Re: Merging 2 ADSL lines

[jcr]

Sajith a icrit :
Hi its Sajith 


Is it possible for Merging 2 ADSL lines

  


yep i do this for my company  with 2 ADSL line in load balancing
it is working like a charm :

pf.conf ( a part of ...)

#  load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to \
   { ($ext_if0 $ext_gw), ($ext_if1 $ext_gw) } round-robin \
   proto tcp from  to any flags S/SA modulate state

#  load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to \
   { ($ext_if0 $ext_gw), ($ext_if1 $ext_gw) } round-robin \
   proto { udp, icmp } from  to any keep state


#  general "pass out" rules for external interfaces
pass out on $ext_if0 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if0 proto { udp, icmp } from any to any keep state
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state


#  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
#  $ext_if2 and $ext_gw2
pass out on $ext_if0 route-to ($ext_if1 $ext_gw) from $ext_if1 to any
pass out on $ext_if1 route-to ($ext_if0 $ext_gw) from $ext_if0 to any



and ppp.conf

default:
set log Phase Chat IPCP CCP tun command
set redial 15 0
set reconnect 15 1
disable acfcomp protocomp
deny acfcomp
set mtu max 1492
set mru max 1492
set speed sync
enable lqr
set lqrperiod 5
set dial
set login
set timeout 0
enable mssfixup
disable ipv6cp
pppoe-0:
set device "!/usr/sbin/pppoe -i re0"
set authname xx
set authkey xxx
add! default HISADDR
pppoe-1:
set device "!/usr/sbin/pppoe -i re1"
set authname 
set authkey 
add! default HISADDR



hope it's help
jc


--
-
*  ~ Jean-christophe ROIRON ~   *
*  Conseil Giniral Haute-Loire  *
*  ~~   *
* Service Informatique  *
* Responsable Technique *
*   *
* Tel : 04-71-07-42-24  *
* Mail : [EMAIL PROTECTED]*
-

Re: Duplicate entries in the output of "mixerctl"

[Amarendra Godbole]

On Dec 14, 2007 12:31 AM, Deanna Phillips <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Amarendra Godbole writes:
>
> > mixerctl output has some duplicate entries (duplicated names, but
> > different values), which leaves me confused. Here is the output:
>
> I see... this happens when an item has both input and output
> levels that can be adjusted.
>
> Could you try this diff please?  It should give you something
> more like:
>
> outputs.line=124,124
> inputs.line=85,85
>
> Thanks!
>
>
> Index: azalia.c
> ===
> RCS file: /cvs/src/sys/dev/pci/azalia.c,v
> retrieving revision 1.45
> diff -u -p -r1.45 azalia.c
> --- azalia.c25 Nov 2007 18:13:40 -  1.45
> +++ azalia.c13 Dec 2007 18:37:58 -
[...]

Sorry, I got about trying this a bit too late. When the patch failed,
I looked at the code, and see that you have a newer version checked
in. Anyways, with the latest version, there is no longer an issue with
duplicated entries. Thanks.

-Amarendra

Re: 3ware Escalade 7210 (3w7210) supported in OpenBSD?

[Matthias Tarasiewicz]

OpenBSD _recognizes_ the 3ware Escalade (6x00, 7xx0) series of
controllers, but for all practical purposes you will NOT get the
benefits normally associated with RAID.


so are there any other raid cards in the price range of the 3ware  
controllers that are recommendable and fully supported on openbsd?


thanks,
matthias

Perpetually Current

[new_guy]

I would like to install OpenBSD *once* and keep it patched and secured for
many years there after (5 - 7 years) in a production environment. Would it
be feasible to get a snapshot today and follow -current for many years w/o
having to reinstall? Basically, this approach would skip -stable and
-release and always be -current. I understand the implications of being
current and that things might change and break and may need re-configuring
on occasion. I'm OK with that... I just don't want to reinstall a -release
every year... although I'll still buy CDs as they are released to support
the project.

Thanks,
Brad
-- 
View this message in context: 
http://www.nabble.com/Perpetually-Current-tp14513618p14513618.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Perpetually Current

[Darrin Chandler]

On Thu, Dec 27, 2007 at 04:07:00PM +0100, Henning Brauer wrote:
> > The second problem are flag days, when something has changed such
> > that you almost certainly want to reinstall the OS.  The move from
> > a.out to ELF binary format is a good example of that.
> 
> ah yeah, and that happens every second week.
> reality check: how often does that happen really?
> the last "real" flag day on i386 was the a.out -> ELF move.
> When was that? 3.3 I think. almost 5 years ago.

I think the OP may have wanted something automated/scripted. While
"true" flag days are rare, -current often has some steps to perform as
listed on current.html. Since I've been following -current those steps
have been simple and easy to perform, but -current isn't something you
should do unattended from a cron job.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: Perpetually Current

[Henning Brauer]

* STeve Andre' <[EMAIL PROTECTED]> [2007-12-27 15:43]:
> On Thursday 27 December 2007 09:17:37 new_guy wrote:
> > I would like to install OpenBSD *once* and keep it patched and secured for
> > many years there after (5 - 7 years) in a production environment. Would it
> > be feasible to get a snapshot today and follow -current for many years w/o
> > having to reinstall? Basically, this approach would skip -stable and
> > -release and always be -current. I understand the implications of being
> > current and that things might change and break and may need re-configuring
> > on occasion. I'm OK with that... I just don't want to reinstall a -release
> > every year... although I'll still buy CDs as they are released to support
> > the project.

that will work fine as long as you keep an eye on current.html and 
maybe source-changes, it is what many of us do.

> There are two problems with what you are talking about.  The first is
> that by its vary nature -current is a moving target, and there could be
> a time when upgrading to the latest -current for a security fix might
> introduce some new feature which you don't want.

why wouldn't you want a new feature?
we're being extremely careful to not break existing behaviour wherever 
possible. of course, that is not always possible, but exceptions are 
rare and well documented.

> The second problem are flag days, when something has changed such
> that you almost certainly want to reinstall the OS.  The move from
> a.out to ELF binary format is a good example of that.

ah yeah, and that happens every second week.
reality check: how often does that happen really?
the last "real" flag day on i386 was the a.out -> ELF move.
When was that? 3.3 I think. almost 5 years ago.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: Perpetually Current

[STeve Andre']

On Thursday 27 December 2007 09:17:37 new_guy wrote:
> I would like to install OpenBSD *once* and keep it patched and secured for
> many years there after (5 - 7 years) in a production environment. Would it
> be feasible to get a snapshot today and follow -current for many years w/o
> having to reinstall? Basically, this approach would skip -stable and
> -release and always be -current. I understand the implications of being
> current and that things might change and break and may need re-configuring
> on occasion. I'm OK with that... I just don't want to reinstall a -release
> every year... although I'll still buy CDs as they are released to support
> the project.
>
> Thanks,
> Brad

There are two problems with what you are talking about.  The first is
that by its vary nature -current is a moving target, and there could be
a time when upgrading to the latest -current for a security fix might
introduce some new feature which you don't want.  In other words, you
can't just apply patches to -current, you need to move to the lastest
code.

The second problem are flag days, when something has changed such
that you almost certainly want to reinstall the OS.  The move from
a.out to ELF binary format is a good example of that.

You should always have a fall back procedure in place too,  but thats
always the case.

--STeve Andre'

Re: pgt prevents pf from scrubbing?

[Daniel Melameth]

pgt, for me, has proven to be more reliable than ral, but this
annoying scrubbing/mss issue is starting to get to me.  Any
recommendations for the best place to look in the source to address
this?  The only time I've really worked with C was in college and on a
few ports here and there, but I'm nearing my wit's end with this.

Thanks and Happy Holidays.

On 11/2/07, Daniel Melameth <[EMAIL PROTECTED]> wrote:
> I was able to reproduce this issue with a clean installation of 4.2 as
> wellso long as the AP uses pgt, pf's scrub is broken.  Thoughts?
>
> On 10/31/07, Daniel Melameth <[EMAIL PROTECTED]> wrote:
> > I recently changed my 4.1-stable AP from ral to pgt only to find pf not
> > scrubbing packets anymore.  To make this confusion more simple, I made a
> > temporary simple pf.conf:
> >
> > $ sudo cat /etc/pf.conf
> > external_if = "pppoe0"
> >
> > set debug loud
> >
> > scrub in on $external_if all
> > scrub out on $external_if all max-mss 1452
> >
> > nat on $external_if from ! $external_if -> ( $external_if )
> >
> > block in log on $external_if
> >
> > pass out quick on $external_if inet proto tcp to any
> > pass out quick on $external_if inet proto { udp, gre, icmp } to any
> >
> > block out log on $external_if
> >
> >
> > With this ruleset I now have the following:
> >
> > $ sudo pfctl -vvs rules
> > @0 scrub in on pppoe0 all fragment reassemble
> >  [ Evaluations: 2051  Packets: 292   Bytes: 45542   States: 0
> > ]
> >  [ Inserted: uid 0 pid 10012 ]
> > @1 scrub out on pppoe0 all max-mss 1452 fragment reassemble
> >  [ Evaluations: 236   Packets: 236   Bytes: 9859States: 0
> > ]
> >  [ Inserted: uid 0 pid 10012 ]
> > @0 block drop in log on pppoe0 all
> >  [ Evaluations: 831   Packets: 4 Bytes: 1092States: 0
> > ]
> >  [ Inserted: uid 0 pid 10012 ]
> > @1 pass out quick on pppoe0 inet proto tcp all flags S/SA keep state
> >  [ Evaluations: 32Packets: 242   Bytes: 55041   States: 7
> > ]
> >  [ Inserted: uid 0 pid 10012 ]
> > @2 pass out quick on pppoe0 inet proto udp all keep state
> >  [ Evaluations: 19Packets: 23Bytes: 3049States: 3
> > ]
> >  [ Inserted: uid 0 pid 10012 ]
> > @3 pass out quick on pppoe0 inet proto gre all keep state
> >  [ Evaluations: 7 Packets: 0 Bytes: 0   States: 0
> > ]
> >  [ Inserted: uid 0 pid 10012 ]
> > @4 pass out quick on pppoe0 inet proto icmp all keep state
> >  [ Evaluations: 7 Packets: 0 Bytes: 0   States: 0
> > ]
> >  [ Inserted: uid 0 pid 10012 ]
> > @5 block drop out log on pppoe0 all
> >  [ Evaluations: 7 Packets: 7 Bytes: 280 States: 0
> > ]
> >  [ Inserted: uid 0 pid 10012 ]
> >
> >
> > However, a simple visit to a web site when using pgt shows scrub is not
> > scrubbing as my mss is 1460:
> >
> > $ sudo tcpdump -ni pppoe0 port 80
> > tcpdump: listening on pppoe0, link-type PPP_ETHER
> > 12:05:46.892243 x.y.101.219.58561 > 64.37.182.61.80: S
> > 2341795589:2341795589(0) win 8192 
> > (DF)
> > 12:05:46.969268 64.37.182.61.80 > x.y.101.219.58561: S
> > 3585146952:3585146952(0) ack 2341795590 win 8190 
> > 12:05:46.970368 x.y.101.219.58561 > 64.37.182.61.80: . ack 1 win 17520
(DF)
> > 12:05:46.970902 x.y.101.219.58561 > 64.37.182.61.80: P 1:642(641) ack 1
win
> > 17520 (DF)
> > 12:05:47.056958 64.37.182.61.80 > x.y.101.219.58561: P 1:636(635) ack 642
> > win 19200 (DF)
> > 12:05:47.060172 x.y.101.219.58561 > 64.37.182.61.80: P 642:1347(705) ack
636
> > win 16885 (DF)
> > 12:05:47.151883 64.37.182.61.80 > x.y.101.219.58561: P 3556:3780(224) ack
> > 1347 win 8190
> > 12:05:47.152153 64.37.182.61.80 > x.y.101.219.58561: P 2096:2100(4) ack
1347
> > win 8190 (frag 55634:[EMAIL PROTECTED])
> > 12:05:47.153298 x.y.101.219.58561 > 64.37.182.61.80: . ack 636 win 16885
> > (DF)
> > 12:05:47.156386 x.y.101.219.58561 > 64.37.182.61.80: . ack 636 win 16885
> > (DF)
> >
> >
> > But if I simply put the ral card back and reboot, scrub works again-and
this
> > is reproducible.
> >
> > $ sudo tcpdump -ni pppoe0 port 80
> > tcpdump: listening on pppoe0, link-type PPP_ETHER
> > 11:14:32.100411 x.y.115.226.53842 > 64.37.182.61.80: S
> > 313284:313284(0) win 8192 
> > (DF)
> > 11:14:32.176738 64.37.182.61.80 > x.y.115.226.53842: S
> > 2437399687:2437399687(0) ack 313285 win 8190 
> > 11:14:32.177300 x.y.115.226.53842 > 64.37.182.61.80: . ack 1 win 17424
(DF)
> > 11:14:32.177661 x.y.115.226.53842 > 64.37.182.61.80: P 1:642(641) ack 1
win
> > 17424 (DF)
> > 11:14:32.263894 64.37.182.61.80 > x.y.115.226.53842: P 1:636(635) ack 642
> > win 32767 (DF)
> > 11:14:32.266375 x.y.115.226.53842 > 64.37.182.61.80: P 642:1347(705) ack
636
> > win 16789 (DF)
> > 11:14:32.360790 64.37.182.61.80 > x.y.115.226.53842: P 636:2088(1452) ack
> > 1347 win 8190 (DF)
> > 11:14:32.361099 64.37.182.61.80 > x.y.115.226.53842: P 3540:3773(233) ack
> > 1347 win 8190
> >
> >
> > I don't get it.  I haven't had much sleep, but what's missing h

Re: Merging 2 ADSL lines

[L. V. Lammert]

On Thu, 27 Dec 2007, Sajith wrote:

> Hi its Sajith
>
> Is it possible for Merging 2 ADSL lines
>
> Regards
>
> Sajith
>
It is possible to share ADSL lines for oubound traffic, .. but no provider
I have seen will allow bonding for incoming traffic (e.g. a mail server).

Lee

Re: Perpetually Current

[STeve Andre']

On Thursday 27 December 2007 10:07:00 Henning Brauer wrote:
> * STeve Andre' <[EMAIL PROTECTED]> [2007-12-27 15:43]:
> > On Thursday 27 December 2007 09:17:37 new_guy wrote:
> > > I would like to install OpenBSD *once* and keep it patched and secured
> > > for many years there after (5 - 7 years) in a production environment.
> > > Would it be feasible to get a snapshot today and follow -current for
> > > many years w/o having to reinstall? Basically, this approach would skip
> > > -stable and -release and always be -current. I understand the
> > > implications of being current and that things might change and break
> > > and may need re-configuring on occasion. I'm OK with that... I just
> > > don't want to reinstall a -release every year... although I'll still
> > > buy CDs as they are released to support the project.
>
> that will work fine as long as you keep an eye on current.html and
> maybe source-changes, it is what many of us do.
>
> > There are two problems with what you are talking about.  The first is
> > that by its vary nature -current is a moving target, and there could be
> > a time when upgrading to the latest -current for a security fix might
> > introduce some new feature which you don't want.
>
> why wouldn't you want a new feature?
> we're being extremely careful to not break existing behaviour wherever
> possible. of course, that is not always possible, but exceptions are
> rare and well documented.

I didn't express that well enough, I guess.  How about a change, such as
disks formerly showing up as wd but now sd?  By problem, I mean 
something that has to be dealt with, not just insurmountable ones.

>
> > The second problem are flag days, when something has changed such
> > that you almost certainly want to reinstall the OS.  The move from
> > a.out to ELF binary format is a good example of that.
>
> ah yeah, and that happens every second week.
> reality check: how often does that happen really?
> the last "real" flag day on i386 was the a.out -> ELF move.
> When was that? 3.3 I think. almost 5 years ago.

Perhaps I'm wrong here, but I thought about every other release
there was a change that was a flag day.  I see that the upgrade
faq doesn't have a history so I'd have to dig for it.  Still, my point
was they do happen from time to time so the idea of living on
-current won't always work.

As I read his posting, new_guy is getting the concepts down.  Though
they are few, flag days still need to be understood.

--STeve Andre'

Re: Perpetually Current

[Nick Guenther]

On 12/27/07, new_guy <[EMAIL PROTECTED]> wrote:
> I would like to install OpenBSD *once* and keep it patched and secured for
> many years there after (5 - 7 years) in a production environment. Would it
> be feasible to get a snapshot today and follow -current for many years w/o
> having to reinstall? Basically, this approach would skip -stable and
> -release and always be -current. I understand the implications of being
> current and that things might change and break and may need re-configuring
> on occasion. I'm OK with that... I just don't want to reinstall a -release
> every year... although I'll still buy CDs as they are released to support
> the project.

What you probably want is to go the upgrade-every-6-months route.

-Nick

Re: Perpetually Current

[Henning Brauer]

* STeve Andre' <[EMAIL PROTECTED]> [2007-12-27 16:42]:
> On Thursday 27 December 2007 10:07:00 Henning Brauer wrote:
> > * STeve Andre' <[EMAIL PROTECTED]> [2007-12-27 15:43]:
> > > On Thursday 27 December 2007 09:17:37 new_guy wrote:
> > > > I would like to install OpenBSD *once* and keep it patched and secured
> > > > for many years there after (5 - 7 years) in a production environment.
> > > > Would it be feasible to get a snapshot today and follow -current for
> > > > many years w/o having to reinstall? Basically, this approach would skip
> > > > -stable and -release and always be -current. I understand the
> > > > implications of being current and that things might change and break
> > > > and may need re-configuring on occasion. I'm OK with that... I just
> > > > don't want to reinstall a -release every year... although I'll still
> > > > buy CDs as they are released to support the project.
> >
> > that will work fine as long as you keep an eye on current.html and
> > maybe source-changes, it is what many of us do.
> >
> > > There are two problems with what you are talking about.  The first is
> > > that by its vary nature -current is a moving target, and there could be
> > > a time when upgrading to the latest -current for a security fix might
> > > introduce some new feature which you don't want.
> >
> > why wouldn't you want a new feature?
> > we're being extremely careful to not break existing behaviour wherever
> > possible. of course, that is not always possible, but exceptions are
> > rare and well documented.
> 
> I didn't express that well enough, I guess.  How about a change, such as
> disks formerly showing up as wd but now sd?  By problem, I mean 
> something that has to be dealt with, not just insurmountable ones.

that is one of those rare changes, and it is well documented.

> > > The second problem are flag days, when something has changed such
> > > that you almost certainly want to reinstall the OS.  The move from
> > > a.out to ELF binary format is a good example of that.
> >
> > ah yeah, and that happens every second week.
> > reality check: how often does that happen really?
> > the last "real" flag day on i386 was the a.out -> ELF move.
> > When was that? 3.3 I think. almost 5 years ago.
> 
> Perhaps I'm wrong here, but I thought about every other release
> there was a change that was a flag day.

nope.

we sometimes have mini-flagdays. they usually only affect people 
building from source.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: Merging 2 ADSL lines

[L. V. Lammert]

At 07:09 PM 12/27/2007 +0200, you wrote:

On Thu, Dec 27, 2007 at 10:13:11AM -0600, L. V. Lammert wrote:
> It is possible to share ADSL lines for oubound traffic, .. but no provider
> I have seen will allow bonding for incoming traffic (e.g. a mail server).

Isn't that easily solved with DNS round robin in the case of mail and
web servers?


The issue would be reverse DNS - no way I know of to provide RDNS for the 
same hostname on two different IPs (IF you could get the provide to do RDNS 
at all!). It would be required for a mail server; it would also farkle a 
web server for any s/w that is doing a RDNS check for security; certainly 
no way to use an SSL cert.


Lee

Re: Perpetually Current

[STeve Andre']

On Thursday 27 December 2007 10:46:26 Henning Brauer wrote:
> * STeve Andre' <[EMAIL PROTECTED]> [2007-12-27 16:42]:
> > On Thursday 27 December 2007 10:07:00 Henning Brauer wrote:
> > > * STeve Andre' <[EMAIL PROTECTED]> [2007-12-27 15:43]:
> > > > On Thursday 27 December 2007 09:17:37 new_guy wrote:
> > > > > I would like to install OpenBSD *once* and keep it patched and
> > > > > secured for many years there after (5 - 7 years) in a production
> > > > > environment. Would it be feasible to get a snapshot today and
> > > > > follow -current for many years w/o having to reinstall? Basically,
> > > > > this approach would skip -stable and -release and always be
> > > > > -current. I understand the implications of being current and that
> > > > > things might change and break and may need re-configuring on
> > > > > occasion. I'm OK with that... I just don't want to reinstall a
> > > > > -release every year... although I'll still buy CDs as they are
> > > > > released to support the project.
> > >
> > > that will work fine as long as you keep an eye on current.html and
> > > maybe source-changes, it is what many of us do.
> > >
> > > > There are two problems with what you are talking about.  The first is
> > > > that by its vary nature -current is a moving target, and there could
> > > > be a time when upgrading to the latest -current for a security fix
> > > > might introduce some new feature which you don't want.
> > >
> > > why wouldn't you want a new feature?
> > > we're being extremely careful to not break existing behaviour wherever
> > > possible. of course, that is not always possible, but exceptions are
> > > rare and well documented.
> >
> > I didn't express that well enough, I guess.  How about a change, such as
> > disks formerly showing up as wd but now sd?  By problem, I mean
> > something that has to be dealt with, not just insurmountable ones.
>
> that is one of those rare changes, and it is well documented.
>
> > > > The second problem are flag days, when something has changed such
> > > > that you almost certainly want to reinstall the OS.  The move from
> > > > a.out to ELF binary format is a good example of that.
> > >
> > > ah yeah, and that happens every second week.
> > > reality check: how often does that happen really?
> > > the last "real" flag day on i386 was the a.out -> ELF move.
> > > When was that? 3.3 I think. almost 5 years ago.
> >
> > Perhaps I'm wrong here, but I thought about every other release
> > there was a change that was a flag day.
>
> nope.
>
> we sometimes have mini-flagdays. they usually only affect people
> building from source.

Thats my point: running -current means building from source and
thus being affected.

Re: Perpetually Current

[Henning Brauer]

* STeve Andre' <[EMAIL PROTECTED]> [2007-12-27 17:31]:
> Thats my point: running -current means building from source and
> thus being affected.

huh?
not at all.
you use snapshots of course.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: Merging 2 ADSL lines

[Jussi Peltola]

On Thu, Dec 27, 2007 at 10:13:11AM -0600, L. V. Lammert wrote:
> It is possible to share ADSL lines for oubound traffic, .. but no provider
> I have seen will allow bonding for incoming traffic (e.g. a mail server).

Isn't that easily solved with DNS round robin in the case of mail and
web servers?

Re: Merging 2 ADSL lines

[Brian]

Jussi Peltola wrote:

On Thu, Dec 27, 2007 at 10:13:11AM -0600, L. V. Lammert wrote:
  

It is possible to share ADSL lines for oubound traffic, .. but no provider
I have seen will allow bonding for incoming traffic (e.g. a mail server).



Isn't that easily solved with DNS round robin in the case of mail and
web servers?
  

I have seen this with sdsl, here is a link from a UK guy that did it.

http://www.automatedhome.co.uk/Internet/ADSL-Bonding-How-To-and-Review.html

Brian

Re: Merging 2 ADSL lines

[Mitch Parker]

L.V.,

You don't need bonding for incoming traffic :).

PF will take care of the outbound load-balancing for you (and there's an
example pf.conf that addresses this in Absolute OpenBSD) if configured
correctly.

If you have DNS set up right, you don't need bonding for incoming
traffic.  That's what MX records and priorities are for WRT SMTP, and PF
and multiple A records are for WRT everything else.

No provider you've seen will allow that because it's not necessary to do
so due to the fact that DNS can already handle it with a minimum of
work.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of L. V. Lammert
Sent: Thursday, December 27, 2007 11:13 AM
To: Sajith
Cc: misc@openbsd.org
Subject: Re: Merging 2 ADSL lines

On Thu, 27 Dec 2007, Sajith wrote:

> Hi its Sajith
>
> Is it possible for Merging 2 ADSL lines
>
> Regards
>
> Sajith
>
It is possible to share ADSL lines for oubound traffic, .. but no
provider I have seen will allow bonding for incoming traffic (e.g. a
mail server).

Lee

Re: Merging 2 ADSL lines

[Henning Brauer]

* Mitch Parker <[EMAIL PROTECTED]> [2007-12-27 18:34]:
> You don't need bonding for incoming traffic :).
> 
> PF will take care of the outbound load-balancing for you (and there's an
> example pf.conf that addresses this in Absolute OpenBSD) if configured
> correctly.
> 
> If you have DNS set up right, you don't need bonding for incoming
> traffic.  That's what MX records and priorities are for WRT SMTP, and PF
> and multiple A records are for WRT everything else.
> 
> No provider you've seen will allow that because it's not necessary to do
> so due to the fact that DNS can already handle it with a minimum of
> work.

that is a hobbyist solution that might work ok if you don't actually 
care for reliability etc - especially with the mutiple A records, when 
one line is down you won't be reachable for about half of of the people 
who would want to reach you.

the real solution is of course bgp or two lines which go to the same 
provider IP-wise and he does his share in balancing and failover.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: Merging 2 ADSL lines

[Mitch Parker]

Henning,

I agree with you on this.  However, I was looking at this from the SMTP
and outgoing angles (which IMHO is a bit better designed for this
scenario than HTTP, SSH, or other services).  Obviously you'd want BGP
for the Web or other services (and if you've got 2 ADSL lines, you're
probably hosting a good chunk of that at a web host that hopefully has
it).

If someone has 2 ADSL lines they're bonding, chances are they're not
going to want BGP set up (most people I know would have at least a /24,
2 T1s, and a good ISP).  Will most providers even let you set up BGP if
you're running less than a /24?  My experience has been that most ADSL
providers don't provide these services, but the leased line providers
do.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Henning Brauer
Sent: Thursday, December 27, 2007 12:42 PM
To: misc@openbsd.org
Subject: Re: Merging 2 ADSL lines

* Mitch Parker <[EMAIL PROTECTED]> [2007-12-27 18:34]:
> You don't need bonding for incoming traffic :).
>
> PF will take care of the outbound load-balancing for you (and there's
> an example pf.conf that addresses this in Absolute OpenBSD) if
> configured correctly.
>
> If you have DNS set up right, you don't need bonding for incoming
> traffic.  That's what MX records and priorities are for WRT SMTP, and
> PF and multiple A records are for WRT everything else.
>
> No provider you've seen will allow that because it's not necessary to
> do so due to the fact that DNS can already handle it with a minimum of

> work.

that is a hobbyist solution that might work ok if you don't actually
care for reliability etc - especially with the mutiple A records, when
one line is down you won't be reachable for about half of of the people
who would want to reach you.

the real solution is of course bgp or two lines which go to the same
provider IP-wise and he does his share in balancing and failover.

--
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services,
http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg &
Amsterdam

Re: Merging 2 ADSL lines

[Henning Brauer]

* Mitch Parker <[EMAIL PROTECTED]> [2007-12-27 19:27]:
> If someone has 2 ADSL lines they're bonding, chances are they're not
> going to want BGP set up (most people I know would have at least a /24,
> 2 T1s, and a good ISP).  Will most providers even let you set up BGP if
> you're running less than a /24?  My experience has been that most ADSL
> providers don't provide these services, but the leased line providers
> do.

I'm not aware of any ADSL provider offering bgp...
and yes, you need a /24 at least, everything else gets filtered out 
usually.
(well. if both links go to the same ISP IP-wise, you could do bgp with 
a private AS and have your prefix only visible within his network and 
otherwise covered by his bigger, regularily announced prefix, but then 
I don't think anyone offers that with home/soho style lines like ADSL 
either)

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: Merging 2 ADSL lines

[L. V. Lammert]

At 09:50 AM 12/27/2007 -0800, you wrote:

 > The issue would be reverse DNS - no way I know of to provide RDNS for the
 > same hostname on two different IPs (IF you could get the provide to do 
RDNS

 > at all!). It would be required for a mail server; it would also farkle a
 > web server for any s/w that is doing a RDNS check for security; certainly
 > no way to use an SSL cert.

Eh?   I don't understand what you are trying to say.

$ORIGIN example.com.

foo A   192.168.0.1
A   192.168.0.2

That takes care of forward DNS

$ORIGIN 0.168.192.in-addr.arpa.

1   PTR foo.example.com.
2   PTR foo.example.com.

That takes care of reverse DNS.


1) You don't have access to RDNS at almost all DSL home providers.
2) A 192.168 record cannot validate a server to a remote user, so you can't 
do the PTRs on your servers.
3) Having TWO reverse DNS records for a mail server is going to choke when 
you get the connection from one IP and the reverse uses the other 
connection, so that DNW either.



What's the issue?


If you're running a home service, OR 'outbound only', you're OK, but it 
doesn't work for any inbound services without bonding/bgp, as already 
mentioned.


Lee

Re: Perpetually Current

[Jan Stary]

On Dec 27 06:17:37, new_guy wrote:
> I would like to install OpenBSD *once* and keep it patched and secured
> for many years there after (5 - 7 years) in a production environment.

That's what upgrades are for.

> Would it be feasible to get a snapshot today and follow -current for
> many years w/o having to reinstall? Basically, this approach would
> skip -stable and > -release and always be -current.

You would just use the snaphots. Is that "reinstalling" for you?

> I understand the implications of being current and that things might
> change and break and may need re-configuring on occasion.

So why do you want to use it in production?

> I'm OK with that... I just don't want to reinstall a -release
> every year...

That's about one hour of work twice a year - what's wrong with that? Why
do you want to stay -current? What problem are you trying to solve, or
what are you trying to achieve by doing that?

Jan

Re: Perpetually Current

[Greg Thomas]

On Dec 27, 2007 8:35 AM, Henning Brauer <[EMAIL PROTECTED]> wrote:
> * STeve Andre' <[EMAIL PROTECTED]> [2007-12-27 17:31]:
> > Thats my point: running -current means building from source and
> > thus being affected.
>
> huh?
> not at all.
> you use snapshots of course.

STeve understands that but I don't think the original poster does.

Greg
-- 
Ticketmaster and Ticketweb suck, but everyone knows that:
http://ticketmastersucks.org
Obsession in the low desert:  http://lodesertprotosites.org
Dethink to survive - Mclusky

Re: Perpetually Current

[Karsten McMinn]

On Dec 27, 2007 10:47 AM, Jan Stary <[EMAIL PROTECTED]> wrote:
>
> That's about one hour of work twice a year - what's wrong with that? Why
> do you want to stay -current? What problem are you trying to solve, or
> what are you trying to achieve by doing that?

obviously automation. regardless of personal administration ethics it
seems like a fair question.

Brad, you could crontab the cvs update on the local source tree, compile
and install kernels and userland out of crontab however often you want.
likewise if you wanted a binary route (snapshots).

Re: Using the C programming language

[Kirk Ismay]

Rico Secada wrote:

On Sun, 23 Dec 2007 01:06:39 -0600
"David Higgs" <[EMAIL PROTECTED]> wrote:

  

On Dec 22, 2007 5:53 PM, Rico Secada <[EMAIL PROTECTED]> wrote:



It is my understanding that C is the hackers tool while Ada is the
tool of the engineer. I think it is mostly because of tradition.
  

Your understanding is wrong.  I suspect that many professional
engineers using C (and/or other languages) would strongly disagree
with your offhand characterization.


Doesn't matter what language is used, you can still shoot yourself in 
the foot:


http://www.ima.umn.edu/~arnold/disasters/ariane.html
http://www.cas.mcmaster.ca/~baber/TechnicalReports/Ariane5/Ariane5.htm
http://www.ima.umn.edu/~arnold/disasters/ariane5rep.html

"The internal SRI software exception was caused during execution of a 
data conversion from 64-bit floating point to 16-bit signed integer 
value. The floating point number which was converted had a value greater 
than what could be represented by a 16-bit signed integer. This resulted 
in an Operand Error. The data conversion instructions (in Ada code) were 
not protected from causing an Operand Error, although other conversions 
of comparable variables in the same place in the code were protected."


--

Sincerely, 
Kirk Ismay

System Administrator

--
Net Idea
201-625 Front Street Nelson, BC V1L 4B6
P:250-352-3512 | F:250-352-9780 | TF:1-888-352-3512

Check out our brand new website! www.netidea.com

sparc64 on Sun Netra T1 with external CD Drive

[new_guy]

Hi again,

>From the ok> prompt, I'm doing this:

boot /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL 
PROTECTED],0:f

This boots the Solaris install CD OK, but not OpenBSD 4.2 CD. Any tips?

Thanks,
Brad
-- 
View this message in context: 
http://www.nabble.com/sparc64-on-Sun-Netra-T1-with-external-CD-Drive-tp14518767p14518767.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

pf visible bridge/router

[Beavis]

Hi all!,

I've been searching lists with regards to building a Visible
Bridge/Router with PF on OpenBSD.
But most of the material I see are for invisible bridge configs. I
wanted to just to a straight Routing/Bridging on my FW's
(without the use of NAT)

Any comments or experiences shared will be awesomely appreciated.


thanks,
-B

Re: sparc64 on Sun Netra T1 with external CD Drive

[Miod Vallat]

> From the ok> prompt, I'm doing this:
> 
> boot /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL 
> PROTECTED],0:f
> 
> This boots the Solaris install CD OK, but not OpenBSD 4.2 CD. Any tips?

Drop the ``:f'' part and it should boot fine.

Miod

Re: sparc64 on Sun Netra T1 with external CD Drive

[Brad Tilley]

On Dec 27, 2007 4:43 PM, Miod Vallat <[EMAIL PROTECTED]> wrote:

> Drop the ``:f'' part and it should boot fine.
>
> Miod

Continuation... from last post:

Then I see this:

-
Evaluating: boot /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL 
PROTECTED]/[EMAIL PROTECTED],0

Can't open boot device
-

Then Solaris boots from disk.

Re: sparc64 on Sun Netra T1 with external CD Drive

[Brad Tilley]

On Dec 27, 2007 4:43 PM, Miod Vallat <[EMAIL PROTECTED]> wrote:
> Drop the ``:f'' part and it should boot fine.
>
> Miod

I've tried that, but I'll try again. It just hangs with this at the console:

Executing last command: boot /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL 
PROTECTED]/[EMAIL PROTECTED],0
Boot device: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL 
PROTECTED],0 File and args:
_

Re: Using the C programming language

[Rico Secada]

On Thu, 27 Dec 2007 12:27:15 -0800
Kirk Ismay <[EMAIL PROTECTED]> wrote:

> Rico Secada wrote:
> > On Sun, 23 Dec 2007 01:06:39 -0600
> > "David Higgs" <[EMAIL PROTECTED]> wrote:
> >
> >   
> >> On Dec 22, 2007 5:53 PM, Rico Secada <[EMAIL PROTECTED]> wrote:
> >>
> >> 
> >>> It is my understanding that C is the hackers tool while Ada is the
> >>> tool of the engineer. I think it is mostly because of tradition.
> >>>   
> >> Your understanding is wrong.  I suspect that many professional
> >> engineers using C (and/or other languages) would strongly disagree
> >> with your offhand characterization.
> >
> Doesn't matter what language is used, you can still shoot yourself in 
> the foot:

Nobody has argued against that :-)

> http://www.ima.umn.edu/~arnold/disasters/ariane.html
> http://www.cas.mcmaster.ca/~baber/TechnicalReports/Ariane5/Ariane5.htm
> http://www.ima.umn.edu/~arnold/disasters/ariane5rep.html
> 
> "The internal SRI software exception was caused during execution of a 
> data conversion from 64-bit floating point to 16-bit signed integer 
> value. The floating point number which was converted had a value
> greater than what could be represented by a 16-bit signed integer.
> This resulted in an Operand Error. The data conversion instructions
> (in Ada code) were not protected from causing an Operand Error,
> although other conversions of comparable variables in the same place
> in the code were protected."
> 
> -- 
> 
> Sincerely, 
> Kirk Ismay
> System Administrator
> 
> --
> Net Idea
> 201-625 Front Street Nelson, BC V1L 4B6
> P:250-352-3512 | F:250-352-9780 | TF:1-888-352-3512
> 
> Check out our brand new website! www.netidea.com

Re: pf visible bridge/router

[Allie D.]

It's the same as an invisible bridge except you have IP's on the if's,
that's the only diff.

Beavis wrote:
> Hi all!,
> 
> I've been searching lists with regards to building a Visible
> Bridge/Router with PF on OpenBSD.
> But most of the material I see are for invisible bridge configs. I
> wanted to just to a straight Routing/Bridging on my FW's
> (without the use of NAT)
> 
> Any comments or experiences shared will be awesomely appreciated.
> 
> 
> thanks,
> -B

Re: Perpetually Current

[Joachim Schipper]

On Thu, Dec 27, 2007 at 11:21:54AM -0800, Karsten McMinn wrote:
> On Dec 27, 2007 10:47 AM, Jan Stary <[EMAIL PROTECTED]> wrote:
> > That's about one hour of work twice a year - what's wrong with that? Why
> > do you want to stay -current? What problem are you trying to solve, or
> > what are you trying to achieve by doing that?
> 
> obviously automation. regardless of personal administration ethics it
> seems like a fair question.
> 
> Brad, you could crontab the cvs update on the local source tree, compile
> and install kernels and userland out of crontab however often you want.
> likewise if you wanted a binary route (snapshots).

Yes, but in either case, you should very carefully check to see that
http://www.openbsd.org/faq/current.html has not changed first.
(Obviously, that's not the correct way to go about it, but it's
certainly the easiest.)

Joachim

P.S. No, I am not dead. I hope to find some more time to read this list
Real Soon Now.

-- 
PotD: x11/ogle - DVD player

Re: Perpetually Current

[Ingo Schwarze]

Karsten McMinn wrote on Thu, Dec 27, 2007 at 11:21:54AM -0800:

> obviously automation. regardless of personal administration ethics
> it seems like a fair question.

If you understand the OP's question that way, you should also provide
the following answer to the OP:  There is no standard way for automated
upgrades on OpenBSD.  The standard upgrade procedure requires booting an
install system, usually from floppy, CD-ROM or bsd.rd, and rebooting once
more when the upgrade is done to get back to the production system.
I'm not aware of any sensible approach to automation of this standard
upgrade process.

> Brad, you could crontab the cvs update on the local source tree,

Combined with what follows, this is certainly bad advice.
HEAD is a moving target.  Sometimes, HEAD won't even compile
if you hit right in between two related commits.  So, installing
self-compiled HEAD stuff via cron on a production system is asking
for trouble.

When you simply want to run -current, snapshots are recommended.

> compile and install kernels

And reboot from cron after installing the kernel?
On a production system?
I would call that scary.

On the other hand, not rebooting after installing the new kernel
is even worse.  Some mini flag day might suffice to break part
of your userland.  That won't happen often, but on a production
system, you probably do not want to break things even once or
twice a year.  You know, *if* cron brings your server down, it
will very probably be right after the start of your long holiday.

> and userland out of crontab however often you want.

Upgrading userland from cron?
I wouldn't call that impossible, but...
Have a look at
  http://www.openbsd.org/faq/upgrade42.html

Specifically, you need the section entitled
  "Upgrading without install kernel"
starting with
  "This is NOT the recommended process.
   Use the install kernel method if at all possible!"

There are several steps to perform.
Some of them are not trivial, but they require thought.
There is no guarantee these steps are always the same:
Already the filename "upgrade42.html" is giving that away.
Almost certainly, some things will change during the five years to come.

So, scripting this is certainly possible, but it will be *much* more
fragile than upgrading manually, keeping the scripts up to date will
certainly be more work than doing manual upgrades twice a year,
und it is definitely not a job for newbies.

> likewise if you wanted a binary route (snapshots).

A bit better, but still:
 - Do you reboot from cron?
 - How will you make cron read, interpret and act according to
   http://www.openbsd.org/faq/current.html?
 - How will you make cron keep /etc in sync with the system?

Keeping a system up to date involves manual work,
either a little easy work for manual upgrades now and then,
or lots of hard and scary work for building and maintaining
an automatic system.  You choose according to your skill,
and according to your time budget...

Help with Seagate STT3401A tape drive

[richardtoohey]

Hi, all.

I've finally found some time to try and get a tape drive - Seagate STT3401A (now
Certance/Quantum) - working on a Dell SC440.

I've not used tapes before, found plenty on Google, but I cannot get anything to
work as documented.

Most of the commands seem to fail for me (OpenBSD 4.2 CD release with errata
patches on i386.)

For example, I insert the tape (Travan 40GB - 20GB/40GB - preformatted
cartridge), wait a few seconds, and then:

mt rewind

will log this (/var/log/messages):

/bsd: wdc_atapi_intr: warning: reading only 255 of 256 bytes

Or:

tar cvf /dev/nrst0 AFile.zip

Shows this on the console:

AFile.zip
tar: Failed write to archive volume: 1: Invalid argument
tar: Waiting for tape drive close to complete...done.

And this in /var/log/messages:

last message repeated 2 times
/bsd: st0(atapiscsi1:0:0): Check Condition (error 0x70) on opcode 0xa
/bsd: SENSE KEY: Illegal Request
/bsd:  ASC/ASCQ: Illegal Function (Should 20 00, 24 00, or 26 00)

I've tried using dd; using /dev/nrst0; a different tape; etc. with much the same
output.

I've Googled for a couple of hours and I am none the wiser - is it something to
do with the tape drive not being a SCSI device (it appears to be ATAPI, and
therefore using the atapiscsi adapter?)

Am I doing something very basically wrong or is this just not going to work?

Thanks.

dmesg follows:

OpenBSD 4.2 (GENERIC) #0: Mon Dec  3 15:35:59 NZDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) D CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S
SE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR
real mem  = 1071722496 (1022MB)
avail mem = 1028661248 (981MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/03/07, BIOS32 rev. 0 @ 0xffe90, SMBIOS
rev. 2.3 @ 0xf0450 (63 entries)
bios0: vendor Dell Inc. version "1.4.1 " date 07/03/2007
bios0: Dell Inc. PowerEdge SC440
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfed10/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GH LPC" rev 0x00)
pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0x9000 0xc9000/0x2000! 0xcb000/0x1000
cpu0 at mainbus0
cpu0: Enhanced SpeedStep disabled by BIOS
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7230 MCH" rev 0x00
ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01
pci3 at ppb2 bus 3
em0 at pci3 dev 0 function 0 "Intel PRO/1000 PT (82572EI)" rev 0x06: irq 11,
address 00:15:17:3d:36:64
ppb3 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01
pci4 at ppb3 bus 4
bge0 at pci4 dev 0 function 0 "Broadcom BCM5754" rev 0x02, BCM5754/5787 A2
(0xb002): irq 10, address 00:1d:09:09:81:81
brgphy0 at bge0 phy 1: BCM5787 10/100/1000baseT PHY, rev. 0
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 9
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 5
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 3
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: irq 10
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 9
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb4 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xe1
pci5 at ppb4 bus 5
vga1 at pci5 dev 7 function 0 "ATI ES1000" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA, channel 0
configured to compatibility, channel 1 configur
ed to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom
removable
atapiscsi1 at pciide0 channel 0 drive 1
scsibus1 at atapiscsi1: 2 targets
st0 at scsibus1 targ 0 lun 0:  SCSI2 1/sequential 
removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
st0(pciide0:0:1): using PIO mode 3
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA, channel 0
configured to native-PCI, channel 1 configured
 to native-PCI
pciide1: using irq 5 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 476940MB, 976773168 sectors
wd1 at pciide1 channel 0 drive 1: 
wd1: 16-sector PIO, LBA48, 476940MB, 976773168 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 "Intel

Re: openbsd router hardware

[Douglas A. Tutty]

On Mon, Dec 24, 2007 at 01:29:49PM +0100, Joerg Zinke wrote:
> - vga-output (because I have no other machine with a serial port to do
>   the installation)

If that is the only time you'll use vga, it may open up lots of non-VGA
board options if you get any old cheap/free box to use as a serial
terminal.  I have an old 486 that runs OBSD very well.

Or just get a USB/serial dongle and connect it to another box.

Doug.

Re: Using the C programming language

[Frederik Sausmikat]

Girish Venkatachalam wrote:
Can someone give me a list of useful links on Ada so I can start 
learning the language? I did read the wikipedia entry though.
  


   A short introduction to some of Ada's features in comparison to
   C/C++ and Java can be found here:



   The best resource for learning Ada (95) online might be the book
   from John English:
   

   Other Ada related resources:
   
   
   
   
   

   Regards, Freddy

Re: Using the C programming language

[Frederik Sausmikat]

Marco Peereboom wrote:

So lets get the story straight.  Ada is great but the compiler sucks.
Winning combination for an open source os.
  


   As a matter of fact, gnat/gcc uses the same code generation back end
   for Ada as for any other supported language.

   Regards, Freddy

backup firewall connectivity

[Aaron]

I am wondering,  in a dual firewall situation, preemption enabled, carp 
working just fine (i think), is it normal that the backup firewall (when 
in backup state) has no connectivity on any of the carped interfaces?


I only ask because I have read some posts where someone is connecting 
somewhere, downloading something.. etc.. from the _backup_ firewall.  
They didn't say if it was running as the master of the carp interface or 
not.


When i try to connect out any of my carp interfaces (or the actual 
physical interface for that matter)  I get the message:


ping: sendto: Network is unreachable
ping: wrote 10.0.69.41 64 chars, ret=-1

If the answer to the question is "no, you can't connect when the box is 
in "backup" state", then all is well.. otherwise, I'll put up if 
configs, dmesg etc..   

BTW, I did try this with pf enabled and disabled (also did a flush all 
after disabling pf) so i don't think pf is an issue here.


Thanks in advance,

Aaron

Embedding OpenBSD

[Nick Holland]

I've got a little project I'm working on here.
It involves stuffing a computer in a donation box with a
money detector, so every time someone tosses money in the box,
it plays an MP3 file.

(no, you can't make a living at this.  At least, *I* can't)

The first two of these I did were many years ago, and we used a
486 running a simple DOS app.  Well, computers that run DOS well
are gone, and trying to bring up a new program to play sound
files on any of the modern sound chips would be (not) fun...and
annoying the next time the hardware all changes again.

So, for this generation, I'm using OpenBSD, mpg321, and a 1G
CF flash device attached to an CF-> IDE interface.

However, this is the first time I've ever done an OpenBSD system
that wasn't going to be attached to some kind of network for
(hopefully) years at a time.  In fact, hopefully, it will NEVER
be attached to a network.  And, while I got a 1G CF device, I
could imagine doing something stupid and having it slowly fill
the CF media and six months from now getting a call saying, "It
died.  Come fix it", and since it will be in another country and
probably a ten hour drive away, I'd like to avoid that. :)
Once this thing is deployed, I won't have access to it at all,
so I'll have no ability to spot a potential problem or fix it.

SO, to try to keep things quiet, I've disabled the daily, weekly,
and monthly scripts, I've disabled sendmail in /etc/rc.conf.local.
Before I ship it out, I'll move /var/log and /var/tmp to point to
a mfs system, so hopefully, if something starts logging, a power
cycle will dump everything.  Only 60M is mounted RW, so it fsck's
very quickly, and my app writes only to the MFS.

What have I forgotten?  Is there anything else I can do to avoid
slapping my forehead and saying, "D'oh! Forgot to ..." before I
ship it out fully detached?  The good news is I'm pretty sure
there is at least one OpenBSD developer near-by, but that's just
all the more reason to make sure I don't screw it up, I'll never
live it down. :)

Nick.

blog ranking

[OnToplist.com]

Hi,

I've found your last post blog.1407.org at technorati.

I think you might be interested in joining one of our rankings at this
category

It would be the right place for your blog.

Please let me know if you have any questions.

Thanks,
D.

x4100

[Marco Peereboom]

Ok got my x4100 out of storage.  What was the mpi issue again that
someone was seeing?

Sorry for the broadcast but I couldn't find that email.

Re: Embedding OpenBSD

[Douglas A. Tutty]

On Thu, Dec 27, 2007 at 09:34:37PM -0500, Nick Holland wrote:
> I've got a little project I'm working on here.
> It involves stuffing a computer in a donation box with a
> money detector, so every time someone tosses money in the box,
> it plays an MP3 file.
> 
 
> However, this is the first time I've ever done an OpenBSD system
> that wasn't going to be attached to some kind of network for
> (hopefully) years at a time.  In fact, hopefully, it will NEVER
> be attached to a network.  And, while I got a 1G CF device, I
> could imagine doing something stupid and having it slowly fill
> the CF media and six months from now getting a call saying, "It
> died.  Come fix it", and since it will be in another country and
> probably a ten hour drive away, I'd like to avoid that. :)
> Once this thing is deployed, I won't have access to it at all,
> so I'll have no ability to spot a potential problem or fix it.
 
> What have I forgotten?  Is there anything else I can do to avoid
> slapping my forehead and saying, "D'oh! Forgot to ..." before I
> ship it out fully detached?  The good news is I'm pretty sure
> there is at least one OpenBSD developer near-by, but that's just
> all the more reason to make sure I don't screw it up, I'll never
> live it down. :)

I'd wire in a hardware-type heartbeat detector that will power-cycle the
computer if it stops working.  I'd have a door over the money slot
powered by the computer so that it only accepts money when its working.
You could have a "Please wait" light to be lit during the reboot.

Or, you could just rewire an MP3 player to play a tune when it is
powered on, then just hook the money-detector to the power switch.
Money turns it on, a timer just longer than the tune turns it off.  No
computer needed (just a 556-dual-555 timer IC and some spare parts).

What about a built-in modem set up to allow a login.  Then if something
_does_ go wrong, you can ask the user to provide a phone line to the box
and you with the phone number.  With this, you can fix or even upgrade
the box over the phone.  Add a hardware cycle-counter; if the heartbeat
causes a reboot and the cycle counter doesn't get reset, it lights a
"please call for service" light.

Doug.

Re: Embedding OpenBSD

[Chris Zakelj]

Nick Holland wrote:

I've got a little project I'm working on here.
It involves stuffing a computer in a donation box with a
money detector, so every time someone tosses money in the box,
it plays an MP3 file.

(no, you can't make a living at this.  At least, *I* can't)

The first two of these I did were many years ago, and we used a
486 running a simple DOS app.  Well, computers that run DOS well
are gone, and trying to bring up a new program to play sound
files on any of the modern sound chips would be (not) fun...and
annoying the next time the hardware all changes again.

So, for this generation, I'm using OpenBSD, mpg321, and a 1G
CF flash device attached to an CF-> IDE interface.

However, this is the first time I've ever done an OpenBSD system
that wasn't going to be attached to some kind of network for
(hopefully) years at a time.  In fact, hopefully, it will NEVER
be attached to a network.  And, while I got a 1G CF device, I
could imagine doing something stupid and having it slowly fill
the CF media and six months from now getting a call saying, "It
died.  Come fix it", and since it will be in another country and
probably a ten hour drive away, I'd like to avoid that. :)
Once this thing is deployed, I won't have access to it at all,
so I'll have no ability to spot a potential problem or fix it.

SO, to try to keep things quiet, I've disabled the daily, weekly,
and monthly scripts, I've disabled sendmail in /etc/rc.conf.local.
Before I ship it out, I'll move /var/log and /var/tmp to point to
a mfs system, so hopefully, if something starts logging, a power
cycle will dump everything.  Only 60M is mounted RW, so it fsck's
very quickly, and my app writes only to the MFS.

What have I forgotten?  Is there anything else I can do to avoid
slapping my forehead and saying, "D'oh! Forgot to ..." before I
ship it out fully detached?  The good news is I'm pretty sure
there is at least one OpenBSD developer near-by, but that's just
all the more reason to make sure I don't screw it up, I'll never
live it down. :)

Nick.
A noob-ish question/observation... since the mfs could eventually fill, 
why not point potential logs at /dev/null instead?

Re: Embedding OpenBSD

[Steve Shockley]

Nick Holland wrote:

Only 60M is mounted RW, so it fsck's
very quickly, and my app writes only to the MFS.


Why mount any CF partition RW?  And you should be able to test your 
system on a CD to prove it'll work without writing.

When spammers get whitelisted...

[Allie D.]

I have had to wipe my spamdb twice in the last month because spammers
get past my blacklists (I run the ones that come in spamd.conf) and my
greylisting and just hammer a few of my customers. The spam comes from
multiple IP's so it's a bitch to block by hand...anyone have any tips on
blocking these bastards ???

Re: x4100

[Kyle George]

On Thu, 27 Dec 2007, Marco Peereboom wrote:


Ok got my x4100 out of storage.  What was the mpi issue again that
someone was seeing?

Sorry for the broadcast but I couldn't find that email.


I think this is the thread you're looking for:

http://marc.info/?l=openbsd-misc&m=119623820305056&w=2

--
Kyle George

Re: x4100

[Daniel Ouellet]

Marco Peereboom wrote:

Ok got my x4100 out of storage.  What was the mpi issue again that
someone was seeing?

Sorry for the broadcast but I couldn't find that email.


4100 M2

Any time you put a amd64.mp kernel on that box and you try to do heavy 
access to the SAS drives, the server will crash in just a few seconds.


Something as simply as this:

dd if=/dev/zero of=/var/test bs=1m count=1000


Will guaranty you a crash and reboot and no ddb.

Daniel

Re: When spammers get whitelisted...

[Daniel Ouellet]

Allie D. wrote:

I have had to wipe my spamdb twice in the last month because spammers
get past my blacklists (I run the ones that come in spamd.conf) and my
greylisting and just hammer a few of my customers. The spam comes from
multiple IP's so it's a bitch to block by hand...anyone have any tips on
blocking these bastards ???



Add also grey scanner from Bob Beck as well to your spamd and you will 
reduce this even more.


Read some here:

http://www.ualberta.ca/~beck/greyscanner/

Re: x4100

[Daniel Ouellet]

Kyle George wrote:

On Thu, 27 Dec 2007, Marco Peereboom wrote:


Ok got my x4100 out of storage.  What was the mpi issue again that
someone was seeing?

Sorry for the broadcast but I couldn't find that email.


I think this is the thread you're looking for:

http://marc.info/?l=openbsd-misc&m=119623820305056&w=2


That's the tread, but there is a lots of informations in there and lots 
more tests done pass that and the first finding happen to not be write.


I can't isolate to the drive for sure and provide convincing data to 
show it, however, it appear to be the case even if I can't pin point the 
exact cause as the server will crash at will every time access to the 
drive is done in heavy load. Simply, low load will not crash the server, 
but heavy will "every single time", no exception there.


I try so many different thing, but couldn't find the exact cause of it. 
I can reproduce it at will on 4 different identical servers, so, it's 
not a defective hardware issue, as for that, it would need to be the 
same problem on 4 servers and what the chance of that, unless it is a 
manufacture issue, witch would have been put to light long ago obviously.


But to crash it, simply do:

dd if=/dev/zero of=/var/test bs=1m count=1000

and you are 100% sure to see the server crash in just a few seconds.

Best,

Daniel

Linus about C++

[Brian Hansen]

Hi.

This is partly not OpenBSD related, and yet again someone pointed out that
perhaps a lot of bug could be avoided using C++. I am writting my big paper
on C and C++ and would like some comments from people who are experts.

Off-list is okay, but maybe others are interested as well.

I found this statement of Linux Torvalds about C++ online:


C++ is a horrible language. It's made more horrible by the fact that a lot
of substandard programmers use it, to the point where it's much much
easier to generate total and utter crap with it. Quite frankly, even if
the choice of C were to do *nothing* but keep the C++ programmers out,
that in itself would be a huge reason to use C.

C++ leads to really really bad design choices. You invariably start using
the "nice" library features of the language like STL and Boost and other
total and utter crap, that may "help" you program, but causes:

 - infinite amounts of pain when they don't work (and anybody who tells me
   that STL and especially Boost are stable and portable is just so full
   of BS that it's not even funny)

 - inefficient abstracted programming models where two years down the road
   you notice that some abstraction wasn't very efficient, but now all
   your code depends on all the nice object models around it, and you
   cannot fix it without rewriting your app.

In other words, the only way to do good, efficient, and system-level and
portable C++ ends up to limit yourself to all the things that are
basically available in C. And limiting your project to C means that people
don't screw that up, and also means that you get a lot of programmers that
do actually understand low-level issues and don't screw things up with any
idiotic "object model" crap.


Is he right?

Best regards, and forgive me if I am to much "off topic".

Re: Linus about C++

[Daniel Ouellet]

Brian Hansen wrote:


Is he right?


If you just search the archive, even not to long ago, 'few days' you 
will see pretty much the same feeling about C++ on the OpenBSD list as 
well as pretty much any lists that cares about correct code and clarity 
in programing.


But don't take my words for it, just look and it will not take you long 
to find it.


That's really what you should do first. It even start to look like an 
FAQ topic these days.


If you look into the tree, you will not see much of C++, that alone 
should be a big clue.


Hopefully this tread will die soon as I fell everything was said on it 
already


Best,

Daniel

Re: Linus about C++

[Miod Vallat]

> >Is he right?
> 
> If you just search the archive, even not to long ago, 'few days' you 
> will see pretty much the same feeling about C++ on the OpenBSD list as 
> well as pretty much any lists that cares about correct code and clarity 
> in programing.
> 
> But don't take my words for it, just look and it will not take you long 
> to find it.
> 
> That's really what you should do first. It even start to look like an 
> FAQ topic these days.
> 
> If you look into the tree, you will not see much of C++, that alone 
> should be a big clue.
> 
> Hopefully this tread will die soon as I fell everything was said on it 
> already

Ah, but no C++ bashing thread can be complete until someone mentions the
excellent FQA site: http://yosefk.com/c++fqa/

Miod