Priority fixes for pf.conf(5)
Hi, I was reviewing my firewall rules and got confused about priority rules. I wasn't certain was it better to have higher priority number for a rule or lower. After some digging it seems that the higher priority numbers get processed first. I think the pf.conf(5) man page should document this so others shouldn't have to dig for this info from PF FAQ. I don't While I looked for the priority info I noticed the queuing section has wrong priorities listed in the example rule. Here's a small patch to fix both. Timo Index: man5/pf.conf.5 === RCS file: /cvs/src/share/man/man5/pf.conf.5,v retrieving revision 1.530 diff -u -u -p -r1.530 pf.conf.5 --- man5/pf.conf.5 12 Oct 2013 21:44:57 - 1.530 +++ man5/pf.conf.5 27 Oct 2013 06:32:23 - @@ -646,6 +646,8 @@ code point in the 802.1Q VLAN header. If two priorities are given, packets which have a TOS of .Ar lowdelay and TCP ACKs with no data payload will be assigned to the second one. +Packets with higher priority number are processed first and packets with +the same priority are processed in a round-robin fashion. .Pp For example: .Bd -literal -offset indent @@ -1551,7 +1553,7 @@ pass out on em0 inet proto tcp from $dev pass out on em0 inet proto tcp from $employeehosts to any port 80 \e set queue employees pass out on em0 inet proto tcp from any to any port 22 \e - set (queue(ssh_bulk, ssh_interactive), prio (6, 3)) + set (queue(ssh_bulk, ssh_interactive), prio (3, 6)) pass out on em0 inet proto tcp from any to any port 25 \e set queue mail .Ed
Re: adduser setting permissions wrong
On Sun, Oct 27, 2013 at 02:50:23PM +1100, John Tate wrote: > Here is a new user: > drwxr-xr-x 3 test test 512 Oct 26 20:42 test > > I'd really like them to be 770 chmod 770 /etc/skel Nicolai
adduser setting permissions wrong
adduser is setting permissions so everyone can read a users home directory. I've never done much configuration of this tool so I can't seem to find where to change this, I thought there would be an option in adduser.conf. Here is a new user: drwxr-xr-x 3 test test 512 Oct 26 20:42 test I'd really like them to be 770 -- www.johntate.org
Re: slow transfers 5.3 & Tp-Link TG-3468 1gb nic pci-e
I modified if_re_pci.c and now I got: # dmesg | grep re0 re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address f8:1a:67:04:2f:48 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 4 # ("msi, " appeared) but still the same transfer rate (~48k)
Re: slow transfers 5.3 & Tp-Link TG-3468 1gb nic pci-e
This is a real shot in the dark, it should only work if your BIOS has screwed interrupt routing for the realtek, but, try changing the MSI exclusion in /usr/src/sys/dev/pci/if_re_pci.c change PCI_PRODUCT_REALTEK_RT8101E to PCI_PRODUCT_REALTEK_8168 as in: if (PCI_VENDOR(pa->pa_id) != PCI_VENDOR_REALTEK || PCI_PRODUCT(pa->pa_id) != PCI_PRODUCT_REALTEK_RT8168) pa->pa_flags &= ~PCI_FLAGS_MSI_ENABLED; if this works then MSI may be perferrable on more of the newer chips like the 8101E, 8168, 8169, 8169SC ??? A B [damnitiwantm...@gmail.com] wrote: > Sure, here it is: > > OpenBSD 5.4-current (GENERIC.MP) #2: Sat Oct 26 02:39:36 ART 2013 > r...@foo.coredump.com.ar:/usr/src/sys/arch/i386/compile/GENERIC.MP > cpu0: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz ("GenuineIntel" 686-class) > 3.40 GHz > cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,AVX,F16C,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS > real mem = 3651227648 (3482MB) > avail mem = 3579801600 (3413MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 12/22/11, SMBIOS rev. 2.7 @ 0xe96e0 > (74 entries) > bios0: vendor American Megatrends Inc. version "F11" date 07/31/2013 > bios0: Gigabyte Technology Co., Ltd. H77M-D3H > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP APIC MCFG HPET SSDT SSDT SSDT > acpi0: wakeup devices PS2K(S3) PS2M(S3) P0P1(S4) USB1(S3) USB2(S3) USB3(S3) > USB4(S3) USB5(S3) USB6(S3) USB7(S3) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) > PXSX(S4) RP03(S4) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz ("GenuineIntel" 686-class) > 3.40 GHz > cpu1: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,AVX,F16C,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS > cpu2 at mainbus0: apid 1 (application processor) > cpu2: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz ("GenuineIntel" 686-class) > 3.40 GHz > cpu2: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,AVX,F16C,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS > cpu3 at mainbus0: apid 3 (application processor) > cpu3: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz ("GenuineIntel" 686-class) > 3.40 GHz > cpu3: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,AVX,F16C,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS > ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins > acpimcfg0 at acpi0 addr 0xf800, bus 0-63 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (P0P1) > acpiprt2 at acpi0: bus 1 (RP01) > acpiprt3 at acpi0: bus -1 (RP02) > acpiprt4 at acpi0: bus -1 (RP03) > acpiprt5 at acpi0: bus -1 (RP04) > acpiprt6 at acpi0: bus 2 (RP05) > acpiprt7 at acpi0: bus -1 (RP06) > acpiprt8 at acpi0: bus 3 (RP07) > acpiprt9 at acpi0: bus -1 (RP08) > acpiprt10 at acpi0: bus -1 (PEG0) > acpiprt11 at acpi0: bus -1 (PEG1) > acpiprt12 at acpi0: bus -1 (PEG2) > acpiprt13 at acpi0: bus -1 (PEG3) > acpiec0 at acpi0: Failed to read resource settings > acpicpu0 at acpi0: C3, C1, PSS > acpicpu1 at acpi0: C3, C1, PSS > acpicpu2 at acpi0: C3, C1, PSS > acpicpu3 at acpi0: C3, C1, PSS > acpipwrres0 at acpi0: FN00 > acpipwrres1 at acpi0: FN01 > acpipwrres2 at acpi0: FN02 > acpipwrres3 at acpi0: FN03 > acpipwrres4 at acpi0: FN04 > acpitz0 at acpi0: critical temperature is 106 degC > acpitz1 at acpi0: critical temperature is 106 degC > acpibat0 at acpi0: BAT0 not present > acpibat1 at acpi0: BAT1 not present > acpibat2 at acpi0: BAT2 not present > acpibtn0 at acpi0: PWRB > acpibtn1 at acpi0: LID0 > acpivideo0 at acpi0: GFX0 > acpivout0 at acpivideo0: DD02 > bios0: ROM list: 0xc/0xe800 > cpu0: Enhanced SpeedStep 3393 MHz: speeds: 3400, 3300, 3200, 3000, 2900, > 2800, 2700, 2600, 2400, 2300, 2200, 2100, 2000, 1800, 1700, 1600 MHz > pci0 at mainbus0 bus 0: configuration mode 1 (bios) > pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09 > vga1 at pci0 dev 2 function 0 "Intel HD Graphics 2500" rev 0x09 > intagp0 at vga1 > agp0 at intagp0: aperture at 0xe000, size 0x1000 > inteldrm0 at vga1 > drm0 at inteldrm0 > int
Re: slow transfers 5.3 & Tp-Link TG-3468 1gb nic pci-e
Sure, here it is: OpenBSD 5.4-current (GENERIC.MP) #2: Sat Oct 26 02:39:36 ART 2013 r...@foo.coredump.com.ar:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz ("GenuineIntel" 686-class) 3.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D S-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSA VE,AVX,F16C,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS real mem = 3651227648 (3482MB) avail mem = 3579801600 (3413MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/22/11, SMBIOS rev. 2.7 @ 0xe96e0 (74 entries) bios0: vendor American Megatrends Inc. version "F11" date 07/31/2013 bios0: Gigabyte Technology Co., Ltd. H77M-D3H acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG HPET SSDT SSDT SSDT acpi0: wakeup devices PS2K(S3) PS2M(S3) P0P1(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) USB6(S3) USB7(S3) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz ("GenuineIntel" 686-class) 3.40 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D S-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSA VE,AVX,F16C,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz ("GenuineIntel" 686-class) 3.40 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D S-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSA VE,AVX,F16C,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz ("GenuineIntel" 686-class) 3.40 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D S-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSA VE,AVX,F16C,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 1 (RP01) acpiprt3 at acpi0: bus -1 (RP02) acpiprt4 at acpi0: bus -1 (RP03) acpiprt5 at acpi0: bus -1 (RP04) acpiprt6 at acpi0: bus 2 (RP05) acpiprt7 at acpi0: bus -1 (RP06) acpiprt8 at acpi0: bus 3 (RP07) acpiprt9 at acpi0: bus -1 (RP08) acpiprt10 at acpi0: bus -1 (PEG0) acpiprt11 at acpi0: bus -1 (PEG1) acpiprt12 at acpi0: bus -1 (PEG2) acpiprt13 at acpi0: bus -1 (PEG3) acpiec0 at acpi0: Failed to read resource settings acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpipwrres0 at acpi0: FN00 acpipwrres1 at acpi0: FN01 acpipwrres2 at acpi0: FN02 acpipwrres3 at acpi0: FN03 acpipwrres4 at acpi0: FN04 acpitz0 at acpi0: critical temperature is 106 degC acpitz1 at acpi0: critical temperature is 106 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: LID0 acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD02 bios0: ROM list: 0xc/0xe800 cpu0: Enhanced SpeedStep 3393 MHz: speeds: 3400, 3300, 3200, 3000, 2900, 2800, 2700, 2600, 2400, 2300, 2200, 2100, 2000, 1800, 1700, 1600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09 vga1 at pci0 dev 2 function 0 "Intel HD Graphics 2500" rev 0x09 intagp0 at vga1 agp0 at intagp0: aperture at 0xe000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 inteldrm0: 640x480 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) "Intel 7 Series xHCI" rev 0x04 at pci0 dev 20 function 0 not configured "Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 "Intel 7 Series HD Audio" rev 0x04: msi azalia0: codecs: VIA/0x0441, Intel/0x2806, using VIA/0x0441 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: apic 2 int 16 pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E
Re: RAID Crypt dual booting
On 2013-10-26, Stefan Sperling wrote: >> (And, if it does work this way with RAID 1, when did that start happening?) > > In 2011 as per log of /usr/src/sys/arch/i386/stand/installboot/installboot.c. IIRC, this is just for a few arch at the moment, possibly just i386/amd64?
Re: slow transfers 5.3 & Tp-Link TG-3468 1gb nic pci-e
Can you send a dmesg from 5.4-current please? A B [damnitiwantm...@gmail.com] wrote: > Thank you for your response. > > I tried with 5.4-current just updated with no luck. (re.c rev 1.145) > > Is there anything else to try? Should I write to tech@? > > Thanks!
Re: RAID Crypt dual booting
> I know OpenBSD borrows useful concepts from Linux from time to > time, but not keeping the manpages up to date isn't a "feature" I'd like > to see brought over to the BSD world. One of the fundamentals of OpenBSD > has historically been correct documentation. It's true. The previously posted information should be in the boot(8) man pages, not just on a mailing list. tedu/stsp/jsing -- can you document it there please?
Re: RAID Crypt dual booting
On 13-10-26 09:43 AM, Stefan Sperling wrote: >> Does it also function that way with RAID 1 softraid volumes? > Yes. That's great news! (I re-did a system with root-on-raid1 moments ago and lo - it "just works".) But... Even greater news would be if anyone other than a couple of developers knew about it. I suggest altering FAQ section 14.21.1 (http://www.openbsd.org/faq/faq14.html#softraid) to show an example that includes root on softraid instead of wd0a as / and wd0m as RAID. I recently followed the most up-to-date guidance I could find on booting OpenBSD off softraid(4), and *everything* I found showed that I needed the kernel on a separate slice so boot(8) could find it. For that matter, boot(8), boot_amd64(8) and biosboot(8) all fail to mention the special behaviour of installboot(8) on softraid(4), so I have - AFAIK - no way of discovering that OpenBSD can boot directly off a softraid(4) root partition. Yeah, I know - submit a patch. I'm having trouble figuring out precisely what to say where. I'm hoping it's obvious to someone else... I know OpenBSD borrows useful concepts from Linux from time to time, but not keeping the manpages up to date isn't a "feature" I'd like to see brought over to the BSD world. One of the fundamentals of OpenBSD has historically been correct documentation. -- -Adam Thompson athom...@athompso.net
Re: RAID Crypt dual booting
2013/10/26 Stefan Sperling : > In 2011 as per log of /usr/src/sys/arch/i386/stand/installboot/installboot.c. > > revision 1.56 > date: 2011/01/23 14:57:08; author: jsing; state: Exp; lines: +258 -34; > Add support to installboot(8) for installing biosboot(8) and boot(8) on > softraid volumes. If installboot is run on a softraid volume, a fake > single inode FFS filesystem is constructed to contain boot(8). This is > then installed onto the softraid volume via the BIOCINSTALLBOOT ioctl. > biosboot(8) is then patched and installed onto each disk that is a member > of the softraid volume. I missed it, sorry for that. I used fstab from OpenBSD for edit MBR table and make Linux partition. Grub2 point directly into sd0 and now archlinux and OpenBSD works together in pace. Thanks.
Re: RAID Crypt dual booting
On Sat, Oct 26, 2013 at 09:15:36AM -0500, Adam Thompson wrote: > On 13-10-25 01:29 PM, Ted Unangst wrote: > >With crypto softraid: installboot copies /boot into a reserved > >area at the beginning of the softraid partition. In this case, the > >/boot file isn't used during booting. Then it copies biosboot into > >place, with the block array filled in with the locations of the > >copy of /boot. /boot will ask for your passphrase and decrypt the > >disk before loading /bsd. The usual trick for dual booting is to > >jump to or copy the PBR somewhere. That doesn't change with > >crypto. > > Does it also function that way with RAID 1 softraid volumes? Yes. > It would be nice to load the kernel directly off the root filesystem > instead of having two auxiliary filesystems just to hold the kernel. The kernel (/bsd) is always loaded from the root filesystem by /boot. But /boot itself is loaded from the softraid meta data area instead of the root filesystem, if installboot was run on a softraid volume. > (And, if it does work this way with RAID 1, when did that start happening?) In 2011 as per log of /usr/src/sys/arch/i386/stand/installboot/installboot.c. revision 1.56 date: 2011/01/23 14:57:08; author: jsing; state: Exp; lines: +258 -34; Add support to installboot(8) for installing biosboot(8) and boot(8) on softraid volumes. If installboot is run on a softraid volume, a fake single inode FFS filesystem is constructed to contain boot(8). This is then installed onto the softraid volume via the BIOCINSTALLBOOT ioctl. biosboot(8) is then patched and installed onto each disk that is a member of the softraid volume. Joint work with otto@ who came up with the concept of constructing a fake FFS filesystem and wrote the code to do so. No objection from miod@
Re: RAID Crypt dual booting
On 13-10-25 01:29 PM, Ted Unangst wrote: With crypto softraid: installboot copies /boot into a reserved area at the beginning of the softraid partition. In this case, the /boot file isn't used during booting. Then it copies biosboot into place, with the block array filled in with the locations of the copy of /boot. /boot will ask for your passphrase and decrypt the disk before loading /bsd. The usual trick for dual booting is to jump to or copy the PBR somewhere. That doesn't change with crypto. Does it also function that way with RAID 1 softraid volumes? It would be nice to load the kernel directly off the root filesystem instead of having two auxiliary filesystems just to hold the kernel. (And, if it does work this way with RAID 1, when did that start happening?) -- -Adam Thompson athom...@athompso.net
Re: iked with rdomain getting an error
On Fri, 25 Oct 2013 18:08:25 +0200 "Peter J. Philipp" wrote: > I've been trying to set up a second gif tunnel that's encrypted with > ipsec (iked for key management), but I'm stuck on an error with iked. > Here is what I see and have: > > # route -T 1 exec iked -f /etc/iked.conf2 > # Oct 25 17:59:44 uranus iked[32297]: pfkey_reply: message: Network is > unreachable > Oct 25 17:59:44 uranus iked[32297]: fatal: pfkey_init: failed to block > IPv6 traffic: Network is unreachable > Oct 25 17:59:44 uranus iked[21552]: ikev1 exiting > I had similar problem with ipsec setup in transport mode. In my case error "Network is unreachable" was caused by the absence of enc(4) device in rdomain. Issuing "ifconfig encN create rdomain N" solved the problem. Don't know if it would help in your case, though. Regards, Alex
Re: DNS Hosting & Managed DNS
On 2013-10-24 Thu 10:35 AM |, Predrag Punosevac wrote: > We have one domain name, small web server and a mail server. > In that situation, I'd: 1) run a master DNS server on the public web/mail server 2) find a domain name registrar that: 1. will slave the zone from your master 2. has 2-4 servers, mainly in the general geographic region of the web/mail users 3. runs an acceptable OS/daemon You'd have control over the zone's contents (incl subdomains, client caching, refresh, retry & expire periods). Not have to use any stupid web forms that limit how you use your zone. Have fun using more of OpenBSD's capabilities. Do you have others that you could partner with to provide each other's reciprocal slave DNS service? People on this list - running the most secure OS? If for some (bizarre) reason you don't want your DNS server to be public, then run the above as a hidden master: 1) don't list it in the zone's whois records 2) restrict DNS requests to the slaves only (via the daemon's access controls & pf too.) There's no difference whatsoever for the external provider, and same benefits as above, but no public queries. Running a public web or mail server is much more complicated and risky, so there's not much point in hiding it. Become a hostmaster - you know you can. Do it, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: Boot OpenBSD on Utilite
Hello from Munich, The Utilite is not yet supported. I have ordered one myself but I don’t think it has been shipped yet. I will have a look at the CM-FX6 documentation later today and will send you a mail with a kernel and some infos on how to boot it. The pdf has been filtered in this mailing list. You can re-send it to my mail address if you like. \Patrick Am 26.10.2013 um 10:38 schrieb Peter Bauer : > Hello from Vienna, > > I tried to boot OpenBSD on my Utilite pro > and got the following result. > > 1. Downloaded miniroot > http://ftp.uio.no/OpenBSD/snapshots/armv7/miniroot-imx-54.fs > > 2. Because booting from ext filesystem did not work for me I Put the > contents on a FAT formatted SD card and renamed the bootscript to > boot.scr > > 3. modified boot.scr, just removed the entry to try boot from sata > > > 4. tried a boot: > mmc2 is current device > reading boot.scr > > 362 bytes read > Running bootscript from mmc ... > ## Executing script at 1080 > Bad data crc > > My u-boot version is: > 2009.08-cm-fx6-0.85+tools (Aug 08 2013) > > > What could I try next ? What image could I try for a TFTP boot ? > I am new to U-boot, so if you can pass me some info how to boot > via TFTP (u-boot syntax). > > I noticed the first line of the boot script looks a bit garbled when > viewing it with an editor like nano or gedit. > > 'V2\8E\D5RS\AC\E9\00\00/\00\00\00\00\00\00\00\00\CC\F9\9C\00boot > \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 > \00\00\00\00\00\00'\00\00\00\00; setenv loadaddr 0x1880 ; setenv > bootargs sd0i:/bsd.umg ; for dtype in sata mmc ; do for disk in 0 1 ; do > ${dtype} dev ${disk} ; for fs in fat ext2 ; do if ${fs}load ${dtype} > ${disk}:1 ${loadaddr} bsd.umg ; then bootm ${loadaddr} ; fi ; done; > done; done; echo; echo failed to load bsd.umg > > > Attached you can find the current Utilite boot environment. > > > Best Regards, > Peter Bauer > http://bitkistl.blogspot.com > > [demime 1.01d removed an attachment of type application/pdf which had a name > of utilite.u-boot.environment.pdf]
Boot OpenBSD on Utilite
Hello from Vienna, I tried to boot OpenBSD on my Utilite pro and got the following result. 1. Downloaded miniroot http://ftp.uio.no/OpenBSD/snapshots/armv7/miniroot-imx-54.fs 2. Because booting from ext filesystem did not work for me I Put the contents on a FAT formatted SD card and renamed the bootscript to boot.scr 3. modified boot.scr, just removed the entry to try boot from sata 4. tried a boot: mmc2 is current device reading boot.scr 362 bytes read Running bootscript from mmc ... ## Executing script at 1080 Bad data crc My u-boot version is: 2009.08-cm-fx6-0.85+tools (Aug 08 2013) What could I try next ? What image could I try for a TFTP boot ? I am new to U-boot, so if you can pass me some info how to boot via TFTP (u-boot syntax). I noticed the first line of the boot script looks a bit garbled when viewing it with an editor like nano or gedit. 'V2\8E\D5RS\AC\E9\00\00/\00\00\00\00\00\00\00\00\CC\F9\9C\00boot \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00\00\00\00\00\00'\00\00\00\00; setenv loadaddr 0x1880 ; setenv bootargs sd0i:/bsd.umg ; for dtype in sata mmc ; do for disk in 0 1 ; do ${dtype} dev ${disk} ; for fs in fat ext2 ; do if ${fs}load ${dtype} ${disk}:1 ${loadaddr} bsd.umg ; then bootm ${loadaddr} ; fi ; done; done; done; echo; echo failed to load bsd.umg Attached you can find the current Utilite boot environment. Best Regards, Peter Bauer http://bitkistl.blogspot.com [demime 1.01d removed an attachment of type application/pdf which had a name of utilite.u-boot.environment.pdf]