Re: Large scale VPN routers
On Tue, Aug 23, 2011 at 3:55 AM, Brendan Grossman wrote: > Hi > > Just wondering if anyone has had any experience with using OpenBSD to > terminate up to 1000 VPN clients and/or route "high" traffic (say 100 > Mb/s). > > What sort of hardware did you use, type of VPN, encryption and auth > options, overall experience, etc? http://www.openbsd.org/products.html See syscall, GeNUA, .vantronix and probably others as well > > Regards > Brendan
Large scale VPN routers
Hi Just wondering if anyone has had any experience with using OpenBSD to terminate up to 1000 VPN clients and/or route "high" traffic (say 100 Mb/s). What sort of hardware did you use, type of VPN, encryption and auth options, overall experience, etc? Regards Brendan
network fails to start with firewall enabled. Used to work..
I have recently upgraded our OpenBSD 4.8 bridge & firewall to OpenBSD 5.0 (GENERIC.MP) #57: Mon Aug 8 14:58:00 MDT 2011 and I'm having some problems with a rule set that used to work with 4.8. I took our backup firewall out of production, re-installed a fresh copy of the snapshot stated, and used site50.tgz to populate the hostname.* interfaces for physical devices, bridges and VLANs, sysctl.conf for interface forwarding, etc. The install went fine, all the files were put into place correctly, however, with the old rule set the network fails to come up. I read the source-changes list and recall the change for the set skip rules and interface groups, confirmed the changes as defined in the following -current web page which doesn't *seem* to apply to me since I am not using interface types, but instead physical interface names (or variables that define interface names). Please keep in mind that the rules load. In fact, if I do not enable PF during boot but enable PF afterwards it works fine so I must be missing something here... Do I now have to set skip on the physical interfaces for the VLANs/Bridge (em0 & em1) :'/ # See pf.conf(5) for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. NS_DMZ="vlan" DMZ="vlan2111" NS_FASNET="vlan310" NS_ACS="vlan311" NS_EXPERIMENTAL="vlan312" NS_NAT="vlan313" NS_DMZ2="vlan314" NS_111B="vlan315" NS_NETM="vlan316" FASNET="vlan300" ACS="vlan301" EXPERIMENTAL="vlan302" NAT="vlan303" DMZ2="vlan304" 111B="vlan305" NETM="vlan306" FW_MGMT="bge0" # Service definitions CIFS_PORTS="{137 139 445 epmap kerberos ldap}" DNS_PORTS="{domain}" FILEMAKER_PORTS="{2339 5003 5353}" NFS_PORTS="{sunrpc 2049 4045}" PRINT_PORTS="{161 printer ipp 9100}" RDP_PORTS="{3389 5900:5999}" WEB_PORTS="{http https}" FLEXLM_PORTS="{ 1025:65535 }" AD_PORTS="{ 88 389 1025 3268 epmap kerberos kpasswd ldap ntp }" ARD_PORTS="{ 3283 }" # Table definitions # all hosts that get blocked due to too # many connections are added temporarily here table persist file "/etc/bad_hosts.list" # Hosts that should be allowed into the NETM table persist file "/etc/netm_hosts.list" # Hosts that have been blocked permanently table persist file "/etc/blacklist_hosts.list" # Hosts we should never block table persist file "/etc/whitelist_hosts.list" # DNS Servers that we should communicate with table persist file "/etc/dns_servers.list" # Web Servers table persist file "/etc/web_servers.list" # Public SFU / FASNET IP space table persist file "/etc/trusted_ip_space.list" # Publically accessible printers table persist file "/etc/public_printers.list" # Sytems Lab machines table persist file "/etc/systems_lab_hosts.list" # baltic.example.com access list table persist file "/etc/baltic_acls.list" # FlexLM servers table persist file "/etc/flexlm_servers.list" # CIFS servers table persist file "/etc/cifs_servers.list" # Our domain controllers servers table persist file "/etc/dc_servers.list" # Camups DC servers table persist file "/etc/campus_dc_servers.list" # PlanetLab Machines table persist file "/etc/planet_lab_machines.list" ## PF Engine paramaters # Play nicely and send return refused, # destination unreachable, etc on block set block-policy return # limit the number of states that can be created # monitor "congestion" and "state count" ouput # in systat pf set limit { states 5, table-entries 50 } # disable packet fragement reassembly to work with seven # this should be removed when seven is decommissioned set reassemble no # Log traffic statistics on all interfaces set loginterface all # don't do any filtering on these devices # only "public" side is filtered since you only # need to filter on one side of the bridge #set skip on { lo0 $FW_MGMT $NS_DMZ $NS_EXPERIMENTAL $NS_NAT $NS_DMZ2 $NS_111B $111B $ACS $DMZ $DMZ2 $EXPERIMENTAL $FASNET $NAT } set skip on { lo0 bge0 bge1 $FW_MGMT $NS_EXPERIMENTAL $NS_NAT $NS_DMZ2 $NS_111B $111B $ACS $DMZ2 $EXPERIMENTAL $FASNET $NAT } # scrub incoming packets match in all scrub (no-df) # NAT all 172.16.0/24 traffic to the external interface #match out on ! $NAT from 172.16.0.0/24 to any nat-to $FW_MGMT:network # block any host deemed for whatever reason to be bad # be meaner and just drop them which will use resources # of the attacker slightly longer block drop quick from block drop quick from # By default, do not permit remote connections to X11 # all X11 traffic should be tunnelled through SSH block in quick on ! lo0 proto tcp to port 6000:6010 # Allow ping and traceroute through pass quick log (to pflog1) inet proto icmp from any to any icmp-type echoreq keep state # traffic from these hosts should never be blocked pass quick from pass to ### NETM RULES ### ### # Block access to NETM block in log (to pflog2) on $NETM all pass out log (to pflog2) quick on $NETM all # Allow traffic to/from NETM allow
Re: Expected throughput in an OpenBSD virtual server
On 22 August 2011 23:45, Per-Olov Sjvholm wrote: >> As http://www.openbsd.org/faq/faq6.html states, there's little you can tweak > to improve your numbers; just get a nice-clocked, good cache-sized CPU and > give it some loving. > > The FAQ you refer to seems to be of no use at all and is totally unrelated to > this post. It is quite pertinent, actually. See the beginning of section 6.6; http://www.openbsd.org/faq/faq6.html#Tuning John
Re: Expected throughput in an OpenBSD virtual server
On 22 aug 2011, at 23:28, Claudio Jeker wrote: > On Mon, Aug 22, 2011 at 10:49:47PM +0200, Per-Olov Sjvholm wrote: >> On 22 aug 2011, at 22:04, Stuart Henderson wrote: But if you can give hints of how to decrease the interrupt load I am all >> ears. As I see it, if the interrupt handling model i OpenBSD would change to a polling one u could maybe increase the throughput at the same processor >> speed (just me guessing though). But now the fact is that it is not polling. So >> what can I do with what we have >>> >>> polling is one mechanism to ensure you aren't handling interrupts all the >>> time, so you can ensure userland remains responsive even when the machine >> is >>> under heavy network load. OpenBSD has another way to handle this, MCLGETI. >> >> >> With polling if I get it right the context switch overhead is mostly avoided >> because the system can choose to look at the device when it is already in the >> right context. The drawback could be increased latency in processsing events >> in a polling model. But according to what I have read, the latency is reduced >> to a very low low values by raising the clock interrupt frequency. They say >> polling is better from a OS "time spent on device" control perspective. Note >> that I am not a pro in this area, but will for sure look deeper... > > Polling only works reliably at insane HZ settings which will cause other > issues at other places (some obvious some not so obvious). In the end > polling is a poor mans interrupt mitigation (which is also enabled on > em(4) btw.) since instead of using the interrupt of the network card you > use the interrupt of the clock to process the DMA rings. Polling does not > gain you much on good modern HW. > >> MCLGETI ?? Is it in if_em.c if I want to see how it is implemented? >> > > Yes. em(4) has MCLGETI(). > >>> Is pure cpu speed the only way? Or is it possible to decrease the >> interrupt load with even better NIC:s? >>> >>> here are some things that might help: >>> >>> - faster cpu >>> - larger cpu cache >>> - faster ram >>> - reduce overheads (things like switching VM context while handling >>> packets is not going to help matters) >>> - improving code efficiency >>> >>> have you tried -current? >>> >> >> >> >> I tried to share and use the same interrupt for my network ports as I have a >> guess it could be a boost, but the bios did not want what I wanted >> Interrupts could be shared, but not between the ports I wanted. I simple did >> not understand the interrupt allocation scheme in my Dell T410 tower server. >> >> Have not tried current, but will try current as soon as I can. Also... I will >> try to do some laborations with CPU speed of the core the OpenBSD virtual >> machine has. This to see how the interrupts and throughput is related to the >> CPU speed of the allocated core. >> > > Also make sure that the guest can actually access the physical HW directly > without any virtualisation in between. In the end real HW is going to have > less overhead and will be faster then a VM solution. --snip-- The KVM hypervisor supports attaching PCI devices on the host system to virtualized guests. PCI passthrough allows guests to have exclusive access to PCI devices for a range of tasks. PCI passthrough allows PCI devices to appear and behave as if they were physically attached to the guest operating system. --snip-- From: http://docs.fedoraproject.org/en-US/Fedora/13/html/Virtualization_Guide/chap- Virtualization-PCI_passthrough.html The link above doesn't say anything about performance loss though of doing PCI pass through. But the OpenBSD indeed sees and uses the correct real physical NIC:s . I am of course _very_ interested in testing by installing OpenBSD directly on the hardware. But I cannot do that at this time. This is what the OpenBSD sees.. --snip-- em0 at pci0 dev 4 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: apic 1 int 11 (irq 11), address 00:1b:21:c2:8a:b0 em1 at pci0 dev 5 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: apic 1 int 10 (irq 10), address 00:1b:21:bf:76:77 --snip-- The MAC:s are these adapters real MAC:s. When used in OpenBSD these adapters are totally unbound in Linux and cannot be seen or used. This virtual fully patched OpenBSD 4.9 has got one (of total eight) Xeon 5504 2Ghz core, 512MB RAM and the above NIC:s and some raised values in sysctl. It (as said earlier) gives about max 400Mbit throughput with a small ruleset will keep state everywhere. Have tested with NFS, AFP, SCP, SMB and with different created 2GB ISO:s. All protocols gives near the same result (AFP performs best). Another physical server with a 1.6 Ghz Intel Atom with Intel Gig cards (not the same cards) performs similar (a little lower though) and max out at near the same speed. When these systems (both the physical and the virtual) max out, the interrupts eat 100%. Removing the firewall the file transfer give 119 Mbyte/s and max out the Gigabit pipe. These measu
Re: Expected throughput in an OpenBSD virtual server
On Mon, Aug 22, 2011 at 10:49:47PM +0200, Per-Olov Sjvholm wrote: > On 22 aug 2011, at 22:04, Stuart Henderson wrote: > >> But if you can give hints of how to decrease the interrupt load I am all > ears. > >> As I see it, if the interrupt handling model i OpenBSD would change to a > >> polling one u could maybe increase the throughput at the same processor > speed > >> (just me guessing though). But now the fact is that it is not polling. So > what > >> can I do with what we have > > > > polling is one mechanism to ensure you aren't handling interrupts all the > > time, so you can ensure userland remains responsive even when the machine > is > > under heavy network load. OpenBSD has another way to handle this, MCLGETI. > > > With polling if I get it right the context switch overhead is mostly avoided > because the system can choose to look at the device when it is already in the > right context. The drawback could be increased latency in processsing events > in a polling model. But according to what I have read, the latency is reduced > to a very low low values by raising the clock interrupt frequency. They say > polling is better from a OS "time spent on device" control perspective. Note > that I am not a pro in this area, but will for sure look deeper... Polling only works reliably at insane HZ settings which will cause other issues at other places (some obvious some not so obvious). In the end polling is a poor mans interrupt mitigation (which is also enabled on em(4) btw.) since instead of using the interrupt of the network card you use the interrupt of the clock to process the DMA rings. Polling does not gain you much on good modern HW. > MCLGETI ?? Is it in if_em.c if I want to see how it is implemented? > Yes. em(4) has MCLGETI(). > > > >> Is pure cpu speed the only way? Or is it possible to decrease the > interrupt > >> load with even better NIC:s? > > > > here are some things that might help: > > > > - faster cpu > > - larger cpu cache > > - faster ram > > - reduce overheads (things like switching VM context while handling > > packets is not going to help matters) > > - improving code efficiency > > > > have you tried -current? > > > > > > I tried to share and use the same interrupt for my network ports as I have a > guess it could be a boost, but the bios did not want what I wanted > Interrupts could be shared, but not between the ports I wanted. I simple did > not understand the interrupt allocation scheme in my Dell T410 tower server. > > Have not tried current, but will try current as soon as I can. Also... I will > try to do some laborations with CPU speed of the core the OpenBSD virtual > machine has. This to see how the interrupts and throughput is related to the > CPU speed of the allocated core. > Also make sure that the guest can actually access the physical HW directly without any virtualisation in between. In the end real HW is going to have less overhead and will be faster then a VM solution. -- :wq Claudio
Re: Expected throughput in an OpenBSD virtual server
On Mon, Aug 22, 2011 at 10:53:05PM +0200, Christer Solskogen wrote: > On Mon, Aug 22, 2011 at 10:04 PM, Stuart Henderson > wrote: > > - faster ram > > Are you sure about that? Almost every benchmark I've seen, fast ram > has almost nothing to say. I would be delighted if what I've been > reading is wrong :-) > Yes. memory speed matters a lot. DMA goes into main memory and needs to be read into the cache when the recieved packet is accessed. Having the memory close by the CPU and on fast busses helps in that regard. Big caches will do the rest. -- :wq Claudio
pflog shows 0.0.0.0.0 > 0.0.0.0.0
Hi All, See my configuration at the bottom of this email. I am looking into why my pflog has these ambiguous entries that show source and destination as all zeros e.g. 0.0.0.0.0 > 0.0.0.0.0. I saw that there was a related thread earlier this year asking questions that was unresolved/unconfirmed and I would like to get feedback from one of the developers (Daniel, Henning?) to confirm my suspicions. I believe that these lines are a result of the log (all) statement, which logs all subsequent packets in a stateful session (and not just the first packets matching the rules). If that is true, then IMO the log entries are not very intuitive or useful without the true source/destination IP Addresses included... I can't grep for src/dst any more, now I assume I would have to correlate the session information some other way (e.g. sequence numbers?) So to put my questions more succinctly: 1) Are logs with 0.0.0.0.0 > 0.0.0.0.0 a result of the pf.conf log (all) statement, and are therefore an indication of a continuing tcp session? 2) Are there any plans to update the logging to represent the actual src/dst of these packets? If not, what is your suggested method for correlating these stateful session log entries? By the way, I tried to post this to the pf mailing list but got bounced back on the SPAM filters when trying to subscribe. Same goes for when I tried to email Daniel directly to resolve the issue. Can someone get in touch with him and inform him of the issue? My configurations: # uname -rsvm OpenBSD 4.9 GENERIC#477 amd64 # pfctl -s rules pass all flags S/SA keep state pass in log (all) quick on em0 proto tcp from any to any port = https flags S/SA keep state pass in log (all) quick on em0 proto tcp from any to any port = ssh flags S/SA keep state block drop in log (all) on em0 all pass out log (all) on em0 all flags S/SA keep state block drop in on ! lo0 proto tcp from any to any port 6000:6010 # tcpdump -ne -ttt -r /var/log/pflog host 0.0.0.0 | head tcpdump: WARNING: snaplen raised from 116 to 160 Aug 17 16:00:30.673967 rule 2/(match) pass in on em0: 0.0.0.0.0 > 0.0.0.0.0: P 142855442:142855478(36) ack 49382696 win 256 (DF) Aug 17 16:00:30.867230 rule 2/(match) pass out on em0: 0.0.0.0.0 > 0.0.0.0.0: . ack 93472783 win 2190 (DF) [tos 0x10] Aug 17 16:01:30.988858 rule 2/(match) pass in on em0: 0.0.0.0.0 > 0.0.0.0.0: P 36:72(36) ack 1 win 256 (DF) Aug 17 16:01:31.179997 rule 2/(match) pass out on em0: 0.0.0.0.0 > 0.0.0.0.0: . ack 93472819 win 2190 (DF) [tos 0x10] Aug 17 16:02:15.903119 rule 3/(match) block in on em0: 0.0.0.0.68 > 255.255.255.255.67: xid:0x5d366a85 flags:0x8000 [|bootp] Aug 17 16:02:31.301720 rule 2/(match) pass in on em0: 0.0.0.0.0 > 0.0.0.0.0: P 72:108(36) ack 1 win 256 (DF) Aug 17 16:02:31.492758 rule 2/(match) pass out on em0: 0.0.0.0.0 > 0.0.0.0.0: . ack 93472855 win 2190 (DF) [tos 0x10] Aug 17 16:03:31.615561 rule 2/(match) pass in on em0: 0.0.0.0.0 > 0.0.0.0.0: P 108:144(36) ack 1 win 256 (DF) Aug 17 16:03:31.815571 rule 2/(match) pass out on em0: 0.0.0.0.0 > 0.0.0.0.0: . ack 93472891 win 2190 (DF) [tos 0x10] Aug 17 16:04:31.929505 rule 2/(match) pass in on em0: 0.0.0.0.0 > 0.0.0.0.0: P 144:180(36) ack 1 win 256 (DF) Thanks, Matt
Conferencia Facebook Marketing este 30 de Septiembre
[IMAGE] WSI, Pms de Mixico & Adsmedia presentan Capacitacisn Efectiva de Mixico presenta: Congreso Nacional Internet Marketing Evolution Presentando las tematicas y tendencias mas innovadoras que le permitan desarrollar una estrategia de MKT Digital apropiada a su necesidad. Presentacisn Exclusiva: 30 de Septiembre Ciudad de Mixico Traemos los mejores eventos para usted, conozca los beneficios de capacitarse con los mejores! Empresa Registrada ante la STPS Reg. COLG640205CP30005 Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico !Solicite Mayores Informes! Por favor responda este e-mail con los datos siguientes. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: En breve recibira la informacisn completa de este inigualable evento. Comunmquese a los telifonos y con gusto uno de nuestros ejecutivos le atendera. Telifonos: (0133) 8851-2365, (0133) 8851-2741, (0133) 1568-4647. Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org < /span>como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJAMKT Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJAMKT Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of imageevo002.jpg]
Re: Expected throughput in an OpenBSD virtual server
On Mon, Aug 22, 2011 at 10:04 PM, Stuart Henderson wrote: > - faster ram Are you sure about that? Almost every benchmark I've seen, fast ram has almost nothing to say. I would be delighted if what I've been reading is wrong :-) -- chs,
Re: Expected throughput in an OpenBSD virtual server
On 22 aug 2011, at 22:04, Stuart Henderson wrote: >> But if you can give hints of how to decrease the interrupt load I am all ears. >> As I see it, if the interrupt handling model i OpenBSD would change to a >> polling one u could maybe increase the throughput at the same processor speed >> (just me guessing though). But now the fact is that it is not polling. So what >> can I do with what we have > > polling is one mechanism to ensure you aren't handling interrupts all the > time, so you can ensure userland remains responsive even when the machine is > under heavy network load. OpenBSD has another way to handle this, MCLGETI. With polling if I get it right the context switch overhead is mostly avoided because the system can choose to look at the device when it is already in the right context. The drawback could be increased latency in processsing events in a polling model. But according to what I have read, the latency is reduced to a very low low values by raising the clock interrupt frequency. They say polling is better from a OS "time spent on device" control perspective. Note that I am not a pro in this area, but will for sure look deeper... MCLGETI ?? Is it in if_em.c if I want to see how it is implemented? > >> Is pure cpu speed the only way? Or is it possible to decrease the interrupt >> load with even better NIC:s? > > here are some things that might help: > > - faster cpu > - larger cpu cache > - faster ram > - reduce overheads (things like switching VM context while handling > packets is not going to help matters) > - improving code efficiency > > have you tried -current? > I tried to share and use the same interrupt for my network ports as I have a guess it could be a boost, but the bios did not want what I wanted Interrupts could be shared, but not between the ports I wanted. I simple did not understand the interrupt allocation scheme in my Dell T410 tower server. Have not tried current, but will try current as soon as I can. Also... I will try to do some laborations with CPU speed of the core the OpenBSD virtual machine has. This to see how the interrupts and throughput is related to the CPU speed of the allocated core. Tnx /Per-Olov GPG keyID: 5231C0C4 GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 GPG key: http://wwwkeys.eu.pgp.net/pks/lookup?op=get&search=0x766ED29D5231C0C4
Re: Expected throughput in an OpenBSD virtual server
> But if you can give hints of how to decrease the interrupt load I am all ears. > As I see it, if the interrupt handling model i OpenBSD would change to a > polling one u could maybe increase the throughput at the same processor speed > (just me guessing though). But now the fact is that it is not polling. So what > can I do with what we have polling is one mechanism to ensure you aren't handling interrupts all the time, so you can ensure userland remains responsive even when the machine is under heavy network load. OpenBSD has another way to handle this, MCLGETI. > Is pure cpu speed the only way? Or is it possible to decrease the interrupt > load with even better NIC:s? here are some things that might help: - faster cpu - larger cpu cache - faster ram - reduce overheads (things like switching VM context while handling packets is not going to help matters) - improving code efficiency have you tried -current?
Nuovo messaggio
Benvenuto nel piC9 completo Midi Professionale e supporto mp3 del sito Internet. Con migliaia di Midi top e canzoni mp3. Siete nel posto giusto !! WWW.GIGAMUSIC.EU Midi canzoni Italiane e straniere Musica nuova2011 Cucina italiana Video diversi tutto su www.gigamusic.eu WWW.GIGAMUSIC.EU GRAZIE PER LA VOSTRA VISITA E BUONA NAVIGAZIONE!!!
Re: OpenBSD 4.9 + Sound Blaster Live!
On 08/17/11 06:23, Alexandre Ratchov wrote: > could you provide a dmesg and the list of commands that you run and > that didn't work? Sorry it took me so long to get back to everyone. I've been having all sorts of other issues at work that have prevented me from responding sooner. Here's the output of dmesg, audioctl and mixerctl: James name=SB Live! version=0x05 config=emuxki encodings=ulinear:8:1:1,mulaw:8:1:1*,alaw:8:1:1*,slinear:8:1:1*,slinear_le:16:2:1,ulinear_le:16:2:1*,slinear_be:16:2:1*,ulinear_be:16:2:1* properties=full_duplex,mmap,independent full_duplex=0 fullduplex=0 blocksize=16384 hiwat=2 lowat=1 output_muted=0 monitor_gain=0 mode= play.rate=44100 play.sample_rate=44100 play.channels=2 play.precision=16 play.bps=2 play.msb=1 play.encoding=slinear_le play.gain=255 play.balance=32 play.port=0x0 play.avail_ports=0x0 play.seek=16384 play.samples=3543484 play.eof=0 play.pause=0 play.error=1 play.waiting=0 play.open=0 play.active=0 play.buffer_size=65536 play.block_size=16384 play.errors=2961 record.rate=48000 record.sample_rate=48000 record.channels=2 record.precision=16 record.bps=2 record.msb=1 record.encoding=slinear_le record.gain=191 record.balance=32 record.port=0x1 record.avail_ports=0x7 record.seek=0 record.samples=0 record.eof=0 record.pause=0 record.error=0 record.waiting=0 record.open=0 record.active=0 record.buffer_size=65536 record.block_size=8192 record.errors=0 outputs.master=255,255 outputs.master.mute=off outputs.mono=255 outputs.mono.mute=on outputs.mono.source=mixerout inputs.spkr=255 inputs.spkr.mute=off inputs.phone=191 inputs.phone.mute=on inputs.mic=191 inputs.mic.mute=on inputs.mic.preamp=off inputs.mic.source=mic0 inputs.line=191,191 inputs.line.mute=on inputs.cd=191,191 inputs.cd.mute=on inputs.video=191,191 inputs.video.mute=on inputs.aux=191,191 inputs.aux.mute=on inputs.dac=191,191 inputs.dac.mute=off record.source=mic record.volume=255,255 record.volume.mute=off outputs.spatial=off outputs.spatial.center=0 outputs.spatial.depth=0 outputs.extamp=off OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar 2 06:57:49 MST 2011 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3128442880 (2983MB) avail mem = 3031142400 (2890MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xeafb0 (110 entries) bios0: vendor American Megatrends Inc. version "0401" date 06/21/2011 bios0: ASUSTeK Computer INC. P8Z68-V LE acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC SSDT MCFG HPET acpi0: wakeup devices PS2K(S4) PS2M(S4) UAR1(S4) BR20(S3) EUSB(S4) USBE(S4) PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) PEX6(S4) PEX7(S4) BR19(S4) P0P1(S4) P0P2(S4) P0P3(S4) P0P4(S4) PWRB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, 3110.53 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 100MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, 3110.15 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG cpu1: 256KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, 3110.15 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG cpu2: 256KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, 3110.15 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG cpu3: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PEX0) acpiprt2 at acpi0: bus -1 (PEX1) acpiprt3 at acpi0: bus 5 (PEX2) acpiprt4 at acpi0: bus 6 (PEX3) acpiprt5 at acpi0: bus 7 (PEX4) acpiprt6 at acpi0: bus 8 (PEX5) acpiprt7 at acpi0: bus 9 (PEX6) acpiprt8 at acpi0: bus 11 (BR19) acpiprt9 at acpi0: bus 1 (P0P1) acpiprt10 at acpi0: bus -1 (P0P2) acpiprt11 at acpi0: bus -1 (P0P3) acpiprt12 at acpi0: bus -1 (P0P4) acpiec0 at acpi0acpiec _REG failed, broken BIOS acpicpu0 at acpi0: C
Per la tua protezione, e necessario verificare questo messaggio
Gentile Cliente, Abbiamo rilevato attivita irregolari sul tuo Verified by Visa / MasterSecure Code Internet banking sul conto 17/08/2011. Per la tua protezione, e necessario verificare questo attivita prima di poter continuare a utilizzare il conto. Si prega di scaricare il documento allegato alla presente email a rivedere le attivita del proprio account. Rivedremo l'attivita sul tuo conto con voi e alla verifica, e ci consentira di eliminare le restrizioni imposte alle il tuo account. Se scegliete di ignorare la nostra richiesta, ci lasciano scelta ma di sospendere temporaly tuo account. Ti chiediamo di consentire almeno 48 ore per il caso di essere indagato e si consiglia di verificare il tuo conto in quel momento. Con i migliori saluti, Responsabile della comunicazione del Cliente ) Copyright Verifid By Visa 2011 - Tutti i diritti riservati [demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a name of Il Tuo Profilo.774DEFANGED-htm]
Re: two problems with the recent X @ i386
> On 2011-08-22 17.19, Jan Stary wrote: >> With today's snapshot, I can no longer kill X with crtl+alt+backspace. >> Has something changed? Is DontZap turned on by default now? I am not >> using any config file. > > Ah, I've experienced the same thing but in an amd64 environment. > > In my case it started a couple of months ago though, so it may not be > a brand new phenomenon. Can't pinpoint when so I have no idea what > commit to the tree changed the behaviour. I've forgotten to ask about > it since I use Ctrl-Alt-BS so seldom, but every time I do it annoys me. :-) > Same with me. It stopped working a few months ago on amd64. And matthieu@ fixed it a few days ago in current. thanks
Re: two problems with the recent X @ i386
On Mon 2011.08.22 at 17:19 +0200, Jan Stary wrote: > With today's snapshot, I can no longer kill X with crtl+alt+backspace. > Has something changed? Is DontZap turned on by default now? I am not > using any config file. I believe that's fixed in -current. > Also, the starting X says > > cwm: config file /home/hans/.cwmrc has errors, not loading > > but I don't have a ~/.cwmrc This is just a warning, but I've something to fix that. Cheers, Okan
Re: two problems with the recent X @ i386
On 2011-08-22 17.19, Jan Stary wrote: > With today's snapshot, I can no longer kill X with crtl+alt+backspace. > Has something changed? Is DontZap turned on by default now? I am not > using any config file. Ah, I've experienced the same thing but in an amd64 environment. In my case it started a couple of months ago though, so it may not be a brand new phenomenon. Can't pinpoint when so I have no idea what commit to the tree changed the behaviour. I've forgotten to ask about it since I use Ctrl-Alt-BS so seldom, but every time I do it annoys me. :-) Regards, /Benny > Also, the starting X says > > cwm: config file /home/hans/.cwmrc has errors, not loading > > but I don't have a ~/.cwmrc > > > Jan > > > > OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP > cpu0: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz ("GenuineIntel" 686-class) > 2.67 GHz > cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1 > real mem = 2145837056 (2046MB) > avail mem = 2100654080 (2003MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 11/16/07, BIOS32 rev. 0 @ 0xfb3f0, > SMBIOS rev. 2.4 @ 0xf0100 (40 entries) > bios0: vendor Award Software International, Inc. version "F10" date 11/16/2007 > bios0: Gigabyte Technology Co., Ltd. P35-DS3 > acpi0 at bios0: rev 0 > acpi0: sleep states S0 S1 S4 S5 > acpi0: tables DSDT FACP HPET MCFG APIC SSDT SSDT > acpi0: wakeup devices PEX0(S5) PEX1(S5) PEX2(S5) PEX3(S5) PEX4(S5) PEX5(S5) > HUB0(S5) UAR1(S1) USB0(S1) USB1(S1) USB2(S1) USB3(S1) US31(S1) USB4(S1) > USB5(S1) USBE(S1) USE2(S1) AZAL(S5) PCI0(S5) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 14318179 Hz > acpimcfg0 at acpi0 addr 0xf000, bus 0-63 > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: apic clock running at 333MHz > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz ("GenuineIntel" 686-class) > 2.67 GHz > cpu1: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1 > ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins > ioapic0: misconfigured as apic 0, remapped to apid 2 > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 2 (PEX0) > acpiprt2 at acpi0: bus -1 (PEX1) > acpiprt3 at acpi0: bus -1 (PEX2) > acpiprt4 at acpi0: bus 3 (PEX3) > acpiprt5 at acpi0: bus 4 (PEX4) > acpiprt6 at acpi0: bus -1 (PEX5) > acpiprt7 at acpi0: bus 5 (HUB0) > acpicpu0 at acpi0: FVS, 2667, 2000 MHz > acpicpu1 at acpi0: FVS, 2667, 2000 MHz > acpibtn0 at acpi0: PWRB > bios0: ROM list: 0xc/0xce00 0xd/0x1e00! 0xd2000/0x3000! > pci0 at mainbus0 bus 0: configuration mode 1 (bios) > pchb0 at pci0 dev 0 function 0 "Intel 82G33 Host" rev 0x02 > ppb0 at pci0 dev 1 function 0 "Intel 82G33 PCIE" rev 0x02: apic 2 int 16 > pci1 at ppb0 bus 1 > vga1 at pci1 dev 0 function 0 "NVIDIA GeForce 8600 GT" rev 0xa1 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 16 > uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 21 > uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18 > ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 18 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 > azalia0 at pci0 dev 27 function 0 "Intel 82801I HD Audio" rev 0x02: msi > azalia0: codecs: Realtek ALC885 > audio0 at azalia0 > ppb1 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 2 int 16 > pci2 at ppb1 bus 2 > ppb2 at pci0 dev 28 function 3 "Intel 82801I PCIE" rev 0x02: apic 2 int 19 > pci3 at ppb2 bus 3 > jmb0 at pci3 dev 0 function 0 "JMicron JMB363 IDE/SATA" rev 0x02 > ahci0 at jmb0: apic 2 int 19, AHCI 1.0 > scsibus0 at ahci0: 32 targets > jmb1 at pci3 dev 0 function 1 "JMicron JMB363 IDE/SATA" rev 0x02 > pciide0 at jmb1: DMA, channel 0 wired to native-PCI, channel 1 wired to > native-PCI > pciide0: using apic 2 int 16 for native-PCI interrupt > atapiscsi0 at pciide0 channel 0 drive 0 > scsibus1 at atapiscsi0: 2 targets > cd0 at scsibus1 targ 0 lun 0: ATAPI > 5/cdrom removable > cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 > pciide0: channel 1 disabled (no drives) > ppb3 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 2 int 16 > pci4 at ppb3 bus 4 > re0 at pci4 dev 0 function 0 "Realtek 8168" rev 0x01: RTL8168 2 (0x3800), > apic 2 int 16, address 00:1d:7d:a9:a0:48 > rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 > uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic
two problems with the recent X @ i386
With today's snapshot, I can no longer kill X with crtl+alt+backspace. Has something changed? Is DontZap turned on by default now? I am not using any config file. Also, the starting X says cwm: config file /home/hans/.cwmrc has errors, not loading but I don't have a ~/.cwmrc Jan OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz ("GenuineIntel" 686-class) 2.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1 real mem = 2145837056 (2046MB) avail mem = 2100654080 (2003MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/16/07, BIOS32 rev. 0 @ 0xfb3f0, SMBIOS rev. 2.4 @ 0xf0100 (40 entries) bios0: vendor Award Software International, Inc. version "F10" date 11/16/2007 bios0: Gigabyte Technology Co., Ltd. P35-DS3 acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP HPET MCFG APIC SSDT SSDT acpi0: wakeup devices PEX0(S5) PEX1(S5) PEX2(S5) PEX3(S5) PEX4(S5) PEX5(S5) HUB0(S5) UAR1(S1) USB0(S1) USB1(S1) USB2(S1) USB3(S1) US31(S1) USB4(S1) USB5(S1) USBE(S1) USE2(S1) AZAL(S5) PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 333MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz ("GenuineIntel" 686-class) 2.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PEX0) acpiprt2 at acpi0: bus -1 (PEX1) acpiprt3 at acpi0: bus -1 (PEX2) acpiprt4 at acpi0: bus 3 (PEX3) acpiprt5 at acpi0: bus 4 (PEX4) acpiprt6 at acpi0: bus -1 (PEX5) acpiprt7 at acpi0: bus 5 (HUB0) acpicpu0 at acpi0: FVS, 2667, 2000 MHz acpicpu1 at acpi0: FVS, 2667, 2000 MHz acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0xce00 0xd/0x1e00! 0xd2000/0x3000! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82G33 Host" rev 0x02 ppb0 at pci0 dev 1 function 0 "Intel 82G33 PCIE" rev 0x02: apic 2 int 16 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "NVIDIA GeForce 8600 GT" rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 16 uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 21 uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18 ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 18 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 "Intel 82801I HD Audio" rev 0x02: msi azalia0: codecs: Realtek ALC885 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 2 int 16 pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 3 "Intel 82801I PCIE" rev 0x02: apic 2 int 19 pci3 at ppb2 bus 3 jmb0 at pci3 dev 0 function 0 "JMicron JMB363 IDE/SATA" rev 0x02 ahci0 at jmb0: apic 2 int 19, AHCI 1.0 scsibus0 at ahci0: 32 targets jmb1 at pci3 dev 0 function 1 "JMicron JMB363 IDE/SATA" rev 0x02 pciide0 at jmb1: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using apic 2 int 16 for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 pciide0: channel 1 disabled (no drives) ppb3 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 2 int 16 pci4 at ppb3 bus 4 re0 at pci4 dev 0 function 0 "Realtek 8168" rev 0x01: RTL8168 2 (0x3800), apic 2 int 16, address 00:1d:7d:a9:a0:48 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 23 uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 19 uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18 ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 23 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92 pci5 at ppb4 bus 5 ichpcib0 at pci0 dev 31 function 0 "Intel 82801IB LPC" rev 0x02: PM disabled ahci1 at pci0 dev 31 function 2 "Intel 82801I AHCI" rev 0x02: msi, AHCI 1.2 scsibus2 at ahci1: 32 targets sd0
Re: ext42fs support?
On Mon, 22 Aug 2011 12:29:45 +0200 Pascal Stumpf wrote: > Iirc, this only works on ext3 (without journaling ofc), not ext4. > > FreeBSD had a GSoC project last year to implement ext4fs (as a separate > module/driver): http://wiki.freebsd.org/SOC2010ZhengLiu But it's not > even in their main tree yet. If you can't reboot to copy the data off you could try testdisk to read the data in order to get it onto an ffs partition? Or maybe run a Linux boot cd in a virtual machine.
Re: Expected throughput in an OpenBSD virtual server
On 22 aug 2011, at 12:09, Daniel Gracia wrote: > AFAIK, OpenBSD kernel is not designed accounting for any form of virtualization toy, so don't even try figuring performance numbers out of it. These will be plain wrong. > > As http://www.openbsd.org/faq/faq6.html states, there's little you can tweak to improve your numbers; just get a nice-clocked, good cache-sized CPU and give it some loving. > > If OBSD doesn't satisfies you as is, recode it or stay appart, as you like. > > Good luck! > > El 22/08/2011 2:03, Per-Olov Sjvholm escribis: >> Hi "Misc" >> >> # Background # >> >> I have done som fun laborations with a virtual fully patched OpenBSD 4.9 >> firewall on top of SuSE Enterprise Linux 11 SP1 running KVM. The Virtual >> OpenBSD got 512MB RAM and one core from a system with two quadcore Xeon 5504 >> (2Ghz) sitting in a Dell T410 Tower Server. I have given the OpenBSD FW 2 >> dedicated "Intel PRO/1000 MT (82574L)" physical nic:s via PCI passthorugh. So >> OpenBSD sees and uses the real nic:s (they are then unusable to Linux as they >> are unbound). >> >> I have not measured packets per second which of course is more relevant. But >> as I try to tweak the speed I don't care if I measure packets or Mbits as long >> as my tweaks give a higher value during the next test. Going in on one >> physcial nic and out on the other with my small ruleset that uses keep state >> everywhere give me about 400 Mbit. AFP, SMB, SCP or NFS give similar results >> (I copy large files, a few Gig each). I started with a lower value and after a >> few tweaks in sysctl.conf ended up with this speed of 400 Mbit. At this speed >> I can see that the interrupts in the firewall simply eat all resources. Have >> no "ip.ifq.drops" or any other drops that I am aware of... >> >> >> # Question # >> >> I now simply wonder if I can increase this speed I did one test and >> replaced these two physical desktop Intel Nics with a dual port server adapter >> (also Intel, 82546GB). I was interested to see if a dual port, more expensive, >> server adapter could lower my interrupt load. However... OpenBSD yelled >> something about "unable to reset PCI device". So I went back to these two >> desktop adapters. These low price dektop adapters however in a intel i7 >> desktop workstation download over SMB from my server at 119 Mbyte/s and fill >> up the Gig pipe. So they cannot be to bad... >> >> >> As PF cannot use SMP, is the only way to bump up the firewall throughput (in >> this scenario) to increase the speed of the processor core (i.e change >> server)? Or are there any other interesting configs to try ? >> >> >> Regards >> >> /Per-Olov >> -- >> GPG keyID: 5231C0C4 >> GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 >> GPG key: >> http://wwwkeys.eu.pgp.net/pks/lookup?op=get&search=0x766ED29D5231C0C4 > > AFAIK, OpenBSD kernel is not designed accounting for any form of virtualization toy, so don't even try figuring performance numbers out of it. These will be plain wrong. Why is that? The speed so far seems good enough for a virtual fw with this 2Ghz CPU core. No matter if you use a virtual of physical server, you always want to get the most out of it. I do NOT compare with a physical server at all. I want to try to maximize the throughput and se what I can get out of it as a virtual FW test. The same applies if you use a physical server. You can hit the limit and get 100% interrupts with both a physical and virtual server, right? I didn't ask for a comparison with a physical server... I asked what I can do more with it under these circumstances... > As http://www.openbsd.org/faq/faq6.html states, there's little you can tweak to improve your numbers; just get a nice-clocked, good cache-sized CPU and give it some loving. The FAQ you refer to seems to be of no use at all and is totally unrelated to this post. But if you can give hints of how to decrease the interrupt load I am all ears. As I see it, if the interrupt handling model i OpenBSD would change to a polling one u could maybe increase the throughput at the same processor speed (just me guessing though). But now the fact is that it is not polling. So what can I do with what we have Is pure cpu speed the only way? Or is it possible to decrease the interrupt load with even better NIC:s? Regards /Per-Olov
Re: ext42fs support?
On Mon, Aug 22, 2011 at 08:29:47AM +0200, Christian Barthel wrote: > I am not quite sure (not an ext4 user) but you can mount ext4 the same > way, you mount ext3 or ext2. > > mount -t ext2fs > > Maybe, it's dangerous and should be avoided (ext4 is a journaling > filesystem, ext2 not!). So, be careful! Iirc, this only works on ext3 (without journaling ofc), not ext4. FreeBSD had a GSoC project last year to implement ext4fs (as a separate module/driver): http://wiki.freebsd.org/SOC2010ZhengLiu But it's not even in their main tree yet. Code: http://p4db.freebsd.org/branchView.cgi?BRANCH=lz_ext4fs > > > -- > Christian Barthel > Public-Key: http://bc.user-mode.org/bc.asc > Mail: b...@nyx.user-mode.org > Web: http://bc.user-mode.org
Re: ext42fs support?
On Aug 22, 2011 11:51 AM, "Benny Lofgren" wrote: > I'm not familiar with ext4, but as Christian Barthel suggested it might be possible to mount it specifying ext2fs as the file system type, but if you do so, make sure to mount it read-only. It might ruin your file system (and your day) otherwise. Generally it shouldn't be possible to mount ext4 with ext[23] driver. > I suggest you reformat the file system to ufs which would be usable by both systems. UFS support in Linux seems to be relyable only for reading. Writing to UFS volume may screw the things up. It seems to be more reasonable to use Linux live media to transfer files wia NFS or SFTP or whatever. -- Dmitrij D. Czarkoff
Re: Expected throughput in an OpenBSD virtual server
>> Plz, don't top post > > sorry. Sometimes I forgot because here are different rules. Just try and make your emails look nice and easy to read if you want other people to read them, especially if you're asking others for help. Before you hit send, read through your email, if it doesn't look good, re-edit until it does. A mess of hundreds of lines of irrelevant quotes with poor line-wrapping is always hard to read, whether your text is written at the top, the bottom, or interspersed with the quoted text.
Re: Expected throughput in an OpenBSD virtual server
AFAIK, OpenBSD kernel is not designed accounting for any form of virtualization toy, so don't even try figuring performance numbers out of it. These will be plain wrong. As http://www.openbsd.org/faq/faq6.html states, there's little you can tweak to improve your numbers; just get a nice-clocked, good cache-sized CPU and give it some loving. If OBSD doesn't satisfies you as is, recode it or stay appart, as you like. Good luck! El 22/08/2011 2:03, Per-Olov Sjvholm escribis: Hi "Misc" # Background # I have done som fun laborations with a virtual fully patched OpenBSD 4.9 firewall on top of SuSE Enterprise Linux 11 SP1 running KVM. The Virtual OpenBSD got 512MB RAM and one core from a system with two quadcore Xeon 5504 (2Ghz) sitting in a Dell T410 Tower Server. I have given the OpenBSD FW 2 dedicated "Intel PRO/1000 MT (82574L)" physical nic:s via PCI passthorugh. So OpenBSD sees and uses the real nic:s (they are then unusable to Linux as they are unbound). I have not measured packets per second which of course is more relevant. But as I try to tweak the speed I don't care if I measure packets or Mbits as long as my tweaks give a higher value during the next test. Going in on one physcial nic and out on the other with my small ruleset that uses keep state everywhere give me about 400 Mbit. AFP, SMB, SCP or NFS give similar results (I copy large files, a few Gig each). I started with a lower value and after a few tweaks in sysctl.conf ended up with this speed of 400 Mbit. At this speed I can see that the interrupts in the firewall simply eat all resources. Have no "ip.ifq.drops" or any other drops that I am aware of... # Question # I now simply wonder if I can increase this speed I did one test and replaced these two physical desktop Intel Nics with a dual port server adapter (also Intel, 82546GB). I was interested to see if a dual port, more expensive, server adapter could lower my interrupt load. However... OpenBSD yelled something about "unable to reset PCI device". So I went back to these two desktop adapters. These low price dektop adapters however in a intel i7 desktop workstation download over SMB from my server at 119 Mbyte/s and fill up the Gig pipe. So they cannot be to bad... As PF cannot use SMP, is the only way to bump up the firewall throughput (in this scenario) to increase the speed of the processor core (i.e change server)? Or are there any other interesting configs to try ? Regards /Per-Olov -- GPG keyID: 5231C0C4 GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 GPG key: http://wwwkeys.eu.pgp.net/pks/lookup?op=get&search=0x766ED29D5231C0C4
Re: ext42fs support?
On 2011-08-21 17.20, Damon Getsman wrote: > I've been looking through the FAQs and some on the forums, and I've come up > with the conclusion that I'm not able to mount a linux ext4fs partition on > my OpenBSD 4.9 system due to the fact that ext4fs isn't supported > [allegedly]. I've even tried using MAKEDEV to rebuild the device /dev/wd1i > and /dev/rwd1i to no avail. I still get the issue that a block device is > required. Disklabel, of course, shows the partition as being there and > being ext2fs. FYI, MAKEDEV has no bearing on your problem, as you figured out yourself. Regarding the "block device is required" error, are you sure you used the /dev/wd1i and not the /dev/rwd1i partition? > Anyway, if I'm correct in all of those assumptions, I guess what I'm > wondering is if there are any other utilities for [at least] reading an > ext4fs. I've got several terrabytes of information that I'd really like to > at least be able to serve to the other machines on my network from this > machine. If there are not, are there plans for adding this support in the > near future at all? I'm not familiar with ext4, but as Christian Barthel suggested it might be possible to mount it specifying ext2fs as the file system type, but if you do so, make sure to mount it read-only. It might ruin your file system (and your day) otherwise. Otherwise, it sounds more like what you need is NFS... or is the machine you're trying to do this on a dual-boot machine and you want access to the file system in question from both environments? In that case, I suggest you reformat the file system to ufs which would be usable by both systems. Regards, /Benny -- internetlabbet.se / work: +46 8 551 124 80 / "Words must Benny Lofgren/ mobile: +46 70 718 11 90 / be weighed, / fax:+46 8 551 124 89/not counted." /email: benny -at- internetlabbet.se
Re: Expected throughput in an OpenBSD virtual server
On Mon, Aug 22, 2011 at 10:59 AM, Per-Olov SjC6holm wrote: > On 22 aug 2011, at 07:45, Tomas Bodzar wrote: >> Try OpenBSD outside of KVM on real HW and you will see where's the >> bottleneck. Anyway getting 400Mbit/s under virtualization seems pretty >> fine or try to compare with OpenBSD running in VMware as there's fine >> support for that use. >> >> Of course security is around zero in this scenario, but as you said >> you're doing it for fun :-) >> >> On Mon, Aug 22, 2011 at 2:03 AM, Per-Olov Sjvholm wrote: >>> Hi "Misc" >>> >>> # Background # >>> >>> I have done som fun laborations with a virtual fully patched OpenBSD 4.9 >>> firewall on top of SuSE Enterprise Linux 11 SP1 running KVM. The Virtual >>> OpenBSD got 512MB RAM and one core from a system with two quadcore Xeon > 5504 >>> (2Ghz) sitting in a Dell T410 Tower Server. I have given the OpenBSD FW 2 >>> dedicated "Intel PRO/1000 MT (82574L)" physical nic:s via PCI passthorugh. > So >>> OpenBSD sees and uses the real nic:s (they are then unusable to Linux as > they >>> are unbound). >>> >>> I have not measured packets per second which of course is more relevant. > But >>> as I try to tweak the speed I don't care if I measure packets or Mbits as > long >>> as my tweaks give a higher value during the next test. Going in on one >>> physcial nic and out on the other with my small ruleset that uses keep > state >>> everywhere give me about 400 Mbit. AFP, SMB, SCP or NFS give similar > results >>> (I copy large files, a few Gig each). I started with a lower value and > after a >>> few tweaks in sysctl.conf B ended up with this speed of 400 Mbit. At this > speed >>> I can see that the interrupts in the firewall simply eat all resources. > Have >>> no "ip.ifq.drops" or any other drops that I am aware of... >>> >>> >>> # Question # >>> >>> I now simply wonder if I can increase this speed I did one test and >>> replaced these two physical desktop Intel Nics with a dual port server > adapter >>> (also Intel, 82546GB). I was interested to see if a dual port, more > expensive, >>> server adapter could lower my interrupt load. However... OpenBSD yelled >>> something about "unable to reset PCI device". So I went back to these two >>> desktop adapters. These low price dektop adapters however in a intel i7 >>> desktop workstation download over SMB from my server at 119 Mbyte/s and > fill >>> up the Gig pipe. So they cannot be to bad... >>> >>> >>> As PF cannot use SMP, is the only way to bump up the firewall throughput > (in >>> this scenario) to increase the speed of the processor core (i.e change >>> server)? Or are there any other interesting configs to try ? >>> >>> >>> Regards >>> >>> /Per-Olov >>> -- >>> GPG keyID: 5231C0C4 >>> GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 >>> GPG key: >>> http://wwwkeys.eu.pgp.net/pks/lookup?op=get&search=0x766ED29D5231C0C4 >>> >>> > > > > Plz, don't top post sorry. Sometimes I forgot because here are different rules. > > Vmware is commercial software = avoid if I can. Also Linux guests with virtio > drivers gives much better performance on the same hardware if using KVM > instead of Vmware. Also, no need for vmware tools as everything is in stock > Linux kernel. > > I cannot at this time give a fair test running it on the same hardware but as > a physical server instead of a virtual one. This as the KVM host runs 10 other > servers. I have however tested the OpenBSD on another hardware which ended up > with similar performance. That was on a physical box with Gig Intel Nics > (82541 cards) but on a weak Quad core Intel Atom 1.6GHz processor running the > SMP kernel. At the bottle neck speed there was 100% interrupts at around > 400Mbit (same tested files and protocols to be able to give a fair > comparison). Maybe the Intel atom 1.6 can be compared to a Xeon 5504 core on > 2GHz ??? I am not a processor guru. Anyone?? http://marc.info/?l=openbsd-misc&m=126204017310569&w=2 > > > regarding security which you say is "around zero". Yes this is a laboration. > But maybe you should say increased risk which is a more fair statement. I have > not heard of anyone that managed to hack a scenario like this in VMware or > KVM. Also note that the host OS itself in my case cannot even see these > devices as they are unbound. From my point of view it's like the race on WiFi > where people say you should use WPA2 with AES to be secure. But the real fact > is that standard old WPA without AES and with a reasonable key length (20+ > chars) have not been broken by anyone in the world yet (what we know). One > person claims he manage to break a part of it in a lab. So... WPA = secure, > better performance and better compatibility. If I was Nasa or DoD I would > probable avoid WPA as someone someday of course will break it, otherwise > not... > > > > So the question remains. Is it likely that a faster cpu core will give better > performance (not that I need it. Just doing some laborations here). Is a > faster CPU
Re: Expected throughput in an OpenBSD virtual server
On 08/22/11 10:59, Per-Olov Sjvholm wrote: Q: What is the most annoying thing in e-mail? Rants.
Re: Expected throughput in an OpenBSD virtual server
On 22 aug 2011, at 07:45, Tomas Bodzar wrote: > Try OpenBSD outside of KVM on real HW and you will see where's the > bottleneck. Anyway getting 400Mbit/s under virtualization seems pretty > fine or try to compare with OpenBSD running in VMware as there's fine > support for that use. > > Of course security is around zero in this scenario, but as you said > you're doing it for fun :-) > > On Mon, Aug 22, 2011 at 2:03 AM, Per-Olov Sjvholm wrote: >> Hi "Misc" >> >> # Background # >> >> I have done som fun laborations with a virtual fully patched OpenBSD 4.9 >> firewall on top of SuSE Enterprise Linux 11 SP1 running KVM. The Virtual >> OpenBSD got 512MB RAM and one core from a system with two quadcore Xeon 5504 >> (2Ghz) sitting in a Dell T410 Tower Server. I have given the OpenBSD FW 2 >> dedicated "Intel PRO/1000 MT (82574L)" physical nic:s via PCI passthorugh. So >> OpenBSD sees and uses the real nic:s (they are then unusable to Linux as they >> are unbound). >> >> I have not measured packets per second which of course is more relevant. But >> as I try to tweak the speed I don't care if I measure packets or Mbits as long >> as my tweaks give a higher value during the next test. Going in on one >> physcial nic and out on the other with my small ruleset that uses keep state >> everywhere give me about 400 Mbit. AFP, SMB, SCP or NFS give similar results >> (I copy large files, a few Gig each). I started with a lower value and after a >> few tweaks in sysctl.conf ended up with this speed of 400 Mbit. At this speed >> I can see that the interrupts in the firewall simply eat all resources. Have >> no "ip.ifq.drops" or any other drops that I am aware of... >> >> >> # Question # >> >> I now simply wonder if I can increase this speed I did one test and >> replaced these two physical desktop Intel Nics with a dual port server adapter >> (also Intel, 82546GB). I was interested to see if a dual port, more expensive, >> server adapter could lower my interrupt load. However... OpenBSD yelled >> something about "unable to reset PCI device". So I went back to these two >> desktop adapters. These low price dektop adapters however in a intel i7 >> desktop workstation download over SMB from my server at 119 Mbyte/s and fill >> up the Gig pipe. So they cannot be to bad... >> >> >> As PF cannot use SMP, is the only way to bump up the firewall throughput (in >> this scenario) to increase the speed of the processor core (i.e change >> server)? Or are there any other interesting configs to try ? >> >> >> Regards >> >> /Per-Olov >> -- >> GPG keyID: 5231C0C4 >> GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 >> GPG key: >> http://wwwkeys.eu.pgp.net/pks/lookup?op=get&search=0x766ED29D5231C0C4 >> >> Plz, don't top post Vmware is commercial software = avoid if I can. Also Linux guests with virtio drivers gives much better performance on the same hardware if using KVM instead of Vmware. Also, no need for vmware tools as everything is in stock Linux kernel. I cannot at this time give a fair test running it on the same hardware but as a physical server instead of a virtual one. This as the KVM host runs 10 other servers. I have however tested the OpenBSD on another hardware which ended up with similar performance. That was on a physical box with Gig Intel Nics (82541 cards) but on a weak Quad core Intel Atom 1.6GHz processor running the SMP kernel. At the bottle neck speed there was 100% interrupts at around 400Mbit (same tested files and protocols to be able to give a fair comparison). Maybe the Intel atom 1.6 can be compared to a Xeon 5504 core on 2GHz ??? I am not a processor guru. Anyone?? regarding security which you say is "around zero". Yes this is a laboration. But maybe you should say increased risk which is a more fair statement. I have not heard of anyone that managed to hack a scenario like this in VMware or KVM. Also note that the host OS itself in my case cannot even see these devices as they are unbound. From my point of view it's like the race on WiFi where people say you should use WPA2 with AES to be secure. But the real fact is that standard old WPA without AES and with a reasonable key length (20+ chars) have not been broken by anyone in the world yet (what we know). One person claims he manage to break a part of it in a lab. So... WPA = secure, better performance and better compatibility. If I was Nasa or DoD I would probable avoid WPA as someone someday of course will break it, otherwise not... So the question remains. Is it likely that a faster cpu core will give better performance (not that I need it. Just doing some laborations here). Is a faster CPU the best / only way to increase throughput. Of course we assume the OS tweak is ok and that reasonable NIC:s are used. Is there a plan to change the interrupt handling model in OpenBSD to device polling in future releases ? plz don't make this thread a security one from now on as this is not the main purpose. /Per-Olov A: Beca
Re: Reconfiguration for 'chrome' browser broke login capability
On 08/22/11 06:03, Damon Getsman wrote: > Alright, so restoring the contents of /etc/login.conf has, indeed, fixed my > ability to login via whatever means and use sudo. Quite honestly I don't > know how all of those lines got deleted from it, unless I left it open in > vim and the cat jumped on the keyboard while I was out for a little bit or > something. > > Anyway, now that I restored it and everything is working, I again attempted > to follow these instructions given when starting up chrome: > -=-=-=-=-=- > You should make the following changes for your login class in > /etc/login.conf > (you will need to logout and login for these to take effect). > - increase datasize-max to at least 716800. > - increase openfiles-max to at least 400. > -=-=-=-=-=- > > Which results in the follow /etc/login.conf file: > -=-=-=-=-=- > default:\ > :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin:\ > :umask=022:\ > #:datasize-max=512M:\ > :datasize-max=716800:\ Hmmm... " size A number which expresses a size. By default, the size is specified in bytes. It may have a trailing b, k, m, g or t to indicate that the value is in 512-byte blocks, kilobytes, megabytes, gigabytes, or terrabytes, respectively. " So did you just set your maximum datasize to 716.8 kilobytes? :-) > :datasize-cur=512M:\ > :maxproc-max=256:\ > :maxproc-cur=128:\ > :openfiles-cur=128:\ > :openfiles-max=400:\ > :stacksize-cur=4M:\ > :localcipher=blowfish,6:\ > :ypcipher=old:\ > :tc=auth-defaults:\ > :tc=auth-ftp-defaults: > > # > # Settings used by /etc/rc and root > # This must be set properly for daemons started as root by inetd as well. > # Be sure reset these values back to system defaults in the default class! > # > daemon:\ > :ignorenologin:\ > :datasize=infinity:\ > :maxproc=infinity:\ > :openfiles-cur=128:\ > :stacksize-cur=8M:\ > :localcipher=blowfish,8:\ > :tc=default: > > # > # Staff have fewer restrictions and can login even when nologins are set. > # > staff:\ > :datasize-cur=512M:\ > :datasize-max=infinity:\ > :maxproc-max=512:\ > :maxproc-cur=128:\ > :ignorenologin:\ > :requirehome@:\ > :tc=default: > > # > # Authpf accounts get a special motd and shell > # > authpf:\ > :welcome=/etc/motd.authpf:\ > :shell=/usr/sbin/authpf:\ > :tc=default: > -=-=-=-=-=-=- > (with the comments at the beginning removed in order to save cutting& > pasting) > > Anyway, despite the changes that I've made in datasize-max and the addition > of the openfiles-max setting, I'm still receiving the error message from > chrome and unable to use it properly due to too many open temp files. > > Anybody have any suggestions for me or any input on whether or not I > modified /etc/login.conf properly? First question to ask: Did you log out and log in again? login.conf values are only applied on proper logins. Also, if you have a database version of the file (/etc/login.conf.db), don't forget to take appropriate actions to update it. /Alexander > > Much appreciated. > > -Damon Getsman