Re: Printing to Windows
On Sun, 24 May 2009 23:39:17 -0400 wrote: > If anyone is printing successfully to an OfficeJet served on an XP > box from OBSD 4.4 or later, I'd sure appreciate knowing how you do it. The best answer is simply buy a good quality, postscript, network enabled printer. The second best answer is CUPS. You're attempting the worst possible answer, namely printing through MS-windows. I haven't ever tried it myself, but I'd bet if it is possible, then you'll be doing it through samba (in ports) and possibly CUPS (in ports). NOTE: There were a handful of commits to ports-changes@ in the last week or two regarding samba and cups, so you might want to try installing -current through a snapshot, and building the needed printing related ports yourself. -- J.C. Roberts
Re: Printing to Windows
It would require Samba and Cups. Read more here http://www.faqs.org/docs/Linux-mini/Debian-and-Windows-Shared-Printing.html Should give you a headstart. Nils -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of eagir...@cox.net Sent: maandag 25 mei 2009 5:39 To: misc@openbsd.org Subject: Printing to Windows If anyone is printing successfully to an OfficeJet served on an XP box from OBSD 4.4 or later, I'd sure appreciate knowing how you do it. -- Ed Ahlsen-Girard Ft. Walton Beach FL = A disclaimer applies to this email and any attachments. Refer to http://www.sparkholland.com/emaildisclaimer for the full text of this disclaimer.
Realtek 8169 chip PCMCIA network card error messages
Hi! When I plug in a Linksys PCM1000 Gigabit Network card to my PCMCIA slot, I can see these messages in dmesg: re0 at cardbus0 dev 0 function 0 "Realtek 8169" rev 0x10: RTL8169/8110SB (0x1000), irq 268505099, address 00:12:17:f0:c8:21 re0: PHY write failed re0: PHY write failed re0: PHY read failed re0: no PHY found! I don't know if related to this, but it works only at 100Mbit. Is this card unsupported at Gbit, or do I have to configure something to make it work? Also, what does the above error message mean, and what is that weird irq number? Any information would be appreciated, thanks! I'm using -current, and here is my dmesg: OpenBSD 4.5-current (GENERIC.MP) #13: Wed May 20 15:10:35 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,A CPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR real mem = 1072066560 (1022MB) avail mem = 1028255744 (980MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/02/06, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS rev. 2.4 @ 0xe0010 (68 entries) bios0: vendor LENOVO version "79ET66WW (1.10 )" date 08/02/2006 bios0: LENOVO 2007FRG acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,A CPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpicpu1 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 127 degC acpitz1 at acpi0: critical temperature 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model "42T4511" serial 21826 type LION oem "SANYO" acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit offline acpithinkpad0 at acpi0 acpidock at acpi0 not configured acpivideo at acpi0 not configured acpivideo at acpi0 not configured bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b2c06000613 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1000 MHz (1004 mV): speeds: 1833, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03: apic 1 int 16 (irq 11) pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility X1400" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: apic 1 int 16 (irq 11) drm0 at radeondrm0 azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 1 int 17 (irq 11) azalia0: RIRB time out azalia0: codecs: Analog Devices AD1981HD, 0x/0x, using Analog Devices AD1981HD azalia0: RIRB time out audio0 at azalia0 ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int 20 (irq 11) pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 1 int 16 (irq 11), address 00:16:41:aa:d2:70 ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int 21 (irq 11) pci3 at ppb2 bus 3 wpi0 at pci3 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 1 int 17 (irq 11), MoW2, address 00:18:de:65:2d:37 ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 1 int 22 (irq 11) pci4 at ppb3 bus 4 ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 1 int 23 (irq 11) pci5 at ppb4 bus 12 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1 int 16 (irq 11) uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1 int 17 (irq 11) uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 1 int 18 (irq 11) uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 1 int 19 (irq 11) ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 1 int 19 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 functio
Re: multiple videocards... for console text
Something like that? http://haskell.org/sitewiki/images/a/aa/Screen-triplehead-galois.jpg Maybe I don't understand what do you want to do,but I haven't problem with X and work in terminals.I have a lot of them on my two or three monitors. 2009/5/23 Need Coffee : > On Fri, May 22, 2009 at 12:37 AM, Joel Wiramu Pauling > wrote: >> Just use USB to RS323 convert cables and have as many heads as you like off >> of dumb terminals. Or old laptops. >> >> >> ;-) > > Thanks, but my goal was not just to add more text consoles, it was to > actually create more > VTs on existing heads. B I have 3 monitors. B We're all painfully aware > of the Xorg limitations > with multiple pci graphics cards. B So, I wanted to run them in text > mode (80x50 of course B :) > > 80x50 is easy. B It's the "getting all 3 monitors to work > independently" that isn't. > > > >> 2009/5/22 Need Coffee >>> >>> Hi, I have kind of a weird question. >>> >>> I have two video cards in an amd64/-current machine. >>> >>> Both cards have dual-head capability. >>> >>> At the text console, the same text appears on both ports. >>> >>> Would it be possible to either: >>> >>> - make the ports separate consoles (seems unlikely) >>> >>> - run each card independently (so, more VT's offered on >>> the second video card) >>> >>> Or some variant of these? B Thanks in advance. > > -- http://www.openbsd.org/lyrics.html
Re: OpenBSD and VPN 1411 Criptographic Card
AFAIK, crypto accel cards will be used by the OpenBSD kernel whenever possible without further user intervention needed other than plugging the card and rebooting the system. Make sure your dmesg displays the hifn* device and make some performance test: you may be satisfied. Joco Salvatti escribis: Hi misc, I bought a Soekris Net5501 with a cryptographic card VPN1411 (Authentication, SHA-1 and MD5, Public Key, RSA, DSA, SSL, IKE and DH, Hardware random number generator) and I would like to know if any configuration is needed in OpenBSD kernel to use this card when cryptography is necessary. eg. When a VPN IPSec is done. -- Joco Salvatti Graduated in Computer Science Federal University of Para - UFPA - Brazil E-Mail: salva...@gmail.com
Printing to Windows
If anyone is printing successfully to an OfficeJet served on an XP box from OBSD 4.4 or later, I'd sure appreciate knowing how you do it. -- Ed Ahlsen-Girard Ft. Walton Beach FL
Re: Invalid 802.1q vlan id using em0 (Intel PRO/1000T) on 4.5
On Sun, May 24, 2009 at 2:52 PM, Axton wrote: > The vlan id for my em0 interface is not reading properly after upgrading to > 4.5. > > Tcpdump shows some wild vid values in the traffic when using em0: > > * This traffic should be on vlan2 (lan) > 00:21:70:c5:3d:4f ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 512 pri 0 arp > who-has 10.107.208.1 tell 10.107.208.50 > > * This traffic should be on vlan3 (egress vlan) > 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 768 pri 0 arp > who-has 98.196.101.152 tell 98.196.100.1 > 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 768 pri 0 arp > who-has 98.196.88.115 tell 98.196.88.1 > > * This traffic should be on vlan4, it is correct: > 00:02:b3:ed:68:89 01:00:5e:7f:ff:fa 8100 308: 802.1Q vid 4 pri 0 > 10.0.0.1.29275 > 239.255.255.250.1900: udp 262 [ttl 1] > 00:02:b3:ed:68:89 01:00:5e:7f:ff:fa 8100 380: 802.1Q vid 4 pri 0 > 10.0.0.1.29275 > 239.255.255.250.1900: udp 334 [ttl 1] > > It seems as though the vlan id is being multiplied by 256 for vlans 2 and 3. > > > When I use the gem0 interface on the same machine, things work: > > * This traffic should be on vlan2 (lan), it is correct: > 00:03:ba:04:b2:1d 00:50:8d:95:39:17 8100 110: 802.1Q vid 2 pri 0 > 10.107.208.1.22 > 10.107.208.102.2692: P 920030:920082(52) ack 11189 win > 17520 (DF) [tos 0x10] > 00:03:ba:04:b2:1d 00:50:8d:95:39:17 8100 110: 802.1Q vid 2 pri 0 > 10.107.208.1.22 > 10.107.208.102.2692: P 920082:920134(52) ack 11189 win > 17520 (DF) [tos 0x10] > > * This traffic should be on vlan3 (egress vlan), it is correct: > 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 3 pri 0 arp who-has > 98.194.104.216 tell 98.194.104.1 > 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 3 pri 0 arp who-has > 76.31.110.47 tell 76.31.108.1 > > * This traffic should be on vlan4, it is correct: > 00:03:ba:04:b2:1d 01:00:5e:7f:ff:fa 8100 373: 802.1Q vid 4 pri 0 > 10.0.0.1.10117 > 239.255.255.250.1900: udp 327 [ttl 1] > 00:03:ba:04:b2:1d 01:00:5e:7f:ff:fa 8100 373: 802.1Q vid 4 pri 0 > 10.0.0.1.10117 > 239.255.255.250.1900: udp 327 [ttl 1] > > > The em0 interface worked without an issue using 4.4 as did gem0. > > > Here are my interface configurations using gem0: > # ifconfig -a > lo0: flags=8049 mtu 33160 > priority: 0 > groups: lo > inet 127.0.0.1 netmask 0xff00 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > gem0: flags=8863 mtu 1500 > lladdr 00:03:ba:04:b2:1d > priority: 0 > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1 > em0: flags=8843 mtu 1500 > lladdr 00:02:b3:ed:68:89 > priority: 0 > media: Ethernet autoselect (none) > status: no carrier > inet6 fe80::202:b3ff:feed:6889%em0 prefixlen 64 scopeid 0x2 > enc0: flags=0<> mtu 1536 > priority: 0 > vlan2: flags=8843 mtu 1500 > lladdr 00:03:ba:04:b2:1d > priority: 0 > vlan: 2 priority: 0 parent interface: gem0 > groups: vlan > inet6 fe80::203:baff:fe04:b21d%vlan2 prefixlen 64 scopeid 0x5 > inet 10.107.208.1 netmask 0xff00 broadcast 10.107.208.255 > vlan3: flags=8843 mtu 1500 > lladdr 00:03:ba:04:b2:1d > priority: 0 > vlan: 3 priority: 0 parent interface: gem0 > groups: vlan egress > inet6 fe80::203:baff:fe04:b21d%vlan3 prefixlen 64 scopeid 0x6 > inet x.x.x.x netmask 0xfc00 broadcast 255.255.255.255 > vlan4: flags=8843 mtu 1500 > lladdr 00:03:ba:04:b2:1d > priority: 0 > vlan: 4 priority: 0 parent interface: gem0 > groups: vlan > inet6 fe80::203:baff:fe04:b21d%vlan4 prefixlen 64 scopeid 0x7 > inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 > vlan5: flags=8843 mtu 1500 > lladdr 00:03:ba:04:b2:1d > priority: 0 > vlan: 5 priority: 0 parent interface: gem0 > groups: vlan > inet6 fe80::203:baff:fe04:b21d%vlan5 prefixlen 64 scopeid 0x8 > inet 10.180.16.1 netmask 0xff00 broadcast 10.180.16.255 > pflog0: flags=141 mtu 33160 > priority: 0 > groups: pflog > > Here are my interface configurations using em0: > lo0: flags=8049 mtu 33160 > priority: 0 > groups: lo > inet 127.0.0.1 netmask 0xff00 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > gem0: flags=8863 mtu 1500 > lladdr 00:03:ba:04:b2:1d > priority: 0 > media: Ethernet autoselect (none) > status: no carrier > inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1 > em0: flags=8843 mtu 1500 > lladdr 00:02:b3:ed:68:89 > priority: 0 > media: Ethernet autoselect (1000baseT full-duplex,master) > status: active > inet6 fe80::202:b3ff:feed:6889%em0 prefixlen 64 scopeid 0x2 > enc0: flags=0<> mtu 1536 >
Re: OSSv4 on OpenBSD
On Sun, May 24, 2009 at 07:48:27PM -0400, Predrag Punosevac wrote: > A friend of mine who is an avid NetBSD user kept complaining about how > bad is audio on NetBSD. After getting sick of hearing complains, > I asked on OSS mailing lists about OSSv4 support for NetBSD and OpenBSD. > I actually got a very interesting answer > > http://www.4front-tech.com/forum/viewtopic.php?t=3133 > > I recall OSS being discussed on this mailing list after OSS went > open source and changed the license. Can Jake or any other developers > in charge of audio on OpenBSD explain the issues involved in porting > OSSv4 to OpenBSD? > > I personally have fantastic experience with our audio but I would > think that OpenBSD could benefit at least from extra audio drivers. > Am I very wrong? Sorry for the noise. audio(4) and all the current audio drivers would need to be modularized to not conflict with OSSv4. OpenBSD doesn't use modules by default, so users who would want to use OSSv4 would be running an unsupported system. I have tried taking small bits from 4Front drivers (for cmpci(4) and azalia(4)), but it has not been very helpful, for various reasons. I've learned more by looking at FreeBSD and ALSA drivers. some of the 4Front drivers were developed under NDAs, so the only "documentation" available to us is the driver source. having 2 vastly different audio APIs is not helpful, at all. arguably, OSSv4 would be a third (or fourth even) audio API that we would be supporting, as OSSv4 is different than OSSv3, which we already support with ossaudio(3). even though OpenBSD and NetBSD share the same basic audio code, there are numerous differences, starting with aucat(1) and sio_open(3) and going all the way down to the low level drivers. it appears this diversion is going to continue. I've tried sending patches for simple bugs azalia(4) to NetBSD devs that never got acted on, and they have a GSoC project to add support for stream mixing in the kernel. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: pf, altq, packet rate
Hello Misc, About add some queue disciplines, I agree with you. But about completion of porting CNDR , about dynamic queues and about packet rate limit per state your position is not clear. Why CNDR porting froze in halfway, Why not bring to the end ? -- Best regards, irix mailto:i...@ukr.net
bugs in bioctl/softraid
The following setup seams to indicate that bioctl aint able to handle 2 + TB volumes. Controler: Perc RAID 5/i, mfi0 HDDs: 4x1TB RAID: 5 Configuration: Configured during the controler BIOS Volume 00 appears as: sd0 disklabel -E sd0 #size offset fstype [fsize bsize cpg] a: 5857345473 63RAID c: 58573455360 unused # I had to use "b" + "*" to gain the whole space! You might wanna document that in the manpage? Before using "b"+"*" the size was limited to: 1562363692 But ok..: Created a partition called "a" and attaching it to softraid0 for the Crypto discipline. sd1 appears but aint able to use the whole space. "b"+"*" did not solved it. 16 partitions: #size offset fstype [fsize bsize cpg] c: 15623636920 unused # # dmesg |grep sd1 sd1 at scsibus2 targ 0 lun 0: SCSI2 0/direct fixed sd1: 762872MB, 512 bytes/sec, 1562363692 sec total # dmesg |grep sd0 sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed sd0: 2860032MB, 512 bytes/sec, 5857345536 sec total # uname -a OpenBSD kerberos 4.5 GENERIC#2052 amd64 # Does anybody knows how to may solve this? I can use sd0 completly and without issues. It just seams softraid has somehow problems to get the whole space. Another Bug in the great FS layer(-logic) of OpenBSD... And if you dislike your console simply use bioctl -i mfi0 and it will fuck up (no aborting possible! Very cool and l33t if you're connected via Serial connections). Of course bioctl is in D+ state making it impossible for root to kill it... ;-) I just thought others might should be aware of this too. But if anybody knows how to use a big disk with softraid pls enlight me. Kind regards, Rembrandt
OSSv4 on OpenBSD
A friend of mine who is an avid NetBSD user kept complaining about how bad is audio on NetBSD. After getting sick of hearing complains, I asked on OSS mailing lists about OSSv4 support for NetBSD and OpenBSD. I actually got a very interesting answer http://www.4front-tech.com/forum/viewtopic.php?t=3133 I recall OSS being discussed on this mailing list after OSS went open source and changed the license. Can Jake or any other developers in charge of audio on OpenBSD explain the issues involved in porting OSSv4 to OpenBSD? I personally have fantastic experience with our audio but I would think that OpenBSD could benefit at least from extra audio drivers. Am I very wrong? Sorry for the noise. Predrag
Re: OT, .. Majordomo problem
On Sat, 23 May 2009, Frank Bax wrote: > Your subject says it all; this is OT on this list; try MD list at: > http://www.greatcircle.com/majordomo/ > Tried that last time, .. thought there might be someone here that knew MD. Lee
Re: Ral0, WPA2 and ASCII keys?
* woolsherpahat on Sun, May 24, 2009 at 03:25:06PM -0700: > my /etc/hostname.ral0: > dhcp NONE NONE NONE nwid my_ap wpa wpaprotos wpa2 wpapsk \ > $(wpa-psk my_ap "SECRET") > When I run 'sh /etc/netstart' I get this error: > ifconfig: wpapsk: bad pre-shared key length > ral0: no link . sleeping > ifconfig: wpa-psk blahrg "SECRET": bad value I have found this in wpa-psk(1): "The passphrase must be a sequence of between 8 and 63 ASCII-encoded characters. The length of the SSID must be between 1 and 32 octets." If the error message isn't just here because of the "SECRET"-placeholder, maybe you might want to check the lenght of your passphrase. s//un
Ral0, WPA2 and ASCII keys?
Hello @misc: I have a clean install of OpenBSD 4.5 (i386) on a Soekris 4501. I'm trying to setup it up as a wireless client. My access point is a Linksys WRT54G with the latest firmware. Encryption is handled with WPA2 (TKIP + AES) and a pre-shared ASCII key. I cannot get the OpenBSD system to associate with the access point. my /etc/hostname.ral0: dhcp NONE NONE NONE nwid my_ap wpa wpaprotos wpa2 wpapsk \ $(wpa-psk my_ap "SECRET") When I run 'sh /etc/netstart' I get this error: ifconfig: wpapsk: bad pre-shared key length ral0: no link . sleeping ifconfig: wpa-psk blahrg "SECRET": bad value Does anyone have any ideas what I'm doing wrong? The configuration was straight out of the manfile. Is there anyway to sniff the wireless traffic so I can figure out what part of the association is failing? Any help would be appreciated. Thanks. -K -- "Since love and fear can hardly exist together, if we must choose between them, it is far safer to be feared than loved." -Niccolo Machiavelli
Re: OpenBGP default route selection process
On 2009-05-24, Justin Credible wrote: > On Sat, May 23, 2009 at 6:35 PM, Justin Credible > *>199.185.136.0/2364.x.x.x 200 1 3549 812 812 812 812 3602 > 22512 i > * 199.185.136.0/23212.x.x.x 100 500 3356 6453 812 3602 22512 i > # route -n show | grep 199.185.136 > 199.185.136/23 212.x.x.x UG100 -48 vlan400 this is pretty wierd, bgpd thinks it has installed a route to the kernel (*>) but it isn't actually there. I've seen something a bit like this once, when I botched a router upgrade and managed to upgrade /etc/rc.conf but not /etc/rc, which resulted in an old copy of routed being accidentally run and messing with the routes from the other routing daemons. (I noticed the problems but didn't find what was causing them until I happened to do 'route -n monitor' and noticed route changes were coming from separate process ids, which made me look at which daemons were running). ... >> >>> I don't know why that setting in particular set all of my routes to >>> point at Level 3 regardless of the preferential settings against it, >>> but how i got around it is simple. >>> >>> route add -mpath default gw1 >>> route add -mpath default gw2 >>> etc... >>> >>> Then change that setting to >>> >>> nexthop qualify via default >>> >> >> Why did you set this? Just for fun or was there a reason behind it. >> If you need to use "nexthop qualify via default" or "nexthop qualify via >> bgp" then you have an error in your network setup. Either you should use >> an IGP (like ospfd) or have a static route to the bgp router. > > I toggled this setting to see if it would make a difference on the > routing tables. My main reason for setting preferred routes is because > BGP was selecting Level3 as default for our route to Latin America. We > implemented GBLX since there are only two or three hops to Latin > America through them, but BGP wasn't selecting them by default, BGP doesn't know about hops, only AS paths. (And in reality you can't tell much from "hops", fewer IP hops might just mean they have longer and more complex tunnels of one sort or another). One tool for dealing with sending certain geographic regions via a particular transit is to have your providers tag their routes with communities denoting the geographic origin (some do this, others don't. see as3356 whois entry for examples of what level3 do). You can use this, or alternatively hand-selected AS, in match rules in bgpd.conf and adjust localpref/weight/prepend to influence outbound traffic. Note that localpref is a sledgehammer approach; a hugely long AS path with localpref 101 beats a very short path with localpref 100. Influencing the route traffic takes to reach you is trickier and a lot less direct. > therefore i had to manually intervene. This setting seems to have > fixed that particular problem but the problem in thread "BGP > responding with wrong IP address." still exists somewhat. In a way > they are related, in more ways they are not, that's why I have them as > separate threads. Host X traceroutes through your router. If your kernel route _to_ host X is via level3, it doesn't matter how their packets reach you, your level3- facing interface is the one that will show up. And with the problem you've got where kernel routes don't match the routes bpd is trying to use, this obviously causes the problem much of the time.
Invalid 802.1q vlan id using em0 (Intel PRO/1000T) on 4.5
The vlan id for my em0 interface is not reading properly after upgrading to 4.5. Tcpdump shows some wild vid values in the traffic when using em0: * This traffic should be on vlan2 (lan) 00:21:70:c5:3d:4f ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 512 pri 0 arp who-has 10.107.208.1 tell 10.107.208.50 * This traffic should be on vlan3 (egress vlan) 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 768 pri 0 arp who-has 98.196.101.152 tell 98.196.100.1 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 768 pri 0 arp who-has 98.196.88.115 tell 98.196.88.1 * This traffic should be on vlan4, it is correct: 00:02:b3:ed:68:89 01:00:5e:7f:ff:fa 8100 308: 802.1Q vid 4 pri 0 10.0.0.1.29275 > 239.255.255.250.1900: udp 262 [ttl 1] 00:02:b3:ed:68:89 01:00:5e:7f:ff:fa 8100 380: 802.1Q vid 4 pri 0 10.0.0.1.29275 > 239.255.255.250.1900: udp 334 [ttl 1] It seems as though the vlan id is being multiplied by 256 for vlans 2 and 3. When I use the gem0 interface on the same machine, things work: * This traffic should be on vlan2 (lan), it is correct: 00:03:ba:04:b2:1d 00:50:8d:95:39:17 8100 110: 802.1Q vid 2 pri 0 10.107.208.1.22 > 10.107.208.102.2692: P 920030:920082(52) ack 11189 win 17520 (DF) [tos 0x10] 00:03:ba:04:b2:1d 00:50:8d:95:39:17 8100 110: 802.1Q vid 2 pri 0 10.107.208.1.22 > 10.107.208.102.2692: P 920082:920134(52) ack 11189 win 17520 (DF) [tos 0x10] * This traffic should be on vlan3 (egress vlan), it is correct: 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 3 pri 0 arp who-has 98.194.104.216 tell 98.194.104.1 00:1e:be:fe:f3:05 ff:ff:ff:ff:ff:ff 8100 64: 802.1Q vid 3 pri 0 arp who-has 76.31.110.47 tell 76.31.108.1 * This traffic should be on vlan4, it is correct: 00:03:ba:04:b2:1d 01:00:5e:7f:ff:fa 8100 373: 802.1Q vid 4 pri 0 10.0.0.1.10117 > 239.255.255.250.1900: udp 327 [ttl 1] 00:03:ba:04:b2:1d 01:00:5e:7f:ff:fa 8100 373: 802.1Q vid 4 pri 0 10.0.0.1.10117 > 239.255.255.250.1900: udp 327 [ttl 1] The em0 interface worked without an issue using 4.4 as did gem0. Here are my interface configurations using gem0: # ifconfig -a lo0: flags=8049 mtu 33160 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 gem0: flags=8863 mtu 1500 lladdr 00:03:ba:04:b2:1d priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1 em0: flags=8843 mtu 1500 lladdr 00:02:b3:ed:68:89 priority: 0 media: Ethernet autoselect (none) status: no carrier inet6 fe80::202:b3ff:feed:6889%em0 prefixlen 64 scopeid 0x2 enc0: flags=0<> mtu 1536 priority: 0 vlan2: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d priority: 0 vlan: 2 priority: 0 parent interface: gem0 groups: vlan inet6 fe80::203:baff:fe04:b21d%vlan2 prefixlen 64 scopeid 0x5 inet 10.107.208.1 netmask 0xff00 broadcast 10.107.208.255 vlan3: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d priority: 0 vlan: 3 priority: 0 parent interface: gem0 groups: vlan egress inet6 fe80::203:baff:fe04:b21d%vlan3 prefixlen 64 scopeid 0x6 inet x.x.x.x netmask 0xfc00 broadcast 255.255.255.255 vlan4: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d priority: 0 vlan: 4 priority: 0 parent interface: gem0 groups: vlan inet6 fe80::203:baff:fe04:b21d%vlan4 prefixlen 64 scopeid 0x7 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 vlan5: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d priority: 0 vlan: 5 priority: 0 parent interface: gem0 groups: vlan inet6 fe80::203:baff:fe04:b21d%vlan5 prefixlen 64 scopeid 0x8 inet 10.180.16.1 netmask 0xff00 broadcast 10.180.16.255 pflog0: flags=141 mtu 33160 priority: 0 groups: pflog Here are my interface configurations using em0: lo0: flags=8049 mtu 33160 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 gem0: flags=8863 mtu 1500 lladdr 00:03:ba:04:b2:1d priority: 0 media: Ethernet autoselect (none) status: no carrier inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1 em0: flags=8843 mtu 1500 lladdr 00:02:b3:ed:68:89 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,master) status: active inet6 fe80::202:b3ff:feed:6889%em0 prefixlen 64 scopeid 0x2 enc0: flags=0<> mtu 1536 priority: 0 vlan2: flags=8843 mtu 1500 lladdr 00:02:b3:ed:68:89 priority: 0 vlan: 2 priority: 0 parent interface: em0 groups: vlan inet6 fe80::202:b3ff:feed:6889%vlan2 prefixlen 64 scopeid 0x5 inet 10.107.208.1 netmask 0xff00 bro
Re: OpenBGP default route selection process
On Sun, May 24, 2009 at 12:22 PM, Claudio Jeker wrote: > On Sun, May 24, 2009 at 11:54:37AM -0600, Justin Credible wrote: > > > >> I figured this one out. This particular problem was caused because i had set: >> >> nexthop qualify via bgp >> > > Why did you set this? Just for fun or was there a reason behind it. It was a last resort ro another problem which I was having (See thread titled "BGP responding with wrong IP address."). I thought that If i set this, that the correct interface would respond at the router since it seems as though random interfaces were responding. > >> I don't know why that setting in particular set all of my routes to >> point at Level 3 regardless of the preferential settings against it, >> but how i got around it is simple. >> >> route add -mpath default gw1 >> route add -mpath default gw2 >> etc... >> >> Then change that setting to >> >> nexthop qualify via default >> > > Why did you set this? Just for fun or was there a reason behind it. > If you need to use "nexthop qualify via default" or "nexthop qualify via > bgp" then you have an error in your network setup. Either you should use > an IGP (like ospfd) or have a static route to the bgp router. I toggled this setting to see if it would make a difference on the routing tables. My main reason for setting preferred routes is because BGP was selecting Level3 as default for our route to Latin America. We implemented GBLX since there are only two or three hops to Latin America through them, but BGP wasn't selecting them by default, therefore i had to manually intervene. This setting seems to have fixed that particular problem but the problem in thread "BGP responding with wrong IP address." still exists somewhat. In a way they are related, in more ways they are not, that's why I have them as separate threads. I don't use OSPFD yet since I am very new to BGP. Once I master BGP I will move on to learning about the other things which plug in to it, rather than screwing everything up all at once (especially in a live production environment). Thanks!
Re: OpenBGP default route selection process
On Sun, May 24, 2009 at 11:54:37AM -0600, Justin Credible wrote: > I figured this one out. This particular problem was caused because i had set: > > nexthop qualify via bgp > Why did you set this? Just for fun or was there a reason behind it. > I don't know why that setting in particular set all of my routes to > point at Level 3 regardless of the preferential settings against it, > but how i got around it is simple. > > route add -mpath default gw1 > route add -mpath default gw2 > etc... > > Then change that setting to > > nexthop qualify via default > Why did you set this? Just for fun or was there a reason behind it. If you need to use "nexthop qualify via default" or "nexthop qualify via bgp" then you have an error in your network setup. Either you should use an IGP (like ospfd) or have a static route to the bgp router. > Also make sure that the metric, localpref, etc are equal on all of the > peers (unless you want one taking up all of the routing tables). then > do a bgpctl reload > > The routing tables seem to have evened out now and become more > "realistic" and unbiased. There are now more routes through GBLX than > Level3 but only a few thousand, as opposed to the previous problem of > no dynamic routes pointing to GBLX. > -- :wq Claudio
Re: OpenBGP default route selection process
On Sat, May 23, 2009 at 8:55 PM, Justin Credible wrote: > On Sat, May 23, 2009 at 6:35 PM, Justin Credible > wrote: >> >> Hi there, >> >> I am running OpenBSD 4.4 with OpenBGPD and multiple peers. >> >> For some reason the device is selecting Level3 as the default route for absolutely everything which is not statically set. >> >> On Level3 config i have set: >> >> set localpref 100 >> softreconfig in yes >> max-prefix 100 restart 300 >> >> For the others I have not set max-prefix. >> >> Also set >> >> nexthop qualify via bgp >> rde route-age evaluate >> >> and then stopped the session for Level 3 and started it again so it would seem "less stable" to the decision engine since it is a newer session, it is still the default for every single route. I even did a route flush and flushed them all, and did a refresh from another peer, at which point all routes came back, defaulting to Level3! >> >> How do i stop this from being my default route? >> >> The reason why is because it is not the best route most of the time. E.g. to some parts of the US it takes 16 hops through Level3, whereas Global Crossing will do it in 1 hop, Abovenet in 3, etc. >> >> Thanks! >> >> Ken > > If you need more examples here you go: > > # bgpctl show rib 199.185.137.3 > flags: * = Valid, > = Selected, I = via IBGP, A = Announced > origin: i = IGP, e = EGP, ? = Incomplete > flags destination gateway lpref med aspath origin > *>199.185.136.0/2364.x.x.x 200 1 3549 812 812 812 812 > 3602 22512 i > * 199.185.136.0/23212.x.x.x 100 500 3356 6453 812 3602 22512 i > # route -n show | grep 199.185.136.0/23 > # route -n show | grep 199.185.136 > 199.185.136/23 212.x.x.x UG100 -48 vlan400 > # route delete 199.185.136/23 > delete net 199.185.136/23 > # ping 199.185.137.3 > PING 199.185.137.3 (199.185.137.3): 56 data bytes > 64 bytes from 199.185.137.3: icmp_seq=0 ttl=245 time=150.000 ms > 64 bytes from 199.185.137.3: icmp_seq=1 ttl=245 time=155.865 ms > --- 199.185.137.3 ping statistics --- > 2 packets transmitted, 2 packets received, 0.0% packet loss > round-trip min/avg/max/std-dev = 150.000/152.932/155.865/2.958 ms > # route -n show | grep 199.185.136 > 199.185.136/23 212.x.x.x UG100 -48 vlan400 > # bgpctl show rib 199.185.137.3 > flags: * = Valid, > = Selected, I = via IBGP, A = Announced > origin: i = IGP, e = EGP, ? = Incomplete > flags destination gateway lpref med aspath origin > *>199.185.136.0/2364.x.x.x 200 1 3549 812 812 812 812 > 3602 22512 i > * 199.185.136.0/23212.x.x.x 100 500 3356 6453 812 3602 22512 i > > > I've even set my config to be EXTREMELY biased against Level3 but it > (the 212 address) still populates my routing tables: > > > BGP routing table entry for 199.185.136.0/23 >3549 812 812 812 812 3602 22512 >Nexthop 64.x.x.x (via 212.x.x.x) from gblx-p1 (208.48.250.230) >Origin IGP, metric 1, localpref 200, external, valid, best >Last update: 00:26:45 ago >Communities: 3549:4356 3549:8013 3549:8023 3549:8043 3549:8073 > 3549:8090 3549:8163 3549:8173 3549:8223 3549:8233 3549:30840 > BGP routing table entry for 199.185.136.0/23 >3356 6453 812 3602 22512 >Nexthop 212.x.x.x (via 212.x.x.x) from level3-p2 (4.69.187.4) >Origin IGP, metric 500, localpref 100, external, valid >Last update: 00:26:45 ago > > > # traceroute -n 199.185.137.3 > traceroute to 199.185.137.3 (199.185.137.3), 64 hops max, 40 byte packets > 1 212.x.x.x 0.550 ms 0.555 ms 0.448 ms > 2 4.69.136.93 0.529 ms 0.445 ms 0.575 ms > 3 4.69.136.90 11.273 ms 17.935 ms 11.317 ms > 4 4.69.139.73 11.396 ms 11.439 ms 11.317 ms > 5 4.68.63.106 16.769 ms 17.935 ms 17.939 ms > 6 195.219.195.37 11.772 ms 195.219.83.2 11.687 ms 195.219.195.89 11.562 ms > 7 195.219.243.14 12.17 ms 195.219.195.22 164.349 ms 164.471 ms > 8 195.219.144.10 83.354 ms 195.219.144.1 12.184 ms 12.62 ms > 9 195.219.144.10 83.355 ms 83.270 ms 216.6.98.1 109.634 ms > 10 216.6.98.1 109.835 ms 109.880 ms 216.6.98.30 163.602 ms > 11 216.6.98.30 163.552 ms 163.741 ms 64.86.115.38 178.523 ms > 12 64.86.115.38 178.788 ms 179.88 ms 24.153.7.137 203.204 ms > 13 24.153.7.137 180.416 ms 210.443 ms 238.549 ms > 14 24.153.4.77 177.923 ms 178.712 ms 24.153.3.38 173.844 ms > 15 24.153.3.38 173.921 ms 174.215 ms 173.595 ms > 16 204.50.251.202 196.411 ms 207.107.204.178 177.465 ms 176.209 ms > 17 207.107.204.178 177.542 ms 177.960 ms 176.719 ms > 18 199.185.230.2 177.924 ms 199.185.137.3 177.712 ms 199.185.230.2 > 176.215 ms > # route add 199.185.137.3 64.x.x.x > add host 199.185.137.3: gateway 64.x.x.x > # traceroute -n 199.185.137.3 > traceroute to 199.185.137.3 (199.185.137.3), 64 hops max, 40 byte packets > 1 64.x.x.x 10.505 ms 10.427 ms 10.316 ms > 2 64.208.169.150 98.472 ms 98.635 ms 98.513 ms > 3 69.63.248.98 97.96 ms 102.9 ms 9
bioctl: BIOCCREATERAID: Invalid argument
I'm playing with softraid on current (OpenBSD 4.5 GENERIC.MP#128 amd64) and getting to the point where I'm unable to take down or write-over existing devices. I can't find any existing device to remove, but am nonetheless unable to create a new RAID 0 array. bioctl gives these complaints: # bioctl -c 0 -l /dev/sd0a,/dev/sd1a softraid0 bioctl: BIOCCREATERAID: Invalid argument # bioctl -d sd1 bioctl: delete volume sd1 failed # bioctl -d sd3 bioctl: Can't open sd3: Device not configured # bioctl -C force -d sd3 bioctl: Can't open sd3: Device not configured # bioctl -C force -d sd1 bioctl: delete volume sd1 failed # bioctl -i sd0 sd0: , serial \\037 JetFlashTS4GJFT3 8.07 # bioctl -i sd1 sd1: , serial \\037 JetFlashTS4GJFT3 8.07 dmesg gives this complaint: ... softraid0 at root softraid0: roaming device sd3a -> sd1a softraid0: not assembling partial disk that used to be volume 0 ... softraid0: not all chunks are of the native metadata format softraid0: can't attach metadata type 0 The steps I follow to try to make a clean start are: # A - Initialize partition tables for RAID array fdisk -iy sd0 fdisk -iy sd1 printf "d a\nq\n\n" | disklabel -E sd0 printf "d a\nq\n\n" | disklabel -E sd1 # B - Create RAID partitions printf "a\n\n\n\nRAID\nw\nq\n\n" | disklabel -E sd0 printf "a\n\n\n\nRAID\nw\nq\n\n" | disklabel -E sd1 # C - RAID 0, striping bioctl -c 0 -l /dev/sd0a,/dev/sd1a softraid0 but it's the last step, C, that gives an erorr, but A and B don't seem to be wiping the devices. Regards, -Lars ... hidev5 detached umass0 at uhub5 port 1 configuration 1 interface 0 "JetFlash Mass Storage Device" rev 2.00/1.00 addr 3 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets, initiator 0 sd0 at scsibus1 targ 1 lun 0: SCSI2 0/direct removable sd0: 3911MB, 512 bytes/sec, 8011774 sec total uhidev4 at uhub3 port 2 configuration 1 interface 0 "Logitech HID compliant keyboard" rev 1.10/1.80 addr 3 uhidev4: iclass 3/1 ukbd1 at uhidev4: 8 modifier keys, 6 key codes wskbd1 at ukbd1 mux 1 wskbd1: connecting to wsdisplay0 uhidev5 at uhub3 port 2 configuration 1 interface 1 "Logitech HID compliant keyboard" rev 1.10/1.80 addr 3 uhidev5: iclass 3/0, 2 report ids uhid3 at uhidev5 reportid 1: input=2, output=0, feature=0 uhid4 at uhidev5 reportid 2: input=1, output=0, feature=0 umass1 at uhub5 port 2 configuration 1 interface 0 "JetFlash Mass Storage Device" rev 2.00/1.00 addr 4 umass1: using SCSI over Bulk-Only scsibus2 at umass1: 2 targets, initiator 0 sd1 at scsibus2 targ 1 lun 0: SCSI2 0/direct removable sd1: 3911MB, 512 bytes/sec, 8011774 sec total softraid0: not all chunks are of the native metadata format softraid0: can't attach metadata type 0
Re: pf, altq, packet rate
* irix [2009-05-24 08:20]: > Over the past six years, the project altq was not added any new > features. no. I don't really see a need to add anything. If anyone does (s)he's free to submit diffs. > Although the project is fully prepared to little. parser error > There is a shortage of adding dynamic queues and the completion of porting > cdnr > and may be add some queue disciplines from altqd like blue, JoBB, as > you think ? we will certainly not add more disciplines, what for. we'd rather remove cbq, since it can be expressed in hfsc. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: pkg_add weirdness (4.5-current)
On Sat, 23 May 2009 11:44:30 +0200 Thomas Pfaff wrote: > > Feb28$ sudo pkg_add vim > > Ambiguous: vim could be vim-7.2.77-gtk2 vim-7.2.77-no_x11 > > Feb28$ > > > > May18$ sudo pkg_add vim > > May18$ > > > > I just upgraded the "Feb28" system to a May 18th snapshot (i386) > and the pkg_add behaviour has changed to what I described above. > So, for the record; the old behaviour is back again. Thanks.
Re: MPLS status questions.
On Sun, May 24, 2009 at 02:49:53PM +0200, Martin Schrvder wrote: > 2009/5/24, Stuart Henderson : > > The "P" (Private) suggests some kind of privacy. > > "MPLS is well suited to the task as it provides traffic isolation and > differentiation without substantial overhead." > Doesn't the public Internet do that too, when everyone plays by the rules and nothing is misconfigured?
Re: MPLS status questions.
2009/5/24, Stuart Henderson : > The "P" (Private) suggests some kind of privacy. "MPLS is well suited to the task as it provides traffic isolation and differentiation without substantial overhead." Best Martin
Re: MPLS status questions.
On 2009-05-24 10:49, Stuart Henderson wrote: Where in 'VPN' do you see some kind of encryption? Intranets were build on FR clouds, ATM clouds, now on IP clouds. If your understanding of VPN means "IPsec" then maybe it's time to get back to some serious learning about the real world out there. The "P" (Private) suggests some kind of privacy. Yep, but in networking world it usually means separation, not encryption. Just like with FR or ATM. It gives privacy, just like MPLS VPNs in IP world. If the SP providing the service would make some errors the privacy will be no more, but again - this is just like in the 'good old days' of FR clouds, and still it is a problem within existing ATM clouds. So many users of "IP VPNs" are putting own encryption over the cloud, but it's outside the scope of technical definition of MPLS VPN, and VPN itself as a 'service'. One way or another, bashing somebody with 'typical networking idiots' with apparent lack of understanding for the technologies involved is hardly a proper attitude. -- "Don't expect me to cry for all the | #ukasz Bromirski reasons you had to die" -- Kurt Cobain |http://lukasz.bromirski.net
Re: MPLS status questions.
Il giorno dom, 24/05/2009 alle 09.52 +0200, Eukasz Bromirski ha scritto: > Is there any place to read on about it? Any draft howtos, man pages, > etc? Sorry, no man pages yet. > Is it in latest development build or already in 4.5? 4.5 ships a very embryonic stack mostly coded during n2k9, while -current has a working stack with basic functionalities.
Re: Block level snapshots - can I do them in OBSD?
Thanks for the replies, I understand that ZFS is unlikely to be ported to BSD any time soon. My requirements may seem a little puzzling, but I am also restricting the vulnerability of the clients by doing the second level of encryption/decryption (the one that lets the clients see the monolithic file as a partition) using smart cards to restrict the attack window for the fileserver to only the times when a user is actually accessing their data, or at least has left their card in. Without this second layer the server is a single point of failure if it is compromised since then it would have access to the plaintext, of course no matter what I do the workstation will always exhibit that same behaviour, but I hope the use of hardware tokens used only when necessary will limit the attack window. Do I _need_ this level of security? Probably not, I'm not the NSA and we don't have any data _that_ critical, but we keep some confidential stuff on there and I reckon security is cheap and regretting it after your data is compromised isn't. The reason I'm only using OpenBSD on the fileserver is because, much as I like BSD it doesn't meet my needs as a desktop OS, I like the design philosophy and would run it on the desktop if I felt I'd get the functionality I want. I'll obviously be doing some testing and playing with different solutions, and I'm not in a mad rush to implement this tomorrow, so I'd like to keep this thread going - I'm particularly interested to know if anyone knows the status of a port of HAMMER to BSD (if one is even planned) and if anyone can answer authoritativly whether the snapshots in it are block level? This seems to be my best chance of getting a BSD based solution. thanks Paul
mclpools limit reached; increase kern.maxclusters
Hi I get 'WARNING: mclpools limit reached; increase kern.maxclusters' whenever I transfer a large file with sftp or bittorrent on wpi interface. With bittorent and many peers I get the error after a couple of minutes, with sftp I get the error after transferring 600+MB or so. After receiving the warning, the only remedy I've found so far is to reboot. Any suggestions on where to go from here, besides blindly increasing kern.maxclusters? /Markus OpenBSD 4.5-current (GENERIC.MP) #77: Mon May 18 14:04:33 CEST 2009 r...@klang:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2137718784 (2038MB) avail mem = 2063753216 (1968MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf2a6d (25 entries) bios0: vendor Hewlett-Packard version "68DDU Ver. F.10" date 01/11/2008 bios0: Hewlett-Packard HP Compaq 6710b (GR679ET#AK8) acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SLIC HPET APIC MCFG TCPA SSDT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices C0B0(S5) C108(S3) C10F(S3) C110(S3) C111(S3) C119(S3) C11A(S3) C11B(S3) C131(S5) C2A1(S5) C132(S5) C137(S5) C134(S5) C2A2(S5) C23D(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, 1995.28 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 2MB 64b/line 8-way L2 cache cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, 1995.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu1: 2MB 64b/line 8-way L2 cache ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpiprt0 at acpi0: bus 2 (C0B0) acpiprt1 at acpi0: bus 8 (C11D) acpiprt2 at acpi0: bus 16 (C131) acpiprt3 at acpi0: bus 24 (C132) acpiprt4 at acpi0: bus 40 (C134) acpiprt5 at acpi0: bus 0 (C003) acpiec0 at acpi0 acpicpu0 at acpi0 acpicpu1 at acpi0 acpitz at acpi0 not configured acpitz at acpi0 not configured acpitz at acpi0 not configured acpitz at acpi0 not configured acpitz at acpi0 not configured acpibat0 at acpi0: C23B model "Primary" serial 20667 2007/08/17 type LIon oem "Hewlett-Packard" acpibat1 at acpi0: C23A not present acpiac0 at acpi0: AC unit online acpibtn0 at acpi0: C2BF acpibtn1 at acpi0: C153 acpivideo at acpi0 not configured cpu0: unknown Enhanced SpeedStep CPU, msr 0x06120a2506000a25 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 2000 MHz (1292 mV): speeds: 2000, 1200 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel GM965 Host" rev 0x0c vga1 at pci0 dev 2 function 0 "Intel GM965 Video" rev 0x0c wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1: apic 1 int 16 (irq 10) drm0 at inteldrm0 "Intel GM965 Video" rev 0x0c at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x03: apic 1 int 16 (irq 10) uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x03: apic 1 int 17 (irq 10) ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x03: apic 1 int 18 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 "Intel 82801H HD Audio" rev 0x03: apic 1 int 16 (irq 10) azalia0: codecs: Analog Devices AD1981HD, AT&T/Lucent/0x1040, using Analog Devices AD1981HD audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x03 pci1 at ppb0 bus 8 ppb1 at pci0 dev 28 function 1 "Intel 82801H PCIE" rev 0x03: apic 1 int 17 (irq 10) pci2 at ppb1 bus 16 wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 1 int 17 (irq 10), MoW2, address 00:1b:77:c7:4a:bc ppb2 at pci0 dev 28 function 2 "Intel 82801H PCIE" rev 0x03: apic 1 int 18 (irq 11) pci3 at ppb2 bus 24 bge0 at pci3 dev 0 function 0 "Broadcom BCM5787M" rev 0x02, BCM5754/5787 A2 (0xb002): apic 1 int 18 (irq 11), address 00:1a:4b:69:c0:69 brgphy0 at bge0 phy 1: BCM5787 10/100/1000baseT PHY, rev. 0 ppb3 at pci0 dev 28 function 4 "Intel 82801H PCIE" rev 0x03: apic 1 int 16 (irq 10) pci4 at ppb3 bus 40 uhci2 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x03: apic 1 int 20 (irq 10) uhci3 at pci0 dev 29 function 1 "Intel 82801H USB" rev 0x03: apic 1 int 21 (irq 10) uhci4 at pci0 dev 29 function 2 "Intel 82801H USB" rev 0x03: apic 1 int 18 (irq 11) ehci1 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x03: apic 1 int 20 (irq 10) usb1 at ehci1: USB revision 2.0 uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00
Re: MPLS status questions.
On Sun, May 24, 2009 at 08:49:02AM +, Stuart Henderson wrote: > On 2009-05-24, ?ukasz Bromirski wrote: > >> It is not a "VPN" in any sense that you use over the internet or any > > > public network (such as a commercial telco) > > > > Where in 'VPN' do you see some kind of encryption? Intranets were > > build on FR clouds, ATM clouds, now on IP clouds. If your understanding > > of VPN means "IPsec" then maybe it's time to get back to some serious > > learning about the real world out there. > > > > The "P" (Private) suggests some kind of privacy. > I believe that this rates an "oh, snap!"
Re: OpenBSD 4.5 - bsd.rd stalls on boot?
On 2009-05-23, woolsherpahat wrote: > Hello @misc: > > I am trying to install OpenBSD 4.5 (i386) onto my Soekris 4501. > Unfortunately, I cannot seem to get PXEboot to work properly. I setup > my host machine in accordance with the FAQ and I have tested it > locally with the tftp client (i.e., I can successfully execute a 'get > bsd.rd' from localhost). > > It appears PXEboot starts but cannot correctly load the kernel. If I > manually load the kernel it appears to stall. If I just let the > machine sit for five minutes at this step nothing else appears to > happen. Has anyone else seen this problem and/or have advice on how > to resolve it? this is a serial console problem, not a pxeboot problem. mkdir /tftpboot/etc echo set tty com0 > /tftpboot/etc/boot.conf
Re: MPLS status questions.
On 2009-05-24, ?ukasz Bromirski wrote: >> It is not a "VPN" in any sense that you use over the internet or any > > public network (such as a commercial telco) > > Where in 'VPN' do you see some kind of encryption? Intranets were > build on FR clouds, ATM clouds, now on IP clouds. If your understanding > of VPN means "IPsec" then maybe it's time to get back to some serious > learning about the real world out there. > The "P" (Private) suggests some kind of privacy.
Re: BGP responding with wrong IP address.
On 2009-05-23, Justin Credible wrote: >> > >> > So here would be another example. >> > >> > A traceroute should be: >> > >> > Traceroute 172.16.1.1 >> > 1.192.168.253.211 AS3549 >> > 2.192.168.24.5 AS3549 >> > 3. 192.168.0.1 AS3549 >> > 4. 172.16.1.1 MYASN >> > >> > But instead it would look something like this: >> > >> > Traceroute 172.16.1.1 >> > 1.192.168.253.211 AS3549 >> > 2.192.168.24.5 AS3549 >> > 3. 10.0.0.1 AS3356 >> > 4. 172.16.1.1 MYASN this is not necessarily the case; if the route _from_ 172.16.1.1 to 192.168.253.211 is via 3356 then this is exactly what you'll see. but, you say changing the default route changes behaviour... >> > >> > So the IP address which i use to peer with Level3 responds at the second >> > last hop, rather than the Global Crossing IP since it traversed the >> entire >> > way through Global Crossing. Both of the IPs which respond at the second >> > last hop are on my router so the problem is on my end. It doesn't appear >> to >> > be a BGP problem as much as a default route problem. >> >> So, this part of my mail applies: >> >> "If you traceroute _through the router to another host_ (ip_icmp.c:668) >> it will do a route lookup for the source, and use that as the source >> address of the ICMP message (which is what shows in traceroute). >> >> What routes do you carry besides the default? No matter where default >> points, if you have a specific route for the source of the traceroute >> packets then it shouldn't be using the default. i.e. if you carry full >> tables, you shouldn't see this." >> >> Do you carry full tables? > > > Yes sir > > >> >> >> > I tried adding "reply-to" rules in my pf.conf so that traffic that comes >> in >> > on one interface will go out the same interface but that doesn't seem to >> > work either, since the reply from the wrong address happens before or >> during >> > the state that stateful connections are being established. >> >> PF isn't involved in this address selection, it's a message from the >> router's IP stack because the TTL was exceeded, the lookup is entirely >> done in the stack, reply-to isn't used. >> >> > Ok I think I understand that... So what should be my next move? > > What output do you get from these? route -n get bgpctl sh rib bgpctl sh fib ( being where you're doing the traceroute from).
Re: MPLS status questions.
On 2009-05-02 18:37, Chris Cappuccio wrote: What's really frustrating here are the network admins I work with that are trying to migrate from ipsec vpns to MPLS because it's "easier" and "just as secure". Typical networking idiots. Maybe yes. > Some telcos sell an "MPLS IP VPN" service which is comparable in > implementation to frame relay, but switched by MPLS switches/routers > instead of frame relay switches. There is no encryption. Why you are suprised? Maybe you didn't have any time to read about what MPLS VPN is and what it isn't? Even wikipedia has something to tell you about it, not mentioning any book on the subject. It is not a "VPN" in any sense that you use over the internet or any > public network (such as a commercial telco) Where in 'VPN' do you see some kind of encryption? Intranets were build on FR clouds, ATM clouds, now on IP clouds. If your understanding of VPN means "IPsec" then maybe it's time to get back to some serious learning about the real world out there. -- "Don't expect me to cry for all the | Eukasz Bromirski reasons you had to die" -- Kurt Cobain |http://lukasz.bromirski.net
Re: MPLS status questions.
On 2009-04-29 21:48, Michele Marchetto wrote: Il giorno mar, 28/04/2009 alle 20.18 -0400, Daniel Ouellet ha scritto: So, I am not sure where this is and I am curious as to what stage it might be? We are moving things forward. The current stack have really basic functionalities but it is working. I use it. Now it support just static labeling through route(8) but i am developing ldpd out of the tree, and i hope to import it very soon. It is in some advanced state. Is there any place to read on about it? Any draft howtos, man pages, etc? Is it in latest development build or already in 4.5? -- "Don't expect me to cry for all the | #ukasz Bromirski reasons you had to die" -- Kurt Cobain |http://lukasz.bromirski.net