RSS feed for errata
This has been discussed before. I think many people here agree this would be very useful. Some has even volunteered to do it, but I haven't found anything in Google about it yet. So, the question is ?has anybody made it?, otherwise, ?is anybody willing to do it? -- Gerardo Santana
Re: 3.8 beta requests
On 8/24/05, Ted Unangst [EMAIL PROTECTED] wrote: On Wed, 24 Aug 2005, Siju George wrote: just one quick question. where do I actually learn more about page, buffer, malloc etc?? Is this book enough? http://www.amazon.com/exec/obidos/ISBN%3D0201549794/openbsdA/104-8401808-3342305 or are there other good books out there? it's useful. the dinosaur book, _operating system concepts_, is also recommended. thanks a lot tedu :-) kind regards Siju -- And that's why I stopped reading the big newspapers.
Re: RSS feed for errata
2005/8/24, Gerardo Santana Gsmez Garrido [EMAIL PROTECTED]: This has been discussed before. I think many people here agree this would be very useful. Some has even volunteered to do it, but I haven't found anything in Google about it yet. So, the question is ?has anybody made it?, otherwise, ?is anybody willing to do it? I've just found this from a message by dhartmei in undeadly: http://undeadly.org/cgi?action=errata It seems like a first attempt like Daniel says. Is it going to be improved maintained? Just to know if I should wait for it or start coding it myself. -- Gerardo Santana
Re: isakmp vpn configuration
Hi Joel j knight [EMAIL PROTECTED] wrote: I have tried to change Network and Netmask in the [default-route] section from 0.0.0.0 to the network and netmask of one of the vlan subnetworks, but it does not help. I can still connect to the other subnet if I define them in the client. Anyone knows how I can restrict access to only one of the vlan subnets? I don't know why those changes aren't working, however, have you tried: - setting a policy via isakmpd.policy that restricts 'remote_filter' No. I will try that. - blocking traffic using pf Yes, I have tried to filter on VPN client ip addresses on the enc0 interface. This works, but the problem is that not all users should be allowed to do the same things. Since the VPN client ip address can be chosen arbitrary on the VPN client, the user can chose an ip address that is allowed to do what he wants to do. Therefore it is not secured, the user has just to know which ip address has full access, and he can access all he wants on all vlans. Thanks, Daniel
Re: Problems with pf+nat+some websites
Jonathan Schleifer wrote: I don't see where you set the MTU/MSS? Are you sure you have set them somewhere else? eBay is known to have problems with bad/wrong MTU/MSS. Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding -mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!], section MTU/MSS ISSUES. Hello Jonathan, nice try, but i Don't use pppoe. We have a DSL-Router from our providewr and as I mentioned before, we had no Problems with the cisco-router doing the firewall job (Nat). guido
Re: Complete disk disaster
First, thank you very much for your interesting responses. Yesterday in the evening I installed OpenBSD again on the same disk, just to be sure if I could reproduce the errors. Yes!, I did not have to wait for a long time. The errors appeared after some hours of use. I installed the ports tree and run the locate.updateb command, just for moving disk heads. Also added some audio files just to fill the disk space. Yesterday night, there were only two corrupted files, inmediately after the install: /usr/libdata/perl5/AnyDBM_File.pm and /usr/libdata/perl5/Attribute That files disapeared: # pwd /usr/libdata/perl5 # ls A* ls: AnyDBM_File.pm: Bad file descriptor ls: Attribute: Bad file descriptor AutoLoader.pm AutoSplit.pm Today morning, the errors count rised exponentialy. I even could record this errors: wd1(pciide0:0:1): timeout type: ata c_bcount: 2048 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1489200 of 1489200-1489203 (wd1 bn 1489263; cn 1477 tn 7 sn 6), retrying wd1: soft error (corrected) wd1(pciide0:0:1): timeout type: ata c_bcount: 2048 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1486176 of 1486176-1486179 (wd1 bn 1486239; cn 1474 tn 7 sn 6), retrying wd1: soft error (corrected) wd1(pciide0:0:1): timeout type: ata c_bcount: 2048 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1489200 of 1489200-1489203 (wd1 bn 1489263; cn 1477 tn 7 sn 6), retrying wd1: soft error (corrected) wd1(pciide0:0:1): timeout type: ata c_bcount: 2048 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1486376 of 1486376-1486379 (wd1 bn 1486439; cn 1474 tn 10 sn 17), retrying wd1: soft error (corrected) Here comes the fsck output full of errors. It seems that the filesystem gets corrupted quicker as the hard disk reaches its maxim capacity. Even the system is unable to do a clean halt. It starts the ddb. #fsck /dev/wd1a ** /dev/rwd1a (NO WRITE) ** Last Mounted on / ** Root file system ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames UNALLOCATED I=62208 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/libdata/perl5/AnyDBM_File.pm REMOVE? no UNALLOCATED I=62209 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/libdata/perl5/Attribute REMOVE? no UNALLOCATED I=61952 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/bin/lam REMOVE? no UNALLOCATED I=61953 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/bin/last REMOVE? no UNALLOCATED I=61954 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/bin/lastcomm REMOVE? no UNALLOCATED I=61955 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/bin/ldd REMOVE? no UNALLOCATED I=85076 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/include/dev/ic/mpt_ioctl.h REMOVE? no UNALLOCATED I=85077 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/include/dev/ic/mpt_mpilib.h REMOVE? no UNALLOCATED I=85078 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/include/dev/ic/mpt_openbsd.h REMOVE? no UNALLOCATED I=85079 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/include/dev/ic/mpuvar.h REMOVE? no UNALLOCATED I=87776 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/share/man/cat1/mkdep.0 REMOVE? no UNALLOCATED I=8 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/share/man/cat1/mkdir.0 REMOVE? no UNALLOCATED I=87778 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/share/man/cat1/mkfifo.0 REMOVE? no UNALLOCATED I=87779 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/share/man/cat1/mktemp.0 REMOVE? no UNALLOCATED I=89396 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/share/man/cat8/named.0 REMOVE? no UNALLOCATED I=89397 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/share/man/cat8/ncheck.0 REMOVE? no UNALLOCATED I=89397 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/share/man/cat8/ncheck.0 REMOVE? no UNALLOCATED I=89398 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/share/man/cat8/ndp.0 REMOVE? no UNALLOCATED I=89399 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/share/man/cat8/netgroup_mkdb.0 REMOVE? no UNALLOCATED I=92099 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/ports/benchmarks/ubench REMOVE? no UNALLOCATED I=92097 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/ports/benchmarks/randread/distinfo REMOVE? no UNALLOCATED I=92098 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970 NAME=/usr/ports/benchmarks/randread/Makefile REMOVE? no UNALLOCATED I=92096 OWNER=root MODE=0 SIZE=0 MTIME=Jan 1 01:00 1970
Re: Complete disk disaster
Edd Barrett wrote: Oh, thanks, but I tried to do it a month ago from my Linux box and this is an old disk that does not have the SMART thing. :-( At the price of storage media these days, you may aswell just buy another disk. Regards Edd Yes, disks are indeed very cheap. I had this spare disk just to try OpenBSD and get comfortable with it without the risk of breaking my Linux install. Now that I like OpenBSD, I am going to buy a disk for OpenBSD only. Also considering to order the CD. I do not know if waiting for the new release to come. Ramiro. EA1ABZ
Re: RSS feed for errata
On Wed, Aug 24, 2005 at 01:03:04AM -0500, Gerardo Santana Gsmez Garrido wrote: 2005/8/24, Gerardo Santana Gsmez Garrido [EMAIL PROTECTED]: This has been discussed before. I think many people here agree this would be very useful. Some has even volunteered to do it, but I haven't found anything in Google about it yet. So, the question is ?has anybody made it?, otherwise, ?is anybody willing to do it? I've just found this from a message by dhartmei in undeadly: http://undeadly.org/cgi?action=errata It seems like a first attempt like Daniel says. Is it going to be improved maintained? Just to know if I should wait for it or start coding it myself. http://www.vuxml.org/ This is what I use. Could use some work but it is up to date and seems to be maintained. -- Gerardo Santana -- BOFH excuse #48: bad ether in the cables
Re: Complete disk disaster
--On 24 August 2005 10:37 +0200, Ramiro Aceves wrote: pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1489200 of 1489200-1489203 (wd1 bn 1489263; cn 1477 tn 7 sn 6), retrying wd1: soft error (corrected) wd1(pciide0:0:1): timeout type: ata c_bcount: 2048 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1486176 of 1486176-1486179 (wd1 bn 1486239; cn 1474 tn 7 sn 6), retrying wd1: soft error (corrected) [etc] All hard drives have bad blocks, most hard drives now have some spare capacity. As the drive detects bad or failing blocks, the spare blocks are automatically remapped over the bad blocks. This is internal to the drive - by the time you start noticing drive errors, the drive is usually unable to remap any more blocks. Sometimes the manufacturer's drive-test tools can be useful (Hitachi/IBM's DFT can do some basic tests on drives from other manufacturers too). There's also a commercial program Spinrite which claims to have good stress-tests.
Re: 3.8 beta requests
Thanks for not taking the easy route. Changes are always painful, but if they deliver then it's worth it.
Re: Complete disk disaster
On Wed, Aug 24, 2005 at 10:37:46AM +0200, Ramiro Aceves wrote: First, thank you very much for your interesting responses. Yesterday in the evening I installed OpenBSD again on the same disk, just to be sure if I could reproduce the errors. Yes!, I did not have to wait for a long time. The errors appeared after some hours of use. I installed the ports tree and run the locate.updateb command, just for moving disk heads. Also added some audio files just to fill the disk space. Yesterday night, there were only two corrupted files, inmediately after the install: /usr/libdata/perl5/AnyDBM_File.pm and /usr/libdata/perl5/Attribute That files disapeared: wd1(pciide0:0:1): timeout type: ata c_bcount: 2048 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1489200 of 1489200-1489203 (wd1 bn 1489263; cn 1477 tn 7 sn 6), retrying wd1: soft error (corrected) wd1(pciide0:0:1): timeout type: ata c_bcount: 2048 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 hello, are you using a slow disk and a fast disk on the same cable? i remembrer that i experienced similar problems when i tried to put a slow 1.6G togother with a fast 40Go disk on the same cable. are you using a 80-conductor cable ? -- Alexandre
Re: 3.8 beta requests
Theo de Raadt wrote: Oh well -- we've decided that we will try to ship with this protection mechanism in any case, and try to solve the problems as we run into them. Is that means that 3.8 might be unstable ? Maybe all who wants/needs stable systems need to run 3.7 ?
Re: 3.8 beta requests
No,it is clear that he is talking about the problems *other* people's (buggy) software will have. On 8/24/05, Genadijus Paleckis [EMAIL PROTECTED] wrote: Theo de Raadt wrote: Oh well -- we've decided that we will try to ship with this protection mechanism in any case, and try to solve the problems as we run into them. Is that means that 3.8 might be unstable ? Maybe all who wants/needs stable systems need to run 3.7 ?
Re: Complete disk disaster
Alexandre Ratchov wrote: On Wed, Aug 24, 2005 at 10:37:46AM +0200, Ramiro Aceves wrote: First, thank you very much for your interesting responses. Yesterday in the evening I installed OpenBSD again on the same disk, just to be sure if I could reproduce the errors. Yes!, I did not have to wait for a long time. The errors appeared after some hours of use. I installed the ports tree and run the locate.updateb command, just for moving disk heads. Also added some audio files just to fill the disk space. Yesterday night, there were only two corrupted files, inmediately after the install: /usr/libdata/perl5/AnyDBM_File.pm and /usr/libdata/perl5/Attribute That files disapeared: wd1(pciide0:0:1): timeout type: ata c_bcount: 2048 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1489200 of 1489200-1489203 (wd1 bn 1489263; cn 1477 tn 7 sn 6), retrying wd1: soft error (corrected) wd1(pciide0:0:1): timeout type: ata c_bcount: 2048 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 hello, are you using a slow disk and a fast disk on the same cable? i remembrer that i experienced similar problems when i tried to put a slow 1.6G togother with a fast 40Go disk on the same cable. are you using a 80-conductor cable ? Yes!, I am using a 40 GB (aprox 4 years old) as master, and 1GB (around 10) as slave. Cable is 40-conductor, I think. Both at the same cable. Thanks Ramiro.
Re: Problems with pf+nat+some websites
Guido Tschakert wrote: Jonathan Schleifer wrote: I don't see where you set the MTU/MSS? Are you sure you have set them somewhere else? eBay is known to have problems with bad/wrong MTU/MSS. Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding -mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!], section MTU/MSS ISSUES. Hello Jonathan, nice try, but i Don't use pppoe. We have a DSL-Router from our providewr and as I mentioned before, we had no Problems with the cisco-router doing the firewall job (Nat). so, yes you DO use PPPoE. DSL systems VERY often have a smaller-than-possible MTU. This often causes problems much like you describe. Just set it in your hostname.if file. Google for simple ping tests to find the maximum MTU you can use in your precise case...and see if setting the firewall accordingly solves your problem. Nick.
Re: raid kernel
Edd Barrett wrote: Hi there, Is there any reason why we can not include a raid enabled kernel in the distribution? (not as default, but in the same way bsd.mp is). I believe this would save me (and others?) time when upgrading OpenBSD machines. The kernel would need static device node configuration, device raid and option RAID_AUTOCONFIG There may well be a very good reason this hasnt been done before which I have overlooked, and if so I apologise in advance. For one, what if you don't want RAID_AUTOCONFIG? It would save YOU time if we set the options you needed. If not, it would cause more complaints about how could you chose such an option? Further, it would probably need to be TWO new kernels -- bsd.raid and bsd.raid.rd, as you would need an install/maintenance kernel, too. And that would add a lot of testing for developers at around this time... Personally, I'd rather keep the focus on the simple system, rather than the possible combinations required to do proper RAID testing every release... Nick.
Re: raid kernel
For one, what if you don't want RAID_AUTOCONFIG? It would save YOU time if we set the options you needed. If not, it would cause more complaints about how could you chose such an option? True Further, it would probably need to be TWO new kernels -- bsd.raid and bsd.raid.rd, as you would need an install/maintenance kernel, too. And that would add a lot of testing for developers at around this time... Also people who want mp and raid will complain. Personally, I'd rather keep the focus on the simple system, rather than the possible combinations required to do proper RAID testing every release... As I said. I probably overlooked something.. It was just a suggestion. Thanks for your input Regards Edd
Re: 3.8 beta requests
Antonios Anastasiadis wrote: No,it is clear that he is talking about the problems *other* people's (buggy) software will have. On 8/24/05, Genadijus Paleckis [EMAIL PROTECTED] wrote: Theo de Raadt wrote: Oh well -- we've decided that we will try to ship with this protection mechanism in any case, and try to solve the problems as we run into them. Is that means that 3.8 might be unstable ? Maybe all who wants/needs stable systems need to run 3.7 ? well, from base system side I gues it will be minimal problems, but what about ports ? because almost everyone using it.
Re: 3.8 beta requests
Genadijus Paleckis wrote: Theo de Raadt wrote: Oh well -- we've decided that we will try to ship with this protection mechanism in any case, and try to solve the problems as we run into them. Is that means that 3.8 might be unstable ? Maybe all who wants/needs stable systems need to run 3.7 ? Maybe, maybe not. Perhaps you like worrying? Anyway. I've been testing this stuff since the first snapshots and now the 3.8 beta and I never noticed any instability. # Han -- . When a place gets crowded enough to require ID's, social ..^/ collapse is not far away. It is time to go elsewhere. The `-. ___ ) best thing about space travel is that it made it possible to || || mh go elsewhere. -- Robert Heinlein, Time Enough For Love
Re: 3.8 beta requests
Genadijus Paleckis [EMAIL PROTECTED] writes: Theo de Raadt wrote: Oh well -- we've decided that we will try to ship with this protection mechanism in any case, and try to solve the problems as we run into them. Is that means that 3.8 might be unstable ? Maybe all who wants/needs stable systems need to run 3.7 ? Yes, it means you should switch to linux because it's stable and never does anything to rock the boat. sigh. It's comments like this that convince me that I should never tell anyone about what I'm developing, how it works and what effects it might have. Anything you say will be used against you. //art
Re: 3.8 beta requests
Theo de Raadt wrote: Of course not. HOW CAN IT? Get real! The hardware is STILL only providing permissions at the page level! If you have aggressive amounts of ram and/or patience you could have something along the malloc.conf P-option for ALL sizes. Of course it would suck for any app more complex than sleep but for the sake of argument... Apparently the new malloc(3) implementation doesn't stop me from writing past the end of buffer as long as I am inside the last page. (Please forgive me beforehand if I am missing something too obvious)
raid controller suggestions
Hello, Can you recommand a performant scsi raid controller (with external connector as it will be connected to an external HD TOWER !!) for use in an OpenBSD3.7 file server? Many thanks for the any comments/recommendations didier
Re: 3.8 beta requests
Hello! On Wed, Aug 24, 2005 at 02:28:25PM +0300, Genadijus Paleckis wrote: [...] Is that means that 3.8 might be unstable ? Maybe all who wants/needs stable systems need to run 3.7 ? well, from base system side I gues it will be minimal problems, but what about ports ? because almost everyone using it. The very most things just work for me. Base, X11, applications like firefox or gaim, own C/C++ code. A few things that get bitten are some packages doing their own and very different memory management, but can't avoid malloc altogether. That is ports/lang/clisp, that seems to be also gprolog, according to Marc Espie. I'd guess it'll also bite sbcl/cmucl (but there's no current port [neither in the sense of /usr/ports, nor in the sense of a 3rd party package] of cmucl for OpenBSD anyway). Some other things are not bitten in the same way, even though they do have different memory management. Including ghc, probably also SML/NJ (own build as of Jul 12, using libc 38.1, wasn't mmap-based malloc + mmap randomization in there already?). I *am* a bit sad about the fact that there're no running Lisp implementations for OpenBSD at all in the moment, but I don't have the energy to contribute own effort to change this, and it's not *that* high priority for me. I think Theo's (and other core developers') decision to release 3.8 with those malloc/mmap changes in is good overall. Kind regards, Hannah.
Re: 3.8 beta requests
On 2005/08/24 14:28:25, Genadijus Paleckis wrote: well, from base system side I gues it will be minimal problems, but what about ports ? because almost everyone using it. If software segfaults because of this, it's because it's already doing something wrong, and it could already be giving unpredictable results. If software is faulty, I'd rather have a segfault when the faulty code is run, than through finding corrupt data maybe months in the future because the failure was invisible.
Re: raid kernel
One point in favour of a GENERIC RAID Kernel(s), consider when a user posts the following request for help: 'I've compiled my own kernel and Xyz is broken' Now after being on the mailing list for a quite a while I know the stock answer always seems to be 'drop back to GENERIC and stop playing with custom kernels if you want help from this list'. Now if the user is using RAID and has APPS/Data etc on a raid volume this isn't exactly going to be easy. Now I 100% understand this thinking and won't raise a complaint against it, but as your now advocating that in order to use a key feature of OBSD a custom kernel is 'the way' where does that leave the sys admins such as myself when it comes to support from the lists? By having a GENERIC RAID kernel, with or without various options would at least allow for some alternate yet supported systems all be it at an increased workload for the team I'm not currently using any kernel based system so have no axe to grid, I'm just making an observation. just my 2 pence anyway.
Re: 3.8 beta requests
Artur Grabowski wrote: Genadijus Paleckis [EMAIL PROTECTED] writes: Theo de Raadt wrote: Oh well -- we've decided that we will try to ship with this protection mechanism in any case, and try to solve the problems as we run into them. Is that means that 3.8 might be unstable ? Maybe all who wants/needs stable systems need to run 3.7 ? It's comments like this that convince me that I should never tell anyone about what I'm developing, how it works and what effects it might have. Anything you say will be used against you. Ow come on. What a one sided comment :-) Lots of people read it and rejoice. And lots of people dedicate a non-critical machine to running snapshots and try to find bugs. And I haven't found any malloc related problems since 3.7 :-) # Han -- OpenBSD: Only one remote ,`o. Consultants are mystical people who hole in the default install ( ,c@ ask a company for a number and then in more than 8 years!',,,' give it back to them.
Re: 1U server recommendation
On 7/27/05, Matthew Bettinger [EMAIL PROTECTED] wrote: Hello, Can anyone recommend a decent rack server from HP, Dell, IBM or CDW that will run OpenBSD for webserver use? I would prefer a machine that has SCSI drives with Mirror Raid capabilities. I know I can go piecemeal one from FRY's but I need one that can have a hardware support agreement tied to it. I was glancing at the sunfire v20z , ibm xseries 306 and HP DL360 with Smart Array 6i. The dl360 looks like it fits the bill but I have had problems in the past with the smart array on older DL class boxes. The server(s) will be used for web shell and sftp services under medium loads. Thank you. -mb www.mullet.se offers *BSD tested servers from 1U and up, I placed an order for a 1U box last week, don't know how they ship outside sweden though. -- // Johan
Re: Problems with pf+nat+some websites
Nick Holland wrote: Guido Tschakert wrote: Jonathan Schleifer wrote: I don't see where you set the MTU/MSS? Are you sure you have set them somewhere else? eBay is known to have problems with bad/wrong MTU/MSS. Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding -mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!], section MTU/MSS ISSUES. Hello Jonathan, nice try, but i Don't use pppoe. We have a DSL-Router from our providewr and as I mentioned before, we had no Problems with the cisco-router doing the firewall job (Nat). so, yes you DO use PPPoE. DSL systems VERY often have a smaller-than-possible MTU. This often causes problems much like you describe. Ok, the DSL-Router of my provider uses PPPOE. But please tell me, why I should set the mtu on the openbsd router to something lower then 1500 when the cisco router, I used before and now has set the mtu on his outgoing interface to 1500. (This router has 2 Ethernet-Interfaces and does nothing with pppoe). Why can it deal with this problem and openbsd not. BTW. this morning I tried the suggestions from Jonathan and it didn't work :-( As I mentioned in another thread (ok, it was stupid to fork the thread) there is another problem with malformed packets and reassemble tcp and all other scrub rules I tried did'nt work. Just set it in your hostname.if file. Google for simple ping tests to find the maximum MTU you can use in your precise case...and see if setting the firewall accordingly solves your problem. Nick. -- Mit freundlichen Gr|_en, Guido Tschakert
Re: Complete disk disaster
On Wed, Aug 24, 2005 at 12:53:45PM +0200, Ramiro Aceves wrote: Yes!, I am using a 40 GB (aprox 4 years old) as master, and 1GB (around 10) as slave. Cable is 40-conductor, I think. Both at the same cable. hmmm... can you try to put slow devices and fast devices on separate cables. by slow devices i mean cdroms and old hard disks. -- Alexandre
Re: 3.8 beta requests
Genadijus Paleckis wrote: Theo de Raadt wrote: Oh well -- we've decided that we will try to ship with this protection mechanism in any case, and try to solve the problems as we run into them. Is that means that 3.8 might be unstable ? Maybe all who wants/needs stable systems need to run 3.7 ? It means that you should try it and report bugs if you find any. Remember that most of the developers run -current throughout the development cycle (often in production). -d
Re: proper way to format/use floppies (i386)
Michael Adam [EMAIL PROTECTED] wrote: Well, as I wrote above, I know about the fdformat program, and low level formatting is actually not what my question was aimed at -- it was aimed at the disklabel / filesystem level of formatting. But this may have got lost in my overly long email. :-) Also, the question was not how to get the job of putting a filesystem onto a floppy accomplished at all, but which is the right or preferred way to do so (since there are, as I pointed out several possible ways). I already answered that before: Jonathan Schleifer [EMAIL PROTECTED] wrote: Floppies usually don't have a partition table nor a disk label, so just newfs fd0c and you should be fine. You also heart this from others. So it's not that your main question got lost ;). -- Jonathan
Re: 3.8 beta requests
Hello! On Wed, Aug 24, 2005 at 08:02:54AM -0500, Dave Feustel wrote: On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote: I *am* a bit sad about the fact that there're no running Lisp implementations for OpenBSD Does (X)emacs work? Yes, but I meant (and neglected to say explicitly) Common Lisp. Kind regards, Hannah.
Re: Nagios: Premature end of script headers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Look at this http://www.mand4la.info/index.php/NagiosObsd I've wrote this doc in italian, bat the code is the same :P BTW..try to lunch apache with -u httpd -u Bye Matteo Joco Salvatti wrote: Hi all, I installed and configured Nagios on my machine. The Nagios webpage can be retrieve normally, but something strange happens when I try to retrieve host detail: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [EMAIL PROTECTED] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Eu olhei o arquivo de log de erros e ele me diz o seguinte: [Tue Aug 23 11:35:06 2005] [error] [client 10.10.1.254http://10.10.1.254/ http://10.10.1.254] Premature end of script headers: /nagios/cgi-bin/tac.cgi [Tue Aug 23 11:35:16 2005] [error] [client 10.10.1.254 http://10.10.1.254/ http://10.10.1.254] Premature end of script headers: /nagios/cgi-bin/status.cgi I've already tried to look for some reference about how to solve this problem at Google, but I couldn't find a thing. Has anyone any suggestion about how to solve this? Thanks -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED] iD8DBQFDI9p3/TjXD9LUVswRAs5yAJsGLNFH58td7e8N3JdJ2bezdDcPFwCfTzEy xoyM8FNkgYBWqAhxutXURRw= =Ntg4 -END PGP SIGNATURE-
Re: 3.8 beta requests
On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote: A few things that get bitten are some packages doing their own and very different memory management, but can't avoid malloc altogether. That is ports/lang/clisp, that seems to be also gprolog Can you describe how these programs manage to seg fault doing their memory management? How do they run now if they don't use malloc? -- Tired of having to defend against Malware? (You know: trojans, viruses, SPYWARE, ADWARE, KEYLOGGERS, rootkits, worms and popups) Then Switch to OpenBSD with a KDE desktop!!!
Re: 3.8 beta requests
On Wednesday 24 August 2005 08:04, Hannah Schroeter wrote: Hello! On Wed, Aug 24, 2005 at 08:02:54AM -0500, Dave Feustel wrote: On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote: I *am* a bit sad about the fact that there're no running Lisp implementations for OpenBSD Does (X)emacs work? Yes, but I meant (and neglected to say explicitly) Common Lisp. I understood what you meant. I was just wondering if everything using lisp techniques (eg scheme) was broken. Thanks. Kind regards, Hannah. -- Tired of having to defend against Malware? (You know: trojans, viruses, SPYWARE, ADWARE, KEYLOGGERS, rootkits, worms and popups) Then Switch to OpenBSD with a KDE desktop!!!
Re: /usr/share/pf/ suggestion
On Tuesday 23 August 2005 11:58 pm, eric wrote: On Tue, 2005-08-23 at 16:53:25 -0600, Theo de Raadt proclaimed... It is plain simple bad advice. And totally ridiculous. And plus, with ipv6, it's imperative that the filters be pushed down to the end-host so we can quit relying on stupid firewalls and NAT bullshit to break networks and slow progress. Itojun mentioned the fact that each host should have a firesuit in the ipv6 world. It's quite good advice. Well, lets not get ahead of ourselves here. Filtering at the network edge is A Good Thing(TM) when done correctly, it is NAT that is not necessarily a good thing. Filtering incoming (and possibly outgoing traffic) helps do several things, first it decreases the burden on your hosts. It also allows you a place to stop traffic that should never leave your network, for example, only your mail servers should be allowed to send traffic on port 25. I'm not saying that we should ignore host based firewalls, because that isn't the case, I'm just recommending that you not be so quick to dismiss the value of having a filter beyond the host.
Re: 3.8 beta requests
On Wed, 24 Aug 2005, Damien Miller wrote: Remember that most of the developers run -current throughout the development cycle (often in production). -d and Theo get's really pissed off when someone breaks the tree so it won't compile and/or the change creates disfunction in other parts of the system, just read some of Theo's comments in the CVS list sometime. g.day
Re: proper way to format/use floppies (i386)
Jonathan Schleifer [EMAIL PROTECTED] wrote: Michael Adam [EMAIL PROTECTED] wrote: which is the right or preferred way to do so (since there are, as I pointed out several possible ways). I already answered that before: Jonathan Schleifer [EMAIL PROTECTED] wrote: Floppies usually don't have a partition table nor a disk label, so just newfs fd0c and you should be fine. Well yes, it is working. But still: The floppy does have a disklabel which does only have partition c by default. And it seems strange to me, that I should create a filesystem on a partition c. And even stranger, this file system can afterwards be accessed through partition a which does not even show up in the disklabel. What puzzles me even more is the fact, that in the boot Absolute OpenBSD by Michael W. Lucas, it is said on page 310, that FFS file systems need a valid partition table on every disk and then the author desribes the following steps: # disklabel -w /dev/rfd0c floppy # newfs /dev/rfd0c which yields a disklabel with overlapping partitions, and disklabel -E fd0 tells me that the disklabel has an error an offers me to disable one partition or the other... These are the reasons why I was not completely content with your short an simple answer. (I do favor simple solutions, of course!) You also heart this from others. So it's not that your main question got lost ;). Not on your side anyway... ;-) Cheers, Michael
Re: Problems with pf+nat+some websites
Guido Tschakert [EMAIL PROTECTED] wrote: BTW. this morning I tried the suggestions from Jonathan and it didn't work :-( This is normal. I thought you use the OpenBSD Box for PPPoE and NAT directly, not through another router, which is a hardware box. I noticed in the past that hardware routers often have problems with the MTU/MSS and that made eBay very slow for me, too, when using my hardware router. Many sites with IIS-Servers also had problems. Maybe you could try to use an OBSD Box as router and test if it works better? For me, eBay works just fine with an OBSD Box as router with the settings I posted. And it's a lot superior to my hardware router ;). -- Jonathan
Re: /usr/share/pf/ suggestion
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bryan Irvine Sent: Wednesday, August 24, 2005 10:11 AM To: Misc OpenBSD Subject: Re: /usr/share/pf/ suggestion I personally like to 'pass keep state' with a 'scrub all' rule. This at least gives me some interesting statistics to poke at when I'm bored. Plus, I can firewall who gets to ssh into my machine. Another good use is {max-src-states ##} for webservers and the like. I have a webserver that would crash at 9am every morning when a few bots (2 in particaular) would crawl the site. They are poorly configured and open roughly 120 simlutaneous connections. They were very low bandwidth, but there went all available connections. To quote Theo it's Horse-shit to say you don't need to filter single hosts. --Bryan What crashed? Apache or OpenBSD?
Re: /usr/share/pf/ suggestion
I personally like to 'pass keep state' with a 'scrub all' rule. This at least gives me some interesting statistics to poke at when I'm bored. Plus, I can firewall who gets to ssh into my machine. Another good use is {max-src-states ##} for webservers and the like. I have a webserver that would crash at 9am every morning when a few bots (2 in particaular) would crawl the site. They are poorly configured and open roughly 120 simlutaneous connections. They were very low bandwidth, but there went all available connections. To quote Theo it's Horse-shit to say you don't need to filter single hosts. --Bryan
Re: 3.8 beta requests
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Diana Eichert Sent: Wednesday, August 24, 2005 10:08 AM To: Miscellaneous OBSD Subject: Re: 3.8 beta requests On Wed, 24 Aug 2005, Damien Miller wrote: Remember that most of the developers run -current throughout the development cycle (often in production). -d and Theo get's really pissed off when someone breaks the tree so it won't compile and/or the change creates disfunction in other parts of the system, just read some of Theo's comments in the CVS list sometime. g.day In the end, quality control happens through selfish testing. The OpenBSD community doesn't evenly divide up the things to test. People test their own setups. I'm not concerned with making OpenBSD stable. I'm concerned with making i386 OpenBSD running Mambo stable. The wonderful thing about a participatory development process is that everyone's overlapping needs generally test the system fairly well. The real problem is people who encounter a problem and fail to report it. They just think this is crap and go on to something else.
Re: Problems with pf+nat+some websites
Nick Holland wrote: Guido Tschakert wrote: Jonathan Schleifer wrote: I don't see where you set the MTU/MSS? Are you sure you have set them somewhere else? eBay is known to have problems with bad/wrong MTU/MSS. Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding -mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!], section MTU/MSS ISSUES. Hello Jonathan, nice try, but i Don't use pppoe. We have a DSL-Router from our providewr and as I mentioned before, we had no Problems with the cisco-router doing the firewall job (Nat). so, yes you DO use PPPoE. DSL systems VERY often have a smaller-than-possible MTU. This often causes problems much like you describe. Just set it in your hostname.if file. Google for simple ping tests to find the maximum MTU you can use in your precise case...and see if setting the firewall accordingly solves your problem. Nick. Um... no, not all DSL implementations are PPPoE. I have a DSL modem that just gives me an Ethernet port on the back. Our ISP just has us use a certain hostname in the DHCP request, and voilla, we are on the Internet. There is no PPP negotiation involved. I am pretty intimate with this, because I have clients that have been running PPPoE since 2.6/2.7 when I really had to hammer it to try to get it to work reliably. And on my interface, the MTU is 1500... vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 address: 00:50:ba:b3:a7:26 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::250:baff:feb3:a726%vr0 prefixlen 64 scopeid 0x2 inet XX.YY.200.188 netmask 0xffe0 broadcast XX.YY.200.191 Cheers, Steve
Re: /usr/share/pf/ suggestion
On Wed, Aug 24, 2005 at 09:15:48AM -0400, Timothy Donahue wrote: On Tuesday 23 August 2005 11:58 pm, eric wrote: On Tue, 2005-08-23 at 16:53:25 -0600, Theo de Raadt proclaimed... It is plain simple bad advice. And totally ridiculous. And plus, with ipv6, it's imperative that the filters be pushed down to the end-host so we can quit relying on stupid firewalls and NAT bullshit to break networks and slow progress. Itojun mentioned the fact that each host should have a firesuit in the ipv6 world. It's quite good advice. Well, lets not get ahead of ourselves here. Filtering at the network edge is A Good Thing(TM) when done correctly, it is NAT that is not necessarily a good thing. Speaking as a network guy NAT is A Good Thing granted it breaks some outdated notion of end to end commo. But if more people payed strict attention to the OSI model that would not matter. Simply put if an application puts a IP addy someplace my NAT box can't touch it the application is broken. And in today's world anything that puts one more layer between my network and the net is good. Other than that I agree with everything else you've said. Filtering incoming (and possibly outgoing traffic) helps do several things, first it decreases the burden on your hosts. It also allows you a place to stop traffic that should never leave your network, for example, only your mail servers should be allowed to send traffic on port 25. I'm not saying that we should ignore host based firewalls, because that isn't the case, I'm just recommending that you not be so quick to dismiss the value of having a filter beyond the host. -- BOFH excuse #381: Robotic tape changer mistook operator's tie for a backup tape.
Re: pf + malformed packets
is there a possibility to tell pf.conf to accept malformed packets. turn off 'reassemble tcp' in your scrub rule if you don't want to validate the packets. pfctl -x loud tells me: Aug 24 09:50:43 gw-bonn /bsd: pf_normalize_tcp_stateful: Did not receive expected RFC1323 timestamp 09:50:43.291716 160.44.70.4.www 192.168.100.1.49653: F 105:105(0) ack 498 win 64091 nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop (DF) That's not the offending packet. We'll only check RFC1312 PAWS timestamps on data packets while the connection is in the established state. That packet isn't bearing any data. .mike
Re: 3.8 beta requests
hmm, on Tue, Aug 23, 2005 at 09:23:27AM -0700, Raymond Lillard said that Maybe a slogan along the lines of, Is your software good enough for OpenBSD!! Perhaps it could be worked into the release's theme. that is truly a brilliant idea ;-) any artists here? make a designed for puffy logo. first, all of the openbsd related projects could put it on their site. later the porters could ask their ported projects to include the logo on their page (if they deserve it) tshirts, mugs, a magazine, a tv show, finally even the HW manufacturers and microsoft would be pressed to redesign their OS to get the seal of quality. and after the planet is conquered, the universe is the limit! ha ha ha! -f (ps. i swear the tagline was generated random!) -- all your base are belong to us.
stupid wifi question
Hi everyone, First of all, I'm sorry for such stupid question. I know, that I need few details, but I can't figure out what are they. I'm plaing with Intel(r) PRO/Wireless2200BG wifi card and it's configuration. I have found different descriptions for the /etc/dhclient.conf file. I have read iwi manual. There are different options (or maybe only different same option names). I'm newbie in a wifi networks. But in the other system, machine with windows and netstumbller I found these wifi networks settings: SSID: sessionid Network Authentification: Open Data Encryption: Wep Network key: 1011121311 (0x1011121311) There sessionid is changed only for anonimity purposes. So. In OpenBSD 3.7 stable iwi0 is working, but I can't associate to the access point. I need to use dhcp (em0 is working perfect). Now I'm trying to use such /etc/dhclient.conf configuration: initial-interval 1; send host-name thinkpad; request subnet-mask, broadcast-address, routers, domain-name, domain-name-servers, host-name; interface iwi0 { media ssid sessionid wepkey 0x1011121311; } And when I try to use: #dhclient iwi0 I get following errors: Trying medium ssid sessionid wepkey 0x1011121311 1 DHCPDISCOVER on iwi0 to 255.255.255.255 port 67 interval 2 send_packet: Network is down I get this in a cycle with different intervals ( 255.255.255.255 port 67 interval 2, 255.255.255.255 port 67 interval 3, 255.255.255.255 port 67 interval 7). What are the differences between wepkey and nwkey mentioned in iwi driver developer page (http://damien.bergamini.free.fr/ipw/ipw-openbsd.html). And in the same page there are good description, but only for static configurations. So if I 've understood everything correctly, I need to use /etc/dhclient.conf file for configuration. But I stuck there. Please, give me any advice or a link. Thanks for your patient, and sorry for me english. Regards, -- Slack is GOOD. OBSD better.
Re: /usr/share/pf/ suggestion
On 8/24/05, Bryan Irvine [EMAIL PROTECTED] wrote: I personally like to 'pass keep state' with a 'scrub all' rule. This at least gives me some interesting statistics to poke at when I'm bored. Plus, I can firewall who gets to ssh into my machine. Another good use is {max-src-states ##} for webservers and the like. I have a webserver that would crash at 9am every morning when a few bots (2 in particaular) would crawl the site. They are poorly configured and open roughly 120 simlutaneous connections. They were very low bandwidth, but there went all available connections. To quote Theo it's Horse-shit to say you don't need to filter single hosts. I left out a lot of my reasoning for feeling the way I do in my first mail about not needing a packet filter on single hosts, and it's more a personal preference, not telling everyone that you're all idiots for wanting to. If your web server crashes because it has 240 connections open (I'm assuming 120 per bot) then there seems to be something else wrong with it, and shouldn't be ignored by just throwing up pf. It was more that for me, if I throw up pf to protect a single host, I tend to get lazy in the administration of it, and start ignoring things that should really be looked at (like applications opening up random ports, in reference to an earlier KDE post). I really don't think that a desktop environment should be opening up anything at all, and so I'd rather just not run it instead of run a desktop environment that I have no idea what it's doing on the network. If anyone is interested any further as to why I feel the way I do, email me privately, since this is getting way off topic and doesn't belong on the openbsd-misc mailing list anyways. Jason
Re: proper way to format/use floppies (i386)
Hello! On Wed, Aug 24, 2005 at 07:57:55AM -0700, Spruell, Darren-Perot wrote: [...] Is there any reason to use FFS on a floppy? Won't FAT (-12, or whatever) work fine? Could you just mformat it and be along? Of course there is. Just take a look at the boot floppies, for example. Or think of the floppy image I used for that mini bridge hack... Or if you want to use features FAT doesn't offer, like owners/permissions/255 char filenames. But I guess for many purposes, mformat and either mtools or mount_msdosfs will be enough. Kind regards, Hannah.
Re: /usr/share/pf/ suggestion
On Wed, 2005-08-24 at 09:15:48 -0400, Timothy Donahue proclaimed... A Good Thing(TM) when done correctly, it is NAT that is not necessarily a good thing. Filtering incoming (and possibly outgoing traffic) helps do several things, first it decreases the burden on your hosts. It also allows you a place to stop traffic that should never leave your network, for example, only your mail servers should be allowed to send traffic on port 25. Ha, sure. Now get a job outside your little corporate entity and see how that goes over. Then let us decide on our own policies.
Re: proper way to format/use floppies (i386)
Spruell, Darren-Perot [EMAIL PROTECTED] wrote: Is there any reason to use FFS on a floppy? Won't FAT (-12, or whatever) work fine? Could you just mformat it and be along? Yes, in fact there are: 1. As a matter of principle. 2. I need the FFS file permissions and ownerships on the floppy. Michael
Re: stupid wifi question
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of slack _usr Sent: Wednesday, August 24, 2005 10:41 AM To: misc@openbsd.org Subject: stupid wifi question Hi everyone, First of all, I'm sorry for such stupid question. I know, that I need few details, but I can't figure out what are they. I'm plaing with Intel(r) PRO/Wireless2200BG wifi card and it's configuration. I have found different descriptions for the /etc/dhclient.conf file. I have read iwi manual. There are different options (or maybe only different same option names). I'm newbie in a wifi networks. But in the other system, machine with windows and netstumbller I found these wifi networks settings: SSID: sessionid Network Authentification: Open Data Encryption: Wep Network key: 1011121311 (0x1011121311) There sessionid is changed only for anonimity purposes. So. In OpenBSD 3.7 stable iwi0 is working, but I can't associate to the access point. I need to use dhcp (em0 is working perfect). Now I'm trying to use such /etc/dhclient.conf configuration: initial-interval 1; send host-name thinkpad; request subnet-mask, broadcast-address, routers, domain-name, domain-name-servers, host-name; interface iwi0 { media ssid sessionid wepkey 0x1011121311; } And when I try to use: #dhclient iwi0 I get following errors: Trying medium ssid sessionid wepkey 0x1011121311 1 DHCPDISCOVER on iwi0 to 255.255.255.255 port 67 interval 2 send_packet: Network is down I get this in a cycle with different intervals ( 255.255.255.255 port 67 interval 2, 255.255.255.255 port 67 interval 3, 255.255.255.255 port 67 interval 7). What are the differences between wepkey and nwkey mentioned in iwi driver developer page (http://damien.bergamini.free.fr/ipw/ipw-openbsd.html). And in the same page there are good description, but only for static configurations. So if I 've understood everything correctly, I need to use /etc/dhclient.conf file for configuration. But I stuck there. Please, give me any advice or a link. Thanks for your patient, and sorry for me english. Regards, -- Slack is GOOD. OBSD better. I think you should be putting your settings in /etc/hostname.iwi0 See man iwi for examples.
Re: stupid wifi question
On Wed, Aug 24, 2005 at 05:41:15PM +0300, slack _usr wrote: First of all, I'm sorry for such stupid question. I know, that I need few details, but I can't figure out what are they. I'm plaing with Intel(r) PRO/Wireless2200BG wifi card and it's configuration. I have found different descriptions for the /etc/dhclient.conf file. I have read iwi manual. There are different options (or maybe only no, i don't think that you read the iwi(4) or ifconfig(8) manual. see below. initial-interval 1; send host-name thinkpad; request subnet-mask, broadcast-address, routers, domain-name, domain-name-servers, host-name; interface iwi0 { media ssid sessionid wepkey 0x1011121311; } huh? why don't you just use a /etc/hostname.iwi0 (see hostname.if(5)!) with one line like this: dhcp nwid sessionid nwkey 0x1011121311 ...and use the default dhclient configuration? What are the differences between wepkey and nwkey mentioned in iwi again, that's why i think that you didn't read the documentation. neither iwi(4) nor ifconfig(8). there are no options called wepkey or essid in openbsd. reyk
Re: /usr/share/pf/ suggestion
What crashed? Apache or OpenBSD? Apache of course! ;)
Re: 3.8 beta requests
On Wed, Aug 24, 2005 at 08:09:36AM -0500, Dave Feustel wrote: On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote: A few things that get bitten are some packages doing their own and very different memory management, but can't avoid malloc altogether. That is ports/lang/clisp, that seems to be also gprolog Can you describe how these programs manage to seg fault doing their memory management? How do they run now if they don't use malloc? -- Those programs use mmap() to create their basic image and fill it in. Then on a later invocation, they try to use mmap() again to get the image at the same location, which works on most Unix systems, except for OpenBSD-current...
Re: 3.8 beta requests
On 8/25/05, -f [EMAIL PROTECTED] wrote: hmm, on Tue, Aug 23, 2005 at 09:23:27AM -0700, Raymond Lillard said that Maybe a slogan along the lines of, Is your software good enough for OpenBSD!! Perhaps it could be worked into the release's theme. that is truly a brilliant idea ;-) any artists here? make a designed for puffy logo. first, all of the openbsd related projects could put it on their site. later the porters could ask their ported projects to include the logo on their page (if they deserve it) How about we go Torvalds style and sue motherfuckers for trademark violations if they use it when they don't deserve it. tshirts, mugs, a magazine, a tv show, finally even the HW manufacturers and microsoft would be pressed to redesign their OS to get the seal of quality. and after the planet is conquered, the universe is the limit! ha ha ha! -f (ps. i swear the tagline was generated random!) -- all your base are belong to us. -- John Kintaro Tate Mobile: 0413 348 815 (Yep, old number, but I have a new phone) Attention all Internet users, is life getting you down? Are you so happy you could chainsaw an innocent bystander and LAUGH? Do you believe in God? Do you not believe in God? Have you found yourself stranded on prehistoric Earth for 5 years? If so, if you do anything at all there are people who care at the Kintaro Labs Forum, join now and after you reach 50 posts you get a free OpenBSD shell account! http://labs.kintaro.noobify.com Personal Website: http://kintaro.noobify.com
Re: Complete disk disaster
On Wed, 24 Aug 2005, Stuart Henderson wrote: --On 24 August 2005 10:37 +0200, Ramiro Aceves wrote: pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1489200 of 1489200-1489203 (wd1 bn 1489263; cn 1477 tn 7 sn 6), retrying wd1: soft error (corrected) wd1(pciide0:0:1): timeout type: ata c_bcount: 2048 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1486176 of 1486176-1486179 (wd1 bn 1486239; cn 1474 tn 7 sn 6), retrying wd1: soft error (corrected) [etc] All hard drives have bad blocks, most hard drives now have some spare capacity. As the drive detects bad or failing blocks, the spare blocks are automatically remapped over the bad blocks. This is internal to the drive - by the time you start noticing drive errors, the drive is usually unable to remap any more blocks. smartmontools does a great job of notifying you prior to this occurring. When you startup smartd to alert when S.M.A.R.T attributes change, you can watch the drive slowly die over time. smartmontools is part of the OpenBSD ports tree in case you interested in giving it a spin. Sometimes the manufacturer's drive-test tools can be useful (Hitachi/IBM's DFT can do some basic tests on drives from other manufacturers too). There's also a commercial program Spinrite which claims to have good stress-tests.
Re: 3.8 beta requests
On Wednesday 24 August 2005 10:56, Marc Espie wrote: On Wed, Aug 24, 2005 at 08:09:36AM -0500, Dave Feustel wrote: On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote: A few things that get bitten are some packages doing their own and very different memory management, but can't avoid malloc altogether. That is ports/lang/clisp, that seems to be also gprolog Can you describe how these programs manage to seg fault doing their memory management? How do they run now if they don't use malloc? -- Those programs use mmap() to create their basic image and fill it in. Then on a later invocation, they try to use mmap() again to get the image at the same location, which works on most Unix systems, except for OpenBSD-current... In other words, now in OpenBSD 3.8, all addresses within an mmap'd region have to be treated as relative to the base address of the region if the region is mapped more than once? -- Tired of having to defend against Malware? (You know: trojans, viruses, SPYWARE, ADWARE, KEYLOGGERS, rootkits, worms and popups) Then Switch to OpenBSD with a KDE desktop!!!
IPsec / routing problem in OpenBSD 3.7
Hello! I'm having troubles with IPsec, but I'm not really sure whether it's an IPsec issue, a routing problem or just that I'm missing something big, very big... So any help is more than welcome! Here's the setup: PC_A is acting as a NAT gateway with three network cards. sis0 goes to an ADSL modem, sis1 talks to the local internal network (192.168.0.0/24). I have another office on the other side of the road with its own network (192.168.3.0/24 on rl0), gateway is 192.168.3.254 (PC_B). The rl1 card (10.0.0.6) is connected to a WiFi client whis in turn is bridged to a WiFi AP and finally to the sis2 card (10.0.0.1) on PC_A. sis0 --- ADSL MODEM | *PC_A* sis2 --- AP - WiFi - AP --- rl1 *PC_B* rl0 --- Client1 | sis1 --- 192.168.0.0/24 LAN Perhaps you already see where I'm going: I need to secure the connection between PC_A (on its 10.0.0.1 interface) and everything that's going to PC_B and to the LAN behind it (192.168.3.254). No, I don't need to tunnel the two subnets (192.168.0.0 and .3.0) together. They can live separated, as far as the remote office LAN (.3.0) can access the server and access the Internet. Both PC_A and PC_B are running on OpenBSD 3.7. So, I boot up PC_B and manually add the default route (it's fresh out of an install, so I still do it by hand): # route add 0/0 10.0.0.1 # route show -inet Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.0.0.1 UGS 09 - rl1 10.0.0.0/29link#2 UC 00 - rl1 10.0.0.1 00:09:5b:XX:XX:XX UHLc05 - rl1 loopback localhost UGRS00 33224 lo0 localhost localhost UH 00 33224 lo0 192.168.3/24 link#1 UC 00 - rl0 192.168.3.70 00:50:fc:XX:XX:XX UHLc0 309 - rl0 BASE-ADDRESS.MCAST localhost URS 00 33224 lo0 PLEASE NOTE : I posted all configuration info at the end of the message Next, Client1 can ping (obviously!) its default gateway (192.168.3.254), the rl1 card (10.0.0.6), the machine on the other side of the road (10.0.0.1 and 192.168.0.254) and, of course, google.com. Yes, there are two separate NAT rules (one for each internal network) and yes, PC_A has the routes to the remote network 192.168.3.0/24. So far, so good. Now I start isakmpd on both machines. This is what happens: 1) From Client1, I cannot ping its default gateway (.3.254) anymore. No ping replies. ssh connection is frozen. 2) If I run a tcpdump -i rl1, I see that the pings from Client1 to PC_B are *routed* to PC_A!! Of course, PC_A doesn't know what to do with them; something is getting back, however (encrypted) : # tcpdump -i rl1 17:54:15.803747 esp 10.0.0.6 10.0.0.1 spi 0x1F3A4307 seq 70 len 132 (DF) 17:54:15.810208 esp 10.0.0.1 10.0.0.6 spi 0x8A4C7C72 seq 58 len 132 (DF) 3) If Client1 pings 192.168.0.254 (on PC_A) or any other machine in PC_A's internal subnet, I get replies (encrypted through the tunnel). 4) If Crrlient1 pings www.google.com, I get replies (encrypted). 5) If I ssh on PC_A (10.0.0.1) and from there ping 10.0.0.6, the pings are unencrypted: 18:04:28.631809 10.0.0.1 10.0.0.6: icmp: echo request 18:04:28.631898 10.0.0.6 10.0.0.1: icmp: echo reply But I guess this was to be expected according to the way I set up the tunnel. 6) Not all of PC_B 's traffic is going through the tunnel; for example, DNS queries are still in clear: tcpdump: listening on rl1, link-type EN10MB 18:09:53.547812 esp 10.0.0.6 10.0.0.1 spi 0x33FDCE18 seq 84 len 148 (DF) [tos 0x10] 18:09:53.555414 esp 10.0.0.1 10.0.0.6 spi 0xFB1721D2 seq 64 len 100 (DF) [tos 0x10] 18:09:53.557740 esp 10.0.0.1 10.0.0.6 spi 0xFB1721D2 seq 65 len 148 (DF) [tos 0x10] 18:09:53.558698 esp 10.0.0.6 10.0.0.1 spi 0x33FDCE18 seq 85 len 100 (DF) [tos 0x10] 18:09:54.135727 10.0.0.6.27192 ns3.XXX.domain: 40783+ PTR? 1.0.0.10.in-addr.arpa. (39) 18:09:54.164014 esp 10.0.0.6 10.0.0.1 spi 0x33FDCE18 seq 86 len 148 (DF) [tos 0x10] 18:09:54.175462 esp 10.0.0.1 10.0.0.6 spi 0xFB1721D2 seq 66 len 148 (DF) [tos 0x10] 18:09:54.176541 esp 10.0.0.6 10.0.0.1 spi 0x33FDCE18 seq 87 len 100 (DF) [tos 0x10] 18:09:54.18 esp 10.0.0.1 10.0.0.6 spi 0xFB1721D2 seq 67 len 180 (DF) [tos 0x10] 18:09:54.186064 10.0.0.1 10.0.0.6: icmp: echo request 18:09:54.186149 10.0.0.6 10.0.0.1: icmp: echo reply 18:09:54.186561 esp 10.0.0.6 10.0.0.1 spi 0x33FDCE18 seq 88 len 100 (DF) [tos 0x10] 18:09:54.189521 ns3.tin.it.domain 10.0.0.6.27192: 40783 NXDomain* 0/1/0 (99) 18:09:54.191344 10.0.0.6.30665 ns3.XXX.domain: 59489+ PTR? 6.0.0.10.in-addr.arpa. (39) 18:09:54.195008 esp 10.0.0.1 10.0.0.6 spi 0xFB1721D2 seq 68 len 196 (DF) [tos 0x10] 18:09:54.196155 esp 10.0.0.6 10.0.0.1 spi 0x33FDCE18 seq 89 len 100 (DF) [tos
Re: 3.8 beta requests
A few things that get bitten are some packages doing their own and very different memory management, but can't avoid malloc altogether. That is ports/lang/clisp, that seems to be also gprolog Can you describe how these programs manage to seg fault doing their memory management? How do they run now if they don't use malloc? Most of those that fail assume that if malloc returns a predictable memory address sequence. Not even emacs does that (and you don't want to hear that rant :)
3.8 snapshot laptop sleep issues
Running today's snapshot on an old laptop (Dell Latitude PPL), and I put the cover down to see if it would go to sleep and wake up properly. After it went to sleep, I opened the laptop back up, and it started to come back alive, but the screen stayed blank. I couldn't switch virtual consoles. Reset the machine. Nothing odd showed up in the logs, except that wd0 was not properly unmounted. Any way to start debugging this? -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org
Re: LSI Logic Ultra320 Scsi Raid Card
If you guys care about this diff making 3.8 I suggest that someone sends me some feedback. /marco On Tue, Aug 23, 2005 at 12:19:11PM -0500, Marco Peereboom wrote: Note that pcidevs_data.h and pcidevs.h are part of the diff. I did this for easy patching and testing. Give it a go and let me know if it works. /marco Index: ami_pci.c === RCS file: /cvs/src/sys/dev/pci/ami_pci.c,v retrieving revision 1.29 diff -u -r1.29 ami_pci.c --- ami_pci.c 15 Aug 2005 23:22:46 - 1.29 +++ ami_pci.c 23 Aug 2005 17:15:36 - @@ -87,6 +87,7 @@ AMI_CHECK_SIGN | AMI_BROKEN }, { PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_MEGARAID, 0 }, { PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_MEGARAID_320, 0 }, + { PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_MEGARAID_3202E, 0 }, { PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SATA8, 0 }, { 0 } }; Index: pcidevs === RCS file: /cvs/src/sys/dev/pci/pcidevs,v retrieving revision 1.908 diff -u -r1.908 pcidevs --- pcidevs 23 Aug 2005 03:31:34 - 1.908 +++ pcidevs 23 Aug 2005 17:15:39 - @@ -2054,6 +2054,7 @@ product SYMBIOS FC919_1 0x0625 FC919 product SYMBIOS MEGARAID 0x1960 MegaRAID product SYMBIOS MEGARAID_320 0x0407 MegaRAID 320 +product SYMBIOS MEGARAID_3202E 0x0408 MegaRAID 320-2E product SYMBIOS SATA80x0409 MegaRAID SATA 8x /* Packet Engines products */ Index: pcidevs.h === RCS file: /cvs/src/sys/dev/pci/pcidevs.h,v retrieving revision 1.909 diff -u -r1.909 pcidevs.h --- pcidevs.h 23 Aug 2005 03:31:53 - 1.909 +++ pcidevs.h 23 Aug 2005 17:15:44 - @@ -2059,6 +2059,7 @@ #define PCI_PRODUCT_SYMBIOS_FC919_1 0x0625 /* FC919 */ #define PCI_PRODUCT_SYMBIOS_MEGARAID0x1960 /* MegaRAID */ #define PCI_PRODUCT_SYMBIOS_MEGARAID_3200x0407 /* MegaRAID 320 */ +#define PCI_PRODUCT_SYMBIOS_MEGARAID_3202E 0x0408 /* MegaRAID 320-2E */ #define PCI_PRODUCT_SYMBIOS_SATA8 0x0409 /* MegaRAID SATA 8x */ /* Packet Engines products */ Index: pcidevs_data.h === RCS file: /cvs/src/sys/dev/pci/pcidevs_data.h,v retrieving revision 1.908 diff -u -r1.908 pcidevs_data.h --- pcidevs_data.h23 Aug 2005 03:31:53 - 1.908 +++ pcidevs_data.h23 Aug 2005 17:15:49 - @@ -5923,6 +5923,10 @@ MegaRAID 320, }, { + PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_MEGARAID_3202E, + MegaRAID 320-2E, + }, + { PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SATA8, MegaRAID SATA 8x, },
Re: Problems with pf+nat+some websites
On Wed, 24 Aug 2005, Nick Holland wrote: Guido Tschakert wrote: Jonathan Schleifer wrote: I don't see where you set the MTU/MSS? Are you sure you have set them somewhere else? eBay is known to have problems with bad/wrong MTU/MSS. Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding -mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!], section MTU/MSS ISSUES. Hello Jonathan, nice try, but i Don't use pppoe. We have a DSL-Router from our providewr and as I mentioned before, we had no Problems with the cisco-router doing the firewall job (Nat). so, yes you DO use PPPoE. DSL systems VERY often have a smaller-than-possible MTU. This often causes problems much like you describe. Just set it in your hostname.if file. Google for simple ping tests to find the maximum MTU you can use in your precise case...and see if setting the firewall accordingly solves your problem. Nick. Just a note -- Brendan Gregg came up with a perl script to test MTU issues: http://users.tpg.com.au/adsln4yb/Perl/mtufinder If you want to test the entire spectrum of MTU/TCP MSS values, you will need to adjust the while loop.
Re: 3.8 beta requests
The real problem is people who encounter a problem and fail to report it. They just think this is crap and go on to something else. I think the developers need to address the problems that get brought up, too. I took the time to post a complete bug report (good and failing dmesg) about a bug that made an(4) crash the kernel and not boot 3.7 to misc@ and bugs@, then later sent it to the maintainer (mickey) , and got nothing each time, not even a yeah, okay we got it or take a look in this part of the code or try this message. It was very frustrating to try and make things better and get ignored. -- Hardware, n.: The parts of a computer system that can be kicked.
OpenBSD 3.8 negative free space (?WTF?)
Hrm, I was installing the mono port and I ran into an error. The error was simple and we all know what it means. Trying 62.243.72.50... Unimplemented command. 61% |**| 8922 KB04:55 ETA /: write failed, file system is full So I did the next thing that comes naturally, I aborted and did a df -h... # df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/wd0a 787M778M -30.6M 104%/ WTF is going on here? -30.6M sounds kinda weird. -- John Kintaro Tate Mobile: 0413 348 815 (Yep, old number, but I have a new phone) Attention all Internet users, is life getting you down? Are you so happy you could chainsaw an innocent bystander and LAUGH? Do you believe in God? Do you not believe in God? Have you found yourself stranded on prehistoric Earth for 5 years? If so, if you do anything at all there are people who care at the Kintaro Labs Forum, join now and after you reach 50 posts you get a free OpenBSD shell account! http://labs.kintaro.noobify.com Personal Website: http://kintaro.noobify.com
Re: 3.8 snapshot laptop sleep issues
On Wednesday 24 August 2005 12:31, Will H. Backman wrote: Running today's snapshot on an old laptop (Dell Latitude PPL), and I put the cover down to see if it would go to sleep and wake up properly. After it went to sleep, I opened the laptop back up, and it started to come back alive, but the screen stayed blank. I couldn't switch virtual consoles. Reset the machine. Nothing odd showed up in the logs, except that wd0 was not properly unmounted. Any way to start debugging this? -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org Did you try pushing the on/off switch for 5 seconds? That will turn the laptop off unconditionally and you can turn it back on for a reboot. -- Tired of having to defend against Malware? (You know: trojans, viruses, SPYWARE, ADWARE, KEYLOGGERS, rootkits, worms and popups) Then Switch to OpenBSD with a KDE desktop!!!
Re: 3.8 snapshot laptop sleep issues
-Original Message- From: Dave Feustel [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 24, 2005 2:29 PM To: Will H. Backman Cc: misc@openbsd.org Subject: Re: 3.8 snapshot laptop sleep issues On Wednesday 24 August 2005 12:31, Will H. Backman wrote: Running today's snapshot on an old laptop (Dell Latitude PPL), and I put the cover down to see if it would go to sleep and wake up properly. After it went to sleep, I opened the laptop back up, and it started to come back alive, but the screen stayed blank. I couldn't switch virtual consoles. Reset the machine. Nothing odd showed up in the logs, except that wd0 was not properly unmounted. Any way to start debugging this? -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org Did you try pushing the on/off switch for 5 seconds? That will turn the laptop off unconditionally and you can turn it back on for a reboot. -- Tired of having to defend against Malware? (You know: trojans, viruses, SPYWARE, ADWARE, KEYLOGGERS, rootkits, worms and popups) Then Switch to OpenBSD with a KDE desktop!!! My problem was not with trying to reboot. My problem was that the system didn't log anything in dmesg or syslog. I didn't even see any traces that it had gone to sleep in the logs. When the laptop woke up, the network cards also woke up. It was just that the screen was blank. I didn't know if there were any other places to look for logs or other error messages.
Re: Problems with pf+nat+some websites
nice try, but i Don't use pppoe. We have a DSL-Router from our providewr and as I mentioned before, we had no Problems with the cisco-router doing the firewall job (Nat). so, yes you DO use PPPoE. Not necessarily, it could be in bridged mode. --Bryan
Re: OpenBSD 3.8 negative free space (?WTF?)
On 2005-08-24 20:21, John Kintaro Tate wrote: Hrm, I was installing the mono port and I ran into an error. The error was simple and we all know what it means. Trying 62.243.72.50... Unimplemented command. 61% |**| 8922 KB04:55 ETA /: write failed, file system is full So I did the next thing that comes naturally, I aborted and did a df -h... # df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/wd0a 787M778M -30.6M 104%/ WTF is going on here? -30.6M sounds kinda weird. I might be dead wrong here but I think that some space is reserved for root or some such. -- Erik Wikstrvm
Re: isakmp vpn configuration
--- Quoting Daniel Eyholzer on 2005/08/24 at 08:33 +0200: Yes, I have tried to filter on VPN client ip addresses on the enc0 interface. This works, but the problem is that not all users should be allowed to do the same things. Since the VPN client ip address can be chosen arbitrary on the VPN client, the user can chose an ip address that is allowed to do what he wants to do. Therefore it is not secured, the user has just to know which ip address has full access, and he can access all he wants on all vlans. You definitely want to setup a policy then and to use x509 certs for client authentication. Create a policy that delegates to sub policies for each client. The licensees of each sub policy should match the distinguished name of the client's key. Specify the appropriate remote_filter/local_filter options in the policy as well. Obviously this doesn't scale so well for large numbers of users. Check out the isakmpd.policy(5) man page for all the details. .joel
Re: OpenBSD 3.8 negative free space (?WTF?)
Hrm, I was installing the mono port and I ran into an error. The error was simple and we all know what it means. Trying 62.243.72.50... Unimplemented command. 61% |**| 8922 KB04:55 ETA /: write failed, file system is full So I did the next thing that comes naturally, I aborted and did a df -h... # df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/wd0a 787M778M -30.6M 104%/ WTF is going on here? -30.6M sounds kinda weird. See the FAQ. -- I don't want the world, I just want your half.
Re: OpenBSD 3.8 negative free space (?WTF?)
John Kintaro Tate wrote: [snip] So I did the next thing that comes naturally, I aborted and did a df -h... # df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/wd0a 787M778M -30.6M 104%/ WTF is going on here? -30.6M sounds kinda weird. http://www.openbsd.org/faq/faq14.html#NegSpace /Sigfred
Re: OpenBSD 3.8 negative free space (?WTF?)
WTF is going on here? -30.6M sounds kinda weird. Yup it's true. OpenBSD has put everything in the FAQ. http://www.openbsd.org/faq/faq14.html#NegSpace :-) --Bryan
Re: proper way to format/use floppies (i386)
On Wed, 24 Aug 2005 16:13:08 +0200, Michael Adam [EMAIL PROTECTED] wrote: Jonathan Schleifer [EMAIL PROTECTED] wrote: Michael Adam [EMAIL PROTECTED] wrote: which is the right or preferred way to do so (since there are, as I pointed out several possible ways). I already answered that before: Jonathan Schleifer [EMAIL PROTECTED] wrote: Floppies usually don't have a partition table nor a disk label, so just newfs fd0c and you should be fine. Well yes, it is working. But still: The floppy does have a disklabel which does only have partition c by default. And it seems strange to me, that I should create a filesystem on a partition c. And even stranger, this file system can afterwards be accessed through partition a which does not even show up in the disklabel. What puzzles me even more is the fact, that in the boot Absolute OpenBSD by Michael W. Lucas, it is said on page 310, that FFS file systems need a valid partition table on every disk and then the author desribes the following steps: # disklabel -w /dev/rfd0c floppy # newfs /dev/rfd0c which yields a disklabel with overlapping partitions, and disklabel -E fd0 tells me that the disklabel has an error an offers me to disable one partition or the other... These are the reasons why I was not completely content with your short an simple answer. (I do favor simple solutions, of course!) You also heart this from others. So it's not that your main question got lost ;). Not on your side anyway... ;-) Cheers, Michael Hi Michael, As far as I can tell, you basically asked for the right or preferred way of putting a filesystem onto a floppy The best answer I know is fdformat. It works. It's simple and it's the most commonly accepted way to do what you asked. If by chance you are asking a different question, then unfortunately no one on the list is actually understanding what you really want. JCR
Re: OpenBSD 3.8 negative free space (?WTF?)
It's in the FAQ, specifically http://www.openbsd.org/faq/faq14.html#NegSpace John Kintaro Tate wrote: Hrm, I was installing the mono port and I ran into an error. The error was simple and we all know what it means. Trying 62.243.72.50... Unimplemented command. 61% |**| 8922 KB04:55 ETA /: write failed, file system is full So I did the next thing that comes naturally, I aborted and did a df -h... # df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/wd0a 787M778M -30.6M 104%/ WTF is going on here? -30.6M sounds kinda weird.
Re: OpenBSD 3.8 negative free space (?WTF?)
Okay. I am wondering where all the space nicked off to, since I only installed it not long ago. I havn't run out of space on a system for a long time, how do I figure out what the biggest files and stuff are again? Thanks in advance. Kintaro. On 8/25/05, Bryan Irvine [EMAIL PROTECTED] wrote: WTF is going on here? -30.6M sounds kinda weird. Yup it's true. OpenBSD has put everything in the FAQ. http://www.openbsd.org/faq/faq14.html#NegSpace :-) --Bryan -- John Kintaro Tate Mobile: 0413 348 815 (Yep, old number, but I have a new phone) Attention all Internet users, is life getting you down? Are you so happy you could chainsaw an innocent bystander and LAUGH? Do you believe in God? Do you not believe in God? Have you found yourself stranded on prehistoric Earth for 5 years? If so, if you do anything at all there are people who care at the Kintaro Labs Forum, join now and after you reach 50 posts you get a free OpenBSD shell account! http://labs.kintaro.noobify.com Personal Website: http://kintaro.noobify.com
Re: OpenBSD 3.8 negative free space (?WTF?)
On 8/24/05, John Kintaro Tate [EMAIL PROTECTED] wrote: Hrm, I was installing the mono port and I ran into an error. The error was simple and we all know what it means. Trying 62.243.72.50... Unimplemented command. 61% |**| 8922 KB04:55 ETA /: write failed, file system is full So I did the next thing that comes naturally, I aborted and did a df -h... # df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/wd0a 787M778M -30.6M 104%/ WTF is going on here? -30.6M sounds kinda weird. Read a FAQ for most any UNIX filesystem. Greg
Re: OpenBSD 3.8 negative free space (?WTF?)
On Wed, Aug 24, 2005 at 08:56:32PM +0200, Erik Wikstrvm wrote: On 2005-08-24 20:21, John Kintaro Tate wrote: Hrm, I was installing the mono port and I ran into an error. The error was simple and we all know what it means. Trying 62.243.72.50... Unimplemented command. 61% |**| 8922 KB 04:55 ETA /: write failed, file system is full So I did the next thing that comes naturally, I aborted and did a df -h... # df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/wd0a 787M778M -30.6M 104%/ WTF is going on here? -30.6M sounds kinda weird. I might be dead wrong here but I think that some space is reserved for root or some such. ~5% to be exact. -- Erik Wikstrvm -- BOFH excuse #172: pseudo-user on a pseudo-terminal
ftp.openbsd.org
hi there, what is happening with ftp.openbsd.org? it stalls the downloads every couple of minutes. 53% [== ] 19,162,576 6.98K/s ETA 38:08 and just hangs. then starts again, then hangs... anybody else experiencing this? -f -- it takes about ten years to get used to how old you are.
Re: OpenBSD 3.8 negative free space (?WTF?)
On Wednesday 24 August 2005 03:25 pm, John Kintaro Tate wrote: Okay. I am wondering where all the space nicked off to, since I only installed it not long ago. I havn't run out of space on a system for a long time, how do I figure out what the biggest files and stuff are again? Thanks in advance. Kintaro. man find (Hint: see the -size option)
Re: IPsec / routing problem in OpenBSD 3.7
--- Quoting [EMAIL PROTECTED] on 2005/08/24 at 18:35 +0200: 1) From Client1, I cannot ping its default gateway (.3.254) anymore. No ping replies. ssh connection is frozen. What machine and interface is .3.254 on? From the information below it does not look like it's on PC_B. PC_B is .3.70. 2) If I run a tcpdump -i rl1, I see that the pings from Client1 to PC_B are *routed* to PC_A!! Of course, PC_A doesn't know what to do with them; something is getting back, however (encrypted) : # tcpdump -i rl1 17:54:15.803747 esp 10.0.0.6 10.0.0.1 spi 0x1F3A4307 seq 70 len 132 (DF) 17:54:15.810208 esp 10.0.0.1 10.0.0.6 spi 0x8A4C7C72 seq 58 len 132 (DF) Doubtful. You have no idea what packets are encapsulated here. Do your sniffing on enc0 instead. 6) Not all of PC_B 's traffic is going through the tunnel; for example, DNS queries are still in clear: netstat -rnf encap is your friend. You are not building a phase-2 connection that includes 10.0.0.x so no encryption for you. Same reasoning applies to your ping from 10.0.0.1 to .6. .joel
Re: OpenBSD 3.8 negative free space (?WTF?)
At 02:21 PM 8/24/05, John Kintaro Tate wrote: Hrm, I was installing the mono port and I ran into an error. The error was simple and we all know what it means. Trying 62.243.72.50... Unimplemented command. 61% |**| 8922 KB04:55 ETA /: write failed, file system is full So I did the next thing that comes naturally, I aborted and did a df -h... # df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/wd0a 787M778M -30.6M 104%/ WTF is going on here? -30.6M sounds kinda weird. http://openbsd.default.co.yu/faq/faq14.html#NegSpace
Re: 3.8 beta requests
Hello! On Wed, Aug 24, 2005 at 12:57:27PM -0500, Andrew Dyer wrote: It was very frustrating to try and make things better and get ignored. I can share some frustration. About a year ago, I made a port for erlang (the current port just doesn't work at all, and it's ancient anyway, so *anything* is better than the in-tree port). IIRC got feedback by one other person that it basically works. Nothing got committed, I didn't have the energy to follow on upon it. A few months later, someone asked about erlang, I answered and mailed the port of last summer, then IIRC that someone made an updated port (a newer Erlang release was out, and a few changes in the ports infrastructure) and submitted it. Again, nothing got committed, even though just *anything* would be better than the in-tree port. Kind regards, Hannah.
Re: package installation script hints
On Wed, Aug 24, 2005 at 04:35:13PM -0400, Will H. Backman wrote: 1. Packages get installed in a sub-optimal order. Quite often one package on the list will have already been installed as a dependency. I think my script downloads the redundant package before deciding that it was already installed. Good ways to stop that? Put the full list in the single pkg_add you want to run, this will get sorted appropriately. PKG_PATH=ftplocation pkg_add `cat pkglist` is about what you want.
Re: RSS feed for errata
2005/8/24, Ray Percival [EMAIL PROTECTED]: On Wed, Aug 24, 2005 at 01:03:04AM -0500, Gerardo Santana Gsmez Garrido wrote: 2005/8/24, Gerardo Santana Gsmez Garrido [EMAIL PROTECTED]: This has been discussed before. I think many people here agree this would be very useful. Some has even volunteered to do it, but I haven't found anything in Google about it yet. So, the question is ?has anybody made it?, otherwise, ?is anybody willing to do it? I've just found this from a message by dhartmei in undeadly: http://undeadly.org/cgi?action=errata It seems like a first attempt like Daniel says. Is it going to be improved maintained? Just to know if I should wait for it or start coding it myself. http://www.vuxml.org/ This is what I use. Could use some work but it is up to date and seems to be maintained. That's for ports packages. I'm talking about something similar for the base system. -- Gerardo Santana
Re: BSD PPPoA Hardware
On Tue, Aug 16, 2005 at 01:54:46AM -0700, J.C. Roberts wrote: On Tue, 16 Aug 2005 08:20:33 +0100, Simon Farnsworth [EMAIL PROTECTED] wrote: On Tuesday 16 August 2005 06:34, J.C. Roberts wrote: You seem to be confused on your terms. The term PPPoA means Point-to-Point Protocol over ATM (Asyncronous Transfer Mode). I seriously doubt you're running ADSL over ATM. ;-) Given that G.992 DSL protocols are all ATM physical layers, it's quite likely that he's running PPPoA. The (slight) advantage of PPPoA over PPPoE for ADSL is twofold: firstly, the MTU is slightly larger. Secondly, there's one less encapsulation layer involved; PPPoE on ADSL is in fact PPP over Ethernet over ATM. If you don't believe that ADSL is an ATM physical layer, go read G.992.1 (the international ADSL standard), or a manufacturer's spec sheet (like http://www.draytek.co.uk/products/vigor2600plus.html), where it explicitly refers to ATM Protocols. Great info Simon, thank you. All the DSL modems I've seen here in the USA are ethernet based on the user side and as misfortune would have it, many providers *require* using their particular modem, so the user side of it is all that matters. i wonder if that's s/require/only support/ eg, others will work, but don't expect to be able to call anyone and get a yes that will work, here's what you need it to configure it as blahblah, but that doesn't preclude the modem from being able to function on the network just fine. i haven't shopped around, but i imagine that a DSL modem on the market for end-users to buy would probably not be very successful unless it supported the standard suite/combination of parameters that the DSLAM you're below is going to expect. modems i have PPPoA experience with (second-hand, as the portion of the network i'm on is not PPPoA): speedstream 5930, 5861, 5667, 5200, dlink 504, 3com 812. the 5667 was a trooper, but had limited ability to do inbound forwarding (eg, rdr in pf). the 5200s had a better firmware but weren't as reliable in poor line condition situations (just fine if line isn't marginal) and had no activity LED, and used DSL to indicate both sync with dslam (solid green), training/losing sync (slow blink), no sync (off) and activity (fast blink). kinda ambiguous. the 5861 is cute because it has a CLI and 4 ports, but the services it provides are probably of no value to someone running any unix/linux. the 5930 has IPsec crapola, but again, what value is that to someone who has isakmpd? (outside of being able to avoid NAT-T... woo) i'm willing to be wrong, but i would imagine that if you find a thingy that says it is an A) DSL Modem who B) supports PPPoA, and you get DSL from the ISP and they use PPPoA, it'll only be a matter of getting the right configuration. the hardest thing would be to know the PVC that you should program into the modem so that it matches the cross connect on your port on the DSLAM you're on. tech support *should* be able to answer that, i hope. eg: hi, i'm going through the setup of my DSL modem, and i've got it all sorted out, except i forgot what VPI/VCI to put in here there's at least some chance they won't ask you what modem you're using, etc; at that point you have a potential to be a 30 second call for them. that's pure gold. the thread has kinda gone this way already, but i believe the only way you can get true i don't have NAT on PPPoA, outside of getting a business class service plan (or anything else with static IP WAN and LAN allocations) is going to have to end up with you running PPP daemon/process on your machine. for it to leave your PC to the modem as ATM would be a rare hardware combination. outside of a niche market, it would probably be rare to find one that didn't take a phone cord coming in and an ethernet cord going out. it's possible i suppose there could be a It's all been consumer grade kit, even though a lot of it is in business use, none the less, I have not seen a DSL modem with ATM on the user side (probably because it would be pointless to make it that way). Assuming you don't have a provider requirement of using their specified DSL modem, it may be possible to use OpenBSD as a *replacement* for the DSL modem itself. I know we've got some degree of ATM support but I don't know how well (or if) all the other needed stuff works. that would be Kind Regards, JCR - [ openbsd 3.7 GENERIC ( jul 12 ) // i386 ]
Re: BSD PPPoA Hardware
On Wed, Aug 24, 2005 at 09:55:50PM -0600, jared r r spiegel wrote: take a phone cord coming in and an ethernet cord going out. it's possible i suppose there could be a please forget this train of thought. it may be possible to use OpenBSD as a *replacement* for the DSL modem itself. I know we've got some degree of ATM support but I don't know how well (or if) all the other needed stuff works. that would be that would be me hitting send instead of postpone.. sigh. anyway, that would be hot. before i do any more damage...^[ -- jared
Re: 3.8 beta requests
Hi Art, On 24/08/2005, at 9:38 PM, Artur Grabowski wrote: Genadijus Paleckis [EMAIL PROTECTED] writes: Theo de Raadt wrote: Oh well -- we've decided that we will try to ship with this protection mechanism in any case, and try to solve the problems as we run into them. Is that means that 3.8 might be unstable ? Maybe all who wants/needs stable systems need to run 3.7 ? Yes, it means you should switch to linux because it's stable and never does anything to rock the boat. sigh. It's comments like this that convince me that I should never tell anyone about what I'm developing, how it works and what effects it might have. Anything you say will be used against you. I'm excited by these further stability and security enhancing changes. However Genadijus only asked questions. He did not make a statement. Seems like pretty innocent questions to me that are easily answered here by those that know. And what is wrong with that? Shane