headers
Chavous P. Camp | 1 Jan 2003 08:58

Encryption Accelerators

Anyone know of an encryption accelerator that (is supported by OpenBSD
and) will accelerate Blowfish or AES?  All the ones I've seen only
support 3DES & DES.

Of course, hash, DH, etc processing would still be accelerated with most
cards, just not the encryption itself.  Any ideas?

Thanks,

Chavous Camp

------
Chavous P. Camp <cpc <at> scconsultants.net>
Member
Salter & Camp Consultants, Ltd. Co.
1213 Lady St.
PO Box 11285
Columbia, SC 29211-1285
Tele: +1 803 461 8970  Fax: +1 803 461 8973
Computer & Information Architects
--------------------------------------------

[demime 0.98d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Permalink | Reply | 1 comment |
headers
dreamwvr@dreamwvr.com | 1 Jan 2003 10:27

!HNY

All the best in 2003!

--

-- 
/*  Security is a work in progress - dreamwvr                 */
#                                                             
# Note: To begin Journey type man afterboot,man help,man hier[.]      
#                                                             
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]
Permalink | Reply | 1 comment |
headers
Sean M Lentner | 1 Jan 2003 10:42

HNY

Thanks for all your help in 2002, may OBSD rule 2003!

Quoting "dreamwvr <at> dreamwvr.com" <dreamwvr <at> dreamwvr.com>:

> All the best in 2003!
> 
> -- 
> /*  Security is a work in progress - dreamwvr                 */
> #                                                             
> # Note: To begin Journey type man afterboot,man help,man hier[.]      
> #                                                             
> // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]
Permalink | Reply | 0 comments |
headers
Condor | 1 Jan 2003 15:41

Re: cp load average

Wim Vandeputte <wim <at> kd85.com> wrote :

> On Tue, Dec 31, 2002 at 01:09:44PM +0200, Condor wrote:
> > that when i copy one file with 600 MB or more, my server load average is
> bring up:
> > #cp some_file /mnt/hdd2
> > --- paste ---
> > # w
> >  5:11PM  up 8 days, 20:39, 1 user, load averages: 28.35, 13.29, 6.79
> > USER    TTY FROM              LOGIN <at>   IDLE WHAT
> > root     p0 ixip.net          4:46PM     0 w 
> 
> You need to have a look with systat what is sucking up your resources.
> 
> Try:
> 
> systat vm 1
> 
> and check out what is bringing your system on it's knees: too many interupts?
> 
> Context switches?
> 
> You are not telling us on what devices the files are? SCSI? IDE? Network?
> 
> Kind of hard to judge from here with no info ;-)
> 
> Wim.

Wim Vandeputte <wim <at> kd85.com> wrote :
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mohit Muthanna | 1 Jan 2003 17:09

Re: cp load average

You can use nice(1) to prioritize your processes. OTOH, if the processor
load (vmstat) is abnormally high, you may want to check out DMA settings
on the hard disks. I often noticed this to be the reason for a lot of
performance problems during copying, tarring, etc. large files.

does anybody know if hdparam runs on openbsd? ... or if there's a clone?

Mohit.

On Tue, 2002-12-31 at 08:09, Condor wrote:
> Hello,
> i see in my server with obsd i386 3.2
> that when i copy one file with 600 MB or more, my server load average is
bring up:
> #cp some_file /mnt/hdd2
> --- paste ---
> # w
>  5:11PM  up 8 days, 20:39, 1 user, load averages: 28.35, 13.29, 6.79
> USER    TTY FROM              LOGIN <at>   IDLE WHAT
> root     p0 ixip.net          4:46PM     0 w
> --- end ---
> any body have idea how i configure my system that my cp (mv) to give low CPU
resources? Because in this variant some services stop work like sendmail or
worked very slowly.
>
> Regards,
> Condor
--
Mohit Muthanna <mohit AT muthanna DOT com>
Is the noise in my head bothering you?
(Continue reading)

Permalink | Reply | 0 comments |
headers
Steve Wingate | 1 Jan 2003 19:01
Picon

Re: DNS Server

On Tue, 2002-12-31 at 08:45, JPRMF <at> netcabo.pt wrote:
> darksun sm-mta: unable to qualify my own domain name (darksun) -- using short name" ....this message is
appearing all the time in all machines, when i'm writting anything on vi, when i'm browse something on
links, when i'm using BitchX under irc, it appears all the time, and it's very bad for working, so to make not
appear that messages i have to install my own DNS Server isnt it ?!, but it have to be installed under the
gateway to all other machines dont give any type of this error isnt it ?! or if i install DNS Server under
other machine in the network it resolves the problem of the messages in all machines?!
> 
> PS: my network is: the gateway where the first nic (rl0) is connected to the CABLE MODEM and the second nic
(rl1) is connected to the first door of the switch, and the switch have 7 more doors that are all busy with
RJ-45 Cable connected to other 7 machines!

Stop logging on as root. Log in as a normal user then su to root or use sudo.

--

-- 
Steve Wingate <s.wingate <at> cox.net>
Permalink | Reply | 0 comments |
headers
Chuck Yerkes | 1 Jan 2003 19:34

Re: lazy man's "pkg_delete" (terrible script - help!)

cd /var/db/pkg; pkg_delete xm*

1) your version (without the cd) leaves the shell to expand xm* which
   varies, depending on the cwd.
2) bash is not part of openbsd.  Please leave your linux haven
   and understand that many things port easily to Linux, but
   many Linux programmers write crap that can't be ported out
   of Linux.  Use the Posix shell.
3) it would be handy if pkg_* would strip off paths for
   pkg_delete /var/db/pkg/xm*  to work.

Quoting poff <at> sixbit.org (poff <at> sixbit.org):
> Hi,
> 
> I was a bit shocked to find pkg_delete xm* wouldn't work, and that one has
> to type in the full name and version of the file, or I'm missing
> something...
> 
> So I whipped togetherthis dreadful script (shame!) and was wondering if
> someone could improve it for me? I new to shell scripting...
> 
> # cat /usr/local/bin/pkgdelete
> #!/usr/local/bin/bash
> 
> if [ ! $1 ]; then
>         echo "please enter partial package name"
> else
>         match=`pkg_info | awk '{print $1}' | grep $1`
>         matches=`echo $match | wc -w | sed -e "s/[ ]*[  ]*//"`
(Continue reading)

Permalink | Reply | 0 comments |
headers
james | 1 Jan 2003 19:48
Picon
Favicon

Re: problem installing from MSDOS partition

from mount_msdos(2)

     -s      Force behaviour to ignore and not generate Windows 95/98 long
             filenames.

     -l      Force listing and generation of Windows 95/98 long filenames and
             separate creation/modification/access dates.

             If neither -s nor -l are given, mount_msdos searches the root
directory of the filesystem to be mounted for any existing Windows
             95/98 long filenames.  If no such entries are found, -s is the
             default.  Otherwise -l is assumed.

a workaround of sorts is to create a long file name in the root folder of
the nt4 partition, and make sure the long filenames of the install packages
are in fact in lovercase.

> Been to Google, FAQ, etc.
>
> As part of my exhaustive work in "How to Install OpenBSD," I tried
> installing from a MSDOS partition where I had NT 4.0 installed.
> Thanks to the serial console, here are my results:
>
> [blah blah blah deleted...]
>
> Sets can be located on a (m)ounted filesystem; a (c)drom, (d)isk or
> (t)ape device; or a (f)tp, (n)fs or (h)ttp server.
> Where are the install sets you want to use? (m, c, f, etc.) d
> Available disks are: sd0 sd1 wd0.
> Which one contains the install sets? (or done) [sd0] wd0
(Continue reading)

Permalink | Reply | 0 comments |
headers
Theo de Raadt | 1 Jan 2003 22:04
Picon
Favicon

Re: Encryption Accelerators

At the moment, we are not aware of any cards on the market yet that do
AES, for which documentation is available.  But AES extended versions
of some hardware we already support is coming soon...

I am not aware of *any* hardware that does blowfish.

> Anyone know of an encryption accelerator that (is supported by OpenBSD
> and) will accelerate Blowfish or AES?  All the ones I've seen only
> support 3DES & DES.
> 
> Of course, hash, DH, etc processing would still be accelerated with most
> cards, just not the encryption itself.  Any ideas?
> 
> Thanks,
> 
> Chavous Camp
> 
> 
> ------
> Chavous P. Camp <cpc <at> scconsultants.net>
> Member
> Salter & Camp Consultants, Ltd. Co.
> 1213 Lady St.
> PO Box 11285
> Columbia, SC 29211-1285
> Tele: +1 803 461 8970  Fax: +1 803 461 8973
> Computer & Information Architects
> --------------------------------------------
> 
> [demime 0.98d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dom De Vitto | 1 Jan 2003 22:04

Re: PF and stalled connections

I think Henning means:
The state table grows/shrinks appropriately.

So (unlike other firewalls) you NEVER "run out" until you run out of
RAM (and maybe not even then - is the area swappable? Is any part of
the Obsd kernel swappable?)

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:dom <at> devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

-----Original Message-----
From: owner-misc <at> openbsd.org [mailto:owner-misc <at> openbsd.org] On Behalf
Of Henning Brauer
Sent: Tuesday, December 31, 2002 1:56 AM
To: misc <at> openbsd.org
Subject: Re: PF and stalled connections

On Mon, Dec 30, 2002 at 02:34:57PM -0800, David S. wrote:
> The OP's 'pf.conf' contained
> 
> 	# pass all packets
> 	pass in on $ext all keep state
> 	pass out on $ext all keep state
> 	pass in on $int all keep state
> 	pass out on $int all keep state
> 	---------------pf.conf----------------
>
(Continue reading)

Permalink | Reply | 5 comments |

Gmane