Re: automatic packages upgrade from ports

[Joachim Schipper]

On Tue, Dec 12, 2006 at 07:29:45PM +0100, fv wrote:
 pkg_add -ui does what you want to do. (No, it doesn't go to ports, but
 you shouldn't, especially not if you must ask how to do this.)

 I just would like to maintain a local up-to-date package database 
 compiled from ports so i can dot periodicaly:
 PKG_PATH=/usr/ports/packages/sparc64/All/
 pkg_add -ui
 
 It's like a bulk build, but only for packages installed on my box.
 I don't why i should not do this as it's what is done on the openbsd 
 main site but for all packages...

Hmm, you're on a sparc. That changes things somewhat, as - IIRC -
package updates are rather sporadic there.

As to solutions and/or interesting options:
- PKG_CACHE (pkg_add(8)) and FETCH_PACKAGES (bsd.port.mk(5))
- `make update' (ISTR that it was intended that this could be
  done in /usr/ports, but that it didn't actually work yet)
- pkg_add via SSH
- pkg_add via NFS

For a simple scripted solution, something like

for i in `pkg_info | sed -e 's/-[0-9].*//'`; do ...; done

comes to mind. To do all hosts at once, use

#/bin/sh
TMP=`mktemp` || exit 1
( for i in $HOSTS; do
ssh $i pkg_info | sed -e 's/-[0-9].*//'`;
done ) | sort | uniq  $TMP
for i in `cat $TMP`; do
cd /usr/ports/*/$i  make package;
done

Or a similar version with better error handling, possibly using
something like tentakel or clusterit, and so on. (And remove the
subshell if you are certain it isn't necessary; it isn't on ksh, but I'm
not sure this extends to all Bourne shells.)

Joachim

Thinkpad Fingerprint Sensors

[Michael]

Hi,

will there be any support for the fingerprint sensor on the newer
Thinkpads (anytime soon)?

Linux:
http://toe.ch/~tsa/ibm-fingerprint/
http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader
http://www.qrivy.net/~michael/blua/

Vendor SDKs:
Linux: http://www.upek.com/support/dl_linux_bsp.asp
FreeBSD: http://www.upek.com/support/dl_freeBSD_bsp.asp


 - Michael

Re: autoconf error message suggestion

[Marc Espie]

Okay, guys, kill it.

The main issue I have with Karel is that he lacks basic tact.
But saying metaauto lacks some documentation is not necessarily 
wrong.

However, since he's already written opensource software, maybe he could
contribute ? I wouldn't object to a set of manpages for metaauto.

I won't necessarily have time to write it myself, obviously.

Re: Thinkpad Fingerprint Sensors

[Marc Balmer]

* Michael wrote:
 Hi,
 
 will there be any support for the fingerprint sensor on the newer
 Thinkpads (anytime soon)?
 
 Linux:
 http://toe.ch/~tsa/ibm-fingerprint/
 http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader
 http://www.qrivy.net/~michael/blua/
 
 Vendor SDKs:
 Linux: http://www.upek.com/support/dl_linux_bsp.asp
 FreeBSD: http://www.upek.com/support/dl_freeBSD_bsp.asp

These are binary only (BLOB) drivers w/o source code.  If you can find
source code that would be better.  With the current state of affairs (no
source code, only BLOB) you will never get support for this device in
OpenBSD .

Default route to VPN NAT on enc_if???

[Mitja]

Hello,

I've setup an VPN tunnel with pubblic IPs to default route.

# netstat -rnf encap
Routing tables

Encap:
Source Port  DestinationPort  Proto
SA(Address/Proto/Type/Direction)
172.16.15.6/32 0 172.16.16.6/32 0 0
172.16.15.6/esp/use/in
172.16.16.6/32 0 172.16.15.6/32 0 0
172.16.15.6/esp/require/out
default0 193.189.180.128/27 0 0
172.16.15.6/esp/use/in
193.189.180.128/27 0 default0 0
172.16.15.6/esp/require/out

Everything works as expected, all hosts in my network have access to
internet. The only thing I am not sure is how to setup natting. What is
my external interface in this example? bge0 as ethernet interface or enc0?

nat on enc0 from $int_if:network to any - 193.189.180.129

Diagram:

193.189.180.129/27 (em1)
  hostA 172.16.16.6 (bge0) - VPN - hostB - default route
10.1.1.11 (bge1)

/etc/mygate points to 193.189.180.129

Debug section:

Ping from LAN looks on hostA as:

# tcpdump -i bge1 icmp
tcpdump: listening on bge1, link-type EN10MB
10:30:14.902581 10.1.1.104  fk-in-f99.google.com: icmp: echo request
10:30:15.912678 10.1.1.104  fk-in-f99.google.com: icmp: echo request
10:30:16.922770 10.1.1.104  fk-in-f99.google.com: icmp: echo request
10:30:17.932853 10.1.1.104  fk-in-f99.google.com: icmp: echo request

enc0, bge0 shows nothing, so packets are not getting there.

# tcpdump -i em1 icmp
tcpdump: listening on em1, link-type EN10MB
10:35:52.650165 10.1.1.104  fk-in-f104.google.com: icmp: echo request
10:35:53.660104 10.1.1.104  fk-in-f104.google.com: icmp: echo request
10:35:54.670196 10.1.1.104  fk-in-f104.google.com: icmp: echo request
10:35:55.680285 10.1.1.104  fk-in-f104.google.com: icmp: echo request

icmp ends on the wrong interface. If I remove my default route:
route -qn delete default 193.189.180.129

# tcpdump -i bge1 icmp
tcpdump: listening on bge1, link-type EN10MB
10:46:46.103245 10.1.1.104  fk-in-f99.google.com: icmp: echo request
10:46:46.103255 10.1.1.11  10.1.1.104: icmp: host fk-in-f99.google.com
unreachable
10:46:47.113334 10.1.1.104  fk-in-f99.google.com: icmp: echo request
10:46:47.113344 10.1.1.11  10.1.1.104: icmp: host fk-in-f99.google.com
unreachable
10:46:48.123425 10.1.1.104  fk-in-f99.google.com: icmp: echo request
10:46:48.123434 10.1.1.11  10.1.1.104: icmp: host fk-in-f99.google.com
unreachable

It looks like hostA is missing that route now? What should I set for
default gateway and NAT to send packets on the right interface?

Regards,
Mitja

Re: OpenBSD/amd64 on VMware = sloooooow?

[Srebrenko Sehic]

According to VMware, you'll need AMD64 CPUs that are made using 90nm.
That should be the only requirement. I too test my 64-bit OpenBSD
guests on a Linux host running CentOS 4.4 (2.6.9-42.0.2.EL kernel).
i386 works like a charm. amd64 performs like a VAX.

However, I've tested NetBSD/amd64 (2.0 I think) and that worked just fine.

If I remember correctly, the performance problem manifests itself when
there is forking involved. If you run CPU intensive jobs (like openssl
speed), the performance is fine. If you do a ./configure on a port
(which forks processes all the time), it drops to VAX speeds.

I'll gladly test any suggestions.

Here is output of /proc/cpuinfo from my Linux host:

[EMAIL PROTECTED] ~]$ cat /proc/cpuinfo
processor   : 0
vendor_id   : AuthenticAMD
cpu family  : 15
model   : 47
model name  : AMD Athlon(tm) 64 Processor 3200+
stepping: 2
cpu MHz : 1994.273
cache size  : 512 KB
fpu : yes
fpu_exception   : yes
cpuid level : 1
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext lm
3dnowext 3dnow pni
bogomips: 3993.80
TLB size: 1088 4K pages
clflush size: 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp [4] [5]

Re: OpenBSD/amd64 on VMware = sloooooow?

[Srebrenko Sehic]

Just to follow up with some basic numbers. I run a perl program which
executes uname -a 20 times while running vmstat 1 in another
terminal. Notice vmstat reporting blocked processes in the run. Output
below.

$ time perl -e 'for($i=0;$i20;$i++) { print $i: .`uname -a`; }'
0: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
1: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
2: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
3: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
4: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
5: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
6: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
7: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
8: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
9: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
10: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
11: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
12: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
13: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
14: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
15: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
16: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
17: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
18: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
19: OpenBSD amd64.lab.armorlogic.com 4.0 GENERIC#690 amd64
   0m10.91s real 0m8.68s user 0m0.90s system

$ vmstat 1
procs   memorypagedisk traps cpu
r b wavmfre   flt  re  pi  po  fr  sr sd0  int   sys   cs us sy id
0 0 0   7576 192244   143   0   0   0   0   0   2  230   211   19 11  3 86
0 0 0   7576 19224415   0   0   0   0   0   0  247516 17  5 78
1 0 0   8524 191692   334   0   0   0   0   0   0  235   643   25 74 20  6
1 1 0   8800 191364   252   0   0   0   0   0   0  229   680   18 75 25  0
1 1 0   8884 191300   365   0   0   0   0   0   0  230   551   29 82 18  0
1 1 0   8904 191276   472   0   0   0   0   0   0  231   664   36 84 15  1
1 1 0   8880 191308   593   0   0   0   0   0   0  231   702   44 82 18  0
1 1 0    191292   442   0   0   0   0   0   0  231   580   35 85 15  0
2 0 0   8892 191296   450   0   0   0   0   0   0  226   604   34 78 22  0
1 1 0    191296   628   0   0   0   0   0   0  233   796   45 82 18  0
1 1 0   8896 191292   660   0   0   0   0   0   0  233   858   43 88 12  0
1 1 0   8900 191288   440   0   0   0   0   0   0  236   592   34 82 18  0
0 0 0   7576 192244   288   0   0   0   0   0   0  235   465   33 52 14 33
0 0 0   7576 192244 7   0   0   0   0   0   0  237195  3  2 95

Re: automatic packages upgrade from ports [solved]

[Francois Visconte]

Hello,


sounds like you want to build a SUBDIRLIST with pkg_info(1).

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

 


Thanks for the advise. I found a very easy solution to do that:

PLIST=$(mktemp)
/usr/ports/infrastructure/build/out-of-date  $PLIST
cd /usr/ports/
SUBDIRLIST=$PLIST make clean package
export PKG_PATH=/usr/ports/packages/sparc64/all/
pkg_add -ui


Cheers,
Francois Visconte

Load Balance Outgoing Traffic

[uv negativa]

Hi
the load balancing and dont work

my configuration
OpenBSD 4.0 amd64
lan soekris lan1641, Four port 10/100 Mbit PCI Ethernet board


lan_net = 192.168.1.0/24
int_if  = sis3
ext_if1 = sis1
ext_if2 = sis0
ext_gw1 = 2x.x.x.x
ext_gw2 = 2x.x.x.x


#  nat
nat on $ext_if1 from $lan_net to any - ($ext_if1)
nat on $ext_if2 from $lan_net to any - ($ext_if2)


rdr on $ext_if2 proto tcp from any to any port 80 - 192.168.1.4
rdr on $ext_if1 proto tcp from any to any port 80 - 192.168.1.4
rdr on $ext_if2 proto tcp from any to any port 3389 - 192.168.1.4
rdr on $ext_if2 proto tcp from 200.118.109.58 to any port 1433 - 192.168.1.4
rdr on $ext_if2 proto tcp from 200.118.109.58 to any port 21 - 192.168.1.4


block log on $ext_if1 from any to any
block log on $ext_if2 from any to any
#  pass all outgoing packets on internal interface
#pass out on $int_if from any to $lan_net
#  pass in quick any packets destined for the gateway itself
#pass in quick on $int_if from $lan_net to $int_if
#  load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to \
   { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
   proto tcp from $lan_net to any flags S/SA modulate state
#  load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to \
   { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
   proto { udp, icmp } from $lan_net to any keep state

#  general pass out rules for external interfaces
pass on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass  on $ext_if1 proto { udp, icmp } from any to any keep state
pass  on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass  on $ext_if2 proto { udp, icmp } from any to any keep state


#  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
#  $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

Re: help! 855 chipset resolution

[[EMAIL PROTECTED]]

Why don't you just set aside a partiton for OpenBSD and dual-boot until 
you get your setup to the point that you can work with it?


-RjH

Re: help! 855 chipset resolution

[Vim Visual]

yes... that's probably the solution...

gosh... this means that I have to re-install both things... anyway...

2006/12/13, [EMAIL PROTECTED] [EMAIL PROTECTED]:

Why don't you just set aside a partiton for OpenBSD and dual-boot until
you get your setup to the point that you can work with it?

-RjH

help! 855 chipset resolution

[Vim Visual]

Hi folks and Naoki,

I have done it... I have installed o'bsd on my production laptop
(fujitsu siemens lifebook p7010) and it seems to work quite nice BUT
for one VERY important thing: screen resolution. It's showing 1024x768
whilst the laptop can reach 1280x768

I was aware of this because in GNU/Linux it's the same but I was
always able to patch it or to use 915resolution... but dmesg shows:

-
OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.20GHz (GenuineIntel
686-class) 1.21 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,F
XSR,SSE,SSE2,SS,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 1200 MHz (940 mV): speeds: 1200, 1100, 1000,
900, 800, 600 MHz
real mem  = 1063809024 (1038876K)
avail mem = 962383872 (939828K)
using 4256 buffers containing 53293056 bytes (52044K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(ba) BIOS, date 05/09/05, BIOS32 rev. 0 @
0xfd720, SMBIOS rev
. 2.3 @ 0xe80c0 (43 entries)
bios0: FUJITSU SIEMENS 00
pcibios0 at bios0: rev 2.1 @ 0xfd720/0x8e0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf40/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xd200! 0xdc000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82852GM Hub-PCI rev 0x02
Intel 82852GM Memory rev 0x02 at pci0 dev 0 function 1 not configured
Intel 82852GM Configuration rev 0x02 at pci0 dev 0 function 3 not configured
vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture
at 0xd800, siz
e 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel 82852GM AGP rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x03: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x03: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x03: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 4 ports with 4 removable, self powered
ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x83
pci1 at ppb0 bus 1
cbb0 at pci1 dev 10 function 0 Ricoh 5C476 CardBus rev 0xab: irq 11
cbb1 at pci1 dev 10 function 1 Ricoh 5C476 CardBus rev 0xab: irq 11
Ricoh 5C552 Firewire rev 0x03 at pci1 dev 10 function 2 not configured
vendor Ricoh, unknown product 0x0576 (class system subclass
miscellaneous, rev 0x01)
at pci1 dev 10 function 3 not configured
Ricoh 5C592 Memory Stick rev 0x00 at pci1 dev 10 function 4 not configured
rl0 at pci1 dev 12 function 0 Realtek 8139 rev 0x10: irq 11, address
00:0b:5d:91:6d:e
8
rlphy0 at rl0 phy 0: RTL internal PHY
iwi0 at pci1 dev 13 function 0 Intel PRO/Wireless 2200BG rev 0x05:
irq 11, address 00
:0e:35:34:e3:60
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 3 device 0 cacheline 0x0, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x03
pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x03: DMA,
channel 0 configu
red to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: FUJITSU MHT2080AH
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 ignored (disabled)
ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x03: irq 11
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x03: irq
11, ICH4 AC97
ac97: codec id 0x414c4770 (Avance Logic ALC203 rev 0)
ac97: codec features headphone, 20 bit DAC, 18 bit ADC, No 3D Stereo
audio0 at auich0
Intel 82801DB Modem rev 0x03 at pci0 dev 31 function 6 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
biomask effd netmask effd ttymask 
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
--

Re: help! 855 chipset resolution

[Dimitry Andric]

Vim Visual wrote:
...
 vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture at 
 0xd800, size 0x800
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 Intel 82852GM AGP rev 0x02 at pci0 dev 2 function 1 not configured
...
 NOT CONFIGURED!
 
 rgh!

Don't panic.  This is normal: it is the *second* head that is not
configured.  The first head is configured as vga1, and the AGP aperture
is also detected properly.


 and of course 915resolution doesn't work!!

This might be due to you using it incorrectly, since it works fine for
quite a lot of people. :)  In cases like this, always post the *exact*
command line and options that you tried, and include *complete* logs of
any error messages.


 1280patch-845g-855gm-865g.c:307: warning: assignment makes pointer
 from integer without a cast

Unfortunately, your attachment got stripped, since misc@ doesn't accept
any attachments.  Also, I would be surprised if Linux code compiled
as-is on any other operating system. :)

If the source code is not too large, you might want to post it inline,
but preferably give the URL where you downloaded it from.

Re: help! 855 chipset resolution

[Vim Visual]

Hi Dimitry and Gerhard,

first of all i apologise but I really was/am in panic... as I said,
this is my production laptop, the small little toy in front of which I
spend some ~10 hours a day!

I have spent quite a few days to learn the fundamentals of o'bsd on a
crashbox (this one, an ibm t43p) and was very happy with the result; I
even bought the absolute book and read quite a few chapters...

I cannot afford to have a non-functional (I know this is an
exaggerated statement) production laptop for longer than, say, a few
hours. As a matter of fact I am reinstalling GNU/Linux right now
because I HAVE to work this evening (the installation and set up takes
~20 min)

Anyway...

1- Why should I give gcc the path to io.h? (and where is it, btw, a
locate will be random in my case because I do not know what io.h is)
In GNU/Linux I don't have to do it and seemingly the folks of
FreeBSD/NetBSD neither. Does it depend on the gcc version?

2- Another BIG problem for me is that apm does not work. I NEED apm
-S. Again, this is an exaggerated statement but I am used to suspend
to RAM the laptop some ~5 times a day because I have to run from one
office to another because there's a meeting or whatever

I am really disappointed. I was looking so much forward to moving to o'bsd...

And the main problem is that I love my laptop: 1280x768 on a 10.2
crispy screen (I use an external screen in the office but for the
train, cafe etc it's perfect), 80GB disk, 1GB RAM, doesn't get hot,
1.2 kg (!!)

I really cannot make it without that little thing and I WANT o'bsd on
it but as I said some 3 weeks ago

1- I need wlan connection (guess it'll work just as it's working on
this one, same chipset)
2- I need the full screen resolution
3- I need apm working

If you guys say it's going to work and it was a mere problem of
compilation I'll sure give it a second try for the resolution... but
what do you say regarding apm???

This is the FreeBSD site where you can find the patch (sorry about
that, I didn't know)

http://www.jail.se/p7010.html

-- http://www.jail.se/p7010/1280patch-845g-855gm-865g.c



This might be due to you using it incorrectly, since it works fine for
quite a lot of people. :)  In cases like this, always post the *exact*
command line and options that you tried, and include *complete* logs of
any error messages.


yes, you're right, I was too nervous, sorry

But I don't think it was my problem. I know 915resolution and have
used it with GNU/Linux without a worry...

I am a o'bsd n00b but not a GNU/Linux newbie :)

Thanks in any case for your quick fedback and sorry about the
hysterical reaction...

Re: help! 855 chipset resolution

[Tobias Weisserth]

Hi there,

On Dec 13, 2006, at 3:09 PM, Vim Visual wrote:


yes... that's probably the solution...

gosh... this means that I have to re-install both things... anyway...


Nonsense! :-) You can make room on your harddrive by resizing some of  
your partitions so that OpenBSD fits on it too. All you need is  
Knoppix or some other Live CD of your choice with some decent  
partitioning tools on it.


regards,
Tobias

Re: VPN stability issues with a Fortigate peer

[Chris Jones]

Hi Stephen,

Thanks for the feedback. I was able to get things working but I had to
disable DPD on the Fortigate side and with advice from Hans-Joerg Hoexer
I was able to disable DPD by removing the dynamic mode from
ipsec.conf.

It would be nice to be able to get DPD working and it would also be
handy if you could disable DPD when using dynamic mode, possibly with a
set dpd off option? Can any developers on the list comment?

Cheers,
-Chris


 -Original Message-
 From: Stephen J. Bevan [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, December 12, 2006 7:19 PM
 To: Chris Jones
 Cc: misc@openbsd.org
 Subject: VPN stability issues with a Fortigate peer
 
 Chris Jones writes:
   I'm running the release version or OpenBSD 4.0 on my 
 firewall and   experiencing some odd IPSEC VPN behavior when 
 connecting to a Fortigate   peer. The tunnel will come up 
 just fine but will randomly go down and   then come back up 
 and will continue this cycle.
 
 Unfortunately both FortiGate and OpenBSD don't follow 
 Postel's advice to be liberal in what you accept (OpenBSD) 
 and conservative in what you send (FortiGate).  RFC 3706 
 section 5.3 says that the DOI SHOULD (not MUST) be 1.  When 
 the FortiGate sends a DPD with a DOI of 0, OpenBSD rejects it 
 because that sends it to the ISAKMP handler which drops 
 NOTIFY messages (see annotated trace below).
 
 If you only need DPD on one end and OpenBSD will send a DPD 
 Vendor ID without trying to send a DPD (I haven't checked) 
 then you can leave DPD enabled on the FortiGate and disable 
 it OpenBSD.
 
 If that won't work or isn't acceptable (won't work too well 
 if the FortiGate is configured with a dynamic connection) 
 then to get FortiGate and OpenBSD DPD to interoperate you'll 
 need to get one or both of FortiGate and OpenBSD to change 
 their code.  For FortiGate, send email to their customer 
 support.  In the case of OpenBSD maybe it is as simple as 
 copying over the DPD message parsing from 
 src/sbin/isakmpd/ipsec.c:ipsec_responder and put it in 
 src/sbin/isakmpd/isakmpd_doi.c:isakmp_responder.
 
 BTW Cisco IOS (12.4) does follow the be liberal in what you accept
 recommendation in this case and will accept a DPD with a DOI 
 of 0 from a FortiGate (though it will log a warning for DPD R 
 U THERE).
 
   I am running isakmpd with the -K option and using ipsecctl 
 to   establish flows and SA's. This is what my ipsec.conf looks like:
  
   remote_gw = 10.1.1.1
  
   flow esp from 192.168.8.1/32 to 192.168.0.0/16 peer 
 $remote_gw type   bypass ike dynamic esp from 
 192.168.8.0/24 to 192.168.0.0/16 peer $remote_gw \
   aggressive auth hmac-sha1 enc 3des group modp1536 \
   quick auth hmac-sha1 enc 3des group modp1536 \
   srcid [EMAIL PROTECTED] \
   psk sharedsecret
  
   The peer is DPD capable and enabled with the following settings:
  
   retry-count: 3
   retry-interval: 5
  
   After running isakmpd in debug mode (isakmpd -d -DA=50 -K) 
 and after   running ipsecctl I issued a continuous ping to 
 one of the hosts at the   other side of the tunnel. The ping 
 ran fine for a period of time and   then stopped. Here is 
 the ouput from the debug:
  
   073059.683292 Cryp 30 crypto_decrypt: after decryption:
   073059.686654 Cryp 30 0118 fbbe1146 c43cf921 dc386a4a 
 0dfc2751   e4cf2a6d 0a34 0001   073059.689438 Cryp 
 30 0001 0028 01030401 f286fdea 001c   0103 
 80010001 800204b0   073059.692737 Cryp 30 80040001 80050002 
 80030005 0414 c5664590   c4700a67 9cec6a71 633ffd8c   
 073059.695546 Cryp 30 05c4 6214a4ed 31ca88ca 0945b3d6 
 dd2c44ef   d03b008d 72b5ea00 273d3e0a   073059.698996 Cryp 
 30 5ec40d98 02c0ebad e3eac805 f87fa1ee 1142e2fd   92aee043 
 09e84e1c 3788c268   073059.701817 Cryp 30 4fdab8c6 1cbfad15 
 8123a459 df7a9a3b 66db84c5   59211ec4 90882bfc 2ae61c66   
 073059.705109 Cryp 30 6d35acdf 585d0b08 c5560cf9 d4a996a7 
 32a18daa   d3385206 7ce49f52 f5bab82c   073059.707999 Cryp 
 30 12b6cc01 29fec19b 3f582995 e80637b4 5e99d396   3a3b650b 
 2d78dd5f 44879af5   073059.711332 Cryp 30 1f8e016d 27c69817 
 341c6984 52e4f663 175db8ba   c206fb2b 08b9d0df f46705c1   
 073059.714125 Cryp 30 5a7d0a5a 0510 0400 0a4c0800 
 ff00   0010 0400 0a4c   073059.717252 Cryp 
 30     073059.719573 Mesg 50 
 message_parse_payloads: offset 28 payload HASH   
 073059.722425 Mesg 50 message_parse_payloads: offset 52 
 payload SA   073059.724772 Mesg 50 message_parse_payloads: 
 offset 104 payload NONCE   073059.727806 Mesg 50 
 message_parse_payloads: offset 124 payload   KEY_EXCH   
 073059.730126 Mesg 50 message_parse_payloads: offset 320 
 payload ID   073059.733027 Mesg 50 message_parse_payloads: 
 offset 336 payload ID   073059.735500 Mesg 50 
 message_parse_payloads: offset 64 payload PROPOSAL   
 073059.738492 Mesg 50 message_parse_payloads: offset 76 
 payload   TRANSFORM   073059.740835 Mesg 50 Transform 1's 
 attributes   073059.743665 Mesg 50 

Re: Thinkpad Fingerprint Sensors

[Chris Kuethe]

On 12/13/06, Marc Balmer [EMAIL PROTECTED] wrote:

* Michael wrote:
 Hi,

 will there be any support for the fingerprint sensor on the newer
 Thinkpads (anytime soon)?

 Linux:
 http://toe.ch/~tsa/ibm-fingerprint/
 http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader
 http://www.qrivy.net/~michael/blua/

 Vendor SDKs:
 Linux: http://www.upek.com/support/dl_linux_bsp.asp
 FreeBSD: http://www.upek.com/support/dl_freeBSD_bsp.asp

These are binary only (BLOB) drivers w/o source code.  If you can find
source code that would be better.  With the current state of affairs (no
source code, only BLOB) you will never get support for this device in
OpenBSD .


If you're still curious though, there is a fairly stagnant project at
sourceforge that might offer some insight into what you're asking for
- fvs.sourceforge.net. Sometimes you can find the sensor docs - like
for authentec - but many times there are very significant errors (like
with authentec). I started hacking on an authentec driver some years
ago. I was getting data back from the sensor but then I stopped
caring.

UPEK and DigitalPersona seemed quite unwilling to release enough
register documentation to make an open, multiplatform driver a
worthwhile pursuit - even if you did buy the SDK. They're free to
build closed, windows-only software, and you're free to ignore them.

CK

--
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: hme(4): pci_intr_map: no mapping for pin B

[Maxim Bourmistrov]

Maxim Bourmistrov wrote:

Hi!
Have a problme with hme-card on i386 (-current) :
hme2 at pci2 dev 2 function 1 Sun HME rev 0x01pci_intr_map: no 
mapping for pin B

: couldn't map interrupt

The rest of hme* seems to be okay:
ppb1 at pci0 dev 13 function 0 DEC 21153 PCI-PCI rev 0x04
pci2 at ppb1 bus 2
Sun PCIO Ebus2 rev 0x01 at pci2 dev 0 function 0 not configured
hme0 at pci2 dev 0 function 1 Sun HME rev 0x01: irq 3, address 
08:00:20:ef:e8:f4

luphy0 at hme0 phy 1: LU6612 10/100 PHY, rev. 1
Sun PCIO Ebus2 rev 0x01 at pci2 dev 1 function 0 not configured
hme1 at pci2 dev 1 function 1 Sun HME rev 0x01: irq 5, address 
08:00:20:ef:e8:f5

luphy1 at hme1 phy 1: LU6612 10/100 PHY, rev. 1
Sun PCIO Ebus2 rev 0x01 at pci2 dev 2 function 0 not configured
hme2 at pci2 dev 2 function 1 Sun HME rev 0x01pci_intr_map: no 
mapping for pin B

: couldn't map interrupt
Sun PCIO Ebus2 rev 0x01 at pci2 dev 3 function 0 not configured
hme3 at pci2 dev 3 function 1 Sun HME rev 0x01: irq 10, address 
08:00:20:ef:e8:f7

luphy2 at hme3 phy 1: LU6612 10/100 PHY, rev. 1


Any clues?
Broken hw?

//maxim


Tested med old Ubuntu distro.
Card works there(all 4 ifaces).

Re: php and ldap

[Bryan Irvine]

I have found it by myself:
I had to set the right path for extension_dir in php.ini.
Hope it may help others not to waste such a long time getting their loadable
modules running.


You skipped a step somewhere.  I just did this on a 4.0 system about
10 minutes ago and it worked without any extra steps.

--Bryan

STUPID file permission question

[stupidmail4me]

Am I seeing something wrong here?

My username is foo and primary group is therefore also
foo. I am also in the group bar.

I have a directory called anything owned by bar:bar.
It's permissions are 770. Why can't I traverse it's
tree? Doesn't my being in the bar group allow me with
the second 7 to traverse anything's tree?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

Re: help! 855 chipset resolution

[Dimitry Andric]

Vim Visual wrote:
 I cannot afford to have a non-functional (I know this is an
 exaggerated statement) production laptop for longer than, say, a few
 hours. As a matter of fact I am reinstalling GNU/Linux right now
 because I HAVE to work this evening (the installation and set up takes
 ~20 min)

You should always verify that everything works, before taking any
machine into production. :)  As others have already said, a separate
partition for OpenBSD is a good way to get started.


 1- Why should I give gcc the path to io.h? (and where is it, btw, a
 locate will be random in my case because I do not know what io.h is)
 In GNU/Linux I don't have to do it and seemingly the folks of
 FreeBSD/NetBSD neither. Does it depend on the gcc version?

If you don't know what the problem is, you should not be the one trying
to fix it. :)


 2- Another BIG problem for me is that apm does not work. I NEED apm

As far as can be seen from your previously posted dmesg, your laptop
doesn't support apm at all, only acpi.  Please complain to your laptop
manufacturer about it.  We see this all the time with newer machines,
vendors don't bother to test anything but Windows these days.

If all goes well, acpi support will probably make it into OpenBSD 4.1,
and there are already some snapshots with partial acpi support on the
ftp site.  But please don't count on this to work perfectly, it's still
in development.


 1- I need wlan connection (guess it'll work just as it's working on
 this one, same chipset)

It's an Intel 2200BG, which works, if you accept Intel's weird licensing
policies for their firmware.


 2- I need the full screen resolution

As I asked you before: post the exact command lines you were using with
915resolution, and the exact error messages which prevented it from
working.

We would rather have a chance to fix the 915resolution port, if it
somehow didn't work on your machine, than try to get some weird
Linux-only program running.


 3- I need apm working

Try looking for a BIOS update from your vendor, complain to your vendor
about dropping support for established standards, or try a snapshot with
acpi support enabled (but DON'T expect everything to work in this
case!).

Re: help! 855 chipset resolution

[Vim Visual]

Hi Dimitry,


You should always verify that everything works, before taking any
machine into production. :)


well, I cannot think of a better verification than installing the OS
and look around... googling around for all the system can be rather
tedious


As others have already said, a separate
partition for OpenBSD is a good way to get started.


yes, I am going to do that...


If you don't know what the problem is, you should not be the one trying
to fix it. :)


I'm not trying to fix it, that's why I ask :)


As far as can be seen from your previously posted dmesg, your laptop
doesn't support apm at all, only acpi.  Please complain to your laptop
manufacturer about it.  We see this all the time with newer machines,
vendors don't bother to test anything but Windows these days.


it's not really a new machine... it's some 3 years old...


If all goes well, acpi support will probably make it into OpenBSD 4.1,
and there are already some snapshots with partial acpi support on the
ftp site.  But please don't count on this to work perfectly, it's still
in development.


I'm not the one who's going to play around with snapshots... remember?
I'm an o'bsd n000b, even if my colleagues regard me as being a
linux guru... hahaha... I know I have a looong way to go and o'bsd is
the right one for me, to LEARN


It's an Intel 2200BG, which works, if you accept Intel's weird licensing
policies for their firmware.


yes, I know... and sent quite a few emails to the intel people


As I asked you before: post the exact command lines you were using with
915resolution, and the exact error messages which prevented it from
working.


it's impossible now... the o'bsd installation is not any more there
and I can't remember the error message by heart. That was a mistake
from my part


We would rather have a chance to fix the 915resolution port, if it
somehow didn't work on your machine, than try to get some weird
Linux-only program running.


it's not weird; it's C and it's not only for Linux... it's working
properly in FreeBSD and NetBSD, as I said before


Try looking for a BIOS update from your vendor, complain to your vendor


that's where you can help me now... I've never done a BIOS update.
I've looked now and found this

http://support.fujitsu-siemens.com/Download/ShowDescription.asp?SoftwareGUID=20310743-5098-440B-BECB-93EA1BCF3CAAClassID=d3c7e8ab-04ec-4a50-9c81-809daa777384

but they explicitely say it's only for w$... on the other hand it is
an iso image... should I try to burn it and boot from the cd to see
what happens? On the other hand they do not comment anything regarding
apm there... or maybe yes... it's too obscure for me, sorry...
I forgot to mention that I don't have any w$ partition btw. I've been
automatically deleting all w$ partitions for 7 years. Or should I try
it with linux wine? :) hahaha...


about dropping support for established standards, or try a snapshot with
acpi support enabled (but DON'T expect everything to work in this
case!).


no, I will not... I know quite well where my limits are... I prefer to
go for the dual boot and wait for o'bsd 4.1

Does anybody know for sure that they're going to implement acpi in 4.1?

And since I am already asking... is gnome to be updated in the next
release? it's 2.10 in the binaries but the gnome project is already in
2.16-17 and it's a bit of a difference...

I could ask the IT department of my institute to give me an IBM x41 or
something similar and give back this fujitsu siemens but really, it is
just wonderful... 1.2 kg, comes with two batteries and I've sometimes
worked for longer than SIX hours with them... doesn't get hot, comes
with a removable DVD player, big hard disk, etc etc...

Anyway, thanks for the very useful comments (not being sarcastic
here!). This is (are) a very nice emailing list.

Cheers,

Pau

Re: STUPID file permission question

[Andreas Maus]

On 12/13/06, stupidmail4me [EMAIL PROTECTED] wrote:
Hi.


My username is foo and primary group is therefore also
foo. I am also in the group bar.

Did you logout and login again after adding yourself
to the group bar? If not do so.

Whats the output of id?


I have a directory called anything owned by bar:bar.
It's permissions are 770. Why can't I traverse it's
tree? Doesn't my being in the bar group allow me with
the second 7 to traverse anything's tree?

Depends on the permissions of the upper directory.
e.g. if the directory is /home/bar/foo_bar and /home/bar
is only readable+executable for user bar (read 0700)
you are not allowed to enter this directory and so you can't
enter any directories below that dir.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: STUPID file permission question

[stupidmail4me]

Told you it was a stupid question. Forgot to
logout/login. Thanks.

--- Andreas Maus [EMAIL PROTECTED] wrote:

 On 12/13/06, stupidmail4me [EMAIL PROTECTED]
 wrote:
 Hi.
 
  My username is foo and primary group is therefore
 also
  foo. I am also in the group bar.
 Did you logout and login again after adding yourself
 to the group bar? If not do so.
 
 Whats the output of id?
 
  I have a directory called anything owned by
 bar:bar.
  It's permissions are 770. Why can't I traverse
 it's
  tree? Doesn't my being in the bar group allow me
 with
  the second 7 to traverse anything's tree?
 Depends on the permissions of the upper directory.
 e.g. if the directory is /home/bar/foo_bar and
 /home/bar
 is only readable+executable for user bar (read 0700)
 you are not allowed to enter this directory and so
 you can't
 enter any directories below that dir.
 
 Andreas.
 
 -- 
 Hobbes : Shouldn't we read the instructions?
 Calvin : Do I look like a sissy?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

OpenBSD on soekries or WRAP, wich

[Carlos A. Garcia G]

Hi maybe this is not the list but thera are here a lot of people that 
must know something about it recenrtly i found a blog from jonathan 
weiss who says thst wrap are a good solution than soekries, and what i 
want to know it is a recommendation about wich one to buy ? who has done 
this before?

Re: why the shift from isakmpd.conf?

[Toni Mueller]

Hi,

On Mon, 11.12.2006 at 17:14:50 +1100, nuffnough [EMAIL PROTECTED] wrote:
 I've learnt in the past few weeks that the use of isakmpd is being
 deprecated in favour of ipsec.

Hekan has already written about that, but there's an additional bonus
in using ipsecctl (if you can), as far as I understood it yet:

 What were the reasons that led to this decision..?

Using it should allow for dynamic tunnel reconfiguration, so you should
be able to add or delete individual tunnels w/o the need to tear down
everything in case you have some modification underway. This is already
possible, but difficult, without ipsecctl.


Best,
--Toni++

Re: Openldap

[Toni Mueller]

Hi,

On Fri, 08.12.2006 at 10:02:37 -0800, Bryan Irvine [EMAIL PROTECTED] wrote:
 I've been running 2.2.27 (with db4 FWIW) since august-ish of last year
 with zero corruption problems.

please also be sure to enable the sync option on bdb databases. I've
only experienced data loss when slapd went down uncontrolled, but
db_recover fixed most of it (AAARRRGGHH - still!).


Best,
--Toni++

OpenBSD 4.0/i386 w/ raid(4) ISO (-stable w/ RAIDFrame)

[Brian A. Seklecki]

All:

I just wanted to take a moment thank the OpenBSD community and dev team.
Great tools such as pf(4), pfsync(4), etc. enabled me to perform a
zero-downtime upgrade of a very large core router last week.

Per my original patch set to enable this raid(4) RAIDFrame enabled
upgrade, there are few notes to share regarding actual usage:

1) When booting from the CD, it is important to interrupt the 2nd stage
boot loader sequence and:

boot bsd -a

This will prompt you for the root device, which should be rd0a,
otherwise the RAID_AUTOCONFIG will take it as raid0a  

Or:

Just before your last shutdown before upgrading, use raidctl(8) to
modify the raidset to -A yes dev instead of -A root dev.

2) There is one more additional patch that needs to occur in install.sub
I ran into a small bug src/distrib/miniroot/install.sub

http://www.openbsd.org/cgi-bin/cvsweb/src/distrib/miniroot/install.sub?rev=1.406content-type=text/x-cvsweb-markup

DKDEVS=$(scan_dmesg ${MDDKDEVS:-/^[sw]d[0-9][0-9]* /s/ .*//p})

This can be overridden (I'm only realizing now) by EXPORT'ing
MDDKDEVS= at run time.  However, the long term fix (if/when raid(4) is
updated), is to fix the regex.

Unfortunately, I'm having some trouble updating this BRE REGEX.
re_format(7) hackers feel free to pitch in.

OpenBSD sed(1) doesn't support ERE (Extended Regular Expressions), but
egrep(1) of course does.  Normally I would switch this to:

/^(rai|[sw])d[0-9][0-9]* /s/ .*//p

And with E grep I would get:

$ egrep '^(rai|[wd])d[0-9][0-9]* ' /var/run/dmesg.boot 
wd0 at pciide1 channel 0 drive 0: WDC WD800JD-75LSA0
wd1 at pciide1 channel 1 drive 0: WDC WD800JD-75LSA0
raid0 (root): (RAID Level 1) total number of sectors is...
raid1 (root): (RAID Level 1) total number of sectors is

But apparently the start(thisString|[thatCharActerClass])rest syntax
doesn't work in non-ERE mode.  Maybe someone can help out there.

Also, updating the kernel (/bsd), the 2nd stage boot (/boot) is tricky
and a manual process when using this CD to upgrade:

3) To make bsd.mp+raidframe a Install Set option, declare /  export:
MDSETS=bsd.mp+raidframe to have install.sub suck it into the $THESETS
append list.  

According to the upgrade.sh, this will install it into your root dir
(raid0a?) / path; which is wrong (I use a symlink for my kernel), but
at least you'll be able to copy it to wd0a:/antiraid/bsd and
wd0b:/antiraid/bsd ... or:

Wait for upgrade.sh to finish up and remount /dev/cd0a manually again
against /mnt2.

I have updated this image to the latest OpenBSD 4.0-stable sources.
Tags: -r OPENBSD_4_0, -D 11/06/06 10:58:26 EST.

http://people.collaborativefusion.com/~seklecki/openbsd_4.0_stableUpdate_wRAIDFrame.iso

SHA1: b7e33764ab96e1a2db0d125d07e9628367680858
Size: 175331328

-- 
Brian A. Seklecki [EMAIL PROTECTED]
Collaborative Fusion, Inc.
Subject: If you please: OpenBSD 4.0/i386 ISO (-stable w/ RAIDFrame)
From: Brian A. Seklecki [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Organization: Collaborative Fusion, Inc.
Message-Id: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution 2.2.3-10mdk 
Date: Sat, 11 Nov 2006 05:28:53 -0500

SHA1 (public_html/obsdcd_4.0_updateWRAID.iso) =
36c5fe6cb3cd0af6ded8e25a24e2f70f4faaa6cf

36c5fe6cb3cd0af6ded8e25a24e2f70f4faaa6cf  obsdcd_4.0_updateWRAID.iso

-rw-r--r--  1 lavalamp  lavalamp  175319040 Nov 11 05:25
public_html/obsdcd_4.0_updateWRAID.iso

Re: OpenBSD on soekries or WRAP, wich

[Matt Radtke]

 Hi maybe this is not the list but thera are here a
 lot of people that 
 must know something about it recenrtly i found a
 blog from jonathan 
 weiss who says thst wrap are a good solution than
 soekries, and what i 
 want to know it is a recommendation about wich one
 to buy ? who has done 
 this before?

I've installed OpenBSD on both a WRAP and a Soekris. 
Basically, the 3 port ethernet WRAP model compares
very well with the soekris 4801.

The soekris does have an full size PCI slot, allowing
you to add up to 4 more ethernet interfaces and a
laptop IDE bus, allowing you to add a 2.5 IDE drive. 


Both let you plug in a CF card or micro drive, both
have 3 10/100 NICs, can PXE boot, have a mini PCI
slot, same CPU, same RAM etc, etc.

The WRAP with case can be had for $146 USD, the
Soekris 4801 with case for $240 USD.

For me, the laptop drive is largely worthless--more
noise and uses more power, so I exlude that from my
value equation.  CF cards and microdrives are more
than adequate.

So, unless you need more than 3 ethernet NICs, why pay
$100 more for esentially the same hardware?  

-Matt

PS: wasn't this just on the list like last month?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

Re: OpenBSD on soekries or WRAP, wich

[Anis Kadri]

I guess it all depends on what you need to do.
I bought a WRAP because i didn't need the ATA/USB ports. I just wanted a
board with three ethernet ports, minipci and CF port. I'm using it as a
gate/firewall/Access Point.

On 12/13/06, Carlos A. Garcia G [EMAIL PROTECTED] wrote:

 Hi maybe this is not the list but thera are here a lot of people that
 must know something about it recenrtly i found a blog from jonathan
 weiss who says thst wrap are a good solution than soekries, and what i
 want to know it is a recommendation about wich one to buy ? who has done
 this before?

Re: OpenBSD 4.0/i386 w/ raid(4) ISO (-stable w/ RAIDFrame)

[Brian A. Seklecki]

On Wed, 13 Dec 2006, Brian A. Seklecki wrote:

 All:


BTW, it is far from optimal, but the following BRE works:

DKDEVS=$(scan_dmesg ${MDDKDEVS:-/^\(rai\)*[sw]*d[0-9][0-9]* /s/ .*//p})

...because saying:

may contain one \(rai\)* or more, but not either, and (or?)...
may contain one of either [sw]* or more, but not either...

Is sort of like (rai|[sd])

Strange daysfull src patches on my site.

~BAS
Subject: If you please: OpenBSD 4.0/i386 ISO (-stable w/ RAIDFrame)
From: Brian A. Seklecki [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Organization: Collaborative Fusion, Inc.
Message-Id: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution 2.2.3-10mdk 
Date: Sat, 11 Nov 2006 05:28:53 -0500

SHA1 (public_html/obsdcd_4.0_updateWRAID.iso) =
36c5fe6cb3cd0af6ded8e25a24e2f70f4faaa6cf

36c5fe6cb3cd0af6ded8e25a24e2f70f4faaa6cf  obsdcd_4.0_updateWRAID.iso

-rw-r--r--  1 lavalamp  lavalamp  175319040 Nov 11 05:25
public_html/obsdcd_4.0_updateWRAID.iso

Re: help! 855 chipset resolution

[FUKAUMI Naoki]

At Wed, 13 Dec 2006 19:07:24 +0100,
Vim Visual wrote:
  We would rather have a chance to fix the 915resolution port, if it
  somehow didn't work on your machine, than try to get some weird
  Linux-only program running.
 
 it's not weird; it's C and it's not only for Linux... it's working
 properly in FreeBSD and NetBSD, as I said before

I added some lines for NetBSD and FreeBSD, but I did not add any line
for OpenBSD. C may be portable, but program may not be portable:)

It's weird and small C program. It will work on OpenBSD if you add some
lines for OpenBSD.

Regards,

--
FUKAUMI Naoki

Re: help! 855 chipset resolution

[Vim Visual]

ahem...

any C programmer willing to have a look at the C code to make it o'bsd
compatible? according to Naoki it should be feasible but my
programming knowledge is limited to shell scripting, a bit of python
and fortran... (am a Physicist)

http://www.jail.se/p7010/1280patch-845g-855gm-865g.c

:)

(why do I have the feeling that I am going to land in the trash folder
of more than one person from these mailing lists??)


I added some lines for NetBSD and FreeBSD, but I did not add any line
for OpenBSD. C may be portable, but program may not be portable:)

It's weird and small C program. It will work on OpenBSD if you add some
lines for OpenBSD.

Regards,

--
FUKAUMI Naoki

Re: help! 855 chipset resolution

[Vim Visual]

Hi,

ok... it's taken me blood and sweat but I have succeeded at resizing
(per hand) the linux disk without losing data (!). Qtparted just
didn't work at all. I don't know how but I have managed to have now
three partitions

1st partition, ~35GB, with ext3
2nd partition, ~35GB no format
3rd partition swap linux (the rest)

Now I have booted from the obsd40.iso cd but I am messed up... ahem...

When I try to follow the instructions for the dual boot I get lost in
the CHS nomenclature... I have taken a picture of the table:

www.aei.mpg.de/~pau/partitions.png

when I try to go for the disklabel thing it says the root slice just
created, of 300MB, overlaps with b, swap, which I gave 2GB... but I
don't know why... and I also don't know what's that extended DOS
thing??!

Would it be also possible to use the linux swap partition for both
systems, o'bsd and linux?

Could you please be so nice as to write in a dummy way? something like
add a, delete b etc?

I have the feeling that I have messed up the CHS thing and would be
VEERY grateful if you dummified the process...

I have copied these lines from the installation guide and some of the
numbers do not correspond to my disk... but I'd be grateful if you
gave me the answers...

Partition id ('0' to disable)  [0 - FF]: [0] (? for help) a6
 Do you wish to edit in CHS mode? [n] y
 BIOS Starting cylinder [0 - 9728]: [0] Here for instance I set
4659... because I see that linux goes until 4658
 BIOS Starting head [0 - 239]: [0] Enter (these numbers are from the
inst. guide)
 BIOS Starting sector [1 - 63]: [0] 1
 BIOS Ending cylinder [0 - 2585]: [0] 2585
 BIOS Ending head [0 - 239]: [0] 239
 BIOS Ending sector [1 - 63]: [0] 63

I am reading the man, I swear! and the installation guide... I guess
this is the result of many years of nice GUI applets... :(
I am afraid that the o'bsd partition should go to the first part of
the table... mmmh...
Otherwise I can do it the other way round... install obsd and then
linux... in this direction I know my way...

Cheers,

Pau

2006/12/13, [EMAIL PROTECTED] [EMAIL PROTECTED]:

Why don't you just set aside a partiton for OpenBSD and dual-boot until
you get your setup to the point that you can work with it?

-RjH

Re: help! 855 chipset resolution

[Otto Moerbeek]

On Wed, 13 Dec 2006, Vim Visual wrote:

 ahem...
 
 any C programmer willing to have a look at the C code to make it o'bsd
 compatible? according to Naoki it should be feasible but my
 programming knowledge is limited to shell scripting, a bit of python
 and fortran... (am a Physicist)
 
 http://www.jail.se/p7010/1280patch-845g-855gm-865g.c
 
 :)
 
 (why do I have the feeling that I am going to land in the trash folder
 of more than one person from these mailing lists??)
 
  I added some lines for NetBSD and FreeBSD, but I did not add any line
  for OpenBSD. C may be portable, but program may not be portable:)
  
  It's weird and small C program. It will work on OpenBSD if you add some
  lines for OpenBSD.

I have the feeling you and Dim are talking about different things.

I'm might be compleetly wrong, but isn't the 915resolution-0.5.2.tgz
package what Vim needs? That's already ported, precompiled and tested
on a variety of harware using that chipset. 

-Otto

Re: help! 855 chipset resolution

[Dimitry Andric]

Otto Moerbeek wrote:
 I'm might be compleetly wrong, but isn't the 915resolution-0.5.2.tgz
 package what Vim needs? That's already ported, precompiled and tested
 on a variety of harware using that chipset. 

I've asked him several times now to post the exact problems he is having
using the port.  I'm not going to do so again.

Re: What it this mean?

[andrew fresh]

On Mon, Dec 11, 2006 at 09:16:50AM -0700, Carlos A. Garcia G wrote:
 i have recived a mail from the server with this information
 
 Checking setuid/setgid files and devices:
 Setuid/device find errors:
 find: /tmp/PerlIO_W32319: No such file or directory
 
 what is it? and what can i do to fix the problem?

Since amazingly no one else has written in with the correct answer:

This output comes from the daily insecurity output email.

It is caused by the find for new/updated set[ug]id files in
/etc/security.  It is generated when find attempts to enter a directory
that was there when listing the contents parent directory but was
removed before find had a chance to traverse it.

I get these errors regularly on my servers running mimedefang as there
are generally quite a few directories in /var/spool/mimedefang that get
created and deleted quickly.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: Communications satellite used by the military
for star wars.

Re: OpenBSD on soekries or WRAP, wich

[Carlos A. Garcia G]

Matt Radtke escribis:

Hi maybe this is not the list but thera are here a
lot of people that 
must know something about it recenrtly i found a
blog from jonathan 
weiss who says thst wrap are a good solution than
soekries, and what i 
want to know it is a recommendation about wich one
to buy ? who has done 
this before?



I've installed OpenBSD on both a WRAP and a Soekris. 
Basically, the 3 port ethernet WRAP model compares

very well with the soekris 4801.

The soekris does have an full size PCI slot, allowing
you to add up to 4 more ethernet interfaces and a
laptop IDE bus, allowing you to add a 2.5 IDE drive. 



Both let you plug in a CF card or micro drive, both
have 3 10/100 NICs, can PXE boot, have a mini PCI
slot, same CPU, same RAM etc, etc.

The WRAP with case can be had for $146 USD, the
Soekris 4801 with case for $240 USD.

For me, the laptop drive is largely worthless--more
noise and uses more power, so I exlude that from my
value equation.  CF cards and microdrives are more
than adequate.

So, unless you need more than 3 ethernet NICs, why pay
$100 more for esentially the same hardware?  


-Matt

PS: wasn't this just on the list like last month?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

  

what about routerboard? anyone has used this one?

CanSecWest 2007 (April 18-20) Call For Papers (Deadline Jan 7th)

[Dragos Ruiu]

CanSecWest 2007 CALL FOR PAPERS

VANCOUVER, Canada -- The eighth annual CanSecWest applied technical security 
conference - where the eminent figures in the international security industry 
will get together share best practices and technology - will be held in 
downtown Vancouver at the the Mariott Renaissance Harbourside on April 18-20, 
2007. The most significant new discoveries about computer network hack 
attacks and defenses, commercial security solutions, and pragmatic real world 
security experience will be presented in a series of informative tutorials. 

The CanSecWest 2007 meeting provides international researchers a relaxed, 
comfortable environment to learn from informative tutorials on key 
developments in security technology, and collaborate and socialize with their 
peers in one of the world's most scenic cities - a short drive away from one 
of North America's top skiing areas. 

The CanSecWest 2007 conference will also feature the availability of the 
Security Masters Dojo expert network security sensei instructors, and their 
advanced, and intermediate, hands-on training courses - featuring small class 
sizes and practical application excercises to maximize information transfer. 

We would like to announce the opportunity to submit papers, and/or lightning 
talk proposals, for selection by the CanSecWest technical review committee. 
Please make your paper proposal submissions before January 7th, 2007. Slides 
for the papers must be submitted by March 15th, 2007. 

Some invited papers have been confirmed, but a limited number of speaking 
slots are still available. The conference is responsible for travel and 
accomodations for the speakers. If you have a proposal for a tutorial session 
then please email a synopsis of the material and your biography, papers and, 
speaking background to [EMAIL PROTECTED] Only slides will be needed 
for the March paper deadline, full text does not have to be submitted - but 
will be accepted if available. 

The CanSecWest 2007 conference consists of tutorials on technical details 
about current issues, innovative techniques and best practices in the 
information security realm. The audiences are a multi-national mix of 
professionals involved on a daily basis with security work: security product 
vendors, programmers, security officers, and network administrators. We give 
preference to technical details and new education for a technical audience. 

The conference itself is a single track series of presentations in a lecture 
theater environment. The presentations offer speakers the opportunity to 
showcase on-going research and collaborate with peers while educating and 
highlighting advancements in security products and techniques. The focus is 
on innovation, tutorials, and education instead of product pitches. Some 
commercial content is tolerated, but it needs to be backed up by a technical 
presenter - either giving a valuable tutorial and best practices instruction 
or detailing significant new technology in the products. 

Paper proposals should consist of the following information: 

1) Presenter, and geographical location (country of origin/passport) and 
contact info (e-mail, postal address, phone, fax). 
2) Employer and/or affiliations. 
3) Brief biography, list of publications and papers. 
4) Any significant presentation and educational experience/background. 
5) Topic synopsis, Proposed paper title, and a one paragraph description. 
6) Reason why this material is innovative or significant or an important 
tutorial. 
7) Optionally, any samples of prepared material or outlines ready. 
8) Will you have full text available or only slides? 
9) Please list any other publications or conferences where this material has 
been or will be published/submitted. 

Please include the plain text version of this information in your email as 
well as any file, pdf, sxw, ppt, or html attachments. (Some reviewers only
look at .txt info.) Multiple submissions are acceptable.

Please forward the above information to be considered for placement on the 
speaker roster, or have your short lightning talk scheduled. Send all 
conference related correspondence to [EMAIL PROTECTED]

thanks,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
London, U.K.Feb 28 / Mar 1 - 2007http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp

SUCCESS: Certance CP3100i boots and runs with drahn provided kernel

[Diana Eichert]

(thought I'd post this to misc@ also, in case y'all don't follow other
platforms)


I wanted to pass this on to [EMAIL PROTECTED]  I'm sure you know the Certance 
CP3100
is one of the listed armish projects.  It hasn't been working, mostly due
to an odd design decision related to the serial console interupt.  Dale
has made some patches that at least get the serial console working long
enough to let me install a recent snapshot on the CP3100i.  It would still
crash when logged in via the console, but I avoid that by logging in via
ssh.  Right now I'm loading the kernel Dale provided via tftp.  Dale
indicates his patched com driver is not what will get committed to the
source tree.

I just rebuilt userland against a -current source from a CVS update made
on Dec 11.  The make build took ~ 17.25 hours to complete.

A big thank you goes out to Dale for his effort.

follows is the dmesg

OpenBSD 4.0-current (GENERIC) #12: Sun Dec  3 19:25:39 CST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/armish/compile/GENERIC
real mem  = 268435456 (262144K) 256MB
avail mem = 237568000 (232000K)
using 3302 buffers containing 13524992 bytes (13208K) of memory
mainbus0 (root)
cpu0 at mainbus0: i80321 600MHz rev 2 (XScale core)
cpu0: DC enabled IC enabled WB enabled LABT branch prediction enabled
cpu0: 32KB(32b/l,32way) I-cache, 32KB(32b/l,32way) wr-back-lock D-cache
iopxs0 at mainbus0: Certance CP3100: i80321 I/O Processor
iopiic0 at iopxs0: I2C controller
iic0 at iopiic0
ricohrtc0 at iic0 addr 0x32: RICOH RS5C372[AB] Real-time Clock
ricohrtc0: ricohrtc_reg_write: failed to write reg15
ricohrtc0: ricohrtc_reg_write: failed to write reg14
pci0 at iopxs0
em0 at pci0 dev 0 function 0 Intel PRO/1000MT (82546EB) rev 0x01: irq
27, address 00:0e:a4:00:10:e0
em1 at pci0 dev 0 function 1 Intel PRO/1000MT (82546EB) rev 0x01: irq
28, address 00:0e:a4:00:10:e1
pciide0 at pci0 dev 1 function 0 Intel 31244 SATA rev 0x00: DMA
pciide0: using irq 29 for native-PCI interrupt
wd0 at pciide0 channel 1 drive 0: SAMSUNG SP2504C
wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
siop0 at pci0 dev 2 function 0 Symbios Logic 53c1010-66 rev
0x01iq80321_pci_intr_map: no mapping for 0/2/0 (
2, 1, 303104256)
: couldn't map interrupt
siop1 at pci0 dev 2 function 1 Symbios Logic 53c1010-66 rev 0x01: irq
30, using 8K of on-board RAM
scsibus0 at siop1: 16 targets
gpio0 at iopxs0: 8 pins
obio0 at mainbus0
com0 at obio0 addr 0xfe80 intr -2: ns16550a, 16 byte fifo
com0: console
clock: hz= 100 stathz = 100
/dev/ksyms: Symbol table not valid.
boot device: wd0.
rootdev=0x1000 rrootdev=0x1000 rawdev=0x1002
WARNING: / was not properly unmounted
ricohrtc0: ricohrtc_clock_read: failed to read rtc
WARNING: preposterous clock chip time
ricohrtc0: ricohrtc_clock_write: failed to write rtc
resettodr: failed to set time
WARNING: CHECK AND RESET THE DATE!

Re: OpenBSD on soekries or WRAP, wich

[Matt Radtke]

 what about routerboard? anyone has used this one?
 

No.  The routerboard is MIPS based and currently
unsupported.

-Matt
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

Re: openbsd 4.0 snmpd core dumps with vlan interface number higher as 9

[Brian A. Seklecki]

That's awesome!

BTW, I submitted a PR on this yesterday but haven't gotten the automated 
response.  Will forward to you if I do.


~BAS


On Wed, 13 Dec 2006, [EMAIL PROTECTED] wrote:


Hi List,

openbsd 4.0

i've vlan interfaces from vlan1 to vlan9
i can start
snmpd -x localhost
without any problems

if i create vlan10
snmpd core dumps
Bus error (core dumped)

the last lines from the debug are
trace: netsnmp_send_traps(): agent_trap.c, 603:
trap: send_trap 0 0 NET-SNMP-MIB::netSnmpAgentOIDs.255trace:
netsnmp_send_traps(): agent_trap.c, 605:
trap:
Bus error (core dumped)

if i destroy vlan10 it works again.

the core dump is here
http://www.tbits.org/snmpd.core.gz

Have everyone an idea ?

Thx

Thomas




l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
   http://www.spiritual-machines.org/

...from back in the heady days when helpdesk meant nothing, diskquota
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were.

Re: help! 855 chipset resolution

[Bill Maas]

On Wed, 2006-12-13 at 22:19 +0100, Vim Visual wrote:
 Hi,
 
 ok... it's taken me blood and sweat but I have succeeded at resizing
 (per hand) the linux disk without losing data (!). Qtparted just
 didn't work at all.

Qtparted is probably a front-end to Parted, which is yet another GNU
misgrowth - don't use it (no seriously, it's rubbish). For partitioning,
use fdisk or cfdisk instead; cfdisk has been reported to write the
cleanest partition table entries, so must be good. It's also very
comfortable. I use it all the time.

I'm not acquainted with partition resizing, I just throw everything off
and install again. People who resize partitions are probably people who
don't keep backups (OK, the are a few Windows issues which make resizing
the most obvious option sometimes, but we're talking Linux here aren't
we?). Having e.g. a separate secondary partition mounted on /home is
also a good way to maintain flexibility.

  I don't know how but I have managed to have now
 three partitions
 
 1st partition, ~35GB, with ext3
 2nd partition, ~35GB no format
 3rd partition swap linux (the rest)
 
 Now I have booted from the obsd40.iso cd but I am messed up... ahem...
 
 When I try to follow the instructions for the dual boot I get lost in
 the CHS nomenclature... I have taken a picture of the table:
 
 www.aei.mpg.de/~pau/partitions.png
 
 when I try to go for the disklabel thing it says the root slice just
 created, of 300MB, overlaps with b, swap, which I gave 2GB... but I
 don't know why... and I also don't know what's that extended DOS
 thing??!

From my Notes:


- older i386 subdirs (= 3.4) contained a few files with very detailed
  descriptions of harddisk issues in /pub/OpenBSD/version/i386/:
  - INSTALL.ata The ATA/ATA-1/ATA-2/IDE/ETDE/etc FAQ
  - The HOW IT WORKS series:
INSTALL.chs CHS translation
INSTALL.dbr DOS floppy boot sector
INSTALL.mbr Master Boot Record
INSTALL.os2br   OS2 boot sector
INSTALL.pt  Partition tables
  Very useful if you like to know for example that LBA =
  ( (cylinder * heads_per_cylinder + heads ) * sectors_per_track ) +
sector - 1
  These documents now live at: http://www.ata-atapi.com/hiw.htm


Might provide you with a few Extended answers;).

 Would it be also possible to use the linux swap partition for both
 systems, o'bsd and linux?

Not that I'm aware of.

 Could you please be so nice as to write in a dummy way? something like
 add a, delete b etc?

The OpenBSD FAQ should be dummy-proof enough. It worked for me;)

 I have the feeling that I have messed up the CHS thing and would be
 VEERY grateful if you dummified the process...
 
 I have copied these lines from the installation guide and some of the
 numbers do not correspond to my disk... but I'd be grateful if you
 gave me the answers...

The numbers aren't supposed to match exactly, it's the Bigger Picture
that matters here. Sit down, relax, take a deep breath, concentrate,
read carefully and absorb.. The knowledge is there.

 Partition id ('0' to disable)  [0 - FF]: [0] (? for help) a6
   Do you wish to edit in CHS mode? [n] y

I think this question could have also read Do you want to make life
more difficult? [n]. So why answer with 'y'?

   BIOS Starting cylinder [0 - 9728]: [0] Here for instance I set
 4659... because I see that linux goes until 4658
   BIOS Starting head [0 - 239]: [0] Enter (these numbers are from the
 inst. guide)
   BIOS Starting sector [1 - 63]: [0] 1
   BIOS Ending cylinder [0 - 2585]: [0] 2585
   BIOS Ending head [0 - 239]: [0] 239
   BIOS Ending sector [1 - 63]: [0] 63

Advice: start all over again using cfdisk (you will hardly need a manual
for that one), create a nice set of primary partitions (you can leave
your Linux partition as it is), and try again from there. As far as the
disk label is concerned: delete everything you find except of course
'c' (that should be only 'a' and 'b' on a fresh partition), and then
start adding OpenBSD partitions. All you'll need to worry about then are
sizes, not sector nos or other difficult stuff.

 I am reading the man, I swear! and the installation guide... I guess
 this is the result of many years of nice GUI applets... :(

And being in too much of a hurry. You want it All and you want it Now!

 I am afraid that the o'bsd partition should go to the first part of
 the table... mmmh...
 Otherwise I can do it the other way round... install obsd and then
 linux... in this direction I know my way...


BTW, expect to be able to mount Linux without problems (and r/w) from
OpenBSD, but not the other way around (that's my personal experience). I
use ext2/3 partitions for data shared across the two installs, works
perfectly. Apparently the Linux kernel can be compiled to mount an FFS
partition r/w, but I didn't try that, and I won't because I don't trust
it (as in: why is it not compiled in by default for the major distros?).

Mounting an FFS partition even r/o fails on my Fujitsu Siemens Lifebook

Re: snort -i pflog0 trouble

[Alexander Zatserkovniy]

Here the result of some my investigation:
1) There is function DecodePflog in snort-2.4.5/src/decode.c and it 
isn't actual for OpenBSD 4.0 pflog or it's just a mistake there.
2) In snort-2.4.5/src/decode.h describing pflog header structisn't 
actual for OpenBSD 4.0 pflog (just look at 'man pflog').

Patched version of snort  works in the both forms :
snort -Dqp -c /etc/snort/snort.conf -i pflog0
and
snort -r /var/log/pflog
, but I'm not still test it very hard.  Patch is attached.

Snort snap upto 1500 bytes from a IP-packet from
pflog0 (regulated by -P snort option). It looks like I don't need
pflogd at all for my needs (enaugh  snort -i pflog0 ).

Thanks!
Alexander Zatserkovniy

Stuart Henderson wrote:
 On 2006/12/06 22:18, Alexander Zatserkovniy wrote:
   
 Olaf Schreck wrote:
 
 I'm novice with OpenBSD and , may be
 snort -i pflog0
 a kind of bad practice? Or it known problem with OpenBSD 4.0 ?
 
 Won't work.  Although pflog does create pcap style output, it is not 
 data that would make sense to snort.
   

 the rest of the packets are still there, just prepended by a pflog header
 holding rule, interface, etc: see pflog(4). snort could be taught to strip
 it off, just like tcpdump knows how to.

 sys/net/if_pflog.h
 usr.sbin/tcpdump/print-pflog.c 

   
 I do it, but external interface - bge0 ( GigabitEthernet ) and there are
 three universities (GigEth) and Internet link (10Mbit/s). I can't parse
 GE on the host (just two Xeon 2.4GHz) but I can select Internet traffic
 via pf and want parse it. I use pflog data log (all).
 

 good idea, and with -current you can have multi pflog interfaces
 which you might find useful too.
#diff -Naur snort-2.4.5/src/decode.c snort-2.4.5-patched/src/decode.c
--- src-orig/decode.c   Sat Sep 17 08:06:35 2005
+++ src/decode.cThu Dec 14 15:39:51 2006
@@ -1204,7 +1204,7 @@
 p-pfh = (PflogHdr *) pkt;
 
 /*  get the network type - should only be AF_INET or AF_INET6 */
-switch(ntohs(p-pfh-af))
+switch((unsigned short)p-pfh-af)
 {
 case AF_INET:   /* IPv4 */
 DEBUG_WRAP(DebugMessage(DEBUG_DECODE, IP datagram size calculated 
to be %lu 
#diff -Naur snort-2.4.5/src/decode.h snort-2.4.5-patched/src/decode.h
--- src-orig/decode.h   Fri Sep  2 08:09:20 2005
+++ src/decode.hThu Dec 14 15:37:29 2006
@@ -724,7 +724,7 @@
 
 typedef struct _Pflog_hdr
 {
-int8_t  length;
+u_int8_t  length;
 sa_family_t af;
 u_int8_taction;
 u_int8_treason;
@@ -732,6 +732,10 @@
 charruleset[16];
 u_int32_t   rulenr;
 u_int32_t   subrulenr;
+uid_t   uid;
+pid_t   pid;
+uid_t   rule_uid;
+pid_t   rule_pid;
 u_int8_tdir;
 u_int8_tpad[3];
 } PflogHdr;

Re: help! 855 chipset resolution

[Vim Visual]

I've asked him several times now to post the exact problems he is having
using the port.  I'm not going to do so again.


hey, Dimitry... I _cannot_ post the problem because I do not have
o'bsd any more on this laptop (with the 855 chipset). That's why I do
not do it.

I cannot reproduce the error. I'm not *that* stupid.

The mistake was not to keep it in first instance. That was really silly from me.

Thanks a LOT to all of you. I have got several detailed answers and
will close my mouth until I have worked them out.

Sorry for overwhelming the mailing list. Now it's time for silence and work.

thanks again,

Pau

PS: I have complained to fujitsu siemens for these problems (specially
for the apm problem); let's see what they answer back