Re: KVM card in HP MicroServer
On Wed, November 6, 2013 5:04 am, Martin Pieuchot wrote: > Some changes have been made in this area, post 5.3 to fix a ukbd(4) attach > problem and post 5.4 to fix issues with USB KVM. So the first thing you > can try is a -current snapshot. Tell me if it helps ;) > > If your problem is still present, could you compile a kernel defining > EHCI_DEBUG and USB_DEBUG, then set ehci_debug = 3 and usbdebug = 6 > and send me the corresponding dmesg? > > Regards, > Martin Thanks, Martin. I will test as soon as I get a chance and let you know if the problem is resolved in 5.4 and/or -current. Thanks for your work on OpenBSD! -- Joe Gidi j...@entropicblur.com "You cannot buy skill." -- Ross Seyfried
Re: Areca HW-Raid Support ARC-1224
Jan Lambertz [jd.arb...@googlemail.com] wrote: > http://www.areca.com.tw/support/s_openbsd/openbsd.htm > Anyone tried that yet ? If someone can get Areca to agree to the BSD license terms, the newer card support can probably be included in the OpenBSD tree. That'd be nice. Maybe you could contact them?
Re: Areca HW-Raid Support ARC-1224
Jan Lambertz [jd.arb...@googlemail.com] wrote: > the ARC-1224-8I ist quite intresting for my purpose, but not listed as > supported by openbsd, but on the areca website there is sourcecode for a > driver... > http://www.areca.com.tw/support/s_openbsd/openbsd.htm > Anyone tried that yet ? Newer Areca cards are not supported by the OpenBSD Areca driver, unfortunately > have things changed with license or something ? why do i need this external > driver ? > any other good (and supported) hw-raid pcie card out there ? LSI cards are typically supported under one of several drivers, I'd start with one of those. The simple cards are supported under mpi and mpii, the RAID5/6 cards are supported under mfi and mfii.
Re: UEFI
On Nov 6, 2013 2:32 PM, "STeve Andre'" wrote: > > On 11/06/13 10:53, sven falempin wrote: >> >> On Wed, Nov 6, 2013 at 10:44 AM, Peter N. M. Hansteen wrote: >> >>> On Wed, Nov 06, 2013 at 09:49:44AM -0500, Mayuresh Kathe wrote: just install another 'os' like ubuntu-desktop on your laptop first. openbsd will install on it flawlessly after that, it did on mine. and yes, there was no need to change any options anywhere. >>> >>> On my daughter's brand spanking new Lenovo Ideapad $something Touch, we >>> needed to set the BIOS to 'legacy mode' in order to have it boot into the >>> Ubuntu installer and then choose some obscure linux kernel parameter for >>> it to switch to a usable graphics mode for the installer to complete. >>> >>> For some reason she wanted her laptop on Ubuntu and to use it herself from >>> that point on. >>> >>> - P >>> >>> -- >>> Peter N. M. Hansteen, member of the first RFC 1149 implementation team >>> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ >>> "Remember to set the evil bit on all malicious network traffic" >>> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. >>> >> Why you people are talking about your Lenovo experience ? are you salesman ? >> >> >> *facepalm* >> >> > Sven, Thinkpads are still the best laptops out there. I have dealt with > many others in the the last year, and thinkpads still rule. This W500 > I bought 5 years ago is still running. None of the non-TP laptops friends > bought in that time frame are still work. > > The quality of ALL laptops has gone downhill, but the thinkpads are still > at the top of the list (even with the new wretched keyboards they have). > > Add the UEFI horror for non-Windows users and giving exact details > becomes important. > > --STeve Andre' > > ps: Has anyone run OpenBSD on a System76 laptop? > I just bought a System76 Gazelle (gazp9) a couple weeks ago. I have not had the opportunity to put it through its paces yet (suspend, webcam, etc), but both 5.3 and 5.4 booted and installed to USB from CD without issue. There are no UEFI issues with it, which is a primary reason I bought it. X "works" in both releases, at least initially. (startx = pretty screen). 5.3 never gave me trouble the short time I tried it. However, 5.4 froze after a few minutes. I haven't had time to investigate but intend to do so. Once I can give it more than a cursory bootup I can share more if anyone is interested. Gerald
Re: UEFI
Am 06.11.2013 19:34, schrieb STeve Andre': ps: Has anyone run OpenBSD on a System76 laptop? Not exactly, I got a Schenker S413 which System76 seems to sell as Galago UltraPro or something like that. Barebone is Clevo W740SU, however retailers seem to be free to implement modified BIOSes. As the thread opener, I wiped the preinstalled Win partition with OpenBSD and the machine wouldn't let me enter the BIOS anymore until I physically removed the drive. However, no combination of settings would allow to boot from the drive, I finally mounted it in an older i386, fdisk/installed again, then it suddenly booted in the S413. Occasionally, it drops into ddb on boot when messing with the azalia(?), apart from that it has some yet unsopported HW like the the SDMMC stsp is asking for on want.html, i217-V NIC, and a graphics board that yells some errors about unknown registers but finally shows up with 1080p console resolution. For the NIC it looks like netbsd has already support in their wm driver, no idea if that can easily be ported, or if it makes sense at all. If someone has patches to test, I'd gladly volunteer. Back to the question "has anyone run" the precise answer would propably be no, I just managed to boot OpenBSD on it. BR, Dorian
Re: wanna be sys admin question
On 2013-11-07, Predrag Punosevac wrote: > I am soliciting opinions and some guidance on few very general sys admin > questions. > > 1. What do people in general use to parse large amount of log files > received in the form of e-mails? security/logsurfer and similar. I have > seen some in the ports tree. Logs received in the form of emails? not sure... most things like this usually prefer syslog or similar. > 2. I just learned about www/racktables but it seems rather > complicated. Are there some simpler tools with similar functionality > which do not involve data bases and web interfaces. www/rackmonkey is simpler (which makes it rather restricted, but maybe easier to get into..), though it does also have a web interface, and it does use a database (how would you write this type of program without some kind of database anyway? easier to use SQL than some homemade flat-file thing). Learning basic SQL is definitely a useful thing for a sysadmin IMO. > 3. Are there any advantages of graphics/dia over general purposes > vectorial graphics programs like graphics/inkscape for drawing network > topology. I normally either use tgif (not a million miles from xfig, but I prefer it), or abuse gns3 for this.. I tried dia once but it ate my network map (saved it but wasn't able to reload it) which put me off trying it again - though it has probably improved since then. Real hardcore admins might prefer graphviz though :)
Re: does this patch make sense?
On Thu, Nov 07, 2013 at 17:54, Peter J. Philipp wrote: > OK I'll stop abusing. Here is my reasoning for the setgid change. > Pretend there is a way to break into the binary by means of the socket, > then I thought it'd be neat if it was disallowed to write into groups > that a user was in at the moment this binary was executed. I think this > is paranoid enough. If this were a concern, we'd need similar patches for ftp, nc, firefox, and every other socket using program in the system. And then similar patches for every image viewer. And text editor. And so on. In short, we are not out to protect users from themselves (at least, not in this way). If you don't want a program to have group privileges, that's your responsibility, not the responsiblity of every program.
Re: does this patch make sense?
On Thu, Nov 07, 2013 at 04:35:46PM -0500, Ted Unangst wrote: > On Thu, Nov 07, 2013 at 17:48, Otto Moerbeek wrote: > >> > - for (t = toskeywords; t->keyword != NULL; t++) { > >> > - if (strcmp(s, t->keyword) == 0) { > >> > - *val = t->val; > >> > - return (1); > >> > - } > >> > - } > >> > + t = bsearch(s, toskeywords, nitems(toskeywords), sizeof(struct > >> > toskeywords), (int (*)(const void *, const void *))strcmp); > >> > >> I don't like the way this is abusing types. In fact, I don't think this > >> even works. Did you test it? A pointer to a struct toskeyword will not > >> have the same value as the keyword member. > > > > The first field of a struct has the same address as the the struct > > itself. Still I consider this bad form and overkill. > > This is true, but strcmp expects the value of t->keyword, not its > address. Have I read the code wrong? Right, it is wrong indeed. It could have been ok if keyward was an array. -Otto
Re: does this patch make sense?
On Thu, Nov 07, 2013 at 17:48, Otto Moerbeek wrote: >> > - for (t = toskeywords; t->keyword != NULL; t++) { >> > - if (strcmp(s, t->keyword) == 0) { >> > - *val = t->val; >> > - return (1); >> > - } >> > - } >> > + t = bsearch(s, toskeywords, nitems(toskeywords), sizeof(struct >> > toskeywords), (int (*)(const void *, const void *))strcmp); >> >> I don't like the way this is abusing types. In fact, I don't think this >> even works. Did you test it? A pointer to a struct toskeyword will not >> have the same value as the keyword member. > > The first field of a struct has the same address as the the struct > itself. Still I consider this bad form and overkill. This is true, but strcmp expects the value of t->keyword, not its address. Have I read the code wrong?
Re: Ivy Bridge-EP Xeon (E5-2637v2) and Intel C602 Patsburg-A Chipset support
Andy Lemin [a...@brandwatch.com] wrote: > Hi, sadly OpenBSD does not boot with the latest Ivy Bridge EP (E5-2637v2) > with 'Power Technology' in the supermicro BIOS set to 'Max Performance', on > both 5.4 release and the snapshot dated Nov 3rd; > This is a bug that needs to be fixed. > > > However even with the BIOS set to defaults I still see these errors though > during boot; Those aren't errors. There is nothing wrong here.
Re: does this patch make sense?
On 11/07/13 20:33, Peter J. Philipp wrote: > On 11/07/13 17:48, Otto Moerbeek wrote: >> On Thu, Nov 07, 2013 at 11:32:48AM -0500, Ted Unangst wrote: >> >>> On Thu, Nov 07, 2013 at 17:19, Peter J. Philipp wrote: >>> > + gid = getgid(); > + > + if (setgroups(1, &gid) == -1) > + err(1, "setgroups"); > + > + if (setresgid(gid, gid, gid) == -1) > + err(1, "setresgid"); > + > if (setresuid(uid, uid, uid) == -1) > err(1, "setresuid"); > I thought about it and thought my patch didn't really do anything. So >>> >>> Right. This doesn't do anything. traceroute isn't setgid, it has no >>> group privileges to revoke. >>> >>> /* DiffServ Codepoints and other TOS mappings */ + /* KEEP SORTED */ const struct toskeywords { const char *keyword; int val; @@ -1258,14 +1268,13 @@ map_tos(char *s, int *val) { NULL, -1 }, }; - for (t = toskeywords; t->keyword != NULL; t++) { - if (strcmp(s, t->keyword) == 0) { - *val = t->val; - return (1); - } - } + t = bsearch(s, toskeywords, nitems(toskeywords), sizeof(struct toskeywords), (int (*)(const void *, const void *))strcmp); >>> >>> I don't like the way this is abusing types. In fact, I don't think this >>> even works. Did you test it? A pointer to a struct toskeyword will not >>> have the same value as the keyword member. >> >> The first field of a struct has the same address as the the struct >> itself. Still I consider this bad form and overkill. >> >> -Otto > > > Hi, > > while I don't want to persue this patch further, I'd like to say that I > finished it on my own, thanks to your input I understand what base in > bsearch() is supposed to be now. I had something in mind from qsort() > which also has a variable called base in the manpages and that had > confused me. I have taken a look how bsearch() in other programs and > I have noticed that some are doing it like me but wrap strcmp inside > another *cmp where there is a bit of casting being done. I'm wondering > if that is the right way? Or if it can be cleaned up? > > Thanks! > > -peter > > Ahh never mind, I didn't test it. It did compile very cleanly though. Sorry, I'll shut up now. -peter
Re: does this patch make sense?
On 11/07/13 17:48, Otto Moerbeek wrote: > On Thu, Nov 07, 2013 at 11:32:48AM -0500, Ted Unangst wrote: > >> On Thu, Nov 07, 2013 at 17:19, Peter J. Philipp wrote: >> + gid = getgid(); + + if (setgroups(1, &gid) == -1) + err(1, "setgroups"); + + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); + if (setresuid(uid, uid, uid) == -1) err(1, "setresuid"); >>> >>> >>> I thought about it and thought my patch didn't really do anything. So >> >> Right. This doesn't do anything. traceroute isn't setgid, it has no >> group privileges to revoke. >> >> >>> /* DiffServ Codepoints and other TOS mappings */ >>> + /* KEEP SORTED */ >>> const struct toskeywords { >>> const char *keyword; >>> int val; >>> @@ -1258,14 +1268,13 @@ map_tos(char *s, int *val) >>> { NULL, -1 }, >>> }; >>> >>> - for (t = toskeywords; t->keyword != NULL; t++) { >>> - if (strcmp(s, t->keyword) == 0) { >>> - *val = t->val; >>> - return (1); >>> - } >>> - } >>> + t = bsearch(s, toskeywords, nitems(toskeywords), sizeof(struct >>> toskeywords), (int (*)(const void *, const void *))strcmp); >> >> I don't like the way this is abusing types. In fact, I don't think this >> even works. Did you test it? A pointer to a struct toskeyword will not >> have the same value as the keyword member. > > The first field of a struct has the same address as the the struct > itself. Still I consider this bad form and overkill. > > -Otto Hi, while I don't want to persue this patch further, I'd like to say that I finished it on my own, thanks to your input I understand what base in bsearch() is supposed to be now. I had something in mind from qsort() which also has a variable called base in the manpages and that had confused me. I have taken a look how bsearch() in other programs and I have noticed that some are doing it like me but wrap strcmp inside another *cmp where there is a bit of casting being done. I'm wondering if that is the right way? Or if it can be cleaned up? Thanks! -peter
IBM x3250 M5 boot stopped at acpiec0
Hello, I will be having this box for a month or two to test it as OpenBSD firewall. This is the first time I have my hands on IBM server and there are so many options in BIOS/UEFI that confuse me :). With default install of 5.4-current boot is stopped at "acpiec0 at acpi0". when I disable acpiec server boots normally. acpidump is at http://kosjenka.srce.hr/~hrvoje/x3250m5_acpidump.tgz dmesg without acpiec >> OpenBSD/amd64 BOOT 3.25 boot> boot -c booting hd0a:/bsd: 6547260+1649068+1083304+0+624256 [80+555696+370302]=0xe55b00 entry point at 0x10001e0 [7205c766, 3404, 24448b12, ac38a304] [ using 926848 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2013 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 5.4-current (GENERIC.MP) #117: Sun Nov 3 11:37:42 MST 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 8368504832 (7980MB) avail mem = 8137572352 (7760MB) User Kernel Config UKC> disable acpiec 356 acpiec* disabled UKC> quit Continuing... mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xb5e8c000 (49 entries) bios0: vendor IBM version "-[JUE107HUS-1.00]-" date 05/31/2013 bios0: IBM IBM System X3250 M5 -[5458AC1]- acpi0 at bios0: rev 2 acpi0: sleep states S0 S5 acpi0: tables DSDT FACP TCPA DBGP APIC MCFG SLIC SSDT SSDT SSDT SSDT SSDT SSDT SSDT DMAR acpi0: wakeup devices P0P1(S0) GLAN(S0) EHC1(S0) EHC2(S0) XHC_(S0) HDEF(S0) PXSX(S0) RP01(S0) PXSX(S0) RP02(S0) PXSX(S0) RP03(S0) PXSX(S0) RP04(S0) PXSX(S0) RP05(S0) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E3-1270 v3 @ 3.50GHz, 3492.35 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E3-1270 v3 @ 3.50GHz, 3491.91 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU E3-1270 v3 @ 3.50GHz, 3491.91 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E3-1270 v3 @ 3.50GHz, 3491.91 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 2 (RP01) acpiprt3 at acpi0: bus 3 (RP03) acpiprt4 at acpi0: bus 1 (PEG0) acpiprt5 at acpi0: bus -1 (PEG1) acpiprt6 at acpi0: bus -1 (PEG2) acpiec at acpi0 not configured acpicpu0 at acpi0: C1, PSS acpicpu1 at acpi0: C1, PSS acpicpu2 at acpi0: C1, PSS acpicpu3 at acpi0: C1, PSS acpipwrres0 at acpi0: FN00: resource for FAN0 acpipwrres1 at acpi0: FN01: resource for FAN1 acpipwrres2 at acpi0: FN02: resource for FAN2 acpipwrres3 at acpi0: FN03: resource for FAN3 acpipwrres4 at acpi0: FN04: resource for FAN4 acpitz0 at acpi0: critical temperature is 105 degC acpitz1 at acpi0: critical temperature is 105 degC acpibat0 at acpi0: BAT0 model "CRB Battery 0" serial Battery 0 type Fake oem "-Virtual Battery 0-" acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpiac0 at acpi0: AC unit online acpibtn0 at acpi0: LID0 acpi0: WARNING EC not i
Re: Does softraid RAID1 evenly distribute the read load?
On 7 November 2013 03:56, Federico Giannici wrote: > For a decision I have to do, I have to know if the RAID1 implementation in > softraid evenly distributes the "read" load through all the disks. Yes, it does exactly that. Take a look yourself: http://bxr.su/o/dev/softraid_raid1.c#sr_raid1_rw > So, for example: with a two identical disks RAID1 implementation, can we > roughly assume that write speed is almost the same speed of a single disk > while the read speed is almost the double? With RAID1, write speed would be the speed of the slowest disc. If you have many discs, even if they're supposedly identical, you might want to individually test their speeds, and make sure to create separate RAID1 arrays that group discs of the same performance tiers together, to get higher overall performance from the system. Random access read capacity should indeed be roughly the sum of the average of all discs, yes. I understand that OpenBSD's softraid raid1 differs from other softraid solutions, where others frequently use only one disc for sequential reads from a single thread or so; OpenBSD always interleaves reads, evenly distributing «the "read" load through all the disks», exactly as you seem to require. > I know that reality is not so simple, but it's only to have an "ideal" > situation to understand the working of the system. Only way is to look at the code! :-) C.
Re: Does softraid RAID1 evenly distribute the read load?
On 11/07/13 14:25, Joel Sing wrote: On Thu, 7 Nov 2013, Federico Giannici wrote: For a decision I have to do, I have to know if the RAID1 implementation in softraid evenly distributes the "read" load through all the disks. Yes, reads are interleaved across all online chunks. So, for example: with a two identical disks RAID1 implementation, can we roughly assume that write speed is almost the same speed of a single disk while the read speed is almost the double? As you note below, it is not this simple... if each disk is on a separate controller and there are no shared bottlenecks, this would be theoretically close. Also, since you can have more than two chunks in a softraid RAID1 volume, you could theoretically increase the read speed by further distributing it across disks/controllers. Last I checked, I got nothing of the sort. It's been a while since, indeed, but I believe the problem was that reading every other chunk from a disk as opposed to reading each of them did not improve anything. Still have to spin the disk etc. I looked into making the selection of which chunk to read from a bit smarter and succeeded in my limited setup (i.e. one process reading from one physical disk and another processes reading from another), but only as proof-of-concept. This may differ on other types of disks, *especially* ssd disks, where I would expect up to the double read capacity. /Alexander I know that reality is not so simple, but it's only to have an "ideal" situation to understand the working of the system. Right. Obviously benchmarking would be good starting point :)
Re: does this patch make sense?
On 11/07/13 17:32, Ted Unangst wrote: > On Thu, Nov 07, 2013 at 17:19, Peter J. Philipp wrote: > >>> + gid = getgid(); >>> + >>> + if (setgroups(1, &gid) == -1) >>> + err(1, "setgroups"); >>> + >>> + if (setresgid(gid, gid, gid) == -1) >>> + err(1, "setresgid"); >>> + >>> if (setresuid(uid, uid, uid) == -1) >>> err(1, "setresuid"); >>> >> >> >> I thought about it and thought my patch didn't really do anything. So > > Right. This doesn't do anything. traceroute isn't setgid, it has no > group privileges to revoke. > > >> /* DiffServ Codepoints and other TOS mappings */ >> + /* KEEP SORTED */ >> const struct toskeywords { >> const char *keyword; >> int val; >> @@ -1258,14 +1268,13 @@ map_tos(char *s, int *val) >> { NULL, -1 }, >> }; >> >> - for (t = toskeywords; t->keyword != NULL; t++) { >> - if (strcmp(s, t->keyword) == 0) { >> - *val = t->val; >> - return (1); >> - } >> - } >> + t = bsearch(s, toskeywords, nitems(toskeywords), sizeof(struct >> toskeywords), (int (*)(const void *, const void *))strcmp); > > I don't like the way this is abusing types. In fact, I don't think this > even works. Did you test it? A pointer to a struct toskeyword will not > have the same value as the keyword member. > > OK I'll stop abusing. Here is my reasoning for the setgid change. Pretend there is a way to break into the binary by means of the socket, then I thought it'd be neat if it was disallowed to write into groups that a user was in at the moment this binary was executed. I think this is paranoid enough. And yes I tested it. I used reliability keyword and throughput keyword and a notused keyword, they matched in tcpdump with the #defined values and bailed on the third keyword. # traceroute -t throughput venus traceroute to venus.centroid.eu (192.168.60.1), 64 hops max, 40 byte packets 1 uranus (192.168.34.1) 0.211 ms 0.188 ms 0.248 ms # 17:10:48.701844 192.168.34.4.52757 > 192.168.60.1.33435: [no cksum] udp 12 [tos 0x8] [ttl 1] (id 52758, len 40) To be honest I'm not at a high level as you so I don't understand what the last sentence means. I had the bsearch manpage to guide me and it was surprising to me this even worked so well. I'm gonna leave this the way it is now. -peter
Re: does this patch make sense?
On Thu, Nov 07, 2013 at 11:32:48AM -0500, Ted Unangst wrote: > On Thu, Nov 07, 2013 at 17:19, Peter J. Philipp wrote: > > >> + gid = getgid(); > >> + > >> + if (setgroups(1, &gid) == -1) > >> + err(1, "setgroups"); > >> + > >> + if (setresgid(gid, gid, gid) == -1) > >> + err(1, "setresgid"); > >> + > >> if (setresuid(uid, uid, uid) == -1) > >> err(1, "setresuid"); > >> > > > > > > I thought about it and thought my patch didn't really do anything. So > > Right. This doesn't do anything. traceroute isn't setgid, it has no > group privileges to revoke. > > > > /* DiffServ Codepoints and other TOS mappings */ > > + /* KEEP SORTED */ > > const struct toskeywords { > > const char *keyword; > > int val; > > @@ -1258,14 +1268,13 @@ map_tos(char *s, int *val) > > { NULL, -1 }, > > }; > > > > - for (t = toskeywords; t->keyword != NULL; t++) { > > - if (strcmp(s, t->keyword) == 0) { > > - *val = t->val; > > - return (1); > > - } > > - } > > + t = bsearch(s, toskeywords, nitems(toskeywords), sizeof(struct > > toskeywords), (int (*)(const void *, const void *))strcmp); > > I don't like the way this is abusing types. In fact, I don't think this > even works. Did you test it? A pointer to a struct toskeyword will not > have the same value as the keyword member. The first field of a struct has the same address as the the struct itself. Still I consider this bad form and overkill. -Otto
Re: UPDATE: libsamplerate 0.1.8
On Nov 07 15:57:59, st...@openbsd.org wrote: > On 2013/11/07 16:19, Jan Stary wrote: > > On Nov 07 02:08:38, b...@comstyle.com wrote: > > > On 04/10/13 12:52 AM, Brad Smith wrote: > > > >Here is an update to libsamplerate 0.1.8. > > > > > > > >OK? > > > > > > ping. > > > > This diff does not apply to current audio/libsamplerate for me ... > > It does for me.. I've pastebin'd it for you though: > > curl http://pbot.rmdir.de/q5t5kf7RO5F5_tAL9-Gj6g | patch -Ep0 -d > /usr/ports/audio/libsamplerate Hm, I must have mangled it somehow. This works, and the port looks fine. Thanks for adding the .../doc/... Jan
Re: does this patch make sense?
On Thu, Nov 07, 2013 at 17:19, Peter J. Philipp wrote: >> + gid = getgid(); >> + >> + if (setgroups(1, &gid) == -1) >> + err(1, "setgroups"); >> + >> + if (setresgid(gid, gid, gid) == -1) >> + err(1, "setresgid"); >> + >> if (setresuid(uid, uid, uid) == -1) >> err(1, "setresuid"); >> > > > I thought about it and thought my patch didn't really do anything. So Right. This doesn't do anything. traceroute isn't setgid, it has no group privileges to revoke. > /* DiffServ Codepoints and other TOS mappings */ > + /* KEEP SORTED */ > const struct toskeywords { > const char *keyword; > int val; > @@ -1258,14 +1268,13 @@ map_tos(char *s, int *val) > { NULL, -1 }, > }; > > - for (t = toskeywords; t->keyword != NULL; t++) { > - if (strcmp(s, t->keyword) == 0) { > - *val = t->val; > - return (1); > - } > - } > + t = bsearch(s, toskeywords, nitems(toskeywords), sizeof(struct > toskeywords), (int (*)(const void *, const void *))strcmp); I don't like the way this is abusing types. In fact, I don't think this even works. Did you test it? A pointer to a struct toskeyword will not have the same value as the keyword member.
Re: does this patch make sense?
On 11/07/13 15:41, Peter J. Philipp wrote: > Just for extra paranoia's sake? Against 5.4 sources. > > -peter > > diff -u -p -u -r1.82 traceroute.c > --- traceroute.c10 Feb 2012 23:05:54 - 1.82 > +++ traceroute.c7 Nov 2013 14:36:44 - > @@ -310,6 +310,7 @@ main(int argc, char *argv[]) > const char *errstr; > long l; > uid_t uid; > + gid_t gid; > u_int rtableid; > > if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0) > @@ -319,6 +320,14 @@ main(int argc, char *argv[]) > > /* revoke privs */ > uid = getuid(); > + gid = getgid(); > + > + if (setgroups(1, &gid) == -1) > + err(1, "setgroups"); > + > + if (setresgid(gid, gid, gid) == -1) > + err(1, "setresgid"); > + > if (setresuid(uid, uid, uid) == -1) > err(1, "setresuid"); > I thought about it and thought my patch didn't really do anything. So then I added another piece that doesn't really do anything but saves CPU cycles. I tested this with tcpdump and it seems to update the TOS accordingly. -peter === RCS file: /cvs/src/usr.sbin/traceroute/traceroute.c,v retrieving revision 1.82 diff -u -p -u -r1.82 traceroute.c --- traceroute.c10 Feb 2012 23:05:54 - 1.82 +++ traceroute.c7 Nov 2013 16:13:54 - @@ -310,6 +310,7 @@ main(int argc, char *argv[]) const char *errstr; long l; uid_t uid; + gid_t gid; u_int rtableid; if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0) @@ -319,6 +320,14 @@ main(int argc, char *argv[]) /* revoke privs */ uid = getuid(); + gid = getgid(); + + if (setgroups(1, &gid) == -1) + err(1, "setgroups"); + + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); + if (setresuid(uid, uid, uid) == -1) err(1, "setresuid"); @@ -1224,6 +1233,7 @@ int map_tos(char *s, int *val) { /* DiffServ Codepoints and other TOS mappings */ + /* KEEP SORTED */ const struct toskeywords { const char *keyword; int val; @@ -1258,14 +1268,13 @@ map_tos(char *s, int *val) { NULL, -1 }, }; - for (t = toskeywords; t->keyword != NULL; t++) { - if (strcmp(s, t->keyword) == 0) { - *val = t->val; - return (1); - } - } + t = bsearch(s, toskeywords, nitems(toskeywords), sizeof(struct toskeywords), (int (*)(const void *, const void *))strcmp); + if (t == NULL) + return (0); - return (0); + *val = t->val; + + return (1); } void
Re: wanna be sys admin question
On Nov 07 06:21:09, m...@sci.fi wrote: > On 07 Nov 2013, at 06:09, Predrag Punosevac wrote: > > > I am soliciting opinions and some guidance on few very general sys admin > > questions. > > > > 1. What do people in general use to parse large amount of log files > > received in the form of e-mails? security/logsurfer and similar. I have > > seen some in the ports tree. > > Perl. You won?t be much of a sysadmin if you don?t take the time to master > perl. awk, to avoid perl
does this patch make sense?
Just for extra paranoia's sake? Against 5.4 sources. -peter diff -u -p -u -r1.82 traceroute.c --- traceroute.c10 Feb 2012 23:05:54 - 1.82 +++ traceroute.c7 Nov 2013 14:36:44 - @@ -310,6 +310,7 @@ main(int argc, char *argv[]) const char *errstr; long l; uid_t uid; + gid_t gid; u_int rtableid; if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0) @@ -319,6 +320,14 @@ main(int argc, char *argv[]) /* revoke privs */ uid = getuid(); + gid = getgid(); + + if (setgroups(1, &gid) == -1) + err(1, "setgroups"); + + if (setresgid(gid, gid, gid) == -1) + err(1, "setresgid"); + if (setresuid(uid, uid, uid) == -1) err(1, "setresuid");
Re: Does softraid RAID1 evenly distribute the read load?
On Thu, 7 Nov 2013, Federico Giannici wrote: > For a decision I have to do, I have to know if the RAID1 implementation > in softraid evenly distributes the "read" load through all the disks. Yes, reads are interleaved across all online chunks. > So, for example: with a two identical disks RAID1 implementation, can we > roughly assume that write speed is almost the same speed of a single > disk while the read speed is almost the double? As you note below, it is not this simple... if each disk is on a separate controller and there are no shared bottlenecks, this would be theoretically close. Also, since you can have more than two chunks in a softraid RAID1 volume, you could theoretically increase the read speed by further distributing it across disks/controllers. > I know that reality is not so simple, but it's only to have an "ideal" > situation to understand the working of the system. Right. Obviously benchmarking would be good starting point :) -- "Action without study is fatal. Study without action is futile." -- Mary Ritter Beard
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
On Thu, 07 Nov 2013 00:08:00 -0500, Ted Unangst wrote: > Is this the correct behavior? As I understand it, when I run sudo, it > asks for my password because it wants me to prove I'm me. I don't have > to authenticate as the destination user, so why is the destination > user's auth style being used? No, which is why I suggested he backout the change in question. OpenBSD-current has the missing parts of the change from sudo 1.7.9. - todd
Does softraid RAID1 evenly distribute the read load?
For a decision I have to do, I have to know if the RAID1 implementation in softraid evenly distributes the "read" load through all the disks. So, for example: with a two identical disks RAID1 implementation, can we roughly assume that write speed is almost the same speed of a single disk while the read speed is almost the double? I know that reality is not so simple, but it's only to have an "ideal" situation to understand the working of the system. Thanks.
Re: Ivy Bridge-EP Xeon (E5-2637v2) and Intel C602 Patsburg-A Chipset support
Hi, sadly OpenBSD does not boot with the latest Ivy Bridge EP (E5-2637v2) with 'Power Technology' in the supermicro BIOS set to 'Max Performance', on both 5.4 release and the snapshot dated Nov 3rd; [demime 1.01d removed an attachment of type image/jpeg which had a name of image.jpeg] If I reset the bios to optimised defaults it does boot which is good.. But as soon as I enable the max performance mode I get the error seen in the attached image. Thankfully disabling HTT and disabling the other cores (leaving only 2 running) to enable 'Turbo' does work! However even with the BIOS set to defaults I still see these errors though during boot; [demime 1.01d removed an attachment of type image/jpeg which had a name of image.jpeg] Cheers, Andy Sent from my iPhone Sent from my iPhone > On 5 Nov 2013, at 21:18, Pedro Federico wrote: > > Sorry for replying my own message but my comment to Andy got wrongly into > the quote. Just to ensure he sees it: > > Ok, when you test it please tell us how it worked > > Thank you both. > > > 2013/11/5 Pedro Federico > >> 2013/11/5 Andy >> >>> Hi, No I have been waiting for the hardware to arrive as the chips are so >>> new (Sept 2013). >>> >>> C6xx chipsets work fine as Chris said, crossing fingers for Ivy >>> Bridge-EP, this is a few generations ahead of the 55xx CPUs, but I'm sure >>> they will work great as the instruction set is the same. >>> >>> Will be testing in the next week or two. >>> >>> >>> Ok, when you test it please tell us how it worked. >> >> >> Thank you both.
Re: OpenSMTPD won't start after last update
Janne, I did check the -current changes. Problem is I was looking at http://openbsd.org/faq/current.html, where this is not reflected. I will update my bookmarks to use www.openbsd.org from now on. Gilles, using lowercase letter for the hostname did it, thanks. Best regards, Nikola Gyurov On Thu, Nov 7, 2013 at 7:46 AM, Gilles Chehade wrote: > On Thu, Nov 07, 2013 at 02:23:43AM +, Nikola Gyurov wrote: >> >> [...] >> >> /etc/mail # egrep -v '^(#|$)' /etc/mail/smtpd.conf | head -6 >> pki core.Techn0.eu certificate "/etc/mail/certs/core.Techn0.eu.crt" >> pki core.Techn0.eu key "/etc/mail/certs/core.Techn0.eu.key" >> pki core.Techn0.eu dhparams "/etc/mail/certs/core.Techn0.eu.dh" >> >> [...] >> > > can you try with an all-lowercase hostname ? > > I think we're missing a call to lowercase() in our configuration parsing > and I'll have a fix for that in a few minutes if you can confirm that it > solves your issue too. > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg