Re: Authenticate squid in Active Directory
Brett Lymn wrote: ... They use LDAP+kerberos plus a bit of DNS ... Please. There is enough bs here without intentionally piling it on. Assuming a positive aspect to that, either you're confused about the meaning of word 'based' or unfamiliar with AD. AD is *not* Kerberos nor is it LDAP. AD may well be inspired by LDAP and Kerberos and DNS, but go back and read up on it. The added/missing/changed parts prevent or, at best, hinder interoperability. A tool that does not conform to the specification is, guess what, not a standard. It is one of the many text book examples of MS' embrace, extend, extinguish strategy and relies on broken, incorrect variations of LDAP, Kerberos and DNS. You can call it many things, but not standards based. standards : AD :: organic meat : meat-like flavor -Lars
Re: compat_linux(8) has 2GB filesize limit in 4.2-stable
Philip Guenther wrote: On Feb 5, 2008 6:27 PM, Glenn Mulvaney [EMAIL PROTECTED] wrote: I'm running a linux binary via compat_linux(8) built from ports/emulators/fedora in 4.2-stable. Emulated binaries can't create or read files 2GB regardless of limits or login class. Does anyone have advice on how to remove this limit? Can that Linux binary create and read files larger than 2GB on a *Linux* system? If it doesn't use 64bit capable syscalls, then there's nothing the BSD compat layer can do about it. As a counter-example, a quick check shows that a 'cat' binary from RHEL AS 4 has no problems with a file over 4GB in size, but strace/ktrace show that it uses the Linux fstat64() call, etc. (Hmm, do the compat_linux versions of the 32bit-only syscalls return EOVERFLOW like the Linux ones would on files 2GB? I don't _see_ code to check that...) The binary definitely can create read files larger than 2GB on a linux system. It's the p4d binary from Perforce under emulation that I'm having a problem with. The 64bit calls are in the compat layer (/usr/src/sys/compat/linux/linux_file64.c) ktrace shows calls to fstat64(), but pread() segvs on p4d reading files larger than 2GB, and pwrite() segvs on p4d writing files larger than 2GB. -Glenn
Re: Authenticate squid in Active Directory
Jonathan Franks wrote: I think Andre's point, ... There are at least two perspectives on the problem. One perspective is always how can the computer be used to avoid having the problem again in the future. By incorpo ... Sometimes that's just not an option, and I'm not rich enough to turn down the work. Bizarre. There are tons and tons of well-paying jobs out there if you know anything about computing (read: anything but MS). I won't argue either way for the inclusion of the patch, That's a different topic. The patch can help sites that got suckered into AD make a phased transition to tools that don't such major ass. ... On the other hand, I have Squid running on OpenBSD as a proxy at one location now, and simply provide separate proxies based on AD OU's using group policy. It's not elegant, but it works. However good squid and obsd are, piggy-backing them on to a failed infrastructure only digs the hole deeper. Such solutions are in the short term helpful, but can easily end up mortgaging your future. -Lars
Re: compat_linux(8) has 2GB filesize limit in 4.2-stable
The binary definitely can create read files larger than 2GB on a linux system. It's the p4d binary from Perforce under emulation that I'm having a problem with. The 64bit calls are in the compat layer (/usr/src/sys/compat/linux/linux_file64.c) ktrace shows calls to fstat64(), but pread() segvs on p4d reading files larger than 2GB, and pwrite() segvs on p4d writing files larger than 2GB. -Glenn COMPAT_LINUX emulation of pread() and pwrite() system calls is limited to 32-bit file offsets. However, Linux kernels eventually changed these system calls to use 64-bit file offsets (without using a different system call number, unfortunately). The COMPAT_LINUX code is in dire need of an upgrade to match more recent linux kernels... Miod
Re: Authenticate squid in Active Directory
Andre van Zyl wrote: Please show me the proof that my customers are experiencing a net loss of productivity ... You've provided that data point yourself: MS Windows. Just because people quickly get used to and comfortable with a lower level of productivity doesn't mean that it's not a problem or that it doesn't affect the bottom line. What part of the infrastructure, in addition to squid, can you improve by using OpenBSD or better OpenBSD + standards? -Lars
Re: Authenticate squid in Active Directory
Please show me the proof that my customers are experiencing a net loss of productivity You left out because their squid boxes authenticate to AD You've provided that data point yourself: MS Windows. Ah, I see, so in other words you don't have a clue? Just because people quickly get used to and comfortable with a lower level of productivity doesn't mean that it's not a problem or that it doesn't affect the bottom line. Blah blah blah... Show me the numbers, or come back when you know what you're talking about, because now you're just trolling. -Andre
Re: Authenticate squid in Active Directory
On Feb 6, 2008 3:09 AM, Lars Noodin [EMAIL PROTECTED] wrote: Please. There is enough bs here without intentionally piling it on. Assuming a positive aspect to that, either you're confused about the meaning of word 'based' or unfamiliar with AD. AD is *not* Kerberos nor is it LDAP. AD may well be inspired by LDAP and Kerberos and DNS, but go back and read up on it. The added/missing/changed parts prevent or, at best, hinder interoperability. A tool that does not conform to the specification is, guess what, not a standard. I think you haven't been following the story. They screwed with one unused field and refuse to release the information for interoperability. However, the kerberos team told them - if the information is not released, they'll go ahead and define the field, and then Microsoft's kerberos implementation will be out of spec. Microsoft gave that a thought, and then grudgingly said, ok, here's the info. So, while they tried to piss on folks, as it stands, it is quite standard. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
R: Authenticate squid in Active Directory
Well, it sounds like the OP or his cusomer has a Windows network, so how about uh... AD??? Exactly. I cannot take away AD, I need to read it and authenticate users in squid. While reading at the discussion going on without a solution, I still have the problema patching the makefile. I read someone managed to correctly patch and make squid, can you tell me where is the error in the patched makefile? In the meantime, I found another way maybe: ldap auth towards AD, following this post http://www.mail-archive.com/misc@openbsd.org/msg30134.html right now I had not so much time to test it, the modifications to the makefile worked and squid compiled correctly. One of the interesting part of this solution is not having to install samba stuff in openbsd, you only need squid. Next week I'm gonna test it against AD and see if it works. Luca.
Re: Authenticate squid in Active Directory
On Feb 6, 2008 3:45 AM, Lars Noodin [EMAIL PROTECTED] wrote: Andre van Zyl wrote: Please show me the proof that my customers are experiencing a net loss of productivity ... You've provided that data point yourself: MS Windows. That's just plain stupid, just like people who used to say microsoft office users are less productive than people who use star office. I used starorifice for a while - it was a pile of steekin dung. When Sun bought it and turned it into openoffice, one of the things they promised was turning everything into components, so that anyone who wants to use it, and include it in their programs could. We see how well that has turned out. OO has come a long way, and there are things it is good at, and certainly there are plenty of suck in MS Office, but to say that people who use MS Office are less productive than OO users is simply bunk. Same for saying that about MS Windows. It may be that _YOU_ are less productive on a MS Windows box, but certainly not a whole bunch of people. Just because people quickly get used to and comfortable with a lower level of productivity doesn't mean that it's not a problem or that it doesn't affect the bottom line. What part of the infrastructure, in addition to squid, can you improve by using OpenBSD or better OpenBSD + standards? And replace the software they're running today, with? OpenBSD doesn't even have a good implementation of wine. So who's going to rewrite years of crufty software? Take a good look at how long it took OpenOffice to get from StarOffice to where it is today, where it is... functionally tolerable. Then take a look at where it needs to go (say, like Appleworks on the original Apple ][e and //c - now that's solid performance) or Pages in the current iWorks suite. Or hell, the nimbleness of KOffice. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
R: Authenticate squid in Active Directory
I am the patch author. It's working since it's first implementation. Maybe it's time for the maintainers to consider committing it. Is there any reason for not having it committed? Did you had some reply from the maintainers? I think it would be useful to have it. Luca.
Re: Authenticate squid in Active Directory
On Feb 6, 2008 4:45 PM, Lars Noodin [EMAIL PROTECTED] wrote: You've provided that data point yourself: MS Windows. Since when is misc@ a Linux-esque anti-MS list? --- Lars Hansson
Re: R: Authenticate squid in Active Directory
On Wed, 6 Feb 2008, Luca Dell'Oca wrote: http://www.mail-archive.com/misc@openbsd.org/msg30134.html right now I had not so much time to test it, the modifications to the makefile worked and squid compiled correctly. One of the interesting part of this solution is not having to install samba stuff in openbsd, you only need squid. Next week I'm gonna test it against AD and see if it works. Oh, it's still working. Never tried to use winbind on OpenBSD for this. --- andre
Re: Authenticate squid in Active Directory
On Wed, Feb 06, 2008 at 10:09:50AM +0200, Lars Nood?n wrote: Assuming a positive aspect to that, either you're confused about the meaning of word 'based' or unfamiliar with AD. Neither actually but you seem content. Never mind. AD is *not* Kerberos nor is it LDAP. AD may well be inspired by LDAP and Kerberos and DNS, but go back and read up on it. The added/missing/changed parts prevent or, at best, hinder interoperability. A tool that does not conform to the specification is, guess what, not a standard. Oddly this non-standard AD seems to interoperate with the Solaris ldap client, an openldap client and with MIT kerberos just fine. -- Brett Lymn Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer.
Re: multi-disk external scsi enclosures
Douglas A. Tutty wrote: I'm wondering how scsi external arrays work in OpenBSD. This is in relation to my low-MHz box search. Sata drives have too fast a clock rate so it will be scsi. Are you speculating, or have you actually tested the results here? A new 300G SATA vs. an old 2G SCSI? You are probably right. Compared to a 36G or 140G SCSI? I'd not be so sure. I did an eBay search and found Sun and HP arrays, then went and got the doc pdfs. They all talk about running software on Solaris or HP-UX/Windws, respectivly, to configure and monitor the arrays. How does this work in OpenBSD? Depends on the box. Some boxes have a local controller and the entire box appears as one (or several) disks which may not have anything to do with the individual element drives. Others are just a box with a SCSI bus, and all the drives are visible to the host, and the box does nothing. The configuring and monitoring in the OS are just the OS's usual OS features. Sun made both types of systems. Make sure you know how to configure the boxes with their own local controller. The box of disks ones are pretty easy to configure. :) Not sure how much storage you are after here, but I'm not sure I believe that ten 9G disks are better for your quest than one 100G disk. ONE 9G vs. ONE 100G? Maybe (and even then...keep in mind that SATA cables are shielded, PATA and older SCSI cables are not really shielded), but the fact that you need a lot of them and they use more cabling is very possibly going to add up on you. Also keep in mind that when you go past about 9G on SCSI drives, many are 160MB/s transfer speeds; even if you attach them to an old controller, the processor on the drive is capable of handling that speed, and didn't slow itself down. Again, years ago, home-grade stuff used to emit less RF than business grade stuff. Sun and HP disk chassis never were intended to be in a home. IF you are trying to minimize RF, disk chassis probably aren't want you want. If you are trying to minimize EMF, the higher power consumption of the disk chassis is probably not what you want. And I doubt the extra cables between the chassis and the computer are going to be your friends. Nick.
Re: Authenticate squid in Active Directory
Brett Lymn wrote: Oddly this non-standard AD seems to interoperate with the Solaris ldap client, an openldap client and with MIT kerberos just fine. Seems to, or actually does? Or can be be pounded in after agreeing to non-Open licenses? Point me to some more recent articles or documentation (without NDA requirements) which counter the following: http://www.ddj.com/184404225 http://www.infoworld.com/articles/op/xml/00/05/15/000515oplivingston.html http://www.networkworld.com/news/2000/0511kerberos.html http://archive.salon.com/tech/log/2000/05/11/slashdot_censor/ http://technews.acm.org/articles/2000-2/0405w.html#item14 http://features.slashdot.org/article.pl?sid=00/05/11/0153247mode=nestedthreshold=3 In short, there seems to have been no announcement that the problem is resolved. That's a strange silence for a marketing company. I'm not arguing that the Squid patch does not work, nor that it is not possible for some systems vendors to have signed agreements to get at the proprietary information. Nor will I say that there is no *short term* advantage. What I am saying is that without careful planning, injudicious use of the patch leads to further entrenchment of an unsound service and the unsound system in which it is embedded rather than as a transition to a more stable, secure and maintainable infrastructure. -Lars
problem booting on other partition than hd0a
Hello, I'm using OpenBSD with a Soekris NET4801. To make my job easy and more secure to upgrade software, I would like to have 2 root partitions on the label, one is active at a time and the other will filled with the upgrade by dd. I compiled a kernel with, in NET4801 config file, the line : config bsd swap generic I installed all my system in partition wd0b. Partition wd0a contains an empty formated UFS partition. I change the /etc/boot.conf, which now is : set tty com0 stty com0 19200 set timeout 5 boot hd0b:/bsd When I boot the Soekris, the boot loader is found, and I have the following message : booting hd0a:/bsd: open hd0a:/bsd: No such file or directory failed(2). will try /bsd If I type hd0b:/bsd, the kernel is found and the kernel boot is ok. How could I resolve my problem ? Thanks for your help.
Re: Authenticate squid in Active Directory
On Feb 6, 2008 7:42 AM, Lars Noodin [EMAIL PROTECTED] wrote: Brett Lymn wrote: Oddly this non-standard AD seems to interoperate with the Solaris ldap client, an openldap client and with MIT kerberos just fine. Seems to, or actually does? Or can be be pounded in after agreeing to non-Open licenses? Point me to some more recent articles or documentation (without NDA requirements) which counter the following: http://www.ddj.com/184404225http://www.infoworld.com/articles/op/xml/00/05/1 5/000515oplivingston.html http://msdn2.microsoft.com/en-us/library/ms818754.aspx Read the page topic and search for the word PAC This was well publicized too, as I had mentioned in my previous email. Now can you kindly stfu? -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: Authenticate squid in Active Directory
bofh wrote: http://msdn2.microsoft.com/en-us/library/ms818754.aspx Read the page topic and search for the word PAC Several links in it appears to confirm that a broken version of Kerberos is still used: The Kerberos Authentication Group Membership Extensions extend the Kerberos Authentication Network Service (version 5) specification... Extend == not a standard anymore. Yes a client can be hacked, and many appear to be, to accommodate a non-standard protocol. But at the end of the day it's still not a standard. -Lars
Re: Authenticate squid in Active Directory
On Feb 6, 2008 9:07 AM, Lars Noodin [EMAIL PROTECTED] wrote: bofh wrote: http://msdn2.microsoft.com/en-us/library/ms818754.aspx Read the page topic and search for the word PAC Several links in it appears to confirm that a broken version of Kerberos is still used: The Kerberos Authentication Group Membership Extensions extend the Kerberos Authentication Network Service (version 5) specification... Extend == not a standard anymore. Yes a client can be hacked, and many appear to be, to accommodate a non-standard protocol. But at the end of the day it's still not a standard. RFC 2822 extends RFC 822. RFC 822 extends RFC 821. What's your point? The kerberos working team has already accepted it. Additionally, that field was *DESIGNED* to be extended - it was labelled UNUSED for gods sake. http://it.slashdot.org/article.pl?sid=07/09/17/2050215from=rss and search for pac Microsoft has done a whole lot of shitty things. Even tried to embrace and extend kerberos. But as I mentioned in my *original* email, they got roundly smacked for it, and decided to release the information. So, put that FUD pipe down please. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
high load irq trouble
hi my hardeware are 2 pices of hp dl 145 g2 2gb ram and a intel based 1gb quad interfaces card 1 sata hd. this work as firewall system with 5 carp interfaces with up to 15 ip. per box are 5 ethernet interfaces active. ( the system have 6 , the quad card and 2 on board ) is is possible the the hp box is not possible to do more than 2000 interupts per irq ? i have in my environment a trougthput per interface from 10 to 50Mbit. if interupts going over 1800 on one interface i get massiv slow downs and packet lost. the rise the net.inet.ip.ifq.maxlen to 1024 ( i saw before drops ) . to solve the problem as hot fix i did a trunk of 2 interfaces for this interfaces with highes interrupts load. top shows me close to 100% interrupts load but less then 1 overall load. vmstat -i interrupt total rate irq12/pciide1 627020 irq11/bge0 84232199 986 irq10/bge1 11944226 139 irq7/em0129003925 1510 irq5/em1 59507109 696 irq11/em2 134192386 1571 irq11/em3 5185828 60 irq1/pckbc0 60 irq0/clock8539373 99 irq8/rtc 10930625 128 Total 443598379 5194 it is possible that this hardware to small for this traffic or it is a problem from the design of the hp dl145 g2 ? holger
Re: Authenticate squid in Active Directory
Lars NoodC)n wrote: bofh wrote: http://msdn2.microsoft.com/en-us/library/ms818754.aspx Read the page topic and search for the word PAC Several links in it appears to confirm that a broken version of Kerberos is still used: The Kerberos Authentication Group Membership Extensions extend the Kerberos Authentication Network Service (version 5) specification... Extend == not a standard anymore. Yes a client can be hacked, and many appear to be, to accommodate a non-standard protocol. But at the end of the day it's still not a standard. -Lars From the very first story you linked: This field was intentionally left undefined by Kerberos's authors so that vendors (like Microsoft) could implement customized versions. Let's be clear on one thing: Microsoft's customization of the authorization placeholder field is entirely legitimate. Others, including the OSF with its DCE specification, have customized Kerberos in a similar manner. What's at issue here isn't Microsoft's Kerberos extensions, but the company's disingenuous ownership claims, onerous licensing policies, and bullying tactics. The author (like you, perhaps) doesn't like Microsoft's tactics, but notes that their changes are entirely legitimate. Regards, Mark
Re: multi-disk external scsi enclosures
Date: Wed, 6 Feb 2008 07:12:55 -0500 From: [EMAIL PROTECTED] To: misc@openbsd.org Subject: Re: multi-disk external scsi enclosures Not sure how much storage you are after here, but I'm not sure I believe that ten 9G disks are better for your quest than one 100G disk. ONE 9G vs. ONE 100G? Maybe (and even then...keep in mind that SATA cables are shielded, PATA and older SCSI cables are not really shielded), but the fact that you need a lot of them and they use more cabling is very possibly going to add up on you. SATA cables aren't shielded either, because they're supposed to be used inside an enclosure. eSATA cables are shielded. _
Re: multi-disk external scsi enclosures
On Wed, Feb 06, 2008 at 07:12:55AM -0500, Nick Holland wrote: Douglas A. Tutty wrote: I'm wondering how scsi external arrays work in OpenBSD. This is in relation to my low-MHz box search. Sata drives have too fast a clock rate so it will be scsi. Are you speculating, or have you actually tested the results here? A new 300G SATA vs. an old 2G SCSI? You are probably right. Compared to a 36G or 140G SCSI? I'd not be so sure. So far, just comparing wikipedia articles: sata bitrate, since its serial, is roughly the same as its b/s rate. Scsi clock rate, presumably, is as reported by wikipedia. [snip] Sun made both types of systems. Make sure you know how to configure the boxes with their own local controller. The box of disks ones are pretty easy to configure. :) Before my eBay search and subsequent reading of box manuals, I thought that they were all 'box of disks' and don't need anything more than this. However, right now, on eBay they're all ones with a local controller. Presumably, boxes of disks are cheaper than boxes with a controller. Not sure how much storage you are after here, but I'm not sure I believe that ten 9G disks are better for your quest than one 100G disk. I'm not thinking of starting off with 12 disks. I'm looking at the concept of a server with many bays (which I what I was imagining) vs a server with 1 or 2 bays and an external box for more bays. Presuably as things switch from parallel scsi to SAS, parallel scsi boxes will become scarce in the free/used market. Slow computers aren't going to be made anymore. Whatever I get, will have to last (even if I end up getting a bunch to use as parts in the future). I need to start with about 18 GB of drive space. When I need to add more, I don't know what will be available so I want to have the bays up-front. ONE 9G vs. ONE 100G? Maybe (and even then...keep in mind that SATA cables are shielded, PATA and older SCSI cables are not really shielded), but the fact that you need a lot of them and they use more cabling is very possibly going to add up on you. True. Ideally, I'll keep the number of drives small. Weather a box of disks means a lot more cabling is debatable if the boxes are side-by-side and the box has a back-plane. The SATA cable may be shielded, but it runs at 1.5 or 3 Gb/s. Therefore, the controller will have circuity unshielded except by the box which also runs that fast. Unshielded SCSI cable? Also keep in mind that when you go past about 9G on SCSI drives, many are 160MB/s transfer speeds; even if you attach them to an old controller, the processor on the drive is capable of handling that speed, and didn't slow itself down. 160 MB/s spread over a parallel interface should still be a frequency less than 200 MHz. Again, years ago, home-grade stuff used to emit less RF than business grade stuff. Sun and HP disk chassis never were intended to be in a home. IF you are trying to minimize RF, disk chassis probably aren't want you want. If you are trying to minimize EMF, the higher power consumption of the disk chassis is probably not what you want. And I doubt the extra cables between the chassis and the computer are going to be your friends. This may all be true. The trouble is, old home-grade stuff is long gone and wasn't designed to last. Years ago, you'd be comparing a 386 home-grade with a SPARC, PA-RISC, or perhaps PPC server. Now, everything runs the same stuff: Opteron/Athlon64, Xeon, Core2Duo, etc. and the home grade stuff is in plastic boxes. It sounds like, if I am going to use a server, I'd be better with one with more bays and forget the external box. What about a Compaq Proliant 2500R on eBay for $300? max 1 GB ram, 1 PCI bus over 6 slots, dual Pentium Pro 166 MHz 4 bays + 2 1/2 height bays (for media) + CDROM and floppy Thanks for your thoughts. Doug.
Re: multi-disk external scsi enclosures
On Wed, Feb 06, 2008 at 06:48:54AM +0100, ropers wrote: On 06/02/2008, Douglas A. Tutty [EMAIL PROTECTED] wrote: I'm wondering how scsi external arrays work in OpenBSD. This is in relation to my low-MHz box search. Sata drives have too fast a clock rate so it will be scsi. Why not conventional IDE (aka (P)ATA)? Isn't that much more available and better tested/supported? I don't see external multi-disk IDE boxes. Besides, PATA is limited to something like 18 from controller to drive. Even with a PCI controller, there's not much distance. Also PATA cables aren't shielded. Doug.
Re: Turning NTFS on in GENERIC kernels
On Tuesday 05 February 2008, STeve Andre' wrote: My proceedure these days is to take the disk out of the machine and stuff it into mine, mount it and extract data before scrubbing the mindless thing and starting over... I normally boot the system from a live-cd (used Knoppix many times) and transfer the data via the network. No need to physically transfer the disk. -- Chris
Re: high load irq trouble
1. Supply dmesg, we're not playing guessing games 2. This HW is known to have interrupt issues similar to what is described in PR 5707, so if you are runing -current snapshot on the box, try disabling all the acpi bells and whistles and things should improve substantially. Regards Johan M:son On Wednesday 06 February 2008 14:59:25 holger glaess wrote: hi my hardeware are 2 pices of hp dl 145 g2 2gb ram and a intel based 1gb quad interfaces card 1 sata hd. this work as firewall system with 5 carp interfaces with up to 15 ip. per box are 5 ethernet interfaces active. ( the system have 6 , the quad card and 2 on board ) is is possible the the hp box is not possible to do more than 2000 interupts per irq ? i have in my environment a trougthput per interface from 10 to 50Mbit. if interupts going over 1800 on one interface i get massiv slow downs and packet lost. the rise the net.inet.ip.ifq.maxlen to 1024 ( i saw before drops ) . to solve the problem as hot fix i did a trunk of 2 interfaces for this interfaces with highes interrupts load. top shows me close to 100% interrupts load but less then 1 overall load. vmstat -i interrupt total rate irq12/pciide1 627020 irq11/bge0 84232199 986 irq10/bge1 11944226 139 irq7/em0129003925 1510 irq5/em1 59507109 696 irq11/em2 134192386 1571 irq11/em3 5185828 60 irq1/pckbc0 60 irq0/clock8539373 99 irq8/rtc 10930625 128 Total 443598379 5194 it is possible that this hardware to small for this traffic or it is a problem from the design of the hp dl145 g2 ? holger
Re: Turning NTFS on in GENERIC kernels
On Tue, Feb 05, 2008 at 08:30:00PM -0500, Josh Grosse wrote: ntfs_readattr: offset too big: 595591168 (595656704) 595634176 ^ | Would this be (file_size 0x) by chance? --+ -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Turning NTFS on in GENERIC kernels
On Wed, 6 Feb 2008 08:54:07 -0700, Darrin Chandler wrote On Tue, Feb 05, 2008 at 08:30:00PM -0500, Josh Grosse wrote: ntfs_readattr: offset too big: 595591168 (595656704) 595634176 ^ | Would this be (file_size 0x) by chance? --+ The file size was 4,890,601,472 bytes.
IPSec transport mode and traceroute
I've got really simple transport mode IPSec setup between two hosts: [ipsec.conf] ike ah transport from 128.164.144.144 to 128.164.159.159 main auth hmac-sha2-256 group modp1536 quick group modp1536 Though traceroute from one host to the other fails at the gateway, despite the gateway responding, 128.164.144.189 dns1: icmp: time exceeded in-transit [tos 0xc0] (ttl 255, id 12234, len 56) traceroute to dns2 (128.164.159.159), 64 hops max, 40 byte packets 1 * * * 2 dns2 (128.164.159.159) 0.752 ms 0.648 ms 0.604 ms Is there anything I could be doing differently so that the traceroute works?
marvell yukon GigE freezes the bootup
Hi! I have an Acer 7520G notebook with a Marvell Yukon gigabit ethernet card onboard. After the amd64 install, I get until this line with the bootup, and then nothing, it hangs: [...] mskc0 at pci2 dev 0 function 0 Marvell Yukon 88E8071 rev 0x15 Tried with both bsd and bsd.mp. I see on the msk(4) page, that the marvell devices are supported up to 88E806x. Is this 88E807 all that different from the previous ones? I would be more than happy to test anything and everything (patches, drivers etc...), provide more information, or answer any questions. Thanks! Daniel -- LIVAI Daniel Public key ID = 4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
Re: Turning NTFS on in GENERIC kernels
On Wed, Feb 06, 2008 at 11:33:16AM -0500, Josh Grosse wrote: On Wed, 6 Feb 2008 08:54:07 -0700, Darrin Chandler wrote On Tue, Feb 05, 2008 at 08:30:00PM -0500, Josh Grosse wrote: ntfs_readattr: offset too big: 595591168 (595656704) 595634176 ^ | Would this be (file_size 0x) by chance? --+ The file size was 4,890,601,472 bytes. $ moo 4890601472 \ 0x 0x2380a800 595634176 So it seems the size (at least at some point) in ntfs code is 32-bit, and higher bits are lost. I don't have any ntfs kernels (don't normally use it), and I can't be bothered to rebuild and track it down just now. ;-) -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: compat_linux(8) has 2GB filesize limit in 4.2-stable
The COMPAT_LINUX code is in dire need of an upgrade to match more recent linux kernels... I certainly agree. For example, I need to compile a custom OpenBSD kernel with this patch http://marc.info/?l=openbsd-miscm=119479722118605 just to get certain programs running under compat_linux.
Re: marvell yukon GigE freezes the bootup
A first start would be to tell us what version of OpenBSD you are running, and to send a full dmesg. If you are not running -current, you should try a snapshot. On 2/6/08, LIVAI Daniel [EMAIL PROTECTED] wrote: Hi! I have an Acer 7520G notebook with a Marvell Yukon gigabit ethernet card onboard. After the amd64 install, I get until this line with the bootup, and then nothing, it hangs: [...] mskc0 at pci2 dev 0 function 0 Marvell Yukon 88E8071 rev 0x15 Tried with both bsd and bsd.mp. I see on the msk(4) page, that the marvell devices are supported up to 88E806x. Is this 88E807 all that different from the previous ones? I would be more than happy to test anything and everything (patches, drivers etc...), provide more information, or answer any questions. Thanks! Daniel -- LIVAI Daniel Public key ID = 4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1 -- Pierre Riteau
Re: marvell yukon GigE freezes the bootup
On Wednesday 06 February 2008 17:57:00 you wrote: A first start would be to tell us what version of OpenBSD you are running, and to send a full dmesg. If you are not running -current, you should try a snapshot. Sorry, I forgot to mention that I'm running the latest available (01.28) snapshot. Full dmesg, well, that is going be tricky, I'll try my best. Thanks! On 2/6/08, LIVAI Daniel [EMAIL PROTECTED] wrote: Hi! I have an Acer 7520G notebook with a Marvell Yukon gigabit ethernet card onboard. After the amd64 install, I get until this line with the bootup, and then nothing, it hangs: [...] mskc0 at pci2 dev 0 function 0 Marvell Yukon 88E8071 rev 0x15 Tried with both bsd and bsd.mp. I see on the msk(4) page, that the marvell devices are supported up to 88E806x. Is this 88E807 all that different from the previous ones? I would be more than happy to test anything and everything (patches, drivers etc...), provide more information, or answer any questions. Daniel -- LIVAI Daniel Public key ID = 4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
Network Slowness Proliant DL380 G4
Greetings, It appears that I am having some major slowness issues on a HP Proliant DL380G4 after a fresh install of OpenBSD 4.2 i386 single processor kernel When running a iperf (http://dast.nlanr.net/Projects/Iperf/) test to a Linux host on the same physical subnet on the same physical switch we are seeing around 4Mb/sec on a Gigabit broadcom card. After changing the net.inet.tcp.sendspace and net.inet.tcp.sendspace to 262144 and running iperf again we see the speeds jump up to around 72Mb/sec which still seems slow since linux hosts on the same subnet are getting around 757Mb/sec on similar cards and hardware. I checked and my net.inet.ip.ifq.maxlen is set to 256 Should I be running a different test then iperf? Any thoughts on why I am seeing such low numbers for a Gigabit card? Any suggestions for system changes I should make? Any help is very much appreciated. The outputs of the iperf tests and dmesg are below. # /root/iperf-2.0.2/src/iperf -c 192.168.129.86 -d Server listening on TCP port 5001 TCP window size: 16.0 KByte (default) Client connecting to 192.168.129.86, TCP port 5001 TCP window size: 16.0 KByte (default) [ 6] local 192.168.129.86 port 35490 connected with 156.40.133.188 port 5001 [ 7] local 192.168.129.86 port 5001 connected with 156.40.133.188 port 52430 [ 6] 0.0-10.0 sec 5.12 MBytes 4.29 Mbits/sec [ 7] 0.0-10.1 sec 5.54 MBytes 4.61 Mbits/sec # sysctl -w net.inet.tcp.sendspace=262144 net.inet.tcp.sendspace: 16384 - 262144 # sysctl -w net.inet.tcp.recvspace=262144 net.inet.tcp.recvspace: 16384 - 262144 # /root/iperf-2.0.2/src/iperf -c 192.168.129.86 -d Server listening on TCP port 5001 TCP window size: 256 KByte (default) Client connecting to 192.168.129.86, TCP port 5001 TCP window size: 256 KByte (default) [ 6] local 192.168.129.86 port 45594 connected with 156.40.133.188 port 5001 [ 7] local 192.168.129.86 port 5001 connected with 156.40.133.188 port 50890 [ 6] 0.0-10.0 sec 86.0 MBytes 72.0 Mbits/sec [ 7] 0.0-10.0 sec 85.0 MBytes 71.1 Mbits/sec Dmesg: OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.60GHz (GenuineIntel 686-class) 3.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CNXT-ID,CX16,xTPR real mem = 3757613056 (3583MB) avail mem = 3650039808 (3480MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (58 entries) bios0: vendor HP version P51 date 08/26/2004 bios0: HP ProLiant DL380 G4 pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 7 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #10 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xee000/0x2000! acpi at mainbus0 not configured cpu0 at mainbus0 cpu0: Enhanced SpeedStep disabled by BIOS pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x0a ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0a pci1 at ppb0 bus 2 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci2 at ppb1 bus 3 bge0 at pci2 dev 1 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:0f:20:f7:52:f1 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 1 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:0f:20:f7:52:f0 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 ppb2 at pci1 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 4 ciss0 at pci3 dev 3 function 0 Compaq Smart Array 64xx rev 0x01: irq 5 ciss0: 1 LD, HW rev 1, FW 2.26/2.26 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 2.26 SCSI0 0/direct fixed sd0: 173639MB, 22135 cyl, 255 head, 63 sec, 512 bytes/sec, 355612800 sec total ppb3 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x0a pci4 at ppb3 bus 5 ppb4 at pci4 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci5 at ppb4 bus 6 ppb5 at pci4 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci6 at ppb5 bus 10 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 5 uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 5 uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: irq 5 ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci7 at ppb6 bus 1 vga1 at pci7 dev 3
Re: marvell yukon GigE freezes the bootup
On Wednesday 06 February 2008 18:02:58 you wrote: On Wednesday 06 February 2008 17:57:00 you wrote: A first start would be to tell us what version of OpenBSD you are running, and to send a full dmesg. If you are not running -current, you should try a snapshot. Sorry, I forgot to mention that I'm running the latest available (01.28) snapshot. Full dmesg, well, that is going be tricky, I'll try my best. Well, since I have time, I've typed in the dmesg :) real mem = 2145505280 (2046MB) avail mem = 2073567232 (1977MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x7fee3000 (37 entries) bios0: vendor Phoenix Technologies LTD version V1.14 date 08/17/2007 bios0: Acer TravelMate 7520 acpi0 at bios0: rev 2, can't enable ACPI cpu0 at mainbus0: (uniprocessor) cpu0: AMD Turion(tm) 64 X2 Mobile Technology TL-60, 1995.28 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 ATI RS690 Host rev 0x00 ppb0 at pci0 dev 2 function 0 ATI RS690M PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor ATI, unknown product 0x94c8 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ppb1 at pci0 dev 4 function 0 vendor ATI, unknown product 0x7914 rev 0x00 pci2 at ppb1 bus 2 mskc0 at pci2 dev 0 function 0 Marvell Yukon 88E8071 rev 0x15 -- LIVAI Daniel Public key ID = 4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
Rowiw korlevel
html only
Re: Network Slowness Proliant DL380 G4
OpenBSD's bge driver sucks big time, typical symptoms are very slow transfers, and incrementing errors (netstat -i). You can confirm this by booting $other_os_boot_cd and retesting. /Pete On 6 Feb 2008, at 6:33 PM, Mark Parsons wrote: Greetings, It appears that I am having some major slowness issues on a HP Proliant DL380G4 after a fresh install of OpenBSD 4.2 i386 single processor kernel When running a iperf (http://dast.nlanr.net/Projects/Iperf/) test to a Linux host on the same physical subnet on the same physical switch we are seeing around 4Mb/sec on a Gigabit broadcom card. After changing the net.inet.tcp.sendspace and net.inet.tcp.sendspace to 262144 and running iperf again we see the speeds jump up to around 72Mb/sec which still seems slow since linux hosts on the same subnet are getting around 757Mb/sec on similar cards and hardware. I checked and my net.inet.ip.ifq.maxlen is set to 256 Should I be running a different test then iperf? Any thoughts on why I am seeing such low numbers for a Gigabit card? Any suggestions for system changes I should make? Any help is very much appreciated. The outputs of the iperf tests and dmesg are below. # /root/iperf-2.0.2/src/iperf -c 192.168.129.86 -d Server listening on TCP port 5001 TCP window size: 16.0 KByte (default) Client connecting to 192.168.129.86, TCP port 5001 TCP window size: 16.0 KByte (default) [ 6] local 192.168.129.86 port 35490 connected with 156.40.133.188 port 5001 [ 7] local 192.168.129.86 port 5001 connected with 156.40.133.188 port 52430 [ 6] 0.0-10.0 sec 5.12 MBytes 4.29 Mbits/sec [ 7] 0.0-10.1 sec 5.54 MBytes 4.61 Mbits/sec # sysctl -w net.inet.tcp.sendspace=262144 net.inet.tcp.sendspace: 16384 - 262144 # sysctl -w net.inet.tcp.recvspace=262144 net.inet.tcp.recvspace: 16384 - 262144 # /root/iperf-2.0.2/src/iperf -c 192.168.129.86 -d Server listening on TCP port 5001 TCP window size: 256 KByte (default) Client connecting to 192.168.129.86, TCP port 5001 TCP window size: 256 KByte (default) [ 6] local 192.168.129.86 port 45594 connected with 156.40.133.188 port 5001 [ 7] local 192.168.129.86 port 5001 connected with 156.40.133.188 port 50890 [ 6] 0.0-10.0 sec 86.0 MBytes 72.0 Mbits/sec [ 7] 0.0-10.0 sec 85.0 MBytes 71.1 Mbits/sec Dmesg: OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.60GHz (GenuineIntel 686-class) 3.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3 6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS- CPL,EST,TM2,CNXT-ID,CX16,xTPR real mem = 3757613056 (3583MB) avail mem = 3650039808 (3480MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (58 entries) bios0: vendor HP version P51 date 08/26/2004 bios0: HP ProLiant DL380 G4 pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 7 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #10 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xee000/0x2000! acpi at mainbus0 not configured cpu0 at mainbus0 cpu0: Enhanced SpeedStep disabled by BIOS pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x0a ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0a pci1 at ppb0 bus 2 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci2 at ppb1 bus 3 bge0 at pci2 dev 1 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:0f:20:f7:52:f1 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 1 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:0f:20:f7:52:f0 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 ppb2 at pci1 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 4 ciss0 at pci3 dev 3 function 0 Compaq Smart Array 64xx rev 0x01: irq 5 ciss0: 1 LD, HW rev 1, FW 2.26/2.26 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 2.26 SCSI0 0/ direct fixed sd0: 173639MB, 22135 cyl, 255 head, 63 sec, 512 bytes/sec, 355612800 sec total ppb3 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x0a pci4 at ppb3 bus 5 ppb4 at pci4 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci5 at ppb4 bus 6 ppb5 at pci4 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci6 at ppb5 bus 10 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 5 uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 5 uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB
How to specify 256bit AES keys in Automatic Keying mode for ipsecctl
Hello Misc, While I was reading through the man pages for ipsec.conf and ipsecctl, I noticed that for automatic keying there is no way to specify any type of key size. I was wondering if anyone know of a way to do that, because I am very interested in setting up strong crypto ipsec tunnels using AES with 256bit keys, and ipsec.conf says AES only uses 128bit keys. I'm sure it can be done in Manual Keying mode, as I've used blowfish up to 448bit keys in manual mode, however I would really like to use Automatic Keying mode in a future installation I am planning.
serious weakness in OpenBSD's PRNG
http://readlist.com/lists/securityfocus.com/bugtraq/4/22004.html As you may appreciate, this enables DNS cache poisoning for OpenBSD much like my earlier attacks on BIND 9, BIND 8 and Microsoft Windows DNS server. Interestingly enough, OpenBSD uses a flavor of this PRNG for another field, this time the IP fragmentation ID, part of the OpenBSD kernel network stack. The analysis carries out quite similarly to show that OpenBSD's IP ID is predictable as well, which gives way to O/S fingerprinting, idle-scanning, host alias detection, traffic analysis, and in some cases, even to TCP blind data injection. FreeBSD, NetBSD and DragonFlyBSD committed a fix to their respective source code trees. OpenBSD decided not to fix, and Apple refused to provide any schedule for such fix. As well as ([5], by the OpenBSD project coordinator): We had gone through great efforts with the CORE guys (who did the math side of our non-repeating random number generator) to make sure that attacks of that kind [predicting DNS transaction ID] would not be feasable [sic]. On December 18th, 2007, OpenBSDs coordinator stated, in an email, that [OpenBSD is] completely uninterested in the problem and that [the] problem [...] is completely irrelevant in the real world. This is in direct contrast to statements and opinions made by the OpenBSD team recently, e.g. [4], [5] and [26]. The full paper is available at the following URL: http://www.trusteer.com/docs/dnsopenbsd.html
/usr/include/ headers in the kernel source
Hi all, I've downloaded the OpenBSD 4.2 current source tree to my 4.2 release machine. Then I've made small modifications to my kernel, but when I run make depend I get the following error messages: /usr/src/sys/kern/kern_sysctl.c:91:21: ifaddrs.h: No such file or directory /usr/src/sys/kern/kern_sysctl.c:92:17: err.h: No such file or directory /usr/src/sys/kern/kern_sysctl.c:93:19: ctype.h: No such file or directory I've already read style(9) and even made some search on the web, but I could not find a thing. So I would like to hear from you where I could find information about this issue or if it is possible to use /usr/include headers in the kernel (I guess so because I've seen this in other kernel files) adnd if it links to user libraries. Thanks in advance for the time wasted reading this e-mail. -- Joao Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: /usr/include/ headers in the kernel source
On Feb 6, 2008 9:00 PM, Joco Salvatti [EMAIL PROTECTED] wrote: Hi all, I've downloaded the OpenBSD 4.2 current source tree to my 4.2 release machine. Then I've made small modifications to my kernel, but when I run make depend I get the following error messages: /usr/src/sys/kern/kern_sysctl.c:91:21: ifaddrs.h: No such file or directory /usr/src/sys/kern/kern_sysctl.c:92:17: err.h: No such file or directory /usr/src/sys/kern/kern_sysctl.c:93:19: ctype.h: No such file or directory I've already read style(9) and even made some search on the web, but I could not find a thing. So I would like to hear from you where I could find information about this issue or if it is possible to use /usr/include headers in the kernel (I guess so because I've seen this in other kernel files) adnd if it links to user libraries. Thanks in advance for the time wasted reading this e-mail. -- Joao Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED] You should upgrade to a snapshot before. This is in the FAQ... -- Pierre Riteau
Re: WAP setup problems
Hello, Original-Nachricht Datum: Tue, 05 Feb 2008 18:55:43 -0700 Von: Brian Richardson [EMAIL PROTECTED] An: Stefan Kell [EMAIL PROTECTED] CC: misc@openbsd.org Betreff: Re: WAP setup problems Stefan Kell wrote: Did you try using one shared-network with two different subnets? You can find an example within man dhcpd.conf. Yes, I did, with the same effect. Brian some other questions: why a bridge and why not simple router with pf? What is your bridge configuration? Regards Stefan Kell
RESPONSE REQUIRED: Confirm your request for information from [EMAIL PROTECTED]
Recibimos su peticion de informacion acerca de como comprar Negocios o Franquicias en USA o en cualquier parte de latino America, para cumplir con todas las reglamentaciones necesarias queremos obtener su permiso primero. Para poder enviarle informacion de como realizar estas transacciones u oportunidades disponibles. --- CONFIRM BY VISITING THE LINK BELOW: http://www.aweber.com/z/c/?rycw3ctpbxg2q2s4md5ty03a2g==7772 Click the link above to give us permission to send you information. It's fast and easy! If you cannot click the full URL above, please copy and paste it into your web browser. --- If you do not want to subscribe, simply ignore this message. Gracias por suscribirse El equipo de Compresunegocio.com 2611 FM 19060 W, houston, TX 77068, USA Request generated by: IP: 216.215.91.17 Date: February 6, 2008 14:29 EST
Re: WAP setup problems
On Feb 6, 2008 1:10 PM, Stefan Kell [EMAIL PROTECTED] wrote: some other questions: why a bridge and why not simple router with pf? PF can be used to filter on a bridge. See Section 6.9 of the FAQ for an example.
OpenBSD as Xen domU
I'm looking to replace a Linux domU with a BSD one, preferably OpenBSD. Anyone any success running stable OpenBSD (FreeBSD would also suffice) as domU in a Xen system? If so, willing to share config / how-to / experience? Kind regards, Doichin
Re: Network Slowness Proliant DL380 G4
On 2008/02/06 19:19, Pete Vickers wrote: OpenBSD's bge driver sucks big time, typical symptoms are very slow transfers, and incrementing errors (netstat -i). the Ierrs are only on some bge chips (BCM5704C is the most common one), but it does totally suck if you try and run OSPF on them. there's a diff in kernel/5699 for that problem. I see 240Mb/s on a single ftp transfer from my file server (BCM5704C) if I bump socket buffers up to 256KB. You can confirm this by booting $other_os_boot_cd and retesting. iperf doesn't work very well on OpenBSD (threads). configure the OpenBSD box as a router and pass packets through it from some other OS as a source, or use some other software.
Re: OpenBSD as Xen domU
It's work but I had really bad performances with the network (timeout on the interface re). Dmesg: http://www.openbsd-france.org/ml/archives/msg02494.html On jeu, 2008-02-07 at 00:29 +0200, NetOne - Doichin Dokov wrote: I'm looking to replace a Linux domU with a BSD one, preferably OpenBSD. Anyone any success running stable OpenBSD (FreeBSD would also suffice) as domU in a Xen system? If so, willing to share config / how-to / experience? Kind regards, Doichin
Re: problem booting on other partition than hd0a
On 13:36 Wed 06 Feb , Jean-Yves Boisiaud wrote: I change the /etc/boot.conf, which now is : set tty com0 stty com0 19200 set timeout 5 boot hd0b:/bsd try set device hd0b instead of the last line... -- If you don't remember something, it never existed... If you aren't remembered, you never existed... I don't quite understand what love is like... But if there was someone who liked me, I'd be happy.
Re: OpenBSD as Xen domU
OpenBSD as DomU works using hardware virtualization for me. There's
the occasional lockup that I haven't looked into too much. You can
launch vncviewer to get a console. My working config is at the bottom.
John
On Wed, Feb 06, 2008 at 11:55:05PM +0100, Julien Cabillot wrote:
It's work but I had really bad performances with the network (timeout on
the interface re).
Dmesg: http://www.openbsd-france.org/ml/archives/msg02494.html
I found that setting the vif interface to 'model=ne2k_pci' helps with
the timeouts.
On jeu, 2008-02-07 at 00:29 +0200, NetOne - Doichin Dokov wrote:
I'm looking to replace a Linux domU with a BSD one, preferably OpenBSD.
Anyone any success running stable OpenBSD (FreeBSD would also suffice)
as domU in a Xen system? If so, willing to share config / how-to /
experience?
Kind regards,
Doichin
Here's a working Xen config:
=
import os, re
arch = os.uname()[4]
if re.search('64', arch):
arch_libdir = 'lib64'
else:
arch_libdir = 'lib'
kernel = /usr/lib/xen/boot/hvmloader
builder='hvm'
memory = 256
name = obsd
pae=0
vif = [ 'type=ioemu, mac=00:16:3e:7d:be:ef, model=ne2k_pci' ]
disk = [
'file:/disk/homer.disk,hda,w','file:/disk/obsd42_amd64.iso,ioemu:hdc:cdrom,r' ]
device_model = '/usr/' + arch_libdir + '/xen/bin/qemu-dm'
boot='cd'
sdl=0
vnc=1
vncviewer=0
nographic=0
stdvga=0
serial='pty'
ne2000=1
audio=0
localtime=1
=
Re: Authenticate squid in Active Directory
On Wed, Feb 06, 2008 at 02:42:02PM +0200, Lars Nood?n wrote: Brett Lymn wrote: Oddly this non-standard AD seems to interoperate with the Solaris ldap client, an openldap client and with MIT kerberos just fine. Seems to, or actually does? Or can be be pounded in after agreeing to non-Open licenses? Alright. I am Australian and we are renowned for understating things. Just to make it crystal clear for you Lars, I have used squid integrated with Active Directory authentication using purely open source tools (samba winbindd, MIT kerberos 5, openldap) for _years_. It works - no ifs no buts, it just goes. I can bind our Solaris machines to the AD domain using samba, the AD management shows those machines as valid clients in the AD forest. Point me to some more recent articles or documentation (without NDA requirements) which counter the following: Lars, you are an idiot. You are throwing up 8 year old articles describing problems with operating systems that are now obsolete. As others have pointed out, what you are pointing at are non-issues and MS has followed the RFC's. What I am saying is that without careful planning, injudicious use of the patch leads to further entrenchment of an unsound service and the unsound system in which it is embedded rather than as a transition to a more stable, secure and maintainable infrastructure. Ah - you actually failed to answer that bit from my initial message. I am wondering what this mythical infrastructure you write of is. -- Brett Lymn Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer.
Re: Turning NTFS on in GENERIC kernels
On Feb 5, 2008 10:19 PM, Antti Harri [EMAIL PROTECTED] wrote: Funny thing, I haven't really *ever* used NTFS (on any OS) but couple of days ago I wanted to transfer file to NTFS partition and couldn't because the kernel lacked the driver. So instead of recompiling kernel I copied it over to USB stick also because the file was very small. you can use ntfsprogs to write (some) files.
Re: Turning NTFS on in GENERIC kernels
On Feb 5, 2008 3:49 PM, STeve Andre' [EMAIL PROTECTED] wrote: I'd like to suggest that NTFS be enabled by default in GENERIC; I realize that it can't be in the boot media because of size, but for general work not having to compile a non-standard kernel would be a win for a lot of people. Making it read-only as the default would be the way to do it. one thing is that inclusion in generic implies some level of support, that nobody may care to offer. the ntfs code itself comes from a basically dead upstream source.
Re: Turning NTFS on in GENERIC kernels
On Wednesday 06 February 2008 19:07:30 Ted Unangst wrote: On Feb 5, 2008 3:49 PM, STeve Andre' [EMAIL PROTECTED] wrote: I'd like to suggest that NTFS be enabled by default in GENERIC; I realize that it can't be in the boot media because of size, but for general work not having to compile a non-standard kernel would be a win for a lot of people. Making it read-only as the default would be the way to do it. one thing is that inclusion in generic implies some level of support, that nobody may care to offer. the ntfs code itself comes from a basically dead upstream source. Good point Ted. I withdraw my suggestion, at least 'till the 4G bug is fixed. NTFS is sadly increasingly useful to have lying around. cough --STeve Andre'
Re: OpenBSD as Xen domU
You can use Christoph Egger's OpenBSD/Xen port. No need to go
HVM-only. Unfortunately, my own website is down right now and I
haven't gotten around to fixing that, but the Wayback Machine has the
relevant page:
http://web.archive.org/web/20070403174105/http://ropersonline.com/openbsd/xen/
Also, search the misc archives. This question crops up fairly
regularly. and each time most people don't seem to know of Christoph
Egger's port (and each time I then try to tell people about it again
-- if I catch the message, but I don't always do and sometimes things
fall through the cracks here).
Thanks and regards,
--ropers
On 07/02/2008, John Jackson [EMAIL PROTECTED] wrote:
OpenBSD as DomU works using hardware virtualization for me. There's
the occasional lockup that I haven't looked into too much. You can
launch vncviewer to get a console. My working config is at the bottom.
John
On Wed, Feb 06, 2008 at 11:55:05PM +0100, Julien Cabillot wrote:
It's work but I had really bad performances with the network (timeout on
the interface re).
Dmesg: http://www.openbsd-france.org/ml/archives/msg02494.html
I found that setting the vif interface to 'model=ne2k_pci' helps with
the timeouts.
On jeu, 2008-02-07 at 00:29 +0200, NetOne - Doichin Dokov wrote:
I'm looking to replace a Linux domU with a BSD one, preferably OpenBSD.
Anyone any success running stable OpenBSD (FreeBSD would also suffice)
as domU in a Xen system? If so, willing to share config / how-to /
experience?
Kind regards,
Doichin
Here's a working Xen config:
=
import os, re
arch = os.uname()[4]
if re.search('64', arch):
arch_libdir = 'lib64'
else:
arch_libdir = 'lib'
kernel = /usr/lib/xen/boot/hvmloader
builder='hvm'
memory = 256
name = obsd
pae=0
vif = [ 'type=ioemu, mac=00:16:3e:7d:be:ef, model=ne2k_pci' ]
disk = [
'file:/disk/homer.disk,hda,w','file:/disk/obsd42_amd64.iso,ioemu:hdc:cdrom,r'
]
device_model = '/usr/' + arch_libdir + '/xen/bin/qemu-dm'
boot='cd'
sdl=0
vnc=1
vncviewer=0
nographic=0
stdvga=0
serial='pty'
ne2000=1
audio=0
localtime=1
=
--
www.ropersonline.com
blade servers
Does anyone run OpenBSD on blade servers? I don't mean Sun Blade 150 kind of hardware, but rather blade chassis with server blades (a la Sun Blade 8000, HP, Dell, etc.). I'd appreciate any details... I'm having a bit of trouble finding anything conclusive about OpenBSD on blades. Thanks in advance...
Inexpensive networking.
Part of my job description is to come as close as possible to doing everything with no resources. (My entire IT budget for this year is $6K. That includes internet connectivity, all repairs, all infra-structure costs, and all core software. About $100/computer) THIS year I have about 4K for servers. I get to replace my pair of 1 GHz 256MB boxes with something a bit faster, more reliable and more spacious.) I was given a stack of 3 com SuperStack II and III switches. I picked up a set of matrix cables off eBay, and since one of the switches had the matrix module, I was able to put 4 in a stack. This made a huge difference. At class shift, login times dropped from 3-4 minutes to 30 seconds. At present the one with the matrix module is connected to the servers. Everyone else talks to the other three. HOWEVER, these switches are dying like flies at a RAID show. I've had 5 of them die in the last 3 months. (I also use them in classrooms -- Overkill, for 3-4 computers in a classroom, but, as I said, the price is right.) In effort to stem the bloody tide, I've remounted them on the rack with 2 rack holes between each, to improve the air cooling. I'm wandering. New servers (wow! NEW, not second hand) are coming in. I'd like to set up a tiered structure, with the server switch being a GB switch, the second level switches being 1 GB uplink + 100 MBit to the desk top. Use 3 24 port ones in the wiring closet, and 12 port ones out in the classrooms. So I went to 3com's web site. Got frustrated as hell trying to find what I was looking for. Went to Cisco's site. No better, but they answered the phone. Their switches are pricey. 8 port with 1 GB uplink are $800. 24 port GB $3300. Go to Dell's site, and the numbers are a lot cheaper. Even for web managed (semi-managed) switches I could chop a digit off of prices. E.g. a 24 port GB switch for about $300, an 8 port GB switch for $100. Then don't sell semi-managed switches that have just 1 or 2 GB ports. So I could put GB to the desktop -- except that my wiring is only Cat 5, and I don't really need GB at the desktop. So, question time: 1. Why is a cisco 2960-PT-ATTL eleven times the price of a Dell PowerConnect 2724? 2. I figure there is less likely to be gotchas if all my core switches are from the same vendor. What vendors do you recommend for inexpensive switches. Cautionary tales?
RNG and intel 815 support
I have an Intel D815EEA2 motherboard; its spec is supposed to include the RNG hardware; however, the dmesg output is void of any indication that obsd discovered or uses it. Is there something I need to do? Thanks, # --- rebooting... OpenBSD 4.2 (GENERIC) #2: Sat Feb 2 13:34:39 EST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 535130112 (510MB) avail mem = 510345216 (486MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/06/02, BIOS32 rev. 0 @ 0xfda74, SMBIOS rev. 2.3 @ 0xf1090 (58 entries) bios0: vendor Intel Corp. version EA81520A.86A.0039.P21.0211061753 date 11/06/2002 bios0: Intel Corporation D815EEA2 apm at bios0 function 0x15 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2a10/224 (12 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xc000 acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP SSDT acpitimer0 at acpi0: 3579545 Hz, 24 bits acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table FACP not configured acpi device at acpi0 from table SSDT not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PCI1) acpicpu0 at acpi0 acpibtn0 at acpi0: PBTN cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82815 Hub rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82815 Graphics rev 0x02: aperture at 0xf800, size 0x400 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb0 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x02 pci1 at ppb0 bus 1 fxp0 at pci1 dev 8 function 0 Intel 82562 rev 0x01, i82562: irq 4, address 00:03:47:8a:7e:4f inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0 em0 at pci1 dev 9 function 0 Intel PRO/1000MT (82546GB) rev 0x03: irq 7, address 00:04:23:a6:82:64 em1 at pci1 dev 9 function 1 Intel PRO/1000MT (82546GB) rev 0x03: irq 3, address 00:04:23:a6:82:65 em2 at pci1 dev 13 function 0 Intel PRO/1000MT (82546GB) rev 0x03: irq 7, address 00:04:23:a5:97:10 em3 at pci1 dev 13 function 1 Intel PRO/1000MT (82546GB) rev 0x03: irq 3, address 00:04:23:a5:97:11 ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: LEXAR ATA FLASH wd0: 4-sector PIO, LBA, 246MB, 503808 sectors wd0(pciide0:0:0): using PIO mode 4 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: NEC, CD-ROM DRIVE:28D, 3.03 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x02: irq 10 ichiic0 at pci0 dev 31 function 3 Intel 82801BA SMBus rev 0x02: irq 6 iic0 at ichiic0 admtm0 at iic0 addr 0x2d: adm1025 uhci1 at pci0 dev 31 function 4 Intel 82801BA USB rev 0x02: irq 9 auich0 at pci0 dev 31 function 5 Intel 82801BA AC97 rev 0x02: irq 6, ICH2 AC97 ac97: codec id 0x41445360 (Analog Devices AD1885) ac97: codec features headphone, Analog Devices Phat Stereo audio0 at auich0 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb0 at uhci0: USB revision 1.0 uhub0 at usb0: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb1 at uhci1: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 biomask ff65 netmask fffd ttymask pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support uhub2 at uhub1 port 2: Texas Instruments TUSB2046 hub, rev 1.10/1.25, addr 2 uhidev0 at uhub2 port 1 configuration 1 interface 0 uhidev0: ATEN 4 Port USB KVM B V1.60, rev 1.10/1.00, addr 3, iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes, country code 3 wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub2 port 1 configuration 1 interface 1 uhidev1: ATEN 4 Port USB KVM B V1.60, rev 1.10/1.00, addr 3, iclass 3/1 ums0 at uhidev1: 5 buttons and Z dir. wsmouse0 at ums0 mux 0 dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b [EMAIL PROTECTED]:~ (0)# # ---
Re: Inexpensive networking.
On Feb 6, 2008, at 9:28 PM, Sherwood Botsford wrote: Part of my job description is to come as close as possible to doing everything with no resources. (My entire IT budget for this year is $6K. That includes internet connectivity, all repairs, all infra- structure costs, and all core software. About $100/computer) THIS year I have about 4K for servers. I get to replace my pair of 1 GHz 256MB boxes with something a bit faster, more reliable and more spacious.) I was given a stack of 3 com SuperStack II and III switches. I picked up a set of matrix cables off eBay, and since one of the switches had the matrix module, I was able to put 4 in a stack. This made a huge difference. At class shift, login times dropped from 3-4 minutes to 30 seconds. At present the one with the matrix module is connected to the servers. Everyone else talks to the other three. HOWEVER, these switches are dying like flies at a RAID show. I've had 5 of them die in the last 3 months. (I also use them in classrooms -- Overkill, for 3-4 computers in a classroom, but, as I said, the price is right.) In effort to stem the bloody tide, I've remounted them on the rack with 2 rack holes between each, to improve the air cooling. I'm wandering. New servers (wow! NEW, not second hand) are coming in. I'd like to set up a tiered structure, with the server switch being a GB switch, the second level switches being 1 GB uplink + 100 MBit to the desk top. Use 3 24 port ones in the wiring closet, and 12 port ones out in the classrooms. So I went to 3com's web site. Got frustrated as hell trying to find what I was looking for. Went to Cisco's site. No better, but they answered the phone. Their switches are pricey. 8 port with 1 GB uplink are $800. 24 port GB $3300. Go to Dell's site, and the numbers are a lot cheaper. Even for web managed (semi-managed) switches I could chop a digit off of prices. E.g. a 24 port GB switch for about $300, an 8 port GB switch for $100. Then don't sell semi-managed switches that have just 1 or 2 GB ports. So I could put GB to the desktop -- except that my wiring is only Cat 5, and I don't really need GB at the desktop. So, question time: 1. Why is a cisco 2960-PT-ATTL eleven times the price of a Dell PowerConnect 2724? Seriously, do you even have to ask? Compare the feature spec list. (note: this is not an endorsement of Cisco switches, just that anyone could compare the feature set of these two switches and see the differences) 2. I figure there is less likely to be gotchas if all my core switches are from the same vendor. What vendors do you recommend for inexpensive switches. Go used, but find something easily replaceable (either as a whole in quantity or per module, e.g. HP ProCurve 400M). Cautionary tales? You get what you pay for. Sometimes you don't. Every vendor has a crappy model. I like the Cisco 2900 series. Lately I've been working with Foundry. Better bang for the buck than Cisco, IMHO. But you really should be looking at used switches. There are plenty of quality used switches on eBay, but... it helps to know what your feature requirements are. All you've mentioned are port speed and web-management. If you don't need any *real* features from your switches, go really cheap and pick up some Netgears from your office supply shop. They're dumb, hard to screw up, and plentiful in your local area. --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Auto driver club
No money for a listnig your business! If you are not going to sell or buy a car, so you can delete this message. You never recieve new one. It is just one time promotion www.autodriversclub.com http://www.autodriversclub.com/ Now, you can advertise your business for free or sell your car - no pushing, no recurring! Promo Code: E845882 Secure registration: https://secure.nyszone.com/autotrader/Default.aspx https://secure.nyszone.com/autotrader/Default.aspx Payment is not requirement at time of registration. If you even do not use this account, your discount will be as long as life time. --- Thank you, AUTO DRIVERS CLUB AUTO TRADER NYS ZONE, INC 707 N.Broad str, Elizabeth, NJ --- If you'd never sold your car, please send empty email on [EMAIL PROTECTED] Note: This is not an unsolicited email. However if you do not wish to receive emails please unsubscribe [EMAIL PROTECTED]
Re: multi-disk external scsi enclosures
Douglas A. Tutty wrote: What about a Compaq Proliant 2500R on eBay for $300? max 1 GB ram, 1 PCI bus over 6 slots, dual Pentium Pro 166 MHz 4 bays + 2 1/2 height bays (for media) + CDROM and floppy A 2500R for $300? I hope that's $25 plus $275 shipping. Not a bad machine, although MP might not work. You can probably overclock it to 233, but somehow I don't think that's what you're going for.
Re: Inexpensive networking.
On Wed, Feb 06, 2008 at 07:28:01PM -0700, Sherwood Botsford wrote: HOWEVER, these switches are dying like flies at a RAID show. I've had 5 of them die in the last 3 months. (I also use them in classrooms -- Overkill, for 3-4 computers in a classroom, but, as I said, the price is right.) In effort to stem the bloody tide, I've remounted them on the rack with 2 rack holes between each, to improve the air cooling. I'm wandering. New servers (wow! NEW, not second hand) are coming in. I'd like to set up a tiered structure, with the server switch being a GB switch, the second level switches being 1 GB uplink + 100 MBit to the desk top. Use 3 24 port ones in the wiring closet, and 12 port ones out in the classrooms. So I could put GB to the desktop -- except that my wiring is only Cat 5, and I don't really need GB at the desktop. So, question time: I don't have an answer to either question. However, I do have questions of my own. This is just me, but here's how I'd approach it. 1. Given that for any switch, the more ports, the faster the hardware in it has to be, therefore the more expensive (not just for a bigger box and more connectors). I would determine a range of connections in each classroom (the number of them). E.g. if its 3-4 desktops, don't spend money on a 16 port switch unless its free, or unless you can use 1-16 port switch for 4 classrooms. 2. Determine the level of service to the desktop: i.e. the speed required. Partly, this is a function of what you expect the students to do. If they only need email and simple web browsing, they don't need a network speed to allow them to play interactive games. Do they really need more than 10 MB/s? 3. Determine the traffic flow which you expect these switches to cater to. If the desktops will be communicating with each other between classrooms (within the classroom is covered by the classroom switch), then it makes sense to go with a tiered setup straight off if there are logical groupings. 4. If your building cableing will only handle 100 MB/s and not 1000 MB/s, then upgrading that will cost a lot (depending on the physical plant) and its worth is dependant on question 2. Once these questions are answered, you can then come up with 3 or 4 different ways of doing it, then price each out. If in your plan you find you need 6-port 10/100 switches for the classrooms, it can be hard to beat the little blue linksys boxes. I know that they are dinky home units but at under $10? Put one in each classroom and run 100 MB/s to the upstream server and configure the desktops to only link at 10 MB/s (the switches themselves aren't manageable that I know of). Then spend the money on good upstream switches. Its OK for a classroom to go down for a few minutes if a little switch goes (have a spare on hand), but you don't want the buidling infrastructure to go down. Just my uninformed 2 cents. Doug.
Re: Inexpensive networking.
On Feb 6, 2008 9:28 PM, Sherwood Botsford [EMAIL PROTECTED] wrote: Part of my job description is to come as close as possible to doing everything with no resources. (My entire IT budget for this year is $6K. That includes internet connectivity, all repairs, Are things really that tight? How do they afford your salary then? $100/computer) THIS year I have about 4K for servers. I get to replace my pair of 1 GHz 256MB boxes with something a bit faster, more reliable and more spacious.) Do you really need to? Sometimes more ram is enough. Do you _need_ to, or do you _want_ to? I still have 2 machines running Pentium 3s from 5-6 years ago, and I really _want_ to upgrade them. For example, the server this laptop goes out over. I can't even put more than 512MB on this motherboard!! But I'm at 99% idle. I don't _need_ to. HOWEVER, these switches are dying like flies at a RAID show. Never heard of that expression. I've had 5 of them die in the last 3 months. (I also use them in classrooms -- Overkill, for 3-4 computers in a classroom, but, as I said, the price is right.) In effort to stem the bloody tide, I've remounted them on the rack with 2 rack holes between each, to improve the air cooling. Buy a $20 fan and point it at them. Heck, splurge a little, and buy two. So I went to 3com's web site. Got frustrated as hell trying to find what I was looking for. Went to Cisco's site. No better, but they answered the phone. Their switches are pricey. 8 port with 1 GB uplink are $800. 24 port GB $3300. And if you're a large corporate customer, you can get up to 50% off. Or if you're an educational or non-profit, you might be able to get something from them too. Have you looked around for people disposing/upgrading their equipment? web managed (semi-managed) switches I could chop a digit off of prices. E.g. a 24 port GB switch for about $300, an 8 port GB switch for $100. Then don't sell semi-managed switches that have just 1 or 2 GB ports. Dell powerconnect switches used to suck _REALLY_ bad. But if I'm going to use a cheap switch, I might as well go with something like a dlink. 1. Why is a cisco 2960-PT-ATTL eleven times the price of a Dell PowerConnect 2724? Silly question. Because they can, and because people will pay for it. 2. I figure there is less likely to be gotchas if all my core switches are from the same vendor. What vendors do you recommend for inexpensive switches. I've heard OK things about dlink. They have some 24 port switches. I'm not sure why you'd need _managed_ switches, in your environment. Cautionary tales? Buying stuff you have no need for. Do you really _need_ managed switches? What kind of management would you need? Even for your servers - do you _NEED_ gigabit? Your environment is small enough not to need that, I think. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: Inexpensive networking.
Sherwood Botsford wrote: So I went to 3com's web site. Got frustrated as hell trying to find what I was looking for. 3com still makes switches? 1. Why is a cisco 2960-PT-ATTL eleven times the price of a Dell PowerConnect 2724? Because it's painted that special blue-green color and has a picture of a bridge on the front. Most of the 2960s are also PoE, which you probably don't need. 2. I figure there is less likely to be gotchas if all my core switches are from the same vendor. What vendors do you recommend for inexpensive switches. Why not ebay some old Cisco 2948G or 2980G switches? They last forever, and they're cheap now because they run CatOS instead of IOS so nobody wants them.
Re: Inexpensive networking.
Douglas A. Tutty wrote: Put one in each classroom and run 100 MB/s to the upstream server and configure the desktops to only link at 10 MB/s Why force them at 10?
Re: WAP setup problems
Stefan Kell wrote: some other questions: why a bridge and why not simple router with pf? What is your bridge configuration? vr0 is internal interface. ral0 is wireless interface. brconfig bridge0 add ral0 brconfig bridge0 add vr0 brconfig bridge0 rulefile /etc/bridge0.rules /etc/bridge0.rules: pass in on ral0 src 11:de:ad:be:ef:11 pass out on vr0 dst 11:de:ad:be:ef:11 block in/out on ral0 As to why the bridge? I'm not aware of any other way to use MAC filtering to limit access to the external interface. Regards, Brian
Re: Inexpensive networking.
On Feb 6, 2008 9:38 PM, Jason Dixon [EMAIL PROTECTED] wrote: On Feb 6, 2008, at 9:28 PM, Sherwood Botsford wrote: 2. I figure there is less likely to be gotchas if all my core switches are from the same vendor. What vendors do you recommend for inexpensive switches. Go used, but find something easily replaceable (either as a whole in quantity or per module, e.g. HP ProCurve 400M). Cautionary tales? I have one. At a previous place, the NotWork Engineer [TM] managed to convince management to let him buy some extreme switches from ebay, let him _resell_ it back to the company, and then the company can call extreme up to buy warranty on them. So he bought a huge batch of extreme switches for a damned good price. They started dying. Called extreme up to look at warranty options. Extreme asked for serial numbers. It turns out that the batch Mr. NotWork Engineer bought were part of a bad batch of hardware. Extreme declined to sell warranty for those switches. Also, apparently there are people selling fake cisco boxes on ebay. So, original poster, if you know what you're buying, and if you do not require warranty, go ebay. Else, I'd follow Douglas and Jason's advice. Do you _need_ that, or do you _want_ that? Nowadays, netgear, dlink, linksys makes some decent and cheap switches. If all you need is 3-4 ports a class room, you don't even need to pull lots of cables back to your switch closet, one is enough. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: WAP setup problems
James Hartley wrote: PF can be used to filter on a bridge. See Section 6.9 of the FAQ for an example. I saw the tagging example. But I'm having trouble seeing how it can be applied simply to DHCP traffic. I want to limit the number of rules I use, so I use simple pass in/out with explicit block rules. Regards, Brian
RAID easy disk replacement for datacenter employees
I'm about to send an OpenBSD server to a datacenter for a client and we need RAID in case a hard disk fails. I need answers from people who have real world hands-on experience and can tell me what to use so that, if a drive fails all that's needed is a datacenter employee to walk over, pull a 3.5 out of a 5.25 enclosure behind the door of the 4U case and insert a new drive while leaving the system up and running. If the drive fails during or between a system restart, which RAID controllers that work with OpenBSD will simply use the working drive and continue booting/running as normal? Is there hardware that will handle writing the data to a replacement drive automatically or can be interfaced with to do so with a shell? What RAID hardware can give userland programs the status of the drives?
Re: multi-disk external scsi enclosures
On Wed, Feb 06, 2008 at 09:54:05PM -0500, Steve Shockley wrote: Douglas A. Tutty wrote: What about a Compaq Proliant 2500R on eBay for $300? max 1 GB ram, 1 PCI bus over 6 slots, dual Pentium Pro 166 MHz 4 bays + 2 1/2 height bays (for media) + CDROM and floppy A 2500R for $300? I hope that's $25 plus $275 shipping. Not a bad machine, although MP might not work. You can probably overclock it to 233, but somehow I don't think that's what you're going for. Nice to know that its not a bad machine, but yest its $300. The auctions expired, but there was also a 5000 for $300, and now there's a 4500R for $249. Since you know these machines (and I've never touched seen one): servers seem to take hot-plug drives. Does this tie one into buying e.g. HP drives since they'll have the carrier, or can one get empty carriers and plunk in a suitable SCSI drive? Does this matter? If the drives and carriers are inseperable, then when HP decides to stop selling them, then no new drives can be had. However, if once one has the carriers, one can swap drives in them, then future upgrades are easier. Does anyone make a universal hot-plug carrier or do the styles keep changing to keep you going back to HP? Thanks, Doug.
Re: /usr/include/ headers in the kernel source
On Wed, 6 Feb 2008, Joco Salvatti wrote: Hi all, I've downloaded the OpenBSD 4.2 current source tree to my 4.2 release machine. Then I've made small modifications to my kernel, but when I run make depend I get the following error messages: /usr/src/sys/kern/kern_sysctl.c:91:21: ifaddrs.h: No such file or directory /usr/src/sys/kern/kern_sysctl.c:92:17: err.h: No such file or directory /usr/src/sys/kern/kern_sysctl.c:93:19: ctype.h: No such file or directory I've already read style(9) and even made some search on the web, but I could not find a thing. So I would like to hear from you where I could find information about this issue or if it is possible to use /usr/include headers in the kernel (I guess so because I've seen this in other kernel files) adnd if it links to user libraries. The three include files are userland includes. You can't use them in kernel source. A quick search in the sys tree didn't find any reference to ifaddrs.h. err.h and ctype.h are in some utilities in the sys tree but not in any kernel sources. the kernel doesn't link with any userland libraries. -moj Thanks in advance for the time wasted reading this e-mail. -- Joao Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: multi-disk external scsi enclosures
On Feb 6, 2008 10:45 AM, Douglas A. Tutty [EMAIL PROTECTED] wrote: I don't see external multi-disk IDE boxes. Besides, PATA is limited to something like 18 from controller to drive. Even with a PCI controller, there's not much distance. Also PATA cables aren't shielded. Why not just an ide? If all you need is 18G, any old IDE will do. Must it be external? -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: Inexpensive networking.
On Wed, Feb 06, 2008 at 10:20:44PM -0500, Steve Shockley wrote: Douglas A. Tutty wrote: Put one in each classroom and run 100 MB/s to the upstream server and configure the desktops to only link at 10 MB/s Why force them at 10? Well, I've never had high-speed internet and I get along just fine. My NFS server was my IBM 486DX4-100 with 32 MB ram and a 10 MB/s ISA card. Worked just fine. What wil the students be doing where they would need more than 10 MB/s each between them and your server? If its between them and the internet, how fast is your internet? I suppose you don't have to limit each desk to 10 and let them fight over the 100 MB/s. I suppose it depends on the application and a desire to avoid a hungry student from bogging down the network. Better to throttle the student's desktop than to throttle the student. :) Doug.
Re: Inexpensive networking.
On Feb 6, 2008 7:57 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: Better to throttle the student's desktop than to throttle the student. :) You don't know the students I went there. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: RAID easy disk replacement for datacenter employees
mfi(4) ami(4) On Wed, Feb 06, 2008 at 07:26:26PM -0800, Jon wrote: I'm about to send an OpenBSD server to a datacenter for a client and we need RAID in case a hard disk fails. I need answers from people who have real world hands-on experience and can tell me what to use so that, if a drive fails all that's needed is a datacenter employee to walk over, pull a 3.5 out of a 5.25 enclosure behind the door of the 4U case and insert a new drive while leaving the system up and running. If the drive fails during or between a system restart, which RAID controllers that work with OpenBSD will simply use the working drive and continue booting/running as normal? Is there hardware that will handle writing the data to a replacement drive automatically or can be interfaced with to do so with a shell? What RAID hardware can give userland programs the status of the drives?
Re: Inexpensive networking.
On Wed, Feb 06, 2008 at 08:03:57PM -0800, Chris Kuethe wrote: On Feb 6, 2008 7:57 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: Better to throttle the student's desktop than to throttle the student. :) You don't know the students I went there. Ok, then forget Cat5e. Fibre will make a better noose. :) Doug.
Re: multi-disk external scsi enclosures
On Wed, Feb 06, 2008 at 10:56:41PM -0500, bofh wrote: On Feb 6, 2008 10:45 AM, Douglas A. Tutty [EMAIL PROTECTED] wrote: I don't see external multi-disk IDE boxes. Besides, PATA is limited to something like 18 from controller to drive. Even with a PCI controller, there's not much distance. Also PATA cables aren't shielded. Why not just an ide? If all you need is 18G, any old IDE will do. Must it be external? Well, for example, I have two boxes where I'm using IDE (the third box is my Athlon with SATA drives). One won't boot (pass POST) if the drive is over 1.1 GB, the other won't boot (pass POST) if the drive is over 9 GB. Since this will be for a low-MHz box, it's BIOS probably won't like large drives either. That means SCSI. If the boxes aren't great or have room or provide cooling for SCSI drives, that makes it external. Since future expansion is important, I'd rather have a multi-bay than a single-bay. If I'm getting it used off eBay, the cost will be similar; the shipping will cost me. Doug.
showmount help pl...
I am really curious to know how showmount works, I mean what the process flow at server... Thanks in advance, Mohan kumar shah. DISCLAIMER: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect.
Re: multi-disk external scsi enclosures
On Feb 6, 2008 11:38 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: Well, for example, I have two boxes where I'm using IDE (the third box is my Athlon with SATA drives). One won't boot (pass POST) if the drive is over 1.1 GB, the other won't boot (pass POST) if the drive is over 9 GB. I'm pretty sure the IBM dual Pentium Pro 200Mhz that I tossed away (2 of them!) could take hard drives bigger than 2G, and I want to say, bigger than 10G, so it really depends. Also, even on those that won't boot past 500MB, you might be able to get by with partitioning it properly (/ on first 500MB partition, etc). Since future expansion is important, I'd rather have a multi-bay than a single-bay. If I'm getting it used off eBay, the cost will be similar; the shipping will cost me. Heh. I tossed a compaq scsi array too, last year, when I moved. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Server room temperature sensors
Can anyone recommend a server room temperature sensor that I can use with openbsd? I want to monitor temperature and humidity. I hope to graph the data from the sensor. The sensor can be connected to my openbsd via usb, serial, or even network.
Re: Server room temperature sensors
In the past I've used Enviromux devices, polling them via SNMP with MRTG. http://www.networktechinc.com/enviro-mini.htm Dustin Lundquist Joe wrote: Can anyone recommend a server room temperature sensor that I can use with openbsd? I want to monitor temperature and humidity. I hope to graph the data from the sensor. The sensor can be connected to my openbsd via usb, serial, or even network.
Re: blade servers
On Feb 6, 2008, at 5:45 PM, Need Coffee wrote: Does anyone run OpenBSD on blade servers? I don't mean Sun Blade 150 kind of hardware, but rather blade chassis with server blades (a la Sun Blade 8000, HP, Dell, etc.). I'd appreciate any details... I'm having a bit of trouble finding anything conclusive about OpenBSD on blades. Thanks in advance... I'm going to attempt this on an HP Blade Server next week. I'll let you know how it goes.
