Re: pf.conf for WoW and L2 Games

[Matthew Weigel]

Sam Fourman Jr. wrote:
 Would anyone happen to have a pf.conf file that will prioritize World
 of Warcraft (Multi User) and Liniage 2 packets

For Lineage 2,
http://support.plaync.com/cgi-bin/plaync.cfg/php/enduser/std_adp.php?p_faqid=1713
lists the ports as 2009, 2106, and .

I don't know about World of Warcraft.
-- 
 Matthew Weigel

Re: pf.conf for WoW and L2 Games

[Sam Fourman Jr.]

Thank you all for your help

Sam Fourman Jr.

On 11/12/06, Matthew Weigel [EMAIL PROTECTED] wrote:

Sam Fourman Jr. wrote:
 Would anyone happen to have a pf.conf file that will prioritize World
 of Warcraft (Multi User) and Liniage 2 packets

For Lineage 2,
http://support.plaync.com/cgi-bin/plaync.cfg/php/enduser/std_adp.php?p_faqid=1713
lists the ports as 2009, 2106, and .

I don't know about World of Warcraft.
--
 Matthew Weigel

NFS very slow in 4.0

[Federico Giannici]

I have just upgraded an i386 from 3.9 to 4.0. It's an MX mail server 
that writes emails to another PC via NFS.


The delivery of the email via NFS is now VERY slow.

I noticed that when more then one precess try to access the filesystem 
via NFS it is very slow. Even a simple ls of a small directory takes a 
few seconds. If I kill all processes, then accessing that directory is 
again very fast.


Please note that CPU usage is usually low (a great percentage of idle 
CPU) but Load Averages are very high (20 and more) due to the many 
processes trying to write via NFS.


To increase NFS throughput I had increased (many months ago) the number 
of nfsio to 20 in sysctl.conf (vfs.nfs.iothreads=20). Here is their 
current status:


10109 ??  IKL 0:00.03 (nfsio)
23992 ??  DKL 0:01.20 (nfsio)
15951 ??  IKL 0:00.57 (nfsio)
16583 ??  IKL 0:00.28 (nfsio)
15549 ??  IKL 0:00.13 (nfsio)
 1027 ??  IKL 0:00.09 (nfsio)
10957 ??  IKL 0:00.07 (nfsio)
25036 ??  IKL 0:00.06 (nfsio)
12032 ??  IKL 0:00.05 (nfsio)
 6440 ??  IKL 0:00.04 (nfsio)
17435 ??  IKL 0:00.03 (nfsio)
 8590 ??  IKL 0:00.02 (nfsio)
15924 ??  IKL 0:00.02 (nfsio)
24621 ??  IKL 0:00.02 (nfsio)
 7798 ??  IKL 0:00.02 (nfsio)
26897 ??  IKL 0:00.02 (nfsio)
26366 ??  IKL 0:00.02 (nfsio)
15218 ??  IKL 0:00.02 (nfsio)
24631 ??  IKL 0:00.02 (nfsio)
31798 ??  IKL 0:00.02 (nfsio)

Please note that I upgraded only the client PC, no changes on the NFS 
server (an OpenBSD i386 3.9).


There have been changes in 4.0 that can explain this behavior?
Is there something I can do to solve it?


Thanks.

--
___
__
   |-  [EMAIL PROTECTED]
   |ederico Giannici  http://www.neomedia.it
___

Re: openbsd + external sensor (t°, humidity, ...)

[Cédric Berger]

Julien TOUCHE wrote:


i'm currently looking for solution to monitor external environment from
an openbsd server.


I'm currently developing a soekris add-on board board which will allows
(among other things) to connect 16 external sensors. The driver will
integrate nicely with OpenBSD sensor and GPIO framework.
Development is not completed, so I don't have much more to say publicly,
but if you are interested and like testing new stuff, drop me an e-mail
privately.

Cedric

PF state problem

[Gerald Holl]

Hello,

I am using OpenBSD 4.0 with pf. On my machine I run some services 
including ssh. Since I want access to my machine from outside I opened 
the ssh port and created a rule that allows outgoing traffic:


pass in on $ext_if proto tcp to ($ext_if) port 22
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

So long, from two of my PCs outside the network I can connect to the ssh 
service but from exactly one PC it does not work because I get no 
response back from the ssh server. If I add 'keep state' to the pass in 
rule it works.
Why do I need 'keep state' although the pass out rule already defines 
'modulate state'? As I mentioned above: it works for all of my PCs 
outside except for one.


cheers,
Gerald

Re: crash on 4.0 (but no ddb)

[Alexander Hall]

Stephen Takacs wrote:

On Sun, Nov 05, 2006 at 05:27:05PM -0500, Kyle George wrote:

Actually, what I should have said was uncomment the ddb.console=1 line in
sysctl.conf.  That's where it should go.  It will work in either place
though.


Yeah that's what I did. :-)  Unfortunately the machine crashed again
tonight while I was using it, and the ddb.console key sequence didn't
work, because the keyboard was totally dead.

I had just started up xpdf, and it was taking forever to load the file
(lots of graphics on this PDF) when I realized after a couple minutes
that this time it wasn't going to finish loading...  Ever since 3.9 was



Is there any way to troubleshoot this further in this kind of situation?
I don't think it's the hardware, because I'm subjecting the machine to
the same stress levels as always, and it started acting strange the next
morning after the 3.9 - 4.0 upgrade.


Try a serial console, if possible. I have not been able to view the ddb
output if the machine crashed while running X. Not sure if the caps lock
etc was unresponsive, though. I am on a Dell Inspiron 4100.

Or try typing boot crash or so, and see if anything happens, but you
maybe tried that earlier.

/Alexander 

how to use infrared remote control with openbsd ?

[Claude Brassel]

Hello,

I'm using lirc on linux and i want to switch to openbsd but i can not find
some equivalent package to lirc;


Have i miss something or have some body a good idea ?

Regard's

Claude
-- 
View this message in context: 
http://www.nabble.com/how-to-use-infrared-remote-control-with-openbsd---tf2616357.html#a7301750
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: NFS very slow in 4.0

[Pedro Martelletto]

On Sun, Nov 12, 2006 at 10:46:17AM +0100, Federico Giannici wrote:
 There have been changes in 4.0 that can explain this behavior?

No.

 Is there something I can do to solve it?

Try playing with the NIC. See if you get the same amount of throughput
with 4.0 that you got with 3.9.

-p.

Re: NFS very slow in 4.0

[Federico Giannici]

Pedro Martelletto wrote:

On Sun, Nov 12, 2006 at 10:46:17AM +0100, Federico Giannici wrote:

There have been changes in 4.0 that can explain this behavior?


No.


Is there something I can do to solve it?


Try playing with the NIC. See if you get the same amount of throughput
with 4.0 that you got with 3.9.


I have the same NICs in a couple of other PCs, with no visible change in 
throughput.


Sniffing at the NFS traffic I have seen that when everything slow down a 
lot of traffic is present with the listing of the directory of some 
delivery.


Is there any case that makes NFS in 4.0 read the listing of a directory?


Thanks.

--
___
__
   |-  [EMAIL PROTECTED]
   |ederico Giannici  http://www.neomedia.it

   Presidente del CDA - Neomedia S.r.l.
___

Re: PF state problem

[Stuart Henderson]

On 2006/11/12 11:24, Gerald Holl wrote:
 pass in on $ext_if proto tcp to ($ext_if) port 22
 pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

 So long, from two of my PCs outside the network I can connect to the ssh 
 service but from exactly one PC it does not work because I get no 
 response back from the ssh server. If I add 'keep state' to the pass in 
 rule it works.
 Why do I need 'keep state' although the pass out rule already defines 
 'modulate state'? As I mentioned above: it works for all of my PCs 
 outside except for one.

modulate state is creating state from a packet after the connection
setup, which doesn't have all the relevant information to validate the
sequence numbers correctly. You should use flags S/SA keep state or
...modulate state on all your rules unless there's a special reason
to do otherwise (quite unlikely).

Re: NFS very slow in 4.0

[Pedro Martelletto]

On Sun, Nov 12, 2006 at 01:59:47PM +0100, Federico Giannici wrote:
 Is there any case that makes NFS in 4.0 read the listing of a directory?

Yes, the getcwd() change. I wonder if it exposed any other bug in our
NFS code (as it did in the past, but those got fixed, since they were
reported).

Anyway, I'm working on trying to find a reason for what you're seeing,
along with a fix. Can you please provide a dmesg?

-p.

Re: PF state problem

[Martin Toft]

Stuart Henderson wrote:

On 2006/11/12 11:24, Gerald Holl wrote:

pass in on $ext_if proto tcp to ($ext_if) port 22
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

So long, from two of my PCs outside the network I can connect to the ssh 
service but from exactly one PC it does not work because I get no 
response back from the ssh server. If I add 'keep state' to the pass in 
rule it works.
Why do I need 'keep state' although the pass out rule already defines 
'modulate state'? As I mentioned above: it works for all of my PCs 
outside except for one.


modulate state is creating state from a packet after the connection
setup, which doesn't have all the relevant information to validate the
sequence numbers correctly. You should use flags S/SA keep state or
...modulate state on all your rules unless there's a special reason
to do otherwise (quite unlikely).


Since the OP is using 4.0, this might be of interest: flags S/SA keep 
state is default [0].


[0] http://archives.neohapsis.com/archives/openbsd/2006-10/0549.html

Regards,
Martin

Re: NFS very slow in 4.0

[Pedro Martelletto]

On Sun, Nov 12, 2006 at 02:31:59PM +0100, Federico Giannici wrote:
 The NEOMEDIA kernel is GENERIC with the following two options (I used 
 them in 3.9 to avoid kernel freezes):
 maxusers 64
 option NKMEMPAGES_MAX=32768

These problems are still there, so keep using them.

-p.

Re: NFS very slow in 4.0

[Federico Giannici]

Pedro Martelletto wrote:

On Sun, Nov 12, 2006 at 01:59:47PM +0100, Federico Giannici wrote:

Is there any case that makes NFS in 4.0 read the listing of a directory?


Yes, the getcwd() change. I wonder if it exposed any other bug in our
NFS code (as it did in the past, but those got fixed, since they were
reported).

Anyway, I'm working on trying to find a reason for what you're seeing,
along with a fix. Can you please provide a dmesg?


Here it is.

The NEOMEDIA kernel is GENERIC with the following two options (I used 
them in 3.9 to avoid kernel freezes):

maxusers 64
option NKMEMPAGES_MAX=32768


Bye.


OpenBSD 4.0-stable (NEOMEDIA) #0: Sat Nov 11 19:27:33 CET 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/NEOMEDIA
cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (AuthenticAMD 
686-class, 1024KB L2 cache) 2.21 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3

real mem  = 2146725888 (2096412K)
avail mem = 1949990912 (1904288K)
using 4256 buffers containing 107438080 bytes (104920K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 11/03/05, BIOS32 rev. 0 @ 
0xf0010, SMBIOS rev. 2.3 @ 0xf0530 (67 entries)

bios0: ASUSTeK Computer Inc. A8V
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5980/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x5200!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA K8HTB Host rev 0x00
pchb1 at pci0 dev 0 function 1 VIA K8HTB Host rev 0x00
pchb2 at pci0 dev 0 function 2 VIA K8HTB Host rev 0x00
pchb3 at pci0 dev 0 function 3 VIA K8HTB Host rev 0x00
pchb4 at pci0 dev 0 function 4 VIA K8HTB Host rev 0x00
pchb5 at pci0 dev 0 function 7 VIA K8HTB Host rev 0x00
ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Radeon VE QY rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
skc0 at pci0 dev 10 function 0 Marvell Yukon 88E8001/8003/8010 rev 
0x13, Marvell Yukon Lite (0x9): irq 10

sk0 at skc0 port A, address 00:13:d4:66:6a:a6
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
gdt0 at pci0 dev 13 function 0 Intel GDT RAID rev 0x00: irq 5 dpmem 
eff0 2-bus 1 cache device

gdt0: ver 222, cache on, strategy 2, writeback on, blksz 32
gdt0: raw feat 1 cache feat 101
scsibus0 at gdt0: 35 targets
sd0 at scsibus0 targ 0 lun 0: ICP, Host drive #00,  SCSI2 0/direct fixed
sd0: 69931MB, 69931 cyl, 64 head, 32 sec, 512 bytes/sec, 143219475 sec total
scsibus1 at gdt0: 16 targets
scsibus2 at gdt0: 16 targets
pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA
pciide0: using irq 10 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide1 channel 0 drive 1
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0: HL-DT-ST, DVD-ROM GDR8164B, 0L06 SCSI0 
5/cdrom removable

cd0(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 10
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 10
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00
iic0 at viapm0
unknown at iic0 addr 0x18 not configured
auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x60: irq 5
ac97: codec id 0x414c4790 (Avance Logic ALC850 rev 0)
audio0 at auvia0
pchb6 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00
pchb7 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00
pchb8 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00
pchb9 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console 

Re: PF state problem

[Martin Toft]

Martin Toft wrote:
Since the OP is using 4.0, this might be of interest: flags S/SA keep 
state is default [0].


[0] http://archives.neohapsis.com/archives/openbsd/2006-10/0549.html


Hmm, sorry, I didn't read it right. It's only in -current.

Regards,
Martin

Re: PF state problem

[Gerald Holl]

Stuart Henderson wrote:

On 2006/11/12 11:24, Gerald Holl wrote:

pass in on $ext_if proto tcp to ($ext_if) port 22
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

So long, from two of my PCs outside the network I can connect to the ssh 
service but from exactly one PC it does not work because I get no 
response back from the ssh server. If I add 'keep state' to the pass in 
rule it works.
Why do I need 'keep state' although the pass out rule already defines 
'modulate state'? As I mentioned above: it works for all of my PCs 
outside except for one.


modulate state is creating state from a packet after the connection
setup, which doesn't have all the relevant information to validate the
sequence numbers correctly. You should use flags S/SA keep state or
...modulate state on all your rules unless there's a special reason
to do otherwise (quite unlikely).


Ok, I changed the above rules into following ones:

pass in on $ext_if proto tcp to ($ext_if) port 22 flags S/SA modulate state
pass out on $ext_if proto { tcp, udp, icmp } from any to any flags S/SA 
modulate state
With these rules, pf only keeps state when the SYN flag is set, is that 
right?



cheers,
Gerald
--
http://holl.co.at

4.0 - Upgrading without install media

[Darrin Chandler]

I have some boxen in colo, and while I can go there to upgrade it's not
nearly as convenient as sitting at my desk. So I chose to upgrade over
ssh, knowing that if something goes horribly wrong I *can* drive down
and fix it on-site.

I just wanted to say that the process as documented in the FAQ (hi,
Nick!) is clear, concise, and has worked flawlessly every time I have
done it. Thanks for the efforts at documenting a process that is not
recommended but is still useful to many and necessary to some! This is
also a tribute to the developers in producing releases that hardly ever
have ANY regression problems. Kudos!

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

systrace: vi policy

[Jacob Yocom-Piatt]

i've read through all the docs that i can find on systrace policy generation and
enforcement and have hit a snag when trying to generate a working policy for vi
that restricts the files that can be read and written by a user. the policy is
generated by running systrace -A vi test.txt for an unprivileged user in their
home directory, performing some edits, quitting vi and editing the policy to
wildcard file paths where appropriate. running the same command with enforcement
of the auto-generated policy, systrace -a vi test.txt, yields the following:

$ systrace -a vi test.txt  
ex/vi: Error: Unable to create temporary file: Operation not permitted

when this occurs there is a corresponding series of log entries

Nov 12 08:29:36 served systrace: deny user: systest, prog: /usr/bin/vi, pid:
2684(0)[0], policy: /usr/bin/vi, filters: 60, syscall: native-fswrite(5),
filename: /tmp/bt.lP2684
Nov 12 08:29:36 served systrace: deny user: systest, prog: /usr/bin/vi, pid:
2684(0)[0], policy: /usr/bin/vi, filters: 60, syscall: native-fsread(291),
filename: /home/systest/test.txt
Nov 12 08:29:36 served systrace: deny user: systest, prog: /usr/bin/vi, pid:
2684(0)[0], policy: /usr/bin/vi, filters: 60, syscall: native-fswrite(5),
filename: /tmp/vi.HgVcdq2684

the denials of these syscalls is confusing to me since the systrace policy,
/etc/systrace/usr_bin_vi [0], contains wildcarded permit statements that should,
AFAICT, allow these syscalls. the two lines in usr_bin_vi that are meant to
allow these syscalls are marked with a  in [0] below.

since systrace obviously works for other folks, i'm missing something here. i
suspect it has to with wildcarding or environment variables. clues appreciated.

cheers,
jake

[0] - /etc/systrace/usr_bin_vi

Policy: /usr/bin/vi, Emulation: native
native-issetugid: permit
native-mprotect: permit
native-mmap: permit
native-__sysctl: permit
native-fsread: filename eq /var/run/ld.so.hints then permit
native-fstat: permit
native-close: permit
native-fsread: filename eq /usr/lib/libcurses.so.10.0 then permit
native-read: permit
native-mquery: permit
native-fsread: filename eq /usr/lib/libc.so.39.0 then permit
native-munmap: permit
native-sigprocmask: permit
native-fsread: filename eq /etc/malloc.conf then permit
native-ioctl: permit
native-fsread: filename eq $HOME/.terminfo.db then permit
native-fsread: filename eq $HOME/.terminfo then permit
native-fsread: filename eq /usr/share/misc/terminfo.db then permit
native-fcntl: permit
native-pread: permit
native-sigaction: permit
native-fsread: filename eq /usr/share/vi/catalog then permit
native-getpid: permit
native-fsread: filename eq /tmp then permit
  native-fswrite: filename eq /tmp/* then permit
native-lseek: permit
native-fsread: filename eq /etc/vi.exrc then permit
native-fsread: filename eq $HOME/.nexrc then permit
native-fsread: filename eq $HOME/.exrc then permit
  native-fsread: filename eq $HOME/* then permit
native-fsread: filename eq /var/tmp/vi.recover then permit
native-fswrite: filename eq /var/tmp/vi.recover/* then permit
native-fchmod: fd eq 3 and mode eq 700 then permit
native-flock: permit
native-write: permit
native-poll: permit
native-select: permit
native-getuid: permit
native-fsread: filename eq /etc/spwd.db then permit
native-fsread: filename eq /etc/pwd.db then permit
native-fchmod: fd eq 6 and mode eq 600 then permit
native-gettimeofday: permit
native-fsread: filename eq /usr/share/zoneinfo/US/Central then permit
native-pwrite: permit
native-fsync: permit
native-chmod: filename eq /var/tmp/vi.recover/vi.* and mode eq 600
then permit
native-fswrite: filename eq $HOME/* then permit
native-exit: permit
native-fchmod: fd eq 3 and mode eq 600 then permit
native-fsread: filename eq /usr/share/nls/C/libc.cat then permit
native-fsread: filename eq /non-existent filename:
/usr/share/nls/libc/C then permit

Re: PF state problem

[Stuart Henderson]

On 2006/11/12 15:40, Gerald Holl wrote:
 modulate state is creating state from a packet after the connection
 setup, which doesn't have all the relevant information to validate the
 sequence numbers correctly. You should use flags S/SA keep state or
 ...modulate state on all your rules unless there's a special reason
 to do otherwise (quite unlikely).
 
 Ok, I changed the above rules into following ones:
 
 pass in on $ext_if proto tcp to ($ext_if) port 22 flags S/SA modulate state
 pass out on $ext_if proto { tcp, udp, icmp } from any to any flags S/SA 
 modulate state
 With these rules, pf only keeps state when the SYN flag is set, is that 
 right?

Yes, exactly. Other packets (those which don't only have SYN out of
SYN+ACK) don't create state at all, but they're allowed through when
they match an existing state (src/dest port+address, as you'd expect,
and sequence numbers must also be within a reasonable window).

I think one of the main reasons people used to avoid keeping state
was so that a newly-booted firewall could synchronize with existing
packet flows - say, if you want to replace one firewall with a new
one - but we have CARP/PFSYNC for that now so it's less important).
Generally keeping state saves cpu time, and increases security.

Re: systrace: vi policy

[Okan Demirmen]

On Sun 2006.11.12 at 08:55 -0600, Jacob Yocom-Piatt wrote:

consider sorting your policies...also, try to be more generic in other
places, for example, match /usr/lib/libc.so.*
 
 Policy: /usr/bin/vi, Emulation: native
 native-issetugid: permit
 native-mprotect: permit
 native-mmap: permit
 native-__sysctl: permit
 native-fsread: filename eq /var/run/ld.so.hints then permit
 native-fstat: permit
 native-close: permit
 native-fsread: filename eq /usr/lib/libcurses.so.10.0 then permit
 native-read: permit
 native-mquery: permit
 native-fsread: filename eq /usr/lib/libc.so.39.0 then permit
 native-munmap: permit
 native-sigprocmask: permit
 native-fsread: filename eq /etc/malloc.conf then permit
 native-ioctl: permit
 native-fsread: filename eq $HOME/.terminfo.db then permit
 native-fsread: filename eq $HOME/.terminfo then permit
 native-fsread: filename eq /usr/share/misc/terminfo.db then permit
 native-fcntl: permit
 native-pread: permit
 native-sigaction: permit
 native-fsread: filename eq /usr/share/vi/catalog then permit
 native-getpid: permit
 native-fsread: filename eq /tmp then permit
   native-fswrite: filename eq /tmp/* then permit

use match

 native-lseek: permit
 native-fsread: filename eq /etc/vi.exrc then permit
 native-fsread: filename eq $HOME/.nexrc then permit
 native-fsread: filename eq $HOME/.exrc then permit
   native-fsread: filename eq $HOME/* then permit

use match

 native-fsread: filename eq /var/tmp/vi.recover then permit
 native-fswrite: filename eq /var/tmp/vi.recover/* then permit
 native-fchmod: fd eq 3 and mode eq 700 then permit
 native-flock: permit
 native-write: permit
 native-poll: permit
 native-select: permit
 native-getuid: permit
 native-fsread: filename eq /etc/spwd.db then permit
 native-fsread: filename eq /etc/pwd.db then permit
 native-fchmod: fd eq 6 and mode eq 600 then permit
 native-gettimeofday: permit
 native-fsread: filename eq /usr/share/zoneinfo/US/Central then 
 permit
 native-pwrite: permit
 native-fsync: permit
 native-chmod: filename eq /var/tmp/vi.recover/vi.* and mode eq 600
 then permit
 native-fswrite: filename eq $HOME/* then permit
 native-exit: permit
 native-fchmod: fd eq 3 and mode eq 600 then permit
 native-fsread: filename eq /usr/share/nls/C/libc.cat then permit
 native-fsread: filename eq /non-existent filename:
 /usr/share/nls/libc/C then permit

Re: NFS very slow in 4.0

[Federico Giannici]

Pedro Martelletto wrote:

On Sun, Nov 12, 2006 at 01:59:47PM +0100, Federico Giannici wrote:

Is there any case that makes NFS in 4.0 read the listing of a directory?


Yes, the getcwd() change. I wonder if it exposed any other bug in our
NFS code (as it did in the past, but those got fixed, since they were
reported).

Anyway, I'm working on trying to find a reason for what you're seeing,
along with a fix.


I have just noticed that at the same time of these NFS problems there 
has been a big decrease of traffic in our DNS server...


After some investigation I found that the DNS server (recently upgraded 
to 4.0) had reached the maximum of memory (there was a datasize 200M 
option).


Now that the DNS problem is solved, it SEEMS that the problem with NFS 
is reduced. So I have two questions:


1) Is NFS activity in some way related to DNS?
Anyway it could be that my mail delivery program depends on DNS, and 
so it delayed the delivery...


2) Is it possible that, if a certain number of processes are already 
using NFS, subsequent attempts by other processes is STOPPED, until some 
other process RELEASE the use of NFS???
If this is true, what I can do to increase the number of concurrent 
processes writing via NFS?

I increased vfs.nfs.iothreads to 20, but it seems not be enough...


Thanks.

--
___
__
   |-  [EMAIL PROTECTED]
   |ederico Giannici  http://www.neomedia.it
___

Re: Troubles trying to configure non-default VPN

[jared r r spiegel]

On Fri, Nov 10, 2006 at 05:50:54AM +1100, nuffnough wrote:
 On 11/9/06, jared r r spiegel [EMAIL PROTECTED] wrote:
 

 No Phase one.  Just a packet to initiate,  then a packet back to say that
 the far end doesn't like me.  Debug on the other end indicated that when my
 end initiates,  it does it with 128bit key length and a lifetime of one
 hour.  Of course,  I didn't have the brilliant idea of just setting my end
 up as passive,  to make sure that the other end initiates.  The required
 parameters fall within the ranges of the default AES-SHA config.

  that reminds me of having the same kind of issue at times; where if i was
  passive it would come up, but if i was the initiator, it would not.

  that's part of the reason i chose to switch my configs to hard values
  for the proposals, instead of that want,min:max syntax.  i am very
  glad that syntax is available, but as i didn't have to support a big
  wide range of incoming clients piloted by knob twiddlers, i found it to
  be a benefit to move to just want for the different params.  got rid of
  the 'sometimes works/sometimes doesn't/seems to matter if i init or am inited
  upon' stuff.

   without running it through isakmpd to parse it, and given that i'm a bit
   rusty with isakmpd.conf, nothing jumps out at me.
 
 
 The real (prolly newbie) question that I think I need the answer to is:
 After I define a custom transform, am I still able to call the standard
 pre-defined transforms at the same time?

  i bet $10 that yes, you can.

  cannot say with certainty/hard reference examples at the moment, but 
  i believe that once isakmpd is running, the predefined transform jobbies
  are no different to isakmpd than any you specify.  perhaps it would
  be an issue if you collided names for the transform/proto/suite, but
  iirc you weren't doing that.

 I have about 20 other vpns with diverse encryption
 parameters.  It would be moderately painful if I had to manually configure
 them all just to make this new one work.
 
 
 Is there something I am missing about the structure of isakmpd.conf about
  the placement or reference of these new sections for lifetime and
  XX-AES-SHA?
 
   tbh i don't recall if order matters.  here's a c/p of an isakmpd.conf
   w/custom phase-1 and phase-2 i had running stable up until i switched
   over to an ipsecctl-based scheme. ( we had our own X509 fqdn certs
   from back in the certpatch days ).  either end of the tunnel was OK
   to initiate the negotiation, and the intent was for the tunnels to be
   always up.
 
 
 Was this the only definition in your isakmpd.conf at the time..?

  at one point i had added another peer who was using pre-shared keys
  for phaseI; that peer had its own set of transform/proto/suites
  defined in a similar fashion as the first ones, but little different
  params ( longer lifetime, 128b key length on phaseI, whatever default
  keylen is on phaseII, if that's even applicable there ).

  i don't think i had one that was strictly one of the predefined transforms
  at any point along side one using a custom transform... makes me wish
  i had /etc in CVS a long long time ago.

 Just at the moment the guy configuring the other end has stepped it down to
 128bit with a 1 hour timeout for me and we now get Phase-1 okay.  This is a
 little unfortunate,  because it means I can't run any of these
 ipsecadm/ipsecctl tests to get the output to give you so you can help me.  I
 expect that he'll be back on deck in a few hours,  and I will dump it in
 here then.

  iow, either side can init the tunnel OK, doesn't matter who starts it?
  if he did that and you still have the XX-phase-1-lifetime and XX-AES-SHA
  thing in there, try doing the setting where you only specify the 128 and
  3600; then see if the tunnel comes up with you init'ing as that again, then
  do the lifetime to 86400 and restart, see if you still get tunnel with either
  person init'ing.  if that still works, bump the 128 up.  i have this nagging
  in the back of my head i can't get rid of that is telling me there's one of
  the parameters where you think you're adjusting the cipher strength but 
  in reality the parameter ends up ignored and doesn't matter.

  fwiw, when i've gotten to the point of sitting there banging my head
  on a wall because 'no proposal chosen', and everything looks like it should
  be working, it's 9/10 times been because of the damn lifetimes (mismatch).

  ( i think the other 1/10 has something to do with the key_length that for
some reason i can't stop thinking doesn't matter in either phaseI or 
phaseII,
but i don't have the details on hand )

  the bitch is when you don't know what the other side is using as a default,
  but i think that -dDAblahbla one up there will catch those (expected/recv'd).

  but yeah, if you both work ok at 128/3600, try 128/86400 first and then move
  up the 128.

-- 

  jared

Re: NFS very slow in 4.0

[Pedro Martelletto]

On Sun, Nov 12, 2006 at 04:32:27PM +0100, Federico Giannici wrote:
 Now that the DNS problem is solved, it SEEMS that the problem with NFS 
 is reduced.

Interesting... let me know what else you find out.

 1) Is NFS activity in some way related to DNS?

Not really. Well, both go through the network. :-)

 Anyway it could be that my mail delivery program depends on DNS, and 
 so it delayed the delivery...

Possibly.

 2) Is it possible that, if a certain number of processes are already 
 using NFS, subsequent attempts by other processes is STOPPED, until some 
 other process RELEASE the use of NFS???

Not the use of NFS, but of certain resources. It's like that all over
the kernel.

 If this is true, what I can do to increase the number of concurrent 
 processes writing via NFS?
 I increased vfs.nfs.iothreads to 20, but it seems not be enough...

Well, it would be nice to have real locking for NFS, so some polling
constructions could be avoided. But given the amount of people
interested in helping, that's too far of a goal.

So yeah, try bumping that for now, if you feel the server (and the
network) are comfortable with the load.

-p.

Re: how to use infrared remote control with openbsd ?

[Girish Venkatachalam]

On Sun, Nov 12, 2006 at 03:31:30AM -0800, Claude Brassel wrote:
 Hello,
 
 I'm using lirc on linux and i want to switch to openbsd but i can not find
 some equivalent package to lirc;

I am planning to port it to get it to work but I am not sure when I will be 
done. Do you want to sponsor it? :)
 
 
 Have i miss something or have some body a good idea ?

But I only want to support user space serial drivers to begin with as that is 
the remote I want to get working and that is the hardware I have.

After that you should pick up and run. :)

Hopefully I should be done within a fortnight's time.

(But it might take longer considering my present schedule)

Best,
Girish
-- 
Linux is for folks who hate Windoze.

FreeBSD is for folks who love UNIX.

OpenBSD is for folks who can't live without UNIX.

Dead lm-sensor??

[Rickard Dahlstrand]

Hi,

Here is two dmegs from two identically pcengines WRAP 2E boxes that
until today had lm77-sensors providing the temperature, but today on of
them don't and I get this:

 unknown at iic1 addr 0x48 not configured
---
 lmtemp0 at iic1 addr 0x48: lm77

Is this a hardware failure?? Other than this they are both working fine.

/Rickard.
OpenBSD 3.9 (WRAP12) #0: Mon Sep  4 17:45:51 CEST 2006
[EMAIL PROTECTED]:/home/rd/flashboot/flashboot/obj/WRAP12
cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 
586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
real mem  = 133804032 (130668K)
avail mem = 108634112 (106088K)
using 331 buffers containing 1355776 bytes (1324K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(fa) BIOS, date 05/02/05, BIOS32 rev. 0 @ 0xfc5f2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00
sis0 at pci0 dev 14 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, 
address 00:0d:b9:01:91:7c
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 15 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 9, 
address 00:0d:b9:01:91:7d
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 16 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 11, 
address 00:0d:b9:01:91:7e
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00
gpio0 at gscpcib0: 64 pins
NS SC1100 SMI rev 0x00 at pci0 dev 18 function 1 not configured
pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: STI Flash 7.2.0
wd0: 1-sector PIO, LBA, 122MB, 250880 sectors
wd0(pciide0:0:0): using PIO mode 4
NS SCx200 AUDIO rev 0x00 at pci0 dev 18 function 3 not configured
geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 
wdstatus 0
ohci0 at pci0 dev 19 function 0 Compaq USB OpenHost rev 0x08: irq 9, version 
1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Compaq OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
isa0 at gscpcib0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
midi0 at pcppi0: PC speaker
gscsio0 at isa0 port 0x2e/2: SC1100 SIO rev 1: ACB1 ACB2
iic0 at gscsio0
iic1 at gscsio0
unknown at iic1 addr 0x48 not configured
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
biomask f3ef netmask ffef ttymask ffef
rd0: fixed, 30720 blocks
dkcsum: wd0 matches BIOS drive 0x80
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
clock: unknown CMOS layout
OpenBSD 3.9 (WRAP12) #0: Mon Sep  4 17:45:51 CEST 2006
[EMAIL PROTECTED]:/home/rd/flashboot/flashboot/obj/WRAP12
cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 
586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
real mem  = 133804032 (130668K)
avail mem = 108634112 (106088K)
using 331 buffers containing 1355776 bytes (1324K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(fa) BIOS, date 05/02/05, BIOS32 rev. 0 @ 0xfc5f2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00
sis0 at pci0 dev 14 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, 
address 00:0d:b9:01:94:ec
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 15 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 9, 
address 00:0d:b9:01:94:ed
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 16 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 11, 
address 00:0d:b9:01:94:ee
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00
gpio0 at gscpcib0: 64 pins
NS SC1100 SMI rev 0x00 at pci0 dev 18 function 1 not configured
pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: STI Flash 7.2.0
wd0: 1-sector PIO, LBA, 122MB, 250880 sectors
wd0(pciide0:0:0): using PIO mode 4
NS SCx200 AUDIO rev 0x00 at pci0 dev 18 function 3 not configured
geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 
wdstatus 9WDRST,WDOVF
isa0 at gscpcib0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
midi0 at pcppi0: PC speaker
gscsio0 at isa0 port 0x2e/2: SC1100 SIO rev 1: ACB1 ACB2
iic0 at gscsio0
iic1 at gscsio0

Re: Just one more cisco... please

[Bill]

On Sat, 11 Nov 2006 08:40:23 -0600 (CST)
Jacob Yocom-Piatt [EMAIL PROTECTED] spake:

  Original message 
 Date: Sat, 11 Nov 2006 00:44:13 -0500
 From: Bill [EMAIL PROTECTED]  
 Subject: Just one more cisco... please  
 To: misc@openbsd.org
 
 I just found out that to add a 4th interface to our PIX firewall will
 cost $100 for the card, and $3,000 for the license upgrade to allow us
 to do that.  WTF is all that about
 
 
 the cost of license upgrades on proprietary crapware are so ridiculous. it
 reminds me of the ~500 USD that sonicwall wants just to support vlans on its
 enhanced OS.
 
 corporate network is coming together nicely... Sn my pretty pix,
 sn you shall be on Ebay... Any takers?  If not, anyone got a six
 pack and some thermite?
 
 
 hop online and order the magnesium strip, iron (III) oxide and powdered 
 aluminum
 and get busy! if you do this, please videotape it and post it to the list for
 all to enjoy.
 
 Seriously though - OpenBSD has been incredibly solid - Thanks much to
 everyone involved from the FAQ guys to the coders, to the planners and
 the doers.  

Well, I got a note saying the project itself could use the hardware to
hack on, so it may be a tough call...  I can use it for good, or for
enjoyment...  Blowing up stuff (well... melting) or packaging and
mailing.  I dunno... of course this all assumes I can get it released
into my hands...

Problems applying 002_openssl.patch for OpenBSD 4.0

[Andreas Maus]

Hi.

After updating from OpenBSD 3.9 to 4.0 I extracted the new tarballs
src.tar.gz and sys.tar.gz and got the patches for OpenBSD 4.0
from openbsd.org/errata.html

I had no problem applying the patches except for 002_openssl which
stops while make with:

# make
[... snipp ...]
=== crypto
cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
-DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
-DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
-DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
-DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
-DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
-I/usr/src/lib/libssl/crypto/../src
-I/usr/src/lib/libssl/crypto/../src/crypto
-I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
-DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
/usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c -o rsa_eay.o
cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
-DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
-DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
-DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
-DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
-DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
-I/usr/src/lib/libssl/crypto/../src
-I/usr/src/lib/libssl/crypto/../src/crypto
-I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
-DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
/usr/src/lib/libssl/src/crypto/rsa/rsa_err.c -o rsa_err.o
cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
-DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
-DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
-DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
-DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
-DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
-I/usr/src/lib/libssl/crypto/../src
-I/usr/src/lib/libssl/crypto/../src/crypto
-I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
-DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c -o rsa_x931.o
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c: In function `RSA_X931_hash_id':
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: `NID_sha256'
undeclared (first use in this function)
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: (Each
undeclared identifier is reported only once
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: for each
function it appears in.)
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:168: error: `NID_sha384'
undeclared (first use in this function)
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:171: error: `NID_sha512'
undeclared (first use in this function)
*** Error code 1

Stop in /usr/src/lib/libssl/crypto.
*** Error code 1

Stop in /usr/src/lib/libssl.

All previous commands for this patch ( cd lib/libssl,
make obj make depend make includes ) didn't produce
any errors.

Can someone give me some hints about this?

Thanks,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Problems applying 002_openssl.patch for OpenBSD 4.0

[Allie D.]

rm -rf /usr/obj/* and then try again.

P.S. I have an error code 71 on one of my boxes on the make
install...think my disk is now full of cruft from countless upgrades, it's
time to wipe it and start over.
-- 
~Allie D.


On Sun, November 12, 2006 09:28, Andreas Maus wrote:
 Hi.

 After updating from OpenBSD 3.9 to 4.0 I extracted the new tarballs
 src.tar.gz and sys.tar.gz and got the patches for OpenBSD 4.0
 from openbsd.org/errata.html

 I had no problem applying the patches except for 002_openssl which
 stops while make with:

 # make
 [... snipp ...]
 === crypto
 cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
 -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
 -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
 -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
 -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
 -I/usr/src/lib/libssl/crypto/../src
 -I/usr/src/lib/libssl/crypto/../src/crypto
 -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
 -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
 /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c -o rsa_eay.o
 cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
 -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
 -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
 -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
 -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
 -I/usr/src/lib/libssl/crypto/../src
 -I/usr/src/lib/libssl/crypto/../src/crypto
 -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
 -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
 /usr/src/lib/libssl/src/crypto/rsa/rsa_err.c -o rsa_err.o
 cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
 -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
 -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
 -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
 -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
 -I/usr/src/lib/libssl/crypto/../src
 -I/usr/src/lib/libssl/crypto/../src/crypto
 -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
 -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c -o rsa_x931.o
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c: In function
 `RSA_X931_hash_id':
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: `NID_sha256'
 undeclared (first use in this function)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: (Each
 undeclared identifier is reported only once
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: for each
 function it appears in.)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:168: error: `NID_sha384'
 undeclared (first use in this function)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:171: error: `NID_sha512'
 undeclared (first use in this function)
 *** Error code 1

 Stop in /usr/src/lib/libssl/crypto.
 *** Error code 1

 Stop in /usr/src/lib/libssl.

 All previous commands for this patch ( cd lib/libssl,
 make obj make depend make includes ) didn't produce
 any errors.

 Can someone give me some hints about this?

 Thanks,

 Andreas.

 --
 Hobbes : Shouldn't we read the instructions?
 Calvin : Do I look like a sissy?

Re: Problems applying 002_openssl.patch for OpenBSD 4.0

[Christopher D. Palmer]

From: Andreas Maus [EMAIL PROTECTED]
Subject: Problems applying 002_openssl.patch for OpenBSD 4.0



Hi.

After updating from OpenBSD 3.9 to 4.0 I extracted the new tarballs
src.tar.gz and sys.tar.gz and got the patches for OpenBSD 4.0
from openbsd.org/errata.html

I had no problem applying the patches except for 002_openssl which
stops while make with:


http://marc.theaimsgroup.com/?l=openbsd-miscm=116327103731240w=2

Re: how to use infrared remote control with openbsd ?

[Claude Brassel]

Hello,

 I am planning to port it to get it to work but I am not sure when I will
 be done. Do you want to sponsor it? :)

Sure i can sponsor you with some old remote controls :))

But I only want to support user space serial drivers to begin with as that
is the remote I want to get working and that is the hardware I have.

I need only the serial driver (I have make some basic serial ir receivers)

After that you should pick up and run. :)

That sound's great !

Hopefully I should be done within a fortnight's time.

That sound's great to ! I can wait !

(But it might take longer considering my present schedule)

 Best,
Girish

Regard's

Claude



-- 
View this message in context: 
http://www.nabble.com/how-to-use-infrared-remote-control-with-openbsd---tf2616357.html#a7305177
Sent from the openbsd user - misc mailing list archive at Nabble.com.

About useing (pkg_add -u -r)

[M.Salah]

I wonder what do (pkg_add -u -r) exactly, is it supposed to notify me with
the new v. of my installed pkgs or update it recursively?

thanks all

-- 
M.Salah

Re: systrace: vi policy

[Jacob Yocom-Piatt]

 Original message 
Date: Sun, 12 Nov 2006 10:26:10 -0500
From: Okan Demirmen [EMAIL PROTECTED]  
Subject: Re: systrace: vi policy  
To: misc@openbsd.org

On Sun 2006.11.12 at 08:55 -0600, Jacob Yocom-Piatt wrote:

consider sorting your policies...also, try to be more generic in other
places, for example, match /usr/lib/libc.so.*
 
   native-fswrite: filename eq /tmp/* then permit

use match


okan,

that did the trick, thx for the syntax advice. is there any particular utility
you recommend for sorting the syscalls?

cheers,
jake

Re: Problems applying 002_openssl.patch for OpenBSD 4.0

[Andreas Maus]

Hi Allie.

Thanks.
Clearing /usr/obj did it.
I guess running make clean (as suggested
by Christopher [EMAIL PROTECTED]) would also
a solution.

Thanks,

Andreas.

On 11/12/06, Allie D. [EMAIL PROTECTED] wrote:

rm -rf /usr/obj/* and then try again.

P.S. I have an error code 71 on one of my boxes on the make
install...think my disk is now full of cruft from countless upgrades, it's
time to wipe it and start over.
--
~Allie D.


On Sun, November 12, 2006 09:28, Andreas Maus wrote:
 Hi.

 After updating from OpenBSD 3.9 to 4.0 I extracted the new tarballs
 src.tar.gz and sys.tar.gz and got the patches for OpenBSD 4.0
 from openbsd.org/errata.html

 I had no problem applying the patches except for 002_openssl which
 stops while make with:

 # make
 [... snipp ...]
 === crypto
 cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
 -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
 -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
 -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
 -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
 -I/usr/src/lib/libssl/crypto/../src
 -I/usr/src/lib/libssl/crypto/../src/crypto
 -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
 -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
 /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c -o rsa_eay.o
 cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
 -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
 -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
 -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
 -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
 -I/usr/src/lib/libssl/crypto/../src
 -I/usr/src/lib/libssl/crypto/../src/crypto
 -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
 -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
 /usr/src/lib/libssl/src/crypto/rsa/rsa_err.c -o rsa_err.o
 cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
 -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
 -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
 -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
 -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
 -I/usr/src/lib/libssl/crypto/../src
 -I/usr/src/lib/libssl/crypto/../src/crypto
 -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
 -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c -o rsa_x931.o
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c: In function
 `RSA_X931_hash_id':
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: `NID_sha256'
 undeclared (first use in this function)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: (Each
 undeclared identifier is reported only once
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: for each
 function it appears in.)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:168: error: `NID_sha384'
 undeclared (first use in this function)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:171: error: `NID_sha512'
 undeclared (first use in this function)
 *** Error code 1

 Stop in /usr/src/lib/libssl/crypto.
 *** Error code 1

 Stop in /usr/src/lib/libssl.

 All previous commands for this patch ( cd lib/libssl,
 make obj make depend make includes ) didn't produce
 any errors.

 Can someone give me some hints about this?

 Thanks,

 Andreas.

 --
 Hobbes : Shouldn't we read the instructions?
 Calvin : Do I look like a sissy?





--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

NFS and suspend

[Greg Thomas]

Half the time after resuming my T40 laptop from suspend my NFS
connection hangs.  If I do a df or do shell file name completion on
the mounted directory name my xterm hangs:

[EMAIL PROTECTED] df -k
nfs server grits:/home: not responding

[EMAIL PROTECTED] ls donfs server grits:/home: not responding
[EMAIL PROTECTED] ls
DownloadsMusicdocs photos   sigs
GNUstep  bin  packages.txt ports_list   stuff

docs is the NFS mounted directory.

And I get processes I can't kill, even with with SIGKILL:
ethant9923  0.0  0.0   284   140 p1- D  9:50AM0:00.02 df -k

[EMAIL PROTECTED] cat /etc/fstab
/dev/wd0a / ffs rw 1 1
/dev/wd0b /tmp mfs rw,nodev,nosuid,-s=512000 0 0
/dev/wd0f /home ffs rw,nodev,nosuid,softdep 1 2
/dev/wd0e /usr ffs rw,nodev 1 2
/dev/wd0d /var ffs rw,nodev,nosuid 1 2
grits:/home /home/grits nfs rw,nodev,nosuid,tcp,soft,intr 0 0

I haven't used NFS in quite some time.  Is this expected behaviour or
should it fail more gracefully with the soft mount?  And even if it's
not expected behaviour is there anyway to clear this without a reboot?

OpenBSD 4.0-current (GENERIC) #0: Sat Oct 28 01:18:09 PDT 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1300MHz (GenuineIntel 686-class) 1.30
 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,
 CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 1300 MHz (1388 mV): speeds: 1300, 1200, 1000, 800, 600
 MHz
real mem  = 535719936 (523164K)
avail mem = 480722944 (469456K)
using 4256 buffers containing 26910720 bytes (26280K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(a4) BIOS, date 06/02/06, BIOS32 rev. 0 @ 0xfd750,
 SMBIOS rev. 2.33 @ 0xe0010 (61 entries)
bios0: IBM 237314U
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 99%
apm0: AC on, battery charge high
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #6 is the last bus
bios0: ROM list: 0xc/0x1 0xdc000/0x4000! 0xe/0x1
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82855PE Hub rev 0x03
ppb0 at pci0 dev 1 function 0 Intel 82855PE AGP rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Radeon Mobility M7 LW rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81
pci2 at ppb1 bus 2
cbb0 at pci2 dev 0 function 0 TI PCI1520 CardBus rev 0x01: irq 11
cbb1 at pci2 dev 0 function 1 TI PCI1520 CardBus rev 0x01: irq 11
iwi0 at pci2 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11,
 address 00:12:f0:9e:f8:4b
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0xb0
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 6 device 0 cacheline 0x8, lattimer 0xb0
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01
pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: FUJITSU MHS2030AT
wd0: 16-sector PIO, LBA, 28615MB, 58605120 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVD-ROM GDR8083N, 0008
 SCSI05/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x01: irq 11
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x01: irq 11,
 CH4 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
Intel 82801DB Modem rev 0x01 at pci0 dev 31 function 6 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5

Re: systrace: vi policy

[Okan Demirmen]

On Sun 2006.11.12 at 12:15 -0600, Jacob Yocom-Piatt wrote:
  Original message 
 Date: Sun, 12 Nov 2006 10:26:10 -0500
 From: Okan Demirmen [EMAIL PROTECTED]  
 Subject: Re: systrace: vi policy  
 To: misc@openbsd.org
 
 On Sun 2006.11.12 at 08:55 -0600, Jacob Yocom-Piatt wrote:
 
 consider sorting your policies...also, try to be more generic in other
 places, for example, match /usr/lib/libc.so.*
  
native-fswrite: filename eq /tmp/* then permit
 
 use match
 
 
 okan,
 
 that did the trick, thx for the syntax advice. is there any particular utility
 you recommend for sorting the syscalls?

no problem.  not to state the obvious, but use sort(1).  call it within
your favorite editor ;)

cheers.

Missing checksums on FTP server?

[Jonathan Schleifer]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Hi!

I already searched the archives for that, but only found out that the
missing xorg sets checksums have something to do with the build process.
But why aren't they just added after the build? Where can I get the
checksums for the xorg sets? And why not sign the packages, using
gzsign for example? An operation system that calls it's self secure is
only useful when you can be sure that you got it from good sources.

- -- 
Jonathan
-BEGIN PGP SIGNATURE-

iQGVAwUBRVd0l11Xpe24xp0rAQNoqwwAkmikk7Env/cFeaV4syllb/U5mTxmX849
XsjPDpdPDsKcn3yn+FHz3RDxdt5wCtYnzeahCsNgNU/sTKFNTnkKB7fC03rP0vVN
cel/NqNK93XBuLYB4wYL7sPhbZmV3xD4RNyc+Kii76sX/loQu5bwdkW5KlgbGf3T
1QdDBB9Mu4jUW7kykpxssRGUz5QWhzpnUfcxXoELhiiWZjbOZEkVN9d4swT5ZnhY
n5c8VcyGGDAmrvT1bH0Htbdkhh3JqBoYH2QhV+HYlzcrs3GLV4EE8hEtVR49Zjfo
W4w4G8L2CjPnc1BPaQDfnwWezeGEs1V181iTCWL/gngP+2pQK7Ct2RS/wnGn2Lvf
0W3odyA5fFnitE1Vf7Nq7TcV6l3zzUFYoDjSM8niiNDbM+EzT73WRwxo5IhQ0z71
RvZS5oNXihGx63e0BOJ+Z3N3ZviFOGdVciQTc5t2R1Uvrehw/vAmrylShcRfx+7b
JA54TsOtaE9n5st91lNs9ccJm9F1xd32
=zqJJ
-END PGP SIGNATURE-

Re: systrace: vi policy

[Ben Calvert]

On Sun, 12 Nov 2006 12:15:39 -0600 (CST)
Jacob Yocom-Piatt [EMAIL PROTECTED] wrote:

  Original message 
 Date: Sun, 12 Nov 2006 10:26:10 -0500
 From: Okan Demirmen [EMAIL PROTECTED]  
 Subject: Re: systrace: vi policy  
 To: misc@openbsd.org
 
 On Sun 2006.11.12 at 08:55 -0600, Jacob Yocom-Piatt wrote:
 
 consider sorting your policies...also, try to be more generic in
 other places, for example, match /usr/lib/libc.so.*
  
native-fswrite: filename eq /tmp/* then permit
 
 use match
 
 
 okan,
 
 that did the trick, thx for the syntax advice. is there any
 particular utility you recommend for sorting the syscalls?

have you tried  sort(1) ?

 
 cheers,
 jake
 

Ben

-
I'm also not very analytical.  You know I don't spend a lot of time
thinking about myself, about why I do things.

George W. Bush
June 4, 2003
Aboard Air Force One

OpenBSD isakmpd connectivity problem (or misunderstanding?)

[Tonnerre LOMBARD]

Salut,

I have a problem with direct connection of two servers using IPsec. The
IKE key exchange always comes up, but then it seems that both the routing
and the encryption go entirely wrong.

The host exchange their internal addresses (10.16.1.1 and 10.1.1.1) as
ID tokens for phase 2. However, if I try to ping 10.16.1.1 from
10.1.1.1, the packets go out the external interface - unencrypted.

If, however, I replace the ID tokens with the corresponding IP subnets
(10.16.0.0/16 and 10.1.0.0/16), I get an even more weird effect:

* 10.16.0.0/16 can communicate with 10.1.0.0/16 just fine
* 10.1.0.0/16 can communicate with 10.16.0.0/16 just as well
* 10.16.1.1 can not reach 10.1.0.0/16, however, people in 10.1.0.0/16 can
  connect to 10.16.1.1 just fine
* 10.1.1.1 can not reach 10.16.0.0/16, however, people in 10.16.0.0/16
  can connect to 10.1.1.1 just fine

[EMAIL PROTECTED] cat /etc/isakmpd/isakmpd.conf
[General]
Default-phase-1-lifetime= 120,60:3600
Default-phase-2-lifetime= 120,60:3600
Retransmits= 5
Check-interval= 5
Exchange-max-time= 120
Listen-on= external_ip_address_of_wg
Policy-File= /etc/isakmpd/isakmpd.policy

[Phase 1]
external_ip_address_of_sygroup= ISAKMP-peer-sygroup

[Phase 2]
Connections= IPsec-wg-sygroup

[ISAKMP-peer-sygroup]
Phase=  1
Transport=  udp
Local-address=  external_ip_address_of_wg
Address=external_ip_address_of_sygroup

[IPsec-wg-sygroup]
Phase=  2
ISAKMP-peer=ISAKMP-peer-sygroup
Configuration=  Default-quick-mode
Local-ID=   Net-wg
Remote-ID=  Net-sygroup

[Net-wg]
ID-type=IPV4_ADDR_SUBNET
Network=10.16.0.0
Netmask=255.255.0.0

[Net-sygroup]
ID-type=IPV4_ADDR_SUBNET
Network=10.1.0.0
Netmask=255.255.0.0

# Quick mode description
[Default-quick-mode]
EXCHANGE_TYPE=  QUICK_MODE
Suites= QM-ESP-TWOFISH-SHA-PFS-SUITE


[EMAIL PROTECTED] cat /etc/isakmpd/isakmpd.conf
[General]
Default-phase-1-lifetime= 120,60:3600
Default-phase-2-lifetime= 120,60:3600
Retransmits= 5
Check-interval= 5
Exchange-max-time= 120
Listen-on= external_ip_of_sygroup
Policy-File= /etc/isakmpd/isakmpd.policy

[Phase 1]
external_ip_of_wg= ISAKMP-peer-wg

[Phase 2]
Connections= IPsec-sygroup-wg

[ISAKMP-peer-wg]
Phase=  1
Transport=  udp
Local-address=  external_ip_of_sygroup
Address=external_ip_of_wg

[IPsec-sygroup-wg]
Phase=  2
ISAKMP-peer=ISAKMP-peer-wg
Configuration=  Default-quick-mode
Local-ID=   Net-sygroup
Remote-ID=  Net-wg

[Net-wg]
ID-type=IPV4_ADDR_SUBNET
Network=10.16.0.0
Netmask=255.255.0.0

[Net-sygroup]
ID-type=IPV4_ADDR_SUBNET
Network=10.1.0.0
Netmask=255.255.0.0

# Quick mode description
[Default-quick-mode]
EXCHANGE_TYPE=  QUICK_MODE
Suites= QM-ESP-BLF-SHA-PFS-SUITE

(This is the config where the clients can actually connect to each
other. If I replace the Network= with Address= and set ID-type to
IPV4_ADDR, the two routers still can't connect to each others, but
neither can the clients.)

The point of the whole exercise is that I have a lot of IPsec nodes
and should propagate their routes using some routing protocol. Any ideas
on how to make the two routers talk to each other?

Tonnerre

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: OpenBSD isakmpd connectivity problem (or misunderstanding?)

[Ralph Gessner]

Tonnerre LOMBARD schrieb:
 Salut,
 
 I have a problem with direct connection of two servers using IPsec. The
 IKE key exchange always comes up, but then it seems that both the routing
 and the encryption go entirely wrong.
 
 The host exchange their internal addresses (10.16.1.1 and 10.1.1.1) as
 ID tokens for phase 2. However, if I try to ping 10.16.1.1 from
 10.1.1.1, the packets go out the external interface - unencrypted.

You realy do a ping -I 10.1.1.1 10.16.1.1 or only a ping 10.16.1.1?

You must have the 10.1.1.1 as source ip. A normal ping on the gateway
ueses the external ip as source!


 If, however, I replace the ID tokens with the corresponding IP subnets
 (10.16.0.0/16 and 10.1.0.0/16), I get an even more weird effect:
 
 * 10.16.0.0/16 can communicate with 10.1.0.0/16 just fine
 * 10.1.0.0/16 can communicate with 10.16.0.0/16 just as well
 * 10.16.1.1 can not reach 10.1.0.0/16, however, people in 10.1.0.0/16 can
   connect to 10.16.1.1 just fine
 * 10.1.1.1 can not reach 10.16.0.0/16, however, people in 10.16.0.0/16
   can connect to 10.1.1.1 just fine

Sound like the same problem :)


Ralph

Re: OpenBSD isakmpd connectivity problem (or misunderstanding?)

[Tonnerre LOMBARD]

Salut,

On Sun, Nov 12, 2006 at 10:24:23PM +0100, Ralph Gessner wrote:
 You realy do a ping -I 10.1.1.1 10.16.1.1 or only a ping 10.16.1.1?

 You must have the 10.1.1.1 as source ip. A normal ping on the gateway
 ueses the external ip as source!

Yes, this one works so far. However, how would one configure this
statically? Is there any way other than route add -host 10.1.1.1 10.16.1.1 ?

 Sound like the same problem :)

I imagined.

Tonnerre

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: spamd delay times

[Josh]

From the spamd man page:

GREYLISTING
 When run in greylisting mode, spamd will run in the normal mode for
any
 addresses blacklisted by spamd-setup(8).  Connections from
addresses not
 blacklisted by spamd-setup(8) will be considered for greylisting.
Such
 connections will not be stuttered at (though see the -S option
above)

 -S secs
 Stutter at greylisted connections for the specified amount
of
 seconds, after which the connection is not stuttered at.
De-
 faults to 10.



On Sun, 2006-11-12 at 08:03 +0059, Han Boetes wrote:

 So I was looking through the spamd logs and noticed that the usual
 connection time for spamd is quite low.
 
   Nov 12 07:48:56 haddock spamd[15350]: 70.19.196.10: disconnected after 3 
 seconds.
   Nov 12 07:48:58 haddock spamd[15350]: 211.55.172.149: disconnected after 3 
 seconds.
   Nov 12 07:49:11 haddock spamd[15350]: 87.14.244.249: disconnected after 5 
 seconds.
   Nov 12 07:49:14 haddock spamd[15350]: 121.141.166.94: disconnected after 3 
 seconds.
   Nov 12 07:49:19 haddock spamd[15350]: 70.19.196.10: disconnected after 3 
 seconds.
   Nov 12 07:49:23 haddock spamd[15350]: 81.190.109.130: disconnected after 3 
 seconds.
   Nov 12 07:49:26 haddock spamd[15350]: 59.21.1.177: disconnected after 3 
 seconds.
   Nov 12 07:49:57 haddock spamd[15350]: 127.0.0.1: disconnected after 25 
 seconds.
 
 
 Especially if you find claims like from http://www.benzedrine.cx/relaydb.html
 
   Aug 24 23:10:13 spamd: 213.30.181.11: disconnected after 2864 seconds.
 
 
 So I connected to spamdb:
 
   ~% nc localhost 8025
   220 haddock ESMTP spamd IP-based SPAM blocker; Sun Nov 12 08:01:56 2006
   helo dood
   250 Hello, spam sender. Pleased to be wasting your time.
 
 
 And to my surprise only the first 10 chars are delayed with the
 standard delay of 1 second. The rest is returned at full speed.
 Is this OK? Shouldn't the whole connection be delayed?
 
 
 I'm running spamd like this:
 
   /usr/libexec/spamd -v -G7:4:864 -r451 -g
 
 
 
 # Han

Re: OpenBSD isakmpd connectivity problem (or misunderstanding?)

[Ralph Gessner]

Tonnerre LOMBARD wrote:

 You must have the 10.1.1.1 as source ip. A normal ping on the gateway
 ueses the external ip as source!
 
 Yes, this one works so far. However, how would one configure this
 statically? Is there any way other than route add -host 10.1.1.1 10.16.1.1 ?

I know no way of configure this as a default.
And I dont think the route will do what you want.

But most tools have a option to set the address to bind.
(i.e. ssh -b address; ping -I address)

Most applications like named, sendmail, apache have also a configuration
option to select the bind address.

Maybe another way is setting up a second tunnel to encrypt the traffic
between the two outside interfaces of your gatways.


Ralph

Re: OpenBSD isakmpd connectivity problem (or misunderstanding?)

[Ralph Gessner]

I wrote:


 Maybe another way is setting up a second tunnel to encrypt the traffic
 between the two outside interfaces of your gatways.

If you are using 4.0 then it is worth reading the manpage of
ipsec.onf(5). It has greatly improved since 3.9 and there is almost no
need to use isakmpd.conf/isakmpd.policy.

In your case, maybe a:


ike esp from ourside-gw1 to outside-gw2
ike esp from 10.16.0.0/16 to 10.1.0.0/16 peer outside-gw2


in the first gatways ipsec.conf and a corresponding configuration on the
second gatway will do the work.


Ralph

-- 
--- Ralph Gessner 
PGP: RSA:0xAEB9DC31  S/MIME:   [EMAIL PROTECTED]
 DSS:0x566405B9  http://www.shryke.de/ca[EMAIL PROTECTED]
--

Re: ftp-proxy issues

[Joachim Schipper]

(Note: since most of this could be relevant, I snipped very little.
Scroll down some.)

On Sat, Nov 11, 2006 at 03:43:18PM +0100, Marc Peters wrote:
 hi folks.
 
 i have issues with the ftp-proxy. i am using openbsd 4.0 which i fetch 
 during the release-phase, so i think it is on status of -release. this 
 box is the firewall of our network, with three interfaces. xl0 is for 
 the internal lan, xl1 is for our dmz and xl2 is connected to internet. 
 for all ftp-transactions to the dmz we use the ftp-proxy.
 on one server, everything is working fine. on the other server, 
 ftp-proxy shows a strange behaviour. let me show you an example, to make 
 things clearer.
 
 the working host:
 logging in, everythings fine. now if i want to cd some directories 
 deeper at once, ftp-proxy is working and contacting the ftp-server, 
 which is running proftpd, correctly:
 
 the commands i use:
 
 ftp pwd
 257 / is current directory.
 ftp cd internet/foo-com/staging/htdocs/leistungen
 250 CWD command successful
 ftp pwd
 257 /internet/foo-com/staging/htdocs/leistungen is current directory.
 ftp
 
 here comes the log from proftpd:
 
 194.245.32.254 UNKNOWN ftpuser [11/Nov/2006:15:06:57 +0100] PWD 257 -
 194.245.32.254 UNKNOWN ftpuser [11/Nov/2006:15:08:09 +0100] CWD 
 internet/foo-com/staging/htdocs/leistungen 250 -
 194.245.32.254 UNKNOWN ftpuser [11/Nov/2006:15:08:09 +0100] PWD 257 -
 
 and now the output from the ftp-proxy host i tool with tcpdump -Xttti 
 xl0 (lan):
 Nov 11 15:08:10.069206 192.168.0.14.49210  workinghost.domain.com.ftp: 
 P 128:183(55) ack 403 win 65535 nop,nop,timestamp 74216628 3435911183 
 (DF) [tos 0x10]
   : 4510 006b 1f95 4000 4006 23ba c0a8 530e  [EMAIL PROTECTED]@.#B:CB(S.
   0010: c2f5 2082 c03a 0015 0fad 434a eff6 19c4  CC5 .C:...B-CJC/C6.C
   0020: 8018  0ad8  0101 080a 046c 74b4  ..C?C?.C...ltB4
   0030: cccb d80f 4357 4420 696e 7465 726e 6574  CCC.CWD internet
   0040: 2f7a 6569 747a 6272 6579 6572 2d64 652f  /foo-com/
   0050: 7374 st
 
 Nov 11 15:08:10.070428 workinghost.domain.com.ftp  192.168.0.14.49210: 
 P 403:431(28) ack 183 win 17376 nop,nop,timestamp 3435911328 74216628 (DF)
   : 4500 0050 7ac4 4000 4006 c8b5 c2f5 2082  [EMAIL PROTECTED]@.CB5CC5 .
   0010: c0a8 530e 0015 c03a eff6 19c4 0fad 4381  CB(S...C:C/C6.C.B-C.
   0020: 8018 43e0 4d63  0101 080a cccb d8a0  ..CC Mc..CCC 
   0030: 046c 74b4 3235 3020 4357 4420 636f 6d6d  .ltB4250 CWD comm
   0040: 616e 6420 7375 6363 6573 7366 756c 0d0a  and successful..
 
 Nov 11 15:08:10.070715 192.168.0.14.49210  workinghost.domain.com.ftp: 
 . ack 431 win 65535 nop,nop,timestamp 74216628 3435911328 (DF) [tos 0x10]
   : 4510 0034 1f96 4000 4006 23f0 c0a8 530e  [EMAIL PROTECTED]@.#C0CB(S.
   0010: c2f5 2082 c03a 0015 0fad 4381 eff6 19e0  CC5 .C:...B-C.C/C6.C 
   0020: 8010  43ad  0101 080a 046c 74b4  ..C?C?CB-...ltB4
   0030: cccb d8a0CCC 
 
 Nov 11 15:08:10.072944 192.168.0.14.49210  workinghost.domain.com.ftp: 
 P 183:188(5) ack 431 win 65535 nop,nop,timestamp 74216628 3435911328 
 (DF) [tos 0x10]
   : 4510 0039 1f97 4000 4006 23ea c0a8 530e  [EMAIL PROTECTED]@.#C*CB(S.
   0010: c2f5 2082 c03a 0015 0fad 4381 eff6 19e0  CC5 .C:...B-C.C/C6.C 
   0020: 8018  a53b  0101 080a 046c 74b4  ..C?C?B%;...ltB4
   0030: cccb d8a0 5057 440d 0a   CCC PWD..
 
 Nov 11 15:08:10.073491 workinghost.domain.com.ftp  192.168.0.14.49210: 
 P 431:511(80) ack 188 win 17376 nop,nop,timestamp 3435911328 74216628 (DF)
   : 4500 0084 6e1b 4000 4006 d52a c2f5 2082  [EMAIL PROTECTED]@.C*CC5 .
   0010: c0a8 530e 0015 c03a eff6 19e0 0fad 4386  CB(S...C:C/C6.C .B-C.
   0020: 8018 43e0 58e5  0101 080a cccb d8a0  ..CC XC%..CCC 
   0030: 046c 74b4 3235 3720 222f 696e 7465 726e  .ltB4257 /intern
   0040: 6574 2f7a 6569 747a 6272 6579 6572 2d64  et/foo-com
   0050: 652f /
 
 
 and the outgoing part on the dmz-interface:
 
 Nov 11 15:08:10.069396 ftp-proxy.domain.com.10146  
 workinghost.domain.com.ftp: P 128:183(55) ack 403 win 16384 
 nop,nop,timestamp 4038516918 1475073962 (DF)
   : 4500 006b 73e1 4000 4006 ff40 c2f5 20fe  [EMAIL PROTECTED]@[EMAIL 
 PROTECTED] C
   0010: c2f5 2082 27a2 0015 8ee7 5ff7 482f c21e  CC5 .'B...C'_C7H/C.
   0020: 8018 4000 13b1  0101 080a f0b6 e0b6  [EMAIL PROTECTED] B6
   0030: 57eb d7aa 4357 4420 696e 7465 726e 6574  WC+CB*CWD internet
   0040: 2f7a 6569 747a 6272 6579 6572 2d64 652f  /foo-com/
   0050: 7374 st
 
 Nov 11 15:08:10.070341 workinghost.domain.com.ftp  
 ftp-proxy.domain.com.10146: P 403:431(28) ack 183 win 1448 
 nop,nop,timestamp 1475146718 4038516918 (DF) [tos 0x10]
   : 4510 0050 2287 4000 4006 50a6 c2f5 2082  E..P[EMAIL 
 PROTECTED]@.PBCC5 .
   0010: c2f5 20fe 0015 27a2 482f c21e 8ee7 602e  CC5 C..'BH/C..C'`.
   0020: 8018 05a8 b8d0  0101 080a 57ec f3de  

Re: NFS and suspend

[Andreas Bihlmaier]

On Sun, Nov 12, 2006 at 10:31:40AM -0800, Greg Thomas wrote:
 Half the time after resuming my T40 laptop from suspend my NFS
 connection hangs.  If I do a df or do shell file name completion on
 the mounted directory name my xterm hangs:
 
 [EMAIL PROTECTED] df -k
 nfs server grits:/home: not responding
 
 [EMAIL PROTECTED] ls donfs server grits:/home: not responding
 [EMAIL PROTECTED] ls
 DownloadsMusicdocs photos   sigs
 GNUstep  bin  packages.txt ports_list   stuff
 
 docs is the NFS mounted directory.
 
 And I get processes I can't kill, even with with SIGKILL:
 ethant9923  0.0  0.0   284   140 p1- D  9:50AM0:00.02 df -k
 
 [EMAIL PROTECTED] cat /etc/fstab
 /dev/wd0a / ffs rw 1 1
 /dev/wd0b /tmp mfs rw,nodev,nosuid,-s=512000 0 0
 /dev/wd0f /home ffs rw,nodev,nosuid,softdep 1 2
 /dev/wd0e /usr ffs rw,nodev 1 2
 /dev/wd0d /var ffs rw,nodev,nosuid 1 2
 grits:/home /home/grits nfs rw,nodev,nosuid,tcp,soft,intr 0 0
 
 I haven't used NFS in quite some time.  Is this expected behaviour or
 should it fail more gracefully with the soft mount?  And even if it's
 not expected behaviour is there anyway to clear this without a reboot?
 
snip dmesg

No,
you either have to use UDP,
or mount it again (i.e. mount /home/grits again, you'll have 2 mounts,
1 dead the new, alive one on top).

Regards,
ahb

Re: OpenBSD Audio series other than bsdtalk ?

[Girish Venkatachalam]

On Sat, Nov 11, 2006 at 09:12:37PM -0500, Jason Dixon wrote:
 Thank you very much.  In spite of bob@'s heckling, it was a lot of fun.
 

Dear Jason,
 
 I must admit than when I heard the audio I found the talk to be somewhat 
superficial though humorous. However once I saw the video I got convinced that 
your talk has immense technical meat as well.

 If you talk only tech that scares folks away and their attention will not 
stick.

 Anyway I have one important question.

 What software did you use for your slides? 

 I know it is not magicpoint and of course not Monkeysoft stuff.

 What is it?

 Thanks.

 Nice job done! :)

regards,
Girish

-- 
Linux is for folks who hate Windoze.

FreeBSD is for folks who love UNIX.

OpenBSD is for folks who can't live without UNIX.

Re: NFS and suspend

[Greg Thomas]

On 11/12/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote:

On Sun, Nov 12, 2006 at 10:31:40AM -0800, Greg Thomas wrote:
 Half the time after resuming my T40 laptop from suspend my NFS
 connection hangs.  If I do a df or do shell file name completion on
 the mounted directory name my xterm hangs:

 [EMAIL PROTECTED] df -k
 nfs server grits:/home: not responding

 [EMAIL PROTECTED] ls donfs server grits:/home: not responding
 [EMAIL PROTECTED] ls
 DownloadsMusicdocs photos   sigs
 GNUstep  bin  packages.txt ports_list   stuff

 docs is the NFS mounted directory.

 And I get processes I can't kill, even with with SIGKILL:
 ethant9923  0.0  0.0   284   140 p1- D  9:50AM0:00.02 df -k

 [EMAIL PROTECTED] cat /etc/fstab
 /dev/wd0a / ffs rw 1 1
 /dev/wd0b /tmp mfs rw,nodev,nosuid,-s=512000 0 0
 /dev/wd0f /home ffs rw,nodev,nosuid,softdep 1 2
 /dev/wd0e /usr ffs rw,nodev 1 2
 /dev/wd0d /var ffs rw,nodev,nosuid 1 2
 grits:/home /home/grits nfs rw,nodev,nosuid,tcp,soft,intr 0 0

 I haven't used NFS in quite some time.  Is this expected behaviour or
 should it fail more gracefully with the soft mount?  And even if it's
 not expected behaviour is there anyway to clear this without a reboot?

snip dmesg

No,
you either have to use UDP,
or mount it again (i.e. mount /home/grits again, you'll have 2 mounts,
1 dead the new, alive one on top).



Ah, I'll try UDP.  BTW, I get the same nfs server grits:/home: not
responding when I try to mount it again.

Thanks,
Greg

Re: OpenBSD Audio series other than bsdtalk ?

[Jason Dixon]

On Nov 12, 2006, at 8:23 PM, Girish Venkatachalam wrote:


On Sat, Nov 11, 2006 at 09:12:37PM -0500, Jason Dixon wrote:
Thank you very much.  In spite of bob@'s heckling, it was a lot of  
fun.


Dear Jason,

 I must admit than when I heard the audio I found the talk to  
be somewhat superficial though humorous. However once I saw the  
video I got convinced that your talk has immense technical meat as  
well.


 If you talk only tech that scares folks away and their  
attention will not stick.


 Anyway I have one important question.

 What software did you use for your slides?

 I know it is not magicpoint and of course not Monkeysoft stuff.

 What is it?


Apple Keynote.  I can't imagine creating the same thing in PowerPoint  
or OO Impress.  It simply would have been too painful.  I'm not sure  
how well either would have handled all 260 slides.



 Thanks.

 Nice job done! :)


Thank you.  :)

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

openbsd on cisco hardware?

[Jacob Yocom-Piatt]

i know this is likely not possible for a number of reasons but i figured i'd
ask: are there or have there been any plans to port openbsd to run on cisco
hardware?

googling for something like this is not very productive since the CARP vs. VRRP
and firewall interoperation links dominate searches with cisco openbsd in 
them.

cheers,
jake

Re: openbsd on cisco hardware?

[Craig Barraclough]

 i know this is likely not possible for a number of reasons 
 but i figured i'd
 ask: are there or have there been any plans to port openbsd 
 to run on cisco
 hardware?
 

Someone correct me if I'm wrong
Last time I had a look, the platform was essentially a PII, with fxp
NICs and a PCI (or was it ISA?) flash card for the OS.

-- 
Craig

Re: openbsd on cisco hardware?

[Jason George]

i know this is likely not possible for a number of reasons but i figured i'd
ask: are there or have there been any plans to port openbsd to run on cisco
hardware?

googling for something like this is not very productive since the CARP vs. VRRP
and firewall interoperation links dominate searches with cisco openbsd in 
them.


Older Cisco routers will typically have a Motorola 68k or some MIPS-based 
processor.  These devices will also usually have minimal RAM (1 to 4M).  Not 
exactly a great setup for a target platform...  I seem to recall that the 
030-based Mot systems may have also be lacking in a proper MMU, but I could be 
wrong.  I'm sure I'll be corrected by someone on the list.

Newer gear will have a MIPS or PowerPC processor in them.

x86 PIX boxes could conceivably be a target platform, but their lack of 
storage would require a flashboot-style installation, and thus would not be 
supported in an official manner, if even they were made to boot successfully.
The same would go for the non-x86 modern gear.

Frankly, Cisco's devices aren't even price-attractive, so as much as it would 
be mildly interesting to run OpenBSD on some PIX 515 boxes, it's a waste of 
time and money.

--Jason  

Re: how to use infrared remote control with openbsd ?

[Siju George]

On 11/12/06, Girish Venkatachalam [EMAIL PROTECTED] wrote:

On Sun, Nov 12, 2006 at 03:31:30AM -0800, Claude Brassel wrote:
 Hello,

 I'm using lirc on linux and i want to switch to openbsd but i can not find
 some equivalent package to lirc;

I am planning to port it to get it to work but I am not sure when I will be 
done. Do you want to sponsor it? :)


 Have i miss something or have some body a good idea ?

But I only want to support user space serial drivers to begin with as that is 
the remote I want to get working and that is the hardware I have.

After that you should pick up and run. :)



Great to see you in action buddy :-) Go on full speed ahead!

luv

Siju

Re: openbsd on cisco hardware?

[Tonnerre LOMBARD]

Salut,

On Mon, Nov 13, 2006 at 02:04:20PM +1100, Craig Barraclough wrote:
 Someone correct me if I'm wrong
 Last time I had a look, the platform was essentially a PII, with fxp
 NICs and a PCI (or was it ISA?) flash card for the OS.

Most Cisco hardware I'm aware of is either MIPS or PowerPC based.

Tonnerre

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: OpenBSD Audio series other than bsdtalk ?

[Girish Venkatachalam]

On Sun, Nov 12, 2006 at 09:18:31PM -0500, Jason Dixon wrote:
 On Nov 12, 2006, at 8:23 PM, Girish Venkatachalam wrote:
 
 On Sat, Nov 11, 2006 at 09:12:37PM -0500, Jason Dixon wrote:
  What software did you use for your slides?
 
  I know it is not magicpoint and of course not Monkeysoft stuff.
 
  What is it?
 
 Apple Keynote.  I can't imagine creating the same thing in PowerPoint  
 or OO Impress.  It simply would have been too painful.  I'm not sure  
 how well either would have handled all 260 slides.

Hey Dixon,

What apples and oranges man? :)

Give me some free software tool.

My mission in life is to kick the butt of all proprietary companies.:)

Ok, I think we will not have to wait long before we have such stuff 
available open source...

For now I plan to stick to mgp and S5.

Thanks.

regards,
Girish

-- 
Linux is for folks who hate Windoze.

FreeBSD is for folks who love UNIX.

OpenBSD is for folks who can't live without UNIX.