Regression: Latest i386 Snapshot fails to boot on WRAP, OK on ALIX
The kernel 4.3 GENERIC#662 i386 from the latest snapshot fails to boot on WRAP, whereas it boots fine on ALIX and on other i386 machines. Whereas the kernel from the previous snapshot 4.3 GENERIC#661 i386 boots fine on WRAP and others, such as ALIX. PC Engines WRAP.1C/1D/1E v1.11 640 KB Base Memory 130048 KB Extended Memory 01F0 Master 044A CF 4GB Phys C/H/S 7866/16/63 Log C/H/S 983/128/63 Using drive 0, partition 3; Loading;... probing: pc0 com0 pci mem[640K 127M a20=on] disk: hd0 OpenBSD/i386 BOOT 3.01 - com0: 38400 baud switching console to com0 OpenBSD/i386 BOOT 3.01 boot booting hd0a:/bsd: 5924880+873540=0x67bdc8 entry point at 0x200120 Console output stops here with GENERIC#662 on WRAP and machine appears to hang until power cycled. Regards, Rolf
anoncvs.ca.openbsd.org - RSA host key has just been changed
Hi, Anybody knows if the key really changed or not ? The fingerprint for the RSA key sent by the remote host is e0:9d:c4:c0:31:7d:84:ec:67:9c:a3:7a:70:54:eb:20. Thanks. Rumen
Re: anoncvs.ca.openbsd.org - RSA host key has just been changed
Anybody knows if the key really changed or not ? The fingerprint for the RSA key sent by the remote host is e0:9d:c4:c0:31:7d:84:ec:67:9c:a3:7a:70:54:eb:20. It did change. The machine was reinstalled from scratch, in fact.
Re: IPSec tunnel problem
Hi What does the ipsec.conf entry on the Office gateway for the Home gateway look like? IP range of Home network? Are you trying to use the Home gateway as a relay to get into the Office net from other locations than from Home network? Do you have any NAT rules involved? ipsecctl -s all on Office and Home gateways before and after connection is established could shed some light. /m Alexey Vatchenko wrote: The problem is when home gateway establishes IPSec tunnel with office gateway, computers from office network cannot connect to office gateway (but they still can get Internet through the gateway). Here is what i do: Office network: 192.168.0.0/24 ipsec.conf: ike passive esp from 192.168.0.0/24 to any local egress dstid [EMAIL PROTECTED] psk xxx Home ipsec.conf: ike dynamic esp from any to 192.168.0.0/24 peer OFFICE_EXTERNAL_IP srcid [EMAIL PROTECTED] psk xxx So, please, shed some light on what i do wrong.
Re: pf tag/tagging and packages from localhost
Tags are for assigning trust between interfaces, for instance to prevent traffic from WWW DMZ from leaking into the trusted LAN. As the FW traffic is explicitly from the FW out a specified interface, as shown by your rule, then it doesn't need to have trust assigned to it as only one interface is involved. On 2/24/08, Stefan Schulze Frielinghaus [EMAIL PROTECTED] wrote: Hello, I'm running OpenBSD 4.2-stable on a firewall with four interfaces. The settings are relative strict and default everything is blocked (block log all). While beside the packet filter also spamd is running the localhost needs to update the blacklists via spamd-setup. A rule like this allows that: pass out quick on $ext_if inet proto tcp from ($ext_if) \ to any port http keep state But that rule makes me a headache. I can't use tagged (or at least I don't know how to do it) because packets from localhost don't run through an input chain and I can't tag them. If I had a rule that allows connections to machines listening at http port and I tag that rule (so packets passing through this input chain get tagged) the rule above would count because it does not have any tags and therefor it fits for any packet (tagged or not). But I would like to create a separate rule which uses tagged. Is there a way to limit this behavior? There are several other services I use at the firewall like DNS, NTP and so on. Best regards Stefan
Re: FOSDEM 23/24 Feb Brussels
On 22/02/2008, Andri Braselmann [EMAIL PROTECTED] wrote: AND the most signifant part of this country is: The highways used to be illuminated at night with a terrible orange light. But on the other side: The chocolate and the french fries and some beers of the different dozens are very good. So it's worth. Potverdekke: http://youtube.com/watch?v=uTqknJDZrlI http://www.starbug.net/2001/potverdekke.html
trunk failover without failing back to master port
Good day, I have two interfaces -- nfe0 on switch0 and nfe1 on switch1 are part of trunk0. Trunk failover from nfe0 to nfe1 works very well. No problems if switch 0 goes offline -- traffic goes through switch1 flawlessly. Once switch0 comes back online, traffic is disrupted for about 30 seconds. I would like traffic to continue through switch1 after switch0 is back online (or at least have a delay of 30 or 45 seconds before failing back to the master) and don't know how to do this. Is this possible? Should I be using ifstated for this in addition to trunk? Please let me know of any clues to resolving this. Thanks very much, Vijay -- Vijay Sankar, M.Eng., P.Eng. President CEO ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]
Re: Regression: Latest i386 Snapshot fails to boot on WRAP, OK on ALIX
On 2008-02-24, Rolf Sommerhalder [EMAIL PROTECTED] wrote: The kernel 4.3 GENERIC#662 i386 from the latest snapshot fails to boot on WRAP, whereas it boots fine on ALIX and on other i386 machines. Whereas the kernel from the previous snapshot 4.3 GENERIC#661 i386 boots fine on WRAP and others, such as ALIX. I couldn't find a copy of #662 but I don't see this with #663 on my WRAP... PC Engines WRAP.1C/1D/1E v1.11 640 KB Base Memory 130048 KB Extended Memory 01F0 Master 848A 64MB CHH Phys C/H/S 978/4/32 Log C/H/S 978/4/32 Using drive 0, partition 3; Loading;... probing: pc0 com0 pci mem[640K 127M a20=on] disk: hd0 OpenBSD/i386 BOOT 3.01 switching console to com0 OpenBSD/i386 BOOT 3.01 boot testbsd booting hd0a:testbsd: 5921584+873540 [52+307392+288398]=0x70c86c entry point at 0x200120* [ using 596216 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2008 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.3-beta (GENERIC) #663: Sat Feb 23 17:30:07 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled real mem = 133791744 (127MB) avail mem = 121454592 (115MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/08/05, BIOS32 rev. 0 @ 0xfc622 acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00 puc0 at pci0 dev 13 function 0 Oxford OXmPCI954 rev 0x00: ports: 3 com pccom3 at puc0 port 0 irq 12: st16650, 32 byte fifo pccom4 at puc0 port 1 irq 12: st16650, 32 byte fifo pccom5 at puc0 port 2 irq 12: st16650, 32 byte fifo Oxford OXmPCI954 Disabled rev 0x00 at pci0 dev 13 function 1 not configured sis0 at pci0 dev 14 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:0d:b9:04:92:d0 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 15 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 9, address 00:0d:b9:04:92:d1 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 16 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 11, address 00:0d:b9:04:92:d2 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00 gpio0 at gscpcib0: 64 pins NS SC1100 SMI rev 0x00 at pci0 dev 18 function 1 not configured pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: 64MB CHH wd0: 1-sector PIO, LBA, 61MB, 125184 sectors wd0(pciide0:0:0): using PIO mode 2 NS SCx200 AUDIO rev 0x00 at pci0 dev 18 function 3 not configured geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 wdstatus 0 isa0 at gscpcib0 isadma0 at isa0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 gscsio0 at isa0 port 0x2e/2: SC1100 SIO rev 1: ACB1 ACB2 iic0 at gscsio0 iic1 at gscsio0 lmtemp0 at iic1 addr 0x48: lm77 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console biomask e1ef netmask efef ttymask ffef nvram: invalid checksum softraid0 at root root on wd0a swap on wd0b dump on wd0b
Re: Updates for old releases
On Sat, Feb 23, 2008 at 10:44:21PM -0300, Antonio Lobato wrote: great! thank you all for the help. right now Im compiling the source for openbsd 4.0 stable (at least the last, since it is no linger maintained) I know it is better to use 4.2, but it does not depends only of my opnion, I'm configuring the firewall for a customer, and now I can at most make a advice. Tom You should tell the customer that 4.0 is no longer supported. Only 4.2 and 4.1 are supported. And in a couple of months when 4.3 is released, 4.1 will no longer be supported. This is in addition to the major improvements for firewall performance that are in 4.2 and have already been mentioned. Ken
Re: pf tag/tagging and packages from localhost
* Darren Spiteri [EMAIL PROTECTED] [2008-02-24 15:11]: Tags are for assigning trust between interfaces, for instance to prevent traffic from WWW DMZ from leaking into the trusted LAN. that is ONE use of them, but certaily not the only one. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Regression: Latest i386 Snapshot fails to boot on WRAP, OK on ALIX
I couldn't find a copy of #662 but I don't see this with #663 on my WRAP... I confirm that #663 also boots on my WRAP (and it also does on ALIX). The snapshot with #663 has not yet made it to the mirrors in Europe, thus I pulled just the kernel file bsd from the fan out server. Thanks for your heads up, Rolf
Re: IPSec tunnel problem
On Sat, Feb 23, 2008 at 05:47:18PM +0200, Alexey Vatchenko wrote: Hi guys! I'm trying to configure IPSec tunnel between home gateway and office gateway. Home gateway has dynamic IP, office gateway has static IP. The problem is when home gateway establishes IPSec tunnel with office gateway, computers from office network cannot connect to office gateway (but they still can get Internet through the gateway). Here is what i do: Office network: 192.168.0.0/24 ipsec.conf: ike passive esp from 192.168.0.0/24 to any local egress dstid [EMAIL PROTECTED] psk xxx Home ipsec.conf: ike dynamic esp from any to 192.168.0.0/24 peer OFFICE_EXTERNAL_IP srcid [EMAIL PROTECTED] psk xxx So, please, shed some light on what i do wrong. you need to declare a bypass flow on the side of the network where the router, presumably on 192.168.0.0/24 requires communication to the local network segment also on 192.168.0.0/24. It is probobly trying to send this across the tunneled wire, which won't reach its destination. Create a bypass for flows from 192.168 to 192.168, like so: flow esp from 192.168.0.0/24 to 192.168.0.0/24 type bypass
Re: rtorrent + OpenBSD = freeze
Well this bug wont get fixed. That's what Theo said months ago... :) http://www.nabble.com/Re:-kernel-5690:-system-crash-when-running-rtorrent-td14534018.html Or just browse the web using google. It's one of these I told you so they love me for. :-) Of course Henning and others will start trolling again and start telling you I've no clue (sure they're right. I'm no god, can't know everything..) but it was not my intention to flame here. I just wanted to show this bug is not new and that others knew about it for some months now. So you might compare it to the reports I submitted. Back then (if I remember correctly) I had two Broadcom (xl0) NICs. Also routing and co worked. Since I used another OS for Bittorrent I had no problems anymore (used rtorrent on the router back then..). And maybe somebody explains the Bug also in case it gets discovered. I'm sure it would be pretty interesting. Specialy if somebody who knows how free() works explains it... :-) Kind regards, Sebastian p.s. And if you ever wonder where my help is: I send it all to Theo back then... dmesgs and co. So please don't claim I never did anything. p.p.s If you feel the need to flame me mail me personaly. No need to mess up this thread...
Re: changing bash prompt escape sequences
$ cat .bash_profile ... export PS1=\l [EMAIL PROTECTED] # $ Then log back in. this really is basic stuff.. ;) (Use ksh, it's much better then bash... ) -Nix Fan.
Re: pf tag/tagging and packages from localhost
RE: LOCAL HOSTS DON'T... You can use the user or group criteria to identify the facility/service (daemon) and tag their packets accordingly. # pass in inet proto tcp from any to any port 80 \ user FacilityDaemonID tag MYTAG \ keep state ... pass out ... tagged MYTAG # You may be able to further refine the any/any criteria. -Original Message- From: Stefan Schulze Frielinghaus [EMAIL PROTECTED] To: misc@openbsd.org Subject: pf tag/tagging and packages from localhost Date: Sat, 23 Feb 2008 19:59:54 +0100 Mailer: Evolution 2.12.3 (2.12.3-1.fc8) Delivered-To: [EMAIL PROTECTED] But that rule makes me a headache. I can't use tagged (or at least I don't know how to do it) because packets from localhost don't run through an input chain and I can't tag them.
Re: changing bash prompt escape sequences
On Sat, Feb 23, 2008 at 10:35 PM, Jay Hart [EMAIL PROTECTED] wrote: I'll have to rescue the system if I can't login as root. If I lose my /usr/local filesystem, I've probably lost the drive too. I guess I have to ensure that I don't delete the bash package. In UNIX, it is always recommended not to change root's shell. This is because, especially on commercially available systems, you have to update the systems using whatever packages and assumptions built in. In free UNIX systems, it is also recommended for similar reasons. On top of that, if you screw up, you can't call in for support so you have to learn to know your system pretty well. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: changing bash prompt escape sequences
version a... export PS1=\l [EMAIL PROTECTED] # version b... export PS1=\l [EMAIL PROTECTED] \\$ B changes the # to be either $ or # per user's non-root/root status. -Original Message- From: Unix Fan [EMAIL PROTECTED] To: misc@openbsd.org Subject: Re: changing bash prompt escape sequences Date: 24 Feb 2008 08:54:19 -0800 Delivered-To: [EMAIL PROTECTED] $ cat .bash_profile ... export PS1=\l [EMAIL PROTECTED] # $ Then log back in. this really is basic stuff.. ;) (Use ksh, it's much better then bash... ) -Nix Fan.
anoncvs asking for password
All of a sudden when using cvs (via ssh) to update the src tree (following the instructions on http://openbsd.org/faq/faq5.html#Bld) I am prompted for a password. Several different mirrors same issue. What to do? -- Chris
Re: changing bash prompt escape sequences
scott wrote: version a... export PS1=\l [EMAIL PROTECTED] # version b... export PS1=\l [EMAIL PROTECTED] \\$ B changes the # to be either $ or # per user's non-root/root status. I was just using the line they provided... it's up to them to read the manual. -Nix Fan.
Re: anoncvs asking for password
On 24/02/2008, Chris Smith [EMAIL PROTECTED] wrote: All of a sudden when using cvs (via ssh) to update the src tree (following the instructions on http://openbsd.org/faq/faq5.html#Bld) I am prompted for a password. Several different mirrors same issue. anoncvs.ca.openbsd.org is being rebuild, and currently asks for password. You probably have it hardcoded into CVS/Root files, and so it may be used regardless of the server you specify in CVSROOT. What to do? find /usr/src -path */CVS/Root -exec rm {} \; C.
Re: anoncvs asking for password
On Sunday 24 February 2008, Constantine A. Murenin wrote: anoncvs.ca.openbsd.org is being rebuild, and currently asks for password. Also tried anoncvs1.usa.openbsd.org and anoncvs1.ca.openbsd.org (which apparently is the same host as anoncvs.ca.openbsd.org). Looks like waiting is the right idea. -- Chris
Re: anoncvs asking for password
On Sunday 24 February 2008, Alexander Hall wrote: Let the list readers know what you did so they can help you? I'll start: $ cd /usr/src ... You fill in the rest. :) # cd /usr/src # export [EMAIL PROTECTED]:/cvs # cvs -d$CVSROOT up -Pd Tree was previously checked out, and updates worked until yesterday when it (and anoncvs.usa.openbsd.org) started asking for a password. Thought to give a day and posted when the problem still existed today. -- Chris
Re: anoncvs asking for password
Chris Smith wrote: All of a sudden when using cvs (via ssh) to update the src tree (following the instructions on http://openbsd.org/faq/faq5.html#Bld) I am prompted for a password. Several different mirrors same issue. What to do? Let the list readers know what you did so they can help you? I'll start: $ cd /usr/src ... You fill in the rest. :) /alexander
OT: fully interconnect switches: interesting problem
Dear gentleman/madam, i was given 4 2724 dell powerconnect switches and only 6 patch cords. Besides that, i was given a challenge to connect them each other having a full interconnection schema (thanks my classes on graph theory, i could do it using only 6 patch cords). So, given any two switches there is a direct path between them. Instead of cascading, this approach avoid a single point of failure and allows, for instance, a uplink of 3 Gb/s between any given two switches and reduces patch cords usage (my graph edges in this scenario). The problem raises when i turn them on: After some time (from seconds to 1 or even 2 minutes) the switches go crazy. I cannot even ping the ip assigned to the switch i am connected directly not to mention a desktop located on another switch. Is there any configuration that could be done to allow such interconnection shema ? thanks in advance. PS: please, forgive me my OT message, but i am really desperated. Could some one point me a better list to place my message?
Re: OT: fully interconnect switches: interesting problem
On Sun, Feb 24, 2008 at 06:09:06PM -0300, John Nietzsche wrote: | Dear gentleman/madam, | | i was given 4 2724 dell powerconnect switches and only 6 patch cords. | Besides that, i was given a challenge to connect them each other | having a full interconnection schema (thanks my classes on graph | theory, i could do it using only 6 patch cords). So, given any two | switches there is a direct path between them. Instead of cascading, | this approach avoid a single point of failure and allows, for | instance, a uplink of 3 Gb/s between any given two switches and | reduces patch cords usage (my graph edges in this scenario). | | The problem raises when i turn them on: After some time (from seconds | to 1 or even 2 minutes) the switches go crazy. I cannot even ping the | ip assigned to the switch i am connected directly not to mention a | desktop located on another switch. Sounds like your switches are not configured to do (rapid) spanning tree... | Is there any configuration that could be done to allow such | interconnection shema ? Look up 'spanning tree' and see if you can configure it on them powerconnects (of course, after you learn what problem this solves and understand how it (if it) applies to your setup). Good luck ;) Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: OT: fully interconnect switches: interesting problem
Probably broadcast storm. Fastest way to fix the problem - single connect your switches, and don't loop the last back to the first. Then, learn how switches work. I only have a rudimentary understanding myself. On 2/24/08, John Nietzsche [EMAIL PROTECTED] wrote: Dear gentleman/madam, i was given 4 2724 dell powerconnect switches and only 6 patch cords. Besides that, i was given a challenge to connect them each other having a full interconnection schema (thanks my classes on graph theory, i could do it using only 6 patch cords). So, given any two switches there is a direct path between them. Instead of cascading, this approach avoid a single point of failure and allows, for instance, a uplink of 3 Gb/s between any given two switches and reduces patch cords usage (my graph edges in this scenario). The problem raises when i turn them on: After some time (from seconds to 1 or even 2 minutes) the switches go crazy. I cannot even ping the ip assigned to the switch i am connected directly not to mention a desktop located on another switch. Is there any configuration that could be done to allow such interconnection shema ? thanks in advance. PS: please, forgive me my OT message, but i am really desperated. Could some one point me a better list to place my message? -- Sent from Gmail for mobile | mobile.google.com http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: OT: fully interconnect switches: interesting problem
Did you configure STP, or are the switches figuring this out on their own? On Feb 24, 2008, at 1:09 PM, John Nietzsche wrote: Dear gentleman/madam, i was given 4 2724 dell powerconnect switches and only 6 patch cords. Besides that, i was given a challenge to connect them each other having a full interconnection schema (thanks my classes on graph theory, i could do it using only 6 patch cords). So, given any two switches there is a direct path between them. Instead of cascading, this approach avoid a single point of failure and allows, for instance, a uplink of 3 Gb/s between any given two switches and reduces patch cords usage (my graph edges in this scenario). The problem raises when i turn them on: After some time (from seconds to 1 or even 2 minutes) the switches go crazy. I cannot even ping the ip assigned to the switch i am connected directly not to mention a desktop located on another switch. Is there any configuration that could be done to allow such interconnection shema ? thanks in advance. PS: please, forgive me my OT message, but i am really desperated. Could some one point me a better list to place my message?
Re: changing bash prompt escape sequences
I will take your's and Nick's advice, and change root shell back to ksh. Thanks, Jay I have seen the following sort of remarks a couple of times this past week, yet I haven't seen them corrected. Nick Holland is such an excellent writer that, as often as not, you don't need to look at the sample code to follow his advice. That's not relevant in this case, except insofar as I cannot understand why more people don't spend more time with the FAQ (especially those who offer advice). On Sun, Feb 24, 2008 at 12:16:18PM -0500, bofh wrote: In UNIX, it is always recommended not to change root's shell. This is because ... In free UNIX systems, it is also recommended for similar reasons ... ... though there is no good reason not to in OpenBSD. Let's save the rest of http://www.openbsd.org/faq/faq10.html#rootshell for the curious reader. (That said, I second recommendations to just use ksh.)
Re: changing bash prompt escape sequences
I have seen the following sort of remarks a couple of times this past week, yet I haven't seen them corrected. Nick Holland is such an excellent writer that, as often as not, you don't need to look at the sample code to follow his advice. That's not relevant in this case, except insofar as I cannot understand why more people don't spend more time with the FAQ (especially those who offer advice). On Sun, Feb 24, 2008 at 12:16:18PM -0500, bofh wrote: In UNIX, it is always recommended not to change root's shell. This is because ... In free UNIX systems, it is also recommended for similar reasons ... ... though there is no good reason not to in OpenBSD. Let's save the rest of http://www.openbsd.org/faq/faq10.html#rootshell for the curious reader. (That said, I second recommendations to just use ksh.)
Re: changing bash prompt escape sequences
On Sun, Feb 24, 2008 at 04:53:35PM -0500, William Boshuck wrote: I have seen the following sort of remarks a couple of times this past week, yet I haven't seen them corrected. Nick Holland is such an excellent writer that, as often as not, you don't need to look at the sample code to follow his advice. That's not relevant in this case, except insofar as I cannot understand why more people don't spend more time with the FAQ (especially those who offer advice). On Sun, Feb 24, 2008 at 12:16:18PM -0500, bofh wrote: In UNIX, it is always recommended not to change root's shell. This is because ... In free UNIX systems, it is also recommended for similar reasons ... ... though there is no good reason not to in OpenBSD. Let's save the rest of http://www.openbsd.org/faq/faq10.html#rootshell for the curious reader. (That said, I second recommendations to just use ksh.) While technically correct, there are usually two people/release clever enough to have their server in some remote datacenter, upgrade over ssh, run into some package problem, uninstall them all to reinstall... Ooops, no more login, no more su etc. The mailinglist archives have amusing material on this :p
Re: changing bash prompt escape sequences
Only for fun: $ cat /etc/profile # sh/ksh initialization # add the same config is ssh access case PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin PS1=[EMAIL PROTECTED] [\w] [\t]\n\$ HISTFILE=.ksh_history HISTSIZE=500 [EMAIL PROTECTED]:/cvs PKG_PATH=ftp://ftp.irisa.fr/pub/OpenBSD/4.2/packages/amd64/ TERM=vt220 export PATH PS1 HISTFILE HISTSIZE PKG_PATH CVSROOT TERM umask 022 alias su='su -l' alias ll='ls -lah' alias rm='rm -i' if [ -n $SSH_CONNECTION ]; then PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin PS1=[EMAIL PROTECTED] [\w] [\t]\n\$ HISTFILE=.ksh_history HISTSIZE=500 [EMAIL PROTECTED]:/cvs PKG_PATH=ftp://ftp.irisa.fr/pub/OpenBSD/4.2/packages/amd64/ TERM=vt220 export PATH PS1 HISTFILE HISTSIZE PKG_PATH CVSROOT TERM umask 022 alias su='su -l' alias ll='ls -lah' alias rm='rm -i' fi Maybe it will be useful for someone. Maybe not. -- Thanks, Jordi Espasa Clofent
4.3-Beta solves issue with 4.2 bsd.mp
Hi Misc, Thanks for a great OS! I've just upgraded to 4.3-Beta (dmesg follows sig) which resolves an issue I was having with 4.2 - Generic worked okay but both 4.2 bsd.mp and a modified kernel with acpi enable were both causing a kernel crashes - the ps and trace from the 4.2 bsd.mp with acpi enable follow if it is of interest to anyone, but the issue has been resolved by 4.3-beta: uvm_fault(0xd627c178, 0x0, 0, 3) - e kernel: page fault trap, code=0 Stopped at eso_rev2model+0x38bd: addb%al,0(%eax) ddb{0} trace eso_rev2model(394414d0,80d8,32005800,270010d0,10d6) at eso_rev2model+0x38bd ddb{0} ps PID PPID PGRPUID S FLAGS WAIT COMMAND *25506478478 0 7 0x2004002ttyflags 478 1478 0 3 0x2004082 pause sh 15 0 0 0 3 0x2100200 crypto_wait crypto 14 0 0 0 3 0x2100200 aiodoned aiodoned 13 0 0 0 3 0x2100200 syncerupdate 12 0 0 0 3 0x2100200 cleaner cleaner 11 0 0 0 30x100200 reaperreaper 10 0 0 0 3 0x2100200 pgdaemon pagedaemon 9 0 0 0 3 0x2100200 pftm pfpurge 8 0 0 0 3 0x2100200 bored syswq 7 0 0 0 3 0x2100200 usbevtusb2 6 0 0 0 3 0x2100200 usbevtusb1 5 0 0 0 3 0x2100200 usbtskusbtask 4 0 0 0 3 0x2100200 usbevtusb0 3 0 0 0 3 0x2100200 bored syswq 2 0 0 0 3 0x2100200 kmalloc kmthread 1 0 1 0 3 0x2004080 wait init 0 -1 0 0 3 0x2080200 scheduler swapper ddb{0} ~ Thanks again for a great OS! Fred -- http://www.crowsons.com/puters/x41.htm dmesg: OpenBSD 4.3-beta (GENERIC.MP) #558: Thu Feb 21 15:53:39 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Pentium(R) III CPU family 1133MHz (GenuineIntel 686-class) 1.14 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267939840 (255MB) avail mem = 251088896 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 02/04/02, BIOS32 rev. 0 @ 0xfb380, SMBIOS rev. 2.3 @ 0xf0800 (43 entries) bios0: vendor Award Software International, Inc. version 6.00 PG date 02/04/2002 bios0: Supermicro P3TDDE acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC acpi0: wakeup devices USB0(S1) USB1(S1) USB2(S1) LAN0(S5) UAR1(S5) LPT1(S5) ECP1(S5) PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) III CPU family 1133MHz (GenuineIntel 686-class) 1.14 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpicpu1 at acpi0 acpitz0 at acpi0: critical temperature 100 degC acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0x8000 0xc8000/0xa800 0xd3000/0xa800 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT8633 PCI rev 0x01 agp0 at pchb0: v2, aperture at 0xf800, size 0x1000 ppb0 at pci0 dev 1 function 0 VIA VT8633 AGP rev 0x00 pci1 at ppb0 bus 1 puc0 at pci0 dev 7 function 0 NetMos 2S1P rev 0x01: ports: 2 com, 1 lpt pccom3 at puc0 port 0 apic 2 int 17 (irq 5): ns16550a, 16 byte fifo pccom4 at puc0 port 1 apic 2 int 17 (irq 5): ns16550a, 16 byte fifo lpt3 at puc0 port 2: interrupting at apic 2 int 17 (irq 5) vga1 at pci0 dev 8 function 0 SiS 6326 VGA rev 0x0b wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) fxp0 at pci0 dev 9 function 0 Intel 8255x rev 0x0d, i82550: apic 2 int 19 (irq 10), address 00:02:b3:ed:59:38 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 fxp1 at pci0 dev 13 function 0 Intel 8255x rev 0x08, i82559: apic 2 int 19 (irq 10), address 00:30:48:41:53:71 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 viapm0 at pci0 dev 17 function 0 VIA VT8233 ISA rev 0x00 iic0 at viapm0 spdmem0 at iic0 addr 0x50: 128MB SDRAM registered ECC PC133CL3 spdmem1 at iic0 addr 0x51: 128MB SDRAM registered ECC PC133CL2 spdmem2 at iic0 addr 0x52: 128MB SDRAM registered ECC PC133CL2 spdmem3 at iic0 addr 0x53: 128MB SDRAM registered ECC PC100CL3 pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA100, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: SanDisk SDCFB-128 wd0: 1-sector PIO, LBA, 122MB, 250880 sectors wd1 at pciide0 channel 0 drive 1: WDC WD800BB-00JHC0 wd1: 16-sector
Re: pf tag/tagging and packages from localhost
On 2/25/08, Henning Brauer [EMAIL PROTECTED] wrote: * Darren Spiteri [EMAIL PROTECTED] [2008-02-24 15:11]: Tags are for assigning trust between interfaces, for instance to prevent traffic from WWW DMZ from leaking into the trusted LAN. that is ONE use of them, but certaily not the only one. Please enlighten us then, Henning. What do you use tags for, routing? Why don't you update the doco with some examples?
Re: OT: fully interconnect switches: interesting problem
On 2/24/08, bofh [EMAIL PROTECTED] wrote: Probably broadcast storm. Fastest way to fix the problem - single connect your switches, and don't loop the last back to the first. He explained in his post that the multiple connections were to avoid single points of failure.
Re: PCI Gigabit card suggestion?
Thanks for the suggestions guys, I'll be getting a DLink DGE-530T sk(4) tomorrow, will be how it goes!
Re: pf tag/tagging and packages from localhost
On Mon, Feb 25 2008 at 06:11, Darren Spiteri wrote: On 2/25/08, Henning Brauer [EMAIL PROTECTED] wrote: * Darren Spiteri [EMAIL PROTECTED] [2008-02-24 15:11]: Tags are for assigning trust between interfaces, for instance to prevent traffic from WWW DMZ from leaking into the trusted LAN. that is ONE use of them, but certaily not the only one. Please enlighten us then, Henning. What do you use tags for, routing? Why don't you update the doco with some examples? For example, I use tags for QoS inside IPSEC. It's documented in ipsec.conf(5) Claer
Re: OT: fully interconnect switches: interesting problem
On Sun, Feb 24, 2008 at 7:36 PM, Matthew Dempsky [EMAIL PROTECTED] wrote: On 2/24/08, bofh [EMAIL PROTECTED] wrote: Probably broadcast storm. Fastest way to fix the problem - single connect your switches, and don't loop the last back to the first. He explained in his post that the multiple connections were to avoid single points of failure. And still, his quickest way to fix the problem is to single link them. His multiple connections are *causing failure* - which is what he was trying to avoid. Until he understands what he is working with, his network will continue to have issues. Is it better to have it go down all the time, or fix it quickly, and then *learn* what he needs to do, and schedule some time for testing and implementation? -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Blackhole / reject routes
Currently I'm blackholing and rejecting some traffic with route add -reject/-blackhole address 127.0.0.1; this works fine, but bounces all the rejected/blackholed traffic to the loopback interface. This behaviour is.. annoying, and possibly ineffecient. I'm probably searching for a null/blackhole/fake address/interface. I tried creating an unconfigred pseudo-device, slapping an IP address on it and routing it to there; it blackholes traffic effectively, but also blackholes traffic if you have a reject. What is a better way to reject/blackhole traffic in OpenBSD?
Re: pf tag/tagging and packages from localhost
That's an interesting and subtle use of PF tags, pity it's not in the PF doco. On 2/25/08, Claer [EMAIL PROTECTED] wrote: For example, I use tags for QoS inside IPSEC. It's documented in ipsec.conf(5)
More questions on building a release with a read only source tree
The FAQ describes two ways to build the kernel ( http://www.openbsd.org/faq/faq5.html#BldKernel ), # cd /usr/src/sys/arch/i386/conf # config GENERIC # cd ../compile/GENERIC # make clean make depend make or Variation on above process: Read-only source tree Sometimes, you may wish to ensure your /usr/src/sys directory remains untouched. This can be done by using the following process: $ cd /somewhere $ cp /usr/src/sys/arch/i386/conf/GENERIC . $ config -s /usr/src/sys -b . GENERIC $ make clean make depend make I would like make release to use the read only source tree variant above, how can I accomplish this? Right now, I see make release do: cd /home/4.2/src/etc/../sys/arch/amd64/conf config GENERIC Which is going to attempt to build the GENERIC kernel right there in my source tree. Also, I am having some other weird problem, due to the following logic in the Makefile.amd64 which contains: # source tree is located via $S relative to the compilation directory .ifndef S S!= cd ../../../..; pwd .endif AMD64= $S/arch/amd64 For some reason the above is setting my AMD64 to some weird path that is not correct on my system, namely: cd /home/4.2/src/etc/../sys/arch/amd64/conf config GENERIC GENERIC:13: cannot open ../../../../arch/amd64/conf/files.amd64 for reading: No such file or directory *** Error code 1 Stop in /home/4.2/src/etc (line 11 of etc.amd64/Makefile.inc). What is the point of the above, and how can I get the path correct for this build? Thanks, Don
Re: rtorrent + OpenBSD = freeze
Well this bug wont get fixed. That's what Theo said months ago... :) Yes. I found the thread where you bashed each other before I made my first post . I guess I'll go with FreeBSD or NetBSD instead. Daniel