PCMCIA on a Toshiba A135-S4656 to use wi(4) with DWL-650 PCMCIA

[Andrew Hart]

I'd like to get wireless networking working on my Toshiba A135-S4656 
laptop. The built-in AR5424 isn't working for me, but I think ath(4) 
support for it is still a work-in-progress, so I'm trying to use a 
D-Link DWL-650 in the PCMCIA slot for now. This appears to be supported 
by wi(4) D-Link DWL-650 (rev A1-J3 only)  Prism-2.5PCMCIA. My 
card says Rev:J3 on the back.


I can't get a wi0 to show up in my output from ifconfig on 4.2 AMD64, 
and I don't see it recognizing the pcmcia connection. I've tried 4.2 
i386, which seems to recognize the pcmcia, but still doesn't produce a 
wi0 in ifconfig and produces the following two errors:

pcic_wait_ready: ready never happened, state = 4c
pccom3 at pcmcia0 function 0: can't allocate i/o space
Inserting the card before boot or after login didn't seem to change much.

Per pcmcia(4) I tried changing the address and size parameters with 
boot_config(8) and config(8). On amd64 I was not able to find the 
relevant driver. On i386 I was unable to make things better, but I was 
able to disable the driver and see the effect.


What should I try next? Is amd64 expected to support pcmcia differently?

Below are the dmesg outputs from both amd64 and i386 (same machine) and 
the ifconfig output.


Thanks,
Andrew Hart

ifconfig.amd64:
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33168
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
ath0: flags=8822BROADCAST,NOTRAILERS,SIMPLEX,MULTICAST mtu 1500
lladdr 00:1b:9e:1a:87:74
groups: wlan
media: IEEE802.11 autoselect
status: no network
ieee80211: nwid 
re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:16:d4:fd:87:c6
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::216:d4ff:fefd:87c6%re0 prefixlen 64 scopeid 0x2
inet 192.168.0.102 netmask 0xff00 broadcast 192.168.0.255
enc0: flags=0 mtu 1536

dmesg.amd64.CardInsertedPriorToBoot:
OpenBSD 4.2 (GENERIC) #1179: Tue Aug 28 10:37:50 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 526512128 (502MB)
avail mem = 499818496 (476MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xdc010 (22 entries)
bios0: vendor TOSHIBA version V1.40 date 04/26/2007
bios0: TOSHIBA Satellite A135
acpi at mainbus0 not configured
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz, 1596.25 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR,LONG

cpu0: 1MB 64b/line 4-way L2 cache
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel 82945GM MCH rev 0x03
vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 11
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Realtek/0x0862 (rev. 0.1), HDA version 1.0
azalia0: codec: ATT/Lucent/0x1040 (rev. 2.0), HDA version 1.0
azalia0: codec[1]: No support for modem function groups
azalia0: codec[1]: No audio function groups
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02
pci2 at ppb1 bus 4
ath0 at pci2 dev 0 function 0 Atheros AR5424 rev 0x01: irq 10
ath0: AR5424 10.0 phy 6.1 rf 10.2, WOR4W, address 00:1b:9e:1a:87:74
ppb2 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02
pci3 at ppb2 bus 5
re0 at pci3 dev 0 function 0 Realtek 8101E rev 0x01: RTL8101E 
(0x3400), irq 11, address 00:16:d4:fd:87:c6

rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: irq 11
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: irq 11
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: irq 10
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: irq 11
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2
pci4 at ppb3 bus 6
cbb0 at pci4 dev 4 function 0 TI PCIXX12 CardBus rev 0x00: couldn't 
map interrupt

TI PCIXX12 FireWire rev 0x00 at pci4 dev 4 function 1 not configured
TI PCIXX12 Multimedia Card Reader rev 0x00 at pci4 dev 4 function 2 
not configured

sdhc0 at pci4 dev 4 function 3 TI PCIXX12 Secure Data rev 0x00: irq 10
sdmmc0 at sdhc0
pcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02
pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA, 
channel 0 wired to 

Re: OpenBGPD selecting wrong nexthop over openvpn tunnel

[Henning Brauer]

* Casey Ransom [EMAIL PROTECTED] [2007-11-21 23:50]:
 On Nov 21, 2007, at 3:30 PM, Henning Brauer wrote:
 what does route -n get 10.8.1.2 show?
 I suspect there's a bug with tun not setting the ifindexin the routing
 message (*sigh*, another one)

 gw0# route -n get 10.8.1.2
route to: 10.8.1.2
 destination: 10.8.1.2
   interface: tun0

hmm. that seems fine.
bgpctl show nexthop probably does not list tun0 for 10.8.1.2?
in the logs, you'll see a nexthop 10.8.1.2 now valid message, what 
does it say exactly?

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: PE1950

[Claer]

On Wed, Nov 21 2007 at 56:15, Marco Peereboom wrote:
 This machines works fine with 4.2.
 
 PERC6 does not work yet with out mfi driver but I am also pretty sure
 those aren't really available yet.

The last PE 1950 we bought (2 months ago) came with PERC 5. I heard that
new hardware should arrive near december for the PE 1950.


Claer

 On Wed, Nov 21, 2007 at 09:55:54AM -0800, Stanislav Ovcharenko wrote:
  Hello,
   
  I'm planning on running OpenBSD 4.2 on Dell Power Edge 1950.
   
  Question 1: How stable is it on x64 platform? I mean native 64 bit code. I 
  assume that x86 code will run just fine ...
  Question 2: Does anyone know if PERC 6 RAID controller is supported. The 
  hardware list says that it will work with PERC 5 and I'm wondering if the 
  same driver will detect and support the chipset on PERC 6 controller.
   
  Any feedback would be appreciated.
   
  Regards, Stas.

Re: xinetd support

[Jan Stary]

On Nov 21 22:00:03, badeguruji wrote:
 is it supported on openbsd?
 http://www.xinetd.org/
 thank you.

http://www.linuxisforbitches.com/rants/xinetd.php

Re: fxp changes between 4.2 and earlier releases causing stability problems?

[Henning Brauer]

* Josh [EMAIL PROTECTED] [2007-11-20 22:35]:
 I am having large stability problems since running 4.2 as firewalls. I have 
 1x fxp and 2x dual box fxp cards, and after a while, the boxes freeze up, 

 Any suggestions/ideas?

sounds like you hit the memory leak we just found  fixed.

Index: pf.c
===
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.564
diff -u -p -r1.564 pf.c
--- pf.c18 Nov 2007 21:53:47 -  1.564
+++ pf.c22 Nov 2007 01:15:47 -
@@ -816,6 +816,8 @@ pf_insert_state(struct pfi_kif *kif, str
TAILQ_FOREACH(sp, cur-states, next)
if (sp-kif == kif) {   /* collision! */
pf_stateins_err(tree_lan_ext, s, kif);
+   pf_detach_state(s,
+   PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY);
return (-1);
}
pf_detach_state(s, PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY);
@@ -958,10 +960,8 @@ pf_src_tree_remove_state(struct pf_state
u_int32_t timeout;
 
if (s-src_node != NULL) {
-   if (s-state_key-proto == IPPROTO_TCP) {
-   if (s-src.tcp_est)
-   --s-src_node-conn;
-   }
+   if (s-src.tcp_est)
+   --s-src_node-conn;
if (--s-src_node-states = 0) {
timeout = s-rule.ptr-timeout[PFTM_SRC_NODE];
if (!timeout)


-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

File collision while using pkg_add

[Pieter Verberne]

Hi all,

I'm trying to install gnome-doc-utils :

$ sudo pkg_add gnome-doc-utils
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LC_ALL = (unset),
LC_CTYPE = en_US.UTF-8,
LANG = (unset)
are supported and installed on your system.
perl: warning: Falling back to the standard locale (C).
Collision: the following files already exist
/usr/local/bin/gnome-doc-prepare (same md5)
/usr/local/bin/gnome-doc-tool (same md5)
/usr/local/bin/xml2po (same md5)
/usr/local/lib/pkgconfig/gnome-doc-utils.pc (same md5)
/usr/local/lib/pkgconfig/xml2po.pc (same md5)
/usr/local/man/man1/xml2po.1 (same md5)
/usr/local/share/aclocal/gnome-doc-utils.m4 (same md5)
/usr/local/share/xml2po/xhtml.pyc (same md5)
etc, etc, etc...
/usr/sbin/pkg_add: fatal issues in  installing gnome-doc-utils-0.10.3p2
$

The Perl error just appeared today but it is no big deal for me right
now. My problem is that I can't find any way in pkg_add(1) for dealing
with this. There are just to many collision files to remove manually and
I don't know how te make a script wich automaticly removes all these files.

How should I handle this?

Pieter Verberne

Re: IPoEoA on ueagle?

[hammond . mason]

My ISP (www.bethere.co.uk) has told me it's IPoEoA:



3) When configuring the WAN, member would get an option asking whether your

ISP authenticates with user/pass or not You have to choose no in there. 4)

Connection is IPoEoATM 5) Multiplexing is LLC-based. In case you can choose

the LLC type it should be SNAP. 6) Set the modem to work in DHCP mode b to

obtain IP from the ISP.



However, your query prompted me to look at their web site and, while I was

there, it seems my 20Mbps connection may be ADSL2+ which - I think -

doesn't work with ueagle anyway.  I think I'm shagged :(









| I am running 4.2-RELEASE and have recompiled the kernel to include the

| lines:

|

| Option NATM

| ueagle* at usb?

|

| My Sagem [EMAIL PROTECTED] 800 E2 is recognised by the kernel:

|

| # dmesg | grep ueagle

| ueagle0 at uhub3 port 2

| ueagle0 detached

| ueagle0 at uhub3 port 2

| ueagle0: Analog Devices Eagle II, rev 1.00/50.0b, addr 2

| ueagle0: address: 00:60:4c:16:d1:60

| #

|

| My ISP uses IPoEoA.

| I have done a bit of reading on ATM (although I am by no means an expert)

| and I would like to know if IPoEoA is supported in ueagle.



No.  ueagle supports plain IPoA (with or without LLC encap) and PPPoA only.

It's more a limitation of the OS (netatm stack) than a limitation of the

driver though.  Are you sure your ISP really uses IPoEoA?

It is the first time I see this.

Does your modem synchronize at least? (just run ifconfig ueagle0 up)



Damien









---

This message (including any attachments) is confidential and may be

privileged. If you have received it by mistake please notify the sender by

return e-mail and delete this message from your system. Any unauthorised

use or dissemination of this message in whole or in part is strictly

prohibited. Please note that e-mails are susceptible to change. ABN AMRO

Bank N.V, which has its seat at Amsterdam, the Netherlands, and is

registered in the Commercial Register under number 33002587, including its

group companies, shall not be liable for the improper or incomplete

transmission of the information contained in this communication nor for any

delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its

group companies) does not guarantee that the integrity of this

communication has been maintained nor that this communication is free of

viruses, interceptions or interference.

---

Re: Hoststated and stickiness based on cookie strings

[Reyk Floeter]

hi!

On Wed, Nov 21, 2007 at 11:34:02PM -0800, Preston Norvell wrote:
 snip 
  The first is a basic issue with load balancing.  No matter which algorithm
  we choose, initial traffic is extremely heavily waited towards the system in
  the table with the highest id.  In point of experience so far, the only time
  more than one host is reliably used is when using the roundrobin type of
  load-balancing.  If 'loadbalance' or 'hash' is used, 99.9% of traffic ends
  up on a single host; some will end up on other hosts, sometime momentarily
  though, and not what we've been able see as deterministically.  The
  situation with 'loadbalance' we understand since our test system on the
  internet is essentially coming from essentially one address (though even in
  limited testing with a hand full of additional requesting addresses, it
  appears that it works the same).
  
  With a test of traffic from our test host with roundrobin (50 separate,
  simultaneous single request/response sessions run for several seconds), 797
  of the requests ended up at the high id host and 628 across the remaining 7
  (89 or 90 for each).
   
 
 We have discovered the issue with this unbalanced balancing.  The root cause
 appears to be some invalid assumptions in the roundrobin code in the
 relay_from_table function in relay.c.
 

- please try the attached diff, it will fix the roundrobin mode by
saving the last index and traversing to the next available host. 

(you can also have a look at my little test program to verify the alg:
http://team.vantronix.net/~reyk/q.c)

- i'm also looking into improving the loadbalance mode. the attached
diff includes the source port in loadbalance mode and the destination
(relay) port in loadbalance and hash mode. make also sure that you
feed in other variables if you want to get better results, for example

request hash Host

to feed the virtual hostname into the hash/loadbalance hash.

reyk

Index: hoststated.h
===
RCS file: /cvs/src/usr.sbin/hoststated/hoststated.h,v
retrieving revision 1.81
diff -u -p -r1.81 hoststated.h
--- hoststated.h22 Nov 2007 10:09:53 -  1.81
+++ hoststated.h22 Nov 2007 11:45:00 -
@@ -327,6 +327,7 @@ struct host {
u_long   up_cnt;
int  retry_cnt;
struct ctl_tcp_event cte;
+   int  idx;
 };
 TAILQ_HEAD(hostlist, host);
 
Index: relay.c
===
RCS file: /cvs/src/usr.sbin/hoststated/relay.c,v
retrieving revision 1.65
diff -u -p -r1.65 relay.c
--- relay.c 22 Nov 2007 10:09:53 -  1.65
+++ relay.c 22 Nov 2007 11:45:01 -
@@ -463,6 +463,7 @@ relay_init(void)
if (rlay-dstnhosts = RELAY_MAXHOSTS)
fatal(relay_init: 
too many hosts in table);
+   host-idx = rlay-dstnhosts;
rlay-dsthost[rlay-dstnhosts++] = host;
}
log_info(adding %d hosts from table %s%s,
@@ -1876,10 +1877,14 @@ relay_hash_addr(struct sockaddr_storage 
sin4 = (struct sockaddr_in *)ss;
p = hash32_buf(sin4-sin_addr,
sizeof(struct in_addr), p);
+   p = hash32_buf(sin4-sin_port,
+   sizeof(struct in_addr), p);
} else {
sin6 = (struct sockaddr_in6 *)ss;
p = hash32_buf(sin6-sin6_addr,
sizeof(struct in6_addr), p);
+   p = hash32_buf(sin6-sin6_port,
+   sizeof(struct in6_addr), p);
}
 
return (p);
@@ -1903,7 +1908,7 @@ relay_from_table(struct session *con)
case RELAY_DSTMODE_ROUNDROBIN:
if ((int)rlay-dstkey = rlay-dstnhosts)
rlay-dstkey = 0;
-   idx = (int)rlay-dstkey++;
+   idx = (int)rlay-dstkey;
break;
case RELAY_DSTMODE_LOADBALANCE:
p = relay_hash_addr(con-in.ss, p);
@@ -1933,6 +1938,8 @@ relay_from_table(struct session *con)
fatalx(relay_from_table: no active hosts, desynchronized);
 
  found:
+   if (rlay-conf.dstmode == RELAY_DSTMODE_ROUNDROBIN)
+   rlay-dstkey = host-idx + 1;
con-retry = host-conf.retry;
con-out.port = table-conf.port;
bcopy(host-conf.ss, con-out.ss, sizeof(con-out.ss));

Re: mutiple pptp pass-through PF

[Reyk Floeter]

On Tue, Nov 20, 2007 at 08:06:39PM +0530, Girish Venkatachalam wrote:
 pf(4) can do this. I have a diff with me but if I send it in the present
 state, then Theo will catch my neck. :)
 
 I should be able to submit a diff soon. I need to modify it to meet the
 high standards of OpenBSD...
 

i'm sure that somebody told you about the reason to reject these patches:

it does not belong into the kernel!

write a userland proxy.

like ftp-proxy, tftp-proxy, hoststated, ...

how hard is it to understand?

there are zillions of insane features in linux but we don't care - it
is not the OpenBSD way of doing it. they do string operations like SIP
parsing (which looks like HTTP) in the kernel. so what?

reyk

Installing OpenOffice on -current

[Amarendra Godbole]

Hi,

Is building from ports the only way to install OpenOffice on 4.2-current?
I am unable to find OpenOffice package in the snapshots directory, so
this seems to be the only way as of now. The one from release does not
install on -current (last time I tried it).

Seeing the time and resources needed to build OOo, I can understand
why it is not being routinely built. Apart from packages, does anyone do
a OOo routine build, which can be made available? The only reason I
ask is it will be easier to download a package and install on -current,
rather than do the build everytime! (My laptop is churning out the build
since about 8 hrs. now, and I don't know how much more it will take). If
this goes through fine, I will make the package public.

Oh, and the build broke last night because I ran out of space. OOo does
need gigs of space to build (4G free in /usr, I read somewhere). Thanks.

-Amarendra

Traffic accounting software

[Yuri Spirin]

Hello, misc.

Can anyone share success story about traffic accounting on OpenBSD?

I want to implement this on my router connecting office network to ISP. 
Currently I run Squid with SARG but non-HTTP traffic is left outside the 
statistics.


I need following features:
- counting all traffic going in/out ISP interface;
- web interface/gui client;
- reports by day/week/month/custom total traffic in/out;
- reports by src/dst/service traffic consumption;
- reports by top downloaders;

All I found so far is either linux software or just flow collectors 
without any web interface or reports system.


Absolutely any help appreciated.

Thanks in advance.

--
Yuri A. Spirin

Re: mutiple pptp pass-through PF

[Henning Brauer]

* Reyk Floeter [EMAIL PROTECTED] [2007-11-22 13:11]:
 On Tue, Nov 20, 2007 at 08:06:39PM +0530, Girish Venkatachalam wrote:
  pf(4) can do this. I have a diff with me but if I send it in the present
  state, then Theo will catch my neck. :)
  
  I should be able to submit a diff soon. I need to modify it to meet the
  high standards of OpenBSD...
  
 
 i'm sure that somebody told you about the reason to reject these patches:
 
 it does not belong into the kernel!

well. depends. if it is reasonably small and obvious it might be ok.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Traffic accounting software

[NetOne - Doichin Dokov]

Yuri Spirin P=P0P?P8Q
P0:

I need following features:
- counting all traffic going in/out ISP interface;
- web interface/gui client;
- reports by day/week/month/custom total traffic in/out;

These ones could be done with SNMP and Cacti - www.cacti.net

Regards,
Doichin

Re: Installing OpenOffice on -current

[Stuart Henderson]

On 2007/11/22 18:20, Amarendra Godbole wrote:
 Is building from ports the only way to install OpenOffice on 4.2-current?
 I am unable to find OpenOffice package in the snapshots directory, so
 this seems to be the only way as of now.

There's one in the latest i386 package snap (Nov 18), other arch
should follow gradually.

 Oh, and the build broke last night because I ran out of space. OOo does
 need gigs of space to build (4G free in /usr, I read somewhere).

Yeah, loads of space. I powered down my i386 build box due to
electrical storms the other day and haven't put it back up yet so
I can't check just what it needs.

In mk.conf you can set WRKOBJDIR_editors/openoffice=/usr/obj/ports
(or choose somewhere else you have plenty of space). (I actually just
have WRKOBJDIR=/usr/obj/ports for everything, it's easier to clean).

Re: mutiple pptp pass-through PF

[Stuart Henderson]

On 2007/11/22 14:04, Henning Brauer wrote:
 * Reyk Floeter [EMAIL PROTECTED] [2007-11-22 13:11]:
  On Tue, Nov 20, 2007 at 08:06:39PM +0530, Girish Venkatachalam wrote:
   pf(4) can do this. I have a diff with me but if I send it in the present
   state, then Theo will catch my neck. :)
   
   I should be able to submit a diff soon. I need to modify it to meet the
   high standards of OpenBSD...
   
  
  i'm sure that somebody told you about the reason to reject these patches:
  
  it does not belong into the kernel!
 
 well. depends. if it is reasonably small and obvious it might be ok.

it must look at the control message on TCP/1723 and translate CallID;
then it must look at the session packets (GRE/proto 47) and translate
CallID the same way.

the parts handling control messages probably belong in userland and
they can add translation rules to an anchor like ftp-proxy does, but
that would need a change to PF so that you can tell it to translate
CallID for GRE packets (like you can tell it to translate port for
TCP/UDP).

http://blogs.isaserver.org/pouseele/2007/06/17/multiple-pptp-vpn-clients-behind-a-nat-device/

making ftp-proxy load balance using route-to

[Siju George]

Hi,

I just happened to come across

http://pfsense.com/cgi-bin/cvsweb.cgi/tools/pfPorts/pftpx-routeto/

Just wondering if some work is done on our ftp-proxy to load balance
traffic between two or more external interfaces.
If not then I will start doing it :-)

Thank you so much

Kind Regards

Siju

Re: mutiple pptp pass-through PF

[Henning Brauer]

* Stuart Henderson [EMAIL PROTECTED] [2007-11-22 14:38]:
 On 2007/11/22 14:04, Henning Brauer wrote:
  * Reyk Floeter [EMAIL PROTECTED] [2007-11-22 13:11]:
   On Tue, Nov 20, 2007 at 08:06:39PM +0530, Girish Venkatachalam wrote:
pf(4) can do this. I have a diff with me but if I send it in the present
state, then Theo will catch my neck. :)

I should be able to submit a diff soon. I need to modify it to meet the
high standards of OpenBSD...

   
   i'm sure that somebody told you about the reason to reject these patches:
   
   it does not belong into the kernel!
  
  well. depends. if it is reasonably small and obvious it might be ok.
 
 it must look at the control message on TCP/1723 and translate CallID;
 then it must look at the session packets (GRE/proto 47) and translate
 CallID the same way.
 
 the parts handling control messages probably belong in userland and
 they can add translation rules to an anchor like ftp-proxy does, but
 that would need a change to PF so that you can tell it to translate
 CallID for GRE packets (like you can tell it to translate port for
 TCP/UDP).

sounds reasonable. but i have no idea how coplicated gre is or what it 
takes to translate callIDs.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: mutiple pptp pass-through PF

[Girish Venkatachalam]

On 13:04:56 Nov 22, Reyk Floeter wrote:
 
 i'm sure that somebody told you about the reason to reject these patches:
 
 it does not belong into the kernel!
 
 write a userland proxy.
 
 like ftp-proxy, tftp-proxy, hoststated, ...

Sure.

 
 how hard is it to understand?
 

It sure isn't.

 there are zillions of insane features in linux but we don't care - it
 is not the OpenBSD way of doing it. they do string operations like SIP
 parsing (which looks like HTTP) in the kernel. so what?
 

A million thanks for your kind advice.

Here is a promise. You shall have the patch from me sent to tech@ before
Dec 15.

A lot of poor souls have been asking this feature for years and  a lot
of sweat and blood has gone into my writing it. So I better try my best
to get it accepted into mainline pf at the earliest.

Thanks.

regards,
Girish

Journal des cadeaux d'entreprise : Editorial Décembre 2007

[Michelle Walter]

Si ce message ne s'affiche pas correctement, vous pouvez le visualiser en
suivant ce lien.

Retrouvez toutes nos nouveautis :

Dicouvrez notre silection festive et surprenante pour vos cadeaux de fin
d'annie. N'hisitez pas ` vous en inspirer pour remercier et fidiliser vos
clients.

Souvenirs sur icran... cadre photo numirique

La technologie est aujourd'hui indissociable du plaisir d'offrir. Ce
cadre photo digital propose de l'audio et de la vidio sur un icran
Multicouleur de 16 miga.

Phre Nokl aimanti

Incontournable Phre Nokl, ici diclini en porte mimo en mital brossi,
polie ou laqui.

Design d'excellence... Stylo personnalisi

Waterman continue de nous iblouir avec ce stylo plume dont la ligne
galbie rappelle la courbure d'une tige de bambou.

Parka 3 en 1... Textile publicitaire

Inspiri des tenues des plus grands navigateurs, Pen Duick propose ici un
blouson 3 en 1 admirablement complet : une parka et un blouson qui
s'assemblent afin d'adapter le vjtement aux tempiratures plus ou moins
froides.

Pour ne plus recevoir nos informations, suivez le lien

Re: nptd regression in 4.2

[frantisek holop]

hmm, on Wed, Nov 21, 2007 at 11:50:59AM +0100, Otto Moerbeek said that
 On Sat, Nov 17, 2007 at 05:37:17PM +0100, Otto Moerbeek wrote:
 
 So, did anybody test this?
 
   -Otto

i see the diff went in, sorry i'll test it asap.
thanks.

-f
-- 
dick drank, dick drove, dick died. don't be a dick.

Re: mutiple pptp pass-through PF

[Raja Subramanian]

On 11/22/07, Girish Venkatachalam [EMAIL PROTECTED] wrote:
 Here is a promise. You shall have the patch from me sent to tech@ before
 Dec 15.

Wow!  :-)

Every time I hit the pptp limitation, I start coding and a few hours later
give up in disgust.  Over many sittings, I've nearly completed the
userland pptp-proxy, and started on hacking the kernel pf to do a full
NAT on GRE using Call-IDs (in place of tcp/udp port numbers).  I have
not tested the kernel bit, but the userland stuff works okay.

I even started http://sourceforge.net/projects/pptp-proxy, and later
abandoned it.  The sourceforge code is ancient, don't use it, the latest
work was never committed.

Let me know if you want any of my code.

Should you decide to go with the userland pptp-proxy approach, it's
important to know that there's a bug in 4.2 that triggers a kernel dump
whenever you call pf ioctl PFIOCADDSTATE with bad args.  A fix for
this is available, but I doubt if its worked itself into CURRENT.

- Raja

Matlab 2007 b

[Kasper Revsbech]

Hey
I am trying to use Matlab 2007 b in openbsd 4.2. I have Linux support 
installed and enabled. I manged to fix the installer arch checking by 
providing my own small uname script. And have modified their  start 
script  to handle to output of openbsd uname.

But when I try to launch it it returns.
/matlab/bin/glnx86/MATLAB: error while loading shared libraries: 
libut.so: cannot enable executable stack as shared object requires: 
Permission denied


I have tied without their launch script to just run 
/matlab/bin/glnx86/MATLAB but that's the same.


To ensure Linux emul on the binary i made a file 
/matlab/bin/glnx86MATLAB with the following result:
/matlab/bin/glnx86/MATLAB: ELF 32-bit LSB executable, Intel 80386, 
version 1, for GNU/Linux 2.2.0, dynamically linked (uses shared libs), 
stripped


My user owns the directory and to be sure that it isn't permission probs 
I have also tied as root


Hope that anyone have some suggestions...


Kind regards:
Kasper Revsbech

Using PostgreSQL as an user database

[Alexander Schrijver]

Hi everybody,

I am trying to configure a virtual hosting system on OpenBSD, and I am
currently looking at the authentication and user lookup. I have
already normalized a PostgreSQL database which stores the users
amongst others. And i would like to use these users in OpenBSD.

As I understand their really is only one possibility to configure such
a setup and that is to select all the users from the PostgreSQL
database and create a bdb hash using pwd_mkdb (or any other compatible
tool). PostgreSQL has support for asynchronous notifications
(http://www.postgresql.org/docs/8.2/interactive/sql-listen.html) thus
it is possible to create a bdb whenever the user database is updated.
I was thinking about running the following scripts when postgreql
sends such an asynchronous notification.
$ script | pwd_mkdb /dev/stdin /etc/master.passwd

The script will output all the users in the same format as master.passwd.

Are there any other methods for doing this, or are there things I am
overlooking with this configuration?

Thanks,

Alexander Schrijver

Re: Hoststated and stickiness based on cookie strings

[Reyk Floeter]

ok, forget about this diff - i committed the first part (roundrobin)
but skipped the loadbalance part because it is wrong to look at the
client port in this case (because i want to provide session
persistence).

On Thu, Nov 22, 2007 at 12:51:10PM +0100, Reyk Floeter wrote:
 - please try the attached diff, it will fix the roundrobin mode by
 saving the last index and traversing to the next available host. 
 
 (you can also have a look at my little test program to verify the alg:
 http://team.vantronix.net/~reyk/q.c)
 
 - i'm also looking into improving the loadbalance mode. the attached
 diff includes the source port in loadbalance mode and the destination
 (relay) port in loadbalance and hash mode. make also sure that you
 feed in other variables if you want to get better results, for example
 
   request hash Host
 
 to feed the virtual hostname into the hash/loadbalance hash.
 
 reyk
 
 Index: hoststated.h
 ===
 RCS file: /cvs/src/usr.sbin/hoststated/hoststated.h,v
 retrieving revision 1.81
 diff -u -p -r1.81 hoststated.h
 --- hoststated.h  22 Nov 2007 10:09:53 -  1.81
 +++ hoststated.h  22 Nov 2007 11:45:00 -
 @@ -327,6 +327,7 @@ struct host {
   u_long   up_cnt;
   int  retry_cnt;
   struct ctl_tcp_event cte;
 + int  idx;
  };
  TAILQ_HEAD(hostlist, host);
  
 Index: relay.c
 ===
 RCS file: /cvs/src/usr.sbin/hoststated/relay.c,v
 retrieving revision 1.65
 diff -u -p -r1.65 relay.c
 --- relay.c   22 Nov 2007 10:09:53 -  1.65
 +++ relay.c   22 Nov 2007 11:45:01 -
 @@ -463,6 +463,7 @@ relay_init(void)
   if (rlay-dstnhosts = RELAY_MAXHOSTS)
   fatal(relay_init: 
   too many hosts in table);
 + host-idx = rlay-dstnhosts;
   rlay-dsthost[rlay-dstnhosts++] = host;
   }
   log_info(adding %d hosts from table %s%s,
 @@ -1876,10 +1877,14 @@ relay_hash_addr(struct sockaddr_storage 
   sin4 = (struct sockaddr_in *)ss;
   p = hash32_buf(sin4-sin_addr,
   sizeof(struct in_addr), p);
 + p = hash32_buf(sin4-sin_port,
 + sizeof(struct in_addr), p);
   } else {
   sin6 = (struct sockaddr_in6 *)ss;
   p = hash32_buf(sin6-sin6_addr,
   sizeof(struct in6_addr), p);
 + p = hash32_buf(sin6-sin6_port,
 + sizeof(struct in6_addr), p);
   }
  
   return (p);
 @@ -1903,7 +1908,7 @@ relay_from_table(struct session *con)
   case RELAY_DSTMODE_ROUNDROBIN:
   if ((int)rlay-dstkey = rlay-dstnhosts)
   rlay-dstkey = 0;
 - idx = (int)rlay-dstkey++;
 + idx = (int)rlay-dstkey;
   break;
   case RELAY_DSTMODE_LOADBALANCE:
   p = relay_hash_addr(con-in.ss, p);
 @@ -1933,6 +1938,8 @@ relay_from_table(struct session *con)
   fatalx(relay_from_table: no active hosts, desynchronized);
  
   found:
 + if (rlay-conf.dstmode == RELAY_DSTMODE_ROUNDROBIN)
 + rlay-dstkey = host-idx + 1;
   con-retry = host-conf.retry;
   con-out.port = table-conf.port;
   bcopy(host-conf.ss, con-out.ss, sizeof(con-out.ss));

Re: PCMCIA on a Toshiba A135-S4656 to use wi(4) with DWL-650 PCMCIA

[Unix Fan]

On a few systems I own, enabling ACPI and disabling APM seems to work on 
older systems, I needed to go into my BIOS and disable an option like PnP 
OS/Operating system. (By setting it to No/False..)



To try your system with ACPI, at the boot console.. Type the following.

UKC  disable apm

UKC enable acpi

UKC quit



I hope this works for you..

Re: OpenBGPD selecting wrong nexthop over openvpn tunnel

[Casey Ransom]

On Nov 22, 2007, at 2:42 AM, Henning Brauer wrote:


bgpctl show nexthop probably does not list tun0 for 10.8.1.2?
in the logs, you'll see a nexthop 10.8.1.2 now valid message, what
does it say exactly?


I do have tun0 listed in the nexthop:
gw0# bgpctl sh nexthop
Nexthop  State
10.8.1.2 valid tun0UP
gw0#

Regarding the 'now valid' messages, just cycles between these 2:
nexthop 10.8.1.2 now invalid
nexthop 10.8.1.2 now valid: via 10.8.1.248


-casey

Re: Matlab 2007 b

[Matthew Szudzik]

 But when I try to launch it it returns.
 /matlab/bin/glnx86/MATLAB: error while loading shared libraries: libut.so:
 cannot enable executable stack as shared object requires: Permission denied

I had exactly the same error with Mathematica (caused by the Intel Vector 
Math Library libvml.so).  I needed to apply this patch
 http://marc.info/?l=openbsd-miscm=119479722118605
to the OpenBSD source-code.

Re: mutiple pptp pass-through PF

[Girish Venkatachalam]

On 14:40:57 Nov 22, Henning Brauer wrote:
 sounds reasonable. but i have no idea how coplicated gre is or what it 
 takes to translate callIDs.

Take a look at my diff. I have already done all the work for you.

The only advantage with my design is the ease with which you can get it
working. No config changes, no userland stuff, no redirection, no
overhead, nothing.

The problem however is that something tells me deep inside my heart that
somewhere something is wrong. :)

You are the best judge.

Awaiting your speedy reply.

regards,
Girish

Re: mutiple pptp pass-through PF

[Girish Venkatachalam]

On 13:34:22 Nov 22, Stuart Henderson wrote:
 it must look at the control message on TCP/1723 and translate CallID;

Modulate, not translate. :) My terminology.

I am using arc4random() to generate unique callIDs that do not clash.
The callID is always set to zero by PPTP , hence this requirement.

( No more comments about M$ stuff :)

 then it must look at the session packets (GRE/proto 47) and translate
 CallID the same way.

Yes and maintain a mapping.

This is far more difficult than it first appears. You can see the diff
for what all needs to be done.

 
 the parts handling control messages probably belong in userland and
 they can add translation rules to an anchor like ftp-proxy does, but
 that would need a change to PF so that you can tell it to translate
 CallID for GRE packets (like you can tell it to translate port for
 TCP/UDP).
 
 http://blogs.isaserver.org/pouseele/2007/06/17/multiple-pptp-vpn-clients-behind-a-nat-device/

I think though it takes a lot of clever programming and even 
smarter design, I have a problem with maintaining the table in kernel. I
got it working perfectly a long time ago ( roughly a year ago) and I can
send the working diff right away if you want.

I am sure Henning is not going to like it. :)

Whether it is small or not is a matter of taste but if I were to do it
correctly I will do it the proxy rdr way.

The problem however with that approach is that there is a huge overhead
in passing packets between kernel to userland and back.

Here is the diff attached. If you like it commit it. :)

And bear in mind that I developed it against old code, so you might have
to do some tweaks.

If not I am more than willing to do it the right way.

Let me know your choice.

regards,
Girish
Index: pfvar.h
===
RCS file: /cvs/src/sys/net/pfvar.h,v
retrieving revision 1.242
diff -c -r1.242 pfvar.h
*** pfvar.h 13 Dec 2006 05:10:15 -  1.242
--- pfvar.h 12 Mar 2007 09:18:49 -
***
*** 2,7 
--- 2,8 
  
  /*
   * Copyright (c) 2001 Daniel Hartmeier
+  * Copyright (c) 2007 Girish Venkatachalam
   * All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
***
*** 936,941 
--- 937,943 
struct tcphdr   *tcp;
struct udphdr   *udp;
struct icmp *icmp;
+   struct gre_h *gre;
  #ifdef INET6
struct icmp6_hdr*icmp6;
  #endif /* INET6 */
***
*** 958,963 
--- 960,970 
sa_family_t  af;
u_int8_t proto;
u_int8_t tos;
+   u_int16_tmycallid;  /* PPTP lan call id */ 
+   u_int16_tpeercallid;/* PPTP remote call id */ 
+   struct pfpptp_head *pptph;
+
+ 
  };
  
  /* flags for RDR options */
***
*** 1351,1356 
--- 1358,1372 
int  pfiio_size;
int  pfiio_nzero;
int  pfiio_flags;
+ };
+ 
+ 
+ enum { PF_PPTP_MYID, PF_PPTP_PEERID };
+ 
+ struct pfpptp_call {
+   SLIST_ENTRY(pfpptp_call) next_call;
+   u_int16_t myid;
+   u_int16_t peerid;
  };
  
  
Index: pf.c
===
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.523
diff -c -r1.523 pf.c
*** pf.c22 Dec 2006 13:24:52 -  1.523
--- pf.c12 Mar 2007 09:18:01 -
***
*** 3,8 
--- 3,9 
  /*
   * Copyright (c) 2001 Daniel Hartmeier
   * Copyright (c) 2002,2003 Henning Brauer
+  * Copyright (c) 2007, Girish Venkatachalam
   * All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
***
*** 72,77 
--- 73,79 
  #include netinet/icmp_var.h
  #include netinet/if_ether.h
  
+ #include net/if_gre.h
  #include dev/rndvar.h
  #include net/pfvar.h
  #include net/if_pflog.h
***
*** 105,110 
--- 107,114 
  intaltqs_inactive_open;
  u_int32_t  ticket_pabuf;
  
+ SLIST_HEAD(pfpptp_head,pfpptp_call) pf_pptph;
+ 
  struct pf_anchor_stackframe {
struct pf_ruleset   *rs;
struct pf_rule  *r;
***
*** 163,168 
--- 167,176 
int, struct pfi_kif *, struct mbuf *, int,
void *, struct pf_pdesc *, struct pf_rule **,
struct pf_ruleset **, struct ifqueue *);
+ int  pf_test_gre_pptp(struct pf_rule **, struct pf_state 
**,
+   int , struct pfi_kif *, struct mbuf *, int,
+   void *, struct pf_pdesc *, struct pf_rule **,
+   struct pf_ruleset **, struct ifqueue *);
  intpf_test_other(struct pf_rule **, struct pf_state **,
   

Re: Using PostgreSQL as an user database

[Gilles Chehade]

On Thu, Nov 22, 2007 at 05:35:00PM +0100, Alexander Schrijver wrote:
 Hi everybody,
 
 I am trying to configure a virtual hosting system on OpenBSD, and I am
 currently looking at the authentication and user lookup. I have
 already normalized a PostgreSQL database which stores the users
 amongst others. And i would like to use these users in OpenBSD.
 
 As I understand their really is only one possibility to configure such
 a setup and that is to select all the users from the PostgreSQL
 database and create a bdb hash using pwd_mkdb (or any other compatible
 tool). PostgreSQL has support for asynchronous notifications
 (http://www.postgresql.org/docs/8.2/interactive/sql-listen.html) thus
 it is possible to create a bdb whenever the user database is updated.
 I was thinking about running the following scripts when postgreql
 sends such an asynchronous notification.
 $ script | pwd_mkdb /dev/stdin /etc/master.passwd
 
 The script will output all the users in the same format as master.passwd.
 
 Are there any other methods for doing this, or are there things I am
 overlooking with this configuration?
 
 Thanks,
 
 Alexander Schrijver
 

Hi Alexander,

I am not sure i understand exactly what you want, but if it involves
authenticating the users against the pgsql database, you may want to
take a look at this:

http://www.evilkittens.org/~gilles/loginpgsql.tar.gz

as well as to login.conf(5). I wrote this auth module for myself so
you'll need to edit the authenticate() function to set the proper
database informations.

I have another piece of code which updates master.passwd whenever
the accounts table is updated but it would need a lot of cleanup
before it is useable outside of my configuration ;-)

Gilles

-- 
Gilles Chehade
http://www.evilkittens.org/
http://www.evilkittens.org/blog/gilles/

Re: File collision while using pkg_add

[Nick Guenther]

On 11/22/07, Pieter Verberne [EMAIL PROTECTED] wrote:
 Hi all,

 I'm trying to install gnome-doc-utils :

 $ sudo pkg_add gnome-doc-utils
 perl: warning: Setting locale failed.
 perl: warning: Please check that your locale settings:
 LC_ALL = (unset),
 LC_CTYPE = en_US.UTF-8,
 LANG = (unset)
 are supported and installed on your system.
 perl: warning: Falling back to the standard locale (C).
 Collision: the following files already exist
 /usr/local/bin/gnome-doc-prepare (same md5)
 /usr/local/bin/gnome-doc-tool (same md5)
 /usr/local/bin/xml2po (same md5)
 /usr/local/lib/pkgconfig/gnome-doc-utils.pc (same md5)
 /usr/local/lib/pkgconfig/xml2po.pc (same md5)
 /usr/local/man/man1/xml2po.1 (same md5)
 /usr/local/share/aclocal/gnome-doc-utils.m4 (same md5)
 /usr/local/share/xml2po/xhtml.pyc (same md5)
 etc, etc, etc...
 /usr/sbin/pkg_add: fatal issues in  installing gnome-doc-utils-0.10.3p2
 $

 The Perl error just appeared today but it is no big deal for me right
 now. My problem is that I can't find any way in pkg_add(1) for dealing
 with this. There are just to many collision files to remove manually and
 I don't know how te make a script wich automaticly removes all these files.

 How should I handle this?


First, how did this happen? Is the package system out of sync, or did
you have a failed install?
Second, to deal with it: make a script to automatically remove the
files. Just pipe the output to a file, go in with your favourite
editor and delete everything before and after the filelists, and then
replace  (same md5) with , and then for file in `cat files`; do rm
file; done
Or just rm every file it lists by hand?

Re: Using PostgreSQL as an user database

[Alexander Schrijver]

On Nov 22, 2007 2:10 PM, Gilles Chehade [EMAIL PROTECTED] wrote:

 On Thu, Nov 22, 2007 at 05:35:00PM +0100, Alexander Schrijver wrote:
  Hi everybody,
 
  I am trying to configure a virtual hosting system on OpenBSD, and I am
  currently looking at the authentication and user lookup. I have
  already normalized a PostgreSQL database which stores the users
  amongst others. And i would like to use these users in OpenBSD.
 
  As I understand their really is only one possibility to configure such
  a setup and that is to select all the users from the PostgreSQL
  database and create a bdb hash using pwd_mkdb (or any other compatible
  tool). PostgreSQL has support for asynchronous notifications
  (http://www.postgresql.org/docs/8.2/interactive/sql-listen.html) thus
  it is possible to create a bdb whenever the user database is updated.
  I was thinking about running the following scripts when postgreql
  sends such an asynchronous notification.
  $ script | pwd_mkdb /dev/stdin /etc/master.passwd
 
  The script will output all the users in the same format as master.passwd.
 
  Are there any other methods for doing this, or are there things I am
  overlooking with this configuration?
 
  Thanks,
 
  Alexander Schrijver
 

 Hi Alexander,

 I am not sure i understand exactly what you want, but if it involves
 authenticating the users against the pgsql database, you may want to
 take a look at this:

 http://www.evilkittens.org/~gilles/loginpgsql.tar.gz

 as well as to login.conf(5). I wrote this auth module for myself so
 you'll need to edit the authenticate() function to set the proper
 database informations.

 I have another piece of code which updates master.passwd whenever
 the accounts table is updated but it would need a lot of cleanup
 before it is useable outside of my configuration ;-)

 Gilles

 --
 Gilles Chehade
 http://www.evilkittens.org/
 http://www.evilkittens.org/blog/gilles/


Oops, I meant to sent this to [EMAIL PROTECTED]

Hi Gilles,

This is exactly what I was looking for thanks :) ! didnt even know
this was possible.

Also, I would like to have the functions getpwnam and getgrname etc.
working with the users from postgres. Is this best method for doing
this to simply update the master.passwd with the records from
PostgreSQL?

thanks,

Alexander

Re: mutiple pptp pass-through PF

[Lars Noodén]

Beavis wrote:
 ... as soon as everybody is
 moved here we can easily let this pptp go...

Much relieved to know that.

Re: 5.1 sound card recommendation

[J.C. Roberts]

On Wednesday 21 November 2007, Alexandre Ratchov wrote:
 On Wed, Nov 21, 2007 at 01:12:38PM -0800, J.C. Roberts wrote:
  On Wednesday 21 November 2007, Nickolay A. Burkov wrote:
   Hello everyone!
  
   Do somebody have success with 5.1 sound ?
   If so, please recommend PCI Sound Card to work with OpenBSD
   4.2(-CURRENT).
  
   I have MARC'ed a bit but similar messages were  1 year ago.
   I'd like to think that something have been changed..
  
   Thank you for your time.
 
  For some strange reason I recall reading about some work being done
  on the Sound Blaster Audigy cards. Many of those cards are 5.1,
  6.1 or 7.1 surround sound.
 
  A quick search on openbsd audigy shows we've had support since
  3.9 but I'm not sure if this includes the surround sound features,
  or if it's just two channel?

 Older audigy cards based on EMU10K1 chips are supposed to work with
 the emu(4) driver, it's still two channel. Newer cards based on
 CA0106 will not work because there's no driver for the chip. The
 last time I've asked creative for documentation they didn't reply;
 since then, I've lost interest in these cards.

 -- Alexandre

Alexandre,

Off-list I was told that some of the older SoundBlaster Live cards 
will work in 5.1 mode including front/surround/centre/lfe control, but 
the off-list statement contradicts what you said earlier about no 5.1 
(or better) support?

I suspect you understand the code far better than most (including me).
:-)

Thanks,
JCR

Re: securing OpenBSD wireless network

[Jairo Souto]

Therefore is WEP+IPSec the current secure limit for a wlan
with OpenBSD as hostap and Windows-XP clients?

--Jairo Souto [EMAIL PROTECTED] (38)9968-3447


On Mon, Nov 19, 2007 at 03:08:29PM -0800, David Newman wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On 11/19/07 2:36 PM, Tonnerre LOMBARD wrote:
  Salut,
  
  On Mon, Nov 19, 2007 at 02:20:54PM -0800, David Newman wrote:
  There is some layer-2 stuff that happens before layer-3 handshaking
  begins -- 802.11 association and deassociation, possibly layer-2
  learning, and 802.1X authentication if that's used. IPSec will not and
  cannot secure any of this.
  
  Is there any need to secure that? In my local WLAN, you only have two
  ways of proceeding if you want internet access: a Tor router, or
  IPsec. 
 
 Before either of those processes begin, I can associate like crazy to
 your access point. That would ensure you never get Internet access, even
 without my flinging a single IP packet at you.
 
 I have a test tool that can associate 500 times to the same AP,
 appearing as 500 unique clients. In my experience, most APs crash and
 burn a long time before then -- and that's before seeing any IP traffic.
 
 Even if your AP is robust enough to handle a huge number of client
 associations, the chatty nature of the 802.11 protocol ensures the
 medium will be so full of management frames that you won't be able to
 send an IP packet. (I like to think of 802.11 as a technology that
 combines the worst aspects of Ethernet and token ring...)
 
 If you come in without IPsec, i.e. you cannot establish the IKE
  handshake, and if you don't us the Socks proxy Tor provides, you are
  trapped in a local network where noone except all of the laptops are.
  Sure thing, you can communicate with another unauthenticated laptop,
  but I don't care that much about this scenario, since it does not
  cause me any problems.
 
 Does not cause *you* problems != no leakage at L2
 
  Wireless LANs are a technology in which sensitive data may go in the
  clear at L2 before L3 gets started. In this case L2 security mechanisms
  such as WPA are appropriate, and do not rule out the use of
  complementary mechanisms like IPSec or SSL.
  
  What sensitive data do you see me exchange before IPsec connectivity
  is established?
 
 Well, for starters every 802.11 AP broadcasts its availability 10 times
 a second. And since 802.11 is a shared-access medium, you'll also see
 the first packet of every client's 802.1X auth exchange, as well as
 SSIDs of all available stations.
 
  
  Even if you don't care about authenticating or encrypting L2 data,
  there's still the issue of bandwidth and resource consumption at L2.
  802.11 is extremely chatty. Using WPA or (if you must) WEP to keep the
  airwaves free (well, to the extent possible) can help there.
  
  With a, that's not that much of a problem usually
 
 Probably true for your setup, definitely less true in other (and
 arguably most other large-scale) setups.
 
 Most APs consist of a dinky little CPU and a very little bit of memory,
 both easily swamped by doing too much work *just at layer 2.*
 
 Further, they have to contend for spectrum with other 802.11 stations,
 microwave ovens, Bluetooth devices, cordless phones, ham radios (that's
 for the far more popular 2.4-GHz spectrum used by 802.11b/g/n. The
 5.8-GHz spectrum used by 802.11a/n is much better, though still hardly
 pristine).
 
 Anything you can do to keep your AP's RF section free and clear will
 result in a better WLAN experience, where better means both faster
 and more secure.
 
 dn
 iD8DBQFHQhdsyPxGVjntI4IRAiehAJ48mn685Gk0VaQ/ui50Zg07LvpKTQCgsQaW
 iEhNeWGoplX7tIAAMCYKKgc=
 =/Guk
 -END PGP SIGNATURE-

Recommendations for a wireless USB adapter

[Erik Wikström]

Hello all,

Since the wireless card in my current router has stopped working I'm
taking the opportunity to make a major upgrade. Unfortunately the
computer I'm replacing it with only have one PCI-slot which I'll need
for the wired network. So I will need to use an USB adapter for the
wireless network and was wondering what people would recommend. I'm
hoping to be able to connect the computer in the garage so one with good
signal strength but not a directed one would be the best.

-- 
Erik WikstrC6m

Re: nptd regression in 4.2

[frantisek holop]

hmm, on Wed, Nov 21, 2007 at 11:50:59AM +0100, Otto Moerbeek said that
 So, did anybody test this?
 
   -Otto
 
  
  Index: client.c
  ===
  RCS file: /cvs/src/usr.sbin/ntpd/client.c,v
  retrieving revision 1.76
  diff -u -p -r1.76 client.c
  --- client.c1 May 2007 07:40:45 -   1.76
  +++ client.c17 Nov 2007 16:34:07 -
  @@ -123,7 +123,8 @@ client_query(struct ntp_peer *p)
  int tos = IPTOS_LOWDELAY;
   
  if (p-addr == NULL  client_nextaddr(p) == -1) {
  -   set_next(p, scale_interval(INTERVAL_QUERY_AGGRESSIVE));
  +   set_next(p, MAX(SETTIME_TIMEOUT,
  +   scale_interval(INTERVAL_QUERY_AGGRESSIVE)));
  return (0);
  }
   
  @@ -140,8 +141,8 @@ client_query(struct ntp_peer *p)
  if (errno == ECONNREFUSED || errno == ENETUNREACH ||
  errno == EHOSTUNREACH || errno == EADDRNOTAVAIL) {
  client_nextaddr(p);
  -   set_next(p,
  -   scale_interval(INTERVAL_QUERY_AGGRESSIVE));
  +   set_next(p, MAX(SETTIME_TIMEOUT,
  +   scale_interval(INTERVAL_QUERY_AGGRESSIVE)));
  return (-1);
  } else
  fatal(client_query connect);

my mirror still did not get this, so i applied manually.

first test case:
new ntpd installed

amaaq alias p
p='ps -u'
amaaq p -ax | grep ntpd
_ntp 18531  0.0  0.1   424   728 ??  Is 8:24PM0:00.06 ntpd: ntp eng
root 27267  0.0  0.1   480   776 ??  Ss 8:24PM0:00.01 ntpd: [priv]
amaaq sudo kill 27267
yank out ethernet cable, leave interface up, just curious
amaaq sudo /usr/sbin/ntpd -s
hangs, after couple of unsuccesful ^C's i put back ethernet cable,
 when line comes back up, terminates
^C^C^C^CTerminating


second test case:

amaaq p -ax | grep ntpd
f30100  0.0  0.0   628 4 p3  R+10:17PM0:00.00 grep ntpd (ks
amaaq sudo ifconfig rl0 down
amaaq sudo /usr/sbin/ntpd -s
after 10-15s i get back shell, ntpd running
ammaq
amaaq sudo sh /etc/netstart
finish mail ;-) 


so to conclude, when no active interface is present it works.
would it be also so trivial to fix the first test case?
or perhaps i just didn't wait long enough for a timeot?  

-f
-- 
a kick in the ass is a step forward.

Re: PE1950

[Stanislav Ovcharenko]

We have a few PE1950s and they all came with PERC5 but the new ones I've been 
quoting up are PERC6's. So it definitely a new addition. 
 
 PERC6 does not work yet with out mfi driver but I am also pretty sure
 those aren't really available yet.
 
I'm confused. So does it or does it not work with mfi driver?
 
thank you, Stas.


- Original Message 
From: Claer [EMAIL PROTECTED]
To: misc@openbsd.org
Sent: Thursday, November 22, 2007 3:44:01 AM
Subject: Re: PE1950

On Wed, Nov 21 2007 at 56:15, Marco Peereboom wrote:
 This machines works fine with 4.2.
 
 PERC6 does not work yet with out mfi driver but I am also pretty sure
 those aren't really available yet.

The last PE 1950 we bought (2 months ago) came with PERC 5. I heard that
new hardware should arrive near december for the PE 1950.


Claer

 On Wed, Nov 21, 2007 at 09:55:54AM -0800, Stanislav Ovcharenko wrote:
  Hello,
   
  I'm planning on running OpenBSD 4.2 on Dell Power Edge 1950.
   
  Question 1: How stable is it on x64 platform? I mean native 64 bit code. I 
  assume that x86 code will run just fine ...
  Question 2: Does anyone know if PERC 6 RAID controller is supported. The 
  hardware list says that it will work with PERC 5 and I'm wondering if the 
  same driver will detect and support the chipset on PERC 6 controller.
   
  Any feedback would be appreciated.
   
  Regards, Stas.


  

Be a better sports nut!  Let your teams follow you 
with Yahoo Mobile. Try it now.  
http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ

Re: 5.1 sound card recommendation

[Jacob Meuser]

On Thu, Nov 22, 2007 at 12:36:51PM -0800, J.C. Roberts wrote:
 On Wednesday 21 November 2007, Alexandre Ratchov wrote:
  On Wed, Nov 21, 2007 at 01:12:38PM -0800, J.C. Roberts wrote:
   On Wednesday 21 November 2007, Nickolay A. Burkov wrote:
Hello everyone!
   
Do somebody have success with 5.1 sound ?
If so, please recommend PCI Sound Card to work with OpenBSD
4.2(-CURRENT).
   
I have MARC'ed a bit but similar messages were  1 year ago.
I'd like to think that something have been changed..
   
Thank you for your time.
  
   For some strange reason I recall reading about some work being done
   on the Sound Blaster Audigy cards. Many of those cards are 5.1,
   6.1 or 7.1 surround sound.
  
   A quick search on openbsd audigy shows we've had support since
   3.9 but I'm not sure if this includes the surround sound features,
   or if it's just two channel?
 
  Older audigy cards based on EMU10K1 chips are supposed to work with
  the emu(4) driver, it's still two channel. Newer cards based on
  CA0106 will not work because there's no driver for the chip. The
  last time I've asked creative for documentation they didn't reply;
  since then, I've lost interest in these cards.
 
  -- Alexandre
 
 Alexandre,
 
 Off-list I was told that some of the older SoundBlaster Live cards 
 will work in 5.1 mode including front/surround/centre/lfe control, but 
 the off-list statement contradicts what you said earlier about no 5.1 
 (or better) support?
 
 I suspect you understand the code far better than most (including me).
 :-)

as far as the hardware, you may be able to control the speakers
separately with emu(4), cmpci(4) and possibly others.  if `mixerctl -a`
shows outputs.center, outputs.lfe, etc, then this could be possible.

however, the emu(4) and cmpci(4) low level drivers only support 1 or
2 channel input/output.  audio(4) itself does not restrict the number
of channels.

I think the bigger question is: what applications actually output more
than 2 audio channels?  none, afaik.  please let me know if there is
something I do not know about.

also, some devices support AC-3 pass-through.  that is, the devices
themselves decode (2.1, 5.1, 7.1) AC-3 audio streams, but this is not
supported in audio(4) nor in the low level drivers.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Recommendations for a wireless USB adapter

[Stuart Henderson]

On 2007/11/22 22:32, Erik Wikstrvm wrote:
 Since the wireless card in my current router has stopped working I'm
 taking the opportunity to make a major upgrade. Unfortunately the
 computer I'm replacing it with only have one PCI-slot which I'll need
 for the wired network. So I will need to use an USB adapter for the
 wireless network and was wondering what people would recommend. I'm
 hoping to be able to connect the computer in the garage so one with good
 signal strength but not a directed one would be the best.

I don't think any of the USB wireless adapters support automatic
transmit speed control for hostap, and antenna connection is always
a problem if you want a good signal. I don't think the USB options
are a particularly good choice for a full-time AP.

Possibly controversial but I think it might work better with the
wired ethernet on USB (url worked well for me, the aue I have wasn't
so good), wireless on PCI (I had best success with wi and acx for
hostap).

IPSEC Connection all gone passive?

[Runo Forrisdahl]

Hi,

I'm running 4.1 and today when I was updating ipsec.conf to add a new
VPN to problems hit me. Loading the new ipsec.conf with ipsecctl it
loaded all of the VPN in passive mode - passive. I didn't want passive
tunnels, I want them to be active.
After setting ike active esp their still loaded passive. Like this:

Nov 22 22:20:35 obsd41i386 isakmpd[23153]: connection_reinit: reinitializing
connection list
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: [Phase
2]:Connections-IPsec-192.168.5.129-192.168.0.22,IPsec-192.168.5.129-
192.168.0.27
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value
not found [IPsec-192.168.5.129-192.168.0.22]:Flags
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[IPsec-192.168.5.129-192.168.0.22]:Local-ID-lid-192.168.5.129
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[IPsec-192.168.5.129-192.168.0.22]:Remote-ID-rid-192.168.0.22
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[lid-192.168.5.129]:ID-type-IPV4_ADDR
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[lid-192.168.5.129]:Address-192.168.5.129
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value
not found [lid-192.168.5.129]:Protocol
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[rid-192.168.0.22]:ID-type-IPV4_ADDR
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[rid-192.168.0.22]:Address-192.168.0.22
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value
not found [rid-192.168.0.22]:Protocol
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: connection_record_passive: passive
connection IPsec-192.168.5.129-192.168.0.22 added
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value
not found [IPsec-192.168.5.129-192.168.0.27]:Flags
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[IPsec-192.168.5.129-192.168.0.27]:Local-ID-lid-192.168.5.129
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[IPsec-192.168.5.129-192.168.0.27]:Remote-ID-rid-192.168.0.27
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[lid-192.168.5.129]:ID-type-IPV4_ADDR
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[lid-192.168.5.129]:Address-192.168.5.129
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value
not found [lid-192.168.5.129]:Protocol
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[rid-192.168.0.27]:ID-type-IPV4_ADDR
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str:
[rid-192.168.0.27]:Address-192.168.0.27
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value
not found [rid-192.168.0.27]:Protocol
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: connection_record_passive: passive
connection IPsec-192.168.5.129-192.168.0.27 added
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value
not found [Phase 2]:Passive-Connections
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value
not found [General]:check-interval
Nov 22 22:20:35 obsd41i386 isakmpd[23153]: conf_get_str: configuration value
not found [General]:check-interval

From earlier I'm used to that isakmpd.conf pulls up the VPN's faster
them my terminal can display -D 0=99. Even trying to send traffic to
remote end didn't force tunnel negotiation. My head hurts after bashing
my head against the wall. If someone could hit me with a cluestick of
where to find my typo I would be gratefull man.
What really made me feel like a clueless batter was that I found out in
the prosess of googling that ipsec.conf alone does not provide aes with
256 keylength. I was left heavy chested as this could mean that I
neededd to walk into the dark corners of isakmpd.conf again.
So if I've found the rigth clues is this like the rigth way to do it?

[AES-SHA]
KEY_LENGTH=256,128:256

Do I need to do this on a pr SUITE in MAIN and QUICK that I want to use,
thus overriding the defaults?

--
Runo Fxrrisdahl -
Basefarm AS http://www.basefarm.no/

Re: nptd regression in 4.2

[Henning Brauer]

* frantisek holop [EMAIL PROTECTED] [2007-11-22 22:30]:
 my mirror still did not get this, so i applied manually.

ofcourse not, it wasnot commited but asked to be tested...

 first test case:
 new ntpd installed
 
 amaaq alias p
 p='ps -u'
 amaaq p -ax | grep ntpd
 _ntp 18531  0.0  0.1   424   728 ??  Is 8:24PM0:00.06 ntpd: ntp 
 eng
 root 27267  0.0  0.1   480   776 ??  Ss 8:24PM0:00.01 ntpd: [priv]
 amaaq sudo kill 27267
 yank out ethernet cable, leave interface up, just curious
 amaaq sudo /usr/sbin/ntpd -s
 hangs, after couple of unsuccesful ^C's i put back ethernet cable,
  when line comes back up, terminates
 ^C^C^C^CTerminating

there you run into the problem imentioned earlier, the dns requests 
block the parent

 second test case:
 
 amaaq p -ax | grep ntpd
 f30100  0.0  0.0   628 4 p3  R+10:17PM0:00.00 grep ntpd 
 (ks
 amaaq sudo ifconfig rl0 down
 amaaq sudo /usr/sbin/ntpd -s
 after 10-15s i get back shell, ntpd running
 ammaq
 amaaq sudo sh /etc/netstart
 finish mail ;-) 

there they don't and the reglar 15 second timeout kicks in

 so to conclude, when no active interface is present it works.
 would it be also so trivial to fix the first test case?

no.
as said, ihave an idea. maybe soon...

 or perhaps i just didn't wait long enough for a timeot?  

it will eventually timne out, but it might take quite some time...

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: 5.1 sound card recommendation

[Paul Irofti]

On Wed, Nov 21, 2007 at 09:23:52PM +0300, Nickolay A. Burkov wrote:
 Hello everyone!
 
 Do somebody have success with 5.1 sound ?
 If so, please recommend PCI Sound Card to work with OpenBSD 4.2(-CURRENT).
 
 I have MARC'ed a bit but similar messages were  1 year ago.
 I'd like to think that something have been changed..
 
 Thank you for your time.
 
Short answer, get another OS. Windows would be best for amateur sound
recording/processing/listening. I don't think the BSDs nor Linux we'll
see real 5.1 support for a good period of time. ALSA is trying something
at the moment but its very specific and broken most of the time, a
hassle really.

Re: Recommendations for a wireless USB adapter

[Jonathan Schleifer]

Erik WikstrC6m [EMAIL PROTECTED] wrote:

 So I will need to use an USB adapter for the
 wireless network and was wondering what people would recommend.

I'm using a D-Link DWL 122 without any problems. Works out of the box
on USB, plug it and use it. Even in AP mode.

--
Jonathan

Re: nptd regression in 4.2

[frantisek holop]

hmm, on Thu, Nov 22, 2007 at 10:37:39PM +0100, Henning Brauer said that
 * frantisek holop [EMAIL PROTECTED] [2007-11-22 22:30]:
  my mirror still did not get this, so i applied manually.
 
 ofcourse not, it wasnot commited but asked to be tested...

http://marc.info/?l=openbsd-cvsm=119572716112905w=2


  amaaq alias p
  p='ps -u'
  amaaq p -ax | grep ntpd
  _ntp 18531  0.0  0.1   424   728 ??  Is 8:24PM0:00.06 ntpd: ntp 
  eng
  root 27267  0.0  0.1   480   776 ??  Ss 8:24PM0:00.01 ntpd: 
  [priv]
  amaaq sudo kill 27267
  yank out ethernet cable, leave interface up, just curious
  amaaq sudo /usr/sbin/ntpd -s
  hangs, after couple of unsuccesful ^C's i put back ethernet cable,
   when line comes back up, terminates
  ^C^C^C^CTerminating
 
 there you run into the problem imentioned earlier, the dns requests 
 block the parent

is that a reason why ^C is not working?
is it possible to make it react to break with a signal handler?

-f
-- 
the world: a comedy for thinkers; a tragedy for feelers.

Re: securing OpenBSD wireless network

[Christian Weisgerber]

David Newman [EMAIL PROTECTED] wrote:

  There is some layer-2 stuff that happens before layer-3 handshaking
  begins -- 802.11 association and deassociation, possibly layer-2
  learning, and 802.1X authentication if that's used. IPSec will not and
  cannot secure any of this.
  
  Is there any need to secure that? In my local WLAN, you only have two
  ways of proceeding if you want internet access: a Tor router, or
  IPsec. 
 
 Before either of those processes begin, I can associate like crazy to
 your access point. That would ensure you never get Internet access, even
 without my flinging a single IP packet at you.

Duh.  It's a *radio* network.  Of course it can be DoS-ed.  WEP
doesn't change that.  In fact, popular attacks against WEP generate
massive L2 traffic.

-- 
Christian naddy Weisgerber  [EMAIL PROTECTED]

Re: 5.1 sound card recommendation

[Joel Wiramu Pauling]

**cough** OpenAL ( http://www.openal.org )

On 23/11/2007, Jacob Meuser [EMAIL PROTECTED] wrote:

 On Thu, Nov 22, 2007 at 12:36:51PM -0800, J.C. Roberts wrote:
  On Wednesday 21 November 2007, Alexandre Ratchov wrote:
   On Wed, Nov 21, 2007 at 01:12:38PM -0800, J.C. Roberts wrote:
On Wednesday 21 November 2007, Nickolay A. Burkov wrote:
 Hello everyone!

 Do somebody have success with 5.1 sound ?
 If so, please recommend PCI Sound Card to work with OpenBSD
 4.2(-CURRENT).

 I have MARC'ed a bit but similar messages were  1 year ago.
 I'd like to think that something have been changed..

 Thank you for your time.
   
For some strange reason I recall reading about some work being done
on the Sound Blaster Audigy cards. Many of those cards are 5.1,
6.1 or 7.1 surround sound.
   
A quick search on openbsd audigy shows we've had support since
3.9 but I'm not sure if this includes the surround sound features,
or if it's just two channel?
  
   Older audigy cards based on EMU10K1 chips are supposed to work with
   the emu(4) driver, it's still two channel. Newer cards based on
   CA0106 will not work because there's no driver for the chip. The
   last time I've asked creative for documentation they didn't reply;
   since then, I've lost interest in these cards.
  
   -- Alexandre
 
  Alexandre,
 
  Off-list I was told that some of the older SoundBlaster Live cards
  will work in 5.1 mode including front/surround/centre/lfe control, but
  the off-list statement contradicts what you said earlier about no 5.1
  (or better) support?
 
  I suspect you understand the code far better than most (including me).
  :-)

 as far as the hardware, you may be able to control the speakers
 separately with emu(4), cmpci(4) and possibly others.  if `mixerctl -a`
 shows outputs.center, outputs.lfe, etc, then this could be possible.

 however, the emu(4) and cmpci(4) low level drivers only support 1 or
 2 channel input/output.  audio(4) itself does not restrict the number
 of channels.

 I think the bigger question is: what applications actually output more
 than 2 audio channels?  none, afaik.  please let me know if there is
 something I do not know about.

 also, some devices support AC-3 pass-through.  that is, the devices
 themselves decode (2.1, 5.1, 7.1) AC-3 audio streams, but this is not
 supported in audio(4) nor in the low level drivers.

 --
 [EMAIL PROTECTED]
 SDF Public Access UNIX System - http://sdf.lonestar.org

Re: nptd regression in 4.2

[Henning Brauer]

* frantisek holop [EMAIL PROTECTED] [2007-11-22 23:02]:
 hmm, on Thu, Nov 22, 2007 at 10:37:39PM +0100, Henning Brauer said that
  * frantisek holop [EMAIL PROTECTED] [2007-11-22 22:30]:
   my mirror still did not get this, so i applied manually.
  
  ofcourse not, it wasnot commited but asked to be tested...
 
 http://marc.info/?l=openbsd-cvsm=119572716112905w=2
 
 
   amaaq alias p
   p='ps -u'
   amaaq p -ax | grep ntpd
   _ntp 18531  0.0  0.1   424   728 ??  Is 8:24PM0:00.06 ntpd: 
   ntp eng
   root 27267  0.0  0.1   480   776 ??  Ss 8:24PM0:00.01 ntpd: 
   [priv]
   amaaq sudo kill 27267
   yank out ethernet cable, leave interface up, just curious
   amaaq sudo /usr/sbin/ntpd -s
   hangs, after couple of unsuccesful ^C's i put back ethernet cable,
when line comes back up, terminates
   ^C^C^C^CTerminating
  
  there you run into the problem imentioned earlier, the dns requests 
  block the parent
 
 is that a reason why ^C is not working?
 is it possible to make it react to break with a signal handler?

it has a signal handler, which is kinda the problem (but then, not 
really).
there more Ilookat it there morei think we have to use a seperate 
processjust for the dns shit. the parent is just not allowed to block.
that sucks.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: 5.1 sound card recommendation

[Joel Wiramu Pauling]

err Linux / Alsa support 5.1 fine on a number of cards, have done for a long
time.



On 23/11/2007, Paul Irofti [EMAIL PROTECTED] wrote:

 On Wed, Nov 21, 2007 at 09:23:52PM +0300, Nickolay A. Burkov wrote:
  Hello everyone!
 
  Do somebody have success with 5.1 sound ?
  If so, please recommend PCI Sound Card to work with OpenBSD 4.2
 (-CURRENT).
 
  I have MARC'ed a bit but similar messages were  1 year ago.
  I'd like to think that something have been changed..
 
  Thank you for your time.

 Short answer, get another OS. Windows would be best for amateur sound
 recording/processing/listening. I don't think the BSDs nor Linux we'll
 see real 5.1 support for a good period of time. ALSA is trying something
 at the moment but its very specific and broken most of the time, a
 hassle really.

Re: 5.1 sound card recommendation

[Jacob Meuser]

On Fri, Nov 23, 2007 at 10:55:41AM +1300, Joel Wiramu Pauling wrote:
 **cough** OpenAL ( http://www.openal.org )

   On Wednesday 21 November 2007, Alexandre Ratchov wrote:
Newer cards based on
CA0106 will not work because there's no driver for the chip. The
last time I've asked creative for documentation they didn't reply

so, what about applications from vendors who actually care about
openness and don't require NDAs?

IMO OpenAL seems like a selling point for creative's hardware, which
they like to keep secrets about.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: 5.1 sound card recommendation

[Jacob Meuser]

On Fri, Nov 23, 2007 at 11:47:21AM +1300, Joel Wiramu Pauling wrote:
 err Linux / Alsa support 5.1 fine on a number of cards, have done for a long
 time.

err, for cards where a developer has signed an NDA?

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Recommendations for a wireless USB adapter

[Predrag Punosevac]

Erik WikstrC6m wrote:

Hello all,

Since the wireless card in my current router has stopped working I'm
taking the opportunity to make a major upgrade. Unfortunately the
computer I'm replacing it with only have one PCI-slot which I'll need
for the wired network. So I will need to use an USB adapter for the
wireless network and was wondering what people would recommend. I'm
hoping to be able to connect the computer in the garage so one with good
signal strength but not a directed one would be the best.

  

http://www.usr.com/support/product-template.asp?prod=1120

Works for me like a charm.

How to stop cwm

[Zoong PHAM]

How do I stop or get out of CWM?

So far I have to use Ctrl-Alt-Backspace.

My ~/.xinitrc is the same as /etc/X11/xinit/xinitrc except fvwm is
replaced with cwm.

TIA,
Zoong

Re: Firefox/Thunderbird ignore GTK2 font settings on OpenBSD

[Stefan Dengscherz]

J.C. Roberts schrieb:

On Thursday 22 November 2007, Stefan Dengscherz wrote:

Hello list,


I recently tried to configure the perfect font handling (at least
for me) on my OpenBSD desktop system. I want to setup fonts smaller
than a defined size not to be anti-aliased (I'm using ms-corefonts
and want to imitate the windows font- rendering mechanism).

This works perfectly with the font configuration files from PC-BSD.
Setting a corefont in ~/.gtkrc-2.0 also applies my special setting to
GTK widgets.

However, Firefox  Thunderbird seem to ignore the global GTK
settings, the fonts on the GTK widgets in these applications are
_always_ anti-aliased, apart from my defined settings. The fonts in
the html rendering area are rendered exactly as defined in my font
configuration, though.

I've created a screenshot: http://elybis.chaosnet.org/fonts.png

How can I force Firefox  Thunderbird to use my font configuration?


Regards,


If I understand you correctly, the fonts within the displayed web pages 
are correct according to what you want, but the application user 
interface fonts are not.


You want fonts smaller than X to not be anti-aliased in the 
firefox/thunderbird UI.


NOTE: You stated the reverse of the above, but since anti-aliasing makes 
a complete mess of small fonts, I suspect you want the reverse of what 
you said, namely disabling anti-aliasing on small fonts.


There are two things you can do to fix the matter:
1.) Over-ride the anti-aliasing in /etc/fonts/fonts.conf (or 
~/.fonts.conf) for small fonts (and/or specific font names).
2.) Force specific UI fonts/sizes via the UserChrome.css file for both 
firefox and thunderbird.


http://support.zenwalk.org/index.php/topic,132.0.html

Also, you might want to check out about:config in the firefox url bar 
and look up the font.antialias.min setting. This is most likely what 
is preventing anti-aliasing on small fonts, but I'm uncertain if it 
affects only displayed web pages, or web pages and the UI.


kind regards,
jcr


Hello J.C.,


Thanks for your quick answer.

Have a look at the image I posted; the slashdot site is rendered as I
want it, also the UI in pidgin has the correct font rendering, only
the Firefox UI seems to ignore my settings (fonts are still blurry,
although Firefox uses GTK2 too).

I already set my proper font configuration in /etc/fonts/local.conf
and .gtkrc-2.0. However Firefox UI seems to ignore it completely.

I've already played around with the font settings in about:config, but
they don't seem to affect the UI, just the html rendering engine.

I'll take a look ath the UserChrome.css options maybe there's some
switch to adjust.


Any other hints?


-sd

Re: securing OpenBSD wireless network

[David]

Does anyone know if there is WPA support for OpenBSD being worked on?
This would be nice.

David Newman wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/22/07 1:55 PM, Christian Weisgerber wrote:
  David Newman [EMAIL PROTECTED] wrote:
 
  There is some layer-2 stuff that happens before layer-3
handshaking
  begins -- 802.11 association and deassociation, possibly layer-2
  learning, and 802.1X authentication if that's used. IPSec will
not and
  cannot secure any of this.
  Is there any need to secure that? In my local WLAN, you only
have two
  ways of proceeding if you want internet access: a Tor router, or
  IPsec.
  Before either of those processes begin, I can associate like crazy to
  your access point. That would ensure you never get Internet
access, even
  without my flinging a single IP packet at you.
 
  Duh.  It's a *radio* network.  Of course it can be DoS-ed.  WEP
  doesn't change that.  In fact, popular attacks against WEP generate
  massive L2 traffic.
 

Yes. WPA is somewhat better (in that the better controller-based systems
have rate controls). Other than being better than nothing on really old
hardware, WEP is worthless.

dn
iD8DBQFHRk3LyPxGVjntI4IRApZlAJ44a3Um15XTftC6s7wlHXlWQOr/dwCg8ULI
dZSlpbIowhsNSj3aqcCkoT8=
=TjLE
-END PGP SIGNATURE-

Re: Installing OpenOffice on -current

[Amarendra Godbole]

On Nov 22, 2007 6:45 PM, Stuart Henderson [EMAIL PROTECTED] wrote:
 On 2007/11/22 18:20, Amarendra Godbole wrote:
  Is building from ports the only way to install OpenOffice on 4.2-current?
  I am unable to find OpenOffice package in the snapshots directory, so
  this seems to be the only way as of now.

 There's one in the latest i386 package snap (Nov 18), other arch
 should follow gradually.

  Oh, and the build broke last night because I ran out of space. OOo does
  need gigs of space to build (4G free in /usr, I read somewhere).

 Yeah, loads of space. I powered down my i386 build box due to
 electrical storms the other day and haven't put it back up yet so
 I can't check just what it needs.

OpenOffice 2.3.0 was built successfully on my laptop, after approximate
9 hrs. on my ThinkPad X60 (2G RAM, Intel Core 2 Duo processor). I built
a no_lang version. 9 hrs. was the build time needed only by OpenOffice,
haven't counted the other dependencies like jvm and all.

 In mk.conf you can set WRKOBJDIR_editors/openoffice=/usr/obj/ports
 (or choose somewhere else you have plenty of space). (I actually just
 have WRKOBJDIR=/usr/obj/ports for everything, it's easier to clean).

Thanks for an excellent tip. This solves most of my issues, as I have lot
of space in /home. In order to build openoffice, I had to relocate my
/usr/src, /usr/ports/packages, /usr/ports/distfiles, and w-openoffice-2.3.0
directory under /home. WRKOBJDIR now makes all this redundant.

-Amarendra

Re: Firefox/Thunderbird ignore GTK2 font settings on OpenBSD

[J.C. Roberts]

On Thursday 22 November 2007, Stefan Dengscherz wrote:
 Hello list,


 I recently tried to configure the perfect font handling (at least
 for me) on my OpenBSD desktop system. I want to setup fonts smaller
 than a defined size not to be anti-aliased (I'm using ms-corefonts
 and want to imitate the windows font- rendering mechanism).

 This works perfectly with the font configuration files from PC-BSD.
 Setting a corefont in ~/.gtkrc-2.0 also applies my special setting to
 GTK widgets.

 However, Firefox  Thunderbird seem to ignore the global GTK
 settings, the fonts on the GTK widgets in these applications are
 _always_ anti-aliased, apart from my defined settings. The fonts in
 the html rendering area are rendered exactly as defined in my font
 configuration, though.

 I've created a screenshot: http://elybis.chaosnet.org/fonts.png

 How can I force Firefox  Thunderbird to use my font configuration?


 Regards,

If I understand you correctly, the fonts within the displayed web pages 
are correct according to what you want, but the application user 
interface fonts are not.

You want fonts smaller than X to not be anti-aliased in the 
firefox/thunderbird UI.

NOTE: You stated the reverse of the above, but since anti-aliasing makes 
a complete mess of small fonts, I suspect you want the reverse of what 
you said, namely disabling anti-aliasing on small fonts.

There are two things you can do to fix the matter:
1.) Over-ride the anti-aliasing in /etc/fonts/fonts.conf (or 
~/.fonts.conf) for small fonts (and/or specific font names).
2.) Force specific UI fonts/sizes via the UserChrome.css file for both 
firefox and thunderbird.

http://support.zenwalk.org/index.php/topic,132.0.html

Also, you might want to check out about:config in the firefox url bar 
and look up the font.antialias.min setting. This is most likely what 
is preventing anti-aliasing on small fonts, but I'm uncertain if it 
affects only displayed web pages, or web pages and the UI.

kind regards,
jcr

Re: Firefox/Thunderbird ignore GTK2 font settings on OpenBSD

[J.C. Roberts]

On Thursday 22 November 2007, Stefan Dengscherz wrote:
 I've already played around with the font settings in about:config,
 but they don't seem to affect the UI, just the html rendering engine.


Yes. I'm fairly sure the about:config options *only* affect the HTML 
rendering and not the UI.

 I'll take a look ath the UserChrome.css options maybe there's some
 switch to adjust.

You can change the UI fonts with UserChrome.css -It's the only way that 
I know how to do it. 

Since you already do have anti-aliasing working, I figured I didn't need 
to mention it but what the heck... You should have the following 
defined and exported for anti-aliasing to work with gtk and qt.

GDK_USE_XFT=1
export GDK_USE_XFT
QT_XFT=1
export QT_XFT

Some people like to adjust specific elements of the firefox UI in 
different ways (as noted in the URL I previously posted by the element 
names) but personally, I just do a global change on everything in the 
UI with the following lines in my UserChrome.css file.

* {
  font-family: Terminus !important;
  font-size: 16pt !important;
  font-weight:600 !important;
}

Yep, it forces the above font on the entire UI. If your system/user font 
configuration is doing anti-aliasing on the specified font, then it is 
anti-aliased in the firefox UI (I don't use thunderbird).

Firefox, (and I suspect thunderbird) control its UI via XUL, so by 
default they ignore many/most settings in of your gtkrc-2.0 file.

http://www.xulplanet.com/tutorials/xultu/
http://www.xulplanet.com/references/elemref/ref_StyleProperties.html

Sadly, UserChrome is a work in progress, constantly changing and the 
docs *always* suck.
http://kb.mozillazine.org/Chrome_element_names_and_IDs
http://kb.mozillazine.org/UserChrome.css

There are settings within your gtkrc-2.0 file that firefox will use, in 
particular, settings for scroll bars and if you use them, 
effect 'engines' like xfce.

XUL and UserChrome can do some impressive things once you learn them, 
unfortunately, it means you'll be doing a lot of trial and error 
testing since the docs are just plain missing in most cases.

This is what I did...
http://www.designtools.org/files/firefox.png

kind regards,
jcr

Re: Azalia weirdness

[STeve Andre']

On Friday 23 November 2007 01:25:01 STeve Andre' wrote:
I recently got a T60p  ThinkPad to replace my A31p.  Lots of stuff
 works, but sound has proved to be a problem.  I can play MP3s, but
 with extremely low audio, barely there but from what I can hear it
 sounds OK.  This happens with both the speakers and headphones.

I suspect something isn't right since I get a time  out message
[snip]

Of course the act of posting this results in my figuring it out.

 mixerctl outputs.lineout=240,240

seems to have activated it, and  I'm listening Guardians of the
Earth on my headphones now. ;-)

Thanks to  Deanna and others for this.  I now have a mostly
functioning thinkpad once again...

--STeve Andre'

Firefox/Thunderbird ignore GTK2 font settings on OpenBSD

[Stefan Dengscherz]

Hello list,


I recently tried to configure the perfect font handling (at least for me) on
my OpenBSD desktop system. I want to setup fonts smaller than a defined size not
to be anti-aliased (I'm using ms-corefonts and want to imitate the windows font-
rendering mechanism).

This works perfectly with the font configuration files from PC-BSD. Setting a
corefont in ~/.gtkrc-2.0 also applies my special setting to GTK widgets.

However, Firefox  Thunderbird seem to ignore the global GTK settings, the fonts
on the GTK widgets in these applications are _always_ anti-aliased, apart from
my defined settings. The fonts in the html rendering area are rendered exactly
as defined in my font configuration, though.

I've created a screenshot: http://elybis.chaosnet.org/fonts.png

How can I force Firefox  Thunderbird to use my font configuration?


Regards,

-sd

remote Gnome OpenBSD 4.2 problems

[David H. Lynch Jr.]

I have been trying to establish an Xnest connection to an OpenBSD
4.2 machine without success.  
I do not care about security - in this particular application.

4.2 is using a newer Gnome and the config files are reorganized.
But they do not appear to be the names/locations as newer Gnome faqs
indicate either.

With comments snipped my /etc/X11/gdm/custom.conf is below. Yet my
Xnest never gets past the grey  checked background screen.
 I have no problem Xnest'ing to other systems.

[daemon]
RemoteGreeter=/usr/local/libexec/gdmlogin
[security]
AllowRemoteRoot=true
RelaxPermissions=2
DisallowTCP=false
[xdmcp]
Enable=true

Thanks.

-- 
Dave Lynch  DLA Systems
Software Development:Embedded Linux
717.627.3770   [EMAIL PROTECTED]  http://www.dlasys.net
fax: 1.253.369.9244Cell: 1.717.587.7774
Over 25 years' experience in platforms, languages, and technologies too 
numerous to list.

Any intelligent fool can make things bigger and more complex... It takes a 
touch of genius - and a lot of courage to move in the opposite direction.
Albert Einstein

Any OpenBSD users in Berlin?

[Siju George]

Hi,

If there are any OpenBSD users in Berlin could you please contact me
off list please?

Thank you so much :-)

Kind Regards

Siju

confused on openssl....

[badeguruji]

Hello all,

I am sorry to ask this dumb question here. but after
going thru several web-pages. i am not able to figure
out that:

where should i build my base directories to start
creating certificates for CA and http/imap server?
like for e.g should it be under /root/ssl/ private
crl certs...
or should be under /etc/ssl/
???

how important it is in light of security and
accessibility and convention - for applications to use
it?

I appreciate your advice.

Thank you.

BG


~~Kalyan-mastu~~

Re: securing OpenBSD wireless network

[André Braselmann]

On Thu, Nov 22, 2007 at 10:05:21PM -0800, David wrote:

 Does anyone know if there is WPA support for OpenBSD being worked on?
 This would be nice.
 

pkg_add wpa_supplicant 

??? Or did i misunderstand something?
--- 
Andri Braselmann

Azalia weirdness

[STeve Andre']

   I recently got a T60p  ThinkPad to replace my A31p.  Lots of stuff
works, but sound has proved to be a problem.  I can play MP3s, but
with extremely low audio, barely there but from what I can hear it
sounds OK.  This happens with both the speakers and headphones.

   I suspect something isn't right since I get a time  out message

azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 11
azalia0: RIRB time out
azalia0: codec[s]: Analog Devices AD1981HD, 0x/0x, using Analog 
Devices AD1981HD
audio0 at azalia0

Playing with audioctl and mixerctl I can't seem to change the volume.

Any ideas?  Relevant outputs of audioctl, mixerctl and dmesg  output
below.

Thanks, STeve Andre'

audioctl -a  
name=HD-Audio
version=1.0
config=azalia0
encodings=slinear_le:16,slinear_le:16
properties=full_duplex,independent
full_duplex=0
fullduplex=0
blocksize=384
hiwat=170
lowat=127
output_muted=0
monitor_gain=0
mode=
play.rate=8000
play.channels=1
play.precision=8
play.encoding=mulaw
play.gain=127
play.balance=32
play.port=0x0
play.avail_ports=0x0
play.seek=0
play.samples=0
play.eof=0
play.pause=0
play.error=0
play.waiting=0
play.open=0
play.active=0
play.buffer_size=65536
record.rate=8000
record.channels=1
record.precision=8
record.encoding=mulaw
record.gain=127
record.balance=32
record.port=0x0
record.avail_ports=0x0
record.seek=0
record.samples=0
record.eof=0
record.pause=0
record.error=0
record.waiting=0
record.open=0
record.active=0
record.buffer_size=65536
record.errors=0



mixerctl -a 
outputs.dac.source=hdaudio
outputs.lineout.source=dac2
outputs.lineout.mute=off
outputs.lineout=124,124
outputs.lineout=85,85
outputs.lineout.dir=output
outputs.lineout.boost=off
outputs.lineout.eapd=off
outputs.hp.source=dac2
outputs.hp.mute=off
outputs.hp=124,124
outputs.hp.boost=off
outputs.mono.mute=off
outputs.mono=124
outputs.mic=85,85
outputs.linein.source=dac2
outputs.linein.mute=off
outputs.linein=124,124
outputs.linein=85,85
outputs.linein.dir=output
inputs.sel.source=dac2
inputs.beep.source=beep
outputs.beep.mute=off
outputs.beep=119
outputs.sel3.mute=off
outputs.sel3=120,120
outputs.sel4.mute=off
outputs.sel4=120,120
outputs.sel5.mute=off
outputs.sel5=120,120
outputs.pow.source=beep
inputs.sel6.source=mix
outputs.sel6.mute=off
outputs.sel6=119,119
outputs.mic2.source=dac2
outputs.mic2.mute=off
outputs.mic2=124,124
outputs.mic2=85,85
outputs.mic2.dir=output
outputs.sel7.mute=off
outputs.sel7=120,120
outputs.sel8.mute=off
outputs.sel8=120,120
outputs.sel9.mute=off
outputs.sel9=120,120
outputs.speaker.mute=off
outputs.speaker=120,120
outputs.sel11.mute=off
outputs.sel12.mute=off
inputs.usingdac=03


dmesg -
OpenBSD 4.2-current (GENERIC) #79: Thu Nov 22 21:21:36 EST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM)2 CPU T7600 @ 2.33GHz (GenuineIntel 686-class) 2.33 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR
real mem  = 2145808384 (2046MB)
avail mem = 2067062784 (1971MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 09/19/07, BIOS32 rev. 0 @ 0xfd6b0, 
SMBIOS rev. 2.4 @ 0xe0010 (68 entries)
bios0: vendor LENOVO version 7IET31WW (1.12 ) date 09/19/2007
bios0: LENOVO 8741C5U
pcibios0 at bios0: rev 2.1 @ 0xfd640/0x9c0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #22 is the last bus
bios0: ROM list: 0xc/0x1 0xdc000/0x4000! 0xe/0x1!
acpi0 at mainbus0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT 
SSDT SSDT 
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) 
EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) 
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpi device at acpi0 from table DSDT not configured
acpi device at acpi0 from table FACP not configured
acpi device at acpi0 from table SSDT not configured
acpi device at acpi0 from table ECDT not configured
acpi device at acpi0 from table TCPA not configured
acpi device at acpi0 from table APIC not configured
acpi device at acpi0 from table MCFG not configured
acpihpet0 at acpi0 table HPET: 14318179 Hz
acpi device at acpi0 from table SLIC not configured
acpi device at acpi0 from table BOOT not configured
acpi device at acpi0 from table SSDT not configured
acpi device at acpi0 from table SSDT not configured
acpi device at acpi0 from table SSDT not configured
acpi device at acpi0 from table SSDT not configured
acpi device at acpi0 from table SSDT not configured
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)

Re: Azalia weirdness

[J.C. Roberts]

On Thursday 22 November 2007, STeve Andre' wrote:
 On Friday 23 November 2007 01:25:01 STeve Andre' wrote:
 I recently got a T60p  ThinkPad to replace my A31p.  Lots of
  stuff works, but sound has proved to be a problem.  I can play
  MP3s, but with extremely low audio, barely there but from what I
  can hear it sounds OK.  This happens with both the speakers and
  headphones.
 
 I suspect something isn't right since I get a time  out message

 [snip]

 Of course the act of posting this results in my figuring it out.

  mixerctl outputs.lineout=240,240

 seems to have activated it, and  I'm listening Guardians of the
 Earth on my headphones now. ;-)

 Thanks to  Deanna and others for this.  I now have a mostly
 functioning thinkpad once again...

 --STeve Andre'

STeve,

You also might want to look at this post.
http://archives.neohapsis.com/archives/openbsd/2007-11/0099.html

It suggests that some degree of resampling is needed for Azalia. Well,
at least it's supposedly needed when used in conjunction with aRtsd.
Sadly, I'm clueless what it's actually talking about but it came to mind
when reading your post.

kind regards,
JCR

Re: fxp changes between 4.2 and earlier releases causing stability problems?

[Josh]

 Will try test it today, cheers.

Henning Brauer wrote:

  * Josh   [EMAIL PROTECTED]   [2007-11-20 22:35]:

I am having large stability problems since running 4.2 as firewalls. I have 
1x fxp and 2x dual box fxp cards, and after a while, the boxes freeze up, 

Any suggestions/ideas?

  sounds like you hit the memory leak we just found  fixed.
  
  Index: pf.c
  ===
  RCS file: /cvs/src/sys/net/pf.c,v
  retrieving revision 1.564
  diff -u -p -r1.564 pf.c
  --- pf.c18 Nov 2007 21:53:47 -  1.564
  +++ pf.c22 Nov 2007 01:15:47 -
  @@ -816,6 +816,8 @@ pf_insert_state(struct pfi_kif *kif, str
  TAILQ_FOREACH(sp, cur-states, next)
  if (sp-kif == kif) {   /* collision! */
  pf_stateins_err(tree_lan_ext, s, kif);
  +   pf_detach_state(s,
  +   PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY);
  return (-1);
  }
  pf_detach_state(s, PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY);
  @@ -958,10 +960,8 @@ pf_src_tree_remove_state(struct pf_state
  u_int32_t timeout;
   
  if (s-src_node != NULL) {
  -   if (s-state_key-proto == IPPROTO_TCP) {
  -   if (s-src.tcp_est)
  -   --s-src_node-conn;
  -   }
  +   if (s-src.tcp_est)
  +   --s-src_node-conn;
  if (--s-src_node-states = 0) {
  timeout = s-rule.ptr-timeout[PFTM_SRC_NODE];
  if (!timeout)

Re: Recommendations for a wireless USB adapter

[Alexey Vatchenko]

On 2007-11-22, Jonathan Schleifer [EMAIL PROTECTED] wrote:
 Erik WikstrC6m [EMAIL PROTECTED] wrote:

 So I will need to use an USB adapter for the
 wireless network and was wondering what people would recommend.

 I'm using a D-Link DWL 122 without any problems. Works out of the box
 on USB, plug it and use it. Even in AP mode.

What driver does it use?

-- 
Alexey Vatchenko
http://www.bsdua.org
E-mail: [EMAIL PROTECTED]
JID: [EMAIL PROTECTED]

Re: securing OpenBSD wireless network

[Predrag Punosevac]

David wrote:

Does anyone know if there is WPA support for OpenBSD being worked on?
This would be nice.

  
There was a thread that I started a month ago unfortunately by 
mis-spelling WPA as (wap). One of the answers was posted
I think by a developer who is currently working on WPA for OpenBSD. The 
information was rather comprehensive and

I would just do harm by trying to repeat it.

Best,
Predrag

David Newman wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/22/07 1:55 PM, Christian Weisgerber wrote:
  

David Newman [EMAIL PROTECTED] wrote:

  

There is some layer-2 stuff that happens before layer-3
  

handshaking
  

begins -- 802.11 association and deassociation, possibly layer-2
learning, and 802.1X authentication if that's used. IPSec will
  

not and
  

cannot secure any of this.
  

Is there any need to secure that? In my local WLAN, you only
  

have two
  

ways of proceeding if you want internet access: a Tor router, or
IPsec.
  

Before either of those processes begin, I can associate like crazy to
your access point. That would ensure you never get Internet
  

access, even
  

without my flinging a single IP packet at you.
  

Duh.  It's a *radio* network.  Of course it can be DoS-ed.  WEP
doesn't change that.  In fact, popular attacks against WEP generate
massive L2 traffic.

  


Yes. WPA is somewhat better (in that the better controller-based systems
have rate controls). Other than being better than nothing on really old
hardware, WEP is worthless.

dn
iD8DBQFHRk3LyPxGVjntI4IRApZlAJ44a3Um15XTftC6s7wlHXlWQOr/dwCg8ULI
dZSlpbIowhsNSj3aqcCkoT8=
=TjLE
-END PGP SIGNATURE-

Re: securing OpenBSD wireless network

[David Newman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/22/07 1:55 PM, Christian Weisgerber wrote:
 David Newman [EMAIL PROTECTED] wrote:
 
 There is some layer-2 stuff that happens before layer-3 handshaking
 begins -- 802.11 association and deassociation, possibly layer-2
 learning, and 802.1X authentication if that's used. IPSec will not and
 cannot secure any of this.
 Is there any need to secure that? In my local WLAN, you only have two
 ways of proceeding if you want internet access: a Tor router, or
 IPsec. 
 Before either of those processes begin, I can associate like crazy to
 your access point. That would ensure you never get Internet access, even
 without my flinging a single IP packet at you.
 
 Duh.  It's a *radio* network.  Of course it can be DoS-ed.  WEP
 doesn't change that.  In fact, popular attacks against WEP generate
 massive L2 traffic.
 

Yes. WPA is somewhat better (in that the better controller-based systems
have rate controls). Other than being better than nothing on really old
hardware, WEP is worthless.

dn
iD8DBQFHRk3LyPxGVjntI4IRApZlAJ44a3Um15XTftC6s7wlHXlWQOr/dwCg8ULI
dZSlpbIowhsNSj3aqcCkoT8=
=TjLE
-END PGP SIGNATURE-

Re: Azalia weirdness

[Deanna Phillips]

STeve Andre' writes:

I recently got a T60p  ThinkPad to replace my A31p.  Lots of stuff
 works, but sound has proved to be a problem.  I can play MP3s, but
 with extremely low audio, barely there but from what I can hear it
 sounds OK.  This happens with both the speakers and headphones.

I suspect something isn't right since I get a time  out message

 azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 11
 azalia0: RIRB time out
 azalia0: codec[s]: Analog Devices AD1981HD, 0x/0x, using Analog 
 Devices AD1981HD
 audio0 at azalia0

 Playing with audioctl and mixerctl I can't seem to change the volume.

 Any ideas?  Relevant outputs of audioctl, mixerctl and dmesg  output
 below.

The 'RIRB time out' and zero codec ID are from probing an
unsupported codec, probably a modem.  Nothing serious.

I'm glad that you managed to get some sound out of it, but the
info you provided reveals a lot of wrong.  Notice the duplicate
mixer items and ones that make no sense, like selecting an input
source for the beep generator, or a power widget with a beep
connected to it.

Could you please build a kernel with this diff and 'option
AZALIA_DEBUG' in the config file, then mail me the dmesg? 
You could also mail the regular dmesg to [EMAIL PROTECTED]
Thanks!.

Index: azalia_codec.c
===
RCS file: /cvs/src/sys/dev/pci/azalia_codec.c,v
retrieving revision 1.43
diff -u -p -r1.43 azalia_codec.c
--- azalia_codec.c  21 Nov 2007 18:48:11 -  1.43
+++ azalia_codec.c  23 Nov 2007 07:25:34 -
@@ -164,8 +164,10 @@ azalia_codec_init_vtbl(codec_t *this)
case 0x11d41981:
/* http://www.analog.com/en/prod/0,2877,AD1981HD,00.html */
this-name = Analog Devices AD1981HD;
-   this-init_widget = azalia_ad1981hd_init_widget;
-   this-mixer_init = azalia_ad1981hd_mixer_init;
+   if (this-subid == AD1981HD_THINKPAD) {
+   this-init_widget = azalia_ad1981hd_init_widget;
+   this-mixer_init = azalia_ad1981hd_mixer_init;
+   }
break;
case 0x11d41983:
/* http://www.analog.com/en/prod/0,2877,AD1983,00.html */