Re: sk or em
On Sunday 15 April 2007 22:30, Stuart Henderson wrote: On 2007/04/15 20:27, Chris C. wrote: I'm in the need to replace my two 100mbit fxp nic's in my firewall with a 1000mbit one. The hardware is kinda old. (PIII) I'm looking for an inexpensive but not bad (so I think no realtek chips) nic. Have looked at sk and bge, but couldn't find any bge nics at my local vendors. So... which driver to go? sk? em? Modern Realtek re(4) are not really a problem, they do IPv4 TCP checksum offload, HW vlan tagging, and are a better design than the rl(4). They only handle jumbo frames up to 7.5k, but if jumbo support was a big issue you'd probably have mentioned it already (and even 2k would cover many of the reasons you'd want jumbos). I'd still go for the sk(4) if they were the same price - this is fairly possible, unlike em(4) which will almost certainly cost more than re(4) - but don't worry about it, pretty much anything you pick up is likely to work fine. Thanks, will go and get some sk's. Greetings Chris
ne3 interface funny behaviour
Hello list. I'm setting up an old Toshiba laptop as a firewall, DNS forwarder, DHCP server and wireless access point using OpenBSd 4.0 i386. I have 3 network interfaces: - unknown-brand USB 10/100 interface, available as axe0, working perfectly - Netgear PCMCIA wireless interface, available as ath0, working perfectly - unknown-brand PCMCIA 10/100, available as ne3, *almost* working My idea is to use axe0 as external interface (the laptop has no USB2 support, so it will never make high transfer speed anyway), ne3 as internal cabled interface, and ath0 as internal wireless access point. Everything is working perfectly so far except by ne3: the card is recognized, it gets its IP address correctly during boot, but apparently there is no link to the switch. The connection leds on card's dongle light up, but the switch's port corresponding led doesn't, and I can't ping any other box on the network. Cable and switch port are OK, I have tested with another card; ping is successfull ,too. I also tried to fix card's speed and duplex (to 100full) adding corresponding entries to hostname.ne3, alas to no avail. Unfortunately, I cannot use the ok card used for tests because it is a thick one, with no dongle, and it make the laptop's second PCMCIA slot unavailable for wireless card. Has someone had similar experiences? Can someone give me a hint about what's happening? Thank you in advance, bye, Manuel Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Recommend Technical Networking Book?
Hi all, Can anyone recommend a technical networking book (or links) regarding design, architecture, implementation, monitoring, and best practices? I just purchased a Dell 3248 managed switch, 10 IBM 1U servers, and 10 towers. I would like to practice setting things up on this hardware. I have just discovered VLANs (tagged/untagged) and configured a few on the switch. Some other topics of interest are Spanning Tree, OSPF, BGP, Multicasting, and redundancy (link aggregation, trunking, CARP, etc.). I own The Practice of System and Network Administration, which is an excellent book, but does not get technical. Perhaps something to compliment this title? Can anyone comment on these titles that I'm thinking about getting (good/bad)? The Switch Book: The Complete Guide to LAN Switching Technology http://www.amazon.com/gp/product/0471345865/ref=wl_it_dp/103-5124063-8263036?ie=UTF8coliid=IRD9JNS6W69MPcolid=1B2FORVUWNNME, by Rich Seifert http://www.amazon.com/gp/product/0471345865/ref=wl_it_dp/103-5124063-8263036?ie=UTF8coliid=IRD9JNS6W69MPcolid=1B2FORVUWNNME Network Analysis, Architecture, and Design, http://www.amazon.com/gp/product/0123704804/ref=wl_it_dp/103-5124063-8263036?ie=UTF8coliid=I1VQRIWRA7ZKKCcolid=1B2FORVUWNNME by James D. McCabe http://www.amazon.com/gp/product/0123704804/ref=wl_it_dp/103-5124063-8263036?ie=UTF8coliid=I1VQRIWRA7ZKKCcolid=1B2FORVUWNNME The Tao of Network Security Monitoring: Beyond Intrusion Detection, http://www.amazon.com/gp/product/0321246772/ref=wl_it_dp/103-5124063-8263036?ie=UTF8coliid=IHNHJ98G36HX1colid=1B2FORVUWNNME by Richard Bejtlich http://www.amazon.com/gp/product/0321246772/ref=wl_it_dp/103-5124063-8263036?ie=UTF8coliid=IHNHJ98G36HX1colid=1B2FORVUWNNME Designing Large Scale LANs, http://www.amazon.com/gp/product/0596001509/ref=wl_it_dp/103-5124063-8263036?ie=UTF8coliid=I2606QCO9PP08Lcolid=1B2FORVUWNNME by Kevin Dooley http://www.amazon.com/gp/product/0596001509/ref=wl_it_dp/103-5124063-8263036?ie=UTF8coliid=I2606QCO9PP08Lcolid=1B2FORVUWNNME _Top-Down Network Design (2nd Edition) (Networking Technology) http://www.amazon.com/gp/product/1587051524/ref=wl_it_dp/103-5124063-8263036?ie=UTF8coliid=I2DTYHO3KFFU71colid=1B2FORVUWNNME, by Priscilla _Oppenheimer Principles of Network and System Administration http://www.amazon.com/gp/product/0470868074/ref=wl_it_dp/103-5124063-8263036?ie=UTF8coliid=I3ISYDRDLITCOGcolid=1B2FORVUWNNME, by Mark Burgess -pachl* *
Re: sk or em
Chris C. a icrit : I'm in the need to replace my two 100mbit fxp nic's in my firewall with a 1000mbit one. The hardware is kinda old. (PIII) I'm looking for an inexpensive but not bad (so I think no realtek chips) nic. Have looked at sk and bge, but couldn't find any bge nics at my local vendors. So... which driver to go? sk? em? Do you expect doing more than 100mbits with this hadware (with PF anabled) ? I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines pf.conf -- Ronnie Garcia r.garcia at ovea dot com
Re: sk or em
Ronnie Garcia wrote: Chris C. a icrit : I'm in the need to replace my two 100mbit fxp nic's in my firewall with a 1000mbit one. The hardware is kinda old. (PIII) I'm looking for an inexpensive but not bad (so I think no realtek chips) nic. Have looked at sk and bge, but couldn't find any bge nics at my local vendors. So... which driver to go? sk? em? Do you expect doing more than 100mbits with this hadware (with PF anabled) ? I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines pf.conf What is your packets/sec when your pushing 40Mbs? Does the traffic flow in one em and out the other or is the dual em in a trunk (i.e. 2Gbs)? -pachl
Re: sk or em
On Monday 16 April 2007 10:27, Ronnie Garcia wrote: Chris C. a icrit : I'm in the need to replace my two 100mbit fxp nic's in my firewall with a 1000mbit one. The hardware is kinda old. (PIII) I'm looking for an inexpensive but not bad (so I think no realtek chips) nic. Have looked at sk and bge, but couldn't find any bge nics at my local vendors. So... which driver to go? sk? em? Do you expect doing more than 100mbits with this hadware (with PF anabled) ? I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines pf.conf I am doing ~190mbit throughput with my current nics (PIII 1000MHz, CPU is at 20% idle) with pf disabled, but I usually only have large nfs or ftp packets and some http and ssh traffic. Greetings Chris
Re: sk or em
Clint Pachl a icrit : Ronnie Garcia wrote: Chris C. a icrit : I'm in the need to replace my two 100mbit fxp nic's in my firewall with a 1000mbit one. The hardware is kinda old. (PIII) I'm looking for an inexpensive but not bad (so I think no realtek chips) nic. Have looked at sk and bge, but couldn't find any bge nics at my local vendors. So... which driver to go? sk? em? Do you expect doing more than 100mbits with this hadware (with PF anabled) ? I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines pf.conf What is your packets/sec when your pushing 40Mbs? Does the traffic flow in one em and out the other or is the dual em in a trunk (i.e. 2Gbs)? Traffic gets in one em, is filtered by pf, and gets out from the other em (and the other way around). Its doing 11kpps in and 6kpps out of each em, plus 7kpps on the pfsync interface, which is a sis -- Ronnie Garcia r.garcia at ovea dot com
Re: Binary kernel and base update
On 2007/04/15 03:41, Bryan Vyhmeister wrote: (As an aside, how often do you update your -current systems varies; main desktop/laptop and any boxes I use when I'm working on anything to do with ports, fairly often. other machines - generally when there's a fix that I want or when there's something particular to test. and do you run -current on production servers?) sometimes. I've probably got more production routers than servers running OpenBSD, almost all of the routers run varying degrees of -current.
Re: Mail Server (seeking recommendations)
On Sun, Apr 15, 2007 at 12:03:10PM +0200, Joachim Schipper wrote: That was the primary reason for using postfix with dovecot. Years back, I tried to get both sendmail and postfix working with SMTP AUTH and Cyrus as I recall. It was a mess. The super-easy integration of postfix and dovecot for SMTP AUTH is a welcome change. I think the main trick is in writing scripts that generate all databases from a single main file. This is fairly easy using perl, awk, Of course, this becomes a hundred times more difficult the moment user administration is not done centrally. At an ISP that I worked for, all user config data was held in postgres. When fields were changed, new flat files were generated (passwd, shell.allow, ftpusers, apache, quota, etc, etc). The files were then scp'd to the various server farms from the postgres box. Having the mail daemons use SQL for auth was too slow. Customers and support staff had web interfaces to postgres for config of services.
Re: ne3 interface funny behaviour
Problem solved. The card is faulty: it doesn't work on other systems either. It *apparently* works, it gets recognized, it can be assigned an IP address, connection led lights up, but no actual connection is available. A close look to the card-dongle connector shows a little damage to the plastics, less than 1mm wide, actually, but maybe large enough to create extra-currents or so. So, I'm looking for a new card. Any suggestions for makes/models known to work with OpenBSD? Thank you all, Manuel --- Kamil Monticolo [EMAIL PROTECTED] wrote: snip Does ne3 works good on other system? Maybe card is bad? Did you try to swap pcmia cards over the slots? birkoff Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: host to host ipsec link
Mathieu Sauve-Frankel wrote: Currently the order in which isakmpd, ipsecctl and sasyncd need to be invoked in order for everything to work is pretty rigid. # isakmpd -KS # ipsecctl -f /etc/ipsec.conf # sasyncd First start isakmpd with -KS, this brings up isakmpd in passive mode, isakmpd won't initiate any IKE traffic until an sasyncd process sets isakmpd to active mode through the fifo, you can do this by hand by issuing M active into the fifo with echo. Don't forget to load your rules before you issue this command. If you are not going to use sasyncd, don't use -S. Hi thx for the insight. I now realize that the problem is caused by sasyncd not starting. It terminates immediately with the message config: syntax error. Unfortunately it's not a syntax error in the sasyncd.conf file, but the error really seems to stem from the program config that seems to get called in the process of invoking sasyncd ... between stat-ing the config file and parsing it, as I would suppose, because sasyncd will not complain about real, intentional syntax errors in the file or an empty file, but will bail out on wrong file permissions. I have copied over sasyncd.conf from a working installation and changed the sharedkey and peer parameters. But config: syntax error hits me even if I empty the file (which should produce errors about missing sharedkeys and the like) Just to go sure, here's the file: # cat /etc/sasyncd.conf interface carp1 flushmode sync listen on xl0 port 5000 sharedkey [32byte RSA key] peer 10.111.1.2 Plus, syntax error does not appear in the sasyncd binary with strings or source code. Sorry again if I'm missing something obvious. /markus
Re: Recommendation for a UPS
On 4/15/07, bofh [EMAIL PROTECTED] wrote: Or, find an old ups with a serial port, make sure it's on the nut list, then buy replacement batteries at batteriesplus for ~$25 each. Oops, sent to Chris when I mean to send to misc :)
Re: host to host ipsec link
On 2007/04/16 15:06, Markus Wernig wrote: ... the error message does come from sasyncd. sharedkey [32byte RSA key] the other config lines are ok, the error must be here. Plus, syntax error does not appear in the sasyncd binary with strings or source code. it's in the file produced by yacc(1)
Re: CARP access outside a subnet
Hi I'm not sure about carp supporting addresses in other subnets than the physical one. But to debug this further: - what does tcpdump -e -n -i xennet1 show on the routers when you ping the virtual interface from outside the lan? - is the route for the egress path the same as for the ingress path (i.e. does the route back to the accessing device point out over the same interface (xennet1) that the packets come in on)? - maybe your next hop router does not receive the virtual mac address. check the arp table on the next hop router. - what is the error message when pinging from the outside and who generates it? krgds /markus david l goodrich wrote: I'm sorry to bring this up again, since it didn't get any responses the first time. But I haven't had any luck on my own, and was hoping someone might have an idea. On 4/9/07, david l goodrich [EMAIL PROTECTED] wrote: I have two hosts in a CARP group. on router-meus-cd1, i have the following network configuration: router-meus-cd1# ifconfig xennet1 xennet1: flags=8963UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 capabilities=2800TCP4CSUM_Tx,UDP4CSUM_Tx enabled=0 address: 00:16:3e:71:ef:6f inet 10.10.10.2 netmask 0xff00 broadcast 10.10.10.255 inet6 fe80::216:3eff:fe71:ef6f%xennet1 prefixlen 64 scopeid 0x4 router-meus-cd1# ifconfig carp216 carp216: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 carp: MASTER carpdev xennet1 vhid 216 advbase 1 advskew 0 address: 00:00:5e:00:01:d8 inet 216.51.247.30 netmask 0xfff8 broadcast 216.51.247.31 router-meus-cd1# on router-meus-cn1, i have a similar configuration: router-meus-cn1# ifconfig xennet1 xennet1: flags=8963UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 capabilities=2800TCP4CSUM_Tx,UDP4CSUM_Tx enabled=0 address: 00:16:3e:04:d3:e0 inet 10.10.10.1 netmask 0xff00 broadcast 10.10.10.255 inet6 fe80::216:3eff:fe04:d3e0%xennet1 prefixlen 64 scopeid 0x4 router-meus-cn1# ifconfig carp216 carp216: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 carp: BACKUP carpdev xennet1 vhid 216 advbase 1 advskew 0216.51.247.30 address: 00:00:5e:00:01:d8 inet 216.51.247.30 netmask 0xfff8 broadcast 216.51.247.31 router-meus-cn1# The default route, nameservers, etc are all set correctly. CARP works great on the 216.51.247.24/29 subnet, from any machine on that subnet I can ping 216.51.247.30. When I get outside the subnet, I can't ping the address or ssh to it. Does anyone have some insight into why this is happening? Thanks --david
Re: Recommendation for a UPS
On Sun, Apr 15, 2007 at 03:45:35PM -0400, Jean-Daniel Beaubien wrote: What are your power requirements? Just a single server? How big of a system are we talking about? ...mainframe, onyx, or a single opteron? Regards, ~Jason My power requirements are very small. The server is running an Athlon xp 2000+ with 2 HDDs in raid 1 (no screen). And that's the only thing that will be attached to the UPS. i got an APC 'Smart-UPS 2200 RM' offa ebay for like $500 after shipping, new battery. got ahold of a serial cable for it, and am using nut to watch the status just fine. on-battery-oh-crap powerdowns work dandy for it and the machines and random things that're hooked to it. last i remember i'm sucking about 350-400 W [1] at any given time off the UPS, and it lasts about 25-35 minutes after a power off situation, with everything staying powered on. if i drop everything except for the VIA and its dsl modem, it lasts a hell of a lot longer ( i think i saw it last just about 2h or so the one time i did that ) [1] { hp netserver ld pro (old ppro, 3 SCSI HD) 2x soekris 4801 soekris 4501 via 310-dp board+case apc masterswitch 9210 xyplex console server 16 port ethernet switch 16 port kvm 2x dsl modems } -- jared
Re: host to host ipsec link
Stuart Henderson wrote: On 2007/04/16 15:06, Markus Wernig wrote: ... the error message does come from sasyncd. sharedkey [32byte RSA key] the other config lines are ok, the error must be here. aarrgg ... and indeed it was. I had produced that string with # openssl rand 32 | perl -pe 's/./unpack(H1,$)/ges' - as I always do - but must have botched something on the way ... thx /m
Re: ne3 interface funny behaviour
Manuel Ravasio wrote: Problem solved. The card is faulty: it doesn't work on other systems either. It *apparently* works, it gets recognized, it can be assigned an IP address, connection led lights up, but no actual connection is available. A close look to the card-dongle connector shows a little damage to the plastics, less than 1mm wide, actually, but maybe large enough to create extra-currents or so. So, I'm looking for a new card. Any suggestions for makes/models known to work with OpenBSD? I'm doing something similar and have had much success with fxp -- specifically an Intel PRO/100 Cardbus card. Prior to using fxp I was using xl, but I can push far more traffic through the system using fxp.
Re: OpenBSD/alpha Status
On Apr 16, 2007, at 3:17 AM, Henning Brauer wrote: * Bryan Vyhmeister [EMAIL PROTECTED] [2007-04-16 07:44]: The CS20 does seem to be a pretty nice machine. I noticed that there is one obvious CS20 in the newrack.jpg picture. Is power consumption pretty high on these? haven't measured... shouldn't be worse than a dual xeon or the like Good to know. Thanks. Bryan
Re: sk or em
On Apr 16, 2007, at 1:58 AM, Ronnie Garcia wrote: Clint Pachl a icrit : Ronnie Garcia wrote: Do you expect doing more than 100mbits with this hadware (with PF anabled) ? I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines pf.conf What is your packets/sec when your pushing 40Mbs? Does the traffic flow in one em and out the other or is the dual em in a trunk (i.e. 2Gbs)? Traffic gets in one em, is filtered by pf, and gets out from the other em (and the other way around). Its doing 11kpps in and 6kpps out of each em, plus 7kpps on the pfsync interface, which is a sis This brings up a question I have had for a while. Does pfsync generate enough traffic that running gigabit cards for your $ext_if and $int_if and a 100base-TX card for your pfsync interface cause a major bottleneck? Bryan
Re: Mail Server (seeking recommendations)
On Apr 15, 2007, at 3:00 PM, Stuart Henderson wrote: On 2007/04/15 14:06, Bryan Vyhmeister wrote: My staff needs to be able to add accounts easily and unfortunately, the command line is not that easy for them. BSD auth, ldap, sql, text files - take your pick... There's also dovecot-sieve if you need server-side filtering. One thing to note if you use milters, Postfix milter support is not based on libmilter; building milter apps on a box with Sendmail 8.14 installed will result in breakage when run against Postfix until Postfix milter support is updated unless you take extra care. Thanks for the heads up on that. I was not aware of that potential issue. Bryan
Re: Binary kernel and base update
On Apr 16, 2007, at 3:51 AM, Stuart Henderson wrote: On 2007/04/15 03:41, Bryan Vyhmeister wrote: (As an aside, how often do you update your -current systems varies; main desktop/laptop and any boxes I use when I'm working on anything to do with ports, fairly often. other machines - generally when there's a fix that I want or when there's something particular to test. OK. Thanks for the info. and do you run -current on production servers?) sometimes. I've probably got more production routers than servers running OpenBSD, almost all of the routers run varying degrees of -current. My DNS servers are running older versions of current that I need to update. I am always a little concerned that I am going to run into a show-stopping bug that would cause downtime for an important server such as a mail server. That's why there is -release and -stable I suppose. The biggest reason I see personally for running -current is to get access to newer ports. Bryan
Re: sk or em
Bryan Vyhmeister a icrit : On Apr 16, 2007, at 1:58 AM, Ronnie Garcia wrote: Clint Pachl a icrit : Ronnie Garcia wrote: Do you expect doing more than 100mbits with this hadware (with PF anabled) ? I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines pf.conf What is your packets/sec when your pushing 40Mbs? Does the traffic flow in one em and out the other or is the dual em in a trunk (i.e. 2Gbs)? Traffic gets in one em, is filtered by pf, and gets out from the other em (and the other way around). Its doing 11kpps in and 6kpps out of each em, plus 7kpps on the pfsync interface, which is a sis This brings up a question I have had for a while. Does pfsync generate enough traffic that running gigabit cards for your $ext_if and $int_if and a 100base-TX card for your pfsync interface cause a major bottleneck? It depends on the rate of the states changes. Here, we have ~30mbits on pfsync, for ~40mbits of traffic (!) -- Ronnie Garcia r.garcia at ovea dot com
openbgp not exporing ipv6 to routing tables
Hi, I have configured openbgpd on openbsd 4.0 (upgraded from 3.8) and there seems to be problem with IPv6. I have tried google and irc, but without success. I am receiving IPv6 prefixes just fine (791 from upstream transit, 140 from local IX), but they are not exported to kernel routing tables. Neighbor ASMsgRcvdMsgSentOutQ Up/Down State/PrefixRcvd [...] DE-CIX-IPv6-R26695 4609 4356 0 3d00h33m140 DE-CIX-IPv6-R16695 4749 4355 0 2d19h24m140 DE-CIX-IPv6-UP2 6695 12041 4356 0 3d00h33m791 DE-CIX-IPv6-UP1 6695 12035 4356 0 3d00h33m791 # route -n show -inet6 Routing tables Internet6: DestinationGatewayFlagsRefs UseMtu Interface ::/104 ::1UGRS0 0 - lo0 ::/96 ::1UGRS0 0 - lo0 ::1::1UH 12 0 33192 lo0 ::127.0.0.0/104::1UGRS0 0 - lo0 ::224.0.0.0/100::1UGRS0 0 - lo0 ::255.0.0.0/104::1UGRS0 0 - lo0 :::0.0.0.0/96 ::1UGRS0 0 - lo0 2001:678:1::/642001:678:1::1 U 0 0 - lo1 2001:678:1::1 link#7 UHL 0 0 - lo0 2001:7f8::/64 link#1 UC 6 0 - bge0 2001:7f8::1a27:0:2 00:30:48:42:02:5f UHLc0 2535 - bge0 2001:7f8::1a27:0:102 00:30:48:74:67:c4 UHLc0 36624 - bge0 2001:7f8::1a27:0:103 00:30:48:74:9c:1d UHLc0 17030 - bge0 2001:7f8::1a27:5051:c09d 00:30:48:42:03:bc UHLc1 2775 - bge0 2001:7f8::1a27:5051:c19d 00:30:48:41:d2:70 UHLc1 13163 - bge0 2001:7f8::20ad:0:1 00:12:1e:1b:c8:00 UHLc0 424 - bge0 2001:7f8::6268:0:1 00:15:60:55:89:1d UHL 0 0 - lo0 2001:7f8:0:5::/64 link#2 UC 3 0 - bge1 2001:7f8:0:5::28 00:30:48:42:02:5e UHLc0 2897 - bge1 2001:7f8:0:5:0:1a27:0:100:0a:b8:6b:dd:78 UHLc1 2225 - bge1 2001:7f8:0:5:0:1a27:1:100:19:06:23:b1:d8 UHLc1 18503 - bge1 2001:7f8:0:5:0:6268:0:100:15:60:55:89:1c UHL 0 0 - lo0 2002::/24 ::1UGRS0 0 - lo0 2002:7f00::/24 ::1UGRS0 0 - lo0 2002:e000::/20 ::1UGRS0 0 - lo0 2002:ff00::/24 ::1UGRS0 0 - lo0 fe80::/10 ::1UGRS0 0 - lo0 fe80::%bge0/64 link#1 UC 6 0 - bge0 fe80::214:f6ff:fe7e:43f0%bge0 00:14:f6:7e:43:f0 UHLc0 393 - bge0 fe80::215:60ff:fe55:891d%bge0 00:15:60:55:89:1d UHL 1 0 - lo0 fe80::230:48ff:fe41:d270%bge0 00:30:48:41:d2:70 UHLc0 1254 - bge0 fe80::230:48ff:fe42:25f%bge0 00:30:48:42:02:5f UHLc0 757 - bge0 fe80::230:48ff:fe42:3bc%bge0 00:30:48:42:03:bc UHLc0 1888 - bge0 fe80::230:48ff:fe74:67c4%bge0 00:30:48:74:67:c4 UHLc0 501 - bge0 fe80::230:48ff:fe74:9c1d%bge0 00:30:48:74:9c:1d UHLc0 29 - bge0 fe80::%bge1/64 link#2 UC 2 0 - bge1 fe80::20a:b8ff:fe6b:dd78%bge1 00:0a:b8:6b:dd:78 UHLc0 2878 - bge1 fe80::215:60ff:fe55:891c%bge1 00:15:60:55:89:1c UHL 0 0 - lo0 fe80::230:48ff:fe42:25e%bge1 00:30:48:42:02:5e UHLc0 860 - bge1 fe80::%lo0/64 fe80::1%lo0U 0 0 - lo0 fe80::1%lo0
encap routes
Hi all Does anybody know what the status of the problem described here is? http://archives.neohapsis.com/archives/openbsd/2005-12/0327.html The problem is that OBSD IPSec gateways will reject packets they have an SA for if they don't have an IP route to the destination (any route, default gw will suffice). Is it planned to be change the default behaviour? thx /markus
Architecture of console/terminal drivers
Hello! I would like to write a console driver for the Xbox port of OpenBSD. I have a framebuffer driver that can draw pixels, characters and strings on the screen, but I don't know how to implement a real console driver. I'm not even sure about the terms console, terminal, wscons, vcons. Is a wsdisplay driver enough? What functions do I have to implement? A part from the kernel configuration of NetBSD: xboxfb0 at pci? dev ? function ? # the framebuffer wsdisplay* at xboxfb? console ? and from NetBSD files.i386: device xboxfb: wsemuldisplaydev, rasops32, vcons attach xboxfb at pci file arch/i386/xbox/xboxfb.c xboxfb needs-flag I'm not sure what functions and structs I need. I have read the manpages wsdisplay and wscons. Thank you in advance, Markus
Re: pciide: ATI IXP 600 SATA
Hi Jonathan, With the patch, it finds the device, but no hard disks at all. I could send you a dmesg but it passes ahci and i can't see the messages it gives me. Then it enters on ddb and i cannot type (usb keyboard is not ready yet at this level). There's something i can do to it stops just after ahci loads, so i can write the messages somewhere? Thanks.
Multipath Routing and Routing Software
Good day, I am sorry if this has been answered in the past, I have googled the topic without getting real answers and thought it might be appropriate to post this question here: I have happily read about the multipath abilities introduced in 4.0, however the FAQ only cites an example with static routing which does no failover at all and requires manual intervention in case of a link failure. I would like to use OSPF on the job which has been working fine on OpenBSD 3.3 in the form of quagga for me for years now, but notabene only with failover on 2 highspeed links (16/18Mbit/s). Now i was wondering if either OpenOSPF or the quagga port would support ospf ecmp in OpenBSD 4.0 and I couldn't find any clear answer yet. This would give me the redundancy i already have, combined with doubled capacity if both links are operating. Thanks for any pointers in advance, Christoph -- Quis custodiet ipsos custodes?
Supermicro PDSMi-LN4+
Hi, Just installed 4.0 on a Supermicro PDSMi-LN4+, see dmesg below. Seems to work fine, just concerned about these messages: cpu0: unknown Core FSB_FREQ value 0 (0x4208) cpu1: unknown Core FSB_FREQ value 0 (0x4208) ioapic0: pin 16 shares different IPL interrupts (40..50), degraded performance ioapic0: pin 18 shares different IPL interrupts (40..50), degraded performance ioapic0: pin 19 shares different IPL interrupts (40..50), degraded performance unknown at iic0 addr 0x2f not configured (hw sensors?) Anyone out there who can explain what is going on? (I'll try 4.1 as soon as I revecive the disks) /Johan --- dmesg: --- OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 real mem = 1072128000 (1047000K) avail mem = 969924608 (947192K) using 4256 buffers containing 53710848 bytes (52452K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(3c) BIOS, date 02/05/07, BIOS32 rev. 0 @ 0xfd490, SMBIOS rev. 2.51 @ 0x3feea000 (30 entries) bios0: Supermicro PDSMi-LN4 pcibios0 at bios0: rev 2.1 @ 0xfd490/0xb70 pcibios0: PCI BIOS has 18 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801GB LPC rev 0x00) pcibios0: PCI bus #15 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) (INTELMUKILTEO) cpu0 at mainbus0: apid 0 (boot processor) cpu0: unknown Core FSB_FREQ value 0 (0x4208) cpu0: apic clock running at 266 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 9 is type PCI mainbus0: bus 10 is type PCI mainbus0: bus 11 is type PCI mainbus0: bus 12 is type PCI mainbus0: bus 15 is type PCI mainbus0: bus 16 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 3 pa 0xfecc, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0xc0 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0xc0 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci2 at ppb1 bus 2 Intel IOxAPIC rev 0x09 at pci1 dev 0 function 1 not configured ppb2 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci3 at ppb2 bus 9 em0 at pci3 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: apic 2 int 16 (irq 11), address 00:30:48:89:32:da ppb3 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x01 pci4 at ppb3 bus 10 em1 at pci4 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: apic 2 int 17 (irq 12), address 00:30:48:89:32:db ppb4 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x01 pci5 at ppb4 bus 11 em2 at pci5 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: apic 2 int 18 (irq 5), address 00:30:48:89:32:dc ppb5 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x01 pci6 at ppb5 bus 12 em3 at pci6 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: apic 2 int 19 (irq 11), address 00:30:48:89:32:dd uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int 23 (irq 10) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int 19 (irq 11) usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 2 int 18 (irq 5) usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 2 int 16 (irq 11) usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: apic 2 int 23 (irq 10) usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci7 at ppb6 bus 15 vga1 at pci7 dev 0 function 0 XGI Technology Volari Z7 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01:
Re: Multipath Routing and Routing Software
On 2007/04/16 18:32, Christoph Schneeberger wrote: Now i was wondering if either OpenOSPF or the quagga port would support ospf ecmp in OpenBSD 4.0 and I couldn't find any clear answer yet. Nothing in 4.0 or 4.1. -current has some code towards this, but iirc it's not complete yet. Apart from that ospfd works pretty nicely.
Re: isakmpd multiple tunnels
Thanks for the response. I should have been more clear. I am using isakmpd.conf and want to support multiple tunnels. Am I able to just add additional tunnels/lines under the [Phase 1] block that points to another relevant ISPEC configuration? Anyone? Thanks, Tim Hans-Joerg Hoexer wrote: On Thu, Apr 12, 2007 at 11:25:49AM -0600, Tim Pushor wrote: Hi friends, I'm looking to add another IPSEC connection to my openbsd 3.9 firewall. All examples I've seen are a single connection (phase 1). To support multiple vpn's tunnels, is it as simple as adding additional lines under [Phase 1] pointing to the new phase1 configuration block? yes. However, please take a look at ipsecctl(8) and ipsec.conf(5). HJ.
Re: openbgp not exporing ipv6 to routing tables
* Ond??ej Sur?? [EMAIL PROTECTED] [2007-04-16 17:40]: I have configured openbgpd on openbsd 4.0 (upgraded from 3.8) and there seems to be problem with IPv6. I have tried google and irc, but without success. I am receiving IPv6 prefixes just fine (791 from upstream transit, 140 from local IX), but they are not exported to kernel routing tables. do the v6 nexthops show up in bgpctl sh nex ? -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: OpenBSD/alpha Status
On Sunday 15 April 2007 15:23, Bryan Vyhmeister wrote: On Apr 15, 2007, at 3:08 PM, Siegbert Marschall wrote: Hi, On the other hand, there seems to be a 'the alpha bug' around. I don't think it's solved yet, and it's been around for a long time. Apparently, it causes random crashes. only on some machines. Any idea if it surfaces on dual processor CS20 machines? I have the opportunity to pick up three dual 833 Mhz CS20 machines. Bryan I've been told the alpha bug has been with us since (at least) OpenBSD 3.0 and many people have tried to solve it. As one of the people who tried, and (miserably) failed, to find the alpha bug, I can say it is really an esoteric problem. A lot of information points to a rare race condition (i.e. software fault) on particular system under particular loads but no one has managed to prove it either way. Heck, for all I know it could even be an unknown hardware glitch that never received an errata because no one at DEC/Compaq/HP ever noticed it with supported operating systems. I've never seen the alpha bug on my DS20L (equivalent to the CS20) or my 500/500 but I have seen it on my PC* boxes. Other people have had the exact opposite experience. The only time I've hit the bug was during system builds and in contrast, others have reported hitting the bug at other times during normal operation. -- The trouble is, when you have a strange mystery bug floating out there, it may or may not be correctly blamed for any and all problems. -jcr
SMP: Software Interrupts/ipending
Hi, I'm studying the interrupt handling of the OpenBSD 4.0 GENERIC.MP kernel. 1.) There is the softintr() method that registers a software interrupt in the ipending variable, which is handled in Xdoreti on return from an interrupt. machdep.c: 4463 void 4464 softintr(int sir, int vec) 4465 { 4466 __asm __volatile(orl %1, %0 : =m (ipending) : ir (sir)); 4467 #ifdef MULTIPROCESSOR 4468 i82489_writereg(LAPIC_ICRLO, 4469 vec | LAPIC_DLMODE_FIXED | LAPIC_LVL_ASSERT | APIC_DEST_SELF); 4470 #endif 4471 } In the MP case softintr() will also generate in line 4468 an interrupt through the IPI mechanism. Why doesn't softintr() just use the IPI mechanism in the MP case? 2.) Software interrupts registered through ipending get handled in Xdoreti (and on splx()). For an pending interrupt in ipending at position i the execution goes on at Xresume[i]. In the MP case only the soft interrupts Xsoftty, Xsoftnet, Xsoftclock got a chance to be called from Xresume since the other once are leftovers from the old PIC? Therefore Xresume_legacy1, ... Greetings, Robert
carp compatibility 4.0 - current
Hi guys, I have a two redundant OpenBSD firewalls with carp. Both is version 4.0. I am planning to upgrade the one in the BACKUP state to -current and a few days/weeks later the other one. But I am wondering if is there any change in pfsync or carp protocol which will force me to upgrade both at the same time to retain a proper failover capability. IIRC simmilar change happend at 3.8, that's why I am asking. Thanks in advance, cstamas -- Life is complex - It has real and imaginary parts. -- Andrea Leistra CSILLAG Tamas (cstamas) - http://digitus.itk.ppke.hu/~cstamas
xenocara in /usr/src can cause problems ?
Hi all, I follow current and it seems to me strange that xenocara is under /usr/src. I have my src tree in /usr/src and xenocara in /usr/src/xenocara. So when I update my src tree with cvs it seems that I have problems : on one computer (src tree originally from CD) cvs never finish and on an other (src tree from a cvs mirror) the command : # cd /usr/src # cvs -d $CVSROOT -q up -Pd Cvs update xenocara tree : P share/man/man4/Makefile U share/man/man4/nx.4 P share/man/man4/tht.4 P sys/dev/pci/files.pci U sys/dev/pci/if_nx.c U sys/dev/pci/if_nxreg.h P sys/dev/pci/if_tht.c P xenocara/app/fvwm/extras/FvwmScript/FvwmScript.1 P xenocara/app/fvwm/modules/FvwmSaveDesk/FvwmSaveDesk.1 I wonder if it's intended. Kind regards, Cedric
Re: sk or em
* Bryan Vyhmeister [EMAIL PROTECTED] [2007-04-16 20:45]: On Apr 16, 2007, at 8:24 AM, Ronnie Garcia wrote: Bryan Vyhmeister a icrit : This brings up a question I have had for a while. Does pfsync generate enough traffic that running gigabit cards for your $ext_if and $int_if and a 100base-TX card for your pfsync interface cause a major bottleneck? It depends on the rate of the states changes. Here, we have ~30mbits on pfsync, for ~40mbits of traffic (!) Based on this, I would say that it is important to have gigabit cards throughout if you plan on getting much more than 100 Mbps throughput in your firewall. err. no. the ratio gets better on more thruput. and of course it depends on traffic patterm Has anyone ever experimented with using a separate VLAN for pfsync traffic on a gigabit card? Is that even possible? should work -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: OpenBSD/alpha Status
On Monday 16 April 2007 12:06, Maurice Janssen wrote: On Monday, April 16, 2007 at 11:30:29 -0700, Bryan Vyhmeister wrote: On Apr 16, 2007, at 10:39 AM, J.C. Roberts wrote: I've never seen the alpha bug on my DS20L (equivalent to the CS20) or my 500/500 but I have seen it on my PC* boxes. Other people have had the exact opposite experience. The only time I've hit the bug was during system builds and in contrast, others have reported hitting the bug at other times during normal operation. -- The trouble is, when you have a strange mystery bug floating out there, it may or may not be correctly blamed for any and all problems. Thank you for the followup. I guess I will just try and see what happens. I should dig out my PC164 whatever box and see if it exhibits the issue. FWIW: the bug seems to occur at my 3000/300X, but only during heavy load like 'make build'. I never finished such a build, but I only tried a few times. Maurice I just thought of something which might be worth a try on systems that show the bug during system builds; use nice(1) to lower the build priority. It's a long shot, and I haven't tried it, but it *might* be a useful work around. Then again, it might be a waste of time. -jcr
Re: sk or em
On 4/16/07, Ronnie Garcia [EMAIL PROTECTED] wrote: Bryan Vyhmeister a icrit : On Apr 16, 2007, at 1:58 AM, Ronnie Garcia wrote: Clint Pachl a icrit : Ronnie Garcia wrote: Do you expect doing more than 100mbits with this hadware (with PF anabled) ? I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines pf.conf What is your packets/sec when your pushing 40Mbs? Does the traffic flow in one em and out the other or is the dual em in a trunk (i.e. 2Gbs)? Traffic gets in one em, is filtered by pf, and gets out from the other em (and the other way around). Its doing 11kpps in and 6kpps out of each em, plus 7kpps on the pfsync interface, which is a sis This brings up a question I have had for a while. Does pfsync generate enough traffic that running gigabit cards for your $ext_if and $int_if and a 100base-TX card for your pfsync interface cause a major bottleneck? It depends on the rate of the states changes. Here, we have ~30mbits on pfsync, for ~40mbits of traffic (!) On our college campus with 50Mbps, we see ~8Mbps pfsync traffic. Your ratio amazes me... What type of environment is that in? -- Kian Mohageri
Re: sk or em
On Apr 16, 2007, at 2:34 PM, Bryan Vyhmeister wrote: On Apr 16, 2007, at 8:24 AM, Ronnie Garcia wrote: Bryan Vyhmeister a icrit : This brings up a question I have had for a while. Does pfsync generate enough traffic that running gigabit cards for your $ext_if and $int_if and a 100base-TX card for your pfsync interface cause a major bottleneck? It depends on the rate of the states changes. Here, we have ~30mbits on pfsync, for ~40mbits of traffic (!) Based on this, I would say that it is important to have gigabit cards throughout if you plan on getting much more than 100 Mbps throughput in your firewall. Has anyone ever experimented with using a separate VLAN for pfsync traffic on a gigabit card? Is that even possible? Of course. You could do a 3-homed firewall using a single physical interface with VLANs. Not that you *should*, but you *could*. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: xenocara in /usr/src can cause problems ?
I follow current and it seems to me strange that xenocara is under /usr/src. I have my src tree in /usr/src and xenocara in /usr/src/xenocara. So when I update my src tree with cvs it seems that Strangeness is a matter of personal choice. You do not have to put xenocara under /usr/src, it is just that /usr/src/xenocara is the default location. I have problems : on one computer (src tree originally from CD) cvs never finish and on an other (src tree from a cvs mirror) the command This is a local configuration issue on your machine. If you look in /usr/src/CVS/Entries you'll see a line that looks something like D/xenocara which is an instruction to the cvs process on your machine to access the xenocara directory when doing updates and other cvs operations. If you don't want xenocara automatically updated when doing a cvs up in /usr/src simply remove that line from the file.Instead of entering the xenocara directory and doing an update the cvs process will simply print ? xenocara and otherwise skip the directory. You can then cd /usr/src/xenocara; cvs up when you wish to update the xenocara code. There may be a proper way to do what I've suggested using cvs, but I've always found it easier to edit the Entries file. // marc
Re: xenocara in /usr/src can cause problems ?
Something went wrong when you pulled the tree down. Last I checked xenocara should be under /usr like XF4 is and not under your src directory. /usr/src should only contain the kernel and userland for the base system. Someone correct me if I'm wrong. Shane Cedric Brisseau wrote: Hi all, I follow current and it seems to me strange that xenocara is under /usr/src. I have my src tree in /usr/src and xenocara in /usr/src/xenocara. So when I update my src tree with cvs it seems that I have problems : on one computer (src tree originally from CD) cvs never finish and on an other (src tree from a cvs mirror) the command : # cd /usr/src # cvs -d $CVSROOT -q up -Pd Cvs update xenocara tree : P share/man/man4/Makefile U share/man/man4/nx.4 P share/man/man4/tht.4 P sys/dev/pci/files.pci U sys/dev/pci/if_nx.c U sys/dev/pci/if_nxreg.h P sys/dev/pci/if_tht.c P xenocara/app/fvwm/extras/FvwmScript/FvwmScript.1 P xenocara/app/fvwm/modules/FvwmSaveDesk/FvwmSaveDesk.1 I wonder if it's intended. Kind regards, Cedric
Hostated not clearing pf states?
On weekend I decided to give a try for hoststated on OpenBSD 4.1 compiled from source, and I noticed a problem when using sticky-address in hoststated service. Let's say you have 2 hosts defined in webhosts table: webhost1=10.10.10.11 webhost2=10.10.10.12 table webhosts { real port http check http / code 200 host $webhost1 host $webhost2 } And service www looks like this: service www { virtual host $ext_addr port http # tag every packet that goes thru the rdr rule with HOSTSTATED tag HOSTSTATED table webhosts } Now if webhost1 dies, all requests goes to webhost2 and it failover is successful. If we add sticky-address to www service, and webhost2 dies looks like sticky-address still sends all request from same client to webhost2 even if it's dead as long as you have state in pf: pfctl -vvvss |grep x.x.x.x all tcp 10.10.10.12:443 - 72.26.99.52:443 - x.x.x.x:20763 TIME_WAIT:TIME_WAIT all tcp x.x.x.x:20763 - 10.10.10.12:443 TIME_WAIT:TIME_WAIT After state times out, it will actually fail over to webhost1, but if you are trying to load balance really active hosts, each time client tries to connect to webhost2 it starts new state and effectively resets timeout counter. Tautvydas
Re: isakmpd multiple tunnels
On Mon, Apr 16, 2007 at 10:59:41AM -0600, Tim Pushor wrote: Thanks for the response. I should have been more clear. I am using isakmpd.conf and want to support multiple tunnels. Am I able to just add additional tunnels/lines under the [Phase 1] block that points to another relevant ISPEC configuration? yes. Anyone? Thanks, Tim Hans-Joerg Hoexer wrote: On Thu, Apr 12, 2007 at 11:25:49AM -0600, Tim Pushor wrote: Hi friends, I'm looking to add another IPSEC connection to my openbsd 3.9 firewall. All examples I've seen are a single connection (phase 1). To support multiple vpn's tunnels, is it as simple as adding additional lines under [Phase 1] pointing to the new phase1 configuration block? yes. However, please take a look at ipsecctl(8) and ipsec.conf(5). HJ.
Re: sk or em
Kian Mohageri a icrit : On 4/16/07, Ronnie Garcia [EMAIL PROTECTED] wrote: Bryan Vyhmeister a icrit : On Apr 16, 2007, at 1:58 AM, Ronnie Garcia wrote: Clint Pachl a icrit : Ronnie Garcia wrote: Do you expect doing more than 100mbits with this hadware (with PF anabled) ? I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines pf.conf What is your packets/sec when your pushing 40Mbs? Does the traffic flow in one em and out the other or is the dual em in a trunk (i.e. 2Gbs)? Traffic gets in one em, is filtered by pf, and gets out from the other em (and the other way around). Its doing 11kpps in and 6kpps out of each em, plus 7kpps on the pfsync interface, which is a sis This brings up a question I have had for a while. Does pfsync generate enough traffic that running gigabit cards for your $ext_if and $int_if and a 100base-TX card for your pfsync interface cause a major bottleneck? It depends on the rate of the states changes. Here, we have ~30mbits on pfsync, for ~40mbits of traffic (!) On our college campus with 50Mbps, we see ~8Mbps pfsync traffic. Your ratio amazes me... What type of environment is that in? Content delivery (web servers, streaming). Approx 100 servers. -- Ronnie Garcia r.garcia at ovea dot com
Re: OpenBSD/alpha Status
On Mon, Apr 16, 2007 at 12:33:09PM -0700, J.C. Roberts wrote: On Monday 16 April 2007 12:06, Maurice Janssen wrote: On Monday, April 16, 2007 at 11:30:29 -0700, Bryan Vyhmeister wrote: On Apr 16, 2007, at 10:39 AM, J.C. Roberts wrote: I've never seen the alpha bug on my DS20L (equivalent to the CS20) or my 500/500 but I have seen it on my PC* boxes. Other people have had the exact opposite experience. The only time I've hit the bug was during system builds and in contrast, others have reported hitting the bug at other times during normal operation. -- The trouble is, when you have a strange mystery bug floating out there, it may or may not be correctly blamed for any and all problems. Thank you for the followup. I guess I will just try and see what happens. I should dig out my PC164 whatever box and see if it exhibits the issue. FWIW: the bug seems to occur at my 3000/300X, but only during heavy load like 'make build'. I never finished such a build, but I only tried a few times. Maurice I just thought of something which might be worth a try on systems that show the bug during system builds; use nice(1) to lower the build priority. It's a long shot, and I haven't tried it, but it *might* be a useful work around. Then again, it might be a waste of time. Just curious: why do you think this helps? It's not like nice'ing the only process on the box that uses any real resources helps, does it? Joachim -- TFMotD: tl (4) - Texas Instruments ThunderLAN 10/100 Ethernet device
Re: xenocara in /usr/src can cause problems ?
On Mon, Apr 16, 2007 at 01:51:19PM -0600, Shane Harbour wrote: Something went wrong when you pulled the tree down. Last I checked xenocara should be under /usr like XF4 is and not under your src directory. /usr/src should only contain the kernel and userland for the base system. Someone correct me if I'm wrong. release(8) says ``Xenocara sources are supposed to be in XSRCDIR which defaults to /usr/src/xenocara.''
Re: carp compatibility 4.0 - current
On Mon, Apr 16, 2007 at 09:15:11PM +0200, Csillag Tamas wrote: Hi guys, I have a two redundant OpenBSD firewalls with carp. Both is version 4.0. I am planning to upgrade the one in the BACKUP state to -current and a few days/weeks later the other one. But I am wondering if is there any change in pfsync or carp protocol which will force me to upgrade both at the same time to retain a proper failover capability. IIRC simmilar change happend at 3.8, that's why I am asking. You'll have to ask someone with more knowledge, but I don't recall seeing any big changes. Although I seem to recall someone proposing to change advskew or something like that, I don't know what became of that. Joachim -- TFMotD: vhold (9) - acquire a hold on a vnode
Re: encap routes
On Mon, Apr 16, 2007 at 05:52:05PM +0200, Markus Wernig wrote: Hi all Does anybody know what the status of the problem described here is? http://archives.neohapsis.com/archives/openbsd/2005-12/0327.html The problem is that OBSD IPSec gateways will reject packets they have an SA for if they don't have an IP route to the destination (any route, default gw will suffice). Is it planned to be change the default behaviour? Quite possibly not. Why? What is the problem? Joachim -- TFMotD: arp (4) - Address Resolution Protocol
Re: OpenBSD/alpha Status
Hi, On Monday 16 April 2007 12:06, Maurice Janssen wrote: On Monday, April 16, 2007 at 11:30:29 -0700, Bryan Vyhmeister wrote: On Apr 16, 2007, at 10:39 AM, J.C. Roberts wrote: I've never seen the alpha bug on my DS20L (equivalent to the CS20) or my 500/500 but I have seen it on my PC* boxes. Other people have had the exact opposite experience. The only time I've hit the bug was during system builds and in contrast, others have reported hitting the bug at other times during normal operation. -- The trouble is, when you have a strange mystery bug floating out there, it may or may not be correctly blamed for any and all problems. Thank you for the followup. I guess I will just try and see what happens. I should dig out my PC164 whatever box and see if it exhibits the issue. FWIW: the bug seems to occur at my 3000/300X, but only during heavy load like 'make build'. I never finished such a build, but I only tried a few times. Maurice I just thought of something which might be worth a try on systems that show the bug during system builds; use nice(1) to lower the build priority. It's a long shot, and I haven't tried it, but it *might* be a useful work around. Then again, it might be a waste of time. oh mann, crap it. I have 2 3000-300LX and one 3000-300X. I had the LXs crashing on me, the X never crashed. swapped the CPU-Boards and I had the other machine crashing. okay, so the 300X modules crash, just mine doesn't or takes a _long_ time to do so. let's see what the upcoming patch does. do you also get funny LLSC memory error messages when you run the builtin tests ? I had the impression the stuff was related but couldn't find one with intimate enough knowledge of the hardware to dig it and the cpu-manuals one can download are rather useless in this context. apart from the fact that those errors should not show up in a single cpu-system. you have to run the test a few times to get them, they only show up sometimes. kind of explains why it's rare in DS20s, with multiple CPUs LLSC error make the machine useless on single CPUs they shouldn't be there but don't kill it since there is only one cache. however, right now they are all off. as soon as something to test comes up I will power them up again and test. -sm
Re: Mail Server (seeking recommendations)
On 4/16/07, Bryan Vyhmeister [EMAIL PROTECTED] wrote: On Apr 16, 2007, at 4:43 AM, Craig Skinner wrote: At an ISP that I worked for, all user config data was held in postgres. When fields were changed, new flat files were generated (passwd, shell.allow, ftpusers, apache, quota, etc, etc). The files were then scp'd to the various server farms from the postgres box. That is an idea I had not thought of. Thank you for the suggestion. That might be a much better way of working with a database. Having the mail daemons use SQL for auth was too slow. would using postgreSQL for auth with postfix / Dovecot be slow even if you used top of the line hardware say a dual core CPU and 4GB memory w/ RAID 0?I am thinking very strongly about moving our Exchange Server to postfix / PostgresSQL. Customers and support staff had web interfaces to postgres for config of services. I am going to have to look into that. Also, thanks to others for the exim info as well as the vote for courier-imapd. I have used courier- imapd and I found it to be a pretty good platform but I like dovecot better personally. Bryan
Re: openbgp not exporing ipv6 to routing tables
Henning Brauer pm9e v Po 16. 04. 2007 v 19:06 +0200: * Ond??ej Sur?? [EMAIL PROTECTED] [2007-04-16 17:40]: I have configured openbgpd on openbsd 4.0 (upgraded from 3.8) and there seems to be problem with IPv6. I have tried google and irc, but without success. I am receiving IPv6 prefixes just fine (791 from upstream transit, 140 from local IX), but they are not exported to kernel routing tables. do the v6 nexthops show up in bgpctl sh nex ? They do: # bgpctl sh next Nexthop State 2001:7f8:: valid bge0UP, Ethernet, active, 100 MBit/s [...] # bgpctl sh next | grep 2001 | wc -l 32 Sorry for not revealing IP addresses, I am not sure if I can. Full list can be sent directly to you upon request. Ondrej -- Ondxej Sur} [EMAIL PROTECTED] *** http://blog.rfc1925.org/ Kulturnm obhasnmk *** http://www.obcasnik.cz/
Re: Dell Latitude D820
On Fri, 13 Apr 2007, Siju George wrote: X -configure produced a configuration file which just worked :-) Mailing from that Laptop usinf Firefox2 :-) One problem still persists. X works only 800x600 resolution. I have the exact same problem here under a Dell Latitude D820 too. I'm running the latest snap. Obviously, something's wrong with the nv driver and the NVidia 7300 Go. I won't post a dmesg/Xorg.log are they're exactly the same that Siju posted. For now, one can use the vesa driver to get a better resolution, but it's not easy on the eyes ;) -- Antoine
Re: OpenBSD/alpha Status
I just thought of something which might be worth a try on systems that show the bug during system builds; use nice(1) to lower the build priority. It's a long shot, and I haven't tried it, but it *might* be a useful work around. Then again, it might be a waste of time. Just curious: why do you think this helps? It's not like nice'ing the only process on the box that uses any real resources helps, does it? It does not change anything wrt this problem. Miod
Re: OpenBSD/alpha Status
On Monday, April 16, 2007 at 12:33:09 -0700, J.C. Roberts wrote: On Monday 16 April 2007 12:06, Maurice Janssen wrote: FWIW: the bug seems to occur at my 3000/300X, but only during heavy load like 'make build'. I never finished such a build, but I only tried a few times. I just thought of something which might be worth a try on systems that show the bug during system builds; use nice(1) to lower the build priority. It's a long shot, and I haven't tried it, but it *might* be a useful work around. Then again, it might be a waste of time. Could be bad luck, but it seems to have the opposite effect. It panic'd after a few minutes (details below), while up to now it used to run many hours before it panic'd. Maurice panic: trap Stopped at Debugger+0x4: ret zero,(ra) RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb ps PID PPID PGRPUID S FLAGS WAIT COMMAND *15298 27518 17937 0 3 0x4006 netio cat 27518 22909 17937 0 3 0x4086 pause sh 22909 12217 17937 0 3 0x4086 pause sh 12217 9940 17937 0 3 0x4086 wait make 9940 13807 17937 0 3 0x4086 pause sh 13807 20226 17937 0 3 0x4086 wait make 20226 1148 17937 0 3 0x4086 pause sh 1148 17567 17937 0 3 0x4086 wait make 17567 17937 17937 0 3 0x4086 pause sh 17937 6783 17937 0 3 0x4086 wait make 6783 15405 6783 0 3 0x4086 pause ksh 15405 23322 15405 1000 3 0x4086 pause ksh 23322 9574 9574 1000 3 0x184 select sshd 9574918 9574 0 3 0x4184 netio sshd 19985 1 19985 1000 3 0x4086 ttyin ksh 8836 1 8836 0 30x84 select cron 24506 1 24506 0 3 0x40184 select sendmail 918 1918 0 30x84 select sshd 430 1430 0 3 0x184 select inetd 20290 0 0 0 30x100284 nfsidl nfsio 12060 0 0 0 30x100284 nfsidl nfsio 21537 0 0 0 30x100284 nfsidl nfsio 3000 0 0 0 30x100284 nfsidl nfsio 8612 1 8612 0 30x84 poll ntpd 24754 1 24754 83 3 0x184 poll ntpd 12430 13175 13175 73 3 0x184 poll syslogd 13175 1 13175 0 30x8c netio syslogd 8 0 0 0 30x100204 crypto_wa crypto 7 0 0 0 30x100204 aiodoned aiodoned 6 0 0 0 20x100204 update 5 0 0 0 30x100204 cleanercleaner 4 0 0 0 30x100204 reaper reaper 3 0 0 0 30x100204 pgdaemon pagedaemon 2 0 0 0 30x100204 pftm pfpurge 1 0 1 0 3 0x4084 wait init 0 -1 0 0 3 0x80204 scheduler swapper ddb trace Debugger(6, fc85ba38, 0, 0, fe00056df610, 8) at Debugger+0x4 panic(fc837e04, 1, 0, 2, fe00056df760, fe00056dfa2c) at panic+0 x130 trap(?, ?, 0, 2, fe00056df760, fe00056dfa2c) at trap+0x55c XentMM(?, ?, 0, 2, ?, fe00056dfa2c) at XentMM+0x20 pmap_activate(fc8e23a0, fe00056dc000, fc7cb3e9, 1400, 0, ff fffe00056dfa2c) at pmap_activate+0x24 cpu_switch(?, ?, fc7cb3e9, 1400, 0, fe00056dfa2c) at cpu_switch+0xfc cpu_switch(?, ?, fc7cb3e9, 1400, 0, fe00056dfa2c) at cpu_switch+0xfc cpu_switch(?, ?, fc7cb3e9, 1400, 0, fe00056dfa2c) at cpu_switch+0xfc cpu_switch(?, ?, fc7cb3e9, 1400, 0, fe00056dfa2c) at cpu_switch+0xfc cpu_switch(?, ?, fc7cb3e9, 1400, 0, fe00056dfa2c) at cpu_switch+0xfc cpu_switch(?, ?, fc7cb3e9, 1400, 0, fe00056dfa2c) at cpu_switch+0xfc this last line keeps repeating
Re: Mail Server (seeking recommendations)
On Mon, Apr 16, 2007 at 03:48:00PM -0500, Sam Fourman Jr. wrote: On 4/16/07, Bryan Vyhmeister [EMAIL PROTECTED] wrote: On Apr 16, 2007, at 4:43 AM, Craig Skinner wrote: At an ISP that I worked for, all user config data was held in postgres. When fields were changed, new flat files were generated (passwd, shell.allow, ftpusers, apache, quota, etc, etc). The files were then scp'd to the various server farms from the postgres box. That is an idea I had not thought of. Thank you for the suggestion. That might be a much better way of working with a database. Having the mail daemons use SQL for auth was too slow. would using postgreSQL for auth with postfix / Dovecot be slow even if you used top of the line hardware say a dual core CPU and 4GB memory w/ RAID 0?I am thinking very strongly about moving our Exchange Server to postfix / PostgresSQL. That depends on the load, but it's certainly faster to use something less heavy than a RDBMS - which is very good and very fast at what it does, but what it does isn't 'simple key-value lookups'. On that topic, MySQL might perform better here. Joachim -- PotD: x11/xpostit - PostIt (R) messages onto your X11 screen
Re: pciide: ATI IXP 600 SATA
Jonathan, I get the dmesg of ahci identifying my card. If you want to send me more patchs to test it's ok. I need to set tty com0 at boot.conf and unplug my usb devices from it to boot (kbd and mouse, this machine don't have PS/2). It's strange, after the bootloader timeouts and start to load kernel, it stops at entry point xxx and then i need to type something to load the kernel.. w/o usb devices, it boot fine. below is dmesg [ using 598688 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2007 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.1-current (GENERIC.MP) #3: Mon Apr 16 18:35:20 BRT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1038069760 (1013740K) avail mem = 877133824 (856576K) using 22937 buffers containing 104013824 bytes (101576K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (68 entries) bios0: Dell Inc. OptiPlex 320 acpi0 at mainbus0: rev 2 acpi0: tables DSDT FACP SSDT APIC BOOT MCFG HPET SLIC acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Pentium(R) D CPU 3.00GHz, 3000.48 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,C xTPR,NXE,LONG cpu0: 2MB 64b/line 8-way L2 cache cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) D CPU 3.00GHz, 3000.11 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16, xTPR,NXE,LONG cpu1: 2MB 64b/line 8-way L2 cache ioapic0 at mainbus0 apid 8 pa 0xfec0, version 21, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 8 acpiprt0 at acpi0: bus 1 (PCI1) acpiprt1 at acpi0: bus 0 (PCI2) acpiprt2 at acpi0: bus 0 (PCI3) acpiprt3 at acpi0: bus 0 (PCI4) acpiprt4 at acpi0: bus 0 (PCI5) acpiprt5 at acpi0: bus 0 (PCI6) acpiprt6 at acpi0: bus 0 (PCI8) acpiprt7 at acpi0: bus 2 (PCI7) acpiprt8 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: CPU0: acpicpu1: C2 not supported acpicpu1: C3 not supported no performance/throttling supported acpicpu1 at acpi0: CPU1: acpicpu2: C2 not supported acpicpu2: C3 not supported no performance/throttling supported acpicpu2 at acpi0: CPU2: acpicpu3: C2 not supported acpicpu3: C3 not supported no performance/throttling supported acpicpu3 at acpi0: CPU3: acpicpu4: C2 not supported acpicpu4: C3 not supported no performance/throttling
Re: OpenBSD/alpha Status
On Monday 16 April 2007 14:14, Maurice Janssen wrote: I just thought of something which might be worth a try on systems that show the bug during system builds; use nice(1) to lower the build priority. It's a long shot, and I haven't tried it, but it *might* be a useful work around. Then again, it might be a waste of time. Could be bad luck, but it seems to have the opposite effect. It panic'd after a few minutes (details below), while up to now it used to run many hours before it panic'd. Damn. It didn't work but it was a long shot to begin with. At least we know timing/priority does affect when/how quickly the bug surfaces. Just out of curiosity, what exact command did you run to get the results you posted. Was it something like this: # cd /usr/src/sys/arch/alpha/conf # config GENERIC # cd ../compile/GENERIC # make clean make depend # nice make ? I think I'll dust off one the alphas and give this another shot. At the moment, I've got far too much hair which is in dire need of being pulled out in frustration... ;-) -jcr
4.0-stable lockup
Hello, I am experiencing lockups every 24-48 hours. I think the problem is somewhere in my high network usage, but I can't find out the source of the problem. # netstat -m 1300 mbufs in use: 1289 mbufs allocated to data 7 mbufs allocated to packet headers 4 mbufs allocated to socket names and addresses 772/808/6144 mbuf clusters in use (current/peak/max) 1972 Kbytes allocated to network (94% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Any idea how to diagnose the problem? =DMESG= OpenBSD 4.0-stable (fbs) #0: Wed Mar 28 20:22:57 CEST 2007 [EMAIL PROTECTED]:/data/kernel cpu0: AMD Opteron(tm) Processor 146 (AuthenticAMD 686-class, 1024KB L2 cache) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 real mem = 1073246208 (1048092K) avail mem = 970592256 (947844K) using 4256 buffers containing 53764096 bytes (52504K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 07/15/06, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.4 @ 0xf8e00 (50 entries) bios0: Supermicro H8SSL pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4f50/160 (8 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1166 product 0x0205 pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x2000! 0xca000/0x1600 0xcb800/0x1600 0xcd000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) ppb0 at pci0 dev 1 function 0 ServerWorks HT-1000 PCI rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 13 function 0 ServerWorks HT-1000 PCIX rev 0xb2 pci2 at ppb1 bus 2 em0 at pci2 dev 1 function 0 Intel PRO/1000MT (82546GB) rev 0x03: irq 9, address 00:04:23:d0:93:60 em1 at pci2 dev 1 function 1 Intel PRO/1000MT (82546GB) rev 0x03: irq 5, address 00:04:23:d0:93:61 bge0 at pci2 dev 3 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 7, address 00:30:48:5b:0a:88 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 3 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 9, address 00:30:48:5b:0a:89 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 pciide0 at pci1 dev 14 function 0 ServerWorks SATA rev 0x00: DMA pciide0: using irq 11 for native-PCI interrupt pciide0: port 0: device present, speed: 1.5Gb/s wd0 at pciide0 channel 0 drive 0: WDC WD2500KS-00MJB0 wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: port 1: device present, speed: 1.5Gb/s wd1 at pciide0 channel 1 drive 0: WDC WD2500KS-00MJB0 wd1: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: port 2: PHY offline pciide0: port 3: PHY offline pciide1 at pci1 dev 14 function 1 ServerWorks SATA rev 0x00 piixpm0 at pci0 dev 2 function 0 ServerWorks HT-1000 rev 0x00: polling iic0 at piixpm0 admcts0 at iic0 addr 0x2c pciide2 at pci0 dev 2 function 1 ServerWorks HT-1000 IDE rev 0x00: DMA atapiscsi0 at pciide2 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E-N, 1.AA SCSI0 5/cdrom removable cd0(pciide2:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 0 pcib0 at pci0 dev 2 function 2 ServerWorks HT-1000 LPC rev 0x00 ohci0 at pci0 dev 3 function 0 ServerWorks HT-1000 USB rev 0x01: irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered ohci1 at pci0 dev 3 function 1 ServerWorks HT-1000 USB rev 0x01: irq 10, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0 at pci0 dev 3 function 2 ServerWorks HT-1000 USB rev 0x01: irq 10 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: ServerWorks EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with 4 removable, self powered vga1 at pci0 dev 5 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at
If you get this
Drop me a note. Bill Sporcich Lockheed Martin Information Services 509-372-3941 Desk 509-438-0718 Cell
driver question
This was likely answered before. I went hunting and seemed to not find a solid answer, thus, after the time of looking, I figured I need to take the moment to ask I have a quad Xeon 700 Dell 6450 with 4 146gig scsi drives connected to a perc 2/dc controller. The drives are setup properly, I can run FreeBSD 6.2 on it without issue. The thing is, I like OpenBSD and want to run it. can I get any suggestions on it. It's controller firmware is older. When I try to boot to install it, it basically tells me there is no disks. I'm trying with my purchased OpenBSD 4.0 CD Again, sorry if the question was asked before, after spending some time looking and seeing Freebsd work without issue, it was time to come and ask to see what I can, if possible, do to get Open running on this box. Thanks James
Re: Dell Latitude D820
On 4/17/07, Antoine Jacoutot [EMAIL PROTECTED] wrote: For now, one can use the vesa driver to get a better resolution, but it's not easy on the eyes ;) Could you please send me the xorg.conf file that gives a resolution over 800x600? Thankyou so much kind Regards Siju
Re: 4.0-stable lockup
Any idea how to diagnose the problem? Turn on as much verbose logging as you can and see what you get. Do you get any kernel crash messages on the console when the machine hangs or does it just hang up and die? Your first port of call is to get the system logs out of the machine. Sending them to the console is a start. Sending them to another machine via serial will let you go back through them after it's crashed and look for symptoms. I don't know enough about the guts of OpenBSD to help diagnose the crash, but is there a way to turn on verbose kernel logging? If there is that would help narrow things down a little. It's difficult to diagnose a problem like this, but clear your mind of assumptions. It could be anything - bad memory, bad CPU, bad network card, bad software, bad disks, etc. You need to start ruling out all of those things. In my experience hard lockup are almost always due to failing hardware rather than the OS (unless you're running unstable development drivers for bleeding edge hardware). Memory can be stressed by hefty compiles. Building the kernel is a good test. Does a kernel compile succeed? How about if you use make -j 4 to run 4 tasks in parallel and use up more RAM? That also stresses the CPU. You could boot one of those *cough* Linux live CDs with a memory tester on it and run a memory test overnight to look for failures but that's not reliable in many border cases. Are the disks OK? Smart can be used to check for some kinds of errors. Look in the logs for disk access failures. Finally, if you think it's network related unplug the network and stress test the machine. Try a different NIC if you have one lying about. Regards, A
Re: 4.0-stable lockup
On 2007/04/16 23:44, Mitja wrote: I am experiencing lockups every 24-48 hours. I think the problem is somewhere in my high network usage, but I can't find out the source of the problem. bios0: Supermicro H8SSL It's mostly the PAE pmap-related bug (reverted before 4.1-release), but I think there is also some problem with the non-ACPI irq tables with the BIOS shipped with the motherboards, I think this is also fixed on the newer BIOS. Run them on 4.1 or -current with either ACPI enabled or latest BIOS and they should be happy. Mine (single-core) are much better with bsd.mp for the APICs. I have a bunch of these, mostly as routers (bgpd/ospfd which are great). I prefer them to Sun X2100 after I got those problems fixed (PCI slot which accepts ebay'd fibre cards, two half-decent NICs onboard rather than one and an nfe, and I found them easier to buy). em0 at pci2 dev 1 function 0 Intel PRO/1000MT (82546GB) rev 0x03: irq 9, address 00:04:23:d0:93:60 em1 at pci2 dev 1 function 1 Intel PRO/1000MT (82546GB) rev 0x03: irq 5, address 00:04:23:d0:93:61 If you have any problems with the em(4), try jumpering the pci-x for 66MHz rather than auto, there's definitely some problem with the newer quad cards and 133 on these boards, which might apply to the other cards. There is also a jumper you can do to force power-on after power failure, which is very useful if they're remote.
Re: Mail Server (seeking recommendations)
On 4/13/07, Steven Presser [EMAIL PROTECTED] wrote: Hello, I'm working for a small company which has settled on OpenBSD as its server software (because the security is excellent). We have settled on what software to use for everything but the mail server. I'd like to request recommendations from the knowledgeable people of this list. The priorities for the mail server are: 1. Security 2. Usability (for the end user - not everyone is technically skilled, although the setup can be done for anyone who needs help) 3. Ease of setup 4. Scaleability Obviously the first is by far the most important. The other three are more perks than anything else. Throwing in another vote for Dovecot for IMAP. I'm stuck with Qmail at the moment (works fine), but Postfix is nice. As for webmail, I haven't heard Roundcube mentioned yet. We use it, and it's at least pretty enough. Requires a database, unfortunately, but it works with LDAP and our staff like it. http://roundcube.net/ -- Kian Mohageri
Re: driver question
On 4/16/07, James Mackinnon [EMAIL PROTECTED] wrote: This was likely answered before. I went hunting and seemed to not find a solid answer, thus, after the time of looking, I figured I need to take the moment to ask I have a quad Xeon 700 Dell 6450 with 4 146gig scsi drives connected to a perc 2/dc controller. pretty sure that's the aac driver. it doesn't really work.
Re: GRAPE cluster supercomputer + OpenBSD
On Fri, Apr 13, 2007 at 08:20:07AM +0200, Vim Visual wrote: Hi, I'm not concerned about the library, I'm almost sure it'll work in OpenBSD -it was written to be very portable-; it's the raid controller what will finally be the key to the OS... I forgot to give details, sorry. It's an Areca Raid Controller arc-1220 that card works fine in openbsd. it even has bio support out of the box. Yes, the OS is not that important, the cluster will not have a public IP and is already sitting behind a firewall (don't ask me which one, please, it's a RHL one, it was not my personal choice) and I've got obsd installed on my laptop to do the data analysis of the results but I was looking forward to having obsd on the cluster... i suspect the library that talks to the GRAPE card requires access to the hardware registers. if it uses the same mechanisms as X, then it might just work, but i don't like your chances. Today I'll boot the cd and see whether the controller is configured... it'll be fine :) dlg
Re: OpenBSD/alpha Status
J.C. Roberts wrote: On Monday 16 April 2007 14:14, Maurice Janssen wrote: I just thought of something which might be worth a try on systems that show the bug during system builds; use nice(1) to lower the build priority. It's a long shot, and I haven't tried it, but it *might* be a useful work around. Then again, it might be a waste of time. Could be bad luck, but it seems to have the opposite effect. It panic'd after a few minutes (details below), while up to now it used to run many hours before it panic'd. Hm, this could point to violated hardware specifications, memory cells that aren't used fast enough and thus not auto-refreshed in time. I presume the Alpha-bug is OpenBSD-only so it's definitely not a hardware problem? Could be that OpenBSD uses certain parts not often enough. Slow down the clocks to see if it's in that direction? And if so, start reading the datasheets... If someone in The Netherlands is really interested I can provide 433 and 500MHz Miata's, we also have an original DEC Alpha AXP development board available, I presume with a 166MHz 21064, boots via Ethernet with bootp. Ethernet, yes the original version, we have a DEC Ethernet-BNC adapter for it too. +++chefren
Re: sk or em
On Apr 16, 2007, at 12:43 PM, Jason Dixon wrote: Of course. You could do a 3-homed firewall using a single physical interface with VLANs. Not that you *should*, but you *could*. Didn't you post about a router on a stick not too long ago. That's immediately what I thought of when I posted about this. Bryan
Re: sk or em
On Apr 16, 2007, at 7:14 PM, Jason Dixon wrote: On Apr 16, 2007, at 9:49 PM, Bryan Vyhmeister wrote: Didn't you post about a router on a stick not too long ago. That's immediately what I thought of when I posted about this. http://marc.info/?l=openbsd-miscm=117482540111222w=2 I did a search for router on a stick and that thread didn't come up. Strange. Anyway, that was the thread I was thinking of. Bryan
Re: sk or em
On Apr 16, 2007, at 9:49 PM, Bryan Vyhmeister wrote: On Apr 16, 2007, at 12:43 PM, Jason Dixon wrote: Of course. You could do a 3-homed firewall using a single physical interface with VLANs. Not that you *should*, but you *could*. Didn't you post about a router on a stick not too long ago. That's immediately what I thought of when I posted about this. http://marc.info/?l=openbsd-miscm=117482540111222w=2 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: sk or em
On Apr 16, 2007, at 1:13 PM, Ronnie Garcia wrote: Kian Mohageri a icrit : On 4/16/07, Ronnie Garcia [EMAIL PROTECTED] wrote: It depends on the rate of the states changes. Here, we have ~30mbits on pfsync, for ~40mbits of traffic (!) On our college campus with 50Mbps, we see ~8Mbps pfsync traffic. Your ratio amazes me... What type of environment is that in? Content delivery (web servers, streaming). Approx 100 servers. That makes more sense. Streaming is a very different world than standard internet access for customers. I would anticipate that my pfsync traffic would probably end up being pretty low. On my main link now, I am seeing around a 1000 packets per second and usage going from between 3 to 6 Mbps both in and out depending on time of day. I am peaking at 6 Mbps more and more often and so I am moving up to a DS3. That was the next logical leap. I am running in the neighborhood of 10,000 to 13,000 states. Obviously I have no need for gigabit but it was an interesting idea. Do you guys think a pair of Soekris net4801's in a carp(4) setup would do all right with up to 10 Mbps with a 100 to 150 rule pf.conf given what I mentioned above? I have some P3 boxes that I plan on eventually using as carp boxes but the project isn't completed yet. Bryan
Re: Mail Server (seeking recommendations)
Sam Fourman Jr. [EMAIL PROTECTED] wrote: would using postgreSQL for auth with postfix / Dovecot be slow even if you used top of the line hardware say a dual core CPU and 4GB memory w/ RAID 0?I am thinking very strongly about moving our Exchange Server to postfix / PostgresSQL. When the job is repeatedly looking up values in a hierarchical schema, a relational database isn't a great choice. This is exactly the kind of task ldap is meant for, and it does it very well. Courier, dovecot, sendmail, postfix, sasl, etc will all happily use ldap. Adam
AFS Server on OpenBSD
Hi, I have been trying to find some information on setting up a AFS server on OpenBSD, is it even possible? Rico.
Re: AFS Server on OpenBSD
Date: Tue, 17 Apr 2007 01:30:46 +0200 From: Rico Secada [EMAIL PROTECTED] To: misc@openbsd.org Subject: AFS Server on OpenBSD Message-Id: [EMAIL PROTECTED] Hi, I have been trying to find some information on setting up a AFS server on OpenBSD, is it even possible? Rico. Yes, this should be possible. Visit: www.openafs.org to get openafs source. Either use heimdal (built-in to openbsd) or build and install MIT kerberos, or decide if kaserver is sufficient and acceptable to you. You don't need to bother with the openafs afs cache manager if you're just running an afs server, so you will most likely want to build openafs with '--disable-kernel-module'. If you have more questions regarding openafs, ask [EMAIL PROTECTED] what you're asking about is really AFS-centric, not openBSD-centric. -Marcus Watts
Distributed File System
Hi all. At work I am experiencing with setting up some distributed file system, at the current moment working with NFS. The problem is that it is being setup at work and people, from their homes, need to be able to mount the system. I have no prior experience in this, except for setting up and using NFS across a LAN. I would greatly appreciate any recommendations regarding security, effectiveness and other advices! I have been thinking about tunneling NFS over SSH2, and possibly using some kind of cache, but I do not know if this is actually the best approach. I have also been thinking about using AFS as posted before. Also perhaps, but not necessary, support for Windows could be needed in the long run. What are you guys using and how is it setup? Best and kind regards! Rico.
Re: Mail Server (seeking recommendations)
On Apr 16, 2007, at 5:05 PM, Kian Mohageri wrote: Throwing in another vote for Dovecot for IMAP. I'm stuck with Qmail at the moment (works fine), but Postfix is nice. As for webmail, I haven't heard Roundcube mentioned yet. We use it, and it's at least pretty enough. Requires a database, unfortunately, but it works with LDAP and our staff like it. http://roundcube.net/ I have looked at Roundcube in the past but just never installed it. I am sick and tired of CommuniGate Pro and its ridiculous upgrade prices which is why I have been testing different servers. A big part of the equation is webmail. One choice is Squirrelmail which works well enough but I am really not happy with it. Its performance is not so great with large IMAP mailboxes either. I just looked at the Roundcube site again and the it looks promising. I'll have to try it out. Bryan
Re: Mail Server (seeking recommendations)
On Apr 16, 2007, at 7:34 PM, Adam wrote: Sam Fourman Jr. [EMAIL PROTECTED] wrote: would using postgreSQL for auth with postfix / Dovecot be slow even if you used top of the line hardware say a dual core CPU and 4GB memory w/ RAID 0?I am thinking very strongly about moving our Exchange Server to postfix / PostgresSQL. When the job is repeatedly looking up values in a hierarchical schema, a relational database isn't a great choice. This is exactly the kind of task ldap is meant for, and it does it very well. Courier, dovecot, sendmail, postfix, sasl, etc will all happily use ldap. LDAP does seem to have some major advantages. Even with a PostgreSQL backend to LDAP, it runs much better than PostgreSQL by itself? Bryan
Really stuck and help needed of resources depletions on web servers.
Hi, I need some help to find out what I can do to address this problem. I did research, but so far can't get where I need to go and I am more stuck then usual and time is the essence this time around. I am adding more server resources tonight, but still need help as it can't keep up with the demand so far. Any help would be more then welcome as I am running like a chicken with his head cutoff now. I am not sure that I am looking at the right thing and run out of ideas, so I am setting more capacity with additional servers, however, that really will take lots of time and I am in a bind. Any clue stick would be very much appreciated right now! I am running 3.9 for now on a web server and today four times it crash and nothing could be done on the keyboard or anything else then reboot the server. Traffic was lots heavier then usual. First look like PF run out of resources, or something, I disable PF to see if that help and I thought it was it, but then it happen again. Crash. I am running 3.9 and the dmesg is below. The only thing I had on the screen was this: 95% sure, as I couldn't do much and no pen, etc. started with a bunch of error message on the screen with: extend_alloc_supregion: can't allocated region extend_alloc_supregion: can't allocated region extend_alloc_supregion: can't allocated region extend_alloc_supregion: can't allocated region extend_alloc_supregion: can't allocated region extend_alloc_supregion: can't allocated region end then I had this one: pf_test: pf_get_frag returned NULL pf_test: pf_get_frag returned NULL pf_test: pf_get_frag returned NULL pf_test: pf_get_frag returned NULL pf_test: pf_get_frag returned NULL pf_test: pf_get_frag returned NULL pf_test: pf_get_frag returned NULL pf_test: pf_get_frag returned NULL Anything I can do to help this situation? I am kind of stuck, so any ideas woud;l be more then welcome. === OpenBSD 3.9 (GENERIC) #462: Thu Mar 2 03:52:16 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1073278976 (1048124K) avail mem = 908550144 (887256K) using 22937 buffers containing 107536384 bytes (105016K) of memory mainbus0 (root) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Opteron(tm) Processor 242, 1593.82 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 1 function 0 AMD 8131 PCIX rev 0x12 pci1 at ppb0 bus 3 AMD 8131 PCIX IOAPIC rev 0x01 at pci0 dev 1 function 1 not configured ppb1 at pci0 dev 2 function 0 AMD 8131 PCIX rev 0x12 pci2 at ppb1 bus 2 bge0 at pci2 dev 3 function 0 Broadcom BCM5704C rev 0x02, BCM5704 A2 (0x2002): irq 10, address 00:00:1a:19:55:df brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 3 function 1 Broadcom BCM5704C rev 0x02, BCM5704 A2 (0x2002): irq 11, address 00:00:1a:19:55:de brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 AMD 8131 PCIX IOAPIC rev 0x01 at pci0 dev 2 function 1 not configured ppb2 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07 pci3 at ppb2 bus 1 ohci0 at pci3 dev 0 function 0 AMD 8111 USB rev 0x0b: irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci3 dev 0 function 1 AMD 8111 USB rev 0x0b: irq 10, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered vga1 at pci3 dev 4 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 AMD AMD8111 LPC rev 0x05 pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 6E040L0 wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 pciide0: channel 1 disabled (no drives) amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active iic0 at amdpm0 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0
Re: OpenBSD/alpha Status
On Monday, April 16, 2007 at 15:17:32 -0700, J.C. Roberts wrote: On Monday 16 April 2007 14:14, Maurice Janssen wrote: Could be bad luck, but it seems to have the opposite effect. It panic'd after a few minutes (details below), while up to now it used to run many hours before it panic'd. Damn. It didn't work but it was a long shot to begin with. At least we know timing/priority does affect when/how quickly the bug surfaces. Just out of curiosity, what exact command did you run to get the results you posted. Was it something like this: # cd /usr/src/sys/arch/alpha/conf # config GENERIC # cd ../compile/GENERIC # make clean make depend # nice make ? The kernel was built a few days ago. What I did before this panic was: boot # rm -rf /usr/obj/* # cd /usr/src # make obj # cd /usr/src/etc env DESTDIR=/ make distrib-dirs # cd /usr/src # nice -n 20 make build After about 10 minutes, it paniced. /usr/src and /usr/obj are nfs mounts. BTW: the memory tests (as suggested by Siegbert) didn't show any LLSC errors. # dmesg [ using 536000 bytes of bsd ELF symbol table ] consinit: using prom console Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.0-stable (GENERIC) #0: Fri Apr 13 05:15:48 CEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/alpha/compile/GENERIC DEC 3000 - M300X, 175MHz 8192 byte page size, 1 processor. total memory = 67108864 (65536K) (2097152 reserved for PROM, 65011712 used by OpenBSD) avail memory = 49037312 (47888K) using 793 buffers containing 6496256 bytes (6344K) of memory mainbus0 (root) cpu0 at mainbus0: ID 0 (primary), 21064-1 (pass 3) tcasic0 at mainbus0 tc0 at tcasic0: 12.5 MHz clock PMAGB-BA (Smart Frame Buffer (HX8)) at tc0 slot 6 offset 0x200 not configd ioasic0 at tc0 slot 5 offset 0x0: slow mode le0 at ioasic0 offset 0xc: address 08:00:2b:97:43:37 le0: 32 receive buffers, 8 transmit buffers scc0 at ioasic0 offset 0x10: console scc1 at ioasic0 offset 0x18 mcclock0 at ioasic0 offset 0x20: mc146818 or compatible AMD79c30 at ioasic0 offset 0x24 not configured tcds0 at tc0 slot 4 offset 0x0: TurboChannel Dual SCSI (baseboard) tcds0: fast mode set for chip 0 asc0 at tcds0 chip 0: NCR53C94, 25MHz, SCSI ID 7 scsibus0 at asc0: 8 targets sd0 at scsibus0 targ 0 lun 0: DEC, RZ26L (C) DEC, 442D SCSI2 0/direct fixed sd0: 1001MB, 3117 cyl, 8 head, 82 sec, 512 bytes/sec, 2050860 sec total sd1 at scsibus0 targ 3 lun 0: DEC, RZ26L (C) DEC, 442D SCSI2 0/direct fixed sd1: 1001MB, 3117 cyl, 8 head, 82 sec, 512 bytes/sec, 2050860 sec total MAGMA8+2 at tc0 slot 1 offset 0x0 not configured fta0 at tc0 slot 0 offset 0x0fta0: DEC DEFTA TC FDDI DAS Controller fta0: FDDI address 08:00:2b:b0:8b:47, FW=3.00, HW=0, SMT V7.2 fta0: FDDI Port[A] = A (PMD = ANSI Multi-Mode), FDDI Port[B] = B (PMD = ANSI Mu) root on sd0a swap on sd0b rootdev=0x800 rrootdev=0x800 rawdev=0x802