Re: bsdstats.org WOW
Miod Vallat wrote: For historical reference, info taken from bsdstats.org: [...] What is the point discussing completely bogus so-called statistics? At best, I would suggest that some are proud to be OpenBSD users. At worst, I would say that being an OpenBSD user gives some people an excuse to ego stroke. Call it ego masturbation, if you will. Stats like this are the porn they use to get off. The reality is probably somewhere in the middle, but it is no different than cheering for a sports team. Whether or not the stats are accurate, some people seem to feel a need to cheer on the work of others in an attempt to claim a piece of the fame for themselves. I really seem to be on a roll this month. I'm sure I'll insult at least a couple dozen people with these comments. :) Breeno
backup script w/ encryption
a while back i mentioned that i had modded some existing backup scripts to make
one that supports encryption of dumps using gpg. i would appreciate any
suggestions on how to make the script better and hope that others find it to be
useful. i'm using it to do backups for a couple groups of machines for ~2 months
and it's been working fine.
change the variables at the top of the script to match your setup.
here it is:
#!/bin/ksh
# original scripts by Nicholas Marriott and Todd Fries
# further modifications by Jacob Yocom-Piatt
# NOTES
#
# - this script is for making incremental backups of host machines on
# a network to a single backup host; this script runs on the backup
# host
#
# - put this script in /etc and add a line calling the script
# to /etc/daily.local like so:
# ./backup.ksh host1.example.com host2.example.com ...
#
# - encryption of dumps via gnupg is optional
#
# - uses gzip compression to keep processor load low on the backup
# host; replace with other compression algos if you like
#
# - works fine for a SOHO setup and may not scale well for large numbers of
# hosts, YMMV
#
# - known to work for backing up both openbsd and netbsd hosts; untested
# for other *nix OSes, but will likely work
#
# - change the variables to suit your particular setup and make sure to
# READ THE SCRIPT
# email for backup admin's gpg key; use empty string for no encryption
ADMIN='[EMAIL PROTECTED]'
# home directory for gpg keyring; needed since /var/log is assumed
HOMEDIR='/root/.gnupg'
# path to backup destination on backup server
ROOT=/home/dump
# user for making dumps on remote hosts; this user should be a member of group
# operator
OP_USER=backup
# percentage full for ROOT that elicits a warning
WARN_PERC=95
# directories and mountpoints that you want to dump by default;
# add additional non-standard mountpoints to dump to the file
# 'list' in the backup directory for a given host
SOURCES='/ /var /usr /home'
# dump sequence. FULL is 0, RESET is 1, and PATTERN is followed between RESETs
FULL=20
RESET=10
# modified Tower of Hanoi algorithm
set -A PATTERN 3 2 5 4 7 6 9 8 9 9
# hostname
HN=$(hostname)
THISHOST=${hn%%.*}
# get the previous day
if [ -f $ROOT/day ]; then
DAY=$( $ROOT/day)
else
DAY=0
fi
if [ $(($DAY % $FULL)) -eq 0 ]; then
LEVEL=0
DAY=0
elif [ $(($DAY % $RESET)) -eq 0 ]; then
LEVEL=1
else
LEVEL=${PATTERN[$(((DAY % $RESET) - 1))]}
fi
# check free space
USED=`df $ROOT|awk '/^\// { print substr($5, 0, length($5) - 1) }'`
if [ $USED -gt $WARN_PERC ]; then
echo ---
echo LOW ON AVAILABLE DISK SPACE
echo ---
df -h $ROOT
exit
fi
echo Starting $0..
# calls dossh and accepts piped commands
dormt() {
dossh -2 -c blowfish-cbc,aes256-ctr,aes256-cbc $1 sh | gzip -d
return $?
}
# executes ssh plus options passed by dormt
dossh() {
err=255
while [ $err -ne 0 ]
do
#echo ssh $@ /dev/tty
ssh $@
err=$?
done
return $err
}
[ $1 ] || {
echo No host specified on cmdline, please specify at least one
exit 1
}
# loop through hosts listed as arguments to script
while [ $1 ]
do
HOST=$1
# if we can't reach it, dont try and print notification
if ! ping -c 3 $HOST /dev/null 21 ; then
if ! ping6 -c 3 $HOST; then
print cannot reach $HOST, giving up
shift
continue
fi
fi
shift
# create the list of filesystems to dump if it doesn't exist
[ -f $ROOT/$HOST/list ] || {
mkdir -p $ROOT/$HOST
# default FSes to backup in SOURCES, put each FS on a line
echo $SOURCES | awk '{
i=1
while ( $i != ) {
print $(i++)
}
}' $ROOT/$HOST/list
}
# read lines from list and perform dumps
while read line
do
FN=${HOST}$(echo $line | sed 's/\//_/g')-${LEVEL}.dmp.gz
echo $FN
case $HOST in
$THISHOST)
dump -${LEVEL}au -f - $line
ret=$?
;;
*)
echo /sbin/dump -${LEVEL}au -f - $line|gzip -1|dormt
[EMAIL PROTECTED]
ret=$?
;;
esac | gzip -9 $ROOT/$HOST/.$FN
echo return is: $ret
mv $ROOT/$HOST/.$FN $ROOT/$HOST/$FN
# encrypt each dump and remove the original
if [ -n $ADMIN ]; then
echo encrypting $FN
if [ -f $ROOT/$HOST/$FN.gpg ]; then
Re: pf / pkg_add broken in latest snapshot?
Just want to give a little update. I used the new (to this time) snapshot from the second level mirror Erlangen and it still doesn't work... same error as before. # pfctl -f /etc/pf.conf No ALTQ support in kernel ALTQ related functions disabled pfctl: DIOCADDRULE: Operation not supported by device Really need help here to get it working again. OpenBSD 4.0-current (GENERIC) #1159: Tue Oct 17 18:24:33 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz (GenuineIntel 686-class) 2.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16 real mem = 1073053696 (1047904K) avail mem = 970838016 (948084K) using 4256 buffers containing 53776384 bytes (52516K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 03/24/06, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xfa3d0 (48 entries) bios0: Dell Computer Corporation PowerEdge 850 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb840/176 (9 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801GB LPC rev 0x00) pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x3c00 0xcf000/0x600 0xec000/0x4000! ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0x00 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 3 ppb3 at pci3 dev 2 function 0 vendor Hint, unknown product 0x0022 rev 0x04 pci4 at ppb3 bus 4 vga1 at pci4 dev 2 function 0 ATI Radeon VE QY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vendor Dell, unknown product 0x0010 (class undefined unknown subclass 0x00, rev 0x00) at pci4 dev 4 function 0 not configured Dell DRAC 4 Virtual UART rev 0x00 at pci4 dev 4 function 1 not configured Dell DRAC 4 SMIC rev 0x00 at pci4 dev 4 function 2 not configured pciide0 at pci4 dev 7 function 0 CMD Technology PCI0680 rev 0x02 pciide0: bus-master DMA support present pciide0: channel 0 wired to native-PCI mode pciide0: using irq 10 for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets sd0 at scsibus0 targ 0 lun 0: DELL, VSF, 0123 SCSI0 0/direct removable sd0: drive offline atapiscsi1 at pciide0 channel 0 drive 1 scsibus1 at atapiscsi1: 2 targets cd0 at scsibus1 targ 0 lun 0: DELL, VCD, 0133 SCSI0 5/cdrom removable sd0(pciide0:0:0): using PIO mode 3 cd0(pciide0:0:1): using PIO mode 3 pciide0: channel 1 wired to native-PCI mode ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci5 at ppb4 bus 5 bge0 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 10, address 00:15:c5:60:88:06 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb5 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci6 at ppb5 bus 6 bge1 at pci6 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 5, address 00:15:c5:60:88:07 brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: irq 6 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: irq 11 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci7 at ppb6 bus 7 ichpcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01: PM disabled pciide1 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi2 at pciide1 channel 0 drive 0 scsibus2 at atapiscsi2: 2 targets cd1 at scsibus2 targ 0 lun 0: TEAC, CD-ROM CD-224E-N, 3.AB SCSI0 5/cdrom removable cd1(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide1: channel 1 ignored (disabled) pciide2 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide2: using irq 11 for native-PCI interrupt wd0 at pciide2 channel 0
libevent in OpenBSD/i386 3.9-release
Hi misc,
I'm currently playing with libevent and there is something that I
don't understand. I've made a small echo server using bufferevent_read
and bufferevent_write. Here's the read_handler :
96 void
97 client_read(struct bufferevent *bufev, void *arg)
98 {
99 char buf[BUFLEN];
100 int n, p;
101 n = bufferevent_read(bufev, buf, BUFLEN);
102 p = bufferevent_write(bufev, buf, n);
103
104 logmsg(LOG_DEBUG, client read %d bytes (%d write), n, p);
105 }
While this code works (echo some text), bufferevent_write() always return 0 !
This is confusing, because man event(3) says :
The bufferevent_write() function can be used to write data to the file
descriptor. The data is appended to the output buffer and written to the
descriptor automatically as it becomes available for writing. The
bufferevent_read() function is used to read data from the input buffer.
- Both functions return the amount of data written or read.
Is my code broken or man page not accurate ?
Best regards,
Bruno.
Asia BSD Con '07 Call For Papers
http://www.asiabsdcon.org AsiaBSDCon is a conference for users and developers on BSD based systems. The next conference will be held in Tokyo, in March of 2007. The conference is for anyone developing, deploying and using systems based on FreeBSD, NetBSD, OpenBSD, DragonFlyBSD, Darwin and MacOS X. AsiaBSDCon is a technical conference and aims to collect the best technical papers and presentations available to ensure that the latest developments in our open source community are shared with the widest possible audience. We are interested in all technical areas which relate to the BSDs, including User Applications, Novel Interfaces, Networking, Embedded Systems, Security, Device Support and systems both inside and outside of the kernel. -- FreeBSD Volunteer, http://people.freebsd.org/~jkoshy
Re: OpenBSD dedicated hosting
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gilles Chehade Sent: Thursday, October 19, 2006 12:02 AM To: [EMAIL PROTECTED] Cc: misc@openbsd.org Subject: Re: OpenBSD dedicated hosting [...] I have then tried LayeredTech as suggested by someone on the list and I am very happy with it. The only negative point so far was that they advertised OpenBSD 3.x, and it turned out x really meant 5. I spent about an hour upgrading from OpenBSD 3.5 up to 3.9-stable. Ok I confess, I actually found that fun since I never did in-place upgrades ;) I'm running a box with LayeredTech too I also got and old version, but first thing I ordered a KVM/IP extender (30$ for 24h, but I had it much longer than that), sent their staff cdrom39.iso to burn and insert into the drive and did a clean fresh install of 3.9. Only problem I had was that on the hardware I have with them RAID_AUTOCONFIG hangs during boot. I tried to get my hands on identical hardware to test and debug but on mine it didn't hang. There is a patch floating around this list that most likely fixes that (no need for RAID_AUTOCONFIG to probe cd drives for RAID components, right?) but I can't test it now as the box is in heavy production. Any San Antonio Spurs' fans out there, you will know the place. :) ++ Gilles Mitja
Re: backup script w/ encryption
On Thu, Oct 19, 2006 at 01:12:59AM -0500, Jacob Yocom-Piatt wrote: # encrypt each dump and remove the original if [ -n $ADMIN ]; then echo encrypting $FN if [ -f $ROOT/$HOST/$FN.gpg ]; then rm -P $ROOT/$HOST/$FN.gpg fi gpg --homedir $HOMEDIR -e -r $ADMIN $ROOT/$HOST/$FN PMI but you seem to be doing asymmetric crypto here. I know it is not a big factor here but wouldn't you be better off using some symmetric cipher like AES? Just a thought. Of course key distribution is a problem but then for backups it shouldn't be an issue. Best, Girish
Re: df reports negative available space on large filesystem
On Wed, 18 Oct 2006, Derick Siddoway wrote: This is what I see: [EMAIL PROTECTED]:~$ df Filesystem512-blocks Used Avail Capacity Mounted on /dev/wd0a 74826724 27903788 4318160039%/ se-nas01:/fs04/prodstfs01 4181818080 1654186208 -176733542440%/data [EMAIL PROTECTED]:~$ df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/wd0a 35.7G 13.3G 20.6G39%/ se-nas01:/fs04/prodstfs011.9T789G -843G40%/data [EMAIL PROTECTED]:~$ The archives show that this was reported (at least) once before, but was fixed in 3.7. Maybe I missed a memo. iirc, that fix was for local filesystems. nfs filesystems is something different See http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5169 Fixing this one if quite inolved. -Otto dmesg follows: OpenBSD 3.9 (GENERIC.MP) #598: Thu Mar 2 02:37:06 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID real mem = 1071689728 (1046572K) avail mem = 971124736 (948364K) using 4278 buffers containing 53686272 bytes (52428K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 01/21/05, BIOS32 rev. 0 @ 0xffe90 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfeae0/160 (8 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xa800 0xca800/0x1800! 0xcc000/0xe800 0xda800/0x1800 mainbus0: Intel MP Specification (Version 1.4) (DELL Opti 170L ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199 MHz mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apic 2 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82865G/PE/P CPU-I/0-1 rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02: aperture at 0xe800, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic 2 int 16 (irq 11) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic 2 int 19 (irq 10) usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: apic 2 int 16 (irq 11) usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: apic 2 int 23 (irq 9) usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 8 ports with 8 removable, self powered ppb0 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci1 at ppb0 bus 1 fxp0 at pci1 dev 8 function 0 Intel PRO/100 VE rev 0x02, i82562: apic 2 int 20 (irq 10), address 00:16:76:13:ef:d6 inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0 ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD400BB-75JHC0 wd0: 16-sector PIO, LBA, 38146MB, 78125000 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CD-ROM TS-H192C, DE00 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 2 int 18 (irq 5) for native-PCI interrupt ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: apic 2 int 17 (irq 3) iic0 at ichiic0 unknown at iic0 addr 0x18 not configured auich0 at pci0 dev 31 function 5 Intel 82801EB/ER AC97 rev 0x02: apic 2 int 17 (irq 3), ICH5 AC97 ac97: codec id 0x41445370 (Analog Devices AD1980) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 isa0
Re: pf / pkg_add broken in latest snapshot? [fixed]
When looking at the snapshot tgz files on the second level mirror in Erlangen and compared the dates to those from ftp.openbsd.org I also noticed that the files base40.tgz and comp40.tgz have a slightly different size and md5sum. So I downloaded the files from ftp.openbsd.org and updated the system and now PF works again. Is there maybe something broken with the mirroring? Dmesg date from mirror: OpenBSD 4.0-current (GENERIC) #1162: Wed Oct 18 18:25:41 MDT 2006 Dmesg date from master: OpenBSD 4.0-current (GENERIC) #1159: Tue Oct 17 18:24:33 MDT 2006 New master dmesg: OpenBSD 4.0-current (GENERIC) #1162: Wed Oct 18 18:25:41 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz (GenuineIntel 686-class) 2.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16 real mem = 1073053696 (1047904K) avail mem = 970838016 (948084K) using 4256 buffers containing 53776384 bytes (52516K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 03/24/06, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xfa3d0 (48 entries) bios0: Dell Computer Corporation PowerEdge 850 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb840/176 (9 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801GB LPC rev 0x00) pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x3c00 0xcf000/0x600 0xec000/0x4000! ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0x00 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 3 ppb3 at pci3 dev 2 function 0 vendor Hint, unknown product 0x0022 rev 0x04 pci4 at ppb3 bus 4 vga1 at pci4 dev 2 function 0 ATI Radeon VE QY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vendor Dell, unknown product 0x0010 (class undefined unknown subclass 0x00, rev 0x00) at pci4 dev 4 function 0 not configured Dell DRAC 4 Virtual UART rev 0x00 at pci4 dev 4 function 1 not configured Dell DRAC 4 SMIC rev 0x00 at pci4 dev 4 function 2 not configured pciide0 at pci4 dev 7 function 0 CMD Technology PCI0680 rev 0x02 pciide0: bus-master DMA support present pciide0: channel 0 wired to native-PCI mode pciide0: using irq 10 for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets sd0 at scsibus0 targ 0 lun 0: DELL, VSF, 0123 SCSI0 0/direct removable sd0: drive offline atapiscsi1 at pciide0 channel 0 drive 1 scsibus1 at atapiscsi1: 2 targets cd0 at scsibus1 targ 0 lun 0: DELL, VCD, 0133 SCSI0 5/cdrom removable sd0(pciide0:0:0): using PIO mode 3 cd0(pciide0:0:1): using PIO mode 3 pciide0: channel 1 wired to native-PCI mode ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci5 at ppb4 bus 5 bge0 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 10, address 00:15:c5:60:88:06 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb5 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci6 at ppb5 bus 6 bge1 at pci6 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 5, address 00:15:c5:60:88:07 brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: irq 6 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: irq 11 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci7 at ppb6 bus 7 ichpcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01: PM disabled pciide1 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi2 at pciide1 channel 0 drive 0 scsibus2 at atapiscsi2: 2 targets cd1 at scsibus2 targ 0 lun 0: TEAC, CD-ROM CD-224E-N, 3.AB SCSI0 5/cdrom removable cd1(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide1: channel 1 ignored (disabled)
Re: Fast Xorg Performance
On 2006/10/19 10:03, Girish Venkatachalam wrote: dillo is fast but useless. You can get the same thing with any of the console browsers like w3m,lynx,elinks etc... anyone who hasn't tried w3m might have a surprise if they run w3m-*-image in an xterm.
Re: ACPI support, donate via payapl here
I saw the original plea and filed it away without thinking. Darrin's reminder got me to send in 10CAD. It's not much, it's not even in euros, but it helps. And now I am trying to propagandize some more, so come on, chip in! -Nick Hello, I'll donated too. Come on guys don't let this thread die until the guys have their thinkpad. ACPI support in openbsd is a must have, it will benefit to anyone!!! Show your love to openbsd and please donate money to them via paypal !!! Kind regards Didier
Re: nokia IP120 problem
On Wed, Oct 18, 2006 at 11:29:11PM +0100, Stuart Henderson wrote: On 2006/10/19 00:57, Denis Doroshenko wrote: i saw, the mails recently WRT software reboot, but that's the least problem with mine. the poor beast locks solid after random period of time (that's why it came to me). have thrown that bloody early-fbsd-hacked-into-ipso and put the latest snapshots. well it locks still, even at the boot prompt! ethernet leds go off and the box rests enlessly. sounds like hardware. maybe worth trying another psu. Seconded. Seen the same behavior with two hardware platforms that had a poor PSU. Not Nokias, though. ciao, chakl
Re: Fast Xorg Performance
On Thu, Oct 19, 2006 at 10:03:37AM +0530, Girish Venkatachalam wrote: On Wed, Oct 18, 2006 at 08:42:45PM +0200, Joachim Schipper wrote: I'm not sure about KDE, but rxvt loads pretty fast (10ms?) on ion. And this is not exactly new hardware (neomagic driver, Thinkpad 390X). aterm takes .5 seconds due to the transparent background, and dillo takes about 1 second before it begins displaying my home page. It's more in the applications than in Xorg, usually. Joachim No need to be not sure about KDE. KDE is bloatware and everyone knows that. Something like the bash shell. That's true, but once everything is loaded and the system has been running long enough to figure out what belongs in swap and what belongs in memory, simple stuff shouldn't take too long. Simple stuff like opening an xterm. bash may be bloatware, but it should still open rather fast on a more-or-less modern machine. dillo is fast but useless. You can get the same thing with any of the console browsers like w3m,lynx,elinks etc... I am especially fond of w3m, and yes, I am aware that it does graphics too. I do use dillo every now and then, but are beginning to lean more and more towards just using w3m. Joachim
Re: nokia IP120 problem
I've had some experience with the IP120. They're all bad. The IP330 however, had no problems at all. In my opinion, the IP120 has bad hardware. Nokia replaced our IP120's with other IP120's. That didn't solve anything. It kept locking up randomly. I don't know how their IP130 are, but the 120's sucked big time. Checkpoint rocks however. Nils -Original Message- From: Denis Doroshenko [mailto:[EMAIL PROTECTED] Sent: woensdag 18 oktober 2006 23:58 To: misc@openbsd.org Subject: nokia IP120 problem hello guys, have seen a few mails recently on the least about these routers. i have got my hands on one (sticker at the bottom says it is IP110, sticker at the top says it is IP120). i saw, the mails recently WRT software reboot, but that's the least problem with mine. the poor beast locks solid after random period of time (that's why it came to me). have thrown that bloody early-fbsd-hacked-into-ipso and put the latest snapshots. well it locks still, even at the boot prompt! ethernet leds go off and the box rests enlessly. no documentation is available and i didn't find much via googling either. may be somebody can help me with information for these? there is some kind of BIOS there, is it accessible via console or otherwise? is there any other settings (switches etc.) that can be causing the locking, may be it can be debugged somehow? thanks in any case...
Re: /stand still useful?
2006/10/19, Nick Guenther [EMAIL PROTECTED]: So getting back on topic, what is /stand for then? It's a tricky thing to google for, but the hints I've seen make it sound as just a secondary /bin. Is that about right? That's what the man page suggests. But when is it actually used? A typical installation just leaves it empty. Best Martin PS: How do you google for it?
Re: blobs are bad
2006/10/18, ICMan [EMAIL PROTECTED]: I have read this thread, and I don't get it. Doesn't it benefit card companies to have open source communities making their drivers better? One theory is that the cards are so full of patent violations that opening up the docs would lead to a lot of court orders. And since this applies to all manufactures, the first one to open up looses. Best Martin
Re: bsdstats.org WOW
On Thu, Oct 19, 2006 at 12:04:45AM -0600, Breen Ouellette wrote: Miod Vallat wrote: For historical reference, info taken from bsdstats.org: [...] What is the point discussing completely bogus so-called statistics? At best, I would suggest that some are proud to be OpenBSD users. At worst, I would say that being an OpenBSD user gives some people an excuse to ego stroke. Call it ego masturbation, if you will. Stats like this are the porn they use to get off. The reality is probably somewhere in the middle, but it is no different than cheering for a sports team. Whether or not the stats are accurate, some people seem to feel a need to cheer on the work of others in an attempt to claim a piece of the fame for themselves. I really seem to be on a roll this month. I'm sure I'll insult at least a couple dozen people with these comments. :) Breeno This might be true if a goal of OpenBSD was to be the most widely used OS. It's not. Next month FreeBSD might be the most widely used. Using your logic we should be sad. Who cares. OpenBSD is not for everyone and we like it that way.
Re: blobs are bad
2006/10/18, Damian Wiest [EMAIL PROTECTED]: On Wed, Oct 18, 2006 at 01:40:19PM +0200, Martin Schr?der 1280x1024. And ATI is as closed as NVIDIA, but the drivers are even more broken. Do you have more details regarding ATI versus NVIDIA video cards? From I just can report tests from magazines and own experience. NVIDIA integrates well into Linux and just works (and is exploitable). ATI is said to be not so fast in releasing drivers and the integration is worse. And of course they actively hinder reverse-engineering. Best Martin
Re: max filesize split(1)
On Tue, 2006-10-17 at 10:39 -0700, Ted Unangst wrote: On 10/17/06, Otto Moerbeek [EMAIL PROTECTED] wrote: There is no uniform way to ask the max file size of a given file system. ffs filestems do have that info in therir superblock, though, you can see it with dumpfs(8). it hardly matters. if the file is on the filesystem, the filesystem supports files of that size. Isn't it possible, though, to split a file on one filesystem, writing the pieces to another filesystem with a smaller maximum file size? -- Shawn K. Quinn [EMAIL PROTECTED]
Re: blobs are bad
$Docs $Damage $Sales
This is always true. See the following:
while (runAround)
{
$sales = getSales();
if ($docs){
$costToDevelop = false;
}else{
$costToDevelop = true;
}
if ($costToDevelop){
$costToFix = ($costToDevelop * 2);
$p0wned = true;
}
if ($p0wned){
$sales = $sales--;
}
}
Is doing a network restore from bsd.rd at all possible?
Hi, I've been playing with dump(8) recently and have tried two different ways of using it: backing up to a file on a USB drive, and backing up to a remote box by specifying a remote file and using SSH in lieu of RSH. I was also planning to try to write to a file on a remote machine via NFS but I haven't had the time to try this. I was planning to try to boot another computer using 'bsd.rd' on an OpenBSD install CD, skip the install script, label and newfs the appropriate partitions, and see if I could restore that system to a previous state using the dumps. However I noticed that 'ssh' or 'mount_nfs' do not seem to be available on 'bsd.rd'. So my question is this: is doing a remote network restore using 'bsd.rd' at all possible (or even suggested/recommended) or are directly attached devices (IDE/SCSI/USB drives tapes drives) the only supported restore(8) sources with 'bsd.rd'? Note: although I've used ufsdump and ufsrestore about five years ago on a Solaris box with an attached tape drive, I haven't played with backups on UN*X in a long while and I'm not very familiar with it anymore, so forgive me if my question is stupid in any way. Thanks, -Martin -- Suburbia is where the developer bulldozes out the trees, then names the streets after them. --Bill Vaughan
Re: ACPI support, donate via payapl here
I'll donated too. Shit , I need sleep ... I meant: I donated too ;-) Didier
Re: bsdstats.org WOW
On 10/18/2006 at 7:37 PM Sam Fourman Jr. wrote: |Check out OpenBSD :) | |http://www.bsdstats.org/ = OK, I see a table full of numbers, but no explanation of what is being measured or how. Yes, OpenBSD is on the top, but on the top of what?
Re: ACPI support, donate via payapl here
On Thu, Oct 19, 2006 at 11:30:23AM +0200, Didier Wiroth wrote: Hello, I'll donated too. Come on guys don't let this thread die until the guys have their thinkpad. ACPI support in openbsd is a must have, it will benefit to anyone!!! Show your love to openbsd and please donate money to them via paypal !!! Kind regards Didier Over the course of a year or so, I've watched my laptop go from no disks found and lots of not configured items to almost everything fully supported and working great. It's like the devs have been working on *my* private wish list, but they're not. They're also adding support for tons of things I don't have (yet). Considering how much hardware is supported, the devs hardly ever ask for hardware. When they do, they need it. And it pays off to get it to them. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: bsdstats.org WOW
On Thu, Oct 19, 2006 at 08:52:14AM -0400, MikeM wrote: On 10/18/2006 at 7:37 PM Sam Fourman Jr. wrote: |Check out OpenBSD :) | |http://www.bsdstats.org/ = OK, I see a table full of numbers, but no explanation of what is being measured or how. Yes, OpenBSD is on the top, but on the top of what? it's all written there how it works and how one can participate. so why ain't you jerk off on random numbers somewhere else please? cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: ACPI support, donate via payapl here
Darrin Chandler wrote: On Thu, Oct 19, 2006 at 11:30:23AM +0200, Didier Wiroth wrote: Hello, I'll donated too. Come on guys don't let this thread die until the guys have their thinkpad. ACPI support in openbsd is a must have, it will benefit to anyone!!! Show your love to openbsd and please donate money to them via paypal !!! Kind regards Didier Over the course of a year or so, I've watched my laptop go from no disks found and lots of not configured items to almost everything fully supported and working great. It's like the devs have been working on *my* private wish list, but they're not. They're also adding support for tons of things I don't have (yet). Considering how much hardware is supported, the devs hardly ever ask for hardware. When they do, they need it. And it pays off to get it to them. Actually, don't misunderstand me, it is _NOT_ on my private list. I meant, in general, _a must have_ for openbsd, and every laptop user will benefit from it. My (companies) laptop went from no disks found to almost everything supported too within a few month. -- Didier Wiroth CEDIES route d'Esch, 211 L-1471 Luxembourg Tel: (+352) 478-8669 Fax: (+352) 478-9-8669 Web: http://www.cedies.public.lu GPG Key ID: 9A8B2ACA GPG Fingerprint: 6FF8 4362 F880 F7A8 A708 9F0D 3DD2 0502 9A8B 2ACA
update automaticly
i have script for update automaticly here: # cat /root/update_part1.sh #!/bin/csh cd /usr/src setenv CVS_CLIENT_PORT -1 setenv CVSROOT [EMAIL PROTECTED]:/cvs cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd date /root/update_part1.log when i try run that script get error such like this : # sh /root/update_part1.sh /root/update_part1.sh[3]: setenv: not found /root/update_part1.sh[4]: setenv: not found cvs update: CVSROOT -q must be an absolute pathname cvs [update aborted]: Bad CVSROOT. please tell me to fix it . -- -sonjaya-
Re: update automaticly
On 2006-10-19T21:28, sonjaya wrote: i have script for update automaticly here: # cat /root/update_part1.sh #!/bin/csh cd /usr/src setenv CVS_CLIENT_PORT -1 setenv CVSROOT [EMAIL PROTECTED]:/cvs cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd date /root/update_part1.log when i try run that script get error such like this : # sh /root/update_part1.sh /root/update_part1.sh[3]: setenv: not found /root/update_part1.sh[4]: setenv: not found cvs update: CVSROOT -q must be an absolute pathname cvs [update aborted]: Bad CVSROOT. please tell me to fix it . fix it ;-) try # /root/update_part1.sh sh don't know setenv hth, Marcus.
Re: update automaticly
On 2006/10/19 21:28, sonjaya wrote: i have script for update automaticly here: #!/bin/csh c-shell for scripting? are you mad? :-) cd /usr/src setenv CVS_CLIENT_PORT -1 setenv CVSROOT [EMAIL PROTECTED]:/cvs cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd date /root/update_part1.log when i try run that script get error such like this : # sh /root/update_part1.sh ...and now you try and run it under Bourne shell. either /root/update_part1.sh or csh /root/update_part1.sh. I don't think I'd run it as root either, tbh.
Re: update automaticly
sonjaya wrote: i have script for update automaticly here: # cat /root/update_part1.sh #!/bin/csh cd /usr/src setenv CVS_CLIENT_PORT -1 setenv CVSROOT [EMAIL PROTECTED]:/cvs cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd date /root/update_part1.log when i try run that script get error such like this : # sh /root/update_part1.sh /root/update_part1.sh[3]: setenv: not found /root/update_part1.sh[4]: setenv: not found cvs update: CVSROOT -q must be an absolute pathname cvs [update aborted]: Bad CVSROOT. please tell me to fix it . You are forcing ksh do execute a csh script. Either you rewrite it to ksh; so using export instead of setenv. Either you execute the script differently. Make it executable and run it without the sh in front Cheers, Dries
Re: update automaticly
On Thu, Oct 19, 2006 at 09:28:23PM +0700, sonjaya wrote: i have script for update automaticly here: # cat /root/update_part1.sh #!/bin/csh cd /usr/src setenv CVS_CLIENT_PORT -1 setenv CVSROOT [EMAIL PROTECTED]:/cvs cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd date /root/update_part1.log when i try run that script get error such like this : # sh /root/update_part1.sh ^^ /root/update_part1.sh[3]: setenv: not found /root/update_part1.sh[4]: setenv: not found cvs update: CVSROOT -q must be an absolute pathname cvs [update aborted]: Bad CVSROOT. please tell me to fix it . You have to choose one shell and stick to it
Re: Is doing a network restore from bsd.rd at all possible?
So my question is this: is doing a remote network restore using 'bsd.rd' at all possible (or even suggested/recommended) or are directly attached devices (IDE/SCSI/USB drives tapes drives) the only supported restore(8) sources with 'bsd.rd'? You can pipe ftp's output to restore.
Re: update automaticly
On Thu, Oct 19, 2006 at 09:28:23PM +0700, sonjaya wrote:
i have script for update automaticly here:
# cat /root/update_part1.sh
#!/bin/csh
cd /usr/src
setenv CVS_CLIENT_PORT -1
setenv CVSROOT [EMAIL PROTECTED]:/cvs
cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd
date /root/update_part1.log
when i try run that script get error such like this :
# sh /root/update_part1.sh
/root/update_part1.sh[3]: setenv: not found
/root/update_part1.sh[4]: setenv: not found
cvs update: CVSROOT -q must be an absolute pathname
cvs [update aborted]: Bad CVSROOT.
sh(1) isn't csh(1) -- if you run `sh your_csh_script.sh`, sh ignores
the interpreter line and tries to run the script itself. sh doesn't
use setenv, which is why you get 'setenv: not found.'
If I were you, I'd write the script in sh. csh has long been
considered harmful, and isn't very much fun to write.
--
o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*
Re: bsdstats.org WOW
On 18/10/06, Constantine A. Murenin [EMAIL PROTECTED] wrote: On 18/10/06, Sam Fourman Jr. [EMAIL PROTECTED] wrote: Check out OpenBSD :) http://www.bsdstats.org/ For historical reference, info taken from bsdstats.org: If you have any questions, comments, or suggestions, please send email to [EMAIL PROTECTED] Operating System Systems This Month Percentage OpenBSD 3,03544.4 % FreeBSD 1,82726.7 % NetBSD 1,65424.2 % GNU/kFreeBSD 128 1.9 % DragonFly BSD 126 1.8 % PC-BSD 57 0.8 % MirBSD 5 0.1 % Total: 6,832 100.0 % Eh, in just about 13 hours after I've taken the previous reading off bsdstats.org, it now reads: Operating System Systems This Month Percentage OpenBSD 3,52048.0 % FreeBSD 1,84525.1 % NetBSD 1,65422.5 % GNU/kFreeBSD 128 1.7 % DragonFly BSD 126 1.7 % PC-BSD 60 0.8 % MirBSD 5 0.1 % Total: 7,338 100.0 % Way to go, guys! :)
Re: OpenBSD dedicated hosting
* Bill Traynor [EMAIL PROTECTED] [2006-10-18 16:25:08 -0400]: Check out Geekisp as well. It's one guy who offers many different OpenBSD options. http://www.geekisp.com I'll second the recomendation for GeekISP. I've been with them for a couple of years now and I have only good things to say. Thomas -- N.J. Thomas [EMAIL PROTECTED] Etiamsi occiderit me, in ipso sperabo
Re: OpenBSD dedicated hosting
On 9/16/06, Gilles Chehade [EMAIL PROTECTED] wrote: Hi misc@, I am looking for companies that provide OpenBSD-powered dedicated hosting. Currently, I am being hosted by a french company which turned out to be as incompetent as can be, and I am willing to switch as soon as possible (preferably before the 25th of September). I have google-d a bit and found out a few companies, but its hard to know in advance which are competent and which will drive me into depression. So I'm turning to you, if you know of companies that do good work, that aren't too expensive and that provide OpenBSD based services, please mail me off-list so I can start digging their offers. Thanks a lot people ;) Gilles, I recommend two dedicated hosting providers. Serverpronto, their tech's are extremely helpful. I requested to conduct my own OpenBSD installation. So they temporarily attached a cdrom, burned the latest boot image (which was 3.8 at the time) to a cd, and gave me 24 hours of access to an ip kvm for the install. Apart from the fact that I inherited a blacklisted ip address, I haven't had any problems in my ten months of service. http://serverpronto.com/ Also highly recommended is M5 Hosting, they have a great team working there, are very OpenBSD friendly, and knowledgeable. I remember exchanging a few emails with Mike (sales at m5hosting dot com) earlier this year when I was looking for a dedicated server solution for a client. They are a little more expensive but well worth it considering their high level of service and hardware. http://www.m5hosting.com/openbsd-dedicated-server.php -Luis
Re: OpenBSD dedicated hosting
Hi Steve My company/Me (Venture 37) offers dedicated OpenBSD hosting Colo aswell. Depending on your needs we can colo/host in a DC Brighton or in Telehouse in London. You can get my details from http://www.openbsd.org/support.html#United You might want to check out Henning Brauer's hosting company aswell. http://www.bsws.de/ Sevan -- The truth, the half-truth, and nothing like the truth. - Mark Brandon Read http://imagine-msn.com/messenger/launch80/?locale=en-gb
ospfd: multi-areas and cost problems
Hi misc@,
We're currently moving some of our routers from linux/quagga to
OpenBSD/OpenOSFPD.
In our topology, we have border routers connected to 2 areas, each
announcing routes from one area into another.
Basically in Quagga/IOS speak this gives (with imaginary networks):
network 10.0.1.0 area 0.0.0.1
network 10.0.2.0 area 0.0.0.1
network 192.168.1.0 area 0.0.0.0
When trying to mimick this behavior with OpenOSPF, we could not achieve
the same behavior with a config file basically like this one:
router-id 10.0.0.1
#redistribute connected
area 0.0.0.0 {
interface lo1 # for annoucing our loopback
interface trunk0 #
}
area 0.0.0.1 {
interface vlan32
}
With this config we can not see the route to the network attached on
vlan32 on the area 0.0.0.0
Adding redistribute connected doesn't help.
4.0 received in Winnipeg, CA
Just received 3 sets here in Winnipeg (only two provinces away) Not early enough for a me first video but... ;) The nice cases are icing on the cake, well done! gg
Re: Is doing a network restore from bsd.rd at all possible?
On 10/19/06, Michal Soltys [EMAIL PROTECTED] wrote: You can pipe ftp's output to restore. Hey man, great idea! I'll try it out. Thanks! -Martin -- Suburbia is where the developer bulldozes out the trees, then names the streets after them. --Bill Vaughan
Re: bsdstats.org WOW
Clint M. Sand wrote: On Thu, Oct 19, 2006 at 12:04:45AM -0600, Breen Ouellette wrote: The reality is probably somewhere in the middle, but it is no different than cheering for a sports team. Whether or not the stats are accurate, some people seem to feel a need to cheer on the work of others in an attempt to claim a piece of the fame for themselves. This might be true if a goal of OpenBSD was to be the most widely used OS. It's not. Next month FreeBSD might be the most widely used. Using your logic we should be sad. Who cares. OpenBSD is not for everyone and we like it that way. I agree 100% with you. Just forwarding my belief on why OTHERs care about these kind of stats. Breeno
Re: /stand still useful?
Martin Schrvder wrote: 2006/10/19, Nick Guenther [EMAIL PROTECTED]: So getting back on topic, what is /stand for then? It's a tricky thing to google for, but the hints I've seen make it sound as just a secondary /bin. Is that about right? That's what the man page suggests. But when is it actually used? A typical installation just leaves it empty. I know that IRIX uses it for static binaries like sash and other programs that can be run for directly from the prom before booting the kernel. Dustin Lundquist
Re: Failover routers with OpenBGPD and independent BGP sessions
X Y wrote :
I'm having a bit of trouble with the finer details of my OpenBGPD
config, and would appreciate some tips on getting it right and advice
on the right way of doing things.
I have two routers, two independent BGP connections, and a block of
provider independent address space. The routers are arranged in a
redundant pair. The public network and some private subnets have
gateway addresses provided with CARP. The two routers use pfsync.
The BGP connections are actually completely independent (I'll be
adding two more in due course for a total of four). They have
different network addresses, cables and route to the rest of the
world. The cables are plugged directly into the routers, and there's
no CARP on those interfaces. Packets will arrive via either of those
routes.
I have got a basic configuration working. This maintains the BGP
sessions, packets go in and out, and the firewalls will fail over as
they should. I use depend on carp0 ... carp3 on the master router
(chosen via advskew) to drop that session if it fails, and demote on
the backup to make sure it doesn't like being master if it doesn't
have a BGP session.
I have been recommended by our ISPs that I should also advertise
routes between the routers, so that if one's BGP session fails, it can
route packets to the other for a cleaner failover. I have not managed
to get this configuration working.
Some configuration information, with the real details removed to
protect the guilty.
AS: 9
PI subnet: A.A.A.0/23
PI gateway: A.A.A.1
Master: A.A.A.2
Backup: A.A.A.3
BGP connection 1: X.X.X.4 - X.X.X.200 on X.X.X.0/24, AS 8
BGP connection 2: Y.Y.Y.4 - Y.Y.Y.200 on Y.Y.Y.0/24, AS 8
(Y.Y.Y !=3D X.X.X)
/etc/bgpd.conf
AS 9
network A.A.A.0/23
neighbor X.X.X.200 {
remote-as 8
local-address X.X.X.4
announce self
tcp md5sig password PASSWORD1
depend on carp1
depend on carp2
depend on carp3
# demote on backup
}
neighbor A.A.A.3 {
remote-as 9
descr backup
local-address A.A.A.2
announce all
tcp md5sig password PASSWORD2
set nexthop A.A.A.3 # A.A.A.2 didn't help
set localpref -10
}
Then...
Stuart Henderson [EMAIL PROTECTED] wrote:
On 2006/10/13 11:24, Ronnie Garcia wrote:
I have been recommended by our ISPs that I should also advertise
routes between the routers, so that if one's BGP session fails, =20
it can
route packets to the other for a cleaner failover. I have not =20
managed
to get this configuration working.
Yes you should, this is called iBGP. All of your BGP routers =20
should have
a iBGP session with all of the others, in a full mesh (unless you are
using a route reflector).
OP has already done that in the config file, the problem is how to
add a route so the other provider's router can be reached. Normally =20=
the
provider's router is listed in the IBGP announcement so unless this is
overwritten in the IBGP announcements (by 'set nexthop) you need to =20=
have
a route to the provider's router (static or OSPF).
I think this is the critical bit of information. I need to add a =20
static route to the other router for the X.X.X/24 or Y.Y=10.Y/24 =20
network. The IBGP session from the other router will give it's =20
neighbour's address, not it's own address which I had expected. I =20
can't override this with nexthop, I just have to make sure there are =20
routes provided via something other than BGP.
A couple of follow-up questions:
1) Will the set localpref -10 on the session with the other router =20
be sufficient to make sure that when the main BGP session is up, =20
that's actually used?
2) When I get to use multiple locations, should I use ospfd rather =20
than BGP to manage which route to take internally to the network?
Thanks for the help,
Ben
Re: max filesize split(1)
On 10/19/06, Shawn K. Quinn [EMAIL PROTECTED] wrote: On Tue, 2006-10-17 at 10:39 -0700, Ted Unangst wrote: On 10/17/06, Otto Moerbeek [EMAIL PROTECTED] wrote: There is no uniform way to ask the max file size of a given file system. ffs filestems do have that info in therir superblock, though, you can see it with dumpfs(8). it hardly matters. if the file is on the filesystem, the filesystem supports files of that size. Isn't it possible, though, to split a file on one filesystem, writing the pieces to another filesystem with a smaller maximum file size? yes, but then it's still irrelevant how big a file the source filesystem supports, which was the original question. it either works or it doesn't. does cp check max file size? does tar? does scp? ftp? firefox? mplayer? vi? split is not that special.
Re: ACPI support, donate via payapl here
On Wed, 18 Oct 2006 23:40:16 +0100 Niall O'Higgins [EMAIL PROTECTED] wrote: If you want to help get marco a Thinkpad, please donate via PayPal to [EMAIL PROTECTED] i feel fortunate that we get so much from this openbsd group. money paypalled. -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's
Re: blobs are bad
2006/10/18, ICMan [EMAIL PROTECTED]: I have read this thread, and I don't get it. Doesn't it benefit card companies to have open source communities making their drivers better? One theory is that the cards are so full of patent violations that opening up the docs would lead to a lot of court orders. And since this applies to all manufactures, the first one to open up looses. People who invent random theories which only defend the vendor must have been beaten as children. Beaten with sticks. At least, that's my theory. You say it is a theory. However not ONE vendor who I have talked to has ever told me such things in defence of their position. They've not even HINTED that this might be part of their reasons. Of course they also have never hinted that it could be their evil step-moms are standing behind them holding sticks.. so we should make up a theory about that, right? Why do some people feel the need to make up utter bullshit defences for the vendors, when there is not one ounce of fact to back it up? Why?
Re: Failover routers with OpenBGPD and independent BGP sessions
On 2006/10/19 17:57, X Y wrote: I can't override this with nexthop are you sure? this should work. you are setting it on the _sending_ machine and not the _receiving_ machine aren't you? looking at `bgpd -nv' may help rtr2$ bgpctl sh ip bgp x.x.0.0 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin I x.x.0/22y.y.187.61 100 0 blah blah blah i rtr1$ sudo vi /etc/bgpd.conf (add 'set nexthop self') rtr1$ bgpctl reload wait for routes to feed across rtr2$ bgpctl sh ip bgp x.x.0.0 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin I x.x.0/22y.y.187.35 100 0 blah blah blah i 1) Will the set localpref -10 on the session with the other router be sufficient to make sure that when the main BGP session is up, that's actually used? yes, localpref overrides everything else (*including* AS path length). http://unduli.bsws.de/papers/linuxforum2006/mgp00016.txt 1. check if prefix is eligible a.k.a reachable 2. localpref, bigger is better 3. aspath length, the shorter the better 4. origin, the lower the better 5. MED decision, only comparable between the same neighboring AS 6. EBGP is cooler than IBGP 7. weight, bigger is better (extension) 8. route age: older is better (extension, off by default) 9. lowest BGP ID wins 10. lowest peer address wins most of it is standard BGP but the extensions aren't, this list should probably be added to bgpd(8) or possibly bgp.conf(5)... (if anyone would like to express a preference as to which manpage I can prepare a diff) 2) When I get to use multiple locations, should I use ospfd rather than BGP to manage which route to take internally to the network? I assume you are talking about using it to tell which route to take from the border to your internal networks (hosted machines and so on)? that's up to you :-)
Re: nokia IP120 problem
Hi Denis, First off an IP120 and OBSD combination is a beauty, there are a couple of gotcha's. The first and recently discussed being the reboot, or lack off. The second being the non standard rom location for the on-board nic's resulting in the fxp driver not being able to read the actual MAC addresses. Both of these are easily worked around and once done the units are 100% solid. The units have a 'traditional' PC BIOS, however you will need a full handshaking null modem cable to access it. A standard null modem will only work for output following the POST. From what you've said it sounds like a hardware problem not a software one. Things to check are the brick power supply, the hard drive and the passive heatsink on the CPU, obvious I know but. They're worth the effort but are never going to be the most powerful device. Regards Simon Denis Doroshenko wrote: hello guys, have seen a few mails recently on the least about these routers. i have got my hands on one (sticker at the bottom says it is IP110, sticker at the top says it is IP120). i saw, the mails recently WRT software reboot, but that's the least problem with mine. the poor beast locks solid after random period of time (that's why it came to me). have thrown that bloody early-fbsd-hacked-into-ipso and put the latest snapshots. well it locks still, even at the boot prompt! ethernet leds go off and the box rests enlessly. no documentation is available and i didn't find much via googling either. may be somebody can help me with information for these? there is some kind of BIOS there, is it accessible via console or otherwise? is there any other settings (switches etc.) that can be causing the locking, may be it can be debugged somehow? thanks in any case...
Re: blobs are bad
Theo de Raadt wrote: Why do some people feel the need to make up utter bullshit defences for the vendors, when there is not one ounce of fact to back it up? Why? I think that might be my fault. When I ASKED earlier this month if it was a possible excuse, it might have been picked up and run with as a theory. I looked at some of the docs that people forwarded to me and it seems unlikely that said documentation could actually make a patent case any stronger. I should have closed off the thread by saying as much. Anyone who read the full thread and followed through to the example docs should have come to the conclusion that it was a bad hypothesis. A hypothesis labeled as a theory only does harm. This hypothesis has been proven incorrect, which makes it even worse to label it a theory. If people accept this 'theory' as credible, and if Intel neither confirms or denies it, then people will accept it as a valid excuse for why Intel doesn't release docs. We shouldn't be making excuses for Intel. Trying to use it as a tool to shame Intel about their bad behaviour will not work. A corporation does not feel anything, let alone shame. So, to bring this topic to rest: the example hardware documentation which was linked in a previous thread DOES NOT INDICATE that such documentation could be used to bring lawsuits against a company. Such documentation as I have seen only shows how to utilize the hardware. It does not disclose how the intellectual property is implemented, which is what would be required to bring a lawsuit. People who say otherwise have failed to do their homework, or they are liars. I regret bringing up this topic in the first place. In the future I will try to be more clear that I am asking a question, not forwarding theories, and I will follow through to the thread conclusion with the results of the question. There are no valid reasons for Intel requiring NDAs for their hardware documentation. Every single theory and excuse has been proven incorrect. Until Intel provides such documentation they deserve only our contempt, and to have our dollars flow to the competition. Breeno
Re: libevent in OpenBSD/i386 3.9-release
On Thu, 19 Oct 2006 10:18:40 +0400 Bruno Carnazzi [EMAIL PROTECTED] wrote: Is my code broken or man page not accurate ? It would appear the manual page is inaccurate. libevent/evbuffer.c: /* * Returns 0 on success; *-1 on failure. */ int bufferevent_write(struct bufferevent *bufev, void *data, size_t size)
PF binary search tree
From: Daniel Hartmeier (danielbenzedrine.cx) Date: Wed Dec 12 2001 - 08:31:08 CST On Wed, Dec 12, 2001 at 03:08:37PM +0100, Nicolas Prochazka wrote: With OpenBSD 2.9 and ipf , our internet connexion was down due to a ip state overflow. (the default IPSTATE_SIZE was near 4000) and we increase to 7069 to solve the problem.) but perharps is not the same issue with openbsd 3 + pf ? pf uses a binary search tree instead of a hash table, which doesn't require pre-defining a maximum size. The tree will just grow until memory allocation fails. With 64MB RAM that typically doesn't happen until you have over 6 state entries. Daniel I have been doing some research and I came across this message from some time ago. Is this still relevant? If so, can anyone tell me if the PF binary search tree is more or less memory efficient than the ipfilter hash table? What is the fallout if PF cannot allocate anymore memory for the binary search tree? Does it drop connections or puke all over? I am trying to convince my current employer to move away from ipfilter and over to PF. Any assistance would be appreciated. Breeno
Re: nokia IP120 problem
I've got three 120's and six 330's all running OBSD not a problem with any of them. In each case I removed checkpoint and moved to OpenBSD. Saved a shed load of money, got better performance, security and features. 'Checkpoint Rocks', only if your selling the damn thing and taking your cut! It may not be much but in each case I have bought a full copy of OpenBSD for each platform, I'm just about to order up another 10 copies of 4.0. Even after all this it's going to cost me way less than a grand. Now compare that to the single High Availability license I just bought for an existing Checkpoint box #5k ! and that didn't include the primary fw license! [EMAIL PROTECTED] wrote: I've had some experience with the IP120. They're all bad. The IP330 however, had no problems at all. In my opinion, the IP120 has bad hardware. Nokia replaced our IP120's with other IP120's. That didn't solve anything. It kept locking up randomly. I don't know how their IP130 are, but the 120's sucked big time. Checkpoint rocks however. Nils -Original Message- From: Denis Doroshenko [mailto:[EMAIL PROTECTED] Sent: woensdag 18 oktober 2006 23:58 To: misc@openbsd.org Subject: nokia IP120 problem hello guys, have seen a few mails recently on the least about these routers. i have got my hands on one (sticker at the bottom says it is IP110, sticker at the top says it is IP120). i saw, the mails recently WRT software reboot, but that's the least problem with mine. the poor beast locks solid after random period of time (that's why it came to me). have thrown that bloody early-fbsd-hacked-into-ipso and put the latest snapshots. well it locks still, even at the boot prompt! ethernet leds go off and the box rests enlessly. no documentation is available and i didn't find much via googling either. may be somebody can help me with information for these? there is some kind of BIOS there, is it accessible via console or otherwise? is there any other settings (switches etc.) that can be causing the locking, may be it can be debugged somehow? thanks in any case...
Re: Is doing a network restore from bsd.rd at all possible?
My typical way to do his is find my latest dump(s) on tape
or elsewhere - chuck them on an nfs server accesible to the machine
to be restored, boot from bsd.rd, mount the nfs location with the
dump files and proceed.
-Bob
* Michal Soltys [EMAIL PROTECTED] [2006-10-19 09:19]:
So my question is this: is doing a remote network restore using
'bsd.rd' at all possible (or even suggested/recommended) or are
directly attached devices (IDE/SCSI/USB drives tapes drives) the
only supported restore(8) sources with 'bsd.rd'?
You can pipe ftp's output to restore.
--
#!/usr/bin/perl
if ((not 0 not 1) != (! 0 ! 1)) {
print Larry and Tom must smoke some really primo stuff...\n;
}
Re: Is doing a network restore from bsd.rd at all possible?
On 10/19/06, Bob Beck [EMAIL PROTECTED] wrote: My typical way to do his is find my latest dump(s) on tape or elsewhere - chuck them on an nfs server accesible to the machine to be restored, boot from bsd.rd, mount the nfs location with the dump files and proceed. That's why I'd *like* to do, but I don't have 'mount_nfs' on my bsd.rd. I'm guessing you are using a non-i386 bsd.rd, right? The FAQ at http://www.openbsd.org/faq/faq4.html#InstMedia mentions that the OpenBSD/i386 platform does not support NFS installs, so I guess a i386 cd40.iso image will not ne NFS-capable, and therefore NFS is not an option for me. Makes sense, right? At least, as Michal suggested I could use FTP. -Martin -- Suburbia is where the developer bulldozes out the trees, then names the streets after them. --Bill Vaughan
my harddrive or latest snapshots problem?
Hello, I've installed the latest snapshots from the 18.10.2006. I updated my rather old sources via cvs and had lots of the following output: bdwrite: force async write on the buffer 0xd8003f20 bdwrite: force async write on the buffer 0xd8003f20 bdwrite: force async write on the buffer 0xd801f0a4 bdwrite: force async write on the buffer 0xd801f218 bdwrite: force async write on the buffer 0xd8003f20 bdwrite: force async write on the buffer 0xd8003f20 bdwrite: force async write on the buffer 0xd8003f20 bdwrite: force async write on the buffer 0xd7ff9804 Does that mean I may have a hd problem and should care about a new one ? or May this problem be related to the latest snapshot? Thank you Didier
Re: my harddrive or latest snapshots problem?
On Thu, Oct 19, 2006 at 08:08:02PM +, Didier Wiroth wrote: bdwrite: force async write on the buffer 0xd8003f20 That's just a diff's debug message. Nothing to be concerned about. -p.
Re: my harddrive or latest snapshots problem?
Didier Wiroth wrote: I updated my rather old sources via cvs and had lots of the following output: bdwrite: force async write on the buffer 0xd8003f20 http://marc.theaimsgroup.com/?l=openbsd-miscs=bdwrite
Re: my harddrive or latest snapshots problem?
http://marc.theaimsgroup.com/?l=openbsd-miscm=116079153502388w=2 On 10/19/06, Didier Wiroth [EMAIL PROTECTED] wrote: Hello, I've installed the latest snapshots from the 18.10.2006. I updated my rather old sources via cvs and had lots of the following output: bdwrite: force async write on the buffer 0xd8003f20 bdwrite: force async write on the buffer 0xd8003f20 bdwrite: force async write on the buffer 0xd801f0a4 bdwrite: force async write on the buffer 0xd801f218 bdwrite: force async write on the buffer 0xd8003f20 bdwrite: force async write on the buffer 0xd8003f20 bdwrite: force async write on the buffer 0xd8003f20 bdwrite: force async write on the buffer 0xd7ff9804 Does that mean I may have a hd problem and should care about a new one ? or May this problem be related to the latest snapshot? Thank you Didier
Re: VPN interoperability problem with Symantec Enterprise Firewall [solved]
Found a solution of sort - downgrade the phase 2 transform from AES to 3DES. Even if offically SEF 7.0.4 supports AES for phase 2 and it accepts it during IKE negotiation, the tunnel fails immediately with a misleading error message on SEF. Given the age of Symantec Enterprise Firewall 7.0.4 (released in 2001? ) and the standardisation year of AES (2002) I think the SEF AES algorhytm is simply broken. Beware. HJ, thanks for help! Regards, Mitja -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hans-Joerg Hoexer Sent: Wednesday, October 18, 2006 12:11 PM To: Mitja Mu?eni? Cc: misc@openbsd.org Subject: Re: VPN interoperability problem with Symantec Enterprise Firewall Hi, could you please provide a pcap of such an exchange? Thanks, HJ. On Wed, Oct 18, 2006 at 11:57:53AM +0200, Mitja Mu?eni? wrote: Just a quick question if anybody has had the same problem, or contrary, if anybody has a success story with SEF. I'm trying to establish an IPsec tunnel between OpenBSD 3.9 and Symantec Enterprise Firewall 7.0.4 (NT/2k) which is not under my control. The negotiation goes through normally, but immediately afterwards the remote end sends a DELETE notification. The tunnel is still up on OpenBSD's end, but no traffic ever reaches the destination. The remote end (Symantec) spits out (obfuscated to protect the innocent): VPN packet dropped (213.aaa.bbb.ccc-217.ddd.eee.fff: Protocol=IPSEC-ESP spi=0xa0723686): Received IPCOMP packet on a tunnel that was not configured for compression (tunnel [EMAIL PROTECTED] VPN_tunnel_*) This error message is funny because as far as I know, OpenBSD does not support IPCOMP in automatic IKE through isakmpd. Any idea why Symantec would believe that we are sending it IPCOMP traffic? I even checked that net.inet.ipcomp.enable=0 - not that I know if it's applicable to IPsec at all. I suspect this is a bug in SEF, but can't find anything on google or mailing list archives. Nothing special in my isakmpd.conf, I have multiple tunnels working to other vendors' VPN peers. Regards, Mitja
Re: update automaticly
sonjaya wrote: i have script for update automaticly here: # cat /root/update_part1.sh #!/bin/csh cd /usr/src setenv CVS_CLIENT_PORT -1 setenv CVSROOT [EMAIL PROTECTED]:/cvs cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd date /root/update_part1.log when i try run that script get error such like this : # sh /root/update_part1.sh # csh /root/update_part1.sh
Re: How open is Intel?
On Thu, Oct 19, 2006 at 11:14:20AM +1000, Jonathan Gray wrote: [snip] For the longest time it was quite hard to get documentation out of the networking side of Intel, but it recent years they publish reasonably detailed manuals for 10/100 (fxp) and 10/100/1000 (em) controllers and some PHYs. I have not been able to find any 10GbE (ixgb) manuals and suspect they don't publish them. Anything at all to do with wireless there is no documentation from Intel at all also. fxp http://www.intel.com/design/network/manuals/8255x_opensdm.htm em http://www.intel.com/design/network/manuals/8254x_GBe_SDM.htm Funny you should mention this as I just grabbed some docs for the 82563EB (Intel Pro/1000). Device driver writing is an area I haven't yet explored, but the datasheet for the Pro/1000 looks pretty detailed and includes block diagrams, pin descriptions, signalling, timing specs, etc. Is this sort of document sufficient for device driver writers? I apologize if this is a stupid question, but I really would like to learn more about writing device drivers. -Damian
Re: /stand still useful?
2006/10/19, Dustin Lundquist [EMAIL PROTECTED]: I know that IRIX uses it for static binaries like sash and other programs that can be run for directly from the prom before booting the kernel. But this is OpenBSD, not IRIX. Best Martin
Re: blobs are bad
On Thu, Oct 19, 2006 at 11:34:49AM -0600, Theo de Raadt wrote: 2006/10/18, ICMan [EMAIL PROTECTED]: I have read this thread, and I don't get it. Doesn't it benefit card companies to have open source communities making their drivers better? One theory is that the cards are so full of patent violations that opening up the docs would lead to a lot of court orders. And since this applies to all manufactures, the first one to open up looses. People who invent random theories which only defend the vendor must have been beaten as children. Beaten with sticks. At least, that's my theory. You say it is a theory. However not ONE vendor who I have talked to has ever told me such things in defence of their position. They've not even HINTED that this might be part of their reasons. Of course they also have never hinted that it could be their evil step-moms are standing behind them holding sticks.. so we should make up a theory about that, right? Why do some people feel the need to make up utter bullshit defences for the vendors, when there is not one ounce of fact to back it up? Why? I think anyone who cares about this at all has tried to figure out why vendors take the attitude they do. I have, though I haven't posted much about it. Since you and those you work with on this project have dealt with many different vendors, do you find some common reasons they give? Or when you back them into a logical corner, is there some last refuge they resort to? I'm sure you can guess why I'm asking. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
nmea Warning
-- Jon
Re: setting up NIS
On 2006/10/19 at 12:50:47AM -0200, Gustavo Rios wrote: Dear list members, i am setting a personal NIS server. At the momment; the output for the command line is the following: # ypinit -m mojave Server Type: MASTER Domain: mojave [ ... ] At this point, we have to construct a list of this domain's YP servers. etosha is already known as master server. Please continue to add any slave servers, one per line. When you are done with the list, type a control D. master server : etosha next host to add: ^D The current list of NIS servers looks like this: etosha So -- you added no slave servers. [ ... ] etosha has been setup as an YP master server without any errors. # make === mojave updated netid yppush: could not get ypservers map pushed netid # Ok, why the yppush: could not get ypservers map error message is being echoed ? O.K. I'm not quite sure why the specific *wording* of the error message, but I don't see a need to run make here, which pushes updated maps to slave servers. Since you don't have any slave servers, why push? It may be that the ypservers map in this implementation strips off the master server automatically prior to trying to push -- and finding nothing left, it gives the above error message. The real question is whether it does what you want otherwise? Does it serve maps as it should? You could try ypcat -k ypservers to see what it put in that map. Maybe you should have not used the quit on any errors option. I normally don't use it. Granted, I've been running NIS servers only on Suns running SunOs and later Solaris -- not on OpenBSD, so there may be something different there -- but it should not be *too* different. I like the ypinit -u addition, which I see documented in OpenBSD 3.9. Hmm ... all the way back to 3.4 at least. That is nice -- because it is a pain to add more slave servers, or to remove them, from a running instance of yp under Solaris or SunOs. Enjoy, DoN. -- Email: [EMAIL PROTECTED] | Voice (all times): (703) 938-4564 (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html --- Black Holes are where God is dividing by zero ---
nmea Warning
(Feeling rather stupid after the blank email, apologies) I grabbed an older GPS from that Microsoft Streets and Trips software and plugged it into my laptop to try the nmea sensor stuff. The sticker says it's a GPS-360, mfg by Pharos USA with a SiRF chipset. There looks to be a small bug in the dmesg display (it runs into my USB headset): uplcom0 at uhub0 port 1 uplcom0: Prolific Technology Inc. USB-Serial Controller, rev 1.10/3.00, addr 2 uaudio0 at uhub1 port 2 configuration 1 interface 0ucom0 at uplcom0 : Logitech Logitech USB Headset, rev 1.10/10.13, addr 2 uaudio0: ignored input endpoint of type adaptive uaudio0: audio rev 1.00, 6 mixer controls audio0 at uaudio0 uhidev0 at uhub1 port 2 configuration 1 interface 3 uhidev0: Logitech Logitech USB Headset, rev 1.10/10.13, addr 2, iclass 3/0 uhid0 at uhidev0: input=2, output=0, feature=0 After some fiddling trying to figure out the proper port to use: # nmeaattach cuaU0 # sysctl hw.sensors hw.sensors.0=nmea0, GPS, -0.66 secs, WARNING, Thu Oct 19 17:28:19.435 Would I be correct in assuming the warning is probably due to a weak fix by the GPS device? -- Jon
Re: PF binary search tree
On Thu, Oct 19, 2006 at 01:09:57PM -0600, Breen Ouellette wrote: From: Daniel Hartmeier (danielbenzedrine.cx) pf uses a binary search tree instead of a hash table, which doesn't require pre-defining a maximum size. The tree will just grow until memory allocation fails. With 64MB RAM that typically doesn't happen until you have over 6 state entries. I have been doing some research and I came across this message from some time ago. Is this still relevant? Yes. PF still uses a binary search tree. It should be pointed out that the ipf state tracking also has a maximum size, it's simply managed in a different way - there is a configurable number of hash buckets, and a limit to how many states can be in each hash bucket. Optimistically speaking, the number of entries would be the product of these two numbers. However, one advantage of the pf search tree is that it scales on a fixed curve as the number of states increases. Hash tables can fill unevenly, or be filled unevenly by an attacher. If so, can anyone tell me if the PF binary search tree is more or less memory efficient than the ipfilter hash table? I'd imagine they're approximately the same in terms of memory consumption, although I've not looked at how big state table entries are in ipf. What is the fallout if PF cannot allocate anymore memory for the binary search tree? Does it drop connections or puke all over? If you've set the maximum state limit correctly existing connections will continue to work, but new connections will fail until old connections time out. (I recommend testing on your specific hardware by creating enough states to reach the limit) Mechanisms such as adaptive timeouts (on by default in 4.0) will help to purge old states out of the state table more quickly as the state table fills. I am trying to convince my current employer to move away from ipfilter and over to PF. Any assistance would be appreciated. I think you're focusing on the wrong areas. Without having a clear understanding of your employer's requirements it's hard to come up with a specific argument, but think about security, ease of use, documentation, flexibility, reliability, and performance. Also important may be software licensing, standardisation, and the OS compromises you have to make to run IPF. PF is well established as the leader in all of these areas - you may find better performance in some other firewalls, but invariably this is because unacceptable security shortcuts have been taken. Some resources that you can look at to build your case are: http://www.benzedrine.cx/pf-paper.html http://www.openbsd.org/papers/auug2006/pf_evolution/ http://www.openbsd.org/faq/pf/index.html http://undeadly.org/cgi?action=articlesid=20060929080943 http://undeadly.org/cgi?action=articlesid=20060927091645 http://undeadly.org/cgi?action=articlesid=20060928081238 http://coombs.anu.edu.au/~avalon/ Often one of the most convincing arguments you can make is to take your existing IPF ruleset an re-write it as a PF ruleset. The vast majority of security problems are due to user error, and focusing on making your ruleset understandable and maintainable will likely bring the greatest security benefits. Using macros, tables, ruleset expansion, and interface groups, your ruleset will become smaller and more maintainable, and the difference is instantly visible.
Spamd - whitelist of mis-behaving SMTP server POOLS
Hi, I have been running spamdb greylisting only for several years as my only line of defense at home. At work I have managed to sneak in a Sparc64 Sunfire 120 (OpenBSD 3.9) as a caching web proxy default gateway. Today, we had a fairly agressive attack on our email system, 6000+ emails in a relatively short period of time. I took the opportunity to deploy greylisting on the OpenBSD box (which is our first line of defense... first of many). It's performed well, and is up to about 300 email servers whitelisted. I know from personal experience that Bell in Ontario (at the minimum) and a few other ISP's have server pools that do not cooperate nicely with greylisting. They do not guarantee the same server will retry sending the email when it's blocked by spamdb (451 temporary failure). On my computer at home, I notice these entries when I do a spamdb | more and see something like: GREY|205.152.59.48|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161299154|1161313554|1161313554|1|0 GREY|205.152.59.51|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161296098|1161310498|1161310498|1|0 GREY|205.152.59.65|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161300604|1161315004|1161315004|1|0 GREY|205.152.59.66|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161302039|1161316439|1161316439|1|0 GREY|205.152.59.67|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161294517|1161308917|1161308917|1|0 GREY|205.152.59.68|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161292315|1161306715|1161306715|1|0 GREY|205.152.59.72|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161297659|1161312059|1161312059|1|0 On my personal email server, it happens VERY seldom. On our work server, it only took a couple of hours for this to show up. It looks like Yahoo might be the same way. I am 99% sure that I have seen on the internet SOMEWHERE a whitelist of servers that are like this. I thought Bob Beck had forwarded one at one point in time, but I can only find his post regarding the tarfile he maintains for the zombie hosts. Bob, if you are listening, what do you do at the U of A to handle these mis-behaving server pools? Anyone else?? Thanks, Steve Williams
Re: Spamd - whitelist of mis-behaving SMTP server POOLS
On 10/19/06, Steve Williams [EMAIL PROTECTED] wrote: I am 99% sure that I have seen on the internet SOMEWHERE a whitelist of servers that are like this. I thought Bob Beck had forwarded one at one point in time, but I can only find his post regarding the tarfile he maintains for the zombie hosts. greylisting.org ? Bob, if you are listening, what do you do at the U of A to handle these mis-behaving server pools? Anyone else?? I whitelist the block manually after someone notices. Sometimes it's obvious (your example was a simple /24), sometimes it takes a few tries because the pool is so large. The list from greylisting.org fixes the well-known mail pools. -- Jon
Re: Spamd - whitelist of mis-behaving SMTP server POOLS
On Thu, Oct 19, 2006 at 06:23:20PM -0600, Steve Williams wrote: Hi, I have been running spamdb greylisting only for several years as my only line of defense at home. At work I have managed to sneak in a Sparc64 Sunfire 120 (OpenBSD 3.9) as a caching web proxy default gateway. Today, we had a fairly agressive attack on our email system, 6000+ emails in a relatively short period of time. I took the opportunity to deploy greylisting on the OpenBSD box (which is our first line of defense... first of many). It's performed well, and is up to about 300 email servers whitelisted. I know from personal experience that Bell in Ontario (at the minimum) and a few other ISP's have server pools that do not cooperate nicely with greylisting. They do not guarantee the same server will retry sending the email when it's blocked by spamdb (451 temporary failure). On my computer at home, I notice these entries when I do a spamdb | more and see something like: GREY|205.152.59.48|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161299154|1161313554|1161313554|1|0 GREY|205.152.59.51|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161296098|1161310498|1161310498|1|0 GREY|205.152.59.65|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161300604|1161315004|1161315004|1|0 GREY|205.152.59.66|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161302039|1161316439|1161316439|1|0 GREY|205.152.59.67|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161294517|1161308917|1161308917|1|0 GREY|205.152.59.68|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161292315|1161306715|1161306715|1|0 GREY|205.152.59.72|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161297659|1161312059|1161312059|1|0 On my personal email server, it happens VERY seldom. On our work server, it only took a couple of hours for this to show up. It looks like Yahoo might be the same way. I am 99% sure that I have seen on the internet SOMEWHERE a whitelist of servers that are like this. I thought Bob Beck had forwarded one at one point in time, but I can only find his post regarding the tarfile he maintains for the zombie hosts. Bob, if you are listening, what do you do at the U of A to handle these mis-behaving server pools? Anyone else?? Thanks, Steve Williams I have the same issue with certain pools. I added a bit to my pf.conf: -- table mywhite persist file /etc/mail/whitelist.txt # place this BEFORE rdr rules for spamd no rdr inet proto tcp from mywhite to any port smtp -- Then I manually add certain pools to whitelist.txt. Sometimes you get lucky and find SPF entries, like for gmail. Otherwise you have to make a guess. FYI, host -ttxt bellsouth.net returns 205.152.58.0/23 for spf. Oh, I also use whitelist.txt in spamd-setup, though it's not really needed since the no rdr bypasses all that anyway. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Spamd - whitelist of mis-behaving SMTP server POOLS
On 10/19/06, Steve Williams [EMAIL PROTECTED] wrote: Hi, I have been running spamdb greylisting only for several years as my only line of defense at home. At work I have managed to sneak in a Sparc64 Sunfire 120 (OpenBSD 3.9) as a caching web proxy default gateway. Today, we had a fairly agressive attack on our email system, 6000+ emails in a relatively short period of time. I took the opportunity to deploy greylisting on the OpenBSD box (which is our first line of defense... first of many). It's performed well, and is up to about 300 email servers whitelisted. I know from personal experience that Bell in Ontario (at the minimum) and a few other ISP's have server pools that do not cooperate nicely with greylisting. They do not guarantee the same server will retry sending the email when it's blocked by spamdb (451 temporary failure). On my computer at home, I notice these entries when I do a spamdb | more and see something like: GREY|205.152.59.48|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161299154|1161313554|1161313554|1|0 GREY|205.152.59.51|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161296098|1161310498|1161310498|1|0 GREY|205.152.59.65|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161300604|1161315004|1161315004|1|0 GREY|205.152.59.66|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161302039|1161316439|1161316439|1|0 GREY|205.152.59.67|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161294517|1161308917|1161308917|1|0 GREY|205.152.59.68|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161292315|1161306715|1161306715|1|0 GREY|205.152.59.72|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1161297659|1161312059|1161312059|1|0 On my personal email server, it happens VERY seldom. On our work server, it only took a couple of hours for this to show up. It looks like Yahoo might be the same way. I am 99% sure that I have seen on the internet SOMEWHERE a whitelist of servers that are like this. I thought Bob Beck had forwarded one at one point in time, but I can only find his post regarding the tarfile he maintains for the zombie hosts. Bob, if you are listening, what do you do at the U of A to handle these mis-behaving server pools? Anyone else?? Thanks, Steve Williams As seen on undeadly: http://home.xnet.com/~ansible/openbsd_spamd_conf.html contains a tutorial on setting up spamd on OpenBSD. It is helpful as it shows an example script that creates a whitelist by looking at SPF DNS records in a list of domains. Also, as someone else mentioned, greylisting.org has an excellent whitelist in a CVS repository here: http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt Kevin
Re: Is doing a network restore from bsd.rd at all possible?
On 10/19/06, Martin Gignac [EMAIL PROTECTED] wrote: Hey man, great idea! I'll try it out. Yup, tried a restore(8) via HTTP and it worked fine! Thanks again for the tip. -Martin -- Suburbia is where the developer bulldozes out the trees, then names the streets after them. --Bill Vaughan
Missile Launcher For OpenBSD?
Does anyone have one of these? http://www.latestbuy.com.au/usb_missile_launcher.html I was wondering if this would work in OpenBSD Sam Fourman Jr.
Re: Missile Launcher For OpenBSD?
Sam Fourman Jr. wrote: I was wondering if this would work in OpenBSD Maybe. http://scott.weston.id.au/software/pymissile-20060126/
pppoe slow on openbsd
I write once again for the same old things I was writing at the opwnbsd 3.4. If you search the emails to the list are there. Same old same old. The pppoe dial error (userland) cant assign requsted address after 4 major OpenBsd releases didnt go away. Noone cared to address the situation and of course the same old answer diferent isps use diferent pppoe implementations was the easy answer to leave the question unanswered. The 90% of home office internet conections are have to do with pppoe crapy dsl implementetions at least here in Europe. Despite that I have never found a single windows xp box to not work properly with these crapy implementations no matter to whatever adsl provider someone wants to conect to, and without the need for any extra drivers to be installed concerning these diferrent isps. So from the openbsd 3.4 release I have instaled Openbsd as a router (suggested by me) to different small offices succesfully and despite the Openbsd pppoe risk that these boxes will never see the Internet world. I just hoped and trusted the community, that someone will go and support the first thing that an os must be capable of, to conect to the internet using an available ISP. I hoped that someone in the community will fix the problems so will come one day that we can use an openbsd box to conect to the Internet without praying or going after that to a doctor for a nervous breakdown. So 3.5 - 3.6 - 3.7 - 3.8 and now I am afraid to tell my clients to update. No matter what usefull things the new releases have if I can not conect them to the Internet the only option is to call microsoft to apply for the licencing program... THE ONLY THING THAT CHANGES FROM RELEASE TO RELEASE IN OPENBSD PPPOE IS THE ERROR MESSAGES AFTER A SUCCESSFUL CONECTION IS MADE. I am so disappointed with this, as every now and then in these years I read posts in the list, from the newbie trying to install an openbsd box for the first time, as users that are very familiar with openbsd like myself, crying out the pppoe implementation in openbsd is broken. An answer to all these people: IS PPP OPENBSD IMPLEMENTATION BROKEN? YES IT IS NO MATTER WHAT YOU READ IN THE LIST. YES IT IS AND NO ONE CARES. YES YOU HAVE DONE NOTHING WRONG IN YOUR CONFIGURATION, THE ERRORS ARE NOT THERE FOR DEBUGGING JUST FOR SEEING THEM. On openbsd 3.9 I can conect through pppoe(userland) to my ISP everything works fine but I can not download more than 250KB/s despite that my line is capable of 2000KB/s. In a 3.5 box same configuration same ISP I am capable of 2000KB/s. May I must downgrade? I myself want to ask whats the meaning of an os secure and capable of tasks if I can not conect to an ISP using the way that 90% of Inernet users use in this world. I have spend another week trying to resolve another pppoe problem, where everything seems to work fine as always, but as always in openbsd's pppoe something goes wrong. Of course if I conect my modem to a wondows xp stupid insecure pc or to e Unix based Powerbook and I experince no such problems. I called my ISP after the line was installed and complain that my line dont work ok and now I think I may be have to call them and tell them that I just used a stupid os that cant do what the most stupid oses can DO. I needed to write this after 5 years of seeing the community to ignore the needs of its users. We have donated, support it and continue to do so. We have no right to demand things but I think we have the right to alert the community as definitily with this matter something IS DEFINITELY wrong. I think that the 50% of Openbsd users use pppoe conections and I thing that the 10% of us use for example IPSEC. Despite that IPSEC works far better than establishing a dsl conection and download at proper rates. And I am sure that this mail will be ignored as the 98329389283 mails in this list that noone answer and you can find in the list remaining for ever unanswered. So just I am Asking kindly again after 5 years. Will be a way to establish a dsl broadband conection from an openbsd gateway to an ISP without errors and problems ever in the future like the 99% of all other OSes (even those that are not deticated to networking as OpenBsd) CAN? OR NOT? Even if the abswer is NO I will be greatefull as many other users to know that so we can make our ways out of this OSas there are some thing in OS world that some of us cant live without it. Feel free not to comment.
OpenVPN Server and nice setting on OpenBSD
I have had a problem with a new OpenVPN server on an OpenBSD box. I have solved the problem (I think) but was looking for some insight as to why this solved it. The problem was with the ping that happens between OpenVPN endpoints not being returned and the connection resetting every minute or so. One suggested issue was that perhaps there was a lot of large transfers or heavy traffic that caused it to not respond in time... So I took a look at it late one night... One one computer I was watching it drop and reconnect. On the console I was watching a netstat dump which showed between 1 to 9 pkts a second. (This is respectable hardware with gigabit cards). So maybe it was some service running... so I hit up vmstat and aside from the random tumbleweed, all was dead quiet. top showed nothing going on. Anyway, in the end I started the OpenVPN server with nice -1 which has seemed to work. I've not had a drop in about 48 hours straight. My question is - on a dead quiet box, how could bumping the priority just a tad help? I've asked for idea's on the OpenVPN list, but no answer. Or am I crazy? Thanks
Re: blobs are bad
On 10/19/06, Darrin Chandler [EMAIL PROTECTED] wrote: On Thu, Oct 19, 2006 at 11:34:49AM -0600, Theo de Raadt wrote: 2006/10/18, ICMan [EMAIL PROTECTED]: I have read this thread, and I don't get it. Doesn't it benefit card companies to have open source communities making their drivers better? Why do some people feel the need to make up utter bullshit defences for the vendors, when there is not one ounce of fact to back it up? Why? I think anyone who cares about this at all has tried to figure out why vendors take the attitude they do. I have, though I haven't posted much about it. Since you and those you work with on this project have dealt with many different vendors, do you find some common reasons they give? Or when you back them into a logical corner, is there some last refuge they resort to? I'm sure you can guess why I'm asking. Companies don't always do things that make sense to an engineer. Engineers generally make decisions based on what's best for the design; the engineer says, we should open this up, and let other people improve it for us. But, someone in management says, I don't want to open this up, because it's a secret, and it's our secret, and secrets are valuable. You can waste a lot of time attacking someone's attitude with logic, and in the end, it won't change anything because their attitude isn't based on your kind of logic. Sometimes you just have to wait for their attitude to change. - R.
Re: update automaticly
On Thu, Oct 19, 2006 at 03:43:50PM +0100, Stuart Henderson wrote: On 2006/10/19 21:28, sonjaya wrote: i have script for update automaticly here: #!/bin/csh c-shell for scripting? are you mad? :-) IMAO csh should be banished from earth! :-) You will be amazed how brain dead its design is :-) Go figure. There is a wonderful and interesting document somewhere on the Internet that colorfully and sleazily takes you thro' why it is so f***ed up
Kismet Frontend gtk?
Does anyone know of a OpenBSD port (gtk maybe) for Kismet Thank you Sam Fourman Jr.
