vic(4) problems with Dec 11th snap
Has anyone else had problems with vic(4) in the Dec 11th i386 snap? I have a guest on ESXi 3.5 that I upgraded from 4.3 to 4.4-release and it was working fine, but then I upgraded to the latest i386 snap and I no longer saw any traffic to/from the guest when viewing tcpdump, even on other guest VMs on the same host. To clarify I only saw outgoing ARP requests (from the guest itself), no incoming traffic what so ever. No ARP replies, no broadcast, nothing... none of the other guests saw the outbound traffic. Disabling ACPI made no difference (was the only thing I could think of based on a diff of the dmesgs). I rolled back to the 4.4-release kernel and it worked fine. OpenBSD 4.4-current (GENERIC) #1610: Thu Dec 11 19:55:57 MST 2008 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.88 GHz cpu0: FPU ,V86 ,DE ,PSE ,TSC ,MSR ,PAE ,MCE ,CX8 ,APIC ,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS real mem = 402157568 (383MB) avail mem = 380329984 (362MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/30/08, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) bios0: vendor Phoenix Technologies LTD version 6.00 date 01/30/2008 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC BOOT acpi0: wakeup devices USB_(S1) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpibat0 at acpi0: BAT1 not present acpibat1 at acpi0: BAT2 not present acpiac0 at acpi0: AC unit online bios0: ROM list: 0xc/0x8000 0xc8000/0x1e00! 0xca000/0x1000 0xdc000/0x4000! 0xe/0x4000! cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01 pci1 at ppb0 bus 1 piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: NECVMWar, VMware IDE CDR00, 1.00 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x08: SMBus disabled vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 16 function 0 VMware Virtual PCI-PCI rev 0x02 pci2 at ppb1 bus 2 mpi0 at pci2 dev 0 function 0 Symbios Logic 53c1030 rev 0x01: irq 9 scsibus1 at mpi0: 16 targets, initiator 7 sd0 at scsibus1 targ 0 lun 0: VMware, Virtual disk, 1.0 SCSI2 0/ direct fixed sd0: 8192MB, 512 bytes/sec, 16777216 sec total mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 vic0 at pci2 dev 1 function 0 AMD 79c970 PCnet-PCI rev 0x10: irq 11, address 00:0c:29:72:b1:81 isa0 at piixpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask e765 netmask ef65 ttymask mtrr: Pentium Pro MTRR support softraid0 at root root on sd0a swap on sd0b dump on sd0b [ch...@suez scratch]$ diff 20080812-release-dmesg 20081211-snap-dmesg 1c1 OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 --- OpenBSD 4.4-current (GENERIC) #1610: Thu Dec 11 19:55:57 MST 2008 3c3 cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.74 GHz --- cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.88 GHz 6c6 avail mem = 380170240 (362MB) --- avail mem = 380329984 (362MB) 11,17c11,19 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus --- acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC BOOT acpi0: wakeup devices USB_(S1) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpibat0 at acpi0: BAT1 not present acpibat1 at acpi0: BAT2 not present acpiac0 at acpi0:
Re: OT, .. but eCommerce?
Hi, On Sat, 13.12.2008 at 01:09:35 -0500, bofh goodb...@gmail.com wrote: Really unfortunate nothing non-PHP based. well, we're running Interchange (www.icdevgroup.org), which is Perl-based, but will most likely switch to Satchmo (www.satchmoproject.com), which was already mentioned, which works on top of Django (www.djangoproject.com). Hopefully one day, some one will have an itch to scratch that will not be PHP based. No need to let yourself be blinded by the plethora of PHP stuff, imho. Kind regards, --Toni++
Re: vic(4) problems with Dec 11th snap
vic seems fickle with jumbos. ive backed them out very recently, so try building your own kernel or wait for a new snapshot. it should be working now. dlg On 13/12/2008, at 6:51 PM, Brian Keefer wrote: Has anyone else had problems with vic(4) in the Dec 11th i386 snap? I have a guest on ESXi 3.5 that I upgraded from 4.3 to 4.4-release and it was working fine, but then I upgraded to the latest i386 snap and I no longer saw any traffic to/from the guest when viewing tcpdump, even on other guest VMs on the same host. To clarify I only saw outgoing ARP requests (from the guest itself), no incoming traffic what so ever. No ARP replies, no broadcast, nothing... none of the other guests saw the outbound traffic. Disabling ACPI made no difference (was the only thing I could think of based on a diff of the dmesgs). I rolled back to the 4.4-release kernel and it worked fine. OpenBSD 4.4-current (GENERIC) #1610: Thu Dec 11 19:55:57 MST 2008 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.88 GHz cpu0: FPU ,V86 ,DE ,PSE ,TSC ,MSR ,PAE ,MCE ,CX8 ,APIC ,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS real mem = 402157568 (383MB) avail mem = 380329984 (362MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/30/08, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) bios0: vendor Phoenix Technologies LTD version 6.00 date 01/30/2008 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC BOOT acpi0: wakeup devices USB_(S1) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpibat0 at acpi0: BAT1 not present acpibat1 at acpi0: BAT2 not present acpiac0 at acpi0: AC unit online bios0: ROM list: 0xc/0x8000 0xc8000/0x1e00! 0xca000/0x1000 0xdc000/0x4000! 0xe/0x4000! cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01 pci1 at ppb0 bus 1 piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: NECVMWar, VMware IDE CDR00, 1.00 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x08: SMBus disabled vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 16 function 0 VMware Virtual PCI-PCI rev 0x02 pci2 at ppb1 bus 2 mpi0 at pci2 dev 0 function 0 Symbios Logic 53c1030 rev 0x01: irq 9 scsibus1 at mpi0: 16 targets, initiator 7 sd0 at scsibus1 targ 0 lun 0: VMware, Virtual disk, 1.0 SCSI2 0/ direct fixed sd0: 8192MB, 512 bytes/sec, 16777216 sec total mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 vic0 at pci2 dev 1 function 0 AMD 79c970 PCnet-PCI rev 0x10: irq 11, address 00:0c:29:72:b1:81 isa0 at piixpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask e765 netmask ef65 ttymask mtrr: Pentium Pro MTRR support softraid0 at root root on sd0a swap on sd0b dump on sd0b [ch...@suez scratch]$ diff 20080812-release-dmesg 20081211-snap-dmesg 1c1 OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 --- OpenBSD 4.4-current (GENERIC) #1610: Thu Dec 11 19:55:57 MST 2008 3c3 cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.74 GHz --- cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.88 GHz 6c6 avail mem = 380170240 (362MB) --- avail mem = 380329984 (362MB) 11,17c11,19 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus --- acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC BOOT acpi0:
Re: type of softraid
Hi, Stuart Henderson schrieb: On 2008-12-12, Stuart Henderson s...@spacehopper.org wrote: On 2008-12-12, Marco Peereboom sl...@peereboom.us wrote: It isn't pretty but: dd if=/dev/wd1a skip=8244 bs=1 count=4 | hexdump -C 4+0 records in 4+0 records out 4 bytes transferred in 0.001 secs (3263 bytes/sec) 41 00 00 00 |A...| 0004 Here's a fragment you can add to /etc/magic so that these can be recognised with file -s /dev/wd1a. 8192string marcCRAMOpenBSD softraid 8244 long03777 RAID 0 8244 long03777 0001RAID 1 8244 long03777 0041AOE target 8244 long03777 004ccrypto 8244 long03777 006cAOE initiator Filling in more flags from softraidvar.h sr_metadata is left as an exercise for the reader :) better: 8192string marcCRAMOpenBSD softraid 8200 long0x 0 version %u 8244 long0x RAID 0 8244 long0x 0001RAID 1 8244 long0x 0041AOE target 8244 long0x 004ccrypto 8244 long0x 006cAOE initiator Thanks a lot, however as long as this doesn't make it into base I prefer Marcos version to solve the problem. Makes the script more machine independent. Would you consider to commit a patch for magic if I provide one? Michael
Re: Forcing re driver to 1000baseT = no connection? (4.4 release)
* Josh Archambault j...@snowplow.org [2008-11-20 18:12]: At 10Mb/s and 100Mb/s there are good reasons to fix media speed and duplex no. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Please test this on all available nVidia AHCI-capable controllers
Including MCP65, MCP67, MCP73, MCP77 and MCP79 families. If you see something like this in your dmesg: pciide1 at pci0 dev 9 function 0 NVIDIA MCP77 AHCI rev 0xa2: \ DMA (unsupported) please make sure you've switched your SATA controller to the native (or AHCI mode) in the BIOS. ** ACHTUNG! ACHTUNG! *** If you switch your controller from compatible to native mode, disk names will be changed too! From wdX to sdX. Please take this into account. The patch should apply cleanly on 4.3, 4.4 and -current. Please report back any breakage and success if you've switched to AHCI mode. Cheers. Index: ahci.c === RCS file: /cvs/src/sys/dev/pci/ahci.c,v retrieving revision 1.145 diff -u -p -u -r1.145 ahci.c --- ahci.c 13 Dec 2008 11:49:54 - 1.145 +++ ahci.c 13 Dec 2008 12:58:32 - @@ -648,6 +648,12 @@ ahci_pci_attach(struct device *parent, s } } + /* +* nVidia AHCI controllers need special handling +*/ + if (ad-ad_vendor == PCI_VENDOR_NVIDIA) + sc-sc_flags |= AHCI_F_IGN_FR; + if (pci_intr_map(pa, ih) != 0) { printf(: unable to map interrupt\n); return;
Re: type of softraid
On 12/12/08 11:07 -0600, Marco Peereboom wrote: It isn't pretty but: dd if=/dev/wd1a skip=8244 bs=1 count=4 | hexdump -C 4+0 records in 4+0 records out 4 bytes transferred in 0.001 secs (3263 bytes/sec) 41 00 00 00 |A...| 0004 wd1a is the cooked RAID partition. In this case this is an AOE target. If it was crypto it would have been 4c 00 00 00 |C...| Currently the possible values are: 0x00 (RAID 0), 0x01 (RAID 1), 0x41 (AOE target), 0x4c (CRYPTO) 0x61 (AOE initiator). Note that softraid is not endian neutral so on big endian machines the numbers are flipped. wd0i is my RAID partition: .. $ dd if=/dev/wd0i skip=8244 bs=1 count=4 | hexdump -C 4+0 records in 4+0 records out 4 bytes transferred in 0.000 secs (11799 bytes/sec) 43 00 00 00 |C...| 0004 .. $ what does 0x43 means? regards, c. FWIW, /marco On Fri, Dec 12, 2008 at 01:33:14PM +0100, Michael wrote: Todd T. Fries schrieb: tried bioctl -h softraid0 lately? Well, yes... but it only works if I already activated the softraid device... # bioctl -h softraid0 Volume Status Size Device softraid0 0 Online 3.8G sd1 CRYPTO 0 Online 3.8G 0:0.0 noencl sd0a # bioctl -d sd1 # bioctl -h softraid0 ...but I would like to know what kind of type sd0a is before I try to use bioctl -c [01C] -l /dev/... softraid0 to be able to use bioctl from a script, only for CRYPTO. Only other way I currently see is to set the label from disklabel of sd0 to some name and check what to do from that information.
Re: type of softraid
Crypto On Sat, Dec 13, 2008 at 03:42:27PM +0100, Cesare Gargano wrote: On 12/12/08 11:07 -0600, Marco Peereboom wrote: It isn't pretty but: dd if=/dev/wd1a skip=8244 bs=1 count=4 | hexdump -C 4+0 records in 4+0 records out 4 bytes transferred in 0.001 secs (3263 bytes/sec) 41 00 00 00 |A...| 0004 wd1a is the cooked RAID partition. In this case this is an AOE target. If it was crypto it would have been 4c 00 00 00 |C...| Currently the possible values are: 0x00 (RAID 0), 0x01 (RAID 1), 0x41 (AOE target), 0x4c (CRYPTO) 0x61 (AOE initiator). Note that softraid is not endian neutral so on big endian machines the numbers are flipped. wd0i is my RAID partition: .. $ dd if=/dev/wd0i skip=8244 bs=1 count=4 | hexdump -C 4+0 records in 4+0 records out 4 bytes transferred in 0.000 secs (11799 bytes/sec) 43 00 00 00 |C...| 0004 .. $ what does 0x43 means? regards, c. FWIW, /marco On Fri, Dec 12, 2008 at 01:33:14PM +0100, Michael wrote: Todd T. Fries schrieb: tried bioctl -h softraid0 lately? Well, yes... but it only works if I already activated the softraid device... # bioctl -h softraid0 Volume Status Size Device softraid0 0 Online 3.8G sd1 CRYPTO 0 Online 3.8G 0:0.0 noencl sd0a # bioctl -d sd1 # bioctl -h softraid0 ...but I would like to know what kind of type sd0a is before I try to use bioctl -c [01C] -l /dev/... softraid0 to be able to use bioctl from a script, only for CRYPTO. Only other way I currently see is to set the label from disklabel of sd0 to some name and check what to do from that information.
Re: type of softraid
ok, so what does 0x4c means? regards, c. On 13/12/08 08:52 -0600, Marco Peereboom wrote: Crypto On Sat, Dec 13, 2008 at 03:42:27PM +0100, Cesare Gargano wrote: On 12/12/08 11:07 -0600, Marco Peereboom wrote: It isn't pretty but: dd if=/dev/wd1a skip=8244 bs=1 count=4 | hexdump -C 4+0 records in 4+0 records out 4 bytes transferred in 0.001 secs (3263 bytes/sec) 41 00 00 00 |A...| 0004 wd1a is the cooked RAID partition. In this case this is an AOE target. If it was crypto it would have been 4c 00 00 00 |C...| Currently the possible values are: 0x00 (RAID 0), 0x01 (RAID 1), 0x41 (AOE target), 0x4c (CRYPTO) 0x61 (AOE initiator). Note that softraid is not endian neutral so on big endian machines the numbers are flipped. wd0i is my RAID partition: .. $ dd if=/dev/wd0i skip=8244 bs=1 count=4 | hexdump -C 4+0 records in 4+0 records out 4 bytes transferred in 0.000 secs (11799 bytes/sec) 43 00 00 00 |C...| 0004 .. $ what does 0x43 means? regards, c. FWIW, /marco On Fri, Dec 12, 2008 at 01:33:14PM +0100, Michael wrote: Todd T. Fries schrieb: tried bioctl -h softraid0 lately? Well, yes... but it only works if I already activated the softraid device... # bioctl -h softraid0 Volume Status Size Device softraid0 0 Online 3.8G sd1 CRYPTO 0 Online 3.8G 0:0.0 noencl sd0a # bioctl -d sd1 # bioctl -h softraid0 ...but I would like to know what kind of type sd0a is before I try to use bioctl -c [01C] -l /dev/... softraid0 to be able to use bioctl from a script, only for CRYPTO. Only other way I currently see is to set the label from disklabel of sd0 to some name and check what to do from that information.
Re: type of softraid
first entry in teh google overlord tracking machine: http://en.wikipedia.org/wiki/Hexadecimal On Sat, Dec 13, 2008 at 04:08:48PM +0100, Cesare Gargano wrote: ok, so what does 0x4c means? regards, c. On 13/12/08 08:52 -0600, Marco Peereboom wrote: Crypto On Sat, Dec 13, 2008 at 03:42:27PM +0100, Cesare Gargano wrote: On 12/12/08 11:07 -0600, Marco Peereboom wrote: It isn't pretty but: dd if=/dev/wd1a skip=8244 bs=1 count=4 | hexdump -C 4+0 records in 4+0 records out 4 bytes transferred in 0.001 secs (3263 bytes/sec) 41 00 00 00 |A...| 0004 wd1a is the cooked RAID partition. In this case this is an AOE target. If it was crypto it would have been 4c 00 00 00 |C...| Currently the possible values are: 0x00 (RAID 0), 0x01 (RAID 1), 0x41 (AOE target), 0x4c (CRYPTO) 0x61 (AOE initiator). Note that softraid is not endian neutral so on big endian machines the numbers are flipped. wd0i is my RAID partition: .. $ dd if=/dev/wd0i skip=8244 bs=1 count=4 | hexdump -C 4+0 records in 4+0 records out 4 bytes transferred in 0.000 secs (11799 bytes/sec) 43 00 00 00 |C...| 0004 .. $ what does 0x43 means? regards, c. FWIW, /marco On Fri, Dec 12, 2008 at 01:33:14PM +0100, Michael wrote: Todd T. Fries schrieb: tried bioctl -h softraid0 lately? Well, yes... but it only works if I already activated the softraid device... # bioctl -h softraid0 Volume Status Size Device softraid0 0 Online 3.8G sd1 CRYPTO 0 Online 3.8G 0:0.0 noencl sd0a # bioctl -d sd1 # bioctl -h softraid0 ...but I would like to know what kind of type sd0a is before I try to use bioctl -c [01C] -l /dev/... softraid0 to be able to use bioctl from a script, only for CRYPTO. Only other way I currently see is to set the label from disklabel of sd0 to some name and check what to do from that information.
Re: Setting time range and timeout for authpf rules
ropers wrote: carlopmart wrote: How can I establish a time range and timeout for an authpf rule? For example I will to permit access from my windows servers access (previous ssh authentication) to windowsupdate servers from 10:00 am to 13:00 am and block this traffic if any connection is established during 10 minutes. Wade, Daniel wrote: Crontab job to load a different pf.conf 2008/12/12 carlopmart carlopm...@gmail.com: Thanks Daniel, but I had already thought about this option but exists some problems: a) I need to mantain several pf.conf files for every access b) i can't control timeouts when servers doesn't generate traffic ... About (a): I guess if you're really worried about maintaining two pf.conf files, you could write a script that will edit your one single pf.conf (so that it would comment out/de-comment specific lines; by content, not by line number) and call that script via crontab. It would however be really easy to clobber your pf.conf when doing this, if you're not careful. About (b): I understand you would prefer to only permit your Windows-based servers to access Microsoft's windowsupdate servers if and only if they will actually try to reach windowsupdate between 10 and 13 am. I'm no Hansteen, Hartmeier or Henning, but it is my understanding that Pf has no clairvoyance feature. Is it really harmful to allow your servers to access windowsupdate from 10 to 13, whether they actually will do it or not? Also, from what I understand you want to dynamically change your active ruleset to allow access once traffic starts flowing during that time. What is the difference between that and allowing access during that time anyway? Or what am I missing? Am I horribly misunderstanding you? A somewhat confused --ropers many thaks for your answers ropers. About a) question. Ok, if I only need to maintain two pf.conf files, crontab is the perfect solution as I can open rules dynamically with pfctl, but I have other situations on I need to open and close rules if traffic doesn't exists ... but if crontab is the only solution at this moment, then I will use it. About b) question, you have understand me perfectly ... and you are rigth in this case it doesn't matter. But suppose that instead of being windows servers, are remote users. I do not like the rules that were permanently open in that time slot. How can I close this rules inmediatly?? -- CL Martinez carlopmart {at} gmail {d0t} com
Re: Setting time range and timeout for authpf rules
2008/12/13 carlopmart carlopm...@gmail.com: ropers wrote: carlopmart wrote: How can I establish a time range and timeout for an authpf rule? For example I will to permit access from my windows servers access (previous ssh authentication) to windowsupdate servers from 10:00 am to 13:00 am and block this traffic if any connection is established during 10 minutes. Wade, Daniel wrote: Crontab job to load a different pf.conf 2008/12/12 carlopmart carlopm...@gmail.com: Thanks Daniel, but I had already thought about this option but exists some problems: a) I need to mantain several pf.conf files for every access b) i can't control timeouts when servers doesn't generate traffic ... About (a): I guess if you're really worried about maintaining two pf.conf files, you could write a script that will edit your one single pf.conf (so that it would comment out/de-comment specific lines; by content, not by line number) and call that script via crontab. It would however be really easy to clobber your pf.conf when doing this, if you're not careful. About (b): I understand you would prefer to only permit your Windows-based servers to access Microsoft's windowsupdate servers if and only if they will actually try to reach windowsupdate between 10 and 13 am. I'm no Hansteen, Hartmeier or Henning, but it is my understanding that Pf has no clairvoyance feature. Is it really harmful to allow your servers to access windowsupdate from 10 to 13, whether they actually will do it or not? Also, from what I understand you want to dynamically change your active ruleset to allow access once traffic starts flowing during that time. What is the difference between that and allowing access during that time anyway? Or what am I missing? Am I horribly misunderstanding you? A somewhat confused --ropers many thaks for your answers ropers. About a) question. Ok, if I only need to maintain two pf.conf files, crontab is the perfect solution as I can open rules dynamically with pfctl, but I have other situations on I need to open and close rules if traffic doesn't exists ... but if crontab is the only solution at this moment, then I will use it. About b) question, you have understand me perfectly ... and you are rigth in this case it doesn't matter. But suppose that instead of being windows servers, are remote users. I do not like the rules that were permanently open in that time slot. How can I close this rules inmediatly?? Hm, have you looked at authpf? http://www.openbsd.org/cgi-bin/man.cgi?query=authpf regards, --ropers
Re: OT, .. but eCommerce?
There are oodles of plugins for drupal for ecommerce sites. I have mostly not ported these because I don't have the usage for it, but it's generally very easy to do (put it under sites/all/modules, check that it works, package). I remember a framework called Hdndel based off catalyst (maybe without the umlaut)
Re: OT, .. but eCommerce?
Marc Espie ha scritto: There are oodles of plugins for drupal for ecommerce sites. I have mostly not ported these because I don't have the usage for it, but it's generally very easy to do (put it under sites/all/modules, check that it works, package). I remember a framework called Hdndel based off catalyst (maybe without the umlaut) Is Handel [1] [1] http://handelframework.com/blog/
utf-8 in OpenBSD
I have a usb flash key with ext2fs and filenames in UTF-8. When I do: # export LC_ALL=en_US.UTF-8 # mount /dev/sd1i /mnt # ls /mnt filenames are not converted. This is done in xterm launched as xterm -u8. Can I do anything to get the filenames converted? Is en_US.UTF-8 locale functional? Please include my e-mail on answering, as I am not on list. -- Dmitrij D. Czarkoff
Re: utf-8 in OpenBSD
Two things more: When using uxterm I have all the UTF-8 files concatinated right, but some chars in filenames are replaced with ?. I use 4.4 with vanilla configuration. Please include my e-mail on answering, as I am not on list. On Sat, Dec 13, 2008 at 11:18 PM, Dmitrij Czarkoff czark...@gmail.com wrote: I have a usb flash key with ext2fs and filenames in UTF-8. When I do: # export LC_ALL=en_US.UTF-8 # mount /dev/sd1i /mnt # ls /mnt filenames are not converted. This is done in xterm launched as xterm -u8. Can I do anything to get the filenames converted? Is en_US.UTF-8 locale functional? -- Dmitrij D. Czarkoff
Re: Setting time range and timeout for authpf rules
On 2008-12-13, ropers rop...@gmail.com wrote: About (a): I guess if you're really worried about maintaining two pf.conf files, you could write a script that will edit your one single pf.conf (so that it would comment out/de-comment specific lines; by content, not by line number) and call that script via crontab. It would however be really easy to clobber your pf.conf when doing this, if you're not careful. it's safer to use and redefine macros: $ cat a foo=# bar= $foo pass to 1.1.1.1 $bar pass to 2.2.2.2 $ pfctl -nvf a foo = # bar = pass inet from any to 2.2.2.2 flags S/SA keep state $ pfctl -nvf a -D bar=# -D foo= foo = # bar = pass inet from any to 1.1.1.1 flags S/SA keep state
Re: OT, .. but eCommerce?
* Marc Espie wrote: There are oodles of plugins for drupal for ecommerce sites. I have mostly not ported these because I don't have the usage for it, but it's generally very easy to do (put it under sites/all/modules, check that it works, package). I remember a framework called Hdndel based off catalyst (maybe without the umlaut) It is not directly related, but we have a port for the Swiss Telekurs/Six Card Solutions Saferpay Software wich allows for credit card transactions over the internet. Since saferpay is commercial, our port is not in the ports tree. But interested parties can always contact us. -- Marc Balmer, Micro Systems, Wiesendamm 2a, Postfach, CH-4019 Basel, Switzerland http://www.msys.ch/ http://www.vnode.ch/ In God we trust, in C we code.
Re: Setting time range and timeout for authpf rules
On Sun, Dec 14, 2008 at 01:39:50AM +0100, carlopmart wrote: Yes, I see it, but can I define timeouts to authpf rule?? authpf it is a perfect solution for my enviroment, only if i can assign timeouts ... Cron hacks (pkill authpf and switch of configs or somesuch that suits your environment). It shouldn't be a very big patch for authpf itself to do it, though. Enforcing a maximum length for the session would be almost a necessity in a WLAN like environment anyway (it prevents sloppy student A from logging in on her girlfriend's laptop in the morning, forgetting to log out and her then using it all day). -- Jussi Peltola
Re: vic(4) problems with Dec 11th snap
On Dec 13, 2008, at 2:14 AM, David Gwynne wrote: vic seems fickle with jumbos. ive backed them out very recently, so try building your own kernel or wait for a new snapshot. it should be working now. dlg On 13/12/2008, at 6:51 PM, Brian Keefer wrote: Has anyone else had problems with vic(4) in the Dec 11th i386 snap? I have a guest on ESXi 3.5 that I upgraded from 4.3 to 4.4- release and it was working fine, but then I upgraded to the latest i386 snap and I no longer saw any traffic to/from the guest when viewing tcpdump, even on other guest VMs on the same host. To clarify I only saw outgoing ARP requests (from the guest itself), no incoming traffic what so ever. No ARP replies, no broadcast, nothing... none of the other guests saw the outbound traffic. Disabling ACPI made no difference (was the only thing I could think of based on a diff of the dmesgs). I rolled back to the 4.4-release kernel and it worked fine. I built generic MP with vmt enabled this afternoon (-rHEAD)) and it worked fine. Thanks! -- bk