ugen.4 patch

[Graham Gower]

Here's another.
Is misc@ really the right place for silly patches like these?

Graham

--- ugen.4.orig  Sat May 13 16:57:59 2006
+++ ugen.4   Sat May 13 16:58:23 2006
@@ -281,7 +281,7 @@
.Fa interface_desc-*(GtbNumEndpoints .
The
.Fa config_index
-should set to
+should be set to
.Dv USB_CURRENT_CONFIG_INDEX
and
.Fa alt_index

Re: ugen.4 patch

[Jason McIntyre]

On Sat, May 13, 2006 at 05:02:16PM +0930, Graham Gower wrote:
 Here's another.
 Is misc@ really the right place for silly patches like these?
 

you can post doc fixes to bugs@, or mail them directly to me.

 
 --- ugen.4.orig  Sat May 13 16:57:59 2006
 +++ ugen.4   Sat May 13 16:58:23 2006
 @@ -281,7 +281,7 @@
 .Fa interface_desc-*(GtbNumEndpoints .
 The
 .Fa config_index
 -should set to
 +should be set to
 .Dv USB_CURRENT_CONFIG_INDEX
 and
 .Fa alt_index

this one fixed. thanks.
jmc

Porting some IPTables conn_track extension to OpenBSD

[Bruno Carnazzi]

  Hi all,

Dispite this silly object, I'm interesting in porting some iptables
conn_track listed here :
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-5.html.
I'm mostly interested in the pptp conntrack, which I need for my
nat-box. I'd like an advise : what's the most appropriate place to run
such extensions ? If using pf kernel space, the kernel will grow with
many suported protocols.  If using userland proxy and some pf rdr,
it's sometimes ugly : I'm thinking to PPTP, where you need to
configure a target PPTP server per proxy, so you need n proxy for n
target server, which is ugly. On the other hand, ftp-proxy works
great in userland. Or PPPoE which can run in both... Is there a rule
of thumb to determine the good place for some connection
tracking/proxy for a given protocol ?

Best regards,

Bruno.

Re: Firefox keeps crashing

[Leonardo Rodrigues]

Just adding some more info to the topic...
I've had some problems while running Firefox (tried on elightenment
and fvwm) on OpenBSD 3.8-release and OpenBSD 3.9-snapshot from around
february-2006. It was painfully slow, and switching between tabs was
like watching a turtle trying to run.

However, when I switched to 3.9-release and 3.9-snapshot (around
april-2006), the problem was solved, and firefox now runs smooth.
Don't know why though =)

By the way, I find it funny that firefox, being open-source and all
that, initializes slower on Unix machines than on WindowsXP for
example...


--
An OpenBSD user... and that's all you need to know =)

Re: is openntpd 3.9 real?

[Constantine A. Murenin]

On 13/05/06, Matthew R. Dempsky [EMAIL PROTECTED] wrote:

On Sat, May 13, 2006 at 03:44:41AM +0200, Henning Brauer wrote:
 * Matthew R. Dempsky [EMAIL PROTECTED] [2006-05-13 03:00]:
  Will it include the leap second patch Thorsten Glaser posted earlier
  this week?

 no.

Can I ask why his patch has been rejected?


If your question is why it's not included in 3.9, then it's because
OpenNTPD 3.9 is taken from OPENBSD_3_9 branch.

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/

P.S. You didn't really expect a one-week-old new-feature patch to be
incorporated into a release, did you? :)

Re: To forward, or not to forward

[Steve Welham]

   My goal with the bridge is to filter all traffic coming in from the
   outside world, while allowing servers my servers behind the bridge
   to connect freely even if their traffic has to travel out to the
   router and back(keep state?).
 
   My point of confusion is whether or not to turn on forwarding. I
   have heard arguments for both.

I have a transparent bridging firewall setup in the same configuration
on 3.8.. IP forwarding is not enabled and the two bridge interfaces pass
traffic just fine.

Don't enable IP forwarding - you don't need it or want it and it opens
up the opportunity for misconfiguration elsewhere to break the security
on your admin interface. The bridge interface will take care of all your
forwarding needs.

IP forwarding is required if you want your box to route IP packets using
the routing table - this is not relevant to you because your firewall
interfaces do not have IP addresses. Bridging uses a MAC forwarding
database to forward Ethernet frames... IP doesn't even come into it.

Re: PF references

[Bachman Kharazmi]

you used the excellent tools as google and
http://marc.theaimsgroup.com I guess...

I made some searching for you, here you go
http://marc.theaimsgroup.com/?l=openbsd-miscm=114345514930017w=2
http://www.countersiege.com/doc/pfsync-carp/
http://www.unix-tutorials.com/go.php?id=280

/bkw

On 12/05/06, News Collector [EMAIL PROTECTED] wrote:

Hello:

Where (what) is the canonical site (or book) for PF.

Are there any site where talk about PF is a application (like for OS X).


One Last, has anyone done any work on using CARP, I know
synchronizations depends
on similar cpus with similar clocks and constrained  clock drift. Just
wonder.

Raid 1 and 2 Disks: kernel panic with init: not found when reboot into broken mirror

[ip]

Hello misc,

I spent two days to read man and how-tos, but today I don't succeed
again to make raid 1 to work.
I want to install openbsd 3.9 on two ide disks (wd0,wd1) of 10 gb with
raidframe raid 1.
Following the main steps that I have executed:
1. regular installation of openbsd 3.9 on wd0
2. compiled a new kernel with raidframe autoconfigure support
3. reboot with the new kernel into wd0
4. initialized and partitioned wd1

   # fdisk -I wd1
   # disklabel -E wd1

   wd1a 4.2BSD 64MB
   wd1d RAID *

5. make wd1 bootable

   # newfs wd1a
   # mount /dev/wd1a /mnt
   # cp /bsd.raid /usr/mdec/boot /mnt
   # /usr/mdec/installboot -v /mnt/boot /usr/mdec/biosboot wd1
   # umount /mnt

5. realized and initialized the array

   # cat /etc/raid0.conf
   START array
   1 2 0
   START disks
   /dev/wd2d
   /dev/wd1d
   START layout
   128 1 1 1
   START queue
   fifo 100

   # raidctl -C /etc/raid0.conf
   # raidctl -I 060500 raid0
   # raidctl -A root raid0

6. partitioned and populated raid0

   # disklabel -E raid0

raid0a / 4.2BSD
raid0b swap
raid0d /usr 4.2BSD
raid0e /tmp 4.2BSD
raid0f /var 4.2BSD
raid0g /home 4.2BSD

   # for i in a d e f g; do newfs raid0${i}; done

   # mount /dev/raid0a /mnt
   # cd /mnt; mkdir usr tmp var home
   # mount /dev/raid0d /mnt/usr
   # mount /dev/raid0e /mnt/tmp
   etc...

   # (cd /; tar -Xcpf - .) | (cd /mnt; tar -xpf -)
   # (cd /usr; tar -cpf - .) | (cd /mnt/usr; tar -xpf -)
   etc...

   # cat /mnt/etc/fstab

/dev/raid0a / ffs rw 1 1
/dev/raid0d /usr ffs rw 1 2
etc...

Ok...umount all and reboot into broken mirror.
At prompt:

boot wd1a:/bsd


the kernel go up succesfully until I received:

   ...
   Kernelized RAIDFrame activated
   dkcsum wd0 matches BIOS drive 0x80
   dkcsum wd1 matches BIOS drive 0x81
   root on wd1a
   rootdev=0x10 rrootdev=0x320 rawdev=0x312
   warning: /dev/console does not exist
   init: not found
   panic: no init
   ...
   ddb

Well, where I have make a mistake ?

Thanks in andvance and sorry for the english...

--
 ip

Re: PF references

[Morten Liebach]

On 2006-05-12 14:37:07 -0700, News Collector wrote:
 Nick Holland wrote:
 
 Thanks Nick I should have said I checked all the usual suspects.  Sorry.
 News Collector wrote:
 Hello:
 
 Where (what) is the canonical site (or book) for PF.
 
 documentation-wise?
 Yeah
 that would be the OpenBSD man pages.  They are authoritative.  When
 things change, they get updated, or people get beaten.  In particular,
 see pf.conf(5), pfct.(8), pf(4) and the SEE ALSOs in each.
 
 Beyond that, there are several websites and books.  My personal favorite
 website is the OpenBSD website itself, but I may be biased. :)
 
 
 OK what book? I'm a PF users and I used it for non-trivial tasks. So I 
 all (take with gain of salt) most at the level of many docs.
 Also PF is a moving target. I wished (wish is the correct word) all 
 authoritative document. Give to prefect my PF chops.
 
 Are there any site where talk about PF is a application (like for OS X).
 
 probably.  There's a website for just about everything.
 Talk is cheap.
 
 OS X has PF, but there's a interface that limits what you can do. They 
 don't document their interface to it. OS X has lot of fancy way to do 
 trivial thinks you meant not want done.

Mac OS X have ipfw(8) (actually IPFW2) from FreeBSD.  Not PF.

And you can, mostly, override the GUI configuration stuff:
http://www.macdevcenter.com/lpt/a/5719

Have a nice day
 Morten

-- 
http://m.mongers.org/weblog/ -- http://flickr.com/photos/morten_liebach/

pf label issue

[Thomas Börnert]

Hi list,

hy rules:

pass in  quick on $extif ...
pass in  quick on $extif ...
pass out quick on $extif ...
an so on about 100 rules

the order of the rules is optimized
the first rules are the rules with the most
traffic

now a want to do accouting with labels
after this rules i place

pass in  quick on $extif from any to $server1 label in server1
pass out quick on $extif from $server1 to any label out server1

ok, this doesn't work if i've in my 100 of rules
the quick keyword. if i remove the quick
keyword it works. quick in the label rules are ok.

after removing the quick keywords my optimized
order is unprofitable. each packet will be
evalutate in each rule :-(.

is there a way to optimize this construct ?

My next problem is: After adding or removing some
of my rules in pf.conf and reloading pf with pfctl -f pf.conf
the label statistics will be reset :-(. Is there a way
to reload pf.conf without to untouch the statistics
of existing labels ? (the label rules are not changed).

Thanks !

Thomas

-- 
Mit freundlichen Gr|_en
Best regards

Thomas Bvrnert
Geschdftsf|hrer
Senior IT Consultant  Manager
BSI lizenzierter ISO27001 Auditor auf Basis IT-Grundschutz

DO NOT GIVE OUR ADDRESS TO THIRD PARTYS, WE HATE JUNK-MAIL
___
TBits.net GmbH  | Telefon:  +49 (0)7172 18391-0
Thomas Bvrnert  | Telefax:  +49 (0)7172 18391-99
Seeweg 6| Service:  +49 (0)700 TBITSNET
D-73553 Alfdorf | Auto: +49 (0)170 6744415
www.tbits.net   | eMail:[EMAIL PROTECTED]
Key fingerprint = 8602 2EF5 78FD 3C04 B148  2506 5D4F 6A49 E4E2 9D15

Re: To forward, or not to forward

[orlando]

Dear Steve,
   
At the moment, I have forwarding and pf turned off and allowing packets
to flow freely until I can figure out the multiple subnet issue.
The router that handles our subnets is outside of our
network. Somehow the server cannot communicate freely when they
have to send packets out to the router and back in. Any clues on
that?

Thanks to all who have email me so far.

-Orlando

On Saturday, May 13, 2006, Steve Welham wrote:

   My goal with the bridge is to filter all traffic coming in from the
   outside world, while allowing servers my servers behind the bridge
   to connect freely even if their traffic has to travel out to the
   router and back(keep state?).
 
   My point of confusion is whether or not to turn on forwarding. I
   have heard arguments for both.

I have a transparent bridging firewall setup in the same configuration
on 3.8.. IP forwarding is not enabled and the two bridge interfaces pass
traffic just fine.

Don't enable IP forwarding - you don't need it or want it and it opens
up the opportunity for misconfiguration elsewhere to break the security
on your admin interface. The bridge interface will take care of all your
forwarding needs.

IP forwarding is required if you want your box to route IP packets using
the routing table - this is not relevant to you because your firewall
interfaces do not have IP addresses. Bridging uses a MAC forwarding
database to forward Ethernet frames... IP doesn't even come into it.




-- 
Best regards,

Orlando L. Castro

Re: security bug in x86 hardware (thanks to X WIndows)

[Ed White]

It seems XFree people disagree...

Marc Aurele La France: Contrary to what too many security pundits think, 
limiting root's power doesn't solve anything.  Like bugs, security issues 
will forever be uncovered, whether they be in setuid applications like an X 
server or in a kernel itself.  The trick, it seems, is to understand where to 
properly fix them, instead of sowing workarounds all over the place...

( http://marc.theaimsgroup.com/?t=11473584346r=1w=2 )


...and some Linux developers too...

Alan Cox: What it essentially says is if you can hack the machine enough to 
get the ability to issue raw i/o accesses you can get any other power you
want. Thats always been true. Using SMM to do this seems awfully hard
work.

( http://marc.theaimsgroup.com/?t=11473584324r=1w=2 )

Re: is openntpd 3.9 real?

[Henning Brauer]

* Matthew R. Dempsky [EMAIL PROTECTED] [2006-05-13 05:17]:
 On Sat, May 13, 2006 at 03:44:41AM +0200, Henning Brauer wrote:
  * Matthew R. Dempsky [EMAIL PROTECTED] [2006-05-13 03:00]:
   Will it include the leap second patch Thorsten Glaser posted earlier 
   this week?
  no.
 Can I ask why his patch has been rejected?

I haven't made up my mind on this patch at all yet.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: iwi driver (Problem with Intel 2200BG and PC-engines WRAP)

[Risto Varanka]

Problems with the 2200BG continue...

I changed to OpenBSD 3.9. The interface looks like this on the box:

# ifconfig iwi0
iwi0: flags=8803UP,BROADCAST,SIMPLEX,MULTICAST mtu 1500
lladdr ***
media: IEEE802.11 autoselect ibss (autoselect adhoc)
status: no network
ieee80211: nwid lala chan 1 100dBm
inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255

However whenever I use ifconfig to configure it I get these errors in the
console:

iwi0: timeout processing cb
iwi0: could not load main firmware
May 13 14:06:20 sphinx /bsd: iwi0: timeout processing cb
May 13 14:06:20 sphinx /bsd: iwi0: timeout processing cb
May 13 14:06:20 sphinx /bsd: iwi0: could not load main firmware
May 13 14:06:20 sphinx /bsd: iwi0: could not load main firmware

I have 2.3 firmware installed with 3.0 installed on top of it:

# ls -la etc/firmware/
total 1306
drwxr-xr-x  2 root  wsrc 512 May 13 13:22 .
drwxr-xr-x  5 root  wsrc1024 May 13 13:24 ..
-rw-r--r--  1 root  wsrc6472 May 18  2005 iwi-boot
-rwxr-xr-x  1 root  wsrc  191142 Mar 26 15:29 iwi-bss
-rwxr-xr-x  1 root  wsrc  185660 Mar 26 15:29 iwi-ibss
-rwxr-xr-x  1 root  wsrc   12007 Mar 26 15:29 iwi-license
-rwxr-xr-x  1 root  wsrc  187836 Mar 26 15:29 iwi-monitor
-rw-r--r--  1 root  wsrc   16334 May 18  2005 iwi-ucode-bss
-rw-r--r--  1 root  wsrc   16312 May 18  2005 iwi-ucode-ibss
-rw-r--r--  1 root  wsrc   16344 May 18  2005 iwi-ucode-monitor

When I scan with the Nokia 770, I cannot find this WLAN network. Any
suggestions?

PS. Intel is working on hostAP mode for their ipw2200 driver for Linux, so
that might be possible on this card in the future.

Risto Varanka
http://icct.blogspot.com/

...
Luukku Plus paketilla pddset eroon tila- ja turvallisuusongelmista.
Hanki Luukku Plus ja helpotat eldmddsi. http://www.mtv3.fi/luukku

Re: Firefox keeps crashing

[Jeffrey Lim]

On 5/13/06, Leonardo Rodrigues [EMAIL PROTECTED] wrote:


By the way, I find it funny that firefox, being open-source and all
that, initializes slower on Unix machines than on WindowsXP for
example...



hey, it even has *different* menu option placements for unix and for
windows! Edit - Preferences (in unix), vs Tools - Options (in
windows). Now why would anybody even try to do this sort of idiotic
thing?? to make it easier on the windows users??? IE - Tools -
Internet Options

-jf

hostapd small bug

[Bruno Carnazzi]

 Hi all,

looking at /var/log/daemon, it seems that hostapd syslog timestamp
does not take care of local timezone :

May 13 16:49:12 puffy test_syslog[6582]: This is just a test for my c studies
May 13 16:49:18 puffy hostapd[18915]: ural0: (rate: 100/8 sec)
00:0d:0b:c3:cb:bb  00:0d:93:ed:ee:2b, bssid 00:0d:0b:c3:cb:bb, DS :
data, radiotap v0, chan 11, 11g
May 13 16:49:18 puffy hostapd[18915]:
May 13 16:49:22 puffy test_syslog[6582]: This is just a test for my c studies
May 13 20:49:38 puffy dhcpd: DHCPREQUEST for 192.168.13.32 from
00:0d:93:ed:ee:2b via ural0
May 13 20:49:38 puffy dhcpd: DHCPACK on 192.168.13.32 to
00:0d:93:ed:ee:2b via ural0
May 13 20:49:48 puffy test_syslog[21638]: This is just a test for my c studies

My small program test_syslog does so. I've fixed it with just calling
tzset() in main().
Maybe the same problem in hostapd...

Best regards,

Bruno.

ksh and X windows.

[Peter Fraser]

If you install a new 3.9 system, and enable X windows
(The only package I installed was emacs)

Create a new userid with ksh as its shell
and sign on though X.

~/.profile does not get executed

Nor does ~/.profile get executed then a
new xterm is created using the left click
menu in the background.

I expect this related to my earlier messages
about .profile and ksh.

Help Vampires: A Spotters Guide -- Why I Like OpenBSD and Its Community

[Aaron Poffenberger]

I found this practical blog entry by Amy Hoy on her blog, 
slash7.com http://www.slash7.com/pages/vampires.In the post Amy 
describes how to identify Help Vampires how to reform yourself if you are one, 
and how to quit enabling them if they show up in your community. She writes:


It's so regular you could set your watch by it. The decay of a 
community is just as predictable as the decay of certain stable nuclear 
isotopes. As soon as an open source project, language, or what-have-you 
achieves a certain notorietyits half-life, if you will*they* swarm in, 
seemingly draining the very life out of the community itself.


*They* are the Help Vampires. And I'm here to stop them.

Amy offers the following tips for identifying Help Vampires:

   * Does he ask the same, tired questions others ask (at a rate of
 once or more per minute)?
   * Does he clearly lack the ability or inclination to ask the
 almighty Google?
   * Does he refuse to take the time to ask coherent, specific questions?
   * Does he think helping him must be the high point of your day?
   * Does he get offensive, as if *you* need to prove to *him* why he
 should use Ruby on Rails?
   * Is he obviously just waiting for some poor, well-intentioned
 person to do all his thinking for him?
   * Can you tell he really isn't interested in having his question
 answered, so much as getting someone else to do his work?

Rather than advocating putting a stake through the heart of Help 
Vampires, she offers practical guidance for helping them reform. What I found 
particularly interesting about her advice is how this community already 
practices what she suggests:


  1. Create resources for Help Vampires (and regular folks) to help
 themselves.
  2. Cease all behavior which enables Help Vampires' vampy behavior.
  3. Meet Help Vampires head-on.

Which brings me to what I like about OpenBSD. I've recently switched
to OpenBSD. Despite a fare amount of experience with Linux, OS X and
Windows like anything I've had to find my legs with OpenBSD. The OS
and the community have made that almost painless. The man pages are 
up-to-date and useful. The online FAQ address practically everything a 
new user will run into or ask. And the mailing lists are mature forums 
for serious folks to learn about and/or help others learn about this 
powerful system.


I mentioned Amy's post because I've noticed several others who've
joined the community around the same time I did are having some trouble
acclimating themselves to such a serious and professional community. 
I suggest all new members take a few minutes to read Amy's post,
especially focusing on the self-help section. I think we all will find 
that the terse answers and sharply pointed requests to fead the FAQ, 
use google or provide useful debugging information is the reasonable

request of helpful but busy people helping us help ourselves to become
self-reliant and perhaps even expert users of this awesome OS. And
if that's too much to ask then perhaps we should be looking for a
different OS and community to participate in.

Thanks to everyone who make OpenBSD and the community a joy to use and 
participate in!


--Aaron

Re: ksh and X windows.

[Stuart Henderson]

On 2006/05/13 13:16, Peter Fraser wrote:
 Create a new userid with ksh as its shell
 and sign on though X.
 
 ~/.profile does not get executed
 
 Nor does ~/.profile get executed then a
 new xterm is created using the left click
 menu in the background.

that's normal; see xterm(1) about -ls

Re: ksh and X windows.

[Okan Demirmen]

On Sat 2006.05.13 at 13:16 -0400, Peter Fraser wrote:
 If you install a new 3.9 system, and enable X windows
 (The only package I installed was emacs)
 
 Create a new userid with ksh as its shell
 and sign on though X.
 
 ~/.profile does not get executed
 
 Nor does ~/.profile get executed then a
 new xterm is created using the left click
 menu in the background.
 
 I expect this related to my earlier messages
 about .profile and ksh.

man xterm - see loginShell

you can change defaults here: /etc/X11/app-defaults/XTerm or in
~/.Xresources

Re: ksh and X windows.

[Nick Holland]

Peter Fraser wrote:

If you install a new 3.9 system, and enable X windows
(The only package I installed was emacs)

Create a new userid with ksh as its shell
and sign on though X.

~/.profile does not get executed

Nor does ~/.profile get executed then a
new xterm is created using the left click
menu in the background.


http://www.openbsd.org/faq/


I expect this related to my earlier messages
about .profile and ksh.


Got me, I see you have asked a lot of questions, often in the tone
of a remarkable discovery that most of us already knew about.  A
little time doing some research on your own will be far more
educational.  For that reason, I deleted the rest of the link above.
The answer to your quest..er..statement is very much in there.

Start reading.

Nick.

Re: ksh and X windows.

[Peter Fraser]

My apologies, for not noticing that faq entry. But is
is not a solution in general.

I had a menu entry for emacs, The effect I got
was the shell inside emacs didn't have ENV set,
and by that time ksh is not going to look at 
.profile. I tried to come up with a simple
example of the problem.

Why doesn't Xsession just do a . ~/.profile 
before calling /usr/X11R6/bin/fvwm ?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Nick Holland
Sent: Saturday, May 13, 2006 1:33 PM
To: misc
Subject: Re: ksh and X windows.

Peter Fraser wrote:
 If you install a new 3.9 system, and enable X windows
 (The only package I installed was emacs)
 
 Create a new userid with ksh as its shell
 and sign on though X.
 
 ~/.profile does not get executed
 
 Nor does ~/.profile get executed then a
 new xterm is created using the left click
 menu in the background.

http://www.openbsd.org/faq/

 I expect this related to my earlier messages
 about .profile and ksh.

Got me, I see you have asked a lot of questions, often in the tone
of a remarkable discovery that most of us already knew about.  A
little time doing some research on your own will be far more
educational.  For that reason, I deleted the rest of the link above.
The answer to your quest..er..statement is very much in there.

Start reading.

Nick.

Re: hostapd small bug

[Reyk Floeter]

On Sat, May 13, 2006 at 08:56:20PM +0400, Bruno Carnazzi wrote:
  Hi all,
 
 looking at /var/log/daemon, it seems that hostapd syslog timestamp
 does not take care of local timezone :
 

thanks, just commited the fix using tzset()

reyk

 May 13 16:49:12 puffy test_syslog[6582]: This is just a test for my c 
 studies
 May 13 16:49:18 puffy hostapd[18915]: ural0: (rate: 100/8 sec)
 00:0d:0b:c3:cb:bb  00:0d:93:ed:ee:2b, bssid 00:0d:0b:c3:cb:bb, DS :
 data, radiotap v0, chan 11, 11g
 May 13 16:49:18 puffy hostapd[18915]:
 May 13 16:49:22 puffy test_syslog[6582]: This is just a test for my c 
 studies
 May 13 20:49:38 puffy dhcpd: DHCPREQUEST for 192.168.13.32 from
 00:0d:93:ed:ee:2b via ural0
 May 13 20:49:38 puffy dhcpd: DHCPACK on 192.168.13.32 to
 00:0d:93:ed:ee:2b via ural0
 May 13 20:49:48 puffy test_syslog[21638]: This is just a test for my c 
 studies
 
 My small program test_syslog does so. I've fixed it with just calling
 tzset() in main().
 Maybe the same problem in hostapd...
 
 Best regards,
 
 Bruno.

Re: Help Vampires: A Spotters Guide -- Why I Like OpenBSD and Its Community

[Aaron Poffenberger]

Interesting article but hardly applicable to most of the people I see 
posting to the @ lists. I don't believe in such entities but even were 
it the case energy vampires truly exist and in some natural or 
supernatural way suck the psychic force of others you'll note that they 
feed on the weak.


If you can demonstrate to me that the OpenBSD lists in particular or the 
user population in general are psychic weaklings then we'll talk. 
Otherwise your reply is pointless.


If you think I'm wrong, then contradict the post with useful facts. If 
you think I have no right or standing to address such an article to 
other OpenBSD neophytes (and I do include myself in that list), then say 
that and backup your assertions.


If you're just offended then learn to deal with it. That's the upshot of 
my post. OpenBSD appears to *me* to be a system and community aimed at 
mature people who take responsibility for themselves and wouldn't let an 
energy vampire suck them dry.


Cheers,

Aaron

Peter Philipp wrote:

Before you go looking for or spotting Help Vampires perhaps you should analyze 
yourself whether you are an Energy Vampire.


URL: http://en.wikipedia.org/wiki/Energy_vampire

Willing or not, pointing out to people what annoys them is downright depressing.

Cheers,

-p

systemtrash.com plans to review OpenBSD

[Josh Grosse]

And they are looking for input from the user community:

http://www.bsdforums.org/forums/showthread.php?t=41225

OpenBSD 3.9 current, AMD Geode SC1200UFH-266, kontron on a scandisk 128mb

[Wild Karl-Heinz]

hi.

I'm working on a openbsd kernel and an image for
an AMD Geode SC1200UHF-266.

I got a cpu-module and the eval-board. The manufactor
is kontor.

I configured a kernel similar to my wrap-boxe
and changed some entries for the network and console.

The kernel will be loaded and after the loading
he tries to find the root system on the wd0a and
the system dumps.

I wrote an image on a scandisk cf 128 mb with flashdist.
I can mount and manipulate. It seem ok.

Sorry, I can't get the log because there is no way to stop
the reboot.

I wrote some messages down. Maybe there is something,
someone can see enough to give me a hint.

---
rootdev 0x0 rrootdev 0x300 rawdev 0x302
biomask fded netmask ffed ttymask ffed
root on wd0a
---

thanks for you interest and maybe
your help.

Karl-Heinz

ps:

the kernel config looks like ...

-
machine i386 # architecture, used by config; REQUIRED

option  I586_CPU

option  SMALL_KERNEL
option  NO_PROPOLICE

maxusers 4 # estimated number of users

option  FFS  # UFS
option  MFS  # Linux ext2fs

option  TCP_SACK
option  FIFO # FIFOs; RECOMMENDED
option  INET # IP + ICMP + TCP + UDP

option  BOOT_CONFIG

config  bsd root on wd0

mainbus0 at root

cpu0  at mainbus?
bios0 at mainbus0
apm0  at bios0 flags 0x   # flags 0x0101 to force protocol version 1.1
pcibios0 at bios0 flags 0x

isa0  at mainbus0
isa0  at pcib?
isa0  at ichpcib?
isa0  at gscpcib?
eisa0 at mainbus0
pci*  at mainbus0

option  PCIVERBOSE
option  USER_PCICONF

ppb*  at pci?# PCI-PCI bridges
pci*  at ppb?
pcib* at pci?# PCI-ISA bridge

ichpcib* at pci? # Intel ICHx/ICHx-M LPC bridges
gscpcib* at pci? # NS Geode SC1100 PCI-ISA bridge

# PCI PCMCIA controllers
pcic* at pci?

# PCMCIA bus support
pcmcia*  at pcic?

npx0  at isa? port 0xf0 irq 13   # math coprocessor
isadma0  at isa?

pckbc0  at isa?# PC keyboard controller
pckbd*  at pckbc?  # PC keyboard
wskbd*  at pckbd? mux 1
vga0 at isa?
vga* at pci?
pcdisplay0  at isa?# CGA, MDA, EGA, HGA
wsdisplay*  at vga?
wsdisplay*  at pcdisplay?

pccom0   at isa? port 0x3f8 irq 4   # standard PC serial ports

# IDE controllers
pciide* at pci? flags 0x

wdc0  at isa? port 0x1f0 irq 14 flags 0x00
wdc*  at pcmcia?

# IDE hard drives
wd*   at wdc? flags 0x
wd*   at pciide? flags 0x

fxp*  at pci?   # EtherExpress 10/100B ethernet cards
sis*  at pci?   # SiS 900/7016 ethernet

inphy*   at mii?   # Intel 82555 PHYs
iophy*   at mii?   # Intel 82553 PHYs
nsphyter*   at mii?# NS and compatible PHYs

pseudo-device  loop  1 # network loopback
pseudo-device  bpfilter 1 # packet filter
pseudo-device  wsmux 2

pseudo-device  pty   32

Re: security bug in x86 hardware (thanks to X WIndows)

[Theo de Raadt]

  Marc Aurele La France: Contrary to what too many security pundits think, 
  limiting root's power doesn't solve anything.  Like bugs, security issues 
  will forever be uncovered, whether they be in setuid applications like an X 
  server or in a kernel itself.  The trick, it seems, is to understand where 
  to 
  properly fix them, instead of sowing workarounds all over the place...
  
  ( http://marc.theaimsgroup.com/?t=11473584346r=1w=2 )
 
 I think that's been agreed to many times by the OpenBSD developers: you can't
 effectively limit root's ability to do bad things, and pretending you did
 is just fooling the good guys and making the bad guys giggle.

Wrong.  You can limit roots ability to do some bad things.  We try to 
do that.  Even root cannot open /dev/*mem for write.  We are trying to
be protective, but the requirements of X stops us from doing so.

 This isn't about root.  Or at least, it shouldn't be.  Except it is, because
 of how much of the X code is doing root-like things.

X is not doing root-like things.  X is talking to IO devices.  Root
does not talk to IO devices.  Root only talks to the kernel.  If you
are going to ran on a topic like this, you HAVE TO KNOW WHAT YOU ARE
TALKING ABOUT.

Nick, you don't know what you are talking about.

But Ed, you interviewed someone in detail about the issue, and you
still managed to get it wrong and you still don't understand it.  Get
a grip, please.

In the Unix system view, anything which needs to talk to raw devices
INSTEAD OF THE KERNEL DOING SO is broken.  There are no apologies to
be made.  Period.

If you want X to talk to IO devices, what next?  ls?

Confirmation From ATI Developer

[autoreply]

Dear Theo de Raadt and Richard Stallman,
Thank you for visiting ATI.COM !
This is an AUTOMATIC RESPONSE which confirms that your request has been
successfully received by our server and will be processed.
Please do not reply to this message, any replies to this email  will not
be responded to or forwarded. This service is used for outgoing e-mail
only and cannot respond to technical support or customer service inquiries
===
USEFUL LINKS
ATI HOMEPAGE
See: http://www.ati.com
ATI CONTACT INFO
See: http://www.ati.com/companyinfo/contact/congeneral.html
===
Copyright (c) 2005, ATI Technologies Inc. All Rights Reserved
END OF AUTOMATIC RESPONSE

Re: ALTQ priq: bandwidth or no?

[Damian Gerow]

Thus spake Jeff Quast ([EMAIL PROTECTED]) [11/05/06 09:22]:
: On 5/11/06, Damian Gerow [EMAIL PROTECTED] wrote:
: I'm not interested in bandwidth limitations, so it looks like priq is 
: likely my best bet.
: [...]
: Then I create a queue with a bandwidth limit of 700Kbps.
: 
: The man page is a little vague on this point
: The priq scheduler does not support band-width specification.
: 
: huh?

Exactly my point.  The man page states that priq does /not/ support
bandwidth-restricted queues, yet the altq statement has a bandwidth setting
in it (and seems to require it).

So: does priq do bandwidth queueing at all?  Is the altq definition wrong, or
is the manpage misleading?

(Or am I completely missing something here?)

: Use cbq if you want to throttle bandwidth to a limit, something like:

I don't.  That's the point.

Re: ALTQ priq: bandwidth or no?

[Melameth, Daniel D.]

Damian Gerow wrote:
 Thus spake Jeff Quast ([EMAIL PROTECTED]) [11/05/06 09:22]:
  On 5/11/06, Damian Gerow [EMAIL PROTECTED] wrote:
   I'm not interested in bandwidth limitations, so it looks like
   priq is likely my best bet.
 
   Then I create a queue with a bandwidth limit of 700Kbps.
  
   The man page is a little vague on this point
  The priq scheduler does not support band-width specification.
  
  huh?
 
 Exactly my point.  The man page states that priq does /not/ support
 bandwidth-restricted queues, yet the altq statement has a bandwidth
 setting in it (and seems to require it).
 
 So: does priq do bandwidth queueing at all?  Is the altq definition
 wrong, or is the manpage misleading?
 
 (Or am I completely missing something here?)
 
  Use cbq if you want to throttle bandwidth to a limit, something
  like: 
 
 I don't.  That's the point.

It would seem altq wants a bandwidth declaration.  However, from man 5
pf.conf:

If bandwidth is not specified, the interface bandwidth is used.

In any event, all my priq queues appear to simply be prioritized and the
overall outbound bandwidth of all queues, collectively, never exceeds
the altq bandwidth keyword--and this works well for me with the
exception of the annoying PR 4312.

Re: ALTQ priq: bandwidth or no?

[Damian Gerow]

Thus spake Melameth, Daniel D. ([EMAIL PROTECTED]) [13/05/06 20:06]:
: It would seem altq wants a bandwidth declaration.  However, from man 5
: pf.conf:
: 
:   If bandwidth is not specified, the interface bandwidth is used.

And OpenBSD complains bitterly when not defining the bandwidth on a pppoe
virtual interface:

# pfctl -F queue -f /etc/pf.conf
  
altq cleared
cannot determine interface bandwidth for pppoe0, specify an absolute
bandwidth
altq not defined on pppoe0
/etc/pf.conf:73: errors in queue definition
more specific queue errors here
pfctl: Syntax error in config file: pf rules not loaded
# 

: In any event, all my priq queues appear to simply be prioritized and the
: overall outbound bandwidth of all queues, collectively, never exceeds
: the altq bandwidth keyword--and this works well for me with the
: exception of the annoying PR 4312.

The way I'm reading 4312 is that priq is doing something it isn't supposed
to do -- bandwidth throttling.  No?

And yes, it looks like I've run into 4312 as well.  Annoying.

The answer to my previous question leads me to one followup:

My altq definition:

altq on $ext_if priq bandwidth 700Kb queue { default, high, bittorrent, 
vpn, pubservices }
queue default priority 3 priq(default)
queue high priority 7
queue bittorrent priority 0
queue vpn priority 4
queue pubservices priority 5

is subsequently applied to the interface as such:

pass in quick on $ext_if inet proto tcp from any to $mailserver port 
$mailports flags S/SA modulate state queue (pubservices, high)
pass in quick on $ext_if inet proto tcp from any to $webserver port 
$webports flags S/SA modulate state queue (default, high)
pass in quick on $ext_if inet proto tcp from any to $btserver port $btports 
flags S/SA modulate state queue (bittorrent, default)
pass in quick on $ext_if inet proto gre from any to $ian modulate state 
queue (vpn, high)

pass out quick on $ext_if inet proto tcp from $external_addr to any flags 
S/SA modulate state queue (default, high)
pass out quick on $ext_if inet proto { udp, icmp } from $external_addr to 
any modulate state queue (default)
pass out quick on $ext_if inet proto gre from $external_addr to any 
modulate state queue (vpn, high)

As priq seems to be doing bandwidth throttling, does this not place an
artificial bandwidth restriction of 700Kb/s on my /inbound/ traffic as well
(which is something more in the order of a raw 3Mbps)?  Yes, I fully
recognize that by the time it gets here it's already traversed the pipe, but
if altq only allows the OS to process at 700Kbps, then the pipe is
effectively 700Kbps.

(FWIW, I've done a few bandwidth tests that conradict that directly -- i.e.
I transfer close to the practical maximum of 3Mbps, not the artificial
maximum of 700Kbps.  Hence my question.)