Re: disklabel/newfs problem?
On Mon, 6 Aug 2007, btmarshall wrote: Thank you,that has solved the problem. I didn't notice anything in the man page for newfs or the platform notes for sparc64. Did I miss this in the documentation somewhere? Thanks again! this is an MI issue, and not documented afaik. I've always learned the rule that block devices should be used only for mounting, and nothing else, but that does not not seem to be documented as well, except for st(4). The warning printed by newfs itself is not enough. I'm thinking about either making the warning an error or automaticaly using the raw device, like fsck does. -Otto Otto Moerbeek wrote: On Mon, 6 Aug 2007, btmarshall wrote: When I create a disklabel and newfs the filesystem more than a few gigs on either one of my Ultra1 sparc64 boxes, I can't mount them (mount_ffs: invalid parameter) until I run an fsck and fix the superblock. Here's an example: # disklabel -E sd0 This platform requires that partition offsets/sizes be on cylinder boundaries. Partition offsets/sizes will be rounded to the nearest cylinder automatically. Initial label editor (enter '?' for help at any prompt) p device: /dev/rsd0c type: SCSI disk: SCSI disk label: ATLAS V 18 SCA bytes/sector: 512 sectors/track: 425 tracks/cylinder: 4 sectors/cylinder: 1700 cylinders: 20907 total sectors: 35566499 free sectors: 35566499 rpm: 7200 3 partitions: # sizeoffset fstype [fsize bsize cpg] c: 35566499 0 unused 0 0 # Cyl 0 - 20921* a partition: [a] offset: [0] size: [35566499] Rounding to nearest cylinder: 3600 FS type: [4.2BSD] a partition: [b] offset: [3600] size: [2232899] Rounding to nearest cylinder: 2232100 FS type: [swap] w q No label changes. # newfs /dev/sd0a newfs: /dev/sd0a: not a character-special device This is your problem. Always create filesystems on the raw partitions (/dev/rsd0a in this case). I can reproduce your problem here, and it disappears if I use the correct device. -Otto Warning: cylinder groups must have a multiple of 16 cylinders /dev/sd0a: 3600 sectors in 39216 cylinders of 2 tracks, 425 sectors 16276.2MB in 107 cyl groups (368 c/g, 152.73MB/g, 19584 i/g) super-block backups (for fsck -b #) at: 32, 313280, 625632, 938880, 1251232, 1564480, 1876832, 2190080, 2502432, 2815680, 3128032, 3441280, 3753632, 4066880, 4379232, 4692480, 5004832, 5318080, 5630432, 5943680, 6256032, 6569280, 6881632, 7194880, 7507232, 7820480, 8132832, 8446080, 8758432, 9071680, 9384032, 9697280, 10009632, 10322880, 10635232, 10948480, 11260832, 11574080, 11886432, 12199680, 12512032, 12825280, 13137632, 13450880, 13763232, 14076480, 14388832, 14702080, 15014432, 15327680, 15640032, 15953280, 16265632, 16578880, 16891232, 17204480, 17516832, 17830080, 18142432, 18455680, 18768032, 19081280, 19393632, 19706880, 20019232, 20332480, 20644832, 20958080, 21270432, 21583680, 21896032, 22209280, 22521632, 22834880, 23147232, 23460480, 23772832, 24086080, 24398432, 24711680, 25024032, 25337280, 25649632, 25962880, 26275232, 26588480, 26900832, 27214080, 27526432, 27839680, 28152032, 28465280, 28777632, 29090880, 29403232, 29716480, 30028832, 30342080, 30654432, 30967680, 31280032, 31593280, 31905632, 32218880, 32531232, 32844480, 33156832, # fsck /dev/sd0a ** /dev/rsd0a BAD SUPER BLOCK: MAGIC NUMBER WRONG LOOK FOR ALTERNATE SUPERBLOCKS? [Fyn?] y USING ALTERNATE SUPERBLOCK AT 32 ** File system is already clean ** Last Mounted on ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 1 files, 1 used, 8200710 free (14 frags, 1025087 blocks, 0.0% fragmentation) UPDATE STANDARD SUPERBLOCK? [Fyn?] y * FILE SYSTEM WAS MODIFIED * # I've run this on a vanilla 4.1 install, as well as a stable kernel/userland upgraded as of last night. Any clues? -- View this message in context: http://www.nabble.com/disklabel-newfs-problem--tf4226020.html#a12021995 Sent from the openbsd user - misc mailing list archive at Nabble.com. -- View this message in context: http://www.nabble.com/disklabel-newfs-problem--tf4226020.html#a12025401 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Lenovo 8744-J2U - several questions
Le 7 ao{t 07 ` 05:23, Frank Bax a icrit : At 06:26 PM 8/6/07, Matthieu Herrb wrote: On 8/6/07, Frank Bax [EMAIL PROTECTED] wrote: Just got a new Lenovo 8744-J2U laptop and installed the Aug.1 snapshot: 1) When I shutdown X, text resolution is messed up. Chars are bigger, they are 40 per line, with wrap. All Ctrl-Alt-Fn sessions are affected. If I issue a command like 'date', then hit enter several time, I find that the command and its output are finally visible. Since you're using the vesa driver, it means that the VESA BIOS on your laptop is broken. Check for updates on Lenovo's web site. 2) ATI adapter is not recognized. Changing depth to 24 works; but I can't seem to change resolution - always comes up 1280x1024; but this is a 15.4 widescreen display; which i believe should run at 1680x1050. Again, broken bios. Lenovo should provide a bios with resolutions matching the physical size of the screen. Try using i915resolution from ports. It has been reported to work with other BIOSes too. Thanks for the prompt response. I updated BIOS from 1.08 to 1.11; one line changed in dmesg. $ diff dmesg_0803.txt dmesg_0806.txt 8c8 bios0 at mainbus0: AT/286+ BIOS, date 04/30/07, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS rev. 2.4 @ 0xe0010 (68 entries) --- bios0 at mainbus0: AT/286+ BIOS, date 07/13/07, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS rev. 2.4 @ 0xe0010 (68 entries) Still no change on initial problems though. I tried 915resolution, but I'm thinking it's not compatible: $ sudo /usr/local/sbin/915resolution -l Intel 800/900 Series VBIOS Hack : version 0.5.2 Unable to open the BIOS file: Operation not permitted IIRC it must be run in secure level -1. From the description of the port : Because 915resolution requires write access to /dev/mem, the system must be at a securelevel = 0. Pierre Riteau vga1 at pci1 dev 0 function 0 vendor ATI, unknown product 0x71d4 rev 0x00 Oh and I forgot: this is a Mobility FireGL V5250, which is indeed not supported by the current X.Org ati driver. It should be supported by the new 'avivo' driver, but this driver is not yet available for OpenBSD. Is there someplace where I can monitor OpenBSD status of this?
Re: Lenovo 8744-J2U - several questions
Le lundi 06 aoC;t 2007 C 21:21 -0400, Stephan Andre' a C)crit : On Monday 06 August 2007 18:29:12 Matthieu Herrb wrote: On 8/6/07, Frank Bax [EMAIL PROTECTED] wrote: Just got a new Lenovo 8744-J2U laptop and installed the Aug.1 snapshot: vga1 at pci1 dev 0 function 0 vendor ATI, unknown product 0x71d4 rev 0x00 Oh and I forgot: this is a Mobility FireGL V5250, which is indeed not supported by the current X.Org ati driver. It should be supported by the new 'avivo' driver, but this driver is not yet available for OpenBSD. Matthieu, I'm also looking at the Lenovo T60. Is the avivo driver ready for use, and how much effort is there in incorporating it into Xenocara? I'd really like a new laptop--my A31p is old. Thanks, STeve Andre' I tested the avivo driver running linux, it works fine with a firegl 5200 card. There is only one trouble with DPMS: the screen displays something weird when it switches off then switches on. Running openbsd stable, I use the vesa driver but there is no problem here. Eric
Re: compat_freebsd shared library showstopper
On Monday 06 August 2007, Michael Dexter wrote: Anything else I should try? Did you try installing the emulators/freebsd_lib port? Yes. I failed to mention that in my checklist. Michael.
Re: gdb - firefox debugging
On Mon, Aug 06, 2007 at 10:43:21PM -0700, J.C. Roberts wrote: I'm looking for all the needed steps to get firefox debug running in gdb. It's my first attempt at this and I've failed to the correct find the mozilla docs (assuming they exist) or details in the misc@, ports@ or tech@ archives. From what I've learned, you're supposed to use the following switches with the /usr/bin/firefox shell script. $ firefox -g You can be more explicit by naming the binary and the debugger. $ firefox -g /usr/local/mozilla-firefox/firefox-bin -d gdb The two are equivalent. Once inside gdb, I know you need to handle some signals. I've tried all combinations of the following signals and handling (nostop etc) without any luck: (gdb) handle SIG32 nostop noprint pass (gdb) handle SIG33 nostop noprint pass (gdb) handle SIGPIPE nostop noprint pass The problem I'm having is the gdb session just stops, without error, and firefox never actually loads. It never stops in the same place twice but it always stops. example (gdb) run lots of output from debug flavor Reading in symbols for nsCSSStyleRule.cpp...done. Reading in symbols for nsJARURI.cpp...done. Reading in symbols for nsReadableUtils.cpp...done. Reading in symbols for nsCSSScanner.cpp...done. Reading in symbols for nsCSSParser.cpp...done. ++DOMWINDOW == 2 Reading in symbols for jsscope.c...done. Reading in symbols for /usr/src/lib/libc/string/strdup.c...done. Reading in symbols for nsTraceRefcntImpl.cpp...done. Reading in symbols for nsXMLDocument.cpp...done. It just sits there like gdb has hit an invisible limit and is waiting for something, and yes, it's sitting in the wait state. (from top) 25200 jcr 100 272M 270M idle wait 0:32 0.00% gdb 16656 jcr 310 7344K 25M stop/0 -0:03 0.00% firefox-bin Reluctantly, I've tried kicking the kern.maxfiles sysctl up as high as 20,000 but that's not the issue (I normally run the default). Just guessing from my previous pleasant experience of debuging firefox: increase ulimit - data to ~ 2GB add swap until you have a total of ~2GB I remember something like gdb alone eating 900MB. Tobias [...]
Re: Intel Core 2 - errata pulled?!?
Hi, On Wed, 27.06.2007 at 11:08:16 -0600, Theo de Raadt [EMAIL PROTECTED] wrote: http://download.intel.com/design/processor/specupdt/31327914.pdf looks like intel pulled that paper. I'm unable to find it and would like to receive a private copy. An easier summary document for some people to read: http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_21__full.gif I can read only about errors with number in the lower 30'ies on that image, which means, that I can't read about most in this list: Note that some errata like AI65, AI79, AI43, AI39, AI90, AI99 scare Leaving these aside, I just discovered that the i386 compatibility page does apparently not list _any_ current intel CPUs (eg. Pentium D), and the question about whether recent Xeons still classify as Xeon in this list has been raised. So, is it right to conclude that only current AMD CPUs are supported, and that recent intel CPUs are generally unsupported? While I generally like AMD better, I'd like to purchase an intel system with significant power (as a router, targetting 300kpps, that is), but don't know which one I should get. If you have an alternative suggestion for the best (in terms of power and reliability) AMD chip, I'm all ears, too. TIA! Best, --Toni++
systrace/sysjail wrappers security
In the First USENIX Workshop on Offensive Technologies (WOOT07) there was presentation by Robert N. M. Watson: Exploiting Concurrency Vulnerabilities in System Call Wrappers with exploit code included how to bypass restrictions: http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf It seems that syscall wrappers are vulnerable on SMP systems and conclusion states: Don't use system call wrappers... ...unless willing to rewrite OS system call handler Do use a security framework integrated with the kernel's copying and synchronization I am using sysjail, so I am very interested how to mitigate attacks or is there anything OpenBSD could change to mitigate these issues?
Re: Lenovo 8744-J2U - several questions
Matthieu, I'm also looking at the Lenovo T60. Is the avivo driver Get a T60 with the Intel graphics chipset and an XGA display. You won't have any problems with X Windows.
Re: Intel Core 2 - errata pulled?!? [SOLVED]
Hi, On Tue, 07.08.2007 at 16:22:08 +0200, Toni Mueller [EMAIL PROTECTED] wrote: On Wed, 27.06.2007 at 11:08:16 -0600, Theo de Raadt [EMAIL PROTECTED] wrote: http://download.intel.com/design/processor/specupdt/31327914.pdf looks like intel pulled that paper. I'm unable to find it and would like to receive a private copy. it appears that the URL has been updated, and I was unable to find it. The current URL is http://download.intel.com/design/processor/specupdt/31327916.pdf Sorry for the noise. Best, --Toni++
Re: Lenovo 8744-J2U - several questions
On 8/7/07, Stephan Andre' [EMAIL PROTECTED] wrote: Matthieu, I'm also looking at the Lenovo T60. Is the avivo driver ready for use, and how much effort is there in incorporating it into Xenocara? I'd really like a new laptop--my A31p is old. The avivo driver needs X server 1.3 and libpciaccess to work. xserver 1.3 works on OpenBSD, but won't be in Xenocara for OpenBSD 4.2. I'm working on libpciaccess but it is not in a working state yet.
Re: gdb - firefox debugging
On Tuesday 07 August 2007 1:43:21 am J.C. Roberts wrote: I'm looking for all the needed steps to get firefox debug running in gdb. It's my first attempt at this and I've failed to the correct find the mozilla docs (assuming they exist) or details in the misc@, ports@ or tech@ archives. From what I've learned, you're supposed to use the following switches with the /usr/bin/firefox shell script. $ firefox -g You can be more explicit by naming the binary and the debugger. $ firefox -g /usr/local/mozilla-firefox/firefox-bin -d gdb The two are equivalent. Once inside gdb, I know you need to handle some signals. I've tried all combinations of the following signals and handling (nostop etc) without any luck: (gdb) handle SIG32 nostop noprint pass (gdb) handle SIG33 nostop noprint pass (gdb) handle SIGPIPE nostop noprint pass The problem I'm having is the gdb session just stops, without error, and firefox never actually loads. It never stops in the same place twice but it always stops. Hi, use 'set auto-solib-add off' to stop gdb from loading symbols from all shared libs. then selectively load shared lib symbols with 'shared libname' for placing breakpoints or to get line numbers from 'bt'. this technique is also needed to debug OOo issues. -Kurt
Re: spamd - 250 return text
As far as I understand from them, the sysadmin was showing the defer to his boss using a telnet session, and the boss got pissed off, because they are actually very diligent about their spam policies. Anyways, I just wanted to know if it there was another way to change the 250 messages without changing the source code... I should have just not mentioned my reasons. Sorry for that. Thanks a lot for all the replies. g. Peter Fraser wrote: I think that the problem is a bad mail program at your clients, A user should not see the 250 status, it is not a failure of any sort but I have seen it as a return status sent to a user. Here is an example that I have seen from someone who sent us a message. The message failed and this is the status that they received: Reporting-MTA: dns; toq7.bellnexxia.net Arrival-Date: Fri, 20 Jul 2007 21:26:11 -0400 Received-From-MTA: dns; Christine (64.230.70.248) Content-Type: text/plain Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 4.4.7 Remote-MTA: dns; thinkage.ca Diagnostic-Code: smtp; 250 This is hurting you more than it is hurting me.
updating pf filter rules
I inherited a transparent bridging firewall running OpenBSD 3.8 and pf. I would like to add two new filter rules without disrupting the current network traffic. The pfctl man page did not seem to indicate a way to load a single filter rule to a running configuration. If I made a new file with a just the new rules and loaded it with something like pfctl -f two.pf.rules.conf, would all the existing filter rules be dropped and would only the two new rules be in effect? Let's say I updated the existing config file, /etc/pf.conf, with my new rules. What would happen if I ran pfctl -f /etc/pf.conf? Would the existing state table be flushed? Would there be a point in this time frame where there were no filter rules loaded and packets would get dropped? Thanks, Austin
Re: spamd - 250 return text
That's exactly why I tend to tell the pointy haired ones that it all works on the FM principle and never go into much depth about what that means. (note: FM = Fucking Magic but they don't need to know that) It was fun tho the first time the owner of the company I work for tried to add an email account using a script that i created and flubbed the password on his sudo command. He is technical in a microsquishy kinda way and thought that it was MY code that was telling him he had a brain the size of a cabbage (or some such, the exact message is lost to time). Boy, many zoggs fell prey to the snarlak that day. He was pretty mad and might even have fired me, but then he realized that he needed an email account added to the server and he would have to pay a crap load more money than he is giving me to have someone come in and figure out how. s -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tom Bombadil Sent: Tuesday, August 07, 2007 02:37 PM To: Peter Fraser Cc: 'misc@openbsd.org' Subject: Re: spamd - 250 return text As far as I understand from them, the sysadmin was showing the defer to his boss using a telnet session, and the boss got pissed off, because they are actually very diligent about their spam policies. Anyways, I just wanted to know if it there was another way to change the 250 messages without changing the source code... I should have just not mentioned my reasons. Sorry for that. Thanks a lot for all the replies. g. Peter Fraser wrote: I think that the problem is a bad mail program at your clients, A user should not see the 250 status, it is not a failure of any sort but I have seen it as a return status sent to a user. Here is an example that I have seen from someone who sent us a message. The message failed and this is the status that they received: Reporting-MTA: dns; toq7.bellnexxia.net Arrival-Date: Fri, 20 Jul 2007 21:26:11 -0400 Received-From-MTA: dns; Christine (64.230.70.248) Content-Type: text/plain Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 4.4.7 Remote-MTA: dns; thinkage.ca Diagnostic-Code: smtp; 250 This is hurting you more than it is hurting me. __ NOD32 2442 (20070807) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com
Re: updating pf filter rules
On 2007/08/07 15:46, Austin Murphy wrote: If I made a new file with a just the new rules and loaded it with something like pfctl -f two.pf.rules.conf, would all the existing filter rules be dropped and would only the two new rules be in effect? Yes. Let's say I updated the existing config file, /etc/pf.conf, with my new rules. What would happen if I ran pfctl -f /etc/pf.conf? This would do what you want. Would the existing state table be flushed? No. You'd need a -F something to flush things. Would there be a point in this time frame where there were no filter rules loaded and packets would get dropped? No.
OpenBSD/hppa
Over the last few weeks I've made some important improvements to the OpenBSD/hppa port. Support for newer B/C/J-class workstations was added, and basically anything but the C8000 should just work. I've also fixed a rather critical bug, which makes machines with a PA-7200 CPU usable again (and makes machines with other CPU's much more stable). And last but not least, support for the NCR 53C720 Fast-Wide SCSI found on many hppa machines has been added to siop(4). With all these changes, I have reason to believe that most of the so far unsupported D-class and K-class servers should just work, or will work with just a small tweak to the code here and there. Unfortunately I don't have such hardware myself, so if people have access to one of these machines, could they give the latest snapshot a go on them and send me (and [EMAIL PROTECTED]) a copy of the dmesg? Thanks, Mark
Re: systrace/sysjail wrappers security
I am using sysjail, so I am very interested how to mitigate attacks or is there anything OpenBSD could change to mitigate these issues? Until the kernel wrapper issues have been addressed, the sysjail page has been updated to indicate that it SHOULD NOT be used (nor should any systrace(4) system, which, to the best of my knowledge, is only systrace(1) and Xsystrace(1)).
Re: updating pf filter rules
On Tue, 7 Aug 2007 15:46:41 -0400 Austin Murphy [EMAIL PROTECTED] wrote: I inherited a transparent bridging firewall running OpenBSD 3.8 and pf. I would like to add two new filter rules without disrupting the current network traffic. The pfctl man page did not seem to indicate a way to load a single filter rule to a running configuration. If I made a new file with a just the new rules and loaded it with something like pfctl -f two.pf.rules.conf, would all the existing filter rules be dropped and would only the two new rules be in effect? Let's say I updated the existing config file, /etc/pf.conf, with my new rules. What would happen if I ran pfctl -f /etc/pf.conf? I'd suggest pfctl -n -f /etc/pf.conf Would the existing state table be flushed? Would there be a point in this time frame where there were no filter rules loaded and packets would get dropped? Thanks, Austin
Re: updating pf filter rules
On Tue, 7 Aug 2007 18:31:53 -0500, Mike Piety wrote: On Tue, 7 Aug 2007 15:46:41 -0400 Austin Murphy [EMAIL PROTECTED] wrote: I inherited a transparent bridging firewall running OpenBSD 3.8 and pf. I would like to add two new filter rules without disrupting the current network traffic. The pfctl man page did not seem to indicate a way to load a single filter rule to a running configuration. If I made a new file with a just the new rules and loaded it with something like pfctl -f two.pf.rules.conf, would all the existing filter rules be dropped and would only the two new rules be in effect? Let's say I updated the existing config file, /etc/pf.conf, with my new rules. What would happen if I ran pfctl -f /etc/pf.conf? I'd suggest pfctl -n -f /etc/pf.conf Lazy me likes to be safe and does: # pfctl -f /etc/pf.conf -n and if has no error output: up arrowbackspacebackspaceenter loads the rules. Would the existing state table be flushed? Would there be a point in this time frame where there were no filter rules loaded and packets would get dropped? Thanks, Austin Rod/ From the land down under: Australia. Do we look umop apisdn from up over?
Ethernet bridge over IPsec in OpenBSD 4.1
I have not been able to get an Ethernet bridge over IPsec to work in OpenBSD 4.1. I have two machines running as NAT gateways with a gif tunnel between them protected by IPsec ESP. The internal interfaces are both bridged to the gif tunnel. I can ping either gateway from the other over the tunnel, but the bridges are not learning any MAC addresses from the gif side save that of the other gateway. When I try to ping a machine on one LAN from the opposite gateway, the ARP who-is packets from the gateway will be forwarded by the other gateway's bridge, but the reply packets do not seem to be properly sent back over the gif interface by the bridge. I noticed in the source repository the following comment in src/sys/net/if_bridge.c, revision 1.161 make bridge(4) mark packets with M_PROTO1 if gif(4) needs to use etherip encapsulation; unbreaks remote ipsec bridges; ok claudio; additional testing Renaud Allard Is this type of bridging broken in OpenBSD 4.1, or am I missing something? Is there a way to make this work while I am waiting for 4.2? I had this exact same setup working in a previous version of OpenBSD. (I can't remember if it was 3.9 or 4.0.)
Re: Intel Core 2 - errata pulled?!?
Toni Mueller [EMAIL PROTECTED] wrote: Leaving these aside, I just discovered that the i386 compatibility page does apparently not list _any_ current intel CPUs (eg. Pentium D), and the question about whether recent Xeons still classify as Xeon in this list has been raised. They are all supported and work fine, the web site simply does not keep up with intel's marketing department.
Re: Intel Core 2 - errata pulled?!?
Chris Cappuccio wrote: Toni Mueller [EMAIL PROTECTED] wrote: Leaving these aside, I just discovered that the i386 compatibility page does apparently not list _any_ current intel CPUs (eg. Pentium D), and the question about whether recent Xeons still classify as Xeon in this list has been raised. The OpenBSD server hardware compatibility list at: http://www.armorlogic.com/openbsd_information_server_compatibility_list.html is pretty decent in terms of having dmesg's from current widely deployed Intel and AMD servers.