Re: Kernel doesn't reclaim unused interface indexes?
On Wed, Mar 19, 2008 at 04:59:40PM -0700, Matthew Dempsky wrote: OpenBSD's currently limited to using interfaces with an index 32 for multicast, and on one of my machines I created and destroyed enough virtual interfaces during experimentation that some of the interfaces currently in use and that I would like to route multicast traffic to have indexes = 32. That's a bug in the multicast code that needs fixing. The simple solution is to reboot since I have fewer than 32 interfaces total, they'll renumber and everything will be fine. However, I saw if_attachsetup (in net/if.c) there's some code for looping through ifindex2ifnet twice to try to find an unused interface index, so I figured I could avoid rebooting by creating and destroying ~65000 virtual devices to wrap the counter, and then recreating the necessary interfaces so I could use them in multicast. Fortunately, I tested this idea first, because it actually leads to a kernel panic. :-) I somewhat expected that. Nobody ever expected the ifindex to wrap. A second somewhat closer look at the kernel's interface handling code gives me the impression that the ifnet structures are never freed, the ifindex2ifnet table is never zero'd out, and so that loop always results in a panic. Looking at the history on net/if.c, I see a commit comment from itojun that ifindex2ifnet could become NULL when interface gets destroyed, when we introduce dynamically-created interfaces, but this was four years ago and if_vlan has existed for 7 (though seemingly in a different form then). What does dynamically-created mean if not something like vlan/gif/carp/trunk? Is there anything major preventing ifindex2ifnet being cleared? (If it's just developer interest, it *looks* like it should be a straight-forward-enough fix that I'd be interested in trying to write a patch.) See attached diff which should help finding free slots (at least it helped in my case). It will only reuse the last if_index and not previous free slots. See if.c:if_attachsetup() use of the static if_index. The main issue with this diff is that ifindexes are reused and some userland apps (mainly SNMP) require that the ifindex is unique and not reused. I don't care about SNMP but I wanted to warn you about that. -- :wq Claudio Index: if.c === RCS file: /cvs/src/sys/net/if.c,v retrieving revision 1.168 diff -u -p -r1.168 if.c --- if.c5 Jan 2008 19:08:19 - 1.168 +++ if.c18 Jan 2008 22:08:33 - @@ -601,6 +601,7 @@ do { \ /* Announce that the interface is gone. */ rt_ifannouncemsg(ifp, IFAN_DEPARTURE); + ifindex2ifnet[ifp-if_index] = NULL; splx(s); }
Re: Kernel doesn't reclaim unused interface indexes?
On 3/20/08, Claudio Jeker [EMAIL PROTECTED] wrote: On Wed, Mar 19, 2008 at 04:59:40PM -0700, Matthew Dempsky wrote: OpenBSD's currently limited to using interfaces with an index 32 for multicast, and on one of my machines I created and destroyed enough virtual interfaces during experimentation that some of the interfaces currently in use and that I would like to route multicast traffic to have indexes = 32. That's a bug in the multicast code that needs fixing. Yeah, but in the mean-time I need a workaround. :-) Fortunately, I tested this idea first, because it actually leads to a kernel panic. :-) I somewhat expected that. Nobody ever expected the ifindex to wrap. Looks like at least markus@ did. ;-) See attached diff which should help finding free slots (at least it helped in my case). It will only reuse the last if_index and not previous free slots. See if.c:if_attachsetup() use of the static if_index. Cool. The main issue with this diff is that ifindexes are reused and some userland apps (mainly SNMP) require that the ifindex is unique and not reused. I don't care about SNMP but I wanted to warn you about that. I prefer SNMP giving bad results in extreme cases to a kernel panic. :-) Also, I suspect this might be necessary for correctness when IPv6 is used. Since ifindex2ifnet is used in the IPv6 code for choosing which interface a link-scoped address points to, and the ifnet struct is free()'d when the interface detaches, it looks like running (e.g.) 'ping6 fe80:100::1' after interface 256 has been destroyed would lead to undefined memory accesses. (Though I'm still learning how the networking stack works; maybe somewhere higher is able to identify that if_index is invalid even when ifindex2ifnet[if_index] != NULL.)
Re: BDB simple program compile problem
I used the line you gave and got the following error Actually I used gcc -I/usr/local/include/db -o t2 t2.c -l/usr/local/lib -ldb Got /usr/bin/ld: cannot find -l/usr/local/lib collect2: ld returned 1 exit status I'm running as root because the machine is not on the net and I'm just trying to get the code set up so I can move on with the program . I'm under a lot of preasure so I posted to the list I appologize if its of topic. But wanted to get your oppinion because a lot of people have trouble with it. I received the same error as below on a slackware system. I just though you might be able to respond to me and help me out this one time. I really need to get moving on this. I don't enjoy a nice life where I'm left alone to learn and study at my leasure :| I appologize for not knowing. LD keeps saying it can not find the path... I tried a number of combinatons but couldn't get it. You have always responded in the past and I was glad to see that you responded. I'v been searching the net and IRC for a long time trying to get going on this. Any help would be appreciate. I appologize for being off topic and under-learned. COMPILE OUTPUT- # cc t2.c Why, are you running this as root?.. /tmp//ccdm8869.o(.text+0x1c): In function `main': : undefined reference to `db_create' Isn't this message rather obvious? can you not read or something? /tmp//ccdm8869.o(.text+0x32): In function `main': : undefined reference to `db_strerror' collect2: ld returned 1 exit status You're not linking with the shared db library... $ gcc -I/usr/local/include/db4 -o t2 t2.cc -l/usr/local/lib -ldb Last time I checked, This mailing list isn't for people learning C.. Go buy yourself a book kid.. -Nix Fan.
Re: BDB simple program compile problem
../usr/bin/ld: cannot find -l/usr/local/lib Consider that a test.. or an example of my drunken state, regardless of that.. It's obvious that you have no experience with the options of the compiler.. You failed the test. ;) Change it to -L/usr/local/lib Read manual pages: gcc(1) and ld(1) for starters. Buy something from or something: http://www.amazon.com/ -Nix Fan.
Build openjdk7-b24 failed: Invalid maximum heap size: -Xmx-33m
It's a memory compute bug for small memory computers, e.g. 256MB. === Building for jdk-1.7.0.00 bsd i586 1.7.0-internal build started: 08-03-20 19:05 mkdir -p ./build/bsd-i586/j2sdk-image mkdir -p /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/j2sdk-image mkdir -p ./build/bsd-i586-fastdebug/j2sdk-image mkdir -p /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586-fastdebug/j2sdk-image /bin/sh: /NOT-SET/devtools/share/findbugs/latest/bin/findbugs: not found gmake[1]: Entering directory `/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/jdk/make' /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/jdk/make/common/shared/Sanity-Settings.gmk:117: WARNING: FINDBUGS_VER should not be empty [Sanity-Settings.gmk] gmake[2]: Entering directory `/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/jdk/make/tools/freetypecheck' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/jdk/make/tools/freetypecheck' gmake[1]: Leaving directory `/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/jdk/make' Build Machine Information: build machine = dev.g11n.org Build Directory Structure: CWD = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24 TOPDIR = . CONTROL_TOPDIR = . LANGTOOLS_TOPDIR = ./langtools JAXP_TOPDIR = ./jaxp JAXWS_TOPDIR = ./jaxws CORBA_TOPDIR = ./corba HOTSPOT_TOPDIR = ./hotspot JDK_TOPDIR = ./jdk Build Directives: BUILD_LANGTOOLS = true BUILD_JAXP = true BUILD_JAXWS = true BUILD_CORBA = true BUILD_HOTSPOT = true BUILD_JDK= true Hotspot Settings: HOTSPOT_BUILD_JOBS = 1 HOTSPOT_OUTPUTDIR = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/hotspot/outputdir HOTSPOT_EXPORT_PATH = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/hotspot/import Bootstrap Settings: BOOTDIR = /usr/local/jdk-1.6.0 ALT_BOOTDIR = /usr/local/jdk-1.6.0 BOOT_VER = 1.6 [requires at least 1.5] OUTPUTDIR = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586 ALT_OUTPUTDIR = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586 ABS_OUTPUTDIR = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586 Build Tool Settings: SLASH_JAVA = /NOT-SET ALT_SLASH_JAVA = VARIANT = OPT JDK_DEVTOOLS_DIR = /NOT-SET/devtools ALT_JDK_DEVTOOLS_DIR = ANT_HOME = /usr/local FINDBUGS_HOME = /NOT-SET/devtools/share/findbugs/latest UNIXCOMMAND_PATH = /bin/ ALT_UNIXCOMMAND_PATH = COMPILER_PATH = /usr/bin/ ALT_COMPILER_PATH = DEVTOOLS_PATH = /usr/bin/ ALT_DEVTOOLS_PATH = COMPILER_NAME = GCC COMPILER_VERSION = CC_VER = 3.3 [requires at least 3.2] ZIP_VER = 2.32 [requires at least 2.2] UNZIP_VER = 5.52 [requires at least 5.12] ANT_VER = 1.7 [requires at least 1.6.3] TEMPDIR = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/tmp Build Directives: OPENJDK = true USE_HOTSPOT_INTERPRETER_MODE = PEDANTIC = DEV_ONLY = NO_DOCS = true NO_IMAGES = TOOLS_ONLY = INSANE = COMPILE_APPROACH = parallel PARALLEL_COMPILE_JOBS = 2 ALT_PARALLEL_COMPILE_JOBS = FASTDEBUG = COMPILER_WARNINGS_FATAL = false COMPILER_WARNING_LEVEL = INCREMENTAL_BUILD = false CC_HIGHEST_OPT = -O3 CC_HIGHER_OPT = -O3 CC_LOWER_OPT = -O2 CXXFLAGS = -O2 -fPIC -DCC_NOEX -W -Wall -Wno-unused -Wno-parentheses -fno-omit-frame-pointer -D_LITTLE_ENDIAN CFLAGS = -O2-fno-strict-aliasing -fPIC -W -Wall -Wno-unused -Wno-parentheses -fno-omit-frame-pointer -D_LITTLE_ENDIAN BOOT_JAVA_CMD = /usr/local/jdk-1.6.0/bin/java -client -Xmx-33m -Xms-41m -XX:PermSize=32m -XX:MaxPermSize=96m BOOT_JAVAC_CMD = /usr/local/jdk-1.6.0/bin/javac -J-XX:ThreadStackSize=768 -J-client -J-Xmx-33m -J-Xms-41m -J-XX:PermSize=32m -J-XX:MaxPermSize=96m -encoding ascii BOOT_JAR_CMD = /usr/local/jdk-1.6.0/bin/jar BOOT_JARSIGNER_CMD = /usr/local/jdk-1.6.0/bin/jarsigner JAVAC_CMD = /usr/local/jdk-1.6.0/bin/java -client -Xmx-33m -Xms-41m -XX:PermSize=32m -XX:MaxPermSize=96m -Xbootclasspath/p:/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javac.jar -jar /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javac.jar -source 1.5 -target 5 -encoding ascii -Xbootclasspath:/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/classes JAVAH_CMD = /usr/local/jdk-1.6.0/bin/java -client -Xmx-33m -Xms-41m -XX:PermSize=32m -XX:MaxPermSize=96m -Xbootclasspath/p:/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javah.jar:/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javadoc.jar:/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javac.jar -jar /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javah.jar -bootclasspath /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/classes JAVADOC_CMD = /usr/local/jdk-1.6.0/bin/java -client -Xmx-33m -Xms-41m -XX:PermSize=32m -XX:MaxPermSize=96m
Re: using openbsd to make presentations
* Pau Amaro-Seoane [EMAIL PROTECTED] [2008-03-19 09:48]: Nice to see that such a thing exists... I was thinking of doing something similar by myself... nevertheless the installer of mathml seems to be a bit lame and I am a bit worried about the portability of the final file. Sometimes, as you know, you are asked to not plug in your laptop, so that speakers do not waste time trying to configure X and in those cases they ask you for a pdf (or even ppt, buerk!) file which they will copy over to the conference laptop... and then you refuse nad plug your own laptop. done that numerous times. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: IPv6 LAN - IPv4 Internet
* Jonathan Schleifer [EMAIL PROTECTED] [2008-03-19 15:29]: Barry Commander [EMAIL PROTECTED] wrote: I basically want the IPv6 clients on my LAN to be able to access IPv4 servers on the internet transparantly - the router doing the IPv6-IPv4/IPv4-IPv6 conversion. You'd have to use IPv4 inside then LAN and NAT at the router as well for that to properly work. There was some way to map IPv4 adresses inside the IPv6 space, but IIRC, there were some issues with it. yes, but that is totally unrelated. faithd is made for that purpose. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
NXP ISP1362 USB Controller
Is there any support for the NXP (formerly Philips) ISP1362 or similar USB controller in OpenBsd? Did not found anything so long even in NetSDB and FreeBSD. Thanks in advance David
Re: BDB simple program compile problem
I read the part on -l -L wow it finally made more sense, and compiled a bit before your response, thanks for your response. Thanks though really your turse and rude messages prompted me to read more. :) Cc -o t2 t2.c -L/usr/local/lib/db -ldb did work Your right I do have no experience that's why I e-mailed for help you drunk bastard :) It was quite amazing to wake up in the morning and read the man page... I don't dispute your insults :) Thanks again really I appreciate it -Mike -Original Message- From: Unix Fan [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2008 1:57 PM To: misc@openbsd.org Cc: [EMAIL PROTECTED] Subject: RE:BDB simple program compile problem ../usr/bin/ld: cannot find -l/usr/local/lib Consider that a test.. or an example of my drunken state, regardless of that.. It's obvious that you have no experience with the options of the compiler.. You failed the test. ;) Change it to -L/usr/local/lib Read manual pages: gcc(1) and ld(1) for starters. Buy something from or something: http://www.amazon.com/ -Nix Fan.
Re: NXP ISP1362 USB Controller
On Thu, Mar 20, 2008 at 12:59:32PM +0100, Vonarburg, David wrote: Is there any support for the NXP (formerly Philips) ISP1362 or similar USB controller in OpenBsd? Did not found anything so long even in NetSDB and FreeBSD. Thanks in advance David They should just work with the standard ohci/uhci/ehci etc interfaces, like nearly all the other usb chips out there.
Re: Installing apsfilter package fails
Thank you Preston. You said, If I remember correctly, you need to have the x-base package installed for the libiconv / gettext dependencies to be met. It's an issue with 4.2. How did you know that? Is there a source that I should reference that I'm not aware of to keep up on the latest idiosyncrasies, bugs, etc.??? Thanks, Ed
Re: using openbsd to make presentations
Hi, On Tue, Mar 18, 2008 at 05:45:26PM -0700, Predrag Punosevac wrote: As far as I know TeXLive will be regular package (you will not need to use ports) starting OpenBSD 4.3. This is only second Unix like system after Debian to have fully functional TeXLive thanks to Edd Baret porter of TeXLive for OpenBSD. On the last note I recommend that you install full TeXLive which is about 1Gb but includes all TeX/Latex features coded at the moment. I am not sure if the TeXLive base includes Powerdot. I would guess yes. Also can I add that the ConTeXt typesetter is available in TeXLive, which claims to do presentations too, although I have never tried it. ConTeXt puts more emphasis on page layout than any previous TeX compiler. To me it feels like arranging a HTML page using CSS. Also I there will be binary packages for 4.3, maybe even on the cdrom, I dont know. You can get binary packages for -current on the ftp servers, and I have backported to 4.2 for people who wish to use TeXLive on 4.2 , although the packages were made before Predrag found the powerdot bug. The fix is simple, see the patch on your ports tree: /usr/ports/print/texlive/texmf-minimal/patches/patch-texmf_dvips_config_config_ps (basically overwrite the old config.ps with the svn one) 4.2 packages for i386 and sparc64 here: http://students.dec.bmth.ac.uk/ebarrett/texlive/3rd/4.2 A good starting point for links to docs and examples for ConTeXt is: http://wiki.contextgarden.net Also my battery has died on my laptop (Thinkpad R50e), which I used to use for on the go TeXLive hackage. At the risk of sounding rude, can anyone make a donation or tell me to shut up atleast as I am not a developer with an @openbsd email address. Thats right, Im playing the student trumph card :) -- Best Regards Edd http://students.dec.bmth.ac.uk/ebarrett
Re: Installing apsfilter package fails
On Thu, Mar 20, 2008 at 07:43:10AM -0700, Ed Flecko wrote: [...] You said, If I remember correctly, you need to have the x-base package installed for the libiconv / gettext dependencies to be met. It's an issue with 4.2. How did you know that? Is there a source that I should reference that I'm not aware of to keep up on the latest idiosyncrasies, bugs, etc.??? This list for starters - that's where I learned about it... Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 You have to live on the edge of reality - to make your dreams come true!
Setting up an HP laserjet with apsfilter unknown printer error
Hi folks, I'm using apsfilter on OBSD 4.2, and trying to set up an HP LaserJet printer. I have an HP P2015DN and a 4240n, so printing to either one would be fine with me. After running apsfilter SETUP, here's my /etc/printcap file: lp|PSgs;r=300x300;q=medium;c=mono;p=letter;m=auto:\ :lp=:\ :rm=192.168.1.15:\ :rp=raw:\ :if=/etc/apsfilter/basedir/bin/apsfilter:\ :sd=/var/spool/lpd/lp:\ :lf=/var/spool/lpd/lp/log:\ :af=/var/spool/lpd/lp/acct:\ :mx#0:\ :sh: When I try and print a testpage, this is what I get: Printing test page... -rw-r--r-- 1 root wheel 924020 Mar 20 08:46 /tmp/apsfilter20397/test_page.aps lpr: [EMAIL PROTECTED]: unknown printer 0m0.00s real 0m0.00s user 0m0.00s system [ press RETURN to continue ] Can someone give me some tips on setting up a network printer? I thought setting up a network printer would be a snap with apsfilter, but it's not as easy as I thought. :-) Thanks, Ed
Re: Kernel doesn't reclaim unused interface indexes?
On Thu, Mar 20, 2008 at 09:12:44AM +0100, Claudio Jeker wrote: reused. I don't care about SNMP but I wanted to warn you about that. hey... :( but anyway, it shouldn't really matter when the if_index stays consistent as long as the interface exists. it is a dynamic interface, so i could live with reusing old if_indexs here. and the physical interfaces will keep one index during runtime. -- :wq Claudio Index: if.c === RCS file: /cvs/src/sys/net/if.c,v retrieving revision 1.168 diff -u -p -r1.168 if.c --- if.c 5 Jan 2008 19:08:19 - 1.168 +++ if.c 18 Jan 2008 22:08:33 - @@ -601,6 +601,7 @@ do { \ /* Announce that the interface is gone. */ rt_ifannouncemsg(ifp, IFAN_DEPARTURE); + ifindex2ifnet[ifp-if_index] = NULL; splx(s); }
Re: Installing apsfilter package fails
On Thu, Mar 20, 2008 at 07:43:10AM -0700, Ed Flecko wrote: Thank you Preston. You said, If I remember correctly, you need to have the x-base package installed for the libiconv / gettext dependencies to be met. It's an issue with 4.2. How did you know that? Is there a source that I should reference that I'm not aware of to keep up on the latest idiosyncrasies, bugs, etc.??? There actually is a source for this sort of thing. I think Nick puts a lot of time into it too. http://www.openbsd.org/faq/upgrade42.html l8rZ, -- andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED] BOFH excuse of the day: The Token fell out of the ring. Call us when you find it.
Intel 965GM just works (inspiron 1520)
Greetings, I've had this laptop for 6 months, and was unable to install -current due to the integrated webcam causing bsd.rd to hang. After sacking up and taking the monitor apart to unhook the webcam, I was able to put a recent snapshot (March 12), I found that running xorgconfig did no good. I would setup xorgconfig and use the Intel i810 driver, but it would fail to run X at all. This morning, I decided to start at square one. No xorgconfig, just run startx at the prompt, and to hell with it. Well, it Just Works. I even took 915resolution out of /etc/rc.securelevel, and it still runs at maximum resolution (1680x1050, 24bit color). No more configuring. No more trying to configure h/v refresh rates. I just wanted to thank all involved. I've included the dmesg below and the Xorg.0.log with no configuration. 915resolution is installed, but is not being ran by /etc/rc.securelevel. I have been a loyal member since 3.4, and buying since 3.6. I can't wait for the next release... Cheers, Bryan Brake dmesg.boot: --- OpenBSD 4.3 (GENERIC.MP) #587: Wed Mar 12 11:21:57 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz (GenuineIntel 686-class) 1.50 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR real mem = 1063272448 (1014MB) avail mem = 1020006400 (972MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 02/03/08, BIOS32 rev. 0 @ 0xffa10, SMBIOS rev. 2.4 @ 0xf7180 (45 entries) bios0: vendor Dell Inc. version A07 date 02/03/2008 bios0: Dell Inc. Inspiron 1520 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP HPET APIC MCFG SLIC BOOT SSDT acpi0: wakeup devices PCI0(S3) PCIE(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) EHC2(S3) EHCI(S3) AZAL(S3) RP01(S3) RP02(S3) RP03(S3) RP04(S3) RP05(S3) RP06(S3) LID_(S3) PBTN(S4) MBTN(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz (GenuineIntel 686-class) 1.50 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 3 (PCIE) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 11 (RP01) acpiprt3 at acpi0: bus 12 (RP02) acpiprt4 at acpi0: bus -1 (RP03) acpiprt5 at acpi0: bus 13 (RP04) acpiprt6 at acpi0: bus -1 (RP05) acpiprt7 at acpi0: bus -1 (RP06) acpiprt8 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C3 acpicpu1 at acpi0: C3 acpitz0 at acpi0: critical temperature 87 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: PBTN acpibtn2 at acpi0: SBTN acpiac0 at acpi0: AC unit offline acpibat0 at acpi0: BAT0 model DELL UW2807 serial 235 type LION oem Sanyo bios0: ROM list: 0xc/0xf000! 0xcf000/0x1000 cpu0: unknown Enhanced SpeedStep CPU, msr 0x0613092b0600092b cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1500 MHz (1388 mV): speeds: 1500, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel GM965 Host rev 0x0c agp0 at pchb0: aperture at 0xe000, size 0x800 vga1 at pci0 dev 2 function 0 Intel GM965 Video rev 0x0c wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel GM965 Video rev 0x0c at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x02: apic 2 int 20 (irq 10) uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x02: apic 2 int 21 (irq 9) ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x02: apic 2 int 22 (irq 7) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x02: apic 2 int 21 (irq 9) azalia0: codec[s]: Sigmatel/0x76a0, Conexant/0x2c06, using Sigmatel/0x76a0 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x02: apic 2 int 16 (irq 0) pci1 at ppb0 bus 11 ppb1 at pci0 dev 28 function 1 Intel 82801H PCIE rev 0x02: apic 2 int 17 (irq 0) pci2 at ppb1 bus 12 bwi0 at pci2 dev 0 function 0 Broadcom BCM4311 rev 0x01: apic 2 int 17 (irq 10), address 00:1d:60:40:27:a0 ppb2 at pci0 dev 28 function 3 Intel 82801H PCIE rev 0x02: apic 2 int 19 (irq 0) pci3 at ppb2 bus 13 uhci2 at pci0 dev 29 function 0 Intel 82801H USB rev 0x02: apic 2 int 20 (irq 10) uhci3 at pci0 dev 29 function 1 Intel 82801H USB rev 0x02: apic 2 int 21 (irq 9) uhci4 at pci0 dev 29 function 2 Intel 82801H USB rev 0x02: apic 2 int 22 (irq 7) ehci1 at pci0
Re: Setting up an HP laserjet with apsfilter unknown printer error
Ed Flecko wrote: To me your printcap file looks OK. Apsfilter has the option of installing network printer but there are other files besides printcap that need to be edited on the server and the client side. I also do not know your networks settings, the firewall settings and permissions. Instead of me talking too much this is the link to FreeBSD Handbook printing section which is also relevant for OpenBSD users. In particularly look at the section 9.4.3 of the chapter Advanced Printer Setup where client and server sides are treated in detail. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/printing.html Cheers, Predrag Hi folks, I'm using apsfilter on OBSD 4.2, and trying to set up an HP LaserJet printer. I have an HP P2015DN and a 4240n, so printing to either one would be fine with me. After running apsfilter SETUP, here's my /etc/printcap file: lp|PSgs;r=300x300;q=medium;c=mono;p=letter;m=auto:\ :lp=:\ :rm=192.168.1.15:\ :rp=raw:\ :if=/etc/apsfilter/basedir/bin/apsfilter:\ :sd=/var/spool/lpd/lp:\ :lf=/var/spool/lpd/lp/log:\ :af=/var/spool/lpd/lp/acct:\ :mx#0:\ :sh: When I try and print a testpage, this is what I get: Printing test page... -rw-r--r-- 1 root wheel 924020 Mar 20 08:46 /tmp/apsfilter20397/test_page.aps lpr: [EMAIL PROTECTED]: unknown printer 0m0.00s real 0m0.00s user 0m0.00s system [ press RETURN to continue ] Can someone give me some tips on setting up a network printer? I thought setting up a network printer would be a snap with apsfilter, but it's not as easy as I thought. :-) Thanks, Ed
loadbalancing on OpeBsd
I try to implement loadbalacing using two ISP's, with explanation from http://www.openbsd.org/faq/pf/pools.html Everything work well (except ftp), but i see with tcpdump, packets that outgoing on $ext_if1 from $ext_if2 and vice versa. Generally this are icmp request's. I don't understand why this happening because have last two rules (from web explanation), that prevent this situation. Even if i try to log packets for this rules, i don't see any packet. To be more clear, rules that prevent packet to outgoing on wrong interface are: pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any Still with this rules, i see with tcpdump packets that outgoing on wrong interface. Where is the problem?
Re: Setting up an HP laserjet with apsfilter unknown printer error
Hi, On Thu, Mar 20, 2008 at 4:05 PM, Ed Flecko [EMAIL PROTECTED] wrote: Hi folks, I'm using apsfilter on OBSD 4.2, and trying to set up an HP LaserJet printer. I have an HP P2015DN and a 4240n, so printing to either one would be fine with me. You did start lpd? I made this mistake with apsfilter once. -- Best Regards Edd http://students.dec.bournemouth.ac.uk/ebarrett
Re: loadbalancing on OpeBsd
I found myself in a similar situtation and just set all icmp to go out a single interface: pass in on $int_if route-to { ($dsl_2_if $dsl_2_gw) } proto { icmp } from any to any keep state And for incoming connections for ssh that go to a given interface I added these: pass in quick on $dsl_1_if reply-to ($dsl_1_if $dsl_1_gw) proto tcp Of course, my setup is different because I have certain protocol/host groups mapped to given interfaces..but hope this can help a little. On Thursday 20 March 2008 12:44:24 pm you wrote: I try to implement loadbalacing using two ISP's, with explanation from http://www.openbsd.org/faq/pf/pools.html Everything work well (except ftp), but i see with tcpdump, packets that outgoing on $ext_if1 from $ext_if2 and vice versa. Generally this are icmp request's. I don't understand why this happening because have last two rules (from web explanation), that prevent this situation. Even if i try to log packets for this rules, i don't see any packet. To be more clear, rules that prevent packet to outgoing on wrong interface are: pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any Still with this rules, i see with tcpdump packets that outgoing on wrong interface. Where is the problem?
openbsd game server
Hi All, I am thinking about running a game server for my daughter and her friends. Any suggestion for a multi-user (with a gui user end). Thanks. Arthur
Profitez des conditions privilégiées.
Liens utiles pour acchs direct aux sites didiis : Recevoir un spicimen et une plaquette par LA POSTE Commander ses places en payant par carte bancaire directement sur le site sicurisi Tilicharger la version PDF du tarif pour commander par tilicopie ou par courrier postal (chhque, CB, virement) Dipenser vos chhques cadeaux et bons d'achat multi enseigne pour recevoir des places de cinima en ichange NOUVEAU, PASS Foire du Trone 2008 jusque 50 % de riductions, une tombola ... [IMAGE] est une marque de [IMAGE] S.A.R.L. au capital de 32600⬠- R.C. Evry B 485070635 Til : 01 75 43 42 50 - Fax : 01 75 43 88 70 Pour ne plus recevoir d'information de notre part, cliquez ici
Re: loadbalancing on OpeBsd
Fratiman Vladut wrote: Everything work well (except ftp), but i see with tcpdump, packets that outgoing on $ext_if1 from $ext_if2 and vice versa. Generally this are icmp request's. I don't understand why this happening because have last two rules (from web explanation), that prevent this situation. Even if i try to log packets for this rules, i don't see any packet. To be more clear, rules that prevent packet to outgoing on wrong interface are: pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any ... 'route-to' needs to be used before the packet is routed, like on the 'pass in' rule. I have not noticed any problems load balancing ICMP. As for ftp-proxy, the _only_ way I can think of to LB proxied services (squid, ftp-proxy...) is to: A) Use -mpath (see man route) B) Run two proxies. Bind each to the different external IPs and different internal ports. Load balance incoming connections to the two different proxies. -Steve S.
Problems with socket created before fork() in multi-threaded application
Hi, ClamAV has changed to call fork() after creating its local socket. This causes weird behaviours when communicating on the socket [1] If fork() is called before creating the socket() it works. Is it safe to create a socket, fork(), and then call pthread_create() and read from the socket? It seems not to work, the thread gets stuck in pthread_mutex_lock(), and it is not woken up even after the mutex is free. Moving fork() before the socket avoids this. Is this intended behaviour or a bug? I found that calling non-async-signal-safe functions after fork() can cause problems on FreeBSD [2], is the situation the same on OpenBSD? I am using OpenBSD 4.2 GENERIC#375 i386. Thanks, --Edwin [1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=885 [2] http://lists.freebsd.org/pipermail/freebsd-hackers/2005-August/013310.html
Re: openbsd game server
Err, could you be a bit more specific? I have managed to build some openbsd-based game servers in the past, like QuakeWorld, Quake3, Counter-Strike, and the likes. Keep in mind that some game server binaries are only available for Linux, so you will have to turn on linux emulation. On Thu, Mar 20, 2008 at 5:32 PM, arthur [EMAIL PROTECTED] wrote: Hi All, I am thinking about running a game server for my daughter and her friends. Any suggestion for a multi-user (with a gui user end). Thanks. Arthur -- An OpenBSD user... and that's all you need to know =) Please, send private emails to [EMAIL PROTECTED]
Re: using openbsd to make presentations
ConTeXt is looking *very* nice. Nevertheless I do not find the sources for the many pdf examples of pragma... in the wiki you point at, there's written: --- If you're interested in presentations, your first stop should be the pragma website. You can download pdfs with the documented source-code of 18 presentation modules at http://www.pragma-ade.com/dir/general/sources/ --- still, I do not find any tex file there... are they hidden or am I blind? documented source-code is what I would like to see... 2008/3/20, Edd [EMAIL PROTECTED]: Hi, On Tue, Mar 18, 2008 at 05:45:26PM -0700, Predrag Punosevac wrote: As far as I know TeXLive will be regular package (you will not need to use ports) starting OpenBSD 4.3. This is only second Unix like system after Debian to have fully functional TeXLive thanks to Edd Baret porter of TeXLive for OpenBSD. On the last note I recommend that you install full TeXLive which is about 1Gb but includes all TeX/Latex features coded at the moment. I am not sure if the TeXLive base includes Powerdot. I would guess yes. Also can I add that the ConTeXt typesetter is available in TeXLive, which claims to do presentations too, although I have never tried it. ConTeXt puts more emphasis on page layout than any previous TeX compiler. To me it feels like arranging a HTML page using CSS. Also I there will be binary packages for 4.3, maybe even on the cdrom, I dont know. You can get binary packages for -current on the ftp servers, and I have backported to 4.2 for people who wish to use TeXLive on 4.2 , although the packages were made before Predrag found the powerdot bug. The fix is simple, see the patch on your ports tree: /usr/ports/print/texlive/texmf-minimal/patches/patch-texmf_dvips_config_config_ps (basically overwrite the old config.ps with the svn one) 4.2 packages for i386 and sparc64 here: http://students.dec.bmth.ac.uk/ebarrett/texlive/3rd/4.2 A good starting point for links to docs and examples for ConTeXt is: http://wiki.contextgarden.net Also my battery has died on my laptop (Thinkpad R50e), which I used to use for on the go TeXLive hackage. At the risk of sounding rude, can anyone make a donation or tell me to shut up atleast as I am not a developer with an @openbsd email address. Thats right, Im playing the student trumph card :) -- Best Regards Edd http://students.dec.bmth.ac.uk/ebarrett
[OT] Pursuing Management to adopt OpenBSD
I been trying (rather unsuccessfully) to convince various clients and employers to adopt OpenBSD. Most people, I find, are resistent to change and would not use anything they are not familiar with. Others would say that if I leave the job, it would be hard to find people who can use (or even heard of) OpenBSD and in some places Management never heard of OpenBSD and have very little clue as to how good or bad it is compared to Linux/ Solaris and Windows thus they will just knock off the proposal in 2 seconds. Is there any way I could convince these people to make the move to OpenBSD? Suggestions, tips and tricks along with real life examples would be much appreciated. Thanks.
Re: [OT] Pursuing Management to adopt OpenBSD
If they resist change, you have no hope. When I have implemented OpenBSD, it is because I needed to do something quickly, and am supporting it myself. I have set up DNS, reverse proxies, web servers, jabber, application (tomcat) servers, ntp, and others this way. War stories will never convince them. If you persist on going down this route, make sure you have a quote in hand for 24x7 support of OpenBSD as well. Also make sure you train the rest of the team. If they already know unix, it's easier, but you still need to train them. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: [OT] Pursuing Management to adopt OpenBSD
On 3/20/08, Chris [EMAIL PROTECTED] wrote: I been trying (rather unsuccessfully) to convince various clients and employers to adopt OpenBSD. Most people, I find, are resistent to change and would not use anything they are not familiar with. Others would say that if I leave the job, it would be hard to find people who can use (or even heard of) OpenBSD and in some places Management never heard of OpenBSD and have very little clue as to how good or bad it is compared to Linux/ Solaris and Windows thus they will just knock off the proposal in 2 seconds. Is there any way I could convince these people to make the move to OpenBSD? Suggestions, tips and tricks along with real life examples would be much appreciated. Thanks. Managers are all alike. Their priority is to save their asses, to have someone to blame in case of problems. That's why they spend a lot of money in big contracts with Big Companies and don't like to take any risk with software that doesn't have commercial support. I've been lucky, because wherever I have gone, the network is a mess. That gives me the justification to fix the problem with that wonderful, security-oriented and free tool called OpenBSD. After that, I've documented every maintenance task. That way your manager can be confident that, when a truck hits you, anyone can get the documentation and keep maintaining the thing. -- Gerardo Santana
trouble configuring snmpd
I try to configure snmpd in oreder to monitor traffic on openbsd. I use snmpconf, and configure only community name. The generated snmpd.conf look like this: ### # # snmpd.conf # # - created by the snmpconf configuration program # ### # SECTION: Access Control Setup # # This section defines who is allowed to talk to your running # snmp agent. # rocommunity: a SNMPv1/SNMPv2c read-only access community name # arguments: community [default|hostname|network/bits] [oid] rocommunity someone When i run snmpd in debug mode, i receive an error that say about syntax error into snmpd.conf at line where is defined community name. What is wrong?
Re: [OT] Pursuing Management to adopt OpenBSD
On 3/20/08, Gerardo Santana Gsmez Garrido [EMAIL PROTECTED] wrote: After that, I've documented every maintenance task. That way your manager can be confident that, when a truck hits you, anyone can get the documentation and keep maintaining the thing. Anyone with a Unix/Unix-like background, of course. The documentation should be dumbed down enough to find it easy to follow for these guys, which is not very difficult, given OpenBSD ease of use. -- Gerardo Santana
Re: [OT] Pursuing Management to adopt OpenBSD
Oh yeah, I almost implemented nedi at the last place too. That would have been sweet. On 3/20/08, bofh [EMAIL PROTECTED] wrote: If they resist change, you have no hope. When I have implemented OpenBSD, it is because I needed to do something quickly, and am supporting it myself. I have set up DNS, reverse proxies, web servers, jabber, application (tomcat) servers, ntp, and others this way. War stories will never convince them. If you persist on going down this route, make sure you have a quote in hand for 24x7 support of OpenBSD as well. Also make sure you train the rest of the team. If they already know unix, it's easier, but you still need to train them. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related -- Sent from Gmail for mobile | mobile.google.com http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
another spamd log question
Hi, Let us say I run a script which analyses the spamd log file saved more than 4 hours ago. Can I assume that the messages of the type: ...: ipaddress1: disconnected after X seconds. that do not specify a list and for which ipaddress1 is not whitelisted at the momentare spams caught by the greylist process? or are there some exceptions? Thanks for your comments. Regards, Jose. -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: [OT] Pursuing Management to adopt OpenBSD
On Thu, Mar 20, 2008 at 5:50 PM, Chris [EMAIL PROTECTED] wrote: I been trying (rather unsuccessfully) to convince various clients and employers to adopt OpenBSD. Most people, I find, are resistent to change and would not use anything they are not familiar with. Others would say that if I leave the job, it would be hard to find people who can use (or even heard of) OpenBSD and in some places Management never heard of OpenBSD and have very little clue as to how good or bad it is compared to Linux/ Solaris and Windows thus they will just knock off the proposal in 2 seconds. Is there any way I could convince these people to make the move to OpenBSD? Suggestions, tips and tricks along with real life examples would be much appreciated. Thanks. I'm in the same boat... Wondering the same things and looking for ways as well, especially with the clueless IT manager types that have only heard of Linux or Solaris at most. Now if only someone could write a book on how to sell free, OSS solutions like this (with a lot of focus on OpenBSD) I would be one of the first to pre-order it!
Re: [OT] Pursuing Management to adopt OpenBSD
On 20 Mar 2008 at 20:33, Richard Daemon wrote: On Thu, Mar 20, 2008 at 5:50 PM, Chris [EMAIL PROTECTED] wrote: I been trying (rather unsuccessfully) to convince various clients and employers to adopt OpenBSD. Most people, I find, are resistent to change and would not use anything they are not familiar with. Others would say that if I leave the job, it would be hard to find people who can use (or even heard of) OpenBSD and in some places Management never heard of OpenBSD and have very little clue as to how good or bad it is compared to Linux/ Solaris and Windows thus they will just knock off the proposal in 2 seconds. Is there any way I could convince these people to make the move to OpenBSD? Suggestions, tips and tricks along with real life examples would be much appreciated. Thanks. I'm in the same boat... Wondering the same things and looking for ways as well, especially with the clueless IT manager types that have only heard of Linux or Solaris at most. Now if only someone could write a book on how to sell free, OSS solutions like this (with a lot of focus on OpenBSD) I would be one of the first to pre-order it! There is no magic to selling OSS or for that matter, any kind of solution. Only two things ever sell. The first, easiest, default sale is brand name -- can anyone provide a _technical_ reason for any company to buy the over-priced AND under-powered CISCO iron? (and the older folks will remember the saying no-one ever got fired for buying IBM which finally died in the eighties.) There is a silver lining here for the successful consultant (whether outside or in-house expert) -- you make the sale by BECOMING the brand name, i.e. once you are accepted as THE expert, ANY solution you propose will sail. The second sale is that of opportunity and was described earlier on this thread by Gerardo Santana -- in certain engagements there is a genuine interest in solving a genuine problem, and you are given the freedom to choose your own tools (or rope to hang yourself if you over- reach). If you are successful at picking and solving these engagements, you eventually become a recognized expert -- see previous paragraph. - System Administrator[EMAIL PROTECTED] Bitwise Internet Technologies, Inc. 22 Drydock Avenue tel: (617) 737-1837 Boston, MA 02210 fax: (617) 439-4941
Re: [OT] Pursuing Management to adopt OpenBSD
Chris escreveu: I been trying (rather unsuccessfully) to convince various clients and employers to adopt OpenBSD. Most people, I find, are resistent to change and would not use anything they are not familiar with. Others would say that if I leave the job, it would be hard to find people who can use (or even heard of) OpenBSD and in some places Management never heard of OpenBSD and have very little clue as to how good or bad it is compared to Linux/ Solaris and Windows thus they will just knock off the proposal in 2 seconds. Is there any way I could convince these people to make the move to OpenBSD? Suggestions, tips and tricks along with real life examples would be much appreciated. Thanks. The enterprise i work on always made their firewall/proxy solutions using linux. The responsible was having trouble using the iproute2 voodoo to make 2 isp links to work. I then suggested using openbsd. I didn't had at the time knowledge to do that, but suggested it anyway, cause pf looked to me much simpler than iptables. When i learned that a single route-to statement would throw all the ip route + MARK shit on linux, i convinced the manager to use it on our clients. Nowadays we have lots of carp firewalls, and some clients with 2 or 3 isp's. Working with ifstated and a bunch of scripts to check link availability. This kind of thing is one way to convince. The other would be the EXPERT thing mentioned before. Today, i convince much more being an EXPERT than telling all the great things open is capable of. My regards, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: [OT] Pursuing Management to adopt OpenBSD
On Thu, Mar 20, 2008 at 5:50 PM, Chris [EMAIL PROTECTED] wrote: I been trying (rather unsuccessfully) to convince various clients and employers to adopt OpenBSD. Most people, I find, are resistent to change and would not use anything they are not familiar with. Others would say that if I leave the job, it would be hard to find people who can use (or even heard of) OpenBSD and in some places Management never heard of OpenBSD and have very little clue as to how good or bad it is compared to Linux/ Solaris and Windows thus they will just knock off the proposal in 2 seconds. Is there any way I could convince these people to make the move to OpenBSD? Suggestions, tips and tricks along with real life examples would be much appreciated. Thanks. Introducing a new operating system into an already working environment can be a tricky proposition -- politically even more than technically. If you want to bring in OpenBSD, look for specific needs that aren't being met by any existing systems, and show how OpenBSD can meet those needs. It probably won't be the main company server, at least at first. As it becomes more familiar, and the benefits become clear, management will be more open to expanding its role in the company. A few good resources: http://www.onlamp.com/pub/a/bsd/2001/10/18/Big_Scary_Daemons.html http://advocacy.daemonnews.org/ http://www.oreillynet.com/sysadmin/blog/2004/11/bsd_success_stories.html In the PDF linked from that last article, I'd look particularly at the success story that Michael Lehey describes with OpenBSD (starting on page 8), but also to the advocacy advice offered by Joe Warner (page 16): When I first started using FreeBSD, I was so amazed and taken with it that I could be heard preaching the BSD gospel almost every day. Keep in mind that most people will continue to use whichever operating system or application they are comfortable with. Don't be such an advocate that people become afraid to even mention the words 'FreeBSD','NetBSD', 'OpenBSD' or 'BSD' around you. Remember, the louder you are, the harder it can be to hear you. The phrase, 'Action speaks louder than words', certainly applies here. Quietly learn about the BSDs, how to use them, and offer the amazing demonstration when the opportunity presents itself.
Re: Problems with socket created before fork() in multi-threaded application
On Thu, Mar 20, 2008 at 3:01 PM, Tvrvk Edwin [EMAIL PROTECTED] wrote: ClamAV has changed to call fork() after creating its local socket. This causes weird behaviours when communicating on the socket [1] If fork() is called before creating the socket() it works. Is it safe to create a socket, fork(), and then call pthread_create() and read from the socket? The relevant passages from the Single Unix Specification were cited in the thread on the FreeBSD list. The rule is that if the process had more than one thread when fork() was called, then the child can only call async-signal safe functions until it calls execle(), execve(), _exit(), or _Exit(). pthread_create() is not async-signal safe, so to answer your question to you have to look at the state of the process before the call to fork(). The underlying problem is that after the fork(), the child's state may include such things as mutexes which are locked by threads that no longer exist and mutexes that have non-existent threads in their 'waiting' queue. pthread_create() probably needs to allocate memory for the thread's handle and stack; if some other thread was in malloc() at the time of the fork(), then the heap is probably both locked and inconsistent in the child. It seems not to work, the thread gets stuck in pthread_mutex_lock(), and it is not woken up even after the mutex is free. Moving fork() before the socket avoids this. Is this intended behaviour or a bug? If there was more than one thread in the process when fork() was called, then it's a bug in clamav. Period. (If there were any threads before the fork() that may have been blocked on the mutex, then the behavior is completely predictable, as the mutex's wait queue has an entry for a thread that no longer exists.) I found that calling non-async-signal-safe functions after fork() can cause problems on FreeBSD [2], is the situation the same on OpenBSD? Yes. The program is non-conformant. Philip Guenther
Re: [OT] Pursuing Management to adopt OpenBSD
Chris wrote: I been trying (rather unsuccessfully) to convince various clients and employers to adopt OpenBSD. Most people, I find, are resistent to change and would not use anything they are not familiar with. Others would say that if I leave the job, it would be hard to find people who can use (or even heard of) OpenBSD and in some places Management never heard of OpenBSD and have very little clue as to how good or bad it is compared to Linux/ Solaris and Windows thus they will just knock off the proposal in 2 seconds. Is there any way I could convince these people to make the move to OpenBSD? Suggestions, tips and tricks along with real life examples would be much appreciated. Thanks. *) Respect the work that has come before you. No one likes someone who walks in and says, Let's change everything, because this is what I know!. Wait until you know the real problems...then deliver solutions based on the problem, not based on your desires. *) Prove to them that you know what you are doing on OTHER things. Solve real problems, make things work better, document existing systems. Give them reason to trust your judgment and quality of work. *) Prove to them that you can (and do) document the systems you are responsible for. *) Point out the relative unknownness of various products already in your environment. I.e., if you have a SAN that only one person in the office knows how to configure, you have just won the not familiar argument. Even if it is the Indu$try $andard $olution, the How you configured it in your environment is critical. *) Point out that people who know OpenBSD may not be falling out of trees, people who REALLY know Linux, Solaris, Cisco, Juniper, EMC, Xiotech, Windows, etc. WELL (i.e., not just a hack with a sheet of paper that would be more useful in the bathroom than on the wall) are not common, either...and if they are really good at what they do, they already have jobs, and you will pay THROUGH THE NOSE and every other orifice you have to get them to come work for you. The ones sitting around waiting for the phone to ring aren't that good. I recently heard a guy enjoying the idea of a $150k/yr job he had heard about to maintain an industry standard firewall. Why so much? Because there weren't very many good people available to maintain this standard device. AND, the ability to grow-your-own expert was about zero, because you could not grab an old junk machine and build a demo or test machine, you had to shell out big money for their box and their training. And, if you don't pay them a lot, your expert will go elsewhere once you make them an expert. *) Show how easy it is to BUILD your own experts. If you want to learn Solaris, you will be looking at buying some newish computers to run it on. If you want to learn OpenBSD, you can do it on old junk! You can teach your co-workers, they can work with old company equipment to learn more. Try that with the big name products. (funny story: former employer, we built a very nice set of OpenBSD firewalls. Massive redundancy, DR, etc., ALL out of spare parts. An ex-boss got a bug up his butt about having Juniper on his resume, so he brought in a pair of probably $40k Juniper firewalls. But...I don't speak Juniper. Fine, we'll have E. do it!. E. wasn't quite up to the task, and he got fed up with the BS and quit. Now the boss had NO one who could bring up his babies. He was later fired, and the new resume-stuffing boss didn't like Juniper, but liked Cisco, so in come a new pair of $50k boxes. The never-used Junipers are currently sitting in a warehouse somewhere, and a consultant made a LOT of money replacing our OpenBSD firewalls with the Ciscos that accomplished the EXACT SAME THING). *) Point out that there are a lot of people LOOKING for experts in these industry standard systems, and they are not finding good ones. Lots of people looking is BAD for your company, not good! That bids up the prices and that discourages long-term employment. *) Demonstrate, don't talk. Don't say, it would be nice if you handed me $4000 for this project, grab an old junk machine and build a demonstrator. Do it right -- include the disaster recovery, the backup, the repair and the documentation in your demonstrator. IF it proves that's all you need, you are done! *) Hook your co-workers. OpenBSD is fun, and it is very easy to learn (not just load). I managed to get a co-worker interested, he's now got an OpenBSD machine at home, which has been doing real work for him and solving problems (and the Windows box puked its guts, but the data was stored on Samba on the OpenBSD box, and now his wife is a fan, too! :) Guess what? We now have TWO OpenBSD experts in the office. (which is probably more than we have of the official company solution). *) Solve real problems with OpenBSD. On my second day on the job, the guy I was replacing told me about one problem he had -- a mail server would collect huge amounts of mailer
CanSecWest 2008 PWN2OWN - Mar 26-28
Calendar Notes: === PacSec 2008 will be on November 12/13 in Tokyo at Aoyama Diamond Hall. EUSecWest 2008 will be on May 21/22 at a fun new venue in central London. (We cooked this schedule up so it will enable people to fly to Berlin on the 23rd and make FX's ph-neutral on Saturday the 24th - which also has a fun new venue. Island???!?) The EUSecWest 2008 CFP opens tomorrow and closes _before_ April 1 :-). EUSecWest registration is now open. Announcing CanSecWest PWN2OWN 2008. === Three targets, all patched. All in typical client configurations with typical user configurations. You hack it, you get to keep it. Each has a file on them and it contains the instructions and how to claim the prize. Targets (typical road-warrior clients): VAIO VGN-TZ37CN running Ubuntu 7.10 Fujitsu U810 running Vista Ultimate SP1 MacBook Air running OSX 10.5.2 This year's contest will begin on March 26th, and go during the presentation hours and breaks of the conference until March 28th. The main purpose of this contest is to present new vulnerabilities in these systems so that the affected vendor(s) can address them. Participation is open to any registered attendee of CanSecWest 2008. Once you extract your claim ticket file from a laptop (note that doing so will involve executing code on the box, simple directory traversal style bugs are inadequate), you get to keep it. You also get to participate in 3com / Tipping Point's Zero Day Initiative, with the top award for remote, pre-auth, vulnerabilities being increased this year. Fine print and details on the cash prizes are available from TippingPoint's DVLabs blog (http://dvlabs.tippingpoint.com/). More fine print and rules for the contest will be found at the http://cansecwest.com/ site. Quick Overview: -Limit one laptop per contestant. -You can't use the same vulnerability to claim more than one box, if it is a cross-platform issue. -Thirty minute attack slots given to contestants at each box. -Attack slots will be scheduled at the contest start by the methods selected by the judges. -Attacks are done via crossover cable. (attacker controls default route) -RF attacks are done offsite by special arrangement... -No physical access to the machines. -Major web browsers (IE, Safari, Konqueror, Firefox), widely used and deployed plugin frameworks (AIR, Silverlight), IM clients (MSN, Adium, Skype, Pigdin, AOL, Yahoo), Mail readers (Outlook, Mail.app, Thunderbird, kmail) are all in scope. Fine Print: These computers are REAL and FULLY patched. All third party software is widely used. There are no imitation vulnerabilities. Any exploit successfully used in this contest would also compromise a significant percentage of Internet connected hosts. Instead, players choose to use their exploits here, at CanSecWest PWN2OWN 2008. All successful exploits will be turned over to the appropriate vendor and patched before details are made public. Rules 1. Attacks remain confidential until prize is claimed Players will connect to the targets with a crossover cable and we will not record the network traffic or log anything other than what is done by default. Successful exploits can be delivered directly to Tipping Point after the we verify that you control the target. In the event that internet connectivity is required (eg. IM clients) we will put the target online behind a firewall. We won't sniff at the firewall, but we can make no guarentees for upstream networks. (so be careful what you send over the Internet!) 2. No wireless attacks in the conference area Players with intent to use wireless attacks must inform us in advance. We will relocate to a secluded, undisclosed location where there won't be dozens of people watching the traffic. 3. One attacker per target at a time As is obvious from rule #1 and rule #2, one player gets exclusive access to any target at one time. 4. Players take turns, no hogging the targets Players are limited to 30 minutes per attempt. We will mercilessly disconnect your cable at the end of each attack slot. Be fast! We will reboot the targets before each session begins. 5. First come, first served access to targets. Players get in line for their turns and may take an unlimited number of turns. If a player runs out of time and no one else is waiting for access to the target he may continue for another turn. Players may not have more than 1 turn in any 30 minute period. (That means we won't reboot a target any time you feel like it) 6. Remote, pre-authentication attacks are required to win Players may not physically touch the targets or look at the target's display. Players are required to demonstrate to our satisfaction that arbitrary code runs on the target. 7. Attackers control the default route for the target. Players may become the target's default gateway in order to perform man in the middle attacks. 8. Contest officials
Re: trouble configuring snmpd
On Fri, Mar 21, 2008 at 12:23:45AM +0200, Fratiman Vladut wrote: rocommunity someone When i run snmpd in debug mode, i receive an error that say about syntax error into snmpd.conf at line where is defined community name. What is wrong? are you trying to use openbsd's snmpd with a net-snmp configuration? it is totally different. reyk