alternative for logging pf to syslog
After reading the Packet Logging Through Syslog section of the pf FAQ I decided to try a different approach. Now that it's working (for my system and needs) I'm wondering 1) Is it (relatively) safe? 2) Is it useful to others? and 3) Did I re-invent something already available I missed? Here's a quick description. #!/usr/bin/perl -WT use strict; #--- # # pflogger logs to syslog(3), IN REAL TIME, packets logged by pf(4). # This is done by by invoking tcpdump(8) on the pflog(4) interface # and piping the output to logger(1). # # In effect pflogger is really just the shell command: # # (tcpdump -lent -i pflog0 21 | \ #logger -p user.info -t pflogger) /dev/null 21 # # but with both tcpdump and logger running as daemon processes, logger running # unprivileged, and no shell process providing glue. # Once setup even the perl interpreter process running this script is gone. # #-- See attachment for full script. Thanks, -- _ _ _ __| | __ _ _ __ | |__ __ _ ___ ___| | ___ _ __ / _` |/ _` | '_ \ | '_ \ / _` / __/ __| |/ _ \ '__| | (_| | (_| | | | | | | | | (_| \__ \__ \ | __/ | \__,_|\__,_|_| |_| |_| |_|\__,_|___/___/_|\___|_| [EMAIL PROTECTED] #!/usr/bin/perl -WT use strict; #--- # # pflogger logs to syslog(3), IN REAL TIME, packets logged by pf(4). # This is done by by invoking tcpdump(8) on the pflog(4) interface # and piping the output to logger(1). # # In effect pflogger is really just the shell command: # # (tcpdump -lent -i pflog0 21 | \ # logger -p user.info -t pflogger) /dev/null 21 # # but with both tcpdump and logger running as daemon processes, logger running # unprivileged, and no shell process providing glue. # Once setup even the perl interpreter process running this script is gone. # #--- use constant LOGGRP = '_syslogd'; # unprivileged group use constant LOGUSR = '_syslogd'; # unprivileged user use constant TCPUSR = '_tcpdump'; # tcpdump unprivileged use constant PIDFILE = '/var/run/pflogger.pid';# daemon's pidfile use constant SETSID = 147; # from sys/syscall.h use constant MAXFD = 1023; # open files hard limit use constant CDDIR = '/var/empty'; # daemon's directory use constant DMASK = 0177; # daemon's umask #use ABSOLUTELY_NOTHING_ELSE# a design goal #require ABSOLUTELY_NOTHING # a design goal $ENV{PATH} = '/usr/sbin:/usr/bin'; # taint safe path if (scalar @ARGV) { die USE: pflogger\nNo arguments!\n; } # USE if ( $ ) { die pflogger: got root?\n; } # need root! my $lgid; if ( ( $lgid = getgrnam(LOGGRP) ) 0 ) { die pflogger: getgrnam: $!\n; } my $luid; if ( ( $luid = getpwnam(LOGUSR) ) 0 ) { die pflogger: getpwnam: $!\n; } if ( -e PIDFILE ) { check_pidfile() or die pflogger: check_pidfile error\n; } daemonize() or die pflogger: daemonize error\n; my $child = open( STDOUT, |- ); # open pipe: parent|child if ( $child 0 ) { # parent: exec tcpdump open(STDERR, STDOUT); # STDERR to child - like shell's 21 # CAUTION: tcpdump needs to run as root to read pflog0. # Choose tcpdump(8) flags carefully please! # These flags are not ARGV or config file options by design. # exec( 'tcpdump', '-lent', '-i', 'pflog0' ) or die $!\n; } elsif ( $child == 0 ) { # child: exec logger (unprivileged) # drop privilege - uid last - no more changes after that # set then check - perl silently ignores set error. # $) = $lgid; if ( $) != $lgid ) { exit($!); }# egid $( = $lgid; if ( $( != $lgid ) { exit($!); }# gid $ = $luid; if ( $ != $luid ) { exit($!); }# euid $ = $luid; if ( $ != $luid ) { exit($!); }# uid exec( 'logger', '-p', 'user.info', '-t', 'pflogger' ) or exit($!); } elsif ( $child 0 ) { die open pipe failed: $!\n; } # /* NOTREACHED */ #--- # SUBROUTINE DEFINITIONS BELOW #--- sub check_pidfile() # check for and kill existing process { my $rv = 0; # 0 for error, 1 for success my $err = ; # diagnostic messages LCB: { if ( open(IN, '', PIDFILE) == 0 ) {# open
Re: alternative for logging pf to syslog
After reading the Packet Logging Through Syslog section of the pf FAQ I decided to try a different approach. Now that it's working (for my system and needs) I'm wondering 1) Is it (relatively) safe? 2) Is it useful to others? and 3) Did I re-invent something already available I missed? Well, you have found a great way to slow your machine down when it hits serious traffic load. We believe that packet logging via syslog is the wrong method. That is why pf was redesigned to not use that mechanism of logging itself, and it instead uses the pflog interface. See, that way the low level parts of the system know when someone is actually trying to get log results, so that we don't waste time pushing them out there.
Re: IDS solution
Reyk Floeter wrote: hi, On Tue, Mar 21, 2006 at 02:50:35PM -0300, Hutger H. wrote: I've been looking for a consolidated IDS solution that I can deploy in my network. Snort is really a good option but currently it seems that they are charging for updates, it that true? I'd like to find out a free of charge Linux, or BSD, solution that can works as good as snort works and, rather with some successful deployment cases. an alternative approach to snort is bro, which uses a bsd-style license. http://www.bsd-ids.org/ Are you sure about it? Domain not found. the c++ code is a bit ugly, but the system is very powerful, supports snort rules and is also supported by most of the hybrid IDS frameworks (like prelude-ids). bro claims that their own context-based rule language is even more powerful than the snort stuff. reyk
Re: ADSL with pppoa (over ATM)
My understanding is that to operate in 'full bridge mode' requires pppoe support from the provider. Which is where this thread started. Donald J. Ankney wrote: Has anybody done this through a full bridge? My Actiontech isn't nearly as friendly with it's options... Simon Slaytor wrote: Half Bridge mode is your friend here. Not sure if the D-Link supports this mode however, Google is less than helpful. Essentially in half bridge mode the modem handles the PPPoA authentication with the ISP, as in NAT mode obtaining an IP address from the remote provider as normal. Unlike NAT mode however the modem then leases out this exact same IP address to the connected ethernet host, thereby presenting the external IP directly to your external ethernet port. Finally the modem begins to transparently bridge the ADSL/Ethernet connections. I can vouch for Zoom X3/4 and ADSL Nation X-Modems working in this mode without issue.
donation
following this post http://undeadly.org/cgi?action=articlesid=20060321034114 I wanted to make a donation to the openbsd project. Unfortunatly, paypall does not accept Amex from Belgium. Is there any other way I can make a donation using this type of card? TIA Greg
Re: DRAC vs iLo
On Wed, Mar 22, 2006 at 08:30:07AM +0100, Srebrenko Sehic wrote: Who wins in the OpenBSD world? DRAC (Dell Remote Admin Card) or iLo (HP's Integrated Lights Out)? We're looking at new servers and are wondering if these are worth the cash, or which is the one to go for? I've never used DRAC, but ILO (the real deal, like in HP360G4) is pretty solid. Stay away from the el-cheapo variants found in DL145 and the like. You might want to purchase the Advanced pack, since that gives you fancy stuff like remote ISO mount from you workstation. I've also used Sun's ILOM. HP's is still better IMHO. Real Weasel might be another option: http://www.realweasel.com/
Re: IDS solution
On 22/03/06, edgarz [EMAIL PROTECTED] wrote: Reyk Floeter wrote: hi, On Tue, Mar 21, 2006 at 02:50:35PM -0300, Hutger H. wrote: I've been looking for a consolidated IDS solution that I can deploy in my network. Snort is really a good option but currently it seems that they are charging for updates, it that true? I'd like to find out a free of charge Linux, or BSD, solution that can works as good as snort works and, rather with some successful deployment cases. an alternative approach to snort is bro, which uses a bsd-style license. http://www.bsd-ids.org/ Are you sure about it? Domain not found. the c++ code is a bit ugly, but the system is very powerful, supports snort rules and is also supported by most of the hybrid IDS frameworks (like prelude-ids). bro claims that their own context-based rule language is even more powerful than the snort stuff. reyk No, the link is http://www.bro-ids.org/
Re: IDS solution
not bsd-ids.org, try http://www.bro-ids.org/ address. On 3/22/06, edgarz [EMAIL PROTECTED] wrote: Reyk Floeter wrote: hi, On Tue, Mar 21, 2006 at 02:50:35PM -0300, Hutger H. wrote: I've been looking for a consolidated IDS solution that I can deploy in my network. Snort is really a good option but currently it seems that they are charging for updates, it that true? I'd like to find out a free of charge Linux, or BSD, solution that can works as good as snort works and, rather with some successful deployment cases. an alternative approach to snort is bro, which uses a bsd-style license. http://www.bsd-ids.org/ Are you sure about it? Domain not found. the c++ code is a bit ugly, but the system is very powerful, supports snort rules and is also supported by most of the hybrid IDS frameworks (like prelude-ids). bro claims that their own context-based rule language is even more powerful than the snort stuff. reyk -- Huzeyfe VNAL --- First Turkish Qmail book is out! Go check it. Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti. http://www.acikakademi.com/catalog/qmail/
[OT] Looking for work in the UK
Hi list, I'm actively looking for new employment in the UK. A few quick points here: *) 4 years comm OpenBSD/Linux/UNIX expr for an ISP software house. *) tech support sys admin *) DNS, SMTP, IMAP, POP, FTP, SQL, SSH, backups, *) web hosting and some php, javascript, html, jsp, *) scripting with shell, sed, awk, expect, *) ADSL, SDSL, Leased Lines, colo, servers, desktops, routers, I think that's enough to say in a public forum. If anyone would like to contact me off list with anything that you stumble across, be it perm/temp/contract, that would be great. I appologise for the off topic nature of this post. Craig.
RAID label problem?
Hi, I'm busy to set up a box with 2 x 80GB disks in RAID1. I'm following the procedures found online but, once the RAID is initialized, I got the follow error while trying to partition it: Write new label?: [y] disklabel: ioctl DIOCWDINFO: No space left on device disklabel: unable to write label The RAID is up, consistant: # raidctl -s raid0 raid0 Components: /dev/wd0d: optimal /dev/wd1d: optimal No spares. Parity status: clean Reconstruction is 100% complete. Parity Re-write is 100% complete. Copyback is 100% complete. disklabel report the following: # disklabel -E raid0 disklabel: Can't get bios geometry: Device not configured Initial label editor (enter '?' for help at any prompt) p device: /dev/rraid0c type: RAID disk: raid label: fictitious bytes/sector: 512 sectors/track: 128 tracks/cylinder: 8 sectors/cylinder: 1024 cylinders: 156417 total sectors: 160171392 free sectors: 160171392 rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 4358414031416925149 unused 0 0 # Cyl 1383715*-1809342* c: 160171392 0 unused 0 0 # Cyl 0 -156417* I create my partition, exit with q Xavier -- SELECT * FROM users WHERE clue 0; 0 rows returned
Re: donation
Grigoire Welraeds [EMAIL PROTECTED]: following this post http://undeadly.org/cgi?action=articlesid=20060321034114 I wanted to make a donation to the openbsd project. Unfortunatly, paypall does not accept Amex from Belgium. Is there any other way I can make a donation using this type of card? You could try https://https.openbsd.org/cgi-bin/order.eu and use the Make a Donation field ;) Regards, Kamil Andrusz -- It's just a matter of opinion.
Re: ADSL with pppoa (over ATM)
On Tue, 21 Mar 2006 20:53:41 + Simon Slaytor [EMAIL PROTECTED] wrote: Half Bridge mode is your friend here. Not sure if the D-Link supports this mode however, Google is less than helpful. Essentially in half bridge mode the modem handles the PPPoA authentication with the ISP, as in NAT mode obtaining an IP address from the remote provider as normal. Unlike NAT mode however the modem then leases out this exact same IP address to the connected ethernet host, thereby presenting the external IP directly to your external ethernet port. Finally the modem begins to transparently bridge the ADSL/Ethernet connections. I can vouch for Zoom X3/4 and ADSL Nation X-Modems working in this mode without issue. My Aethra Starbridge-EU works fine in half-bridge, although I had to set VCI=0 in the modem, whatever that is. I would much rather have my ext_if assigned the routable ip, and do all of the nat and rdr from pf :) Mike
Re: donation
Dear Greg, following this post http://undeadly.org/cgi?action=articlesid=20060321034114 I wanted to make a donation to the openbsd project. Unfortunatly, paypall does not accept Amex from Belgium. Is there any other way I can make a donation using this type of card? You are far better off to use the donation button on the international website run by the Computershop of Calgary: https://https.openbsd.org/cgi-bin/order -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= https://kd85.com/notforsale.html --
Re: telldir(), etc: prevent memory leak
Just today I found my openbsd server curiously stalled... not completely dead, could switch consoles, ping it.. but otherwise unresponsive. Found out that smbd was eating huge amounts of memory, and I put the crash down to smbd. I applied ( by hand, patch did not work ) the patches Paul wrote.. and now smbd is behaving in a more sane fashion, though still seems to be very slowly climbing in memory useage, though nothing like it was before. It was climbing at around 1Mb of ram per second before hand, now it is only using 6mb of ram ( started at 2.7 ish mb of ram ) according to top. So either there is still some memory leakage in telldir and friends, or smbd has other memory leaks in it, or this is just normal behaviour for smbd. But the patch definately put a stop on the rapid memory consumtion. Thanks Paul
Re: donation
this is what I did and it seems it worked. Thank you. On 3/22/06, Kamil Andrusz [EMAIL PROTECTED] wrote: Grigoire Welraeds [EMAIL PROTECTED]: following this post http://undeadly.org/cgi?action=articlesid=20060321034114 I wanted to make a donation to the openbsd project. Unfortunatly, paypall does not accept Amex from Belgium. Is there any other way I can make a donation using this type of card? You could try https://https.openbsd.org/cgi-bin/order.eu and use the Make a Donation field ;) Regards, Kamil Andrusz -- It's just a matter of opinion. -- Grigoire Welraeds --
3.8 iBook G3 XDM fr kbd KDM segfault
Hi, I have installed OpenBSD 3.8 release on my iBook G3 300 MHz 288Gb. Dual boot with MacOS X.3 and OpenBSD. I install KDE base utils. I setup xorg to use 32 thousand colors for the display and the ATI video card. Problem 1: french kdb in kde I have a french keyboard. Even by downloading from the net (kind of linux) a new keyboard layout which work a little better that the release one, I have the key '' in place of '@#', the key back- delete do a forward-delete. Pretty annoying. Not directly an OpenBSD fault, but if anyone has the information, I will thank him to guide me. Problem 2: french kbd in xdm I try to use xdm, but I do not know how to specify my french keyboard. To enter the password with different layout is not easy. Problem 3: segmentation fault in kdm Then I try kdm. I get a segfault each time I launch it. I have attach gdb output and dmesg. The dmesg is a little strange, there is some king of output mix. Cordialement, Jean-Girard Pailloncy $ gdb /usr/local/bin/kdm GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as powerpc-unknown-openbsd3.8...(no debugging symbols found) (gdb) run Starting program: /usr/local/bin/kdm Program received signal SIGSEGV, Segmentation fault. 0x2b024f44 in ?? () (gdb) bt #0 0x2b024f44 in ?? () #1 0x2b024eb4 in ?? () Previous frame identical to this frame (corrupt stack?) $ dmesg TA, CD-ROM CR-175, 5AAE SCSI0 5/cdrom removable cd0(wdc1:0:0): using BIOS timings, DMA mode 2 wdc2 at macobio0 irq 21: DMA wi0 at macobio0 irq 57: wi0: Firmware 8.70 variant 1, address 00:30:65:17:87:39 ohci0 at pci1 dev 24 function 0 Apple USB rev 0x00: irq 27, version 1.0 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Apple OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered ohci1 at pci1 dev 25 function 0 Apple USB rev 0x00: irq 0, version 1.0 usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: Apple OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered mpcpcibr2 at mainbus0: uni-north, Revision 0xff pci2 at mpcpcibr2 bus 0 pchb2 at pci2 dev 11 function 0 Apple Uni-N Eth rev 0x00 gem0 at pci2 dev 15 function 0 Apple GMAC rev 0x00: irq 41, address 00:0a:27:8d:f6:64 bmtphy0 at gem0 phy 0: BCM5201 10/100 PHY, rev. 2 uhidev0 at uhub0 port 1 configuration 1 interface 0 uhidev0: Logitech Optical USB Mouse, rev 2.00/3.40, addr 2, iclass 3/1 ums0 at uhidev0: 3 buttons and Z dir. wsmouse1 at ums0 mux 0 bootpath: '/[EMAIL PROTECTED]/[EMAIL PROTECTED]/[EMAIL PROTECTED]/[EMAIL PROTECTED]/bsd' boot device: wd0. root on wd0a rootdev=0x0 rrootdev=0xb00 rawdev=0xb02 syncing disks... done rebooting [ using 323864 bytes of bsd ELF symbol table ] console out [ATY,RageM_Lp]console in [keyboard] ADB found : memaddr 9100 size 100, : consaddr 9100, : ioaddr 9002, size 2: memtag 8000, iotag 8000: width 800 linebytes 800 height 600 depth 8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http:// www.OpenBSD.org OpenBSD 3.8 (GENERIC) #425: Sat Sep 10 15:49:26 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/macppc/compile/GENERIC real mem = 301989888 (294912K) avail mem = 265064448 (258852K) using 1254 buffers containing 15097856 bytes of memory mainbus0 (root) cpu0 at mainbus0: 750 (Revision 0x8300): 299 MHz: 512KB backside cache memc0 at mainbus0: uni-n mpcpcibr0 at mainbus0: uni-north, Revision 0xff pci0 at mpcpcibr0 bus 0 pchb0 at pci0 dev 11 function 0 Apple Uni-N AGP rev 0x00 vgafb0 at pci0 dev 16 function 0 ATI Mach64 LN rev 0x64, mmio wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation) mpcpcibr1 at mainbus0: uni-north, Revision 0x0 pci1 at mpcpcibr1 bus 0 pchb1 at pci1 dev 11 function 0 Apple Uni-N rev 0x00 macobio0 at pci1 dev 23 function 0 Apple Keylargo rev 0x02 openpic0 at macobio0: version 0x4614 macgpio0 at macobio0 macgpio1 at macgpio0 irq 47 programmer-switch at macgpio0 not configured extint-gpio12 at macgpio0 not configured zsc0 at macobio0: irq 22,50 zstty0 at zsc0 channel 0 zstty1 at zsc0 channel 1 adb0 at macobio0 irq 25: via-pmu , 3 targets aed0 at adb0 addr 0: ADB Event device akbd0 at adb0 addr 2: iBook keyboard with inverted T (ISO layout) wskbd0 at akbd0: console keyboard, using wsdisplay0 ams0 at adb0 addr 3: EMP trackpad tpad 2-button, 400 dpi wsmouse0 at ams0 mux 0 abtn0 at adb0 addr 7: brightness/volume/eject buttons apm0 at adb0: battery flags 0x5, 99% charged ki2c0 at macobio0 wdc0 at macobio0 irq 19: DMA wd0 at wdc0 channel 0 drive 0: IBM-DARA-212000 wd0: 16-sector PIO, LBA, 11513MB, 23579136 sectors wd0(wdc0:0:0):
Re: ADSL with pppoa (over ATM)
On Wed, Mar 22, 2006 at 04:29:56AM -0600, mike wrote: My Aethra Starbridge-EU works fine in half-bridge, although I had to set VCI=0 in the modem, whatever that is. You need to set the VPI VCI, encapsulation modulation. It is different for many countries depending on how the telcos deceide to run their network. See: http://www.patton.com/support/faqs_detail.asp?id=142 http://www.adslguide.org.uk/qanda.asp?faq=DSLHardware I would much rather have my ext_if assigned the routable ip, and do all of the nat and rdr from pf :) As you seem to have a static IP on the router's WAN, your ISP will probably be able to provide a /30 routeable LAN for the asking! eg: I have 84.19.247.29/32 on the WAN of the router, and 84.19.247.232/29 as a routeable LAN.
remote data backup
hello i had a well known problem, but no idea how to build a correct solution. we have a lot of linux and bsd servers at our isp. i have to backup data from these systems to a remote system. the backup server (storage server) has access to remote systems (data sources) over ssh and public key auth (a user named backup exists on all systems). my problem, this user has no access to some files in /etc, /usr/local/etc, and so on. so what to do? i build a script that runs locally on all system over root cronjob. the script backs up all data in a tar file on the local machine. my problem now i had to transfer the whole tar archive (on some systems over 8 GB) to my backupserver every day twice (packup period). is there a way with rdiff-backup to start rdiff-backup on remote machine with root access (by sudo)? thanks a lot regards marco
Re: embedded computers with RS485
anyone knows where i can find embedded computers with RS485 ports on board, where i can run OBSD? PC/104 CPU boards quite commonly have at least one serial port switchable from RS-232 to RS-485. Try Googling for +CPU +RS485 +PC104, and you should find plenty. I was looking for something similar to the Soekris ones, i found some in www.acrosser.com but they have to much unuseful stuff. Anyway to find something runable with OBSD in the PC104 world should be a try and error thing, and to much money to make those tests. Understood. You might then consider using a board you're happy with, and using an external RS-232 to RS-485 converter. It's common to use the modem control lines (RTS etc) to control the bus state, whether internally or externally, so should make little difference. It may also give you the option of an opto-isolated RS-485 bus, which is often a Good Thing in such cases, and usually essential when routing the bus further than the next desk. If I can help further, let me know off-list. We're probably way OT. HTH, Steve http://www.fivetrees.com
Re: remote data backup
On 2006/03/22 13:24, Marco Fretz wrote: my problem, this user has no access to some files in /etc, /usr/local/etc, and so on. so what to do? Give the user read-access to those files...? my problem now i had to transfer the whole tar archive (on some systems over 8 GB) to my backupserver every day twice (packup period). If you're compressing the tar, stop doing that, and give the delta compression (rsync-type algorithms) a chance to work. is there a way with rdiff-backup to start rdiff-backup on remote machine with root access (by sudo)? Yes, see rdiff-backup's manual page ('remote operation' section).
Re: alternative for logging pf to syslog
Isn't the load a function of what I choose to log in pf.conf? I'm not talking system load. The logging operation you have created is expensive.
Re: remote data backup
On Wed, Mar 22, 2006 at 01:24:33PM +0100, Marco Fretz wrote: hello i had a well known problem, but no idea how to build a correct solution. we have a lot of linux and bsd servers at our isp. i have to backup data from these systems to a remote system. the backup server (storage server) has access to remote systems (data sources) over ssh and public key auth (a user named backup exists on all systems). my problem, this user has no access to some files in /etc, /usr/local/etc, and so on. so what to do? i build a script that runs locally on all system over root cronjob. the script backs up all data in a tar file on the local machine. my problem now i had to transfer the whole tar archive (on some systems over 8 GB) to my backupserver every day twice (packup period). is there a way with rdiff-backup to start rdiff-backup on remote machine with root access (by sudo)? Probably, but is the basis of the problem not that the backup user has insufficient priviliges? It might be a better solution to use public-key authentication for root, limited to executing a single command. The rdiff-backup docs seem to include this solution. Joachim
Re: remote data backup
hello thanks for your answer may you explain me the thing with the delta compression? i want to backup some files incremental over ssh with tar. is that possible? and is it possible to sudo the tar process on the remote machine? thanks, best regards marco On Wed, 2006-03-22 at 13:06 +, Stuart Henderson wrote: On 2006/03/22 13:24, Marco Fretz wrote: my problem, this user has no access to some files in /etc, /usr/local/etc, and so on. so what to do? Give the user read-access to those files...? my problem now i had to transfer the whole tar archive (on some systems over 8 GB) to my backupserver every day twice (packup period). If you're compressing the tar, stop doing that, and give the delta compression (rsync-type algorithms) a chance to work. is there a way with rdiff-backup to start rdiff-backup on remote machine with root access (by sudo)? Yes, see rdiff-backup's manual page ('remote operation' section).
Re: remote data backup
Marco Fretz wrote: hello i build a script that runs locally on all system over root cronjob. the script backs up all data in a tar file on the local machine. my problem now i had to transfer the whole tar archive (on some systems over 8 GB) to my backupserver every day twice (packup period). Take a look at rsnapshot in ports, it is probably exactly what you need.
Re: ADSL with pppoa (over ATM)
On 3/22/06, Simon Slaytor [EMAIL PROTECTED] wrote: My understanding is that to operate in 'full bridge mode' requires pppoe support from the provider. Which is where this thread started. Not pppoe, but pppoa
Re: remote data backup
ok =) right. i had some problems that me have the same solution. i need a backup solution with the following features: - smallest network traffic - smallest load on remote machines - preserved file permissions - only small configuration on remote machines - restoring data until 7 days ago (7 day generation) - root login on remote machines is disabled is there any solution? =) i think there have to be a way like this: rdiff-backup over ssh and run the remote rdiff-backup with sudo. but how? thanks a lot On Wed, 2006-03-22 at 14:16 +0100, Joachim Schipper wrote: On Wed, Mar 22, 2006 at 01:24:33PM +0100, Marco Fretz wrote: hello i had a well known problem, but no idea how to build a correct solution. we have a lot of linux and bsd servers at our isp. i have to backup data from these systems to a remote system. the backup server (storage server) has access to remote systems (data sources) over ssh and public key auth (a user named backup exists on all systems). my problem, this user has no access to some files in /etc, /usr/local/etc, and so on. so what to do? i build a script that runs locally on all system over root cronjob. the script backs up all data in a tar file on the local machine. my problem now i had to transfer the whole tar archive (on some systems over 8 GB) to my backupserver every day twice (packup period). is there a way with rdiff-backup to start rdiff-backup on remote machine with root access (by sudo)? Probably, but is the basis of the problem not that the backup user has insufficient priviliges? It might be a better solution to use public-key authentication for root, limited to executing a single command. The rdiff-backup docs seem to include this solution. Joachim
Re: remote data backup
On 2006/03/22 14:15, Marco Fretz wrote: may you explain me the thing with the delta compression? rsync, rdiff-backup and some other programs use an algorithm which sends only the differences between files. this is called delta compression. 'delta' refers to the change in value, it's mathematical notation: http://en.wikipedia.org/wiki/Delta_(letter) This is different to what's normally called 'incremental backup' where you determine which files are updated or new since the last backup, and store a complete copy of them. i want to backup some files incremental over ssh with tar. is that possible? Yes. You can use find(1) to select files changed since the last run have tar(1) add just those files, outputted to stdout, and pipe it over an ssh session. This way avoids temporary files on the machine you're backing up, but if you have large files with small changes it's not bandwidth-efficient. $ find /some.dir -newer /tmp/last.backup | tar czf - -I - | ssh some.host cat /tmp/backup.tar.gz touch /tmp/last.backup You can have tar(1) create one big uncompressed temporary archive on the machine being backed up, and rsync it across (by default, this uses ssh). This obviously uses a lot of space for a temporary file, but possibly saves bandwidth over the first method. Or you can use a tool designed for the job, something like rsync or diff-backup, and not worry about tar files at all. about tar files at all. and is it possible to sudo the tar process on the remote machine? Yes, of course it is, just be careful how you set everything up so you don't give full root access without a password.
Re: IDS solution
On Wed, Mar 22, 2006 at 10:54:04AM +0100, Huzeyfe Onal wrote: not bsd-ids.org, try http://www.bro-ids.org/ address. yes, sorry for this typo ;) reyk
Re: remote data backup
Selon Marco Fretz [EMAIL PROTECTED]: ok =) right. i had some problems that me have the same solution. i need a backup solution with the following features: dump(8) via ssh with a user included in the operator group.
Re: remote data backup
On Wed, Mar 22, 2006 at 02:46:10PM +0100, Marco Fretz wrote: ok =) right. i had some problems that me have the same solution. i need a backup solution with the following features: - smallest network traffic - smallest load on remote machines - preserved file permissions - only small configuration on remote machines - restoring data until 7 days ago (7 day generation) - root login on remote machines is disabled is there any solution? =) i think there have to be a way like this: rdiff-backup over ssh and run the remote rdiff-backup with sudo. but how? There is no solution that satisfies all. For instance, a rsync-based solution (such as rdiff-backup) typically uses much more CPU (and, to a lesser extent, memory) than a simpler solution based on tar or dump. On the other hand, it does use less bandwidth. On the third hand, though, if you want to write your backups (only) to an external medium, 'rolling' backups become very problematic. The 'dump' scheme was invented at a time when backups were written to tape, and is quite good for that purpose. Additionally, dump-based solutions on most systems can get away with only having 'operator' priviliges, which is still a lot, but less than 'root'. Rsync will require full root priviliges (via sudo or otherwise) or a lot of configuration. As to just running the remote side with sudo, that shouldn't be too hard. A quick look at the documentation did not suggest this was possible by setting a configuration flag, but one should be able to change the source code to work as desired. Then again, as I proposed upthread, a public key for root which will only run a single command is probably a better solution. Joachim
Re: remote data backup
On Wed, Mar 22, 2006 at 02:15:58PM +0100, Marco Fretz wrote: hello thanks for your answer may you explain me the thing with the delta compression? i want to backup some files incremental over ssh with tar. is that possible? and is it possible to sudo the tar process on the remote machine? As pointed out, this is possible. However, as an extra clarification: Rsync is good at only sending the differences in files. This means rsync (and, by extension, rdiff-backup) works very well on large files where little changes. This is the case for uncompressed tar files - they will differ only in the files and headers that were actually changed since the last backup. However, compressed (and, worse, encrypted) tar files are a different story, as a changed header may cause a 'cascade' effect, changing lots of bits. In this case, using rsync will amount to a very expensive way of copying the whole file. So, if you want to go with rsync-a-tar-file, make sure it is not compressed or encrypted beforehand. (Though running the rsync protocol itself over an encrypted link is very, very good idea.) Joachim
problem with rdiff-backup and permissions
hello i involve the following command on my backup server. on the remote machine i set up backup user in sudoers to allow execute of rdiff-backup --server without password. # rdiff-backup -v2 --remote-schema ssh -C %s 'sudo /usr/bin/rdiff- backup --server' [EMAIL PROTECTED]::/etc test/ after successful backup i made an ls in test/ and noticed that all files are owned by the user initiated the command (named backup). why that and what can i do to preserve the permissions? greets and thanks marco
Re: RAID label problem?
Xavier Mertens writes: Hi, I'm busy to set up a box with 2 x 80GB disks in RAID1. I'm following the procedures found online but, once the RAID is initialized, I got the follow error while trying to partition it: Write new label?: [y] disklabel: ioctl DIOCWDINFO: No space left on device disklabel: unable to write label The RAID is up, consistant: # raidctl -s raid0 raid0 Components: /dev/wd0d: optimal /dev/wd1d: optimal No spares. Parity status: clean Reconstruction is 100% complete. Parity Re-write is 100% complete. Copyback is 100% complete. disklabel report the following: # disklabel -E raid0 disklabel: Can't get bios geometry: Device not configured Initial label editor (enter '?' for help at any prompt) p device: /dev/rraid0c type: RAID disk: raid label: fictitious bytes/sector: 512 sectors/track: 128 tracks/cylinder: 8 sectors/cylinder: 1024 cylinders: 156417 total sectors: 160171392 free sectors: 160171392 rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 4358414031416925149 unused 0 0 # Cyl 1383715*-180 9342* c: 160171392 0 unused 0 0 # Cyl 0 -15641 7* 435841403 + 1416925149 = 1852766552 which is greater than 160171392 by 1692595160. If you fix the offset of 'a', I suspect things will be happier. Later... Greg Oster
Re: RAID label problem?
Well, I already tried to create only a small partition: # disklabel -E raid0 disklabel: Can't get bios geometry: Device not configured Initial label editor (enter '?' for help at any prompt) p device: /dev/rraid0c type: RAID disk: raid label: fictitious bytes/sector: 512 sectors/track: 128 tracks/cylinder: 8 sectors/cylinder: 1024 cylinders: 156417 total sectors: 160171392 free sectors: 160171392 rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 4358414031416925149 unused 0 0 # Cyl 1383715*-1809342* c: 160171392 0 unused 0 0 # Cyl 0 -156417* d a a a offset: [0] size: [160171392] 200m FS type: [4.2BSD] p device: /dev/rraid0c type: RAID disk: raid label: fictitious bytes/sector: 512 sectors/track: 128 tracks/cylinder: 8 sectors/cylinder: 1024 cylinders: 156417 total sectors: 160171392 free sectors: 159761792 rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] a:409600 0 4.2BSD 2048 16384 16 # Cyl 0 - 399 c: 160171392 0 unused 0 0 # Cyl 0 -156417* q Write new label?: [y] y disklabel: ioctl DIOCWDINFO: No space left on device disklabel: unable to write label # Xavier -- Dear customer, we located the problem... It's between the keyboard and the chair! On Wed, 22 Mar 2006, Greg Oster wrote: Xavier Mertens writes: Hi, I'm busy to set up a box with 2 x 80GB disks in RAID1. I'm following the procedures found online but, once the RAID is initialized, I got the follow error while trying to partition it: Write new label?: [y] disklabel: ioctl DIOCWDINFO: No space left on device disklabel: unable to write label The RAID is up, consistant: # raidctl -s raid0 raid0 Components: /dev/wd0d: optimal /dev/wd1d: optimal No spares. Parity status: clean Reconstruction is 100% complete. Parity Re-write is 100% complete. Copyback is 100% complete. disklabel report the following: # disklabel -E raid0 disklabel: Can't get bios geometry: Device not configured Initial label editor (enter '?' for help at any prompt) p device: /dev/rraid0c type: RAID disk: raid label: fictitious bytes/sector: 512 sectors/track: 128 tracks/cylinder: 8 sectors/cylinder: 1024 cylinders: 156417 total sectors: 160171392 free sectors: 160171392 rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 4358414031416925149 unused 0 0 # Cyl 1383715*-180 9342* c: 160171392 0 unused 0 0 # Cyl 0 -15641 7* 435841403 + 1416925149 = 1852766552 which is greater than 160171392 by 1692595160. If you fix the offset of 'a', I suspect things will be happier. Later... Greg Oster
Re: RAID label problem?
On Wed, 22 Mar 2006, Xavier Mertens wrote: 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 4358414031416925149 unused 0 0 # Cyl 1383715*-1809342* c: 160171392 0 unused 0 0 # Cyl 0 -156417* I create my partition, exit with q Xavier -- SELECT * FROM users WHERE clue 0; 0 rows returned You better run fdisk -i raid0 first. You are seeing the remains of an old disklabel, probably. -Otto
dhcp option 82
Hi, I do not think so, but does the openbsd dhcpd can handle dhcp requests that contain that option 82, that can be added by dhcp relays on switches to the originating dhcp request from the client. haven't found anything on that in the manual, so I want to make sure that i am right, or better wrong, before exchanging my dhcpd with isc-dhcpd. cheers lars -- Echte DSL-Flatrate dauerhaft f|r 0,- Euro*! Feel free mit GMX DSL! http://www.gmx.net/de/go/dsl
Re: RAID label problem?
Xavier Mertens writes: Well, I already tried to create only a small partition: [snip] p device: /dev/rraid0c type: RAID disk: raid label: fictitious bytes/sector: 512 sectors/track: 128 tracks/cylinder: 8 sectors/cylinder: 1024 cylinders: 156417 total sectors: 160171392 free sectors: 159761792 rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] a:409600 0 4.2BSD 2048 16384 16 # Cyl 0 - 39 9 c: 160171392 0 unused 0 0 # Cyl 0 -15641 7* q Write new label?: [y] y disklabel: ioctl DIOCWDINFO: No space left on device disklabel: unable to write label What does 'raidctl -s raid0' say? There are not may places in the DIOCWDINFO code path where ENOSPC is returned... but one of them is in raidstrategy(). Later... Greg Oster
Re: Strange pthread/kernel interaction
No. This is as it should be, because -lpthread does threads in *one* kernel process, so it has to intercept blocking operations so it can switch to another thread instead, or call select/poll/kevent if needed, so not all threads hang if *one* executes a blocking operation. How could I help the high CPU usage then? The device driver read routine always prematurely exits because IO_NDELAY is set (and there's nothing to read - so EWOULDBLOCK is returned). the real syscall symbols are available as _thread_sys_read and so on. you'll also need to clear non-blocking with _thread_sys_fcntl. If I would now use _thread_sys_read and so on, then the main thread would block (as expected), but due to the implementation, control is not passed to other threads (because of blocking on _thread_sys_read()) as far as I understand. It looks like I am not able to do threading and blocking at the same time, that's where I am stuck. Jan Engelhardt -- | Software Engineer and Linux/Unix Network Administrator
Free shipping all over the world / Frais de port gratuits
Abebooks.fr/Enfer.com Free shipping all over the world until the end of March 2006 / En mars 2006, frais de port gratuits Hello, Until the end of March 2006, FREE SHIPPING for any order placed on Abebooks/Enfer.com, no minimum of purchase and for a shipping in maritime economic mode for Europe, for United States, for Asia, for Africa, for Australia, finally for the whole world! Our catalogue has been just updated on Abebooks, you can consult it entirely while clicking HERE or on the headings below to find the book youre looking for, more than 1700 titles on line: Bonjour, En mars 2006, FRAIS DE PORT GRATUITS pour toute commande passie sur Abebooks/Enfer.com, sans minimum d'achat et pour un envoi en mode iconomique maritime ` destination de l'Europe, des Etats Unis, de lAsie, de lAustralie, dAfrique , enfin dans le monde entier! Notre catalogue vient d'jtre mis ` jour sur Abebooks, vous pouvez le consulter entihrement en cliquant ICI ou sur les rubriques ci-dessous pour dicouvrir le livre que vous recherchez, plus de 1700 titres en ligne: Catalogues : Actualitis-Histoire / History Art Erotique / Erotic Art Bande Dessinie / Comics Books Bande Dessinie - Illustration / Illustrated Art Books Bande Dessinie Erotique / Erotic Comics Books Beaux-Livres / Fine Books Biographies / Biographies Memories Cartes Postales irotiques / Erotic Postcards Dessins Erotiques / Erotic Drawings Dictionnaires irotiques / Erotic Dictionaries Gravures Irotiques / Erotic Art Print Littirature Irotique / Erotic Literature Littirature irotique en anglais /English Erotic Fiction Monographies / Monographies Photographie - Cinima / Photo - Cinema Photographie Irotique / Erotic Photo Revues BD / Comics Magazines Revues BD irotique / Erotic Comics Revues Erotiques / Erotic Magazines Sexologie - Sexualiti / Sexology - Sexuality Science-fiction - Fantastique / Fantasy The team of enfer.com L'iquipe d'enfer.com Abebooks.fr/Enfer.com Take a look too at our site on the Internet : Enfer.com N'oubliez pas de consulter igalement notre site : Enfer.com Editions Dominique Leroy 3, rue Docteur Andri Ragot, B.P. 313 89103 Sens Cedex, France - Tel.: 33 (0)3 86 64 15 24 e-mail: [EMAIL PROTECTED] == Message composi et expidii avec la version Freeware de Sarbacane., le logiciel d'e-mailing professionnel pour Windows de GOTO Software. Attention, GOTO n'est responsable ni du contenu de ce message ni du fait qu'il vous a iti expidii. Pour toute question au sujet de ce message, merci de prendre contact avec l'expiditeur. ==
asynchronous RPC mechanism
Dear folks, i have choosen openbsd as my plataform of choice for deploying a service that will have to handle RPC processing in an asynchronous fashion. I got surprised when i see that the RPC library that comes with OpenBSD does not support Async processing. I tried to build my own routine and found it was no easy task. Does anybody know about an async RPC mechanism i could use (any library)? Thanks a lot for your time and cooperation. Best regards.
Re: telldir(), etc: prevent memory leak
On Wed, 22 Mar 2006, Joshua Sandbrook wrote: Just today I found my openbsd server curiously stalled... not completely dead, could switch consoles, ping it.. but otherwise unresponsive. Found out that smbd was eating huge amounts of memory, and I put the crash down to smbd. I applied ( by hand, patch did not work ) the patches Paul wrote.. Yeah. I was having issues with my mail client (silly line wrapping and general corruption). There is a much cleaner patch offered (against -current) on the tech list: http://marc.theaimsgroup.com/?l=openbsd-techm=114275248318690w=2 This one should work if run through patch. Don't know if it will apply against a 3.8 source tree, but I did test to ensure that it worked from the mailing list against -current. If it doesn't apply, please let me know, and I'll be happy to clean it up and try again. and now smbd is behaving in a more sane fashion, though still seems to be very slowly climbing in memory useage, though nothing like it was before. It was climbing at around 1Mb of ram per second before hand, now it is only using 6mb of ram ( started at 2.7 ish mb of ram ) according to top. That's about what I was experiencing, too. Leakage much worse if the directories were highly populated, but still slow leakage for smaller dirs, too. After the patch, some transitory memory usage, but typically it remains stable for me. So either there is still some memory leakage in telldir and friends, or smbd has other memory leaks in it, or this is just normal behaviour for smbd. I concentrated on the biggest culprit in my particular install. I'm quite sure that smbd probably leaks in other places, too, and I may not have caught all places in dirent that may leak if used ... oddly. Perhaps I should go on another hunt if there is interest in the community. But the patch definately put a stop on the rapid memory consumtion. Glad it was useful to someone! Thanks Paul Most welcome. Hopefully the openbsd guys will provide feedback on it when they find some time, especially if it needs any further work to get it acceptable for inclusion into 3.9. Cheers, - Paul
Going nuts with wireless (ath(4) in this case)
Hello, today, I wasted tons of money (from my perspective) ... First, I bought a D-Link DWL-G650. Turns out it was revision C with an AR5213 on it ... the driver complained about the RF radio not being supported. After lots of whining in the store, I got to replace it with a Netgear WG511T. Before breaking any seals of the packaging, I called Netgear tech support to ask for what they built into this card, with s/n foo-blah-bar. Turns out they couldn't tell, really, so I asked whether there are any different revisions of that card, i.e. whether it ever changed. They say no, it's been always the same and I figured that was good enough. Oh well, I thought wrong. Same AR5213, same unsupported RF radio. ARGH! No way I'm going to be able to get this one replaced, with broken seals in the package. It seems that it's virtually impossible to get a working/supported wireless card these days ... damn those vendors who change hardware without notice, and damn Netgear for lying to me. :-(( And not to mention that useless, new wireless bridge that is doing nothing ... at least it has 3 shiny blue LEDs. Now I figured, what the hell; let's try and make it supported. My wishful thinking and simply cranking the supported revisions of ath(4) allowed the driver to attach, but that's as far as it goes. I can mess around with ifconfig, setting any channel other than 6 isn't possible and I'm getting this should not happen-errors. Since I was too stupid to save the kernel output earlier, it's now garbled ... impressive, how stuff in memory survives power-cycles in dmesg (all the numbers are okay, otherwise I wouldn't bother pasting this:) A4heros C/mmunications, In\M-c., AR5001--, Wireless LAN Reference Card : irq 11 ath0: AR5213 7.9 phy 4.5 rf2112a 5.6 FCC2A*, address 00:0f:b5:ef:5e:a0 ath0: device timeowt ar5k_ar5212_nic_wakeup: failed to resume |he AR5212 (acain) avh0: Unable to reset h\M-ardware; hal status 3671035180 ath0: device timeowt [...] :-) My experimentation did some weird stuff to OpenBSD, which is why I'm running a sane kernel again. Anyways, I'm obviously not getting anywhere, and driver hacking still is a closed book to me. However, I'm quite interested in learning more, or at least try and help someone who's further down this road by testing patches etc. In case I'm alone with this, I'd highly appreciate some pointers on how to get started. I don't remember, was Atheros a nice or an evil company? How can I get the information I need to get this to work? Thanks for your time, Moritz
Re: telldir(), etc: prevent memory leak
On Wed, 22 Mar 2006, Paul Thorn wrote: Most welcome. Hopefully the openbsd guys will provide feedback on it when they find some time, especially if it needs any further work to get it acceptable for inclusion into 3.9. It won't make 3.9, which is already in production. But reviewing and tsting the diff is on my list. I'm a bit worried you are breaking documented behaviour (the opendir, readdir, telldir, closedir, opendir, seekdir case). But most other platforms (except NetBSD) do not seem to give this guarantee, so maybe it is ok to drop it. A comment I can give now is that I prefer the lists manipulations to be done using the list macros from queue(3). You might wanna take a look at the freebsd code. -Otto
CGI security: in addition to chroot
i'm putting a machine into production in the next week or two that uses binary CGI scripts. i want to add additional layers of security beyond having apache chroot-ed in case the binaries decide to run amok. things that occur to me as a good idea are systrace and sbox (see http://stein.cshl.org/software/sbox/ ), but i don't have much experience with either of these. if anyone has experience with either of these two solutions in production, i would appreciate being informed about such. this machine will be colocated so i'm very keen on having everything worked out before it goes into production. feel free to contact me off-list if you like. cheers, jake
Sendmail security problem
Hi, Any comment about this? (see sendmail.org). Este correo electrsnico y la informacisn contenida en el mismo es de caracter confidencial y esta sometida al secreto profesional, dirigiindose exclusivamente al destinatario mencionado en el encabezamiento, cuyos datos forman parte de un fichero responsabilidad del GRUPO CARRERAS y cuya finalidad es contactar con el titular de los datos a travis del correo electrsnico. Le informamos que cuenta con los derechos de acceso, rectificacisn y cancelacisn, que podra ejercitar mediante el envmo de un e- mail a la siguiente direccion: [EMAIL PROTECTED] Si el receptor de la comunicacisn no fuera el destinatario, le informamos que cualquier divulgacisn, copia, distribucisn o utilizacisn no autorizada de la informacisn contenida en la misma esta prohibida por la legislacisn vigente. http://www.grupocarreras.com
Re: remote data backup
On Wed, 22 Mar 2006 15:54:08 +0100, Joachim Schipper wrote: So, if you want to go with rsync-a-tar-file, make sure it is not compressed or encrypted beforehand. (Though running the rsync protocol itself over an encrypted link is very, very good idea.) I do this for a client which has a zipfile of about 20MB which used to be delivered by courier from head office to retail stores. It had all the binaries used by the back-office computer plus stock files, inevntories etc. Now the zip files is copied from the master at head office to an OpenBSD box where it is unzipped to a directory. Then the stores connect at an appointed time and use rsync over ssh to update their local copies. Don't forget the C option in ssh (use -e ssh -C in the rsync options) which is too computationally expensive on a fast LAN but is ideal for lower speed links. For example, head office in my client has 1536/256 ADSL and the stores have 256/64 and it speeds up very well. HTH. Rod From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Re: asynchronous RPC mechanism
Hello! On Wed, Mar 22, 2006 at 01:21:06PM -0300, Gustavo Rios wrote: Dear folks, i have choosen openbsd as my plataform of choice for deploying a service that will have to handle RPC processing in an asynchronous fashion. I got surprised when i see that the RPC library that comes with OpenBSD does not support Async processing. I tried to build my own routine and found it was no easy task. Does anybody know about an async RPC mechanism i could use (any library)? Thanks a lot for your time and cooperation. I'm doing something like that, but I just use simple self-made protocols and multiplex them with libevent. A little C++ framework above it, and it's quite usable. Best regards. Kind regards, Hannah.
Re: ADSL with pppoa (over ATM)
I used to have one of these. On your external NIC, use DHCP, and that is it. The DLink does the PPPoA stuff and issues the WAN IP address to your DHCP card. You can still telnet to the DLink on 192.168.0.1 at the same time as your link being up. mmm...I tried switching off dhcp server on the modem, issued a dhcpclient xl1 but I can't get a dhcp response
A couple of questions about ural(4) and hostap mode
Hi, I'm going to buy a Linksys WUSB54G v4 wireless adapter and I'd like to use it to set up an access point with hostapd (but not only for this purpose, of course) I read in the man pages that: The ural driver supports automatic control of the transmit speed in BSS mode only. Therefore the use of a ural adapter in Host AP mode is discouraged. [ural(4) -current] So, it seems that if I put ural(4) in hostap mode I can't get automatic change of the trasmission rate. The question is: what kind of problems I will face imposing a fixed speed? Will the other stations deassociate whenever the signal strength goes under a certain limit? I will be forced to use the minimum speed? Are there any workarounds for this issue? P.S.: Well, more than a couple of question, I see... -- http://swpat.ffii.org/ Giuseppe Argentieri
Re: Removing a misconfigured list member? [EMAIL PROTECTED]: Undelivered Mail Returned to Sender]
Hello! On Wed, Mar 22, 2006 at 07:55:39AM +0059, Han Boetes wrote: Keith Richardson wrote: Hannah wrote: Mailing to [EMAIL PROTECTED] didn't work either (similar loop error message). So could one please remove [EMAIL PROTECTED] from the mailing lists? Sorry for mailing the list itself, but I didn't find a more specific contact for that on http://www.openbsd.org/mail.html. I think you wanted [EMAIL PROTECTED] if I remember majordomo's email correctly. Check the headers of any email from the openbsd mailinglists ;-) There're no List-foo headers, just Sender: [EMAIL PROTECTED] But then, there's no guarantee that the sender or envelope from is the best address to reach a human list administrator. So I'd suggest adding a reference to such to the mail.html page. I'll try how forwarding my original mail to owner-... works out. # Han Kind regards, Hannah.
Re: Going nuts with wireless (ath(4) in this case)
On 3/22/06, Moritz Grimm [EMAIL PROTECTED] wrote: today, I wasted tons of money (from my perspective) ... First, I bought a D-Link DWL-G650. Turns out it was revision C with an AR5213 on it ... the driver complained about the RF radio not being supported. After lots of whining in the store, I got to replace it with a Netgear WG511T. Before breaking any seals of the packaging, I called Netgear tech support to ask for what they built into this card, with s/n foo-blah-bar. Turns out they couldn't tell, really, so I asked whether there are any different revisions of that card, i.e. whether it ever changed. They say no, it's been always the same and I figured that was good enough. Oh well, I thought wrong. Same AR5213, same unsupported RF radio. ARGH! No way I'm going to be able to get this one replaced, with broken seals in the package. A4heros C/mmunications, In\M-c., AR5001--, Wireless LAN Reference Card : irq 11 ath0: AR5213 7.9 phy 4.5 rf2112a 5.6 FCC2A*, address 00:0f:b5:ef:5e:a0 ath0: device timeowt ar5k_ar5212_nic_wakeup: failed to resume |he AR5212 (acain) avh0: Unable to reset h\M-ardware; hal status 3671035180 ath0: device timeowt [...] :-) My experimentation did some weird stuff to OpenBSD, which is why I'm running a sane kernel again. Anyways, I'm obviously not getting anywhere, and driver hacking still is a closed book to me. However, I'm quite interested in learning more, or at least try and help someone who's further down this road by testing patches etc. In case I'm alone with this, I'd highly appreciate some pointers on how to get started. I don't remember, was Atheros a nice or an evil company? How can I get the information I need to get this to work? First off I'll say that I feel your pain. But I haven't had any problem finding AR5211 and AR5212 devices as you can see in the archives I have two at the moment, a Netgear WAB501 and a Cisco. With a snapshot of a week or so ago I get similar messages as above along with a panic on boot. Unfortunately right now the team is pretty busy getting the release together. I have received a couple of patches but nothing has worked yet. Greg
Re: ADSL with pppoa (over ATM)
On Wed, Mar 22, 2006 at 07:14:23PM +0100, Luca Losio wrote: I used to have one of these. On your external NIC, use DHCP, and that is it. The DLink does the PPPoA stuff and issues the WAN IP address to your DHCP card. You can still telnet to the DLink on 192.168.0.1 at the same time as your link being up. mmm...I tried switching off dhcp server on the modem, issued a dhcpclient xl1 but I can't get a dhcp response Leave the DHCP server enabled on the DLink, and enable your NIC via DHCP. Job done. Unplug the phone line and reboot the router, your NIC will get a 192.168.0.2 address, plug the phone line in and it will get issued the public WAN IP from the router. The router was designed for Windoze users, and they wouldn't mess about with static setups. I now use a ZyXEL and have my ISP allocate a routeable LAN, which is better, but not doable with the DLink model that you have.
Re: Strange pthread/kernel interaction
Hi! On Wed, Mar 22, 2006 at 04:30:28PM +0100, Jan Engelhardt wrote: How could I help the high CPU usage then? The device driver read routine always prematurely exits because IO_NDELAY is set (and there's nothing to read - so EWOULDBLOCK is returned). Which device do you use? Does that not support poll/select/kqueue properly? Because if it did, the pthread library would probably do the right thing (on EWOULDBLOCK, suspend the thread, and sometimes use kqueue or similar to find out when it can re-schedule the thread again). the real syscall symbols are available as _thread_sys_read and so on. you'll also need to clear non-blocking with _thread_sys_fcntl. If I would now use _thread_sys_read and so on, then the main thread would block (as expected), but due to the implementation, control is not passed to other threads (because of blocking on _thread_sys_read()) as far as I understand. It looks like I am not able to do threading and blocking at the same time, that's where I am stuck. I've just explained it to someone else what I did in cases like that. Short summary: fork processes for the really blocking stuff (disk I/O, device I/O), do the high level logic and network I/O in the parent, communicate requests/responses to the children, using e.g. socketpair (they're fast enough). So this maps the blocking I/O done in the children to socketpair I/O which you *can* select/poll/kqueue/epoll on, e.g. using libevent. Or even using OpenBSD's userland pthread, having a thread block on reading responses from the socketpair. Jan Engelhardt Kind regards, Hannah.
SGI O2
I've two SGI O2 R12000 at home from today for experimental use. They've 32 of them unused at my uni so the admin said it was ok to take two :) Now I've problems installing osbd 3.8, I've choosed the cdboot installation method. First I : 'resetenv' then setenv OSLoader=boot and setenv OSLoadFilename=/bsd.rd Then I choose Install program from CDrom in the maintaining menu. What I can see on the screen is all the boot arguments at top (from the environment). OpenBSD/sgi Arcbios boot Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd Loading ELF64 file 0xfff... Loading symbol table Start at 0x ARCS32 Firmware Version 1.10 SR=34010080 Found SGI-IP32, setting up. And here it freeze, nothing else happens. any ideas are welcome, /bkw -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ##
Re: SGI O2
What I can see on the screen is all the boot arguments at top (from the environment). OpenBSD/sgi Arcbios boot Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd Loading ELF64 file 0xfff... Loading symbol table Start at 0x ARCS32 Firmware Version 1.10 SR=34010080 Found SGI-IP32, setting up. And here it freeze, nothing else happens. I'll bet you did not connect a serial console to the machine. Miod
Re: Strange pthread/kernel interaction
How could I help the high CPU usage then? The device driver read routine always prematurely exits because IO_NDELAY is set (and there's nothing to read - so EWOULDBLOCK is returned). Which device do you use? Does that not support poll/select/kqueue properly? Because if it did, [...] I need to implement that function. Thanks for the hint! (btw, device is: rpldev from http://ttyrpld.sf.net/) Jan Engelhardt --
Re: SGI O2
you're right, I missed that line in INSTALL.sgi. and the worst is that none of my laptops have RS232 ports even if I've a serialcable. I hope there're USB-RS232 converters available. the world is not always fair. /bkw On 22/03/06, Miod Vallat [EMAIL PROTECTED] wrote: What I can see on the screen is all the boot arguments at top (from the environment). OpenBSD/sgi Arcbios boot Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd Loading ELF64 file 0xfff... Loading symbol table Start at 0x ARCS32 Firmware Version 1.10 SR=34010080 Found SGI-IP32, setting up. And here it freeze, nothing else happens. I'll bet you did not connect a serial console to the machine. Miod -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ##
Re: SGI O2
thus Bachman Kharazmi spake: you're right, I missed that line in INSTALL.sgi. and the worst is that none of my laptops have RS232 ports even if I've a serialcable. I hope there're USB-RS232 converters available. the world is not always fair. ^ said the man who got two O2/R12k for free ;) /bkw
Re: SGI O2
Bachman Kharazmi wrote: you're right, I missed that line in INSTALL.sgi. and the worst is that none of my laptops have RS232 ports even if I've a serialcable. I hope there're USB-RS232 converters available. You can get converters. Not all of them connect DSR/DTR. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Site indexing application
Le Tue, Mar 21, 2006 at 02:18:10PM +0200, Gabriel George POPA ecrivait : Frank Denis wrote: Yes, very interesting. But I was looking for a very secure, highly proven solution, prepackaged for OpenBSD with Apache chrooted. Well, Hyper Estraier is far from being a beta project. It's an evolution of Estraier, itself based upon Snatcher, whoose work began 6 years ago. The code is very clean, it works and it's fast. The code of Mnogosearch (and DPsearch since it's based upon it) is messy and designed in a totally insecure and unreliable way. I had a hard time last year with it in order to add various hacks to have it work with our blog web site (skyblog.com). There were many ways to get it die with segmentation faults. And the indexer wasn't always able to resume its activity after a crash. Plus Mnogosearch doesn't scale as well as advertised. OTOH, Hyper Estraier scales really well. It just needs an OpenBSD port. -- Frank Denis - frank [at] nailbox.fr Young Nails / Akzentz nail tech
Re: SGI O2
On Wed, 22 Mar 2006 21:37:45 +0100 Bachman Kharazmi [EMAIL PROTECTED] wrote: you're right, I missed that line in INSTALL.sgi. and the worst is that none of my laptops have RS232 ports even if I've a serialcable. I hope there're USB-RS232 converters available. That should do the trick, but you must have a null modem cable otherwise you still won't be able to see much ;-) the world is not always fair. /bkw On 22/03/06, Miod Vallat [EMAIL PROTECTED] wrote: What I can see on the screen is all the boot arguments at top (from the environment). OpenBSD/sgi Arcbios boot Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd Loading ELF64 file 0xfff... Loading symbol table Start at 0x ARCS32 Firmware Version 1.10 SR=34010080 Found SGI-IP32, setting up. And here it freeze, nothing else happens. I'll bet you did not connect a serial console to the machine. Miod -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ## -- Humppa is a serious thing! [demime 1.01d removed an attachment of type application/pgp-signature]
Re: SGI O2
ah! my obsd fw is a generic pc which has serial port, I'll try to move everything near it. I might be a lucky guy anyway... /bkw On 22/03/06, Darrin Chandler [EMAIL PROTECTED] wrote: Bachman Kharazmi wrote: you're right, I missed that line in INSTALL.sgi. and the worst is that none of my laptops have RS232 ports even if I've a serialcable. I hope there're USB-RS232 converters available. You can get converters. Not all of them connect DSR/DTR. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ##
Re: SGI O2
On 2006/03/22 21:37, Bachman Kharazmi wrote: I hope there're USB-RS232 converters available. 'see also' section of ucom(4). The ones looking like http://tinyurl.com/sxgxo are usually Cypress and /not/ yet supported, the older bulkier-looking ones are more likely to work.
Re: SGI O2
cool, it booted and I'm setting up my disk now :) thanks guys for all your replies. /bkw On 22/03/06, Bachman Kharazmi [EMAIL PROTECTED] wrote: I've two SGI O2 R12000 at home from today for experimental use. They've 32 of them unused at my uni so the admin said it was ok to take two :) Now I've problems installing osbd 3.8, I've choosed the cdboot installation method. First I : 'resetenv' then setenv OSLoader=boot and setenv OSLoadFilename=/bsd.rd Then I choose Install program from CDrom in the maintaining menu. What I can see on the screen is all the boot arguments at top (from the environment). OpenBSD/sgi Arcbios boot Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd Loading ELF64 file 0xfff... Loading symbol table Start at 0x ARCS32 Firmware Version 1.10 SR=34010080 Found SGI-IP32, setting up. And here it freeze, nothing else happens. any ideas are welcome, /bkw -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ##
Stability of bge on 3.8 SMP
I have a server acting as a router/firewall (dmesg below) that stopped passing traffic on one network card after being up for ~4 months. The card was unpingable, and I believe the console said watchdog timeout. Since the connection was down, I didn't take the time to write down the message, but instead rebooted the system. Two days later the same thing happened. I currently attribute it to bad hardware and have swapped out the server with another identical one. I'm not asking for the problem to be solved, since I know I don't have enough information, rather I want to know if I should use a different network card. Should I just use the single processor kernel? Or is there a work-around/configuration change that will guarantee me stability with this configuration? I found this while searching Google: http://www.armorlogic.com/openbsd_information_server_compatibility_list.html?action=detailid=dl580g3 which says OpenBSD 3.8 can boot on the machine, but seems to have various issues related to multiprocessor support and on-board Broadcom network interfaces. Thanks! Dan # cat hostname.bge0 inet www.xxx.yyy.zzz 255.255.255.252 NONE # cat hostname.bge1 inet aaa.bbb.ccc.ddd 255.255.255.248 NONE # ifconfig -a lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33192 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:e0:81:30:ba:30 media: Ethernet autoselect (100baseTX full-duplex) status: active inet www.xxx.yyy.zzz netmask 0xfffc broadcast snip inet6 snipbge0 prefixlen 64 scopeid 0x1 bge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:e0:81:30:ba:31 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet aaa.bbb.ccc.ddd netmask 0xfff8 broadcast snip inet6 snipbge1 prefixlen 64 scopeid 0x2 pflog0: flags=141UP,RUNNING,PROMISC mtu 33192 pfsync0: flags=0 mtu 1348 enc0: flags=0 mtu 1536 OpenBSD 3.8 (GENERIC.MP) #504: Sat Sep 10 16:02:38 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4227395584 (4128316K) avail mem = 3632812032 (3547668K) using 22937 buffers containing 422948864 bytes (413036K) of memory mainbus0 (root) mainbus0: Intel MP Specification (Version 1.4) (TYAN S2881 ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Opteron(tm) Processor 248, 2191.74 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199220473Hz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Opteron(tm) Processor 248, 2191.43 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type ISA ioapic0 at mainbus0 apid 2: pa 0x86cbde24, version 11, 24 pins ioapic1 at mainbus0 apid 3: pa 0x86cbdd24, version 11, 4 pins ioapic2 at mainbus0 apid 4: pa 0x86cbdc24, version 11, 4 pins pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07 pci1 at ppb0 bus 3 ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 10), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 10), version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered vga1 at pci1 dev 6 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) AMD AMD8111 LPC rev 0x05 at pci0 dev 7 function 0 not configured pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SAMSUNG, CD-ROM SN-124, N103 SCSI0 5/cdrom
Re: ADSL with pppoa (over ATM)
On Wed, 22 Mar 2006 11:14:07 + Craig Skinner [EMAIL PROTECTED] wrote: On Wed, Mar 22, 2006 at 04:29:56AM -0600, mike wrote: My Aethra Starbridge-EU works fine in half-bridge, although I had to set VCI=0 in the modem, whatever that is. You need to set the VPI VCI, encapsulation modulation. It is different for many countries depending on how the telcos deceide to run their network. See: http://www.patton.com/support/faqs_detail.asp?id=142 http://www.adslguide.org.uk/qanda.asp?faq=DSLHardware I was mistaken, my VPI=0, VCI=35 per my ISP. Note that this is in Wisconsin, USA, so the above link's table is not quite correct, as it lists the USA's VPI as 8, which also was the modem's default. I would much rather have my ext_if assigned the routable ip, and do all of the nat and rdr from pf :) As you seem to have a static IP on the router's WAN, your ISP will probably be able to provide a /30 routeable LAN for the asking! eg: I have 84.19.247.29/32 on the WAN of the router, and 84.19.247.232/29 as a routeable LAN. A /30 would be nice, but I have no complaints with a dynamic /32, dyndns, and then rdr'ing ssh smtp via pf.
Re: SGI O2
After I downloaded the sets successfully and the rest of the installation went fine I tried to reboot the system, what happens after reboot is nothing. No boot , but I can enter the maintaing menu. Maybe of these lines have to be changed in console(maintain menu): SystemPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(8) OSLoadPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(0) In case that's my problem I don't know which one to change. printenv is pasted bellow. System Maintenance Menu 1) Start System 2) Install System Software 3) Run Diagnostics 4) Recover System 5) Enter Command Monitor Option? 5 Command Monitor. Type exit to return to the menu. printenv AutoLoad=Yes diskless=0 dbaud=9600 volume=80 sgilogo=y monitor=h TimeZone=PST8PDT netaddr=192.0.2.1 crt_option=1 SystemPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(8) OSLoadPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(0) OSLoader=boot OSLoadFilename=/bsd.rd OSLoadOptions=auto console=d ConsoleOut=serial(0) ConsoleIn=serial(0) cpufreq=270 eaddr=08:00:69:0e:9b:ab videostatus=illegal_env_var On 22/03/06, Bachman Kharazmi [EMAIL PROTECTED] wrote: cool, it booted and I'm setting up my disk now :) thanks guys for all your replies. /bkw On 22/03/06, Bachman Kharazmi [EMAIL PROTECTED] wrote: I've two SGI O2 R12000 at home from today for experimental use. They've 32 of them unused at my uni so the admin said it was ok to take two :) Now I've problems installing osbd 3.8, I've choosed the cdboot installation method. First I : 'resetenv' then setenv OSLoader=boot and setenv OSLoadFilename=/bsd.rd Then I choose Install program from CDrom in the maintaining menu. What I can see on the screen is all the boot arguments at top (from the environment). OpenBSD/sgi Arcbios boot Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd Loading ELF64 file 0xfff... Loading symbol table Start at 0x ARCS32 Firmware Version 1.10 SR=34010080 Found SGI-IP32, setting up. And here it freeze, nothing else happens. any ideas are welcome, /bkw
Re: ADSL with pppoa (over ATM)
mike wrote: http://www.patton.com/support/faqs_detail.asp?id=142 http://www.adslguide.org.uk/qanda.asp?faq=DSLHardware I was mistaken, my VPI=0, VCI=35 per my ISP. Note that this is in Wisconsin, USA, so the above link's table is not quite correct, as it lists the USA's VPI as 8, which also was the modem's default. VPI/VCI numbers vary all over the US, so that table is about worthless. Here in Colorado, on Qwest, I believe we are 0,32. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Sporadic kernel panic booting old i386 hardware, 3.7 GENERIC
Greetings, For the second time in a week the following kernel panic has occured on boot. In between these two events the firewall has booted many times without issue. booting hd0a:/bsd: 4686336+945680 [52+241344+223335]=0x5d08e0 entry point at 0x100120 [ using 465104 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.7 (GENERIC) #1: Mon Mar 6 15:39:23 CST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium (P54C) (GenuineIntel 586-class) 75 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8 cpu0: F00F bug workaround installed real mem = 41525248 (40552K) avail mem = 30085120 (29380K) using 532 buffers containing 2179072 bytes (2128K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 10/10/94, BIOS32 rev. 0 @ 0xf6f20 apm0 at bios0: Power Management spec V1.1 apm0: AC on, battery charge unknown uvm_fault(0xd05b21e0, 0x0, 0, 1) - e kernel: page fault trap, code=0 Stopped at lockmgr+0x1a: movl0x4(%esi),%eax ddb Is this (very old) hardware just giving up the ghost, bad RAM (I've seen a couple of mentions in the archives pointing to this), some other component in need of replacement, or something else worth investigating further? Many thanks in advance for any assistance, Damon.
Re: SGI O2
On Wed, 22 Mar 2006, Stuart Henderson wrote: On 2006/03/22 21:37, Bachman Kharazmi wrote: I hope there're USB-RS232 converters available. 'see also' section of ucom(4). The ones looking like http://tinyurl.com/sxgxo are usually Cypress and /not/ yet supported, the older bulkier-looking ones are more likely to work. uplcom(4) is your friend. If you're in the states just search eBay for Prolific pl-2303 usb serial or something similar. I've seen them for under US$10. diana
certpatch on obsd 3.8
hi, i would like to migrate my isakmpd configuration with x509 certificates from my old router with obsd 3.3 to new with obsd 3.8, but i have problem with absence of certpatch on obsd 3.8 because i used it for SubjAltName (in form of email to CN) with this command i: #certpatch -t ufqdn -i ${new_cert} -k $CA_KEY /etc/isakmpd/certs/${new_cert}.crt /etc/isakmpd/certs/${new_cert}.crt i can use this (but without success :-( ): # openssl x509 -req -days 730 -in /etc/isakmpd/private/${new_cert}.csr -CA $CA_crt -CAkey $CA_key -CAcreateserial -extfile /etc/ssl/x509v3.cnf -extensions x509v3_UFQDN -out /etc/isakmpd/certs/${new_cert}.crt with this in x509v3.cnf # default settings CERTUFQDN = what i have to give there ??!! [x509v3_UFQDN] subjectAltName=email:$ENV::CERTUFQDN thank you for help regards lukas
[no subject]
Bcc: Subject: Re: certpatch on obsd 3.8 Reply-To: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] i can use this (but without success :-( ): # openssl x509 -req -days 730 -in /etc/isakmpd/private/${new_cert}.csr -CA $CA_crt -CAkey $CA_key -CAcreateserial -extfile /etc/ssl/x509v3.cnf -extensions x509v3_UFQDN -out /etc/isakmpd/certs/${new_cert}.crt with this in x509v3.cnf # default settings CERTUFQDN = what i have to give there ??!! [x509v3_UFQDN] subjectAltName=email:$ENV::CERTUFQDN something like this # env [EMAIL PROTECTED] openssl x509 -req -days 730 -in \ /etc/isakmpd/private/${new_cert}.csr -CA $CA_crt -CAkey $CA_key \ -CAcreateserial -extfile /etc/ssl/x509v3.cnf -extensions \ x509v3_UFQDN -out /etc/isakmpd/certs/${new_cert}.crt -- Mathieu Sauve-Frankel
Re: buf_read dhclient
On Thu, 2006-03-16 at 18:43 +0100, Johan SANCHEZ wrote: And time to time this one: natbox dhclient[19726]: buf_read (connection closed): Undefined error: 0 That's what I'm seeing every time I run sh /etc/netstart sis0. After this a new dhclient gets started and the DHCP lease will be obtained/renewed. However, no automatic renewals take place afterwards, and I have to repeat the manual procedure. The external nic is an pcn0: Mine is a NS DP83815 10/100 (sis), on a WRAP. The box just run pf and nothing else. Same here, just an Internet firewall. I was using 3.7 before yesterday and this never happened. I have to say, though, that before yesterday the firewall hardware was different, too, with an le interface on the outside. For now I'm running a cron job to periodically renew my DHCP lease... My root fs is mounted noatime, and var and dev are mfs's: /dev/wd0a on / type ffs (local, noatime) mfs:15181 on /dev type mfs (asynchronous, local, noexec, nosuid, size=1200 512-blocks) mfs:28327 on /var type mfs (asynchronous, local, nodev, noexec, nosuid, size=32768 512-blocks) I suppose the WRAP dmesg is well known, but here it goes anyway: OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled real mem = 133804032 (130668K) avail mem = 115478528 (112772K) using 1658 buffers containing 6791168 bytes (6632K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(fa) BIOS, date 05/02/05, BIOS32 rev. 0 @ 0xfc5f2 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00 sis0 at pci0 dev 14 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 10, address 00:0d:b9:02:c7:c4 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 15 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 9, address 00:0d:b9:02:c7:c5 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 16 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 11, address 00:0d:b9:02:c7:c6 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00 gpio0 at gscpcib0: 64 pins NS SC1100 SMI/ACPI rev 0x00 at pci0 dev 18 function 1 not configured pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: LEXAR ATA FLASH wd0: 4-sector PIO, LBA, 246MB, 503808 sectors wd0(pciide0:0:0): using PIO mode 4 NS SCx200 AUDIO rev 0x00 at pci0 dev 18 function 3 not configured geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 wdstatus 0 isa0 at gscpcib0 isadma0 at isa0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 gscsio0 at isa0 port 0x2e/2: SC1100 SIO rev 1: ACB1 ACB2 iic0 at gscsio0 iic1 at gscsio0 lmtemp0 at iic1 addr 0x48: LM77 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console biomask f1ef netmask ffef ttymask ffef pctr: no performance counters in CPU nvram: invalid checksum dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 clock: unknown CMOS layout Cheers Steffen.
Re: alternative for logging pf to syslog
How is the method described in the FAQ any less expensive? Seems to me it's just time delayed/batch oriented - still has the same expensive tcpdump | logger plus you pay a little interest for the cron initiated shell scripts. Theo de Raadt wrote: Isn't the load a function of what I choose to log in pf.conf? I'm not talking system load. The logging operation you have created is expensive. -- _ _ _ __| | __ _ _ __ | |__ __ _ ___ ___| | ___ _ __ / _` |/ _` | '_ \ | '_ \ / _` / __/ __| |/ _ \ '__| | (_| | (_| | | | | | | | | (_| \__ \__ \ | __/ | \__,_|\__,_|_| |_| |_| |_|\__,_|___/___/_|\___|_| [EMAIL PROTECTED]
Re: SGI O2
On 3/22/06, Bachman Kharazmi [EMAIL PROTECTED] wrote: After I downloaded the sets successfully and the rest of the installation went fine I tried to reboot the system, what happens after reboot is nothing. No boot , but I can enter the maintaing menu. Maybe of these lines have to be changed in console(maintain menu): SystemPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(8) OSLoadPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(0) In case that's my problem I don't know which one to change. printenv is pasted bellow. System Maintenance Menu 1) Start System 2) Install System Software 3) Run Diagnostics 4) Recover System 5) Enter Command Monitor Option? 5 Command Monitor. Type exit to return to the menu. printenv AutoLoad=Yes diskless=0 dbaud=9600 volume=80 sgilogo=y monitor=h TimeZone=PST8PDT netaddr=192.0.2.1 crt_option=1 SystemPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(8) OSLoadPartition=pci(0)scsi(0)disk(2)rdisk(0)partition(0) OSLoader=boot OSLoadFilename=/bsd.rd OSLoadOptions=auto console=d ConsoleOut=serial(0) ConsoleIn=serial(0) cpufreq=270 eaddr=08:00:69:0e:9b:ab videostatus=illegal_env_var On 22/03/06, Bachman Kharazmi [EMAIL PROTECTED] wrote: cool, it booted and I'm setting up my disk now :) thanks guys for all your replies. /bkw On 22/03/06, Bachman Kharazmi [EMAIL PROTECTED] wrote: I've two SGI O2 R12000 at home from today for experimental use. They've 32 of them unused at my uni so the admin said it was ok to take two :) Now I've problems installing osbd 3.8, I've choosed the cdboot installation method. First I : 'resetenv' then setenv OSLoader=boot and setenv OSLoadFilename=/bsd.rd Then I choose Install program from CDrom in the maintaining menu. What I can see on the screen is all the boot arguments at top (from the environment). OpenBSD/sgi Arcbios boot Boot: pci(0)scsi(0)cdrom(4)partition(0)/bsd.rd Loading ELF64 file 0xfff... Loading symbol table Start at 0x ARCS32 Firmware Version 1.10 SR=34010080 Found SGI-IP32, setting up. And here it freeze, nothing else happens. any ideas are welcome, /bkw Hello, here is my 02 setup and dmesg. rogern John 3:16 obsd39# cu -l tty00 Connected System Maintenance Menu 1) Start System 2) Install System Software 3) Run Diagnostics 4) Recover System 5) Enter Command Monitor Option? 5 Command Monitor. Type exit to return to the menu. printenv AutoLoad=Yes console=g diskless=0 dbaud=9600 volume=80 sgilogo=y monitor=h TimeZone=PST8PDT netaddr=192.0.2.1 SystemPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(8) OSLoadPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(0) OSLoadFilename=/bsd OSLoader=boot cpufreq=180 eaddr=08:00:69:02:df:19 NoAutoLoad=CONSOLE OPEN FAILED. ConsoleOut=serial(0) ConsoleIn=serial(0) exitCannot connect to keyboard -- check the cable. Cannot open keyboard() for input Cannot connect to keyboard -- check the cable. Cannot open keyboard() for input Running power-on diagnostics... System Maintenance Menu 1) Start System 2) Install System Software 3) Run Diagnostics 4) Recover System 5) Enter Command Monitor Option? 1 Starting up the system... arg 0: pci(0)scsi(0)disk(1)rdisk(0)partition(8)/boot arg 1: OSLoadOptions=auto arg 2: ConsoleIn=serial(0) arg 3: ConsoleOut=serial(0) arg 4: SystemPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(8) arg 5: OSLoader=boot arg 6: OSLoadPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(0) arg 7: OSLoadFilename=/bsd OpenBSD/sgi Arcbios boot Boot: pci(0)scsi(0)disk(1)rdisk(0)partition(0)/bsd Loading ELF64 file 0x8010:0x310d50, Zero 0x80410d50:0x5bb80, Loading symbol table Start at 0x8010 ARCS32 Firmware Version 1.10 SR=34010080 Found SGI-IP32, setting up. Initial setup done, switching console. NOTE: TLB code too large, using trampolines [ using 267936 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.8-beta (GENERIC) #156: Fri Aug 19 08:40:40 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sgi/compile/GENERIC real mem = 134217728 rsvd mem = 7020544 avail mem = 108875776 using 1638 buffers containing 6709248 bytes of memory mainbus0 (root) cpu0 at mainbus0: MIPS R5000 CPU rev 2.1 180 MHz with R5000 based FPC rev 1.0 cpu0: cache L1-I 32KB D 32KB 2 way, L2 512KB direct macebus0 at mainbus0: crime rev 10.1 clock0 at macebus0: TOD with DS1687, ticker on int5 using count register macepcibr0 at macebus0: mace rev 1, host system O2 pci0 at macepcibr0 bus 0 ahc0 at pci0 dev 1 function 0 Adaptec AIC-7880 rev 0x00: irq 9 ahc0: Host Adapter Bios disabled. Using default SCSI device parameters scsibus0 at ahc0: 16 targets ahc0: target 1 using 8bit transfers ahc0: target 1 using asynchronous transfers
Offering DNS slave in Scotland
Hi List, I'm offering to be a DNS slave to other OpenBSD maestros. IP'd in Scotland, so this may help your global redundancy plans! Currently on a static ADSL, so not suitable for high traffic sites the likes of ford. I've got 4 hobby domains that I'd like to have slaved in a couple of places elsewhere too. If interested, you may want to traceroute -I monaro.kepax.co.uk Please reply to me off list, unless you want to do the same for others and the list should know about it. Craig.
Re: Sporadic kernel panic booting old i386 hardware, 3.7 GENERIC
Stuart Henderson wrote: On 2006/03/23 09:31, Damon McMahon wrote: Is this (very old) hardware just giving up the ghost, bad RAM (I've seen a couple of mentions in the archives pointing to this), some other component in need of replacement, or something else worth investigating further? Memory is a fairly likely candidate; run memtest86++ and/or pull sticks of RAM. I have an old box here that boots fine normally, but if I happen to turn the monitor on during the initial seconds it panics. I'd blame that on an old, intolerant power supply. So, I either turn on the monitor before, after, or just leave it off. ;) -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Sporadic kernel panic booting old i386 hardware, 3.7 GENERIC
Thanks, Stuart. Hmmm... the machine is only connected by a serial console. Does anyone know if OpenBSD-compatible source code for memtest86 is available? The linux code doesn't compile on OpenBSD, and I'd like to be able to interact with it via a serial console, preferably. Cheers, Damon On 23/03/06, Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/03/23 09:31, Damon McMahon wrote: Is this (very old) hardware just giving up the ghost, bad RAM (I've seen a couple of mentions in the archives pointing to this), some other component in need of replacement, or something else worth investigating further? Memory is a fairly likely candidate; run memtest86++ and/or pull sticks of RAM.
Re: Sporadic kernel panic booting old i386 hardware, 3.7 GENERIC
On 3/22/06, Damon McMahon [EMAIL PROTECTED] wrote: Thanks, Stuart. Hmmm... the machine is only connected by a serial console. Does anyone know if OpenBSD-compatible source code for memtest86 is available? The linux code doesn't compile on OpenBSD, and I'd like to be able to interact with it via a serial console, preferably. many distros have memtest as a boot option off the cd, gentoo is one. --Bryan
OpenBSD and PostgreSQL performance
I've currently got a server running syslog-ng (1.6.9) with PostgreSQL (8.1.1) on a 3.9 snapshot from March 1. The setup has been working well for a while, but I've recently been told to have it accept syslog for a couple of anti-spam appliance devices, and they generate between 1-2 million syslog entries per day, and that seems to kill PostgreSQL's performance. Any query which needs to iterate the whole database will take 10-15 minutes after a day or so, and that's no good for a web front-end. I'm running it on a Compaq DL580, which is a quad Xeon 700, 2gb RAM, Compaq 3200 controller (cac) with 32mb cache RAM, and four 36gb 10k drives in RAID5. I can also move the system to a Compaq ML530, which is a dual Xeon 1000, 2gb RAM, Compaq 5300 controller (ciss) with 128mb cache, and four 36gb 10k drives plus 10 18gb 10k drives. Sure, that's better, but I'm not sure it's enough better. When I'm accepting syslog from the mail devices, a postgres process holds steady using 5-10% CPU, but the load average hovers between 1 and 2. I don't normally turn knobs, but the few knobs I've turned have been: kern.seminfo.semmni=256 kern.seminfo.semmns=2048 kern.shminfo.shmmax=201326592 set bufcachepct to 30 via config fsync=off (ick, I'd like to turn this back on) shared_buffers=16384 autovacuum is turned on. I vacuum analyze the database nightly, doing so doesn't seem to effect performance. Is there anything else I can do to improve performance on this hardware? It seems that I'm not using very much memory (around 512mb of 2gb), what's the best way to tell PostgreSQL to use more memory, in a way that will actually make a difference?
Re: OpenBSD and PostgreSQL performance
On 3/22/06, Steve Shockley [EMAIL PROTECTED] wrote: I've currently got a server running syslog-ng (1.6.9) with PostgreSQL (8.1.1) on a 3.9 snapshot from March 1. The setup has been working well for a while, but I've recently been told to have it accept syslog for a couple of anti-spam appliance devices, and they generate between 1-2 million syslog entries per day, and that seems to kill PostgreSQL's performance. Any query which needs to iterate the whole database will take 10-15 minutes after a day or so, and that's no good for a web front-end. How many days do you keep around? What's the query? What does EXPLAIN ANALYSE tell you? I'm running it on a Compaq DL580, which is a quad Xeon 700, 2gb RAM, Compaq 3200 controller (cac) with 32mb cache RAM, and four 36gb 10k drives in RAID5. I'm not intimately familiar with the Xeon SMP cache contention issue, but I do recall it being discussed quite thoroughly on the pgsql mailing lists. I don't know if it affects your setup, but it might be worth doing some cursory investigation. I can also move the system to a Compaq ML530, which is a dual Xeon 1000, 2gb RAM, Compaq 5300 controller (ciss) with 128mb cache, and four 36gb 10k drives plus 10 18gb 10k drives. Sure, that's better, but I'm not sure it's enough better. I highly doubt it's a hardware issue. When I'm accepting syslog from the mail devices, a postgres process holds steady using 5-10% CPU, but the load average hovers between 1 and 2. I don't normally turn knobs, but the few knobs I've turned have been: kern.seminfo.semmni=256 kern.seminfo.semmns=2048 kern.shminfo.shmmax=201326592 set bufcachepct to 30 via config fsync=off (ick, I'd like to turn this back on) shared_buffers=16384 autovacuum is turned on. I vacuum analyze the database nightly, doing so doesn't seem to effect performance. Is there anything else I can do to improve performance on this hardware? It seems that I'm not using very much memory (around 512mb of 2gb), what's the best way to tell PostgreSQL to use more memory, in a way that will actually make a difference? I'm inclined to say you'll gain much more from query optimization than turning OS knobs. aaron.glenn
Re: Sporadic kernel panic booting old i386 hardware, 3.7 GENERIC
Thanks to all who've responded. Through google I eventually found source code for memtester 4.0.5 at http://pyropus.ca/software/memtester/ . Compiled out of the box, however my RAM tested all OK which leaves me back to where i started... Any other suggestions? At the ddb prompt is there anythihng I can do to further troubleshoot? On 23/03/06, Damon McMahon [EMAIL PROTECTED] wrote: Thanks, Stuart. Hmmm... the machine is only connected by a serial console. Does anyone know if OpenBSD-compatible source code for memtest86 is available? The linux code doesn't compile on OpenBSD, and I'd like to be able to interact with it via a serial console, preferably. Cheers, Damon On 23/03/06, Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/03/23 09:31, Damon McMahon wrote: Is this (very old) hardware just giving up the ghost, bad RAM (I've seen a couple of mentions in the archives pointing to this), some other component in need of replacement, or something else worth investigating further? Memory is a fairly likely candidate; run memtest86++ and/or pull sticks of RAM.
Re: OpenBSD and PostgreSQL performance
* Steve Shockley [EMAIL PROTECTED] [060322 21:35]: I've currently got a server running syslog-ng (1.6.9) with PostgreSQL (8.1.1) on a 3.9 snapshot from March 1. The setup has been working well for a while, but I've recently been told to have it accept syslog for a couple of anti-spam appliance devices, and they generate between 1-2 million syslog entries per day, and that seems to kill PostgreSQL's performance. Any query which needs to iterate the whole database will take 10-15 minutes after a day or so, and that's no good for a web front-end. I'm running it on a Compaq DL580, which is a quad Xeon 700, 2gb RAM, Compaq 3200 controller (cac) with 32mb cache RAM, and four 36gb 10k drives in RAID5. I can also move the system to a Compaq ML530, which is a dual Xeon 1000, 2gb RAM, Compaq 5300 controller (ciss) with 128mb cache, and four 36gb 10k drives plus 10 18gb 10k drives. Sure, that's better, but I'm not sure it's enough better. When I'm accepting syslog from the mail devices, a postgres process holds steady using 5-10% CPU, but the load average hovers between 1 and 2. I don't normally turn knobs, but the few knobs I've turned have been: kern.seminfo.semmni=256 kern.seminfo.semmns=2048 kern.shminfo.shmmax=201326592 set bufcachepct to 30 via config fsync=off (ick, I'd like to turn this back on) shared_buffers=16384 autovacuum is turned on. I vacuum analyze the database nightly, doing so doesn't seem to effect performance. Is there anything else I can do to improve performance on this hardware? It seems that I'm not using very much memory (around 512mb of 2gb), what's the best way to tell PostgreSQL to use more memory, in a way that will actually make a difference? A good data model for starters. You may want to match the access paths used by common queries with a table and index structure that supports them. Unless your running Teradata databases, your not going to iterate over record sets like that quickly unless you get into unreasonable hardware. You could check out solid state disks, etc. But really a good data model goes a long way. Hire or consult a good DBA. Your unlikely to beat this problem with just hardware. Jim
Re: OpenBSD and PostgreSQL performance
On Thursday 23 March 2006 10:26, Steve Shockley wrote: Any query which needs to iterate the whole database will take 10-15 minutes after a day or so, and that's no good for a web front-end. The first order of business should be to get rid of these kind of queries. --- Lars Hansson
Re: OpenBSD and PostgreSQL performance
Steve Shockley wrote: I've currently got a server running syslog-ng (1.6.9) with PostgreSQL (8.1.1) on a 3.9 snapshot from March 1. The setup has been working well for a while, but I've recently been told to have it accept syslog for a couple of anti-spam appliance devices, and they generate between 1-2 million syslog entries per day, and that seems to kill PostgreSQL's performance. Any query which needs to iterate the whole database will take 10-15 minutes after a day or so, and that's no good for a web front-end. snip When I'm accepting syslog from the mail devices, a postgres process holds steady using 5-10% CPU, but the load average hovers between 1 and 2. snip Is there anything else I can do to improve performance on this hardware? It seems that I'm not using very much memory (around 512mb of 2gb), what's the best way to tell PostgreSQL to use more memory, in a way that will actually make a difference? A lot of things come to mind that you might do. The hardware is more than capable of taking the info in, storing it, and letting you search it. It's how you're currently doing it that's not working so well, and that probably has little to do with tuning kernels and daemons. Knowing neither the database structure nor the queries, I can only guess at what would really help... Tons of steady inserts on one end of an index (such as time) will lead to a lot of tree balancing. Can you partition the data into unindexed hourly tables, indexes to be added *after* you're done inserting? Can you make some generalizations about the queries typically performed and structure the database to make it faster to access? There are about two dozen questions like this, but you get the idea. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
no-df and OS Fingerprint issue
Hi, Im trying to block a Windows XP SP2 with the OSFP support on PF but a rather odd behavior seems to be happening. Not sure about this. This is the only lines that I have on my pf.conf. The thing is, when I take the word no-df from the scrub line it works, what I am missing here? If a take the no-df statement it works! # pf.conf ext_if=vr0 scrub in on $ext_if all no-df block in on $ext_if from any os Windows XP SP1 reguards, Diego
Re: OpenBSD and PostgreSQL performance
Jim Razmus wrote: * Steve Shockley [EMAIL PROTECTED] [060322 21:35]: I've currently got a server running syslog-ng (1.6.9) with PostgreSQL (8.1.1) on a 3.9 snapshot from March 1. The setup has been working well for a while, but I've recently been told to have it accept syslog for a couple of anti-spam appliance devices, and they generate between 1-2 million syslog entries per day, and that seems to kill PostgreSQL's performance. Any query which needs to iterate the whole database will take 10-15 minutes after a day or so, and that's no good for a web front-end. I'm running it on a Compaq DL580, which is a quad Xeon 700, 2gb RAM, Compaq 3200 controller (cac) with 32mb cache RAM, and four 36gb 10k drives in RAID5. I can also move the system to a Compaq ML530, which is a dual Xeon 1000, 2gb RAM, Compaq 5300 controller (ciss) with 128mb cache, and four 36gb 10k drives plus 10 18gb 10k drives. Sure, that's better, but I'm not sure it's enough better. When I'm accepting syslog from the mail devices, a postgres process holds steady using 5-10% CPU, but the load average hovers between 1 and 2. I don't normally turn knobs, but the few knobs I've turned have been: kern.seminfo.semmni=256 kern.seminfo.semmns=2048 kern.shminfo.shmmax=201326592 set bufcachepct to 30 via config fsync=off (ick, I'd like to turn this back on) shared_buffers=16384 autovacuum is turned on. I vacuum analyze the database nightly, doing so doesn't seem to effect performance. Is there anything else I can do to improve performance on this hardware? It seems that I'm not using very much memory (around 512mb of 2gb), what's the best way to tell PostgreSQL to use more memory, in a way that will actually make a difference? A good data model for starters. You may want to match the access paths used by common queries with a table and index structure that supports them. Unless your running Teradata databases, your not going to iterate over record sets like that quickly unless you get into unreasonable hardware. You could check out solid state disks, etc. But really a good data model goes a long way. Hire or consult a good DBA. Your unlikely to beat this problem with just hardware. I strongly agree with Jim's comments. Also, OpenBSD performance notwithstanding, you'll get better performance out of RAID10 for your DBs than RAID5.
DST oddity in Australia/NSW timezone
I just noticed that a fresh 3.8 install doesn't contain the DST exception that has been declared for Australia (NSW and ACT) this year, apparently to accommodate the Commonwealth Games. This year, daylight savings won't be turned back on the last Sunday in March, as usual, but a week later on the 1st of April. Just thought somebody in Oz (NSW and ACT) might care. I copied the /usr/share/zoneinfo/Australia/NSW file from a Linux box to my OpenBSD machines, as well as a bunch of Solaris boxes, and all is well. Proper handling of DST can be checked by running zdump -v -c 2007 Australia/NSW. Cheers Steffen.
Re: RAID label problem?
Thanks Otto! This fixed the problem... Xavier -- There are only 10 types of people in the world: Those who understand binary and those who don't. On Wed, 22 Mar 2006, Otto Moerbeek wrote: On Wed, 22 Mar 2006, Xavier Mertens wrote: 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 4358414031416925149 unused 0 0 # Cyl 1383715*-1809342* c: 160171392 0 unused 0 0 # Cyl 0 -156417* I create my partition, exit with q Xavier -- SELECT * FROM users WHERE clue 0; 0 rows returned You better run fdisk -i raid0 first. You are seeing the remains of an old disklabel, probably. -Otto