Re: Apple Wireless Keyboard Re: bluetooth keyboard on -current
> On Fri, Feb 18, 2011 at 9:46 AM, Stanley Lieber > wrote: > > Replying to a very old message. Has anyone else tried the Apple > > Wireless Keyboard? When I attempted to reproduce the steps below > > my system froze on the first btconfig. > > bt is badly broken and stays that way until someone cares enough to > fix it. exactly.
Re: Problems with USB on 4.9
Jacob Meuser wrote: > there's no usbdevs data for Kyocera product 0x0015. so not getting > a product name isn't terribly surprising. the device could provide > this but it isn't required. however, if the product name does get > printed for a while then the name is no longer printed ... there's > a problem somewhere. Yes, that's what happens. > as far as usb devices stopping to work, when this happens, could you > please send me the output of 'top -S -n 200 | grep usb'? and could > you provide examples of what 'USB devices seemingly randomly stop > working' means too? thanks. Devices stop working an obvious cause: the USB printer, for instance, has been on for approximately 24 hours before it stopped working. Sometimes I start the computer, leave it for half an hour, and when I return, the USB keyboard does not work anymore (and again, only the device ID is printed by usbdevs, not the device's name). The output of "top -S -n 200 | grep usb" is: 8 root 1000K 46M idle usbtsk0:00 0.00% usbtask 7 root 1000K 46M idle usbatsk 0:00 0.00% usbatsk Thanks, Dennis den Brok
Re: Problems with USB on 4.9
Dennis den Brok wrote: > Devices stop working an obvious cause: the USB printer, for instance, "without an obvious cause", that ought to read... Sorry. -- Dennis den Brok
Muebles y Equipamiento en acero inoxidable. publicidad le lin
[demime 1.01d removed an attachment of type image/jpeg which had a name of penetrativo.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of dsequeral.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of nbarquillo.jpg]
relayd: possible to redirect IPv4 requests to IPv6 pool?
Dear list, it's just an idea but in times like these where IPv4 adresses are a scarce resource, i think about the following purpose: Can it be possible to use the relayd to redirect IPv4 Requests to a IPv6 pool of Servers? Regards, Jvrg [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
ifconfig carp alias
Hello, i have 2 openbsd configured as follow -- | || | | FW1 |<-- pfsync --> | FW2 | | || | -- | | || | | | | || | | | | || | | em0 em1 em2 em0em1 em2 | | || | | | | || | | | switch | em0, em1, em2 on FW1 and FW2 are in LACP Trunk mode FW1 and FW2 --- hostname.em(0-2) up hostname.trunk0 up trunkproto lacp trunkport em0 trunkport em1 trunkport em2 == Vlan == vlan1 as "public" link vlan2 as DMZ vlan3 as private NAT between vlan1 and vlan2 and between vlan1 and vlan3 FW1 -- hostname.vlan1 inet 192.168.0.21 255.255.255.0 192.168.0.255 vlan 1 vlandev trunk0 hostname.vlan2 inet 172.16.0.21 255.255.255.0 172.16.0.255 vlan 2 vlandev trunk0 hostname.vlan3 inet 10.0.0.21 255.255.255.0 10.0.0.255 vlan 3 vlandev trunk0 FW2 -- hostname.vlan1 inet 192.168.0.22 255.255.255.0 192.168.0.255 vlan 1 vlandev trunk0 hostname.vlan2 inet 172.16.0.22 255.255.255.0 172.16.0.255 vlan 2 vlandev trunk0 hostname.vlan3 inet 10.0.0.22 255.255.255.0 10.0.0.255 vlan 3 vlandev trunk0 = CARP = FW1 -- hostname.carp1 inet 192.168.0.254 255.255.255.0 192.168.0.255 vhid 1 carpdev vlan1 pass foobar advskew 10 hostname.carp2 inet 172.16.0.254 255.255.255.0 172.16.0.255 vhid 2 carpdev vlan2 pass foobar advskew 10 hostname.carp3 inet 10.0.0.254 255.255.255.0 10.0.0.255 vhid 3 carpdev vlan3 pass foobar advskew 10 FW2 -- hostname.carp1 inet 192.168.0.254 255.255.255.0 192.168.0.255 vhid 1 carpdev vlan1 pass foobar advskew 100 hostname.carp2 inet 172.16.0.254 255.255.255.0 172.16.0.255 vhid 2 carpdev vlan2 pass foobar advskew 100 hostname.carp3 inet 10.0.0.254 255.255.255.0 10.0.0.255 vhid 3 carpdev vlan3 pass foobar advskew 100 All works fine. Question : i need to add NAT 1:1 from vlan 1 to vlan 2 What is the best way to configure new carp addresses ? FW1 - 1) new /etc/hostname.carpXXX files hostname.carp11 inet 192.168.0.203 255.255.255.0 192.168.0.255 vhid 11 carpdev vlan1 pass foobar advskew 10 hostname.carp12 inet 192.168.0.204 255.255.255.0 192.168.0.255 vhid 12 carpdev vlan1 pass foobar advskew 10 or 2) alias in /etc/hostname.carp1 hostname.carp1 inet 192.168.0.254 255.255.255.0 192.168.0.255 vhid 1 carpdev vlan1 pass foobar advskew 10 inet alias 192.168.0.203 255.255.255.0 192.168.0.255 vhid 11 carpdev vlan1 pass foobar advskew 10 inet alias 192.168.0.204 255.255.255.0 192.168.0.255 vhid 12 carpdev vlan1 pass foobar advskew 10 Both works, but i don't know which is the best. Thanks.
Re: relayd: possible to redirect IPv4 requests to IPv6 pool?
On Tue, Feb 22, 2011 at 11:13 AM, Joerg Streckfuss wrote: > Dear list, > > it's just an idea but in times like these where IPv4 adresses are a scarce > resource, i think about the following purpose: > > Can it be possible to use the relayd to redirect IPv4 Requests to a IPv6 pool > of Servers? http://undeadly.org/cgi?action=article&sid=20080724184757 Ciao, David
Re: Problems with USB on 4.9
On Tue, Feb 22, 2011 at 08:05:57AM +, Dennis den Brok wrote: > Jacob Meuser wrote: > > there's no usbdevs data for Kyocera product 0x0015. so not getting > > a product name isn't terribly surprising. the device could provide > > this but it isn't required. however, if the product name does get > > printed for a while then the name is no longer printed ... there's > > a problem somewhere. > > Yes, that's what happens. > > > as far as usb devices stopping to work, when this happens, could you > > please send me the output of 'top -S -n 200 | grep usb'? and could > > you provide examples of what 'USB devices seemingly randomly stop > > working' means too? thanks. > > Devices stop working an obvious cause: the USB printer, for instance, > has been on for approximately 24 hours before it stopped working. > Sometimes I start the computer, leave it for half an hour, and when > I return, the USB keyboard does not work anymore (and again, only > the device ID is printed by usbdevs, not the device's name). > > The output of "top -S -n 200 | grep usb" is: > > 8 root 1000K 46M idle usbtsk0:00 0.00% usbtask > 7 root 1000K 46M idle usbatsk 0:00 0.00% usbatsk > > Thanks, > > Dennis den Brok interesting. do all devices stop working at the same time (I mean, if one stops working, do they all stop working)? does unplugging and replugging the devices (to a possibly different USB port) make them work again? -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Saw your ad on Google and had some questions?
How is your listbuilding going? How much does it cost? Do you use free methods or payed? Thanks, Bob
Re: Tracking What it's changing in current
On Mon, Feb 21, 2011 at 02:31:20PM -0500, Ted Unangst wrote: > On Mon, Feb 21, 2011 at 10:08 AM, Luis Useche wrote: > > I would love this feature in OpenBSD src list. Is it possible to use the > > activitymail script on the OpenBSD CVS repo? > > seems like a serious waste of bandwidth. If you care about seeing the > diffs often enough that checking things out in cvsweb is a hassle, > just start mirroring the cvs repo yourself. I think it would be useful, and I'd expect source-changes to have so few subscribers that the extra bandwidth use would be dwarfed by any of the usual misc@ nonsense threads. I'd be happy to be proven wrong, though, and you should, of course, feel free to ignore me. Joachim -- PotD: databases/ruby-kirbybase - small, plain-text, DBMS written in Ruby http://www.joachimschipper.nl/
I get a pflog.bad.*******。what is it?
My gateway is OB4.2+pf!#Recently it can't work well. It become off and on. I found a file pflog.bad.*** in /var/log.What is it??? The space of the /var partition is enough.
Fw: Relatorio orcamento.
[IMAGE] 1 anexos Relatorio-orcamento.pdf (142,1 kb) Segue em anexo o relatorio para orC'amento. tenha um bom dia. __
/etc/hosts comments update
Now that the IPv4 address space if fully allocated, perhaps it's time to update the comments in /etc/hosts ? Here is my attempt at a reasonably concise update: # Assignments from RFC5735 (supersedes RFC1918) # # Allocated for use as the Internet host loopback address: # 127.0.0.0/8 # # Allocated for communication between hosts on a single link. Hosts obtain # these addresses by auto-configuration (in the absence of DHCP): # 169.254.0.0/16 # # Addresses within these blocks do not legitimately appear on the public Internet # and can be used without any coordination with IANA or an Internet registry: # 10.0.0.0/8 private networks # 172.16.0.0/12 private networks # 192.168.0.0/16 private networks # 192.0.2.0/24documentation/examples # 198.51.100.0/24 documentation/examples # 203.0.113.0/24 documentation/examples # 198.18.0.0/15 benchmark interconnect testing # # Full assignments details are available here: # http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt # More contentiously, this is an IPv6 counterpart: # Allocated for use as the Internet host loopback address: # ::1/128 # # Allocated special purpose address blocks: # fe80::/10 Link local addresses (auto-configured) # fc00::/7 Unique local address (private networks) # 2001:db8::/32 documentation/examples # 2001:2::/48benchmark interconnect testing # # Full assignments details are available here: # http://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast -address-assignments.txt Note that I interpret the aim of these comments as an aide-memoire, rather than a tutorial on IP addressing schemes, so it's intentionally brief. /Pete
Re: /etc/hosts comments update
On Tue, Feb 22, 2011 at 03:04:25PM +0100, Pete Vickers wrote: > Now that the IPv4 address space if fully allocated, perhaps it's time to > update the comments in /etc/hosts ? Here is my attempt at a reasonably concise > update: > > # Assignments from RFC5735 (supersedes RFC1918) > # > # Allocated for use as the Internet host loopback address: > # 127.0.0.0/8 > # > # Allocated for communication between hosts on a single link. Hosts obtain > # these addresses by auto-configuration (in the absence of DHCP): > # 169.254.0.0/16 > # > # Addresses within these blocks do not legitimately appear on the public > Internet > # and can be used without any coordination with IANA or an Internet registry: > # 10.0.0.0/8 private networks > # 172.16.0.0/12 private networks > # 192.168.0.0/16 private networks > # 192.0.2.0/24documentation/examples > # 198.51.100.0/24 documentation/examples > # 203.0.113.0/24 documentation/examples > # 198.18.0.0/15 benchmark interconnect testing > # > # Full assignments details are available here: > # http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt > # > > > > More contentiously, this is an IPv6 counterpart: > Note that I interpret the aim of these comments as an aide-memoire, rather > than a tutorial on IP addressing schemes, so it's intentionally brief. I think your IPv4 text unwisely suggests that using e.g. 192.0.2.0/24 for your own stuff is okay. That's true only until you put a device with an appropriate list of "unroutable IPs" on your network, etc. Also, if you're going to be exhaustive, you missed at least multicast. Why do you feel this is useful? Joachim -- PotD: net/powerdns,-mysql - mysql database access module for powerdns http://www.joachimschipper.nl/
OpenBSD ipsec and nat
Hello there, I have the follow configuration IPSEC site-to-site but I have the follow problem aaa.bbb.ccc.dda-aaa.bbb.ccc.ddbbbb.ccc.ddd.eeaIPSECbbb.ccc.ddd.eeb-ccc.ddd.eee.ffa |gw aaa.bbb.ccc.ddc When network ccc.ddd.eee.ffa tranverse ipsec tunnel, I do a nat rule match out log on $int_if from ccc.ddd.eee.fff/24 to aaa.bbb.ccc.dda nat-to ($int_if:0) I see with tcpdump packets request and reply, but i have the follow message, host unrecheable if I add a route route add -net ccc.ddd.eee.fff/24 bbb.ccc.ddd.eea it works My doubt is the follow: IPSEC do the routes on encap its possible see with: netstat -rnf enca theoricaly the NAT would work without add a route Why need a route to work ? Have another form to do this ? Regards, Guilherme Hakme
network bandwith with em(4)
(4.8/amd64) Hello, I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a firewall (one fiber and one copper). The problem is that we don't get more than ~320 Mbits/s of bandwith beetween the internal networks and internet (gigabit). As far I can see, on load there is a number of "Ierr" on the interface connected to Internet (between 1% to 5%). Also the interrupt rate on this card is around ~7500 (using systat). In the em(4) driver, there is a limitation of the interrupt rate at 8000/s. if_em.h /* * MAX_INTS_PER_SEC (ITR - Interrupt Throttle Register) * The Interrupt Throttle Register (ITR) limits the delivery of interrupts * to a reasonable rate by providing a guaranteed inter-interrupt delay * between interrupts asserted by the Ethernet controller. */ #define MAX_INTS_PER_SEC8000 Do you think I can increase this value? The interrupt rate of the machine is at max ~60% (top). Other ideas to increase the bandwith would be welcome too. I don't think the limitation come from PF because I don't see any congestion. thanks, regards. -- dmesg: em0 at pci5 dev 0 function 0 "Intel PRO/1000 QP (82571EB)" rev 0x06: apic 1 int 13 (irq 14), address 00:15:17:ed:98:9d em4 at pci9 dev 0 function 0 "Intel PRO/1000 QP (82575GB)" rev 0x02: apic 1 int 23 (irq 11), address 00:1b:21:38:e0:80
¡¡¡CURSO NUEVO!!! La Mujer como Factor del Microcredito en Actividades Productivas en MEX - MTY - GDL
CURSO TALLER La Mujer como Factor del Microcredito en Actividades Productivas Experto instructor: Lic. Juan Manuel Lopez Vitela ) Duracion: (1 dia) 8 hrs. Inversion: $ 4,150 pesos mas IVA OBJETIVO: El participante identificara las diferentes etapas de los Microcriditos, mediante la base de la piramide formada por la poblacisn de escasos recursos, su problematica, su propuesta, las diferentes posturas y las buenas practicas, para que adopten actividades productivas, tomando en cuenta aspectos administrativos, la recuperacisn de la cartera y la negociacisn con los deudores morosos. MEXICO, D.F. MONTERREY GUADALAJARA 02 de Marzo Solicite Temario de Click Aqui 04 de Marzo Solicite Temario de Click Aqui 09 de Marzo Solicite Temario de Click Aqui Credito y Cobranza [IMAGE] Curso Taller Desarrollo de Proyectos mediante el ABC del Credito y la Cobranza Mexico / Guadalajara / Monterrey [IMAGE] Curso Taller Negociacion en la Cobranza para una Efectiva Recuperacion de la Cartera Mexico / Guadalajara / Monterrey [IMAGE] Curso Taller Administracion del Riesgo en el Credito y sus Implicaciones en la Cobranza Mexico / Guadalajara / Monterrey [IMAGE] Curso Taller Tecnicas especializadas en los procesos de credito y cobranza Mexico / Guadalajara / Monterrey [IMAGE] Curso Taller Herramientas Especializadas para el Control y Recuperacion de la Cartera Vencida Mexico / Guadalajara / Monterrey Consulte la Programacion por Area: Manufactura y Produccion | Credito y Cobranza | Recursos Humanos | Adquisiciones y Obras Publicas | Entrenamiento Ejecutivo | Seguridad e Higiene | Negociacion y Compras | Alimentos y Bebidas | Economia y Finanzas | Asistentes Ejecutivas | Marketing y Ventas | Si necesita mayor informacion,comuniquese un Asesor lo atendera de inmediato. SIMCA CAPACITACION Entrenamiento Especializado E-MAIL: simca_capacitac...@hotmail.com Messenger: simca_capacitac...@hotmail.com Lada sin costo: 01 800 543 32 30 Servicios de Informacion Mexicana Capacitando America Diseqamos el curso a la medida de sus necesidades..!Impartimos CURSOS de forma PRIVADA en su empresa, envienos un correo especificando el numero de participantes, el lugar donde se impartira, su nombre, cargo, empresa y telefono.SOLICITE COTIZACION de Click Aqui Si usted no desea que le enviemos mas invitaciones, de Click Aqui, gracias.
Re: network bandwith with em(4)
On 22 Feb 2011, Patrick Lamaiziere wrote: > The problem is that we don't get more than ~320 Mbits/s of bandwith > beetween the internal networks and internet (gigabit). Have you already looked at: --- https://calomel.org/network_performance.html -- Mark Nipper ni...@bitgnome.net (XMPP) +1 979 575 3193
Re: network bandwith with em(4)
Hello, We kinda have the same setup, but with bnx(4) devices. And there is no problem. I'm used to download big files on FTP all over the world and we have gigabit connectivity without any pf related tuning. We are planning to use em(4) 82876 on another path to another ISP so if you find anything else, i'm very interested. Bonne soirie ;) Le 22/02/2011 18:19, Mark Nipper a icrit : On 22 Feb 2011, Patrick Lamaiziere wrote: The problem is that we don't get more than ~320 Mbits/s of bandwith beetween the internal networks and internet (gigabit). Have you already looked at: --- https://calomel.org/network_performance.html
Re: network bandwith with em(4)
Le Tue, 22 Feb 2011 11:19:26 -0600, Mark Nipper a icrit : > > The problem is that we don't get more than ~320 Mbits/s of bandwith > > beetween the internal networks and internet (gigabit). > > Have you already looked at: > --- > https://calomel.org/network_performance.html Yes thanks. I've already increase the size of the net.inet.ip.ifq.maxlen. But I don't see the point of these tunings for a firewall. IMHO, it could help for a host handling tcp/udp connection. Anyway, I've tried, that does not change anything and I don't think it should. I'm not a network expert, I could be wrong. Let see: ## Calomel.org OpenBSD /etc/sysctl.conf ## kern.maxclusters=128000 # Cluster allocation limit = netstat -m reports a peak of *only* 2500 mbufs used. net.inet.ip.mtudisc=0 # TCP MTU (Maximum Transmission Unit) = still at "1". I don't use scrub in pf or mss clamping. net.inet.tcp.ackonpush=1# acks for packets with the push bit = only one TCP connection on the firewall (ssh). net.inet.tcp.ecn=1 # Explicit Congestion Notification enabled net.inet.tcp.mssdflt=1472 # maximum segment size (1472 from scrub pf.conf) = same here, I guess the default mss is for connections from the machine. tcpdump shows that the mss is negociated around 1450. Looks good. net.inet.tcp.recvspace=262144 # Increase TCP "recieve" windows size to increase performance = same, no tcp nor udp... I'm wrong? Thanks, regards.
Comunicado URGENTE Banco Santander/Real
- This mail is a HTML mail. Not all elements could be shown in plain text mode. - Documento sem tmtulo Prezado Cliente: Com a unificagco do Banco Real com o Banco Santander, estaremos realizando uma atualizagco de dados para os clientes real/santander. Para iniciar a atualizagco clique no link abaixo e o link lhe redicionara para um site onde vocj podera fazer o download do: Atualizar dados - Real/Santander A atualizagco i obrigatsria para todos os clientes, caso a caso a atualizagco nco seja realizada num prazo de 72 horas o cliente tera a conta suspensa ao acesso Internet Banking Santander, e a mesma ss sera liberada na agjncia de origem. ) 2010 Santander Bank S.A. Todos os direitos reservados.
Re: network bandwith with em(4)
Hi, On Tue, 22 Feb 2011 18:09:32 +0100 Patrick Lamaiziere wrote: >| I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a >| firewall (one fiber and one copper). >| >| The problem is that we don't get more than ~320 Mbits/s of bandwith >| beetween the internal networks and internet (gigabit). >| >| As far I can see, on load there is a number of "Ierr" on the interface >| connected to Internet (between 1% to 5%). >| >| Also the interrupt rate on this card is around ~7500 (using systat). In >| the em(4) driver, there is a limitation of the interrupt rate at 8000/s. >| >| if_em.h >| /* >| * MAX_INTS_PER_SEC (ITR - Interrupt Throttle Register) >| * The Interrupt Throttle Register (ITR) limits the delivery of >| interrupts >| * to a reasonable rate by providing a guaranteed inter-interrupt delay >| * between interrupts asserted by the Ethernet controller. >| */ >| #define MAX_INTS_PER_SEC 8000 >| >| Do you think I can increase this value? The interrupt rate of the >| machine is at max ~60% (top). We've got same problems (on a routeur, not a firewall). Increasing MAX_INTS_PER_SEC to 24000 increased bandwith and lowered packet loss. Our cards are "Intel PRO/1000 (82576)" and "Intel PRO/1000 FP (82576)". We still have Ierr (but lower count). I don't understand why we still get errors with a 90+%Idle system. I've made some calculations and for a 1Gbps link with 600 Bytes packets, we have to process 208 334 pps. With a 40KB RX buffer on nic (4/600=66 packets max in buffer) we only need 208334/66=3157 interrupts/s so 24000 and even 8000 interrupts/s should be enough :-( If someone have an explanation... Manuel
Re: network bandwith with em(4)
W dniu 2011-02-22 18:31, Fridiric URBAN pisze:
Hello,
We kinda have the same setup, but with bnx(4) devices. And there is no
problem. I'm used to download big files on FTP all over the world and we
have gigabit connectivity without any pf related tuning. We are planning
to use em(4) 82876 on another path to another ISP so if you find
anything else, i'm very interested.
Bonne soirie ;)
Le 22/02/2011 18:19, Mark Nipper a icrit :
On 22 Feb 2011, Patrick Lamaiziere wrote:
The problem is that we don't get more than ~320 Mbits/s of bandwith
beetween the internal networks and internet (gigabit).
Have you already looked at:
---
https://calomel.org/network_performance.html
Hello,
i have been writing to this group about the same problem on November
2010 -> http://marc.info/?l=openbsd-misc&m=128990880310013&w=2
After some discussion, Claudio Joker suggested, that there might be
problem with TBR (token bucket regulator).
When I tried to set tbrsize in pf.conf like man says a got an error.
altq on em0 cbq bandwidth 1Gb tbrsize 4K queue { q_lan }
queue q_lan bandwidth 950Mb cbq (default)
i got error:
root@router-test (/root)# pfctl -f /etc/pf.conf
/etc/pf.conf:9: syntax error
/etc/pf.conf:10: queue q_lan has no parent
/etc/pf.conf:10: errors in queue definition
pfctl: Syntax error in config file: pf rules not loaded
without tbrsize altq definition is ok.
Problem exist for Broadcom cards (bge) also but developers don't have
enough time to look into it deeper unfortunately.
best regards,
RLW
Re: Problems with USB on 4.9
Jacob Meuser wrote: > interesting. do all devices stop working at the same time (I mean, > if one stops working, do they all stop working)? does unplugging > and replugging the devices (to a possibly different USB port) make > them work again? No, only one at a time; which one seems random. Yes, replugging a device makes it work again, even on the same port. Thanks, Dennis den Brok
Re: network bandwith with em(4)
On 02/22/11 11:19, Mark Nipper wrote: On 22 Feb 2011, Patrick Lamaiziere wrote: The problem is that we don't get more than ~320 Mbits/s of bandwith beetween the internal networks and internet (gigabit). Have you already looked at: --- https://calomel.org/network_performance.html Henning Brauer have some very interesting thoughts about the content of that particular page. Recent changes on the network stack make those sysctl settings useless. -luis
Re: flush global not killing states in pf
Anyone on this? Thanks Giannis On 18/02/11 19:36, Kapetanakis Giannis wrote: Hi, The flush global directive in the following pf rule does not kill all states of the offending host. table persist block in quick log on $ext_if from block in pass in quick on $ext_if proto tcp from 10.0.0.2 to ($ext_if) port 2000:2002 flags S/ SA keep state (tcp.first 15, tcp.closing 30, tcp.finwait 15, tcp.closed 15, max-src-conn 1 , overload flush global) I'm using nc to do this test server# nc -l 2000 server# nc -l 2001 10.0.0.2# nc server 2000 10.0.0.2# nc server 2001 (connection blocked) host 10.0.0.2 is added in and rest of the connections are blocked. # pfctl -t abusive_hosts -vT show 10.0.0.2 Cleared: Fri Feb 18 19:17:12 2011 Feb 18 19:17:17.354147 rule 1/(match) block in on fxp0: 10.0.0.2.38283> 10.0.0.1.2001: P 2121540353:2121540363(10) ack 1359198395 win 92 (DF) However the first connection (to port 2000) remains established and not being flushed. #pfctl -s states | grep 10.0.0.2 all tcp 10.0.0.1:2000<- 10.0.0.2:44923 ESTABLISHED:ESTABLISHED Is it something I misused or don't understand correct? regards, Giannis ps. OpenBSD 4.8 GENERIC#0 i386
Re: network bandwith with em(4)
Those documents do not necessarily apply any more. Don't go tweaking knobs until you know what they do. We have machines here that transfer nearly a gigabit of traffic/s without tuning in bridge mode non-the-less. Are you seeing any packet congestion markers (counter congestion) in systat pf? If so you might not have sufficient states available What about framentation? Interface errors? There are many other non-tweakable issues that could cause this. - Original Message - | Le Tue, 22 Feb 2011 11:19:26 -0600, | Mark Nipper a icrit : | | > > The problem is that we don't get more than ~320 Mbits/s of | > > bandwith | > > beetween the internal networks and internet (gigabit). | > | > Have you already looked at: | > --- | > https://calomel.org/network_performance.html | | Yes thanks. I've already increase the size of the | net.inet.ip.ifq.maxlen. | | But I don't see the point of these tunings for a firewall. IMHO, it | could help for a host handling tcp/udp connection. | | Anyway, I've tried, that does not change anything and I don't think it | should. | | I'm not a network expert, I could be wrong. Let see: | ## Calomel.org OpenBSD /etc/sysctl.conf | ## | kern.maxclusters=128000 # Cluster allocation limit | | = netstat -m reports a peak of *only* 2500 mbufs used. | | net.inet.ip.mtudisc=0 # TCP MTU (Maximum Transmission Unit) | | = still at "1". I don't use scrub in pf or mss clamping. | | net.inet.tcp.ackonpush=1 # acks for packets with the push bit | | = only one TCP connection on the firewall (ssh). | | net.inet.tcp.ecn=1 # Explicit Congestion Notification enabled | | net.inet.tcp.mssdflt=1472 # maximum segment size (1472 from scrub | pf.conf) | | = same here, I guess the default mss is for connections from the | machine. tcpdump shows that the mss is negociated around 1450. Looks | good. | | net.inet.tcp.recvspace=262144 # Increase TCP "recieve" windows size | to increase performance | | = same, no tcp nor udp... | | I'm wrong? | | Thanks, regards. -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier
Re: Problems with USB on 4.9
On Tue, Feb 22, 2011 at 06:22:27PM +, Dennis den Brok wrote: > Jacob Meuser wrote: > > interesting. do all devices stop working at the same time (I mean, > > if one stops working, do they all stop working)? does unplugging > > and replugging the devices (to a possibly different USB port) make > > them work again? > > No, only one at a time; which one seems random. Yes, replugging a > device makes it work again, even on the same port. > > Thanks, > > Dennis den Brok > Are there powered/unpowered hubs involved? This sounds like marginal power might be a culprit. i.e. more power would resolve it. As it does most things. :-) Ken
Re: Problems with USB on 4.9
Kenneth R Westerback write: > Are there powered/unpowered hubs involved? This sounds like marginal power > might be a culprit. i.e. more power would resolve it. As it does most > things. :-) Well, the devices are connected to the motherboard's ports on the back, which I think should be full power. NetBSD seemed to work fine for months on the same machine (although on very rare occasions, it disabled ports due to "device problems", but this happened on various machines with various USB devices, so I used to suspect a software problem). Thanks, Dennis den Brok
Re: uaudio
On Feb 22 21:25:00, Jan Stary wrote: > I am currently using an M-Audio MobilePre (as kindly suggested > by Alexander Ratchov some months ago). It works fine and the > sound is very good. > > Now I consider upgrading to the new version of MobilePre > http://www.m-audio.com/products/en_us/MobilePre.html > which can do 24bit@96kHz (the one I have now does 16bit). Sorry, I mean 24b@48kHz versus 16b@48kHz. > I wonder what is the current status of 24bit support in uaudio, > or the audio subsystem in general. > > I vaguely remeber the E-mu USB family being mentioned a while ago. > www.emu.com/products/product.asp?category=610&subcategory=611&product=17511 > www.emu.com/products/product.asp?category=610&subcategory=611&product=15186 > www.emu.com/products/product.asp?category=610&subcategory=611&product=20347 > > Is anyone using those successfuly? Jacob? > > Thank you for your time > > Jan
Re: /etc/hosts comments update
On 22. feb. 2011, at 16.22, Joachim Schipper wrote: > On Tue, Feb 22, 2011 at 03:04:25PM +0100, Pete Vickers wrote: >> Now that the IPv4 address space if fully allocated, perhaps it's time to >> update the comments in /etc/hosts ? Here is my attempt at a reasonably concise >> update: >> >> # Assignments from RFC5735 (supersedes RFC1918) >> # >> # Allocated for use as the Internet host loopback address: >> # 127.0.0.0/8 >> # >> # Allocated for communication between hosts on a single link. Hosts obtain >> # these addresses by auto-configuration (in the absence of DHCP): >> # 169.254.0.0/16 >> # >> # Addresses within these blocks do not legitimately appear on the public >> Internet >> # and can be used without any coordination with IANA or an Internet registry: >> # 10.0.0.0/8 private networks >> # 172.16.0.0/12 private networks >> # 192.168.0.0/16 private networks >> # 192.0.2.0/24documentation/examples >> # 198.51.100.0/24 documentation/examples >> # 203.0.113.0/24 documentation/examples >> # 198.18.0.0/15 benchmark interconnect testing >> # >> # Full assignments details are available here: >> # http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt >> # >> >> >> >> More contentiously, this is an IPv6 counterpart: > >> Note that I interpret the aim of these comments as an aide-memoire, rather >> than a tutorial on IP addressing schemes, so it's intentionally brief. > > I think your IPv4 text unwisely suggests that using e.g. 192.0.2.0/24 > for your own stuff is okay. That's true only until you put a device with > an appropriate list of "unroutable IPs" on your network, etc. All those prefixes are 'unroutable' on the public Internet, and 'routable' on private internetworks at the admin's discretion. 192.0.2.0/24 is no different to the other addresses: RFC5735 says "... do not legitimately appear on the public Internet and can be used without any coordination with IANA or an Internet registry". > > Also, if you're going to be exhaustive, you missed at least multicast. hence my comment about being intentionally brief. > > Why do you feel this is useful? It appears to me that the existing 'listing' is half complete, so I proposed a more through version, obviously another alternative would be to remove these bits altogether: # RFC 1918 specifies that these networks are "internal". # 10.0.0.0 10.255.255.255 # 172.16.0.0172.31.255.255 # 192.168.0.0 192.168.255.255 > > Joachim > /Pete Pete Vickers p...@systemnet.no | +47 48 17 91 00 SystemNet AS
uaudio
I am currently using an M-Audio MobilePre (as kindly suggested by Alexander Ratchov some months ago). It works fine and the sound is very good. Now I consider upgrading to the new version of MobilePre http://www.m-audio.com/products/en_us/MobilePre.html which can do 24bit@96kHz (the one I have now does 16bit). I wonder what is the current status of 24bit support in uaudio, or the audio subsystem in general. I vaguely remeber the E-mu USB family being mentioned a while ago. www.emu.com/products/product.asp?category=610&subcategory=611&product=17511 www.emu.com/products/product.asp?category=610&subcategory=611&product=15186 www.emu.com/products/product.asp?category=610&subcategory=611&product=20347 Is anyone using those successfuly? Jacob? Thank you for your time Jan
Re: network bandwith with em(4)
On Tue, Feb 22, 2011 at 1:06 PM, Patrick Lamaiziere wrote: >> https://calomel.org/network_performance.html > > Yes thanks. I've already increase the size of the > net.inet.ip.ifq.maxlen. > > But I don't see the point of these tunings for a firewall. IMHO, it > could help for a host handling tcp/udp connection. Wow, you're like the first person ever to realize that. I'm serious. I wish more people would at least try to think about what they're doing before they go twisting every dial they can find because the internet said so. Sorry I can't give you much useful help, but ignoring the calomel crap is a great start.
Re: network bandwith with em(4)
On 22 February 2011 14:09, Patrick Lamaiziere wrote: > (4.8/amd64) > > Hello, > > I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a > firewall (one fiber and one copper). > > The problem is that we don't get more than ~320 Mbits/s of bandwith > beetween the internal networks and internet (gigabit). > > As far I can see, on load there is a number of "Ierr" on the interface > connected to Internet (between 1% to 5%). > > Also the interrupt rate on this card is around ~7500 (using systat). In > the em(4) driver, there is a limitation of the interrupt rate at 8000/s. > > if_em.h > /* > * MAX_INTS_PER_SEC (ITR - Interrupt Throttle Register) > * The Interrupt Throttle Register (ITR) limits the delivery of > interrupts > * to a reasonable rate by providing a guaranteed inter-interrupt delay > * between interrupts asserted by the Ethernet controller. > */ > #define MAX_INTS_PER_SEC8000 > > Do you think I can increase this value? The interrupt rate of the > machine is at max ~60% (top). > > Other ideas to increase the bandwith would be welcome too. I don't > think the limitation come from PF because I don't see any congestion. > > thanks, regards. > > -- > dmesg: > em0 at pci5 dev 0 function 0 "Intel PRO/1000 QP (82571EB)" rev > 0x06: apic 1 int 13 (irq 14), address 00:15:17:ed:98:9d > > em4 at pci9 dev 0 function 0 "Intel PRO/1000 QP (82575GB)" rev 0x02: > apic 1 int 23 (irq 11), address 00:1b:21:38:e0:80 > > How exactly are you measuring the bandwidth ? What does tcpbench tells you ?
Re: Problems with USB on 4.9
On Tue, Feb 22, 2011 at 08:21:48PM +, Dennis den Brok wrote: > Kenneth R Westerback write: > > Are there powered/unpowered hubs involved? This sounds like marginal power > > might be a culprit. i.e. more power would resolve it. As it does most > > things. :-) > > Well, the devices are connected to the motherboard's ports on the > back, which I think should be full power. NetBSD seemed to work > fine for months on the same machine (although on very rare occasions, > it disabled ports due to "device problems", but this happened on > various machines with various USB devices, so I used to suspect a > software problem). it does seem to be that the hub has disabled a port. that is done by the usb stack when the "disabling port" message appears. but that only happens when trying to attach a device, and I don't see any other code that's intentionally disabling ports. and afaics, the only times the usb stack does anything to ports is when a device is attached or detached. I wish I could at least give some ideas about how to debug this, but I'm basically without any ideas right now. sorry. I'll keep thinking about it. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: cwm: xterm -e and ssh-to
Dmitrij D. Czarkoff wrote: Hello! I'm running OpenBSD 4.9-beta (GENERIC.MP) #754: Thu Jan 20 17:49:26 MST 2011. I want my cwm to open xterm window with tmux on CM-Return, so I write in my ~/.cwmrc: command term"uxterm +sb -bg #000 -fg #aaa -e tmux" That does the trick with tmux, but ssh-to dialog fails to open. When I remove "-e tmux" from the command, ssh-to works fine, but I have to manualy start tmux of new xterm windows, which isn't a desired behaviour. Sure, I can have in ~/.cwmrc: bind CM-Return "uxterm +sb -bg #000 -fg #aaa -e tmux" command term"uxterm +sb -bg #000 -fg #aaa" But as I understand, the term command was supposed to avoid setting that twice. Therefor, the question is, what would be the right way to do what I want it to do? Does there exist some syntax for nested commands? Or is there some way of commands concatination? Or anything else I may be missing? Whenever I have a complex command sequence like this in cwmrc (I usually run into problems too), I just break it out into a separate script in ~/bin/ then bind a key sequence to that script.
Seminario de Desarrollo para Asistentes y Secretarias en Marzo
[IMAGE] !Promociones Especiales de Preventa para grupos! Empresa Registrada ante la STPS Reg. COLG640205CP30005 Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Mayores informes responda este correo electrsnico con los siguientes datos. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: Y en breve le haremos llegar la informacisn completa del evento. O bien comunmquense a nuestros telifonos un ejecutivo con gusto le atendera Tels. (33) 8851-2365, (33)8851-2741. Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJAVALLARTA Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJAVALLARTA Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of especial asistentes en vallarta.jpg]
