Re: automatic packages upgrade from ports
On Tue, Dec 12, 2006 at 07:29:45PM +0100, fv wrote: pkg_add -ui does what you want to do. (No, it doesn't go to ports, but you shouldn't, especially not if you must ask how to do this.) I just would like to maintain a local up-to-date package database compiled from ports so i can dot periodicaly: PKG_PATH=/usr/ports/packages/sparc64/All/ pkg_add -ui It's like a bulk build, but only for packages installed on my box. I don't why i should not do this as it's what is done on the openbsd main site but for all packages... Hmm, you're on a sparc. That changes things somewhat, as - IIRC - package updates are rather sporadic there. As to solutions and/or interesting options: - PKG_CACHE (pkg_add(8)) and FETCH_PACKAGES (bsd.port.mk(5)) - `make update' (ISTR that it was intended that this could be done in /usr/ports, but that it didn't actually work yet) - pkg_add via SSH - pkg_add via NFS For a simple scripted solution, something like for i in `pkg_info | sed -e 's/-[0-9].*//'`; do ...; done comes to mind. To do all hosts at once, use #/bin/sh TMP=`mktemp` || exit 1 ( for i in $HOSTS; do ssh $i pkg_info | sed -e 's/-[0-9].*//'`; done ) | sort | uniq $TMP for i in `cat $TMP`; do cd /usr/ports/*/$i make package; done Or a similar version with better error handling, possibly using something like tentakel or clusterit, and so on. (And remove the subshell if you are certain it isn't necessary; it isn't on ksh, but I'm not sure this extends to all Bourne shells.) Joachim
Thinkpad Fingerprint Sensors
Hi, will there be any support for the fingerprint sensor on the newer Thinkpads (anytime soon)? Linux: http://toe.ch/~tsa/ibm-fingerprint/ http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader http://www.qrivy.net/~michael/blua/ Vendor SDKs: Linux: http://www.upek.com/support/dl_linux_bsp.asp FreeBSD: http://www.upek.com/support/dl_freeBSD_bsp.asp - Michael
Re: autoconf error message suggestion
Okay, guys, kill it. The main issue I have with Karel is that he lacks basic tact. But saying metaauto lacks some documentation is not necessarily wrong. However, since he's already written opensource software, maybe he could contribute ? I wouldn't object to a set of manpages for metaauto. I won't necessarily have time to write it myself, obviously.
Re: Thinkpad Fingerprint Sensors
* Michael wrote: Hi, will there be any support for the fingerprint sensor on the newer Thinkpads (anytime soon)? Linux: http://toe.ch/~tsa/ibm-fingerprint/ http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader http://www.qrivy.net/~michael/blua/ Vendor SDKs: Linux: http://www.upek.com/support/dl_linux_bsp.asp FreeBSD: http://www.upek.com/support/dl_freeBSD_bsp.asp These are binary only (BLOB) drivers w/o source code. If you can find source code that would be better. With the current state of affairs (no source code, only BLOB) you will never get support for this device in OpenBSD .
Default route to VPN NAT on enc_if???
Hello, I've setup an VPN tunnel with pubblic IPs to default route. # netstat -rnf encap Routing tables Encap: Source Port DestinationPort Proto SA(Address/Proto/Type/Direction) 172.16.15.6/32 0 172.16.16.6/32 0 0 172.16.15.6/esp/use/in 172.16.16.6/32 0 172.16.15.6/32 0 0 172.16.15.6/esp/require/out default0 193.189.180.128/27 0 0 172.16.15.6/esp/use/in 193.189.180.128/27 0 default0 0 172.16.15.6/esp/require/out Everything works as expected, all hosts in my network have access to internet. The only thing I am not sure is how to setup natting. What is my external interface in this example? bge0 as ethernet interface or enc0? nat on enc0 from $int_if:network to any - 193.189.180.129 Diagram: 193.189.180.129/27 (em1) hostA 172.16.16.6 (bge0) - VPN - hostB - default route 10.1.1.11 (bge1) /etc/mygate points to 193.189.180.129 Debug section: Ping from LAN looks on hostA as: # tcpdump -i bge1 icmp tcpdump: listening on bge1, link-type EN10MB 10:30:14.902581 10.1.1.104 fk-in-f99.google.com: icmp: echo request 10:30:15.912678 10.1.1.104 fk-in-f99.google.com: icmp: echo request 10:30:16.922770 10.1.1.104 fk-in-f99.google.com: icmp: echo request 10:30:17.932853 10.1.1.104 fk-in-f99.google.com: icmp: echo request enc0, bge0 shows nothing, so packets are not getting there. # tcpdump -i em1 icmp tcpdump: listening on em1, link-type EN10MB 10:35:52.650165 10.1.1.104 fk-in-f104.google.com: icmp: echo request 10:35:53.660104 10.1.1.104 fk-in-f104.google.com: icmp: echo request 10:35:54.670196 10.1.1.104 fk-in-f104.google.com: icmp: echo request 10:35:55.680285 10.1.1.104 fk-in-f104.google.com: icmp: echo request icmp ends on the wrong interface. If I remove my default route: route -qn delete default 193.189.180.129 # tcpdump -i bge1 icmp tcpdump: listening on bge1, link-type EN10MB 10:46:46.103245 10.1.1.104 fk-in-f99.google.com: icmp: echo request 10:46:46.103255 10.1.1.11 10.1.1.104: icmp: host fk-in-f99.google.com unreachable 10:46:47.113334 10.1.1.104 fk-in-f99.google.com: icmp: echo request 10:46:47.113344 10.1.1.11 10.1.1.104: icmp: host fk-in-f99.google.com unreachable 10:46:48.123425 10.1.1.104 fk-in-f99.google.com: icmp: echo request 10:46:48.123434 10.1.1.11 10.1.1.104: icmp: host fk-in-f99.google.com unreachable It looks like hostA is missing that route now? What should I set for default gateway and NAT to send packets on the right interface? Regards, Mitja
Re: OpenBSD/amd64 on VMware = sloooooow?
According to VMware, you'll need AMD64 CPUs that are made using 90nm. That should be the only requirement. I too test my 64-bit OpenBSD guests on a Linux host running CentOS 4.4 (2.6.9-42.0.2.EL kernel). i386 works like a charm. amd64 performs like a VAX. However, I've tested NetBSD/amd64 (2.0 I think) and that worked just fine. If I remember correctly, the performance problem manifests itself when there is forking involved. If you run CPU intensive jobs (like openssl speed), the performance is fine. If you do a ./configure on a port (which forks processes all the time), it drops to VAX speeds. I'll gladly test any suggestions. Here is output of /proc/cpuinfo from my Linux host: [EMAIL PROTECTED] ~]$ cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 15 model : 47 model name : AMD Athlon(tm) 64 Processor 3200+ stepping: 2 cpu MHz : 1994.273 cache size : 512 KB fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext lm 3dnowext 3dnow pni bogomips: 3993.80 TLB size: 1088 4K pages clflush size: 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: ts fid vid ttp [4] [5]
Re: OpenBSD/amd64 on VMware = sloooooow?
Just to follow up with some basic numbers. I run a perl program which executes uname -a 20 times while running vmstat 1 in another terminal. Notice vmstat reporting blocked processes in the run. Output below. $ time perl -e 'for($i=0;$i20;$i++) { print $i: .`uname -a`; }' 0: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 1: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 2: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 3: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 4: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 5: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 6: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 7: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 8: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 9: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 10: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 11: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 12: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 13: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 14: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 15: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 16: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 17: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 18: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 19: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64 0m10.91s real 0m8.68s user 0m0.90s system $ vmstat 1 procs memorypagedisk traps cpu r b wavmfre flt re pi po fr sr sd0 int sys cs us sy id 0 0 0 7576 192244 143 0 0 0 0 0 2 230 211 19 11 3 86 0 0 0 7576 19224415 0 0 0 0 0 0 247516 17 5 78 1 0 0 8524 191692 334 0 0 0 0 0 0 235 643 25 74 20 6 1 1 0 8800 191364 252 0 0 0 0 0 0 229 680 18 75 25 0 1 1 0 8884 191300 365 0 0 0 0 0 0 230 551 29 82 18 0 1 1 0 8904 191276 472 0 0 0 0 0 0 231 664 36 84 15 1 1 1 0 8880 191308 593 0 0 0 0 0 0 231 702 44 82 18 0 1 1 0 191292 442 0 0 0 0 0 0 231 580 35 85 15 0 2 0 0 8892 191296 450 0 0 0 0 0 0 226 604 34 78 22 0 1 1 0 191296 628 0 0 0 0 0 0 233 796 45 82 18 0 1 1 0 8896 191292 660 0 0 0 0 0 0 233 858 43 88 12 0 1 1 0 8900 191288 440 0 0 0 0 0 0 236 592 34 82 18 0 0 0 0 7576 192244 288 0 0 0 0 0 0 235 465 33 52 14 33 0 0 0 7576 192244 7 0 0 0 0 0 0 237195 3 2 95
Re: automatic packages upgrade from ports [solved]
Hello, sounds like you want to build a SUBDIRLIST with pkg_info(1). Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm Thanks for the advise. I found a very easy solution to do that: PLIST=$(mktemp) /usr/ports/infrastructure/build/out-of-date $PLIST cd /usr/ports/ SUBDIRLIST=$PLIST make clean package export PKG_PATH=/usr/ports/packages/sparc64/all/ pkg_add -ui Cheers, Francois Visconte
Load Balance Outgoing Traffic
Hi the load balancing and dont work my configuration OpenBSD 4.0 amd64 lan soekris lan1641, Four port 10/100 Mbit PCI Ethernet board lan_net = 192.168.1.0/24 int_if = sis3 ext_if1 = sis1 ext_if2 = sis0 ext_gw1 = 2x.x.x.x ext_gw2 = 2x.x.x.x # nat nat on $ext_if1 from $lan_net to any - ($ext_if1) nat on $ext_if2 from $lan_net to any - ($ext_if2) rdr on $ext_if2 proto tcp from any to any port 80 - 192.168.1.4 rdr on $ext_if1 proto tcp from any to any port 80 - 192.168.1.4 rdr on $ext_if2 proto tcp from any to any port 3389 - 192.168.1.4 rdr on $ext_if2 proto tcp from 200.118.109.58 to any port 1433 - 192.168.1.4 rdr on $ext_if2 proto tcp from 200.118.109.58 to any port 21 - 192.168.1.4 block log on $ext_if1 from any to any block log on $ext_if2 from any to any # pass all outgoing packets on internal interface #pass out on $int_if from any to $lan_net # pass in quick any packets destined for the gateway itself #pass in quick on $int_if from $lan_net to $int_if # load balance outgoing tcp traffic from internal network. pass in on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $lan_net to any flags S/SA modulate state # load balance outgoing udp and icmp traffic from internal network pass in on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $lan_net to any keep state # general pass out rules for external interfaces pass on $ext_if1 proto tcp from any to any flags S/SA modulate state pass on $ext_if1 proto { udp, icmp } from any to any keep state pass on $ext_if2 proto tcp from any to any flags S/SA modulate state pass on $ext_if2 proto { udp, icmp } from any to any keep state # route packets from any IPs on $ext_if1 to $ext_gw1 and the same for # $ext_if2 and $ext_gw2 pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
Re: help! 855 chipset resolution
Why don't you just set aside a partiton for OpenBSD and dual-boot until you get your setup to the point that you can work with it? -RjH
Re: help! 855 chipset resolution
yes... that's probably the solution... gosh... this means that I have to re-install both things... anyway... 2006/12/13, [EMAIL PROTECTED] [EMAIL PROTECTED]: Why don't you just set aside a partiton for OpenBSD and dual-boot until you get your setup to the point that you can work with it? -RjH
help! 855 chipset resolution
Hi folks and Naoki, I have done it... I have installed o'bsd on my production laptop (fujitsu siemens lifebook p7010) and it seems to work quite nice BUT for one VERY important thing: screen resolution. It's showing 1024x768 whilst the laptop can reach 1280x768 I was aware of this because in GNU/Linux it's the same but I was always able to patch it or to use 915resolution... but dmesg shows: - OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.20GHz (GenuineIntel 686-class) 1.21 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,F XSR,SSE,SSE2,SS,TM,SBF,EST,TM2 cpu0: Enhanced SpeedStep 1200 MHz (940 mV): speeds: 1200, 1100, 1000, 900, 800, 600 MHz real mem = 1063809024 (1038876K) avail mem = 962383872 (939828K) using 4256 buffers containing 53293056 bytes (52044K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(ba) BIOS, date 05/09/05, BIOS32 rev. 0 @ 0xfd720, SMBIOS rev . 2.3 @ 0xe80c0 (43 entries) bios0: FUJITSU SIEMENS 00 pcibios0 at bios0: rev 2.1 @ 0xfd720/0x8e0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf40/160 (8 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0xd200! 0xdc000/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82852GM Hub-PCI rev 0x02 Intel 82852GM Memory rev 0x02 at pci0 dev 0 function 1 not configured Intel 82852GM Configuration rev 0x02 at pci0 dev 0 function 3 not configured vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture at 0xd800, siz e 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82852GM AGP rev 0x02 at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x03: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x03: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x03: irq 11 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with 4 removable, self powered ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x83 pci1 at ppb0 bus 1 cbb0 at pci1 dev 10 function 0 Ricoh 5C476 CardBus rev 0xab: irq 11 cbb1 at pci1 dev 10 function 1 Ricoh 5C476 CardBus rev 0xab: irq 11 Ricoh 5C552 Firewire rev 0x03 at pci1 dev 10 function 2 not configured vendor Ricoh, unknown product 0x0576 (class system subclass miscellaneous, rev 0x01) at pci1 dev 10 function 3 not configured Ricoh 5C592 Memory Stick rev 0x00 at pci1 dev 10 function 4 not configured rl0 at pci1 dev 12 function 0 Realtek 8139 rev 0x10: irq 11, address 00:0b:5d:91:6d:e 8 rlphy0 at rl0 phy 0: RTL internal PHY iwi0 at pci1 dev 13 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, address 00 :0e:35:34:e3:60 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 3 device 0 cacheline 0x0, lattimer 0x20 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x03 pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x03: DMA, channel 0 configu red to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: FUJITSU MHT2080AH wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 ignored (disabled) ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x03: irq 11 iic0 at ichiic0 auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x03: irq 11, ICH4 AC97 ac97: codec id 0x414c4770 (Avance Logic ALC203 rev 0) ac97: codec features headphone, 20 bit DAC, 18 bit ADC, No 3D Stereo audio0 at auich0 Intel 82801DB Modem rev 0x03 at pci0 dev 31 function 6 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 biomask effd netmask effd ttymask pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 --
Re: help! 855 chipset resolution
Vim Visual wrote: ... vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture at 0xd800, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82852GM AGP rev 0x02 at pci0 dev 2 function 1 not configured ... NOT CONFIGURED! rgh! Don't panic. This is normal: it is the *second* head that is not configured. The first head is configured as vga1, and the AGP aperture is also detected properly. and of course 915resolution doesn't work!! This might be due to you using it incorrectly, since it works fine for quite a lot of people. :) In cases like this, always post the *exact* command line and options that you tried, and include *complete* logs of any error messages. 1280patch-845g-855gm-865g.c:307: warning: assignment makes pointer from integer without a cast Unfortunately, your attachment got stripped, since misc@ doesn't accept any attachments. Also, I would be surprised if Linux code compiled as-is on any other operating system. :) If the source code is not too large, you might want to post it inline, but preferably give the URL where you downloaded it from.
Re: help! 855 chipset resolution
Hi Dimitry and Gerhard, first of all i apologise but I really was/am in panic... as I said, this is my production laptop, the small little toy in front of which I spend some ~10 hours a day! I have spent quite a few days to learn the fundamentals of o'bsd on a crashbox (this one, an ibm t43p) and was very happy with the result; I even bought the absolute book and read quite a few chapters... I cannot afford to have a non-functional (I know this is an exaggerated statement) production laptop for longer than, say, a few hours. As a matter of fact I am reinstalling GNU/Linux right now because I HAVE to work this evening (the installation and set up takes ~20 min) Anyway... 1- Why should I give gcc the path to io.h? (and where is it, btw, a locate will be random in my case because I do not know what io.h is) In GNU/Linux I don't have to do it and seemingly the folks of FreeBSD/NetBSD neither. Does it depend on the gcc version? 2- Another BIG problem for me is that apm does not work. I NEED apm -S. Again, this is an exaggerated statement but I am used to suspend to RAM the laptop some ~5 times a day because I have to run from one office to another because there's a meeting or whatever I am really disappointed. I was looking so much forward to moving to o'bsd... And the main problem is that I love my laptop: 1280x768 on a 10.2 crispy screen (I use an external screen in the office but for the train, cafe etc it's perfect), 80GB disk, 1GB RAM, doesn't get hot, 1.2 kg (!!) I really cannot make it without that little thing and I WANT o'bsd on it but as I said some 3 weeks ago 1- I need wlan connection (guess it'll work just as it's working on this one, same chipset) 2- I need the full screen resolution 3- I need apm working If you guys say it's going to work and it was a mere problem of compilation I'll sure give it a second try for the resolution... but what do you say regarding apm??? This is the FreeBSD site where you can find the patch (sorry about that, I didn't know) http://www.jail.se/p7010.html -- http://www.jail.se/p7010/1280patch-845g-855gm-865g.c This might be due to you using it incorrectly, since it works fine for quite a lot of people. :) In cases like this, always post the *exact* command line and options that you tried, and include *complete* logs of any error messages. yes, you're right, I was too nervous, sorry But I don't think it was my problem. I know 915resolution and have used it with GNU/Linux without a worry... I am a o'bsd n00b but not a GNU/Linux newbie :) Thanks in any case for your quick fedback and sorry about the hysterical reaction...
Re: help! 855 chipset resolution
Hi there, On Dec 13, 2006, at 3:09 PM, Vim Visual wrote: yes... that's probably the solution... gosh... this means that I have to re-install both things... anyway... Nonsense! :-) You can make room on your harddrive by resizing some of your partitions so that OpenBSD fits on it too. All you need is Knoppix or some other Live CD of your choice with some decent partitioning tools on it. regards, Tobias
Re: VPN stability issues with a Fortigate peer
Hi Stephen, Thanks for the feedback. I was able to get things working but I had to disable DPD on the Fortigate side and with advice from Hans-Joerg Hoexer I was able to disable DPD by removing the dynamic mode from ipsec.conf. It would be nice to be able to get DPD working and it would also be handy if you could disable DPD when using dynamic mode, possibly with a set dpd off option? Can any developers on the list comment? Cheers, -Chris -Original Message- From: Stephen J. Bevan [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 7:19 PM To: Chris Jones Cc: misc@openbsd.org Subject: VPN stability issues with a Fortigate peer Chris Jones writes: I'm running the release version or OpenBSD 4.0 on my firewall and experiencing some odd IPSEC VPN behavior when connecting to a Fortigate peer. The tunnel will come up just fine but will randomly go down and then come back up and will continue this cycle. Unfortunately both FortiGate and OpenBSD don't follow Postel's advice to be liberal in what you accept (OpenBSD) and conservative in what you send (FortiGate). RFC 3706 section 5.3 says that the DOI SHOULD (not MUST) be 1. When the FortiGate sends a DPD with a DOI of 0, OpenBSD rejects it because that sends it to the ISAKMP handler which drops NOTIFY messages (see annotated trace below). If you only need DPD on one end and OpenBSD will send a DPD Vendor ID without trying to send a DPD (I haven't checked) then you can leave DPD enabled on the FortiGate and disable it OpenBSD. If that won't work or isn't acceptable (won't work too well if the FortiGate is configured with a dynamic connection) then to get FortiGate and OpenBSD DPD to interoperate you'll need to get one or both of FortiGate and OpenBSD to change their code. For FortiGate, send email to their customer support. In the case of OpenBSD maybe it is as simple as copying over the DPD message parsing from src/sbin/isakmpd/ipsec.c:ipsec_responder and put it in src/sbin/isakmpd/isakmpd_doi.c:isakmp_responder. BTW Cisco IOS (12.4) does follow the be liberal in what you accept recommendation in this case and will accept a DPD with a DOI of 0 from a FortiGate (though it will log a warning for DPD R U THERE). I am running isakmpd with the -K option and using ipsecctl to establish flows and SA's. This is what my ipsec.conf looks like: remote_gw = 10.1.1.1 flow esp from 192.168.8.1/32 to 192.168.0.0/16 peer $remote_gw type bypass ike dynamic esp from 192.168.8.0/24 to 192.168.0.0/16 peer $remote_gw \ aggressive auth hmac-sha1 enc 3des group modp1536 \ quick auth hmac-sha1 enc 3des group modp1536 \ srcid [EMAIL PROTECTED] \ psk sharedsecret The peer is DPD capable and enabled with the following settings: retry-count: 3 retry-interval: 5 After running isakmpd in debug mode (isakmpd -d -DA=50 -K) and after running ipsecctl I issued a continuous ping to one of the hosts at the other side of the tunnel. The ping ran fine for a period of time and then stopped. Here is the ouput from the debug: 073059.683292 Cryp 30 crypto_decrypt: after decryption: 073059.686654 Cryp 30 0118 fbbe1146 c43cf921 dc386a4a 0dfc2751 e4cf2a6d 0a34 0001 073059.689438 Cryp 30 0001 0028 01030401 f286fdea 001c 0103 80010001 800204b0 073059.692737 Cryp 30 80040001 80050002 80030005 0414 c5664590 c4700a67 9cec6a71 633ffd8c 073059.695546 Cryp 30 05c4 6214a4ed 31ca88ca 0945b3d6 dd2c44ef d03b008d 72b5ea00 273d3e0a 073059.698996 Cryp 30 5ec40d98 02c0ebad e3eac805 f87fa1ee 1142e2fd 92aee043 09e84e1c 3788c268 073059.701817 Cryp 30 4fdab8c6 1cbfad15 8123a459 df7a9a3b 66db84c5 59211ec4 90882bfc 2ae61c66 073059.705109 Cryp 30 6d35acdf 585d0b08 c5560cf9 d4a996a7 32a18daa d3385206 7ce49f52 f5bab82c 073059.707999 Cryp 30 12b6cc01 29fec19b 3f582995 e80637b4 5e99d396 3a3b650b 2d78dd5f 44879af5 073059.711332 Cryp 30 1f8e016d 27c69817 341c6984 52e4f663 175db8ba c206fb2b 08b9d0df f46705c1 073059.714125 Cryp 30 5a7d0a5a 0510 0400 0a4c0800 ff00 0010 0400 0a4c 073059.717252 Cryp 30 073059.719573 Mesg 50 message_parse_payloads: offset 28 payload HASH 073059.722425 Mesg 50 message_parse_payloads: offset 52 payload SA 073059.724772 Mesg 50 message_parse_payloads: offset 104 payload NONCE 073059.727806 Mesg 50 message_parse_payloads: offset 124 payload KEY_EXCH 073059.730126 Mesg 50 message_parse_payloads: offset 320 payload ID 073059.733027 Mesg 50 message_parse_payloads: offset 336 payload ID 073059.735500 Mesg 50 message_parse_payloads: offset 64 payload PROPOSAL 073059.738492 Mesg 50 message_parse_payloads: offset 76 payload TRANSFORM 073059.740835 Mesg 50 Transform 1's attributes 073059.743665 Mesg 50
Re: Thinkpad Fingerprint Sensors
On 12/13/06, Marc Balmer [EMAIL PROTECTED] wrote: * Michael wrote: Hi, will there be any support for the fingerprint sensor on the newer Thinkpads (anytime soon)? Linux: http://toe.ch/~tsa/ibm-fingerprint/ http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader http://www.qrivy.net/~michael/blua/ Vendor SDKs: Linux: http://www.upek.com/support/dl_linux_bsp.asp FreeBSD: http://www.upek.com/support/dl_freeBSD_bsp.asp These are binary only (BLOB) drivers w/o source code. If you can find source code that would be better. With the current state of affairs (no source code, only BLOB) you will never get support for this device in OpenBSD . If you're still curious though, there is a fairly stagnant project at sourceforge that might offer some insight into what you're asking for - fvs.sourceforge.net. Sometimes you can find the sensor docs - like for authentec - but many times there are very significant errors (like with authentec). I started hacking on an authentec driver some years ago. I was getting data back from the sensor but then I stopped caring. UPEK and DigitalPersona seemed quite unwilling to release enough register documentation to make an open, multiplatform driver a worthwhile pursuit - even if you did buy the SDK. They're free to build closed, windows-only software, and you're free to ignore them. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: hme(4): pci_intr_map: no mapping for pin B
Maxim Bourmistrov wrote: Hi! Have a problme with hme-card on i386 (-current) : hme2 at pci2 dev 2 function 1 Sun HME rev 0x01pci_intr_map: no mapping for pin B : couldn't map interrupt The rest of hme* seems to be okay: ppb1 at pci0 dev 13 function 0 DEC 21153 PCI-PCI rev 0x04 pci2 at ppb1 bus 2 Sun PCIO Ebus2 rev 0x01 at pci2 dev 0 function 0 not configured hme0 at pci2 dev 0 function 1 Sun HME rev 0x01: irq 3, address 08:00:20:ef:e8:f4 luphy0 at hme0 phy 1: LU6612 10/100 PHY, rev. 1 Sun PCIO Ebus2 rev 0x01 at pci2 dev 1 function 0 not configured hme1 at pci2 dev 1 function 1 Sun HME rev 0x01: irq 5, address 08:00:20:ef:e8:f5 luphy1 at hme1 phy 1: LU6612 10/100 PHY, rev. 1 Sun PCIO Ebus2 rev 0x01 at pci2 dev 2 function 0 not configured hme2 at pci2 dev 2 function 1 Sun HME rev 0x01pci_intr_map: no mapping for pin B : couldn't map interrupt Sun PCIO Ebus2 rev 0x01 at pci2 dev 3 function 0 not configured hme3 at pci2 dev 3 function 1 Sun HME rev 0x01: irq 10, address 08:00:20:ef:e8:f7 luphy2 at hme3 phy 1: LU6612 10/100 PHY, rev. 1 Any clues? Broken hw? //maxim Tested med old Ubuntu distro. Card works there(all 4 ifaces).
Re: php and ldap
I have found it by myself: I had to set the right path for extension_dir in php.ini. Hope it may help others not to waste such a long time getting their loadable modules running. You skipped a step somewhere. I just did this on a 4.0 system about 10 minutes ago and it worked without any extra steps. --Bryan
STUPID file permission question
Am I seeing something wrong here? My username is foo and primary group is therefore also foo. I am also in the group bar. I have a directory called anything owned by bar:bar. It's permissions are 770. Why can't I traverse it's tree? Doesn't my being in the bar group allow me with the second 7 to traverse anything's tree? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
Re: help! 855 chipset resolution
Vim Visual wrote: I cannot afford to have a non-functional (I know this is an exaggerated statement) production laptop for longer than, say, a few hours. As a matter of fact I am reinstalling GNU/Linux right now because I HAVE to work this evening (the installation and set up takes ~20 min) You should always verify that everything works, before taking any machine into production. :) As others have already said, a separate partition for OpenBSD is a good way to get started. 1- Why should I give gcc the path to io.h? (and where is it, btw, a locate will be random in my case because I do not know what io.h is) In GNU/Linux I don't have to do it and seemingly the folks of FreeBSD/NetBSD neither. Does it depend on the gcc version? If you don't know what the problem is, you should not be the one trying to fix it. :) 2- Another BIG problem for me is that apm does not work. I NEED apm As far as can be seen from your previously posted dmesg, your laptop doesn't support apm at all, only acpi. Please complain to your laptop manufacturer about it. We see this all the time with newer machines, vendors don't bother to test anything but Windows these days. If all goes well, acpi support will probably make it into OpenBSD 4.1, and there are already some snapshots with partial acpi support on the ftp site. But please don't count on this to work perfectly, it's still in development. 1- I need wlan connection (guess it'll work just as it's working on this one, same chipset) It's an Intel 2200BG, which works, if you accept Intel's weird licensing policies for their firmware. 2- I need the full screen resolution As I asked you before: post the exact command lines you were using with 915resolution, and the exact error messages which prevented it from working. We would rather have a chance to fix the 915resolution port, if it somehow didn't work on your machine, than try to get some weird Linux-only program running. 3- I need apm working Try looking for a BIOS update from your vendor, complain to your vendor about dropping support for established standards, or try a snapshot with acpi support enabled (but DON'T expect everything to work in this case!).
Re: help! 855 chipset resolution
Hi Dimitry, You should always verify that everything works, before taking any machine into production. :) well, I cannot think of a better verification than installing the OS and look around... googling around for all the system can be rather tedious As others have already said, a separate partition for OpenBSD is a good way to get started. yes, I am going to do that... If you don't know what the problem is, you should not be the one trying to fix it. :) I'm not trying to fix it, that's why I ask :) As far as can be seen from your previously posted dmesg, your laptop doesn't support apm at all, only acpi. Please complain to your laptop manufacturer about it. We see this all the time with newer machines, vendors don't bother to test anything but Windows these days. it's not really a new machine... it's some 3 years old... If all goes well, acpi support will probably make it into OpenBSD 4.1, and there are already some snapshots with partial acpi support on the ftp site. But please don't count on this to work perfectly, it's still in development. I'm not the one who's going to play around with snapshots... remember? I'm an o'bsd n000b, even if my colleagues regard me as being a linux guru... hahaha... I know I have a looong way to go and o'bsd is the right one for me, to LEARN It's an Intel 2200BG, which works, if you accept Intel's weird licensing policies for their firmware. yes, I know... and sent quite a few emails to the intel people As I asked you before: post the exact command lines you were using with 915resolution, and the exact error messages which prevented it from working. it's impossible now... the o'bsd installation is not any more there and I can't remember the error message by heart. That was a mistake from my part We would rather have a chance to fix the 915resolution port, if it somehow didn't work on your machine, than try to get some weird Linux-only program running. it's not weird; it's C and it's not only for Linux... it's working properly in FreeBSD and NetBSD, as I said before Try looking for a BIOS update from your vendor, complain to your vendor that's where you can help me now... I've never done a BIOS update. I've looked now and found this http://support.fujitsu-siemens.com/Download/ShowDescription.asp?SoftwareGUID=20310743-5098-440B-BECB-93EA1BCF3CAAClassID=d3c7e8ab-04ec-4a50-9c81-809daa777384 but they explicitely say it's only for w$... on the other hand it is an iso image... should I try to burn it and boot from the cd to see what happens? On the other hand they do not comment anything regarding apm there... or maybe yes... it's too obscure for me, sorry... I forgot to mention that I don't have any w$ partition btw. I've been automatically deleting all w$ partitions for 7 years. Or should I try it with linux wine? :) hahaha... about dropping support for established standards, or try a snapshot with acpi support enabled (but DON'T expect everything to work in this case!). no, I will not... I know quite well where my limits are... I prefer to go for the dual boot and wait for o'bsd 4.1 Does anybody know for sure that they're going to implement acpi in 4.1? And since I am already asking... is gnome to be updated in the next release? it's 2.10 in the binaries but the gnome project is already in 2.16-17 and it's a bit of a difference... I could ask the IT department of my institute to give me an IBM x41 or something similar and give back this fujitsu siemens but really, it is just wonderful... 1.2 kg, comes with two batteries and I've sometimes worked for longer than SIX hours with them... doesn't get hot, comes with a removable DVD player, big hard disk, etc etc... Anyway, thanks for the very useful comments (not being sarcastic here!). This is (are) a very nice emailing list. Cheers, Pau
Re: STUPID file permission question
On 12/13/06, stupidmail4me [EMAIL PROTECTED] wrote: Hi. My username is foo and primary group is therefore also foo. I am also in the group bar. Did you logout and login again after adding yourself to the group bar? If not do so. Whats the output of id? I have a directory called anything owned by bar:bar. It's permissions are 770. Why can't I traverse it's tree? Doesn't my being in the bar group allow me with the second 7 to traverse anything's tree? Depends on the permissions of the upper directory. e.g. if the directory is /home/bar/foo_bar and /home/bar is only readable+executable for user bar (read 0700) you are not allowed to enter this directory and so you can't enter any directories below that dir. Andreas. -- Hobbes : Shouldn't we read the instructions? Calvin : Do I look like a sissy?
Re: STUPID file permission question
Told you it was a stupid question. Forgot to logout/login. Thanks. --- Andreas Maus [EMAIL PROTECTED] wrote: On 12/13/06, stupidmail4me [EMAIL PROTECTED] wrote: Hi. My username is foo and primary group is therefore also foo. I am also in the group bar. Did you logout and login again after adding yourself to the group bar? If not do so. Whats the output of id? I have a directory called anything owned by bar:bar. It's permissions are 770. Why can't I traverse it's tree? Doesn't my being in the bar group allow me with the second 7 to traverse anything's tree? Depends on the permissions of the upper directory. e.g. if the directory is /home/bar/foo_bar and /home/bar is only readable+executable for user bar (read 0700) you are not allowed to enter this directory and so you can't enter any directories below that dir. Andreas. -- Hobbes : Shouldn't we read the instructions? Calvin : Do I look like a sissy? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
OpenBSD on soekries or WRAP, wich
Hi maybe this is not the list but thera are here a lot of people that must know something about it recenrtly i found a blog from jonathan weiss who says thst wrap are a good solution than soekries, and what i want to know it is a recommendation about wich one to buy ? who has done this before?
Re: why the shift from isakmpd.conf?
Hi, On Mon, 11.12.2006 at 17:14:50 +1100, nuffnough [EMAIL PROTECTED] wrote: I've learnt in the past few weeks that the use of isakmpd is being deprecated in favour of ipsec. Hekan has already written about that, but there's an additional bonus in using ipsecctl (if you can), as far as I understood it yet: What were the reasons that led to this decision..? Using it should allow for dynamic tunnel reconfiguration, so you should be able to add or delete individual tunnels w/o the need to tear down everything in case you have some modification underway. This is already possible, but difficult, without ipsecctl. Best, --Toni++
Re: Openldap
Hi, On Fri, 08.12.2006 at 10:02:37 -0800, Bryan Irvine [EMAIL PROTECTED] wrote: I've been running 2.2.27 (with db4 FWIW) since august-ish of last year with zero corruption problems. please also be sure to enable the sync option on bdb databases. I've only experienced data loss when slapd went down uncontrolled, but db_recover fixed most of it (AAARRRGGHH - still!). Best, --Toni++
OpenBSD 4.0/i386 w/ raid(4) ISO (-stable w/ RAIDFrame)
All: I just wanted to take a moment thank the OpenBSD community and dev team. Great tools such as pf(4), pfsync(4), etc. enabled me to perform a zero-downtime upgrade of a very large core router last week. Per my original patch set to enable this raid(4) RAIDFrame enabled upgrade, there are few notes to share regarding actual usage: 1) When booting from the CD, it is important to interrupt the 2nd stage boot loader sequence and: boot bsd -a This will prompt you for the root device, which should be rd0a, otherwise the RAID_AUTOCONFIG will take it as raid0a Or: Just before your last shutdown before upgrading, use raidctl(8) to modify the raidset to -A yes dev instead of -A root dev. 2) There is one more additional patch that needs to occur in install.sub I ran into a small bug src/distrib/miniroot/install.sub http://www.openbsd.org/cgi-bin/cvsweb/src/distrib/miniroot/install.sub?rev=1.406content-type=text/x-cvsweb-markup DKDEVS=$(scan_dmesg ${MDDKDEVS:-/^[sw]d[0-9][0-9]* /s/ .*//p}) This can be overridden (I'm only realizing now) by EXPORT'ing MDDKDEVS= at run time. However, the long term fix (if/when raid(4) is updated), is to fix the regex. Unfortunately, I'm having some trouble updating this BRE REGEX. re_format(7) hackers feel free to pitch in. OpenBSD sed(1) doesn't support ERE (Extended Regular Expressions), but egrep(1) of course does. Normally I would switch this to: /^(rai|[sw])d[0-9][0-9]* /s/ .*//p And with E grep I would get: $ egrep '^(rai|[wd])d[0-9][0-9]* ' /var/run/dmesg.boot wd0 at pciide1 channel 0 drive 0: WDC WD800JD-75LSA0 wd1 at pciide1 channel 1 drive 0: WDC WD800JD-75LSA0 raid0 (root): (RAID Level 1) total number of sectors is... raid1 (root): (RAID Level 1) total number of sectors is But apparently the start(thisString|[thatCharActerClass])rest syntax doesn't work in non-ERE mode. Maybe someone can help out there. Also, updating the kernel (/bsd), the 2nd stage boot (/boot) is tricky and a manual process when using this CD to upgrade: 3) To make bsd.mp+raidframe a Install Set option, declare / export: MDSETS=bsd.mp+raidframe to have install.sub suck it into the $THESETS append list. According to the upgrade.sh, this will install it into your root dir (raid0a?) / path; which is wrong (I use a symlink for my kernel), but at least you'll be able to copy it to wd0a:/antiraid/bsd and wd0b:/antiraid/bsd ... or: Wait for upgrade.sh to finish up and remount /dev/cd0a manually again against /mnt2. I have updated this image to the latest OpenBSD 4.0-stable sources. Tags: -r OPENBSD_4_0, -D 11/06/06 10:58:26 EST. http://people.collaborativefusion.com/~seklecki/openbsd_4.0_stableUpdate_wRAIDFrame.iso SHA1: b7e33764ab96e1a2db0d125d07e9628367680858 Size: 175331328 -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. Subject: If you please: OpenBSD 4.0/i386 ISO (-stable w/ RAIDFrame) From: Brian A. Seklecki [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: Collaborative Fusion, Inc. Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Evolution 2.2.3-10mdk Date: Sat, 11 Nov 2006 05:28:53 -0500 SHA1 (public_html/obsdcd_4.0_updateWRAID.iso) = 36c5fe6cb3cd0af6ded8e25a24e2f70f4faaa6cf 36c5fe6cb3cd0af6ded8e25a24e2f70f4faaa6cf obsdcd_4.0_updateWRAID.iso -rw-r--r-- 1 lavalamp lavalamp 175319040 Nov 11 05:25 public_html/obsdcd_4.0_updateWRAID.iso
Re: OpenBSD on soekries or WRAP, wich
Hi maybe this is not the list but thera are here a lot of people that must know something about it recenrtly i found a blog from jonathan weiss who says thst wrap are a good solution than soekries, and what i want to know it is a recommendation about wich one to buy ? who has done this before? I've installed OpenBSD on both a WRAP and a Soekris. Basically, the 3 port ethernet WRAP model compares very well with the soekris 4801. The soekris does have an full size PCI slot, allowing you to add up to 4 more ethernet interfaces and a laptop IDE bus, allowing you to add a 2.5 IDE drive. Both let you plug in a CF card or micro drive, both have 3 10/100 NICs, can PXE boot, have a mini PCI slot, same CPU, same RAM etc, etc. The WRAP with case can be had for $146 USD, the Soekris 4801 with case for $240 USD. For me, the laptop drive is largely worthless--more noise and uses more power, so I exlude that from my value equation. CF cards and microdrives are more than adequate. So, unless you need more than 3 ethernet NICs, why pay $100 more for esentially the same hardware? -Matt PS: wasn't this just on the list like last month? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
Re: OpenBSD on soekries or WRAP, wich
I guess it all depends on what you need to do. I bought a WRAP because i didn't need the ATA/USB ports. I just wanted a board with three ethernet ports, minipci and CF port. I'm using it as a gate/firewall/Access Point. On 12/13/06, Carlos A. Garcia G [EMAIL PROTECTED] wrote: Hi maybe this is not the list but thera are here a lot of people that must know something about it recenrtly i found a blog from jonathan weiss who says thst wrap are a good solution than soekries, and what i want to know it is a recommendation about wich one to buy ? who has done this before?
Re: OpenBSD 4.0/i386 w/ raid(4) ISO (-stable w/ RAIDFrame)
On Wed, 13 Dec 2006, Brian A. Seklecki wrote: All: BTW, it is far from optimal, but the following BRE works: DKDEVS=$(scan_dmesg ${MDDKDEVS:-/^\(rai\)*[sw]*d[0-9][0-9]* /s/ .*//p}) ...because saying: may contain one \(rai\)* or more, but not either, and (or?)... may contain one of either [sw]* or more, but not either... Is sort of like (rai|[sd]) Strange daysfull src patches on my site. ~BAS Subject: If you please: OpenBSD 4.0/i386 ISO (-stable w/ RAIDFrame) From: Brian A. Seklecki [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: Collaborative Fusion, Inc. Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Evolution 2.2.3-10mdk Date: Sat, 11 Nov 2006 05:28:53 -0500 SHA1 (public_html/obsdcd_4.0_updateWRAID.iso) = 36c5fe6cb3cd0af6ded8e25a24e2f70f4faaa6cf 36c5fe6cb3cd0af6ded8e25a24e2f70f4faaa6cf obsdcd_4.0_updateWRAID.iso -rw-r--r-- 1 lavalamp lavalamp 175319040 Nov 11 05:25 public_html/obsdcd_4.0_updateWRAID.iso
Re: help! 855 chipset resolution
At Wed, 13 Dec 2006 19:07:24 +0100, Vim Visual wrote: We would rather have a chance to fix the 915resolution port, if it somehow didn't work on your machine, than try to get some weird Linux-only program running. it's not weird; it's C and it's not only for Linux... it's working properly in FreeBSD and NetBSD, as I said before I added some lines for NetBSD and FreeBSD, but I did not add any line for OpenBSD. C may be portable, but program may not be portable:) It's weird and small C program. It will work on OpenBSD if you add some lines for OpenBSD. Regards, -- FUKAUMI Naoki
Re: help! 855 chipset resolution
ahem... any C programmer willing to have a look at the C code to make it o'bsd compatible? according to Naoki it should be feasible but my programming knowledge is limited to shell scripting, a bit of python and fortran... (am a Physicist) http://www.jail.se/p7010/1280patch-845g-855gm-865g.c :) (why do I have the feeling that I am going to land in the trash folder of more than one person from these mailing lists??) I added some lines for NetBSD and FreeBSD, but I did not add any line for OpenBSD. C may be portable, but program may not be portable:) It's weird and small C program. It will work on OpenBSD if you add some lines for OpenBSD. Regards, -- FUKAUMI Naoki
Re: help! 855 chipset resolution
Hi, ok... it's taken me blood and sweat but I have succeeded at resizing (per hand) the linux disk without losing data (!). Qtparted just didn't work at all. I don't know how but I have managed to have now three partitions 1st partition, ~35GB, with ext3 2nd partition, ~35GB no format 3rd partition swap linux (the rest) Now I have booted from the obsd40.iso cd but I am messed up... ahem... When I try to follow the instructions for the dual boot I get lost in the CHS nomenclature... I have taken a picture of the table: www.aei.mpg.de/~pau/partitions.png when I try to go for the disklabel thing it says the root slice just created, of 300MB, overlaps with b, swap, which I gave 2GB... but I don't know why... and I also don't know what's that extended DOS thing??! Would it be also possible to use the linux swap partition for both systems, o'bsd and linux? Could you please be so nice as to write in a dummy way? something like add a, delete b etc? I have the feeling that I have messed up the CHS thing and would be VEERY grateful if you dummified the process... I have copied these lines from the installation guide and some of the numbers do not correspond to my disk... but I'd be grateful if you gave me the answers... Partition id ('0' to disable) [0 - FF]: [0] (? for help) a6 Do you wish to edit in CHS mode? [n] y BIOS Starting cylinder [0 - 9728]: [0] Here for instance I set 4659... because I see that linux goes until 4658 BIOS Starting head [0 - 239]: [0] Enter (these numbers are from the inst. guide) BIOS Starting sector [1 - 63]: [0] 1 BIOS Ending cylinder [0 - 2585]: [0] 2585 BIOS Ending head [0 - 239]: [0] 239 BIOS Ending sector [1 - 63]: [0] 63 I am reading the man, I swear! and the installation guide... I guess this is the result of many years of nice GUI applets... :( I am afraid that the o'bsd partition should go to the first part of the table... mmmh... Otherwise I can do it the other way round... install obsd and then linux... in this direction I know my way... Cheers, Pau 2006/12/13, [EMAIL PROTECTED] [EMAIL PROTECTED]: Why don't you just set aside a partiton for OpenBSD and dual-boot until you get your setup to the point that you can work with it? -RjH
Re: help! 855 chipset resolution
On Wed, 13 Dec 2006, Vim Visual wrote: ahem... any C programmer willing to have a look at the C code to make it o'bsd compatible? according to Naoki it should be feasible but my programming knowledge is limited to shell scripting, a bit of python and fortran... (am a Physicist) http://www.jail.se/p7010/1280patch-845g-855gm-865g.c :) (why do I have the feeling that I am going to land in the trash folder of more than one person from these mailing lists??) I added some lines for NetBSD and FreeBSD, but I did not add any line for OpenBSD. C may be portable, but program may not be portable:) It's weird and small C program. It will work on OpenBSD if you add some lines for OpenBSD. I have the feeling you and Dim are talking about different things. I'm might be compleetly wrong, but isn't the 915resolution-0.5.2.tgz package what Vim needs? That's already ported, precompiled and tested on a variety of harware using that chipset. -Otto
Re: help! 855 chipset resolution
Otto Moerbeek wrote: I'm might be compleetly wrong, but isn't the 915resolution-0.5.2.tgz package what Vim needs? That's already ported, precompiled and tested on a variety of harware using that chipset. I've asked him several times now to post the exact problems he is having using the port. I'm not going to do so again.
Re: What it this mean?
On Mon, Dec 11, 2006 at 09:16:50AM -0700, Carlos A. Garcia G wrote: i have recived a mail from the server with this information Checking setuid/setgid files and devices: Setuid/device find errors: find: /tmp/PerlIO_W32319: No such file or directory what is it? and what can i do to fix the problem? Since amazingly no one else has written in with the correct answer: This output comes from the daily insecurity output email. It is caused by the find for new/updated set[ug]id files in /etc/security. It is generated when find attempts to enter a directory that was there when listing the contents parent directory but was removed before find had a chance to traverse it. I get these errors regularly on my servers running mimedefang as there are generally quite a few directories in /var/spool/mimedefang that get created and deleted quickly. l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Communications satellite used by the military for star wars.
Re: OpenBSD on soekries or WRAP, wich
Matt Radtke escribis: Hi maybe this is not the list but thera are here a lot of people that must know something about it recenrtly i found a blog from jonathan weiss who says thst wrap are a good solution than soekries, and what i want to know it is a recommendation about wich one to buy ? who has done this before? I've installed OpenBSD on both a WRAP and a Soekris. Basically, the 3 port ethernet WRAP model compares very well with the soekris 4801. The soekris does have an full size PCI slot, allowing you to add up to 4 more ethernet interfaces and a laptop IDE bus, allowing you to add a 2.5 IDE drive. Both let you plug in a CF card or micro drive, both have 3 10/100 NICs, can PXE boot, have a mini PCI slot, same CPU, same RAM etc, etc. The WRAP with case can be had for $146 USD, the Soekris 4801 with case for $240 USD. For me, the laptop drive is largely worthless--more noise and uses more power, so I exlude that from my value equation. CF cards and microdrives are more than adequate. So, unless you need more than 3 ethernet NICs, why pay $100 more for esentially the same hardware? -Matt PS: wasn't this just on the list like last month? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com what about routerboard? anyone has used this one?
CanSecWest 2007 (April 18-20) Call For Papers (Deadline Jan 7th)
CanSecWest 2007 CALL FOR PAPERS VANCOUVER, Canada -- The eighth annual CanSecWest applied technical security conference - where the eminent figures in the international security industry will get together share best practices and technology - will be held in downtown Vancouver at the the Mariott Renaissance Harbourside on April 18-20, 2007. The most significant new discoveries about computer network hack attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a series of informative tutorials. The CanSecWest 2007 meeting provides international researchers a relaxed, comfortable environment to learn from informative tutorials on key developments in security technology, and collaborate and socialize with their peers in one of the world's most scenic cities - a short drive away from one of North America's top skiing areas. The CanSecWest 2007 conference will also feature the availability of the Security Masters Dojo expert network security sensei instructors, and their advanced, and intermediate, hands-on training courses - featuring small class sizes and practical application excercises to maximize information transfer. We would like to announce the opportunity to submit papers, and/or lightning talk proposals, for selection by the CanSecWest technical review committee. Please make your paper proposal submissions before January 7th, 2007. Slides for the papers must be submitted by March 15th, 2007. Some invited papers have been confirmed, but a limited number of speaking slots are still available. The conference is responsible for travel and accomodations for the speakers. If you have a proposal for a tutorial session then please email a synopsis of the material and your biography, papers and, speaking background to [EMAIL PROTECTED] Only slides will be needed for the March paper deadline, full text does not have to be submitted - but will be accepted if available. The CanSecWest 2007 conference consists of tutorials on technical details about current issues, innovative techniques and best practices in the information security realm. The audiences are a multi-national mix of professionals involved on a daily basis with security work: security product vendors, programmers, security officers, and network administrators. We give preference to technical details and new education for a technical audience. The conference itself is a single track series of presentations in a lecture theater environment. The presentations offer speakers the opportunity to showcase on-going research and collaborate with peers while educating and highlighting advancements in security products and techniques. The focus is on innovation, tutorials, and education instead of product pitches. Some commercial content is tolerated, but it needs to be backed up by a technical presenter - either giving a valuable tutorial and best practices instruction or detailing significant new technology in the products. Paper proposals should consist of the following information: 1) Presenter, and geographical location (country of origin/passport) and contact info (e-mail, postal address, phone, fax). 2) Employer and/or affiliations. 3) Brief biography, list of publications and papers. 4) Any significant presentation and educational experience/background. 5) Topic synopsis, Proposed paper title, and a one paragraph description. 6) Reason why this material is innovative or significant or an important tutorial. 7) Optionally, any samples of prepared material or outlines ready. 8) Will you have full text available or only slides? 9) Please list any other publications or conferences where this material has been or will be published/submitted. Please include the plain text version of this information in your email as well as any file, pdf, sxw, ppt, or html attachments. (Some reviewers only look at .txt info.) Multiple submissions are acceptable. Please forward the above information to be considered for placement on the speaker roster, or have your short lightning talk scheduled. Send all conference related correspondence to [EMAIL PROTECTED] thanks, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques London, U.K.Feb 28 / Mar 1 - 2007http://eusecwest.com pgpkey http://dragos.com/ kyxpgp
SUCCESS: Certance CP3100i boots and runs with drahn provided kernel
(thought I'd post this to misc@ also, in case y'all don't follow other platforms) I wanted to pass this on to [EMAIL PROTECTED] I'm sure you know the Certance CP3100 is one of the listed armish projects. It hasn't been working, mostly due to an odd design decision related to the serial console interupt. Dale has made some patches that at least get the serial console working long enough to let me install a recent snapshot on the CP3100i. It would still crash when logged in via the console, but I avoid that by logging in via ssh. Right now I'm loading the kernel Dale provided via tftp. Dale indicates his patched com driver is not what will get committed to the source tree. I just rebuilt userland against a -current source from a CVS update made on Dec 11. The make build took ~ 17.25 hours to complete. A big thank you goes out to Dale for his effort. follows is the dmesg OpenBSD 4.0-current (GENERIC) #12: Sun Dec 3 19:25:39 CST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/armish/compile/GENERIC real mem = 268435456 (262144K) 256MB avail mem = 237568000 (232000K) using 3302 buffers containing 13524992 bytes (13208K) of memory mainbus0 (root) cpu0 at mainbus0: i80321 600MHz rev 2 (XScale core) cpu0: DC enabled IC enabled WB enabled LABT branch prediction enabled cpu0: 32KB(32b/l,32way) I-cache, 32KB(32b/l,32way) wr-back-lock D-cache iopxs0 at mainbus0: Certance CP3100: i80321 I/O Processor iopiic0 at iopxs0: I2C controller iic0 at iopiic0 ricohrtc0 at iic0 addr 0x32: RICOH RS5C372[AB] Real-time Clock ricohrtc0: ricohrtc_reg_write: failed to write reg15 ricohrtc0: ricohrtc_reg_write: failed to write reg14 pci0 at iopxs0 em0 at pci0 dev 0 function 0 Intel PRO/1000MT (82546EB) rev 0x01: irq 27, address 00:0e:a4:00:10:e0 em1 at pci0 dev 0 function 1 Intel PRO/1000MT (82546EB) rev 0x01: irq 28, address 00:0e:a4:00:10:e1 pciide0 at pci0 dev 1 function 0 Intel 31244 SATA rev 0x00: DMA pciide0: using irq 29 for native-PCI interrupt wd0 at pciide0 channel 1 drive 0: SAMSUNG SP2504C wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 siop0 at pci0 dev 2 function 0 Symbios Logic 53c1010-66 rev 0x01iq80321_pci_intr_map: no mapping for 0/2/0 ( 2, 1, 303104256) : couldn't map interrupt siop1 at pci0 dev 2 function 1 Symbios Logic 53c1010-66 rev 0x01: irq 30, using 8K of on-board RAM scsibus0 at siop1: 16 targets gpio0 at iopxs0: 8 pins obio0 at mainbus0 com0 at obio0 addr 0xfe80 intr -2: ns16550a, 16 byte fifo com0: console clock: hz= 100 stathz = 100 /dev/ksyms: Symbol table not valid. boot device: wd0. rootdev=0x1000 rrootdev=0x1000 rawdev=0x1002 WARNING: / was not properly unmounted ricohrtc0: ricohrtc_clock_read: failed to read rtc WARNING: preposterous clock chip time ricohrtc0: ricohrtc_clock_write: failed to write rtc resettodr: failed to set time WARNING: CHECK AND RESET THE DATE!
Re: OpenBSD on soekries or WRAP, wich
what about routerboard? anyone has used this one? No. The routerboard is MIPS based and currently unsupported. -Matt Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
Re: openbsd 4.0 snmpd core dumps with vlan interface number higher as 9
That's awesome! BTW, I submitted a PR on this yesterday but haven't gotten the automated response. Will forward to you if I do. ~BAS On Wed, 13 Dec 2006, [EMAIL PROTECTED] wrote: Hi List, openbsd 4.0 i've vlan interfaces from vlan1 to vlan9 i can start snmpd -x localhost without any problems if i create vlan10 snmpd core dumps Bus error (core dumped) the last lines from the debug are trace: netsnmp_send_traps(): agent_trap.c, 603: trap: send_trap 0 0 NET-SNMP-MIB::netSnmpAgentOIDs.255trace: netsnmp_send_traps(): agent_trap.c, 605: trap: Bus error (core dumped) if i destroy vlan10 it works again. the core dump is here http://www.tbits.org/snmpd.core.gz Have everyone an idea ? Thx Thomas l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ ...from back in the heady days when helpdesk meant nothing, diskquota meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were.
Re: help! 855 chipset resolution
On Wed, 2006-12-13 at 22:19 +0100, Vim Visual wrote: Hi, ok... it's taken me blood and sweat but I have succeeded at resizing (per hand) the linux disk without losing data (!). Qtparted just didn't work at all. Qtparted is probably a front-end to Parted, which is yet another GNU misgrowth - don't use it (no seriously, it's rubbish). For partitioning, use fdisk or cfdisk instead; cfdisk has been reported to write the cleanest partition table entries, so must be good. It's also very comfortable. I use it all the time. I'm not acquainted with partition resizing, I just throw everything off and install again. People who resize partitions are probably people who don't keep backups (OK, the are a few Windows issues which make resizing the most obvious option sometimes, but we're talking Linux here aren't we?). Having e.g. a separate secondary partition mounted on /home is also a good way to maintain flexibility. I don't know how but I have managed to have now three partitions 1st partition, ~35GB, with ext3 2nd partition, ~35GB no format 3rd partition swap linux (the rest) Now I have booted from the obsd40.iso cd but I am messed up... ahem... When I try to follow the instructions for the dual boot I get lost in the CHS nomenclature... I have taken a picture of the table: www.aei.mpg.de/~pau/partitions.png when I try to go for the disklabel thing it says the root slice just created, of 300MB, overlaps with b, swap, which I gave 2GB... but I don't know why... and I also don't know what's that extended DOS thing??! From my Notes: - older i386 subdirs (= 3.4) contained a few files with very detailed descriptions of harddisk issues in /pub/OpenBSD/version/i386/: - INSTALL.ata The ATA/ATA-1/ATA-2/IDE/ETDE/etc FAQ - The HOW IT WORKS series: INSTALL.chs CHS translation INSTALL.dbr DOS floppy boot sector INSTALL.mbr Master Boot Record INSTALL.os2br OS2 boot sector INSTALL.pt Partition tables Very useful if you like to know for example that LBA = ( (cylinder * heads_per_cylinder + heads ) * sectors_per_track ) + sector - 1 These documents now live at: http://www.ata-atapi.com/hiw.htm Might provide you with a few Extended answers;). Would it be also possible to use the linux swap partition for both systems, o'bsd and linux? Not that I'm aware of. Could you please be so nice as to write in a dummy way? something like add a, delete b etc? The OpenBSD FAQ should be dummy-proof enough. It worked for me;) I have the feeling that I have messed up the CHS thing and would be VEERY grateful if you dummified the process... I have copied these lines from the installation guide and some of the numbers do not correspond to my disk... but I'd be grateful if you gave me the answers... The numbers aren't supposed to match exactly, it's the Bigger Picture that matters here. Sit down, relax, take a deep breath, concentrate, read carefully and absorb.. The knowledge is there. Partition id ('0' to disable) [0 - FF]: [0] (? for help) a6 Do you wish to edit in CHS mode? [n] y I think this question could have also read Do you want to make life more difficult? [n]. So why answer with 'y'? BIOS Starting cylinder [0 - 9728]: [0] Here for instance I set 4659... because I see that linux goes until 4658 BIOS Starting head [0 - 239]: [0] Enter (these numbers are from the inst. guide) BIOS Starting sector [1 - 63]: [0] 1 BIOS Ending cylinder [0 - 2585]: [0] 2585 BIOS Ending head [0 - 239]: [0] 239 BIOS Ending sector [1 - 63]: [0] 63 Advice: start all over again using cfdisk (you will hardly need a manual for that one), create a nice set of primary partitions (you can leave your Linux partition as it is), and try again from there. As far as the disk label is concerned: delete everything you find except of course 'c' (that should be only 'a' and 'b' on a fresh partition), and then start adding OpenBSD partitions. All you'll need to worry about then are sizes, not sector nos or other difficult stuff. I am reading the man, I swear! and the installation guide... I guess this is the result of many years of nice GUI applets... :( And being in too much of a hurry. You want it All and you want it Now! I am afraid that the o'bsd partition should go to the first part of the table... mmmh... Otherwise I can do it the other way round... install obsd and then linux... in this direction I know my way... BTW, expect to be able to mount Linux without problems (and r/w) from OpenBSD, but not the other way around (that's my personal experience). I use ext2/3 partitions for data shared across the two installs, works perfectly. Apparently the Linux kernel can be compiled to mount an FFS partition r/w, but I didn't try that, and I won't because I don't trust it (as in: why is it not compiled in by default for the major distros?). Mounting an FFS partition even r/o fails on my Fujitsu Siemens Lifebook
Re: snort -i pflog0 trouble
Here the result of some my investigation: 1) There is function DecodePflog in snort-2.4.5/src/decode.c and it isn't actual for OpenBSD 4.0 pflog or it's just a mistake there. 2) In snort-2.4.5/src/decode.h describing pflog header structisn't actual for OpenBSD 4.0 pflog (just look at 'man pflog'). Patched version of snort works in the both forms : snort -Dqp -c /etc/snort/snort.conf -i pflog0 and snort -r /var/log/pflog , but I'm not still test it very hard. Patch is attached. Snort snap upto 1500 bytes from a IP-packet from pflog0 (regulated by -P snort option). It looks like I don't need pflogd at all for my needs (enaugh snort -i pflog0 ). Thanks! Alexander Zatserkovniy Stuart Henderson wrote: On 2006/12/06 22:18, Alexander Zatserkovniy wrote: Olaf Schreck wrote: I'm novice with OpenBSD and , may be snort -i pflog0 a kind of bad practice? Or it known problem with OpenBSD 4.0 ? Won't work. Although pflog does create pcap style output, it is not data that would make sense to snort. the rest of the packets are still there, just prepended by a pflog header holding rule, interface, etc: see pflog(4). snort could be taught to strip it off, just like tcpdump knows how to. sys/net/if_pflog.h usr.sbin/tcpdump/print-pflog.c I do it, but external interface - bge0 ( GigabitEthernet ) and there are three universities (GigEth) and Internet link (10Mbit/s). I can't parse GE on the host (just two Xeon 2.4GHz) but I can select Internet traffic via pf and want parse it. I use pflog data log (all). good idea, and with -current you can have multi pflog interfaces which you might find useful too. #diff -Naur snort-2.4.5/src/decode.c snort-2.4.5-patched/src/decode.c --- src-orig/decode.c Sat Sep 17 08:06:35 2005 +++ src/decode.cThu Dec 14 15:39:51 2006 @@ -1204,7 +1204,7 @@ p-pfh = (PflogHdr *) pkt; /* get the network type - should only be AF_INET or AF_INET6 */ -switch(ntohs(p-pfh-af)) +switch((unsigned short)p-pfh-af) { case AF_INET: /* IPv4 */ DEBUG_WRAP(DebugMessage(DEBUG_DECODE, IP datagram size calculated to be %lu #diff -Naur snort-2.4.5/src/decode.h snort-2.4.5-patched/src/decode.h --- src-orig/decode.h Fri Sep 2 08:09:20 2005 +++ src/decode.hThu Dec 14 15:37:29 2006 @@ -724,7 +724,7 @@ typedef struct _Pflog_hdr { -int8_t length; +u_int8_t length; sa_family_t af; u_int8_taction; u_int8_treason; @@ -732,6 +732,10 @@ charruleset[16]; u_int32_t rulenr; u_int32_t subrulenr; +uid_t uid; +pid_t pid; +uid_t rule_uid; +pid_t rule_pid; u_int8_tdir; u_int8_tpad[3]; } PflogHdr;
Re: help! 855 chipset resolution
I've asked him several times now to post the exact problems he is having using the port. I'm not going to do so again. hey, Dimitry... I _cannot_ post the problem because I do not have o'bsd any more on this laptop (with the 855 chipset). That's why I do not do it. I cannot reproduce the error. I'm not *that* stupid. The mistake was not to keep it in first instance. That was really silly from me. Thanks a LOT to all of you. I have got several detailed answers and will close my mouth until I have worked them out. Sorry for overwhelming the mailing list. Now it's time for silence and work. thanks again, Pau PS: I have complained to fujitsu siemens for these problems (specially for the apm problem); let's see what they answer back