Re: bcw(4) is gone

[Timo Schoeler]

On Mon, 9 Apr 2007 23:15:36 -0400
Adam [EMAIL PROTECTED] wrote:

 Tobias Weisserth [EMAIL PROTECTED] wrote:
 
  Who the hell do you think you are that you can impose a definition
  of free on me? Freedom is also a matter of perception and
  perspective.
 
 No, its the FSF trying to redefine the word free.  The english
 language has had the word for a long time, and its meanings are quite
 clear.  None of those meanings include being restricted.  Its not a
 matter of perception or perspective, you can't just pretend words
 meaning other things and expect everyone to go along.  GPL your code
 all you want, just stop claiming it has anything to do with freedom.
 
 Adam

1984. Newspeak. Slavery (GPL) is freedom.

;)

timo

Re: Problem installing DSPAM (with postfix)

[Timo Schoeler]

On Tue, 10 Apr 2007 00:36:08 -0400
Jean-Daniel Beaubien [EMAIL PROTECTED] wrote:

 Hi eveyrone,
 
 I am having a bit of trouble installing DSPAM with Postfix.  The
 problem seems to be with the unix socket (and my lack of knowledge on
 the subjecT).
 
 
 Here is a small snippet of the config fordspam and postfix:
 
 # grep -R -e 'dspam.sock' /etc/*
 /etc/dspam.conf:ServerDomainSocketPath  /tmp/dspam.sock
 /etc/dspam.conf:#ClientHost /tmp/dspam.sock
 /etc/postfix/master.cf:-o
 content_filter=lmtp:unix:/tmp/dspam.sock
 
 
 And here is the content of /tmp:
 --
 # ls -l
 total 0
 srwxrwxrwx  1 root  wheel  0 Apr  9 20:11 dspam.sock
 
 
 And unfortunately I get the following errors in /var/log/maillog:
 
 Apr 10 00:22:17 mail_server postfix/lmtp[21514]: 2E9682B6:
 to=[EMAIL PROTECTED], orig_to=[EMAIL PROTECTED], relay=none, delay=15444,
 delays=15444/0.22/0/0, dsn=4.4.1, status=deferred (connect to
 mail_server.mydomain.com[/tmp/dspam.sock]: No such file or directory)
 
 
 This strikes me as odd since the file /tmp/dspam.sock seems to be
 there.
 
 Anyone has an idea what's going on?
 
 Thank you for your time,
 
 -Jd

Check if your postfix runs chrooted(8) (check master.conf for this). If
so, /tmp should be in /var/spool/postfix/tmp

HTH,

timo

Re: bcw(4) is gone

[RedShift]

Marco Peereboom wrote:

I have to reply to this horse shit.



:-)


*snip*


Regarding freedom: Take the Linksys routing devices. They ship with  
GPL software. Taking what you said as an example, it would be OK if  
Linksys made proprietary changes to the free software and deliver a  
closed software on the device. If for example the proprietary changes  
make the free software work on the device in the first place, the  
software is in effect not free anymore, as the free version of the  
software is useless in effect. If there is no other option than to  
buy these Linksys devices or similar devices in the future and the  
originally free software cannot be used on any other device anymore,  
then the propriety changes to a free software has made this software  
unfree for users. What's the freedom of BSD software worth when it  
can't be used in its free form anymore? That can't happen with GPL'ed  
software.


You are talking without saying anything.  What is your fucking point?



Have you actually read that piece of text??

*snip*


There are many cases where a GPL license is the only sensible choice  
in my opinion. Of course, I don't reject the BSD license either. It  
all depends on what you want to bring about and secure. There is no  
one-and-only-free license.


The only good use so for of the GPL is java.  Sun gets to pretend to put
free code out there and it is completely protected by the GPL.  It will
never take any patches from the community; it simply wants to retain
full control.  The joke is on GPL since it protects the companies it
hates.  One has got to love unforeseen consequences.


Have you tried submitting patches to them? You are just being prejudist. 
Please don't say things you think, say things that are proven fact.



*snip*


Glenn

Re: bcw(4) is gone

[Leonardo Rodrigues]

Phew, what a load of animosity. I really hope humanity still has a chance.

Now, regarding the bcw issue, let's leave this thread to die. Mistakes
are meant to be forgiven, and life to be lived forwards =)

--
An OpenBSD user... and that's all you need to know =)

Re: bcw(4) is gone

[Artur Grabowski]

RedShift [EMAIL PROTECTED] writes:

 Have you tried submitting patches to them? You are just being
 prejudist. Please don't say things you think, say things that are
 proven fact.

Is that a fact? Or just your opinion? I think it's a discussion that
doesn't belong on this mailing list.

//art

est setperf core 2

[giovanni]

my laptop has a core 2 processor (T5500) but because my acpi dsdt
lacks of PCT, PSS and PPC I can't use acpicpu for playing w/ setperf

I've made these tiny changes

Index: machdep.c
===
RCS file: /cvs/src/sys/arch/i386/i386/machdep.c,v
retrieving revision 1.381
diff -u -b -r1.381 machdep.c
--- machdep.c   3 Apr 2007 10:14:47 -   1.381
+++ machdep.c   9 Apr 2007 08:47:26 -
@@ -1444,7 +1444,7 @@
#endif
}

-#if !defined(SMALL_KERNEL)  defined(I686_CPU)  !defined(MULTIPROCESSOR)
+#if !defined(SMALL_KERNEL)  defined(I686_CPU) /* !defined(MULTIPROCESSOR)*/
void
intel686_setperf_setup(struct cpu_info *ci)
{
@@ -1468,9 +1468,9 @@
{

#if !defined(SMALL_KERNEL)  defined(I686_CPU)
-#if !defined(MULTIPROCESSOR)
+/*#if !defined(MULTIPROCESSOR)*/
   setperf_setup = intel686_setperf_setup;
-#endif
+/*#endif*/
   {
   extern void (*pagezero)(void *, size_t);
   extern void sse2_pagezero(void *, size_t);

so now also w/ bsd.mp during boot, est is used by reporting I can use
only HFS and LFH i.e 1667 and 1000 Mhz.
if I'm not wrong I read that w/ core 2 by changing one msr affects
also the other core. What I'm looking for are information for vid and
related frequency  for being able to use other setperf values (not
only 0 and 100) but I'm not able to find out them.

has anybody any hint?

thanks,

--
giovanni

Gagnez un GPS TomTom pendant 15 jours!

[Guide des prestataires]

Ce message est au format HTML. Si vous ne parvenez pas ` le lire, cliquez
ici.



www.guidedesprestataires.com

Gagnez un GPS TomTom tous les jours du 31 Mars 2007 au 15 Avril 2007 . Si
votre demande de devis est la 126eme de la journie durant cette
piriode vous recevrez sous 15 jours votre GPS.



Jeux sans obligation d'achat - recevez le rhglement complet du jeux en le
demandant par ecrit ` notre service marketing.

Le Guide Des Prestataires est une activiti de la sociiti Midia Tilecom
SAS - Rcs Criteil 482 024 825





- Premihre visite - Acchs membres - Devenir Prestataire - Conditions
ginirales d'utilisation - Qui sommes nous - Plan du site - News-letters-
Partenaires

) Midia Tilicom SAS  2007 

Afin de vous tenir informi des offres de nos prestataires sans vous
occasionner de gjnes,nous vous informons que vous recevrez uniquement 2
lettres d'informations par semaine. Seules les personnes qui disirent
s'inscrire GRATUITEMENT ` nos lettres d'informations en recevront une par
jour.

Conformiment ` la loi Informatique et Libertis du 6 janvier 1978, vous
binificiez d'un droit d'acchs, de modification, de suppression et
d'opposition aux donnies vous concernant.Si vous souhaitez exercer ces
droits, veuillez vous adresser ` MEDIA TELECOM SAS , service marketing,
Voie Felix Eboui- 94 000 - Criteil- ou icrire `
[EMAIL PROTECTED] Nous nous engageons ` ne pas
communiquer ` des tiers les informations vous concernant sauf si vous
nous en donnez l'autorisation. Jeux sans obligation d'achat - recevez le
rhglement complet du jeux en le demandant par ecrit ` notre service
marketing. Diclaration CNIL N0 119 789.
=

Cliquez ici pour vous disinscrire

Re: Binary kernel and base update

[Marc Espie]

On Tue, Apr 10, 2007 at 01:43:56AM +0200, [EMAIL PROTECTED] wrote:
 Hi all.
 
 I have noticed that the OpenBSD team puts a lot of emphasis on using binary
 packets rather than building from ports, which I think IMHO is good, but why
 is it that there is no binary kernel updates, rather than patching the kernel
 from source?

We have stated this numerous times, but maybe it's not easy to find in the
archives because there is no obvious subject: not enough resources.
Binary updates for the whole system would be desireable, but we simply do
not have the time to do it right (for now).

The infrastructure is totally geared towards -current. There are just few
resources devoted to -stable packages, and almost none towards stable
source.

Some people external to the project are providing you with binpatch and
binary updates. As long as you trust them, you can use their work...

Re: waitpid() thread race

[Brian Candler]

On Mon, Apr 09, 2007 at 03:42:50PM -0600, Philip Guenther wrote:
 However, OpenBSD 4.0 doesn't actually comply with that: after
 waitpid() there will be no SIGCHLD pending, even if there are
 additional children to reap.
 
 So, if you're going to have multiple children, you need to call
 waitpid(-1, ret, WNOHANG) until it returns zero or -1/ECHILD before
 you loop back to sigsuspend() again.  That way you can be sure that
 you haven't lost any SIGCHLDs before you reenter the sigsuspend().
 I've actually confirmed that that loop does work as expected, unlike
 the original example which only works with one child.

Hmm. OK, thanks for that.

I think for now my preferred solution is to keep a linear list of child
processes. Forking adds a child to the end of the list; reaping finds the
first child in the list with a matching pid and removes that entry.

This eliminates the need for dealing with signals. The extra overhead of a
linear search is small, given that children don't die that often.

Cheers,

Brian.

Re: bcw(4) is gone

[frantisek holop]

if someone is still reading the thread...

1. marcus makes mistake
2. michael tells the world
3. theo plays theater

1. it's not rocket science not to commit gpl licensed code into
the public cvs tree under a bsd license and let it sit there for
months.  esp. with the openbsd kind of draconian license audits.
it's not rocket science, and thus it's hard for linux people to
believe it was not intentional, but again, its obviousness is
the proof it couldn't have been intentional.  pray, who wouldn't
have noticed the gpl code in there?

2. let's stop for a moment, and think why michael would make a
mistake like this, again, it's not rocket science, it was a
mistake.  let's play the associations game.  i say openbsd
developer you say the first three things that come into your
mind.  ready?  go.  mine were: theo, arrogant, and
difficult.  now let me state publicly after my fair share of
flame wars on misc@ that i do not believe on any day, that all
openbsd devs are like this.  not even the majority.  maybe no
one is like that these days... but the thing is, that these are
some of the attributes openbsd got associated with in the past,
a stigma.  so i wouldn't be surprised if michael just skipped
the first step of the rules of engagement and called in the
heavy artillery right away. it's not that far fetched, do you
work in big company?  the first thing you learn is to cc: all
the managers if you want to get something done for real.  so he
did.  at this point there could have been a nice and easy
solution if markus just explained publicly what he did.

3. theo's repeated (to the point of shut up, already!, which
he uses so frequently) cries for empathy, downplaying marcus's
mistake and at the same time enlarging michael's is the most
postmodern literature i have read this year.  it's absurd.
imagine theo with tears in his eyes calling for empathy because
one of his developers has made a mistake and he's still managing
to insult people in the process!  just brilliant.



reading the whole thread i find it easy to see that theo made it
all worse.  marcus has made a mistake, but obviously, he's not a
thief.  the linux people have decided to deal with it this way,
not very nice but hey, life is not all cakes.  stand up like
a man, make a public answer, explain yourself and not hide
behind theo to deal with the PR.

and you almost did just that.  and then you deleted the driver
because ... because...  what was it again?  there is no public
explanatory mail between your list of choices and then erasure.
why was it really?  because some people hurt your feelings?
well, as theo used to say, v-v-very frequently: boo hoo, the
world is a harsh place.  the poetic justice of it all.


-f
-- 
to learn more about paranoids, follow them around!

ISDN PRI cards on openbsd?

[Sebastian Reitenbach]

Hi,

does there exist any ISDN PRI card that is supported by OpenBSD and can be
used with Asterisk? As far as I can read here:
http://www.voip-info.org/wiki/index.php?page=Asterisk+OpenBSD , none is
supported up to OpenBSD 3.8.  I have seen, that there are zaptel drivers 
available on FreeBSD, but I doubt that there is any on OpenbSD. I searched 
the manuals on OpenBSD.org for more, but found nothing more.
Is there any PRI card supported on OpenBSD which I might have overlooked?


kind regards
Sebastian

Re: bcw(4) is gone

[Reyk Floeter]

On Tue, Apr 10, 2007 at 12:19:29PM +0200, frantisek holop wrote:
 if someone is still reading the thread...
 

lalalala

Re: ISDN PRI cards on openbsd?

[Claudio Jeker]

On Tue, Apr 10, 2007 at 12:23:02PM +0200, Sebastian Reitenbach wrote:
 Hi,
 
 does there exist any ISDN PRI card that is supported by OpenBSD and can be
 used with Asterisk? As far as I can read here:
 http://www.voip-info.org/wiki/index.php?page=Asterisk+OpenBSD , none is
 supported up to OpenBSD 3.8.  I have seen, that there are zaptel drivers 
 available on FreeBSD, but I doubt that there is any on OpenbSD. I searched 
 the manuals on OpenBSD.org for more, but found nothing more.
 Is there any PRI card supported on OpenBSD which I might have overlooked?
 

We will not support the zaptel interface. It is gross.
But I plan to do some work on this, it is just taking way longer than
expected.

-- 
:wq Claudio

Re: ISDN PRI cards on openbsd?

[Stuart Henderson]

On 2007/04/10 12:23, Sebastian Reitenbach wrote:
 does there exist any ISDN PRI card that is supported by OpenBSD and can be
 used with Asterisk?

No, you'll need something else to support physical lines -
maybe * on another OS, or some other type of gateway device
(e.g. vegastream, cisco, quintum etc).

Re: bcw(4) is gone

[Doug Brewer]

Reyk Floeter [EMAIL PROTECTED] wrote:

On Tue, Apr 10, 2007 at 12:19:29PM +0200, frantisek holop wrote:
 if someone is still reading the thread...


lalalala


Is it funny? Fuck off!!! lalalala

Re: carp, ospf can't see carp state

[Claudio Jeker]

On Mon, Apr 09, 2007 at 02:03:21PM -0400, Frangois Rousseau wrote:
 Hi Claudio,
 
 I have double check on my lab and everything work fine for the OSPF
 part, sorry for my mistake.
 
 But at the end, I'm still having the same problem: the server didn't
 know the right route.
 
 OSPF see all the route correctly but the system didn't seem to be
 updated.  If I do route show I only see the local route pointing
 directly to the CARP device instead of pointing to the other router.
 
 route show give me something like this when my cable is unplug from
 the carp interface:
 83.201.77/24link#10UC   0   0   -   carp1
 
 What do you think it can be?
 

ospfd will never overwrite already present routes (unless they have came
from bgpd). So the carp route can not be changed.
AFAIK you only get such a network if you are using a unnumbered parent
device. Could you try to give the parent interface an IP address out of
83.201.77/24 -- this should change the link local route to this network to
the real interface. This will solve the problem in case the box is BACKUP.
There is still a problem when you unplug the network. In this case packets
hitting that box will get dropped. This can only be fixed if the kernel
is able to change the RTF_UP flag depending on the link state.

-- 
:wq Claudio


 
 
 2007/4/7, Claudio Jeker [EMAIL PROTECTED]:
 On Sat, Apr 07, 2007 at 12:21:19PM -0400, Frangois Rousseau wrote:
  But how I'm suppose to annonce the route for the right carp interface?
  Right now my servers can always reach the router because of the CARP
  interface but the router can't always reach the servers...
 
  If I unplug the cable of my CARP interface (bge2 for example), all
  traffic from this router (directly from him or from my upstream
  provider) can't reach the servers because the router still have only 1
  route going directly to his bge2 interface (the interface with carp)
  and he have no clue of the MASTER interface.
 
  Maybe I'm worng  and OSPF is not the solution.
 
  What I try to do is to have a redundant gateway for my servers (CARP)
  and I want to have 2 upstreams provider with BGP (multihoming)
 
  I need a way for this 2 routers to talk to each other and share their
  internal routes to know how to reach both of the exit point (route
  to both upstream provider) and how to reach the MASTER interface of
  every CARP group.
 
  Any idea?
 
 
 If you are just running with two routers you don't need to use OSPF.
 Use CARP for the inside network, setup the upstream sessions on each
 router (perhaps even using depend on carp to fail over the sessions) and
 setup a IBGP session between the two routers -- best via a dedicated
 interface. Set set nexthop self on the IBGP sessions and you should be
 fine.
 
 --
 :wq Claudio

Re: how to configure bridge interface [WAS: snort any interface]

[Jeff Quast]

On 4/9/07, Soner Tari [EMAIL PROTECTED] wrote:


My physical interfaces are already configured and have their own IP
addresses. I need to assign different IPs to all 3 cards (LAN, WAN1,
WAN2). And here is what I run on the command line to create a bridge
interface (to use as a pseudo interface on snort command line for
monitoring):

ifconfig bridge0 create
brconfig bridge0 add vr0 add rl0 add nfe0 up

Am I not supposed to see the traffic on all of the physical interfaces
(vr0, fxp0, nfe0) using tcpdump on bridge0? (I've tried with pf disabled
too.)


It is my understanding that only one or none may have an IP. Give vr0
or any single iface an ip address. For each other nic, only activate
it using 'up':

ifconfig vr0 192.168.0.1 netmask 255.255.255.0 up # this is the primary NIC
ifconfig rl0 up # this could be what you are missing
ifconfig nfe0 up
ifconfig bridge0 create
brconfig bridge0 add vr0 add rl0 add nfe0 up

also maybe ifconfig bridge0 up -- 'up' goes in brconfig or ifconfig
or both? Not sure.

At this point, if you tcpdump on vr0, you should see the traffic on
rl0 and nfe0 as well. Any endpoint can connect to any NIC and see the
same 192.168.0.1 address, and reach any other PC connected to any of
the other two NIC's. I do this with my router, because the switch ran
out of ports :)


Perhaps this is not possible at all with bridge intefaces? If so, how do
I achieve such a monitoring interface? Any comments please?

Does each port on a switch have an IP, for instance?

Are you trying to make a transparent bridge? You have three NIC's
here, and you seem to have to need of an IP address.. ?

You should be able to assign no IP at all to vr0, and accomplish a
transparent bridge without pf involved, where as you can split a cable
in half, crimp each end, put them into each NIC, and you can see
everything inbetween. pf can start to block at this point.

I know nothing at all about the Snorter... Does it need to bind to an
IP? It shouldn't.

Re: ISDN PRI cards on openbsd?

[Sebastian Reitenbach]

Hi all,

Stuart Henderson [EMAIL PROTECTED] wrote: 
 On 2007/04/10 12:23, Sebastian Reitenbach wrote:
  does there exist any ISDN PRI card that is supported by OpenBSD and can 
be
  used with Asterisk?
 
 No, you'll need something else to support physical lines -
 maybe * on another OS, or some other type of gateway device
 (e.g. vegastream, cisco, quintum etc).
 
 
thanks a lot, Claudio too, for your answers, I just wanted to make sure that 
I did not missed anything. So I have to keep it for now it is, using Linux 
where I need physical lines, OpenBSD is used on the rest.


kind regards
Sebastian

OpenBSD 4.0 pfsync + pfflowd accuracy problem or incorrect config?

[Alexander Zatserkovniy]

Hi!

OpenBSD ... 4.0 GENERIC.MP#0 i386 (2x Xeon P4 ) is located after Cisco 
(7206VXR) .


Netflows from the Cisco and the Openbsd are collected on a collector 
(flow-tools).


I've got for the same hour for the same networks, from OpenBSD:
Total Flows : 59671
Total Octets: 3111418360
.
Average Kbits / second (flow)   : 419.2015
Average Kbits / second (real)   : 3319.2888

and from the Cisco:
Total Flows : 783739
Total Octets: 9246726494

Average Kbits / second (flow)   : 7958.4517
Average Kbits / second (real)   : 9864.4893

Three  times difference!!!
Data from  Cisco  corresponds  for the other sourses results ( SNMP 
counters,).


I've try different pf rulesets , in particular this:

pass in log (all) inet all keep state
pass out log (all) inet all keep state

but the problem still here. log (all) I need for other purposes.

Does anyone meet a  problem like this?

OpenBSD load:
# uptime
 load averages: 0.29, 0.43, 0.37

Thanks!
Alexander Zatserkovniy

Re: Serial Port Network

[Dan Farrell]

I agree with Marcus's comments... unless there's some reason you haven't
mentioned yet that's preventing you, you should likely get some 10Mbps
nic's.

The file xfer rate for anything of 'today's size' would take forever
over the serial connection... but remote management via the serial
connection would be fine (via tip)... especially if the boxes aren't
right next to each other to swap the kvm.


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Marcus Watts
Sent: Tuesday, April 10, 2007 1:19 AM
To: Don Smith
Cc: misc@openbsd.org
Subject: Re: Serial Port Network

Don Smith [EMAIL PROTECTED] writes:
 I have 2 older desktop computers (old Pentium 1 processors), ...

slip or ppp.  You won't be doing much file sharing this way though,
unless you're *very* patient.

usb doesn't do peer-peer networking, so I don't see what
good that does you.

You'd be *much* better off buying a brace of ethernet cards.
ISA - 10 megabits cards should be nearly free.  You'll also
have to score some thin-net cable and terminators.  Alternatively,
you can get twisted pair cards.  If you have PCI bus machines you
can do better, but that probably postdates your machines.

You probably don't need a console except for maintenance.
You can just swap monitors for that.  You could set up a serial
console  tip, but it's not worth it unless you have some other
reason you want it.  You probably don't want to run ppp on your
console port.

-Marcus

tftp-proxy without nat?

[Sebastian Reitenbach]

Hi,

I have an OpenBSD 4.0 firewall between two networks. The traffic between
these two is routed. when I take a look at the manual pages, then it looks
like the tftp-proxy only useful for connections that do NAT, where the 
client is in a private network, and the server has a public IP.


Without NAT, I will need sth. like this in the nat section:
   rdr-anchor tftp-proxy/*
   rdr on $int_if proto udp from $lan to any port tftp - \
   127.0.0.1 port 6969

and this in the filter section:
anchor tftp-proxy/*

but I do not know, how to allow the data packets, from the server to the
client to traverse the firewall. Is there a way to make it stateful
somehow?


kind regards
Sebastian
pass in on $

kind regards
Sebastian

Re: Serial Port Network

[Giancarlo Razzolini]

Marcus Watts escreveu:
 Don Smith [EMAIL PROTECTED] writes:
 I have 2 older desktop computers (old Pentium 1 processors), ...

I played with this some time ago. I managed to make communication beetwen:
linux(ppp server) - windows(client)
linux(server) - linux(client)
openbsd(client) - linux(server)
openbsd(server) - linux(client)

I followed a very good howto on tldp.org. To make it work on openbsd i
had to make some minor adaptations, like the devices not being ttyS0,
but cua0X, and so on. But expect very low rates. I managed to transfer
files between them, using ssh, at rates of 15Kb/s. I played also with
plip, but i don't know if there is something similar with it on openbsd.
 On linux - linux communication you can achieve higher rates than with
ppp. Be careful, with the setup on openbsd, cause you have 2 daemons:
the ppp(userland) and pppd(kernel). I only tested it with pppd. but it
should work with the ppp daemon also.

My regards,
--
Giancarlo Razzolini
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Ubuntu 6.10 Edgy Eft
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OpenBSD with RBAC?

[ericfurman]

On Mon, 9 Apr 2007 22:17:23 +0200, Joachim Schipper
[EMAIL PROTECTED] said:
 On Mon, Apr 09, 2007 at 02:46:32PM -0500, Lawal, Banji wrote:
  I was wondering if anyone out there has used OpenBSD with RBAC.  From 
  what I have found out so far RBAC is only deployed with FreeBSD.  If 
  anyone has any info about this please let me know. 
 
 You are right, that doesn't work on OpenBSD. You might be interested in
 systrace, though.

It would be nice if somebody was doing something like SeOS for OBSD,
though.
But,  I know, only so much time and so many developers and I don't code,
so I'll shut up now.

Re: est setperf core 2

[Gordon Willem Klok]

On Tue, Apr 10, 2007 at 11:19:50AM +0200, giovanni wrote:
 my laptop has a core 2 processor (T5500) but because my acpi dsdt
 lacks of PCT, PSS and PPC I can't use acpicpu for playing w/ setperf

The setperf mechanism is not MP safe hence why it was disabled, the case
of core duo 2 this might work because of shared registers dim@ or
someone more familiar with EST would have to comment on that, but in a
general case you will likely only change the speed of one cpu the
cpu that happened to handle the sysctl.

Note that it will look to you in userland like both cpus were changed
 because cpuspeed will be altered by EST but it may not be the case,
and frankly there is the potential for some nasty side effects.

There is an mp safe sysctl diff for i386 in some semblance of
completness but I will likely not be finished till after I finish exams
(early may)

gwk

Re: how to view Ethernet frame CRC errors

[Dan Farrell]

Another shot--- Anyone know how to see L2 CRC errors on an Ethernet
interface?

Thanks,

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Dan Farrell
Sent: Monday, April 09, 2007 11:02 AM
To: misc@openbsd.org
Subject: how to view Ethernet frame CRC errors

Hello,

I'm looking for a way to view L2 frame CRC errors on an interface. I've
scoured netstat, but found nothing (from what I've known of it it's all
Layer 3 anyway).

I googled and came up rather empty (FCS error openBSD, ethernet frame
CRC errors openbsd, etc.) .

The purpose for this is to deduce duplex-mismatch problems on Fast
Ethernet interfaces where you only have visibility/control over one side
of the Ethernet connection.

If there is no way to specifically view counters like this are there
other counters (or a combination of counters) I can look to that would
definitively show a duplex-mismatch situation (as in no false-positives)
? I know there are error counters in netstat -i but are those always
going to mean there is a duplex mismatch problem (it just seems there's
a lack of detail there so those errors could result from a variety of
issues)? Is there anything to be gleaned from a netstat -s to show
this also?


I appreciate any suggestions,


Dan Farrell
Applied Innovations Corp.
[EMAIL PROTECTED]

Beep!

[Manuel Ravasio]

Hello list.

I have a small, trivial task I can't accomplish and I'm sure you guys can
help me in a second.
I'm creating some shell scripts for various administrative purposes, and I'd
really like to add some kind of command at the end of each in order to have
the pc speaker BEEP when the script is over.

Is there a way to do so on OpenBSD 4.0/i386?
I've shuffled through MISC archives and FAQs, but I found nothing relevant...


Thank you all,
byee,
Manuel


   

Don't get soaked.  Take a quick peak at the forecast
with the Yahoo! Search weather shortcut.
http://tools.search.yahoo.com/shortcuts/#loc_weather

Re: how to view Ethernet frame CRC errors

[Alex Thurlow]

I haven't used it on OpenBSD, but on linux, ethtool can give you a good 
bit of information on an ethernet connection. 


   -Alex

Dan Farrell wrote:

Another shot--- Anyone know how to see L2 CRC errors on an Ethernet
interface?

Thanks,

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Dan Farrell
Sent: Monday, April 09, 2007 11:02 AM
To: misc@openbsd.org
Subject: how to view Ethernet frame CRC errors

Hello,

I'm looking for a way to view L2 frame CRC errors on an interface. I've
scoured netstat, but found nothing (from what I've known of it it's all
Layer 3 anyway).

I googled and came up rather empty (FCS error openBSD, ethernet frame
CRC errors openbsd, etc.) .

The purpose for this is to deduce duplex-mismatch problems on Fast
Ethernet interfaces where you only have visibility/control over one side
of the Ethernet connection.

If there is no way to specifically view counters like this are there
other counters (or a combination of counters) I can look to that would
definitively show a duplex-mismatch situation (as in no false-positives)
? I know there are error counters in netstat -i but are those always
going to mean there is a duplex mismatch problem (it just seems there's
a lack of detail there so those errors could result from a variety of
issues)? Is there anything to be gleaned from a netstat -s to show
this also?


I appreciate any suggestions,


Dan Farrell
Applied Innovations Corp.
[EMAIL PROTECTED]

Re: Beep!

[Tim Kuhlman]

printf \a

For more info man printf

Tim

On Tuesday 10 April 2007 8:53 am, Manuel Ravasio wrote:
 Hello list.

 I have a small, trivial task I can't accomplish and I'm sure you guys can
 help me in a second.
 I'm creating some shell scripts for various administrative purposes, and
 I'd really like to add some kind of command at the end of each in order to
 have the pc speaker BEEP when the script is over.

 Is there a way to do so on OpenBSD 4.0/i386?
 I've shuffled through MISC archives and FAQs, but I found nothing
 relevant...


 Thank you all,
 byee,
 Manuel



 ___
_ Don't get soaked.  Take a quick peak at the forecast
 with the Yahoo! Search weather shortcut.
 http://tools.search.yahoo.com/shortcuts/#loc_weather

-- 
Tim Kuhlman
Network Administrator
ColoradoVnet.com

Re: how to view Ethernet frame CRC errors

[Dan Farrell]

If I'm not mistaken ethtool is not written for OBSD.

danno

-Original Message-
From: Alex Thurlow [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 10, 2007 11:59 AM
To: Dan Farrell
Cc: misc@openbsd.org
Subject: Re: how to view Ethernet frame CRC errors

I haven't used it on OpenBSD, but on linux, ethtool can give you a good
bit of information on an ethernet connection.

-Alex

Dan Farrell wrote:
 Another shot--- Anyone know how to see L2 CRC errors on an Ethernet
 interface?

 Thanks,

 danno

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
 Of Dan Farrell
 Sent: Monday, April 09, 2007 11:02 AM
 To: misc@openbsd.org
 Subject: how to view Ethernet frame CRC errors

 Hello,

 I'm looking for a way to view L2 frame CRC errors on an interface.
I've
 scoured netstat, but found nothing (from what I've known of it it's
all
 Layer 3 anyway).

 I googled and came up rather empty (FCS error openBSD, ethernet
frame
 CRC errors openbsd, etc.) .

 The purpose for this is to deduce duplex-mismatch problems on Fast
 Ethernet interfaces where you only have visibility/control over one
side
 of the Ethernet connection.

 If there is no way to specifically view counters like this are there
 other counters (or a combination of counters) I can look to that would
 definitively show a duplex-mismatch situation (as in no
false-positives)
 ? I know there are error counters in netstat -i but are those always
 going to mean there is a duplex mismatch problem (it just seems
there's
 a lack of detail there so those errors could result from a variety of
 issues)? Is there anything to be gleaned from a netstat -s to show
 this also?


 I appreciate any suggestions,


 Dan Farrell
 Applied Innovations Corp.
 [EMAIL PROTECTED]

Re: Beep!

[Andreas Kahari]

Print a bell character, e.g. print \\a in ksh.  Use xset b on if
the bell has been turned off via xset b off.

Regards,
Andreas

On 10/04/07, Manuel Ravasio [EMAIL PROTECTED] wrote:

Hello list.

I have a small, trivial task I can't accomplish and I'm sure you guys can
help me in a second.
I'm creating some shell scripts for various administrative purposes, and I'd
really like to add some kind of command at the end of each in order to have
the pc speaker BEEP when the script is over.

Is there a way to do so on OpenBSD 4.0/i386?
I've shuffled through MISC archives and FAQs, but I found nothing relevant...


Thank you all,
byee,
Manuel




Don't get soaked.  Take a quick peak at the forecast
with the Yahoo! Search weather shortcut.
http://tools.search.yahoo.com/shortcuts/#loc_weather





--
Andreas Kahari
Somewhere in the general Cambridge area, UK

Re: Beep!

[Ryan Corder]

On Tue, 2007-04-10 at 07:53 -0700, Manuel Ravasio wrote:
 I'm creating some shell scripts for various administrative purposes, and
I'd
 really like to add some kind of command at the end of each in order to have
 the pc speaker BEEP when the script is over.

\b


--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Beep!

[Nick !]

On 4/10/07, Manuel Ravasio [EMAIL PROTECTED] wrote:

I'm creating some shell scripts for various administrative purposes, and I'd
really like to add some kind of command at the end of each in order to have
the pc speaker BEEP when the script is over.


It depends on your terminal, but you can probably just use the ASCII
bel character. That is, add a command like:
echo -n \007

(note: untested, not near a unix).

-Nick

Re: Beep!

[Reyk Floeter]

On Tue, Apr 10, 2007 at 07:53:23AM -0700, Manuel Ravasio wrote:
 Hello list.
 
 I have a small, trivial task I can't accomplish and I'm sure you guys can
 help me in a second.
 I'm creating some shell scripts for various administrative purposes, and I'd
 really like to add some kind of command at the end of each in order to have
 the pc speaker BEEP when the script is over.
 
 Is there a way to do so on OpenBSD 4.0/i386?
 I've shuffled through MISC archives and FAQs, but I found nothing relevant...
 
 

man speaker(4)

for example,
# echo 'CDEFGAHOC'  /dev/speaker

reyk

Binary kernel updates

[Rico Secada]

Hi all.

I have noticed that the OpenBSD team puts a lot of emphasis on using binary 
packets rather than building from ports, which I think IMHO is good, but why is 
it that there is no binary kernel updates, rather than patching the kernel from 
source?

I am asking this not from a point that we find this difficult, rather in 
OpenBSD its really easy. But sometimes its very time consuming, and yes there 
exists binpatch and other solutions, but why isn't there an official OpenBSD 
way?

Last week management decided to go back to using Debian on some of our servers 
due to them being easy to upgrade including kernel and basesystem upgrades. 

OpenBSD has really made a cool solution with pkg_add -u, but why not kernel and 
basesystem binary updates as well? 

Best and kind regards.

Rico

OpenBGPd + pf + pf tables.

[Xavier Beaudouin]

Hello,

I receive several subnet with OpenBGPd and I add them into a pf table like 
this :


pf.conf (extract)
table bgp { 172.31.0.0/24, 10.0.1.1 }

bgpd.conf (extract)
AS 65530

holdtime 180
holdtime min 3
fib-update no
listen on xxx.xxx.xxx.150


neighbor xxx.xxx.xxx.xxx {
 descr routeurs
 announce none
 remote-as 35189
}


deny quick from any prefix 0.0.0.0/0
allow from any prefixlen 8 - 24
allow from any set pftable bgp


The problem I have is if I have a subnet removed from bgp (eg my AS35189 
neighbor) it is not removed from pf table bgp.


Do you have an little idea to do this automaticaly ?

Thanks !

/Xavier

Re: how to view Ethernet frame CRC errors

[Claudio Jeker]

On Tue, Apr 10, 2007 at 11:39:18AM -0400, Dan Farrell wrote:
 Another shot--- Anyone know how to see L2 CRC errors on an Ethernet
 interface?
 

The best thing you get is Ierrs and Colls from netstat -i output. This
should include the CRC errors. OpenBSD does not account L2 CRC errors in a
seprarate counter -- on some cards it is hard to get that info.

Almost all Ierrs are HW related (DMA errors, CRC errors, short frames,
oversized frames, jadda jadda jadda).
For duplex missmatch issues the input error counter and the collision
counter are good indicators.
-- 
:wq Claudio


 Thanks,
 
 danno
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
 Of Dan Farrell
 Sent: Monday, April 09, 2007 11:02 AM
 To: misc@openbsd.org
 Subject: how to view Ethernet frame CRC errors
 
 Hello,
 
 I'm looking for a way to view L2 frame CRC errors on an interface. I've
 scoured netstat, but found nothing (from what I've known of it it's all
 Layer 3 anyway).
 
 I googled and came up rather empty (FCS error openBSD, ethernet frame
 CRC errors openbsd, etc.) .
 
 The purpose for this is to deduce duplex-mismatch problems on Fast
 Ethernet interfaces where you only have visibility/control over one side
 of the Ethernet connection.
 
 If there is no way to specifically view counters like this are there
 other counters (or a combination of counters) I can look to that would
 definitively show a duplex-mismatch situation (as in no false-positives)
 ? I know there are error counters in netstat -i but are those always
 going to mean there is a duplex mismatch problem (it just seems there's
 a lack of detail there so those errors could result from a variety of
 issues)? Is there anything to be gleaned from a netstat -s to show
 this also?
 
 
 I appreciate any suggestions,
 
 
 Dan Farrell
 Applied Innovations Corp.
 [EMAIL PROTECTED]

Re: Beep!

[Chris Black]

Manuel Ravasio wrote:
 Hello list.

 snip
 I'm creating some shell scripts for various administrative purposes, and I'd
 really like to add some kind of command at the end of each in order to have
 the pc speaker BEEP when the script is over.
   
snip

I usually use:
echo -ne '\a'

Best,
Chris

Re: Beep!

[Almir Karic]

On 4/10/07, Ryan Corder [EMAIL PROTECTED] wrote:

On Tue, 2007-04-10 at 07:53 -0700, Manuel Ravasio wrote:
 I'm creating some shell scripts for various administrative purposes, and
I'd
 really like to add some kind of command at the end of each in order to have
 the pc speaker BEEP when the script is over.

\b


isn't \b a backspace?

--
almir

Re: Binary kernel updates

[Bryan]

Why post twice?  Sending it as different person within 24 hours of one
another is not going to get what you want...  A couple of people gave
you solutions, choose one, or move to Linux...

Remember this???



[EMAIL PROTECTED] [EMAIL PROTECTED]
to  misc@openbsd.org
dateApr 9, 2007 4:43 PM 
subject Binary kernel and base update   
mailed-by   openbsd.org

Hi all.

I have noticed that the OpenBSD team puts a lot of emphasis on using binary
packets rather than building from ports, which I think IMHO is good, but why
is it that there is no binary kernel updates, rather than patching the kernel
from source?

I am asking this not from a point that we find this difficult, rather in
OpenBSD its really easy. But sometimes its very time consuming, and yes there
exists binpatch and other solutions, but why isn't there an official
OpenBSD way?

Last week management decided to go back to using Debian on some of our servers
due to them being easy to upgrade including kernel and basesystem upgrades.

OpenBSD has really made a cool solution with pkg_add -u, but why not kernel
and basesystem binary updates as well?

Best and kind regards.

Rico

On 4/9/07, Rico Secada [EMAIL PROTECTED] wrote:

Hi all.

I have noticed that the OpenBSD team puts a lot of emphasis on using binary 
packets rather than building from ports, which I think IMHO is good, but why is 
it that there is no binary kernel updates, rather than patching the kernel from 
source?

I am asking this not from a point that we find this difficult, rather in 
OpenBSD its really easy. But sometimes its very time consuming, and yes there 
exists binpatch and other solutions, but why isn't there an official OpenBSD 
way?

Last week management decided to go back to using Debian on some of our servers 
due to them being easy to upgrade including kernel and basesystem upgrades.

OpenBSD has really made a cool solution with pkg_add -u, but why not kernel and 
basesystem binary updates as well?

Best and kind regards.

Rico

Re: Binary kernel updates

[Nico Meijer]

Hey Rico,

 Last week management decided to go back to using Debian on some of our
 servers due to them being easy to upgrade including kernel and
 basesystem upgrades. 

You must be joking.

 OpenBSD has really made a cool solution with pkg_add -u, but why not
 kernel and basesystem binary updates as well? 

`man release` once more.

Be well and good luck with your management... Nico

Re: Beep!

[Stefan Sperling]

On Tue, Apr 10, 2007 at 06:16:55PM +0200, Reyk Floeter wrote:
 man speaker(4)

 for example,
 # echo 'CDEFGAHOC'  /dev/speaker

cat /bsd  /dev/speaker is fun, too, especially if you're
into weird electronic music ;-)
--
stefan
http://stsp.name PGP Key: 0xF59D25F0

Re: Beep!

[Tom Van Looy]

great man, thanks :-)
the echo \a etc. never worked with me

I replaced echo '.' in /etc/rc.local with echo 'C'  /dev/speaker
so now I know when my headless server is ready booting up



Reyk Floeter wrote:
 On Tue, Apr 10, 2007 at 07:53:23AM -0700, Manuel Ravasio wrote:
 Hello list.

 I have a small, trivial task I can't accomplish and I'm sure you guys can
 help me in a second.
 I'm creating some shell scripts for various administrative purposes, and I'd
 really like to add some kind of command at the end of each in order to have
 the pc speaker BEEP when the script is over.

 Is there a way to do so on OpenBSD 4.0/i386?
 I've shuffled through MISC archives and FAQs, but I found nothing relevant...


 
 man speaker(4)
 
 for example,
 # echo 'CDEFGAHOC'  /dev/speaker
 
 reyk

Re: Binary kernel updates

[Daniel Ouellet]

Hey Rico,


Last week management decided to go back to using Debian on some of our
servers due to them being easy to upgrade including kernel and
basesystem upgrades. 


I guess management is the one maintaining the servers were you work 
then, or you told them it was to hard, so you get what you asked for.

Re: Beep!

[Ryan Corder]

On Tue, 2007-04-10 at 18:52 +0200, Almir Karic wrote:
 isn't \b a backspace?

oh yeah, oops.  meant to say \a I guess

--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Binary kernel updates

[Jeremy Huiskamp]

If you'd bothered to inspect the headers you would have noticed that  
the below message was sent before the one that has many replies but  
it didn't arrive until about 20 hours after it was sent. Probably  
stuck in the pipes somewhere, that seems to happen with misc@ alot.   
Rico probably figured it was lost and so he sent another which is  
fairly reasonable.


Jeremy

On 10-Apr-07, at 12:44 PM, Bryan wrote:


Why post twice?  Sending it as different person within 24 hours of one
another is not going to get what you want...  A couple of people gave
you solutions, choose one, or move to Linux...

Remember this???
[EMAIL PROTECTED] [EMAIL PROTECTED]
to  misc@openbsd.org
dateApr 9, 2007 4:43 PM 
subject Binary kernel and base update   
mailed-by   openbsd.org

Hi all.

I have noticed that the OpenBSD team puts a lot of emphasis on  
using binary
packets rather than building from ports, which I think IMHO is  
good, but why
is it that there is no binary kernel updates, rather than patching  
the kernel

from source?

I am asking this not from a point that we find this difficult,  
rather in
OpenBSD its really easy. But sometimes its very time consuming, and  
yes there

exists binpatch and other solutions, but why isn't there an official
OpenBSD way?

Last week management decided to go back to using Debian on some of  
our servers
due to them being easy to upgrade including kernel and basesystem  
upgrades.


OpenBSD has really made a cool solution with pkg_add -u, but why  
not kernel

and basesystem binary updates as well?

Best and kind regards.

Rico

On 4/9/07, Rico Secada [EMAIL PROTECTED] wrote:

Hi all.

I have noticed that the OpenBSD team puts a lot of emphasis on  
using binary packets rather than building from ports, which I  
think IMHO is good, but why is it that there is no binary kernel  
updates, rather than patching the kernel from source?


I am asking this not from a point that we find this difficult,  
rather in OpenBSD its really easy. But sometimes its very time  
consuming, and yes there exists binpatch and other solutions, but  
why isn't there an official OpenBSD way?


Last week management decided to go back to using Debian on some of  
our servers due to them being easy to upgrade including kernel and  
basesystem upgrades.


OpenBSD has really made a cool solution with pkg_add -u, but why  
not kernel and basesystem binary updates as well?


Best and kind regards.

Rico

Re: how to view Ethernet frame CRC errors

[Dan Farrell]

Thank-you very much!

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Claudio Jeker
Sent: Tuesday, April 10, 2007 12:32 PM
To: misc@openbsd.org
Subject: Re: how to view Ethernet frame CRC errors

On Tue, Apr 10, 2007 at 11:39:18AM -0400, Dan Farrell wrote:
 Another shot--- Anyone know how to see L2 CRC errors on an Ethernet
 interface?


The best thing you get is Ierrs and Colls from netstat -i output. This
should include the CRC errors. OpenBSD does not account L2 CRC errors in
a
seprarate counter -- on some cards it is hard to get that info.

Almost all Ierrs are HW related (DMA errors, CRC errors, short frames,
oversized frames, jadda jadda jadda).
For duplex missmatch issues the input error counter and the collision
counter are good indicators.
--
:wq Claudio


 Thanks,

 danno

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
 Of Dan Farrell
 Sent: Monday, April 09, 2007 11:02 AM
 To: misc@openbsd.org
 Subject: how to view Ethernet frame CRC errors

 Hello,

 I'm looking for a way to view L2 frame CRC errors on an interface.
I've
 scoured netstat, but found nothing (from what I've known of it it's
all
 Layer 3 anyway).

 I googled and came up rather empty (FCS error openBSD, ethernet
frame
 CRC errors openbsd, etc.) .

 The purpose for this is to deduce duplex-mismatch problems on Fast
 Ethernet interfaces where you only have visibility/control over one
side
 of the Ethernet connection.

 If there is no way to specifically view counters like this are there
 other counters (or a combination of counters) I can look to that would
 definitively show a duplex-mismatch situation (as in no
false-positives)
 ? I know there are error counters in netstat -i but are those always
 going to mean there is a duplex mismatch problem (it just seems
there's
 a lack of detail there so those errors could result from a variety of
 issues)? Is there anything to be gleaned from a netstat -s to show
 this also?


 I appreciate any suggestions,


 Dan Farrell
 Applied Innovations Corp.
 [EMAIL PROTECTED]

FTP/ftp-proxy/pf issue.

[Steve Mertz]

Hio.

I'm trying to setup a firewall that allows FTP in to a server that is 
NATd on the other side.  But that only allows access from one address 
outside the firewall.


Something like:

Machine - Internet - Firewall/NAT - FTP server

I realize I need to use ftp-proxy to get through the NAT part of the 
firewall, but I'm not having much luck with it so far.


Here is what I have:
/usr/sbin/ftp-proxy -R 10.10.11.10

pf.conf:

$dev_addr = machine that has access to ftp to this server.
$proxy_addr = 127.0.0.1


nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $wan_if proto tcp from $dev_addr to $wan_if port ftp - 
$proxy_addr port 8021


block in all
block out all
anchor ftp-proxy/*
pass in proto tcp from $proxy_addr to any port 21 keep state

When I try to FTP from the allowed machine I get:
Connected to ftp-server
421 Service not available, remote server has closed connection

Any help on this would be appreciated.

If you need any more info please let me know.
Thanks,
-- Steve

Re: Redirect traffic through VPN

[Matiss Miglans]

Dag Richards wrote:

Matiss Miglans wrote:

Hi good people !
I need to make connection from server witch is in LAN1 to server 
witch is in LAN3.
And I need to make another connection from that same server witch is 
in LAN3 to that same server witch is in LAN1.
There is 3 different company Ethernets, and I need to make this 
connection trough my company. There is no way to make direct VPN from 
LAN1 to LAN3 - Business etc.


|---LAN1-| |OpenBSD--|  
|--LAN2--|
|-10.210.1.0/24--|---|--Router/pf/vpn--||-192.168.0.0/24-| 

|| |-|  
||

 |
 | VPN IPsec over public Internet.
 |
|---LAN3--||---Netscreen 5xt---|
|-192.168.30.0/29-|--|---Router/pf/vpn---|
|-||---|

This VPN is from LAN2 to LAN3

I will make nat,rdr or binat, because I can't give direct access. I 
need to control what, where and how can connect.

I tried to make redirect like this:
rdr from 10.210.1.2 to 10.210.1.1 - 192.168.30.1
But, OpenBSD box, cant see the LAN3 network, or Nestcreen box 
internal IP. - I tried ping, telnet, ssh etc.

Of course I can see that all, if i connect from LAN2 or LAN3.

How can I see this server in LAN3 from OpenBSD box ?
Or maybe there is better way to do that ?

In my pf.conf is no deny rulle
There is my ipsec.conf:
ike esp from 192.168.0.0/24 to 192.168.30.0/29  \
   local x.x.x.x peer x.x.x.x  \
   main auth hmac-md5 enc 3des  \
   quick auth hmac-md5 enc 3des  \
   psk xxx

This is OpenBSD snapshot from 2007.26. Jan. (or something that way).

Best regards
Matiss


So you have working VPN from LAN2 to LAN# and reverse?
You can not NAT on the same box you run ipsec on ...
Nat is applied first, then a routing decision is made and if your ip 
addr are outside your encryption 'domain' your traffic will not 
traverse the tunnel.



Are LAN1 and LAN2 really hosted off the same firewall?
If so then the statement no  no VPN between LAN1 and LAN3 is silly.

In the layout as described you need to setup a VPN from LAN1 to LAN3.
You could possibly introduce an additional firewall to do nating prior 
to VPN but that would be again silly.



Yes, this VPN from LAN2 to LAN3 works great !
There is three company's, and I need to make this connection trought my 
company. The idea is that, I can make changes in connection when I need. 
I can control that all.
There is no way to make VPN from LAN1 to LAN3 - of course I too, will 
amke there VPN, but...


Normaly there is route that shows external interface and IP as a 
gateway, I changed that to the 192.168.0.1 and now I can ping, ssh, etc 
to the LAN3 froum this OpenBSD box. But anyway I cant forward/binat to 
the LAN3


I tried to set up one old Celeron box with OpenBSD, that do only port 
forwarding from LAN1 to LAN3 and reverse.

This box is in LAN1 and LAN2, thei make port forvarding like this:
rdr on fxp1 from 10.210.1.215 to 10.210.1.216 - 192.168.30.2
That all works great. But thats not that what I will make. I will make 
that on one box, becaus this is very old box, and I do not now, when 
they can die.



I don't understand, if I can see this network from router, why I can't 
forward traffic to this network ?!



Best regards
Matiss

Re: Binary kernel updates

[Bryan]

I am exceedingly sorry.  I realize now that it was not Rico's fault.
My venom was uncalled for...

Again, sorry Rico, et al...

back to the shadows...

On 4/10/07, Jeremy Huiskamp [EMAIL PROTECTED] wrote:

If you'd bothered to inspect the headers you would have noticed that
the below message was sent before the one that has many replies but
it didn't arrive until about 20 hours after it was sent. Probably
stuck in the pipes somewhere, that seems to happen with misc@ alot.
Rico probably figured it was lost and so he sent another which is
fairly reasonable.

Jeremy

On 10-Apr-07, at 12:44 PM, Bryan wrote:

 Why post twice?  Sending it as different person within 24 hours of one
 another is not going to get what you want...  A couple of people gave
 you solutions, choose one, or move to Linux...

 Remember this???
 [EMAIL PROTECTED] [EMAIL PROTECTED]
 tomisc@openbsd.org
 date  Apr 9, 2007 4:43 PM
 subject   Binary kernel and base update
 mailed-by openbsd.org

 Hi all.

 I have noticed that the OpenBSD team puts a lot of emphasis on
 using binary
 packets rather than building from ports, which I think IMHO is
 good, but why
 is it that there is no binary kernel updates, rather than patching
 the kernel
 from source?

 I am asking this not from a point that we find this difficult,
 rather in
 OpenBSD its really easy. But sometimes its very time consuming, and
 yes there
 exists binpatch and other solutions, but why isn't there an official
 OpenBSD way?

 Last week management decided to go back to using Debian on some of
 our servers
 due to them being easy to upgrade including kernel and basesystem
 upgrades.

 OpenBSD has really made a cool solution with pkg_add -u, but why
 not kernel
 and basesystem binary updates as well?

 Best and kind regards.

 Rico

 On 4/9/07, Rico Secada [EMAIL PROTECTED] wrote:
 Hi all.

 I have noticed that the OpenBSD team puts a lot of emphasis on
 using binary packets rather than building from ports, which I
 think IMHO is good, but why is it that there is no binary kernel
 updates, rather than patching the kernel from source?

 I am asking this not from a point that we find this difficult,
 rather in OpenBSD its really easy. But sometimes its very time
 consuming, and yes there exists binpatch and other solutions, but
 why isn't there an official OpenBSD way?

 Last week management decided to go back to using Debian on some of
 our servers due to them being easy to upgrade including kernel and
 basesystem upgrades.

 OpenBSD has really made a cool solution with pkg_add -u, but why
 not kernel and basesystem binary updates as well?

 Best and kind regards.

 Rico

Re: FTP/ftp-proxy/pf issue.

[Camiel Dobbelaar]

On Tue, 10 Apr 2007, Steve Mertz wrote:
 I'm trying to setup a firewall that allows FTP in to a server that is NATd on
 the other side.  But that only allows access from one address outside the
 firewall.
 
 Something like:
 
 Machine - Internet - Firewall/NAT - FTP server
 
 I realize I need to use ftp-proxy to get through the NAT part of the firewall,
 but I'm not having much luck with it so far.
 
 Here is what I have:
 /usr/sbin/ftp-proxy -R 10.10.11.10
 
 pf.conf:
 
 $dev_addr = machine that has access to ftp to this server.
 $proxy_addr = 127.0.0.1
 
 
 nat-anchor ftp-proxy/*
 rdr-anchor ftp-proxy/*
 rdr pass on $wan_if proto tcp from $dev_addr to $wan_if port ftp -
 $proxy_addr port 8021
 
 block in all
 block out all
 anchor ftp-proxy/*
 pass in proto tcp from $proxy_addr to any port 21 keep state

This last rule is the problem.

You need to pass _out_ from the firewall, and not using the 
127.0.0.1 address, but the address that the kernel will pick for the 
connection to the server (10.10.11.1?).

Or you can try this:
pass out proto tcp from any to port 21 keep state user proxy


--
Cam

Re: tftp-proxy without nat?

[Joachim Schipper]

On Tue, Apr 10, 2007 at 04:41:04PM +0200, Sebastian Reitenbach wrote:
 Hi,
 
 I have an OpenBSD 4.0 firewall between two networks. The traffic between
 these two is routed. when I take a look at the manual pages, then it looks
 like the tftp-proxy only useful for connections that do NAT, where the 
 client is in a private network, and the server has a public IP.
 
 
 Without NAT, I will need sth. like this in the nat section:
rdr-anchor tftp-proxy/*
rdr on $int_if proto udp from $lan to any port tftp - \
127.0.0.1 port 6969
 
 and this in the filter section:
 anchor tftp-proxy/*
 
 but I do not know, how to allow the data packets, from the server to the
 client to traverse the firewall. Is there a way to make it stateful
 somehow?

Unless I am sorely mistaken, TFTP uses standard UDP traffic. Just allow
that through the firewall (pass from $lan to $tftp_server port tftp keep
state).

-- 
TFMotD: ioprbs (4) - I2O SCSI RAID controller

Re: Redirect traffic through VPN

[Matiss Miglans]

rc wrote:

On 4/5/07, Dag Richards [EMAIL PROTECTED] wrote:

Matiss Miglans wrote:
 Hi good people !
 I need to make connection from server witch is in LAN1 to server witch
 is in LAN3.
 And I need to make another connection from that same server witch 
is in

 LAN3 to that same server witch is in LAN1.
 There is 3 different company Ethernets, and I need to make this
 connection trough my company. There is no way to make direct VPN from
 LAN1 to LAN3 - Business etc.

 |---LAN1-| |OpenBSD--|  
|--LAN2--|
 
|-10.210.1.0/24--|---|--Router/pf/vpn--||-192.168.0.0/24-| 

 || |-|  
||

  |
  | VPN IPsec over public Internet.
  |
 |---LAN3--||---Netscreen 5xt---|
 |-192.168.30.0/29-|--|---Router/pf/vpn---|
 |-||---|

 This VPN is from LAN2 to LAN3

 I will make nat,rdr or binat, because I can't give direct access. I 
need

 to control what, where and how can connect.
 I tried to make redirect like this:
 rdr from 10.210.1.2 to 10.210.1.1 - 192.168.30.1
 But, OpenBSD box, cant see the LAN3 network, or Nestcreen box internal
 IP. - I tried ping, telnet, ssh etc.
 Of course I can see that all, if i connect from LAN2 or LAN3.

 How can I see this server in LAN3 from OpenBSD box ?
 Or maybe there is better way to do that ?

 In my pf.conf is no deny rulle
 There is my ipsec.conf:
 ike esp from 192.168.0.0/24 to 192.168.30.0/29  \
local x.x.x.x peer x.x.x.x  \
main auth hmac-md5 enc 3des  \
quick auth hmac-md5 enc 3des  \
psk xxx

 This is OpenBSD snapshot from 2007.26. Jan. (or something that way).

 Best regards
 Matiss

So you have working VPN from LAN2 to LAN# and reverse?
You can not NAT on the same box you run ipsec on ...
Nat is applied first, then a routing decision is made and if your ip
addr are outside your encryption 'domain' your traffic will not traverse
the tunnel.


Are LAN1 and LAN2 really hosted off the same firewall?
If so then the statement no  no VPN between LAN1 and LAN3 is silly.

In the layout as described you need to setup a VPN from LAN1 to LAN3.
You could possibly introduce an additional firewall to do nating prior
to VPN but that would be again silly.




Matiss,

There are three ways that you can connect to the servers:

1.  VPN (IPSEC)
2.  1 to 1 NAT (bidirectional NAT).  Opened to the world, if not
properly firewalled.  This will have to be done on both sides.
3.  Port forwarding (redirection with pf)  Opened to the world, if not
properly firewalled.  This will have to be done on both sides.
1. There is no way to make VPN from LAN1 to LAN3 - I'm also angry for 
that...
2. and 3. I tried - I have no idea how to make that trought VPN. 
Forwarding traffic over public Internet- I can firewall what I will, if 
this is non-crypted trafiic, that tis is not secure. .




I would choose 1. because the traffic is going to be encrypted going
over the Internet and still behind your firewall and NAT without being
opened to the world.

I tried to make redirect like this:
rdr from 10.210.1.2 to 10.210.1.1 - 192.168.30.1

Implemented incorrectly:  http://www.openbsd.org/faq/pf/rdr.html
or if you want binat:  http://www.openbsd.org/faq/pf/nat.html#binat

I have read this FAQ's
I dont understand what are implemented incorrectly ?! If i try this on 
separated OpenBSD box, then that works great !

rdr on fxp1 from 10.210.1.215 to 10.210.1.216 - 192.168.30.2

You can not NAT on the same box you run ipsec on ...
Nat is applied first, then a routing decision is made and if your ip
addr are outside your encryption 'domain' your traffic will not traverse
the tunnel.

From my experience, this is not correct.  You can have NAT and IPSEC
running on the same box.  IPSEC takes precedence over NAT and routing.
Of course, NAT over routing.

rc

Do you have NAT over IPSEC or you have NAT and IPSEC on one box ?
I have no Idea where to search - i tried google, but nothing useful.

Best Regards
Matiss

Re: FTP/ftp-proxy/pf issue.

[Steve Mertz]

Son of a

Thanks Camiel.  I changed $proxy_addr to $lan_if and it started working.

-- Steve

Camiel Dobbelaar wrote:

On Tue, 10 Apr 2007, Steve Mertz wrote:
  

I'm trying to setup a firewall that allows FTP in to a server that is NATd on
the other side.  But that only allows access from one address outside the
firewall.

Something like:

Machine - Internet - Firewall/NAT - FTP server

I realize I need to use ftp-proxy to get through the NAT part of the firewall,
but I'm not having much luck with it so far.

Here is what I have:
/usr/sbin/ftp-proxy -R 10.10.11.10

pf.conf:

$dev_addr = machine that has access to ftp to this server.
$proxy_addr = 127.0.0.1


nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $wan_if proto tcp from $dev_addr to $wan_if port ftp -
$proxy_addr port 8021

block in all
block out all
anchor ftp-proxy/*
pass in proto tcp from $proxy_addr to any port 21 keep state



This last rule is the problem.

You need to pass _out_ from the firewall, and not using the 
127.0.0.1 address, but the address that the kernel will pick for the 
connection to the server (10.10.11.1?).


Or you can try this:
pass out proto tcp from any to port 21 keep state user proxy


--
Cam

Re: OpenBSD with RBAC?

[Joachim Schipper]

On Tue, Apr 10, 2007 at 11:03:09AM -0400, [EMAIL PROTECTED] wrote:
 On Mon, 9 Apr 2007 22:17:23 +0200, Joachim Schipper
 [EMAIL PROTECTED] said:
  On Mon, Apr 09, 2007 at 02:46:32PM -0500, Lawal, Banji wrote:
   I was wondering if anyone out there has used OpenBSD with RBAC.  From 
   what I have found out so far RBAC is only deployed with FreeBSD.  If 
   anyone has any info about this please let me know. 
  
  You are right, that doesn't work on OpenBSD. You might be interested in
  systrace, though.
 
 It would be nice if somebody was doing something like SeOS for OBSD,
 though.
 But,  I know, only so much time and so many developers and I don't code,
 so I'll shut up now.

I didn't spend more than a few minutes with Google, which wasn't
terribly helpful (if I want search engine optimization, I'll just open
my spam folder thankyouvermuch) but it appears my 'systrace' comment is
right on. Really, do try. There's even a Linux version nowadays (though
last I checked, there were some bugs still being worked out).

You *will* want to know a thing or two about system calls, but that's
almost inevitable. Xsystrace(1) or its command-line version isn't
terribly pretty, but does work very well for quickly defining a policy.

Joachim

-- 
PotD: x11/x11vnc - VNC server for real X displays

Re: BSD thin client

[Neil E. Sprinlan]

On january, 27, Reiner Jung wrote:
 In the next 2 weeks, a free NX client will be released which is runs on
 OpenBSD without Linux emulation. All closed source parts from Nomachine
 client are rewritten. As there are some parts from original Nomachine
 client was used, it will be released under the GPL

May I ask you if this is now available ? Thanks.


-+-neil-+-

Re: Beep!

[Stuart Henderson]

On 2007/04/10 19:09, Stefan Sperling wrote:
 On Tue, Apr 10, 2007 at 06:16:55PM +0200, Reyk Floeter wrote:
  man speaker(4)
 
  for example,
  # echo 'CDEFGAHOC'  /dev/speaker
 
 cat /bsd  /dev/speaker is fun, too, especially if you're
 into weird electronic music ;-)

likewise 'tcpdump -w/dev/audio' (maybe with -yIEEE802_11_RADIO)

Routerboard 532 Bounty

[anon trol]

I'm not sure where to ask this; so, I thought I'd start here in misc
first.

I think I have convinced myself that I want to sponsor an architecture port
effort.  Specifically, I would like to see OpenBSD ported to the Routerboard
532 (IDT MIPS32 4Kc processor).  After STFW, I see that a few other people
have posted questions about this in the past without a lot of positive
response (it seems that there might have been a port that would have been
suitable at one point in time, but is no longer part of the current
distribution).  I'm curious what the non-technical (finical) stewardship
requirements might be for bringing back a dropped architecture and making
sure that it works on a very specific set of target boards (starting with
the 532).

I don't think this is too much of a technical undertaking (but at the moment
it's beyond my ability and time constraints)... the routerboard 532 boots
off of compaq flash (no need to muck about with the on-board flash).  The
only things that worry me are the slim resources (64MB  of memory max) and
support for the first NIC (IDT Korina 10/100 Mbit/s Fast Ethernet port).  I
would be willing to forgo support for the IDT NIC just to get things started
quickly (the other NICs are VIA VT6105).   I would want support for at least
one commodity 802.11(series) wireless NIC in both the 2.4ghz and 5ghz
ranges.  Other potential issue include the funky bootstrap code (which looks
for ELF), custom BIOS and MIPS endedness.

I don't want this to be a goatrope where I send off a bunch a Routerboard
hardware and nobody even tries to collect the bounty, but I know the OpenBSD
project has a pretty good reputation for getting things done when equipment
and funds are provided (if I'm off mark with that semi-acquired assumption,
please someone fill me in off-line).

Where do I start and who do I need to talk to?

live DB cloning to pgsql

[Jacob Yocom-Piatt]

there is a pervasive sql v8 database on windows 2003 server that i would 
like to clone to a pgsql database on openbsd. i've not done this 
before and am not familiar with the proper technique(s) to do such a thing.


the goal is to have any changes made to the pervasive DB be piped over 
to the mirror pgsql DB as the changes are made. any suggestions on how 
to setup this communication between the DBs would be very much appreicated.


cheers,
jake

Re: Beep!

[Manuel Ravasio]

Great!
Thank you all!

Manuel

 
 man speaker(4)
 
 for example,
 # echo 'CDEFGAHOC'  /dev/speaker



   

Get your own web address.  
Have a HUGE year through Yahoo! Small Business.
http://smallbusiness.yahoo.com/domains/?p=BESTDEAL

Re: bcw(4) is gone

[Reyk Floeter]

On Tue, Apr 10, 2007 at 07:33:31PM +0800, Doug Brewer wrote:
 Reyk Floeter [EMAIL PROTECTED] wrote:
 On Tue, Apr 10, 2007 at 12:19:29PM +0200, frantisek holop wrote:
  if someone is still reading the thread...
 
 
 lalalala
 
 Is it funny? Fuck off!!! lalalala
 

it is not funny but all this GPL discussion and speculations will not
bring it back.

reyk

Re: GRE over IPsec

[Joe]

Chris Jones wrote:

Hey all,

I know that it's possible to run GRE over and IPsec tunnel but I am
wondering if anyone here has seen some good documentation (besides the man
pages) or a howto on setting this up. I'm trying to config my OpenBSD
4.0firewall to interop with a route-based VPN network with a mix of
Fortigate
and Netscreen firewalls. Fortigates and Netscreens both use GRE interaces as
tunnel interfaces when creating route-based VPN tunnels. Right now all
endpoints are using un-numbered (0.0.0.0/0) GRE interfaces and so I would


I've been setting up IPSEC tunnels with Juniper/NetScreen firewalls for 
years. I've never done GRE. I have setup a simple tunnel with 
Juniper/NetScreen to OpenBSD. I didn't use GRE. I don't see why you need 
GRE since IPSEC does tunnels.

[OT] Re: Beep!

[Matthias Kilian]

On Tue, Apr 10, 2007 at 07:09:17PM +0200, Stefan Sperling wrote:
 cat /bsd  /dev/speaker is fun, too, especially if you're
 into weird electronic music ;-)

In this case, you should also try madplay (from ports) on kernels
for different platforms, but be sure to use a rate between 1 a 4
kHz.

Ciao,
Kili

-- 
DE:Signaturen erzeugen Krebs. EN:Signatures cause cancer. ES:Signaturas
provocan cancer. LATIN:Cancerem signatura faciunt. SE:Signaturer fvrorsaka
cancer. FR:Les signatures provoquent le cancer. RO:Signaturile produc cancer.
RU:Podpis'ki razvivazt rak. PL:Signatury provokuyom racka  [send translations]

Re: BSD thin client

[Daniel Ouellet]

On january, 27, Reiner Jung wrote:

In the next 2 weeks, a free NX client will be released which is runs on
OpenBSD without Linux emulation. All closed source parts from Nomachine
client are rewritten. As there are some parts from original Nomachine
client was used, it will be released under the GPL


Just a thought may be. Would be nice that the new parts possible would 
be release under BSD and what can't be, would still be GPL, then  if 
that's of good interest to some, may be someone else might step to 
finish it up and replace the end GPL parts if possible. Specially if you 
spend some much time making it to run one OpenBSD that is BSD based license.


In the light of all that happened in the last week or so, that might be 
a good idea.


Just food for thought.

Best,

Daniel

Re: live DB cloning to pgsql

[Joachim Schipper]

On Tue, Apr 10, 2007 at 03:55:48PM -0500, Jacob Yocom-Piatt wrote:
 there is a pervasive sql v8 database on windows 2003 server that i would 
 like to clone to a pgsql database on openbsd. i've not done this 
 before and am not familiar with the proper technique(s) to do such a thing.
 
 the goal is to have any changes made to the pervasive DB be piped over 
 to the mirror pgsql DB as the changes are made. any suggestions on how 
 to setup this communication between the DBs would be very much appreicated.

You might want to consider slony-l (asynchronous replication, might not
be what you want, but rather mature) and pgcluster (synchronous, but
development appears to have ceased).

There is some documentation on the net on how to do this; I've never
gone past looking at it, myself, so couldn't help you there.

Joachim

-- 
TFMotD: perlgpl (1) - the GNU General Public License, version 2

Re: BSD thin client

[Edd Barrett]

On 4/10/07, Daniel Ouellet [EMAIL PROTECTED] wrote:

On january, 27, Reiner Jung wrote:
 In the next 2 weeks, a free NX client will be released which is runs on
 OpenBSD without Linux emulation. All closed source parts from Nomachine
 client are rewritten. As there are some parts from original Nomachine
 client was used, it will be released under the GPL


The nx software does not look anywhere near as good as sun's sunray
implementation. I would really like to use my sunrays on my OpenBSD
boxes. However I imagine the protocol would be incredibly complicated.

--
Best Regards

Edd

Re: Binary kernel updates

[Rico Secada]

On Tue, 10 Apr 2007 13:34:57 -0400
Jeremy Huiskamp [EMAIL PROTECTED] wrote:

 If you'd bothered to inspect the headers you would have noticed that  
 the below message was sent before the one that has many replies but  
 it didn't arrive until about 20 hours after it was sent. Probably  
 stuck in the pipes somewhere, that seems to happen with misc@ alot.   
 Rico probably figured it was lost and so he sent another which is  
 fairly reasonable.

Thank you Jeremy! That was exactly what happened :-) I thought my ISP had some 
problems with his SMTP server.

 Jeremy
 
 On 10-Apr-07, at 12:44 PM, Bryan wrote:
 
  Why post twice?  Sending it as different person within 24 hours of one
  another is not going to get what you want...  A couple of people gave
  you solutions, choose one, or move to Linux...
 
  Remember this???
  [EMAIL PROTECTED] [EMAIL PROTECTED]
  to  misc@openbsd.org
  dateApr 9, 2007 4:43 PM 
  subject Binary kernel and base update   
  mailed-by   openbsd.org
 
  Hi all.
 
  I have noticed that the OpenBSD team puts a lot of emphasis on  
  using binary
  packets rather than building from ports, which I think IMHO is  
  good, but why
  is it that there is no binary kernel updates, rather than patching  
  the kernel
  from source?
 
  I am asking this not from a point that we find this difficult,  
  rather in
  OpenBSD its really easy. But sometimes its very time consuming, and  
  yes there
  exists binpatch and other solutions, but why isn't there an official
  OpenBSD way?
 
  Last week management decided to go back to using Debian on some of  
  our servers
  due to them being easy to upgrade including kernel and basesystem  
  upgrades.
 
  OpenBSD has really made a cool solution with pkg_add -u, but why  
  not kernel
  and basesystem binary updates as well?
 
  Best and kind regards.
 
  Rico
 
  On 4/9/07, Rico Secada [EMAIL PROTECTED] wrote:
  Hi all.
 
  I have noticed that the OpenBSD team puts a lot of emphasis on  
  using binary packets rather than building from ports, which I  
  think IMHO is good, but why is it that there is no binary kernel  
  updates, rather than patching the kernel from source?
 
  I am asking this not from a point that we find this difficult,  
  rather in OpenBSD its really easy. But sometimes its very time  
  consuming, and yes there exists binpatch and other solutions, but  
  why isn't there an official OpenBSD way?
 
  Last week management decided to go back to using Debian on some of  
  our servers due to them being easy to upgrade including kernel and  
  basesystem upgrades.
 
  OpenBSD has really made a cool solution with pkg_add -u, but why  
  not kernel and basesystem binary updates as well?
 
  Best and kind regards.
 
  Rico

date -u gives wrong timezone output?

[Markus Bergkvist]

Hi,

'date -u' on a 4.0 -stable will give something like
Tue Apr 10 22:03:24 GMT 2007
but shouldn't it be
Tue Apr 10 22:03:24 UTC 2007

Cheers,
Markus

Re: date -u gives wrong timezone output?

[Nick !]

On 4/10/07, Markus Bergkvist [EMAIL PROTECTED] wrote:

Hi,

'date -u' on a 4.0 -stable will give something like
Tue Apr 10 22:03:24 GMT 2007
but shouldn't it be
Tue Apr 10 22:03:24 UTC 2007


UTC = GMT for all that we care about.
[[http://en.wikipedia.org/wiki/Coordinated_Universal_Time]]

-Nick

Re: Binary kernel updates

[Rico Secada]

On Tue, 10 Apr 2007 11:29:17 -0700
Bryan [EMAIL PROTECTED] wrote:

 I am exceedingly sorry.  I realize now that it was not Rico's fault.
 My venom was uncalled for...
 
 Again, sorry Rico, et al...

Apology accepted :-)

 back to the shadows...
 
 On 4/10/07, Jeremy Huiskamp [EMAIL PROTECTED] wrote:
  If you'd bothered to inspect the headers you would have noticed that
  the below message was sent before the one that has many replies but
  it didn't arrive until about 20 hours after it was sent. Probably
  stuck in the pipes somewhere, that seems to happen with misc@ alot.
  Rico probably figured it was lost and so he sent another which is
  fairly reasonable.
 
  Jeremy
 
  On 10-Apr-07, at 12:44 PM, Bryan wrote:
 
   Why post twice?  Sending it as different person within 24 hours of one
   another is not going to get what you want...  A couple of people gave
   you solutions, choose one, or move to Linux...
  
   Remember this???
   [EMAIL PROTECTED] [EMAIL PROTECTED]
   tomisc@openbsd.org
   date  Apr 9, 2007 4:43 PM
   subject   Binary kernel and base update
   mailed-by openbsd.org
  
   Hi all.
  
   I have noticed that the OpenBSD team puts a lot of emphasis on
   using binary
   packets rather than building from ports, which I think IMHO is
   good, but why
   is it that there is no binary kernel updates, rather than patching
   the kernel
   from source?
  
   I am asking this not from a point that we find this difficult,
   rather in
   OpenBSD its really easy. But sometimes its very time consuming, and
   yes there
   exists binpatch and other solutions, but why isn't there an official
   OpenBSD way?
  
   Last week management decided to go back to using Debian on some of
   our servers
   due to them being easy to upgrade including kernel and basesystem
   upgrades.
  
   OpenBSD has really made a cool solution with pkg_add -u, but why
   not kernel
   and basesystem binary updates as well?
  
   Best and kind regards.
  
   Rico
  
   On 4/9/07, Rico Secada [EMAIL PROTECTED] wrote:
   Hi all.
  
   I have noticed that the OpenBSD team puts a lot of emphasis on
   using binary packets rather than building from ports, which I
   think IMHO is good, but why is it that there is no binary kernel
   updates, rather than patching the kernel from source?
  
   I am asking this not from a point that we find this difficult,
   rather in OpenBSD its really easy. But sometimes its very time
   consuming, and yes there exists binpatch and other solutions, but
   why isn't there an official OpenBSD way?
  
   Last week management decided to go back to using Debian on some of
   our servers due to them being easy to upgrade including kernel and
   basesystem upgrades.
  
   OpenBSD has really made a cool solution with pkg_add -u, but why
   not kernel and basesystem binary updates as well?
  
   Best and kind regards.
  
   Rico

Re: live DB cloning to pgsql

[Greg Thomas]

On 4/10/07, Joachim Schipper [EMAIL PROTECTED] wrote:

On Tue, Apr 10, 2007 at 03:55:48PM -0500, Jacob Yocom-Piatt wrote:
 there is a pervasive sql v8 database on windows 2003 server that i would
 like to clone to a pgsql database on openbsd. i've not done this
 before and am not familiar with the proper technique(s) to do such a thing.

 the goal is to have any changes made to the pervasive DB be piped over
 to the mirror pgsql DB as the changes are made. any suggestions on how
 to setup this communication between the DBs would be very much appreicated.

You might want to consider slony-l (asynchronous replication, might not
be what you want, but rather mature) and pgcluster (synchronous, but
development appears to have ceased).

There is some documentation on the net on how to do this; I've never
gone past looking at it, myself, so couldn't help you there.



I think he's going to have to write a stored procedure and some
triggers on the pervasive box.

Greg

Re: OpenBGPd + pf + pf tables.

[jared r r spiegel]

On Tue, Apr 10, 2007 at 06:33:12PM +0200, Xavier Beaudouin wrote:

 The problem I have is if I have a subnet removed from bgp (eg my AS35189 
 neighbor) it is not removed from pf table bgp.
 
 Do you have an little idea to do this automaticaly ?

  does it work how you want to if you change from using tables
  to route labels?

  http://marc.info/?l=openbsd-pfm=113646508819716w=2

-- 

  jared

Re: Binary kernel and base update

[Rico Secada]

On Tue, 10 Apr 2007 01:43:56 +0200
[EMAIL PROTECTED] wrote:

Thanks to all for the kind and enlightening answers. When I read that it was 
mainly due to lack of people and so, and not because that it was a bad idea, I 
then hope OpenBSD will keep expanding, and one day have all the resources which 
it needs.

 Hi all.
 
 I have noticed that the OpenBSD team puts a lot of emphasis on using binary
 packets rather than building from ports, which I think IMHO is good, but why
 is it that there is no binary kernel updates, rather than patching the kernel
 from source?
 
 I am asking this not from a point that we find this difficult, rather in
 OpenBSD its really easy. But sometimes its very time consuming, and yes there
 exists binpatch and other solutions, but why isn't there an official OpenBSD 
 way?
 
 Last week management decided to go back to using Debian on some of our servers
 due to them being easy to upgrade including kernel and basesystem upgrades. 
 
 OpenBSD has really made a cool solution with pkg_add -u, but why not kernel
 and basesystem binary updates as well? 
 
 Best and kind regards.
 
 Rico

Re: date -u gives wrong timezone output?

[jared r r spiegel]

On Tue, Apr 10, 2007 at 06:17:58PM -0400, Nick ! wrote:
 On 4/10/07, Markus Bergkvist [EMAIL PROTECTED] wrote:
 Hi,
 
 'date -u' on a 4.0 -stable will give something like
 Tue Apr 10 22:03:24 GMT 2007
 but shouldn't it be
 Tue Apr 10 22:03:24 UTC 2007
 
 UTC = GMT for all that we care about.
 [[http://en.wikipedia.org/wiki/Coordinated_Universal_Time]]

  i could be wrong here, but perhaps he is not suggesting
  that there is any wallclock difference between GMT and UTC,
  but rather that the manpage for date(1) says:

---
 -u  Display or set the date in UTC (Coordinated Universal) time.
---

  as opposed to ... date in GMT ..., also as implied by how it is
  '-u' and not '-g'

  least, that was my reaction to his post?

-- 

  jared


Index: date.c
===
RCS file: /cvs/src/bin/date/date.c,v
retrieving revision 1.27
diff -u -u -r1.27 date.c
--- date.c  29 Nov 2005 19:07:46 -  1.27
+++ date.c  11 Apr 2007 03:19:15 -
@@ -102,7 +102,7 @@
tval = atol(optarg);
break;
case 'u':   /* do everything in UTC */
-   if (setenv(TZ, GMT0, 1) == -1)
+   if (setenv(TZ, UTC, 1) == -1)
err(1, cannot unsetenv TZ);
break;
case 't':   /* minutes west of GMT */