diff: plug telldir/seekdir leaks and more (fwd)
Trying to find testers, see below, -Otto -- Forwarded message -- Date: Wed, 29 Mar 2006 10:24:40 +0200 (CEST) From: Otto Moerbeek [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: diff: plug telldir/seekdir leaks and more On Fri, 24 Mar 2006, Otto Moerbeek wrote: Hi, This is a revised version of the diff Paul Thorn [EMAIL PROTECTED] send some time ago. It's a mix of Paul's diff, FreeBSD code and my own: - plug a huge leak that occurs if telldir() is called, but no corresponding seekdir(). Samba is suffering from that. - Use a data structure local to DIR to store the telldir data. FreeBSD uses a linked list, I chose to use an array, which avoids allocating lots of small chunks, the index becomes implicit as well, so we can drop a field from the struct. - Make sure that loc = telldir(); seekdir(loc); telldir() returns loc, as POSIX requires. This is an area that can be improved, since it now scans the array. Note that one documented behaviour is changed. POSIX does not require it, and most other Unix-like system do not give that guarantee. Please review and test, especially on setup that uses telldir and seekdir. AFAIK, no program in base does that, but at least samba does. Not a single reply to this so far. There must be some samba users hiding here. The diff is in snaps as well, to accomodate even easier testing. I'll crosspost this to misc@ as well, I know it's not done, but I really need test reports. -Otto Index: include/dirent.h === RCS file: /cvs/src/include/dirent.h,v retrieving revision 1.15 diff -u -p -r1.15 dirent.h --- include/dirent.h 13 Dec 2005 00:35:22 - 1.15 +++ include/dirent.h 24 Mar 2006 09:08:19 - @@ -59,6 +59,7 @@ /* definitions for library routines operating on directories. */ #define DIRBLKSIZ 1024 +struct _telldir; /* structure describing an open directory. */ typedef struct _dirdesc { int dd_fd; /* file descriptor associated with directory */ @@ -69,6 +70,7 @@ typedef struct _dirdesc { longdd_seek;/* magic cookie returned by getdirentries */ longdd_rewind; /* magic cookie for rewinding */ int dd_flags; /* flags for readdir */ + struct _telldir *dd_td; /* telldir position recording */ } DIR; #define dirfd(dirp) ((dirp)-dd_fd) @@ -106,7 +108,7 @@ int getdirentries(int, char *, int, long __attribute__ ((__bounded__(__string__,2,3))); #endif /* __BSD_VISIBLE */ #if __XPG_VISIBLE -long telldir(const DIR *); +long telldir(DIR *); void seekdir(DIR *, long); #endif #if __POSIX_VISIBLE = 199506 || __XPG_VISIBLE = 500 Index: lib/libc/gen/closedir.c === RCS file: /cvs/src/lib/libc/gen/closedir.c,v retrieving revision 1.6 diff -u -p -r1.6 closedir.c --- lib/libc/gen/closedir.c 8 Aug 2005 08:05:33 - 1.6 +++ lib/libc/gen/closedir.c 24 Mar 2006 09:08:19 - @@ -33,6 +33,7 @@ #include stdlib.h #include unistd.h #include thread_private.h +#include telldir.h /* * close a directory. @@ -45,12 +46,12 @@ closedir(DIR *dirp) if ((ret = _FD_LOCK(dirp-dd_fd, FD_READ, NULL)) != 0) return (ret); - seekdir(dirp, dirp-dd_rewind); /* free seekdir storage */ fd = dirp-dd_fd; dirp-dd_fd = -1; dirp-dd_loc = 0; - free((void *)dirp-dd_buf); - free((void *)dirp); + free(dirp-dd_td-td_locs); + free(dirp-dd_buf); + free(dirp); ret = close(fd); _FD_UNLOCK(fd, FD_READ); return (ret); Index: lib/libc/gen/directory.3 === RCS file: /cvs/src/lib/libc/gen/directory.3,v retrieving revision 1.16 diff -u -p -r1.16 directory.3 --- lib/libc/gen/directory.3 2 Jun 2003 20:18:34 - 1.16 +++ lib/libc/gen/directory.3 24 Mar 2006 09:08:19 - @@ -135,12 +135,6 @@ from which they are derived. If the directory is closed and then reopened, the .Fn telldir value may be invalidated due to undetected directory compaction. -It is safe to use a previous -.Fn telldir -value immediately after a call to -.Fn opendir -and before any calls to -.Fn readdir . .Pp The .Fn rewinddir Index: lib/libc/gen/opendir.c === RCS file: /cvs/src/lib/libc/gen/opendir.c,v retrieving revision 1.15 diff -u -p -r1.15 opendir.c --- lib/libc/gen/opendir.c10 Oct 2005 17:37:43 - 1.15 +++ lib/libc/gen/opendir.c24 Mar 2006 09:08:19 - @@ -40,6 +40,8 @@ #include string.h #include unistd.h +#include telldir.h + /* * Open a directory. */ @@ -67,10 +69,16 @@ __opendir2(const char *name, int flags) return (NULL); } if (fcntl(fd, F_SETFD,
Problem with apache-proxy on sparc
Hi Group, we are trying to run an apache on an openbsd 3.8 on a sun E420 as proxy-server for some internal applications. The problem is, that setting up the proxy does not work correctly ... It does only use the port-settings of the server, it should connect, but seems to decline the ip-address completely, an puts out the following log. Would someone take a look at that ? Any help is appreciated. Please be sure to shoot a mail, if anyone needs more information ... Apache error_log [Tue Mar 28 17:25:18 2006] [notice] Apache/1.3.29 (Unix) mod_ssl/2.8.16 OpenSSL/0.9.7g configured -- resuming normal operations [Tue Mar 28 17:25:18 2006] [info] Server built: unknown [Tue Mar 28 17:25:18 2006] [notice] Accept mutex: sysvsem (Default: sysvsem) [Tue Mar 28 17:25:25 2006] [debug] proxy_cache.c(0): No CacheRoot, so no caching. Declining. [Tue Mar 28 17:25:25 2006] [error] [client 81.14.150.150] (22)Invalid argument: proxy connect to 0.0.0.0 port 443 failed [Tue Mar 28 17:25:25 2006] [debug] proxy_cache.c(0): No CacheRoot, so no caching. Declining. The proxy.conf is included by the httpd.conf. proxy.conf ProxyRequests Off # ProxyVia On Directory proxy:* SSLRequireSSL Order deny,allow Deny from all Allow from all AuthType Basic AuthName picturesafe | Interner Bereich AuthUserFile conf/.htpasswd AuthGroupFile /dev/null Require valid-user /Directory # SLOX #--- ProxyPass /appl https://10.0.20.38 ProxyPassReverse /appl https://10.0.20.38 ProxyPass /servlet/ https://10.0.20.38/servlet/ ProxyPassReverse /servlet/ https://10.0.20.38/servlet/ ProxyPass /start/ https://10.0.20.38/start/ ProxyPassReverse /start/ https://10.0.20.38/start/ ProxyPass /suse/ https://10.0.20.38/suse/ . ProxyPass /wiki/ http://10.64.5.247/wiki/ ProxyPassReverse /wiki/ http://10.64.5.247/wiki/ Thanks a lot for reading up to here :) Greetings, o/s
Re: openbsd and the money
Roger Neth Jr wrote: On 3/28/06, Daniel Walrond [EMAIL PROTECTED] wrote: On Thu, Mar 23, 2006 at 03:09:08PM +0100, frantisek holop wrote: [...] unfortunately there is no real community around openbsd. at least i dont see one -- one where there are people without cvs commit. if you don't have cvs commit, you are a nobody that's what misc@ will teach any newcomer using iron and fire. i try to be part of a community but the devs say you are nobody and should be glad that you can use this stuff. [...] Yes as users we are lucky to be able to use such quality code which OpenBSD produces. I think it's a pritty hard job to be a developer, paid consultant and offer free user support to the user base. So don't be so quick to judge, without trying it yourself ;) [...] Dan, good insight and thanks for the adivce. Years ago I have had the opportunity to meet e.g. Wim. Remembering that, I would like to say that I can agree with Dan and Roger. -- Michael Schmidt MIRRORS: DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/ Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
Re: ant-junit and ANT_HOME help
Jeremy Huiskamp wrote: Hi, junit.jar is in the classpath but removing it (once the test classes are built) doesn't help, I get the exact same error. Why are you removing it? It needs to be on the classpath during compile and while you run the tests. How is junit supposed to run if it's not even loaded? Also, I believe ant-junit.jar must be on the classpath *before* you write in the junit task (not within the task itself). Ant can't load the task up if it doesn't have an implementation for it. I'd recommend sticking both junit.jar and ant- junit.jar in ANT_HOME/lib because junit will obviously have to load before ant-junit. Thanks Jeremy, a combination of those ideas worked. I was indicating that I'd tried it both ways. I'd thought that removing junit.jar from the classpath may help in the case where the first class was being found by a classloader that then couldn't find the second when the request should have been passed on to a classloader that can find both. Thought it was worth a try anyway. Reply to everyone Sorry for including commented out sections in the example. Belive me it wasn't my intention to confuse anyone, quite the opposite. I was trying to show you all the options I had tried. My original post was asking what $ANT_HOME should be on OpenBSD as the optional ant jars are not in a directory called lib and I couldn't find anything that looks like the normal ant install tree. So I still think the question was relevent to this list. Adding a symlink called lib and pointing $ANT_HOME to that does work at least in this case. Maybe that should be part of the package. MikeG
Re: sudo nopasswd rm
You only need write access to the directory to delete files (unless the sticky bit is set). Make the dir writable by a group the shell script runs as. IMHO, this is very bad advice (at least unless you know much more about the context of Marco's question). Directory write access is very powerful. It does not only allow to delete files, but also create new files, to change the ownership of files (by copying them and deleting the original) und thus ultimately to change the contents of all files in the directory. On top of that, depending on the context, it might be a bad idea to make the whole shell script SGID - this is a possible violation of the principle of least privilege. Yes you're right, I was just throwing an idea into the mix without considering all the possible scenarios. BTW, I wouldn't advocate SGID scripts, rather that the group of the user running the script could be used. Though as you say this may still allow far too much access. Mike
Hurricane-LX800 embedded system
http://www.lippert-at.com/index.php?id=367 Quote: The Hurricane-LX800 is an EPIC standard formatted board using AMD's powerful yet frugal Geode (tm) LX800 processor. This module integrates all peripherals needed to build an embedded PC on a small 115 mm x 165 mm (4.5 x 6.5) printed circuit board. Using a CS5536 I/O companion and a Super I/O chip, all the standard peripherals are already on board. The system RAM can be as large as 1 GB. There is graphics controller with VGA, LVDS and TFT adapters available. With Ethernet, USB and serial ports, the Hurricane-LX800 is a very versatile machine. The Hurricane-LX800 uses only a mere 5,3 watts and can operate in the extended temperature range of -40..+85C without additional cooling. It is supplied with 5V only and does ACPI, advanced and PCI power management. An robust and well-designed enclosure is available for system integrators. Application areas for the Hurricane-LX800 are industrial automation, automotive, medical devices, and military.
Hurricane-LX800 embedded system
Here is a case for this monster: http://www.windowsfordevices.com/files/misc/lippert-epic-box.jpg
Re: Problem with apache-proxy on sparc
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote on : Hi Group, [Tue Mar 28 17:25:18 2006] [notice] Apache/1.3.29 (Unix) mod_ssl/2.8.16 OpenSSL/0.9.7g configured -- resuming normal operations [Tue Mar 28 17:25:18 2006] [info] Server built: unknown [Tue Mar 28 17:25:18 2006] [notice] Accept mutex: sysvsem (Default: sysvsem) [Tue Mar 28 17:25:25 2006] [debug] proxy_cache.c(0): No CacheRoot, so no caching. Declining. [Tue Mar 28 17:25:25 2006] [error] [client 81.14.150.150] (22)Invalid argument: proxy connect to 0.0.0.0 port 443 failed [Tue Mar 28 17:25:25 2006] [debug] proxy_cache.c(0): No CacheRoot, so no caching. Declining. I think you gotta have a valid CacheRoot or stick in: NoCache * As in IfModule mod_proxy.c ProxyRequests Off NoCache * [EMAIL PROTECTED] The proxy.conf is included by the httpd.conf. proxy.conf ProxyRequests Off # ProxyVia On Directory proxy:* SSLRequireSSL Order deny,allow Deny from all Allow from all AuthType Basic AuthName picturesafe | Interner Bereich AuthUserFile conf/.htpasswd AuthGroupFile /dev/null Require valid-user /Directory # SLOX #--- ProxyPass /appl https://10.0.20.38 ProxyPassReverse /appl https://10.0.20.38 ProxyPass /servlet/ https://10.0.20.38/servlet/ ProxyPassReverse /servlet/ https://10.0.20.38/servlet/ ProxyPass /start/ https://10.0.20.38/start/ ProxyPassReverse /start/ https://10.0.20.38/start/ ProxyPass /suse/ https://10.0.20.38/suse/ . ProxyPass /wiki/ http://10.64.5.247/wiki/ ProxyPassReverse /wiki/ http://10.64.5.247/wiki/ Thanks a lot for reading up to here :) Greetings, o/s -- drs. Mark C. Prins Spatial Fusion Specialist / Network Administration SkypeMe@ skype:mark.prins-caris.nl -- CARIS Geographic Information Systems BV phone: +31 413 296 010 fax: +31 413 296 012 web: http://www.caris.nl product support: [EMAIL PROTECTED] sales/marketing: [EMAIL PROTECTED] This email contains confidential information for the intended recipient. If you are not the intended addressee, please notify us immediately. You should not use, disclose, distribute or copy this communication if received in error. No binding contract will result from this message until such a time as a written contract has been signed on behalf of the company named above. This message has been scanned for viruses using McAfee Groupshield. This message may have been modified by the virusscanner.
Re: pf and passive (ftp) port tricks
David Elze wrote: Well, I needed the exact same thing and did it with pure-ftpd[1] via the command-line option -p 5:50400 and an pf.conf entry like pass in on $if tcp from any to $if port 5:50400. Maybe this is an option for you too. Hello, thanks for your feedback, David. And for yours too, Per-Olov. But that4s not exactly what I want, maybe my description has not been clear enough as I in my first posting I had forgotten to mention what I wrote a few minutes later in a short follow-up to my own text. The scenario is the following one: My intention is that I do not want to allow the ftp-daemon to offer all so-called well-known ports as passive ports to the publicity which accesses one of our public ftp servers. The next point is that it is not only a very small range of ports (or in the most extreme case: a single port) which shall be offered as accessable, but the very small range of ports (or a single port) has to change at regular short intervals so that in case a hacker or person/software trying-to-intrude even if detecting an open port by coincidence does not know which will be the next open port in the shortest possible interval, as it (the next open port) is calculated by random generation. Both, the ftp-daemon and pf have to know this very small range of ports (or the single open port) and have to handle this. The advantage is that even in case there are existing/running ftp connections using open passive ports AND with beginning of the next interval of generation an other open passive port is propagated, the open port(s) of the still running ftp connections are not lost as long as the new pf rule is only loaded and the pf states are not flushed. Meanwhile I have thought about it a bit more and written and tested a script which does exactly that. As I am not sure whether it is of interest, I want to ask if I shall post it here? Have a nice day Michael -- Michael Schmidt MIRRORS: DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/ Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
OpenBGP: aggregating routes / set neighbor next-hop
Hello, I'm just playing around with OpenBGP on OpenBSD3.8. My BGP Session comes up, MD5 works fine. OpenBGP is a intuitiv tool and works fine. :) But I didn't find any documentation for migrating some parts of my cisco config to openbgpd. I configured internal BGP between my core- router and an openbgp border-router. The session comes up and openbgpd receives all my prefixes from the core-router, multiple /32 addresses, some /29-networks and so on. But I want only to be specified networks announced to my external bgp-neighbor. On my Cisco border-router I done this with an aggregate-address 192.168.0.0 255.255.255.0-Statement. I take a look on the documentation, searched the source-code for anything spelled like aggregate or something like this, but I wasn't lucky. The network-Statement isn't doing aggregating, is it? The second problem is, that I want to announce an external full-feed, received with openbgpd, to my core-router. This works fine, but the next-hop is the ip-adress of my external bgp-neighbor. But it should be the ip-address of the border-router. On Cisco I configured neighbor 10.0.0.2 next-hop-self, but how to do this with openbgp? I hope you can give me a hint to solve this to little problems, thanks! Regards Falk Brockerhoff
Public Key Authentication Vs X509 Authentication system
I'm looking to setup a VPN system linking OpenBSD, Cisco Linux. I've got the OpenBSD/Linux interrop working in the lab with X509 certs (Haven't started on the Cisco side yet) I'd like to clarify the difference between Host Keys X509 Certs. As I understand it, using Host Keys, the client generates a key pair and sends it's public key to the server. From what I can see, this would be OK if you using a central server that all clients would talk through. Using X509 certs, the client generates a cert, which gets signed by the CA. All devices have copies of the CA cert, and nothing needs to be copied around between any of the devices. This appears to be best when you are looking to setup a mesh VPN network. Have I understood things correctly ? Any gotchas that I've missed ? Thanks, GTG
Re: Ftp problem
Szymon wrote: PC!l AndrC!s napisaE(a): Hello Misc! I have a problem about ftp connections. [...] I can connect to the server from my router but can't from the other machines behind the router. I tried behind my neighbour's wireless router to it did the same. My ftp client message was: Data connection timed out. Falling back to PORT instead of PASV mode. List failed. I think it means that the client connected the server but it couldn't list the directory. http://www.bsdguru.org/dyskusja/viewtopic.php?t=11593 Perhaps it is not the same problem or effect as yours, but I have had situations where it was only necessary to issue a epsv off command (more actual ftp clients know this) directly after logon and then directory listing was possible, without using ftp-proxy. -- Michael Schmidt MIRRORS: DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/ Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
Errors during start of Xorg on 3.9
(I was redirected to misc@ from an user, thanks for the hint :) Greetings! I installed OpenBSD 3.9 few hours ago and all works fine, instead of X. I never used Xorg on an OBSD system and generated a new config with Xorg -configure. Following errors appears: (WW) xf86AcquireGART: AGPIOC_ACQUIRE failed (Device busy) (WW) GARTInit: AGPIOC_INFO failed (Device not configured) _XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created. _XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno = 2 _XSERVTransMakeAllCOTSServerListeners: failed to create listener for local ... FreeFontPath: FPE /usr/X11R6/lib/X11/fonts/misc/ refcount is 2, should be 1; fixing. I googled many hours to fix that, found no solution or hint about that. The permissions on /tmp are correct and should work for other users (can create files in it). It takes also (~) 10 seconds to start the window manager. xorg.conf: http://pastebin.com/628483 Xorg.0.log: http://pastebin.com/628488 dmesg: http://pastebin.com/628493 Anyone else that problems? Hints or solutions are welcome! Thanks. Swen
Re: Errors during start of Xorg on 3.9
On 2006/03/29 12:57, Swen Simon wrote: I installed OpenBSD 3.9 few hours ago and all works fine, instead of X. I never used Xorg on an OBSD system and generated a new config with Xorg -configure. Did you answer yes to the do you want to run X question during install? If not, edit /etc/sysctl.conf (machdep.allowaperture=2) and reboot.
Re: Errors during start of Xorg on 3.9
2006/3/29, Stuart Henderson [EMAIL PROTECTED]: On 2006/03/29 12:57, Swen Simon wrote: I installed OpenBSD 3.9 few hours ago and all works fine, instead of X. I never used Xorg on an OBSD system and generated a new config with Xorg -configure. Did you answer yes to the do you want to run X question during install? If not, edit /etc/sysctl.conf (machdep.allowaperture=2) and reboot. Yes, i did. machdep.allowaperture is actually set to 2.
ftp-proxy two isp
hi all , my network scheme is as follow isp1-\ obsd -lan isp2-/ on obsd i've succefully set load balancing outgoinng conn , but i also using ftp-proxy ( i mean tool pftpx which is impelemented in 3.9 now ) using the rules as follow: nat-anchor pftpx/* rdr-anchor pftpx/* . rdr on $if_lan proto tcp from $lan to any port 21 - 127.0.0.1 port 8021 ... anchor pftpx/* ... pass in quick on $if_lan route-to (lo0 127.0.0.1) proto tcp from $lan to any port 8021 keep state and it's working fine but .. default route on obsd is set for isp2 , so all of the ftp conn going thorugh isp2. My question is : is there any chance to set on pf and tell that ftp conn going to isp1.( without changing default route :) coz ive got vpn peer bind to isp2 ) I was tryin use route-to on loopback inteface to force this behavior but no success. I also wondering that is that an issue with ftp-proxy itself a some chnages has to be make there.?? thanks for reply dalgorno
Re: OpenBGP: aggregating routes / set neighbor next-hop
* Falk Brockerhoff [EMAIL PROTECTED] [2006-03-29 12:38]: Hello, I'm just playing around with OpenBGP on OpenBSD3.8. My BGP Session comes up, MD5 works fine. OpenBGP is a intuitiv tool and works fine. :) But I didn't find any documentation for migrating some parts of my cisco config to openbgpd. I configured internal BGP between my core- router and an openbgp border-router. The session comes up and openbgpd receives all my prefixes from the core-router, multiple /32 addresses, some /29-networks and so on. But I want only to be specified networks announced to my external bgp-neighbor. On my Cisco border-router I done this with an aggregate-address 192.168.0.0 255.255.255.0-Statement. I take a look on the documentation, searched the source-code for anything spelled like aggregate or something like this, but I wasn't lucky. The network-Statement isn't doing aggregating, is it? njet. we don't have any aggregate code, and you're the first one ever to ask :) The second problem is, that I want to announce an external full-feed, received with openbgpd, to my core-router. This works fine, but the next-hop is the ip-adress of my external bgp-neighbor. But it should be the ip-address of the border-router. of course! you should have an IBGP that makes your other routes have a route to that... like OpenOSPFD :) On Cisco I configured neighbor 10.0.0.2 next-hop-self, but how to do this with openbgp? that, again, is sth nobody ever asked for or missed :) however, the (completely untested except for compilation) diff below should add set nexthop self. Index: bgpd.h === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v retrieving revision 1.195 diff -u -p -r1.195 bgpd.h --- bgpd.h 22 Mar 2006 13:30:35 - 1.195 +++ bgpd.h 29 Mar 2006 12:08:44 - @@ -598,6 +598,7 @@ enum action_types { ACTION_SET_NEXTHOP_REJECT, ACTION_SET_NEXTHOP_BLACKHOLE, ACTION_SET_NEXTHOP_NOMODIFY, + ACTION_SET_NEXTHOP_SELF, ACTION_SET_COMMUNITY, ACTION_DEL_COMMUNITY, ACTION_PFTABLE, Index: parse.y === RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v retrieving revision 1.184 diff -u -p -r1.184 parse.y --- parse.y 22 Mar 2006 13:30:35 - 1.184 +++ parse.y 29 Mar 2006 12:08:44 - @@ -159,7 +159,7 @@ typedef struct { %token FROM TO ANY %token CONNECTED STATIC %token PREFIX PREFIXLEN SOURCEAS TRANSITAS COMMUNITY DELETE -%token SET LOCALPREF MED METRIC NEXTHOP REJECT BLACKHOLE NOMODIFY +%token SET LOCALPREF MED METRIC NEXTHOP REJECT BLACKHOLE NOMODIFY SELF %token PREPEND_SELF PREPEND_PEER PFTABLE WEIGHT RTLABEL %token ERROR %token IPSEC ESP AH SPI IKE @@ -1386,6 +1386,11 @@ filter_set_opt : LOCALPREF number { fatal(NULL); $$-type = ACTION_SET_NEXTHOP_NOMODIFY; } + | NEXTHOP SELF { + if (($$ = calloc(1, sizeof(struct filter_set))) == NULL) + fatal(NULL); + $$-type = ACTION_SET_NEXTHOP_SELF; + } | PREPEND_SELF number { if (($$ = calloc(1, sizeof(struct filter_set))) == NULL) fatal(NULL); @@ -1599,6 +1604,7 @@ lookup(char *s) { route-reflector,REFLECTOR}, { router-id, ROUTERID}, { rtlabel,RTLABEL}, + { self, SELF}, { set,SET}, { softreconfig, SOFTRECONFIG}, { source-as, SOURCEAS}, @@ -2505,6 +2511,7 @@ get_rule(enum action_types type) switch (type) { case ACTION_SET_PREPEND_SELF: case ACTION_SET_NEXTHOP_NOMODIFY: + case ACTION_SET_NEXTHOP_SELF: out = 1; break; default: Index: printconf.c === RCS file: /cvs/src/usr.sbin/bgpd/printconf.c,v retrieving revision 1.54 diff -u -p -r1.54 printconf.c --- printconf.c 22 Mar 2006 13:30:35 - 1.54 +++ printconf.c 29 Mar 2006 12:08:45 - @@ -114,6 +114,9 @@ print_set(struct filter_set_head *set) case ACTION_SET_NEXTHOP_NOMODIFY: printf(nexthop no-modify ); break; + case ACTION_SET_NEXTHOP_SELF: + printf(nexthop self ); + break; case ACTION_SET_PREPEND_SELF: printf(prepend-self %u , s-action.prepend); break; Index: rde.h === RCS file: /cvs/src/usr.sbin/bgpd/rde.h,v retrieving revision 1.90 diff -u -p -r1.90 rde.h
Re: OpenBGP: aggregating routes / set neighbor next-hop
Am 29.03.2006 um 14:11 schrieb Henning Brauer: Hi Henning, hello list, njet. we don't have any aggregate code, and you're the first one ever to ask :) Hm, it's unbelievable that I'm the first asking for aggregation :) I can do aggregation on my core-router, but I think aggregation should alway be done by the border-routers. Or what's your opinion? of course! you should have an IBGP that makes your other routes have a route to that... like OpenOSPFD :) Hm, this is a possibilty. But as I already configured BGP between my core and border-routers, I think will prefer the nexthop-self solution. that, again, is sth nobody ever asked for or missed :) however, the (completely untested except for compilation) diff below should add set nexthop self. Ui, you're realy fast :-) Thank you for your quick response. I'll compile this and test it with a spare old Cisco-Router as Development-Core next weekend. I'll give you a feedback about it. Regards, Falk Brockerhoff
Re: pf and passive (ftp) port tricks
On Wed, Mar 29, 2006 at 12:08:04PM +0200, Michael Schmidt wrote: David Elze wrote: Well, I needed the exact same thing and did it with pure-ftpd[1] via the command-line option -p 5:50400 and an pf.conf entry like pass in on $if tcp from any to $if port 5:50400. Maybe this is an option for you too. Hello, thanks for your feedback, David. And for yours too, Per-Olov. But that4s not exactly what I want, maybe my description has not been clear enough as I in my first posting I had forgotten to mention what I wrote a few minutes later in a short follow-up to my own text. The scenario is the following one: My intention is that I do not want to allow the ftp-daemon to offer all so-called well-known ports as passive ports to the publicity which accesses one of our public ftp servers. The next point is that it is not only a very small range of ports (or in the most extreme case: a single port) which shall be offered as accessable, but the very small range of ports (or a single port) has to change at regular short intervals so that in case a hacker or person/software trying-to-intrude even if detecting an open port by coincidence does not know which will be the next open port in the shortest possible interval, as it (the next open port) is calculated by random generation. Both, the ftp-daemon and pf have to know this very small range of ports (or the single open port) and have to handle this. The advantage is that even in case there are existing/running ftp connections using open passive ports AND with beginning of the next interval of generation an other open passive port is propagated, the open port(s) of the still running ftp connections are not lost as long as the new pf rule is only loaded and the pf states are not flushed. Meanwhile I have thought about it a bit more and written and tested a script which does exactly that. As I am not sure whether it is of interest, I want to ask if I shall post it here? Have a nice day Michael -- Michael Schmidt MIRRORS: DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/ Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/ I think this portrange thing and writing scripts is not needed. These rules should be enough for anonymous ftp (if you used the OpenBSD ftpd and set it up like described in the manpage): pass in on $ext_if proto tcp ... port ftp keep state pass in on $ext_if proto tcp ... port 49151 user ftp keep state It should also work with multiple users (using groups), bit I didn't try it. Tobias
Re: OpenBGP: aggregating routes / set neighbor next-hop
The second problem is, that I want to announce an external full-feed, received with openbgpd, to my core-router. This works fine, but the next-hop is the ip-adress of my external bgp-neighbor. But it should be the ip-address of the border-router. of course! you should have an IBGP that makes your other routes have a route to that... like OpenOSPFD :) or rewrite nexthop so you can run without an IGP. When I tested openbgp I did that with the filter and set, although next-hop-self would have been nice. /Tony
Re: OpenBSD and the money
Your order currently is: - 1 [T23] Wireframe Blowfish Shirt (M) @ EUR 20.00 - EUR 10.00 [DON] DONATION to the OpenBSD Project - Total: EUR 30.00 + Shipping. This is what I can afford as a student. It's for the first time I donate/buy anything from openbsd.org. I hope it helps a very little bit at least... /bkw On 23/03/06, Peter Fraser [EMAIL PROTECTED] wrote: Just out of curiosity, why are you trying to take in money by nickels and dimes rather than obtaining research grants from the Alberta government? Alberta is rolling in cash, and has specifically stated it wants to invest in technological research so that it will be in a good position when oil money begins to dwindle. OpenBSD could surely qualify as a research organization without too much trouble, at which point you'd be eligible for substantial provincial funding. I recognize that government grants come with red-tape, and people are often disdainful of taking hand-outs. In this case, however, I'd think the pros outweigh the cons. Don't you have a wish-list of things you'd implement or improve if you got sufficient funding? Something to think about...
Re: OpenBGP: aggregating routes / set neighbor next-hop
On Cisco I configured neighbor 10.0.0.2 next-hop-self, but how to do this with openbgp? that, again, is sth nobody ever asked for or missed :) however, the (completely untested except for compilation) diff below should add set nexthop self. Index: bgpd.h How come Cisco doesn't send me the source code to feature updates when I request them? Cisco must be too busy counting my money. :)
Re: OpenBGP: aggregating routes / set neighbor next-hop
On Wed, Mar 29, 2006 at 01:33:15PM +0100, tony sarendal wrote: The second problem is, that I want to announce an external full-feed, received with openbgpd, to my core-router. This works fine, but the next-hop is the ip-adress of my external bgp-neighbor. But it should be the ip-address of the border-router. of course! you should have an IBGP that makes your other routes have a route to that... like OpenOSPFD :) or rewrite nexthop so you can run without an IGP. ... and call for a lot of trouble when your network is growing. IMO this is a bad advice. 90% of all set nexthop usages are a hack around a network design error. No matter if it is on OpenBSD, cisco or whatever. When I tested openbgp I did that with the filter and set, although next-hop-self would have been nice. BTW: setting up an IGP for your network is not that complex. Just have a look at ospfd(8) :) -- :wq Claudio
Re: OpenBGP: aggregating routes / set neighbor next-hop
On 29/03/06, Falk Brockerhoff [EMAIL PROTECTED] wrote: Am 29.03.2006 um 14:11 schrieb Henning Brauer: Hi Henning, hello list, njet. we don't have any aggregate code, and you're the first one ever to ask :) Hm, it's unbelievable that I'm the first asking for aggregation :) I can do aggregation on my core-router, but I think aggregation should alway be done by the border-routers. Or what's your opinion? In larger networks you usually want to do routing manipulation at the origination point of a prefix, aggregation at the edge makes this difficult or impossible. In those networks we don't use any aggregation of prefixes. In general I try to avoid it anyway if I build something new. -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: OpenBGP: aggregating routes / set neighbor next-hop
On Wed, Mar 29, 2006 at 02:32:17PM +0200, Falk Brockerhoff wrote: Am 29.03.2006 um 14:11 schrieb Henning Brauer: Hi Henning, hello list, njet. we don't have any aggregate code, and you're the first one ever to ask :) Hm, it's unbelievable that I'm the first asking for aggregation :) I can do aggregation on my core-router, but I think aggregation should alway be done by the border-routers. Or what's your opinion? What do you need to aggregate and why? In most cases a set of network statements on the border routers is enough. Unless you run a big (as in fucking huge) network. You should announce the network range you recieved from your RIR and not splitting it up. Especially it makes no sense to use aggregation on border routers if you do not have use IGP. of course! you should have an IBGP that makes your other routes have a route to that... like OpenOSPFD :) Hm, this is a possibilty. But as I already configured BGP between my core and border-routers, I think will prefer the nexthop-self solution. IGP and iBGP are two different things and work in a completely different way. iBGP is used to direct external traffic in the most optimal way out of your network. IGP is used to route incomming and internal traffic including fast rerouting in case of network failures. that, again, is sth nobody ever asked for or missed :) however, the (completely untested except for compilation) diff below should add set nexthop self. Ui, you're realy fast :-) Thank you for your quick response. I'll compile this and test it with a spare old Cisco-Router as Development-Core next weekend. I'll give you a feedback about it. Hennings diff looks good. Only minor thing is the missing IPv6 support. -- :wq Claudio
Re: OpenBGP: aggregating routes / set neighbor next-hop
On 29/03/06, Claudio Jeker [EMAIL PROTECTED] wrote: On Wed, Mar 29, 2006 at 01:33:15PM +0100, tony sarendal wrote: The second problem is, that I want to announce an external full-feed, received with openbgpd, to my core-router. This works fine, but the next-hop is the ip-adress of my external bgp-neighbor. But it should be the ip-address of the border-router. of course! you should have an IBGP that makes your other routes have a route to that... like OpenOSPFD :) or rewrite nexthop so you can run without an IGP. ... and call for a lot of trouble when your network is growing. IMO this is a bad advice. 90% of all set nexthop usages are a hack around a network design error. No matter if it is on OpenBSD, cisco or whatever. I don't agree. A large network does not have to have an IGP to carry the BGP, no matter size, it depends of the requirements of the network. A normal design is to use the IGP for to carry the network (links and loopbacks) and punch the rest into BGP. A BGP-only design will allow you to have features like per-link-direction routing for every single prefix which wil allow you to do traffic engineering in a network per prefix by just modifying origination point bgp communities. I.e I want this specific prefix to have it's metric bumped by 100 on the LON-AMS and 500 on OSL-STO to offload this traffic of away from those links for a while. Or I don't want this prefix advertised over links which has MTU less that 4470 to avoid fragmentation. You can do a lot of things in a bgp-only network which you can't do with an IGP, as long as the limitations that bgp offers aren't a show stopper for you, and as long as it suites the network you are running. Also I have seen countless network problems just due to problems in one of the many routing and forwarding layers, think protocol pancakes and mpls, one protocol is simple. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: Dynamically update DNS info in DHCPD.CONF
On 3/29/06, Isaac Levy [EMAIL PROTECTED] wrote: On 3/28/06, NetNeanderthal [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] ~]$ man -k python python: nothing appropriate Is your python install broken? It must be. I checked four other default OpenBSD installs, it's broken on every one of them as well -- this must be a py5n1 epidemic of dangerous proportion.
Zoom Model 4320 USB Bluetooth Adaptor
Hi [EMAIL PROTECTED] I was wondering if there would be any reason for this usb bluetooth adapter not to work on OpenBSD. I can't find any mentions of ubt(4) supported devices on the man page or on the archives, so just thought I'd spam misc@ before buying it. Please answer to me, I'm not on the list. http://shop1.outpost.com/product/4717829?site=sr:SEARCH:MAIN_RSLT_PG if anyone cares. Thanks for your time! fabio.olive -- i drowned in the universal pool of entropy eris has saved me, and she has set me free ex sed lex awk yacc, e pluribus unix, amem
Re: UKUUG Spring Conference 2006: photo-reportage
On Sun, Mar 26, 2006 at 06:10:55PM +0100, Constantine A. Murenin wrote: I trust everyone had a lot of fun at the recent UKUUG LISA conference! Yep :) I've depicted some of this fun in the photographs, and here you can see what you have missed if you have not attended: URL:http://mojo.ru/uk/uug/2006-03/ Some more photos for people: http://photos.djw.org.uk/ukuug200603/ Dan
Re: OpenBGP: aggregating routes / set neighbor next-hop
On Wed, Mar 29, 2006 at 02:22:13PM +0100, tony sarendal wrote: On 29/03/06, Claudio Jeker [EMAIL PROTECTED] wrote: On Wed, Mar 29, 2006 at 01:33:15PM +0100, tony sarendal wrote: The second problem is, that I want to announce an external full-feed, received with openbgpd, to my core-router. This works fine, but the next-hop is the ip-adress of my external bgp-neighbor. But it should be the ip-address of the border-router. of course! you should have an IBGP that makes your other routes have a route to that... like OpenOSPFD :) or rewrite nexthop so you can run without an IGP. ... and call for a lot of trouble when your network is growing. IMO this is a bad advice. 90% of all set nexthop usages are a hack around a network design error. No matter if it is on OpenBSD, cisco or whatever. I don't agree. A large network does not have to have an IGP to carry the BGP, no matter size, it depends of the requirements of the network. I did not talk about redistributing BGP information into an IGP (that's totaly sick). I'm talking about the need for an IGP to glue your network correctly together so that BGP is working as it should. A normal design is to use the IGP for to carry the network (links and loopbacks) and punch the rest into BGP. A BGP-only design will allow you to have features like per-link-direction routing for every single prefix which wil allow you to do traffic engineering in a network per prefix by just modifying origination point bgp communities. I.e I want this specific prefix to have it's metric bumped by 100 on the LON-AMS and 500 on OSL-STO to offload this traffic of away from those links for a while. Or I don't want this prefix advertised over links which has MTU less that 4470 to avoid fragmentation. I think we're talking about the same thing you just used more words :) In large networks you use a minimum IGP (in ospfd you would only use interface statements but no redistribute rule) over that skeleton you run a BGP mesh. Without the IGP there is not skeleton and your BGP mesh falls totaly appart. In one point your right it is often better to redistribute (customer) networks via BGP. The filtering capabilities of OSPF are simply non-existent and so traffic engineering is often impossible. You can do a lot of things in a bgp-only network which you can't do with an IGP, as long as the limitations that bgp offers aren't a show stopper for you, and as long as it suites the network you are running. You can only run a BGP only network if your core network is consistent and to achieve that you normaly need some sort of IGP. Also I have seen countless network problems just due to problems in one of the many routing and forwarding layers, think protocol pancakes and mpls, one protocol is simple. Yep, I suffered too. Anyway, systems of that size should be administrated by people who know how routing works. Handicraft enthusiast do not get that far... -- :wq Claudio
LSI Raid Card
Hi, If I got one of these: http://www.lsilogic.com/products/megaraid/sata_150_4.html Which is supported under the ami driver, and that I'll have four drives in RAID 5, each in these: http://www.ebuyer.com/customer/products/index.html? action=c2hvd19wcm9kdWN0X292ZXJ2aWV3product_uid=99222 Am I still going to be able to use the nice blink functions in bioctl? I'd like to know which drive my RAID card thinks has died... Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
Re: OpenBGP: aggregating routes / set neighbor next-hop
On 29/03/06, Claudio Jeker [EMAIL PROTECTED] wrote: I did not talk about redistributing BGP information into an IGP (that's totaly sick). I'm talking about the need for an IGP to glue your network correctly together so that BGP is working as it should. That was not what I was talking about either, that would be sick. I was talking about a network with no traditional IGP, only BGP. You can only run a BGP only network if your core network is consistent and to achieve that you normaly need some sort of IGP. The IGP is used for BGP to validate next hop is it not (among other things) ? If the next hop is directly connected then you don't need that anymore. If you are interested have a read of this old thread http://www.michnet.net/mail.archives/nanog/2002-09/msg2.html and note Alex Yurievs comments. Being able to decide what how to handle each prefix at every hop in the network offers some featurettes which you can't get without MPLS TE, and maybe not even then in reality. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: Errors during start of Xorg on 3.9
On Wed, Mar 29, 2006 at 12:57:29PM +0200, Swen Simon wrote: (I was redirected to misc@ from an user, thanks for the hint :) Greetings! I installed OpenBSD 3.9 few hours ago and all works fine, instead of X. I never used Xorg on an OBSD system and generated a new config with Xorg -configure. Following errors appears: (WW) xf86AcquireGART: AGPIOC_ACQUIRE failed (Device busy) (WW) GARTInit: AGPIOC_INFO failed (Device not configured) _XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created. Huh? _XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno = 2 Okay... _XSERVTransMakeAllCOTSServerListeners: failed to create listener for local ... FreeFontPath: FPE /usr/X11R6/lib/X11/fonts/misc/ refcount is 2, should be 1; fixing. I googled many hours to fix that, found no solution or hint about that. The permissions on /tmp are correct and should work for other users (can create files in it). It takes also (~) 10 seconds to start the window manager. xorg.conf: http://pastebin.com/628483 Xorg.0.log: http://pastebin.com/628488 dmesg: http://pastebin.com/628493 Anyone else that problems? Hints or solutions are welcome! Thanks. Provided that the message marked 'Huh?' is correct, you are trying to run X as a non-root user. That doesn't work. (Or, to be more precise, the full windowing stuff should always run as a non-root user, but only root can start the X server. Normal users use xdm/kdm/... or startx.) Joachim
Re: LSI Raid Card
On 3/29/06, Gaby vanhegan [EMAIL PROTECTED] wrote: Am I still going to be able to use the nice blink functions in bioctl? I'd like to know which drive my RAID card thinks has died... You'd have to get a backplane with safte or ses that the card can talk to. The drive enclosures you linked to are dumb sleds. They do have activity lights, so you could always perform some heavy drive activity and, by a process of elimination, the one without the blinking activity light is the failed drive. -- Jon Simola Systems Administrator ABC Communications
bioctl problem reporting hotspare status - ami0
I recently built a new system with an LSI Logic Megaraid 150-6 and 6 Seagate drives. I configured 5 drives in a RAID 5 configuration with the 6th as a hotspare. Initially, bioctl reported the RAID status correctly. After I manually simulated failing a drive (shutdown and physically remove power from one drive), the Megaraid controller did as expected, ie. added the hotspare and started rebuilding the array. I let the rebuild finish and again shutdown and re-powered the failed drive. At that point, I tried to use bioctl to change the status of the latter drive to Hotspare via bioctl -H 0:4 ami0. The latter command apparently completes successfully; however, the status continues to show Unused. x2 506sudo bioctl -H 0:4 ami0 x2 507sudo bioctl -h ami0 Volume Status Size Device ami0 0 Online 3.9G sd0 RAID5 0 Online 74.5G 0:0.0 noencl ST3808110AS 3.AA 1 Online 74.5G 0:1.0 noencl ST3808110AS 3.AA 2 Online 74.5G 0:2.0 noencl ST3808110AS 3.AA 3 Online 74.5G 0:3.0 noencl ST3808110AS 3.AA 4 Online 74.5G 0:5.0 noencl ST3808110AS 3.AA ami0 1 Online 294G sd1 RAID5 0 Online 74.5G 0:0.0 noencl ST3808110AS 3.AA 1 Online 74.5G 0:1.0 noencl ST3808110AS 3.AA 2 Online 74.5G 0:2.0 noencl ST3808110AS 3.AA 3 Online 74.5G 0:3.0 noencl ST3808110AS 3.AA 4 Online 74.5G 0:5.0 noencl ST3808110AS 3.AA ami0 2 Unused 74.5G 0:4.0 noencl ST3808110AS 3.AA I have since used the Megaraid BIOS to change the status of 0:4 to Hotspare and observe that the BIOS does correctly reflect the hotspare status. However, bioctl still reports it as Unused. I also tried bioctl -vDH 0:4 ami0 which didn't change the hotspare status but did produce the following: bioctl: cookie = 0x81bc2d40 The Megaraid 150-6 does have the latest firmware. OpenBSD 3.9-current (GENERIC.MP) #759: Mon Mar 27 04:29:19 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1073016832 (1047868K) avail mem = 908169216 (886884K) using 22937 buffers containing 107507712 bytes (104988K) of memory mainbus0 (root) mainbus0: Intel MP Specification (Version 1.1) (ASUSTeK ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2002.84 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2002.56 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 3, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 VIA K8HTB Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA K8HTB Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA K8HTB Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA K8HTB Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA K8HTB Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA K8HTB Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon 9200 PRO rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATI Radeon 9200 PRO Sec rev 0x01 at pci1 dev 0 function 1 not configured skc0 at pci0 dev 10 function 0 Marvell Yukon 88E8001/8003/8010 rev 0x13, Marvell Yukon Lite (0x9): apic 2 int 17 (irq 10) sk0 at skc0 port A, address 00:15:f2:44:40:ad eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 ami0 at pci0 dev 14 function 0 Symbios Logic MegaRAID rev 0x01: apic 2 int 19 (irq 3) ami0: LSI 523, 64b/lhc, FW 713N, BIOS vG119, 64MB RAM ami0: 1 channels, 0 FC loops, 2 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 4000MB, 4000 cyl, 64 head, 32 sec, 512 bytes/sec,
Re: LSI Raid Card
On Wednesday 29 March 2006 16.27, Gaby vanhegan wrote: Hi, If I got one of these: http://www.lsilogic.com/products/megaraid/sata_150_4.html Which is supported under the ami driver, and that I'll have four drives in RAID 5, each in these: http://www.ebuyer.com/customer/products/index.html? action=c2hvd19wcm9kdWN0X292ZXJ2aWV3product_uid=99222 Am I still going to be able to use the nice blink functions in bioctl? I'd like to know which drive my RAID card thinks has died... Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/ I think it should work with a command like bioctl -b channel:target.lun ami0. If its not in an enclosure it will tell... Try man bioctl /Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
Re: LSI Raid Card
You show me a SATA drive that has an LED first :-) On Wed, Mar 29, 2006 at 03:27:30PM +0100, Gaby vanhegan wrote: Hi, If I got one of these: http://www.lsilogic.com/products/megaraid/sata_150_4.html Which is supported under the ami driver, and that I'll have four drives in RAID 5, each in these: http://www.ebuyer.com/customer/products/index.html? action=c2hvd19wcm9kdWN0X292ZXJ2aWV3product_uid=99222 Am I still going to be able to use the nice blink functions in bioctl? I'd like to know which drive my RAID card thinks has died... Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
Re: LSI Raid Card
On 29 Mar 2006, at 17:46, Jon Simola wrote: On 3/29/06, Gaby vanhegan [EMAIL PROTECTED] wrote: Am I still going to be able to use the nice blink functions in bioctl? I'd like to know which drive my RAID card thinks has died... You'd have to get a backplane with safte or ses that the card can talk to. The drive enclosures you linked to are dumb sleds. They do have activity lights, so you could always perform some heavy drive activity and, by a process of elimination, the one without the blinking activity light is the failed drive. I thought that this might be the case. A backplane of some sort is totally outside my budget. I'll just have to carefully label and wire up the drives in their 'sleds' :) They do have two lights, one for power and one for drive activity. I was just wondering if the activity light could be reached by bioctl. On 29 Mar 2006, at 18:01, Per-Olov Sjvholm wrote: I think it should work with a command like bioctl -b channel:target.lun ami0. If its not in an enclosure it will tell... Try man bioctl When I get my sweaty little hands on the card, I'll give that a try. On 29 Mar 2006, at 18:03, Marco Peereboom wrote: You show me a SATA drive that has an LED first :-) Fair point. The caddy does claim to have a light, but if bioctl only talks to SAFTE enclosures and backplanes for this sort of thing, it's not usable for this purpose. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
Festivals.be - agenda update
Version frangaise ci-dessous Nederlandse versie hieronder - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Festivals.be Update your info ! Dont forget to add or update your event information on Festivals.be the n01 festival site in Belgium. Place a link to Festivals.be on your website (using one of the buttons available at : http://www.festivals.be/festival .html ) and send an e-mail when this is done to [EMAIL PROTECTED] with your event details, website. Of course it's totally free. Greg http://www.festivals.be - - - - - - - - - - - - - - - - - - - - - - - - - - - - Festivals.be Mise ` jour de vos donnies ! Noubliez pas dajouter ou de mettre ` jour vos information sur Festivals.be le site n01 sur les festivals en Belgique. Placez un lien vers Festivals.be sur votre site web (en utilisant un des boutons disponible ` ladresse : http://www.festivals.be/festival .html ). Dhs que cest fait, envoyez un e-mail ` ladresse [EMAIL PROTECTED] avec les ditails de votre ivinement et ladresse de votre site web. Bien s{r c'est totalement gratuit. Greg http://www.festivals.be - - - - - - - - - - - - - - - - - - - - - - - - - - - - Festivals.be Informatie update ! Vergeet niet uw gegevens te updaten op Festivals.be de n0 1 festival site in Belgik. Plaats een link naar Festivals.be op uw website (gebruik daarvoor een van de buttons op http://www.festivals.be/festival .html ). Stuur dan een email naar [EMAIL PROTECTED] met alle details en de website van uw evenement. Natuurlijk is het 100% gratis. Greg http://www.festivals.be
Re: OpenBGP: aggregating routes / set neighbor next-hop
Falk Brockerhoff wrote: Hello, I'm just playing around with OpenBGP on OpenBSD3.8. My BGP Session comes up, MD5 works fine. OpenBGP is a intuitiv tool and works fine. :) Just a word of BIG caution on this MD5 usage. There was a bug corrected in 3.9 for MD5 when the remote reset the session. Make sure to upgrade to 3.9 and NOT to run the 3.8 when MD5 is in use. You will sleep much better, believe me. Thanks Daniel
Re: OpenBGP: aggregating routes / set neighbor next-hop
Daniel Ouellet wrote: Falk Brockerhoff wrote: Hello, I'm just playing around with OpenBGP on OpenBSD3.8. My BGP Session comes up, MD5 works fine. OpenBGP is a intuitiv tool and works fine. :) Just a word of BIG caution on this MD5 usage. There was a bug corrected in 3.9 for MD5 when the remote reset the session. Make sure to upgrade to 3.9 and NOT to run the 3.8 when MD5 is in use. You will sleep much better, believe me. Just for the records as some may have question on that one. You will only see the bug if the remote party use MD5 and have the ip tcp selective-ack enable in their configuration. The problem is that you don't know if they do or not. If you can't upgrade right away, one very easy work around if to simply have: sysctl net.inet.tcp.sack=0 in your OpenBSD configuration until you have time to upgrade to 3.9. Hope this help and clarify the issue a bit more. Not obvious and took me a long time to figure it out. Having dead peer, or worst main access is no fun. (: Sorry for the somewhat short answer the first time around. Daniel
Re: bioctl problem reporting hotspare status - ami0
I am aware of this issue however I have not been able to duplicate it myself. If anyone has seen this issue and is able to give me remote access to abox please let me know. I'll be needing serial and ssh access. Also a source tree local would help. /marco On Wed, Mar 29, 2006 at 11:59:33AM -0500, [EMAIL PROTECTED] wrote: I recently built a new system with an LSI Logic Megaraid 150-6 and 6 Seagate drives. I configured 5 drives in a RAID 5 configuration with the 6th as a hotspare. Initially, bioctl reported the RAID status correctly. After I manually simulated failing a drive (shutdown and physically remove power from one drive), the Megaraid controller did as expected, ie. added the hotspare and started rebuilding the array. I let the rebuild finish and again shutdown and re-powered the failed drive. At that point, I tried to use bioctl to change the status of the latter drive to Hotspare via bioctl -H 0:4 ami0. The latter command apparently completes successfully; however, the status continues to show Unused. x2 506sudo bioctl -H 0:4 ami0 x2 507sudo bioctl -h ami0 Volume Status Size Device ami0 0 Online 3.9G sd0 RAID5 0 Online 74.5G 0:0.0 noencl ST3808110AS 3.AA 1 Online 74.5G 0:1.0 noencl ST3808110AS 3.AA 2 Online 74.5G 0:2.0 noencl ST3808110AS 3.AA 3 Online 74.5G 0:3.0 noencl ST3808110AS 3.AA 4 Online 74.5G 0:5.0 noencl ST3808110AS 3.AA ami0 1 Online 294G sd1 RAID5 0 Online 74.5G 0:0.0 noencl ST3808110AS 3.AA 1 Online 74.5G 0:1.0 noencl ST3808110AS 3.AA 2 Online 74.5G 0:2.0 noencl ST3808110AS 3.AA 3 Online 74.5G 0:3.0 noencl ST3808110AS 3.AA 4 Online 74.5G 0:5.0 noencl ST3808110AS 3.AA ami0 2 Unused 74.5G 0:4.0 noencl ST3808110AS 3.AA I have since used the Megaraid BIOS to change the status of 0:4 to Hotspare and observe that the BIOS does correctly reflect the hotspare status. However, bioctl still reports it as Unused. I also tried bioctl -vDH 0:4 ami0 which didn't change the hotspare status but did produce the following: bioctl: cookie = 0x81bc2d40 The Megaraid 150-6 does have the latest firmware. OpenBSD 3.9-current (GENERIC.MP) #759: Mon Mar 27 04:29:19 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1073016832 (1047868K) avail mem = 908169216 (886884K) using 22937 buffers containing 107507712 bytes (104988K) of memory mainbus0 (root) mainbus0: Intel MP Specification (Version 1.1) (ASUSTeK ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2002.84 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2002.56 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 3, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 VIA K8HTB Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA K8HTB Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA K8HTB Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA K8HTB Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA K8HTB Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA K8HTB Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon 9200 PRO rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATI Radeon 9200 PRO Sec rev 0x01 at pci1 dev 0 function 1 not configured skc0 at pci0 dev 10 function 0 Marvell Yukon 88E8001/8003/8010 rev 0x13, Marvell Yukon Lite (0x9): apic 2 int 17 (irq 10) sk0 at skc0
Re: LSI Raid Card
On 29 Mar 2006, at 18:03, Marco Peereboom wrote: You show me a SATA drive that has an LED first :-) Fair point. The caddy does claim to have a light, but if bioctl only talks to SAFTE enclosures and backplanes for this sort of thing, it's not usable for this purpose. To save cost SATA HDD vendors pulled the activity LED. So whatever LED you have wasn't put on there by the HDD vendor.
State of SAN
I'm trying to get a feel for what the state of attaching an OpenBSD server to a SAN is. I've looked at the i386 hardware support page as well as some manpages and all I can find is somewhat old supported HBAs. Is anyone on the list running OpenBSD SAN-attached, either via FiberChannel or iSCSI? If so, can you give me some info on what HBAs you're using? If you were to buy an HBA for an OpenBSD box today which HBA would you recommend?
Re: Problems with X in OpenBSD (3.9) -current with LCD WideScreen Monitor
Francisco Valladolid wrote: Hi folks. Recently I bougth a new LCD display, it is a ViewSonic 19 WideScreen, i have proble with xorg in -current, for correct display mode only 1024x768 is displayed. The X windows is so wrong. Some have some tips about the X under xorg. This monitor work fine in other OS running xfree86. Unfortunately, you have provided no hard information, so you will get no hard answers. In short, however, you need to hand-tweak your /etc/X11/xorg.conf file, apparently. Under 'Section Monitor', make sure you have accurate HorizSync and VertRefresh lines. Under 'Section Screen', add/alter a couple lines: Default Depth 24 and under 'SubSection Display' add: Modes 1280x1024 (correct the Depth and Modes to the values you want, of course). You may be in business. You may not be, if your video card or X driver is incapable of driving your monitor at the desired depth and resolution, or if there is some other quirk in your hardware we can't see. Or if I'm forgetting something, which is possible. :) You can also try to use DDC, apparently it was default for 3.8, now for 3.9, DDC is disabled by default, and I'm glad (worked great when it worked, sucked big time when it didn't). Nick.
Re: State of SAN
Thanks. Exactly what I needed. -Original Message- From: Jason Dixon [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 29, 2006 3:03 PM To: Michael Favinsky Cc: misc@openbsd.org Subject: Re: State of SAN On Mar 29, 2006, at 5:27 PM, Michael Favinsky wrote: I'm trying to get a feel for what the state of attaching an OpenBSD server to a SAN is. I've looked at the i386 hardware support page as well as some manpages and all I can find is somewhat old supported HBAs. Is anyone on the list running OpenBSD SAN-attached, either via FiberChannel or iSCSI? If so, can you give me some info on what HBAs you're using? If you were to buy an HBA for an OpenBSD box today which HBA would you recommend? http://marc.theaimsgroup.com/?l=openbsd-miscm=112977951023494w=2 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net This message may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient of this message you may not store, disclose, copy, forward, distribute or use this message or its contents for any purpose. If you have received this communication in error, please notify us immediately by return e-mail and delete the original message and any attachments from your e-mail system. Thank you.
Re: some crashes with VIA VT-310DP (npxdna_xmm(d06e7660) at npxdna_xmm+0x71)
On Mon, Mar 27, 2006 at 03:11:49PM -0500, jared r r spiegel wrote: i forgot 'show panic' and 'show registers' these three times. ddb{0} show panic the kernel did not panic ddb{0} show registers ds 0x10 es 0x10 fs 0x58 gs 0x10 edi 0xd06e7660cpu_info_primary esi 0x20 ebp 0xe7d2be68 ebx0 edx 0x2 ecx0 eax0 eip 0xd0491475npxdna_xmm+0x71 cs 0x8 eflags 0x10246 esp 0xe7d2be40 ss0xe7d20010 npxdna_xmm+0x71:movl0x12c(%ebx),%eax ddb{0} trace npxdna_xmm(d06e7660) at npxdna_xmm+0x71 Xdna(d0657b2c,e7d2bef8,d02537f7,2000,0) at Xdna+0x39 softclock(0,58,10,10,10) at softclock+0x22c Xintrsoftclock() at Xintrsoftclock+0x56 --- interrupt --- Xdoreti() at Xdoreti+0x23 --- interrupt --- apm_cpu_idle(0,0,0,0,0) at apm_cpu_idle+0x4a have the machine running on uniprocessor kernel now and it's been stable for past 2 days ( previous max uptime on .mp was always 1d ) we're looking at moving it to 3.9, but trying to root around cvs{@,web} to see if we can find a commit that smells like it might be a fixing winner before going back to an MP kernel again. -- jared [ openbsd 3.9-current GENERIC ( mar 15 ) // i386 ]
Castiga un Sony PSP!!!
Intra in concurs pentru un Sony PSP! Tot ce trebuie sa faci este sa te joci cat mai mult! Alege din peste 500 jocuri online gratuite Flash si Shockwave!!! http://games.cubed.ro/