Re: Network install over a PPPoE connection
asdf wrote: > Is it possible to install OpenBSD on a machine connected to a DSL modemusing > the > PPPoE network connection? I have an old PC I'd like to use as a router for my > new > DSL internet service and I am pretty sure that its CD-ROM drive is > non-functional. pppoe is not included in the installation kernels. You have a few choices, in order of preference: 1. set up your DSL modem as a router and complete the installation. Then you can configure pppoe and set the modem to bridge mode. 2. download installation sets to a different machine, setup a web or ftp server and install over the local network. 3. if you have a spare disk, on your PC, place the sets there, formatted as a FAT filesystem, then install from the disk.
Re: Network install over a PPPoE connection
asdf <[EMAIL PROTECTED]> writes: > Is it possible to install OpenBSD on a machine connected to a DSL > modem using the PPPoE network connection? As long as you can get a network interface correctly configured, you're OK for a network install. A few minutes with a search engine turns up info that should get you there, assuming you have the provider specific info to hand. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Network install over a PPPoE connection
Is it possible to install OpenBSD on a machine connected to a DSL modem using the PPPoE network connection? I have an old PC I'd like to use as a router for my new DSL internet service and I am pretty sure that its CD-ROM drive is non-functional. Thanks! Park yourself in front of a world of choices in alternative vehicles. Visit the Yahoo! Auto Green Center. http://autos.yahoo.com/green_center/
Re: apr proxy problem
On 9/5/07, Stanislav Ovcharenko <[EMAIL PROTECTED]> wrote: > I need to have ARP proxy running on my router/firewall loaded with OpenBSD > 4.0. > I'm seeing some behavior that is contradictory to what arp man page > says. > > arp -an | grep em1 says > (111.111.111.111) at 00:cc:00:cc:00:cc > on em1 > permanent static published > > and than ... > > cat > /var/log/messages | grep em1 > tells me that > Sep 5 14:11:11 XXXYYY /bsd: arp > info overwritten for > 111.111.111.111 by 00:aa:00:aa:00:aa on em1 > > which is > contrary to what arp > man page says about permanent attribute and what one would > expect. > > any info > why this is happening would be greatly appreciated, > thanks for looking. I had nothing but problems when trying to use arp proxy. I'd ditch it and try something else (if possible). What's the eventual goal? --Bryan
182 units for Sale in Tulsa
182 Units for Sale in Tulsa www.crrc.us/londonsquare.htm CRRC Tulsa Aaron Hargrove 1831 E. 71st Tulsa, OK 74163 (918) 557-5966 [EMAIL PROTECTED] To be removed send a blank email to [EMAIL PROTECTED] with UNSUBSCRIBE in the subject line [demime 1.01d removed an attachment of type image/gif which had a name of ls.jpg]
Re: How to use (compact) flash cards with OpenBSD
Don Jackson wrote: > I have gotten past all the problems I discussed in my original message > to this list. > > On the AMD/Tyan motherboard with the Addonics CF to SATA converter, > what I did was purchase a Lexar Professional UDMA 300X CF card. > This card is faster, and provides the UDMA interface that the > motherboard and the OS likes to use. > > I changed the cabling so that the flash card was the first disk (wd0 > to OpenBSD), > and I moved the SATA hard drive to wd1. > > For this first attempt, I put swap, /tmp, and /var onto partitions on wd1. > wd0 (the flash), has /, /usr, and /home good plan, but make sure your swap is being recognized. You will probably need an entry in /etc/fstab. From memory, swap on anything other than the 'b' partition of the boot device is not automatically recognized by the standard kernel. > I was able to cleanly install OpenBSD and boot into it. It appears to > work fine. > I do get an error from savecore that wants to use wd0b, and I'll have > to tweak that. Only if you want to save your cores. :) If you don't have use for core dumps or don't have the space on /var/crash for your entire core (in your case, 2G more than you otherwise need for /var), don't worry about this, it just won't be worth the trouble. You will forget to "fix" it again after the next upgrade, anyway. Most people will find it not worth the tweaking. Nick.
Re: Any new OpenBSD/landisk hardware?
On Thu, 6 Sep 2007, pedro la peu wrote: Depends what you expect. Makes a terrific media store for me with the one caveat that it can't sustain writes to NFS fast enough for DVB recording. Playback is fine. Audio (at high bit rates) presents no problems at all. probably not directly related to OpenBSD, but, what are you using to get DVB? terrestrial or satellite? Typically, I see roughly similar to: $ dd if=/dev/zero of=/nfs/sh/tv/testfile bs=1M count=100 100+0 records in 100+0 records out 104857600 bytes (105 MB) copied, 169.636 seconds, 618 kB/s $ dd if=/nfs/sh/tv/testfile of=/dev/null bs=1M 100+0 records in 100+0 records out 104857600 bytes (105 MB) copied, 41.8412 seconds, 2.5 MB/s diana
Re: Any new OpenBSD/landisk hardware?
Alexander Hall wrote: > Anyway, you don't happen to know any retailers that ship world-wide (or > at least Sweden-wide), with decent shipping costs? They were easy to find in Europe quite recently. Have you seen: http://www.plextor-europe.com/wheretobuy/all/dealers.asp?choice=Dealers&country=Sweden > While at the subject, are the Plextor's really as useless for serving > files as sometimes stated? Depends what you expect. Makes a terrific media store for me with the one caveat that it can't sustain writes to NFS fast enough for DVB recording. Playback is fine. Audio (at high bit rates) presents no problems at all. Typically, I see roughly similar to: $ dd if=/dev/zero of=/nfs/sh/tv/testfile bs=1M count=100 100+0 records in 100+0 records out 104857600 bytes (105 MB) copied, 169.636 seconds, 618 kB/s $ dd if=/nfs/sh/tv/testfile of=/dev/null bs=1M 100+0 records in 100+0 records out 104857600 bytes (105 MB) copied, 41.8412 seconds, 2.5 MB/s > The two drives I'm aiming to buy are supposed to form a geographically > separated, rsync'd, storage pair. Mainly for documents, i.e. no > streaming video or so. Samba and nfs comes to mind, but really not much > more. I'd estimate at most two simultaneous users but probably less. :-) NFS and rsync are fine but there's no samba, yet. > Is the bottleneck a slow processor, the hard drive, lousy I/O or > something else? Don't know, don't care. :-)
Re: Problems with chrooted Apache and PHP exec() function
Stuart Henderson skrev: On 2007/09/05 17:57, Johan L wrote: We are trying to get the PHP exec() function to work in a chrooted Apache environment (4.1-stable MP ACPI enabled, PHP 5.1.6). could be wrong, but iirc it needs /bin/sh Yep, copy /bin/sh to /var/www/bin made it all work. Now both PHP exec() and system() work as expected. Thanks Stuart and Otto!
apr proxy problem
I need to have ARP proxy running on my router/firewall loaded with OpenBSD 4.0. I'm seeing some behavior that is contradictory to what arp man page says. arp -an | grep em1 says (111.111.111.111) at 00:cc:00:cc:00:cc on em1 permanent static published and than ... cat /var/log/messages | grep em1 tells me that Sep 5 14:11:11 XXXYYY /bsd: arp info overwritten for 111.111.111.111 by 00:aa:00:aa:00:aa on em1 which is contrary to what arp man page says about permanent attribute and what one would expect. any info why this is happening would be greatly appreciated, thanks for looking. _ ___ Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
Re: spamd: bogus size db entry - bad db file?
On Wed, 5 Sep 2007, Alex Holst wrote: > If I wipe the db will spamd purge the spamd-white table? Yes. spamd will "replace" it with: pfctl -p /dev/pf -q -t spamd-white -T replace -f - Jeremy C. Reed
nis is not updating
Dear gentleman, i am facing a strange nis behavior after i update my domain database. After i change the input data for the domain by means of issueing make ypserv stills serves the older data set. Some debuging stuff: lion# ypcat netgroup (,dnscache,),(,dnslog,),(,tinydns,) (,alias,),(,qmaild,),(,qmaill,),(,qmailp,),(,qmailq,),(,qmailr,),(,qmails,) (,sioux,) lion# makedbm -u netgroup YP_LAST_MODIFIED 1189006343 YP_MASTER_NAME lion.my.domain djbdns (,dnscache,),(,dnslog,),(,tinydns,) qmail (,alias,),(,qmaild,),(,qmaill,),(,qmailp,),(,qmailq,),(,qmailr,),(,qmails,) sysop (,sioux,),(,grios,) lion# I am having a hard with all that. Thanks in advance for your time and cooperation. best regards.
Re: ifstated.conf for pppoe
Can E. Acar wrote:
anybody got an ifstated.conf they're willing to share for having
redundancy on their pppoe connection? example: your firewall that does
the pppoe goes down and you want another machine to restart the pppoe
session and route your network.
I dont have the configuration with me right now (and it is probably gone
since the site using it does not have adsl anymore) however the most
fun configuration I did was something like that:
two adsl links, two OpenBSD firewalls, using carp for failover.
each firewall had connections to _both_ adsl modems, so that
they can balance outgoing stuff.
The load balancing was done using multipath routing (route -multi).
The carp was used on the inner interface.
So if carp was master, I would bring UP both pppoe interfaces
if one of the pppoe connections went down, I would adjust
routing to route over the remaining session etc.
thx for the input, can and stuart. i've setup routing adjustments as you
mentioned (not included here), didn't realize it was so easy :P.
here is a basic ifstated.conf that does what i need that runs on the
backup firewall:
# ifstated.conf for pppoe failover
# ensure the primary firewall's internal interface is up, if not start
another pppoe session
# on the backup firewall
# address of other firewall's int_if0
peer_up = '( "ping -q -c 1 -w 1 10.0.0.252 > /dev/null" every 10)'
state auto {
if $peer_up {
set-state primary_online
}
if ! $peer_up {
set-state primary_offline
}
}
state primary_online {
init {
run "/root/pppoe0.down"
}
if ! $peer_up {
set-state primary_offline
}
}
state primary_offline {
init {
run "/root/pppoe0.up"
}
if $peer_up {
set-state primary_online
}
}
# cat
/root/pppoe0.up
#!/bin/ksh
# destroy existing pppoe0 interface and create anew
ifconfig pppoe0 inet x.y.z.w netmask 255.255.255.248 x.y.z.254 pppoedev
hme0 authproto pap authname [EMAIL PROTECTED] authkey SECRET up
# delete existing default route and add adsl
route delete default
route add default x.y.z.254
# cat
/root/pppoe0.down
#!/bin/ksh
ifconfig pppoe0 down
ifconfig pppoe0 destroy
route delete default
route add -mpath default a.b.c.d
In order to make failover work smoothly, I matched the MAC
addresses on the corresponding outer interfaces of each
firewall so that they can see the same pppoe sessions,
and built the kernel with PPPOE_TERM_UNKNOWN_SESSIONS
for my purposes it should be ok to omit this. haven't seen any troubles
getting a new pppoe session up when i've tested without considering this
case, e.g. down primary firewall to see if the backup starts the pppoe
session and routes packets over it ok. i think my ISP sends LCP echo
requests, but i could be wrong...
cheers,
jake
Can
--
spamd: bogus size db entry - bad db file?
This started happening a few hours ago. I can't find any mention of this in the misc archives: miracle$ uname -a OpenBSD miracle.mongers.org 4.1 GENERIC#5 i386 miracle$ sudo spamdb [..] TRAPPED|41.250.33.4|1189090086 TRAPPED|200.86.23.234|1189090802 SPAMTRAP|<[EMAIL PROTECTED]> WHITE|194.150.112.222|||1178785311|1178788495|1192114906|4|22 spamdb: bogus size db entry - bad db file? The db file is available for anyone who needs it to find the cause. Currently the spamd-white pf table contains 1302 entries which my mrtg graphs shows to be the number of entries before the db killed itself. If I wipe the db will spamd purge the spamd-white table? -- I prefer the dark of the night, after midnight and before four-thirty, when it's more bare, more hollow.http://a.mongers.org
Re: That whole "Linux stealing our code" thing
On Tuesday 04 September 2007, Rui Miguel Silva Seabra wrote: > Hi Sunnz, > > On Wed, Sep 05, 2007 at 04:32:20AM +1000, Sunnz wrote: > > > If the person chooses to use the GNU GPL they have to respect the > > > GNU GPL's conditions, not the BSD ones. > > > > GNU GPL, however, only grants the right to re-distribute (under > > certain conditions), but not re-license, right? > > No, the GNU GPL grants you the rights to > 0. run it for any purpose > 1. study & modify it > 2. reditribution of pristine copies > 3. redistribution of derivatives > > All this just like the BSD. However, unlike the BSD, it does so in a > reciprocal level: if you redistribute in the conditions of 2. or 3. > you must license it under these (the GNU GPL's) terms. > > > BTW, if satisfying requires in GPL would imply satisfaction of BSDL > > anyway, no? > > It's closer to include than imply, if you want to use these terms, > since satisfying the BSDL means allowing proprietary derivatives, > which the GPL aims to forbid. > > Rui Hi Rui, You've been arguing in circles for days now but the real cause is there are some things about how copyright law works which you need to understand a bit better. Hopefully I can help. Only the copyright holder can modify, remove or replace the licensing of their copyrighted work. This is the law, and those silly license terms which state you cannot remove the license are nothing more than being overly redundant for the sake of idiots who do not know the law. Sadly, most licenses state the bleeding obvious. Unless the copyright holder specifically gives the recipient the right to relicense the work, the license cannot be changed. In the case of dual licensed, or better said, multi-licensed works, this law still remains in effect. Take the case of multi-licensed work of where there is no permission to create derivative works (i.e. modifications). One of the available licenses allows you to distribute verbatim copies of the work under certain terms. The rest of the available licenses do not grant you the right distribute copies. As long as you are in compliance with the terms set forth by the one particular license which allows distribution of verbatim copies, your action of distributing copies is legal, regardless if all of the other available licenses do not grant the right to distribute copies. As you can see, the right to create copies must be specifically granted by the copyright holder in order for the recipient to be legally able to exercise that right. The same is true for all other rights protected by copyright; They must be specifically granted by the copyright holder otherwise they are illegal. When given a choice between multiple licenses, the only choice you get is which license you wish to *comply* with, but you *never* receive the right to relicense the original work unless it is specifically granted. Even if you are granted the right to create derivative works, the copyright holder must specifically grant the right to modify, remove and/or replace the licensing for you to be able to do so legally. There is a vast and significant legal difference between creating a derivative work from an original copyrighted work, and relicensing the original copyrighted work. Unless the copyright holder specifically grants permission to do these things, doing them is illegal. Since the three multi-licensed atheros driver files never granted permission to modify, remove or replace the licensing, it is illegal to change the licensing in any way, and the code remains multi-licensed regardless of the misguided patches. If you create a GPL-Only licensed patch which modifies any of the original work, you now have a legal contradiction. If you apply the patch and claim the resulting derivative work is now GPL-Only, you've just broken the law because you were never granted the right to relicense the original. On the other hand, if I apply the GPL-Only patch and say the resulting derivative work is now multi-licensed like the original work, I may also be breaking the law... This is the reason why companies like TrollTech take the time to make sure all patches to the dual-licensed Qt toolkit have amicable licensing, otherwise they reimplement the changes on their own. When you think of this legal contradiction in the terms of a patch that fixes an off-by-one security vulnerability, and the obvious need to apply the identical fix to the original, you'll see the precedence will go with the licensing of the original work. Otherwise I'd be filthy rich from researching exploits on Microsoft software, copyrighting the fixes and then holding them for ransom to the highest bidder. Who would be willing to pay me more for the *RIGHT* to fix the vulnerability; Microsoft for the sake of supporting their own products, or organized crime for the sake of having an exploit that Microsoft would never be able to legally fix? Obviously, the law doesn't work that way and the
Re: communism is good
thus Jack J. Woehr spake: On Sep 5, 2007, at 1:08 PM, Timo Schoeler wrote: thus Jack J. Woehr spake: On Sep 5, 2007, at 11:32 AM, Gaby Vanhegan wrote: On 5 Sep 2007, at 18:13, Nick Guenther wrote: On 9/5/07, Josef Stalin <[EMAIL PROTECTED]> wrote: communism is good, openbsd comrades. it is very nice. Party on. In communist russia, OpenBSD develops you! Efter the rewolution, kumrad, all will be havink BSD-licensed open source and you will be likink it! Err, Russia != U.S.A. People are NOT illiterates in Russia. Da, ja ponimaju! That's just a punchline from a corny old English joke circa 1920 about Hyde Park revolutionary orators. Ah, I see. The 'in communist russia' thing was understood, but not the BSD part :) Patria o muerte! Venceremos! :)
Re: Excluding files with mtree?
On Wed, 5 Sep 2007, Jeremy C. Reed wrote: Have a look at the "optional" (for files) and "ignore" (for directories) keywords in man page. And see examples in /etc/mtree/special. Generate your entire specification and then modify using "optional" and "ignore" as you wish. Thanks for the info. But I was hoping to use it in a fully automatic script. p.s. Some other implementations of mtree(8) have an exclude feature. Yeah I noticed that too. I tried NetBSD's mtree on OpenBSD but it didn't compile out of the box and it didn't seem like a trivial thing to port. -- Antti Harri
Re: communism is good
On Sep 5, 2007, at 1:08 PM, Timo Schoeler wrote: > thus Jack J. Woehr spake: >> On Sep 5, 2007, at 11:32 AM, Gaby Vanhegan wrote: >>> On 5 Sep 2007, at 18:13, Nick Guenther wrote: >>> On 9/5/07, Josef Stalin <[EMAIL PROTECTED]> wrote: > communism is good, openbsd comrades. > > it is very nice. > Party on. >>> In communist russia, OpenBSD develops you! >> Efter the rewolution, kumrad, all will be havink BSD-licensed >> open source >> and you will be likink it! > > Err, Russia != U.S.A. People are NOT illiterates in Russia. Da, ja ponimaju! That's just a punchline from a corny old English joke circa 1920 about Hyde Park revolutionary orators. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Excluding files with mtree?
> how can I exclude files with mtree? It > seems to me it's not possible, is it? > > I want to make mtree specifications of > a directory but I want to skip some files > and subdirectories in it. Have a look at the "optional" (for files) and "ignore" (for directories) keywords in man page. And see examples in /etc/mtree/special. Generate your entire specification and then modify using "optional" and "ignore" as you wish. Jeremy C. Reed p.s. Some other implementations of mtree(8) have an exclude feature.
Re: Problems with chrooted Apache and PHP exec() function
On 9/5/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > On Wed, 5 Sep 2007, Johan L wrote: > > > > Any suggestion on how to solve this (other than disabling chroot of > > course...)? > > > > /Johan > > depending on how you invoke the executable, you might need /bin/sh as > well in the chroot. Please remember that this is a risk. you probably didn't have $TZ set, you'd probably need /etc/localtime in the chroot.
Re: communism is good
thus Jack J. Woehr spake: On Sep 5, 2007, at 11:32 AM, Gaby Vanhegan wrote: On 5 Sep 2007, at 18:13, Nick Guenther wrote: On 9/5/07, Josef Stalin <[EMAIL PROTECTED]> wrote: communism is good, openbsd comrades. it is very nice. Party on. In communist russia, OpenBSD develops you! Efter the rewolution, kumrad, all will be havink BSD-licensed open source and you will be likink it! Err, Russia != U.S.A. People are NOT illiterates in Russia. ;)
Re: Problems with chrooted Apache and PHP exec() function
On Wed, 5 Sep 2007, Johan L wrote: > Hi, > > We are trying to get the PHP exec() function to work in a chrooted Apache > environment (4.1-stable MP ACPI enabled, PHP 5.1.6). > > Even if using a static binary (for example date) in the chrooted directory, > exec just returns 127. > > Everything works fine when running chroot from the command line, eg: > chroot -u www -g www /var/www date > > If we start Apache without chroot (-u) then it works too. > > Any suggestion on how to solve this (other than disabling chroot of > course...)? > > /Johan depending on how you invoke the executable, you might need /bin/sh as well in the chroot. Please remember that this is a risk. -Otto
Re: communism is good
On Sep 5, 2007, at 11:32 AM, Gaby Vanhegan wrote: > On 5 Sep 2007, at 18:13, Nick Guenther wrote: > >> On 9/5/07, Josef Stalin <[EMAIL PROTECTED]> wrote: >>> communism is good, openbsd comrades. >>> >>> it is very nice. >>> >> >> Party on. > > In communist russia, OpenBSD develops you! Efter the rewolution, kumrad, all will be havink BSD-licensed open source and you will be likink it! -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: communism is good
On 5 Sep 2007, at 18:13, Nick Guenther wrote: > On 9/5/07, Josef Stalin <[EMAIL PROTECTED]> wrote: >> communism is good, openbsd comrades. >> >> it is very nice. >> > > Party on. In communist russia, OpenBSD develops you! -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/
Re: communism is good
On 9/5/07, Josef Stalin <[EMAIL PROTECTED]> wrote: > communism is good, openbsd comrades. > > it is very nice. > Party on.
communism is good
communism is good, openbsd comrades. it is very nice.
Problems with chrooted Apache and PHP exec() function
Hi, We are trying to get the PHP exec() function to work in a chrooted Apache environment (4.1-stable MP ACPI enabled, PHP 5.1.6). Even if using a static binary (for example date) in the chrooted directory, exec just returns 127. Everything works fine when running chroot from the command line, eg: chroot -u www -g www /var/www date If we start Apache without chroot (-u) then it works too. Any suggestion on how to solve this (other than disabling chroot of course...)? /Johan
Re: [OT][AMD-FOSS] AMD-ATI promises to release docs for their new video cards
2007/9/5, Leonardo Rodrigues <[EMAIL PROTECTED]>: > Seems that ATI-AMD will open up their graphics drivers: > http://lwn.net/Articles/248227/ > > "A quick report from the kernel summit: AMD's representative at the > summit has announced that the company has made a decision to enable > the development of open source drivers for all of its (ATI) graphics > processors from the R500 going forward. There will be specifications > available and a skeleton driver as well; a free 2D driver is > anticipated by the end of the year. The rest will have to be written; > freeing of the existing binary-only driver is not in the cards, and > "that is better for everybody." Things are looking good on this front. > More in the kernel summit report to come." Hear, hear. http://lwn.net/Articles/248263/ "The quick report is (for obvious reasons) very vague on the scope of specifications that will be released. To qualify as "2D driver" the only things that are needed is some basic mode setting and drawing. That leaves out a lot of features expected from a complete driver: * 2D acceleration (XAA, EXA ?) * Dual output and TV-out support * Xv & XvMC for video acceleration * RandR for changing resolution * and of course... 3D acceleration Also for laptop users what's nice to have is a driver that doesn't freeze the card on suspend/resume, and the ability to switch to an external screen." Best Martin
[OT][AMD-FOSS] AMD-ATI promises to release docs for their new video cards
Seems that ATI-AMD will open up their graphics drivers: http://lwn.net/Articles/248227/ "A quick report from the kernel summit: AMD's representative at the summit has announced that the company has made a decision to enable the development of open source drivers for all of its (ATI) graphics processors from the R500 going forward. There will be specifications available and a skeleton driver as well; a free 2D driver is anticipated by the end of the year. The rest will have to be written; freeing of the existing binary-only driver is not in the cards, and "that is better for everybody." Things are looking good on this front. More in the kernel summit report to come." Sadly, it seems that cards prior to R500 will remain closed source though. I wonder how nvidia will react to this. And I hope this kind of behaviour becomes a new trend :D -- An OpenBSD user... and that's all you need to know =) Please, send private emails to [EMAIL PROTECTED]
Re: Max throughput ?
* David Newman <[EMAIL PROTECTED]> [2007-09-05 17:40]: > -BEGIN PGP SIGNED MESSAGE- > >> Can any one comment on this ? Would it not be better to use some think > >> like a Cisco layer 3 GB switch. > > sure it is better, assuming you call "I paid $100,000 for a $5 CPU that > > falls over at 5000pps*" better. > > > > *when the packets are just a tiny bit different from what cisco expects > > and can handle in the fast path, they go to the main cpu, which is > > incredibly slow on pretty much any cisco you can buy > Here you are referring to slow-path processing for packets with IP > options set. That's normal with all switches, not just Cisco's. yep. but basicaly everybody else has faster host CPUs - so they still suffer, but they don't go down as badly. > This also suggests 5000 pps is the expected performance, which is not > the case. Spending US$100k on a switch from Cisco, Foundry, or Force10 > will get you fast-path processing in the tens of millions of pps or more > (which AFAIK even the studliest of server hardware doesn't do today) and > slow-path processing in the 1s of pps or more. no, I have fixed networks by removing >$100k cisco gear that was falling over under way less than 5k pps. > OTOH I fully agree that lower end boxes (and even some higher ones such > as older Sup cards on Cat 65xxs) have relatively slow CPUs. i have yet to see a cisco box where the host CPU is not pathetically slow. > The key question is whether you have slow-path traffic to begin with. your slow-path traffic is a perfect attack vector... and some stuff goes slow-path that you totally would not expect to. anyway, this is not a cisco list, so no point in discussing their design fuckups here. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: switch or server? (was Re: Max throughput ?)
* David Newman <[EMAIL PROTECTED]> [2007-09-05 17:51]: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 9/5/07 2:01 AM, Henning Brauer wrote: > > * David Newman <[EMAIL PROTECTED]> [2007-09-05 00:59]: > >>> Can any one comment on this ? Would it not be better to use some think > >>> like a Cisco layer 3 GB switch. > >> Most el cheapo gig switches will do the job without packet loss. > > > > you are beeing tricked by marketing terminology. > > > > layer 3 switches are routers. > > > > vendors use the term to.. well I dunno :) > > > > most so-called layer3 swicthes are regular layer 2 switches with a > > little extra logic to be able to inspect IP headers and take the > > "switching" (it is routing of course) decision based on that. > > > > Rule of thumb: they all suck. > > > > That's a statement of value, not of fact. > > The OP asked about switch throughput. Even the el cheapo ones you > describe as sucky can forward packets at line rate with zero loss. switch, aka layer 2, yes. route, aka layer 3, no. not even under perfect conditions in case of teh small ones. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Max throughput ?
> Which reminds me: Is there a real chance that we can expect 4.4 to run > good on a SUN T2 with support for the 10G NICs? Well, kind of difficult since we don't have any.
Excluding files with mtree?
Hi, how can I exclude files with mtree? It seems to me it's not possible, is it? I want to make mtree specifications of a directory but I want to skip some files and subdirectories in it. -- Antti Harri
Re: Max throughput ?
2007/9/5, David Newman <[EMAIL PROTECTED]>: > the case. Spending US$100k on a switch from Cisco, Foundry, or Force10 > will get you fast-path processing in the tens of millions of pps or more > (which AFAIK even the studliest of server hardware doesn't do today) and Which reminds me: Is there a real chance that we can expect 4.4 to run good on a SUN T2 with support for the 10G NICs? Best Martin
Re: switch or server? (was Re: Max throughput ?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/5/07 2:01 AM, Henning Brauer wrote: > * David Newman <[EMAIL PROTECTED]> [2007-09-05 00:59]: >>> Can any one comment on this ? Would it not be better to use some think >>> like a Cisco layer 3 GB switch. >> Most el cheapo gig switches will do the job without packet loss. > > you are beeing tricked by marketing terminology. > > layer 3 switches are routers. > > vendors use the term to.. well I dunno :) > > most so-called layer3 swicthes are regular layer 2 switches with a > little extra logic to be able to inspect IP headers and take the > "switching" (it is routing of course) decision based on that. > > Rule of thumb: they all suck. > That's a statement of value, not of fact. The OP asked about switch throughput. Even the el cheapo ones you describe as sucky can forward packets at line rate with zero loss. They have many other problems -- execrable routing code, CLIs and GUIs written by idiots, and horrible hashing algorithms, to name a few -- but basic packet forwarding isn't one of them. That said, I share your allergy to the term "layer-3 switch." I don't use this meaningless marketing term. Switches switch; routers route. dn iD8DBQFG3swDyPxGVjntI4IRAkqkAJ93LmSLnpTft6j/sOZ/0bbdeBuSdQCfWENS gEH1SSQe1g0dxOaYp/+p+68= =loeJ -END PGP SIGNATURE-
Re: Max throughput ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/5/07 1:50 AM, Henning Brauer wrote: > * Michael Gale <[EMAIL PROTECTED]> [2007-09-05 00:16]: >> Hey, >> >> It was suggested that we create an OpenBSD server with 9GB >> interfaces to start. 7 Will be used right off the bat. >> >> This would function as a core router brining 7 GB networks together on >> the inside of a main firewall. I suggested that maybe we would have some >> bandwidth issues with trying to push that much traffic through a single >> server. > > you might have thruput issues, you might not. depends on the traffic > characteristics and hardware you choose. > >> Can any one comment on this ? Would it not be better to use some think >> like a Cisco layer 3 GB switch. > > sure it is better, assuming you call "I paid $100,000 for a $5 CPU that > falls over at 5000pps*" better. > > *when the packets are just a tiny bit different from what cisco expects > and can handle in the fast path, they go to the main cpu, which is > incredibly slow on pretty much any cisco you can buy Here you are referring to slow-path processing for packets with IP options set. That's normal with all switches, not just Cisco's. This also suggests 5000 pps is the expected performance, which is not the case. Spending US$100k on a switch from Cisco, Foundry, or Force10 will get you fast-path processing in the tens of millions of pps or more (which AFAIK even the studliest of server hardware doesn't do today) and slow-path processing in the 1s of pps or more. OTOH I fully agree that lower end boxes (and even some higher ones such as older Sup cards on Cat 65xxs) have relatively slow CPUs. The key question is whether you have slow-path traffic to begin with. This is a nonissue if you're not using IP options. Five minutes of testing will tell if a switch is using its slow path. dn iD8DBQFG3sm5yPxGVjntI4IRAmtPAKDrRjey1YLPGdhfb9D90bTX1p/kfACgw0MI qzPPYsE97zwif8TpgEvE9nE= =1fJu -END PGP SIGNATURE-
Re: bnx tcp offload
Hi, Claudio Jeker schrieb: > On Wed, Sep 05, 2007 at 09:45:04AM +0200, Renaud Allard wrote: > OpenBSD does not support the TOE. TCP/IP checksum offload on the other > hand had a problem on bnx and this was disabled in -current. > So please try a snapshot. Had the same problem a while back in May... thanks for the info about the snapshot. Although it is not recommended I applied the changes to stable and came up with the following patch between 4.1-stable and -current as of 2007/09/05: http://openbsd.lechtermann.net/pub/patches/41_bnx_tcp-offload.patch PF rdr (-> spamd) and modulate state are working fine now. Michael
Re: bnx tcp offload
On Wed, Sep 05, 2007 at 09:45:04AM +0200, Renaud Allard wrote: > Hello, > > I just have two Dell servers having broadcom netXtreme NICs with tcp offload > engine activated (and locked on on) in the bios. > I tried to use these servers to do an smtp gateway with spamd. When I > activated > spamd, connecting to port 25 worked but nothing more. After scanning with > tcpdump, I saw that all packets passing through pf going to spamd and exiting > had bad tcp checksum. The machine at the other end receiving these bad tcp > checksum of course dropped them. For the moment, I solved the issue by using > Intel em NICs. > Packets passing not passing through pf had also about 50% packets with bad > checksum too. Sounds like the same thing I ran into. http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&textonly=yes&numbers=5437 As mentioned by others, checksum offload is disabled in CURRENT (as of 2007-07-04). A diff follows if you need a patch for 4.1 stable. -Paul Index: if_bnx.c === RCS file: /cvs/src/sys/dev/pci/if_bnx.c,v retrieving revision 1.48 diff -u -r1.48 if_bnx.c --- if_bnx.c5 Mar 2007 11:13:09 - 1.48 +++ if_bnx.c5 Sep 2007 13:46:53 - @@ -875,8 +875,7 @@ bcopy(sc->eaddr, sc->arpcom.ac_enaddr, ETHER_ADDR_LEN); bcopy(sc->bnx_dev.dv_xname, ifp->if_xname, IFNAMSIZ); - ifp->if_capabilities = IFCAP_VLAN_MTU | IFCAP_CSUM_TCPv4 | - IFCAP_CSUM_UDPv4; + ifp->if_capabilities = IFCAP_VLAN_MTU; #if NVLAN > 0 ifp->if_capabilities |= IFCAP_VLAN_HWTAGGING;
Re: bnx tcp offload
You can disable the broadcom TOE removing the key on the motherboard. http://support.euro.dell.com/support/edocs/systems/pe2950/en/hom/html/jumpers .htm#wp1054670 Ciao. Andrea Renaud Allard <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 05/09/2007 09.45 To misc@openbsd.org cc Subject bnx tcp offload Hello, I just have two Dell servers having broadcom netXtreme NICs with tcp offload engine activated (and locked on on) in the bios. I tried to use these servers to do an smtp gateway with spamd. When I activated spamd, connecting to port 25 worked but nothing more. After scanning with tcpdump, I saw that all packets passing through pf going to spamd and exiting had bad tcp checksum. The machine at the other end receiving these bad tcp checksum of course dropped them. For the moment, I solved the issue by using Intel em NICs. Packets passing not passing through pf had also about 50% packets with bad checksum too. Is there a software way to force the bnx driver to _not_ use the TCP offload engine without recompiling the driver? Thanks -- 01010010011001010110111001110111010101100100 0101011011000110110001110111001001100100 [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] NOTA DI RISERVATEZZA Questo messaggio e i suoi allegati sono destinati esclusivamente alle persone in indirizzo e puo' contenere informazioni riservate. Se avete ricevuto il messaggio per errore, Vi informiamo che qualsiasi utilizzo dei contenuti della presente e' assolutamente vietato. Vi invitiamo a rispedire immediatamente la mail al mittente e a distruggere il messaggio. Per qualsiasi dubbio, Vi invitiamo a contattarci rispondendo a [EMAIL PROTECTED] Graziewww.sirti.it CONFIDENTIALITY NOTICE This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to [EMAIL PROTECTED] Thank youwww.sirti.it
Re: IPSec
Oh, and the tunnel is only activated when ISA network tries to access
OBSD network. In the other way doesn't work.
On 9/5/07, JosC) Costa <[EMAIL PROTECTED]> wrote:
> I think that the patch works but I can't ping from the 10.0.0.0/24
> network to 10.0.1.0/24.
>
> I can ping from ISA to 10.0.0.1 (another VM connected), to 10.0.0.50
> (loopback1) and 10.0.0.254 (inside if).
>
> From OBSD, I can ping from 10.0.0.254 (ping -I 10.0.0.254) to
> 10.0.1.254 and (ping -I 10.0.0.50) 10.0.0.50 to 10.0.1.254.
>
> I can't ping from 172.26.10.82 and from the 10.0.0.1 machine.
>
> # ifconfig
> lo0: flags=8049 mtu 33224
> groups: lo
> inet 127.0.0.1 netmask 0xff00
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
> pcn0: flags=8a43 mtu 1500
> lladdr 00:0c:29:f0:70:e0
> groups: egress
> media: Ethernet autoselect (autoselect)
> inet 172.26.10.82 netmask 0xff00 broadcast 172.26.10.255
> inet6 fe80::20c:29ff:fef0:70e0%pcn0 prefixlen 64 scopeid 0x1
> pcn1: flags=8843 mtu 1500
> lladdr 00:0c:29:f0:70:ea
> media: Ethernet autoselect (autoselect)
> inet 10.0.0.254 netmask 0xff00 broadcast 10.0.0.255
> inet6 fe80::20c:29ff:fef0:70ea%pcn1 prefixlen 64 scopeid 0x2
> pflog0: flags=141 mtu 33224
> enc0: flags=141 mtu 1536
> lo1: flags=8049 mtu 33224
> groups: lo
> inet 10.0.0.50 netmask 0xff00
>
> --
>
> # cat /etc/pf.conf
> # $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
> #
> # See pf.conf(5) and /usr/share/pf for syntax and examples.
> # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
> # in /etc/sysctl.conf if packets are to be forwarded between interfaces.
>
> ext_if="pcn0"
> int_if="pcn1"
>
> #table persist
>
> set skip on { lo $int_if enc0 }
>
> #scrub in
>
> #nat-anchor "ftp-proxy/*"
> #rdr-anchor "ftp-proxy/*"
> nat on $ext_if from ! ($ext_if) -> ($ext_if:0)
> #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
> #no rdr on $ext_if proto tcp from to any port smtp
> #rdr pass on $ext_if proto tcp from any to any port smtp \
> # -> 127.0.0.1 port spamd
>
> #anchor "ftp-proxy/*"
>
> # Default Deny Rule
> block in
> #pass out
>
> #pass quick on $int_if no state
> #antispoof quick for { lo $int_if }
>
> # OpenSSH Access
> pass in on $ext_if proto tcp to ($ext_if) port ssh
>
> # SMTP Access
> #pass in log on $ext_if proto tcp to ($ext_if) port smtp
> #pass out log on $ext_if proto tcp from ($ext_if) to port smtp
>
> # Lan Access
> pass on $int_if all
>
> # IPSec Tunnel to ISA Server
> pass in quick on $ext_if proto icmp from 172.26.10.83 to ($ext_if)
> pass in quick on $ext_if proto udp from 172.26.10.83 to ($ext_if) port 500
> pass in quick on $ext_if proto esp from 172.26.10.83 to ($ext_if)
> pass out quick on $ext_if proto esp from ($ext_if) to 172.26.10.83
>
> # Outbound Access
> pass out keep state
>
> ---
>
> # cat /etc/ipsec.conf
> # $OpenBSD: ipsec.conf,v 1.5 2006/09/14 15:10:43 hshoexer Exp $
> #
> # See ipsec.conf(5) for syntax and examples.
>
> # Set up two tunnels using automatic keying with isakmpd(8):
> #
> # First between the networks 10.1.1.0/24 and 10.1.2.0/24,
> # second between the machines 192.168.3.1 and 192.168.3.2.
> # Use FQDNs as IDs.
>
> #ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \
> # srcid me.mylan.net dstid the.others.net
> #ike esp from 192.168.3.1 to 192.168.3.2 \
> # srcid me.mylan.net dstid the.others.net
>
> # Set up a tunnel using static keying:
> #
> # The first rule sets up the flow; the second sets up the SA. As default
> # transforms, ipsecctl(8) will use hmac-sha2-256 for authentication
> # and aes for encryption. hmac-sha2-256 uses a 256-bit key; aes
> # a 128-bit key.
>
> #flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2
> #esp from 192.168.3.1 to 192.168.3.2 spi 0xabd9da39:0xc9dbb83d \
> # authkey
> 0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8:0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6
> \
> # enckey
> 0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d
>
> ike esp from 10.0.0.0/24 to 10.0.1.0/24 peer 172.26.10.83 \
> main auth hmac-sha1 enc 3des group modp1024 \
> quick auth hmac-sha1 enc 3des group modp1024 \
> psk teste tag teste
>
>
> On 9/3/07, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > could you try the attached diff, please?
> >
> > Index: message.c
> > ===
> > RCS file: /cvs/src/sbin/isakmpd/message.c,v
> > retrieving revision 1.126
> > diff -u -p -r1.126 message.c
> > --- message.c 2 Jun 2007 01:29:11 - 1.126
> > +++ message.c 3 Sep 2007 22:30:46 -
> > @@ -927,6 +927,7 @@ message_validate_notify(struct message *
> > if (type < ISAKMP_NOTIFY_INVALID_PAYLOAD_
Re: IPSec
I think that the patch works but I can't ping from the 10.0.0.0/24
network to 10.0.1.0/24.
I can ping from ISA to 10.0.0.1 (another VM connected), to 10.0.0.50
(loopback1) and 10.0.0.254 (inside if).
>From OBSD, I can ping from 10.0.0.254 (ping -I 10.0.0.254) to
10.0.1.254 and (ping -I 10.0.0.50) 10.0.0.50 to 10.0.1.254.
I can't ping from 172.26.10.82 and from the 10.0.0.1 machine.
# ifconfig
lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
pcn0: flags=8a43 mtu 1500
lladdr 00:0c:29:f0:70:e0
groups: egress
media: Ethernet autoselect (autoselect)
inet 172.26.10.82 netmask 0xff00 broadcast 172.26.10.255
inet6 fe80::20c:29ff:fef0:70e0%pcn0 prefixlen 64 scopeid 0x1
pcn1: flags=8843 mtu 1500
lladdr 00:0c:29:f0:70:ea
media: Ethernet autoselect (autoselect)
inet 10.0.0.254 netmask 0xff00 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fef0:70ea%pcn1 prefixlen 64 scopeid 0x2
pflog0: flags=141 mtu 33224
enc0: flags=141 mtu 1536
lo1: flags=8049 mtu 33224
groups: lo
inet 10.0.0.50 netmask 0xff00
--
# cat /etc/pf.conf
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
ext_if="pcn0"
int_if="pcn1"
#table persist
set skip on { lo $int_if enc0 }
#scrub in
#nat-anchor "ftp-proxy/*"
#rdr-anchor "ftp-proxy/*"
nat on $ext_if from ! ($ext_if) -> ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#no rdr on $ext_if proto tcp from to any port smtp
#rdr pass on $ext_if proto tcp from any to any port smtp \
# -> 127.0.0.1 port spamd
#anchor "ftp-proxy/*"
# Default Deny Rule
block in
#pass out
#pass quick on $int_if no state
#antispoof quick for { lo $int_if }
# OpenSSH Access
pass in on $ext_if proto tcp to ($ext_if) port ssh
# SMTP Access
#pass in log on $ext_if proto tcp to ($ext_if) port smtp
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp
# Lan Access
pass on $int_if all
# IPSec Tunnel to ISA Server
pass in quick on $ext_if proto icmp from 172.26.10.83 to ($ext_if)
pass in quick on $ext_if proto udp from 172.26.10.83 to ($ext_if) port 500
pass in quick on $ext_if proto esp from 172.26.10.83 to ($ext_if)
pass out quick on $ext_if proto esp from ($ext_if) to 172.26.10.83
# Outbound Access
pass out keep state
---
# cat /etc/ipsec.conf
# $OpenBSD: ipsec.conf,v 1.5 2006/09/14 15:10:43 hshoexer Exp $
#
# See ipsec.conf(5) for syntax and examples.
# Set up two tunnels using automatic keying with isakmpd(8):
#
# First between the networks 10.1.1.0/24 and 10.1.2.0/24,
# second between the machines 192.168.3.1 and 192.168.3.2.
# Use FQDNs as IDs.
#ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \
# srcid me.mylan.net dstid the.others.net
#ike esp from 192.168.3.1 to 192.168.3.2 \
# srcid me.mylan.net dstid the.others.net
# Set up a tunnel using static keying:
#
# The first rule sets up the flow; the second sets up the SA. As default
# transforms, ipsecctl(8) will use hmac-sha2-256 for authentication
# and aes for encryption. hmac-sha2-256 uses a 256-bit key; aes
# a 128-bit key.
#flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2
#esp from 192.168.3.1 to 192.168.3.2 spi 0xabd9da39:0xc9dbb83d \
# authkey
0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8:0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6
\
# enckey
0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d
ike esp from 10.0.0.0/24 to 10.0.1.0/24 peer 172.26.10.83 \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc 3des group modp1024 \
psk teste tag teste
On 9/3/07, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote:
> Hi,
>
> could you try the attached diff, please?
>
> Index: message.c
> ===
> RCS file: /cvs/src/sbin/isakmpd/message.c,v
> retrieving revision 1.126
> diff -u -p -r1.126 message.c
> --- message.c 2 Jun 2007 01:29:11 - 1.126
> +++ message.c 3 Sep 2007 22:30:46 -
> @@ -927,6 +927,7 @@ message_validate_notify(struct message *
> if (type < ISAKMP_NOTIFY_INVALID_PAYLOAD_TYPE ||
> (type >= ISAKMP_NOTIFY_RESERVED_MIN &&
> type < ISAKMP_NOTIFY_PRIVATE_MIN) ||
> + type == ISAKMP_NOTIFY_STATUS_CONNECTED ||
> (type >= ISAKMP_NOTIFY_STATUS_RESERVED1_MIN &&
> type <= ISAKMP_NOTIFY_STATUS_RESERVED1_MAX) ||
> (type >= ISAKMP_NOTIFY_STATUS_DOI_MIN &&
Re: ZyXEL G-302 (rtw) lockup
I see. Thanks. > -Original Message- > From: Jonathan Gray [mailto:[EMAIL PROTECTED] > Sent: 05 September 2007 12:50 PM > To: Marius Van Deventer - Umzimkulu > Cc: misc@openbsd.org > Subject: Re: ZyXEL G-302 (rtw) lockup > > On Wed, Sep 05, 2007 at 11:43:44AM +0200, [EMAIL PROTECTED] wrote: > > HI all. > > > > I recently acquired a ZyXEL G-302 wireless card. OpenBSD ID's it as rtw. > > > > It shows up on ifconfig. But when I try and config this card, either via > > ifconfig or via hostname.rtw0, the whole machine locks hard. It does not > > seem to matter what config I use, although I am particularly interested > > in hostap mode. It may be a faulty card or something, but it would not > > surprise me if I simply made a glaring error somewhere. > > > > I tried to search for answers but Google is not my friend today. > > > > Below are my dmesg and my (attempted) hostname.rtw0. Feel free to > > comment/nitpick/flame. Since the machine is not yet networked, these > > texts are copied to a windows machine and then mailed, so I hope it > > doesn't appear mangled. > > > > Cheers > > > > Marius Van Deventer > > Support for 802.11g based Realtek devices was started but never completed, > there is not enough information available on how the radios work. > > I'll change the version in cvs shortly so it is no longer matched.
Re: ZyXEL G-302 (rtw) lockup
On Wed, Sep 05, 2007 at 11:43:44AM +0200, [EMAIL PROTECTED] wrote: > HI all. > > I recently acquired a ZyXEL G-302 wireless card. OpenBSD ID's it as rtw. > > It shows up on ifconfig. But when I try and config this card, either via > ifconfig or via hostname.rtw0, the whole machine locks hard. It does not > seem to matter what config I use, although I am particularly interested > in hostap mode. It may be a faulty card or something, but it would not > surprise me if I simply made a glaring error somewhere. > > I tried to search for answers but Google is not my friend today. > > Below are my dmesg and my (attempted) hostname.rtw0. Feel free to > comment/nitpick/flame. Since the machine is not yet networked, these > texts are copied to a windows machine and then mailed, so I hope it > doesn't appear mangled. > > Cheers > > Marius Van Deventer Support for 802.11g based Realtek devices was started but never completed, there is not enough information available on how the radios work. I'll change the version in cvs shortly so it is no longer matched.
Re: php-5.2.4 installation problem on OpenBSD 4.1
Hi, > I want to install php-5.2.4 on OpenBSD 4.1. Of course its from source. Works for me as of about 6 minutes ago: PHP 5.2.4 (cli) (built: Sep 5 2007 12:35:54) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies > I've installed libiconv-1.9.2.tar.gz. How? From a package? HTH... Nico
ZyXEL G-302 (rtw) lockup
HI all.
I recently acquired a ZyXEL G-302 wireless card. OpenBSD ID's it as rtw.
It shows up on ifconfig. But when I try and config this card, either via
ifconfig or via hostname.rtw0, the whole machine locks hard. It does not
seem to matter what config I use, although I am particularly interested
in hostap mode. It may be a faulty card or something, but it would not
surprise me if I simply made a glaring error somewhere.
I tried to search for answers but Google is not my friend today.
Below are my dmesg and my (attempted) hostname.rtw0. Feel free to
comment/nitpick/flame. Since the machine is not yet networked, these
texts are copied to a windows machine and then mailed, so I hope it
doesn't appear mangled.
Cheers
Marius Van Deventer
=dmesg==
OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz ("GenuineIntel" 686-class) 2.67
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem = 259551232 (253468K)
avail mem = 229146624 (223776K)
using 3199 buffers containing 13103104 bytes (12796K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 10/14/03, BIOS32 rev. 0 @ 0xfdb40,
SMBIOS rev. 2.3 @ 0xf0630 (31 entries)
bios0: Hewlett-Packard 0884h
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7b10/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801DB LPC" rev
0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xb400 0xcbc00/0x1800 0xe/0x1000
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845G/GL" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82845G/GL Video" rev 0x03: aperture
at 0xd000, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x02: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x02: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x02: irq 5
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x02: irq 10
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb0 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x82
pci1 at ppb0 bus 3
bce0 at pci1 dev 10 function 0 "Broadcom BCM4401" rev 0x01: irq 5,
address 00:02:e3:3d:45:d2
bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0
rtw0 at pci1 dev 11 function 0 "Realtek 8185" rev 0x20: irq 5
rtw0: ver RTL8185, radio RTL8225, address 00:19:cb:0a:95:0c
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: irq 5
iic0 at ichiic0
admtm0 at iic0 addr 0x2d: 47m192
auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x02: irq 5,
ICH4 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ef6d netmask ef6d ttymask ffef
pctr: user-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
WARNING: / was not properly unmounted
hostname.rtw0
proxy pop3 p3scan, compile on OBSD
Hi to everybody, It doesn't exist a port of p3scan on OBSD, so I'm trying to compile from the source. I'm looking for "statvfs.h" on openBSD at the moment, I know there is no statvfs.h for openbsd, however I found it for NetBSD, and FreeBSD, I would like to know if there is a similar one for OBSD, and has anybody accomplished compile p3scan on OpenBSD 4.1? thank you -- View this message in context: http://www.nabble.com/proxy-pop3-p3scan%2C-compile-on-OBSD-tf4383056.html#a12494805 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: bnx tcp offload
Marc Balmer wrote: > Renaud Allard wrote: > >> I just have two Dell servers having broadcom netXtreme NICs with tcp >> offload >> engine activated (and locked on on) in the bios. >> I tried to use these servers to do an smtp gateway with spamd. When I >> activated >> spamd, connecting to port 25 worked but nothing more. After scanning with >> tcpdump, I saw that all packets passing through pf going to spamd and >> exiting >> had bad tcp checksum. The machine at the other end receiving these bad >> tcp >> checksum of course dropped them. For the moment, I solved the issue by >> using >> Intel em NICs. >> Packets passing not passing through pf had also about 50% packets with >> bad >> checksum too. >> >> Is there a software way to force the bnx driver to _not_ use the TCP >> offload >> engine without recompiling the driver? > > Can you please give us some details, i.e. a dmesg of that system? > Ah, yes, of course, I forgot that. hw.vendor=Dell Inc. hw.product=PowerEdge 2950 OpenBSD 4.1-stable (GENERIC.MP) #0: Tue Sep 4 16:13:02 CEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3488907264 (3407136K) avail mem = 2990477312 (2920388K) using 22937 buffers containing 349097984 bytes (340916K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xcffbc000 (62 entries) bios0: Dell Inc. PowerEdge 2950 acpi at mainbus0 not configured ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4 mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU 5130 @ 2.00GHz, 1995.26 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 332MHz cpu1 at mainbus0: apid 6 (application processor) cpu1: Intel(R) Xeon(R) CPU 5130 @ 2.00GHz, 1995.02 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Xeon(R) CPU 5130 @ 2.00GHz, 1995.02 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu2: 4MB 64b/line 16-way L2 cache cpu3 at mainbus0: apid 7 (application processor) cpu3: Intel(R) Xeon(R) CPU 5130 @ 2.00GHz, 1995.02 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu3: 4MB 64b/line 16-way L2 cache mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 6 is type PCI mpbios: bus 7 is type PCI mpbios: bus 8 is type PCI mpbios: bus 9 is type PCI mpbios: bus 10 is type PCI mpbios: bus 11 is type PCI mpbios: bus 12 is type PCI mpbios: bus 13 is type PCI mpbios: bus 14 is type PCI mpbios: bus 15 is type PCI mpbios: bus 16 is type PCI mpbios: bus 17 is type ISA ioapic0 at mainbus0 apid 8 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 8 ioapic1 at mainbus0 apid 9 pa 0xfec81000, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apid 9 pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 "Intel 5000X Host" rev 0x12 ppb0 at pci0 dev 2 function 0 "Intel 5000 PCIE" rev 0x12 pci1 at ppb0 bus 6 ppb1 at pci1 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01 pci2 at ppb1 bus 7 ppb2 at pci2 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01 pci3 at ppb2 bus 8 ppb3 at pci3 dev 0 function 0 "ServerWorks PCIE-PCIX" rev 0xc3 pci4 at ppb3 bus 9 bnx0 at pci4 dev 0 function 0 "Broadcom BCM5708" rev 0x12: apic 8 int 16 (irq 11) ppb4 at pci2 dev 1 function 0 "Intel 6321ESB PCIE" rev 0x01 pci5 at ppb4 bus 10 ppb5 at pci1 dev 0 function 3 "Intel 6321ESB PCIE-PCIX" rev 0x01 pci6 at ppb5 bus 11 ppb6 at pci0 dev 3 function 0 "Intel 5000 PCIE" rev 0x12 pci7 at ppb6 bus 1 ppb7 at pci7 dev 0 function 0 "Intel IOP333 PCIE-PCIX" rev 0x00 pci8 at ppb7 bus 2 mfi0 at pci8 dev 14 function 0 "Dell PERC 5" rev 0x00: apic 9 int 14 (irq 5) mfi0: logical drives 2, version 5.1.1-0040, 256MB RAM scsibus0 at mfi0: 2 targets sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed sd0: 278784MB, 278784 cyl, 64 head, 32 sec, 512 bytes/sec, 570949632 sec total sd1 at scsibus0 targ 1 lun 0: SCSI3 0/direct fixed sd1: 418176MB, 418176 cyl, 64 head, 32 sec, 512 bytes/sec, 856424448 sec total ppb8 at pci7 dev 0 function 2 "Intel IOP333 PCIE-PCIX" rev 0x00 pci9 at ppb8 bus 3 ppb9 at pci0 dev 4 function 0 "Intel 5000 PCIE" rev 0x12 pci10 at ppb9 bus 12 em0 at pci10 dev 0 function 0 "Intel PRO/1000 PT (82571EB)" rev 0x06: apic 8 int 16 (irq 11), address 0
Re: bnx tcp offload
Renaud Allard wrote: I just have two Dell servers having broadcom netXtreme NICs with tcp offload engine activated (and locked on on) in the bios. I tried to use these servers to do an smtp gateway with spamd. When I activated spamd, connecting to port 25 worked but nothing more. After scanning with tcpdump, I saw that all packets passing through pf going to spamd and exiting had bad tcp checksum. The machine at the other end receiving these bad tcp checksum of course dropped them. For the moment, I solved the issue by using Intel em NICs. Packets passing not passing through pf had also about 50% packets with bad checksum too. Is there a software way to force the bnx driver to _not_ use the TCP offload engine without recompiling the driver? Can you please give us some details, i.e. a dmesg of that system?
Re: switch or server? (was Re: Max throughput ?)
* David Newman <[EMAIL PROTECTED]> [2007-09-05 00:59]: > > Can any one comment on this ? Would it not be better to use some think > > like a Cisco layer 3 GB switch. > > Most el cheapo gig switches will do the job without packet loss. you are beeing tricked by marketing terminology. layer 3 switches are routers. vendors use the term to.. well I dunno :) most so-called layer3 swicthes are regular layer 2 switches with a little extra logic to be able to inspect IP headers and take the "switching" (it is routing of course) decision based on that. Rule of thumb: they all suck. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Max throughput ?
* Michael Gale <[EMAIL PROTECTED]> [2007-09-05 00:16]: > Hey, > > It was suggested that we create an OpenBSD server with 9GB > interfaces to start. 7 Will be used right off the bat. > > This would function as a core router brining 7 GB networks together on > the inside of a main firewall. I suggested that maybe we would have some > bandwidth issues with trying to push that much traffic through a single > server. you might have thruput issues, you might not. depends on the traffic characteristics and hardware you choose. > Can any one comment on this ? Would it not be better to use some think > like a Cisco layer 3 GB switch. sure it is better, assuming you call "I paid $100,000 for a $5 CPU that falls over at 5000pps*" better. *when the packets are just a tiny bit different from what cisco expects and can handle in the fast path, they go to the main cpu, which is incredibly slow on pretty much any cisco you can buy -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: bnx tcp offload
On Wed, Sep 05, 2007 at 09:45:04AM +0200, Renaud Allard wrote: > Hello, > > I just have two Dell servers having broadcom netXtreme NICs with tcp offload > engine activated (and locked on on) in the bios. > I tried to use these servers to do an smtp gateway with spamd. When I > activated > spamd, connecting to port 25 worked but nothing more. After scanning with > tcpdump, I saw that all packets passing through pf going to spamd and exiting > had bad tcp checksum. The machine at the other end receiving these bad tcp > checksum of course dropped them. For the moment, I solved the issue by using > Intel em NICs. > Packets passing not passing through pf had also about 50% packets with bad > checksum too. > > Is there a software way to force the bnx driver to _not_ use the TCP offload > engine without recompiling the driver? > OpenBSD does not support the TOE. TCP/IP checksum offload on the other hand had a problem on bnx and this was disabled in -current. So please try a snapshot. -- :wq Claudio
dot.klogin
Hello all, I just stumbled over /root/.klogin. I guess it is related to kerberos(4?), but OpenBSD doesn't seem to ever use this file (grep'd through src). is this just a leftover from krb4? will it ever be supported/needed in krb5? or is something from the ports-tree using it? Can someone tell me why .klogin is kept around? I'm just wondering... cheers and thanks, Jan
Re: How do I configure Cyclades Z serial ports with OpenBSD?
* Don Jackson <[EMAIL PROTECTED]> [2007-09-05 06:37]: > OK, thanks for the pointers! > > I rebuilt the kernel, uncommenting the cz driver. > Installed the new kernel on that machine, rebooted. > > Now I get: > > Sep 4 21:15:18 log01 /bsd: cz0 at pci1 dev 9 function 0 "Cyclades > Cyclom-Z" rev 0x01cz0: Cyclades-Ze, no channels attached, firmware 3.3.1 something is different with that hardware, different from what the driver expects/supports. afair teh driver hasn't been touched in along time, and apparently the model you have is simply not supported by the driver. you could ask cyclades for docs and/or hints and try to add support. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
bnx tcp offload
Hello, I just have two Dell servers having broadcom netXtreme NICs with tcp offload engine activated (and locked on on) in the bios. I tried to use these servers to do an smtp gateway with spamd. When I activated spamd, connecting to port 25 worked but nothing more. After scanning with tcpdump, I saw that all packets passing through pf going to spamd and exiting had bad tcp checksum. The machine at the other end receiving these bad tcp checksum of course dropped them. For the moment, I solved the issue by using Intel em NICs. Packets passing not passing through pf had also about 50% packets with bad checksum too. Is there a software way to force the bnx driver to _not_ use the TCP offload engine without recompiling the driver? Thanks -- 01010010011001010110111001110111010101100100 0101011011000110110001110111001001100100 [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
php-5.2.4 installation problem on OpenBSD 4.1
Hi dear all, I want to install php-5.2.4 on OpenBSD 4.1. Of course its from source. I've installed libiconv-1.9.2.tar.gz. When i try to ./configure command from php-5.2.4 then following error occurs. If someone already installed and tried php-5.2.4 on OpenBSD then please help me. What is the problem? What should i do? checking for iconv support... yes checking for iconv... no checking for libiconv... no configure: error: Please reinstall the iconv library. -- Best regards, Erdenebat Guntomor mailto:[EMAIL PROTECTED]
