Re: micro atx motherboard recommendations?

[Nico Meijer]

Hi,

 Just looking for a recommendation on a good/cheap (but not necessarily
 fast) microatx motherboard.  Or possibly, one of those via
 motherboards, but needs to fit in an atx case.

You might also look into the Jetway J7F4 series mini-itx boards. Dual
onboard re nics.

HTH... Nico

Re: Routing on one NIC?

[rc]

Hi Guys,

I am fairly new to OpenBSD, so I just being learning from all of you.
This subject I can help out a bit.  VLANs was design to separate
broadcast domains, not be a security feature.  It is more of a side
effect and companies tout that it can be used for security.  Newer
codes are much better like Jason said.

Lachian, hopefully you have a manageable switch that can create VLANs.
You will have to create a VLAN for each of your subnets and add the
appropriate ports into those VLANs.  I would suggest that you use
something other than VLAN 1 (default VLAN) for your two VLANs.  On the
port that is going to connect to your OpenBSD box, the port will be a
member of both VLANs and turn on VLAN tagging (802.1Q) on the switch.
If it is a Cisco switch using dot1q not ISL.  You will have to turn on
IP Forwarding, configure the VLANs, and enable VLAN tagging on the
OpenBSD box.  Look up ifconfig(8).  Hopefully, this is only a
temporary solution.  Network traffic on that NIC will see twice as
much as normal, since it receives and sends it out the same NIC.

If you do not use VLANs, you will see broadcast coming from both of
your subnets.  If you bring up a sniffer, you should see them.  Also,
if the employees are clever they can just change their IP Address to
become part of the new network and by pass any firewalling you might
be doing on your OpenBSD box.  :(

bofh, I feel sorry for network.  Meet too many of those guys in the
networking field, but most of them never had any certs though.  I
really doubt that he had a CCNP unless he memorized some kind of brain
dump to get it.  People like that devalue the certs in our industry.

rc

On 3/25/07, J.C. Roberts [EMAIL PROTECTED] wrote:

On Sunday 25 March 2007 11:09, Jason Dixon wrote:
  (Hark! -I think I hear the infamous wooshing sound of a quickly
  approaching clue stick)

 I'm not sure of the date of this article, but it seems to cover all
 of your questions.

 http://www.cisco.com/en/US/products/hw/switches/ps708/
 products_white_paper09186a008013159f.shtml


Excellent! Thanks Jason.

  Since you know real world usage of VLANs far better than most (and
  certainly better than me), your insights on using OpenBSD to
  properly secure VLANs seem totally MetaBUGable!

 VLANs really aren't the black magic most folks seem to think.  Even
 Gillian Anderson has mastered the art of packet switching.

 http://www.routergod.com/gilliananderson/
 http://www.routergod.com/gilliananderson/part2.html

Now that was *really* unfair -you know I'm a sucker for redheads. :-)

jcr

Re: any site or doc about openbsd kernel configuration, info or tweak?

[Kian Mohageri]

On 3/25/07, Jay Jesus Amorin [EMAIL PROTECTED] wrote:

 any site or doc about openbsd kernel configuration, info or tweak
 aside from man page?

 thanks


http://www.openbsd.org/faq/faq5.html#Why

Q: 5.6 - Why do I need a custom kernel?
A: Actually, you probably don't.

That said,

http://www.openbsd.org/faq/faq5.html#Options

-- 
Kian Mohageri

Re: VPN

[Lars D . Noodén]

Is the VPN using IPsec or SSL?

-Lars
Lars NoodC)n ([EMAIL PROTECTED])
 Ensure access to your data now and in the future
 http://opendocumentfellowship.org/about_us/contribute

Re: VPN

[rc]

You need to provide more info.  Are you using NAT?  Are you running
IPSEC, PPTP, L2TP, or SSL based VPN?

On 3/26/07, Appie [EMAIL PROTECTED] wrote:

Hi,

Been using OpenBSD 4.0 w/ PF for a quite a while now, everything is running
perfectly smooth, our setup is to block all incoming packets while allow all
for outbound packets as long as connections are initiated from within our
local lan. The only problem we encountered was that we can't connect
simultaneous vpn connections to via windows XP vpn connectivity to our
branch server. We can connect one at a time. Is there something I need to
configure? We Tested it with another firewall setup (ipcop firewall) and it
works. Hoping for your help. Thanks much.
--
View this message in context: http://www.nabble.com/VPN-tf3465334.html#a9668331
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Routing on one NIC?

[Lachlan Gunn]

Lachian, hopefully you have a manageable switch that can create VLANs.
 You will have to create a VLAN for each of your subnets and add the
appropriate ports into those VLANs.  I would suggest that you use
something other than VLAN 1 (default VLAN) for your two VLANs.  On the
port that is going to connect to your OpenBSD box, the port will be a
member of both VLANs and turn on VLAN tagging (802.1Q) on the switch.
If it is a Cisco switch using dot1q not ISL.  You will have to turn on
IP Forwarding, configure the VLANs, and enable VLAN tagging on the
OpenBSD box.


I'm only a home user, I don't have anything fancy.  Thanks for your
advice, though.


Hopefully, this is only a temporary solution.  Network traffic on that NIC
will see twice as much as normal, since it receives and sends it out the
same NIC.


As I said before, I'm only a home user; I could probably use 10BASE-T
without having performance problems.


If you do not use VLANs, you will see broadcast coming from both of
your subnets.  If you bring up a sniffer, you should see them.  Also,
if the employees are clever they can just change their IP Address to
become part of the new network and by pass any firewalling you might
be doing on your OpenBSD box.  :(


This is only a NAT box.  It is not intended to provide any extra
security, I am only using this type of setup for convenience (ie.
anything to avoid using a consumer router interface without buying new
hardware) and educational purposes.

--
Thanks,
Lachlan

Re: Symbols in a .so

[Jason McIntyre]

On Mon, Mar 19, 2007 at 04:48:23AM +0100, Ingo Schwarze wrote:
 
 Don't blame the missing man page on the GNU.
 It is being built, but it is not being installed.
 
 
 Index: gnu/usr.bin/binutils/Makefile.bsd-wrapper
 ===
 RCS file: /cvs/src/gnu/usr.bin/binutils/Makefile.bsd-wrapper,v
 retrieving revision 1.67
 diff -u -r1.67 Makefile.bsd-wrapper
 --- gnu/usr.bin/binutils/Makefile.bsd-wrapper 6 Oct 2006 20:58:17 -   
 1.67
 +++ gnu/usr.bin/binutils/Makefile.bsd-wrapper 19 Mar 2007 03:34:43 -
 @@ -40,8 +40,8 @@
  SUBDIRS+=binutils ld gas
  CONF_SUBDIRS+=   binutils ld gas
  INST_SUBDIRS+=   binutils ld gas
 -MAN+=binutils/ar.1 binutils/ranlib.1 \
 - binutils/objcopy.1 \
 +MAN+=binutils/addr2line.1 binutils/ar.1 binutils/ranlib.1 \
 + binutils/objcopy.1 binutils/readelf.1 \
   binutils/strings.1 binutils/strip.1 \
   gas/doc/as.1 ld/ld.1
  .  else

it's all fixed now. thanks for the mail.
jmc

Re: Routing on one NIC?

[Siju George]

On 3/26/07, J.C. Roberts [EMAIL PROTECTED] wrote:

 http://www.routergod.com/gilliananderson/
 http://www.routergod.com/gilliananderson/part2.html

Now that was *really* unfair -you know I'm a sucker for redheads. :-)



I just went to that website.
Surprising to know know that most actress are tech savyys and nto networking :-)

Kind Regards

Siju

Re: VPN

[Siju George]

On 3/26/07, Appie [EMAIL PROTECTED] wrote:

Hi,

Been using OpenBSD 4.0 w/ PF for a quite a while now, everything is running
perfectly smooth, our setup is to block all incoming packets while allow all
for outbound packets as long as connections are initiated from within our
local lan. The only problem we encountered was that we can't connect
simultaneous vpn connections to via windows XP vpn connectivity to our
branch server. We can connect one at a time. Is there something I need to
configure? We Tested it with another firewall setup (ipcop firewall) and it
works. Hoping for your help. Thanks much.
--


Most probably you are sufferring from the PPTP problem with OpenBSD and PF.

This is an excerpt from his website

===
NAT relies on the uniqueness of the source and destination IP
addresses and ports of each TCP and UDP packet.

Whereas PPTP is a protocol over IP and it uses neither TCP nor UDP for
encapsulation. Instead it uses GRE which is a protocol over IP.

PPTP has a control phase in which it negotiates parameters over a
control connection. This happens over destination TCP port 1723. You
know that the destination TCP port of HTTP is 80. This is exactly like
that.

However, once the PPTP control negotiation is over, the VPN tunnel
packets go over GRE which has no concept of port numbers. So the only
way a router identifies different GRE tunnels are by looking at the
destination IP address. Since NAT hides multiple destination IP
addresses behind a single global IP address, the NAT device has very
good reason to get confused as to which private IP address a
particular GRE packet corresponds to.

PPTP fortunately has a concept of callid for multiplexing simultaneous
PPTP sessions. Even here we have a difficulty. Usually with TCP or IP,
the source and destination port numbers are sent in the header of each
packet.

Whereas in the case of PPTP, only the destination callid is present in
each packet. So incoming packets have the callid of the PPTP client
and outgoing PPTP packets have the callid of the PPTP server.

How does the NAT machine determine the internal IP address the callid
corresponds to?

To make things worse, as is to be expected from Micro$oft products,
the incoming callid is always 0 for PPTP clients. So this makes it
technically infeasibly to multiplex.
=

The last time i talked with him he said he is writing a PPTP proxy for
OpenBSD and PF just like the FTP-Proxy. So it should be available soon
:-)

Kind Regards

Siju

Re: micro atx motherboard recommendations?

[peter]

hi,

On Mon, Mar 26, 2007 at 09:02:56AM +0200, Nico Meijer wrote:
 
  Just looking for a recommendation on a good/cheap (but not necessarily
  fast) microatx motherboard.  Or possibly, one of those via
  motherboards, but needs to fit in an atx case.
 
 You might also look into the Jetway J7F4 series mini-itx boards. Dual
 onboard re nics.

i got me one of those. works like a charm. i'm still having a weird issue
with the nics not properly initializing somehow after a powerdown though.
maybe it needs a bios-upgrade, but as i don't usually powerdown (reboot is
ok) i haven't really investigated it.

-- 
CUL8R, Peter.

Logistique et equipement : Votre devis en 48 Heures

[Votre conseiller du Guide des Prestataires]

Ce message est au format HTML. Si vous ne parvenez pas ` le lire, cliquez
ici.

[IMAGE]

GESTION D'ENTREPRISE

MARKETING ET COMMUNICATION

NOUVELLES TECHNOLOGIES

GESTION DU PERSONNEL

LOGISTIQUE ET EQUIPEMENT

VEHICULES ET UTILITAIRES

BOUTIQUE EN LIGNE

[IMAGE]

[IMAGE]

A LA RECHERCHE D'UN PRESTATAIRE POUR VOTRE ALARME, VOTRE STOCKAGE, VOTRE
LOGISTIQUE, L'ENTRETIEN DE VOS BUREAUX, VOTRE VIDEO SURVEILLANCE ...

TROUVEZ LE BON PRESTATAIRE EN QUELQUES CLICS AVEC LE GUIDE DES
PRESTATAIRES.

POUR TOUS VOS PROJETS D'ACHATS, D'IQUIPEMENTS OU DE CHOIX STRATIGIQUES
DANS LA GESTION DE VOTRE ENTREPRISE.

NE PERDEZ PLUS DE TEMPS @ RECHERCHER UN PRESTATAIRE OU UN FOURNISSEUR !
RECEVEZ VOTRE DEVIS GRATUITEMENT EN 48 HEURES.
NOS CONSEILLERS SONT A VOTRE DISPOSITION DU LUNDI AU VENDREDI DE 09H A 18
H POUR VOUS RENSEIGNER ET VOUS ORIENTER DANS LE CHOIX DE VOS PRESTATAIRES.
PLUS DE 200 PRESTATAIRES SUR 55 SERVICES 24H/24 - 7J/7
VISITEZ LE SITE DU GUIDE DES PRESTATAIRES :
www.guidedesprestataires.com

Vous aussi, vous jtes ` la recherche de lead, de contacts de qualitis,
vous avez plus d'un an sur votre marchi alors rejoignez le Guide Des
Prestataires en vous inscrivant dhs maintenant. Pour en savoir plus
Cliquez IcI.

Notre catalogue complet sortira fin MARS 2007, inscrivez-vous dhs
maintenant pour le
recevoir en prioriti. Pour recevoir votre catalogue C liquez ICI.



Silectionnez parmi nos prestataires labellisis en cochant dans les
annonces ci-dessous



Protigez votre entreprise du soleil et des regards extirieurs avec des
stores sur mesures !
Stores vinitiens, stores ` bandes, stores bateau, stores de cloison. Pour
embellir et pour protiger vos locaux, vos magasins, vos commerces du
soleil n'hisitez pas ` faire appel ` notre prestataire TRIDECO.

Photocopieur, tilicopieur, Imprimante neufs et occasions. Econimisez sur
votre budget impression !
FRANCE BUREAUTIQUE concessionnaire des marques PANASONIC et SHARP vous
propose toute une gamme de copieurs, multifonctions, fax, imprimantes,
copieurs. Binificiez d'un pack de demarrage gratuit !

ACTIFLIP le spicialiste de l\'aminagement et de vos rangements.
Dicouvrez les rayonnages mitalliques pour l'aminagement de vos stocks,
vos magasins, vos entreptts ou vos salles d'archives. ACTIFLIP vous
propose des solutions adapties ` tous vos besoins.

PSORLOG le partenaire de votre logistique.
Vous souhaitez crier ou reprendre une entreprise, ou vous souhaitez
simplement un accompagnement pur le diveloppement de votre organisation
logistique! PSORLOG Consultants vous conseillent grbce ` une iquipe de
consultants expirimentis.

ALPES MICROGRAPHIE: Le spicialiste de la gestion de vos relations
Dicouvrez toutes les solutions pour la gestion de vos documents
informatiques de votre entreprise. Vous souhaitez disposer d'un
gestionnaire de tbches, d'une sauvegarde de logiciels, de messagerie
instantannie...

MONDIAL NET services le spicialiste de l\'entretien de vos locaux
MONDIAL NET services vous propose de s'occuper du nettoyage de vos
bureaux.

GUIDON EXPRESS, la solution ` vos courses rapides!
Au dipart du Val d'Oise, toutes vos livraisons ou transports express!

MA VISION : Le spicialiste de la vidio IP
Gardez un oeil sur votre activiti avec la Vidio sur IP

La solution idiale pour vos installations ilectriques
Recevez un devis gratuit sur tous vos travaux d'ilectriciti

MEDIA ALARME : la sicuriti de vos locaux
Pour la protection de vos locaux , faites confiance ` MEDIA ALARME !

Montez et dimontez votre stand en 5 minutes!
LOVART EXPO vous propose vos stands pliables, modulables et portables
pour vos expositions.

Montez votre tente d\'extirieur en 60 secondes chrono!
QUALYtent vous propose des tentes d'exposition pliables et portables



LES INCONTOURNABLES
Silectionnez parmi nos prestataires labellisis en cochant dans les
annonces ci-dessous



Vous disirez accider aux donnies de votre entreprise de n\'importe oy?
C\'est possible avec nos solutions NOMADE !
Etes-vous contraint de rester au bureau pour accider aux donnies de votre
entreprise? Pas du tout ! Que vous soyez en diplacement, chez vous ou en
dimonstration chez un client vous pouvez accider aux donnies de
l'entreprise 24 h/24 et 7j/7 en toute sicuriti.

La tili-assistance pour une meilleure gestion de votre parc informatique
Avec la multiplication des virus, des problhmes de messagerie, de Spam et
autres, vous jtes tous les jours confrontis ` divers problhmes
informatiques. La tili-assistance permet de prendre le contrtle de votre
parc informatique et de risoudre votre problhme en moins de 5 MN !

Economisez jusqu\'` 30 % sur l\'achat de votre vihicule
Choisissez votre vihicule et faites des iconomies sur les plus grandes
marques 

Re: micro atx motherboard recommendations?

[Nico Meijer]

Hi Peter,

 i got me one of those. works like a charm.

And it's quiet! :-) My Travla C147 with 2 of those babies makes way less
noise than my not-too-noisy workstation.

 i'm still having a weird
 issue with the nics not properly initializing somehow after a powerdown
 though. maybe it needs a bios-upgrade, but as i don't usually powerdown
 (reboot is ok) i haven't really investigated it.

I've had that issue, but have hardcoded the media options in hostname.re
and my problems have disappeared. See hostname.if(5).

I'm interested to see if that helps you aswell... Nico

Re: OpenNTPD reliability

[Luca Corti]

On Sun, 2007-03-25 at 14:26 -0700, Darrin Chandler wrote:
 Have you measured the time from ntpd startup until it logs `clock is now
 synced' in the log? On the same machine, I see anywhere from 10 minutes
 to about 1 hour. In normal cases, machines acting as time servers are
 always on. If it takes less than an hour for ntpd to sync, and then it's
 up for months at a time then there's little problem.

I left OpenNTPd running over the weekend and it wasn't synced this
morning. Today I've manually changed time 30 minutes in the past and
then run ntpd -s. Now It seems to report it is synced to the clients.


 If you want to turn on a computer and have it fetch some times from the
 network and report that it's synced... well, that's not accurate. A big,
 full-blown, complex thing like xntpd won't do it, either.
 If you don't really care what time it is, but want all your local
 computers to have the same time (or very, very close) there are other
 ways such as timed(8). Then you can have a computer using ntpd, and
 synced or not it can be a timed master for your network.

No, I'd like the clock to be synced and as accurate as possible. But not
being able to sync at all is quite bad.

Re: Request for links to BSD adminstration docs

[Ingo Schwarze]

J.C. Roberts wrote on Fri, Mar 23, 2007 at 06:36:34AM -0700:
 On Thursday 22 March 2007 22:08, Darrin Chandler wrote:
 On Fri, Mar 23, 2007 at 12:40:48AM -0400, Douglas Allan Tutty wrote:

 Do you run the rebuild niced?
 I don't. I want it to be done as soon as possible.

This makes very little sense to me.
Nice is not designed for wasting CPU cycles or something.
As long as no other processes are competing for cpu time,
nice does little harm, as far as i know.

 If you want your build done as soon as possible, then you would
 use nice(1) as root to have the build process run at a higher
 priority and hence receive more processing time.
 
   # nice -n -20 make build
 
 Is building at maximum priority, or even higher priority,
 a smart thing to do? -I don't know.

I think that's a bad idea.  Sometimes, you need to log in during
the build, checking top(1), systat(1), tail(1)ing logs and the like.
You want good interactive system response for that.

If you want to finish the build quickly, just refrain from
running bloatware like kde and openoffice and firefox and
thunderbird while you are about it, in particular in case
you are short on memory.  But do not try to make time longer
or generate additional cpu cycles or whatever.  It won't
work, not even by negative nice(1) incantations.

Besides, remember that the default settings tend to be sane
for standard applications.  Fiddling with random knobs is
not recommended unless you have very special needs.

Re: OpenBGPD MIB

[Henning Brauer]

* Pierre-Yves Ritschard [EMAIL PROTECTED] [2007-03-26 09:26]:
 This allows to write really simple programs (ask me for a skeleton),
 you'd just have to write more code to open /var/log/bgpd.sock and
 gather the information needed to answer for the OIDs.

that is the wrong approach.
consider bgpctl to be the API.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

x86 hardware for router system

[Rob Shepherd]

Dear OpenBSD users,

I plan to build a pair of OpenBSD firewalls to implement bandwidth limiting 
using bridged interfaces.

I'd like to find some hardware to perform this task. I can't find anything 
small enough to be cost effective.
So I'm looking into building my own system.

The main item I wish to get right is the system mainboard.

Has anybody used a D945GNTLKR Intel mainboard?
It has
(column 2 from) http://www.intel.com/design/motherbd/nt/nt_available.htm

Nevertheless, the spec says.

Gigabit (10/100/1000 Mbits/sec) LAN subsystem
using the Intel. 82573E/82573V/82574V Gigabit Ethernet Controller

I notice that the 4V variety is not listed in the em driver.
Could anybody clarify a possible issue with this. Does the 4V version have 
supported drivers?


Cheers

Rob

I also need to find a rack case to fit it all in

For the interested, here's my current ebuyer.co.uk shopping basket.   (for a 
pair BTW)

2 x Boxd945gntlkr Atx 945g Lga775 Ddr2 1066fsb Sata 10/100/1000 Lan Vga 
Audio Firewire Retail Boxed 122037  #62.49  #124.98
4 x Seagate 80GB Barracuda SATAII 7200RPM 8MB Cache - OEM   113697  #25.48  
#101.92
2 x Intel Celeron D 331 (2.66Ghz) Socket 775 FSB533 256kb Cache Emt 64 
Retail Boxed Processor   93116   #18.71  #37.42
2 x Speeze Quadroflow VII Socket 775 Processor Cooler   125065  #4.00   
#8.00
2 x Crucial 512MB 240-Pin DIMM Unbuffered DDR2 PC 4200 533MHz CL4   63615   
#20.42  #40.84

total GBP 379.96 ex case

--
Rob Shepherd BEng PhD | Computer and Network Engineer | CAST Ltd
Technium CAST | LL57 4HJ | http://www.techniumcast.com
[EMAIL PROTECTED] | 01248 675024 | 077988 72480

Re: OpenNTPD reliability

[Otto Moerbeek]

On Mon, 26 Mar 2007, Luca Corti wrote:

 On Sun, 2007-03-25 at 14:26 -0700, Darrin Chandler wrote:
  Have you measured the time from ntpd startup until it logs `clock is now
  synced' in the log? On the same machine, I see anywhere from 10 minutes
  to about 1 hour. In normal cases, machines acting as time servers are
  always on. If it takes less than an hour for ntpd to sync, and then it's
  up for months at a time then there's little problem.
 
 I left OpenNTPd running over the weekend and it wasn't synced this
 morning. Today I've manually changed time 30 minutes in the past and
 then run ntpd -s. Now It seems to report it is synced to the clients.
 
 
  If you want to turn on a computer and have it fetch some times from the
  network and report that it's synced... well, that's not accurate. A big,
  full-blown, complex thing like xntpd won't do it, either.
  If you don't really care what time it is, but want all your local
  computers to have the same time (or very, very close) there are other
  ways such as timed(8). Then you can have a computer using ntpd, and
  synced or not it can be a timed master for your network.
 
 No, I'd like the clock to be synced and as accurate as possible. But not
 being able to sync at all is quite bad.

Could you run put the clock ahead 5min and run again with ntpd -d,
(don't forget to kill any existing ntpd process), let it run for some
hours, saving the log. Then apply the diff below and repeat. Then send
me both logs. The diff fixes a potential problem that won't surface on
OpenBSD, but might on other systems. 

-Otto

Index: util.c
===
RCS file: /cvs/src/usr.sbin/ntpd/util.c,v
retrieving revision 1.12
diff -u -p -r1.12 util.c
--- util.c  27 Oct 2006 12:22:41 -  1.12
+++ util.c  26 Mar 2007 07:53:43 -
@@ -64,6 +64,10 @@ d_to_tv(double d, struct timeval *tv)
 {
tv-tv_sec = (long)d;
tv-tv_usec = (d - tv-tv_sec) * 100;
+   while (tv-tv_usec  0) {
+   tv-tv_usec += 100;
+   tv-tv_sec -= 1;
+   }
 }
 
 double

Re: Installing Skype

[Stuart Henderson]

On 2007/03/26 08:32, Adam Hawes wrote:
 so you can use any SIP-compatible soft or hard-phone.

if you know of a SIP soft-phone that's not designed-for-linux
unportable junk, I'd be interested.

Re: Where to download cvsup-16.1h-no_x11.tgz for amd64

[Stephen Liu]

Hi Christian,


Tks for your advice.

I did not receive your reply until searching following site and found
this thread;
http://article.gmane.org/gmane.os.openbsd.misc/120640
http://thread.gmane.org/gmane.os.openbsd.misc/120636/focus=120640

To my surprise I even did not receive my original mail posted.  

Just resubribed the list [EMAIL PROTECTED]  The reply was I having
subscribed this list.


 only i386 available.

 Exactly.

 If you want to mirror the repository, consider using cvsync.
 If you want to use checkout mode from a CVSup server, consider
 using csup.

Now I have csup running on OpenBSD 4.0
# which csup
/usr/local/bin/csup


man csup doesn't provide much info and examples running this package.
 Where can I find such info.  TIA

It further mentioned csup only supports checkout mode.  CVSUP
supports both CVS and checkout mode


B.R.
Stephen Liu

Send instant messages to your online friends http://uk.messenger.yahoo.com 

Re: adding routing obsd 3.9 running ospfd

[riwanlky]

Thanks all,

I had tested 4.0, and I don't have any problem.

Thanks and best regards,
Riwan

At 11:27 AM 3/22/2007 +0800, Lars Hansson wrote:

[EMAIL PROTECTED] wrote:

Hai All,
I have two OpenBSD 3.9 box, both running OSPFD default on OBSD 3.9.
I add static route on OBSD1 and found that the whole ospf rib disappear.
Any clue?


I had a somewhat similar problem with 3.9-RELEASE but for me it only 
happened with /32 routes. There was a patch for stable so you should try 
3.9-stable or better yet, 4.0.


---
Lars Hansson

php4 and php5

[riwanlky]

Dear All,

I don't know if this is the forum to ask such question:
How do I install php4 and php5 on the same OSBD 4.0?

Somehow I need both for some software that I am running.
I can do that with python2.4 and python2.3

Thanks and best regards,
Riwan

two default route

[riwanlky]

Hi All,

I am sorry if I didn't get the answer searching the mailing list
and man route.

I have two ISP, and wondering how should I setup the default
route to the ISP.

I am wondering if I have two gateway going to the same route can I use metric?
route add 0.0.0.0/0 192.168.6.1 10
route add 0.0.0.0/0 192.168.6.2 100

I can used OpenOSPFD or OpenBGPD.

Thanks and best regards,
Riwan

Re: Cardbus EHCI issues on Tecra 520CDT

[David Given]

Sorry to keep hassling people over this, but does anyone have *any* idea as
to
why my USB2 card's not working? The USB1 part of the card works fine, it's
just the EHCI controller won't start up.

Without USB2 support my box is largely useless due to having a very small
hard
disk, and while it's all working fine with USB1 I'm only getting 250kB/sec
off
it...

 OpenBSD 4.0-stable (GENERIC) #0: Sun Mar 18 17:09:20 GMT 2007
 [EMAIL PROTECTED]:/vol/src/sys/arch/i386/compile/GENERIC
 cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 166 MHz
 cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
 cpu0: F00F bug workaround installed
 real mem  = 50032640 (48860K)
 avail mem = 37126144 (36256K)
 using 636 buffers containing 2605056 bytes (2544K) of memory
 mainbus0 (root)
 bios0 at mainbus0: AT/286+(63) BIOS, date 11/01/99, BIOS32 rev. 0 @ 0xfe95b
 apm0 at bios0: Power Management spec V1.2
 apm0: battery life expectancy 98%
 apm0: AC on, battery charge high, charging, estimated 1:44 hours
 apm0: flags 20102 dobusy 0 doidle 1
 pcibios0 at bios0: rev 2.1 @ 0xf/0x1
 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf9980/80 (3 entries)
 pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x
 pcibios0: Warning, unable to fix up PCI interrupt routing
 pcibios0: PCI bus #21 is the last bus
 WARNING: can't reserve area for I/O APIC.
 WARNING: can't reserve area for Local APIC.
 bios0: ROM list: 0xe4000/0x9800
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 pchb0 at pci0 dev 0 function 0 Toshiba PCI rev 0x26
 cbb0 at pci0 dev 2 function 0 Toshiba ToPIC95B CardBus rev 0x07: irq 11
 cbb1 at pci0 dev 2 function 1 Toshiba ToPIC95B CardBus rev 0x07: irq 11
 vga1 at pci0 dev 4 function 0 Chips and Technologies 6 rev 0xc3
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 ohci0 at pci0 dev 11 function 0 NEC USB rev 0x01: irq 11, version 1.0
 usb0 at ohci0: USB revision 1.0
 uhub0 at usb0
 uhub0: NEC OHCI root hub, rev 1.00/1.00, addr 1
 uhub0: 2 ports with 2 removable, self powered
 cardslot0 at cbb0 slot 0 flags 0
 cardbus0 at cardslot0: bus 20 device 0 cacheline 0x0, lattimer 0x0
 pcmcia0 at cardslot0
 cardslot1 at cbb1 slot 1 flags 0
 cardbus1 at cardslot1: bus 21 device 0 cacheline 0x0, lattimer 0x0
 pcmcia1 at cardslot1
 isa0 at mainbus0
 isadma0 at isa0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 pms0 at pckbc0 (aux slot)
 pckbc0: using irq 12 for aux slot
 wsmouse0 at pms0 mux 0
 wdc0 at isa0 port 0x1f0/8 irq 14
 wd0 at wdc0 channel 0 drive 0: TOSHIBA MK2103MAV
 wd0: 16-sector PIO, LBA, 2067MB, 4233600 sectors
 wd0(wdc0:0:0): using BIOS timings
 sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01
 midi0 at sb0: SB MIDI UART
 audio0 at sb0
 opl0 at sb0: model OPL3
 midi1 at opl0: SB Yamaha OPL3
 wss0 at isa0 port 0x530/8 irq 10 drq 0: CS4231 or AD1845 (vers 4)
 audio1 at wss0
 pcppi0 at isa0 port 0x61
 midi2 at pcppi0: PC speaker
 spkr0 at pcppi0
 lpt0 at isa0 port 0x378/4 irq 7
 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
 biomask eb4d netmask eb4d ttymask fbcf
 pctr: 586-class performance counters and user-level cycle counter enabled
 rtw0 at cardbus0 dev 0 function 0 Realtek, Rtl8180 irq 11
 rtw0: ver RTL8180D, radio SA2400A, amp SA2411, address 00:50:fc:f1:82:14
 ohci1 at cardbus1 dev 0 function 0 Acer Labs M5237 USB rev 0x03: irq 11,
 version 1.0, legacy support
 usb1 at ohci1: USB revision 1.0
 uhub1 at usb1
 uhub1: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1
 uhub1: 2 ports with 2 removable, self powered
 ohci2 at cardbus1 dev 0 function 1 Acer Labs M5237 USB rev 0x03: irq 11,
 version 1.0, legacy support
 dkcsum: wd0 matches BIOS drive 0x80
 root on wd0a
 rootdev=0x0 rrootdev=0x300 rawdev=0x302
 usb2 at ohci2: USB revision 1.0
 uhub2 at usb2
 uhub2: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1
 uhub2: 2 ports with 2 removable, self powered
 ohci3 at cardbus1 dev 0 function 2 Acer Labs M5237 USB rev 0x03: irq 11,
 version 1.0, legacy support
 usb3 at ohci3: USB revision 1.0
 uhub3 at usb3
 uhub3: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1
 uhub3: 2 ports with 2 removable, self powered
 ehci0 at cardbus1 dev 0 function 3 Acer Labs M5239 USB2 rev 0x01: irq 11
 ehci0: reset timeout
 ehci0: init failed, error=13
 vendor Acer Labs, unknown product 0x5253 (class serial bus subclass
 Firewire, rev 0x00) at cardbus1 dev 0 function 4 not configured
 umass0 at uhub1 port 1 configuration 1 interface 0
 umass0: Cypress Semiconductor USB2.0 Storage Device, rev 2.00/0.01, addr 2
 umass0: using SCSI over Bulk-Only
 scsibus0 at umass0: 2 targets
 sd0 at scsibus0 targ 1 lun 0: Maxtor 6, Y080L0,  SCSI0 0/direct fixed
 sd0: 78167MB, 78167 cyl, 64 head, 32 sec, 512 bytes/sec, 160086528 sec
total

--
b

Re: two default route

[Stuart Henderson]

On 2007/03/26 20:33, riwanlky wrote:
 I have two ISP, and wondering how should I setup the default
 route to the ISP.

you need to give a lot more information about what you're trying
to do to get a useful answer.

how are you connecting to them?

how do they know how to route packets to you?

do you have your own address space or are you using your space
from your providers?

if you're using provider address space, will they allow you
to send them packets with somebody else's source address?

 I am wondering if I have two gateway going to the same route can I use 
 metric?
 route add 0.0.0.0/0 192.168.6.1 10
 route add 0.0.0.0/0 192.168.6.2 100

OpenBSD doesn't use metrics like this in the routing table,
you can do something similar with PF load-balancing or 'probability'

There is equal-cost multipath support but unless I missed
something, it's not supported by the routing daemons yet,
you can use it with static routes using -mpath, see route(8)

 I can used OpenOSPFD or OpenBGPD.

will your ISPs listen to your announcements?

realistically, I think if you are going to be able to handle
running BGP with your providers, you probably wouldn't be asking
this question.

Re: two default route

[Claudio Jeker]

On Mon, Mar 26, 2007 at 08:33:25PM +0700, riwanlky wrote:
 Hi All,
 
 I am sorry if I didn't get the answer searching the mailing list
 and man route.
 
 I have two ISP, and wondering how should I setup the default
 route to the ISP.
 
 I am wondering if I have two gateway going to the same route can I use 
 metric?
 route add 0.0.0.0/0 192.168.6.1 10
 route add 0.0.0.0/0 192.168.6.2 100
 

The kernel routing table is strictly equal cost. So if you add two default
routes the multipath code will try to balance it 50/50.

 I can used OpenOSPFD or OpenBGPD.
 

Neither ospfd nor bgpd have multipath support (yet). I started with ospfd
support but it is far from finished.

-- 
:wq Claudio

Problem on installing new packages

[satimis]

Hi folks,

I tried the whole day without a breakthrough.

following is only one of the examples tried on my test,

I suspect whether the packages on following site are suitable for my
application.  Follow is only an example of the tests I tried.


# uname -a
OpenBSD home.openbsd101 4.0 GENERIC#690 amd64


# pkg_add -v
ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz
Can't find
ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz
/usr/sbin/pkg_add:
ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz:Fatal
error


# export PKG_PATH=ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/
(no complaint)
# pkg_add -v nano-1.2.5tgz
Can't find nano-1.2.5.tgz
/usr/sbin/pkg_add: nano-1.2.5.tgz:Fatal error


# export
PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/
(no complaint)
# pkg_add -v nano-1.2.5.tgz
same result


nano-1.2.5.tgz is on;
ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/


Pls help.  TIA



B.R.
Stephen Liu
-- 
View this message in context: 
http://www.nabble.com/Problem-on-installing-new-packages-tf3467396.html#a9674493
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Problem on installing new packages

[Stuart Henderson]

On 2007/03/26 07:34, satimis wrote:
 I suspect whether the packages on following site are suitable for my
 application.  Follow is only an example of the tests I tried.

Is your network working, can you connect to the site with ftp?

[EMAIL PROTECTED]:29$ ftp 
ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/
Connected to poledra.it.net.au.
220 ProFTPD 1.2.10 Server (Informed Technology FTP Server) [203.8.116.111]
331 Anonymous login ok, send your complete email address as your password.
230-
230-INFORMED TECHNOLOGY FTP SERVER
...
...
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Type set to I
250 CWD command successful
ftp ls nano*
150 Opening ASCII mode data connection for file list
-r--r--r--   1 ftpadm   staff  260283 Sep 23  2006 nano-1.2.5-slang.tgz
-r--r--r--   1 ftpadm   staff  261388 Sep 23  2006 nano-1.2.5.tgz
226 Transfer complete.
ftp bye
221 Goodbye.

Re: Where to download cvsup-16.1h-no_x11.tgz for amd64

[Christian Weisgerber]

Stephen Liu [EMAIL PROTECTED] wrote:

 man csup doesn't provide much info and examples running this package.
  Where can I find such info.  TIA

csup purposely uses the same configuration syntax as cvsup.  See
http://www.openbsd.org/cvsup.html

 It further mentioned csup only supports checkout mode.  CVSUP
 supports both CVS and checkout mode

Yes.

-- 
Christian naddy Weisgerber  [EMAIL PROTECTED]

Re: Problem on installing new packages

[Stephen Liu]

Hi Stuart,
 
 Is your network working, can you connect to the site with ftp?

Yes, I can ping yahoo.com/google.com, etc. without problem

 
 [EMAIL PROTECTED]:29$ ftp
 ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/

# ftp ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/

Connected to poledra.it.net.au
220 ProFTPD 1.2.10 Server (Informed Technoloty FTP Server)
[203.8.116.111]
331 Anonymous loginod, send your completed email address as your
password

...
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files
200 Type set to I
250 CWD command successful
ftp exit
221 Goodbye


B.R.
Stephen Liu

Send instant messages to your online friends http://uk.messenger.yahoo.com 

Re: iwi0: XXX too many rates (count=13, last=108)

[Jason Beaudoin]

can anyone please give me some knowledge on this:

# dmesg

iwi0: XXX too many rates (count=13, last=108)



snip

I've had nothing but problems with my iwi card:

iwi0 at pci2 dev 3 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, addr
ess 00:0e:35:53:ed:56
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0


When I've got the card enabled, and are around ap's that have
auth/encryption, the card freaks out. dmesg is slowly filled with
authentication and firmware errors.

I ended simply picking up an orinoco pcmcia card for cheap.. uses the
madwifi driver in linux, wi in BSD..works wonderfully.


Cheers,

Jason

Re: Problem on installing new packages

[Stuart Henderson]

On 2007/03/26 23:14, Stephen Liu wrote:
 250 CWD command successful
 ftp exit
 221 Goodbye

try 'ls' too; it will open a data channel. certain firewall/nat-related
problems will allow the command channel to open but not the data channel.

(in general, there doesn't seem to be anything wrong with the site,
I tried installing nano from it on an amd64 box and it worked ok)

Re: Problem on installing new packages

[Lawrence Teo]

Stephen Liu wrote:

Hi Stuart,
 

Is your network working, can you connect to the site with ftp?


Yes, I can ping yahoo.com/google.com, etc. without problem

 

[EMAIL PROTECTED]:29$ ftp
ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/


# ftp ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/

Connected to poledra.it.net.au
220 ProFTPD 1.2.10 Server (Informed Technoloty FTP Server)
[203.8.116.111]
331 Anonymous loginod, send your completed email address as your
password

...
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files
200 Type set to I
250 CWD command successful
ftp exit
221 Goodbye


B.R.
Stephen Liu


This is very weird. Try putting the PKG_PATH on the same line as
the pkg_add command:

PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64 \
pkg_add -v nano-1.2.5.tgz

Lawrence


--
Lawrence Teo
Calyptix Security
http://www.calyptix.com/

Re: Problem on installing new packages

[Joachim Schipper]

On Mon, Mar 26, 2007 at 07:34:27AM -0700, satimis wrote:
 Hi folks,
 
 I tried the whole day without a breakthrough.
 
 following is only one of the examples tried on my test,
 
 I suspect whether the packages on following site are suitable for my
 application.  Follow is only an example of the tests I tried.
 
 
 # uname -a
 OpenBSD home.openbsd101 4.0 GENERIC#690 amd64
 
 
 # pkg_add -v
 ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz
 Can't find
 ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz
 /usr/sbin/pkg_add:
 ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz:Fatal
 error
 
 
 # export PKG_PATH=ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/
   ^^^
That isn't going to work (add ftp://).

 (no complaint)
 # pkg_add -v nano-1.2.5tgz
 Can't find nano-1.2.5.tgz
 /usr/sbin/pkg_add: nano-1.2.5.tgz:Fatal error
 
 
 # export
 PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/
 (no complaint)

Did you perhaps forget to add ftp:// again? That would give the error
you noted...

 # pkg_add -v nano-1.2.5.tgz
 same result
 
 
 nano-1.2.5.tgz is on;
 ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/

Joachim

Re: Problem on installing new packages

[Jeff Quast]

On 3/26/07, Lawrence Teo [EMAIL PROTECTED] wrote:


PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64 \
pkg_add -v nano-1.2.5.tgz



Make sure to add a trailing /

PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ \
pkg_add -v nano-1.2.5.tgz

This has gotten me more than once, documented in pkg_add(1)

Since a few URL schemes contain colons, pkg_add relies on each
directory ending in a / to split the path correctly.

Re: Problem on installing new packages

[Stephen Liu]

Hi Stuart,

 On 2007/03/26 23:14, Stephen Liu wrote:
  250 CWD command successful
  ftp exit
  221 Goodbye
 
 try 'ls' too; it will open a data channel. certain
 firewall/nat-related
 problems will allow the command channel to open but not the data
 channel.

# ls
.Xauthority .cshrc .klogin .login .profile .ssh

Other noted wit tks.


B.R.
Stephen

Send instant messages to your online friends http://uk.messenger.yahoo.com 

Trouble assigning traffic to queue

[Wade, Daniel]

The traffic matches my rule as seen by 1750 packets for rule 4.  But
these never make it into the  game_out queue.
What's going on here.  This is on the 3-22 i386 snapshot.


# pfctl -vsr
block drop in log on fxp0 all
  [ Evaluations: 6914  Packets: 5 Bytes: 890 States:
0 ]
  [ Inserted: uid 0 pid 22423 ]
pass out from (fxp0) to any flags S/SA keep state queue(std_out,
ack_out)
  [ Evaluations: 6914  Packets: 3583  Bytes: 662059  States:
1714  ]
  [ Inserted: uid 0 pid 22423 ]
pass in on fxp1 inet from 10.10.77.0/24 to any flags S/SA keep state
queue(std_out, ack_out)
  [ Evaluations: 6914  Packets: 1833  Bytes: 341339  States:
874   ]
  [ Inserted: uid 0 pid 22423 ]
pass in log quick on fxp1 inet proto udp from 10.10.77.0/24 to any port
= 27960 keep state queue game_out
  [ Evaluations: 3828  Packets: 1750  Bytes: 320720  States:
840   ]
  [ Inserted: uid 0 pid 22423 ]
pass in log on fxp0 inet proto tcp from any to 10.10.77.5 port = 26167
flags S/SA keep state queue(std_out, ack_out)
  [ Evaluations: 4748  Packets: 19Bytes: 1775States:
2 ]
  [ Inserted: uid 0 pid 22423 ]
# pfctl -vsq
queue std_out on fxp0 qlimit 125 priq( default )
  [ pkts:   5123  bytes:4107499  dropped pkts:  0 bytes:
0 ]
  [ qlength:  10/125 ]
queue game_out on fxp0 priority 8
  [ pkts:  0  bytes:  0  dropped pkts:  0 bytes:
0 ]
  [ qlength:   0/ 50 ]
queue ack_out on fxp0 priority 7
  [ pkts:308  bytes:  16848  dropped pkts:  0 bytes:
0 ]
  [ qlength:   0/ 50 ]

Are Atheros AR5005G Wifi Network Adapter and Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller supported?

[Tito Mari Francis Escaño]

Greetings!
I need to know if Atheros AR5005G Wifi Network Adapter and Marvell
Yukon 88E8038 PCI-E Fast Ethernet Controller are already supported in
OBSD 4.0 or will be in the next release. I bought me a laptop built-in
with these and I'd love to have OpenBSD on it rather than any other
OS.
Thanks!

SMP causing uvm_fault

[Jon Steel]

Hi

Im having a very similar problem as the one reported in Bug Query 5374.
Im trying to solve the problem but Im finding it very hard to even get
started. Is there somewhere besides the code that I can start to try and
understand how SMP is being handled?

http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5374

I can usually duplicate the crash by running the follwing script several
times concurrently.

#!/usr/bin/perl

system(tcpdump -i em1 -w /var/crashTest1.pcap);
system(tcpdump -i em1 -w /var/crashTest2.pcap);
system(tcpdump -i em1 -w /var/crashTest3.pcap);
system(tcpdump -i em1 -w /var/crashTest4.pcap);
system(tcpdump -i em1 -w /var/crashTest5.pcap);
system(tcpdump -i em1 -w /var/crashTest6.pcap);
system(tcpdump -i em1 -w /var/crashTest7.pcap);

while (1) {
system(nmap 192.168.66.90);
}

Then after about an hour, when you try and reboot, I get an error:

uvm_fault(0x..., 0x..., 0, 1) - e
kernel: page fault trap, code = 0
stopped at pmap_page_remove_86+0x114:
0(%eax, %edx, 4), %eax

The trace output is:

pmap_page_remove_86(d0d31420,c0,e9b57e2c,d04adeb9,e99f) at 
pmap_page_remove_86+0x114
uvm_vnp_terminate(d8034e04,0,0,0,0,14,0,d7e95004) at uvm_vnpterminate+0x31f
uvm_attach(d8034e04,0,2,0,d7f38378) at uvn_attach+0x2b5
uvm_unmap_detach(d7e959a4,0,d7f3841c,1) at uvm_unmap_detach+-x62
uvmspace_free(d7f38378,6,d08120e0) at uvmspace_free+0xfd
uvm_exit(d7fbb868,14,8,286) at uvm_exit+0x19
reaper(d80df430) at reaper+0x90
Bad frame pointer: 0xd0913eb8


A couple times the error has also occured on its own without saying
'reboot' when running a ton of nmaps and tcpdumps at the same time.

This trace is remarkably similar to the one in Bug Query 5374.
Additionally I am using the same processor as he is. There is an unkown
core statement in my dmesg but both cores seem to be working correctly.
Here is my dmesg:

OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class)
2.13 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16
real mem  = 2145869824 (2095576K)
avail mem = 1949290496 (1903604K)
using 4256 buffers containing 107397120 bytes (104880K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(e6) BIOS, date 10/30/06, BIOS32 rev. 0 @
0xfd470, SMB IOS rev. 2.51 @ 0x7feea000 (33 entries)
bios0: Supermicro PDSMi
pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90
pcibios0: PCI BIOS has 20 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801GB LPC rev 0x00)
pcibios0: PCI bus #15 is the last bus
bios0: ROM list: 0xc/0xb000 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x1000
ipmi at mainbus0 not configured
mainbus0: Intel MP Specification (Version 1.4) (INTELMUKILTEO)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: unknown Core FSB_FREQ value 0 (0x4208)
cpu0: apic clock running at 266 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class)
2.13 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16
mainbus0: bus 0 is type PCI
mainbus0: bus 9 is type PCI
mainbus0: bus 10 is type PCI
mainbus0: bus 13 is type PCI
mainbus0: bus 14 is type PCI
mainbus0: bus 15 is type PCI
mainbus0: bus 16 is type ISA
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 3 pa 0xfec1, version 20, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0xc0
ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0xc0
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01
pci2 at ppb1 bus 9
ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci3 at ppb2 bus 10
em0 at pci3 dev 1 function 0 Intel PRO/1000GT (82541GI) rev 0x05: apic
3 int 0  (irq 11), address 00:0e:0c:b6:80:9e
Intel IOxAPIC rev 0x09 at pci2 dev 0 function 1 not configured
ppb3 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01
pci4 at ppb3 bus 13
em1 at pci4 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: apic
2 int 16  (irq 11), address 00:30:48:8a:ca:f8
ppb4 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01
pci5 at ppb4 bus 14
em2 at pci5 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: apic
2 int 17  (irq 11), address 00:30:48:8a:ca:f9
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int
23 (irq  10)
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int
19 (irq  11)
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, 

Re: Problem on installing new packages

[Will Maier]

On Mon, Mar 26, 2007 at 11:31:56PM +0800, Stephen Liu wrote:
  On 2007/03/26 23:14, Stephen Liu wrote:
   250 CWD command successful
   ftp exit
   221 Goodbye
  
  try 'ls' too; it will open a data channel. certain
  firewall/nat-related problems will allow the command channel to
  open but not the data channel.
 
 # ls
 .Xauthority .cshrc .klogin .login .profile .ssh
 
 Other noted wit tks.

Is that in a shell? or during your FTP session? Simply running
/bin/ls in your shell isn't helpful. Stuart wanted you to use FTP's
data channel to make sure that you could fully communicate with the
server. I doubt he cares what files you have in your home directory.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: maxcluster errors

[mail-lists]

Hello again,

Unfortunately the 'quick' keyword in my pf.conf file didn't seem to fix 
the issue.


The situation lies as such:

I can increase mbufs indefinitely (until I run out of memory I suppose). 
When I disable pf (pfctl -d) the mbufs are immediately released and the 
usage count drops to ~ 200. As soon as I enable pf the usage count goes 
up again until it finally maxes out.


This is the hardware I'm using:

soekris net4801
3x sis ethernet
1x ral wireless ethernet.


Does anyone know of any reason that this might be happening? I was 
suspecting that the soekris isn't fast enough to handle the packet 
filtering but that seems a little unlikely. There are about 100 rules 
all with keep state and all using the quick keyword.



I can post a copy of my pf.conf if anyone thinks that might help

Re: Are Atheros AR5005G Wifi Network Adapter and Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller supported?

[Jason Beaudoin]

On 3/26/07, Tito Mari Francis Escaqo [EMAIL PROTECTED] wrote:

Greetings!
I need to know if Atheros AR5005G Wifi Network Adapter and Marvell
Yukon 88E8038 PCI-E Fast Ethernet Controller are already supported in
OBSD 4.0 or will be in the next release.




Have you checked the hardware compatibility page?

http://www.openbsd.org/i386.html#hardware


I bought me a laptop built-in

with these and I'd love to have OpenBSD on it rather than any other
OS.


::yay::

sshd.config and AllowUsers

[Jerome Santos]

I have a few seperate users on my server, one user for which I want to
dissallow ssh login. Now I've read the man page for sshd and I've read a lot
of the documentation on this, but I'm still not clear one one point. By
default, /etc/ssh/sshd.config shows all entries are commented out. I want to
add something like this:

AllowUsers user1, user2, user3

I added that in but also with an # in front like all the other entries. Now
I find that I can still ssh to the box with a user acct that I didn't
include in the entry. Should it be in there without the #? And if so, do I
also then have to uncomment all the other entries??

Thanks

Re: Problem on installing new packages-Firefox found

[Stephen Liu]

Hi folks,

Re: firefox.

I found it which is named;
mozilla-firefox-1.5.0.5.tgz


B.R.
Stephen



Send instant messages to your online friends http://uk.messenger.yahoo.com 

Re: Problem on installing new packages

[Stephen Liu]

Hi Jeff and Lawrence,

Your advice worked here.  Tks.

 On 3/26/07, Lawrence Teo [EMAIL PROTECTED] wrote:
 
  PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64 \
  pkg_add -v nano-1.2.5.tgz
 
 
 Make sure to add a trailing /
 
 PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ \
 pkg_add -v nano-1.2.5.tgz

# PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ \
# pkg_add -v nano-1.2.5.tgz
parsing nano-1.2.5
..
.
nano-1.2.5:parsing expat-2.0.0
nano-1.2.5:expat-2.0.0: complete
nano-1.2.5:gettext-0.14.5p1: complete
nano-1.2.5: complete

looks like groupinstall with export omitted

# which nano
/usr/local/bin/nano


Other noted with tks.


How to install Firefox?  

On;
ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/

only those packages found such as;
firefox-i18n-ar-1.5.0.10p0.tgz
firefox-i18n-ar-1.5.0.5.tgz 
firefox-i18n-ar-1.5.0.7.tgz 
firefox-i18n-ar-1.5.0.8.tgz 
firefox-i18n-ar-1.5.0.9.tgz 
firefox-i18n-ar-1.5.0.9p0.tgz 
firefox-i18n-bg-1.5.0.10p0.tgz  
firefox-i18n-bg-1.5.0.5.tgz 
firefox-i18n-bg-1.5.0.7.tgz 
firefox-i18n-bg-1.5.0.8.tgz 
firefox-i18n-bg-1.5.0.9.tgz 
firefox-i18n-bg-1.5.0.9p0.tgz 
firefox-i18n-ca-1.5.0.10p0.tgz
...
etc.


Tks


B.R.
Stephen

Send instant messages to your online friends http://uk.messenger.yahoo.com 

Re: sshd.config and AllowUsers

[openbsd misc]

Hello,

everything is commented because these are the default settings. If you want to
change a setting you'll have to uncomment and change it.


Regards
  Hagen Volpers

-Urspr|ngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von
Jerome Santos
Gesendet: Montag, 26. Mdrz 2007 19:33
An: misc@openbsd.org
Betreff: sshd.config and AllowUsers

I have a few seperate users on my server, one user for which I want to
dissallow ssh login. Now I've read the man page for sshd and I've read a lot
of the documentation on this, but I'm still not clear one one point. By
default, /etc/ssh/sshd.config shows all entries are commented out. I want to
add something like this:

AllowUsers user1, user2, user3

I added that in but also with an # in front like all the other entries. Now
I find that I can still ssh to the box with a user acct that I didn't
include in the entry. Should it be in there without the #? And if so, do I
also then have to uncomment all the other entries??

Thanks

Re: sshd.config and AllowUsers

[Tim Kuhlman]

On Monday 26 March 2007 11:33 am, Jerome Santos wrote:
 I have a few seperate users on my server, one user for which I want to
 dissallow ssh login. Now I've read the man page for sshd and I've read a
 lot of the documentation on this, but I'm still not clear one one point. By
 default, /etc/ssh/sshd.config shows all entries are commented out. I want
 to add something like this:

 AllowUsers user1, user2, user3

 I added that in but also with an # in front like all the other entries. Now
 I find that I can still ssh to the box with a user acct that I didn't
 include in the entry. Should it be in there without the #? And if so, do I
 also then have to uncomment all the other entries??

man sshd_config
In the first paragraph you will find the line Lines starting with `#' and 
empty lines are interpreted as comments. The default config file is full of 
examples that are commented out which are the lines you see.

-- 
Tim Kuhlman
Network Administrator
ColoradoVnet.com

Re: Problem on installing new packages

[Stephen Liu]

 # ls.Xauthority .cshrc .klogin .login .profile .ssh  
 Stuart meant to try ls within ftp session, not from the
commandprompt.  

ftp ls
.
.
-r--r--r--  1 ftpadm staff  49650 Sep 23 2006 zsh-zftp-4.2.6.tgz
226 Transfer complete


ftp ls | more
229 Entering Extended Passive Mode (|||41410|)
150 Opening ASCII mode data connection for file list
226 Transfer complete.


ftp ls | less
229 Entering Extended Passive Mode (|||33305|)
150 Opening ASCII mode data connection for file list
226 Transfer complete.
ftp


Stephen




Send instant messages to your online friends http://uk.messenger.yahoo.com 

code analysis tools

[Gregg Reynolds]

Hi,

I wonder if the OpenBSD developers have a favored set of tools for C
code analysis.  E.g. the kind of stuff listed at
http://www.spinroot.com/static/.  Esp. stuff like
http://spinroot.com/uno/.  Are such tools used in OpenBSD code audits?

Also, what about automatic code documentation tools (for lack of a
better term)?  This kind of stuff:
http://en.wikipedia.org/wiki/Comparison_of_documentation_generators.

I'm interested because I think OpenBSD is a terrific development
platform, number one, and number two, I'd like to follow the code
development practices of OpenBSD.

Thanks,

Gregg

Re: sshd.config and AllowUsers

[L. V. Lammert]

At 01:33 PM 3/26/2007 -0400, Jerome Santos wrote:

I have a few seperate users on my server, one user for which I want to
dissallow ssh login. Now I've read the man page for sshd and I've read a lot
of the documentation on this, but I'm still not clear one one point. By
default, /etc/ssh/sshd.config shows all entries are commented out. I want to
add something like this:

AllowUsers user1, user2, user3

I added that in but also with an # in front like all the other entries. Now
I find that I can still ssh to the box with a user acct that I didn't
include in the entry. Should it be in there without the #? And if so, do I
also then have to uncomment all the other entries??

Thanks


# is a comment line - they are all examples for you to see.

Lee

Re: sshd.config and AllowUsers

[Will Maier]

On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote:
 I want to add something like this:
 
 AllowUsers user1, user2, user3
 
 I added that in but also with an # in front like all the other
 entries. Now I find that I can still ssh to the box with a user
 acct that I didn't include in the entry. Should it be in there
 without the #? 

Yes. sshd_config(5)

 And if so, do I also then have to uncomment all the other
 entries??

No, they're the default settings.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: sshd.config and AllowUsers

[Serge Basterot]

Hello,

On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote:

[...]

 I want to add something like this:
 
 AllowUsers user1, user2, user3

AllowUsers is a list of user name patterns, separated by _spaces_.
Also take a look at the AllowGroups parameter.

-- 
Serge

interface order with multiple cards of same type

[Aaron Martinez]

apologies if this has been covered in the past, I searched on this and 
couldn't find anything, although i'm sure it's the wording i'm using.


My question is.  I have OBSD 4.0 running on an Asus p3b-F with 6 pci 
slots that i'm wanting to use as a router/firewall.  I have 5 fxp 
interfaces in the machine inserted starting from the bottom pci slot 
up.  When the machine boots up it finds them just fine, but I never know 
what order the cards are in.  (i.e. fxp0 was in the third  slot as 
opposed to the first or last slot populated with a card, as i would have 
expected).  Is there a way to hard code this into the hostname.fxpN 
file, as to assign the number of the interface based on the hardware 
address as opposed to the ordering of the cards in the machine?  I 
looked in the man page for hostname.if but saw no way mentioned.


A second related question, in the above example, how exactly does OBSD 
choose the interface number?  I was under the impression it used the 
slot to assign the interface number which is why i was so surprised to 
see that fxp0 the third slot, fxp2 was in the top (occupied) slot and 
fxp4 was in the bottom.   I have all of the pci slots set to auto in the 
bios if that makes any difference.


Thanks in advance.

Aaron

Re: maxcluster errors

[rc]

On 3/26/07, mail-lists [EMAIL PROTECTED] wrote:

Hello again,

Unfortunately the 'quick' keyword in my pf.conf file didn't seem to fix
the issue.

The situation lies as such:

I can increase mbufs indefinitely (until I run out of memory I suppose).
When I disable pf (pfctl -d) the mbufs are immediately released and the
usage count drops to ~ 200. As soon as I enable pf the usage count goes
up again until it finally maxes out.

This is the hardware I'm using:

soekris net4801
3x sis ethernet
1x ral wireless ethernet.


Does anyone know of any reason that this might be happening? I was
suspecting that the soekris isn't fast enough to handle the packet
filtering but that seems a little unlikely. There are about 100 rules
all with keep state and all using the quick keyword.


I can post a copy of my pf.conf if anyone thinks that might help



It might help to see your pf.conf, a netstat -m output, log file,
and dmesg.  Are you still running an aggressive ping test?  I'm not
the most qualified, but I'll be happy to look to see if I can see
anything wrong.

rc

iwi0: XXX too many rates (count=13, last=108)

[Jay Jesus Amorin]

hi gurus,

can anyone please give me some knowledge on this:

# dmesg

iwi0: XXX too many rates (count=13, last=108)


has this something to do with my iwi0 configuration?

/etc/hostname.iwi0

dhcp inet NONE NONE description wifi nwid mathwifi_02

btw. im running openbsd 4.1-current


thanks


--jay--

FUSE support (File-system in USErspace)

[Julien TOUCHE]

is there any work on porting FUSE ?

it seems support increase in Free/Net
http://fuse4bsd.creo.hu/(ports)
http://www.netbsd.org/Changes/#puffs+refuse (-current)

would allow a lot of filesystem without kernel-dangerous code, no ?
(as macfuse states: sshfs, ntfs-3g, ftpfs, wdfs, cryptofs, encfs,
beaglefs, )

thanks
Regards


Julien

Re: code analysis tools

[Gregg Reynolds]

Clarification:  I'm mostly interested in source browser tools (e.g.
cscope, e/t/gtags, global, etc.) or whatever can help a developer
understand unfamiliar source code in the shortest possible time.  Is
there a preferred tool among OpenBSD developers?

On 3/26/07, Gregg Reynolds [EMAIL PROTECTED] wrote:

Hi,

I wonder if the OpenBSD developers have a favored set of tools for C
code analysis.  E.g. the kind of stuff listed at
http://www.spinroot.com/static/.  Esp. stuff like
http://spinroot.com/uno/.  Are such tools used in OpenBSD code audits?

Also, what about automatic code documentation tools (for lack of a
better term)?  This kind of stuff:
http://en.wikipedia.org/wiki/Comparison_of_documentation_generators.

I'm interested because I think OpenBSD is a terrific development
platform, number one, and number two, I'd like to follow the code
development practices of OpenBSD.

Thanks,

Gregg

Re: code analysis tools

[Tobias Ulmer]

On Mon, Mar 26, 2007 at 01:27:46PM -0500, Gregg Reynolds wrote:
 Hi,
 
 I wonder if the OpenBSD developers have a favored set of tools for C
 code analysis.  E.g. the kind of stuff listed at
 http://www.spinroot.com/static/.  Esp. stuff like
 http://spinroot.com/uno/.  Are such tools used in OpenBSD code audits?

lint(1), gcc-local(1)

 
 Also, what about automatic code documentation tools (for lack of a
 better term)?  This kind of stuff:
 http://en.wikipedia.org/wiki/Comparison_of_documentation_generators.

no

 
 I'm interested because I think OpenBSD is a terrific development
 platform, number one, and number two, I'd like to follow the code
 development practices of OpenBSD.

use brain and then pick one of these: ed(1), vi(1), mg(1), vim(1) or the
emacs operating system (be sure to enable vi mode for a good editor).
style(7) may be worth reading...

 
 Thanks,
 
 Gregg

encrypted svnd and disk throughput

[Jacob Yocom-Piatt]

have done a bit of testing with bonnie++ on encrypted svnd devices and 
obtained some, IMO, surprising results:


# /usr/local/sbin/bonnie++ -d /b/bonnie++ -u 1005:2000
Using uid:1005, gid:2000.
Writing with putc()...done
Writing intelligently...done
Rewriting...done
Reading with getc()...done
Reading intelligently...done
start 'em...done...done...done...
Create files in sequential order...done.
Stat files in sequential order...done.
Delete files in sequential order...done.
Create files in random order...done.
Stat files in random order...done.
Delete files in random order...done.
Version  1.03   --Sequential Output-- --Sequential Input- 
--Random-
   -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- 
--Seeks--
MachineSize K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP  
/sec %CP
databank.x 300M 18877  91 22440  71 11985  77 20317  75 30745  68 
197.0   6
   --Sequential Create-- Random 
Create
   -Create-- --Read--- -Delete-- -Create-- --Read--- 
-Delete--
 files  /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP  
/sec %CP
16   780  95 + +++  1454  95   776  94 + +++  
1310  88

databank.x,300M,18877,91,22440,71,11985,77,20317,75,30745,68,197.0,6,16,780,95,+,+++,1454,95,776,94,+,+++,1310,88

# /usr/local/sbin/bonnie++ -d /d/bonnie++ -u 1005:2000
Using uid:1005, gid:2000.
Writing with putc()...done
Writing intelligently...done
Rewriting...done
Reading with getc()...done
Reading intelligently...done
start 'em...done...done...done...
Create files in sequential order...done.
Stat files in sequential order...done.
Delete files in sequential order...done.
Create files in random order...done.
Stat files in random order...done.
Delete files in random order...done.
Version  1.03   --Sequential Output-- --Sequential Input- 
--Random-
   -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- 
--Seeks--
MachineSize K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP  
/sec %CP
databank.x 300M 99309  90 97426  14 27452   3 40240  64 57858   5 
217.0   0
   --Sequential Create-- Random 
Create
   -Create-- --Read--- -Delete-- -Create-- --Read--- 
-Delete--
 files  /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP  
/sec %CP
16  2342   3 + +++  4517   6  2379   3 + +++  
4512   3

databank.x,300M,99309,90,97426,14,27452,3,40240,64,57858,5,217.0,0,16,2342,3,+,+++,4517,6,2379,3,+,+++,4512,3

where the /b drive is on an encrypted svnd and the /d drive is 
unencrypted. there is a speed difference of ~4x with the encrypted disk 
getting ~25 MB / s and the unencrypted getting ~100 MB / s.  this was 
done using a LSI MegaRAID SATA 300-8x adapter with backup battery, write 
back, caching I/O and adaptive read-ahead, with a 1.6 GHz sempron 
processor and 1 GB of 400 MHz DDR2 RAM on i386 4.0-release. the dmesg is 
posted at the end. oh, and both of these are RAID5 logical drives.


the processor gets up to ~70% utilization when writing and reading the 
encrypted drive. if i got a faster processor would it up the maximum 
write and read speeds or only drop the % CPU utilization? does RAM speed 
make a difference here? maybe running amd64 on it instead of i386?


these drives are connected to a SAF-TE backplane which connects to the 
controller. if the drives and the controller are SATAII, could there be 
a bottleneck with the backplane and/or SATA cabling?


if anyone else has gotten similar performance results i'd like to see them.

the unencrypted RAID1 had notably different bonnie++ results:

# /usr/local/sbin/bonnie++ -d /o/bonnie++ -u 1005:2000
Using uid:1005, gid:2000.
Writing with putc()...done
Writing intelligently...done
Rewriting...done
Reading with getc()...done
Reading intelligently...done
start 'em...done...done...done...
Create files in sequential order...done.
Stat files in sequential order...done.
Delete files in sequential order...done.
Create files in random order...done.
Stat files in random order...done.
Delete files in random order...done.
Version  1.03   --Sequential Output-- --Sequential Input- 
--Random-
   -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- 
--Seeks--
MachineSize K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP  
/sec %CP
databank.x 300M 22612  21 58930   7  6795   1 39394  63 57890   6 
131.3   0
   --Sequential Create-- Random 
Create
   -Create-- --Read--- -Delete-- -Create-- --Read--- 
-Delete--
 files  /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP  
/sec %CP
16   496   0 + +++  4019   3  1166   1 + +++  
1357   0

databank.x,300M,22612,21,58930,7,6795,1,39394,63,57890,6,131.3,0,16,496,0,+,+++,4019,3,1166,1,+,+++,1357,0

if there is anything further that i can do 

Re: i386 kernel: Identifying unconfigured devices

[JT Croteau]

On 3/26/07, JT Croteau [EMAIL PROTECTED] wrote:

unknown vendor 0x12de product 0x0204 (class crypto subclass
network/computing, rev 0x00) at pci1 dev 2 function 0 not configured


Ok, thanks to PCIdatabase.com, I have identified the vendor on this
one.  It's some type of Rainbow Technologies crypto device.. probably
an SSL accelerator.

--
 JT Croteau, N1ESE - Manchester, NH
 http://n1ese.qrpradio.com

Re: interface order with multiple cards of same type

[Jon Simola]

On 3/26/07, Aaron Martinez [EMAIL PROTECTED] wrote:


My question is.  I have OBSD 4.0 running on an Asus p3b-F with 6 pci
slots that i'm wanting to use as a router/firewall.  I have 5 fxp
interfaces in the machine inserted starting from the bottom pci slot
up.



A second related question, in the above example, how exactly does OBSD
choose the interface number?  I was under the impression it used the
slot to assign the interface number which is why i was so surprised to
see that fxp0 the third slot, fxp2 was in the top (occupied) slot and
fxp4 was in the bottom.   I have all of the pci slots set to auto in the
bios if that makes any difference.


They are enumerated in the order they are located on the bus. The Asus
P3B-F motherboard has (IIRC) 4 master and 2 slave PCI slots, where
the slave slots are actually wired the same as a corresponding master.
I believe the last 2 (furthest from the CPU) are the slaves, but you'd
have to check the motherboard manual.

Forcing the PCI slots in the BIOS, instead of leaving them set at
auto, should at least get them up in the same order every time.
Otherwise, the BIOS could randomly shuffle the actual interrupt routed
to the A,B,C,D pins on every boot.

At least, that's my experience, based on messing with nearly the same
setup a few years ago. (Read: I'm not a PCI expert, but it worked for
me)

--
Jon

i386 kernel: Identifying unconfigured devices

[JT Croteau]

I have two machines configured identically, one is following
4.0-release and the other -current.  Both have two, reported in dmesg,
unconfigured devices that I'd like to figure out what they are.

Here are some dmesg snips:

This is obviously some type of crypto device but I didn't think I had
anything installed in these machines.  I may just have to pop the
cover and see.

unknown vendor 0x12de product 0x0204 (class crypto subclass network/computing, r
ev 0x00) at pci1 dev 2 function 0 not configured

This is a bit more puzzling:

piixpm0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x50: polling
iic0 at piixpm0
mtp008 at iic0 addr 0x2c not configured
iic0: addr 0x2c 00=2c 01=ac 02=ac 03=ac 04=ac 05=ac 06=ac 07=ac 08=ac 09=ac 0a=a
c 0b=ac 0c=ac 0d=ac 0e=ac 0f=ac 10=ac 11=ac 12=ac 13=ac 14=ac 15=ac 16=2c 17=ac
18=ac 19=ac 1a=ac 1b=ac 1c=ac 1d=ac 1e=ac 1f=ac 20=e2 21=48 22=18 23=53 24=1d 25
=c2 26=b6 27=69 28=18 29=1a 2a=49 2b=9f 2c=28 2d=18 2e=88 2f=1f 30=12 32=1a 33=c
0 34=7a 35=1d 36=72 37=70 38=1b 39=29 3a=64 3b=6b 3c=50 3d=6a 3e=1a 3f=1d 40=08
47=56 48=2c 49=01 4a=2c 4b=01 4c=01 4d=01 4e=1a 4f=2c 52=80 56=50 58=ac a0=e2 a1
=48 a2=18 a3=53 a4=1d a5=c2 a6=b6 a7=69 a8=18 a9=1a aa=49 ab=9f ac=28 ad=18 ae=8
8 af=1f b0=12 b2=1a b3=c0 b4=7a b5=1d b6=72 b7=70 b8=1b b9=29 ba=64 bb=6b bc=50
bd=6a be=1a bf=1d c0=08 c7=56 c8=2c c9=01 ca=01 cb=01 cc=01 cd=01 ce=01 cf=01 d2
=80 d6=50 d8=ac d9=ac da=ac db=ac dc=ac dd=ac de=ac df=ac e0=ac e1=ac e2=ac e3=a
c e4=ac e5=ac e6=ac e7=ac e8=ac e9=ac ea=ac eb=ac ec=ac ed=ac ee=ac ef=ac f0=ac
f1=ac f2=ac f3=ac f4=ac f5=ac f6=ac f7=ac f8=ac f9=ac fa=ac fb=ac fc=ac fd=ac fe
=1a ff=ac: mtp008
mtp008 at iic0 addr 0x2e not configured
iic0: addr 0x2e 00=2e 01=ac 02=ac 03=ac 04=2e 05=ac 06=ac 07=ac 08=ac 09=ac 0a=a
c 0b=ac 0c=ac 0d=ac 0e=ac 0f=ac 10=ac 11=ac 12=ac 13=ac 14=ac 15=ac 16=2e 17=ac
18=ac 19=ac 1a=ac 1b=ac 1c=ac 1d=ac 1e=ac 1f=ac 20=12 21=0c 22=04 23=ea 25=58 26
=8c 27=0d 28=90 29=60 2a=d8 2b=8e 2c=48 2d=69 2e=12 2f=02 30=62 32=69 33=8b 34=3
2 35=ca 36=12 37=78 38=14 39=52 3a=4d 3b=19 3c=15 3d=68 3e=96 3f=b2 40=08 47=56
48=2e 49=01 4a=2e 4b=01 4c=01 4d=01 4e=96 4f=2e 52=80 56=50 58=ac a0=12 a1=0c a2
=04 a3=ea a5=58 a6=8c a7=0d a8=90 a9=60 aa=d8 ab=8e ac=48 ad=69 ae=12 af=02 b0=6
2 b2=69 b3=8b b4=32 b5=ca b6=12 b7=78 b8=14 b9=52 ba=4d bb=19 bc=15 bd=68 be=96
bf=b2 c0=08 c7=56 c8=2e c9=01 ca=01 cb=01 cc=01 cd=01 ce=01 cf=01 d2=80 d6=50 d8
=ac d9=ac da=ac db=ac dc=ac dd=ac de=ac df=ac e0=ac e1=ac e2=ac e3=ac e4=ac e5=a
c e6=ac e7=ac e8=ac e9=ac ea=ac eb=ac ec=ac ed=ac ee=ac ef=ac f0=ac f1=ac f2=ac
f3=ac f4=ac f5=ac f6=ac f7=ac f8=ac f9=ac fa=ac fb=ac fc=ac fd=ac fe=96 ff=ac: m
tp008

Any input would be greatly appreciated.

Thanks

--
 JT Croteau, N1ESE - Manchester, NH
 http://n1ese.qrpradio.com

Re: micro atx motherboard recommendations?

[Matt Rowley]

Just looking for a recommendation on a good/cheap (but not necessarily
fast) microatx motherboard.  Or possibly, one of those via
motherboards, but needs to fit in an atx case.


I _think_ the mini-itx form factor of the VIA EPIA motherboards will fit 
in ATX cases, but I've never tried it.


That said, I've had good luck running OpenBSD on the two EPIA systems I 
have, the ML6000EA (fanless 600mhz) and the PD1 (1ghz, dual vr-based 
NICs).


Dmesgs if yer interested:

http://www.damnskippy.org/openbsd/dmesg.ml6000ea
http://www.damnskippy.org/openbsd/dmesg.pd1000

cheers,
Matt

Re: interface order with multiple cards of same type

[Andy Hayward]

My question is.  I have OBSD 4.0 running on an Asus p3b-F with 6 pci
slots that i'm wanting to use as a router/firewall.  I have 5 fxp
interfaces in the machine inserted starting from the bottom pci slot
up.


I have a very similar setup here at home - however I deliberately used
a different make/model of card for the external interface than the
internal interfaces so that I could  distinguish them:

external: xl0
internal: rl0, rl1, rl2
wireless: ral0

PCI cards are detected in the order they appear in the bus, which has
absolutely no relationship to their physical positions.

-- ach

Re: interface order with multiple cards of same type

[Henning Brauer]

* Aaron Martinez [EMAIL PROTECTED] [2007-03-26 21:54]:
 My question is.  I have OBSD 4.0 running on an Asus p3b-F with 6 pci 
 slots that i'm wanting to use as a router/firewall.  I have 5 fxp 
 interfaces in the machine inserted starting from the bottom pci slot 
 up.  When the machine boots up it finds them just fine, but I never know 
 what order the cards are in.  (i.e. fxp0 was in the third  slot as 
 opposed to the first or last slot populated with a card, as i would have 
 expected).  Is there a way to hard code this into the hostname.fxpN 

there is a way to hardcode the device name on the card,using a paper 
label or the like ;)

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: maxcluster errors

[mail-lists]

Thanks for your reply.

I'm really about at my wits end with this. I think I'm going add a 
generic wireless router to my switch and have everyone access through 
that. Is it possible that there's something wrong with the ral driver?

I've heard though that this is a very reliable driver under openbsd.

I'm noticing that when I do a 'top' my interrupt usage stays at aroudn 
30%. Again - I have to think that this is a hardware limitation on the 
soekris.






Here is my pf.conf


ext_if=sis0
dmz_if=sis1
int_if=sis2
wii_if=ral0


wired_lan= 192.168.4.0/24
wireless_lan=192.168.5.0/24

VOIP_PORTS = {4520, 4569, 5060, 5061, 5062, 1:6}
VOIP_SERVERS = {IP OF VOIP SERVER}
ADMIN_PORTS = {80,22,2812, 4445}
ADMIN_HOSTS = {A BUNCH OF IPS}

VOIP_GATEWAYS = {74.52.15.138}

OUTGOING_PORTS = {80, 53}
set block-policy return

#scrub in all
#scrub out all

altq on $ext_if priq bandwidth 500Kb queue {std_out, voip_out}
queue std_out priq(default)
queue voip_out priority 10

altq on $wii_if priq bandwidth 40Mb queue {wii_std, wii_voip}
queue wii_std priq(default)
queue wii_voip priority 10


set skip on {lo0 sis1 ral0 sis2 }



###NAT
nat on $ext_if from $wired_lan to any - ($ext_if)
nat on $ext_if from $wireless_lan to any - ($ext_if)


block log all

pass quick on $ext_if proto tcp from $ADMIN_HOSTS to any port 22 keep state
pass quick on $ext_if proto {tcp udp} from $ADMIN_HOSTS to any port 
$ADMIN_PORTS keep state
pass quick on $ext_if proto {tcp udp} from $ADMIN_HOSTS to any port 
$VOIP_PORTS keep state

pass quick on $ext_if proto {icmp} from $ADMIN_HOSTS to any

pass in quick  on $wii_if from $wireless_lan to $VOIP_SERVERS keep state
pass in  quick on $int_if from $VOIP_SERVERS to $wireless_lan keep state

pass in quick on $ext_if from $VOIP_GATEWAYS to $VOIP_SERVERS

pass quick on $int_if from any to any
pass out quick on $ext_if from any  to any keep state

pass out quick  from $VOIP_SERVERS to any keep state
pass out quick on {$ext_if} from $VOIP_SERVERS to any keep state


#


Here is my netstat -m out:

9720 mbufs in use:
9670 mbufs allocated to data
47 mbufs allocated to packet headers
3 mbufs allocated to socket names and addresses
9661/9674/3 mbuf clusters in use (current/peak/max)
21784 Kbytes allocated to network (-92% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

Re: interface order with multiple cards of same type

[Chris Black]

Aaron Martinez wrote:
 apologies if this has been covered in the past, I searched on this and
 couldn't find anything, although i'm sure it's the wording i'm using.

 My question is.  I have OBSD 4.0 running on an Asus p3b-F with 6 pci
 slots that i'm wanting to use as a router/firewall.  I have 5 fxp
 interfaces in the machine inserted starting from the bottom pci slot
 up.  When the machine boots up it finds them just fine, but I never
 know what order the cards are in.  (i.e. fxp0 was in the third  slot
 as opposed to the first or last slot populated with a card, as i would
 have expected).  Is there a way to hard code this into the
 hostname.fxpN file, as to assign the number of the interface based on
 the hardware address as opposed to the ordering of the cards in the
 machine?  I looked in the man page for hostname.if but saw no way
 mentioned.

 A second related question, in the above example, how exactly does OBSD
 choose the interface number?  I was under the impression it used the
 slot to assign the interface number which is why i was so surprised to
 see that fxp0 the third slot, fxp2 was in the top (occupied) slot and
 fxp4 was in the bottom.   I have all of the pci slots set to auto in
 the bios if that makes any difference.
Someone else probably knows more than I, but here is my tiny bit of
insight. First of all, according to the networking section of the faq:
Combine the short alphabetical device name (such as fxp) with a number
assigned by the kernel and you have an interface name (such as fxp0).
The number is assigned based on various criteria, depending upon the
card and other details of the system. Some cards are assigned by the
order they are found during bus probing. Others may be by hardware
resource settings or MAC address.

Where this can cause a problem is newer boards with multiple PCI buses.
Usually it is something like one pair of slots are full PCI-X up to
133MHz and another pair is put aside for slower 66MHz cards or to allow
you to split the bandwidth. Board manufacturers do this because many
buses (including older pci) will run at the clock of the slowest card on
the bus, so giving you a separate bus allows you to have a slower card
in the system without slowing down the slots your faster cards are
plugged into. Unfortunately these multiple pci buses are not always set
up to be probed in a simple left-to-right order when looking at the
board. If you look at dmesg output you will probably see you have
multiple pci buses.

I may be wrong about this but these are my thoughts on the matter,
someone else feel free to correct me if I am wrong.

Best,
Chris

Re: sshd.config and AllowUsers

[Jerome Santos]

Thanks for pointing me in the right direction, got it working properly now;
found out the hard way to separate users by whitespace only, NOT commas.

thanks

On 3/26/07, Serge Basterot [EMAIL PROTECTED] wrote:

 Hello,

 On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote:

 [...]

  I want to add something like this:
 
  AllowUsers user1, user2, user3

 AllowUsers is a list of user name patterns, separated by _spaces_.
 Also take a look at the AllowGroups parameter.

 --
 Serge

Re: Convergence time with carp(4)

[Marco Pfatschbacher]

On Sun, Mar 25, 2007 at 08:23:25PM +0200, Jeremie Le Hen wrote:
  Btw, you might consider using ifstated(8)
  instead of scripting sth w/ ifconfig(8).
 
 I don't understand what you are saying here.  I explicitely showed
 the commands which can lead to my setup.  They are usually handled
 by netstart(8) and hostname.if(5).
 
Yes, that's just fine.
I assumed you were running some sort of monitoring script.

Re: maxcluster errors

[mail-lists]

One other thing:


I have discovered that when I'm not connected to the wireless network 
with my laptop (which has a belkin pcmcia card), the soekris seems to 
stay up indefinitely (mbufs keep accumulating though).


This sort of leads me to believe I have some sort of setting incorrect 
pertaining to my wireless interface.


Also,

I see a LOT (over 50%) of crc errors on the workstations connected 
wirelessly. Not transmitting but receiving.



my ral0 interface is configured thusly:


ral0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:08:a1:a7:8f:d7
media: IEEE802.11 autoselect mode 11g hostap
status: active
	ieee80211: nwid ACG_COMM chan 2 bssid 00:08:a1:a7:8f:d7 nwkey 
xxx 100dBm

inet 192.168.5.1 netmask 0xff00 broadcast 192.168.5.255
inet6 fe80::208:a1ff:fea7:8fd7%ral0 prefixlen 64 scopeid 0x4

Re: code analysis tools

[Nick !]

On 3/26/07, Gregg Reynolds [EMAIL PROTECTED] wrote:

Hi,

I wonder if the OpenBSD developers have a favored set of tools for C
code analysis.  E.g. the kind of stuff listed at
http://www.spinroot.com/static/.  Esp. stuff like
http://spinroot.com/uno/.  Are such tools used in OpenBSD code audits?

Also, what about automatic code documentation tools (for lack of a
better term)?  This kind of stuff:
http://en.wikipedia.org/wiki/Comparison_of_documentation_generators.

I'm interested because I think OpenBSD is a terrific development
platform, number one, and number two, I'd like to follow the code
development practices of OpenBSD.



OpenBSD... does not work like that. What made you decide it is a
terrific development platform? You do not even understand it's
philosophy. OpenBSD is developed with commitment and care, not
automation.

By the way, regarding: http://mobileink.com/mesh/, you should take a
look at http://www.well.com/~doctorow/metacrap.htm. That's also an
issue of care vs. automation.

The world should not be saved by tech!

-Nick

Re: maxcluster errors

[Stuart Henderson]

On 2007/03/26 16:41, mail-lists wrote:
 I'm noticing that when I do a 'top' my interrupt usage stays at aroudn 
 30%. Again - I have to think that this is a hardware limitation on the 
 soekris.

soekris is not a fast i/o machine, it is a low-power machine.

 altq on $wii_if priq bandwidth 40Mb queue {wii_std, wii_voip}

it definitely won't push 40Mb/s of data (nor will 802.11 wireless,
for that matter).

 pass in quick  on $wii_if from $wireless_lan to $VOIP_SERVERS keep state
 pass in  quick on $int_if from $VOIP_SERVERS to $wireless_lan keep state
 pass in quick on $ext_if from $VOIP_GATEWAYS to $VOIP_SERVERS

small packets too, that won't help.

try at least a via-based machine if you want something low-powered...

umsm(4) SprintPCS users -- Merlin PC720 anyone?

[Jeff Quast]

I've been happily using a umsm(4) sierra wireless aircard 580[1]. It
literally took less than 5 minutes to get this card moving in OpenBSD
with the ppp.conf example in umsm(4). Highly recommend this card, its
about $60 on ebay these days.

EVDO rev a was deployed to my area, and I was happy with the sierra
model (though not ecstatic over the latency), so I purchased a 'Sierra
wireless aircard 595' [2]. Somebody reported success in linux[3] with
this card, and umsm(4) listed this device as a maybe.

I forked out the $262, and Unfortunately this was not the 5-minute
success story as I had hoped for.

Although it attached to ucom0, if I used cu -l /dev/cuaU0 -s 230400, I
was not able to input an at (and receive OK, such as on the 580).
I wondered if the 168Mhz laptop I was using it with was too old
(pcmcia type II? what? it fit...), so I built a fresh 1.2Ghz i386 and
used a pci-pcmcia card with similar deadlock serial. This also
failed the same way on macppc.

There is a 30 day return limit on these, so I've re-activated the 580
(effectively disabling the new card) and returned this product. So my
question:

I am using sprintpcs as my provider. Can anybody report success with
the 'Merlin PC720' [4]?

1. http://www.sierrawireless.com/product/ac580.aspx
2. http://www.sierrawireless.com/product/ac595.aspx
3. 
http://www.pbandjelly.org/2006/12/sierra-wireless-aircard-595-configuration-sprintpcs/
4. http://www.novatelwireless.com/products/merlin/merlin-pc720.html

Thanks,
jdq

Re: Serial console not working for IBM Aptiva

[vladas]

On 3/13/07, Damon McMahon [EMAIL PROTECTED] wrote:


For the archives, the Aptiva BIOS had incorrect IRQ/address values
for Serial Port 1 and Serial Port 2. A BIOS flash to the latest
available version (perhaps unnecessary) and then setting these to
match the values specified in pccom(4) resolved the issue.


Just for the record: the same works here.

OpenBSD 4.1-current (GENERIC) #1445: Thu Mar 22 11:06:59 MDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium (P54C) (GenuineIntel 586-class) 150 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8
cpu0: F00F bug workaround installed
real mem  = 48852992 (47708K)
avail mem = 35954688 (35112K)
using 627 buffers containing 2568192 bytes (2508K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 11/23/96, BIOS32 rev. 0 @ 0xfd981
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI BIOS has 6 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:01:0 (SiS 85C503 System rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 SiS 5511 rev 0x00
pcib0 at pci0 dev 1 function 0 SiS 85C503 System rev 0x01
pciide0 at pci0 dev 1 function 1 SiS 5513 EIDE rev 0x08: 5597/5598: DMA, chann
el 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: QUANTUM FIREBALL540A
wd0: 8-sector PIO, LBA, 519MB, 1064448 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 disabled (no drives)
rl0 at pci0 dev 7 function 0 Realtek 8139 rev 0x10: irq 12, address 00:20:18:c
0:84:d1
rlphy0 at rl0 phy 0: RTL internal PHY
siop0 at pci0 dev 11 function 0 Symbios Logic 53c815 rev 0x04: irq 11
scsibus0 at siop0: 8 targets
sd0 at scsibus0 targ 6 lun 0: NEC, D3825, 5F14 SCSI2 0/direct fixed
sd0: 696MB, 1416 cyl, 16 head, 63 sec, 512 bytes/sec, 1427328 sec total
vga1 at pci0 dev 20 function 0 SiS 86C205 rev 0xd3: aperture at 0x2000, si
ze 0x40
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ef6d netmask ff6d ttymask ffef
pctr: 586-class performance counters and user-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0x80
siop0: target 6 now using 8 bit 10.0 MHz 8 REQ/ACK offset xfers
dkcsum: sd0 matches BIOS drive 0x81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

squid occasionally exits

[Bryan Irvine]

I've been getting this error periodically when squid terminates:

Mar 26 14:49:21 fire squid[22218]: Squid Parent: child process 2358 started
Mar 26 14:49:21 fire squid[22218]: Squid Parent: child process 2358
exited due to signal 6
Mar 26 14:49:24 fire squid[22218]: Squid Parent: child process 23951 started
Mar 26 14:49:33 fire squid[22218]: Squid Parent: child process 23951
exited due to signal 6
Mar 26 14:49:36 fire squid[22218]: Squid Parent: child process 11292 started
Mar 26 14:49:36 fire squid[22218]: Squid Parent: child process 11292
exited due to signal 6
Mar 26 14:49:39 fire squid[22218]: Squid Parent: child process 5758 started
Mar 26 14:49:40 fire squid[22218]: Squid Parent: child process 5758
exited due to signal 6
Mar 26 14:49:40 fire squid[22218]: Exiting due to repeated, frequent failures



partial cache.log file:

this first line is repeated several hundred times
2007/03/26 14:48:20| parseHttpRequest: PF open failed: (13) Permission denied
FATAL: Received Segment Violation...dying.
2007/03/26 14:49:14| storeDirWriteCleanLogs: Starting...
2007/03/26 14:49:14| WARNING: Closing open FD   12
2007/03/26 14:49:14|   Finished.  Wrote 9679 entries.
2007/03/26 14:49:14|   Took 0.0 seconds (1063275.8 entries/sec).
CPU Usage: 267.953 seconds = 139.500 user + 128.453 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 4
2007/03/26 14:49:17| Starting Squid Cache version 2.5.STABLE13 for
i386-unknown-openbsd4.0...
2007/03/26 14:49:17| Process ID 25658
2007/03/26 14:49:17| With 1024 file descriptors available
2007/03/26 14:49:17| Performing DNS Tests...
2007/03/26 14:49:17| Successful DNS name lookup tests...
2007/03/26 14:49:17| DNS Socket created at 0.0.0.0, port 3295, FD 5
2007/03/26 14:49:17| Adding nameserver 64.1.201.134 from /etc/resolv.conf
2007/03/26 14:49:17| Adding nameserver 64.1.201.135 from /etc/resolv.conf
2007/03/26 14:49:17| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2007/03/26 14:49:17| Unlinkd pipe opened on FD 10
2007/03/26 14:49:17| Swap maxSize 102400 KB, estimated 7876 objects
2007/03/26 14:49:17| Target number of buckets: 393
2007/03/26 14:49:17| Using 8192 Store buckets
2007/03/26 14:49:17| Max Mem  size: 8192 KB
2007/03/26 14:49:17| Max Swap size: 102400 KB
2007/03/26 14:49:17| Rebuilding storage in /var/squid/cache (CLEAN)
2007/03/26 14:49:17| Using Least Load store dir selection
2007/03/26 14:49:17| Set Current Directory to /var/squid/cache
2007/03/26 14:49:17| Loaded Icons.
2007/03/26 14:49:17| Accepting HTTP connections at 127.0.0.1, port 3128, FD 12.
2007/03/26 14:49:17| Accepting ICP messages at 0.0.0.0, port 3130, FD 13.
2007/03/26 14:49:17| WCCP Disabled.
2007/03/26 14:49:17| Ready to serve requests.
2007/03/26 14:49:17| Store rebuilding is 42.3% complete
2007/03/26 14:49:17| parseHttpRequest: PF open failed: (13) Permission denied
2007/03/26 14:49:17| Done reading /var/squid/cache swaplog (9679 entries)
2007/03/26 14:49:17| Finished rebuilding storage from disk.
2007/03/26 14:49:17|  9679 Entries scanned
2007/03/26 14:49:17| 0 Invalid entries.
2007/03/26 14:49:17| 0 With invalid flags.
2007/03/26 14:49:17|  9679 Objects loaded.
2007/03/26 14:49:17| 0 Objects expired.
2007/03/26 14:49:17| 0 Objects cancelled.
2007/03/26 14:49:17| 0 Duplicate URLs purged.
2007/03/26 14:49:17| 0 Swapfile clashes avoided.
2007/03/26 14:49:17|   Took 0.6 seconds (17272.0 objects/sec).
2007/03/26 14:49:17| Beginning Validation Procedure
2007/03/26 14:49:17|   Completed Validation Procedure
2007/03/26 14:49:17|   Validated 9679 Entries
2007/03/26 14:49:17|   store_swap_size = 92240k
FATAL: Received Segment Violation...dying.
2007/03/26 14:49:18| storeDirWriteCleanLogs: Starting...
2007/03/26 14:49:18|   Finished.  Wrote 9679 entries.
2007/03/26 14:49:18|   Took 0.0 seconds (2094568.3 entries/sec).
CPU Usage: 0.125 seconds = 0.062 user + 0.062 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
2007/03/26 14:49:21| Starting Squid Cache version 2.5.STABLE13 for
i386-unknown-openbsd4.0...
2007/03/26 14:49:21| Process ID 2358
2007/03/26 14:49:21| With 1024 file descriptors available
2007/03/26 14:49:21| Performing DNS Tests...
2007/03/26 14:49:21| Successful DNS name lookup tests...
2007/03/26 14:49:21| DNS Socket created at 0.0.0.0, port 10601, FD 5
2007/03/26 14:49:21| Adding nameserver 64.1.201.134 from /etc/resolv.conf
2007/03/26 14:49:21| Adding nameserver 64.1.201.135 from /etc/resolv.conf
2007/03/26 14:49:21| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2007/03/26 14:49:21| Unlinkd pipe opened on FD 10
2007/03/26 14:49:21| Swap maxSize 102400 KB, estimated 7876 objects
2007/03/26 14:49:21| Target number of buckets: 393
2007/03/26 14:49:21| Using 8192 Store buckets
2007/03/26 14:49:21| Max Mem  size: 8192 KB
2007/03/26 14:49:21| Max Swap size: 102400 KB
2007/03/26 14:49:21| Rebuilding storage in /var/squid/cache (CLEAN)

Re: code analysis tools

[Marco Peereboom]

ectags
ctags
cscope

All work fine within emacsOS and vim.

http://fxr.watson.org/ is invaluable too.

On Mon, Mar 26, 2007 at 02:16:49PM -0500, Gregg Reynolds wrote:
 Clarification:  I'm mostly interested in source browser tools (e.g.
 cscope, e/t/gtags, global, etc.) or whatever can help a developer
 understand unfamiliar source code in the shortest possible time.  Is
 there a preferred tool among OpenBSD developers?
 
 On 3/26/07, Gregg Reynolds [EMAIL PROTECTED] wrote:
 Hi,
 
 I wonder if the OpenBSD developers have a favored set of tools for C
 code analysis.  E.g. the kind of stuff listed at
 http://www.spinroot.com/static/.  Esp. stuff like
 http://spinroot.com/uno/.  Are such tools used in OpenBSD code audits?
 
 Also, what about automatic code documentation tools (for lack of a
 better term)?  This kind of stuff:
 http://en.wikipedia.org/wiki/Comparison_of_documentation_generators.
 
 I'm interested because I think OpenBSD is a terrific development
 platform, number one, and number two, I'd like to follow the code
 development practices of OpenBSD.
 
 Thanks,
 
 Gregg

Re: maxcluster errors

[rc]

Your pf.conf looks okay.  If there is a lot of IPs on your VOIP
Servers and ADMIN_HOSTS you may want to consider using tables.  How
many users do you have on your network?  After business hours do you
notice your mbuf clusters go down?  As Stuart said soekris is not
meant for high performance.

If you are seeing 50% of CRC errors on the wireless network, you might
want to try a different wireless access point to see if it makes any
difference in the CRC errors.  CRC can be hardware issues.

rc

On 3/26/07, mail-lists [EMAIL PROTECTED] wrote:

One other thing:


I have discovered that when I'm not connected to the wireless network
with my laptop (which has a belkin pcmcia card), the soekris seems to
stay up indefinitely (mbufs keep accumulating though).

This sort of leads me to believe I have some sort of setting incorrect
pertaining to my wireless interface.

Also,

I see a LOT (over 50%) of crc errors on the workstations connected
wirelessly. Not transmitting but receiving.


my ral0 interface is configured thusly:


ral0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:08:a1:a7:8f:d7
media: IEEE802.11 autoselect mode 11g hostap
status: active
ieee80211: nwid ACG_COMM chan 2 bssid 00:08:a1:a7:8f:d7 nwkey
xxx 100dBm
inet 192.168.5.1 netmask 0xff00 broadcast 192.168.5.255
inet6 fe80::208:a1ff:fea7:8fd7%ral0 prefixlen 64 scopeid 0x4

Re: VPN

[Shane J Pearson]

On 26/03/2007, at 6:22 PM, Siju George wrote:

Most probably you are sufferring from the PPTP problem with OpenBSD  
and PF.


This is an excerpt from his website



The last time i talked with him he said he is writing a PPTP proxy for
OpenBSD and PF just like the FTP-Proxy. So it should be available soon
:-)


Frickin works for me on OpenBSD 4.0...

http://frickin.sourceforge.net/


Shane J Pearson
shanejp netspace net au

Re: code analysis tools

[J.C. Roberts]

On Monday 26 March 2007 17:24, Marco Peereboom wrote:
 ectags
 ctags
 cscope

 All work fine within emacsOS and vim.


Marco, are you running emacsOS on the SIMH PDP-8 emulator or did you go 
buy one of the original machines?

Re: code analysis tools

[Gregg Reynolds]

On 3/26/07, Nick ! [EMAIL PROTECTED] wrote:


OpenBSD... does not work like that. What made you decide it is a
terrific development platform? You do not even understand it's
philosophy.


I understand the Standard Response to that would be RTFM.  But that
would be unhelpful, and even worse, rude.  So please see item one (and
most of the others) at http://www.openbsd.org/goals.html, and once
you've mastered that, see
http://www.openbsd.org/papers/asiabsdcon07-development/index.html.

Thanks very much for your helpful pointers.  Please do not feel
obligated to respond.

Re: VPN

[Appie]

Hi,

Thanks for the brief explanation about vpn going through NAT and vpn based
on pptp, so the solution right now is to wait for the pptp-proxy to be
created. How about linux ipcop, how come it works, we didn't configure
anything regarding vpn, we just followed the steps on setting up the
firewall and thats it. Does linux already have a solution for this (vpn
going thru NAT)? 


Kind regards,

Appie



Siju George wrote:
 
 On 3/26/07, Appie [EMAIL PROTECTED] wrote:
 Hi,

 Been using OpenBSD 4.0 w/ PF for a quite a while now, everything is
 running
 perfectly smooth, our setup is to block all incoming packets while allow
 all
 for outbound packets as long as connections are initiated from within our
 local lan. The only problem we encountered was that we can't connect
 simultaneous vpn connections to via windows XP vpn connectivity to our
 branch server. We can connect one at a time. Is there something I need to
 configure? We Tested it with another firewall setup (ipcop firewall) and
 it
 works. Hoping for your help. Thanks much.
 --
 
 Most probably you are sufferring from the PPTP problem with OpenBSD and
 PF.
 
 This is an excerpt from his website
 
 ===
 NAT relies on the uniqueness of the source and destination IP
 addresses and ports of each TCP and UDP packet.
 
 Whereas PPTP is a protocol over IP and it uses neither TCP nor UDP for
 encapsulation. Instead it uses GRE which is a protocol over IP.
 
 PPTP has a control phase in which it negotiates parameters over a
 control connection. This happens over destination TCP port 1723. You
 know that the destination TCP port of HTTP is 80. This is exactly like
 that.
 
 However, once the PPTP control negotiation is over, the VPN tunnel
 packets go over GRE which has no concept of port numbers. So the only
 way a router identifies different GRE tunnels are by looking at the
 destination IP address. Since NAT hides multiple destination IP
 addresses behind a single global IP address, the NAT device has very
 good reason to get confused as to which private IP address a
 particular GRE packet corresponds to.
 
 PPTP fortunately has a concept of callid for multiplexing simultaneous
 PPTP sessions. Even here we have a difficulty. Usually with TCP or IP,
 the source and destination port numbers are sent in the header of each
 packet.
 
 Whereas in the case of PPTP, only the destination callid is present in
 each packet. So incoming packets have the callid of the PPTP client
 and outgoing PPTP packets have the callid of the PPTP server.
 
 How does the NAT machine determine the internal IP address the callid
 corresponds to?
 
 To make things worse, as is to be expected from Micro$oft products,
 the incoming callid is always 0 for PPTP clients. So this makes it
 technically infeasibly to multiplex.
 =
 
 The last time i talked with him he said he is writing a PPTP proxy for
 OpenBSD and PF just like the FTP-Proxy. So it should be available soon
 :-)
 
 Kind Regards
 
 Siju
 
 
 

-- 
View this message in context: http://www.nabble.com/VPN-tf3465334.html#a9684762
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: code analysis tools

[Gregg Reynolds]

On 3/26/07, Tobias Ulmer [EMAIL PROTECTED] wrote:


lint(1), gcc-local(1)

style(7) may be worth reading...



Thank you; I didn't know about those man pages; I'll have to dig
around and find what other similar pages are there.  OpenBSD's
documentation is pretty amazing.

-gregg

Re: code analysis tools

[Marco Peereboom]

Nope, I am a vim whore!

On Mon, Mar 26, 2007 at 05:55:48PM -0700, J.C. Roberts wrote:
 On Monday 26 March 2007 17:24, Marco Peereboom wrote:
  ectags
  ctags
  cscope
 
  All work fine within emacsOS and vim.
 
 
 Marco, are you running emacsOS on the SIMH PDP-8 emulator or did you go 
 buy one of the original machines?

Re: code analysis tools

[Gregg Reynolds]

On 3/26/07, Marco Peereboom [EMAIL PROTECTED] wrote:

ectags
ctags
cscope

All work fine within emacsOS and vim.

http://fxr.watson.org/ is invaluable too.


I see GNU Global does something similar:
http://www.tamacom.com/tour.html.  Ever looked at it?

BTW I plan to write up a paper or guide on tools and resources for
development on OpenBSD with this info.

Thanks,

-gregg

enlarge the drive

[riwanlky]

Hi All,

I had a problem, I do as been told by the OpenBSD cover on installation
of the drive.

80m for /
300m for swap
80m for /tmp
80m for /var
2g for /usr
all the other for /home

however it seem that my /var allocated more than 70%, I will like to
enlarge it. I use all my partition in the hardisk for OpenBSD.

Can I enlarge it without effecting the /home contain. I want to reduce
the /home size.

Best regards and Thanks
Riwan

Re: maxcluster errors

[Mail Lists]

On 3/26/07, Stuart Henderson [EMAIL PROTECTED] wrote:

 On 2007/03/26 16:41, mail-lists wrote:
  I'm noticing that when I do a 'top' my interrupt usage stays at aroudn
  30%. Again - I have to think that this is a hardware limitation on the
  soekris.

 soekris is not a fast i/o machine, it is a low-power machine.

  altq on $wii_if priq bandwidth 40Mb queue {wii_std, wii_voip}

 it definitely won't push 40Mb/s of data (nor will 802.11 wireless,
 for that matter).


No, I don't imagine it would. Those queues aren't actually being used
though. I'd say maybe 10Mb/s at most right now

 pass in quick  on $wii_if from $wireless_lan to $VOIP_SERVERS keep state
  pass in  quick on $int_if from $VOIP_SERVERS to $wireless_lan keep state
  pass in quick on $ext_if from $VOIP_GATEWAYS to $VOIP_SERVERS

 small packets too, that won't help.


Yeah, I was afraid of that.

However, another soekris I have seems to do fine with ~ 30Mb/s peaks, also
handling a fair amount of VOIP traffic.
The difference is that it's not serving as a wireless AP

Re: enlarge the drive

[Nick !]

On 3/26/07, riwanlky [EMAIL PROTECTED] wrote:

Hi All,

I had a problem, I do as been told by the OpenBSD cover on installation
of the drive.

80m for /
300m for swap
80m for /tmp
80m for /var
2g for /usr
all the other for /home



It actually says that's an example only ;)


however it seem that my /var allocated more than 70%, I will like to
enlarge it. I use all my partition in the hardisk for OpenBSD.

Can I enlarge it without effecting the /home contain. I want to reduce
the /home size.


Short answer: no. Give up now and reinstall now that you know what you need.

Long answer: Yes, the FAQ which you sound like you've read does imply
that this is possible. However, this is pretty low-level stuff so it's
really tricky. All the filesystems right now are packed together (or
probably are at least; you can check your disklabel to see, with some
graphing paper and patience, exactly where they are positioned). If
you've left unused space at the end, and /var is the lastmost
partition, it will be possible to grow it. See growfs(8) and read it
very carefully.

But you would probably be better off doing a clean install.

Good luck,
-Nick

Re: two default route

[riwanlky]

Hai Mr. Stuart Henderson,

Thanks for the hint on -mpath.

I am just trying to get the internal to external. I had two ISP, and
when I try to route add default at the second time I got
route: writing to routing socket: File exists
add net default: gateway 10.10.10.2: File exists

So I am wondering how do I send out traffic to the ISP if I don't
have routing.

I know that I can use PF to route the internal to external traffic.
I thought that I need routing in order to use PF.

I mean to say that I can't use OpenOSPFD and OpenBGPD.
My mistake. Sorry for the inconvenience. The ISP will not
support it, the only can support static route from us and from
them to us.

Best regards and thanks.
Riwan

At 03:24 PM 3/26/2007 +0100, Stuart Henderson wrote:

On 2007/03/26 20:33, riwanlky wrote:
 I have two ISP, and wondering how should I setup the default
 route to the ISP.

you need to give a lot more information about what you're trying
to do to get a useful answer.

how are you connecting to them?

how do they know how to route packets to you?

do you have your own address space or are you using your space
from your providers?

if you're using provider address space, will they allow you
to send them packets with somebody else's source address?

 I am wondering if I have two gateway going to the same route can I use
 metric?
 route add 0.0.0.0/0 192.168.6.1 10
 route add 0.0.0.0/0 192.168.6.2 100

OpenBSD doesn't use metrics like this in the routing table,
you can do something similar with PF load-balancing or 'probability'

There is equal-cost multipath support but unless I missed
something, it's not supported by the routing daemons yet,
you can use it with static routes using -mpath, see route(8)

 I can used OpenOSPFD or OpenBGPD.

will your ISPs listen to your announcements?

realistically, I think if you are going to be able to handle
running BGP with your providers, you probably wouldn't be asking
this question.

Re: enlarge the drive

[Darrin Chandler]

On Mon, Mar 26, 2007 at 11:43:51PM -0400, Nick ! wrote:
 Short answer: no. Give up now and reinstall now that you know what you need.
 
 Long answer: Yes, the FAQ which you sound like you've read does imply
 that this is possible. However, this is pretty low-level stuff so it's
 really tricky. All the filesystems right now are packed together (or
 probably are at least; you can check your disklabel to see, with some
 graphing paper and patience, exactly where they are positioned). If
 you've left unused space at the end, and /var is the lastmost
 partition, it will be possible to grow it. See growfs(8) and read it
 very carefully.
 
 But you would probably be better off doing a clean install.

Reinstall may be the easiest and cleanest. There's also another
alternative that you left out, which I have done before. If you have
unused space at the end, you can add a slice and newfs for a new /var,
then reboot single user and copy everything over, edit fstab, etc. Not
*too* tricky at all, if the space is there to begin with.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

no incoming message for sendmail

[aretes27884]

Today I upgraded my mail server from OpenBSD 3.7 to 4.0 (patches 2 thru 10 
applied) and even though ps -aux shows sendmail: accepting connections 
(sendmail) I'm not getting any incoming messages. I tried several times to 
send myself messages and had others send me messages from various services but 
noting is coming in.

To create my sendmail.cf file I started with openbsd-proto.mc and filled in 
my domain information. My my.mc file is (minus the dnl lines:

divert(-1)
divert(0)dnl
VERSIONID(`@(#)openbsd-proto.mc $Revision: 1.11 $')dnl
OSTYPE(openbsd)dnl
define(`confPRIVACY_FLAGS', 
`authwarnings,needmailhelo,noexpn,novrfy,nobodyreturn')dnl
define(`confCW_FILE', `-o MAIL_SETTINGS_DIR`'local-host-names')dnl
define(`confCT_FILE', `-o MAIL_SETTINGS_DIR`'trusted-users')dnl
define(`confLOG_LEVEL',`15')dnl
FEATURE(nouucp, `reject')dnl
FEATURE(`access_db', `hash -o -TTMPF /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl
FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl
FEATURE(always_add_domain)dnl
FEATURE(redirect)dnl
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Name=MTA')dnl
DAEMON_OPTIONS(`Family=inet6, Address=::, Name=MTA6, M=O')dnl
DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=E')dnl
DAEMON_OPTIONS(`Family=inet6, Address=::, Port=587, Name=MSA6, M=O, M=E')dnl
CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl
CLIENT_OPTIONS(`Family=inet6, Address=::')dnl
define(`confBIND_OPTS', `WorkAroundBroken')dnl
MASQUERADE_AS(`my-company.com')dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
MAILER(local)dnl
MAILER(smtp)dnl
LOCAL_RULESETS
HMessage-Id: $CheckMessageId

SCheckMessageId
R $+ @ $+ $@ OK
R$* $#error $: 553 Header Error


I've removed the STARTTLS and CLAMAV settings I was using. I copied the 
/etc/mail files from my previous installation:
- relay-domains (contains my domain)
- local-host-names (contains various names for my server)
- aliases (aliases.db created using: newaliases)
- access (access.db created using: makemap hash /etc/mail/access  
/etc/mail/access)
- all other /etc/mail files are unchanged
I also set the confLOG_LEVEL to 15 so that I can see more information on the 
incoming and outgoing messages thinking that would help. I see nothing for 
incoming message but lots of information on outgoing messages. 

sendmail.cf was created and sendmail was started using:
cd /usr/share/sendmail/cf
m4 /usr/share/sendmail/m4/cf.m4 my.mc  my.cf
mv my.cf /etc/mail/sendmail.cf
kill `head -1 /var/run/sendmail.pid`
/usr/sbin/sendmail -L sm-mta -C/etc/mail/sendmail.cf -bd -q30m

These lines from pf.conf in my firewall redirect incoming traffic to my mail 
server. This worked before I upgraded.

ext_if = xl2
myAddress  = 192.168.0.1
mailServer = 192.168.2.2
rdr on $ext_if proto tcp from any to $myAddress port 25 - $mailServer port 25

My ISP supplies a router/DSL modem (Cayman Model 3346 DSL Ethernet Switch) and 
I've redirected all it's incoming traffic to my firewall.

I don't know what might have changed from OpenBSD 3.7 to 4.0 in sendmail. Does 
anyone have suggestions for what might be the problem with sendmail? I wouldn't 
think my ISP would block my incoming messages.

Re: VPN

[Appie]

Sori , my mistake , we did put a check mark (enabled) vpn and assign a local
vpn hostname / IP on IPcop's global VPN settings.


Regards,

Rafael



Appie wrote:
 
 Hi,
 
 Thanks for the brief explanation about vpn going through NAT and vpn based
 on pptp, so the solution right now is to wait for the pptp-proxy to be
 created. How about linux ipcop, how come it works, we didn't configure
 anything regarding vpn, we just followed the steps on setting up the
 firewall and thats it. Does linux already have a solution for this (vpn
 going thru NAT)? 
 
 
 Kind regards,
 
 Appie
 
 
 
 Siju George wrote:
 
 On 3/26/07, Appie [EMAIL PROTECTED] wrote:
 Hi,

 Been using OpenBSD 4.0 w/ PF for a quite a while now, everything is
 running
 perfectly smooth, our setup is to block all incoming packets while allow
 all
 for outbound packets as long as connections are initiated from within
 our
 local lan. The only problem we encountered was that we can't connect
 simultaneous vpn connections to via windows XP vpn connectivity to our
 branch server. We can connect one at a time. Is there something I need
 to
 configure? We Tested it with another firewall setup (ipcop firewall) and
 it
 works. Hoping for your help. Thanks much.
 --
 
 Most probably you are sufferring from the PPTP problem with OpenBSD and
 PF.
 
 This is an excerpt from his website
 
 ===
 NAT relies on the uniqueness of the source and destination IP
 addresses and ports of each TCP and UDP packet.
 
 Whereas PPTP is a protocol over IP and it uses neither TCP nor UDP for
 encapsulation. Instead it uses GRE which is a protocol over IP.
 
 PPTP has a control phase in which it negotiates parameters over a
 control connection. This happens over destination TCP port 1723. You
 know that the destination TCP port of HTTP is 80. This is exactly like
 that.
 
 However, once the PPTP control negotiation is over, the VPN tunnel
 packets go over GRE which has no concept of port numbers. So the only
 way a router identifies different GRE tunnels are by looking at the
 destination IP address. Since NAT hides multiple destination IP
 addresses behind a single global IP address, the NAT device has very
 good reason to get confused as to which private IP address a
 particular GRE packet corresponds to.
 
 PPTP fortunately has a concept of callid for multiplexing simultaneous
 PPTP sessions. Even here we have a difficulty. Usually with TCP or IP,
 the source and destination port numbers are sent in the header of each
 packet.
 
 Whereas in the case of PPTP, only the destination callid is present in
 each packet. So incoming packets have the callid of the PPTP client
 and outgoing PPTP packets have the callid of the PPTP server.
 
 How does the NAT machine determine the internal IP address the callid
 corresponds to?
 
 To make things worse, as is to be expected from Micro$oft products,
 the incoming callid is always 0 for PPTP clients. So this makes it
 technically infeasibly to multiplex.
 =
 
 The last time i talked with him he said he is writing a PPTP proxy for
 OpenBSD and PF just like the FTP-Proxy. So it should be available soon
 :-)
 
 Kind Regards
 
 Siju
 
 
 
 
 

-- 
View this message in context: http://www.nabble.com/VPN-tf3465334.html#a9686323
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: sshd.config and AllowUsers

[Lars D . Noodén]

Others have mentioned the correct syntax already.  One suggestion which
helps administration is to assign or revoke access (or other privileges)
based on groups rather than individual users.  In otherwords, make the
users members of a group and grant that group access.

It helps scalability, maintenance, and testing.

Regards,
-Lars

Lars NoodC)n ([EMAIL PROTECTED])
 Ensure access to your data now and in the future
 http://opendocumentfellowship.org/about_us/contribute

Re: VPN

[Lars D . Noodén]

It may not be the wisest thing to be trying PPTP.  In addition to the
technical problems you are encountering, there seem to be some grave
issues with the protocol itself,
http://www.schneier.com/pptp-faq.html

which are apparently not resolved entirely even in later versions.

IPsec and SSL are both standards and, as such, supported even by legacy
platforms.  It might be useful to phase out PPTP in favor of IPsec.

-Lars

Lars NoodC)n ([EMAIL PROTECTED])
 Ensure access to your data now and in the future
 http://opendocumentfellowship.org/about_us/contribute

Re: VPN

[Adam Hawes]

 It may not be the wisest thing to be trying PPTP.  In addition to the

 technical problems you are encountering, there seem to be some grave

 issues with the protocol itself,

   http://www.schneier.com/pptp-faq.html

 

 which are apparently not resolved entirely even in later versions.



PPTP sucks, but if you have some models of Palm device it's all you

get to use - they just don't do anything more secure.  Sure, it's all

software but i have yet to see an IPSec or SSL-based VPN client for

my Palm.  It's useless wireless won't even do WPA (ok, so I got it 

before WPA was around, but there isn't even a software upgrade).



 IPsec and SSL are both standards and, as such, supported even 

 by legacy

 platforms.  It might be useful to phase out PPTP in favor of IPsec.



IPSec can be confusing to configure the first time round - it

took me a little while to come to terms with it.  It has the 

advantage the newer version of Winblows support it out of the box,

so your average L-user will have no trouble getting on your VPN.

(s/no trobule/minimal trouble/).



OpenVPN is ssl-based and seems to work quite well.  It's also 

able to be easily tunneled over HTTP proxies if you need to 

access the VPN from behind a restrictive firewall.  I've used 

OpenVPN on Linux servers, clients and Windows boxes.  Never had

a hiccup with it. I don't know how well it works in OpenBSD though.



If you're stuck with PPTP just be sure to know its limits.  Read the

web page posted before and probably keep it on a separate box with

different usernames/passwords to your main machines.  You might

consider allowing access to only certain services via the VPN too,

just to limit the damage that can occur due to PPTP's inherrent

insecurity.



I found that the free servers were really painfully slow too - 

I don't know whether that's an artificial limitation or not 

because the server was never very heavily loaded and PPTP 

wouldn't do more than a couple of megabits a second over a solid

wireless connection.



Cheers,

A

Re: code analysis tools

[jjhartley]

From: Gregg Reynolds [EMAIL PROTECTED]

 On 3/26/07, Marco Peereboom [EMAIL PROTECTED] wrote:
  ectags
  ctags
  cscope
 
  All work fine within emacsOS and vim.
 
  http://fxr.watson.org/ is invaluable too.
 
 I see GNU Global does something similar:


Has anyone played with OpenGrok yet?

http://www.opensolaris.org/os/project/opengrok/

Re: code analysis tools

[Matthew R. Dempsky]

On Tue, Mar 27, 2007 at 05:10:48AM +, [EMAIL PROTECTED] wrote:
 Has anyone played with OpenGrok yet?

http://opengrok.creo.hu/openbsd/