Re: linux binary emulation (corrected kdump)
On Thu, Mar 12, 2009 at 3:12 PM, Constantine Cusulos noha...@freemail.gr wrote: Ted Unangst wrote: you want Linux without a newline, so use echo -n. B dd by default truncates, so a better set of options is something like bs=8 count=1 conv=notrunc,sync so i use $ echo -n Linux | dd of=/emul/linux/usr/bin/fpc bs=8 seek=1 conv=notrunc,sync this may be stating the obvious, but did you replace the fpc executable with a fresh one after your first try? --patrick
Re: Ramifications of blocking SYN+FIN TCP packets
2009/3/13 Rod Whitworth glis...@witworx.com: You could have scrubbing turned off at the bride So what's she going to do? Just the dishes? Why did he marry her anyway? Grinning, running and ducking Careful Rod, from memory Diana is a crack shot and packs!
Re: NFS or SAMBA ?
BTW this thread helped me a lot (I was the originator) and I agree that NFS works a lot very well. Over Gigabyte network it's looking like really a local disk behaviour. I have still troubles copying videos because the Linux desktop constantly loads the litle snapshot of the vid file it is transferring , this icon of the file that shown one of the picture of the film, and as it does constantly update this imate while transferring it really interferes and the flow is reduced to somewhat few m/s instead of approx 60 m/s when transferring normally. Kind regards J-F Le lundi 09 mars 2009 C 17:06 +0100, Felipe Alfaro Solana a C)crit : On Mon, Mar 9, 2009 at 4:56 PM, Henning Brauer lists-open...@bsws.dewrote: * Guillermo Bernaldo de Quiros Maraver debug...@gmail.com [2009-02-13 21:06]: if you have a shared network between WINDOWS and OpenBSD i recommend Samba if not, NFS NFS = Insecure SAMBA = Have a problems, but, it's more secure. that is the most ridiculous bullshit I have ever read here in some time. Why do you exactly thing that is bullshit?
Re: Gnuplot, Mediawiki, and OpenBSD
How do go about including gnuplot in the chroot? Do I just do ln -s ../../usr/local/bin/gnuplot? I thought symlinks could get away with chroots or are those restricted to /var/www as well? Thanks, Vivek On Thu, Mar 12, 2009 at 10:19 PM, patrick keshishian pkesh...@gmail.com wrote: On Thu, Mar 12, 2009 at 4:16 PM, Vivek Ayer vivek.a...@gmail.com wrote: include(extensions/Gnuplot/Gnuplot.php); $wgGnuplotCommand = 'yourGnuplotPath'; B B Windows example path: $wgGnuplotCommand = C:\\Program files\\xampp\\gnuplot\\bin\\pgnuplot.exe; [...] The gnuplot binary is at /usr/local/bin/gnuplot and I put that in, but I get no output when using gnuplot inline. Is this because apache is chrooted? Also, it says it requires gd, ggi, and plotutils. Are all this packages available on openbsd? /usr/local/bin is not visible to the chroot apache in default openbsd install. read more about it over here: http://www.openbsd.org/faq/faq10.html#httpdchroot
Re: Ramifications of blocking SYN+FIN TCP packets
On Fri, 13 Mar 2009 17:30:38 +1100, SJP Lists wrote: 2009/3/13 Rod Whitworth glis...@witworx.com: You could have scrubbing turned off at the bride So what's she going to do? Just the dishes? Why did he marry her anyway? Grinning, running and ducking Careful Rod, from memory Diana is a crack shot and packs! Hey, I know Diana from many years of hanging out here (OBSD v 2.5 onwards) and I'm very sure he didn't marry her. My bride, on the other hand, doesn't shop (except for jewellery, clothes, travel etc) or cook or fix the roof or toilets or her computer or I don't think she scrubs either except her back in the shower. Rod/ --- *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: Gnuplot, Mediawiki, and OpenBSD
On Fri, Mar 13, 2009 at 12:15 AM, Vivek Ayer vivek.a...@gmail.com wrote: How do go about including gnuplot in the chroot? Do I just do ln -s ../../usr/local/bin/gnuplot? I thought symlinks could get away with chroots or are those restricted to /var/www as well? The link talks about this subject. You need to see if you can recreate the necessary environment under /var/www for gnuplot. Copying into there all the shared libraries gnuplot requires to run. Other possibility might be for you to see if you can build/link gnuplot statically so it doesn't require any shared libraries. Then copy that statically linked gnuplot executable under /var/www/ and see if that works. --patrick On Thu, Mar 12, 2009 at 10:19 PM, patrick keshishian pkesh...@gmail.com wrote: On Thu, Mar 12, 2009 at 4:16 PM, Vivek Ayer vivek.a...@gmail.com wrote: include(extensions/Gnuplot/Gnuplot.php); $wgGnuplotCommand = 'yourGnuplotPath'; B B B Windows example path: $wgGnuplotCommand = C:\\Program files\\xampp\\gnuplot\\bin\\pgnuplot.exe; [...] The gnuplot binary is at /usr/local/bin/gnuplot and I put that in, but I get no output when using gnuplot inline. Is this because apache is chrooted? Also, it says it requires gd, ggi, and plotutils. Are all this packages available on openbsd? /usr/local/bin is not visible to the chroot apache in default openbsd install. read more about it over here: B B B B http://www.openbsd.org/faq/faq10.html#httpdchroot
Re: HP, DVD Writer 840d
Michael Littlejohn wrote: I am curious if anyone has a HP, DVD Writer 840d? If so, have you experienced any problems? The problem I am having is that when I try to mount it to /dev/cd0a or /dev/cd0c, my machine will completely freeze, requiring a reset. Additionally, when I installed OpenBSD, it would boot from the CD-Rom, but I could not install any file sets from the CD. I had to do a ftp install. I use drive enclosures, and I am able to use multiple drives and OS's, and after installing PC-BSD I could not access the drive unless K3B was using it, in which case I had no problem. I can only deduce that the cd driver is not able to handle this device. I am only asking for confirmation of the problem because I doubt there is a solution beyond a rewrite of the driver source code. My machine specs are as follows: I have the same problem with: ... cd0 at scsibus0 targ 6 lun 0: HP, CD-Writer+ 9200, 1.0e SCSI2 5/cdrom removable ...
Re: linux binary emulation (corrected kdump)
On 12 March 2009 c. 20:45:12 Constantine Cusulos wrote: I am trying to run a linux binary on my OpenBSD 4.4/i386 system. The binary file (let's call it 'fpc') is a static executable. So far, i have done the following: 1. I have modified /etc/sysctl.conf so that it reads kern.emul.linux=1 2. Reboot 3. sudo pkg_add -i fedore_base 4. I have copied the file 'fpc' from /usr/bin of my Ubuntu/i386 system to /emul/linux/usr/bin/ of my OpenBSD installation. 5. $ /emul/linux/usr/bin/fpc Bad system call (core dumped) 6. $ cp /emul/linux/usr/bin/fpc /emul/linux/fedora/usr/bin/ 7. $ /emul/linux/fedora/usr/bin/fpc Bad system call (core dumped) 8. $ ktrace /emul/linux/usr/bin/fpc 9. $ kdump -e linux 4410 ktrace RET brk 0 4410 ktrace CALL oldolduname(0xcfbe6107,0xcfbe5fb0,0xcfbe5fb8) 4410 ktrace NAMI /emul/linux/usr/bin/fpc 4410 fpc EMUL native 4410 fpc RET execve 0 4410 fpc CALL pathconf(0xcfbea7d0,0x805918b) 4410 fpc NAMI A`(3/4I+? 4410 fpc RET pathconf -1 errno 2 No such file or directory 4410 fpc CALL #76 (obsolete vhangup)() 4410 fpc PSIG SIGSYS SIG_DFL code 0 4410 fpc NAMI fpc.core Is there something i can do to run this binary?? If you really try to run FreePascal then you'd better talk with its developers (they provided OpenBSD binaries a long time ago) or try to bootstrap its build on another OS (cross-compilation is supported), or via another compiler. I tried to do so but then need in FPC was gone, so I had to abort the porting due to lack of time. -- Best wishes, Vadim Zhukov
Re: Odd dhclient stuck after line down problem - possibly rl related
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am experiencing the same thing on 4.3 with a very similar setup. I can add that the downtime doesn't have to be very long for the OpenBSD to get stuck. I also get messages like this: Mar 13 02:36:34 akita dhclient[25444]: send_packet: No route to host Mar 13 02:46:22 akita last message repeated 24 times Mar 13 02:56:37 akita last message repeated 14 times Mar 13 02:58:44 akita last message repeated 2 times in the syslog even when the dhclient seems to work correctly. Also a realtek network card (re0) that is the external interface. /Pehr Svderman Peter N. M. Hansteen wrote: Summary: dhclient unable to retrieve configuration after several hours' downtime, rl interface, OpenBSD 4.4-stable A few days back the ADSL connection to a machine I'm sometimes called upon to nurture went down for some hours, and when it came back up, it looks to me like dhclient for whatever reason got stuck trying to ask for a new IP address. The machine runs OpenBSD 4.4-stable (dmesg at the end here) and possibly complicating the picture, it's also configured with no-ip. And my dmesg: OpenBSD 4.3 (GENERIC.MP) #587: Wed Mar 12 11:21:57 MDT 2008 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.06 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 2146488320 (2047MB) avail mem = 2067464192 (1971MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/23/05, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf0450 (102 entries) bios0: vendor Dell Computer Corporation version A05 date 08/23/2005 bios0: Dell Computer Corporation Precision WorkStation 650 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP SSDT APIC BOOT ASF! acpi0: wakeup devices VBTN(S4) PCI0(S3) USB0(S3) USB1(S3) USB2(S3) PCI1(S5) PCI2(S5) PCI3(S5) PCI4(S5) KBD_(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 132MHz cpu1 at mainbus0: apid 6 (application processor) cpu1: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.06 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.06 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR cpu3 at mainbus0: apid 7 (application processor) cpu3: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.06 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 8 ioapic1 at mainbus0: apid 9 pa 0xfec8, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apid 9 ioapic2 at mainbus0: apid 10 pa 0xfec80800, version 20, 24 pins ioapic2: misconfigured as apic 0, remapped to apid 10 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PCI1) acpiprt2 at acpi0: bus 4 (PCI2) acpiprt3 at acpi0: bus 3 (PCI3) acpiprt4 at acpi0: bus 5 (PCI4) acpicpu0 at acpi0 acpicpu1 at acpi0 acpicpu2 at acpi0 acpicpu3 at acpi0 acpibtn0 at acpi0: VBTN bios0: ROM list: 0xc/0xc000 0xcc000/0x4000 0xe/0x1800 0xe1800/0x2800 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7505 Host rev 0x03 agp0 at pchb0: aperture at 0xea00, size 0x200 ppb0 at pci0 dev 1 function 0 Intel E7505 AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce2 MX rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 2 function 0 Intel E7505 PCI rev 0x03 pci2 at ppb1 bus 2 Intel 82870P2 IOxAPIC rev 0x04 at pci2 dev 28 function 0 not configured ppb2 at pci2 dev 29 function 0 Intel 82870P2 PCIX-PCIX rev 0x04 pci3 at ppb2 bus 3 unknown vendor 0x1134 product 0x0001 (class bridge subclass RACEway, rev 0x03) at pci3 dev 13 function 0 not configured em0 at pci3 dev 14 function 0 Intel PRO/1000MT (82545EM) rev 0x01: apic 9 int 0 (irq 9), address 00:0b:db:5c:5d:66 Intel 82870P2 IOxAPIC rev 0x04 at pci2 dev 30 function 0 not configured ppb3 at pci2 dev 31 function 0 Intel 82870P2 PCIX-PCIX rev 0x04 pci4 at ppb3 bus 4 mpi0 at pci4 dev 14 function 0 Symbios Logic 53c1030 rev 0x07: apic 10 int 2 (irq 9) scsibus0 at mpi0: 16 targets sd0 at scsibus0 targ 0 lun 0: FUJITSU, MAS3735NP, 5B06 SCSI3 0/direct fixed sd0: 70007MB, 27094 cyl, 8 head, 661 sec, 512 bytes/sec, 143374650 sec total mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 uhci0 at pci0 dev 29 function 0
Re: Upgrading to perl-5.8.9 broke pkgtools - Can't locate OpenBSD/PackageInfo.pm in @INC
Thank you for the reply. I tought that is something simple, but i will install shapshot Vhr`r nr James Wright james2ve...@aim.com: pavka at mail.bg writes: Hi people! I use OpenBSD 4.4 and i need to have perl-5.8.9. I upgraded it via perl -MCPAN -e shell, it installed successfully, but my pkgtools - pkg_info and etc. become broken: Is there something special when upgrading perl, that i missed ? Yes, that it isn't supported? If you wanted a later Perl, update to OpenBSD 4.5 which comes with 5.10. Sounds like CPAN.pm didn't set the correct INC (specifically /usr/libdata/perl5 and friends). You could try a cvs update in /usr/src/gnu/usr.bin/perl and use make -f Makefile.bsd-wrapper to build and install. I haven't tried it and can't guarantee it will work, but it is much more likely to work than what you have already tried. It is also not supported (you'd need to upgrade your ports, ports tree, pkg_add and most likely anything else using perl in base, a real frankensystem). It would be much easier just to upgrade to 4.5 or a snapshot. Alternatively perl 5.10 can be installed into its own completely independent tree (e.g. /usr/local/perl5.10), so you could try that too (not an option before 5.10 I think) though your base will still use the perl in /usr/bin and any local patches will not have been applied. - ICN.Bg q m`i-anc`r`r` c`l` nr Unqrhmc sqksch m` Azkc`pqjh o`g`p Unqrhmc nr 2.60 kb. q DDQ | Aegok`rem dnleim oph unqrhmc onpzwj` VPS qzpbzph - 42 kb. q DDQ| M`erh Qzpbzph - 149 kb. q DDQ http://icn.bg/
Re: might be slightly OT: `probability in PF'
jmc j...@cosmicnetworks.net writes: block in log quick on $ext_if from openproxies to any probability 90% is because it seems a little bofh-ly to me. and i guess it borders on security-through obscurity, which of course it not really security at all. but it seems a bit more sinister than just outright blocking, which kinda makes me snicker a bit. make the experience painful enough that they just go away. Just as a side-track, nothing to do with pf, I've done a similar thing with a service I'm running. Instead of blocking the bad guys outright, we have a blacklist of people who get randomized results from the application. Not very much, but enough to confuse the hell out of any automated scripts they were using to mess with us and instead of being able to automatically discover that they've been blacklisted, they have to manually verify everything. Blocking tells the bad guys that they should switch their proxy. Pretending to work while giving wrong results gives them real manual work to do. //art
Re: linux binary emulation (corrected kdump)
Just for the record, i compiled the following program on my Ubuntu/i386: // hello.c #include stdio.h int main() { printf(Hello Puffy!\n); return 0; } $ gcc -static -o hello hello.c I copied the binary in /emul/linux/usr/bin, used dd as before, run it and still i get Bad system call (core dump). ktrace-kdump: 26357 ktrace RET brk 0 26357 ktrace CALL oldolduname(0xcfbc1b43,0xcfbc19f4,0xcfbc19fc) 26357 ktrace NAMI /emul/linux/usr/bin/hello 26357 helloEMUL linux 26357 helloRET oldolduname 0 26357 helloCALL uname(0xcfbebeb6) 26357 helloRET uname 0 26357 helloCALL brk(0) 26357 helloRET brk 135032832/0x80c7000 26357 helloCALL brk(0x80c7c80) 26357 helloRET brk 135036032/0x80c7c80 26357 helloCALL #243 (unimplemented linux_sys_set_thread_area)() 26357 helloPSIG SIGSYS SIG_DFL code 0 26357 helloNAMI hello.core Maybe compat_linux needs some additional work. PS1 @patrick :) PS2 @vadim Will do.
Re: SNMP
If you're just after interface counters, I would recommend using snmpd in the base OS instead, net-snmp is rather fragile. I was hoping on using net-snmp so I could extended it a bit, but interface counters is the most important thing right now. Perhaps when net-snmp gets fixed for 4.4 I'll try again. For now, I'll just try the built-in snmpd. Thanks for the suggestion! --Brian -- _-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_ Brian McCann I don't have to take this abuse from you -- I've got hundreds of people waiting to abuse me. -- Bill Murray, Ghostbusters
8 526 Case per le vacanze, Appartamenti per le vacanze, Hotel
Ferienunterkunft vacation rentals worldwide * secondcasa.com * vacation rentals worldwide * Reuchlinstrasse 23 * 72800 Eningen unter Achalm * Germania * Telefono/Telefax +49 (0)7123 2846889/2846892 * E-Mail i...@secondcasa.com * Greece Gentili signore ed egregi signori, e con piacere che vi presentiamo personalmente secondcasa, il portale per le vacanze unico nel suo genere, ed e con altrettanto piacere che saremmo lieti di darvi il nostro caloroso benvenuto come nuovo inserzionista secondcasa e una piattaforma plurilingue in funzione di intermediario per alloggi di villeggiatura. Se avete altri quesiti il nostro servizio assistenza e a vostra completa disposizione per rispondervi. * Traduzione automatica del vostro annuncio in 20 lingue * Elaborazione sicura e facile gestione degli affitti per le vacanze * Sviluppo sicuro delle richieste di prenotazione * Organizzazione online dell'anagrafica clienti * Ed inoltre avrete a disposizione un sito Internet aggiornabile e dotato di un libro degli ospiti * Statistiche e newsletter * Presentazione dettagliata dei vostri immobili compreso il piano delle prenotazioni e la galleria fotografica * Oltre 8.500 alloggi di villeggiatura in 92 paesi * 949.000 ospiti al mese Approfittate di questa occasione e registratevi oggi stesso: Maggiori informazioni / secondcasa.com ; Distinti saluti, Maik Schmidt Mallorca Toscana New York If you wish to unsubscribe from the Publisher Email Notifications, simply click on Answer and choose the subject Unsubscribe.
Re: strange load values
On Thu, 12 Mar 2009, jmc wrote: --- Gabri Mate [Wed, Mar 11, 2009 at 08:58:15PM +0100]: --- Hey there! I have a Compaq DL580 G1 with 4x700Mhz PIII, 2GB RAM, 2x36GB U320 SCSI on a HP SmartArray 5300 with 64MB BBU. It's a general purpose 'hobby' server. The average concurrent i believe that Theo and many of the devs have said many times that the load average means nothing. here's a reference to one such thread: http://kerneltrap.org/mailarchive/openbsd-misc/2008/11/8/4041294 Perhaps the man page of w(1) should be changed. Currently it states: The load average numbers give the number of jobs in the run queue averaged over 1, 5 and 15 minutes. which is rather inaccurate or wrong. I suggest the patch below. Please correct my English if necessary. Regards, David Index: src/usr.bin/w/w.1 === RCS file: /cvs/src/usr.bin/w/w.1,v retrieving revision 1.18 diff -u -p -r1.18 w.1 --- src/usr.bin/w/w.1 31 May 2007 19:20:19 - 1.18 +++ src/usr.bin/w/w.1 13 Mar 2009 13:10:56 - @@ -50,7 +50,8 @@ The first line displays the current time been running, the number of users logged into the system, and the load averages. The load average numbers give the number of jobs in the run queue averaged -over 1, 5 and 15 minutes. +over past 1, 5 and 15 minutes. Because of the sampling method and +algorithms used to obtain these numbers, they are often inaccurate. .Pp The fields output are the user's login name, the name of the terminal the user is on, the host from which the user is logged in, the time the user
Re: Way to tell ftpd to log IP of remote host?
On Thu, Mar 12, 2009 at 6:45 PM, Ingo Schwarze schwa...@usta.de wrote: Comments? Mar 13 08:52:01 crosscutmedia ftpd[1728]: connection from pool-68-239-27-14.bos.east.verizon.net [68.239.27.14] Mar 13 08:52:09 crosscutmedia ftpd[4218]: FTP LOGIN FROM pool-68-239-27-14.bos.east.verizon.net as google But now you have given me another reason not to upgrade. ;P FWIW, the PTR was not spoofed and the remote host had an insecure password on a test account that had been cracked. Thanks, m
Re: OpenBGP: announcing network to different peers
On Fri, Mar 13, 2009 at 12:29 AM, Claudio Jeker cje...@diehard.n-r-g.com wrote: On Thu, Mar 12, 2009 at 10:27:42PM -0300, Eduardo Meyer wrote: Hello, I have a /20 and I want a announce half of it to peer21 and the other half to peer2 only. How am I expected to do so? Using filters? Can anyone please mention a working example? network a.b.c.d/21 network a.b.c.e/21 deny to peer21 prefix a.b.c.e/21 deny to peer2 prefix a.b.c.d/21 Something like this may work. Very good. I believed I had to deal with some complex stuff. I will try that right now. Tks Claudio and Pierre. -- :wq Claudio -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: might be slightly OT: `probability in PF'
--- Artur Grabowski [Fri, Mar 13, 2009 at 01:13:10PM +0100]: --- jmc j...@cosmicnetworks.net writes: block in log quick on $ext_if from openproxies to any probability 90% is because it seems a little bofh-ly to me. and i guess it borders on security-through obscurity, which of course it not really security at all. but it seems a bit more sinister than just outright blocking, which kinda makes me snicker a bit. make the experience painful enough that they just go away. Just as a side-track, nothing to do with pf, I've done a similar thing with a service I'm running. Instead of blocking the bad guys outright, we have a blacklist of people who get randomized results from the application. Not very much, but enough to confuse the hell out of any now that is pure wretched evil, Art. but i love it!
Re: linux binary emulation (corrected kdump)
On Fri, Mar 13, 2009 at 8:41 AM, Constantine Cusulos noha...@freemail.gr wrote: Maybe compat_linux needs some additional work. No doubt about that, but interest is seriously waning. I cared back when Netscape and then Opera were the only reasonable browsers, but that hasn't been true for years. The whole idea of compat is that if all these systems are posix, then emulation is just a little bit twiddling to fix the values of flags and so on. As systems diverge and add and use non-posix system calls, compat must move from a translation layer to a real emulator.
Re: HP, DVD Writer 840d
ciscoad...@mail.ru escribio': Michael Littlejohn wrote: I am curious if anyone has a HP, DVD Writer 840d? If so, have you experienced any problems? The problem I am having is that when I try to mount it to /dev/cd0a or /dev/cd0c, my machine will completely freeze, requiring a reset. Additionally, when I installed OpenBSD, it would boot from the CD-Rom, but I could not install any file sets from the CD. I had to do a ftp install. I use drive enclosures, and I am able to use multiple drives and OS's, and after installing PC-BSD I could not access the drive unless K3B was using it, in which case I had no problem. I can only deduce that the cd driver is not able to handle this device. I am only asking for confirmation of the problem because I doubt there is a solution beyond a rewrite of the driver source code. My machine specs are as follows: I have the same problem with: ... cd0 at scsibus0 targ 6 lun 0: HP, CD-Writer+ 9200, 1.0e SCSI2 5/cdrom removable ... I experienced similar behaviour with a broken CD-ROM, maybe the problem is with the media, not the CD-drive. Check with some CDs. btw my device is Pioner.
Strange NFS/amd behavior
Hi folks. i am having a nightmare trying to get a directory exported read-only; then i request for your help. I have a nfs server exporting some files read-only. In the client box i am using amd to mount them. It works but it is mounted read-write. Does anybody have any ideia on what is going on? Here goes some information: # On the server side si...@lion$ cd /etc si...@lion$ cat exports # $OpenBSD: exports,v 1.2 2002/05/31 08:15:44 pjanzen Exp $ # # NFS exports Database # See exports(5) for more information. Be very careful: misconfiguration # of this file can result in your filesystems being readable by the world. /h -maproot=nobody -network=10.0.0.0 -mask=255.255.255.0 /asd/src -ro -maproot=nobody -network=10.0.0.0 -mask=255.255.255.0 /usr/ports -ro -maproot=nobody -network=10.0.0.0 -mask=255.255.255.0 si...@lion$ showmount -e lion Exports list on lion: /usr/ports 10.0.0.0 /h 10.0.0.0 /asd/src 10.0.0.0 si...@lion$ # On the client side: si...@gw$ cd si...@gw$ amq /rootroot gw:(pid4982) /asd/src direct amd.adk/asd/src /hometoplvl amd.home /home /home/sioux nfs lion:/h/a/lion/h/sioux /asd/src/. nfs lion:/asd/src /a/lion/asd/src si...@gw$ mount /dev/wd0a on / type ffs (local, synchronous) amd:4982 on /asd/src type nfs (v2, udp, intr, timeo=100, retrans=100) amd:4982 on /home type nfs (v2, udp, intr, timeo=100, retrans=100) lion:/usr/ports on /usr/ports type nfs (read-only, v3, udp, timeo=100) lion:/h on /a/lion/h type nfs (nosuid, v2, udp, timeo=100) lion:/asd/src on /a/lion/asd/src type nfs (v2, udp, timeo=100) si...@gw$ Does anybody know why /asd/src is not being mounted read-only? Thanks in advance.
Re: NFS or SAMBA ?
2009/3/13 Jean-Francois jfsimon1...@gmail.com: BTW this thread helped me a lot (I was the originator) and I agree that NFS works a lot very well. Over Gigabyte network it's looking like really a local disk behaviour. I have still troubles copying videos because the Linux desktop constantly loads the litle snapshot of the vid file it is transferring , this icon of the file that shown one of the picture of the film, and as it does constantly update this imate while transferring it really interferes and the flow is reduced to somewhat few m/s instead of approx 60 m/s when transferring normally. This sounds like a problem with your Linux GUI configuration and Linux allowing that preview generation task somehow compete with its transfer task for access to the file (not sure why; if the preview generation tried to temporarily lock the file it would sort of explain things, but why would that job try to do that?). Or maybe the Linux preview generation task is so eager to catch up with and gets so confused by the constantly changing file that it generates such an amount of load on the Linux system that this negatively impacts the transfer task. In any case, there isn't really anything OpenBSD does to cause this, nor probably anything your OpenBSD box could do to fix this. But in case you're using Nautilus/GNOME on your Linux box, you may want to look at Edit -- Preferences -- Preview in Nautilus, where you can tell it to show thumbnails for local files only, or only for files below a certain size, or not show thumbnails at all. regards, --ropers
ipsec config with x509 certificates
Hi, I'm in the process of upgrading and existing netBSD gateway to a fresh new openBSD gateway. So I have to re-create IPSec tunnel between other netBSD and Linux gateways. I have to precise I am more familiar with racoon/setkey than ipsectl/isakmpd couple (in fact, it's the first time I use ipsec on openbsd) So here is the way I proceed : o I created gif interfaces for tunneling traffic between my gateways : ifconfig gif0 create 10.20.31.1 10.20.31.2 netmask 255.255.255.255 tunnel x.x.x.190 x.x.x.145 The gif tunnels are working on both netBSD and Linux endpoints. Then I tried to convert my racoon and ipsec setup to openBSD scheme : - copying my ca cert on /etc/isakmpd/ca/ca.crt - copying my host private key on /etc/isakmpd/private/local.key - copying my host public key on /etc/isakmpd/keynote/my FQDN/credentials - editing /etc/ipsec.conf like this : ike dynamic esp transport from 10.20.31.1 to 10.20.31.2 \ local x.x.x.190 peer x.x.x.145 \ main auth hmac-sha1 enc 3des group modp1024 The thing I can't figure is HOW the x509 certificates are handled, because I'm not sure I did the right things : on the racoon side I get these errors : Mar 13 18:09:49 gw racoon: ERROR: no peer's CERT payload found. Mar 13 18:09:56 gw racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1. Mar 13 18:09:56 gw racoon: WARNING: No ID match. Mar 13 18:09:56 gw racoon: ERROR: no peer's CERT payload found. Mar 13 18:10:39 gw racoon: ERROR: phase1 negotiation failed due to time up. 69f8819d392c1514:0d37bc20084a06be Mar 13 18:11:12 gw racoon: ERROR: Invalid CERT type 11 Thanks for any pointers you could provide ! -- Eric Belhomme [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: strange load values
On Thu, 12 Mar 2009, jmc wrote: i believe that Theo and many of the devs have said many times that the load average means nothing. here's a reference to one such thread: http://kerneltrap.org/mailarchive/openbsd-misc/2008/11/8/4041294 2009/3/13 David Vasek va...@fido.cz: Perhaps the man page of w(1) should be changed. Currently it states: The load average numbers give the number of jobs in the run queue averaged over 1, 5 and 15 minutes. which is rather inaccurate or wrong. I suggest the patch below. Please correct my English if necessary. Regards, David Index: src/usr.bin/w/w.1 === RCS file: /cvs/src/usr.bin/w/w.1,v retrieving revision 1.18 diff -u -p -r1.18 w.1 --- src/usr.bin/w/w.1 31 May 2007 19:20:19 - 1.18 +++ src/usr.bin/w/w.1 13 Mar 2009 13:10:56 - @@ -50,7 +50,8 @@ The first line displays the current time been running, the number of users logged into the system, and the load averages. The load average numbers give the number of jobs in the run queue averaged -over 1, 5 and 15 minutes. +over past 1, 5 and 15 minutes. Because of the sampling method and +algorithms used to obtain these numbers, they are often inaccurate. .Pp At the peril of being justifiably told that I don't really know what I'm talking about here: I have a hunch that that last sentence may prevent that diff from being accepted. The way I understand things, the numbers are not inaccurate just different from what Linux users might expect them to be. But who ever said that Linux was the measure of all things? Again, I don't really know what I'm talking about here, but that's my understanding of the matter. If it's incorrect, then sorry for the noise. regards, --ropers
Re: Strange NFS/amd behavior
2009/3/13 Friedrich Locke friedrich.lo...@gmail.com: Hi folks. i am having a nightmare trying to get a directory exported read-only; then i request for your help. I have a nfs server exporting some files read-only. In the client box i am using amd to mount them. It works but it is mounted read-write. Does anybody have any ideia on what is going on? Here goes some information: # On the server side si...@lion$ cd /etc si...@lion$ cat exports # $OpenBSD: exports,v 1.2 2002/05/31 08:15:44 pjanzen Exp $ # # NFS exports Database # See exports(5) for more information. Be very careful: misconfiguration # of this file can result in your filesystems being readable by the world. /h -maproot=nobody -network=10.0.0.0 -mask=255.255.255.0 /asd/src -ro -maproot=nobody -network=10.0.0.0 -mask=255.255.255.0 /usr/ports -ro -maproot=nobody -network=10.0.0.0 -mask=255.255.255.0 si...@lion$ showmount -e lion Exports list on lion: /usr/ports 10.0.0.0 /h 10.0.0.0 /asd/src 10.0.0.0 si...@lion$ # On the client side: si...@gw$ cd si...@gw$ amq /rootroot gw:(pid4982) /asd/src direct amd.adk/asd/src /hometoplvl amd.home /home /home/sioux nfs lion:/h/a/lion/h/sioux /asd/src/. nfs lion:/asd/src /a/lion/asd/src si...@gw$ mount /dev/wd0a on / type ffs (local, synchronous) amd:4982 on /asd/src type nfs (v2, udp, intr, timeo=100, retrans=100) amd:4982 on /home type nfs (v2, udp, intr, timeo=100, retrans=100) lion:/usr/ports on /usr/ports type nfs (read-only, v3, udp, timeo=100) lion:/h on /a/lion/h type nfs (nosuid, v2, udp, timeo=100) lion:/asd/src on /a/lion/asd/src type nfs (v2, udp, timeo=100) si...@gw$ Does anybody know why /asd/src is not being mounted read-only? This may be wrong-footed and naive, but have you actually tried to write to the read-only exported NFS directory that appears to be mounted read/write? What happens if you type: touch /a/lion/asd/src/testfile Are you getting an error message then, or does it actually create the file? regards, --ropers
Re: strange load values
On Fri, Mar 13, 2009 at 9:13 AM, David Vasek va...@fido.cz wrote: Perhaps the man page of w(1) should be changed. Currently it states: The load average numbers give the number of jobs in the run queue averaged over 1, 5 and 15 minutes. which is rather inaccurate or wrong. I suggest the patch below. Please correct my English if necessary. why is it wrong? wouldn't a better patch be to fix it?
Re: linux binary emulation (corrected kdump)
On Fri, Mar 13, 2009 at 12:55:18PM -0400, Ted Unangst wrote: On Fri, Mar 13, 2009 at 8:41 AM, Constantine Cusulos noha...@freemail.gr wrote: Maybe compat_linux needs some additional work. No doubt about that, but interest is seriously waning. I cared back Although interest in compat_linux may be seriously waning among developers, I think it's still important for users such as myself. compat_linux is the most reasonable option for users who need to run commercial software on OpenBSD. And compat_linux is important for attracting new users to OpenBSD. Why else would it be mentioned in the first paragraph of the OpenBSD homepage? Other features like pf, carp, openssh, sparc64 support, etc. aren't mentioned at all on the front page of www.openbsd.org
creating release and kernels
I'm running 4.4 Stable on i386 hardware and was wanting to make a release. I was reading through the release man page and noticed it said a GENERIC kernel is included with the release. I'm just wondering if there is a way to include or replace the generic kernel with a modified kernel. The only change i'm making is adding NTFS read support. Thanks Aaron
Re: linux binary emulation (corrected kdump)
On Fri, Mar 13, 2009 at 1:40 PM, Matthew Szudzik mszud...@andrew.cmu.edu wrote: No doubt about that, but interest is seriously waning. I cared back Although interest in compat_linux may be seriously waning among developers, I think it's still important for users such as myself. compat_linux is the most reasonable option for users who need to run commercial software on OpenBSD. Well, somebody should send diffs then. Like I said, I stopped using it and couldn't use it now if I wanted. And about the last thing I'm going to do is buy some commercial software I won't use just to see if it works. And compat_linux is important for attracting new users to OpenBSD. Why else would it be mentioned in the first paragraph of the OpenBSD homepage? Other features like pf, carp, openssh, sparc64 support, etc. aren't mentioned at all on the front page of www.openbsd.org The opening paragraph hasn't been changed since before any of those features existed.
Re: creating release and kernels
On Fri, Mar 13, 2009 at 02:13:35PM -0500, Aaron Martinez wrote: I'm running 4.4 Stable on i386 hardware and was wanting to make a release. I was reading through the release man page and noticed it said a GENERIC kernel is included with the release. I'm just wondering if there is a way to include or replace the generic kernel with a modified kernel. The only change i'm making is adding NTFS read support. I'm a little unclear; are you talking about release(8), or just having a kernel with NTFS support? Thanks Aaron
Re: creating release and kernels
On Fri, Mar 13, 2009 at 02:13:35PM -0500, Aaron Martinez wrote: I'm running 4.4 Stable on i386 hardware and was wanting to make a release. I was reading through the release man page and noticed it said a GENERIC kernel is included with the release. I'm just wondering if there is a way to include or replace the generic kernel with a modified kernel. The only change i'm making is adding NTFS read support. I'm a little unclear; are you talking about release(8), or just having a kernel with NTFS support? yes, release(8). So at the beginning of the release, i update my sources, rebuild the kernel, with the one mod for ntfs support, rebuild userland and then do a release. I'm wondering if there is any way to get the ntfs enabled kernel into the release. could i just copy my running /bsd /bsd.rd and /boot files into the reldir and create my release cd to install that way? Thanks again. Aaron Thanks Aaron
Re: linux binary emulation (corrected kdump)
On Fri, Mar 13, 2009 at 05:40:46PM +, Matthew Szudzik wrote: homepage? Other features like pf, carp, openssh, sparc64 support, etc. aren't mentioned at all on the front page of www.openbsd.org Oops. OpenSSH is mentioned on the front page, albeit in a footnote that lists associated projects.
Re: creating release and kernels
On 13 March 2009 c. 22:13:35 Aaron Martinez wrote: I'm running 4.4 Stable on i386 hardware and was wanting to make a release. I was reading through the release man page and noticed it said a GENERIC kernel is included with the release. I'm just wondering if there is a way to include or replace the generic kernel with a modified kernel. The only change i'm making is adding NTFS read support. Well, nothing stops you in replacing bsd* files in release directory with your own built ones after building release itself. :) Or you want to automate this work? -- Best wishes, Vadim Zhukov
Re: creating release and kernels
Hi Aaron, I'm just wondering if there is a way to include or replace the generic kernel with a modified kernel. Of course, one can hack up the release(8) process to replace the GENERIC kernel by a custom kernel. But i would call that confusing at best. In case you have no idea where to start, don't try. The only change i'm making is adding NTFS read support. I suggest to build the custom kernel seperately and install it manually on the machine where you want to play with it. You are aware that the option NTFS it is marked Experimental in i386/conf/GENERIC, are you? Yours, Ingo
Re: strange load values
On Fri, 13 Mar 2009, Ted Unangst wrote: On Fri, Mar 13, 2009 at 9:13 AM, David Vasek va...@fido.cz wrote: Perhaps the man page of w(1) should be changed. Currently it states: The load average numbers give the number of jobs in the run queue averaged over 1, 5 and 15 minutes. which is rather inaccurate or wrong. I suggest the patch below. Please correct my English if necessary. why is it wrong? wouldn't a better patch be to fix it? It is wrong becasue the computed numbers can be different from what is written in the specification (the man pages). The computed load average can be high on an almost idle machine and vice-versa. As is described here: http://marc.info/?l=openbsd-miscm=118703405121404 http://marc.info/?l=openbsd-miscm=93551115818166 http://marc.info/?l=openbsd-miscm=121849543013236 I guess that this is the cause for all the repeated discussions about high load average. It can't be fixed without redesigning large portion of the kernel, if it can be fixed at all and it would definetely be for some performance trade-off. Regards, David
Re: creating release and kernels
On 13 March 2009 c. 22:13:35 Aaron Martinez wrote: I'm running 4.4 Stable on i386 hardware and was wanting to make a release. I was reading through the release man page and noticed it said a GENERIC kernel is included with the release. I'm just wondering if there is a way to include or replace the generic kernel with a modified kernel. The only change i'm making is adding NTFS read support. Well, nothing stops you in replacing bsd* files in release directory with your own built ones after building release itself. :) Or you want to automate this work? Automating is always good, but copying a couple files one time is something I can handle, just didn't realize it wasn't creating a release of the current running kernel. Would i also need to copy the /boot file as well or just the bsd* files? Thanks -- Best wishes, Vadim Zhukov
Re: creating release and kernels
On Fri, Mar 13, 2009 at 02:54:23PM -0500, Aaron Martinez wrote: On Fri, Mar 13, 2009 at 02:13:35PM -0500, Aaron Martinez wrote: I'm running 4.4 Stable on i386 hardware and was wanting to make a release. I was reading through the release man page and noticed it said a GENERIC kernel is included with the release. I'm just wondering if there is a way to include or replace the generic kernel with a modified kernel. The only change i'm making is adding NTFS read support. I'm a little unclear; are you talking about release(8), or just having a kernel with NTFS support? yes, release(8). So at the beginning of the release, i update my sources, rebuild the kernel, with the one mod for ntfs support, rebuild userland and then do a release. I'm wondering if there is any way to get the ntfs enabled kernel into the release. could i just copy my running /bsd /bsd.rd and /boot files into the reldir and create my release cd to install that way? From a quick reading of release(8) and src/etc/Makefile, it looks like the release process pulls in the kernel of the system the release is built on. Thanks again. Aaron Thanks Aaron
Re: creating release and kernels
On 13 March 2009 P3. 23:12:25 Aaron Martinez wrote: On 13 March 2009 C#. 22:13:35 Aaron Martinez wrote: I'm running 4.4 Stable on i386 hardware and was wanting to make a release. I was reading through the release man page and noticed it said a GENERIC kernel is included with the release. I'm just wondering if there is a way to include or replace the generic kernel with a modified kernel. The only change i'm making is adding NTFS read support. Well, nothing stops you in replacing bsd* files in release directory with your own built ones after building release itself. :) Or you want to automate this work? Automating is always good, but copying a couple files one time is something I can handle, just didn't realize it wasn't creating a release of the current running kernel. :) Would i also need to copy the /boot file as well or just the bsd* files? No. -- Best wishes, Vadim Zhukov
Re: creating release and kernels
On Fri, Mar 13, 2009 at 02:54:23PM -0500, Aaron Martinez wrote: On Fri, Mar 13, 2009 at 02:13:35PM -0500, Aaron Martinez wrote: I'm running 4.4 Stable on i386 hardware and was wanting to make a release. I was reading through the release man page and noticed it said a GENERIC kernel is included with the release. I'm just wondering if there is a way to include or replace the generic kernel with a modified kernel. The only change i'm making is adding NTFS read support. I'm a little unclear; are you talking about release(8), or just having a kernel with NTFS support? yes, release(8). So at the beginning of the release, i update my sources, rebuild the kernel, with the one mod for ntfs support, rebuild userland and then do a release. I'm wondering if there is any way to get the ntfs enabled kernel into the release. could i just copy my running /bsd /bsd.rd and /boot files into the reldir and create my release cd to install that way? From a quick reading of release(8) and src/etc/Makefile, it looks like make release pulls the kernel from the running system into the generated release. I thought that as well, but when i installed from the newly created release cd, I wasn't able to mount ntfs partitions. I went back to my build machine and diff'ed /bsd and /usr/rel/bsd and they are different.. is that to be expected? $ diff bsd /bsd Binary files bsd and /bsd differ Thanks, Aaron Thanks again. Aaron Thanks Aaron
Re: creating release and kernels
On Fri, Mar 13, 2009 at 02:54:23PM -0500, Aaron Martinez wrote: On Fri, Mar 13, 2009 at 02:13:35PM -0500, Aaron Martinez wrote: I'm running 4.4 Stable on i386 hardware and was wanting to make a release. I was reading through the release man page and noticed it said a GENERIC kernel is included with the release. I'm just wondering if there is a way to include or replace the generic kernel with a modified kernel. The only change i'm making is adding NTFS read support. I'm a little unclear; are you talking about release(8), or just having a kernel with NTFS support? yes, release(8). So at the beginning of the release, i update my sources, rebuild the kernel, with the one mod for ntfs support, rebuild userland and then do a release. I'm wondering if there is any way to get the ntfs enabled kernel into the release. could i just copy my running /bsd /bsd.rd and /boot files into the reldir and create my release cd to install that way? From a quick reading of release(8) and src/etc/Makefile, it looks like make release pulls the kernel from the running system into the generated release. Thanks again. Aaron Thanks Aaron
Re: strange load values
On Fri, Mar 13, 2009 at 4:13 PM, David Vasek va...@fido.cz wrote: It is wrong becasue the computed numbers can be different from what is written in the specification (the man pages). The computed load average can be high on an almost idle machine and vice-versa. As is described here: http://marc.info/?l=openbsd-miscm=118703405121404 http://marc.info/?l=openbsd-miscm=93551115818166 http://marc.info/?l=openbsd-miscm=121849543013236 I guess that this is the cause for all the repeated discussions about high load average. It can't be fixed without redesigning large portion of the kernel, if it can be fixed at all and it would definetely be for some performance trade-off. In theory, it could be off. But none of the people complaining about it have yet demonstrated that it actually was. If the load is the average number of processes in the run queue, and you don't think that your load could possibly be as high as 1.0, then show us evidence that demonstrates how many jobs were really in the run queue. Calculate the right answer. Nobody does this. They only say the load is wrong, but they don't say what it should be (other than small). No partial credit unless you show your work. Until somebody puts up some numbers, it's silly to add statements like this number is inaccurate to the man page.
Re: creating release and kernels
On Fri, Mar 13, 2009 at 10:13:01PM +0100, Ingo Schwarze wrote: Hi Aaron, Aaron Martinez wrote on Fri, Mar 13, 2009 at 03:37:54PM -0500: blambert@ wrote: From a quick reading of release(8) and src/etc/Makefile, it looks like make release pulls the kernel from the running system into the generated release. /usr/src/etc/etc.i386/Makefile.inc, target snap_md: cp ${.CURDIR}/../sys/arch/i386/compile/GENERIC/bsd \ ${DESTDIR}/snapshot/bsd /usr/src/etc/Makefile, target release: -cp ${DESTDIR}/snapshot/*bsd* ${RELEASEDIR} That doesn't look like the kernel from the running system, IMHO. That's why I said quick reading ;) As always, thanks for digging deeper than I had the time/inclination to. Keep reaching for that star! ;) I thought that as well, but when i installed from the newly created release cd, I wasn't able to mount ntfs partitions. I went back to my build machine and diff'ed /bsd and /usr/rel/bsd and they are different.. is that to be expected? In case you have RELEASEDIR=/usr/rel and /bsd is not GENERIC, yes, i would expect those two kernels to differ. Yours, Ingo
Re: creating release and kernels
So what you actually want is create a ramdisk that recognizes NTFS. you're not interested in a running kernel, but a boot kernel, right ? Look around in distrib, that's where the instructions to build boot kernels happen. You need to tweak/clone the right ramdisk for your purpose. Of course, there's no guarantee that will work. I can tell that including NTFS on a floppy won't fit, and I haven't ever tried it on bsd.rd nor the cd ramdisk. There might be some other issues at work. Good luck.