Unable to build jdk-1.4.2p7 on OpenBSD/i386 3.9-GENERIC
Hi misc, I can't build jdk-1.4.2p7 on my openbsd box (3.9 running in MS-VirtualServer)... Can somebody help ? jdk-1.3.1p6, jre-1.3.1p6 and jdk-linux-1.3.1_16 succeeded. Here's the logs : ===portslogger=== +++ Mon Sep 4 03:38:57 MDT 2006 === Building for jdk-1.4.2p7 *** WARNING: you may see an error such as *** virtual memory exhausted *** when building this package. If you do you must increase *** your limits. See the man page for your shell and look *** for the 'limit' or 'ulimit' command. You may also want to *** see the login.conf(5) manual page. *** Some examples are: *** csh(1) and tcsh(1): limit datasize kbytes of memory *** ksh(1), zsh(1) and bash(1): ulimit -d kbytes of memory kern.emul.linux: 1 - 1 bsd i586 1.4.2-p7 build started: 06-09-04 03:38 if [ -r ./../../deploy/make/Makefile ]; then \ ( cd ./../../deploy/make; gmake sanity EXTERNALSANITYCONTROL=true CONTROL_TOPDIR=/usr/obj/ports/jdk-1.4.2p7/control CONTROL_TOPDIR_NAME=control ALT_OUTPUTD IR=/usr/obj/ports/jdk-1.4.2p7/control/build/bsd-i586 ARCH_DATA_MODEL=32 MILESTONE=p7 BUILD_NUMBER=_04_sep_2006_03_38 ALT_JAVAWS_BOOTDIR=/usr/obj/ports/jdk-1. 4.2p7/control/build/bsd-i586 ; ); \ fi Abort trap (core dumped) Abort trap (core dumped) gmake[1]: Entering directory `/usr/obj/ports/jdk-1.4.2p7/deploy/make' gmake[1]: Leaving directory `/usr/obj/ports/jdk-1.4.2p7/deploy/make' gmake[1]: Entering directory `/usr/obj/ports/jdk-1.4.2p7/j2se/make' gmake[1]: Leaving directory `/usr/obj/ports/jdk-1.4.2p7/j2se/make' Build Machine Information: build machine = Build Directory Structure: CWD = /usr/obj/ports/jdk-1.4.2p7/control/make TOPDIR = ./../.. CONTROL_TOPDIR = ./../../control GENERICS_TOPDIR = ./../../generics HOTSPOT_TOPDIR = ./../../hotspot J2SE_TOPDIR = ./../../j2se MOTIF_TOPDIR = ./../../motif Hotspot Settings: HOTSPOT_BUILD_JOBS = Bootstrap Settings: JAVAWS_BOOTDIR = /usr/obj/ports/jdk-1.4.2p7/control/build/bsd-i586 BOOTSTRAP J2SDK VERSION: OUTPUTDIR = /usr/obj/ports/jdk-1.4.2p7/control/build/bsd-i586 Build Tool Settings: UNIXCOMMAND_PATH = /bin/ COMPILER_PATH = /usr/bin/ DEVTOOLS_PATH = /usr/local/bin/ USRBIN_PATH = /usr/bin/ GCC32_COMPILER_PATH = /java/devtools/bsd/gcc3.2/ MOZILLA_PATH = MOZILLA_HEADERS_PATH = MOZILLA_LIBS_PATH = CC_VER = 3.3.5 PATH = /usr/obj/ports/jdk-1.4.2p7/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/bin:/usr/X11R6/bin Build Directives: PEDANTIC = INSANE = Build Platform Settings: PLATFORM = bsd ARCH = i586 LIBARCH = i386 ARCH_FAMILY = i586 ARCH_DATA_MODEL = 32 OS_VERSION = 3.9 FREE_SPACE = 1996732 GNU Make Settings: MAKE = gmake MAKE VERSION = MAKECMDGOALS = sanity MAKEFLAGS = w -- ALT_JAVAWS_BOOTDIR=/usr/obj/ports/jdk-1.4.2p7/control/build/bsd-i586 BUILD_NUMBER=_04_sep_2006_03_38 MILESTONE=p7 ARCH_DATA_MODEL=32 ALT_O UTPUTDIR=/usr/obj/ports/jdk-1.4.2p7/control/build/bsd-i586 CONTROL_TOPDIR_NAME=control CONTROL_TOPDIR=/usr/obj/ports/jdk-1.4.2p7/control EXTERNALSANITYCONTROL =true SHELL = /bin/sh Target Build Versions: JAVAWS_VERSION = 1.4.2 MILESTONE = p7 BUILD_NUMBER = _04_sep_2006_03_38 Bootstrap Settings: BOOTDIR = /usr/obj/ports/jdk-1.4.2p7 BOOTSTRAP J2SDK VERSION: 1.4.2 OUTPUTDIR = /usr/obj/ports/jdk-1.4.2p7/control/build/bsd-i586 Build Tool Settings: UNIXCOMMAND_PATH = /bin/ COMPILER_PATH = /usr/bin/ DEVTOOLS_PATH = /usr/local/bin/ USRBIN_PATH = /usr/bin/ MOTIF_DIR = /usr/local CC_VER = 3.3.5 ZIP_VER = 2.3 PATH = /usr/obj/ports/jdk-1.4.2p7/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/bin:/usr/X11R6/bin Build Directives: USE_ONLY_BOOTDIR_TOOLS = USE_HOTSPOT_INTERPRETER_MODE = PEDANTIC = DEV_ONLY = YES J2RE_ONLY = NO_DOCS = NO_IMAGES = TOOLS_ONLY = true INSANE = Build Platform Settings: PLATFORM = bsd ARCH = i586 LIBARCH = i386 ARCH_FAMILY = i586 ARCH_DATA_MODEL = 32 OS_VERSION = 3.9 FREE_SPACE = 1969766 GNU Make Settings: MAKE = gmake MAKE VERSION = MAKECMDGOALS = sanity MAKEFLAGS = SHELL = /bin/sh Target Build Versions: JDK_VERSION = 1.4.2 MILESTONE = p7 BUILD_NUMBER = _04_sep_2006_03_38 External File/Binary Locations: HOTSPOT_SERVER_PATH = /usr/obj/ports/jdk-1.4.2p7/control/build/bsd-i586/hotspot-i586/server HOTSPOT_CLIENT_PATH = /usr/obj/ports/jdk-1.4.2p7/control/build/bsd-i586/hotspot-i586/client MOTIF_DIR = /usr/local CACERTS_FILE = ./../src/share/lib/security/cacerts WARNING: Your build environment has the variable DEV_ONLY defined. This will result in a development-only build of the J2SE workspace, lacking the documentation build and installation bundles. ERROR: Your JAVAWS_BOOTDIR environment variable does not point to a valid Java 2 SDK for bootstrapping this build. A Java 2 SDK 1.4 build must be bootstrapped using J2SDK 1.4.0 fcs (or later). Apparently, your bootstrap JDK is version Please update your ALT_JAVAWS_BOOTDIR setting
Re: Missing section in FAQ - 6 Networking ?
2006/9/3, Nick Holland [EMAIL PROTECTED]: Bruno Carnazzi wrote: Hi misc, There is a numbering problem or a missing section in FAQ - 6 Networking : http://www.openbsd.org/faq/faq6.html#6.8 Not quite sure how that's a problem. Things get added and removed. I have an aversion to renumbering articles excessively... Even though one of the early things I did in the FAQ was breaking the tie between section numbers and links, I still tend to think of articles by the section number...as apparently you do, as well. I really hate the situation where I feel a new article should go in the middle of a page with a related article, but there's no hole in the numbering. So, I either have to renumber a bunch of things (ick) or stick it at the end (ick). For that reason, I am reluctant, probably too reluctant, to renumber pages after the deletion of an article. btw: if you think that's a problem, the proper technique is to assume the mistake was made more than once and look for similar numbering incongruities (there's at least one other much more annoying gap), look at the CVS logs and see if you can figure out WHY things are as they are, figure out how things should be done better, and submit a patch. :) In this case, things are as I sort-of intend them to be, though I have been thinking about closing things up (and deleting/relocating more articles, so it isn't quit that simple yet). Nick. You convinced me that it's not a problem. There are *lots* of better things to do and renumbering can introduce new broken links, take lots of time and don't provide very usefull things... Best regards, Bruno.
5.1 sound card support in OpenBSD
Hi misc, I can't find informations on 5.1 sound card support in OpenBSD. I know OpenBSD sound system relies on SunAudio, but I'm not aware of its capabilities. Best regards, Bruno.
Re: IPsec Configuration Questions
Hans-Joerg Hoexer wrote:
what ipsec software is running on the clients? What does your
ipsec.conf on the firewall look like?
On Sat, Sep 02, 2006 at 04:01:51PM -0400, Axton Grams wrote:
Hoping someone can point me in the right direction to get isakmpd working.
The scenario:
- the router drops all traffic directed to it from the dmz net
- the router drops all traffic destined for the lan from the dmz
- the router drops all traffic destined for the dmz from the lan
- vlan1 (dmz) has linux hosts
- vlan2 (lan) has windows and linux hosts, for the purpose of this
exercise, I am using a windows host
The goals:
- create a way by which hosts in the lan can connect to the dmz network
using ipsec/isakmpd
- starting off with simple auth, shared secret passphrase
Some background Info:
My network is as follows:
(trunking is next on my list, but for now, I have separate interfaces on
the router for each vlan)
|
Internet (dynamic ip)
|1.1.1.2
++
| router/fw/isakmpd|
++
10.180.16.1 | |10.107.208.1
dmz | | lan
++ ++
| |
+-+
| switch|
| vlan1 | vlan2 |
+-+
||
||
+---+ +---+
| www server| | workstation 1 +
| 10.180.16.250 | | 10.107.208.20 +
+---+ +---+
- OpenBSD Router:
- relevant ifconfig
** internet
hme0:
flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
lladdr xxx
groups: egress
media: Ethernet 100baseTX full-duplex
status: active
inet6 xxx%hme0 prefixlen 64 scopeid 0x2
inet 1.1.1.2 netmask 0xe000 broadcast 1.1.1.255
** lan
hme1:
flags=8363UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,MULTICAST
mtu 1500
lladdr 08:00:20:ca:7d:c5
media: Ethernet 100baseTX
status: active
inet 10.107.208.1 netmask 0xff00 broadcast 10.107.208.255
inet6 fe80::a00:20ff:feca:7dc5%hme1 prefixlen 64 scopeid 0x3
** dmz
hme2:
flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
lladdr 08:00:20:ca:7d:c6
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.180.16.1 netmask 0xff00 broadcast 10.180.16.255
inet6 fe80::a00:20ff:feca:7dc6%hme2 prefixlen 64 scopeid 0x4
I see the SA established on both machines when I generate traffic from
the lan machine to the dmz machine:
# ipsecctl -s all
FLOWS:
flow esp in from 10.107.208.20 to 10.180.0.0/16 peer 10.107.208.20
flow esp out from 10.180.0.0/16 to 10.107.208.20 peer 10.107.208.20
SADB:
esp tunnel from 10.107.208.1 to 10.107.208.20 spi 0x6a1e4b88 enc
3des-cbc auth hmac-sha1
esp tunnel from 10.107.208.20 to 10.107.208.1 spi 0x2f9e0f0b enc
3des-cbc auth hmac-sha1
C:\Program Files\Support Toolsipseccmd show sas
Main Mode SAs
--
Main Mode SA #1:
From 10.107.208.20
To 10.107.208.1
Policy Id : {F692F46D-7E01-4929-9DA3-AAEFD79B7A97}
Offer Used :
3DES SHA1 DH Group 2
Quickmode limit : 0, Lifetime 0Kbytes/28800seconds
Auth Used : Preshared Key
Initiator cookie 4d9a6c5aa8ea5bf1
Responder cookie ef0f72aba9f15fc8
Source UDP Encap port : 500 Dest UDP Encap port: 500
Quick Mode SAs
--
Quick Mode SA #1:
Filter Id : {22A8F939-89C3-4978-9F9A-BEA0B46B4163}
Tunnel Filter
From 10.107.208.20
To subnet 10.180.0.0 mask 255.255.0.0
Protocol : 0 Src Port : 0 Des Port : 0
Direction : Outbound
Tunnel From 10.107.208.20
Tunnel To 10.107.208.1
Policy Id : {F7161316-2A79-495C-8FB8-DC7662246113}
Offer Used :
Algo #1 : Encryption 3DES SHA1 (24bytes/0rounds)
(20secbytes/0secrounds)
MySpi 1780370312 PeerSpi 798887691
PFS : False, Lifetime 10Kbytes/3600seconds
Initiator cookie 4d9a6c5aa8ea5bf1
Responder cookie ef0f72aba9f15fc8
The command completed successfully.
The ipsec settings are configured using the following:
ipseccmd.exe -u
ipseccmd.exe -f 0=10.180.16.0/255.255.255.0 -n ESP[3DES,SHA] -t
10.107.208.1 -a PRESHARE:sharedsecret -1s 3DES-SHA-2
ipseccmd.exe -f 10.180.16.0/255.255.255.0=0 -n ESP[3DES,SHA] -t
10.107.208.20 -a PRESHARE:sharedsecret -1s 3DES-SHA-2
For some reason though, traffic from the lan machine to the dmz machine
is going into a black hole. pflog0 shows no dropped packets, nothing
odd in messages.
C:\WINDOWSping 10.180.16.250
Pinging 10.180.16.250 with 32 bytes of data:
Negotiating IP Security.
Request timed out.
Request timed out.
Request timed out.
These are the stats from the client side. You can see the outgoing
traffic,
Re: OT: Amarok Sound Device
On 03/09/06, micke [EMAIL PROTECTED] wrote: But if you want to use specified audio device only for amarok xine engine you can do that by changing the line: audio.device.sun_audio_device:/dev/audio1 in the config file: $HOME/.kde/share/apps/amarok/xine-config Great! Thanks for your replies guys. Best Regards Edd
openbsd 3.8 firewall panic
Hello all, I have a bit of a problem here, which I figured you might be able to shed some light on. Setup: 2 x obsd 3.8 (+patches) machines running pf/pfsync/carp/ftp-proxy. Using 4 carp interfaces per machine, plus an if for pfsync. Hardware used is a couple of ibm x306, each with an intel quad-gigabit nic and two onboard intel gigabit nics. During my vacation the primary firewall panic'ed, and for some reason the secondary fw didn't take over, the crasched firewall was rebooted and seemed to work ok. My coworker did a bit of research on the cause of the problem, and decided to try and increase maxclusters ( kern.maxclusters: 6144 - 15000). ~3 days later the primary firewall deciced to take another break, but this time around the secondary took over ok. Now, about 7 weeks later, the primary panic'ed again (secondary taking over ok), attached below is some output from ddb and boot, (I couldn't find anything relevant in the logfiles) Any hints/comments/etc on this is most welcome. regards, /Anders OpenBSD/i386 (fw0-host.my.domain) (ttyC0) login: panic: pool_get(mclpl): free list modified: magic=19beab21; page 0xd698d0 00; item addr 0xd698d000 Stopped at Debugger+0x4: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb ps PIDPPIDPGRPUUIDSFLAGSWAITCOMMAND 2552016911255207130x4184selectftp-proxy 1035216911103527130x4184selectftp-proxy 64321691164327130x4184selectftp-proxy 2101023754237537330x184pollsyslogd 23754123754030x84netiosyslogd 1706616911170667130x4184selectftp-proxy 1434716911143477130x4184selectftp-proxy 1541616911154167130x4184selectftp-proxy 180611806030x4086ttyingetty 25071125071030x40184selectsendmail 31017131017030x4086ttyingetty 18299118299030x4086ttyingetty 348013480030x4086ttyingetty 23739123739030x4086ttyingetty 8051805030x84selectcron 25276125276030x84selectsshd 16911116911030x184selectinetd 12567842484248330x184pollntpd 842418424030x84pollntpd 2166327056270567430x184bpfpflogd 27056127056030x84netiopflogd 1300030x100204 crypto_wa crypto 1200030x100204 aiodoned aiodoned 1100030x100204 syncerupdate 1000030x100204 cleaner cleaner 900030x100204 reaperreaper 800030x100204 pgdaemon pagedaemon 700030x100204 pftmpfpurge 600030x100204 usbevtusb2 500030x100204 usbevtusb1 400030x100204 usbtskusbtask 300030x100204 usbevtusb0 200030x100204 kmalloc kmthread 101030x4084waitinit 0-10030x80204scheduler swapper ddb trace Debugger(5e000, 14000201,6820285e,d698d000,d05d27c0) at Debugger+0x4 panic(d04f6c40,d04f8c09,19beab21,d698d000,d698d000) at panic+0x63 pool_get(d05d27c0,0,d06f1dcc,d0254fcf,d0f67830) at pool_get+0x315 em_get_buf(23,d0f67800,0,d10505ee) at em_get_buf+0x176 em_process_receive_interrupts(d0f67800,fff8,d0101f50,4,d06f1e44) at em_proc ess_receive_interrupts+0x23a em_intr(d0f67800) at em_intr+0x93 Xrecurse_legacy11() at Xrecurse_legacy11+0x8a --- interrupt --- apm_cpu_idle(b0,d05ccec0,d05ccd40,7fff,d021ae67) at apm_cpu_idle+0x42 idle_loop(80058,10,0,0,8000) at idle_loop+0x5 bpendtsleep(d05ccd40,4,d050e4b1,0,0,d0307c16,8,286) at bpendtsleep uvm_scheduler(d05ccd3c,3,0,d04c7492,1ff7) at uvm_scheduler+0x6b check_console(0,0,0,0,0) at check_console ddb boot dump panic: pool_get(mclpl): free list modified: magic=19beab21; page 0xd698d000; ite m addr 0xd698d000 Stopped at Debugger+0x4:leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb Using drive 0, partition 3. Loading... probing: pc0 com0 mem[622K 510M a20=on] disk: fd hd0+ hd1+ OpenBSD/i386 BOOT 2.10 boot booting hd0a:/bsd: 4804448+939504 [52+247296+228813]=0x5eeac8 entry point at 0x100120 [ using 476536 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights
Re: network cards - which one is the best ;
On 2006-09-03T23:16, Bill Marquette wrote: On 9/3/06, Ted Unangst [EMAIL PROTECTED] wrote: On 9/3/06, Sylwester S. Biernacki [EMAIL PROTECTED] wrote: I use Intel cards for several years and was happy of them almost all the time. However, after I've read about them at this list usenet for the last few months I had to stand up and throw away all of them. Theo wrote about em driver in OpenBSD and bad vendor design of Intel NICs in general. Exactly the opposite I have used Intel server cards with ~320Mbps traffic (max of old PCI board ;P) and everything worked as it should. if they work great for you, why do you care? Other than Intel, is anyone else making quad port gig cards? I'm always open to playing with other hardware (and am hitting some amount of limitations with my current hardware setup anyway) but haven't run across any decent quad cards lately. Silicom makes em-based quad/six port cards. http://www.silicom.co.il/ hth, Marcus.
Re: network cards - which one is the best ;
thus Marcus Popp spake: On 2006-09-03T23:16, Bill Marquette wrote: On 9/3/06, Ted Unangst [EMAIL PROTECTED] wrote: On 9/3/06, Sylwester S. Biernacki [EMAIL PROTECTED] wrote: I use Intel cards for several years and was happy of them almost all the time. However, after I've read about them at this list usenet for the last few months I had to stand up and throw away all of them. Theo wrote about em driver in OpenBSD and bad vendor design of Intel NICs in general. Exactly the opposite I have used Intel server cards with ~320Mbps traffic (max of old PCI board ;P) and everything worked as it should. if they work great for you, why do you care? Other than Intel, is anyone else making quad port gig cards? I'm always open to playing with other hardware (and am hitting some amount of limitations with my current hardware setup anyway) but haven't run across any decent quad cards lately. Silicom makes em-based quad/six port cards. http://www.silicom.co.il/ hth, Marcus. hm, the cards are based on Broadcom 5714 -- what about their crappiness? timo
followup: Re: network cards - which one is the best ;
thus Marcus Popp spake: On 2006-09-03T23:16, Bill Marquette wrote: On 9/3/06, Ted Unangst [EMAIL PROTECTED] wrote: On 9/3/06, Sylwester S. Biernacki [EMAIL PROTECTED] wrote: I use Intel cards for several years and was happy of them almost all the time. However, after I've read about them at this list usenet for the last few months I had to stand up and throw away all of them. Theo wrote about em driver in OpenBSD and bad vendor design of Intel NICs in general. Exactly the opposite I have used Intel server cards with ~320Mbps traffic (max of old PCI board ;P) and everything worked as it should. if they work great for you, why do you care? Other than Intel, is anyone else making quad port gig cards? I'm always open to playing with other hardware (and am hitting some amount of limitations with my current hardware setup anyway) but haven't run across any decent quad cards lately. Silicom makes em-based quad/six port cards. http://www.silicom.co.il/ hth, Marcus. hm, the cards are based on Broadcom 5714 -- what about their crappiness? timo they also have intel-based cards ;) timo
Re: Fuzzy patching broken?
On Mon, 4 Sep 2006, viq wrote: As for reporting, you already did. ;-) Well, no, I didn't submit an 'official' PR ;) I did, as a reminder to myself (or any other volunteer who wants to attack this). It's PR 5129, containing a file and a diff to reproduce the problem. Thanks for paying attention and reporting this. -Otto
Re: openbsd 3.8 firewall panic
On 2006/09/04 10:32, anders winckler wrote: 2 x obsd 3.8 (+patches) machines running pf/pfsync/carp/ftp-proxy. See http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_em.c - note where OPENBSD_3_8 is in the page. Try a snapshot, plenty has changed. My coworker did a bit of research on the cause of the problem, and decided to try and increase maxclusters (kern.maxclusters: 6144 - 15000). netstat -m will tell you if this is needed. [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC No point adding unnecessary variables to the equation, just use openbsd.org binaries.
Re: Fuzzy patching broken?
On 9/4/06, Otto Moerbeek [EMAIL PROTECTED] wrote: On Mon, 4 Sep 2006, viq wrote: As for reporting, you already did. ;-) Well, no, I didn't submit an 'official' PR ;) I did, as a reminder to myself (or any other volunteer who wants to attack this). It's PR 5129, containing a file and a diff to reproduce the problem. Thanks for paying attention and reporting this. Thank you. -Otto -- viq
Re: Fuzzy patching broken?
On 9/4/06, Otto Moerbeek [EMAIL PROTECTED] wrote: It's PR 5129, containing a file and a diff to reproduce the problem. Thanks for paying attention and reporting this. It's 5219 - I keep hitting the keys in wrong order too ;) -Otto -- viq
Re: Fuzzy patching broken?
On Mon, 4 Sep 2006, Otto Moerbeek wrote: On Mon, 4 Sep 2006, viq wrote: As for reporting, you already did. ;-) Well, no, I didn't submit an 'official' PR ;) I did, as a reminder to myself (or any other volunteer who wants to attack this). It's PR 5129, containing a file and a diff to reproduce the problem. Thanks for paying attention and reporting this. demime removed the file Cheers, Dries -- Dries Schellekens email: [EMAIL PROTECTED]
Re: Fuzzy patching broken?
On Mon, 4 Sep 2006, Dries Schellekens wrote: On Mon, 4 Sep 2006, Otto Moerbeek wrote: On Mon, 4 Sep 2006, viq wrote: As for reporting, you already did. ;-) Well, no, I didn't submit an 'official' PR ;) I did, as a reminder to myself (or any other volunteer who wants to attack this). It's PR 5129, containing a file and a diff to reproduce the problem. Thanks for paying attention and reporting this. demime removed the file Oops, thanks. It's 5219, btw (thanks viz!). I'm now wondering why gnats removes uuencoded inline text... Anyway, I'll try to send it in such a manner that gnats accepts it. -Otto
hostapd(8) parser bug?
Hi
I might be missing something obvious (in which case I apologize!), but I
think that the current behaviour of hostapd(8)'s configuration file
parser in -current is not quite correct when dealing with multiple
matches of the 'not' grammar rule.
Take, for example, the config file excerpt
hostap handle skip type management subtype ! beacon \
with log \
rate 100 / 10 sec
With yydebug set, this gives the following sequence of reads and reductions:
reading 260 (HOSTAP)
reading 266 (HANDLE)
reducing by rule 34 ($$1 :)
reading 307 (SKIP)
reducing by rule 47 (eventopt : SKIP)
reading 267 (TYPE)
reducing by rule 32 (hostapmatch :)
reducing by rule 61 (frm :)
reading 277 (MANAGEMENT)
[1] reducing by rule 183 (not :)
reading 268 (SUBTYPE)
reading 33 ('!')
[2] reducing by rule 184 (not : '!')
reading 280 (BEACON)
reading 272 (WITH)
reducing by rule 87 (frmelems :)
reducing by rule 78 (frmsubtype : BEACON frmelems)
[3] reducing by rule 75 (frmmatchmgmt : SUBTYPE not frmsubtype)
[4] reducing by rule 72 (frmmatchtype : TYPE not MANAGEMENT \
frmmatchmgmt)
reducing by rule 112 (frmmatchdir :)
reducing by rule 119 (frmmatchfrom :)
reducing by rule 121 (frmmatchto :)
reducing by rule 123 (frmmatchbssid :)
reducing by rule 125 (frmmatchrtap :)
reducing by rule 60 (frmmatch : frm frmmatchtype frmmatchdir \
frmmatchfrom frmmatchto frmmatchbssid frmmatchrtap)
reading 303 (LOG)
reading 296 (RATE)
reducing by rule 54 (verbose :)
reducing by rule 49 (action : WITH LOG verbose)
reducing by rule 64 (limit :)
reading 336 (STRING)
reducing by rule 174 (number : STRING)
reading 47 ('/')
reading 336 (STRING)
reducing by rule 174 (number : STRING)
reading 264 (SEC)
reducing by rule 68 (rate : RATE number '/' number SEC)
reducing by rule 36 (event : HOSTAP HANDLE $$1 eventopt \
hostapmatch frmmatch $$2 action limit rate)
When the 'not' rule is reduced, the u_int 'negative' is set to either 0
or 1, depending on the sense of the negation. In this example, it is set
at [1] and [2] (as annotated above), but the actions that use it are not
executed until reductions [3] and [4]. This means that the value
returned by the first reduction (at [1]) is never used; the rule as
parsed is
hostap handle skip type ! management subtype ! beacon \
with log \
rate 100 / 10 sec
which is not what was intended.
I think the following diff fixes this particular instance of the
problem, although I haven't tested it extensively. A better fix might
make 'type ! management subtype ...' invalid, given that (with the
current precedence) it doesn't make much sense -- filtering on data
frame subtypes is both not particularly useful, and not currently supported.
Stephen
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/hostapd/parse.y,v
retrieving revision 1.24
diff -u -p -r1.24 parse.y
--- parse.y 27 Jun 2006 18:14:59 - 1.24
+++ parse.y 4 Sep 2006 12:56:26 -
@@ -471,12 +471,13 @@ frmmatchtype : /* any */
IEEE80211_FC0_TYPE_DATA;
HOSTAPD_MATCH(TYPE);
}
- | TYPE not MANAGEMENT frmmatchmgmt
+ | TYPE not MANAGEMENT
{
frame_ieee80211-i_fc[0] |=
IEEE80211_FC0_TYPE_MGT;
HOSTAPD_MATCH(TYPE);
}
+ frmmatchmgmt
;
frmmatchmgmt : /* any */
--
Stephen Lewis
automated source code scanning
since the openbsd project prides itself on being especially proactive about debugging, it would not surprise me to learn that there is automated code auditing going on. is this already the case? i didn't see openbsd listed on coverity's page, http://scan.coverity.com/ . further info about software that is already available would be nice, especially if it's open source. cheers, jake
Re: Speack Freely broken
Original message Date: Mon, 4 Sep 2006 10:52:46 -0300 From: Diego Casati [EMAIL PROTECTED] Subject: Speack Freely broken To: ports@openbsd.org speak freely seems to break when its Makefile gets updated, is anyone getting the same? diego, speak freely 7.1 is getting pretty old and hasn't been maintained since 2003, AFAIK. it is not surprising that it is broken. cheers, jake $ sudo make install === Checking files for speak_freely-7.1 `/usr/ports/distfiles/speak_freely-7.1.tar.gz' is up to date. Checksum OK for speak_freely-7.1.tar.gz. (sha1) === speak_freely-7.1 depends on: gsm-* - found === Verifying specs: gsm.=1.0 m curses ossaudio c termcap des /bin/sh: syntax error: ` ' unexpected *** Error code 1 Stop in /usr/ports/mbone/speak_freely (line 1497 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/mbone/speak_freely (line 1750 of /usr/ports/infrastructure/mk/bsd.port.mk). $
Re: automated source code scanning
Jacob Yocom-Piatt wrote: since the openbsd project prides itself on being especially proactive about debugging, it would not surprise me to learn that there is automated code auditing going on. is this already the case? i didn't see openbsd listed on coverity's page, http://scan.coverity.com/ . Google for it. http://www.google.com/search?hl=enq=coverity+openbsdbtnG=Google+Search further info about software that is already available would be nice, especially if it's open source. just remember: don't confuse tools that help you on a task for things that do the task for you. One should keep their brain fully engaged... Nick.
Re: automated source code scanning
On 9/4/06, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote: since the openbsd project prides itself on being especially proactive about debugging, it would not surprise me to learn that there is automated code auditing going on. is this already the case? i didn't see openbsd listed on coverity's page, http://scan.coverity.com/ . further info about software that is already available would be nice, especially if it's open source. cheers, jake From what I've seen here before the consensus seems to be that automated scanning is bad idea, because it can never (or at least, not for a while yet) match the intelligence of a human, and because making humans read the code leads to finding other bugs, like logic bugs, that would never be noticed otherwise. There's lint(1) if you want to check your C. -Nick
Re: network cards - which one is the best ;
On Mon, Sep 04, 2006 at 09:30:13AM +, Marcus Popp wrote: On 2006-09-03T23:16, Bill Marquette wrote: Other than Intel, is anyone else making quad port gig cards? Silicom makes em-based quad/six port cards. I thought the point of this subthread was Bill trying to avoid em(4)-based cards?
Re: automated source code scanning
On Mon, Sep 04, 2006 at 11:27:32AM -0500, Matthew R. Dempsky wrote: On Mon, Sep 04, 2006 at 09:11:52AM -0500, [EMAIL PROTECTED] wrote: Automating stuff you do NOT understand stands little chance of making anything better. Me, I just lurk here and do not speak for anyone, but I can assure you that the OpenBSD folks are not so naive as to put any trust in automated gizmos. Coverity found at least 30 bugs in OpenBSD (counting the number of commits to the cvs mailing list containing ``coverity'', according to marc), so it seems the OpenBSD developers *do* acknowledge the value of some automated testing. Also, tedu@ is a Coverity employee. Yes. *Relying* on such tools is foolish, as is not availing yourself of the information they *do* provide. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: network cards - which one is the best ;
On 9/4/06, Matthew R. Dempsky [EMAIL PROTECTED] wrote: On Mon, Sep 04, 2006 at 09:30:13AM +, Marcus Popp wrote: On 2006-09-03T23:16, Bill Marquette wrote: Other than Intel, is anyone else making quad port gig cards? Silicom makes em-based quad/six port cards. I thought the point of this subthread was Bill trying to avoid em(4)-based cards? More or less :) I can certainly continue to live with em(4), but I'm definitely seeing some bottlenecks (interrupt load) with it on my hardware (HP DL380 G4's - I have some new DL385's in that I haven't benchmarked) w/ i386 non-MP kernel (MP kernel in my testing seemed to negatively impact throughput performance even in MP hardware). One important note is that this is with the previous generation of the pci-x boards, I haven't retested with the currently shipping boards that are only supported in 4.0. --Bill
broadcom wireless card
I recently got a acer aspire 3000 laptop which i got for a good price. Unfortunately it's got a broadcom wireless card which won't work under openbsd. I was wondering if there's some way to get it working or if i have to replace it what would be a good cheap alternative. I don't know if project evil works on openbsd but i'll try and give that a shot. thanks, roger
Re: 4.0-beta SSH and GSSAPI Segmentation fault.
Darren Tucker [EMAIL PROTECTED] wrote: It would appear that while the underlying problem is in the kerberos library, Simon has provided a better workaround (below) which has been applied to ssh and will be in the next snapshot. Thanks for the report. Sorry for the late response. I just installed a new snapshot. $ sysctl kern.version kern.version=OpenBSD 4.0 (GENERIC) #1104: Fri Sep 1 11:54:27 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC ssh works for me both with a ticket and without a ticket. Thank you both.
Re: 4.0 i386 MP/clock issue?
Darrin Chandler wrote: XP and all other versions of Windows set the clock to local time, whereas OpenBSD sets it to GMT/UTC. It's probably better to say all non-braindead OSes set the clock to UTC. ;) That said, if Jason just runs config -ef /bsd and sets the timezone properly, his problem should be resolved; at least, until the next DST change...
Re: automated source code scanning
On Mon, Sep 04, 2006 at 11:01:20AM -0700, Darrin Chandler wrote: On Mon, Sep 04, 2006 at 11:27:32AM -0500, Matthew R. Dempsky wrote: On Mon, Sep 04, 2006 at 09:11:52AM -0500, [EMAIL PROTECTED] wrote: Automating stuff you do NOT understand stands little chance of making anything better. Me, I just lurk here and do not speak for anyone, but I can assure you that the OpenBSD folks are not so naive as to put any trust in automated gizmos. Coverity found at least 30 bugs in OpenBSD (counting the number of commits to the cvs mailing list containing ``coverity'', according to marc), so it seems the OpenBSD developers *do* acknowledge the value of some automated testing. Also, tedu@ is a Coverity employee. Yes. *Relying* on such tools is foolish, as is not availing yourself of the information they *do* provide. Agreed, but Tony said ``the OpenBSD folks are not so naive as to put _any_ trust in automated gizmos,'' not ``[...] to _only_ put trust in [...].''
Re: broadcom wireless card
On Mon, Sep 04, 2006 at 01:30:47PM -0500, Roger Midmore wrote: I recently got a acer aspire 3000 laptop which i got for a good price. Unfortunately it's got a broadcom wireless card which won't work under openbsd. I was wondering if there's some way to get it working or if i have to replace it what would be a good cheap alternative. I don't know if project evil works on openbsd but i'll try and give that a shot. Project Evil [1] most assuredly doesn't work on OpenBSD, and given the OpenBSD stance on blobs, I wouldn't hold my breath for it to ever work. Search the archives for recommendations. Joachim [1] NDIS wrapper for FreeBSD, it seems, given a quick web search.
Re: broadcom wireless card
On Mon, Sep 04, 2006 at 01:30:47PM -0500, Roger Midmore wrote: I recently got a acer aspire 3000 laptop which i got for a good price. Unfortunately it's got a broadcom wireless card which won't work under openbsd. I was wondering if there's some way to get it working or if i have to replace it what would be a good cheap alternative. You can get an MSI MP54G4 from newegg.com for about $20[1]. Only problem I've had so far is the wireless activity LED on my laptop doesn't illuminate anymore, but I haven't determined the cause. Before ordering a replacement, make sure to check how accessible the Mini-PCI slot is. My Thinkpad X40 required unscrewing just three screws to get access to it, while an Averatec whose card I tried replacing involved removing two dozen screws and disconnecting various unrelated cables, and I eventually gave up without ever seeing the slot. [1] http://www.newegg.com/Product/Product.asp?Item=N82E16833158115
PATCH: usr.bin/calendar/calendars/calendar.computer
Hello, I think it's worth to remind this day in year that: 07/22 Berkeley rescinded the 3rd term of BSD license, 1999 ps. I'm not on misc, please cc. -- best regards q# Index: calendar.computer === RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.computer,v retrieving revision 1.9 diff -u -r1.9 calendar.computer --- calendar.computer 2006/01/16 16:28:59 1.9 +++ calendar.computer 2006/09/04 20:47:44 @@ -59,6 +59,7 @@ Temple Univ., Phila, 1948, for symbolic differentiation on the ENIAC 07/08 Bell Telephone Co. formed (predecessor of ATT), 1877 07/08 CDC incorporated, 1957 +07/22 Berkeley rescinded the 3rd term of BSD license, 1999 08/14 First Unix-based mallet created, 1954 08/14 IBM PC announced, 1981 08/22 CDC 6600 introduced, 1963
Re: network cards - which one is the best ;
On 2006/09/04 13:25, Bill Marquette wrote: More or less :) I can certainly continue to live with em(4), but I'm definitely seeing some bottlenecks (interrupt load) with it on my hardware (HP DL380 G4's - I have some new DL385's in that I haven't benchmarked) w/ i386 non-MP kernel sk(4) cards are much better, but no quads. (MP kernel in my testing seemed to negatively impact throughput performance even in MP hardware). Depends on the hardware.
Re: automated source code scanning
On Mon, Sep 04, 2006 at 02:48:55PM -0500, Matthew R. Dempsky wrote: On Mon, Sep 04, 2006 at 11:01:20AM -0700, Darrin Chandler wrote: On Mon, Sep 04, 2006 at 11:27:32AM -0500, Matthew R. Dempsky wrote: On Mon, Sep 04, 2006 at 09:11:52AM -0500, [EMAIL PROTECTED] wrote: Automating stuff you do NOT understand stands little chance of making anything better. Me, I just lurk here and do not speak for anyone, but I can assure you that the OpenBSD folks are not so naive as to put any trust in automated gizmos. Coverity found at least 30 bugs in OpenBSD (counting the number of commits to the cvs mailing list containing ``coverity'', according to marc), so it seems the OpenBSD developers *do* acknowledge the value of some automated testing. Also, tedu@ is a Coverity employee. Yes. *Relying* on such tools is foolish, as is not availing yourself of the information they *do* provide. Agreed, but Tony said ``the OpenBSD folks are not so naive as to put _any_ trust in automated gizmos,'' not ``[...] to _only_ put trust in [...].'' I'm agreeing with you. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: automated source code scanning
Note: I am am employee of Coverity. Coverity is not currently scanning OpenBSD. Right now the major reason is that our software has not been ported to OpenBSD. I cannot speculate on any future plans, nor say if anything is in the works. PS: my automated signature generator is right on topic :) On Mon, 4 Sep 2006 08:32:21 -0500 (CDT) Jacob Yocom-Piatt [EMAIL PROTECTED] wrote: : since the openbsd project prides itself on being especially proactive : about debugging, it would not surprise me to learn that there is : automated code auditing going on. is this already the case? i didn't : see openbsd listed on coverity's page, http://scan.coverity.com/ . : : further info about software that is already available would be nice, : especially if it's open source. : : cheers, : jake : -- Quality Control, n.: The process of testing one out of every 1,000 units coming off a production line to make sure that at least one out of 100 works.
ssh problem
I've configured a Soekris running OpenBSD 3.9 pf as a firewall, with a read only CF. I am using the default sshd_config file except to run sshd on port 222. My problem is that I cannot connect remotely to this box via ssh except as root. When a legit user who has an account on that box attempts connection, I get Failed password for invalid user lj from 192.168.1.13 port 10962 ssh2. Is there anything obvious that you can suggest that might be causing this problem? I did try changing the file system to read/write, but it did not resolve the problem. Thanks.
Re: ssh problem
Do you have the AllowUsers or AllowGroups in your config file ? That would do it. You shoulda also disable direct root logins. Try changing the following in /etc/ssh/sshd_config PermitRootLogin no Leonard Jacobs([EMAIL PROTECTED])@Mon, Sep 04, 2006 at 10:22:30PM -0400: I've configured a Soekris running OpenBSD 3.9 pf as a firewall, with a read only CF. I am using the default sshd_config file except to run sshd on port 222. My problem is that I cannot connect remotely to this box via ssh except as root. When a legit user who has an account on that box attempts connection, I get Failed password for invalid user lj from 192.168.1.13 port 10962 ssh2. Is there anything obvious that you can suggest that might be causing this problem? I did try changing the file system to read/write, but it did not resolve the problem. Thanks. -- Allie D. Allnix,LLC. http://www.allnix.net One man's theology is another man's belly laugh.
