Re: Automatic reboot on kernel panic

2011-06-23 Thread Peter Hessler 
On 2011 Jun 23 (Thu) at 00:32:40 +0200 (+0200), ter Voorde Informatiesystemen 
wrote:
:You are completely right.
:
:I was only wondering if I do not set the variable explicitly, the
:default value would be 0 or 1.
:
:Kind regards,
:
:Frank
:

For some sysctls, the default is 0, for others, the default is 1.
You'll need to run it to see.  `sysctl ddb.panic`


-- 
Electrocution, n.:
Burning at the stake with all the modern improvements.

Re: Can one interface have an IP address and bridge as well?

2011-06-23 Thread Stuart Henderson 
That would make things simpler.

On Thu, 23 Jun 2011 03:09:16 +0100, Paul Suh wrote:
 Folks,
 
 I could add another physical interface for the internal end of the bridge, 
 but not for the external end. Would this work? 
 
 
 --Paul
 
 
 On Jun 22, 2011, at 6:56 AM, Stuart Henderson wrote:
 
  Seconded, or alternatively can you add another interface (physical
  or vlan) to place the server on?
  
  It might be possible to do bridging and nat on the same interface
  (possibly using bridge rules and PF tags) but at best you're setting
  yourself up for a complicated and fragile ruleset.
  
  On 2011-06-22, Shane Lazarus shane.laza...@pobox.com wrote:
  Heya
  
  On Wed, Jun 22, 2011 at 12:13 PM, Paul Suh pl...@goodeast.com wrote:
  
  Folks,
  
  Is this possible and/or a good idea? I have a router with three 
  interfaces:
  
  sis0: external interface, IPv4 address 1.2.3.4/24
  sis1: internal interface, IPv4 address 192.168.1.1/24
  sis2 http://192.168.1.1/24sis2: DMZ interface, IPv4 address
  192.168.2.1/24
  
  NAT rules pass all traffic from the internal and DMZ zones through the
  external IP address. I have a couple of servers with IPv4 addresses
  192.168.2.2 and 192.168.2.3 in the DMZ, with rdr-to rules that send 
  traffic
  in
  to them from 1.2.3.4.
  
  I need to place a server at 1.2.3.5, and the software I have to run needs
  the
  server itself to have the IPv4 address 1.2.3.5 -- I can't NAT it and give
  the
  server the address 192.168.2.4 in the DMZ. (Don't ask. *shudder*) Can I 
  set
  up
  a bridge between sis0 and sis2 so that traffic for 1.2.3.5 gets passed
  through
  to the server via sis2 as well as having the IPv4 address 1.2.3.4 on sis0?
  Or
  is there a better way to do this?
  
  
  --Paul
  
  [demime 1.01d removed an attachment of type application/pkcs7-signature
  which had a name of smime.p7s]
  
  
  I personally would check to see if you could get a /30 routed to 1.2.3.4.
  5.6.7.8 - 5.6.7.11
  
  Append one of the /30 to the sis2 interface, and the other to your new
  server.
  
  If 1.2.3.4  1.2.3.5 are part of a bigger block that you own, see if you
  can't allocate a /30 from that larger pool.
  ( 1.2.3.8 - 1.2.3.11 ?? )
  
  
  Shane

Incorrect NAT translation for sip traffic ?

2011-06-23 Thread Magnus Rixtorp 
Lets get some standard stuff out of the way first.

# uname -a
OpenBSD pbxfw 4.9 GENERIC#671 i386

# dmesg
OpenBSD 4.9 (GENERIC) #671: Wed Mar  2 07:09:00 MST 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,xTPR
real mem  = 2137120768 (2038MB)
avail mem = 2092023808 (1995MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/09/05, BIOS32 rev. 0 @ 0xffe90, 
SMBIOS rev. 2.3 @ 0xf0450 (74 entries)
bios0: vendor Dell Inc. version A04 date 02/09/2005
bios0: Dell Inc. OptiPlex GX280
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET
acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI1(S5) PCI2(S5) PCI3(S5) 
PCI4(S5) MOU_(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 4 (PCI1)
acpiprt1 at acpi0: bus 2 (PCI2)
acpiprt2 at acpi0: bus 3 (PCI3)
acpiprt3 at acpi0: bus 1 (PCI4)
acpiprt4 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C3
acpibtn0 at acpi0: VBTN
bios0: ROM list: 0xc/0xa800! 0xca800/0x1800!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82915G Host rev 0x04
ppb0 at pci0 dev 1 function 0 Intel 82915G PCIE rev 0x04: apic 8 int 
16 (irq 11)
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 Intel 82915G Video rev 0x04
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xc000, size 0x1000
inteldrm0 at vga1: apic 8 int 16 (irq 11)
drm0 at inteldrm0
Intel 82915G Video rev 0x04 at pci0 dev 2 function 1 not configured
ppb1 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03: apic 8 int 
16 (irq 11)
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 Broadcom BCM5751 rev 0x01, BCM5750 A1 
(0x4001): apic 8 int 16 (irq 11), address 00:11:43:7c:f3:91
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb2 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x03
pci3 at ppb2 bus 3
uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: apic 8 int 
21 (irq 9)
uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: apic 8 int 
22 (irq 5)
uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: apic 8 int 
18 (irq 4)
uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: apic 8 int 
23 (irq 3)
ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: apic 8 int 
21 (irq 9)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xd3
pci4 at ppb3 bus 4
re0 at pci4 dev 0 function 0 D-Link DGE-528T rev 0x10: RTL8169/8110SB 
(0x1000), apic 8 int 16 (irq 11), address f0:7d:68:b8:62:95
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3
ichpcib0 at pci0 dev 31 function 0 Intel 82801FB LPC rev 0x03: PM 
disabled
pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x03: DMA, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SAMSUNG, CD-R/RW SW-252S, R902 ATAPI 
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 Intel 82801FB SATA rev 0x03: DMA, 
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 8 int 20 (irq 10) for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: WDC WD5000AAKS-00UU3A0
wd0: 16-sector PIO, LBA48, 476940MB, 976773168 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
ichiic0 at pci0 dev 31 function 3 Intel 82801FB SMBus rev 0x03: SMI
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-6400CL5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus1 at vscsi0: 256 targets

Re: OpenOffice Base with HSQL

2011-06-23 Thread Muhammad Muntaza 
2011/6/21 Daniel Dickman didick...@gmail.com

 Do you only have the jre installed? Does it work if you install the jdk as
 well?


I've installed a jdk but still could not use the HSQL DATABASE.

$ pkg_info | grep jdk
jdk-1.7.0.00beta122p0v0 Java2(TM) SE Dev Kit v1.7.0.00 Early Access b122
$
soffice

javaldx: Could not find a Java Runtime Environment!


Thanks,

Muhammad Muntaza bin Hatta

-- 
Indonesia
http://muntaza.wordpress.com

Re: Automatic reboot on kernel panic

2011-06-23 Thread Raimo Niskanen 
On Thu, Jun 23, 2011 at 12:32:40AM +0200, ter Voorde Informatiesystemen wrote:
 You are completely right.
 
 I was only wondering if I do not set the variable explicitly, the 
 default value would be 0 or 1.

Ok, that I can not find from the documentation,
only that setting it to 0 most probably is a change.

The default is:
 # uname -a
 OpenBSD localhost.localdomain 4.9 GENERIC.MP#47 i386
 # sysctl ddb.panic
 ddb.panic=1

It is very easy to check, if you have an installation...

/ Raimo


 
 Kind regards,
 
 Frank
 
 On 06/22/11 17:12, Raimo Niskanen wrote:
 On Wed, Jun 22, 2011 at 11:45:49AM -0300, Marcos Laufer wrote:
 I am sorry, this confused me, and i didn't quite understand.
 
 Just to be clear:
 
 ddb.panic=0 will boot instead of dropping you into a ddb?
 
 Or is it ddb.panic=1 the option that will make the system boot?
 Please... are we not a wee bit lazy now... man sysctl.conf:
 
 EXAMPLES
   To turn on IP forwarding, one would use the following line:
 
 net.inet.ip.forwarding=1
 
   To cause the kernel to reboot on a panic, instead of dropping into 
   the
   debugger, the following can be used:
 
 ddb.panic=0
 
 
 Regards,
 
 David Coppa wrote:
 On Wed, 22 Jun 2011, ter Voorde Informatiesystemen wrote:
 
 
 In /etc/sysctl.conf I see the following commented line:
 
 #ddb.panic=0
 
 and nothing else about ddb.panic is present there. With other words,
 I guess: 'ddb.panic=0' is the default boot time setting and does not
 have to be set explicitly.
 
 I now suppose: on a kernel panic, this system will not drop into ddb
 (kind-of waiting for someone to retrieve useful information about
 the panic) and is most likely to reboot. Is that correct?
 
 Exactly the opposite:
 
 $ sysctl ddb.panic
 ddb.panic=1
 
 You need to uncomment that line in /etc/sysctl.conf.
 
 Cheers,
 David

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: Incorrect NAT translation for sip traffic ?

2011-06-23 Thread Stuart Henderson 
On 2011-06-23, Magnus Rixtorp mag...@tokra.org wrote:
 pass out quick log on $ext_if inet from 192.168.0.0/24 nat-to $ext_if
 pass out quick log on $ext_if inet from 192.168.230.0/24 nat-to $ext_if
 pass out quick log on $ext_if inet from 192.168.231.0/24 nat-to $ext_if
 pass out quick log on $ext_if inet from 192.168.239.0/24 nat-to $ext_if
 pass out quick log on $ext_if inet from 192.168.240.0/24 nat-to $ext_if
 pass out quick log on $ext_if inet from 192.168.241.0/24 nat-to $ext_if
 pass out quick log on $ext_if inet from 192.168.242.0/24 nat-to $ext_if

This probably isn't your problem, but that seems quite a lot of networks
to be natting behind a single IP especially with the default port range
(50001:65535). if you've got a lot of active natted states, the
search for a free port could involve a bunch of state searches
(pick a random port, lookup state to see if it's used, then search
sequentially for a free port looking up state each time).

So if you do have a lot of states you might want to either add more IPs
or increase the port range available (e.g. pass...nat-to $ext_if \
port 2:65535) and adjust the net.inet.ip.port* sysctls for
connections coming from the firewall itself (to make sure you have
some free ports which don't conflict with the range used by that
PF rule).

 Jun 15 09:41:21 pbxfw /bsd: pf: state key linking mismatch! dir=OUT, 
 if=re0, stored af=2, a0: 130.244.190.46:5060, a1: 192.168.230.101:5060, 
 proto=17, found af=2, a0: 192.168.230.101:5060, a1: 
 187.170.255.239:5060, proto=17
 Jun 17 12:02:55 pbxfw /bsd: pf: state key linking mismatch! dir=OUT, 
 if=re0, stored af=2, a0: 130.244.190.46:5060, a1: 192.168.230.101:5060, 
 proto=17, found af=2, a0: 192.168.230.101:5060, a1: 
 187.170.255.239:5060, proto=17

 Is the only error output ive found on the problem.

 So the problem, has to do with the ip 187.170.255.239,
 239.255.170.187.in-addr.arpa domain name pointer 
 dsl-187-170-255-239-dyn.prod-infinitum.com.mx.
 Our system has no relation at all with this ip.
 But somehow our NAT translation at random intervals, decides to 
 redirects traffic to that ip instead of the intended destination.
 Sofar we have primarily noted the problem towards 130.244.190.46 and 
 130.244.190.42, that are our providers sip gateways.
 Since the only thing beeing used on the connection is a PBx solution.

 A google on that perticular IP, gives a simular dmesg error output in 
 this post:
 http://www.mail-archive.com/misc@openbsd.org/msg95116.html
 But in his case, the system hangs, our system keeps on going.
 And instead interferes with the connection of phonecalls.

 since the problem was discovered ive set up pf to log the first packet 
 of every new state,
 and then that is tcpdump thru tcpdump -n -e -ttt -s 1600 -vvv -XX to a 
 ascii log using the
 http://www.openbsd.org/faq/pf/logging.html syslog method.

 Jun 22 15:40:06.212694 rule 26/(match) [uid 0, pid 20284] pass in on 
 bge0: 130.244.190.46.5060  212.247.80.66.5060: udp 442 (DF) [tos 0xb8] 
 (ttl 56, id 0, len 470)
: 45b8 01d6  4000 3811 da02 82f4 be2e 
 E\M-8.\M-V..@.8.\M-Z..\M-t\M-.
0010: d4f7 5042 13c4 13c4 01c2 f6b9 4259 4520 
 \M-T\M-wPB.\M-D.\M-D.\M-B\M-v\M-9BYE
0020: 7369 703a 3835 3933 4032 3132 2e32 3437 sip:8593@212.247
0030: 2e38 302e 3636 2053 4950 2f32.80.66 SIP/2

 Jun 22 15:40:06.307515 rule 60/(match) [uid 0, pid 20284] pass in on 
 re0: 192.168.230.101.5060  187.170.255.239.5060: udp 550 (ttl 64, id 
 33961, len 578)
: 4500 0242 84a9  4011 9159 c0a8 e665 
 E..B.\M-)..@..Y\M-@\M-(\M-fe
0010: bbaa ffef 13c4 13c4 022e 9dc3 5349 502f 
 \M-;\M-*\M^?\M-o.\M-D.\M-D...\M-CSIP/
0020: 322e 3020 3230 3020 4f4b 0d0a 5669 613a  2.0 200 OK..Via:
0030: 2053 4950 2f32 2e30 2f55 4450 SIP/2.0/UDP

Considering this snippet alone, there's no indication of a problem
with PF; it looks to me like 192.168.230.101 is itself sending
packets to 187.170.255.239, maybe your PBX software is confused.

I would look at packets on the inbound/outbound interfaces rather
than pflog and see what addresses show up there. (tcpdump -Xs1500
-nire0 port 5060 or something, and same for bge0).

The xxx.255.239 makes me wonder if the PBX is trying to do some
multicast thing and getting the byte-order wrong (239.255.xxx would
be a multicast address).

 Jun 22 15:40:06.307526 rule 0/(match) [uid 0, pid 20284] pass out on 
 bge0: 192.168.230.101.5060  187.170.255.239.5060: udp 550 (ttl 63, id 
 33961, len 578, bad cksum 9159! differs by 100)
: 4500 0242 84a9  3f11 9159 c0a8 e665 
 E..B.\M-)..?..Y\M-@\M-(\M-fe
0010: bbaa ffef 13c4 13c4 022e 9dc3 5349 502f 
 \M-;\M-*\M^?\M-o.\M-D.\M-D...\M-CSIP/
0020: 322e 3020 3230 3020 4f4b 0d0a 5669 613a  2.0 200 OK..Via:
0030: 2053 4950 2f32 2e30 2f55 4450 SIP/2.0/UDP

 and on a side note, if anyone has a suggestion how to actually get the 
 complete package logged, and not just the first snap, it would be nice,
 openbsd

Re: Question: IP NAT syntax on CARP interface

2011-06-23 Thread Stuart Henderson 
hostname.if(5) shows the format you need to use for setting aliases.

You should only set vhid/advbase/etc once for the interface.


On 2011-06-23, Stefan N stefanbsd...@yahoo.com wrote:
 Hi guys,

 I am in the midst of configuring the OpenBSD 4.9 PF using ip balancing and 
 active-passive solution.
 Every interface was configured successfully but I hit the problem when I am 
 going to add IP Alias/NAT IP on carp interface.

 1)For active-passive scenario:
 Let say I am going to configure carp1 interface and I edit  
 /etc/hostname.carp1 
 with 172.16.2.216 as virtual IP and 172.16.2.222 as  NAT IP
 inet 172.16.2.216 255.255.255.0 172.16.2.255 vhid 2 advbase 20 advskew 0 
 carpdev 
 em1 pass p455w0rd
 inet 172.16.2.222 255.255.255.255 vhid 2 advbase 20 advskew 0 carpdev em1 
 pass 
 p455w0rd

 Then I save the config and restart carp1 interface: sh /etc/netstart carp1
 but the output is ifconfig: vhid: bad value.

 2)For ip balancing scenario, carp1 will have the virtual IP and some NAT IP 
 addresses :
 Let say I am going to configure carp1 interface and I edit 
 /etc/hostname.carp1 
 with 172.16.1.216 as virtual IP and 172.16.1.222 as NAT IP
 inet 172.16.1.216 255.255.255.0 172.16.1.255 balancing ip carpnodes 3:0,4:100 
 pass p455w0rd
 inet 172.16.1.222 255.255.255.255 balancing ip carpnodes 3:0,4:100 pass 
 p455w0rd

 Then I save the config and restart carp1 interface: sh /etc/netstart carp1
 but the output is ifconfig: balancing: bad value.

 How is the right syntax to configure and add NAT IP on carp interface?
 Is the concept to add NAT IP(s) on carp interface(s) on active-active and ip 
 balancing scenario correct?

 Thank you in advance.

 Stefan

Re: Automatic reboot on kernel panic

2011-06-23 Thread Kevin Chadwick 
On Thu, 23 Jun 2011 11:27:09 +0200
Raimo Niskanen wrote:

 Ok, that I can not find from the documentation,
 only that setting it to 0 most probably is a change.

I believe the defaults are conveniently listed in the comments next to
the settings in sysctl.conf. I don't see why they'd change occasionally
otherwise.

Re: Automatic reboot on kernel panic

2011-06-23 Thread Stuart Henderson 
On 2011-06-23, Raimo Niskanen raimo+open...@erix.ericsson.se wrote:
 On Thu, Jun 23, 2011 at 12:32:40AM +0200, ter Voorde Informatiesystemen wrote:
 You are completely right.
 
 I was only wondering if I do not set the variable explicitly, the 
 default value would be 0 or 1.

 Ok, that I can not find from the documentation,
 only that setting it to 0 most probably is a change.

 The default is:
  # uname -a
  OpenBSD localhost.localdomain 4.9 GENERIC.MP#47 i386
  # sysctl ddb.panic
  ddb.panic=1

 It is very easy to check, if you have an installation...

The general scheme in sysctl.conf is that the commented-out
entries are non-default values which somebody might want to
uncomment to use them.

Re: Incorrect NAT translation for sip traffic ?

2011-06-23 Thread Magnus Rixtorp 

On 2011-06-23 11:52, Stuart Henderson wrote:

On 2011-06-23, Magnus Rixtorpmag...@tokra.org  wrote:

pass out quick log on $ext_if inet from 192.168.0.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.230.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.231.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.239.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.240.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.241.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.242.0/24 nat-to $ext_if

This probably isn't your problem, but that seems quite a lot of networks
to be natting behind a single IP especially with the default port range
(50001:65535). if you've got a lot of active natted states, the
search for a free port could involve a bunch of state searches
(pick a random port, lookup state to see if it's used, then search
sequentially for a free port looking up state each time).

So if you do have a lot of states you might want to either add more IPs
or increase the port range available (e.g. pass...nat-to $ext_if \
port 2:65535) and adjust the net.inet.ip.port* sysctls for
connections coming from the firewall itself (to make sure you have
some free ports which don't conflict with the range used by that
PF rule).

No, thats not a real issue, since there may be alot of netowrks/ips in 
those nats, but there is only 1-2 active hosts on those networks.




Jun 15 09:41:21 pbxfw /bsd: pf: state key linking mismatch! dir=OUT,
if=re0, stored af=2, a0: 130.244.190.46:5060, a1: 192.168.230.101:5060,
proto=17, found af=2, a0: 192.168.230.101:5060, a1:
187.170.255.239:5060, proto=17
Jun 17 12:02:55 pbxfw /bsd: pf: state key linking mismatch! dir=OUT,
if=re0, stored af=2, a0: 130.244.190.46:5060, a1: 192.168.230.101:5060,
proto=17, found af=2, a0: 192.168.230.101:5060, a1:
187.170.255.239:5060, proto=17

Is the only error output ive found on the problem.

So the problem, has to do with the ip 187.170.255.239,
239.255.170.187.in-addr.arpa domain name pointer
dsl-187-170-255-239-dyn.prod-infinitum.com.mx.
Our system has no relation at all with this ip.
But somehow our NAT translation at random intervals, decides to
redirects traffic to that ip instead of the intended destination.
Sofar we have primarily noted the problem towards 130.244.190.46 and
130.244.190.42, that are our providers sip gateways.
Since the only thing beeing used on the connection is a PBx solution.

A google on that perticular IP, gives a simular dmesg error output in
this post:
http://www.mail-archive.com/misc@openbsd.org/msg95116.html
But in his case, the system hangs, our system keeps on going.
And instead interferes with the connection of phonecalls.

since the problem was discovered ive set up pf to log the first packet
of every new state,
and then that is tcpdump thru tcpdump -n -e -ttt -s 1600 -vvv -XX to a
ascii log using the
http://www.openbsd.org/faq/pf/logging.html syslog method.

Jun 22 15:40:06.212694 rule 26/(match) [uid 0, pid 20284] pass in on
bge0: 130.244.190.46.5060  212.247.80.66.5060: udp 442 (DF) [tos 0xb8]
(ttl 56, id 0, len 470)
: 45b8 01d6  4000 3811 da02 82f4 be2e
E\M-8.\M-V..@.8.\M-Z..\M-t\M-.
0010: d4f7 5042 13c4 13c4 01c2 f6b9 4259 4520
\M-T\M-wPB.\M-D.\M-D.\M-B\M-v\M-9BYE
0020: 7369 703a 3835 3933 4032 3132 2e32 3437 sip:8593@212.247
0030: 2e38 302e 3636 2053 4950 2f32.80.66 SIP/2

Jun 22 15:40:06.307515 rule 60/(match) [uid 0, pid 20284] pass in on
re0: 192.168.230.101.5060  187.170.255.239.5060: udp 550 (ttl 64, id
33961, len 578)
: 4500 0242 84a9  4011 9159 c0a8 e665
E..B.\M-)..@..Y\M-@\M-(\M-fe
0010: bbaa ffef 13c4 13c4 022e 9dc3 5349 502f
\M-;\M-*\M^?\M-o.\M-D.\M-D...\M-CSIP/
0020: 322e 3020 3230 3020 4f4b 0d0a 5669 613a  2.0 200 OK..Via:
0030: 2053 4950 2f32 2e30 2f55 4450 SIP/2.0/UDP

Considering this snippet alone, there's no indication of a problem
with PF; it looks to me like 192.168.230.101 is itself sending
packets to 187.170.255.239, maybe your PBX software is confused.

I would look at packets on the inbound/outbound interfaces rather
than pflog and see what addresses show up there. (tcpdump -Xs1500
-nire0 port 5060 or something, and same for bge0).

The xxx.255.239 makes me wonder if the PBX is trying to do some
multicast thing and getting the byte-order wrong (239.255.xxx would
be a multicast address).



I have been taking a closer look on the packets, both on the external 
bge0 itnerface,

and the internal re0.
And the problem happens when the packet transfers thru pf from bge0 to re0.
using the rule

pass in quick log on $ext_if proto {tcp,udp} from any to $ext_if port
5060 rdr-to 192.168.230.101

the packet on bge0 looks like this:

No. TimeSourceDestination   Protocol 
Length Info
   6983 130.535506  130.244.190.42212.247.80.66 
SIP/SDP  1081   Request: INVITE

Vizesiz Yunan Adaları gezimizde büyük indirim ve sürpriz hediyeler !

2011-06-23 Thread Yol Dostları 
Yol Dostlar} ile vizesiz Yunan Adalar} Gezisi (12-18 Temmuz)


Bir kez daha merhaba arkada~lar...

Yol Dostlar} olarak bu kez muhte~em bir gemiyle Yunan Adalar}na gitmeye karar
verdik. Ve bu geziyi bu turlar} 45 y}ld}r yapan dev bir firmayla yap}yoruz...
TURA Turizmin katk}s}yla Vizesiz Yunan Adalar} Turu...

]stanbul'dan ba~layacak olan gezimiz tam 6 gece 7 g|n s|recek.

Bu gezimize gelecek olan arkada~lara Pera Optik'ten 100 TL'lik indirim geki de
verilecektir...

Gezimizin facebook linki
http://www.facebook.com/event.php?eid=224587324235606

Grubumuzun Facebook Linki :
http://www.facebook.com/group.php?gid=125598998350

Sayfam}z}n facebook linki: http://www.facebook.com/yoldostlari




]^TE AYRINTILAR...


* Horizon Gemisi'nde HER^EY DAH]L sistemi ile 6 gece konaklama
* Gemide her t|rl| alkoll| ve alkols|z; sopuk, s}cak igecekler
* Sabah Kahvalt}lar}, Vple Yemekleri, seyir halinde 5 Gaylar}, Ak~am
Yemekleri
* Gece yar}s} ikramlar}
* Vize yok... (Sadece 6 ay gegerli pasaport gerekiyor)
* T|rkge Rehberlik hizmetleri
* Seyahat Sigortas}
* Gemideki aktivite ve ~ovlar

* Bu dev ve s|per l|x geminin ilk gezisinde yer alacap}m}z igin tabii ki gok
g|zel s|rprizler de bizi bekliyor olacak.

Yukar}da sayd}p}m her~ey verecepiniz |crete dahil olacak...

Bu gok vzel imkandan yararlanmak ve fiyatlar} vprenmek istiyorsan}z beni
araman}z yeterli...

Hakan SEZER: 0542 387 80 13


L\KS HOR]ZON GEM]S]N]N VZELL]KLER]:

* ^u ana kadar Yunan adalar} igin T|rkiye limanlar}ndan ba~layan gemilerin
igindeki en b|y|k gemi.
* 2 bin ki~ilik
* Gemide her t|rl| eplence imkan}n} bulmak m|mk|n; Casino, SPA, masaj,
g|zellik salonlar}, y|zme havuzu, barlar, diskolar, en 14 m2 geni~lipinde l|ks
kabinler.
* Geminin her~ey dahil olu~u gok cazip k}l}yor. Alkoll|, alkols|z t|m
igecekler her~ey dahil.


GEM]DE YA^AM:

Ana Restoran
The Terrace Grill
Ag}k Y|zme Havuzlar}
Jakuzi
Tiyatro
Zoom Gece Kul|b|
Montecarlo Casino
Churchill Bar
Kafeler
Barlar
Fotopraf Galerisi
Al}~veri~ Mapazalar}
Oyun Adas}
K|t|phane
Internet Odas}
Spa ve G|zellik Merkezi
Fitness Salonu


GEZ] PROGRAMININ VZELL]KLER]:

* Program}n en vnemli vzellipi vizesiz olu~u. 6 ay gegerli pasaportlar
yeterli.



---
G]DECEP]M]Z YUNAN ADALARININ VZELL]KLER]

Santorini (Yunanistan)

Siyah kum sahillerinin yukar}s}nda volkanik kayalara tutunan beyaz kvyleriyle
|nl| Santorini Adas}, ismini 13. Y|zy}lda Azize Irene`ye atfen alm}~. Ada`daki
en vnemli yerler Akrotiri, Antik Thira, Fira ve Oia bvlgeleri. Adan}n merkezi
olan Fira, 1956 depreminden sonra yeniden kuruldu. Harika bir manzaraya sahip
olan bu merkez, k|g|k liman Skala Fira`ya 580 basamak uzakl}kta. Bu limana
teleferik veya basamaklar |zerinden kat}rla ula~mak m|mk|n. Adan}n |g|nc|
b|y|k liman} olan Oia depremden sonra geleneksel bir yerle~im birimi halini
alm}~. Neo-klasik malikbnelerle gevrili Oia gizemli olarak kabul edilir.

Pire - Atina (Yunanistan)

Pire, ba~kent Atina`n}n ~irin bir liman}, k|g|k otelleri sevimli gvr|n|m| ile
g|zel bir kenttir. Eski Yunan Medeniyetlerinin en g|gl| sembol| Pantheon,
Akropolis`in |zerinde yer al}r. Daha a~ap}da tavernalar ve al}~veri~
merkezlerinin bulundupu Plaka'da g|n|n ve gecenin ritmini yakalamak
m|mk|nd|r.

Mikonos (Yunanistan)

Mikonos kasabas} beyaz renkli dar sokaklar} ve k|p seklindeki evleriyle en gok
ziyaret edilen ve en pahal} Yunan Adas}`d}r. Adan}n as}l m|davimlerini d|nya
jet sosyetesi olu~turur. Yunanistan`}n en gvsteri~li adalar}ndan biri olan
Mikonos 1615 y}l}nda kurulmu~. Kumsallar}yla |nl| olan bu Ada`n}n en iyi
kumsal} g|ney k}y}s}nda yer al}yor. Mikonos kasabas}ndan 4 kilometre mesafede
olan bu kumsal}n adi Platis Gialos. Arkas}nda otel ve restaurantlarin yer
ald}p} bu kumsal adan}n ba~l}ca plaj}. Mikonos; darac}k sokaklar}, beyaz
evleri, yollara ta~m}~ pembe, beyaz gigekleri ile bir Ege klasipi. En s}ra
d}~} vzellipi ise Ada`da yer alan G}plaklar Kamp}.


Rodos (Yunanistan)

Dodekanes Adalar grubu`ndaki en b|y|k y|zvlg|ml| adad}r. Ada hem t|m
Avrupa`daki en iyi korunmu~ ve en b|y|k Ortagap ~ehrine sahip hem de y}l boyu
ortalama 300 g|n g|ne~ gvrmesi sebebi ile oldukga pop|ler bir tatil
merkezidir. Rodos, temiz denizi ve d|zenli plajlar} ile Avrupa Blue Flag
vd|l|ne lay}k gvr|lm|~t|r. Ortagap'da St. John ~vvalyelerinin meskeni olup,
ard}ndan Osmanl} hbkimiyetine gegen Rodos, bir dvnem de ]talyan yvnetimine
bapl} kald}p}ndan bu g|n her |g k|lt|rden geriye kalan mimari harmanla ender
bulunur bir g|zellipe sahiptir.

-

EPLENCE
- Profesyonel animasyon ekibi taraf}ndan haz}rlanan depi~ik oyun,gvsteri ve
aktiviteler g|n boyu devam etmektedir. Ak~am yemeklerinin verildipi her 2
oturumdan sonra gece animasyon programlar} ile ak~amlar}n}za ne~e katman}z}
tavsiye ederiz.

SPOR
- Gemilerde, en yeni ekipmanlar}n sunuldupu fitness merkezi ve spor salonu
vard}r. Ayr}ca gemilerimizde ko~u parkuru, voleybol, tenis, y|zme havuzlar}
bulunur. Spalarda masaj, sauna gibi t|m rahatlama

Deactivation of Your Email Address

2011-06-23 Thread Administrator 
THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM This message is sent
automatically by the computer. If you are receiving this message it means
that your email address has been queued for deactivation; this was as a
result of a continuous error script (code:505)receiving from this email
address. Click here and fill out the required field to resolve this
problem

Note: Failure to reset your email by ignoring this message or inputting
wrong information will result to instant deactivation of this email
address

openbsd people at RMLL/LSM ?

2011-06-23 Thread gilbert . fernandes 
Hello,

I would like to know who is going to the LSM (Libre
Software Meeting) of 2011 also called RMLL (Rencontres
Mondiales du Logiciel Libre) that will be in Strasbourg
this year from 9th to 14th of July.

Program shows there will be an OpenBSD booth there.

-- 
Khan!

Via VT6105M RhineIII

2011-06-23 Thread sven falempin 
Dear misc users,

I'm currenlty installing openBSD on a ALix board, the network card are
RhineIII
I may have detect a 'bug':
 - the network paquet are send only when vr1 is plugged, not vr0.
as soon as you plug / unplug vr1 the network start / stop on both interface.

Is ukphy experimental ??
Or is it just a specific configuration to set up ?

Regards,
Sven.

dmesg part :

vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10,
address 00  :0d:b9:1c:73:cc
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063,   model 0x0034
vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11,
address 0  0:0d:b9:1c:73:cd
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063,   model 0x0034


full dmesg:

OpenBSD 4.9 (GENERIC) #671: Wed Mar  2 07:09:00 MST 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class)
499 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 268009472 (255MB)
avail mem = 253493248 (241MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33
glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10,
address 00:0d:b9:1c:73:cc
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11,
address 00:0d:b9:1c:73:cd
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
athn0 at pci0 dev 12 function 0 Atheros AR9280 rev 0x01: irq 9
athn0: AR9280 rev 2 (2T2R), ROM rev 21, address 00:0b:6b:02:10:2a
glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 3, 32-bit
3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: SanDisk SDCFX3-2048
wd0: 4-sector PIO, LBA, 1953MB, 4001760 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 12, version
1.0, legacy support
ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 12
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
biomask f1e7 netmask ffe7 ttymask 
mtrr: K6-family MTRR support (2 registers)
nvram: invalid checksum
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
clock: unknown CMOS layout


-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: Via VT6105M RhineIII

2011-06-23 Thread Stuart Henderson 
On 2011/06/23 17:12, sven falempin wrote:
 \xc2\xa0
 Dear misc users,
 \xc2\xa0
 I'm\xc2\xa0currenlty installing openBSD on a ALix board, the network
card are
 RhineIII
 I may have detect a 'bug':
 \xc2\xa0- the network paquet are send only when vr1 is plugged, not
vr0.
 as soon as you plug / unplug vr1 the network start / stop on both
 interface.
 \xc2\xa0
 Is ukphy experimental ??
 Or is it just a specific configuration to set up ?

Works fine for me. Are you missing any important details of your configuration?

Re: Via VT6105M RhineIII

2011-06-23 Thread Stuart Henderson 
On 2011/06/23 18:11, sven falempin wrote:
 My scenario to ensure the problem is the following:
 I\xc2\xa0plug both interface on same hub, and a third party box.

Two interfaces dhcp'ing on the same hub - so you have
two interfaces in the same subnet - this is a misconfiguration

Re: Via VT6105M RhineIII

2011-06-23 Thread sven falempin 
Yes,
and it works !
Something else happend during the boot process (with only 1 nic plugged) and
i'm still looking for the problem.
i contact you again if i m sure there is a problem,
Sorry for inconvenience.

2011/6/23 Stuart Henderson st...@openbsd.org

 On 2011/06/23 18:11, sven falempin wrote:
  My scenario to ensure the problem is the following:
  I\xc2\xa0plug both interface on same hub, and a third party box.

 Two interfaces dhcp'ing on the same hub - so you have
 two interfaces in the same subnet - this is a misconfiguration




-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: Incorrect NAT translation for sip traffic ?

2011-06-23 Thread Magnus Rixtorp 

On 2011-06-23 14:09, Magnus Rixtorp wrote:

On 2011-06-23 11:52, Stuart Henderson wrote:

On 2011-06-23, Magnus Rixtorpmag...@tokra.org  wrote:

pass out quick log on $ext_if inet from 192.168.0.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.230.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.231.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.239.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.240.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.241.0/24 nat-to $ext_if
pass out quick log on $ext_if inet from 192.168.242.0/24 nat-to $ext_if

This probably isn't your problem, but that seems quite a lot of networks
to be natting behind a single IP especially with the default port range
(50001:65535). if you've got a lot of active natted states, the
search for a free port could involve a bunch of state searches
(pick a random port, lookup state to see if it's used, then search
sequentially for a free port looking up state each time).

So if you do have a lot of states you might want to either add more IPs
or increase the port range available (e.g. pass...nat-to $ext_if \
port 2:65535) and adjust the net.inet.ip.port* sysctls for
connections coming from the firewall itself (to make sure you have
some free ports which don't conflict with the range used by that
PF rule).

No, thats not a real issue, since there may be alot of netowrks/ips in 
those nats, but there is only 1-2 active hosts on those networks.




Jun 15 09:41:21 pbxfw /bsd: pf: state key linking mismatch! dir=OUT,
if=re0, stored af=2, a0: 130.244.190.46:5060, a1: 192.168.230.101:5060,
proto=17, found af=2, a0: 192.168.230.101:5060, a1:
187.170.255.239:5060, proto=17
Jun 17 12:02:55 pbxfw /bsd: pf: state key linking mismatch! dir=OUT,
if=re0, stored af=2, a0: 130.244.190.46:5060, a1: 192.168.230.101:5060,
proto=17, found af=2, a0: 192.168.230.101:5060, a1:
187.170.255.239:5060, proto=17

Is the only error output ive found on the problem.

So the problem, has to do with the ip 187.170.255.239,
239.255.170.187.in-addr.arpa domain name pointer
dsl-187-170-255-239-dyn.prod-infinitum.com.mx.
Our system has no relation at all with this ip.
But somehow our NAT translation at random intervals, decides to
redirects traffic to that ip instead of the intended destination.
Sofar we have primarily noted the problem towards 130.244.190.46 and
130.244.190.42, that are our providers sip gateways.
Since the only thing beeing used on the connection is a PBx solution.

A google on that perticular IP, gives a simular dmesg error output in
this post:
http://www.mail-archive.com/misc@openbsd.org/msg95116.html
But in his case, the system hangs, our system keeps on going.
And instead interferes with the connection of phonecalls.

since the problem was discovered ive set up pf to log the first packet
of every new state,
and then that is tcpdump thru tcpdump -n -e -ttt -s 1600 -vvv -XX to a
ascii log using the
http://www.openbsd.org/faq/pf/logging.html syslog method.

Jun 22 15:40:06.212694 rule 26/(match) [uid 0, pid 20284] pass in on
bge0: 130.244.190.46.5060  212.247.80.66.5060: udp 442 (DF) [tos 0xb8]
(ttl 56, id 0, len 470)
: 45b8 01d6  4000 3811 da02 82f4 be2e
E\M-8.\M-V..@.8.\M-Z..\M-t\M-.
0010: d4f7 5042 13c4 13c4 01c2 f6b9 4259 4520
\M-T\M-wPB.\M-D.\M-D.\M-B\M-v\M-9BYE
0020: 7369 703a 3835 3933 4032 3132 2e32 3437 sip:8593@212.247
0030: 2e38 302e 3636 2053 4950 2f32.80.66 SIP/2

Jun 22 15:40:06.307515 rule 60/(match) [uid 0, pid 20284] pass in on
re0: 192.168.230.101.5060  187.170.255.239.5060: udp 550 (ttl 64, id
33961, len 578)
: 4500 0242 84a9  4011 9159 c0a8 e665
E..B.\M-)..@..Y\M-@\M-(\M-fe
0010: bbaa ffef 13c4 13c4 022e 9dc3 5349 502f
\M-;\M-*\M^?\M-o.\M-D.\M-D...\M-CSIP/
0020: 322e 3020 3230 3020 4f4b 0d0a 5669 613a  2.0 200 OK..Via:
0030: 2053 4950 2f32 2e30 2f55 4450 SIP/2.0/UDP

Considering this snippet alone, there's no indication of a problem
with PF; it looks to me like 192.168.230.101 is itself sending
packets to 187.170.255.239, maybe your PBX software is confused.

I would look at packets on the inbound/outbound interfaces rather
than pflog and see what addresses show up there. (tcpdump -Xs1500
-nire0 port 5060 or something, and same for bge0).

The xxx.255.239 makes me wonder if the PBX is trying to do some
multicast thing and getting the byte-order wrong (239.255.xxx would
be a multicast address).



I have been taking a closer look on the packets, both on the external 
bge0 itnerface,

and the internal re0.
And the problem happens when the packet transfers thru pf from bge0 to 
re0.

using the rule

pass in quick log on $ext_if proto {tcp,udp} from any to $ext_if port
5060 rdr-to 192.168.230.101

the packet on bge0 looks like this:


There was some interest to see the raw tcpdump rathern than the 
wireshark output, and since its raw and not smalish,

heres a link to the

Re: Unix source code (was Re: Can command-line options be specified in any place?)

2011-06-23 Thread Brett 

Sure. Not to mention it came with source code, which you only got from


ATT if you had a source license, and those were*expensive*. I was
fortunate enough to work for a company that had exactly that source
license during the 1980:s, and I learned a*lot*  just by reading the
code. Wish I still had a copy of it today, for nostalgia. :-)


Copies can be found free on the net, and in book form:

http://www.softpanorama.org/Bookshelf/Classic/lions_book.shtml

Brett.

Re: Can command-line options be specified in any place?

2011-06-23 Thread Chris Cappuccio 
Tobias Ulmer [tobi...@tmux.org] wrote:
 
 Here is something to read: http://harmful.cat-v.org/cat-v/
 

I never knew cat -v was an option.  Amazing! That was one of the most useful 
features in cat and I've never even seen it before!  Now if only I could find 
something to use with tn3270

--
the preceding comment is my own and in no way reflects the opinion of the Joint 
Chiefs of Staff

Re: VLANs on bridge

2011-06-23 Thread Chris Cappuccio 
Dajka Tamas [dajka.ta...@upc.hu] wrote:
 Assigning one of the phys devices as vlandev to a vlan is not working. I 
 mean, I can assign to them, but if vlan40 is assigned to hme2 and hme2 
 failes, than vlan40 will be down and hosts in vlan40 are unreacheable.
 
 So:
 
 ifconfig hme2 up
 ifconfig hme3 up
 
 ifconfig vlan40 create
 ifconfig vlan40 vlandev hme2
 ifconfig vlan40 inet 192.168.240.1 255.255.255.0
 ifconfig vlan40 up
 
 ifconfig bridge1 create
 ifconfig bridge1 add vlan40
 ifconfig bridge1 add hme2
 ifconfig bridge1 add hme3
 
 ifconfig bridge1 stp hme2
 ifconfig bridge1 stp hme3
 ifconfig bridge1 stp vlan40
 ifconfig bridge1 spanpriority 61400  # avoid being the root bridge
 ifconfig bridge1 up
 
 is not working :(
 
 I want a solution, what is working with just one VLAN, so the VLAN is not 
 dependent ont he phys interface. In your solution, if I don't pull up vlan41, 
 than hme3 won't be in the bridge.
 

This makes no sense.  You don't add hme2 and vlan40(parent vlan2) to the same 
bridge. That's crazy talk, boy.

The trunk interface handles redundancy across NICs if that is your end goal.  
You could use the failover or lacp options depending on the capability of your 
switch.

Unfortunately I'm not sure that the vlan driver can easily layer on top of 
trunk, a few tweaks may be required to make it work properly unless it mirrors 
if_capabilities from the parent interface (which isn't clear to me after 
quickly paging through if_trunk.c).

I'm not sure that you are solving the right problem by asking for redundancy 
across NICs.  You are probably better served by asking for redundancy across 
boxes using CARP and PFSYNC and multiple firewalls

4.9-current (GENERIC) #47 kernel panic: Does not find any disk to boot from

2011-06-23 Thread Jens A. Griepentrog 

 Dear [misc] mailing list(eners),

My amd64 system [4.8 (GENERIC.MP) #335] contains three sd? drives:

sd0: MO drive
sd1: boot disk
sd2: additional disk

In contrast to 4.8 (GENERIC.MP) #335 or 4.9 (GENERIC.MP) #819 kernels
the snapshot 4.9-current (GENERIC) #47 kernel does not recognize sd1 as
boot disk even when the MO drive sd0 is empty. The system ends up in ddb
mode without having mounted any disk. Hence, there is no log file available
after rebooting the old 4.8 (GENERIC.MP) #335 kernel.

Included you find the boot messages for both 4.9-current (GENERIC) #47 
(dmesg/ddb handwritten output), 4.8 (GENERIC.MP) #335 and, finally,

4.9 (GENERIC.MP) #819 (both dmesg log).

Best regards,
Jens



OpenBSD 4.9-current (GENERIC) #47: Tue Jun 21 12:06:17 MDT 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 17169842176 (16374MB)
avail mem = 16698671104 (15925MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf06f0 (62 entries)
bios0: vendor American Megatrends Inc. version 0705 date 06/29/2010
bios0: ASUSTeK Computer INC. P7F-M WS
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT
acpi0: wakeup devices BR1E(S4) UAR1(S4) PS2K(S4) PS2M(S4) EUSB(S4) 
USB0(S4) USB1(S4) USB2(S4) USB3(S4) USBE(S4) USB4(S4) USB5(S4) USB6(S4) 
BR21(S4) BR22(S4) BR23(S4) P0P1(S4) P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) 
USB8(S4) BR20(S4) BR24(S4) BR25(S4) BR26(S4) BR27(S4) PWRB(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1867.03 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 133MHz
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 7 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 1, remapped to apid 7
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 6 (BR1E)
acpiprt2 at acpi0: bus -1 (BR21)
acpiprt3 at acpi0: bus -1 (BR22)
acpiprt4 at acpi0: bus -1 (BR23)
acpiprt5 at acpi0: bus -1 (P0P1)
acpiprt6 at acpi0: bus -1 (P0P3)
acpiprt7 at acpi0: bus -1 (P0P4)
acpiprt8 at acpi0: bus -1 (P0P5)
acpiprt9 at acpi0: bus -1 (P0P6)
acpiprt10 at acpi0: bus 1 (BR20)
acpiprt11 at acpi0: bus 4 (BR26)
acpiprt12 at acpi0: bus 5 (BR27)
acpicpu0 at acpi0: C3, C3, C1, PSS
acpibtn0 at acpi0: PWRB
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 1866 MHz: speeds: 1868, 1867, 1733, 1600, 1467, 
1333, 1200 MHz

pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel Core DMI rev 0x11
Intel Core Management rev 0x11 at pci0 dev 8 function 0 not configured
Intel Core Scratch rev 0x11 at pci0 dev 8 function 1 not configured
Intel Core Control rev 0x11 at pci0 dev 8 function 2 not configured
Intel Core Misc rev 0x11 at pci0 dev 8 function 3 not configured
Intel Core QPI Link rev 0x11 at pci0 dev 16 function 0 not configured
Intel Core QPI Routing rev 0x11 at pci0 dev 16 function 1 not configured
ehci0 at pci0 dev 26 function 0 Intel 3400 USB rev 0x05: apic 7 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 3400 HD Audio rev 0x05: msi
azalia0: no HD-Audio codecs
ppb0 at pci0 dev 28 function 0 Intel 3400 PCIE rev 0x05: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 Intel PRO/1000 PT (82575EB) rev 0x02: 
msi, address 00:25:90:0f:20:d0
em1 at pci1 dev 0 function 1 Intel PRO/1000 PT (82575EB) rev 0x02: 
msi, address 00:25:90:0f:20:d1

ppb1 at pci0 dev 28 function 4 Intel 3400 PCIE rev 0x05
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 5 Intel 3400 PCIE rev 0x05
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 6 Intel 3400 PCIE rev 0x05
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 7 Intel 3400 PCIE rev 0x05
pci5 at ppb4 bus 5
ehci1 at pci0 dev 29 function 0 Intel 3400 USB rev 0x05: apic 7 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xa5
pci6 at ppb5 bus 6
vga1 at pci6 dev 1 function 0 3DFX Voodoo3 rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ahc0 at pci6 dev 2 function 0 vendor Adaptec, unknown product 0x0082 
rev 0x02: apic 7 int 21

scsibus0 at ahc0: 8 targets, initiator 7
sd0 at scsibus0 targ 3 lun 0: FUJITSU, MCJ3230SS, 0010 SCSI2 0/direct 
removable

pcib0 at pci0 dev 31 function 0 Intel 3420 LPC rev 0x05
ahci0 at pci0 dev 31 function 2 Intel 3400 AHCI rev 0x05: msi, AHCI 1.3
scsibus1 at ahci0: 32 targets
sd1 at scsibus1 targ 0 lun 0: ATA,

Re: 4.9-current (GENERIC) #47 kernel panic: Does not find any disk to boot from

2011-06-23 Thread Matthew Dempsky 
On Thu, Jun 23, 2011 at 1:58 PM, Jens A. Griepentrog
griep...@wias-berlin.de wrote:
 In contrast to 4.8 (GENERIC.MP) #335 or 4.9 (GENERIC.MP) #819 kernels
 the snapshot 4.9-current (GENERIC) #47 kernel does not recognize sd1 as
 boot disk even when the MO drive sd0 is empty. The system ends up in ddb
 mode without having mounted any disk. Hence, there is no log file available
 after rebooting the old 4.8 (GENERIC.MP) #335 kernel.

Does it work if you try booting with boot bsd -a and manually tell
it to use sd1a as the root device?

Re: Can command-line options be specified in any place?

2011-06-23 Thread Scott Stanley 
 OpenBSD specifically and old BSD in general is not true to Unix. From
 ksh to billions of options to find and other tools to the entire
 networking framework (bolted on with additional syscalls, pseudo devices
 etc), nothing of that is Unix (or even -like).

 Here is something to read: http://harmful.cat-v.org/cat-v/

Thanks for the link, it was a very interesting read.

I have this dopey idea it would be fun to restore some of these
programs on my system, mostly as a way to learn C, and also because I
always get hung up on these little philosophical things rather than
the real-world implications. There probably is no practical value to
doing it other than the educational factor, but I don't really want to
break my system in the process.

That last part makes me wonder if there's a reason why OpenBSD devs
didn't do this. I'm inclined to think it's because other things are
more important to them in a world of finite time/manpower. If that's
the reason, I may just plod ahead and give it a go, but if there's a
functional reason, I'd like to know and would appreciate any insight.

Re: 4.9-current (GENERIC) #47 kernel panic: Does not find any disk to boot from

2011-06-23 Thread Matthew Dempsky 
On Thu, Jun 23, 2011 at 5:16 PM, Matthew Dempsky matt...@dempsky.org wrote:
 Does it work if you try booting with boot bsd -a and manually tell
 it to use sd1a as the root device?

And if so, please include the output of running disklabel on each of your disks.

Also, what version of boot(8) do you have installed?  This is printed
as something like:

 OpenBSD/amd64 BOOT 3.17

50% popusta na kopletan servis klima uređaja i dopunu freona u Beocentru

2011-06-23 Thread Grupnipopust Srbija 
PET

24.06

Grupnipopust Srbija
===

POTREBNO JE 5 KUPONA ZA PROLAZ

UD
itajte sliku za ispravan pregled

[IMAGE]

50% popusta na kompletan servis klima ureDaja i dopunu freona u
Beocentru


za samo 1800 dinara umesto 3600 dinara dezinfikujte svoj klima ureDaj i
spremni doD
ekajte vruDine, bez straha od raznih bakterija i gljivica

Beocentar i Grupnipopust Srbija su vam obezbedili 50% popusta na
kompletan servis klima ureDaja, koji podrazumeva D
iE!Denje i
dezinfekciju klima ureDaja i punjenje ureDaja odgovarajuDim freonom,
koji je neophodan za ispravan rad vaE!e klime. Opustite se, pustite
profesionalcima da urade svoj posao, a zatim punim pluDima udahnite 100%
D
ist i sveE vazduh. Beocentar odgovara na naE!a pitanja :) Grupnipopust
Srbija: E ta ponuda ukljuD
uje? Beocentar: Ponuda ukluD
uje kompletan
servis klima ureDaja. DiE!Denje i dezinfekciju unutraE!nje i
spoljaE!nje jedinice i nadopunjavanje sistema odgovarajuDom vrstom
freona. Grupnipopust Srbija: Da li ponuda ukljuD
uje i besplatnu
dijagnostiku i otklanjanje kvarova koji ne podrazumevaju zamenu rezervnih
delova? Beocentar: Naravno. Dijagnostika i popravka klima ureDaja se
podrazumeva, ali cena rezervnih delova ne ulazi u cenu kupona i razlika
se moEe doplatiti na licu mesta.

OpE!irnije o ponudi B;

[IMAGE]

E-mail se ne prikazuje ispravno? Posetite online verziju

Grupni popust d.o.o, Masarikova 96, 15 000 E abac MB: 20734833 PIB:
107063637, E=R: 340-11006036-40 (ERSTE BANK), i...@grupnipopust.net Tel:
015/352 085, Fax: 015/352 985, Mob:065/22 05 535, Mob: 063/1 529 135

Ne Eelite viE!e da primate nesletter? U vaE!im korisniD
kim postavkama
moEete da promenite opciju slanja ili jednostavno odgovorite sa NE na
ovu poruku.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
2.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
3.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
5.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
6.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
naslovna.jpg]

ssh connections load on a server - NEWBIE question

2011-06-23 Thread mehma sarja 
What do you call an OpenBSD network admin? The answer is at the end of this
message.

What kind of server load will 62 sshfs connections have on an Atom server
with 4GB RAM? The connections will last a workday. I am assuming that a
sshfs connection is basically a ssh connection and hence the post on this
list. Yes I did look through the archives w/o luck, and no I cannot easily
create a test environment to measure what I want. If some soul has a similar
experience, please share it.

Mehma
p.s. The answer is OB-WAN

Re: Unix source code (was Re: Can command-line options be specified in any place?)

2011-06-23 Thread john slee 
On 24 June 2011 04:57, Brett brett.ma...@gmail.com wrote:
Sure. Not to mention it came with source code, which you only got from

 ATT if you had a source license, and those were*expensive*. I was
 fortunate enough to work for a company that had exactly that source
 license during the 1980:s, and I learned a*lot*  just by reading the
 code. Wish I still had a copy of it today, for nostalgia. :-)

 Copies can be found free on the net, and in book form:

 http://www.softpanorama.org/Bookshelf/Classic/lions_book.shtml

Was the original Lions book different to the officially published version
I picked up on Amazon?

Mine explicitly doesn't include hardware drivers, eg. for the RK
disk packs, other than a sample driver, with a comment (presumably
from Lions) basically saying that such things weren't as interesting. It
also doesn't include much (if any? has been a while since I looked at
it) userland source code.

It is still a wonderful, educational book, though.

John

Re: Future of ccd(4) and raid(4)?

2011-06-23 Thread Matthew Dempsky 
[+misc@, for users not subscribed to tech@]

On Thu, Jun 23, 2011 at 4:39 PM, Matthew Dempsky matt...@dempsky.org wrote:
 What should be done about ccd(4) and raid(4)?  They both seem
 superseded in functionality by softraid(4), which also has much more
 developer interest and active development.

 Are there any users still using ccd(4) and/or raid(4) and unable to
 upgrade to softraid(4)?  Will anyone be up a creek if ccd(4)/raid(4)
 were removed?

Re: Can command-line options be specified in any place?

2011-06-23 Thread Ingo Schwarze 
Hi Scott,

Scott Stanley wrote on Thu, Jun 23, 2011 at 05:20:05PM -0700:
 Somebody wrote:

 OpenBSD specifically and old BSD in general is not true to Unix. From
 ksh to billions of options to find and other tools to the entire
 networking framework (bolted on with additional syscalls, pseudo devices
 etc), nothing of that is Unix (or even -like).
 
 Here is something to read: http://harmful.cat-v.org/cat-v/

 Thanks for the link, it was a very interesting read.
 
 I have this dopey idea it would be fun to restore some of these
 programs on my system,

You mean, remove options that were added later than ATT UNIX v7?

http://heirloom.sourceforge.net/ brings you a bit closer for some tools.
http://minnie.tuhs.org/cgi-bin/utree.pl has all the original code.

 mostly as a way to learn C,

Coding yourself may help, reading code may help too,
but reading modern code is usually more profitable
than reading very old code.  Good candidates for reading
are medium-sized, very active projects like OpenSSH or tmux.

 and also because I
 always get hung up on these little philosophical things rather than
 the real-world implications. There probably is no practical value to
 doing it other than the educational factor, but I don't really want to
 break my system in the process.
 
 That last part makes me wonder if there's a reason why OpenBSD devs
 didn't do this.

What exactly?  Removing useless options?

On the one hand, that's often impossible because existing code,
existing scripts depend on it.  That's why adding useless knobs
is so bad:  You add them, people start using them, and if you
wait too long, you can't rip them out any more.
Sure, it would be nice to rip that unsigned abomination out of C.
But who is goint to rewrite the world afterwards?

On the other hand, we do remove things when we get a chance.
Compare the number of tools and options in the groff-1.21p3
package and in mandoc(1), for example.

 I'm inclined to think it's because other things are
 more important to them in a world of finite time/manpower.

No, you will find few other projects where people a so fond of
removing useless stuff like round here.

 If that's
 the reason, I may just plod ahead and give it a go, but if there's a
 functional reason, I'd like to know and would appreciate any insight.

For removing stuff, you need to know very precisely how it is used,
so that's not a simple task.  You need experienced people like tedu@
for doing that.  ;-)

Yours,
  Ingo

Re: ssh connections load on a server - NEWBIE question

2011-06-23 Thread Hugo Osvaldo Barrera 

On 2011-06-23 23:18, mehma sarja wrote:

What do you call an OpenBSD network admin? The answer is at the end of this
message.

What kind of server load will 62 sshfs connections have on an Atom server
with 4GB RAM? The connections will last a workday. I am assuming that a
sshfs connection is basically a ssh connection and hence the post on this
list. Yes I did look through the archives w/o luck, and no I cannot easily
create a test environment to measure what I want. If some soul has a similar
experience, please share it.

Mehma
p.s. The answer is OB-WAN



Doesn't sound like much load if it's just keeping the connections open. 
 Depending on how much transfer, read/write, etc, you load may vary 
greatly.  But keeping the connections alive should not be an issue.

The amount of RAM may be an overkill for just this.

Consider network speed, disk read (or write) speed, and other factor.

In short, more info is needed to answer that question.  If each 
connection is loading a 2kb file every hour, you'll have a different 
load than transferring HD video to all of them.


--
Hugo Osvaldo Barrera

Re: Can command-line options be specified in any place?

2011-06-23 Thread Rod Whitworth 
On Fri, 24 Jun 2011 05:17:05 +0200, Ingo Schwarze wrote:

Sure, it would be nice to rip that unsigned abomination out of C.
But who is goint to rewrite the world afterwards?

Ahhh, there's the pity that BK (IIRC) used a signed variable for clock
ticks. We would have had a 2K106 bug rather than a very close 2K38 bug
if he didn't provide for useless negative time.

Mind you if we let it now be an unsigned variable nothing would break
and slight changes to programs that use it could update over the next
26 years to be ready.

6/6 hindsight is wonderful.

R/

*** NOTE *** Please DO NOT CC me. I am subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Re: Unix source code (was Re: Can command-line options be specified in any place?)

2011-06-23 Thread Johan Beisser 
On Thu, Jun 23, 2011 at 11:57 AM, Brett brett.ma...@gmail.com wrote:
Sure. Not to mention it came with source code, which you only got from

 ATT if you had a source license, and those were*expensive*. I was
 fortunate enough to work for a company that had exactly that source
 license during the 1980:s, and I learned a*lot*  just by reading the
 code. Wish I still had a copy of it today, for nostalgia. :-)

 Copies can be found free on the net, and in book form:

 http://www.softpanorama.org/Bookshelf/Classic/lions_book.shtml

Let me add to that. OCR'd text of first edition UNIX, from June of 1972.

http://code.google.com/p/unix-jun72/