PCMCIA on a Toshiba A135-S4656 to use wi(4) with DWL-650 PCMCIA
I'd like to get wireless networking working on my Toshiba A135-S4656 laptop. The built-in AR5424 isn't working for me, but I think ath(4) support for it is still a work-in-progress, so I'm trying to use a D-Link DWL-650 in the PCMCIA slot for now. This appears to be supported by wi(4) D-Link DWL-650 (rev A1-J3 only) Prism-2.5PCMCIA. My card says Rev:J3 on the back. I can't get a wi0 to show up in my output from ifconfig on 4.2 AMD64, and I don't see it recognizing the pcmcia connection. I've tried 4.2 i386, which seems to recognize the pcmcia, but still doesn't produce a wi0 in ifconfig and produces the following two errors: pcic_wait_ready: ready never happened, state = 4c pccom3 at pcmcia0 function 0: can't allocate i/o space Inserting the card before boot or after login didn't seem to change much. Per pcmcia(4) I tried changing the address and size parameters with boot_config(8) and config(8). On amd64 I was not able to find the relevant driver. On i386 I was unable to make things better, but I was able to disable the driver and see the effect. What should I try next? Is amd64 expected to support pcmcia differently? Below are the dmesg outputs from both amd64 and i386 (same machine) and the ifconfig output. Thanks, Andrew Hart ifconfig.amd64: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33168 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 ath0: flags=8822BROADCAST,NOTRAILERS,SIMPLEX,MULTICAST mtu 1500 lladdr 00:1b:9e:1a:87:74 groups: wlan media: IEEE802.11 autoselect status: no network ieee80211: nwid re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:16:d4:fd:87:c6 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::216:d4ff:fefd:87c6%re0 prefixlen 64 scopeid 0x2 inet 192.168.0.102 netmask 0xff00 broadcast 192.168.0.255 enc0: flags=0 mtu 1536 dmesg.amd64.CardInsertedPriorToBoot: OpenBSD 4.2 (GENERIC) #1179: Tue Aug 28 10:37:50 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 526512128 (502MB) avail mem = 499818496 (476MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xdc010 (22 entries) bios0: vendor TOSHIBA version V1.40 date 04/26/2007 bios0: TOSHIBA Satellite A135 acpi at mainbus0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz, 1596.25 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR,LONG cpu0: 1MB 64b/line 4-way L2 cache pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel 82945GM MCH rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 11 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek/0x0862 (rev. 0.1), HDA version 1.0 azalia0: codec: ATT/Lucent/0x1040 (rev. 2.0), HDA version 1.0 azalia0: codec[1]: No support for modem function groups azalia0: codec[1]: No audio function groups audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02 pci1 at ppb0 bus 2 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02 pci2 at ppb1 bus 4 ath0 at pci2 dev 0 function 0 Atheros AR5424 rev 0x01: irq 10 ath0: AR5424 10.0 phy 6.1 rf 10.2, WOR4W, address 00:1b:9e:1a:87:74 ppb2 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02 pci3 at ppb2 bus 5 re0 at pci3 dev 0 function 0 Realtek 8101E rev 0x01: RTL8101E (0x3400), irq 11, address 00:16:d4:fd:87:c6 rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: irq 11 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: irq 10 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: irq 11 ehci0: timed out waiting for BIOS usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci4 at ppb3 bus 6 cbb0 at pci4 dev 4 function 0 TI PCIXX12 CardBus rev 0x00: couldn't map interrupt TI PCIXX12 FireWire rev 0x00 at pci4 dev 4 function 1 not configured TI PCIXX12 Multimedia Card Reader rev 0x00 at pci4 dev 4 function 2 not configured sdhc0 at pci4 dev 4 function 3 TI PCIXX12 Secure Data rev 0x00: irq 10 sdmmc0 at sdhc0 pcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02 pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA, channel 0 wired to
Re: OpenBGPD selecting wrong nexthop over openvpn tunnel
* Casey Ransom [EMAIL PROTECTED] [2007-11-21 23:50]: On Nov 21, 2007, at 3:30 PM, Henning Brauer wrote: what does route -n get 10.8.1.2 show? I suspect there's a bug with tun not setting the ifindexin the routing message (*sigh*, another one) gw0# route -n get 10.8.1.2 route to: 10.8.1.2 destination: 10.8.1.2 interface: tun0 hmm. that seems fine. bgpctl show nexthop probably does not list tun0 for 10.8.1.2? in the logs, you'll see a nexthop 10.8.1.2 now valid message, what does it say exactly? -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: PE1950
On Wed, Nov 21 2007 at 56:15, Marco Peereboom wrote: This machines works fine with 4.2. PERC6 does not work yet with out mfi driver but I am also pretty sure those aren't really available yet. The last PE 1950 we bought (2 months ago) came with PERC 5. I heard that new hardware should arrive near december for the PE 1950. Claer On Wed, Nov 21, 2007 at 09:55:54AM -0800, Stanislav Ovcharenko wrote: Hello, I'm planning on running OpenBSD 4.2 on Dell Power Edge 1950. Question 1: How stable is it on x64 platform? I mean native 64 bit code. I assume that x86 code will run just fine ... Question 2: Does anyone know if PERC 6 RAID controller is supported. The hardware list says that it will work with PERC 5 and I'm wondering if the same driver will detect and support the chipset on PERC 6 controller. Any feedback would be appreciated. Regards, Stas.
Re: xinetd support
On Nov 21 22:00:03, badeguruji wrote: is it supported on openbsd? http://www.xinetd.org/ thank you. http://www.linuxisforbitches.com/rants/xinetd.php
Re: fxp changes between 4.2 and earlier releases causing stability problems?
* Josh [EMAIL PROTECTED] [2007-11-20 22:35]: I am having large stability problems since running 4.2 as firewalls. I have 1x fxp and 2x dual box fxp cards, and after a while, the boxes freeze up, Any suggestions/ideas? sounds like you hit the memory leak we just found fixed. Index: pf.c === RCS file: /cvs/src/sys/net/pf.c,v retrieving revision 1.564 diff -u -p -r1.564 pf.c --- pf.c18 Nov 2007 21:53:47 - 1.564 +++ pf.c22 Nov 2007 01:15:47 - @@ -816,6 +816,8 @@ pf_insert_state(struct pfi_kif *kif, str TAILQ_FOREACH(sp, cur-states, next) if (sp-kif == kif) { /* collision! */ pf_stateins_err(tree_lan_ext, s, kif); + pf_detach_state(s, + PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); return (-1); } pf_detach_state(s, PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); @@ -958,10 +960,8 @@ pf_src_tree_remove_state(struct pf_state u_int32_t timeout; if (s-src_node != NULL) { - if (s-state_key-proto == IPPROTO_TCP) { - if (s-src.tcp_est) - --s-src_node-conn; - } + if (s-src.tcp_est) + --s-src_node-conn; if (--s-src_node-states = 0) { timeout = s-rule.ptr-timeout[PFTM_SRC_NODE]; if (!timeout) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
File collision while using pkg_add
Hi all, I'm trying to install gnome-doc-utils : $ sudo pkg_add gnome-doc-utils perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LC_ALL = (unset), LC_CTYPE = en_US.UTF-8, LANG = (unset) are supported and installed on your system. perl: warning: Falling back to the standard locale (C). Collision: the following files already exist /usr/local/bin/gnome-doc-prepare (same md5) /usr/local/bin/gnome-doc-tool (same md5) /usr/local/bin/xml2po (same md5) /usr/local/lib/pkgconfig/gnome-doc-utils.pc (same md5) /usr/local/lib/pkgconfig/xml2po.pc (same md5) /usr/local/man/man1/xml2po.1 (same md5) /usr/local/share/aclocal/gnome-doc-utils.m4 (same md5) /usr/local/share/xml2po/xhtml.pyc (same md5) etc, etc, etc... /usr/sbin/pkg_add: fatal issues in installing gnome-doc-utils-0.10.3p2 $ The Perl error just appeared today but it is no big deal for me right now. My problem is that I can't find any way in pkg_add(1) for dealing with this. There are just to many collision files to remove manually and I don't know how te make a script wich automaticly removes all these files. How should I handle this? Pieter Verberne
Re: IPoEoA on ueagle?
My ISP (www.bethere.co.uk) has told me it's IPoEoA: 3) When configuring the WAN, member would get an option asking whether your ISP authenticates with user/pass or not You have to choose no in there. 4) Connection is IPoEoATM 5) Multiplexing is LLC-based. In case you can choose the LLC type it should be SNAP. 6) Set the modem to work in DHCP mode b to obtain IP from the ISP. However, your query prompted me to look at their web site and, while I was there, it seems my 20Mbps connection may be ADSL2+ which - I think - doesn't work with ueagle anyway. I think I'm shagged :( | I am running 4.2-RELEASE and have recompiled the kernel to include the | lines: | | Option NATM | ueagle* at usb? | | My Sagem [EMAIL PROTECTED] 800 E2 is recognised by the kernel: | | # dmesg | grep ueagle | ueagle0 at uhub3 port 2 | ueagle0 detached | ueagle0 at uhub3 port 2 | ueagle0: Analog Devices Eagle II, rev 1.00/50.0b, addr 2 | ueagle0: address: 00:60:4c:16:d1:60 | # | | My ISP uses IPoEoA. | I have done a bit of reading on ATM (although I am by no means an expert) | and I would like to know if IPoEoA is supported in ueagle. No. ueagle supports plain IPoA (with or without LLC encap) and PPPoA only. It's more a limitation of the OS (netatm stack) than a limitation of the driver though. Are you sure your ISP really uses IPoEoA? It is the first time I see this. Does your modem synchronize at least? (just run ifconfig ueagle0 up) Damien --- This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is registered in the Commercial Register under number 33002587, including its group companies, shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. ---
Re: Hoststated and stickiness based on cookie strings
hi! On Wed, Nov 21, 2007 at 11:34:02PM -0800, Preston Norvell wrote: snip The first is a basic issue with load balancing. No matter which algorithm we choose, initial traffic is extremely heavily waited towards the system in the table with the highest id. In point of experience so far, the only time more than one host is reliably used is when using the roundrobin type of load-balancing. If 'loadbalance' or 'hash' is used, 99.9% of traffic ends up on a single host; some will end up on other hosts, sometime momentarily though, and not what we've been able see as deterministically. The situation with 'loadbalance' we understand since our test system on the internet is essentially coming from essentially one address (though even in limited testing with a hand full of additional requesting addresses, it appears that it works the same). With a test of traffic from our test host with roundrobin (50 separate, simultaneous single request/response sessions run for several seconds), 797 of the requests ended up at the high id host and 628 across the remaining 7 (89 or 90 for each). We have discovered the issue with this unbalanced balancing. The root cause appears to be some invalid assumptions in the roundrobin code in the relay_from_table function in relay.c. - please try the attached diff, it will fix the roundrobin mode by saving the last index and traversing to the next available host. (you can also have a look at my little test program to verify the alg: http://team.vantronix.net/~reyk/q.c) - i'm also looking into improving the loadbalance mode. the attached diff includes the source port in loadbalance mode and the destination (relay) port in loadbalance and hash mode. make also sure that you feed in other variables if you want to get better results, for example request hash Host to feed the virtual hostname into the hash/loadbalance hash. reyk Index: hoststated.h === RCS file: /cvs/src/usr.sbin/hoststated/hoststated.h,v retrieving revision 1.81 diff -u -p -r1.81 hoststated.h --- hoststated.h22 Nov 2007 10:09:53 - 1.81 +++ hoststated.h22 Nov 2007 11:45:00 - @@ -327,6 +327,7 @@ struct host { u_long up_cnt; int retry_cnt; struct ctl_tcp_event cte; + int idx; }; TAILQ_HEAD(hostlist, host); Index: relay.c === RCS file: /cvs/src/usr.sbin/hoststated/relay.c,v retrieving revision 1.65 diff -u -p -r1.65 relay.c --- relay.c 22 Nov 2007 10:09:53 - 1.65 +++ relay.c 22 Nov 2007 11:45:01 - @@ -463,6 +463,7 @@ relay_init(void) if (rlay-dstnhosts = RELAY_MAXHOSTS) fatal(relay_init: too many hosts in table); + host-idx = rlay-dstnhosts; rlay-dsthost[rlay-dstnhosts++] = host; } log_info(adding %d hosts from table %s%s, @@ -1876,10 +1877,14 @@ relay_hash_addr(struct sockaddr_storage sin4 = (struct sockaddr_in *)ss; p = hash32_buf(sin4-sin_addr, sizeof(struct in_addr), p); + p = hash32_buf(sin4-sin_port, + sizeof(struct in_addr), p); } else { sin6 = (struct sockaddr_in6 *)ss; p = hash32_buf(sin6-sin6_addr, sizeof(struct in6_addr), p); + p = hash32_buf(sin6-sin6_port, + sizeof(struct in6_addr), p); } return (p); @@ -1903,7 +1908,7 @@ relay_from_table(struct session *con) case RELAY_DSTMODE_ROUNDROBIN: if ((int)rlay-dstkey = rlay-dstnhosts) rlay-dstkey = 0; - idx = (int)rlay-dstkey++; + idx = (int)rlay-dstkey; break; case RELAY_DSTMODE_LOADBALANCE: p = relay_hash_addr(con-in.ss, p); @@ -1933,6 +1938,8 @@ relay_from_table(struct session *con) fatalx(relay_from_table: no active hosts, desynchronized); found: + if (rlay-conf.dstmode == RELAY_DSTMODE_ROUNDROBIN) + rlay-dstkey = host-idx + 1; con-retry = host-conf.retry; con-out.port = table-conf.port; bcopy(host-conf.ss, con-out.ss, sizeof(con-out.ss));
Re: mutiple pptp pass-through PF
On Tue, Nov 20, 2007 at 08:06:39PM +0530, Girish Venkatachalam wrote: pf(4) can do this. I have a diff with me but if I send it in the present state, then Theo will catch my neck. :) I should be able to submit a diff soon. I need to modify it to meet the high standards of OpenBSD... i'm sure that somebody told you about the reason to reject these patches: it does not belong into the kernel! write a userland proxy. like ftp-proxy, tftp-proxy, hoststated, ... how hard is it to understand? there are zillions of insane features in linux but we don't care - it is not the OpenBSD way of doing it. they do string operations like SIP parsing (which looks like HTTP) in the kernel. so what? reyk
Installing OpenOffice on -current
Hi, Is building from ports the only way to install OpenOffice on 4.2-current? I am unable to find OpenOffice package in the snapshots directory, so this seems to be the only way as of now. The one from release does not install on -current (last time I tried it). Seeing the time and resources needed to build OOo, I can understand why it is not being routinely built. Apart from packages, does anyone do a OOo routine build, which can be made available? The only reason I ask is it will be easier to download a package and install on -current, rather than do the build everytime! (My laptop is churning out the build since about 8 hrs. now, and I don't know how much more it will take). If this goes through fine, I will make the package public. Oh, and the build broke last night because I ran out of space. OOo does need gigs of space to build (4G free in /usr, I read somewhere). Thanks. -Amarendra
Traffic accounting software
Hello, misc. Can anyone share success story about traffic accounting on OpenBSD? I want to implement this on my router connecting office network to ISP. Currently I run Squid with SARG but non-HTTP traffic is left outside the statistics. I need following features: - counting all traffic going in/out ISP interface; - web interface/gui client; - reports by day/week/month/custom total traffic in/out; - reports by src/dst/service traffic consumption; - reports by top downloaders; All I found so far is either linux software or just flow collectors without any web interface or reports system. Absolutely any help appreciated. Thanks in advance. -- Yuri A. Spirin
Re: mutiple pptp pass-through PF
* Reyk Floeter [EMAIL PROTECTED] [2007-11-22 13:11]: On Tue, Nov 20, 2007 at 08:06:39PM +0530, Girish Venkatachalam wrote: pf(4) can do this. I have a diff with me but if I send it in the present state, then Theo will catch my neck. :) I should be able to submit a diff soon. I need to modify it to meet the high standards of OpenBSD... i'm sure that somebody told you about the reason to reject these patches: it does not belong into the kernel! well. depends. if it is reasonably small and obvious it might be ok. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Traffic accounting software
Yuri Spirin P=P0P?P8QP0: I need following features: - counting all traffic going in/out ISP interface; - web interface/gui client; - reports by day/week/month/custom total traffic in/out; These ones could be done with SNMP and Cacti - www.cacti.net Regards, Doichin
Re: Installing OpenOffice on -current
On 2007/11/22 18:20, Amarendra Godbole wrote: Is building from ports the only way to install OpenOffice on 4.2-current? I am unable to find OpenOffice package in the snapshots directory, so this seems to be the only way as of now. There's one in the latest i386 package snap (Nov 18), other arch should follow gradually. Oh, and the build broke last night because I ran out of space. OOo does need gigs of space to build (4G free in /usr, I read somewhere). Yeah, loads of space. I powered down my i386 build box due to electrical storms the other day and haven't put it back up yet so I can't check just what it needs. In mk.conf you can set WRKOBJDIR_editors/openoffice=/usr/obj/ports (or choose somewhere else you have plenty of space). (I actually just have WRKOBJDIR=/usr/obj/ports for everything, it's easier to clean).
Re: mutiple pptp pass-through PF
On 2007/11/22 14:04, Henning Brauer wrote: * Reyk Floeter [EMAIL PROTECTED] [2007-11-22 13:11]: On Tue, Nov 20, 2007 at 08:06:39PM +0530, Girish Venkatachalam wrote: pf(4) can do this. I have a diff with me but if I send it in the present state, then Theo will catch my neck. :) I should be able to submit a diff soon. I need to modify it to meet the high standards of OpenBSD... i'm sure that somebody told you about the reason to reject these patches: it does not belong into the kernel! well. depends. if it is reasonably small and obvious it might be ok. it must look at the control message on TCP/1723 and translate CallID; then it must look at the session packets (GRE/proto 47) and translate CallID the same way. the parts handling control messages probably belong in userland and they can add translation rules to an anchor like ftp-proxy does, but that would need a change to PF so that you can tell it to translate CallID for GRE packets (like you can tell it to translate port for TCP/UDP). http://blogs.isaserver.org/pouseele/2007/06/17/multiple-pptp-vpn-clients-behind-a-nat-device/
making ftp-proxy load balance using route-to
Hi, I just happened to come across http://pfsense.com/cgi-bin/cvsweb.cgi/tools/pfPorts/pftpx-routeto/ Just wondering if some work is done on our ftp-proxy to load balance traffic between two or more external interfaces. If not then I will start doing it :-) Thank you so much Kind Regards Siju
Re: mutiple pptp pass-through PF
* Stuart Henderson [EMAIL PROTECTED] [2007-11-22 14:38]: On 2007/11/22 14:04, Henning Brauer wrote: * Reyk Floeter [EMAIL PROTECTED] [2007-11-22 13:11]: On Tue, Nov 20, 2007 at 08:06:39PM +0530, Girish Venkatachalam wrote: pf(4) can do this. I have a diff with me but if I send it in the present state, then Theo will catch my neck. :) I should be able to submit a diff soon. I need to modify it to meet the high standards of OpenBSD... i'm sure that somebody told you about the reason to reject these patches: it does not belong into the kernel! well. depends. if it is reasonably small and obvious it might be ok. it must look at the control message on TCP/1723 and translate CallID; then it must look at the session packets (GRE/proto 47) and translate CallID the same way. the parts handling control messages probably belong in userland and they can add translation rules to an anchor like ftp-proxy does, but that would need a change to PF so that you can tell it to translate CallID for GRE packets (like you can tell it to translate port for TCP/UDP). sounds reasonable. but i have no idea how coplicated gre is or what it takes to translate callIDs. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: mutiple pptp pass-through PF
On 13:04:56 Nov 22, Reyk Floeter wrote: i'm sure that somebody told you about the reason to reject these patches: it does not belong into the kernel! write a userland proxy. like ftp-proxy, tftp-proxy, hoststated, ... Sure. how hard is it to understand? It sure isn't. there are zillions of insane features in linux but we don't care - it is not the OpenBSD way of doing it. they do string operations like SIP parsing (which looks like HTTP) in the kernel. so what? A million thanks for your kind advice. Here is a promise. You shall have the patch from me sent to tech@ before Dec 15. A lot of poor souls have been asking this feature for years and a lot of sweat and blood has gone into my writing it. So I better try my best to get it accepted into mainline pf at the earliest. Thanks. regards, Girish
Journal des cadeaux d'entreprise : Editorial Décembre 2007
Si ce message ne s'affiche pas correctement, vous pouvez le visualiser en suivant ce lien. Retrouvez toutes nos nouveautis : Dicouvrez notre silection festive et surprenante pour vos cadeaux de fin d'annie. N'hisitez pas ` vous en inspirer pour remercier et fidiliser vos clients. Souvenirs sur icran... cadre photo numirique La technologie est aujourd'hui indissociable du plaisir d'offrir. Ce cadre photo digital propose de l'audio et de la vidio sur un icran Multicouleur de 16 miga. Phre Nokl aimanti Incontournable Phre Nokl, ici diclini en porte mimo en mital brossi, polie ou laqui. Design d'excellence... Stylo personnalisi Waterman continue de nous iblouir avec ce stylo plume dont la ligne galbie rappelle la courbure d'une tige de bambou. Parka 3 en 1... Textile publicitaire Inspiri des tenues des plus grands navigateurs, Pen Duick propose ici un blouson 3 en 1 admirablement complet : une parka et un blouson qui s'assemblent afin d'adapter le vjtement aux tempiratures plus ou moins froides. Pour ne plus recevoir nos informations, suivez le lien
Re: nptd regression in 4.2
hmm, on Wed, Nov 21, 2007 at 11:50:59AM +0100, Otto Moerbeek said that On Sat, Nov 17, 2007 at 05:37:17PM +0100, Otto Moerbeek wrote: So, did anybody test this? -Otto i see the diff went in, sorry i'll test it asap. thanks. -f -- dick drank, dick drove, dick died. don't be a dick.
Re: mutiple pptp pass-through PF
On 11/22/07, Girish Venkatachalam [EMAIL PROTECTED] wrote: Here is a promise. You shall have the patch from me sent to tech@ before Dec 15. Wow! :-) Every time I hit the pptp limitation, I start coding and a few hours later give up in disgust. Over many sittings, I've nearly completed the userland pptp-proxy, and started on hacking the kernel pf to do a full NAT on GRE using Call-IDs (in place of tcp/udp port numbers). I have not tested the kernel bit, but the userland stuff works okay. I even started http://sourceforge.net/projects/pptp-proxy, and later abandoned it. The sourceforge code is ancient, don't use it, the latest work was never committed. Let me know if you want any of my code. Should you decide to go with the userland pptp-proxy approach, it's important to know that there's a bug in 4.2 that triggers a kernel dump whenever you call pf ioctl PFIOCADDSTATE with bad args. A fix for this is available, but I doubt if its worked itself into CURRENT. - Raja
Matlab 2007 b
Hey I am trying to use Matlab 2007 b in openbsd 4.2. I have Linux support installed and enabled. I manged to fix the installer arch checking by providing my own small uname script. And have modified their start script to handle to output of openbsd uname. But when I try to launch it it returns. /matlab/bin/glnx86/MATLAB: error while loading shared libraries: libut.so: cannot enable executable stack as shared object requires: Permission denied I have tied without their launch script to just run /matlab/bin/glnx86/MATLAB but that's the same. To ensure Linux emul on the binary i made a file /matlab/bin/glnx86MATLAB with the following result: /matlab/bin/glnx86/MATLAB: ELF 32-bit LSB executable, Intel 80386, version 1, for GNU/Linux 2.2.0, dynamically linked (uses shared libs), stripped My user owns the directory and to be sure that it isn't permission probs I have also tied as root Hope that anyone have some suggestions... Kind regards: Kasper Revsbech
Using PostgreSQL as an user database
Hi everybody, I am trying to configure a virtual hosting system on OpenBSD, and I am currently looking at the authentication and user lookup. I have already normalized a PostgreSQL database which stores the users amongst others. And i would like to use these users in OpenBSD. As I understand their really is only one possibility to configure such a setup and that is to select all the users from the PostgreSQL database and create a bdb hash using pwd_mkdb (or any other compatible tool). PostgreSQL has support for asynchronous notifications (http://www.postgresql.org/docs/8.2/interactive/sql-listen.html) thus it is possible to create a bdb whenever the user database is updated. I was thinking about running the following scripts when postgreql sends such an asynchronous notification. $ script | pwd_mkdb /dev/stdin /etc/master.passwd The script will output all the users in the same format as master.passwd. Are there any other methods for doing this, or are there things I am overlooking with this configuration? Thanks, Alexander Schrijver
Re: Hoststated and stickiness based on cookie strings
ok, forget about this diff - i committed the first part (roundrobin) but skipped the loadbalance part because it is wrong to look at the client port in this case (because i want to provide session persistence). On Thu, Nov 22, 2007 at 12:51:10PM +0100, Reyk Floeter wrote: - please try the attached diff, it will fix the roundrobin mode by saving the last index and traversing to the next available host. (you can also have a look at my little test program to verify the alg: http://team.vantronix.net/~reyk/q.c) - i'm also looking into improving the loadbalance mode. the attached diff includes the source port in loadbalance mode and the destination (relay) port in loadbalance and hash mode. make also sure that you feed in other variables if you want to get better results, for example request hash Host to feed the virtual hostname into the hash/loadbalance hash. reyk Index: hoststated.h === RCS file: /cvs/src/usr.sbin/hoststated/hoststated.h,v retrieving revision 1.81 diff -u -p -r1.81 hoststated.h --- hoststated.h 22 Nov 2007 10:09:53 - 1.81 +++ hoststated.h 22 Nov 2007 11:45:00 - @@ -327,6 +327,7 @@ struct host { u_long up_cnt; int retry_cnt; struct ctl_tcp_event cte; + int idx; }; TAILQ_HEAD(hostlist, host); Index: relay.c === RCS file: /cvs/src/usr.sbin/hoststated/relay.c,v retrieving revision 1.65 diff -u -p -r1.65 relay.c --- relay.c 22 Nov 2007 10:09:53 - 1.65 +++ relay.c 22 Nov 2007 11:45:01 - @@ -463,6 +463,7 @@ relay_init(void) if (rlay-dstnhosts = RELAY_MAXHOSTS) fatal(relay_init: too many hosts in table); + host-idx = rlay-dstnhosts; rlay-dsthost[rlay-dstnhosts++] = host; } log_info(adding %d hosts from table %s%s, @@ -1876,10 +1877,14 @@ relay_hash_addr(struct sockaddr_storage sin4 = (struct sockaddr_in *)ss; p = hash32_buf(sin4-sin_addr, sizeof(struct in_addr), p); + p = hash32_buf(sin4-sin_port, + sizeof(struct in_addr), p); } else { sin6 = (struct sockaddr_in6 *)ss; p = hash32_buf(sin6-sin6_addr, sizeof(struct in6_addr), p); + p = hash32_buf(sin6-sin6_port, + sizeof(struct in6_addr), p); } return (p); @@ -1903,7 +1908,7 @@ relay_from_table(struct session *con) case RELAY_DSTMODE_ROUNDROBIN: if ((int)rlay-dstkey = rlay-dstnhosts) rlay-dstkey = 0; - idx = (int)rlay-dstkey++; + idx = (int)rlay-dstkey; break; case RELAY_DSTMODE_LOADBALANCE: p = relay_hash_addr(con-in.ss, p); @@ -1933,6 +1938,8 @@ relay_from_table(struct session *con) fatalx(relay_from_table: no active hosts, desynchronized); found: + if (rlay-conf.dstmode == RELAY_DSTMODE_ROUNDROBIN) + rlay-dstkey = host-idx + 1; con-retry = host-conf.retry; con-out.port = table-conf.port; bcopy(host-conf.ss, con-out.ss, sizeof(con-out.ss));
Re: PCMCIA on a Toshiba A135-S4656 to use wi(4) with DWL-650 PCMCIA
On a few systems I own, enabling ACPI and disabling APM seems to work on older systems, I needed to go into my BIOS and disable an option like PnP OS/Operating system. (By setting it to No/False..) To try your system with ACPI, at the boot console.. Type the following. UKC disable apm UKC enable acpi UKC quit I hope this works for you..
Re: OpenBGPD selecting wrong nexthop over openvpn tunnel
On Nov 22, 2007, at 2:42 AM, Henning Brauer wrote: bgpctl show nexthop probably does not list tun0 for 10.8.1.2? in the logs, you'll see a nexthop 10.8.1.2 now valid message, what does it say exactly? I do have tun0 listed in the nexthop: gw0# bgpctl sh nexthop Nexthop State 10.8.1.2 valid tun0UP gw0# Regarding the 'now valid' messages, just cycles between these 2: nexthop 10.8.1.2 now invalid nexthop 10.8.1.2 now valid: via 10.8.1.248 -casey
Re: Matlab 2007 b
But when I try to launch it it returns. /matlab/bin/glnx86/MATLAB: error while loading shared libraries: libut.so: cannot enable executable stack as shared object requires: Permission denied I had exactly the same error with Mathematica (caused by the Intel Vector Math Library libvml.so). I needed to apply this patch http://marc.info/?l=openbsd-miscm=119479722118605 to the OpenBSD source-code.
Re: mutiple pptp pass-through PF
On 14:40:57 Nov 22, Henning Brauer wrote: sounds reasonable. but i have no idea how coplicated gre is or what it takes to translate callIDs. Take a look at my diff. I have already done all the work for you. The only advantage with my design is the ease with which you can get it working. No config changes, no userland stuff, no redirection, no overhead, nothing. The problem however is that something tells me deep inside my heart that somewhere something is wrong. :) You are the best judge. Awaiting your speedy reply. regards, Girish
Re: mutiple pptp pass-through PF
On 13:34:22 Nov 22, Stuart Henderson wrote: it must look at the control message on TCP/1723 and translate CallID; Modulate, not translate. :) My terminology. I am using arc4random() to generate unique callIDs that do not clash. The callID is always set to zero by PPTP , hence this requirement. ( No more comments about M$ stuff :) then it must look at the session packets (GRE/proto 47) and translate CallID the same way. Yes and maintain a mapping. This is far more difficult than it first appears. You can see the diff for what all needs to be done. the parts handling control messages probably belong in userland and they can add translation rules to an anchor like ftp-proxy does, but that would need a change to PF so that you can tell it to translate CallID for GRE packets (like you can tell it to translate port for TCP/UDP). http://blogs.isaserver.org/pouseele/2007/06/17/multiple-pptp-vpn-clients-behind-a-nat-device/ I think though it takes a lot of clever programming and even smarter design, I have a problem with maintaining the table in kernel. I got it working perfectly a long time ago ( roughly a year ago) and I can send the working diff right away if you want. I am sure Henning is not going to like it. :) Whether it is small or not is a matter of taste but if I were to do it correctly I will do it the proxy rdr way. The problem however with that approach is that there is a huge overhead in passing packets between kernel to userland and back. Here is the diff attached. If you like it commit it. :) And bear in mind that I developed it against old code, so you might have to do some tweaks. If not I am more than willing to do it the right way. Let me know your choice. regards, Girish Index: pfvar.h === RCS file: /cvs/src/sys/net/pfvar.h,v retrieving revision 1.242 diff -c -r1.242 pfvar.h *** pfvar.h 13 Dec 2006 05:10:15 - 1.242 --- pfvar.h 12 Mar 2007 09:18:49 - *** *** 2,7 --- 2,8 /* * Copyright (c) 2001 Daniel Hartmeier + * Copyright (c) 2007 Girish Venkatachalam * All rights reserved. * * Redistribution and use in source and binary forms, with or without *** *** 936,941 --- 937,943 struct tcphdr *tcp; struct udphdr *udp; struct icmp *icmp; + struct gre_h *gre; #ifdef INET6 struct icmp6_hdr*icmp6; #endif /* INET6 */ *** *** 958,963 --- 960,970 sa_family_t af; u_int8_t proto; u_int8_t tos; + u_int16_tmycallid; /* PPTP lan call id */ + u_int16_tpeercallid;/* PPTP remote call id */ + struct pfpptp_head *pptph; + + }; /* flags for RDR options */ *** *** 1351,1356 --- 1358,1372 int pfiio_size; int pfiio_nzero; int pfiio_flags; + }; + + + enum { PF_PPTP_MYID, PF_PPTP_PEERID }; + + struct pfpptp_call { + SLIST_ENTRY(pfpptp_call) next_call; + u_int16_t myid; + u_int16_t peerid; }; Index: pf.c === RCS file: /cvs/src/sys/net/pf.c,v retrieving revision 1.523 diff -c -r1.523 pf.c *** pf.c22 Dec 2006 13:24:52 - 1.523 --- pf.c12 Mar 2007 09:18:01 - *** *** 3,8 --- 3,9 /* * Copyright (c) 2001 Daniel Hartmeier * Copyright (c) 2002,2003 Henning Brauer + * Copyright (c) 2007, Girish Venkatachalam * All rights reserved. * * Redistribution and use in source and binary forms, with or without *** *** 72,77 --- 73,79 #include netinet/icmp_var.h #include netinet/if_ether.h + #include net/if_gre.h #include dev/rndvar.h #include net/pfvar.h #include net/if_pflog.h *** *** 105,110 --- 107,114 intaltqs_inactive_open; u_int32_t ticket_pabuf; + SLIST_HEAD(pfpptp_head,pfpptp_call) pf_pptph; + struct pf_anchor_stackframe { struct pf_ruleset *rs; struct pf_rule *r; *** *** 163,168 --- 167,176 int, struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, struct pf_rule **, struct pf_ruleset **, struct ifqueue *); + int pf_test_gre_pptp(struct pf_rule **, struct pf_state **, + int , struct pfi_kif *, struct mbuf *, int, + void *, struct pf_pdesc *, struct pf_rule **, + struct pf_ruleset **, struct ifqueue *); intpf_test_other(struct pf_rule **, struct pf_state **,
Re: Using PostgreSQL as an user database
On Thu, Nov 22, 2007 at 05:35:00PM +0100, Alexander Schrijver wrote: Hi everybody, I am trying to configure a virtual hosting system on OpenBSD, and I am currently looking at the authentication and user lookup. I have already normalized a PostgreSQL database which stores the users amongst others. And i would like to use these users in OpenBSD. As I understand their really is only one possibility to configure such a setup and that is to select all the users from the PostgreSQL database and create a bdb hash using pwd_mkdb (or any other compatible tool). PostgreSQL has support for asynchronous notifications (http://www.postgresql.org/docs/8.2/interactive/sql-listen.html) thus it is possible to create a bdb whenever the user database is updated. I was thinking about running the following scripts when postgreql sends such an asynchronous notification. $ script | pwd_mkdb /dev/stdin /etc/master.passwd The script will output all the users in the same format as master.passwd. Are there any other methods for doing this, or are there things I am overlooking with this configuration? Thanks, Alexander Schrijver Hi Alexander, I am not sure i understand exactly what you want, but if it involves authenticating the users against the pgsql database, you may want to take a look at this: http://www.evilkittens.org/~gilles/loginpgsql.tar.gz as well as to login.conf(5). I wrote this auth module for myself so you'll need to edit the authenticate() function to set the proper database informations. I have another piece of code which updates master.passwd whenever the accounts table is updated but it would need a lot of cleanup before it is useable outside of my configuration ;-) Gilles -- Gilles Chehade http://www.evilkittens.org/ http://www.evilkittens.org/blog/gilles/
Re: File collision while using pkg_add
On 11/22/07, Pieter Verberne [EMAIL PROTECTED] wrote: Hi all, I'm trying to install gnome-doc-utils : $ sudo pkg_add gnome-doc-utils perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LC_ALL = (unset), LC_CTYPE = en_US.UTF-8, LANG = (unset) are supported and installed on your system. perl: warning: Falling back to the standard locale (C). Collision: the following files already exist /usr/local/bin/gnome-doc-prepare (same md5) /usr/local/bin/gnome-doc-tool (same md5) /usr/local/bin/xml2po (same md5) /usr/local/lib/pkgconfig/gnome-doc-utils.pc (same md5) /usr/local/lib/pkgconfig/xml2po.pc (same md5) /usr/local/man/man1/xml2po.1 (same md5) /usr/local/share/aclocal/gnome-doc-utils.m4 (same md5) /usr/local/share/xml2po/xhtml.pyc (same md5) etc, etc, etc... /usr/sbin/pkg_add: fatal issues in installing gnome-doc-utils-0.10.3p2 $ The Perl error just appeared today but it is no big deal for me right now. My problem is that I can't find any way in pkg_add(1) for dealing with this. There are just to many collision files to remove manually and I don't know how te make a script wich automaticly removes all these files. How should I handle this? First, how did this happen? Is the package system out of sync, or did you have a failed install? Second, to deal with it: make a script to automatically remove the files. Just pipe the output to a file, go in with your favourite editor and delete everything before and after the filelists, and then replace (same md5) with , and then for file in `cat files`; do rm file; done Or just rm every file it lists by hand?
Re: Using PostgreSQL as an user database
On Nov 22, 2007 2:10 PM, Gilles Chehade [EMAIL PROTECTED] wrote: On Thu, Nov 22, 2007 at 05:35:00PM +0100, Alexander Schrijver wrote: Hi everybody, I am trying to configure a virtual hosting system on OpenBSD, and I am currently looking at the authentication and user lookup. I have already normalized a PostgreSQL database which stores the users amongst others. And i would like to use these users in OpenBSD. As I understand their really is only one possibility to configure such a setup and that is to select all the users from the PostgreSQL database and create a bdb hash using pwd_mkdb (or any other compatible tool). PostgreSQL has support for asynchronous notifications (http://www.postgresql.org/docs/8.2/interactive/sql-listen.html) thus it is possible to create a bdb whenever the user database is updated. I was thinking about running the following scripts when postgreql sends such an asynchronous notification. $ script | pwd_mkdb /dev/stdin /etc/master.passwd The script will output all the users in the same format as master.passwd. Are there any other methods for doing this, or are there things I am overlooking with this configuration? Thanks, Alexander Schrijver Hi Alexander, I am not sure i understand exactly what you want, but if it involves authenticating the users against the pgsql database, you may want to take a look at this: http://www.evilkittens.org/~gilles/loginpgsql.tar.gz as well as to login.conf(5). I wrote this auth module for myself so you'll need to edit the authenticate() function to set the proper database informations. I have another piece of code which updates master.passwd whenever the accounts table is updated but it would need a lot of cleanup before it is useable outside of my configuration ;-) Gilles -- Gilles Chehade http://www.evilkittens.org/ http://www.evilkittens.org/blog/gilles/ Oops, I meant to sent this to [EMAIL PROTECTED] Hi Gilles, This is exactly what I was looking for thanks :) ! didnt even know this was possible. Also, I would like to have the functions getpwnam and getgrname etc. working with the users from postgres. Is this best method for doing this to simply update the master.passwd with the records from PostgreSQL? thanks, Alexander
Re: mutiple pptp pass-through PF
Beavis wrote: ... as soon as everybody is moved here we can easily let this pptp go... Much relieved to know that.
Re: 5.1 sound card recommendation
On Wednesday 21 November 2007, Alexandre Ratchov wrote: On Wed, Nov 21, 2007 at 01:12:38PM -0800, J.C. Roberts wrote: On Wednesday 21 November 2007, Nickolay A. Burkov wrote: Hello everyone! Do somebody have success with 5.1 sound ? If so, please recommend PCI Sound Card to work with OpenBSD 4.2(-CURRENT). I have MARC'ed a bit but similar messages were 1 year ago. I'd like to think that something have been changed.. Thank you for your time. For some strange reason I recall reading about some work being done on the Sound Blaster Audigy cards. Many of those cards are 5.1, 6.1 or 7.1 surround sound. A quick search on openbsd audigy shows we've had support since 3.9 but I'm not sure if this includes the surround sound features, or if it's just two channel? Older audigy cards based on EMU10K1 chips are supposed to work with the emu(4) driver, it's still two channel. Newer cards based on CA0106 will not work because there's no driver for the chip. The last time I've asked creative for documentation they didn't reply; since then, I've lost interest in these cards. -- Alexandre Alexandre, Off-list I was told that some of the older SoundBlaster Live cards will work in 5.1 mode including front/surround/centre/lfe control, but the off-list statement contradicts what you said earlier about no 5.1 (or better) support? I suspect you understand the code far better than most (including me). :-) Thanks, JCR
Re: securing OpenBSD wireless network
Therefore is WEP+IPSec the current secure limit for a wlan with OpenBSD as hostap and Windows-XP clients? --Jairo Souto [EMAIL PROTECTED] (38)9968-3447 On Mon, Nov 19, 2007 at 03:08:29PM -0800, David Newman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/19/07 2:36 PM, Tonnerre LOMBARD wrote: Salut, On Mon, Nov 19, 2007 at 02:20:54PM -0800, David Newman wrote: There is some layer-2 stuff that happens before layer-3 handshaking begins -- 802.11 association and deassociation, possibly layer-2 learning, and 802.1X authentication if that's used. IPSec will not and cannot secure any of this. Is there any need to secure that? In my local WLAN, you only have two ways of proceeding if you want internet access: a Tor router, or IPsec. Before either of those processes begin, I can associate like crazy to your access point. That would ensure you never get Internet access, even without my flinging a single IP packet at you. I have a test tool that can associate 500 times to the same AP, appearing as 500 unique clients. In my experience, most APs crash and burn a long time before then -- and that's before seeing any IP traffic. Even if your AP is robust enough to handle a huge number of client associations, the chatty nature of the 802.11 protocol ensures the medium will be so full of management frames that you won't be able to send an IP packet. (I like to think of 802.11 as a technology that combines the worst aspects of Ethernet and token ring...) If you come in without IPsec, i.e. you cannot establish the IKE handshake, and if you don't us the Socks proxy Tor provides, you are trapped in a local network where noone except all of the laptops are. Sure thing, you can communicate with another unauthenticated laptop, but I don't care that much about this scenario, since it does not cause me any problems. Does not cause *you* problems != no leakage at L2 Wireless LANs are a technology in which sensitive data may go in the clear at L2 before L3 gets started. In this case L2 security mechanisms such as WPA are appropriate, and do not rule out the use of complementary mechanisms like IPSec or SSL. What sensitive data do you see me exchange before IPsec connectivity is established? Well, for starters every 802.11 AP broadcasts its availability 10 times a second. And since 802.11 is a shared-access medium, you'll also see the first packet of every client's 802.1X auth exchange, as well as SSIDs of all available stations. Even if you don't care about authenticating or encrypting L2 data, there's still the issue of bandwidth and resource consumption at L2. 802.11 is extremely chatty. Using WPA or (if you must) WEP to keep the airwaves free (well, to the extent possible) can help there. With a, that's not that much of a problem usually Probably true for your setup, definitely less true in other (and arguably most other large-scale) setups. Most APs consist of a dinky little CPU and a very little bit of memory, both easily swamped by doing too much work *just at layer 2.* Further, they have to contend for spectrum with other 802.11 stations, microwave ovens, Bluetooth devices, cordless phones, ham radios (that's for the far more popular 2.4-GHz spectrum used by 802.11b/g/n. The 5.8-GHz spectrum used by 802.11a/n is much better, though still hardly pristine). Anything you can do to keep your AP's RF section free and clear will result in a better WLAN experience, where better means both faster and more secure. dn iD8DBQFHQhdsyPxGVjntI4IRAiehAJ48mn685Gk0VaQ/ui50Zg07LvpKTQCgsQaW iEhNeWGoplX7tIAAMCYKKgc= =/Guk -END PGP SIGNATURE-
Recommendations for a wireless USB adapter
Hello all, Since the wireless card in my current router has stopped working I'm taking the opportunity to make a major upgrade. Unfortunately the computer I'm replacing it with only have one PCI-slot which I'll need for the wired network. So I will need to use an USB adapter for the wireless network and was wondering what people would recommend. I'm hoping to be able to connect the computer in the garage so one with good signal strength but not a directed one would be the best. -- Erik WikstrC6m
Re: nptd regression in 4.2
hmm, on Wed, Nov 21, 2007 at 11:50:59AM +0100, Otto Moerbeek said that So, did anybody test this? -Otto Index: client.c === RCS file: /cvs/src/usr.sbin/ntpd/client.c,v retrieving revision 1.76 diff -u -p -r1.76 client.c --- client.c1 May 2007 07:40:45 - 1.76 +++ client.c17 Nov 2007 16:34:07 - @@ -123,7 +123,8 @@ client_query(struct ntp_peer *p) int tos = IPTOS_LOWDELAY; if (p-addr == NULL client_nextaddr(p) == -1) { - set_next(p, scale_interval(INTERVAL_QUERY_AGGRESSIVE)); + set_next(p, MAX(SETTIME_TIMEOUT, + scale_interval(INTERVAL_QUERY_AGGRESSIVE))); return (0); } @@ -140,8 +141,8 @@ client_query(struct ntp_peer *p) if (errno == ECONNREFUSED || errno == ENETUNREACH || errno == EHOSTUNREACH || errno == EADDRNOTAVAIL) { client_nextaddr(p); - set_next(p, - scale_interval(INTERVAL_QUERY_AGGRESSIVE)); + set_next(p, MAX(SETTIME_TIMEOUT, + scale_interval(INTERVAL_QUERY_AGGRESSIVE))); return (-1); } else fatal(client_query connect); my mirror still did not get this, so i applied manually. first test case: new ntpd installed amaaq alias p p='ps -u' amaaq p -ax | grep ntpd _ntp 18531 0.0 0.1 424 728 ?? Is 8:24PM0:00.06 ntpd: ntp eng root 27267 0.0 0.1 480 776 ?? Ss 8:24PM0:00.01 ntpd: [priv] amaaq sudo kill 27267 yank out ethernet cable, leave interface up, just curious amaaq sudo /usr/sbin/ntpd -s hangs, after couple of unsuccesful ^C's i put back ethernet cable, when line comes back up, terminates ^C^C^C^CTerminating second test case: amaaq p -ax | grep ntpd f30100 0.0 0.0 628 4 p3 R+10:17PM0:00.00 grep ntpd (ks amaaq sudo ifconfig rl0 down amaaq sudo /usr/sbin/ntpd -s after 10-15s i get back shell, ntpd running ammaq amaaq sudo sh /etc/netstart finish mail ;-) so to conclude, when no active interface is present it works. would it be also so trivial to fix the first test case? or perhaps i just didn't wait long enough for a timeot? -f -- a kick in the ass is a step forward.
Re: PE1950
We have a few PE1950s and they all came with PERC5 but the new ones I've been quoting up are PERC6's. So it definitely a new addition. PERC6 does not work yet with out mfi driver but I am also pretty sure those aren't really available yet. I'm confused. So does it or does it not work with mfi driver? thank you, Stas. - Original Message From: Claer [EMAIL PROTECTED] To: misc@openbsd.org Sent: Thursday, November 22, 2007 3:44:01 AM Subject: Re: PE1950 On Wed, Nov 21 2007 at 56:15, Marco Peereboom wrote: This machines works fine with 4.2. PERC6 does not work yet with out mfi driver but I am also pretty sure those aren't really available yet. The last PE 1950 we bought (2 months ago) came with PERC 5. I heard that new hardware should arrive near december for the PE 1950. Claer On Wed, Nov 21, 2007 at 09:55:54AM -0800, Stanislav Ovcharenko wrote: Hello, I'm planning on running OpenBSD 4.2 on Dell Power Edge 1950. Question 1: How stable is it on x64 platform? I mean native 64 bit code. I assume that x86 code will run just fine ... Question 2: Does anyone know if PERC 6 RAID controller is supported. The hardware list says that it will work with PERC 5 and I'm wondering if the same driver will detect and support the chipset on PERC 6 controller. Any feedback would be appreciated. Regards, Stas. Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
Re: 5.1 sound card recommendation
On Thu, Nov 22, 2007 at 12:36:51PM -0800, J.C. Roberts wrote: On Wednesday 21 November 2007, Alexandre Ratchov wrote: On Wed, Nov 21, 2007 at 01:12:38PM -0800, J.C. Roberts wrote: On Wednesday 21 November 2007, Nickolay A. Burkov wrote: Hello everyone! Do somebody have success with 5.1 sound ? If so, please recommend PCI Sound Card to work with OpenBSD 4.2(-CURRENT). I have MARC'ed a bit but similar messages were 1 year ago. I'd like to think that something have been changed.. Thank you for your time. For some strange reason I recall reading about some work being done on the Sound Blaster Audigy cards. Many of those cards are 5.1, 6.1 or 7.1 surround sound. A quick search on openbsd audigy shows we've had support since 3.9 but I'm not sure if this includes the surround sound features, or if it's just two channel? Older audigy cards based on EMU10K1 chips are supposed to work with the emu(4) driver, it's still two channel. Newer cards based on CA0106 will not work because there's no driver for the chip. The last time I've asked creative for documentation they didn't reply; since then, I've lost interest in these cards. -- Alexandre Alexandre, Off-list I was told that some of the older SoundBlaster Live cards will work in 5.1 mode including front/surround/centre/lfe control, but the off-list statement contradicts what you said earlier about no 5.1 (or better) support? I suspect you understand the code far better than most (including me). :-) as far as the hardware, you may be able to control the speakers separately with emu(4), cmpci(4) and possibly others. if `mixerctl -a` shows outputs.center, outputs.lfe, etc, then this could be possible. however, the emu(4) and cmpci(4) low level drivers only support 1 or 2 channel input/output. audio(4) itself does not restrict the number of channels. I think the bigger question is: what applications actually output more than 2 audio channels? none, afaik. please let me know if there is something I do not know about. also, some devices support AC-3 pass-through. that is, the devices themselves decode (2.1, 5.1, 7.1) AC-3 audio streams, but this is not supported in audio(4) nor in the low level drivers. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Recommendations for a wireless USB adapter
On 2007/11/22 22:32, Erik Wikstrvm wrote: Since the wireless card in my current router has stopped working I'm taking the opportunity to make a major upgrade. Unfortunately the computer I'm replacing it with only have one PCI-slot which I'll need for the wired network. So I will need to use an USB adapter for the wireless network and was wondering what people would recommend. I'm hoping to be able to connect the computer in the garage so one with good signal strength but not a directed one would be the best. I don't think any of the USB wireless adapters support automatic transmit speed control for hostap, and antenna connection is always a problem if you want a good signal. I don't think the USB options are a particularly good choice for a full-time AP. Possibly controversial but I think it might work better with the wired ethernet on USB (url worked well for me, the aue I have wasn't so good), wireless on PCI (I had best success with wi and acx for hostap).
IPSEC Connection all gone passive?
Hi, I'm running 4.1 and today when I was updating ipsec.conf to add a new VPN to problems hit me. Loading the new ipsec.conf with ipsecctl it loaded all of the VPN in passive mode - passive. I didn't want passive tunnels, I want them to be active. After setting ike active esp their still loaded passive. Like this: Nov 22 22:20:35 obsd41i386 isakmpd[23153]: connection_reinit: reinitializing connection list Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [Phase 2]:Connections-IPsec-192.168.5.129-192.168.0.22,IPsec-192.168.5.129- 192.168.0.27 Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value not found [IPsec-192.168.5.129-192.168.0.22]:Flags Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [IPsec-192.168.5.129-192.168.0.22]:Local-ID-lid-192.168.5.129 Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [IPsec-192.168.5.129-192.168.0.22]:Remote-ID-rid-192.168.0.22 Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [lid-192.168.5.129]:ID-type-IPV4_ADDR Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [lid-192.168.5.129]:Address-192.168.5.129 Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value not found [lid-192.168.5.129]:Protocol Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [rid-192.168.0.22]:ID-type-IPV4_ADDR Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [rid-192.168.0.22]:Address-192.168.0.22 Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value not found [rid-192.168.0.22]:Protocol Nov 22 22:20:35 obsd41i386 isakmpd[23153]: connection_record_passive: passive connection IPsec-192.168.5.129-192.168.0.22 added Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value not found [IPsec-192.168.5.129-192.168.0.27]:Flags Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [IPsec-192.168.5.129-192.168.0.27]:Local-ID-lid-192.168.5.129 Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [IPsec-192.168.5.129-192.168.0.27]:Remote-ID-rid-192.168.0.27 Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [lid-192.168.5.129]:ID-type-IPV4_ADDR Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [lid-192.168.5.129]:Address-192.168.5.129 Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value not found [lid-192.168.5.129]:Protocol Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [rid-192.168.0.27]:ID-type-IPV4_ADDR Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [rid-192.168.0.27]:Address-192.168.0.27 Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value not found [rid-192.168.0.27]:Protocol Nov 22 22:20:35 obsd41i386 isakmpd[23153]: connection_record_passive: passive connection IPsec-192.168.5.129-192.168.0.27 added Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value not found [Phase 2]:Passive-Connections Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value not found [General]:check-interval Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value not found [General]:check-interval From earlier I'm used to that isakmpd.conf pulls up the VPN's faster them my terminal can display -D 0=99. Even trying to send traffic to remote end didn't force tunnel negotiation. My head hurts after bashing my head against the wall. If someone could hit me with a cluestick of where to find my typo I would be gratefull man. What really made me feel like a clueless batter was that I found out in the prosess of googling that ipsec.conf alone does not provide aes with 256 keylength. I was left heavy chested as this could mean that I neededd to walk into the dark corners of isakmpd.conf again. So if I've found the rigth clues is this like the rigth way to do it? [AES-SHA] KEY_LENGTH=256,128:256 Do I need to do this on a pr SUITE in MAIN and QUICK that I want to use, thus overriding the defaults? -- Runo Fxrrisdahl - Basefarm AS http://www.basefarm.no/
Re: nptd regression in 4.2
* frantisek holop [EMAIL PROTECTED] [2007-11-22 22:30]: my mirror still did not get this, so i applied manually. ofcourse not, it wasnot commited but asked to be tested... first test case: new ntpd installed amaaq alias p p='ps -u' amaaq p -ax | grep ntpd _ntp 18531 0.0 0.1 424 728 ?? Is 8:24PM0:00.06 ntpd: ntp eng root 27267 0.0 0.1 480 776 ?? Ss 8:24PM0:00.01 ntpd: [priv] amaaq sudo kill 27267 yank out ethernet cable, leave interface up, just curious amaaq sudo /usr/sbin/ntpd -s hangs, after couple of unsuccesful ^C's i put back ethernet cable, when line comes back up, terminates ^C^C^C^CTerminating there you run into the problem imentioned earlier, the dns requests block the parent second test case: amaaq p -ax | grep ntpd f30100 0.0 0.0 628 4 p3 R+10:17PM0:00.00 grep ntpd (ks amaaq sudo ifconfig rl0 down amaaq sudo /usr/sbin/ntpd -s after 10-15s i get back shell, ntpd running ammaq amaaq sudo sh /etc/netstart finish mail ;-) there they don't and the reglar 15 second timeout kicks in so to conclude, when no active interface is present it works. would it be also so trivial to fix the first test case? no. as said, ihave an idea. maybe soon... or perhaps i just didn't wait long enough for a timeot? it will eventually timne out, but it might take quite some time... -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: 5.1 sound card recommendation
On Wed, Nov 21, 2007 at 09:23:52PM +0300, Nickolay A. Burkov wrote: Hello everyone! Do somebody have success with 5.1 sound ? If so, please recommend PCI Sound Card to work with OpenBSD 4.2(-CURRENT). I have MARC'ed a bit but similar messages were 1 year ago. I'd like to think that something have been changed.. Thank you for your time. Short answer, get another OS. Windows would be best for amateur sound recording/processing/listening. I don't think the BSDs nor Linux we'll see real 5.1 support for a good period of time. ALSA is trying something at the moment but its very specific and broken most of the time, a hassle really.
Re: Recommendations for a wireless USB adapter
Erik WikstrC6m [EMAIL PROTECTED] wrote: So I will need to use an USB adapter for the wireless network and was wondering what people would recommend. I'm using a D-Link DWL 122 without any problems. Works out of the box on USB, plug it and use it. Even in AP mode. -- Jonathan
Re: nptd regression in 4.2
hmm, on Thu, Nov 22, 2007 at 10:37:39PM +0100, Henning Brauer said that * frantisek holop [EMAIL PROTECTED] [2007-11-22 22:30]: my mirror still did not get this, so i applied manually. ofcourse not, it wasnot commited but asked to be tested... http://marc.info/?l=openbsd-cvsm=119572716112905w=2 amaaq alias p p='ps -u' amaaq p -ax | grep ntpd _ntp 18531 0.0 0.1 424 728 ?? Is 8:24PM0:00.06 ntpd: ntp eng root 27267 0.0 0.1 480 776 ?? Ss 8:24PM0:00.01 ntpd: [priv] amaaq sudo kill 27267 yank out ethernet cable, leave interface up, just curious amaaq sudo /usr/sbin/ntpd -s hangs, after couple of unsuccesful ^C's i put back ethernet cable, when line comes back up, terminates ^C^C^C^CTerminating there you run into the problem imentioned earlier, the dns requests block the parent is that a reason why ^C is not working? is it possible to make it react to break with a signal handler? -f -- the world: a comedy for thinkers; a tragedy for feelers.
Re: securing OpenBSD wireless network
David Newman [EMAIL PROTECTED] wrote: There is some layer-2 stuff that happens before layer-3 handshaking begins -- 802.11 association and deassociation, possibly layer-2 learning, and 802.1X authentication if that's used. IPSec will not and cannot secure any of this. Is there any need to secure that? In my local WLAN, you only have two ways of proceeding if you want internet access: a Tor router, or IPsec. Before either of those processes begin, I can associate like crazy to your access point. That would ensure you never get Internet access, even without my flinging a single IP packet at you. Duh. It's a *radio* network. Of course it can be DoS-ed. WEP doesn't change that. In fact, popular attacks against WEP generate massive L2 traffic. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: 5.1 sound card recommendation
**cough** OpenAL ( http://www.openal.org ) On 23/11/2007, Jacob Meuser [EMAIL PROTECTED] wrote: On Thu, Nov 22, 2007 at 12:36:51PM -0800, J.C. Roberts wrote: On Wednesday 21 November 2007, Alexandre Ratchov wrote: On Wed, Nov 21, 2007 at 01:12:38PM -0800, J.C. Roberts wrote: On Wednesday 21 November 2007, Nickolay A. Burkov wrote: Hello everyone! Do somebody have success with 5.1 sound ? If so, please recommend PCI Sound Card to work with OpenBSD 4.2(-CURRENT). I have MARC'ed a bit but similar messages were 1 year ago. I'd like to think that something have been changed.. Thank you for your time. For some strange reason I recall reading about some work being done on the Sound Blaster Audigy cards. Many of those cards are 5.1, 6.1 or 7.1 surround sound. A quick search on openbsd audigy shows we've had support since 3.9 but I'm not sure if this includes the surround sound features, or if it's just two channel? Older audigy cards based on EMU10K1 chips are supposed to work with the emu(4) driver, it's still two channel. Newer cards based on CA0106 will not work because there's no driver for the chip. The last time I've asked creative for documentation they didn't reply; since then, I've lost interest in these cards. -- Alexandre Alexandre, Off-list I was told that some of the older SoundBlaster Live cards will work in 5.1 mode including front/surround/centre/lfe control, but the off-list statement contradicts what you said earlier about no 5.1 (or better) support? I suspect you understand the code far better than most (including me). :-) as far as the hardware, you may be able to control the speakers separately with emu(4), cmpci(4) and possibly others. if `mixerctl -a` shows outputs.center, outputs.lfe, etc, then this could be possible. however, the emu(4) and cmpci(4) low level drivers only support 1 or 2 channel input/output. audio(4) itself does not restrict the number of channels. I think the bigger question is: what applications actually output more than 2 audio channels? none, afaik. please let me know if there is something I do not know about. also, some devices support AC-3 pass-through. that is, the devices themselves decode (2.1, 5.1, 7.1) AC-3 audio streams, but this is not supported in audio(4) nor in the low level drivers. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: nptd regression in 4.2
* frantisek holop [EMAIL PROTECTED] [2007-11-22 23:02]: hmm, on Thu, Nov 22, 2007 at 10:37:39PM +0100, Henning Brauer said that * frantisek holop [EMAIL PROTECTED] [2007-11-22 22:30]: my mirror still did not get this, so i applied manually. ofcourse not, it wasnot commited but asked to be tested... http://marc.info/?l=openbsd-cvsm=119572716112905w=2 amaaq alias p p='ps -u' amaaq p -ax | grep ntpd _ntp 18531 0.0 0.1 424 728 ?? Is 8:24PM0:00.06 ntpd: ntp eng root 27267 0.0 0.1 480 776 ?? Ss 8:24PM0:00.01 ntpd: [priv] amaaq sudo kill 27267 yank out ethernet cable, leave interface up, just curious amaaq sudo /usr/sbin/ntpd -s hangs, after couple of unsuccesful ^C's i put back ethernet cable, when line comes back up, terminates ^C^C^C^CTerminating there you run into the problem imentioned earlier, the dns requests block the parent is that a reason why ^C is not working? is it possible to make it react to break with a signal handler? it has a signal handler, which is kinda the problem (but then, not really). there more Ilookat it there morei think we have to use a seperate processjust for the dns shit. the parent is just not allowed to block. that sucks. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: 5.1 sound card recommendation
err Linux / Alsa support 5.1 fine on a number of cards, have done for a long time. On 23/11/2007, Paul Irofti [EMAIL PROTECTED] wrote: On Wed, Nov 21, 2007 at 09:23:52PM +0300, Nickolay A. Burkov wrote: Hello everyone! Do somebody have success with 5.1 sound ? If so, please recommend PCI Sound Card to work with OpenBSD 4.2 (-CURRENT). I have MARC'ed a bit but similar messages were 1 year ago. I'd like to think that something have been changed.. Thank you for your time. Short answer, get another OS. Windows would be best for amateur sound recording/processing/listening. I don't think the BSDs nor Linux we'll see real 5.1 support for a good period of time. ALSA is trying something at the moment but its very specific and broken most of the time, a hassle really.
Re: 5.1 sound card recommendation
On Fri, Nov 23, 2007 at 10:55:41AM +1300, Joel Wiramu Pauling wrote: **cough** OpenAL ( http://www.openal.org ) On Wednesday 21 November 2007, Alexandre Ratchov wrote: Newer cards based on CA0106 will not work because there's no driver for the chip. The last time I've asked creative for documentation they didn't reply so, what about applications from vendors who actually care about openness and don't require NDAs? IMO OpenAL seems like a selling point for creative's hardware, which they like to keep secrets about. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: 5.1 sound card recommendation
On Fri, Nov 23, 2007 at 11:47:21AM +1300, Joel Wiramu Pauling wrote: err Linux / Alsa support 5.1 fine on a number of cards, have done for a long time. err, for cards where a developer has signed an NDA? -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Recommendations for a wireless USB adapter
Erik WikstrC6m wrote: Hello all, Since the wireless card in my current router has stopped working I'm taking the opportunity to make a major upgrade. Unfortunately the computer I'm replacing it with only have one PCI-slot which I'll need for the wired network. So I will need to use an USB adapter for the wireless network and was wondering what people would recommend. I'm hoping to be able to connect the computer in the garage so one with good signal strength but not a directed one would be the best. http://www.usr.com/support/product-template.asp?prod=1120 Works for me like a charm.
How to stop cwm
How do I stop or get out of CWM? So far I have to use Ctrl-Alt-Backspace. My ~/.xinitrc is the same as /etc/X11/xinit/xinitrc except fvwm is replaced with cwm. TIA, Zoong
Re: Firefox/Thunderbird ignore GTK2 font settings on OpenBSD
J.C. Roberts schrieb: On Thursday 22 November 2007, Stefan Dengscherz wrote: Hello list, I recently tried to configure the perfect font handling (at least for me) on my OpenBSD desktop system. I want to setup fonts smaller than a defined size not to be anti-aliased (I'm using ms-corefonts and want to imitate the windows font- rendering mechanism). This works perfectly with the font configuration files from PC-BSD. Setting a corefont in ~/.gtkrc-2.0 also applies my special setting to GTK widgets. However, Firefox Thunderbird seem to ignore the global GTK settings, the fonts on the GTK widgets in these applications are _always_ anti-aliased, apart from my defined settings. The fonts in the html rendering area are rendered exactly as defined in my font configuration, though. I've created a screenshot: http://elybis.chaosnet.org/fonts.png How can I force Firefox Thunderbird to use my font configuration? Regards, If I understand you correctly, the fonts within the displayed web pages are correct according to what you want, but the application user interface fonts are not. You want fonts smaller than X to not be anti-aliased in the firefox/thunderbird UI. NOTE: You stated the reverse of the above, but since anti-aliasing makes a complete mess of small fonts, I suspect you want the reverse of what you said, namely disabling anti-aliasing on small fonts. There are two things you can do to fix the matter: 1.) Over-ride the anti-aliasing in /etc/fonts/fonts.conf (or ~/.fonts.conf) for small fonts (and/or specific font names). 2.) Force specific UI fonts/sizes via the UserChrome.css file for both firefox and thunderbird. http://support.zenwalk.org/index.php/topic,132.0.html Also, you might want to check out about:config in the firefox url bar and look up the font.antialias.min setting. This is most likely what is preventing anti-aliasing on small fonts, but I'm uncertain if it affects only displayed web pages, or web pages and the UI. kind regards, jcr Hello J.C., Thanks for your quick answer. Have a look at the image I posted; the slashdot site is rendered as I want it, also the UI in pidgin has the correct font rendering, only the Firefox UI seems to ignore my settings (fonts are still blurry, although Firefox uses GTK2 too). I already set my proper font configuration in /etc/fonts/local.conf and .gtkrc-2.0. However Firefox UI seems to ignore it completely. I've already played around with the font settings in about:config, but they don't seem to affect the UI, just the html rendering engine. I'll take a look ath the UserChrome.css options maybe there's some switch to adjust. Any other hints? -sd
Re: securing OpenBSD wireless network
Does anyone know if there is WPA support for OpenBSD being worked on? This would be nice. David Newman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/22/07 1:55 PM, Christian Weisgerber wrote: David Newman [EMAIL PROTECTED] wrote: There is some layer-2 stuff that happens before layer-3 handshaking begins -- 802.11 association and deassociation, possibly layer-2 learning, and 802.1X authentication if that's used. IPSec will not and cannot secure any of this. Is there any need to secure that? In my local WLAN, you only have two ways of proceeding if you want internet access: a Tor router, or IPsec. Before either of those processes begin, I can associate like crazy to your access point. That would ensure you never get Internet access, even without my flinging a single IP packet at you. Duh. It's a *radio* network. Of course it can be DoS-ed. WEP doesn't change that. In fact, popular attacks against WEP generate massive L2 traffic. Yes. WPA is somewhat better (in that the better controller-based systems have rate controls). Other than being better than nothing on really old hardware, WEP is worthless. dn iD8DBQFHRk3LyPxGVjntI4IRApZlAJ44a3Um15XTftC6s7wlHXlWQOr/dwCg8ULI dZSlpbIowhsNSj3aqcCkoT8= =TjLE -END PGP SIGNATURE-
Re: Installing OpenOffice on -current
On Nov 22, 2007 6:45 PM, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/11/22 18:20, Amarendra Godbole wrote: Is building from ports the only way to install OpenOffice on 4.2-current? I am unable to find OpenOffice package in the snapshots directory, so this seems to be the only way as of now. There's one in the latest i386 package snap (Nov 18), other arch should follow gradually. Oh, and the build broke last night because I ran out of space. OOo does need gigs of space to build (4G free in /usr, I read somewhere). Yeah, loads of space. I powered down my i386 build box due to electrical storms the other day and haven't put it back up yet so I can't check just what it needs. OpenOffice 2.3.0 was built successfully on my laptop, after approximate 9 hrs. on my ThinkPad X60 (2G RAM, Intel Core 2 Duo processor). I built a no_lang version. 9 hrs. was the build time needed only by OpenOffice, haven't counted the other dependencies like jvm and all. In mk.conf you can set WRKOBJDIR_editors/openoffice=/usr/obj/ports (or choose somewhere else you have plenty of space). (I actually just have WRKOBJDIR=/usr/obj/ports for everything, it's easier to clean). Thanks for an excellent tip. This solves most of my issues, as I have lot of space in /home. In order to build openoffice, I had to relocate my /usr/src, /usr/ports/packages, /usr/ports/distfiles, and w-openoffice-2.3.0 directory under /home. WRKOBJDIR now makes all this redundant. -Amarendra
Re: Firefox/Thunderbird ignore GTK2 font settings on OpenBSD
On Thursday 22 November 2007, Stefan Dengscherz wrote: Hello list, I recently tried to configure the perfect font handling (at least for me) on my OpenBSD desktop system. I want to setup fonts smaller than a defined size not to be anti-aliased (I'm using ms-corefonts and want to imitate the windows font- rendering mechanism). This works perfectly with the font configuration files from PC-BSD. Setting a corefont in ~/.gtkrc-2.0 also applies my special setting to GTK widgets. However, Firefox Thunderbird seem to ignore the global GTK settings, the fonts on the GTK widgets in these applications are _always_ anti-aliased, apart from my defined settings. The fonts in the html rendering area are rendered exactly as defined in my font configuration, though. I've created a screenshot: http://elybis.chaosnet.org/fonts.png How can I force Firefox Thunderbird to use my font configuration? Regards, If I understand you correctly, the fonts within the displayed web pages are correct according to what you want, but the application user interface fonts are not. You want fonts smaller than X to not be anti-aliased in the firefox/thunderbird UI. NOTE: You stated the reverse of the above, but since anti-aliasing makes a complete mess of small fonts, I suspect you want the reverse of what you said, namely disabling anti-aliasing on small fonts. There are two things you can do to fix the matter: 1.) Over-ride the anti-aliasing in /etc/fonts/fonts.conf (or ~/.fonts.conf) for small fonts (and/or specific font names). 2.) Force specific UI fonts/sizes via the UserChrome.css file for both firefox and thunderbird. http://support.zenwalk.org/index.php/topic,132.0.html Also, you might want to check out about:config in the firefox url bar and look up the font.antialias.min setting. This is most likely what is preventing anti-aliasing on small fonts, but I'm uncertain if it affects only displayed web pages, or web pages and the UI. kind regards, jcr
Re: Firefox/Thunderbird ignore GTK2 font settings on OpenBSD
On Thursday 22 November 2007, Stefan Dengscherz wrote: I've already played around with the font settings in about:config, but they don't seem to affect the UI, just the html rendering engine. Yes. I'm fairly sure the about:config options *only* affect the HTML rendering and not the UI. I'll take a look ath the UserChrome.css options maybe there's some switch to adjust. You can change the UI fonts with UserChrome.css -It's the only way that I know how to do it. Since you already do have anti-aliasing working, I figured I didn't need to mention it but what the heck... You should have the following defined and exported for anti-aliasing to work with gtk and qt. GDK_USE_XFT=1 export GDK_USE_XFT QT_XFT=1 export QT_XFT Some people like to adjust specific elements of the firefox UI in different ways (as noted in the URL I previously posted by the element names) but personally, I just do a global change on everything in the UI with the following lines in my UserChrome.css file. * { font-family: Terminus !important; font-size: 16pt !important; font-weight:600 !important; } Yep, it forces the above font on the entire UI. If your system/user font configuration is doing anti-aliasing on the specified font, then it is anti-aliased in the firefox UI (I don't use thunderbird). Firefox, (and I suspect thunderbird) control its UI via XUL, so by default they ignore many/most settings in of your gtkrc-2.0 file. http://www.xulplanet.com/tutorials/xultu/ http://www.xulplanet.com/references/elemref/ref_StyleProperties.html Sadly, UserChrome is a work in progress, constantly changing and the docs *always* suck. http://kb.mozillazine.org/Chrome_element_names_and_IDs http://kb.mozillazine.org/UserChrome.css There are settings within your gtkrc-2.0 file that firefox will use, in particular, settings for scroll bars and if you use them, effect 'engines' like xfce. XUL and UserChrome can do some impressive things once you learn them, unfortunately, it means you'll be doing a lot of trial and error testing since the docs are just plain missing in most cases. This is what I did... http://www.designtools.org/files/firefox.png kind regards, jcr
Re: Azalia weirdness
On Friday 23 November 2007 01:25:01 STeve Andre' wrote: I recently got a T60p ThinkPad to replace my A31p. Lots of stuff works, but sound has proved to be a problem. I can play MP3s, but with extremely low audio, barely there but from what I can hear it sounds OK. This happens with both the speakers and headphones. I suspect something isn't right since I get a time out message [snip] Of course the act of posting this results in my figuring it out. mixerctl outputs.lineout=240,240 seems to have activated it, and I'm listening Guardians of the Earth on my headphones now. ;-) Thanks to Deanna and others for this. I now have a mostly functioning thinkpad once again... --STeve Andre'
Firefox/Thunderbird ignore GTK2 font settings on OpenBSD
Hello list, I recently tried to configure the perfect font handling (at least for me) on my OpenBSD desktop system. I want to setup fonts smaller than a defined size not to be anti-aliased (I'm using ms-corefonts and want to imitate the windows font- rendering mechanism). This works perfectly with the font configuration files from PC-BSD. Setting a corefont in ~/.gtkrc-2.0 also applies my special setting to GTK widgets. However, Firefox Thunderbird seem to ignore the global GTK settings, the fonts on the GTK widgets in these applications are _always_ anti-aliased, apart from my defined settings. The fonts in the html rendering area are rendered exactly as defined in my font configuration, though. I've created a screenshot: http://elybis.chaosnet.org/fonts.png How can I force Firefox Thunderbird to use my font configuration? Regards, -sd
remote Gnome OpenBSD 4.2 problems
I have been trying to establish an Xnest connection to an OpenBSD 4.2 machine without success. I do not care about security - in this particular application. 4.2 is using a newer Gnome and the config files are reorganized. But they do not appear to be the names/locations as newer Gnome faqs indicate either. With comments snipped my /etc/X11/gdm/custom.conf is below. Yet my Xnest never gets past the grey checked background screen. I have no problem Xnest'ing to other systems. [daemon] RemoteGreeter=/usr/local/libexec/gdmlogin [security] AllowRemoteRoot=true RelaxPermissions=2 DisallowTCP=false [xdmcp] Enable=true Thanks. -- Dave Lynch DLA Systems Software Development:Embedded Linux 717.627.3770 [EMAIL PROTECTED] http://www.dlasys.net fax: 1.253.369.9244Cell: 1.717.587.7774 Over 25 years' experience in platforms, languages, and technologies too numerous to list. Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction. Albert Einstein
Any OpenBSD users in Berlin?
Hi, If there are any OpenBSD users in Berlin could you please contact me off list please? Thank you so much :-) Kind Regards Siju
confused on openssl....
Hello all, I am sorry to ask this dumb question here. but after going thru several web-pages. i am not able to figure out that: where should i build my base directories to start creating certificates for CA and http/imap server? like for e.g should it be under /root/ssl/ private crl certs... or should be under /etc/ssl/ ??? how important it is in light of security and accessibility and convention - for applications to use it? I appreciate your advice. Thank you. BG ~~Kalyan-mastu~~
Re: securing OpenBSD wireless network
On Thu, Nov 22, 2007 at 10:05:21PM -0800, David wrote: Does anyone know if there is WPA support for OpenBSD being worked on? This would be nice. pkg_add wpa_supplicant ??? Or did i misunderstand something? --- Andri Braselmann
Azalia weirdness
I recently got a T60p ThinkPad to replace my A31p. Lots of stuff works, but sound has proved to be a problem. I can play MP3s, but with extremely low audio, barely there but from what I can hear it sounds OK. This happens with both the speakers and headphones. I suspect something isn't right since I get a time out message azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 11 azalia0: RIRB time out azalia0: codec[s]: Analog Devices AD1981HD, 0x/0x, using Analog Devices AD1981HD audio0 at azalia0 Playing with audioctl and mixerctl I can't seem to change the volume. Any ideas? Relevant outputs of audioctl, mixerctl and dmesg output below. Thanks, STeve Andre' audioctl -a name=HD-Audio version=1.0 config=azalia0 encodings=slinear_le:16,slinear_le:16 properties=full_duplex,independent full_duplex=0 fullduplex=0 blocksize=384 hiwat=170 lowat=127 output_muted=0 monitor_gain=0 mode= play.rate=8000 play.channels=1 play.precision=8 play.encoding=mulaw play.gain=127 play.balance=32 play.port=0x0 play.avail_ports=0x0 play.seek=0 play.samples=0 play.eof=0 play.pause=0 play.error=0 play.waiting=0 play.open=0 play.active=0 play.buffer_size=65536 record.rate=8000 record.channels=1 record.precision=8 record.encoding=mulaw record.gain=127 record.balance=32 record.port=0x0 record.avail_ports=0x0 record.seek=0 record.samples=0 record.eof=0 record.pause=0 record.error=0 record.waiting=0 record.open=0 record.active=0 record.buffer_size=65536 record.errors=0 mixerctl -a outputs.dac.source=hdaudio outputs.lineout.source=dac2 outputs.lineout.mute=off outputs.lineout=124,124 outputs.lineout=85,85 outputs.lineout.dir=output outputs.lineout.boost=off outputs.lineout.eapd=off outputs.hp.source=dac2 outputs.hp.mute=off outputs.hp=124,124 outputs.hp.boost=off outputs.mono.mute=off outputs.mono=124 outputs.mic=85,85 outputs.linein.source=dac2 outputs.linein.mute=off outputs.linein=124,124 outputs.linein=85,85 outputs.linein.dir=output inputs.sel.source=dac2 inputs.beep.source=beep outputs.beep.mute=off outputs.beep=119 outputs.sel3.mute=off outputs.sel3=120,120 outputs.sel4.mute=off outputs.sel4=120,120 outputs.sel5.mute=off outputs.sel5=120,120 outputs.pow.source=beep inputs.sel6.source=mix outputs.sel6.mute=off outputs.sel6=119,119 outputs.mic2.source=dac2 outputs.mic2.mute=off outputs.mic2=124,124 outputs.mic2=85,85 outputs.mic2.dir=output outputs.sel7.mute=off outputs.sel7=120,120 outputs.sel8.mute=off outputs.sel8=120,120 outputs.sel9.mute=off outputs.sel9=120,120 outputs.speaker.mute=off outputs.speaker=120,120 outputs.sel11.mute=off outputs.sel12.mute=off inputs.usingdac=03 dmesg - OpenBSD 4.2-current (GENERIC) #79: Thu Nov 22 21:21:36 EST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM)2 CPU T7600 @ 2.33GHz (GenuineIntel 686-class) 2.33 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR real mem = 2145808384 (2046MB) avail mem = 2067062784 (1971MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/19/07, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS rev. 2.4 @ 0xe0010 (68 entries) bios0: vendor LENOVO version 7IET31WW (1.12 ) date 09/19/2007 bios0: LENOVO 8741C5U pcibios0 at bios0: rev 2.1 @ 0xfd640/0x9c0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #22 is the last bus bios0: ROM list: 0xc/0x1 0xdc000/0x4000! 0xe/0x1! acpi0 at mainbus0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table FACP not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table ECDT not configured acpi device at acpi0 from table TCPA not configured acpi device at acpi0 from table APIC not configured acpi device at acpi0 from table MCFG not configured acpihpet0 at acpi0 table HPET: 14318179 Hz acpi device at acpi0 from table SLIC not configured acpi device at acpi0 from table BOOT not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1)
Re: Azalia weirdness
On Thursday 22 November 2007, STeve Andre' wrote: On Friday 23 November 2007 01:25:01 STeve Andre' wrote: I recently got a T60p ThinkPad to replace my A31p. Lots of stuff works, but sound has proved to be a problem. I can play MP3s, but with extremely low audio, barely there but from what I can hear it sounds OK. This happens with both the speakers and headphones. I suspect something isn't right since I get a time out message [snip] Of course the act of posting this results in my figuring it out. mixerctl outputs.lineout=240,240 seems to have activated it, and I'm listening Guardians of the Earth on my headphones now. ;-) Thanks to Deanna and others for this. I now have a mostly functioning thinkpad once again... --STeve Andre' STeve, You also might want to look at this post. http://archives.neohapsis.com/archives/openbsd/2007-11/0099.html It suggests that some degree of resampling is needed for Azalia. Well, at least it's supposedly needed when used in conjunction with aRtsd. Sadly, I'm clueless what it's actually talking about but it came to mind when reading your post. kind regards, JCR
Re: fxp changes between 4.2 and earlier releases causing stability problems?
Will try test it today, cheers. Henning Brauer wrote: * Josh [EMAIL PROTECTED] [2007-11-20 22:35]: I am having large stability problems since running 4.2 as firewalls. I have 1x fxp and 2x dual box fxp cards, and after a while, the boxes freeze up, Any suggestions/ideas? sounds like you hit the memory leak we just found fixed. Index: pf.c === RCS file: /cvs/src/sys/net/pf.c,v retrieving revision 1.564 diff -u -p -r1.564 pf.c --- pf.c18 Nov 2007 21:53:47 - 1.564 +++ pf.c22 Nov 2007 01:15:47 - @@ -816,6 +816,8 @@ pf_insert_state(struct pfi_kif *kif, str TAILQ_FOREACH(sp, cur-states, next) if (sp-kif == kif) { /* collision! */ pf_stateins_err(tree_lan_ext, s, kif); + pf_detach_state(s, + PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); return (-1); } pf_detach_state(s, PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); @@ -958,10 +960,8 @@ pf_src_tree_remove_state(struct pf_state u_int32_t timeout; if (s-src_node != NULL) { - if (s-state_key-proto == IPPROTO_TCP) { - if (s-src.tcp_est) - --s-src_node-conn; - } + if (s-src.tcp_est) + --s-src_node-conn; if (--s-src_node-states = 0) { timeout = s-rule.ptr-timeout[PFTM_SRC_NODE]; if (!timeout)
Re: Recommendations for a wireless USB adapter
On 2007-11-22, Jonathan Schleifer [EMAIL PROTECTED] wrote: Erik WikstrC6m [EMAIL PROTECTED] wrote: So I will need to use an USB adapter for the wireless network and was wondering what people would recommend. I'm using a D-Link DWL 122 without any problems. Works out of the box on USB, plug it and use it. Even in AP mode. What driver does it use? -- Alexey Vatchenko http://www.bsdua.org E-mail: [EMAIL PROTECTED] JID: [EMAIL PROTECTED]
Re: securing OpenBSD wireless network
David wrote: Does anyone know if there is WPA support for OpenBSD being worked on? This would be nice. There was a thread that I started a month ago unfortunately by mis-spelling WPA as (wap). One of the answers was posted I think by a developer who is currently working on WPA for OpenBSD. The information was rather comprehensive and I would just do harm by trying to repeat it. Best, Predrag David Newman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/22/07 1:55 PM, Christian Weisgerber wrote: David Newman [EMAIL PROTECTED] wrote: There is some layer-2 stuff that happens before layer-3 handshaking begins -- 802.11 association and deassociation, possibly layer-2 learning, and 802.1X authentication if that's used. IPSec will not and cannot secure any of this. Is there any need to secure that? In my local WLAN, you only have two ways of proceeding if you want internet access: a Tor router, or IPsec. Before either of those processes begin, I can associate like crazy to your access point. That would ensure you never get Internet access, even without my flinging a single IP packet at you. Duh. It's a *radio* network. Of course it can be DoS-ed. WEP doesn't change that. In fact, popular attacks against WEP generate massive L2 traffic. Yes. WPA is somewhat better (in that the better controller-based systems have rate controls). Other than being better than nothing on really old hardware, WEP is worthless. dn iD8DBQFHRk3LyPxGVjntI4IRApZlAJ44a3Um15XTftC6s7wlHXlWQOr/dwCg8ULI dZSlpbIowhsNSj3aqcCkoT8= =TjLE -END PGP SIGNATURE-
Re: securing OpenBSD wireless network
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/22/07 1:55 PM, Christian Weisgerber wrote: David Newman [EMAIL PROTECTED] wrote: There is some layer-2 stuff that happens before layer-3 handshaking begins -- 802.11 association and deassociation, possibly layer-2 learning, and 802.1X authentication if that's used. IPSec will not and cannot secure any of this. Is there any need to secure that? In my local WLAN, you only have two ways of proceeding if you want internet access: a Tor router, or IPsec. Before either of those processes begin, I can associate like crazy to your access point. That would ensure you never get Internet access, even without my flinging a single IP packet at you. Duh. It's a *radio* network. Of course it can be DoS-ed. WEP doesn't change that. In fact, popular attacks against WEP generate massive L2 traffic. Yes. WPA is somewhat better (in that the better controller-based systems have rate controls). Other than being better than nothing on really old hardware, WEP is worthless. dn iD8DBQFHRk3LyPxGVjntI4IRApZlAJ44a3Um15XTftC6s7wlHXlWQOr/dwCg8ULI dZSlpbIowhsNSj3aqcCkoT8= =TjLE -END PGP SIGNATURE-
Re: Azalia weirdness
STeve Andre' writes: I recently got a T60p ThinkPad to replace my A31p. Lots of stuff works, but sound has proved to be a problem. I can play MP3s, but with extremely low audio, barely there but from what I can hear it sounds OK. This happens with both the speakers and headphones. I suspect something isn't right since I get a time out message azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 11 azalia0: RIRB time out azalia0: codec[s]: Analog Devices AD1981HD, 0x/0x, using Analog Devices AD1981HD audio0 at azalia0 Playing with audioctl and mixerctl I can't seem to change the volume. Any ideas? Relevant outputs of audioctl, mixerctl and dmesg output below. The 'RIRB time out' and zero codec ID are from probing an unsupported codec, probably a modem. Nothing serious. I'm glad that you managed to get some sound out of it, but the info you provided reveals a lot of wrong. Notice the duplicate mixer items and ones that make no sense, like selecting an input source for the beep generator, or a power widget with a beep connected to it. Could you please build a kernel with this diff and 'option AZALIA_DEBUG' in the config file, then mail me the dmesg? You could also mail the regular dmesg to [EMAIL PROTECTED] Thanks!. Index: azalia_codec.c === RCS file: /cvs/src/sys/dev/pci/azalia_codec.c,v retrieving revision 1.43 diff -u -p -r1.43 azalia_codec.c --- azalia_codec.c 21 Nov 2007 18:48:11 - 1.43 +++ azalia_codec.c 23 Nov 2007 07:25:34 - @@ -164,8 +164,10 @@ azalia_codec_init_vtbl(codec_t *this) case 0x11d41981: /* http://www.analog.com/en/prod/0,2877,AD1981HD,00.html */ this-name = Analog Devices AD1981HD; - this-init_widget = azalia_ad1981hd_init_widget; - this-mixer_init = azalia_ad1981hd_mixer_init; + if (this-subid == AD1981HD_THINKPAD) { + this-init_widget = azalia_ad1981hd_init_widget; + this-mixer_init = azalia_ad1981hd_mixer_init; + } break; case 0x11d41983: /* http://www.analog.com/en/prod/0,2877,AD1983,00.html */