Re: problems compiling -current kernel
Yes, Thank you, I see this note, I'm compiling gcc ! Thank you very much. On 8/8/06, Matthias Kilian <[EMAIL PROTECTED]> wrote: > > On Tue, Aug 08, 2006 at 01:18:02AM -0500, Francisco Valladolid wrote: > > the -current guide in OpenBSD FAQ, dodn't contain sufficient support for > me > > at this moment. > > http://www.openbsd.org/faq/current.html#20060727 > -- --- BSD - Unix simplicity. Francisco Valladolid Hdez. [EMAIL PROTECTED]
Re: saslauthd issue?
On 8/8/06, J Moore <[EMAIL PROTECTED]> wrote: On Mon, Aug 07, 2006 at 10:51:02PM -0700, the unit calling itself Kian Mohageri wrote: > > > Have you tried escaping the $ char to make sure the shell doesn't interpret > it? > > V\$B14xVu Yes - sorry I failed to mention that... esc'ing the $ does get by, but I've just never ever heard of having to escape a password... does that seem logical? shouldn't it at least be documented? It's perfectly logical, though it is a bit strange. I've never heard of a password with a $ in it though. To be sure, you can just always quote the password with single quotes. This will prevent the shell from interpreting the $ specially. -Nick
Re: problems compiling -current kernel
On Tue, Aug 08, 2006 at 01:18:02AM -0500, Francisco Valladolid wrote: > the -current guide in OpenBSD FAQ, dodn't contain sufficient support for me > at this moment. http://www.openbsd.org/faq/current.html#20060727
Re: saslauthd issue?
On 8/7/06, J Moore <[EMAIL PROTECTED]> wrote: > > On Mon, Aug 07, 2006 at 10:51:02PM -0700, the unit calling itself Kian > Mohageri wrote: > > > > > >B14xVu: Undefined variable. > > > > > >where "B14xVu" is a fragment of the password. The full password was: > > >V$B14xVu > > > > > >I tried this on other user/password combinations, and got reasonable > > >results. But the "$" char seems to cause a problem consistently. In all > > >other cases, the result was either: > > > > > > Have you tried escaping the $ char to make sure the shell doesn't > interpret > > it? > > > > V\$B14xVu > > Yes - sorry I failed to mention that... esc'ing the $ does get by, but > I've just never ever heard of having to escape a password... does that > seem logical? shouldn't it at least be documented? It isn't that unusual. The program you're testing with is run on the command line, so special characters are going to be interpreted by the shell. Might be worth a note in the man page example or something but it's pretty common knowledge (not saying you should've known that or anything) Kian
problems compiling -current kernel
Hi, folks Today I update my src tree in -current, I have some problems compiling it. I'm using OpenBSD 3.9 -current in amd64 port. [EMAIL PROTECTED]:[/usr/src/sys/arch/amd64/compile/GENERIC]% sudo make depend Password: mkdir -p /usr/src/sys/arch/amd64/compile/GENERIC/lib/kern depending the kern library objects depending the compat library objects sh /usr/src/sys/arch/amd64/compile/GENERIC/../../../../kern/genassym.sh cc -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-uninitialized -Wno-format -Wno-main -Wno-sign-compare -Wstack-larger-than-2047 -mcmodel=kernel -mno-red-zone -fno-strict-aliasing -mno-sse2 -mno-sse -mno-3dnow -mno-mmx -msoft-float -fno-builtin-printf -fno-builtin-log -fno-omit-frame-pointer -O2 -pipe -nostdinc -I. -I/usr/src/sys/arch/amd64/compile/GENERIC/../../../../arch -I/usr/src/sys/arch/amd64/compile/GENERIC/../../../.. -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT -DCOMPAT_35 -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DXFS -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6 -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DUSER_PCICONF -DAPERTURE -DPCIVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6" -DWSDISPLAY_COMPAT_PCVT -D_KERNEL -Damd64 -Dx86_64 -DMAXUSERS=32 < /usr/src/sys/arch/amd64/compile/GENERIC/../../../../arch/amd64/amd64/genassym.cf > assym.h.tmp && mv -f assym.h.tmp assym.h cc1: error: unrecognized option `-Wstack-larger-than-2047' *** Error code 1 Stop in /usr/src/sys/arch/amd64/compile/GENERIC (line 556 of Makefile). [EMAIL PROTECTED]:[/usr/src/sys/arch/amd64/compile/GENERIC]% the -current guide in OpenBSD FAQ, dodn't contain sufficient support for me at this moment. Best Regards. -- --- BSD - Unix simplicity. Francisco Valladolid Hdez. [EMAIL PROTECTED]
Re: saslauthd issue?
On Mon, Aug 07, 2006 at 10:51:02PM -0700, the unit calling itself Kian Mohageri wrote: > > > >B14xVu: Undefined variable. > > > >where "B14xVu" is a fragment of the password. The full password was: > >V$B14xVu > > > >I tried this on other user/password combinations, and got reasonable > >results. But the "$" char seems to cause a problem consistently. In all > >other cases, the result was either: > > > Have you tried escaping the $ char to make sure the shell doesn't interpret > it? > > V\$B14xVu Yes - sorry I failed to mention that... esc'ing the $ does get by, but I've just never ever heard of having to escape a password... does that seem logical? shouldn't it at least be documented? Thnx, J
Re: saslauthd issue?
> B14xVu: Undefined variable. > > where "B14xVu" is a fragment of the password. The full password was: > V$B14xVu > > I tried this on other user/password combinations, and got reasonable > results. But the "$" char seems to cause a problem consistently. In all > other cases, the result was either: Have you tried escaping the $ char to make sure the shell doesn't interpret it? V\$B14xVu
Re: Dovecot package/ports report
I am terribly sorry, accidently clicked on the wrong recicient list... :) Please ignore. On Tue, 8 Aug 2006 7:42:06 +0200, Michael <[EMAIL PROTECTED]> wrote: > Hey, > > just wanted to let you know that the current version as it comes from > ports (same as package) got some problems when trying to upload Emails > into an IMAP directory. > > I patched my ports to the version it was supposed to be, before it got > reverted, and now it works fine with RC 5. > > Since RC 6 is already out, the version used for release should be RC 6+ > ... > > Michael
Re: OpenBSD and high availability
Nick Holland wrote: knitti wrote: On 8/7/06, Jens Mayer <[EMAIL PROTECTED]> wrote: While the networking part can be handled by carp, I'm collecting ideas on how to keep the local file systems in synch - especially for ftp users and the mailinglist archives. The synchronization will be done via a dedicated cross coonect cable directly between the boxes. while I would do it with rsync (I know, depends on what you want to do), I don't see any reason why ccd'ing two large nfs-exposed files shouldn't work. But I think this would be more ugly and complicated than rsyncing every x minutes... Simplicity is your friend. rsync is simple, easy to understand, and easy to recover. mirroring over NFS is not simple. My money would be that you would spend less time up and lose more data than a single, completely non-redundant workstation (yes, no rsync, but with a good backup plan, which you need anyway)...all in the name of "high redundancy". No, I can't prove it, but I much prefer the simple solution which has simple and understood problems, than the system which is never supposed to break...and will anyway, in ways you never imagined, and may not be able to figure out. Experience tends to suggest I'm right on that... Nick. Seconded, we buy a lot of expensive proprietary gear and ware here. No one truly understands most of it, vendors wont tell us about it. It is never supposed to break and when it does it is expensive to get fixed. Home grown is great if it is dead simple/straight forward/elegant. If you are going to go make a hairball you may as well buy one. That way you can get to the pain quicker and it will take less time.
Dovecot package/ports report
Hey, just wanted to let you know that the current version as it comes from ports (same as package) got some problems when trying to upload Emails into an IMAP directory. I patched my ports to the version it was supposed to be, before it got reverted, and now it works fine with RC 5. Since RC 6 is already out, the version used for release should be RC 6+ ... Michael
saslauthd issue?
I'm in the process of getting dovecot set up, and unfortunately that also entails re-building sendmail to add SASL support, etc. I've installed the "cyrus-sasl-2.1.21p2.tgz" package on OBSD 3.9, and following a couple of on-line "HOW-TO's" for help. As I was inching my way along, testing as I go, I noticed something odd. /usr/local/sbin/testsaslauthd -u user -p password (NOTE: The testsaslauthd app is used to verify the saslauthd daemon is working properly; I assume it calls saslauthd, but there is no man page for it, so this is just a guess.) This test worked on the first user id and pw I tried, so I assumed saslauthd was working correctly. Later, while troubleshooting a stubborn issue, I tried it with another userid and password, and got the following result: B14xVu: Undefined variable. where "B14xVu" is a fragment of the password. The full password was: V$B14xVu I tried this on other user/password combinations, and got reasonable results. But the "$" char seems to cause a problem consistently. In all other cases, the result was either: 0: OK "Success." - or - 0: NO "authentication failed" At this point, I'm not sure what's going on. I'd appreciate it if someone else could try this experiment, and post your findings here. Thanks, J
Re: reboot on IBM xSeries 336
Thanks all, use config to modify the bsd and it work. Brgds, Riwan At 10:27 AM 8/7/2006 +0100, Stuart Henderson wrote: On 2006/08/07 16:05, riwanlky wrote: > Thanks, I tried to installed it using FTP, install completed. However when I > reboot, it still try to use pcibios0. How do I disable to pcibios0 forever. See config(8) "Kernel modification".
Re: OpenBSD and high availability
knitti wrote: On 8/7/06, Jens Mayer <[EMAIL PROTECTED]> wrote: While the networking part can be handled by carp, I'm collecting ideas on how to keep the local file systems in synch - especially for ftp users and the mailinglist archives. The synchronization will be done via a dedicated cross coonect cable directly between the boxes. while I would do it with rsync (I know, depends on what you want to do), I don't see any reason why ccd'ing two large nfs-exposed files shouldn't work. But I think this would be more ugly and complicated than rsyncing every x minutes... Simplicity is your friend. rsync is simple, easy to understand, and easy to recover. mirroring over NFS is not simple. My money would be that you would spend less time up and lose more data than a single, completely non-redundant workstation (yes, no rsync, but with a good backup plan, which you need anyway)...all in the name of "high redundancy". No, I can't prove it, but I much prefer the simple solution which has simple and understood problems, than the system which is never supposed to break...and will anyway, in ways you never imagined, and may not be able to figure out. Experience tends to suggest I'm right on that... Nick.
Re: DMESG question
Stuart Henderson wrote: On 2006/08/07 16:15, Gabriel George POPA wrote: 1) When the OS generates too much messages, old messages are lost (oldest lines present in `dmesg` are lost). What can I do to see ALL messages ever recorded for dmesg printing? More precisely, take a look at my `dmesg`: /var/log/messages if they're not rotated too far away (change newsyslog.conf if you want to keep them for longer). PLEASE, NO. Bad advice. Either use the dmesg command or the /var/run/dmesg.boot DO NOT pull your dmesg out of messages if you are seriously expecting help from others. If for some reason messages is your only option, carefully edit out the date and time stuff before posting. If you just paste in your messages output raw, I'm unlikely to spend much time looking at your query. Some people may...but not me. Which would you rather dig through looking for the one little gem that explains a problem? This: Jul 24 09:03:27 njh-9 /bsd: OpenBSD 3.9-current (GENERIC) #922: Wed Jun 28 23:06 :50 MDT 2006 Jul 24 09:03:27 njh-9 /bsd: [EMAIL PROTECTED]:/usr/src/sys/arch/i386/ compile/GENERIC Jul 24 09:03:27 njh-9 /bsd: cpu0: Intel(R) Pentium(R) 4 CPU 1300MHz ("GenuineInt el" 686-class) 1.30 GHz Jul 24 09:03:27 njh-9 /bsd: cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PG E,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM Jul 24 09:03:27 njh-9 /bsd: real mem = 133296128 (130172K) Jul 24 09:03:27 njh-9 /bsd: avail mem = 114892800 (112200K) Jul 24 09:03:27 njh-9 /bsd: using 1652 buffers containing 6766592 bytes (6608K) of memory Jul 24 09:03:27 njh-9 /bsd: mainbus0 (root) Jul 24 09:03:27 njh-9 /bsd: bios0 at mainbus0: AT/286+(00) BIOS, date 11/30/00, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf0450 (97 entries) Jul 24 09:03:27 njh-9 /bsd: bios0: Dell Computer Corporation Dimension 8100 ... or this: OpenBSD 3.9-current (GENERIC) #922: Wed Jun 28 23:06:50 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 1300MHz ("GenuineIntel" 686-class) 1.30 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH, DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM real mem = 133296128 (130172K) avail mem = 114892800 (112200K) using 1652 buffers containing 6766592 bytes (6608K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 11/30/00, BIOS32 rev. 0 @ 0xffe90, SMB IOS rev. 2.3 @ 0xf0450 (97 entries) bios0: Dell Computer Corporation Dimension 8100 ,,, All the date and time crap doesn't add anything for us, it just makes it completely unreadable, at least to me. If you want our help on something, MAKE IT EASY FOR US. Note how ugly that all looks, I was (intentionally) completely careless with the line wraps, and it STILL looks a lot better than some of the crap you guys post to the lists. But watch this: If I use my mail client smartly: OpenBSD 3.9-current (GENERIC) #922: Wed Jun 28 23:06:50 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 1300MHz ("GenuineIntel" 686-class) 1.30 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM real mem = 133296128 (130172K) avail mem = 114892800 (112200K) using 1652 buffers containing 6766592 bytes (6608K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 11/30/00, BIOS32 rev. 0 @ 0xffe90, SMB IOS rev. 2.3 @ 0xf0450 (97 entries) bios0: Dell Computer Corporation Dimension 8100 ... wow...so much more readable (assuming I didn't really snip my dmesg, of course). Yes, it took at least ten seconds longer to do that than it did to stupidly copy/paste, but I can assure you, I'd spend a lot more time reading it without stupid wrapping. Nick.
Re: Choices for Soekris "disk drives"
|On 7/15/05, Frank Denis (Jedi/Sector One) <[EMAIL PROTECTED]> wrote: |> On Fri, Jul 15, 2005 at 07:55:59PM +0530, Mayuresh Kathe wrote: |> >*AVOID* 2.5" IDE Laptop drives. |> >I've had pretty bad experience with them, |> >1. They heat up a lot |> >2. Are slow |> >3. Fail quite often (this could be due to the heat) |> >(face problems with Toshiba and IBM) |> |> I have the opposite experience. My Net4801 is running 24/7 for one |year with |> a Momentus drive (5400 RPMs) and it is neither slow nor hot. |> |> Hitachi also produces drives that are designed to run 24/7 (Eudurastar, |> now obsoleted by E7K60 and E7K100 drives). My Mac Mini is running with a |> 7K100 (80 Gb, 7200 RPM, 8 Mb cache) drive and it is as fast as any 3,5" |> drive. It seems to heat up more than the Momentus since the fan often |wakes |> up, but it works reliably. = Interesting. My MacMini Duo that I bought in April of this year has a Momentus 5400 rpm 80GB drive. When did you buy yours?
Re: OpenBSD -current freeze hourly(half an hour)
I will disable wpi0 for test later, thanks :) >Do you have the right firmware loaded? I downloaded and installed the firmware which noticed in OpenBSD's manual: wpi: //http://damien.bergamini.free.fr/packages/openbsd/wpi-firmware-1.13.tgz $ man wpi --skip // The driver needs at least version 1.13 of the following firmware file, which is loaded when an interface is brought up: /etc/firmware/wpi-ucode This firmware file is not free because Intel refuses to grant distribu- tion rights without contractual obligations. As a result, even though OpenBSD includes the driver, the firmware file cannot be included and users have to download this file on their own. The official person to state your views to about this issue is [EMAIL PROTECTED] at (858) 391 1857. A prepackaged version of the firmware, designed to be used with pkg_add(1) < http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1&arch=i386&apropos=0&manpath=OpenBSD+Current>, can be found at: /http://damien.bergamini.free.fr/packages/openbsd/wpi-firmware-1.13.tgz/ skip - // //Tobias Ulmer wrote: > On Mon, Aug 07, 2006 at 03:02:22PM +0800, Bibby Michael wrote: > >> Kernel panic: >> >> I use OpenBSD 4.0-beta(snapshots). >> >> --- >> anic: pool_get(mclpl): free list modified; magic=a4153cb5; page 0xd8038000; >> item addr 0xd8038800 >> Stopped at Debugger+0x4: leave >> >> RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! >> DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! >> >> ddb{0}> trace >> Debuuger (c,d1b0a25e,6c,d8038800,d074d5e0 at Debugger+0x4 >> panic (d0653e40, d0655d09, a4153c65, d803800, d8038800) at panic+0x63 >> pool_get(d074d5e0,0,e910fce0,d802ab36, d1963406) at pool_get+0x2f9 >> ieee80211_wep_crypt(d1b0a030, d8033f00, 0,4) at ieee80211_wep_crypt+0x56) >> ieee80211_input(d1b0a030, d8033f00, d1ae9a00, 23, 0, d8028818) at >> ieee80211_input+0x3e4 >> wpi_rx_intr(d1b0a000,d8028800, d1b0afa4, 16, 0) at wpi_rx_intr+0x3c9 >> wpi_notif_intr(d1b0a000, d0459f0d, e910ff18, d0459db6) at >> wpi_notif_intr+0xee >> wpi_intr(d1b0a000) at wpi_intr+0xca >> Xintr_ioapic4() at Xintr_ioapic4+0x74 >> --interrupt- >> apm_cpu_idle(0,0,0,0,0) at apm_cpu_idle+0x4a >> >> ddb{0}> ps >> COMMAND only: >> wget, ksh, dhclient, update, inted, cron, getty, sendmail, syslogd, crypto, >> aiodoned, reaper, usbtask, usb[0-4], cardslot0, cleaner, wskbd_hotkey, >> pfpurge, pagedaemon, kmthread, init, swapper >> >> I only use wget in console, without any X-window application running. >> sendmail/cron/syslogd are system services which bringed up by rc.conf. >> >> >> > Try to disable wpi(4) and see if it still crashes. > > Do you have the right firmware loaded? I don't own such a card but i > remember people having problems with it because they used firmware for > -stable and run a -current OS. > > Just guessing... > > Tobias
Re: Choices for Soekris "disk drives"
Le 8 ao{t 06 ` 01:01, Stuart Henderson a icrit : Gustavo Rios wrote: Which seagate momentus are you using? I don't think Frank is using that one any more. Google: pureftpd hard disk death "They all suck, it's just that they take it in turns to suck most." Every hard drive I've put in a 4801 has died in <1yr. Different manufacturers, 4200 and 5400rpm. Same things to me. 6 months of logging on standard drive just burn the disk. I use now 24x7 drive with extended temp range, and I hope it will service more than 6 months. Pretty expensive, so... JG
Re: BGP Lookingglass
On Monday, August 7, 2006, at 12:40:40, misc@openbsd.org wrote: > On 2006/08/07 11:46, Philip Olsson wrote: >> Im woundering if there exists a looking glass suitable for public access >> over http that uses the new read only socket in openbgpd ? > http://null-ptr.net/sw/lg/ works - > besides the mentioned files you will need: > bgpd_flags="-r /var/www/var/run/bgpd.sock" > everything listed in `ldd /usr/sbin/bgpctl' output (ld.so, lib's) > you probably have /var set as nosuid, this means you can't > use ping/traceroute in the jail unless you're willing to relax > that (and you can't use sudo to run them since that too is > setuid). > Might be worth also pointing out some SSH modification here, > http://archives.neohapsis.com/archives/openbsd/2006-04/1811.html > which (I haven't tested, but..) should let you separate webserver > from routers and just forward the RO control socket on, which > makes a certain amount of sense to me, especially on a public > access setup. We have written our own, which also uses id_rsa keys and users on other route-servers. We had to give up with jailing apache cause too much problems happened and now we have the following: http://www.pl-ix.pl/tools.asp (.asp is fake of course, our programmer loves such playing, it's normal PHP file) If anyone want I can send sources or publish it somewhere ;-) -- Sylwester S. Biernacki <[EMAIL PROTECTED]> X-NET, http://www.xnet.com.pl/
Re: spamd greylist and stutter/delay
On Mon, Aug 07, 2006 at 12:26:18PM -0400, Will H. Backman wrote: > I have spamd get up in a simple greylist mode, but I left the default > /etc/spamd.conf file intact. <...> > I'm not running spamd-setup. /etc/rc is tho. once, during boot; after it loads spamd, /etc/rc unconditionally fires of spamd-setup. > By default, spamd is stuttering for 10 seconds, but watching > /var/log/daemon, I also noticed that connections from spews and other > lists are lasting for over 400 seconds. well, if they're from lists that are in the default /etc/spamd.conf, i bet $1 it's /etc/rc that is catching you by surprise. because of spamd-setup being fired, is populated with those IPs and then they'll get the stutter forever and ever > Does spamd do anything else with /etc/spamd.conf besides set up white > and black lists? > Does this file effect the stutter or delay of connections? nope; [/etc/spamd.conf] only affects what IPs get called 'black' after the candidate IPs for are filled in by the ':black:' stanzas and/or subsequently removed by ':white:' stanzas. whatever's left after the "fill up black, remove white" business gets sent to spamd as "fill up with these IPs". /etc/spamd.conf, afaict, is also never read by spamd(8); see above re /etc/rc -- jared [ openbsd 3.9-current GENERIC ( jul 29 ) // i386 ]
Re: Choices for Soekris "disk drives"
Gustavo Rios wrote: > Which seagate momentus are you using? I don't think Frank is using that one any more. Google: pureftpd hard disk death "They all suck, it's just that they take it in turns to suck most." Every hard drive I've put in a 4801 has died in <1yr. Different manufacturers, 4200 and 5400rpm. Haven't tried any 24x7 rated ones, because you can't really buy them in most places.
PF development
Hi guys, I've got some skills in C language, and as a project for my studies, I'd like to develop a layer-7 filtering tool with PF, like this one which works with Linux/Netfilter: http://l7-filter.sourceforge.net/ So I'd like to know if there is some documentation, book or whatever explaining precisely the PF internals, and how to add some userspace features, because I guess it's a not a good idea to add some regexp code in kernelspace :). I googled a bit, and I've found the book "Building Firewalls with OpenBSD and PF, 2nd ed." by Jacek Artymiak. I've read the online available chapters, it sure seems interesting for setting up a firewall with PF, but I don't think it deals with its internal mechanisms. Naturally, I'm also looking at the pfctl sources included in src.tar.gz, but some help/advice would be greatly appreciated. Thanks for your time. P.S: I didn't know where to ask, but misc was the most appropriated I guess. -- Regards, Pierre-Yves Rofes
Re: Choices for Soekris "disk drives"
Gustavo Rios wrote: > Which seagate momentus are you using? > > Thanks in advance. > > On 7/15/05, Frank Denis (Jedi/Sector One) <[EMAIL PROTECTED]> wrote: >> On Fri, Jul 15, 2005 at 07:55:59PM +0530, Mayuresh Kathe wrote: >> >*AVOID* 2.5" IDE Laptop drives. >> >I've had pretty bad experience with them, >> >1. They heat up a lot >> >2. Are slow >> >3. Fail quite often (this could be due to the heat) >> >(face problems with Toshiba and IBM) >> >> I have the opposite experience. My Net4801 is running 24/7 for one >> year with >> a Momentus drive (5400 RPMs) and it is neither slow nor hot. I'm on something like three months non-stop of 24/7 on my Samsung MP0402H w/ 4801. wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
Re: Choices for Soekris "disk drives"
--- Gustavo Rios <[EMAIL PROTECTED]> wrote: > Which seagate momentus are you using? > > Thanks in advance. > > On 7/15/05, Frank Denis (Jedi/Sector One) <[EMAIL PROTECTED]> > wrote: > > On Fri, Jul 15, 2005 at 07:55:59PM +0530, Mayuresh Kathe wrote: > > >*AVOID* 2.5" IDE Laptop drives. > > >I've had pretty bad experience with them, > > >1. They heat up a lot > > >2. Are slow > > >3. Fail quite often (this could be due to the heat) > > >(face problems with Toshiba and IBM) > > > > I have the opposite experience. My Net4801 is running 24/7 for > one year with > > a Momentus drive (5400 RPMs) and it is neither slow nor hot. > > > > Hitachi also produces drives that are designed to run 24/7 > (Eudurastar, > > now obsoleted by E7K60 and E7K100 drives). My Mac Mini is running > with a > > 7K100 (80 Gb, 7200 RPM, 8 Mb cache) drive and it is as fast as any > 3,5" > > drive. It seems to heat up more than the Momentus since the fan > often wakes > > up, but it works reliably. I am intending on putting a WD Scorpio in my 4801 unit. I'll let you know how it goes. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Apache proxy settings not working
Hi folks, I've done this before on different hosts but for some this doesn't work on our OpenBSD gateway. I'd appreciate any help. I have a couple of apps (webmail) that sit behind the OpenBSD gateway running httpd. When I enable the proxy module and try to access the app behind it fails with this error: Mon Aug 7 13:20:42 2006] [notice] Apache/1.3.29 (Unix) mod_gzip/1.3.26.1a PHP/5.0.5 mod_ssl/2.8.16 OpenSSL/0.9.7g configured -- resuming normal operations [Mon Aug 7 13:20:42 2006] [notice] Accept mutex: sysvsem (Default: sysvsem) [Mon Aug 7 13:20:47 2006] [error] [client 24.87.68.160] (22)Invalid argument: proxy connect to 0.0.0.0 port 81 failed [Mon Aug 7 13:20:47 2006] [error] [client 24.87.68.160] (22)Invalid argument: proxy connect to 0.0.0.0 port 81 failed [Mon Aug 7 13:20:48 2006] [error] [client 24.87.68.160] (22)Invalid argument: proxy connect to 0.0.0.0 port 81 failed [Mon Aug 7 13:20:49 2006] [error] [client 24.87.68.160] (22)Invalid argument: proxy connect to 0.0.0.0 port 81 failed As you can see, it's not taking the IP address of the destination proxy host and thus fails. Here is what I have in my httpd.conf # Proxy LoadModule proxy_module /usr/lib/apache/modules/libproxy.so # Settings ProxyRequests Off ProxyVia On NoCache * # Virtual Host ServerName webmail.sendmail.tv ProxyRequests Off ProxyPass / http://10.10.33.3:81/ ProxyPassReverse / http://10.10.33.3:81/ Warm Regards, -Bruno -- Bruno Delbono | Systems Engineer | Open-Systems Group Websites: www.mail.ac www.sendmail.tv www.open-systems.org
Re: Choices for Soekris "disk drives"
Which seagate momentus are you using? Thanks in advance. On 7/15/05, Frank Denis (Jedi/Sector One) <[EMAIL PROTECTED]> wrote: On Fri, Jul 15, 2005 at 07:55:59PM +0530, Mayuresh Kathe wrote: >*AVOID* 2.5" IDE Laptop drives. >I've had pretty bad experience with them, >1. They heat up a lot >2. Are slow >3. Fail quite often (this could be due to the heat) >(face problems with Toshiba and IBM) I have the opposite experience. My Net4801 is running 24/7 for one year with a Momentus drive (5400 RPMs) and it is neither slow nor hot. Hitachi also produces drives that are designed to run 24/7 (Eudurastar, now obsoleted by E7K60 and E7K100 drives). My Mac Mini is running with a 7K100 (80 Gb, 7200 RPM, 8 Mb cache) drive and it is as fast as any 3,5" drive. It seems to heat up more than the Momentus since the fan often wakes up, but it works reliably.
Re: dns query
Hi, Original-Nachricht Datum: Mon, 07 Aug 2006 14:58:52 +0700 Von: riwanlky <[EMAIL PROTECTED]> An: misc@openbsd.org Betreff: dns query > Hi all, > > I don't know if it is the right place to write about this problem. > I am running OpenBSD 3.9, however it seem to me that my OpenBSD > box always send a DNS query for: > - email sending (from internal and external) I had tried to add in my > resolv.conf to use nameserver localhost. So that @mcojaya.com > will not go to other DNS server for query. I use /etc/hosts to add > 127.0.0.1 mcojaya.com > I have problem that when the internet is down, my local users were > not able to send email because of DNS query check. > - nagios. I use check_ping, and it seem that it will always query > DNS for every ip address (host) that I setup to check_ping. > > I did not modify any inetd.conf > > Thanks, best regards, > riwan have a look at DNSMASQ, which is in ports, I think. Homepage is at "http://www.thekelleys.org.uk/dnsmasq/doc.html"; and fills probably all your needs. Regards Stefan Kell
Re: Tyan v. Supermicro for Opteron?
Karsten McMinn wrote: On 8/7/06, Dustin Lundquist <[EMAIL PROTECTED]> wrote: I've used both a Tyan S2892 and Supermicro H8SSL and H8DA8, the Tyan board had a number of weird BIOS issues - some times it would boot, reset the BIOS 5 times wave a dead chicken over it and then it would work. yea, their bios updating utilty fried the prom on mine. however they dropped me a flashed chip no questions asked the next day which was impressive. its worked fine since then. I'd probably trend toward supermicro. I doubt a distinction could be made in pcb/part/solder quality. Supermicro gets a extra vote in support of their case offerings. And, for what it's worth, I believe the Supermicro cases have full sensor reporting (for the backplanes, power stuff, etc), but I think Dustin would be a better source of info on that... Nick "Life's not fair, but the root password helps"
Re: Tyan v. Supermicro for Opteron?
On 8/7/06, Dustin Lundquist <[EMAIL PROTECTED]> wrote: I've used both a Tyan S2892 and Supermicro H8SSL and H8DA8, the Tyan board had a number of weird BIOS issues - some times it would boot, reset the BIOS 5 times wave a dead chicken over it and then it would work. yea, their bios updating utilty fried the prom on mine. however they dropped me a flashed chip no questions asked the next day which was impressive. its worked fine since then. I'd probably trend toward supermicro. I doubt a distinction could be made in pcb/part/solder quality. Supermicro gets a extra vote in support of their case offerings.
Re: carp and physical interface
* Gustavo Rios <[EMAIL PROTECTED]> [2006-08-07 00:32]: > Dear friends, > > i am running a openbsd firewall i am considering to start using carp, > for increased reliability. I am very confused whether the physical > interface to which a carpX corresponds should be used for IP traffic > or only CARP protocol traffic? I don't understand teh question. the carp interface doesn't really see any traffic (please refrain from making me tell the details, but that is the executive summary, esp. from pf's viewpoint) at all. you filter on the underlaying physical or logical (vlan etc) interface. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: OpenBSD and high availability
On Mon, 7 Aug 2006, Jason Dixon wrote: SNIP > > Also, I'm not sure how ccd and nfs interact, but given that ccd isn't > > meant for data security (use RAIDframe) and nfs has many interesting > > issues, I'm not certain I would trust my data to that. > > > > I *believe* that, presuming the NFS server itself will not fail and > > such, that RAIDframe over NFS *may* work. I'm no developer or even too > > good at filesystems, though, and I would recommend a lot of testing. > > If it's good enough for [EMAIL PROTECTED] > > http://marc.theaimsgroup.com/?l=openbsd-misc&m=86187916316&w=2 > http://marc.theaimsgroup.com/?l=openbsd-misc&m=105358689405500&w=2 Sounds like an interesting, perhaps messy might be another description, RAID implementation. However it still might be fun to setup a RAID on RAID configuration across multiple nfs mounts once. diana
XOrg upgrade problem
Hello all, I have a problem concerning an OpenBSD 3.8 machine. I decided today to apply all patches (001 to 009) and to recompile thus parts of the operating system. All patches have been compiled and installed cleanly. Even those for the kernel (although it's the first time I ever compiled a kernel on OpenBSD - I've done this of course numerous times on FreeBSD). BUT, now I have a problem with XOrg (it won't start). Probably it's because of patch number 007. When I do a startx I obtain the following at the end of the /var/log/Xorg.0.log file: (...) (**) Keyboard0: CustomKeycodes disabled (II) XINPUT: Adding extended input device "Keyboard0" (type: KEYBOARD) (II) XINPUT: Adding extended input device "Mouse0" (type: MOUSE) Could not init font path element /usr/X11R6/lib/X11/fonts/misc/, removing from l ist! Could not init font path element /usr/X11R6/lib/X11/fonts/TTF/, removing from li st! Could not init font path element /usr/X11R6/lib/X11/fonts/Type1/, removing from list! Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing from li st! Could not init font path element /usr/X11R6/lib/X11/fonts/75dpi/, removing from list! Could not init font path element /usr/X11R6/lib/X11/fonts/100dpi/, removing from list! Fatal server error: could not open default font 'fixed' Please consult the The X.Org Foundation support at http://wiki.X.Org for help. Please also check the log file at "/var/log/Xorg.0.log" for additional informati on. What can I do now? Where should I start solving the problem? I installed the 007 patch by doing: cd /usr/src/XF4 patch -p0 < 007_xorg.patch then by issuing: make build Yours in BSDness, Gabriel George POPA
Re: DMESG question
Cituji Gabriel George POPA <[EMAIL PROTECTED]>: I have two small questions: 1) When the OS generates too much messages, old messages are lost (oldest lines present in `dmesg` are lost). What can I do to see ALL messages ever recorded for dmesg printing? More precisely, take a look at my `dmesg`: # dmesg arp info overwritten for 193.231.39.129 by 00:90:bf:10:88:40 on vr0 arp info overwritten for 193.231.39.129 by 00:10:dc:4c:6f:6c on vr0 arp info overwritten for 193.231.39.36 by 00:15:f2:16:f8:b4 on vr0 arp info overwritten for 193.231.39.54 by 00:e0:29:9b:bc:6c on vr0 ... (and a lot of other similar messages, similar if not even identical) man arp(4) - http://www.openbsd.org/cgi-bin/man.cgi?query=arp&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html#end jirib
Re: OpenBSD and high availability
On Aug 7, 2006, at 12:31 PM, Joachim Schipper wrote: On Mon, Aug 07, 2006 at 06:07:53PM +0200, knitti wrote: On 8/7/06, Jens Mayer <[EMAIL PROTECTED]> wrote: While the networking part can be handled by carp, I'm collecting ideas on how to keep the local file systems in synch - especially for ftp users and the mailinglist archives. The synchronization will be done via a dedicated cross coonect cable directly between the boxes. while I would do it with rsync (I know, depends on what you want to do), I don't see any reason why ccd'ing two large nfs-exposed files shouldn't work. But I think this would be more ugly and complicated than rsyncing every x minutes... Also, I'm not sure how ccd and nfs interact, but given that ccd isn't meant for data security (use RAIDframe) and nfs has many interesting issues, I'm not certain I would trust my data to that. I *believe* that, presuming the NFS server itself will not fail and such, that RAIDframe over NFS *may* work. I'm no developer or even too good at filesystems, though, and I would recommend a lot of testing. If it's good enough for [EMAIL PROTECTED] http://marc.theaimsgroup.com/?l=openbsd-misc&m=86187916316&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=105358689405500&w=2 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
[Fwd: Re: OpenBSD and high availability]
I am running two "clusters" using carp for network failover. I use rsync every 15 minutes for the simple webapp which issues x509 certs. A script runs on each node to check if it is master if so it makes a crl, if not it pulls the directory hierarchy from the master. The other cluster does the same for the web pages, but uses Mysql replication to keep the databases in sync. Sooo ho hoo mch cheaper than our AIX HACMP clusters on EMC . 80-90% of the functionality for ~5% of the cost. Seems to me that there was/is some daemon on the redhated step child of an distro that you could use to look for changes in an file or dir structure that you could use. I'll see if I can rember/find it, I though it was from SGI. This may or may not help http://oss.sgi.com/projects/fam/links.html Jens Mayer wrote: Dear all, we are thinking about a scenario on how to set up a server offering http, ftp and a few postfix/mailman driven mailinglists with a redundant failover. I'm _not_ talking about load balancing here - only the master is serving, while the slave sits still and waits, probably with all services shut down until taking over. While the networking part can be handled by carp, I'm collecting ideas on how to keep the local file systems in synch - especially for ftp users and the mailinglist archives. The synchronization will be done via a dedicated cross coonect cable directly between the boxes. I've seen nice concepts like DRBD (www.drbd.org), offering a "RAID-1" network block device, but did not find anything like that for OpenBSD. Of course there's always the possibility of scripting something own using rsync and friends, but I'm curious if some of you have a similar setup running and can share some ideas, thoughts and big red warnings. Kind regards, Jens
Re: OpenBSD and high availability
On Mon, Aug 07, 2006 at 06:07:53PM +0200, knitti wrote: > On 8/7/06, Jens Mayer <[EMAIL PROTECTED]> wrote: > >While the networking part can be handled by carp, I'm collecting ideas on > >how > >to keep the local file systems in synch - especially for ftp users and the > >mailinglist archives. The synchronization will be done via a dedicated > >cross > >coonect cable directly between the boxes. > > while I would do it with rsync (I know, depends on what you want to do), > I don't see any reason why ccd'ing two large nfs-exposed files shouldn't > work. But I think this would be more ugly and complicated than rsyncing > every x minutes... Also, I'm not sure how ccd and nfs interact, but given that ccd isn't meant for data security (use RAIDframe) and nfs has many interesting issues, I'm not certain I would trust my data to that. I *believe* that, presuming the NFS server itself will not fail and such, that RAIDframe over NFS *may* work. I'm no developer or even too good at filesystems, though, and I would recommend a lot of testing. Joachim
Re: OpenBSD and high availability
knitti wrote: On 8/7/06, Jens Mayer <[EMAIL PROTECTED]> wrote: While the networking part can be handled by carp, I'm collecting ideas on how to keep the local file systems in synch - especially for ftp users and the mailinglist archives. The synchronization will be done via a dedicated cross coonect cable directly between the boxes. while I would do it with rsync (I know, depends on what you want to do), I don't see any reason why ccd'ing two large nfs-exposed files shouldn't work. But I think this would be more ugly and complicated than rsyncing every x minutes... --knitti der Mouse released something last year that sounds for all the world like it could be modified for use as a good filesystem failover mechanism (obviously, this doesn't help the OP /now/): overview: http://kerneltrap.org/node/5058 download: ftp://ftp.rodents.montreal.qc.ca/mouse/livebackup Although it's based on a client/server architecture, a bit of configuring could probably get it to work in a master/slave environment. - Bret
spamd greylist and stutter/delay
I have spamd get up in a simple greylist mode, but I left the default /etc/spamd.conf file intact. I'm not running spamd-setup. By default, spamd is stuttering for 10 seconds, but watching /var/log/daemon, I also noticed that connections from spews and other lists are lasting for over 400 seconds. Does spamd do anything else with /etc/spamd.conf besides set up white and black lists? Does this file effect the stutter or delay of connections? By the way, spamd really does a great job.
Re: OpenBSD and high availability
On 8/7/06, Jens Mayer <[EMAIL PROTECTED]> wrote: While the networking part can be handled by carp, I'm collecting ideas on how to keep the local file systems in synch - especially for ftp users and the mailinglist archives. The synchronization will be done via a dedicated cross coonect cable directly between the boxes. while I would do it with rsync (I know, depends on what you want to do), I don't see any reason why ccd'ing two large nfs-exposed files shouldn't work. But I think this would be more ugly and complicated than rsyncing every x minutes... --knitti
Re: dns query
** Reply to message from riwanlky <[EMAIL PROTECTED]> on Mon, 07 Aug 2006 14:58:52 +0700 >I don't know if it is the right place to write about this problem. >I am running OpenBSD 3.9, however it seem to me that my OpenBSD >box always send a DNS query for: >- email sending (from internal and external) I had tried to add in my >resolv.conf to use nameserver localhost. So that @mcojaya.com >will not go to other DNS server for query. I use /etc/hosts to add >127.0.0.1 mcojaya.com >I have problem that when the internet is down, my local users were >not able to send email because of DNS query check. >- nagios. I use check_ping, and it seem that it will always query >DNS for every ip address (host) that I setup to check_ping. > >I did not modify any inetd.conf Sending email requires more than just an IP address. When sending a message to @, the mailer first checks where it should be sent by looking for an 'MX' (Mail eXchanger) record for -- and 'MX' records can only be suppied via DNS. The typical setup is something like: domain.example IN MX 10,mail-server.domain.example mail-server.domain.example IN A192.168.13.57 So if you want this to work when your internet connection is down you need to either set up your own DNS server (it's not all that hard, but is certainly not trivial) or find a mailer (if one exists) that does some special hackery to avoid DNS queries for locally-addressed messages. Dave -- Dave Anderson <[EMAIL PROTECTED]>
Re: Tyan v. Supermicro for Opteron?
I've used both a Tyan S2892 and Supermicro H8SSL and H8DA8, the Tyan board had a number of weird BIOS issues - some times it would boot, reset the BIOS 5 times wave a dead chicken over it and then it would work. The only similar issues I've run into with the Supermicro boards was with the onboard Adaptec SCSI and an LSI MegaRAID on the H8DA8 and another MegaRAID in a Supermicro P4SCT, resetting the BIOS and disabling the onboard Adaptec SCSI via jumper resolved or moving the MegaRAID resolved these issues. After working with the S2892 and several older Tyan dual P3 and dual Athlon boards, my option of them is: quirky. Dustin Lundquist Darrin Chandler wrote: > Ok, I've got it narrowed down a bit. Anyone have experiences good or bad > to report with Tyan versus Supermicro mobos? I find archives for people > using one or the other, so they both seem workable. Anyone used both and > prefer one for some reason? I'm looking at 2xCPU, and maybe dual-core in > addition. > > Any help *greatly* appreciated!
Wireshark 0.99 on OpenBSD 3.9
FYI. For those contemplating installing Wireshark, the 0.99.2 snapshot currently available on http://www.wireshark.org/download.html does not build on 3.9. There has been recent discussion on wireshark-dev@ about this, and the latest SVN source appears to correct the problem(s): http://www.mail-archive.com/wireshark-dev@wireshark.org/msg00328.html The list of packages & build sequence described at the following page are still correct as I have successfully built what becomes Wireshark 0.99.3 from the latest SVN source this weekend. http://www.cromwell-intl.com/unix/openbsd-dell.html HTH. Jim
OpenBSD and high availability
Dear all, we are thinking about a scenario on how to set up a server offering http, ftp and a few postfix/mailman driven mailinglists with a redundant failover. I'm _not_ talking about load balancing here - only the master is serving, while the slave sits still and waits, probably with all services shut down until taking over. While the networking part can be handled by carp, I'm collecting ideas on how to keep the local file systems in synch - especially for ftp users and the mailinglist archives. The synchronization will be done via a dedicated cross coonect cable directly between the boxes. I've seen nice concepts like DRBD (www.drbd.org), offering a "RAID-1" network block device, but did not find anything like that for OpenBSD. Of course there's always the possibility of scripting something own using rsync and friends, but I'm curious if some of you have a similar setup running and can share some ideas, thoughts and big red warnings. Kind regards, Jens
Re: DMESG question
Gabriel George POPA wrote: I have two small questions: 1) When the OS generates too much messages, old messages are lost (oldest lines present in `dmesg` are lost). `dmesg' displays the system message buffer, which has a limited space. Therefore, when it is full, it starts overwriting itself. Thus, lost messages are indeed lost. What can I do to see ALL messages ever recorded for dmesg printing? You could write some script that `dmesg > /some/where/$time` periodically (cron job). More precisely, take a look at my `dmesg`: # dmesg arp info overwritten for 193.231.39.129 by 00:90:bf:10:88:40 on vr0 arp info overwritten for 193.231.39.129 by 00:10:dc:4c:6f:6c on vr0 arp info overwritten for 193.231.39.36 by 00:15:f2:16:f8:b4 on vr0 arp info overwritten for 193.231.39.54 by 00:e0:29:9b:bc:6c on vr0 ... (and a lot of other similar messages, similar if not even identical) Most questions on this mail list require me to provide a valid output of dmesg. But if old messages are erased, how am I supposed to do this? $ cat /var/run/dmesg.boot I am not allowed to reboot the machine! The machine is supposed to be running 24/7, NO reboot allowed. Isn't this machine ever upgraded? Or, if it is so important - what about redundancy? Well well. 2) What do these lines mean (the lines I copied above from the output of `dmesg`)? I'd say some machines are fighting over the same ip address. I could be wrong, though. Don know, but I get a feeling that some failover solution(s) could cause this. /Alexander
Re: DMESG question
On Monday 07 August 2006 08:15, Gabriel George POPA wrote: >Most questions on this mail list require me to provide a valid output > of dmesg. But if old messages are erased, how am I >supposed to do this? Take a look at /var/run/dmesg.boot. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: DMESG question
Thank you, that's what I was looking for :) Stuart Henderson wrote: >On 2006/08/07 16:15, Gabriel George POPA wrote: > > >>1) When the OS generates too much messages, old messages are lost >>(oldest lines present in `dmesg` are lost). >>What can I do to see ALL messages ever recorded for dmesg printing? More >>precisely, take a look at my `dmesg`: >> >> > >/var/log/messages if they're not rotated too far away >(change newsyslog.conf if you want to keep them for longer). > > > >># dmesg >>arp info overwritten for 193.231.39.129 by 00:90:bf:10:88:40 on vr0 >>arp info overwritten for 193.231.39.129 by 00:10:dc:4c:6f:6c on vr0 >>arp info overwritten for 193.231.39.36 by 00:15:f2:16:f8:b4 on vr0 >>arp info overwritten for 193.231.39.54 by 00:e0:29:9b:bc:6c on vr0 >> >> > >this is IP addresses moving between machines.
Re: DMESG question
All right, even better. Thank you all. Yours in BSDness, George Landry wrote: On 8/7/06, Gabriel George POPA <[EMAIL PROTECTED]> wrote: I have two small questions: 1) When the OS generates too much messages, old messages are lost (oldest lines present in `dmesg` are lost). What can I do to see ALL messages ever recorded for dmesg printing? There is always a copy of the original dmesg in /var/run/dmesg.boot Landry
Re: DMESG question
On 8/7/06, Gabriel George POPA <[EMAIL PROTECTED]> wrote: I have two small questions: 1) When the OS generates too much messages, old messages are lost (oldest lines present in `dmesg` are lost). What can I do to see ALL messages ever recorded for dmesg printing? There is always a copy of the original dmesg in /var/run/dmesg.boot Landry
Re: DMESG question
On 2006/08/07 16:15, Gabriel George POPA wrote: > 1) When the OS generates too much messages, old messages are lost > (oldest lines present in `dmesg` are lost). > What can I do to see ALL messages ever recorded for dmesg printing? More > precisely, take a look at my `dmesg`: /var/log/messages if they're not rotated too far away (change newsyslog.conf if you want to keep them for longer). > # dmesg > arp info overwritten for 193.231.39.129 by 00:90:bf:10:88:40 on vr0 > arp info overwritten for 193.231.39.129 by 00:10:dc:4c:6f:6c on vr0 > arp info overwritten for 193.231.39.36 by 00:15:f2:16:f8:b4 on vr0 > arp info overwritten for 193.231.39.54 by 00:e0:29:9b:bc:6c on vr0 this is IP addresses moving between machines.
Re: DMESG question
Hi Gabriel, old versions of /var/log/messages are stored in a gzip compressed form in /var/log too and are called messages..gz steffen -- http://cdp.doomed-reality.org why the 'never ending story' makes the 'mission impossible' in /bin/sh: while [ 1 ]; do sleep 1; done; do_mission;
Re: tunnels
Yes you can do that but, why gre tunnels instead of ipsec? Gustavo Rios wrote: I would like to configure a virtual network on multiple physical location. So, i am seeking if it could be possible using gre tunnels. Local private address address will be 10/8 and the gre network of tunnels should be 192.168.0.0/23. It is possible? Thanks in advance.
Re: DMESG question
Gabriel, You can always pipe it to more, like this # dmesg | more and you can make the output go to a file, with # dmesg > filename Regards, Loz On 8/7/06, Gabriel George POPA <[EMAIL PROTECTED]> wrote: > > I have two small questions: > 1) When the OS generates too much messages, old messages are lost > (oldest lines present in `dmesg` are lost). > What can I do to see ALL messages ever recorded for dmesg printing? More > precisely, take a look at my `dmesg`: > # dmesg > arp info overwritten for 193.231.39.129 by 00:90:bf:10:88:40 on vr0 > arp info overwritten for 193.231.39.129 by 00:10:dc:4c:6f:6c on vr0 > arp info overwritten for 193.231.39.36 by 00:15:f2:16:f8:b4 on vr0 > arp info overwritten for 193.231.39.54 by 00:e0:29:9b:bc:6c on vr0 > ... > (and a lot of other similar messages, similar if not even identical) > > Most questions on this mail list require me to provide a valid output of > dmesg. But if old messages are erased, how am I > supposed to do this? I am not allowed to reboot the machine! The machine > is supposed to be running 24/7, NO reboot allowed. > > 2) What do these lines mean (the lines I copied above from the output of > `dmesg`)? > > NOTE: I'm using OpenBSD 3.8 on i386 (P4). > > > Yours in BSDness, > > Gabriel George POPA
DMESG question
I have two small questions: 1) When the OS generates too much messages, old messages are lost (oldest lines present in `dmesg` are lost). What can I do to see ALL messages ever recorded for dmesg printing? More precisely, take a look at my `dmesg`: # dmesg arp info overwritten for 193.231.39.129 by 00:90:bf:10:88:40 on vr0 arp info overwritten for 193.231.39.129 by 00:10:dc:4c:6f:6c on vr0 arp info overwritten for 193.231.39.36 by 00:15:f2:16:f8:b4 on vr0 arp info overwritten for 193.231.39.54 by 00:e0:29:9b:bc:6c on vr0 ... (and a lot of other similar messages, similar if not even identical) Most questions on this mail list require me to provide a valid output of dmesg. But if old messages are erased, how am I supposed to do this? I am not allowed to reboot the machine! The machine is supposed to be running 24/7, NO reboot allowed. 2) What do these lines mean (the lines I copied above from the output of `dmesg`)? NOTE: I'm using OpenBSD 3.8 on i386 (P4). Yours in BSDness, Gabriel George POPA
Re: BGP Lookingglass
On 2006/08/07 11:46, Philip Olsson wrote: > Im woundering if there exists a looking glass suitable for public access > over http that uses the new read only socket in openbgpd ? http://null-ptr.net/sw/lg/ works - besides the mentioned files you will need: bgpd_flags="-r /var/www/var/run/bgpd.sock" everything listed in `ldd /usr/sbin/bgpctl' output (ld.so, lib's) you probably have /var set as nosuid, this means you can't use ping/traceroute in the jail unless you're willing to relax that (and you can't use sudo to run them since that too is setuid). Might be worth also pointing out some SSH modification here, http://archives.neohapsis.com/archives/openbsd/2006-04/1811.html which (I haven't tested, but..) should let you separate webserver from routers and just forward the RO control socket on, which makes a certain amount of sense to me, especially on a public access setup.
BGP Lookingglass
hello Im woundering if there exists a looking glass suitable for public access over http that uses the new read only socket in openbgpd ? // Philip
Re: reboot on IBM xSeries 336
On 2006/08/07 16:05, riwanlky wrote: > Thanks, I tried to installed it using FTP, install completed. However when I > reboot, it still try to use pcibios0. How do I disable to pcibios0 forever. See config(8) "Kernel modification".
Re: Tyan v. Supermicro for Opteron?
On 2006/08/06 15:47, Darrin Chandler wrote: > Ok, I've got it narrowed down a bit. Anyone have experiences good or bad > to report with Tyan versus Supermicro mobos? I find archives for people > using one or the other, so they both seem workable. Anyone used both and > prefer one for some reason? I'm looking at 2xCPU, and maybe dual-core in > addition. Supermicro H8SSL-based (1x939, used in various systems in 1010A range) works quite nicely for the main part, though I'm having some trouble with multiport PCI-X nics (I speculate maybe any cards using an extra ppb(4), but I don't have any non-nic cards with bridges to check). dmesg: http://archives.neohapsis.com/archives/openbsd/2006-07/0271.html H8DA8 board (2x940, used in 2020A-8R) is working quite nicely with i386 UP, amd64 UP, amd64 MP. Had some lockups (just locked, no panic) with i386 MP under load. dmesg below. PCI slots on 2020A-8R are low- profile only so if you want a megaraid to connect to internal drives make sure it's a 320-1LP. Heatsinks for rackmount Supermicros are sold separately and the packaging for those is not the greatest. I've generally been pretty happy with the kit though. Tyan - haven't used myself, but they are OEM for some Sun galaxy server motherboards which have a few users... h8da8: OpenBSD 3.9-current (GENERIC.MP) #910: Thu Jul 13 20:33:16 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2147086336 (2096764K) avail mem = 1835438080 (1792420K) using 22937 buffers containing 214917120 bytes (209880K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc160 (67 entries) bios0: Supermicro H8DA8/H8DAR ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) (MSI RHAPSODY) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Dual Core AMD Opteron(tm) Processor 265, 1795.11 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Dual Core AMD Opteron(tm) Processor 265, 1794.89 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfebfe000, version 11, 4 pins ioapic2 at mainbus0 apid 4 pa 0xfebff000, version 11, 4 pins pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 6 function 0 "AMD 8111 PCI-PCI" rev 0x07 pci1 at ppb0 bus 3 ohci0 at pci1 dev 0 function 0 "AMD 8111 USB" rev 0x0b: apic 2 int 19 (irq 10), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci1 dev 0 function 1 "AMD 8111 USB" rev 0x0b: apic 2 int 19 (irq 10), version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered vga1 at pci1 dev 4 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 "AMD AMD8111 LPC" rev 0x05 pciide0 at pci0 dev 7 function 1 "AMD 8111 IDE" rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 amdiic0 at pci0 dev 7 function 2 "AMD 8111 SMBus" rev 0x02: SCI iic0 at amdiic0 admcts0 at iic0 addr 0x2c lm1 at iic0 addr 0x2d: W83627HF amdpm0 at pci0 dev 7 function 3 "AMD 8111 Power" rev 0x05: rng active iic1 at amdpm0 ppb1 at pci0 dev 10 function 0 "AMD 8131 PCIX" rev 0x13 pci2 at ppb1 bus 2 ahd0 at pci2 dev 3 function 0 "Adaptec AIC-7902B U320" rev 0x10: apic 3 int 0 (irq 9) ahd0: aic7902, U320 Wide Channel A, SCSI Id=7, PCI-X 67-100Mhz, 512 SCBs scsibus1 at ahd0: 16 targets ahd1 at pci2 dev 3 function 1 "Adaptec AIC-7902B U320" rev 0x10: apic 3 int 1 (irq 11) ahd1: aic7902, U320 Wide Channel B, SCSI Id=7, PCI-X 67-100Mhz, 512 SCBs scsibus2 at ahd1: 16 targets b
Re: reboot on IBM xSeries 336
Thanks, I tried to installed it using FTP, install completed. However when I reboot, it still try to use pcibios0. How do I disable to pcibios0 forever. I am still using i386. Thanks, and best regards, riwan At 08:13 PM 8/1/2006 +0200, Srebrenko Sehic wrote: This is know. Workaround is to install via FTP (with pcibios disabled) or use amd64 version. That, AFAIK, works fine. More details at http://www.armorlogic.com/openbsd_information_server_compatibility_list.html?action=detail&id=x336 On 8/1/06, riwanlky <[EMAIL PROTECTED]> wrote: Hai All, I am trying to install OpenBSD 3.9 GENERIC into IBM xSeries 336, however it reboot after pcibios0: exclusive interrupt 9 10 11 15 The I tried to disable the pcibios0 boot> boot -c UKC> disable pcibios0 creating partition ok. when it look for cd to install, it did not recognize cd0. Timeout. Perhaps because the cdrom is in pcibios0? I do not have serial cable with me, so I could not display the message. Thanks, Riwan
Re: dns query
On Monday 07 August 2006 15:58, riwanlky wrote: > Hi all, > > I don't know if it is the right place to write about this problem. > I am running OpenBSD 3.9, however it seem to me that my OpenBSD > box always send a DNS query for: > - email sending (from internal and external) I had tried to add in my > resolv.conf to use nameserver localhost. So that @mcojaya.com > will not go to other DNS server for query. I use /etc/hosts to add > 127.0.0.1 mcojaya.com > I have problem that when the internet is down, my local users were > not able to send email because of DNS query check. > - nagios. I use check_ping, and it seem that it will always query > DNS for every ip address (host) that I setup to check_ping. > > I did not modify any inetd.conf > > Thanks, best regards, > riwan Why not setting up your own DNS server to serve mcojaya.com zone and forward dns queries other than mcojaya.com to your ISP dns servers? It can be easily achieved with bind and djbdns' tinydns and dnscache. -- Warm regards, Kevin Foo Key fingerprint : 4B23 FC1C E50B 9693 CCDD 2A7D A048 E909 8924 9BDD Public key : http://keyserver.linux.it/pks/lookup?op=get&search=0xA048E90989249BDD *Internet Email Confidentiality Footer * Legal Privilege & Confidentiality --- This email contains privileged and/or confidential information. If you are not the intended recipient (or responsible for delivery of the message to such person) or if you have inadvertently received this email, you should destroy or delete this message and notify the sender by reply email accordingly. If you or your employer do not consent to using Internet email for messages of this kind please advise immediately by sending an email to the sender of this message . All opinions, conclusions and other information in this message that do not relate to the official business of Zaid Ibrahim & Co shall be understood as neither given nor endorsed by Zaid Ibrahim & Co. Our company accepts no liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing. Caveat -WARNING: Computer viruses can be transmitted via email, and you should check this email and any attachments for the presence of viruses. Zaid Ibrahim & Co accepts no liability for any damage caused by any virus transmitted by this email. Our employees are expressly required not to make defamatory statements nor infringe or authorise any infringement of copyright or any other legal right via any communications. Any such communication is contrary to our company policy and outside the scope of the employment of said individual. We will not be liable for such communication.
Re: OpenBSD -current freeze hourly(half an hour)
On Mon, Aug 07, 2006 at 03:02:22PM +0800, Bibby Michael wrote: > Kernel panic: > > I use OpenBSD 4.0-beta(snapshots). > > --- > anic: pool_get(mclpl): free list modified; magic=a4153cb5; page 0xd8038000; > item addr 0xd8038800 > Stopped at Debugger+0x4: leave > > RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! > DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! > > ddb{0}> trace > Debuuger (c,d1b0a25e,6c,d8038800,d074d5e0 at Debugger+0x4 > panic (d0653e40, d0655d09, a4153c65, d803800, d8038800) at panic+0x63 > pool_get(d074d5e0,0,e910fce0,d802ab36, d1963406) at pool_get+0x2f9 > ieee80211_wep_crypt(d1b0a030, d8033f00, 0,4) at ieee80211_wep_crypt+0x56) > ieee80211_input(d1b0a030, d8033f00, d1ae9a00, 23, 0, d8028818) at > ieee80211_input+0x3e4 > wpi_rx_intr(d1b0a000,d8028800, d1b0afa4, 16, 0) at wpi_rx_intr+0x3c9 > wpi_notif_intr(d1b0a000, d0459f0d, e910ff18, d0459db6) at > wpi_notif_intr+0xee > wpi_intr(d1b0a000) at wpi_intr+0xca > Xintr_ioapic4() at Xintr_ioapic4+0x74 > --interrupt- > apm_cpu_idle(0,0,0,0,0) at apm_cpu_idle+0x4a > > ddb{0}> ps > COMMAND only: > wget, ksh, dhclient, update, inted, cron, getty, sendmail, syslogd, crypto, > aiodoned, reaper, usbtask, usb[0-4], cardslot0, cleaner, wskbd_hotkey, > pfpurge, pagedaemon, kmthread, init, swapper > > I only use wget in console, without any X-window application running. > sendmail/cron/syslogd are system services which bringed up by rc.conf. > > Try to disable wpi(4) and see if it still crashes. Do you have the right firmware loaded? I don't own such a card but i remember people having problems with it because they used firmware for -stable and run a -current OS. Just guessing... Tobias
dns query
Hi all, I don't know if it is the right place to write about this problem. I am running OpenBSD 3.9, however it seem to me that my OpenBSD box always send a DNS query for: - email sending (from internal and external) I had tried to add in my resolv.conf to use nameserver localhost. So that @mcojaya.com will not go to other DNS server for query. I use /etc/hosts to add 127.0.0.1 mcojaya.com I have problem that when the internet is down, my local users were not able to send email because of DNS query check. - nagios. I use check_ping, and it seem that it will always query DNS for every ip address (host) that I setup to check_ping. I did not modify any inetd.conf Thanks, best regards, riwan
Re: OpenBSD -current freeze hourly(half an hour)
Bibby Michael wrote: It seems that the audio device drived correctly by 'azalia', but when i play mp3 file in xmms/bmp, i can't heard any sound. Any suggestion? Maybe the standard "mixerctl issues"? mixerctl -a | egrep '^(input|outputs)\.' | sed 's/=.*//' | while read a; do case $a in *.mute) mixerctl ${a%.mute}=255 $a=off;; esac done /Alexander
Re: OpenBSD -current freeze hourly(half an hour)
Kernel panic: I use OpenBSD 4.0-beta(snapshots). --- anic: pool_get(mclpl): free list modified; magic=a4153cb5; page 0xd8038000; item addr 0xd8038800 Stopped at Debugger+0x4: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb{0}> trace Debuuger (c,d1b0a25e,6c,d8038800,d074d5e0 at Debugger+0x4 panic (d0653e40, d0655d09, a4153c65, d803800, d8038800) at panic+0x63 pool_get(d074d5e0,0,e910fce0,d802ab36, d1963406) at pool_get+0x2f9 ieee80211_wep_crypt(d1b0a030, d8033f00, 0,4) at ieee80211_wep_crypt+0x56) ieee80211_input(d1b0a030, d8033f00, d1ae9a00, 23, 0, d8028818) at ieee80211_input+0x3e4 wpi_rx_intr(d1b0a000,d8028800, d1b0afa4, 16, 0) at wpi_rx_intr+0x3c9 wpi_notif_intr(d1b0a000, d0459f0d, e910ff18, d0459db6) at wpi_notif_intr+0xee wpi_intr(d1b0a000) at wpi_intr+0xca Xintr_ioapic4() at Xintr_ioapic4+0x74 --interrupt- apm_cpu_idle(0,0,0,0,0) at apm_cpu_idle+0x4a ddb{0}> ps COMMAND only: wget, ksh, dhclient, update, inted, cron, getty, sendmail, syslogd, crypto, aiodoned, reaper, usbtask, usb[0-4], cardslot0, cleaner, wskbd_hotkey, pfpurge, pagedaemon, kmthread, init, swapper I only use wget in console, without any X-window application running. sendmail/cron/syslogd are system services which bringed up by rc.conf.