some perl to aid in creating custom kernels
I call it 'ink'. I see these devices in dmesg, but they aren't in GENERIC. $ ink F GENERIC aoa0 at macobio0 offset 0x1: irq 30,1,2 iic0 at ki2c0 iic1 at pi2c0 iic2 at ki2c1 maxtmp0 at iic1 addr 0xc8: max6642 cardslot? Do I have that? $ ink dev cardslot $ no. $ ink o pci .hci What all .hci at pci do I have? ohci0 at pci1 dev 24 function 0 Apple Intrepid USB rev 0x00: irq 0, version 1.0, legacy support ohci1 at pci1 dev 25 function 0 Apple Intrepid USB rev 0x00: irq 0, version 1.0, legacy support ohci2 at pci1 dev 26 function 0 Apple Intrepid USB rev 0x00: irq 29, version 1.0, legacy support ohci3 at pci1 dev 27 function 0 NEC USB rev 0x43: irq 63, version 1.0 ohci4 at pci1 dev 27 function 1 NEC USB rev 0x43: irq 63, version 1.0 ehci0 at pci1 dev 27 function 2 NEC USB rev 0x04: irq 63 So, what isn't being used? $ ink f GENERIC ... file begins #! /usr/bin/env perl sub usage { die usage: $0 [dev|o] dev [also match ...]]\n . usage: $0 f config file # find !dmesg devices\n . usage: $0 F config file # find !config devices\n} usage unless @ARGV = 2; usage unless $ARGV[0] =~ /^(dev|o|f|F)$/; package OpenBSD::Devices; use warnings; use strict; sub new { bless [], shift } sub load { my $od = shift; open my $f, /var/run/dmesg.boot or die dmesg.boot open failed: $!; while (readline($f)) { push @$od, $_ if /^[a-z]{2,}\d\b/ } $od } sub device { grep { $_ =~ /^$_[1]/ } @{$_[0]} } sub depends_on { grep { $_ =~ /(?!^)$_[1]/ } @{$_[0]} } package main; use warnings; use strict; use List::Compare; my $dmesg = OpenBSD::Devices-new-load; my $grep = join('|', @ARGV[2..$#ARGV]); if ($ARGV[0] eq 'dev') { for ($dmesg-device($ARGV[1])) { if ($grep) { print if $_ =~ /$grep/; } else { print } } } elsif ($ARGV[0] eq 'o') { for ($dmesg-depends_on($ARGV[1])) { if ($grep) { print if $_ =~ /$grep/; } else { print } } } elsif ($ARGV[0] eq 'f') { open my $f, '', $ARGV[1] or die cannot open: $ARGV[1]: $!; while (readline($f)) { next unless /^([a-z]{2,})[0-9?*]/; next if $dmesg-device($1); print; } close $f; } elsif ($ARGV[0] eq 'F') { open my $f, '', $ARGV[1] or die cannot open: $ARGV[1]: $!; my @d = map { /^([a-z]{2,})\d/; $1 } @$dmesg; my @c; while (readline($f)) { next unless /^([a-z]{2,})[0-9?*]/; push @c, $1; } for (List::Compare-new('-a', [EMAIL PROTECTED], [EMAIL PROTECTED])-get_Lonly) { print $dmesg-device($_); } }
Re: manual vs. crontab execution
As a shot in the dark, it might have something to do with environmental variables or lack thereof. Are you sure everything is setup *exactly* the same? At any rate, that's the first thing that popped into my head. Good luck :) best regards, Reid Nichol --- Peter Bako [EMAIL PROTECTED] wrote: I have a weird problem I cannot find a solution to. I've written a small script (attached below) that I put on the dozen or so systems that I maintain for friends and clients, that daily sends some basic information to my web server. This data is then stored in a MySQL database and viewed via another script. All the systems are running OpenBSD version 3.5 to 3.8, and the one in question here is 3.8. The problem is this. On one remote system (identical in every respect to about 8 others out there), the script when executed manually (either as root or as a non-privileged user) runs normally and uploads its data as it should. However when the cron job hits at midnight the script always fails and without any error message that I can get. As you can see the script is quite simple, the only active component is a call to CURL which hits a specific address. The local log entry lists my error message but $result is always empty so I have no specific error to go by. By looking through the logs of my own web server at the same time that the local log entry is made, I know that the connection to my system is never established. Here is the script: -- #!/bin/sh name=`uname -n` ip=`ifconfig sis0 | grep 'inet ' | awk '{ print $2 }'` space=`df | tail -1 | awk '{ print $4 }'` ver=`uname -r` data=http://xxx.yyy.com/fw/fwin.php?NAME=$nameIP=$ipFREE=$spaceVER=$ver; result=`/usr/local/bin/curl -s $data` case $result in good) `logger Info sucessfully logged!` exit 0 ;; *) `logger Unable to log system info! Error: $result` exit 1 ;; esac - The cron job that launches it is added to root's crontab (crontab -u root -e) and looks like this: - @daily/usr/local/fwreport - I've tried leaving the -s flag off of the CURL call to get some kind of an error out, but whatever might come back does not make it out to the $result variable. Again this identical script works on over a dozen other systems, most totally identical to this unit down to the hardware and OS version, so it has to be more or less correct. Any suggestion, ideas, etc. are appreciated. Peter Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
mod_python on obsd Apache
I'm trying to run mod_python 2.7.11 on OpenBSD's implementation of apache ( 1.3) without any luck. The build went good and all. ./configure --with-apxs=/usr/sbin/apxs make su make install the module would be installed on /usr/lib/apache/modules/mod_python.so as soon as i put in the LoadModule mod_python /usr/lib/apache/modules/mod_python.so (on httpd.conf) and started apache it would say that i need to run configtest so by doing a apachectl configtest i get this: # apachectl configtest Syntax OK Segmentation fault (core dumped) any help would be appreciated. thanks in advance, ed
Re: Custom kernel = sk transmit failures
On 2006/02/26 00:03, David Higgs wrote: My old custom config was for my xl and rl cards, and worked just fine. For the new config, I simply removed the rl references and uncommented the necessary sk ones. See which other devices are mentioned in SEE ALSO in the docs for these and it may give you some clues. Though, diff'ing the dmesg between GENERIC and your custom kernel should have picked this up for you too. Since GENERIC works fine, I am going to stick with that for the time being. Good idea. The only time I've found a custom kernel necessary on a recent OpenBSD is on a system with very restricted RAM (and even then, if there's any possibility of adding RAM, that's usually the better way deal with it) or for adding something like raidframe (in which case, copying GENERIC and adding the single line is usually the safest way). For everything else (disabling devices etc), config(8) should suffice.
Re: pf.conf to log specific but block all
On Sat, Feb 25, 2006 at 10:16:58AM -0600, Harry Putnam wrote: Joachim Schipper [EMAIL PROTECTED] writes: There is a facility on the NETGEAR to send all traffic to an inside machine for whatever reason. Its called a DMZ Server although I don't think that is the normal usage of DMZ, but not experienced enough to know for sure. That would probably send all outside-initiated traffic to your OpenBSD box, from the sound of it. I.e., you will only see the hacks the Netgear would have stopped anyway. Yeah, that what I'm after. As you say further along that will get boring quickly but right now I'm interested to see what is happening at my ssh port. I received 13,000 hits on it over a 5 day period after leaving it open (but with good password) inadvertantly. Oh, SSH scans are all over the net. Setup private keys for login, and only private keys. Add S/KEY capability, if you want to be able to login without carrying a floppy around. SSH is open on all my machines, and - except for one - accepts only private keys (the last one also accepts S/KEY, and functions as a login station for when I'm on the road). At any rate I want to enable that feature and send all traffic to the obsd machine. I want to see more of what is happening at the actual firewall. It has poor logging facilities. None in realtime. And the fastest is daily by mail unless you want to logon to the router and do the cumbersom scanning by eye with the sorry java based interface. However, if I read this, you also want to see the traffic to/from m[1-5,7]. No, I mean yes, but not with current subject of setting up obsd in the way I've been asking about. [...] I hoped someone might provide a rough outline of what something like this would need to look like. [...] 3. There is some stuff that *can* harm you - notably, hacks in response to connections initiated by the machines behind your firewall. The most common form would be yet another problem in a web browser. Your proposed setup would not catch this. 4. Unless you are willing to spend *a lot* of time on the honeypot, reading a good security list (Bugtraq, Full-Disclosure, whatever) will tell you more about where the problems are than reading pf logs. Yes, as you've noted very time consuming and probably a bit over my head as well. All in all, reading the logs daily (which tell you what happened to the stuff that actually got through the firewall) is much more useful. And if you really want more, install Snort. Telling you what packets have been blocked by the firewall is only good for gathering statistics to impress management into letting you buy more toys. Which is a worthy goal, but not a misc@ subject... Well as you've noted, the firewall is turning back the real harmfull stuff, unless I get really stupid inside. (not unheard of here). And being able to read and understand what I'm seeing about traffic coming thru is at present largely over my thick skull. The windows machines inside, like my wifes and 2 that are heavy gauge video edit crunchers, are likely to be the destinations of the kind of stuff you mentioned, but my main desktop is a gentoo linux box running IPtables so I do get to see that traffic. I'm hoping to gain enough from the setup I've asked about so that skull factor gets trimmed down a bit. And eventually setup the OBSD box as you and others have suggested. Between Internet and inside net. Well, doing what you want to do isn't too useful, but quite possible. Make the OBSD machine the so-called DMZ server on the Netgear. Use a pf.conf like the following: set skip on { lo0 } # This is the default, but set it explicitly - there's no reason to # return anything set block-policy drop block in log pass out keep state Then run pflogd(8). You can now analyze the traffic from /var/log/pflog, using tcpdump(8). For added points, install Snort. It will not catch much, seeing as to how outsiders will not be able to establish many connections, but it's a good exercise if you want to go with the setup I proposed earlier, when you are more confident. Joachim
Re: T-shirt query.
On Sun, 26 Feb 2006, Edd Barrett ([EMAIL PROTECTED]) wrote: Whilst browsing fosdem 2004 pics, I saw a t-shirt I like. http://saad.docisland.org/pictures/fosdem2004/files/page11-1008-full.html (far left. Dark with small blue puffy logo) Where can you get this tee? It doesnt appear to be on the t-shirts page. That looks like the Chicks Dig OpenBSD t-shirt to me. http://www.openbsd.org/tshirts.html#16 Steve
Re: T-shirt query.
Edd Barrett [EMAIL PROTECTED] wrote: http://saad.docisland.org/pictures/fosdem2004/files/page11-1008-full.html (far left. Dark with small blue puffy logo) Where can you get this tee? It doesnt appear to be on the t-shirts page. But it is. That's the Chix Dig OpenBSD one. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: T-shirt query.
http://www.openbsd.org/tshirts.html#16 On Sunday 26 February 2006 13:33, Edd Barrett wrote: Hello list, Whilst browsing fosdem 2004 pics, I saw a t-shirt I like. http://saad.docisland.org/pictures/fosdem2004/files/page11-1008-full.html (far left. Dark with small blue puffy logo) Where can you get this tee? It doesnt appear to be on the t-shirts page. Best Regards Edd
Re: Unsafe Sockets
On Sat, 2006-02-25 at 14:13 -0700, Jason Balan wrote: Feb 25 13:53:22 bua2 sendmail[13279]: k1PKrMv5013279: Milter (cvgfilter): local socket name /var/run/cvgfilter/cvgfilter.sock unsafe Feb 25 13:53:22 bua2 sendmail[13279]: k1PKrMv5013279: Milter (cvgfilter): to error state Not sure what permissions are to be on the directories Make sure the milter is starting as non-root, and is not world-writable. Also, I have found it best to setup the socket before starting sendmail, otherwise you get the error you are seeing. Jamie Strandboge
Re: Custom kernel = sk transmit failures
On 2/26/06, Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/02/26 00:03, David Higgs wrote: My old custom config was for my xl and rl cards, and worked just fine. For the new config, I simply removed the rl references and uncommented the necessary sk ones. See which other devices are mentioned in SEE ALSO in the docs for these and it may give you some clues. Though, diff'ing the dmesg between GENERIC and your custom kernel should have picked this up for you too. If you're referring to picking up the appropriate controller/phys (skc and eephy for this card), dmassage handles all that automagically. On the other hand, I might take some time next week to compile a kernel to see if the problem is related to one of the other phys being needed (brgphy and xmphy are referenced). Since GENERIC works fine, I am going to stick with that for the time being. Good idea. The only time I've found a custom kernel necessary on a recent OpenBSD is on a system with very restricted RAM (and even then, if there's any possibility of adding RAM, that's usually the better way deal with it) or for adding something like raidframe (in which case, copying GENERIC and adding the single line is usually the safest way). For everything else (disabling devices etc), config(8) should suffice. Agreed, but I'm building -stable anyways and figure why not? I know better than to expect support for it. I'll see if I can find the time to experiment some more and/or peruse the code for hints. Thanks. --david
Re: Unsafe Sockets
On Sun, 2006-02-26 at 09:11 -0500, James Strandboge wrote: On Sat, 2006-02-25 at 14:13 -0700, Jason Balan wrote: Feb 25 13:53:22 bua2 sendmail[13279]: k1PKrMv5013279: Milter (cvgfilter): local socket name /var/run/cvgfilter/cvgfilter.sock unsafe Feb 25 13:53:22 bua2 sendmail[13279]: k1PKrMv5013279: Milter (cvgfilter): to error state Not sure what permissions are to be on the directories Make sure the milter is starting as non-root, and is not world-writable. Also, I have found it best to setup the socket before starting sendmail, otherwise you get the error you are seeing. To be clear, make sure the socket and directory it is in are not world-writable. Jamie
Re: mod_python on obsd Apache
On 2/26/06, edgar mortiz [EMAIL PROTECTED] wrote: I'm trying to run mod_python 2.7.11 on OpenBSD's implementation of apache ( 1.3) without any luck. The build went good and all. ./configure --with-apxs=/usr/sbin/apxs make su make install the module would be installed on /usr/lib/apache/modules/mod_python.so as soon as i put in the LoadModule mod_python /usr/lib/apache/modules/mod_python.so (on httpd.conf) and started apache it would say that i need to run configtest so by doing a apachectl configtest i get this: # apachectl configtest Syntax OK Segmentation fault (core dumped) any help would be appreciated. thanks in advance, ed I managed to run mod_python several years ago and was pulling my hair out for the better part of a week until I got it working. I never got the dynamic module to work, but was successful in building it into apache statically. Additionally, mod_python requires a separate python installation without thread support. Apache's chroot might cause you further difficulty... Good luck, you might need it. --david
Re: Custom kernel = sk transmit failures
On 2/26/06, Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/02/26 09:32, David Higgs wrote: On 2/26/06, Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/02/26 00:03, David Higgs wrote: My old custom config was for my xl and rl cards, and worked just fine. For the new config, I simply removed the rl references and uncommented the necessary sk ones. See which other devices are mentioned in SEE ALSO in the docs for these and it may give you some clues. Though, diff'ing the dmesg between GENERIC and your custom kernel should have picked this up for you too. If you're referring to picking up the appropriate controller/phys (skc and eephy for this card), dmassage handles all that automagically. You didn't say you booted from GENERIC and then re-ran dmassage, or added skc/eephy, you said I simply removed the rl references and uncommented the necessary sk ones. My apologies for the confusion. I booted from GENERIC and got all my network configs in order before doing anything. Then I ran dmassage -s against the GENERIC config and compared the output with my CUSTOM config to see what changed. I traded rl and rlphy for skc, sk, and eephy.
Re: mod_python on obsd Apache
On Sun, Feb 26, 2006 at 09:53:59AM -0500, David Higgs wrote: I managed to run mod_python several years ago and was pulling my hair out for the better part of a week until I got it working. I never got the dynamic module to work, but was successful in building it into apache statically. Additionally, mod_python requires a separate python installation without thread support. Apache's chroot might cause you further difficulty... These days, you're better off running a standalone python appserver exposing http or scgi [http://www.mems-exchange.org/software/scgi/] and pointing apache at it with mod_proxy or mod_scgi. There's flup [http://www.saddi.com/software/flup/], which gives you a nice threading WSGI engine, and then you can either write your code as a WSGI server or plug in one of the frameworks like web.py, django, whatever, they all serve WSGI. Mod_python, even when it works, is a pretty big memory hog because every apache handler has its own python interpreter.
Re: T-shirt query.
On 2/26/06, Maxim Bourmistrov [EMAIL PROTECTED] wrote: http://www.openbsd.org/tshirts.html#16 On Sunday 26 February 2006 13:33, Edd Barrett wrote: Hello list, Whilst browsing fosdem 2004 pics, I saw a t-shirt I like. http://saad.docisland.org/pictures/fosdem2004/files/page11-1008-full.html (far left. Dark with small blue puffy logo) Where can you get this tee? It doesnt appear to be on the t-shirts page. Best Regards Edd My Bad, I thought that was a big logo. Sorry Regards Edd
Re: mod_python on obsd Apache
On 26/02/06, David Higgs [EMAIL PROTECTED] wrote: On 2/26/06, edgar mortiz [EMAIL PROTECTED] wrote: I'm trying to run mod_python 2.7.11 on OpenBSD's implementation of apache ( 1.3) without any luck. The build went good and all. ./configure --with-apxs=/usr/sbin/apxs make su make install Never tried that combo. modpython 3.2.x and apache2.0 works for me on openbsd3.7 and .8's without any hassle except bumping some semaphores number with sysctl. /Tony
Choosing the right supplier
bestlotus.com Tenders and Contracts Management March 26 - 30,2006 Held at Sheraton Cairo Hotel INTRODUCTION Tenders and contracts management introduction Agooza Police Tower, Nawal St., Third floor Agooza, Giza Egypt. Tel / Fax Cell +20 (2) 7614343 (6 lines) +20 (12) 3228395 - 10% for 10 days early bird - Send 3 take the 4th for free
Re: ADSL modem intern
On Wed, Feb 22, 2006 at 01:17:12PM -0600, Kevin wrote: I'm in the same boat. Actually, I don't really need an internal ADSL modem per se, primarily I just need a managed ADSL device from which I can automatically obtain line quality and carrier loss information via SNMP or a serial port or some other OpenBSD-compatible mechanism. You can't really go wrong with a ZyXEL ADSL router. See http://www.zyxel.co.uk/ Most models support SNMP, sysloging, and a *FULL* telnet interface that can be scripted via expect (an OBSD package) I have a cron job that pings some devices at my ISP, and if that fails, telnet into the router and reset the line/reboot it. You could be more intelligent by using SNMP traps, or tail a syslog file grep for session closing notifications. FWIW, they use a BSD internally and not a Linux, so they are pretty stable. Craig.
Re: mod_python on obsd Apache
thanks for the reply nick! :) anyways I've tried to run httpd under gdb and i came up with this gdb /usr/sbin/httpd (gdb) run -t Starting program: /usr/sbin/httpd -t Syntax OK [New process 9600] Program received signal SIGSEGV, Segmentation fault. _thread_kern_lock (which=-2067247604) at /usr/src/lib/libpthread/uthread/uthread_kern.c:960 960 { I'll try lighttpd and FastCGI thanks, ed On 2/26/06, Nick Guenther [EMAIL PROTECTED] wrote: Debugging the core dump. I don't actually know how to do this myself, but I think gdb(1) and kill -s ABRT ... will help you. Just being able to see the functions being called will give you hints to where to look. Also, don't use mod_python. Set up all your scripts to be executable (chmod +x) and make sure their first line reads #!/usr/sbin/python/python or something, then just use CGI; better yet, get lighttpd and FastCGI. It's very likely that mod_python simply won't work with OpenBSD's apache, since sooo many changes have been made to it. -Kousu On 2/26/06, edgar mortiz [EMAIL PROTECTED] wrote: I'm trying to run mod_python 2.7.11 on OpenBSD's implementation of apache ( 1.3) without any luck. The build went good and all. ./configure --with-apxs=/usr/sbin/apxs make su make install the module would be installed on /usr/lib/apache/modules/mod_python.so as soon as i put in the LoadModule mod_python /usr/lib/apache/modules/mod_python.so (on httpd.conf) and started apache it would say that i need to run configtest so by doing a apachectl configtest i get this: # apachectl configtest Syntax OK Segmentation fault (core dumped) any help would be appreciated. thanks in advance, ed
otherOS is to daemontools as openbsd is to ?
Just curious, I recall hearing there was a clone of daemontools for OpenBSD, what was it called? TIA -- Security Guru for Hire http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
Re: otherOS is to daemontools as openbsd is to ?
Hi! Take look on FAQ pages: http://www.openbsd.org/faq/faq14.html#MountImage On 2/26/06, Travis H. [EMAIL PROTECTED] wrote: Just curious, I recall hearing there was a clone of daemontools for OpenBSD, what was it called? TIA -- Security Guru for Hire http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/. Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov
Re: otherOS is to daemontools as openbsd is to ?
On 2/26/06, vladimir plotnikov [EMAIL PROTECTED] wrote: Take look on FAQ pages: http://www.openbsd.org/faq/faq14.html#MountImage Eh? Disk setup? Anyway, I found 'em, they're called freedt In /usr/ports/sysutils/freedt Thanks anyways -- Security Guru for Hire http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
Re: otherOS is to daemontools as openbsd is to ?
On 2006/02/26 12:26, Travis H. wrote: On 2/26/06, vladimir plotnikov [EMAIL PROTECTED] wrote: Take look on FAQ pages: http://www.openbsd.org/faq/faq14.html#MountImage Eh? Disk setup? that would be daemon tools not daemontools. Anyway, I found 'em, they're called freedt In /usr/ports/sysutils/freedt There's also runit (but freedt is probably more what you're looking for).
Re: mod_python on obsd Apache
On 2/26/06, edgar mortiz [EMAIL PROTECTED] wrote: thanks for the reply nick! :) anyways I've tried to run httpd under gdb and i came up with this gdb /usr/sbin/httpd (gdb) run -t Starting program: /usr/sbin/httpd -t Syntax OK [New process 9600] Program received signal SIGSEGV, Segmentation fault. _thread_kern_lock (which=-2067247604) at /usr/src/lib/libpthread/uthread/uthread_kern.c:960 960 { Ah, threads. Sounds like it's related to what David Higgs said: Additionally, mod_python requires a separate python installation without thread support. I'll try lighttpd and FastCGI Yeah, that would be fun. Remember, too, that if your server is going to be essentially just serving python scripts you can get away with using a hacked SimpleHTTPServer from the python standard lib. That means you need only invoke python one time, and let it's own internal threading module handle the rest. -Nick
Re: dmesg for Phylon 627F-1G + AD3RTLANG
As the dmesg below shows, everything just works. My only complaints thus far are that the board seems to lack a OS visible hardware sensor of any sort (though the BIOS does has an emergency shutdown temperature setting) It is possible it does have some sort of sensor stuff, but that they are not on i2c. Quite a few machines have high address-space isa-based superio chipsets that do contain such support, normally with a few sensors and fans. Most of these chipsets can also make their sensor information available on an i2c bus (ie. the superio chipset acts as a i2c client device), but sometimes vendors fail to wire up their i2c pins to the system i2c bus. When they do wire them up (which they have not on your machine), we are sometimes faced with some i2c devices we don't recognize yet (figuring them out means reading many data sheets, and comparing many values). That is why our non-release code prints full register dumps for any unknown chips. Many of you will have seen such unhandled i2c chips in your i2c scans. Anyone can teach themselves how to figure out what those chips at, it just means you have to make the time like we have.
New message from BancorpSouth
[IMAGE] Dear BancorpSouth Client, This is your official notification from BancorpSouth that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous notifications have been sent to the Billing Contact assigned to this account. As the Primary Contact, you must renew the service(s) listed below or it will be deactivated and deleted. Renew Now your BancorpSouth Bill Pay and Services. If you are not enrolled at Web Banking, please enter your SSN as Username, and account number as Password. SERVICE : BancorpSouth with Bill Pay. Thank you, sincerely, Tricia Doyle Customer Service IMPORTANT CUSTOMER SUPPORT INFORMATION Document Reference: (87051203). ) 2006 BancorpSouth, All Rights Reserved. Member FDIC. Equal Housing Lender. * Please do not reply to this message. For any inquiries, contact Customer Service. [IMAGE][IMAGE]
last minute binary package testing
Hi. As we are closing the the 3.9 release we need to lock the trees, in order to concentrate on testing, and to hunt down more bugs. Because we are really close to the full lock (which means that no fixes will go in), please go ahead and test up-to-date binary packages (there are newer snapshots for slower arches too). Test the applications on different arches and report everything you can. Don't be shy to send a bugreport, it won't hurt anyone. It is also in your interest to fix bugs to make things work for you too. You never know what you'll need in the future, so please spend some of your free time testing packages and applications even if you don't use them (yet). Thank you.
IPv6 question - related to the talk of van hauser at the 22C3
Van Hauser held a speach at the 22C3 about attacking IPv6. He also said that even OpenBSD is affected by some of the attacks. A working stream can be found here: mms://streaming.fem.tu-ilmenau.de/ccc/22c3/2005-12-29_-_22c3_-_Saal4_Attacking_the_IPv6_Protocol_Suite/22c3_saal4_2.wmv If the link wont work: http://22c3.fem.tu-ilmenau.de/index.php?action=ondemand I just like to know if that stuff was fixed or if it will get fixed. Kind regards, Sebastian
pf rdr problem
Hello: I've been trying to diagnose this problem for some time and I can't even get debugging info out of this box. I'm really thinking that I'm missing something simple, but can't see it for the trees. Here's the setup. inet -- andrew -- xander | users I'm trying to setup andrew (OBSD 3.5) as the DMZ (finally getting around to it). Xander (OBSD 3.7) is going to be my webserver, etc box. Please don't say upgrade, that'll happen when 3.9 comes out. Everything is working, NAT, RDR for the other stuff, just not the web server. I've tried some variations for rdr used rdr pass, etc, but nothing in the logs. I use: tcpdump -n -e -ttt -i pflog0 port 80 Which I believe is corrent. But, nothing shows in the logs even though I'm telling pf, pass in log quick ... for port 80. Plus xander is told to let port 80 through and it does so when I plug in his internal address. So, this is a andrew problem. But, this is as far as I've been able to take it. Hopefully, I'm not doing something entirely stupid. Here is xanders pf.conf: incoming_if = ne3 bittorrent = { 49150, 49151, 49152, 49153, 49154, 49155, 49156, 49157, 49158, 49159, 49160, 49161, 49162, 49163, 49164, 49165 } set block-policy return set loginterface $incoming_if scrub in all max-mss 1452 scrub out all max-mss 1452 block log all pass quick on lo0 all pass in on $incoming_if proto tcp from any to any port $bittorrent flags S/SA keep state pass in on $incoming_if proto tcp from any to any port ssh flags S/SA keep state # pass in log quick on $incoming_if proto tcp from any to any port 80 flags S/SA keep state pass out on $incoming_if from any to any flags S/SA keep state Here is andrews pf.conf: # macros int_if = xl0 ext_if = tun0 xander = 192.168.0.2 giles = 192.168.0.1 tcp_services = { 22, 25 } bittorrent = { 49150, 49151, 49152, 49153, 49154, 49155, 49156, 49157, 49158, 49159, 49160, 49161, 49162, 49163, 49164, 49165 } bittorrentstart = 49150 msn = { 6891, 6892, 6893, 6894, 6895, 6896, 6897, 6898, 6899, 6900 } msnStart = 6891 icmp_types = echoreq priv_nets = { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } set block-policy return set loginterface $ext_if scrub in all max-mss 1452 scrub out all max-mss 1452 altq on $ext_if cbq bandwidth 320Kb qlimit 100 queue { std_out, ssh_out, dns_out, tcp_ack_out, btorrent_out, tcp_serv_out } queue std_out bandwidth 40% cbq(default, borrow) queue tcp_serv_out bandwidth 10% cbq(borrow) queue ssh_out bandwidth 10% cbq(ecn, borrow) queue dns_out bandwidth 10% cbq(borrow) queue tcp_ack_out bandwidth 10% cbq(borrow) queue btorrent_out bandwidth 20% cbq(ecn, borrow) altq on $int_if cbq bandwidth 100Mb qlimit 100 queue { std } queue std cbq(default) # nat/rdr nat on $ext_if from $int_if:network to any - ($ext_if) rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 \ port 8021 rdr on $ext_if proto tcp from any to any port $bittorrent - $xander port $bittorrentstart:* # rdr pass on $ext_if proto tcp from any to any port 80 - $xander port 80 rdr on $ext_if proto tcp from any to any port $msn - $giles port $msnStart:* rdr on $ext_if proto tcp from any to any port 49166 - 192.168.0.10 port 49166 rdr on $ext_if proto udp from any to any port 49166 - 192.168.0.10 port 49166 # filter rules block log all pass quick on lo0 all #*** # I tried this with just rdr and rdr without this. Neither worked #pass in log quick on $ext_if proto tcp from any to any port 80 \ #flags S/SA synproxy state queue tcp_serv_out pass in quick on $ext_if proto tcp from any to $xander \ port $bittorrent flags S/SA synproxy state queue btorrent_out pass in quick on $ext_if proto { tcp, udp } from any to $giles \ port $msn flags S/SA synproxy state queue btorrent_out pass in quick on $ext_if proto tcp from any to 192.168.0.10 \ port 49166 flags S/SA synproxy state queue btorrent_out pass in quick on $ext_if proto tcp from any to $ext_if \ port 49166 flags S/SA keep state queue btorrent_out pass in quick on $ext_if proto udp from any to 192.168.0.10 \ port 49166 synproxy state queue btorrent_out pass in quick on $ext_if proto udp from any to $ext_if \ port 49166 keep state queue btorrent_out block drop in log quick on $ext_if from $priv_nets to any block drop out log quick on $ext_if from any to $priv_nets block drop in log quick on $ext_if inet proto tcp from any to ($ext_if) port ssh pass in on $ext_if inet proto tcp from any to ($ext_if) \ port $tcp_services flags S/SA keep state queue tcp_serv_out pass in inet proto icmp all icmp-type $icmp_types keep state queue std_out pass in on $int_if from $int_if:network to any keep state queue std_out pass out on $int_if from any to $int_if:network keep state queue std_out pass in on $int_if from $int_if:network to $int_if:network keep state queue std pass
Re: Anyone see anything overtly obvious in this panic?
Hi Eric. Thanks for your reply. As it turned out, my problems seem to stem from the fact that I thought that disk0:# in the Sun monitor, where # is an integer denoting partition number, were what I needed. When I got strange results, I experimented with various digits to see whether I could hit the right partition and find out what I needed. What you see below was one of several similar attempts. As it turned out, the monitor really wants a letter, not a number, and 0 is not the functional equivalent of a. The fact that I was picking up the boot file and then getting halfway through the boot, then dying, led me astray at first because I figured, Why would it start booting and then lose track of where it was booting *from*? Of course, that's what was happening. So the end result is that I setenv boot-device to disk0:a, and that solves the problem. Uh...mustrememberslices aren't partitions... unh... Thanks again! Dave Klingler --On February 24, 2006 11:04:12 PM -0700 [EMAIL PROTECTED] wrote: Hi everyone. I've been trying to bring up an old Sun Enterprise Ultra 150, with the following results. I keep thinking that there's something obvious staring me in the face, but I don't see it. Can anyone help? Thanks in advance! Dave Klingler Boot device: disk1:3 File and args: OpenBSD IEEE 1275 Bootblock 1.1 .. OpenBSD 3.8 (obj) #1: Thu Sep 1 17:32:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/stand/ofwboot /obj : trying bsd... Booting /[EMAIL PROTECTED],0/SUNW,[EMAIL PROTECTED],880/[EMAIL PROTECTED],0:3/bsd [EMAIL PROTECTED]@[EMAIL PROTECTED] symbols @ 0xffed8280 58+259056+154413 start=0x100 [ using 414176 bytes of bsd ELF symbol table ] console is /[EMAIL PROTECTED],0/[EMAIL PROTECTED],110:a Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.8 (GENERIC) #607: Sat Sep 10 16:03:59 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENER IC total memory = 268435456 avail memory = 234905600 using 1638 buffers containing 13418496 bytes of memory bootpath: /[EMAIL PROTECTED],0/SUNW,[EMAIL PROTECTED],880/[EMAIL PROTECTED],0:3 mainbus0 (root): Sun Ultra 2 UPA/SBus (2 X UltraSPARC 148MHz) cpu0 at mainbus0: SUNW,UltraSPARC @ 148 MHz, version 0 FPU cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 512K external (64 b/ l) timer0 at mainbus0 addr 0xfffc1c00 irq vectors 7f0 and 7f1 sbus0 at mainbus0 addr 0xfffcc000: clock = 25 MHz STC0 on /mainbus enabled DVMA map: ff80 to e000 IOTDB: 1362000 to 1364000 audiocs0 at sbus0 slot 13 offset 0xc00 vector 24 ipl 8 audio0 at audiocs0 auxio0 at sbus0 slot 15 offset 0x190 flashprom at sbus0 slot 15 offset 0x0 not configured fdc0 at sbus0 slot 15 offset 0x140 vector 29 ipl 11: no drives attached clock1 at sbus0 slot 15 offset 0x120: mk48t59: hostid 807e7574 zs0 at sbus0 slot 15 offset 0x110 vector 28 ipl 12 softpri 6 zstty0 at zs0 channel 0 (console i/o) zstty1 at zs0 channel 1 zs1 at sbus0 slot 15 offset 0x100 vector 28 ipl 12 softpri 6 zskbd0 at zs1 channel 0: no keyboard zstty2 at zs1 channel 1: mouse uperf0 at sbus0 slot 15 offset 0x130: model SUNW,sc-mp (0/3) ports 4 SUNW,pll at sbus0 slot 15 offset 0x1304000 not configured esp0 at sbus0 slot 14 offset 0x880 vector 20 ipl 3: dma rev fas esp0: FAS366/HME, 40MHz, SCSI ID 7 scsibus0 at esp0: 8 targets sd0 at scsibus0 targ 1 lun 0: SEAGATE, ST39102LC, 0004 SCSI2 0/direct fixed sd0: 8683MB, 6962 cyl, 12 head, 212 sec, 512 bytes/sec, 17783240 sec total cd0 at scsibus0 targ 6 lun 0: TOSHIBA, XM-5401TASUN4XCD, 3485 SCSI2 5/cdrom re movable hme0 at sbus0 slot 14 offset 0x8c0 vector 21 ipl 6: address 08:00:20:7e:75:7 4 nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 0 SUNW,bpp at sbus0 slot 14 offset 0xc80 vector 22 ipl 2 not configured cgsix0 at sbus0 slot 0 offset 0x0 vector 5 ipl 5: SUNW,501-2325, 1152x900, rev 1 1 wsdisplay0 at cgsix0 wsdisplay0: screen 0 added (std, sun emulation) hme1 at sbus0 slot 2 offset 0x8c0 vector 4 ipl 6: address 08:00:20:7e:75:74 nsphy1 at hme1 phy 1: DP83840 10/100 PHY, rev. 1 esp1 at sbus0 slot 2 offset 0x880 vector 3 ipl 3: dma rev fas esp1: FAS366/HME, 40MHz, SCSI ID 7 scsibus1 at esp1: 8 targets nf at sbus0 class network slot 3 offset 0x7ff0 vector 4 ipl 6 not configured pcons at mainbus0 not configured root on sd0c rootdev=0x07d2 rrootdev=0x11d2 rawdev=0x11d2 panic: cannot open disk, 0x07d2/0x11d2, error 6 kdb breakpoint at 130bca0 Stopped at Debugger+0x4: nop RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb
Re: pf rdr problem
On 2006/02/26 14:13, Reid Nichol wrote: inet -- andrew -- xander | users Everything is working, NAT, RDR for the other stuff, just not the web server. I've tried some variations for rdr used rdr pass, etc, but nothing in the logs. I use: a simple 'tcpdump -n port 80' on xander will show if the packets arrive there or not. Here is andrews pf.conf: rdr pass on $ext_if proto tcp from any to any port 80 - $xander port 80 I couldn't identify whether you were using the 'log' rules to debug where a basic problem with the redirect lies, or whether the problem is that the logging isn't working. But this creates an implicit 'pass' rule so if it's the latter, you probably wanted to write 'rdr pass log'. Just my #0.02, but it's quite a complex ruleset to be looking at while debugging a problem. You might want to simplify and just use the bare minimum rules for the problem you're trying to fix. It might help illuminate the problem and, even if it doesn't, it's easier for people to help if they have fewer rules to read.
Re: IPv6 question - related to the talk of van hauser at the 22C3
On 2006/02/27 00:12, [EMAIL PROTECTED] wrote: Van Hauser held a speach at the 22C3 about attacking IPv6. He also said that even OpenBSD is affected by some of the attacks. A working stream can be found here: or, code is available here: http://www.thc.org/members/vh/thc-ipv6-0.5.tar.gz
PCI-X (not PCI-E) Grafic-Cards?
Does somebody know a PCI-X Graficcard? The only vendor I found is matrox and their cards (a Matrox Parhelia DL256 PCI 256MB DDR) is a littlebit.. too expensiv. I would say ~100EUR max. (the cheaper the card is the happier I`ll be). It does not to have a brand new card or the newest chipset. It should just work and maybe play some videos sometimes, nothing more. Kind regards and thanks for recommendations, Sebastian p.s. Ebay is no solution because most sellers don`t know the difference between PCI-E and PCI-X so you`ll find just crap there. :-/
xchm port
I have installed xchm from a non-offical OpenBSD port. The installation process ran fine, however the program is not running completely fine. When I try to open a .chm document it doesn't open. In the status bar the message connecting... appears and nothing else happens... Has anyone here faced that before? What should I do to solve it? -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
Re: IPv6 question - related to the talk of van hauser at the 22C3
or, code is available here: http://www.thc.org/members/vh/thc-ipv6-0.5.tar.gz Thanks! I forgot to mention the URL wich was presented at the video! :) But I hope the video will be interesting for some peoples too. Best regards, Sebastian
Re: IPv6 question - related to the talk of van hauser at the 22C3
On 26/02/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Van Hauser held a speach at the 22C3 about attacking IPv6. He also said that even OpenBSD is affected by some of the attacks. A working stream can be found here: mms://streaming.fem.tu-ilmenau.de/ccc/22c3/2005-12-29_-_22c3_-_Saal4_Attacking_the_IPv6_Protocol_Suite/22c3_saal4_2.wmv If the link wont work: http://22c3.fem.tu-ilmenau.de/index.php?action=ondemand I just like to know if that stuff was fixed or if it will get fixed. There was nothing specific of OpenBSD in the talk. He briefly mentioned 'OpenBSD, FreeBSD, Linux' being used as firewalls, and said something like 'drop all not affecting IPv6'. For what I know, pf(4) block all rule does block both IPv4 and IPv6 traffic, doesn't it? Moreover, in pf(4) the rules by default are applicable to both IPv4 and IPv6, unless 'af inet' / 'af inet6' modifiers are specifically and _intentionally_ used, or src/dst addresses imply the af modifier. So pf(4) on *BSD is not vulnerable to the described 'lack of attention' firewall vulnerability... OpenBSD seems to have been included in the list merely because it goes as a synonym for a firewall today. :-) What exactly do you want to have fixed? Cheers, Constantine.
Re: otherOS is to daemontools as openbsd is to ?
On Monday 27 February 2006 02:35, Nick Holland wrote: One is GPL'd, the other is entirely unclear what its license is looking at the project's page, google seemed to think it was BSD licensed (as few people try to replicate DJB's work because they don't like his quality, but rather because of his license, or total lack of, I find it strange that the project's home page doesn't say right out, My license terms are linkthis/link). runit is BSD-style licensed. This is not mentioned on the site but it is in the source tarball. --- Lars Hansson
SMP process control
Is there a way to tell a process to switch which processor it's using in the SMP version of the obsd 3.8 system? Also, have there been any efforts into Ethernet device polling in the bge drivers? On a gigabit network the interrupts are eating a large portion of the cpu0 and thought it might help the situation. Thanks Sarge
Re: pf rdr problem [Solved]
Thanks for the tcpdump switches. I don't know what was going on with the switches that I was using, but when I used yours, I started to get debugging info, which revealed some strange behaviour. From there I started to re-read (again) the docs and found and tried TCP Proxying which worked like a charm. Next time I'll try to keep my posted rules to a minimum as requested. Thanks for the help. best regards, Reid --- Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/02/26 14:13, Reid Nichol wrote: inet -- andrew -- xander | users Everything is working, NAT, RDR for the other stuff, just not the web server. I've tried some variations for rdr used rdr pass, etc, but nothing in the logs. I use: a simple 'tcpdump -n port 80' on xander will show if the packets arrive there or not. Here is andrews pf.conf: rdr pass on $ext_if proto tcp from any to any port 80 - $xander port 80 I couldn't identify whether you were using the 'log' rules to debug where a basic problem with the redirect lies, or whether the problem is that the logging isn't working. But this creates an implicit 'pass' rule so if it's the latter, you probably wanted to write 'rdr pass log'. Just my #0.02, but it's quite a complex ruleset to be looking at while debugging a problem. You might want to simplify and just use the bare minimum rules for the problem you're trying to fix. It might help illuminate the problem and, even if it doesn't, it's easier for people to help if they have fewer rules to read. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: IPv6 question - related to the talk of van hauser at the 22C3
On 26/02/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Van Hauser held a speach at the 22C3 about attacking IPv6. He also said that even OpenBSD is affected by some of the attacks. A working stream can be found here: mms://streaming.fem.tu-ilmenau.de/ccc/22c3/2005-12-29_-_22c3_-_Saal4_Attacking_the_IPv6_Protocol_Suite/22c3_saal4_2.wmv If the link wont work: http://22c3.fem.tu-ilmenau.de/index.php?action=ondemand I just like to know if that stuff was fixed or if it will get fixed. There was nothing specific of OpenBSD in the talk. He briefly mentioned 'OpenBSD, FreeBSD, Linux' being used as firewalls, and said something like 'drop all not affecting IPv6'. For what I know, pf(4) block all rule does block both IPv4 and IPv6 traffic, doesn't it? Moreover, in pf(4) the rules by default are applicable to both IPv4 and IPv6, unless 'af inet' / 'af inet6' modifiers are specifically and _intentionally_ used, or src/dst addresses imply the af modifier. So pf(4) on *BSD is not vulnerable to the described 'lack of attention' firewall vulnerability... OpenBSD seems to have been included in the list merely because it goes as a synonym for a firewall today. :-) What exactly do you want to have fixed? In his talk he mentioned FreeBSD as one of the OS he tested and freeBSD use, as far as I know, also KAME. In his sliedes you may see (it`s at the movie after 40m19s) that he said that all OS he tested answered - Fragmentation and followring RA Responding to packets from multicast adresses Responding to packets with multicast destination (FreeBSD/Linux, both use KAME if I`m not wrong) So I would like to know if this is just an OS-specific issue or maybe related to the KAMPE IPv6-Implementation wich is also include in oBSD (if I`m not wrong but I read it somewhere). Because KAME stoped developing I ask myself if oBSD fixed these things or if it`s also an Issue for oBSD. Kind regards, Sebastian
Re: SMP process control
On 2006.02.27, at 1:45 PM, Sgt. Stedenko wrote: Also, have there been any efforts into Ethernet device polling in the bge drivers? On a gigabit network the interrupts are eating a large portion of the cpu0 and thought it might help the situation. http://marc.theaimsgroup.com/?l=openbsd-miscm=114064960816689w=2
thinkpad r51e not bootable
hi list, i just got my thinkpad r51e and tried to install openbsd on it. but it just don't want to boot either the 3.8 or 3.9 (25/2/06) iso. i'll quote now a shortened version of the screen after a normal boot-from-cd: Copyright... OpenBSD 3.9-beta (RAMDISK_CD) #1018: Sat Feb 25 13:29:37 MST 2006 deraadt... cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF real mem = 937902080 ... avail mem = 849911808 ... using 4278 buffers containing 46997504 bytes ... of memory mainbus0 (root) bios0 at mainbus0 AT/286+(f3) BIOS, date 09/30/05, BIOS32 rev. 0 @ 0xfd550 pcibios0 at bios0: rev 2.1 @ 0xfd4e0/0xb20 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde70/320 (18 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1002 product 0x4377 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #5 is the last bus and it stops after this. however, if i do a 'boot -c' and disable pcibios it's booting further but still not complete: mainbus0 (root) bios0 at mainbus0 AT/286+(f3) BIOS, date 09/30/05, BIOS32 rev. 0 @ 0xfd550 pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0xc000 0xcc000/0x1000 0xcd000/0x1600 0xe/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor ATI, unknown product 0x5a31 rev 0x01 ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200M rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ppb1 at pci0 dev 4 function 0 ATI RS480 PCIE rev 0x00 pci2 at ppb1 bus 2 bge0 at pci2 dev 0 function 0 Broadcom BCM5751F rev 0x21, BCM5750 C1 (0x4201): irq 11, address ... brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 at the end there is the (international) sign for women on green background and the machine stops. is there anything else i can disable, so i can boot into the installation? there is some detailed info about the hardware on: http://thinkwiki.org/wiki/Category:R51e thanks, markus
Re: SMP process control
I had already seen that one and didn't find it to be any help. Thanks anyways though for taking the time. The author offers a solution but no explanation. I've tuned many sysctl's and experimented with the mtu's, changing from autoselect to 1000baseT, a few more things. It's two devices acting as a bridge and together they keep a dual opteron system at 70% on CPU0 and the second CPU1 doesn't see any action until CPU0 maxes out. I'd like to change this behaviour. -Sarge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shane J Pearson Sent: Sunday, February 26, 2006 10:46 PM To: misc@openbsd.org Subject: Re: SMP process control On 2006.02.27, at 1:45 PM, Sgt. Stedenko wrote: Also, have there been any efforts into Ethernet device polling in the bge drivers? On a gigabit network the interrupts are eating a large portion of the cpu0 and thought it might help the situation. http://marc.theaimsgroup.com/?l=openbsd-miscm=114064960816689w=2
Re: IPv6 question - related to the talk of van hauser at the 22C3
On 2/26/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On 26/02/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: What exactly do you want to have fixed? In his talk he mentioned FreeBSD as one of the OS he tested and freeBSD use, as far as I know, also KAME. In his sliedes you may see (it`s at the movie after 40m19s) that he said that all OS he tested answered - Fragmentation and followring RA Responding to packets from multicast adresses Responding to packets with multicast destination (FreeBSD/Linux, both use KAME if I`m not wrong) What exactly is wrong with any of those things? Sure I can see how they could be exploited, but they are unavoidable, that's how the protocol is designed, no? Anyway, as mentioned, block in all will catch these. -Nick
Re: SMP process control
Ok, thank you. -Sarge -Original Message- From: Theo de Raadt [mailto:[EMAIL PROTECTED] Sent: Sunday, February 26, 2006 11:33 PM To: Sgt. Stedenko Subject: Re: SMP process control It's not a performance issue, when your machine runs out of oomph to bridge. There seems to be something of a misdesign deep in the bridge code, that makes it block interrupts too long. But there is noone developing on the bridge these days, so all of this is moot. Sorry. Really.