Re: Printing to Windows

[J.C. Roberts]

On Sun, 24 May 2009 23:39:17 -0400  wrote:

> If anyone is printing successfully to an OfficeJet served on an XP
> box from OBSD 4.4 or later, I'd sure appreciate knowing how you do it.

The best answer is simply buy a good quality, postscript, network
enabled printer.

The second best answer is CUPS.

You're attempting the worst possible answer, namely printing through
MS-windows. I haven't ever tried it myself, but I'd bet if it is
possible, then you'll be doing it through samba (in ports) and possibly
CUPS (in ports).

NOTE: There were a handful of commits to ports-changes@ in the last
week or two regarding samba and cups, so you might want to try
installing -current through a snapshot, and building the needed
printing related ports yourself.

-- 
J.C. Roberts

Re: Printing to Windows

[Nils.Reuvers]

It would require Samba and Cups.

Read more here
http://www.faqs.org/docs/Linux-mini/Debian-and-Windows-Shared-Printing.html

Should give you a headstart.

Nils

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
eagir...@cox.net
Sent: maandag 25 mei 2009 5:39
To: misc@openbsd.org
Subject: Printing to Windows

If anyone is printing successfully to an OfficeJet served on an XP box from
OBSD 4.4 or later, I'd sure appreciate knowing how you do it.

--
Ed Ahlsen-Girard
Ft. Walton Beach FL


=

A disclaimer applies to this email and any attachments.
Refer to http://www.sparkholland.com/emaildisclaimer for the full text of this
disclaimer.

Realtek 8169 chip PCMCIA network card error messages

[LEVAI Daniel]

Hi!

When I plug in a Linksys PCM1000 Gigabit Network card to my PCMCIA slot, I can
see these messages in dmesg:
re0 at cardbus0 dev 0 function 0 "Realtek 8169" rev 0x10: RTL8169/8110SB
(0x1000), irq 268505099, address 00:12:17:f0:c8:21
re0: PHY write failed
re0: PHY write failed
re0: PHY read failed
re0: no PHY found!

I don't know if related to this, but it works only at 100Mbit. Is this card
unsupported at Gbit, or do I have to configure something to make it work?
Also, what does the above error message mean, and what is that weird irq
number?


Any information would be appreciated, thanks!


I'm using -current, and here is my dmesg:

OpenBSD 4.5-current (GENERIC.MP) #13: Wed May 20 15:10:35 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,A
CPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
real mem  = 1072066560 (1022MB)
avail mem = 1028255744 (980MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/02/06, BIOS32 rev. 0 @ 0xfd6b0,
SMBIOS rev. 2.4 @ 0xe0010 (68 entries)
bios0: vendor LENOVO version "79ET66WW (1.10 )" date 08/02/2006
bios0: LENOVO 2007FRG
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4)
EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83
GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,A
CPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpicpu1 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "42T4511" serial 21826 type LION oem "SANYO"
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit offline
acpithinkpad0 at acpi0
acpidock at acpi0 not configured
acpivideo at acpi0 not configured
acpivideo at acpi0 not configured
bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000!
0xe/0x1
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b2c06000613
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1000 MHz (1004 mV): speeds: 1833, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03: apic 1 int 16
(irq 11)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility X1400" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 1 int 16 (irq 11)
drm0 at radeondrm0
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 1
int 17 (irq 11)
azalia0: RIRB time out
azalia0: codecs: Analog Devices AD1981HD, 0x/0x, using Analog Devices
AD1981HD
azalia0: RIRB time out
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int 20
(irq 11)
pci2 at ppb1 bus 2
em0 at pci2 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 1 int
16 (irq 11), address 00:16:41:aa:d2:70
ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int 21
(irq 11)
pci3 at ppb2 bus 3
wpi0 at pci3 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 1
int 17 (irq 11), MoW2, address 00:18:de:65:2d:37
ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 1 int 22
(irq 11)
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 1 int 23
(irq 11)
pci5 at ppb4 bus 12
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1 int 16
(irq 11)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1 int 17
(irq 11)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 1 int 18
(irq 11)
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 1 int 19
(irq 11)
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 1 int 19
(irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 functio

Re: multiple videocards... for console text

[Tomáš Bodžár]

Something like that?
http://haskell.org/sitewiki/images/a/aa/Screen-triplehead-galois.jpg
Maybe I don't understand what do you want to do,but I haven't problem
with X and work in terminals.I have a lot of them on my two or three
monitors.

2009/5/23 Need Coffee :
> On Fri, May 22, 2009 at 12:37 AM, Joel Wiramu Pauling
>  wrote:
>> Just use USB to RS323 convert cables and have as many heads as you like
off
>> of dumb terminals. Or old laptops.
>>
>>
>> ;-)
>
> Thanks, but my goal was not just to add more text consoles, it was to
> actually create more
> VTs on existing heads. B I have 3 monitors. B We're all painfully aware
> of the Xorg limitations
> with multiple pci graphics cards. B So, I wanted to run them in text
> mode (80x50 of course B :)
>
> 80x50 is easy. B It's the "getting all 3 monitors to work
> independently" that isn't.
>
>
>
>> 2009/5/22 Need Coffee 
>>>
>>> Hi, I have kind of a weird question.
>>>
>>> I have two video cards in an amd64/-current machine.
>>>
>>> Both cards have dual-head capability.
>>>
>>> At the text console, the same text appears on both ports.
>>>
>>> Would it be possible to either:
>>>
>>> - make the ports separate consoles (seems unlikely)
>>>
>>> - run each card independently (so, more VT's offered on
>>> the second video card)
>>>
>>> Or some variant of these? B Thanks in advance.
>
>



--
http://www.openbsd.org/lyrics.html

Re: OpenBSD and VPN 1411 Criptographic Card

[Daniel Gracia Garallar]

AFAIK, crypto accel cards will be used by the OpenBSD kernel whenever 
possible without further user intervention needed other than plugging 
the card and rebooting the system.


Make sure your dmesg displays the hifn* device and make some performance 
test: you may be satisfied.


Joco Salvatti escribis:

Hi misc,

I bought a Soekris Net5501 with a cryptographic card VPN1411
(Authentication, SHA-1 and MD5, Public Key, RSA, DSA, SSL, IKE and DH,
Hardware random number generator) and I would like to know if any
configuration is needed in OpenBSD kernel to use this card when
cryptography is necessary.

eg. When a VPN IPSec is done.

--
Joco Salvatti
Graduated in Computer Science
Federal University of Para - UFPA - Brazil
E-Mail: salva...@gmail.com

Printing to Windows

[eagirard]

If anyone is printing successfully to an OfficeJet served on an XP box from 
OBSD 4.4 or later, I'd sure appreciate knowing how you do it.

--
Ed Ahlsen-Girard
Ft. Walton Beach FL

Re: Invalid 802.1q vlan id using em0 (Intel PRO/1000T) on 4.5

[Axton]

On Sun, May 24, 2009 at 2:52 PM, Axton  wrote:
> The vlan id for my em0 interface is not reading properly after upgrading to
> 4.5.
>
> Tcpdump shows some wild vid values in the traffic when using em0:
>
> * This traffic should be on vlan2 (lan)
> 00:21:70:c5:3d:4f ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 512 pri 0 arp
> who-has 10.107.208.1 tell 10.107.208.50
>
> * This traffic should be on vlan3 (egress vlan)
> 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 768 pri 0 arp
> who-has 98.196.101.152 tell 98.196.100.1
> 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 768 pri 0 arp
> who-has 98.196.88.115 tell 98.196.88.1
>
> * This traffic should be on vlan4, it is correct:
> 00:02:b3:ed:68:89 01:00:5e:7f:ff:fa 8100 308: 802.1Q vid 4 pri 0
> 10.0.0.1.29275 > 239.255.255.250.1900: udp 262 [ttl 1]
> 00:02:b3:ed:68:89 01:00:5e:7f:ff:fa 8100 380: 802.1Q vid 4 pri 0
> 10.0.0.1.29275 > 239.255.255.250.1900: udp 334 [ttl 1]
>
> It seems as though the vlan id is being multiplied by 256 for vlans 2 and
3.
>
>
> When I use the gem0 interface on the same machine, things work:
>
> * This traffic should be on vlan2 (lan), it is correct:
> 00:03:ba:04:b2:1d 00:50:8d:95:39:17 8100 110: 802.1Q vid 2 pri 0
> 10.107.208.1.22 > 10.107.208.102.2692: P 920030:920082(52) ack 11189 win
> 17520 (DF) [tos 0x10]
> 00:03:ba:04:b2:1d 00:50:8d:95:39:17 8100 110: 802.1Q vid 2 pri 0
> 10.107.208.1.22 > 10.107.208.102.2692: P 920082:920134(52) ack 11189 win
> 17520 (DF) [tos 0x10]
>
> * This traffic should be on vlan3 (egress vlan), it is correct:
> 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 3 pri 0 arp who-has
> 98.194.104.216 tell 98.194.104.1
> 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 3 pri 0 arp who-has
> 76.31.110.47 tell 76.31.108.1
>
> * This traffic should be on vlan4, it is correct:
> 00:03:ba:04:b2:1d 01:00:5e:7f:ff:fa 8100 373: 802.1Q vid 4 pri 0
> 10.0.0.1.10117 > 239.255.255.250.1900: udp 327 [ttl 1]
> 00:03:ba:04:b2:1d 01:00:5e:7f:ff:fa 8100 373: 802.1Q vid 4 pri 0
> 10.0.0.1.10117 > 239.255.255.250.1900: udp 327 [ttl 1]
>
>
> The em0 interface worked without an issue using 4.4 as did gem0.
>
>
> Here are my interface configurations using gem0:
> # ifconfig -a
> lo0: flags=8049 mtu 33160
> priority: 0
> groups: lo
> inet 127.0.0.1 netmask 0xff00
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> gem0: flags=8863 mtu
1500
> lladdr 00:03:ba:04:b2:1d
> priority: 0
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1
> em0: flags=8843 mtu 1500
> lladdr 00:02:b3:ed:68:89
> priority: 0
> media: Ethernet autoselect (none)
> status: no carrier
> inet6 fe80::202:b3ff:feed:6889%em0 prefixlen 64 scopeid 0x2
> enc0: flags=0<> mtu 1536
> priority: 0
> vlan2: flags=8843 mtu 1500
> lladdr 00:03:ba:04:b2:1d
> priority: 0
> vlan: 2 priority: 0 parent interface: gem0
> groups: vlan
> inet6 fe80::203:baff:fe04:b21d%vlan2 prefixlen 64 scopeid 0x5
> inet 10.107.208.1 netmask 0xff00 broadcast 10.107.208.255
> vlan3: flags=8843 mtu 1500
> lladdr 00:03:ba:04:b2:1d
> priority: 0
> vlan: 3 priority: 0 parent interface: gem0
> groups: vlan egress
> inet6 fe80::203:baff:fe04:b21d%vlan3 prefixlen 64 scopeid 0x6
> inet x.x.x.x netmask 0xfc00 broadcast 255.255.255.255
> vlan4: flags=8843 mtu 1500
> lladdr 00:03:ba:04:b2:1d
> priority: 0
> vlan: 4 priority: 0 parent interface: gem0
> groups: vlan
> inet6 fe80::203:baff:fe04:b21d%vlan4 prefixlen 64 scopeid 0x7
> inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
> vlan5: flags=8843 mtu 1500
> lladdr 00:03:ba:04:b2:1d
> priority: 0
> vlan: 5 priority: 0 parent interface: gem0
> groups: vlan
> inet6 fe80::203:baff:fe04:b21d%vlan5 prefixlen 64 scopeid 0x8
> inet 10.180.16.1 netmask 0xff00 broadcast 10.180.16.255
> pflog0: flags=141 mtu 33160
> priority: 0
> groups: pflog
>
> Here are my interface configurations using em0:
> lo0: flags=8049 mtu 33160
> priority: 0
> groups: lo
> inet 127.0.0.1 netmask 0xff00
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> gem0: flags=8863 mtu
1500
> lladdr 00:03:ba:04:b2:1d
> priority: 0
> media: Ethernet autoselect (none)
> status: no carrier
> inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1
> em0: flags=8843 mtu 1500
> lladdr 00:02:b3:ed:68:89
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex,master)
> status: active
> inet6 fe80::202:b3ff:feed:6889%em0 prefixlen 64 scopeid 0x2
> enc0: flags=0<> mtu 1536
>

Re: OSSv4 on OpenBSD

[Jacob Meuser]

On Sun, May 24, 2009 at 07:48:27PM -0400, Predrag Punosevac wrote:
> A friend of mine who is an avid NetBSD user kept complaining about how
> bad is audio on NetBSD. After getting sick of hearing complains, 
> I asked on OSS mailing lists about OSSv4 support for NetBSD and OpenBSD.
> I actually got a very interesting answer 
> 
> http://www.4front-tech.com/forum/viewtopic.php?t=3133
> 
> I recall OSS being discussed on this mailing list after OSS went 
> open source and changed the license. Can Jake or any other developers 
> in charge of audio on OpenBSD explain the issues involved in porting 
> OSSv4 to OpenBSD? 
> 
> I personally have fantastic experience with our audio but I would 
> think that OpenBSD could benefit at least from extra audio drivers.
> Am I very wrong? Sorry for the noise.

audio(4) and all the current audio drivers would need to be
modularized to not conflict with OSSv4.  OpenBSD doesn't use
modules by default, so users who would want to use OSSv4 would
be running an unsupported system.

I have tried taking small bits from 4Front drivers (for cmpci(4)
and azalia(4)), but it has not been very helpful, for various
reasons.  I've learned more by looking at FreeBSD and ALSA drivers.

some of the 4Front drivers were developed under NDAs, so the only
"documentation" available to us is the driver source.

having 2 vastly different audio APIs is not helpful, at all.
arguably, OSSv4 would be a third (or fourth even) audio API that
we would be supporting, as OSSv4 is different than OSSv3, which
we already support with ossaudio(3).

even though OpenBSD and NetBSD share the same basic audio code,
there are numerous differences, starting with aucat(1) and
sio_open(3) and going all the way down to the low level drivers.
it appears this diversion is going to continue.  I've tried
sending patches for simple bugs azalia(4) to NetBSD devs that
never got acted on, and they have a GSoC project to add support
for stream mixing in the kernel.

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: pf, altq, packet rate

[irix]

Hello Misc,

About  add some queue disciplines, I agree with you.
But about  completion of porting CNDR , about dynamic queues and about
packet rate limit per state your position is not clear.

Why CNDR porting froze in halfway, Why not bring to the end ?

-- 
Best regards,
 irix  mailto:i...@ukr.net

bugs in bioctl/softraid

[wuff wuff]

The following setup seams to indicate that bioctl aint able to handle 2
+ TB volumes.


Controler: Perc RAID 5/i, mfi0
HDDs: 4x1TB
RAID: 5
Configuration: Configured during the controler BIOS
Volume 00 appears as: sd0

disklabel -E sd0
#size   offset  fstype [fsize bsize  cpg]
  a:   5857345473   63RAID
  c:   58573455360  unused
#

I had to use "b" + "*" to gain the whole space!
You might wanna document that in the manpage?

Before using "b"+"*" the size was limited to: 1562363692
But ok..: Created a partition called "a" and attaching it to softraid0 for
the Crypto discipline.
sd1 appears but aint able to use the whole space.
"b"+"*" did not solved it.

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  c:   15623636920  unused
#
# dmesg |grep sd1
sd1 at scsibus2 targ 0 lun 0:  SCSI2 0/direct
fixed sd1: 762872MB, 512 bytes/sec, 1562363692 sec total
# dmesg |grep sd0
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct
fixed sd0: 2860032MB, 512 bytes/sec, 5857345536 sec total
# uname -a
OpenBSD kerberos 4.5 GENERIC#2052 amd64
#

Does anybody knows how to may solve this?

I can use sd0 completly and without issues.
It just seams softraid has somehow problems to get the whole space.
Another Bug in the great FS layer(-logic) of OpenBSD...

And if you dislike your console simply use bioctl -i mfi0 and it will
fuck up (no aborting possible! Very cool and l33t if you're connected
via Serial connections).
Of course bioctl is in D+ state making it impossible for root to kill it... ;-)

I just thought others might should be aware of this too.
But if anybody knows how to use a big disk with softraid pls enlight me.

Kind regards,
Rembrandt

OSSv4 on OpenBSD

[Predrag Punosevac]

A friend of mine who is an avid NetBSD user kept complaining about how
bad is audio on NetBSD. After getting sick of hearing complains, 
I asked on OSS mailing lists about OSSv4 support for NetBSD and OpenBSD.
I actually got a very interesting answer 

http://www.4front-tech.com/forum/viewtopic.php?t=3133

I recall OSS being discussed on this mailing list after OSS went 
open source and changed the license. Can Jake or any other developers 
in charge of audio on OpenBSD explain the issues involved in porting 
OSSv4 to OpenBSD? 

I personally have fantastic experience with our audio but I would 
think that OpenBSD could benefit at least from extra audio drivers.
Am I very wrong? Sorry for the noise.

Predrag

Re: OT, .. Majordomo problem

[L. V. Lammert]

On Sat, 23 May 2009, Frank Bax wrote:

> Your subject says it all; this is OT on this list; try MD list at:
>   http://www.greatcircle.com/majordomo/
>
Tried that last time, .. thought there might be someone here that knew MD.

Lee

Re: Ral0, WPA2 and ASCII keys?

[Stefan Unterweger]

* woolsherpahat on Sun, May 24, 2009 at 03:25:06PM -0700:
> my /etc/hostname.ral0:

>   dhcp NONE NONE NONE nwid my_ap wpa wpaprotos wpa2 wpapsk  \
> $(wpa-psk my_ap "SECRET")


> When I run 'sh /etc/netstart' I get this error:

> ifconfig: wpapsk: bad pre-shared key length
> ral0: no link . sleeping
> ifconfig: wpa-psk  blahrg "SECRET": bad value

I have found this in wpa-psk(1): "The passphrase must be a
sequence of between 8 and 63 ASCII-encoded characters.  The
length of the SSID must be between 1 and 32 octets."
If the error message isn't just here because of the
"SECRET"-placeholder, maybe you might want to check the lenght of
your passphrase.


s//un

Ral0, WPA2 and ASCII keys?

[woolsherpahat]

Hello @misc:


I have a clean install of OpenBSD 4.5 (i386) on a Soekris 4501.  I'm
trying to setup it up as a wireless client.  My access point is a
Linksys WRT54G with the latest firmware.  Encryption is handled with
WPA2 (TKIP + AES) and a pre-shared ASCII key.  I cannot get the
OpenBSD system to associate with the access point.

my /etc/hostname.ral0:

  dhcp NONE NONE NONE nwid my_ap wpa wpaprotos wpa2 wpapsk  \
$(wpa-psk my_ap "SECRET")


When I run 'sh /etc/netstart' I get this error:

ifconfig: wpapsk: bad pre-shared key length
ral0: no link . sleeping
ifconfig: wpa-psk  blahrg "SECRET": bad value

Does anyone have any ideas what I'm doing wrong?  The configuration
was straight out of the manfile.  Is there anyway to sniff the
wireless traffic so I can figure out what part of the association is
failing?  Any help would be appreciated.

Thanks.

 -K



-- 
"Since love and fear can hardly exist together, if we must choose
between them, it is far safer to be feared than loved."
  -Niccolo Machiavelli

Re: OpenBGP default route selection process

[Stuart Henderson]

On 2009-05-24, Justin Credible  wrote:
> On Sat, May 23, 2009 at 6:35 PM, Justin Credible
> *>199.185.136.0/2364.x.x.x  200 1 3549 812 812 812 812 3602 
> 22512 i
> * 199.185.136.0/23212.x.x.x 100   500 3356 6453 812 3602 22512 i
> # route -n show | grep 199.185.136
> 199.185.136/23 212.x.x.x UG100 -48 vlan400

this is pretty wierd, bgpd thinks it has installed a route to the
kernel (*>) but it isn't actually there.

I've seen something a bit like this once, when I botched a router
upgrade and managed to upgrade /etc/rc.conf but not /etc/rc, which
resulted in an old copy of routed being accidentally run and
messing with the routes from the other routing daemons. (I noticed
the problems but didn't find what was causing them until I happened
to do 'route -n monitor' and noticed route changes were coming from
separate process ids, which made me look at which daemons were
running).

...

>>
>>> I don't know why that setting in particular set all of my routes to
>>> point at Level 3 regardless of the preferential settings against it,
>>> but how i got around it is simple.
>>>
>>> route add -mpath default gw1
>>> route add -mpath default gw2
>>> etc...
>>>
>>> Then change that setting to
>>>
>>> nexthop qualify via default
>>>
>>
>> Why did you set this? Just for fun or was there a reason behind it.
>> If you need to use "nexthop qualify via default" or "nexthop qualify via
>> bgp" then you have an error in your network setup. Either you should use
>> an IGP (like ospfd) or have a static route to the bgp router.
>
> I toggled this setting to see if it would make a difference on the
> routing tables. My main reason for setting preferred routes is because
> BGP was selecting Level3 as default for our route to Latin America. We
> implemented GBLX since there are only two or three hops to Latin
> America through them, but BGP wasn't selecting them by default,

BGP doesn't know about hops, only AS paths. (And in reality you can't
tell much from "hops", fewer IP hops might just mean they have longer
and more complex tunnels of one sort or another).

One tool for dealing with sending certain geographic regions via a
particular transit is to have your providers tag their routes with
communities denoting the geographic origin (some do this, others don't.
see as3356 whois entry for examples of what level3 do). You can use
this, or alternatively hand-selected AS, in match rules in bgpd.conf
and adjust localpref/weight/prepend to influence outbound traffic.
Note that localpref is a sledgehammer approach; a hugely long AS path
with localpref 101 beats a very short path with localpref 100.

Influencing the route traffic takes to reach you is trickier and a
lot less direct.

> therefore i had to manually intervene. This setting seems to have
> fixed that particular problem but the problem in thread "BGP
> responding with wrong IP address." still exists somewhat. In a way
> they are related, in more ways they are not, that's why I have them as
> separate threads.

Host X traceroutes through your router. If your kernel route _to_ host X
is via level3, it doesn't matter how their packets reach you, your level3-
facing interface is the one that will show up. And with the problem
you've got where kernel routes don't match the routes bpd is trying to
use, this obviously causes the problem much of the time.

Invalid 802.1q vlan id using em0 (Intel PRO/1000T) on 4.5

[Axton]

The vlan id for my em0 interface is not reading properly after upgrading to
4.5.

Tcpdump shows some wild vid values in the traffic when using em0:

* This traffic should be on vlan2 (lan)
00:21:70:c5:3d:4f ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 512 pri 0 arp
who-has 10.107.208.1 tell 10.107.208.50

* This traffic should be on vlan3 (egress vlan)
00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 768 pri 0 arp
who-has 98.196.101.152 tell 98.196.100.1
00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 768 pri 0 arp
who-has 98.196.88.115 tell 98.196.88.1

* This traffic should be on vlan4, it is correct:
00:02:b3:ed:68:89 01:00:5e:7f:ff:fa 8100 308: 802.1Q vid 4 pri 0
10.0.0.1.29275 > 239.255.255.250.1900: udp 262 [ttl 1]
00:02:b3:ed:68:89 01:00:5e:7f:ff:fa 8100 380: 802.1Q vid 4 pri 0
10.0.0.1.29275 > 239.255.255.250.1900: udp 334 [ttl 1]

It seems as though the vlan id is being multiplied by 256 for vlans 2 and 3.


When I use the gem0 interface on the same machine, things work:

* This traffic should be on vlan2 (lan), it is correct:
00:03:ba:04:b2:1d 00:50:8d:95:39:17 8100 110: 802.1Q vid 2 pri 0
10.107.208.1.22 > 10.107.208.102.2692: P 920030:920082(52) ack 11189 win
17520 (DF) [tos 0x10]
00:03:ba:04:b2:1d 00:50:8d:95:39:17 8100 110: 802.1Q vid 2 pri 0
10.107.208.1.22 > 10.107.208.102.2692: P 920082:920134(52) ack 11189 win
17520 (DF) [tos 0x10]

* This traffic should be on vlan3 (egress vlan), it is correct:
00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 3 pri 0 arp who-has
98.194.104.216 tell 98.194.104.1
00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 3 pri 0 arp who-has
76.31.110.47 tell 76.31.108.1

* This traffic should be on vlan4, it is correct:
00:03:ba:04:b2:1d 01:00:5e:7f:ff:fa 8100 373: 802.1Q vid 4 pri 0
10.0.0.1.10117 > 239.255.255.250.1900: udp 327 [ttl 1]
00:03:ba:04:b2:1d 01:00:5e:7f:ff:fa 8100 373: 802.1Q vid 4 pri 0
10.0.0.1.10117 > 239.255.255.250.1900: udp 327 [ttl 1]


The em0 interface worked without an issue using 4.4 as did gem0.


Here are my interface configurations using gem0:
# ifconfig -a
lo0: flags=8049 mtu 33160
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
gem0: flags=8863 mtu 1500
lladdr 00:03:ba:04:b2:1d
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1
em0: flags=8843 mtu 1500
lladdr 00:02:b3:ed:68:89
priority: 0
media: Ethernet autoselect (none)
status: no carrier
inet6 fe80::202:b3ff:feed:6889%em0 prefixlen 64 scopeid 0x2
enc0: flags=0<> mtu 1536
priority: 0
vlan2: flags=8843 mtu 1500
lladdr 00:03:ba:04:b2:1d
priority: 0
vlan: 2 priority: 0 parent interface: gem0
groups: vlan
inet6 fe80::203:baff:fe04:b21d%vlan2 prefixlen 64 scopeid 0x5
inet 10.107.208.1 netmask 0xff00 broadcast 10.107.208.255
vlan3: flags=8843 mtu 1500
lladdr 00:03:ba:04:b2:1d
priority: 0
vlan: 3 priority: 0 parent interface: gem0
groups: vlan egress
inet6 fe80::203:baff:fe04:b21d%vlan3 prefixlen 64 scopeid 0x6
inet x.x.x.x netmask 0xfc00 broadcast 255.255.255.255
vlan4: flags=8843 mtu 1500
lladdr 00:03:ba:04:b2:1d
priority: 0
vlan: 4 priority: 0 parent interface: gem0
groups: vlan
inet6 fe80::203:baff:fe04:b21d%vlan4 prefixlen 64 scopeid 0x7
inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
vlan5: flags=8843 mtu 1500
lladdr 00:03:ba:04:b2:1d
priority: 0
vlan: 5 priority: 0 parent interface: gem0
groups: vlan
inet6 fe80::203:baff:fe04:b21d%vlan5 prefixlen 64 scopeid 0x8
inet 10.180.16.1 netmask 0xff00 broadcast 10.180.16.255
pflog0: flags=141 mtu 33160
priority: 0
groups: pflog

Here are my interface configurations using em0:
lo0: flags=8049 mtu 33160
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
gem0: flags=8863 mtu 1500
lladdr 00:03:ba:04:b2:1d
priority: 0
media: Ethernet autoselect (none)
status: no carrier
inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1
em0: flags=8843 mtu 1500
lladdr 00:02:b3:ed:68:89
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet6 fe80::202:b3ff:feed:6889%em0 prefixlen 64 scopeid 0x2
enc0: flags=0<> mtu 1536
priority: 0
vlan2: flags=8843 mtu 1500
lladdr 00:02:b3:ed:68:89
priority: 0
vlan: 2 priority: 0 parent interface: em0
groups: vlan
inet6 fe80::202:b3ff:feed:6889%vlan2 prefixlen 64 scopeid 0x5
inet 10.107.208.1 netmask 0xff00 bro

Re: OpenBGP default route selection process

[Justin Credible]

On Sun, May 24, 2009 at 12:22 PM, Claudio Jeker
 wrote:
> On Sun, May 24, 2009 at 11:54:37AM -0600, Justin Credible wrote:
>
> 
>
>> I figured this one out. This particular problem was caused because i had set:
>>
>> nexthop qualify via bgp
>>
>
> Why did you set this? Just for fun or was there a reason behind it.

It was a last resort ro another problem which I was having (See thread
titled "BGP responding with wrong IP address."). I thought that If i
set this, that the correct interface would respond at the router since
it seems as though random interfaces were responding.

>
>> I don't know why that setting in particular set all of my routes to
>> point at Level 3 regardless of the preferential settings against it,
>> but how i got around it is simple.
>>
>> route add -mpath default gw1
>> route add -mpath default gw2
>> etc...
>>
>> Then change that setting to
>>
>> nexthop qualify via default
>>
>
> Why did you set this? Just for fun or was there a reason behind it.
> If you need to use "nexthop qualify via default" or "nexthop qualify via
> bgp" then you have an error in your network setup. Either you should use
> an IGP (like ospfd) or have a static route to the bgp router.

I toggled this setting to see if it would make a difference on the
routing tables. My main reason for setting preferred routes is because
BGP was selecting Level3 as default for our route to Latin America. We
implemented GBLX since there are only two or three hops to Latin
America through them, but BGP wasn't selecting them by default,
therefore i had to manually intervene. This setting seems to have
fixed that particular problem but the problem in thread "BGP
responding with wrong IP address." still exists somewhat. In a way
they are related, in more ways they are not, that's why I have them as
separate threads.

I don't use OSPFD yet since I am very new to BGP. Once I master BGP I
will move on to learning about the other things which plug in to it,
rather than screwing everything up all at once (especially in a live
production environment).

Thanks!

Re: OpenBGP default route selection process

[Claudio Jeker]

On Sun, May 24, 2009 at 11:54:37AM -0600, Justin Credible wrote:



> I figured this one out. This particular problem was caused because i had set:
> 
> nexthop qualify via bgp
> 

Why did you set this? Just for fun or was there a reason behind it.

> I don't know why that setting in particular set all of my routes to
> point at Level 3 regardless of the preferential settings against it,
> but how i got around it is simple.
> 
> route add -mpath default gw1
> route add -mpath default gw2
> etc...
> 
> Then change that setting to
> 
> nexthop qualify via default
> 

Why did you set this? Just for fun or was there a reason behind it.
If you need to use "nexthop qualify via default" or "nexthop qualify via
bgp" then you have an error in your network setup. Either you should use
an IGP (like ospfd) or have a static route to the bgp router.

> Also make sure that the metric, localpref, etc are equal on all of the
> peers (unless you want one taking up all of the routing tables). then
> do a bgpctl reload
> 
> The routing tables seem to have evened out now and become more
> "realistic" and unbiased. There are now more routes through GBLX than
> Level3 but only a few thousand, as opposed to the previous problem of
> no dynamic routes pointing to GBLX.
> 

-- 
:wq Claudio

Re: OpenBGP default route selection process

[Justin Credible]

On Sat, May 23, 2009 at 8:55 PM, Justin Credible
 wrote:
> On Sat, May 23, 2009 at 6:35 PM, Justin Credible
>  wrote:
>>
>> Hi there,
>>
>> I am running OpenBSD 4.4 with OpenBGPD and multiple peers.
>>
>> For some reason the device is selecting Level3 as the default route for
absolutely everything which is not statically set.
>>
>> On Level3 config i have set:
>>
>> set localpref 100
>> softreconfig in yes
>> max-prefix 100 restart 300
>>
>> For the others I have not set max-prefix.
>>
>> Also set
>>
>> nexthop qualify via bgp
>> rde route-age evaluate
>>
>> and then stopped the session for Level 3 and started it again so it would
seem "less stable" to the decision engine since it is a newer session, it is
still the default for every single route. I even did a route flush and flushed
them all, and did a refresh from another peer, at which point all routes came
back, defaulting to Level3!
>>
>> How do i stop this from being my default route?
>>
>> The reason why is because it is not the best route most of the time. E.g.
to some parts of the US it takes 16 hops through Level3, whereas Global
Crossing will do it in 1 hop, Abovenet in 3, etc.
>>
>> Thanks!
>>
>> Ken
>
> If you need more examples here you go:
>
> # bgpctl show rib 199.185.137.3
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> origin: i = IGP, e = EGP, ? = Incomplete
> flags destination gateway  lpref   med aspath origin
> *>199.185.136.0/2364.x.x.x  200 1 3549 812 812 812 812
> 3602 22512 i
> * 199.185.136.0/23212.x.x.x 100   500 3356 6453 812 3602 22512
i
> # route -n show | grep 199.185.136.0/23
> # route -n show | grep 199.185.136
> 199.185.136/23 212.x.x.x UG100 -48 vlan400
> # route delete 199.185.136/23
> delete net 199.185.136/23
> # ping 199.185.137.3
> PING 199.185.137.3 (199.185.137.3): 56 data bytes
> 64 bytes from 199.185.137.3: icmp_seq=0 ttl=245 time=150.000 ms
> 64 bytes from 199.185.137.3: icmp_seq=1 ttl=245 time=155.865 ms
> --- 199.185.137.3 ping statistics ---
> 2 packets transmitted, 2 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 150.000/152.932/155.865/2.958 ms
> # route -n show | grep 199.185.136
> 199.185.136/23 212.x.x.x UG100 -48 vlan400
> # bgpctl show rib 199.185.137.3
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> origin: i = IGP, e = EGP, ? = Incomplete
> flags destination gateway  lpref   med aspath origin
> *>199.185.136.0/2364.x.x.x  200 1 3549 812 812 812 812
> 3602 22512 i
> * 199.185.136.0/23212.x.x.x 100   500 3356 6453 812 3602 22512
i
>
>
> I've even set my config to be EXTREMELY biased against Level3 but it
> (the 212 address) still populates my routing tables:
>
>
> BGP routing table entry for 199.185.136.0/23
>3549 812 812 812 812 3602 22512
>Nexthop 64.x.x.x (via 212.x.x.x) from gblx-p1 (208.48.250.230)
>Origin IGP, metric 1, localpref 200, external, valid, best
>Last update: 00:26:45 ago
>Communities: 3549:4356 3549:8013 3549:8023 3549:8043 3549:8073
> 3549:8090 3549:8163 3549:8173 3549:8223 3549:8233 3549:30840
> BGP routing table entry for 199.185.136.0/23
>3356 6453 812 3602 22512
>Nexthop 212.x.x.x (via 212.x.x.x) from level3-p2 (4.69.187.4)
>Origin IGP, metric 500, localpref 100, external, valid
>Last update: 00:26:45 ago
>
>
> # traceroute -n 199.185.137.3
> traceroute to 199.185.137.3 (199.185.137.3), 64 hops max, 40 byte packets
>  1  212.x.x.x  0.550 ms  0.555 ms  0.448 ms
>  2  4.69.136.93  0.529 ms  0.445 ms  0.575 ms
>  3  4.69.136.90  11.273 ms  17.935 ms  11.317 ms
>  4  4.69.139.73  11.396 ms  11.439 ms  11.317 ms
>  5  4.68.63.106  16.769 ms  17.935 ms  17.939 ms
>  6  195.219.195.37  11.772 ms 195.219.83.2  11.687 ms 195.219.195.89  11.562
ms
>  7  195.219.243.14  12.17 ms 195.219.195.22  164.349 ms  164.471 ms
>  8  195.219.144.10  83.354 ms 195.219.144.1  12.184 ms  12.62 ms
>  9  195.219.144.10  83.355 ms  83.270 ms 216.6.98.1  109.634 ms
> 10  216.6.98.1  109.835 ms  109.880 ms 216.6.98.30  163.602 ms
> 11  216.6.98.30  163.552 ms  163.741 ms 64.86.115.38  178.523 ms
> 12  64.86.115.38  178.788 ms  179.88 ms 24.153.7.137  203.204 ms
> 13  24.153.7.137  180.416 ms  210.443 ms  238.549 ms
> 14  24.153.4.77  177.923 ms  178.712 ms 24.153.3.38  173.844 ms
> 15  24.153.3.38  173.921 ms  174.215 ms  173.595 ms
> 16  204.50.251.202  196.411 ms 207.107.204.178  177.465 ms  176.209 ms
> 17  207.107.204.178  177.542 ms  177.960 ms  176.719 ms
> 18  199.185.230.2  177.924 ms 199.185.137.3  177.712 ms 199.185.230.2
> 176.215 ms
> # route add 199.185.137.3 64.x.x.x
> add host 199.185.137.3: gateway 64.x.x.x
> # traceroute -n 199.185.137.3
> traceroute to 199.185.137.3 (199.185.137.3), 64 hops max, 40 byte packets
>  1  64.x.x.x  10.505 ms  10.427 ms  10.316 ms
>  2  64.208.169.150  98.472 ms  98.635 ms  98.513 ms
>  3  69.63.248.98  97.96 ms  102.9 ms  9

bioctl: BIOCCREATERAID: Invalid argument

[Lars Nooden]

I'm playing with softraid on current (OpenBSD 4.5 GENERIC.MP#128 amd64)
and getting to the point where I'm unable to take down or write-over
existing devices.  I can't find any existing device to remove, but am
nonetheless unable to create a new RAID 0 array.

bioctl gives these complaints:

  # bioctl -c 0 -l /dev/sd0a,/dev/sd1a softraid0
  bioctl: BIOCCREATERAID: Invalid argument
  # bioctl -d sd1
  bioctl: delete volume sd1 failed
  # bioctl -d sd3
  bioctl: Can't open sd3: Device not configured
  # bioctl -C force -d sd3
  bioctl: Can't open sd3: Device not configured
  # bioctl -C force -d sd1
  bioctl: delete volume sd1 failed


  # bioctl -i sd0
  sd0: , serial \\037 JetFlashTS4GJFT3 8.07
  # bioctl -i sd1
  sd1: , serial \\037 JetFlashTS4GJFT3 8.07

dmesg gives this complaint:
  ...
  softraid0 at root
  softraid0: roaming device sd3a -> sd1a
  softraid0: not assembling partial disk that used to be volume 0
  ...
  softraid0: not all chunks are of the native metadata format
  softraid0: can't attach metadata type 0


The steps I follow to try to make a clean start are:

  # A - Initialize partition tables for RAID array
  fdisk -iy sd0
  fdisk -iy sd1

  printf "d a\nq\n\n" | disklabel -E sd0
  printf "d a\nq\n\n" | disklabel -E sd1

  # B - Create RAID partitions
  printf "a\n\n\n\nRAID\nw\nq\n\n" | disklabel -E sd0
  printf "a\n\n\n\nRAID\nw\nq\n\n" | disklabel -E sd1

  # C - RAID 0, striping
  bioctl -c 0 -l /dev/sd0a,/dev/sd1a softraid0

but it's the last step, C, that gives an erorr, but A and B don't seem
to be wiping the devices.

Regards,
-Lars

...
hidev5 detached
umass0 at uhub5 port 1 configuration 1 interface 0 "JetFlash Mass
Storage Device" rev 2.00/1.00 addr 3
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0
sd0 at scsibus1 targ 1 lun 0:  SCSI2 0/direct
removable
sd0: 3911MB, 512 bytes/sec, 8011774 sec total
uhidev4 at uhub3 port 2 configuration 1 interface 0 "Logitech HID
compliant keyboard" rev 1.10/1.80 addr 3
uhidev4: iclass 3/1
ukbd1 at uhidev4: 8 modifier keys, 6 key codes
wskbd1 at ukbd1 mux 1
wskbd1: connecting to wsdisplay0
uhidev5 at uhub3 port 2 configuration 1 interface 1 "Logitech HID
compliant keyboard" rev 1.10/1.80 addr 3
uhidev5: iclass 3/0, 2 report ids
uhid3 at uhidev5 reportid 1: input=2, output=0, feature=0
uhid4 at uhidev5 reportid 2: input=1, output=0, feature=0
umass1 at uhub5 port 2 configuration 1 interface 0 "JetFlash Mass
Storage Device" rev 2.00/1.00 addr 4
umass1: using SCSI over Bulk-Only
scsibus2 at umass1: 2 targets, initiator 0
sd1 at scsibus2 targ 1 lun 0:  SCSI2 0/direct
removable
sd1: 3911MB, 512 bytes/sec, 8011774 sec total
softraid0: not all chunks are of the native metadata format
softraid0: can't attach metadata type 0

Re: pf, altq, packet rate

[Henning Brauer]

* irix  [2009-05-24 08:20]:
> Over  the  past  six  years,  the  project  altq was not added any new
> features.

no. I don't really see a need to add anything. If anyone does (s)he's
free to submit diffs.

> Although the project is fully prepared to little.

parser error

> There is a shortage of adding dynamic queues and the completion of porting 
> cdnr
> and  may  be add some queue disciplines from altqd like blue, JoBB, as
> you think ?

we will certainly not add more disciplines, what for. we'd rather
remove cbq, since it can be expressed in hfsc.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: pkg_add weirdness (4.5-current)

[Thomas Pfaff]

On Sat, 23 May 2009 11:44:30 +0200
Thomas Pfaff  wrote:
> >   Feb28$ sudo pkg_add vim
> >   Ambiguous: vim could be vim-7.2.77-gtk2 vim-7.2.77-no_x11
> >   Feb28$
> > 
> >   May18$ sudo pkg_add vim
> >   May18$
> > 
> 
> I just upgraded the "Feb28" system to a May 18th snapshot (i386)
> and the pkg_add behaviour has changed to what I described above.
> 

So, for the record; the old behaviour is back again.  Thanks.

Re: MPLS status questions.

[Jussi Peltola]

On Sun, May 24, 2009 at 02:49:53PM +0200, Martin Schrvder wrote:
> 2009/5/24, Stuart Henderson :
> > The "P" (Private) suggests some kind of privacy.
> 
> "MPLS is well suited to the task as it provides traffic isolation and
> differentiation without substantial overhead."
> 
 
Doesn't the public Internet do that too, when everyone plays by the
rules and nothing is misconfigured?

Re: MPLS status questions.

[Martin Schröder]

2009/5/24, Stuart Henderson :
> The "P" (Private) suggests some kind of privacy.

"MPLS is well suited to the task as it provides traffic isolation and
differentiation without substantial overhead."

Best
   Martin

Re: MPLS status questions.

[Łukasz Bromirski]

On 2009-05-24 10:49, Stuart Henderson wrote:


Where in 'VPN' do you see some kind of encryption? Intranets were
build on FR clouds, ATM clouds, now on IP clouds. If your understanding
of VPN means "IPsec" then maybe it's time to get back to some serious
learning about the real world out there.

The "P" (Private) suggests some kind of privacy.


Yep, but in networking world it usually means separation, not
encryption. Just like with FR or ATM. It gives privacy, just like
MPLS VPNs in IP world. If the SP providing the service would make
some errors the privacy will be no more, but again - this is just like
in the 'good old days' of FR clouds, and still it is a problem within
existing ATM clouds. So many users of "IP VPNs" are putting own
encryption over the cloud, but it's outside the scope of technical
definition of MPLS VPN, and VPN itself as a 'service'.

One way or another, bashing somebody with 'typical networking idiots'
with apparent lack of understanding for the technologies involved
is hardly a proper attitude.

--
"Don't expect me to cry for all the |   #ukasz Bromirski
 reasons you had to die" -- Kurt Cobain |http://lukasz.bromirski.net

Re: MPLS status questions.

[Michele Marchetto]

Il giorno dom, 24/05/2009 alle 09.52 +0200, E
ukasz Bromirski ha scritto:
> Is there any place to read on about it? Any draft howtos, man pages,
> etc?

Sorry, no man pages yet.

> Is it in latest development build or already in 4.5?

4.5 ships a very embryonic stack mostly coded during n2k9, while
-current has a working stack with basic functionalities.

Re: Block level snapshots - can I do them in OBSD?

[Paul Bradley]

Thanks for the replies,


I understand that ZFS is unlikely to be ported to BSD any time soon.

My requirements may seem a little puzzling, but I am also restricting the
vulnerability of the clients by doing the second level of
encryption/decryption (the one that lets the clients see the monolithic file
as a partition) using smart cards to restrict the attack window for the
fileserver to only the times when a user is actually accessing their data,
or at least has left their card in. Without this second layer the server is
a single point of failure if it is compromised since then it would have
access to the plaintext, of course no matter what I do the workstation will
always exhibit that same behaviour, but I hope the use of hardware tokens
used only when necessary will limit the attack window.

Do I _need_ this level of security? Probably not, I'm not the NSA and we
don't have any data _that_ critical, but we keep some confidential stuff on
there and I reckon security is cheap and regretting it after your data is
compromised isn't.

The reason I'm only using OpenBSD on the fileserver is because, much as I
like BSD it doesn't meet my needs as a desktop OS, I like the design
philosophy and would run it on the desktop if I felt I'd get the
functionality I want.

I'll obviously be doing some testing and playing with different solutions,
and I'm not in a mad rush to implement this tomorrow, so I'd like to keep
this thread going - I'm particularly interested to know if anyone knows the
status of a port of HAMMER to BSD (if one is even planned) and if anyone can
answer authoritativly whether the snapshots in it are block level? This
seems to be my best chance of getting a BSD based solution.

thanks

Paul

mclpools limit reached; increase kern.maxclusters

[Markus Bergkvist]

Hi

I get 'WARNING: mclpools limit reached; increase kern.maxclusters' 
whenever I transfer a large file with sftp or bittorrent on wpi 
interface. With bittorent and many peers I get the error after a couple 
of minutes, with sftp I get the error after transferring 600+MB or so.


After receiving the warning, the only remedy I've found so far is to reboot.

Any suggestions on where to go from here, besides blindly increasing 
kern.maxclusters?


/Markus


OpenBSD 4.5-current (GENERIC.MP) #77: Mon May 18 14:04:33 CEST 2009
r...@klang:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2137718784 (2038MB)
avail mem = 2063753216 (1968MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf2a6d (25 entries)
bios0: vendor Hewlett-Packard version "68DDU Ver. F.10" date 01/11/2008
bios0: Hewlett-Packard HP Compaq 6710b (GR679ET#AK8)
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SLIC HPET APIC MCFG TCPA SSDT SSDT SSDT SSDT 
SSDT SSDT
acpi0: wakeup devices C0B0(S5) C108(S3) C10F(S3) C110(S3) C111(S3) 
C119(S3) C11A(S3) C11B(S3) C131(S5) C2A1(S5) C132(S5) C137(S5) C134(S5) 
C2A2(S5) C23D(S5)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, 1995.28 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG

cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, 1995.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG

cpu1: 2MB 64b/line 8-way L2 cache
ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 2 (C0B0)
acpiprt1 at acpi0: bus 8 (C11D)
acpiprt2 at acpi0: bus 16 (C131)
acpiprt3 at acpi0: bus 24 (C132)
acpiprt4 at acpi0: bus 40 (C134)
acpiprt5 at acpi0: bus 0 (C003)
acpiec0 at acpi0
acpicpu0 at acpi0
acpicpu1 at acpi0
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpibat0 at acpi0: C23B model "Primary" serial 20667 2007/08/17 type 
LIon oem "Hewlett-Packard"

acpibat1 at acpi0: C23A not present
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: C2BF
acpibtn1 at acpi0: C153
acpivideo at acpi0 not configured
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06120a2506000a25
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 2000 MHz (1292 mV): speeds: 2000, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel GM965 Host" rev 0x0c
vga1 at pci0 dev 2 function 0 "Intel GM965 Video" rev 0x0c
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 1 int 16 (irq 10)
drm0 at inteldrm0
"Intel GM965 Video" rev 0x0c at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x03: apic 1 int 
16 (irq 10)
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x03: apic 1 int 
17 (irq 10)
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x03: apic 1 int 
18 (irq 11)

usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 82801H HD Audio" rev 0x03: apic 
1 int 16 (irq 10)
azalia0: codecs: Analog Devices AD1981HD, AT&T/Lucent/0x1040, using 
Analog Devices AD1981HD

audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x03
pci1 at ppb0 bus 8
ppb1 at pci0 dev 28 function 1 "Intel 82801H PCIE" rev 0x03: apic 1 int 
17 (irq 10)

pci2 at ppb1 bus 16
wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: 
apic 1 int 17 (irq 10), MoW2, address 00:1b:77:c7:4a:bc
ppb2 at pci0 dev 28 function 2 "Intel 82801H PCIE" rev 0x03: apic 1 int 
18 (irq 11)

pci3 at ppb2 bus 24
bge0 at pci3 dev 0 function 0 "Broadcom BCM5787M" rev 0x02, BCM5754/5787 
A2 (0xb002): apic 1 int 18 (irq 11), address 00:1a:4b:69:c0:69

brgphy0 at bge0 phy 1: BCM5787 10/100/1000baseT PHY, rev. 0
ppb3 at pci0 dev 28 function 4 "Intel 82801H PCIE" rev 0x03: apic 1 int 
16 (irq 10)

pci4 at ppb3 bus 40
uhci2 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x03: apic 1 int 
20 (irq 10)
uhci3 at pci0 dev 29 function 1 "Intel 82801H USB" rev 0x03: apic 1 int 
21 (irq 10)
uhci4 at pci0 dev 29 function 2 "Intel 82801H USB" rev 0x03: apic 1 int 
18 (irq 11)
ehci1 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x03: apic 1 int 
20 (irq 10)

usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 

Re: MPLS status questions.

[Bret S. Lambert]

On Sun, May 24, 2009 at 08:49:02AM +, Stuart Henderson wrote:
> On 2009-05-24, ?ukasz Bromirski  wrote:
> >> It is not a "VPN" in any sense that you use over the internet or any
> > > public network (such as a commercial telco)
> >
> > Where in 'VPN' do you see some kind of encryption? Intranets were
> > build on FR clouds, ATM clouds, now on IP clouds. If your understanding
> > of VPN means "IPsec" then maybe it's time to get back to some serious
> > learning about the real world out there.
> >
> 
> The "P" (Private) suggests some kind of privacy.
> 

I believe that this rates an "oh, snap!"

Re: OpenBSD 4.5 - bsd.rd stalls on boot?

[Stuart Henderson]

On 2009-05-23, woolsherpahat  wrote:
> Hello @misc:
>
> I am trying to install OpenBSD 4.5 (i386) onto my Soekris 4501.
> Unfortunately, I cannot seem to get PXEboot to work properly.  I setup
> my host machine in accordance with the FAQ and I have tested it
> locally with the tftp client (i.e., I can successfully execute a 'get
> bsd.rd' from localhost).
>
> It appears PXEboot starts but cannot correctly load the kernel.  If I
> manually load the kernel it appears to stall.  If I just let the
> machine sit for five minutes at this step nothing else appears to
> happen.  Has anyone else seen this problem and/or have advice on how
> to resolve it?

this is a serial console problem, not a pxeboot problem.

mkdir /tftpboot/etc
echo set tty com0 > /tftpboot/etc/boot.conf

Re: MPLS status questions.

[Stuart Henderson]

On 2009-05-24, ?ukasz Bromirski  wrote:
>> It is not a "VPN" in any sense that you use over the internet or any
> > public network (such as a commercial telco)
>
> Where in 'VPN' do you see some kind of encryption? Intranets were
> build on FR clouds, ATM clouds, now on IP clouds. If your understanding
> of VPN means "IPsec" then maybe it's time to get back to some serious
> learning about the real world out there.
>

The "P" (Private) suggests some kind of privacy.

Re: BGP responding with wrong IP address.

[Stuart Henderson]

On 2009-05-23, Justin Credible  wrote:
>> >
>> > So here would be another example.
>> >
>> > A traceroute should be:
>> >
>> > Traceroute 172.16.1.1
>> > 1.192.168.253.211 AS3549
>> > 2.192.168.24.5 AS3549
>> > 3. 192.168.0.1 AS3549
>> > 4. 172.16.1.1 MYASN
>> >
>> > But instead it would look something like this:
>> >
>> >  Traceroute 172.16.1.1
>> > 1.192.168.253.211 AS3549
>> > 2.192.168.24.5 AS3549
>> > 3. 10.0.0.1 AS3356
>> > 4. 172.16.1.1 MYASN

this is not necessarily the case; if the route _from_ 172.16.1.1 to
192.168.253.211 is via 3356 then this is exactly what you'll see.
but, you say changing the default route changes behaviour...

>> >
>> > So the IP address which i use to peer with Level3 responds at the second
>> > last hop, rather than the Global Crossing IP since it traversed the
>> entire
>> > way through Global Crossing. Both of the IPs which respond at the second
>> > last hop are on my router so the problem is on my end. It doesn't appear
>> to
>> > be a BGP problem as much as a default route problem.
>>
>> So, this part of my mail applies:
>>
>>  "If you traceroute _through the router to another host_ (ip_icmp.c:668)
>>  it will do a route lookup for the source, and use that as the source
>>  address of the ICMP message (which is what shows in traceroute).
>>
>>  What routes do you carry besides the default? No matter where default
>>  points, if you have a specific route for the source of the traceroute
>>  packets then it shouldn't be using the default. i.e. if you carry full
>>  tables, you shouldn't see this."
>>
>> Do you carry full tables?
>
>
> Yes sir
>
>
>>
>>
>> > I tried adding "reply-to" rules in my pf.conf so that traffic that comes
>> in
>> > on one interface will go out the same interface but that doesn't seem to
>> > work either, since the reply from the wrong address happens before or
>> during
>> > the state that stateful connections are being established.
>>
>> PF isn't involved in this address selection, it's a message from the
>> router's IP stack because the TTL was exceeded, the lookup is entirely
>> done in the stack, reply-to isn't used.
>>
>>
> Ok I think I understand that... So what should be my next move?
>
>

What output do you get from these?

route -n get 
bgpctl sh rib  
bgpctl sh fib  

( being where you're doing the traceroute from).

Re: MPLS status questions.

[Łukasz Bromirski]

On 2009-05-02 18:37, Chris Cappuccio wrote:


What's really frustrating here are the network admins I work with that
are trying to migrate from ipsec vpns to MPLS because it's "easier"
and "just as secure".

Typical networking idiots.


Maybe yes.

> Some telcos sell an "MPLS IP VPN" service which is comparable in
> implementation to frame relay, but switched by MPLS switches/routers
> instead of frame relay switches.  There is no encryption.

Why you are suprised? Maybe you didn't have any time to read about
what MPLS VPN is and what it isn't? Even wikipedia has something
to tell you about it, not mentioning any book on the subject.


It is not a "VPN" in any sense that you use over the internet or any

> public network (such as a commercial telco)

Where in 'VPN' do you see some kind of encryption? Intranets were
build on FR clouds, ATM clouds, now on IP clouds. If your understanding
of VPN means "IPsec" then maybe it's time to get back to some serious
learning about the real world out there.

--
"Don't expect me to cry for all the |   E
ukasz Bromirski
 reasons you had to die" -- Kurt Cobain |http://lukasz.bromirski.net

Re: MPLS status questions.

[Łukasz Bromirski]

On 2009-04-29 21:48, Michele Marchetto wrote:

Il giorno mar, 28/04/2009 alle 20.18 -0400, Daniel Ouellet ha scritto:

So, I am not sure where this is and I am curious as to what stage it
might be?


We are moving things forward.
The current stack have really basic functionalities but it is working.
I use it. Now it support just static labeling through route(8) but
i am developing ldpd out of the tree, and i hope to import it very soon.
It is in some advanced state.


Is there any place to read on about it? Any draft howtos, man pages,
etc?

Is it in latest development build or already in 4.5?

--
"Don't expect me to cry for all the |   #ukasz Bromirski
 reasons you had to die" -- Kurt Cobain |http://lukasz.bromirski.net