Re: fetch package dependencies

[Markus Hennecke]

On Mon, 2 Feb 2009, BadMagic wrote:

On Sun, Feb 01, 2009 at 02:01:03PM +0100, Dorian B?ttner wrote:

is there an easy way to fetch a package along with it's recursive
dependencies? Scenario is:
eee904ha does not have network access at all right now. In order to
proceed installing useful things, let's say firefox, I'd like to suck
packages onto a usb stick and installl from there.
I thought I could go to the soekris box, which unfortunately isn't that
-current, and do something like pkg_add -n mozilla -firefox,  but the
output is totally garbled with libc mismatches and things like that.


Set the PKG_PATH env variable. Then, if a particular package can't be
found, the directories in the PKG_PATH are searched. That way, you can
stick the ftp server in there and if the package isn't installed already
or in a local dir, it'll fetch it from the ftp site.

You can stick it in your ~/.bashrc, ~/.cshrc whatever.

It's colon delimited and each dir/path needs to be terminated with a '/'
like:


export 
PKG_PATH=./:/packages/:ftp://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/

Hope this helps.


No, this won't help. Dorian stated clearly that there is no network 
connection available on the host he will install the packages on.


He could use the output of make print-run-depends for each port he would 
like to install and fetch those packages. But this would require another 
computer with -current and an installed ports tree. Not an option if I 
read the OP correctly.


Kind regards,
  Markus

Article about network monitoring system developed on OpenBSD

[Mikolaj Kucharski]

Hi,

Few months back (maybe years) there was article posted (I don't think
that was on undeadly) about monitoring system in early stage of
development which suppose to be fast, scalable, managed from web and
cli, better than anything else. There was no release at the time I've
read the article, only repository access to the sources. I'm trying to
find this article again, but I'm failing. Maybe someone from the list
have it in bookmarks or is involved/interested in the project and has
link to the article or homepage.

-- 
best regards
q#

Re: Article about network monitoring system developed on OpenBSD

[Christopher Linn]

On Mon, Feb 02, 2009 at 03:29:19PM +, Mikolaj Kucharski wrote:
 Hi,
 
 Few months back (maybe years) there was article posted (I don't think
 that was on undeadly) about monitoring system in early stage of
 development which suppose to be fast, scalable, managed from web and
 cli, better than anything else. There was no release at the time I've
 read the article, only repository access to the sources. I'm trying to
 find this article again, but I'm failing. Maybe someone from the list
 have it in bookmarks or is involved/interested in the project and has
 link to the article or homepage.

would this be it:  ?

http://labs.omniti.com/trac/reconnoiter/

 -- 
 best regards
 q#

cel

-- 
Christopher Linn celinn at mtu.edu  | By no means shall either the CEC
System Administrator II   | or MTU be held in any way liable
  Center for Experimental Computation | for any opinions or conjecture I
Michigan Technological University | hold to or imply to hold herein.

Re: Article about network monitoring system developed on OpenBSD

[Mikolaj Kucharski]

On Mon, Feb 02, 2009 at 10:53:45AM -0500, Christopher Linn wrote:
 On Mon, Feb 02, 2009 at 03:29:19PM +, Mikolaj Kucharski wrote:
  Hi,
  
  Few months back (maybe years) there was article posted (I don't think
  that was on undeadly) about monitoring system in early stage of
  development which suppose to be fast, scalable, managed from web and
  cli, better than anything else. There was no release at the time I've
  read the article, only repository access to the sources. I'm trying to
  find this article again, but I'm failing. Maybe someone from the list
  have it in bookmarks or is involved/interested in the project and has
  link to the article or homepage.
 
 would this be it:  ?
 
 http://labs.omniti.com/trac/reconnoiter/

Perfect, that's the app. Here is the article which I was refering to:

http://lethargy.org/~jesus/archives/121-Reconnoiter-and-another-platform.html

Thanks!

-- 
best regards
q#

Re: spamd uatraps blacklist size

[Peter N. M. Hansteen]

Jose Fragoso inet_use...@samerica.com writes:

 This list has gone quite small in size recently. The size changed from
 above 10 IP addresses to only 1 now. Could it be because
 University of Alberta is not being targeted so often anymore? Or is
 it because they have become more selective in trapping addresses?

I actually think that you are seeing a decrease in the number of
active spam senders.  Other greytrappers (like my robot helpers) have
seen a decrease in trapped hosts too.  This could the effect of events
like the McColo takedown last November, and possibly other less
publicized events could have helped too.  

There is even a tiny possibility that some former spam senders have
come under a more sensible sysadmin regime, and we can even hope that
our greytrapping and 'name and shame' efforts are having some effect.
We can dream, can't we?

- P

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: VT: black text on black background

[Matt Lukowicz]

Thanks for the cvs commit info, Stuart!

As for the clock, I've fixed it. ;)

Re: VT: black text on black background

[Stuart Henderson]

On 2009-01-31, Matt Lukowicz mlukowic...@gmail.com wrote:
 Hello, whenever I kill the X server (Ctrl-Alt-Backspace), I get black
 text on a black background.  I know that this bug has been re-fixed in
 OpenBSD 3.5, but I amstill getting it!  I am running OpenBSD
 4.4-release with the default X.org versions, and I have an ATI Rage
 128 VR (PCI) on the i386 architecture.  Any help is greatly
 appreciated.

it's likely that a recent commit has worked around both this problem
and the console gets dim after leaving X problem that some people
have seen with Radeon.


CVSROOT:/cvs
Module name:src
Changes by: m...@cvs.openbsd.org2009/02/01 07:37:22

Modified files:
sys/dev/ic : vga.c vgareg.h vgavar.h

Log message:
Save the text mode color palette upon startup, and restore it when
switching consoles or when X11 exits. Almost all other operating systems
do this, and thus do not suffer from palette bugs in some X11 drivers.

From FreeBSD.

Re: Firewall 4.3 is limiting bandwidth

[numb3rs1x]

Here are my sysctl net settings:


net.inet.ip.forwarding=1
net.inet.ip.redirect=1
net.inet.ip.ttl=64
net.inet.ip.sourceroute=0
net.inet.ip.directed-broadcast=0
net.inet.ip.portfirst=1024
net.inet.ip.portlast=49151
net.inet.ip.porthifirst=49152
net.inet.ip.porthilast=65535
net.inet.ip.maxqueue=300
net.inet.ip.encdebug=0
net.inet.ip.ipsec-expire-acquire=30
net.inet.ip.ipsec-invalid-life=60
net.inet.ip.ipsec-pfs=1
net.inet.ip.ipsec-soft-allocs=0
net.inet.ip.ipsec-allocs=0
net.inet.ip.ipsec-soft-bytes=0
net.inet.ip.ipsec-bytes=0
net.inet.ip.ipsec-timeout=86400
net.inet.ip.ipsec-soft-timeout=8
net.inet.ip.ipsec-soft-firstuse=3600
net.inet.ip.ipsec-firstuse=7200
net.inet.ip.ipsec-enc-alg=aes
net.inet.ip.ipsec-auth-alg=hmac-sha1
net.inet.ip.mtudisc=1
net.inet.ip.mtudisctimeout=600
net.inet.ip.ipsec-comp-alg=deflate
net.inet.ip.ifq.len=0
net.inet.ip.ifq.maxlen=256
net.inet.ip.ifq.drops=0
net.inet.ip.mforwarding=0
net.inet.ip.multipath=0
net.inet.ip.mrtproto=19
net.inet.icmp.maskrepl=0
net.inet.icmp.bmcastecho=0
net.inet.icmp.errppslimit=100
net.inet.icmp.rediraccept=1
net.inet.icmp.redirtimeout=600
net.inet.icmp.tstamprepl=1
net.inet.ipip.allow=0
net.inet.tcp.rfc1323=1
net.inet.tcp.keepinittime=150
net.inet.tcp.keepidle=14400
net.inet.tcp.keepintvl=150
net.inet.tcp.slowhz=2
net.inet.tcp.baddynamic=587,749,750,751,871
net.inet.tcp.recvspace=16384
net.inet.tcp.sendspace=16384
net.inet.tcp.sack=1
net.inet.tcp.mssdflt=512
net.inet.tcp.rstppslimit=100
net.inet.tcp.ackonpush=0
net.inet.tcp.ecn=0
net.inet.tcp.syncachelimit=10255
net.inet.tcp.synbucketlimit=105
net.inet.tcp.rfc3390=1
net.inet.tcp.reasslimit=3072
net.inet.tcp.sackholelimit=32768
net.inet.udp.checksum=1
net.inet.udp.baddynamic=623,664,749,750,751
net.inet.udp.recvspace=41600
net.inet.udp.sendspace=9216
net.inet.gre.allow=1
net.inet.gre.wccp=0
net.inet.esp.enable=1
net.inet.esp.udpencap=1
net.inet.esp.udpencap_port=4500
net.inet.ah.enable=1
net.inet.mobileip.allow=0
net.inet.etherip.allow=0
net.inet.ipcomp.enable=0
net.inet.carp.allow=1
net.inet.carp.preempt=0
net.inet.carp.log=0

-- 
View this message in context: 
http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21795381.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

relayd not relaying - I think. Maybe it is. I don't know

[Kevin Thompson]

How do you like that for a descriptive subject line?  Sorry, but I 
really don't know what is going wrong so I don't know how to write a 
better one.


I have an OpenBSD host running 4.4 stable.  I have configured relayd to 
accept connections on port 443 and forward them on to one of two hosts 
using loadbalancing.  I am able to connect to the OpenBSD host on port 
443, but the nothing happens. 


According to relayctl show sessions there is a connection being relayed:
# relayctl show sessions
session 0:1 134.29.3.217:50025 - 134.29.52.142:443RUNNING
   age 00:00:09, idle 00:00:09, relay 1

According to relayctl show hosts both of my destinations are up:
# relayctl show hosts
Id  TypeNameAvlbltyStatus
1   table   cas_server:443 active (2 
hosts up)

1   host134.29.52.141   100.00%up
   total: 9/9 checks
2   host134.29.52.142   100.00%up
   total: 9/9 checks

My relayd.conf file is pretty simple since I'm just trying to work up a 
proof of concept right now:

table cas_server { 134.29.52.141, 134.29.52.142 }
cas_port=443
bge0_ip=134.29.32.88
relayd_port=443

interval 10
timeout 200
prefork 5
log updates

http protocol httpfilter {
  # TCP Performance options
  tcp { nodelay, sack, socket buffer 65536, backlog 100 }

  # Return HTTP/HTML error pages
  return error

  # allow logging of remote client ips to internal web servers
  header append $REMOTE_ADDR to X-Forwarded-For

  # Set keep alive timeout to global timeout
  header change Keep-Alive to $TIMEOUT

  # Close connection upon receipt
  header change Connection to close

  # Anonymize webservers name/type
  response header change Server to DeezNuts

  # SSL options
  ssl { sslv3, tlsv1, ciphers HIGH:!ADH, no sslv2 }
}

relay cas_proxy {
  listen on $bge0_ip port $relayd_port ssl
  protocol httpfilter
  forward to cas_server port $cas_port mode loadbalance check https 
/ code 200

}

And my pf.conf file is pretty much the stock example file, with my 
interface put in ext_if and uncommenting the lines needed for relayd:

#   $OpenBSD: pf.conf,v 1.37 2008/05/09 06:04:08 reyk Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

ext_if=bge0
#int_if=int0

#table spamd-white persist

#set skip on lo

#scrub in

#nat-anchor ftp-proxy/*
#rdr-anchor ftp-proxy/*
rdr-anchor relayd/*
#nat on $ext_if from !($ext_if) - ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
#no rdr on $ext_if proto tcp from spamd-white to any port smtp
#rdr pass on $ext_if proto tcp from any to any port smtp \
#   - 127.0.0.1 port spamd

#anchor ftp-proxy/*
anchor relayd/*
#block in
#pass out

#pass quick on $int_if no state
#antispoof quick for { lo $int_if }

#pass in on $ext_if proto icmp to ($ext_if)
#pass in on $ext_if proto tcp to ($ext_if) port ssh
pass in on $ext_if proto tcp to ($ext_if) port 443
#pass in log on $ext_if proto tcp to ($ext_if) port smtp
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp

When I try to connect to this machine, I see that a session is being set 
up, and pf also knows that something is going on:

# pfctl -ss
all tcp 134.29.32.88:443 - 134.29.3.217:50090   FIN_WAIT_2:FIN_WAIT_2

What I don't see is any session going to the two servers that I am 
supposed to be load balancing for.  Also, pf knows that it is supposed 
to be reading anchors for relayd but those files dont seem to be showing 
up anywhere.

# pfctl -sn
rdr-anchor relayd/* all
# pfctl -sr
anchor relayd/* all
pass in on bge0 proto tcp from any to (bge0) port = https flags S/SA 
keep state


Shouldn't there be a folder called /etc/relayd that would have some 
files in it?  I don't have that.  Does anyone have any thoughts on what 
I'm missing here?


Kevin Thompson

Re: fetch package dependencies

[Marc Espie]

On Mon, Feb 02, 2009 at 02:02:59PM +0100, Hannah Schroeter wrote:
 Hi!
 
 On Sun, Feb 01, 2009 at 02:01:03PM +0100, Dorian B|ttner wrote:
 is there an easy way to fetch a package along with it's recursive 
 dependencies? Scenario is:
 eee904ha does not have network access at all right now. In order to 
 proceed installing useful things, let's say firefox, I'd like to suck 
 packages onto a usb stick and installl from there.
 I thought I could go to the soekris box, which unfortunately isn't that 
 -current, and do something like pkg_add -n mozilla -firefox,  but the 
 output is totally garbled with libc mismatches and things like that.
 
 Any idea?
 
 I'd think using a net connected box, setting PKG_CACHE and PKG_PATH and
 then pkg_add -n package_you_want. The required packages should end up
 in the PKG_CACHE directory. From there you should be able to transfer
 them over to the eeepc. If the soekris isn't current, you could try this
 in a chroot environment or a virtual machine (e.g. qemu) setup.

Yep, that's the intent.
PKG_CACHE + pkg_add -n will do it.

As far as shared libs go, there's nothing wrong with adding the new shared libs
in your soekris /usr/lib: grab base*.tgz xbase*tgz, 
untar just the *.so.* thingies, and put them in /usr/lib...

Re: fetch package dependencies

[Marc Espie]

On Mon, Feb 02, 2009 at 02:28:57PM -0500, Ted Unangst wrote:
 On Mon, Feb 2, 2009 at 2:00 PM, Marc Espie es...@nerim.net wrote:
  As far as shared libs go, there's nothing wrong with adding the new shared 
  libs
  in your soekris /usr/lib: grab base*.tgz xbase*tgz,
  untar just the *.so.* thingies, and put them in /usr/lib...
 
 I'd be very cautious doing this, as it makes it easier to install or
 upgrade a package from the wrong version, which may not work due to a
 kernel mismatch.

True...

Well, that's one current limitation of pkg_add I should be able to tweak
(have a flag to say it to not care when it doesn't find system libraries,
especially for this purpose).

Re: fetch package dependencies

[Hannah Schroeter]

Hi!

On Sun, Feb 01, 2009 at 02:01:03PM +0100, Dorian B|ttner wrote:
is there an easy way to fetch a package along with it's recursive 
dependencies? Scenario is:
eee904ha does not have network access at all right now. In order to 
proceed installing useful things, let's say firefox, I'd like to suck 
packages onto a usb stick and installl from there.
I thought I could go to the soekris box, which unfortunately isn't that 
-current, and do something like pkg_add -n mozilla -firefox,  but the 
output is totally garbled with libc mismatches and things like that.

Any idea?

I'd think using a net connected box, setting PKG_CACHE and PKG_PATH and
then pkg_add -n package_you_want. The required packages should end up
in the PKG_CACHE directory. From there you should be able to transfer
them over to the eeepc. If the soekris isn't current, you could try this
in a chroot environment or a virtual machine (e.g. qemu) setup.

Thanks,
Dorian

Kind regards,

Hannah.

Re: fetch package dependencies

[Ingo Schwarze]

Hi Dorian,

Dorian Buettner wrote on Sun, Feb 01, 2009 at 02:01:03PM +0100:

 is there an easy way to fetch a package along with it's recursive  
 dependencies? Scenario is:
 eee904ha does not have network access at all right now. In order to  
 proceed installing useful things, let's say firefox, I'd like to suck  
 packages onto a usb stick and installl from there.
 I thought I could go to the soekris box, which unfortunately isn't that  
 -current, and do something like pkg_add -n mozilla -firefox,  but the  
 output is totally garbled with libc mismatches and things like that.

 Any idea?

Commands like 

  schwa...@gini $ uname -a
  OpenBSD gini.usta.de 4.4 GENERIC#107 i386
  schwa...@gini $ pkg_info -S ftp://ftp.fu-berlin.de/unix/ \
OpenBSD/4.2/packages/alpha/mozilla-firefox-2.0.0.6.tgz

  [...]
  Signature: mozilla-firefox-2.0.0.6,X11.10.0,Xau.9.0,Xcursor.4.0,
Xdmcp.9.0,Xext.10.0,Xfixes.5.0,Xft.7.0,Xi.10.0,Xinerama.5.0,
Xrandr.6.0,Xrender.5.0,Xt.10.0,atk-1.0.1809.1,c.41.0,cairo.7.0,
esound-0.2.34p0v0,expat.8.0,fontconfig.5.1,freetype.14.0,
gdk-x11-2.0.1000.13,gdk_pixbuf-2.0.1000.13,gettext-0.14.6p0,
glib-2.0.1200.12,glitz.2.0,gmodule-2.0.1200.12,gobject-2.0.1200.12,
gtk+2-2.10.13,gtk-x11-2.0.1000.13,iconv.4.0,intl.3.0,jpeg.62.0,
libiconv-1.9.2p3,m.2.3,nspr-4.6.7,nspr4.19.0,nss-3.11.7,nss3.20.0,
pango-1.0.1300.1,pangocairo-1.0.1300.1,pangoft2-1.0.1300.1,
pangox-1.0.1300.1,plc4.19.0,plds4.19.0,png.5.2,pthread.8.0,
smime3.20.0,softokn3.20.0,ssl3.20.0,stdc++.42.0,z.4.1

often happen to work cross-platform and cross-release.
From the signature, you can extract the dependencies
in order to fetch them via ftp.
This is easily scriptable; when parsing the signature,
split at commas and discard everything not containing a dash.

That way,
 - The machine having net access need not be the same arch as the target.
 - The machine having net access need not be the same release as the target.
 - You need not install any ports tree anywhere.
 - You get all (recursive) deps with one command.
 - For finding the dependencies, pkg_info does not even need to
   download full packages, but just the beginning of the package.

Of course, caching with pkg_add -n would be even more convenient.
In fact, i'm currently running a patched version of pkg_add allowing
pkg_add -nn with roughly the following semantics:
 - like pkg_add -n, don't change the system
 - do resolve dependencies, download and cache all required packages
 - but do not attempt even a fake extract and install stage

This sounds easier to implement than it is, being somewhat at odds
with the general logic of Marc's pkg tools.  Consequently, my patches
are very ugly and definitely need a lot of cleaning up before showing
them to anybody.  Besides, i didn't look at cross-arch download yet.

Yours,
  Ingo

P.S.
What the heck are you going to do with firefox on a box lacking
network access?

Re: fetch package dependencies

[Dorian Büttner]

On Monday 02 February 2009 13:02:59 Hannah Schroeter wrote:
 Hi!

 On Sun, Feb 01, 2009 at 02:01:03PM +0100, Dorian B|ttner wrote:
 is there an easy way to fetch a package along with it's recursive
 dependencies? Scenario is:
 eee904ha does not have network access at all right now. In order to
 proceed installing useful things, let's say firefox, I'd like to suck
 packages onto a usb stick and installl from there.
 I thought I could go to the soekris box, which unfortunately isn't that
 -current, and do something like pkg_add -n mozilla -firefox,  but the
 output is totally garbled with libc mismatches and things like that.
 
 Any idea?

 I'd think using a net connected box, setting PKG_CACHE and PKG_PATH and
 then pkg_add -n package_you_want. The required packages should end up
 in the PKG_CACHE directory. From there you should be able to transfer
 them over to the eeepc. If the soekris isn't current, you could try this
 in a chroot environment or a virtual machine (e.g. qemu) setup.

 Thanks,
 Dorian

 Kind regards,

 Hannah.
Thanks,
I'll look out for something to usb-connect to the network then.
Regards,
Dorian

Re: fetch package dependencies

[Ted Unangst]

On Mon, Feb 2, 2009 at 4:44 PM, Ingo Schwarze schwa...@usta.de wrote:
 P.S.
 What the heck are you going to do with firefox on a box lacking
 network access?

off the top of my head: operative phrase possibly being right now,
it can be a real annoyance to have to wait until net access is
available and then install all of firefox before using it.  or to read
documentation or other reports generated locally.  or because not all
nets are the internet.

there's no counting the number of times i've used a computer without a
decent browser and wished it had one, but i've never used a computer
that had firefox installed where i regretted that fact and wished it
hadn't.  putting it on a machine even if you can't anticipate a need
for it is a good idea.

Re: Is it possible to increase wscale multiplier?

[Stuart Henderson]

On 2009-02-01, Dieter open...@sopwith.solgatos.com wrote:
 Black box sends data to BSD box using TCP.  Data is generated in
 real time, the rate cannot be changed.  Black box has a very small
 (way too small) send buffer.  If the BSD box takes too long to
 ack, the black box's send buffer fills up and data is lost,
 and/or black box's buggy firmware screws up and data is lost.
 So I have to do everything I can to ensure that incoming packets
 do not get dropped, and that the acks get sent out as fast as
 possible.  Making the TCP recv buffer very large allows the
 incoming packets to get stored and acked, even if the userland
 process reading the data doesn't get to run often enough.  Even
 so, there is still the problem that other device drivers can and
 do lock out the Ethernet driver for too long.  Still working on
 that problem.  What we really need is true real time facilities.

until you can fix your userland process to read faster, you may be
able to band-aid using relay in relayd.

Re: Article about network monitoring system developed on OpenBSD

[Jason Dixon]

On Mon, Feb 02, 2009 at 10:53:45AM -0500, Christopher Linn wrote:
 On Mon, Feb 02, 2009 at 03:29:19PM +, Mikolaj Kucharski wrote:
  Hi,
  
  Few months back (maybe years) there was article posted (I don't think
  that was on undeadly) about monitoring system in early stage of
  development which suppose to be fast, scalable, managed from web and
  cli, better than anything else. There was no release at the time I've
  read the article, only repository access to the sources. I'm trying to
  find this article again, but I'm failing. Maybe someone from the list
  have it in bookmarks or is involved/interested in the project and has
  link to the article or homepage.
 
 would this be it:  ?
 
 http://labs.omniti.com/trac/reconnoiter/

LOL.  I read that email thinking hmm, that sounds nice without it
ringing a bell.  Never mind I work there and the creator sits about 15
feet from me.  :)

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: fetch package dependencies

[Ted Unangst]

On Mon, Feb 2, 2009 at 2:00 PM, Marc Espie es...@nerim.net wrote:
 As far as shared libs go, there's nothing wrong with adding the new shared 
 libs
 in your soekris /usr/lib: grab base*.tgz xbase*tgz,
 untar just the *.so.* thingies, and put them in /usr/lib...

I'd be very cautious doing this, as it makes it easier to install or
upgrade a package from the wrong version, which may not work due to a
kernel mismatch.

Re: fetch package dependencies

[Ingo Schwarze]

Ted Unangst schrieb am Mon, Feb 02, 2009 at 05:16:42PM -0500:
 On Mon, Feb 2, 2009 at 4:44 PM, Ingo Schwarze schwa...@usta.de wrote:

 P.S.
 What the heck are you going to do with firefox on a box lacking
 network access?

 off the top of my head: operative phrase possibly being right now,
 it can be a real annoyance to have to wait until net access is
 available and then install all of firefox before using it.  or to read
 documentation or other reports generated locally.  or because not all
 nets are the internet.
 
 there's no counting the number of times i've used a computer without a
 decent browser and wished it had one, but i've never used a computer
 that had firefox installed where i regretted that fact and wished it
 hadn't.  putting it on a machine even if you can't anticipate a need
 for it is a good idea.

You are probably right, there seem to be several good reasons.

Either way, may P.S. wasn't meant to insult the OP, sorry if it
felt like that; Dorian definitely asked an interesting question.

Re: Firewall 4.3 is limiting bandwidth

[numb3rs1x]

Looks like I spoke a little too soon. I am still having problems. When I
thought it was fixed the first time turns out to be that I was watching the
upside of a fluctuation. It appears the bandwidth goes from roughly 60% of
its potential capacity to 5%. I took out queuing altogether but I still get
the same results. I'm told a dmesg would be helpful, so I will include it in
this post. I'm not sure what else I could contribute.

http://www.nabble.com/file/p21793090/bsddmesg.txt bsddmesg.txt 
-- 
View this message in context: 
http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21793090.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: KDE installation problem

[demonsonly]

As Hannah said you need to run
X -configure
before adjusting the resulting file (and before moving
it to the location mentioned).

You might want to run
find / -name X -exec ls -l {} \; 2 /dev/null
to find out which man page to look for
(unfortunately, it is not just man X).

X related man pages are somewhat overwhelming, though.

If you want to save some time or prefer printed information
then you might want to grab a copy of X POWER TOOLS.

 Original-Nachricht 
 - xorg.conf is not created at that time, probably a bit later on in the
 graphical process. I used find command but it does'nt find anything.

  /etc/X11/xorg.conf. If it's not present, the X server autoconfigures,
  but sometimes the settings derived by autoconfiguration probably won't
  fit. You can generate a template xorg.conf by running X -configure
  (probably as root). That should terminate soon and leave a file (a
  message on the text console should tell you where the file is, usually
  in $HOME). Move that file to /etc/X11/xorg.conf and edit it to suit
 your
  needs. Test it using startx rather than xdm.
-- 
Jetzt 1 Monat kostenlos! GMX FreeDSL - Telefonanschluss + DSL 
f|r nur 17,95 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a

spamd uatraps blacklist size

[Jose Fragoso]

Hi,

This list has gone quite small in size recently. The size changed from
above 10 IP addresses to only 1 now. Could it be because
University of Alberta is not being targeted so often anymore? Or is
it because they have become more selective in trapping addresses?

Thanks for any comments.

Regards,

Jose

--
Be Yourself @ mail.com!
Choose From 200+ Email Addresses
Get a Free Account at www.mail.com

Re: Disk stop when unused

[Stuart Henderson]

On 2009-02-02, Jean-Frangois jfsimon1...@gmail.com wrote:
 Dear All,
 Is there any way to autostop the HDDs after some time of idleness ?
 Under Linux it seems difficult since the hdd is needed to be
 ready/working all the time even when the system is idle. It seeC9s 2
 other points make the use of thois function not really possible.

 Since I will use a SSD disk (no noise and fast) of 32 GB to install the
 main system, the rotating HDD will only be a data system (I'll mount
 home or even less if required ...). In that configuration under OpenBSD,
 can I make use of this function for my such config ?

 (Thanks  regards)  disown

atactl(8) apmset.

Re: fetch package dependencies

[Dorian Büttner]

Ingo Schwarze schrieb:

Ted Unangst schrieb am Mon, Feb 02, 2009 at 05:16:42PM -0500:
  

On Mon, Feb 2, 2009 at 4:44 PM, Ingo Schwarze schwa...@usta.de wrote:



  

P.S.
What the heck are you going to do with firefox on a box lacking
network access?
  


  

off the top of my head: operative phrase possibly being right now,
it can be a real annoyance to have to wait until net access is
available and then install all of firefox before using it.  or to read
documentation or other reports generated locally.  or because not all
nets are the internet.

there's no counting the number of times i've used a computer without a
decent browser and wished it had one, but i've never used a computer
that had firefox installed where i regretted that fact and wished it
hadn't.  putting it on a machine even if you can't anticipate a need
for it is a good idea.



You are probably right, there seem to be several good reasons.

Either way, may P.S. wasn't meant to insult the OP, sorry if it
felt like that; Dorian definitely asked an interesting question.
  

No prob, let's take taxipilot as an example :)
I tried some of the suggested hints, but haven't found for example nspr 
end up in the package cache, some other deps might also be missing, 
desktop-file-utils didn't want to install at all, looks like something's 
broken in the snapshot...

I'll give it another try tomorrow.
However, during pkg_add -nv dbus- I felt like seeing some 
useradd/groupadd commands fly by, I'll drop an extra eye on that.

Re: fetch package dependencies

[Ingo Schwarze]

Dorian Buettner wrote on Tue, Feb 03, 2009 at 12:01:19AM +0100:

 I tried some of the suggested hints, but haven't found for example nspr  
 end up in the package cache, some other deps might also be missing,  

Did you copy the new system libraries to /usr/lib?
As far as i remember, when pkg_add -n notices that some system
library dependency is unsatisfied, it won't even download all
of the offending package, so it can't be cached.
For example, as long as you don't have libc.so.50.1, pkg_add -n
won't download -current nspr-4.7.3 to your $PKG_CACHE.

By the way, that system library stunt looks scary to me, too,
and i certainly wouldn't recommend it.

Does the pkg_info -S trick work for you?

 desktop-file-utils didn't want to install at all, looks like something's  
 broken in the snapshot...

Uh, breakage on the servers is rare, usually it's just us users
screwing up one way or the other.

 I'll give it another try tomorrow.
 However, during pkg_add -nv dbus- I felt like seeing some  
 useradd/groupadd commands fly by, I'll drop an extra eye on that.

You mean things like

  rmuser: _postgresql
  adding user _postgresql

That's just pkg_add -n's way of saying:
  Look what i would do if you hadn't given me -n!
See OpenBSD/Delete.pm subs delete
and OpenBSD/Add.pm sub NewAuth::install for details.

Yours,
  Ingo

Re: OSPFD carp interface flapping

[askthelist]

Heres a dmesg and ifconfig from backup and master firewalls...


*BACKUP FIREWALL *

# ifconfig
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33208
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:0e:0c:69:8d:e5
media: Ethernet 1000baseT full-duplex (1000baseT
full-duplex,rxpause,txpause)
status: active
inet y.y.y.141 netmask 0xfffc broadcast y.y.y.143
inet6 fe80::20e:cff:fe69:8de5%em0 prefixlen 64 scopeid 0x1
em1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:11:43:da:ba:d7
groups: egress
media: Ethernet 1000baseT full-duplex
status: active
inet z.z.z.92 netmask 0xfff0 broadcast z.z.z.95
inet6 fe80::211:43ff:feda:bad7%em1 prefixlen 64 scopeid 0x2
em2: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:11:43:da:ba:d8
media: Ethernet 1000baseT full-duplex
status: active
inet x.x.x.252 netmask 0xf800 broadcast x.x.x.255
inet6 fe80::211:43ff:feda:bad8%em2 prefixlen 64 scopeid 0x3
enc0: flags=0 mtu 1536
pfsync0: flags=41UP,RUNNING mtu 1460
pfsync: syncdev: em0 syncpeer: 224.0.0.240 maxupd: 128
groups: carp pfsync
pflog0: flags=141UP,RUNNING,PROMISC mtu 33208
groups: pflog
carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:64
carp: BACKUP carpdev em2 vhid 100 advbase 1 advskew 250
groups: carp
inet x.x.x.254 netmask 0xf800 broadcast x.x.x.255
inet6 fe80::200:5eff:fe00:164%carp0 prefixlen 64 scopeid 0x6
carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:14
carp: BACKUP carpdev em1 vhid 20 advbase 1 advskew 250
groups: carp
inet z.z.z.94 netmask 0xfff0 broadcast z.z.z.95
inet6 fe80::200:5eff:fe00:114%carp1 prefixlen 64 scopeid 0x7

# dmesg
 by 00:0e:0c:50:fc:2e on em2
arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2
arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2
arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2
arp info overwritten for x.x.x.2 by 00:1c:23:c1:55:30 on em2
arp info overwritten for x.x.x.2 by 00:02:b3:ee:c6:f2 on em2
arp info overwritten for x.x.x.80 by 00:15:17:4b:a4:60 on em2
arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2
arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2
arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2
arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2
arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2
arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2
arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2
arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2
arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2
arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2
arp info overwritten for x.x.x.80 by 00:1c:23:bc:3e:c4 on em2
arp info overwritten for x.x.x.2 by 00:1c:23:c1:55:30 on em2
arp info overwritten for x.x.x.2 by 00:02:b3:ee:c6:f2 on em2
arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2
arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2
arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2
arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2
arp info overwritten for x.x.x.80 by 00:15:17:4b:a4:60 on em2
arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2
arp info overwritten for x.x.x.80 by 00:1c:23:bc:3e:c4 on em2
arp info overwritten for x.x.x.2 by 00:1c:23:c1:55:30 on em2
arp info overwritten for x.x.x.80 by 00:15:17:4b:a4:60 on em2
arp info overwritten for x.x.x.2 by 00:02:b3:ee:c6:f2 on em2
arp info overwritten for x.x.x.80 by 00:1c:23:bc:3e:c4 on em2
arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2
arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2
arp info overwritten for x.x.x.2 by 00:1c:23:c1:55:30 on em2
arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2
arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2
arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2
arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2
arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2
arp info overwritten for x.x.x.2 by 00:02:b3:ee:c6:f2 on em2
arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2
arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2
arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2
arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2
arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2
arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2
arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2
arp info 

Generate CA Certificates key

[sonjaya]

dear all

how to generating certificates keys and CA in openbsd ?
i will use certificates and keys for server also for the client .
last time follow openvpn script not working.

-- 
sonjaya
http://idsale.blogspot.com
http://videopingpong.blogspot.com

http version of spamd, anyone?

[Jeffrey 'jf' Lim]

Is the project (or anybody) planning to work on something like spamd
for http? Or does anybody know of any projects which do this already?

I am looking for something to be (as per spamd) put in front of an
actual server. A bunch of possible features i would be looking at:
- blacklisting (should ideally allow for dynamic reloads without
killing any existing valid connections)
- tarpitting for open connections (no http request sent) beyond a
certain timeout
- tarpitting for invalid http requests
- greytrapping (let's say u have only specific url patterns which
are valid. Anything else, tarpit)


thanks,
-jf

--
In the meantime, here is your PSA:
It's so hard to write a graphics driver that open-sourcing it would not help.
-- Andrew Fear, Software Product Manager, NVIDIA Corporation
http://kerneltrap.org/node/7228

Re: Generate CA Certificates key

[Robert]

On Tue, 3 Feb 2009 11:45:06 +0700
sonjaya sonj...@gmail.com wrote:

 dear all
 
 how to generating certificates keys and CA in openbsd ?
 i will use certificates and keys for server also for the client .
 last time follow openvpn script not working.
 

With openssl.
# man openssl

- Robert

PS: Search on Google for: how to ask questions
(or maybe: openbsd generate ssl cert)

Re: Generate CA Certificates key

[Sean Cody]

Generating certificates and a CA (focused on web but the concept works  
for whatever SSL situation you are using):


http://it.toolbox.com/blogs/securitymonkey/howto-securing-a-website-with-client-ssl-certificates-11500

Once you get the concept of certificate generation then look into the  
OpenVPN and OpenSSL documentation.
Assuming you've done that and can read a script then you should be  
able to make it work from there.


On 2-Feb-09, at 10:45 PM, sonjaya wrote:

how to generating certificates keys and CA in openbsd ?
i will use certificates and keys for server also for the client .
last time follow openvpn script not working.


--
Sean

Problem with file command

[Daniel Bolgheroni]

Hi,

I have seem some problem with file command. Whatever file I use for 
input, I get this:


$ file test
/etc/magic, 1247: Warning description `8-bit ISDN u-law compressed 
(CCITT G.721 ADPCM voice data encod' truncated
/etc/magic, 1267: Warning description `8-bit ISDN u-law compressed 
(CCITT G.721 ADPCM voice data encod' truncated
file: Printf format `?' is not valid for type  `string' in description 
`face %'

$

(sorry for the wrap)

Any hints? Thank you very much.

OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.13GHz (GenuineIntel 686-class) 2.14 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,xTPR
real mem  = 200830976 (191MB)
avail mem = 185638912 (177MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/14/06, BIOS32 rev. 0 @ 0xfaff0, SMBIOS 
rev. 2.3 @ 0xf0100 (33 entries)
bios0: vendor Award Software International, Inc. version F5 date 03/14/2006
apm0 at bios0: Power Management spec V1.2 (slowidle)
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0xd264
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfd1b0/176 (9 entries)
pcibios0: PCI Exclusive IRQs: 5 7 10 11
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C596A ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8400 0xcc000/0x8000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00
pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00
pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00
pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00
pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00
pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00
ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: v3, aperture at 0xd000, size 0x1000
drm at vga1 unsupported
vr0 at pci0 dev 11 function 0 VIA VT6105 RhineIII rev 0x85: irq 5, address 
00:40:f4:5f:04:da
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA
pciide0: using irq 11 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: SAMSUNG HD080HJ/P
wd0: 16-sector PIO, LBA48, 76318MB, 156299375 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets, initiator 7
cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CDDVDW SH-S203D, SB00 ATAPI 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 
0 configured to compatibility, channel 1 configured to compatibility
pciide1: channel 0 disabled (no drives)
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 10
uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 10
uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 7
uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 7
ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00
iic0 at viapm0
spdmem0 at iic0 addr 0x51: 256MB DDR SDRAM non-parity PC3200CL3.0
auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x60: irq 11
ac97: codec id 0x414c4761 (Avance Logic ALC655 rev 1)
audio0 at auvia0
vr1 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x78: irq 10, address 
00:0f:ea:24:2d:a1
rlphy0 at vr1 phy 1: RTL8201L 10/100 PHY, rev. 1
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 VIA UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 VIA UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 VIA UHCI root hub rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
it0 at isa0 port 0x2e/2: IT8705F rev 0x03, EC port 0x290
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask efdd netmask effd ttymask 
mtrr: Pentium Pro MTRR support
softraid0 at root
root on wd0a swap on wd0b dump on wd0b




--
Daniel Bolgheroni 

pkg_add adds an extra / to pkg_path

[Siju George]

Hi,

I have this in my PKG_PATH variable

$ echo $PKG_PATH
ftp://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/
$

When I try to update a package it shows an error

$ sudo pkg_add -ui firefox3
Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/:
ftp: connect: Connection refused
ftp: Can't connect or login to host `ftp.openbsd.org'
No packages available in the PKG_PATH
Looking for updates: complete
Cannot find updates for esound-0.2.38v0 glitz-0.5.6p0 firefox3-3.0.1p3
nspr-4.7.1p0 desktop-file-utils-0.15 libaudiofile-0.2.6p0 nss-3.12
hicolor-icon-theme-0.10p1 png-1.2.28 sqlite3-3.5.9p0 jpeg-6bp3
glib2-2.16.4p1 tiff-3.8.2p0 atk-1.22.0 libiconv-1.12 pango-1.20.0p0
cairo-1.6.4 gettext-0.17 pcre-7.7p0 gtk+2-2.12.11
Proceed? [y/N] y
$

I noticed in the line

Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/:

there are two forward slashes after the ftp.openbsd.org part.

Is that what is causing the trouble?
How do I solve this?

Thanks

--Siju