Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
On Wed, 9 May 2007, Daniel Ouellet wrote: > Otto Moerbeek wrote: > > > Where are the OS bottleneck that I can may be improve here? > > > > Loks at the memory usage. 300 httpd procces could take up 3000M > > easily, especially with stuff like php. In that case, the machine > > starts swapping and your hit the roof. As a general rul, do not allow > > more httpd procces than our machine can handle without swapping. Also, > > a long KeepAliveTmeout can works against you, by holding slots. > > Thanks Otto, > > I am still doing tests and tweak, but as far as swap, I checked that and same > for keep alive in httpd.conf and I even changed it in: > > net.inet.tcp.keepinittime=10 > net.inet.tcp.keepidle=30 > net.inet.tcp.keepintvl=30 These parameters do not have a lot to do with what you are seeing. I was talking abouty the KeepAliveTimeout of apache. It's by default 15s. WIth a long timout, any processs that has served a request will wait 15s to see if the client issues more requests on the same connection before it becomes available to serve other requests. For more details, see http://httpd.apache.org/docs/1.3/mod/core.html#keepalivetimeout > > For testing only. I am not saying the value above are any good, but I am > testing multiple things and reading a lot on sysctl and what each one does. > > KeepAliveTmeout is at 5 seconds. Try lowering it even more. > > No swapping is happening, even with 1000 httpd running. > > load averages: 123.63, 39.74, 63.3285 01:26:47 > 1064 processes:1063 idle, 1 on processor > CPU states: 0.8% user, 0.0% nice, 3.1% system, 0.8% interrupt, 95.4% idle > Memory: Real: 648M/1293M act/tot Free: 711M Swap: 0K/4096M used/tot
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
Otto Moerbeek wrote: Where are the OS bottleneck that I can may be improve here? Loks at the memory usage. 300 httpd procces could take up 3000M easily, especially with stuff like php. In that case, the machine starts swapping and your hit the roof. As a general rul, do not allow more httpd procces than our machine can handle without swapping. Also, a long KeepAliveTmeout can works against you, by holding slots. Thanks Otto, I am still doing tests and tweak, but as far as swap, I checked that and same for keep alive in httpd.conf and I even changed it in: net.inet.tcp.keepinittime=10 net.inet.tcp.keepidle=30 net.inet.tcp.keepintvl=30 For testing only. I am not saying the value above are any good, but I am testing multiple things and reading a lot on sysctl and what each one does. KeepAliveTmeout is at 5 seconds. No swapping is happening, even with 1000 httpd running. load averages: 123.63, 39.74, 63.3285 01:26:47 1064 processes:1063 idle, 1 on processor CPU states: 0.8% user, 0.0% nice, 3.1% system, 0.8% interrupt, 95.4% idle Memory: Real: 648M/1293M act/tot Free: 711M Swap: 0K/4096M used/tot
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
On Tue, 8 May 2007, Daniel Ouellet wrote: > I am trying to improve my performance and fix my problem on httpd, but look > like I am hitting the roof regardless if I test in lab using an old 850MHz > i386 or an new AMD64 at 1.6GHz. Both have > 2GB of ram, so that's the issue > both have. I can't pass more then ~300 to 325 simultaneous httpd process and > timeout goes jump high. > > So, I guess may be the limit are in the connection process of the TCP stack, > more then the httpd itself. But I am at a lots as to where to look. Tested > both on 4.1 and 3.9 just to see. > > Where are the OS bottleneck that I can may be improve here? Loks at the memory usage. 300 httpd procces could take up 3000M easily, especially with stuff like php. In that case, the machine starts swapping and your hit the roof. As a general rul, do not allow more httpd procces than our machine can handle without swapping. Also, a long KeepAliveTmeout can works against you, by holding slots. -Otto
Re: order
My CC was just charged 54.92, and I can only hope it's my 4.1 shipment :D On 5/8/07, Greg Thomas <[EMAIL PROTECTED]> wrote: > > I'm in Los Angeles, I ordered two CD sets on 4/13, no book because I > hadn't noticed it, and I received my order on Cinco de Mayo. > > G
Re: Softupdates question
On 5/8/07, mickey <[EMAIL PROTECTED]> wrote: On Tue, May 08, 2007 at 07:06:06AM -0400, Nick Holland wrote: > George C wrote: > > I've just stumbled across the SoftUpdates section in the FAQ, and was rather > > surprised that I had never seen/heard of this feature before. Before > > I mount any > > partition using softdep, I thought I'd google, browse the archives, etc. for any > > information about when/where they should be used. > > > > Although I've found a plethora of information about soft updates, much of it is > > either contradictory or incomplete I thought I'd ask here for clarification. > > > > Is it always best to mount /, /tmp, /usr, /var, /home with softdep? > > Under what curcumstances would it not be appropriate? > > Softdeps don't do anything for you if you are mostly reading from disk, > or if the partition is mounted read-only. It's about writing. of course they do. there are still atime updates for example that will be handled if not mount read-only. So, given the above two comments... sounds like softdep would be both "safe" and beneficial for (at least) /usr and /var. Probably also for /var/www. Still curious how they would work on, say, /var/mysql or /var/postgresql, but I can play with this on my own. Has anyone already tried? Care to comment? > All these machines have a perc5 raid controller using mfi driver does that > make a difference? yes... IF the RAID card has a write cache, SOME of the advantage of softdeps may not exist. On the other hand, if it doesn't have the battery, your write performance is so horrible, you probably want softdeps badly. Hmm. My cards do have a write cache w/ battery. So in this case, it looks like softdep on any partition would be inappropriateis that correct? Is this simply because the raid card (with write cache) is basically doing what softdep does? Many Thanks for all the advice! -George
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
Douglas Allan Tutty wrote: It is cap somehow and I am not sure what does it yet. I'm new at this so please ignore if its not helpful. Is this a bandwidth (hardware) limitation on the computer itself? If so then a faster processor won't help. Bus contention? Could always be a possibility, but if you take the data sent and the time spend to send it, you would see that one server in all tests look like it cap at around 5.8Mb/sec and the other one at 9.0Mb/sec. These numbers are sure way to low to be a bus problem here. Even drive speed, look to me that drives these days sure can spit data lots faster then this for sure. I am trying so many different things without success so far. But I am sure there have to be something I am overlooking here. Doesn't make sense to me that one would be cap at that level. I don't believe it anyway, but on the other end, I am running out of idea to check and Google doesn't provide me lots more to try that I haven't done already. I am sure Henning can get more out of his servers then this, but I am not sure how he does it to be honest.
Re: revenge of stupid vlan questions
Jon wrote: Greetings everybody, So I've set up what I thought should be a proper vlan configuration however something is clearly still not correct. Traffic passes fine to the vlan devices from the external side of the router (I can ping them) however traffic does not seem to pass bewteen the vlan devices and their parent device - I cannot ping stuff connected to the vlans on the switch. Is the switch VLAN-aware? Are the end-nodes in each VLAN VLAN- and tag-aware? Using tcpdump on the vlan parent device DOES show all kinds of arp requests and such noise marked as 802.1Q coming from the hosts on the various vlans (mostly unanswered arp requests for the vlan device which is their gateway) and using tcpdump on the various vlan devices on the router shows only unanswered arp requests for the various other hosts. * I've uncommented net.inet.ip.forwarding=1 in /etc/sysctl.conf * packetfilter is off * hostname.em0: inet 172.18.1.2 255.255.255.0 NONE (external side of the router, local to my desktop lan - pings go through this to the vlan devices and return just fine) * hostname.em1: up mtu 1518 (the mtu 1518 part is just cause a man page seemed to be suggesting I should set it to this) The 802.1Q protocol will increase the frame by 4 bytes, but if your destination cannot interpret the VLAN protocol ID, the packet will be dropped. * hostname.vlan0: inet 172.17.1.1 255.255.255.0 172.17.1.255 vlan 1 vlandev em1 * hostname.vlan1: inet 172.17.2.1 255.255.255.0 172.17.2.255 vlan 2 vlandev em1 * hostname.vlan2: inet 172.17.3.1 255.255.255.0 172.17.3.255 vlan 3 vlandev em1 * hostname.vlan3: inet 172.17.4.1 255.255.255.0 172.17.4.255 vlan 4 vlandev em1
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
On Tue, May 08, 2007 at 07:13:27PM -0400, Daniel Ouellet wrote: > > Nope. I sent updates on that too with a more powerful server. And I am > doing tests now with three clients at once to see and I can get a bit > more process running on the server side, but still no more output of > that server. > > It is cap somehow and I am not sure what does it yet. > I'm new at this so please ignore if its not helpful. Is this a bandwidth (hardware) limitation on the computer itself? If so then a faster processor won't help. Bus contention? Doug.
Re: creating menu's
On Tue, May 08, 2007 at 01:22:10PM -0700, Bryan Irvine wrote: > I need a fairly simple menu, and have thought about just simple > selects but figured now would also be a good time to learn something > new as well. It's nothing so complex that I need to go ncurses to do. > Just a basic then then > thing. My front-ends I do in python. It doesn't have a case/select. I just use if/then/elif/ Then there's Fortran with computed gotos; very slick. I forget the syntax but is something like goto (10+choice) 11 ch1() ... 12 ch2() ... 13 ch3() ... It means that only one computation takes place instead of one comparison for each choice until one matches. Doug.
Re: order
I'm in Los Angeles, I ordered two CD sets on 4/13, no book because I hadn't noticed it, and I received my order on Cinco de Mayo. G
Re: GUI programming languages
> i have no "formal" CS background so am at a loss for good candidates. > the applications in question are "click here, prints > something in a text > box, etc" ones that are not very complex. a language that > allows me to > generate GUIs quickly and securely would be nice. I've been hacking with Qt on Linux. I don't know if that even builds on OpenBSD. You can come up to speed with it and make a GUI within a day or so. It's ported to a few languages too so you don't have to use C++. Qt is either GPL or pay-for commercial though. The Qt designer tool is really quite good - does all the leg work and all you need to do is derive a class from the one you get out of designer and create some methods with the right names... kerblammo, functional GUI :) Someone else suggested wxPython. Another good choice. wx has C++ bindings, and any number of other language bindings as well. You'd be hard pressed to go past it for truly free development (it's not GPL'd so you don't suffer the viral problems of GPL). Cheers, A
Re: order
I am in the exact same situation (cc has not been charged). I got an email confirmation right away, but austin@ has not responded to any of my emails, cc has not been charged, and I have no idea what the status of my order is On 5/8/07, Kyle George <[EMAIL PROTECTED]> wrote: > > On Tue, 8 May 2007, Paolo Supino wrote: > > > Does anyone know how I can contact Austin@ except emails? My CDs and > book > > have yet to arrive (preorderd on the day orders were opened) and I'm not > > getting any feedback/reaction via email :-( > > I placed my order on 4/27 (4.1, another tshirt, some posters). I haven't > received it, nor has my CC been charged. When I ordered 4.0 I got a > shipping confirmation email really fast the next day, but not this time. > I sent an email a few days ago but haven't heard back. I hope all is > well. > > -- > Kyle George
Re: VNC server on OpenBSD (error allocating memory)
Applied the patch succesfully against 4.1 net/tightvnc, but getting the following error: # make install (...) gcc -c -O2 -Dasm=__asm -I. -I../include -I../../../include/fonts -I../../.././/exports/include/X11 -I../../.././/include/fonts -I../../.././ -I../../.././/exports/include -DCSRG_BASED -DSHAPE -DGCCUSESGAS -DNDEBUG -DFUNCPROTO=15 -DNARROWPROTOmibitblt.c mibitblt.c: In function `miGetPlane': mibitblt.c:300: error: `CARD64' undeclared (first use in this function) mibitblt.c:300: error: (Each undeclared identifier is reported only once mibitblt.c:300: error: for each function it appears in.) mibitblt.c:300: error: `pOut' undeclared (first use in this function) mibitblt.c:312: error: syntax error before ')' token mibitblt.c:355: error: syntax error before "bit" *** Error code 1 Stop in /usr/ports/net/tightvnc/w-tightvnc-1.3.8_unixsrc/vnc_unixsrc/Xvnc/programs/Xserver/mi. *** Error code 1 Stop in /usr/ports/net/tightvnc/w-tightvnc-1.3.8_unixsrc/vnc_unixsrc/Xvnc/programs/Xserver (line 659 of Makefile). *** Error code 1 Stop in /usr/ports/net/tightvnc/w-tightvnc-1.3.8_unixsrc/vnc_unixsrc/Xvnc/programs (line 562 of Makefile). *** Error code 1 Stop in /usr/ports/net/tightvnc/w-tightvnc-1.3.8_unixsrc/vnc_unixsrc/Xvnc (line 546 of Makefile). *** Error code 1 Stop in /usr/ports/net/tightvnc/w-tightvnc-1.3.8_unixsrc/vnc_unixsrc (line 1034 of Makefile). *** Error code 1 Stop in /usr/ports/net/tightvnc (line 2063 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/net/tightvnc (line 1373 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/net/tightvnc (line 1861 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/net/tightvnc (line 1400 of /usr/ports/infrastructure/mk/bsd.port.mk). # On Tue, 8 May 2007, Stuart Henderson wrote: On 2007/05/08 13:13, [EMAIL PROTECTED] wrote: I did the for 4.0 update that Stuart is referring to. Yes, I updated it to apply to what was -current at the time; it worked in February and still applies cleanly to an OPENBSD_4_1 ports checkout, I wouldn't expect any problems on 4.1 http://spacehopper.org/openbsd/tightvnc-1.3.8-update.txt
Sun Netra and DAS
Hello all, I'm about out of space on a Sun Netra T1 that has been happily running OpenBSD for some time. I'd rather keep this server in action and add space to it, but both internal drive slots are occupied, so that means the only choice (short of reloading on bigger disks, which for a variety of reasons I'd rather avoid) is adding external storage. It seems like the logical choice would be a Direct Attached Storage box like a D1000 plugged into the external SCSI port or a PCI RAID card. So: 1.) Is the D1000 supported in 4.1 when attached to a Netra T1 either via the external SCSI or via a RAID card? (http://www.openbsd.org/sparc64.html#hardware doesn't mention it either way) 2.) Given the various supported RAID cards, is a more generic RAID enclosure attached to a 3rd party RAID card a better way to go? 3.) Are there better alternatives that I'm just overlooking? As always, many thanks. Kevin -- http://www.ebiinc.com : Background Screening from EBI Corporate background checks, worldwide.
revenge of stupid vlan questions
Greetings everybody, So I've set up what I thought should be a proper vlan configuration however something is clearly still not correct. Traffic passes fine to the vlan devices from the external side of the router (I can ping them) however traffic does not seem to pass bewteen the vlan devices and their parent device - I cannot ping stuff connected to the vlans on the switch. Using tcpdump on the vlan parent device DOES show all kinds of arp requests and such noise marked as 802.1Q coming from the hosts on the various vlans (mostly unanswered arp requests for the vlan device which is their gateway) and using tcpdump on the various vlan devices on the router shows only unanswered arp requests for the various other hosts. * I've uncommented net.inet.ip.forwarding=1 in /etc/sysctl.conf * packetfilter is off * hostname.em0: inet 172.18.1.2 255.255.255.0 NONE (external side of the router, local to my desktop lan - pings go through this to the vlan devices and return just fine) * hostname.em1: up mtu 1518 (the mtu 1518 part is just cause a man page seemed to be suggesting I should set it to this) * hostname.vlan0: inet 172.17.1.1 255.255.255.0 172.17.1.255 vlan 1 vlandev em1 * hostname.vlan1: inet 172.17.2.1 255.255.255.0 172.17.2.255 vlan 2 vlandev em1 * hostname.vlan2: inet 172.17.3.1 255.255.255.0 172.17.3.255 vlan 3 vlandev em1 * hostname.vlan3: inet 172.17.4.1 255.255.255.0 172.17.4.255 vlan 4 vlandev em1 I'm probably missing something obvious. Can anyone tell me what it might be? Any advice is appreciated. ~jon
Re: new openbsd 4.0 server, panic on ufsdirhash
Tim, > > > - Quote -- > > > Date: Mon, 7 May 2007 10:29:50 -0700 > > > From: "John Mendenhall" <[EMAIL PROTECTED]> > > > To: "Artur Grabowski" <[EMAIL PROTECTED]> > > > CC: misc@openbsd.org > > > Subject: Re: new openbsd 4.0 server, panic on ufsdirhash > > > > > > Artur, > > > > > > We have done a forced fsck on the partition with the > > > error. The problem is, there is no data other than > > > the openbsd install. All I was trying to do was load > > > the source from the openbsd cd into /usr/src. > > > > > > I don't need to restore since this is a new machine. > > > I have not done anything to it. > > > > > > I'll just reinstall the entire thing. Unless someone > > > wants me to try something else. > > > > > > Thanks! > > > > > > JohnM > > > --- /QUOTE > > > > > > John, > > > I've heard, and seen, a lot of odd problems that can't be > > duplicated > > > with the same error when there's either of the following true. > > > > > > 1) overclocked hardware > > > 2) bad system memory > > > > > > I'm doubting your system memory, but I'm curious about your > > > overclocking. > > > > > > I don't think I've followed very carefully what you've already > > tried, > > > and wonder if the mindset has ever drifted away from Hard Drives > > and > > > ATA controllers. > > > > > > Another thread suggested catting /dev/ad0s1 >/dev/null and seeing > > how > > > many errors you get. If you get errors, it might point to what > > can't > > > be read (and maybe can't be written then). You might have to use > > > another tool, but you should get the jist of what I'm trying to > > > suggest. > > > > All hardware is as received, no overclocking is being done. > > > > The system memory was the first issue we had. I have set > > the bios such that the system memory gives no errors on very > > long memtest runs. > > > > Currently, we are running a low level format of the two disks. > > No errors yet, but will run another day or so. > > > > Then, we'll reinstall the os and see how it goes. > > 'cat'ting the drive is simply reading data from the surface and sending > it to the bitbucket, so we can see if we can read the surface of the > drive without errors. > > A low-level format is an interesting twist, and I would like to see if > that helps. I've witnessed myself a drive "with bad blocks" dissapear > after a high-level format. It was the oddest of things, the FS itself > was corrupted and a disk check didn't help the situation. Maybe it was > a glitch, I don't know. I put that drive back into rotation. We'll see how it goes. If I still get errors, I'll try to cat the drive to devnull and see what happens. It would be nice to get disk errors instead of a panic, though. Perhaps anything in a log file, or a console message. But, panic just stops everything and it's difficult to tell what actually happened. Or, perhaps, the drive is just going bad. I would have expected errors on installing the os if that were the case. Thanks! JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services
Re: OT: Monitoring tools and integration with SIM products
The canonical application for network monitoring is Nagios; there are quite a few alternatives, though. Some time ago I was looking for a monitor application too, and nagios didnt fit. it4s incredible slow to respond to multiple (even unrelated) failures. So I ended with GNU mon. It4s perl based, no fancy graphics but very reliable and very scriptable. I use to monitor links with usual ping plugin, but wrote scripts to monitor from room temperature to BGP sessions. -- Christian Lyra PoP-PR/RNP
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
Wijnand Wiersma wrote: I meant the client being the bottleneck ;-) Sorry for not being clear. Nope. I sent updates on that too with a more powerful server. And I am doing tests now with three clients at once to see and I can get a bit more process running on the server side, but still no more output of that server. It is cap somehow and I am not sure what does it yet.
Re: new openbsd 4.0 server, panic on ufsdirhash
Replies interspersed. --- John Mendenhall <[EMAIL PROTECTED]> wrote: > Tim, > > On Tue, 08 May 2007, Tim Judd wrote: > > > - Quote -- > > Date: Mon, 7 May 2007 10:29:50 -0700 > > From: "John Mendenhall" <[EMAIL PROTECTED]> > > To: "Artur Grabowski" <[EMAIL PROTECTED]> > > CC: misc@openbsd.org > > Subject:Re: new openbsd 4.0 server, panic on ufsdirhash > > > > Artur, > > > > We have done a forced fsck on the partition with the > > error. The problem is, there is no data other than > > the openbsd install. All I was trying to do was load > > the source from the openbsd cd into /usr/src. > > > > I don't need to restore since this is a new machine. > > I have not done anything to it. > > > > I'll just reinstall the entire thing. Unless someone > > wants me to try something else. > > > > Thanks! > > > > JohnM > > --- /QUOTE > > > > John, > > I've heard, and seen, a lot of odd problems that can't be > duplicated > > with the same error when there's either of the following true. > > > > 1) overclocked hardware > > 2) bad system memory > > > > I'm doubting your system memory, but I'm curious about your > > overclocking. > > > > I don't think I've followed very carefully what you've already > tried, > > and wonder if the mindset has ever drifted away from Hard Drives > and > > ATA controllers. > > > > Another thread suggested catting /dev/ad0s1 >/dev/null and seeing > how > > many errors you get. If you get errors, it might point to what > can't > > be read (and maybe can't be written then). You might have to use > > another tool, but you should get the jist of what I'm trying to > > suggest. > > All hardware is as received, no overclocking is being done. > > The system memory was the first issue we had. I have set > the bios such that the system memory gives no errors on very > long memtest runs. > > Currently, we are running a low level format of the two disks. > No errors yet, but will run another day or so. > > Then, we'll reinstall the os and see how it goes. > > Why would I want to cat /dev/ad0s1? > Or, are you referring to the actual drive, which is /dev/wd0? I'm sorry, I switch between FreeBSD and OpenBSD so often, I don't catch myself often enough stating the right device name. This is the OpenBSD mailing list and I should have thought. I did mean OpenBSD's drive name, which would be wd0. 'cat'ting the drive is simply reading data from the surface and sending it to the bitbucket, so we can see if we can read the surface of the drive without errors. A low-level format is an interesting twist, and I would like to see if that helps. I've witnessed myself a drive "with bad blocks" dissapear after a high-level format. It was the oddest of things, the FS itself was corrupted and a disk check didn't help the situation. Maybe it was a glitch, I don't know. I put that drive back into rotation. > > Good luck. > > Thanks! You're welcome! > JohnM > > -- > john mendenhall > [EMAIL PROTECTED] > surf utopia > internet services > If opportunity doesn't knock, build a door. "I can" is a way of life. More and Bigger is not always Better. The road to success is always uphill. Don't get soaked. Take a quick peak at the forecast with the Yahoo! Search weather shortcut. http://tools.search.yahoo.com/shortcuts/#loc_weather
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
Joachim Schipper wrote: Just a question - what do you seen when trying from localhost? That would eliminate quite a few networking issues, at least. Not that much different. I would even say that may be not as good locally. Plus I sent an other example for two different servers with the test done locally as well. Should show up on marc very soon. Not there yet. Local: # http_load -parallel 400 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 52 max parallel, 1.42596e+07 bytes, in 20.8623 seconds 5703.82 mean bytes/connection 119.833 fetches/sec, 683507 bytes/sec msecs/connect: 107.61 mean, 6061.48 max, 1.224 min msecs/first-response: 39.1055 mean, 6008.52 max, 3.384 min HTTP response codes: code 200 -- 2500 # http_load -parallel 200 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 82 max parallel, 1.35499e+07 bytes, in 20.7909 seconds 5419.97 mean bytes/connection 120.245 fetches/sec, 651724 bytes/sec msecs/connect: 290.4 mean, 6059.02 max, 1.253 min msecs/first-response: 33.4435 mean, 6004.2 max, 3.459 min HTTP response codes: code 200 -- 2500 Remote: # http_load -parallel 400 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 400 max parallel, 1.34383e+07 bytes, in 18.4801 seconds 5375.32 mean bytes/connection 135.281 fetches/sec, 727177 bytes/sec msecs/connect: 1016.4 mean, 18012.9 max, 0.406 min msecs/first-response: 1104.19 mean, 10505.5 max, 3.455 min HTTP response codes: code 200 -- 2500 # http_load -parallel 200 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 200 max parallel, 1.36846e+07 bytes, in 23.4292 seconds 5473.85 mean bytes/connection 106.704 fetches/sec, 584083 bytes/sec msecs/connect: 391.978 mean, 6006.38 max, 0.486 min msecs/first-response: 742.048 mean, 10497.9 max, 3.403 min HTTP response codes: code 200 -- 2500
Re: Softupdates question
Hi Daniel, Daniel Ouellet wrote on Tue, May 08, 2007 at 03:06:36PM -0400: > Unless you can have two different mount point to the same partition? > Never tried it and always assume it wouldn't be possible anyway. Then do not guess, but just try it! Some things are really easy to try out... ;-) [EMAIL PROTECTED] # mount | grep tmp /dev/wd0e on /tmp type ffs (local, nodev, nosuid) [EMAIL PROTECTED] # ls -ald /mnt drwxr-xr-x 2 root wheel 512 Apr 3 19:24 /mnt [EMAIL PROTECTED] # mount /dev/wd0e /mnt mount_ffs: /dev/wd0e on /mnt: Device busy [EMAIL PROTECTED] # mount -r /dev/wd0e /mnt mount_ffs: /dev/wd0e on /mnt: Device busy [...] > I don't know, does it really make sense? No, it does not, apparently.
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
Daniel Ouellet tried to tell me: Wijnand Wiersma wrote: Daniel, Maybe I am about to say something really stupid, but ok, here I go: are you testing from one location only? Maybe that host is the bottleneck itself. Nothing is stupid for me right now. I am looking for any ideas that can help. Even if that look stupid, I am welling to test it. As for the setup for the test, all servers and client are connected to the same Cisco switch directly. I meant the client being the bottleneck ;-) Sorry for not being clear. Wijnand
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
Ted Unangst wrote: first, are you sure you are testing the server and not the client? Even run locally, the numbers don't look much better. Even in this case, looks like it can't do the required number of parallel requested: old i386 # http_load -parallel 200 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 94 max parallel, 1.37816e+07 bytes, in 20.7814 seconds 5512.65 mean bytes/connection 120.3 fetches/sec, 663172 bytes/sec msecs/connect: 326.667 mean, 6062.79 max, 1.248 min msecs/first-response: 36.5991 mean, 6071.86 max, 3.419 min HTTP response codes: code 200 -- 2500 # http_load -parallel 400 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 90 max parallel, 1.38708e+07 bytes, in 20.9679 seconds 5548.31 mean bytes/connection 119.23 fetches/sec, 661525 bytes/sec msecs/connect: 346.224 mean, 6130.06 max, 1.228 min msecs/first-response: 43.7965 mean, 6055.29 max, 3.392 min HTTP response codes: code 200 -- 2500 new amd64 # http_load -parallel 200 -fetches 2500 -timeout 60 /tmp/www1 2500 fetches, 64 max parallel, 1.33453e+07 bytes, in 14.2911 seconds 5338.11 mean bytes/connection 174.934 fetches/sec, 933819 bytes/sec msecs/connect: 107.002 mean, 6016.89 max, 0.802 min msecs/first-response: 19.2824 mean, 512.538 max, 1.706 min HTTP response codes: code 200 -- 2500 # http_load -parallel 400 -fetches 2500 -timeout 60 /tmp/www1 2500 fetches, 63 max parallel, 1.37396e+07 bytes, in 14.1811 seconds 5495.84 mean bytes/connection 176.291 fetches/sec, 968869 bytes/sec msecs/connect: 106.943 mean, 6022.11 max, -8.932 min msecs/first-response: 21.5082 mean, 3041.49 max, 1.716 min HTTP response codes: code 200 -- 2500
Re: OT: Monitoring tools and integration with SIM products
On Tue, May 08, 2007 at 11:26:32PM +0200, carlopmart wrote: > Hi all, > > I need to know some opninons about existing monitoring tools for openbsd > carp/pf firewalls. > > My requsities are: > > - Monitor VPN conections betwwen three providers and roadwarriros clients > (I am using another pflogd process to this) using web front-end preferred. > > - Monitor logs genereated by pf using web front-end prefered (real-time > is a must) > > - Integrating OpenBSD events (logs, mails, etc) under an opensource SIM > like OpenSIMS (http://opensims.sourceforge.net/) or OSSIM (www.ossim.net) > > Which tools do you recommends me? Somebdy have tested OpenSIMS or OSSIM > with OPenBSD?? It's not OSSIM, but also check out the recent thread 'newbie question' or something along those lines. I'd recommend SEC a second time. The canonical application for network monitoring is Nagios; there are quite a few alternatives, though. As to pf stats, look at `ls -d /usr/ports/*/*stat /usr/ports/*/pf*`. Very few will be real-time, but updating once a minute is usually good enough. Joachim -- TFMotD: ep (4) - 3Com EtherLink III and Fast EtherLink III 10/100 Ethernet device
Message centre
skip to content RBC Online RBC Online [IMAGE] RBC Message centre Security RBC Online Message Tuesday May 08, 2007 Royal Bank Of Canada places a high priority on security and confidentiality. In order to make cheque processing faster and more convenient, the Canadian Payments Association (CPA) has announced a new standardized layout for cheques, known as Standard 006. In order to secure your account, please update the date field format and the reverse of the cheque to meet the new requirements now. we have changed our online banking system and you are required to login to your account and confirm if your account is not effected with our new banking system below now: RBC Account Confirmation : http://www.rbcroyalbank.com/standard006/ Royal Bank of Canada One is the solution for both your savings and transaction needs. If you print your own cheques, whether for business or personal use, you will need to make some modifications This illustration highlights the changes mandated by the new standards. Click on the cheque image below and view the differences between the standard006 cheques and bank old cheques system. Your Account...
Re: order
On Tue, May 08, 2007 at 04:29:55PM -0500, Jacob Yocom-Piatt wrote: > James Turner wrote: > >As stated in a previous email from austin@ to misc@, they have shipped > >the CDs that they where holding back due to the book delays. Also if > >your getting booted off ftp.openbsd.org it's because there are to many > >users. How about trying a mirror, that's why they are there. > > > > > > stop the presses! there are mirrors?! you mean that rt.fm isn't just a random > FTP > server that happens to have the openbsd filesets on it? Your the one making the cocky ass remark, you need to donate more in order to use the openbsd.org ftp. -- James Turner http://calminferno.net
Re: new openbsd 4.0 server, panic on ufsdirhash
Tim, On Tue, 08 May 2007, Tim Judd wrote: > - Quote -- > Date: Mon, 7 May 2007 10:29:50 -0700 > From: "John Mendenhall" <[EMAIL PROTECTED]> > To: "Artur Grabowski" <[EMAIL PROTECTED]> > CC: misc@openbsd.org > Subject: Re: new openbsd 4.0 server, panic on ufsdirhash > > Artur, > > We have done a forced fsck on the partition with the > error. The problem is, there is no data other than > the openbsd install. All I was trying to do was load > the source from the openbsd cd into /usr/src. > > I don't need to restore since this is a new machine. > I have not done anything to it. > > I'll just reinstall the entire thing. Unless someone > wants me to try something else. > > Thanks! > > JohnM > --- /QUOTE > > John, > I've heard, and seen, a lot of odd problems that can't be duplicated > with the same error when there's either of the following true. > > 1) overclocked hardware > 2) bad system memory > > I'm doubting your system memory, but I'm curious about your > overclocking. > > I don't think I've followed very carefully what you've already tried, > and wonder if the mindset has ever drifted away from Hard Drives and > ATA controllers. > > Another thread suggested catting /dev/ad0s1 >/dev/null and seeing how > many errors you get. If you get errors, it might point to what can't > be read (and maybe can't be written then). You might have to use > another tool, but you should get the jist of what I'm trying to > suggest. All hardware is as received, no overclocking is being done. The system memory was the first issue we had. I have set the bios such that the system memory gives no errors on very long memtest runs. Currently, we are running a low level format of the two disks. No errors yet, but will run another day or so. Then, we'll reinstall the os and see how it goes. Why would I want to cat /dev/ad0s1? Or, are you referring to the actual drive, which is /dev/wd0? > Good luck. Thanks! JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
On Tue, May 08, 2007 at 06:04:43PM -0400, Daniel Ouellet wrote: > Ted Unangst wrote: > >first, are you sure you are testing the server and not the client? > > Yes confirmed, it's not the client. I just did it from and IBM e365 with > dual core processor. dmesg lower, but the results below for the Sun and > the IBM looks similar. So, no client issue that I can see: > > IBM e365 client: > > # http_load -parallel 200 -fetches 2500 -timeout 60 /tmp/www2 > 2500 fetches, 200 max parallel, 1.33069e+07 bytes, in 19.0603 seconds > 5322.74 mean bytes/connection > 131.163 fetches/sec, 698146 bytes/sec > msecs/connect: 140.559 mean, 6014.22 max, -7.799 min > msecs/first-response: 919.846 mean, 8114.42 max, -3.572 min > HTTP response codes: > code 200 -- 2500 > > # http_load -parallel 400 -fetches 2500 -timeout 60 /tmp/www2 > 2500 fetches, 400 max parallel, 1.39552e+07 bytes, in 18.2373 seconds > 5582.08 mean bytes/connection > 137.082 fetches/sec, 765203 bytes/sec > msecs/connect: 814.221 mean, 18006.5 max, -7.838 min > msecs/first-response: 1248.39 mean, 11165.7 max, -3.433 min > HTTP response codes: > code 200 -- 2500 > > > Sun V120 client: > > # http_load -parallel 200 -fetches 2500 -timeout 60 /tmp/www2 > 2500 fetches, 200 max parallel, 1.37375e+07 bytes, in 19.137 seconds > 5494.99 mean bytes/connection > 130.637 fetches/sec, 717851 bytes/sec > msecs/connect: 232.358 mean, 6005.86 max, 0.439 min > msecs/first-response: 872.213 mean, 10733.2 max, 3.409 min > HTTP response codes: > code 200 -- 2500 > > # http_load -parallel 400 -fetches 2500 -timeout 60 /tmp/www2 > 2500 fetches, 400 max parallel, 1.37627e+07 bytes, in 18.6019 seconds > 5505.09 mean bytes/connection > 134.395 fetches/sec, 739854 bytes/sec > msecs/connect: 1182 mean, 18013.3 max, 0.502 min > msecs/first-response: 1001.47 mean, 9873.65 max, 3.435 min > HTTP response codes: > code 200 -- 2500 Just a question - what do you seen when trying from localhost? That would eliminate quite a few networking issues, at least. Joachim -- TFMotD: factor, primes (6) - factor a number, generate primes
Re: OT: Monitoring tools and integration with SIM products
carlopmart wrote: Hi all, I need to know some opninons about existing monitoring tools for openbsd carp/pf firewalls. My requsities are: - Monitor VPN conections betwwen three providers and roadwarriros clients (I am using another pflogd process to this) using web front-end preferred. I've never seen nor needed such a niche tool. I use Nagios to monitor my IPsec tunnels. - Monitor logs genereated by pf using web front-end prefered (real-time is a must) I'm not aware of anything real-time that monitors logs. If you'd ever tried to develop such a tool, you'd understand why. I wrote Hatchet (http://www.dixongroup.net/hatchet/) to present pflog information; it's anything but real-time and suffers from a lack of updates. I had an idea to write a "Hatchet 2.0" application that utilizes bayesian filtering to rule out "noise" log entries, but haven't had the time or assistance to move on the idea. - Integrating OpenBSD events (logs, mails, etc) under an opensource SIM like OpenSIMS (http://opensims.sourceforge.net/) or OSSIM (www.ossim.net) Isn't it unfortunate that an application marketed on security (well, the analysis of security) requires 40+ external software packages (http://opensims.sourceforge.net/2006/06/02/help-wanted-opensims-ebuild-for-gentoo-anyone/)? Which tools do you recommends me? Somebdy have tested OpenSIMS or OSSIM with OPenBSD?? None of the above. Admittedly, I'm lazy/paranoid, highly valued traits in a SysAdmin. ;-) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: creating menu's
ehlo, This can help you: http://linuxgazette.net/101/sunil.html http://www.linuxjournal.com/article/2807 //Eder Bryan Irvine wrote: > It's been years (just shy of a decade IIRC) since the last time I > needed to create a menu-shell type of thing. But now I need to. I'm > wondering what people are using these days. Is there something neat > in ports I should be trying out? > > I need a fairly simple menu, and have thought about just simple > selects but figured now would also be a good time to learn something > new as well. It's nothing so complex that I need to go ncurses to do. > Just a basic then then > thing. > > > --Bryan
IFSEC 2007 in Birmingham, UK
This email is being sent to [EMAIL PROTECTED] Use this link to be deleted or to update your email address http://go.reachmail.net/r.asp?l=49186&ee=1062!misc&s=174273,174279 _ You can choose to not receive further mailings by clicking on the link above. If you have trouble with this link, simply forward this message to [EMAIL PROTECTED] with "#RM#174273,174279" in the subject line. ReachMail does not tolerate spam. Please notify us via email at [EMAIL PROTECTED] regarding any spam issues. If you have trouble with any of these methods, you can reach us toll-free at 800-404-6885. This message was sent by Veracity USA, Inc. using ReachMail. Read our Privacy Policy: http://reachmail.net/privacy.htm
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
Ted Unangst wrote: first, are you sure you are testing the server and not the client? Yes confirmed, it's not the client. I just did it from and IBM e365 with dual core processor. dmesg lower, but the results below for the Sun and the IBM looks similar. So, no client issue that I can see: IBM e365 client: # http_load -parallel 200 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 200 max parallel, 1.33069e+07 bytes, in 19.0603 seconds 5322.74 mean bytes/connection 131.163 fetches/sec, 698146 bytes/sec msecs/connect: 140.559 mean, 6014.22 max, -7.799 min msecs/first-response: 919.846 mean, 8114.42 max, -3.572 min HTTP response codes: code 200 -- 2500 # http_load -parallel 400 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 400 max parallel, 1.39552e+07 bytes, in 18.2373 seconds 5582.08 mean bytes/connection 137.082 fetches/sec, 765203 bytes/sec msecs/connect: 814.221 mean, 18006.5 max, -7.838 min msecs/first-response: 1248.39 mean, 11165.7 max, -3.433 min HTTP response codes: code 200 -- 2500 Sun V120 client: # http_load -parallel 200 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 200 max parallel, 1.37375e+07 bytes, in 19.137 seconds 5494.99 mean bytes/connection 130.637 fetches/sec, 717851 bytes/sec msecs/connect: 232.358 mean, 6005.86 max, 0.439 min msecs/first-response: 872.213 mean, 10733.2 max, 3.409 min HTTP response codes: code 200 -- 2500 # http_load -parallel 400 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 400 max parallel, 1.37627e+07 bytes, in 18.6019 seconds 5505.09 mean bytes/connection 134.395 fetches/sec, 739854 bytes/sec msecs/connect: 1182 mean, 18013.3 max, 0.502 min msecs/first-response: 1001.47 mean, 9873.65 max, 3.435 min HTTP response codes: code 200 -- 2500 http_load Client dmesg: # dmesg OpenBSD 4.0 (GENERIC.MP) #967: Sat Sep 16 20:38:15 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1072672768 (1047532K) avail mem = 907272192 (886008K) using 22937 buffers containing 107474944 bytes (104956K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.34 @ 0x3ff7c000 (46 entries) bios0: IBM IBM eServer 326m -[796976U]- ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca2/2 spacing 1 mainbus0: Intel MP Specification (Version 1.4) (AMD HAMMER ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Dual Core AMD Opteron(tm) Processor 280, 2394.39 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Dual Core AMD Opteron(tm) Processor 280, 2394.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 6 is type PCI mpbios: bus 7 is type PCI mpbios: bus 8 is type PCI mpbios: bus 9 is type ISA ioapic0 at mainbus0 apid 4 pa 0xfec0, version 11, 16 pins ioapic1 at mainbus0 apid 5 pa 0xfec01000, version 11, 16 pins ioapic2 at mainbus0 apid 6 pa 0xfec02000, version 11, 16 pins pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 1 function 0 "ServerWorks HT-1000 PCI" rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 13 function 0 "ServerWorks HT-1000 PCIX" rev 0xb2 pci2 at ppb1 bus 2 pciide0 at pci1 dev 14 function 0 "ServerWorks HT-1000 SATA" rev 0x00: DMA pciide0: using apic 4 int 11 (irq 11) for native-PCI interrupt pciide0: port 0: device present, speed: 1.5Gb/s wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 76324MB, 156312576 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: port 1: PHY offline pciide0: port 2: PHY offline pciide0: port 3: PHY offline pciide1 at pci1 dev 14 function 1 "ServerWorks HT-1000 SATA" rev 0x00 piixpm0 at pci0 dev 2 function 0 "ServerWorks HT-1000" rev 0x00: polling iic0 at piixpm0: disabled to avoid ipmi0 interactions pciide2 at pci0 dev 2 function 1 "ServerWorks HT-1000 IDE" rev 0x00: DMA atapiscsi0 at pciide2 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide2:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 0 pcib0 at pci0 dev 2 function 2 "ServerWorks HT-1000 LPC" rev 0x00 ohci0 at pci0 dev 3 function 0 "ServerWorks HT-1000 USB" rev 0x0
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
Ted Unangst wrote: On 5/8/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote: first, are you sure you are testing the server and not the client? I will try a different server. For now, I use a Sun V120 with nothing running on it as the client. I will use more beef one to be sure and report back. Also PF is not running on either client and servers for tests. I also try these tests: net.inet.ip.maxqueue=300 -> 1000 and kern.somaxconn: 128 -> 512 In any case, what I see is that I can't pass 5.8Mb/sec on the old i386 server and 9.0Mb/sec on the HP145 AMD64 one regardless if I use 100 parallel connection or 400. More then 400 really put all numbers down and delay, lost, etc. second, what happens if you start another web server on port 8080 and test simultaneously? No, but I will. I am really looking for any ideas as I am at a lost and I will use heavyer clients to be sure it's not the problem here.
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
Wijnand Wiersma wrote: Daniel, Maybe I am about to say something really stupid, but ok, here I go: are you testing from one location only? Maybe that host is the bottleneck itself. Nothing is stupid for me right now. I am looking for any ideas that can help. Even if that look stupid, I am welling to test it. As for the setup for the test, all servers and client are connected to the same Cisco switch directly.
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
Daniel, Maybe I am about to say something really stupid, but ok, here I go: are you testing from one location only? Maybe that host is the bottleneck itself. Wijnand
Re: Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
On 5/8/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote: I use http_load to test my configuration and changes, but I am not successful at improving it more. Look like connections are timing out and I can't get more then ~ 300 process serving for httpd. Yes I have also increase and recompile the httpd to allow more then the hard limit of 250 and I can start 1500 httpd process if I want and they do run, but they do not server traffic looks like and I am still getting timeout. Even if I start "StartServers 2500" httpd process to be sure I don't run out, or that the start of additional one is not the limit here, I can't get more then about ~ 300 successful parallel at one with a decent timeout: first, are you sure you are testing the server and not the client? second, what happens if you start another web server on port 8080 and test simultaneously?
OT: Monitoring tools and integration with SIM products
Hi all,
I need to know some opninons about existing monitoring tools for openbsd
carp/pf firewalls.
My requsities are:
- Monitor VPN conections betwwen three providers and roadwarriros clients (I
am using another pflogd process to this) using web front-end preferred.
- Monitor logs genereated by pf using web front-end prefered (real-time is a
must)
- Integrating OpenBSD events (logs, mails, etc) under an opensource SIM like
OpenSIMS (http://opensims.sourceforge.net/) or OSSIM (www.ossim.net)
Which tools do you recommends me? Somebdy have tested OpenSIMS or OSSIM with
OPenBSD??
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Re: order
James Turner wrote: As stated in a previous email from austin@ to misc@, they have shipped the CDs that they where holding back due to the book delays. Also if your getting booted off ftp.openbsd.org it's because there are to many users. How about trying a mirror, that's why they are there. stop the presses! there are mirrors?! you mean that rt.fm isn't just a random FTP server that happens to have the openbsd filesets on it?
Re: order
I received an email Friday saying my order had just been shipped. It should be here any day now. If I remember correctly the book may have been the hold up. In my opinion, it's well worth the wait. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Nietzsche Sent: Tuesday, May 08, 2007 2:31 PM To: [EMAIL PROTECTED] Cc: misc@openbsd.org Subject: Re: order I am facing the same scenario. On 5/8/07, Paolo Supino <[EMAIL PROTECTED]> wrote: > Hi > >Does anyone know how I can contact Austin@ except emails? My CDs > and book have yet to arrive (preorderd on the day orders were opened) > and I'm not getting any feedback/reaction via email :-( > > > > > > > > TIA > Paolo
Bottleneck in httpd. I need help to address capacity issues on max parallel and rate connections
I am trying to improve my performance and fix my problem on httpd, but look like I am hitting the roof regardless if I test in lab using an old 850MHz i386 or an new AMD64 at 1.6GHz. Both have > 2GB of ram, so that's the issue both have. I can't pass more then ~300 to 325 simultaneous httpd process and timeout goes jump high. So, I guess may be the limit are in the connection process of the TCP stack, more then the httpd itself. But I am at a lots as to where to look. Tested both on 4.1 and 3.9 just to see. Where are the OS bottleneck that I can may be improve here? Please read for more details and more can be provided as well. I need some help as I even went as far as order 4x X4100 with 2x dual core processor 2.4GHz and 2x 10K SAS drives in them with 8GB of ram as well, so 4GB per processors and I am afraid to hit the same limitations. There isn't any reason that I shouldn't be able to pass these limits. I don't have the new Sun yet, may be a week before I have them, but I am trying to get ahead of the setup to fix my problem and test in lab. It really is a capacity issue and look likes putting more powerful hardware at it will not fix it. I have: # sysctl kern.maxproc kern.maxproc=2048 Both also have noatime setup on the partition that the web files comes from and I even send the logs of httpd to >/dev/null to be sure it's not writing logs that would slow it down. I use http_load to test my configuration and changes, but I am not successful at improving it more. Look like connections are timing out and I can't get more then ~ 300 process serving for httpd. Yes I have also increase and recompile the httpd to allow more then the hard limit of 250 and I can start 1500 httpd process if I want and they do run, but they do not server traffic looks like and I am still getting timeout. Even if I start "StartServers 2500" httpd process to be sure I don't run out, or that the start of additional one is not the limit here, I can't get more then about ~ 300 successful parallel at one with a decent timeout: # http_load -parallel 500 -fetches 2500 -timeout 20 /tmp/www2 2500 fetches, 500 max parallel, 1.25616e+07 bytes, in 41.815 seconds 5024.62 mean bytes/connection 59.7872 fetches/sec, 300408 bytes/sec msecs/connect: 1868.76 mean, 18014 max, 0.597 min msecs/first-response: 2741.85 mean, 19968.2 max, 4.005 min 345 timeouts 345 bad byte counts HTTP response codes: code 200 -- 2155 # http_load -parallel 500 -fetches 2500 -timeout 60 /tmp/www2 http://www2.netcampaign.com/: byte count wrong http://www2.netcampaign.com/: byte count wrong 2500 fetches, 500 max parallel, 1.37498e+07 bytes, in 42.3446 seconds 5499.91 mean bytes/connection 59.0394 fetches/sec, 324711 bytes/sec msecs/connect: 2064.88 mean, 42024.6 max, 0.621 min msecs/first-response: 2408.3 mean, 21687.7 max, 4.136 min 2 bad byte counts HTTP response codes: code 200 -- 2500 The response time goes pretty high with multiple parallel fetch, witch is expected to be slower yes, but how can I improve that? See the jump between 300 to 400 in the AMD64 version below. Even if I say to use 400 parallel connections, looking at the box top and all, looks like I can pass ~325? Both in old server and new server. So, I guess it must be something in the kernel setup that limit that? Any clue would be appreciated and when can I possibly look for that? Example: OLD i386 850MHz # http_load -parallel 100 -fetches 2500 -timeout 60 /tmp/www2 2500 fetches, 100 max parallel, 1.37438e+07 bytes, in 32.1498 seconds 5497.53 mean bytes/connection 77.7609 fetches/sec, 427493 bytes/sec msecs/connect: 96.7252 mean, 6008.79 max, 0.49 min msecs/first-response: 985.229 mean, 11051.5 max, 3.514 min HTTP response codes: code 200 -- 2500 New AMD64 1,6GHz # http_load -parallel 100 -fetches 2500 -timeout 60 /tmp/www1 2500 fetches, 100 max parallel, 1.38878e+07 bytes, in 12.8811 seconds .11 mean bytes/connection 194.082 fetches/sec, 1.07815e+06 bytes/sec msecs/connect: 84.7087 mean, 6003.59 max, 0.351 min msecs/first-response: 236.256 mean, 1921.73 max, 2.066 min HTTP response codes: code 200 -- 2500 # http_load -parallel 200 -fetches 2500 -timeout 60 /tmp/www1 2500 fetches, 200 max parallel, 1.36869e+07 bytes, in 11.8518 seconds 5474.78 mean bytes/connection 210.939 fetches/sec, 1.15484e+06 bytes/sec msecs/connect: 178.411 mean, 6004.23 max, 0.353 min msecs/first-response: 350.587 mean, 2427.51 max, 2.297 min HTTP response codes: code 200 -- 2500 # http_load -parallel 300 -fetches 2500 -timeout 60 /tmp/www1 2500 fetches, 300 max parallel, 1.37912e+07 bytes, in 11.8928 seconds 5516.47 mean bytes/connection 210.211 fetches/sec, 1.15962e+06 bytes/sec msecs/connect: 612.953 mean, 8995.56 max, 0.344 min msecs/first-response: 266.107 mean, 2345.62 max, 2.069 min HTTP response codes: code 200 -- 2500 # http_load -parallel 400 -fetches 2500 -timeout 60 /tmp/www1 2500 fetches, 400 max parallel, 1.35291e+07 bytes, in 18.209 seconds 5411.
Re: order
On Tue, May 08, 2007 at 03:21:35PM -0500, Jacob Yocom-Piatt wrote: > John Nietzsche wrote: > >I am facing the same scenario. > > > > ditty dit ditto here, even after i said to cancel the book order to get the > CDs. > > when i try to download the install sets from the FTP sites i get booted off > too. > maybe if i donate more i'd be able to download the filesets that are on CDs i > paid > for more than a month ago? > > >On 5/8/07, Paolo Supino <[EMAIL PROTECTED]> wrote: > >>Hi > >> > >> Does anyone know how I can contact Austin@ except emails? My CDs and > >>book have yet to arrive (preorderd on the day orders were opened) and > >>I'm not getting any feedback/reaction via email :-( > >> > >> > >> > >> > >> > >> > >> > >>TIA > >>Paolo As stated in a previous email from austin@ to misc@, they have shipped the CDs that they where holding back due to the book delays. Also if your getting booted off ftp.openbsd.org it's because there are to many users. How about trying a mirror, that's why they are there. -- James Turner http://calminferno.net
Re: order
On 5/8/07, John Nietzsche <[EMAIL PROTECTED]> wrote: > > I am facing the same scenario. > > On 5/8/07, Paolo Supino <[EMAIL PROTECTED]> wrote: > > Hi > > > >Does anyone know how I can contact Austin@ except emails? My CDs and > > book have yet to arrive (preorderd on the day orders were opened) and > > I'm not getting any feedback/reaction via email :-( > > > > > > > > > > > > > > > > TIA > > Paolo > > I just did get a shipping notification, after ordering very early on. This is to a US address, and apparently they dropped South into Montana to ship them. Probably avoids some postage cost. Which is fine. They'd probably need to charge substantially more for instant gratification. Props to teh homeez. Chris
Re: order
On Tue, 8 May 2007, Paolo Supino wrote: Does anyone know how I can contact Austin@ except emails? My CDs and book have yet to arrive (preorderd on the day orders were opened) and I'm not getting any feedback/reaction via email :-( I placed my order on 4/27 (4.1, another tshirt, some posters). I haven't received it, nor has my CC been charged. When I ordered 4.0 I got a shipping confirmation email really fast the next day, but not this time. I sent an email a few days ago but haven't heard back. I hope all is well. -- Kyle George
Re: new openbsd 4.0 server, panic on ufsdirhash
I subscribe to the digest, so I've copied the message and excluded the quoting characters (>) - Quote -- Received:from a.mx.surfutopia.net (a.mx.surfutopia.net [69.63.196.98]) by shear.ucar.edu (8.14.1/8.13.6) with ESMTP id l47HTpuJ013519 for ; Mon, 7 May 2007 11:29:52 -0600 (MDT) Received: by a.mx.surfutopia.net (Postfix, from userid 1000) id 5B2B9F23B; Mon, 7 May 2007 10:29:50 -0700 (PDT) Date: Mon, 7 May 2007 10:29:50 -0700 From: "John Mendenhall" <[EMAIL PROTECTED]> To: "Artur Grabowski" <[EMAIL PROTECTED]> CC: misc@openbsd.org Subject:Re: new openbsd 4.0 server, panic on ufsdirhash Message-ID: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To:<[EMAIL PROTECTED]> User-Agent: Mutt/1.5.6i X-Archive-Number: 200705/407 X-Sequence-Number: 49945 Artur, > Have you done forced fsck of the partitions? This sounds like a > problem with the data you have on disk. It would be even nicer if you > could update to a newer fsck because it has been updated to deal with > many new strange corner cases we've been seeing. Although, that might > or might not require a fully -current system, I'm not fully aware of > everything that has been going in fsck, but some of the ffs2 support > might have messed things up. > > We've seen one of those panics recently on an important OpenBSD > infrastructure machine and that led to a lot of fsck work (since > fsck didn't catch the particular problem). But on production > machines we deal with filesystem corruption by simply dumping the > filesystem and restoring it from scratch. You might want to try > that as well. We have done a forced fsck on the partition with the error. The problem is, there is no data other than the openbsd install. All I was trying to do was load the source from the openbsd cd into /usr/src. I don't need to restore since this is a new machine. I have not done anything to it. I'll just reinstall the entire thing. Unless someone wants me to try something else. Thanks! JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services --- /QUOTE John, I've heard, and seen, a lot of odd problems that can't be duplicated with the same error when there's either of the following true. 1) overclocked hardware 2) bad system memory I'm doubting your system memory, but I'm curious about your overclocking. I don't think I've followed very carefully what you've already tried, and wonder if the mindset has ever drifted away from Hard Drives and ATA controllers. Another thread suggested catting /dev/ad0s1 >/dev/null and seeing how many errors you get. If you get errors, it might point to what can't be read (and maybe can't be written then). You might have to use another tool, but you should get the jist of what I'm trying to suggest. Good luck. If opportunity doesn't knock, build a door. "I can" is a way of life. More and Bigger is not always Better. The road to success is always uphill. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
creating menu's
It's been years (just shy of a decade IIRC) since the last time I needed to create a menu-shell type of thing. But now I need to. I'm wondering what people are using these days. Is there something neat in ports I should be trying out? I need a fairly simple menu, and have thought about just simple selects but figured now would also be a good time to learn something new as well. It's nothing so complex that I need to go ncurses to do. Just a basic then then thing. --Bryan
Re: order
John Nietzsche wrote: I am facing the same scenario. ditty dit ditto here, even after i said to cancel the book order to get the CDs. when i try to download the install sets from the FTP sites i get booted off too. maybe if i donate more i'd be able to download the filesets that are on CDs i paid for more than a month ago? On 5/8/07, Paolo Supino <[EMAIL PROTECTED]> wrote: Hi Does anyone know how I can contact Austin@ except emails? My CDs and book have yet to arrive (preorderd on the day orders were opened) and I'm not getting any feedback/reaction via email :-( TIA Paolo
Re: Any Gotchas when installing on a box and running on another box?
On Tue, May 08, 2007 at 03:04:18PM -0400, Jean-Daniel Beaubien wrote: > Hi everyone, > > What do I have to take into account if I plan on doing a fresh install in > one box and then take the hard drive and put it in another box? > > I am aware of the networking configs that I will have to change. But apart > from that, can this cause any problem? Assuming that OpenBSD has no trouble booting on either box (which could be due to missing hardware support, BIOS issues, ...), and they are the same architecture, no. You'll obviously want to set the hostname properly, but otherwise - no, this will work just fine. Joachim -- PotD: x11/xco - display X11 color names and colors
Re: Any Gotchas when installing on a box and running on another box?
I've done this about release of 3.0. As long as you are using supported hardware in both machines you shouldn't have any problems. Don't configure X (if you plan on using it) until you're on the final hardware. That and NIC changes should take care of most if not all issues Bruce On 5/8/07, Jean-Daniel Beaubien <[EMAIL PROTECTED]> wrote: Hi everyone, What do I have to take into account if I plan on doing a fresh install in one box and then take the hard drive and put it in another box? I am aware of the networking configs that I will have to change. But apart from that, can this cause any problem? Thank you, -Jd
Re: order
I am facing the same scenario. On 5/8/07, Paolo Supino <[EMAIL PROTECTED]> wrote: Hi Does anyone know how I can contact Austin@ except emails? My CDs and book have yet to arrive (preorderd on the day orders were opened) and I'm not getting any feedback/reaction via email :-( TIA Paolo
Re: VNC server on OpenBSD (error allocating memory)
On 2007/05/08 13:13, [EMAIL PROTECTED] wrote: > I did the for 4.0 update that Stuart is referring to. Yes, I updated it to apply to what was -current at the time; it worked in February and still applies cleanly to an OPENBSD_4_1 ports checkout, I wouldn't expect any problems on 4.1 > http://spacehopper.org/openbsd/tightvnc-1.3.8-update.txt
Re: Softupdates question
mickey wrote: On Tue, May 08, 2007 at 07:06:06AM -0400, Nick Holland wrote: George C wrote: Softdeps don't do anything for you if you are mostly reading from disk, or if the partition is mounted read-only. It's about writing. of course they do. there are still atime updates for example that will be handled if not mount read-only. I find it more efficient to mount a special partition here as well with noatime on it to address that. It's it better? Mounting that partition read only would restrict the changes to the site no? /dev/wd1a /var/www/sites ffs rw,noatime,nodev,nosuid 1 2 Unless you can have two different mount point to the same partition? Never tried it and always assume it wouldn't be possible anyway. Like: /dev/wd1a /var/www/sites ffs rw,nodev,nosuid 1 2 /dev/wd1a /var/www/siteswrite ffs rw,nodev,nosuid 1 2 Can this be done and if so, any drawback to it? So, you configure httpd.conf to use the /var/www/sites, the logs portion of httpd to use /var/www/sites/logs mounted softdep and then /var/www/siteswrite for you to use to change the files on the sites? I don't know, does it really make sense?
Any Gotchas when installing on a box and running on another box?
Hi everyone, What do I have to take into account if I plan on doing a fresh install in one box and then take the hard drive and put it in another box? I am aware of the networking configs that I will have to change. But apart from that, can this cause any problem? Thank you, -Jd
Advertise one door at a time
FOCUS ENTERPRISE ,LLC FLYERS, ANY PRINTED OR SPECIALITY ITEM DISTRIBUTED. SOLO DELIVERY 602-487-5434 HTTP://WWW.FOCUSFLYERDELIVERY.COM
Re: Softupdates question
Nick Holland wrote: If your "busy website" and database is read-mostly, softdeps won't help. Even if you do mount a special partition for the logs only of httpd and mount it softdep? On a busy site the logs are growing pretty fast at times and can hold back some processing no?
Re: VNC server on OpenBSD (error allocating memory)
I did the for 4.0 update that Stuart is referring to. I'll try to update it for 4.1 when my CDs arrive. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stuart Henderson Sent: Tuesday, May 08, 2007 12:13 PM To: Daniel Bolgheroni Cc: misc@openbsd.org Subject: Re: VNC server on OpenBSD (error allocating memory) On 2007/05/08 10:35, Daniel Bolgheroni wrote: > I'm trying to run a VNC server (tightvnc-1.2.9) on a amd64 machine > running OpenBSD 4.1, without success. I tried 4.0 before, but the same problem occurs. It's based on a really old X which didn't support some machine architectures. http://spacehopper.org/openbsd/tightvnc-1.3.8-update.txt, which is updated from a diff posted on one of the OpenBSD mailing lists, fixes -server on amd64 (still broken on sparc64). -viewer works ok on both. I last touched it around around the time of 4.1 being tagged and it is likely to work there; on -current, it looks like tightvnc-server is broken with Xenocara installed (the lot needs chucking out anyway, Xf4vnc should be a better server and ssvnc is a better viewer)
Re: 4.0 locked up over the weekend
Initial results: complied bonnie++ from ports make is running in ports/x11/kde 2 video streams passsing through VPN tunnel at abou 32 fps total output from bonnie++: Version 1.03 --Sequential Output-- --Sequential Input- --Random- -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks-- MachineSize K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP roadrunner.for 300M 50379 46 49432 6 6322 1 25376 41 34974 4 130.7 0 --Sequential Create-- Random Create -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete-- files /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP 16 2542 5 + +++ 5113 8 2898 7 + +++ 5478 9 roadrunner.fortechsw.com,300M,50379,46,49432,6,6322,1,25376,41,34974,4,130.7,0,16,2542,5,+,+++,5113,8,2898,7,+,+++,5478,9 ran uptime after bonnie++ finished 11:21AM up 1 day, 2:15, 2 users, load averages: 4.08, 3.15, 2.55 Everything seems to be running smoothly Bruce On 5/8/07, Joachim Schipper <[EMAIL PROTECTED]> wrote: On Tue, May 08, 2007 at 09:05:44AM -0700, Bruce Bauer wrote: > Probably a good idea to put some load on the sytem anyway. > See how the VPN data transfer holds up. > Downloading ports.tar.gz now > Running make in ports/www/kde should keep it busy for a while > Not familiar with bonnie++, I'll check it out Bonnie++ just generates a lot of I/O. The 'ghetto' version involves running 'tar xzf srf.tar.gz; rm -rf src' in a loop. Let us know how it goes... Joachim -- TFMotD: tht, thtc (4) - Tehuti Networks 10Gb Ethernet device
Re: Chances of this hardware running OpenBSD?
On Tue, 8 May 2007 11:39:33 -0400 (EDT) Lars D. Noodin <[EMAIL PROTECTED]> wrote: > It's been an awfully long time since the last model. > > What's the expected timeline on the release date for the hardware? The press release states 'Winter 2007'. A reasonable time frame for this project, AFAICS. > It looks interesting. I'd be even more interested in a PPC-based > equivalent of the MacMini. http://openbsd.org/macppc.html > -Lars > > Lars Noodin ([EMAIL PROTECTED]) > Ensure access to your data now and in the future > http://opendocumentfellowship.org/about_us/contribute
order
Hi Does anyone know how I can contact Austin@ except emails? My CDs and book have yet to arrive (preorderd on the day orders were opened) and I'm not getting any feedback/reaction via email :-( TIA Paolo
Re: Chances of this hardware running OpenBSD?
On Tue, 8 May 2007, Lars D. NoodC)n wrote: > It's been an awfully long time since the last model. > > What's the expected timeline on the release date for the hardware? It > looks interesting. I'd be even more interested in a PPC-based equivalent > of the MacMini. Wow, I have EXACTLY such a beast, and OpenBSD already runs on it! -Otto
Re: Chances of this hardware running OpenBSD?
On 5/8/07, Timo Schoeler <[EMAIL PROTECTED]> wrote: However, as this really might become reality, how are chances to port OpenBSD to this machine? I'd like to be able to replace my x86/amd64 workstation at work by something non-SPARCy [I *like* SPARC] ;) i'll answer that when i have one sitting on my desk...
Re: Newbie Question
Can Pfstat make per source ip ( for local lan for example ) statistics? I heared nice things about SEC,i will take a looks a both. On 5/8/07, Joachim Schipper <[EMAIL PROTECTED]> wrote: > On Tue, May 08, 2007 at 10:45:36AM +0200, Alberich de megres wrote: > > Hello, > > > > I'm new on the openbsd world..i came from linux world :P And i got a > > question about logs > > > > In linux i used logwatch, i know that i can use it on openbsd. But is > there > > some other option in openbsd world? what about snort? what way you use > to > > analyze logs in rout firewall or workstations? > > For log analysis, which is different from analyzing bandwidth and > such, there are plenty of systems. I'd urge you to look at something > that reports anything unknown, though, at least if you're using a log > analyzer to point you at things that need fixing (as opposed to creating > statistics, auto-blacklisting in response to SSH bruteforce attempts, > and so on and so forth). > > Personally, I use SEC (sysutils/sec) for general log handling. It's > pretty powerful, not too hard to use, and can be made to work in > blacklist mode (search the web). I add pflogsumm (mail/pflogsumm) to > handle all Postfix logs, mostly because SEC isn't that good at > statistics (though you can get it to execute external programs...) > >Joachim > > -- > TFMotD: ldd (1) - list dynamic object dependencies
Re: Problems with vpn roadwarriors using the same public ip
carlopmart wrote: Heinrich Rebehn wrote: carlopmart wrote: Matthias Bertschy wrote: carlopmart wrote: Hi all, I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn connections for my roadwarriors clients. When two roadwarriors clients that use the same public ip, only one client can connect, the other no. Roadwarriors use the greenbow client. Somebody knows how can I fix this??? Many thanks. Hello, I have the same problem with racoon on Linux 2.6, when a second client connects to IPSEC thru NAT, the first one loses his connection. I don't know if it is related to IPSEC, or a bug in both isakmpd and racoon; but I haven't found a fix yet. Matthias Bertschy I think that I found a solution. I have put "Share-SADB = Define" on "General" config on isakmpd.conf, and seems that now works ... But, is this ok? somebody knows if using this option can produce a security hole?? I believe that share SAs between clients could not be a good solution Thanks. Where did you get this "Share-SADB = Define" from? I have not found it in the manpage --Heinrich Sorry I would like to say "Shared-SADB" ... Yes, i see it in src/sys/sbin/isakmpd/pf_key_v2.c, but where is it documented? What exactly does it do? I am asking because i have a similar problem: 2 peers behind a NAT firewall connecting to an outside IPSec Gateway, one sometimes throwing out the other one. --Heinrich
Re: wi pcmcia card configuration Problem (added the errors)
Greets
Maybe I didn't make it clear enough. After installing OpenBSD 4.0 and
trying to get the Z-COM WLAN PC Card, RP-MMCX to work I am unable to do
so with the following errors.
wi0: device timeout
wi1: device timeout
wi0: device timeout
wi1: wi_cmd failed with 5
wi0: wi_cmd failed with 5
Thanks
Any Help I can get would be great.
Bret wrote:
Bret wrote:
Greetings All.
I will start with my dmesg: See below--->
I have tried many ways to get the 300mw Z-COM WLAN PC Card, RP-MMCX,
802.11b Higher Power card to work with the system. I am trying to
setup the first Wlan (wi0) as an access point and the second (wi1) as
a bridge/link to a distant server that will also have the same setup
but on the second (wi1) card it will be channel 11.
Also below you will find the configuration files for wi0 and wi1. In
addition I will be using dchpd on each of the wi(0) cards but for
now am only using it on wi0. I am trying to get these to work before
turning to the second box,
*DMESG:*
OpenBSD 4.0 (GENERIC) #0: Sat Apr 28 21:23:45 PDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class)
2.80 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem = 1073246208 (1048092K)
avail mem = 971010048 (948252K)
using 4256 buffers containing 53764096 bytes (52504K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(c7) BIOS, date 12/17/03, BIOS32 rev. 0 @
0xfb0b0, SMBIOS rev. 2.2 @ 0xf0800 (37 entries)
bios0: TYAN Computer S2099
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/240 (13 entries)
pcibios0: PCI Exclusive IRQs: 5 9 10 11
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev
0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x8000! 0xd/0x1000
0xd1000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x11
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x11
pci1 at ppb0 bus 1
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x02: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x02: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x02: irq 5
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x02: irq 10
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x82
pci2 at ppb1 bus 2
vga1 at pci2 dev 1 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
cbb0 at pci2 dev 4 function 0 "ENE CB-1410 CardBus" rev 0x01: irq 11
fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VE" rev 0x82, i82562:
irq 11, address 00:e0:81:65:f2:bd
inphy0 at fxp0 phy 1: i82562EM 10/100 PHY, rev. 0
cbb1 at pci2 dev 9 function 0 "ENE CB-1410 CardBus" rev 0x01: irq 9
em0 at pci2 dev 10 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02:
irq 10, address 00:e0:81:65:f2:bc
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 4 device 0 cacheline 0x8, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: irq 11
iic0 at ichiic0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
Re: VNC server on OpenBSD (error allocating memory)
On 2007/05/08 10:35, Daniel Bolgheroni wrote: > I'm trying to run a VNC server (tightvnc-1.2.9) on a amd64 machine running > OpenBSD > 4.1, without success. I tried 4.0 before, but the same problem occurs. It's based on a really old X which didn't support some machine architectures. http://spacehopper.org/openbsd/tightvnc-1.3.8-update.txt, which is updated from a diff posted on one of the OpenBSD mailing lists, fixes -server on amd64 (still broken on sparc64). -viewer works ok on both. I last touched it around around the time of 4.1 being tagged and it is likely to work there; on -current, it looks like tightvnc-server is broken with Xenocara installed (the lot needs chucking out anyway, Xf4vnc should be a better server and ssvnc is a better viewer)
Re: MD5 sum different on http://ftp.kaist.ac.kr/pub/OpenBSD/4.1/i386/base41.tgz
2007/5/8, Alvin <[EMAIL PROTECTED]>: Can someone verify the different in MD5 checksum? No, I get the same files. Best Martin
Re: 4.0 locked up over the weekend
On Tue, May 08, 2007 at 09:05:44AM -0700, Bruce Bauer wrote: > Probably a good idea to put some load on the sytem anyway. > See how the VPN data transfer holds up. > Downloading ports.tar.gz now > Running make in ports/www/kde should keep it busy for a while > Not familiar with bonnie++, I'll check it out Bonnie++ just generates a lot of I/O. The 'ghetto' version involves running 'tar xzf srf.tar.gz; rm -rf src' in a loop. Let us know how it goes... Joachim -- TFMotD: tht, thtc (4) - Tehuti Networks 10Gb Ethernet device
Re: Prevent circumventing dansguardian with pf
Any working TCP/IP connection can transmit covert data by encoding the data in the sequence numbers. Let's not forget to block/allow new protocols such as described in RFC 1149 On 5/7/07, Open Phugu <[EMAIL PROTECTED]> wrote: On 5/7/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > >From: Sebastian Benoit <[EMAIL PROTECTED]> > > > >If you want deny users the possiblility to smuggle data outside of > their > >workplace (or whatever) then don't connect them to the internet. > > No, no, no. You must go one step beyond this if you want to > prevent employees from smuggling data. To do this properly, copy > machines should be remove! Pen, pencils and papers removed! > Employees should be searched for thumb drives, zip drive, floppy > drives, tape recorders, papers, cd's, dvd's, and burners. It's > better to strip search them just to be sure. As a matter of fact, > because humans are so innovative, all materials should be removed > from the office because I'm sure someone will come up with some way > to write something down. Oh, don't forget to remove phones, faxes > and cell phones, and cameras. You should only hire people who > don't know how to read or write to reduce the work load of > preventing others from smuggling data. It's probably best that > they don't know how to receive or transmit any form of > language/communication either. Also, make the whole building a large faraday cage to prevent them from using radio communication. And have automatic direction-finding recievers to triangulate the location of (l)users who attempt to use radio. In fact, there is a much cheaper method: don't hire humans. _Every_ compromise of security or instance of data exfiltration has been traced back to a human action. If you don't have humans, you don't have problems.
VNC server on OpenBSD (error allocating memory)
Hi, I'm trying to run a VNC server (tightvnc-1.2.9) on a amd64 machine running OpenBSD 4.1, without success. I tried 4.0 before, but the same problem occurs. The server runs fine, and when a client connects, it asks for a password, as usual. But after the password is entered on the client side, server quits with a message: "Error allocating memory for desktop name, 2139029504 bytes." A lot of memory, uh? I don't think it's something related to tightvnc specifically, because it just works on OpenBSD 4.1 running on a i386 box. I saw other posts referring to this problem with the same amount of bytes. Thank you.
Redirected packet from pf is lost
Hi all,
I've got a Dell SC1435, running OpenBSD 4.0, with two Ethernet interfaces
(bge0 and bge1) working as a gateway and firewall for our internal network.
bge0 is the external connection (with a class B IPv4 address), and bge1 is
the internal connection (private IP network, class C). They are both part of
a bridge, bridge0:
# cat /etc/bridgename.bridge0
add bge0
add bge1
blocknonip bge0
blocknonip bge1
up
#
Our pf-config has worked fine for normal Internet access, so internal
computers can access external hosts fine (through NAT).
However, now we need to redirect packets from an external host
("external.sip.proxy.example" below, using a normal class B IPv4 address) to
one of our internal hosts ("internal.sip.proxy.test" below, which is part of
the same private network as bge1 on our gateway). This is the first rdr rule
below. I've also used "rdr pass" instead of the explicit pass as shown
below, obviously with no success.
The pf-config looks like this (rules related to IPSec, SSH-access are
removed):
ext_if="bge0" # External interface
int_if="bge1" # Internal interface
set block-policy return
set loginterface $ext_if
set skip on { lo enc0 }
scrub in
rdr on $ext_if proto udp from external.sip.proxy.example port sip to any
port 6060 \
tag VoIP -> internal.sip.proxy.test port 6060
nat on $ext_if from !($ext_if) to any -> ($ext_if)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
block in log all
pass out keep state
anchor "ftp-proxy/*"
antispoof quick for { lo enc0 $int_if }
# Does NOT work (see tag on rdr-rule above)
pass in log tagged VoIP
# Does work, according to pflog. Tag is nowhere to be seen, though.
pass in log on {$ext_if $int_if} proto udp from external.sip.proxy.example
port sip to internal.sip.proxy.test port 6060 tag VoIP2 keep state
pass quick on { $int_if, enc0 }
# -- end pf.conf --
As you can see above, I'm logging blocked packets and also the relevant
packets passed in. I've found these two packets in pflog0 related to this.
The first one is a SIP request sent out from internal.sip.proxy.test to
external.sip.proxy.example:
Frame 205258 (1458 bytes on wire, 1458 bytes captured)
Arrival Time: May 8, 2007 16:58:45.715379000
[Time delta from previous packet: 679.119839000 seconds]
[Time since reference or first frame: 8590.343581000 seconds]
Frame Number: 205258
Packet Length: 1458 bytes
Capture Length: 1458 bytes
[Frame is marked: True]
[Protocols in frame: pflog:ip:udp:sip:sdp]
PF Log IPv4 passed on bge1 by rule 46
Header Length: 61
Address Family: IPv4 (2)
Action: passed (0)
Reason: match (0)
Interface: bge1
Ruleset:
Rule Number: 46
Sub Rule Number: -1
Direction: Unknown (255)
Internet Protocol, Src: internal.sip.proxy.test (192.168.1.7), Dst:
external.sip.proxy.example (external.sip.proxy.example)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
..0. = ECN-Capable Transport (ECT): 0
...0 = ECN-CE: 0
Total Length: 1394
Identification: 0x (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x622c [correct]
[Good: True]
[Bad : False]
Source: internal.sip.proxy.test (192.168.1.7)
Destination: external.sip.proxy.example (external.sip.proxy.example)
User Datagram Protocol, Src Port: 6060 (6060), Dst Port: 5060 (5060)
Source port: 6060 (6060)
Destination port: 5060 (5060)
Length: 1374
Checksum: 0x1eac [correct]
Session Initiation Protocol
Request-Line: INVITE sip:[EMAIL PROTECTED] SIP/2.0
Method: INVITE
[Resent Packet: False]
[Snipped away rest of the SIP-content!]
The external.sip.proxy.example sends the following response back
Frame 205259 (805 bytes on wire, 805 bytes captured)
Arrival Time: May 8, 2007 16:58:45.716547000
[Time delta from previous packet: 0.001168000 seconds]
[Time since reference or first frame: 8590.344749000 seconds]
Frame Number: 205259
Packet Length: 805 bytes
Capture Length: 805 bytes
[Frame is marked: True]
[Protocols in frame: pflog:ip:udp:sip]
PF Log IPv4 passed on bge0 by rule 14
Header Length: 61
Address Family: IPv4 (2)
Action: passed (0)
Reason: match (0)
Interface: bge0
Ruleset:
Rule Number: 14
Sub Rule Number: -1
Direction: Unknown (255)
Internet Protocol, Src: external.sip.proxy.example
(external.sip.proxy.example), Dst: internal.sip.proxy.test (192.168.1.7)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unkn
Re: 4.0 locked up over the weekend
Hmmm... Probably a good idea to put some load on the sytem anyway. See how the VPN data transfer holds up. Downloading ports.tar.gz now Running make in ports/www/kde should keep it busy for a while Not familiar with bonnie++, I'll check it out Thanks, Bruce On 5/7/07, Joachim Schipper <[EMAIL PROTECTED]> wrote: On Mon, May 07, 2007 at 12:42:55PM -0700, Bruce Bauer wrote: > On 5/7/07, Jack J. Woehr <[EMAIL PROTECTED]> wrote: > >On May 7, 2007, at 12:20 PM, Bruce Bauer wrote: > > >This system has been running flawlessly since mid-March with GENERIC > > >plus the 010 patch. dmesg below > > >This morning I found it totally unresponsive both through network and > > >at the console. Had to use the power switch to recover. > > > > > >Where do I start trying to track this down? > > > >Open the box and check your power supply and blow it out with air if it's > >full of dust. > >Number one cause of mysterious lockups in my personal experience. Next, run > >a memory > >test. > > > >Only then start trying to debug software, e.g., OpenBSD. > > Thanks for the response. > > OK, maybe a little less basic than that. The system is sitting in a > restricted access server room. Not a clean room, but very little > dust. Nice and cool.. The system still looks brand new, inside and > out. > > The purpose of this system is to receive streaming video data over the > VPN from IP webcams. It doesn't do anything with the data except pass > it on to a DVR system over the local network. Plans are to add > another network card so the VPN and the local network will be on > separate channels. But, for now, it all goes through one card. > > It has worked in this configuration for over a month with video from 2 > cameras coming in. > > Oops! Message from Joachim Schipper just came in: > > There were no console messages > The authlog does show that someone is trying to brute force an ssh > login. I think I'll turn off sshd for now... Nah, script kiddies trying to bruteforce SSH logins are so common that I just tuned them out of the log parser altogether. Just use public keys, or good passwords. That said, Jack might be right to suspect some random hardware failure. If this is the case, how about some proper stress testing (compiling the whole system is fairly good in exercising CPU and memory, something like bonnie++ might help you to test the disk?). If that doesn't work, the software might be problematic... Joachim -- TFMotD: piconv (1) - iconv(1), reinvented in perl
Re: Chances of this hardware running OpenBSD?
On Tue, 8 May 2007 17:59:13 +0200 "Johan M:son Lindman" <[EMAIL PROTECTED]> wrote: > On Tuesday 08 May 2007, you wrote: > > Hi list, > > > > during the last days news popped up [0] verifying that the new > > 'Power System' (aka Amiga) will be based on PA Semi's very nice > > PowerPC chip. > > > > I was disappointed quite often by vaporware in the Amiga universe, > > especially during the hard, long time of agony of this system. > > > > However, as this really might become reality, how are chances to > > port OpenBSD to this machine? I'd like to be able to replace my > > x86/amd64 workstation at work by something non-SPARCy [I *like* > > SPARC] ;) > > > > [0] -- http://www.amiga.org/modules/news/article.php?storyid=7310 > > > > -- > > I think sex is better than logic, but I can't prove it. > > Timo, > > Please check the URL you provided yourself. I never do such things ;) > It is the same scam and con artists behind this scheme as in the > other cases of amiga vapoware that we've seen over the course of the > last ten years or so. > > So please, don't start foaming at the mouth before you actually hold > one of these units in your hand. IMHO this attitude destroys (not only) their business model; of course one need pre-orders before they really start to create PCBs et al. out of nothing. > The Pegasos story ought to have taught us all a very valuable lesson > about the fraudsters that have been (and I believe still are) dealing > with what is left of Amiga. So did Phase 5. > Regards > Johan M:son "If you don't have a dream .. Then you'll never have a dream come true" (South Pacific) ;)
Re: Chances of this hardware running OpenBSD?
On Tuesday 08 May 2007, you wrote: > Hi list, > > during the last days news popped up [0] verifying that the new 'Power > System' (aka Amiga) will be based on PA Semi's very nice PowerPC chip. > > I was disappointed quite often by vaporware in the Amiga universe, > especially during the hard, long time of agony of this system. > > However, as this really might become reality, how are chances to port > OpenBSD to this machine? I'd like to be able to replace my x86/amd64 > workstation at work by something non-SPARCy [I *like* SPARC] ;) > > [0] -- http://www.amiga.org/modules/news/article.php?storyid=7310 > > -- > I think sex is better than logic, but I can't prove it. Timo, Please check the URL you provided yourself. It is the same scam and con artists behind this scheme as in the other cases of amiga vapoware that we've seen over the course of the last ten years or so. So please, don't start foaming at the mouth before you actually hold one of these units in your hand. The Pegasos story ought to have taught us all a very valuable lesson about the fraudsters that have been (and I believe still are) dealing with what is left of Amiga. Regards Johan M:son
Re: Chances of this hardware running OpenBSD?
It's been an awfully long time since the last model. What's the expected timeline on the release date for the hardware? It looks interesting. I'd be even more interested in a PPC-based equivalent of the MacMini. -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
Re: Newbie Question
On Tue, May 08, 2007 at 10:45:36AM +0200, Alberich de megres wrote: > Hello, > > I'm new on the openbsd world..i came from linux world :P And i got a > question about logs > > In linux i used logwatch, i know that i can use it on openbsd. But is there > some other option in openbsd world? what about snort? what way you use to > analyze logs in rout firewall or workstations? For log analysis, which is different from analyzing bandwidth and such, there are plenty of systems. I'd urge you to look at something that reports anything unknown, though, at least if you're using a log analyzer to point you at things that need fixing (as opposed to creating statistics, auto-blacklisting in response to SSH bruteforce attempts, and so on and so forth). Personally, I use SEC (sysutils/sec) for general log handling. It's pretty powerful, not too hard to use, and can be made to work in blacklist mode (search the web). I add pflogsumm (mail/pflogsumm) to handle all Postfix logs, mostly because SEC isn't that good at statistics (though you can get it to execute external programs...) Joachim -- TFMotD: ldd (1) - list dynamic object dependencies
Chances of this hardware running OpenBSD?
Hi list, during the last days news popped up [0] verifying that the new 'Power System' (aka Amiga) will be based on PA Semi's very nice PowerPC chip. I was disappointed quite often by vaporware in the Amiga universe, especially during the hard, long time of agony of this system. However, as this really might become reality, how are chances to port OpenBSD to this machine? I'd like to be able to replace my x86/amd64 workstation at work by something non-SPARCy [I *like* SPARC] ;) [0] -- http://www.amiga.org/modules/news/article.php?storyid=7310 -- I think sex is better than logic, but I can't prove it.
Re: Newbie Question
There are definetly a lot of options for log analysis. Personally I like OSSEC which is a HIDS with log analysis in it. It isn't in the ports tree but you can find it at http://www.ossec.net/ For bandwidth stats check out pfstat which is in the ports tree. Tim On Tue May 8 2007 6:53:11 am Alberich de megres wrote: > Hi, > > Yes i have explored ports tree. But maybe i ask the wrong way, what i want > to know is what system you use to analyze logs ( pf, sshd ) and if you use > to control/monitor bandwidth stadistics ( net flow ). > > Thanks. > > On 5/8/07, Edd Barrett <[EMAIL PROTECTED]> wrote: > > Hi, > > > > On 5/8/07, Alberich de megres <[EMAIL PROTECTED]> wrote: > > sed logwatch, i know that i can use it on openbsd. But is there > > > > > some other option in openbsd world? what about snort? what way you use > > > > to > > > > > analyze logs in rout firewall or workstations? > > > > Do you have the ports tree installed? If you do try: > > > > cd /usr/ports > > make search key=log | more > > make search key=analyzer | more > > > > Try different case aswell. > > > > -- > > Best Regards > > > > Edd > > > > --- > > http://students.dec.bournemouth.ac.uk/ebarrett/ -- Tim Kuhlman Network Administrator ColoradoVnet.com
Re: Preventing man-in-the-middle attack on authpf?
Stuart Henderson wrote: On 5/7/07, Darren Spruell <[EMAIL PROTECTED]> wrote: On 5/7/07, Matthew R. Dempsky <[EMAIL PROTECTED]> wrote: An attacker sets up a system with two wireless NICs: one associated to my network and another configured as an access point pretending to be an access point for my network. He runs a DHCP server on the AP interface and NATs traffic to my network. (I can imagine a sufficiently clever bridge setup that would be even harder to detect, but I don't know for certain if it could work.) It is no MITM on the *SSH* connection. Just that while the user is correctly authenticated to authpf, other connections coming from the same IP address also have access to resources. "Configuration issues are tricky. The authenticating ssh(1) connection may be secured, but if the network is not secured the user may expose in- secure protocols to attackers on the same network, or enable other at- tackers on the network to pretend to be the user by spoofing their IP ad- dress." It doesn't just happen with "attackers" but also anyone who happens to be NATted to the same address. It could warrant a mention in authpf(8) but then, where do you stop... NAT? Multiuser UNIX systems? Infected windows boxes running proxies? I'll give it a try for an additional paragraph... "Access is granted to the IP address the user is connecting from, but (e.g. as is the case where NAT or proxy servers are present, legitimate or otherwise) it can not be guaranteed that other users cannot originate a connection with that same IP address and so gain access to resources protected by authpf(8)." Well, it's a start, but... yeuch. this reinforces what we already know to be true: if you're serious about security over wifi you should be using ipsec to guarantee authenticity and confidentiality. it would be nice to have some of this framework in authpf but it seems redundant considering that it's already available. ease of use is always an issue... cheers, jake
Re: Preventing man-in-the-middle attack on authpf?
> > On 5/7/07, Darren Spruell <[EMAIL PROTECTED]> wrote: > > > On 5/7/07, Matthew R. Dempsky <[EMAIL PROTECTED]> wrote: > > > > An attacker sets up a system with two wireless NICs: one associated to > > > > my network and another configured as an access point pretending to be > > > > an access point for my network. He runs a DHCP server on the AP > > > > interface and NATs traffic to my network. (I can imagine a > > > > sufficiently clever bridge setup that would be even harder to detect, > > > > but I don't know for certain if it could work.) > On 5/7/07, Ted Unangst <[EMAIL PROTECTED]> wrote: > > 2. that's not the problem described. how does ssh know that its > > connection is being NATed? On 2007/05/08 06:20, Darren Spruell wrote: > Does it matter if its connection is NATed if SSH can guarantee > end-to-end confidentiality and endpoint authentication? I don't > understand how an intermediary NAT router serves as a MITM assuming > server identity is verified. It is no MITM on the *SSH* connection. Just that while the user is correctly authenticated to authpf, other connections coming from the same IP address also have access to resources. "Configuration issues are tricky. The authenticating ssh(1) connection may be secured, but if the network is not secured the user may expose in- secure protocols to attackers on the same network, or enable other at- tackers on the network to pretend to be the user by spoofing their IP ad- dress." It doesn't just happen with "attackers" but also anyone who happens to be NATted to the same address. It could warrant a mention in authpf(8) but then, where do you stop... NAT? Multiuser UNIX systems? Infected windows boxes running proxies? I'll give it a try for an additional paragraph... "Access is granted to the IP address the user is connecting from, but (e.g. as is the case where NAT or proxy servers are present, legitimate or otherwise) it can not be guaranteed that other users cannot originate a connection with that same IP address and so gain access to resources protected by authpf(8)." Well, it's a start, but... yeuch.
Re: Thecus N2100 and RAID 1
Raidframe is really easy to use. The man pages for raidctl(8) will give you step-by-step instructions. In a nutshell, though: 1) enable raidframe in your kernel (search for RAIDframe in GENERIC to get find the line), 2) create the raidn.conf (where n is a number for the array) following the man page -- see the examples section, 3) create the raid -- again, see the examples section in the man page, 4) copy the raidn.conf file to /etc if you want auto configuration during reboots (this part didn't leap out at me from the manpage), 5) enjoy. Bryan Vyhmeister wrote: > On May 8, 2007, at 2:54 AM, Joachim Schipper wrote: > >> On Mon, May 07, 2007 at 08:39:50PM -0700, Bryan Vyhmeister wrote: >>> So you are saying that ccd(4) has reliability problems? I actually >>> meant to ask what type of physical memory does the box take. Thanks >>> for your response. >> >> No no, ccd(4) works as designed. And for concatenated disks, it does >> exactly what you would expect that to be. For mirrored disks, though, >> you'd like it to have better support for rebuilding after failures. > > I understand. I am really only interested in mirroring so I guess I > should just probably use raidframe and see how it goes. > > Bryan
Re: Preventing man-in-the-middle attack on authpf?
On Tue, May 08, 2007 at 06:20:12AM -0700, Darren Spruell wrote: | >2. that's not the problem described. how does ssh know that its | >connection is being NATed? | | Does it matter if its connection is NATed if SSH can guarantee | end-to-end confidentiality and endpoint authentication? I don't | understand how an intermediary NAT router serves as a MITM assuming | server identity is verified. You can then, being the NATting router, send out traffic through the pf firewall abusing the authentication from the authpf user you NATted. In fact, you only need 1 person to 'authpf' and then have the rest of the world use your access point to use the priviliges of the authpf'ed users when going through the firewall. You're not MITM'ing the SSH session but the "authpf session". Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: malo driver
On 5/8/07, Jonathan Gray <[EMAIL PROTECTED]> wrote: On Mon, May 07, 2007 at 10:27:15PM -0500, Default User wrote: > On Sun, 2007-05-06 at 11:14 +0200, Henning Brauer wrote: > > * Default User <[EMAIL PROTECTED]> [2007-05-05 05:03]: > > > cbb0 at pci1 dev 4 function 0 "ENE CB-1410 CardBus" rev > > > 0x01pci_intr_map: no mapping for pin A > > > : couldn't map interrupt > > > > there's your problem, your cardbus slot is not working > > > > Ouch! Bad news. > > Well, I guess that explains it. It never occurred to me that there > would be a problem with the computer itself. Anyway, Thanks for the > info. Well it is likely just broken interrupt mapping. At the boot prompt try boot -c enable acpi quit and see if that helps. You might also want to try reviewing your BIOS settings and switching between having the IRQs set by the BIOS or the OS. Also, you might be able to force those PC Card slots into 32-bit (CardBus) or 16-bit modes. FWIW, when I enabled ACPI on one of my laptops, it just kept rebooting itself shortly after boot started.
Re: Problems with vpn roadwarriors using the same public ip
Heinrich Rebehn wrote:
carlopmart wrote:
Matthias Bertschy wrote:
carlopmart wrote:
Hi all,
I have a very strange problem. I am using an OpenBSD 4.1 with
isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn
connections for my roadwarriors clients.
When two roadwarriors clients that use the same public ip, only one
client can connect, the other no. Roadwarriors use the greenbow client.
Somebody knows how can I fix this???
Many thanks.
Hello,
I have the same problem with racoon on Linux 2.6, when a second
client connects to IPSEC thru NAT, the first one loses his connection.
I don't know if it is related to IPSEC, or a bug in both isakmpd and
racoon; but I haven't found a fix yet.
Matthias Bertschy
I think that I found a solution. I have put "Share-SADB = Define" on
"General" config on isakmpd.conf, and seems that now works ... But, is
this ok? somebody knows if using this option can produce a security
hole?? I believe that share SAs between clients could not be a good
solution
Thanks.
Where did you get this "Share-SADB = Define" from? I have not found it
in the manpage
--Heinrich
Sorry I would like to say "Shared-SADB" ...
--
CL Martinez
carlopmart {at} gmail {d0t} com
Re: Preventing man-in-the-middle attack on authpf?
On 5/7/07, Ted Unangst <[EMAIL PROTECTED]> wrote: On 5/7/07, Darren Spruell <[EMAIL PROTECTED]> wrote: > On 5/7/07, Matthew R. Dempsky <[EMAIL PROTECTED]> wrote: > > An attacker sets up a system with two wireless NICs: one associated to > > my network and another configured as an access point pretending to be > > an access point for my network. He runs a DHCP server on the AP > > interface and NATs traffic to my network. (I can imagine a > > sufficiently clever bridge setup that would be even harder to detect, > > but I don't know for certain if it could work.) > > SSH makes provisions for detection/prevention of MITM attacks by > cryptographically verifying host identities. Assuming you use SSHv2 > and the client verifies the fingerprint of the server's public key is > accurate, identity of the destination system can be assured. 1. where do you get the fingerprint for the first connection? From the sysadmin? Help desk? System setup log in hard copy? People *do* usually pay attention to that kind of thing, right? 2. that's not the problem described. how does ssh know that its connection is being NATed? Does it matter if its connection is NATed if SSH can guarantee end-to-end confidentiality and endpoint authentication? I don't understand how an intermediary NAT router serves as a MITM assuming server identity is verified. DS
Re: OpenBSD 4.1 Torrents
On Tue, 8 May 2007 07:28:32 -0500 Marco Peereboom <[EMAIL PROTECTED]> wrote: > Why do you ask this every release? > > Why wasn't the answer last time good enough for you? You missed the point. I didn`t asked but mentioned gzsig as alternativ to MD5-Hashes and other things wich are mentioned in the thread. Kind regards, Sebastian
Re: Newbie Question
Hi, Yes i have explored ports tree. But maybe i ask the wrong way, what i want to know is what system you use to analyze logs ( pf, sshd ) and if you use to control/monitor bandwidth stadistics ( net flow ). Thanks. On 5/8/07, Edd Barrett <[EMAIL PROTECTED]> wrote: > > Hi, > > On 5/8/07, Alberich de megres <[EMAIL PROTECTED]> wrote: > sed logwatch, i know that i can use it on openbsd. But is there > > some other option in openbsd world? what about snort? what way you use > to > > analyze logs in rout firewall or workstations? > > Do you have the ports tree installed? If you do try: > > cd /usr/ports > make search key=log | more > make search key=analyzer | more > > Try different case aswell. > > -- > Best Regards > > Edd > > --- > http://students.dec.bournemouth.ac.uk/ebarrett/
Re: OpenBSD 4.1 Torrents
Why do you ask this every release? Why wasn't the answer last time good enough for you? On Tue, May 08, 2007 at 02:35:37AM +0200, Sebastian Rother wrote: > Guys if you realy "care" about security why does nobody asks about > using gzsig. > Even useable for the packages... > > Kind regards, > Sebastian
Re: acpi vaio lcd brightness driver
Yeah that is what I am thinking too. Giovanni do you think you think you could hack that up? On Mon, May 07, 2007 at 11:11:10AM -0700, Ted Unangst wrote: > On 5/7/07, Marco Peereboom <[EMAIL PROTECTED]> wrote: > >Cool. What I am not sure about is if we want to have a bunch of little > >vendor drivers or a big driver that does all the vendor stuff. I need > >to think this through. Any comments? > > this could all be taken care of by button, no? even if they are not > buttons? there's not much advantage to adding 99 differenent devices > for every laptop made. > > original file needs a license too, btw.
Re: OT: GUI programming languages
> On Mon, May 07, 2007 at 11:34:55AM -0500, Jacob Yocom-Piatt wrote: ... >> the applications in question are "click here, prints something in a text >> box, etc" ones that are not very complex. a language that allows me to >> generate GUIs quickly and securely would be nice. Python and ruby are getting a lot of positive attention these days, so you might look in that direction. Java is now open source and has been used for a while in teaching, so that's an option, too. However, it's not so much the language as the tools (modules, libraries, etc) available. For those, I'd suggest looking at Qt http://www.trolltech.com/products/qt It's available under a dual license. It's available for C++. If you look around, you can also find APIs for python, perl, java and maybe even ruby. Two other options in about the same category as Qt are GTK+ and wxWidgets: GTK+ http://www.gtk.org/ wxWidgets http://wxwidgets.org/ -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
Re: OT: GUI programming languages
On Mon, May 07, 2007 at 11:34:55AM -0500, Jacob Yocom-Piatt wrote: > have been coding touchscreen-driven applications using visual basic > lately and am sick of VB. i would much rather be using openbsd with > another programming language that allows me to accomplish the same sort > of stuff. > > i have no "formal" CS background so am at a loss for good candidates. > the applications in question are "click here, prints something in a text > box, etc" ones that are not very complex. a language that allows me to > generate GUIs quickly and securely would be nice. I would recommend taking a look at tcl/tk. Both are in the ports/packages collection. I'm not familiar with VB (thank goodness), but if it's consistant with everything else that shop rolls out, even the most simple "Hello World" is gonna generate something bloated. Tcl/Tk will require some (very) basic scripting skills. A
Re: Softupdates question
On Tue, May 08, 2007 at 07:06:06AM -0400, Nick Holland wrote: > George C wrote: > > I've just stumbled across the SoftUpdates section in the FAQ, and was rather > > surprised that I had never seen/heard of this feature before. Before > > I mount any > > partition using softdep, I thought I'd google, browse the archives, etc. > > for any > > information about when/where they should be used. > > > > Although I've found a plethora of information about soft updates, much of > > it is > > either contradictory or incomplete I thought I'd ask here for > > clarification. > > > > Is it always best to mount /, /tmp, /usr, /var, /home with softdep? > > Under what curcumstances would it not be appropriate? > > If your app makes assumptions about write ordering, softdeps can negate > the care the app author took. For example, some mail programs don't ack > the receipt of a message until it has been safely written to disk, the > idea being that if the power goes out or the machine crashes, if the > message has been acknowledged, IT HAS BEEN RECEIVED and will be there > when the machine comes back up. Softdeps promises that what is on your > disk is coherent, but "coherent" usually means the last few files written > to disk may be just removed when the system comes back up. Not desired > in this case. this is not true. fsync() works as specified. > Softdeps don't do anything for you if you are mostly reading from disk, > or if the partition is mounted read-only. It's about writing. of course they do. there are still atime updates for example that will be handled if not mount read-only. > Softdeps is much more complex than conventional disk access. While I > have not personally seen a softdep-related bug in some time, and that > one was quickly fixed, you HAVE to assume it is more likely to have > bugs than the non-softdep systems. this is also not exactly true -- there are softdep bugs fixed at the rate of ten per year if not more. most of them are bugs that been there forever. cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: OT: GUI programming languages
Marc Balmer wrote: > > I recommend to use python and wxPython. Both are in ports and you find > more information at www.python.org and www.wxpython.org. > > thanks for all the suggestions, both on and off list. will read up on tcl/tk, python and wxpython since those are in the intersection of what has been suggested by a number of people. cheers, jake
Re: Softupdates question
George C wrote: > I've just stumbled across the SoftUpdates section in the FAQ, and was rather > surprised that I had never seen/heard of this feature before. Before > I mount any > partition using softdep, I thought I'd google, browse the archives, etc. for > any > information about when/where they should be used. > > Although I've found a plethora of information about soft updates, much of it > is > either contradictory or incomplete I thought I'd ask here for > clarification. > > Is it always best to mount /, /tmp, /usr, /var, /home with softdep? > Under what curcumstances would it not be appropriate? Softdep uses more RAM, so if you are "on the edge", you might not want it. If you usually run your disks near full capacity, you might have funny results: Assume 100M space free on your disk now. write 90M to the disk delete 90M of other files immediately write 90M more to the disk this 'should' work...but if done quickly with softdeps, it may not, as the deletion may not yet have taken place, and your app may run out of disk space, die with an error message indicating such, but when you look a minute later, there's plenty of space. If your app makes assumptions about write ordering, softdeps can negate the care the app author took. For example, some mail programs don't ack the receipt of a message until it has been safely written to disk, the idea being that if the power goes out or the machine crashes, if the message has been acknowledged, IT HAS BEEN RECEIVED and will be there when the machine comes back up. Softdeps promises that what is on your disk is coherent, but "coherent" usually means the last few files written to disk may be just removed when the system comes back up. Not desired in this case. Softdeps don't do anything for you if you are mostly reading from disk, or if the partition is mounted read-only. It's about writing. Softdeps rock if you are writing lots of tiny files. For example, unpack the ports tar file on a partition mounted with softdeps and without... or delete the ports tree with softdeps and without. We aren't talking 10% improvements here, we are talking about MANY TIMES the performance. Softdeps is much more complex than conventional disk access. While I have not personally seen a softdep-related bug in some time, and that one was quickly fixed, you HAVE to assume it is more likely to have bugs than the non-softdep systems. Don't get me wrong, for the vast majority of people, softdeps is Just Better, and has been seriously considered to be made the default, but it isn't quite a "universal answer". > I have a few machines running a busy website (mounted on /var/www) and two > fairly-busy databases (mysql mounted on /var/www and postgresql mounted on > /var/postgresql). > All these machines have a perc5 raid controller using mfi driver does that > make a difference? yes... IF the RAID card has a write cache, SOME of the advantage of softdeps may not exist. On the other hand, if it doesn't have the battery, your write performance is so horrible, you probably want softdeps badly. If your "busy website" and database is read-mostly, softdeps won't help. Nick.
Re: Newbie Question
Hi, On 5/8/07, Alberich de megres <[EMAIL PROTECTED]> wrote: sed logwatch, i know that i can use it on openbsd. But is there some other option in openbsd world? what about snort? what way you use to analyze logs in rout firewall or workstations? Do you have the ports tree installed? If you do try: cd /usr/ports make search key=log | more make search key=analyzer | more Try different case aswell. -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett/
Re: Thecus N2100 and RAID 1
On May 8, 2007, at 3:00 AM, Stuart Henderson wrote: On 2007/05/08 02:23, Bryan Vyhmeister wrote: On May 8, 2007, at 12:36 AM, Stuart Henderson wrote: http://onbeat.dk/thecus/index.php/N2100_Hardware Thanks. btw, I don't know about the warning from Thecus about timing that it talks about - I never had any trouble with the first DIMM I pulled from a PC (-: I saw that. The link you sent above shows that a particular Corsair module is compatible so I just ordered that module. We'll see when it arrives later this week. Bryan
Re: Thecus N2100 and RAID 1
On May 8, 2007, at 2:54 AM, Joachim Schipper wrote: On Mon, May 07, 2007 at 08:39:50PM -0700, Bryan Vyhmeister wrote: So you are saying that ccd(4) has reliability problems? I actually meant to ask what type of physical memory does the box take. Thanks for your response. No no, ccd(4) works as designed. And for concatenated disks, it does exactly what you would expect that to be. For mirrored disks, though, you'd like it to have better support for rebuilding after failures. I understand. I am really only interested in mirroring so I guess I should just probably use raidframe and see how it goes. Bryan
Re: Thecus N2100 and RAID 1
On Mon, May 07, 2007 at 08:39:50PM -0700, Bryan Vyhmeister wrote: > On May 7, 2007, at 4:11 PM, Joachim Schipper wrote: > > >On Mon, May 07, 2007 at 02:02:19PM -0700, Bryan Vyhmeister wrote: > >>On May 7, 2007, at 11:56 AM, Matthieu Herrb wrote: > >> > >>>I'm using a thecus 2100 with raidframe to do raid 1. A bit slow, but > >>>with 512MB RAM it's acceptable. > >> > >>Would ccd(4) be any faster? Also, what sort of RAM does it take? > >>Thanks for your response. > > > >ccd is likely to be slightly faster, but it *will* eat your data. Just > >stick with RAIDframe, or hardware RAID, or the upcoming softraid (like > >RAIDframe, but newer and shinier; I presume it'll be announced on > >undeadly.org one of these days). Worrying about ccd/RAIDframe memory > >usage really isn't necessary; both don't use memory on a scale that > >you > >will notice with that amount of memory in the box. > > So you are saying that ccd(4) has reliability problems? I actually > meant to ask what type of physical memory does the box take. Thanks > for your response. No no, ccd(4) works as designed. And for concatenated disks, it does exactly what you would expect that to be. For mirrored disks, though, you'd like it to have better support for rebuilding after failures. Joachim -- TFMotD: tset (1) - terminal initialization
OpenBSD 4.1 and IBM ServeRaid-5i
Hi all,
Trying to install OpenBSD 4.1 on an IBM xSeries 345 with an IBM
ServeRAID-5i controller, but no disks are found during installation.
The disks are set to raid 5 at the moment and seems to be working fine
according to the raid configuration tools provided by IBM.
http://www.openbsd.org/plus41.html says
"Initial import of ips(4), a driver for the IBM ServeRAID controllers."
..and ips(4) is saying:
The ips driver provides support for IBM ServeRAID controllers, including:
o ServeRAID 3H/3L
o ServeRAID 4H/4L/4Lx/4M/4Mx
o ServeRAID 5i/5i II
o ServeRAID 6i/6M
o ServeRAID 7k/7M/7t
Although the controllers are actual RAID controllers, the driver makes
them look just like SCSI controllers. All RAID configuration is done
through the controllers' BIOSes.
Any thoughts or comments on what to do?
Thanks,
Fredrik
Dmesg:
OpenBSD 4.1 (RAMDISK_CD) #248: Sat Mar 10 19:32:46 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel(R) XEON(TM) CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM
real mem = 536276992 (523708K)
avail mem = 483184640 (471860K)
using 4278 buffers containing 26939392 bytes (26308K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 06/09/05, BIOS32 rev. 0 @ 0xfd7a1,
SMBIOS rev. 2.3 @ 0xf630e (47 entries)
bios0: IBM eserver xSeries 345 -[867032X]-
pcibios0 at bios0: rev 2.1 @ 0xf/0x
pcibios0: PCI BIOS has 11 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 9 10 11 15
pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks CSB5" rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xc9800/0x3800
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ServerWorks CMIC-WS Host (GC-LE)" rev 0x13
pchb1 at pci0 dev 0 function 1 "ServerWorks CMIC-WS Host (GC-LE)" rev 0x00
pci1 at pchb1 bus 2
pchb2 at pci0 dev 0 function 2 "ServerWorks CMIC-LE" rev 0x00
pci2 at pchb2 bus 6
em0 at pci2 dev 8 function 0 "Intel PRO/1000MT (82546EB)" rev 0x01: irq
3, address 00:09:6b:71:e8:ea
em1 at pci2 dev 8 function 1 "Intel PRO/1000MT (82546EB)" rev 0x01: irq
5, address 00:09:6b:71:e8:eb
vga1 at pci0 dev 6 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
pchb3 at pci0 dev 15 function 0 "ServerWorks CSB5" rev 0x93
pci3 at pchb3 bus 1
pciide0 at pci0 dev 15 function 1 "ServerWorks CSB5 IDE" rev 0x93: DMA
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB" rev 0x05:
irq 11, version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
pcib0 at pci0 dev 15 function 3 "ServerWorks CSB5 LPC" rev 0x00
pchb4 at pci0 dev 16 function 0 "ServerWorks CIOB-X2 PCIX" rev 0x03
pchb5 at pci0 dev 16 function 2 "ServerWorks CIOB-X2 PCIX" rev 0x03
pci4 at pchb5 bus 4
pchb6 at pci0 dev 17 function 0 "ServerWorks CIOB-X2 PCIX" rev 0x03
pchb7 at pci0 dev 17 function 2 "ServerWorks CIOB-X2 PCIX" rev 0x03
pci5 at pchb7 bus 8
"IBM ServeRAID" rev 0x00 at pci5 dev 2 function 0 not configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ffc5 netmask ffed ttymask ffef
rd0: fixed, 3800 blocks
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
Re: Thecus N2100 and RAID 1
On May 8, 2007, at 12:36 AM, Stuart Henderson wrote: On 2007/05/07 20:39, Bryan Vyhmeister wrote: I actually meant to ask what type of physical memory does the box take. http://onbeat.dk/thecus/index.php/N2100_Hardware Thanks. Bryan
FFS panic on 4.0-release and fsck_ffs troubles (SATA drive on SiI3112)
On an older piece of hardware (PII-300) running 4.0-release running local storage at my parents', I experience FFS-related panics when writing files to the secondary HDD [wd1] (connected to a separate SATA controller [pciide1]). Since I lacked a console cable, I copied the trace and ps information by hand. I see the following panic: start = 0, len = 7547, fs = /storage panic: ffs_alloccg: map corrupted Stopped at Debugger+0x4: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb> trace Debugger(d0716864,1,daf72ae0,1d7b,0) at Debugger+0x4 panic(d06737d6,0,1d7b,d0bc48d4,40) at panic+0x63 ffs_freefile(d0bc4800,d74ea000,ebd0,8,0) at ffs_freefile+0x5b6 ffs1_blkpref(d3cdf4a8,d3de2f2c,0,4000,d3cdf4fc) at ffs1_blkpref+0x843 ffs1_blkpref(d3cdf4a8,17b,0,4000) at ffs1_blkpref+0x7e4 ffs1_blkpref(d3cdf4a8,13a,18c06c8,4000,d03fcba0,20,d3dbd500,0) at ffs1_blkpref+0x1ec ffs_alloc(d3cdf4a8,0,18c06c8,4000,d3dbd500,daf72ca4,d0b203c0,d3c79198) at ffs_alloc+0x116 ffs1_balloc(d3cdf4a8,0,0,4000,d3dbd500,0,daf72ddc,4000) at ffs1_balloc+0x4a4 ffs_write(daf72e08,d3ce0924,30042,d3c73448,d07173c0) at ffs_write+0x240 VOP_WRITE(d3ce0924,daf72e98,1,d3dbd500,d3ce0924,20002,d3c73448,2) at VOP_WRITE+0x34 vn_write(d3da09a0,d3da09bc,daf72e98,d3dbd500) at vn_write+0x89 dofilewrite(d3c73448,4,d3da09a0,86e3d000,4) at dofilewrite+0x71 sys_write(d3c73448,daf72f68,daf72f58,4,b0) at sys_write+0x47 syscall() at syscall+0x2ea --- syscall (number 4) --- 0x1c1ba69: ddb> ps PIDPPIDPGRP UID S FLAGS WAITCOMMAND *26380 17275 17275 070x6rsync 172757353 17275 03 0x408eselect rsync 735324867353 03 0x4086pause ksh 2486 204262486 10013 0x4086pause ksh 20246 10313 10313 10013 0x185select sshd 10313 14793 10313 03 0x4084netio sshd 2831 12831 030x40184select sendmail 10501 1 1 03 0x4084ttyopn getty 25497 1 25497 03 0x4086ttyin getty 16601 1 16601 03 0x4086ttyin getty 13493 1 13493 03 0x4086ttyin getty 1360 11360 03 0x4086ttyin getty 32381 1 32381 03 0x4086ttyin getty 30314 1 30314 03 0x84select cron 8100 18100 03 0x85select nmbd 30863 22543 22543 03 0x185pause smbd 22543 1 22543 03 0x185select smbd 14793 1 14793 03 0x84select sshd 7408 17408 03 0x184select inetd 20959 1 20959 713 0x184kqread ftp-proxy 7102 17102 773 0x184polldhcpd 28523 1 28523 03 0x84pollntpd 16441 1 16441 833 0x184pollntpd 972636793679 683 0x184select isakmpd 3679 13679 03 0x84netio isakmpd 148613171317 703 0x184select named 1317 11317 03 0x184netio named 17875 30083 30083 743 0x184bpf pflogd 30083 1 30083 03 0x84netio pflogd 8979 28885 28885 732 0x184syslogd 28885 1 28885 03 0x8cnetio syslogd 18547 1 18547 773 0x184polldhclient 3186 1 11906 03 0x86polldhclient 13 0 0 03 0x100204crypto_wa crypto 12 0 0 03 0x100204aiodonedaiodoned 11 0 0 03 0x100204syncer update 10 0 0 03 0x100204cleaner cleaner 9 0 0 03 0x100204reaper reaper 8 0 0 03 0x100204pgdaemon pagedaemon 7 0 0 03 0x100204pftmpfpurge 6 0 0 03 0x100204wait wskbd_hotkey 5 0 0 03 0x100204usbtsk usbtask 4 0 0 03
Newbie Question
Hello, I'm new on the openbsd world..i came from linux world :P And i got a question about logs In linux i used logwatch, i know that i can use it on openbsd. But is there some other option in openbsd world? what about snort? what way you use to analyze logs in rout firewall or workstations? Thanks!!
