Re: BSD PPPoA Hardware

[Shane J Pearson]

Hi Jared,

On 25/08/2005, at 1:55 PM, jared r r spiegel wrote:


  the thread has kinda gone this way already, but i believe the only
  way you can get true "i don't have NAT" on PPPoA, outside of  
getting a

  "business class" service plan (or anything else with static IP WAN
  and LAN allocations) is going to have to end up with you running
  PPP daemon/process on your machine.  for it to leave your PC to
  the modem as ATM would be a rare hardware combination.


"Half-bridge mode" or in the case of my Netgear DG632, "MODEM mode",
allows me to use PPPoA in such a way that the MODEM deals with the
PPPoA, my OpenBSD firewall sees packets destined to my external public
IP address and I can use an MTU of 1500. No NAT being used on the
MODEM. I am using NAT on my firewall though and I have a static IP.

I have not been able to get a Netcomm MODEM/Router with "half-bridge
mode" to be able to do this though.


Shane

Re: 3.8 snapshot laptop sleep issues

[Jan Johansson]

"Will H. Backman" <[EMAIL PROTECTED]> wrote:
> Running today's snapshot on an old laptop (Dell Latitude PPL),
> and I put the cover down to see if it would go to sleep and
> wake up properly.  After it went to sleep, I opened the laptop
> back up, and it started to come back alive, but the screen
> stayed blank.  I couldn't switch virtual consoles.  Reset the
> machine.  Nothing odd showed up in the logs, except that wd0
> was not properly unmounted.  Any way to start debugging this? 

This sounds like the common "X did not get the signal to wakeup
problem".

You need apmd to use sleep mode with X, was it running?

Did you look at an X screen or an login terminal when you
suspended?

Was the screen really black or was there a blinking _ in the top
left corner?

Re: 3.8 beta requests

[Shane J Pearson]

Hi Art,

On 24/08/2005, at 9:38 PM, Artur Grabowski wrote:


Genadijus Paleckis <[EMAIL PROTECTED]> writes:



Theo de Raadt wrote:


Oh well -- we've decided that we will try to ship with this  
protection

mechanism in any case, and try to solve the problems as we run into
them.



Is that means that 3.8 might be unstable ? Maybe all who wants/needs
stable systems need to run 3.7 ?



Yes, it means you should switch to linux because it's stable and never
does anything to rock the boat. sigh.

It's comments like this that convince me that I should never tell  
anyone
about what I'm developing, how it works and what effects it might  
have.

Anything you say will be used against you.


I'm excited by these further stability and security enhancing changes.

However Genadijus only asked questions. He did not make a statement.
Seems like pretty innocent questions to me that are easily answered here
by those that know. And what is wrong with that?


Shane

Re: BSD PPPoA Hardware

[jared r r spiegel]

On Wed, Aug 24, 2005 at 09:55:50PM -0600, jared r r spiegel wrote:
>   take a phone cord coming in and an ethernet cord going out.
> 
>   it's possible 
> 
>   i suppose
>   there could be a 

  please forget this train of thought.

> > it may be possible to use OpenBSD as a
> > *replacement* for the DSL modem itself. I know we've got some degree
> > of ATM support but I don't know how well (or if) all the other needed
> > stuff works.
> 
>   that would be 

  that would be me hitting send instead of postpone..

  sigh.

  anyway, that would be hot.
 
  before i do any more damage...^[

--

  jared

Re: BSD PPPoA Hardware

[jared r r spiegel]

On Tue, Aug 16, 2005 at 01:54:46AM -0700, J.C. Roberts wrote:
> On Tue, 16 Aug 2005 08:20:33 +0100, Simon Farnsworth
> <[EMAIL PROTECTED]> wrote:
> 
> >On Tuesday 16 August 2005 06:34, J.C. Roberts wrote:
> >> You seem to be confused on your terms. The term "PPPoA" means
> >> Point-to-Point Protocol over ATM (Asyncronous Transfer Mode). I
> >> seriously doubt you're running ADSL over ATM. ;-)
> >>
> >Given that G.992 DSL protocols are all ATM physical layers, it's quite likely
> >that he's running PPPoA. The (slight) advantage of PPPoA over PPPoE for ADSL
> >is twofold: firstly, the MTU is slightly larger. Secondly, there's one less
> >encapsulation layer involved; PPPoE on ADSL is in fact PPP over Ethernet over
> >ATM.
> >
> >If you don't believe that ADSL is an ATM physical layer, go read G.992.1 (the
> >international ADSL standard), or a manufacturer's spec sheet (like
> >http://www.draytek.co.uk/products/vigor2600plus.html), where it explicitly
> >refers to "ATM Protocols".
> 
> Great info Simon, thank you. All the DSL modems I've seen here in the
> USA are ethernet based on the user side and as misfortune would have
> it, many providers *require* using their particular modem, so the user
> side of it is all that matters.

  i wonder if that's s/require/only support/

  eg, others will work, but don't expect to be able to call anyone 
  and get a "yes that will work, here's what you need it to configure
  it as ", but that doesn't preclude the modem from being
  able to function on the network just fine.

  i haven't shopped around, but i imagine that a DSL modem on the market
  for end-users to buy would probably not be very successful unless it
  supported the standard suite/combination of parameters that the DSLAM
  you're below is going to expect.

  modems i have PPPoA experience with (second-hand, as the portion
  of the network i'm on is not PPPoA):
  speedstream 5930, 5861, 5667, 5200, dlink 504, 3com 812.

  the 5667 was a trooper, but had limited ability to do inbound 
  forwarding (eg, "rdr" in pf).  the 5200s had a better firmware
  but weren't as reliable in poor line condition situations (just
  fine if line isn't marginal) and had no activity LED, and
  used "DSL" to indicate both sync with dslam (solid green), 
  training/losing sync (slow blink), no sync (off) and activity
  (fast blink).  kinda ambiguous.

  the 5861 is cute because it has a CLI and 4 ports, but the 
  "services" it provides are probably of no value to someone running
  any unix/linux.  the 5930 has IPsec crapola, but again, what
  value is that to someone who has isakmpd? (outside of being able
  to avoid NAT-T... woo)

  i'm willing to be wrong, but i would imagine that if you find a 
  thingy that says it is an A) DSL Modem who B) supports PPPoA, and
  you get DSL from the ISP and they use PPPoA, it'll only be a matter
  of getting the right configuration.  the hardest thing would be 
  to know the PVC that you should program into the modem so that it
  matches the cross connect on your port on the DSLAM you're on.

  tech support *should* be able to answer that, i hope.  eg:
  "hi, i'm going through the setup of my DSL modem, and i've got
   it all sorted out, except i forgot what VPI/VCI to put in here"

  there's at least some chance they won't ask you what modem you're
  using, etc; at that point you have a potential to be a 30 second
  call for them.  that's pure gold.
  
  the thread has kinda gone this way already, but i believe the only
  way you can get true "i don't have NAT" on PPPoA, outside of getting a 
  "business class" service plan (or anything else with static IP WAN
  and LAN allocations) is going to have to end up with you running
  PPP daemon/process on your machine.  for it to leave your PC to
  the modem as ATM would be a rare hardware combination.  outside of
  a niche market, it would probably be rare to find one that didn't
  take a phone cord coming in and an ethernet cord going out.

  it's possible 

  i suppose
  there could be a 


 It's all been consumer grade kit, even
> though a lot of it is in business use, none the less, I have not seen
> a DSL modem with ATM on the user side (probably because it would be
> pointless to make it that way).
> 
> Assuming you don't have a provider requirement of using their
> specified DSL modem, it may be possible to use OpenBSD as a
> *replacement* for the DSL modem itself. I know we've got some degree
> of ATM support but I don't know how well (or if) all the other needed
> stuff works.

  that would be 
> 
> 
> Kind Regards,
> JCR
- 

[ openbsd 3.7 GENERIC ( jul 12 ) // i386 ]

Re: RSS feed for errata

[Gerardo Santana Gómez Garrido]

2005/8/24, Ray Percival <[EMAIL PROTECTED]>:
> On Wed, Aug 24, 2005 at 01:03:04AM -0500, Gerardo Santana Gsmez Garrido wrote:
> > 2005/8/24, Gerardo Santana Gsmez Garrido <[EMAIL PROTECTED]>:
> > > This has been discussed before. I think many people here agree this
> > > would be very useful. Some has even volunteered to do it, but I
> > > haven't found anything in Google about it yet.
> > >
> > > So, the question is ?has anybody made it?, otherwise, ?is anybody
> > > willing to do it?
> >
> > I've just found this from a message by dhartmei in undeadly:
> >
> > http://undeadly.org/cgi?action=errata
> >
> > It seems like a first attempt like Daniel says. Is it going to be
> > improved & maintained? Just to know if I should wait for it or start
> > coding it myself.
>  http://www.vuxml.org/
> This is what I use. Could use some work but it is up to date and seems to be 
> maintained.

That's for ports & packages. I'm talking about something similar for
the base system.

-- 
Gerardo Santana

Re: /usr/share/pf/ suggestion

[Uwe Dippel]

On Wed, 24 Aug 2005 08:53:33 -0700, Bryan Irvine wrote:

> Apache of course! ;)

This goes off-topic, but there must be something wrong. Somewhere.
This is not default behaviour of Apache. Did some research on this two
years back, on OpenBSD, P233 and 64 MB, to check its behaviour. It
wouldn't crash, whatever requests and amounts came in. It would gracefully
reject any request beyond its resources.

If it does not (any longer), Houston has a problem.

Uwe

Re: OpenBSD T1 router hang

[Sean Knox]

Sean Knox wrote:

Hi,

We had 2 T1 routers freeze a couple days ago and I'm left scratching my 
head as to why. There was no kernel panic or error message on either 
console, though both consoles were frozen- neither responded to the 
keyboard. I rebooted both boxes and they came up fine. The interesting 
log snippets are from one machine whose /var/log/messages contains 47 of 
these messages within a span 2 seconds:


Aug 23 13:26:50 officet1 /bsd: san0: T1 ALOS ON
Aug 23 13:26:50 officet1 /bsd: san0: T1 ALOS OFF

On the other end, there is a log showing the T1 disconnecting and 
attempting to reconnect about 15 minutes prior to the above messages. 
One machine is running a 3.8-beta snapshot from 8-16-05 and the other is 
running a 3.7 snapshot from 4-12-05. Both are using Sangoma A101u T1/E1 
cards.


I forgot to include my dmesgs (thanks Abraham) in the previous post. 
Here they are:


OpenBSD 3.8-beta (GENERIC) #92: Tue Aug 16 07:10:55 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID

real mem  = 1073324032 (1048168K)
avail mem = 972787712 (949988K)
using 4278 buffers containing 53768192 bytes (52508K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(de) BIOS, date 07/19/03, BIOS32 rev. 0 @ 0xfb330
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/240 (13 entries)
pcibios0: PCI Exclusive IRQs: 5 9 10 11 12
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x5600 0xce000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04
pci1 at ppb0 bus 1
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x05
pci2 at ppb1 bus 2
san0 at pci2 dev 1 function 0 unknown vendor 0x1923 product 0x0300 rev 
0x00 irq 9

ahc1 at pci2 dev 5 function 0 "Adaptec AIC-7899 U160" rev 0x01: irq 10
scsibus0 at ahc1: 16 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct 
fixed

sd0: 35046MB, 48122 cyl, 2 head, 745 sec, 512 bytes/sec, 71775284 sec total
ahc2 at pci2 dev 5 function 1 "Adaptec AIC-7899 U160" rev 0x01: irq 11
scsibus1 at ahc2: 16 targets
fxp0 at pci2 dev 6 function 0 "Intel 82557" rev 0x08, i82559: irq 5, 
address 00:30:48:52:7c:92

inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci2 dev 7 function 0 "Intel 82557" rev 0x08, i82559: irq 12, 
address 00:30:48:52:7c:93

inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci2 dev 8 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x05
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x05: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0:  SCSI0 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x05: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82801BA SMBus" rev 0x05 at pci0 dev 31 function 3 not configured
uhci1 at pci0 dev 31 function 4 "Intel 82801BA USB" rev 0x05: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
lm0 at isa0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ed45 netmask ff65 ttymask ffe7
pctr: user-level cycle counter enabled
ahc1: target 0 using 16bit transfers
ahc1: target 0 synchronous at 80.0MHz DT, offset = 0x7f
dkcsum: sd0 matches BIOS drive 0x80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
WARNING: / was not properly unmounted
san0: Bringing interface up.
san0: Configuring A101 PMC T1/E1/J1 Front End
san0: Link connecting...
san0: Bringing interface up.
san0: T1 connected!
san0: Link con

Re: OpenBSD T1 router hang

[Abraham Al-Saleh]

It's interesting, I got those same messages on my router with the same
sangoma card, my secondary router was down at the time for other reasons, so
I don't know if it would have had the same issue. However, as far as I can
tell, it continued to operate appropriately.

Just as a reminder, you need to include your dmesg and relevent config
files. I'd include my dmesg, but I'm not worried about it right now, and
getting it would present a challenge for me at the current moment.



On 8/24/05, Sean Knox <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> We had 2 T1 routers freeze a couple days ago and I'm left scratching my
> head as to why. There was no kernel panic or error message on either
> console, though both consoles were frozen- neither responded to the
> keyboard. I rebooted both boxes and they came up fine. The interesting
> log snippets are from one machine whose /var/log/messages contains 47 of
> these messages within a span 2 seconds:
>
> Aug 23 13:26:50 officet1 /bsd: san0: T1 ALOS ON
> Aug 23 13:26:50 officet1 /bsd: san0: T1 ALOS OFF
>
> On the other end, there is a log showing the T1 disconnecting and
> attempting to reconnect about 15 minutes prior to the above messages.
> One machine is running a 3.8-beta snapshot from 8-16-05 and the other is
> running a 3.7 snapshot from 4-12-05. Both are using Sangoma A101u T1/E1
> cards.
>
> Any ideas?
>
> thanks,
> sk
>
>


--
Abe Al-Saleh
And then came the Apocolypse. It actually wasn't that
bad, everyone got the day off and there were barbeques
all around.

Re: IPsec / routing problem in OpenBSD 3.7

[j knight]

--- Quoting [EMAIL PROTECTED] on 2005/08/25 at 01:20 +0200:

(can you try wrap your lines at a reasonable 72 chars?)


>   No, the rl0 gateway (PC_B) is 192.168.3.254. Client1 is .3.70, PC_B's 
> internal network is, of course, 192.168.3.0/24.

Oops, I should've seen that 3.70 was an ARP entry. It's odd that the
host route for .3.254 is missing through...
 
>So, you are telling me what I need is actually a Phase 2 connection, so 
> *everything* going through 10.0.0.1 <-> 10.0.0.6 gets encrypted? Let me go 
> through some documentation first, in case I'll come back to you for this one.

Well which of those ipsec flows above would match packets from 10.0.0.1
to 10.0.0.6? Neither. You need to setup another phase-2 connection for these
hosts/networks.
 
>Concerning issues 1) and 2), it seems as if, as soon as I start isakmpd, 
> the 192.168.3.254 interface starts behaving like a bridge, since instead of 
> replying itself it just passes on the packet to 10.0.0.6. Perhaps the routing 
> gets screwed up, and it won't behave just by killing isakmpd and a "ipsecadm 
> flush", you also need to flush the routing table (although I couldn't find 
> any suspect entry that would account for this behaviour).

I'll be honest, I've never setup a phase-2 connection using a default
route so I've not seen this type of behavior. It seems though that the
icmp reply from .3.254 is matching the ipsec flow 192.168.3/24 -> 0/0
and is therefor being punted to 10.0.0.1. When you ping 10.0.0.6, there
is no matching ipsec flow and so you don't see this behavior.
 


.joel

OpenBSD T1 router hang

[Sean Knox]

Hi,

We had 2 T1 routers freeze a couple days ago and I'm left scratching my 
head as to why. There was no kernel panic or error message on either 
console, though both consoles were frozen- neither responded to the 
keyboard. I rebooted both boxes and they came up fine. The interesting 
log snippets are from one machine whose /var/log/messages contains 47 of 
these messages within a span 2 seconds:


Aug 23 13:26:50 officet1 /bsd: san0: T1 ALOS ON
Aug 23 13:26:50 officet1 /bsd: san0: T1 ALOS OFF

On the other end, there is a log showing the T1 disconnecting and 
attempting to reconnect about 15 minutes prior to the above messages. 
One machine is running a 3.8-beta snapshot from 8-16-05 and the other is 
running a 3.7 snapshot from 4-12-05. Both are using Sangoma A101u T1/E1 
cards.


Any ideas?

thanks,
sk

Re: IPsec / routing problem in OpenBSD 3.7

[[EMAIL PROTECTED]]

> --- Quoting [EMAIL PROTECTED] on 2005/08/24 at 18:35 +0200:


 
> > 1) From Client1, I cannot ping its default gateway (.3.254) anymore. No 
> > ping replies. ssh connection is frozen.
> 
> What machine and interface is .3.254 on? From the information below it does 
> not look like it's on PC_B. PC_B is .3.70.
>  

  No, the rl0 gateway (PC_B) is 192.168.3.254. Client1 is .3.70, PC_B's 
internal network is, of course, 192.168.3.0/24.

  sis0 --- ADSL MODEM 
| 
  *PC_A* sis2 --- AP  <- WiFi ->  AP --- rl1 *PC_B* rl0 --- Client1 
| 
   sis1 --- 192.168.0.0/24 LAN 

 I should have written it more clearly, sorry about that. 



> > 2) If I run a tcpdump -i rl1, I see that the pings from Client1 to PC_B are 
> > *routed* to PC_A!! Of course, PC_A doesn't know what to do with them; 
> > something is getting back, however (encrypted) :
> > # tcpdump -i rl1

> > 17:54:15.803747 esp 10.0.0.6 > 10.0.0.1 spi 0x1F3A4307 seq 70 len 132 (DF)
> > 17:54:15.810208 esp 10.0.0.1 > 10.0.0.6 spi 0x8A4C7C72 seq 58 len 132 (DF)
> 
> Doubtful. You have no idea what packets are encapsulated here. Do your
> sniffing on enc0 instead.
>  

  I will certainly try that and let you know. However, I'm quite confident that 
what I'm seeing going out of 10.0.0.6 and back from 10.0.0.1 are the pings 
originating from Client1 (192.168.3.70) to PC_B's internal interface (.3.254). 
I say this because 1) Client1 os the only machine behind PC_B   2) traffic to 
and fro 10.0.0.1 starts when I start pinging and stops accordingly and  3) I 
booted Client1 off DSL (Damn Small Linux, not the digital line!) instead of 
Winxxx. At least this way Client1 should behave the way I want it to instead of 
sending packets more or less at random.

   Also keep in mind that .3.254 doesn't reply to the pings when isakmpd is 
running.



> > 6) Not all of PC_B 's traffic is going through the tunnel; for example, DNS 
> > queries are still in clear:
> 
> netstat -rnf encap is your friend. You are not building a phase-2
> connection that includes 10.0.0.x so no encryption for you. Same
> reasoning applies to your ping from 10.0.0.1 to .6.
> 

   Mmmmh... I'm getting lost. I am re-posting the netstat from my original 
message (they were buried at the very end, together with other infos):

On PC_A (when isakmpd is running, of course):

# netstat -r -f encap 
Routing tables 
 
Encap: 
Source Port  DestinationPort  Proto 
SA(Address/Proto/Type/Direction) 
192.168.3/24   0 0/00 0 10.0.0.6/50/use/in  
0/00 192.168.3/24   0 0 10.0.0.6/50/require/out 

On PC_B:

# netstat -r -f encap 
Routing tables 
 
Encap: 
Source Port  DestinationPort  Proto 
SA(Address/Proto/Type/Direction) 
0/00 192.168.3/24   0 0 10.0.0.1/50/use/in 
192.168.3/24   0 0/00 0 10.0.0.1/50/require/out 
 
   Does it look OK or am I missing something here?

   So, you are telling me what I need is actually a Phase 2 connection, so 
*everything* going through 10.0.0.1 <-> 10.0.0.6 gets encrypted? Let me go 
through some documentation first, in case I'll come back to you for this one.

   Concerning issues 1) and 2), it seems as if, as soon as I start isakmpd, the 
192.168.3.254 interface starts behaving like a bridge, since instead of 
replying itself it just passes on the packet to 10.0.0.6. Perhaps the routing 
gets screwed up, and it won't behave just by killing isakmpd and a "ipsecadm 
flush", you also need to flush the routing table (although I couldn't find any 
suspect entry that would account for this behaviour).

   Do you thing the 1)-2) and the 6) issues are somehow related?

---
   Rob




6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero!
Scaricalo su INTERNET GRATIS 6X http://www.libero.it

Re: raid kernel

[Henning Brauer]

* Nick <[EMAIL PROTECTED]> [2005-08-24 13:16]:
> Edd Barrett wrote:
> > Is there any reason why we can not include a raid enabled kernel in
> > the distribution? (not as default, but in the same way bsd.mp is).
> > I believe this would save me (and others?) time when upgrading OpenBSD 
> > machines.
> > The kernel would need static device node configuration, "device raid"
> > and "option RAID_AUTOCONFIG"
> > There may well be a very good reason this hasnt been done before which
> > I have overlooked, and if so I apologise in advance.
> For one, what if you don't want "RAID_AUTOCONFIG"?
> It would save YOU time if we set the options you needed.  If not, it
> would cause more complaints about "how could you chose such an option?"
> 
> Further, it would probably need to be TWO new kernels -- bsd.raid and
> bsd.raid.rd, as you would need an install/maintenance kernel, too.

and bsd.raid.mp, too!

rather then trying more stupid band-aids and wuergarounds it would be 
fantastic if someone could sit down and get us a software raid 
implementation that doesn't suck and thus can be included in the regular 
kernels.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: /bsd: arp: ether address is broadcast for IP address

[Stuart Henderson]

--On 25 August 2005 01:42 +0300, Chris wrote:


I get the message
 /bsd: arp: ether address is broadcast for IP address xxx.xxx.xx.xxx


excerpt from arp(4) ('man 4 arp'):

arp: ether address is broadcast for IP address %s!  ARP requested 
infor-
mation for a host, and received an answer indicating that the 
host's Eth-
ernet address is the Ethernet broadcast address.  This indicates a 
mis-

configured or broken device.

Re: 3.8 beta requests

[Marc Espie]

On Wed, Aug 24, 2005 at 11:10:41AM -0600, Theo de Raadt wrote:
> > > A few things that get bitten are some packages doing their own and very
> > > different memory management, but can't avoid malloc altogether.
> > > That is ports/lang/clisp, that seems to be also gprolog

> > Can you describe how these programs manage to seg fault doing their
> > memory management? How do they run now if they don't use malloc?

> Most of those that fail assume that if malloc returns a predictable
> memory address sequence.

Actually, as far as clisp goes, it does assume there's a way to
use mmap(address) to get back to a given address.

In fact, first invocation of clisp does mmap() -> address, fill stuff,
write it out to disk.

Second invocation will reuse mmap(address) to try to get back that same
stuff at the same location and fail.

Since the way the data are filled is somewhat contrived, it's really
complicated to retrofit relocations in that... `porting' clisp to a
new platform often stops at finding a `safe' address for this kind of
mmap()...

which tends to fail under OpenBSD-current, for obvious reasons.

The only reasonable simple way I see of repairing this kind of trick
is by having some area with predictable mmap, for this kind of purpose...

Re: package installation script hints

[Marc Espie]

On Wed, Aug 24, 2005 at 04:35:13PM -0400, Will H. Backman wrote:
> 1. Packages get installed in a sub-optimal order.  Quite often one
> package on the list will have already been installed as a dependency.  I
> think my script downloads the redundant package before deciding that it
> was already installed.  Good ways to stop that?

Put the full list in the single pkg_add you want to run, this will get
sorted appropriately.

PKG_PATH=ftplocation pkg_add `cat pkglist`
is about what you want.

/bsd: arp: ether address is broadcast for IP address

[Chris]

I get the message
 /bsd: arp: ether address is broadcast for IP address xxx.xxx.xx.xxx


The box is a 3.6 Stable if that helps
can someone have a clue whats wrong?
Or for what to look for?

The box is up for almost a year
and still have no problems.



# ifconfig -A
lo0: flags=8049 mtu 33224
inet 127.0.0.1 netmask 0xff00 
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
fxp0: flags=8843 mtu 1500
address: x
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet xxx netmask 0xffc0 broadcast 
inet6 xfxp0 prefixlen 64 scopeid 0x1
inet   netmask 0xfff8 broadcast 
   And here are the virtual interfaces
pflog0: flags=141 mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536

Re: ftp.openbsd.org

[Nico Meijer]

Hey -f,

> what is happening with ftp.openbsd.org?
> it stalls the downloads every couple of minutes.
> anybody else experiencing this?

Not me. I use a nearby mirror: http://www.openbsd.org/ftp.html.

;-) ... Nico

Re: OpenBSD 3.8 negative free space (?WTF?)

[John Kintaro Tate]

Yeah, I just figured it must be some bizarre bug, mainly because I
find it hard to belive I used up all my space in a few hours from
using one, also because I am running a snapshot. If I had an even
bigger brain (which I don't) I would have actually remembered about
the negative space thing which I had read in the FAQ months ago.
Unfortunatly in this world we just have to live with people like
myself who just assume its the Operating Systems fault. Just like
everyone assumed bugs I was having with OpenBSD earlier this year were
my hardware's fault :-P.

On 8/25/05, Tobias Weingartner <[EMAIL PROTECTED]> wrote:
> On Thursday, August 25, John Kintaro Tate wrote:
> >
> > Hrm, I was installing the mono port and I ran into an error. The error
> > was simple and we all know what it means.
> >
> > Trying 62.243.72.50...
> > Unimplemented command.
> >  61% |**|  8922 KB04:55 
> > E
> > TA
> > /: write failed, file system is full
> >
> > So I did the next thing that comes naturally, I aborted and did a df -h...
> >
> > # df -h
> > FilesystemSizeUsed   Avail Capacity  Mounted on
> > /dev/wd0a 787M778M  -30.6M   104%/
> >
> > WTF is going on here? -30.6M sounds kinda weird.
> 
> And your knee-jerk reaction was to immediately post to misc@ and
> have the rest of us educate you on what is going on?  No research
> on your part?  I mean, a simple google search would have told you
> what is going on.
> 
> Now, go away, do your research, learn a little, and we'll all be much
> happier.
> 
> --Toby.
> 


-- 
John Kintaro Tate
Mobile: 0413 348 815 (Yep, old number, but I have a new phone)

Attention all Internet users, is life getting you down? Are you so
happy you could chainsaw an innocent bystander and LAUGH? Do you
believe in God? Do you not believe in God? Have you found yourself
stranded on prehistoric Earth for 5 years? If so, if you do anything
at all there are people who care at the Kintaro Labs Forum, join now
and after you reach 50 posts you get a free OpenBSD shell account!
http://labs.kintaro.noobify.com

Personal Website: http://kintaro.noobify.com

Re: OpenBSD 3.8 negative free space (?WTF?)

[Tobias Weingartner]

On Thursday, August 25, John Kintaro Tate wrote:
> 
> Hrm, I was installing the mono port and I ran into an error. The error
> was simple and we all know what it means.
> 
> Trying 62.243.72.50...
> Unimplemented command.
>  61% |**|  8922 KB04:55 E
> TA
> /: write failed, file system is full
> 
> So I did the next thing that comes naturally, I aborted and did a df -h...
> 
> # df -h
> FilesystemSizeUsed   Avail Capacity  Mounted on
> /dev/wd0a 787M778M  -30.6M   104%/
> 
> WTF is going on here? -30.6M sounds kinda weird.

And your knee-jerk reaction was to immediately post to misc@ and
have the rest of us educate you on what is going on?  No research
on your part?  I mean, a simple google search would have told you
what is going on.

Now, go away, do your research, learn a little, and we'll all be much
happier.

--Toby.

package installation script hints

[Will H. Backman]

I'm looking for hints and criticism for a package installation script.
I do a full install, and then install a set of packages.
To get the list of packages to install on another machine, I just
grabbed a directory listing from /var/db/pkg, put them in my script, and
then run that script on a fresh machine.
Questions:
1. Packages get installed in a sub-optimal order.  Quite often one
package on the list will have already been installed as a dependency.  I
think my script downloads the redundant package before deciding that it
was already installed.  Good ways to stop that?
2. Any way to wild-card the package version numbers?  I'd like to be
able to get the most recent version.

Here is the script:
#!/bin/sh

# Please change this to a local mirror
GETME="ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/";

packages=$(cat << EOF
ORBit2-2.12.2
atk-1.10.1
bzip2-1.0.3
cdparanoia-3.a9.8
control-center2-2.10.1
desktop-file-utils-0.10p0
docbook-4.2p1
docbook-dsssl-1.72
eel-2.10.1
epiphany-1.4.8
esound-0.2.34
gail-1.8.4
gconf2-2.10.0
gettext-0.10.40p3
glib2-2.6.4
gnome-applets2-2.10.1p0
gnome-desktop-2.10.1
gnome-icon-theme-2.10.1
gnome-keyring-0.4.2
gnome-menus-2.10.1
gnome-mime-data-2.4.2
gnome-panel-2.10.1p0
gnome-session-2.10.0
gnome-terminal-2.10.0
gnome-themes-2.10.1
gnome-utils-2.10.1p0
gnome-vfs2-2.10.1
gstreamer-0.8.10
gstreamer-plugins-0.8.8p0
gtk+2-2.6.9
gtk-engines2-2.6.3p0
hicolor-icon-theme-0.5
iso8879-1986
jpeg-6bp2
libIDL-0.8.5
libart-2.3.17
libaudiofile-0.2.6
libbonobo-2.8.1
libbonoboui-2.8.1
libgcrypt-1.2.0
libglade2-2.5.1
libgnome-2.10.0
libgnomecanvas-2.10.1
libgnomeprint-2.10.3
libgnomeprintui-2.10.2
libgnomeui-2.10.0
libgpg-error-0.7
libgsf-1.11.1p0
libgtkhtml-2.6.3
libgtop2-2.10.1
libiconv-1.9.2p1
librsvg-2.9.5p1
libwnck-2.10.0
libxklavier-2.0
libxml-2.6.16p5
libxslt-1.1.12p1
metacity-2.10.1
mozilla-1.7.8-gtk2
nautilus-2.10.1
pango-1.8.1
png-1.2.8
popt-1.7
scrollkeeper-0.3.14
shared-mime-info-0.15
startup-notification-0.8
tiff-3.7.3
vte-0.11.12
xscreensaver-4.21-no_gle
yelp-2.6.5
EOF)
#packages=`ls /var/db/pkg`

for i in $packages;
do
   full=$GETME$i.tgz;
   pkg_add -v $full;
done

--
Will Backman - Network Administrator
Coastal Enterprises, Inc.
http://www.ceimaine.org

a Medida de Sus Necesidades

[Programacion . de . PC]

Bienvenido a la Web de MarceloBuenosAires

 

~ Sistemas para PC ~

 

 

 

- Administracion Standard

- Fidelizacion de Clientes

- Mas Sistemas

 

[EMAIL PROTECTED]

 

Re: 3.8 beta requests

[Hannah Schroeter]

Hello!

On Wed, Aug 24, 2005 at 12:57:27PM -0500, Andrew Dyer wrote:
>It was very frustrating to try and make things better and get ignored.

I can share some frustration. About a year ago, I made a port for erlang
(the "current" port just doesn't work at all, and it's ancient anyway,
so *anything* is better than the in-tree port). IIRC got feedback by one
other person that it basically works. Nothing got committed, I didn't
have the energy to follow on upon it. A few months later, someone asked
about erlang, I answered and mailed the port of last summer, then IIRC
that someone made an updated port (a newer Erlang release was out, and
a few changes in the ports infrastructure) and submitted it. Again,
nothing got committed, even though just *anything* would be better than
the in-tree port.

Kind regards,

Hannah.

Re: 1U server recommendation

[Ryan Corder]

Diana Eichert wrote:
> Bob Sidhu has always been very helpful to me in the past.  Iron Systems
> even helped me out in one of the hardware fundraisers I did or maybe they
> actually provided hardware, gee I can't remember.

I too have been getting quotes from them the past few days.  Although
I can't speak of their responsiveness.  I've had a very difficult time
getting a hold of Bob or his internal counterpart Sheila.  They never
answer their phone and take hours or even days to respond to email.  In
fact, I've had emails to them bounce on occasion.

This doesn't mean I'm not going to buy from them...I really like the
hardware that they offer.  It just took me threatening to walk away
from the deal to get them to respond in a timely manner.

later.
ryanc

Re: OpenBSD 3.8 negative free space (?WTF?)

[Frank Bax]

At 02:21 PM 8/24/05, John Kintaro Tate wrote:


Hrm, I was installing the mono port and I ran into an error. The error
was simple and we all know what it means.

Trying 62.243.72.50...
Unimplemented command.
 61% |**|  8922 
KB04:55 ETA

/: write failed, file system is full

So I did the next thing that comes naturally, I aborted and did a df -h...

# df -h
FilesystemSizeUsed   Avail Capacity  Mounted on
/dev/wd0a 787M778M  -30.6M   104%/

WTF is going on here? -30.6M sounds kinda weird.



http://openbsd.default.co.yu/faq/faq14.html#NegSpace

Re: IPsec / routing problem in OpenBSD 3.7

[j knight]

--- Quoting [EMAIL PROTECTED] on 2005/08/24 at 18:35 +0200:

> 1) From Client1, I cannot ping its default gateway (.3.254) anymore. No ping 
> replies. ssh connection is frozen.

What machine and interface is .3.254 on? From the information below it
does not look like it's on PC_B. PC_B is .3.70.
 
> 2) If I run a tcpdump -i rl1, I see that the pings from Client1 to PC_B are 
> *routed* to PC_A!! Of course, PC_A doesn't know what to do with them; 
> something is getting back, however (encrypted) :
> # tcpdump -i rl1
> 17:54:15.803747 esp 10.0.0.6 > 10.0.0.1 spi 0x1F3A4307 seq 70 len 132 (DF)
> 17:54:15.810208 esp 10.0.0.1 > 10.0.0.6 spi 0x8A4C7C72 seq 58 len 132 (DF)

Doubtful. You have no idea what packets are encapsulated here. Do your
sniffing on enc0 instead.
 
> 6) Not all of PC_B 's traffic is going through the tunnel; for example, DNS 
> queries are still in clear:

netstat -rnf encap is your friend. You are not building a phase-2
connection that includes 10.0.0.x so no encryption for you. Same
reasoning applies to your ping from 10.0.0.1 to .6.



.joel

Re: OpenBSD 3.8 negative free space (?WTF?)

[Timothy Donahue]

On Wednesday 24 August 2005 03:25 pm, John Kintaro Tate wrote:
> Okay.
>
> I am wondering where all the space nicked off to, since I only
> installed it not long ago. I havn't run out of space on a system for a
> long time, how do I figure out what the biggest files and stuff are
> again?
>
> Thanks in advance.
>
> Kintaro.
>

man find (Hint: see the -size option)

ftp.openbsd.org

[-f]

hi there,

what is happening with ftp.openbsd.org?
it stalls the downloads every couple of minutes.


53% [==>  ] 19,162,576 6.98K/s ETA 38:08

and just hangs.  then starts again, then hangs...


anybody else experiencing this?

-f
-- 
it takes about ten years to get used to how old you are.

Re: OpenBSD 3.8 negative free space (?WTF?)

[Ray Percival]

On Wed, Aug 24, 2005 at 08:56:32PM +0200, Erik Wikstrvm wrote:
> On 2005-08-24 20:21, John Kintaro Tate wrote:
> >Hrm, I was installing the mono port and I ran into an error. The error
> >was simple and we all know what it means.
> >
> >Trying 62.243.72.50...
> >Unimplemented command.
> > 61% |**|  8922 KB
> > 04:55 ETA
> >/: write failed, file system is full
> >
> >So I did the next thing that comes naturally, I aborted and did a df -h...
> >
> ># df -h
> >FilesystemSizeUsed   Avail Capacity  Mounted on
> >/dev/wd0a 787M778M  -30.6M   104%/
> >
> >WTF is going on here? -30.6M sounds kinda weird.
> 
> I might be dead wrong here but I think that some space is reserved for
> root or some such.
~5% to be exact. 
> 
> --
> Erik Wikstrvm
> 

-- 
BOFH excuse #172:

pseudo-user on a pseudo-terminal

Re: OpenBSD 3.8 negative free space (?WTF?)

[Greg Thomas]

On 8/24/05, John Kintaro Tate <[EMAIL PROTECTED]> wrote:
> Hrm, I was installing the mono port and I ran into an error. The error
> was simple and we all know what it means.
> 
> Trying 62.243.72.50...
> Unimplemented command.
>  61% |**|  8922 KB04:55 
> ETA
> /: write failed, file system is full
> 
> So I did the next thing that comes naturally, I aborted and did a df -h...
> 
> # df -h
> FilesystemSizeUsed   Avail Capacity  Mounted on
> /dev/wd0a 787M778M  -30.6M   104%/
> 
> WTF is going on here? -30.6M sounds kinda weird.
> 

Read a FAQ for most any UNIX filesystem.

Greg

Re: OpenBSD 3.8 negative free space (?WTF?)

[John Kintaro Tate]

Okay.

I am wondering where all the space nicked off to, since I only
installed it not long ago. I havn't run out of space on a system for a
long time, how do I figure out what the biggest files and stuff are
again?

Thanks in advance.

Kintaro.

On 8/25/05, Bryan Irvine <[EMAIL PROTECTED]> wrote:
> > WTF is going on here? -30.6M sounds kinda weird.
> 
> Yup it's true.  OpenBSD has put everything in the FAQ.
> 
> http://www.openbsd.org/faq/faq14.html#NegSpace
> 
> :-)
> 
> --Bryan
> 


-- 
John Kintaro Tate
Mobile: 0413 348 815 (Yep, old number, but I have a new phone)

Attention all Internet users, is life getting you down? Are you so
happy you could chainsaw an innocent bystander and LAUGH? Do you
believe in God? Do you not believe in God? Have you found yourself
stranded on prehistoric Earth for 5 years? If so, if you do anything
at all there are people who care at the Kintaro Labs Forum, join now
and after you reach 50 posts you get a free OpenBSD shell account!
http://labs.kintaro.noobify.com

Personal Website: http://kintaro.noobify.com

Re: OpenBSD 3.8 negative free space (?WTF?)

[Darrin Chandler]

It's in the FAQ, specifically http://www.openbsd.org/faq/faq14.html#NegSpace

John Kintaro Tate wrote:


Hrm, I was installing the mono port and I ran into an error. The error
was simple and we all know what it means.

Trying 62.243.72.50...
Unimplemented command.
61% |**|  8922 KB04:55 ETA
/: write failed, file system is full

So I did the next thing that comes naturally, I aborted and did a df -h...

# df -h
FilesystemSizeUsed   Avail Capacity  Mounted on
/dev/wd0a 787M778M  -30.6M   104%/

WTF is going on here? -30.6M sounds kinda weird.

Re: proper way to format/use floppies (i386)

[J.C. Roberts]

On Wed, 24 Aug 2005 16:13:08 +0200, Michael Adam
<[EMAIL PROTECTED]> wrote:

>Jonathan Schleifer <[EMAIL PROTECTED]> wrote:
>> Michael Adam <[EMAIL PROTECTED]> wrote:
>> > which is the right or preferred way to do so (since there are, as
>> > I pointed out several possible ways).
>> 
>> I already answered that before:
>> Jonathan Schleifer <[EMAIL PROTECTED]> wrote:
>> > Floppies usually don't have a partition table nor a disk label, so
>> > just newfs fd0c and you should be fine.
>
>Well yes, it is working. But still: The floppy does have a disklabel
>which does only have partition "c" by default. And it seems strange
>to me, that I should create a filesystem on a partition "c". And even
>stranger, this file system can afterwards be accessed through partition
>"a" which does not even show up in the disklabel.
>
>What puzzles me even more is the fact, that in the boot "Absolute OpenBSD"
>by Michael W. Lucas, it is said on page 310, that "FFS file systems need
>a valid partition table on every disk" and then the author desribes the 
>following steps:
>  # disklabel -w /dev/rfd0c floppy
>  # newfs /dev/rfd0c
>
>which yields a disklabel with overlapping partitions, and "disklabel -E fd0"
>tells me that the disklabel has an error an offers me to disable one partition
>or the other...
>
>These are the reasons why I was not completely content with your short 
>an simple answer. (I do favor simple solutions, of course!) 
>
>> You also heart this from others. So it's not that your main question got
>> lost ;).
>
>Not on your side anyway... ;-)
>
>Cheers, Michael

Hi Michael,

As far as I can tell, you basically asked for the "right or preferred
way" "of putting a filesystem onto a floppy"

The best answer I know is fdformat. It works. It's simple and it's the
most commonly accepted way to do what you asked.

If by chance you are asking a different question, then unfortunately
no one on the list is actually understanding what you really want. 

JCR

Re: OpenBSD 3.8 negative free space (?WTF?)

[Bryan Irvine]

> WTF is going on here? -30.6M sounds kinda weird.

Yup it's true.  OpenBSD has put everything in the FAQ.

http://www.openbsd.org/faq/faq14.html#NegSpace

:-)

--Bryan

Re: OpenBSD 3.8 negative free space (?WTF?)

[Sigfred Håversen]

John Kintaro Tate wrote:
[snip]

So I did the next thing that comes naturally, I aborted and did a df -h...

# df -h
FilesystemSizeUsed   Avail Capacity  Mounted on
/dev/wd0a 787M778M  -30.6M   104%/

WTF is going on here? -30.6M sounds kinda weird.



http://www.openbsd.org/faq/faq14.html#NegSpace

/Sigfred

Re: OpenBSD 3.8 negative free space (?WTF?)

[Mathias Wegner]

> Hrm, I was installing the mono port and I ran into an error. The error
> was simple and we all know what it means.
> 
> Trying 62.243.72.50...
> Unimplemented command.
>  61% |**|  8922 KB04:55 
> ETA
> /: write failed, file system is full
> 
> So I did the next thing that comes naturally, I aborted and did a df -h...
> 
> # df -h
> FilesystemSizeUsed   Avail Capacity  Mounted on
> /dev/wd0a 787M778M  -30.6M   104%/
> 
> WTF is going on here? -30.6M sounds kinda weird.


See the FAQ.


-- 

I don't want the world, I just want your half.

Re: isakmp vpn configuration

[j knight]

--- Quoting Daniel Eyholzer on 2005/08/24 at 08:33 +0200:

> Yes, I have tried to filter on VPN client ip addresses on the enc0
> interface. This works, but the problem is that not all users should be
> allowed to do the same things. Since the VPN client ip address can be
> chosen arbitrary on the VPN client, the user can chose an ip address that
> is allowed to do what he wants to do. Therefore it is not secured, the user
> has just to know which ip address has full access, and he can access all he
> wants on all vlans.

You definitely want to setup a policy then and to use x509 certs for
client authentication. Create a policy that delegates to sub policies
for each client. The "licensees" of each sub policy should match the
distinguished name of the client's key. Specify the appropriate
remote_filter/local_filter options in the policy as well. Obviously this
doesn't scale so well for large numbers of users.

Check out the isakmpd.policy(5) man page for all the details.




.joel

Re: OpenBSD 3.8 negative free space (?WTF?)

[Erik Wikström]

On 2005-08-24 20:21, John Kintaro Tate wrote:

Hrm, I was installing the mono port and I ran into an error. The error
was simple and we all know what it means.

Trying 62.243.72.50...
Unimplemented command.
 61% |**|  8922 KB04:55 ETA
/: write failed, file system is full

So I did the next thing that comes naturally, I aborted and did a df -h...

# df -h
FilesystemSizeUsed   Avail Capacity  Mounted on
/dev/wd0a 787M778M  -30.6M   104%/

WTF is going on here? -30.6M sounds kinda weird.


I might be dead wrong here but I think that some space is reserved for
root or some such.

--
Erik Wikstrvm

Re: Problems with pf+nat+some websites

[Bryan Irvine]

> > nice try, but i Don't use pppoe.
> > We have a DSL-Router from our providewr and as I mentioned before, we
> > had no Problems with the cisco-router doing the firewall job (Nat).
> 
> so, yes you DO use PPPoE.  

Not necessarily, it could be in bridged mode.

--Bryan

Re: 3.8 snapshot laptop sleep issues

[Will H. Backman]

> -Original Message-
> From: Dave Feustel [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 24, 2005 2:29 PM
> To: Will H. Backman
> Cc: misc@openbsd.org
> Subject: Re: 3.8 snapshot laptop sleep issues
> 
> On Wednesday 24 August 2005 12:31, Will H. Backman wrote:
> > Running today's snapshot on an old laptop (Dell Latitude PPL), and I
put
> > the cover down to see if it would go to sleep and wake up properly.
> > After it went to sleep, I opened the laptop back up, and it started
to
> > come back alive, but the screen stayed blank.
> > I couldn't switch virtual consoles.  Reset the machine.  Nothing odd
> > showed up in the logs, except that wd0 was not properly unmounted.
> > Any way to start debugging this?
> >
> > --
> > Will Backman - Network Administrator
> > Coastal Enterprises, Inc.
> > http://www.ceimaine.org
> 
> Did you try pushing the on/off switch for 5 seconds?
> That will turn the laptop off unconditionally
> and you can turn it back on for a reboot.
> 
> --
> Tired of having to defend against Malware?
> (You know: trojans, viruses, SPYWARE, ADWARE,
> KEYLOGGERS, rootkits, worms and popups)
> Then Switch to OpenBSD with a KDE desktop!!!

My problem was not with trying to reboot.  My problem was that the
system didn't log anything in dmesg or syslog.  I didn't even see any
traces that it had gone to sleep in the logs.  When the laptop woke up,
the network cards also woke up.  It was just that the screen was blank.
I didn't know if there were any other places to look for logs or other
error messages.

Re: 3.8 snapshot laptop sleep issues

[Dave Feustel]

On Wednesday 24 August 2005 12:31, Will H. Backman wrote:
> Running today's snapshot on an old laptop (Dell Latitude PPL), and I put
> the cover down to see if it would go to sleep and wake up properly.
> After it went to sleep, I opened the laptop back up, and it started to
> come back alive, but the screen stayed blank.
> I couldn't switch virtual consoles.  Reset the machine.  Nothing odd
> showed up in the logs, except that wd0 was not properly unmounted.
> Any way to start debugging this? 
> 
> --
> Will Backman - Network Administrator
> Coastal Enterprises, Inc.
> http://www.ceimaine.org

Did you try pushing the on/off switch for 5 seconds?
That will turn the laptop off unconditionally
and you can turn it back on for a reboot. 

-- 
Tired of having to defend against Malware?
(You know: trojans, viruses, SPYWARE, ADWARE, 
KEYLOGGERS, rootkits, worms and popups) 
Then Switch to OpenBSD with a KDE desktop!!!

OpenBSD 3.8 negative free space (?WTF?)

[John Kintaro Tate]

Hrm, I was installing the mono port and I ran into an error. The error
was simple and we all know what it means.

Trying 62.243.72.50...
Unimplemented command.
 61% |**|  8922 KB04:55 ETA
/: write failed, file system is full

So I did the next thing that comes naturally, I aborted and did a df -h...

# df -h
FilesystemSizeUsed   Avail Capacity  Mounted on
/dev/wd0a 787M778M  -30.6M   104%/

WTF is going on here? -30.6M sounds kinda weird.

-- 
John Kintaro Tate
Mobile: 0413 348 815 (Yep, old number, but I have a new phone)

Attention all Internet users, is life getting you down? Are you so
happy you could chainsaw an innocent bystander and LAUGH? Do you
believe in God? Do you not believe in God? Have you found yourself
stranded on prehistoric Earth for 5 years? If so, if you do anything
at all there are people who care at the Kintaro Labs Forum, join now
and after you reach 50 posts you get a free OpenBSD shell account!
http://labs.kintaro.noobify.com

Personal Website: http://kintaro.noobify.com

Re: 3.8 beta requests

[Andrew Dyer]

> The real problem is people who encounter a problem and fail to report
> it.  They just think "this is crap" and go on to something else.

I think the developers need to address the problems that get brought up, too.
I took the time to post a complete bug report (good and failing dmesg) about a 
bug that made an(4) crash the kernel and not boot 3.7 to misc@ and bugs@,
then later sent it to the maintainer (mickey) , and got nothing each time, not
even a "yeah, okay we got it" or "take a look in this part of the code
or try this"
message.  

It was very frustrating to try and make things better and get ignored.

-- 
Hardware, n.:
The parts of a computer system that can be kicked.

Re: Problems with pf+nat+some websites

[Matty]

On Wed, 24 Aug 2005, Nick Holland wrote:


Guido Tschakert wrote:

Jonathan Schleifer wrote:

I don't see where you set the MTU/MSS? Are you sure you have set them
somewhere else? eBay is known to have problems with bad/wrong MTU/MSS.
Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding
-mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!],
section MTU/MSS ISSUES.


Hello Jonathan,

nice try, but i Don't use pppoe.
We have a DSL-Router from our providewr and as I mentioned before, we
had no Problems with the cisco-router doing the firewall job (Nat).


so, yes you DO use PPPoE.  DSL systems VERY often have a
smaller-than-possible MTU.
This often causes problems much like you describe.

Just set it in your hostname. file.
Google for simple ping tests to find the maximum MTU you can use in your
precise case...and see if setting the firewall accordingly solves your
problem.

Nick.



Just a note -- Brendan Gregg came up with a perl script to test MTU issues:

http://users.tpg.com.au/adsln4yb/Perl/mtufinder

If you want to test the entire spectrum of MTU/TCP MSS values, you will 
need to adjust the while loop.

Re: LSI Logic Ultra320 Scsi Raid Card

[Marco Peereboom]

If you guys care about this diff making 3.8 I suggest that someone sends me
some feedback.

/marco

On Tue, Aug 23, 2005 at 12:19:11PM -0500, Marco Peereboom wrote:
> Note that pcidevs_data.h and pcidevs.h are part of the diff.  I did this for
> easy patching and testing.
> 
> Give it a go and let me know if it works.
> 
> /marco
> 
> Index: ami_pci.c
> ===
> RCS file: /cvs/src/sys/dev/pci/ami_pci.c,v
> retrieving revision 1.29
> diff -u -r1.29 ami_pci.c
> --- ami_pci.c 15 Aug 2005 23:22:46 -  1.29
> +++ ami_pci.c 23 Aug 2005 17:15:36 -
> @@ -87,6 +87,7 @@
>   AMI_CHECK_SIGN | AMI_BROKEN },
>   { PCI_VENDOR_SYMBIOS,   PCI_PRODUCT_SYMBIOS_MEGARAID,   0 },
>   { PCI_VENDOR_SYMBIOS,   PCI_PRODUCT_SYMBIOS_MEGARAID_320,   0 },
> + { PCI_VENDOR_SYMBIOS,   PCI_PRODUCT_SYMBIOS_MEGARAID_3202E, 0 },
>   { PCI_VENDOR_SYMBIOS,   PCI_PRODUCT_SYMBIOS_SATA8,  0 },
>   { 0 }
>  };
> Index: pcidevs
> ===
> RCS file: /cvs/src/sys/dev/pci/pcidevs,v
> retrieving revision 1.908
> diff -u -r1.908 pcidevs
> --- pcidevs   23 Aug 2005 03:31:34 -  1.908
> +++ pcidevs   23 Aug 2005 17:15:39 -
> @@ -2054,6 +2054,7 @@
>  product SYMBIOS FC919_1  0x0625  FC919
>  product SYMBIOS MEGARAID 0x1960  MegaRAID
>  product SYMBIOS MEGARAID_320 0x0407  MegaRAID 320
> +product SYMBIOS MEGARAID_3202E   0x0408  MegaRAID 320-2E
>  product SYMBIOS SATA80x0409  MegaRAID SATA 8x
>  
>  /* Packet Engines products */
> Index: pcidevs.h
> ===
> RCS file: /cvs/src/sys/dev/pci/pcidevs.h,v
> retrieving revision 1.909
> diff -u -r1.909 pcidevs.h
> --- pcidevs.h 23 Aug 2005 03:31:53 -  1.909
> +++ pcidevs.h 23 Aug 2005 17:15:44 -
> @@ -2059,6 +2059,7 @@
>  #define  PCI_PRODUCT_SYMBIOS_FC919_1 0x0625  /* FC919 */
>  #define  PCI_PRODUCT_SYMBIOS_MEGARAID0x1960  /* MegaRAID */
>  #define  PCI_PRODUCT_SYMBIOS_MEGARAID_3200x0407  /* 
> MegaRAID 320 */
> +#define  PCI_PRODUCT_SYMBIOS_MEGARAID_3202E  0x0408  /* 
> MegaRAID 320-2E */
>  #define  PCI_PRODUCT_SYMBIOS_SATA8   0x0409  /* MegaRAID 
> SATA 8x */
>  
>  /* Packet Engines products */
> Index: pcidevs_data.h
> ===
> RCS file: /cvs/src/sys/dev/pci/pcidevs_data.h,v
> retrieving revision 1.908
> diff -u -r1.908 pcidevs_data.h
> --- pcidevs_data.h23 Aug 2005 03:31:53 -  1.908
> +++ pcidevs_data.h23 Aug 2005 17:15:49 -
> @@ -5923,6 +5923,10 @@
>   "MegaRAID 320",
>   },
>   {
> + PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_MEGARAID_3202E,
> + "MegaRAID 320-2E",
> + },
> + {
>   PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SATA8,
>   "MegaRAID SATA 8x",
>   },

3.8 snapshot laptop sleep issues

[Will H. Backman]

Running today's snapshot on an old laptop (Dell Latitude PPL), and I put
the cover down to see if it would go to sleep and wake up properly.
After it went to sleep, I opened the laptop back up, and it started to
come back alive, but the screen stayed blank.
I couldn't switch virtual consoles.  Reset the machine.  Nothing odd
showed up in the logs, except that wd0 was not properly unmounted.
Any way to start debugging this? 

--
Will Backman - Network Administrator
Coastal Enterprises, Inc.
http://www.ceimaine.org

Online Banking and Bill Pay Deactivation Notice

[Bank of the West]

[IMAGE]

   Dear eTimeBanker Customer,

This is your official notification from Bank Of The West that the
service(s) listed below
   will be deactivated and deleted if not renewed immediately. Previous
notifications have
   been sent to the Billing Contact assigned to this account. As the
Primary Contact, you
   must renew the service(s) listed below or it will be deactivated and
deleted.

   Renew Now  your eTimeBanker Online Banking and Bill Pay Services. 
   SERVICE : Bank Of The West eTimeBanker with Bill Pay.
   EXPIRATION: Aug 24th, 2005 
   Thank you for using eTimeBanker. We appreciate your business and the
opportunity to serve you.Bank Of The West Management Center Customer
Support 
  
*
   IMPORTANT CUSTOMER SUPPORT INFORMATION
  
*   
Please do not reply to this message. For any inquiries, contact Customer
Service.Document Reference: (87051203).Bank Of The West, N.A.
Member FDIC.  Equal Housing Lender.
   Copyright ) 2005 Bank Of The West, N.A. All rights reserved.

Re: 3.8 beta requests

[Theo de Raadt]

> > A few things that get bitten are some packages doing their own and very
> > different memory management, but can't avoid malloc altogether.
> > That is ports/lang/clisp, that seems to be also gprolog
> 
> Can you describe how these programs manage to seg fault doing their
> memory management? How do they run now if they don't use malloc?

Most of those that fail assume that if malloc returns a predictable
memory address sequence.

Not even emacs does that (and you don't want to hear that rant :)

IPsec / routing problem in OpenBSD 3.7

[[EMAIL PROTECTED]]

Hello!

   I'm having troubles with IPsec, but I'm not really sure whether it's an 
IPsec issue, a routing problem or just that I'm missing something big, very 
big... So any help is more than welcome!

   Here's the setup: PC_A is acting as a NAT gateway with three network cards. 
sis0 goes to an ADSL modem, sis1 talks to the local internal network 
(192.168.0.0/24). 

   I have another office on the other side of the road with its own network 
(192.168.3.0/24 on rl0), gateway is 192.168.3.254 (PC_B). The rl1 card 
(10.0.0.6) is connected to a WiFi client whis in turn is bridged to a WiFi AP 
and finally to the sis2 card (10.0.0.1) on PC_A. 

   sis0 --- ADSL MODEM
|
  *PC_A* sis2 --- AP  <- WiFi ->  AP --- rl1 *PC_B* rl0 --- Client1
|
   sis1 --- 192.168.0.0/24 LAN

   Perhaps you already see where I'm going: I need to secure the connection 
between PC_A (on its 10.0.0.1 interface) and everything that's going to PC_B 
and to the LAN behind it (192.168.3.254). No, I don't need to tunnel the two 
subnets (192.168.0.0 and .3.0) together. They can live separated, as far as the 
remote office LAN (.3.0) can access the server and access the Internet.

   Both PC_A and PC_B are running on OpenBSD 3.7. 

   So, I boot up PC_B and manually add the default route (it's fresh out of an 
install, so I still do it by hand):

# route add 0/0 10.0.0.1
# route show -inet
Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu  Interface
default10.0.0.1   UGS 09  -   rl1
10.0.0.0/29link#2 UC  00  -   rl1
10.0.0.1   00:09:5b:XX:XX:XX  UHLc05  -   rl1
loopback   localhost  UGRS00  33224   lo0
localhost  localhost  UH  00  33224   lo0
192.168.3/24   link#1 UC  00  -   rl0
192.168.3.70   00:50:fc:XX:XX:XX  UHLc0  309  -   rl0
BASE-ADDRESS.MCAST localhost  URS 00  33224   lo0

   PLEASE NOTE : I posted all configuration info at the end of the message

   Next, Client1 can ping (obviously!) its default gateway (192.168.3.254), the 
rl1 card (10.0.0.6), the machine on the other side of the road (10.0.0.1 and 
192.168.0.254) and, of course, google.com. Yes, there are two separate NAT 
rules (one for each internal network) and yes, PC_A has the routes to the 
remote network 192.168.3.0/24.

   So far, so good. Now I start isakmpd on both machines. This is what happens:

1) From Client1, I cannot ping its default gateway (.3.254) anymore. No ping 
replies. ssh connection is frozen.

2) If I run a tcpdump -i rl1, I see that the pings from Client1 to PC_B are 
*routed* to PC_A!! Of course, PC_A doesn't know what to do with them; something 
is getting back, however (encrypted) :

# tcpdump -i rl1
17:54:15.803747 esp 10.0.0.6 > 10.0.0.1 spi 0x1F3A4307 seq 70 len 132 (DF)
17:54:15.810208 esp 10.0.0.1 > 10.0.0.6 spi 0x8A4C7C72 seq 58 len 132 (DF)

3) If Client1 pings 192.168.0.254 (on PC_A) or any other machine in PC_A's 
internal subnet, I get replies (encrypted through the tunnel).

4) If Crrlient1 pings www.google.com, I get replies (encrypted).

5) If I ssh on PC_A (10.0.0.1) and from there ping 10.0.0.6, the pings are 
unencrypted:
18:04:28.631809 10.0.0.1 > 10.0.0.6: icmp: echo request
18:04:28.631898 10.0.0.6 > 10.0.0.1: icmp: echo reply
But I guess this was to be expected according to the way I set up the tunnel.

6) Not all of PC_B 's traffic is going through the tunnel; for example, DNS 
queries are still in clear:
tcpdump: listening on rl1, link-type EN10MB
18:09:53.547812 esp 10.0.0.6 > 10.0.0.1 spi 0x33FDCE18 seq 84 len 148 (DF) [tos 
0x10]
18:09:53.555414 esp 10.0.0.1 > 10.0.0.6 spi 0xFB1721D2 seq 64 len 100 (DF) [tos 
0x10]
18:09:53.557740 esp 10.0.0.1 > 10.0.0.6 spi 0xFB1721D2 seq 65 len 148 (DF) [tos 
0x10]
18:09:53.558698 esp 10.0.0.6 > 10.0.0.1 spi 0x33FDCE18 seq 85 len 100 (DF) [tos 
0x10]
18:09:54.135727 10.0.0.6.27192 > ns3.XXX.domain:  40783+ PTR? 
1.0.0.10.in-addr.arpa. (39)
18:09:54.164014 esp 10.0.0.6 > 10.0.0.1 spi 0x33FDCE18 seq 86 len 148 (DF) [tos 
0x10]
18:09:54.175462 esp 10.0.0.1 > 10.0.0.6 spi 0xFB1721D2 seq 66 len 148 (DF) [tos 
0x10]
18:09:54.176541 esp 10.0.0.6 > 10.0.0.1 spi 0x33FDCE18 seq 87 len 100 (DF) [tos 
0x10]
18:09:54.18 esp 10.0.0.1 > 10.0.0.6 spi 0xFB1721D2 seq 67 len 180 (DF) [tos 
0x10]
18:09:54.186064 10.0.0.1 > 10.0.0.6: icmp: echo request
18:09:54.186149 10.0.0.6 > 10.0.0.1: icmp: echo reply
18:09:54.186561 esp 10.0.0.6 > 10.0.0.1 spi 0x33FDCE18 seq 88 len 100 (DF) [tos 
0x10]
18:09:54.189521 ns3.tin.it.domain > 10.0.0.6.27192:  40783 NXDomain* 0/1/0 (99)
18:09:54.191344 10.0.0.6.30665 > ns3.XXX.domain:  59489+ PTR? 
6.0.0.10.in-addr.arpa. (39)
18:09:54.195008 esp 10.0.0.1 > 10.0.0.6 spi 0xFB1721D2 seq 68 len 196 (DF) [tos 
0x10]
18:09:54.196155 esp 10.0.0.6 > 10.0.0.1 spi 0x33FDCE18 seq 8

Re: 3.8 beta requests

[Dave Feustel]

On Wednesday 24 August 2005 10:56, Marc Espie wrote:
> On Wed, Aug 24, 2005 at 08:09:36AM -0500, Dave Feustel wrote:
> > On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote:
> > 
> > > A few things that get bitten are some packages doing their own and very
> > > different memory management, but can't avoid malloc altogether.
> > > That is ports/lang/clisp, that seems to be also gprolog
> > 
> > Can you describe how these programs manage to seg fault doing their
> > memory management? How do they run now if they don't use malloc?
> > -- 
> 
> Those programs use mmap() to create their basic image and fill it in.
> Then on a later invocation, they try to use mmap() again to get the
> image at the same location, which works on most Unix systems, except
> for OpenBSD-current...

In other words, now in OpenBSD 3.8, all addresses within an mmap'd region 
have to be treated as relative to the base address of the region if the region
is mapped more than once?

-- 
Tired of having to defend against Malware?
(You know: trojans, viruses, SPYWARE, ADWARE, 
KEYLOGGERS, rootkits, worms and popups) 
Then Switch to OpenBSD with a KDE desktop!!!

Re: Complete disk disaster

[Matty]

On Wed, 24 Aug 2005, Stuart Henderson wrote:


--On 24 August 2005 10:37 +0200, Ramiro Aceves wrote:


pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61
wd1a: device timeout reading fsbn 1489200 of 1489200-1489203 (wd1 bn
1489263; cn 1477 tn 7 sn 6), retrying
wd1: soft error (corrected)
wd1(pciide0:0:1): timeout
type: ata
c_bcount: 2048
c_skip: 0
pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61
wd1a: device timeout reading fsbn 1486176 of 1486176-1486179 (wd1 bn
1486239; cn 1474 tn 7 sn 6), retrying
wd1: soft error (corrected)

[etc]

All hard drives have bad blocks, most hard drives now have some spare 
capacity. As the drive detects bad or failing blocks, the spare blocks are 
automatically remapped over the bad blocks. This is internal to the drive - 
by the time you start noticing drive errors, the drive is usually unable to 
remap any more blocks.


smartmontools does a great job of notifying you prior to this occurring. 
When you startup smartd to alert when S.M.A.R.T attributes change, you can 
watch the drive slowly die over time. smartmontools is part of the OpenBSD

ports tree in case you interested in giving it a spin.



Sometimes the manufacturer's drive-test tools can be useful (Hitachi/IBM's 
DFT can do some basic tests on drives from other manufacturers too). There's 
also a commercial program Spinrite which claims to have good stress-tests.

Re: 3.8 beta requests

[John Kintaro Tate]

On 8/25/05, -f <[EMAIL PROTECTED]> wrote:
> hmm, on Tue, Aug 23, 2005 at 09:23:27AM -0700, Raymond Lillard said that
> > Maybe a slogan along the lines of, "Is your software good enough
> > for OpenBSD"!!  Perhaps it could be worked into the release's
> > theme.
> 
> that is truly a brilliant idea ;-)
> any artists here?  make a "designed for puffy" logo.
> 
> first, all of the openbsd related projects could put it
> on their site.  later the porters could ask their ported
> projects to include the logo on their page (if they "deserve" it)

How about we go Torvalds style and sue motherfuckers for trademark
violations if they use it when they don't "deserve" it.

> 
> tshirts, mugs, a magazine, a tv show, finally even the HW
> manufacturers and microsoft would be pressed to redesign
> their OS to get the "seal of quality".
> 
> and after the planet is conquered, the universe is the limit!
> ha ha ha!
> 
> 
> -f
> (ps. i swear the tagline was generated random!)
> --
> all your base are belong to us.
> 
> 


-- 
John Kintaro Tate
Mobile: 0413 348 815 (Yep, old number, but I have a new phone)

Attention all Internet users, is life getting you down? Are you so
happy you could chainsaw an innocent bystander and LAUGH? Do you
believe in God? Do you not believe in God? Have you found yourself
stranded on prehistoric Earth for 5 years? If so, if you do anything
at all there are people who care at the Kintaro Labs Forum, join now
and after you reach 50 posts you get a free OpenBSD shell account!
http://labs.kintaro.noobify.com

Personal Website: http://kintaro.noobify.com

Re: 3.8 beta requests

[Marc Espie]

On Wed, Aug 24, 2005 at 08:09:36AM -0500, Dave Feustel wrote:
> On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote:
> 
> > A few things that get bitten are some packages doing their own and very
> > different memory management, but can't avoid malloc altogether.
> > That is ports/lang/clisp, that seems to be also gprolog
> 
> Can you describe how these programs manage to seg fault doing their
> memory management? How do they run now if they don't use malloc?
> -- 

Those programs use mmap() to create their basic image and fill it in.
Then on a later invocation, they try to use mmap() again to get the
image at the same location, which works on most Unix systems, except
for OpenBSD-current...

Re: /usr/share/pf/ suggestion

[Bryan Irvine]

> What crashed?  Apache or OpenBSD?
> 

Apache of course! ;)

Re: stupid wifi question

[Reyk Floeter]

On Wed, Aug 24, 2005 at 05:41:15PM +0300, slack _usr wrote:
> First of all, I'm sorry for such stupid question. I know, that I need
> few details, but I can't figure out what are they. I'm plaing with
> Intel(r) PRO/Wireless2200BG wifi card and it's configuration. I have
> found different descriptions for the /etc/dhclient.conf file. I have
> read "iwi" manual.  There are different options (or maybe only

no, i don't think that you read the iwi(4) or ifconfig(8) manual. see
below.

> initial-interval 1;
> send host-name "thinkpad";
> request subnet-mask, broadcast-address, routers, domain-name,
> domain-name-servers, host-name;
> interface "iwi0" {
>  media "ssid sessionid wepkey 0x1011121311";
> }
> 

huh? why don't you just use a /etc/hostname.iwi0 (see hostname.if(5)!)
with one line like this:

dhcp nwid sessionid nwkey 0x1011121311

...and use the default dhclient configuration?

> What are the differences between "wepkey" and "nwkey" mentioned in iwi

again, that's why i think that you didn't read the documentation.
neither iwi(4) nor ifconfig(8). there are no options called "wepkey"
or "essid" in openbsd.

reyk

Re: stupid wifi question

[Will H. Backman]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> slack _usr
> Sent: Wednesday, August 24, 2005 10:41 AM
> To: misc@openbsd.org
> Subject: stupid wifi question
> 
> Hi everyone,
> 
> First of all, I'm sorry for such stupid question. I know, that I need
> few details, but I can't figure out what are they. I'm plaing with
> Intel(r) PRO/Wireless2200BG wifi card and it's configuration. I have
> found different descriptions for the /etc/dhclient.conf file. I have
> read "iwi" manual.  There are different options (or maybe only
> different same option names). I'm newbie in a wifi networks. But in
> the other system, machine with windows and netstumbller I found these
> wifi networks settings:
> 
> SSID: sessionid
> Network Authentification: Open
> Data Encryption: Wep
> Network key: 1011121311 (0x1011121311)
> 
> There sessionid is changed only for anonimity purposes.
> 
> So. In OpenBSD 3.7 stable iwi0 is working, but I can't associate to
> the access point.
> I need to use dhcp (em0 is working perfect). Now I'm trying to use
> such /etc/dhclient.conf configuration:
> 
> initial-interval 1;
> send host-name "thinkpad";
> request subnet-mask, broadcast-address, routers, domain-name,
> domain-name-servers, host-name;
> interface "iwi0" {
>  media "ssid sessionid wepkey 0x1011121311";
> }
> 
> And when I try to use:
> #dhclient iwi0
> I get following errors:
> Trying medium "ssid sessionid wepkey 0x1011121311" 1
> DHCPDISCOVER on iwi0 to 255.255.255.255 port 67 interval 2
> send_packet: Network is down
> 
> I get this in a cycle with different intervals (" 255.255.255.255 port
> 67 interval 2", " 255.255.255.255 port 67 interval 3",  "
> 255.255.255.255 port 67 interval 7").
> 
> What are the differences between "wepkey" and "nwkey" mentioned in iwi
> driver developer page
> (http://damien.bergamini.free.fr/ipw/ipw-openbsd.html).
> And in the same page there are good description, but only for static
> configurations. So if I 've understood everything correctly, I need to
> use /etc/dhclient.conf file for configuration. But I stuck there.
> Please, give me any advice or a link.
> 
> Thanks for your patient, and sorry for me english.
> 
> Regards,
> 
> --
> Slack is GOOD. OBSD better.

I think you should be putting your settings in /etc/hostname.iwi0
See "man iwi" for examples.

Re: proper way to format/use floppies (i386)

[Michael Adam]

Spruell, Darren-Perot <[EMAIL PROTECTED]> wrote:
> 
> Is there any reason to use FFS on a floppy? Won't FAT (-12, or whatever)
> work fine? Could you just mformat it and be along?

Yes, in fact there are:

1. As a matter of principle.
2. I need the FFS file permissions and ownerships on the floppy.

Michael

Re: /usr/share/pf/ suggestion

[eric]

On Wed, 2005-08-24 at 09:15:48 -0400, Timothy Donahue proclaimed...

> "A Good Thing"(TM) when done correctly, it is NAT that is not necessarily a 
> good thing.  Filtering incoming (and possibly outgoing traffic) helps do 
> several things, first it decreases the burden on your hosts.  It also allows 
> you a place to stop traffic that should never leave your network, for 
> example, only your mail servers should be allowed to send traffic on port 25.

Ha, sure. Now get a job outside your little corporate entity and see how
that goes over. Then let us decide on our own policies.

Re: proper way to format/use floppies (i386)

[Hannah Schroeter]

Hello!

On Wed, Aug 24, 2005 at 07:57:55AM -0700, Spruell, Darren-Perot wrote:
>[...]

>Is there any reason to use FFS on a floppy? Won't FAT (-12, or whatever)
>work fine? Could you just mformat it and be along?

Of course there is. Just take a look at the boot floppies, for example.
Or think of the floppy image I used for that mini bridge hack...

Or if you want to use features FAT doesn't offer, like
owners/permissions/255 char filenames.

But I guess for many purposes, mformat and either mtools or
mount_msdosfs will be enough.

Kind regards,

Hannah.

Re: /usr/share/pf/ suggestion

[Jason Crawford]

On 8/24/05, Bryan Irvine <[EMAIL PROTECTED]> wrote:
> > I personally like to 'pass keep state' with a 'scrub all' rule. This
> > at least gives me some interesting statistics to poke at when I'm
> > bored. Plus, I can firewall who gets to ssh into my machine.
> 
> Another good use is {max-src-states  ##} for webservers and the like.
> I have a webserver that would crash at 9am every morning when a few
> bots (2 in particaular) would crawl the site.  They are poorly
> configured and open roughly 120 simlutaneous connections.  They were
> very low bandwidth, but there went all available connections.
> 
> To quote Theo it's "Horse-shit" to say you don't need to filter single hosts.
> 

I left out a lot of my reasoning for feeling the way I do in my first
mail about not needing a packet filter on single hosts, and it's more
a personal preference, not telling everyone that you're all idiots for
wanting to. If your web server crashes because it has 240 connections
open (I'm assuming 120 per bot) then there seems to be something else
wrong with it, and shouldn't be ignored by just throwing up pf. It was
more that for me, if I throw up pf to protect a single host, I tend to
get lazy in the administration of it, and start ignoring things that
should really be looked at (like applications opening up random ports,
in reference to an earlier KDE post). I really don't think that a
desktop environment should be opening up anything at all, and so I'd
rather just not run it instead of run a desktop environment that I
have no idea what it's doing on the network. If anyone is interested
any further as to why I feel the way I do, email me privately, since
this is getting way off topic and doesn't belong on the openbsd-misc
mailing list anyways.

Jason

stupid wifi question

[slack _usr]

Hi everyone,

First of all, I'm sorry for such stupid question. I know, that I need
few details, but I can't figure out what are they. I'm plaing with
Intel(r) PRO/Wireless2200BG wifi card and it's configuration. I have
found different descriptions for the /etc/dhclient.conf file. I have
read "iwi" manual.  There are different options (or maybe only
different same option names). I'm newbie in a wifi networks. But in
the other system, machine with windows and netstumbller I found these
wifi networks settings:

SSID: sessionid
Network Authentification: Open
Data Encryption: Wep
Network key: 1011121311 (0x1011121311)

There sessionid is changed only for anonimity purposes.

So. In OpenBSD 3.7 stable iwi0 is working, but I can't associate to
the access point.
I need to use dhcp (em0 is working perfect). Now I'm trying to use
such /etc/dhclient.conf configuration:

initial-interval 1;
send host-name "thinkpad";
request subnet-mask, broadcast-address, routers, domain-name,
domain-name-servers, host-name;
interface "iwi0" {
 media "ssid sessionid wepkey 0x1011121311";
}

And when I try to use:
#dhclient iwi0  
I get following errors:
Trying medium "ssid sessionid wepkey 0x1011121311" 1
DHCPDISCOVER on iwi0 to 255.255.255.255 port 67 interval 2
send_packet: Network is down

I get this in a cycle with different intervals (" 255.255.255.255 port
67 interval 2", " 255.255.255.255 port 67 interval 3",  "
255.255.255.255 port 67 interval 7").

What are the differences between "wepkey" and "nwkey" mentioned in iwi
driver developer page
(http://damien.bergamini.free.fr/ipw/ipw-openbsd.html).
And in the same page there are good description, but only for static
configurations. So if I 've understood everything correctly, I need to
use /etc/dhclient.conf file for configuration. But I stuck there.
Please, give me any advice or a link.

Thanks for your patient, and sorry for me english.

Regards,

-- 
Slack is GOOD. OBSD better.

Re: proper way to format/use floppies (i386)

[Spruell, Darren-Perot]

From: Michael Adam [mailto:[EMAIL PROTECTED]
> What puzzles me even more is the fact, that in the boot 
> "Absolute OpenBSD"
> by Michael W. Lucas, it is said on page 310, that "FFS file 
> systems need
> a valid partition table on every disk" and then the author 
> desribes the 
> following steps:
>   # disklabel -w /dev/rfd0c floppy
>   # newfs /dev/rfd0c
> 
> which yields a disklabel with overlapping partitions, and 
> "disklabel -E fd0"
> tells me that the disklabel has an error an offers me to 
> disable one partition
> or the other...

Is there any reason to use FFS on a floppy? Won't FAT (-12, or whatever)
work fine? Could you just mformat it and be along?

DS

Re: 3.8 beta requests

[-f]

hmm, on Tue, Aug 23, 2005 at 09:23:27AM -0700, Raymond Lillard said that
> Maybe a slogan along the lines of, "Is your software good enough
> for OpenBSD"!!  Perhaps it could be worked into the release's
> theme.

that is truly a brilliant idea ;-)
any artists here?  make a "designed for puffy" logo.

first, all of the openbsd related projects could put it
on their site.  later the porters could ask their ported
projects to include the logo on their page (if they "deserve" it)

tshirts, mugs, a magazine, a tv show, finally even the HW
manufacturers and microsoft would be pressed to redesign
their OS to get the "seal of quality".

and after the planet is conquered, the universe is the limit!
ha ha ha!


-f
(ps. i swear the tagline was generated random!)
-- 
all your base are belong to us.

Re: pf + malformed packets

[Mike Frantzen]

> is there a possibility to tell pf.conf to accept malformed packets.

turn off 'reassemble tcp' in your scrub rule if you don't want to
validate the packets.
 
> pfctl -x loud tells me:
> Aug 24 09:50:43 gw-bonn /bsd: pf_normalize_tcp_stateful: Did not receive 
> expected RFC1323 timestamp
> 09:50:43.291716 160.44.70.4.www > 192.168.100.1.49653: F 105:105(0) ack 
> 498 win 64091  (DF)

That's not the offending packet.  We'll only check RFC1312 PAWS
timestamps on data packets while the connection is in the established
state.  That packet isn't bearing any data.

.mike

Re: /usr/share/pf/ suggestion

[Stuart Henderson]

--On 24 August 2005 07:10 -0700, Bryan Irvine wrote:

They were very low bandwidth, but there went all available 

connections.

Low-bandwidth is often worse if it's a dynamic website (especially if 
it needs a lot of RAM to service a connection), placing an 
http-accelerator in front can sometimes help.

Re: /usr/share/pf/ suggestion

[Ray Percival]

On Wed, Aug 24, 2005 at 09:15:48AM -0400, Timothy Donahue wrote:
> On Tuesday 23 August 2005 11:58 pm, eric wrote:
> > On Tue, 2005-08-23 at 16:53:25 -0600, Theo de Raadt proclaimed...
> >
> > > It is plain simple bad advice.  And totally ridiculous.
> >
> > And plus, with ipv6, it's imperative that the filters be pushed down to the
> > end-host so we can quit relying on stupid firewalls and NAT bullshit to
> > break networks and slow progress. Itojun mentioned the fact that each host
> > should have a "firesuit" in the ipv6 world.  It's quite good advice.
> 
> Well, lets not get ahead of ourselves here.  Filtering at the network edge is 
> "A Good Thing"(TM) when done correctly, it is NAT that is not necessarily a 
> good thing. 
Speaking as a network guy NAT is "A Good Thing" granted it breaks some outdated 
notion of end to end commo. But if more people payed strict attention to the 
OSI model that would not matter. Simply put if an application puts a IP addy 
someplace my NAT box can't touch it the application is broken. And in today's 
world anything that puts one more layer between my network and the net is good. 
Other than that I agree with everything else you've said. 
 Filtering incoming (and possibly outgoing traffic) helps do 
> several things, first it decreases the burden on your hosts.  It also allows 
> you a place to stop traffic that should never leave your network, for 
> example, only your mail servers should be allowed to send traffic on port 25.
> 
> I'm not saying that we should ignore host based firewalls, because that isn't 
> the case, I'm just recommending that you not be so quick to dismiss the value 
> of having a filter beyond the host.
> 

-- 
BOFH excuse #381:

Robotic tape changer mistook operator's tie for a backup tape.

Re: Problems with pf+nat+some websites

[Steve Williams]

Nick Holland wrote:


Guido Tschakert wrote:
 


Jonathan Schleifer wrote:
   


I don't see where you set the MTU/MSS? Are you sure you have set them
somewhere else? eBay is known to have problems with bad/wrong MTU/MSS.
Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding
-mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!],
section MTU/MSS ISSUES.

 


Hello Jonathan,

nice try, but i Don't use pppoe.
We have a DSL-Router from our providewr and as I mentioned before, we 
had no Problems with the cisco-router doing the firewall job (Nat).
   



so, yes you DO use PPPoE.  DSL systems VERY often have a
smaller-than-possible MTU.
This often causes problems much like you describe.

Just set it in your hostname. file.
Google for simple ping tests to find the maximum MTU you can use in your
precise case...and see if setting the firewall accordingly solves your
problem.

Nick.
 

Um... no, not all DSL implementations are PPPoE.  I have a DSL modem 
that just gives me an Ethernet port on the back.  Our ISP just has us 
use a certain "hostname" in the DHCP request, and voilla, we are on the 
Internet.  There is no PPP negotiation involved. I am pretty intimate 
with this, because I have clients that have been running PPPoE since 
2.6/2.7 when I really had to hammer it to try to get it to work reliably. 


And on my interface, the MTU is 1500...
vr0: flags=8843 mtu 1500
   address: 00:50:ba:b3:a7:26
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet6 fe80::250:baff:feb3:a726%vr0 prefixlen 64 scopeid 0x2
   inet XX.YY.200.188 netmask 0xffe0 broadcast XX.YY.200.191

Cheers,
Steve

Re: 3.8 beta requests

[Will H. Backman]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Diana Eichert
> Sent: Wednesday, August 24, 2005 10:08 AM
> To: Miscellaneous OBSD
> Subject: Re: 3.8 beta requests
> 
> On Wed, 24 Aug 2005, Damien Miller wrote:
> 
> > Remember that most of the developers run -current throughout the
> > development cycle (often in production).
> >
> > -d
> 
> and Theo get's really pissed off when someone breaks the tree so it
won't
> compile and/or the change creates disfunction in other parts of the
> system, just read some of Theo's comments in the CVS list sometime.
> 
> g.day

In the end, quality control happens through selfish testing.  The
OpenBSD community doesn't evenly divide up the things to test.  People
test their own setups.  I'm not concerned with making OpenBSD stable.
I'm concerned with making i386 OpenBSD running Mambo stable.  The
wonderful thing about a participatory development process is that
everyone's overlapping needs generally test the system fairly well.

The real problem is people who encounter a problem and fail to report
it.  They just think "this is crap" and go on to something else.

Re: /usr/share/pf/ suggestion

[Bryan Irvine]

> I personally like to 'pass keep state' with a 'scrub all' rule. This
> at least gives me some interesting statistics to poke at when I'm
> bored. Plus, I can firewall who gets to ssh into my machine.

Another good use is {max-src-states  ##} for webservers and the like. 
I have a webserver that would crash at 9am every morning when a few
bots (2 in particaular) would crawl the site.  They are poorly
configured and open roughly 120 simlutaneous connections.  They were
very low bandwidth, but there went all available connections.

To quote Theo it's "Horse-shit" to say you don't need to filter single hosts.

--Bryan

Re: /usr/share/pf/ suggestion

[Will H. Backman]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Bryan Irvine
> Sent: Wednesday, August 24, 2005 10:11 AM
> To: Misc OpenBSD
> Subject: Re: /usr/share/pf/ suggestion
> 
> > I personally like to 'pass keep state' with a 'scrub all' rule. This
> > at least gives me some interesting statistics to poke at when I'm
> > bored. Plus, I can firewall who gets to ssh into my machine.
> 
> Another good use is {max-src-states  ##} for webservers and the like.
> I have a webserver that would crash at 9am every morning when a few
> bots (2 in particaular) would crawl the site.  They are poorly
> configured and open roughly 120 simlutaneous connections.  They were
> very low bandwidth, but there went all available connections.
> 
> To quote Theo it's "Horse-shit" to say you don't need to filter single
> hosts.
> 
> --Bryan

What crashed?  Apache or OpenBSD?

Re: Problems with pf+nat+some websites

[Jonathan Schleifer]

Guido Tschakert <[EMAIL PROTECTED]> wrote:

> BTW. this morning I tried the suggestions from Jonathan and it didn't 
> work :-(

This is normal. I thought you use the OpenBSD Box for PPPoE and NAT
directly, not through another router, which is a hardware box.

I noticed in the past that hardware routers often have problems with the
MTU/MSS and that made eBay very slow for me, too, when using my hardware
router. Many sites with IIS-Servers also had problems.

Maybe you could try to use an OBSD Box as router and test if it works
better? For me, eBay works just fine with an OBSD Box as router with the
settings I posted. And it's a lot superior to my hardware router ;).

-- 
Jonathan

Re: proper way to format/use floppies (i386)

[Michael Adam]

Jonathan Schleifer <[EMAIL PROTECTED]> wrote:
> Michael Adam <[EMAIL PROTECTED]> wrote:
> > which is the right or preferred way to do so (since there are, as
> > I pointed out several possible ways).
> 
> I already answered that before:
> Jonathan Schleifer <[EMAIL PROTECTED]> wrote:
> > Floppies usually don't have a partition table nor a disk label, so
> > just newfs fd0c and you should be fine.

Well yes, it is working. But still: The floppy does have a disklabel
which does only have partition "c" by default. And it seems strange
to me, that I should create a filesystem on a partition "c". And even
stranger, this file system can afterwards be accessed through partition
"a" which does not even show up in the disklabel.

What puzzles me even more is the fact, that in the boot "Absolute OpenBSD"
by Michael W. Lucas, it is said on page 310, that "FFS file systems need
a valid partition table on every disk" and then the author desribes the 
following steps:
  # disklabel -w /dev/rfd0c floppy
  # newfs /dev/rfd0c

which yields a disklabel with overlapping partitions, and "disklabel -E fd0"
tells me that the disklabel has an error an offers me to disable one partition
or the other...

These are the reasons why I was not completely content with your short 
an simple answer. (I do favor simple solutions, of course!) 

> You also heart this from others. So it's not that your main question got
> lost ;).

Not on your side anyway... ;-)

Cheers, Michael

Re: 3.8 beta requests

[Diana Eichert]

On Wed, 24 Aug 2005, Damien Miller wrote:

> Remember that most of the developers run -current throughout the
> development cycle (often in production).
> 
> -d

and Theo get's really pissed off when someone breaks the tree so it won't
compile and/or the change creates disfunction in other parts of the
system, just read some of Theo's comments in the CVS list sometime.

g.day

Re: /usr/share/pf/ suggestion

[Timothy Donahue]

On Tuesday 23 August 2005 11:58 pm, eric wrote:
> On Tue, 2005-08-23 at 16:53:25 -0600, Theo de Raadt proclaimed...
>
> > It is plain simple bad advice.  And totally ridiculous.
>
> And plus, with ipv6, it's imperative that the filters be pushed down to the
> end-host so we can quit relying on stupid firewalls and NAT bullshit to
> break networks and slow progress. Itojun mentioned the fact that each host
> should have a "firesuit" in the ipv6 world.  It's quite good advice.

Well, lets not get ahead of ourselves here.  Filtering at the network edge is 
"A Good Thing"(TM) when done correctly, it is NAT that is not necessarily a 
good thing.  Filtering incoming (and possibly outgoing traffic) helps do 
several things, first it decreases the burden on your hosts.  It also allows 
you a place to stop traffic that should never leave your network, for 
example, only your mail servers should be allowed to send traffic on port 25.

I'm not saying that we should ignore host based firewalls, because that isn't 
the case, I'm just recommending that you not be so quick to dismiss the value 
of having a filter beyond the host.

Re: 3.8 beta requests

[Dave Feustel]

On Wednesday 24 August 2005 08:04, Hannah Schroeter wrote:
> Hello!
> 
> On Wed, Aug 24, 2005 at 08:02:54AM -0500, Dave Feustel wrote:
> >On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote:
> >> I *am* a bit sad about the fact that there're no running Lisp
> >> implementations for OpenBSD 
> 
> >Does (X)emacs work?
> 
> Yes, but I meant (and neglected to say explicitly) Common Lisp.

I understood what you meant. I was just wondering if everything using
lisp techniques (eg scheme) was broken. Thanks.
> 
> Kind regards,
> 
> Hannah.
> 

-- 
Tired of having to defend against Malware?
(You know: trojans, viruses, SPYWARE, ADWARE, 
KEYLOGGERS, rootkits, worms and popups) 
Then Switch to OpenBSD with a KDE desktop!!!

Re: 3.8 beta requests

[Dave Feustel]

On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote:

> A few things that get bitten are some packages doing their own and very
> different memory management, but can't avoid malloc altogether.
> That is ports/lang/clisp, that seems to be also gprolog

Can you describe how these programs manage to seg fault doing their
memory management? How do they run now if they don't use malloc?
-- 
Tired of having to defend against Malware?
(You know: trojans, viruses, SPYWARE, ADWARE, 
KEYLOGGERS, rootkits, worms and popups) 
Then Switch to OpenBSD with a KDE desktop!!!

Re: Nagios: Premature end of script headers

[Matteo Mancini]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Look at this http://www.mand4la.info/index.php/NagiosObsd
I've wrote this doc in italian, bat the code is the same :P

BTW..try to lunch apache with -u "httpd -u"

Bye

Matteo


Joco Salvatti wrote:
> Hi all,
> 
> I installed and configured Nagios on my machine. The Nagios webpage can be
> retrieve normally, but something strange happens when I try to retrieve host
> detail:
> 
> "Internal Server Error
> 
> The server encountered an internal error or misconfiguration and was unable
> to complete your request.
> 
> Please contact the server administrator, [EMAIL PROTECTED] and inform
> them of the time the error occurred, and anything you might have done that
> may have caused the error.
> 
> More information about this error may be available in the server error log."
> Eu olhei o arquivo de log de erros e ele me diz o seguinte:
> 
> "[Tue Aug 23 11:35:06 2005] [error] [client 10.10.1.254<
> http://10.10.1.254>]
>  Premature end of script headers: /nagios/cgi-bin/tac.cgi
> [Tue Aug 23 11:35:16 2005] [error] [client 10.10.1.254 <
> http://10.10.1.254>]
>  Premature end of script headers: /nagios/cgi-bin/status.cgi"
> 
> I've already tried to look for some reference about how to solve this
> problem at
> Google, but I couldn't find a thing. Has anyone any suggestion about how to
> solve this?
> 
> Thanks
> 
> 
> 
> --
> Joco Salvatti
> Undergraduating in Computer Science
> Federal University of Para - UFPA
> web: http://salvatti.expert.com.br
> e-mail: [EMAIL PROTECTED]
iD8DBQFDI9p3/TjXD9LUVswRAs5yAJsGLNFH58td7e8N3JdJ2bezdDcPFwCfTzEy
xoyM8FNkgYBWqAhxutXURRw=
=Ntg4
-END PGP SIGNATURE-

Re: 3.8 beta requests

[Hannah Schroeter]

Hello!

On Wed, Aug 24, 2005 at 08:02:54AM -0500, Dave Feustel wrote:
>On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote:
>> I *am* a bit sad about the fact that there're no running Lisp
>> implementations for OpenBSD 

>Does (X)emacs work?

Yes, but I meant (and neglected to say explicitly) Common Lisp.

Kind regards,

Hannah.

Re: proper way to format/use floppies (i386)

[Jonathan Schleifer]

Michael Adam <[EMAIL PROTECTED]> wrote:

> Well, as I wrote above, I know about the fdformat program,
> and low level formatting is actually not what my question
> was aimed at -- it was aimed at the disklabel / filesystem
> level of formatting. But this may have got lost in my overly 
> long email. :-)
>
> Also, the question was not how to get the job of putting
> a filesystem onto a floppy accomplished at all, but which
> is the right or preferred way to do so (since there are, as
> I pointed out several possible ways).

I already answered that before:
Jonathan Schleifer <[EMAIL PROTECTED]> wrote:

> Floppies usually don't have a partition table nor a disk label, so
> just newfs fd0c and you should be fine.

You also heart this from others. So it's not that your main question got
lost ;).

-- 
Jonathan

Re: 3.8 beta requests

[Dave Feustel]

On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote:
> I *am* a bit sad about the fact that there're no running Lisp
> implementations for OpenBSD 

Does (X)emacs work?
-- 
Tired of having to defend against Malware?
(You know: trojans, viruses, SPYWARE, ADWARE, 
KEYLOGGERS, rootkits, worms and popups) 
Then Switch to OpenBSD with a KDE desktop!!!

Re: 3.8 beta requests

[Damien Miller]

Genadijus Paleckis wrote:

Theo de Raadt wrote:


Oh well -- we've decided that we will try to ship with this protection
mechanism in any case, and try to solve the problems as we run into
them.



Is that means that 3.8 might be unstable ? Maybe all who wants/needs 
stable systems need to run 3.7 ?


It means that you should try it and report bugs if you find any.

Remember that most of the developers run -current throughout the
development cycle (often in production).

-d

Re: Complete disk disaster

[Alexandre Ratchov]

On Wed, Aug 24, 2005 at 12:53:45PM +0200, Ramiro Aceves wrote:
> 
> Yes!, I am using a 40 GB (aprox 4 years old) as master, and 1GB (around
> 10) as slave. Cable is 40-conductor, I think. Both at the same cable.
> 

hmmm... can you try to put slow devices and fast devices on separate cables.
by slow devices i mean cdroms and old hard disks.

-- 
Alexandre

Re: Problems with pf+nat+some websites

[Guido Tschakert]

Nick Holland wrote:

Guido Tschakert wrote:


Jonathan Schleifer wrote:


I don't see where you set the MTU/MSS? Are you sure you have set them
somewhere else? eBay is known to have problems with bad/wrong MTU/MSS.
Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding
-mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!],
section MTU/MSS ISSUES.



Hello Jonathan,

nice try, but i Don't use pppoe.
We have a DSL-Router from our providewr and as I mentioned before, we 
had no Problems with the cisco-router doing the firewall job (Nat).



so, yes you DO use PPPoE.  DSL systems VERY often have a
smaller-than-possible MTU.
This often causes problems much like you describe.


Ok, the DSL-Router of my provider uses PPPOE.

But please tell me, why I should set the mtu on the openbsd router to 
something lower then 1500 when the cisco router, I used before and now 
has set the mtu on his outgoing interface to 1500.

(This router has 2 Ethernet-Interfaces and does nothing with pppoe).
Why can it deal with this problem and openbsd not.

BTW. this morning I tried the suggestions from Jonathan and it didn't 
work :-(


As I mentioned in another thread (ok, it was stupid to fork the thread) 
there is another problem with malformed packets and reassemble tcp and 
all other scrub rules I tried did'nt work.





Just set it in your hostname. file.
Google for simple ping tests to find the maximum MTU you can use in your
precise case...and see if setting the firewall accordingly solves your
problem.

Nick.





--
Mit freundlichen Gr|_en,

  Guido Tschakert

Re: 1U server recommendation

[Johan P . Lindström]

On 7/27/05, Matthew Bettinger <[EMAIL PROTECTED]> wrote:
> Hello,
> 
> Can anyone recommend a decent rack server from HP, Dell, IBM or CDW
> that will run OpenBSD for webserver use?  I would prefer a machine
> that has SCSI drives with Mirror Raid capabilities.  I know I can go
> piecemeal one from FRY's but I need one that can have a hardware
> support agreement tied to it.
> 
> I was glancing at the sunfire v20z , ibm xseries 306 and HP DL360
> with Smart Array 6i.  The dl360 looks like it fits the bill but I
> have had problems in the past with the smart array on older DL class
> boxes.  The server(s) will be used for web shell and sftp services
> under medium loads.  Thank you.
> 
> -mb
> 
> 

www.mullet.se offers *BSD tested servers from 1U and up, I placed an
order for a 1U box last week, don't know how they ship outside sweden
though.
-- 
// Johan

Re: 3.8 beta requests

[Han Boetes]

Artur Grabowski wrote:
> Genadijus Paleckis <[EMAIL PROTECTED]> writes:
> > Theo de Raadt wrote:
> > > Oh well -- we've decided that we will try to ship with this
> > > protection mechanism in any case, and try to solve the
> > > problems as we run into them.
> >
> > Is that means that 3.8 might be unstable ? Maybe all who
> > wants/needs stable systems need to run 3.7 ?
>
> It's comments like this that convince me that I should
> never tell anyone about what I'm developing, how it works
> and what effects it might have. Anything you say will be
> used against you.

Ow come on. What a one sided comment :-) Lots of people read it
and rejoice. And lots of people dedicate a non-critical machine to
running snapshots and try to find bugs.

And I haven't found any malloc related problems since 3.7 :-)



# Han
-- 
OpenBSD: Only one remote  ,`o.  Consultants are mystical people who
hole in the default install >( ,c@  ask a company for a number and then
in more than 8 years!',,,' give it back to them.

Re: raid kernel

[Simon Slaytor]

One point in favour of a GENERIC RAID Kernel(s), consider when a user 
posts the following request for help:


'I've compiled my own kernel and Xyz is broken'

Now after being on the mailing list for a quite a while I know the stock 
answer always seems to be 'drop back to GENERIC and stop playing with 
custom kernels if you want help from this list'. Now if the user is 
using RAID and has APPS/Data etc on a raid volume this isn't exactly 
going to be easy.


Now I 100% understand this thinking and won't raise a complaint against 
it, but as your now advocating that in order to use a key feature of 
OBSD a custom kernel is 'the way' where does that leave the sys admins 
such as myself when it comes to support from the lists?


By having a GENERIC RAID kernel, with or without various options would 
at least allow for some alternate yet supported systems all be it at an 
increased workload for the team


I'm not currently using any kernel based system so have no axe to grid, 
I'm just making an observation.


just my 2 pence anyway.

Re: 3.8 beta requests

[Stuart Henderson]

On 2005/08/24 14:28:25, Genadijus Paleckis wrote:
> well, from base system side I gues it will be minimal problems, but what 
> about ports ? because almost everyone using it.

If software segfaults because of this, it's because it's already
doing something wrong, and it could already be giving unpredictable
results.

If software is faulty, I'd rather have a segfault when the faulty
code is run, than through finding corrupt data maybe months in the
future because the failure was invisible.

Re: 3.8 beta requests

[Hannah Schroeter]

Hello!

On Wed, Aug 24, 2005 at 02:28:25PM +0300, Genadijus Paleckis wrote:
>[...]

>>>Is that means that 3.8 might be unstable ? Maybe all who wants/needs
>>>stable systems need to run 3.7 ?

>well, from base system side I gues it will be minimal problems, but what 
>about ports ? because almost everyone using it.

The very most things just work for me. Base, X11, applications like
firefox or gaim, own C/C++ code.

A few things that get bitten are some packages doing their own and very
different memory management, but can't avoid malloc altogether.

That is ports/lang/clisp, that seems to be also gprolog, according to
Marc Espie. I'd guess it'll also bite sbcl/cmucl (but there's no current
port [neither in the sense of /usr/ports, nor in the sense of a 3rd
party package] of cmucl for OpenBSD anyway).

Some other things are not bitten in the same way, even though they do
have different memory management. Including ghc, probably also SML/NJ
(own build as of Jul 12, using libc 38.1, wasn't mmap-based malloc +
mmap randomization in there already?).

I *am* a bit sad about the fact that there're no running Lisp
implementations for OpenBSD at all in the moment, but I don't have the
energy to contribute own effort to change this, and it's not *that* high
priority for me.

I think Theo's (and other core developers') decision to release 3.8 with
those malloc/mmap changes in is good overall.

Kind regards,

Hannah.

Re: Complete disk disaster

[Ramiro Aceves]

Alexandre Ratchov wrote:
> On Wed, Aug 24, 2005 at 10:37:46AM +0200, Ramiro Aceves wrote:
> 
>>First, thank you very much for your interesting responses.
>>
>>Yesterday in the evening I installed OpenBSD again on the same disk,
>>just to be sure if I could reproduce the errors. Yes!, I did not have to
>>wait for a long time. The errors appeared after some hours of use. I
>>installed the ports tree and run the locate.updateb command, just for
>>moving disk heads. Also added some audio files just to fill the disk space.
>>
>>Yesterday night, there were only two corrupted files, inmediately after
>>the install:
>>/usr/libdata/perl5/AnyDBM_File.pm and
>>/usr/libdata/perl5/Attribute
>>That files disapeared:
>>
>>wd1(pciide0:0:1): timeout
>>  type: ata
>>  c_bcount: 2048
>>  c_skip: 0
>>pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61
>>wd1a: device timeout reading fsbn 1489200 of 1489200-1489203 (wd1 bn
>>1489263; cn 1477 tn 7 sn 6), retrying
>>wd1: soft error (corrected)
>>wd1(pciide0:0:1): timeout
>>  type: ata
>>  c_bcount: 2048
>>  c_skip: 0
>>pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61
> 
> 
> hello, 
> 
> are you using a slow disk and a fast disk on the same cable? i remembrer
> that i experienced similar problems when i tried to put a slow 1.6G togother
> with a fast 40Go disk on the same cable.
> 
> are you using a 80-conductor cable ?
> 

Hi again

Sorry,sorry,sorry:

I have just opened my computer and fisrt IDE cable is 80-conductor-cable.

What does it imply?

Thank you very much.

Ramiro

raid controller suggestions

[Didier Wiroth]

Hello,

Can you recommand a performant scsi raid controller (with external
connector as it will be connected to an external HD TOWER !!) for use in
an OpenBSD3.7 file server?

Many thanks for the any comments/recommendations
didier

Re: 3.8 beta requests

[Janne Johansson]

Theo de Raadt wrote:

Of course not.  HOW CAN IT?  Get real!  The hardware is STILL only
providing permissions at the page level!


If you have aggressive amounts of ram and/or patience you could have 
something along the malloc.conf "P"-option for ALL sizes.
Of course it would suck for any app more complex than "sleep" but for 
the sake of argument...



Apparently the new malloc(3) implementation doesn't stop me from writing past 
the end of buffer as long as I am inside the last page.
(Please forgive me beforehand if I am missing something too obvious)

Re: 3.8 beta requests

[Artur Grabowski]

Genadijus Paleckis <[EMAIL PROTECTED]> writes:

> Theo de Raadt wrote:
> 
> > Oh well -- we've decided that we will try to ship with this protection
> > mechanism in any case, and try to solve the problems as we run into
> > them.
> 
> Is that means that 3.8 might be unstable ? Maybe all who wants/needs
> stable systems need to run 3.7 ?

Yes, it means you should switch to linux because it's stable and never
does anything to rock the boat. sigh.

It's comments like this that convince me that I should never tell anyone
about what I'm developing, how it works and what effects it might have.
Anything you say will be used against you.

//art

Re: 3.8 beta requests

[Han Boetes]

Genadijus Paleckis wrote:
> Theo de Raadt wrote:
> > Oh well -- we've decided that we will try to ship with this
> > protection mechanism in any case, and try to solve the
> > problems as we run into them.
>
> Is that means that 3.8 might be unstable ? Maybe all who
> wants/needs stable systems need to run 3.7 ?

Maybe, maybe not. Perhaps you like worrying?

Anyway. I've been testing this stuff since the first snapshots and
now the 3.8 beta and I never noticed any instability.




# Han
-- 
  . When a place gets crowded enough to require ID's, social
 ..^/  collapse is not far away. It is time to go elsewhere. The
`-. ___ )   best thing about space travel is that it made it possible to
  ||  || mh   go elsewhere. -- Robert Heinlein, Time Enough For Love

Re: 3.8 beta requests

[Genadijus Paleckis]

Antonios Anastasiadis wrote:

No,it is clear that he is talking about the problems *other* people's
(buggy) software will have.

On 8/24/05, Genadijus Paleckis <[EMAIL PROTECTED]> wrote:


Theo de Raadt wrote:



Oh well -- we've decided that we will try to ship with this protection
mechanism in any case, and try to solve the problems as we run into
them.


Is that means that 3.8 might be unstable ? Maybe all who wants/needs
stable systems need to run 3.7 ?


well, from base system side I gues it will be minimal problems, but what 
about ports ? because almost everyone using it.

Re: raid kernel

[Edd Barrett]

> For one, what if you don't want "RAID_AUTOCONFIG"?
> It would save YOU time if we set the options you needed.  If not, it
> would cause more complaints about "how could you chose such an option?"

True

> 
> Further, it would probably need to be TWO new kernels -- bsd.raid and
> bsd.raid.rd, as you would need an install/maintenance kernel, too.  And
> that would add a lot of testing for developers at around this time...

Also people who want mp and raid will complain.

> 
> Personally, I'd rather keep the focus on the simple system, rather than
> the possible combinations required to do proper RAID testing every
> release...

As I said. I probably overlooked something.. It was just a suggestion.

Thanks for your input

Regards

Edd

Re: raid kernel

[Nick Holland]

Edd Barrett wrote:
> Hi there,
> 
> Is there any reason why we can not include a raid enabled kernel in
> the distribution? (not as default, but in the same way bsd.mp is).
> 
> I believe this would save me (and others?) time when upgrading OpenBSD 
> machines.
> 
> The kernel would need static device node configuration, "device raid"
> and "option RAID_AUTOCONFIG"
> 
> There may well be a very good reason this hasnt been done before which
> I have overlooked, and if so I apologise in advance.

For one, what if you don't want "RAID_AUTOCONFIG"?
It would save YOU time if we set the options you needed.  If not, it
would cause more complaints about "how could you chose such an option?"

Further, it would probably need to be TWO new kernels -- bsd.raid and
bsd.raid.rd, as you would need an install/maintenance kernel, too.  And
that would add a lot of testing for developers at around this time...

Personally, I'd rather keep the focus on the simple system, rather than
the possible combinations required to do proper RAID testing every
release...

Nick.

Re: Problems with pf+nat+some websites

[Nick Holland]

Guido Tschakert wrote:
> Jonathan Schleifer wrote:
>> I don't see where you set the MTU/MSS? Are you sure you have set them
>> somewhere else? eBay is known to have problems with bad/wrong MTU/MSS.
>> Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding
>> -mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!],
>> section MTU/MSS ISSUES.
>> 
> Hello Jonathan,
> 
> nice try, but i Don't use pppoe.
> We have a DSL-Router from our providewr and as I mentioned before, we 
> had no Problems with the cisco-router doing the firewall job (Nat).

so, yes you DO use PPPoE.  DSL systems VERY often have a
smaller-than-possible MTU.
This often causes problems much like you describe.

Just set it in your hostname. file.
Google for simple ping tests to find the maximum MTU you can use in your
precise case...and see if setting the firewall accordingly solves your
problem.

Nick.

Re: Complete disk disaster

[Ramiro Aceves]

Alexandre Ratchov wrote:
> On Wed, Aug 24, 2005 at 10:37:46AM +0200, Ramiro Aceves wrote:
> 
>>First, thank you very much for your interesting responses.
>>
>>Yesterday in the evening I installed OpenBSD again on the same disk,
>>just to be sure if I could reproduce the errors. Yes!, I did not have to
>>wait for a long time. The errors appeared after some hours of use. I
>>installed the ports tree and run the locate.updateb command, just for
>>moving disk heads. Also added some audio files just to fill the disk space.
>>
>>Yesterday night, there were only two corrupted files, inmediately after
>>the install:
>>/usr/libdata/perl5/AnyDBM_File.pm and
>>/usr/libdata/perl5/Attribute
>>That files disapeared:
>>
>>wd1(pciide0:0:1): timeout
>>  type: ata
>>  c_bcount: 2048
>>  c_skip: 0
>>pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61
>>wd1a: device timeout reading fsbn 1489200 of 1489200-1489203 (wd1 bn
>>1489263; cn 1477 tn 7 sn 6), retrying
>>wd1: soft error (corrected)
>>wd1(pciide0:0:1): timeout
>>  type: ata
>>  c_bcount: 2048
>>  c_skip: 0
>>pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61
> 
> 
> hello, 
> 
> are you using a slow disk and a fast disk on the same cable? i remembrer
> that i experienced similar problems when i tried to put a slow 1.6G togother
> with a fast 40Go disk on the same cable.
> 
> are you using a 80-conductor cable ?
> 

Yes!, I am using a 40 GB (aprox 4 years old) as master, and 1GB (around
10) as slave. Cable is 40-conductor, I think. Both at the same cable.

Thanks

Ramiro.

Re: 3.8 beta requests

[Antonios Anastasiadis]

No,it is clear that he is talking about the problems *other* people's
(buggy) software will have.

On 8/24/05, Genadijus Paleckis <[EMAIL PROTECTED]> wrote:
> Theo de Raadt wrote:
> 
> > Oh well -- we've decided that we will try to ship with this protection
> > mechanism in any case, and try to solve the problems as we run into
> > them.
> 
> Is that means that 3.8 might be unstable ? Maybe all who wants/needs
> stable systems need to run 3.7 ?

Re: 3.8 beta requests

[Genadijus Paleckis]

Theo de Raadt wrote:


Oh well -- we've decided that we will try to ship with this protection
mechanism in any case, and try to solve the problems as we run into
them.


Is that means that 3.8 might be unstable ? Maybe all who wants/needs 
stable systems need to run 3.7 ?