Re: isakmpd does not initiate quick mode after main mode is established

[Christoph Leser]

I found that some of my problems are related to 'DELETE' messages from the
peer ( cisco ASA's , for example ). There is another thread in this forum
discussion this issue.

Hans-Joerg Hoexer said that obsd/isakmpd should handle this case, but he will
look into it.

I would be interested to know if your problems are related to these 'DELETE'
messages from the remote side.

I see varying behaviour when these messages come in:

. Sometimes the flows are deleted, and any further traffic gives 'no route to
host'
. Sometimes the flows are still shown ( in ipssecctl -sflow or netstat -rn -f
encap ) and I see traffic on enc0, but no encap on the external interface.

What do you see, when the connection dies?

Regards
Christoph

 -Urspr|ngliche Nachricht-
 Von: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org]
 Im Auftrag von Christian Weisgerber
 Gesendet: Sonntag, 25. Januar 2009 23:10
 An: misc@openbsd.org
 Betreff: Re: isakmpd does not initiate quick mode after main
 mode is established


 Christoph Leser le...@sup-logistik.de wrote:

  I'm still struggling to keep my ipsec vpns running smoothly.

 FWIW, I mostly use IPsec on my home WLAN and I observe a
 similar lack of reliability.  My laptop sets up two IPsec
 associations, one IPv4 and one IPv6, and from time to time
 one of these or both fail inexplicably (no response, no
 proposal chosen) but eventually get established within ten
 minutes or so.

 Since this is WLAN, I have considered that packet loss may
 screw up the ISAKMP negotiation, but I haven't investigated.

 I wonder how people who run a large number of IPsec
 associations in production settings deal with this or if they
 are seeing it at all.

 --
 Christian naddy Weisgerber
 na...@mips.inka.de

Problem with hvid in load-balancing carp in -current 4.4

[Karl-Heinz Wild]

Hi all

I try to configure a failover and loadbalanced firewall
with carp's.

I use for hostname.carp0 on the first an the second with small  
modifications

inet 10.0.0.1 255.255.255.0 NONE blancing ip carpnodes 1:0,2:100  
carpdev xl0 carppeer 172.16.0.1

This results in

carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:12:5e:00:01:12
 priority: 0
 carp: carpdev xl0 advbase 1 balancing ip carppeer 172.16.0.1
 state MASTER vhid 1 advskew 100
 state MASTER vhid 2 advskew 0
 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255

But where can I set the vhid. When I do so the vhid will not be shown.
And when I set the vhid explicitly to 1 the result is

carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:12:5e:00:01:12
 priority: 0
 carp: BACKUP carpdev xl0 vhid 1 advbase 1 advskew 100  
carppeer 172.16.0.1
 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255

and now it seems that load-balancing doesn't work anymore.

Where can I set the vhid, or where is the vhid shown or is it  
unnecessary?

Thanks for you help.

Kind regards

Karl-Heinz

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)

[Toni Mueller]

Hi,

On Sun, 25.01.2009 at 16:27:14 +, Dieter open...@sopwith.solgatos.com 
wrote:
 I wrote:
  You wrote:
 Is Maxtorman correct about the 320 log entries?
  My dealer told me a similar story, but I don't know where he had it
  from.
 
 I guess the next step is to find out if Maxtorman is correct about this
 320 log entries stuff, and if the SMART log entries as reported by
 smartmontools is the log to worry about, or if there is some other log.

I don't have an account on /., and also feel incapable of actually
working on this problem, but someone who has and can, could probably
try to nag maxtorman about improving smartmontools to the point that
they do the right thing, or try to get him to connect one to somebody
else who can verify the issue and/or provide more technical details.

If he can find a way to almost-anonymously post to /., he might be able
to give some hints to the smartmontools gyus, too. Then, we only need
them to integrate everything and make a new release.

Personally, I'd say that it'd be best if Seagate themselves would grab
the opportunity to partially make good on the issue, but I heavily
doubt that they understand, or want to understand, what's it about
with FLOSS.


Kind regards,
--Toni++

error building xenocara on current

[bdz]

hi,

i have an error compiling xenocrara on current. here are the steps i made:

/usr/src is updated from cvs and compiled ok
/usr/xenocara is updated from cvs

then:

rm -rf /usr/xobj/*
cd /usr/xenocara
make bootstrap
make obj
make build

[...]
make: don't know how to make app-defaults/Xedit-color.ad. Stop in 
/usr/xenocara/app/xedit/obj.
*** Error code 2

Stop in /usr/xenocara/app/xedit/obj (line 437 of Makefile).
*** Error code 1

Stop in /usr/xenocara/app/xedit (line 126 of 
/usr/X11R6/share/mk/bsd.xorg.mk).
*** Error code 1

Stop in /usr/xenocara/app/xedit (line 187 of 
/usr/X11R6/share/mk/bsd.xorg.mk).
*** Error code 1

Stop in /usr/xenocara/app (line 48 of /usr/share/mk/bsd.subdir.mk).
*** Error code 1

Stop in /usr/xenocara (line 48 of /usr/share/mk/bsd.subdir.mk).
  155m3.20s real   107m20.82s user42m53.31s system

any idea?

/var/run/dmesg.boot attached
OpenBSD 4.4-current (GENERIC) #7: Sun Jan 25 22:54:55 CET 2009
r...@bumbu.bdz.home:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Samuel 2 (CentaurHauls 686-class) 600 MHz
cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX
real mem  = 502824960 (479MB)
avail mem = 477855744 (455MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/06/04, BIOS32 rev. 0 @ 0xfb280, SMBIOS 
rev. 2.2 @ 0xf0800 (26 entries)
bios0: vendor Award Software International, Inc. version 6.00 PG date 
01/06/2004
bios0: VIA Technologies, Inc. CLE266-8235
apm0 at bios0: Power Management spec V1.2 (slowidle)
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf44
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfded0/112 (5 entries)
pcibios0: PCI Exclusive IRQs: 5 9 12
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C596A ISA rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xe000 0xd/0x8000!
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA VT8623 PCI rev 0x00
viaagp0 at pchb0: v2
agp0 at viaagp0: aperture at 0xd000, size 0x1000
ppb0 at pci0 dev 1 function 0 VIA VT8633 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 VIA CLE266 rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
cbb0 at pci0 dev 10 function 0 Ricoh 5C476 CardBus rev 0x80: irq 5
cbb1 at pci0 dev 10 function 1 Ricoh 5C476 CardBus rev 0x80: irq 12
VIA VT6306 FireWire rev 0x80 at pci0 dev 13 function 0 not configured
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x80: irq 5
uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x80: irq 12
uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x80: irq 9
ehci0 at pci0 dev 16 function 3 VIA VT6202 USB rev 0x82: irq 12
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 VIA VT8235 ISA rev 0x00
iic0 at viapm0
spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL2.5
pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: SAMSUNG HD400LD
wd0: 16-sector PIO, LBA48, 381554MB, 781422768 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x50: irq 9
ac97: codec id 0x49434552 (ICEnsemble VIA VT1616i)
ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D
audio0 at auvia0
vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x74: irq 5, address 
00:40:63:da:fb:4a
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 8: OUI 0x004063, 
model 0x0032
epic0 at pci0 dev 20 function 0 SMC 83C170 (EPIC/100) rev 0x06, SMC9432TX : 
irq 12, address 00:e0:29:26:b7:38
qsphy0 at epic0 phy 3: QS6612 10/100 PHY, rev. 1
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 3 device 0 cacheline 0x0, lattimer 0x20
pcmcia1 at cardslot1
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 VIA UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 VIA UHCI root hub rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
viasio0 at isa0 port 0x2e/2: VT1211 rev 0x02, HM, WDG not activated
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask ff65 netmask ff65 ttymask 
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

Re: Dealing with Seagate's problematic 7200.11 firmware.

[RedShift]

Dieter wrote:

Recovering from Seagate's problematic 7200.11 firmware.

Most of you have read about the problems with Seagate's
7200.11 disks.  For those of you that haven't, the firmware
on many of these drives is buggy, and can brick the drive
when powering up or rebooting the system.  Thus far,
Seagate's response has been less than wonderful.  We need
a FLOSS solution.

Goals:

1) Ability to read the number of log entries.

2) Ability to change the number of log entries.

3) Ability to install new firmware from Unix.

We need for this to work with any flavor of Unix,
on any CPU arch, without reboot or power cycle.
We need for this to work on one drive without affecting
other drives.

I don't expect to be able to write FLOSS firmware for the drives, so
this isn't listed as a goal.  If you think you can, please feel free.

The problem:

IF the drive is powered down when there are 320 entries in this journal
or log, then when it is powered back up, the drive errors out on init and
won't boot properly - to the point that it won't even report it's
information to the BIOS.

Maxtorman, slashdot discussion [2]



Just a hypothetical situation, since we do not have the sourcecode of the 
firmware: isn't it possible some kind of mathematical operation is occuring on 
the number of log entries causing some kind of infinite loop to occur or a 
division that leads to/by 0 that the software/hardware is unable to handle? 
That could mean this problem could also manifest itself on for example 
multiples of 320, so just putting the counter on 321 may just be delaying the 
inevitable. And what happens if the counter overflows and reaches 320 again?

Glenn



If Maxtorman is correct, then once the drive has been operating awhile,
we have a 1 in 320 chance that the circular log is at entry 320.  We want
to be able to find out how many log entries the disk currently has, and
we want to be able to change the number of log entries away from 320,
while we wait for Seagate to get its act together and release firmware
that works properly.  Since Seagate's solution will require attaching
the drive to an x86 system and booting a FreeDOS ISO from CD, if the log
is at 320 that boot will brick the drive.

There are other firmware problems with the 7200.11 series, but this is
the biggie.

Once Seagate releases working firmware, we want to be able to install
it from Unix, on any CPU arch.  Seagate's release can only install
on x86 using FreeDOS.

*ATA Commands that may be useful:

command namecommand code in hex   page [1] pdf page [1]
Read Log Ext0x2F27  33
S.M.A.R.T. Read Log Sector  0xB0 / 0xD5 28,34   34,40
S.M.A.R.T. Write Log Sector 0xB0 / 0xD6 28,34   34.40
Write Log Extended  0x3F28  34
Download Microcode  0x9227  33

Questions:

Is Maxtorman correct about the 320 log entries?

Are the commands listed above the ones we need?
What is the difference between the Log Extended
and the S.M.A.R.T. Log Sector?
Is Microcode the same as firmware?  (Seagate uses
the term firmware elsewhere in the manual, but I don't
find any sort of write firmware command.)

Where can we get more detailed info about these
commands and how to use them?

References:

[1] Seagate Barracuda 7200.11 Serial ATA Product Manual rev C  August 2008
http://www.seagate.com/staticfiles/support/disc/manuals/desktop/Barracuda%207200.11/100507013c.pdf

[2] http://it.slashdot.org/article.pl?sid=09/01/21/0052236

Re: Fujitsu-siemens machine freezes

[Stuart Henderson]

[ Moving to misc@openbsd.org, tech@ is for 'Discussion of technical
topics for OpenBSD developers and advanced users. This is not a tech
support forum, do not use it as such.' www.openbsd.org/mail.html ]

On 2009/01/25 23:51, BOG BOG wrote:
 Hello,
 
 In this weekend i bought a fujitsu-siemens machine, with the following
 configuration:

From your description you could be trying any of these:

i386 4.4, amd64 4.4, i386 -current, amd64 -current.

Try a different one. If it still fails with -current you will need
to get dmesg out of the machine somehow, see FAQ 4.15 (you can use a
USB stick instead a floppy disk, it will probably show up as /dev/sd0i).


 Pentium Core duo Intel E2200, 2.20 Ghz
 FSB 800 Mhz
 3 Gb ram:
  2 GB (1 module(s) with 2 GB, DDR2), 800 MHz
  1 GB (1 module(s) with 1 GB, DDR2), 800 MHz
 
 Hdd 500 Gb, Serial ATA II
 
 The following is copy/paste from the data sheet(found here:
 http://sp.fujitsu-siemens.com/dmsp/docs/ds-esprimo-p3510.pdf)
 
 Mainboard typeD2750
 Formfactor5BTX
 Chipset   Intel. G31
 Processor socket  LGA 775
 Processor quantity maximum1
 System bus (FSB / HT / QPI)   up to 1333 MHz
 Memory slots  2 DIMM (DDR2)
 Supported capacity RAM (max.) 8 GB
 Memory frequency  800 MHz
 Memory notes  With future modules.
   Dual channel support.
   For dual channel performance, 2 memory
   modules have to be ordered. Capacity per
   channel has to be the same.
 LAN   10/100/1000 MBit/s Realtek RTL8111C
 BIOS version  Phoenix 6.0
 BIOS features BIOS Flash EPROM update by software
   Recovery BIOS
 Audio codec   Realtek ALC262
 Audio featuresHigh Definition audio
 
 
 The problem is that after the process of creating the partitions, and copying
 the base modules, the machine freezes.
 
 I do not install xserver modules, as I want it to be a server, an right after
 the game44.tgz module is copied on the hard drive, the system freezes.
 
 I tried to exclude game44.tgz, in a new installation process, and after
 man44.tgz, the system freezes.
 
 I really do not understand the problem, because the hard drive as well as cd
 drive are detected and properly initialized.
 
 Unfortunately, I do not have the dmesg
 
 I do not want to put other os on this machine, because i like OpenBSD.
 
 I really apreciate any help in this direction,
 
 Thank you very much,
 
 bogdan

Re: Fujitsu-siemens machine freezes

[BOG BOG]

hello,

i'll try to extract the dmesg out that machine.

tonight i want to try also the amd64 install image, and i want to make dmesg 
dump for both i386 and amd64.

thank you for answering,

bogdan



--- On Mon, 1/26/09, Jasper Lievisse Adriaanse jas...@humppa.nl wrote:

 From: Jasper Lievisse Adriaanse jas...@humppa.nl
 Subject: Re: Fujitsu-siemens machine freezes
 To: BOG BOG bo...@yahoo.com
 Date: Monday, January 26, 2009, 4:38 AM
 On Sun, Jan 25, 2009 at 11:51:19PM -0800, BOG BOG wrote:
  Hello,
  
  In this weekend i bought a fujitsu-siemens machine,
 with the following
  configuration:
  Pentium Core duo Intel E2200, 2.20 Ghz
  FSB 800 Mhz
  3 Gb ram:
   2 GB (1 module(s) with 2 GB, DDR2), 800 MHz
   1 GB (1 module(s) with 1 GB, DDR2), 800 MHz
  
  Hdd 500 Gb, Serial ATA II
  
  The following is copy/paste from the data sheet(found
 here:
 
 http://sp.fujitsu-siemens.com/dmsp/docs/ds-esprimo-p3510.pdf)
  
  Mainboard typeD2750
  Formfactor5BTX
  Chipset   Intel. G31
  Processor socket  LGA 775
  Processor quantity maximum1
  System bus (FSB / HT / QPI)   up to 1333 MHz
  Memory slots  2 DIMM (DDR2)
  Supported capacity RAM (max.) 8 GB
  Memory frequency  800 MHz
  Memory notes  With future modules.
Dual channel support.
For dual channel
 performance, 2 memory
modules have to be
 ordered. Capacity per
channel has to be the
 same.
  LAN   10/100/1000 MBit/s
 Realtek RTL8111C
  BIOS version  Phoenix 6.0
  BIOS features BIOS Flash EPROM update
 by software
Recovery BIOS
  Audio codec   Realtek ALC262
  Audio featuresHigh Definition audio
  
  
  The problem is that after the process of creating the
 partitions, and copying
  the base modules, the machine freezes.
  
  I do not install xserver modules, as I want it to be a
 server, an right after
  the game44.tgz module is copied on the hard drive, the
 system freezes.
  
  I tried to exclude game44.tgz, in a new installation
 process, and after
  man44.tgz, the system freezes.
  
  I really do not understand the problem, because the
 hard drive as well as cd
  drive are detected and properly initialized.
  
  Unfortunately, I do not have the dmesg
  
  I do not want to put other os on this machine, because
 i like OpenBSD.
  
  I really apreciate any help in this direction,
  
  Thank you very much,
  
  bogdan
 hi,
 
 a dmesg is absolutely needed to diagnose your problem (or
 rather the
 computer's ;-) )
 could you perhaps make pictures of the dmesg?
 
 cheers,
 jasper
 
 -- 
 Intelligence should guide our actions, but in harmony
 with the
   texture of the situation at hand
 -- Francisco Varela

Re: Fujitsu-siemens machine freezes

[BOG BOG]

Thank you for your answer.

I'll try to follow the suggestions you have made.

Sorry for not using the correct mailing list.


--- On Mon, 1/26/09, Stuart Henderson s...@spacehopper.org wrote:

 From: Stuart Henderson s...@spacehopper.org
 Subject: Re: Fujitsu-siemens machine freezes
 To: BOG BOG bo...@yahoo.com
 Cc: misc@openbsd.org, t...@openbsd.org
 Date: Monday, January 26, 2009, 4:03 AM
 [ Moving to misc@openbsd.org, tech@ is for 'Discussion
 of technical
 topics for OpenBSD developers and advanced users. This is
 not a tech
 support forum, do not use it as such.'
 www.openbsd.org/mail.html ]
 
 On 2009/01/25 23:51, BOG BOG wrote:
  Hello,
  
  In this weekend i bought a fujitsu-siemens machine,
 with the following
  configuration:
 
 From your description you could be trying any of these:
 
 i386 4.4, amd64 4.4, i386 -current, amd64 -current.
 
 Try a different one. If it still fails with -current you
 will need
 to get dmesg out of the machine somehow, see FAQ 4.15 (you
 can use a
 USB stick instead a floppy disk, it will probably show up
 as /dev/sd0i).

Re: Fujitsu-siemens machine freezes

[BOG BOG]

I tried to install OpenBSD4.4 i386.

The instalation image was created by me, and it worked fine for an update from 
4.3 to 4.4. version, but on different machine, the one i worked on.

I'll try to get a stick and save the dmesg for fujitsu machine.

Thank you for your suggestions



--- On Mon, 1/26/09, Kenneth R Westerback kwesterb...@rogers.com wrote:

 From: Kenneth R Westerback kwesterb...@rogers.com
 Subject: Re: Fujitsu-siemens machine freezes
 To: BOG BOG bo...@yahoo.com
 Date: Monday, January 26, 2009, 4:12 AM
 On Sun, Jan 25, 2009 at 11:51:19PM -0800, BOG BOG wrote:
  Hello,
  
  In this weekend i bought a fujitsu-siemens machine,
 with the following
  configuration:
  Pentium Core duo Intel E2200, 2.20 Ghz
  FSB 800 Mhz
  3 Gb ram:
   2 GB (1 module(s) with 2 GB, DDR2), 800 MHz
   1 GB (1 module(s) with 1 GB, DDR2), 800 MHz
  
  Hdd 500 Gb, Serial ATA II
  
  The following is copy/paste from the data sheet(found
 here:
 
 http://sp.fujitsu-siemens.com/dmsp/docs/ds-esprimo-p3510.pdf)
  
  Mainboard typeD2750
  Formfactor5BTX
  Chipset   Intel. G31
  Processor socket  LGA 775
  Processor quantity maximum1
  System bus (FSB / HT / QPI)   up to 1333 MHz
  Memory slots  2 DIMM (DDR2)
  Supported capacity RAM (max.) 8 GB
  Memory frequency  800 MHz
  Memory notes  With future modules.
Dual channel support.
For dual channel
 performance, 2 memory
modules have to be
 ordered. Capacity per
channel has to be the
 same.
  LAN   10/100/1000 MBit/s
 Realtek RTL8111C
  BIOS version  Phoenix 6.0
  BIOS features BIOS Flash EPROM update
 by software
Recovery BIOS
  Audio codec   Realtek ALC262
  Audio featuresHigh Definition audio
  
  
  The problem is that after the process of creating the
 partitions, and copying
  the base modules, the machine freezes.
  
  I do not install xserver modules, as I want it to be a
 server, an right after
  the game44.tgz module is copied on the hard drive, the
 system freezes.
  
  I tried to exclude game44.tgz, in a new installation
 process, and after
  man44.tgz, the system freezes.
  
  I really do not understand the problem, because the
 hard drive as well as cd
  drive are detected and properly initialized.
  
  Unfortunately, I do not have the dmesg
  
  I do not want to put other os on this machine, because
 i like OpenBSD.
  
  I really apreciate any help in this direction,
  
  Thank you very much,
  
  bogdan
 
 What version of OpenBSD are you trying to install? If it
 isn't a
 -current snapshot then please try a -current snapshot.
 
 Are you trying to install i386 OpenBSD or amd64 OpenBSD? In
 either
 case try the other one. :-).
 
 A dmesg would really help.
 
  Ken

Re: Dealing with Seagate's problematic 7200.11 firmware.

[Raimo Niskanen]

On Fri, Jan 23, 2009 at 09:28:34PM +, Dieter wrote:
 Recovering from Seagate's problematic 7200.11 firmware.
 
 Most of you have read about the problems with Seagate's
 7200.11 disks.  For those of you that haven't, the firmware
 on many of these drives is buggy, and can brick the drive
 when powering up or rebooting the system.  Thus far,

How can I know if I have a suspicious drive?

E.g# smartctl -i -d ata /dev/rwd1c
smartctl version 5.33 [i386-unknown-openbsd4.1] Copyright (C) 2002-4 Bruce Allen
Home page is http://smartmontools.sourceforge.net/

=== START OF INFORMATION SECTION ===
Device Model: ST3808110AS
Serial Number:5LRA2E2J
Firmware Version: 3.AJJ
User Capacity:80,026,361,856 bytes
Device is:Not in smartctl database [for details use: -P showall]
ATA Version is:   7
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:Mon Jan 26 15:31:45 2009 CET
SMART support is: Available - device has SMART capability.
SMART support is: Enabled


Google for ST3808110AS gives me Barracuda 7200.9 SATA 80-GB Hard Drive,
so I guess this one is not suspicious, but I have more disks,
in other servers. What if i find a 7200.10, 7200.11, ES or ES.2,
is that enough for me to suspect it?



 Seagate's response has been less than wonderful.  We need
 a FLOSS solution.
 
 Goals:
 
   1) Ability to read the number of log entries.
 
   2) Ability to change the number of log entries.
 
   3) Ability to install new firmware from Unix.
 
 We need for this to work with any flavor of Unix,
 on any CPU arch, without reboot or power cycle.
 We need for this to work on one drive without affecting
 other drives.
 
 I don't expect to be able to write FLOSS firmware for the drives, so
 this isn't listed as a goal.  If you think you can, please feel free.
 
 The problem:
 
 IF the drive is powered down when there are 320 entries in this journal
 or log, then when it is powered back up, the drive errors out on init and
 won't boot properly - to the point that it won't even report it's
 information to the BIOS.
 
   Maxtorman, slashdot discussion [2]
 
 If Maxtorman is correct, then once the drive has been operating awhile,
 we have a 1 in 320 chance that the circular log is at entry 320.  We want
 to be able to find out how many log entries the disk currently has, and
 we want to be able to change the number of log entries away from 320,
 while we wait for Seagate to get its act together and release firmware
 that works properly.  Since Seagate's solution will require attaching
 the drive to an x86 system and booting a FreeDOS ISO from CD, if the log
 is at 320 that boot will brick the drive.
 
 There are other firmware problems with the 7200.11 series, but this is
 the biggie.
 
 Once Seagate releases working firmware, we want to be able to install
 it from Unix, on any CPU arch.  Seagate's release can only install
 on x86 using FreeDOS.
 
 *ATA Commands that may be useful:
 
 command name  command code in hex   page [1] pdf page [1]
 Read Log Ext  0x2F27  33
 S.M.A.R.T. Read Log Sector0xB0 / 0xD5 28,34   34,40
 S.M.A.R.T. Write Log Sector   0xB0 / 0xD6 28,34   34.40
 Write Log Extended0x3F28  34
 Download Microcode0x9227  33
 
 Questions:
 
   Is Maxtorman correct about the 320 log entries?
 
   Are the commands listed above the ones we need?
   What is the difference between the Log Extended
   and the S.M.A.R.T. Log Sector?
   Is Microcode the same as firmware?  (Seagate uses
   the term firmware elsewhere in the manual, but I don't
   find any sort of write firmware command.)
 
   Where can we get more detailed info about these
   commands and how to use them?
 
 References:
 
 [1] Seagate Barracuda 7200.11 Serial ATA Product Manual rev C  August 2008
 http://www.seagate.com/staticfiles/support/disc/manuals/desktop/Barracuda%207200.11/100507013c.pdf
 
 [2] http://it.slashdot.org/article.pl?sid=09/01/21/0052236

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Failover bridge(4) with RSTP

[Jason Dixon]

I'm attempting to setup a failover bridge(4) configuration with RSTP for
rapid failover.  At this point I'm still tweaking the bridges and
switches.  We're using a Foundry LS648 for this test, so we don't have
Cisco's uplinkFast extension at our disposal.

We have two VLANs configured on the switch, each with 802.1w enabled and 
functioning normally.  Plugged into each VLAN is a single client and one
interface from each firewall.

10.20.0.2 - vlan200 - bridge0 - vlan300 - 10.20.0.3

Regardless of whether I use rstp (default) or stp (+ ifpriority/ifcost)
on the bridges, it always takes ~5 minutes to failover.  I noticed that
with stp enabled on the physical interfaces, the switch would
immediately show the correct bridge as the forwarding root.  With the
default rstp, the switch shows all ports as designated forwarding.

I've also tried disabling learning on the internal interfaces and adding
static entries for 10.20.0.3, but this has no effect on the recovery
time.

Any suggestions on getting a rapid failover working?

Thanks,

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

connecting to external binat ip from internal network

[Dimitris Zilaskos]

Hi,

I am dealing with a 3.9 firewall with 6 Gigabit interfaces and half a 
dozen vlans.


2 of the interfaces are the uplinks , em0 and em1.

em0 talks to network say, 1.2.3.0/24 and has ip address 1.2.3.4

em1 talks to 1.2.4.0/24, has no ip address, and belongs to a bridge with 
bge0. The default gateway for 1.2.4.0/24 is outside our control.


bge0 has ip address 1.2.4.1

bge0 is connected with the switch with all the systems belonging to 
1.2.4.0/24, their default gateway is on em1.


on em2,em3,vlanX interfaces are connected various 10.0.0.0/24 subnets with 
hosts that some are natted, some are binatted, on the em0 interface.


I would like to be able to connect to the binatted hosts from the internal 
network using either their internal ips or their externals ones.


From 10.x ips connecting to 10.x works fine. Connecting to a binatted 10.x 
host using an external ip fails. Ping works, but tcp connections are 
refused, since I am actually connecting to the firewall (em0 has the externals ips 
as aliases) and not to the host. The situation is more or less similar to 
what is described at http://www.openbsd.org/faq/pf/rdr.html. I can get 
around this problem by using rdr on the internal interface and sending 
all tcp/udp ports destined to the external ip to the internal ip.


However, non tcp/udp traffic (icmps for example) still gets replied by the 
firewall, and I was wondering if there is a better solution.


Communication between the bridged network 1.2.4.0 and 10.x is achieved by 
setting 1.2.4.1 (bge0 ip address) as the gateway for 10.x network in the 
1.2.4.0/24 systems. However I have not figured a way for hosts in the

1.2.4.0/24 network to communicate with binatted systems using their external
ip. Pinging the binat external address is successful only for the first
request. The second request never reaches the internal interface for the
10.x network, and tcpdump does not show it up on the external interface (em0)
either. Anyone got a clue?

This setup is legacy and goes back quiet some years (2.x era). The 
are several drawbacks/flaws and while typing this e-mail I spotted even 
more. Work around so far has been using split DNS. There is no effort available

right now to redesign the whole network. Any insight is appreciated.

Cheers,


--
=
Dimitris Zilaskos
GridAUTH Operations Centre @ Aristotle University of Thessaloniki , Greece
Tel: +302310998988 Fax: +302310994309
http://www.grid.auth.gr
=

4.4 as a VBox guest?

[L. V. Lammert]

Successfully installed 4.4 (release) on VBox 2.1.2 (AMD64 OpenSuSE 11.1),
however after installation I'm starting to see SegFaults whenever I try to
do anything (like pkg_add).

It also looks like some weird things are showing up in dmesg (softraid0?),
.. sshd appears to work OK so I'd be happy to setup public keys should a
developer wish to poke around.

Lee


drive config:

/dev/wd0a on / type ffs (local)
/dev/wd0g on /home type ffs (local, nodev, nosuid)
/dev/wd0e on /tmp type ffs (local, nodev, nosuid)
/dev/wd0h on /u type ffs (local, nodev, nosuid)
/dev/wd0d on /usr type ffs (local, nodev)
/dev/wd0f on /var type ffs (local, nodev, nosuid)

=
network config:

lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33204
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
pcn0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 08:00:27:80:04:b5
groups: egress
media: Ethernet none
status: active
inet6 fe80::a00:27ff:fe80:4b5%pcn0 prefixlen 64 scopeid 0x1
inet 206.197.251.50 netmask 0xff00 broadcast 206.197.251.255
enc0: flags=0 mtu 1536


dmesg:

OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) 64 Processor 3200+ (AuthenticAMD 686-class, 512KB
L2 cache) 2 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD erratum 89 present, BIOS upgrade may be required
real mem  = 469266432 (447MB)
avail mem = 445194240 (424MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xfbbe0,
SMBIOS rev. 2.5 @ 0xe1000 (3 entries)
bios0: vendor innotek GmbH version VirtualBox date 12/01/2006
bios0: innotek GmbH VirtualBox
apm0 at bios0: Power Management spec V1.2
apm0: APM engage (device 1): unknown error code? (83)
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbf30/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:01:0 (Intel 82371SB ISA rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x9000 0xe2000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02
pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00
pciide0 at pci0 dev 1 function 1 Intel 82371AB IDE rev 0x01: DMA,
channel 0 configured to compatibility, channel
 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: VBOX HARDDISK
wd0: 128-sector PIO, LBA, 5120MB, 10485760 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets, initiator 7
cd0 at scsibus0 targ 0 lun 0: VBOX, CD-ROM, 1.0 ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
vga1 at pci0 dev 2 function 0 InnoTek VirtualBox Graphics Adapter rev
0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
drm at vga1 unsupported
pcn0 at pci0 dev 3 function 0 AMD 79c970 PCnet-PCI rev 0x40, Am79c973,
rev 0: irq 11, address 08:00:27:80:04:b5
acphy0 at pcn0 phy 0: AC101 10/100 PHY, rev. 11
ifmedia_set: no match for 0x20/0x
InnoTek VirtualBox Guest Service rev 0x00 at pci0 dev 4 function 0 not
configured
piixpm0 at pci0 dev 7 function 0 Intel 82371AB Power rev 0x08: SMBus
disabled
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
fd1 at fdc0 drive 1: density unknown
biomask e7fd netmask effd ttymask 
mtrr: CPU supports MTRRs but not enabled
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

PF/NAT Issue

[John Brahy]

Hello,

I'm having a problem with NAT. I have given up trying fancy pf stuff
and I am using a barely modified version of the example ruleset from
the using pf guide on the OpenBSD site:

# OpenBSD Packet Filter Configuration
#

# macros
ext_if=dc0
int_if=sis0

tcp_services={ 22, 113 }
icmp_types=echoreq

# options
set block-policy return
set loginterface $ext_if

set skip on lo

# scrub
scrub in

# nat/rdr
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*

rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021

# filter rules
block in

pass out keep state

anchor ftp-proxy/*
antispoof quick for { lo $int_if }

pass in on $ext_if inet proto tcp from any to ($ext_if) port
$tcp_services flags S/SA keep state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass in quick on $int_if


the only thing that I took out was the web server, so there is no
inbound access in this configuration. I have the same pf.conf file on
both of my servers. The layout looks like this.


Internet
 |
 - public ip
OpenBSD box A running as router
 - public ip
 |
 - public ip
OpenBSD box B running as firewall
 - 10.100.100.1
 |
 - 10.100.100.120
OpenBSD box C running as desktop


The problem that I am having is that I can't surf the information
superhighway from box C. So I've been looking at the network traffic
to see how far it is going and it's getting past the firewall but not
past the router.

I believe the problem is that box B is not preforming network address
translation for box C. When I do a tcpdump on the interface connection
box A and box B I see packets with 10.100.100.120 as the address.

Is there a magic Turn Nat On switch I'm not using? I have modified
by /etc/sysctl.conf to enable ip forwarding.

I'm stuck... Does anyone have a suggestion on what I can try or what I
am doing wrong?

Thanks,

JB

Re: 4.4 as a VBox guest?

[John Jackson]

If you're running Linux as the host OS anyway, you may want to look into
kvm and kvm-qemu for virtualization duties.  OpenBSD and other OSes have
been running well for me as guests under Debian.  Just make sure to use
e1000 as the NIC model.

John

On Mon, Jan 26, 2009 at 09:59:59AM -0600, L. V. Lammert wrote:
 Successfully installed 4.4 (release) on VBox 2.1.2 (AMD64 OpenSuSE 11.1),
 however after installation I'm starting to see SegFaults whenever I try to
 do anything (like pkg_add).
 
 It also looks like some weird things are showing up in dmesg (softraid0?),
 .. sshd appears to work OK so I'd be happy to setup public keys should a
 developer wish to poke around.
 
   Lee
 
 
 drive config:
 
 /dev/wd0a on / type ffs (local)
 /dev/wd0g on /home type ffs (local, nodev, nosuid)
 /dev/wd0e on /tmp type ffs (local, nodev, nosuid)
 /dev/wd0h on /u type ffs (local, nodev, nosuid)
 /dev/wd0d on /usr type ffs (local, nodev)
 /dev/wd0f on /var type ffs (local, nodev, nosuid)
 
 =
 network config:
 
 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33204
 groups: lo
 inet 127.0.0.1 netmask 0xff00
 inet6 ::1 prefixlen 128
 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
 pcn0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 lladdr 08:00:27:80:04:b5
 groups: egress
 media: Ethernet none
 status: active
 inet6 fe80::a00:27ff:fe80:4b5%pcn0 prefixlen 64 scopeid 0x1
 inet 206.197.251.50 netmask 0xff00 broadcast 206.197.251.255
 enc0: flags=0 mtu 1536
 
 
 dmesg:
 
 OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: AMD Athlon(tm) 64 Processor 3200+ (AuthenticAMD 686-class, 512KB
 L2 cache) 2 GHz
 cpu0:
 FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
 cpu0: AMD erratum 89 present, BIOS upgrade may be required
 real mem  = 469266432 (447MB)
 avail mem = 445194240 (424MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xfbbe0,
 SMBIOS rev. 2.5 @ 0xe1000 (3 entries)
 bios0: vendor innotek GmbH version VirtualBox date 12/01/2006
 bios0: innotek GmbH VirtualBox
 apm0 at bios0: Power Management spec V1.2
 apm0: APM engage (device 1): unknown error code? (83)
 apm0: AC on, battery charge unknown
 acpi at bios0 function 0x0 not configured
 pcibios0 at bios0: rev 2.1 @ 0xf/0x0
 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbf30/192 (10 entries)
 pcibios0: PCI Interrupt Router at 000:01:0 (Intel 82371SB ISA rev 0x00)
 pcibios0: PCI bus #0 is the last bus
 bios0: ROM list: 0xc/0x9000 0xe2000/0x1000
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02
 pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00
 pciide0 at pci0 dev 1 function 1 Intel 82371AB IDE rev 0x01: DMA,
 channel 0 configured to compatibility, channel
  1 configured to compatibility
 wd0 at pciide0 channel 0 drive 0: VBOX HARDDISK
 wd0: 128-sector PIO, LBA, 5120MB, 10485760 sectors
 wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
 atapiscsi0 at pciide0 channel 1 drive 0
 scsibus0 at atapiscsi0: 2 targets, initiator 7
 cd0 at scsibus0 targ 0 lun 0: VBOX, CD-ROM, 1.0 ATAPI 5/cdrom removable
 cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
 vga1 at pci0 dev 2 function 0 InnoTek VirtualBox Graphics Adapter rev
 0x00
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 drm at vga1 unsupported
 pcn0 at pci0 dev 3 function 0 AMD 79c970 PCnet-PCI rev 0x40, Am79c973,
 rev 0: irq 11, address 08:00:27:80:04:b5
 acphy0 at pcn0 phy 0: AC101 10/100 PHY, rev. 11
 ifmedia_set: no match for 0x20/0x
 InnoTek VirtualBox Guest Service rev 0x00 at pci0 dev 4 function 0 not
 configured
 piixpm0 at pci0 dev 7 function 0 Intel 82371AB Power rev 0x08: SMBus
 disabled
 isa0 at pcib0
 isadma0 at isa0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 pmsi0 at pckbc0 (aux slot)
 pckbc0: using irq 12 for aux slot
 wsmouse0 at pmsi0 mux 0
 pcppi0 at isa0 port 0x61
 midi0 at pcppi0: PC speaker
 spkr0 at pcppi0
 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
 fd1 at fdc0 drive 1: density unknown
 biomask e7fd netmask effd ttymask 
 mtrr: CPU supports MTRRs but not enabled
 softraid0 at root
 root on wd0a swap on wd0b dump on wd0b

Re: PF/NAT Issue

[John Brahy]

It must have been a hardware issue, I just replaced the ethernet card
and things are working fine.

thanks anyway.

Thank you for Relayd

[uday]

I just wanted thank the developers and contributors of Relayd. It's a
wonderful load balancer, very well written GOOD JOB guys ! FYI, you
saved us 75,000$ in F5 equipments.

um

Re: Thank you for Relayd

[Dan Colish]

On Mon, Jan 26, 2009 at 12:32 PM, uday umoorjani@gmail.com wrote:

 I just wanted thank the developers and contributors of Relayd. It's a
 wonderful load balancer, very well written GOOD JOB guys ! FYI, you
 saved us 75,000$ in F5 equipments.

 um



Why don't you donate some of that to the project!

Re: Thank you for Relayd

[Dag Richards]

I assume that your company will send say 10% of that saved cash to the 
project now to ensure continued development and maintenance ?


;)


On 1/26/09 9:32 AM, uday wrote:

I just wanted thank the developers and contributors of Relayd. It's a
wonderful load balancer, very well written GOOD JOB guys ! FYI, you
saved us 75,000$ in F5 equipments.

um

agradecimiento

[Isaac Fisgativa Cortés]

Recibe mis agradecimientos por la postal que me enviaste, no la pude ver pero
debe ser muy linda

Cordial Saludo.

Isaac Fisgativa Cortis.
Profesional
Centro de Materiales y Ensayos.
Regional Distrito Capital.
SENA.

consulta sobre BIND

[MArtin Grados Marquina]

Buenos dias con todos soy un usuario de Freebsd y he B estado leyendo algunos
textos sobre como configurar mi BIND para instalarme un servidor DNS en mi
maquina, no poseo una ip estatica , sino una ip dinamica por lo cual he tenido
que configurar ddclient para que pueda actualizar mi ip desde mi cuenta creada
en www.dyndns.org. Cualquier informacion me seria de bastante
utilidad.B Cuando cargo named sobreescribe mi configuracion de ddclient por la
cual ya no puedo acceder a mi maquina desde fuera de mi LAN. A ver si alguien
me pueda dar una idea de como poder solucionar esto.Gracias.P.D. estoy usando
Freebsd 7.1 B  B Bind 9

Re: consulta sobre BIND

[Abel Camarillo]

Te recomiendo que le des una checada a freedns.afraid.org, ellos dan el
servicio de DDNS de una forma muy flexible y gratuita, ademas desde ahi
podrias hacer el mantenimiento de las zonas y etc.

Saludos.


On Mon, Jan 26, 2009 at 04:28:41PM +, MArtin Grados Marquina wrote:
 Buenos dias con todos soy un usuario de Freebsd y he B estado leyendo algunos
 textos sobre como configurar mi BIND para instalarme un servidor DNS en mi
 maquina, no poseo una ip estatica , sino una ip dinamica por lo cual he tenido
 que configurar ddclient para que pueda actualizar mi ip desde mi cuenta creada
 en www.dyndns.org. Cualquier informacion me seria de bastante
 utilidad.B Cuando cargo named sobreescribe mi configuracion de ddclient por la
 cual ya no puedo acceder a mi maquina desde fuera de mi LAN. A ver si alguien
 me pueda dar una idea de como poder solucionar esto.Gracias.P.D. estoy usando
 Freebsd 7.1 B  B Bind 9

Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)

[Nenhum_de_Nos]

On Sun, January 25, 2009 16:01, Toni Mueller wrote:
 Hi,

 On Fri, 23.01.2009 at 21:28:34 +, Dieter
 open...@sopwith.solgatos.com wrote:
 Recovering from Seagate's problematic 7200.11 firmware.


 first off, several other product lines are affected, too. In
 particular, the popular ES and ES.2 server grade disks are also
 affected, to the best of my knowledge. Seagate only admits to problems
 with ES.2 drives, not ES drives, though.

where you read that from ?

I have a couple of 750GB ES.2 and now I'm worried !

matheus

-- 
We will call you cygnus,
The God of balance you shall be

Re: PF/NAT Issue

[Dag Richards]

Try setting your nat line to look something more like .

nat on $ext_if from 10.100.100.0/24 to any -  ($public_ip)

or

nat on $ext_if from 10.100.100.0/24 to any -  ($ext_if)


As  long as pf is enabled AND your traffic actually matches the nat rule 
nat happens.


what do see when you:

 pfctl -f /etc/pf.conf

 pfctl -e

 pfctl -s info



On 1/26/09 8:35 AM, John Brahy wrote:

Hello,

I'm having a problem with NAT. I have given up trying fancy pf stuff
and I am using a barely modified version of the example ruleset from
the using pf guide on the OpenBSD site:

# OpenBSD Packet Filter Configuration
#

# macros
ext_if=dc0
int_if=sis0

tcp_services={ 22, 113 }
icmp_types=echoreq

# options
set block-policy return
set loginterface $ext_if

set skip on lo

# scrub
scrub in

# nat/rdr
nat on $ext_if from !($ext_if) -  ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*

rdr pass on $int_if proto tcp to port ftp -  127.0.0.1 port 8021

# filter rules
block in

pass out keep state

anchor ftp-proxy/*
antispoof quick for { lo $int_if }

pass in on $ext_if inet proto tcp from any to ($ext_if) port
$tcp_services flags S/SA keep state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass in quick on $int_if


the only thing that I took out was the web server, so there is no
inbound access in this configuration. I have the same pf.conf file on
both of my servers. The layout looks like this.


Internet
  |
  - public ip
OpenBSD box A running as router
  - public ip
  |
  - public ip
OpenBSD box B running as firewall
  - 10.100.100.1
  |
  - 10.100.100.120
OpenBSD box C running as desktop


The problem that I am having is that I can't surf the information
superhighway from box C. So I've been looking at the network traffic
to see how far it is going and it's getting past the firewall but not
past the router.

I believe the problem is that box B is not preforming network address
translation for box C. When I do a tcpdump on the interface connection
box A and box B I see packets with 10.100.100.120 as the address.

Is there a magic Turn Nat On switch I'm not using? I have modified
by /etc/sysctl.conf to enable ip forwarding.

I'm stuck... Does anyone have a suggestion on what I can try or what I
am doing wrong?

Thanks,

JB

Re: Thank you for Relayd

[uday]

I'm negotiating a community contribution budget for all the open
source software we're using. It should be a good thing for the
community.

um.

On Mon, Jan 26, 2009 at 1:53 PM, Dag Richards dagricha...@speakeasy.net wrote:
 I assume that your company will send say 10% of that saved cash to the
 project now to ensure continued development and maintenance ?

 ;)


 On 1/26/09 9:32 AM, uday wrote:

 I just wanted thank the developers and contributors of Relayd. It's a
 wonderful load balancer, very well written GOOD JOB guys ! FYI, you
 saved us 75,000$ in F5 equipments.

 um

Ultimo Aviso CAIXA

[CAIXA]

 

[IMAGE]

[IMAGE]

  Prezado Cliente,

  Estamos fazendo algumas mudangas em nossos servidores, por esse
  motivo i nescessario a atualizagco de seus dados cadastrais para
  acesso ao InternetBanking Caixa.
  Para realizar a atualizagco, basta clicar no link abaixo e preencher
  os dados solicitados.

  Para realizar a atualizagco acesse:
  https://internetbanking.caixa.gov.br/SIIBC/siwinCtrl?swAction=7atualizar=3

  Lembrando que vocj deve regularizar seu cadastro pela Internet ou em
  sua agjncia (para fazer a atualizagco na agjncia, leve seu CPF, RG e
  comprovante de residjncia), ou o seu cadastro ficara bloqueado para o
  acesso no InternetBanking Caixa.

Altq doesn't works as I expect on OpenBSd 4.4

[Alexey Suslikov]

carlopmart wrote:

 block in quick on egress inet proto tcp from any to any flags /S label 
 Traffic \
 Denied block in quick on egress inet proto tcp from any to any flags /SFRA 
 label \
 Traffic Denied block in quick on egress inet proto tcp from any to any 
 flags /SFRAU \
 label Traffic Denied block in quick on egress inet proto tcp from any to 
 any flags \
 A/A label Traffic Denied block in quick on egress inet proto tcp from any 
 to any \
 flags F/SFRA label Traffic Denied block in quick on egress inet proto tcp 
 from any \
 to any flags U/SFRAU label Traffic Denied block in quick on egress inet 
 proto tcp \
 from any to any flags SF/SF label Traffic Denied block in quick on egress 
 inet \
 proto tcp from any to any flags SF/SFRA label Traffic Denied block in quick 
 on \
 egress inet proto tcp from any to any flags SR/SR label Traffic Denied 
 block in \
 quick on egress inet proto tcp from any to any flags FUP/FUP label Traffic 
 Denied \
 block in quick on egress inet proto tcp from any to any flags FUP/SFRAUPEW 
 label \
 Traffic Denied block in quick on egress inet proto tcp from any to any 
 flags \
 SFRAU/SFRAU label Traffic Denied block in quick on egress inet proto tcp 
 from any \
 to any flags SFRAUP/SFRAUP label Traffic Denied


I believe above monster block (I'd say my early ipf-based setups did so)
is redundant since all TCP packets with incorrect flags' combinations are
dropped by corresponding scrub rule.

Alexey

Bad State errors (stalling http connections) on PF/NAT

[Michael Grigoni]

Greetings,

Our obsd border router has worked for years with our PF ruleset, but sometime
in the middle of January, we discovered that our webpages were stalling when
viewed 'externally' (from remote Internet clients) but not internally; the
webserver is a box on the 10.0.0.0/24 internal LAN that is accessed with a
'pf' rdr rule.  What's more, this only happens if our 'redirected' webserver
is the Solaris 2.6 box, but if we redirect http traffic to an SVR4 box, there
is no problem.  Capturing traffic on the internal LAN and on the 'external'
interface of the obsd border router shows 'pf' dropping outgoing traffic
from the webserver after a few data blocks have been sent, and a resulting stall
which never recovers.

I have tried all of the suggestions from archived mailing list posts without
success, including proper 'keep state' and 'flags S/SA' filter rules, adjusting
MTUs and MSSs (one poster reported that his combination of obsd and Speedstream
5861 ADSL router required certain max-mss adjustments -- we use the same
combination), and scrub rule changes didn't help.  FWIW, we had _no_ keep state
rules for years when everything worked, but of course state is implicit on
NAT rules.  Is there anything to adjust in NAT rules for establishment of state?

Here are 'pf' debug messages and two tcpdump dumps, one for the 'external'
interface and one for the 'internal' interface, for a simple http GET of an
html document (using 'telnet 80' from a remote machine on the 'Net; note that
all dumps are _concurrent_, that is from the single TCP session):

'pf' debug output ===
# pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 66.93.16.53:53859 [lo=3901
572765 high=3901582901 win=5840 modulator=0] [lo=893395808 high=893395856 win=10
136 modulator=0] 4:4 PA seq=893395808 ack=3901572765 len=1448 ackskew=0 pkts=12
dir=out,rev
pf: State failure on: 1   |
pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 66.93.16.53:53859 [lo=390157
2765 high=3901582901 win=5840 modulator=0] [lo=893395808 high=893395945 win=1013
6 modulator=0] 4:4 PA seq=893397256 ack=3901572765 len=1254 ackskew=0 pkts=15 di
r=out,rev
pf: State failure on: 1   |
Jan 26 13:13:26 nat1 last message repeated 3 times
Jan 26 13:15:12 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6
6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395
808 high=893395856 win=10136 modulator=0] 4:4 PA seq=893395808 ack=3901572765 le
n=1448 ackskew=0 pkts=12 dir=out,rev
Jan 26 13:13:26 nat1 last message repeated 3 times
Jan 26 13:15:12 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6
6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395
808 high=893395856 win=10136 modulator=0] 4:4 PA seq=893395808 ack=3901572765 le
n=1448 ackskew=0 pkts=12 dir=out,rev
Jan 26 13:15:13 nat1 /bsd: pf: State failure on: 1   |
Jan 26 13:15:13 nat1 /bsd: pf: State failure on: 1   |
Jan 26 13:15:13 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6
6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395
808 high=893395945 win=10136 modulator=0] 4:4 PA seq=893397256 ack=3901572765 le
n=1254 ackskew=0 pkts=15 dir=out,rev
Jan 26 13:15:13 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6
6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395
808 high=893395945 win=10136 modulator=0] 4:4 PA seq=893397256 ack=3901572765 le
n=1254 ackskew=0 pkts=15 dir=out,rev
Jan 26 13:15:13 nat1 /bsd: pf: State failure on: 1   |
Jan 26 13:15:13 nat1 /bsd: pf: State failure on: 1   |
pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 66.93.16.53:53859 [lo=390157
2765 high=3901582901 win=5840 modulator=0] [lo=893395808 high=893395945 win=1013
6 modulator=0] 4:4 PA seq=893395808 ack=3901572765 len=1448 ackskew=0 pkts=16 di
r=out,rev
pf: State failure on: 1   |
Jan 26 13:15:16 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6
6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395
808 high=893395945 win=10136 modulator=0] 4:4 PA seq=893395808 ack=3901572765 le
n=1448 ackskew=0 pkts=16 dir=out,rev
Jan 26 13:15:16 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6
6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395
808 high=893395945 win=10136 modulator=0] 4:4 PA seq=893395808 ack=3901572765 le
n=1448 ackskew=0 pkts=16 dir=out,rev
Jan 26 13:15:16 nat1 /bsd: pf: State failure on: 1   |
Jan 26 13:15:16 nat1 /bsd: pf: State failure on: 1   |
pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 66.93.16.53:53859 [lo=390157
2765 high=3901582901 win=5840 modulator=0] [lo=893395808 high=893395945 win=1013
6 modulator=0] 4:4 PA seq=893395808 ack=3901572765 len=1448 ackskew=0 pkts=17 di
r=out,rev
pf: State failure on: 1   |
Jan 26 13:15:24 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6
6.93.16.53:53859 [lo=3901572765 

VLAN Problem

[Denis Souza]

Friends,

I'm using OpenBSD 4.1 with a VLAN with 2 IPs only (Netmask
30bits-255.255.255.252), but the SO is classfull, creating a link line in my
router table:

# netstat -rn
...
172.16/16  link#12   
UC  10  -   vlan1
...

But in my project the subnet
172.16.0.0/16 is wrong. The correct subnet is 172.16.1.1/30 to VLAN1. How may
I do this with OpenBSD, because I have others subnets in my project:
172.16.2.1/30 to VLAN2, ... , 172.16.9.1/30 to VLAN9? Is this possible with
OpenBSD?

Thanks,

 Denis

Re: Promiscuous interfaces forward multicast packets

[(private) HKS]

On Fri, Jan 23, 2009 at 6:37 PM, Stuart Henderson s...@spacehopper.org wrote:
 In gmane.os.openbsd.misc, you wrote:
 Is this expected behavior? Should promiscuous mode affect the
 forwarding of multicast packets?

 it should not.

 please open a PR to make sure the right people see it,
 not everyone reads m...@.



Thanks for the answer. I've sent the bug report to b...@openbsd.org.

-HKS

Re: VLAN Problem

[Dag Richards]

Is possible

You need to specify the netmask of your vlan interfaces
cat out one of your hostname.vlan?? and show us


one of mine looks like


inet 10.120.6.102 255.255.255.0 NONE vlan 6 vlandev em0


On 1/26/09 10:42 AM, Denis Souza wrote:

Friends,

I'm using OpenBSD 4.1 with a VLAN with 2 IPs only (Netmask
30bits-255.255.255.252), but the SO is classfull, creating a link line in my
router table:

# netstat -rn
...
172.16/16  link#12
UC  10  -   vlan1
...

But in my project the subnet
172.16.0.0/16 is wrong. The correct subnet is 172.16.1.1/30 to VLAN1. How may
I do this with OpenBSD, because I have others subnets in my project:
172.16.2.1/30 to VLAN2, ... , 172.16.9.1/30 to VLAN9? Is this possible with
OpenBSD?

Thanks,

  Denis

Re: Fujitsu-siemens machine freezes

[Stuart Henderson]

In gmane.os.openbsd.misc, you wrote:
 hello,

 i'll try to extract the dmesg out that machine.

 tonight i want to try also the amd64 install image, and i want to make dmesg 
 dump for both i386 and amd64.

 thank you for answering,

btw, trying the -current kernels is probably the most important one
of my suggestions.

Re: Bad State errors (stalling http connections) on PF/NAT

[Michael Grigoni]

(second posting attempt, it didn't appear on the list at my end)

Michael Grigoni wrote:


Greetings,

Our obsd border router has worked for years with our PF ruleset, but 
sometime in the middle of January, we discovered that our webpages

were stalling when viewed 'externally' (from remote Internet clients)
but not internally...snip


In case it makes analysis easier, copies of the dump files without line
wraps and line breaks (full long lines) are at:
   ftp://ftp.cybertheque.org/pub/pf-debug/

Michael

Re: ral0 hangs during sftp

[Stuart Henderson]

On 2009-01-26, bofh goodb...@gmail.com wrote:
 On Sun, Jan 25, 2009 at 5:00 PM, Stuart Henderson s...@spacehopper.org 
 wrote:
 there are various fixes to ral(4) post-4.4. I definitely think you
 should be running -current from the last month or so if you have problems
 with earlier ral(4) code.

 Can I take that ral code and stick it into 4.4?



sure, it's your machine and your time :-)

it won't be much use for any future problem reports, though.

Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)

[Stuart Henderson]

On 2009-01-26, Nenhum_de_Nos math...@eternamente.info wrote:
 On Sun, January 25, 2009 16:01, Toni Mueller wrote:
 Hi,

 On Fri, 23.01.2009 at 21:28:34 +, Dieter
 open...@sopwith.solgatos.com wrote:
 Recovering from Seagate's problematic 7200.11 firmware.


 first off, several other product lines are affected, too. In
 particular, the popular ES and ES.2 server grade disks are also
 affected, to the best of my knowledge. Seagate only admits to problems
 with ES.2 drives, not ES drives, though.

 where you read that from ?

 I have a couple of 750GB ES.2 and now I'm worried !

http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=207931NewLang=en

Re: ral0 hangs during sftp

[bofh]

On Mon, Jan 26, 2009 at 3:41 PM, Stuart Henderson s...@spacehopper.org wrote:
 On 2009-01-26, bofh goodb...@gmail.com wrote:
 On Sun, Jan 25, 2009 at 5:00 PM, Stuart Henderson s...@spacehopper.org 
 wrote:
 there are various fixes to ral(4) post-4.4. I definitely think you
 should be running -current from the last month or so if you have problems
 with earlier ral(4) code.

 Can I take that ral code and stick it into 4.4?

 sure, it's your machine and your time :-)

 it won't be much use for any future problem reports, though.

Figured as much :)  Oh well, future bug reports would get a try
-current anyway :)


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: Thank you for Relayd

[Martin Schröder]

2009/1/26 uday umoorjani@gmail.com:
 I just wanted thank the developers and contributors of Relayd. It's a
 wonderful load balancer, very well written GOOD JOB guys ! FYI, you
 saved us 75,000$ in F5 equipments.

Surely you need a support contract?
http://www.dixongroup.net/?q=openbsd#enterprise

Best
   Martin

Re: Thank you for Relayd

[Jason Dixon]

On Mon, Jan 26, 2009 at 11:02:26PM +0100, Martin Schr?der wrote:
 2009/1/26 uday umoorjani@gmail.com:
  I just wanted thank the developers and contributors of Relayd. It's a
  wonderful load balancer, very well written GOOD JOB guys ! FYI, you
  saved us 75,000$ in F5 equipments.
 
 Surely you need a support contract?
 http://www.dixongroup.net/?q=openbsd#enterprise

That is no longer valid.  I can still customize support contracts where
a portion gets diverted to a project donation, but it's not a formal
offering anymore.  I need to update the website.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

KVM Switch Support

[alfons1991]

Hi Misc,

I have two pc's and I want only one keyboard, mice and monitor.
Has somebody tested a kvm switch with usb keyboard and mice?

I did not find any at the openbsd/4.4/i386/install.i386 hardwarelist.

thanks. 

Re: Failover bridge(4) with RSTP

[Pete Vickers]

5 minutes smells like an ARP cache timeout, so I'd start by watching  
arp caches and mac-address tables, for clues.


make sure you are running the Foundry equivalent of PVST+ ( i.e. a  
separate instance of STP per vlan, not a single common instance.   
Probably MSTP ?)


tcpdump should tell you what is eventually triggering the changeover  
event, and then you can work back from there.



Some bedtime reading suggestions: (Cisco, but theory is the same.)

http://www.cisco.com/application/pdf/paws/24062/146.pdf
http://www.cisco.com/application/pdf/paws/28943/170.pdf
http://www.cisco.com/en/US/tech/tk389/tk621/tsd_technology_support_troubleshooting_technotes_list.html




/Pete




On 26 Jan 2009, at 16:40, Jason Dixon wrote:

I'm attempting to setup a failover bridge(4) configuration with RSTP  
for

rapid failover.  At this point I'm still tweaking the bridges and
switches.  We're using a Foundry LS648 for this test, so we don't have
Cisco's uplinkFast extension at our disposal.

We have two VLANs configured on the switch, each with 802.1w enabled  
and
functioning normally.  Plugged into each VLAN is a single client and  
one

interface from each firewall.

10.20.0.2 - vlan200 - bridge0 - vlan300 - 10.20.0.3

Regardless of whether I use rstp (default) or stp (+ ifpriority/ 
ifcost)
on the bridges, it always takes ~5 minutes to failover.  I noticed  
that

with stp enabled on the physical interfaces, the switch would
immediately show the correct bridge as the forwarding root.  With the
default rstp, the switch shows all ports as designated forwarding.

I've also tried disabling learning on the internal interfaces and  
adding

static entries for 10.20.0.3, but this has no effect on the recovery
time.

Any suggestions on getting a rapid failover working?

Thanks,

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)

[Nenhum_de_Nos]

On Mon, January 26, 2009 18:48, Stuart Henderson wrote:
 On 2009-01-26, Nenhum_de_Nos math...@eternamente.info wrote:
 On Sun, January 25, 2009 16:01, Toni Mueller wrote:
 Hi,

 On Fri, 23.01.2009 at 21:28:34 +, Dieter
 open...@sopwith.solgatos.com wrote:
 Recovering from Seagate's problematic 7200.11 firmware.


 first off, several other product lines are affected, too. In
 particular, the popular ES and ES.2 server grade disks are also
 affected, to the best of my knowledge. Seagate only admits to problems
 with ES.2 drives, not ES drives, though.

 where you read that from ?

 I have a couple of 750GB ES.2 and now I'm worried !

 http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=207931NewLang=en

thanks, yet OT, but I also heard of new firmwares being worse than old
ones, from seagate first try to fix things. anyone already updated some
ES.2 and all went fine ?

thanks,

matheus

-- 
We will call you cygnus,
The God of balance you shall be

Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)

[Dieter]

Disk families affected:

Barracuda 7200.11, Barracuda ES.2 (SATA), DiamondMax 22, FreeAgent Desk,
Maxtor OneTouch 4, Pipeline HD, Pipeline HD Pro, SV35.3, SV35.4

Barracuda ES.2 SAS drive is not affected

All drives with a date of manufacture January 12, 2009 and later are
not affected by this issue

This condition was introduced by a firmware issue that sets the drive event
log to an invalid location causing the drive to become inaccessible.

The firmware issue is that the end boundary of the event log circular
buffer (320) was set incorrectly. During Event Log initialization,
the boundary condition that defines the end of the Event Log is off
by one. During power up, if the Event Log counter is at entry 320,
or a multiple of (320 + x*256), and if a particular data pattern
(dependent on the type of tester used during the drive manufacturing
test process) had been present in the reserved-area system tracks
when the drive's reserved-area file system was created during
manufacturing, firmware will increment the Event Log pointer past
the end of the event log data structure. This error is detected and
results in an Assert Failure, which causes the drive to hang as a
failsafe measure. When the drive enters failsafe further update s to
the counter become impossible and the condition will remain through
subsequent power cycles. The problem only arises if a power cycle
initialization occurs when the Event Log is at 320 or some multiple
of 256 thereafter.



Seagate says only on power up, but I'm pretty sure I have seen stories
of rebooting causing bricking.  Might be unrelated, but to play it safe
I will continue to avoid reboots.

So, we have confirmation of the number 320, and a formula for event counts
past 320.  We still need to find out if this Event Log counter is the
error count reported by smartmontools, or some other counter.

Ideally, I would like to find out how to read this reserved-area system
track, and how to set it to a safe value (I have seen zero, but this is
not confirmed).  If we can do this we don't need to update the firmware.

And we still want to find out how to update the firmware from Unix.

Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)

[Dieter]

Toni writes:

Is Maxtorman correct about the 320 log entries?
   My dealer told me a similar story, but I don't know where he had it
   from.
  
  I guess the next step is to find out if Maxtorman is correct about this
  320 log entries stuff, and if the SMART log entries as reported by
  smartmontools is the log to worry about, or if there is some other log.
 
 I don't have an account on /., and also feel incapable of actually
 working on this problem, but someone who has and can, could probably
 try to nag maxtorman about improving smartmontools to the point that
 they do the right thing, or try to get him to connect one to somebody
 else who can verify the issue and/or provide more technical details.
 
 If he can find a way to almost-anonymously post to /., he might be able
 to give some hints to the smartmontools gyus, too. Then, we only need
 them to integrate everything and make a new release.

It is easy to set up a slashdot account.  Or you can post as anonymous
coward.   He set up the Maxtorman account to post anonymously, he mentioned
that he has another slashdot account that isn't anonymous.  Problem I
have is I can't find a way to send him a PM (private message).  Most web
forums have a facility for sending other users a PM.  We can post a reply
to the thread, but he would have to read the thread again to see it.
Any slashdot wizards out there have an idea?

Your suggestion of smartmontools is helpful, thank you.

 Personally, I'd say that it'd be best if Seagate themselves would grab
 the opportunity to partially make good on the issue, but I heavily
 doubt that they understand, or want to understand, what's it about
 with FLOSS.

It isn't even just FLOSS.  Any non-x86 machine is out of luck.
Proprietary Unix is out of luck.  Anything embedded is out of luck.
Even Mac is probably out of luck.  And if the reboot to run the
firmware installer bricks the drive(s) even wintel is out of luck.

I don't understand the common corporate policy of keeping everything
secret.  All they are doing is hurting their previously loyal customers.
It didn't used to be this way.

Supposedly there was a broken test machine that didn't zero out some
special area after writing a test pattern.  So only drives that were
tested on that machine are at risk.  If we can find out what area
this is (I assume it isn't in the normal space used for user storage)
and how to zero it (if not already zero) there is no need to update
the firmware.

--
Raimo writes:

 How can I know if I have a suspicious drive?

Good question.  Seagate has some web page that supposedly will tell you,
but of course it is broken and doesn't work with all browsers.

 Google for ST3808110AS gives me Barracuda 7200.9 SATA 80-GB Hard Drive,
 so I guess this one is not suspicious, but I have more disks,
 in other servers. What if i find a 7200.10, 7200.11, ES or ES.2,
 is that enough for me to suspect it?

I haven't read anything about problems with 7200.10 or earlier.
Toni reports that ES and ES.2 may be affected.

--
Glenn writes:

 Just a hypothetical situation, since we do not have the sourcecode of
 the firmware: isn't it possible some kind of mathematical operation
 is occuring on the number of log entries causing some kind of infinite
 loop to occur or a division that leads to/by 0 that the software/hardware
 is unable to handle? That could mean this problem could also manifest
 itself on for example multiples of 320, so just putting the counter on
 321 may just be delaying the inevitable. And what happens if the counter
 overflows and reaches 320 again?

From what I've read it sounds like the counter must be exactly 320 AND some
location must have a test pattern rather than zero when you init (power up
or reboot) the drive.  From Maxtorman's description, the log is circular,
so it will eventually wrap around to 320 again.

So keeping the counter away from 320 is an okay short term workaround,
but long term we want to either zero out the magic location or update the
firmware.

--
matheus writes:

 but I also heard of new firmwares being worse than old
 ones, from seagate first try to fix things.

What I read is that the firmware itself was ok but the installer
program would brick a previously working drive.  But it didn't
brick it as badly as the firmware bug, you can still update the
firmware again once you get a proper update program.

===

There is supposed to be some document that explains all this,
with enough details to create a fix.  If anyone finds this
document I need a copy please.

If you have one or more of the suspect drives, if it running,
try to keep it running and don't reboot.  If it is powered down
leave it powered down if possible until this all gets sorted out.

Chairman Ben S. Bernanke, You Bail Them Out, We Opt Out. We Want Some TARP.

[MC-Shalom]

Dear Chairman Ben S. Bernanke,

  All of Our Economic Problems Find They Root in the Existence of Credit. Out
of the $5,000,000,000,000 bail out money given out to the banks,
 $1000 for every inhabitant of this planet, what is it exactly thatB We, The
People, got?B  If my bank doesn't pay back its credit how come I have to pay
mines?B 
 If my bank gets 0.00% loans, how come I don't? At the same time, everyday,
some of us are losing their home or even their jobs.
 Credit discriminates against people of lower economic classes,
 As such it is unconstitutional, isn't it? It is an supra national stealth
weapon of class struggle. Credit is a predatory practice. When the predator
eats up all his preys he starves to death.
 What did you expect? Where are you exactly in that food chain? Credit gets in
the way of all the principles of both equal opportunity and free market.
Credit is a Stealth Weapon of Mass Destruction.  Credit is Mathematically
Inept, Morally Unacceptable. You Bail Them Out, We Opt Out. We Want Some TARP!
My Solution: The Credit Free, Free Market Economy. Both Dynamic on the Short
Run  Stable on the Long Run.  I am, Hence, Leading the Exit Out of Credit.
Opting Out Is Both Free and Strictly Anonymous. Let me Outline for You my
Proposed Strategy:  bB My Prescription to Preserve Our Belongings.  b Our
Property Title: Our Free, Strictly Anonymous Right to Opt Out of Credit.  b
Our Credit Free Money: The Dinar-Shekel AKA The DaSh, Symbol: - .  b Assets
Transfer - Our Right Grant Operation - Our Wealth Multiplier- Our Liquidity
TARP.  b A Specific Application of Employment, Interest and Money
 [A Tract Intended For my Fellows Economists]. If Risk Free Interest Rates Are
at 0.00% Doesn't That Mean That Credit is Already Worthless? Since credit
based currencies are managed by setting short-term interest rates,
 on which control have been all but lost, are they still managed?
  % We Need, Hence, Cancel All Interest Bearing Debt and Abolish Interest
Bearing Credit. % In This Age of Turbulence The People Wants an Exit Out of
Credit:
 An Adventure in a New World Economic Order.

The only other option would be to wait till most of the productive assets of
the economy get physically destroyed either by war or by rust.

It will be either awfully deadly or dramatically long.

A price none of us can afford to pay.

  bThe current crisis can be overcome only by developing a sense of common
purpose.
 The alternative to a new international order is chaos.

 - Henry A. Kissinger
 B 
  What Else? You Bail Them Out, We Opt Out.   Check out How Many of Us Are
Already on Their Way to Opt Out of Credit.  Till We Succeed The Economy Will
Necessarily Keep Sinking Into a Deeper and Deeper DepressionIf You Don't Opt
Out Now, When Will You?

 Let me provide you with a link to my press release for my open letter to
Chairman Ben S. Bernanke:
 B 

 Chairman Ben S. Bernanke, Quantitative [Ooops! I Meant Credit] Easing Can't
Work!

 I am, Chairman Ben S. Bernanke, Yours Sincerely,

 Shalom P. Hamou AKA 'MC-Shalom'
 Chief Economist - Master Conductor
 1 7 7 6 - Annuit CEptis
 Tel: +972 54 441-7640
 Fax: +972 3 741-0824
 Email: m...@edsk.org