bnx and vlan
Hi, I am playing with my two Dell PowerEdge 1950 and have found something weird. The two Dell are connected to a Cisco 2900XL switch configured like follows: interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk VLAN Name Status - 1default active 50 VLAN0050 active 51 VLAN0051 active 100 VLAN0100 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-defaultactive On the first Dell with a 4.0 release OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 bnx0 at pci4 dev 0 function 0 Broadcom BCM5708 rev 0x12: apic 2 int 16 (irq 5), address 00:15:c5:ef:2a:77 brgphy0 at bnx0 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 6 bnx1 at pci14 dev 0 function 0 Broadcom BCM5708 rev 0x12: apic 2 int 16 (irq 5), address 00:15:c5:ef:2a:75 brgphy1 at bnx1 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 6 tcpdump shows something like 11:02:12.680092 802.1Q vid 0 pri 0 CARPv2-advertise 36 11:02:12.752324 802.1Q vid 0 pri 0 CARPv2-advertise 36 11:02:12.752390 802.1Q vid 0 pri 0 CARPv2-advertise 36 vlan id is always 0 for every packet. On the second Dell with a 4.1 snapshot OpenBSD 4.1 (GENERIC.MP) #1225: Sat Mar 10 19:23:18 MST 2007 bnx0 at pci4 dev 0 function 0 Broadcom BCM5708 rev 0x12: apic 2 int 16 (irq 5) bnx1 at pci14 dev 0 function 0 Broadcom BCM5708 rev 0x12: apic 2 int 16 (irq 5) bnx1: address 00:15:c5:ef:30:10 brgphy0 at bnx1 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 6 bnx0: address 00:15:c5:ef:30:12 brgphy1 at bnx0 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 6 tcpdump shows something like 10:55:40.124521 802.1Q vid 512 pri 1 cfi arp who-has 10:55:40.124841 802.1Q vid 768 pri 1 cfi arp who-has 10:55:40.133313 802.1Q vid 1024 pri 3 CARPv2-advertise 36: vlan id don't match the switch vlan id Thanks. Regards, Andrea Parazzini
Re: Comment economiser sur vos charges ...
Ya pas quelqu'un pour le blacklister lui ? Recevez vos devis a icrit : Ce message est au format HTML. Si vous ne parvenez pas ` le lire, cliquez ici. [IMAGE] GESTION D'ENTREPRISE MARKETING ET COMMUNICATION NOUVELLES TECHNOLOGIES GESTION DU PERSONNEL LOGISTIQUE ET EQUIPEMENT VEHICULES ET UTILITAIRES BOUTIQUE EN LIGNE [IMAGE] [IMAGE] EXTERNALISATION COMPTABLE SOUS TRAITANCE DES BULLETINS DE PAIES SOLUTIONS DE RECOUVREMENT FINANCEMENT - LEASING CONSEILS FINANCIER Pour vous TPE - PME combien vous revient votre poste comptable ? Consultez la liste de prestataires que nous vous conseillons sur cet e-mail. Trouvez le bon prestataire en quelques clics ! Ne perdez plus de temps ` rechercher et comparer vos prestataires ! Sur chacune de nos fiches prestataires, vous verrez en temps riel la notation du prestataire par les clients l'ayant dij` pratiqui et le nombre de connexion sur sa page. Aprhs, il ne vous reste plus qu'` faire une ou plusieurs demandes gratuites de devis et on s'occupe de vous ! Nos conseillers sont ` votre disposition toute la semaine de 09h00 ` 18h00 pour vous renseigner et vous guider dans le choix de vos prestataires PLUS DE 200 PRESTATAIRES SUR 55 SERVICES 24H/24 - 7J/7 www.guidedesprestataires.com Pour recevoir vos devis gratuitement Silectionnez parmi nos prestataires labellisis en cochant dans les annonces ci-dessous [IMAGE] Votre comptabiliti externalisie en quelques clics ... ! Gagnez en productiviti, efficaciti. Confiez votre comptabiliti en toute tranquilliti ` des spicialistes ! Vous disirez une gestion comptable iconomique, facile ` mettre en place, contrtlable 24h/24 ? Vous cherchez un cabinet d'expert comptable ? Vous priviligiez la sicuriti de vos comptes ? Vous avez besoin de rassembler chez un mjme prestataire comptabiliti, paie, relance client. [IMAGE] Vos bulletins de paies ` prix imbattables! Vos bulletins de paies ` partir de 9,50 ! [IMAGE] CRCE le partenaire de votre entreprise. Vous souhaitez ricupirer le riglement de vos factures? Vos impayis sont nombreux? Vous pouvez disormais faire appel ` notre prestataire spicialiste du recouvrement de criances. Il s'occupera de vos recouvrements amiables ou judiciaires. [IMAGE] Difiscalisez et payez moins d\'imptts avec un investissement immobilier FONCIERE RESIDENCE vous propose de choisir les meilleurs investissements immobiliers afin de riduire votre imptt. [IMAGE] CAPGEFI: Votre conseiller financier Grbce ` notre prestataire CAPGEFI, plus besoin d'avoir un conseiller financier au sein de votre entreprise. CAPGEFI vous propose d'externaliser le ptle financier de votre entreprise. [IMAGE] Assurance: Payez-vous le meilleur prix ? AUDIT CHORUS CONSEIL est un bureau d'itude spicialisi en audit des risques des assurances. Que vous soyez ` la recherche de Mutuelle, d'une assurance privoyance ou simplement pour l'assurance des bris de machines, AUDIT CHORUS est le prestataire qu'il vous faut. [IMAGE] Votre partenaire pour l\'externalisation de vos tbches administratives et juridiques ! AMY CONLUTING accompagne les TPE/ PME dans l'externalisation de l'ensemble de vos tbches d'administration, communication, gestion commerciale, juridique, riception d'appel. Un viritable partenaire pour votre entreprise. [IMAGE] A.M.I.P.E.Q, la mise aux normes de votre sociiti. A.M.I.P.E.Q est une aide ` la mise en place individualisie des processus Qualiti, Sicuriti, Environnement. [IMAGE] EFS finance vos ventes. Faites financer vos iquipements! Informatiques, bureautiques, automobiles...Protigez votre trisorerie par des solutions de financement adapties ` vos besoins: leasing, cridit-bail, location longue durie... [IMAGE] Trouvez des solutions pour financer votre parc informatique! FIPARC: votre solution locative informatique et tilicom. A DECOUVRIR CE MOIS-CI ... Silectionnez parmi nos prestataires labellisis en cochant dans les annonces ci-dessous La tili-assistance pour une meilleure gestion de votre parc informatique Avec la multiplication des virus, des problhmes de messagerie, de Spam et autres, vous jtes tous les jours confrontis ` divers problhmes informatiques. La tili-assistance permet de prendre le contrtle de votre parc informatique et de risoudre votre problhme en moins de 5 MN ! Photocopieur, tilicopieur, Imprimante neufs et occasions. Economisez sur votre budget impression ! FRANCE BUREAUTIQUE concessionnaire des marques PANASONIC et SHARP vous propose toute une gamme de copieurs, multifonctions, fax, imprimantes, copieurs. Binificiez d'un pack de demarrage gratuit ! CREASYWEB, criation de site E-Commerce Criez votre site Web de la conception ` la mise en ligne en toute liberti!
Re: Blocking web content
We have evaluated Dansguardian at work. It did really well. Shane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shockley Sent: Wednesday, April 18, 2007 3:34 PM To: misc@openbsd.org Subject: ***SPAM2*** Re: Blocking web content [EMAIL PROTECTED] wrote: I run an openbsd firewall. I want to block certain sites either by IP address or by domain name. How do I get more information on how to set this up? The article is old (I think it was written for 3.1 or 3.2) but I did the same thing using Squid: http://shockley.net/openbsd/squid.asp
Problems with pf and max-src-conn-rate
Hello since last week I keep getting this weird traffic towards my webserver, traffic wich I can't understand. There are several connections per second from only one source IP. I created a rule to overload the brutforce table on my www port like this: pass log inet proto tcp from any to $ext_if port www \ flags S/SA keep state \ (max-src-conn 5, max-src-conn-rate 5/3, \ overload bruteforce flush global) \ label R:$nr www I have a rule that blocks the bruteforcers like this: block drop log quick on $ext_if from bruteforce to any Testing this from a remote server with nc -v -w 3 MYIP 80 nc -v -w 3 MYIP 80 nc -v -w 3 MYIP 80 nc -v -w 3 MYIP 80 ... everthing seems to work fine. The tcpdump -nettti pflog0 command shows the first tree connection passing.. and the 4'th blocked. It overloads the sourceip into the bruteforce table like this: Apr 19 14:36:14.170442 rule 30/(match) pass in on sis0: 82.77.145.193.44595 193.231.240.66.80: [|tcp] (DF) Apr 19 14:36:14.186938 rule 30/(match) pass in on sis0: 82.77.145.193.29956 193.231.240.66.80: [|tcp] (DF) Apr 19 14:36:14.192805 rule 30/(match) pass in on sis0: 82.77.145.193.40188 193.231.240.66.80: [|tcp] (DF) Apr 19 14:36:14.206847 rule 30/(match) pass in on sis0: 82.77.145.193.24171 193.231.240.66.80: [|tcp] (DF) --- from now on the source ip is blocked. --- Apr 19 14:36:17.215484 rule 3/(match) block in on sis0: 82.77.145.193.44595 193.231.240.66.80: [|tcp] (DF) Apr 19 14:36:17.226593 rule 3/(match) block in on sis0: 82.77.145.193.29956 193.231.240.66.80: [|tcp] (DF) Apr 19 14:36:17.231342 rule 3/(match) block in on sis0: 82.77.145.193.40188 193.231.240.66.80: [|tcp] (DF) Apr 19 14:36:17.238024 rule 3/(match) block in on sis0: 82.77.145.193.22 193.231.240.66.46929: [|tcp] (DF) Apr 19 14:36:17.238032 rule 3/(match) block in on sis0: 82.77.145.193.24171 193.231.240.66.80: [|tcp] (DF) Apr 19 14:36:17.240979 rule 3/(match) block in on sis0: 82.77.145.193.22 193.231.240.66.46929: [|tcp] (DF) Apr 19 14:36:17.240984 rule 3/(match) block in on sis0: 82.77.145.193.22 193.231.240.66.46929: [|tcp] (DF) Apr 19 14:36:17.241965 rule 3/(match) block in on sis0: 82.77.145.193.22 193.231.240.66.46929: [|tcp] (DF) Apr 19 14:36:17.242976 rule 3/(match) block in on sis0: 82.77.145.193.22 193.231.240.66.46929: [|tcp] (DF) The problem is that I keep getting this strage connections from unknown servers, more then 5, 6 per second which my pf does not overload into the brutefoce. Apr 19 14:36:17.334308 rule 30/(match) pass in on sis0: 213.17.170.34.49187 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:17.452987 rule 30/(match) pass in on sis0: 213.17.170.34.45818 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:17.570618 rule 30/(match) pass in on sis0: 213.17.170.34.32041 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:17.689765 rule 30/(match) pass in on sis0: 213.17.170.34.59581 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:17.808512 rule 30/(match) pass in on sis0: 213.17.170.34.23824 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:17.928151 rule 30/(match) pass in on sis0: 213.17.170.34.52428 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:18.046504 rule 30/(match) pass in on sis0: 213.17.170.34.43061 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:18.165392 rule 30/(match) pass in on sis0: 213.17.170.34.47762 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:18.284315 rule 30/(match) pass in on sis0: 213.17.170.34.22329 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:18.403545 rule 30/(match) pass in on sis0: 213.17.170.34.58953 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:18.522695 rule 30/(match) pass in on sis0: 213.17.170.34.12441 193.231.240.66.80: [|tcp] (DF) [tos 0x90] Apr 19 14:36:18.641853 rule 30/(match) pass in on sis0: 213.17.170.34.62537 193.231.240.66.80: [|tcp] (DF) [tos 0x90] The only difference is that [tos 0x90] ... wich I can't explain. And this ip does not get into the brutefoce.. anybody know why ?
Re: Back again with funny network interfaces
If you hard set one side of an Ethernet link it disables the auto negotiation pulse so the other side defaults to 10baseT half duplex. I would suggest using media autoselect or media 10baseT unless you can configure the port on the switch. The switch is actually a 8-port 10/100 hub/switch, very dumb, without any configuration option whatsoever. :-) I tried first to connect the card without any media/mediaopt value and it started at 10Mb. I tried the card on a Windows box, connected to the same port of the switch and it negotiated at 100full. I paid attention to the dongle, which looks in pretty good shape; however the card has been heavily used, so it's possible some contacts are dirty or oxidized... Thank you all, bye, Manuel Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Blocking web content
On 4/18/07, Reyk Floeter [EMAIL PROTECTED] wrote: On Tue, Apr 17, 2007 at 05:34:48PM -0700, [EMAIL PROTECTED] wrote: I run an openbsd firewall. I want to block certain sites either by IP address or by domain name. How do I get more information on how to set this up? Thanks in advance. I am using Dansguardian with transparent setup (tinyproxy) at home to successfully block sites. However, the performance is not equivalent as without. How do I figure out/tweak to get it working better? What have others seen performance-wise using Dansguardian, transparent proxies in OpenBSD? Thanks and take care, Allen Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Gigabyte miniPCI GN-WI01GS - will it work with ral(4) ?
I wasn't able to find much either way... According to http://ralink.rapla.net/ it has RT2501 Turbo chipset, which consists of RT2527 RF chip and RT2561S BB/MAC chip (whatever that is). I don't care much for the 108 Mbps, but will it work at all, or is it one of not quite supported cards? Does anyone have any experience either way? -- viq
Re: Static Ip's: Routing and Fowarding
On Apr 18, 2007, at 3:11 PM, BradenM - Sonoma Computer wrote: Do you mean the gateway address supplied by my ISP? Yes. Bryan
Re: Static Ip's: Routing and Fowarding
On Apr 18, 2007, at 3:57 PM, Bray Mailloux wrote: And the default route in my table shows 64.142.102.1 which is also the gateway address supplied by my isp. OK. That sounds correct. Can you post your dhcpd.conf again? Bryan
Re: Static Ip's: Routing and Fowarding
On Apr 18, 2007, at 5:31 PM, Bray Mailloux wrote: shared-network LOCAL-NET{ option domain-name theamericanbray.com; option domain-name-servers 208.204.224.11, 208.204.224.33 subnet 192.168.0.0 netmask 255.255.255.0 { options routers 192.168.0.1; range 192.168.0.14 192.168.0.23; } } On the third line, you need a semicolon after the second DNS server. I would typically do this whole thing in a subnet declaration that is at the root of the file. Take out the shared-network statement and the last closing brace. See if that makes a difference. After you do that, run the following commands: pkill dhcpd /usr/sbin/dhcpd tail -f /var/log/daemon Look for any errors with the last command. Bryan
Re: ahci intel sata
intel provide both pciide and ahci for using sata disks. which one gets used depends on a set of registers in the pci config space. if you're serious about getting this to work find the datasheet at developer.intel.com for this chipset, and look at the MAP and PCS registers (i think thats them). you'll need to provide a custom attach routine for your chipset to be called in ahci_attach which tweaks those registers. i think thats enough to get ahci working on that controller, but i am probably wrong. dlg On 19/04/2007, at 5:20 AM, giovanni wrote: hello, sorry for the question but I would like to understand a bit more I've added PCI_PRODUCT_INTEL_82801GBM_SATA (product code 0x27c4) to the ahci_devices list because I've (wrongly?) read somewhere that Intel 82801GBM was ahci compliant. Indeed at boot I've: ahci0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02 GHC 0x0; AHCI 1.1: apic... ahci0: capabilities: 0xdf12ff03S64A, NCQ, SMPS, SSS, SALP, SAL, SCLO, SPM, PMD, SSC,PSC ports:4 ncmds:32 gen: 1 (1.5Gbps) ahci0: ports implemented: 0x have I to deduce that ahci is not available because Port Implemented register is 0? if so why is it reported a Number of port of 4? What is the sense of this discrepancy? thanks, -- giovanni
Re: Gigabyte miniPCI GN-WI01GS - will it work with ral(4) ?
On Thu, Apr 19, 2007 at 03:55:10PM +0200, viq wrote: I wasn't able to find much either way... According to http://ralink.rapla.net/ it has RT2501 Turbo chipset, which consists of RT2527 RF chip and RT2561S BB/MAC chip (whatever that is). I don't care much for the 108 Mbps, but will it work at all, or is it one of not quite supported cards? Does anyone have any experience either way? This should work fine, quoting ral(4): The RT2501 chipset is the second generation of 802.11a/b/g adapters from Ralink. It consists of two integrated chips, an RT2561 MAC/BBP and an RT2527 radio transceiver. 108 Mbps or SuperG are Atheros marketing taglines, avoid such cards. Jonathan
Re: Gigabyte miniPCI GN-WI01GS - will it work with ral(4) ?
On 19/04/07, Jonathan Gray [EMAIL PROTECTED] wrote: On Thu, Apr 19, 2007 at 03:55:10PM +0200, viq wrote: I wasn't able to find much either way... According to http://ralink.rapla.net/ it has RT2501 Turbo chipset, which consists of RT2527 RF chip and RT2561S BB/MAC chip (whatever that is). I don't care much for the 108 Mbps, but will it work at all, or is it one of not quite supported cards? Does anyone have any experience either way? This should work fine, quoting ral(4): The RT2501 chipset is the second generation of 802.11a/b/g adapters from Ralink. It consists of two integrated chips, an RT2561 MAC/BBP and an RT2527 radio transceiver. Yes, though that S at the end of RT2561S had me worried... But I got an off-list confirmation from someone knowledgeable that this should work. 108 Mbps or SuperG are Atheros marketing taglines, avoid such cards. Yeah, I don't care much about those, as the other end has a normal ralink card in there, so I wouldn't be getting any benefit from it anyway. Jonathan Thanks. -- viq
Re: Blocking web content
Thomas Mullins wrote: We have evaluated Dansguardian at work. It did really well. We've been using DG for years and it has proven stable, highly configurable and is actively developed. AV capabilities and so on. You would do well to give it a spin and read up on all the features, we found things to use we didn't know we needed In fact we took 5 minutes and upgraded to 2.9.8.5 less than an hour ago. We upgrade OpenBSD at each new release and have yet to have any DG issues. Bob [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
gunzip changes lastmod time?
On an older box still running 3.5; gunzip/gzip does not change lastmod time; but on 4.0 [release] gunzip changes the lastmod time. What's the reason for this change? $ dmesg dmesg.txt $ touch -t 20070101 dmesg.txt $ ls -l dmesg.txt -rw-r--r-- 1 fbax fbax 3797 Jan 1 00:00 dmesg.txt $ gzip dmesg.txt $ ls -l dmesg.txt.gz -rw-r--r-- 1 fbax fbax 1829 Jan 1 00:00 dmesg.txt.gz $ gunzip dmesg.txt.gz $ ls -l dmesg.txt -rw-r--r-- 1 fbax fbax 3797 Apr 19 13:15 dmesg.txt
Re: gunzip changes lastmod time?
Hello, 2007/4/19, Frank Bax [EMAIL PROTECTED]: On an older box still running 3.5; gunzip/gzip does not change lastmod time; but on 4.0 [release] gunzip changes the lastmod time. What's the reason for this change? This was a bug and it has been fixed. For more info, please see : http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5417 Best regards, Charles Longeau
IPSec OSPF
All - Scenario: We have two OpenBSD firewalls/VPN gateways working in failover mode using pf, pfsync, carp and sasync. The firewalls on their inside network is connected to a Cisco router which is connected back to the main corp network using a P2P serial connections (two bonded T1s). The corp side of the router is also another Cisco device. We have OSPF running on corp network and the remote network. Presently the corp network is connected to a 2MB/s DSL, which is also another Cisco box and the OpenBSD firewalls are connected to 10MBs ethernet connection, so we want to switch the default route to the OpenBSD firewalls. We want to: 1. connect the Cisco DSL router to the OpenBSD firewalls using L2L IPSec for redundant connectivity. 2. monitor the serial interface on the Cisco, which we can use HSRP, VRRP, OSPF with metrics, I would like to connect Cisco DSL router to the OpenBSD firewall using L2L IPsec tunnel. This would help if we lose the serial connection then we can route all traffic going to the remote network to ride the IPSec tunnel. Question: 1. How do I specify route to the corp network thru the IPSec tunnel to distribute into the OSPF cloud in OpenBSD? If I can, then we can use route metric to make sure that the IPSec tunnel can fail over in case we lose serial connectivity to the remote network. Hope this makes sense. Thanks for all your responses!. Prabhu -
Re: Webservers with Terrabytes of Data in - recomended setups
On Wed, Apr 18, 2007 at 03:22:07PM +0530, Siju George wrote: Hi, How Do you handle when you have to Serve terrabytes of Data through http/https/ftp etc? Put it on Differrent machines and use some knid of loadbalancer/intelligent program that directs to the right mahine? use some kind of clustering Software? Waht hardware do you use to make your System Scalable from a few terrabytes of Data to a few hundred of them? Does OpenBSD have any clustering Software available? Is anyone running such setups? Please let me know :-) I don't really know, but how about some http proxy (hoststated comes to mind, pound or squid also works) and a lot of hosts each serving a subset of the total behind that? Yes, that's exactly what you said. I don't think NFS/AFS is that good an idea; you'll need very beefy fileservers and a fast network. Maybe rsync'ing from a central fileserver would work? However, there are a lot of specialized solutions available (various SANs come to mind; Google has published several papers on filesystems and algorithms like MapReduce, although the latter isn't going to help you for serving HTTP). All in all, though, I think the most important part are rate of change and reliability conditions. A big web host might hit an impressive amount of data, but it doesn't change all that often and a site occasionally going offline is usually tolerated (just restore a recent backup). In such cases, something like the above seems to work. Joachim -- TFMotD: moduli (5) - system moduli file
Re: Binary kernel and base update
On Tuesday, April 10, 2007 at 01:43:56 +0200, [EMAIL PROTECTED] wrote: Hi all. I have noticed that the OpenBSD team puts a lot of emphasis on using binary packets rather than building from ports, which I think IMHO is good, but why is it that there is no binary kernel updates, rather than patching the kernel from source? Some progress was made in the last couple of days. First results are up at ftp://ftp.su.se/pub/mirrors/openbsd_stable/ I hope to add amd64, alpha and hppa in the near future. I don't have the hardware to build other architectures. If someone can help building one of the missing architectures, please let me know. Comments and suggestions are welcome. Maurice
Re: ahci intel sata
On Thu, Apr 19, 2007 at 07:15:31PM +0200, Artur Grabowski wrote: David Gwynne [EMAIL PROTECTED] writes: intel provide both pciide and ahci for using sata disks. which one gets used depends on a set of registers in the pci config space. if you're serious about getting this to work find the datasheet at developer.intel.com for this chipset, and look at the MAP and PCS registers (i think thats them). you'll need to provide a custom attach routine for your chipset to be called in ahci_attach which tweaks those registers. i think thats enough to get ahci working on that controller, but i am probably wrong. Erm... Now I'm confused. On my laptop: ahci0 at pci0 dev 31 function 2 Intel 82801GBM AHCI SATA rev 0x02 GHC 0x0: AHCI 1.1: apic 2 int 16 (irq 11) ahci0: capabilities: 0xc710ff03S64A,NCQ,SALP,SAL,SCLO,PMD,SSC,PSC ports: 4 ncmds: 32 gen: 1 (1.5Gbps) ahci0: ports implemented: 0x0001 ahci0.0: port reset ahci0: detected device on port 0 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, HTS541080G9SA00, MB4I SCSI2 0/direct fixed sd0: 76319MB, 76319 cyl, 64 head, 32 sec, 512 bytes/sec, 156301488 sec total It just works. Is this because I enabled ahci in the bios? yes. if the bios doesnt enable it we have to do its job for it. I had some strange diff earlier from someone, might even have been you, that did some tweak to enable it even though it wasn't enabled in the bios (that's when my laptop was crashing on reboot). that was me, and the panic was something else that was fixed a few weeks ago. //art On 19/04/2007, at 5:20 AM, giovanni wrote: hello, sorry for the question but I would like to understand a bit more I've added PCI_PRODUCT_INTEL_82801GBM_SATA (product code 0x27c4) to the ahci_devices list because I've (wrongly?) read somewhere that Intel 82801GBM was ahci compliant. Indeed at boot I've: ahci0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02 GHC 0x0; AHCI 1.1: apic... ahci0: capabilities: 0xdf12ff03S64A, NCQ, SMPS, SSS, SALP, SAL, SCLO, SPM, PMD, SSC,PSC ports:4 ncmds:32 gen: 1 (1.5Gbps) ahci0: ports implemented: 0x have I to deduce that ahci is not available because Port Implemented register is 0? if so why is it reported a Number of port of 4? What is the sense of this discrepancy? thanks, -- giovanni
Re: Webservers with Terrabytes of Data in - recomended setups
I don't think NFS/AFS is that good an idea; you'll need very beefy fileservers and a fast network. NFS may actually be useful; if you really need the files in one directory space for management/updates that's a way to do it (i.e. mount all the various storage servers by NFS on a management station/ftp server/whatever). For serving content some HTTP-based scheme to get the requests to hit the right server is probably in order. Proxies are useful if you have special requirements (for example SSL, where it doesn't make sense to have the CPU and the disk in the same place), but it normally makes more sense to distribute the requests to the correct server/s in the first place (either by front-ends that know the location of content sending a Location: header if you want to give out URLs with a single server name) or by the html pointing clients to the files on the right servers. various SANs come to mind TFMotD: fsck(8) (-: Relying on black-box vendors for fixes is an additional bonus. Works for some people, though. Allegedly.
Re: Webservers with Terrabytes of Data in - recomended setups
Stuart Henderson wrote: I don't think NFS/AFS is that good an idea; you'll need very beefy fileservers and a fast network. NFS may actually be useful; if you really need the files in one directory space for management/updates that's a way to do it (i.e. mount all the various storage servers by NFS on a management station/ftp server/whatever). Good idea yes, but if I recall properly, unless major changes have been done, isn't it the use of NFS become a huge bottle neck compare to local drive? I think the archive is full of complain about the thought put of NFS not being so good. Am I wrong here? I would love to use NFS as well for multiple servers accessing one source, but so far, it always being not so good to do that. If that's wrong please correct me as I would love to know if that still the case or not. Best, Daniel
Re: Webservers with Terrabytes of Data in - recomended setups
On Thu, Apr 19, 2007 at 10:51:56PM +0100, Stuart Henderson wrote: I don't think NFS/AFS is that good an idea; you'll need very beefy fileservers and a fast network. NFS may actually be useful; if you really need the files in one directory space for management/updates that's a way to do it (i.e. mount all the various storage servers by NFS on a management station/ftp server/whatever). Something like that might be a very good idea, yes. Just don't try to serve everything directly off NFS. (An even better idea might be setting up a repository for your favourite version control system and making partial checkouts. Gets you most of the benefit of a unified filesystem, at the cost of complex - and thus fragile - checkin hooks. On the other hand, version control is likely to be a big plus.) For serving content some HTTP-based scheme to get the requests to hit the right server is probably in order. Proxies are useful if you have special requirements (for example SSL, where it doesn't make sense to have the CPU and the disk in the same place), but it normally makes more sense to distribute the requests to the correct server/s in the first place (either by front-ends that know the location of content sending a Location: header if you want to give out URLs with a single server name) or by the html pointing clients to the files on the right servers. I think doing that in HTML will quickly become an administration nightmare. various SANs come to mind TFMotD: fsck(8) (-: Relying on black-box vendors for fixes is an additional bonus. Works for some people, though. Allegedly. Yeah, they seem to work. It wouldn't be my first choice, either, but I've never tried to run OpenBSD in this kind of environment. At least a good, expen$$$ive SAN is good for covering your backside. JOachim -- TFMotD: perl561delta (1) - what's new for perl v5.6.x
Re: Webservers with Terrabytes of Data in - recomended setups
This isn't an OpenBSD specific solution, but you should be able to use an EMC san to accomplish this (we use a fiber channel setup) On 4/19/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/04/19 18:08, Daniel Ouellet wrote: Stuart Henderson wrote: I don't think NFS/AFS is that good an idea; you'll need very beefy fileservers and a fast network. NFS may actually be useful; if you really need the files in one directory space for management/updates that's a way to do it (i.e. mount all the various storage servers by NFS on a management station/ftp server/whatever). Good idea yes, but if I recall properly, unless major changes have been done, isn't it the use of NFS become a huge bottle neck compare to local drive? I think the archive is full of complain about the thought put of NFS not being so good. I meant using it the other way round: have the *webservers* export their filesystem, and ftp/management servers mount them to provide a single space for carrying out updates and backups, locating files, etc. Having a bunch of webservers serve data from a large NFS store seems less attractive for most of the cases I can think of. The main one I see where it may be attractive is where heavy CGI processing or similar is done (that's usually a different situation to having many TB of data, though). In the CGI case, there are some benefits to distributing files by another way (notably avoiding the NFS server as a point of failure), rsync as Joachim mentioned is one way to shift the files around, CVS is also suitable, it encourages keeping tighter control over changes too, and isn't difficult to learn.
Re: 4.0-stable lockup SOLVED (temporarily)
The solution I came to is very simple. Currently I only need one of em (dual card), so I disabled the second one. When I boot the router, my network usage rises up to 96%. I simlpy mark that unusable interface (em1) as up and few seconds later I mark the same interface down. My network usage drops significantly, currently I am looking it shows 75%. The router is running without locking for 25 hours now. I am also planning an upgrade to 4.1 if there are changes to em driver. Out of curiosity, they're not connected to the same ethernet segment are they? Cheers, A
[Fwd: Shipped Order:2007/3/12-13:27:10-21493:]
YES ! It's on it's way !! -- ~Allie D. Original Message Subject: Shipped Order:2007/3/12-13:27:10-21493: From:OpenBSD Shipping [EMAIL PROTECTED] Date:Thu, April 19, 2007 15:30 To: [EMAIL PROTECTED] -- USPS tracking number 030508313176xx assigned to a shipment as follows: BSD41.0020 Computer Shop/OpenBSD Box 28 Sweet Grass, MT 59484 USA 98072 Software on CDROM Canada50 T-shirts Canada25 US $ TOTAL -- 75 This is the tracking number advice script, letting you know that a package has been or is just about to be mailed to you with a green USPS barcoded tracking label and that progress of the package may be watched by viewing the USPS website: http://www.usps.com/shipping/trackandconfirm.htm and entering in your tracking number. (They may be a delay of a day or two before it first shows up). Packages shipped by this method are not insured by USPS, however we guarantee safe delivery. Typical transit times are 4 to 10 days. Guarantee claims may be initiated after 30 days, should loss in the mail be suspected. However, if one of the rare, but overly long, postal delays interferes with an urgent project of yours, or events arise that increase the urgency of your requirements, do not hesitate to contact us. We have solutions for most any circumstance. This message concerns only one package, and there may, or may not, be other packages sent out for your order. OpenBSD Shipping
Re: 4.0-stable lockup SOLVED (temporarily)
On 2007/04/20 01:21, Mitja wrote: The solution I came to is very simple. Currently I only need one of em (dual card), so I disabled the second one. When I boot the router, my network usage rises up to 96%. I simlpy mark that unusable interface (em1) as up and few seconds later I mark the same interface down. My network usage drops significantly, currently I am looking it shows 75%. Do you mean interrupt%? bsd.mp will probably drop that *way* down. You may need to also disable USB (may have been one of the things fixed by moving to either acpi or a newer bios, I don't recall). Most of mine are on original bios, -current from around the time 4.1 was tagged, with acpi on, USB off. They don't crash any more, but I have recently noticed some odd problem with packet loss with the onboard bge(4) though; if I ping *from* the h8ssl to another box there's no trouble, if I ping from elsewhere to the h8ssl I get periods of a few (1-10) minutes at a time with usually an hour or two between them where there's 0.5 to 1% loss, a couple of RTM_LOSING, and sometimes bad enough to cause bgp hold timers to expire on the ibgp sessions to other h8ssl boxes. The one of them with a quad em(4) is only affected by that to the extent that all the ibgp peers are h8ssl with bge(4)... The router is running without locking for 25 hours now. I am also planning an upgrade to 4.1 if there are changes to em driver. the diff to if_em.c is 1000 lines. Some of it's PCIE support, but there's plenty else. here's dmesg from the one I have here (not a router, still sees packet loss on bge though - this has the newer bios - as an aside, supermicro say this has the erratum 89 fix in, I've yet to see an amd64 box which doesn't trigger the warning though ...). Kernel is just generic with acpi enabled and usb disabled. OpenBSD 4.1-current (ACPI.MP) #2: Fri Mar 30 22:31:13 BST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ACPI.MP cpu0: AMD Opteron(tm) Processor 146 (AuthenticAMD 686-class, 1024KB L2 cache) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD erratum 89 present, BIOS upgrade may be required real mem = 1073246208 (1048092K) avail mem = 971849728 (949072K) using 4278 buffers containing 53784576 bytes (52524K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 07/15/06, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.4 @ 0xf8e00 (50 entries) bios0: Supermicro H8SSL pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4f50/160 (8 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1166 product 0x0205 pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x2200 0xca800/0x1600 0xcc000/0x1600 0xcd800/0x1000 acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP APIC OEMB acpitimer0 at acpi0: 3579545 Hz, 32 bits acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table FACP not configured acpimadt0 at acpi0 table APIC addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD erratum 89 present, BIOS upgrade may be required cpu0: apic clock running at 199 MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 16 pins ioapic1 at mainbus0: apid 2 pa 0xfec01000, version 11, 16 pins ioapic2 at mainbus0: apid 3 pa 0xfec02000, version 11, 16 pins acpi device at acpi0 from table OEMB not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P1P2) acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: SLPB acpicpu0 at acpi0: CPU1: CTRL GASIO is CPU manufacturer overridden pci0 at mainbus0 bus 0: configuration mode 1 (no bios) ppb0 at pci0 dev 1 function 0 ServerWorks HT-1000 PCI rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 13 function 0 ServerWorks HT-1000 PCIX rev 0xb2 pci2 at ppb1 bus 2 ppb2 at pci2 dev 1 function 0 Intel IOP331 PCIX-PCIX rev 0x07 pci3 at ppb2 bus 3 ami0 at pci3 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x07: apic 2 int 4 (irq 11) ami0: LSI 3008, 32b, FW 814B, BIOS vH431, 128MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 1424784MB, 1424784 cyl, 64 head, 32 sec, 512 bytes/sec, 2917957632 sec total scsibus1 at ami0: 16 targets bge0 at pci2 dev 3 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 2 int 8 (irq 5), address 00:30:48:58:86:40 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 3 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 2 int 9 (irq 7), address 00:30:48:58:86:41 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 piixpm0 at pci0 dev 2 function 0 ServerWorks HT-1000 rev 0x00: polling iic0 at piixpm0 admcts0 at iic0 addr 0x2c pciide0 at pci0 dev 2 function 1 ServerWorks HT-1000 IDE rev 0x00: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at
Re: Static Ip's: Routing and Fowarding
On Wed, 18 Apr 2007 17:40:49 -0700, Bryan Vyhmeister wrote: On Apr 18, 2007, at 5:31 PM, Bray Mailloux wrote: shared-network LOCAL-NET{ option domain-name theamericanbray.com; option domain-name-servers 208.204.224.11, 208.204.224.33 subnet 192.168.0.0 netmask 255.255.255.0 { options routers 192.168.0.1; range 192.168.0.14 192.168.0.23; } } On the third line, you need a semicolon after the second DNS server. I would typically do this whole thing in a subnet declaration that is at the root of the file. Take out the shared-network statement and the last closing brace. See if that makes a difference. After you do that, run the following commands: pkill dhcpd /usr/sbin/dhcpd tail -f /var/log/daemon Look for any errors with the last command. You have pulled one of my tricks - writing a quick helpful reply and forgetting something you never would when doing it at the console of your own machine. dhcpd needs to be told what interface(s) to listen on. R/ From the land down under: Australia. Do we look umop apisdn from up over?
Re: Webservers with Terrabytes of Data in - recomended setups
Siju George wrote: Hi, How Do you handle when you have to Serve terrabytes of Data through http/https/ftp etc? Put it on Differrent machines and use some knid of loadbalancer/intelligent program that directs to the right mahine? use some kind of clustering Software? Waht hardware do you use to make your System Scalable from a few terrabytes of Data to a few hundred of them? Does OpenBSD have any clustering Software available? Is anyone running such setups? Please let me know :-) Thankyou so much Kind Regards Siju Too open-ended a question... Are you talking about many TB on one site? Lots of sites? Is there some reason it has to be on one server or one site? Is this huge storage, huge demand? Huge storage, low demand? Is this storage all needed on day 1, or will it grow with time? (hint: if it grows with time, build for NOW, with ability to add later, don't buy storage in advance!) etc. Let the answers to those questions guide your engineering work, don't rely on knee-jerk reactions. And don't be afraid to change the question to meet available answers. :) Common error is to take the given proposed solution (posed as a problem, but often someone has digested the REAL problem into what they think is the only possible model, and sent you down a bad alley) as gospel, and never question the basic assumptions. I've got a web server with over 3.5TB of storage on it that cost about $6000US a year or so ago. It's a huge-storage, low-demand app, probably gets on average a query a day, if that. If the box breaks, time can be spent repairing it, but we don't want to lose the data (it's carefully backed up, but the backup media is so compressed, it takes longer to uncompress the files than it does to scp them back into the box!). So, the thing has redundancy where it counts (disk) and simplicity where it doesn't matter, and it can be upgraded, enhanced and changed as needed. And, we have a small enough amount invested in the thing that we can completely change our mind about the approach to the problem any time in the future and throw it all away with a very clear conscience. (My current boss-of-the-week thinks he wants to replace this with an unknown proprietary app feeding a $30,000 per-processor database server attached to a $60,000 disk array, so you can see how insignificant the price tag on this system is. You can also see something about my boss. And why I'm looking for a better job). Let's say you have one website that you are trying to serve massive amounts of static files from. I presume you aren't just dropping people at the root of a massive directory tree and letting them dig for their desired file...you probably have some kind of app directing them to the file they need. Well, you should have no problem also directing them to the SERVER they need, as well...do a little magic on the front-end machine, you could also implement massive amounts of very cheap redundancy for very low cost. For example, if you have two machines, A and B, skip RAID, just put both data sets on both machines. If you lose A, serve A's files from B, it's a little slower, but still working. Repair A, resync (if needed) and you are back up and running at 100%. Now you can use the absolutely cheapest and least redundant machines around to accomplish your task. (in this case, your front-end machines would have to be a little more sophisticated...but still should have multiple-machine redundancy). SANs are the cool way to do this, of course. Also a very expensive way...and something I'd try to avoid unless it was really needed. Design it simple, design it to be fixable WHEN it breaks, and you will save your hair... Use all the tricks you can for YOUR solution, including: * lots of small partitions * RO any partitions you can (no need to fsck after an oops) * Assume you will need more storage later, and figure out how to add it without removing data from your existing storage * Assume your existing 500G disk is going to look pathetic in a few years when 10TB microdrives are in your palmtop computer, and make sure you have a plan to migrate the data off those first disks you installed. * Guess how much processor you need, and figure out how to deal with it when you are wrong. * Keep in mind if you don't expect lots of demand this year, next year's systems will be a lot faster, bigger and cheaper. * Last year's computers loaded with modern disks are still pretty darned fast for many applications. Nick.
Re: [Fwd: Shipped Order:2007/3/12-13:27:10-21493:]
On Thu, Apr 19, 2007 at 04:47:21PM -0700, Allie D. wrote: YES ! It's on it's way !! -- ~Allie D. Original Message Subject: Shipped Order:2007/3/12-13:27:10-21493: From:OpenBSD Shipping [EMAIL PROTECTED] Date:Thu, April 19, 2007 15:30 To: [EMAIL PROTECTED] -- USPS tracking number 030508313176xx assigned to a shipment as follows: You can't obscure a USPS tracking number like that. The numbers at the end are some kind of a hash of the shipper ID, and are the same for all shipments from Computer Shop... (Ok, I'm kidding) What I meant to say, was ME TOO!!! -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
acx/ath card information
This (acx) is a wireless minipci card I got out of a broken D-Link DI-624+ acx0 at pci0 dev 16 function 0 TI ACX111 rev 0x00: irq 10 acx0: ACX111, radio Radia (0x16), EEPROM ver 5, address 00:0f:3d:0e:28:75 Also I use the ath driver for a D-Link DWL-G650 rev C. (but it seems unstable, after eg. an hour of usage it's really slow) Actually the manpages said DWL-G650 should be supported by acx, well it appears as an ath on my machine. More details on request (eg. dmesg). (this is all 4.0 with security patches)