Re: Why I left OpenBSD

[Damien Miller]

On Thu, 10 Jun 2010, Samuel Baldwin wrote:

> > Those who taste the de Raadt wrath, however, always run in the end. A friend
> > of mine once incurred his ire by asking the wrong question at the wrong 
> > time,
> > and Theo de Raadt hacked his router and remotely remapped his keyboard!
> 
> hahahahahaha, slander? Hilarious either way.

Please, someone do an image macro. "I'm in ur router, remappin' yar keyz"

Re: Why I left OpenBSD

[Casey Allen Shobe]

On Thu, Jun 10, 2010 at 8:28 PM, Samuel Baldwin
wrote:

> > Those who taste the de Raadt wrath, however, always run in the end. A
> friend
> > of mine once incurred his ire by asking the wrong question at the wrong
> time,
> > and Theo de Raadt hacked his router and remotely remapped his keyboard!
>
> hahahahahaha, slander? Hilarious either way.
>

Haha, keyboard remapping abuse!  That was the most hilarious part of the
whole post, indeed.

One time, I E-Mailed Richard Stallman about a fetchmail question, and he
hacked into my box and deleted everything not GPL-licensed!

Cheers,
-- 
Casey Allen Shobe
ca...@shobe.info

Re: Processeur Atom ?

[Sean Kamath]

On Jun 10, 2010, at 12:28 PM, Teemu Rinta-aho wrote:

> On 06/10/2010 09:18 PM, E.T wrote:
>> Hi all
>>
>> I would like to make a firewall / router running OpenBSD. I
>> watch the ARM processors / Geode but they are less powerful and expensive
>> for a complete solution. I also looked at the solution Soekris but is
>> expensive compared to D510mo from Intel.
>
> Well it depends what size of a box etc. you want, but for example I have
> a Jetway NC92-330-LF mini-itx motherboard with a daughterboard of
> 3 Intel gigabit NICs and everything works great with OpenBSD! :-)

I'm curious about the 'expensive' part of the OP.  What price for good little
firewall?  And what level of performance are you looking for?  I only need
5M/.7M for a small number of client machines and a couple of servers
(web/dns/mail).

I've been running my firewalls on old Sun IPX machines (upgraded to Cyclades
motherboards, and Fujitsu TurboSparc 170) for so long that I recently thought
I should move out of the 90s.  So I bought a PC Engines Alix 2d13 (same as a
2d3 but with a real time clock).  I spent a total of < $150US on it (including
2G CF card, case, power supply and motherboard).  Showed up in like three days
from Europe to CA, US.  Installation was little more than hooking up to a box
that could be a PXE server, and bam, Bob's your uncle, the OS installed in no
time (first time with the new installer -- VERY SLICK).

I haven't gotten the box installed as a firewall (planning on doing that
tonight, maybe tomorrow), but the only thing I've had an issue with so far is
the real time clock (I only got the 2d13 because the 2d3 was out of stock).

The Jetway referenced above seems to be about the same price (maybe a little
bit more expensive) than the Alix board.  I didn't go with an Atom board
because, well, PC Engines makes it clear they work with OpenBSD -- Money where
my mouth is and all that.  Not that I wouldn't have gone with the Jetway, I
hadn't stumbled on it.

Because the RTC isn't read correctly I had to switch ntpd to use -s to set the
time.  That's the only thing I've had to work around at all.  And I really
could care less about that. (and I've done NOTHING to try and fix it yet,
since I only noticed it on the last reboot last night.

dmesg follows.

Sean

PS I have to admit I'm befuddled why you'd want a frame buffer on a firewall
-- it's a firewall, not a desktop.  But whatever.  Do what you want, buy what
you want.  Hell, I used old desktops for over 10 years (granted, without using
the frame buffer)! I'm happy with how my stuff's working out.  And I buy the
CDs. :-)


OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 499
MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 268009472 (255MB)
avail mem = 250978304 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x33
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10, address
00:0d:b9:1d:89:e0
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 10 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, address
00:0d:b9:1d:89:e1
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr2 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 15, address
00:0d:b9:1d:89:e2
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 3, 32-bit
3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 1-sector PIO, LBA, 1919MB, 3931200 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 12, version
1.0, legacy support
ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 12
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at 

Re: Why I left OpenBSD

[Samuel Baldwin]

> Those who taste the de Raadt wrath, however, always run in the end. A friend
> of mine once incurred his ire by asking the wrong question at the wrong time,
> and Theo de Raadt hacked his router and remotely remapped his keyboard!

hahahahahaha, slander? Hilarious either way.

-- 
Samuel Baldwin - logik.li

Re: Why I left OpenBSD

[VICTOR TARABOLA CORTIANO]

He is just trolling...

Just look at his postings...

Re: Processeur Atom

[Daniel Ouellet]

On 6/10/10 4:06 PM, E.T wrote:

My main
question and therefore, is that OpenBSD supports a 100%, the atom D510?.
The X server is configured with more time. But there will be no more bugs
or conflicts later, more severe and troublesome.


Same URL as earlier today.

You should check the archive first.

DMESG included:

http://marc.info/?l=openbsd-misc&m=127078571618143&w=2

http://marc.info/?l=openbsd-misc&m=127050936423288&w=2

Fully loaded with memory and two pretty good drives as wellas shown in 
dmseg.


Total power to run it is as follow:

Power: 31 Watts.

Power factor: 87%

No need to say this is very quiet, no fan, but I did add one blower type 
in it just to keep it real cool, even if not needed and it's a very 
quiet one too. Add 1.4 watt to the power, so really no big deal.


Best,

Daniel

Ospfd.conf, fib-update, and Syntax Errors

[Andrew Klettke]

All,

I'm having a really strange issue with a 4.7 box running -stable and the 
option "fib-update no" in ospfd.conf:


Here's my ospfd.conf:
# cat /etc/ospfd.conf
# $OpenBSD: ospfd.conf,v 1.4 2007/06/19 16:49:56 reyk Exp $

# Global Config
router-id ***.***.***.***
fib-update no


area 0.0.0.31 {
interface fxp0 {
auth-type crypt
auth-md-keyid **
auth-md 1 
   }
interface lo1 {
passive
}
}

Now, when I try to bring up ospfd...
# ospfd -n
/etc/ospfd.conf:5: syntax error

Line 5, of course, is the "fib-update no" line. I know this is the 
correct synatx ( or at least the man page for ospfd.conf says so), so 
what gives?


--
Thanks,

Andrew Klettke
Optic Fusion NOC
253-830-2943

Re: Aspire One VGA (Intel 82945GME Video) not working in current but works in release

[E.T]

Hi

I also crash X server. My graphics controller is an Intel GMA 3150 tested
with OpenBSD 4.7.

On Thu, 10 Jun 2010 23:17:27 +0200, Dusty  wrote:
> Hi
> 
> I've recently installed OpenBSD 4.7 Release on my laptop, an Acer Aspire

> One with SSD. Enjoying the improved performance I decided I wanted to 
> follow current. I was hoping for webcam and ath0 support. (Apparently 
> I'm SOL when it comes to the ath0, its one of 'those' chipsets that 
> doesn't work)
> The major problem I have is that on current (snapshot or compiled latest

> source) X stops working.
> In release everything works fine, run gnome, got nice visual effects, 
> everything seems fine.
> In current (snapshot June 7th) when X tries to start the LCD panel turns

> off completely (not just goes dark) actually goes black like it does 
> when the computer powers down.
> I'm happy to substitute the ath0 with my ural or rum but I can't live 
> without X working.
> Attached is -release and -current dmesg along with pcidump -v

Re: Processeur Atom

[E.T]

very, very small processor. N270 best performance? . Firewall or desktop ?


> 
> OpenBSD 4.6-current (RAMDISK_CD) #149: Mon Sep 14 04:31:59 MDT 2009
> t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
> cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz ("GenuineIntel" 686-class)
> 1.60 GHz
> cpu0:

Re: Processeur Atom

[E.T]

In fact, there is color, the buttons work. That's cool :)

Tanks 

> Maybe, but it beats the pants off the old Asus eeePC I had. It's a
> netbook. I use it for portable productivity, coding, testing and web
> surfing... not as an Internet gateway/FW.

-- 
@plus

Re: Processeur Atom ?

[Brad Tilley]

FRLinux wrote:
> On Thu, Jun 10, 2010 at 7:32 PM, Joachim Schipper
>  wrote:
>>> I would like to make a firewall / router running OpenBSD.
>> Okay, but what is your question?
> 
> 
> I guess he is asking if all Atom processors are compatible with
> OpenBSD, which i guess is pretty much a given :)

I use it on several atom based netbooks. Works fine. Has for a long time.

> My question (sorry for hijacking this thread) is : is there any people
> on this list who switched from soekris (geode) to atom, and are they
> happy with speed and everything? Reason I mention that is i'd love to
> move my setup to atom/ssd eventually but haven't seen much on the list
> about it.
> 
> Cheers,
> Steph

Processeur Atom

[E.T]

Hi 

In this text, I have a athlon1 available. But it takes a lot of
room, very hot, a lot of noise, and consumes much electricity. I try to
disconnect the fan to see, but the CPU temperature was up to 105 B0 C in 5
minutes. Otherwise, OpenBSD operating nickel above, I installed all the
packets, X-Windows nickel. No problemo. 

They gave me 15 minutes a Atom
510mo. I did an install with all the packets, X-windows crash, crash T_T.


Atom 230, 330 is the first generation of the processor. 410, 510 is the
second generation. What is not stated on the website of openbsd. 

My main
question and therefore, is that OpenBSD supports a 100%, the atom D510?.
The X server is configured with more time. But there will be no more bugs
or conflicts later, more severe and troublesome. 

Nobody has tested this
platform. 

Thank you for the assistance  
-- 
@plus

Re: Processeur Atom ?

[Daniel Ouellet]

On 6/10/10 2:41 PM, FRLinux wrote:

I guess he is asking if all Atom processors are compatible with
OpenBSD, which i guess is pretty much a given :)

My question (sorry for hijacking this thread) is : is there any people
on this list who switched from soekris (geode) to atom, and are they
happy with speed and everything? Reason I mention that is i'd love to
move my setup to atom/ssd eventually but haven't seen much on the list
about it.


http://marc.info/?l=openbsd-misc&m=127050936423288&w=2

And pretty easy remote install and management of the box too:

http://marc.info/?l=openbsd-misc&m=127078571618143&w=2

Works well so far.

Daniel

Re: Processeur Atom

[Brad Tilley]

E.T wrote:
> very, very small processor. N270 best performance? . Firewall or desktop ?
> 
> 
>> OpenBSD 4.6-current (RAMDISK_CD) #149: Mon Sep 14 04:31:59 MDT 2009
>> t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
>> cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz ("GenuineIntel" 686-class)
>> 1.60 GHz
>> cpu0:
>

Maybe, but it beats the pants off the old Asus eeePC I had. It's a
netbook. I use it for portable productivity, coding, testing and web
surfing... not as an Internet gateway/FW.

pf and "!"

[Peter Fraser]

The same view of "or"ing items should then apply to tables as well, as does
the use of "{" "}" as macro expansion,
and we all know this not true.

It is also true that  "{" and "}" elsewhere  are not simple macro expansion.
If they were simple macro expansion then

Block {in out} from addr

Would be valid and it is not

The wishy washy words do tell you that those rules do not apply to address
inside of tables
(well at least in the pf faq they do, but not in man pf.conf) and that the use
of "{" "}" there do not  cause macro expansion.

It does not bother me one way or another how it works.  I can do what I want
by creating an additional table.
I got the information that I needed without the necessity of building a test
system to try it.

I don't think it is obvious, but  I agree it would have be obvious if "{" "}",
were a simple macro expansion, but they are not.



> > On Thu, Jun 10, 2010 at 02:08:04PM -0400, Peter Fraser wrote:
> > > I (and I realize I was wrong ) always considered that
> > >
> > > pass quick  from { addr 1, addr2 }
> > >
> > > Could be written as
> > >
> > > pass quick from addr1
> > > pass quick from addr2
> > >
> > > put if "!" are used this obvious should not be true
> > >
> > > pass quick from { !addr1,  !addr2 }
> > >
> > > cannot be the same as ( at least I hope since I haven't built the
> > > system to test it)
> >
> > > pass quick from !addr1
> > > pass quick from !addr2
> >
> > Yes, it means exactly that.
> >
> > This is not what you'd naively expect, but completely obvious once you
> > understand that {} just macro-expands ("copy-and-pastes"). You can use
> > a table to do what you expect to work.
>
>  In these grammers it is obvious that things listed after each other are
joined with an implicit OR operator:
>
>   addr1 OR addr2
>
> And thus,
>
>   !addr1 OR !addr2
>
> How could it mean anything else?  The language does not read minds.
>
> And of course we don't commute it in an english sense.  Not in a spanish
sense either.  This is a programming langauge, not some wishy washy thing.

Re: Processeur Atom ?

[E.T]

yes, exactly !!!

See my complete post before.

On Thu, 10 Jun 2010 15:02:23 -0400, Brad Tilley 
wrote:
> FRLinux wrote:
>> On Thu, Jun 10, 2010 at 7:32 PM, Joachim Schipper
>>  wrote:
 I would like to make a firewall / router running OpenBSD.
>>> Okay, but what is your question?
>> 
>> 
>> I guess he is asking if all Atom processors are compatible with
>> OpenBSD, which i guess is pretty much a given :)
> 
> I use it on several atom based netbooks. Works fine. Has for a long
time.
> 
>> My question (sorry for hijacking this thread) is : is there any people
>> on this list who switched from soekris (geode) to atom, and are they
>> happy with speed and everything? Reason I mention that is i'd love to
>> move my setup to atom/ssd eventually but haven't seen much on the list
>> about it.
>> 
>> Cheers,
>> Steph

-- 
@plus

Re: Processeur Atom ?

[Vijay Sankar]

FRLinux wrote:

On Thu, Jun 10, 2010 at 7:32 PM, Joachim Schipper
 wrote:

I would like to make a firewall / router running OpenBSD.

Okay, but what is your question?



I guess he is asking if all Atom processors are compatible with
OpenBSD, which i guess is pretty much a given :)

My question (sorry for hijacking this thread) is : is there any people
on this list who switched from soekris (geode) to atom, and are they
happy with speed and everything? Reason I mention that is i'd love to
move my setup to atom/ssd eventually but haven't seen much on the list
about it.

Cheers,
Steph



I have not switched from Soekris to Atom. But I have two firewalls that 
 are on ASUS 1005HA netbooks with four interfaces on each (athn0, alc0, 
and two USB nics -- axe0 and axe1). OpenBSD as usual works great and so 
far I have not had any problems with the hardware.


$ sysctl hw
hw.machine=i386
hw.model=Intel(R) Atom(TM) CPU N280 @ 1.66GHz ("GenuineIntel" 686-class)
hw.ncpu=2
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0
hw.diskcount=1
hw.sensors.acpitz0.temp0=59.00 degC (zone temperature)
hw.sensors.acpibat0.volt0=10.80 VDC (voltage)
hw.sensors.acpibat0.volt1=12.31 VDC (current voltage)
hw.sensors.acpibat0.amphour0=5.80 Ah (last full capacity)
hw.sensors.acpibat0.amphour1=0.51 Ah (warning capacity)
hw.sensors.acpibat0.amphour2=0.26 Ah (low capacity)
hw.sensors.acpibat0.amphour3=5.59 Ah (remaining capacity), OK
hw.sensors.acpibat0.raw0=0 (battery idle), OK
hw.sensors.acpibat0.raw1=0 (rate)
hw.sensors.acpiac0.indicator0=On (power supply)
hw.sensors.cpu0.temp0=41.00 degC
hw.cpuspeed=1667
hw.setperf=100
hw.vendor=ASUSTeK Computer INC.
hw.product=1005HA
hw.version=x.x
hw.physmem=1064529920
hw.usermem=1064452096
hw.ncpufound=2

--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca

Aspire One VGA (Intel 82945GME Video) not working in current but works in release

[Dusty]

Hi

I've recently installed OpenBSD 4.7 Release on my laptop, an Acer Aspire 
One with SSD. Enjoying the improved performance I decided I wanted to 
follow current. I was hoping for webcam and ath0 support. (Apparently 
I'm SOL when it comes to the ath0, its one of 'those' chipsets that 
doesn't work)
The major problem I have is that on current (snapshot or compiled latest 
source) X stops working.
In release everything works fine, run gnome, got nice visual effects, 
everything seems fine.
In current (snapshot June 7th) when X tries to start the LCD panel turns 
off completely (not just goes dark) actually goes black like it does 
when the computer powers down.
I'm happy to substitute the ath0 with my ural or rum but I can't live 
without X working.
Attached is -release and -current dmesg along with pcidump -v

Regards
Dusty
Domain /dev/pci0:
 0:0:0: Intel 82945GME Host
0x: Vendor ID: 8086 Product ID: 27ac
0x0004: Command: 0006 Status ID: 2090
0x0008: Class: 06 Subclass: 00 Interface: 00 Revision: 03
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR empty ()
0x0014: BAR empty ()
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1025 Product ID: 015b
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00
0x00e0: Capability 0x09: Vendor Specific
 0:2:0: Intel 82945GME Video
0x: Vendor ID: 8086 Product ID: 27ae
0x0004: Command: 0007 Status ID: 0090
0x0008: Class: 03 Subclass: 00 Interface: 00 Revision: 03
0x000c: BIST: 00 Header Type: 80 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR mem 32bit addr: 0x5848
0x0014: BAR io addr: 0x60c0
0x0018: BAR mem prefetchable 32bit addr: 0x4000
0x001c: BAR mem 32bit addr: 0x5850
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1025 Product ID: 015b
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00
0x0090: Capability 0x05: Message Signaled Interrupts (MSI)
0x00d0: Capability 0x01: Power Management
 0:2:1: Intel 82945GM Video
0x: Vendor ID: 8086 Product ID: 27a6
0x0004: Command: 0007 Status ID: 0090
0x0008: Class: 03 Subclass: 80 Interface: 00 Revision: 03
0x000c: BIST: 00 Header Type: 80 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR mem 32bit addr: 0x5840
0x0014: BAR empty ()
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1025 Product ID: 015b
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00
0x00d0: Capability 0x01: Power Management
 0:27:0: Intel 82801GB HD Audio
0x: Vendor ID: 8086 Product ID: 27d8
0x0004: Command: 0006 Status ID: 0010
0x0008: Class: 04 Subclass: 03 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR mem 64bit addr: 0x5854
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1025 Product ID: 015b
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00
0x0050: Capability 0x01: Power Management
0x0060: Capability 0x05: Message Signaled Interrupts (MSI)
0x0070: Capability 0x10: PCI Express
 0:28:0: Intel 82801GB PCIE
0x: Vendor ID: 8086 Product ID: 27d0
0x0004: Command: 0007 Status ID: 0010
0x0008: Class: 06 Subclass: 04 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 81 Latency Timer: 00 Cache Line Size: 00
0x0010: 
0x0014: 
0x0018: Primary Bus: 0 Secondary Bus: 1 Subordinate Bus: 1 
Secondary Latency Timer: 00
0x001c: I/O Base: 50 I/O Limit: 50 Secondary Status: 2000
0x0020: Memory Base: 5730 Memory Limit: 5830
0x0024: Prefetch Memory Base: 5001 Prefetch Memory Limit: 50f1
0x0028: Prefetch Memory Base Upper 32 Bits: 
0x002c: Prefetch Memory Limit Upper 32 Bits: 
0x0030: I/O Base Upper 16 Bits:  I/O Lim

Re: Processeur Atom ?

[Erid S Pulley]

On Thu, June 10, 2010 12:18 pm, E.T wrote:
> Hi all
>
> I would like to make a firewall / router running OpenBSD. I
> watch the ARM processors / Geode but they are less powerful and expensive
> for a complete solution. I also looked at the solution Soekris but is
> expensive compared to D510mo from Intel.
>
> In the doc OpenBSD i386:
> http://openbsd.org/fr/i386.html
>
>  " PROCESSEURS
>
> Tous les processeurs
> compatibles avec l'architecture Intel 80386 (i386), C  l'exception du
> 80386
> lui-mC*me, sont supportC)s :
>
>   * 80486 (DX/DX2/DX4)
>   * Intel
> Pentium/Pentium-MMX
>   * Intel Pentium Pro/II/III/Celeron/Xeon
>   * Intel
> Pentium 4/D
>   * Intel Pentium M
>   * Intel Core
>   * Intel Core 2
>   *
> Intel Atom "


I replaced a net4801 with an Acer Aspire One(n270 atom) works without
issue for 7 months now. I usually run it at 800Mhz instead of 1.6 GHz to
keep the fan from getting noisy.

Nice little cheap box.

Re: Processeur Atom ?

[Teemu Rinta-aho]

On 06/10/2010 09:18 PM, E.T wrote:

Hi all

I would like to make a firewall / router running OpenBSD. I
watch the ARM processors / Geode but they are less powerful and expensive
for a complete solution. I also looked at the solution Soekris but is
expensive compared to D510mo from Intel.


Well it depends what size of a box etc. you want, but for example I have
a Jetway NC92-330-LF mini-itx motherboard with a daughterboard of
3 Intel gigabit NICs and everything works great with OpenBSD! :-)

Teemu

Multiple Internet Connections and Inbound ftp-proxy to FTP Server Behind Firewall OpenBSD 4.7

[dontek]

This is somewhat an extension of the thread "No SSH on External Interfaces
After pf.conf Rewrite for Load Balancing Outgoing Traffic" that Devin helped
me out with, but I started a new thread with a new title so other searching
might find it correctly.

 

I have one last issue since I moved to OpenBSD 4.7 and started doing
outbound load balancing with two internet connections.  This is with
connection to my inbound proxy from the internet to an FTP server behind my
OpenBSD firewall which fails to make a data connections.

 

Devin helped me to remember when dealing with more than one gateway, it is
necessary to use reply-to in my pass in rules to use the same gateway the
request came in on. (at least for certain services)  I used this same method
on my inbound redirects to the ftp-proxy, and my control connection is made,
but the data connection fails.  (active or passive)

 

Running ftp-proxy in debug mode 7 logging to standard output I see
essentially the same output I get in my FTP client:
using fixed server 10.52.91.10

listening on 127.0.0.1 port 21

#1 accepted connection from 75.21.149.231

#1 FTP session 1/100 started: client 75.21.149.231 to server 10.52.91.10 via
proxy 10.52.91.1

#1 server: 220 mydomain.net FTP - You're In!\r\n

#1 client: USER f...@mydomain.net\r\n

#1 server: 331 Password required for ftp@ mydomain.net\r\n

#1 client: PASS blah_my_pass_blah\r\n

#1 server: 230 Logged on\r\n

#1 client: SYST\r\n

#1 server: 215 UNIX emulated by FileZilla\r\n

#1 client: FEAT\r\n

#1 server: 211-Features:\r\n

#1 server:  MDTM\r\n

#1 server:  REST STREAM\r\n

#1 server:  SIZE\r\n

#1 server:  MLST type*;size*;modify*;\r\n

#1 server:  MLSD\r\n

#1 server:  AUTH SSL\r\n

#1 server:  AUTH TLS\r\n

#1 server:  UTF8\r\n

#1 server:  CLNT\r\n

#1 server:  MFMT\r\n

#1 server: 211 End\r\n

#1 client: PWD\r\n

#1 server: 257 "/" is current directory.\r\n

#1 client: TYPE I\r\n

#1 server: 200 Type set to I\r\n

#1 client: PASV\r\n

#1 server: 227 Entering Passive Mode (10,52,91,10,16,146)\r\n

#1 passive: client to server port 4242 via port 53549

#1 proxy: 227 Entering Passive Mode (192,168,0,1,209,45)\r\n

#1 client: MLSD\r\n

#1 server: 425 Can't open data connection.\r\n

#1 server: 421 Connection timed out.\r\n

#1 server close

#1 ending session
One thing I don't understand is, is this the proxy not being able to make
the data connection over the internal network to the back-end FTP server?
Or is this the client not being able to make the data connection through the
proxy?

 

Here are the applicable PF rules for the proxy.  The rest of the pf.conf is
almost exactly the same as the FAQ: Address Pools and Load Balancing
example.
anchor "ftp-proxy/*"

pass in quick on $ext_if_1 inet proto tcp to $ext_if_1 port ftp rdr-to
127.0.0.1 port ftp reply-to ($ext_if_1 $ext_gate_1)

pass in quick on $ext_if_2 inet proto tcp to $ext_if_2 port ftp rdr-to
127.0.0.1 port ftp reply-to ($ext_if_2 $ext_gate_2)

pass in on $int_if proto tcp to port ftp rdr-to 127.0.0.1 port 8021
This was all working, (and still is if I switch .confs) before the
modifications for multiple internet connections and outbound load balancing.
The outbound proxy is working just fine.  Any insights?

Re: Hosting at Strato.de: anybody using PowerServer L with Opteron 1212 HE?

[umaxx]

Hi,

On Thu, 10 Jun 2010 20:27:22 +0200
Markus Hennecke  wrote:

> >> A guy
> >> working at Strato told me that it was left out for marketing reasons
> >> to make the virtual servers look better.
> >
> > He seems to be wrong.
>
> I think I did not formulate the sentence right, he said that they left
> it out of the description because of marketing reasons. His server got a
> serial console too, but it is not on the page with the server features
> from where you can order a server.

Oh I checked it and they seem to changed it.
Some weeks ago as I ordered the server it was definetly listed.

> >
> >> Ok, marketing and reason in
> >> one sentence does not make any sense. I still got the old "M" server
> >> with the athlon and I have to disable ACPI to make it run correctly.
> >
> > I did not need to disable ACPI.
>
> Which mainboard and CPU does your server got?

As promised in the offer: 1210 Opteron.

> Mine is still an Athlon
> 3200+ with a mainboard that uses nvidia crap. Yes, I have been using
> this server a for some releases of OpenBSD :)

I have no idea about the mainboard, dmesg says something about FUJITSU SIEMENS
D2461-C1
According to dmesg at least memory seems to be nvidia too.

Regards,

JC6rg

Re: pf and "!"

[Theo de Raadt]

> The same view of "or"ing items should then apply to tables as well, as does
> the use of "{" "}" as macro expansion,
> and we all know this not true.

You are making up rules as you go along.  Why don't you go read the code?

> It is also true that  "{" and "}" elsewhere  are not simple macro expansion.

Oh cut the crap.  Obviously there are different levels that macro
expansion can happen.  It isn't at the level that cpp works.  It isn't
at the level that m4, a different macro expansion language works,
either.  It isn't at the level that ksh expands it's macros, either.
Nor is it at the level that many other languages expand their macros.
But it is simple.  Perhaps what you mean is that when people say it is
simple, is too complex for you to understand.  Trust me.  It is
simple.  There have been proposals for other ways of doing this, but
(a) they were a lot more complex and (b) it is too late to change it
without very serious consideration.  Especially considering how angry
people got at the last serious pf change made (which we had to, to
advance pf's internal architecture for many reasons).

> If they were simple macro expansion then
>
> Block {in out} from addr
> 
> Would be valid and it is not

Let me put it this way:  valid everything no not.

> The wishy washy words do tell you that those rules do not apply to address
> inside of tables
> (well at least in the pf faq they do, but not in man pf.conf) and that the use
> of "{" "}" there do not  cause macro expansion.
> 
> It does not bother me one way or another how it works.  I can do what I want
> by creating an additional table.
> I got the information that I needed without the necessity of building a test
> system to try it.
> 
> I don't think it is obvious, but  I agree it would have be obvious if "{" "}",
> were a simple macro expansion, but they are not.

They are simple -- they are a simple substitution, even in the table
code.  The problem is you don't understand that tables can keep track
of positive and negative matches internally -- when given the lists of
objects.

Frankly, I think you are a whiner.

Re: Processeur Atom

[Brad Tilley]

E.T wrote:
> Hi 
> 
> In this text, I have a athlon1 available. But it takes a lot of
> room, very hot, a lot of noise, and consumes much electricity. I try to
> disconnect the fan to see, but the CPU temperature was up to 105 B0 C in 5
> minutes. Otherwise, OpenBSD operating nickel above, I installed all the
> packets, X-Windows nickel. No problemo. 
> 
> They gave me 15 minutes a Atom
> 510mo. I did an install with all the packets, X-windows crash, crash T_T.
> 
> 
> Atom 230, 330 is the first generation of the processor. 410, 510 is the
> second generation. What is not stated on the website of openbsd. 
> 
> My main
> question and therefore, is that OpenBSD supports a 100%, the atom D510?.
> The X server is configured with more time. But there will be no more bugs
> or conflicts later, more severe and troublesome. 
> 
> Nobody has tested this
> platform. 
> 
> Thank you for the assistance  

My newest atom is this:

OpenBSD 4.6-current (RAMDISK_CD) #149: Mon Sep 14 04:31:59 MDT 2009
t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz ("GenuineIntel" 686-class)
1.60 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,xTPR
real mem  = 1064595456 (1015MB)
avail mem = 1024802816 (977MB)

I have not used anything newer than that in the atom family. But what I
have used works fine.

Brad

Re: GMA 3150 (Was: Re: Aspire One VGA (Intel 82945GME Video) not working in current but works in release)

[Robert]

On Thu, 10 Jun 2010 23:32:56 +0200
"E.T"  wrote:

> Hi
> 
> I also crash X server. My graphics controller is an Intel GMA 3150
> tested with OpenBSD 4.7.

Don't hijack threads.
Search the mailinglist first.

Re: pf and "!"

[Theo de Raadt]

> On Thu, Jun 10, 2010 at 02:08:04PM -0400, Peter Fraser wrote:
> > I (and I realize I was wrong ) always considered that
> > 
> > pass quick  from { addr 1, addr2 }
> > 
> > Could be written as
> > 
> > pass quick from addr1
> > pass quick from addr2
> > 
> > put if "!" are used this obvious should not be true
> > 
> > pass quick from { !addr1,  !addr2 }
> > 
> > cannot be the same as ( at least I hope since I haven't built the system to
> > test it)
> > 
> > pass quick from !addr1
> > pass quick from !addr2
> 
> Yes, it means exactly that.
> 
> This is not what you'd naively expect, but completely obvious once you
> understand that {} just macro-expands ("copy-and-pastes"). You can use a
> table to do what you expect to work.

In these grammers it is obvious that things listed after each other
are joined with an implicit OR operator:

addr1 OR addr2

And thus,

!addr1 OR !addr2

How could it mean anything else?  The language does not read minds.

And of course we don't commute it in an english sense.  Not in a spanish
sense either.  This is a programming langauge, not some wishy washy thing.

Re: Processeur Atom ?

[FRLinux]

On Thu, Jun 10, 2010 at 7:32 PM, Joachim Schipper
 wrote:
>> I would like to make a firewall / router running OpenBSD.
> Okay, but what is your question?


I guess he is asking if all Atom processors are compatible with
OpenBSD, which i guess is pretty much a given :)

My question (sorry for hijacking this thread) is : is there any people
on this list who switched from soekris (geode) to atom, and are they
happy with speed and everything? Reason I mention that is i'd love to
move my setup to atom/ssd eventually but haven't seen much on the list
about it.

Cheers,
Steph

Re: pf and "!"

[Joachim Schipper]

On Thu, Jun 10, 2010 at 02:08:04PM -0400, Peter Fraser wrote:
> I (and I realize I was wrong ) always considered that
> 
> pass quick  from { addr 1, addr2 }
> 
> Could be written as
> 
> pass quick from addr1
> pass quick from addr2
> 
> put if "!" are used this obvious should not be true
> 
> pass quick from { !addr1,  !addr2 }
> 
> cannot be the same as ( at least I hope since I haven't built the system to
> test it)
> 
> pass quick from !addr1
> pass quick from !addr2

Yes, it means exactly that.

This is not what you'd naively expect, but completely obvious once you
understand that {} just macro-expands ("copy-and-pastes"). You can use a
table to do what you expect to work.

Joachim

Re: pf and "!"

[Stephane Sezer]

On Thu, 10 Jun 2010 14:08:04 -0400
Peter Fraser  wrote:

Hi,

> I (and I realize I was wrong ) always considered that
> 
> pass quick  from { addr 1, addr2 }
> 
> Could be written as
> 
> pass quick from addr1
> pass quick from addr2

This is true.

> put if "!" are used this obvious should not be true
> 
> pass quick from { !addr1,  !addr2 }
> 
> cannot be the same as ( at least I hope since I haven't built the
> system to test it)
> 
> pass quick from !addr1
> pass quick from !addr2

pass quick from { !addr1, !addr2 }

is the same as

pass quick from !addr1
pass quick from !addr2

but it is probably not what you are looking for.

When a packet comes from addr1, the first rule will not match and the
second rule will let the packet pass.
And when a packet comes from addr2, the first rule will match and let
also the packet go in without looking for the second rule.
So any packet, either coming from addr1, addr2, or anything else will
pass.

So,
pass quick from { !addr1, !addr2 }
is more or less equivalent to
pass quick

This behavior is not true when using tables, because braces are
expanded when the ruleset is parsed and tables are checked during
execution (I don't know if I'm clear here :D).

-- 
Stephane Sezer

Re: Processeur Atom ?

[DonTek]

You can use an Atom, I'm using a 1.6GHz dual-core version on my home  
firewall.  It is more than sufficient for small-medium traffic.


On Jun 10, 2010, at 1:18 PM, "E.T"  wrote:


Hi all

I would like to make a firewall / router running OpenBSD. I
watch the ARM processors / Geode but they are less powerful and  
expensive

for a complete solution. I also looked at the solution Soekris but is
expensive compared to D510mo from Intel.

In the doc OpenBSD i386:
http://openbsd.org/fr/i386.html

" PROCESSEURS

Tous les processeurs
compatibles avec l'architecture Intel 80386 (i386), C  l'exception  
du 80386

lui-mC*me, sont supportC)s :

   * 80486 (DX/DX2/DX4)
   * Intel
Pentium/Pentium-MMX
   * Intel Pentium Pro/II/III/Celeron/Xeon
   * Intel
Pentium 4/D
   * Intel Pentium M
   * Intel Core
   * Intel Core 2
   *
Intel Atom "

Re: Processeur Atom ?

[Joachim Schipper]

On Thu, Jun 10, 2010 at 08:18:44PM +0200, E.T wrote:
> Hi all 
> 
> I would like to make a firewall / router running OpenBSD.

Okay, but what is your question?

Joachim

Re: Hosting at Strato.de: anybody using PowerServer L with Opteron 1212 HE?

[Markus Hennecke]

Am 10.06.2010 14:08, schrieb Joerg Zinke:

Hi,

On Wed, 09 Jun 2010 22:07:08 +0200
Markus Hennecke  wrote:


Am 09.06.2010 20:35, schrieb umaxx:


I have a "PowerServer M" with Opteron 1210 which runs fine with
4.7-stable and native(!) IPv6.


Does the "PowerServer M" still got the serial console option?


Yes, I used serial console for installation and it is still listed in
feature list of the server offer too.


A guy
working at Strato told me that it was left out for marketing reasons
to make the virtual servers look better.


He seems to be wrong.


I think I did not formulate the sentence right, he said that they left 
it out of the description because of marketing reasons. His server got a 
serial console too, but it is not on the page with the server features 
from where you can order a server.





Ok, marketing and reason in
one sentence does not make any sense. I still got the old "M" server
with the athlon and I have to disable ACPI to make it run correctly.


I did not need to disable ACPI.


Which mainboard and CPU does your server got? Mine is still an Athlon 
3200+ with a mainboard that uses nvidia crap. Yes, I have been using 
this server a for some releases of OpenBSD :)


So I guess you got a newer model.

Kind regards,
  Markus

Re: Hosting at Strato.de: anybody using PowerServer L with Opteron 1212 HE?

[Markus Hennecke]

Am 10.06.2010 14:10, schrieb Alexander Farber:

On Wed, Jun 9, 2010 at 10:07 PM, Markus Hennecke
  wrote:

  I still got the old "M" server with the athlon and I
have to disable ACPI to make it run correctly.



Markus, how do you disable ACPI, with some Linux command?


I am running OpenBSD on that machine. It becomes very slow and spends 
most of its time in interrupts, unless ACPI is disabled in the kernel.


Kind regards,
  Markus

Processeur Atom ?

[E.T]

Hi all 

I would like to make a firewall / router running OpenBSD. I
watch the ARM processors / Geode but they are less powerful and expensive
for a complete solution. I also looked at the solution Soekris but is
expensive compared to D510mo from Intel. 

In the doc OpenBSD i386:
http://openbsd.org/fr/i386.html 

 " PROCESSEURS

Tous les processeurs
compatibles avec l'architecture Intel 80386 (i386), C  l'exception du 80386
lui-mC*me, sont supportC)s : 

* 80486 (DX/DX2/DX4) 
* Intel
Pentium/Pentium-MMX 
* Intel Pentium Pro/II/III/Celeron/Xeon 
* Intel
Pentium 4/D 
* Intel Pentium M 
* Intel Core 
* Intel Core 2 
*
Intel Atom " 

Re: pf and "!"

[Brad Tilley]

Peter Fraser wrote:
> man pf.conf never describes what "!"  does.  The "!" is used in some examples
> and
> a lot of the time is obvious what will happens.  The pf faq has  somewhat more
> of
> an explanation of "!" with multiple address,  but its explanation only refers
> to the
> use of "!" in tables. There is never any statement of what  !addr.


I've always thought it was the logical not.


> I expect that description given in the pf faq covers the behavior of "!" in
> any
> places that ip addresses are given.
> 
> I tripped over this when I want to block 2 ip address from accessing a
> service
> 
> I (and I realize I was wrong ) always considered that
> 
> pass quick  from { addr 1, addr2 }
> 
> Could be written as
> 
> pass quick from addr1
> pass quick from addr2
> 
> put if "!" are used this obvious should not be true
> 
> pass quick from { !addr1,  !addr2 }
> 
> cannot be the same as ( at least I hope since I haven't built the system to
> test it)
> 
> pass quick from !addr1
> pass quick from !addr2
> 
> furthermore the descriptions that do exist do not cover the boundary cases
> 
> such as 192.168.0.1-192.168.0.30 !192.168.0.20-192.168.0.40

pf and "!"

[Peter Fraser]

man pf.conf never describes what "!"  does.  The "!" is used in some examples
and
a lot of the time is obvious what will happens.  The pf faq has  somewhat more
of
an explanation of "!" with multiple address,  but its explanation only refers
to the
use of "!" in tables. There is never any statement of what  !addr.

I expect that description given in the pf faq covers the behavior of "!" in
any
places that ip addresses are given.

I tripped over this when I want to block 2 ip address from accessing a
service

I (and I realize I was wrong ) always considered that

pass quick  from { addr 1, addr2 }

Could be written as

pass quick from addr1
pass quick from addr2

put if "!" are used this obvious should not be true

pass quick from { !addr1,  !addr2 }

cannot be the same as ( at least I hope since I haven't built the system to
test it)

pass quick from !addr1
pass quick from !addr2

furthermore the descriptions that do exist do not cover the boundary cases

such as 192.168.0.1-192.168.0.30 !192.168.0.20-192.168.0.40

Re: pf anchors

[Henning Brauer]

* Kevin Chadwick  [2010-06-10 18:08]:
> > no. it is imposing limits that should not be there and that the new pf
> > core does not require any more.
> Is it not even slightly required or would a warning message be
> appropriate.

warnings are useless

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: pf anchors

[Kevin Chadwick]

> no. it is imposing limits that should not be there and that the new pf
> core does not require any more.
> 

Is it not even slightly required or would a warning message be
appropriate.

Re: prefix of removed interface stays in ospf fib

[Claudio Jeker]

On Thu, Jun 10, 2010 at 05:43:58PM +0300, Gregory Edigarov wrote:
> On Thu, 10 Jun 2010 16:11:48 +0200
> Claudio Jeker  wrote:
> 
> > On Thu, Jun 10, 2010 at 03:39:24PM +0200, Peter Spekreijse wrote:
> > > Hi!
> > > >> On a OpenBSD 4.6 router we have moved an IP from one VLAN to
> > > >> another. First we moved the IP to the other interface and after
> > > >> that we removed the old VLAN interface. Now we notice that the
> > > >> old link stays in the OSFP fib.
> > > >>
> > > >> ospfctl sh fib
> > > >>
> > > >> 
> > > >>
> > > >> *C0 xx.yy.233.160/28   link#62
> > > >>  C4 xx.yy.233.160/28   link#27
> > > >>
> > > >> 
> > > >>
> > > >> link #62 is the new VLAN interface, link #27 is the old VLAN
> > > >> inteface. What's happening here? How can this be resolved?
> > > >>
> > > >> 
> > > > Sorry you need to upgrade to 4.7 or restart ospfd. Versions
> > > > before 4.7 were easily confused by interface changed. In 4.7 it
> > > > may be necessary to reload the config after certain changes to
> > > > sync the config with the network setup.
> > > >   
> > > 
> > > Oops, do i loose the OSPF learned routes in the routing table if I
> > > restart ospfd?
> > > 
> > 
> > Yes.
> > 
> Though I think interfaces should be rescanned every time ospfd send a
> message isn't it? 
> 

No, that would require way to much resources. ospfd is keeping track of
interfaces but in the 4.6 version there was a bug in the tracking code
which is causing these issues. Not to many people seem to change
interfaces to often so that problem remained undetected for a rather long
time.

-- 
:wq Claudio

Re: Why I left OpenBSD

[Kevin Chadwick]

> Man, it's not me. Just wanted to share that with you all.

Like a dick in a pudding.

You may want to share it with us all but no-one else wants you to.

Meaning of words is what's important and from what I've seen, theo meant
very little which you have taken to heart. From the few examples I've
seen, I see YOU Dexter as the abuser whether being polite or not.

I was going to comment about some of your comments on driver robustness
but I fear that will waste everyones time by feeding the trolls too
much.

Re: Why I left OpenBSD

[STeve Andre']

On Thursday 10 June 2010 06:04:21 Alexander Farber wrote:
> I was hoping for some interesting arguments
>
> But there was just whining about Theo's personality
> (with which I don't agree) and lack of some drivers
> (blobs - no thank you)

Why?

What can possibly be said that will change anything?  The poster is
free to use what he wishes.  His rant doesn't do anything useful, quite
aside from the fact that statements in it aren't really true, and
contains at least one legally actionable statement.

--STeve Andre'

Re: prefix of removed interface stays in ospf fib

[Gregory Edigarov]

On Thu, 10 Jun 2010 16:11:48 +0200
Claudio Jeker  wrote:

> On Thu, Jun 10, 2010 at 03:39:24PM +0200, Peter Spekreijse wrote:
> > Hi!
> > >> On a OpenBSD 4.6 router we have moved an IP from one VLAN to
> > >> another. First we moved the IP to the other interface and after
> > >> that we removed the old VLAN interface. Now we notice that the
> > >> old link stays in the OSFP fib.
> > >>
> > >> ospfctl sh fib
> > >>
> > >> 
> > >>
> > >> *C0 xx.yy.233.160/28   link#62
> > >>  C4 xx.yy.233.160/28   link#27
> > >>
> > >> 
> > >>
> > >> link #62 is the new VLAN interface, link #27 is the old VLAN
> > >> inteface. What's happening here? How can this be resolved?
> > >>
> > >> 
> > > Sorry you need to upgrade to 4.7 or restart ospfd. Versions
> > > before 4.7 were easily confused by interface changed. In 4.7 it
> > > may be necessary to reload the config after certain changes to
> > > sync the config with the network setup.
> > >   
> > 
> > Oops, do i loose the OSPF learned routes in the routing table if I
> > restart ospfd?
> > 
> 
> Yes.
> 
Though I think interfaces should be rescanned every time ospfd send a
message isn't it? 

-- 
With best regards,
Gregory Edigarov

Re: iked(8) and ikectl(8)

[Massimo Lusetti]

On Fri, 4 Jun 2010 12:35:36 +0200
Reyk Floeter  wrote:

> but please a little bit before using it in production networks,
> iked(8) is not fully ready yet ;-).

I'm following your commit flow about it and is exiting, this is why I'm
still with OpenBSD ;)

-- 
Massimo

Re: prefix of removed interface stays in ospf fib

[Claudio Jeker]

On Thu, Jun 10, 2010 at 03:39:24PM +0200, Peter Spekreijse wrote:
> Hi!
> >> On a OpenBSD 4.6 router we have moved an IP from one VLAN to another.
> >> First we moved the IP to the other interface and after that we removed
> >> the old VLAN interface. Now we notice that the old link stays in the
> >> OSFP fib.
> >>
> >> ospfctl sh fib
> >>
> >> 
> >>
> >> *C0 xx.yy.233.160/28   link#62
> >>  C4 xx.yy.233.160/28   link#27
> >>
> >> 
> >>
> >> link #62 is the new VLAN interface, link #27 is the old VLAN inteface.
> >> What's happening here? How can this be resolved?
> >>
> >> 
> > Sorry you need to upgrade to 4.7 or restart ospfd. Versions before 4.7
> > were easily confused by interface changed. In 4.7 it may be necessary to
> > reload the config after certain changes to sync the config with the
> > network setup.
> >   
> 
> Oops, do i loose the OSPF learned routes in the routing table if I
> restart ospfd?
> 

Yes.

-- 
:wq Claudio

Re: Why I left OpenBSD

[Christiano F. Haesbaert]

I AM truly amazed, "people can't read" is indeed a fact.

Re: prefix of removed interface stays in ospf fib

[Peter Spekreijse]

Hi!
>> On a OpenBSD 4.6 router we have moved an IP from one VLAN to another.
>> First we moved the IP to the other interface and after that we removed
>> the old VLAN interface. Now we notice that the old link stays in the
>> OSFP fib.
>>
>> ospfctl sh fib
>>
>> 
>>
>> *C0 xx.yy.233.160/28   link#62
>>  C4 xx.yy.233.160/28   link#27
>>
>> 
>>
>> link #62 is the new VLAN interface, link #27 is the old VLAN inteface.
>> What's happening here? How can this be resolved?
>>
>> 
> Sorry you need to upgrade to 4.7 or restart ospfd. Versions before 4.7
> were easily confused by interface changed. In 4.7 it may be necessary to
> reload the config after certain changes to sync the config with the
> network setup.
>   

Oops, do i loose the OSPF learned routes in the routing table if I
restart ospfd?

Regards,

-- 
Peter Spekreijse

E: pe...@spekreijse.net
T: +31-742672764
M: +31-641922460

Re: Hosting at Strato.de: anybody using PowerServer L with Opteron 1212 HE?

[Robert]

On Thu, 10 Jun 2010 14:04:14 +0200
Alexander Farber  wrote:

> I was wondering that as well, since Strato doesn't mention
> "Remote Console" in the description of its "PowerServer L" and "M".
> And without that you probably can't install OpenBSD there?
> (I've seen a web page though, which somehow used VMWare for that...)

yaifo.


> I'm just a bit worried about their
> "RAID-1" HDDs, whatever it means ("soft" or "hard"?)

That's just a software-raid1 preconfigured in their default install,
this basically just means "two harddrives".
For servers that use hardware raid controllers, those companies
advertise it in bold.

Re: Hosting at Strato.de: anybody using PowerServer L with Opteron 1212 HE?

[David Coppa]

On Thu, Jun 10, 2010 at 2:04 PM, Alexander Farber
 wrote:
> I was wondering that as well, since Strato doesn't mention
> "Remote Console" in the description of its "PowerServer L" and "M".
> And without that you probably can't install OpenBSD there?
> (I've seen a web page though, which somehow used VMWare for that...)

You can try using yaifo:

http://erdelynet.com/?s=yaifo

cheers,
david

Re: Hosting at Strato.de: anybody using PowerServer L with Opteron 1212 HE?

[Alexander Farber]

On Wed, Jun 9, 2010 at 10:07 PM, Markus Hennecke
 wrote:
>  I still got the old "M" server with the athlon and I
> have to disable ACPI to make it run correctly.
>

Markus, how do you disable ACPI, with some Linux command?

Thanks
Alex

Re: Hosting at Strato.de: anybody using PowerServer L with Opteron 1212 HE?

[Joerg Zinke]

Hi,

On Wed, 09 Jun 2010 22:07:08 +0200
Markus Hennecke  wrote:

> Am 09.06.2010 20:35, schrieb umaxx:
> >
> > I have a "PowerServer M" with Opteron 1210 which runs fine with
> > 4.7-stable and native(!) IPv6.
> >
> Does the "PowerServer M" still got the serial console option?

Yes, I used serial console for installation and it is still listed in
feature list of the server offer too.

> A guy
> working at Strato told me that it was left out for marketing reasons
> to make the virtual servers look better.

He seems to be wrong.

> Ok, marketing and reason in
> one sentence does not make any sense. I still got the old "M" server
> with the athlon and I have to disable ACPI to make it run correctly.

I did not need to disable ACPI.

Regards,

JC6rg

Re: Hosting at Strato.de: anybody using PowerServer L with Opteron 1212 HE?

[Alexander Farber]

I was wondering that as well, since Strato doesn't mention
"Remote Console" in the description of its "PowerServer L" and "M".
And without that you probably can't install OpenBSD there?
(I've seen a web page though, which somehow used VMWare for that...)

After some consideration, I've decided to book their
"HighQ-Server SR-7" offer with Opteron Quad 1381 -
it costs only EUR 100 more per 12 months and has the
"Remote Console". I'm just a bit worried about their
"RAID-1" HDDs, whatever it means ("soft" or "hard"?)

Regards
Alex

On Wed, Jun 9, 2010 at 10:07 PM, Markus Hennecke
 wrote:
> Am 09.06.2010 20:35, schrieb umaxx:
>>
>> I have a "PowerServer M" with Opteron 1210 which runs fine with
>> 4.7-stable and native(!) IPv6.
>>
>
> Does the "PowerServer M" still got the serial console option? A guy working
> at Strato told me that it was left out for marketing reasons to make the
> virtual servers look better. Ok, marketing and reason in one sentence does
> not make any sense. I still got the old "M" server with the athlon and I
> have to disable ACPI to make it run correctly.

Re: Why I left OpenBSD

[Leonardo Carneiro - Veltrac]

LeviaComm Networks NOC wrote:

... hell the word troll is in the URL.


LOL!

and in the last day, god said: "DON'T FEED THE TROLLS!"

kobi projeleri hibe destekleri hakkında

[İstanbul Proje Destek Merkezi]

KOB] ARGE BA^LANGIG PROGRAMI

T\B]TAK  , KOB] lerin  mevcut |r|nlerini geli~tirebilmeleri  , firma igi yeni
|r|n |retilmesi  ,katma deper yaratan (fiyat , kalite, mukavemet,kullan}m
kolayl}p} vs..) gal}~malar}n gergekle~tirilmesi igin 400.000 YTL ye kadar
geri vdemesiz 'hibe' destepi  saplamaktad}r.

S]Z]N PROJEN]Z DE DESTEKLENEB]L]R M]?

Bilgi almak igin;
http://www.istanbulproje.net/HibeDetay.aspx?HibeID=1&Baslik=Kobi  ARGE
Ba~lang}g Program}  linkinde ki ARGE deperlendirme formunu  indirip ,
doldurarak i...@istanbulproje.net  adresine gvnderebilir bu sayede projenizin
uygunlupu konusunda |cretsiz vn deperlendirme yapt}rabilirsiniz.



Sayg}lar}m}zla,

]stanbul Proje Destek Merkezi

Tel:   +90 216 356 26 66
Fax:  +90 216 356 26 65
www.istanbulproje.net
i...@istanbulproje.net







''mail adresinden g}kmak igin l|tfen i...@istanbulproje.net'' adresine bo~ bir
mail at}n}z.''

Re: Why I left OpenBSD

[Dexter Tomisson]

What a waste of bytes..

Which planet did you come from?

Well, at least, are you able to read?


On 10 June 2010 12:10, S H  wrote:

> Dexter,
>
> I'm still relatively new to OpenBSD and the community, however a few
> days ago you had asked about why large memory support still wasn't
> enabled by default.  Asking if the developers needed hardware, funding
> or what  not to get it working properly.
>
> If you were in fact a developer as your latest rant states and large
> memory was such a concern for you, it would stand to reason that you
> would be well aware of why it hasn't made it into the default install.
>  Also, a developer likely wouldn't piss and moan about it on the
> mailing lists, rather they would just start working to rectify the
> situation.
>
> Your obviously full of shit IMO, FreeBSD 7.2 came out quite some time
> ago.  If you havent been using OpenBSD since your change than why did
> you inquire about large memory support three days ago?
>
> On Thu, Jun 10, 2010 at 4:45 AM, Dexter Tomisson 
> wrote:
> > Man, it's not me. Just wanted to share that with you all.
> >
> > On 10 June 2010 11:40, Dunceor  wrote:
> >
> >> On Thu, Jun 10, 2010 at 10:28 AM, Dexter Tomisson <
> dexterto...@gmail.com>
> >> wrote:
> >> > http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
> >> >
> >> >
> >>
> >> Ok why write a long text and the only reason you have is that you are
> >> unhappy with driver support and with Theo? I was looking for some more
> >> indepth discussion on why you choose not to use OpenBSD anymore but it
> >> was just another worthless post.
> >>
> >> This feels more like the usual troll post of people that got hurt
> >> while dealing with Theo. Like somebody said, is this the year of
> >> trolls?

Re: Why I left OpenBSD

[Alexander Farber]

I was hoping for some interesting arguments

But there was just whining about Theo's personality
(with which I don't agree) and lack of some drivers
(blobs - no thank you)

Re: Why I left OpenBSD

[Eric Furman]

Yes, Theo is an asshole.
Let me cut my own throat to prove I'm a good guy!.
Yea!!
BTW, Theo *IS* an asshole.
Most geniuses are ... 

On Thu, 10 Jun 2010 11:28 +0300, "Dexter Tomisson"
 wrote:
> http://www.trollaxor.com/2010/06/why-i-left-openbsd.html

Re: prefix of removed interface stays in ospf fib

[Claudio Jeker]

On Thu, Jun 10, 2010 at 09:59:53AM +0200, Peter Spekreijse wrote:
> Hi!
> 
> On a OpenBSD 4.6 router we have moved an IP from one VLAN to another.
> First we moved the IP to the other interface and after that we removed
> the old VLAN interface. Now we notice that the old link stays in the
> OSFP fib.
> 
> ospfctl sh fib
> 
> 
> 
> *C0 xx.yy.233.160/28   link#62
>  C4 xx.yy.233.160/28   link#27
> 
> 
> 
> link #62 is the new VLAN interface, link #27 is the old VLAN inteface.
> What's happening here? How can this be resolved?
> 

Sorry you need to upgrade to 4.7 or restart ospfd. Versions before 4.7
were easily confused by interface changed. In 4.7 it may be necessary to
reload the config after certain changes to sync the config with the
network setup.

-- 
:wq Claudio

Re: how to type non latin in xterm?; video stream to watch FIFA World Cup?

[Paolo Aglialoro]

Hello,

I was myself trying to figure out how to use both unicode and cyrillic in
openbsd but, surfing the net, I haven't yet found a working howto on the
matter. Trying to alter LANG or LC_ALL has just sorted out complains from
the os during login, but no effect (actual locale is still "C").

Basically I do not need anything particular like emacs (I'm using openbsd on
i386), just need to see filenames with the correct characters and, if
needed, to type them with a key combination that changes keyboard layout
when using CLI.

Things, at the moment, just work under X, where (WM: xfce, for browsing:
opera) I can switch layouts (even if fots for cyrillic are not the best I've
ever seen so I'd also like to add better ones), so the problem is mostly
about CLI when no X is running.

I have found on the internet these two links on the topic:

http://www.in-ulm.de/~mascheck/locale/
http://www.pubbs.net/openbsd/200910/3886/

But they didn't help me a lot.
Any clues?

Thanks a lot
Paolo




On Wed, Jun 9, 2010 at 10:14 PM, Kenneth Gober  wrote:

> On Wed, Jun 9, 2010 at 12:40 AM, Vadim Zhukov  wrote:
>
> > 2010/6/9 Vadim Zhukov :
> > > Basically, you need:
> > > 1. echo "set +o emacs-usemeta" >>~/.profile
> > > 2. echo "XTerm*allowC1Printable: true" >>~/.Xdefaults
> >
> > I forgot that xterm doesn't start login shell by default, so
> > ~/.profile will not be called. The easiest way to fix this will be:
> >
> > echo "XTerm*loginShell: true" >>~/.Xdefaults
> >
> > The only bad side effect is wtmp spam as xterm will log every time it
> > starts.
> >
>
> you can avoid the wtmp spam by doing this instead:
> 1. echo "export ENV=~/.kshrc" >>~/.profile
> 2. echo "set +o emacs-usemeta" >>~/.kshrc
> 3. echo "XTerm*allowC1Printable: true" >>~/.Xdefaults
>
> doing this, xterm won't invoke ~/.profile, but it *will* invoke ~/.kshrc
>
> -ken

ospfd double prefix

[Peter Spekreijse test]

Hi!

On a OpenBSD 4.6 router we have moved an IP from one VLAN to another.
First we moved the IP to the other interface and after that we removed
the old VLAN interface. Now we notice that the old link stays in the
OSFP fib.

ospfctl sh fib



*C0 xx.yy.233.160/28   link#62
 C4 xx.yy.233.160/28   link#27



link #62 is the new VLAN interface, link #27 is the old VLAN inteface.
What's happening here?

Regards,

Peter

-- 
Peter Spekreijse

E: pe...@spekreijse.net
T: +31-742672764
M: +31-641922460

Re: Why I left OpenBSD

[S H]

Dexter,

I'm still relatively new to OpenBSD and the community, however a few
days ago you had asked about why large memory support still wasn't
enabled by default.  Asking if the developers needed hardware, funding
or what  not to get it working properly.

If you were in fact a developer as your latest rant states and large
memory was such a concern for you, it would stand to reason that you
would be well aware of why it hasn't made it into the default install.
 Also, a developer likely wouldn't piss and moan about it on the
mailing lists, rather they would just start working to rectify the
situation.

Your obviously full of shit IMO, FreeBSD 7.2 came out quite some time
ago.  If you havent been using OpenBSD since your change than why did
you inquire about large memory support three days ago?

On Thu, Jun 10, 2010 at 4:45 AM, Dexter Tomisson  wrote:
> Man, it's not me. Just wanted to share that with you all.
>
> On 10 June 2010 11:40, Dunceor  wrote:
>
>> On Thu, Jun 10, 2010 at 10:28 AM, Dexter Tomisson 
>> wrote:
>> > http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
>> >
>> >
>>
>> Ok why write a long text and the only reason you have is that you are
>> unhappy with driver support and with Theo? I was looking for some more
>> indepth discussion on why you choose not to use OpenBSD anymore but it
>> was just another worthless post.
>>
>> This feels more like the usual troll post of people that got hurt
>> while dealing with Theo. Like somebody said, is this the year of
>> trolls?

Re: Why I left OpenBSD

[Dunceor]

On Thu, Jun 10, 2010 at 10:45 AM, Dexter Tomisson  wrote:
> Man, it's not me. Just wanted to share that with you all.
>
> On 10 June 2010 11:40, Dunceor  wrote:
>
>> On Thu, Jun 10, 2010 at 10:28 AM, Dexter Tomisson 
>> wrote:
>> > http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
>> >
>> >
>>
>> Ok why write a long text and the only reason you have is that you are
>> unhappy with driver support and with Theo? I was looking for some more
>> indepth discussion on why you choose not to use OpenBSD anymore but it
>> was just another worthless post.
>>
>> This feels more like the usual troll post of people that got hurt
>> while dealing with Theo. Like somebody said, is this the year of
>> trolls?
>
>

And you felt it was something unique and new about this information so
you had to write a blog post about it? Theo has been critized about
this for years and I think he has heard that before.
So my question remains, what was the purpose of writing it?

Re: Why I left OpenBSD

[LeviaComm Networks NOC]

On 6/10/2010 1:44 AM, Casey Allen Shobe wrote:

On Thu, Jun 10, 2010 at 8:28 AM, Dexter Tomissonwrote:


http://www.trollaxor.com/2010/06/why-i-left-openbsd.html



It's always funny when somebody ends up "leaving for their own good", that
they need to write a lot about it and try to convince many others to agree
with their notions.

Develop/use whatever you want - there are pros and cons to every open source
project out there.  You can fault find with Theo, or Stallman, or anyone
else.  But these individuals don't matter so much as overall project
usefulness, licensing/openness, etc.  What matters is simply that you find
something you feel rewarding to work on.  There is absolutely no reason to
try to drag others along with you.  For someone critical of Theo running
other developers off, you sure seem to be trying to do the same thing with
your post and by sharing it here.

Think before you rant,


IGNORE THIS, otherwise you are feeding the Trolls, hell the word troll 
is in the URL.

Re: Why I left OpenBSD

[Dexter Tomisson]

Man, it's not me. Just wanted to share that with you all.

On 10 June 2010 11:40, Dunceor  wrote:

> On Thu, Jun 10, 2010 at 10:28 AM, Dexter Tomisson 
> wrote:
> > http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
> >
> >
>
> Ok why write a long text and the only reason you have is that you are
> unhappy with driver support and with Theo? I was looking for some more
> indepth discussion on why you choose not to use OpenBSD anymore but it
> was just another worthless post.
>
> This feels more like the usual troll post of people that got hurt
> while dealing with Theo. Like somebody said, is this the year of
> trolls?

Re: Why I left OpenBSD

[Casey Allen Shobe]

On Thu, Jun 10, 2010 at 8:28 AM, Dexter Tomisson wrote:

> http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
>
>
It's always funny when somebody ends up "leaving for their own good", that
they need to write a lot about it and try to convince many others to agree
with their notions.

Develop/use whatever you want - there are pros and cons to every open source
project out there.  You can fault find with Theo, or Stallman, or anyone
else.  But these individuals don't matter so much as overall project
usefulness, licensing/openness, etc.  What matters is simply that you find
something you feel rewarding to work on.  There is absolutely no reason to
try to drag others along with you.  For someone critical of Theo running
other developers off, you sure seem to be trying to do the same thing with
your post and by sharing it here.

Think before you rant,
-- 
Casey Allen Shobe
ca...@shobe.info

Re: Why I left OpenBSD

[Dunceor]

On Thu, Jun 10, 2010 at 10:28 AM, Dexter Tomisson  wrote:
> http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
>
>

Ok why write a long text and the only reason you have is that you are
unhappy with driver support and with Theo? I was looking for some more
indepth discussion on why you choose not to use OpenBSD anymore but it
was just another worthless post.

This feels more like the usual troll post of people that got hurt
while dealing with Theo. Like somebody said, is this the year of
trolls?

Why I left OpenBSD

[Dexter Tomisson]

http://www.trollaxor.com/2010/06/why-i-left-openbsd.html

Re: Page fault trap on IBM x336

[Patrick Coleman]

On Wed, Jun 9, 2010 at 10:47 AM, patrick keshishian  wrote:
>
> you realize obsd4.5 isn't supported any longer since 4.7 was released.

Fair enough. I've managed to get 4.7 working by reverting
/sys/dev/pci/pci.c to 1.72, as suggested in that thread, so I guess
I'll try that.

Cheers,

Patrick

-- 
http://www.labyrinthdata.net.au - WA Backup, Web and VPS Hosting

prefix of removed interface stays in ospf fib

[Peter Spekreijse]

Hi!

On a OpenBSD 4.6 router we have moved an IP from one VLAN to another.
First we moved the IP to the other interface and after that we removed
the old VLAN interface. Now we notice that the old link stays in the
OSFP fib.

ospfctl sh fib



*C0 xx.yy.233.160/28   link#62
 C4 xx.yy.233.160/28   link#27



link #62 is the new VLAN interface, link #27 is the old VLAN inteface.
What's happening here? How can this be resolved?

Regards,

Peter

-- 
Peter Spekreijse

E: pe...@spekreijse.net
T: +31-742672764
M: +31-641922460