mon Mar  6 15:39:23 CST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium (P54C) (GenuineIntel 586-class) 75 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8
cpu0: F00F bug workaround installed
real mem  = 41525248 (40552K)
avail mem = 30085120 (29380K)
using 532 buffers containing 2179072 bytes (2128K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 10/10/94, BIOS32 rev. 0 @ 0xf6f20
apm0 at bios0: Power Management spec V1.1
apm0: AC on, battery charge unknown
uvm_fault(0xd05b21e0, 0x0, 0, 1) - e
kernel: page fault trap, code=0
Stopped at  lockmgr+0x1a:   movl0x4(%esi),%eax
ddb

Is this (very old) hardware just giving up the ghost, bad RAM (I've
seen a couple of mentions in the archives pointing to this), some
other component in need of replacement, or something else worth
investigating further?

Many thanks in advance for any assistance,
Damon.

Re: SGI O2

[Diana Eichert]

On Wed, 22 Mar 2006, Stuart Henderson wrote:

 On 2006/03/22 21:37, Bachman Kharazmi wrote:
  I hope there're USB-RS232 converters available.

 'see also' section of ucom(4).

 The ones looking like http://tinyurl.com/sxgxo are usually Cypress
 and /not/ yet supported, the older bulkier-looking ones are more likely
 to work.

uplcom(4) is your friend.  If you're in the states just search eBay for
Prolific pl-2303 usb serial or something similar.  I've seen them for
under US$10.

diana

certpatch on obsd 3.8

[Lukas Drbohlav]

hi,

i would like to migrate my isakmpd configuration with x509 certificates 
from my old router with obsd 3.3 to new with obsd 3.8,
but i have problem with absence of certpatch on obsd 3.8 because i used it 
for SubjAltName (in form of email to CN) with this command i: 

#certpatch -t ufqdn -i ${new_cert} -k $CA_KEY 
/etc/isakmpd/certs/${new_cert}.crt /etc/isakmpd/certs/${new_cert}.crt


i can use this (but without success :-( ):

# openssl x509 -req -days 730 -in /etc/isakmpd/private/${new_cert}.csr -CA 
$CA_crt  -CAkey $CA_key -CAcreateserial -extfile /etc/ssl/x509v3.cnf 
-extensions x509v3_UFQDN -out /etc/isakmpd/certs/${new_cert}.crt

with this in x509v3.cnf
# default settings
CERTUFQDN   = what i have to give there ??!!

[x509v3_UFQDN]
subjectAltName=email:$ENV::CERTUFQDN

thank you for help

regards

lukas 

[no subject]

[Mathieu Sauve-Frankel]

Bcc: 
Subject: Re: certpatch on obsd 3.8
Reply-To: [EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]

 i can use this (but without success :-( ):
 
 # openssl x509 -req -days 730 -in /etc/isakmpd/private/${new_cert}.csr -CA 
 $CA_crt  -CAkey $CA_key -CAcreateserial -extfile /etc/ssl/x509v3.cnf 
 -extensions x509v3_UFQDN -out /etc/isakmpd/certs/${new_cert}.crt
 
 with this in x509v3.cnf
 # default settings
 CERTUFQDN   = what i have to give there ??!!
 
 [x509v3_UFQDN]
 subjectAltName=email:$ENV::CERTUFQDN

something like this

# env [EMAIL PROTECTED] openssl x509 -req -days 730 -in \
/etc/isakmpd/private/${new_cert}.csr -CA $CA_crt  -CAkey $CA_key \
-CAcreateserial -extfile /etc/ssl/x509v3.cnf -extensions \
x509v3_UFQDN -out /etc/isakmpd/certs/${new_cert}.crt

-- 
Mathieu Sauve-Frankel

Re: buf_read dhclient

[Steffen Kluge]

On Thu, 2006-03-16 at 18:43 +0100, Johan SANCHEZ wrote:
 And time to time this one:
 natbox dhclient[19726]: buf_read (connection closed): Undefined error: 0

That's what I'm seeing every time I run sh /etc/netstart sis0. After
this a new dhclient gets started and the DHCP lease will be
obtained/renewed. However, no automatic renewals take place afterwards,
and I have to repeat the manual procedure.

 The external nic is an pcn0:

Mine is a NS DP83815 10/100 (sis), on a WRAP.

 The box just run pf and nothing else.

Same here, just an Internet firewall. I was using 3.7 before yesterday
and this never happened. I have to say, though, that before yesterday
the firewall hardware was different, too, with an le interface on the
outside. For now I'm running a cron job to periodically renew my DHCP
lease...

My root fs is mounted noatime, and var and dev are mfs's:

/dev/wd0a on / type ffs (local, noatime)
mfs:15181 on /dev type mfs (asynchronous, local, noexec, nosuid, 
  size=1200 512-blocks)
mfs:28327 on /var type mfs (asynchronous, local, nodev, noexec, nosuid, 
  size=32768 512-blocks)

I suppose the WRAP dmesg is well known, but here it goes anyway:

OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 
586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
real mem  = 133804032 (130668K)
avail mem = 115478528 (112772K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(fa) BIOS, date 05/02/05, BIOS32 rev. 0 @ 0xfc5f2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00
sis0 at pci0 dev 14 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 10, 
address 00:0d:b9:02:c7:c4
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 15 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 9, 
address 00:0d:b9:02:c7:c5
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 16 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 11, 
address 00:0d:b9:02:c7:c6
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00
gpio0 at gscpcib0: 64 pins
NS SC1100 SMI/ACPI rev 0x00 at pci0 dev 18 function 1 not configured
pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: LEXAR ATA FLASH
wd0: 4-sector PIO, LBA, 246MB, 503808 sectors
wd0(pciide0:0:0): using PIO mode 4
NS SCx200 AUDIO rev 0x00 at pci0 dev 18 function 3 not configured
geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 
wdstatus 0
isa0 at gscpcib0
isadma0 at isa0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
sysbeep0 at pcppi0
gscsio0 at isa0 port 0x2e/2: SC1100 SIO rev 1: ACB1 ACB2
iic0 at gscsio0
iic1 at gscsio0
lmtemp0 at iic1 addr 0x48: LM77
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
biomask f1ef netmask ffef ttymask ffef
pctr: no performance counters in CPU
nvram: invalid checksum
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
clock: unknown CMOS layout


Cheers
Steffen.

Re: alternative for logging pf to syslog

[Daniel E. Hassler]

How is the method described in the FAQ any less expensive? Seems to me 
it's just time delayed/batch oriented - still has the same expensive 
tcpdump | logger plus you pay a little interest for the cron initiated 
shell scripts.


Theo de Raadt wrote:


Isn't the load a function of what I choose to log in pf.conf?
   



I'm not talking system load.  The logging operation you have created
is expensive.



 



--
 _   _   _
  __| | __ _ _ __   | |__   __ _ ___ ___| | ___ _ __
 / _` |/ _` | '_ \  | '_ \ / _` / __/ __| |/ _ \ '__|
| (_| | (_| | | | | | | | | (_| \__ \__ \ |  __/ |
 \__,_|\__,_|_| |_| |_| |_|\__,_|___/___/_|\___|_|

[EMAIL PROTECTED]

Re: SGI O2

[Roger Neth Jr]

On 3/22/06, Bachman Kharazmi [EMAIL PROTECTED] wrote:

 After I downloaded the sets successfully and the rest of the
 installation went fine I tried to reboot the system, what happens
 after reboot is nothing. No boot ,  but I can enter the maintaing
 menu.

 Maybe of these lines have to be changed in console(maintain menu):
 SystemPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(8)
 OSLoadPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(0)

 In case that's my problem I don't know which one to change.
 printenv is pasted bellow.

 System Maintenance Menu

 1) Start System
 2) Install System Software
 3) Run Diagnostics
 4) Recover System
 5) Enter Command Monitor

 Option? 5
 Command Monitor.  Type exit to return to the menu.
  printenv
 AutoLoad=Yes
 diskless=0
 dbaud=9600
 volume=80
 sgilogo=y
 monitor=h
 TimeZone=PST8PDT
 netaddr=192.0.2.1
 crt_option=1
 SystemPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(8)
 OSLoadPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(0)
 OSLoader=boot
 OSLoadFilename=/bsd.rd
 OSLoadOptions=auto
 console=d
 ConsoleOut=serial(0)
 ConsoleIn=serial(0)
 cpufreq=270
 eaddr=08:00:69:0e:9b:ab
 videostatus=illegal_env_var
 On 22/03/06, Bachman Kharazmi [EMAIL PROTECTED] wrote:
  cool, it booted and I'm setting up my disk now :)
  thanks guys for all your replies.
  /bkw
  On 22/03/06, Bachman Kharazmi [EMAIL PROTECTED] wrote:
   I've two SGI O2 R12000 at home from today for experimental use.
   They've 32 of them unused at my uni so the admin said it was ok to
   take two :)
  
   Now I've problems installing osbd 3.8, I've choosed the cdboot
   installation method.
   First I : 'resetenv' then setenv OSLoader=boot and setenv
 OSLoadFilename=/bsd.rd
   Then I choose Install program from CDrom in the maintaining menu.
  
   What I can see on the screen is all the boot arguments at top (from
   the environment).
  
   OpenBSD/sgi Arcbios boot
   Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd
   Loading ELF64 file
   0xfff... Loading symbol table
   Start at 0x
   ARCS32 Firmware Version 1.10
   SR=34010080
   Found SGI-IP32, setting up.
   And here it freeze, nothing else happens.
  
   any ideas are welcome, /bkw



Hello, here is my  02 setup and dmesg.

rogern

John 3:16



obsd39# cu -l tty00
Connected



System Maintenance Menu

1) Start System
2) Install System Software
3) Run Diagnostics
4) Recover System
5) Enter Command Monitor

Option? 5
Command Monitor.  Type exit to return to the menu.

 printenv
AutoLoad=Yes
console=g
diskless=0
dbaud=9600
volume=80
sgilogo=y
monitor=h
TimeZone=PST8PDT
netaddr=192.0.2.1
SystemPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(8)
OSLoadPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(0)
OSLoadFilename=/bsd
OSLoader=boot
cpufreq=180
eaddr=08:00:69:02:df:19
NoAutoLoad=CONSOLE OPEN FAILED.
ConsoleOut=serial(0)
ConsoleIn=serial(0)
 exitCannot connect to keyboard -- check the cable.
Cannot open keyboard() for input
Cannot connect to keyboard -- check the cable.
Cannot open keyboard() for input



 Running power-on diagnostics...



System Maintenance Menu

1) Start System
2) Install System Software
3) Run Diagnostics
4) Recover System
5) Enter Command Monitor

Option? 1


   Starting up the system...

arg 0: pci(0)scsi(0)disk(1)rdisk(0)partition(8)/boot
arg 1: OSLoadOptions=auto
arg 2: ConsoleIn=serial(0)
arg 3: ConsoleOut=serial(0)
arg 4: SystemPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(8)
arg 5: OSLoader=boot
arg 6: OSLoadPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(0)
arg 7: OSLoadFilename=/bsd

OpenBSD/sgi Arcbios boot
Boot: pci(0)scsi(0)disk(1)rdisk(0)partition(0)/bsd
Loading ELF64 file
0x8010:0x310d50, Zero 0x80410d50:0x5bb80, Loading symbol
table
Start at 0x8010
ARCS32 Firmware Version 1.10
SR=34010080
Found SGI-IP32, setting up.
Initial setup done, switching console.
NOTE: TLB code too large, using trampolines
[ using 267936 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2005 OpenBSD. All rights reserved.
http://www.OpenBSD.org

OpenBSD 3.8-beta (GENERIC) #156: Fri Aug 19 08:40:40 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/sgi/compile/GENERIC
real mem = 134217728
rsvd mem = 7020544
avail mem = 108875776
using 1638 buffers containing 6709248 bytes of memory
mainbus0 (root)
cpu0 at mainbus0: MIPS R5000 CPU rev 2.1 180 MHz with R5000 based FPC rev
1.0
cpu0: cache L1-I 32KB D 32KB 2 way, L2 512KB direct
macebus0 at mainbus0: crime rev 10.1
clock0 at macebus0: TOD with DS1687, ticker on int5 using count register
macepcibr0 at macebus0: mace rev 1, host system O2
pci0 at macepcibr0 bus 0
ahc0 at pci0 dev 1 function 0 Adaptec AIC-7880 rev 0x00: irq 9
ahc0: Host Adapter Bios disabled.  Using default SCSI device parameters
scsibus0 at ahc0: 16 targets
ahc0: target 1 using 8bit transfers
ahc0: target 1 using asynchronous transfers

Offering DNS slave in Scotland

[Craig Skinner]

Hi List,

I'm offering to be a DNS slave to other OpenBSD maestros.

IP'd in Scotland, so this may help your global redundancy plans!

Currently on a static ADSL, so not suitable for high traffic sites the
likes of ford. 

I've got 4 hobby domains that I'd like to have slaved in a couple of
places elsewhere too.

If interested, you may want to traceroute -I monaro.kepax.co.uk

Please reply to me off list, unless you want to do the same for others
and the list should know about it.


Craig.

Re: Sporadic kernel panic booting old i386 hardware, 3.7 GENERIC

[Darrin Chandler]

Stuart Henderson wrote:


On 2006/03/23 09:31, Damon McMahon wrote:
 


Is this (very old) hardware just giving up the ghost, bad RAM (I've
seen a couple of mentions in the archives pointing to this), some
other component in need of replacement, or something else worth
investigating further?
   



Memory is a fairly likely candidate; run memtest86++ and/or
pull sticks of RAM.
 



I have an old box here that boots fine normally, but if I happen to turn 
the monitor on during the initial seconds it panics. I'd blame that on 
an old, intolerant power supply. So, I either turn on the monitor 
before, after, or just leave it off. ;)


--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: Sporadic kernel panic booting old i386 hardware, 3.7 GENERIC

[Damon McMahon]

Thanks, Stuart.

Hmmm... the machine is only connected by a serial console. Does anyone
know if OpenBSD-compatible source code for memtest86 is available? The
linux code doesn't compile on OpenBSD, and I'd like to be able to
interact with it via a serial console, preferably.

Cheers,
Damon

On 23/03/06, Stuart Henderson [EMAIL PROTECTED] wrote:
 On 2006/03/23 09:31, Damon McMahon wrote:
  Is this (very old) hardware just giving up the ghost, bad RAM (I've
  seen a couple of mentions in the archives pointing to this), some
  other component in need of replacement, or something else worth
  investigating further?

 Memory is a fairly likely candidate; run memtest86++ and/or
 pull sticks of RAM.

Re: Sporadic kernel panic booting old i386 hardware, 3.7 GENERIC

[Bryan Irvine]

On 3/22/06, Damon McMahon [EMAIL PROTECTED] wrote:
 Thanks, Stuart.

 Hmmm... the machine is only connected by a serial console. Does anyone
 know if OpenBSD-compatible source code for memtest86 is available? The
 linux code doesn't compile on OpenBSD, and I'd like to be able to
 interact with it via a serial console, preferably.

many distros have memtest as a boot option off the cd, gentoo is one.

--Bryan

OpenBSD and PostgreSQL performance

[Steve Shockley]

I've currently got a server running syslog-ng (1.6.9) with PostgreSQL 
(8.1.1) on a 3.9 snapshot from March 1.  The setup has been working well 
for a while, but I've recently been told to have it accept syslog for a 
couple of anti-spam appliance devices, and they generate between 1-2 
million syslog entries per day, and that seems to kill PostgreSQL's 
performance.  Any query which needs to iterate the whole database will 
take 10-15 minutes after a day or so, and that's no good for a web 
front-end.


I'm running it on a Compaq DL580, which is a quad Xeon 700, 2gb RAM, 
Compaq 3200 controller (cac) with 32mb cache RAM, and four 36gb 10k 
drives in RAID5.


I can also move the system to a Compaq ML530, which is a dual Xeon 1000, 
2gb RAM, Compaq 5300 controller (ciss) with 128mb cache, and four 36gb 
10k drives plus 10 18gb 10k drives.  Sure, that's better, but I'm not 
sure it's enough better.


When I'm accepting syslog from the mail devices, a postgres process 
holds steady using 5-10% CPU, but the load average hovers between 1 and 2.


I don't normally turn knobs, but the few knobs I've turned have been:

kern.seminfo.semmni=256
kern.seminfo.semmns=2048
kern.shminfo.shmmax=201326592

set bufcachepct to 30 via config

fsync=off (ick, I'd like to turn this back on)
shared_buffers=16384

autovacuum is turned on.  I vacuum analyze the database nightly, doing 
so doesn't seem to effect performance.


Is there anything else I can do to improve performance on this hardware? 
 It seems that I'm not using very much memory (around 512mb of 2gb), 
what's the best way to tell PostgreSQL to use more memory, in a way that 
will actually make a difference?

Re: OpenBSD and PostgreSQL performance

[Aaron Glenn]

On 3/22/06, Steve Shockley [EMAIL PROTECTED] wrote:
 I've currently got a server running syslog-ng (1.6.9) with PostgreSQL
 (8.1.1) on a 3.9 snapshot from March 1.  The setup has been working well
 for a while, but I've recently been told to have it accept syslog for a
 couple of anti-spam appliance devices, and they generate between 1-2
 million syslog entries per day, and that seems to kill PostgreSQL's
 performance.  Any query which needs to iterate the whole database will
 take 10-15 minutes after a day or so, and that's no good for a web
 front-end.

How many days do you keep around? What's the query? What does EXPLAIN
ANALYSE tell you?

 I'm running it on a Compaq DL580, which is a quad Xeon 700, 2gb RAM,
 Compaq 3200 controller (cac) with 32mb cache RAM, and four 36gb 10k
 drives in RAID5.

I'm not intimately familiar with the Xeon SMP cache contention issue,
but I do recall it being discussed quite thoroughly on the pgsql
mailing lists. I don't know if it affects your setup, but it might be
worth doing some cursory investigation.

 I can also move the system to a Compaq ML530, which is a dual Xeon 1000,
 2gb RAM, Compaq 5300 controller (ciss) with 128mb cache, and four 36gb
 10k drives plus 10 18gb 10k drives.  Sure, that's better, but I'm not
 sure it's enough better.

I highly doubt it's a hardware issue.

 When I'm accepting syslog from the mail devices, a postgres process
 holds steady using 5-10% CPU, but the load average hovers between 1 and 2.

 I don't normally turn knobs, but the few knobs I've turned have been:

 kern.seminfo.semmni=256
 kern.seminfo.semmns=2048
 kern.shminfo.shmmax=201326592

 set bufcachepct to 30 via config

 fsync=off (ick, I'd like to turn this back on)
 shared_buffers=16384

 autovacuum is turned on.  I vacuum analyze the database nightly, doing
 so doesn't seem to effect performance.

 Is there anything else I can do to improve performance on this hardware?
   It seems that I'm not using very much memory (around 512mb of 2gb),
 what's the best way to tell PostgreSQL to use more memory, in a way that
 will actually make a difference?

I'm inclined to say you'll gain much more from query optimization than
turning OS knobs.

aaron.glenn

Re: Sporadic kernel panic booting old i386 hardware, 3.7 GENERIC

[Damon McMahon]

Thanks to all who've responded.

Through google I eventually found source code for memtester 4.0.5 at
http://pyropus.ca/software/memtester/ .

Compiled out of the box, however my RAM tested all OK which leaves me
back to where i started...

Any other suggestions? At the ddb prompt is there anythihng I can do
to further troubleshoot?

On 23/03/06, Damon McMahon [EMAIL PROTECTED] wrote:
 Thanks, Stuart.

 Hmmm... the machine is only connected by a serial console. Does anyone
 know if OpenBSD-compatible source code for memtest86 is available? The
 linux code doesn't compile on OpenBSD, and I'd like to be able to
 interact with it via a serial console, preferably.

 Cheers,
 Damon

 On 23/03/06, Stuart Henderson [EMAIL PROTECTED] wrote:
  On 2006/03/23 09:31, Damon McMahon wrote:
   Is this (very old) hardware just giving up the ghost, bad RAM (I've
   seen a couple of mentions in the archives pointing to this), some
   other component in need of replacement, or something else worth
   investigating further?
 
  Memory is a fairly likely candidate; run memtest86++ and/or
  pull sticks of RAM.

Re: OpenBSD and PostgreSQL performance

[Jim Razmus]

* Steve Shockley [EMAIL PROTECTED] [060322 21:35]:
 I've currently got a server running syslog-ng (1.6.9) with PostgreSQL 
 (8.1.1) on a 3.9 snapshot from March 1.  The setup has been working well 
 for a while, but I've recently been told to have it accept syslog for a 
 couple of anti-spam appliance devices, and they generate between 1-2 
 million syslog entries per day, and that seems to kill PostgreSQL's 
 performance.  Any query which needs to iterate the whole database will 
 take 10-15 minutes after a day or so, and that's no good for a web 
 front-end.
 
 I'm running it on a Compaq DL580, which is a quad Xeon 700, 2gb RAM, 
 Compaq 3200 controller (cac) with 32mb cache RAM, and four 36gb 10k 
 drives in RAID5.
 
 I can also move the system to a Compaq ML530, which is a dual Xeon 1000, 
 2gb RAM, Compaq 5300 controller (ciss) with 128mb cache, and four 36gb 
 10k drives plus 10 18gb 10k drives.  Sure, that's better, but I'm not 
 sure it's enough better.
 
 When I'm accepting syslog from the mail devices, a postgres process 
 holds steady using 5-10% CPU, but the load average hovers between 1 and 2.
 
 I don't normally turn knobs, but the few knobs I've turned have been:
 
 kern.seminfo.semmni=256
 kern.seminfo.semmns=2048
 kern.shminfo.shmmax=201326592
 
 set bufcachepct to 30 via config
 
 fsync=off (ick, I'd like to turn this back on)
 shared_buffers=16384
 
 autovacuum is turned on.  I vacuum analyze the database nightly, doing 
 so doesn't seem to effect performance.
 
 Is there anything else I can do to improve performance on this hardware? 
  It seems that I'm not using very much memory (around 512mb of 2gb), 
 what's the best way to tell PostgreSQL to use more memory, in a way that 
 will actually make a difference?
 

A good data model for starters.  You may want to match the access paths
used by common queries with a table and index structure that supports
them.

Unless your running Teradata databases, your not going to iterate over
record sets like that quickly unless you get into unreasonable hardware.
You could check out solid state disks, etc.  But really a good data
model goes a long way.

Hire or consult a good DBA.  Your unlikely to beat this problem with
just hardware.

Jim

Re: OpenBSD and PostgreSQL performance

[Lars Hansson]

On Thursday 23 March 2006 10:26, Steve Shockley wrote:
  Any query which needs to iterate the whole database will
 take 10-15 minutes after a day or so, and that's no good for a web
 front-end.

The first order of business should be to get rid of these kind of queries.

---
Lars Hansson

Re: OpenBSD and PostgreSQL performance

[Darrin Chandler]

Steve Shockley wrote:

I've currently got a server running syslog-ng (1.6.9) with PostgreSQL 
(8.1.1) on a 3.9 snapshot from March 1.  The setup has been working 
well for a while, but I've recently been told to have it accept syslog 
for a couple of anti-spam appliance devices, and they generate between 
1-2 million syslog entries per day, and that seems to kill 
PostgreSQL's performance.  Any query which needs to iterate the whole 
database will take 10-15 minutes after a day or so, and that's no good 
for a web front-end.


snip

When I'm accepting syslog from the mail devices, a postgres process 
holds steady using 5-10% CPU, but the load average hovers between 1 and 2.


snip




Is there anything else I can do to improve performance on this 
hardware?  It seems that I'm not using very much memory (around 512mb 
of 2gb), what's the best way to tell PostgreSQL to use more memory, in 
a way that will actually make a difference?



A lot of things come to mind that you might do. The hardware is more 
than capable of taking the info in, storing it, and letting you search 
it. It's how you're currently doing it that's not working so well, and 
that probably has little to do with tuning kernels and daemons.


Knowing neither the database structure nor the queries, I can only guess 
at what would really help...


Tons of steady inserts on one end of an index (such as time) will lead 
to a lot of tree balancing. Can you partition the data into unindexed 
hourly tables, indexes to be added *after* you're done inserting?


Can you make some generalizations about the queries typically performed 
and structure the database to make it faster to access?


There are about two dozen questions like this, but you get the idea.

--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

no-df and OS Fingerprint issue

[Diego Casati]

Hi,

Im trying to block a Windows XP  SP2 with the OSFP support on PF but a
rather odd behavior seems to be happening. Not sure about this. This is the
only lines that I have on my pf.conf. The thing is, when I take the word
no-df from the scrub line it works, what I am missing here? If a take the
no-df statement it works!
# pf.conf

ext_if=vr0
scrub in on $ext_if all no-df
block in on $ext_if from any os Windows XP SP1

reguards,


Diego

Re: OpenBSD and PostgreSQL performance

[Melameth, Daniel D.]

Jim Razmus wrote:
 * Steve Shockley [EMAIL PROTECTED] [060322 21:35]:
  I've currently got a server running syslog-ng (1.6.9) with
  PostgreSQL (8.1.1) on a 3.9 snapshot from March 1.  The setup has
  been working well for a while, but I've recently been told to have
  it accept syslog for a couple of anti-spam appliance devices, and
  they generate between 1-2 million syslog entries per day, and that
  seems to kill PostgreSQL's performance.  Any query which needs to
  iterate the whole database will take 10-15 minutes after a day or
  so, and that's no good for a web front-end. 
  
  I'm running it on a Compaq DL580, which is a quad Xeon 700, 2gb RAM,
  Compaq 3200 controller (cac) with 32mb cache RAM, and four 36gb 10k
  drives in RAID5. 
  
  I can also move the system to a Compaq ML530, which is a dual Xeon
  1000, 2gb RAM, Compaq 5300 controller (ciss) with 128mb cache, and
  four 36gb 10k drives plus 10 18gb 10k drives.  Sure, that's better,
  but I'm not sure it's enough better. 
  
  When I'm accepting syslog from the mail devices, a postgres process
  holds steady using 5-10% CPU, but the load average hovers between 1
  and 2. 
  
  I don't normally turn knobs, but the few knobs I've turned have
  been: 
  
  kern.seminfo.semmni=256
  kern.seminfo.semmns=2048
  kern.shminfo.shmmax=201326592
  
  set bufcachepct to 30 via config
  
  fsync=off (ick, I'd like to turn this back on)
  shared_buffers=16384
  
  autovacuum is turned on.  I vacuum analyze the database nightly,
  doing 
  so doesn't seem to effect performance.
  
  Is there anything else I can do to improve performance on this
   hardware? It seems that I'm not using very much memory (around
  512mb of 2gb), what's the best way to tell PostgreSQL to use more
  memory, in a way that will actually make a difference?
 
 A good data model for starters.  You may want to match the access
 paths used by common queries with a table and index structure that
 supports them.
 
 Unless your running Teradata databases, your not going to iterate over
 record sets like that quickly unless you get into unreasonable
 hardware. You could check out solid state disks, etc.  But really a
 good data model goes a long way.
 
 Hire or consult a good DBA.  Your unlikely to beat this problem with
 just hardware.

I strongly agree with Jim's comments.  Also, OpenBSD performance
notwithstanding, you'll get better performance out of RAID10 for your
DBs than RAID5.

DST oddity in Australia/NSW timezone

[Steffen Kluge]

I just noticed that a fresh 3.8 install doesn't contain the DST
exception that has been declared for Australia (NSW and ACT) this year,
apparently to accommodate the Commonwealth Games.

This year, daylight savings won't be turned back on the last Sunday in
March, as usual, but a week later on the 1st of April.

Just thought somebody in Oz (NSW and ACT) might care.

I copied the /usr/share/zoneinfo/Australia/NSW file from a Linux box to
my OpenBSD machines, as well as a bunch of Solaris boxes, and all is
well.

Proper handling of DST can be checked by running zdump -v -c 2007
Australia/NSW.

Cheers
Steffen.

Re: RAID label problem?

[Xavier Mertens]

Thanks Otto!
This fixed the problem...

Xavier
--
There are only 10 types of people in the world:
Those who understand binary and those who don't.

On Wed, 22 Mar 2006, Otto Moerbeek wrote:

 On Wed, 22 Mar 2006, Xavier Mertens wrote:
 
  16 partitions:
  # sizeoffset  fstype [fsize bsize  cpg]
a: 4358414031416925149  unused  0 0  # Cyl 
  1383715*-1809342*
c: 160171392 0  unused  0 0  # Cyl 0 
  -156417*
  
  I create my partition, exit with q
  
  Xavier
  --
   SELECT * FROM users WHERE clue  0;
  0 rows returned
 
 You better run fdisk -i raid0 first. You are seeing the remains
 of an old disklabel, probably.
 
   -Otto