PF blocking outbound packets that don't have S/SA flags
OS: OpenBSD 4.4 RELEASE i386 PF is blocking traffic that I want it to pass. I notice this when I run nmap 4.76 (compiled from source). It appears that my packets are being dropped because they don't match the pass out quick rule in my pf.conf. I noticed this rule is modified due to the default setting to match on flags S/SA. How do I create a rule to ignore the flags S/SA so that my scans can complete? # nmap -sS -T5 -sV -p- 2.2.2.2 Starting Nmap 4.76 ( http://nmap.org ) at 2008-11-20 22:47 PST sendto in send_ip_packet: sendto(4, packet, 40, 0, 2.2.2.2, 16) = No route to host Offending packet: TCP 1.1.1.1:37016 2.2.2.2:80 A ttl=45 id=13618 iplen=40 seq=3279582132 win=2048 ack=3457570278 Sleeping 15 seconds then retrying sendto in send_ip_packet: sendto(4, packet, 40, 0, 2.2.2.2, 16) = No route to host Offending packet: TCP 1.1.1.1:37016 2.2.2.2:80 A ttl=45 id=13618 iplen=40 seq=3279582132 win=2048 ack=3457570278 Sleeping 60 seconds then retrying (truncated for brevity) PF logs show that the packets are dropped due to rule 0 match: # tcpdump -n -e -ttt -s 1514 -r /var/log/pflog host 2.2.2.2 Nov 20 22:42:37.938337 rule 0/(match) block out on fxp0: 1.1.1.1.46363 2.2.2.2.80: . ack 834370022 win 2048 Nov 20 22:42:52.940776 rule 0/(match) block out on fxp0: 1.1.1.1.46363 2.2.2.2.80: . ack 1 win 2048 Nov 20 22:45:02.202499 rule 0/(match) block out on fxp0: 1.1.1.1.42175 2.2.2.2.80: . ack 2174811336 win 1024 Nov 20 22:45:17.206752 rule 0/(match) block out on fxp0: 1.1.1.1.42175 2.2.2.2.80: . ack 1 win 1024 Nov 20 22:46:17.194321 rule 0/(match) block out on fxp0: 1.1.1.1.42175 2.2.2.2.80: . ack 1 win 1024 Nov 20 22:47:12.874250 rule 0/(match) block out on fxp0: 1.1.1.1.37016 2.2.2.2.80: . ack 3457570278 win 2048 Nov 20 22:47:27.877828 rule 0/(match) block out on fxp0: 1.1.1.1.37016 2.2.2.2.80: . ack 1 win 2048 Nov 20 22:48:27.865343 rule 0/(match) block out on fxp0: 1.1.1.1.37016 2.2.2.2.80: . ack 1 win 2048 (truncated for brevity) Here are my PF rules # pfctl -s rules block return log all block return in quick inet6 all pass quick proto icmp all keep state allow-opts pass out quick all flags S/SA keep state allow-opts pass in log on fxp0 proto tcp from any to (fxp0) port = ssh flags S/SA keep state pass in on fxp0 proto tcp from any to (fxp0) port = www flags S/SA keep state pass quick on vlan0 all flags S/SA keep state allow-opts pass quick on vlan1 all flags S/SA keep state allow-opts Here is my pf.conf # cat /etc/pf.conf # SETTINGS set block-policy return set loginterface fxp0 set skip on lo scrub in # NAT/RDR nat on fxp0 from !(fxp0) to any - (fxp0) # RULES block log all block in quick inet6 all pass quick proto icmp allow-opts pass out quick all allow-opts pass in log on fxp0 proto tcp from any to (fxp0) port 22 pass in on fxp0 proto tcp from any to (fxp0) port 80 pass quick on vlan0 allow-opts pass quick on vlan1 allow-opts
USB RFID Reader misreads
Hi all, i have a RFID Proximity Card Reader connected to a Computer via USB. Basically how they work is that as soon a RFID Card comes near it, the Reader reads the Number on the Card, and sends it to STDIN followed by a newline Character. It really works the same as a Magnetic Card Reader, Barcode Scanner, standard USB keyboard. The problem i am having is that the Reader misreads the Number on the Card more than often. For example a swipe should look like: 0011920435 0011920435 but often it does look like: 001cr20435 001192\s30435 920435 I have tried under : i386 OpenBSD 4.3 PC i386 OpenBSD 4.4 ThinkPad X61 Laptop macppc OpenBSD 4.4 Macmini macppc OpenBSD 4.4 iMac All of this with 2 different USB Readers. Mostly the same results, too many misreads. no matter how slow or fast i swipe the Card. Now, one thing that i have noticed is that when i first plugin a normal USB Keyboard, AND THEN plug in the USB Reader next to it, everything works great. I have tested and repeated this behavior on the macppc MacMini. Trying with a PS/2 Version of the Reader, it works all great, no Problems (but there is no ps/2 on the macppc's nor on my Laptop anymore. grr.) I have tried the USB Reader on a Windows XP Machine, and it works like it should. First detects it as a USB Keyboard, and then nicely reads any card i swipe at it. I also tried it on a Ubuntu Linux Asus Laptop, and it works as well. Now what i want to ask is obviously, does anyone have any idea what i could try to do to make my USB Reader work nicely and don't misread all the time? Will anyone work with me to make it work, or at least figure out why it doesn't? Maybe there is some way i can tune the behaviour of attached USB Keyboards, so that they (?) somehow give the Reader more time before attempting to read the Card. Thanks and best regards, David
Re: PF blocking outbound packets that don't have S/SA flags
On 01:10:03 Nov 21, Joe S wrote: OS: OpenBSD 4.4 RELEASE i386 PF is blocking traffic that I want it to pass. I notice this when I run nmap 4.76 (compiled from source). It appears that my packets are being dropped because they don't match the pass out quick rule in my pf.conf. I noticed this rule is modified due to the default setting to match on flags S/SA. How do I create a rule to ignore the flags S/SA so that my scans can complete? # nmap -sS -T5 -sV -p- 2.2.2.2 Starting Nmap 4.76 ( http://nmap.org ) at 2008-11-20 22:47 PST sendto in send_ip_packet: sendto(4, packet, 40, 0, 2.2.2.2, 16) = No route to host Offending packet: TCP 1.1.1.1:37016 2.2.2.2:80 A ttl=45 id=13618 iplen=40 seq=3279582132 win=2048 ack=3457570278 Sleeping 15 seconds then retrying sendto in send_ip_packet: sendto(4, packet, 40, 0, 2.2.2.2, 16) = No route to host Offending packet: TCP 1.1.1.1:37016 2.2.2.2:80 A ttl=45 id=13618 iplen=40 seq=3279582132 win=2048 ack=3457570278 Sleeping 60 seconds then retrying (truncated for brevity) PF logs show that the packets are dropped due to rule 0 match: # tcpdump -n -e -ttt -s 1514 -r /var/log/pflog host 2.2.2.2 Nov 20 22:42:37.938337 rule 0/(match) block out on fxp0: 1.1.1.1.46363 2.2.2.2.80: . ack 834370022 win 2048 Nov 20 22:42:52.940776 rule 0/(match) block out on fxp0: 1.1.1.1.46363 2.2.2.2.80: . ack 1 win 2048 Nov 20 22:45:02.202499 rule 0/(match) block out on fxp0: 1.1.1.1.42175 2.2.2.2.80: . ack 2174811336 win 1024 Nov 20 22:45:17.206752 rule 0/(match) block out on fxp0: 1.1.1.1.42175 2.2.2.2.80: . ack 1 win 1024 Nov 20 22:46:17.194321 rule 0/(match) block out on fxp0: 1.1.1.1.42175 2.2.2.2.80: . ack 1 win 1024 Nov 20 22:47:12.874250 rule 0/(match) block out on fxp0: 1.1.1.1.37016 2.2.2.2.80: . ack 3457570278 win 2048 Nov 20 22:47:27.877828 rule 0/(match) block out on fxp0: 1.1.1.1.37016 2.2.2.2.80: . ack 1 win 2048 Nov 20 22:48:27.865343 rule 0/(match) block out on fxp0: 1.1.1.1.37016 2.2.2.2.80: . ack 1 win 2048 (truncated for brevity) Here are my PF rules # pfctl -s rules block return log all block return in quick inet6 all pass quick proto icmp all keep state allow-opts pass out quick all flags S/SA keep state allow-opts pass in log on fxp0 proto tcp from any to (fxp0) port = ssh flags S/SA keep state pass in on fxp0 proto tcp from any to (fxp0) port = www flags S/SA keep state pass quick on vlan0 all flags S/SA keep state allow-opts pass quick on vlan1 all flags S/SA keep state allow-opts Here is my pf.conf # cat /etc/pf.conf # SETTINGS set block-policy return set loginterface fxp0 set skip on lo scrub in What happens when you remove the above scrub line? Have you tested? -Girish
Re: PF blocking outbound packets that don't have S/SA flags
On 2008-11-21, Joe S [EMAIL PROTECTED] wrote: How do I create a rule to ignore the flags S/SA Read pf.conf(5) about flags.
4.4 installation on a large disk
I'm trying to install x86 4.4-release on a RAID mirror 465.8g disk. The installation hangs after the last file set is installed (xserv44.tgz): it just sits there and I cannot use my keyboard anymore. The BIOS shows there are two disks of 500G. During the the installation I can see two disks: wd0 and wd1 - both same size: 465.8g. I tried installing on wd0 or wd1 but I get the same result: the installation hangs after the last file set is installed (xserv44.tgz): it just sits there and I cannot use my keyboard anymore. I used disk label and allocated: /tmp (20g), /home (100g), / (50g), /var (50g), /usr (50g), swap (3g). The other disks I can see during the installation are: sd0, sd1, sd2 and sd3 but dmesg says drive offline and won't let me install OpenBSD on them. I guess these are all USB drives. Thanks for any help.
softraid(4) in production environment
Hi all, As post subject says, it's a clear question ?Is it softraid(4) ready for a production system? I have to build a authentication (with OpenLDAP) system and I want to do it with OpenBSD; I absolutely tust on Marco's good job, but I must to know if softraid(4) is ready for a real and critical production system. I've used softraid(4) solution in the past without problems, but I think softraid(4) it's better designed and coded, so the logical way is trust on it. -- Thanks, Jordi Espasa Clofent
Re: softraid(4) in production environment
Sorry, I mean I've used raidframe in the past... -- Thanks, Jordi Espasa Clofent
Re: softraid(4) in production environment
Jordi Espasa Clofent schrieb: Hi all, As post subject says, it's a clear question ?Is it softraid(4) ready for a production system? I have to build a authentication (with OpenLDAP) system and I want to do it with OpenBSD; I absolutely tust on Marco's good job, but I must to know if softraid(4) is ready for a real and critical production system. I've used softraid(4) solution in the past without problems, but I think softraid(4) it's better designed and coded, so the logical way is trust on it. If it is that critical wouldn't it be better to have two simple ldap server and replicate with slurpd. You know: keep the systems simple. This remember me on the discussions on having raid in a firewall and the answer is ever use carp and make it redundant. So I suggest: use slurpd and make it redundant ;-) guido
Re: help with network connectivity
Maurice Janssen wrote: On Thursday, November 20, 2008 at 20:07:02 -0800, Jon wrote: the /etc/hostname.em0 has 'inet static IP 255.255.255.0 NONE' in it. wrong subnet mask, so I am going to guess anything else you have could be wrong, too, but that's the right syntax, a broadcast is NOT needed for a simple config. If you wish to specify other options, then yes, you will need a broadcast, but that's not what you are doing here. I can resolve using the gateway as my nameserver in /etc/resolve.conf the thing won't allow any traffic to go out - I am trying to ping yahoo.com... But if i update /etc/hostname.em0 to DHCP and do a dhclient - it work.. No issue. Then stick to DHCP. Why do you want to hardcode the IP to hostname.em0? probably because he wants to be on the outside of his router. This is how it is done with at least one variant of the Comcast cable service. If you use DHCP, you end up behind the router, if you use the assigned addresses, you end up outside the router. It seems to be one of those things they figure if you don't ask any questions or think about it, it's easy. Think about it, you end up on the phone with a few layers of tech support -- the first one punches into your router and reconfigures it, screwing it beyond his ability to fix. Then you get handed up-stream to someone who knows his stuff who says, oh, just use the static addresses you were given, you don't need to reconfigure the modem, it works, trust me. d'oh. It does. :) What I am doing wrong or missing ? It's very well possible that the DHCP request does a lot more on the other end than just send you an IP. (set a route to your end, for example). Without the DHCP request, this won't happen, hence the problems you're seeing. bah. If you set it right, you don't need DHCP. However, seeing what DHCP set for you is sometimes interesting, though I doubt it in this case. Start with no PF, and from the OpenBSD machine, ping the gateway. (failure means your basic config is wrong). Then ping an IP address outside your network that exists (failure means the gateway address you are using is not really a gateway). If that works, then ping by name (if that fails, its your DNS resolver). Don't worry about stuff BEHIND your OpenBSD machine until the OpenBSD machine works fine. What you are saying about your DNS resolver selection sounds wrong...but is completely unspecific, so I can't verify. I can be pretty sure that your gateway isn't coincidently one of Comcast's DNS resolvers. Nick.
softraid(4) in production environment
Hi all, As post subject says, it's a clear question ?Is it softraid(4) ready for a production system? I have to build a authentication (with OpenLDAP) system and I want to do it with OpenBSD; I absolutely tust on Marco's good job, but I must to know if softraid(4) is ready for a real and critical production system. I've used softraid(4) solution in the past without problems, but I think softraid(4) it's better designed and coded, so the logical way is trust on it. -- Thanks, Jordi Espasa Clofent
Re: atheros 5424 wireless chipset
I mailed this to Aaron offlist, but he suggested that someone else may have more to say about. So, I thought I'd send it on. The message I'm responding to is below mine. It merely indicates that his Atheros 5424 chipset works. On Thu, Nov 20, 2008 at 8:49 PM, Neal Hogan [EMAIL PROTECTED] wrote: Hello Mr. Hsu, I'm running -current, as well (amd64 -- 11/14) and my wifi is not working (i get a *HAL unable to reset hardware* error). Can you send me your dmesg and/or set me on the right path? Below is the output of *ifconfig* and my dmesg. Thanks! lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33160 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 ath0: flags=8823UP,BROADCAST,NOTRAILERS,SIMPLEX,MULTICAST mtu 1500 lladdr 00:22:69:86:96:77 groups: wlan media: IEEE802.11 autoselect status: no network ieee80211: nwid inet6 fe80::222:69ff:fe86:9677%ath0 prefixlen 64 scopeid 0x1 enc0: flags=0 mtu 1536 rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:1c:f0:bf:07:57 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::21c:f0ff:febf:757%rl0 prefixlen 64 scopeid 0x4 inet 192.168.1.66 netmask 0xff00 broadcast 192.168.1.255 pflog0: flags=141UP,RUNNING,PROMISC mtu 33160 groups: pflog OpenBSD 4.4-current (GENERIC.MP) #1985: Fri Nov 14 09:36:10 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2058207232 (1962MB) avail mem = 1998217216 (1905MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (74 entries) bios0: vendor LENOVO version 7UET43WW (1.13 ) date 08/19/2008 bios0: LENOVO 7417CTO acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT TCPA SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) EHC0(S3) EHC1(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.35 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 3MB 64b/line 8-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu1: 3MB 64b/line 8-way L2 cache ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus -1 (EXP2) acpiprt5 at acpi0: bus 5 (EXP3) acpiprt6 at acpi0: bus 13 (EXP4) acpiprt7 at acpi0: bus 21 (PCI1) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpicpu1 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 127 degC acpitz1 at acpi0: critical temperature 100 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 42T5225 serial 3388 type LION oem Panasonic acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock at acpi0 not configured acpivideo at acpi0 not configured acpivideo at acpi0 not configured cpu0: unknown i686 model 7, can't get bus clockcpu0: EST: unknown system bus clock pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x07 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp at vga1 not configured inteldrm0 at vga1:couldn't find agp Intel GM45 Video rev 0x07 at pci0 dev 2 function 1 not configured Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured Intel ICH9 IGP M AMT rev 0x03 at pci0 dev 25 function 0 not configured uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 1 int 20 (irq 11) uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 1 int 21 (irq 11) uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 1 int 22 (irq 11) ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 1 int 23 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x03: apic 1
Re: PF blocking outbound packets that don't have S/SA flags
Joe S escreveu: OS: OpenBSD 4.4 RELEASE i386 PF is blocking traffic that I want it to pass. I notice this when I run nmap 4.76 (compiled from source). It appears that my packets are being dropped because they don't match the pass out quick rule in my pf.conf. I noticed this rule is modified due to the default setting to match on flags S/SA. How do I create a rule to ignore the flags S/SA so that my scans can complete? You need to user something like flags any so any flags on the TCP will be allowed. HTH, Vinicius
Re: 4.4 installation on a large disk
On 2008-11-21, Chris [EMAIL PROTECTED] wrote: I'm trying to install x86 4.4-release on a RAID mirror 465.8g disk. The installation hangs after the last file set is installed (xserv44.tgz): it just sits there and I cannot use my keyboard anymore. The BIOS shows there are two disks of 500G. How long did you leave it?
Re: 4.4 installation on a large disk
On Fri, 21 Nov 2008 03:35:54 -0800 Chris [EMAIL PROTECTED] wrote: I'm trying to install x86 4.4-release on a RAID mirror 465.8g disk. ... The BIOS shows there are two disks of 500G. Sorry, my mind reading skills are less than perfect, but since your BIOS shows two disks, you might not using hardware RAID, so it seems as though you're trying to use softraid(4) on your boot disk, when the man page specifically reads: $ man softraid |grep boot There is no boot support at this time for any disciplines. If you've set the filesystem type to RAID as described in the softraid(4) man page, then you've probably skewered yourself in such a way that you're preventing a normal install on either wd0 or wd1. On the other hand... If you are actually using a supported hardware RAID controller, and you've used the CMOS/BIOS utility of the *controller* to set up a mirrored pair of disks, then the volume should be presented by the BIOS to the OS as a sdX device. Attempting to install onto wd0 or wd1 when the two disks are being used in a mirrored pair by the hardware RAID controller will probably cause all sorts of Bad Things (c)(tm)(r) to happen. If you mistakenly bought a dumb Windows RAID device which requires special MS-Windows drivers to perform the RAID functionality, then you are completely hosed. At the very best, you might get the device to function properly as a dumb controller but it will never work as advertised (e.g. a bootable RAID device). To spare yourself from further mind reading attempts, please provide more information, including the required dmesg, and also wear a high quality foil helmet. Thanks, J.C. Roberts
Re: atheros 5424 wireless chipset
Yup. Some of the 5424 chips work, and some don't. I have the same chipset as Neal, and are looking at it, but haven't had as much time as I would like. On 2008 Nov 21 (Fri) at 06:59:24 -0600 (-0600), Neal Hogan wrote: :I mailed this to Aaron offlist, but he suggested that someone else may have :more to say about. So, I thought I'd send it on. The message I'm responding :to is below mine. It merely indicates that his Atheros 5424 chipset works. : :On Thu, Nov 20, 2008 at 8:49 PM, Neal Hogan [EMAIL PROTECTED] wrote: : ... : ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: apic 1 int 20 (irq 11) : pci1 at ppb0 bus 2 : ppb1 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: apic 1 int 21 (irq 11) : : : pci2 at ppb1 bus 3 : ath0 at pci2 dev 0 function 0 Atheros AR5424 rev 0x01: apic 1 int 17 (irq 11) : ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR02W, address 00:22:69:86:96:77 -- Bombeck's Rule of Medicine: Never go to a doctor whose office plants have died.
possibly generic disk copy and restore question
Hello misc, I want to install OpenBSD/amd64 on my laptop (a recent Toshiba amd turon with 3GB RAM) and ONLY have OpenBSD on it, but before I do this, I need to know how I can image the disk and restore it subsequently. It has vista on, and I may need to restore vista should I subsequently need to sell the laptop at some future date. The hard disk was partitioned and formatted at the manufacturers. The first primary partition is not visible as usable space - I think this if from where the OS was prepped. Has anyone had this scenario, if so, what did you use to image the data? Have you restored it since? thanks -- John
Re: possibly generic disk copy and restore question
2008/11/21 dermiste [EMAIL PROTECTED]: cat(1) is the way to go. LOL. actually, dunno why I didn't see it before, but g4u seems to do what I want, sorry for the noise. -- John
IPsec: The same srcid, dstid and peer for multiple tunnels
Hi, Is it possible to have two or more subnets, each configured with the same srcid, dstid and peer? Currently I cannot make it work. It works only for the first subnet in the roadwarior config file. Is is possible at all, no matter what IPsec implementation I would like to use? # router: /etc/ipsec.conf(5) ike passive esp tunnel \ from 172.16.0.0/16 to any \ srcid net4511.example.com ike passive esp tunnel \ from 192.168.1.0/24 to any \ srcid net4511.example.com ike passive esp tunnel \ from 192.168.2.0/24 to any \ srcid net4511.example.com ike passive esp tunnel \ from 192.168.3.0/24 to any \ srcid net4511.example.com # roadwarior: /etc/ipsec.conf(5) ike dynamic esp tunnel \ from egress to 172.16.0.0/16 \ peer net4511.example.com \ srcid x40.openbsd.home.lan dstid net4511.example.com ike dynamic esp tunnel \ from egress to 192.168.3.0/24 \ peer net4511.example.com \ srcid x40.openbsd.home.lan dstid net4511.example.com Both systems are not older than: # sysctl -n kern.version OpenBSD 4.4-current (GENERIC) #1050: Wed Sep 10 12:18:05 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC -- best regards q#
Re: Latest Portable OpenNTPD?
* Anirban Sinha [EMAIL PROTECTED] [2008-11-21 04:33]: On 2008-11-21, Don Hiatt [EMAIL PROTECTED] wrote: I was looking at http://openntpd.org/ for the latest Portable OpenBSD an saw that it is at 3.9p1 while the non-portable is at 4.3. A colleague of mine is tired of fighting with ntpd.org's ntpd server so I suggested OpenNTPD. Is there a newer version of the Portable OpenNTPD or is 3.9p1 the latest? That's the latest portable version, but the OpenBSD one has since been improved. I am wondering if any work is currently underway to port the latest OpenNTPD to other platforms? Looks like there has been lot of good work in OpenNTPD since version 3.9. It would be really nice to have it for other platforms as well. not as far as I am aware. which is a pity. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: possibly generic disk copy and restore question
On Fri, 21 Nov 2008 14:14:19 + John . [EMAIL PROTECTED] wrote: Hello misc, I want to install OpenBSD/amd64 on my laptop (a recent Toshiba amd turon with 3GB RAM) and ONLY have OpenBSD on it, but before I do this, I need to know how I can image the disk and restore it subsequently. It has vista on, and I may need to restore vista should I subsequently need to sell the laptop at some future date. The hard disk was partitioned and formatted at the manufacturers. The first primary partition is not visible as usable space - I think this if from where the OS was prepped. Has anyone had this scenario, if so, what did you use to image the data? Have you restored it since? thanks My tool of choice for this is: dd Just dd the whole drive to a file, compress it and store it somewhere. Depending on how easy it is to rip out the harddrive and if you have another system around you can use for imaging that might be the fastest way. Otherwise you can image over the network or to an external medium. With usb-bootable systems i use a usbstick with openbsd to get a working enviroment. On older systems a knoppix cd still comes in handy. Over the network just redirect the output from dd over ssh. To restore the image just dd it back onto the drive. That's as simple as it gets and works also works for the funny partitions with the factory-restore stuff. To answer your last questions: Recently got a new Thinkpad, Vista license/media, XP preinstalled, no XP key/media, thought an image might come in handy sometime, imaged as described above, image-file is collecting dust scince then, don't really expect to restore it anytime soon. But an image produced this way can be restored and the system would be working the same way it was at the time you made the image. (If you only have a NTFS drive around to store the image, gparted+partimage would be another sollution.) - Robert
Re: possibly generic disk copy and restore question
John . wrote: Hello misc, I want to install OpenBSD/amd64 on my laptop (a recent Toshiba amd turon with 3GB RAM) and ONLY have OpenBSD on it, but before I do this, I need to know how I can image the disk and restore it subsequently. It has vista on, and I may need to restore vista should I subsequently need to sell the laptop at some future date. The hard disk was partitioned and formatted at the manufacturers. The first primary partition is not visible as usable space - I think this if from where the OS was prepped. Has anyone had this scenario, if so, what did you use to image the data? Have you restored it since? yep, just did this with my Acer Aspire One... Isn't it great how computers these days come with: great gobs of crapware already loaded. no good way to rebuild the system from scratch as it should be. but yes, imaging the existing disk is not a big issue: In my case, I plugged a USB HD into the thing, booted from an OpenBSD flash drive (think: live CD, only a lot easier to make, smaller, much more useful, more rugged, ...), then something like this: dd if=/dev/rwd0c bs=1m |gzip -o disk.img.gz You want the 'r' in there, rwd0c is the entire disk. The bs=1m makes it less painfully slow (it will take a while, but leaving off the bs= line will really, really hurt you), and since most of your disk is blank and probably filled with zeros, the compression will rock. Another very good option is g4u, which will allow you to image off individual partitions, so rather than pulling down a 250+G disk, you just pull the 10G restore partition...much faster, and goes over the 'net. Also (and I should put this in the FAQ), see gparted. In my case, I wanted to keep a Windows partition (it's amazing...people looking for Unix administrators want resumes in Word format. *sigh* OOo is good, but I don't trust its formatting to look as I expecte when a document is brought up in Word), gparted allowed me to shrink the existing windows partition down and put OpenBSD in the freed space. gparted did a good job of chopping down the Windows partition to a much smaller size. Personally, considering the size of a modern disk, I'd just keep the restore partition on the disk and not worry about it. Still, having an image available isn't bad in case you alter a little too much and the restore magic stops working. btw: another thing to consider is considering the price of a new huge disk, just pull the existing disk out of the computer, and replace it. If something goes wrong with the machine, put the factory disk back in, and now you can say in very clear conscience, if it is a software issue, it is YOUR software issue. Putting that question to rest might be worth the $80. :) Nick.
Re: IPsec: The same srcid, dstid and peer for multiple tunnels
On Fri, Nov 21, 2008 at 02:52:53PM +, Mikolaj Kucharski wrote:
Hi,
Is it possible to have two or more subnets, each configured with the
same srcid, dstid and peer? Currently I cannot make it work. It works
only for the first subnet in the roadwarior config file. Is is possible
at all, no matter what IPsec implementation I would like to use?
Thanks Mitja. To resolve my problem config on the router should look
like:
# router: /etc/ipsec.conf(5)
ike passive esp tunnel \
from { \
172.16.0.0/16 \
192.168.1.0/24 \
192.168.2.0/24 \
192.168.3.0/24 \
} to any \
srcid net4511.example.com
Roadwariors don't need to change anything. They can have multiple
tunnels defined separetly.
# roadwarior: /etc/ipsec.conf(5)
ike dynamic esp tunnel \
from egress to 172.16.0.0/16 \
peer net4511.example.com \
srcid x40.openbsd.home.lan dstid net4511.example.com
ike dynamic esp tunnel \
from egress to 192.168.3.0/24 \
peer net4511.example.com \
srcid x40.openbsd.home.lan dstid net4511.example.com
--
best regards
q#
Re: possibly generic disk copy and restore question
An even easier solution would be to just buy a new HDD, and stick the original into a static bag. Why make it harder than it needs to be? On 11/21/08, Robert [EMAIL PROTECTED] wrote: On Fri, 21 Nov 2008 14:14:19 + John . [EMAIL PROTECTED] wrote: Hello misc, I want to install OpenBSD/amd64 on my laptop (a recent Toshiba amd turon with 3GB RAM) and ONLY have OpenBSD on it, but before I do this, I need to know how I can image the disk and restore it subsequently. It has vista on, and I may need to restore vista should I subsequently need to sell the laptop at some future date. The hard disk was partitioned and formatted at the manufacturers. The first primary partition is not visible as usable space - I think this if from where the OS was prepped. Has anyone had this scenario, if so, what did you use to image the data? Have you restored it since? thanks My tool of choice for this is: dd Just dd the whole drive to a file, compress it and store it somewhere. Depending on how easy it is to rip out the harddrive and if you have another system around you can use for imaging that might be the fastest way. Otherwise you can image over the network or to an external medium. With usb-bootable systems i use a usbstick with openbsd to get a working enviroment. On older systems a knoppix cd still comes in handy. Over the network just redirect the output from dd over ssh. To restore the image just dd it back onto the drive. That's as simple as it gets and works also works for the funny partitions with the factory-restore stuff. To answer your last questions: Recently got a new Thinkpad, Vista license/media, XP preinstalled, no XP key/media, thought an image might come in handy sometime, imaged as described above, image-file is collecting dust scince then, don't really expect to restore it anytime soon. But an image produced this way can be restored and the system would be working the same way it was at the time you made the image. (If you only have a NTFS drive around to store the image, gparted+partimage would be another sollution.) - Robert
Re: IPsec: The same srcid, dstid and peer for multiple tunnels
On 2008-11-21, Mikolaj Kucharski [EMAIL PROTECTED] wrote:
On Fri, Nov 21, 2008 at 02:52:53PM +, Mikolaj Kucharski wrote:
Hi,
Is it possible to have two or more subnets, each configured with the
same srcid, dstid and peer? Currently I cannot make it work. It works
only for the first subnet in the roadwarior config file. Is is possible
at all, no matter what IPsec implementation I would like to use?
Thanks Mitja. To resolve my problem config on the router should look
like:
# router: /etc/ipsec.conf(5)
ike passive esp tunnel \
from { \
172.16.0.0/16 \
192.168.1.0/24 \
192.168.2.0/24 \
192.168.3.0/24 \
} to any \
srcid net4511.example.com
There is no difference between the two router configs, this is
exactly equivalent to the previous one you posted.. you can see
for yourself by examining output from ipsecctl -nvf file
Re: possibly generic disk copy and restore question
2008/11/21 Chris Zakelj [EMAIL PROTECTED]: An even easier solution would be to just buy a new HDD, and stick the original into a static bag. Why make it harder than it needs to be? True, but this is a home system, and I'm cheap. I want that 170GB drive ;) A side issue I have found is some laptop drives are non-transferable - they seem cryptographically locked to the controller they came from. I had 2 otherwise identical acer aspire laptops, both with Hitachi drives. One got wine spilled onto the keyboard and did something to the motherboard. Tried to whip out this harddrive and put it into the other laptop, and was prompted for a password after POST. I had never set any password (the machine was prepped at the factory). This occurred before any data on the HD could be read, so I think the facility is in the circuitry rather than the physical disk. -- John
Re: possibly generic disk copy and restore question
Thanks for all your help. certainly have some good pointers there. At least I'm not now in the dark, so to speak. -- John
Re: possibly generic disk copy and restore question
On Fri, 21 Nov 2008 11:05:58 -0500 Chris Zakelj [EMAIL PROTECTED] wrote: An even easier solution would be to just buy a new HDD, and stick the original into a static bag. Why make it harder than it needs to be? Oh my, what a question, but a valid point. To fully answer it i would have to reply with a novel, a psychology and economics paper. Executiv summary: waste. - Robert
Re: PF blocking outbound packets that don't have S/SA flags
On Fri, Nov 21, 2008 at 2:11 AM, Stuart Henderson [EMAIL PROTECTED] wrote: On 2008-11-21, Joe S [EMAIL PROTECTED] wrote: How do I create a rule to ignore the flags S/SA Read pf.conf(5) about flags. Thanks. I read everything but that man page. I added flags any to my pass out rule and my packets are no longer blocked by rule 0. # pfctl -s rules block return log all block return in quick inet6 all pass quick proto icmp all keep state allow-opts pass out quick all flags any keep state allow-opts pass in log on fxp0 proto tcp from any to (fxp0) port = ssh flags S/SA keep state pass in on fxp0 proto tcp from any to (fxp0) port = www flags S/SA keep state pass quick on vlan0 all flags S/SA keep state allow-opts pass quick on vlan1 all flags S/SA keep state allow-opts However, I'm still getting these messages: # nmap -sS -T5 -sV -p- 2.2.2.2 Starting Nmap 4.76 ( http://nmap.org ) at 2008-11-21 09:44 PST sendto in send_ip_packet: sendto(4, packet, 44, 0, 2.2.2.2, 16) = No route to host Offending packet: TCP 1.1.1.1:33717 2.2.2.2:38202 S ttl=57 id=19537 iplen=44 seq=3871189649 win=2048 mss 1460 Sleeping 15 seconds then retrying Why would it say no route to host? I can reach that system just fine. (By the way, those are not the real IPs)
Re: help with network connectivity
Hi So - finally got it.. I have the right gateway, ip, subnet masks, dns servers etc.. how ever I have to reboot the modem and the server multiple time to finally get it to work. It works - but it is really slowww... will check the network speeds and the dns order once more - but it is really slow.. will write up a report when I get every thing resolved. Sriram On Fri, Nov 21, 2008 at 9:18 AM, Tim Donahue [EMAIL PROTECTED]wrote: Jon wrote: but that 9dhcp) is not the requirement. I would like help setting the static IP on the node. this used to work - and after the 4.4 upgrade, I am having issues.. any help folks... Have you called your ISP and verified your assigned IP address information? Tim
Re: softraid(4) in production environment
Jordi Espasa Clofent wrote: As post subject says, it's a clear question ?Is it softraid(4) ready for a production system? I can only provide anecdotal support. I've been using it since August in a proxy-cache for a classroom of 24 dual boot Kubuntu/OS X machines. Seems ok. /Lars
laptop page for amd64 laptops
Hello misc, There's a laptop page for i386 laptops at http://www.openbsd.org/i386-laptop.html but none for amd64. Something that has success/failure stories plus dmesg xorg. Would it be a good idea to have one? Who to suggest to? I thought it'd be a good idea as it is a separate arch and there's a lot of them about... if this is the wrong list, please suggest the right one. -- John
Re: laptop page for amd64 laptops
On Fri, Nov 21, 2008 at 2:10 PM, John . [EMAIL PROTECTED] wrote: There's a laptop page for i386 laptops at http://www.openbsd.org/i386-laptop.html but none for amd64. Something that has success/failure stories plus dmesg xorg. Would it be a good idea to have one? Who to suggest to? I thought it'd be a good idea as it is a separate arch and there's a lot of them about... The hardware support should be identical, some of them even say so on. That page is also so poorly maintained I can only see two of them being worse. Watching the list traffic for a month is a far more reliable way to find out what works.
Re: possibly generic disk copy and restore question
On Fri, 21 Nov 2008 16:40:26 +0100, Robert wrote: On Fri, 21 Nov 2008 14:14:19 + John . [EMAIL PROTECTED] wrote: Hello misc, I want to install OpenBSD/amd64 on my laptop (a recent Toshiba amd turon with 3GB RAM) and ONLY have OpenBSD on it, but before I do this, I need to know how I can image the disk and restore it subsequently. It has vista on, and I may need to restore vista should I subsequently need to sell the laptop at some future date. The hard disk was partitioned and formatted at the manufacturers. The first primary partition is not visible as usable space - I think this if from where the OS was prepped. Has anyone had this scenario, if so, what did you use to image the data? Have you restored it since? thanks My tool of choice for this is: dd Just dd the whole drive to a file, compress it and store it somewhere. Depending on how easy it is to rip out the harddrive and if you have another system around you can use for imaging that might be the fastest way. Otherwise you can image over the network or to an external medium. With usb-bootable systems i use a usbstick with openbsd to get a working enviroment. On older systems a knoppix cd still comes in handy. Over the network just redirect the output from dd over ssh. To restore the image just dd it back onto the drive. That's as simple as it gets and works also works for the funny partitions with the factory-restore stuff. No it doesn't. Well maybe on some system I haven't experienced but on every one I've looked at it does not. I first ran into it on an IBM NT or 2k box (not mine) that came with a 15GB drive with a manufacturer's label saying 20GB. I dd'ed am image to experiment with and that image was 15GB and did NOT include a recovery partition. I later found out how to unhide the partition and the image was then 20GB. I have always unhidden the recovery bit on every drive I have worked with since to make backup images possible. Mind out though, unhidden rescue partitions are ready for destruction if carelessness arrives. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: PF blocking outbound packets that don't have S/SA flags
On Fri, Nov 21, 2008 at 10:46 AM, Joe S [EMAIL PROTECTED] wrote: I added flags any to my pass out rule and my packets are no longer blocked by rule 0. # pfctl -s rules block return log all block return in quick inet6 all pass quick proto icmp all keep state allow-opts pass out quick all flags any keep state allow-opts pass in log on fxp0 proto tcp from any to (fxp0) port = ssh flags S/SA keep state pass in on fxp0 proto tcp from any to (fxp0) port = www flags S/SA keep state pass quick on vlan0 all flags S/SA keep state allow-opts pass quick on vlan1 all flags S/SA keep state allow-opts However, I'm still getting these messages: # nmap -sS -T5 -sV -p- 2.2.2.2 Starting Nmap 4.76 ( http://nmap.org ) at 2008-11-21 09:44 PST sendto in send_ip_packet: sendto(4, packet, 44, 0, 2.2.2.2, 16) = No route to host Offending packet: TCP 1.1.1.1:33717 2.2.2.2:38202 S ttl=57 id=19537 iplen=44 seq=3871189649 win=2048 mss 1460 Sleeping 15 seconds then retrying Why would it say no route to host? I can reach that system just fine. (By the way, those are not the real IPs) Perhaps you're hitting pf's default state limit? If you're going to be nmapping, I highly recommend doing it from a host that's not firewalled.
Re: Logging interface state changes
route monitor ?
--
WBR,
Pereresus ne Vlezaet Buggy
That's an interesting tool, but it's not what I'm looking for.
My current solution is an incredibly awkward ifstated.conf (pasted below).
Is this really the best way to do it? I have no idea what's involved
with logging interface state changes, but it's something that any
router, firewall, or server needs. PCs are debatable, but I prefer
that mine log it. I'd like to file a feature request but before I do,
is there something I'm missing here? Is there a specific reason it was
decided to keep this functionality out of the OS?
-HKS
-
ifstated.conf:
-
# global config
init-state main
vr0_up = vr0.link.up
state main {
init {
run
}
if $vr0_up || ! $vr0_up {
logger ifstatus change. vr0 `ifconfig vr0 | grep status: | sed
's/^[[:space:]]//'`, vr1 `ifconfig vr1 | grep status: | sed
's/^[[:space:]]//'`, vr2 `ifconfig vr2 | grep status: | sed
's/^[[:space:]]//'`, vr1 `ifconfig vr3 | grep status: | sed
's/^[[:space:]]//'`
}
}
Re: PF blocking outbound packets that don't have S/SA flags
On Fri, Nov 21, 2008 at 2:13 PM, Daniel Melameth [EMAIL PROTECTED] wrote: Perhaps you're hitting pf's default state limit? If you're going to be nmapping, I highly recommend doing it from a host that's not firewalled. Could be. I will look into that. I'm starting to wonder if the error message from OpenBSD is lying. I can indeed route to the host.
Re: Logging interface state changes
On Fri, Nov 21, 2008 at 5:18 PM, (private) HKS [EMAIL PROTECTED] wrote:
route monitor ?
--
WBR,
Pereresus ne Vlezaet Buggy
That's an interesting tool, but it's not what I'm looking for.
My current solution is an incredibly awkward ifstated.conf (pasted below).
Is this really the best way to do it? I have no idea what's involved
with logging interface state changes, but it's something that any
router, firewall, or server needs. PCs are debatable, but I prefer
that mine log it. I'd like to file a feature request but before I do,
is there something I'm missing here? Is there a specific reason it was
decided to keep this functionality out of the OS?
-HKS
-
ifstated.conf:
-
# global config
init-state main
vr0_up = vr0.link.up
state main {
init {
run
}
if $vr0_up || ! $vr0_up {
logger ifstatus change. vr0 `ifconfig vr0 | grep status: | sed
's/^[[:space:]]//'`, vr1 `ifconfig vr1 | grep status: | sed
's/^[[:space:]]//'`, vr2 `ifconfig vr2 | grep status: | sed
's/^[[:space:]]//'`, vr1 `ifconfig vr3 | grep status: | sed
's/^[[:space:]]//'`
}
}
Whoops, posted an ifstated.conf writeup that had incorrect syntax.
Here's the correct version:
init-state main
vr0_up = vr0.link.up
state main {
init {
run
}
if $vr0_up || ! $vr0_up {
run logger \ifstatus change. vr0 `ifconfig vr0 |
grep status: | sed 's/^[[:space:]]//'`, vr1 `ifconfig vr1 | grep
status: | sed 's/^[[:space:]]//'`, vr2 `ifconfig vr2 | grep status: |
sed 's/^[[:space:]]//'`, vr3 `ifconfig vr3 | grep status: | sed
's/^[[:space:]]//'`\
}
}
Re: PF blocking outbound packets that don't have S/SA flags
On Fri, Nov 21, 2008 at 2:29 PM, Joe S [EMAIL PROTECTED] wrote: On Fri, Nov 21, 2008 at 2:13 PM, Daniel Melameth [EMAIL PROTECTED] wrote: Perhaps you're hitting pf's default state limit? If you're going to be nmapping, I highly recommend doing it from a host that's not firewalled. Could be. I will look into that. I'm starting to wonder if the error message from OpenBSD is lying. I can indeed route to the host. Ok. This is solved. When I increased the state limits in pf.conf to 20, these error messages went away. I'm embarrassed this took me so long to figure out. The no route to host error was sending me down the wrong path.
any binary compatibility on sparc64 port?
Hey guys, Just wondering if the sparc64 ports supports any binary emulation modes. COMPAT_LINUX perhaps. That would be great cuz I have all this RAM on my servers and people in my lab would like to use MATLAB to run computations. Currently, I have Octave on there, but we need MATLAB for some specialized tasks. Also, I was looking into recompiling the kernel in sparc64 and I notice no such compiling directories or example config files exist in /usr/src. What do I have to do to compile my own kernel in sparc64? Thanks, Vivek
Re: PF blocking outbound packets that don't have S/SA flags
On 2008-11-21, Joe S [EMAIL PROTECTED] wrote: On Fri, Nov 21, 2008 at 2:13 PM, Daniel Melameth [EMAIL PROTECTED] wrote: Perhaps you're hitting pf's default state limit? If you're going to be nmapping, I highly recommend doing it from a host that's not firewalled. Could be. I will look into that. I'm starting to wonder if the error message from OpenBSD is lying. I can indeed route to the host. EHOSTUNREACH (No route to host) is the usual message when PF blocks a locally sourced packet.
Re: Logging interface state changes
On 2008-11-21, (private) HKS [EMAIL PROTECTED] wrote: My current solution is an incredibly awkward ifstated.conf (pasted below). it's still a hack, but a little less awkward to run ospfd with all the interfaces set as passive which just happens to log this information..
Re: Fresh install question
On Mon, Nov 17, 2008 at 01:14:46AM -0600, Denny White spoke thusly: I've always tried to do a fresh install any time possible, and then copy all my backed up /home and /data stuff back to the new installed system. I'm just trying to figure out if there's a way to keep those 2 slices intact while wiping out and recreating everything else, i.e., /usr, /var, /tmp. I rebooted on the new 4.4 install cd and tried to see if there was a different way to go about things but couldn't figure it out there. I read up on disklabel fdisk googled around for a couple of days before asking the list. So, if someone knows where I can find some info on it, I'd really appreciate it. Replying to myself to say the advice from Nick, Girish, Jorge, Alexander, and Tom was great. Never went through a smoother reinstall! All /home and /data intact with no need to work this aging box any harder than is necessary. Thanks to all and thanks to Theo and the devs for a great OS! 4.4 is tops, just as expected. -- Denny White === GnuPG key : 0x1644E79A | http://wwwkeys.nl.pgp.net Fingerprint: D0A9 AD44 1F10 E09E 0E67 EC25 CB44 F2E5 1644 E79A ===
Re: USB RFID Reader misreads
* David Schulz [EMAIL PROTECTED] [2008-11-21 17:17:57]: Hi all, i have a RFID Proximity Card Reader connected to a Computer via USB. Basically how they work is that as soon a RFID Card comes near it, the Reader reads the Number on the Card, and sends it to STDIN followed by a newline Character. It really works the same as a Magnetic Card Reader, Barcode Scanner, standard USB keyboard. The problem i am having is that the Reader misreads the Number on the Card more than often. For example a swipe should look like: 0011920435 0011920435 but often it does look like: 001cr20435 001192\s30435 920435 I have tried under : i386 OpenBSD 4.3 PC i386 OpenBSD 4.4 ThinkPad X61 Laptop macppc OpenBSD 4.4 Macmini macppc OpenBSD 4.4 iMac All of this with 2 different USB Readers. Mostly the same results, too many misreads. no matter how slow or fast i swipe the Card. Now, one thing that i have noticed is that when i first plugin a normal USB Keyboard, AND THEN plug in the USB Reader next to it, everything works great. I have tested and repeated this behavior on the macppc MacMini. Trying with a PS/2 Version of the Reader, it works all great, no Problems (but there is no ps/2 on the macppc's nor on my Laptop anymore. grr.) I have tried the USB Reader on a Windows XP Machine, and it works like it should. First detects it as a USB Keyboard, and then nicely reads any card i swipe at it. I also tried it on a Ubuntu Linux Asus Laptop, and it works as well. Now what i want to ask is obviously, does anyone have any idea what i could try to do to make my USB Reader work nicely and don't misread all the time? Will anyone work with me to make it work, or at least figure out why it doesn't? Maybe there is some way i can tune the behaviour of attached USB Keyboards, so that they (?) somehow give the Reader more time before attempting to read the Card. Thanks and best regards, David A dmesg would help. In all likelyhood, your hardware is not following the HID spec. -- Travers Buda
Re: Latest Portable OpenNTPD?
On Fri, Nov 21, 2008 at 04:36:36PM +0100, Henning Brauer wrote: * Anirban Sinha [EMAIL PROTECTED] [2008-11-21 04:33]: On 2008-11-21, Don Hiatt [EMAIL PROTECTED] wrote: I was looking at http://openntpd.org/ for the latest Portable OpenBSD an saw that it is at 3.9p1 while the non-portable is at 4.3. A colleague of mine is tired of fighting with ntpd.org's ntpd server so I suggested OpenNTPD. Is there a newer version of the Portable OpenNTPD or is 3.9p1 the latest? That's the latest portable version, but the OpenBSD one has since been improved. I am wondering if any work is currently underway to port the latest OpenNTPD to other platforms? Looks like there has been lot of good work in OpenNTPD since version 3.9. It would be really nice to have it for other platforms as well. not as far as I am aware. which is a pity. Robert Nagy did a bunch of work pulling in much of the recent changes. I put up a snapshot[1] a while back with these, but there's been no release. There's more work to be done, and some of it is going to be nontrivial to port (eg sensors, adjtime(NULL, olddelta) returning the remaining offset) and I have been busy with other things and slacking in this department. [1] http://www.zip.com.au/~dtucker/openntpd/snapshot/ -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
A Distancia. Inscripcion 2009.
Por favor Por favor, no responda este mail. Si desea responder, hagalo a la direccion que figura al pie. Inscripciones 2009 Psicologia Social Organiza Fundacion Tehuelche SupervisionGeneral Licenciada Diana Coblier Primera Escuela Virtual de Psicologia Social Totalmente a Distancia Para Hispano Parlantes de todo el pams y del mundo. Tel. 011 - 48657124 Escuela de Psicologia Social de Trelew Presencial una vez por semana Urquiza 458. Telef. 02965 - 15 - 685937 Lunes a Viernes de 18 a 21 horas. Escuela de Psicologia Social de Puerto Madryn Presencial una vez por semana. Telef. 02965 - 15 - 503239 Teorma y Ticnica Pichon Riviere Certificados de Estudios Privados, avalados por la propia Institucion Trabajo de Campo desde Primer Aqo Inscripcion bonificada hasta el viernes 5 de diciembre . Para consultas por Internet, remitir mail a [EMAIL PROTECTED] Si no desea seguir recibiendo nuestra info, por favor, mandar mail a [EMAIL PROTECTED] con la palabra remover en el Asunto.
ping: sendto: No buffer space avaible
Hi.
I get such message every morning when I come to my work.
I try to increase limits in pf.conf: set limit { states 5, frags 5,
src-nodes 5 } but it doesn't solve this problem.
My ip: 193.239.143.252.
Routing table:
default193.239.143.193UGS 314062 - tun0
127/8 127.0.0.1 UGRS00 33208 lo0
127.0.0.1 127.0.0.1 UH 3 815 33208 lo0
172.16.9.1 172.16.50.254 UGHS214395 - vr0
172.16.50/24 link#1 UC 10 - vr0
172.16.50.254 fe:2a:a9:73:5a:0e UHLc10 - vr0
192.168.0/24 link#2 UC 60 - vr1
192.168.0.200:0e:2e:0d:2f:52 UHLc0 1170 - vr1
192.168.0.500:0c:76:b5:b6:cf UHLc113167 - vr1
192.168.0.20 00:18:f3:07:d6:e8 UHLc07 - vr1
192.168.0.200 00:50:70:74:3e:1d UHLc0 80 - vr1
192.168.0.222 00:50:70:74:3d:bc UHLc0 39 - vr1
192.168.0.246 00:03:47:e3:7d:92 UHLc0 36 - vr1
193.239.143.193193.239.143.252UH 10 1500 tun0
224/4 127.0.0.1 URS 00 33208 lo0
Dmesg:
OpenBSD 4.3-stable (ROUTER.i386) #2: Tue Oct 14 21:20:56 EEST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ROUTER.i386
cpu0: Intel(R) Celeron(TM) CPU 1200MHz (GenuineIntel 686-class) 1.20 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 402157568 (383MB)
avail mem = 384663552 (366MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/18/01, BIOS32 rev. 0 @ 0xfb130,
SMBIOS rev. 2.2 @ 0xf0800 (38 entries)
bios0: vendor Award Software International, Inc. version 6.00 PG date
10/18/2001
bios0: FASTFAME TECHNOLOGY CO.,LTD. 3IDF 3IEF
apm0 at bios0: Power Management spec V1.2 (slowidle)
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf94
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfded0/176 (9 entries)
pcibios0: PCI Exclusive IRQs: 5 7 10 11 12
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371SB ISA rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82815 Host rev 0x04
agp0 at pchb0: aperture at 0xe000, size 0x240
ppb0 at pci0 dev 1 function 0 Intel 82815 AGP rev 0x04
pci1 at ppb0 bus 1
vga0 at pci1 dev 0 function 0 ATI Mach64 GZ rev 0x3a
wsdisplay0 at vga0 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x11
pci2 at ppb1 bus 2
vr0 at pci2 dev 4 function 0 VIA VT6105 RhineIII rev 0x8b: irq 11, address
00:1e:58:9f:f8:16
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 9: OUI
0x004063, model 0x0034
vr1 at pci2 dev 5 function 0 VIA VT6105 RhineIII rev 0x8b: irq 10, address
00:1e:58:9f:f8:02
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 9: OUI
0x004063, model 0x0034
pcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x11
pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x11: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: Hitachi HDS721680PLAT80
wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
Intel 82801BA SMBus rev 0x11 at pci0 dev 31 function 3 not configured
Intel 82801BA AC97 rev 0x11 at pci0 dev 31 function 5 not configured
isa at pcib0 not configured
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
midi0 at pcppi0: PC speaker
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask f3e5 netmask ffe5 ttymask ffe7
mtrr: Pentium Pro MTRR support
root on wd0a swap on wd0b dump on wd0.
Thanks for your help.
--
Best, Yuriy A. Dmitrishin.
