Re: OpenOSPFd and multipath routing questions...

[tony sarendal]

On 29/11/05, Claudio Jeker <[EMAIL PROTECTED]> wrote:
> On Mon, Nov 28, 2005 at 11:46:56PM -0800, David Ulevitch wrote:
> > Misc,
> >
> > I'd like to hear how people are using OpenOSPFd and how it's working
> > out.
> >
>
> It works for most setups. It is not optimal for big ABRs.
>
> > Are people using it in any sort of a local-cluster load balancing
> > method?  For example: rtr1 servers area 1 and has three NTP servers
> > attached all announcing the same /32 over OSPF with some logic on the
> > server to withdraw the OSPF announcement if the service goes down?
> >
>
> Nope. There is no kernel support for multipath routing. First we need to
> have working multipath routing before making ospfd multipath aware.
>
> > Also, are people having any issues with the fact that ospfd and bgpd
> > each hold a copy of the routing table (at least) and are doing
> > inserts into the kernel's table, without any sort of preference for
> > multipath routing or metrics? (http://www.openbsd.org/papers/ven05-
> > henning/mgp00026.html)
> >
>
> In most cases this is a non issue because bgpd and ospfd are inserting
> different routes into the kernel. bgpd should announce the aggregated
> prefix (e.g. a /19 or so) and for that no real route is needed. ospfd on
> the other hand will add more specifc networks of that /19 and so the two
> should not interfere with each other.
>

I would disagree a bit. Most(All ?) bigger network use bgp to carry
internal routing
info, we just filter the internal stuff away on our peerings. Seeing
the same prefix
via multiple protocols is pretty common, especially when migrating from
protocol x to protocol y.

One thing I noticed when testing with openbsd was that I wasn't able to add
xxx/yy on an interface if the same prefix already was known via bgp.

/Tony

Re: #define failure opportunity

[tony sarendal]

> It is very important that we educate people about what the choice
> of open source software means.
>

>From a business perspective I don't see this being very important =)
If the competition is willing to give me an edge on them, be my guests.

/Tony

Re: openbsd web site design proposals (from HOTO write bad docs)

[Tony]

Jacob Meuser wrote:
> 
> this is how the world works: ignore the whiners, they offer nothing
> useful.  

Some irresistable "straight lines"?

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

[EMAIL PROTECTED] wrote:

>I'm using a mozilla 1.7 browser, with CSS on,
>JavaScript off.
And it doesn't run javascript.
Outside my area of expertise, but that seems normal somehow.


>The menus on the referenced cerealport.com web-site
>don't expand at
http://cerealport.com does not answer
http://www.cerealport.com does answer, but how is it supposed
to be related to OpenBSD.
Looks like another attempt to look good and succeeds only
in being disfunctional.

>End of discussion.

Promises, promises.

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

[EMAIL PROTECTED] wrote:
>
>On Mon, Nov 28, 2005 at 10:53:45AM -0800, the unit
>calling itself J.C. Roberts wrote:
I would assume that J.C. Roberts is a human, not a "unit",
whatever that is supposed to imply.

>> On Mon, 28 Nov 2005 11:27:56 -0600, J Moore
><[EMAIL PROTECTED]> wrote:
>> 
>> >I did think - I actually thought pretty
>carefully about what I said. I 
>> >tried to avoid actually *calling* Nick the
>OpenBSD bitch; instead I 
>> >asked him if he was. Yeah - it's kind of a fine
>line...
>> >
>> 
>> Have you given up molesting children?
>
>Ummm - I'm sorry, but you score no points with that
>boinked analogy here 
Are you now the official representative of stupid and 
useless tolls? Better analogy?

>because you've changed context. If you care to read
>the opening salvo 
>again, you should see clearly that Nick threw the
>first punch... he 
>simply couldn't let the other thread go; he simply
>couldn't let the OP 
>try to organize something; he had to jump in and
>start trashing the 
>whole idea. 
>
>You may have lost the whole point of this by now.
>
>Jay
There never was a point.
Nick just called it earlier that most everybody else.

Re: #define failure opportunity

[tony sarendal]

On 28/11/05, Theo de Raadt <[EMAIL PROTECTED]> wrote:
> This is why OpenBSD/OpenSSH does not need to hire a spin doctor.
>
> Other people do it for us ;)
>
> http://www.ssh.com/company/newsroom/article/684/
>

---
The improved compatibility features will be beneficial for enterprises
that are in the process of migrating their OpenSSH environments to SSH
Tectia...

"The large installed base of the OpenSSH code on Linux and Unix
servers today is a major opportunity for SSH,"
---

Wow, I think I'll keep my money and let them hump that dead dog in peace ?

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

[EMAIL PROTECTED] wrote:
>
>On 11/28/05, Nick Holland
><[EMAIL PROTECTED]> wrote:
>
>> NAME ONE.
>> Name one person.
>> Name one browser.
>> Name one problem.
>> OR SHUT UP.
>
>I believe I've mentioned several problems in this
>thread which occur
>with several browsers. 
Said problems are not worth the effort of repeating here.

>I suppose that I had hoped
>that the OpenBSD
>team would greet new ideas with respect when
>respectfully discussed. 
I would hope they would greet nay good iedas I had, if I had
any, regarless of my respect or lack thereof.

>I didn't expect anyone to automatically agree with
>me, but I was hoping
>for a civil conversation, not from list members at
>large, but at least
>from the OpenBSD team. I guess that was too much to
>hope for. This
>conversation, at least on my end, is over.
One down.

>
>No wonder people hate OpenBSD nerds. 
Why would you think that?
I assure you I am NOT an OpenBSD nerd.

>Really. What
>were you expecting
>me to say? "Your status as an OpenBSD team leader
>and your ALL CAPS
>have convinced me?
>
>I expected that kind of behavior from random list
>members, but if this
>is the kind of nonsensical, childing thinking and
>behavior that goes
>on in the OpenBSD team, I don't know what to think
>about the quality
>of the product right now.
>
You don't know what to think. Probably don't know how.

>- Jeremy

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

misc@openbsd.org wrote:
>
>hmm, on Mon, Nov 28, 2005 at 12:35:57PM -0501, Nick
>Holland said that
>> NAME ONE.
>> Name one person.
>> Name one browser.
>> Name one problem.
>> OR SHUT UP.
>
>so small problems or "quirks" are not problems
>anymore?
>honestly Nick, go compare the code to the pages and
>you
>should blush.
>

Well, that's one.
But I don't find THAT on the web site.

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

[EMAIL PROTECTED] wrote:
>
>hmm, on Mon, Nov 28, 2005 at 05:32:54PM +0100, Otto
>Moerbeek said that
>> It's even a FAQ:
>http://www.openbsd.org/faq/faq8.html#wwwnotstd
>
>at least remove
>"We welcome new contributors,"
>because that is clearly not true.
>
They welcome contributers.
You are not a contributor.

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

[EMAIL PROTECTED] wrote:
>
>hmm, on Mon, Nov 28, 2005 at 05:32:54PM +0100, Otto
>Moerbeek said that
>> It's even a FAQ:
>http://www.openbsd.org/faq/faq8.html#wwwnotstd
>
>doesn't mean it's right, does it?
>
Certainlly doesn't mean it's wrong.
Almost certainly means it's OpenBSD

What system were you talking about?

RE: sent some www diffs, your one and last chance to flame me

[tony]

[EMAIL PROTECTED] wrote:
[snip]
>all or nothing.
>make the pages match the quality of the code and
>the cd's.
>even if you don't care, other people do.

I PAID for my CDs. I am happy with artwork, particularly the
smirk on that puffer fish.
I did not pay for the website. If I can stumble into the FAQ
and packages and figure out where -current lives, I am
more than satisfied.
The mirrors probably have more than enough to keep up with.
Adding anything just to be cutesy seems counterproductive.

Re: Updated CCD Mirroring HOWTO

[Tony]

Robbert Haarman wrote:

[snip]

> As it stands, OpenBSD is the only operating system I am aware of that
> has had the full base system completely audited and has buffer overrun
> and other protections enabled for all software on it. This, by itself,
> makes it more secure than other systems, regardless of what users do
> with it. Even in the worst case, where users actively degrade the
> security of the system, I would imagine OpenBSD's security would at
> least not be _worse_ than that of another system.

Somehow I don't think that really fits OpenBSD's objectives.
The full base system has been audited.
The full base system plus something stuck on has NOT been audited.
Security is one of those thingees where it's not what you did right
that matters. It's any and everything you did wrong that matters.

I am not an OpenBSD fanboy. I am typing this on an XP laptop at home via 
some vintage of VNC redirected via rinetd to a very old laptop running 
98 sitting on my desk at work. Secure? Hardly.
I lurk on this list because it is entirely possible that i find myself
in a situation where security actually matters. In that case, knowing
what and why and digging through everything will be essential.
If security matters, just running on OpenBSD will hardly be enough.
Security requires getting all the edges right. And so they stay right.

Re: Updated CCD Mirroring HOWTO

[Tony]

Daniel Ouellet wrote:
> In all these:
>
> >>I'm going to take this thread for what I think it is... the old guard
> >>telling us youngin's that our efforts are appreciated, but we've got a
> >>bit more to learn about how things work, and how to write good
> >>documentation, before we're really ready to jump into these things the
> >>way we have been lately.  I've noticed a decent drop in the number of
> >>"How do I get PPPoE working" and "How do I get Apache+MySQL+PHP working"
> >>questions on the list, which is what prompted Daniel to create
> >>openbsdsupport in the first place, so in a way, we've been successful in
> >>what we set out to do.
> >
> >
> > I may seem overly critical in debate but I still believe the work of
> > Daniel Ouellet and the HOWTO writers has been a worthwhile experiment.
> > Though it has opened the door for the blind leading blind, only by
> > experimenting with new ideas will one be able to prove or disprove their
> > validity and in the process, you might learn something unexpected.
> >
> or
> quote "Are you subscribed to newbies?  We don't do the bullshit like the
> HOWTOs or openbsdsupport.org.  We teach you how to help yourself. The
> answers come with learning, so you can be a better admin."
>
> There is many sad facts and true factors from both sides. Users have to
> and should look for informations and the proper way of doing things.
> Hopefully the fact that they decide to switch their OS to OpenBSD may
> open the light a bit and may have become a bit more critical to security
> anyway, so one would think they wouldn't jump on the first document they
> find and just do cut and paste. But the fact of life is also that you
> can be sure some will for sure just do that!
>
> Other may read some documents and see something in it that haven't seen
> before and pick their curiously to go look why that is and actually
> improve their learning. Not the majority I agree!
>
> So, nothing is perfect and never will be!
>
> Is it better to provide some help to some users to get them started, or
> does it hurt them for not forcing them to dig in vain to fine something
> they would get easier. Will the results favor the laziness, or the
> curiosity! I wish I knew that answer! Who are lazy, most likely will
> stay that way. Some that are incline to change, may well see it as
> useful and change, who are doing their homework will take it for what it
> is, an other source of information and grab anything, or nothing they
> see fit from it, and finally who ever know it all, will see it as a
> waist and not look at it, why should they anyway! So, where you fit,
> will dictate your point of view on the subject I guess.
>
> Does it mean it shouldn't exists as a side track? I still don't know for
> sure yet...
>
> But, I think the best way might be to provide the informations in a cons
> ice matter WITH reference (URL) to more details and ALWAYS warn the
> users NOT to do simply cut and paste as this hurt them for sure, but to
> seek the understanding of what is suggested in the documents. Not the
> stage of things now of almost all side documents at this time and may
> well be never either.
>
> But who never start walking will never be running either!
>
> So, it's like, providing knobs to a monkey and he will turn them, that's
> why OpenBSD doesn't have knobs like many other OS, or very few knobs
> anyway! Generic default is best, so how to provide more informations and
> make it easier for users that are not use to do their research and help
> them use a better system and at the same time try to trigger them to
> learn it without aliening them! I wish I knew the solution for that!
>
> But, I do believe this however, if a brain dead user switch from a less
> secure OS ( take your pick of OS here ) and comes to OpenBSD for
> security, documentations, curiosity, stability, what ever else, and stop
> using the less secure OS, what ever that might be, and in the process
> use what some would call "bullshit and stupid brain dead HOWTOs for
> monkeys", and never learn more about it, and in the process, may even
> hurt it's own setup and making it less secure in the process by using
> the brain dead HOWTOs, wouldn't the system in the end still be more
> secure then the same setup in any other OS? Don't forget the common
> factor here. Brain dead setup to start with, so very likely to be miss
> configure in the first place and joint many other less secure system on
> the Internet and continue to pollute it.
>
> I guess that's really the questions isn't it?
>
> Sadly there will always be brain dead users that cut and paste without
> thinking, or knowing, or even wanted to know or learn, what ever you
> want to describe it, in the end the resulting system in use by the same
> brain dead users is still more secure then an other system setup in the
> same matter by the same brain dead users, so the facts remain that in a
> small matter, the Internet at large become a bit safer for all of us!
>
> Isn't it

Re: Updated CCD Mirroring HOWTO

[Tony]

J.C. Roberts wrote:
> To the rest of list users; Please pardon another long email from me on
> this. Helping reasonable people like Robbert understand why many people
> consider "HOWTO's" to be harmful is hopefully worth the added noise and
> bandwidth.
>
>
> On Sat, 26 Nov 2005 10:57:12 +0100, Robbert Haarman
> <[EMAIL PROTECTED]> wrote:
>
[snip]
> >> If end-users are lazy and want to take the easy way out, they should
> >> go back to using linux and MS-Windows. They are not welcome here.
> >
> >That's a pity. I personally think OpenBSD is the _only_ operating system
> >that takes security as seriously as it should be taken, and it would be
> >in everybody's (well, almost everybody's) best interest if they used it.
> >There is nothing wrong with the project not wanting certain users, but
> >it leaves these users with a choice among evils, which is a pity.
> >
>
> Both security and reliability are really nothing more than a byproduct
> of correctness and well informed decisions.


That's the point.
Note the "nothing more". And the "byproduct".
If you throw away the correctness, and the effort it requires,
the security and reliability won't be around for long.

Yes, OpenBSD is the _only_ operating system that takes security as
seriously as it should be taken. Consider the why of OpenBSD's
accomplishments. Remove the why and you remove what they accomplished.
Use OpenBSD and think like Windows and get Windows security.

Re: "FileSystem" versus "File System"

[Tony]

J.C. Roberts wrote:
> I went looking for HIER(7) but didn't know it's name, so I stuffed the
> words "file system" into an Apropos keyword search and got nothing.
> 
> http://www.openbsd.org/cgi-bin/man.cgi?query=file+system&sektion=0
> &manpath=OpenBSD+Current&arch=i386&apropos=1&format=html
> 
> Damn, I _KNOW_ the darn thing exists because I've read it before. After
> think about it, I tried an Apropos search for the keyword "layout" and
> finally found HIER(7).
> 
> The think I found interesting is that HIER(7) uses the term "filesystem"
> without a space, while other man pages use "file system" with a space.
> 
> Other documentation on the OpenBSD.org web site also shows both
> spellings are used in fairly equal measure:
> 
> Google:
> Results 1 - 100 of about 347 from www.openbsd.org for filesystem.
> Results 1 - 45 of about 534 from www.openbsd.org for "file system"
> 
> My question are:
> (1) Are patches even wanted to standardize on one of the two?
> (2) Which do you think is more correct?
> 
> There's no sense in me spending the time to create and send
> documentation patches if the discrepancy is a considered non-issue.
> 
> Kind Regards,
> JCR

man 2 mount claims filesystem
man 8 mount claims file systems
man fstab claims filesystems
man fsck claims file system
man growfs claims file system
man hier claims filesystems
man tunefs claims file system
man newfs claims file system

man mount_ffs claims File System
man mount_xfs claims filesystem

The distinctions do not look accidental. There is a fine line 
between one-word, low-emphasis "filesystem" and the two-word
higher emphasis "file system".
mount_ffs belongs in a class by itself with 
"Berkeley Fast File System"
"Berkeley Fast Filesystem" -- does NOT feel the same.

Similarly,
hier - layout of File Systems -- looks WRONG  
  A sketch of the File System hierarchy. -- worse?

Looks like any attempt to use one spelling for all forms
would make a number of things worse.

Re: Redundant links with BGP and VPN

[tony sarendal]

On 23/11/05, Kor Boerema <[EMAIL PROTECTED]> wrote:
> Ok,
>
> I'm glad that it's possible, I just don't know how to put it all
> together yet.
>
> So I would have to create 2 gif tunnels at each branch office. One going
> over the leased lines and the other over internet.
>
> Over these GIF tunnels I would run ipsec to encrypt the data?
>
> Could you give some more information how to set this up? Just a
> overview.
>
> It's all a bit overwhelming to be honest.
>

1. You create the gif tunnels (firewall-firewall)
2. you encrypt the gif tunnels (firewall-firewall traffic, or leave
this for last)
3. You integrate it with your current routing setup and just treat the tunnels
as another leased line. Without knowing how your network routing is setup
it's hard to be more specific on this part.

Read the man page for gif and ifconfig and do a bit of trial and error.
The feeling of the head spinning will go away pretty quickly and you will
have a solution you feel confident with. If you don't get that feeling
don't use it.

This works the same with or without IPsec.

The gif setup is one ifconfig command on each end, I doubt you'll need help
with that.man page, tcpdump, trial/error.

/Tony

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: Community policy in openbgpd

[tony sarendal]

On 23/11/05, Dennis S.Davidoff <[EMAIL PROTECTED]> wrote:
> Hello all!
>
> Could someone show examples of complex community policy in openbgpd?
>

I gave it a quick try a few months ago and faced some problems.

1. bgpctl show did not display the communities (and some other attributes)
2. I failed with adding multiple communities

I also belive I ran into some problem like adding communities on top
of existing ones, or maybe it was clearing some communities but not
all... can't remember.

Another problem I faced was how to refresh things like connected/statics when
I modified which communies they were being tagged with.

Some of this may have changed since.

Hopefully I will be able to spend some real time on how I can use bsd/bgpd in a
service provider network, it depends on what I will be doing in the future.

If you do any testing on this, feel free to let me know how it goes.

/Tony



--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: Redundant links with BGP and VPN

[tony sarendal]

On 23/11/05, Kor Boerema <[EMAIL PROTECTED]> wrote:
> Hi Tony,
>
> Thanks for the reply.
>
> In what ways do the GIF tunnels differ from a normal ipsec tunnel?
>

By using a tunneling protocol your traffic will from an ipsec point of
view always have the same source/destination. You also avoid
fragmentation of packets if the hosts talking support PMTU discovery,
unless your tunnel mtu is too big of course.

Re: Redundant links with BGP and VPN

[tony sarendal]

Fully possible. Just use a tunneling protocol (man gif) for the
point-to-points and encrypt them, then use the tunnels for dynamic
routing.

You even get the bonus of working path-mtu-discovery wiithin your network.

/Tony

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: bridge and Spanning Tree, WAS Re: Help with bridging firewall failover w/ CARP, OpenBSD 3.7

[tony sarendal]

On 21/11/05, Camiel Dobbelaar <[EMAIL PROTECTED]> wrote:
> On Sun, 20 Nov 2005, Ramsey Tantawi wrote:
> > I set up failover of two redundant bridging firewalls using the
> > Spanning Tree Protocol options in bridge, and it worked great.
> >
> > However, when testing failover, it takes between 45 seconds to more
> > than 3 minutes for traffic to start flowing again.  The interfaces
> > themselves change state in the expected timeframe, though.  The entire
> > network is unmanged switches, and my guess is that the delay is due to
> > waiting for all the ARP caches to clear.  Does this sound reasonable?
>
> Definitely the MAC (not ARP) caches of the bridges and the switches.  STP
> devices can help speed up transitions by timing out entries sooner when
> a topology change is detected.
>
> I'm not sure if the OpenBSD bridge does that, the unmanaged switches
> definitely don't.  In this case you'd be better off with hubs...
>
> > To help, I set the bridge cache to flush every 20 seconds instead of
> > the default 240.  It seems to help somewhat.  I'm concerned though--is
> > this too frequent?
>
> With a two port bridge it won't really hurt.
>

I had a problem in my 3.7 openbsd bridges that they did not re-learn
mac-addresses while they still were in the table. In my case something
happened in the network and when things stabilized the openbsd bridge
had incorrect info in the mac-address table and did no re-learn until
I cleared the table.

I wasn't able to troubleshoot more due to the thing being live.

/Tony

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[Tony]

Ted Unangst:
> [i was trying to stay away, but can't.]

I've never really trusted prepositions ;)
By and by, stand by that clock and adjust it by 30 minutes,
by whatever means and by whatever rubric you deem appropriate.
By which direction, I wonder.

> On 11/18/05, J Moore <[EMAIL PROTECTED]> wrote:
> > On Wed, Nov 16, 2005 at 09:58:28AM -0800, the unit calling
> itself Greg Thomas wrote:
> > > What part of adjusting do you not understand? Nowhere in the
> log message
> > > does it say that that adjusting is finished. You are just
> being obnoxious
> > > for obnoxious' sake because you didn't get your way.
> > >
> > > Greg
> >
> > No, Greg - I'm not trying to be obnoxious for obnoxious' sake - are you?
> > What part of the definition of the word "by" to you not understand?
> >
> > Have you looked the word up in a dictionary? Have you imagined yourself
> > in a situation where you were standing in front of a clock, and someone
> > said to you, "adjust that clock by 30 minutes, Greg."
>
> the log message says "adjusting".  that's the present participle (not
> to be confused with gerunds).  it means "not done yet."
>
> q: "what are you doing in front of the clock?"
> a1: "i adjust the time (this instant only)" -- no
> a2: "i adjusted the time" -- no
> a3: "i will adjust the time" -- no
> a4: "i'm adjusting the time" -- we have a winner.  will you be done
> adjusting the time the instant that the sentence is out of your mouth?
>  or will the adjusting [gerund form here] continue for some time after
> the statement is issued?

RE: Re: slightly OT: TCP checksum and RFC conformity

[tony]

[EMAIL PROTECTED] wrote:
>Hi,
>
>Damien Miller wrote:
>...
>> [EMAIL PROTECTED] djm]$ netstat -sp ip | grep -E
>'(bad.*checksum|total packets)'
>> 61092730 total packets received
>> 0 bad header checksums
>> 
>
>wouldn't netstat -sp tcp | grep -E
>'(bad.*checksum|total packets)' give 
>the output of interest?
>
>(uptime 10 days on my slow ADSL link)
>netstat -sp ip | grep -E '(bad.*checksum|total
>packets)'
> 2448320 total packets received
> 0 bad header checksums
>netstat -sp tcp | grep -E '(bad.*checksum|total
>packets)'
> 23 discarded for bad checksums
> 0 bad/missing md5 checksums
>
>Doesn't this mean that 23 errors were not detected
>by the link layer 
>(probably because the errors were introduced some
>hops away from me) and 
>only the TCP checksum catched them?
>
>I hope you're right and it's not a reliability
>problem in practice.
>
>regards,
>Andreas

Flames invited if I'm wrong, but I think that it
means that 23 packets were discarded for bad checksums
Those 23 packets were discarded BEFORE being seen by the
next layer up.
Of course that may be just wishful thinking.
One easy stunt would be to generate correct checksums going
out for whatever garbage seems to have been received.
Repeat. Flames invited. Who/what do you trust?

RE: Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[tony]

[EMAIL PROTECTED] Tue, 15 Nov 2005 08:20:07
>
>On Tue, Nov 15, 2005 at 10:23:00AM +0100, the unit
>calling itself Henning Brauer wrote:
>> > 
>> > 'adjusting local clock by XXs'
>> > 
>> > The word 'by' is a preposition with a specific
>meaning in the context of 
>> > its use... it means "in the amount of"... but
>that's not what it means 
>> > here, is it? No, it does not. Therefore, the
>log entry is *inaccurate*. 
>> 
>> it is perfectly accurate. it says "adjusting by",
>and that is what it 
>> does.
>> it does not say "hard setting" or anything.
>> I won't change the log message, case closed.
>
>It *is* an inaccurate statement of what ntpd is
>doing to the system's 
>time. ntpd is your product - if you're happy with
>this little flaw, then 
>that's fine - leave it as is. But again, "The
>emperor has no clothes!"
>
>Jay
>
>PS - It would seem "mind closed" would be more
>accurate description of 
>this situation than "case closed", eh?

The message is 'adjusting local clock by XXs'
The message is NOT 'adjusted local clock by XXs'

It's been a long time since English classes, but seems like 
'adjusted' refers to something that has been done, 
while 'adjusting' refers to an ongoing operation.
There is no reason to assume that something that 
'adjustinjg' refers to a completed operation.

Re: nsswitch

[Tony Lambiris]

probably not -- but we use ldap here at work, and the auth_ldap in the 
ports tree works great.


Aiko Barz wrote:

I googled, but I couldn't figure out the current status.

My problem:
I tried to move my mailservers from Linux to OpenBSD. It's a qmail-ldap
system with its users stored in OpenLDAP. Each of my users has its own
UID. There is only one troublemaker: maildrop. It depends on getpwuid
and getpwnam. But OpenBSD doesn't know anything about my LDAP-users.

Solution:
There are some solutions. maildrop could lookup the account data
directly before invoking getpwuid and getpwnam. (I prefer not to write
this patch. It ends up in courier-authlib and so on.) The dirty hack is
to use the environment variables which are provided by qmail-local
($USER, $HOME). (This is safe for me because chuid gets called before
executing maildrop. I'm not happy with this solution.)

Another solution would be something like nsswitch. Are there any plans
to implement something like this?

Bye,
Aiko

Re: Cannot boot version 3.8 on HP pavilion 422

[Tony Lambiris]

Try:
boot -c
disable fdc

Lionel Vidal wrote:

I tried to boot the new 3.8 version on a (rather old) PC,
a HP pavilion 422.fr.  I tried both to boot from cdrom38.fs
and floppy38.fs and the result is the same :

OpenBSD i386 BOOT 2.10
boot>
booting fd0a:/bsd: 3263620
Entry point at 0x100120

 Lots of blue-background infos 
 CD-Rom, DVD-Rom, nvidia cards OK ...
 Keyboard OK (a logitech wireless) after a while ...

fdc0 at ISA port 0x3f0/6 Irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec


... And then nothing... I waited for some time but the PC is frozen,
and the only thing to do is to unplug it.

Note that the hardware works well : on the 80Go HD, I have an old Win89SE
(10Go) and FreeBSD 5.4 (10Go) and I can boot both (my intend was to
dedicate that PC to OpenBSD).

Sorry to not give the whole log of messages, but I cannot copy them
except by writing them fast on paper. I could get some specific part
if required though.

Any ideas? (Sorry if I did wrong something obvious :-)

Re: pciide: DMA vs. ATA133

[Tony Lambiris]

It's due to chipset detection, so in the interm, I added this:
/usr/src/sys/dev/pci/pciide.c -- line 2650
case PCI_PRODUCT_VIATECH_VT82C571:

Or a diff:
--- pciide.c.orig   Wed Nov  9 10:35:24 2005
+++ pciide.cWed Nov  9 10:35:43 2005
@@ -2648,6 +2648,7 @@
sc->sc_wdcdev.UDMA_cap = 6;
break;
case PCI_PRODUCT_VIATECH_VT8235_ISA:
+   case PCI_PRODUCT_VIATECH_VT82C571:
printf(": ATA133");
sc->sc_wdcdev.UDMA_cap = 6;
break;

You can copy/paste that in a file and run patch -p0 < file.diff

This isnt correct at all, but it works.



Sebastian Dehne wrote

Hi Tony,

It turns I'm having the same problem and saw you've done some research.

# dmesg| grep DMA
pciide0 at pci0 dev 15 function 0 "VIA VT82C571 IDE" rev 0x06: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
wd1(pciide0:0:1): using PIO mode 4, DMA mode 2
wd2(pciide0:1:1): using PIO mode 4, DMA mode 2

What exact changes did you make to pciide.c in order to enable
Ultra-DMA? I see the switch at around line 2610 in pciide.c, but cannot
work out how to add PCI_PRODUCT_VIATECH_VT82C571.

I'm running 3.8.

thanks,

Sebastian

Tony Lambiris wrote:

Man I must need sleep or something... this doesn't fix my problem, I 
forgot I had the extra case in the switch statement still in pciide.c. 
That did work, however, adding PCI_PRODUCT_VIATECH_VT82C571 as a case. 
Like I said before I don't know if this is the right way to do this, but 
it's a temporary fix for me.


Over and out, sorry again for the noise.

Tony Lambiris wrote:


Sorry for all the noise, this seems to have fixed it (from NetBSD):

--- via82c586.c.origMon Sep 12 19:38:35 2005
+++ via82c586.c Mon Sep 12 20:27:28 2005
@@ -256,9 +256,10 @@
   reg = pci_conf_read(ph->ph_pc, ph->ph_tag,
   VP3_CFG_PIRQ_REG);
   shift = vp3_cfg_trigger_shift[i];
-   /* XXX we only upgrade the trigger here */
   if (trigger == IST_LEVEL)
   reg &= ~(VP3_CFG_TRIGGER_MASK << shift);
+   else
+   reg |= (VP3_CFG_TRIGGER_EDGE << shift);
   pci_conf_write(ph->ph_pc, ph->ph_tag,
   VP3_CFG_PIRQ_REG, reg);
   break;

Tony Lambiris wrote:


I forgot to ask, would it be bad practice to just add 
PCI_PRODUCT_VIATECH_VT82C571 to one of the cases in the switch 
statement? It seems like this might go a little deeper


Tony Lambiris wrote:


Well I thought I knew what the problem was (nope).. I found something 
interesting though...


The motherboards that don't setup UDMA properly uses a "VIA VT8237 
ISA" for pcib; the one's that setup UDMA properly uses a "VIA VT8235 
ISA". I added some debugging in pciide.c in function apollo_chip_map 
on the switch statement, and the pcib_id it's switching on is 0x0571, 
which in pcidevs is "VT82C571 IDE". Does that mean somewhere the 
VT8237 chipset isn't being setup correctly or something?


I'm a little confused at this juncture, any light that can be shed 
would be greatly appriciated.


Thanks.

Tony Lambiris wrote:


I (think I) found the problem... I will be posting a patch shortly 
if I confirm my suspicions.


Thanks.

Tony Lambiris wrote:


We have some motherboards with (what we think) are the same chips 
and revisions with the same hard drives, but some drives are being 
detected as DMA and others as ATA133. Here is an example:


pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: 
ATA133, channel 0 configured to compatibility, channel 1 configured 
to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5

pciide0 at pci0 dev 15 function 0 "VIA VT82C571 IDE" rev 0x06: DMA, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2

As you can see it's the same IDE chipset, same revision, same 
drives.. the only thing I can think of is it's an IDE ribbon issue, 
but the ribbons we used (which were mixed from the cases and the 
motherboard boxes), were brand new.


Any suggestions?

TIA.

RE: Re: OT: 10 things i hate most on unix

[tony]

[EMAIL PROTECTED] wrote:
>
>On Sun, Nov 06, 2005 at 12:40:12AM -0200, Gustavo
>Rios wrote:
>> Hey folks,
>> 
>> sorry, but i found this on the web. May someone
>tell if it is serious,
>> i myself could not believe it.
>> 
>>
>http://www.informit.com/articles/article.asp?p=4244
>51&seqNum=1
>> 
>
>Looks like a rehash of
>
>http://research.microsoft.com/~daniel/unix-haters.h
>tml
>
>with its Anti-Foreward by Dennis Ritchie. Whether
>you think it is
>humurous or not is of course up to you. I thought
>it was funny when
>I read it '94.
>
> Ken

Looks like a good book. Thanks.

from the Preface "Deficient by Design"
"Being small and simple is more important 
than being complete and correct"
"You only have to solve 90% of the problem."
"Everything is a stream of bytes."

"Despite a plethora of fine books on the subject, Unix security remains an 
elusive goal at best."
There is an obvious implication for Windows security.

"These attitudes are no longer appropriate for an operating
system that hosts complex and important applications"

The gripes may be legitimate, but really, are we any closer
to finishing that last 10% than we were 40 years ago?
Before there even were such things as operating systems
and editors and such.
Probably the real reason to hate Unix is that it has
outlived its betters, and will most likely continue to do so.

Somehow the assumption that you have 100% (when only 90% 
is attainable) seems to be eventually fatal.

Re: 10 things i hate most on unix

[Tony]

Quoth Gustavo Rios Saturday, November 05, 2005 8:40 PM
> 
> Hey folks,
> 
> sorry, but i found this on the web. May someone tell if it is serious,
> i myself could not believe it.
> 
> http://www.informit.com/articles/article.asp?p=424451&seqNum=1


"UNIX was a terrific workhorse for its time, but eventually the old nag 
needs to be put out to pasture."

Seems to me that Unix has outlived its betters, notably Multics.
The end of Unix has been proclaimed for ages.
I think there are many legitimate gripes about Unix.
I doubt that you will find any in said article.

Unix is deceptively simple. And deceptively powerful.

Re: Large partition

[tony sarendal]

On 24/10/05, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> --On 24 October 2005 13:34 +0200, Beck Zoltan Gyula wrote:
>
> > I must install a file server so I need minimal 2T disk space. So I
> > need to choose an other operating system :(
>
> 2T is a lot of files to put in a single directory. And of course, where
> you work with multiple directories, each can be on a separate
> partition...
>

I thought fsck on 300GB was painful. 2TB...

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

RE: Re: Non Developers allowed to ask questions ?

[tony]

On Wed, 19 Oct 2005 10:07:47
[EMAIL PROTECTED]
>
>On Wed, 19 Oct 2005 14:06:11 +0100
>"Constantine A. Murenin" <[EMAIL PROTECTED]>
>wrote:
>
>> On 19/10/05, [EMAIL PROTECTED]
><[EMAIL PROTECTED]> wrote:
>> > There is a legitimate use for top posting.
>> > Deletion and/or answer of message in 10 to 15
>seconds or less.
>> 
>> Nonsense. Just because your MS Outlook does not
>support or is not
>> configured to support bottom-posting, doesn't
>mean that you should
>> find some invalid excuses for top-posting.
>
>With a sig like mine I coudln't resist a resounding
>"me too" on this
>one;-)   My sig concisely demonstrates in a
>nutshell why top posting is
>problematic, if not an all out pita.
>
>
>Before johnny-come-lately M$ decided to jump on the
>interenet bandwagon
>w/ their lame software top posting was completely
>unheard of.  I've
>been using Unix since '81 so I think I can say this
>w/some certainty.
>Top posting is just a lame excuse offered by lame
>software developers
>who wrote a lame mua w/o bothering to read any
>rfc's, research
>conventions, etc. prior to doing so.  A point
>obvious to those who cut
>their teeth on *nix rather than M$.
>
>
>
>-- 
>Best regards,
>
>Ken Gunderson
>
>Q: Because it reverses the logical flow of
>conversation.
>A: Why is putting a reply at the top of the message
>frowned upon?

Ok, OK. This would not work in top posting.
And the complexity of this is essentially trivial.

Microsoft is good for someone with no knowledge or 
skill throwing something into Word or Outlook and 
having something come out looking quite presentable. 
But woe to anyone who actually cares critically what 
it looks like. 

> Yep. If you're stuck on an M$ platform for whatever reason 
Yep. The question is when and how to jump. Maybe why.
To what "should" matter, but I suspect that how you
go about it, and the expectations probably matter more.

Nasty question. Which works better (or worse depending
on your viewpoint), thinking Linux and using OpenBSD,
or thinking OpenBSD and using Linux?

[rant]
Security should be a reason, but I cannot put security 
mattering in the same universe as five cent compromized
computers. My impression of NT4 was that it was 
unsecurable, so I didn't. My impression of XP is that
it is guaranteed insecure. My users do NOT "click on
everything". Analogies to babies putting everything into
their mouths probably have something to do with it.
Hiding stuff from users seems like a fatally bad idea.
Hiding error messages from users is maybe not a good idea
either. Just because the dumb computer thinks it has a
problem does NOT mean that the intelligent user has a
problem. Everything I've seen indicates that intelligent
user/dumb compuer is the way to play it. Moreso as the
computers get bigger, faster, more complicated. Intelligent
computer has the fatal flaw that the computer does not
know what the computer does not know. A bit like the
flat=earth society where the edge is not visible from
the inside.
[/rant]

With a wee bit of editing, bottom posting is quite workable.
(I've got too much work related where top posting (like
Done.) is necessary. For this list, it is emphatically worth
the trouble. As simple and straight-forward as this is, I 
defy anyone to translate it intelligently into top-posting.
Top posting is designed to terminate conversations.
Bottom posting encourages continuing and exploring various
alternatives. If I were actually talking about something
relevant, bottom posting gives many places to attach
something. Since I am not distracting with relevant stuff,
we can play with the structure of the beasties temselves.

FWIW. I LIKE this list. I like the way you all think.

Not nearly as concise as your sig ;)

RE: Re: Non Developers allowed to ask questions ?

[tony]

On Wed, 19 Oct 2005 14:06:11 
[EMAIL PROTECTED] wrote:

>On 19/10/05, [EMAIL PROTECTED]
><[EMAIL PROTECTED]> wrote:
>> There is a legitimate use for top posting.
>> Deletion and/or answer of message in 10 to 15
>seconds or less.
>
>Nonsense. Just because your MS Outlook does not
>support or is not
>configured to support bottom-posting, doesn't mean
>that you should
>find some invalid excuses for top-posting.
>
>Cheers,
>Constantine.

Since I am replying to your reply,
I think I maybe stand corrected.

This is lame enough sitting here.
It does not work as a top post.

Microsoft makes it easy.
Easy to do it stupid, I'm beginning to think.

Re: Non Developers allowed to ask questions ?

[Tony]

There is a legitimate use for top posting.
Deletion and/or answer of message in 10 to 15 seconds or less.

The stunt is essentially the same as stuff in newspapers.
The reporter writes. The editor puts as much as will fit in the alloted
space and ignores the remainder without even looking. The readers read
as far as they like and then stop reading.

Top posting totally messes up any attempts at coherent follow-ups.
Hmmm, does that expain some of the problems with media?

If I had another point to make, I have run out of space in which to make it.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Kevin .
Sent: Tuesday, October 18, 2005 5:41 PM
To: misc@openbsd.org
Cc: [EMAIL PROTECTED]
Subject: Re: Non Developers allowed to ask questions ?


>there seems to be some unwritten rule that users (not to be confused
>with developers) are not allowed to ask whether certain things are
>supported in OpenBSD or when these items are likely to be available,

Nope--not at all. Stupid questions that show a lack of research and/or lack
of supporting documentation (like a dmesg when required) are seriously
frowned upon though. In fact such posts usually just get ignored.

The minimal rules (for the record) are:

1) Top posting is nearly always bad. Consider emails you're sending as if
they're being published in a book.

Books make sense read from top to bottom.  This is particularly important
for logic-flow in the lists when multiple parties get involved.

2) Check at *very* least the following various resources before posting:
http://www.openbsd.com/faq/
ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.txt (for PF questions)
http://www.openbsd.com/plat.html (for your respective hardware)
http://www.google.com (do at least the basic research to see if it has
been discussed)

3) Holy wars and similar philosophical debates are nearly always useless. In
fact aside from those for yanking out crappy software / licenses, I can
think of not one instance where one has been anything BUT useless. Messages
like that should go to /dev/null instead of the list. You'll feel better and
so will we. ;-)

4) Never ask for driver or software support that doesn't include offers to
provide:

- free or at VERY, VERY least absolutely-no-strings-attached loaner
hardware
- offer to fund development

Most developers have 'day jobs.' This ain't Microsoft where people punch
clocks.  These guys are doing this because it's fun and because they use it
themselves.

Asking for development of something complicated like drivers (especially for
some old trashy ISA NIC for instance) brings no one joy when they themselves
have no use for it. Follow?

Most of them--like the rest of us sane folk--would rather be doing something
fun and/or useful to *themselves* when finished.

Last footnote: when requesting support, include _brief_ reasoning why
(particularly in context of it benefitting the entire community) it would be
good for all, and it's M-U-C-H  more likely to get attention than, "Uh...
anyone working on this?"

5) If you get no answer, consider it an implicit "no". For a dozen people to
stand up and say, "no," makes no sense, right? It takes time away from
coding and just makes noise.

6) Barring that, an off-list note to a developer responsible for something
similar **may** also make sense. Particuarly if there's cash and/or hardware
attached.

>So where does one post questions *after* having read the FAQ etc
C'mon. That depends on the question. If it's related to php5 you're probably
better off with ports@; alpha specific comments should probably go to alpha@
and so on.

>If I was a developer I'd be posting to the tech@ list woudln't I.
Maybe. Maybe not. Many developers post things to misc. Think about your
audience and who's most likely to benefit from your questions / comments.

Any notions that anyone here is somehow beholden to you (that being the
universal you, not you specifically) have got to go.

By using the list, we're each asking for help from a tremendous resource of
hundreds (thousands?) of people including the very developers themselves of
your OS. We're getting support for the bargain price of free just for the
asking. In exchange one must be reasonable. You'll never, ever get this from
Microsoft or Cisco. There you'll get shuffled around on the phone for hours,
talk to someone useless, get no answer, and more likely than not be $195
lighter in your loafers for the trip.

As I think most fellow misc@ listers will agree, an email with such
questions certainly *leans* towards being hostile or at least
passive-aggressive / accusatory. I'll afford the courtesy of benefit of the
doubt. With that in mind if one doesn't get the response one wants, chances
are the answer is "no."

Now it's time to look to consider marshalling resources for a hardware/cash
donation if you *really* want it done or to begin looking for another
solution better suited to your needs. For some people that means 

Re: RAID for dummies

[Tony]

Quoth J Moore
[snip]

>And I'm suggesting that trying to be an expert in everything is not a 
realistic goal... why pick up a scalpel at all (to "haul your butt out 
of the fire") if your neighbor has invested years in becoming a thoracic 
surgeon? If surgery is required, I would choose to let the experienced 
surgeon haul my butt out of the fire, and concentrate my energy in my 
field of interest. Sorry if I confused you on that point.

If my neighbor has invested years in becoming a thoracic surgeon, I 
still have the problem of knowing that it is his expertise that I need.
If I do need his services, how much knowledge of his field should I
know for my own protection and so that I can make rational choices?

In the case of RAID, just how effective is the magical incantation?
Everything I've seen on this list by people who should know (that's
the people who have survived disasters rather than wondering what
happened to them) indicates that RAID has become a sales gimmick for
customers with more dollars than sense, and unless handled extremely
carefully is slower, much more likely to fail catestropically, with
marginal gain in accessibility. The main problems are in rebuilding
a failed disk and in extremely long downtimes while rebuilding.

You don't need to be an expert in everything, but you do need to know
enough to know when an expert is needed. Anything that claims that no
expertise is needed when in fact expertise is needed is no friend.

Re: 3 VPNs, 3 networks, 2 subnets

[tony sarendal]

On 13/10/05, Chris Cameron <[EMAIL PROTECTED]> wrote:
> I'm trying to do something I'm pretty sure I recall reading couldn't be
> done. Although I wasn't able to find any information this last time around.
>
> We're going to be temporarily splitting our data centre, but still want
> both data centre halfs connected to our office through our VPN. Everyone
> needs to maintain the same subnet as we have software that is licensed
> based on the subnet it is on.
>
> So:
>
> 192.168.120.x <-> 192.168.121.x <-> 192.168.120.x
>
> I don't care if the two .120's can talk to one another, I just need to
> be able to talk to both .120's from the .121
>
> Now, some cursory poking around, using a local ID type of
> IPV4_ADDR_SUBNET is no good. Using IPV4_ADDR isn't working for me, as
> the .121 firewall (understandably) doesn't know to route the internal
> traffic that way.
>
>
> So, immidate question would be, would there be a way to add routing
> table entries for the specifc IPs I want going to the second .120
> network? I understand how arp requests work, but obviously not how an
> arp proxy works, as I wasn't able to fix "network unreachable" errors.
>
>
> If that's a no go, is this even possible? At all? I'm willing to do
> bizarre things. The other thought I've had is to have a .130 subnet on a
> vlan and the second .120 on another vlan, and then just translate packets.
>
>

Set ip IPIP (gif) tunnels between the firewalls, encrypt them if you want to,
add the statics you wish on the main site pointing at the other end of the
tunnel where you want it to go.

/Tony

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: FileSystem Corruptions? Very important Files at stake.

[Tony]

The first thing to do is to copy the drive with the photos
to fresh disk space before further damage is done to the originals.
Expect recovery to be long and painful even with some tools
to make it easier.

There are people here that know a lot more about this than I, but the
first thing is to get lots of accessible disk space in which to put:
1) the raw image of the original disk
2) the raw images of the disk partitions (dos partitions, that is)
3) the raw images of the disk partitions (obsd partitions, that is)
4) space in which to attemp reconstructions of what was supposed to be
there.

If you really know what you are doing, you can probably get away
with omitting some of the above.

Make accurate notes of what is where in what order etc.

Good luck.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Justin Wong
Sent: Saturday, October 08, 2005 4:46 PM
To: misc@openbsd.org
Subject: FileSystem Corruptions? Very important Files at stake.


Hi, I was wondering if you could help me.
After searches on the internet turned up nothing, I found your site about
your love for OpenBSD. My problem is that when I boot, I get an error
/dev/rwd0a BAD SUPER BLOCK: VALUES IN SUPER BLOCK DISAGREE WITH THOSE IN
FIRST ALTERNATE.
Then, on the same 13 gig drive, the error,"
/dev/rwd0a UNEXPECTED INCONSISTENCY RUN fsck_ffs MANUALLY"
. Later on, I also get an error from my other HardDRive which is a 200 gig
Seagate. This drive is also getting many errors. I did not realise it, but I
guess I had formatted it in NTFS. This HardDrive contains many files of
which are very important (3 years worth of files and a few thousand family
photos).

The only thing I can remember that might be related to the error is that the
computer would not shut down the previous night. I am relatively new to
OpenBSD so I shurgged it off as I held the power button down. I made sure
the HDD activity light was off.

I am using OpenBSD 3.7.
When I type "login" I get a #sh not found error and it seems to continue.
>From there I get thousands of errors where the computer tells me to fsck.
>From my view, it looks like both filesystems became corrupted. I really
need
these files.
A liveCD of Ubuntu doesn't seem to be working as it can't read the 200 gig
drive. The 13 gig drive comes up with a nod error every couple or so nodes
with fsck. Ubuntu won't even read the 200 gig drive. Can you please help me
at least to recover hte files? Any suggestions would help. THe computer is a
500Mhz K6 with the 13 gig drive run as master and the 200 gig drive as
slave. Some of these files are photographs of my now deceased grandfather
and are very important.
Thank you for your time.
Justin Wong.

--
$ cat "food in tin cans"
cat: cannot open food in tin cans

Re: Two Isp Fault Tollerance Help

[tony sarendal]

On 07/10/05, Roberto Pereyra <[EMAIL PROTECTED]> wrote:
> Hi
>
> Where I can find bgp uses examples (simples, for newbies) ?
>
> Thanks
>
> roberto
>

Unless you know what you are doing here you will not improve on the situation.
If you have a bad connection, replace it.

With bgp routing you will participate more actively on the internet,
it also means the more of the responsibility falls on you, and you will see
problems of a different nature, and problems at any of your providers may
affect you.

Bad connectivity, which provider do you contact ? Those providers will
get back to you with an entirely new set of questions for you to
answer. And in worst
case the providers themselves completely lack a clue.

BGP routing and multiple upstreams may a good thing if you have the
knowledge and resources to handle it, otherwise it isn't.

I recommend the book Internet Routing Architectures from cisco press.

/Tony

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

RE: Re: sh-script executing

[tony]

The editing is perfectlty safe.
It is the reading of a file that is being changed that is unsafe.

Of course there's Microsoft Windows.

>- --- Original Message --- -
>From: [EMAIL PROTECTED]
>To: misc@openbsd.org
>Sent: Fri, 7 Oct 2005 09:39:47
>
>OM> I know this behaviour form every Unix system
>I've worked on. Besides,
>OM> the nice thing about the current way of doing
>things is that you can
>OM> read a script form a pipe and have the desired
>behaviour without any
>OM> special case code.
>
>This behavior has any advantages for regular files
>? Compatibility ?
>
>  If so, do any editor has option to safe editing
>for this case ?
>(of course, I always can do editor wraparound).

Re: Transit with OpenBGPd... How to allow only on or two as neighbor only ?

[tony sarendal]

On 06/10/05, Xavier Beaudouin <[EMAIL PROTECTED]> wrote:
> [...]
>
> >
> > The announce keyword is mostly for simple setups. For transit providers
> > announce should be set to all and real bgp filtering should be used.
> >
> > The idea of announce is that small multihomed setups with e.g. two uplinks
> > just work in a save manner (defaulting to self and so not the full table
> > is reexported).
> >
>
> Thanks Claudio,
>
> But can you provide me a more detailed example. Because I have some
> difficulies to make a filter for such setup...
>

The best way to make a scalable setup is by using bgp communities.
That way your transit/peering routers advertise based on information
you can set on origin or ingress into your network, not depending on
the prefix/as itself.

I have not checked how bgpd and community support looks in -current,
but when experimenting a few months back I had some problems with
setting multiple communities and I was also forced to use an external
route-server to see what was happening in my test network. I intend to
give this a new try when I have finished the project I'm currently
working on.

/Tony

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

RE: Netgear WG311 v3

[tony]

Quoth [EMAIL PROTECTED]
>These cards don't seem to be ath anymore.
>
>The relevant bits from my dmesg.
>
>rl0 at pci1 dev 0 function 0 "D-Link Systems
>530TX+" rev 0x10: irq 11 address 00:11:95:24:6a:0d
>rlphy0 at rl0 phy 0: RTL internal phy
>rl1 at pci1 dev 1 function 0 "D-Link Systems
>530TX+" rev 0x10: irq 5 address 00:11:95:24:6a:0c
>rlphy1 at rl1 phy 0: RTL internal phy
>vendor "Marvell", unknown product 0x1faa (class
>network subclass ethernet, rev 0x03) at pci1 dev 2
>function 0 not configured
>
>Thought you all might like to know. Thrice cursed
>vendors. Lucky for me it was an incredibly cheap
>impulse buy. 
>
>Ray
>-- 
>BOFH excuse #326:
>
>We need a licensed electrician to replace the light
>bulbs in the computer room.

First "Thanks", which you don't hear very often.

Second, it seems that this list is the best (best that I know of) available 
intelligence about the state of hardware. Not as an OpenBSD user, but as a user 
of most everything else. Anything that gives OpenBSD trouble, it's just a 
matter of time before it gives me trouble where I care about it. I doubt that I 
am alone, and most of us tend to keep our yaps shut.
I would love to have the information organized and digensted for me, hardware 
compatibility lists make some attempt to do this, but the intelligence value 
comes from reading betwen the lines and is based on human reaction and opinion. 
Anything "organized" is too easily astroturfed.

My experience with OpenBSD is limited, however. 
3Com NIC on NT Server suddenly decided to work very poorly. Best help I could 
find was OpenBSD archives. Intel Pro NIC and problems went away. Actually did a 
repeat performance.
Consensus seems to be 
Peculiar Adaptec SCSI controller (I understand Adaptec used to make good 
products) card would work with Linux only with SCSI BIOS disabled. Worked with 
OpenBSD with BIOS enabled.
OpenBSD has an attitude, knows quite a bit about hardware, and is probably well 
worthwhile listening to regardless of OS. There is of course much more that I 
do not know than I do know, but in a few cases I do know enough that OpenBSD 
and expecially Theo seems to have a knack for being dead accurate.

If security matters, OpenBSD "gets it". 
If security matters, you do NOT get compromised machines at a nickle each.
If security does not matter, there are a number of stupidities which are very 
ill advised.

[ ] Always trust OpenBSD.

Re: Gigabit network measurments with OpenBSD 3.8-beta (long)

[tony sarendal]

On 29/09/05, Schvberle Daniel <[EMAIL PROTECTED]> wrote:
>
> I hope this proves to be useful to someone,
> Daniel
>

I personally find all network performance/routing info on openbsd interesting.
Thanks Daniel.

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

RE: Re: Portmap non-local set / unset attempt

[tony]

Making is a process.
Toast is not a process.

>- --- Original Message --- -
>From: [EMAIL PROTECTED]
>To: misc@openbsd.org
>Sent: Fri, 23 Sep 2005 02:30:10
>
>[EMAIL PROTECTED] wrote:
>
>>> Security is everything you've ever said, plus a
>process.
>> 
>> If it is secure, it doesn't need a process. So
>why would security be a
>> process again? Because of the vendors making
>"mistakes" and fix it later?
>> 
>> Jimmy Scott
>
>It is a "process" in the same way that "making
>toast" is a process.
>The purchase of a "bread-crisping solution" that is
>UL-certified to not
>set your house on fire is the contribution of the
>"engineering" and
>"product development" stages.  In common usage,
>using this "solution"
>to toast your morning snack will produce crispy
>bread and will not
>produce a howling conflagration.  However, note
>that it is still very
>much possible to ignite your domicile by soaking a
>rag in lighter fluid,
>stuffing it into the bread-toasting slot, and
>jamming the switch closed
>with a butter knife.  For a less extreme example,
>it _may_ be possible
>to cause a fire by leaving a towel too near the
>toaster while it is
>operating, something which is easy to do and all
>too common.
>
>Having a morning snack and an un-burnt house at the
>same time, then, is
>contingent upon two things - possessing a toaster
>of adequate quality,
>and using it properly.  You don't get to have the
>whole package without
>a) looking for a good toaster in the first place,
>and b) learning how
>to use it.  Security operates similarly:  one boner
>mistake on anybody's
>part - coder, engineer or administrator - and your
>"security" vaporizes
>_instantly_.  Go read some of Bruce Schneier's
>screeds on the subject,
>they're informative.
>
>So yes, security most certainly _is_ partly a
>"process", various
>opinions to the contrary notwithstanding.  It is
>identical to the
>process of locking your doors and checking your
>windows before you
>go to bed at night, or of making sure that you're
>not stuffing a paper
>towel or a cardboard box top in your toaster in the
>morning before
>you've had coffee.  You could call it "habitual
>prudence", I suppose.
>
>Of course, computers being based on hard-core
>determinism and Boolean
>logic, a higher standard is possible.  I note in
>passing that the
>security of every operating system in common use
>(including OpenBSD) is
>_unproven_ [1], with the possible exception of
>Coyotos.  Asserting
>something that is unproven and which may actually
>be impossible to prove
>("X is more secure than Y") is not a good idea.  In
>other words, don't
>toss shit at the vendors unless you can _prove_,
>from a chain of
>irrefutable deduction, that your proposed solution
>is "more secure" than
>theirs.  (Something which is likely impossible, due
>to OpenBSD's design
>and the language in which it is written.)  Hint: 
>the manpower,
>brainpower, and computing power needed to
>accomplish this task _even if_
>it is possible is probably going to exceed anything
>you're willing to
>marshal to that end.
>
>Theo is right about one thing, however:  Bugs and
>security flaws arise
>from mistakes, every one of which is avoidable. 
>There are no "new"
>classes of bugs or design flaws, essentially every
>one has been
>generally known of and understood for decades.  It
>is only sloppy
>practices - dare I say it, "bad processes" - that
>permit these bugs
>to creep into various codebases and multiply.  The
>cure for this
>problem is "better processes".  The "easy" cure is
>for these processes
>to entail continuous auditing (the OBSD solution). 
>The harder cure
>is to work on establishing and maintaining a
>process that incorporates
>rigorous proof as a necessary component.  We may
>not ever see that, but
>hey - it's nice to dream, isn't it?
>
>-- 
>(c) 2005 Unscathed Haze via Central Plexus
><[EMAIL PROTECTED]>
>I am Chaos.  I am alive, and I tell you that you
>are Free.  -Eris
>Big Brother is watching you.  Learn to become
>Invisible.
>| Your message must be this wide to ride
>the Internet. |
>
>[1]  Rigorous proof, that is.  Anecdotal evidence
>does not establish
>proof of anything whatsoever.

RE: Re: Portmap non-local set / unset attempt

[tony]

>Security is everything you've ever said, plus a
>process.

No. security does not require the process.
Attempted security (that doesn't quite work) requires a process.
Like the difference between does work and should work.

Re: BGP peering, 2 peers, hardware reqirements & questions

[tony sarendal]

There is nothing simpler and cleaner than IP routing.
Avoid all nasty hacks with adress re-writing and ugly stuff is possible.

Your own as, two full bgp feeds and just let bgp decide path.
Loadsharing is usually pretty good, and if you are looking for better
load-sharing then redundancy probably isn't that important.

Weekend.

/Tony

Sorry about the dupicate, Joel.

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: pciide: DMA vs. ATA133

[Tony Lambiris]

Man I must need sleep or something... this doesn't fix my problem, I 
forgot I had the extra case in the switch statement still in pciide.c. 
That did work, however, adding PCI_PRODUCT_VIATECH_VT82C571 as a case. 
Like I said before I don't know if this is the right way to do this, but 
it's a temporary fix for me.


Over and out, sorry again for the noise.

Tony Lambiris wrote:

Sorry for all the noise, this seems to have fixed it (from NetBSD):

--- via82c586.c.origMon Sep 12 19:38:35 2005
+++ via82c586.c Mon Sep 12 20:27:28 2005
@@ -256,9 +256,10 @@
reg = pci_conf_read(ph->ph_pc, ph->ph_tag,
VP3_CFG_PIRQ_REG);
shift = vp3_cfg_trigger_shift[i];
-   /* XXX we only upgrade the trigger here */
if (trigger == IST_LEVEL)
reg &= ~(VP3_CFG_TRIGGER_MASK << shift);
+   else
+   reg |= (VP3_CFG_TRIGGER_EDGE << shift);
pci_conf_write(ph->ph_pc, ph->ph_tag,
VP3_CFG_PIRQ_REG, reg);
break;

Tony Lambiris wrote:

I forgot to ask, would it be bad practice to just add 
PCI_PRODUCT_VIATECH_VT82C571 to one of the cases in the switch 
statement? It seems like this might go a little deeper


Tony Lambiris wrote:

Well I thought I knew what the problem was (nope).. I found something 
interesting though...


The motherboards that don't setup UDMA properly uses a "VIA VT8237 
ISA" for pcib; the one's that setup UDMA properly uses a "VIA VT8235 
ISA". I added some debugging in pciide.c in function apollo_chip_map 
on the switch statement, and the pcib_id it's switching on is 0x0571, 
which in pcidevs is "VT82C571 IDE". Does that mean somewhere the 
VT8237 chipset isn't being setup correctly or something?


I'm a little confused at this juncture, any light that can be shed 
would be greatly appriciated.


Thanks.

Tony Lambiris wrote:

I (think I) found the problem... I will be posting a patch shortly 
if I confirm my suspicions.


Thanks.

Tony Lambiris wrote:

We have some motherboards with (what we think) are the same chips 
and revisions with the same hard drives, but some drives are being 
detected as DMA and others as ATA133. Here is an example:


pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: 
ATA133, channel 0 configured to compatibility, channel 1 configured 
to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5

pciide0 at pci0 dev 15 function 0 "VIA VT82C571 IDE" rev 0x06: DMA, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2

As you can see it's the same IDE chipset, same revision, same 
drives.. the only thing I can think of is it's an IDE ribbon issue, 
but the ribbons we used (which were mixed from the cases and the 
motherboard boxes), were brand new.


Any suggestions?

TIA.











--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: pciide: DMA vs. ATA133

[Tony Lambiris]

Sorry for all the noise, this seems to have fixed it (from NetBSD):

--- via82c586.c.origMon Sep 12 19:38:35 2005
+++ via82c586.c Mon Sep 12 20:27:28 2005
@@ -256,9 +256,10 @@
reg = pci_conf_read(ph->ph_pc, ph->ph_tag,
VP3_CFG_PIRQ_REG);
shift = vp3_cfg_trigger_shift[i];
-   /* XXX we only upgrade the trigger here */
if (trigger == IST_LEVEL)
reg &= ~(VP3_CFG_TRIGGER_MASK << shift);
+   else
+   reg |= (VP3_CFG_TRIGGER_EDGE << shift);
pci_conf_write(ph->ph_pc, ph->ph_tag,
VP3_CFG_PIRQ_REG, reg);
break;

Tony Lambiris wrote:
I forgot to ask, would it be bad practice to just add 
PCI_PRODUCT_VIATECH_VT82C571 to one of the cases in the switch 
statement? It seems like this might go a little deeper


Tony Lambiris wrote:

Well I thought I knew what the problem was (nope).. I found something 
interesting though...


The motherboards that don't setup UDMA properly uses a "VIA VT8237 
ISA" for pcib; the one's that setup UDMA properly uses a "VIA VT8235 
ISA". I added some debugging in pciide.c in function apollo_chip_map 
on the switch statement, and the pcib_id it's switching on is 0x0571, 
which in pcidevs is "VT82C571 IDE". Does that mean somewhere the 
VT8237 chipset isn't being setup correctly or something?


I'm a little confused at this juncture, any light that can be shed 
would be greatly appriciated.


Thanks.

Tony Lambiris wrote:

I (think I) found the problem... I will be posting a patch shortly if 
I confirm my suspicions.


Thanks.

Tony Lambiris wrote:

We have some motherboards with (what we think) are the same chips 
and revisions with the same hard drives, but some drives are being 
detected as DMA and others as ATA133. Here is an example:


pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: 
ATA133, channel 0 configured to compatibility, channel 1 configured 
to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5

pciide0 at pci0 dev 15 function 0 "VIA VT82C571 IDE" rev 0x06: DMA, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2

As you can see it's the same IDE chipset, same revision, same 
drives.. the only thing I can think of is it's an IDE ribbon issue, 
but the ribbons we used (which were mixed from the cases and the 
motherboard boxes), were brand new.


Any suggestions?

TIA.









--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: pciide: DMA vs. ATA133

[Tony Lambiris]

I forgot to ask, would it be bad practice to just add 
PCI_PRODUCT_VIATECH_VT82C571 to one of the cases in the switch 
statement? It seems like this might go a little deeper


Tony Lambiris wrote:
Well I thought I knew what the problem was (nope).. I found something 
interesting though...


The motherboards that don't setup UDMA properly uses a "VIA VT8237 ISA" 
for pcib; the one's that setup UDMA properly uses a "VIA VT8235 ISA". I 
added some debugging in pciide.c in function apollo_chip_map on the 
switch statement, and the pcib_id it's switching on is 0x0571, which in 
pcidevs is "VT82C571 IDE". Does that mean somewhere the VT8237 chipset 
isn't being setup correctly or something?


I'm a little confused at this juncture, any light that can be shed would 
be greatly appriciated.


Thanks.

Tony Lambiris wrote:

I (think I) found the problem... I will be posting a patch shortly if 
I confirm my suspicions.


Thanks.

Tony Lambiris wrote:

We have some motherboards with (what we think) are the same chips and 
revisions with the same hard drives, but some drives are being 
detected as DMA and others as ATA133. Here is an example:


pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: 
ATA133, channel 0 configured to compatibility, channel 1 configured 
to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5

pciide0 at pci0 dev 15 function 0 "VIA VT82C571 IDE" rev 0x06: DMA, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2

As you can see it's the same IDE chipset, same revision, same 
drives.. the only thing I can think of is it's an IDE ribbon issue, 
but the ribbons we used (which were mixed from the cases and the 
motherboard boxes), were brand new.


Any suggestions?

TIA.







--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: pciide: DMA vs. ATA133

[Tony Lambiris]

Well I thought I knew what the problem was (nope).. I found something 
interesting though...


The motherboards that don't setup UDMA properly uses a "VIA VT8237 ISA" 
for pcib; the one's that setup UDMA properly uses a "VIA VT8235 ISA". I 
added some debugging in pciide.c in function apollo_chip_map on the 
switch statement, and the pcib_id it's switching on is 0x0571, which in 
pcidevs is "VT82C571 IDE". Does that mean somewhere the VT8237 chipset 
isn't being setup correctly or something?


I'm a little confused at this juncture, any light that can be shed would 
be greatly appriciated.


Thanks.

Tony Lambiris wrote:
I (think I) found the problem... I will be posting a patch shortly if I 
confirm my suspicions.


Thanks.

Tony Lambiris wrote:

We have some motherboards with (what we think) are the same chips and 
revisions with the same hard drives, but some drives are being 
detected as DMA and others as ATA133. Here is an example:


pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5

pciide0 at pci0 dev 15 function 0 "VIA VT82C571 IDE" rev 0x06: DMA, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2

As you can see it's the same IDE chipset, same revision, same drives.. 
the only thing I can think of is it's an IDE ribbon issue, but the 
ribbons we used (which were mixed from the cases and the motherboard 
boxes), were brand new.


Any suggestions?

TIA.





--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: pciide: DMA vs. ATA133

[Tony Lambiris]

I (think I) found the problem... I will be posting a patch shortly if I 
confirm my suspicions.


Thanks.

Tony Lambiris wrote:
We have some motherboards with (what we think) are the same chips and 
revisions with the same hard drives, but some drives are being detected 
as DMA and others as ATA133. Here is an example:


pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5

pciide0 at pci0 dev 15 function 0 "VIA VT82C571 IDE" rev 0x06: DMA, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2

As you can see it's the same IDE chipset, same revision, same drives.. 
the only thing I can think of is it's an IDE ribbon issue, but the 
ribbons we used (which were mixed from the cases and the motherboard 
boxes), were brand new.


Any suggestions?

TIA.



--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

pciide: DMA vs. ATA133

[Tony Lambiris]

We have some motherboards with (what we think) are the same chips and 
revisions with the same hard drives, but some drives are being detected 
as DMA and others as ATA133. Here is an example:


pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5

pciide0 at pci0 dev 15 function 0 "VIA VT82C571 IDE" rev 0x06: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2

As you can see it's the same IDE chipset, same revision, same drives.. 
the only thing I can think of is it's an IDE ribbon issue, but the 
ribbons we used (which were mixed from the cases and the motherboard 
boxes), were brand new.


Any suggestions?

TIA.

--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: bgpctl

[tony sarendal]

On 06/09/05, Karl Austin <[EMAIL PROTECTED]> wrote:
> tony sarendal wrote:
> 
> >I've started to test bgpd to see if I can use if for a future project.
> >Are there any plans to make bgpctl show communities, originator-id and
> >cluster-list ?
> >
> >Any plans of adding route-refresh to bgpctl ? Something like "bgpctl
> >nei  clear (in|out)" ?
> >
> >Although I miss a few features it is really nice to use, it is
> >starting to give me the same feeling as pf. I got a 10 router bgp-only
> >test network up and running in just a few hours, most of the time was
> >spent installing the boxes.
> >
> >/Tony S
> >
> >
> >
> You've read my mind, that was going to be my next question if my issue
> about having multiple communities per route was addressed (I tried
> -current and it doesn't work).  Soft reset, and more route information
> from bgpctl are sorely needed.
> 

I also ran into the problem with multiple communities but I haven't
had time to look closer at it. Have you seen any changes in bgpd since
you tried -current ?

I was going to give it a go tonight if I manage to stay awake.

/Tony

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

bgpctl

[tony sarendal]

I've started to test bgpd to see if I can use if for a future project.
Are there any plans to make bgpctl show communities, originator-id and
cluster-list ?

Any plans of adding route-refresh to bgpctl ? Something like "bgpctl
nei  clear (in|out)" ?

Although I miss a few features it is really nice to use, it is
starting to give me the same feeling as pf. I got a 10 router bgp-only
test network up and running in just a few hours, most of the time was
spent installing the boxes.

/Tony S

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: [OT]: good home switch?

[tony sarendal]

I use OpenBSD boxes with a few 4xFE on two sites as switches/routers =)
I'm am happier with them than the cheapo switches I replaced.

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: sysctl tuning for maximum network performance

[tony sarendal]

> if you want help, your post should start "we have this router and i expect
> it to be going that fast, but it only goes this fast."  if your router is
> already "fast enough", it can't get any faster.  there's a only finite
> number of clients, porn, and pipe to connect them.
> 

I belive recent studies in internet/universe behaviour shows that
there is an infinite amount of porn, you just have to tweak
net.inet.somaxporn correctly.

/Tony

Re: cheap mini-pci ral(4) cards

[tony sarendal]

On 31/08/05, Ben Hooper <[EMAIL PROTECTED]> wrote:
> |The MSI MP54G4 (aka MSI MS-6833) seems to be readily available in
> |the US now.  I just picked one up from www.thenerds.net but a cheaper
> |price can be found at newegg.com.  It seems to work fine in my Sony
> |SRX77.
> |
> |The trick is to search for both the model name (MP54G4) and the
> |part number (MS-6833) since some stores list the card one way and
> |some the other.
> 
> Just be careful which model you pick up. MSI, like many vendors has a habit
> of changing chipsets. For instance, the CB54G2 is a RT2500, but the CB54G is
> Broadcom.
> 

Is there any vendor that doesn't do that ?

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

i386 branch on amd64

[Tony Lambiris]

I know this will run fine, but will the dual-core and such be detected 
and setup correctly, or is this an amd64 specific thing?


TIA.

--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: DELL Latitude D400 without X

[Tony Lambiris]

I actually hacked an existing util for NetBSD to run flawlessly on 
OpenBSD (I have a Dell inspiron 700m).


You can get it here:

http://lysergik.com/~tony/openbsd.phtml

Baldur Sigurpsson wrote:

hi

use this thing:

http://damien.bergamini.free.fr/i855vidctl/

just remember to put the command in /etc/rc.securelevel because on 
openbsd you cannot access some devices you need to, in contrast to linux.


works on my dell inspiron 500m with the 855GM crap:)

Regards, Baldur

Uwe Dippel wrote:


... a continuation of around a year ago
('Warning: Possible Bug in BIOS DELL Latitude D400_A06 !')
It is still valid for 3.7.
In the meantime, the problem has turned out to be really a problem of
crappy DELL BIOSes; now at A08 it still does the same:
Any activation of X freezes the machine completely with a yellowish 
screen.


855wrap on http://www.chzsoft.com.ar/855patch.html solves this. On Linux.
There you compile a binary and run it before starting X. On any machine.
Now I tried to do the same on OpenBSD with the expected result:'Abort 
trap'.

Not quite so expected was, that the source didn't want to compile on
OpenBSD 3.7:
make: don't know how to make %.c.
Stop in ..

I bet quite a few newer DELL notebooks are affected; and I appreciate any
suggestion how to make it work on OpenBSD.
I read the archives here and googled. No result.

Uwe





--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: i386 binaries on amd64

[Tony Lambiris]

In reading some mailing lists, I noticed some people pass in the -m32 
flag when compiling to compile 32bit instead of 64bit... I added the 
flag to the Makefile and everything compiles except when I try to link 
all the objects into an executable, I get these errors:


/usr/bin/ld: warning: i386 architecture of input file `some.o' is 
incompatible with i386:x86-64 output


Is compiling this way possible at all?

Ted Unangst wrote:

On Mon, 29 Aug 2005, Stuart Henderson wrote:



--On 29 August 2005 16:34 -0500, Tony Lambiris wrote:



Is there a way to compile something on i386 OpenBSD box to run on
amd64? or is there a sysctl option I am missing?


Cross-compiling between architectures is not supported, see list archives for
reasons why.



that's not the question he was asking, but the answer is no anyway.



--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

i386 binaries on amd64

[Tony Lambiris]

Is there a way to compile something on i386 OpenBSD box to run on amd64? 
or is there a sysctl option I am missing?


Thanks.

--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: Shouldn't OpenBSD X11 come out with "-nolisten tcp" as default?

[Tony]

Security is not having to say "how high?" when someone says jump!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Miroslav Kubik
Sent: Monday, August 29, 2005 4:54 AM
To: misc@openbsd.org
Subject: Re: Shouldn't OpenBSD X11 come out with "-nolisten tcp" as default?


In my opinion, it is better to have it disabled as default. Nothing is
without bugs. So if we want most secure OS we should disable this function.
If you need it. Enable it.

MK

- Original Message -
From: "Han Boetes" <[EMAIL PROTECTED]>
To: 
Sent: Monday, August 29, 2005 11:32 AM
Subject: Re: Shouldn't OpenBSD X11 come out with "-nolisten tcp" as default?


Vladislav Belogrudov wrote:
> I thought it would make sence for most secure OS.
> One port less listening the World.

It's not a security problem to have an open port. It's a security problem to
have a bad server listening to an open port.

And since nobody knows about a problem with the X server, not even the
people
who have very deep knowledge about X and about security you can safely
assume
it's OK to have that port open by default.

Now if you don't trust any of all those experts and you want to close that
port
for your own machine that's fine, but don't ask the experts to trust on your
intuition while they are providing the OS in the first place.



# Han

Re: 3.8 beta requests

[tony sarendal]

Thanks for not taking the easy route.
Changes are always painful, but if they deliver then it's worth it.

vge0 on Abit Av8 (amd64)

[Tony Lambiris]

64 DRAM Cfg" rev 0x00
pchb9 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00
isa0 at mainbus0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
sysbeep0 at pcppi0
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: Automatic failover of VPN connection when the primary internet connection fails

[tony sarendal]

On 12/08/05, Stoyan Genov <[EMAIL PROTECTED]> wrote:
> Good day,
> 
> Short version:
> 
> Any hints/ideas on setting up a fail-over of an isakmpd-maintained VPN
> connection through a secondary internet line when the primary internet
> line fails, where an autonomous system of IP addresses is not an option?
> Hardware on both sides is i386, OS is obsd/3.7.
> 
> Long version:
> 
> In my office, I have two internet connections, I1 and I2, through two
> different ISPs, ISP1 and ISP2; I1 and I2 use different IP ranges; AS and
> routers are out of the question, unfortunately, as is the possibility of
> routing ISP1's IP range through I2 and vice-versa.
> 
> I have two firewall/gateway machines, F1 and F2; each of them has one
> interface "attached" to one internet connection, one interface to the
> other internet connection, and a third interface for the local network.
> F1 and F2 run obsd3.7/i386.
> 
> Default route for F1 is I1; default route for F2 is I2 (this is the
> current setup, and it is subject to change if needed; the idea is to
> allow people in the LAN manually change their LAN gateway to go
> through I2 if something goes wrong with F1 or I1)
> 
> I have a "remote" LAN, let's call it RL, and a VPN connection between
> F1 and RL via I1; it's a "routed" connection, not a "bridged" one,
> if that matters (that is, the local and the remote LANs are different
> IP networks, and no broadcasts are exchanged). The gateway there also
> runs obsd3.7/i386, and I have full control over it.
> 
> I want to be able to automatically re-build the VPN connection via I2
> if I1 goes down, using isakmpd if possible (would "fall back" to
> openvpn, if I can't do it with isakmpd). I would also like to keep the
> ability of people to manually choose their way to the internet through
> I2, but if not possible, I am ready to introduce a third firewall with a
> default route of I2 just doing NAT for this purpose.
> 
> Any ideas and hints will be appretiated.
> 

Use dynamic routing.
Set ipip (gif) tunnels between your firewalls, encrypt them with
isakampd, run bgpd so your firewalls(routers) learn where the networks
are.

Should one path go down, the bgp session will go down and your network
will re-route.

/Tony

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: Requesting an change in the installer

[Tony]

Alexey E. Suslikov wrote:

Nick Holland wrote:
> PERSONALLY, I prefer to call the single processor kernel "bsd.sp",

bsd.sp is not correct if you crazy about correct terminology :)
bsd.up ("uniprocessor") is correct one.
Alexey.


Maybe it's just me, but everytime I see up I see down as its implicit
alternate.

Re: x86 rings?

[Tony]

Rings and segments are pretty much orthogonal concepts.

C is hardly unique in not supporting segmentation.
The only languages I am aware of that even come close are Burroughs
Algol and PL/I (and as always Basic Assembly). (Lisp?)

But overriding is the fact that x86 supporting segments does not
imply that all the other supported architectures also support.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Dave Feustel
Sent: Thursday, August 04, 2005 6:17 PM
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: x86 rings?


On Thursday 04 August 2005 04:47 pm, [EMAIL PROTECTED] wrote:
> Unless I am very much mistaken, this is Unix not Multics.
> To do anything with the rings, you must make userland
> into a three-ring circus.

That is precisely the point. The C programming language and Unix are
incompatible with the x86 segmentation model, including rings, although
amazing accommodations were made within C for 286 segments by Intel
and Microsoft, et all before 386 flat  addressing took hold. While x86 rings
and segments were neat and useful, if extremely awkward to use within C,
they are rapidly disappearing into the dustbin of history.

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Dave Feustel
> Sent: Thursday, August 04, 2005 4:05 PM
> To: Theo de Raadt
> Cc: [EMAIL PROTECTED]; misc@openbsd.org
> Subject: Re: x86 rings?
>
>
> Ed,
>
> Ever read anything about MIT's Multics and the GE 645?

Re: x86 rings?

[Tony]

Unless I am very much mistaken, this is Unix not Multics.
To do anything with the rings, you must make userland
into a three-ring circus.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Dave Feustel
Sent: Thursday, August 04, 2005 4:05 PM
To: Theo de Raadt
Cc: [EMAIL PROTECTED]; misc@openbsd.org
Subject: Re: x86 rings?


Ed,

Ever read anything about MIT's Multics and the GE 645?

Re: network adapter order

[Tony]

Rod.. Whitworth wrote:
[snip]
>We chose to use 0 for outside 1 for internal and 2 for server. I cannot
fool anybody into thinking that 2 looks like S, dammit!
>From the land "down under": Australia.
Do we look  from up over?

[snicker] try a mirror.

But seriously folks, that looks like THE defitive rule.
If there is just one interface, that one is to the outside.

Re: no sound on Dell4550 (soundblaster live, emu)

[tony sarendal]

>My solution was: unplug that shit and buy a cheap and supported (REAL)
>compatible sb.

Doh !
Screwed over again. Good answer though, time to hit the shop.

Thanks.

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: no sound on Dell4550 (soundblaster live, emu)

[tony sarendal]

emu0 at pci2 dev 0 function 0 "Creative Labs SoundBlaster Live" rev 0x00: irq 10
ac97: codec id 0x83847608 (SigmaTel STAC9708/11)
ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D
audio0 at emu0

I can't get any sign of life at all from this one. Even cat'ing a file
to /dev/audio0 gives me nothing.
rev 0x00, is that really correct ?

Any ideas on how to get to the bottom of this is appreciated.

Re: no sound on Dell4550 (soundblaster live, emu)

[tony sarendal]

On 28/07/05, Chris Kuethe <[EMAIL PROTECTED]> wrote:
> try using mixerctl to turn off all the mutes, turn up all the volumes,
> and then test with something simple like mpg123 and one of the release
> songs...
> 

Good suggestions, but no luck so far.
# mixerctl -a  
outputs.master=255,255
outputs.master.mute=off
outputs.mono=255
outputs.mono.mute=off
outputs.mono.source=mixerout
outputs.headphones=255,255
outputs.headphones.mute=off
outputs.bass=255
outputs.treble=255
inputs.speaker=255
inputs.speaker.mute=off
inputs.phone=191
inputs.phone.mute=off
inputs.mic=191
inputs.mic.mute=off
inputs.mic.preamp=off
inputs.mic.source=mic0
inputs.line=191,191
inputs.line.mute=off
inputs.cd=191,191
inputs.cd.mute=off
inputs.video=191,191
inputs.video.mute=off
inputs.aux=191,191
inputs.aux.mute=off
inputs.dac=191,191
inputs.dac.mute=off
record.source=mic
record.volume=255,255
record.volume.mute=off
record.mic=0
record.mic.mute=off
outputs.loudness=off
outputs.spatial=off
outputs.spatial.center=0
outputs.spatial.depth=0
outputs.surround=255,255
outputs.surround.mute=off
outputs.center=255
outputs.center.mute=off
outputs.lfe=255
outputs.lfe.mute=off
# mpg123 -vv testfile.mp3   
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3.
Version 0.59r (1999/Jun/15). Written and copyrights by Michael Hipp.
Uses code from various people. See 'README' for more!
THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK!
Audio device type: SB Live!

Audio capabilities:
|  s16  |  u16  |  u8   |  s8   | ulaw  | alaw  |
 
  8000  |  M/S  |   |  M/S  |   |   |   |
 11025  |  M/S  |   |  M/S  |   |   |   |
 12000  |  M/S  |   |  M/S  |   |   |   |
 16000  |  M/S  |   |  M/S  |   |   |   |
 22050  |  M/S  |   |  M/S  |   |   |   |
 24000  |  M/S  |   |  M/S  |   |   |   |
 32000  |  M/S  |   |  M/S  |   |   |   |
 44100  |  M/S  |   |  M/S  |   |   |   |
 48000  |  M/S  |   |  M/S  |   |   |   |

Title  : Track 3 Artist: 
Album  : Untitled - 08-01-00 Year  : 2000
Comment: Made with RealJukebox (tm)  Genre : Other

Playing MPEG stream from testfile.mp3 ...
Junk at the beginning 49443303
MPEG 1.0, Layer: III, Freq: 44100, mode: Joint-Stereo, modext: 2, BPF : 417
Channels: 2, copyright: Yes, original: Yes, CRC: No, emphasis: 0.
Bitrate: 128 Kbits/s, Extension value: 0
Audio device type: SB Live!
Audio device type: SB Live!
Audio: 1:1 conversion, rate: 44100, encoding: signed 16 bit, channels: 2

and no more after that.

no sound on Dell4550 (soundblaster live, emu)

[tony sarendal]

Good morning,

I  have a Dell4550 where  which I can't get sound to work on.
Both 3.7 and -current gives me the same result, everything looks ok on boot.

# vlc 
VLC media player 0.8.1 Janus
[0211] mpeg_audio decoder: MPGA channels:2 samplerate:44100 bitrate:192
SDL: Audio timeout - buggy audio driver? (disabled)
audio: Bad file descriptor

Any ideas are welcome.
I intended to leave the box at my parents house since we currently live
in different countries and supporting old windows boxes is no fun.

/Tony

# dmesg
OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.53GHz ("GenuineIntel" 686-class) 2.53 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem  = 535887872 (523328K)
avail mem = 482185216 (470884K)
using 4278 buffers containing 26898432 bytes (26268K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 11/12/02, BIOS32 rev. 0 @ 0xffe90
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfeae0/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801BA LPC" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xf800 0xcf800/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845G/GL" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82845G/GL/GV/GE/PE AGP" rev 0x01
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "Nvidia GeForce4 MX 420" rev 0xa3
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 9
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 3
ehci0: EHCI version 1.0
ehci0: companion controllers, 2 ports each: uhci0 uhci1 uhci2
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub3: single transaction translator
uhub3: 6 ports with 6 removable, self powered
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x81
pci2 at ppb1 bus 2
emu0 at pci2 dev 0 function 0 "Creative Labs SoundBlaster Live" rev 0x00: irq 10
ac97: codec id 0x83847608 (SigmaTel STAC9708/11)
ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D
audio0 at emu0
"Creative Labs PCI Gameport Joystick" rev 0x00 at pci2 dev 0 function
1 not configured
"Texas Instruments TSB12LV26 FireWire" rev 0x00 at pci2 dev 1 function
0 not configured
fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VE" rev 0x81: irq 11,
address 00:07:e9:d2:84:de
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x01
pciide0 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 28610MB, 58593750 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
atapiscsi1 at pciide0 channel 1 drive 1
scsibus1 at atapiscsi1: 2 targets
cd1 at scsibus1 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
cd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
"Intel 82801DB SMBus" rev 0x01 at pci0 dev 31 function 3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 h

Re: Writes to samba server very, very slow

[Tony]

This *may* help.

man mount
 softdep
 (FFS only.)  Mount the file system using soft dependen-
 cies.  Instead of metadata being written immediately,
it
 is written in an ordered fashion to keep the on-disk
 state of the file system consistent.  This results in
 significant speedups for file create/delete operations.
 This option will be ignored when using the -u flag and
a
 file system is already mounted read/write.  It requires
 option FFS_SOFTUPDATES to be enabled in the running
ker-
 nel.

There is a tradeoff between speed and safety.
A rather large tradeoff I suspect ;)

With any disk system, there is the question of what happens when the power
fails.

What is the speed when you copy the 48MB file locally?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Gary Clemans-Gibbon
Sent: Tuesday, July 19, 2005 3:45 AM
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: Writes to samba server very, very slow


Thanks for your reply Tim. If anything it makes me feel worse. I was
hoping it was something easily fixed.

I just tried transferring a 50 Mb file to the OBSD samba box from win
using SCP. Again very slow writes but much faster reads. The 50 Mb file
took about 7 mins to transfer to the OBSD box and about 30 seconds to
read from the OBSD box.

Perhaps this isn't a samba smb issue at all.

My fstab...

# cat /etc/fstab
/dev/wd0a / ffs rw 1 1
/dev/wd1a /data1 ffs rw 1 2
/dev/wd2a /data2 ffs rw 1 2

same result with either data disk. I've been googling all evening and
found many many forum posts with similar problems but no solutions. Some
posts date back to 2002!

If I have to go back to RH7.3 I'll be bummed. Especially as I spent ages
setting up all my families accounts and softlinks for the data store.
Waste of a day!


Tim Hammerquist wrote:
> Gary Clemans-Gibbon wrote:
>
>>David Gwynne wrote:
>>
>>>Gary Clemans-Gibbon wrote:
>>>
Everything is working fine except that when I copy files to the
box from a Windows XP box the transfers are very slow, like
9 minutes for a  48 Mb file. Copying the same file back to the win
box is quick - a couple  of seconds as you'd expect.
>>>
>>>I would suggest looking at the socket options parameter in
>>>/etc/samba/ smb.conf. I have the following in my smb.conf and
>>>transfer speeds  seem to perform a lot better now:
>>>
>>>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>
>>I just tried that line but it seems to be the same or if anything it
>>seems even slower.
>
>
> Gary,
>
> I've seen this same phenomenon when copying to from my OSX Powerbook and
> my fileserver (running both FreeBSD 5 and Gentoo Linux), with the OSX
> acting as samba client.
>
> The transfer speeds are not "slightly" slower, they are slower by orders
> of magnitude, with normally 20sec transfers taking 10-20 minutes.
> I watch the progress meter slowly incrementing at the rate of 32-64k/sec
> over a 100bTX link.  Does this sound like your issue?
>
> In my setup, I had limited success merely unmounting and remounting the
> share; that worked maybe 50% of the time.  Also, the rate seemed to be
> normal more often if I had a simultaneous ssh connection between the
> same two machines, even if the ssh connection were idle.  I was not able
> to find any consistently effective solution.
>
> After googling many times over several months, finding nothing more than
> the same advice you got about TCP_NODELAY and the SO_*BUF settings
> (which did not affect performance in my case either), I finally gave up,
> switching to NFS and/or scp.
>
> For what it's worth, I haven't noticed this since I upgraded my
> powerbook to OSX 10.4, so it might have something to do with the client
> OS, network stack, or Samba version.
>
> I apologize for not having anything solid to recommend.  But I wanted to
> let you know that this *has* happened to others; you're not imagining
> it.
>
> Tim Hammerquist
>
>
> .

Re: interrupt comparison

[tony sarendal]

It would be nice to see a comparison between em and sk.

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: Toshiba laptop 3.7 installation problem

[Tony]

>From a Toshiba Satellite, maybe not too dissimilar:
I assume the Q of "pckbc0 ISA Q Port 0x60/5" is a typo
Seems to be a pckbc0 and a pckbd0
Beyond that I'm out of my depth. (way out;)


Loading...
probing: pc0 mem[639K 478M a20=on]
disk: fd0 hd0+
>> OpenBSD/i386 BOOT 2.06
boot>
booting hd0a:/bsd: 4686240+945680 [52+241338+223324]=0x5d0864
entry point at 0x100120
[snip]
isa0 at isa0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
[snip]

-dmesg
OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz ("GenuineIntel" 686-class) 2.66 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,AC
PI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem  = 502833152 (491048K)
avail mem = 451952640 (441360K)
using 4278 buffers containing 25243648 bytes (24652K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(63) BIOS, date 05/19/03, BIOS32 rev. 0 @ 0xf98d6
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf01c0/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Acer Labs M1533 ISA" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xc000 0xe/0x1!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 vendor "Acer Labs", unknown product 0x1672
rev 0x00
ppb0 at pci0 dev 1 function 0 "Acer Labs M5247 AGP/PCI-PCI" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "Trident CyberBlade XP/Ai1" rev 0x82
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pciide0 at pci0 dev 4 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 57231MB, 117210240 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
autri0 at pci0 dev 6 function 0 "Acer Labs M5451 Audio" rev 0x02: irq 11
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at autri0
midi0 at autri0: <4DWAVE MIDI UART>
pcib0 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
"Acer Labs M7101 Power Mgmt" rev 0x00 at pci0 dev 8 function 0 not
configured
vendor "Acer Labs", unknown product 0x5457 (class communications subclass
modem, rev 0x00) at pci0 dev 9 function 0 not configured
rl0 at pci0 dev 10 function 0 "Realtek 8139" rev 0x10: irq 11 address
00:08:0d:6d:7f:cb
rlphy0 at rl0 phy 0: RTL internal phy
ohci0 at pci0 dev 12 function 0 "NEC USB" rev 0x43: irq 11, version 1.0
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci0 dev 12 function 1 "NEC USB" rev 0x43: irq 11, version 1.0
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 12 function 2 "NEC USB" rev 0x04: irq 11
ehci0: EHCI version 1.0
ehci0: companion controllers, 3 ports each: ohci0 ohci1
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: NEC EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub2: single transaction translator
uhub2: 5 ports with 5 removable, self powered
ath0 at pci0 dev 16 function 0 "Atheros AR5212" rev 0x01: irq 11
ath0: mac 80.6 phy 4.1 radio 1.7 2.3, 802.11a/b/g, WOR4W, address
00:90:96:72:6c:12
gpio at ath0 not configured
cbb0 at pci0 dev 17 function 0 "Toshiba ToPIC100 CardBus" rev 0x33: irq 11
"Toshiba SD Controller" rev 0x05 at pci0 dev 18 function 0 not configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi1 at pcppi0: 
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x0
pcmcia0 at cardslot0
biomask effd netmask effd ttymask 
pctr: user-level cycle counter enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Z L
Sent: Friday, July 08, 2005 9:29 PM
To: Nick Holland
Cc: misc
Subject: Re: Toshiba laptop 3.7 installation problem


On 7/8/05, Nick Holland <[EMAIL PROTECTED]> wrote:
> Z L wrote:
> > I been trying to install Op

Re: OpenBSD with Linksys WRT54G

[Tony]

The Linksys WRT54g has a 4-port switch, an RJ45 jack labeled "Internet", 
and an access point which can speak 11Mbps and/or 54Mbps.
What I do on our local lan is essentially to use it/them as a bridge.
Turn off the Linksys DHCPD, set the internal IP address, set a password,
set whatever parameters desired for wireless access,
and not use the port labeled "Internet".

To effectively show under ifconfig, I think you need a third NIC,
and precisely one cable from the OpenBSD box to the Linksys.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Alari Kask
Sent: Sunday, July 03, 2005 4:16 PM
To: misc@openbsd.org
Subject: OpenBSD with Linksys WRT54G


Hello,
my home network consists of 6 machines, one of them runs openbsd, which
i used for dhcp, nat, pf, php, mysql, etc.
Now i bought a Linksys WRT54g wifi router, at the moment i use the
router's configuration utility, which is accessible over the web,
i'm not familiar with it and it doesn't feel comfortable for me, i'd
still like to use openbsd for serving my home network and use the router
for 100Mb LAN and for WiFi,
my question is - is it possible to just use the router as an access
point and set the firewall rules, dhcpd on my openbsd box, so the router
would just show up as an interface under ifconfig ?

Re: boot failure: If i could drop dead right now ...

[Tony]

Just guessing, but it looks like you are at the very fringe of what BIOS
can and cannot access. Insignificant differences have large consequences,
just like a few inches near the edge of a cliff. If so, any recompile of
the kernel would be unbootable.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Gustavo Rios
Sent: Thursday, June 30, 2005 6:47 PM
To: [EMAIL PROTECTED]; misc
Subject: Re: boot failure: If i could drop dead right now ...


Hey everybody.

I would like to let you know i have "fixed" it.
Now i have the disklabel layout i want.
I managed to get it working because instead of using 512/4K
fragment/block size (using disklabel into expert mode) i tried with
1K/8K for the a partition.

Now it works. Although i have no ideia how block size could influence that.

Would someone mind commenting it, i.e., why i could not use 512/4K for
frag/blk size?

thanks.

PS: Good work for 3.7, just now i have it installed in my box.

On 6/30/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> You'll probably get some better answers from the list, but this may give
> you an idea of what is going on.
> In olden days BIOS would only be able to handle disk within the first
> 1024 cylinders. (That's why you see stuff like 63 sectors/track and 255
> or so heads) Later BIOSes have upped the limit somewhat.
> Until enough of the OS gets itself loaded, the bootstrap is dependent on
> BIOS functions. Afterwards, the BIOS limitations are irrelevant.
>
> If I'm doing strange things with disks, I try to put a bunch of small
> (DOS partitions) at the front end of the disk, Normally a 2G DOS formatted
> C: drive, followed by (or after a few other small partitions)
>
> If you are brave and daring, (and dead accurate with a calculator)
> there are some stunts that can be done with partitions.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Gustavo Rios
> Sent: Thursday, June 30, 2005 4:03 PM
> To: misc@openbsd.org
> Subject: boot failure: If i could drop dead right now ...
>
>
> ... i would be the happiest man in the world!
>
> I am going crazy. It simply does not boot directly from the partition
> when i spare too many of them.
>
> If someone could, please guys, help me i would send you some bears.
>
> With the following set up everything works ok:
>
> fdisk:
>
> Disk: wd0   geometry: 9726/255/63 [156248190 Sectors]
> Offset: 0   Signature: 0xAA55
> Starting   Ending   LBA Info:
>  #: idC   H  S -C   H  S [   start:  size   ]
> 
>  0: 070   1  1 - 6399 254 63 [  63:   102815937 ] HPFS/QNX/AUX
> *1: A6 6400   0  1 - 9726  28 46 [   102816000:53434000 ] OpenBSD
>  2: 000   0  0 -0   0  0 [   0:   0 ] unused
>  3: 000   0  0 -0   0  0 [   0:   0 ] unused
>
> disklabel:
>
> # /dev/rwd0c:
> type: ESDI
> disk: ESDI/IDE disk
> label: Maxtor 6Y080M0
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 16
> sectors/cylinder: 1008
> cylinders: 155009
> total sectors: 15625
> rpm: 7200
> interleave: 1
> trackskew: 0
> cylinderskew: 0
> headswitch: 0   # microseconds
> track-to-track seek: 0  # microseconds
> drivedata: 0
>
> 16 partitions:
> # sizeoffset  fstype [fsize bsize  cpg]
>  a:  51819264 102816000  4.2BSD   2048 16384  328 # Cyl
> 102000 -153407
>  b:   1614736 154635264swap   # Cyl
> 153408 -155009*
>  c: 15625 0  unused  0 0  # Cyl
>0 -155009*
>  i: 10281593763 unknown   # Cyl
> 0*-101999
>
>
> But this one does prevent me from booting.
>
> fdisk:
>
> Disk: wd0   geometry: 9726/255/63 [156248190 Sectors]
> Offset: 0   Signature: 0xAA55
> Starting   Ending   LBA Info:
>  #: idC   H  S -C   H  S [   start:  size   ]
> 
>  0: 070   1  1 - 6399 254 63 [  63:   102815937 ] HPFS/QNX/AUX
> *1: A6 6400   0  1 - 9726  28 46 [   102816000:53434000 ] OpenBSD
>  2: 000   0  0 -0   0  0 [   0:   0 ] unused
>  3: 000   0  0 -0   0  0 [   0:   0 ] unused
>
>
> disklabel:
>
> # /dev/rwd0c:
> type: ESDI
> disk: ESDI/IDE disk
> label: Maxtor 6Y080M0
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 16
> sectors/cylinder: 1008
> cylinders: 155009
> total sectors: 15625
> rpm: 7200
> interleave: 1
> trackskew: 0
> cylinderskew: 0
> headswitch: 0   # microseconds
> track-to-track seek: 0  # microseconds
> drivedata: 0
>
> 16 partitions:
> # sizeoffset  fstype [fsize bsize  cpg]
>  a:161280 102816000  4.2BSD512  4096   21 # Cyl
> 102000 -102159
>  b:   1614736 154635264swap   # Cyl

openbsd fdisk

[Tony Lambiris]

is there a way to have fdisk re-inititalize the disk (fdisk -i ) 
without being prompted to go ahead with the init?


thanks.

--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: SH programming

[Tony]

The following seems to work.

$ year=2005
$ foo=$(expr $year - 1900 )
$ dayscount=$(expr $foo \* 365 )
$ echo $dayscount
38325

Problems include an unescaped asterisk
man expr indicates that parentheses should work
but my playing with them seems to indicate otherwise.
---Correction:
$ dayscount=$(expr \( $year - 1900 \) \* 365 )
$ echo $dayscount
38325

Parens that are destined for expr instead of the shell must also be escaped.




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Otto Moerbeek
Sent: Monday, June 27, 2005 2:08 AM
To: Peter Bako
Cc: misc@openbsd.org
Subject: Re: SH programming


On Sun, 26 Jun 2005, Peter Bako wrote:

> Ok, so this is not really an OpenBSD question but I am doing this on an
> OpenBSD system and I am about to lose my mind...
>
> I have done some basic shell scripting before but I've not had to deal
with
> actual integer math before and now it is killing me.  The script takes a
> parameter in (year number) and is supposed to subtract 1900 from it and
then
> multiply the result by 365.  (This is part of a larger script that deal
with
> converting dates to a single numeric value, but this one problem is an
> example of the problems I am having with this entire script.)  So, this is
> what I have:
>
> #!/bin/sh
> month=$1
> day=$2
> year=$3
>
> dayscount=$(expr ($year - 1900) * 365)
> echo $dayscount
> exit
>
> This will generate a "syntax error: `$year' unexpected" error.  I have
tried
> all sorts of variations and I am not getting it!!!  HELP!!!

When using ksh, you can do:

#!/bin/ksh
month=$1
day=$2
year=$3

dayscount=$((($year - 1900) * 365))
echo $dayscount
exit

When using sh, you'll need expr(1), for which all parts of the
expression are separate arguments, and you need to escape all special
shell chars:

#!/bin/sh
month=$1
day=$2
year=$3

dayscount=`expr \( $year - 1900 \) \* 365`
echo $dayscount
exit

> BTW, obviously I need a good book on SH programming.  Any suggestions?

For ksh, the Korn Shell Book by David Korn and (iirc Morris Bolsky)
comes to mind.

-Otto

Re: Strange df output

[Tony]

Filesystem  512-blocks  Used Avail Capacity  Mounted on
/dev/wd0a   256252180540 6290074%/

256252 blocks less 5% reserve.
This gives 243440 blocks total available for users.
less 180540 gives 62900 blocks currently available for users.
180540/243440  gives 74.162% which rounds to 74%

For a user to write to the disk, it must be less than 100% full.
If root has used up all the reserve, 105% capacity is a fair value,
in that the user will need to free up in excess of 5% in order to
have ANY free space in which to write stuff.

For the above 256252 block partition, the percentages are based
on the 243440 blocks of user-usable space rather than the
total of 256252 blocks of root-usable space.

Probably much kinder on users to run out at 100% than at 95%.
Of course this requires that root runs out at something over 100%.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Matthew S Elmore
Sent: Saturday, June 25, 2005 11:48 PM
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: Strange df output


It was my understanding that this reserved space was not accounted for 
when using 'df'. Hence, you can sometimes have partitions that are 105% 
capacity.

Am I off base on this? It is very possible, it is very late. ;)

 From the FAQ sec 14.14:

People are sometimes surprised to find they have negative available 
disk space, or more than 100% of a partition in use, as shown by df(1).

When a partition is created with newfs(8), some of the available space 
is held in reserve from normal users. This provides a margin of error 
when you accidently fill the disk, and helps keep disk fragmentation to 
a minimum. Default for this is 5% of the disk capacity, so if the root 
user has been carelessly filling the disk, you may see up to 105% of 
the available capacity in use.

On Jun 25, 2005, at 11:41 PM, <[EMAIL PROTECTED]> wrote:

> 5% or so is reserved for root and is not "available".
>
> When everybody has run out of disk space, it is very helpful
> if the situation does NOT apply to root.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf 
> Of
> Matthew S Elmore
> Sent: Saturday, June 25, 2005 11:35 PM
> To: misc@openbsd.org
> Subject: Strange df output
>
>
> Can anyone explain this math to me?
>
> 490M - 32.8M != 433M
>
> Not that it's a big deal but just wondering where that bit of space
> went.
>
> [EMAIL PROTECTED]:/home/matt$ df -h
> FilesystemSizeUsed   Avail Capacity  Mounted on
> /dev/wd0a 490M   32.8M433M 7%/

Re: Strange df output

[Tony]

5% or so is reserved for root and is not "available".

When everybody has run out of disk space, it is very helpful 
if the situation does NOT apply to root.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Matthew S Elmore
Sent: Saturday, June 25, 2005 11:35 PM
To: misc@openbsd.org
Subject: Strange df output


Can anyone explain this math to me?

490M - 32.8M != 433M

Not that it's a big deal but just wondering where that bit of space 
went.

[EMAIL PROTECTED]:/home/matt$ df -h
FilesystemSizeUsed   Avail Capacity  Mounted on
/dev/wd0a 490M   32.8M433M 7%/

Re: can't find /etc/crontab ?

[Tony]

man crontab (from fresh OBSD 3.7)
FILES
 /var/cron/cron.allow  list of users allowed to use crontab
 /var/cron/cron.deny   list of users prohibited from using crontab
 /var/cron/tabsdirectory of individual crontabs

I think there's a reason that they include the man (manual) command.
Works much better than playing guessing games.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Neta
Sent: Saturday, June 25, 2005 6:02 AM
To: misc@openbsd.org
Subject: can't find /etc/crontab ?


Hello All,
I have fresh install machine openbsd 3.7, i couldn't locate any /etc/crontab
?
is this crontab disable by default?
how i can enable it?

Kind regards

Neta

Re: mcopy -s foo a:

[Tony]

Dunno if it will help but
Writing to a fresh floppy (W98)
foo.txt
bar.foobar
dir > dir.txt

The (possibly) long filename take up an extra directory slot
and is in the proper case.
Floppy should be FAT12 (very limited number of clusters)
but this has nothing to do with long file names.
The extension is in mucking with directory entries which
are invisible to DOS.

Sector 19
Af.o.o.. .t.  4294967295  15-31-07   7:63 pm  0   R/O Sys Hid
Vol
FOO  TXT  36   6-21-05   5:10 am  2   Arc
Ab.a.r.. .f.  4294967295   0-00-80  12:03 am  0   R/O Sys Hid
Vol
BAR~1FOO  52   6-21-05   5:11 am  3   Arc
Ad.i.r.. .t.  4294967295  15-31-07   7:63 pm  0   R/O Sys Hid
Vol
DIR  TXT 305   6-21-05   5:11 am  4   Arc
   Unused directory entry
Unused directory entry
Sector 19
:  41 66 00 6F 00 6F 00 2E - 00 74 00 0F 00 65 78 00
Af.o.o...t.$.ex.
0010:  74 00 00 00 FF FF FF FF - FF FF 00 00 FF FF FF FF
t...__..
0020:  46 4F 4F 20 20 20 20 20 - 54 58 54 20 00 B4 2F 29 FOO TXT
.&/)
0030:  D5 32 D5 32 00 00 41 29 - D5 32 02 00 24 00 00 00
+2+2..A)+2.$...
0040:  41 62 00 61 00 72 00 2E - 00 66 00 0F 00 52 6F 00
Ab.a.r...f.$.Ro.
0050:  6F 00 62 00 61 00 72 00 - 00 00 00 00 FF FF FF FF
o.b.a.r.
0060:  42 41 52 7E 31 20 20 20 - 46 4F 4F 20 00 8B 51 29 BAR~1   FOO
.oQ)
0070:  D5 32 D5 32 00 00 64 29 - D5 32 03 00 34 00 00 00
+2+2..d)+2.4...
0080:  41 64 00 69 00 72 00 2E - 00 74 00 0F 00 DB 78 00
Ad.i.r...t.$._x.
0090:  74 00 00 00 FF FF FF FF - FF FF 00 00 FF FF FF FF
t...__..
00A0:  44 49 52 20 20 20 20 20 - 54 58 54 20 00 0E 71 29 DIR TXT
.q)
00B0:  D5 32 D5 32 00 00 72 29 - D5 32 04 00 31 01 00 00
+2+2..r)+2.1
..
00C0:  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00

00D0:  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00

00E0:  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Juan J. Martmnez
Sent: Tuesday, June 21, 2005 4:54 AM
To: misc
Subject: Re: mcopy -s foo a:


El mar, 21-06-2005 a las 11:39 +0200, Juan J. Martmnez escribis:
>[..]
> May be is related to FAT16 and the extension for long filenames.

Well, now I don't know if floppies have FAT16 or FAT12.

Anyway I think the problem is related to FAT (no bits :D) and long
filename support.

regards,

Juanjo

Re: No man pages after installing bash

[Tony]

Check /etc/man.conf
from fresh 3.7 install (with bash and a few others installed)
?? Did you install the man pages ??

bash-3.00$ cat /etc/man.conf
#   $OpenBSD: man.conf,v 1.8 2001/04/05 19:05:49 millert Exp $

# Sheer, raging paranoia...
_versionBSD.2

# The whatis/apropos database.
_whatdb /usr/share/man/whatis.db
_whatdb /usr/local/man/whatis.db
_whatdb /usr/X11R6/man/whatis.db

# Subdirectories for paths ending in '/', IN SEARCH ORDER.
_subdir cat1 man1 cat8 man8 cat6 man6 cat2 man2 cat3 man3 cat5 man5
cat7 man7 cat3f man3f cat4 man4 cat9 man9 cat3p man3p

# Files typed by suffix and their commands.
# Note the order, .Z must come after .[1-9n].Z, or it will match first.
_suffix .0
_build  .0.Z/usr/bin/zcat %s
_build  .0.gz   /usr/bin/gunzip -c %s
_build  .[1-9n] /usr/bin/nroff -man %s
_build  .[1-9n].Z   /usr/bin/zcat %s | /usr/bin/nroff -man
_build  .[1-9n].gz  /usr/bin/gunzip -c %s | /usr/bin/nroff -man
_build  .[1-9][a-z] /usr/bin/nroff -man %s
_build  .[1-9][a-z].Z   /usr/bin/zcat %s | /usr/bin/nroff -man
_build  .[1-9][a-z].gz  /usr/bin/gunzip -c %s | /usr/bin/nroff -man
_build  .tbl/usr/bin/tbl %s | /usr/bin/nroff -man
_build  .tbl.Z  /usr/bin/zcat %s | /usr/bin/tbl |
/usr/bin/nroff -man
_build  .tbl.gz /usr/bin/gunzip -c %s | /usr/bin/tbl |
/usr/bin/nroff -man
_build  .me /usr/bin/nroff -me %s 2>/dev/null | cat -s

# Sections and their directories.
# All paths ending in '/' are the equivalent of entries specifying that
# directory with all of the subdirectories listed for the keyword _subdir.

# default
_default/usr/{share,X11R6,X11,contrib,gnu,local}/{man,man/old}/

# Other sections that represent complete man subdirectories.
X11 /usr/X11/man/
X11R6   /usr/X11R6/man/
contrib /usr/contrib/man/
local   /usr/local/man/
new /usr/contrib/man/
old /usr/share/man/old/

doc /usr/share/doc/{sendmail/op,sendmail/intro}

# Specific section/directory combinations.
1
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}1
2
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}2
3
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}3
3F  /usr/share/man/cat3f
3f  /usr/share/man/cat3f
3P  /usr/share/man/cat3p
3p  /usr/share/man/cat3p
4
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}4
5
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}5
6
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}6
7
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}7
8
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}8
9   /usr/share/man/{cat,man}9
-bash-3.00$

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Timothy Horie
Sent: Monday, June 20, 2005 5:31 PM
To: misc@openbsd.org
Subject: No man pages after installing bash


Hello,

I can't use man pages for some reason after I installed bash and login
using bash. I typed 'man dump' and it says that it can't find a manual
page for that.

I looked at some help on the web and there's a MANPATH but I'm not sure
what to set it to. I also looked at the /etc/man.conf but everything in
there should be the same as when I was using sh (csh). I don't know what
the problem is.

Thanks
Tim

Re: Why timezone it is always incorrect??

[Tony]

User A is on the east coast.
User B is on the west coast.
They both use the same computer.
What time is it?

UTC is the correct time.
User wants to view time in his own time zone.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
C. L. Martinez
Sent: Saturday, June 18, 2005 3:05 PM
To: misc@openbsd.org
Subject: Why timezone it is always incorrect??


Hi all,

 Is not possible to adjust clock under OpenBSD correctly??? I do not
understand why cmos clock needs to leave at UTC. why?

 Do i need to recompile kernel with TIMEZONE option to correct this
"bug"?? Is not possible to use sysctl tool to correct this???

Thank you very much.
 
-- 
C.L. Martinez
[EMAIL PROTECTED]

Re: Theo gave an interview to Forbes Mag. about Linux

[Tony]

Correctness is difficult.
Actually, security is the easier part.
(and it's easier to keep score;)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
chefren
Sent: Friday, June 17, 2005 6:17 PM
To: misc@openbsd.org
Subject: Re: Theo gave an interview to Forbes Mag. about Linux


http://www.forbes.com/intelligentinfrastructure/2005/06/16/linux-bsd-unix-cz
_dl_0616theo.html


"Torvalds, via e-mail, says De Raadt is "difficult" and declined to
comment further. "


ROFL...

+++chefren

Re: VPN Remote Services Connetivity

[tony sarendal]

On 17/06/05, Stephen Marley <[EMAIL PROTECTED]> wrote:
> On Fri, Jun 17, 2005 at 11:29:03AM -0500, dontek wrote:
> > I have just configured a VPN tunnel between two OpenBSD firewalls /
> > gateways following the VPN man page nearly word-for-word.  All is
> > working well... mostly:
> >
> > On either end, on machines behind the firewall, I can connect to any
> > service on any machine on the remote end.
> >
> > However, if I am on the the firewall machines themselves, I can ping
> > machines on the remote end, but service connection fails.
> >
> > for instance, I can ssh to a box on the remote end from a machine
> > behind the firewall, but if i attempt to ssh to the same remote box
> > from the firewall itself, i get a "connection refused".  This is true
> > on both ends.
> >
> > Are there additional rules I need to put into pf for this type of
> > connectivity?  What am I missing?
> 
> I'll guess that the ping works because you're using ping -I to specify
> the source address as an internal lan address. However your ssh will
> have the firewall's external address as its source address and it will
> not get encapsulated since there are no flows defined for gateway to
> network, only network to network.
> 
> You could define additional SAs for the gateway to network connections,
> but I think just adding a route pointing to your inside interface will
> work. For example, if your gateway's internal address is 192.168.1.1 and
> the remote network is 10.10.10.0/24, on the gateway run:
> route add 10.10.10/24 192.168.1.1
> 

If you use ping -I, how about ssh -b also ?

/Tony

Re: OSPFd over IPSEC (enc)?

[tony sarendal]

On 16/06/05, Michael Favinsky <[EMAIL PROTECTED]> wrote:
> Can two 3.7 servers running OSPFd talk OSPF to each other over an IPSEC
> tunnel, or worded in another way, an enc interface?
> 
> I have two sites with a WAN link and I want to use the Internet (VPN) as a
> backup route. The concept is that under normal circumstances, the OSPF
> routing table would have valid routes between the two sites over both the
> VPN and WAN links. If the WAN link failed, there'd still be a valid route
> between the two sites over VPN.
> 

if you want to do things like dynamic routing over IPsec use a
tunneling protocol like IPIP(gif) or GRE. Set up the tunnel and the
just configure IPsec to encrypt the tunnel.

/Tony S

Re: interface groups and pf

[tony sarendal]

pf is the best thing since the 1-litre stella bottle. It's good to see
that it continues to improve. This is cool stuff.

/Tony S

Dell Inspiron 700m

[Tony Lambiris]

I've got some good news..

I installed OpenBSD on my Dell Inspiron 700m... so far (with a snapshot 
of Jun 15th) I am able to get wireless to be functional, and I just 
finished porting over the the 855resolution hack for the VBIOS to get 
full widescreen 1280x800 support (broken Dell BIOS workaround). I still 
have yet to test sound and such (even though it is detected 
successfully), but once I straighten everything out with this laptop, I 
will post a dmesg and the code to fix the VBIOS.


ROCKIN!! :)

--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: GRUB's boot parameter

[Tony Lambiris]

speaking of GRUB:
"The most embarassing comment came from a developer of the GRUB project 
who went only by the name of 'Gord'. 'This function is truly horrid,' he 
wrote. 'We try opening the device, then severely abuse the 
GEOMETRY->flags field to pass a file descriptor to biosdisk. Thank God 
nobody's looking at this comment, or my reputation would be ruined.'"


-- From the OpenSolaris code, h00h0h0h0h0

Bob Beck wrote:

This is probably because OpenBSD != NetBSD, and
I suspect grub is using whatever it's notion of a netbsd boot
block is. You probably have to fix grub somehow to use a current
OpenBSD boot block, as opposed to attempting to start a kernel
boot as if it were NetBSD. Ask them for a --type=openbsd option
would be a start.

-Bob

* ikesan <[EMAIL PROTECTED]> [2005-06-16 10:23]:


Hellow.

I'm gonna boot OpenBSD from GRUB in FD.
The parameter is following.

root (hd2,0,a)
kernel --type=netbsd /bsd

But unfortunately panic occured.

Message is following.

panic: /boot too old: upgrade!

This is first time that I installed OpenBSD in my PC (Athron CPU).
And this PC contains some kind of OSs.
So I usualy boot any OS from GRUB in FD.

If version of OpenBSD 3.7 's boot parameter changed or parameter I set
was wrong, please let me know correct thing.

--
[EMAIL PROTECTED]
-






--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: moving to a bigger disk

[Tony Lambiris]

its quite simple... boot into single user mode, foreach partition you 
have, mount the src under /src/X and /dst/X (where src is the old disk 
and dst is the new disk) and do a:

cd /src/X; tar cf -  . | (cd /dst/X; tar xpf - )

ive used this before, works great.
after that just make sure you install your boot blocks.

Mihai IACOB wrote:

Hello!
I need to move my OpenBSD 3.6 installation to a bigger disk, because
the /usr partition is 92% full. And no, I cannot keep both disks. I
searched google and found nothing similar to my situation.
I think I can partition and label the new disk, dd the / partition,
then copy /var and /usr with tar/pax/cpio, switch the disks and pray
it works.
Do you think the above steps might work or did anyone do this before?
Thank you for your time.
Mihai IACOB



--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: NFS sometime stalls

[Tony Lambiris]

The only NFS problems I've really ever had w/ OpenBSD, is if our NFS 
server goes down or is rebooted, the NFS mount never comes back and will 
essentially hang (especially if you try to unmount the stale link)... 
I've never tried a mount -u or a unmount -f tho...


Federico Giannici wrote:

I have an MX mail server that receives email messages and saves them to
an email storage server via NFS.

Both pc are OpenBSD i386, version 3.7 for the NFS client (MX server) and
3.4 for the NFS server (the storage server).

 From time to time the connections from the NFS clients seem to freeze
(at least the new ones).

I applied the famous NFS patch that disables write gathering for v3
(http://marc.theaimsgroup.com/?l=openbsd-misc&m=110676811107986&w=2),
but the problem remains (perhaps a little less frequent).

I have also raised the number of nfsd processes and "vfs.nfs.iothreads" 
to 20.


The server uses a fxp interface and the client an sk one. From "netstat 
-i" I have seen that there are no errors or collisions.


Here is the nfsstat output for the client and the server after almost a 
day of uptime:


Client Info:
Rpc Counts:
  Getattr   SetattrLookup  Readlink  Read WriteCreate   
Remove
   13640012429651 0 13653178549 25790
25819
   Rename  Link   Symlink Mkdir Rmdir   Readdir  RdirPlus   
Access
 5415 20016 016 0336388 0 
 1359316

MknodFsstatFsinfo  PathConfCommit
0 27008 1 0 42530
Rpc Info:
 TimedOut   Invalid X Replies   Retries  Requests
4 0   139 28889   2600564
Cache Info:
Attr HitsMisses Lkup HitsMisses BioR HitsMisses BioW Hits 
 Misses
  1669083136400   1239823424253 67080 13653632860   
178549

BioRLHitsMisses BioD HitsMisses DirE HitsMisses
0 0 0 0 26996 27954


Server Info:
  Getattr   SetattrLookup  Readlink  Read WriteCreate   
Remove
90847 0269426 0  8882137000 16908
16947
   Rename  Link   Symlink Mkdir Rmdir   Readdir  RdirPlus   
Access
 3263 13427 0 0 0197032 0   
872760

MknodFsstatFsinfo  PathConfCommit
0 16594 0 0 28598
Server Ret-Failed
65447
Server Faults
0
Server Cache Stats:
   Inprog  Idem  Non-idemMisses
   21 14256   920   1657428
Server Write Gathering:
 WriteOps  WriteRPC   Opsaved
   136997137000 3


What make me worry is the hight value of the "Ret-Failed" field.
Is it normal?

I have no experience of NFS, is it normal that sometime ot stalls?
What else I could do to prevent this to happen?


Thanks.



--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: Some Sites Don't Load Behind pf NAT

[Tony]

Dunno if relevant, but a long time ago, routing ethernet
over an internal SLIP connection (don't ask, fiber is much better),
connections were real flaky until I upped the MTU on the
SLIP connection to 1500. Seems Microsoft likes to put a
"Don't Fragment" into the TCP/IP setup and silently ignores
fragmented packets, or at least did.
If both ends like full 1500 byte packets and one end
cannot accept fragments (either end?) .

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Javier Villavicencio
Sent: Sunday, June 12, 2005 10:28 PM
To: Serban Giuroiu
Cc: misc@openbsd.org
Subject: Re: Some Sites Don't Load Behind pf NAT


Serban Giuroiu wrote:
> Hello.
>
> I have an OpenBSD 3.7 box set up as a router and
> server for my home network. It connects to the
> Internet through the kernel PPPoE driver. Naturally, I
> use pf on that box. Everything runs smoothly, but
> there are certain websites that do not load properly
> from machines behind the NAT router.
>
> When trying to access http://mail.yahoo.com or
> http://linuxhardware.org, an initial connection is
> made, but no further data comes in as the web browser
> sits and waits. However, if I open those pages in lynx
> from the OpenBSD box, they load without any problems.
> Most other websites load correctly from all machines
> on my network.
>
Had the very same problem.
> Searching Google, I found a similar problem posted to
> this list a couple years ago in which an MTU setting
> and fragmentation were the cause of the strage
> behavior
> (http://www.monkey.org/openbsd/archive/tech/0211/msg00163.html).
Didn't found this one.

> The poster added "scrub out all no-df max-mss 1452" to
> his pf configuration and that fixed his problem.
>
> As recommended in the pppoe(4) man page, I set the MSS
> for the pppoe interface to 1440. I played around with
> different MSS's and scrubbing out the DF bit, but my
> problem remains. Does anyone know what is causing this
> strange problem and how to fix it?
>
[snip]
As Shawn says, I installed squid as a transparent proxy trying to solve
this,
but some of the sites worked, and some didn't. This is what (I think, too
much
trial and error before everything worked fine) solved that problem:

scrub in all fragment reassemble random-id
scrub out on pppoe0 max-mss 1452

Just to help you testing, this is what I did with the sites that didn't
opened
correctly: From the machine behind the nat that isn't working well, *telnet*
to
that site on port 80, and try to get the same page writing (or pasting) the
HTTP
GET command, for example: "GET / HTTP/1.0" (without quotes).

Trying that you will find that if you type wrong thing on telnet, generally,
most sites send you an error page. Funny though, it seems that some error
pages
aren't big enough to "fill" a tcp packet and you get the error page fine,
while
the actual page u're trying to see is so big (the html text) that the
MTU/MSS
screws up.

Hope it helps,
Salu2.
Javier.

Re: heal the world, and misc@ [strictly coffeetime reading]

[Tony]

The gcc thread. The advice is to NOT use strange optimizations. 
The experience supports that advice. This is similar to people 
not following a recipe and complaining that the recipe doesn't work.

This thread is started by someone with a degree in "teaching 
computer science", who is afraid to teach.

There is an old saying, "When in Rome do as the Romans". 
Seems incredibly stupid to go to Rome and tell the Romans 
how they ought to behave. Of course they react.

In terms of damaging tender young minds, your "little social
experiment", presented as if it had any redeeming virtues,
probably does the most damage.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
-f
Sent: Saturday, June 11, 2005 7:52 AM
To: OpenBSD
Subject: Re: heal the world, and misc@ [strictly coffeetime reading]


hi there,

for those who did not delete another post w/this subject:

i am mostly impressed by the answers, positive, negative.
my little social experiment reaffirms the following:

it is not threads like i started which add too much noise
to the list.  it's the answers.  this thread contains
almost all of the archetypal answers one can get:
-the fuck off style
-i agree but why starting this
-i disagree but why starting this
-you are a troll
-long live anarchy
-stop this thread
-you are full of shit because you provided only your initials
-etc, etc.

very few of them actually add anything meaningful.
all these people could have flamed me offlist, because
they do precisely know how much the others are not interested
in it.  my very favourites are "stop this thread", adding
the most noise w/o any real meaning.

some other remarks:
-instead of nazis, terrorists are the next favourite target group
-there is always someone telling you "run a spelcheker, idiot" (probably
 never heard of dyslexics)



let me try again, because i love you all:

please, reread the thread about the gcc stuff.  before reading
it, forget that you are member of this list, that you know the
stuff you know about openbsd.  imagine a friend sent it to you
for amusement.  what would you think about this list in general?



i know i can't change people, and don't want to, that's why i do
NOT teach (spare me the "you always change people stuff", and go read
amok by stefan zweig), all of you who were kind enough to "enlighten"
me how pointless my post was, here is a surprise: it wasn't.  it shows
just how much everyone want to see his/her name in the list, even
when adding nothing to the thread.  could have told me offlist.


be polite, learn to ignore, or do the thing offlist.  that was my
message most of you missed.

anyway, i will now go back and do what i advised. i will answer
you offlist, or ignore you.  thank you for ignoring me.

-f
-- 
you will become rich and famous unless you don't.

Re: heal the world, and misc@ [strictly coffeetime reading]

[Tony]

OpenBSD has an annoying habit of being right.
Perhaps if OpenBSD can be civilized into not speaking their minds,
OpenBSD won't be so annoying (by not being so right).
That seems to be the implicit thrust of these thingees.
Flames invited if I've misread the situation.



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Rick Barter
Sent: Friday, June 10, 2005 2:59 PM
To: OpenBSD-Misc
Subject: Re: heal the world, and misc@ [strictly coffeetime reading]


dereck wrote:
>>Look, I don't 'act all tough on the net'.  I just
>>refuse to sit idly 
>>by while mamby pamby whiners are spouting crap. 
>>And, in real life, 
>>I'd say the same thing to him.
> 
> On this I'll have to draw the line - that is plainly
> Bullshit.  You would not say anything like this to his
> or her face, because you are a coward hiding behind
> your keyboard.  In the "real world" no one would take
> what you dish on this list, and that is the plain
> fact.  No company or government job would put up with
> it.  We have to because it is a public list.  But you
> are so full of it that it is painful to watch.  You
> would not say these things and stay gainfully
> employed.

Not true.  I have spoken my mind many times in-person and at work, to 
managers and presidents.  I have never been fired for anything I've 
said because I don't attack people personally.  I would gladly have a 
discussion in real-life with anyone on this list.  Only a fool or 
someone as immature as you would actually get so defensive.  Rational 
people can disagree cannot they not?  They can argue points without 
breaking into a fist-fight, can't they?  Maybe you don't understand 
the difference between arguing a point and just arguing.

> You are driving people away from trying and using
> OBSD, and I (for one) hope that you are at least proud
> of yourself.  This is the MISC list, for crissakes,
> and we should be more helpful to newbies.  As a
> technical project, Linux is a mess; but it continues
> to grow not in small part to the esprit de corps that
> the users openly encourage.  Newbie questions on Linux
> lists are not discouraged, and a "keep at it - it'll
> come" encouragement is not at all unusual.  They are
> even proud of getting their grandmothers to use it!  

Never once during this thread have I advocated NOT helping new people. 
  Please re-read my response to the original post.  I have never 
once discouraged someone from participating on this list and have 
helped whenever and wherever I can.

> We, by contrast, have to put up with the "better than
> you" attitude from the vocal minority on this list
> which reminds one unpleasantly of Jerry Fallwell,
> Osama bin Liden, and other wacko religious crowds.

> Put a sock in it, Rick.  Almost everyone met your type
> in grade school.  Small boys who pick fights with
> younger girls, or kick the neighbor's dog, are not
> uncommon.  You are not "keeping it real," or "setting
> the story straight," or "protecting us from assholes."
>  You ARE the asshole.  

Hahaha are you saying I'm a wacko, a terrorist?  Why, because I have 
an opinion I feel strongly about, tried to make a point, and am 
defending my assertions?  This is what I'm talking about.  The world 
is being conditioned such that if you argue with someone, you're the 
enemy.  Grow up.  Oh, and thanks for calling me an asshole.  You made 
my day.

> If you will stop "protecting us" maybe the user base
> will expand. [And yes, I'll be glad to answer
> questions and help - with money, time, and anything
> else.]

Haha.  Who cares if the user base expands.  The OpenBSD team doesn't. 
  Go read some documentation.  They code this stuff for their own 
pleasure/use.  I happen to like the system and come along for the ride.

And if anyone wants to come to my house and discuss it over tea or 
coffee or anything let me know and I'll give you my address.

rvb

Re: heal the world, and misc@ [strictly coffeetime reading]

[Tony]

Some people on this list seem to have some anger management issues.
Some people not on this list seem to have some anger management issues.
Both statements true and both statements approximately equally relevant.

Overall, this list seems quite a friendly place, and if anything
is surprising, it is the reticence of many of the regulars.

A degree in "teaching computer science".
This is very good for teachers who know some computer science to teach
a lot of people something about computer science. In which case it is
probably beneficial that this big mass of humanity, who will never even
begin to understand the stuff, feel good about themselves.
This list cannot serve that purpose. That much is obvious, even if I
weren't lurking on the list. Whatever OpenBSD's goals or achievements,
mediocrity isn't in the list. Whatever they have achieved, they have
achieved with limited resources and according to their own priorities.
They are not so stupid as to let some outsiders set their priorities or
to tell them how they should behave.

Bluntly, at the low to mediocre end, how well the teacher teaches is what
matters. At the high end, it's strictly how well the teacher knows the
subject that matters. If you are after the high end, you tend to listen
to the best teacher, experience, which to the best of my knowledge, has
none of the finer social graces. Seems like OpenBSD, quite correctly,
caters to the high end. There are plenty of other avenues for the rest.

As for anger being expressed, I've seen too many times when the only way
that things do get fixed is when somebody gets mad enough to actually do
something about it. If a bit leaks around the fringes, seems like a very
small price to pay. Certainly nothing that an outsider (myself included)
has any right to complain about.

During my education I have been probably more fortunate than most in having
had a few good teachers. Looking back, seems like the only thing these good
teachers had in common was some kind of intensity or drive or belief in
what they were teaching. I find the same kind of stuff here, so I lurk here.



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Roy Morris
Sent: Friday, June 10, 2005 11:38 AM
To: [EMAIL PROTECTED]
Cc: -f; OpenBSD
Subject: Re: heal the world, and misc@ [strictly coffeetime reading]


Bram Van Dam wrote:

>
> I particularly agree with this bit. Some people on this list seem to
> have some anger management issues.


damn it!! we don't! we can contain ourselves!!! .. got it !! huh!!!

lol

Re: Tuning gigabit bridging firewall for better performance

[Tony Sarendal]

On Thursday 09 June 2005 22:00, nate wrote:
> Tony Sarendal said:
> > When it comes to network performance most plattforms have limitations in
> > packets per second before bandwidth. Please post the performance in pps
> > also,
> > as that is more interesting and more relevant, especially in the GigE
> > case.
>
> I don't see a way in iperf to get this stat, I will try to find
> another tool, I did a crude test which basically involved clearing
> the counters on my switch, using a stop watch and measuring the
> time period. the results were approx 43,000 pps (1467476
> packets sent, 718984  recieved during the 1.7GByte test), throughput
> was 400Mbit
>
> > The fastest pc os around according to google is FreeBSD which has broken
> > the 1Mpps limit on pc hardware (2.8 GHz Xeon), but that is not wirespeed.
>
> yeah I remember reading that news when they first broke that
>
> > If you expect to see wire speed your box has to handle 1.5Mpps, for just
> > one direction GigE. What kind of pps numbers are you seeing ?
>
> not really expecting wire 1Gbit speed, just closer to the wire
> speed I am getting (~700Mbit) without the bridge. as-is I am
> getting 200-300Mbit less vs going raw over the switch.
>
> I will try to look for another tool, if you or anyone has any
> suggestions let me know
>

Now about netstat on your openbsd box ?
netstat -I  -w10


-- 
---
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
-= The scorpion replied,
"I couldn't help it, it's my nature" =-

Re: Tuning gigabit bridging firewall for better performance

[Tony Sarendal]

On Thursday 09 June 2005 17:25, nate wrote:
> Hello --
>
> I am testing out a couple of new firewalls running
> openbsd 3.6 (plan to upgrade to 3.7 soon), I did
> some searches to see what kind of performance I
> can expect and didn't come up with much other
> than one posting where a guy got more than
> 800Mbit of throughput.
>
> Currently I am testing with pf disabled, just
> bridging the traffic to take pf out of the
> picture.
>
> Without bridging the traffic I get about ~700Mbit
> of throughput. When I bridge the traffic it peaks
> at ~500Mbit(as measured by iperf between 2 linux
> hosts)
>
>
> CPU spends approx 20-40% servicing interrupts
> according to top.
>
> I was expecting similarly good results(at least
> closer to wire speed) as the poster who got
> 800Mbit+ of throughput as my hardware is approx
> twice as fast as his(he had a 1.8Ghz Xeon)
>
>
> system specs:
> Supermicro 6034HX8R Motherboard
> Intel Xeon EM64T 3.4Ghz 1MB Cache(1 CPU)
> 2GB PC3200 Registered ECC DDR-II Memory
> ICP Vortex SCSI Raid card with 128MB Cache
>  - 4 x 36GB U320 10k RPM SCSI disks in raid 10
>
> Dual onboard Intel GigE network cards(em driver)
> Dual port PCI-X Intel GigE network card(em driver)
> Quad port PCI-X Intel GigE network card(em driver)
>
>
> I have both interfaces on the dual port PCI
> card bridged, and both pairs of interfaces
> on the quad port bridged. Performance does
> not vary between the dual port PCI-X and the
> quad port PCI-X.
>
> I was hoping with the dual and quad port
> cards that it would reduce interrupt hits
> if both ends of the bridge are on the same
> card. I haven't tried crossing the bridge
> between the two cards yet.
>
> while this performance is acceptable, I was
> hoping for some tips on getting it closer to
> wire speed, or reducing interrupt usage.
>
> Since I don't seem to be CPU bound(~70% idle)
> perhaps it is network driver related? Is there
> a better driver to use? Or a better network
> card?
>

When it comes to network performance most plattforms have limitations in 
packets per second before bandwidth. Please post the performance in pps also, 
as that is more interesting and more relevant, especially in the GigE case.

The fastest pc os around according to google is FreeBSD which has broken the 
1Mpps limit on pc hardware (2.8 GHz Xeon), but that is not wirespeed.

If you expect to see wire speed your box has to handle 1.5Mpps, for just one 
direction GigE. What kind of pps numbers are you seeing ?

Tony

-- 
---
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
-= The scorpion replied,
"I couldn't help it, it's my nature" =-

Re: Gigabit Firewall NIC Interrupt Performance Problem

[Tony Sarendal]

On Tuesday 07 June 2005 22:39, Sean Knox wrote:
> Tony Sarendal wrote:
> >>>On Tuesday 07 June 2005 20:17, Sean Knox wrote:
> >>>>I installed the NIC to the shared PCI slot and it has helped, but not
> >>>> as much as I expected. Now that all NICs are sharing an IRQ, interrupt
> >>>> usage has dropped from ~90% to ~70%. I'm pushing about 25 kb/s
> >>>> across two NICs, which makes me wonder the max throughput I can expect
> >>>> on a firewall on these Intel boxes.
> >>>
> >>>What is that in packets per second ?
> >>
> >>Ingress is 16255 packets/sec and egress is 18032 packets/sec.
> >
> > 16k+18k pps at 70% interrupt cpu ? On a modern PC ?
> > That sounds disapointing to say the least.
> >
> > I checked one of my ancient 600Mhz P3 with a four port dc, it's doing
> > 15k+15k at 33% interrupt cpu. I dug through old emails and found that an
> > old firewall I had with Athlon850MHz and one ti (netgear) doing 26k+26k
> > on it's vlan trunk at 15% interrupt cpu.
> >
> > Please tell me your box is an old piece of junk like my boxes.
>
> Nope-- it's a Supermicro 6023P-8
> (http://supermicro.com/products/system/2U/6023/SYS-6023P-8.cfm). Intel
> Xeon 2.4, 533mhz bus, onboard dual Intel 82546EB gige nics, 133mhz
> PCI-X, etc. etc. I'm running a snapshot from June 3 and as far as I can
> tell, apm is not enabled (did a dmesg|grep apm).
>
> Sean

I would expect a box with those specs to be able to handle 40kpps without 
breaking a sweat.

-- 
---
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
-= The scorpion replied,
"I couldn't help it, it's my nature" =-

Re: Gigabit Firewall NIC Interrupt Performance Problem

[Tony Sarendal]

On Tuesday 07 June 2005 20:56, Sean Knox wrote:
> Tony Sarendal wrote:
> > On Tuesday 07 June 2005 20:17, Sean Knox wrote:
> >>I installed the NIC to the shared PCI slot and it has helped, but not as
> >>much as I expected. Now that all NICs are sharing an IRQ, interrupt
> >>usage has dropped from ~90% to ~70%. I'm pushing about 25 kb/s
> >>across two NICs, which makes me wonder the max throughput I can expect
> >>on a firewall on these Intel boxes.
> >
> > What is that in packets per second ?
>
> Ingress is 16255 packets/sec and egress is 18032 packets/sec.

16k+18k pps at 70% interrupt cpu ? On a modern PC ?
That sounds disapointing to say the least.

I checked one of my ancient 600Mhz P3 with a four port dc, it's doing 15k+15k 
at 33% interrupt cpu. I dug through old emails and found that an old firewall 
I had with Athlon850MHz and one ti (netgear) doing 26k+26k on it's vlan trunk 
at 15% interrupt cpu.

Please tell me your box is an old piece of junk like my boxes.

-- 
---
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
-= The scorpion replied,
"I couldn't help it, it's my nature" =-

Re: Gigabit Firewall NIC Interrupt Performance Problem

[Tony Sarendal]

On Tuesday 07 June 2005 20:17, Sean Knox wrote:
> I installed the NIC to the shared PCI slot and it has helped, but not as
> much as I expected. Now that all NICs are sharing an IRQ, interrupt
> usage has dropped from ~90% to ~70%. I'm pushing about 25 kb/s
> across two NICs, which makes me wonder the max throughput I can expect
> on a firewall on these Intel boxes.
>
> I haven't tried tuning the em(4) driver yet nor am I sure it's needed at
> this point. Does anyone have some guidelines and/or tuning values they use?
>

What is that in packets per second ?

-- 
---
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
-= The scorpion replied,
"I couldn't help it, it's my nature" =-