Re: Narcicism?
Something about gladly making fools suffer as opposed to gladly suffering fools. Actually they are a lot kinder and gentler than I would be. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of John Tate Sent: Thursday, December 01, 2011 1:28 AM To: misc Subject: Narcicism? I think I've found a bug in the OpenBSD crowd. They bug the hell out of me and my little mistakes. I am not talking about people who actually have a solution, but I can't seem to ask anything on this list without parrots coming along picking on me. I think some people just hang out here because it's the most anal bunch of hackers ever, in recorded history. What are your experiences? Is it true that occasionally we attract people who either love bullying or are just lazy and pretending to be one of the clever? It just figures some of these people sit on the list, and email you poorly researched crap with no answers contain. If you hate a question, it truly doesn't belong, bug me. But if you just can't answer a question, ignore it. John Tate. Note: Yes, it's not my list. -- www.johntate.org
Re: Narcicism?
http://johntate.org/fact/johntate "I now have 7 years of experience in FreeBSD/OpenBSD" On Thu, Dec 1, 2011 at 2:58 AM, John Tate wrote: > I think I've found a bug in the OpenBSD crowd. They bug the hell out of me > and my little mistakes. > > I am not talking about people who actually have a solution, but I can't > seem to ask anything on this list without parrots coming along picking on > me. I think some people just hang out here because it's the most anal bunch > of hackers ever, in recorded history. What are your experiences? > > Is it true that occasionally we attract people who either love bullying or > are just lazy and pretending to be one of the clever? > > It just figures some of these people sit on the list, and email you poorly > researched crap with no answers contain. > > If you hate a question, it truly doesn't belong, bug me. > > But if you just can't answer a question, ignore it. > > John Tate. > > Note: Yes, it's not my list. > > -- > www.johntate.org
Narcicism?
I think I've found a bug in the OpenBSD crowd. They bug the hell out of me and my little mistakes. I am not talking about people who actually have a solution, but I can't seem to ask anything on this list without parrots coming along picking on me. I think some people just hang out here because it's the most anal bunch of hackers ever, in recorded history. What are your experiences? Is it true that occasionally we attract people who either love bullying or are just lazy and pretending to be one of the clever? It just figures some of these people sit on the list, and email you poorly researched crap with no answers contain. If you hate a question, it truly doesn't belong, bug me. But if you just can't answer a question, ignore it. John Tate. Note: Yes, it's not my list. -- www.johntate.org
Re: Packet filter log tools
On Thu, Dec 1, 2011 at 5:32 PM, Jan Stary wrote: > On Dec 01 12:23:30, John Tate wrote: > > If no such thing exists, perhaps I should make one, > > Absolutely. Let us know when it is done. > > > I am looking for a project. > > Ah, so sysutils/cdrtools is already up to the latest release? > Here I'll write a patch: rm -rf /usr/ports/sysutils/cdrutils Nobody needs that tool, I'm putting this back on the list hoping you are removed, troll. -- www.johntate.org
mplayer problems
Hi Guys, Is anyone having problems lately with mplayer? After my last update of packages mplayer alternates between these two errors: (0)$ mplayer mplayer: can't load library 'liborc-0.4.so.4.0' (0)$ mplayer mplayer: can't load library 'libenca.so.0.0' I also tried to compile from ports without success: Missing library for orc-0.4>=0.0 Any advice? Thanks, Luis.
Re: bad link for bind's named server patch for Openbsd 5.0 -stable
What patch you want. http://ftp.openbsd.org/pub/OpenBSD/patches/5.0/common/ There isn't one yet, no bug yet. Hmmm. Or if oyu look here: http://openbsd.org/errata50.html You will see clearly that it said: None yet! Hmmm... On 11/30/11 8:30 PM, Ralph W Siegler wrote: So 5.0 has its very first patch to -stable, but the link http://ftp.openbsd.org/pub/OpenBSD/patches/5.0/common/001_bind.patch goes nowhere. Could someone please fix that? Thanks!
Re: bad link for bind's named server patch for Openbsd 5.0 -stable
What you are looking at here: http://www.openbsd.org/errata50.html May not have replicated everywhere yet. Give it a day or two. Daniel On 11/30/11 8:30 PM, Ralph W Siegler wrote: So 5.0 has its very first patch to -stable, but the link http://ftp.openbsd.org/pub/OpenBSD/patches/5.0/common/001_bind.patch goes nowhere. Could someone please fix that? Thanks!
bad link for bind's named server patch for Openbsd 5.0 -stable
So 5.0 has its very first patch to -stable, but the link http://ftp.openbsd.org/pub/OpenBSD/patches/5.0/common/001_bind.patch goes nowhere. Could someone please fix that? Thanks!
Packet filter log tools
OpenBSD Misc, What tools can you guys recommend for browsing through a pf log? GUI not needed, ideally, something a bit like webalizer that spits out HTML. If no such thing exists, perhaps I should make one, I am looking for a project. John Tate -- www.johntate.org
Re: [Soekris] Fwd: mSATA failure on 6501 w/ OpenBSD 5.0
Do you have a way to reproduce this? I have a 6501 with 2GB msata and haven't seen the problem here. On Mon, Nov 28, 2011 at 02:45:41PM -0800, Christopher LILJENSTOLPE wrote: > Greetings, > > Any thoughts as to how to get around this - it's only been up for a few days. > Rebooting my home router every 24 hours is not spouse endearing behavior :) > > Chris > > On 28Nov2011, at 14.30, Chris Cappuccio wrote: > > > here is the key error message. it means your whole ahci disk has disappeared > (and anything you can still run is happening from cache.) > > > > -- > > ahci0: stopping the port, softreset slot 31 was still active. > > ahci0: failed to reset port during timeout handling, disabling it > > -- > > > > likely a reboot will fix it. this is a known problem with ahci driver and > intel ahci controllers. > > > > the "failed to reset port" and "softreset slot was still active" problems > become really obvious once you start maxing out disks on an ahci controller > with a softraid array. they rarely present problems in normal use! but, the > SSD sata drive may evoke different behavior for some reason. i think > continuous runs of iogen over a RAID1 array might bring out similar issues all > by itself, even with regular hard disks > > > > dragonflybsd's port of openbsd's ahci driver has incorporated several of > workarounds for problems directly related to this. (reset this when that > happens, etc..) that might be a good place to start looking, if you can easily > reproduce the problem then you would know quickly when a ported fix from their > driver has helped. > > -- > ff/g? > Check my PGP key here: https://www.asgaard.org/~cdl/cdl.asc > Current vCard here: https://www.asgaard.org/~cdl/cdl.vcf
Re: mSATA failure on 6501 w/ OpenBSD 5.0
Greetings guys, I'm the original reporter, comments in line... One other comment, when I got back to the console and rebooted, the entire drive was scrodded. I haven't seen an fsck like that in quite some time. Unable to really come up as an operational system. Basically re-pxe'd boot.rd and re-installled. I scribbled over the drive before the install without any issues. The drive checked. On 29Nov2011, at 04.10, Remco wrote: > Chris Cappuccio wrote: > >> here is the key error message. it means your whole ahci disk has >> disappeared (and anything you can still run is happening from cache.) >> >> -- >> ahci0: stopping the port, softreset slot 31 was still active. >> ahci0: failed to reset port during timeout handling, disabling it >> -- >> >> likely a reboot will fix it. this is a known problem with ahci driver and >> intel ahci controllers. > > I am not so sure this is a driver problem. > > I think I accidentilly "emulated" this problem the other day on my desktop > system (not a 6501): > Nov 28 16:38:44 ws0001 /bsd: ahci1: stopping the port, softreset slot 31 was > still active. > Nov 28 16:38:44 ws0001 /bsd: ahci1: failed to reset port during timeout > handling, disabling it > > I have this external drive bay connected through e-SATA. After unmounting > the drive I switched off the external drive's power. Running disklabel on > the drive resulted in the above failures, which I guess makes sense, after > all, I made the drive "disappear". The drive is a transcend 16 GB mSATA that's installed on the motherboard - not really some way for it to "go away" > >> >> the "failed to reset port" and "softreset slot was still active" problems >> become really obvious once you start maxing out disks on an ahci >> controller with a softraid array. they rarely present problems in normal >> use! but, the SSD sata drive may evoke different behavior for some reason. >> i think continuous runs of iogen over a RAID1 array might bring out >> similar issues all by itself, even with regular hard disks >> > > Maxing out disks sounds like having more activity on the disks, possibly > making them draw more power. Could these errors relate to bad power cabling > or insufficient power supply ? > > If multiple disks with an insufficiently powered system are the problem, one > solution might be a power supply that can deliver more power, another > possible solution might be using external drive bays, each having their own > power supply. > > For stuff purely SSD related, a motherboard BIOS update and/or SSD firmware > update may help as well. The power supply is running about 40% of max rated - and the drive is SSD a small SSD, so I don't think that it could be the power supply. Current BIOS on the 6501 (an update is coming, but current for right now). SSD is brand new, and has the latest transcend firmware (as far as I can tell). Chris > -- ff/g? Check my PGP key here: https://www.asgaard.org/~cdl/cdl.asc Current vCard here: https://www.asgaard.org/~cdl/cdl.vcf
ISAKMPD question: certificates shipped?
Hi, I'm running into a problem with OpenBSD 5.0 and isakmpd. A config that works on 4.8, doesn't work on 5.0: the client is denied access, allegedly due to OpenBSD shipping the wrong (X.509) certificate, or certificates in the wrong order. The (3rd party) claim is that it might ship the CA certificate, followed by the server certificate. It would be very nice if someone could shed some light to this. TIA! Kind regards, --Toni++
Re: how to find dependencies when building a new kernel
On Nov 30 10:26:46, T. Valent wrote: > sure will solve what you have understood to be my problem. But what > really annoys me here is that I'm not taken seriously when I say "this > isn't an option". Why don't you just believe my words instead of > permanently speaking about things that I explicitly said are impossible? Because if someone simply says "this is impossible", it is only natural to ask "why is that impossible?". How does that annoy you? (Solving your problem is impossible. Really. Don't waste your time asking why.) > Did you read my mail in which I said that the hardware cannot be > changed? A new flashcard would be a change in hardware. So the 32MB storage is a CF card? Don't be surprised that people ask, because it begs the question (no really, it does): why can't you put a bigger CF card in there that would just hold GENERIC? No, really: why? Answering this question will take a few minutes of our time. > I think you know > that. You just don't take my words seriously and keep talking about > things that I already said are not possible in this project. Why discuss > this? From my point of view it's not me wasting your time, but it's you > wasting your time, because you don't really care about what I said. > > The overall project is about updating multiple systems How many multiple systems? > that are in > production. By _just_ using just a software update. Changes in hardware > are not an option. Putting, say, a bigger CF card in them is a change in hardware, granted. Would that change eliminate the need for the whole process of maintaining custom kernels and custom stripped down systems? If not, why? > dmesg output of any of these devices would be possible, but like I said > it's a very stripped down environment. dmesg is not part of it. I'd have > to setup an old system with dmsg on it, So, at some point, you had a system on it that had dmesg(1). How long does it take to put that system on it again and run dmesg(1)? (That's not a rhetorical question that wants to be sarcastic - that's an honest question). Generally, how long does it take to put a new system in, once it is built? > then export the output, just to > convince you of what I've done in the past. Then, after I've proven my > point with this dmesg output, we'd be no step further, Yes we would: we would know your hardware from OpenBSD's point of view. > because like I > said often enough now, I'm not interested in a hint like "add this line > to your config", but I want to learn about what steps to do, next time I > run into the same problem (which I probably will with the next OpenBSD > release that I want to migrate the systems to). > If you can help me by explaining where to look and what to read to learn > how to build the smallest custom kernels possible, I'd be happy. You have been told several times already: strip GENERIC down to what will fit on your system. Start with things you definitely do not need (sound? wifi?), then continue with the rest. If things break, put the last thing that you removed back there. It is a way to arrive at the smallest possible kernel that works for you. Isn't it?
Re: Something similar to Soekris boards, for server applications
On Nov 30, 2011, at 2:18 PM, Mehma Sarja wrote: > I'm putting a Supermicro Atom D510 in the field as a SSD-based firewall and boot server for 158 users. And a Supermicro D525 as a file server with a 1 TB drive. Where they are going, they have power issues and low-power systems, with a UPS, might just survive. Each is maxed out with 4GB RAM. And I am also keeping one application per machine for simple maintenance and 'safeguard' performance. I should also note that if you're considering an Atom N550, it has a limit of 2GB RAM (which is odd, considering it's 64-bit running DDR3 and its predecessor, the N525, maxes out at 4GB of DDR2). Crucial seems to think that's not the case, and I can't convince them otherwise. - Dave
Re: how to find dependencies when building a new kernel
On Nov 30 18:15:30, Torsten Valentin wrote: > > dmesg is the lazy way to get this info, the same info is written to > > /var/log/messages during boot. Are you saying your system is so > > stripped down you don't even log anything? > > Yep. And because the only persistent memory is Flash (32MB, which > quickly dies if you permanently write to it), the whole system runs > inside a RAMDISK only. > And there is no terminal or ssh. Modifying the > system means setting up a new system with modified /sbin/init each time. So: your machine has 32MB of Flash storage that holds the entire system. On boot, it all gets loaded as a RAMDISK. Right? Question: how do you actually put a new system onto that Flash storage? What kind of Flash storage is it? (I suppose it's not a CF card or an USB flash drive that you would plug out, put an image on it, and plug in.) > Hard to believe, I know, but what people do with OpenBSD is sometimes > quite different from what you know from "usual systems". It certainly sounds interesting. Out of curiosity: what do these system do? Are their routers? Rocket launchers? > I can provide a dmesg from a virtual machine that we use for testing > purposes, but obviously that's not the same as the system that the > kernel is going to be running on later in production environment. But, > hey, yet, I haven't been able to compile the kernel on this testing > machine, either. I explain this so elaborately because I know I'd > otherwise get replies like: "What did you tell us about having little > memory and such, this is a usual virtual machine and therefor you've got > no need to use a custom kernel..." ;-) You know what I mean... My goal > is to have kernel config files that will do on both, the virtual machine > for testing and the production environment. Being able to compile a > custom kernel on this VM would be a good first step. From there on I > could add the drivers I need on the production machine and that way get > closer to a final solution... > > I'm very curious how dmesg will help... A dmesg from the actual machine would; really, it would.
Re: pf and includes
On Wed, Nov 30, 2011 at 9:22 AM, Peter Hallin wrote: > Hello, > > I have some issues with pf.conf and includes that perhaps someone could > shed some light on. > > Where I work, we use bridging firewalls with multiple tagged vlans > passing the bridges, and filtering is done on the vlan interfaces. > Normally we have around 10-20 vlans on each machine, and we have a LOT > of rules in pf.conf. To make configuration a little easier I'm beginning > to look at how to separate the vlans into multiple configs, one for each > vlan, and then include them all from pf.conf. > > I would want to have all macros, options and rules for each vlan in a > separate file, but also i would like to use macros from one config in > rules in another file. To clarify what I'm getting at, here's an > example: > > ## > > /etc/vlan500.conf: > > DB="192.168.0.10/32" > > block log on vlan500 > pass in quick on vlan500 from $Webserver to $DB port 3306 > pass out on vlan500 > > ## > > /etc/vlan1000.conf: > > Webserver="192.168.1.20/32" > > block log on vlan1000 > pass in quick on vlan1000 from any to $Webserver port 80 > pass out on vlan1000 > > ## > > /etc/pf.conf > > include "/etc/vlan500.conf" > include "/etc/vlan1000.conf" > > ## > > The above example would not work, as pfctl will look at the rules in > vlan500.conf before looking at the macros in vlan1000.conf and it will > throw an error that the $Webserver macro is not defined. > > If I change the order of the includes in pf.conf, it will work, but of > course of I try to use macros from vlan1000.conf for rules in > vlan500.conf, the problem will arise again. > > One way to solve it would be to put all the macros in, say, > /etc/vlan500-macros.conf and /etc/vlan1000-macros.conf and make sure > they are included before the rules in pf.conf, but that seems > inconvenient to me. > > What is the common practice for using includes? Is there a way to get > pfctl to read ALL macros from ALL files before looking at the rules? > > I would be happy to hear some suggestions. > > Thanks, Peter > You could use a Makefile to concatenate a pf.conf from separate files. This can give more flexibility than provided by "include" : - $ cat vlan500 #macroes DB="192.168.0.10/32" Webserver="192.168.1.20/32" #macroes_end # --- vlan500 block log on vlan500 pass in quick on vlan500 inet proto tcp from $Webserver to $DB port 3306 pass out on vlan500 $ cat vlan1000 #macroes DB="192.168.0.10/32" #macroes_end # --- vlan1000 block log on vlan1000 pass in quick on vlan1000 inet proto tcp from any to $Webserver port 80 pass out on vlan1000 $ cat Makefile pf.conf: macroes_unique vlan500.conf vlan1000.conf cat ${.ALLSRC} > ${.TARGET} vlan1000.conf: vlan1000 sed -e '/#macroes/,/#macroes_end/d' ${.ALLSRC} > ${.TARGET} vlan1000.mac: vlan1000 sed -ne '/#macroes/,/#macroes_end/p' ${.ALLSRC} > ${.TARGET} vlan500.conf: vlan500 sed -e '/#macroes/,/#macroes_end/d' ${.ALLSRC} > ${.TARGET} vlan500.mac: vlan500 sed -ne '/#macroes/,/#macroes_end/p' ${.ALLSRC} > ${.TARGET} macroes_unique: vlan500.mac vlan1000.mac echo "# Macro definitions" >${.TARGET} sort -u ${.ALLSRC} | sed -e '/#macroes/d' >> ${.TARGET} clean: rm -f *.conf *.mac macroes_unique $ make clean rm -f *.conf *.mac macroes_unique $ make sed -ne '/#macroes/,/#macroes_end/p' vlan500 > vlan500.mac sed -ne '/#macroes/,/#macroes_end/p' vlan1000 > vlan1000.mac echo "# Macro definitions" >macroes_unique sort -u vlan500.mac vlan1000.mac | sed -e '/#macroes/d' >> macroes_unique sed -e '/#macroes/,/#macroes_end/d' vlan500 > vlan500.conf sed -e '/#macroes/,/#macroes_end/d' vlan1000 > vlan1000.conf cat macroes_unique vlan500.conf vlan1000.conf > pf.conf $ cat pf.conf # Macro definitions DB="192.168.0.10/32" Webserver="192.168.1.20/32" # --- vlan500 block log on vlan500 pass in quick on vlan500 inet proto tcp from $Webserver to $DB port 3306 pass out on vlan500 # --- vlan1000 block log on vlan1000 pass in quick on vlan1000 inet proto tcp from any to $Webserver port 80 pass out on vlan1000 --- So the Makefile collects macroes defined in the vlan500 and vlan1000 files and after eliminating any duplicates, stuffs them into the "macroes_unique" file. The "vlan500" and "vlan1000", after stripping the macroes, become "vlan500.conf" and "vlan1000.conf". The "pf.conf" Makefile target then concatenates the "macroes_unique" and the vlan*.conf files to the final pf.conf. BTW http://www.freebsd.org/doc/en_US.ISO8859-1/books/pmake/index.html has a nice HTML version of the BSD make documentation. Adriaan
Re: Something similar to Soekris boards, for server applications
I'm putting a Supermicro Atom D510 in the field as a SSD-based firewall and boot server for 158 users. And a Supermicro D525 as a file server with a 1 TB drive. Where they are going, they have power issues and low-power systems, with a UPS, might just survive. Each is maxed out with 4GB RAM. And I am also keeping one application per machine for simple maintenance and 'safeguard' performance. Mehma === On 11/30/11 10:12 AM, Bentley, Dain wrote: I second that. I run an atom 330 with two gigs of RAM and two 500gig drives in a raid for development server at home is a 1u case. It performs great and its low power
Re: Something similar to Soekris boards, for server applications
On Nov 30, 2011, at 1:12 PM, Bentley, Dain wrote: > I second that. I run an atom 330 with two gigs of RAM and two 500gig drives in > a raid for development server at home is a 1u case. It performs great and its > low power My router runs an Atom Mini-ITX board. Nothing heavy duty, but it's a dual-core Atom (N550, dual-core 64-bit with Hyperthreading, so OpenBSD sees it as 4 cores). Jetway also has a really neat "daughterboard" system which is basically a small 66 MHz PCI risier card; my router runs on the 3 Intel NIC daughtercard they have (leaving an extra 2 Realtek ports). It also has a Mini-PCIe slot, which I fitted with a wireless card (currently the Centrino Advanced-N 6230, which doesn't work with OpenBSD and I don't have time to work on the driver ATM). If you're running a server, you could fit whatever you wanted in there that goes in a Mini-PCIe slot (crypto card, etc). My particular board is the NC9C-550, which I've been happy with (though the BIOS is really badly done; you have to turn off the energy saving feature in the BIOS to make it turn on at AC power restoration, which is just stupid). I've been otherwise quite happy with it. - Dave
Re: Something similar to Soekris boards, for server applications
I second that. I run an atom 330 with two gigs of RAM and two 500gig drives in a raid for development server at home is a 1u case. It performs great and its low power Regards, Dain Bentley -Original Message- From: Jason Crawford [ja...@purebsd.net] Received: Wednesday, 30 Nov 2011, 12:33pm To: misc@openbsd.org [misc@openbsd.org] Subject: Re: Something similar to Soekris boards, for server applications On 11/30/11 11:27, Sime Ramov wrote: > Hello, I am looking for something in the spirit of Soekris boards, but > more suited for server applications, e.g. for hosting Django apps. > > Current net6501 is maxed out at 2 GB of RAM and 1.6 Ghz *single-core* > (two threads) atom. > > The reason I am considering Soekris is because dedicated servers are > often underused and idling. Few GB of memory, anemic processor and SSD > gets one a surprisingly long way, especially with properly chosen stack > and caching. > > So the general idea is: one Django app = one Soekris board. This is much > better than virtualization (bare metal forever) or putting more apps on > a big server. > > Some apps would run great on this, but a more powerful CPU and more > memory would be needed for more demanding workloads. > > Any recommendations for similar, but a bit more powerful and versatile > hardware (think one app = one hardware device)? Thanks. > Maybe look at this: http://www.newegg.com/Product/Product.aspx?Item=N82E16816101364 It's cheaper, has twice the RAM, 6 SATA ports, 1.8GHz Atom dual core. Oh, and rackmount case. -- Jason
Re: Something similar to Soekris boards, for server applications
Hi, * Jason Crawford [2011-11-30 12:27-0500]: > Maybe look at this: > http://www.newegg.com/Product/Product.aspx?Item=N82E16816101364 I know about that one, it's not bad but I would like to fit two boards in 1U. Which is exactly what kerberos.si is doing for Soekris with their housings. Supermicro is also having interesting Pentium based offerings. I am hoping there is something more aking to this[1], but a bit more powerfull than net6501. [1]: http://kerberos.si/ENG/Soekris19.htm
Re: Something similar to Soekris boards, for server applications
* Christiano F. Haesbaert [2011-11-30 14:39-0200]: > You may consider the new AMD E-350, the "fusion" ones, they're very > low-power and might suit you. They're very, very cheap, I've never > used them, but sounds a better alternative than the atom. Fusion stuff is consumer tech. Other than AMD embedded stuff (which isn't so bad) I am not sure is there a good fit currently for what I'm after.
Re: how to find dependencies when building a new kernel
> Would you be able to use TFTP to try booting test kernels off a > remote machine? Nope. I try every attempt with a hardware flash drive which I generate for that test machine. But I've got to get the kernel basically running on my test VM, then another not that damn small hardware. Once this is working, I just need to add one more network driver or so and that should be it. At least it it worked for me in the past.
Re: Something similar to Soekris boards, for server applications
On 11/30/11 11:27, Sime Ramov wrote: > Hello, I am looking for something in the spirit of Soekris boards, but > more suited for server applications, e.g. for hosting Django apps. > > Current net6501 is maxed out at 2 GB of RAM and 1.6 Ghz *single-core* > (two threads) atom. > > The reason I am considering Soekris is because dedicated servers are > often underused and idling. Few GB of memory, anemic processor and SSD > gets one a surprisingly long way, especially with properly chosen stack > and caching. > > So the general idea is: one Django app = one Soekris board. This is much > better than virtualization (bare metal forever) or putting more apps on > a big server. > > Some apps would run great on this, but a more powerful CPU and more > memory would be needed for more demanding workloads. > > Any recommendations for similar, but a bit more powerful and versatile > hardware (think one app = one hardware device)? Thanks. > Maybe look at this: http://www.newegg.com/Product/Product.aspx?Item=N82E16816101364 It's cheaper, has twice the RAM, 6 SATA ports, 1.8GHz Atom dual core. Oh, and rackmount case. -- Jason
Re: how to find dependencies when building a new kernel
On Nov 30, 2011, at 12:15 PM, Torsten Valentin wrote: >> dmesg is the lazy way to get this info, the same info is written to >> /var/log/messages during boot. Are you saying your system is so >> stripped down you don't even log anything? > > Yep. And because the only persistent memory is Flash (32MB, which > quickly dies if you permanently write to it), the whole system runs > inside a RAMDISK only. And there is no terminal or ssh. Modifying the > system means setting up a new system with modified /sbin/init each time. Would you be able to use TFTP to try booting test kernels off a remote machine? That's how I tend to do it when I'm trying not to write to flash on my routers while I'm building test kernels. You only have to change flags in the bootloader (of course, I have no idea how feasible that is for you, either; when you say there's no terminal, I assume you probably can't do that except through /etc/boot.conf). - Dave
Re: how to find dependencies when building a new kernel
> dmesg is the lazy way to get this info, the same info is written to > /var/log/messages during boot. Are you saying your system is so > stripped down you don't even log anything? Yep. And because the only persistent memory is Flash (32MB, which quickly dies if you permanently write to it), the whole system runs inside a RAMDISK only. And there is no terminal or ssh. Modifying the system means setting up a new system with modified /sbin/init each time. Hard to believe, I know, but what people do with OpenBSD is sometimes quite different from what you know from "usual systems". I said it's embedded stuff. I said hardware cannot be changed. I said I cannot easily provide this info. There certainly is a way, but it's not worth the effort. I can provide a dmesg from a virtual machine that we use for testing purposes, but obviously that's not the same as the system that the kernel is going to be running on later in production environment. But, hey, yet, I haven't been able to compile the kernel on this testing machine, either. I explain this so elaborately because I know I'd otherwise get replies like: "What did you tell us about having little memory and such, this is a usual virtual machine and therefor you've got no need to use a custom kernel..." ;-) You know what I mean... My goal is to have kernel config files that will do on both, the virtual machine for testing and the production environment. Being able to compile a custom kernel on this VM would be a good first step. From there on I could add the drivers I need on the production machine and that way get closer to a final solution... I'm very curious how dmesg will help... OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz ("GenuineIntel" 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1 real mem = 267907072 (255MB) avail mem = 253472768 (241MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/22/09, BIOS32 rev. 0 @ 0xfd780, SMBIOS rev. 2.4 @ 0xe0010 (98 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 09/22/2009 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U (S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P1(S3) S1F0(S3) S2F 0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z0 11(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P2(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S 9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P3(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) PE40(S3) S1F0(S3) PE50(S3 ) S1F0(S3) PE60(S3) S1F0(S3) PE70(S3) S1F0(S3) PE80(S3) S1F0(S3) PE90(S3) S1F0(S3) PEA0(S3) S1F0(S3) PEB0(S3) S1F0(S3) PEC0(S3) S1F0(S3) PED0(S3) S1F0(S3) PEE0(S3) S1F0(S3) PE41(S 3) S1F0(S3) PE42(S3) S1F0(S3) PE43(S3) S1F0(S3) PE44(S3) S1F0(S3) PE45(S3) S1F0(S3) PE46(S3) S1F0(S3) PE47(S3) S1F0(S3) PE51(S3) S1F0(S3) PE52(S3) S1F0(S3) PE53(S3) S1F0(S3) PE54( S3) S1F0(S3) PE55(S3) S1F0(S3) PE56(S3) S1F0(S3) PE57(S3) S1F0(S3) PE61(S3) S1F0(S3) PE62(S3) S1F0(S3) PE63(S3) S1F0(S3) PE64(S3) S1F0(S3) PE65(S3) S1F0(S3) PE66(S3) S1F0(S3) PE67 (S3) S1F0(S3) PE71(S3) S1F0(S3) PE72(S3) S1F0(S3) PE73(S3) S1F0(S3) PE74(S3) S1F0(S3) PE75(S3) S1F0(S3) PE76(S3) S1F0(S3) PE77(S3) S1F0(S3) PE81(S3) S1F0(S3) PE82(S3) S1F0(S3) PE8 3(S3) S1F0(S3) PE84(S3) S1F0(S3) PE85(S3) S1F0(S3) PE86(S3) S1F0(S3) PE87(S3) S1F0(S3) PE91(S3) S1F0(S3) PE92(S3) S1F0(S3) PE93(S3) S1F0(S3) PE94(S3) S1F0(S3) PE95(S3) S1F0(S3) PE 96(S3) S1F0(S3) PE97(S3) S1F0(S3) PEA1(S3) S1F0(S3) PEA2(S3) S1F0(S3) PEA3(S3) S1F0(S3) PEA4(S3) S1F0(S3) PEA5(S3) S1F0(S3) PEA6(S3) S1F0(S3) PEA7(S3) S1F0(S3) PEB1(S3) S1F0(S3) P EB2(S3) S1F0(S3) PEB3(S3) S1F0(S3) PEB4(S3) S1F0(S3) PEB5(S3) S1F0(S3) PEB6(S3) S1F0(S3) PEB7(S3) S1F0(S3) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: ap
Re: softraid(4): how to reassemble a volume
On Wed, Nov 30, 2011 at 5:16 PM, Joel Sing wrote: > On Wednesday 30 November 2011, Mattieu Baptiste wrote: >> Hi all, >> >> I'm trying to reassemble a softraid(4) volume, created with the 'force' >> flag. When I'm trying: >> # bioctl -C force -c C -l /dev/sd1a softraid0 >> softraid0: chunk sd1a already in use >> bioctl: ioctl: Invalid argument >> >> According to the manpage, '-c' flag only seems to create the volume, >> and not simply assemble it. I don't see anything else to reassemble a >> volume. What's the correct way, if any ? Is it supported ? > > The -c flag creates a volume - if these are chunks have no metadata then it > will create new metadata, otherwise it will reassemble the volume from the > existing metadata. Thanks for the explanation Joel. My crypto volume was created with 'noauto' (not 'force'). I was trying to reassemble with 'force' which effectively reinitialise metadata. Now everything is ok. -- Mattieu Baptiste "/earth is 102% full ... please delete anyone you can."
Re: Natural Link Building Experts..
Hi, Hope you are doing well. I haven't heard back from you, just wondering if you are interested in any of our services. We do theme based link building which has a direct impact not only on the page rank of your client but on the rankings is well. Also, we have a unique quality control protocol implemented wherein all the links are quality checked thrice before sending it to the client. If you are Interested in Then Let Me Know I would Happy to send You Price etc. We can also offer you Flexible Payment Option. Kind Regards, Sonia Mehra From: Sonia Mehra [mailto:soniamehra...@gmail.com] Sent: Tuesday, November 29, 2011 10:00 PM To: 'misc@openbsd.org' Subject: Natural Link Building Experts.. Dear Site Owner, Link Building is done for: 1. Improving Page Rank. 2. Improving the Rankings in search engines. 3. To increase targeted Traffic to the Site. However All these benefits lead to one goal: ''Increase in Sale'' Link Building is one of the most significant aspects of the off page optimization process and is a major determinant of the popularity of your site. For search engines, back links or links pointing to your website indicate that you are 'hot' in the online marketplace. Why choose us: Because all our links would be - 1. Theme based relevant links 2. Manually built 3. Only from quality sites 4. Permanent links 5. Search Engine friendly 6. Full report of the exact placement for verification We have a track record of building more than 1, 80,000 links in the year 2010-2011 and have successfully completed more than 300 campaigns all one way. Contact us today to know more about our natural link building services with more detail. Kind regards Sonia Mehra Online Marketing Consultant Note: This email is not spam, it was manually sent by us, our sole purpose being to introduce ourselves to you with no obligation on your part. Your email address was found to be publicly available on your website and it has not been added to any list. We consider this to be a polite way to contact you and apologize sincerely if you have been inconvenienced in any way. We are obliged to offer you an 'OPT-OUT' from future mailings from us; should you wish to exercise this right, please reply with "OPT-OUT" in the subject field.
Re: Something similar to Soekris boards, for server applications
On 30 November 2011 14:27, Sime Ramov wrote: > Hello, I am looking for something in the spirit of Soekris boards, but > more suited for server applications, e.g. for hosting Django apps. > > Current net6501 is maxed out at 2 GB of RAM and 1.6 Ghz *single-core* > (two threads) atom. > > The reason I am considering Soekris is because dedicated servers are > often underused and idling. Few GB of memory, anemic processor and SSD > gets one a surprisingly long way, especially with properly chosen stack > and caching. > > So the general idea is: one Django app = one Soekris board. This is much > better than virtualization (bare metal forever) or putting more apps on > a big server. > > Some apps would run great on this, but a more powerful CPU and more > memory would be needed for more demanding workloads. > > Any recommendations for similar, but a bit more powerful and versatile > hardware (think one app = one hardware device)? Thanks. > > You may consider the new AMD E-350, the "fusion" ones, they're very low-power and might suit you. They're very, very cheap, I've never used them, but sounds a better alternative than the atom.
Something similar to Soekris boards, for server applications
Hello, I am looking for something in the spirit of Soekris boards, but more suited for server applications, e.g. for hosting Django apps. Current net6501 is maxed out at 2 GB of RAM and 1.6 Ghz *single-core* (two threads) atom. The reason I am considering Soekris is because dedicated servers are often underused and idling. Few GB of memory, anemic processor and SSD gets one a surprisingly long way, especially with properly chosen stack and caching. So the general idea is: one Django app = one Soekris board. This is much better than virtualization (bare metal forever) or putting more apps on a big server. Some apps would run great on this, but a more powerful CPU and more memory would be needed for more demanding workloads. Any recommendations for similar, but a bit more powerful and versatile hardware (think one app = one hardware device)? Thanks.
Re: softraid(4): how to reassemble a volume
On Wednesday 30 November 2011, Mattieu Baptiste wrote: > Hi all, > > I'm trying to reassemble a softraid(4) volume, created with the 'force' > flag. When I'm trying: > # bioctl -C force -c C -l /dev/sd1a softraid0 > softraid0: chunk sd1a already in use > bioctl: ioctl: Invalid argument > > According to the manpage, '-c' flag only seems to create the volume, > and not simply assemble it. I don't see anything else to reassemble a > volume. What's the correct way, if any ? Is it supported ? The -c flag creates a volume - if these are chunks have no metadata then it will create new metadata, otherwise it will reassemble the volume from the existing metadata. DO NOT use -C force unless you want to completely reinitialise the metadata for the volume - in the case of a crypto volume you will generate new metadata with new disk keys, rendering your existing data unreadable. The error message you are getting is telling you that sd1a is already in use - bioctl softraid0 will probably tell you where it is being used (your volume is either already assembled, or it is part of another volume). -- "Reason is not automatic. Those who deny it cannot be conquered by it. Do not count on them. Leave them alone." -- Ayn Rand
Re: usb device causes system crash (ucomstart: null oxfer)
> panic message: > > uvm_fault(0xd0a2c8c0, 0x1000, 0, 1) -> e > kernel: page fault trap, code=0 > Stopped at usb_allocmem+0x14f: cmpl%ebx,0(%eax) I also have a similar panic message. My solution is to disable ehci from my GENERIC. stupid but it works on this NVIDIA USB controller. jakemsr@ knows about this problem. > On Tuesday, November 29, 2011 7:14 PM, "Byron Klippert" > wrote: >> I managed to capture trace and ps output from ddb> >> >> Is this a worthy cause to investigate further or should I take the >> advice of others and move on to real(tm) hardware. It would be a shame >> given the distasteful argument "well it works fine under " >> >> ddb> trace >> usb_allocmem(d800,2,0,d101c740,d101c700) at usb_allocmem+0x14f >> ehci_allocm(d800,d101c740,2,d079d66e,101c754) at ehci_allocm+0x27 >> usbd_transfer(d101c700,d1109900,0,1388,d75b3d74) at usbd_transfer+0xbb >> usbd_do_request_flags_pipe(d1109900,d1109880,d75b3d74,d75b3dce,4) at >> usbd_do_request_flags_pipe+0xbb >> usbd_do_request_flags(d1109900,d75b3d74,d75b3dce,4,d75b3d7c) at >> usbd_do_request_flags+0x3c >> usbd_get_string_desc(d1109900,1,1,d75b3dce,d75b3ecc) at >> usbd_get_string_desc+0x5e >> usbd_get_string(d1109900,1,d3487487,7f,d0ae9220) at usbd_get_string+0x74 >> usbd_devinfo_vp(d1109900,d3487487,7f,d3487408,7f) at >> usbd_devinfo_vp+0x165 >> usbd_fill_deviceinfo(d1109900,d3487400,1,1,0) at >> usbd_fill_deviceinfo+0x53 >> usbd_fill_di_task(d3487400,20,d098f0af,0,d54f362c) at >> usbd_fill_di_task+0x43 >> usb_task_thread(d54f362c) at usb_task_thread+0xb1 >> Bad frame pointer: 0xd0ba0e48 >> >> ddb> ps >>PID PPID PGRPUID S FLAGS WAIT COMMAND >> 11732 5036 11732 0 3 0x4000 endtask usbdevs >> 18220 17676 18220 1000 3 0x4080 kqreadtmux >> 17676 13203 17676 1000 3 0x4080 pause ksh >> 13203 24243 24243 1000 3 0x180 selectsshd >> 24243 7551 24243 0 3 0x4180 netio sshd >> 30142 13825 18365 1000 3 0x4080 ttyin more >> 13825 18365 18365 1000 3 0x4080 pause sh >> 18365 28650 18365 1000 3 0x4080 wait man >> 28650 29160 28650 1000 3 0x4080 pause ksh >> 24368 29160 24368 1000 3 0x4080 ttyin ksh >> 11053 19990 11053 0 3 0x4080 ttyin vi >> 19990 29160 19990 1000 3 0x4080 pause ksh >> 16050 14405 14405 67 3 0x180 netconhttpd >> 21227 29160 21227 1000 3 0x4080 ttyin ksh >> 5036 29160 5036 1000 3 0x4080 pause ksh >> 29160 1 29160 1000 2 0tmux >> 30544 14405 14405 67 3 0x180 netconhttpd >> 1510 14405 14405 67 3 0x180 netconhttpd >> 16181 14405 14405 67 3 0x180 netconhttpd >> 15339 1 15339 0 3 0x4080 ttyin getty >> 8516 14405 14405 67 3 0x180 netconhttpd >>276 14405 14405 67 3 0x180 netconhttpd >> 9801 14405 14405 67 3 0x180 netconhttpd >> 22942 1 22942 0 30x80 selectcron >> 29745 1 29745 0 3 0x180 selectinetd >> 14405 1 14405 0 30x80 selecthttpd >>761 1761 0 3 0x40180 selectsendmail >> 7551 1 7551 0 30x80 selectsshd >> 6224 1 6224 0 30x80 poll ntpd >> 15671 25737 15671 83 3 0x180 poll ntpd >> 25737 1 25737 83 3 0x180 poll ntpd >> 1898 14567 14567 74 3 0x180 bpf pflogd >> 14567 1 14567 0 30x80 netio pflogd >> 24868500500 73 2 0x180syslogd >>500 1500 0 30x88 netio syslogd >> 31551 1 31551 77 3 0x180 poll dhclient >> 13676 1 25110 0 30x80 poll dhclient >> 13732 1 13732 0 30x80 mfsidlmount_mfs >> 5311 1 5311 0 30x80 mfsidlmount_mfs >> 16196 1 16196 0 30x80 mfsidlmount_mfs >> 13 0 0 0 30x100200 aiodoned aiodoned >> 12 0 0 0 30x100200 syncerupdate >> 11 0 0 0 30x100200 cleaner cleaner >> 10 0 0 0 30x100200 reaperreaper >> 9 0 0 0 30x100200 pgdaemon pagedaemon >> 8 0 0 0 30x100200 bored crypto >> 7 0 0 0 30x100200 pftm pfpurge >> *6 0 0 0 70x100200usbtask >> 5 0 0 0 30x100200 usbatsk usbatsk >> 4
Re: pf and includes
Am 30.11.2011 09:22, schrieb Peter Hallin: > Hello, > > I have some issues with pf.conf and includes that perhaps someone could > shed some light on. > > Where I work, we use bridging firewalls with multiple tagged vlans > passing the bridges, and filtering is done on the vlan interfaces. > Normally we have around 10-20 vlans on each machine, and we have a LOT > of rules in pf.conf. To make configuration a little easier I'm beginning > to look at how to separate the vlans into multiple configs, one for each > vlan, and then include them all from pf.conf. > > I would want to have all macros, options and rules for each vlan in a > separate file, but also i would like to use macros from one config in > rules in another file. To clarify what I'm getting at, here's an > example: > > ## > > /etc/vlan500.conf: > > DB="192.168.0.10/32" > > block log on vlan500 > pass in quick on vlan500 from $Webserver to $DB port 3306 > pass out on vlan500 > > ## > > /etc/vlan1000.conf: > > Webserver="192.168.1.20/32" > > block log on vlan1000 > pass in quick on vlan1000 from any to $Webserver port 80 > pass out on vlan1000 > > ## > > /etc/pf.conf > > include "/etc/vlan500.conf" > include "/etc/vlan1000.conf" > > ## > > The above example would not work, as pfctl will look at the rules in > vlan500.conf before looking at the macros in vlan1000.conf and it will > throw an error that the $Webserver macro is not defined. > > If I change the order of the includes in pf.conf, it will work, but of > course of I try to use macros from vlan1000.conf for rules in > vlan500.conf, the problem will arise again. > > One way to solve it would be to put all the macros in, say, > /etc/vlan500-macros.conf and /etc/vlan1000-macros.conf and make sure > they are included before the rules in pf.conf, but that seems > inconvenient to me. > > What is the common practice for using includes? Is there a way to get > pfctl to read ALL macros from ALL files before looking at the rules? > > I would be happy to hear some suggestions. > > Thanks, Peter > How about a definition.conf with all your (Name,IP-Adress)-Pairs which is included first in your pf.conf, so your vlan.confs only include the rules but no definitions. guido
Re: problem making IPv6 address from rtadvd prefix
Douglas Maus wrote: > Also, is having the rtsold daemon running all the time required? No. > If you have hostname.if with rtsol to set the route at boot, > do you have to run rtsold? No. IPv6 routers regularly broadcast advertisements. If you have net.inet6.ip6.accept_rtadv set to 1, these advertisements will be automatically processed by the kernel. You only need to run rtsol to request a router advertisement right now, so you won't have to wait ten minutes. In other words, running rtsol once at startup (from hostname.if) is enough. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: how to find dependencies when building a new kernel
On Wed, 30 Nov 2011, T. Valent wrote: SNIP dmesg output of any of these devices would be possible, but like I said it's a very stripped down environment. dmesg is not part of it. I'd have to setup an old system with dmsg on it, then export the output, just to dmesg is the lazy way to get this info, the same info is written to /var/log/messages during boot. Are you saying your system is so stripped down you don't even log anything? diana Past hissy-fits are not a predictor of future hissy-fits. Nick Holland(06 Dec 2005)
Re: [5.0] pkg_add too many FTP connections
On Wed, 30 Nov 2011 11:37:18 +0100 Patrick Lamaiziere wrote: > Hello, > > I'm trying to update packages with pkg_add via ftp : > > # pkg_add -ui > Error from > ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gperf-3.0.4.tgz 421 > There are too many connections from your internet address. ftp: Can't > connect or login to host `ftp.irisa.fr' > Error from > ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gtar-1.26p0.tgz 421 > There are too many connections from your internet address. ftp: Can't > connect or login to host `ftp.irisa.fr' > ... > > Is there a way to limit the number of FTP connections for pkg_add? > > Thanks, regards. > Maybe try a different mirror. I get messages like that when I download from ftp://mirror.internode.on.net/pub/OpenBSD/ , but not when I switch to the other ftp sites.
protecting NFS on IPsec gateway
Hi! I want to secure my wlan using IPsec. The simplified setup looks like this: 172.26.153.0/24 .1 public ip (wlan clients) --- athn0[OpenBSD gateway]pppoe0 -- ((internet)) IPsec This works fine so far. But now I want to secure my OpenBSD gateway which also runs NFS. How can I block NFS packets on the encrypted link while still allowing ssh, ftp and the like on the encrypted link? On enc0 I can see only ipencap packets which cannot be filtered by pf. Christopher
Re: [5.0] pkg_add too many FTP connections
Le Wed, 30 Nov 2011 12:35:40 +0100, Marc Espie a icrit : > Fix your proxy/connection. pkg_add keeps one ftp connection alive, > not more, but it does interrupt connections brutally as soon as it > has the information it wants. > > All such problems come from stale ftp connections, there's something > flaky in your network setup that means ftp.irisa.fr does not see the > severed connections. Thanks Marc, Could it be that this ftp server (irisa) is near from here (1Gbit) and doesn't have the time to see that the connection was dropped? I don't have any problem with other mirror (ex ftp://fr.openbsd.org) Thanks, regards.
Re: [5.0] pkg_add too many FTP connections
On Wed, Nov 30, 2011 at 06:18:54AM -0600, Chris Bennett wrote: > I found two different problems that seemed to be cured in two different ways. > Your network may be the problem. I have access to two different wifi sources. > They are both different connections completely and at the same location. > Changing to the other one cures the problem. > > I also found that changing from ftp sources to http sources seems to help a > lot. > Of course it does, http is a much simpler protocol than ftp, proxy-wise. - one simple connection - no funky behavior based on telnet urgent stuff to interrupt connections. Those two details are very often handled WRONG by various servers, client and proxy.
Re: [5.0] pkg_add too many FTP connections
I found two different problems that seemed to be cured in two different ways. Your network may be the problem. I have access to two different wifi sources. They are both different connections completely and at the same location. Changing to the other one cures the problem. I also found that changing from ftp sources to http sources seems to help a lot. On Wed, Nov 30, 2011 at 11:37:18AM +0100, Patrick Lamaiziere wrote: > Hello, > > I'm trying to update packages with pkg_add via ftp : > > # pkg_add -ui > Error from > ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gperf-3.0.4.tgz 421 > There are too many connections from your internet address. ftp: Can't > connect or login to host `ftp.irisa.fr' > Error from > ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gtar-1.26p0.tgz 421 > There are too many connections from your internet address. ftp: Can't > connect or login to host `ftp.irisa.fr' > ... > > Is there a way to limit the number of FTP connections for pkg_add? > > Thanks, regards.
ssh vpn
Hi, I've set up an openssh based vpn as described in ssh(1). Now, I want to send all my traffic through this pipe. So I've put the following nat rules on both ends of the pipe: match out on em0 from tun0:network nat-to (em0) and modified the client route table like this: route add route change default 10.1.1.1 # <--- IP on tun0 It works as needed but now I need to access a service (e.g. a www server) on and the www port is filtered by . How can I do this? (I've tried some rdr-to and route-to rules on specific port without success). -- Manuel Giraud
Re: [5.0] pkg_add too many FTP connections
On Wed, Nov 30, 2011 at 11:37:18AM +0100, Patrick Lamaiziere wrote: > Hello, > > I'm trying to update packages with pkg_add via ftp : > > # pkg_add -ui > Error from > ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gperf-3.0.4.tgz 421 > There are too many connections from your internet address. ftp: Can't > connect or login to host `ftp.irisa.fr' > Error from > ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gtar-1.26p0.tgz 421 > There are too many connections from your internet address. ftp: Can't > connect or login to host `ftp.irisa.fr' > ... > > Is there a way to limit the number of FTP connections for pkg_add? Fix your proxy/connection. pkg_add keeps one ftp connection alive, not more, but it does interrupt connections brutally as soon as it has the information it wants. All such problems come from stale ftp connections, there's something flaky in your network setup that means ftp.irisa.fr does not see the severed connections.
Re: [5.0] pkg_add too many FTP connections
On Wed, Nov 30, 2011 at 12:04:10PM +0100, Dmitrij Czarkoff wrote: > On Wed, Nov 30, 2011 at 11:37 AM, Patrick Lamaiziere > wrote: > > Is there a way to limit the number of FTP connections for pkg_add? > > The number of FTP connections corresponds to the number of packages. > Your mirror just doesn't allow enough connections to update all of > them, or You've tried too many times. Nope, probably all wrong.
Re: how to find dependencies when building a new kernel
Thanks to everybody. I'll dig deeper into the config files soon. For now I think we've got it discussed as much as is possible in a ML.
Re: problem making IPv6 address from rtadvd prefix
On Tue, Nov 29, 2011 at 07:59:41PM -0500, Douglas Maus wrote: > Followup: > (sorry for unconventional thread posting and the delay - > learning OpenBSD is my very late night hobby > so I'm not subscribed to the misc list) > > 3 persons posted with suggestions (mherrb, stu, and raimo) > > mherrb wrote: > >A few stuff to check: > > > >- you say you modified sysctl.conf, but did you execute the sysctl > >command or rebooted to have those changes taken into account ? > > > I rebooted, then checked by running 'sysctl net.inet6' to confirm changes > so, not that. > > > > > >- what does the 'rtsol -d' command report when executed ? (it will > >manually trigger a router sollicitation) > > and raimo also suggested: > >Try (see rtsold(8)): > ># pkill -USR1 rtsold > ># cat /var/run/rtsold.dump > \ > > Interface re0 > >probe interval: infinity > >no probe timer > >interface status: active > >other config: off > >rtsold status: IDLE > >carrier detection: available > >probes: 0, dadcount = 0 > >no timer > >number of valid RAs: 11940 > > > here's my rtsol > $ sudo rtsol -d re0 > checking if re0 is ready... > re0 is ready > send RS on re0, whose state is 2 > received RA from fe80::00a1:b1ff:fea1:b1e1 on re0, state is 2 > stop timer for re0 > there is no timer > > and here is my rtsold.dump > Interface re0 > probe interval: infinity > no probe timer > interface status: active > other config: on > rtsold status: IDLE > carrier detection: available > probes: 0, dadcount = 0 > no timer > number of valid RAs: 2 > > It seems to see the RA > however, this doesn't say anything about processing the prefix. > Is there any toggle/flag to get it to output debug info about the prefix? > > And what is this 'other config'? I've googled it, and can't find enough > to educate myself. I do not know what is causing your symptoms, but have not run out of hints completely yet (but almost). rtsold takes -f and -D flags that might be useful. Maybe a ktrace of rtsold could give more info. 'other config' is actually mentioned in the man page for rtsold. Just a guess, if your Apple router perhaps uses this "Other Configuration" flag and you have not supplied an -O switch to rtsold maybe it gets confused and does not complete its tasks (setting the IPv6 address). Note that your routing table in a previous mail had got your expected prefix to the right link, probably the work of rtsold... > > Also, is having the rtsold daemon running all the time required? > If you have hostname.if with rtsol to set the route at boot, > do you have to run rtsold? > I guess that would be useful on large dynamic networks, but > simple home networks, would the absence of rtsold be a problem? > I was not aware of that from reading the man pages for hostname.if > and rtsol(d). Again, guessing, but... since router advertisements has a lifetime timeout value suggests it might have to be re-run (or preferably run in the background) during the host's uptime. > > > > > > mherrb further suggested: > >But you may have a crappy ethernet switch or hub in the path that > >blocks or damages multicast frames. I've had such a device it the > >past. Replacing it by a little more expensive switch fixed my v6 SLAAC > >issues. > > A) The switch is an HP Procurve 1410-16G (not inexpensive) > B) The MacOSX machines in my network are not having a problem > configuring with the proper prefix, so I don't think it is the switch > > > > > stu wrote: > >no dmesg. > > okay - sorry - I've put it at the bottom of this post > (always seems to me like a waste of electrons) > > > >I suspect some re(4) don't do multicast correctly. does it start > >working if you leave tcpdump running on the interface? > > When I let tcpdump run for a couple minutes before to snag the route > solicitation and advertisement - no help. > How long of a time are you suggesting? > > > >for your obfuscated MAC addresses, did you just change them in the > >email or did you set them on the nic with ifconfig lladdr? > > no, I did not set them with ifconfig > I just fudged them in the email to hide my MAC > (don't most people do that - make up DEAD:BEEF:CAFE:BABE etc?) > > > > > So, still no luck. > I also tried setting IPv4 to do dhcp in hostname.re0 instead of the > fixed address like in my original email, and rebooted several times, > but still no help. > > Other thoughts? > > thank you for your offers of help and advice > > > > > > dmesg: > OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP > cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz ("GenuineIntel" 686-class) 1.61 GHz > cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,A > CPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDC > M,MOVBE > real mem = 2138238976 (2039MB) > avail mem = 2093182976 (1996MB) > mainbus0 at root > bios0 a
Re: [5.0] pkg_add too many FTP connections
On Wed, Nov 30, 2011 at 11:37 AM, Patrick Lamaiziere wrote: > Is there a way to limit the number of FTP connections for pkg_add? The number of FTP connections corresponds to the number of packages. Your mirror just doesn't allow enough connections to update all of them, or You've tried too many times. -- Dmitrij D. Czarkoff
[5.0] pkg_add too many FTP connections
Hello, I'm trying to update packages with pkg_add via ftp : # pkg_add -ui Error from ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gperf-3.0.4.tgz 421 There are too many connections from your internet address. ftp: Can't connect or login to host `ftp.irisa.fr' Error from ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gtar-1.26p0.tgz 421 There are too many connections from your internet address. ftp: Can't connect or login to host `ftp.irisa.fr' ... Is there a way to limit the number of FTP connections for pkg_add? Thanks, regards.
Re: how to find dependencies when building a new kernel
Stuart, I really don't want to be misunderstood: I really appreciate the help that's being offered from various users of this ML. However, the following is somewhat off topic as it does not contribute to the thread itself. >> Because of the permanent repeating of "USE THE GENERIC KERNEL" > not worth wasting other people's time > on solving if you aren't prepared to do it yourself. I'm not with you here. I'm really doing my best to try and learn how to solve my problems myself. I'm just asking for help and explanations to things that I don't understand. As far as I understand, that's what MLs are about. > Alternatively: here's a nickel, get a flashcard from sometime later > than 2005... I really understand that a lot of people are asking stupid questions in MLs and I'm pretty sure I've done so myself quite often. I take this as an explanation why you keep telling me things of which you probably are sure will solve what you have understood to be my problem. But what really annoys me here is that I'm not taken seriously when I say "this isn't an option". Why don't you just believe my words instead of permanently speaking about things that I explicitly said are impossible? Did you read my mail in which I said that the hardware cannot be changed? A new flashcard would be a change in hardware. I think you know that. You just don't take my words seriously and keep talking about things that I already said are not possible in this project. Why discuss this? From my point of view it's not me wasting your time, but it's you wasting your time, because you don't really care about what I said. The overall project is about updating multiple systems that are in production. By _just_ using just a software update. Changes in hardware are not an option. dmesg output of any of these devices would be possible, but like I said it's a very stripped down environment. dmesg is not part of it. I'd have to setup an old system with dmsg on it, then export the output, just to convince you of what I've done in the past. Then, after I've proven my point with this dmesg output, we'd be no step further, because like I said often enough now, I'm not interested in a hint like "add this line to your config", but I want to learn about what steps to do, next time I run into the same problem (which I probably will with the next OpenBSD release that I want to migrate the systems to). If you can help me by explaining where to look and what to read to learn how to build the smallest custom kernels possible, I'd be happy. If not, well, without any sarcasm: please don't waste your valuable time with this thread. T.
softraid(4): how to reassemble a volume
Hi all, I'm trying to reassemble a softraid(4) volume, created with the 'force' flag. When I'm trying: # bioctl -C force -c C -l /dev/sd1a softraid0 softraid0: chunk sd1a already in use bioctl: ioctl: Invalid argument According to the manpage, '-c' flag only seems to create the volume, and not simply assemble it. I don't see anything else to reassemble a volume. What's the correct way, if any ? Is it supported ? -- Mattieu Baptiste "/earth is 102% full ... please delete anyone you can."
Potencializa tus habilidades, Personal Branding para Ejecutivos.
1328602 [IMAGE] Personal Branding. Desarrolla tu marca personal. Si esta informacisn no compete a su area y la considera de valor le agradecemos compartirla. Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la STPS Trabajamos con expertos en la materia para poder brindar herramientas tacticas, vanguardistas y de facil aplicacisn. Este entrenamiento cuenta con 100% Garantma de Satisfaccisn. !Reciba la informacisn completa! Por favor responda este e-mail con los datos siguientes Empresa Nombre Telifono Email Nzmero de Interesados En breve recibira temario, reseqa de expositor y tarifas. Si lo prefiere comunmquese a los telifonos donde con gusto uno de nuestros ejecutivos le atendera. Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas. Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. E-Mail MARKETING SERVICE POWERED BY MEDIAMARKETING. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. ALTO, si en esta ocasisn la informacisn recibida no fue de su interis pero desea recibir informacisn personalizada en relacisn a otros temas favor de indicarlo. Si usted ha recibido este mensaje por error, haga caso omiso de el y de antemano una sincera disculpa por la molestia, reporte su cuenta respondiendo este correo con el subject BAJABRAND Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJABRAND Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia para nosotros y no es intencisn de la empresa la inconformidad del receptor, nuestra intencisn es promover herramientas de utilidad para el adiestramiento profesional. [demime 1.01d removed an attachment of type image/jpeg which had a name of personal branding.jpg]
Re: pf and includes
> One way to solve it would be to put all the macros in, say, > /etc/vlan500-macros.conf and /etc/vlan1000-macros.conf and make sure > they are included before the rules in pf.conf, but that seems > inconvenient to me. that might be your best option. you can use something like pfctl to parse rules without loading them, but I don't think the reverse is possible. you're probably not this lucky, but assuming all your macros are just name/ip pairs like in the example, you might be able to get away with storing them all in /etc/hosts or setting up a dns forwarder.
Re: usb device causes system crash (ucomstart: null oxfer)
At the very least you're seeing some errors. In my case, the USB/serial adapters -uticom, uftdi and uplcom- would fail without notice. Ports would open, but with no TX/RX. Detaching/reattaching won't bring them back to live; only rebooting. If your project has deadline, search for a PCI/ePCI serial board and enjoy! I have around some of those untrustful interfaces and would like to take a look at that usb code in a near future. El 30/11/2011 4:14, Byron Klippert escribis: I managed to capture trace and ps output from ddb> Is this a worthy cause to investigate further or should I take the advice of others and move on to real(tm) hardware. It would be a shame given the distasteful argument "well it works fine under " ddb> trace usb_allocmem(d800,2,0,d101c740,d101c700) at usb_allocmem+0x14f ehci_allocm(d800,d101c740,2,d079d66e,101c754) at ehci_allocm+0x27 usbd_transfer(d101c700,d1109900,0,1388,d75b3d74) at usbd_transfer+0xbb usbd_do_request_flags_pipe(d1109900,d1109880,d75b3d74,d75b3dce,4) at usbd_do_request_flags_pipe+0xbb usbd_do_request_flags(d1109900,d75b3d74,d75b3dce,4,d75b3d7c) at usbd_do_request_flags+0x3c usbd_get_string_desc(d1109900,1,1,d75b3dce,d75b3ecc) at usbd_get_string_desc+0x5e usbd_get_string(d1109900,1,d3487487,7f,d0ae9220) at usbd_get_string+0x74 usbd_devinfo_vp(d1109900,d3487487,7f,d3487408,7f) at usbd_devinfo_vp+0x165 usbd_fill_deviceinfo(d1109900,d3487400,1,1,0) at usbd_fill_deviceinfo+0x53 usbd_fill_di_task(d3487400,20,d098f0af,0,d54f362c) at usbd_fill_di_task+0x43 usb_task_thread(d54f362c) at usb_task_thread+0xb1 Bad frame pointer: 0xd0ba0e48 ddb> ps PID PPID PGRPUID S FLAGS WAIT COMMAND 11732 5036 11732 0 3 0x4000 endtask usbdevs 18220 17676 18220 1000 3 0x4080 kqreadtmux 17676 13203 17676 1000 3 0x4080 pause ksh 13203 24243 24243 1000 3 0x180 selectsshd 24243 7551 24243 0 3 0x4180 netio sshd 30142 13825 18365 1000 3 0x4080 ttyin more 13825 18365 18365 1000 3 0x4080 pause sh 18365 28650 18365 1000 3 0x4080 wait man 28650 29160 28650 1000 3 0x4080 pause ksh 24368 29160 24368 1000 3 0x4080 ttyin ksh 11053 19990 11053 0 3 0x4080 ttyin vi 19990 29160 19990 1000 3 0x4080 pause ksh 16050 14405 14405 67 3 0x180 netconhttpd 21227 29160 21227 1000 3 0x4080 ttyin ksh 5036 29160 5036 1000 3 0x4080 pause ksh 29160 1 29160 1000 2 0tmux 30544 14405 14405 67 3 0x180 netconhttpd 1510 14405 14405 67 3 0x180 netconhttpd 16181 14405 14405 67 3 0x180 netconhttpd 15339 1 15339 0 3 0x4080 ttyin getty 8516 14405 14405 67 3 0x180 netconhttpd 276 14405 14405 67 3 0x180 netconhttpd 9801 14405 14405 67 3 0x180 netconhttpd 22942 1 22942 0 30x80 selectcron 29745 1 29745 0 3 0x180 selectinetd 14405 1 14405 0 30x80 selecthttpd 761 1761 0 3 0x40180 selectsendmail 7551 1 7551 0 30x80 selectsshd 6224 1 6224 0 30x80 poll ntpd 15671 25737 15671 83 3 0x180 poll ntpd 25737 1 25737 83 3 0x180 poll ntpd 1898 14567 14567 74 3 0x180 bpf pflogd 14567 1 14567 0 30x80 netio pflogd 24868500500 73 2 0x180syslogd 500 1500 0 30x88 netio syslogd 31551 1 31551 77 3 0x180 poll dhclient 13676 1 25110 0 30x80 poll dhclient 13732 1 13732 0 30x80 mfsidlmount_mfs 5311 1 5311 0 30x80 mfsidlmount_mfs 16196 1 16196 0 30x80 mfsidlmount_mfs 13 0 0 0 30x100200 aiodoned aiodoned 12 0 0 0 30x100200 syncerupdate 11 0 0 0 30x100200 cleaner cleaner 10 0 0 0 30x100200 reaperreaper 9 0 0 0 30x100200 pgdaemon pagedaemon 8 0 0 0 30x100200 bored crypto 7 0 0 0 30x100200 pftm pfpurge *6 0 0 0 70x100200usbtask 5 0 0 0 30x100200 usbatsk usbatsk 4 0 0 0 30x100200 bored syswq 3 0 0 0 3 0x40100
pf and includes
Hello, I have some issues with pf.conf and includes that perhaps someone could shed some light on. Where I work, we use bridging firewalls with multiple tagged vlans passing the bridges, and filtering is done on the vlan interfaces. Normally we have around 10-20 vlans on each machine, and we have a LOT of rules in pf.conf. To make configuration a little easier I'm beginning to look at how to separate the vlans into multiple configs, one for each vlan, and then include them all from pf.conf. I would want to have all macros, options and rules for each vlan in a separate file, but also i would like to use macros from one config in rules in another file. To clarify what I'm getting at, here's an example: ## /etc/vlan500.conf: DB="192.168.0.10/32" block log on vlan500 pass in quick on vlan500 from $Webserver to $DB port 3306 pass out on vlan500 ## /etc/vlan1000.conf: Webserver="192.168.1.20/32" block log on vlan1000 pass in quick on vlan1000 from any to $Webserver port 80 pass out on vlan1000 ## /etc/pf.conf include "/etc/vlan500.conf" include "/etc/vlan1000.conf" ## The above example would not work, as pfctl will look at the rules in vlan500.conf before looking at the macros in vlan1000.conf and it will throw an error that the $Webserver macro is not defined. If I change the order of the includes in pf.conf, it will work, but of course of I try to use macros from vlan1000.conf for rules in vlan500.conf, the problem will arise again. One way to solve it would be to put all the macros in, say, /etc/vlan500-macros.conf and /etc/vlan1000-macros.conf and make sure they are included before the rules in pf.conf, but that seems inconvenient to me. What is the common practice for using includes? Is there a way to get pfctl to read ALL macros from ALL files before looking at the rules? I would be happy to hear some suggestions. Thanks, Peter
Re : how to find dependencies when building a new kernel
Hello, > De : Kevin Chadwick > Split your config in half, choose the half you think is most likely to > cause the problem and diff that half back to defaults and compile. Just to ack what Kevin says. You're trying to add and remove too many different things at once. First take the Generic kernel and add the driver that you wanted, compile. Then remove unecessary drivers from one type of hardware (for example soundcards), compile, repeat the process with other drivers (joysticks, scanners...). Make sure that you backup all working config files and restart from the last config that worked. The other way is to do like you did, add and remove options from the Generic kernel (keep a copy of it) but it requires the ability to understand the output when the compilation fails. Also if you understood what Vitali wrote, it should be quite straight forward to remove options in the kernel and then be able to compile it smoothly. I used to run a Custom kernel and removed as many options as I could but when something went wrong (in most cases I wanted to install a new software) I always wondered if that was due to my kernel, so each time I had to reboot on Generic and restarted to troubleshoot from there. Now I just find it more convenient to run Generic since I don't have specific requirements. However, I think that it's not a reason to say "don't compile a Custom kernel" (this is not a troll). It's part of a "general OpenBSD knowledge" to be able to build a Custom kernel. And this is different from "I've built a Custom kernel, it compiled fine, but the system acts funny/wrong sometimes". Have a nice day