Modifying man pages and composing new ones
What format(s) are acceptable for submitting minor changes to man pages? I assume unified diff - but against what? The man page as distributed (e.g. in /usr/share/man/cat?/ ?) or the file that produced that? If the file should be the one input to the -mdoc process, where can it be found? I guess I could climb all over the cvs tree but my guessometer didn't work today (I think it had Sunday off!) and knowing beats guesssing and somebody knows... My other guess is that an entirely new man page should be submitted as the -mdoc input file. Is that true? I suppose that I'm going to have to try to remember something about the [gnt]roff things I had very small experience with back in the '70s So apart from the mdoc-samples man page are there other required/recommended documents for rust-removal / new learning please? From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Pausing firewall
Have an OpenBSD firewall working in an office doing very straight
forward NAT and some persistent VPN tunnels.
Couple weeks ago, this firewall just stopped responding to any traffic.
It was sporadic, as after several minutes it'd start going again. At
that point it was a patched Sparc64 3.5.
While trying to troubleshoot this, I started setting up a spare x86 PC
with 3.7. I didn't get anywhere with the troubleshooting, and I'm now
running OpenBSD 3.7, with the same config files, and I'm having this
exact same problem.
- Terminal is responsive while the pauses happen
- I've turned on debugging in PF, and I'm not seeing anything I don't
see on my other firewalls.
- The firewall can ping itself, but can't ping machines on either the
LAN or WAN
- With PF disabled pings on the local network still don't get replies
from the firewall
- tcpdump doesn't show any traffic during the pause, although it does
spew traffic once things get moving again
- State table isn't filling up
- top -S looks normal
- Default blocking with logging is on, but nothing unusual is getting
logged.
- Exact same pf.conf and isakmpd.conf had been used for over a year
prior to this happening.
I can post isakmpd config info if anyone think it's relevant, dmesg and
pf.conf are below.
Any help with this would be appreciated.
Chris
3.7/x86 dmesg:
OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 448 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem = 200908800 (196200K)
avail mem = 176566272 (172428K)
using 2478 buffers containing 10149888 bytes (9912K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(0e) BIOS, date 02/08/99, BIOS32 rev. 0 @ 0xec700
pcibios0 at bios0: rev 2.1 @ 0xec700/0x3900
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7280/128 (6 entries)
pcibios0: PCI Interrupt Router at 000:20:0 (Intel 82371AB PIIX4 ISA
rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xa800 0xe/0x8000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03
ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 Nvidia Riva TNT2 rev 0x15
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
xl0 at pci0 dev 14 function 0 3Com 3c905B 100Base-TX rev 0x30: irq 11,
address 00:01:02:c6:6f:ae
exphy0 at xl0 phy 24: 3Com internal media interface
xl1 at pci0 dev 15 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 11,
address 00:10:4b:9d:22:26
exphy1 at xl1 phy 24: 3Com internal media interface
pcib0 at pci0 dev 20 function 0 Intel 82371AB PIIX4 ISA rev 0x02
pciide0 at pci0 dev 20 function 1 Intel 82371AB IDE rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: WDC AC31R
wd0: 16-sector PIO, LBA, 9541MB, 19541088 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: COMPAQ, CRD-8322B, 1.06 SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 20 function 2 Intel 82371AB USB rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
Intel 82371AB Power Mgmt rev 0x02 at pci0 dev 20 function 3 not configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ff65 netmask ff65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
pf.conf:
## Settings
###
set limit states 4
set optimization aggressive
set debug misc
nat on xl0 from 192.168.121.0/24 to any - xl0
rdr pass on xl0 proto tcp from any to any port 25 - 192.168.121.10
rdr pass on xl0 proto udp from any to any port 53 - 192.168.121.10
block in log on xl0 all
pass in on xl0 proto esp from any to 209.82.103.246
pass in on xl0 proto { udp tcp } from any port isakmp to 209.82.103.246
port isakmp
pass in on xl0 proto tcp from any to 209.82.103.246 port 53 flags S/SA
keep state
pass in on xl0 proto tcp from any to 209.82.103.246 port
A question to lib/libc/gen/daemon.c
In the file /usr/src/lib/libc/gen/daemon.c
if (!noclose (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
(void)dup2(fd, STDIN_FILENO);
(void)dup2(fd, STDOUT_FILENO);
(void)dup2(fd, STDERR_FILENO);
if (fd 2)
(void)close (fd);
}
is same as:
if (!noclose (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
(void)dup2(fd, 0);
(void)dup2(fd, 1);
(void)dup2(fd, 2);
if (fd 2)
(void)close (fd);
}
right? What is this last check (fd 2) needed for? Isn't fd always 2,
because the first 3 are already taken by the STDxxx streams at the
program start?
Thanks
Alex
negative ping times
I was testing my new gigabit cards and got negative min time reported by ping: % sudo ping -f 192.168.1.18 PING 192.168.1.18 (192.168.1.18): 56 data bytes --- 192.168.1.18 ping statistics --- 31782486 packets transmitted, 31782470 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = -9.-697/0.771/93.322/0.466 ms % uname -a OpenBSD home.nest.cx 3.7 GENERIC#31 amd64
Cherry SmartTerminal ST-1044U and OpenBSD 3.7
Hello, I have a Cherry SmartTerminal ST-1044U (compatible with CardMan 3121) Smart Card Terminal that I am trying to use with OpenBSD 3.7 as an additional means of access control to this computer (I want this machine to be set up so that you can only log on with a valid card inserted). Trouble is that I have yet to find any info how to set it up... Could someone point me in the right direction where to look (books, url, manpages, etc.)? TIA Matthias
Re: Modifying man pages and composing new ones
--On 21 August 2005 17:44 +1000, Rod.. Whitworth wrote: What format(s) are acceptable for submitting minor changes to man pages? The few I've submitted have been to the input files, in the hope that it gives jmc@ less to do by hand. I assume unified diff - but against what? The man page as distributed (e.g. in /usr/share/man/cat?/ ?) or the file that produced that? If the file should be the one input to the -mdoc process, where can it be found? To find the relevant file easily, check which section the page is in, and use e.g. 'locate ls.1' or 'locate ami.4'. Generally man pages with an associated program are kept with that program so e.g. 'cvs diff -u /usr/src/bin/ls/ls.1', you'll find others - drivers, system configuration files, docs like hier(7) and vpn(8), etc - in /usr/src/share/man.
Re: Kernel PPPoE PAP *and* CHAP Authentication (auto-negotiation?)
On 20/08/05, Stuart Henderson [EMAIL PROTECTED] wrote: On 2005/08/20 14:20:13, Adam Gleave wrote: I'm really running on PPPoA, but it is converted by the modem from PPPoE to PPPoA. That's unlikely, there's a guide on the web which says that this is what happens, but actually it's just running as a bridge and using PPPoE to BT (which BT say they have supported for some years now, but might not work everywhere and with every ISP, and isn't widely known- about or used, so is more likely to be flaky). Ok, but I don't think PPPoE itself is the problem in this case. Given that there's a number of UK ISPs that will do at least a /30 for no extra charge, you might find it easier to use the router as a straight (PPPoA) router, and give the OpenBSD box the next address along... The router doesn't support PPPoA, it supports PPPoE. The router goes through a PPPoA modem, the same setup as I'm planning on having with the OpenBSD box. Besides, it doesn't support IPv6. -- Adam Gleave [ OpenBSD 3.7-stable (GENERIC) #1: Sat Jul 23 08:28:45 GMT 2005 ]
Re: Kernel PPPoE PAP *and* CHAP Authentication (auto-negotiation?)
A clarification: In the previous email, I meant the MODEM doesn't support IPv6 - so having the OpenBSD router not use the modem as a bridge is impossible if I wish to use IPv6.
Re: Modifying man pages and composing new ones
On Sun, Aug 21, 2005 at 05:44:56PM +1000, Rod.. Whitworth wrote: What format(s) are acceptable for submitting minor changes to man pages? I assume unified diff - but against what? The man page as distributed (e.g. in /usr/share/man/cat?/ ?) or the file that produced that? If the file should be the one input to the -mdoc process, where can it be found? unified diff is preferred, yes. always diff against the source (in /usr/src). if you don't have a copy of the source, you can download single pages from the web interface (and use diff -u, rather than cvs diff -u). stuart's advice about `locate man_page.section' is probably the best for finding stuff. My other guess is that an entirely new man page should be submitted as the -mdoc input file. Is that true? yes I suppose that I'm going to have to try to remember something about the [gnt]roff things I had very small experience with back in the '70s So apart from the mdoc-samples man page are there other required/recommended documents for rust-removal / new learning please? mdoc.samples(7) is the right page to read. other than that, just look at similar pages and see how they work. btw, it is a good idea to run your stuff through groff to see how it will look when formatted: nroff -Tascii -mandoc file | less jmc
Re: Kernel PPPoE PAP *and* CHAP Authentication (auto-negotiation?)
--On 21 August 2005 09:10 +, Adam Gleave wrote: Given that there's a number of UK ISPs that will do at least a /30 for no extra charge, you might find it easier to use the router as a straight (PPPoA) router, and give the OpenBSD box the next address along... The router doesn't support PPPoA, it supports PPPoE. The router goes through a PPPoA modem, the same setup as I'm planning on having with the OpenBSD box. Ah, a separate modem and router then - fairly unusual in .uk-land. Besides, it doesn't support IPv6. Nor does ppp(4), according to the 'bugs' section of the man page. ppp(8) does, though. Out of interest, is that to use with blackcat, or does someone else do it too now?
Re: Modifying man pages and composing new ones
On Sun, 21 Aug 2005, Rod.. Whitworth wrote: I suppose that I'm going to have to try to remember something about the [gnt]roff things I had very small experience with back in the '70s So apart from the mdoc-samples man page are there other required/recommended documents for rust-removal / new learning please? to amend jmc and stuart, http;//www.oreilly.com/openbook/utp/ may also be of interest, though its a bit more heavyweight stuff than just man pages (you should follow the link `troff and postscript files--beta'). this is probably the single best resource you can get on *roff today. -- [-] mkdir /nonexistent
Re: Kernel PPPoE PAP *and* CHAP Authentication (auto-negotiation?)
On 21/08/05, Stuart Henderson [EMAIL PROTECTED] wrote: --On 21 August 2005 09:10 +, Adam Gleave wrote: Given that there's a number of UK ISPs that will do at least a /30 for no extra charge, you might find it easier to use the router as a straight (PPPoA) router, and give the OpenBSD box the next address along... The router doesn't support PPPoA, it supports PPPoE. The router goes through a PPPoA modem, the same setup as I'm planning on having with the OpenBSD box. Ah, a separate modem and router then - fairly unusual in .uk-land. Besides, it doesn't support IPv6. Nor does ppp(4), according to the 'bugs' section of the man page. ppp(8) does, though. Out of interest, is that to use with blackcat, or does someone else do it too now? It's for blackcat (It's an unfortunate name - I dislike cats, but I despise cat owners. Especially ones with non-belled cats.) But, (and I'm proboably wrong) - are you confusing ppp(4) with pppoe(4) - because I thought they were different pseudo devices. -- Adam Gleave [ OpenBSD 3.7-stable (GENERIC) #1: Sat Jul 23 08:28:45 GMT 2005 ]
Re: A question to lib/libc/gen/daemon.c
Hello!
On Sun, Aug 21, 2005 at 09:54:06AM +0200, Alexander Farber wrote:
if (!noclose (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
(void)dup2(fd, 0);
(void)dup2(fd, 1);
(void)dup2(fd, 2);
if (fd 2)
(void)close (fd);
}
right? What is this last check (fd 2) needed for? Isn't fd always 2,
because the first 3 are already taken by the STDxxx streams at the
program start?
What if any of the descriptors = 2 are closed before invocation
of daemon? Then fd will be = 2, and if you close it, the desired
state (/dev/null open on 0, 1, and 2) will not be achieved.
I.e. safety.
Thanks
Alex
Kind regards,
Hannah.
Re: Modifying man pages and composing new ones
On Sun, 21 Aug 2005 10:22:46 +0100, Stuart Henderson wrote: --On 21 August 2005 17:44 +1000, Rod.. Whitworth wrote: What format(s) are acceptable for submitting minor changes to man pages? The few I've submitted have been to the input files, in the hope that it gives jmc@ less to do by hand. I assume unified diff - but against what? The man page as distributed (e.g. in /usr/share/man/cat?/ ?) or the file that produced that? If the file should be the one input to the -mdoc process, where can it be found? To find the relevant file easily, check which section the page is in, and use e.g. 'locate ls.1' or 'locate ami.4'. Generally man pages with an associated program are kept with that program so e.g. 'cvs diff -u /usr/src/bin/ls/ls.1', you'll find others - drivers, system configuration files, docs like hier(7) and vpn(8), etc - in /usr/src/share/man. Ahhh, that makes sense. Thanks. I agree that we should make less, rather than more, work for the maintainers of the docs. Which is why I am getting up to speed on the methods. roffing again after more than 25 years, who'd have thought it?! When I stop learning, I die. I am not ready to do either. ~|^ = From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Re: Modifying man pages and composing new ones
On Sun, 21 Aug 2005 11:01:36 +0100, Jason McIntyre wrote: On Sun, Aug 21, 2005 at 05:44:56PM +1000, Rod.. Whitworth wrote: What format(s) are acceptable for submitting minor changes to man pages? I assume unified diff - but against what? The man page as distributed (e.g. in /usr/share/man/cat?/ ?) or the file that produced that? If the file should be the one input to the -mdoc process, where can it be found? unified diff is preferred, yes. always diff against the source (in /usr/src). if you don't have a copy of the source, you can download single pages from the web interface (and use diff -u, rather than cvs diff -u). stuart's advice about `locate man_page.section' is probably the best for finding stuff. My other guess is that an entirely new man page should be submitted as the -mdoc input file. Is that true? yes I suppose that I'm going to have to try to remember something about the [gnt]roff things I had very small experience with back in the '70s So apart from the mdoc-samples man page are there other required/recommended documents for rust-removal / new learning please? mdoc.samples(7) is the right page to read. other than that, just look at similar pages and see how they work. btw, it is a good idea to run your stuff through groff to see how it will look when formatted: nroff -Tascii -mandoc file | less jmc You saw my reply to Stuart (probably by now) and your advice adds nicely to that. Off to bed for me (2303 as I write) and off to work on some man pages as soon as I grok the necessary clues. Thanks, Rod. From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Re: Pausing firewall
On Aug 21, 2005, at 3:51 AM, Chris Cameron wrote: Have an OpenBSD firewall working in an office doing very straight forward NAT and some persistent VPN tunnels. Couple weeks ago, this firewall just stopped responding to any traffic. It was sporadic, as after several minutes it'd start going again. At that point it was a patched Sparc64 3.5. While trying to troubleshoot this, I started setting up a spare x86 PC with 3.7. I didn't get anywhere with the troubleshooting, and I'm now running OpenBSD 3.7, with the same config files, and I'm having this exact same problem. If two distinct firewalls, running different versions of OpenBSD/PF, on two entirely different platforms and hardware are experiencing the same problem, I would start to look at the common denominators. Bad cable, switch behaving badly, etc... Run tcpdump on another system on the network. Can it see pings originating from the firewall during these pauses? Run a crossover between the firewall and another non-OpenBSD system- can you see the pings? -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: multiple nat rules - bug solved
Julien TOUCHE wrote on 20/08/2005 17:41:
lan internet setup is working ok for years, dmz is used recently.
problem is when i'm on the dmz (static or dhcp ip, wire or wireless),
http browsing is damn slow.
ok, found it
# ifconfig sis2
sis2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 00:00:aa:bb:cc:dd
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.x.1 netmask 0xff00 broadcast 255.255.255.192
# grep nat /tmp/pf.conf
nat on $ExtIF inet from { $IntIF:network, $DmzIF:network } to any -
($ExtIF)
# pfctl -vsa|grep nat
nat on sis1 inet from 192.168.y.0/24 to any - (sis1) round-robin
nat on sis1 inet from 192.168.x.0/24 to any - (sis1) round-robin
= /24 instead of /26
solved by replacing $DmzIF:network (translated in 192.168.x.0/24) by
table dmz (=192.168.x.0/26 or /24 in this matter)
Regards
Julien
dhcpd and bridge
Hello,
I have a firewall on OpenBSD 3.7 with 4 interfaces. I used 3 of them as a
bridge :
fxp1 = way to the Internet
bridge0 =
fxp0
xl0
rl0
The IP address for the bridge is on fxp0, say 192.168.0.1
My firewall is also used as a dhcp server and of course, I don't need dhcp
on the Internet interface.
I used : /usr/sbin/dhcpd fxp0 dhcpd works well on the fxp0 interface, but
not on the other interfaces on the bridge: I have a ICMP Port Unreachable
for UDP 67.
The foolowing commands are not admitted :
/usr/sbin/dhcpd xl0
/usr/sbin/dhcpd rl0
/usr/sbin/dhcpd bridge0
The answer is always :
Aug 21 15:59:06 hades dhcpd: xl0: not found
Aug 21 15:59:06 hades dhcpd: exiting.
I tried without PF and with PF and {pass in all, block in all}
The clients used where OpenBSD 3.7, Linux, Windows XP.
Thanks.
Alexandre Stefani
Re: Kernel PPPoE PAP *and* CHAP Authentication (auto-negotiation?)
--On 21 August 2005 10:44 +, Adam Gleave wrote: On 21/08/05, Stuart Henderson [EMAIL PROTECTED] wrote: --On 21 August 2005 09:10 +, Adam Gleave wrote: Given that there's a number of UK ISPs that will do at least a /30 for no extra charge, you might find it easier to use the router as a straight (PPPoA) router, and give the OpenBSD box the next address along... The router doesn't support PPPoA, it supports PPPoE. The router goes through a PPPoA modem, the same setup as I'm planning on having with the OpenBSD box. Ah, a separate modem and router then - fairly unusual in .uk-land. Besides, it doesn't support IPv6. Nor does ppp(4), according to the 'bugs' section of the man page. ppp(8) does, though. Out of interest, is that to use with blackcat, or does someone else do it too now? It's for blackcat (It's an unfortunate name - I dislike cats, but I despise cat owners. Especially ones with non-belled cats.) But, (and I'm proboably wrong) - are you confusing ppp(4) with pppoe(4) - because I thought they were different pseudo devices. Actually I'm confusing ppp(4) with sppp(4) but neither support IPv6 at present - looks like you'll need userland for IPv6 PPP. (fwiw, sixxs is good for tunnels).
Qt 4.0.1 Runs on 3.7
For those interested in Trolltech's Qt: I downloaded, build and installed Qt 4.0.1 on 3.7, running into no problems (except for long build time) during the build. The installed software takes up 516 MB at /usr/local/Trolltech. The qtdemo program reports incorrect version of zlib and problems with QPainter, but otherwise it seems to run ok. Qt 4.0.1 coexists with Qt 3.x except for qmake, which is version-specific. Trolltech - Open Source Downloads http://www.trolltech.com/download/opensource.html Dave Feustel -- Tired of having to defend against Malware? (You know: trojans, viruses, SPYWARE, worms and popups) Then Switch to OpenBSD with a KDE desktop!!!
Re: finger doesn't print characters right
On Mon, 15 Aug 2005, Antti Harri wrote: I recently noticed that `finger` prints scandinavian characters weird, here's the output: [EMAIL PROTECTED]:~$ finger LoginName Tty Idle Login Time Office Office Phone dummy\366\326\304\344\305 p2 - Mon 00:39 But when specify the user the characters print normally: [EMAIL PROTECTED]:~$ finger dummy Login: dummy Name: vVDdEe That should've been aAoOaA with umlauts and the last one with circle (Swedish 'a'). After looking at the source the first case goes through strvis() function and the second doesn't. What's the logic behind this? Anyone care to answer? Answering to my own post is quite silly.. What ways do I have to get finger to work with these special chars that it is escaping? -- Antti Harri
Re: CD-less upgrade question
Hi Jay, I seem to recall that upgrading via bsd.rd was pretty straightforward... does this still work provided the other upgrade instructions on the website are followed? Worked fine for me, upgrading my laptop from 3.7-stable to Aug18 snapshot. HTH... Nico
Re: Pausing firewall
Have an OpenBSD firewall working in an office doing very straight forward NAT and some persistent VPN tunnels. Couple weeks ago, this firewall just stopped responding to any traffic. It was sporadic, as after several minutes it'd start going again. At that point it was a patched Sparc64 3.5. While trying to troubleshoot this, I started setting up a spare x86 PC with 3.7. I didn't get anywhere with the troubleshooting, and I'm now running OpenBSD 3.7, with the same config files, and I'm having this exact same problem. If two distinct firewalls, running different versions of OpenBSD/PF, on two entirely different platforms and hardware are experiencing the same problem, I would start to look at the common denominators. Bad cable, switch behaving badly, etc... I had the same problem a couple of years ago myself; it turned out the problem was a cable that went bad. It hadn't been touched since it was setup, so I kept thinking, Well, it can't be the cable. It has worked for months and no one has touched it. After oodles of troubleshooting including different NICs, different switches, and ultimately different machines, it ended up being a bad cable. Grrr. Because of the arduous task of running a new cable (it must have traversed at least three time zones), I was reticent to even test it. Needless to say, once I'd run the new cable, life was grand. :-| Once you find out what the problem is, Chris, please post what the solution is. Good luck, Kevin S. -- http://www.ebiinc.com - background screening from EBI pre-employment checks for employers
Re: negative ping times
Search the archives, this was discussed recently. In our previous episode, Gregory Steuck said: I was testing my new gigabit cards and got negative min time reported by ping: % sudo ping -f 192.168.1.18 PING 192.168.1.18 (192.168.1.18): 56 data bytes --- 192.168.1.18 ping statistics --- 31782486 packets transmitted, 31782470 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = -9.-697/0.771/93.322/0.466 ms % uname -a OpenBSD home.nest.cx 3.7 GENERIC#31 amd64 -- Aaron Carass Image Analysis and Communications Laboratory Johns Hopkins University
Re: Crypto cards
Thanks Theo!! Ever time I learn something like this it really makes me appreciate OpenBSD even more. Maxim, Dave - I found mine on eBay. There is a chap that must have a truck load of them as he posts two a week. Opening bid is $24.99US with a buy it now price of $49.99US. Not too bad for an entry level crypto card. Here is the link to his current posting: http://cgi.ebay.com/Broadcom-BCM95805-VPN-Accelerator-PCI-card-for-PDS-5xxx_W0QQitemZ5799633256QQcategoryZ11182QQssPageNameZWDVWQQrdZ1QQcmdZViewItem He always lists these cards with the same header.
twiki
I would like to co-write an installation guide for twiki (it's in packages) for us less seasoned obsd monglers, I am finding it not-so-straight-forward and would like to help every one else on their way, does anyone know whom I may contact about this matter or do you feel the spotlight? I am more then willing to supply first line support for this package if it would come to that. //Johan
Re: A question to lib/libc/gen/daemon.c
In message [EMAIL PROTECTED]
so spake Alexander Farber (alexander.farber):
In the file /usr/src/lib/libc/gen/daemon.c
if (!noclose (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
(void)dup2(fd, STDIN_FILENO);
(void)dup2(fd, STDOUT_FILENO);
(void)dup2(fd, STDERR_FILENO);
if (fd 2)
(void)close (fd);
}
is same as:
if (!noclose (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
(void)dup2(fd, 0);
(void)dup2(fd, 1);
(void)dup2(fd, 2);
if (fd 2)
(void)close (fd);
}
right?
Right.
What is this last check (fd 2) needed for? Isn't fd always 2,
because the first 3 are already taken by the STDxxx streams at the
program start?
Nope. There is no guarantee that fds 0-2 are open when a program
starts. In that case, fd will fall in the range 0-2 and without
the check we can close one of the descriptors 0-2.
Bonus trivia: There's also no guarantee that argc 0 when a program
starts. Lots of programs make bad assumptions...
- todd
Re: twiki
Johan P. Lindstrvm wrote: I would like to co-write an installation guide for twiki (it's in packages) for us less seasoned obsd monglers, I am finding it not-so-straight-forward and would like to help every one else on their way, does anyone know whom I may contact about this matter or do you feel the spotlight? I am more then willing to supply first line support for this package if it would come to that. //Johan You probably want to get a hold of Daniel Ouellet, who's been spearheading the unofficial documentation project at www.openbsdsupport.org. It's a bunch of documents that we in the community have written for folks who are willing to do their homework, but haven't quite worked out how to get from manpage to production. You'll notice that some folks write in a style very similar to Nick Holland's official FAQ, while others (like me) are quite different.
Re: twiki
Johan P. Lindstrvm wrote: This is much appreciated, after reading Nick Holland's post ( http://www.holland-consulting.net/obsd/faq-help.html ) I can't do more than agree and feel challenged. How ever, I am missing some details for my FAQ and would really like to get in touch with the individual/group whom made the package to make it more useful, or am I taking the wrong approach? Well, binaries are built and distributed by Theo and the other devs. The packages themselves are built from the ports tree, which is maintained by any number of people. It sounds like they're the ones you're looking for. Take a look inside the Makefile ;)
CURRENT and DHCP with Linksys routers (WAS: 8/13 snapshot and DHCP)
On 8/21/05, Kenneth R Westerback [EMAIL PROTECTED] wrote: Hmm. What was the -s parameter to tcpdump? My first look at the dump shows only the first 80 bytes or so, which may be the default. We need the entire packets captured. So a -s of 1000 would be good. At Kenneth's request, I've redone a tcpdump with -s 1000 and using a wired connection (to start ruling out confounding factors). Just to stay up to date, this is with a 20 August snapshot. Until this issue is closed (one way or another), I'll keep the latest tcpdump at http://www.aleph0.com/computing/openbsd/bugs/3.8-dhcp-tcpdump and the latest method for getting said tcpdump at http://www.aleph0.com/computing/openbsd/bugs/3.8-dhcp-script (that script is also included below). In the near future, I'll be trying a snapshot with a dhclient from 3.7-stable and see how that works. Thanks again for all the looks, everyone, and keep up the great work! As always, please let me know if there's any other information I can contribute. CDJ Script started on Sun Aug 21 18:24:11 2005 # dmesg OpenBSD 3.8-beta (GENERIC) #110: Sat Aug 20 22:11:21 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Mobile Intel(R) Celeron(R) CPU 2.20GHz (GenuineIntel 686-class) 2.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 232300544 (226856K) avail mem = 205090816 (200284K) using 2861 buffers containing 11718656 bytes (11444K) of memory User Kernel Config UKC disable apm0 265 apm0 disabled UKC quit Continuing... mainbus0 (root) bios0 at mainbus0: AT/286+(e5) BIOS, date 03/04/05, BIOS32 rev. 0 @ 0xfd830 apm at bios0 function 0x15 not configured pcibios0 at bios0: rev 2.1 @ 0xfd830/0x7d0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf40/160 (8 entries) pcibios0: PCI Interrupt Router at 000:02:0 (SIS 85C503 System rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xc000 0xcc000/0xa000 0xd6000/0x800! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 SIS 650 PCI rev 0x80 ppb0 at pci0 dev 1 function 0 SIS 86C201 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 SIS 650 VGA rev 0x00: aperture at 0xe800, size 0x40 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 2 function 0 SIS 85C503 System rev 0x25 pciide0 at pci0 dev 2 function 5 SIS 5513 EIDE rev 0x00: 650: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: IC25N030ATMR04-0 wd0: 16-sector PIO, LBA48, 28615MB, 58605120 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: QSI, CDRW/DVD SBW242C, UQ81 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 SIS 7013 Modem rev 0xa0 at pci0 dev 2 function 6 not configured auich0 at pci0 dev 2 function 7 SIS 7012 AC97 rev 0xa0: irq 5, SiS7012 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 ohci0 at pci0 dev 3 function 0 SIS 5597/5598 USB rev 0x0f: irq 9, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: SIS OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci0 dev 3 function 1 SIS 5597/5598 USB rev 0x0f: irq 10, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: SIS OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered ehci0 at pci0 dev 3 function 2 SIS 7002 USB rev 0x00: irq 3 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: SIS EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 6 ports with 6 removable, self powered sis0 at pci0 dev 4 function 0 SIS 900 10/100BaseTX rev 0x91: irq 4, address 00:11:43:44:86:42 rlphy0 at sis0 phy 1: RTL8201L 10/100 PHY, rev. 1 cbb0 at pci0 dev 10 function 0 Texas Instruments PCI1510 CardBus rev 0x00: irq 9 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pckbcintr: no dev for slot 1 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 biomask efcd netmask efdd ttymask ffdf pctr: user-level cycle counter enabled dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 # ifconfig lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1
Re: OpenBSD 3.7 Samba 2.2.12 problem with Roaming Profiles
On 8/21/05, Gustavo Rios [EMAIL PROTECTED] wrote: Excuse, but does samba 2.2.12 supports NT Active Directory? As far as i know, not. Anyway, correct if i am wrong. To be precise NT ( Microsoft Windows NT ) did not have Active Directory. Active Directory came with MS Windows 2000. information is now stored in a directory that can be replicated and for which partial or full administrative control can be delegated. Samba-3 is not able to be a domain controller within an Active Directory tree, and it cannot be an Active Directory server. This means that Samba-3 also cannot act as a BDC to an Active Directory domain controller. http://us1.samba.org/samba/docs/man/Samba3-HOWTO/samba-bdc.html#id2548500 -- -- As a PDC, Samba-3 is not able to provide an exact alternative to the functionality that is available with Active Directory. Samba-3 can provide a scalable LDAP-based PDC/BDC solution. http://us1.samba.org/samba/docs/man/Samba3-HOWTO/FastStart.html#id2537638 Samba-3 is not, and cannot act as, an Active Directory server. It cannot truly function as an Active Directory PDC. The protocols for some of the functionality of Active Directory domain controllers has been partially implemented on an experimental only basis. Please do not expect Samba-3 to support these protocols. Do not depend on any such functionality either now or in the future. The Samba Team may remove these experimental features or may change their behavior. This is mentioned for the benefit of those who have discovered secret capabilities in Samba-3 and who have asked when this functionality will be completed. The answer is maybe someday or maybe never! To be sure, Samba-3 is designed to provide most of the functionality that Microsoft Windows NT4-style domain controllers have. Samba-3 does not have all the capabilities of Windows NT4, but it does have a number of features that Windows NT4 domain controllers do not have. In short, Samba-3 is not NT4 and it is not Windows Server 200x: it is not an Active Directory server. We hope this is plain and simple enough for all to understand. http://us1.samba.org/samba/docs/man/Samba3-HOWTO/samba-pdc.html#id2543648 Acting as a Windows 2000 active directory domain controller (i.e., Kerberos and Active Directory). In point of fact, Samba-3 does have some Active Directory domain control ability that is at this time purely experimental. Active directory domain control is one of the features that is being developed in Samba-4, the next generation Samba release. At this time there are no plans to enable active directory domain control support during the Samba-3 series life-cycle. http://us1.samba.org/samba/docs/man/Samba3-HOWTO/samba-pdc.html#id2546770 -- Or was Smonek referring to Joining an OpenBSD+Samba computer as a client to an NT PDC?
