Re: time based rules on pf
As you already know, that feature doesn't exist. cron should help this time -if you have any faith at all in its granularity!-. You'd better write some kind of daemon to help updating those pf tables on the fly... May the code be with you. El 17/05/2010 16:03, Leonardo Carneiro - Veltrac escribis: There is a way to do time-based rules on pf? Something like "this packet will /pass/ from 10h to 13h" or "this packet will /pass/ until 22h, 13 june". I mean, there is a built-in mechanic to do this in pf or i'll need to write a script in cron to add and remove rules? Tks in advance
Re: OpenBSD culture?
That attitude is shelfish, and I will try to state why: Linux want to conolize the world; OpenBSD exists for its own sake, that is the same as saying for the sake of both developer and curious users. You are expecting OpenBSD community should embrace you because Linux would like it: "A new adept!". But this is not the case. If you have a little hacker inside you, understand some basic principles and are willing to learn, OpenBSD community will show you how incredible knowledgeable and helpful can be. If you are just knocking doors hoping a welcome pie, well... Just look for another door. We are not looking for friends, but hacker friends! :) Regards! Dani El 14/04/2010 11:11, Zachary Uram escribiC3: As a long time Linux user I will soon try out OpenBSD, I have been reading the list emails and contacted 1 OpenBSD top person who was very rude. There is some of the "RTFM" or "get lost" attitude in Linux, but if a questioner seems sincere there is usually a certain level of friendliness in Linux community towards them. Just what I have briefly observed the OpenBSD community is more abrupt and less interested in helping newbies, they prefer one find the answer solely on their own if possible. I must say I detect a certain attitude that smacks of superiority and even condescension at times. Is this a fair assessment of 6the OpenBSD culture? Zach <>< http://www.fidei.org><>
Re: How to make FTP work from the firewall system?
From the FAQ, read: http://www.openbsd.org/faq/pf/ftp.html Regards, Dani El 16/03/2010 4:49, Dave Anderson escribis: I'm configuring a notebook which will use PF to protect itself from the environments in which I use it, and would like to have FTP 'just work' on it -- whether it's from an explicit FTP command, from a browser, or embedded in some other program or script. Unfortunatly there doesn't seem to be any really good way to do this when a system is its own firewall; the best tool I've found so far is 'ftpsesame', which acknowledges a couple of significant problems (there's no guarantee that the PF rules changes it makes will happen in time, and inspecting packets 'on the fly' without a full TCP stack is errorprone). I'd expect this to be a rather common desire; is there a good solution that I've missed? Suggestions are very welcome. I do notice that 4.7 has a new divert-to-userland ability that looks like it could be used to solve this problem properly, by intercepting outbound and inbound control-connection packets on the egress interface. If I read the documentation correctly, ftp-proxy has not (yet) been updated to work this way; is anyone known to be planning to do this? Thanks, Dave
Re: Joomla - MySQL Problem: "Could not connect to MySQL"
Not quite a solution, I think. What about if /var/www mounts in a different filesystem than /var? Hardlinks from chrooted environments don't seem to be a wise solution anyway... Just IMHO. Regards, Dani El 12/03/2010 12:16, Sunnz escribiC3: 2010/3/11 Jan: I didn't notice, that httpd was still running. kill -TERM ID_of_httpd httpd -u solved the problem. Thank you! Everything works fine! Now that it works we know that it was a problem with chroot. It might be a good practice now to hardlink the mysql.sock in the chroot directory so that you can run apache chrooted... I think you do something like: # mkdir -p /var/www/var/run/mysql # ln -f /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock Then if you shut down httpd and start it again, you shouldn't need "-u" any more.
Re: AMD power reduction
If absolute raw power is not mandatory, you may have a look at Atom-based servers -like http://www.supermicro.es/?opcion=contenido&plt=notas&id=137 for example-. This servers consumption should make a difference when working on renovable energy sources. Regards! Jean-Francois escribis: Le lundi 08 fivrier 2010 04:10:22, Nick Holland a icrit : With all this talk about power reduction...I'm going to toss out one small suggestion: Get a Wattmeter, and measure... Don't waste your time speculating. Hello, I did. It's consuming some 90 Watts at idle. Actually, it's an Athlon but the latest Sempron has an even reduced TDP. My next server will be based on it. Actually even 70 Watts is a little bit high for my next server given the fact it will be in an autonomous environment (small wind/solar generators). Regards
Re: USB voltmeter or DAQ module, small, inexpensive, with OpenBSD support
With a proto board and some skills, you could build a serial system with a total cost around US$30, small enough to not even need a rail support. You could also try to hang on the I2C iface of your mainboard and add you own devices, but if you're not so much into electronics... Go the Arduino way; readily available, cheap as chips and infinite expansion boards. Ralph Becker-Szendy escribis: For one of my OpenBSD machines, I need to be able to measure a few analog voltages, and act on them in a control process. The requirements are quite simple compared to typical data acquisition: I absolutely need two voltage inputs, either 0-20V or 0-100mV; doesn't have to be differential, acquisition can be slow (1s is fine), and resolution can be as small as 10-12 bits (1% accuracy is more than good enough). A few extra input channels, more accuracy/resolution, and a few digital IOs wouldn't hurt, but are not necessary. DIN rail mounting and connection breakout would be nice, but can be improvised. On the software side, there will be OpenBSD, with ad-hoc monitoring and control scripts. With a little programming and script-writing, I can adapt anything that the OS can reasonably access. Now come the issues: I can't use PCI cards, only external units, most likely connected via USB (as Ethernet and serial are expensive or rare). And it needs to have some software support under OpenBSD - a Windows- or Linux-only solution doesn't work. And this application is not worth spending thousands of $$$. For Windows and LabView, solutions are easy to find (for example EMant300, DAQPodMX, a variety of Omega products). Does anyone now of a solution that would work with OpenBSD?
Re: SMP
It is true, and AFAIK, todays it's a topper nice task... almost 20. Regards, Dani Donald Allen escribis: My understanding is that OpenBSD still employs the Giant Lock approach to SMP, serializing access to kernel services. Is this still true? If it is, do Theo and the other kernel developers consider it a priority to improve this? (I am NOT complaining. I completely understand that OpenBSD is a labor of love and that development resources are limited and that doing SMP right isn't easy. I'm simply trying to get an idea of whether this is likely to be addressed in the near future or not.) /Don Allen
Re: Connect to wireless Access Point according to MAC address
'man ifconfig' states you can use bssid parameter to specify your desired bssid -automatic is the default mode-. So you may try 'ifconfig iwn0 nwid Open bssid 00:0b:0e:33:ed:00'. Regards, Dani Milin escribiC3: Hi all, I'd like to connect to the wireless AP according to its MAC address. For example there are two wireless AP nwid Open chan 6 bssid 00:0b:0e:29:06:40 189dB 54M short_preamble,short_slottime nwid Open chan 6 bssid 00:0b:0e:33:ed:00 172dB 54M short_preamble,short_slottime and I'd like to connect to the second one (00:0b:0e:33:ed:00). With ifconfig iwn0 nwid Open up it connects to the first one. I have googled, but haven't found anything useful. I'm using OpenBSD 4.6 and wireless NIC is iwn0. Thanks a lot, Milan
Re: Does Atom dual-core work with SMP?
As a rule of dumb, and as far as the big lock is present -OpenBSD has not the best performance-wise SMP solution out there-, if your dealing with high I/O rates -all computing at kernel space-, a dual core system isn't going to scale very well... So you will get similar performance on both platforms. If all your computing needs stay in user space, or money is not a concern, or you are looking to help improving SMP for OBSD, then go for the 330 :) Douglas Maus escribis: Does anyone have experience whether dual core actually gets better OpenBSD SMP performance between the Intel Atom 230 (single core) and Atom 330 (dual core)? (such as between the Supermicro SYS-5015A-L and Supermicro SYS-5015A-H) Is the Atom 330 worth the extra bucks? Thanks for any insight.
Re: Spanish language resources for OpenBSD
Searching my favourites I've found these two sites to be up and running with fresh info and active comunities: http://openbsdcolombia.org/ http://www.openbsderos.org/ Good luck with the project! Dani Chris Bennett escribis: Abel Abraham Camarillo Ojeda wrote: I also don't like too much translating... but can help whenever possible (native spanish speaker). It's just that all the people that I know that can use (thoroughly) OpenBSD in my city can also read english very well (at least)... On Tue, Nov 17, 2009 at 08:24:54AM +0100, Daniel Gracia Garallar wrote: I'm not aware of many spanish resources... AFAIK, the only big resource centre was the Mexican community, but now it seems to be gone with all their translated and own documents. I'd never been a big advocate of translating efforts, but as a native spanish speaker, I should help whenever possible :) The group of people I am working with don't speak English. They also have more limited needs for a computer. OpenBSD offers an excellent price (free), for basic computing needs: web browsing, sending email, word processing, editing photos, etc. Their main cost will be just buying a computer, even older equipment works very well with OpenBSD. Oh, yeah. I think it would be appropriate if I sent in a donation with each install I do like this. There is that website that records older websites, waybackmachine or something like that. Maybe the Mexican site has been recorded there? I will try and look for it. Chris Bennett
Re: Please use this to convert people to OpenBSD
Ey, nice project! And appears just on time... I was missing an alternative to Wordpress for my not-caring-about-never-used-features fellows. Will give it a try :) Jason Dixon escribis: On Tue, Nov 17, 2009 at 05:46:00PM +0530, Girish Venkatachalam wrote: Dear friends, Please stop spamming the list about your project. I'm happy to see it exists, but I think it's inappropriate (and annoying) to email misc@ on a daily basis (4 days now). A more appropriate venue would be the OpenBSD Journal. Why don't you submit a story? P.S. Today's promotion of liveusb-openbsd is bordering on zealotry. Zealotry is stupid and attracts users we don't want in the first place. P.P.S. I think I need to go blog about this now. http://blogsum.obfuscurity.com/ ;)
Re: OpenBSD blog software
[...] P.S. And this will be the last you hear about it from me. ;) I hope this doesn't come to mean the project falls dead. I've been reading the source and seems surprisingly simple, but those damned regulars... hehehe. My treat!
Re: Spanish language resources for OpenBSD
I'm not aware of many spanish resources... AFAIK, the only big resource centre was the Mexican community, but now it seems to be gone with all their translated and own documents. I'd never been a big advocate of translating efforts, but as a native spanish speaker, I should help whenever possible :) Regards, Dani Chris Bennett escribis: I am now going to be setting up occasionally but regularly OpenBSD machines for people who only speak Spanish. I have already found the language packs for kde, openoffice, firefox and thunderbird. I just accidentally figured out that that www.openbsd.org has a couple a pages in Spanish, but no links to them from site that I could find. Is there anyone actively maintaining Spanish translations? Most of what I found was several releases old or even older. Is there a particular site that has "got it all?" I also saw a while back on ports that scrotwm was adding man pages in some additional languages, but I don't see any signs of that. Was that just for non-OpenBSD versions? Thanks, Chris Bennett
OpenBSD platform of choice?
Hi there! Now that I have to change my little server farm and I'm able to choose a new platform, I would like to choose wisely. It's a matter of fact that Intel x86 is bogus-prone, and after experimenting a lot with OpenBSD and listening about the different archs since several years ago, I tend to think that most of the delevopers have a taste for Sparc derived machines as being more... predictable. But of course, no machine is bug free. So thinking about security and stability, what would be your OpenBSD platform of choice? Keep in mind that in this question price is not a factor. I'm just curious about preferences based on CPU features and their implementation on OpenBSD. Regards! Dani
Re: 200g harddisk after newfs = Available 174g?
Manufactures use the 'giga' prefix in the International System meaning. That said, 1Gb would be 10^9 = 1,000,000,000 bytes. Computer programmers, OS and all around computer chit-chat use the prefix 'giga' to refer 2^30 = 1,073,741,824 bytes. IEC recommends calling this GiB, but it's uncommon. Today, you could assume safely only manufacturers write Gb in the International System meaning; everybody else is refering to GiBs when talking about Gb. Sum this fact with filesystem overhead, and you may get all your space! Jennifer Ma escribis: hi all, lately, i obtained a seagate 200g(wd1) harddisk from my elder brother, after i disklabel, newfs and mount the disk. only 174g is shown as available, in windows(through samba), said 9.16g already been used. is there any way i can claim those space back? much thanks! # disklabel wd1 # /dev/rwd1c: type: ESDI disk: ESDI/IDE disk label: ST3200826A flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 16383 total sectors: 390721968 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a:390721905 63 4.2BSD 2048 163841 c:3907219680 unused # df -h # Filesystem SizeUsed Avail Capacity Mounted on /dev/wd0a 1.8G1.4G313M82%/ /dev/wd1a 183G2.0K174G 0%/www01
Re: Trouble with a uaudio(4) device
Probably you'll have to create the /dev/audio1 device. Just go to /etc and make a 'sudo MAKEDEV audio1'. This script will create all the required devs to operate your audio card. Regards! Dani Jona Joachim escribis: Here's the dmesg output when I plug in the device: uaudio0 at uhub3 port 2 configuration 1 interface 0 "Ten X Technology, Inc. USB AUDIO" rev 1.10/2.04 addr 2 uaudio0: ignored input endpoint of type adaptive uaudio0: audio rev 1.00, 4 mixer controls audio1 at uaudio0 uhidev1 at uhub3 port 2 configuration 1 interface 3 "Ten X Technology, Inc. USB AUDIO" rev 1.10/2.04 addr 2 uhidev1: iclass 3/1 uhid0 at uhidev1: input=8, output=8, feature=0 uhidev2 at uhub3 port 2 configuration 1 interface 4 "Ten X Technology, Inc. USB AUDIO" rev 1.10/2.04 addr 2 uhidev2: iclass 3/1, 3 report ids uhid1 at uhidev2 reportid 3: input=1, output=0, feature=0 When I try to use it I get the following errors: han% audioctl -f /dev/audio1 audioctl: /dev/audio1: Device not configured han% aucat -f /dev/audio1 -l aucat: /dev/audio1: can't open device I don't really know how to debug this any further. This is on i386 -current. Here's some more info about the hardware: port 2 addr 2: full speed, power 500 mA, config 1, USB AUDIO(0xf211), Ten X Technology, Inc.(0x1130), rev 2.04 n% usbhidctl -f /dev/uhid0 No_Event=1 [0] No_Event=1 [1] No_Event=1 [2] No_Event=1 [3] No_Event=1 [4] No_Event=1 [5] No_Event=1 [6] No_Event=1 [7] Undefined.Num_Lock=0 Undefined.Caps_Lock=0 Undefined.Scroll_Lock=0 Undefined.Compose=0 Undefined.Kana=0 Undefined.Power=0 Undefined.Shift=0 Undefined.Do_Not_Disturb=0 Undefined.Mute=0 Undefined.Tone_Enable=0 Undefined.High_Cut_Filter=0 Undefined.Low_Cut_Filter=0 Undefined.Equalizer_Enable=0 Undefined.Sound_Field_On=0 Undefined.Surround_Field_On=0 Undefined.Repeat=0 Undefined.Stereo=0 Undefined.Sampling_Rate_Detect=0 Undefined.Spinning=0 Undefined.CAV=0 Undefined.CLV=0 Undefined.Recording_Format_Detect=0 Undefined.Off-Hook=0 Undefined.Ring=0 Undefined.Message_Waiting=0 Undefined.Data_Mode=0 Undefined.Battery_Operation=0 Undefined.Battery_OK=0 Undefined.Battery_Low=0 Undefined.Speaker=0 Undefined.Head_Set=0 Undefined.Hold=0 Undefined.Microphone=0 Undefined.Coverage=0 Undefined.Night_Mode=0 Undefined.Send_Calls=0 Undefined.Call_Pickup=0 Undefined.Conference=0 Undefined.Stand-by=0 Undefined.Camera_On=0 Undefined.Camera_Off=0 Undefined.On-Line=0 Undefined.Off-Line=0 Undefined.Busy=0 Undefined.Ready=0 Undefined.Paper-Out=0 Undefined.Paper-Jam=0 Undefined.Remote=0 Undefined.Forward=0 Undefined.Reverse=0 Undefined.Stop=0 Undefined.Rewind=0 Undefined.Fast_Forward=0 Undefined.Play=0 Undefined.Pause=0 Undefined.Record=0 Undefined.Error=0 Undefined.Usage_Selected_Indicator=0 Undefined.Usage_In_Use_Indicator=0 Undefined.Usage_Multi_Mode_Indicator=0 Undefined.Indicator_On=0 Undefined.Indicator_Flash=0 Undefined.Indicator_Slow_Blink=0 Undefined.Indicator_Fast_Blink=0 han% usbhidctl -f /dev/uhid1 Consumer_Control.Volume_Up=0 Consumer_Control.Volume_Down=0 Consumer_Control.Mute=0 Consumer_Control.Scan_Next_Track=0 Consumer_Control.Scan_Previous_Track=0 Consumer_Control.Pause/Play=0
Re: calendar typo?
It all depends, as Paraguay has two native languages: spanish and guaranm. In spanish, the country name is written as 'Paraguay', and 'Paraguai' in guaranm. I barely, if ever, have read 'Paraguai' in any text, maybe because I'm a native spanish speaker. So 'Paraguay' goes for me. Igor Sobrado escribis: On Tue, Aug 25, 2009 at 11:16 AM, frantisek holop wrote: hi there, Aug 25 Constitution Day in Paragual shouldn't that be Paraguai? Indeed, it is a typo. However, is it not a much more usual spelling "Paraguay"?
Re: Bind ntpd on certain interface?
The problem here is not the list attitude, but your silly "That's right, I've already done it, I know, I know" when somebody corrects you. That makes developers angry. Obviously something was wrong with your configs, and you think you know what, but don't. And that's worse than knowing you don't know. Then you did, what? Compete with developers for your truth? Lame. Nobody can force you, but I'll encorauge you stop whining because people are harsh at you: They know what they're talking about, so listen them before listening yourself. Regards, Dani Nice Daemon escribis: Can you please leave? Can you please force me? Honestly are you really that stupid to not understand when your welcome? No, I'm certainly not stupid. I'm just *re*acting (to remind you; in case you are actually able to *read*, you should already know it). People (Henning, Theo) started to bark at me when I asked for help. They didn't provide any help, they just needed someone to throw their words at. Seems like they have a severe need for psycho analysis (but hey, this is well-known throughout the net for Theo!). I don't think that this is normal behaviour, and I don't think that people appreciate it being treated like this. It seems (for years and years) that this is your (OpenBSD's developers/communities/whatever) attitude, so be it. But don't think that people being insulted will actually give donations to you or pay money to buy a CD/DVD set. They will (at max) use your software and never return anything back to you (the project) because they know, out of their own memories, because they read the list or because they read about this on other places, that you will insult them. You are the kids that nobody wants to play with. That nobody wants to fall in love with, that will die alone. Unloved. But it would be so easy to change: Just say 'hi!' instead of 'what do you motherfucking prick want?!'. :) Do you think anybody likes to help a prick like you? The OpenBSD mailing list is the only place I don't seem to be welcome. And guess what: I can live with it. Proudly. Joe -- :wq Claudio
Re: Is Radeon HD 4870 okay?
Shall you be dual booting your computer, you may consider using a virtual machine to exec OpenBSD, or even getting some 'el-cheapo' CPU to install OpenBSD and use it through SSH/Xming from you current system, to make full use of your terminal full resolution. Regards, Dani Sviatoslav Chagaev escribis: Hello, I want to buy a new video card, and I'm considering ATI Radeon HD 4870. On UNIX (OpenBSD that is), I need the card to: * be capable of 1920x1...@60hz resolution on DVI-D * have 2D acceleration (including X-Video) 3D acceleration would be nice but is not required. I dual-boot for games, so buying something older won't do, I need fairly modern and powerful hardware. My motherboard (ASUS M3N78-EM) has a GeForce 8300 chipset (not supported by "open source"/magic-number nv driver, and I couldn't force vesa driver to 1920x1080), I'm intending to run OpenBSD/amd64. So, will 4870 work okay in OBSD? If not, could you please suggest something that would meet the two above-mentioned criteria and be powerful enough for gaming? Thanks!
Re: FTP public
Always read the FAQ first. To support an active FTP server, you should allow traffic for ftp, ftp-data port and also all between net.inet.ip.porthifirst and net.inet.ip.porthilast ports, as configured by sysctl(8). Regards! Dani Yamidt Henao escribis: Hi, I cant publish a ftp server using the pf, my ftp server used autenticacion,I have in pf: #1: rdr on $ext_if proto tcp from any to ($ext_if) port { ftp-data } -> port ftp-data #2: rdr on $ext_if proto tcp from any to ($ext_if) port { ftp } -> port ftp but I cant connect ftp sesions. Any idea. Y.H
Re: English and Spanish keyboard at same time?
Are you working with X, or shell only? Dani Chris Bennett escribis: I do most of my work in English, but I also do a small amount in Spanish. I have a Spanish keyboard, but when I tried hooking it up, didn't get what was on keys. Is there any way to change this dynamically so that I can switch back and forth easily? Chris Bennett
Re: System load stays high for no reason
Maybe these figures annoy you because you don't understand system load for OBSD. Take a look at http://www.undeadly.org/cgi?action=article&sid=20090715034920 Regards, Dani Jan-Erik Skata escribis: I have done a fresh install of 4.5, as a basic firewall (ethernet-ethernet) and web server with Apache, PHP and MySQL. This is a dual CPU machine (Celeron 466) and I am using the SMP kernel. For some reason the system load has a tendency to stick at around 0.6-0.7, even if I shut down all services and pull the extranet cable. After a reboot it was OK (0.05-0.08) for a while. I have not seen this with an earlier release. Anybody else having experienced this?
Re: pf problem / maybe bug in parser
Holger, we should adhere to KISS principle. So, pf rulesets are fine like they are if they are working as expected, and this is our case. If you're missing some warning feature maybe you would try to write an aux app -` la lint for C- that could parse a pf.conf and look for suspect behaviour. But keep in mind, these needs are not usual between heavy users of pf, so it's unlikely it would be implemented anytime soon -never is more like it-. Regards! Dani Paul de Weerd escribis: On Fri, Jul 17, 2009 at 11:11:22AM +0200, Holger Glaess wrote: | you are right but i think it is really helpful if pfctl give an | warning if he found those kind of line that you can decide if this | rule to want or a miss typo that have to be correct. And the next guy wants a warning when you block ssh access. Then the next guy has yet other things he thinks his firewall should never allow and wants to get warned when his rules do not match that. Yet another guy wants warnings for whatever it is he doesn't want his firewall to do. What I think you want is `pfctl -vf /etc/pf.conf`. The -v will tell you what rules are loaded. Should be enough warning for you. If you can't verify your ruleset after loading it, I really think you have bigger problems than what can be solved with a warning. Paul 'WEiRD' de Weerd
Re: spamd nixspam.gz not found
Talking about wget... Wouldn't be more convenient calling 'ftp http://www.blahblah.net/myitem.gz'? I use to recover files that way; works like a charm and allows getting files from http servers without installing any ports/packages. Regards, Dani patrick keshishian escribiC3: On Wed, Jun 24, 2009 at 4:33 AM, Rod Whitworth wrote: On Wed, 24 Jun 2009 07:57:16 -0300, Jose Fragoso wrote: Hi, Actually, it is still there. But the format has changed and spamd is not being able to handle it because the IP address is now in the second column, like in: 2009-06-24T12:28+0200 117.199.144.132 So, for the time being, the best thing to do is to use wrapper script. Regards, Yep. Some time ago I ran into probs using the okean lists and I recently was bitten by this one. My solution was/is to set up spamd.conf to find those data by using the 'file method'. I do this because a failed fetch leaves the relevant filter without data. So I have cronjobs to fetch the data and format it if necessary, as in: 26 B B B 14 B B B * B B B * B B B * B B B /root/bin/okean that only needs to be updated once a day as it is slow to change. and: 31 B B B * B B B * B B B * B B B * B B B /root/bin/nixpix so that: 37 B B B * B B B * B B B * B B B * B B B /usr/libexec/spamd-setup works properly. okean: #!/bin/sh ftp -o /var/db/china.txt http://www.okean.com/chinacidr.txt ftp -o /var/db/korea.txt http://www.okean.com/koreacidr.txt nixpix: #!/bin/sh cd /root/data rm -f nixspam /usr/local/bin/wget -q www.openbsd.org/spamd/nixspam.gz if [ $? -eq 0 ] ; then B B B B gunzip nixspam.gz B B B B cut -d " " -f 2 nixspam >/var/db/nixspam fi exit spamd.conf points at the outputs of those scripts. If any of those fetches fails, the previous data is still in place to maintain spamd when it runs each hour. Umm... you are explicitly doing and 'rm -f nixspam' in your script before wget. --patrick
Re: random crashes on a firewall with OpenBSD 4.5-stable
Can't read that? Custom compiled kernel and cac error speaks by themselves; dirty solution, try other disk controller. Best solution, discard you don't have bad hardware and, if everything is ok, make contact with developers and help searching for a code patch to improve the RAID adapter driver. Regards! Dani ComC(te escribiC3: Hi, we are using the last OpenBSD 4.5-stable release on an old Compaq Proliant ML350 as a firewall with spamd. But we encounter randomly some system crashes (once a week or two weeks). The system always displays the same message: uvm_fault (0xd080d9e00x0,0,1) -> e kernel: page fault trap, code=0 Stopped at cac_pci_l0_intr_pending+0xb push 0x34 (%eax) What do you think it could be ? I thought about maybe a hardware problem but where exactly... I join my dmesg below Thanks for your advice ! OpenBSD 4.5-stable (GENERIC) #9: Sun May 17 22:59:17 CEST 2009 r...@arwen.saintlo.fr:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel" 686-class) 1.27 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267988992 (255MB) avail mem = 250839040 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (31 entries) bios0: vendor Compaq version "D11" date 01/29/2002 bios0: Compaq ProLiant ML350 G2 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC SPCR acpi0: wakeup devices PBTN(S5) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 3 (boot processor) cpu0: apic clock running at 132MHz ioapic0 at mainbus0: apid 8 pa 0xfec0, version 11, 16 pins ioapic0: misconfigured as apic 0, remapped to apid 8 ioapic1 at mainbus0: apid 2 pa 0xfec01000, version 11, 16 pins ioapic1: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PCI1) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 31 degC acpibtn0 at acpi0: PBTN bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xc9800/0x1800 0xcb000/0x1800 0xcc800/0x4000! 0xd0800/0x1800 0xee000/0x2000! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06 pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06 pci1 at pchb1 bus 2 em0 at pci1 dev 1 function 0 "Intel PRO/1000T (82544GC)" rev 0x02: apic 2 int 0 (irq 5), address 00:02:b3:b9:0d:a4 em1 at pci1 dev 2 function 0 "Intel PRO/1000T (82544GC)" rev 0x02: apic 2 int 2 (irq 15), address 00:02:b3:b9:0d:7d re0 at pci1 dev 3 function 0 "D-Link Systems DGE-528T" rev 0x10: RTL8169/8110SB (0x1000), apic 2 int 4 (irq 15), address 00:1c:f0:6f:38:7e rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3 cac0 at pci1 dev 4 function 0 "DEC Compaq SMART RAID 42xx" rev 0x01: apic 2 int 6 (irq 11), Smart Array 431 scsibus0 at cac0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 34727MB, 512 bytes/sec, 71122560 sec total re1 at pci1 dev 5 function 0 "D-Link Systems DGE-528T" rev 0x10: RTL8169/8110SB (0x1000), apic 2 int 8 (irq 15), address 00:1c:f0:62:eb:12 rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3 fxp0 at pci0 dev 1 function 0 "Intel 8255x" rev 0x08, i82559: apic 2 int 10 (irq 5), address 00:02:a5:44:33:f7 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ahc0 at pci0 dev 2 function 0 "Adaptec AHA-3960D U160" rev 0x01: apic 2 int 11 (irq 11) scsibus1 at ahc0: 16 targets, initiator 7 ahc1 at pci0 dev 2 function 1 "Adaptec AHA-3960D U160" rev 0x01: apic 2 int 11 (irq 11) scsibus2 at ahc1: 16 targets, initiator 7 st0 at scsibus2 targ 6 lun 0: SCSI2 1/sequential removable fxp1 at pci0 dev 4 function 0 "Intel 8255x" rev 0x08, i82559: apic 2 int 13 (irq 10), address 00:08:02:45:29:64 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 5 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "Compaq Netelligent ASMC" rev 0x00 at pci0 dev 6 function 0 not configured piixpm0 at pci0 dev 15 function 0 "ServerWorks CSB5" rev 0x92: polling iic0 at piixpm0 iic0: addr 0x28 00=a0 01=10 02=03 03=01 04=7f 05=04 06=03 07=00 08=00 09=00 0b=00 0c=03 0d=41 0e=02 0f=00 10=00 11=05 18=3a 19=10 20=ff 21=ff 28=00 29=00 2a=04 2b=00 2c=00 2d=00 2e=00 30=00 31=00 32=00 38=00 39=00 3a=00 3b=00 3c=00 3d=00 3e=00 40=08 41=08 42=80 48=03 49=03 4a=03 50=00 51=80 58=00 59=00 60=f0 61=f0 68=af 69=af 70=ff 71=00 78=ff 79=ff 80=2b 81=37 82=ff 88=f0 89=f0 8a=f0 90=3c 91=46 92=ff 98=37 99=41 9a=ff a0=22 a1=2d a2=80 a8=ff a9=ff b0=00 b1=00 b8=06 b9=00 words 00=a0a0 01=1010 02=0303 03=0101 04=7f7f 05=0404 06=0303 07= spdmem0 at iic0 addr 0x50: 256MB SDRAM registered ECC PC133CL2 pciide0 at pci0 dev 15 function 1 "ServerWorks CSB5 IDE" rev 0x92: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus3 at atapiscsi0: 2 targets cd0 a
Re: random crashes on a firewall with OpenBSD 4.5-stable
Oh and maybe bad RAM; I've hit some nasty errors with these faulty DIMMs... :/ ComC(te escribiC3: Hi, we are using the last OpenBSD 4.5-stable release on an old Compaq Proliant ML350 as a firewall with spamd. But we encounter randomly some system crashes (once a week or two weeks). The system always displays the same message: uvm_fault (0xd080d9e00x0,0,1) -> e kernel: page fault trap, code=0 Stopped at cac_pci_l0_intr_pending+0xb push 0x34 (%eax) What do you think it could be ? I thought about maybe a hardware problem but where exactly... I join my dmesg below Thanks for your advice ! OpenBSD 4.5-stable (GENERIC) #9: Sun May 17 22:59:17 CEST 2009 r...@arwen.saintlo.fr:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel" 686-class) 1.27 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267988992 (255MB) avail mem = 250839040 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (31 entries) bios0: vendor Compaq version "D11" date 01/29/2002 bios0: Compaq ProLiant ML350 G2 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC SPCR acpi0: wakeup devices PBTN(S5) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 3 (boot processor) cpu0: apic clock running at 132MHz ioapic0 at mainbus0: apid 8 pa 0xfec0, version 11, 16 pins ioapic0: misconfigured as apic 0, remapped to apid 8 ioapic1 at mainbus0: apid 2 pa 0xfec01000, version 11, 16 pins ioapic1: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PCI1) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 31 degC acpibtn0 at acpi0: PBTN bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xc9800/0x1800 0xcb000/0x1800 0xcc800/0x4000! 0xd0800/0x1800 0xee000/0x2000! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06 pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06 pci1 at pchb1 bus 2 em0 at pci1 dev 1 function 0 "Intel PRO/1000T (82544GC)" rev 0x02: apic 2 int 0 (irq 5), address 00:02:b3:b9:0d:a4 em1 at pci1 dev 2 function 0 "Intel PRO/1000T (82544GC)" rev 0x02: apic 2 int 2 (irq 15), address 00:02:b3:b9:0d:7d re0 at pci1 dev 3 function 0 "D-Link Systems DGE-528T" rev 0x10: RTL8169/8110SB (0x1000), apic 2 int 4 (irq 15), address 00:1c:f0:6f:38:7e rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3 cac0 at pci1 dev 4 function 0 "DEC Compaq SMART RAID 42xx" rev 0x01: apic 2 int 6 (irq 11), Smart Array 431 scsibus0 at cac0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 34727MB, 512 bytes/sec, 71122560 sec total re1 at pci1 dev 5 function 0 "D-Link Systems DGE-528T" rev 0x10: RTL8169/8110SB (0x1000), apic 2 int 8 (irq 15), address 00:1c:f0:62:eb:12 rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3 fxp0 at pci0 dev 1 function 0 "Intel 8255x" rev 0x08, i82559: apic 2 int 10 (irq 5), address 00:02:a5:44:33:f7 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ahc0 at pci0 dev 2 function 0 "Adaptec AHA-3960D U160" rev 0x01: apic 2 int 11 (irq 11) scsibus1 at ahc0: 16 targets, initiator 7 ahc1 at pci0 dev 2 function 1 "Adaptec AHA-3960D U160" rev 0x01: apic 2 int 11 (irq 11) scsibus2 at ahc1: 16 targets, initiator 7 st0 at scsibus2 targ 6 lun 0: SCSI2 1/sequential removable fxp1 at pci0 dev 4 function 0 "Intel 8255x" rev 0x08, i82559: apic 2 int 13 (irq 10), address 00:08:02:45:29:64 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 5 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "Compaq Netelligent ASMC" rev 0x00 at pci0 dev 6 function 0 not configured piixpm0 at pci0 dev 15 function 0 "ServerWorks CSB5" rev 0x92: polling iic0 at piixpm0 iic0: addr 0x28 00=a0 01=10 02=03 03=01 04=7f 05=04 06=03 07=00 08=00 09=00 0b=00 0c=03 0d=41 0e=02 0f=00 10=00 11=05 18=3a 19=10 20=ff 21=ff 28=00 29=00 2a=04 2b=00 2c=00 2d=00 2e=00 30=00 31=00 32=00 38=00 39=00 3a=00 3b=00 3c=00 3d=00 3e=00 40=08 41=08 42=80 48=03 49=03 4a=03 50=00 51=80 58=00 59=00 60=f0 61=f0 68=af 69=af 70=ff 71=00 78=ff 79=ff 80=2b 81=37 82=ff 88=f0 89=f0 8a=f0 90=3c 91=46 92=ff 98=37 99=41 9a=ff a0=22 a1=2d a2=80 a8=ff a9=ff b0=00 b1=00 b8=06 b9=00 words 00=a0a0 01=1010 02=0303 03=0101 04=7f7f 05=0404 06=0303 07= spdmem0 at iic0 addr 0x50: 256MB SDRAM registered ECC PC133CL2 pciide0 at pci0 dev 15 function 1 "ServerWorks CSB5 IDE" rev 0x92: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus3 at atapiscsi0: 2 targets cd0 at scsibus3 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB" rev 0x05: apic 8 int 10 (irq 10), version 1.0, legacy support pchb2 at pci0
Re: CPU power control and 'unknown Enhanced SpeedStep CPU'
That's reasonable, as SpeedStep is able to run CPUs only at several discrete speeds, dependant of your CPU model: SpeedStep is more like those good old 'turbo switchs' xD than a continuous infitine-step throttle. To further decrease your sytem clock speed you'll need to hack your bios/motherboard and underclock the entire system. That way you'll scale the -your two- available speeds. Keep in mind that you limited speed control is a CPU issue, not and OS issue :) Jan Stary escribis: On Jun 15 11:05:39, Ted Unangst wrote: On Mon, Jun 15, 2009 at 10:29 AM, Jan Stary wrote: What is the best way to learn about the power/frequency/thermal control options of my CPU from bsd's point of view (besides dmesg and sysctl)? For example, what are the P-states and C-states my CPU can enter, and which of those does bsd support? you can adjust hw.setperf from 0 to 100. given the current level of acpi support, the only state your cpu can enter is "on". What exactly is the relation of apm, acpi, and hw.setperf? apm is what laptops used to go to sleep 10 years ago. acpi is what laptops today use to annoy kernel developers. hw.setperf is a uniform userland interface to what may be one of many backend drivers. So, neither apm nor acpi (acpicpu) is needed to use hw.setperf? no. Also, the Enhanced SpeedStep support on my CPU reduces to cpu0: unknown Enhanced SpeedStep CPU, msr 0x061a082006000820 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 2667 MHz (1212 mV): speeds: 2667, 2000 MHz - is there something I can do about it? Is there a point in running current (as opposed to 4.5-stable) with regard to this? current has different acpi code. maybe that works. what difference acpicpu makes over est.c is probably none. on most machines now, setperf works by poking registers in the cpu telling it to speed up or slow down. est knows about two settings, fast and slow. acpi may have information about some other settings in the middle which are unlikely to be of use unless your cpu is frequently exactly 40% busy. I just upgraded to -current. That makes it boot GENERIC.MP with ACPI, good. With regard to CPU freq control (now that acpi is in charge of that, and not est), the difference is indeed none. Setting hw.setperf to whatever only makes a difference when crossing setperf=50, which lowers 2667 to 2000 as before.
Re: apc ups daemon
Gender changers can be a nigthmare because, as FAQ mentions, 'that it plugs doesn't mean it's going to work'. If you miss any doc about serial port standards of any of the devices, then take a multimeter and measure the voltage between pin 7 -if DB25- or pin 5 -if DB9- and pin 2 of the cable; it should read anything <= -5 volts. If pin 2 on the wire as negative voltage, the same must be true for the pin 3 of the UPS. If wire and UPS have negative voltage on the very same pin, you're missing a 'null-modem' cable: go for it. If these values are ok, it's almost sure we're talking about a software issue. Thanasis escribio': on 06/10/2009 12:34 PM Thanasis wrote the following: on 06/10/2009 11:53 AM Daniel Gracia Garallar wrote the following: Are you running the program with a user with dialer privileges? First, make sure your account has dialer privileges -is part of dialer group-. Then Shortcut pins 2 and 3 of your black cable while connected to the pc, and try on a shell 'cu -l /dev/ttyb'. If serial port is working, any keyboard stroke should be echoed in screen. Yes it echoes! So /dev/ttyb must the the device for the port. That's one step closer to solve the problem. :-) I don't know if that matters, but let me add that the connection between the sparc machine's port and the ups' port consists of two cables and a gender changer in between, like so: On the sun's port side the plug is a DB25 and the other end on the same cable in a DB9. This RS232 DB9 is connected through a "gender changer" to the UPS' black cable which is DB9 on both ends. Gender changer is DB9 male/male: http://www.partsdata.co.uk/Gender_changer_2x_DB9_male_K-100.html I hope it's clear ...
Re: apc ups daemon
Are you running the program with a user with dialer privileges? First, make sure your account has dialer privileges -is part of dialer group-. Then Shortcut pins 2 and 3 of your black cable while connected to the pc, and try on a shell 'cu -l /dev/ttyb'. If serial port is working, any keyboard stroke should be echoed in screen. If you push any letter and don't see nothing, then that's not your serial's device. I'm not sure on sparc, but it could be /dev/tty00, /dev/cua00... Thanasis escribio': on 06/10/2009 09:29 AM jared r r spiegel wrote the following: `make search' is awesome, but also check the Makefile for the port. or heck, on the $arch in question you could worst case try `make package' and see if it works. if it doesn't, the pkg is probably marked broken or something - in which case i'd check archives of ports@ (or cvsweb) and hope i can find why :). OK. Both built fine. ;-) So now I am trying to setup apc-upsd. The machine is a old sparc SPARCstation 5 Model 110 (http://www.obsolyte.com/sun_ss5/ss5_110.pdf) I have set the serial ports to RS-232 mode (by changing the jumpers). The file apc-upsd.conf I use is as follows: # cat /etc/apc-upsd.conf # # apc-upsd.conf # # ups is connected to ... # OpenBSD ... device /dev/tty00 #device /dev/tty00 device /dev/ttyb # # startuptest sends a 'test' sequence to the smart series # startuptest ON # debug ON|OFF # # OFF ... normal operation # ON don't start as daemon, do tests in smart mode #debugmode OFF debugmode ON # smartmode # ON .. APC Smart-UPS with black cable # OFF . APC BackUPS with gray cable smartmode ON # # extendedsmart # # gives temperature info etc .. # extendedsmart ON # time till shutdown in seconds time 15 # execute this at shutdown time execute /sbin/halt # pidfile pidfile /var/run/upsd.pid # every (n) seconds output information from the ups # to syslog infotime 3600 --file ends here- The problem is when I run apc-upsd : # apc-upsd /etc/apc-upsd.conf, 55 lines: == device ... /dev/ttyb pidfile .. /var/run/upsd.pid exec script .. /sbin/halt debug mode ... 1 wait seconds . 15 infotime seconds . 3600 smartmode 1 extended smartinfo ... 1 startuptest .. 1 not forking in debug mode ... ... and stays there for ever, whereas it should print the ups' stats. Which means probably it does not communicate with the UPS. The UPS is an APC Smart-UPS SC 620VA 230V (http://www.apc.com/resource/include/techspec_index.cfm?base_sku=SC620I) The UPS' cable is a black serial cable supplied by apc and tested to work on the same UPS with apcupsd on linux. Any help for testing my serial port (/dev/ttyb) connection to the UPS?
Re: pf, altq, packet rate
As stupid as it can sound, you could develop a protocol to make routers talk each other and say how much bandwith is available in between. I think there's no other really sane way of inbound traffic control. Dropper techniques are a cheap trick nice for little networks. Serious and big performance networking requires solid bases. Think of overhead of receiving, dropping a packet, enqueing the offending stream, waiting, listening a resend again... That looks too much as spam :) Regards, Dani irix escribio': Hello , * irix [2009-05-27 18:12]: But I can not understand why you are sure that traffic can only outlet Shape i can not understand why you want to shape outlets. you don't understand that inbound shaping doesn't work because you have obviously no idea how the network stack works. there is no suitable queue inbound to do any queueing on. the ipintrq is way too early. so to do any inbound shaping you had to insert another queueing step, which is as clever as drinking water from the dead sea when you're thirsty. or maybe one could rape the ipintrq somehow. but i don't and won't rape. by shaping the incoming traffic, I mean simple dropper without constructing queues. All that the above specified speed dropped until the flow becomes less than or equal to specified speed. That actually makes CDNR, which arrears. But it pains me to see the obvious defects in my favorite system, interestingly, in the 6 years since I did the altq/pf merge, you're the only one to see that "obvious defect" and complete indifference on the part of developers to the obvious defects. obviously the developers have no clue about what they are doing, and the milestones they have to meet by the contract they have with you understood the joke. Funny
Re: OSSv4 on OpenBSD
Actually, when audio is a concern, I'm quite happy with the audio(4) framework of sio_open(3) and friends. I've just finished a remote PMR control app where real-time audio is needed, and all the bells and whistles are up to the task: multiple devices support -I'm working with four Behringer USB audio cards-, full-duplex, mixer control et al. Sure and additional framework should make easy porting other projects to OpenBSD, but as far as audio programming is related, native audio support is nicely implemented and rock solid. Just missing some samplerate convert not relying in aucat! So I can use it on several devices at once, but that's a patch -filtering is the hard trick- I'll work into :) Regards! Dani Jacob Meuser escribis: On Sun, May 24, 2009 at 07:48:27PM -0400, Predrag Punosevac wrote: A friend of mine who is an avid NetBSD user kept complaining about how bad is audio on NetBSD. After getting sick of hearing complains, I asked on OSS mailing lists about OSSv4 support for NetBSD and OpenBSD. I actually got a very interesting answer http://www.4front-tech.com/forum/viewtopic.php?t=3133 I recall OSS being discussed on this mailing list after OSS went open source and changed the license. Can Jake or any other developers in charge of audio on OpenBSD explain the issues involved in porting OSSv4 to OpenBSD? I personally have fantastic experience with our audio but I would think that OpenBSD could benefit at least from extra audio drivers. Am I very wrong? Sorry for the noise. audio(4) and all the current audio drivers would need to be modularized to not conflict with OSSv4. OpenBSD doesn't use modules by default, so users who would want to use OSSv4 would be running an unsupported system. I have tried taking small bits from 4Front drivers (for cmpci(4) and azalia(4)), but it has not been very helpful, for various reasons. I've learned more by looking at FreeBSD and ALSA drivers. some of the 4Front drivers were developed under NDAs, so the only "documentation" available to us is the driver source. having 2 vastly different audio APIs is not helpful, at all. arguably, OSSv4 would be a third (or fourth even) audio API that we would be supporting, as OSSv4 is different than OSSv3, which we already support with ossaudio(3). even though OpenBSD and NetBSD share the same basic audio code, there are numerous differences, starting with aucat(1) and sio_open(3) and going all the way down to the low level drivers. it appears this diversion is going to continue. I've tried sending patches for simple bugs azalia(4) to NetBSD devs that never got acted on, and they have a GSoC project to add support for stream mixing in the kernel.
Re: OpenBSD and VPN 1411 Criptographic Card
AFAIK, crypto accel cards will be used by the OpenBSD kernel whenever possible without further user intervention needed other than plugging the card and rebooting the system. Make sure your dmesg displays the hifn* device and make some performance test: you may be satisfied. Joco Salvatti escribis: Hi misc, I bought a Soekris Net5501 with a cryptographic card VPN1411 (Authentication, SHA-1 and MD5, Public Key, RSA, DSA, SSL, IKE and DH, Hardware random number generator) and I would like to know if any configuration is needed in OpenBSD kernel to use this card when cryptography is necessary. eg. When a VPN IPSec is done. -- Joco Salvatti Graduated in Computer Science Federal University of Para - UFPA - Brazil E-Mail: salva...@gmail.com
Re: Spanish BSD Group
Nice! I must confess I have a strong bias towards english language when talking about programming, but as a spanish OpenBSD user I'll try to support the group as far as possible. !Mucha suerte en la singladura! ;) Dani Daniel Andersen escribis: Well, I would like to announce that the Spanish BSD User Group (its Spanish acronym being "GUBE") is now official. Its mailing list is kindly hosted on MetaBUG (http://www.metabug.org/). -- Key ID: 493FB6AE Key fingerprint: 3E96 7892 B56D AE27 02EF BBAA BAA6 6C78 493F B6AE Keyserver:pgp.mit.edu