Re[2]: how to get userland pthreads working?

[Mo Libden]

Tue, 10 Apr 2012 11:10:09 -0700 PQ Philip Guenther guent...@gmail.com:
 On Tue, Apr 10, 2012 at 10:41 AM, Mo Libden m0lib...@mail.ru wrote:
  I wrote a two string program to check rthreads, it looks really interesting!
 
  I am interested how do I get pure userland library back in case I need?
  Just setting kern.rthreads=0 seems to be not enough: pthread_create()
  fails this case as not supported.
 
  Do I need to link the program against another library? Anything else?
 
 Running -current with userland threads is not supported.  If you need
 userland threads, you need to run 5.1 or earlier. 

That was what I really needed. Thank you!

It is not stated clearly in the pthreads man page.
The man page still says it is a userland library implementation,
which obviously is not true anymore. That's why I asked.

Now, for the following, what's up with the immediate disclaimers?
Only asked a question, sheesh. Nobody asked for support or
anything similar. Being with OpenBSD since 1996, I kinda know the
versioning and the terms for the support.

 As for how to do
 that, well, to quote section 5.1 of the FAQ:
 --
 One should also understand that the upgrade process is supported in
 only one direction: from older to newer, and from -stable to -current.
 You can not run 5.0-current (or a snapshot), then decide you are
 living too dangerously, and step back to 5.0-stable. You are on your
 own if you choose any path other than the supported option of
 reloading your system from scratch, do not expect assistance from the
 OpenBSD development team.
 --
 
 
 Philip Guenther

Re: how to get userland pthreads working?

[Philip Guenther]

On Wed, Apr 11, 2012 at 12:28 AM, Mo Libden m0lib...@mail.ru wrote:
 Tue, 10 Apr 2012 11:10:09 -0700 PQ  Philip Guenther guent...@gmail.com:
...
 Running -current with userland threads is not supported.  If you need
 userland threads, you need to run 5.1 or earlier.

 That was what I really needed. Thank you!

 It is not stated clearly in the pthreads man page.
 The man page still says it is a userland library implementation,
 which obviously is not true anymore. That's why I asked.

Perhaps if we hit a blocker that would keep rthreads from being ready
for the 5.2 release we'll be reverting the switch.  Some parts of the
docs might not be updated until we are confident that won't occur.

BTW, any particular reason for wanting to switch back?  Something not
working right or a regression in performance or behavior?


 Now, for the following, what's up with the immediate disclaimers?
 Only asked a question, sheesh. Nobody asked for support or
 anything similar. Being with OpenBSD since 1996, I kinda know the
 versioning and the terms for the support.

Ah misc@, where half the people need the FAQ read to them and the
other half are insulted when someone tries to answer the obvious next
question.


Philip Guenther

Re: CARP interfaces randomly stop answering ARP requests

[Ian Chard]

On 03/04/12 10:32, Camiel Dobbelaar wrote:

On 3-4-2012 11:13, Ian Chard wrote:

I have an OpenBSD box acting as a NATting firewall.  It has 59 CARP
interfaces defined, all identical apart from the IP address and vhid. At
the moment there is no failover pair, so all the interfaces are in
MASTER mode.

Every so often, one of these interfaces will suddenly stop answering ARP
requests.  With tcpdump I can see the ARP requests coming in, but they
are never answered.  ifconfig output for the interface is no different
to any of the other CARP instances; most notably, it is still in MASTER
mode.  I have net.inet.carp.log set to 7, but nothing is logged when
this happens: no state changes, no other messages.

Recovery is simple: I just 'ifconfig carpxx down; ifconfig carpxx up'.
The interface recovers in a second or two.

I had this problem with 4.9-stable, and today I migrated the config to a
fresh 5.0-stable installation with the same results.

Any help much appreciated!


I assume all your carp interfaces have the same carpdev (physical
interface) ?

I suspect you may run into this limit (in sys/netinet):
if_ether.c: IFQ_SET_MAXLEN(arpintrq, 50);  /* XXX hate
magic numbers */

Can you raise that number to 100 and compile a new kernel?


I've now had this running since your suggestion, and the problem hasn't 
come back.  Thanks again!


- Ian

--
Ian Chard, Systems Architect   |  E: ian.ch...@bodleian.ox.ac.uk
Bodleian Libraries |  T:  80587 / (01865) 280587
University of Oxford   |  F:  (01865) 242287

Re: How to have more than 15 pflog interfaces?

[Henning Brauer]

* Siju George sgeorge@gmail.com [2012-04-10 08:16]:
 On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera andre...@zoho.com wrote:
  altering the max might have consequences i don't know about:
 I will stick with 15 :-)

actually, bumping it should be absolutely safe.

pretty dumb limit actually, we should just dynamically allocate the
pflogifs array.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

V5.0 - ipsec -- lifetime dependencies between ipsec.conf (ipsecctl) and isakmpd.conf

[Andre Ruppert]

Hello @misc,

I'm lost in the documentation of isakmpd.conf and ipsec.conf :-(

Situation:
I have to set up several ipsec-connections on one system on my side
(OBSD 5) to different sites with different VPN-hardware.
All external sites offer only PSKs in configuration, no certificates.

Problem:
most of the sites use different key lifetimes (in phase 1/2), so I
have do deal with a bunch of lifetime values.

Question:
is there any chance (perhaps in the future) to integrate lifetime
parameters via ipsecctl -- ipsec.conf or will I be forced to keep on
using isakmpd.conf?

I don't need isakmpd.conf for other parameters ;-)



best regards

Andre Ruppert

Re: CARP interfaces randomly stop answering ARP requests

[Johan Ryberg]

Regarding f_ether.c: IFQ_SET_MAXLEN(arpintrq, 50);  /*
XXX hate magic numbers */

Is 50 the limitation of logical interface per each physical or is it
50 carp per logic interface?

Best regards Johan Ryberg

2012/4/11 Ian Chard ian.ch...@bodleian.ox.ac.uk:
 On 03/04/12 10:32, Camiel Dobbelaar wrote:

 On 3-4-2012 11:13, Ian Chard wrote:

 I have an OpenBSD box acting as a NATting firewall.  It has 59 CARP
 interfaces defined, all identical apart from the IP address and vhid. At
 the moment there is no failover pair, so all the interfaces are in
 MASTER mode.

 Every so often, one of these interfaces will suddenly stop answering ARP
 requests.  With tcpdump I can see the ARP requests coming in, but they
 are never answered.  ifconfig output for the interface is no different
 to any of the other CARP instances; most notably, it is still in MASTER
 mode.  I have net.inet.carp.log set to 7, but nothing is logged when
 this happens: no state changes, no other messages.

 Recovery is simple: I just 'ifconfig carpxx down; ifconfig carpxx up'.
 The interface recovers in a second or two.

 I had this problem with 4.9-stable, and today I migrated the config to a
 fresh 5.0-stable installation with the same results.

 Any help much appreciated!


 I assume all your carp interfaces have the same carpdev (physical
 interface) ?

 I suspect you may run into this limit (in sys/netinet):
 if_ether.c: IFQ_SET_MAXLEN(arpintrq, 50);  /* XXX hate
 magic numbers */

 Can you raise that number to 100 and compile a new kernel?


 I've now had this running since your suggestion, and the problem hasn't
come
 back.  Thanks again!


 - Ian

 --
 Ian Chard, Systems Architect   |  E: ian.ch...@bodleian.ox.ac.uk
 Bodleian Libraries |  T:  80587 / (01865) 280587
 University of Oxford   |  F:  (01865) 242287

Re: How to have more than 15 pflog interfaces?

[Siju George]

On Wed, Apr 11, 2012 at 2:55 PM, Henning Brauer lists-open...@bsws.de wrote:

 actually, bumping it should be absolutely safe.

 pretty dumb limit actually, we should just dynamically allocate the
 pflogifs array.


Thanks :-)

Siju

Re: CARP interfaces randomly stop answering ARP requests

[Camiel Dobbelaar]

On 11-4-2012 11:07, Ian Chard wrote:
 On 03/04/12 10:32, Camiel Dobbelaar wrote:
 I suspect you may run into this limit (in sys/netinet):
 if_ether.c: IFQ_SET_MAXLEN(arpintrq, 50);  /* XXX hate
 magic numbers */

 Can you raise that number to 100 and compile a new kernel?
 
 I've now had this running since your suggestion, and the problem hasn't
 come back.  Thanks again!

Thanks for reporting back.  I'm working on a fix that grows the limit
with the number of interfaces, so this should not be a concern again.

--
Cam

Re: CARP interfaces randomly stop answering ARP requests

[Camiel Dobbelaar]

On 11-4-2012 11:48, Johan Ryberg wrote:
 Regarding f_ether.c: IFQ_SET_MAXLEN(arpintrq, 50);  /*
 XXX hate magic numbers */
 
 Is 50 the limitation of logical interface per each physical or is it
 50 carp per logic interface?

No, it's the limit on the _global_ arp queue.  arp requests (regardless
of the interface) get added to a queue.  This queue gets serviced every
once in a while (on a soft interrupt).

The problem with bridge and carp is that they duplicate those arp
requests, so 1 incoming arp request on the network may turn into 50 arp
requests on the queue.   One for each interface on a bridge or one for
each carp interface per carpdev.

--
Cam

Re: how to get userland pthreads working?

[Mo Libden]

Wed, 11 Apr 2012 02:00:28 -0700 PQ Philip Guenther guent...@gmail.com:
 On Wed, Apr 11, 2012 at 12:28 AM, Mo Libden m0lib...@mail.ru wrote:
  Tue, 10 Apr 2012 11:10:09 -0700 PQ  Philip Guenther guent...@gmail.com:
 ...
  Running -current with userland threads is not supported.  If you need
  userland threads, you need to run 5.1 or earlier.
 
  That was what I really needed. Thank you!
 
  It is not stated clearly in the pthreads man page.
  The man page still says it is a userland library implementation,
  which obviously is not true anymore. That's why I asked.
 
 Perhaps if we hit a blocker that would keep rthreads from being ready
 for the 5.2 release we'll be reverting the switch.  Some parts of the
 docs might not be updated until we are confident that won't occur.

Thank you, that's clear.  I hope rthreads will make it, they're hot :-)

 BTW, any particular reason for wanting to switch back?  Something not
 working right or a regression in performance or behavior?

No, nothing in particular. I just used to think ahead of other possible
scenarios like what if this something goes wrong, how do i...
Since rthreads seem to be controlled with sysctl, I had impression
that setting kern.rthreads=0 would turn old libpthread back.
Like libpthread has some kind of check for kern.rthreads and
chooses what functions to use according to the value.
Now, thanks to you I know how the things currently are.

  Now, for the following, what's up with the immediate disclaimers?
  Only asked a question, sheesh. Nobody asked for support or
  anything similar. Being with OpenBSD since 1996, I kinda know the
  versioning and the terms for the support.
 
 Ah misc@, where half the people need the FAQ read to them and the
 other half are insulted when someone tries to answer the obvious next
 question.

No, in my head it's not obvious next question. If I had come with some
problem like i compile package X and it fails with rthreads, that might
be the case. However, my e-mail started with I wrote a two string program
to check rthreads, it looks really interesting! So it is obvious I was just
playing around with this, looking how the rthreads are processed by
the OS (checked OS tools like ps, top etc.). Anyway, we can drop this part
:-)

 Philip Guenther

Thanks!

Re: How to have more than 15 pflog interfaces?

[Henning Brauer]

* Henning Brauer lists-open...@bsws.de [2012-04-11 11:26]:
 * Siju George sgeorge@gmail.com [2012-04-10 08:16]:
  On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera andre...@zoho.com wrote:
   altering the max might have consequences i don't know about:
  I will stick with 15 :-)
 
 actually, bumping it should be absolutely safe.
 
 pretty dumb limit actually, we should just dynamically allocate the
 pflogifs array.

please try this  report back

Index: if_pflog.c
===
RCS file: /cvs/src/sys/net/if_pflog.c,v
retrieving revision 1.49
diff -u -p -r1.49 if_pflog.c
--- if_pflog.c  3 Feb 2012 01:57:50 -   1.49
+++ if_pflog.c  11 Apr 2012 10:19:56 -
@@ -80,6 +80,7 @@
 #endif
 
 void   pflogattach(int);
+intpflogifs_resize(size_t);
 intpflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *,
   struct rtentry *);
 intpflogioctl(struct ifnet *, u_long, caddr_t);
@@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc)pflogif_list;
 struct if_clonepflog_cloner =
 IF_CLONE_INITIALIZER(pflog, pflog_clone_create, pflog_clone_destroy);
 
-struct ifnet   *pflogifs[PFLOGIFS_MAX];/* for fast access */
-struct mbuf*pflog_mhdr = NULL, *pflog_mptr = NULL;
+int  npflogifs = 0;
+struct ifnet   **pflogifs = NULL;  /* for fast access */
+struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL;
 
 void
 pflogattach(int npflog)
 {
-   int i;
LIST_INIT(pflogif_list);
-   for (i = 0; i  PFLOGIFS_MAX; i++)
-   pflogifs[i] = NULL;
if (pflog_mhdr == NULL)
if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL)
panic(pflogattach: no mbuf);
@@ -111,14 +110,41 @@ pflogattach(int npflog)
 }
 
 int
+pflogifs_resize(size_t n)
+{
+   struct ifnet**p;
+   int   i;
+
+   if (n  SIZE_MAX / sizeof(struct ifnet))
+   return (EINVAL);
+   if (n == 0)
+   p = NULL;
+   else
+   if ((p = malloc(n * sizeof(struct ifnet), M_DEVBUF,
+   M_NOWAIT|M_ZERO)) == NULL)
+   return (ENOMEM);
+   for (i = 0; i  n; i++)
+   if (i  npflogifs)
+   p[i] = pflogifs[i];
+   else
+   p[i] = NULL;
+
+   if(pflogifs)
+   free(pflogifs, M_DEVBUF);
+   pflogifs = p;
+   npflogifs = n;
+   return (0);
+}
+
+int
 pflog_clone_create(struct if_clone *ifc, int unit)
 {
struct ifnet *ifp;
struct pflog_softc *pflogif;
int s;
 
-   if (unit = PFLOGIFS_MAX)
-   return (EINVAL);
+   if (unit + 1  npflogifs  pflogifs_resize(unit + 1) != 0)
+   return (ENOMEM);
 
if ((pflogif = malloc(sizeof(*pflogif),
M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL)
@@ -154,11 +180,16 @@ int
 pflog_clone_destroy(struct ifnet *ifp)
 {
struct pflog_softc  *pflogif = ifp-if_softc;
-   int  s;
+   int  s, i;
 
s = splnet();
pflogifs[pflogif-sc_unit] = NULL;
LIST_REMOVE(pflogif, sc_list);
+
+   for (i = npflogifs; i  0  pflogifs[i - 1] != NULL; i--)
+   ; /* nothing */
+   if (i  npflogifs)
+   pflogifs_resize(i); /* error harmless here */
splx(s);
 
if_detach(ifp);
@@ -225,7 +256,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8
if (rm == NULL || pd == NULL || pd-kif == NULL || pd-m == NULL)
return (-1);
 
-   if ((ifn = pflogifs[rm-logif]) == NULL || !ifn-if_bpf)
+   if (rm-logif = npflogifs || (ifn = pflogifs[rm-logif]) == NULL ||
+   !ifn-if_bpf)
return (0);
 
bzero(hdr, sizeof(hdr));
Index: pf_ioctl.c
===
RCS file: /cvs/src/sys/net/pf_ioctl.c,v
retrieving revision 1.250
diff -u -p -r1.250 pf_ioctl.c
--- pf_ioctl.c  3 Apr 2012 15:09:03 -   1.250
+++ pf_ioctl.c  11 Apr 2012 10:19:57 -
@@ -2595,8 +2595,6 @@ pf_rule_copyin(struct pf_rule *from, str
 #if NPFLOG  0
if (!to-log)
to-logif = 0;
-   if (to-logif = PFLOGIFS_MAX)
-   return (EINVAL);
 #endif
to-quick = from-quick;
to-ifnot = from-ifnot;

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: manual about jobs control

[Alexander Hall]

f5b f...@163.com wrote:

In OpenBSD we can use commands like jobs fg or something else, but
why man jobs man fg not work?

and are there anything about jobs control in the base Manual?

Yup.

man $SHELL

Re: manual about jobs control

[Samuel Martin Moro]

On 04/11/12 01:23, f5b wrote:
 In OpenBSD we can use commands like jobs fg or something else, but why 
 man jobs man fg not work?

 and are there anything about jobs control in the base Manual?

These are shell builtins.
You may refer to your shell's man.

Regards.

-- 
Samuel Martmn Moro
   Inginieur Systhmes et Riseaux
   tel 01 41 40 11 22
   gsm 06 30 52 01 79
SMILE - Open Source Solutions
   48 rue de Villiers, 92300 Levallois Perret

Re: How to have more than 15 pflog interfaces?

[Siju George]

On Wed, Apr 11, 2012 at 3:50 PM, Henning Brauer lists-open...@bsws.de wrote:

 please try this  report back


Thanks Henning but I need some help :-(

I got the following errors and I have attached the .rej files

=
# patch -p0  patch.if_pflog
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--
|Index: if_pflog.c
|===
|RCS file: /cvs/src/sys/net/if_pflog.c,v
|retrieving revision 1.49
|diff -u -p -r1.49 if_pflog.c
|--- if_pflog.c  3 Feb 2012 01:57:50 -   1.49
|+++ if_pflog.c  11 Apr 2012 10:19:56 -
--
File to patch: sys/net/if_pflog.c
Patching file sys/net/if_pflog.c using Plan A...
Hunk #1 failed at 80.
Hunk #2 failed at 92.
Hunk #3 failed at 110.
Hunk #4 failed at 180.
Hunk #5 failed at 256.
5 out of 5 hunks failed--saving rejects to sys/net/if_pflog.c.rej
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--
|Index: pf_ioctl.c
|===
|RCS file: /cvs/src/sys/net/pf_ioctl.c,v
|retrieving revision 1.250
|diff -u -p -r1.250 pf_ioctl.c
|--- pf_ioctl.c  3 Apr 2012 15:09:03 -   1.250
|+++ pf_ioctl.c  11 Apr 2012 10:19:57 -
--
File to patch: sys/net/pf_ioctl.c
Patching file sys/net/pf_ioctl.c using Plan A...
Hunk #1 failed at 2595.
1 out of 1 hunks failed--saving rejects to sys/net/pf_ioctl.c.rej
done
===

Thanks

Siju

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of if_pflog.c.rej]

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of pf_ioctl.c.rej]

Re: How to have more than 15 pflog interfaces?

[patrick keshishian]

On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote:
 * Henning Brauer lists-open...@bsws.de [2012-04-11 11:26]:
  * Siju George sgeorge@gmail.com [2012-04-10 08:16]:
   On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera andre...@zoho.com wrote:
altering the max might have consequences i don't know about:
   I will stick with 15 :-)
  
  actually, bumping it should be absolutely safe.
  
  pretty dumb limit actually, we should just dynamically allocate the
  pflogifs array.
 
 please try this  report back
 
 Index: if_pflog.c
 ===
 RCS file: /cvs/src/sys/net/if_pflog.c,v
 retrieving revision 1.49
 diff -u -p -r1.49 if_pflog.c
 --- if_pflog.c3 Feb 2012 01:57:50 -   1.49
 +++ if_pflog.c11 Apr 2012 10:19:56 -
 @@ -80,6 +80,7 @@
  #endif
  
  void pflogattach(int);
 +int  pflogifs_resize(size_t);
  int  pflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *,
  struct rtentry *);
  int  pflogioctl(struct ifnet *, u_long, caddr_t);
 @@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc)  pflogif_list;
  struct if_clone  pflog_cloner =
  IF_CLONE_INITIALIZER(pflog, pflog_clone_create, pflog_clone_destroy);
  
 -struct ifnet *pflogifs[PFLOGIFS_MAX];/* for fast access */
 -struct mbuf  *pflog_mhdr = NULL, *pflog_mptr = NULL;
 +intnpflogifs = 0;
 +struct ifnet **pflogifs = NULL;  /* for fast access */
 +struct mbuf   *pflog_mhdr = NULL, *pflog_mptr = NULL;
  
  void
  pflogattach(int npflog)
  {
 - int i;
   LIST_INIT(pflogif_list);
 - for (i = 0; i  PFLOGIFS_MAX; i++)
 - pflogifs[i] = NULL;
   if (pflog_mhdr == NULL)
   if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL)
   panic(pflogattach: no mbuf);
 @@ -111,14 +110,41 @@ pflogattach(int npflog)
  }
  
  int
 +pflogifs_resize(size_t n)
 +{
 + struct ifnet**p;
 + int   i;
 +
 + if (n  SIZE_MAX / sizeof(struct ifnet))
 + return (EINVAL);
 + if (n == 0)
 + p = NULL;
 + else
 + if ((p = malloc(n * sizeof(struct ifnet), M_DEVBUF,
 + M_NOWAIT|M_ZERO)) == NULL)
 + return (ENOMEM);

don't you need two different index vars for this next
section?

 + for (i = 0; i  n; i++)
 + if (i  npflogifs)
 + p[i] = pflogifs[i];
 + else
 + p[i] = NULL;

something like the following with caveats that a) it is
5am-ish for me and b) i did not try compiling it:

for (i = 0, j = 0; i  n; i++, j++) {
for (; j  npflogifs  NULL == pflogifs[j]; j++)
;
if (j == npflogifs)
break;
p[i] = pflogifs[j];
}
for (; i  n; i++)
p[i] = NULL;

 +
 + if(pflogifs)
 ^^ nit
 + free(pflogifs, M_DEVBUF);
 + pflogifs = p;
 + npflogifs = n;
 + return (0);
 +}
 +
 +int
  pflog_clone_create(struct if_clone *ifc, int unit)
  {
   struct ifnet *ifp;
   struct pflog_softc *pflogif;
   int s;
  
 - if (unit = PFLOGIFS_MAX)
 - return (EINVAL);
 + if (unit + 1  npflogifs  pflogifs_resize(unit + 1) != 0)
 + return (ENOMEM);
  
   if ((pflogif = malloc(sizeof(*pflogif),
   M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL)
 @@ -154,11 +180,16 @@ int
  pflog_clone_destroy(struct ifnet *ifp)
  {
   struct pflog_softc  *pflogif = ifp-if_softc;
 - int  s;
 + int  s, i;
  
   s = splnet();
   pflogifs[pflogif-sc_unit] = NULL;
   LIST_REMOVE(pflogif, sc_list);
 +
 + for (i = npflogifs; i  0  pflogifs[i - 1] != NULL; i--)
 + ; /* nothing */
 + if (i  npflogifs)
 + pflogifs_resize(i); /* error harmless here */

So, if the last pflogifs entry is NULL don't resize
down? Not really questioning the logic, but want to
make sure I understand that's what is meant, cause
there is an easier check for that than the for()-loop.
Caveats: a) 5am-ish, b) not familiar with code.

--patrick

   splx(s);
  
   if_detach(ifp);
 @@ -225,7 +256,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8
   if (rm == NULL || pd == NULL || pd-kif == NULL || pd-m == NULL)
   return (-1);
  
 - if ((ifn = pflogifs[rm-logif]) == NULL || !ifn-if_bpf)
 + if (rm-logif = npflogifs || (ifn = pflogifs[rm-logif]) == NULL ||
 + !ifn-if_bpf)
   return (0);
  
   bzero(hdr, sizeof(hdr));
 Index: pf_ioctl.c
 ===
 RCS file: /cvs/src/sys/net/pf_ioctl.c,v
 retrieving revision 1.250
 diff -u -p -r1.250 pf_ioctl.c
 --- pf_ioctl.c3 Apr 2012 15:09:03 -   1.250
 +++ pf_ioctl.c11 Apr 2012 10:19:57 -
 @@ -2595,8 +2595,6 @@ 

Re: Does relayd(8) support TLS Server Name Initiation?

[Vadim Agarkov]

Interesting question for me either.. SNI is already supported by OpenSSL 
starting from version 0.9.8f and later, pound supports it from version 
2.6 - which is not in packages yet (still 2.5 there), nginx in packages 
seems to be supporting it (not sure how it is in practice). Would be 
cool if relayd(8) had such feature... But I don't see any info regarding 
this in internet. Maybe somebody can shed some light on this ?


thanks,
VA

On 23.09.2010 19:31, Christopher Dukes wrote:

And if not is support planned?
I'd like to make use of relayd's relays for URL based filtering of https
requests.  I already know for SSL2 I'm stuck to 1 IP address per cert.
A scan of the relayd.conf(5) and ssl(8) and the daily change logs for
4.6 through current all say no, but for all I know someone might be
working on something quietly :-).

And since the current state of things appears to be No TLS Server Name
Initiation, does anyone have any throughs as to whether or not using
relayd redirects and lighttpd or nginx to negotiate TLS SNI would be a
bad idea?  And if it's a bad idea, what any better ideas are.

Thanks,
Chris Dukes

Re: kernel panic: inteldrm

[Alexei Malinin]

Hello.

I tried to turn off the hardware acceleration with DRI, NoAccel  Accel
xorg.conf options but without success - in the /var/log/Xorg.0.log
I found messages about unused NoAccel  Accel options and activated
DRI driver.

The fragment from my /etc/X11/xorg.conf on i386 OpenBSD-4.9:

...
Section Device
### Available Driver options are:-
### Values: i: integer, f: float, bool: True/False,
### string: String, freq: f Hz/kHz/MHz,
### percent: f%
### [arg]: arg optional
#Option NoAccel   # [bool]
#Option SWcursor  # [bool]
#Option ColorKey  # i
#Option CacheLines# i
#Option Dac6Bit   # [bool]
#Option DRI   # [bool]
#Option NoDDC # [bool]
#Option ShowCache # [bool]
#Option XvMCSurfaces  # i
#Option PageFlip  # [bool]
Identifier  Card0
Driver  intel
BusID   PCI:0:2:0
#Option HWcursor  off
Option  DRI   off
Option  NoAccel   on
EndSection

Section Screen
Identifier  Screen0
Device  Card0
Monitor Monitor0
Option  Accel off
...

Give me, please, an advise about other possibilities to
turn off video driver hardware acceleration.


-- 
Alexei Malinin

Re: V5.0 - ipsec -- lifetime dependencies between ipsec.conf (ipsecctl) and isakmpd.conf

[Christian Weisgerber]

Andre Ruppert a...@in-telegence.net wrote:

 is there any chance (perhaps in the future) to integrate lifetime
 parameters via ipsecctl -- ipsec.conf or will I be forced to keep on
 using isakmpd.conf?

There is lifetime code in ipsecctl.  I don't know if its absence
from the man page is an accidental omission or if the code is
incomplete.

-- 
Christian naddy Weisgerber  na...@mips.inka.de

DIPLOMADO: DIRECCION ESTRATEGICA DE NEGOCIOS, ALTA DIRECCION

[DIPLOMADOS]

Te invitamos a participar en el Diplomado: Direccisn Estratigica de
Negocios, Alta Direccisn

Dirigido a:

Todos aquellos altos ejecutivos que toman decisiones estratigicas en la
empresa, Directores de empresas, propietarios, gerentes del sector
empresarial y miembros del consejo interesados en desarrollar habilidades
directivas que les permitan detectar areas de oportunidad en su negocio.

Objetivo General:

Bajo un entorno de competencias laborales, el participante sera capaz de
concebir y diseqar, de forma sistematica, un nuevo modelo de empresa que
genere valor al interior y exterior de la misma.

Fecha de inicio: 20 de abril

Fecha lmmite de inscripcisn 13 de abril

CUPO LIMITADO

DURACISN 112 horas Totales.

INCLUYE:

-Instructores expertos en la materia

-Conferencias de excelencia acadimica

-Material especializado

-Constancias

-Servicio de cafi continuo

Requisitos:

-Comprobante de Estudios de zltimo grado

-Currmculo Vitae

-Solicitud de Inscripcisn, que le proporcionara el coordinador

-Fotografma impresa o digital para la solicitud de inscripcisn

-Comprobante de Pago

MSDULO I Gestisn del Cambio, Ticnicas para el coaching
==

MSDULO II planeacisn Estratigica como herramienta organizacional:
Balanced Scorecard
=

MODULO III Cultura Financiera, Evaluacisn de proyectos de inversisn
===

MSDULO IV Trabajo en Equipo
===

MODULO V Liderazgo Transformador, del Lmder Personal al Lmder Efectivo y
Exitoso en Equipos Integrados.


MODULO VI. Administracisn del Capital Humano. Creando un ambiente sano de
trabajo.
=

MODULO VII Atencisn a Cliente, cuando la actitud no es suficiente

Estamos seguros que su presencia sera altamente significativa por todo lo
que esto representa el mantenerse a la vanguardia en capacitacisn y que
desde el inicio del evento, habremos de congratularnos por los resultados
obtenidos.

Sin otro particular por el momento y esperando contar con su distinguida
presencia

Reciba un cordial saludo

Atte

Lic. Julio Alejandro Mendoza

Coordinador Acadimico

Educacisn continua

Fomento Para el Desarrollo Econsmico

Tels. Oficina Queritaro

Conmutador (442) 455 55 55

Directo (442) 220 71 18

e-mail: jamend...@dec.fca.unam.mx
juliomend...@fundacionparaeldesarrolloeconomico.org

Si deseas darte de baja de este e-news letter, envia un correo con el
asunto baja a division.educacionconti...@yahoo.com.mx

Mosh? seems dangerous!

[bofh]

Apparently MIT's folks want to do SSH with roaming.

Just curious what you guys think of it.

http://mosh.mit.edu/

--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: Mosh? seems dangerous!

[Gilles Chehade]

On Wed, Apr 11, 2012 at 12:39:39PM -0400, bofh wrote:
 Apparently MIT's folks want to do SSH with roaming.
 
 Just curious what you guys think of it.
 
 http://mosh.mit.edu/
 

Quote:

Moreover, TELNET had some good things going it for a local-echo mode and
 a well-defined network virtual terminal. Then SSH came along and added minor
 enhancements like confidentiality and authentication, at the cost of losing
 the local-echo mode and the well-defined terminal semantics.

minor enhancements like confidentiality and authentication ?
 at the cost of losing the local-echo mode ?

 dunno about the quality of the stuff, but...
 promoting, they're doing it wrong

-- 
Gilles Chehade

https://www.poolp.org | http://pool.ps  @poolpOrg

Re: Mosh? seems dangerous!

[bofh]

And apparently they don't know how to use authorized_keys either :)

--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: Mosh? seems dangerous!

[Johan Ryberg]

Have you REALLY read what it is???  I don't think so ;)  Once more
please: http://mosh.mit.edu/

You must first log in via SSH (with the keys if you want) and then
from the server you start the mosh client as an application and do a
callback to the client. It's not a daemon and it does not need any
high privileges to run.

I don't have any problem with SSH so I will not use this any way, it
just seems to much work and another layer of overhead just to get rid
of some lag that never caused me any problem.

 -- Johan Ryberg

2012/4/11 bofh goodb...@gmail.com:
 And apparently they don't know how to use authorized_keys either :)

Re: Mosh? seems dangerous!

[Christian Weisgerber]

Gilles Chehade gil...@poolp.org wrote:

  http://mosh.mit.edu/
 
 Moreover, TELNET had some good things going it for a local-echo mode and
  a well-defined network virtual terminal. Then SSH came along and added minor
  enhancements like confidentiality and authentication, at the cost of losing
  the local-echo mode and the well-defined terminal semantics.

This must be satire.  Right?
I mean, local-echo mode?  What is this?  1975?

-- 
Christian naddy Weisgerber  na...@mips.inka.de

Re: Mosh? seems dangerous!

[bofh]

Heh, I did.  I was looking at the problem statement of oh, you have
to enter passwords each time you login from a different place.

A combination of authorized_keys + tmux/screen would have solved that
problem, methinks, and far better than yet another daemon (something
that sits on a udp port is still a daemon)


--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: smtpd: no user for command execution in aliases

[Tobias Sarnowski]

On Tue, Apr 10, 2012 at 09:39:39PM -0400, Josh Grosse wrote:
 On Mon, Apr 09, 2012 at 10:24:49PM +0200, Gilles Chehade wrote:
  Guys,
  
  Can you try the following diff, it fixes the issue here and should
  get your mailing lists working.
  
  Please report if it works (or not ;-)
 
 This pair of patches did not change the parsing in makemap; newaliases 
 continues to report syntax errors when using | to pipe to commands.
 
 eg:  This line produces a syntax error:
 
 majordomo: |/usr/local/lib/majordomo/wrapper majordomo

Yeah I found that too. It is possible to wrap the command itself in
quotes like that:

majordomo: |/some/path argument

BUT then /some/path argument will be executed as a command in its full
length without splitting command and arguments (cannot execute '/some/path 
argument')

Using a .forward file works (without quotes) as expected.

 
   -Josh-

Re: Mosh? seems dangerous!

[Johan Beisser]

On Wed, Apr 11, 2012 at 11:02 AM, Christian Weisgerber
na...@mips.inka.de wrote:
 Gilles Chehade gil...@poolp.org wrote:

 This must be satire.  Right?
 I mean, local-echo mode?  What is this?  1975?

In lossy or high latency environments I find a local echo to be really
useful. To the point I occasionally dump stdout through my ssh tunnel
locally instead of trying to run an interactive shell.

webcam/mic

[Bryan Irvine]

This might be dumb question, but I haven't found the answer anywhere
else yet.  I have a lemote 8089b and I'm trying to figure out what
software I'd use in order to use the webcam/microphone.  I'm not
trying to solve any particular problem other than my own curiosity of
how I'd record/ take pictures (video chat would be cool too but is
only a bonus).

Here's my dmesg:

OpenBSD 5.0 (GENERIC) #26: Wed Aug 17 10:41:08 MDT 2011
x...@xxx.xxx:/usr/src/sys/arch/loongson/compile/GENERIC
real mem = 1073741824 (1024MB)
avail mem = 1059209216 (1010MB)
mainbus0 at root: Lemote Yeeloong
cpu0 at mainbus0: STC Loongson2F CPU 797 MHz, STC Loongson2F FPU
cpu0: cache L1-I 64KB D 64KB 4 way, L2 512KB 4 way
bonito0 at mainbus0: memory and PCI-X controller, rev 1
pci0 at bonito0 bus 0
rl0 at pci0 dev 7 function 0 Realtek 8139 rev 0x10: irq 5, address
xx:xx:xx:xx:
rlphy0 at rl0 phy 0: RTL internal PHY
smfb0 at pci0 dev 8 function 0 Silicon Motion LynxEM+ rev 0xb0
wsdisplay0 at smfb0 mux 1: console (std, vt100 emulation)
ohci0 at pci0 dev 9 function 0 NEC USB rev 0x44: irq 7, version 1.0
ehci0 at pci0 dev 9 function 1 NEC USB rev 0x05: irq 7
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 NEC EHCI root hub rev 2.00/1.00 addr 1
glxpcib0 at pci0 dev 14 function 0 AMD CS5536 ISA rev 0x03: rev 3,
32-bit 3579545Hz timer, watchdog, gpio
gpio1 at glxpcib0: 32 pins
pciide0 at pci0 dev 14 function 2 AMD CS5536 IDE rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: FUJITSU MHZ2160BH G2
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
auglx0 at pci0 dev 14 function 3 AMD CS5536 Audio rev 0x01: isa irq 9,
CS5536 AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0)
audio0 at auglx0
ohci1 at pci0 dev 14 function 4 AMD CS5536 USB rev 0x02: isa irq 11,
version 1.0, legacy support
ehci1 at pci0 dev 14 function 5 AMD CS5536 USB rev 0x02: isa irq 11
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 AMD EHCI root hub rev 2.00/1.00 addr 1
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 NEC OHCI root hub rev 1.00/1.00 addr 1
isa0 at glxpcib0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
mcclock0 at isa0 port 0x70/2: mc146818 or compatible
ykbec0 at isa0 port 0x381/3
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 AMD OHCI root hub rev 1.00/1.00 addr 1
clock0 at mainbus0: ticker on int5 using count register
apm0 at mainbus0
umass0 at uhub1 port 1 configuration 1 interface 0 Generic USB2.0-CRW
rev 2.00/58.87 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0: Generic-, Multi-Card, 1.00 SCSI0
0/direct removable serial.0bda015811417340
urtw0 at uhub1 port 4 Realtek RTL8187B rev 2.00/2.00 addr 3
urtw0: RTL8187B rev E, address xx:xx:xx:xx:
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
pmon bootpath: /dev/disk/wd0
boot device: wd0
root on wd0a swap on wd0b dump on wd0b
WARNING: / was not properly unmounted
ehci_idone: ex=0xc0088200 is done!
ehci_idone: ex=0xc0088200 is done!
apm0: battery high
urtw1 at uhub1 port 2 Realtek RTL8187 rev 2.00/1.00 addr 4
urtw1: RTL8187 rev 0x04, RFv2, address xx:xx:xx:xx:

Re: Mosh? seems dangerous!

[Gilles Chehade]

On Wed, Apr 11, 2012 at 11:19:44AM -0700, Johan Beisser wrote:
 On Wed, Apr 11, 2012 at 11:02 AM, Christian Weisgerber
 na...@mips.inka.de wrote:
  Gilles Chehade gil...@poolp.org wrote:
 
  This must be satire.  Right?
  I mean, local-echo mode?  What is this?  1975?
 
 In lossy or high latency environments I find a local echo to be really
 useful. To the point I occasionally dump stdout through my ssh tunnel
 locally instead of trying to run an interactive shell.
 

Well, I don't know how useful it is and I'm not debating it, but making
it a big selling point while saying confidentiality and security are
minor enhancements is a sign of lost sanity ;-)

-- 
Gilles Chehade

https://www.poolp.org | http://pool.ps  @poolpOrg

Re: webcam/mic

[Miod Vallat]

 This might be dumb question, but I haven't found the answer anywhere
 else yet.  I have a lemote 8089b and I'm trying to figure out what
 software I'd use in order to use the webcam/microphone.  I'm not
 trying to solve any particular problem other than my own curiosity of
 how I'd record/ take pictures (video chat would be cool too but is
 only a bonus).

The webcam doesn't show up in dmesg on the 8101 and the late 8089
models. I've been trying to fiddle with the registers that supposedly
enable it, with no reproduceable results, and eventually gave up.

If you're lucky, the webcam enable key combination (should be something
like Fn-F2) will make it appear and attach as an uvideo device. But I
wouldn't hold my breath on this.

Miod

Repost: Failed HP 360 Install from USB attached CD

[Rob Pierce]

Good afternoon,

My apologies - the previous post was a little mangled.

I have just attempted an install of the latest snapshot cd51.iso - dated 
07/04/2012 5:55:00 PM on some new HP 360 servers.

I am able to boot of the CD, but the boot hangs immediately after the following 
line is displayed:

   brgphy3 at bnx3 phy1: BCM5709 10/100/100baseT PHY, rev. 8

(see full dmesg below)

This is also the case when trying to install by booting off the OpenBSD 5.0 CD 
disk 1 (and cd50.iso).

I was able to install on the HP 360 servers by moving drives over from an HP 
120 (which didn't have the same problem) with BSD already installed, booting 
off bsd.rd from disk, and reinstalling over the network, and subsequent 
installations booting to bsd.rd on disk to sd1 and swapping drives, etc.

As such, I have OpenBSD 5.0 running on our HP 360 servers, but have never been 
able to boot and install from a USB attached CD (or USB memory stick).

I should mention that when installing I also have a USB attached key board in 
addition to the USB attached CD Drive (see dmesg output below).

This is an inconvenience more than anything, but it might point to some 
underlying issues?

Has anyone seen similar problems?

Many thanks.

Rob

= = = = = USB Keyboard attach, detach, and reattach = = = = =

uhidev2 at uhub4 port 1 configuration 1 interface 0 GASIA GASIA USB KB Pro 
rev 1.10/2.10 addr 2
uhidev2: iclass 3/1
ukbd1 at uhidev2: 8 modifier keys, 6 key codes
wskbd2 at ukbd1 mux 1
wskbd2: connecting to wsdisplay0
uhidev3 at uhub4 port 1 configuration 1 interface 1 GASIA GASIA USB KB Pro 
rev 1.10/2.10 addr 2
uhidev3: iclass 3/0, 2 report ids
uhid0 at uhidev3 reportid 1: input=2, output=0, feature=0
uhid1 at uhidev3 reportid 2: input=1, output=0, feature=0
wskbd2: disconnecting from wsdisplay0
wskbd2 detached
ukbd1 detached
uhidev2 detached
uhid0 detached
uhid1 detached
uhidev3 detached
uhidev2 at uhub4 port 1 configuration 1 interface 0 GASIA GASIA USB KB Pro 
rev 1.10/2.10 addr 2
uhidev2: iclass 3/1
ukbd1 at uhidev2: 8 modifier keys, 6 key codes
wskbd2 at ukbd1 mux 1
wskbd2: connecting to wsdisplay0
uhidev3 at uhub4 port 1 configuration 1 interface 1 GASIA GASIA USB KB Pro 
rev 1.10/2.10 addr 2
uhidev3: iclass 3/0, 2 report ids
uhid0 at uhidev3 reportid 1: input=2, output=0, feature=0
uhid1 at uhidev3 reportid 2: input=1, output=0, feature=0

= = = = = USB attached CD Drive = = = = =

wskbd2: disconnecting from wsdisplay0
wskbd2 detached
ukbd1 detached
uhidev2 detached
uhid0 detached
uhid1 detached
uhidev3 detached
uhidev2 at uhub4 port 1 configuration 1 interface 0 GASIA GASIA USB KB Pro 
rev 1.10/2.10 addr 2
uhidev2: iclass 3/1
ukbd1 at uhidev2: 8 modifier keys, 6 key codes
wskbd2 at ukbd1 mux 1
wskbd2: connecting to wsdisplay0
uhidev3 at uhub4 port 1 configuration 1 interface 1 GASIA GASIA USB KB Pro 
rev 1.10/2.10 addr 2
uhidev3: iclass 3/0, 2 report ids
uhid0 at uhidev3 reportid 1: input=2, output=0, feature=0
uhid1 at uhidev3 reportid 2: input=1, output=0, feature=0
umass0 at uhub1 port 7 configuration 1 interface 0 MediaTek Inc MT1836 rev 
2.00/0.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus3 at umass0: 2 targets, initiator 0
cd0 at scsibus3 targ 1 lun 0: HL-DT-ST, DVDRAM GP10NW20, 1.03 SCSI0 5/cdrom 
removable serial.0e8d1836B3H5824_
cd0 detached
scsibus3 detached
umass0 detached

= = = = = dmesg (USB devices were not present at reboot) = = = = =

OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (GenuineIntel 686-class) 2.41 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACP

   
I,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,

   PDCM,DCA,SSE4.1,SSE4.2,POPCNT,AES
real mem  = 3747340288 (3573MB)
avail mem = 3675979776 (3505MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS 
rev. 2.7 @  
  0xdf7fe000 (127 entries)
bios0: vendor HP version P68 date 05/05/2011
bios0: HP ProLiant DL360 G7
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SPCR MCFG HPET  SPMI ERST APIC SRAT  BERT HEST 
DMAR SSDT SS
   DT SSDT SSDT SSDT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 20 (application processor)
cpu1: Intel(R) 

Re: webcam/mic

[Bryan Irvine]

On Wednesday, April 11, 2012, Miod Vallat wrote:

  This might be dumb question, but I haven't found the answer anywhere
  else yet.  I have a lemote 8089b and I'm trying to figure out what
  software I'd use in order to use the webcam/microphone.  I'm not
  trying to solve any particular problem other than my own curiosity of
  how I'd record/ take pictures (video chat would be cool too but is
  only a bonus).

 The webcam doesn't show up in dmesg on the 8101 and the late 8089
 models. I've been trying to fiddle with the registers that supposedly
 enable it, with no reproduceable results, and eventually gave up.

 If you're lucky, the webcam enable key combination (should be something
 like Fn-F2) will make it appear and attach as an uvideo device. But I
 wouldn't hold my breath on this.

 Miod


I tried both with and without holding my breath with no luck.

Hi-Five OpenBSD World - New installation - Power management questions

[Michael Davies]

Hello OpenBSD World!!!

Long time Linux user who has recently been looking closely at OpenBSD 
for secure NAS backup device (home network). This is an immediate need 
but I will be shifting a couple of desktops to OBSD 'larrerrer' ;-).


I attach at the bottom of this e-mail my dmesg output for my relatively 
simple platform for the NAS (I knoww, it's a waste of an excellent 
OS! But I am after the security):


Intel D525MW motherboard (Intel Atom D525 Dual Core 1.8GHz (Supports 
64bit), Intel NM10 Express Chipset, Intel GMA3150 Integrated Graphics, 
Realtek 8111E GiE NIC, Intel BIOS - Supports ACPI), 4GB RAM, Samsung 
HM160HI 160GB SATA 2.5 HDD (Taken from my Samsung NC10 and wiped with 
DBAN before installation).


Boot medium was CD from an external, USB-connected Samsung SE-S224Q DVD 
Writer using Version 5.0 for AMD64 - SHA256 checksum checked against 
three Mirrors.
Only problem I encountered preceded installation while the CD was 
booting. I received the message /etc/boot.conf: line too long but the 
CD continued to boot and the installation went through without any problems.
I used these package options: -x* then -game* (removing these packages 
from the install - it's a NAS I'm creating here).

I had no problem setting up my static network address etc. etc.
I will install rsync via pkg_add later.

However, I have been trying to find out how OpenBSD handles ACPI/APM 
Power Management and disk hibernation.


I have read quite a bit:
1) Michael Lucas' Absolute OpenBSD (2004)
2) Secure Architectures with OpenBSD (2004)
3) Michael Lucas' Absolute BSD (for FreeBSD) (2002)
4) Calomel - you know the one
5) I've tried to search the archived dialogues on Old Nabble (Difficult)
6) I've searched Daemon Forums
7) I've read the FAQ - Always the last place I look ;-)

This is what I feel I have learned:

1) Advanced Power Management on OpenBSD is handled by apmd. I know that 
because enabling it through /etc/rc.conf, rebooting and then issuing zzz 
puts the PC to sleep. When I tap a key - it wakes up again (exactly 
where I left it). GREAT!
2) apmd does not automatically hibernate my disk (unless I am missing 
something) - but it is possible that there are ports (I've read about 
these for FreeBSD) which might handle disk hibernation: spindown and 
diskidle
3) I read somewhere that there is a danger in suspending/hibernating the 
disk security wise - but haven't found a full explanation (Is RAM dumped 
to disk unencrypted, perhaps?). That would explain why a program to 
hibernate the disk isn't included in the default install of OpenBSD.


Unfortunately - searching the OpenBSD mailing lists I have subscribed 
too is darn awkward (compared to some other fora - I know some issue 
'tarred' archives that can be imported into an e-mail client - ever 
considered it? :-) ).


SO... I've come to the fount of all knowledge to seek guidance on the 
following:


1) Beyond apmd, is there a default handler of disk hibernation 
install-ed/able via default OpenBSD?
2) To use apmd, do I need to maintain a swap partition? Indeed, should I 
ALWAYS maintain a swap partition on this simple setup (which is running 
fine)? I was hoping to get away without one (currently b: is undefined).
3) If spindown or diskidle exist in the packages/ports - would 
installing these provide me with a disk hibernation facility for OpenBSD?
4) Is there another way to manage the PC('NAS') using OpenBSD to 
minimize power while the 'NAS' is available 24/7?


All you savvy peeps who know where I am going on this - what's my best 
case scenario?


An OpenBSD NAS which doesn't hibernate (Thinks... Where can I get a 
100W PSU?) or can I possibly achieve a NAS that hibernates the drive 
and Wake(s) on LAN?


I'd settle for simply hibernating the disk (That's about 22W there - 
half the power draw) - but if the full monty is possible - I'll keep on 
digging.


dmesg details follow this EXTREMELY LONG FIRST POST. Thanks for YOUR 
patience, y'all ;-)


Mike

P.S. Anybody know why there is an RTC BIOS error 80 for the clock 
battery (See below)? Brand New board, this one.
P.P.S. The i386 32-bit version 5.0 works on this MB too - but I haven't 
attached the DMESG for that...


**
MY DMESG
**
OpenBSD 5.0 (GENERIC.MP) #63: Wed Aug 17 10:14:30 MDT 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80clock_battery
real mem = 4275666944 (4077MB)
avail mem = 4147728384 (3955MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcee98000 (27 entries)
bios0: vendor Intel Corp. version MWPNT10N.86A.0083.2011.0524.1600 
date 05/24/2011

bios0: Intel Corporation D525MW
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP 

Re: How to have more than 15 pflog interfaces?

[Henning Brauer]

* Siju George sgeorge@gmail.com [2012-04-11 14:25]:
 On Wed, Apr 11, 2012 at 3:50 PM, Henning Brauer lists-open...@bsws.de wrote:
 
  please try this  report back
 
 
 Thanks Henning but I need some help :-(
 
 I got the following errors and I have attached the .rej files

diffs are for current of course but should work for 5.1 as well -
dunno what you are trying.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: How to have more than 15 pflog interfaces?

[Henning Brauer]

* patrick keshishian sids...@boxsoft.com [2012-04-11 14:55]:
 On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote:
 don't you need two different index vars for this next
 section?

no, why?

  +   for (i = 0; i  n; i++)
  +   if (i  npflogifs)
  +   p[i] = pflogifs[i];
  +   else
  +   p[i] = NULL;

i think that is pretty clear: each slot in the newly allocated p gets
the same value as it had in the old pflogifs, once we're at the end of
pflogifs we set the remaining slots to NULL. unused slots were NULL
before so just inheriting the NULL is safe.

 something like the following with caveats that a) it is
 5am-ish for me and b) i did not try compiling it:
 
   for (i = 0, j = 0; i  n; i++, j++) {
   for (; j  npflogifs  NULL == pflogifs[j]; j++)
   ;
   if (j == npflogifs)
   break;
   p[i] = pflogifs[j];
   }
   for (; i  n; i++)
   p[i] = NULL;

i gave up following this after a bit.

  +
  +   if(pflogifs)
  ^^ nit

fixed

  s = splnet();
  pflogifs[pflogif-sc_unit] = NULL;
  LIST_REMOVE(pflogif, sc_list);
  +
  +   for (i = npflogifs; i  0  pflogifs[i - 1] != NULL; i--)
  +   ; /* nothing */
  +   if (i  npflogifs)
  +   pflogifs_resize(i); /* error harmless here */
 
 So, if the last pflogifs entry is NULL don't resize
 down? Not really questioning the logic, but want to
 make sure I understand that's what is meant, cause
 there is an easier check for that than the for()-loop.
 Caveats: a) 5am-ish, b) not familiar with code.

walk the array backwards until we find the first non-empty slot, then
shrink it to that.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: How to have more than 15 pflog interfaces?

[patrick keshishian]

On Wed, Apr 11, 2012 at 3:14 PM, Henning Brauer
lists-openbsdt...@bsws.de wrote:
 * patrick keshishian sids...@boxsoft.com [2012-04-11 14:55]:
 On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote:
 don't you need two different index vars for this next
 section?

 no, why?

I put the caveat that I am not familiar with the code (and its use).
So apologies if I'm making grave assumptions on the use case (more
below).

  +   for (i = 0; i  n; i++)
  +   if (i  npflogifs)
  +   p[i] = pflogifs[i];
  +   else
  +   p[i] = NULL;

 i think that is pretty clear: each slot in the newly allocated p gets
 the same value as it had in the old pflogifs, once we're at the end of
 pflogifs we set the remaining slots to NULL. unused slots were NULL
 before so just inheriting the NULL is safe.

Unless pflog_clone_destroy() takes out one in the middle of the list.
I probably assumed too much.

 something like the following with caveats that a) it is
 5am-ish for me and b) i did not try compiling it:

   for (i = 0, j = 0; i  n; i++, j++) {
   for (; j  npflogifs  NULL == pflogifs[j]; j++)
   ;
   if (j == npflogifs)
   break;
   p[i] = pflogifs[j];
   }
   for (; i  n; i++)
   p[i] = NULL;

 i gave up following this after a bit.

The loop is like yours, but looks out for an NULL-ed out pflogifs
entry (from pflog_clone_destroy()?). If one is detected, adjust index
into pflogifs accordingly.

Now, if it is the case that pflog_clone_destroy() won't ever take out
an entry in the middle of pflogifs, then ignore my comments.

  +
  +   if(pflogifs)
  ^^ nit

 fixed

  s = splnet();
  pflogifs[pflogif-sc_unit] = NULL;
  LIST_REMOVE(pflogif, sc_list);
  +
  +   for (i = npflogifs; i  0  pflogifs[i - 1] != NULL; i--)
  +   ; /* nothing */
  +   if (i  npflogifs)
  +   pflogifs_resize(i); /* error harmless here */

 So, if the last pflogifs entry is NULL don't resize
 down? Not really questioning the logic, but want to
 make sure I understand that's what is meant, cause
 there is an easier check for that than the for()-loop.
 Caveats: a) 5am-ish, b) not familiar with code.

 walk the array backwards until we find the first non-empty slot, then
 shrink it to that.

OK. So the _destroy() code will always take out entries from the end
of the pflogifs array.

Sorry for the noise.
--patrick


 --
 Henning Brauer, h...@bsws.de, henn...@openbsd.org
 BS Web Services, http://bsws.de, Full-Service ISP
 Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
Managed
 Henning Brauer Consulting, http://henningbrauer.com/

Re: Mosh? seems dangerous!

[Chris Cappuccio]

Christian Weisgerber [na...@mips.inka.de] wrote:
 Gilles Chehade gil...@poolp.org wrote:
 
   http://mosh.mit.edu/
  
  Moreover, TELNET had some good things going it for a local-echo mode and
   a well-defined network virtual terminal. Then SSH came along and added 
  minor
   enhancements like confidentiality and authentication, at the cost of losing
   the local-echo mode and the well-defined terminal semantics.
 
 This must be satire.  Right?
 I mean, local-echo mode?  What is this?  1975?

It's part of Nicholas Marriott's April Fools joke, 1975 meets meb 3.0 home 
page. It's actually just tmux with some extensions.

Re: V5.0 - ipsec -- lifetime dependencies between ipsec.conf (ipsecctl) and isakmpd.conf

[Stuart Henderson]

On 2012-04-11, Christian Weisgerber na...@mips.inka.de wrote:
 Andre Ruppert a...@in-telegence.net wrote:

 is there any chance (perhaps in the future) to integrate lifetime
 parameters via ipsecctl -- ipsec.conf or will I be forced to keep on
 using isakmpd.conf?

 There is lifetime code in ipsecctl.  I don't know if its absence
 from the man page is an accidental omission or if the code is
 incomplete.


IIRC, it looks like it should work per-peer but can actually
only be used to set lifetimes for the default peer. Examination of
the output from ipsecctl -nvf /etc/ipsec.conf would confirm this.

Re: Hi-Five OpenBSD World - New installation - Power management questions

[Nick Holland]

On 04/11/12 17:13, Michael Davies wrote:
...
 I attach at the bottom of this e-mail my dmesg output for my relatively 
 simple platform for the NAS (I knoww, it's a waste of an excellent 
 OS! But I am after the security):

not at all.  Its a fine general purpose OS, too.  :)
...
 However, I have been trying to find out how OpenBSD handles ACPI/APM 
 Power Management and disk hibernation.
 
 I have read quite a bit:
 1) Michael Lucas' Absolute OpenBSD (2004)
 2) Secure Architectures with OpenBSD (2004)
 3) Michael Lucas' Absolute BSD (for FreeBSD) (2002)
 4) Calomel - you know the one
 5) I've tried to search the archived dialogues on Old Nabble (Difficult)
 6) I've searched Daemon Forums
 7) I've read the FAQ - Always the last place I look ;-)

I could take exception to that. :)

 This is what I feel I have learned:
 
 1) Advanced Power Management on OpenBSD is handled by apmd. I know that 
 because enabling it through /etc/rc.conf, rebooting and then issuing zzz 
 puts the PC to sleep. When I tap a key - it wakes up again (exactly 
 where I left it). GREAT!

Nifty, eh? :)

 2) apmd does not automatically hibernate my disk (unless I am missing 
 something) - but it is possible that there are ports (I've read about 
 these for FreeBSD) which might handle disk hibernation: spindown and 
 diskidle

Haven't seen a whole lot of interest in disk hibernation on OpenBSD.

 3) I read somewhere that there is a danger in suspending/hibernating the 
 disk security wise - but haven't found a full explanation (Is RAM dumped 
 to disk unencrypted, perhaps?). That would explain why a program to 
 hibernate the disk isn't included in the default install of OpenBSD.

I can't think of any security issue on putting a system to SLEEP, but a
full suspend-to-disk could kinda leave your secrets out in the open for
off-line examination if done unencrypted.  If done encrypted...where do
you put the key?  If on the disk, no gain.  If you have to type it in on
power-up, other problems.

Some DISKS supposedly don't like too many power-up/power-down cycles.

...
 1) Beyond apmd, is there a default handler of disk hibernation 
 install-ed/able via default OpenBSD?

disk hibernation...  I'm assuming you mean, disk stops spinning until
the OS (which is running normally) calls for it.  if this is REALLY
what you want (keep reading), I don't think OpenBSD can help you.

 2) To use apmd, do I need to maintain a swap partition? Indeed, should I 
 ALWAYS maintain a swap partition on this simple setup (which is running 
 fine)? I was hoping to get away without one (currently b: is undefined).

Swap partition is optional, as long as you have enough RAM to do what
you want.  If you are short one byte, you are in trouble, but with 4G
RAM, you got a lot.

 3) If spindown or diskidle exist in the packages/ports - would 
 installing these provide me with a disk hibernation facility for OpenBSD?

You MAY be able to do something along these lines with a CF or USB flash
disk as your OS drive, then using atactl(8) to power up and down the
disk after unmounting/mounting the file system.  How you decide My
windows machine has just made a request via SMB for a file, I had best
power up the disk and get it, I have no idea.  HOWEVER, might be useful
for off-line backups, where you can say, I am starting a backup process
now (spin up, mount). ... I'm done now (dismount, spin down).

 4) Is there another way to manage the PC('NAS') using OpenBSD to 
 minimize power while the 'NAS' is available 24/7?

I'm not sure how much I'd like sleeping a NAS.  Ok, disk goes to
sleep, then something requests a file.  *PAUSE*  Not so bad when it is
your local computer where the OS can realize, I'm waking the disk, be
patient...over the wire, you just get dead air.  Sleeping the whole
machine?  yikes.  how would it wake up?

 All you savvy peeps who know where I am going on this - what's my best 
 case scenario?
 
 An OpenBSD NAS which doesn't hibernate (Thinks... Where can I get a 
 100W PSU?) or can I possibly achieve a NAS that hibernates the drive 
 and Wake(s) on LAN?

Wake on LAN is a special signal to power-up a device.  It isn't a oh,
I got a request...lemme fire up now thing.  Devices being served by a
NAS don't normally send Wake On LAN signals.

 
 I'd settle for simply hibernating the disk (That's about 22W there - 
 half the power draw) - but if the full monty is possible - I'll keep on 
 digging.

um. no.
that particular disk is rated at 2.2W on seek, 2.0W on read/write, and
0.25w on standby.  The only way to get 22W is the power-on max draw
spin-up, which will last probably two seconds, at most (probably more
like a fraction of a second at that kind of draw).  Think about it for a
moment..go find 25W electric lightbulb.  Leave it on for five minutes.
Touch it.  Go put some ice on your burned fingers.  Watts are Watts.
that's how hot your drive would get if it were drawing 22w non-stop.

The MOST you will save by powering down your little laptop disk is 

Re: Hi-Five OpenBSD World - New installation - Power management questions

[Jacob L. Leifman]

First the caveats: I am long time OpenBSD user, but not a developer. 
The original post was extremely long, and as I wanted to embed my 
comments next to the original content they belong to, I also snipped 
some irrelevant sections.

On 11 Apr 2012 at 22:14, Michael Davies wrote:

 Hello OpenBSD World!!!
 
 Long time Linux user who has recently been looking closely at OpenBSD

...[snipped]

 without any problems. I used these package options: -x* then -game*

I have deployed many servers using the same selection with no ill 
effect. However, a growing number of ports and packages has various x* 
dependencies; and as Theo just recently pointed out on this ML, the 
recommended and the only fully supported system configuration is with 
everything installed.

 (removing these packages from the install - it's a NAS I'm creating
 here). I had no problem setting up my static network address etc. etc. I
 will install rsync via pkg_add later.
 
 However, I have been trying to find out how OpenBSD handles ACPI/APM
 Power Management and disk hibernation.
 
 I have read quite a bit:
 1) Michael Lucas' Absolute OpenBSD (2004)

Was highly rated at the time, but that was 16 releases ago...

 2) Secure Architectures with OpenBSD (2004)

ditto; good for concepts overview, but most implementation details have 
changed quite radically.

 3) Michael Lucas' Absolute BSD (for FreeBSD) (2002)

old and mostly irrelevant -- the OpenBSD kernel is very different from 
FreeBSD, and much of the stuff that FreeBSD chooses to import is either 
dated or lacks the necessary kernel support (or both, as for example 
the PF code).

 4) Calomel - you know the one

too bad -- now you have to UNread it; seriously, according to core 
developers it is ALL wrong.

 5) I've tried to search the archived dialogues on Old Nabble (Difficult)

I have observed that when the developers refer to an old posting they 
use http://marc.info/ almost exclusively.

 6) I've searched Daemon Forums
 7) I've read the FAQ - Always the last place I look ;-)

When it comes to OpenBSD, the FAQ should be your first stop, closely 
followed by the man pages. Official documentation is a source of pride 
for the project -- documentation errors, even silly little typos, are 
treated as seriously as any other bug.

 
 This is what I feel I have learned:
 
 1) Advanced Power Management on OpenBSD is handled by apmd. I know that
 because enabling it through /etc/rc.conf, rebooting and then issuing zzz
 puts the PC to sleep. When I tap a key - it wakes up again (exactly
 where I left it). GREAT!
 2) apmd does not automatically hibernate my disk (unless I am missing
 something) - but it is possible that there are ports (I've read about these
 for FreeBSD) which might handle disk hibernation: spindown and diskidle
 3) I read somewhere that there is a danger in suspending/hibernating the
 disk security wise - but haven't found a full explanation (Is RAM dumped
 to disk unencrypted, perhaps?). That would explain why a program to
 hibernate the disk isn't included in the default install of OpenBSD.
 
 Unfortunately - searching the OpenBSD mailing lists I have subscribed
 too is darn awkward (compared to some other fora - I know some issue
 'tarred' archives that can be imported into an e-mail client - ever
 considered it? :-) ).
 
 SO... I've come to the fount of all knowledge to seek guidance on the
 following:
 
 1) Beyond apmd, is there a default handler of disk hibernation 
 install-ed/able via default OpenBSD?
 2) To use apmd, do I need to maintain a swap partition? Indeed, should I
 ALWAYS maintain a swap partition on this simple setup (which is running
 fine)? I was hoping to get away without one (currently b: is undefined).

Are you really hurting for space that much? Unlike linux, OpenBSD will 
not access the swap unless absolutely necessary. However, once again, 
having no swap defined is neither standard nor fully supported setup. 
Moreover, swap partition is where the system dumps core during panic. I 
found it beneficial to have some swap space defined even when disk 
capacity is an issue, and nowhere is it written that it needs to be big 
(not even equal to RAM size).

 3) If spindown or diskidle exist in the packages/ports - would
 installing these provide me with a disk hibernation facility for
 OpenBSD?
 4) Is there another way to manage the PC('NAS') using OpenBSD
 to minimize power while the 'NAS' is available 24/7?

apm(8) -C does a pretty good job of dynamically reducing CPU power 
waste and atactl(8) should help you configure the built-in functions of 
your hard drive. Keep in mind that full system hibernation (aka suspend 
to disk) is not compatible with 24/7 availability as you will have to 
issue an explicit wake-on-lan and wait for it to become available. 
OTOH, a modern system, especially one based on Atom processor and a 
laptop SATA drive, does a darn good job of minimizing power waste 
without completely shutting down.

Personally this is how I built my 

Re: Hi-Five OpenBSD World - New installation - Power management questions

[joshua stein]

  2) To use apmd, do I need to maintain a swap partition? Indeed, should I 
  ALWAYS maintain a swap partition on this simple setup (which is running 
  fine)? I was hoping to get away without one (currently b: is undefined).
 
 Swap partition is optional, as long as you have enough RAM to do what
 you want.

The swap partition is also where the kernel writes useful memory
dumps if it panics, so that savecore(8) can extract it on the next
boot.

Re: Mosh? seems dangerous!

[Marius ROMAN]

On Thu, Apr 12, 2012 at 2:00 AM, Chris Cappuccio ch...@nmedia.net wrote:
 Christian Weisgerber [na...@mips.inka.de] wrote:
 Gilles Chehade gil...@poolp.org wrote:

   http://mosh.mit.edu/
 
  Moreover, TELNET had some good things going it for a local-echo mode
and
   a well-defined network virtual terminal. Then SSH came along and added
minor
   enhancements like confidentiality and authentication, at the cost of
losing
   the local-echo mode and the well-defined terminal semantics.

 This must be satire.  Right?
 I mean, local-echo mode?  What is this?  1975?

 It's part of Nicholas Marriott's April Fools joke, 1975 meets meb 3.0 home
page. It's actually just tmux with some extensions.


No, it' s not tmux, it's a a joke with extensions or without.

--
Marius

Re: Hi-Five OpenBSD World - New installation - Power management questions

[Michael Davies]

Jacob,

Thank you very much for helping out - I apologise to you and the list 
for the length of my first post - and this one.


Thank you very much for responding to some of my queries.

I have interspersed my responses with your edited version:

On 12/04/12 02:12, Jacob L. Leifman wrote:

First the caveats: I am long time OpenBSD user, but not a developer.


No problem - we are all learners ;-)


The original post was extremely long, and as I wanted to embed my
comments next to the original content they belong to, I also snipped
some irrelevant sections.

On 11 Apr 2012 at 22:14, Michael Davies wrote:


Hello OpenBSD World!!!

Long time Linux user who has recently been looking closely at OpenBSD


...[snipped]


without any problems. I used these package options: -x* then -game*


I have deployed many servers using the same selection with no ill
effect. However, a growing number of ports and packages has various x*
dependencies; and as Theo just recently pointed out on this ML, the
recommended and the only fully supported system configuration is with
everything installed.


I think Theo's words were something like Why remove X...?

I took X out because I had no intention of installing anything other 
than rsync on this machine - hence further packages/ports were unlikely. 
But the default system is very slim (cool!) so I expect I might put 
these back in ;-) (Another wipe and install during the testing phase)





(removing these packages from the install - it's a NAS I'm creating
here). I had no problem setting up my static network address etc. etc. I
will install rsync via pkg_add later.

However, I have been trying to find out how OpenBSD handles ACPI/APM
Power Management and disk hibernation.

I have read quite a bit:
1) Michael Lucas' Absolute OpenBSD (2004)


Was highly rated at the time, but that was 16 releases ago...



Yep - he's writing a new one currently - but I couldn't wait ;-)


2) Secure Architectures with OpenBSD (2004)


ditto; good for concepts overview, but most implementation details have
changed quite radically.


Agree - but there's limited hardcopy material. Anything is better than





3) Michael Lucas' Absolute BSD (for FreeBSD) (2002)


old and mostly irrelevant -- the OpenBSD kernel is very different from
FreeBSD, and much of the stuff that FreeBSD chooses to import is either
dated or lacks the necessary kernel support (or both, as for example
the PF code).


I have found much of the book informative to understand general BSD 
stuff ;-) and I am installing FBSD in a virtual machine for 
experimentation... Toying with the dark side ;-) Bear with me ;-)





4) Calomel - you know the one


too bad -- now you have to UNread it; seriously, according to core
developers it is ALL wrong.


Did I say I'd read it all? I dip into everything to get a bigger picture :-)




5) I've tried to search the archived dialogues on Old Nabble (Difficult)


I have observed that when the developers refer to an old posting they
use http://marc.info/ almost exclusively.



That is VERY, VERY halpful. Thank you.


6) I've searched Daemon Forums
7) I've read the FAQ - Always the last place I look ;-)


When it comes to OpenBSD, the FAQ should be your first stop, closely
followed by the man pages. Official documentation is a source of pride
for the project -- documentation errors, even silly little typos, are
treated as seriously as any other bug.


I wrote that somewhat tongue in cheek ;-) I wasn't dissing the FAQ - I 
meant I read it first ;-)) (Apart from atactl, of course - see below)






This is what I feel I have learned:

1) Advanced Power Management on OpenBSD is handled by apmd. I know that
because enabling it through /etc/rc.conf, rebooting and then issuing zzz
puts the PC to sleep. When I tap a key - it wakes up again (exactly
where I left it). GREAT!
2) apmd does not automatically hibernate my disk (unless I am missing
something) - but it is possible that there are ports (I've read about these
for FreeBSD) which might handle disk hibernation: spindown and diskidle
3) I read somewhere that there is a danger in suspending/hibernating the
disk security wise - but haven't found a full explanation (Is RAM dumped
to disk unencrypted, perhaps?). That would explain why a program to
hibernate the disk isn't included in the default install of OpenBSD.

Unfortunately - searching the OpenBSD mailing lists I have subscribed
too is darn awkward (compared to some other fora - I know some issue
'tarred' archives that can be imported into an e-mail client - ever
considered it? :-) ).

SO... I've come to the fount of all knowledge to seek guidance on the
following:

1) Beyond apmd, is there a default handler of disk hibernation
install-ed/able via default OpenBSD?
2) To use apmd, do I need to maintain a swap partition? Indeed, should I
ALWAYS maintain a swap partition on this simple setup (which is running
fine)? I was hoping to get away without one (currently b: is undefined).


Are you really hurting 

Re: Hi-Five OpenBSD World - New installation - Power management questions

[Michael Davies]

Joshua,

Yep - I'd got that - I was hoping that the Kernel wouldn't panic because 
I wasn't changing the default (much...) except for installing rsync.


Jacob had alluded to this in his response - but you probably couldn't 
find it in the jungle of MY e-mail.


Thanks mate!

Good man ;-)

Mike


On 12/04/12 02:19, joshua stein wrote:

2) To use apmd, do I need to maintain a swap partition? Indeed, should I
ALWAYS maintain a swap partition on this simple setup (which is running
fine)? I was hoping to get away without one (currently b: is undefined).


Swap partition is optional, as long as you have enough RAM to do what
you want.


The swap partition is also where the kernel writes useful memory
dumps if it panics, so that savecore(8) can extract it on the next
boot.

Re: How to have more than 15 pflog interfaces?

[Siju George]

On Thu, Apr 12, 2012 at 3:44 AM, Henning Brauer
lists-openbsdt...@bsws.de wrote:


 diffs are for current of course but should work for 5.1 as well -
 dunno what you are trying.


Ok thanks :-)
I am running 5.0

--Siju

Is there any IEEE 802.11n support in 5.0?

[Alan Corey]

I was shopping for Atheros cards to use with the athn driver but down in 
caveats section of the man page it says The athn driver does not support 
any of the 802.11n capabilities offered by the adapters.


I bookmarked a $6 Chinese AR9223 mini-pci card anyway.

11g is nice, but I'd like to try 11n. 300 Mbps, wow!

  Alan