Re: Are there open source firewall distributions which are built on top of OpenBSD?

[Kamil Monticolo]

The only one project I found that is actively maintained is 
https://github.com/sonertari/UTMFW
You may also consider ansible playbook to manage pf, for example: 
https://www.lab-time.it/2017/10/13/openbsd-firewall-with-pf-using-ansible/

Kamil


From: owner-m...@openbsd.org  on behalf of Marco Prause 

Sent: Thursday, March 14, 2019 8:13:44 AM
To: misc@openbsd.org
Subject: Re: Are there open source firewall distributions which are built on 
top of OpenBSD?


>> A standard OpenBSD installation is somewhat susceptible to power failures
>> though. Especially fail/back/fail again during the startup procedure while
>> it's relinking libraries in random order. Not saying it can't be used but
>> some thought is needed if you know that it's *likely* to be powered off
>> without shutdown, or if the power is flaky.
> If you want to run a system that is resistant to damage from power faults, 
> take a look at Resflash.
>
>  https://stable.rcesoftware.com/resflash/
>
> It's more tolerant of power faults since the running system has all of its 
> actual disks in read-only mode and anything writable is done to mfs-based 
> mounts, including /usr/lib and /usr/libexec during the re-linking process. It 
> also has a very nice upgrade and rollback process, useful if you're 
> maintaining remote routers/firewalls.
>
> Don't ask for support on this list since it's not base OpenBSD, but the 
> author is pretty good about helping people out.

I can second all what Paul wrote before. I've been running
resflash-image driven openbsd instances in round about 15 distributed
locations since 2016.

Compared to let's say "commercial" equipment they do a *very* good job.

As well it's update mechanism as it's integration in our automation and
monitoring framework works very well.

And they survived every datacenter current issue so far ;-)


Cheers,

Marco

Odp.: mirror download speed variation

[Kamil Monticolo]

There is small program that helps you determine the closest mirror:

https://github.com/lukensmall/pkg_ping


I also wrote poor's man script to achieve the same:

https://github.com/kmonticolo/OpenBSD/blob/master/testmirrors.sh



Kamil


Od: owner-m...@openbsd.org  w imieniu użytkownika Janne 
Johansson 
Wysłane: wtorek, 8 stycznia 2019 15:08:44
Do: Mihai Popescu
DW: Misc
Temat: Re: mirror download speed variation

Den tis 8 jan. 2019 kl 14:26 skrev Mihai Popescu :

> So, I still have two questions about mirrors:
> Can a mirror limit your download speed ?

Sure they could, I don't think many do though.

> Do a CDN url point to an existing mirror, or is it a diffeent server?

Different servers, spread around the world and you get a dns response
that is trying to be
close to you.

--
May the most significant bit of your life be positive.

Odp.: Odp.: Automated remote install

[Kamil Monticolo]

Oh, I see. So in case of installing OpenBSD on remote VPS article 
https://www.tumfatig.net/20161124/encrypted-openbsd-6-0-in-the-ovh-cloud/ was 
helpful for me.

And I bet this can be automated with scripting or Ansible.

To make whole provess even easier you may omit encryption steps.


--

Kamil Monticolo


Od: secli...@boxdan.com 
Wysłane: poniedziałek, 17 grudnia 2018 14:34:37
Do: Kamil Monticolo
DW: misc@openbsd.org
Temat: Re: Odp.: Automated remote install

On Mon, Dec 17, 2018 at 12:55:44PM +, Kamil Monticolo wrote:
>I was using (suprise) OpenBSD-based PXE server to install OpenBSD on 
>vm/baremetal using autoinstall(8) feature.
>
>There are a few arts describing the process, e.g. 
>https://www.bsdnow.tv/tutorials/autoinstall
>
>I also save some snippets in gist here: 
>https://gist.github.com/kmonticolo/2b4ffc7ace4c5b09f0bf8075693161dc

Thank you. That looks primarily useful for people who control the network
environment as well (DHCP server). In this case, my application is installing
OpenBSD on remote servers (dedicated or VPS) hosted on networks which I do not
otherwise control.

Odp.: Automated remote install

[Kamil Monticolo]

I was using (suprise) OpenBSD-based PXE server to install OpenBSD on 
vm/baremetal using autoinstall(8) feature.

There are a few arts describing the process, e.g. 
https://www.bsdnow.tv/tutorials/autoinstall

I also save some snippets in gist here: 
https://gist.github.com/kmonticolo/2b4ffc7ace4c5b09f0bf8075693161dc


--

Kamil Monticolo


Od: owner-m...@openbsd.org  w imieniu użytkownika 
secli...@boxdan.com 
Wysłane: poniedziałek, 17 grudnia 2018 10:23:08
Do: misc@openbsd.org
Temat: Automated remote install

Has anyone successfully automated (i.e with Ansible/etc) the process of
installing OpenBSD on a remote server?

The most recent attempts at remote installation (manual or automated) that I
was able to find, are fairly old:
https://jcs.org/notaweblog/2014/09/12/remotely_installing_openbsd_qemu
https://github.com/jedisct1/yaifo
https://www.dim13.org/Install-OpenBSD-on-remote-host-without-KVM
http://frankgroeneveld.nl/2014/04/13/remote-installation-of-openbsd-from-linux/

jcs indicates that his QEMU-based method demands knowing what kind of network
card is in the server. This seems hard to automate.

-Frank

Re: Using 2 internet connections on OpenBSD Gateway

[Kamil Monticolo]

On Thu, 02 Apr 2009 14:36:30 +0200
Fernando Alvarez fernando.alva...@deimos-space.com wrote:

 And... What if both connections doesn't have the same upstream
 bandwidth? Would it be possible to load-balance both Internet
 connections considering the upload/donwload capacity of each one, and
 not using a round-robin load balancing, which assigns a nearly to 50/50
 load?
 
 Fernando
 
Then, you have bandwidth management called ALTQ QoS in pf.conf.
http://www.openbsd.org/faq/pf/queueing.html

-- 
Kamil Monticolo 

Re: Using 2 internet connections on OpenBSD Gateway

[Kamil Monticolo]

On Thu, 02 Apr 2009 18:15:22 +0200
Fernando Alvarez fernando.alva...@deimos-space.com wrote:

 
 I'm afraid I can't figure out how to achieve this :-\
 
 With ALTQ, one can assign priorities to outbound packets using pass or
 rdr rules, but I think that's not a solution when it's needed to route
 packets to one of the two gateways (using the same external interface or
 not). Packet priorization works re-arranging the queue for a outbound
 interface, but the packets do know which gateway they're going to use.
 
 Am I right or it's possible to do it with priorization in pf's rules? 
 
 Fernando
 
You can assign priorities and also assign queues using bandwidth keyword for
example:
altq on fxp0 cbq bandwidth 2Mb queue

You can find more examples on PF FAQ page.
-- 
Kamil Monticolo 

Re: Dual-head OpenBSD 4.5 and NVIDIA GeForce 7300 GT

[Kamil Monticolo]

On Mon, 30 Mar 2009 09:22:52 +0200
Tobias Sarnowski sarnow...@cosmocode.de wrote:

 Hi Kamil,
 
 maybe I missed the point but the option DualHead works fine if using 
 the nv driver. If I remember correctly it is necessary to have the 
 same resolution on both monitors when working with DualHead.

Thanks Tobias, 
this is exactly what I need, I tried to set DualHead option to true option, but 
I still get one working screen, maybe I did it without quotes. Thanks all you 
guys for help.
-- 
Kamil Monticolo 

Re: Dual-head OpenBSD 4.5 and NVIDIA GeForce 7300 GT

[Kamil Monticolo]

On Mon, 30 Mar 2009 11:57:37 +0100
Peter syllops...@syllopsium.com wrote:

Peter, thanks a lot, I need to properly set DualHead option, only.

-- 
Kamil Monticolo

Dual-head OpenBSD 4.5 and NVIDIA GeForce 7300 GT

[Kamil Monticolo]

 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: apic 2 int 19 
(irq 11)
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-4200CL5
spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM non-parity PC2-4200CL5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x2e/2: IT8712F rev 7, EC port 0x290
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
mtrr: Pentium Pro MTRR support
uhidev0 at uhub4 port 1 configuration 1 interface 0 Logitech USB Optical 
Mouse rev 2.00/43.01 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
uhub5 at uhub4 port 2 ALCOR Generic USB Hub rev 1.10/3.12 addr 3
uhidev1 at uhub5 port 4 configuration 1 interface 0  USB Keyboard rev 
1.10/3.10 addr 4
uhidev1: iclass 3/1
ukbd0 at uhidev1: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev2 at uhub5 port 4 configuration 1 interface 1  USB Keyboard rev 
1.10/3.10 addr 4
uhidev2: iclass 3/0, 2 report ids
uhid0 at uhidev2 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev2 reportid 2: input=3, output=0, feature=0
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

-- 
Kamil Monticolo

Re: 4.5 on MSI NetTop

[Kamil Monticolo]

On Fri, 27 Mar 2009 12:27:03 +0100
Jan Stary h...@stare.cz wrote:

 Hi all,
 
 when 4.5 comes out, I am going to reinstall my home machine
 using something quieter and lighter, namely a MSI NetTop:
 
 http://global.msi.eu/index.php?func=prodtmpspecmaincat_no=134prod_no=1672
 
Here is a thread about OpenBSD on Atom 230 with dmesg attached, but it's not 
MSI.

http://www.nabble.com/Intel-Atom-and-D945GCLF2-td19699139.html

I have been running OpenBSD 4.3 for several weeks on an Atom D945GCLF
and didn't encounter any problems.
The dmesg shows a few messages that indicate that not everything is
fully supported yet but the board still runs fine. 

Hope this helps a bit.
-- 
Kamil Monticolo

Re: Dual-head OpenBSD 4.5 and NVIDIA GeForce 7300 GT

[Kamil Monticolo]

On Fri, 27 Mar 2009 12:29:21 -
Peter Kay - Syllopsium syllops...@syllopsium.com wrote:


 I can tell you it works fine on a 7600GT - I only needed to do X -configure. 
 Don't even think I had to explicitly tell it to use xrandr. This was on 
 4.4/amd64
 
 I do actually have two 7600GTs on the box I'm using; the second isn't 
 recognised automatically though - so if you're looking to use more than two 
 monitors it may be a bit more tricky.
 

Sounds great:) Are you running X11 out of the box on -CURRENT?
Maybe I misconfigured something a bit, but I don't know what . 
I'm looking for a solution for two screens only.
-- 
Kamil Monticolo

Re: Dual-head OpenBSD 4.5 and NVIDIA GeForce 7300 GT

[Kamil Monticolo]

On Fri, 27 Mar 2009 12:57:10 -
Peter Kay - Syllopsium syllops...@syllopsium.com wrote:

 
 Literally all I needed to do was X -configure, if I remember correctly. I'll 
 try with an up to date 4.4 snapshot at some point.
 
Peter, can You post your configuration here?
I confgured X server as you did, but it didn't work for me.
Thank you.

-- 
Kamil Monticolo 

Re: Dual-head OpenBSD 4.5 and NVIDIA GeForce 7300 GT

[Kamil Monticolo]

On Fri, 27 Mar 2009 14:39:58 -
Peter Kay - Syllopsium syllops...@syllopsium.com wrote:

 Sure. I may even get around to doing multi adaptor too (I have three 
 monitors connected to the system). May be Sunday before I can get it sorted, 
 but I'll post to the list.
 
 PK 
 
It would be great;) Thanks. I'm glad to hear that DualHead works on this card.

-- 
Kamil Monticolo 

Re: Dual-head OpenBSD 4.5 and NVIDIA GeForce 7300 GT

[Kamil Monticolo]

On Fri, 27 Mar 2009 09:00:21 -0500
Neal Hogan nealho...@gmail.com wrote:
 
 Good Luck!

Neil, I just rewrited your config a little bit to fit my hardware.
Now I see, that I can scroll left screen from left to right by mouse, but right 
monitor remains black (on earlier configs, I get an colour ASCII or blinks on 
it).
Here is new version of that config:

Section ServerLayout
Identifier X.org Configured
Screen  0  Screen0 0 0
InputDeviceMouse0 CorePointer
InputDeviceKeyboard0 CoreKeyboard
EndSection

Section Files
ModulePath   /usr/X11R6/lib/modules
FontPath /usr/X11R6/lib/X11/fonts/misc/
FontPath /usr/X11R6/lib/X11/fonts/TTF/
FontPath /usr/X11R6/lib/X11/fonts/OTF
FontPath /usr/X11R6/lib/X11/fonts/Type1/
FontPath /usr/X11R6/lib/X11/fonts/100dpi/
FontPath /usr/X11R6/lib/X11/fonts/75dpi/
EndSection

Section Module
Load  GLcore
Load  dbe
Load  dri
Load  extmod
Load  glx
Load  freetype
EndSection

Section InputDevice
Identifier  Keyboard0
Driver  kbd
EndSection

Section InputDevice
Identifier  Mouse0
Driver  mouse
Option  Protocol wsmouse
Option  Device /dev/wsmouse
Option  ZAxisMapping 4 5 6 7
EndSection

Section Monitor
Identifier   Monitor0
VendorName   IVM
ModelNamePLE430/431
HorizSync24.0 - 83.0
VertRefresh  55.0 - 76.0
Option  DPMS
EndSection

-- 
Kamil Monticolo 

Re: HP Proliant DL385 slower than CentOS for some web connections (over VPN)

[Kamil Monticolo]

On Fri, 27 Mar 2009 15:42:23 +0100
Alexander Farber alexander.far...@gmail.com wrote:

 And it can't be bge0 or the switch, because
 when I scp big files between machines -
 they transfer very fast and never die.
 
 It's only the web (over Junipers VPN) transfers
 where the OpenBSD machine has issues.
 
you can bump sysctl recv/sendspace for TCP/IP up to 65535
what throughtput do you have?
paste output of vmstat here please
-- 
Kamil Monticolo 

Re: HP 2133

[Kamil Monticolo]

On Thu, 26 Mar 2009 15:05:01 +0100
Christopher Intemann intem...@gmail.com wrote:

 Hello,
 Does anyone here have OpenBSD up and running on an HP 2133 netbook?
 I wonder in particular if there is support for the pc-card interface and the
 audio device? Since it has VIA graphics, running X shouldn't be too much of
 an issue...

I ran it for a moment, but found some problems. I run bsd.rd 4.5-beta, but 
there was a problem with keyboard, it was quite unusable, keys seems to be 
live, I've got lot of chars on the screen, so I can't install system. But 
bsd.rd boots, so you can try install trough yaifo if network works.
I ran also BSDanywhere 4.4, X starts but it was unusable too, looks like 
320x400 or so, and I didn't try to reconfigure it. Unfortunately I can't 
remember more details. 
But I have CURRENT on eee900 and it works quite well for me - almost 
everything, without WiFi, but wireless dongle works fine;)
-- 
Kamil Monticolo

Re: SOEKRIS - How to install MTR to a Flashdist image

[Kamil Monticolo]

Dnia 2009-03-23, o godz. 12:23:00
Luis F Urrea lfur...@gmail.com napisaE(a):

 Now, if you run ldd on the pkg_add binary you would get:

 ldd: /usr/sbin/pkg_add: not an ELF executable

 and I am not really sure why is that. Experts comments welcome here!

$ ldd `which pkg_add`
ldd: /usr/sbin/pkg_add: not an ELF executable
$ file `which pkg_add`
/usr/sbin/pkg_add: perl script text executable

--
Kamil Monticolo

Re: PF and CLamAV Integration - how to do it?

[Kamil Monticolo]

 Hi,
 
 Any pointers and/or info would be greatly appreciated by this newbie.
 
 Thanks and best regards,
 
 :-)
 
 Sarah
   

If you want, you may try also http://comixwall.org/ .
It's OpenBSD based IDS-like tool to provide complex antivirus,
firewall with security, monitoring capabilities and quite nice
web-based GUI for local networks.
After some tweaks it works like a charm ;)
--
Kamil Monticolo

Re: prioritizing carp interfaces

[Kamil Monticolo]

 Hi list,
 
 I have a theoretical question regarding a CARP cluster and many CARP
 interfaces
 
 Assume we have a firewall comprising of two notes, each with 4 or more
 interfaces and only one uplink to the internet. The Cluster is in
 master/backup mode
 
 How does CARP behaves when on the master node two unimportantly
 interfaces fail and on the backup node only the uplink interface
 fails? Does CARP failover
 to the backup node and as consequence the whole network will be
 disconnected from the internet?
 
 In my mind one solution to avoid this situation is to rate the CARP
 interfaces.
 For example a more important interface gets a higher rate than a less
 important
 interface.
 
 Probably the ifstated deamon and the demotion counter are the topics
 to get around with this.
 
 Does anybody have experiences demotion couter and ifstated?
 
 Thanks in advance.
   

Well, looks interesting, but I didn't try it. It maybe too
complicated, when redundancy need to be as simply as possible. Instead
of this, you can just add another node(s), this is the safest solution,
I think.
-- 
Kamil Monticolo

Re: motherboard/nics advices for an OpenBSD firewall?

[Kamil Monticolo]

On Tue, 17 Jun 2008 11:42:28 -0500
Marco Peereboom [EMAIL PROTECTED] wrote:

 I really like Dell 1435SC for this kind of stuff.  Cheap and fast.
 
I've a cluster of above 40 machines running OpenBSD on Dell 860 / Dell R200 
(faster version of 860).
They're really cheap, have gigabit NICs and running really nice as NAT up to 
80Mbps with fully CARP support.
-- 
Kamil Monticolo [EMAIL PROTECTED]

Re: Booting a Thinkpad T23

[Kamil Monticolo]

On Wed, 4 Apr 2007 06:23:54 -0700 (PDT)
sweetnsourbkr [EMAIL PROTECTED] wrote:

 I'm trying into install OpenBSD 4.0 onto my laptop.  It's a Pentium 3 1.13
 MHz with 768MB RAM.  
 
 I burned an install CD following the installation instructions.  I buned the
 cd40.iso first, started a multisession CD.  Then afterwards, burned the rest
 of the packages and finished the multisession CD.  This setup boots fine on
 my desktop system.
 
 On my laptop, however, it reads the CD, but it does not boot, and goes
 straight into the hard disk boot (Lilo in my case).
 
 I've tried disabling hard drive boot, enabling the floppy disk, enabling
 superdisk boot, updated the BIOS to the latest release, all to no avail.
 
 Does anyone know how I can boot onto my Thinkpad?  Any help would be greatly
 appreciated. :)
 -- 
 View this message in context: 
 http://www.nabble.com/Booting-a-Thinkpad-T23-tf3525744.html#a9836727
 Sent from the openbsd user - misc mailing list archive at Nabble.com.
 

Maybe try to burn it on cd-rw in single-session mode or on native cd-r disc. It 
should works fine.

Re: prioritize internet browse than download

[Kamil Monticolo]

On Thu, 29 Mar 2007 01:25:26 -0700 (PDT)
kintaro oe [EMAIL PROTECTED] wrote:

 Hi Guys,
 
 Is it possible to prioritize Internet browsing than downloading a file like 
 downloading installers or iso files? It eats up our network bandwidth. Any 
 advice? Thanks!

man pf.conf
/QUEUE

Re: prioritize internet browse than download

[Kamil Monticolo]

On Thu, 29 Mar 2007 16:12:07 +0530
Siju George [EMAIL PROTECTED] wrote:

 On 3/29/07, Kamil Monticolo [EMAIL PROTECTED] wrote:
  On Thu, 29 Mar 2007 01:25:26 -0700 (PDT)
  kintaro oe [EMAIL PROTECTED] wrote:
 
   Hi Guys,
  
   Is it possible to prioritize Internet browsing than downloading a file 
   like downloading installers or iso files? It eats up our network 
   bandwidth. Any advice? Thanks!
 
  man pf.conf
  /QUEUE
 
 
 this is good for limiting bandwidth based on ( source and destination
 ) domain names, IP address, port numbers, protocols, IP versions etc.
 
 but PF cannot process URLs and filter/queue using file types like
 *.iso, *.msi, *.exe, *.wmv, *.mpe etc.
 
 kind Regards
 
 Siju
 
 Siju
 
Sorry, You are right. I misunderstanding that a bit.
Kamil Monticolo

Re: Saving memory on small machines

[Kamil Monticolo]

*snip*
  I'm speechless. This is the low water mark on misc@ this week.
  
  //art
  
 
   How can you call it a low water mark art? I wasn't speechless,
 I laughed my ass off. I needed the humor this morning, I'm hung 
 over and spent the morning in a stupid meeting. That message made
 my day. 
 
   Definately not a low water mark ;)
 
   -Bob
 
I agree :) Glad to make laughing you.
Example given with stripe shows how we can save disk space on good known OS and 
services running on it, but I'm sure it's not recommended way. I think that 
anybody who wants running up several services on machine with only 48M RAM have 
also a small disk, so stripped libraries can solve a problem of small disk, 
thats all. I don't thint this is a low water mark, but (as you can see) it may 
be funny. I've got libraries with complete symbols on my own.

Kamil Monticolo aka birkoff

Re: Saving memory on small machines

[Kamil Monticolo]

 The OpenBSD kernel is a bit over 5MB. I assume that gets loaded into memory
 and is not swappable, giving me 43MB left, which isn't a lot.

You can turn off ipv6, altq if not needed, and of course lots of hardware that 
you don't need also. For example I have a 2 x smaller kernel that GENERIC on my 
laptop:
$ uname -a
OpenBSD squirrel 4.1 BIRKOFF#0 i386
$ ls -lh /bsd{,.orig} 
-rw-r--r--  1 root  wheel   2.9M Mar  9 00:39 /bsd
-rw-r--r--  1 root  wheel   5.8M Feb 22 13:32 /bsd.orig

You may also stripe nearly all of your libraries, for example:

# ls -lhS /usr/lib/libcrypto*a
-r--r--r--  1 root  bin  11.7M Mar 22 13:53 /usr/lib/libcrypto_pic.a
-r--r--r--  1 root  bin  11.6M Mar 22 13:53 /usr/lib/libcrypto_p.a
-r--r--r--  1 root  bin  11.5M Mar 22 13:53 /usr/lib/libcrypto.a
# strip -s /usr/lib/libcrypto*a
# ls -lhS /usr/lib/libcrypto*a  
-r--r--r--  1 root  bin   909K Mar 22 13:53 /usr/lib/libcrypto_pic.a
-r--r--r--  1 root  bin   865K Mar 22 13:53 /usr/lib/libcrypto_p.a
-r--r--r--  1 root  bin   835K Mar 22 13:53 /usr/lib/libcrypto.a

looks fine? Hope this helps.

Kamil Monticolo aka birkoff

panic on Dell PowerEdge850 GENERIC.MP 4.0 (dmesg incl.)

[Kamil Monticolo]

Hello guys.

I'm migrating to 4.0 now and I have problem with panic on couple of my servers 
on 4.0.
Servers crashes irregulary with page fault (6) -
(/src/sys says that's an arthmetic fault).
All servers crashes with the same EIP d02ce554, so I think it cannot be RAM.
Machines have Pentium D with 1 GB ECC RAM, kernel GENERIC.MP.
Dmesg and panic are below, moreover I will send you trace and ps from ddb if I 
catch them.
### BEGIN DMESG
OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Pentium(R) D CPU 3.00GHz (GenuineIntel 686-class) 3.01 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16
real mem  = 1073053696 (1047904K)
avail mem = 970772480 (948020K)
using 4256 buffers containing 53755904 bytes (52496K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 08/22/06, BIOS32 rev. 0 @ 0xffe90, SMB
IOS rev. 2.3 @ 0xfa3d0 (48 entries)
bios0: Dell Computer Corporation PowerEdge 850
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb840/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801GB LPC rev 0x00)
pcibios0: PCI bus #7 is the last bus
bios0: ROM list: 0xc/0xb000 0xcb000/0x1000 0xcc000/0x3c00 0xd/0x1600 0xd
1800/0x600 0xec000/0x4000!
ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4
mainbus0: Intel MP Specification (Version 1.4) (DELL PE 01B6 )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 200 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Pentium(R) D CPU 3.00GHz (GenuineIntel 686-class) 3.01 GHz
cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16
mainbus0: bus 0 is type PCI   
mainbus0: bus 1 is type PCI   
mainbus0: bus 2 is type PCI   
mainbus0: bus 3 is type PCI   
mainbus0: bus 4 is type PCI   
mainbus0: bus 5 is type PCI   
mainbus0: bus 6 is type PCI   
mainbus0: bus 7 is type PCI   
mainbus0: bus 8 is type ISA   
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
ioapic1 at mainbus0: apid 3 pa 0xfec1, version 20, 24 pins
ioapic1: misconfigured as apic 0, remapped to apid 3
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0x00
ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 Intel PRO/1000 PT (82572EI) rev 0x06: apic 2 int 
16 (irq 5), address 00:15:17:15:9c:54
ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci3 at ppb2 bus 3
ppb3 at pci3 dev 2 function 0 vendor Hint, unknown product 0x0022 rev 0x04
pci4 at ppb3 bus 4
vga1 at pci4 dev 2 function 0 ATI Radeon VE QY rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
vendor Dell, unknown product 0x0010 (class undefined unknown subclass 0x00, re
v 0x00) at pci4 dev 4 function 0 not configured
Dell DRAC 4 Virtual UART rev 0x00 at pci4 dev 4 function 1 not configured
Dell DRAC 4 SMIC rev 0x00 at pci4 dev 4 function 2 not configured
pciide0 at pci4 dev 7 function 0 CMD Technology PCI0680 rev 0x02
pciide0: bus-master DMA support present
pciide0: channel 0 wired to native-PCI mode
pciide0: using apic 3 int 0 (irq 5) for native-PCI interrupt
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
sd0 at scsibus0 targ 0 lun 0: DELL, VSF, 0123 SCSI0 0/direct removable
sd0: drive offline
atapiscsi1 at pciide0 channel 0 drive 1
scsibus1 at atapiscsi1: 2 targets
cd0 at scsibus1 targ 0 lun 0: DELL, VCD, 0133 SCSI0 5/cdrom removable
sd0(pciide0:0:0): using PIO mode 3
cd0(pciide0:0:1): using PIO mode 3
pciide0: channel 1 wired to native-PCI mode
ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01
pci5 at ppb4 bus 5
bge0 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): 
apic 2 int 16 (irq 5), address 00:15:c5:fa:47:d2
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb5 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01
pci6 at ppb5 bus 6
bge1 at pci6 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): 
apic 2 int 17 (irq 3), address 00:15:c5:fa:47:d3
brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int 20 (irq
 11)
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int 21 (irq
 10)
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00,