Re: AES/3DES problem with isakmpd and IPSec
Hi Stuart, you are right, and i was tired :p, i haven't seen the source was wrong in tcpdump. In fact, the negotiation uses WAN src ip instead of LAN src ip. I forced src with local A.B.C.D and then, it works ! Thanks for your advice, i need to clean my eyes ^^ Have a nice day -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le vendredi 01 mars 2013 à 19:34 +, Stuart Henderson a écrit : On 2013/03/01 20:16, Loïc BLOT wrote: Thanks for the reply Stuart, but: - It's a test network, with an offline switch - only the two routers are on the switch, with the good VLAN connected by one LACP trunk (for each device) - isakmp negotation is from the expected hosts - the certificate are default certificates, generated by OpenBSD What's wrong ? I think it's another problem, but the configuration is trivial. Two monthes before i tested it with under two KVM hosts and i haven't this problem. Now with servers i have this problem, and many guys have this problem but nobody have an answer. Someone know how can i switch to AES instead of 3DES ? Thanks for advance Your ipsec.conf lines are already setup for AES, to see the isakmpd config sections used, try this: echo 'ike esp transport from 10.0.0.1 to 10.0.0.2' | ipsecctl -nvf - The fact that the log shows it expecting 3DES means that the connection attempt isn't matching any of the configuration sections which ipsecctl added to isakmpd, so isakmpd falls back to its built-in default (3DES-SHA-RSA_SIG) and fails because the other side *is* using AES. Mismatching IP addresses is usually the most common reason on multihomed hosts but there are other possibilities. Sometimes it helps to tcpdump -vvs1500 -nienc0, sometimes it helps to use isakmpd -L to generate a decrypted /var/run/isakmpd.pcap file and examining that with tcpdump -r..but whatever the cause, the 3DES thing means it is not using your configuration section.
Re: OpenBGP Issues. :-(
Alex Mathiasen(a...@mira.dk) on 2013.02.28 14:51:25 +0100: Dear recipients, I have been using OpenBGP for a while with OpenBSD - And I am very satisfied with the performance and amazed by the ease of configuration. My BGPD is configured against a Danish ISP called TDC - And we were previously configured to receive a full routing table. However a few months ago I ran into an issue where my BGPD stopped working properly. Was this in November by any chance? [ Alex Mathiasen ] Yes, it was at 29.11.2012. Happened in the middle of the night.. :-( It appeared the BGPD kept receiving the routing tables, and then start all over. Looking into the log files, it appeared BGPD received a certain route in the routing table, and then grumbled about the prefix, apparently for some reason the result was BGPD kept reloading when it reached this route. The result was of course my network was down. As TDC (My ISP) couldn't resolve which route that caused this issue (They told me: That's what happened when you use third party software, so no help there...), we agreed that my connection would be set to Default candidate, instead of receiving a full routing table. So now I have configured a static route to forward all my traffic to this route. However this is not the result I wanted, as I am about to have one more connection, so I have 2 connections outbound. But the automatic failover switch / load balancing won't work, as long as I have my static route. This is why I want to go back to receiving a full routing table. Is there any way of configuring BGPD to ignore a specific route in case of corrupted prefix, so this won't happened again? No there is not such a feature, and the bgp protocol mandates session teardown in certain cases anyway. Your report lacks a few details, please send with dmesg next time. And your bgpd.conf is not valid. [ Alex Mathiasen ] I do apologize for the lack of information, I was unable to find my logfile from that date, and was unable to provide with more information. My guess is that your problem is fixed by the patch available on http://www.openbsd.org/errata52.html [ Alex Mathiasen ] It would appear this is the patch I need to resolve this issue. So I will try to apply this patch, thank you! You could also update to -current. /Benno
Re: Panic at pmap_remove_ptes, 5.2/i386
On 01/05/13 16:19, Marcin wrote: Hello, I have been running machine with ddb.panic=1 and ddb.console=1 in hope I will be able to provide more info after next crash. Unfortunately, when it crashed today the kernel went to ddb but it was not responding - it did not show what I typed and even when I tried to type show panic and press enter nothing happened. I would have tried cltr-alt-esc shortcut had the kvm would not disconnect me.. Anyway, this time it printed (I could only take a screenshot, hence I am transcribing it): uvm_fault(0xd0a11920, 0xffcb1000, 0, 3) - e kernel: page fault trap, code =0 Stopped at pmap_remove_ptes+0x89: xchgl %ebx,0(%eax) Not sure if this is of any use. Cheers, Marcin Don't yet have any information that I can supply other than this same panic error message, as I don't get at any response at the ddb prompt either, but thought I'd mention that I am also seeing this kernel panic every few days on a 5.2/i386 pf/carp setup. Will try to setup a serial console to log ddb output and/or supply a crash dump next time there's a crash. Han
Re: 802.11n on obsd
On 2013-03-03, Sean Shoufu Luo luosho...@gmail.com wrote: Hi, Does OBSD support real 802.11n? It seems not. Although many 802.11n devices are claimed supported, 802.11n capability is mostly not excluded, like run(4), otus(4), urtwn(4). No. It's not specific to a particular driver, there is no support in the ieee80211(9) layer yet. And, btw, how to find the official status page, for example, about supported hardward, the list provided in the page http://openbsd.org/i386.html seems not updated. You are right, this list is out of date and doesn't even list some supported drivers (e.g. ahci), let alone devices. I don't think we can hope to maintain a full list of particular hardware models here (the driver manpages are probably the best place for these), but we should at least list all the drivers. I would welcome a diff to add any missing drivers present in GENERIC, and possibly also remove some of the particular hardware models in favour of a note suggesting that people follow the links to driver manpages for more information. Most if not all changes made to i386 would also apply to amd64 and maybe some other arch.
Re: Serial and parallel port detection
Le 2013-03-04 01:49, Theo de Raadt a écrit : For use in the GUI of an application, I need to have a list of detected serial and parallel ports. This list is used to fill a combo box where the user select the port to use (example: in Windows, it would be a list with COM1,COM2, etc. On OpenBSD, how can we retrieve the detected serial and parallel ports? There is no clean machine-independent way. You could perhaps do something like use the output of pstat -t, but remove the console and pseudo-ttys, and you would probably be OK. The console devices will be somewhat machine dependent, but the pseudo-ttys are easy to spot. Is it possible to do this in C? Also, what are the name of the serial devices? Is serial port via bluetooth or IrDA supported? Is serial port redirection possible? JP
Re: Serial and parallel port detection
2013/3/4 Jacques Pelletier jpellet...@ieee.org: Le 2013-03-04 01:49, Theo de Raadt a écrit : For use in the GUI of an application, I need to have a list of detected serial and parallel ports. This list is used to fill a combo box where the user select the port to use (example: in Windows, it would be a list with COM1,COM2, etc. On OpenBSD, how can we retrieve the detected serial and parallel ports? There is no clean machine-independent way. You could perhaps do something like use the output of pstat -t, but remove the console and pseudo-ttys, and you would probably be OK. The console devices will be somewhat machine dependent, but the pseudo-ttys are easy to spot. Is it possible to do this in C? Since pstat is written in C, the answer most obviously would be yes Also, what are the name of the serial devices? Differs on different platforms and type of devices. USB-serials wont be named as onboard serial ports and so on. -- May the most significant bit of your life be positive.
Re: Get total size of all files in directory using unit Bytes?
Great one!
How to put that nice expression into an alias without console complaining
when executed?
# ls -l | awk '{ SUM += $5 } END { print SUM }'
569047
# alias tot=ls -l | awk '{ SUM += $5 } END { print SUM }'
# tot
awk: syntax error at source line 1
context is
{ SUM +=}
awk: illegal statement at source line 1
Btw, for higher readability, it would also be great to put periods in the
resulting output like: 1.264.691
Thanks :)
On Sun, Mar 3, 2013 at 11:16 PM, Ted Unangst t...@tedunangst.com wrote:
On Sun, Mar 03, 2013 at 22:02, Paul de Weerd wrote:
[weerd@despair] $ ls -l /tmp/test/* | awk '{SUM+=$5} END {print SUM}'
heh. :)
~/bin cat filesizes
#!/bin/sh
ls -l $@ | awk '{sum += $5} END { print sum }'
Re: Get total size of all files in directory using unit Bytes?
On Mon, Mar 04, 2013 at 12:32:32PM +0100, Paolo Aglialoro wrote: Great one! How to put that nice expression into an alias without console complaining when executed? A shell function instead of an alias? jirib
Re: Get total size of all files in directory using unit Bytes?
On Mon, Mar 04, 2013 at 12:32:32PM +0100, Paolo Aglialoro wrote:
| Great one!
| How to put that nice expression into an alias without console complaining
| when executed?
|
|
| # ls -l | awk '{ SUM += $5 } END { print SUM }'
| 569047
|
| # alias tot=ls -l | awk '{ SUM += $5 } END { print SUM }'
| # tot
| awk: syntax error at source line 1
| context is
| { SUM +=}
| awk: illegal statement at source line 1
Escape the $ in the awk expression:
[weerd@despair] $ alias tot=ls -l | awk '{SUM+=\$5} END {print SUM}'
[weerd@despair] $ tot
20
I still wonder why people want to know this (seemingly useless) value.
What does it even mean ?
[weerd@despair] $ mkdir /tmp/test
[weerd@despair] $ cd /tmp/test
[weerd@despair] $ dd if=/dev/zero of=a bs=1024 seek=2048 count=1
1+0 records in
1+0 records out
1024 bytes transferred in 0.000 secs (3413 bytes/sec)
[weerd@despair] $ ln a b
[weerd@despair] $ ls -l
total 128
-rw-r--r-- 2 weerd wheel 2098176 Mar 4 12:49 a
-rw-r--r-- 2 weerd wheel 2098176 Mar 4 12:49 b
[weerd@despair] $ tot
4196352
[weerd@despair] $ du -csh a b
32.0K a
32.0K total
(note the lie ls(1) spreads here)
| Btw, for higher readability, it would also be great to put periods in the
| resulting output like: 1.264.691
Well, that should be easy enough to add yourself :) Left as an
exercise to the reader...
Cheers,
Paul 'WEiRD' de Weerd
| Thanks :)
|
|
| On Sun, Mar 3, 2013 at 11:16 PM, Ted Unangst t...@tedunangst.com wrote:
|
| On Sun, Mar 03, 2013 at 22:02, Paul de Weerd wrote:
| [weerd@despair] $ ls -l /tmp/test/* | awk '{SUM+=$5} END {print SUM}'
|
| heh. :)
|
| ~/bin cat filesizes
| #!/bin/sh
| ls -l $@ | awk '{sum += $5} END { print sum }'
|
--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
http://www.weirdnet.nl/
Re: Get total size of all files in directory using unit Bytes?
On Mon, Mar 04, 2013 at 12:54:49PM +0100, Paul de Weerd wrote:
On Mon, Mar 04, 2013 at 12:32:32PM +0100, Paolo Aglialoro wrote:
| Great one!
| How to put that nice expression into an alias without console complaining
| when executed?
|
|
| # ls -l | awk '{ SUM += $5 } END { print SUM }'
| 569047
|
| # alias tot=ls -l | awk '{ SUM += $5 } END { print SUM }'
| # tot
| awk: syntax error at source line 1
| context is
| { SUM +=}
| awk: illegal statement at source line 1
Escape the $ in the awk expression:
[weerd@despair] $ alias tot=ls -l | awk '{SUM+=\$5} END {print SUM}'
[weerd@despair] $ tot
20
I still wonder why people want to know this (seemingly useless) value.
What does it even mean ?
[weerd@despair] $ mkdir /tmp/test
[weerd@despair] $ cd /tmp/test
[weerd@despair] $ dd if=/dev/zero of=a bs=1024 seek=2048 count=1
1+0 records in
1+0 records out
1024 bytes transferred in 0.000 secs (3413 bytes/sec)
[weerd@despair] $ ln a b
[weerd@despair] $ ls -l
total 128
-rw-r--r-- 2 weerd wheel 2098176 Mar 4 12:49 a
-rw-r--r-- 2 weerd wheel 2098176 Mar 4 12:49 b
[weerd@despair] $ tot
4196352
[weerd@despair] $ du -csh a b
32.0K a
32.0K total
(note the lie ls(1) spreads here)
| Btw, for higher readability, it would also be great to put periods in the
| resulting output like: 1.264.691
Well, that should be easy enough to add yourself :) Left as an
exercise to the reader...
Cheers,
Paul 'WEiRD' de Weerd
But remember, file size and disk usage are two different things,
-Otto
Re: Get total size of all files in directory using unit Bytes?
On Mon, Mar 04, 2013 at 12:57:05PM +0100, Otto Moerbeek wrote:
| On Mon, Mar 04, 2013 at 12:54:49PM +0100, Paul de Weerd wrote:
|
| On Mon, Mar 04, 2013 at 12:32:32PM +0100, Paolo Aglialoro wrote:
| | Great one!
| | How to put that nice expression into an alias without console complaining
| | when executed?
| |
| |
| | # ls -l | awk '{ SUM += $5 } END { print SUM }'
| | 569047
| |
| | # alias tot=ls -l | awk '{ SUM += $5 } END { print SUM }'
| | # tot
| | awk: syntax error at source line 1
| | context is
| | { SUM +=}
| | awk: illegal statement at source line 1
|
| Escape the $ in the awk expression:
|
| [weerd@despair] $ alias tot=ls -l | awk '{SUM+=\$5} END {print SUM}'
| [weerd@despair] $ tot
| 20
|
| I still wonder why people want to know this (seemingly useless) value.
| What does it even mean ?
|
| [weerd@despair] $ mkdir /tmp/test
| [weerd@despair] $ cd /tmp/test
| [weerd@despair] $ dd if=/dev/zero of=a bs=1024 seek=2048 count=1
| 1+0 records in
| 1+0 records out
| 1024 bytes transferred in 0.000 secs (3413 bytes/sec)
| [weerd@despair] $ ln a b
| [weerd@despair] $ ls -l
| total 128
| -rw-r--r-- 2 weerd wheel 2098176 Mar 4 12:49 a
| -rw-r--r-- 2 weerd wheel 2098176 Mar 4 12:49 b
| [weerd@despair] $ tot
| 4196352
| [weerd@despair] $ du -csh a b
| 32.0K a
| 32.0K total
|
|
| (note the lie ls(1) spreads here)
|
| | Btw, for higher readability, it would also be great to put periods in the
| | resulting output like: 1.264.691
|
| Well, that should be easy enough to add yourself :) Left as an
| exercise to the reader...
|
| Cheers,
|
| Paul 'WEiRD' de Weerd
|
| But remember, file size and disk usage are two different things,
Exactly! So what is the point in summing up the sizes of a bunch of
files ? I am 197 cm tall, my house number is 34, my zipcode is 1318,
I have 2 brothers and 1 sister .. sum is 1552. Great, but now what ?
This total value does not correspond to anything tangible (as far as I
can see, at least .. hence me asking). It's no indication of how much
storage space is needed to store these files, it's no indication of
how large an archive would be containing these files, it's of no real
use (again, afaics) except for knowing what the filesize would be of
cat * /tmp/newfile (which would be pointless in most cases I guess).
Why do people care ?
Paul 'WEiRD' de Weerd
--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
http://www.weirdnet.nl/
Upgrading Snapshots and Dual-booting
Hi I've got a machine which is dual-booting Windows 7 and OpenBSD current. I am currently downloading the latest snapshot ready to upgrade but I would like to know if this will affect the dual-boot set up. I put my openbsd.pbr file into Windows and followed the faq guide to get Windows boot manager to provide an option to select OpenBSD which was no problem. Basically, will I have to do that again because i've upgraded my system? On the internet when I was searching for the process initially, some of the sites I looked at implied that it might be necessary to copy the boot stuff again and re-do the steps in Windows. Is this correct? Personally, I would have thought that it wouldn't make a difference, i'm only upgrading the sets and packages afterall. I'd be grateful if someone would be able to confirm before I go ahead and do the upgrade. Cheers, Jamie.
Re: Upgrading Snapshots and Dual-booting
Everytime a new bootblock gets written one needs to repeat the dd stuff, but a normal upgrade usually doesn't make a new bootblock for you. 2013/3/4 James Griffin j...@kontrol.kode5.net: Hi I've got a machine which is dual-booting Windows 7 and OpenBSD current. I am currently downloading the latest snapshot ready to upgrade but I would like to know if this will affect the dual-boot set up. I put my openbsd.pbr file into Windows and followed the faq guide to get Windows boot manager to provide an option to select OpenBSD which was no problem. Basically, will I have to do that again because i've upgraded my system? On the internet when I was searching for the process initially, some of the sites I looked at implied that it might be necessary to copy the boot stuff again and re-do the steps in Windows. Is this correct? Personally, I would have thought that it wouldn't make a difference, i'm only upgrading the sets and packages afterall. I'd be grateful if someone would be able to confirm before I go ahead and do the upgrade. Cheers, Jamie. -- May the most significant bit of your life be positive.
Re: Upgrading Snapshots and Dual-booting
On Mon, Mar 4, 2013 at 7:53 AM, James Griffin j...@kontrol.kode5.net wrote: Hi I've got a machine which is dual-booting Windows 7 and OpenBSD current. I am currently downloading the latest snapshot ready to upgrade but I would like to know if this will affect the dual-boot set up. I put my openbsd.pbr file into Windows and followed the faq guide to get Windows boot manager to provide an option to select OpenBSD which was no problem. Basically, will I have to do that again because i've upgraded my system? On the internet when I was searching for the process initially, some of the sites I looked at implied that it might be necessary to copy the boot stuff again and re-do the steps in Windows. Is this correct? Personally, I would have thought that it wouldn't make a difference, i'm only upgrading the sets and packages afterall. I'd be grateful if someone would be able to confirm before I go ahead and do the upgrade. Cheers, Jamie. I dual boot. As long as both Windows and OpenBSD have been booted multiple times and you used Windows 7 boot manager, it should be fine. Windows may sometimes fiddle with the MBR record, but both don't fiddle with it once the initial setup is completed. Follow the FAQ closely and you are good.
Re: Upgrading Snapshots and Dual-booting
[- Mon 4.Mar'13 at 13:57:50 +0100 Janne Johansson :-] Everytime a new bootblock gets written one needs to repeat the dd stuff, but a normal upgrade usually doesn't make a new bootblock for you. Yeah, that's what I figured. So it should be alright then. Just thought I'd ask as I do upgrade my snapshots a lot and it would be a PITA to have to go through that each time. Cheers, Jamie.
Re: Get total size of all files in directory using unit Bytes?
At 2013-03-04 20:13:46,Paul de Weerd we...@weirdnet.nl wrote:
Exactly! So what is the point in summing up the sizes of a bunch of
files ? I am 197 cm tall, my house number is 34, my zipcode is 1318,
I have 2 brothers and 1 sister .. sum is 1552. Great, but now what ?
This total value does not correspond to anything tangible (as far as I
can see, at least .. hence me asking). It's no indication of how much
storage space is needed to store these files, it's no indication of
how large an archive would be containing these files, it's of no real
use (again, afaics) except for knowing what the filesize would be of
cat * /tmp/newfile (which would be pointless in most cases I guess).
Why do people care ?
Maybe because we come from Windows system.
In Windows, sum files' size by Byte is a simple quick way to check if
thousands of files are
modified/sync/same, although not accurate.
In OpenBSD, Command ls or du can't do this directly.
For example
# pwd
/home/test
# ls -l
total 8
-rw-r--r-- 1 root wheel 2 Mar 3 23:29 a.txt
-rw-r--r-- 1 root wheel 3 Mar 3 23:29 b.txt
# du -sh
6.0K.
# du -s
12 .
# echo a b.txt
# ls -l
total 8
-rw-r--r-- 1 root wheel 2 Mar 3 23:29 a.txt
-rw-r--r-- 1 root wheel 5 Mar 4 21:45 b.txt
# du -sh
6.0K.
# du -s
12 .
You see? ls and du never know this directory's files(withtout subdirectory)
have been changed, but file sizes are changed from 5 to 7, so sum knows and
Tedu's shell script is my friend.
Tedu's filesizes script.
~/bin cat filesizes
#!/bin/sh
ls -l $@ | awk '{sum += $5} END { print sum }'
Would function like this script merge to ls' options or other command to
OpenBSD base?
Re: Get total size of all files in directory using unit Bytes?
On 4 Mar 2013, at 10:02, f5b wrote:
Maybe because we come from Windows system.
In Windows, sum files' size by Byte is a simple quick way to check if
thousands of files are
modified/sync/same, although not accurate.
openssl {md5|sha1|...} *
Re: Get total size of all files in directory using unit Bytes?
On Mon, Mar 04, 2013 at 11:02:47PM +0800, f5b wrote:
At??2013-03-04??20:13:46,Paul??de??Weerd??we...@weirdnet.nl??wrote:
Exactly!So??what??is??the??point??in??summing??up??the??sizes??of??a??bunch??of
files???I??am??197??cm??tall,??my??house??number??is??34,??my??zipcode??is??1318,
I??have??2??brothers??and??1??sister??..??sum??is??1552.Great,??but??now??what???
This??total??value??does??not??correspond??to??anything??tangible??(as??far??as??I
can??see,??at??least??..??hence??me??asking).It's??no??indication??of??how??much
storage??space??is??needed??to??store??these??files,??it's??no??indication??of
how??large??an??archive??would??be??containing??these??files,??it's??of??no??real
use??(again,??afaics)??except??for??knowing??what??the??filesize??would??be??of
cat??*/tmp/newfile??(which??would??be??pointless??in??most??cases??I??guess).
Why??do??people??care???
Maybe because we come from Windows system.
In Windows, sum files' size by Byte is a simple quick way to check if
thousands of files are
modified/sync/same, although not accurate.
You must be kidding, right?
This test both gives false positives and false negatives.
-Otto
In OpenBSD, Command ls or du can't do this directly.
For example
# pwd
/home/test
# ls -l
total 8
-rw-r--r-- 1 root wheel 2 Mar 3 23:29 a.txt
-rw-r--r-- 1 root wheel 3 Mar 3 23:29 b.txt
# du -sh
6.0K.
# du -s
12 .
# echo a b.txt
# ls -l
total 8
-rw-r--r-- 1 root wheel 2 Mar 3 23:29 a.txt
-rw-r--r-- 1 root wheel 5 Mar 4 21:45 b.txt
# du -sh
6.0K.
# du -s
12 .
You see? ls and du never know this directory's files(withtout subdirectory)
have been changed, but file sizes are changed from 5 to 7, so sum knows and
Tedu's shell script is my friend.
Tedu's filesizes script.
~/bin cat filesizes
#!/bin/sh
ls -l $@ | awk '{sum += $5} END { print sum }'
Would function like this script merge to ls' options or other command to
OpenBSD base?
A slight twist on the OpenBSD laptop question
I was about to buy two thinkpads which are often suggested when the OpenBSD laptop question is raised but the 93 in stock have disappeared since saturday, aaargh. There are still core2duos and lesser spec'd systems available which has prompted me to ask the question I had pondered on. Does anyone know what the latest full screen (! widescreen) AMD laptops would be that have excellent compatibility with OpenBSD or if 2Ghz is the highest spec non core 2 duo and non widescreen reliable laptop suitable for OpenBSD available? Thanks, Kc -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: Get total size of all files in directory using unit Bytes?
On Mon, Mar 04, 2013 at 12:54, Paul de Weerd wrote: On Mon, Mar 04, 2013 at 12:32:32PM +0100, Paolo Aglialoro wrote: | Great one! | How to put that nice expression into an alias without console complaining | when executed? I may be an oddball here, but I prefer just making little shell scripts and putting them in ~/bin for stuff like this. Advantages are you can get a little more complicated and when you inevitably need to edit the script later, it automatically updates in every shell without having to re-source .profile. I still wonder why people want to know this (seemingly useless) value. What does it even mean ? I forget now why I made that script, but I did it for a reason. :) I think I was trying to determine which of two directories had more data in it. du is good for telling you how much space you need, but doesn't actually tell you how much stuff you have.
Re: Get total size of all files in directory using unit Bytes?
Or with subdirectories
find . -type f -ls | awk '{sum += $7} END {print sum}'
erratic behaveour of kb and mouse
Current from 14th february, amd64. Node connected to usb switch via usb cable to share kb and mouse with freebsd box. From time to time, only on openbsd, x freezes. It is able to recover manually changing source on the switch. I could see error message in dmesg, saying usb discon- necting usb. Some other time the screen stays available, but in the shell characters are repeated with no end. It once happened even in console mode. OpenBSD 5.3-beta (GENERIC.MP) #36: Sun Feb 17 13:24:31 MST 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1987276800 (1895MB) avail mem = 1911877632 (1823MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb170 (105 entries) bios0: vendor American Megatrends Inc. version V5.2 date 09/16/2011 bios0: MSI MS-7677 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC SSDT MCFG HPET ASF! acpi0: wakeup devices PS2K(S3) PS2M(S3) BR20(S3) EUSB(S4) USBE(S4) PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) PEX6(S4) PEX7(S4) P0P1(S4) P0P2(S4) P0P3(S4) P0P4(S4) SLPB(S0) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU G550 @ 2.60GHz, 2594.50 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Celeron(R) CPU G550 @ 2.60GHz, 2594.11 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC cpu1: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PEX0) acpiprt2 at acpi0: bus 2 (PEX1) acpiprt3 at acpi0: bus -1 (PEX2) acpiprt4 at acpi0: bus -1 (PEX3) acpiprt5 at acpi0: bus -1 (PEX4) acpiprt6 at acpi0: bus -1 (PEX5) acpiprt7 at acpi0: bus -1 (PEX6) acpiprt8 at acpi0: bus -1 (PEX7) acpiprt9 at acpi0: bus -1 (P0P1) acpiprt10 at acpi0: bus -1 (P0P2) acpiprt11 at acpi0: bus -1 (P0P3) acpiprt12 at acpi0: bus -1 (P0P4) acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB cpu0: Enhanced SpeedStep 2594 MHz: speeds: 2600, 2500, 2400, 2300, 2200, 2100, 2000, 1900, 1800, 1700, 1600 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Core 2G Host rev 0x09 vga1 at pci0 dev 2 function 0 Intel HD Graphics 2000 rev 0x09 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xc000, size 0x1000 inteldrm0 at vga1: apic 0 int 16 drm0 at inteldrm0 Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x05: apic 0 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 Intel 6 Series PCIE rev 0xb5: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 1 Intel 6 Series PCIE rev 0xb5: msi pci2 at ppb1 bus 2 re0 at pci2 dev 0 function 0 Realtek 8168 rev 0x06: RTL8168E/8111E-VL (0x2c80), apic 0 int 17, address 8c:89:a5:2c:33:ec rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 5 ehci1 at pci0 dev 29 function 0 Intel 6 Series USB rev 0x05: apic 0 int 23 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 pcib0 at pci0 dev 31 function 0 Intel H61 LPC rev 0x05 ahci0 at pci0 dev 31 function 2 Intel 6 Series AHCI rev 0x05: msi, AHCI 1.3 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, ST320LT007-9ZV14, 0004 SCSI3 0/direct fixed naa.5000c5004911478e sd0: 305245MB, 512 bytes/sector, 625142448 sectors ichiic0 at pci0 dev 31 function 3 Intel 6 Series SMBus rev 0x05: apic 0 int 18 iic0 at ichiic0 spdmem0 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-10600 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 mtrr: Pentium Pro MTRR support uhub2 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2 uhub3 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on sd0a (596cf490f9bcf0ba.a) swap on sd0b dump on sd0b uhub4 at uhub2 port 2 Alcor Micro product 0x6254 rev 2.00/1.00 addr 3 uhidev0 at
Re: Upgrading Snapshots and Dual-booting
On 2013-03-04, James Griffin j...@kontrol.kode5.net wrote: [- Mon 4.Mar'13 at 13:57:50 +0100 Janne Johansson :-] Everytime a new bootblock gets written one needs to repeat the dd stuff, but a normal upgrade usually doesn't make a new bootblock for you. Yeah, that's what I figured. So it should be alright then. Just thought I'd ask as I do upgrade my snapshots a lot and it would be a PITA to have to go through that each time. Cheers, Jamie. If you upgrade via the installer's (U)pgrade option then this *does* write new boot blocks. You may get lucky if the old /boot doesn't get overwritten, but it's a good idea not to count on this.. Also note that if your 'a' partition starts too high into the disk, you might have problems with some updates (e.g. to -current / 5.3 where the boot loader grew). For Windows users having trouble getting partitions shrunk sufficiently to start OpenBSD early enough in the disk, PerfectDisk (commercial but there's a free trial) usually works. My dual boot laptop had space for an msata ssd so I put the OpenBSD boot there, Windows boot on the HD, and use bios boot select to switch between them instead..much more straightforward :)
Re: Upgrading Snapshots and Dual-booting
[- Mon 4.Mar'13 at 17:26:32 + Stuart Henderson :-] If you upgrade via the installer's (U)pgrade option then this *does* write new boot blocks. You may get lucky if the old /boot doesn't get overwritten, but it's a good idea not to count on this.. Also note that if your 'a' partition starts too high into the disk, you might have problems with some updates (e.g. to -current / 5.3 where the boot loader grew). For Windows users having trouble getting partitions shrunk sufficiently to start OpenBSD early enough in the disk, PerfectDisk (commercial but there's a free trial) usually works. My dual boot laptop had space for an msata ssd so I put the OpenBSD boot there, Windows boot on the HD, and use bios boot select to switch between them instead..much more straightforward :) Ok, cheers Stuart. I did it yesterday so the latest 5.3 snapshot is already on the disk. I created a FAT32 partition which I can mount and save the new pbr file to ready to copy over into \C: drive on Windows7. I originally partitioned the disk using fdisk(1), rather than using Windows' crappy tool to shrink its partition, and did new installations of both OS's. I'll wait and see what surprises await then when I next upgrade :-)
Re: looking for xserve G4 donation
Hello misc, I managed to acquire a xserve G4 for the project. But, before I ship it, I want to make sure that everything works as it should. Here's where I come across a problem. I just saw on the macpcc.html page that the VGA card is not supported and it should be removed and access should be gained via console. Only downside is, I don't have any spare serial cables left. Is there anyone who has an idea if it is possible to do an complete headless install or lives in the Netherlands (preferably near Arnhem) and has a spare cable for the install? (of course a patch to fix the VGA-issue would be most welcome too) Martijn On 02/26/13 09:03, Antoine Jacoutot wrote: Hi. We are looking for a second xserve G4 for the OpenBSD ports building infrastructure. Currently, only one machine is doing all the work and a bulk can last up to 1 month which makes it very hard to stay in sync with snapshots. We are also low on RAM on this machine (only 512M) which makes the build even longer and prevent building some ports. If anyone could donate and ship such a machine and/or compliant RAM (1G would be nice), please contact me. The machine will be hosted in Alberta, Canada. Thank you.
SSH public key auth vs OTP auth
Hi All, Recently I had a chance to play with ./sysutils/login_oath and ./security/oath-toolkit ports maintained by Stuart Henderson. Both ports work fantastic, thanks Stuart! However I have a general question regarding various auth options with SSH (hopefully this list is OK for this discussion). There are obvious benefits to both public key and OTP authentication and they are very useful and unique in their own ways. But which one would you consider more secure? I am aware that more secure depends on the situation, such a whether the login is happening from a trusted terminal, how is the secret key stored on the device that is generating TOTP, is the public key encrypted, etc. But what are your thoughts in general? Would it make sense to have the ability to allow OpenSSH on OpenBSD to allow both public key and OTP to be used simultaneously (like RedHat's patch allows using RequiredAuthentications2 option to sshd_config)? Or does it make things needlessly complex? Thanks everyone! --peter
relayd redirect not working..
Hi, I am trying to get pf relayd to redirect port 80 to a some backed
www servers but I can't get relayd to start. If I have the following in
my relayd.conf file.
redirect www {
listen on 127.0.0.1 80
tag REDIRECTED
forward to 10.0.0.10 port 80
}
and try to start relayd then it just fails with the following in
/var/log/daemon...
Mar 4 23:32:44 NodeB relayd[31756]: startup
Mar 4 23:32:44 NodeB relayd[12344]: hce exiting, pid 12344
Mar 4 23:32:44 NodeB relayd[4920]: pfe exiting, pid 4920
Mar 4 23:32:44 NodeB relayd[27847]: relay exiting, pid 27847
Mar 4 23:32:44 NodeB relayd[32752]: relay exiting, pid 32752
Mar 4 23:32:44 NodeB relayd[31463]: relay exiting, pid 31463
If I comment out the above redirect then relayd starts ok.
I am also not sure about exactly what rules I need to put into my
pf.conf for a redirect, I know I need an anchor and assume that just
anchor relayd/*
would be ok and that I need to put in either a pass or match rule
also... eg.
pass in on $ExtIf inet proto tcp from Admin to myip/32 port 80
$TcpState tagged REDIRECTED
If anyone can help then that would be great.
Thanks for reading.
Keith
Re: SSH public key auth vs OTP auth
On 2013-03-04, Peter Bisroev pe...@int19h.net wrote: Hi All, Recently I had a chance to play with ./sysutils/login_oath and ./security/oath-toolkit ports maintained by Stuart Henderson. Both ports work fantastic, thanks Stuart! However I have a general question regarding various auth options with SSH (hopefully this list is OK for this discussion). There are obvious benefits to both public key and OTP authentication and they are very useful and unique in their own ways. But which one would you consider more secure? I am aware that more secure depends on the situation, such a whether the login is happening from a trusted terminal, how is the secret key stored on the device that is generating TOTP, is the public key encrypted, etc. But what are your thoughts in general? I think it totally depends on the situation and can't really be applied in general.. Either of them can be made to be unsafe. Would it make sense to have the ability to allow OpenSSH on OpenBSD to allow both public key and OTP to be used simultaneously (like RedHat's patch allows using RequiredAuthentications2 option to sshd_config)? Or does it make things needlessly complex? Thanks everyone! --peter OpenSSH has this in -current, see sshd_config(5) AuthenticationMethods.
Re: automake 1.11.5: never mind
Changing my .cshrc to define AUTOMAKE_VERSION 1.11 instead of 1.11.5 and rebooting cured the problem. Not sure why since I don't have 1.11.0 installed. I have 1.10.3p6, 1.11.5p1, 1.9.6p10. Oh well. End of story for now. Alan The distfile name is automake-1.11.5.tar.gz and pkg_info reports 1.11.5, but sqlports rejects it. In the ports tree there are 6 versions: d530# cd automake d530# ls 1.10 1.12 1.8 CVS Makefile.inc 1.11 1.4 1.9 Makefile Alan On 3/4/13, Brad Smith b...@comstyle.com wrote: On Mon, Mar 04, 2013 at 01:04:51AM -0500, Alan Corey wrote: I'm defining setenv AUTOMAKE_VERSION 1.11.5 In my .cshrc, I don't know why exactly. The value should be 1.11 not 1.11.5. -- Credit is the root of all evil. - AB1JX -- Credit is the root of all evil. - AB1JX
Re: automake 1.11.5: never mind
On Mon, Mar 04, 2013 at 10:36:00PM -0500, Alan Corey wrote: Changing my .cshrc to define AUTOMAKE_VERSION 1.11 instead of 1.11.5 and rebooting cured the problem. Not sure why since I don't have 1.11.0 installed. I have 1.10.3p6, 1.11.5p1, 1.9.6p10. Oh well. End of story for now. The version specified by the variable only refers to the major version of each respective automake release. Look at the naming of the binaries for each automake release within their packages. Alan The distfile name is automake-1.11.5.tar.gz and pkg_info reports 1.11.5, but sqlports rejects it. In the ports tree there are 6 versions: d530# cd automake d530# ls 1.10 1.12 1.8 CVS Makefile.inc 1.11 1.4 1.9 Makefile Alan On 3/4/13, Brad Smith b...@comstyle.com wrote: On Mon, Mar 04, 2013 at 01:04:51AM -0500, Alan Corey wrote: I'm defining setenv AUTOMAKE_VERSION 1.11.5 In my .cshrc, I don't know why exactly. The value should be 1.11 not 1.11.5. -- Credit is the root of all evil. - AB1JX -- Credit is the root of all evil. - AB1JX -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
