Re[2]: how to get userland pthreads working?
Tue, 10 Apr 2012 11:10:09 -0700 PQ Philip Guenther guent...@gmail.com: On Tue, Apr 10, 2012 at 10:41 AM, Mo Libden m0lib...@mail.ru wrote: I wrote a two string program to check rthreads, it looks really interesting! I am interested how do I get pure userland library back in case I need? Just setting kern.rthreads=0 seems to be not enough: pthread_create() fails this case as not supported. Do I need to link the program against another library? Anything else? Running -current with userland threads is not supported. If you need userland threads, you need to run 5.1 or earlier. That was what I really needed. Thank you! It is not stated clearly in the pthreads man page. The man page still says it is a userland library implementation, which obviously is not true anymore. That's why I asked. Now, for the following, what's up with the immediate disclaimers? Only asked a question, sheesh. Nobody asked for support or anything similar. Being with OpenBSD since 1996, I kinda know the versioning and the terms for the support. As for how to do that, well, to quote section 5.1 of the FAQ: -- One should also understand that the upgrade process is supported in only one direction: from older to newer, and from -stable to -current. You can not run 5.0-current (or a snapshot), then decide you are living too dangerously, and step back to 5.0-stable. You are on your own if you choose any path other than the supported option of reloading your system from scratch, do not expect assistance from the OpenBSD development team. -- Philip Guenther
Re: how to get userland pthreads working?
On Wed, Apr 11, 2012 at 12:28 AM, Mo Libden m0lib...@mail.ru wrote: Tue, 10 Apr 2012 11:10:09 -0700 PQ Philip Guenther guent...@gmail.com: ... Running -current with userland threads is not supported. If you need userland threads, you need to run 5.1 or earlier. That was what I really needed. Thank you! It is not stated clearly in the pthreads man page. The man page still says it is a userland library implementation, which obviously is not true anymore. That's why I asked. Perhaps if we hit a blocker that would keep rthreads from being ready for the 5.2 release we'll be reverting the switch. Some parts of the docs might not be updated until we are confident that won't occur. BTW, any particular reason for wanting to switch back? Something not working right or a regression in performance or behavior? Now, for the following, what's up with the immediate disclaimers? Only asked a question, sheesh. Nobody asked for support or anything similar. Being with OpenBSD since 1996, I kinda know the versioning and the terms for the support. Ah misc@, where half the people need the FAQ read to them and the other half are insulted when someone tries to answer the obvious next question. Philip Guenther
Re: CARP interfaces randomly stop answering ARP requests
On 03/04/12 10:32, Camiel Dobbelaar wrote: On 3-4-2012 11:13, Ian Chard wrote: I have an OpenBSD box acting as a NATting firewall. It has 59 CARP interfaces defined, all identical apart from the IP address and vhid. At the moment there is no failover pair, so all the interfaces are in MASTER mode. Every so often, one of these interfaces will suddenly stop answering ARP requests. With tcpdump I can see the ARP requests coming in, but they are never answered. ifconfig output for the interface is no different to any of the other CARP instances; most notably, it is still in MASTER mode. I have net.inet.carp.log set to 7, but nothing is logged when this happens: no state changes, no other messages. Recovery is simple: I just 'ifconfig carpxx down; ifconfig carpxx up'. The interface recovers in a second or two. I had this problem with 4.9-stable, and today I migrated the config to a fresh 5.0-stable installation with the same results. Any help much appreciated! I assume all your carp interfaces have the same carpdev (physical interface) ? I suspect you may run into this limit (in sys/netinet): if_ether.c: IFQ_SET_MAXLEN(arpintrq, 50); /* XXX hate magic numbers */ Can you raise that number to 100 and compile a new kernel? I've now had this running since your suggestion, and the problem hasn't come back. Thanks again! - Ian -- Ian Chard, Systems Architect | E: ian.ch...@bodleian.ox.ac.uk Bodleian Libraries | T: 80587 / (01865) 280587 University of Oxford | F: (01865) 242287
Re: How to have more than 15 pflog interfaces?
* Siju George sgeorge@gmail.com [2012-04-10 08:16]: On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera andre...@zoho.com wrote: altering the max might have consequences i don't know about: I will stick with 15 :-) actually, bumping it should be absolutely safe. pretty dumb limit actually, we should just dynamically allocate the pflogifs array. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
V5.0 - ipsec -- lifetime dependencies between ipsec.conf (ipsecctl) and isakmpd.conf
Hello @misc, I'm lost in the documentation of isakmpd.conf and ipsec.conf :-( Situation: I have to set up several ipsec-connections on one system on my side (OBSD 5) to different sites with different VPN-hardware. All external sites offer only PSKs in configuration, no certificates. Problem: most of the sites use different key lifetimes (in phase 1/2), so I have do deal with a bunch of lifetime values. Question: is there any chance (perhaps in the future) to integrate lifetime parameters via ipsecctl -- ipsec.conf or will I be forced to keep on using isakmpd.conf? I don't need isakmpd.conf for other parameters ;-) best regards Andre Ruppert
Re: CARP interfaces randomly stop answering ARP requests
Regarding f_ether.c: IFQ_SET_MAXLEN(arpintrq, 50); /* XXX hate magic numbers */ Is 50 the limitation of logical interface per each physical or is it 50 carp per logic interface? Best regards Johan Ryberg 2012/4/11 Ian Chard ian.ch...@bodleian.ox.ac.uk: On 03/04/12 10:32, Camiel Dobbelaar wrote: On 3-4-2012 11:13, Ian Chard wrote: I have an OpenBSD box acting as a NATting firewall. It has 59 CARP interfaces defined, all identical apart from the IP address and vhid. At the moment there is no failover pair, so all the interfaces are in MASTER mode. Every so often, one of these interfaces will suddenly stop answering ARP requests. With tcpdump I can see the ARP requests coming in, but they are never answered. ifconfig output for the interface is no different to any of the other CARP instances; most notably, it is still in MASTER mode. I have net.inet.carp.log set to 7, but nothing is logged when this happens: no state changes, no other messages. Recovery is simple: I just 'ifconfig carpxx down; ifconfig carpxx up'. The interface recovers in a second or two. I had this problem with 4.9-stable, and today I migrated the config to a fresh 5.0-stable installation with the same results. Any help much appreciated! I assume all your carp interfaces have the same carpdev (physical interface) ? I suspect you may run into this limit (in sys/netinet): if_ether.c: IFQ_SET_MAXLEN(arpintrq, 50); /* XXX hate magic numbers */ Can you raise that number to 100 and compile a new kernel? I've now had this running since your suggestion, and the problem hasn't come back. Thanks again! - Ian -- Ian Chard, Systems Architect | E: ian.ch...@bodleian.ox.ac.uk Bodleian Libraries | T: 80587 / (01865) 280587 University of Oxford | F: (01865) 242287
Re: How to have more than 15 pflog interfaces?
On Wed, Apr 11, 2012 at 2:55 PM, Henning Brauer lists-open...@bsws.de wrote: actually, bumping it should be absolutely safe. pretty dumb limit actually, we should just dynamically allocate the pflogifs array. Thanks :-) Siju
Re: CARP interfaces randomly stop answering ARP requests
On 11-4-2012 11:07, Ian Chard wrote: On 03/04/12 10:32, Camiel Dobbelaar wrote: I suspect you may run into this limit (in sys/netinet): if_ether.c: IFQ_SET_MAXLEN(arpintrq, 50); /* XXX hate magic numbers */ Can you raise that number to 100 and compile a new kernel? I've now had this running since your suggestion, and the problem hasn't come back. Thanks again! Thanks for reporting back. I'm working on a fix that grows the limit with the number of interfaces, so this should not be a concern again. -- Cam
Re: CARP interfaces randomly stop answering ARP requests
On 11-4-2012 11:48, Johan Ryberg wrote: Regarding f_ether.c: IFQ_SET_MAXLEN(arpintrq, 50); /* XXX hate magic numbers */ Is 50 the limitation of logical interface per each physical or is it 50 carp per logic interface? No, it's the limit on the _global_ arp queue. arp requests (regardless of the interface) get added to a queue. This queue gets serviced every once in a while (on a soft interrupt). The problem with bridge and carp is that they duplicate those arp requests, so 1 incoming arp request on the network may turn into 50 arp requests on the queue. One for each interface on a bridge or one for each carp interface per carpdev. -- Cam
Re: how to get userland pthreads working?
Wed, 11 Apr 2012 02:00:28 -0700 PQ Philip Guenther guent...@gmail.com: On Wed, Apr 11, 2012 at 12:28 AM, Mo Libden m0lib...@mail.ru wrote: Tue, 10 Apr 2012 11:10:09 -0700 PQ Philip Guenther guent...@gmail.com: ... Running -current with userland threads is not supported. If you need userland threads, you need to run 5.1 or earlier. That was what I really needed. Thank you! It is not stated clearly in the pthreads man page. The man page still says it is a userland library implementation, which obviously is not true anymore. That's why I asked. Perhaps if we hit a blocker that would keep rthreads from being ready for the 5.2 release we'll be reverting the switch. Some parts of the docs might not be updated until we are confident that won't occur. Thank you, that's clear. I hope rthreads will make it, they're hot :-) BTW, any particular reason for wanting to switch back? Something not working right or a regression in performance or behavior? No, nothing in particular. I just used to think ahead of other possible scenarios like what if this something goes wrong, how do i... Since rthreads seem to be controlled with sysctl, I had impression that setting kern.rthreads=0 would turn old libpthread back. Like libpthread has some kind of check for kern.rthreads and chooses what functions to use according to the value. Now, thanks to you I know how the things currently are. Now, for the following, what's up with the immediate disclaimers? Only asked a question, sheesh. Nobody asked for support or anything similar. Being with OpenBSD since 1996, I kinda know the versioning and the terms for the support. Ah misc@, where half the people need the FAQ read to them and the other half are insulted when someone tries to answer the obvious next question. No, in my head it's not obvious next question. If I had come with some problem like i compile package X and it fails with rthreads, that might be the case. However, my e-mail started with I wrote a two string program to check rthreads, it looks really interesting! So it is obvious I was just playing around with this, looking how the rthreads are processed by the OS (checked OS tools like ps, top etc.). Anyway, we can drop this part :-) Philip Guenther Thanks!
Re: How to have more than 15 pflog interfaces?
* Henning Brauer lists-open...@bsws.de [2012-04-11 11:26]: * Siju George sgeorge@gmail.com [2012-04-10 08:16]: On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera andre...@zoho.com wrote: altering the max might have consequences i don't know about: I will stick with 15 :-) actually, bumping it should be absolutely safe. pretty dumb limit actually, we should just dynamically allocate the pflogifs array. please try this report back Index: if_pflog.c === RCS file: /cvs/src/sys/net/if_pflog.c,v retrieving revision 1.49 diff -u -p -r1.49 if_pflog.c --- if_pflog.c 3 Feb 2012 01:57:50 - 1.49 +++ if_pflog.c 11 Apr 2012 10:19:56 - @@ -80,6 +80,7 @@ #endif void pflogattach(int); +intpflogifs_resize(size_t); intpflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); intpflogioctl(struct ifnet *, u_long, caddr_t); @@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc)pflogif_list; struct if_clonepflog_cloner = IF_CLONE_INITIALIZER(pflog, pflog_clone_create, pflog_clone_destroy); -struct ifnet *pflogifs[PFLOGIFS_MAX];/* for fast access */ -struct mbuf*pflog_mhdr = NULL, *pflog_mptr = NULL; +int npflogifs = 0; +struct ifnet **pflogifs = NULL; /* for fast access */ +struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL; void pflogattach(int npflog) { - int i; LIST_INIT(pflogif_list); - for (i = 0; i PFLOGIFS_MAX; i++) - pflogifs[i] = NULL; if (pflog_mhdr == NULL) if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL) panic(pflogattach: no mbuf); @@ -111,14 +110,41 @@ pflogattach(int npflog) } int +pflogifs_resize(size_t n) +{ + struct ifnet**p; + int i; + + if (n SIZE_MAX / sizeof(struct ifnet)) + return (EINVAL); + if (n == 0) + p = NULL; + else + if ((p = malloc(n * sizeof(struct ifnet), M_DEVBUF, + M_NOWAIT|M_ZERO)) == NULL) + return (ENOMEM); + for (i = 0; i n; i++) + if (i npflogifs) + p[i] = pflogifs[i]; + else + p[i] = NULL; + + if(pflogifs) + free(pflogifs, M_DEVBUF); + pflogifs = p; + npflogifs = n; + return (0); +} + +int pflog_clone_create(struct if_clone *ifc, int unit) { struct ifnet *ifp; struct pflog_softc *pflogif; int s; - if (unit = PFLOGIFS_MAX) - return (EINVAL); + if (unit + 1 npflogifs pflogifs_resize(unit + 1) != 0) + return (ENOMEM); if ((pflogif = malloc(sizeof(*pflogif), M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL) @@ -154,11 +180,16 @@ int pflog_clone_destroy(struct ifnet *ifp) { struct pflog_softc *pflogif = ifp-if_softc; - int s; + int s, i; s = splnet(); pflogifs[pflogif-sc_unit] = NULL; LIST_REMOVE(pflogif, sc_list); + + for (i = npflogifs; i 0 pflogifs[i - 1] != NULL; i--) + ; /* nothing */ + if (i npflogifs) + pflogifs_resize(i); /* error harmless here */ splx(s); if_detach(ifp); @@ -225,7 +256,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8 if (rm == NULL || pd == NULL || pd-kif == NULL || pd-m == NULL) return (-1); - if ((ifn = pflogifs[rm-logif]) == NULL || !ifn-if_bpf) + if (rm-logif = npflogifs || (ifn = pflogifs[rm-logif]) == NULL || + !ifn-if_bpf) return (0); bzero(hdr, sizeof(hdr)); Index: pf_ioctl.c === RCS file: /cvs/src/sys/net/pf_ioctl.c,v retrieving revision 1.250 diff -u -p -r1.250 pf_ioctl.c --- pf_ioctl.c 3 Apr 2012 15:09:03 - 1.250 +++ pf_ioctl.c 11 Apr 2012 10:19:57 - @@ -2595,8 +2595,6 @@ pf_rule_copyin(struct pf_rule *from, str #if NPFLOG 0 if (!to-log) to-logif = 0; - if (to-logif = PFLOGIFS_MAX) - return (EINVAL); #endif to-quick = from-quick; to-ifnot = from-ifnot; -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: manual about jobs control
f5b f...@163.com wrote: In OpenBSD we can use commands like jobs fg or something else, but why man jobs man fg not work? and are there anything about jobs control in the base Manual? Yup. man $SHELL
Re: manual about jobs control
On 04/11/12 01:23, f5b wrote: In OpenBSD we can use commands like jobs fg or something else, but why man jobs man fg not work? and are there anything about jobs control in the base Manual? These are shell builtins. You may refer to your shell's man. Regards. -- Samuel Martmn Moro Inginieur Systhmes et Riseaux tel 01 41 40 11 22 gsm 06 30 52 01 79 SMILE - Open Source Solutions 48 rue de Villiers, 92300 Levallois Perret
Re: How to have more than 15 pflog interfaces?
On Wed, Apr 11, 2012 at 3:50 PM, Henning Brauer lists-open...@bsws.de wrote: please try this report back Thanks Henning but I need some help :-( I got the following errors and I have attached the .rej files = # patch -p0 patch.if_pflog Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Index: if_pflog.c |=== |RCS file: /cvs/src/sys/net/if_pflog.c,v |retrieving revision 1.49 |diff -u -p -r1.49 if_pflog.c |--- if_pflog.c 3 Feb 2012 01:57:50 - 1.49 |+++ if_pflog.c 11 Apr 2012 10:19:56 - -- File to patch: sys/net/if_pflog.c Patching file sys/net/if_pflog.c using Plan A... Hunk #1 failed at 80. Hunk #2 failed at 92. Hunk #3 failed at 110. Hunk #4 failed at 180. Hunk #5 failed at 256. 5 out of 5 hunks failed--saving rejects to sys/net/if_pflog.c.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -- |Index: pf_ioctl.c |=== |RCS file: /cvs/src/sys/net/pf_ioctl.c,v |retrieving revision 1.250 |diff -u -p -r1.250 pf_ioctl.c |--- pf_ioctl.c 3 Apr 2012 15:09:03 - 1.250 |+++ pf_ioctl.c 11 Apr 2012 10:19:57 - -- File to patch: sys/net/pf_ioctl.c Patching file sys/net/pf_ioctl.c using Plan A... Hunk #1 failed at 2595. 1 out of 1 hunks failed--saving rejects to sys/net/pf_ioctl.c.rej done === Thanks Siju [demime 1.01d removed an attachment of type application/octet-stream which had a name of if_pflog.c.rej] [demime 1.01d removed an attachment of type application/octet-stream which had a name of pf_ioctl.c.rej]
Re: How to have more than 15 pflog interfaces?
On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote: * Henning Brauer lists-open...@bsws.de [2012-04-11 11:26]: * Siju George sgeorge@gmail.com [2012-04-10 08:16]: On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera andre...@zoho.com wrote: altering the max might have consequences i don't know about: I will stick with 15 :-) actually, bumping it should be absolutely safe. pretty dumb limit actually, we should just dynamically allocate the pflogifs array. please try this report back Index: if_pflog.c === RCS file: /cvs/src/sys/net/if_pflog.c,v retrieving revision 1.49 diff -u -p -r1.49 if_pflog.c --- if_pflog.c3 Feb 2012 01:57:50 - 1.49 +++ if_pflog.c11 Apr 2012 10:19:56 - @@ -80,6 +80,7 @@ #endif void pflogattach(int); +int pflogifs_resize(size_t); int pflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); int pflogioctl(struct ifnet *, u_long, caddr_t); @@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc) pflogif_list; struct if_clone pflog_cloner = IF_CLONE_INITIALIZER(pflog, pflog_clone_create, pflog_clone_destroy); -struct ifnet *pflogifs[PFLOGIFS_MAX];/* for fast access */ -struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL; +intnpflogifs = 0; +struct ifnet **pflogifs = NULL; /* for fast access */ +struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL; void pflogattach(int npflog) { - int i; LIST_INIT(pflogif_list); - for (i = 0; i PFLOGIFS_MAX; i++) - pflogifs[i] = NULL; if (pflog_mhdr == NULL) if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL) panic(pflogattach: no mbuf); @@ -111,14 +110,41 @@ pflogattach(int npflog) } int +pflogifs_resize(size_t n) +{ + struct ifnet**p; + int i; + + if (n SIZE_MAX / sizeof(struct ifnet)) + return (EINVAL); + if (n == 0) + p = NULL; + else + if ((p = malloc(n * sizeof(struct ifnet), M_DEVBUF, + M_NOWAIT|M_ZERO)) == NULL) + return (ENOMEM); don't you need two different index vars for this next section? + for (i = 0; i n; i++) + if (i npflogifs) + p[i] = pflogifs[i]; + else + p[i] = NULL; something like the following with caveats that a) it is 5am-ish for me and b) i did not try compiling it: for (i = 0, j = 0; i n; i++, j++) { for (; j npflogifs NULL == pflogifs[j]; j++) ; if (j == npflogifs) break; p[i] = pflogifs[j]; } for (; i n; i++) p[i] = NULL; + + if(pflogifs) ^^ nit + free(pflogifs, M_DEVBUF); + pflogifs = p; + npflogifs = n; + return (0); +} + +int pflog_clone_create(struct if_clone *ifc, int unit) { struct ifnet *ifp; struct pflog_softc *pflogif; int s; - if (unit = PFLOGIFS_MAX) - return (EINVAL); + if (unit + 1 npflogifs pflogifs_resize(unit + 1) != 0) + return (ENOMEM); if ((pflogif = malloc(sizeof(*pflogif), M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL) @@ -154,11 +180,16 @@ int pflog_clone_destroy(struct ifnet *ifp) { struct pflog_softc *pflogif = ifp-if_softc; - int s; + int s, i; s = splnet(); pflogifs[pflogif-sc_unit] = NULL; LIST_REMOVE(pflogif, sc_list); + + for (i = npflogifs; i 0 pflogifs[i - 1] != NULL; i--) + ; /* nothing */ + if (i npflogifs) + pflogifs_resize(i); /* error harmless here */ So, if the last pflogifs entry is NULL don't resize down? Not really questioning the logic, but want to make sure I understand that's what is meant, cause there is an easier check for that than the for()-loop. Caveats: a) 5am-ish, b) not familiar with code. --patrick splx(s); if_detach(ifp); @@ -225,7 +256,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8 if (rm == NULL || pd == NULL || pd-kif == NULL || pd-m == NULL) return (-1); - if ((ifn = pflogifs[rm-logif]) == NULL || !ifn-if_bpf) + if (rm-logif = npflogifs || (ifn = pflogifs[rm-logif]) == NULL || + !ifn-if_bpf) return (0); bzero(hdr, sizeof(hdr)); Index: pf_ioctl.c === RCS file: /cvs/src/sys/net/pf_ioctl.c,v retrieving revision 1.250 diff -u -p -r1.250 pf_ioctl.c --- pf_ioctl.c3 Apr 2012 15:09:03 - 1.250 +++ pf_ioctl.c11 Apr 2012 10:19:57 - @@ -2595,8 +2595,6 @@
Re: Does relayd(8) support TLS Server Name Initiation?
Interesting question for me either.. SNI is already supported by OpenSSL starting from version 0.9.8f and later, pound supports it from version 2.6 - which is not in packages yet (still 2.5 there), nginx in packages seems to be supporting it (not sure how it is in practice). Would be cool if relayd(8) had such feature... But I don't see any info regarding this in internet. Maybe somebody can shed some light on this ? thanks, VA On 23.09.2010 19:31, Christopher Dukes wrote: And if not is support planned? I'd like to make use of relayd's relays for URL based filtering of https requests. I already know for SSL2 I'm stuck to 1 IP address per cert. A scan of the relayd.conf(5) and ssl(8) and the daily change logs for 4.6 through current all say no, but for all I know someone might be working on something quietly :-). And since the current state of things appears to be No TLS Server Name Initiation, does anyone have any throughs as to whether or not using relayd redirects and lighttpd or nginx to negotiate TLS SNI would be a bad idea? And if it's a bad idea, what any better ideas are. Thanks, Chris Dukes
Re: kernel panic: inteldrm
Hello. I tried to turn off the hardware acceleration with DRI, NoAccel Accel xorg.conf options but without success - in the /var/log/Xorg.0.log I found messages about unused NoAccel Accel options and activated DRI driver. The fragment from my /etc/X11/xorg.conf on i386 OpenBSD-4.9: ... Section Device ### Available Driver options are:- ### Values: i: integer, f: float, bool: True/False, ### string: String, freq: f Hz/kHz/MHz, ### percent: f% ### [arg]: arg optional #Option NoAccel # [bool] #Option SWcursor # [bool] #Option ColorKey # i #Option CacheLines# i #Option Dac6Bit # [bool] #Option DRI # [bool] #Option NoDDC # [bool] #Option ShowCache # [bool] #Option XvMCSurfaces # i #Option PageFlip # [bool] Identifier Card0 Driver intel BusID PCI:0:2:0 #Option HWcursor off Option DRI off Option NoAccel on EndSection Section Screen Identifier Screen0 Device Card0 Monitor Monitor0 Option Accel off ... Give me, please, an advise about other possibilities to turn off video driver hardware acceleration. -- Alexei Malinin
Re: V5.0 - ipsec -- lifetime dependencies between ipsec.conf (ipsecctl) and isakmpd.conf
Andre Ruppert a...@in-telegence.net wrote: is there any chance (perhaps in the future) to integrate lifetime parameters via ipsecctl -- ipsec.conf or will I be forced to keep on using isakmpd.conf? There is lifetime code in ipsecctl. I don't know if its absence from the man page is an accidental omission or if the code is incomplete. -- Christian naddy Weisgerber na...@mips.inka.de
DIPLOMADO: DIRECCION ESTRATEGICA DE NEGOCIOS, ALTA DIRECCION
Te invitamos a participar en el Diplomado: Direccisn Estratigica de Negocios, Alta Direccisn Dirigido a: Todos aquellos altos ejecutivos que toman decisiones estratigicas en la empresa, Directores de empresas, propietarios, gerentes del sector empresarial y miembros del consejo interesados en desarrollar habilidades directivas que les permitan detectar areas de oportunidad en su negocio. Objetivo General: Bajo un entorno de competencias laborales, el participante sera capaz de concebir y diseqar, de forma sistematica, un nuevo modelo de empresa que genere valor al interior y exterior de la misma. Fecha de inicio: 20 de abril Fecha lmmite de inscripcisn 13 de abril CUPO LIMITADO DURACISN 112 horas Totales. INCLUYE: -Instructores expertos en la materia -Conferencias de excelencia acadimica -Material especializado -Constancias -Servicio de cafi continuo Requisitos: -Comprobante de Estudios de zltimo grado -Currmculo Vitae -Solicitud de Inscripcisn, que le proporcionara el coordinador -Fotografma impresa o digital para la solicitud de inscripcisn -Comprobante de Pago MSDULO I Gestisn del Cambio, Ticnicas para el coaching == MSDULO II planeacisn Estratigica como herramienta organizacional: Balanced Scorecard = MODULO III Cultura Financiera, Evaluacisn de proyectos de inversisn === MSDULO IV Trabajo en Equipo === MODULO V Liderazgo Transformador, del Lmder Personal al Lmder Efectivo y Exitoso en Equipos Integrados. MODULO VI. Administracisn del Capital Humano. Creando un ambiente sano de trabajo. = MODULO VII Atencisn a Cliente, cuando la actitud no es suficiente Estamos seguros que su presencia sera altamente significativa por todo lo que esto representa el mantenerse a la vanguardia en capacitacisn y que desde el inicio del evento, habremos de congratularnos por los resultados obtenidos. Sin otro particular por el momento y esperando contar con su distinguida presencia Reciba un cordial saludo Atte Lic. Julio Alejandro Mendoza Coordinador Acadimico Educacisn continua Fomento Para el Desarrollo Econsmico Tels. Oficina Queritaro Conmutador (442) 455 55 55 Directo (442) 220 71 18 e-mail: jamend...@dec.fca.unam.mx juliomend...@fundacionparaeldesarrolloeconomico.org Si deseas darte de baja de este e-news letter, envia un correo con el asunto baja a division.educacionconti...@yahoo.com.mx
Mosh? seems dangerous!
Apparently MIT's folks want to do SSH with roaming. Just curious what you guys think of it. http://mosh.mit.edu/ -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: Mosh? seems dangerous!
On Wed, Apr 11, 2012 at 12:39:39PM -0400, bofh wrote: Apparently MIT's folks want to do SSH with roaming. Just curious what you guys think of it. http://mosh.mit.edu/ Quote: Moreover, TELNET had some good things going it for a local-echo mode and a well-defined network virtual terminal. Then SSH came along and added minor enhancements like confidentiality and authentication, at the cost of losing the local-echo mode and the well-defined terminal semantics. minor enhancements like confidentiality and authentication ? at the cost of losing the local-echo mode ? dunno about the quality of the stuff, but... promoting, they're doing it wrong -- Gilles Chehade https://www.poolp.org | http://pool.ps @poolpOrg
Re: Mosh? seems dangerous!
And apparently they don't know how to use authorized_keys either :) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: Mosh? seems dangerous!
Have you REALLY read what it is??? I don't think so ;) Once more please: http://mosh.mit.edu/ You must first log in via SSH (with the keys if you want) and then from the server you start the mosh client as an application and do a callback to the client. It's not a daemon and it does not need any high privileges to run. I don't have any problem with SSH so I will not use this any way, it just seems to much work and another layer of overhead just to get rid of some lag that never caused me any problem. -- Johan Ryberg 2012/4/11 bofh goodb...@gmail.com: And apparently they don't know how to use authorized_keys either :)
Re: Mosh? seems dangerous!
Gilles Chehade gil...@poolp.org wrote: http://mosh.mit.edu/ Moreover, TELNET had some good things going it for a local-echo mode and a well-defined network virtual terminal. Then SSH came along and added minor enhancements like confidentiality and authentication, at the cost of losing the local-echo mode and the well-defined terminal semantics. This must be satire. Right? I mean, local-echo mode? What is this? 1975? -- Christian naddy Weisgerber na...@mips.inka.de
Re: Mosh? seems dangerous!
Heh, I did. I was looking at the problem statement of oh, you have to enter passwords each time you login from a different place. A combination of authorized_keys + tmux/screen would have solved that problem, methinks, and far better than yet another daemon (something that sits on a udp port is still a daemon) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: smtpd: no user for command execution in aliases
On Tue, Apr 10, 2012 at 09:39:39PM -0400, Josh Grosse wrote: On Mon, Apr 09, 2012 at 10:24:49PM +0200, Gilles Chehade wrote: Guys, Can you try the following diff, it fixes the issue here and should get your mailing lists working. Please report if it works (or not ;-) This pair of patches did not change the parsing in makemap; newaliases continues to report syntax errors when using | to pipe to commands. eg: This line produces a syntax error: majordomo: |/usr/local/lib/majordomo/wrapper majordomo Yeah I found that too. It is possible to wrap the command itself in quotes like that: majordomo: |/some/path argument BUT then /some/path argument will be executed as a command in its full length without splitting command and arguments (cannot execute '/some/path argument') Using a .forward file works (without quotes) as expected. -Josh-
Re: Mosh? seems dangerous!
On Wed, Apr 11, 2012 at 11:02 AM, Christian Weisgerber na...@mips.inka.de wrote: Gilles Chehade gil...@poolp.org wrote: This must be satire. Right? I mean, local-echo mode? What is this? 1975? In lossy or high latency environments I find a local echo to be really useful. To the point I occasionally dump stdout through my ssh tunnel locally instead of trying to run an interactive shell.
webcam/mic
This might be dumb question, but I haven't found the answer anywhere else yet. I have a lemote 8089b and I'm trying to figure out what software I'd use in order to use the webcam/microphone. I'm not trying to solve any particular problem other than my own curiosity of how I'd record/ take pictures (video chat would be cool too but is only a bonus). Here's my dmesg: OpenBSD 5.0 (GENERIC) #26: Wed Aug 17 10:41:08 MDT 2011 x...@xxx.xxx:/usr/src/sys/arch/loongson/compile/GENERIC real mem = 1073741824 (1024MB) avail mem = 1059209216 (1010MB) mainbus0 at root: Lemote Yeeloong cpu0 at mainbus0: STC Loongson2F CPU 797 MHz, STC Loongson2F FPU cpu0: cache L1-I 64KB D 64KB 4 way, L2 512KB 4 way bonito0 at mainbus0: memory and PCI-X controller, rev 1 pci0 at bonito0 bus 0 rl0 at pci0 dev 7 function 0 Realtek 8139 rev 0x10: irq 5, address xx:xx:xx:xx: rlphy0 at rl0 phy 0: RTL internal PHY smfb0 at pci0 dev 8 function 0 Silicon Motion LynxEM+ rev 0xb0 wsdisplay0 at smfb0 mux 1: console (std, vt100 emulation) ohci0 at pci0 dev 9 function 0 NEC USB rev 0x44: irq 7, version 1.0 ehci0 at pci0 dev 9 function 1 NEC USB rev 0x05: irq 7 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 NEC EHCI root hub rev 2.00/1.00 addr 1 glxpcib0 at pci0 dev 14 function 0 AMD CS5536 ISA rev 0x03: rev 3, 32-bit 3579545Hz timer, watchdog, gpio gpio1 at glxpcib0: 32 pins pciide0 at pci0 dev 14 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: FUJITSU MHZ2160BH G2 wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) auglx0 at pci0 dev 14 function 3 AMD CS5536 Audio rev 0x01: isa irq 9, CS5536 AC97 ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0) audio0 at auglx0 ohci1 at pci0 dev 14 function 4 AMD CS5536 USB rev 0x02: isa irq 11, version 1.0, legacy support ehci1 at pci0 dev 14 function 5 AMD CS5536 USB rev 0x02: isa irq 11 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 AMD EHCI root hub rev 2.00/1.00 addr 1 usb2 at ohci0: USB revision 1.0 uhub2 at usb2 NEC OHCI root hub rev 1.00/1.00 addr 1 isa0 at glxpcib0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 mcclock0 at isa0 port 0x70/2: mc146818 or compatible ykbec0 at isa0 port 0x381/3 usb3 at ohci1: USB revision 1.0 uhub3 at usb3 AMD OHCI root hub rev 1.00/1.00 addr 1 clock0 at mainbus0: ticker on int5 using count register apm0 at mainbus0 umass0 at uhub1 port 1 configuration 1 interface 0 Generic USB2.0-CRW rev 2.00/58.87 addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: Generic-, Multi-Card, 1.00 SCSI0 0/direct removable serial.0bda015811417340 urtw0 at uhub1 port 4 Realtek RTL8187B rev 2.00/2.00 addr 3 urtw0: RTL8187B rev E, address xx:xx:xx:xx: vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets pmon bootpath: /dev/disk/wd0 boot device: wd0 root on wd0a swap on wd0b dump on wd0b WARNING: / was not properly unmounted ehci_idone: ex=0xc0088200 is done! ehci_idone: ex=0xc0088200 is done! apm0: battery high urtw1 at uhub1 port 2 Realtek RTL8187 rev 2.00/1.00 addr 4 urtw1: RTL8187 rev 0x04, RFv2, address xx:xx:xx:xx:
Re: Mosh? seems dangerous!
On Wed, Apr 11, 2012 at 11:19:44AM -0700, Johan Beisser wrote: On Wed, Apr 11, 2012 at 11:02 AM, Christian Weisgerber na...@mips.inka.de wrote: Gilles Chehade gil...@poolp.org wrote: This must be satire. Right? I mean, local-echo mode? What is this? 1975? In lossy or high latency environments I find a local echo to be really useful. To the point I occasionally dump stdout through my ssh tunnel locally instead of trying to run an interactive shell. Well, I don't know how useful it is and I'm not debating it, but making it a big selling point while saying confidentiality and security are minor enhancements is a sign of lost sanity ;-) -- Gilles Chehade https://www.poolp.org | http://pool.ps @poolpOrg
Re: webcam/mic
This might be dumb question, but I haven't found the answer anywhere else yet. I have a lemote 8089b and I'm trying to figure out what software I'd use in order to use the webcam/microphone. I'm not trying to solve any particular problem other than my own curiosity of how I'd record/ take pictures (video chat would be cool too but is only a bonus). The webcam doesn't show up in dmesg on the 8101 and the late 8089 models. I've been trying to fiddle with the registers that supposedly enable it, with no reproduceable results, and eventually gave up. If you're lucky, the webcam enable key combination (should be something like Fn-F2) will make it appear and attach as an uvideo device. But I wouldn't hold my breath on this. Miod
Repost: Failed HP 360 Install from USB attached CD
Good afternoon, My apologies - the previous post was a little mangled. I have just attempted an install of the latest snapshot cd51.iso - dated 07/04/2012 5:55:00 PM on some new HP 360 servers. I am able to boot of the CD, but the boot hangs immediately after the following line is displayed: brgphy3 at bnx3 phy1: BCM5709 10/100/100baseT PHY, rev. 8 (see full dmesg below) This is also the case when trying to install by booting off the OpenBSD 5.0 CD disk 1 (and cd50.iso). I was able to install on the HP 360 servers by moving drives over from an HP 120 (which didn't have the same problem) with BSD already installed, booting off bsd.rd from disk, and reinstalling over the network, and subsequent installations booting to bsd.rd on disk to sd1 and swapping drives, etc. As such, I have OpenBSD 5.0 running on our HP 360 servers, but have never been able to boot and install from a USB attached CD (or USB memory stick). I should mention that when installing I also have a USB attached key board in addition to the USB attached CD Drive (see dmesg output below). This is an inconvenience more than anything, but it might point to some underlying issues? Has anyone seen similar problems? Many thanks. Rob = = = = = USB Keyboard attach, detach, and reattach = = = = = uhidev2 at uhub4 port 1 configuration 1 interface 0 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev2: iclass 3/1 ukbd1 at uhidev2: 8 modifier keys, 6 key codes wskbd2 at ukbd1 mux 1 wskbd2: connecting to wsdisplay0 uhidev3 at uhub4 port 1 configuration 1 interface 1 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev3: iclass 3/0, 2 report ids uhid0 at uhidev3 reportid 1: input=2, output=0, feature=0 uhid1 at uhidev3 reportid 2: input=1, output=0, feature=0 wskbd2: disconnecting from wsdisplay0 wskbd2 detached ukbd1 detached uhidev2 detached uhid0 detached uhid1 detached uhidev3 detached uhidev2 at uhub4 port 1 configuration 1 interface 0 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev2: iclass 3/1 ukbd1 at uhidev2: 8 modifier keys, 6 key codes wskbd2 at ukbd1 mux 1 wskbd2: connecting to wsdisplay0 uhidev3 at uhub4 port 1 configuration 1 interface 1 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev3: iclass 3/0, 2 report ids uhid0 at uhidev3 reportid 1: input=2, output=0, feature=0 uhid1 at uhidev3 reportid 2: input=1, output=0, feature=0 = = = = = USB attached CD Drive = = = = = wskbd2: disconnecting from wsdisplay0 wskbd2 detached ukbd1 detached uhidev2 detached uhid0 detached uhid1 detached uhidev3 detached uhidev2 at uhub4 port 1 configuration 1 interface 0 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev2: iclass 3/1 ukbd1 at uhidev2: 8 modifier keys, 6 key codes wskbd2 at ukbd1 mux 1 wskbd2: connecting to wsdisplay0 uhidev3 at uhub4 port 1 configuration 1 interface 1 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev3: iclass 3/0, 2 report ids uhid0 at uhidev3 reportid 1: input=2, output=0, feature=0 uhid1 at uhidev3 reportid 2: input=1, output=0, feature=0 umass0 at uhub1 port 7 configuration 1 interface 0 MediaTek Inc MT1836 rev 2.00/0.00 addr 2 umass0: using SCSI over Bulk-Only scsibus3 at umass0: 2 targets, initiator 0 cd0 at scsibus3 targ 1 lun 0: HL-DT-ST, DVDRAM GP10NW20, 1.03 SCSI0 5/cdrom removable serial.0e8d1836B3H5824_ cd0 detached scsibus3 detached umass0 detached = = = = = dmesg (USB devices were not present at reboot) = = = = = OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (GenuineIntel 686-class) 2.41 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACP I,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR, PDCM,DCA,SSE4.1,SSE4.2,POPCNT,AES real mem = 3747340288 (3573MB) avail mem = 3675979776 (3505MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.7 @ 0xdf7fe000 (127 entries) bios0: vendor HP version P68 date 05/05/2011 bios0: HP ProLiant DL360 G7 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC SRAT BERT HEST DMAR SSDT SS DT SSDT SSDT SSDT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 20 (application processor) cpu1: Intel(R)
Re: webcam/mic
On Wednesday, April 11, 2012, Miod Vallat wrote: This might be dumb question, but I haven't found the answer anywhere else yet. I have a lemote 8089b and I'm trying to figure out what software I'd use in order to use the webcam/microphone. I'm not trying to solve any particular problem other than my own curiosity of how I'd record/ take pictures (video chat would be cool too but is only a bonus). The webcam doesn't show up in dmesg on the 8101 and the late 8089 models. I've been trying to fiddle with the registers that supposedly enable it, with no reproduceable results, and eventually gave up. If you're lucky, the webcam enable key combination (should be something like Fn-F2) will make it appear and attach as an uvideo device. But I wouldn't hold my breath on this. Miod I tried both with and without holding my breath with no luck.
Hi-Five OpenBSD World - New installation - Power management questions
Hello OpenBSD World!!! Long time Linux user who has recently been looking closely at OpenBSD for secure NAS backup device (home network). This is an immediate need but I will be shifting a couple of desktops to OBSD 'larrerrer' ;-). I attach at the bottom of this e-mail my dmesg output for my relatively simple platform for the NAS (I knoww, it's a waste of an excellent OS! But I am after the security): Intel D525MW motherboard (Intel Atom D525 Dual Core 1.8GHz (Supports 64bit), Intel NM10 Express Chipset, Intel GMA3150 Integrated Graphics, Realtek 8111E GiE NIC, Intel BIOS - Supports ACPI), 4GB RAM, Samsung HM160HI 160GB SATA 2.5 HDD (Taken from my Samsung NC10 and wiped with DBAN before installation). Boot medium was CD from an external, USB-connected Samsung SE-S224Q DVD Writer using Version 5.0 for AMD64 - SHA256 checksum checked against three Mirrors. Only problem I encountered preceded installation while the CD was booting. I received the message /etc/boot.conf: line too long but the CD continued to boot and the installation went through without any problems. I used these package options: -x* then -game* (removing these packages from the install - it's a NAS I'm creating here). I had no problem setting up my static network address etc. etc. I will install rsync via pkg_add later. However, I have been trying to find out how OpenBSD handles ACPI/APM Power Management and disk hibernation. I have read quite a bit: 1) Michael Lucas' Absolute OpenBSD (2004) 2) Secure Architectures with OpenBSD (2004) 3) Michael Lucas' Absolute BSD (for FreeBSD) (2002) 4) Calomel - you know the one 5) I've tried to search the archived dialogues on Old Nabble (Difficult) 6) I've searched Daemon Forums 7) I've read the FAQ - Always the last place I look ;-) This is what I feel I have learned: 1) Advanced Power Management on OpenBSD is handled by apmd. I know that because enabling it through /etc/rc.conf, rebooting and then issuing zzz puts the PC to sleep. When I tap a key - it wakes up again (exactly where I left it). GREAT! 2) apmd does not automatically hibernate my disk (unless I am missing something) - but it is possible that there are ports (I've read about these for FreeBSD) which might handle disk hibernation: spindown and diskidle 3) I read somewhere that there is a danger in suspending/hibernating the disk security wise - but haven't found a full explanation (Is RAM dumped to disk unencrypted, perhaps?). That would explain why a program to hibernate the disk isn't included in the default install of OpenBSD. Unfortunately - searching the OpenBSD mailing lists I have subscribed too is darn awkward (compared to some other fora - I know some issue 'tarred' archives that can be imported into an e-mail client - ever considered it? :-) ). SO... I've come to the fount of all knowledge to seek guidance on the following: 1) Beyond apmd, is there a default handler of disk hibernation install-ed/able via default OpenBSD? 2) To use apmd, do I need to maintain a swap partition? Indeed, should I ALWAYS maintain a swap partition on this simple setup (which is running fine)? I was hoping to get away without one (currently b: is undefined). 3) If spindown or diskidle exist in the packages/ports - would installing these provide me with a disk hibernation facility for OpenBSD? 4) Is there another way to manage the PC('NAS') using OpenBSD to minimize power while the 'NAS' is available 24/7? All you savvy peeps who know where I am going on this - what's my best case scenario? An OpenBSD NAS which doesn't hibernate (Thinks... Where can I get a 100W PSU?) or can I possibly achieve a NAS that hibernates the drive and Wake(s) on LAN? I'd settle for simply hibernating the disk (That's about 22W there - half the power draw) - but if the full monty is possible - I'll keep on digging. dmesg details follow this EXTREMELY LONG FIRST POST. Thanks for YOUR patience, y'all ;-) Mike P.S. Anybody know why there is an RTC BIOS error 80 for the clock battery (See below)? Brand New board, this one. P.P.S. The i386 32-bit version 5.0 works on this MB too - but I haven't attached the DMESG for that... ** MY DMESG ** OpenBSD 5.0 (GENERIC.MP) #63: Wed Aug 17 10:14:30 MDT 2011 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80clock_battery real mem = 4275666944 (4077MB) avail mem = 4147728384 (3955MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcee98000 (27 entries) bios0: vendor Intel Corp. version MWPNT10N.86A.0083.2011.0524.1600 date 05/24/2011 bios0: Intel Corporation D525MW acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP
Re: How to have more than 15 pflog interfaces?
* Siju George sgeorge@gmail.com [2012-04-11 14:25]: On Wed, Apr 11, 2012 at 3:50 PM, Henning Brauer lists-open...@bsws.de wrote: please try this report back Thanks Henning but I need some help :-( I got the following errors and I have attached the .rej files diffs are for current of course but should work for 5.1 as well - dunno what you are trying. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: How to have more than 15 pflog interfaces?
* patrick keshishian sids...@boxsoft.com [2012-04-11 14:55]: On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote: don't you need two different index vars for this next section? no, why? + for (i = 0; i n; i++) + if (i npflogifs) + p[i] = pflogifs[i]; + else + p[i] = NULL; i think that is pretty clear: each slot in the newly allocated p gets the same value as it had in the old pflogifs, once we're at the end of pflogifs we set the remaining slots to NULL. unused slots were NULL before so just inheriting the NULL is safe. something like the following with caveats that a) it is 5am-ish for me and b) i did not try compiling it: for (i = 0, j = 0; i n; i++, j++) { for (; j npflogifs NULL == pflogifs[j]; j++) ; if (j == npflogifs) break; p[i] = pflogifs[j]; } for (; i n; i++) p[i] = NULL; i gave up following this after a bit. + + if(pflogifs) ^^ nit fixed s = splnet(); pflogifs[pflogif-sc_unit] = NULL; LIST_REMOVE(pflogif, sc_list); + + for (i = npflogifs; i 0 pflogifs[i - 1] != NULL; i--) + ; /* nothing */ + if (i npflogifs) + pflogifs_resize(i); /* error harmless here */ So, if the last pflogifs entry is NULL don't resize down? Not really questioning the logic, but want to make sure I understand that's what is meant, cause there is an easier check for that than the for()-loop. Caveats: a) 5am-ish, b) not familiar with code. walk the array backwards until we find the first non-empty slot, then shrink it to that. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: How to have more than 15 pflog interfaces?
On Wed, Apr 11, 2012 at 3:14 PM, Henning Brauer lists-openbsdt...@bsws.de wrote: * patrick keshishian sids...@boxsoft.com [2012-04-11 14:55]: On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote: don't you need two different index vars for this next section? no, why? I put the caveat that I am not familiar with the code (and its use). So apologies if I'm making grave assumptions on the use case (more below). + for (i = 0; i n; i++) + if (i npflogifs) + p[i] = pflogifs[i]; + else + p[i] = NULL; i think that is pretty clear: each slot in the newly allocated p gets the same value as it had in the old pflogifs, once we're at the end of pflogifs we set the remaining slots to NULL. unused slots were NULL before so just inheriting the NULL is safe. Unless pflog_clone_destroy() takes out one in the middle of the list. I probably assumed too much. something like the following with caveats that a) it is 5am-ish for me and b) i did not try compiling it: for (i = 0, j = 0; i n; i++, j++) { for (; j npflogifs NULL == pflogifs[j]; j++) ; if (j == npflogifs) break; p[i] = pflogifs[j]; } for (; i n; i++) p[i] = NULL; i gave up following this after a bit. The loop is like yours, but looks out for an NULL-ed out pflogifs entry (from pflog_clone_destroy()?). If one is detected, adjust index into pflogifs accordingly. Now, if it is the case that pflog_clone_destroy() won't ever take out an entry in the middle of pflogifs, then ignore my comments. + + if(pflogifs) ^^ nit fixed s = splnet(); pflogifs[pflogif-sc_unit] = NULL; LIST_REMOVE(pflogif, sc_list); + + for (i = npflogifs; i 0 pflogifs[i - 1] != NULL; i--) + ; /* nothing */ + if (i npflogifs) + pflogifs_resize(i); /* error harmless here */ So, if the last pflogifs entry is NULL don't resize down? Not really questioning the logic, but want to make sure I understand that's what is meant, cause there is an easier check for that than the for()-loop. Caveats: a) 5am-ish, b) not familiar with code. walk the array backwards until we find the first non-empty slot, then shrink it to that. OK. So the _destroy() code will always take out entries from the end of the pflogifs array. Sorry for the noise. --patrick -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: Mosh? seems dangerous!
Christian Weisgerber [na...@mips.inka.de] wrote: Gilles Chehade gil...@poolp.org wrote: http://mosh.mit.edu/ Moreover, TELNET had some good things going it for a local-echo mode and a well-defined network virtual terminal. Then SSH came along and added minor enhancements like confidentiality and authentication, at the cost of losing the local-echo mode and the well-defined terminal semantics. This must be satire. Right? I mean, local-echo mode? What is this? 1975? It's part of Nicholas Marriott's April Fools joke, 1975 meets meb 3.0 home page. It's actually just tmux with some extensions.
Re: V5.0 - ipsec -- lifetime dependencies between ipsec.conf (ipsecctl) and isakmpd.conf
On 2012-04-11, Christian Weisgerber na...@mips.inka.de wrote: Andre Ruppert a...@in-telegence.net wrote: is there any chance (perhaps in the future) to integrate lifetime parameters via ipsecctl -- ipsec.conf or will I be forced to keep on using isakmpd.conf? There is lifetime code in ipsecctl. I don't know if its absence from the man page is an accidental omission or if the code is incomplete. IIRC, it looks like it should work per-peer but can actually only be used to set lifetimes for the default peer. Examination of the output from ipsecctl -nvf /etc/ipsec.conf would confirm this.
Re: Hi-Five OpenBSD World - New installation - Power management questions
On 04/11/12 17:13, Michael Davies wrote: ... I attach at the bottom of this e-mail my dmesg output for my relatively simple platform for the NAS (I knoww, it's a waste of an excellent OS! But I am after the security): not at all. Its a fine general purpose OS, too. :) ... However, I have been trying to find out how OpenBSD handles ACPI/APM Power Management and disk hibernation. I have read quite a bit: 1) Michael Lucas' Absolute OpenBSD (2004) 2) Secure Architectures with OpenBSD (2004) 3) Michael Lucas' Absolute BSD (for FreeBSD) (2002) 4) Calomel - you know the one 5) I've tried to search the archived dialogues on Old Nabble (Difficult) 6) I've searched Daemon Forums 7) I've read the FAQ - Always the last place I look ;-) I could take exception to that. :) This is what I feel I have learned: 1) Advanced Power Management on OpenBSD is handled by apmd. I know that because enabling it through /etc/rc.conf, rebooting and then issuing zzz puts the PC to sleep. When I tap a key - it wakes up again (exactly where I left it). GREAT! Nifty, eh? :) 2) apmd does not automatically hibernate my disk (unless I am missing something) - but it is possible that there are ports (I've read about these for FreeBSD) which might handle disk hibernation: spindown and diskidle Haven't seen a whole lot of interest in disk hibernation on OpenBSD. 3) I read somewhere that there is a danger in suspending/hibernating the disk security wise - but haven't found a full explanation (Is RAM dumped to disk unencrypted, perhaps?). That would explain why a program to hibernate the disk isn't included in the default install of OpenBSD. I can't think of any security issue on putting a system to SLEEP, but a full suspend-to-disk could kinda leave your secrets out in the open for off-line examination if done unencrypted. If done encrypted...where do you put the key? If on the disk, no gain. If you have to type it in on power-up, other problems. Some DISKS supposedly don't like too many power-up/power-down cycles. ... 1) Beyond apmd, is there a default handler of disk hibernation install-ed/able via default OpenBSD? disk hibernation... I'm assuming you mean, disk stops spinning until the OS (which is running normally) calls for it. if this is REALLY what you want (keep reading), I don't think OpenBSD can help you. 2) To use apmd, do I need to maintain a swap partition? Indeed, should I ALWAYS maintain a swap partition on this simple setup (which is running fine)? I was hoping to get away without one (currently b: is undefined). Swap partition is optional, as long as you have enough RAM to do what you want. If you are short one byte, you are in trouble, but with 4G RAM, you got a lot. 3) If spindown or diskidle exist in the packages/ports - would installing these provide me with a disk hibernation facility for OpenBSD? You MAY be able to do something along these lines with a CF or USB flash disk as your OS drive, then using atactl(8) to power up and down the disk after unmounting/mounting the file system. How you decide My windows machine has just made a request via SMB for a file, I had best power up the disk and get it, I have no idea. HOWEVER, might be useful for off-line backups, where you can say, I am starting a backup process now (spin up, mount). ... I'm done now (dismount, spin down). 4) Is there another way to manage the PC('NAS') using OpenBSD to minimize power while the 'NAS' is available 24/7? I'm not sure how much I'd like sleeping a NAS. Ok, disk goes to sleep, then something requests a file. *PAUSE* Not so bad when it is your local computer where the OS can realize, I'm waking the disk, be patient...over the wire, you just get dead air. Sleeping the whole machine? yikes. how would it wake up? All you savvy peeps who know where I am going on this - what's my best case scenario? An OpenBSD NAS which doesn't hibernate (Thinks... Where can I get a 100W PSU?) or can I possibly achieve a NAS that hibernates the drive and Wake(s) on LAN? Wake on LAN is a special signal to power-up a device. It isn't a oh, I got a request...lemme fire up now thing. Devices being served by a NAS don't normally send Wake On LAN signals. I'd settle for simply hibernating the disk (That's about 22W there - half the power draw) - but if the full monty is possible - I'll keep on digging. um. no. that particular disk is rated at 2.2W on seek, 2.0W on read/write, and 0.25w on standby. The only way to get 22W is the power-on max draw spin-up, which will last probably two seconds, at most (probably more like a fraction of a second at that kind of draw). Think about it for a moment..go find 25W electric lightbulb. Leave it on for five minutes. Touch it. Go put some ice on your burned fingers. Watts are Watts. that's how hot your drive would get if it were drawing 22w non-stop. The MOST you will save by powering down your little laptop disk is
Re: Hi-Five OpenBSD World - New installation - Power management questions
First the caveats: I am long time OpenBSD user, but not a developer. The original post was extremely long, and as I wanted to embed my comments next to the original content they belong to, I also snipped some irrelevant sections. On 11 Apr 2012 at 22:14, Michael Davies wrote: Hello OpenBSD World!!! Long time Linux user who has recently been looking closely at OpenBSD ...[snipped] without any problems. I used these package options: -x* then -game* I have deployed many servers using the same selection with no ill effect. However, a growing number of ports and packages has various x* dependencies; and as Theo just recently pointed out on this ML, the recommended and the only fully supported system configuration is with everything installed. (removing these packages from the install - it's a NAS I'm creating here). I had no problem setting up my static network address etc. etc. I will install rsync via pkg_add later. However, I have been trying to find out how OpenBSD handles ACPI/APM Power Management and disk hibernation. I have read quite a bit: 1) Michael Lucas' Absolute OpenBSD (2004) Was highly rated at the time, but that was 16 releases ago... 2) Secure Architectures with OpenBSD (2004) ditto; good for concepts overview, but most implementation details have changed quite radically. 3) Michael Lucas' Absolute BSD (for FreeBSD) (2002) old and mostly irrelevant -- the OpenBSD kernel is very different from FreeBSD, and much of the stuff that FreeBSD chooses to import is either dated or lacks the necessary kernel support (or both, as for example the PF code). 4) Calomel - you know the one too bad -- now you have to UNread it; seriously, according to core developers it is ALL wrong. 5) I've tried to search the archived dialogues on Old Nabble (Difficult) I have observed that when the developers refer to an old posting they use http://marc.info/ almost exclusively. 6) I've searched Daemon Forums 7) I've read the FAQ - Always the last place I look ;-) When it comes to OpenBSD, the FAQ should be your first stop, closely followed by the man pages. Official documentation is a source of pride for the project -- documentation errors, even silly little typos, are treated as seriously as any other bug. This is what I feel I have learned: 1) Advanced Power Management on OpenBSD is handled by apmd. I know that because enabling it through /etc/rc.conf, rebooting and then issuing zzz puts the PC to sleep. When I tap a key - it wakes up again (exactly where I left it). GREAT! 2) apmd does not automatically hibernate my disk (unless I am missing something) - but it is possible that there are ports (I've read about these for FreeBSD) which might handle disk hibernation: spindown and diskidle 3) I read somewhere that there is a danger in suspending/hibernating the disk security wise - but haven't found a full explanation (Is RAM dumped to disk unencrypted, perhaps?). That would explain why a program to hibernate the disk isn't included in the default install of OpenBSD. Unfortunately - searching the OpenBSD mailing lists I have subscribed too is darn awkward (compared to some other fora - I know some issue 'tarred' archives that can be imported into an e-mail client - ever considered it? :-) ). SO... I've come to the fount of all knowledge to seek guidance on the following: 1) Beyond apmd, is there a default handler of disk hibernation install-ed/able via default OpenBSD? 2) To use apmd, do I need to maintain a swap partition? Indeed, should I ALWAYS maintain a swap partition on this simple setup (which is running fine)? I was hoping to get away without one (currently b: is undefined). Are you really hurting for space that much? Unlike linux, OpenBSD will not access the swap unless absolutely necessary. However, once again, having no swap defined is neither standard nor fully supported setup. Moreover, swap partition is where the system dumps core during panic. I found it beneficial to have some swap space defined even when disk capacity is an issue, and nowhere is it written that it needs to be big (not even equal to RAM size). 3) If spindown or diskidle exist in the packages/ports - would installing these provide me with a disk hibernation facility for OpenBSD? 4) Is there another way to manage the PC('NAS') using OpenBSD to minimize power while the 'NAS' is available 24/7? apm(8) -C does a pretty good job of dynamically reducing CPU power waste and atactl(8) should help you configure the built-in functions of your hard drive. Keep in mind that full system hibernation (aka suspend to disk) is not compatible with 24/7 availability as you will have to issue an explicit wake-on-lan and wait for it to become available. OTOH, a modern system, especially one based on Atom processor and a laptop SATA drive, does a darn good job of minimizing power waste without completely shutting down. Personally this is how I built my
Re: Hi-Five OpenBSD World - New installation - Power management questions
2) To use apmd, do I need to maintain a swap partition? Indeed, should I ALWAYS maintain a swap partition on this simple setup (which is running fine)? I was hoping to get away without one (currently b: is undefined). Swap partition is optional, as long as you have enough RAM to do what you want. The swap partition is also where the kernel writes useful memory dumps if it panics, so that savecore(8) can extract it on the next boot.
Re: Mosh? seems dangerous!
On Thu, Apr 12, 2012 at 2:00 AM, Chris Cappuccio ch...@nmedia.net wrote: Christian Weisgerber [na...@mips.inka.de] wrote: Gilles Chehade gil...@poolp.org wrote: http://mosh.mit.edu/ Moreover, TELNET had some good things going it for a local-echo mode and a well-defined network virtual terminal. Then SSH came along and added minor enhancements like confidentiality and authentication, at the cost of losing the local-echo mode and the well-defined terminal semantics. This must be satire. Right? I mean, local-echo mode? What is this? 1975? It's part of Nicholas Marriott's April Fools joke, 1975 meets meb 3.0 home page. It's actually just tmux with some extensions. No, it' s not tmux, it's a a joke with extensions or without. -- Marius
Re: Hi-Five OpenBSD World - New installation - Power management questions
Jacob, Thank you very much for helping out - I apologise to you and the list for the length of my first post - and this one. Thank you very much for responding to some of my queries. I have interspersed my responses with your edited version: On 12/04/12 02:12, Jacob L. Leifman wrote: First the caveats: I am long time OpenBSD user, but not a developer. No problem - we are all learners ;-) The original post was extremely long, and as I wanted to embed my comments next to the original content they belong to, I also snipped some irrelevant sections. On 11 Apr 2012 at 22:14, Michael Davies wrote: Hello OpenBSD World!!! Long time Linux user who has recently been looking closely at OpenBSD ...[snipped] without any problems. I used these package options: -x* then -game* I have deployed many servers using the same selection with no ill effect. However, a growing number of ports and packages has various x* dependencies; and as Theo just recently pointed out on this ML, the recommended and the only fully supported system configuration is with everything installed. I think Theo's words were something like Why remove X...? I took X out because I had no intention of installing anything other than rsync on this machine - hence further packages/ports were unlikely. But the default system is very slim (cool!) so I expect I might put these back in ;-) (Another wipe and install during the testing phase) (removing these packages from the install - it's a NAS I'm creating here). I had no problem setting up my static network address etc. etc. I will install rsync via pkg_add later. However, I have been trying to find out how OpenBSD handles ACPI/APM Power Management and disk hibernation. I have read quite a bit: 1) Michael Lucas' Absolute OpenBSD (2004) Was highly rated at the time, but that was 16 releases ago... Yep - he's writing a new one currently - but I couldn't wait ;-) 2) Secure Architectures with OpenBSD (2004) ditto; good for concepts overview, but most implementation details have changed quite radically. Agree - but there's limited hardcopy material. Anything is better than 3) Michael Lucas' Absolute BSD (for FreeBSD) (2002) old and mostly irrelevant -- the OpenBSD kernel is very different from FreeBSD, and much of the stuff that FreeBSD chooses to import is either dated or lacks the necessary kernel support (or both, as for example the PF code). I have found much of the book informative to understand general BSD stuff ;-) and I am installing FBSD in a virtual machine for experimentation... Toying with the dark side ;-) Bear with me ;-) 4) Calomel - you know the one too bad -- now you have to UNread it; seriously, according to core developers it is ALL wrong. Did I say I'd read it all? I dip into everything to get a bigger picture :-) 5) I've tried to search the archived dialogues on Old Nabble (Difficult) I have observed that when the developers refer to an old posting they use http://marc.info/ almost exclusively. That is VERY, VERY halpful. Thank you. 6) I've searched Daemon Forums 7) I've read the FAQ - Always the last place I look ;-) When it comes to OpenBSD, the FAQ should be your first stop, closely followed by the man pages. Official documentation is a source of pride for the project -- documentation errors, even silly little typos, are treated as seriously as any other bug. I wrote that somewhat tongue in cheek ;-) I wasn't dissing the FAQ - I meant I read it first ;-)) (Apart from atactl, of course - see below) This is what I feel I have learned: 1) Advanced Power Management on OpenBSD is handled by apmd. I know that because enabling it through /etc/rc.conf, rebooting and then issuing zzz puts the PC to sleep. When I tap a key - it wakes up again (exactly where I left it). GREAT! 2) apmd does not automatically hibernate my disk (unless I am missing something) - but it is possible that there are ports (I've read about these for FreeBSD) which might handle disk hibernation: spindown and diskidle 3) I read somewhere that there is a danger in suspending/hibernating the disk security wise - but haven't found a full explanation (Is RAM dumped to disk unencrypted, perhaps?). That would explain why a program to hibernate the disk isn't included in the default install of OpenBSD. Unfortunately - searching the OpenBSD mailing lists I have subscribed too is darn awkward (compared to some other fora - I know some issue 'tarred' archives that can be imported into an e-mail client - ever considered it? :-) ). SO... I've come to the fount of all knowledge to seek guidance on the following: 1) Beyond apmd, is there a default handler of disk hibernation install-ed/able via default OpenBSD? 2) To use apmd, do I need to maintain a swap partition? Indeed, should I ALWAYS maintain a swap partition on this simple setup (which is running fine)? I was hoping to get away without one (currently b: is undefined). Are you really hurting
Re: Hi-Five OpenBSD World - New installation - Power management questions
Joshua, Yep - I'd got that - I was hoping that the Kernel wouldn't panic because I wasn't changing the default (much...) except for installing rsync. Jacob had alluded to this in his response - but you probably couldn't find it in the jungle of MY e-mail. Thanks mate! Good man ;-) Mike On 12/04/12 02:19, joshua stein wrote: 2) To use apmd, do I need to maintain a swap partition? Indeed, should I ALWAYS maintain a swap partition on this simple setup (which is running fine)? I was hoping to get away without one (currently b: is undefined). Swap partition is optional, as long as you have enough RAM to do what you want. The swap partition is also where the kernel writes useful memory dumps if it panics, so that savecore(8) can extract it on the next boot.
Re: How to have more than 15 pflog interfaces?
On Thu, Apr 12, 2012 at 3:44 AM, Henning Brauer lists-openbsdt...@bsws.de wrote: diffs are for current of course but should work for 5.1 as well - dunno what you are trying. Ok thanks :-) I am running 5.0 --Siju
Is there any IEEE 802.11n support in 5.0?
I was shopping for Atheros cards to use with the athn driver but down in caveats section of the man page it says The athn driver does not support any of the 802.11n capabilities offered by the adapters. I bookmarked a $6 Chinese AR9223 mini-pci card anyway. 11g is nice, but I'd like to try 11n. 300 Mbps, wow! Alan