Re: dhcp on vlan interface

[Thomas Schoeller]

On Wed, Nov 15, 2006 at 09:28:47AM +0500, Igor Goldenberg wrote:
> Hello,
> 
> is it possible to start dhcp on vlan interface using only netstart(8)
> and hostname.if(5)? Or it's need to write custom commands (e.g. in
> rc.local)?
yes, you could write dhcp in a hostname.vlanX file and it will geht an
ip. but you should also configure vlandev and vlanid in this file.
> 
> Another question. myname(5) says "If any hostname.if(5) files contain
> ``dhcp'' directives, IPv4 entries in /etc/mygate will be ignored." But
> I need to get only IP & mask by DHCP, not gate. I will "request
> subnet-mask, broadcast-address;" so my default gateway will not be
> changed anyway. So, if I want to use dhcp for some interface and
> static default gw on another one I must use !command syntax in
> hostname.if(5) or rc.local?
i think if you not request gateway then nothing is changed on your
default route.

regards
thomas

Re: layout of filesystems on OpenBSD

[Igor Sobrado]

Thanks a lot to all that replied either in private email (Francisco),
or in the misc mailing list (Joachim, Robert, Will, Stuart, Peter,
Damian, Marc and Matthias).

I will try to reply to all in the thread right now.  As I am not
a member of this mailing list I have not received a copy of the
emails.  I will try to set up nmh to automatically classify email
from two or three mailing lists to receive these lists as
soon as possible.  Sorry for the delay, but the first message
was stalled because it included certain words that make it seem
as spam (a word that I will not repeat here, because I do not want
this message to be stalled again!)

I agree with Francisco about the use of swap (wd0b) for both memory
filesystems (/tmp and /var/run).  Indeed, it is the way it is used
in fstab(5), but only on a single mfs.  Both Francisco, Damian and
Joachim have observed that /var can grow when using databases or the
system is a large mail or printer server.  I should have observed it
as I sometimes work for the Department of Geological Sciences, and they
send huge files to the plotters.  It is a very good point.

Joachim is right when he writes that /home does not need to be too
large.  Currently it can grow up to, we say, 1 GB (e.g., when making
an ISO image to be dumped to a CD-ROM) but large /home filesystems
are a waste of space.

Indeed, /usr/X11R6 is part of /usr.  Even if some packages install
files on it (e.g., OpenMotif), X11R6 does not grow a lot and can
be considered static.  I guess that I made it a separate filesystem
because I do not see X.Org as a part of OpenBSD (another reason is
that /usr/openwin was a separate filesystem on Solaris, and I am
accustomed to this layout).

A too large /usr/ports is something that should be avoided for me,
as I really use binary packages.  I just install /usr/ports because
sometimes I needed to build packages from source (it happened only
a few times.)  Certainly a 24 GB /usr/ports is something I will
probably avoid.  On this matter, I feel that Damian is NOT doing
something improperly when /usr/ports grows.  It would be much better
having these object files in /usr/obj or, at least, not lying
around in /usr/ports.  Building ports from source makes /usr/ports
a real mess in only some days.  I am sure, there are good technical
reasons for not making the object and binary files in a separate
directory: patches to source code tarballs would become unmanageable
if third party applications need to be changed to support this feature.

The advice on CCD is an excellent one (thanks Joachim!).  I would
suggest leaving some unused space on the disk drives too.  It is
not the same as Veritas Volume Manager, but can certainly help
when a filesytem runs out of space.  Certainly using CCD or
RAIDframe is much better.

I agree with most people in this thread.  The setup I proposed
is too complex.  I like it and works fine for me, but it is
certainly a nightmare when a new application changes the space
requirements (and a database is a good example).

Indeed, I do not run databases right now... but I should do it.
Databases are not only useful as support tools for spam filters
and intrusion detection systems, but excellent tools for our
daily work.  I will play with a database system as soon as I have
some time.

Again, thanks to all for the excellent advices on this matter.

Cheers,
Igor.


--Boundary_(ID_b6vZWPMJJsiMXjf61E2EHw)--

Re: Script to sync pf rules for CARP fws

[z0mbix]

On 14/11/06, Leonardo Rodrigues de Mello
<[EMAIL PROTECTED]> wrote:

Here is one script i have done, you must setup ssh key authentication between
root from fw1 to fw2 and fw1 to fw1. and must install bash.



Why install bash? Just write the script properly so it works with ksh
or another shell in base.

Re: BSD laptop

[Chavdar Ivanov]

I am currently using HP nx6310; after the initial problem with npx
freezing when MULTIPROCESSOR is on, I an reasonably happy with it. The
wireless (wpi) works (but not with wpa_supplicant for me), the
Ethernet (bce) as well (I just have to disconnect the power supply for
a moment when rebooting from XP). The only minor gripe is that I could
not get the audio (azalia) work through the speakers, but it works
fine through the headphones; also the SATA controller has to be set to
compatibility mode for NetBSD, which is weird, as the native mode is
supported by both OpenBSD-current and FreeBSD-current. I haven't yet
tried seriously suspend/resume. The graphics - Intel 945 - works in
VESA mode under XFree86, but I installed Xorg 6.9 from pkgsrc and this
is now served by the I810 driver, so it's OK. Otherwise it looks quite
well built; one may not like the 15" screen with 1024x768 native
resolution. though (or, maybe, like - depends on one's eyes...).

As far as OpenBSD-current is concerned, I just booted the installation
CD and collected the dmesg (posted earlier in current-users@), but it
looked OK at this stage.

I tried at one stage FreeBSD6.2 Beta1, but did not get the wireless
and the azalia working straight from the CD (I found an OSS audio
driver, but did not want to deal with bits from outside of it; as I
have another ath wireless card, which worked, I did not bother to look
at the wpi one).

Chavdar

Re: multiple openbsd installs on the same disk

[Girish Venkatachalam]

On Tue, Nov 14, 2006 at 09:43:44PM +0100, frantisek holop wrote:
> hi there,
> 
> 4.0 is here so time for my second annual reinstall on my notebook.
> i have come to the conclusion that it would be nice to have a
> "production" system and a "development" system.  i need a stable
> system to work with (stable packages i don't have to manually
> compile, etc, etc.)  on the dev system i'd like to track current.
> 
> but.  because i have only one notebook, these system should be on
> the same physical harddisk.
> 
> the only recent thread i have seen is about dual booting with netbsd:
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=110575764931297&w=2
> 
> i am not an mbr/disklabel guru, but it seems to me that it all comes
> down to disklabel becasue i can have 4 primary partitions, but if i
> interpret it correctly, i can't have seperate 'a' and 'b' (and so on)
> for all of these primary partitions, now can i?
> 
> would it make sense to make every primary partition into an isolated
> seperate disklabel entity?  i know this wouldn't be a trivial change
> of course, but is it possible at all?
> 
> 
> or should i just go with virtualization?
> is it in that state already that i can?
> 
> or any other ideas to have 2 systems on one? :)

Wait for my article for gory details of MBR...

Anyway of all options suggested I like the multiple separate fdisk partitions 
approach. Much cleaner and easier to maintain in the long run never mind if it 
has minor disadvantages...

Actually there are none.

Let me explain.

OpenBSD does not come with a boot manager unless I am mistaken. And only one of 
the four fdisk primary partition can be marked active or bootable. 

Theoretically at least it seems possible that you can install upto four 
separate OpenBSD instances on a single hard disk, one on each fdisk partition.

Now, how do you select which partition to boot?

You need a boot manager. You can go with grub or something else installed into 
a third fdisk partition in your case. Say you install FreeBSD or linux.

Now let us come to disklablels.

Only a,b and c partitions are special. b is swap and let us not worry about it, 
you can even use a temporary file for swapping.

a is root partition and hence most critical. You can use one of d-i parititions 
to point to root partition in the second OpenBSD fdisk install. Just set it in 
fstab.

Try this with read only mount of root file system.

Just figure out the boot loader options. I think it should be pretty straight 
forward.

Of course you can share /home. Don't share too many partitions und you will 
have things interfering with one another in a manner you don't anticipate.

Best of luck!

Does this make sense?

regards,
Girish
-- 
Linux is for folks who hate Windoze.

FreeBSD is for folks who love UNIX.

OpenBSD is for folks who can't live without UNIX.

Re: dhcp on vlan interface

[Igor Goldenberg]

2006/11/15, Thomas Schoeller <[EMAIL PROTECTED]>:


yes, you could write dhcp in a hostname.vlanX file and it will geht an
ip. but you should also configure vlandev and vlanid in this file.


Thank you, line "dhcp vlan 4 vlandev em0" works well.


i think if you not request gateway then nothing is changed on your
default route.


dhclient will not change, but netstart doesn't want setup gateway if
interface with dhcp exists. This is gateway related code from
/etc/netstart:

# /etc/mygate, if it exists, contains the name of my gateway host
# that name must be in /etc/hosts.
[[ -z $dhcpif ]] && stripcom /etc/mygate | while read gw; do
   [[ $gw == @(*:*) ]] && continue
   route -qn delete default > /dev/null 2>&1
   route -qn add -host default $gw && break
done

Re: multiple openbsd installs on the same disk

[Nico Meijer]

Hi frantisek,

> or any other ideas to have 2 systems on one? :)

I use USB hard drives for just this purpose.

HTH... Nico

Is resolver in 4.0 thread-safe?

[Federico Giannici]

I'm about to compile a program (milter-greylist) that requires a 
thread-safe resolver. I'm using OpenBSD 4.0 i386.


The configure says that probably the resolver is not thread-safe because 
it has not found the res_ninit() function.


Anybody can confirm this?


Thanks.

--
___
__
   |-  [EMAIL PROTECTED]
   |ederico Giannici  http://www.neomedia.it
___

Re: layout of filesystems on OpenBSD

[Alexander Hall]

Joachim Schipper wrote:

On Fri, Nov 10, 2006 at 04:10:54PM -0600, Damian Wiest wrote:

I've had the misfortune of running AIX for a short time and am aware of
how Veritas Volume Manager encapsulates disks, but what's the
equivalent in OpenBSD?  One benefit of those systems is that they allow
you to resize filesystems on the fly, which is helpful if you're not
sure how much space you're going to need.  I sometimes end up performing
two installs.  The first one lets me see how much space the OS 
distribution is likely to occupy and I then use those numbers when I redo 
the install.


If you want to do the same in OpenBSD, allocate the maximum number of
partitions and run ccd devices over appropriate subsets of the
partitions. (Note growfs(8); there is no shrinkfs, though.)

If this is not granular enough, add one ccd device per partition, and
parition that one again [1]. This setup would allow dividing a disk in
15x15 = 255 not necessarily equally big slices, which Should Be Enough

  ^^^ oops

For Everyone. (If not, repeat.)


Interesing thought. Fragmented filesystems (not just files). Probably 
horrible in many ways and easy to make mistakes, but still interesting.


But why not just start with a reasonably sized partition per ccd and 
then add additional partitions (of varied sizes) when needed? I see no 
need to predefine the partitions. Then, should you run out of 
partitions, you could make the last one (p?) use the rest of the disk 
and split it using the technique mentioned above.



You'll probably want to build a custom kernel to increase the number of
ccd devices. And wash your hands.

Joachim

[1] This is possible, but I haven't tested either performance or
stability of this setup.

Re: multiple openbsd installs on the same disk

[Tony Abernethy]

Girish Venkatachalam wrote:

> Now let us come to disklablels.

There is one disklabel per disk, not one disklabel per DOS partition.
The DOS partitions come into play only while the BIOS is booting
After that, the DOS partitions can contain any nonsense you like.

I suspect you'll do better with no A6 partitions that with many.

Re: raidctl: ioctl (RAIDFRAME_CONFIGURE) failed on 4.0 amd64 for RAID 1 (mirroring)

[Siju George]

On 11/15/06, Otto Moerbeek <[EMAIL PROTECTED]> wrote:

> =
> # cat /var/run/dmesg.boot
> OpenBSD 4.0 (GENERIC) #690: Sat Sep 16 20:26:25 MDT 2006
>[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC

The clue is here. You are not running a kernel with raidframe enabled.
I'd advise to first play with this using a regular root file system,
and put some data on a raidframe file system, and only move to a
raidframe root after that. Having a raidframe root can be quite
confusing, since the boot device does not match the root device.



yes i am having some confusion here.
# uname -a
OpenBSD backupserver.hifxchn2.local 4.0 GENERIC.RAID#0 amd64
#

gives GENERIC.RAID

so I am running a kernel with raidframe enabled right?

I deleted the /var/run/dmesg.boot
halted the system.
restarted the system

in the dmesg|more after the earlier errors created while configuring
raid0 partition it says it is booting a raidframe enabled kernel.

=
RAIDFRAME: failed rf_ConfigureDisks with 2.
vnode was NULL
vnode was NULL
syncing disks...
OpenBSD 4.0 (GENERIC.RAID) #0: Wed Nov 15 08:04:56 IST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.RAI
D
real mem = 1039593472 (1015228K)
avail mem = 878211072 (857628K)
using 22937 buffers containing 104165376 bytes (101724K) of memory
mainbus0 (root)

===

The root file system is 4.2BSD on "wd0"


16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
 a:61481763  4.2BSD   2048 16384  328 # Cyl 0*-   609
 b:   2097648614880swap   # Cyl   610 -  2690
 c: 234441648 0  unused  0 0  # Cyl 0 -232580
 d:   4194288   2712528  4.2BSD   2048 16384  328 # Cyl  2691 -  6851
 e:   2097648   6906816  4.2BSD   2048 16384  328 # Cyl  6852 -  8932
 f:  16777152   9004464  4.2BSD   2048 16384  328 # Cyl  8933 - 25576
 g:  83885760  25781616  4.2BSD   2048 16384  328 # Cyl 25577 -108796
 h:  83885760 109667376  4.2BSD   2048 16384  328 # Cyl 108797 -192016
 i:  40883409 193553136  4.2BSD   2048 16384  328 # Cyl 192017 -232575*
#
=

I just wanted to create a degraded array using "wd1b" (another disk)
and wd2b ( fake entry no actual disk but /dev/wd2b entry exists )

I created a RAID file system type in "wd1b"

===
16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
 a:   209758563  4.2BSD   2048 16384  328 # Cyl 0*-  2080
 b: 232338897   2097648RAID   # Cyl  2081 -232575*
 c: 234441648 0  unused  0 0  # Cyl 0 -232580
#


also a raid.conf for mirroring as said in the raidctl manpage
=
# cat /root/raid0.conf
START array
# numRow numCol numSpare
1 2 0

START disks
/dev/wd2b
/dev/wd1b

START layout
128 1 1 1

START queue
fifo 100
#


then gave the command to create the array using the -C option to force
its creation and then

===
# raidctl -C /root/raid0.conf raid0
raidctl: ioctl (RAIDFRAME_CONFIGURE) failed
#
===

System messages

=
Kernelized RAIDframe activated
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
raidlookup on device: /dev/wd2b  failed !
vnode was NULL
vnode was NULL
RAIDFRAME: failed rf_ConfigureDisks with 2.
vnode was NULL
vnode was NULL


So it says kernlized Raid Frame activated
Also

==
# uname -a
OpenBSD backupserver.hifxchn2.local 4.0 GENERIC.RAID#0 amd64
#
===

So I am running a Kernel with Raid Frame enabled right?

I am using the -C option to create the array with raidctl so even if
/dev/wd2b is not present physically it should fore creating a degraded
array right?

Hope I make sense :-)

Thankyou so much for your help

Kind Regards

Siju

Re: multiple openbsd installs on the same disk

[Girish Venkatachalam]

On Wed, Nov 15, 2006 at 05:05:17AM -0600, Tony Abernethy wrote:
> 
> There is one disklabel per disk, not one disklabel per DOS partition.
> The DOS partitions come into play only while the BIOS is booting
> After that, the DOS partitions can contain any nonsense you like.
> 
> I suspect you'll do better with no A6 partitions that with many.

Right, it is one disklabel per disk.

It should be possible to associate the A6 fdisk partition on second partition 
with BSD d partition and even boot it with the usual OpenBSD second stage boot 
loader.

I have not tried it but it should work.

regrads,
Girish

-- 
Linux is for folks who hate Windoze.

FreeBSD is for folks who love UNIX.

OpenBSD is for folks who can't live without UNIX.

isakmpd eating all available memory

[Jesus Roncero Franco]

Hi all,
I have a problem with a production machine that is running out of memory on
OpenBSD 4.0 (and it happens just the same on another one running OpenBSD
3.9). Basically isakmpd memory consumption grows linearly in time until OOM
enters in actions and kill processes. 

We have narrowed the problem to be one of our peers sending us
informational messages each second. It looks to me that they are sending us
"are you alive?" packets with a wrong SPI to which we reply with a
notification payload. 
After increasing the debug level on isakmpd I've noticed that get lots of
messages like this:
sa_release: SA 0x824df500 had 1542 references
sa_reference: SA 0x824df500 now has 1543 references
...

with the number of references increasing with time.
It looks to me that the system's got into an endless loop. This box was
running nicely until, at some point, it started showing this behaviour, so
I'm assuming that something changed on the remote part because we didn't.

I've been browsing the source code in case this would be a bug in ipsec's
isakmpd but I just want to make sure that this is not a misconfiguration on
our side. (I'm copying part of the log at the end of this message). The
configuration is quite standard and will be happy to copy here for further
analysis, but, before that, does anyone have any hints on what could be
wrong here? 
Could isakmpd be misbehaving on this matter and not freeing invalid
messages?

All help is very welcome. Thanks.

Log follows:

Nov 15 13:08:35 vpnbox isakmpd[874]: message_parse_payloads: offset 48 payload 
NOTIFY
Nov 15 13:08:35 vpnbox isakmpd[874]: message_validate_payloads: payload HASH at 
0x8b69899c of message 0x8b698900
Nov 15 13:08:35 vpnbox isakmpd[874]: DATA:
Nov 15 13:08:35 vpnbox isakmpd[874]: message_validate_payloads: payload NOTIFY 
at 0x8b6989b0 of message 0x8b698900
Nov 15 13:08:35 vpnbox isakmpd[874]: DOI: IPSEC
Nov 15 13:08:35 vpnbox isakmpd[874]: PROTO: ISAKMP
Nov 15 13:08:35 vpnbox isakmpd[874]: SPI_SZ: 16
Nov 15 13:08:35 vpnbox isakmpd[874]: MSG_TYPE: STATUS_DPD_R_U_THERE
Nov 15 13:08:35 vpnbox isakmpd[874]: SPI:
Nov 15 13:08:35 vpnbox isakmpd[874]: message_validate_notify: bad cookies
Nov 15 13:08:35 vpnbox isakmpd[874]: dropped message from 192.168.55.1 port 500 
due to notification type INVALID_SPI
Nov 15 13:08:35 vpnbox isakmpd[874]: message_alloc: allocated 0x873f1d80
Nov 15 13:08:35 vpnbox isakmpd[874]: sa_reference: SA 0x824df500 now has 1542 
references
Nov 15 13:08:35 vpnbox isakmpd[874]: message_send: message 0x873f1d80
Nov 15 13:08:35 vpnbox isakmpd[874]: ICOOKIE: 2923f84eb0036ea0
Nov 15 13:08:35 vpnbox isakmpd[874]: RCOOKIE: 5b0869039608fc86
Nov 15 13:08:35 vpnbox isakmpd[874]: NEXT_PAYLOAD: HASH
Nov 15 13:08:35 vpnbox isakmpd[874]: VERSION: 16
Nov 15 13:08:35 vpnbox isakmpd[874]: EXCH_TYPE: INFO
Nov 15 13:08:35 vpnbox isakmpd[874]: FLAGS: [ ENC ]
Nov 15 13:08:35 vpnbox isakmpd[874]: MESSAGE_ID: 435f11fa
Nov 15 13:08:35 vpnbox isakmpd[874]: LENGTH: 60
Nov 15 13:08:35 vpnbox isakmpd[874]: message_send: 2933f44e 50066ea0 56086403 
9638f586 061302a1 4c5ffcfa 0305043c cabcd333
Nov 15 13:08:35 vpnbox isakmpd[874]: message_send: fdff3348 d444 23423423 
23423423 23423444 23423444 23423444
Nov 15 13:08:35 vpnbox isakmpd[874]: message_free: freeing 0x873f1d80
Nov 15 13:08:35 vpnbox isakmpd[874]: sa_release: SA 0x824df500 had 1542 
references
Nov 15 13:08:37 vpnbox isakmpd[874]: message_alloc: allocated 0x8b698d00
Nov 15 13:08:37 vpnbox isakmpd[874]: message_recv: message 0x8b698d00
Nov 15 13:08:37 vpnbox isakmpd[874]: ICOOKIE: 2923f84eb0036ea0
Nov 15 13:08:37 vpnbox isakmpd[874]: RCOOKIE: 5b0869039608fc86
Nov 15 13:08:37 vpnbox isakmpd[874]: NEXT_PAYLOAD: HASH
Nov 15 13:08:37 vpnbox isakmpd[874]: VERSION: 16
Nov 15 13:08:37 vpnbox isakmpd[874]: EXCH_TYPE: INFO
Nov 15 13:08:37 vpnbox isakmpd[874]: FLAGS: [ ENC ]
Nov 15 13:08:37 vpnbox isakmpd[874]: MESSAGE_ID: 497c55d2
Nov 15 13:08:37 vpnbox isakmpd[874]: LENGTH: 84
Nov 15 13:08:37 vpnbox isakmpd[874]: message_recv: 2933f44e 50066ea0 52342344 
23432426 34227786 54652652 2455a044 45368732
Nov 15 13:08:37 vpnbox isakmpd[874]: message_recv: affd4855 f3453324 23434326 
c423423d 3243422d 23434343 3423432c 23432a44
Nov 15 13:08:37 vpnbox isakmpd[874]: message_recv: 4332  aea9fbc6 
dadb f2343223
Nov 15 13:08:37 vpnbox isakmpd[874]: sa_reference: SA 0x824df500 now has 1542 
references
Nov 15 13:08:37 vpnbox isakmpd[874]: message_parse_payloads: offset 28 payload 
HASH
Nov 15 13:08:37 vpnbox isakmpd[874]: message_parse_payloads: offset 48 payload 
NOTIFY
Nov 15 13:08:37 vpnbox isakmpd[874]: message_validate_payloads: payload HASH at 
0x8b698f1c of message 0x8b698d00
Nov 15 13:08:37 vpnbox isakmpd[874]: DATA:
Nov 15 13:08:37 vpnbox isakmpd[874]: message_validate_payloads: payload NOTIFY 
at 0x8b698f30 of message 0x8b698d00
Nov 15 13:08:37 vpnbox isakmpd[874]: DOI: IPSEC
Nov 15 13:08:37 vpnbox isakmpd[874]: PROTO: ISAKMP
Nov 15 13:08:37 vpnbox isakmpd[

EuroBSDCon 2006 PF tutorial online

[Peter N. M. Hansteen]

As some of you may be aware, I presented a half day PF tutorial at
EuroBSDCon in Milan.  The manuscript is now online in several formats
at http://home.nuug.no/~peter/pf/.  

This is a manuscript I've revisited on occasion over roughly the last
two years, intended as a flash intro to the fun and useful things you
can do with PF and related tools, and an ongoing work in progress.  I
intend to keep it reasonably up to date and possibly expand it somewhat.

NOTE: Some of you may have seen this online earlier at bgnett.no. If
  you have links pointing to the bgnett.no address, please change them
  to point to the new address http://home.nuug.no/~peter/pf/ instead. 
  File and subdirectory names remain the same.
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds

packages

[Marc Ravensbergen]

Hi, is there any way I can find out the entire list of files (and  
dependencies) needed before installing a given package? Let's say I  
want to add "wget" to openbsd. I export the PKG_PATH to the  
appropriate mirror, then type "pkg_add wget". This will do the  
installation of wget and all dependencies, but I would like to know  
before the actual installation what files are needed (if possible of  
course).


My reason for this is so that I can generate a complete list of files  
needed to download for a given program, run over to a computer with  
high speed, download, run back to my computer, dump the files in the  
correct directory (/var/db/pkg) and then install the package.


In this case, wget is very small, but what about Gnome, KDE...

I am thinking of the feature in Synaptic that lets you generate an  
installation script; all the files and dependencies needed for a  
given package are then saved to a text file as a script.


If this is possible, can somebody let me know?
Thanks,
Marc

Re: packages

[Ben Calvert]

On Wed, 15 Nov 2006 08:24:16 -0500
Marc Ravensbergen <[EMAIL PROTECTED]> wrote:

> Hi, is there any way I can find out the entire list of files (and  
> dependencies) needed before installing a given package? 

Yes.  



> If this is possible, can somebody let me know?

man pkg_add

(hint - look for command line options )

In OpenBSD, and to a lesser extent in the other BSDs, you'll find that
people take pride in making sure the man pages are up to date and
extremely useful.

> Thanks,
> Marc
> 

Ben

Best nic/driver combination

[Marcel Prisi]

Hi all,

I am in the process of reinstalling our OpenBGPd router under OpenBSD
4.0.

We are currently using two fxp's and a quad sis.

The fxp's are ok, but the sis are really bad. It looks like the first of
the four ports (sis0) works OK, but the next three cannot handle more
than ~10mbit/s before losing packets.

I am looking for the best possbible (read most stable) nic/driver
combination, could you please recommend some ? I'd like some gbit nic as
I heard their buffering is better and they can handle more udp traffic,
but as I said, I need the most stable combination.

I can easily get some Realtek 8169 based (not 8139!) re cards, some
Intel gbit em (they seem less stable than fxp ?), and probably some sk
(SMC 9452TX).

Thanks.

Re: packages

[Darrin Chandler]

On Wed, Nov 15, 2006 at 08:24:16AM -0500, Marc Ravensbergen wrote:
> Hi, is there any way I can find out the entire list of files (and  
> dependencies) needed before installing a given package? Let's say I  
> want to add "wget" to openbsd. I export the PKG_PATH to the  
> appropriate mirror, then type "pkg_add wget". This will do the  
> installation of wget and all dependencies, but I would like to know  
> before the actual installation what files are needed (if possible of  
> course).
> 
> My reason for this is so that I can generate a complete list of files  
> needed to download for a given program, run over to a computer with  
> high speed, download, run back to my computer, dump the files in the  
> correct directory (/var/db/pkg) and then install the package.
> 
> In this case, wget is very small, but what about Gnome, KDE...
> 
> I am thinking of the feature in Synaptic that lets you generate an  
> installation script; all the files and dependencies needed for a  
> given package are then saved to a text file as a script.
> 
> If this is possible, can somebody let me know?
> Thanks,
> Marc

There are probably other ways to do this, but the first thing that comes
to mind is to run "pkg_add -nv " which will give you a list of
dependencies. Recurse until done, checking the dependencies so far to
avoid infinite recursion and excessive work.

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: raidctl: ioctl (RAIDFRAME_CONFIGURE) failed on 4.0 amd64 for RAID 1 (mirroring)

[Vijay Sankar]

Good day,

I set up RAIDFRAME on HP DL380 G4 servers sometime in 2004 because we
had problems with hardware RAID (SmartArray 6402 controller with 15000
rpm drives). We are no longer using RAIDFrame because OpenBSD 3.9
support for RAID on our machines is excellent and we no longer have
problems with 15K rpm drives. So unfortunately, I am not able to get you
a dmesg from this specific server when it was running RAIDFRAME.

Anyways, here is a cut and paste of what may be useful from my write up
at that time. It was written for operators whose primary expertise is
not OpenBSD, and the objective was just to help us rebuild our OpenBSD
servers quickly if there were any hardware failures. So it just shows
the steps to take within our environment and may not be appropriate for
your situation. Sorry that it looks a bit disjointed but I had to delete
all material that was specific to the data center. Hopefully it is still
readable. If you want the OpenOffice version of this document, please
let me know as well. 

Hope this helps,

Vijay

FROM THE SERVER CONFIGURATION DOCUMENT

BASICS

Install OpenBSD, using 4GB for /, 2GB for swap, and leave the rest for
RAID

Install KDE Base

Make sure base installation is working properly.

I modified the generic kernel with the following changes -- RAID
support, a number of kernel optimizations including DUMMY_NOOPS, removal
of support for 386/486/586 processors, no math emulation, and support
for RAID Auto-configuration. I then built two custom kernels, one for
single processors (bsd.vijay.sp) and one for SMP machines
(bsd.vijay.mp). The objective was to provide similar or better
performance than the Solaris boxes. Copy the two custom kernels built
(bsd.vijay.mp and bsd.vijay.sp) to /


Rename /bsd as /bsd.original and rename bsd.vijay.mp as /bsd


I had copied the kernels to /home/vijay. So in this situation, I typed
in the following commands:


honyp34# cd /

honyp34# mv bsd bsd.original

honyp34# cp /home/vijay/bsd.vijay.mp /bsd


This will replace the generic kernel with a custom kernel that supports
RAID and is optimized for the Proliant DL380 G4 Server.


Now comes the slightly complicated part.


DISKLABEL
disklabel sd0 > disklabel.sd0


You will get output as follows:


# /dev/rsd0c:

type: SCSI

disk: SCSI disk

label: BF07288576

flags:

bytes/sector: 512

sectors/track: 723

tracks/cylinder: 4

sectors/cylinder: 2892

cylinders: 49158

total sectors: 142264000

rpm: 15000

interleave: 1

trackskew: 0

cylinderskew: 0

headswitch: 0 # microseconds

track-to-track seek: 0 # microseconds

drivedata: 0


16 partitions:

# size offset fstype [fsize bsize cpg]

a: 8389629 63 4.2BSD 2048 16384 416 # Cyl 0*- 2900

b: 4193400 8389692 swap # Cyl 2901 - 4350

c: 142264000 0 unused 0 0 # Cyl 0 - 49192*

d: 129672483 12583092 RAID # Cyl 4351 - 49189*


Now copy this to disklabel.sd1 and edit the new file so that we have:


# /dev/rsd1c:

type: SCSI

disk: SCSI disk

label: BF07288576

flags:

bytes/sector: 512

sectors/track: 723

tracks/cylinder: 4

sectors/cylinder: 2892

cylinders: 49158

total sectors: 142264000

rpm: 15000

interleave: 1

trackskew: 0

cylinderskew: 0

headswitch: 0 # microseconds

track-to-track seek: 0 # microseconds

drivedata: 0


16 partitions:

# size offset fstype [fsize bsize cpg]

a: 8389629 63 4.2BSD 2048 16384 416 # Cyl 0*- 2900

b: 4193400 8389692 swap # Cyl 2901 - 4350

c: 142264000 0 unused 0 0 # Cyl 0 - 49192*

d: 129672483 12583092 RAID # Cyl 4351 - 49189*


MATCH DRIVES

fdisk -i sd1


-

-- ATTENTION - UPDATING MASTER BOOT RECORD --

-


Do you wish to write new MBR and partition table? [n] y


disklabel -R -r sd1 disklabel.sd1

# using MBR partition 3: type A6 off 63 (0x3f) size 142255512
(0x87aa598)


Now, set up the new filesystem using the commands:


newfs /dev/sd1a

newfs /dev/sd1d


Create and save a file called raid0.conf in /etc with the following
contents:


START array

1 2 0

START disks

/dev/sd0d

/dev/sd1d

START layout

128 1 1 1

START queue

fifo 100


mount /dev/sd1a /sd1


cd /


pax -r -w -p e -v .profile bin boot bsd bsd.original dev dvd etc home
mnt root sbin sd0 sys tmp usr var stand altroot /sd1/


dump -0f - / | restore -rf b is another alternative and is recommended
by many people. I had problems with this command, when implementing a
graphical OpenBSD. So resorted to the less popular pax.


After the restore is completed successfully, copy the boot sectors to
the second hard drive:


/usr/mdec/installboot -v /sd1/boot /usr/mdec/biosboot sd1


Do not forget to edit fstab on the second hard drive so
that /sd1/etc/fstab looks like:


/dev/sd1a / ffs rw 1 1


Reboot so that we use the custom, RAID-enabled kernel.


SET UP RAID

If you followed all the steps listed above breligiouslyb then most
probably you wonbt get too many errors. Most probably if you are running
your commands from the console you may

Re: packages

[Andreas Bihlmaier]

On Wed, Nov 15, 2006 at 06:10:35AM -0800, Ben Calvert wrote:
> On Wed, 15 Nov 2006 08:24:16 -0500
> Marc Ravensbergen <[EMAIL PROTECTED]> wrote:
> 
> > Hi, is there any way I can find out the entire list of files (and  
> > dependencies) needed before installing a given package? 
> 
> Yes.  
> 
> 
> 
> > If this is possible, can somebody let me know?
> 
> man pkg_add
> 
> (hint - look for command line options )

Excuse me, but if you are so _sure_ about it would you mind sharing the
actuall options? Because IIRC it is not possible to _just_ get the
dependencies (actuall package names). At least it is not possible to get
them for another arch (even other versions).

As a work around I use this since ~3.7:
dd if=package bs=64k count=1 2>/dev/null | \
zgrep -a '[EMAIL PROTECTED] ' | \
awk 'BEGIN{ FS=":" } {print $3".tgz"}' | \
sed 's/>.*\./\*\./'

It is ugly, but reasonably fast and it works.

 
> In OpenBSD, and to a lesser extent in the other BSDs, you'll find that
> people take pride in making sure the man pages are up to date and
> extremely useful.

True, but not if there is no such functionality :)
 
> > Thanks,
> > Marc
> > 
> 
> Ben

FTP errors

[rkellerm]

Upgraded my 3.9 install to 4.0 the other day, followed the 3.9-4.0 doc and it 
was smooth as could be.  Upgraded all my packages using

pkg_add -ui -F update -F updatedepends

straight from the upgrade doc.  Only found a couple, and installed those.  
Thats when the fun started.  Got an email from the firewall admin with this 
message from the firewall logs:

Nov 14 13:49:05 2006 CST  f_ftpproxy a_server t_attack p_major
pid: 1309 ruid: 0 euid: 0 pgid: 1309 fid: 0 logid: 0 cmd: 'pftp'
domain: PFTx edomain: PFTx hostname: fw.somename.net 
category: appdef_violation event: denied ftp command 
netsessid: 455a1db10002ec59 srcip: 192.168.55.125 srcport: 15910 
dst_local_port: 21 srcburb: internal protocol: 6 src_local_port: 44510 
dstip: 209.242.32.10 dstport: 21 dstburb: external 
attackip: 192.168.55.125 attackburb: internal acl_id: ftp_ext_out 
reason: Denied FTP command: EPSV.  Data is being dropped. 

So 2 questions.  First, can I shut of EPSV and use PASV instead for
pkg_add?  Doesn't look like our firewalls will support us turning on
allowing EPSV.  I looked through the man pages and didn't find anything.

Second, I vaguely remember doing some pkg_add's while still in 3.9
via scp, but I cannot find the list of servers anywhere that support it.
I know I did this and I remeber seeing the list, but I cannot for the life
of me find the list anymore.  I would prefer this method over ftp as it
would be faster.  I always use the same local(to me) mirror and I know
that is where I scp'ed from in the past.

Oh and before anyone says pitch the fine firewalls we have and setup
a couple running PF and CARP, already suggested that awhile back.
No dice.

Thanks in advance

Re: Best nic/driver combination

[[EMAIL PROTECTED]]

Marcel Prisi a icrit :

Hi all,

I am in the process of reinstalling our OpenBGPd router under OpenBSD
4.0.

We are currently using two fxp's and a quad sis.

The fxp's are ok, but the sis are really bad. It looks like the first of
the four ports (sis0) works OK, but the next three cannot handle more
than ~10mbit/s before losing packets.

I am looking for the best possbible (read most stable) nic/driver
combination, could you please recommend some ? I'd like some gbit nic as
I heard their buffering is better and they can handle more udp traffic,
but as I said, I need the most stable combination.

I can easily get some Realtek 8169 based (not 8139!) re cards, some
Intel gbit em (they seem less stable than fxp ?), and probably some sk
(SMC 9452TX).

Thanks

Hi Marcel,

It's not an answer to your question but i have a similar question about 
LAN adaptater.


I am using the integrated NIC of my computer which is a Realtek 8110S. I 
have also a 3com 905 PCI card but it's not in the computer. Both card 
are just working fine under my OpenBSD installation (gratz OpenBSD 
people making everything working  :D ).


But i read the well know : 
http://www.holland-consulting.net/tech/ocep/index.html#HWSelect (OpenBSD 
Commonly Encountered Problems) part What hardware should i use ?


It's a very old article but they say that "Realtek 8139 are reported to 
beat up the processor badly". I have a 8110 but it can be true for it. 
Do you think, that 3Com or other will be a better choice for my actual  
NIC ?


I manage to find a bench : 
http://www.tomsnetworking.com/network/20010820/index.html. But it 
doesn't worth an answer from people working everyday with these product.


Hope someone would help us finding answers.

Regards,

Nolan

Re: packages

[Will Maier]

On Wed, Nov 15, 2006 at 08:24:16AM -0500, Marc Ravensbergen wrote:
> Hi, is there any way I can find out the entire list of files (and
> dependencies) needed before installing a given package? Let's say
> I  want to add "wget" to openbsd. I export the PKG_PATH to the
> appropriate mirror, then type "pkg_add wget". This will do the
> installation of wget and all dependencies, but I would like to
> know  before the actual installation what files are needed (if
> possible of  course).

First, ftp(1) does much of what you get from wget(1), and is
included in base.

As to your question, pkg_add(1) suggests:

 [...]
 -n   Don't actually install a package, just report the steps that
  would be taken if it was.

As espie@ noted in a previous thread on this topic[0], you can just
install pkg_add on the system with the nice network connection and
use PKG_CACHE to download the files.

See also pkg_info(1), though package signatures will give you more
information than you're probably looking for:

 [...]
 -S  Show the package signature for each package.  This signature is a
 unique tag showing the package name, and the version number of
 every dependency and shared library necessary to build this pack-
 age.

If you have a ports tree handy, you could also use the
'print-run-depends' or 'describe' make targets documented in
bsd.port.mk(5) and ports(7).

> My reason for this is so that I can generate a complete list of
> files  needed to download for a given program, run over to a
> computer with  high speed, download, run back to my computer, dump
> the files in the  correct directory (/var/db/pkg) and then install
> the package.

Don't do that. You can use pkg_add(1) on local files, too, you know.

$ sudo pkg_add all the packages you downloaded at your friend's house

This is a rather common question -- search the archives next time.

[0] http://marc.theaimsgroup.com/?l=openbsd-misc&m=115041186327151&w=2

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: packages

[Matthew Closson]

On Wed, 15 Nov 2006, Darrin Chandler wrote:


On Wed, Nov 15, 2006 at 08:24:16AM -0500, Marc Ravensbergen wrote:

Hi, is there any way I can find out the entire list of files (and
dependencies) needed before installing a given package? Let's say I
want to add "wget" to openbsd. I export the PKG_PATH to the
appropriate mirror, then type "pkg_add wget". This will do the
installation of wget and all dependencies, but I would like to know
before the actual installation what files are needed (if possible of
course).

My reason for this is so that I can generate a complete list of files
needed to download for a given program, run over to a computer with
high speed, download, run back to my computer, dump the files in the
correct directory (/var/db/pkg) and then install the package.

In this case, wget is very small, but what about Gnome, KDE...

I am thinking of the feature in Synaptic that lets you generate an
installation script; all the files and dependencies needed for a
given package are then saved to a text file as a script.

If this is possible, can somebody let me know?
Thanks,
Marc


There are probably other ways to do this, but the first thing that comes
to mind is to run "pkg_add -nv " which will give you a list of
dependencies. Recurse until done, checking the dependencies so far to
avoid infinite recursion and excessive work.

--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |


I agree pkg_add -nv will give you what you want.  Unfortunately for Marc 
however I do not believe it will do it quickly on a dialup line.  In order 
for pkg_add to determine the dependancies it must download and decompress 
the packages to get to the files which specify dependancies.  It may be 
better to get ports.tar.gz and use that framework to determine which 
packages are dependant.  Although I don't have a good script to traverse 
it right off hand.  Here is an example output of doing a pkg_add -nv 
kdebase:


# pkg_add -nv kdebase
Error from ftp://ftp.openbsd.org/pub/OpenBSD/4.0/packages/i386/:
Unknown command.
parsing kdebase-3.5.4
Dependencies for kdebase-3.5.4 resolve to: glib2-2.10.3, qt3-mt-3.5p8, 
libusb-0.1.10ap1, openldap-client-2.3.24, kdelibs-3.5.4, cyrus-sasl-2.1.21p2 
(todo: glib2-2.10.3,libusb-0.1.10ap1,kdelibs-3.5.4,qt3-mt-3.5p8,qt3-mt-3.5p8)
kdebase-3.5.4:parsing glib2-2.10.3
Dependencies for glib2-2.10.3 resolve to: gettext-0.14.5p1, libiconv-1.9.2p3
Pretending to add kdebase-3.5.4:glib2-2.10.3
kdebase-3.5.4:parsing libusb-0.1.10ap1
Pretending to add kdebase-3.5.4:libusb-0.1.10ap1
kdebase-3.5.4:parsing kdelibs-3.5.4
Dependencies for kdelibs-3.5.4 resolve to: arts-1.5.4, OpenEXR-1.2.2p2, 
libart-2.3.17, hicolor-icon-theme-0.5p0, jasper-1.701.0p1, libidn-0.6.1, 
tiff-3.8.2p0, bzip2-1.0.3, qt3-mt-3.5p8, pcre-6.4p1, aspell-0.50.5p4, 
libxslt-1.1.17 (todo: 
libidn-0.6.1,jasper-1.701.0p1,libart-2.3.17,OpenEXR-1.2.2p2,tiff-3.8.2p0,aspell-0.50.5p4,hicolor-icon-theme-0.5p0,arts-1.5.4,qt3-mt-3.5p8,qt3-mt-3.5p8)
kdebase-3.5.4:parsing libidn-0.6.1
Dependencies for libidn-0.6.1 resolve to: gettext-0.14.5p1, libiconv-1.9.2p3
Pretending to add kdebase-3.5.4:libidn-0.6.1
kdebase-3.5.4:parsing jasper-1.701.0p1
Pretending to add kdebase-3.5.4:jasper-1.701.0p1
kdebase-3.5.4:parsing libart-2.3.17
Pretending to add kdebase-3.5.4:libart-2.3.17
kdebase-3.5.4:parsing OpenEXR-1.2.2p2
Pretending to add kdebase-3.5.4:OpenEXR-1.2.2p2
kdebase-3.5.4:parsing tiff-3.8.2p0
Dependencies for tiff-3.8.2p0 resolve to: jpeg-6bp3
Pretending to add kdebase-3.5.4:tiff-3.8.2p0
kdebase-3.5.4:parsing aspell-0.50.5p4
Pretending to add kdebase-3.5.4:aspell-0.50.5p4
kdebase-3.5.4:parsing hicolor-icon-theme-0.5p0
Pretending to add kdebase-3.5.4:hicolor-icon-theme-0.5p0
kdebase-3.5.4:parsing arts-1.5.4
Dependencies for arts-1.5.4 resolve to: glib2-2.10.3, qt3-mt-3.5p8, 
libaudiofile-0.2.6p0, libvorbis-1.1.2p0, libmad-0.15.1bp1, esound-0.2.34p0, 
libogg-1.1.3 (todo: 
esound-0.2.34p0,libmad-0.15.1bp1,libogg-1.1.3,libvorbis-1.1.2p0,libaudiofile-0.2.6p0,qt3-mt-3.5p8,qt3-mt-3.5p8)
kdebase-3.5.4:parsing esound-0.2.34p0
Dependencies for esound-0.2.34p0 resolve to: libaudiofile-0.2.6p0 (todo: 
libaudiofile-0.2.6p0)
kdebase-3.5.4:parsing libaudiofile-0.2.6p0
Pretending to add kdebase-3.5.4:libaudiofile-0.2.6p0
Pretending to add kdebase-3.5.4:esound-0.2.34p0
The file /etc/esd.conf would be installed from 
/usr/local/share/examples/esound/esd.conf
kdebase-3.5.4:parsing libmad-0.15.1bp1
Pretending to add kdebase-3.5.4:libmad-0.15.1bp1
kdebase-3.5.4:parsing libogg-1.1.3
Pretending to add kdebase-3.5.4:libogg-1.1.3
kdebase-3.5.4:parsing libvorbis-1.1.2p0
Dependencies for libvorbis-1.1.2p0 resolve to: libogg-1.1.3
Pretending to add kdebase-3.5.4:libvorbis-1.1.2p0
kdebase-3.5.4:parsing qt3-mt-3.5p8
Dependencies for qt3-mt-3.5p8 resolve to: libmng-1.0.9p1, png-1.2.12 (todo: 
libmng-1.0.9p1)
kdebase-3.5.4:parsing libmng-1.0.9p1
Dependencies for libmng-1.0.9p1 resolve to: lcms-1.15, j

Re: Wild card greytrapping setup in spamdb

[Jim Razmus]

To the OP:

Use Bob's prototype greyscanner.  I've implemented it for two domains I
host and it's wicked efficient.  To address what your looking for,
simply implement a valid user lookup script under Bob's greyscanner.  He
put a hook exactly for this:

$EXTERNAL_ADDRESS_CHECKER = "/etc/mail/greytrap_checkrcpt";

I think it solves your problem if I understand your question.

Jim

* Bob Beck <[EMAIL PROTECTED]> [061114 13:28]:
>   Hi Daniel, I don't do this in spamd at the moment, because I want to
> keep spamd small and secure, and regex code is amazingly big and scary. 
> 
>   have a look at my prototype greylist scanner from my nycbug
> talk for a way to do this. 
> 
>   -Bob
> 
> 
> * Daniel Ouellet <[EMAIL PROTECTED]> [2006-11-08 02:34]:
> > Hi,
> > 
> > I am trying to setup a wild card trapit for all emails getting to some 
> > domains I have to obviously reduce spam, but I don't see a way to do so.
> > 
> > Yes you can do:
> > 
> > spamdb -T -a "<[EMAIL PROTECTED]>"
> > 
> > And that works well, but I would like to do something like
> > 
> > spamdb -T -a "<[EMAIL PROTECTED]>"
> > spamdb -T -a "<[EMAIL PROTECTED]>"
> > spamdb -T -a "<[EMAIL PROTECTED]>"
> > spamdb -T -a "<[EMAIL PROTECTED]>"
> > spamdb -T -a "<[EMAIL PROTECTED]>"
> > 
> > For example. This would allow me for example to use a domain I have for 
> > 14 years+ and that only have 5 valid emails address in it, but that you 
> > guess, over the years only get spam now. I mean thousands of spam emails 
> > per day!
> > 
> > So, I would like to trapit everything that is not from these 5 emails.
> > 
> > Obviously this idea is I guess stupid if you have lots of accounts, but 
> > if you do have a limited number of accounts, then may be a good idea to do.
> > 
> > Then putting this small domain on a server with big one would help the 
> > big as well.
> > 
> > Is there a way to do this?
> > 
> > So, far I don't see one.
> > 
> 
> -- 
> #!/usr/bin/perl
> if ((not 0 && not 1) !=  (! 0 && ! 1)) {
>print "Larry and Tom must smoke some really primo stuff...\n"; 
> }

for the OpenBSD Asterisk VoIP admins

[Diana Eichert]

Are TDM over Ethernet devices supported under Asterisk running on OpenBSD?

thanks

diana

Re: java on openbsd

[Joachim Schipper]

On Tue, Nov 14, 2006 at 08:24:37AM -0800, [EMAIL PROTECTED] wrote:
> Quoting Jeff Quast <[EMAIL PROTECTED]>:
> >On 11/14/06, Marc Ravensbergen <[EMAIL PROTECTED]> wrote:
> >>I really don't want to download the source for java and compile... I am
> >>on dialup so every byte counts.

> >>I believe that java on bsd through emulation should be possible;
> >>probably just an oversight somwhere on my part.
> >>
> >>If anybody can give me some tips or tricks I would really appreciate it.
> >
> >I would, but I would just be (poorly) repeating information that
> >developers have painstakingly documented.
> >http://www.openbsd.org/faq/faq8.html#Programming
>
> I've read that info; the "preferred" way of installing java (on  
> openbsd) is by compiling from source. As I am a full time java  
> developer, I use and test several different jdks at once. You might be  
> able to understand why I am hesitant to compile and download all this  
> stuff when openbsd supports linux emulation, and I already have  
> downloaded all the linux jdks that I need.

If you're getting paid to develop on this, a little phone bill shouldn't
be that problematic, and you've already wasted as much time here as it
would have taken to download it in the first place.

If you're so set on using Linux JDKs, use Linux. That's what they are
for. If you really want, use Linux under some emulator (qemu is in
ports).

The fact that NetBSD apparently does manage to run your JDKs doesn't
necessarily mean it manages to run them reliably, either.

> >You should really send your grievences to sun, not openbsd misc.  
> >OpenBSD can't change Sun's licensing policies -- they can only abide
> >by them. Maybe all of this hoop jumping will make you realize that
> >using this language is a bad career move?
> 
> that is laughable, especially considering sun's anouncement yesterday  
> to GPL the entire java stack. Not trying to start a flame war here,  
> but open solaris, nexenta (solaris kernel, debian apps), and a million  
> linux distros all support Java really well. I am trying a java /  
> openbsd combination because I've heard good things about openbsd, and  
> from what I've seen so far I am very happy with it. I understand fully  
> why openbsd has issues with Java. I am not blaming them / you at all.

OpenBSD supports Java really well. Its Linux emulation is not perfect,
granted, but that's a wholly different issue.

Joachim

Re: FTP errors

[Peter N. M. Hansteen]

> So 2 questions.  First, can I shut of EPSV and use PASV instead for
> pkg_add?  Doesn't look like our firewalls will support us turning on
> allowing EPSV.  I looked through the man pages and didn't find anything.

See the ENVIRONMENT section in pkg_add(1).  By setting the environment
variables for pkg_add you should be able to influence its behaviour.
Some combination of FTPMODE and FETCH_CMD (additional flags to ftp,
for example) could be what you are looking for.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds

Re: FTP errors

[Josh Grosse]

On Wed, Nov 15, 2006 at 02:44:18PM +, [EMAIL PROTECTED] wrote:
> ..So 2 questions.  First, can I shut of EPSV and use PASV instead for
> pkg_add?  Doesn't look like our firewalls will support us turning on
> allowing EPSV.  I looked through the man pages and didn't find anything.

In the man for pkg_add(1), look for the environment variable FETCH_CMD.
You may set it to any script you like, and include any file transfer
methodology that your package server(s) support, including ftp -E or
ftp -A, as you desire.

Re: Is resolver in 4.0 thread-safe?

[Antoine Jacoutot]

Selon Federico Giannici <[EMAIL PROTECTED]>:
> I'm about to compile a program (milter-greylist) that requires a

You mean /usr/ports/mail/milter-greylist ?

-- 
Antoine

Re: packages

[Igor Goldenberg]

2006/11/15, Ben Calvert <[EMAIL PROTECTED]>:


In OpenBSD, and to a lesser extent in the other BSDs, you'll find that
people take pride in making sure the man pages are up to date and
extremely useful.


I have question with regard to accuracy of man pages.

There is a syntax description in hostname.if(5):
--
addr_family [alias] addr netmask broadcast_addr options
dest dest_addr
--
But it's not clear where to write !command-line directive. Either as
additional option in the end of line "addr_family ..." or on alone
line.

I think this directive requres some clarification.

Re: packages

[Darrin Chandler]

Matthew Closson wrote:

On Wed, 15 Nov 2006, Darrin Chandler wrote:


On Wed, Nov 15, 2006 at 08:24:16AM -0500, Marc Ravensbergen wrote:




My reason for this is so that I can generate a complete list of files
needed to download for a given program, run over to a computer with
high speed, download, run back to my computer, dump the files in the
correct directory (/var/db/pkg) and then install the package.




There are probably other ways to do this, but the first thing that comes
to mind is to run "pkg_add -nv " which will give you a list of
dependencies. Recurse until done, checking the dependencies so far to
avoid infinite recursion and excessive work.



I agree pkg_add -nv will give you what you want.  Unfortunately for Marc 
however I do not believe it will do it quickly on a dialup line.  In 
order for pkg_add to determine the dependancies it must download and 
decompress the packages to get to the files which specify dependancies.  
It may be better to get ports.tar.gz and use that framework to determine 
which packages are dependant.  Although I don't have a good script to 
traverse it right off hand.  Here is an example output of doing a 


The original problem involves a computer with a fast connection, so 
pkg_add -nv isn't out of the question. That said, I see nothing wrong 
with finding the dependencies through ports, either.


--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: packages

[Didier Wiroth]

Marc Ravensbergen wrote:
> Hi, is there any way I can find out the entire list of files (and
> dependencies) needed before installing a given package? Let's say I want
> to add "wget" to openbsd. I export the PKG_PATH to the appropriate
> mirror, then type "pkg_add wget". This will do the installation of wget
> and all dependencies, but I would like to know before the actual
> installation what files are needed (if possible of course).
> 
> My reason for this is so that I can generate a complete list of files
> needed to download for a given program, run over to a computer with high
> speed, download, run back to my computer, dump the files in the correct
> directory (/var/db/pkg) and then install the package.
> 
> In this case, wget is very small, but what about Gnome, KDE...
> 
> I am thinking of the feature in Synaptic that lets you generate an
> installation script; all the files and dependencies needed for a given
> package are then saved to a text file as a script.
> 
> If this is possible, can somebody let me know?
> Thanks,
> Marc
> 
Hello,
Yes,try using for example:
pkg_add -n wget

Kind regards
Didier

Re: FTP errors

[Wade, Daniel]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, November 15, 2006 9:44 AM
> To: misc@openbsd.org
> Subject: FTP errors
> 
> Upgraded my 3.9 install to 4.0 the other day, followed the 
> 3.9-4.0 doc and it was smooth as could be.  Upgraded all my 
> packages using
> 
> pkg_add -ui -F update -F updatedepends
> 
> straight from the upgrade doc.  Only found a couple, and 
> installed those.  Thats when the fun started.  Got an email 
> from the firewall admin with this message from the firewall logs:
> 
> Nov 14 13:49:05 2006 CST  f_ftpproxy a_server t_attack p_major
> pid: 1309 ruid: 0 euid: 0 pgid: 1309 fid: 0 logid: 0 cmd: 'pftp'
> domain: PFTx edomain: PFTx hostname: fw.somename.net 
> category: appdef_violation event: denied ftp command 
> netsessid: 455a1db10002ec59 srcip: 192.168.55.125 srcport: 15910 
> dst_local_port: 21 srcburb: internal protocol: 6 
> src_local_port: 44510 
> dstip: 209.242.32.10 dstport: 21 dstburb: external 
> attackip: 192.168.55.125 attackburb: internal acl_id: ftp_ext_out 
> reason: Denied FTP command: EPSV.  Data is being dropped. 
> 
> So 2 questions.  First, can I shut of EPSV and use PASV instead for
> pkg_add?  Doesn't look like our firewalls will support us turning on
> allowing EPSV.  I looked through the man pages and didn't 
> find anything.
> 

I posted a patch for a new environment variable that can disable EPSV.
http://marc.theaimsgroup.com/?l=openbsd-tech&m=116320774706943&w=2

Also you may be able to use the FETCH_CMD variable from the pkg_add man
page.
And change it to something like '/usr/bin/ftp -E'
Although I haven't tried that.

Re: packages

[z0mbix]

On 15/11/06, Matthew Closson <[EMAIL PROTECTED]> wrote:

On Wed, 15 Nov 2006, Darrin Chandler wrote:

> On Wed, Nov 15, 2006 at 08:24:16AM -0500, Marc Ravensbergen wrote:
>> Hi, is there any way I can find out the entire list of files (and
>> dependencies) needed before installing a given package? Let's say I
>> want to add "wget" to openbsd. I export the PKG_PATH to the
>> appropriate mirror, then type "pkg_add wget". This will do the
>> installation of wget and all dependencies, but I would like to know
>> before the actual installation what files are needed (if possible of
>> course).
>>
>> My reason for this is so that I can generate a complete list of files
>> needed to download for a given program, run over to a computer with
>> high speed, download, run back to my computer, dump the files in the
>> correct directory (/var/db/pkg) and then install the package.
>>
>> In this case, wget is very small, but what about Gnome, KDE...
>>
>> I am thinking of the feature in Synaptic that lets you generate an
>> installation script; all the files and dependencies needed for a
>> given package are then saved to a text file as a script.
>>
>> If this is possible, can somebody let me know?
>> Thanks,
>> Marc
>


There's always http://ports.openbsd.nu/ too which can come in very handy.

Cheers z0mbix

1,4 TB to partition, mostly for /home/backup, what would you recommand

[Didier Wiroth]

Hi,
I've installed an Openbsd4.0 server with a LSI Megaraid S-ATA 150-6 LSI
Controller. It has a RAID5 logical drive containing 6 HDs (1 is hot spare).

 $ sudo bioctl ami0
Volume  Status   Size Device
 ami0 0 Scrubbing   1600332496896 sd0 RAID5 60% done
  0 Online   400083124224 0:0.0   noencl 
  1 Online   400083124224 0:2.0   noencl 
  2 Online   400083124224 0:1.0   noencl 
  3 Online   400083124224 0:4.0   noencl 
  4 Online   400083124224 0:3.0   noencl 
 ami0 1 Hot spare400083124224 0:5.0   noencl 

I would like to use most of the space for /home/backup!

I thought about using 4x350GB (or X x XXX GB, any recommandations are
appreciated) partitions (to reduce the fsck times when fsck is needed),
and  concatenate them via ccd to /home/backup?!

Is this the best way to do it or would you recommand me to do it
differently?


$ sudo bioctl ami0
Volume  Status   Size Device
 ami0 0 Scrubbing   1600332496896 sd0 RAID5 60% done
  0 Online   400083124224 0:0.0   noencl 
  1 Online   400083124224 0:2.0   noencl 
  2 Online   400083124224 0:1.0   noencl 
  3 Online   400083124224 0:4.0   noencl 
  4 Online   400083124224 0:3.0   noencl 
 ami0 1 Hot spare400083124224 0:5.0   noencl 

Thank you very much
Didier

Re: layout of filesystems on OpenBSD

[Joachim Schipper]

On Wed, Nov 15, 2006 at 12:06:20PM +0100, Alexander Hall wrote:
> Joachim Schipper wrote:
> >On Fri, Nov 10, 2006 at 04:10:54PM -0600, Damian Wiest wrote:
> >>I've had the misfortune of running AIX for a short time and am aware of
> >>how Veritas Volume Manager encapsulates disks, but what's the
> >>equivalent in OpenBSD?  One benefit of those systems is that they allow
> >>you to resize filesystems on the fly, which is helpful if you're not
> >>sure how much space you're going to need.  I sometimes end up performing
> >>two installs.  The first one lets me see how much space the OS 
> >>distribution is likely to occupy and I then use those numbers when I redo 
> >>the install.
> >
> >If you want to do the same in OpenBSD, allocate the maximum number of
> >partitions and run ccd devices over appropriate subsets of the
> >partitions. (Note growfs(8); there is no shrinkfs, though.)
> >
> >If this is not granular enough, add one ccd device per partition, and
> >parition that one again [1]. This setup would allow dividing a disk in
> >15x15 = 255 not necessarily equally big slices, which Should Be Enough
>   ^^^ oops

Yet another mathematician that can't count. Oh well, I'm doing algebra
anyway - counting is for engineers. ;-)

> >For Everyone. (If not, repeat.)
> 
> Interesing thought. Fragmented filesystems (not just files). Probably 
> horrible in many ways and easy to make mistakes, but still interesting.
> 
> But why not just start with a reasonably sized partition per ccd and 
> then add additional partitions (of varied sizes) when needed? I see no 
> need to predefine the partitions. Then, should you run out of 
> partitions, you could make the last one (p?) use the rest of the disk 
> and split it using the technique mentioned above.
 
This would, indeed, work. Which is not to say it's necessarily a good
idea, of course... though I must admit that, outside of being fugly and
having some minor overhead, I find it hard to spot the downsides.

Joachim

Re: Best nic/driver combination

[Nick Holland]

[EMAIL PROTECTED] wrote:
> Marcel Prisi a icrit :
>> Hi all,
>>
>> I am in the process of reinstalling our OpenBGPd router under OpenBSD
>> 4.0.
>>
>> We are currently using two fxp's and a quad sis.
>>
>> The fxp's are ok, but the sis are really bad. It looks like the first of
>> the four ports (sis0) works OK, but the next three cannot handle more
>> than ~10mbit/s before losing packets.
>>
>> I am looking for the best possbible (read most stable) nic/driver
>> combination, could you please recommend some ? I'd like some gbit nic as
>> I heard their buffering is better and they can handle more udp traffic,
>> but as I said, I need the most stable combination.
>>
>> I can easily get some Realtek 8169 based (not 8139!) re cards, some
>> Intel gbit em (they seem less stable than fxp ?), and probably some sk
>> (SMC 9452TX).
>>
>> Thanks
> Hi Marcel,
> 
> It's not an answer to your question but i have a similar question about 
> LAN adaptater.
> 
> I am using the integrated NIC of my computer which is a Realtek 8110S. I 
> have also a 3com 905 PCI card but it's not in the computer. Both card 
> are just working fine under my OpenBSD installation (gratz OpenBSD 
> people making everything working  :D ).
> 
> But i read the well know : 
> http://www.holland-consulting.net/tech/ocep/index.html#HWSelect (OpenBSD 
> Commonly Encountered Problems) part What hardware should i use ?

hm.  I need to update some of those numbers.  ssh on a 486/66 is
painful, as is 16M RAM. :)

> It's a very old article but they say that "Realtek 8139 are reported to 
> beat up the processor badly". I have a 8110 but it can be true for it. 
> Do you think, that 3Com or other will be a better choice for my actual  
> NIC ?
> 
> I manage to find a bench : 
> http://www.tomsnetworking.com/network/20010820/index.html. But it 
> doesn't worth an answer from people working everyday with these product.
> 
> Hope someone would help us finding answers.
> 
> Regards,
> 
> Nolan

The best thing that can be said about the Realtek cards is they are open
source friendly, so the drivers for them are pretty darned good
(assuming someone hasn't rebadged the card and sliced up the driver so
it only works on their card, and butchered the thing so it doesn't work
on their card really well, either).  However, "good" means "works".
That isn't to say this card is any kind of screaming performer...but it
works.

You are generally going to have to move a lot of packets before the
issues of the Realtek chip hurt you on modern hardware.  Put a Realtek
card in a Pentium 75MHz machine, you may wish you didn't (or maybe it
would work fine...haven't tried, actually).

Throwing away a Realtek card in favor of a 3c905 seems to be completely
pointless.  The 3c905 is overrated.  They are a sub-standard card on all
OSs I've used 'em on.

For 100Mbps cards, I'm partial to fxp(4) (Intel) and 21143 (dc) cards.
Unfortunately, 21143 cards seem to be almost impossible to acquire
through my usual channels.

My gigabit experience is too limited to comment upon.

Nick.

Re: for the OpenBSD Asterisk VoIP admins

[Stuart Henderson]

On 2006/11/15 08:22, Diana Eichert wrote:
> Are TDM over Ethernet devices supported under Asterisk running on OpenBSD?

No, they are configured as a channel under zaptel which we don't have.
(zaptel is ~20k lines of kernel driver including such fun things as echo
cancellation; the closest OS it's ported to is NetBSD). They also need
a timing source, which some comments suggest needs to be a zaptel PCI
card rather than ztdummy (these both need the same core zaptel driver
that's needed for TDMoE).

[http://en.wikipedia.org/wiki/Asterisk_PBX]
> Asterisk's timing mechanism (both timestamps and wake-ups) is strongly
> biased toward systems which contain at least one of Digium's PCI boards.
> Users with other needs, including pure VoIP setups, are likely to
> experience timing problems.

(this is why things like meetme and iax trunking don't work properly,
and could explain any other random problems that may crop up, though
strange things have been known to happen with Asterisk on systems
that do have a timer too).

I read some comment on the Asterisk bug tracker suggesting Digium are
not particularly interested in making things work better on systems that
don't use their cards so I don't think we're very likely to see timing
changing to a more sane method just yet...

Re: 1,4 TB to partition, mostly for /home/backup, what would you recommand

[Chris Kuethe]

On 11/15/06, Didier Wiroth <[EMAIL PROTECTED]> wrote:

Hi,
I've installed an Openbsd4.0 server with a LSI Megaraid S-ATA 150-6 LSI
Controller. It has a RAID5 logical drive containing 6 HDs (1 is hot spare).
I would like to use most of the space for /home/backup!

I thought about using 4x350GB (or X x XXX GB, any recommandations are
appreciated) partitions (to reduce the fsck times when fsck is needed),
and  concatenate them via ccd to /home/backup?!

Is this the best way to do it or would you recommand me to do it
differently?


Right now 1TB is as big as you can make a filesystem. I've got mine
set up as One Big Slice... because I can. It's just rsync snapshots of
my various media players, so I'm not hugely concerned about fsck times
or reliability. It's mostly there so I can test filesystem diffs.

sd0 at scsibus1 targ 8 lun 0:  SCSI3 0/direct fixed
sd0: 1088142MB, 1088142 cyl, 64 head, 32 sec, 512 bytes/sec,
2228515072 sec total

# sudo disklabel sd0
# Inside MBR partition 3: type A6 start 63 size 2228504607
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: 8 Disk RAID5
flags:
bytes/sector: 512
sectors/track: 32
tracks/cylinder: 64
sectors/cylinder: 2048
cylinders: 1088142
total sectors: 2228515072
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
 a:214748364763  4.2BSD   4096 32768 1252 # Cyl 0*-1048576*
 c:2228515072 0  unused  0 0  # Cyl 0 -1088142*

--
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: Problem with Intel PRO/1000GT (82541GI) adaptors

[Kian Mohageri]

On 11/14/06, Brian Keefer <[EMAIL PROTECTED]> wrote:
>
>
> FWIW I was having very similar problems with em(4) in OpenBSD 4.0-
> release under VMware (amd64 SMP).  It would cease to recognize ARP
> replies and just flood the network with ARP requests endlessly.  It
> was enough to bring VMware to it's knees and totally swamp my cheap
> switch.
>

The same card too?

-- 
Kian Mohageri

Re: java on openbsd

[marc]

Quoting Joachim Schipper <[EMAIL PROTECTED]>:


On Tue, Nov 14, 2006 at 08:24:37AM -0800, [EMAIL PROTECTED] wrote:

Quoting Jeff Quast <[EMAIL PROTECTED]>:
>On 11/14/06, Marc Ravensbergen <[EMAIL PROTECTED]> wrote:
>>I really don't want to download the source for java and compile... I am
>>on dialup so every byte counts.



>>I believe that java on bsd through emulation should be possible;
>>probably just an oversight somwhere on my part.
>>
>>If anybody can give me some tips or tricks I would really appreciate it.
>
>I would, but I would just be (poorly) repeating information that
>developers have painstakingly documented.
>http://www.openbsd.org/faq/faq8.html#Programming

I've read that info; the "preferred" way of installing java (on
openbsd) is by compiling from source. As I am a full time java
developer, I use and test several different jdks at once. You might be
able to understand why I am hesitant to compile and download all this
stuff when openbsd supports linux emulation, and I already have
downloaded all the linux jdks that I need.


If you're getting paid to develop on this, a little phone bill shouldn't
be that problematic,


Right now I work for myself, out of my house; time and bandwith cost  
money which is hard to come by at this point. I'd also rather spend  
time on "learning" so I can save time the next time I come to a  
(similar) problem.



and you've already wasted as much time here as it
would have taken to download it in the first place.



hardly, you obviously have no idea what downloading on dial-up is  
like, especially when other family members need to access the phone as  
well.



If you're so set on using Linux JDKs, use Linux. That's what they are
for. If you really want, use Linux under some emulator (qemu is in
ports).

The fact that NetBSD apparently does manage to run your JDKs doesn't
necessarily mean it manages to run them reliably, either.



You're missing the point entirely. I already had several jdks in  
linux, thought I could save some time / bandwith and use them through  
emulation on openbsd. Forget that I mentioned anything about netbsd,  
linux, etc.


Thanks to the kind souls who offered suggestions or binary downloads.  
I will have access to high speed for a few hours in the near future,  
and will try downloading the source then.


Marc


>You should really send your grievences to sun, not openbsd misc.
>OpenBSD can't change Sun's licensing policies -- they can only abide
>by them. Maybe all of this hoop jumping will make you realize that
>using this language is a bad career move?

that is laughable, especially considering sun's anouncement yesterday
to GPL the entire java stack. Not trying to start a flame war here,
but open solaris, nexenta (solaris kernel, debian apps), and a million
linux distros all support Java really well. I am trying a java /
openbsd combination because I've heard good things about openbsd, and
from what I've seen so far I am very happy with it. I understand fully
why openbsd has issues with Java. I am not blaming them / you at all.


OpenBSD supports Java really well. Its Linux emulation is not perfect,
granted, but that's a wholly different issue.

Joachim

Re: Is resolver in 4.0 thread-safe?

[Federico Giannici]

Antoine Jacoutot wrote:

Selon Federico Giannici <[EMAIL PROTECTED]>:

I'm about to compile a program (milter-greylist) that requires a


You mean /usr/ports/mail/milter-greylist ?


Yes, but version 3, that supports greylisting based on blacklists.
The old version on ports doesn't use DNS...

So, the question remains: anybody knows if DNS resolver in OpenBSD 4.0 
is thread-safe?



Thanks.

--
___
__
   |-  [EMAIL PROTECTED]
   |ederico Giannici  http://www.neomedia.it
___

Re: Problem with Intel PRO/1000GT (82541GI) adaptors

[Stuart Henderson]

On 2006/11/15 09:25, Kian Mohageri wrote:
> On 11/14/06, Brian Keefer <[EMAIL PROTECTED]> wrote:
> >
> >
> > FWIW I was having very similar problems with em(4) in OpenBSD 4.0-
> > release under VMware (amd64 SMP).  It would cease to recognize ARP
> > replies and just flood the network with ARP requests endlessly.  It
> > was enough to bring VMware to it's knees and totally swamp my cheap
> > switch.
> >
> 
> The same card too?

vmware can emulate em(4):
http://sanbarrow.com/vmx-network.html

Re: for the OpenBSD Asterisk VoIP admins

[Jeffrey C. Ollie]

On Wed, 2006-11-15 at 16:55 +, Stuart Henderson wrote:
>
> [http://en.wikipedia.org/wiki/Asterisk_PBX]
> > Asterisk's timing mechanism (both timestamps and wake-ups) is strongly
> > biased toward systems which contain at least one of Digium's PCI boards.
> > Users with other needs, including pure VoIP setups, are likely to
> > experience timing problems.
>
> (this is why things like meetme and iax trunking don't work properly,
> and could explain any other random problems that may crop up, though
> strange things have been known to happen with Asterisk on systems
> that do have a timer too).

Check out OpenPBX.org, which has replaced the usage of Zaptel
drivers/devices for timing with POSIX high-resolution timers.
app_meetme won't work because app_meetme uses Zaptel for audio mixing as
well but OpenPBX.org includes app_conference which provides similar
functionality.

Jeff

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Problem with Intel PRO/1000GT (82541GI) adaptors

[Brian Keefer]

On Nov 15, 2006, at 9:25 AM, Kian Mohageri wrote:

>
>
> On 11/14/06, Brian Keefer <[EMAIL PROTECTED]> wrote:
>
> FWIW I was having very similar problems with em(4) in OpenBSD 4.0-
> release under VMware (amd64 SMP).  It would cease to recognize ARP
> replies and just flood the network with ARP requests endlessly.  It
> was enough to bring VMware to it's knees and totally swamp my cheap
> switch.
>
> The same card too?
>
> --  
> Kian Mohageri

The physical chip is a Tigon3, I believe (bge), but I'm not talking  
about as a host OS, I'm talking about guest OS.  VMware provides a  
virtual Intel PRO/1000MT (82545EM).  I was under the assumption it  
was the driver itself that was quirky.  The observed behavior was  
almost identical to what OP described.

Brian Keefer
www.Tumbleweed.com
"The Experts in Secure Internet Communication"

Re: openbsd on cisco hardware?

[Dan Farrell]

I agree completely... for less than the cost of a frac-ds3 you can get
10 or 100 Mbps Metro Ethernet circuits from various US RBOCS (I use
Bellsouth as an example, not sure who the RBOC in Chicago is.) Most of
them allow upgrading to 1Gig. We use a few of them and they are great...
we're never going back to DSx or OCx circuits unless absolutely
necessary.


Dan Farrell


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Jeffrey C. Ollie
> Sent: Monday, November 13, 2006 8:43 PM
> To: misc@openbsd.org
> Subject: Re: openbsd on cisco hardware?
> 
> On Mon, 2006-11-13 at 15:12 -0600, Jacob Yocom-Piatt wrote:
> >
> > bingo! i wanted to see if i could use a 2620 i had laying around for
its
> T1
> line
> > card and this is why i didn't expect it to be possible.
> >
> > the ISP here at work supplies a couple T1 lines which terminate into
> 1721s
> and
> > i'd very much like to remove all cisco gear from the network. there
are
> cisco
> > 7200s as edge routers at the ISP. anybody got advice on the cheapest
way
> to
> > connect to such routers? the sangoma, accoom, etc. cards are pretty
> pricey.
> 
> The cheapest way that I can think of would be to get your ISP to
provide
> you some sort of Metro Ethernet or Ethernet over TDM solution.  That
way
> your interface to the Internet is an Ethernet port and it's the ISP's
> responsibility to deal with T1 circuits or whatever.
> 
> Jeff
> 
> [demime 1.01d removed an attachment of type application/pgp-signature
> which had a name of signature.asc]

Re: for the OpenBSD Asterisk VoIP admins

[mail-lists]

Stuart Henderson wrote:

On 2006/11/15 08:22, Diana Eichert wrote:
  

Are TDM over Ethernet devices supported under Asterisk running on OpenBSD?



No, they are configured as a channel under zaptel which we don't have.
(zaptel is ~20k lines of kernel driver including such fun things as echo
cancellation; the closest OS it's ported to is NetBSD). They also need
a timing source, which some comments suggest needs to be a zaptel PCI
card rather than ztdummy (these both need the same core zaptel driver
that's needed for TDMoE).

[http://en.wikipedia.org/wiki/Asterisk_PBX]
  

Asterisk's timing mechanism (both timestamps and wake-ups) is strongly
biased toward systems which contain at least one of Digium's PCI boards.
Users with other needs, including pure VoIP setups, are likely to
experience timing problems.



(this is why things like meetme and iax trunking don't work properly,
and could explain any other random problems that may crop up, though
strange things have been known to happen with Asterisk on systems
that do have a timer too).

I read some comment on the Asterisk bug tracker suggesting Digium are
not particularly interested in making things work better on systems that
don't use their cards so I don't think we're very likely to see timing
changing to a more sane method just yet...

  
I have a couple IAX trunks that work pretty well. Mind you the system 
isn't under any sort of load.
Is there any word as to when zaptel might be ported to OpenBSD?  Would 
one be able to compile

the NETBSD port into the openbsd kernel?

Has anyone had any success with asterisk 1.4?

openntpd : not synced when using timedelta sensor

[Joris Van Herzele]

Hi,

I wanted to try using a timedelta sensor for openntpd (on OpenBSD 
4.0-release with errata patches) but don't seem to have that much luck 
with it.



The sensor (Gude ADS Expert mouseClock USB, rev 1.10/1.00, addr 2) as 
such seems to work fine :

hw.sensors.11=udcf0, DCF77, 0.34 secs, OK, Wed Nov 15 18:34:56.044


/var/log/daemon only shows :
Nov 15 15:02:14 montecristo ntpd[18634]: listening on 10.0.16.1
Nov 15 15:02:14 montecristo ntpd[18634]: listening on 10.0.22.1
Nov 15 15:02:14 montecristo ntpd[18634]: ntp engine ready


It never shows any clock synced message, which apparently is also 
confirmed by the clients :
Nov 15 15:14:13 cohiba ntpd[30901]: reply from 10.0.16.1: not synced, 
next query 3197s
Nov 15 16:07:30 cohiba ntpd[30901]: reply from 10.0.16.1: not synced, 
next query 3135s
Nov 15 16:59:45 cohiba ntpd[30901]: reply from 10.0.16.1: not synced, 
next query 3158s


Also the drift file remains at the last value from when I switched from 
stratum II servers to this timedelta sensor.



the /etc/ntpd.conf simply lists :
# $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $
# sample ntpd configuration file, see ntpd.conf(5)

# Addresses to listen on (ntpd does not listen by default)
listen on 10.0.16.1
listen on 10.0.22.1

# timedelta sensor
sensor udcf0


And if I finally run ntpd -d the output I get is :
listening on 10.0.16.1
listening on 10.0.22.1
ntp engine ready
sensor udcf0 added
sensor udcf0: offset -0.337391
sensor udcf0: offset -0.337878
sensor udcf0: offset -0.338369
sensor udcf0: offset -0.348855
sensor udcf0: offset -0.339345


Can anyone be so kind to advice me ?




Kind Regards,


Joris Van Herzele

Problem with grey listing

[Eric Merkel]

My greylisting system has been running fine for about a month but
recently run I've into a problem with greylisting. I had someone tell
me that an email they sent to me bounced. Looking at the log file
(shown below) it appears that their email server retried three times
every half hour so I am not sure why they were not whitelisted.

I am running spamd with the following options spamd_flags="-v -G 5:4:864".

The only thing that looked a little suspicious is I think I may be
hitting the upper end of the pf table size. Is it possible just no
more IP's can be added to spamd-white?

#  pfctl -t spamd-white -T show | wc -l
 499785
# pfctl -t spamd -T show | wc -l
 18
# pfctl -t spamd-mywhite -T show | wc -l
175

I have "set limit table-entries 50" so do I just need to increase
the table-entries even higher? What is the highest value this can be
set to?

# zcat daemon.*.gz | grep 66.192.70.179
Nov 14 17:33:02 mx-fw1 spamd[14875]: 66.192.70.179: connected (755/1)
Nov 14 17:33:09 mx-fw1 spamd[14875]: (GREY) 66.192.70.179:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Nov 14 17:33:13 mx-fw1 spamd[14875]: 66.192.70.179: disconnected after 11
seconds.
Nov 14 16:02:49 mx-fw1 spamd[14875]: 66.192.70.179: connected (749/3)
Nov 14 16:03:00 mx-fw1 spamd[14875]: (GREY) 66.192.70.179:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Nov 14 16:03:00 mx-fw1 spamd[14875]: 66.192.70.179: disconnected after 11
seconds.
Nov 14 15:35:31 mx-fw1 spamd[14875]: 66.192.70.179: connected (483/0)
Nov 14 15:35:43 mx-fw1 spamd[14875]: (GREY) 66.192.70.179:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Nov 14 15:35:43 mx-fw1 spamd[14875]: 66.192.70.179: disconnected after 12
seconds.
Nov 14 15:35:31 mx-fw1 spamd[14875]: 66.192.70.179: connected (483/0)
Nov 14 15:35:43 mx-fw1 spamd[14875]: (GREY) 66.192.70.179:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>


Any thoughts?

-Eric

Re: [Fwd: Re: java on openbsd]

[marc]

- Forwarded message from [EMAIL PROTECTED] -
Date: Wed, 15 Nov 2006 11:18:36 -0800
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
 Subject: Re: [Fwd: Re: java on openbsd]
  To: Keith Richardson <[EMAIL PROTECTED]>

Quoting Keith Richardson <[EMAIL PROTECTED]>:


I don't know if you are subscribed to the ports@ list.  Thought I would
forward you Kurt Miller's response just in case.

He is the maintainer of all Java ports on OpenBSD so I would consider
his answer authoritative.

FWIW - I run java (1.4 and 1.5) and have no problems.

Best advice I can give is to download all the packages that
build/runtime depends on and java dist files on a fast connection and
then build the native java.

Here are the packages you will need before building / running on -release

# cd /usr/ports/devel/jdk/1.5
# make full-all-depends  hicolor-icon-theme-0.5p0
bzip2-1.0.3
help2man-1.29
autoconf-2.57p0
autoconf-2.59p1
metaauto-0.5
libtool-1.5.22p0
libiconv-1.9.2p3
jikes-1.22p0
expat-2.0.0
gettext-0.14.5p1
gtar-1.15.1p4
gmake-3.80p1
pkgconfig-0.19p0
glib2-2.10.3
atk-1.10.3p1
libIDL-0.8.5p0
glitz-0.4.4
jpeg-6bp3
tiff-3.8.2p0
gmp-4.1.4p0
libaudiofile-0.2.6p0
libltdl-1.5.22p1
autoconf-2.13p0
esound-0.2.34p0
unzip-5.52
zip-2.32
openmotif-2.1.30.5p1
png-1.2.12
cairo-1.0.4p0
pango-1.12.3
gtk+2-2.8.20
kaffe-1.1.7p2
mozilla-devel-1.7.13p0



# cd /usr/ports/devel/jdk/1.4
# make full-all-depends
bzip2-1.0.3
help2man-1.29
autoconf-2.59p1
autoconf-2.57p0
metaauto-0.5
libtool-1.5.22p0
iodbc-3.52.4
libiconv-1.9.2p3
expat-2.0.0
gettext-0.14.5p1
gtar-1.15.1p4
gcpio-2.6
gmake-3.80p1
popt-1.7p0
rpm-3.0.6p4
redhat_base-8.0p8
jdk-linux-1.3.1_16
unzip-5.52
zip-2.32
ghostscript-fonts-6.0p0
openmotif-2.1.30.5p1
autoconf-2.13p0
nspr-4.4.1p0

 Original Message 
Subject:Re: java on openbsd
Date:   Tue, 14 Nov 2006 12:20:45 -0500
From:   Kurt Miller <[EMAIL PROTECTED]>
Reply-To:   [EMAIL PROTECTED]
To: ports@openbsd.org
References: <[EMAIL PROTECTED]>



On Tuesday 14 November 2006 8:07 am, you wrote:
However, whenever I run java, I get a "Can't detect initial thread   
 stack location - find_vma failed" error. This is for sun's jdk
1.5.06 as well as one of the newer 1.6 versions. IBM's jdk1.4 says   
 it cannot read or write (not sure exactly anymore) to /proc/.   
 I've tried running all three versions as root to check for
permission errors, but it makes no difference. I've googled for
hours trying to find a solution, but can't seem to fix it.


Our linux emulation doesn't support the features needed
by linux jdk binaries (1.4 and up). Our native jdk's work
quite well (especially devel/jdk/1.5) but you need to
build from source.

-Kurt


That package list helps a lot. I didn't know you could generate a
dependency list like that (see my other message today: "packages").
Thanks!

Marc



- End forwarded message -

MIPS based routerboard machines

[Matt Radtke]

Good afternoon all

Is there any interest in supporting the MIPS based
routerboard hardware?  If there is, I would be happy
to buy a board or two and throw it at whoever might
interested in making such a thing happen.

Past that, I lack the required skills to code it
myself.  I'd be willing to just generally throw some
money at someone if it would help.  Just please be
gentle on my wallet, I have a wedding to pay for ;-)

Thanks guys

-Matt


 

Sponsored Link

Don't quit your job - take classes online
www.Classesusa.com

Re: openntpd : not synced when using timedelta sensor

[Henning Brauer]

* Joris Van Herzele <[EMAIL PROTECTED]> [2006-11-15 19:44]:
> I wanted to try using a timedelta sensor for openntpd (on OpenBSD 
> 4.0-release with errata patches) but don't seem to have that much luck 
> with it.

> It never shows any clock synced message, which apparently is also 
> confirmed by the clients :

there was indeed a bug causing this - you need ntp peers or we'll never 
get in sync.
this has been fixed post-4.0.
might be a -stable candidate eh...

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: 1,4 TB to partition, mostly for /home/backup, what would you recommand

[Joachim Schipper]

On Wed, Nov 15, 2006 at 04:40:37PM +0100, Didier Wiroth wrote:
> Hi,
> I've installed an Openbsd4.0 server with a LSI Megaraid S-ATA 150-6 LSI
> Controller. It has a RAID5 logical drive containing 6 HDs (1 is hot spare).
> 
>  $ sudo bioctl ami0
> Volume  Status   Size Device
>  ami0 0 Scrubbing   1600332496896 sd0 RAID5 60% done
>   0 Online   400083124224 0:0.0   noencl    3.AE>
>   1 Online   400083124224 0:2.0   noencl    3.AE>
>   2 Online   400083124224 0:1.0   noencl    3.AE>
>   3 Online   400083124224 0:4.0   noencl    3.AE>
>   4 Online   400083124224 0:3.0   noencl    3.AE>
>  ami0 1 Hot spare400083124224 0:5.0   noencl    3.AE>
> 
> I would like to use most of the space for /home/backup!
> 
> I thought about using 4x350GB (or X x XXX GB, any recommandations are
> appreciated) partitions (to reduce the fsck times when fsck is needed),
> and  concatenate them via ccd to /home/backup?!
>
> Is this the best way to do it or would you recommand me to do it
> differently?

As ckuethe@ pointed out, that's too big. Additionally, you need about as
much memory (in megabytes) as disk (in gigabytes) for fsck.

Depending on exactly how the backups are done, it might be sensible to
mount at least three of those 350GB partitions read-only at any given
time. This would allow you to come up dramatically faster after a crash;
although this may not be that important for a backup server...

Joachim

Re: Is resolver in 4.0 thread-safe?

[Joachim Schipper]

On Wed, Nov 15, 2006 at 06:30:06PM +0100, Federico Giannici wrote:
> Antoine Jacoutot wrote:
> >Selon Federico Giannici <[EMAIL PROTECTED]>:
> >>I'm about to compile a program (milter-greylist) that requires a
> >
> >You mean /usr/ports/mail/milter-greylist ?
> 
> Yes, but version 3, that supports greylisting based on blacklists.
> The old version on ports doesn't use DNS...
> 
> So, the question remains: anybody knows if DNS resolver in OpenBSD 4.0 
> is thread-safe?

At least not as much as one would want, see gethostbyname(3), under
BUGS:

These functions use static data storage; if the data is needed for
future use, it should be copied before any subsequent calls overwrite
it.

You could, of course, write a gethostbyname_r wrapper utilizing a mutex
and some malloc() magic.

Joachim

Re: Problem with grey listing

[Chad M Stewart]

On Nov 15, 2006, at 1:47 PM, Eric Merkel wrote:


My greylisting system has been running fine for about a month but
recently run I've into a problem with greylisting. I had someone tell
me that an email they sent to me bounced. Looking at the log file
(shown below) it appears that their email server retried three times
every half hour so I am not sure why they were not whitelisted.

I am running spamd with the following options spamd_flags="-v -G  
5:4:864".


I think you're being very generous here, using 5 minutes for  
passtime, RFCs stipulate 30 minutes between retries.  Anything less  
than 30 minutes between different Internet hosts is not being net  
friendly or honoring the RFCs.   I use the default (25 minutes) and  
things work very nicely.  Of course YMMV.




The only thing that looked a little suspicious is I think I may be
hitting the upper end of the pf table size. Is it possible just no
more IP's can be added to spamd-white?

#  pfctl -t spamd-white -T show | wc -l
 499785
# pfctl -t spamd -T show | wc -l
 18
# pfctl -t spamd-mywhite -T show | wc -l
175



Maybe I'm being naive but 499785 in spamd-white, seems very large to  
me, perhaps this is related to my comments above.  I've watched  
spammers come back in > 5 but < 30.




I have "set limit table-entries 50" so do I just need to increase
the table-entries even higher? What is the highest value this can be
set to?


Search the pf list, there are some threads on there about it.


-Chad



# zcat daemon.*.gz | grep 66.192.70.179
Nov 14 17:33:02 mx-fw1 spamd[14875]: 66.192.70.179: connected (755/1)
Nov 14 17:33:09 mx-fw1 spamd[14875]: (GREY) 66.192.70.179:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Nov 14 17:33:13 mx-fw1 spamd[14875]: 66.192.70.179: disconnected  
after 11

seconds.
Nov 14 16:02:49 mx-fw1 spamd[14875]: 66.192.70.179: connected (749/3)
Nov 14 16:03:00 mx-fw1 spamd[14875]: (GREY) 66.192.70.179:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Nov 14 16:03:00 mx-fw1 spamd[14875]: 66.192.70.179: disconnected  
after 11

seconds.
Nov 14 15:35:31 mx-fw1 spamd[14875]: 66.192.70.179: connected (483/0)
Nov 14 15:35:43 mx-fw1 spamd[14875]: (GREY) 66.192.70.179:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Nov 14 15:35:43 mx-fw1 spamd[14875]: 66.192.70.179: disconnected  
after 12

seconds.
Nov 14 15:35:31 mx-fw1 spamd[14875]: 66.192.70.179: connected (483/0)
Nov 14 15:35:43 mx-fw1 spamd[14875]: (GREY) 66.192.70.179:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>


Any thoughts?

-Eric

Re: for the OpenBSD Asterisk VoIP admins

[Diana Eichert]

Yep, after I read about the requirement for zaptel drivers after I posted
the initial e-mail.

Re: OpenPBX.org, do you have it running under OpenBSD?

thanks for all the replies, sounds like there's more than a few people who
run Asterisk on OpenBSD.

diana

Re: BSD laptop

[David Chapman]

Does anyone have any thoughts or experience with Lenovo or ThinkPad
laptops?

Thanks,

-- 
David Chapman| "tar is not a plaything"
[EMAIL PROTECTED]  | [EMAIL PROTECTED]

Re: BSD laptop

[Marcus Eskilsson]

I switched from running GNU/Linux to OpenBSD 4.0 on my ThinkPad R52. Works
like a charm. I can't find a thing to complain about.

2006/11/15, David Chapman <[EMAIL PROTECTED]>:
>
> Does anyone have any thoughts or experience with Lenovo or ThinkPad
> laptops?
>
> Thanks,
>
> --
> David Chapman| "tar is not a plaything"
> [EMAIL PROTECTED]  | [EMAIL PROTECTED]
>
>


--
Wing Tsun Scandinavia Sweden branch (http://www.wing-tsun.se/)
Kung-fu.se - Menga stilar, ett forum (http://www.kung-fu.se/)

Re: ip not forwarding after 4.0 rebuild.

[nuffnough]

On 14/11/06, Bob DeBolt <[EMAIL PROTECTED]> wrote:
>
> On Monday 13 November 2006 7:53 pm, you wrote:
>
> > But I don't know what I need to do differently to change the
> > situations.
>
> Is pf enabled and blocking perhaps?




Thanks for everyone's help.  It must have been something weird (like my
brain at 5 in the morning).  I've rebuilt the system now and it is working
great.

Re: for the OpenBSD Asterisk VoIP admins

[Daniel Ouellet]

Hi All,

What is really the interest to get an OpenBSD Virtual PBX solutions 
(meaning more then one company per server for example) instead of Asterisk?


This could be available in 9 to 12 months time frame and obviously could 
continue to evolve hopefully pass the release of a working solution.


As some may have seen, I did express this possibility a few times in the 
pass and even on undeadly as well.


I never hide the fact that I am already operating an ISP and we do offer 
VoIP for 5+ years already and we use Broadwork from Broadsoft as a 
solution for this.


I however have my own grief with this and very seriously look at 
replacing this with a more reliable solution and a real open one as well.


I am very seriously working at making this happen and finance the 
project long term as well to make sure it see the light of day. However, 
I am not the google of the world and sure don't have the big financial 
mean as these that could do it have.


Never the less, I haven't giving up on it at this time. I am exploring 
all possibility that I can with the mean I have.


If there is real, I mean real interest in this and you are able to 
participate in it, meaning financially to make it happen, please make 
yourself known. Fell free to contact me off list for more details, but 
no joke please or don't think this can be done with a few hundred dollars.


This is a very serious project and is very possible to see the light of 
day. However, the cost is not small and even if I am welling to finance 
most of it, if not all, in some cases, I can't do it all. I can provide 
mean of making sure it would continue to evolve, but getting it off the 
ground is not a small project and that is assuming that you see the 
benefit for yourself as well in it as Asterisk is not for everyone and I 
sure prefer a more stable and scalable version then that.


So, if you are serious about it and can finance the project as well, 
please think about it, but no joke please!


This is real, but expensive.

If you wonder what that is for. Well, just look for Broadwork from 
Broadsoft as a virtual PBX platform and what it does, it's to replace it 
in real live ISP VoIP setup for multiple customers using OpenBSD and 
real open source ONLY!


Thanks

Daniel.

Re: BSD laptop

[Doug Fordham]

OBSD, Kubuntu, and XP on a ThinkPad T41


On 11/15/06, David Chapman <[EMAIL PROTECTED]> wrote:
>
> Does anyone have any thoughts or experience with Lenovo or ThinkPad
> laptops?
>
> Thanks,
>
> --
> David Chapman| "tar is not a plaything"
> [EMAIL PROTECTED]  | [EMAIL PROTECTED]

Re: BSD laptop

[Stacey Roberts]

Hello Doug,

On Wed, 15 Nov 2006, Doug Fordham wrote:

> OBSD, Kubuntu, and XP on a ThinkPad T41
> 
> 
> On 11/15/06, David Chapman <[EMAIL PROTECTED]> wrote:
> >
> >Does anyone have any thoughts or experience with Lenovo or ThinkPad
> >laptops?
> >

FreeBSD on ThinkPad T21, R51e, T43.

Regards,

Stacey

> >Thanks,
> >
> >--
> >David Chapman| "tar is not a plaything"
> >[EMAIL PROTECTED]  | [EMAIL PROTECTED]
> >
> >
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-mobile
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best nic/driver combination

[pedro la peu]

> I can easily get some Realtek 8169 based (not 8139!) re cards, some
> Intel gbit em (they seem less stable than fxp ?), and probably some sk
> (SMC 9452TX).

I have been using sk(4) as my Gigabit card of choice with great success for 
some time now. In fact, I don't bother looking for anything else. I pump lots 
of Gigs through them daily with never a hitch, on old PIII junkware PC's.

There are probably alternatives with better maximum performance, I've never 
needed to find out. The fact that they cost new about the same as two packs 
of cigarettes (in the UK) is a pretty convincing bonus.

Re: BSD laptop

[George Hartzell]

Stacey Roberts writes:
 > Hello Doug,
 > 
 > On Wed, 15 Nov 2006, Doug Fordham wrote:
 > 
 > > OBSD, Kubuntu, and XP on a ThinkPad T41
 > > 
 > > 
 > > On 11/15/06, David Chapman <[EMAIL PROTECTED]> wrote:
 > > >
 > > >Does anyone have any thoughts or experience with Lenovo or ThinkPad
 > > >laptops?
 > > >
 > 
 > FreeBSD on ThinkPad T21, R51e, T43.
 > 

FreeBSD on a ThinkPad T42p.  Works great!

g.

Re: BSD laptop

[Brad Miele]

FreeBSD on a HP nc6230. Issues with acpi/thermal, will shutdown when going 
from power to battery.


http://lists.freebsd.org/pipermail/freebsd-acpi/2005-September/001935.html

Other than that, it works great.

Brad
-
Brad Miele
VP Technology
IPNStock.com
[EMAIL PROTECTED]

On Wed, 15 Nov 2006, Stacey Roberts wrote:


Hello Doug,

On Wed, 15 Nov 2006, Doug Fordham wrote:


OBSD, Kubuntu, and XP on a ThinkPad T41


On 11/15/06, David Chapman <[EMAIL PROTECTED]> wrote:


Does anyone have any thoughts or experience with Lenovo or ThinkPad
laptops?



FreeBSD on ThinkPad T21, R51e, T43.

Regards,

Stacey


Thanks,

--
David Chapman| "tar is not a plaything"
[EMAIL PROTECTED]  | [EMAIL PROTECTED]



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-mobile
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-mobile
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

router wont stop sending icmp redirects

[tobias Freitag]

Hi list,

I am trying to implement a transparent proxy using the pf rdr action but my 
clients ignore the icmp redirects that are send out by the openbsd box. I 
tried to get it to use adress translation instead, but no avail.

The box is set to router mode (net.inet.ip.forwarding=1) and sending of 
redirects is switched off (net.inet.ip.redirect=0) but shamelessly ignored.

Any ideas?

Tobias Freitag
-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal f|r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

kernel pppoe

[Gustavo Rios]

Dear list members,

i have followed pppoe(4) instructions on setting it up. It works
perfectly. But, i am very confused with the output for the netstat -rn
command (only relevant part)

Internet:
DestinationGatewayFlagsRefs  UseMtu  Interface
default0.0.0.1UGS 18  -   pppoe0
0.0.0.1defaultUH  10  -   pppoe0
127/8  127.0.0.1  UGRS00  33224   lo0
127.0.0.1  127.0.0.1  UH  10  33224   lo0
224/4  127.0.0.1  URS 00  33224   lo0

For ifconfig -a, we have (only relevant part too):

pppoe0: flags=8851 mtu 1492
dev: bge0 state: session
sid: 0xf0e2 PADI retries: 1 PADR retries: 0 time: 00:00:44
sppp: phase network authproto pap authname "[EMAIL PROTECTED]"
groups: pppoe egress
inet6 fe80::211:11ff:fee3:927e%pppoe0 ->  prefixlen 64 scopeid 0x6
inet 201.78.17.238 --> 0.0.0.1 netmask 0x

I am not able to understand the cycle between 0.0.0.1 to default and
default to 0.0.0.1 entries for the routing information.

I am very confused.

Thanks in advance.

Re: Firewall partially failing with high traffic (Updated)

[Chris Cameron]

Just building off my last message. Answering Ryans questions first:

- Do you have dedicated addresses on the carp parent interfaces?

For sure.

- Are all the carp devices on the master firewall MASTER; what about the
  backup?

Before and after the network dies, primary firewall is all MASTER,
secondary stays as BACKUP.

- Can you reach the 'dissapearing' network from the backup firewall?

Yes.

- Is preemption enabled? (sysctl net.inet.carp.preempt=1)

Yes.

- What is the output of 'netstat -sp carp' on both the master and backup
  firewalls?

Have it below.

- What about the output of 'netstat -i'? Are there output errors on the
  offending interface?

Exact output below, but no errors in or out, before or after.

- Have you tried running with carp debugging turned on? (sysctl
  net.inet.carp.log=1)

Did this on both firewalls, didn't see output one way or the other.
Restarted with it in sysctls.conf just to be sure, but didn't see
anything.




What further I know:

- set debug loud, lots of output, nothing looks different while the
problem is present.

- From the "dead" network, if I ping the firewall, tcpdump shows the
firewall making an arp request for the originating machine.
18:17:50.015307 arp who-has 172.168.120.50 tell 172.168.120.2

172.168.120.50 is the machine on the dead network, which was trying to
ping the firewall. This would lead me to believe the firewall saw
-something-. Lots of traffic trying to going to, but none come back from
that network.

- I can ping the dead interface locally.

- Bringing interface down and up doesn't help

- From the firewall itself, I can hang that interface. Before I was
doing it from my desktop, through the firewall.


Ifconfig explanation:

gem0 - external
gem1 - 120.x - network that "disappears"
hme0 - 0.x - pfsync traffic
hme1 - 121.x - Network my terminal is on
hme2 - 119.x

My ifconfig -A output from the master firewall:

$ ifconfig -A
lo0: flags=8049 mtu 33192
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa
gem0:
flags=8b63 
mtu 1500
lladdr 00:03:ba:f2:bc:1c
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 216.2.22.123 netmask 0xffe0 broadcast 216.82.41.127
inet6 fe80::203:baff:fef2:bc1c%gem0 prefixlen 64 scopeid 0x1
gem1:
flags=8b63 
mtu 1500
lladdr 00:03:ba:f2:bc:1d
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 172.168.120.2 netmask 0xff00 broadcast 172.168.120.255
inet6 fe80::203:baff:fef2:bc1d%gem1 prefixlen 64 scopeid 0x2
hme0: flags=8863 mtu
1500
lladdr 08:00:20:ee:66:60
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
inet6 fe80::a00:20ff:feee:6660%hme0 prefixlen 64 scopeid 0x3
hme1:
flags=8b63 
mtu 1500
lladdr 08:00:20:ee:66:61
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 172.168.121.2 netmask 0xff00 broadcast 172.168.121.255
inet6 fe80::a00:20ff:feee:6661%hme1 prefixlen 64 scopeid 0x4
hme2:
flags=8b63 
mtu 1500
lladdr 08:00:20:ee:66:62
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 172.168.119.2 netmask 0xff00 broadcast 172.168.119.255
inet6 fe80::a00:20ff:feee:6662%hme2 prefixlen 64 scopeid 0x5
hme3: flags=8822 mtu 1500
lladdr 08:00:20:ee:66:63
media: Ethernet autoselect
pflog0: flags=141 mtu 33192
pfsync0: flags=41 mtu 1348
pfsync: syncdev: hme0 maxupd: 128
enc0: flags=0<> mtu 1536
tun0: flags=8051 mtu 1500
groups: tun
inet 172.168.123.1 --> 172.168.123.2 netmask 0x
carp0: flags=8843 mtu 1500
carp: MASTER carpdev gem0 vhid 1 advbase 1 advskew 0
groups: carp
inet 216.82.41.116 netmask 0xffe0 broadcast 216.82.41.127
inet 216.82.41.97 netmask 0xffe0 broadcast 216.82.41.127
inet 216.82.41.98 netmask 0xffe0 broadcast 216.82.41.127
inet 216.82.41.117 netmask 0xffe0 broadcast 216.82.41.127
inet 216.82.41.118 netmask 0xffe0 broadcast 216.82.41.127
inet 216.82.41.119 netmask 0xffe0 broadcast 216.82.41.127
inet 216.82.41.120 netmask 0xffe0 broadcast 216.82.41.127
inet 216.82.41.125 netmask 0xffe0 broadcast 216.82.41.127
inet 216.82.41.126 netmask 0xffe0 broadcast 216.82.41.127
carp1: flags=8843 mtu 1500
carp: MASTER carpdev gem1 vhid 2 advbase 1 advskew 0
groups: carp
inet 172.168.120.1 netmask 0xff00 broadcast 172.168.120.255
carp2: flags=8843 mtu 1500
carp: MASTER carpdev hme1 vhid 3 advbase 1 advskew 0
groups: carp
inet 172.168.121.1 netmask 0xff00 broadcast 172.168.121.255
carp3: flags=8843 mtu 1500
carp: MASTER carpdev

Re: kernel pppoe

[Pawel S. Veselov]

Gustavo,

On Wed, Nov 15, 2006 at 11:14:23PM -0300, Gustavo Rios wrote:
>i have followed pppoe(4) instructions on setting it up. It works
>perfectly.

as long as it works :)

>But, i am very confused with the output for the netstat -rn
>command (only relevant part)
>
>Internet:
>DestinationGatewayFlagsRefs  UseMtu  
>Interface
>default0.0.0.1UGS 18  -   pppoe0

this routing table entry has 0/0 in destination (prints as "default"), and
0.0.0.1/32 as gateway. That is the kinda line you would find on most of the
systems. The word "default" netstat prints instead of 0/0 are probably
appropriate here, as it really means "any address that didn't match any other
destination in my routing table".

>0.0.0.1defaultUH  10  -   pppoe0

this routing table entry has 0.0.0.1/32 as destination and 0/0 as gateway

>127/8  127.0.0.1  UGRS00  33224   lo0
>127.0.0.1  127.0.0.1  UH  10  33224   lo0
>224/4  127.0.0.1  URS 00  33224   lo0
>
>For ifconfig -a, we have (only relevant part too):
>
>pppoe0: flags=8851 mtu 1492
>   dev: bge0 state: session
>   sid: 0xf0e2 PADI retries: 1 PADR retries: 0 time: 00:00:44
>   sppp: phase network authproto pap authname 
>   "[EMAIL PROTECTED]"
>   groups: pppoe egress
>   inet6 fe80::211:11ff:fee3:927e%pppoe0 ->  prefixlen 64 scopeid 0x6
>   inet 201.78.17.238 --> 0.0.0.1 netmask 0x
>
>I am not able to understand the cycle between 0.0.0.1 to default and
>default to 0.0.0.1 entries for the routing information.

I would guess that for the "host" route (ipv4 only), the only necessary
knowledge it the interface through which the packet needs to be sent.  At least
in case of p2p interfaces. So the "gateway" is left at 0/0.  Netstat, perhaps
unfortunately, prints 0/0 as "default".

>I am very confused.

-- Pawel.

Re: Best nic/driver combination

[Shane J Pearson]

Hi Pedro,

On 16/11/2006, at 11:48 AM, pedro la peu wrote:


I can easily get some Realtek 8169 based (not 8139!) re cards, some
Intel gbit em (they seem less stable than fxp ?), and probably  
some sk

(SMC 9452TX).


I have been using sk(4) as my Gigabit card of choice with great  
success for
some time now. In fact, I don't bother looking for anything else. I  
pump lots
of Gigs through them daily with never a hitch, on old PIII junkware  
PC's.


There are probably alternatives with better maximum performance,  
I've never
needed to find out. The fact that they cost new about the same as  
two packs

of cigarettes (in the UK) is a pretty convincing bonus.


Yes, sometimes I feel like I should buy them in bulk. I am afraid  
that one day the chip-set will disappear for another cheap yet  
inferior one. And the vendors won't mention anything on the box.


I can't get D-Link DGE-530T Rev B1 cards to work in Sun U5's and  
U10's, yet the Rev A1 cards work fine. I think the move to Rev B1 has  
caused the cards to only work in PCI 2.2 slots and not older PCI 2.1.  
Even though the printing on the box of Rev B1 cards still claims that  
it will work in PCI 2.1 slots.


All I seem to be able to source now are the Rev B1 cards (which  
incidentally work fine in a Blade 150). Since they're so cheap, how  
long until a vendor like D-Link changes the chipset and then just  
ship a different Windows driver CD?


If I had the money at the moment, I'd buy them in bulk so I have some  
for myself and my customers. I realise there are other sk options,  
but since they can be so cheap, I fear they will change.


Can anyone recommend a cheap sk which is still capable of working in  
a PCI 2.1 slot? I was hoping to switch from fxp to sk in my 5  
interface Sun U10 firewall at home, but I only have 2 sk's (out of a  
desired 4) which work in it.




Shane J Pearson (hoping to see some affordable 4 interface sk NIC's)
shanejp netspace net au

slow compiling on amd64

[Stephen Schaff]

this is my first post to the list - so please bear with me...

I have 2 amd64 machines that I plan on using in production, and 1  
amd64 machine at home for testing.
I tried installing the amd64 openbsd on both machines and discovered  
that doing a make on anything goes really, really slowly. I have the  
i386 openbsd installed on my test system and it does everything very  
quickly. So, I tried installing i386 on my 2 production machines.  
It's still slow on both of them!


When I say slow, here's what I mean. I'm compiling a new kernel with  
raid support. Just doing a make depend take roughly 30 seconds on my  
test machine and 30 minutes on the production machines.


# time make depend

TEST MACHINE:
0m31.36s real 0m20.64s user 0m6.32s system

PRODUCTION MACHINE:
36m8.08s real 5m32.17s user 1m37.57s system

Here's the hardware:
# sysctl hw

TEST MACHINE:
hw.machine=i386
hw.model=AMD Athlon(tm) 64 Processor 3000+ ("AuthenticAMD" 686-class,  
512KB L2 cache)

hw.ncpu=1
hw.byteorder=1234
hw.physmem=1073246208
hw.usermem=1072939008
hw.pagesize=4096
hw.disknames=wd0,cd0
hw.diskcount=2
hw.sensors.0=it0, Fan1, 5443 RPM
hw.sensors.3=it0, VCORE_A, 1.41 V DC
hw.sensors.4=it0, VCORE_B, 0.00 V DC
hw.sensors.5=it0, +3.3V, 3.28 V DC
hw.sensors.6=it0, +5V, 5.03 V DC
hw.sensors.7=it0, +12V, 11.78 V DC
hw.sensors.8=it0, Unused, 0.82 V DC
hw.sensors.9=it0, -12V, -17.00 V DC
hw.sensors.10=it0, +5VSB, 4.78 V DC
hw.sensors.11=it0, VBAT, 3.06 V DC
hw.sensors.12=it0, Temp 1, 35.00 degC
hw.sensors.13=it0, Temp 2, 37.00 degC
hw.sensors.14=it0, Temp 3, 25.00 degC
hw.cpuspeed=1810
hw.setperf=100
hw.vendor=ASUSTeK Computer INC.
hw.product=A8N-SLI DELUXE
hw.version=1.XX
hw.serialno=123456789000
hw.uuid=000fa389-5f1d-d711-9ec4-0011d84a06a8

PRODUCTION MACHINE:
hw.machine=i386
hw.model=AMD Athlon(tm) 64 Processor 3500+ ("AuthenticAMD" 686-class,  
512KB L2 cache)

hw.ncpu=1
hw.byteorder=1234
hw.physmem=1005940736
hw.usermem=1005699072
hw.pagesize=4096
hw.disknames=cd0,wd0,wd1,wd2,wd3
hw.diskcount=5
hw.sensors.0=lm0, VCore A, 2.96 V DC
hw.sensors.1=lm0, VCore B, 3.63 V DC
hw.sensors.2=lm0, +3.3V, 3.38 V DC
hw.sensors.3=lm0, +5V, 5.67 V DC
hw.sensors.4=lm0, +12V, 16.32 V DC
hw.sensors.5=lm0, -12V, -12.86 V DC
hw.sensors.6=lm0, -5V, -5.36 V DC
hw.sensors.7=lm0, Temp1, 33.00 degC
hw.sensors.10=lm0, Fan3, 4017 RPM
hw.cpuspeed=2211
hw.setperf=100
hw.vendor=ASUSTeK Computer INC.
hw.product=A8N-VM CSM
hw.uuid=c478ed80-74fe-d511-b068-749cdaa7f59a




ANY ideas? This one is stumping me completely and I've wasted a week  
trying to sort it out.

TIA!

Stephen

Re: slow compiling on amd64

[Stephen Schaff]

Sorry - of course - here's my dmesg:


OpenBSD 4.0 (RAMDISK_CD) #39: Sat Sep 16 19:34:26 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: AMD Athlon(tm) 64 Processor 3500+ ("AuthenticAMD" 686-class,  
512KB L2 cache) 2.22 GHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, 
CFLUSH,MMX,FXSR,SSE,SSE2,SSE3

real mem  = 1005940736 (982364K)
avail mem = 910962688 (889612K)
using 4256 buffers containing 50401280 bytes (49220K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 10/05/05, BIOS32 rev. 0 @  
0xf0010, SMBIOS rev. 2.3 @ 0xf06d0 (66 entries)

bios0: ASUSTeK Computer INC. A8N-VM CSM
apm0 at bios0: Power Management spec V1.2
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8b80/288 (16 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x10de product 0x0260
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xec00 0xcf000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
"NVIDIA C51 Host" rev 0xa2 at pci0 dev 0 function 0 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 1 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 2 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 3 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 4 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 5 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 6 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 7 not configured
ppb0 at pci0 dev 2 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci1 at ppb0 bus 1
ppb1 at pci0 dev 3 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci2 at ppb1 bus 2
ppb2 at pci0 dev 4 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci3 at ppb2 bus 3
vga1 at pci0 dev 5 function 0 "NVIDIA GeForce 6150" rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
"NVIDIA MCP51 Host" rev 0xa2 at pci0 dev 9 function 0 not configured
pcib0 at pci0 dev 10 function 0 "NVIDIA MCP51 ISA" rev 0xa2
"NVIDIA MCP51 SMBus" rev 0xa2 at pci0 dev 10 function 1 not configured
ohci0 at pci0 dev 11 function 0 "NVIDIA MCP51 USB" rev 0xa2: irq 5,  
version 1.0, legacy support

usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 8 ports with 8 removable, self powered
ehci0 at pci0 dev 11 function 1 "NVIDIA MCP51 USB" rev 0xa2: irq 3
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
uhub1: 8 ports with 8 removable, self powered
pciide0 at pci0 dev 13 function 0 "NVIDIA MCP51 IDE" rev 0xa1: DMA,  
channel 0 configured to compatibility, channel 1 configured to  
compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:   
SCSI0 5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 14 function 0 "NVIDIA MCP51 SATA" rev 0xa1: DMA
pciide1: using irq 5 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide1 channel 1 drive 0: 
wd1: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide2 at pci0 dev 15 function 0 "NVIDIA MCP51 SATA" rev 0xa1: DMA
pciide2: using irq 5 for native-PCI interrupt
wd2 at pciide2 channel 0 drive 0: 
wd2: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd2(pciide2:0:0): using PIO mode 4, Ultra-DMA mode 5
wd3 at pciide2 channel 1 drive 0: 
wd3: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd3(pciide2:1:0): using PIO mode 4, Ultra-DMA mode 5
ppb3 at pci0 dev 16 function 0 "NVIDIA MCP51 PCI-PCI" rev 0xa2
pci4 at ppb3 bus 4
"VIA VT6306 FireWire" rev 0x80 at pci4 dev 5 function 0 not configured
em0 at pci4 dev 9 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05:  
irq 5, address 00:0e:0c:a2:de:f6
"NVIDIA MCP51 HD Audio" rev 0xa2 at pci0 dev 16 function 1 not  
configured
nfe0 at pci0 dev 20 function 0 "NVIDIA MCP51 LAN" rev 0xa1: irq 5,  
address 00:13:d4:ff:0e:75

eephy0 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 2
pchb0 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00
pchb1 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00
pchb3 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ffed netmask ffed ttymask ffef
rd0: fixed, 3800 blocks
dkcsum: wd0

Problems with java

[ICMan]

 Hello,

I just compiled (after a whole day) the jdk 1.5.0p19 distribution on OBSD
4.0, and I get the following error whenever I run java or attempt to use
the plugin with firefox:

"Error occurred during initialization of VM
Could not reserve enough space for object heap
Could not create the Java virtual machine."

I have tried "ulimit -d 10", I have tried "java -Xms10M -Xmx10M", "java
-Xms100M -Xmx100M", and even "java -Xms1M -Xmx1M".  None work.  I
continue to get the same error.

Need help badly.

Thanks

ICMan.