Currently there is no facility in dhclient(8) to issue RELEASE
messages. I had no recollection of adding such a thing, and a
quick
confirmed there is no DHCPRELEASE related code.
Ergh. OK thanks, that's super annoying that it's not there.
Which
signal(s) are used elsewhere to trigger RELEAS
How do I get dhclient to release its DHCP lease?
I want to be clear that I'm not interested in having it RENEW the lease
but RELEASE it- in other words send the signal to the DHCP server "I'm
going bye-bye, go ahead and put this IP address back in your free pool".
Other versions of dhclient o
We have various OpenBSD machines acting as gateways for NAT LANs. We
need a handful of services for these, mainly a dhcp server that can do
mac-based fixed addressing, dns server that can attach and reverse names
associated with these fixed addresses, dns black-holeing, the ability to
intercept
FYI- My 2820 won't boot reliably headless without an HDMI dummy plug
attached (such as
http://www.amazon.com/CompuLab-fit-Headless-Display-Emulator/dp/B00FLZXGJ6),
even with the latest BIOS. These seem to be hit or miss in a headless
configuration, and not everyone has the HDMI boot failure issue,
Could you show the output
of "mixerctl -v" ?
inputs.dac-0:1=126,126
inputs.dac-2:3=126,126
inputs.dac-4:5=126,126
inputs.dac-6:7=126,126
record.adc-2:3_mute=off [ off on ]
record.adc-2:3=125,125
record.adc-0:1_mute=off [ off on ]
record.adc-0:1=125,125
inputs.mix_source=line-in,mic2,hp,line
The pc-speakers and the sound card are different circuits.
Right, I know that. What I'm wondering is if there's some magic
incantation for mixerctl or some other utility that will let output
intended for the console speaker to be 'copied' or otherwise redirected
to the headphone/line output.
It's gonna be behind a 3020j surge protector
A $20 spikebar will NOT protect this machine from a lightning strike
that hits the pole in front of your house.
Take a different view: Mirrored drives and RAID are not really for data
protection, they're so you can keep operating in face of (some
Well, isn't your NAS
already a backup?
No. At least, not really. Any "online" backup (in other words, an
actively running machine) is always subject to issues that could destroy
your data. The power supply could go bad and fry your drives, software
issues could cause silent corruption, and yo
We have a system with only HDMI and displayport video outputs. If the
system is booted with no HDMI cable attached, and then the cable is
attached after the system is up, video is completely nonfunctional until
the system is rebooted. (We don't have any displayport displays or
cables to test th
We have a system with NO physical internal speaker of any kind. Audio
otherwise works from the headphone/line jack, playing wave files with
aucat and messing with mixerctl all work as expected, but there are no
'beeps' (can't get a terminal bell using echo, can't get anything from
wsconsctl, no
In what way? If you mean the hypervisor does not provide adequate separation
between VMs then that is not really an issue as I control the host and all
VMs. If any are compromised then I have bigger issues.
The most secure system should be the host, not the guest. A super secure
guest inside a
At this point, the FreeBSD camp would point out that they have ZFS
for infinite flexibility in building multi-terabyte storage pools,
That said, both modern SSDs and multi-terabyte spinning
platters are handled quite well, thank you, by FFS2 on OpenBSD
As an aside, people sometimes confuse ZF
I have found in the
archives that in general you can recommend OpenBSD to anyone without
any background to start tinkering with. So, there might be no benefit
of a learning curve of FreeBSD --> OpenBSD, as I, may have wrongly
guessed?
OpenBSD is about as easy to pick up as any other *nix, so lo
OK, thanks. After some searching based on this info and some messing
around, it looks like 'export TERM=ansi' and setting t_Co=8 will get me
limited colors in vim without screwing anything up.
Can someone give be a brief rundown on how OpenBSD handles color on
console? Commands like "echo -e '\033[32mfoo\033[0m'" produces dark
green text as expected, but "echo -e '\033[92mfoo\033[0m'" comes out
white instead of light green, and I can't seem to get vim to do syntax
coloring at all (I'
The two daemons you refer to, treat SIGHUP as a "please re-read your
configuration files and restart". This is semi-common. This happens to
also be the two daemons you are testing this with, causing some
confusino.
Not everything, but some things will still be running.
It wasn't just syslogd
The two daemons you refer to, treat SIGHUP as a "please re-read your
configuration files and restart". This is semi-common. This happens to
also be the two daemons you are testing this with, causing some confusino.
Not everything, but some things will still be running.
It wasn't just syslog
I took that to mean:
1) run (presumably as root) 'time sh /etc/rc shutdown'
2) check 'ps -aux' to see what's still running
3) 'kill -HUP [PID]' for each of the remaining processes
4) check 'ps -aux' again
5) 'kill -TERM [PID]' for each of the remaining processes
6) check 'ps -aux' again
Yes. P
If availability is critical you might consider redundancy with CARP/pfsync.
It's not critical enough to be worth dealing that. Going down for like
15 minutes is fine, but most of a day is not.
In a perfect world we're looking for an update mechanism similar in
speed and ease to other OSs whe
"time sh /etc/rc shutdown". See what's still running. kill -HUP everything
except init and your session and see what's still running 5 seconds
later.
Hmm, you truncated the suggested steps...
You wrote:
"Hmm? How about replicate the process and observe the results? "time
sh /etc/rc shutdo
Does your embedded storage run NOR/NAND or something like SDHC Memory
Cards?
If your systems are running SDHC you can easily create clones with a
laptop& the DD utility.
A couple of them do, but it doesn't matter in this case. The main issue
with compiling is that it can effectively knock the
"world" as you appear to be using it isn't an OpenBSDism,
ugh. You're right, you're right... I'm also managing several
FreeBSD projects and I'm getting things mixed up. Let me go through the
man pages again and try to sort things out in my head.
Hmm? How about replicate the process and observe the results?
Well, I wasn't sure if that was the exact/entire process or just a summary.
"time
sh /etc/rc shutdown". See what's still running. kill -HUP everything
except init and your session and see what's still running 5 seconds
later.
OK
You think the master builds are done on a machine that is identical to
yours at home?
Obviously not, but that doesn't have any bearing on what I said.
Build a -stable release on a same platform faster machine. Now unpack
the .tgz files on the target machines, copy in /bsd, /bsd.rd, reboot.
t
Hmm? How about replicate the process and observe the results?
Well, I wasn't sure if that was the exact/entire process or just a summary.
"time
sh /etc/rc shutdown". See what's still running. kill -HUP everything
except init and your session and see what's still running 5 seconds
later.
For power off via button, init runs "sh /etc/rc shutdown", then sends
all processes a SIGHUP, then waits 5 seconds. If there are any
processes still alive it'll send SIGTERM and wait another 5 seconds.
If any are still alive at that point it'll send'em all SIGKILL and
wait another 5 seconds. It'
So, slow /etc/rc.d/* script delaying the /etc/rc shutdown step? Or do
you have some daemon which isn't killed by its rc.d script, nor by
SIGHUP, thus requiring SIGTERM and at least 10 seconds?
This is a test system and it's pretty stock right now. Aside from the
standard services like pf and n
As it was already stated in @misc,
I don't think I got that message. (?)
mtier is probably as safe as relying on
openbsd code.
I'm not worried so much about safety in the sense of compromised code,
but rather the practicalities of setting up a workflow that depends on
something that can di
You do that part on a bigger box, build releases there, and use
these to update the low power devices.
That doesn't really help the situation. These machines don't have
identical setups so you'd still have to do a lot of manual merging
and/or write and maintain a library of custom merge script
https://stable.mtier.org/
A cli update program that applies binary patches is pretty much perfect,
but I'm not sure we want to rely on a 3rd party for that service. (And I
know that a built-in update program is probably never going to happen).
Snapshots?
Something like this?
http://www.bsdnow.tv/tutorials/stable-iso
Well, preferably something that doesn't require the machines to go
offline for a while.
We have a bunch of low power embedded devices that we'd like to keep
reasonably up to date, but the disk space and cpu overhead of tracking
-stable is kind of a nonstarter. Is there another/better way of doing
things these days? (Other than applying dozens of patches manually).
On Sep 20 4:36 PM, Fred wrote:
On 09/20/15 20:58, Quartz wrote:
Powerdown went away in July 2014.
The FAQ needs to be updated then:
http://www.openbsd.org/faq/faq10.html
"rc.shutdown
/etc/rc.shutdown is a script that is run at shutdown. Anything you want
done before the system shuts
I have a machine where tapping the front panel power button correctly
halts and powers off the machine however there's a solid 10 second
delay after I press the button before anything happens. Is there any way
to speed this process up?
Powerdown went away in July 2014.
The FAQ needs to be updated then:
http://www.openbsd.org/faq/faq10.html
"rc.shutdown
/etc/rc.shutdown is a script that is run at shutdown. Anything you want
done before the system shuts down should be added to this file. If you
have apm, you can also set "p
Can someone explain in better detail what exactly the "powerdown=" line
in rc.shutdown does? I have a few machines that range from full apm/acpi
support to hardly none, but that line doesn't seem to affect anything on
any of them, regardless what it's set to or if it's omitted completely.
is seeing as I'm unlikely to get any more than "up to" 76Mbps from my
ISP's fibre anyway,
Effectively any hardware that still boots will work as a home router. A
500mhz Pentium III with 64mb ram can handle a 100mbps connection without
breaking a sweat.
Decide what you want to do about a file
hi all .
i make bootable openbsd USB stick by ordinaly installatin .
if i can make bootable CD from this USB , it is very happy .
are there any methods ?
is linux's isolinux or so possible ?
is it very difficult to solve ?
Just for clarification, are you trying to make a customized 'live'
O
I think you are
focusing on the thing that will probably give you less problems, the
CPU. These kind of systems tend to have problems with a lot of things,
*before* you ever get to the CPU.
Such as? These aren't going to be doing hardly any disk IO and they
don't need fancy graphics, so assumin
Is it not possible to buy two or three representative models and test them to
find out which of celeron, atom, or amd is fastest?
Well as restrictive as our requirements are, there are still a few
too many options for that. I kinda wanted to narrow it down some more first.
As I said before, I think information is getting lost here in the
discussion. The issue is we need something that fits within certain
restrictive thermal/size/power/noise limits; these are all fanless
setups and some might even be battery powered.
And when I say "fanless" I mean *completely* fan
I red all thoughts till now and my advice is if you are going to buy
a new hardware now (year 2015) take multi core CPU. The OpenBSD just
get better every day and if you follow tech@, source-changes@ and
misc@ you already know that our beloved OS soon or later will spread
load on all CPU/CORES (de
The short answer is, unless you can guarantee that pf will have its own
core and no other process will race against it (you can't), then go for
the mp.
OK, so after more info you're switching to the mp side? If that's true
then all the latest recommendations from this afternoon forwards are in
The recommendation
that people use SP kernels for networking is no longer valid.
Ah, thank you for mentioning this explicitly. I had a memory of this
kicking around at the bottom of my subconscious. I knew there was
something else about this issue but couldn't put my finger on it.
On a more serious note, I don't see how one can actually buy faster
single-core performance for this purpose. If the question was more
detailed, describing specific models of machines, we'd be able to
show it makes no financial sense. The cheapest stuff is good enough.
As I said before, I thin
Maybe this webpage would help you make an informed choice?
https://calomel.org/pf_config.html
That looks like a good reference for setting up pf and the right way to
architect your pf.conf, but it doesn't appear to address any of the cpu
threading issues I'm trying to figure out. Thanks thoug
I'm sorry I'm not familiar with either of the processor's you're
describing. In the vague terms you have given,
I haven't described any specific models yet, I'm being a little vague
because I was looking more for general guidance than having the list
debate the pros and cons of dozens of diffe
but the short answer is to use the
multi-processor system. The single core will perform better when you care
nothing about your performance, the multi-core system will perform better
the only time you care at all about performance.
I think some information is getting lost here. I'm not comparing
not
paying a context-switching tax during these simultaneous load events will
make a bigger difference than any other single factor.
I guess that's what I was getting at in my original poorly worded
question: at what point do context switches negate the benefit of a
faster single core (given a
Dhcp, no. DNS, yes.
Also, does a local DNS resolver really consume that much cpu that it
would see any notable effect from having another core? I thought that
was more a RAM thing.
A small office isn't that much different from a home server.
It's not actually a small office, that's just the best analogy I could
think of.
I
see, that more than really wanting to know if you'd be ok with mp,
you're seeking validation to go through with a single core.
Well... that's kin
are we talking home router here or something more specialized?
A little more specialized. It's a sort of embedded system and it needs
to fit within some size/thermal/watts/noise constraints. It needs to
serve something roughly equivalent to a small office.
now if i needed a gateway/firewall
For an OpenBSD machine acting as a gateway/firewall/router with a
handful of related tasks (pf, dhcp server, etc) would mp yield anything?
Of course, yes. Just because PF doesn't get any benefits (yet) from MP,
it doesn't mean these other programs won't.
Sorry that was unclear wording on my pa
Quick question: I need to make a decision between a faster single core
and a slower multicore. The faq currently states that pf gets no
improvement from mp. Is this still correct/current information?
Presumably it would see no benefit from hyperthreading either, right?
For an OpenBSD machine a
Just out of curiosity, are there any plans to support bluetooth at some
point in the future?
If the dongle is just a bluetooth radio and expects the host to take care of
parts of bluetooth (device peering etc), then OpenBSD can't use the keyboard.
OK, I think that answers it for me then. Thanks.
:>OpenBSD doesn't support bluetooth on any hardware.
:
:Does that also include usb->bluetooth dongles for wireless keyboards?
:
That includes all forms of bluetooth where it is presented to the OS.
If it fakes a keyboard, and shows up as a ukbd, then that driver will
be used.
Well I guess that
Dongle for wireless device doesn't work that way.
The dongle pretend to be the device and take care of all the communication.
From the OS point of view, using a wired usb keyboard or a wireless
keyboard using a dongle is the same thing.
Also, bluetooth keyboard doesn't provide dongle.
I wasn'
OpenBSD doesn't support bluetooth on any hardware.
Does that also include usb->bluetooth dongles for wireless keyboards?
Contact their support department.
I ended up doing that anyway earlier this morning. If I don't hear back from
them maybe I'll try calling tomorrow or something.
They're actually pretty good about answering questions on the phone,
even on the first call.
They did get back to me via email, an
Why would you contact their marketing department? That's silly.
Well because I assume that marketing encompasses sales, and the
sales department kinda ought to know what products the company sells.
Contact their support department.
I ended up doing that anyway earlier this morning. I
From Supermicro website:
http://www.supermicro.nl/products/motherboard/ATOM/
http://www.supermicro.nl/products/embedded/embedded_motherboard.cfm
I know they sell Atom-based boards and various embedded boards, but just
because it's Atom and/or embedded doesn't automatically mean it conforms
to
Try the X10SBA
Doesn't appear to fit the bill, unfortunately. That hdmi+displayport
stack is too high, and while it has onboard DC12V it's missing the
standardized plug on the back.
Given that no one else has responded, I'm assuming that SuperMicro just
doesn't make boards in this form fact
We need to build some OpenBSD-based network devices that we'd strongly
prefer to be based on SuperMicro hardware. Does anyone know offhand if
they offer any products that conform to the Thin-Mini-ITX standard?
Their website is unhelpful and so far their marketing email hasn't
responded to inqui
And... here's an about 25 minute long video tutorial on how to do what I
think you want. Yes I probably had better things to do, but nothing came
to mind that seemed more fun... :-)
Thank you so much! A full walkthrough always helps.
There are some comments inline on what happens and why.
B
Also, another question: this system keeps nothing in the user's home
directories past a few dot files. /home is using less than 1m of space.
Would it be safe from a security/reliability standpoint to just move the
home folders directly into / ?
You've stated you have a 10GB disk, and that this is 4.9. The disklabel(8)
man page at 4.9 described the automatic layout at that time:
Yeah, that's what we have.
You have stated that /usr/src and /usr/obj are unused, /var is full, and
/usr/local (used for packages and some infrastructure com
... in that order.
This order could be not identical with the harddisk order. If I'm not
mistaken, watching install operation, I think the / partition is the
first followed by /home. Somebody correct me if I'm wrong.
I've looked at the layout on this machine a dozen times. Cross reference
wit
Maybe I missed it, but if you supply the output of disklabel and df,
it would be easier to give advice.
The machine isn't in front of me right now, but the partition setup was
using the 'wizard' defaults. In other words: /, /tmp, /var, /usr,
/usr/X11R6, /usr/local, /usr/src, /usr/obj, and /hom
it is actually not worth buying a new standalone access
point unless you can install specifically OpenBSD on it, and temporary
reuse of an old access point is sub-optimal now matter what you
(re)flash on it, most firmwares including third party are vulnerable
and suffer from the same reliability a
So, Stuart's comment is still valid. I will stop looking for a USB
solution, and instead see if I can find a low power chassis with a PCI
slot. While more expensive, it is probably money well invested.
It might be worth buying/reusing a standalone access point (perhaps
reflashing a linksys rout
How about taking some directory that is currently under /var (depending
on what you're doing with the machine, maybe log or www or mysql or
something?) and moving the contents to /usr/obj or /usr/src (or if
they're together on disk, remove /usr/obj and /usr/src and create a
new partition covering
You could also make a raw image of the disk and run a copy of that image
in qemu on another computer, something which would give you a chance to
do some experimenting with growfs(8)& friends without having to risk
anything.
Oh, now that's a really good idea actually, I never thought of that.
W
- nuke usr/X11R6,
That will end up with five partitions: /, /tmp, /home, /usr, and /var
Also, this machine doesn't have X, FWIW.
there is no easy way to shrink or move filesystems, only copying their
contents. depending on where /var is, your ability to grow it may be limited.
Disklabel puts /var as the third partition. I wasn't really expecting to
be able to grow it directly. I think what I'd like to do is
- copy the
(though when you start looking
at how much it costs to power the thing, it's still not free, and at
some point it might have been cheaper to replace it with something
else.
I don't think it really works that way for mechanical hard drives. At
least, taking a quick look at the drive pile and com
First of all, you have a machine that is running a very old version of
OpenBSD. You have a lot of upgrades to do, and since you have other
issues (partitioning), you probably just want to reinstall and start
over using your current knowledge of your disk layout needs.
Well that's kind of the th
We have an older system running 4.9 that acts as a sort of
dev/test/scratch machine for messing around. When it was set up it we
threw a 10gb drive in there and did a generic install with all the
defaults. Over time, as we've used this for various stuff, we've
realized that that partitioning sc
On first boot it gave me "No
acceptable DHCPOFFERS received."
When you say "first boot", do you mean booting the install media or
booting the installed OS afterwards?
Usually, a complaint about an *acceptable* offer specifically means that
your dhclient.config is requiring certain parameters
The point was to use ps on the *server* not on the client.
So I was thinking you should use ps *on that server* to
see if you could see signs of another connection attempt reaching it
and then for some reason failing to give you an interactive shell.
Ah ok. Yes I totally misunderstood you- I
hild of
Terminal. Terminal is a child of the launchd process for my account.
That launchd process is a child of the master launchd process, PID 1.
The (abbreviated) output of ps looks like this:
TTY USER RUSER PPID PID COMMAND
?? root root 0 1 launchd
?? Quartz Quartz 1
good day:
"ssh user@server" = works just like it should
What about "ssh -v user@server" on a good day?
That works exactly as expected. ssh-ing in right now
And more specifically, if
you run ssh -v on both a good day and a bad day, what does diff between
the two outputs show?
IIRC, not muc
If you are only creating one ssh connection, does "good day" mean you
have succeeded just once?
No, I mean that I can ssh in without having to pass -v on the command
line. In other words, it works the way it normally should.
More specifically:
good day:
"ssh user@server" = works just like it
ktrace and tcpdump.
I should have mentioned that the laptop is using OpenSSH but it's OSX
not OpenBSD. ktrace was replaced with I think dtrace on OSX a while ago,
so I'll have to look into how to get that set up.
As for tcpdump, I'm not sure what I'd be looking for there. Most of the
connection
That's a good question, I'm not actually sure if I've ever opened two
connections to it at once. For better or worse today is a "good" day so I'll
have to wait to test this.
If you are only creating one ssh connection, does "good day" mean you
have succeeded just once?
No, I mean that I can ss
ktrace and tcpdump.
I should have mentioned that the laptop is using OpenSSH but it's OSX
not OpenBSD. ktrace was replaced with I think dtrace on OSX a while ago,
so I'll have to look into how to get that set up.
As for tcpdump, I'm not sure what I'd be looking for there. Most of the
connec
If you have one connection established to that server which is
functioning (perhaps with -v on the client ssh) can you get the
problem to occur with a second connection to that server?
That's a good question, I'm not actually sure if I've ever opened two
connections to it at once. For better or
I'm not sure if this is the right place to ask about this, but I can't
seem to find an ssh-specific mailing list or web forum anywhere.
I have a bog standard setup between a laptop and a local university that
uses a bog standard id_rsa key for password-less access; to the best of
my knowledge
Off-the-shelf yes, home no, it's just a specialized setup with some odd
requirements. We're fine with paying for good quality components but
there's no need to overpay for something that offers a bunch of stuff we
don't need, especially when we're going to be building several of these.
I'm just tr
Any cluebats?
Not sure if it will help your specific situation, but you could look
into server side "grey listing". This will cause your mail server to
temporarily reject mail from them, forcing them to try again a couple
hours later. Fly-by-night spam places almost never bother to resubmit,
yet the original poster is
obviously looking for COTS consumer electronics general purpose
inexpensive mini-ITX mainboards for home router project.
Off-the-shelf yes, home no, it's just a specialized setup with some odd
requirements. We're fine with paying for good quality components but
there
ECC RAM always helps in the long term,
It helps yes, but for a router I wonder if it makes a significant
difference.
if the board is collocated
It's in-house.
but I'd not have IMPI& serial BIOS (out
of band) access.
Both of those aren't necessary for this project.
If you want to
Recommendation for a very capable router are C2750/C2758 Supermicro
So, do you think we'd *need* a board like that? The reason I ask is that
they're nearly twice the price of other dual-gigE Atom boards, and the
ECC SODIMMs don't help. If you're saying that an old D525 can handle our
traffic
Here's the dmesg for my Tor exit relay, which runs on a D2700. It moves
about 2.0-4.5 MB/s in each direction.
Hmmm that's nowhere near as fast as what we do, and not even as fast
as a P3.
It seems to be running at full
capacity doing so,
I don't know much about tor. When you say "full
FWIW here's the DMESG from the system I just put in place.
pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x0bf3 rev 0x04
ehci0: timed out waiting for BIOS
xhci0 at pci2 dev 0 function 0 vendor "Etron", unknown product 0x7052
ehci1: timed out waiting for BIOS
I admi
I just deployed an OpenBSD 5.7 firewall/router/dhcp/dns using this motherboard:
http://www.newegg.com/Product/Product.aspx?Item=N82E16813157417
As a side question, is that a female usb connector planted vertically
right on the motherboard?
It uses the Intel Atom D2550 1.86GHz 2-Core chip a
I just posted a dmesg from a SuperMicro motherboard with 8-core Intel
Atom C2758.
Yeah, I've heard about that board. I think it's a tad overkill for our
situation though :)
Depending on how you configure your disks the 8-core C2758 should be
able to saturate a single gig-e nic.
Our system
There's a huge range of Atom processors. Some are 32-bit only single-
core, there are models which are 64-bit capable and multi-core. There are
a wide range of clock speeds, cache sizes, and bus speeds.
I know, I was mainly looking for general opinion about support and
performance. IIRC, back i
What's Intel Atom support like these days? I remember they used to be a
little weird. Are they handled pretty much like any other x86 chip now
or are some things still unsupported? Are they capable of handling pf on
a saturated 100-base-t connection? How about gig-e?
These days you have "bypass" features in hardware that allow packets
to flow from one interface to another even if the firewall is turned
off.
Can you elaborate on this?
Also, that brings up another point wrt motherboards with multiple jacks;
are bios attacks something to worry about?
Havi
1 - 100 of 114 matches
Mail list logo
