Re: D-Link DUB-E100 new Revision does not work

[Guido Tschakert]

Jonathan Gray schrieb:
 On Thu, Jul 06, 2006 at 04:14:12PM +0200, Guido Tschakert wrote:
 Guido Tschakert schrieb:
 Hello,

 don't know if this is the right place, but I post it anyway.

 I bought an D-Link DUB-E100 which should work on OpenBSD accordingly to
 the web site.

 But it doesn't. Our lovely vendor D-Link changed the chipset and called
 it H/W Ver.:B1
 here comes the part of the dmesg

 ugen0 at uhub4 port 4
 ugen0: vendor 0x07d1 product 0x3c05, rev 2.00/0.01, addr 2

 Maybe the info on http://www.openbsd.org/i386.html#hardware should be
 changed to D-Link DUB-E100 (Revision A) or something like that.

 Btw, I don't need this thing to work on openbsd but I plug every piece
 of hardware in one of our openbsd boxes to check if it works ;-)

 If I can give you more info, please let me know.
 At this time I try to open the case of the adaper, hoping to see a label
 with the name of the chipset.


 guido

 PS: also on Linux which should support the old DUB-E100 the new one
 doesn't work.


 A colleague has opened this box, the chipset is AX88772 LF.
 (The old one had AX88172).
 Hope that anyone can use this information.

 guido
 
 Please try this diff:
 
 Index: usbdevs
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs,v
 retrieving revision 1.204
 diff -u -p -r1.204 usbdevs
 --- usbdevs   27 Jun 2006 09:19:09 -  1.204
 +++ usbdevs   6 Jul 2006 15:52:11 -
 @@ -903,6 +903,7 @@ product DLINK DWL120F 0x3702  DWL-120 re
  product DLINK RT2570 0x3c00  RT2570
  product DLINK2 DWLG122C1 0x3c03  DWL-G122 rev C1
  product DLINK2 WUA1340   0x3c04  WUA-1340
 +product DLINK2 DUBE100B1 0x3c05  DUB-E100 rev B1
  product DLINK DSB650C0x4000  10Mbps ethernet
  product DLINK DSB650TX1  0x4001  10/100 ethernet
  product DLINK DSB650TX   0x4002  10/100 ethernet
 Index: usbdevs.h
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs.h,v
 retrieving revision 1.208
 diff -u -p -r1.208 usbdevs.h
 --- usbdevs.h 27 Jun 2006 09:19:58 -  1.208
 +++ usbdevs.h 6 Jul 2006 15:52:19 -
 @@ -1,4 +1,4 @@
 -/*   $OpenBSD: usbdevs.h,v 1.208 2006/06/27 09:19:58 jsg Exp $   */
 +/*   $OpenBSD$   */
  
  /*
   * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
 @@ -910,6 +910,7 @@
  #define  USB_PRODUCT_DLINK_RT25700x3c00  /* RT2570 */
  #define  USB_PRODUCT_DLINK2_DWLG122C10x3c03  /* DWL-G122 rev 
 C1 */
  #define  USB_PRODUCT_DLINK2_WUA1340  0x3c04  /* WUA-1340 */
 +#define  USB_PRODUCT_DLINK2_DUBE100B10x3c05  /* DUB-E100 rev 
 B1 */
  #define  USB_PRODUCT_DLINK_DSB650C   0x4000  /* 10Mbps 
 ethernet */
  #define  USB_PRODUCT_DLINK_DSB650TX1 0x4001  /* 10/100 
 ethernet */
  #define  USB_PRODUCT_DLINK_DSB650TX  0x4002  /* 10/100 
 ethernet */
 Index: usbdevs_data.h
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs_data.h,v
 retrieving revision 1.208
 diff -u -p -r1.208 usbdevs_data.h
 --- usbdevs_data.h27 Jun 2006 09:19:58 -  1.208
 +++ usbdevs_data.h6 Jul 2006 15:52:28 -
 @@ -1,4 +1,4 @@
 -/*   $OpenBSD: usbdevs_data.h,v 1.208 2006/06/27 09:19:58 jsg Exp $  */
 +/*   $OpenBSD$   */
  
  /*
   * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
 @@ -1041,6 +1041,10 @@ const struct usb_known_product usb_known
   {
   USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_WUA1340,
   WUA-1340,
 + },
 + {
 + USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DUBE100B1,
 + DUB-E100 rev B1,
   },
   {
   USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DSB650C,
 Index: if_axe.c
 ===
 RCS file: /cvs/src/sys/dev/usb/if_axe.c,v
 retrieving revision 1.53
 diff -u -p -r1.53 if_axe.c
 --- if_axe.c  23 Jun 2006 06:27:11 -  1.53
 +++ if_axe.c  6 Jul 2006 15:52:29 -
 @@ -160,6 +160,7 @@ Static const struct axe_type axe_devs[] 
   { { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_USB200MV2}, AX772 
 },
   { { USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB2_TX }, 0},
   { { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DUBE100}, 0 },
 + { { USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DUBE100B1}, AX772 },
   { { USB_VENDOR_GOODWAY, USB_PRODUCT_GOODWAY_GWUSB2E}, 0 },
   { { USB_VENDOR_JVC, USB_PRODUCT_JVC_MP_PRX1}, 0 },
   { { USB_VENDOR_LINKSYS2, USB_PRODUCT_LINKSYS2_USB200M}, 0 },
 
 

Ok, I will try that out next week (today there is not so much time and
at home I have no testing machine and btw, as I wrote I'm not in that
hurry).
To be honest I never worked with cvs and at this moment I don't know how
to patch this diff to the source tree, but I will find out.


thanks guido

Re: Venda, compre o alquile su propiedad por este medio

[Nick Guenther]

On 7/7/06, Epropiedades [EMAIL PROTECTED] wrote:

This e-mail message is an advertisement and/or solicitation.Este mensaje de 
correo electronico es una publicidad y/o solicitada.
BR
Si las imaacute;genes no son visibles en este correo, por favor visite la 
versioacute;n en linea.
BR

 If images are not visible in this email, please visit the online version. BR
a 
href=http://www.envios-cr.com/mail.php?s=20member=92553612members=31d81af3;
http://www.envios-cr.com/mail.php?s=20member=92553612members=31d81af3 /a



Polite at least...

-Nick

Re: hexdump observation

[Otto Moerbeek]

On Thu, 6 Jul 2006, Peter Philipp wrote:

 I just tested running hexdump -x on two different systems.  One system is a 
 macppc and the other and amd64.  On the same file the order (endian) of the 
 hexpairs are swapped.  Is this supposed to be like that?  
 
 If there was an effort to make hexdump -x endian safe, which order should it
 prefer (little or big)?  And if it shouldn't be changed is there a chance for
 an extra flag that would make it endian-safe?

I think hexdump should dump in the native format.

Thwere's no such thing as a single endian safe format. What about
pdp11 byte order, alignments, float formats, etc?

-Otto

Re: BGP questions

[Peter Philipp]

On Thu, Jul 06, 2006 at 09:02:47PM -0500, Jacob Yocom-Piatt wrote:
 (1) i have 2 blocks of 8 static IPs at my disposal, one at home and one at 
 work,

So two /29's ?

 and both connections are 3Mb/512Kb ADSL via PPPoE. the upstream traffic at 
 work
 is beginning to saturate the connection and i would like to share some of the
 load with the home connection. would BGP allow me to multihome a site across
 both connections to split the load?
 
 would i need an AS number if this would work?

Yup.  That's not all.  You need at least a /20 (AFAIK) to be able for large
backbones to even consider routing your advertisement.  But this was heresay
years ago, I don't know if it still holds.  The investment though is in the
thousands of dollars a year though (ARIN fees 
http://www.arin.net/billing/fee_schedule.html) and you have to justify using 
that much IP space.

 (2) are there any particular online docs that are recommended reading for 
 BGP? 
RFC's, NANOG archives perhaps too


 what about books?
 
 (3) the home gateway machine is a PII-350 w/ 64MB ram. is this too slow for
 doing what i have asked about in (1)?

Dunno.  I suspect you won't be able to load a full BGP table.  BGP is really
a big boys(tm) protocol not sure if 2 ADSL connection classifies you as that.
If it did then they would quickly run out of the 16 bit ASN space wouldn't 
you think?

Perhaps considering a protocol like CARP is more what you want?

-peter

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: Question related to automaticly encrypted /tmp /vat/tmp (like swap..?)

[Janne Johansson]

Daniel A. Ramaley wrote:
 I have not seen 
documented how mfs allocates memory, so i just did a quick test. On a 
machine with 205 MB of RAM free i mounted a 128 MB mfs. Free RAM 
dropped to 199 MB; only 6 MB used! So OpenBSD must only allocate RAM 
for sectors that have actually been written to. Since the system is not 
using any more RAM than it has to, i think i'll switch to using mfs 
for /tmp as well.


mount_mfs uses mmap(), which in turn will only use those pages which the 
program actually touches. An unused (large) mfs will not take up much 
ram, and if it does, it can swap out seldom used pages too.

Re: hints for scanning msdosfs patters?

[vladas]

Seems like a small tax on people who
don't keep decent backups.

Yeah, thats thats me.


Thank you all so much for the links.



vladas

Re: BGP questions

[tony sarendal]

On 07/07/06, Peter Philipp [EMAIL PROTECTED] wrote:

 On Thu, Jul 06, 2006 at 09:02:47PM -0500, Jacob Yocom-Piatt wrote:
  (1) i have 2 blocks of 8 static IPs at my disposal, one at home and one
 at work,

 So two /29's ?

  and both connections are 3Mb/512Kb ADSL via PPPoE. the upstream traffic
 at work
  is beginning to saturate the connection and i would like to share some
 of the
  load with the home connection. would BGP allow me to multihome a site
 across
  both connections to split the load?
 
  would i need an AS number if this would work?

 Yup.  That's not all.  You need at least a /20 (AFAIK) to be able for
 large
 backbones to even consider routing your advertisement.  But this was
 heresay
 years ago, I don't know if it still holds.  The investment though is in
 the
 thousands of dollars a year though (ARIN fees
 http://www.arin.net/billing/fee_schedule.html) and you have to justify
 using that much IP space.


/24 work fine across the net. Smaller than that will likely be filtered in
lots of places.

You need an AS of your own and provider independent addresses to
multihome properly. If both links go to the same provider and they're
flexible
you may be able to implement a bgp setup with your /29's and without an AS
of your own.

In the end complexity and cost of running a bgp setup will hurt a lot more
than just upgrading your bandwidth. With BGP you can connect to multiple
providers, and also inheret problems from all of them.


 (2) are there any particular online docs that are recommended reading for
 BGP?
 RFC's, NANOG archives perhaps too



Goto Cisco's website and dig around, they have lots of good documentation
regarding most flavors of ip routing.
http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00804fa120.shtml#wp4050

http://www.cisco.com/en/US/tech/tk365/tk80/tsd_technology_support_sub-protocol_home.html



 what about books?
 


Internet Routing Architetures by Sam Halabi.
2nd edition for $39 on amazon.

 (3) the home gateway machine is a PII-350 w/ 64MB ram. is this too slow
 for
  doing what i have asked about in (1)?


With more memory it could in theory do what you want,
but in reality BGP is not the tool to use to when you run out
bandwidth on your 0.5M dsl line.

/Tony

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix

   -= The scorpion replied,
   I couldn't help it, it's my nature =-

Re: HTTP Load balancer

[Richard Wilson]

Pete Vickers wrote:

On 7. jul. 2006, at 00.11, Clint Pachl wrote:


Richard Wilson wrote:

Hulloo list,
Can anyone recommend a load balancer for http/https for OpenBSD?
Currently I'm using Pound, from http://www.apsis.ch/pound/ which 
runs under OpenBSD, and supports connection tracking via IP, cookie 
and request ID (eg PHPSESSID) and seems to do everything I need.


pf: see pf(4) pf.conf(5) pfctl(8) pfsync(4)
It can balance using round-robin, random, and source-hash. Stickiness 
can be applied to the round-robin and random methods. The stickiness 
option and source-hash method will satisfy https, and http if you are 
not sharing session data among servers.


Best of all, pf is is built right in and simple as hell to use. All 
you need to do is config your existing firewall or put a pf box in 
front of your webservers. Hell, you could probably even run it on all 
of your webservers in a carp group (haven't done this, but seems 
feasible). Added bonus, pf inherently balances other services, not 
just http! Oh, another bonus, you can easily have automatic fail-over 
using pfsync and carp! I'm not sure you can beat the simplicity and 
robustness of pf.


As far as I'm concerned, pf obsoleted all load balancers for me. I 
used to use pen to balance http traffic. Because of pen's design, 
there were discrepancies in the web logs, where all connections, from 
the webservers POV, were coming from the pen load balancer. So there 
was an add on program, a hack, that was needed to later resolve web 
logs. It worked well, but what a mess. I would like to hear why 
people would not desire pf over some other load balancing option.


-pachl



pound can

1. operate ( route, alter, etc) on/at L7, e.g HTTP headers/URLs

2. do https--http forwarding, e.g SSL off-loading

3. log URLs with source/dest IP etc

none of these can be done via pf (unless i'm mistaken)


/Pete

Those are almost an exact summary of why we use pound. We do certain 
things based on the content of the headers, so we need 1), but 
admittedly we could probably find a better way if we had to. All the 
annoyances of SSL, multiple IPs, and the like, are handled on the 
balancer, giving us one place to manage certificates and keeping the web 
servers themselves nice and simple, which uses 2). Some of the clients 
we host for are big on logging, web stats and the like, and so having 
all the logs in an apache-style format in one place is damn handy, and 
uses 3).


In addition to these things, the feature that really wins us over is the 
connection tracking. Our main piece of software is a corporate CRM 
package, and because we host a few instances of it for customers, we can 
find that we might get 50 connections all from the same IP, because 
there are many people all from the same company, behind NAT, using our 
servers at the same time. We have to have connection tracking, otherwise 
many things break in interesting ways when someone's session jumps to 
another apache node, but if we do say source hashing, we end up with all 
50 users on one server, rather than spread around. Pound's ability to 
track based on either cookie or a variable in the request header is 
exactly what we need.


We have two balancers, for redundancy, and so OpenBSD and CARP were the 
clear choice. I would have thought, given it is seems to fill a space 
not occupied by anything else, it would be good to have pound in the 
ports tree. Is there some reason that it isn't? Perhaps because it 
requires threaded OpenSSL? Or is it that no-one has had the time? I 
would love to help out, but by my own admission I'm no coder.


That said, if anyone is trying to make a port, and needs help with 
testing or some other not-requiring-C-skills assistance, I'd happily do 
all I can :-)


Richard W

How to compile DHCPD source code

[Rahul Sharma]

Hi,
I need to make some minute changes to db.c file comes under DHCP source
code .
I wanted to know that how can i run dhcp now with these changes.
Plz tell me for this whether I have to recompile whole source code(Kernel)
again or if there is any way
to just compile only this DHCP code.

What I have done so far is
I have downloaded all files needed for DHCPD from
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/dhcpd/

After that i had made changes to file db.c.
Now I strucked here.
Any one Plz Help. Tell me what to do.
Thanks for reading this mail anyay.

Rahul

Re: BGP questions

[Henning Brauer]

* Peter Philipp [EMAIL PROTECTED] [2006-07-07 08:47]:
  would i need an AS number if this would work?
 
 Yup.  That's not all.  You need at least a /20 (AFAIK) to be able for large
 backbones to even consider routing your advertisement.  But this was heresay
 years ago, I don't know if it still holds.

no.
more than half the table is /24s and /23s.

  (3) the home gateway machine is a PII-350 w/ 64MB ram. is this too slow for
  doing what i have asked about in (1)?
 Dunno.  I suspect you won't be able to load a full BGP table.  BGP is really
 a big boys(tm) protocol not sure if 2 ADSL connection classifies you as that.
 If it did then they would quickly run out of the 16 bit ASN space wouldn't 
 you think?

foremost, running bgp requires your upstreams speaking bgp with you. in 
general, DSL companies don't do that. 

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: How to compile DHCPD source code

[Peter Blair]

First, *don't* download source from the cvsweb website.  That source
is handy for browsing, but you should be getting your code from a cvs
repository.

Look at the instructions for a given patch for guidance:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patch

And then rebuild and install sendmail:
cd gnu/usr.sbin/sendmail
make obj
make depend
make
make install

On 7/7/06, Rahul Sharma [EMAIL PROTECTED] wrote:

Hi,
I need to make some minute changes to db.c file comes under DHCP source
code .
I wanted to know that how can i run dhcp now with these changes.
Plz tell me for this whether I have to recompile whole source code(Kernel)
again or if there is any way
to just compile only this DHCP code.

What I have done so far is
I have downloaded all files needed for DHCPD from
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/dhcpd/

After that i had made changes to file db.c.
Now I strucked here.
Any one Plz Help. Tell me what to do.
Thanks for reading this mail anyay.

Rahul

Re: Some though and more detail

[Stuart Henderson]

On 2006/07/06 09:50, Joachim Schipper wrote:
  We are now in the days of being able to make a complete OS install
  onto a flashcard which costs less than the cheapest hard drive.
 
 Is this still the case if you include the controller? I don't know, just
 asking...

DiskOnModule are cheap if you buy them from the right place,
and they plug straight into IDE. CF seems cheaper for bigger
modules (and adapters aren't _that_ expensive - pretty simple,
just a PCB and couple of connectors usually).

 Well, given a good RAID card or software RAID implementation, a clueful
 admin, and decent disks, it should be pretty good. Or do you have other
 experiences? I am quite happy with RAIDframe...

Add (at least): decent cables, taking care when swapping failed
disks, good power supplies...

Re: htaccess + skey?

[Joachim Schipper]

On Thu, Jul 06, 2006 at 03:23:40PM +0200, Rogier Krieger wrote:
 On 7/6/06, Bernd Schoeller [EMAIL PROTECTED] wrote:
 On Thu, Jul 06, 2006 at 01:33:52PM +0200, [EMAIL PROTECTED] 
 wrote:
  Is there any way to combine htaccess with one-time-pads?
 
 Looks like a difficult task, as http is not session based. So, the
 brower would ask for a new OTP on every GET request.
 
 Sounds like a good point. I'd suppose adding session information in
 the web service (e.g. using Perl's Apache::Session, PHP, etc.) can
 alleviate that problem. Or am I in need of a good clue by four here?

No, this should work. Just be sure to actually use sessions that work -
far too many can be trivially spoofed.

Joachim

Re: hints for scanning msdosfs patters?

[Joachim Schipper]

On Thu, Jul 06, 2006 at 08:56:55PM +0900, vladas wrote:
 Hi all.
 
 I have fd up the first 10Mb of the 3Gb fat disk
 (not partition, the whole 3Gb disk) full of windoze
 shit. Then, due to time limits, made some of sort
 of backup of the mess with dd and put Puffy into
 that disk (dedicated install). The problem is that
 management needs some of that stuff back ...
 
 I would be grateful if anybody could give any hints
 on how to grep the 3Gb backup image for any msdosfs
 patterns so that I could get at least some of the
 individual files back. Sorry for asking it like that
 instead of just reading mount_msdos src silently
 - maybe someone had this before..
 
 I am posting this to misc@ because Puffy is the
 only OS I run.

 Would be grateful for any hint etc.

'Keep backups' is the best one, but probably a bit late. (Unless you
were told you could delete the data, in which case a clue by four might
be appropriate.)

Several good suggestions have already been given, so I'll not repeat
them.

Aside from Wietse Venema's The Coroner's Toolkit (TCT), there is also
the Sleuth Kit. It's more modern and presumably has a more friendly
interface (TCT, while a good tool, does not quite shine there). I am
fairly certain it does FAT as well, but I have no clue if it would work
in this case - it's really meant for finding deleted/hidden files in
intact filesystems. However, at least 'sigfind' from the Sleuth Kit
might be useful, if you know what you are looking for (and willing to
spend lots of time).

However, in case you only destroyed the partition table, but not the
partition in question (i.e., the partition you want to recover data
from), I have had personal success with a Knoppix disk, a loopback
device with an offset (this does not seem to be supported on OpenBSD),
and just mounting it. Of course, one could simulate this on OpenBSD by
exploiting the magic of dd(1), vnd(4), and mount_msdos(8), too.

Of course, this requires you to know the exact starting byte of the
filesystem, but other tools exist to help with that. In this case,
someone who shut down Partition Magic because it was taking too long,
it worked just fine, over the phone no less.

Joachim

Re: hints for scanning msdosfs patters?

[vladas]

On 07/07/06, Joachim Schipper [EMAIL PROTECTED] wrote:

On Thu, Jul 06, 2006 at 08:56:55PM +0900, vladas wrote:
 Hi all.

 I have fd up the first 10Mb of the 3Gb fat disk
 (not partition, the whole 3Gb disk) full of windoze
 shit. Then, due to time limits, made some of sort
 of backup of the mess with dd and put Puffy into
 that disk (dedicated install). The problem is that
 management needs some of that stuff back ...

 I would be grateful if anybody could give any hints
 on how to grep the 3Gb backup image for any msdosfs
 patterns so that I could get at least some of the
 individual files back. Sorry for asking it like that
 instead of just reading mount_msdos src silently
 - maybe someone had this before..

 I am posting this to misc@ because Puffy is the
 only OS I run.

 Would be grateful for any hint etc.

'Keep backups' is the best one, but probably a bit late. (Unless you
were told you could delete the data, in which case a clue by four might
be appropriate.)

Several good suggestions have already been given, so I'll not repeat
them.

Aside from Wietse Venema's The Coroner's Toolkit (TCT), there is also
the Sleuth Kit. It's more modern and presumably has a more friendly
interface (TCT, while a good tool, does not quite shine there). I am
fairly certain it does FAT as well, but I have no clue if it would work
in this case - it's really meant for finding deleted/hidden files in
intact filesystems. However, at least 'sigfind' from the Sleuth Kit
might be useful, if you know what you are looking for (and willing to
spend lots of time).

However, in case you only destroyed the partition table, but not the
partition in question (i.e., the partition you want to recover data
from), I have had personal success with a Knoppix disk, a loopback
device with an offset


Tried this in the very first place with no result. First 10Mb appeared
to be a lot:)

(this does not seem to be supported on OpenBSD),

and just mounting it. Of course, one could simulate this on OpenBSD by
exploiting the magic of dd(1), vnd(4), and mount_msdos(8), too.

Of course, this requires you to know the exact starting byte of the
filesystem, but other tools exist to help with that. In this case,
someone who shut down Partition Magic because it was taking too long,
it worked just fine, over the phone no less.

Joachim


Thank you for all these good ideas.
I will check them out.

vladas

Re: How to compile DHCPD source code

[Peter Blair]

Rahul:

You don't need the sendmail patch, but it does outline the steps
required to (re-)compile and install system software.

-Pete

P.S.  Don't forget to CC misc@

On 7/7/06, Rahul Sharma [EMAIL PROTECTED] wrote:

Hi Peter,
 Thanks for ur reply.
 It seems confusing to me that for recompiling dhcpd code i require sendmail
patch.
 Can u Plz explain me that.
 Warm regards
 Rahul


On 7/7/06, Peter Blair [EMAIL PROTECTED] wrote:
 First, *don't* download source from the cvsweb website.  That source
 is handy for browsing, but you should be getting your code from a cvs
 repository.

 Look at the instructions for a given patch for guidance:


ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patch

 And then rebuild and install sendmail:
 cd gnu/usr.sbin/sendmail
 make obj
 make depend
 make
 make install

 On 7/7/06, Rahul Sharma [EMAIL PROTECTED] wrote:
  Hi,
  I need to make some minute changes to db.c file comes under DHCP
source
  code .
  I wanted to know that how can i run dhcp now with these changes.
  Plz tell me for this whether I have to recompile whole source
code(Kernel)
  again or if there is any way
  to just compile only this DHCP code.
 
  What I have done so far is
  I have downloaded all files needed for DHCPD from
 
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/dhcpd/
 
  After that i had made changes to file db.c.
  Now I strucked here.
  Any one Plz Help. Tell me what to do.
  Thanks for reading this mail anyay.
 
  Rahul

Re: D-Link DUB-E100 new Revision does not work

[Guido Tschakert]

Jonathan Gray schrieb:
 On Thu, Jul 06, 2006 at 04:14:12PM +0200, Guido Tschakert wrote:
 Guido Tschakert schrieb:
 Hello,

 don't know if this is the right place, but I post it anyway.

 I bought an D-Link DUB-E100 which should work on OpenBSD accordingly to
 the web site.

 But it doesn't. Our lovely vendor D-Link changed the chipset and called
 it H/W Ver.:B1
 here comes the part of the dmesg

 ugen0 at uhub4 port 4
 ugen0: vendor 0x07d1 product 0x3c05, rev 2.00/0.01, addr 2

 Maybe the info on http://www.openbsd.org/i386.html#hardware should be
 changed to D-Link DUB-E100 (Revision A) or something like that.

 Btw, I don't need this thing to work on openbsd but I plug every piece
 of hardware in one of our openbsd boxes to check if it works ;-)

 If I can give you more info, please let me know.
 At this time I try to open the case of the adaper, hoping to see a label
 with the name of the chipset.


 guido

 PS: also on Linux which should support the old DUB-E100 the new one
 doesn't work.


 A colleague has opened this box, the chipset is AX88772 LF.
 (The old one had AX88172).
 Hope that anyone can use this information.

 guido
 
 Please try this diff:
 
 Index: usbdevs
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs,v
 retrieving revision 1.204
 diff -u -p -r1.204 usbdevs
 --- usbdevs   27 Jun 2006 09:19:09 -  1.204
 +++ usbdevs   6 Jul 2006 15:52:11 -
 @@ -903,6 +903,7 @@ product DLINK DWL120F 0x3702  DWL-120 re
  product DLINK RT2570 0x3c00  RT2570
  product DLINK2 DWLG122C1 0x3c03  DWL-G122 rev C1
  product DLINK2 WUA1340   0x3c04  WUA-1340
 +product DLINK2 DUBE100B1 0x3c05  DUB-E100 rev B1
  product DLINK DSB650C0x4000  10Mbps ethernet
  product DLINK DSB650TX1  0x4001  10/100 ethernet
  product DLINK DSB650TX   0x4002  10/100 ethernet
 Index: usbdevs.h
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs.h,v
 retrieving revision 1.208
 diff -u -p -r1.208 usbdevs.h
 --- usbdevs.h 27 Jun 2006 09:19:58 -  1.208
 +++ usbdevs.h 6 Jul 2006 15:52:19 -
 @@ -1,4 +1,4 @@
 -/*   $OpenBSD: usbdevs.h,v 1.208 2006/06/27 09:19:58 jsg Exp $   */
 +/*   $OpenBSD$   */
  
  /*
   * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
 @@ -910,6 +910,7 @@
  #define  USB_PRODUCT_DLINK_RT25700x3c00  /* RT2570 */
  #define  USB_PRODUCT_DLINK2_DWLG122C10x3c03  /* DWL-G122 rev 
 C1 */
  #define  USB_PRODUCT_DLINK2_WUA1340  0x3c04  /* WUA-1340 */
 +#define  USB_PRODUCT_DLINK2_DUBE100B10x3c05  /* DUB-E100 rev 
 B1 */
  #define  USB_PRODUCT_DLINK_DSB650C   0x4000  /* 10Mbps 
 ethernet */
  #define  USB_PRODUCT_DLINK_DSB650TX1 0x4001  /* 10/100 
 ethernet */
  #define  USB_PRODUCT_DLINK_DSB650TX  0x4002  /* 10/100 
 ethernet */
 Index: usbdevs_data.h
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs_data.h,v
 retrieving revision 1.208
 diff -u -p -r1.208 usbdevs_data.h
 --- usbdevs_data.h27 Jun 2006 09:19:58 -  1.208
 +++ usbdevs_data.h6 Jul 2006 15:52:28 -
 @@ -1,4 +1,4 @@
 -/*   $OpenBSD: usbdevs_data.h,v 1.208 2006/06/27 09:19:58 jsg Exp $  */
 +/*   $OpenBSD$   */
  
  /*
   * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
 @@ -1041,6 +1041,10 @@ const struct usb_known_product usb_known
   {
   USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_WUA1340,
   WUA-1340,
 + },
 + {
 + USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DUBE100B1,
 + DUB-E100 rev B1,
   },
   {
   USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DSB650C,
 Index: if_axe.c
 ===
 RCS file: /cvs/src/sys/dev/usb/if_axe.c,v
 retrieving revision 1.53
 diff -u -p -r1.53 if_axe.c
 --- if_axe.c  23 Jun 2006 06:27:11 -  1.53
 +++ if_axe.c  6 Jul 2006 15:52:29 -
 @@ -160,6 +160,7 @@ Static const struct axe_type axe_devs[] 
   { { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_USB200MV2}, AX772 
 },
   { { USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB2_TX }, 0},
   { { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DUBE100}, 0 },
 + { { USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DUBE100B1}, AX772 },
   { { USB_VENDOR_GOODWAY, USB_PRODUCT_GOODWAY_GWUSB2E}, 0 },
   { { USB_VENDOR_JVC, USB_PRODUCT_JVC_MP_PRX1}, 0 },
   { { USB_VENDOR_LINKSYS2, USB_PRODUCT_LINKSYS2_USB200M}, 0 },
 
 
Hello,

here is what I've done.

installed an openbsd
put src.tar.gz on it
made an cvs-update
applied the diffs (by hand, as it were just a few lines and I didn't
find the right way to do this with patch/cvs, maybe some can tell me)
rebuild kernel
booted the system
rebuild userland
booted the system

now I have done -current for the first 

Re: News From HiFn

[J.C. Roberts]

On Wed, 5 Jul 2006 08:23:51 -0400, Peter Blair [EMAIL PROTECTED] wrote:

Ya, that'd be nice if I ever made it to a prompt to enter 'anonymous',
but the connection fails well before that point.

$ ping ftp.hifn.com
PING ftp.hifn.com (208.10.194.169): 56 data bytes
64 bytes from 208.10.194.169: icmp_seq=0 ttl=117 time=100.851 ms
64 bytes from 208.10.194.169: icmp_seq=1 ttl=117 time=100.228 ms
^C
--- ftp.hifn.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 100.228/100.540/100.851/0.311 ms
$ ftp ftp.hifn.com
ftp: connect: Connection refused
ftp

Nice :)


I just checked this morning and the server is up again.

jcr


--
Free, Open Source CAD, CAM and EDA Tools
http://www.DesignTools.org

Re: BGP questions

[Jacob Yocom-Piatt]

 Original message 
Date: Fri, 7 Jul 2006 12:54:24 +0200
From: Henning Brauer [EMAIL PROTECTED]  
Subject: Re: BGP questions  
To: misc@openbsd.org

* Peter Philipp [EMAIL PROTECTED] [2006-07-07 08:47]:
  would i need an AS number if this would work?
 
 Yup.  That's not all.  You need at least a /20 (AFAIK) to be able for large
 backbones to even consider routing your advertisement.  But this was heresay
 years ago, I don't know if it still holds.

no.
more than half the table is /24s and /23s.

  (3) the home gateway machine is a PII-350 w/ 64MB ram. is this too slow for
  doing what i have asked about in (1)?
 Dunno.  I suspect you won't be able to load a full BGP table.  BGP is really
 a big boys(tm) protocol not sure if 2 ADSL connection classifies you as that.
 If it did then they would quickly run out of the 16 bit ASN space wouldn't 
 you think?

foremost, running bgp requires your upstreams speaking bgp with you. in 
general, DSL companies don't do that. 


peter, tony and henning,

thx for the info about the scale at which BGP is useful. i now see that the
scale i was considering it isn't useful.

the motivation for asking this is that i'm running an ecommerce website from
work and am interested in having a failover and/or loadbalancing for it in the
event that the power goes out at work, etc. colocating the machine that serves
it is probably the best idea, but i was trying to be cheap and work with what i
already have available (the 2 ADSL connections + old hw).

i think CARPing machines when they're in different public IP blocks won't work,
i.e. x.y.z.w/29 and a.b.c.d/29 cannot have a single address CARPed across
blocks. do tell if i'm wrong on this one since this would work nicely for the
situation i've described.

cheers,
jake

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: BGP questions

[Paul de Weerd]

On Thu, Jul 06, 2006 at 09:02:47PM -0500, Jacob Yocom-Piatt wrote:
| i've started doing some background reading on how BGP works and am adrift in
a
| sea of acronyms. i'm confident that i'll learn how to swim, but there are a
few
| questions that i'd like answers to before i make the time investment to
learn
| more. boolean answers are acceptable, more information wouldn't hurt
though.
|
| (1) i have 2 blocks of 8 static IPs at my disposal, one at home and one at
work,
| and both connections are 3Mb/512Kb ADSL via PPPoE. the upstream traffic at
work
| is beginning to saturate the connection and i would like to share some of
the
| load with the home connection. would BGP allow me to multihome a site
across
| both connections to split the load?
|
| would i need an AS number if this would work?

Generally, BGP is used to serve a set of IP addresses over multiple
links two one location. You have two different sets of IP addresses
and two links to two different locations, this smells like trouble.

| (2) are there any particular online docs that are recommended reading for
BGP?

The RFC (I think it's 1771) is very good, check it out.

| what about books?

Try O'Reilly's book by Iljitsch van Beijnum, BGP (ISBN: 0596002548).

| (3) the home gateway machine is a PII-350 w/ 64MB ram. is this too slow for
| doing what i have asked about in (1)?

Seems to be a bit low on RAM, but for just two /29's it would suffice.
At a pervious company we used to setup BGP over private AS'es to
customers who wanted a failover internet connection. If you don't get
a full feed, but just part of the IP space your provider has allocated
to you, this works very well indeed. You give them your /29's, they
give you a /0. Your machine would be very capable of handling such BGP
sessions and the traffic 2 DSL lines can generate. The good thing is
that you don't need your own (public) ASN and that your /29's will not
be filtered by just about every ISP on the planet. The downside is
that you have to get your IP space from one ISP and this ISP has to
cooperate in your little BGP scheme. This is usually not very easy
with your average consumer ISP.

In your situation, you may be better off using multiple A records in
DNS, one to your office location and the other to your home location.
Note that this does not gracefully failover when one of the two DSL
connections fail for whatever reason. Maybe you can do very evil stuff
with tunneling and bridging and carp and bgp, but that's too
disgusting for me to think about ;)

Cheers,

Paul 'WEiRD' de Weerd

--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: BGP questions

[Joachim Schipper]

On Fri, Jul 07, 2006 at 10:56:11AM -0500, Jacob Yocom-Piatt wrote:
 i think CARPing machines when they're in different public IP blocks
 won't work, i.e. x.y.z.w/29 and a.b.c.d/29 cannot have a single
 address CARPed across blocks. do tell if i'm wrong on this one since
 this would work nicely for the situation i've described.

With enough abuse - some l2tp implementation, or something - CARP can
probably be made to do this. However, it would not change the routing
tables of any upstream hosts, and thus not be very useful.

Joachim

Re: BGP questions

[Peter Philipp]

On Fri, Jul 07, 2006 at 10:56:11AM -0500, Jacob Yocom-Piatt wrote:
 already have available (the 2 ADSL connections + old hw).
 
 i think CARPing machines when they're in different public IP blocks won't 
 work,
 i.e. x.y.z.w/29 and a.b.c.d/29 cannot have a single address CARPed across
 blocks. do tell if i'm wrong on this one since this would work nicely for the
 situation i've described.
 
 cheers,
 jake

I think you can do it with the following:  Get 2 cheap routers that can pass 
3Mb/s, no big functionality needed except that they do ethernet (Cisco 2500's?
they should be cheap by now..), 2 switches for the etherlink between the two
locations (if a direct ethernet link can't be established perhaps use an
OpenBSD bridge with ethernet over gif(4)?) and then the existing routers 
configured with carp.  In ascii it would look like so:


0.0.0.0/0 (cloud)
   |
+--++
|   |
| ADSL 1| ADSL 2
  +---+   +---+
  |   |   CARP|   |
  +---+   +---+
|   |
|   192.168.0.0/24  |
+---{ ethernet (gif) }--+
|   |
|   |
  +---+   +---+
  |   | Cisco 2500|   | Cisco 2500
  +---+   +---+
|   |
|   |

 x.y.z.w/29  a.b.c.d/29


With this setup you can ensure that OUTGOING ip packets make their destination
on a redundant setup, provided the ADSL links do not filter egress traffic,
which they might (worth checking).  For INCOMING traffic to both x.y.z.w/29 and
a.b.c.d/29 to work the upstream ISP must have similar failover on their end to
re-route traffic into the ADSL 2 router if ADSL 1 link is detected as down.
This may be harder to set up, but maybe it is not.

If you're wondering why the RFC1918 address within the switch, don't worry 
about it.  Those IP's aren't expected to talk to anything anyhow they just 
route.  @HOME used to do it years ago, and people bitched but they got over
it. Just filter any packets with a TTL of 1 and noone will know either way,
except that traceroute has a small pause on that hop.

regards,

-peter

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

switch Radio on in order to use iwi0?

[Andreas Burghardt]

Hello everyone,

I want to use my wireless card and everything seems to be well
configured except one thing: how to switch Radio on? I have a Joybook
5200G (Benq) and if I want to switch Radio on by using the keyboard it
isnt working! Perhaps this is a very noob-question ... but its my first
notebook .-)
Is there a way to switch Radio on by using the commandline?

Regards,

Andreas Burghardt

Sizing an IMAP Server on OpenBSD

[Samuel Moñux]

Hi everyone,

I'm planning to deploy a SMTP(Sendmail) and IMAP(Cyrus) server on a
mid-sized organization(~300 remote users, dunno about messages/day),
and since is my first IMAP server (until now we do only POP), I have
some questions about sizing.

First, about hardware requirements. I had tought to use a Dell 1850,
2GB RAM with two controllers: a PERC4e/Si for system + sendmail queue,
and a PERC 4e/DC connected to a PV220s, with 7x300GB (half of
backplane) for imap data (4 or 6 discs in RAID-10 + 1 hot spare) . I
think it should be enough, but it's really? (the hardware it's already
bought, so I really hope so). Any recommendations about stripe size or
raid configuration?, which ami version to use? -stable one? How ami's
performance compares with FreeBSD's amr?

I understand that is advisable to run softupdates on the imap and
/var/spool partitions, and to disable fsck on boot, but what about
increasing buffer cache size? 5% of physical memory seems a bit low
for an I/O intensive app as Cyrus is.

About resource limits of _cyrus user and sysctl values, are there well
known values? Should I increase kern.maxfiles for example? I wouldn't
like to learn it at production time.

Well, this are my questions. May be the hardware is overkill for our
load, but sizing hardware without prior experience it's always a
difficult task, so if  anybody wants to share their experience...

Thanks in advance,

Samuel

Re: BGP questions

[Peter Philipp]

On Fri, Jul 07, 2006 at 06:30:06PM +0200, Peter Philipp wrote:
 I think you can do it with the following:  Get 2 cheap routers that can pass 
 3Mb/s, no big functionality needed except that they do ethernet (Cisco 2500's?
 they should be cheap by now..), 2 switches for the etherlink between the two
 locations (if a direct ethernet link can't be established perhaps use an
 OpenBSD bridge with ethernet over gif(4)?) and then the existing routers 
 configured with carp.  In ascii it would look like so:

You may even do it cheaper than that with a bit of programming and it doesn't
require a purchase of any network gear, however the functionality may not be
there in the tun(4) driver.

Basically what I'm thinking of is the following:  The x.y.z.w/29 and
a.b.c.d/29 interfaces have a rdr pf rule that redirects everything inbound 
into a daemon that runs a tun(4) interface in layer 3 mode, this daemon 
writes the incoming packets out another tun(4) interface that is in layer 2 
mode which is also bridged within a set of ethernet interfaces (192.168.0.0/24)
that also have CARP devices on each end.  This is where I'm unsure if this is 
functional, (bridging a layer 2 tun(4) device), anyhow the MAC address that 
it writes to is the CARP virtual Address (or you could implement rudimentary
ARP into the daemon as well) and you should have failover as long as the 
firewalls themselves don't fail.  Required on each firewall is 4 ethernet 
interfaces and the tun(4) userland daemon.  You should see some overhead 
with this due to copying the packets into userland and then back to kernel 
via the tun(4) interfaces.

Gee I'm feeling really creative today.  Let the imagination flow.

-peter

--
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: BGP questions

[Spruell, Darren-Perot]

From: [EMAIL PROTECTED] 
 | (2) are there any particular online docs that are 
 recommended reading for
 BGP?
 
 The RFC (I think it's 1771) is very good, check it out.

Superseded by RFC4271. I also found
http://www.iana.org/assignments/bgp-parameters to be a good reference, with
other related RFCs indicated there.

DS

Re: Sizing an IMAP Server on OpenBSD

[Bob Beck]

IF you're only talking about around 300 users, you've probably not
got to worry about these questions - what you have will work very well
for what you are proposing, likely without any tweaks. 

-Bob


* Samuel Moqux [EMAIL PROTECTED] [2006-07-07 10:56]:
 Hi everyone,
 
 I'm planning to deploy a SMTP(Sendmail) and IMAP(Cyrus) server on a
 mid-sized organization(~300 remote users, dunno about messages/day),
 and since is my first IMAP server (until now we do only POP), I have
 some questions about sizing.
 
 First, about hardware requirements. I had tought to use a Dell 1850,
 2GB RAM with two controllers: a PERC4e/Si for system + sendmail queue,
 and a PERC 4e/DC connected to a PV220s, with 7x300GB (half of
 backplane) for imap data (4 or 6 discs in RAID-10 + 1 hot spare) . I
 think it should be enough, but it's really? (the hardware it's already
 bought, so I really hope so). Any recommendations about stripe size or
 raid configuration?, which ami version to use? -stable one? How ami's
 performance compares with FreeBSD's amr?
 
 I understand that is advisable to run softupdates on the imap and
 /var/spool partitions, and to disable fsck on boot, but what about
 increasing buffer cache size? 5% of physical memory seems a bit low
 for an I/O intensive app as Cyrus is.
 
 About resource limits of _cyrus user and sysctl values, are there well
 known values? Should I increase kern.maxfiles for example? I wouldn't
 like to learn it at production time.
 
 Well, this are my questions. May be the hardware is overkill for our
 load, but sizing hardware without prior experience it's always a
 difficult task, so if  anybody wants to share their experience...
 
 Thanks in advance,
 
 Samuel
 

-- 
| | | The ASCII Fork Campaign
 \|/   against gratuitous use of threads.
  |

Re: Sizing an IMAP Server on OpenBSD

[Timo Schoeler]

thus Bob Beck spake:

IF you're only talking about around 300 users, you've probably not
got to worry about these questions - what you have will work very well
for what you are proposing, likely without any tweaks. 


-Bob


* Samuel Moqux [EMAIL PROTECTED] [2006-07-07 10:56]:

Hi everyone,

I'm planning to deploy a SMTP(Sendmail) and IMAP(Cyrus) server on a
mid-sized organization(~300 remote users, dunno about messages/day),
and since is my first IMAP server (until now we do only POP), I have
some questions about sizing.

First, about hardware requirements. I had tought to use a Dell 1850,
2GB RAM with two controllers: a PERC4e/Si for system + sendmail queue,
and a PERC 4e/DC connected to a PV220s, with 7x300GB (half of
backplane) for imap data (4 or 6 discs in RAID-10 + 1 hot spare) . I
think it should be enough, but it's really? (the hardware it's already
bought, so I really hope so). Any recommendations about stripe size or
raid configuration?, which ami version to use? -stable one? How ami's
performance compares with FreeBSD's amr?

I understand that is advisable to run softupdates on the imap and
/var/spool partitions, and to disable fsck on boot, but what about
increasing buffer cache size? 5% of physical memory seems a bit low
for an I/O intensive app as Cyrus is.

About resource limits of _cyrus user and sysctl values, are there well
known values? Should I increase kern.maxfiles for example? I wouldn't
like to learn it at production time.

Well, this are my questions. May be the hardware is overkill for our
load, but sizing hardware without prior experience it's always a
difficult task, so if  anybody wants to share their experience...

Thanks in advance,

Samuel


hm, two years ago i had to migrate a 20 user advertising company (not 
very small mails ;) from 'exchange' to cyrus. because of weird 
circumstances, i had to use a temporary setup for about two months. this 
was an Amiga 1200 with 68040 turbo board, external SCSI HD, and 256MByte 
RAM running Cyrus 2.2.x, Postfix 2.x, clamav and amavisd-new on NetBSD. 
that's a really true story :) without amavisd-new, even less memory 
would have been sufficient ;)


timo

Re: Sizing an IMAP Server on OpenBSD

[Lyndon Nerenberg]

First, about hardware requirements.


What you're proposing is absolute overkill for such a small client load. 
You won't need to upgrade the hardware :-)



About resource limits of _cyrus user and sysctl values, are there well
known values? Should I increase kern.maxfiles for example? I wouldn't
like to learn it at production time.


Again, given the minimal load from IMAP, the out of the box defaults will 
do just fine.



Well, this are my questions. May be the hardware is overkill for our
load, but sizing hardware without prior experience it's always a
difficult task, so if  anybody wants to share their experience...


Cyrus has a very small CPU and memory footprint.  All you need to ensure 
is that you have enough I/O bandwidth from the disk, through the imapd 
process, and out the network interface.  From what you're describing, you 
have nothing to worry about.


Sendmail can want memory when delivering messages with large numbers of 
recipients (e.g. mailing list expansion), but again, it's doubtful your 
load will even begin to stress the hardware.


--lyndon

Re: switch Radio on in order to use iwi0?

[Joachim Schipper]

On Fri, Jul 07, 2006 at 06:32:57PM +0200, Andreas Burghardt wrote:
 Hello everyone,
 
 I want to use my wireless card and everything seems to be well
 configured except one thing: how to switch Radio on? I have a Joybook
 5200G (Benq) and if I want to switch Radio on by using the keyboard it
 isnt working! Perhaps this is a very noob-question ... but its my first
 notebook .-)
 Is there a way to switch Radio on by using the commandline?

If you are referring to WiFi, typically this is done by ifconfig(8).

If you aren't, or the above (or any of the likely other answers) was not
the answer you were looking for, feel free to post again; apparently,
I/nobody understood what you meant...

Joachim

Re: BGP questions

[Stuart Henderson]

On 2006/07/07 10:56, Jacob Yocom-Piatt wrote:
 the motivation for asking this is that i'm running an ecommerce website from
 work and am interested in having a failover and/or loadbalancing for it in the
 event that the power goes out at work, etc. colocating the machine that serves
 it is probably the best idea, but i was trying to be cheap and work with what 
 i
 already have available (the 2 ADSL connections + old hw).

Colo sounds simpler. If you want to loadbalance/failover incoming
connections over dual ADSL, you'll either need ISP support, or your
own colo'd machine and run tunnels.

If you _just_ want more bandwidth up, and don't care about the
resilience, you might get away with two ADSLs and sending packets out
both (probably using route-to in pf.conf; this does not involve natting
and assumes the ISP doesn't ingress-filter too carefully: you'll
probably find that most don't - and needs you to work out a way to
split the outgoing traffic up). Probably not what you want for a
high-reliability setup...

Re: switch Radio on in order to use iwi0?

[Bryan Brake]

Andreas Burghardt wrote:

Hello everyone,

I want to use my wireless card and everything seems to be well
configured except one thing: how to switch Radio on? I have a Joybook
5200G (Benq) and if I want to switch Radio on by using the keyboard it
isnt working! Perhaps this is a very noob-question ... but its my first
notebook .-)
Is there a way to switch Radio on by using the commandline?


hint: man ifconfig(8)

Re: hints for scanning msdosfs patters?

[Giancarlo Razzolini]

vladas wrote:

 Thank you for all these good ideas.
 I will check them out.

 vladas


Foremost might help too. It find for file headers/footers. Don't know if
it will help on a very fragmented FAT, but it worked for me on an ext3
partition, where i deleted some files. The only problem is that it does
not recover the name of the file (not much a problem), and it find a lot
of duplicate files. Many of them are parts of the other and/or
vice-versa. I've used a tool called fdupes, that checks for size, md5
and other things to find duplicates, them delete one (or more) of the
duplicated files, leaving just one of them.

My 2 cents,
--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: tutorial for securing wifi networks with ipsec and openbsd, somewhere?

[Diana Eichert]

 For those who are interested and have wifi windows xp clients.
 
 Recently I came across a tool called smartvpn dial-up connection
 management from draytek. It is a freeware (ipsec) client that makes it
 very simple to configure ipsec on windows 2k/xp. You will not have to
 use mmc + ipsec policy editor or ipseccmd.exe.
 
 It is available here:
 http://217.160.102.141/data/RouterTools/win/SmartVPN/SMARTVPN09_05.zip

I just tried to get this file and ooops, it didn't work.

Error 404: Datei nicht gefunden!

Das angegebene Dokument konnte auf diesem Server leider nicht gefunden
werden.

I did find a version of the DrayTek SmartVPN client on the company FTP
site here, ftp://ftp.draytek.com/tools/VPN/3.2.5/VPN.zip

Is this the same one?

diana

Re: BGP questions

[Karsten McMinn]

On 7/7/06, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote:

the motivation for asking this is that i'm running an ecommerce website from
work and am interested in having a failover and/or loadbalancing for it in the
event that the power goes out at work, etc. colocating the machine that serves
it is probably the best idea, but i was trying to be cheap and work with what i
already have available (the 2 ADSL connections + old hw).


save yourself the grief and just get 2 dsls at one location. If you are
fortunate you'll be able to convince your isp to add a backup route
for your /29 on your second dsl in case the first goes, or maybe
even get rudimentary bgp/ospf load balancing on the two.

bash-static on OpenBSD 3.9

[Daniel A. Ramaley]

If anyone has been lamenting the loss of the bash-static package, this 
evening i took the time to figure out how to create something that 
works just as well. I peeked in the Makefile for bash on an older 
version of OpenBSD to see how the static version differs. The 
difference is when compiling bash the CONFIGURE_ENV variable needs to 
be set. The full steps i used to build a bash-static package were:

First install the ports tarball from the install CD. You will also need 
to have the compilers install set installed (it is by default). Then:
# cd /usr/ports/shells/bash
# make print-build-depends
This will print a list of dependencies. Install them from packages. You 
could also compile them from ports, but why when other people have 
already done the excellent work of providing the packages?
# export CONFIGURE_ENV=LDFLAGS=-static
# make package
That's it! The new bash package will be in /usr/ports/packages/i386/all 
(of course, i386 will be different for other platforms). It won't 
have -static in the name, but you can always rename the file before 
installing on other systems if you really want.
-- 

Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

Re: Chrooted sftp-server and /dev/null

[Joshua Sandbrook]

On Friday 23 June 2006 22:24, Joachim Schipper wrote:

 You could set up a named pipe (mkfifo(1)), and have a process
 continually drain it (cat /home/john/dev/null /dev/null ); however,
 while this would work for the most likely use (writing to /dev/null), it
 wouldn't allow for reading.
 I'm not sure if sftp-server ever reads from /dev/null, but it is not
 impossible. Strange errors will occur if this is the case.



Im thinking it might just be easier to make a copy of the /dev/null device, 
but i need to investigate and test this... 

 Yes, make sure you also set real uid. A small part of
 /usr/src/usr.sbin/tcpdump/privsep.c:

 /* Child - drop suid privileges */
 gid = getgid();
 uid = getuid();

 if (setresgid(gid, gid, gid) == -1)
 err(1, setresgid() failed);
 if (setresuid(uid, uid, uid) == -1)
 err(1, setresuid() failed);

 Do note that this is only necessary if the shell is suid and/or sgid;
 however, normal users don't have the rights to call chroot(2), so these
 additional priviliges are necessary.

 Also, you are aware that you perform chroot(), setresuid() and
 setresgid(), and only then execve()? This means that you'll need some
 binaries in the home directories...

 So, be aware that deleting a file or directory requires write priviliges
 on the parent directory; i.e., john can replace
 /home/john/bin/sftp-server by an arbitrary binary if john has write
 priviliges on his home directory, hence my suggestion to use /home
 (which is typically only writable by root) above.
 (An alternate solution is to make /home/john owned by root, group john,
 and with priviliges 0750; this would break too many things to be
 feasible if shells are allowed, but just might work if only considering
 sftp.)

 Finally, be aware of the many other options sshd allows, like various
 ways of tunneling. For the same reason as above, those cannot be
 disabled in /home/john/.ssh/authorized_keys only (disabling them there
 works iff the user cannot mess with this file, which is clearly not the
 case if the user has access to sftp). Either disable them sshd-wide or
 set AuthorizedKeysFile (see sshd_config(5)) to something like
 /home/.keys/%u/authorized_keys.
 Note that running any number of ssh daemons in parallel works just fine,
 subject to some caveats (they can, of course, not listen on the same
 ports on the same interfaces; they are quite CPU intensive; and random
 number quality may degrade if the pool is drained sufficiently fast).

   Joachim

I am going to write another program which is used to setup, check, and update 
the chroot environments with the right files and permissions. Im going to 
have it chown the home dirs to root/wheel, and there will only be a single 
writeable dir owned by the user ( which will contain their website files for 
example ).

Here is a copy of the code ive got so far... its by no means finished, or 
formatted in the proper way, or even checked over properly again:




#include stdio.h
#include stdlib.h
#include errno.h
#include string.h
#include syslog.h
#include stdarg.h
#include unistd.h
#include fcntl.h
#include sys/types.h
#include sys/wait.h
#include pwd.h

char home_dir[1024];
int argc;
char **argv;


void print_arguments(void);
void check_arguments(void);
void check_user(void);
char * find_end_part(char *buff);
void setup_env(void);

int
main(int _argc, char **_argv) {
char *exec_args[2];

argc = _argc;
argv = _argv;

openlog(jshell, LOG_PID | LOG_NDELAY, LOG_AUTH);

check_arguments();
check_user();

if (chroot(home_dir) != 0 || chdir(/) != 0) {
syslog(LOG_ERR, chroot(%s) failed: %s, home_dir, strerror(errno));
return 1;
}

/* drop privledges */
if (seteuid(getuid()) != 0 || setuid(getuid()) != 0) {
syslog(LOG_ERR, setuid(%d) failed: %s, getuid(), strerror(errno));
return 1;
}

exec_args[1] = NULL;
exec_args[0] = find_end_part(argv[2]);
execve(argv[2], exec_args, NULL);
syslog(LOG_ERR, execve failed);

return 1;
}

/* print arguments to syslog */
void
print_arguments(void) {
int x;
for (x = 0; x  argc; x++) {
syslog(LOG_ERR, %d arg is '%s', x, argv[x]);
}
}

/* 
 *  for now we only allow -c /usr/libexec/sftp-server as an argument 
 */
void
check_arguments(void) {

/* compare second argument ( should be -c ) */
if (argc != 3 || strcmp(-c, argv[1]) != 0) {
syslog(LOG_ERR, invalid arguments\n);
print_arguments();
exit(1);
}

/* compare third argument */
if (strcmp(/usr/libexec/sftp-server, argv[2]) != 0) {
syslog(LOG_ERR, invalid arguments\n);
print_arguments();
exit(1);
}

}

/* 
 * check the user has some sane permissions and settings 
 * and what not on their home dir.
 */
void
check_user(void) {

struct passwd *pw = NULL;

/*
 * do we bother checking for a root login? 
 * why would root be