Re: Thinkpad t61 OpenBSD support?

[Pau Amaro-Seoane]

is it a T61 or something else, like T61s? it can be a difference in
terms of supported hardware; you'll have to decide between -current or
4.2

At least it is the case of x61 and x61s:

http://kerneltrap.org/mailarchive/openbsd-misc/2007/9/11/211298


2007/11/7, Girish Venkatachalam [EMAIL PROTECTED]:
 On 23:10:35 Nov 06, Predrag Punosevac wrote:
  You should not pay more than $1000 including taxes and shipping for
  ThinkPAD T61. The prices vary a lot from web-site to web-site, from
  store to store and from one week to another.

 Hmmm...

  Actually have you heard of Black Friday?

 No.

  This is the first day of Christmas sales (right after the Thanks Giving
  Holiday) when you can get killer deals if you know what are you doing.
  This year Black Friday is  23 of  November (I think).

 Great. :)

 23 Nov is just round the corner. Perfect timing.

  The best web-site for computer parts in states is www.newegg.com but
  they also sell laptops and complete PCs.
  Geeks.com often have killer deals on older stuff.

 I shall ask him to order from newegg then. I have used that site before.

 Thanks for your reply.

 Much appreciated.

 Best,
 Girish

Re: wifiprobe script

[Pau Amaro-Seoane]

PS: No offense, please

I also have seen/read a lot of critics to obsd for not having a couple
of tools for doing such things. I hope this helps obsd a bit

ahem... the tools are ALREADY there, of course, and they're fantastic
(ifconfig, dhclient, and all iwi, iwn, ipw Damien wrote!)

what I of course mean is something like a wrapper... for all those
tools, since I personally sometimes have problems remembering the
different options and I'm in a hurry or just a stupid lazybones to do
man bla

wifiprobe script

[Pau Amaro-Seoane]

Hi,

I use very frequently the wireless to connect to different nets and I
have a script for personal use which probably (??) could be useful for
some of you. At least some of the misc people I know asked me to post
this here.

I also have seen/read a lot of critics to obsd for not having a couple
of tools for doing such things. I hope this helps obsd a bit (???).

In any case, I hope I don't overwhelm your inbox with unwished spam. I
am sure that a lot of you have already done something similar...

This script is thought to help you find the different available
connections (named beams for historical reasons) where you happen to
be when you execute it. It will display them in the following order:

1- Public connections (i.e. without wep key)
2- Secured connections (i.e. with wep)

They are also shown in order according to the strength of the signal
and then you're prompted to choose the number of the beam you wish to
connect to. Of course, if a wep password is required, you will be
asked for it. Afterwards it'll connect to it.

Please note that you will have to modify the script to

a- select your IFACE (in my case iwi0)
b- select your LANG (in my case catala, but english is also available)

ah, so... author? Let's say... an anonymous donor to the public domain ;)

A big thank you to everybody and in this occasion especially to Damien
for his great work.

Cheers,

Pau



#!/bin/sh
#
#
# wifiprobe ver 0.1
#
# Copyright (c) 2007 anonymous donor to the public domain
#
# BSD license and disclaimers apply.
#
# Do not change to zsh;  it will break. There are subtle differences.
#
# This script should be installed with execute permissions, and
# be invoked by name.
#
# Developed under and for OpenBSD 4.1  9/2007
#
#-
#
#  helper functions
#
#-

function parseit
{
   local therest

   shift 1
   beamname=$1
   shift 1
   therest=$*
   IFS= 
   set $therest
   shift 4
   sigstrength=$1
   shift 1
}


function readprobe
{
#
# this was not as easy to write as it looks
#
   local Foo

   while read Foo
   do
  IFS= 
  if  echo $Foo | grep -q \  ; then
 IFS=\
  fi
  parseit $Foo
  beam[nbeam]=${beamname}
  strength[nbeam]=${sigstrength%dB}
#  printf %4d\t%-32s\t%s\t%s\n $nbeam ${beam[$nbeam]}
$sigstrength ${strength[nbeam]}
  nbeam=$(($nbeam+1))
   done
}

function sortandprint
{
   typeset tempnm
   typeset tempst
   typeset -i i
   typeset -i j
   typeset -i inc
   typeset -i n
   typeset -i s

   s=$1
   n=$2
# s is offset in arrays where sort starts
# n is number of items to sort
# In other words, sort elements $s to $s + $n
#
# Implement a Shell sort.  In ksh.  Painful.  All the write-only jive-notation
# of perl, none of the functionality.
#

   if [ $n -eq 0 ]; then
  echo $MSG9
  return
   fi

   inc=$(($n/2))
   while [ $inc -gt 0 ]
   do
  i=$inc
  while [ $i -lt $n ]
  do
 j=$i
 tempst=${strength[$(($i+$s))]}
 tempnm=${beam[$(($i+$s))]}
#
# to change the sense of the sort, change the second test.
# use -lt for biggest first, -gt for smallest first.
#
 while [[ $j -ge $inc   ${strength[$(($j+$s-$inc))]} -lt $tempst ]]
 do
strength[$(($j+$s))]=${strength[$(($j+$s-$inc))]}
beam[$(($j+$s))]=${beam[$(($j+$s-$inc))]}
j=$(($j-$inc))
 done
 strength[$(($j+$s))]=$tempst
 beam[$(($j+$s))]=$tempnm
 i=$(($i+1))
  done

  if [ $inc -eq 2 ]; then
 inc=1
  else
 inc=$(($inc/2))
  fi
   done

   i=$s
   while [ $i -lt $(($n+$s)) ]
   do
  printf %4d   %-32s\t%3d dB\n $(($i+1)) ${beam[$i]} ${strength[$i]}
  i=$(($i+1))
   done
}


cleanup ()
{
   if [ -t 0 -a -t 1 ]; then
  stty sane
   fi
   rm -f ${TMPPROBE}
   exit
}

#-
#
# main part of the script
#
#-

LANG=catala
progname=`basename $0`

if [ X$LANG = Xenglish ]; then

   MSG1=$progname:  Wireless access selection for device:
   MSG2=Available public beams
   MSG3=Available secured beams
   MSG4=$progname: no wireless beams found
   MSG5=choice out of range
   MSG6=try again
   MSG7=public access beam selected
   MSG8=$progname: not interactive and no public beams
   MSG9=none probed
   MSG10=usage: $progname [interface_name]
   CHOOSEPROMPT=Select beam 
   PASSPROMPT=Password for

elif [ X$LANG = Xcatala ] ; then

   MSG1=$progname: Dispositu de xarxa sense fil:
   MSG2=Xarxes obertes disponibles
   MSG3=Xarxes tancades detectades
   MSG4=$progname: No hi ha cap xarxa disponible
   MSG5=La xarxa que has triat no es troba en la llista
   MSG6=mira de fer-ho una altra vegada...
   MSG7=Has triat una xarxa oberta
   

Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]

[Mark Thomas]

On Nov 6, 2007 5:34 AM, Mark Thomas [EMAIL PROTECTED] wrote:
 If I close the lid on this laptop ( Thinkpad T41 ) the machine goes
 into a deep sleep but will not recover with OpenBSD 4.2. With 4.1 this
 worked flawlessly. xorg is not running during these tests.

Well apparently it's just video related. The machine still responds to
typed commands I just cannot see what I'm typing. :)

-- 
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Re: boot old Indy with OpenBSD?

[Sebastian Reitenbach]

Hi,

just a quick update.
I got a ecoff boot image yesterday. Unfortunately it was stripped, and the
machine was unable to relocate. I hope to get another one.

sebastian

Sebastian Reitenbach [EMAIL PROTECTED] wrote: 
 Miod Vallat [EMAIL PROTECTED] wrote: 
   First, objcopy does not provide the target ecoff-littlemips. It took 
me 
 a 
   while to get objcopy reconfigured on sparc64 and on i386. On sparc64 
 objcopy 
   says it is unable to change endianness, therefore I tried on i386 too, 
 but 
   there objcopy says unable to determine file format.
   
   Do I can create a OpenBSD bsd.rd image in ecoff format where the Indy 
at 
   least will try to load and boot from that file? Or do I need to do 
that 
 on a 
   SGI machine?
  
  You need to either build a OpenBSD/sgi cross toolchain (at least cross
  binutils), or use an OpenBSD/sgi system, so that this target is
  available.
  
  And even with this, you'll need to tinker with binutils configuration,
  since ECOFF targets are not enabled on OpenBSD/sgi at the moment.
 Fortunately, as I don't have an idea how to create a cross compiler 
 toolchain, and neither have a OpenBSD/sgi machine, someone else contacted 
me 
 and offered to create a ecoff based ramdisk. Then I'll see what happens.
 
  
   I doubt that the Indy will boot, but I am just curious.
  
  Assuming the PROM doesn't disklike the kernel load address, the system
  will run until it sets up its own trap vectors, since there are no tlb
  refill handlers for R4k processors.
 well, in case, I get above mentioned ecoff image beginning to boot, do you 
 have any pointer to the hardware documentation, that will explain the tlb 
 refill handlers?
 
  
  Supporting the ``low-end'' 64 bit capable sgi models (i.e. Indigo R4k,
  Indy and Indigo2) in 64 bit mode (except for the few hopeless R4000
  flavours) is on my list, but low priority.
 Exactly my box is a Indigo with an R4k processor, so there is hope it will 
 run OpenBSD in the future.
 
 Sebastian

Re: OK... I broke something - can't load library 'libpcre.so.1.0'

[James]

1. post the actul error message, svp

2. did you rehash when you reinstalled the library?

3. Do you have a modified LD_CONFIG_PATH for your account?

On Nov 6, 2007 9:16 PM, Mikel Lindsaar [EMAIL PROTECTED] wrote:

 Hello list :)

 I was getting ImageMagick working with Rails on OpenBSD and was
 running into problems.

 In the process of installing it, somehow I nuked the libpcre library.

 I went into /usr/ports/devel/pcre/ and did a make clean, make, make
 install.

 However I am still getting the error.

 I tried doing an ldconfig -R (not sure if this was needed or not) but no
 change.

 I am getting the can't find the library libpcre errors when I try to
 start postfix or bash.

 libpcre.so.1.0 is in the /usr/local/lib/ directory.

 What do I have to do to get everything to see the library again?

 Thanks guys.

 Mikel

Re: dhclient.conf

[James]

I think what you're looking for is:

 *renew* *date*;

 *rebind* *date*;

 *expire* *date*;
 The *renew* statement defines the time at which the DHCP client
 should begin trying to contact its server to renew a lease that
 it is using.  The *rebind* statement defines the time at which the
 DHCP client should begin to try to contact *any* DHCP server in or-
 der to renew its lease.  The *expire* statement defines the time at
 which the DHCP client must stop using a lease if it has not been
 able to contact a server in order to renew it.

 These declarations are automatically set in leases acquired by the DHCP
 client, but must also be configured in predefined leases - a predefined
 lease whose expiry time has passed will not be used by the DHCP client.

 Dates are specified as follows:

  _*weekday*_ _*year*_/_*month*_/_*day*_ _*hour*_:_*minute*_:_*second*_

 The weekday is present to make it easy for a human to tell when a lease
 expires - it's specified as a number from zero to six, with zero being
 Sunday.  When declaring a predefined lease, it can always be specified as
 zero.  The year is specified with the century, so it should generally be
 four digits except for really long leases.  The month is specified as a
 number starting with 1 for January.  The day of the month is likewise
 specified starting with 1.  The hour is a number between 0 and 23, the
 minute a number between 0 and 59, and the second also a number between 0
 and 59.



If you've got access to the dhcp server, you cn also change the dhcpd.conf:

 Also, given the domain they're in, these are probably test machines.  If
 we wanted to test the DHCP leasing mechanism, we might set the lease
 timeout somewhat shorter than the default:

   max-lease-time 120;
   default-lease-time 120;



On Nov 6, 2007 7:14 PM, David Walker [EMAIL PROTECTED] wrote:

 Hiya.

 I have 2 interfaces (fxp0 and wi0) which get their ip's from dhcp. wi0,
 being wireless, is prone to lose it's connection.
 I want to change the timeout, etcetera for wi0 in dhclient.conf.
 I can't see the information in dhclient.conf(5).

 Can someone point me in the right direction?

 Best wishes,
 David

OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT = couldn't map interrupt

[Koenig, Thomas]

Hello,

- first: please excuse my poor english  :)

- second: I cant get my Intel Quad Server Adapter running on OpenBSD
4.2.

My Hardware: 
-Intel Entry Server Board S3000AHLX 
-Intel Quad-Nic (Intel PRO/1000 PT Quad Server Adapter PCIex
EXPI9404PT).

The two Onboard Nic working fine as em4 and em5.

dmesg shows me something like that:
em0 at pci3 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev
0x06pci_intr_map: bad interrupt line 128
: couldn't map interrupt
em0: Allocation of PCI resources failed

I think the Card itself is supported, because I have the low profile
version EXPI9404PTL running in my Intel Board DG33TL. Some tests with
FreeBSD 6.2 and Debian are successful, the Quad Nic is running there.
I cant make any settings for Interrupts or somthing like that in the
BIOS, because there are no options for this.

Now my question - what can I do? There are any unstable Versions, with
better support for the Board Chipset, or can I set some Kernel
Parameters in the OS?


here the full dmesg output: 
(I boot the System from a LiveCD)

OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
RTC BIOS diagnostic error 3
cpu0: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz (GenuineIntel
686-class) 2.21 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2
,CX16,xTPR
real mem  = 1069789184 (1020MB)
avail mem = 1026801664 (979MB)
RTC BIOS diagnostic error 3
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/11/06, SMBIOS rev. 2.4 @
0x3fc0e000 (43 entries)
bios0: vendor Intel Corporation version
S3000.86B.02.00.0035.111020061326 date 11/10/2006
bios0: Intel S3000AHLX
pcibios at bios0 function 0x1a not configured
bios0: ROM list: 0xc/0x9000
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0x00
ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci3 at ppb2 bus 3
em0 at pci3 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev
0x06pci_intr_map: bad interrupt line 128
: couldn't map interrupt
em0: Allocation of PCI resources failed
em1 at pci3 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev
0x06pci_intr_map: bad interrupt line 128
: couldn't map interrupt
em1: Allocation of PCI resources failed
ppb3 at pci2 dev 1 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci4 at ppb3 bus 4
em2 at pci4 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev
0x06pci_intr_map: bad interrupt line 128
: couldn't map interrupt
em2: Allocation of PCI resources failed
em3 at pci4 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev
0x06pci_intr_map: bad interrupt line 128
: couldn't map interrupt
em3: Allocation of PCI resources failed
ppb4 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01
pci5 at ppb4 bus 5
ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci6 at ppb5 bus 6
ppb6 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01
pci7 at ppb6 bus 7
ppb7 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01
pci8 at ppb7 bus 8
em4 at pci8 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: irq
9, address 00:15:17:29:7a:69
Intel 82573E AMT rev 0x03 at pci8 dev 0 function 3 not configured
Intel 82573E KCS (Active Management) rev 0x03 at pci8 dev 0 function 4
not configured
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: irq 10
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: irq 11
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: irq 11
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1
pci9 at ppb8 bus 9
vga1 at pci9 dev 4 function 0 ATI ES1000 rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em5 at pci9 dev 5 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq
9, address 00:15:17:29:7a:6a
ichpcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01: PM
disabled
pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: Optiarc, DVD RW AD-7540A, 1.01 SCSI0
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using irq 10 for native-PCI interrupt
wd0 

Re: apm -S freezes the laptop

[Soner Tari]

My situation is a bit different. Because it seems like apm -S just
blanks the screen, and pressing the power button shuts down the system
immediately (of course, I get fsck on bootup, etc).

If I enter apm -z, the system looks like really suspending, i.e. screen
blanks, the system spends some time and finally shuts itself down, and
power led starts to blink as it should (this sequence of events is
exactly the same on Windows or Linux on the same laptop).

But after that I cannot wake it up. Pressing the power button does not
do anything, nor do the other buttons. In fact, I have to unplug the
system to wake it up (my battery died years ago). And when it wakes up
it behaves like I did apm -S instead with blank screen, no boot-up bios
strings at all (thus, go to first paragraph to see what happens).

Since it seems like apm -z works during suspending (?), I am hopeful.
It's like while suspending the bios should be instructed as to which
button-press (or event) to wake up with. I don't know how apmd/apm
works/suspends, but can I fix this issue somehow? Any hope? I am willing
to test/implement.

Btw, halt -p works without powerdown hack in sysctl.conf, and apmd
otherwise seems to be running fine in cool running mode, it adjusts the
CPU speed according to load, etc. So I am really hopeful.

Here is my dmesg:

OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Mobile Intel(R) Pentium(R) 4 - M CPU 1.80GHz (GenuineIntel
686-class) 1.80 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem  = 535846912 (511MB)
avail mem = 510488576 (486MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/15/02, BIOS32 rev. 0 @ 0xfd880,
SMBIOS rev. 2.31 @ 0xd8010 (37 entries)
bios0: vendor vpr Matrix, Inc. version 03AB date 10/15/02XX
bios0: vpr Matrix, Inc. 120-180B5
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf40/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev
0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x1 0xd/0x4000 0xd8000/0x4000!
0xdc000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82845 Host rev 0x04
ppb0 at pci0 dev 1 function 0 Intel 82845 AGP rev 0x04
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Radeon Mobility M7 LW rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 Intel 82801CA/CAM USB rev 0x02: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801CA/CAM USB rev 0x02: irq 11
uhci2 at pci0 dev 29 function 2 Intel 82801CA/CAM USB rev 0x02: irq 10
ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x42
pci2 at ppb1 bus 2
cbb0 at pci2 dev 3 function 0 Ricoh 5C475 CardBus rev 0xb8: irq 11
Ricoh 5C551 Firewire rev 0x00 at pci2 dev 3 function 1 not configured
cbb1 at pci2 dev 7 function 0 TI PCI1410 CardBus rev 0x01: irq 11
fxp0 at pci2 dev 8 function 0 Intel PRO/100 VE rev 0x42, i82562: irq
10, address 00:00:f0:76:85:9e
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 4 device 0 cacheline 0x0, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 Intel 82801CAM LPC rev 0x02: 24-bit
timer at 3579545Hz: SpeedStep
pciide0 at pci0 dev 31 function 1 Intel 82801CAM IDE rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: SAMSUNG MP0804H
wd0: 16-sector PIO, LBA48, 76351MB, 156368016 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SAMSUNG, CDRW/DVD SN-308B, U021 SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
ichiic0 at pci0 dev 31 function 3 Intel 82801CA/CAM SMBus rev 0x02:
irq 10
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 Intel 82801CA/CAM AC97 rev 0x02: irq
10, ICH3 AC97
ac97: codec id 0x43525934 (Cirrus Logic CS4299 rev 4)
ac97: codec features headphone, 20 bit DAC, 18 bit ADC, Crystal Semi 3D
audio0 at auich0
Intel 82801CA/CAM Modem rev 0x02 at pci0 dev 31 function 6 not
configured
usb0 at uhci0: USB revision 1.0
uhub0 at usb0: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb2 at uhci2: USB revision 1.0
uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: 

Re: dhclient.conf

[David Walker]

Hi James.
Thanks for the reply.

I was thinking of timeout, retry, reboot (to minimize startup hangs),
initial-interval and link-timeout (the PROTOCOL TIMING section).

As I understand dhclient.conf(5), the man page deals with system wide
settings for these items but does not explain the per interface use (e.g.
in the 'EXAMPLES' section).
I expect to see something like:
interface wi0 {
timeout 10
retry 10
}

BTW, this is for wireless (dropping out).
In other words, lease extents (which I would define on the dhcp server)
probably won't help here.

Best wishes,
David

 I think what you're looking for is:

  *renew* *date*;

  *rebind* *date*;

  *expire* *date*;
  The *renew* statement defines the time at which the DHCP
 client
  should begin trying to contact its server to renew a lease
 that
  it is using.  The *rebind* statement defines the time at
 which the
  DHCP client should begin to try to contact *any* DHCP server
 in or-
  der to renew its lease.  The *expire* statement defines the
 time at
  which the DHCP client must stop using a lease if it has not
 been
  able to contact a server in order to renew it.

  These declarations are automatically set in leases acquired by the
 DHCP
  client, but must also be configured in predefined leases - a
 predefined
  lease whose expiry time has passed will not be used by the DHCP
 client.

  Dates are specified as follows:

   _*weekday*_ _*year*_/_*month*_/_*day*_
 _*hour*_:_*minute*_:_*second*_

  The weekday is present to make it easy for a human to tell when a
 lease
  expires - it's specified as a number from zero to six, with zero
 being
  Sunday.  When declaring a predefined lease, it can always be
 specified as
  zero.  The year is specified with the century, so it should generally
 be
  four digits except for really long leases.  The month is specified as
 a
  number starting with 1 for January.  The day of the month is likewise
  specified starting with 1.  The hour is a number between 0 and 23,
 the
  minute a number between 0 and 59, and the second also a number
 between 0
  and 59.



 If you've got access to the dhcp server, you cn also change the
 dhcpd.conf:

  Also, given the domain they're in, these are probably test machines.
 If
  we wanted to test the DHCP leasing mechanism, we might set the lease
  timeout somewhat shorter than the default:

max-lease-time 120;
default-lease-time 120;



 On Nov 6, 2007 7:14 PM, David Walker [EMAIL PROTECTED] wrote:

 Hiya.

 I have 2 interfaces (fxp0 and wi0) which get their ip's from dhcp. wi0,
 being wireless, is prone to lose it's connection.
 I want to change the timeout, etcetera for wi0 in dhclient.conf.
 I can't see the information in dhclient.conf(5).

 Can someone point me in the right direction?

 Best wishes,
 David

Re: altroot is not mentioned in FAQ [diff]

[Nick Holland]

Jan Stary wrote:
...
 See at bottom; looks much simpler now, hmm :-)
 I leave the RAID analogy to someone else.
 
   Anyway, first diff, screwed up,

I'd prefer the term, learning experience.

   thanks for all the comments.
 
   Jan
 
 
 Index: faq4.html
 ===
 RCS file: /cvs/www/faq/faq4.html,v
 retrieving revision 1.254
 diff -u -p -r1.254 faq4.html
 --- faq4.html 3 Nov 2007 13:51:09 -   1.254
 +++ faq4.html 7 Nov 2007 07:31:13 -
 @@ -1915,6 +1915,13 @@ Some additional thoughts on partitioning
 can use a href=faq10.html#Quotasquotas/a to restrict the space
 they use, and if they fill the partition, no other parts of your
 system will be impacted.
 + liIf you have a second disk, you might want to create an tt/altroot/tt
 +   partition on it, as described in 
 +   a 
 href=http://www.openbsd.org/cgi-bin/man.cgi?query=dailyamp;sektion=8;daily(8)/a.
 +   This can be used for daily backups of your tt//tt partition,
 +   giving you a possibility to recover should your 'a' partition go away.
 +   Obviously, the tt/altroot/tt partition needs to be at least as big
 +   as tt//tt.
  /ul

and what I just committed:
Index: faq4.html
===
RCS file: /cvs/www/faq/faq4.html,v
retrieving revision 1.254
diff -u -r1.254 faq4.html
--- faq4.html   3 Nov 2007 13:51:09 -   1.254
+++ faq4.html   7 Nov 2007 12:01:01 -
@@ -1915,6 +1915,20 @@
can use a href=faq10.html#Quotasquotas/a to restrict the space
they use, and if they fill the partition, no other parts of your
system will be impacted.
+ liIf you have a second disk, you might want to create an tt/altroot/tt
+   partition on it, as described in
+   a 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=dailyamp;sektion=8;daily(8)/a.
+   This can be used for daily backups of your tt//tt partition,
+   giving you a possibility to recover should your 'a' partition go away.
+   Obviously, the tt/altroot/tt partition needs to be at least as big
+   as tt//tt.
+   If you have something else duplicating the rest of your disk, either
+   software
+   a 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=raidamp;sektion=4;raid(4)/a
+   or a periodic copy using
+   a 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=dumpamp;sektion=8;dump(8)/a
+   /a 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=restoreamp;sektion=8;restore(8)/a,
+   this disk can be bootable after the removal of the primary disk.
 /ul

Re: PF/ALTQ problem : using max states limits breaks queueing

[NetOne - Doichin Dokov]

Henning Brauer P=P0P?P8Q
P0:

* NetOne - Doichin Dokov [EMAIL PROTECTED] [2007-11-07 01:57]:
  

Hello,

I have an OpenBSD 4.2 box set up to shape clients traffic. Each client gets 
limited by these 4 rules:


pass in on $int_if from $client_ip to any queue client_in
pass out on $int_if from any to $client_ip queue client_out
pass in on $ext_if from any to $client_ip queue client_out
pass out on $ext_if from $client_ip to any queue client_in

Everything works fine. I now want to limit max states created by each 
client in each direction to 300, so i modified the rules to be:


pass in on $int_if from $client_ip to any (max 300) queue client_in



when a packet matches this rule, but there are already 300 states from 
this rule, the result is a non-match. you need to decide what to do 
with excess states and put rules in. it could be sth like


block from $a to $b
pass  from $a to $b keep state (max 300)

to block 'em.

  

Yup, I gueesed I was wrong with something :) Thank you very much for the
clarification. I'll test and report back later. I guess if it is this
way, though, the documentation needs to be fixed.
That's what the FAQ says here:
http://www.openbsd.org/faq/pf/filter.html#stateopts

max /number/
   Limit the maximum number of state entries the rule can create to
   /number/. If the maximum is reached, packets that would normally
   create state are *dropped* until the number of existing states
   decreases.

Regards,
Doichin

P.S. Henning Brauer: I first submitted this message directly to you 
instead of misc@, please excuse me for getting this twice.

PF/ALTQ/Bridge Question

[Michael Siers]

Hi,
I have a group of static ips and on one of my static ips I am running
an OpenBSD 4.2 firewall with pf using nat and altq.  Behind the OpenBSD
firewall I have an asterisk server.

So in order for me to implement QoS, I have set up a non-transparent
bridge between my ISP router and the OpenBSD firewall.  Everything is
working fine except I can not get my outgoing VOIP traffic to be placed
onto the correct queue.

Using pftop, I can see that packets are being passed out using the
rules that specify the queue ovoip.  But if I look at the queue view
inside pftop, no data was sent out using the queue.  The queue ivoip
is being used for incoming traffic.  Below are my pf rules.


WANIF=external bridge interface
PUBIF=internal bridge interface (also has assigned static ip)
PRIVIF=internal private network
VOIP=private ip address for my asterisk server

altq on $WANIF hfsc bandwidth 7168Kb queue {iroot}
queue iroot bandwidth 95% priority 0 hfsc {ivoip, idata}
queue ivoip bandwidth 2% priority 5 hfsc(realtime 112Kb)
queue idata bandwidth 98% priority 2 hfsc(default)

altq on $PUBIF hfsc bandwidth 896Kb queue {oroot}
queue oroot bandwidth 95% priority 0 hfsc {ovoip, odata}
queue ovoip bandwidth 15% priority 6 hfsc(realtime 112Kb)
queue odata bandwidth 85% priority 3 hfsc(default)

nat on $PUBIF from $PRIVIF:network to any - $PUBIF:0

block in all
pass out all
pass in on $WANIF from any to $PUBIF:network
pass in on $PUBIF from $PUBIF:network to any
pass in on $PRIVIF

pass in quick on $PUBIF proto tcp from any to any port {5060} queue ivoip
pass in quick on $PUBIF proto udp from any to any port {5060:5063,
1:2} queue ivoip
pass in quick proto tcp from $VOIP to any port {5060} queue ovoip
pass in quick proto udp from $VOIP to any port {5060:5063,
1:2} queue ovoip


Does anyone have any ideas on how I can get this to work?  Any
information or examples of pf/altq rules with a bridge would be
greatly appreciated.

Thanks,
Mike Siers

Re: PF/ALTQ problem : using max states limits breaks queueing

[Henning Brauer]

* NetOne - Doichin Dokov [EMAIL PROTECTED] [2007-11-07 01:57]:
 Hello,

 I have an OpenBSD 4.2 box set up to shape clients traffic. Each client gets 
 limited by these 4 rules:

 pass in on $int_if from $client_ip to any queue client_in
 pass out on $int_if from any to $client_ip queue client_out
 pass in on $ext_if from any to $client_ip queue client_out
 pass out on $ext_if from $client_ip to any queue client_in

 Everything works fine. I now want to limit max states created by each 
 client in each direction to 300, so i modified the rules to be:

 pass in on $int_if from $client_ip to any (max 300) queue client_in

when a packet matches this rule, but there are already 300 states from 
this rule, the result is a non-match. you need to decide what to do 
with excess states and put rules in. it could be sth like

block from $a to $b
pass  from $a to $b keep state (max 300)

to block 'em.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

openbsd 4.1 live cd

[Raja Subramanian]

I've put together an OpenBSD 4.1 based live CD a few weeks ago.
I use it primarily for network testing, and it works great for me. I
hope others find some use for it too.

http://rajasuperman.blogspot.com/2007/09/openbsd-41-live-cd.html

Comments welcome.

- Raja

pgk_add segmentation fault

[Aharon Schkolnik]

Hi !

pkg_add is crashing with a segmentation fault:

pkg_add   -v mysql-client-5.1.22.tbz
Requested space: 3809856 bytes, free space: 128323438592 bytes 
in /var/tmp/instmp.ND8UBU
extract: Package name is mysql-client-5.1.22
extract: CWD to /usr/local
extract: /usr/local/man/man1/mysql_config.1.gz
extract: /usr/local/man/man1/mysql.1.gz
extract: /usr/local/man/man1/mysqladmin.1.gz
extract: /usr/local/man/man1/mysqlbinlog.1.gz
extract: /usr/local/man/man1/mysqlcheck.1.gz
extract: /usr/local/man/man1/mysqldump.1.gz
extract: /usr/local/man/man1/mysqlimport.1.gz
extract: /usr/local/man/man1/mysqlshow.1.gz
extract: /usr/local/man/man8/mysqlmanager.8.gz
.
.
.

extract: /usr/local/lib/mysql/libmysqlclient_r.la
extract: /usr/local/lib/mysql/libmysqlclient_r.so
extract: /usr/local/lib/mysql/libmysqlclient_r.so.16
extract: /usr/local/share/aclocal/mysql.m4
extract: /usr/local/share/mysql/mysql_fix_privilege_tables.sql
extract: execute '/sbin/ldconfig -m /usr/local/lib/mysql'
extract: CWD to (null)
Segmentation fault (core dumped)

# uname -a
FreeBSD CMXHost 5.30.0170 FreeBSD 5.30.0170 #0: Thu Apr 13 14:05:14 UTC 2006   
i386 7.05.0014


Any ideas ?

TIA


-- 
  The day is short, and the work is great,|  Aharon Schkolnik
  and the laborers are lazy, and the reward   |  
  is great, and the Master of the house is|  [EMAIL PROTECTED]
  impatient. - Ethics Of The Fathers Ch. 2|  054 8422076

Re: how to create cdrom42.fs?

[Soner Tari]

On Tue, 2007-11-06 at 19:42 -0500, Steve Shockley wrote:
 Take a look at
 http://www.openbsd.org/cgi-bin/cvsweb/src/distrib/amd64/ramdisk_cd/Makefile?rev=1.3content-type=text/x-cvsweb-markup
 
 It looks like if you comment out the NOFS line it'll generate the 
 cdromXX.fs file.  I did not test this.

You are exactly right Steve, thanks. I've just generated cdrom42.fs for
amd64, following your suggestion.

 Why not just use cdbr and cdboot?  Unless you actually have a 2.88mb 
 floppy drive.

I need to create a custom CD image with cdromXY.fs. The only candidate
replacement was floppy42.fs, and it seems to work. But unlike
floppyXY.fs, cdromXY.fs is supposed to contain almost all of the updated
drivers:

cdrom42.fs  The amd64 boot and installation 2.88MB
floppy image that contains almost all OpenBSD
drivers; ...

In any case, there is no problem now. Thanks again.

Put your subject here

[Tkany]

 Im Tierfutter sind 41 wichtige Ndhrstoffe...
In der Babynahrung sind nur 11 der wichtigen Ndhrstoffe...
Unsere Nahrung im Supermarkt enthdlt noch weniger lebenswichtige
Mineralien und Vitamine...

Erfahren Sie kostenlos die schockierende Wahrheit in
Das Geheimniss der 91 essentiellen Ndhrstoffe

Re: pgk_add segmentation fault

[Paul de Weerd]

On Wed, Nov 07, 2007 at 03:35:23PM +0200, Aharon Schkolnik wrote:
| Hi !
| 
| pkg_add is crashing with a segmentation fault:
| 
| pkg_add   -v mysql-client-5.1.22.tbz
| Requested space: 3809856 bytes, free space: 128323438592 bytes 
| in /var/tmp/instmp.ND8UBU
| extract: Package name is mysql-client-5.1.22
| extract: CWD to /usr/local
| extract: /usr/local/man/man1/mysql_config.1.gz
| extract: /usr/local/man/man1/mysql.1.gz
| extract: /usr/local/man/man1/mysqladmin.1.gz
| extract: /usr/local/man/man1/mysqlbinlog.1.gz
| extract: /usr/local/man/man1/mysqlcheck.1.gz
| extract: /usr/local/man/man1/mysqldump.1.gz
| extract: /usr/local/man/man1/mysqlimport.1.gz
| extract: /usr/local/man/man1/mysqlshow.1.gz
| extract: /usr/local/man/man8/mysqlmanager.8.gz
|   .
|   .
|   .
| 
| extract: /usr/local/lib/mysql/libmysqlclient_r.la
| extract: /usr/local/lib/mysql/libmysqlclient_r.so
| extract: /usr/local/lib/mysql/libmysqlclient_r.so.16
| extract: /usr/local/share/aclocal/mysql.m4
| extract: /usr/local/share/mysql/mysql_fix_privilege_tables.sql
| extract: execute '/sbin/ldconfig -m /usr/local/lib/mysql'
| extract: CWD to (null)
| Segmentation fault (core dumped)
| 
| # uname -a
| FreeBSD CMXHost 5.30.0170 FreeBSD 5.30.0170 #0: Thu Apr 13 14:05:14 UTC 2006  
 
| i386 7.05.0014
| 
| 
| Any ideas ?

Uhm, how about this idea : ask this question on a FreeBSD list ?

Paul 'WEIRD' de Weerd

-- 
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/ 

Re: reply-to rule not working

[Steven Surdock]

Nick Golder wrote:
 I am trying to serve out OpenVPN (port 1194 UDP) through
 multiple external

I solved this problem by running OpenVPN on the loopback only and using
rdr and 
pass in on $if reply-to...) on the incoming traffic.

-Steve S.

Re: altroot is not mentioned in FAQ [diff]

[Henning Brauer]

* Nick [EMAIL PROTECTED] [2007-11-07 04:22]:
 (add to that that Thunderbird is a brain-dead piece of shit when it
 comes to handling diffs in general and classic diffs even more so.
 Apparently, either Thunderbird devs aren't programmers or they never
 show their diffs to each other.)

or they don't use thunderbird :)

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: how to create cdrom42.fs?

[Calomel]

You can use geteltorito.pl by Rainer Krienke. It will extract what it needs
from the cdemu42.iso image and make a new cdrom42.fs image. Just takes a
second.

Check out Step 3, option 2 at Making a bootable OpenBSD install CD
http://calomel.org/bootable_openbsd_cd.html

--
 Calomel @ http://calomel.org
 Open Source Research and Reference


On Tue, Nov 06, 2007 at 05:03:05PM +0800, 23?? wrote:
Hi,
  anything script?

-- 
Best Regards,
No.23

http://blog.chinaunix.net/u1/42287

Re: Mysterious transfer speed differences

[Tony Sarendal]

On 11/7/07, Martin Toft [EMAIL PROTECTED] wrote:

 Hi,

 I'm experiencing some mysterious transfer speed differences. I have a
 virtual Linux-server at HostEurope, Germany, and it appears that
 machines running OpenBSD can only download from the Linux-server with
 approx 300 kB/s, whereas machines running Linux can download with approx
 1.5 MB/s from the server.

 I have conducted a small test to clarify what I'm talking about. The
 involved machines:

   - sauerkraut.obsd.dk (87.230.22.203) (Debian GNU/Linux, 2.6.9 kernel).
   - gw.obelnet.dk (130.225.243.84) (OpenBSD 4.2-stable).
   - matrix.math.aau.dk (130.225.48.12) (Ubuntu Linux, 2.6.20 kernel).

 sauerkraut.obsd.dk is the server at HostEurope, and it offers a 50 MB
 download
 at http://obsd.dk/50MB, which I'll download from the other two machines.

 gw.obelnet.dk:

 [EMAIL PROTECTED]:~$ wget -O /dev/null http://obsd.dk/50MB
 --21:03:22--  http://obsd.dk/50MB
= `/dev/null'
 Resolving obsd.dk... 87.230.22.203
 Connecting to obsd.dk|87.230.22.203|:80... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 52,428,800 (50M) [text/plain]

 100%[] 52,428,800   334.12K/sETA
 00:00

 21:05:57 (331.55 KB/s) - `/dev/null' saved [52428800/52428800]

 matrix.math.aau.dk:

 [EMAIL PROTECTED]:~$ wget -O /dev/null http://obsd.dk/50MB
 --21:06:45--  http://obsd.dk/50MB
= `/dev/null'
 Resolving obsd.dk... 87.230.22.203
 Connecting to obsd.dk|87.230.22.203|:80... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 52.428.800 (50M) [text/plain]

 100%[] 52.428.800 1.59M/sETA
 00:00

 21:07:17 (1.56 MB/s) - `/dev/null' saved [52428800/52428800]

 I have attached three traceroutes -- from gw.obelnet.dk to
 sauerkraut.obsd.dk,
 from matrix.math.aau.dk to sauerkraut.obsd.dk, and from gw.obelnet.dk to
 matrix.math.aau.dk. The last one illustrates how close gw.obelnet.dk and
 matrix.math.aau.dk are located, network wise. Both are connected through
 Aalborg University, which is connected through the Danish Network for
 Research
 and Education, which again is connected through NORDUnet (a collaboration
 between nordic research networks).

 What baffles me most is that when I make a ssh tunnel from gw.obelnet.dk
 through matrix.math.aau.dk to sauerkraut.obsd.dk, I can download the 50
 MB file with approx 1.5 MB/s:

 [EMAIL PROTECTED]:~$ grep obsd.dk /etc/hosts
 127.0.0.1 localhost.obelnet.dk localhost obsd.dk
 [EMAIL PROTECTED]:~$ ssh -N -L 4000:obsd.dk:80 matrix.math.aau.dk 
 [EMAIL PROTECTED]:~$ wget -O /dev/null http://obsd.dk:4000/50MB
 --21:26:23--  http://obsd.dk:4000/50MB
= `/dev/null'
 Resolving obsd.dk... 127.0.0.1
 Connecting to obsd.dk|127.0.0.1|:4000... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 52,428,800 (50M) [text/plain]

 100%[] 52,428,800 1.47M/sETA
 00:00

 21:26:55 (1.54 MB/s) - `/dev/null' saved [52428800/52428800]

 Beside the test above, I have also downloaded the 50 MB file from a
 Linux box (Debian GNU/Linux, 2.6.x kernel) and an OpenBSD box
 (4.2-current), both directly behind gw.obelnet.dk. gw.obelnet.dk is
 a NAT gateway for the two boxes, as you might have guessed. The numbers
 from above are confirmed -- the Linux box downloads with 1-1.5 MB/s, and
 the OpenBSD box downloads with 270-300 kB/s.

 Can anybody explain these differences? Why are the downloads so slow on
 OpenBSD?

 Any help is appreciated. If you think I've left something important out,
 don't hesitate to ask.

 Best regards,
 Martin


 Attachments:

 Traceroute from gw.obelnet.dk to sauerkraut.obsd.dk:

 [EMAIL PROTECTED]:~$ traceroute -P 1 sauerkraut.obsd.dk
 traceroute to sauerkraut.obsd.dk (87.230.22.203), 64 hops max, 60 byte
 packets
  1  gi1-0-1.aalborg1.aau.dk (130.225.243.65)  0.769 ms  0.814 ms
 0.802 ms
  2  icdata.ly4.core.fsknet.dk (130.225.242.34)  6.758 ms  6.392 ms
 6.606 ms
  3  teng-ly4.ly3.core.fsknet.dk (130.225.244.145)  6.275 ms  6.634ms
 6.683 ms
  4  10g-ly3.or1.core.fsknet.dk (130.225.244.218)  6.615 ms  7.184 ms
 6.924 ms
  5  dk-ore.nordu.net (193.10.68.121)  6.791 ms  6.726 ms  6.608 ms
  6  se-fre.nordu.net (193.10.68.117)  16.359 ms  16.418 ms  16.604 ms
  7  s-b3-link.telia.net (213.248.97.17)  20.683 ms  20.695 ms  17.285ms
  8  s-bb1-link.telia.net (80.91.254.58)  20.385 ms  20.360 ms  16.842ms
  9  ffm-bb1-link.telia.net (80.91.251.145)  43.569 ms  44.25 ms
 47.294 ms
 10  ffm-b1-link.telia.net (80.91.254.97)  47.347 ms  47.275 ms  47.236ms
 11  pipex-115772-ffm-b1.c.telia.net (213.248.102.158)  51.53 ms
 54.802 ms  50.290 ms
 12  xe-6-1-0.juwel.cgn3.hosteurope.de (80.237.129.114)  49.954 ms
 49.954 ms  50.155 ms
 13  xe-16-1.mlx31m.cgn3.hosteurope.de 

when was a pkg installed !!!

[badeguruji]

Hello,

i ran pkg_info with all common options but none tell me when was the pkg 
installed!!!

can someone help? thx in advance.

BG
 

~~Kalyan-mastu~~

Re: Mysterious transfer speed differences

[Martin Toft]

On Wed, Nov 07, 2007 at 09:18:21PM +, Tony Sarendal wrote:
[snip]
 What is the tcp windowsize of your machine ?
 OpenBSD in default install runs with window size of 16k, which in the
 aprox 40ms
 RTT seen in the trace about gives a theoretical max of ~400kByte/sec.
 
 If you increase that to the 64k your linux boxes probably run that
 would give ~ 1600kByte/sec.

I used the default window size of 16k, but in the future I'll certainly
choose something greater:

[EMAIL PROTECTED]:~$ sudo sysctl net.inet.tcp.recvspace=65536
net.inet.tcp.recvspace: 16384 - 65536
[EMAIL PROTECTED]:~$ sudo sysctl net.inet.tcp.sendspace=65536
net.inet.tcp.sendspace: 16384 - 65536
[EMAIL PROTECTED]:~$ wget -O /dev/null http://obsd.dk/50MB
--22:51:46--  http://obsd.dk/50MB
   = `/dev/null'
Resolving obsd.dk... 87.230.22.203
Connecting to obsd.dk|87.230.22.203|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 52,428,800 (50M) [text/plain]

100%[] 52,428,800 1.28M/sETA 
00:00

22:52:25 (1.27 MB/s) - `/dev/null' saved [52428800/52428800]

[EMAIL PROTECTED]:~$ sudo sysctl net.inet.tcp.recvspace=131072
net.inet.tcp.recvspace: 65536 - 131072
[EMAIL PROTECTED]:~$ sudo sysctl net.inet.tcp.sendspace=131072
net.inet.tcp.sendspace: 65536 - 131072
[EMAIL PROTECTED]:~$ wget -O /dev/null http://obsd.dk/50MB
--22:52:46--  http://obsd.dk/50MB
   = `/dev/null'
Resolving obsd.dk... 87.230.22.203
Connecting to obsd.dk|87.230.22.203|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 52,428,800 (50M) [text/plain]

100%[] 52,428,800 1.52M/sETA 
00:00

22:53:19 (1.50 MB/s) - `/dev/null' saved [52428800/52428800]

That solved the mystery :-)  Thank you very much.

Martin

Re: when was a pkg installed !!!

[Josh Grosse]

On Wed, Nov 07, 2007 at 12:40:21PM -0800, badeguruji wrote:
 Hello,
 
 i ran pkg_info with all common options but none tell me when was the pkg 
 installed!!!

$ ls -l /var/db/pkg/your package here

Re: Mysterious transfer speed differences

[Stuart Henderson]

On 2007/11/07 23:00, Martin Toft wrote:
 
 I used the default window size of 16k, but in the future I'll certainly
 choose something greater:

people accessing systems with 'pass from any os OpenBSD to port ssh'
might like to note that this changes your OS fingerprint.

Re: Mysterious transfer speed differences

[Alvaro Mantilla Gimenez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Stuart Henderson wrote:
 On 2007/11/07 23:00, Martin Toft wrote:
 I used the default window size of 16k, but in the future I'll certainly
 choose something greater:
 
 people accessing systems with 'pass from any os OpenBSD to port ssh'
 might like to note that this changes your OS fingerprint.

Probably is a silly question but...why the default window size is 16k?

Regards,


   Alvaro
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHMjwYaLlBJyo5Ih8RAua5AJ4g6oFXNgxXocqkf7Yq+1eUsEOdFgCfXbOK
Agh4Q6JL+hCohF5AenLCpfk=
=QmMl
-END PGP SIGNATURE-

why am i only able to run Gnome in safe mode? (getting error)

[badeguruji]

Hello,

Please help OR guide to me to any resource which describes installing gnome in 
clean clear steps on a new openBSD installation. (I am ready to uninstall and 
reinstall gnome if needed)

i tried to install gnome in below order:
gnome-desktop-2.18.2p0:
gnome-session-2.18.2p0
gdm-2.18.2


I am only able to run gnome is safe mode.

This post has the exact issue i am facing (only error in the log file is little 
different, which is shown below)
http://www.webservertalk.com/message1134770.html
--as per the solution in the above post user changed permissions on his home 
dir. i am logging in as root. should i change my root permissions? currently 
they are:

drwx--  14 root  wheel 1024 Nov  7 07:01 root



The errors in the log file:

(==) Log file: /var/log/Xorg.0.log, Time: Wed Nov  7 05:46:56 2007
(EE) Unable to locate/open config file
New driver is i810
(==) Using default built-in configuration (55 lines)
(EE) Failed to load module dri (module does not exist, 0)
(EE) Failed to load module fbdev (module does not exist, 0)
FreeFontPath: FPE /usr/X11R6/lib/X11/fonts/misc/ refcount is 2, should be 1; 
fixing.
FreeFontPath: FPE /usr/X11R6/lib/X11/fonts/misc/ refcount is 2, should be 1; 
fixing.
# 


I am also getting below error on message log:
Nov  7 00:12:46 ironhost gdm[12200]: gdm_slave_exec_script: Failed starting: 
/etc/X11/gdm/Init/Default


please advice.

thank you.
BG
 

~~Kalyan-mastu~~

Re: when was a pkg installed !!!

[Matthias Kilian]

On Wed, Nov 07, 2007 at 05:16:53PM -0500, Josh Grosse wrote:
  i ran pkg_info with all common options but none tell me when
  was the pkg installed!!!
 
 $ ls -l /var/db/pkg/your package here

No. Those files and directories are also touched when depending
packages are installed or updated.

-- 
MCSE - Microsoft Certified Spongiform Encephalitis
-- Dominik Rudisch in dtj, 11.3.2001

Re: Mysterious transfer speed differences

[Stuart Henderson]

On 2007/11/07 16:28, Alvaro Mantilla Gimenez wrote:
  people accessing systems with 'pass from any os OpenBSD to port ssh'
  might like to note that this changes your OS fingerprint.
 
 Probably is a silly question but...why the default window size is 16k?

if this is set too large it will cause machines making a lot of
TCP connections to run out of memory.

OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT = couldn't map interrupt

[Alexey Suslikov]

[EMAIL PROTECTED] wrote:

acpi at mainbus0 not configured


Have you tried to enable acpi? GENERIC.MP with acpi?

- Alexey.

Re: when was a pkg installed !!!

[Josh Grosse]

On Wed, Nov 07, 2007 at 11:51:09PM +0100, Matthias Kilian wrote:
 No. Those files and directories are also touched when depending
 packages are installed or updated.

Thanks for the clarification!

Re: when was a pkg installed !!!

[badeguruji]

that is true. especially if you notice that installing one pkg install all the 
other it depends on. there has to be some way in pkg_info to reflect this info 
that: how and when was 'any' pkg installed? otherwise i would be disappointed.

-BG
 

~~Kalyan-mastu~~

- Original Message 
From: Matthias Kilian [EMAIL PROTECTED]
To: misc@openbsd.org; badeguruji [EMAIL PROTECTED]
Sent: Wednesday, November 7, 2007 4:51:09 PM
Subject: Re: when was a pkg installed !!!


On Wed, Nov 07, 2007 at 05:16:53PM -0500, Josh Grosse wrote:
  i ran pkg_info with all common options but none tell me when
  was the pkg installed!!!
 
 $ ls -l /var/db/pkg/your package here

No. Those files and directories are also touched when depending
packages are installed or updated.

-- 
MCSE - Microsoft Certified Spongiform Encephalitis
-- Dominik Rudisch in dtj, 11.3.2001

can't figure out obsd with a bridging ADSL modem.

[Craig Hammond]

I feel like I'm missing something painfully obvious, but I just can't
see it.



I have someone who just got ADSL connected and I talked them into
letting

me setup an obsd firewall. The adsl modem that the ISP sent only does

bridging (Netgear DM111) and although I got it all working, it feels
like an

awkward hack that will bite me in the ass later on if I don't do it
properly now.



If I set my external interface on the obsd box to dhcp, the adsl modem
gives it

the correct static IP  (103.113.194.79 mask 255.255.255.0) but no
default

gateway gets set.



If I logon to the adsl modems web interface, it gives me the following
details:

IP: 103.113.194.79

Gateway: 103.17.101.67



If I set these manually on the obsd box, it doesn't work as the default
gateway

isn't in my subnet.

Ie, IP:103.113.194.79

Subnet 255.255.255.0

Gateway 103.17.101.67



The way that I did get it to work was manually setting the subnet mask

to 255.0.0.0. Now the default gateway is within my subnet and so it gets

used and at the moment, everything seems to be working ok, but this

feels like a dirty hack that will bite me later on.



Is there a better way to do this???





I can't see how a dmesg will help, but just in case.



OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007

[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

cpu0: Intel(R) Celeron(R) CPU 420 @ 1.60GHz (GenuineIntel 686-class)
1.60 GHz

cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xT
PR

real mem  = 527265792 (502MB)

avail mem = 502185984 (478MB)

mainbus0 at root

bios0 at mainbus0: AT/286+ BIOS, date 05/28/07, BIOS32 rev. 0 @ 0xf0010,
SMBIOS rev. 2.4 @ 0xfcd70 (22 entries)

bios0: vendor American Megatrends Inc. version P3.20 date 05/28/2007

apm0 at bios0: Power Management spec V1.2

apm0: battery life expectancy 0%

apm0: AC off, battery charge unknown, estimated 0:00 hours

apm0: flags 20102 dobusy 0 doidle 1

pcibios0 at bios0: rev 2.1 @ 0xf/0x1

pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4a80/192 (10 entries)

pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev
0x00)

pcibios0: PCI bus #1 is the last bus

bios0: ROM list: 0xc/0xa000!

cpu0 at mainbus0

pci0 at mainbus0 bus 0: configuration mode 1 (no bios)

pchb0 at pci0 dev 0 function 0 Intel 82865G/PE/P CPU-I/0-1 rev 0x02

vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02: aperture at
0xf000, size 0x800

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)

wsdisplay0: screen 1-5 added (80x25, vt100 emulation)

uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 10

uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 3

uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 5

uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: irq 10

ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 11

usb0 at ehci0: USB revision 2.0

uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1

ppb0 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2

pci1 at ppb0 bus 1

fxp0 at pci1 dev 1 function 0 Intel 8255x rev 0x0c, i82550: irq 11,
address 00:02:b3:99:a5:96

inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4

rl0 at pci1 dev 5 function 0 Realtek 8139 rev 0x10: irq 11, address
00:19:66:41:a9:78

rlphy0 at rl0 phy 0: RTL internal PHY

ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02:
24-bit timer at 3579545Hz

pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility

pciide0: channel 0 disabled (no drives)

pciide0: channel 1 disabled (no drives)

pciide1 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI

pciide1: using irq 5 for native-PCI interrupt

wd0 at pciide1 channel 0 drive 0: WDC WD1200JD-00GBB0

wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors

wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5

atapiscsi0 at pciide1 channel 1 drive 0

scsibus0 at atapiscsi0: 2 targets

cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CDDVDW SH-S203B, SB00 SCSI0
5/cdrom removable

cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5

ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: irq
10

iic0 at ichiic0

usb1 at uhci0: USB revision 1.0

uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1

usb2 at uhci1: USB revision 1.0

uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1

usb3 at uhci2: USB revision 1.0

uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1

usb4 at uhci3: USB revision 1.0

uhub4 at usb4: Intel UHCI root hub, rev 1.00/1.00, addr 1

isa0 at ichpcib0

isadma0 at isa0

pckbc0 at isa0 port 0x60/5

pckbd0 at pckbc0 (kbd slot)

pckbc0: using irq 1 for kbd slot

wskbd0 at pckbd0: console keyboard, using wsdisplay0

pmsi0 at pckbc0 (aux 

Re: when was a pkg installed !!!

[Jeremy Huiskamp]

On 7-Nov-07, at 6:20 PM, badeguruji wrote:

that is true. especially if you notice that installing one pkg  
install all the other it depends on. there has to be some way in  
pkg_info to reflect this info that: how and when was 'any' pkg  
installed? otherwise i would be disappointed.


-BG




You could hack pkg_add to write a log msg every time it completes an  
installation and just refer to the log for timestamps. 

Re: when was a pkg installed !!!

[Arnaud Bergeron]

2007/11/7, STeve Andre' [EMAIL PROTECTED]:
 On Wednesday 07 November 2007 17:51:09 Matthias Kilian wrote:
  On Wed, Nov 07, 2007 at 05:16:53PM -0500, Josh Grosse wrote:
i ran pkg_info with all common options but none tell me when
was the pkg installed!!!
  
   $ ls -l /var/db/pkg/your package here
 
  No. Those files and directories are also touched when depending
  packages are installed or updated.

 OK, that makes sense.  So can the addition date of a package be
 determined?

stat -f%Sc /var/db/pkg/pacakge name

should give you the change time of the inode.  I am not exactly
certain if this will always correspond to the install time, but on my
machine, it does.

 --STeve Andre'




-- 
La brigade SnW veut vous recruter - http://brigade.snw.googlepages.com

Re: PF/ALTQ problem : using max states limits breaks queueing

[NetOne - Doichin Dokov]

NetOne - Doichin Dokov P=P0P?P8Q
P0:

Henning Brauer P=P0P?P8Q
P0:

* NetOne - Doichin Dokov [EMAIL PROTECTED] [2007-11-07 01:57]:
 

Hello,

I have an OpenBSD 4.2 box set up to shape clients traffic. Each 
client gets limited by these 4 rules:


pass in on $int_if from $client_ip to any queue client_in
pass out on $int_if from any to $client_ip queue client_out
pass in on $ext_if from any to $client_ip queue client_out
pass out on $ext_if from $client_ip to any queue client_in

Everything works fine. I now want to limit max states created by 
each client in each direction to 300, so i modified the rules to be:


pass in on $int_if from $client_ip to any (max 300) queue client_in



when a packet matches this rule, but there are already 300 states 
from this rule, the result is a non-match. you need to decide what to 
do with excess states and put rules in. it could be sth like


block from $a to $b
pass  from $a to $b keep state (max 300)

to block 'em.

  

Yup, I gueesed I was wrong with something :) Thank you very much for the
clarification. I'll test and report back later. I guess if it is this
way, though, the documentation needs to be fixed.
That's what the FAQ says here:
http://www.openbsd.org/faq/pf/filter.html#stateopts

max /number/
   Limit the maximum number of state entries the rule can create to
   /number/. If the maximum is reached, packets that would normally
   create state are *dropped* until the number of existing states
   decreases.

Regards,
Doichin

P.S. Henning Brauer: I first submitted this message directly to you 
instead of misc@, please excuse me for getting this twice.


Because I have no explicit block for traffic on top of the ruleset 
(because this machine is merely used for routingshaping only), doing 
this achieves what i want:

 block on $if from $a to $b flags any
 pass on $if from $a to $b keep state (max 300) queue $queue

Though, I still see some unexpected behavior, e.g. doing this after 
loading the ruleset:

 echo set limit states 10 | pfctl -mf -
seems to again make the traffic not limited (dunno why), but pfctl -F 
all -f /etc/pf.conf fixed it.

Trouble ftp'ing out of network, already running ftpproxy for internal ftp server, need to ftp out

[Jake Conk]

Hello,

I have a computer running OpenBSD 4.2 which is acting as my router.
Behind it I have a a ftp-server which is working fine thanks to
ftp-proxy but one of the problems I am having is ftp'ing out of my
network. I am able to connect and establish connections to outside
servers but I am not able to run normal commands on them like ls, cd,
get, etc. Any command I try running after I connect just hangs and
fails.

Here is my pf.conf:


# Macros: define common values, so they can be referenced and changed easily.

ext_if=bge0   # External interface
ext_ip=# External IP
ext_carp_if=carp0 # External carp interface
ext_carp_ip=   # External carp IP
ext_ifs={ $ext_if $ext_carp_if }# All external interfaces
int_if=bge1   # Internal interface
int_carp_if0=carp1# Internal carp interface 1
int_carp_if1=carp2# Internal carp interface 2
carp_ifs={ $ext_if $int_if }# Interfaces which do carp
loop_if=lo0   # Loopback Interface
bridge_if=bridge0 # Brige Interface
tap_if=tap0   # Tap Interface
pflog_if=pflog0   # Pflog Interface
pfsync_if=xl0 # Pfsync Interface
int_ifs={ $int_if $int_carp_if0 $int_carp_if1 \
  $loop_if $bridge_if $tap_if $pflog_if \
  $pfsync_if }# All internal interfaces
external_addr=192.168.1.1 # External Address
internal_net=192.168.10.0/24  # Internal Network
icmp_types={0, 3, 4, 8, 11, 12}   # Allowed ICMP Types
# ADD __192.168.0.0/24__ BELOW WHEN IN PRODUCTION
no_route={ 127.0.0.0/8, \
172.16.0.0/12, 10.0.0.0/8 }# Non routable IPs

# SERVERS #
ftp_server=192.168.10.9
mail_server=192.168.10.9



# Tables: similar to macros, but more flexible for many addresses.
#table foo { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 }




# Options: tune the behavior of pf, defaults given

set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit   {states 1, frags 5000}  # Sets hard limits
used on memory pools
set loginterface $ext_if# Which interface to log
set optimization normal # Optimize engine for network
set block-policy drop   # Default behavior of
block policy
set require-order yes   # Enforce ordering of statements
set fingerprints /etc/pf.os   # Fingerprints
set debug loud  # Level of debug
set skip on $loop_if# Disable pf on which devices



# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.

scrub in on $ext_ifs all fragment reassemble



# Queueing: rule-based bandwidth control.

#altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing }
#queue dflt bandwidth 5% cbq(default)
#queue developers bandwidth 80%
#queue marketing  bandwidth 15%



# Translation: specify how addresses are to be mapped or redirected.


# NAT: packets going out through $ext_if with source address $internal_net will
# get translated as coming from the address of $ext_if, a state is created for
# such packets, and incoming packets will be redirected to the internal address.
nat on $ext_if inet from $int_if:network to any - ($ext_if)

# NAT anchor for ftp proxy
nat-anchor 

Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA

[Prabhu Gurumurthy]

Brian A Seklecki (Mobile) wrote:

On Mon, 2007-11-05 at 07:23 +0100, Martin Toft wrote:

On Mon, Nov 05, 2007 at 01:29:05AM +0100, Cabillot Julien wrote:

Have you try openbsd 4.2 ? PF have been really improved in this
release.


pf(4) has nothing to do with isakmpd(8), except as it relates to recent
addition of routing tags.

- PIX/ASA is going to get you a default packet ASA forwarding based on
interface weights 
- PIX/ASA is going to guarantee easily setup and functional Hybrid-XAUTH

VPN Road-warrior clients
- PIX has functional object-groups/group-object inheritance
- PIX/ASA has proprietary serial console fail-over (which is marginally
faster than waiting for CARP)
- PIX/ASA has some magical black-box inline transparent protocol
fixups
- PIX has a 4 hour SmartNet support contract option
- PIX/ASA has a SNMP MIB tree (Which we are working to catch up on)

I don't know about ASA, but the 5xx PIX doesn't support IPv6


Otherwise they're both software-based stateful IP packet forwarding
engines running on i386 with NAT and IPSec and 802.1q support.

OpenBSD will always scale better because you can run it on the harwdare 
platform of your choice.

~BAS


1. VPN is computationally heavy -- is your hardware fast enough?

2. Try playing with queueing in PF to handle some types of traffic
   faster than others. AFAIK, it is normal to find this kind of
   configuration in commercial, black-box solutions, disguised as buzzy
   slogans like Built-in QoS Super-Routing :-)

Just my two cents.

Martin





Are you sure PIX 515 and above does not support IPv6. By that do you mean IPv6 
routing, if that is the case, yes. But PIX 515E and ASA does support IPv6 fine 
when you use 7.X and above version of image.


In addition to your 4th point, PIX and ASA support failover using LAN, only PIX 
supports serial based failover.


To the OP:
We use ASA and OpenBSD in our production environment and we spent close to 
$10,000 buying twin ASAs (using GigE) for failover, but only $2000 to buy two 
dell boxes to put OpenBSD (using GigE) on them and use them as failover i.e. pf 
+ pfsync + sasyncd and its being fine for past 11 months.


Where do you see OpenBSD lagging behind, if it is a transfer rate you can tweak 
tcp settings using sysctl, you can upgrade to 4.2 as the other post indicated.


And are you willing to spend money to buy expensive gear that is the question?

Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA

[Todd T. Fries]

isakmpd does not do the crypto processing of the actual IPSec tunnels, it
only does the ike negotiations.

Presuming you want to use aes-128, `openssl speed aes' shows that a 1ghz
system that is running 'vi' to type this message is capable of (at the
lowest end) 27mbyte per second.

I think you should do your own tests but it looks like you'd have to stoop
pretty low to not be able to handle 5mbit.

Thanks,
-- 
Todd Fries .. [EMAIL PROTECTED]

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| ..in support of free software solutions.  \  250797 (FWD)
| \
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt

Penned by Chris Bullock on 20071105 19:14.17, we have:
| Some say that isakmpd is resource intensive.  What is the recommended
| hardware for a 5mb full duplex optical Internet connection that is doing
| nothing but VPN.
| Regards,
| Chris
| 
| On 11/4/07, Chris Bullock [EMAIL PROTECTED] wrote:
| 
|  We have been using OpenBSD my entire IT career, 5 1/2 years, I like the
|  way its easy to roll out, configure and the cost the most.
| 
|  I would like an honest opinion of the group.  We have customers that
|  maintain their own firewalls and VPNs and it appears to us that that those
|  sites seem to transmit data quicker than the sites that we maintain with
|  OpenBSD firewalls and VPNs, assuming identical bandwidth.  We have an
|  OpenBSD VPN/firewall at our main site, so realistically, all of our data
|  does transpose OpenBSD before it ultimately hits our network.
| 
|  My question is should I consider a non OpenBSD solutions, ie Cisco devs or
|  should I attempt to tweak my existing boxes?
|  Regards,
|  Chris

Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT = couldn't map interrupt

[Koenig, Thomas]

Hi,

 Have you tried to enable acpi? 

I try acpi with:

boot -c
enable acpi
quit

then I get a panic, with options for trace and ps - thats all. :(
maybe its a bug?


 GENERIC.MP with acpi?
Is this not the same as above?


regards,
Thomas

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA

[Karsten McMinn]

On Nov 4, 2007 4:09 PM, Chris Bullock [EMAIL PROTECTED] wrote:
 ...and it appears to us that that those
 sites seem to transmit data quicker than the sites that we maintain with
 OpenBSD firewalls and VPNs, assuming identical bandwidth. snip

do some conclusive transfer tests please or explain what you mean
when you say and it appears.

FWIW, I've benchmarked PIX stateful failover using their fancy
serial cable/x-over combo at roughly 750ms of dead time in
the event of a failover.

Re: how to create cdrom42.fs?

[Steve Shockley]

Calomel wrote:

You can use geteltorito.pl by Rainer Krienke. It will extract what it needs
from the cdemu42.iso image and make a new cdrom42.fs image. Just takes a
second.


Doing:

./geteltorito.pl -o test cd42.iso

results in a file test that's identical to cdbr.  Why jump through so 
many hoops to do things the hard way?  I'm not sure I see the advantage 
of using 2.88 emulation, especially when bsd.rd is ~5M.

style(9)

[David Walker]

Hiya.

style(9) man page (DESCRIPTION section) says:
 Then there's a blank line, followed by the /usr/include files.  The
 /usr/include files should be sorted!

I guess this means alphabetically. Can someone confirm or deny please?

Also, although not explicitly stated, it appears to be suggested that
single line comments are punctuated.
(DESCRIPTION section):
   /*
* Multi-line comments look like this.  Make them real sentences.
* Fill them so they look like real paragraphs.
*/
and:
   #include sys/types.h  /* Non-local includes in brackets. */
and various other places.
However, when defining structures, the examples:
   struct foo {
   struct  foo *next;  /* List of active foo */
   struct  mumble amumble; /* Comment for mumble */
   int bar;
   };
   struct foo *foohead;/* Head of global foo list */
(etcetera) suggest ambiguity.
Clarification appreciated.

Best wishes,
David