Re: Libperl 18?

2017-02-12 Thread Andrew Fresh 
On Mon, Feb 13, 2017 at 02:29:01AM +, Bryan C. Everly wrote:
> I have been trying to nuke and pave my daily driver's OpenBSD partition
> since Feb 5. Trying to install libproxy failed on a bad major (I have 17.1
> and it wants 18.0) for libperl.
> 
> I figured this was the normal behavior I have seen from time to time
> running snapshots and I would just wait for the next refresh of the
> snapshot. I did and I reinstalled the bad and userland tools from it but
> I'm still seeing the problem.
> 
> Are we having problems with perl in the userland build?

Should be libperl.so.18.0 from perl 5.24.1

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/sets/lists/base/mi.diff?r1=1.818=1.819=h

What's the date of the snapshot you installed?

$ ftp -o- ftp://ftp3.usa.openbsd.org/pub/OpenBSD/snapshots/amd64/base60.tgz | 
tar tzvf - | grep libperl
...
-r--r--r--  1 root bin5722739 Feb 12 12:44 ./usr/lib/libperl.so.18.0

Re: Forget mod_perl. I'm going to try to move to FastCGI and base http

2016-10-04 Thread Andrew Fresh 
On Tue, Oct 04, 2016 at 12:20:33PM -0400, Raul Miller wrote:
> On Tue, Oct 4, 2016 at 8:48 AM, Marc Espie  wrote:
> > There's also a whole fucking manpage bundled with PerlDancer explaining in
> > some details all the possible deployment options.
> 
> Related, though, is that a lot (but not all) of this documentation
> assumes the reader understands how to use mod_perl -- and incorporates
> its documentation by reference, or by implication.

This is getting off-topic for misc@, but the Plack and mod_perl are
fairly low-level so I don't think it's unfair to expect a reader who is
converting from one to the other to be familiar with them.  Then again,
the PSGI spec is not incredibly dense.

https://metacpan.org/pod/PSGI

And the FAQ seems to answer questions expecting, what seemed to me,
a reasonable knowledge level.

https://metacpan.org/pod/distribution/PSGI/PSGI/FAQ.pod


> People who don't understand that are probably expected to either
> figure it out for themselves, or migrate to some other environment
> (which might account for some of the popularity of node.js, rails and
> python).

While the page at http://plackperl.org/ could possibly be a bit
friendlier, it does have links to explain what it is and how it works,
plus links to something like 18 higher-level frameworks that support
PSGI, likely via Plack, 


I think the hope is more that you might find the Task::Kensho link off
of the metacpan.org main page and from there follow the links to some of
the many perl web development frameworks that exist.

https://metacpan.org/pod/Task::Kensho#Task::Kensho::WebDev:-Web-Development

(I am in the middle of doing this at work, so may not have a good handle
on how someone new sees things)

l8rZ,
-- 
andrew - http://afresh1.com

At the source of every error which is blamed on the computer, you
will find at least two human errors, including the error of blaming
it on the computer.

Re: Forget mod_perl. I'm going to try to move to FastCGI and base http

2016-09-29 Thread Andrew Fresh 
I gave a talk about moving from mod_perl to Plack and FastCGI at the local
perlmonger group. It was fairly straight forward and there are a fair number
of options on the CPAN, although I'm unsure which have ports.

http://cvs.afresh1.com/~andrew/talks/cgi_to_psgi_pdx_pm/

There is also some potentially useful information in this article

https://github.com/reyk/httpd/wiki/Migrating-a-perl-CGI-application-such-as-B
ugzilla

On September 29, 2016 12:19:50 PM PDT, Chris Bennett
 wrote:
>Thanks to stu@, he's informed me that mod_perl is a big problem for
>OpenBSD modernising its Perl forward.
>So I'm going to try and move to FastCGI.
>
>I can't find any info online about transition from mod_perl to FastCGI,
>so I'll have to work that out myself. Any useful links would be
>appreciated.
>
>Since I have been using Apache, I haven't paid any attention to base
>http.
>
>I have written modules to allow people to setup to make a purchase for
>online content, be transferred over to PayPal, pay.
>PayPal then sends me payment details which I have to send back to
>verify
>status of purchase. After that I create a username and password and
>email those plus a link to the customer.
>
>Privately, I have several databases that I use to form project assembly
>pieces that can then be combined in different ways to produce final,
>different complete project. Project labor is also worked out similarly.
>
>I also run two forums on outside software.
>
>I use PostgreSQL. I use Apache's httpd.conf and other confs to match
>Locations to the appropriate modules.
>
>Are there any problems getting something like this to work with base
>httpd? I run several different sites.
>The manual pages seem a little terse and unrevealing to me.
>
>I'm going to go study FastCGI myself now.
>
>Could anyone share some httpd.confs with me that do what I'm trying to
>accomplish?
>
>Any help appreciated,
>Chris Bennett

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Reading /etc/shells - Check /etc/master.passwd - Password file busy

2016-04-23 Thread Andrew Fresh 
On Sat, Apr 23, 2016 at 06:42:06PM -0400, Nick wrote:
> Check /etc/master.passwd
> Password file busy
> #
> 
> I have checked both /etc/passwd, /etc/master.passwd and I cannot see any 
> issues with it.

This means that you're not able to open /etc/ptmp for some reason,
likely because  the file already exists (because adduser tries to open
the file O_CREAT|O_EXCL).

l8rZ,
-- 
andrew - http://afresh1.com

Unix is very simple,
but it takes a genius to understand the simplicity.
  -- Dennis Ritchie

Re: Reached some limit with sockets?

2016-02-22 Thread Andrew Fresh 
On Sat, Feb 20, 2016 at 08:06:57PM +0100, Federico Giannici wrote:
> In a server (OpenBSD amd64 5.7) with many concurrent perl programs that have
> to open a lot of SSH connections, I get many errors like this:
> 
> connect() on closed socket GEN136 at
> /usr/local/libdata/perl5/site_perl/Net/SSH/Perl.pm line 216.
> 
> Maybe at some point no more sockets can be opened because of some limit is
> reached?
> 
> I already tried to set these in sysctl.conf:
> 
> kern.maxfiles=2
> kern.somaxconn=1024


Since you don't provide much information about how many simultaneous
connections you are making or how many you are making per-second, it's
really hard to guess what might be going on.

However, the maxfiles limit here may give some indication to the amount
so my guess is that you are hitting the pf state limit.  The default
state purging interval is 10 seconds, and the default state limit is
10,000 states.   I'd suggest looking at the output of pfctl -si when
you're having the issue.

$ doas pfctl -sa | grep -e ^states -e interval
interval 10s
stateshard limit1

(note that I don't actually have an OpenBSD 5.7 machine, so these
numbers may not have been the same back then)

Re: GUI Designer

2016-02-22 Thread Andrew Fresh 
On Mon, Feb 22, 2016 at 02:21:01PM +, Daniel Boyd wrote:
> But here's??my question: every now and
> then I like to makea quick and dirty GUI app. ??In Windows, I was??using
> Netbeans/Java/Swing. ??What do youguys use for a simple GUI with a
> visualdesigner? 

In perl, I for one usually end up just writing a quick web app using
Mojolicious::Lite* or some other framework.  Doesn't exactly answer your
question, but I haven't had a desire to write a GUI app in quite a few
years.

* The p5-Mojo package from
  http://mojolicious.org/perldoc/Mojolicious/Lite

l8rZ,
-- 
andrew - http://afresh1.com

Life's unfair - but root password helps!

Re: Unix::Pledge perl module

2015-11-19 Thread Andrew Fresh 
On Thu, Nov 19, 2015 at 04:19:19PM -0500, Richard Farr wrote:
> I've put together a simple CPAN module that allows you to use pledge(2) 
> in your Perl programs.  Of course it will only work on -current.

Way cool!  I too have been working on this a bit.  Sorry that I got
distracted from actually putting it someplace public.

https://github.com/afresh1/OpenBSD-Pledge

One benefit of mine is that OpenBSD-Pledge.t is a bit further fleshed
out.  I do need to do a fair amount of work on the docs still, but I
will be looking for OKs to import it into base before long.

I think there is definitely room in the ecosystem for more than one
tool, especially if other operating systems adopt pledge.

l8rZ,
-- 
andrew - http://afresh1.com

I wish life had an UNDO function.

Re: installation of Perl on OpenBSD 5.8 with perlbrew fails due crypt.h

2015-11-03 Thread Andrew Fresh 
On Tue, Nov 03, 2015 at 02:03:34PM -0200, Alceu Rodrigues de Freitas Junior
wrote:
> Hello Andrew,
>
> Em 02-11-2015 23:52, Andrew Fresh escreveu:
> >Yes, we don't support many of the algorithms that the tests attempt to
> >use.  I should probably push this patch upstream (with improvements) but
> >have not yet had time.
> >
>
>https://github.com/afresh1/OpenBSD-perl/blob/master/patches/GOOD/fix_crypt_t
ests.patch
> >
>
> I took a look at your patch but didn't understand the objective of it.
>
> There are some comments as "# Use Blowfish", do you mean using
> Crypt::Blowfish crypt function instead?

No, from `man 3 crypt`

   Blowfish crypt
 The Blowfish version of crypt has 128 bits of salt in order to make
 building dictionaries of common passwords space consuming.
...
 The version number, the logarithm of the number of rounds and the
 concatenation of salt and hashed password are separated by the ‘$’
 character.  An encoded ‘8’ would specify 256 rounds.  A valid
Blowfish
 password looks like this:

 “$2b$12$FPWWO2RJ3CK4FINTw0Hi8OiPKJcX653gzSS.jqltHFMxyDmmQ0Hqq”.


> Maybe a conditional block from Test::More help with that (including
skipping
> the test at all) would help, based on the osname from Config module.

Perhaps, although with that patch the tests pass.  I am sure I'll come up with
something.


> >That would be helpful, along with specific versions of perl you are
> >trying to install.
>
> Here it goes:

> Use of uninitialized value in substr at op/crypt.t line 43.
> substr outside of string at op/crypt.t line 43.

> I tried to install the latest perl available (5.22.0).

This looks like the errors the patch addresses, so yes, something
changed in 5.8.  The other crypt's got tedu'd

http://marc.info/?l=openbsd-cvs=142835341405554=2

l8rZ,
--
andrew - http://afresh1.com

If your computer says, "Printer out of Paper," this problem cannot
  be resolved by continuously clicking the "OK" button.

Re: installation of Perl on OpenBSD 5.8 with perlbrew fails due crypt.h

2015-11-02 Thread Andrew Fresh 
On Mon, Nov 02, 2015 at 10:06:18PM -0200, Alceu Rodrigues de Freitas Junior 
wrote:
> My name is Alceu and I'm a newbie with OpenBSD. I hope I reached the right
> mailing list to ask about compiling Perl with perlbrew on OpenBSD.

Seems a reasonable place.


I've successfully installed quite a few versions of perl using plenv,
not perlbrew, but I think that plenv does not run the test suite.


> Is there any change to crypt.h on version 5.8? It seems the errors are due
> differences on the interface.

Yes, we don't support many of the algorithms that the tests attempt to
use.  I should probably push this patch upstream (with improvements) but
have not yet had time.

https://github.com/afresh1/OpenBSD-perl/blob/master/patches/GOOD/fix_crypt_tests.patch


> Unfortunately I don't have the exact error messages, but I can try to
> reproduce the errors again if needed.

That would be helpful, along with specific versions of perl you are
trying to install.

l8rZ,
-- 
andrew - http://afresh1.com

Full-time system administration is a delicate balance 
between proactiveness and laziness.
  --  jhorwitz from use.perl.org

Re: cannot install Padre (a Perl IDE) for first run on OpenBSD?

2015-06-12 Thread Andrew Fresh 
On Fri, Jun 12, 2015 at 06:45:54PM +0900, Joel Rees wrote:
 2015/06/12 14:10 ertetlen barmok ertetlenbar...@safe-mail.net:
  Padre requires a perl built using threads
 
 Hmm. No threads in the system supplied perl?

This is correct.  Threads causes a significant performance hit, often in
the 20% range and The use of interpreter-based threads in perl is
officially discouraged. so we do not enable it in the system perl.

http://perldoc.perl.org/threads.html


 I'm not sure if it's still the case, but the perl community used to
 recomend having a parallel install of perl when you need things the system
 supplied perl doesn't have.

That would also be my recommendation. I do want the system perl in
OpenBSD to be as generally useful as possible, and unfortunately Padre
is the one actually useful thing I know of that requires perl threads.

For this use I too would recommend a parallel installation.

I have had good luck with plenv on OpenBSD
https://github.com/tokuhirom/plenv

and have heard good things about perlbrew although have not tried it.
http://perlbrew.pl/

l8rZ,
-- 
andrew - http://afresh1.com

I think I understand, but my stubborn brain refuses to admit it
until I beat it into submission by proof upon proof.
  -- Michael Shiloh michaelshiloh1...@gmail.com

Re: .kshrc Definitions under X

2015-04-05 Thread Andrew Fresh 
On Sun, Apr 05, 2015 at 10:50:47PM -0300, Henrique Lengler wrote:
 And it is called in ~.profile with this:
 . /home/henri/.kshrc
 
 The problem is that these definitions work out of X, in the console,
 logged as the same user (henri) but don't work under X.
 I open a xterm window and and type clr, I receive:
 /bin/ksh: clr: not found
 But out of X it works, can someone help me to make this thing work
 normally?


What I have done is set ENV=$HOME/.kshrc in .profile, then whenever you
open a new shell, it will use that file as a shell startup file.

$ man ksh | grep -A2 '^  *ENV' 
 ENVIf this parameter is found to be set after any profile files
are executed, the expanded value is used as a shell startup
file.  It typically contains function and alias definitions.

l8rZ,
-- 
andrew - http://afresh1.com

The 3 great virtues of a programmer: Laziness, Impatience, and Hubris.
  --Larry Wall

Re: Getting errors during security(8) maintenance

2015-03-26 Thread Andrew Fresh 
On Thu, Mar 26, 2015 at 03:42:07PM +0100, Ingo Schwarze wrote:
 Hi Andrew (or any other developer),
 
 OK to commit the following fix?
 
 Note that chomping after splitting is important because split
 drops trailing empty fields.

A blank home_dir is valid?  I will defer to others on that but seems
surprising to me.

Although I haven't had time to apply the patch and try it, the
implementation looks sane given that above is as expected.

OK afresh1@ 


 Index: security
 ===
 RCS file: /cvs/src/libexec/security/security,v
 retrieving revision 1.32
 diff -u -p -r1.32 security
 --- security  4 Dec 2014 00:07:21 -   1.32
 +++ security  26 Mar 2015 14:23:53 -
 @@ -336,7 +336,16 @@ sub find_homes {
   nag !(open my $fh, '', $filename),
   open: $filename: $!
   and return [];
 - my $homes = [ map [ @{[split /:/]}[0,2,5] ], $fh ];
 + my $homes = [];
 + while ($fh) {
 + my $entry = [ @{[split /:/]}[0,2,5] ];
 + chomp;
 + nag !defined $entry-[2],
 + Incomplete line \$_\ in $filename.
 + and next;
 + chomp $entry-[2];
 + push @$homes, $entry;
 + }
   close $fh;
   return $homes;
  }

-- 
andrew - http://afresh1.com

Unix is very simple,
but it takes a genius to understand the simplicity.
  -- Dennis Ritchie

Re: xHCI not configured on Intel 7 series

2014-11-09 Thread Andrew Fresh 
On Sun, Nov 09, 2014 at 03:54:50PM -0500, Joe Gidi wrote:
 I see that xHCI has been enabled in -current and I'd like to start testing
 on my system, but the driver is not attaching:
 
 Intel 7 Series xHCI rev 0x04 at pci0 dev 20 function 0 not configured

 OpenBSD 5.6-current (GENERIC.MP) #544: Fri Nov  7 10:36:24 MST 2014

This Nov 7th amd64 snapshot did not catch the commit that enabled xHCI.
If you wait for the next snapshot or build a kernel yourself you may
have better luck.

l8rZ,
-- 
andrew - http://afresh1.com

Software doesn't do what you want it to do, it does what you tell it do.
  -- Stefan G. Weichinger.

Re: Requested upstream patch to use OpenBSD's malloc

2014-06-10 Thread Andrew Fresh 
On Sat, May 31, 2014 at 12:09:09PM -0700, Andrew Fresh wrote:
 I opened a ticket with upstream to use OpenBSD's malloc by default.
 
 https://rt.perl.org/Public/Bug/Display.html?id=122000

You will be happy to know this was merged to bleed today.

http://perl5.git.perl.org/perl.git/commitdiff/9be9e8a734382a4f2852efc22debe8e98e91eee9

Many thanks to Tony Cook and all the people who put in a good word.

l8rZ,
-- 
andrew - http://afresh1.com

Instructions are just another man's opinion of how to do something. 
  -- Weldboy #DPWisdom

Requested upstream patch to use OpenBSD's malloc

2014-05-31 Thread Andrew Fresh 
I opened a ticket with upstream to use OpenBSD's malloc by default.

https://rt.perl.org/Public/Bug/Display.html?id=122000

Perl was setup to use perl's malloc on OpenBSD by default in 2010. 

https://rt.perl.org/Public/Bug/Display.html?id=75742


The perl in OpenBSD base has always used OpenBSD's malloc, and I believe
that is what OpenBSD users will expect, even building perl themselves.

If you have opinions that may sway the perl5-porters, please chime in on
the above ticket #122000.

l8rZ,
-- 
andrew - http://afresh1.com

People who invent random theories which only defend the vendor must have
been beaten as children.  Beaten with sticks.
At least, that's my theory.
  -- Theo De Raadt

Panic booting AlphaStation 200

2014-03-08 Thread Andrew Fresh 
I was recently given an AlphaStation 200 to run OpenBSD on, it's a bit
slow, but I got it installed.  bsd.rd boots just fine and I can install,
but the real kernel panics.

This is my first install on this machine so I would totally believe bad
hardware or jumpers that need changing.

Any suggestions?


l8rZ,
-- 
andrew - http://afresh1.com


rebooting...

halted CPU 0

halt code = 5
HALT instruction executed
PC = fc580118

CPU 0 booting

(boot dka0.0.0.6.0 -flags A)
block 0 of dka0.0.0.6.0 is a valid boot block
reading 15 blocks from dka0.0.0.6.0
bootstrap code read in
base = 1f6000, image_start = 0, image_bytes = 1e00
initializing HWRPB at 2000
initializing page table at 1e8000
initializing machine state
setting affinity to the primary CPU
jumping to bootstrap code

OpenBSD/Alpha Primary Boot
OpenBSD/alpha boot 1.10
VMS PAL rev: 0x100010530
OSF PAL rev: 0x100020123
Switch to OSF PAL code succeeded.
Loading bsd...

[ using 655088 bytes of bsd ELF symbol table ]
consinit: not using prom console
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2014 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 5.5 (GENERIC) #124: Tue Mar  4 17:48:56 MST 2014
dera...@alpha.openbsd.org:/usr/src/sys/arch/alpha/compile/GENERIC
AlphaStation 200 4/166, 166MHz
8192 byte page size, 1 processor.
real mem = 167772160 (160MB)
rsvd mem = 2064384 (1MB)
avail mem = 154165248 (147MB)
mainbus0 at root
cpu0 at mainbus0: ID 0 (primary), 21064-1 (pass 3)
apecs0 at mainbus0: DECchip 21071 Core Logic chipset
apecs0: DC21071-CA pass 2, 64-bit memory bus
apecs0: DC21071-DA pass 2
panic: trap
Stopped at  Debugger+0x4:   ret zero,(ra)
Debugger(6, fcc8b658, 1, 8, 3, 8) at Debugger+0x4
panic(?, 1, 0, 2, fc1f9b70, fe08) at panic+0xb8
trap(?, ?, ?, ?, ?, fe08) at trap+0xd4
XentMM(?, ?, ?, ?, ?, fe08) at XentMM+0x20
sio_intr_setup(?, ?, 1, ?, ?, fe08) at sio_intr_setup+0x12c
pci_2100_a50_pickintr(?, ?, 1, ?, ?, fe08) at pci_2100_a50_pickintr
+0xc8
apecsattach(?, ?, ?, ?, ?, fe08) at apecsattach+0x2a0
config_attach(?, ?, ?, fe0ec100, ?, fe08) at config_attach+
0x244
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb trace
Debugger(6, fcc8b658, 1, 8, 3, 8) at Debugger+0x4
panic(?, 1, 0, 2, fc1f9b70, fe08) at panic+0xb8
trap(?, ?, ?, ?, ?, fe08) at trap+0xd4
XentMM(?, ?, ?, ?, ?, fe08) at XentMM+0x20
sio_intr_setup(?, ?, 1, ?, ?, fe08) at sio_intr_setup+0x12c
pci_2100_a50_pickintr(?, ?, 1, ?, ?, fe08) at pci_2100_a50_pickintr
+0xc8
apecsattach(?, ?, ?, ?, ?, fe08) at apecsattach+0x2a0
config_attach(?, ?, ?, fe0ec100, ?, fe08) at config_attach+
0x244
ddb ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
*0 -1  0  0  7   0x200swapper
ddb

Re: Panic booting AlphaStation 200 -- solved

2014-03-08 Thread Andrew Fresh 
On Sat, Mar 08, 2014 at 04:43:25PM -0700, Andrew Fresh wrote:
 apecs0 at mainbus0: DECchip 21071 Core Logic chipset
 apecs0: DC21071-CA pass 2, 64-bit memory bus
 apecs0: DC21071-DA pass 2
 panic: trap

Good news! I fixed this by updating the firmware from v4.28 to v7.0.

l8rZ,
-- 
andrew - http://afresh1.com

Beta. Software undergoes beta testing shortly before it's released.
   Beta is Latin for still doesn't work.

AlphaStation 200 -- dmesg

2014-03-08 Thread Andrew Fresh 
Not that anyone in particular cares, but a dmesg!

[ using 655088 bytes of bsd ELF symbol table ]
consinit: not using prom console
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2014 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 5.5 (GENERIC) #124: Tue Mar  4 17:48:56 MST 2014
dera...@alpha.openbsd.org:/usr/src/sys/arch/alpha/compile/GENERIC
AlphaStation 200 4/166, 166MHz
8192 byte page size, 1 processor.
real mem = 167772160 (160MB)
rsvd mem = 2048000 (1MB)
avail mem = 154181632 (147MB)
mainbus0 at root
cpu0 at mainbus0: ID 0 (primary), 21064-0 (pass 2 or 2.1)
apecs0 at mainbus0: DECchip 21071 Core Logic chipset
apecs0: DC21071-CA pass 2, 64-bit memory bus
apecs0: DC21071-DA pass 2
pci0 at apecs0 bus 0
siop0 at pci0 dev 6 function 0 Symbios Logic 53c810 rev 0x02: isa irq 11
scsibus0 at siop0: 8 targets, initiator 7
sd0 at scsibus0 targ 0 lun 0: SEAGATE, SX373405LC, C206 SCSI3 0/direct fixed 
serial.SEAGATE_SX373405LC_3EK154CA_22326FU8
sd0: 70007MB, 512 bytes/sector, 143374738 sectors
cd0 at scsibus0 targ 4 lun 0: SONY, CD-ROM CDU-8012, 3.1e SCSI2 5/cdrom 
removable
probe(siop0:4:1): scsi message reject, message sent was 0x0
probe(siop0:4:2): scsi message reject, message sent was 0x0
probe(siop0:4:3): scsi message reject, message sent was 0x0
probe(siop0:4:4): scsi message reject, message sent was 0x0
probe(siop0:4:5): scsi message reject, message sent was 0x0
probe(siop0:4:6): scsi message reject, message sent was 0x0
probe(siop0:4:7): scsi message reject, message sent was 0x0
sio0 at pci0 dev 7 function 0 Intel 82378IB ISA rev 0x03
de0 at pci0 dev 11 function 0 DEC 21040 rev 0x23, DEC 21040 pass 2.3: isa irq 
5, address 08:00:2b:e4:f4:33
isa0 at sio0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 mux 1
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x3bc/4 irq 7
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
mcclock0 at isa0 port 0x70/2: mc146818 or compatible
stray isa irq 3
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
siop0: target 0 now using tagged 8 bit 10.0 MHz 8 REQ/ACK offset xfers
root on sd0a (6cac48c33b73b217.a) swap on sd0b dump on sd0b
WARNING: preposterous clock chip time
 -- CHECK AND RESET THE DATE!
stray isa irq 3
$ usbdevs -v
usbdevs: no USB controllers found
$ pcidump
Domain /dev/pci0:
 0:6:0: Symbios Logic 53c810
 0:7:0: Intel 82378IB ISA
 0:11:0: DEC 21040
$ sysctl hw
hw.machine=alpha
hw.model=AlphaStation 200 4/166
hw.ncpu=1
hw.byteorder=1234
hw.pagesize=8192
hw.disknames=sd0:6cac48c33b73b217,cd0:,fd0:
hw.diskcount=3
hw.physmem=165724160
hw.usermem=165707776
hw.ncpufound=1
hw.allowpowerdown=1
$ mixerctl
$ audioctl
$ apm
$ md5 -ttt
MD5 time trial.  Processing 100 1-byte blocks...
Digest = f0843f04c524250749d014a8152920ec
Time   = 1072.322473 seconds
Speed  = 9325552.948660 bytes/second

Re: dzen2 with cwm

2013-03-22 Thread Andrew Fresh 
On Fri, Mar 22, 2013 at 10:36:32AM +, James Griffin wrote:
 I was wondering if anyone uses dzen2 with OpenBSD (-current). If so
 I'd be really interested to see some examples of setups and scripts.


I put mine here:
https://gist.github.com/afresh1/5095884

The statusbar is just CPU, memory and battery but easy enough to
add other things.  The bit that automatically adjusts to multiple
screens is handier (haven't tied it to dock/undock yet but perhaps
someday).

l8rZ,
-- 
andrew - http://afresh1.com

Whatever happened to the days when hacking started at the cerebral cortex 
and not the keyboard?
  -- Sid from UserFriendly.org

Re: My first macppc install going poorly as well

2012-09-03 Thread Andrew Fresh 
On Mon, Sep 03, 2012 at 09:31:25PM +0400, Kirill Bychkov wrote:
 On Sun, September 2, 2012 22:44, Kirill Bychkov wrote:
  On Sun, September 2, 2012 20:24, Andrew Fresh wrote:
  It is a Power Mac G5 Dual 1.8GHz with the NVIDIA GeForceFX 5200 Ultra
  video card.  I believe the original Q37 but could be a June 2004
  model, no idea how to tell for sure.
  https://en.wikipedia.org/wiki/Power_Mac_G5
 
 Go to OpenFirmware and then try dev /cpus and ls. I will show you info
 about CPU.

OpenFirmware says my PowerPC,G5@0 is cpu-version  0039020 which
according to the Internet is a 

I did need to dev /cpus/PowerPC,G5 then .properties to get the
cpu-version, but thank you for the pointer.


 I had a look at
 http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/macppc/macppc/cpu.c?rev=1.67
 and see only 970FX processors mentioned. As I understand 970 != 970FX. My G5
 have 970, as OpenFirmware shows. M.B. problem is hiding in it?

Based on some old netbsd supported model lists I believe you are correct
that 970 != 970FX.

Looking up the serial number on Apple's website 
http://support.apple.com/specs/

it claims I have a Power Mac G5 (June 2004) version
http://support.apple.com/kb/SP80

which is supposed to have the 970FX
http://www.apple-history.com/g5_june_04

But unfortunately it seems that is not the case because my 0039020 is a
970 not a 970FX
http://everythingapple.blogspot.com/2004/11/130-nm-g5-is-alive-and-well.html

l8rZ,
-- 
andrew - http://afresh1.com

Computer programmers know how to use their hardware.

My first macppc install going poorly as well

2012-09-02 Thread Andrew Fresh 
I got a nice G5 from work and would like to run OpenBSD macppc on it.

However, when I attempt to install I get to what is described as step 4
for i386 and amd64 in the FAQ:
booting hd0a:/bsd 4464500+838332 [58+204240+181750]=0x56cfd0
http://openbsd.org/faq/faq14.html#Boot386

Except that line does not fully complete and the screen goes blank
white.  I get the same results booting from CDs from 4.9, 5.1 and a
fairly recent snapshot.

The Apple Service Diagnostic disk claims everything is in great shape.

It is a Power Mac G5 Dual 1.8GHz with the NVIDIA GeForceFX 5200 Ultra
video card.  I believe the original Q37 but could be a June 2004
model, no idea how to tell for sure.
https://en.wikipedia.org/wiki/Power_Mac_G5

Any suggestions? Did I just get a bad one?

If I had a dmesg to attach I wouldn't be asking this question. :-)

l8rZ,
-- 
andrew - http://afresh1.com

Life's unfair - but root password helps!

Re: Dmesg for thinkpad x220 tablet

2011-05-16 Thread Andrew Fresh 
On Mon, May 09, 2011 at 11:25:51AM -0300, Christiano F. Haesbaert wrote:
 Hi, does anyone have a dmesg for a thinkpad x220 ?

I got one for the x220 tablet I got to set up today.  


Attached are dmesg from both the amd64 and i386 kernels as well as the
output from sysctl hw and glxinfo.

The touch pad does paste when using left+right click to emulate the
third button.

The touchscreen didn't work in the default install, but I didn't have
time to try to make it work.

l8rZ,
-- 
andrew - http://afresh1.com

Microsoft Windows:  Proof that P.T. Barnum was correct
OpenBSD 4.9-current (GENERIC.MP) #111: Wed May 11 10:41:28 MDT 2011
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80clock_battery
real mem = 4176080896 (3982MB)
avail mem = 4050870272 (3863MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xbae23000 (66 entries)
bios0: vendor LENOVO version 8DET41WW (1.11 ) date 03/28/2011
bios0: LENOVO 4294CTO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT 
SSDT UEFI UEFI UEFI
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) 
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.65 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 99MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.26 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.26 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.26 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG
cpu3: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 5 (EXP4)
acpiprt5 at acpi0: bus 13 (EXP5)
acpiprt6 at acpi0: bus -1 (EXP7)
acpicpu0 at acpi0: C3, C1, PSS
acpicpu1 at acpi0: C3, C1, PSS
acpicpu2 at acpi0: C3, C1, PSS
acpicpu3 at acpi0: C3, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T4879 serial  9051 type LION oem SANYO
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK docked (15)
cpu0: Enhanced SpeedStep 2691 MHz: speeds: 2701, 2700, 2200, 2000, 1800, 1600, 
1400, 1200, 1000, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel Core 2G Host rev 0x09
vga1 at pci0 dev 2 function 0 Intel GT2+ Video rev 0x09
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp at vga1 not configured
Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured
Intel 6 Series KT rev 0x04 at pci0 dev 22 function 3 not configured
em0 at pci0 dev 25 function 0 Intel 82579LM rev 0x04: apic 2 int 20, address 
f0:de:f1:5c:c6:4b
ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x04: apic 2 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 6 Series HD Audio rev 0x04: apic 2 
int 22
azalia0: codecs: Conexant/0x506e, Intel/0x2805, using Conexant/0x506e
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 6 Series PCIE rev 0xb4: apic 2 int 16
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 Intel 6 Series PCIE rev 0xb4: apic 2 int 17
pci2 at ppb1 bus 3
iwn0 at pci2 dev 0 function 0 Intel Centrino Ultimate-N 6300 rev 0x35: apic 2 
int 17, MIMO 3T3R, MoW, address 00:24:d7:ba:22:b8
ppb2 at pci0 dev 28

Re: Creating release using site48.tgz

2011-05-09 Thread Andrew Fresh 
On Mon, May 09, 2011 at 04:59:17PM -0700, Stefan N wrote:
 Are my steps correct?

Close, but install sets are created in /usr/release and extracted
relative to root so you need something more like this:

tar -czf /usr/release/site48.tgz etc/pf.conf etc/rc.firsttime etc/backup.sh

Although I would also recommend creating site49.tgz and installing 4.9.

l8rZ,
-- 
andrew - http://afresh1.com

There are two ways to write error-free programs;
only the third one works.

Re: Creating release using site48.tgz

2011-05-09 Thread Andrew Fresh 
On Mon, May 09, 2011 at 05:28:12PM -0700, Stefan N wrote:
 Thanks. By the way, I don't see the release directory inside the source 
 file(/usr/src) directory.
 Does it mean that I need to create directory mkdir /usr/release first  if my 
 source files is at /usr/src?

The release man page does describe creating RELEASEDIR

# mkdir -p ${DESTDIR} ${RELEASEDIR}

I generally set RELEASEDIR=/usr/release, but it can really be a path
anywhere you want your sets.  The important part is that site48.tgz is
in the same directory as the rest of the install sets.


l8rZ,
-- 
andrew - http://afresh1.com

Computer Science: solving today's problems tomorrow.

Re: OpenBSD Torrents - Tracker + Seed Hosting Needed

2011-03-31 Thread Andrew Fresh 
On Wed, Mar 30, 2011 at 12:45:49PM -0700, Andrew Fresh wrote:
 I currently run the OpenBSD torrent tracker at
 http://openbsd.somedomain.net 
 as well as the primary seeder but due to external circumstances I am no
 longer able to continue hosting it.
 
 I am looking for someone interested and able to take this over.  

Happily I have found several volunteers, just need to do the work of
moving it. 

Thank's to everyone for their offers of help.

l8rZ,
-- 
andrew - http://afresh1.com

Hit any user to continue.

OpenBSD Torrents - Tracker + Seed Hosting Needed

2011-03-30 Thread Andrew Fresh 
I currently run the OpenBSD torrent tracker at
http://openbsd.somedomain.net 
as well as the primary seeder but due to external circumstances I am no
longer able to continue hosting it.

I am looking for someone interested and able to take this over.  

I am more than happy to help with administration of the tracker and
seeding, but can no longer host it.

The best candidate would be someone who already has a local OpenBSD
mirror because this requires just a few things more than having a
mirror.  Below is described what I am using, but can also help set up a
different system.


* Running the tracker.

It is currently a PHPBTTracker which requires PHP and MySQL, it does use
mod_rewrite to do some pretty urls but that is not required.  There may
be better tracker software out now, but I've used this one since 2005
and it seems to work fine.  It isn't currently on the same machine as
the seeder and could really be anywhere.

I can point openbsd.somedomain.net at a new address or you can use a new
url and I can set up a redirect.


* Creating the torrents.

I have a collection of perl and shell scripts that create the torrents.
Just pass a directory containing the files to be seeded and they will
generate a torrent, compare it the existing torrent and if it is
different, add it to the tracker and update the seeding client. 

There is another script that monitors the mirror log and when the mirror
process switches to another directory regenerates the torrent.


* Seeding the torrents.

I am currently using Transmission for seeding, I was using the official
Python BitTorrent client, but it was too much of a hog.  The script
above takes care of adding and removing torrents.  So far Transmission
seems to work well.


* Changing version numbers for current and previous releases every 6
  months.  (This is the only manual step)
  If you already have a mirror you probably don't need to do this.


I don't have a specific time frame when the transition needs to be
complete, but I was hoping to have it done already.

If I can't find a replacement soon, this service will have to go away,
and the list will again be inundated with why aren't there torrents
questions every 6 months.

Let me know if you are interested and if so we can start working out the
details.

l8rZ,
-- 
andrew - http://afresh1.com

Computer Science: solving today's problems tomorrow.

Re: Why I left OpenBSD

2010-06-16 Thread Andrew Fresh 
On Thu, Jun 10, 2010 at 11:28:40AM +0300, Dexter Tomisson wrote:
 http://www.trollaxor.com/2010/06/why-i-left-openbsd.html

On Wed, Jun 16, 2010 at 11:24:01AM +1000, Ted wrote:
 http://www.trollaxor.com/2010/06/why-i-almost-gave-openbsd-10-didnt.html


Since for some reason this thread is still here, I will copy and paste
what I believe to be the most relevant text on either of those pages.

It is duplicated on both, but I will only quote it once.


Disclaimer

This site contains works of fiction. If you don't realize that
you're reading fiction, you shouldn't be here.


l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net - Twitter: @AFreshOne

BOFH excuse of the day: Our POP server was kidnapped by a weasel.

Re: Help contacting Richard Stallman

2010-05-26 Thread Andrew Fresh 
On Wed, May 26, 2010 at 02:52:50PM -0500, Vanessa Kraus wrote:
 For what it's worth, I am on a good number of oss lists (including
 Linux), and there are no other mentions of RMS anywhere.

Also FWIW, saw a lot of OpenBSD + RMS chatter on the Twitter in the
last 24 hours.

http://search.twitter.com/search?ands=openbsdphrase=ors=stallman+rms

Just stay away from the rest of the thread you may end up linked to.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net - Twitter: @AFreshOne

BOFH excuse of the day: Someone's tie is caught in the printer, and if
anything else gets printed, he'll be in it too.

Re: 4.6 patch support

2010-03-22 Thread Andrew Fresh 
On Mon, Mar 22, 2010 at 01:36:45PM +0200, Andreas Gerdd wrote:
 I've an OpenBSD 4.6-Stable system. I wanted to ask how long will
 OBSD4.6 has patch/update support?


If you already follow -stable, it is the same process to upgrade to
newer release.

The main differences are that you get newer versions of packages and
when you run sysmerge it asks a few more questions.

There may be a few other small things, but they should all be mentioned
in the upgrade guide.


It confuses me when people want support for older versions. Somehow they
can follow -stable but upgrading to a new release is too hard?

Perhaps they assume that as long as the fixes are committed to the
-stable cvs tag, the -release code on their machine somehow magically
has it because the version numbers are the same.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net - Twitter: @AFreshOne

BOFH excuse of the day: secretary plugged hairdryer into UPS

Re: 802.11QinQ support

2010-03-03 Thread Andrew Fresh 
On Wed, Mar 03, 2010 at 06:36:05PM +0200, Ross Cameron wrote:
 Does anyone know off hand if OpenBSD 4.6 or -CURRENT supports
 802.1QinQ aka netsted VLans?

 If so, how do I configure it as I've tried the usual ifconfig vlan?
 create and tried stipulating that the secondary VLan's parent
 interface it the primary VLan interface. But this doesn't seem to work
 :(

I have been able to QinQ.

# ifconfig vlan101 vlandev bce0
# ifconfig vlan201 vlandev vlan101

vlan101: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
vlan: 101 priority: 0 parent interface: bce0
vlan201: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1496
vlan: 201 priority: 0 parent interface: vlan101

A tcpdump when I actually tried it showed the nested vlans although I
seem to have lost them.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net - Twitter: @AFreshOne

BOFH excuse of the day: sticky bit has come loose

Re: Recommend T1 Card for 4.6

2010-01-06 Thread Andrew Fresh 
On Wed, Jan 06, 2010 at 01:01:26PM -0700, Brandan Rowley wrote:
 Is there anyone using a T1 card for data on 4.6?  Perhaps a T1 to
 Ethernet converter?  I'm interested to find out how others have resolved
 this and what hardware was used.  We're using a Soekris 5501.

I am (still) using Sangoma cards.  They work fine but a warm boot
instead of a cold boot sometimes causes a DDB.

I have not tried any other solutions on OpenBSD.  I do know there was
another card that I believe an OpenBSD developer was helping make but I
don't know that there was ever a product you could purchase.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net

BOFH excuse of the day: Melting hard drives

Re: Recommend T1 Card for 4.6

2010-01-06 Thread Andrew Fresh 
On Wed, Jan 06, 2010 at 03:27:23PM -0700, Brandan Rowley wrote:
 Thanks Andrew, Steve and David for your replies.

You're welcome.

 I did check the man pages for WAN devices and did a little research.
 Here's what I found:
 
 *Accoom Networks Artery T1/E1 WAN interfaces (art) (G)

This is the one I heard about.  Supposedly good stuff, but were
announced a month after I got my san cards so I didn't get to try to buy
any. 

 *SBE (formerly Lan Media Corporation) SSI (T1)/HSSI/DS1/DS3 WAN
 interfaces (lmc) (G)

Haven't heard anything memorable about or tried.

 *Sangoma Technologies AFT T1/E1 WAN interfaces (san) (G)

This (A102u) I have working on 4.6

$ dmesg | grep -e OpenBSD -e san  
OpenBSD 4.6-stable (GENERIC.MP) #7: Tue Nov 24 10:26:10 MST 2009
san0 at pci0 dev 4 function 0 Sangoma A10x rev 0x01 apic 3 int 1 (irq 11)
san1 at pci0 dev 8 function 0 Sangoma A10x rev 0x01 apic 3 int 6 (irq 10)

$ ifconfig | grep ^san
san0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500
san1: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500
san2: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500
san3: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500


SNIP
 Sangoma has a ton of links and info, but Sangoma has not supported
 OpenBSD since 2007 as per the man page.  I did purchase a Sangoma A101
 which is not recognized by 4.6 and the drivers won't install without
 error.  The Sangoma installation instructions on the internet are for
 OpenBSD3.6 which seems pretty dated.
 
 Steve, How did you get your Sangoma card to work?  Is it an A101u?  I
 believe the one I purchased was an A101c which Sangoma said replaced the
 A101u.

I have several of the A102u, but if I remove the daughter board it is
magically an A101u, tho I have not tried that on 4.6, but did
(successfully) in earlier versions.

I have several messages in the archives and on gnats from when I was
getting them going, but when I upgraded to 4.6 they just worked same
as they have since I installed them.

They actually seem to DDB less and less as I upgrade to newer versions
of OpenBSD.  Not that they would ever DDB often, generally only if I
reboot instead of halt and powercycle or if something goes on with an
ATT line and they run their automated tests.  One of their tests used
to cause it, and may still, but I haven't had reason to find out.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net

BOFH excuse of the day: Incorrectly configured static routes on the
corerouters.

Re: Again, OpenBSD r0x! Thank you.

2009-12-30 Thread Andrew Fresh 
On Thu, Dec 31, 2009 at 09:13:45AM +1100, Aaron Mason wrote:
 Hang on... isn't ftp_proxy defined in rc.conf?

It is, but I had already set ftpproxy_flags= in rc.conf.local so users
could ftp out, so I needed a second instance for inbound connections.

http://www.openbsd.org/faq/pf/ftp.html#natserver

Note that if you want to run ftp-proxy(8) to protect an FTP server as
well as allow clients to FTP out from behind the firewall that two
instances of ftp-proxy will be required.

If I did only need the one, I could have done a similar thing in
rc.conf.local as I did in rc.local, just setting ftpproxy_flags instead
of starting the additional instance.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net

BOFH excuse of the day: root rot

Again, OpenBSD r0x! Thank you.

2009-12-28 Thread Andrew Fresh 
Setting up a new firewall, OpenBSD is making it easy.

in /etc/pf.macros
ftp_int=$srv01
ftp_ext=$external01
ftp_port=21

in /etc/pf.conf
include /etc/pf.macros
...
# NAT/Filter Rules for FTP Server (additon to above)
pass in  on egress   proto tcp to $ftp_ext port $ftp_port
pass out on internal proto tcp to $ftp_int port $ftp_port user proxy

in /etc/rc.local
. /etc/pf.macros
echo -n ' ftp-proxy (internal)';
/usr/sbin/ftp-proxy -R $ftp_int -p $ftp_port -b $ftp_ext

Thank you! (for that and much more)

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net

A printer consists of three main parts:
the case, the jammed paper tray and the blinking red light.

Re: Crash diagnosis

2009-06-08 Thread andrew fresh 
On Mon, Jun 08, 2009 at 03:56:48PM +0100, Gaby Vanhegan wrote:
 I have a machine that is running 4.3 bsd.mp, MySQL and one single site  
 of PHP scripts which keep crashing.  The frustrating thing is that it  
 doesn't panic the kernel so I can't get any DDB output, the machine  
 just locks up.  Looking at it over the KVM it just shows the login  
 prompt with the cursor flashing but not responding.
SNIP
 Any suggestions about how I can try and figure out what's killing it?

My guess would be since you mention 4.3 and Apache, that you are running
out of amap.

$ vmstat -m | grep '^ *UVM amap'

Compare MemUse to the Limit.  Since updating to 4.5 I haven't had the
problem.


This worked for Nagios.

*   *   *   *   *   /usr/local/libexec/nagios/check_amap   /dev/null || 
/home/andrew/apachectl stop wait start

#!/bin/sh
. /usr/local/libexec/nagios/utils.sh

_sizes=`vmstat -m | awk '/^ *UVM amap/ { gsub(K,  ); print $4$6}'`
_free=`dc -e 5 k ${_sizes} sm sc lm lc - lm / 100 * f | sed -e 's/\.*0*$//'`

if [ ${_free%.*} -lt 25 ]; then
echo WARNING: less than 25% amap free [${_free}%]!
exit $STATE_WARNING
fi

if [ ${_free%.*} -lt 10 ]; then
echo CRITICAL: less than 10% amap free [${_free}%]!
exit $STATE_CRITICAL
fi

echo OK: [${_free}%] free
exit $STATE_OK

and you probably need

$ diff -u /usr/sbin/apachectl apachectl
--- /usr/sbin/apachectl Tue May  5 21:44:28 2009
+++ apachectl   Wed Nov 19 09:49:28 2008
@@ -153,6 +153,19 @@
fi
fi
;;
+wait)
+echo -n $0 $ARG: 
+while [ $RUNNING -eq 1 ]; do
+if kill -0 $PID 2/dev/null ; then
+#echo -n .
+sleep 1
+else
+STATUS=httpd (pid $PID) not running
+RUNNING=0
+fi
+done
+echo ' httpd stopped'
+;;
 status)
$LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
;;


l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net

BOFH excuse of the day: Our ISP is having {switching,routing,SMDS,frame
relay} problems

Re: promiscuous mode

2009-05-19 Thread andrew fresh 
On Tue, May 19, 2009 at 01:03:40PM -0700, Philip Guenther wrote:
 On Tue, May 19, 2009 at 11:51 AM, Fortunato
 fortunato.montre...@earthlink.net wrote:
 ...
  Is there a way to set the flags to PROMISC for an interface?
 
 What problem are you trying to solve?

Although not the original poster, and this is not his problem, I had a
need to set an interface to PROMISC and I used tcpdump fxp0 host 1.1.1.1
to accomplish it which seemed a kludge.

I was testing some point to mulit-point wireless bridges.  We ended up
being able to load test 7 clients from one laptop, and could scale it
further but ran out of places to mount the client equipment.

Setup is like this:
Iperf endpoint  DHCP server
Switch
AP
Wireless Links
Multiple Clients
Switch (with vlans)
OpenBSD Laptop to Trunk port on switch


So, I did something like this to create vlans for the number of clients I 
want to test:
local _count=3
local _start=1
for _v in `jot $_count $(( $_start + 100 ))`; do 
echo Start vlan$_v
_lladdr=lladdr 00:11:22`echo $_v | sed -e 's/\(.\)/:0\1/g'`
ifconfig vlan$_v vlandev $_vlandev $_lladdr
dhclient vlan$_v 
done

The lladdr change is because the DHCP server will not hand out multiple
addresses if the vlans have the same MAC.

The switch with vlans is configured as such:

interface FastEthernet0/1
 switchport access vlan 101
!
interface FastEthernet0/2
 switchport access vlan 102
!
...
!
interface GigabitEthernet0/1
 switchport mode trunk
!

The laptop is plugged into the gigabit port on the switch, the different
pieces of client equipment are plugged into the different FastEthernet
ports.

Then I run iperf simultaneously, bound to each vlan with an IP.

#!/bin/sh
local _host=iperf.server
for _int in `ifconfig vlan 2/dev/null |
awk '/^vlan/ { sub(:,,$1); print $1 }' |
sort`; do

local _ip=`ifconfig $_int | awk '/inet / { print $2 }'`
local _last=`echo $_int | sed -e 's/^.*\(..\)$/\1/'`
local _port=$(( $_last + 5000 ))

if [ ! -z $_ip ]; then
   iperf -B $_ip -p $_port -c $_host $@ | {
local _line
while read _line; do
echo $_int: $_line
done
} 
fi
done
wait

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net

BOFH excuse of the day: A plumber is needed, the network drain is
clogged

Re: Why so cool OS doesn't have vuln database?

2009-05-15 Thread andrew fresh 
On Fri, May 15, 2009 at 10:39:06PM +0500, Yuriy Grishin wrote:
 I've installed OpenBSD 4.5 on my home gateway.
 Random pids and critical files permission are really cool.
 I just confused a little bit because I haven't found any way to check the 
 vulnerabilities of my configuration.

http://www.openbsd.org/errata45.html

 Are there any?

If you changed something from the base system, then you have to manage
any vulnerabilities from those changes on your own.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: and...@rraz.net

BOFH excuse of the day: 50% of the manual is in .pdf readme files

Edgeport/421 (TI version) serial is ugen

2008-12-04 Thread andrew fresh 
I recently got an Edgeport/421 (4 USB, 2 RS-232 DB-9, 1 parallel) that
seemed like it would be really handy since this computer is legacy free
and doesn't have any serial ports and having serial ports would be
really handy.

http://www.digi.com/products/usb/edgeport.jsp

Everything seems to work great.  Except the serial ports. 

Are there any suggestions on what I might need to do to make the serial
ports work?  



From looking and then taking it apart, it appears to be the newer TI
version that is mostly just a TUSB5052 with one of the free ports hooked
to a USB Parallel port.

http://focus.ti.com/docs/prod/folders/print/tusb5052.html

Is there already a USB serial driver that supports the TUSB5052 chip
that I can just add the detection to?


I am currently looking at uticom.c, but it claims:
XXX: multiport chips are not supported yet



More information if it helps.

Snipped from a dmesg with UGEN_DEBUG set and ugendebug set to 10:
SNIP
uhub3 at uhub1 port 3 Inside Out Networks product 0x028c rev 1.10/1.51 addr 2
ulpt0 at uhub3 port 5 configuration 1 interface 0 Inside Out Networks 
Edgeport/(4)21 Parallel rev 1.00/1.00 addr 3
ulpt0: using bi-directional mode
ugen0 at uhub3 port 6 Inside Out Networks Edgeport/421 rev 1.10/0.01 addr 4
ugen_set_config: ugen0 to configno 1, sc=0x80127000
ugen_set_config: ifaceno 0
ugen_set_config: endptno 0, endpt=0x81(1,128), sce=0x80127468
ugen_set_config: endptno 1, endpt=0x01(1,0), sce=0x80127310
ugen_set_config: endptno 2, endpt=0x82(2,128), sce=0x80127718
ugen_set_config: endptno 3, endpt=0x02(2,0), sce=0x801275c0
ugen_set_config: endptno 4, endpt=0x87(7,128), sce=0x80128488


Some of the output from usbdevs -vd:
SNIP
Controller /dev/usb1:
SNIP
 port 3 addr 2: full speed, self powered, config 1, product 0x028c(0x028c), 
Inside Out Networks(0x1608), rev 1.51
   uhub3
  port 1 powered
  port 2 powered
  port 3 powered
  port 4 powered
  port 5 addr 3: full speed, power 98 mA, config 1, Edgeport/(4)21 
Parallel(0x000b), Inside Out Networks(0x1608), rev 1.00
ulpt0
  port 6 addr 4: full speed, self powered, config 1, Edgeport/421(0x020c), 
Inside Out Networks(0x1608), rev 0.01, iSerialNumber V50419195-0
ugen0
SNIP


I did ask the Google, and marc.info, and although I did find the Linux
and Sun drivers that Digi provides, I did not find anything that was
useful to me.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: the butane lighter causes the pincushioning

Re: Missing security announcements

2008-11-13 Thread andrew fresh 
On Thu, Nov 13, 2008 at 12:55:36PM -0500, Ted Unangst wrote:
 On Thu, Nov 13, 2008 at 12:35 PM, Aaron W. Hsu [EMAIL PROTECTED] wrote:
  Is security-announce an open list?  If not, give me access and I'll
  keep it reasonably up to date, give or take a day or so of release of
  the Security Errata on the website, unless there is an even faster way
  of checking it out, such as CVS.
 
 It is moderated, and really, outsiders should not be posting to it
 because then it appears that they have some position of authority.
 The only person who should be posting to the list is the person who
 made the fix, because they are the security contact.  When people
 reply, it is important they are talking to the right person.


I just wrote something quick in perl that scrapes the errata pages of
the two most recent releases and sends a nicely formatted email for any
that are have change since the last check.

It does require a couple of packages be installed (p5-libwww and
p5-HTML-Tree) but if there were enough interest from someone who could
do something with it, I could probably make it work with just what is
available in the base system.

There are lots of ways to break something that scrapes html, but it is
at least automated.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]


#!/usr/bin/perl -T
use strict;
use warnings;

%ENV = ();

#Additional modules needed
use LWP::Simple;  # pkg_add p5-libwww
use HTML::TreeBuilder;# pkg_add p5-HTML-Tree

# Core modules
use Text::Wrap;
use Fcntl ':flock';   # import LOCK_* constants

# should end with a /
my $base_url   = 'http://www.OpenBSD.org/';
my $start_page = 'errata.html';

my $sender= '[EMAIL PROTECTED]';
my $recipient = '[EMAIL PROTECTED]';

# should end with a /
my $base_dir = '/home/andrew/.openbsd_errata_notifier/';

my $max_versions_to_process = 2;

#*#*# Nothing to change beyond this point #*#*#

my $tree = HTML::TreeBuilder-new();

my $content = get( $base_url . $start_page )
or die Could't get [$start_page]: $!;
$tree-parse($content)-eof;

my @errata_urls;
foreach my $link ( @{ $tree-extract_links('a') } ) {
my ( $url, $element, $attr, $tag ) = @{$link};
if ( $url =~ /^errata\d+\.html\Z/xms ) {
push @errata_urls, $base_url . $url;
}
}

$tree-delete;

my $processed = 0;
URL: foreach my $url ( reverse @errata_urls ) {
$processed++;
last URL if $processed  $max_versions_to_process;

my $tree = HTML::TreeBuilder-new();

my $content = get($url) or die Couldn't get [$url]: $!;
$tree-parse($content)-eof;

my $title = $tree-find('title')-as_trimmed_text;
my ($version) = $title =~ /\b ( \d+ \. \d ) \b/xms;

foreach my $entry ( reverse $tree-find('ul')-find('li') ) {
my $errata = process_errata_entry($entry);
$errata-{version} = $version;
$errata-{url} = $url;

my $message = format_errata_message($errata);
my $file= make_errata_dir($errata);

if ( should_send( $message, $file ) ) {
mail($message);
}
}

$tree-delete;
}

sub process_errata_entry {
my ($errata) = @_;

my $id = $errata-find('a')-attr('name');

my ( $num, $type, $date ) = split /:\s*/xms,
$errata-find('strong')-as_trimmed_text;

my $arch = $errata-find('i')-as_trimmed_text;

my %errata = (
id = $id,
number = $num,
type   = $type,
date   = $date,
arch   = $arch,
);

foreach my $content ( $errata-content_list ) {
if ( ref $content eq 'HTML::Element' ) {
if ( my $href = $content-attr('href') ) {
if ( $href =~ m{ftp\.openbsd\.org.*patch\Z}ixms ) {
$errata{patch} = {
href = $href,
text = $content-as_trimmed_text,
};
$content-delete;
}
elsif ( $href =~ m{CVE-} ) {
push @{ $errata{cve} },
{
href = $href,
text = $content-as_trimmed_text,
};
$content-delete;
}
}
}
}

foreach my $br ( $errata-find('br') ) {
$br-replace_with(\n);
}

my @descr = split /\n/, $errata-as_text;
shift @descr;
pop @descr;

foreach my $m (@descr) {
$m =~ s/^\s+//xms;
$m =~ s/\.\W+\Z/\./xms;
}

$errata{description} = [EMAIL PROTECTED];

return \%errata;
}

sub mail {
my ($message) = @_;

open( my $sendmail, |/usr/sbin/sendmail -oi -t -odq )
or die Can't fork for sendmail: $!\n;
print $sendmail $message;
close $sendmail or warn sendmail didn't close nicely;
}

sub format_errata_message {
my ($errata) = @_;

my $message = EOL;
From: $sender
To: $recipient
EOL

$message
.= 'Subject: OpenBSD '
. $errata-{version}
. ' Errata '
.

Re: Multipath to CISCO

2008-11-05 Thread andrew fresh 
On Wed, Nov 05, 2008 at 09:40:02AM +, Stuart Henderson wrote:
 On 2008-11-05, Mikel Lindsaar [EMAIL PROTECTED] wrote:
  The other option I believe would be using PF to round robin the packets on
  both destinations using route-to rules.  Would this work?
 
 it should, but you might need to make the rules stateless (no state).
 

It works, and you do.

# san2 and san3 are in interface group att
att_if0=san2
att_if1=san3

pass in  log on att to   self
pass in  on att to   $my_net no state flags any
pass out on att from { $my _net self } no state flags any
pass out on { $att_if0 $att_if1 } route-to { \
($att_if0 $att_if0:peer) \
($att_if1 $att_if1:peer) \
} round-robin from $my_net tag ROUTED ! tagged ROUTED \
no state flags any  
pass out on att to att:network

this is on a multiple ATT T1 link, but it should work mostly the same.
However, you probably won't have the :peer address and will have to
specify the address.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: Typo in the code

Re: vendor list (was: dmesg IBM x3650 OpenBSD 4.3 )

2008-10-13 Thread andrew fresh 
On Mon, Oct 13, 2008 at 10:28:37AM -0700, Charles Smith wrote:
  to create a web section listing the reasonable and bastard vendors?
  I think it would be useful in two points:
  
  * helps to OpenBSD community to choose the right hardware
  * make good or bad publicity depending on real vendor's position
  
  Anyway it's only an idea.
 
 +1
 I very like the idea.
 

Check the archives, it has been tried in the past.

http://vendorwatch.org/

According to the Internet Archive's Wayback Machine, they have been
reviving it since somewhere between February and June 2007.  

Apparently too many people are like me and think that it is a good idea,
but don't have to time to maintain it.  

(definitely read the archives before even imagining that you would
consider suggesting that it be maintained by developers)

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: Sysadmin accidentally destroyed pager with a
large hammer.

Re: Weird pkg_info behavior?

2008-09-30 Thread andrew fresh 
On Tue, Sep 30, 2008 at 10:47:56PM -0400, Nick Guenther wrote:
 If you are looking for package descriptions, install the ports tree
 and read the Makefiles. Also, if you are lazy/not on an OpenBSD box,
 most of the descriptions are available at
 http://www.openbsd.org/4.3_packages/.

or even 
http://openports.se/search.php?so=vim

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: internet is needed to catch the etherbunny

OpenOSPFd fails to form adjancy if remote router-id changes

2008-09-05 Thread andrew fresh 
The problem I am seeing is that if I don't specify a router-id in
ospfd.conf, then if the highest IP on a peer router changes the automatic
Router ID, the session fails to start with a failed to form adjacency with
old ID error.

Is this expected behavior?  I can solve it by setting the router-id in
ospfd.conf, but that means I have to customize it for each individual host,
and can't have an ospfd.conf for the role.  

I would include a full dmesg, but I have seen this since 4.2 on different
hardware, and for this test, these are just Soekris NET4801, so there are
plenty of dmesg in the archives.  I have just finally had enough time to ask
about it.

Here is a description of how to repeat the problem as well as log messages.
If there is any more information I should gather, let me know.

Both Hosts:
Soekris 4801 running:
OpenBSD 4.4-current (GENERIC) #1038: Thu Sep  4 14:53:02 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

Crossover cable between Host1:sis1 and Host2:sis1.  No other cables connected,
except serial console.

--- BEGIN /etc/rc.conf.local ---
ospfd_flags=
---  END  /etc/rc.conf.local ---

--- BEGIN /etc/sysctl.conf ---
net.inet.ip.forwarding=1
---  END  /etc/sysctl.conf ---

--- BEGIN /etc/ospfd.conf ---
area 0.0.0.0 {
interface sis0
interface sis1
}
---  END  /etc/ospfd.conf ---

Host1:
/etc/hostname.sis0:inet 10.33.100.1 255.255.255.0 NONE
/etc/hostname.sis1:inet 10.33.1.2   255.255.255.0 NONE

Host2:
/etc/hostname.sis0:inet 10.33.0.1 255.255.255.0 NONE
/etc/hostname.sis1:inet 10.33.1.1 255.255.255.0 NONE
/etc/hostname.lo2:inet 10.0.100.1 255.255.255.0 NONE

Action:

On Host1:
# ospfctl s | grep Router
Router ID: 10.33.1.2
# ospfctl s nei
ID  Pri StateDeadTime Address Iface Uptime
10.33.1.1   1   FULL/BCKUP   00:00:38 10.33.1.1   sis1  00:00:22


On Host2:
# ospfctl s | grep Router
Router ID: 10.0.100.1
# mv /etc/hostname.lo2 /etc/hostname.lo2.orig  \
  sed -e 's/10.0.100.1/10.0.99.1/' /etc/hostname.lo2.orig  /etc/hostname.lo2
# reboot
# ospfctl s | grep Router
Router ID: 10.0.99.1
# ospfctl s nei
ID  Pri StateDeadTime Address Iface Uptime
10.33.1.2   1   INIT/OTHER   00:00:38 10.33.1.2   sis1  -
# grep ospf /var/log/daemon
Sep  5 14:11:39 Host2 ospfd[497]: startup
Sep  5 14:15:22 Host2 ospfd[8572]: startup


On Host1 after a reboot of Host2:
# ospfctl s nei
ID  Pri StateDeadTime Address Iface Uptime
10.0.100.1  1   EXSTA/OTHER  00:00:35 10.33.1.1   sis1  -
# grep ospf /var/log/daemon
Aug  8 14:11:22 Host1 ospfd[13083]: startup
Aug  8 14:20:58 Host1 ospfd[26289]: nbr_adj_timer: failed to form adjacency 
with 10.0.100.1
Aug  8 14:21:58 Host1 ospfd[26289]: nbr_adj_timer: failed to form adjacency 
with 10.0.100.1

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: Internet shut down due to maintenance

Re: Azalia - Realtek/0x0885 - plays, but no sound

2008-06-10 Thread andrew fresh 
On Tue, Jun 10, 2008 at 01:43:06AM -0700, Predrag Punosevac wrote:
 alemao wrote:
 Look the output from mixerctl and adjust things like

 outputs.master=248,248 ( I think this is by default something like 128,128)

 and  few other which  are self explanatory.
 I have the similar audio card and I had the same problem.

Ok, This is crazy.  Yesterday, I started composing an email to ask
pretty much the same question.  (no sound from azalia). 

Today I have sound, thanks to this list (This time being Peiter and
Predrag).  

I don't know how this list does it, but it is not the first time my
questions have been answered as I was getting ready to ask them.  

Thank you all very much.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: We had to turn off that service to comply with
the CDA Bill.

Re: Window Manager

2008-05-06 Thread andrew fresh 
On Tue, May 06, 2008 at 01:18:06PM +0300, Paul Irofti wrote:
 On Sun, May 04, 2008 at 09:29:42PM -0300, Gonzalo Lionel Rodriguez wrote:
  I dont know if it is the place to ask it, but that window manager uses? And
  why?
  
 I use cwm (its in base)

I have to agree with this one.  It is in base and it keeps getting
better and better (it is the reason I am running snapshots on my
desktop instead of -stable)

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: Incorrectly configured static routes on the
corerouters.

Re: spamd fake MX

2008-04-10 Thread andrew fresh 
On Thu, Apr 10, 2008 at 02:07:43PM +1000, Rod Whitworth wrote:
 Reality check please.
 
 I see quite a few attempts to access port 25 on boxes that don't have
 externally listening smtpd. They show up in firewall logs.
 
 It is a possibility to let spamd listen (as usual, redirected from 25
 to 8025, or even on 25 itself) and feed the IP over to my real MX using
 the spamd sync capability?
 
 I think so but I may just need a cluebat if there is some reson not to.

http://www.hungryhacker.com/articles/misc/spamd

I have been meaning to set this up, and then sync the IPs to my actual
mail servers so they can be blacklisted.  I just haven't had time.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: high pressure system failure

Re: Installing apsfilter package fails

2008-03-20 Thread andrew fresh 
On Thu, Mar 20, 2008 at 07:43:10AM -0700, Ed Flecko wrote:
 Thank you Preston.
 
 You said, If I remember correctly, you need to have the x-base
 package installed
 for the libiconv / gettext dependencies to be met.  It's an issue with
 4.2.
 
 How did you know that? Is there a source that I should reference
 that I'm not aware of to keep up on the latest idiosyncrasies, bugs,
 etc.???

There actually is a source for this sort of thing.  I think Nick puts
a lot of time into it too.  

http://www.openbsd.org/faq/upgrade42.html

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: The Token fell out of the ring. Call us when
you find it.

Re: route-to performance problem

2007-10-05 Thread andrew fresh 
On Fri, Oct 05, 2007 at 11:40:07AM -0400, Chris Smith wrote:
SNIP
 The performance issue is that normal web access is horrifically slow, yet 
 when 
 doing a download test the results show the proper bandwidth.

It takes a while for the packets to figure out how to get through the
router, once they do, the states are set up and everything works as it
should.  I can see that.

SNIP
 Basic scenario is 2 internal interfaces (2 separate subnets) and three 
 external (gateway) interfaces (a T1 line - the default gateway, a 4Mb/s cable 
 line, and an 8Mb/s cable line). My current testing is just using one system 
 to route-to one of the non-default gateways.

This means that each interface has a separate subnet with separate
gateways and all that?  

What is $ext_if and what is $wow_8_if?  You seem to use them kind of
randomly in your ruleset below.  I am guessing that $ext_if is the T1
(default gateway) and that $wow_8_if is one of the cable lines.

I think your problem is that if you route-to on your outbound interface
it happens after NAT.  NAT and route-to on egress is I think a bad
combination.  That it works at all is to me more surprising than that it
is slow.


 Simplified ruleset:
 ==
 nat on $ext_if inet tag WOW_8_NAT tagged WOW_8 - $wow_8_ad1
 nat on $ext_if inet from $s3_if:network to any - $ext_ad
 
 pass in on $s3_if inet from $s3_if:network to !$alt_if flags S/SA keep state
 pass in on $s3_if inet from $orion7 to !$alt_if flags S/SA keep state tag W
 OW_8
 
 pass out on $s3_if from any to $s3_if:network flags S/SA keep state
 
 pass out on $ext_if all keep state flags S/SA
 pass out on $ext_if route-to ( $wow_8_if $wow_8_gw ) all keep state flags 
 S/SA 
 tagged WOW_8_NAT
 ==


Perhaps try this (I didn't):
(and keep state is default now so that simplifies the rules)
==
nat on $ext_if   inet from $s3_if:network to any - $ext_ad
nat on $wow_8_if inet from $s3_if:network to any - $wow_8_ad1

pass in on $s3_if inet from $s3_if:network to !$alt_if
pass in on $s3_if route-to ( $wow_8_if $wow_8_gw ) \
inet from $orion7 to !$alt_if

pass out on $s3_if from any to $s3_if:network

pass out on $ext_if
pass out on $wow_8_if
==

You may also want some of the rules like are shown in the FAQ
http://www.openbsd.org/faq/pf/pools.html

  To ensure that packets with a source address belonging to $ext_if1 are
  always routed to $ext_gw1 (and similarly for $ext_if2 and $ext_gw2), the
  following two lines should be included in the ruleset:

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 \
   to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 \
   to any 

I am NOT sure that I am correct, but this may give you something else to
try.

I also think tcpdump on the different external interfaces when you are
trying this would probably help a lot.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: Not enough interrupts

Re: route-to performance problem

2007-10-05 Thread andrew fresh 
On Fri, Oct 05, 2007 at 06:49:31PM -0400, Chris Smith wrote:
 On Friday 05 October 2007, andrew fresh wrote:
 OK, I'm still tagging, but it does seem that doing the route-to on ingress is 
 a working scenario.

Oh good.  I am glad that worked.


  You may also want some of the rules like are shown in the FAQ
  http://www.openbsd.org/faq/pf/pools.html
 
To ensure that packets with a source address belonging to $ext_if1 are
always routed to $ext_gw1 (and similarly for $ext_if2 and $ext_gw2), the
following two lines should be included in the ruleset:
 
  pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 \
 to any
  pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 \
 to any
 
  I am NOT sure that I am correct, but this may give you something else to
  try.
 
 I'm having trouble grokking that example, and also thinking that whatever 
 it's 
 doing may not be necessary for a non-pool setup. Any confirmation?

What this does is make sure that any packets coming from the IP of one
of the interfaces (that are the NAT IPs) go out the correct interface.

So you would add this in addition to the other rules.  It probably won't
do anything, but it might.

pass out on $ext_if   route-to ($wow_8_if $wow_8_gw) from $wow_8_if
pass out on $wow_8_if route-to ($ext_if   $ext_gw)   from $ext_gw

Adding the third interface gets slightly more confusing.  I got it
working in testing and I am going to install one (that does round-robin,
but that isn't important) on Tuesday.

Then I am going to have to work on an ifstated setup for failover and I
am not looking forward to that :-)


  I also think tcpdump on the different external interfaces when you are
  trying this would probably help a lot.
 
 That was I using to see what interface the packets were traversing.

Did you see any packets coming out the wrong interface?  For example,
packets with the $ext_if IP coming out of $wow_8_if?  That is what I
would have expected from your ruleset (mebbe).

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: your process is not ISO 9000 compliant

Re: sendmail SMTP auth

2007-08-09 Thread andrew fresh 
On Thu, Aug 09, 2007 at 03:34:09PM -0400, Mike Erdely wrote:
 1. Put 'WANT_SMTPAUTH=1' in your /etc/mk.conf file.
 2. Extract src.tar.gz to /usr/src.

2a. pkg_add cyrus-sasl

 3. Rebuild sendmail.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: sticktion

Re: Strange crashes started this morning

2007-06-25 Thread andrew fresh 
On Fri, Jun 22, 2007 at 11:27:11PM -0400, Alex Feldman wrote:
 Hi Andrew
 
 You crash dump doesn't show that it crashed on san driver. I'm saying that
 this is not the problem with san driver but it doesn't show any driver
 related function in crash trace. 

I do not see that either.  However, I am not familier with the internals
of the OpenBSD kernel.  Theo is, and he seems to think it is a san
issue.  At this point I trust his judgment above yours.

My suggestion would be to provide the documentation that the OpenBSD
team is looking for so that they can prove one way or another where the
problems are and improve the code for everyone.



 For both Andrew and Richard: 
 1. If you can send me the crash trace that includes san driver function that
 will be helpful.

I expect that it would, unfortunatly, I cannot reproduce this problem on
command.  It only happened the one day so far and I have no idea what
caused it.

How about, while waiting for more information on this problem, you see
if you can do anything about a problem I can repeat.  It causes me no
end of trouble because it makes both routers DDB any time I soft boot
them.  That means I can't upgrade the version of OpenBSD on them
remotely.

This I attribute to the san stuff because it doesn't happen in any of
the other machines I am running OpenBSD on.  You may notice that the
trace for this one also doesn't reference any san driver calls. 

You can see it in bug number 5404:

http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5404

In bug 4484, someone else seems to have had similar issues:

http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=4484

Who knows, getting the OpenBSD developers the documentation they need so
they can fix that issue will coincidently fix the one I am complaining
about now.


 2. Can you send me the configuration for ppp/Wanpipe and details instruction
 how to get this crash; I'll try to resolve this issue.

Here is the configuration on the interfaces that seemed to cause the
issue this last time.  They are they only lines I have that are
PROTO=ppp, the rest are HDLC (PROTO=cisco).

$ sudo sanconfig san2
ALEX2

Hardware configuration for san2:
AFT-A102   : SLOT=8 : BUS=0 : IRQ=10 : CPU=A : PORT=PRI

Interface configuration for san2:
MEDIA=T1
LCODE=B8ZS
FRAME=ESF
TECLOCK=Normal
LBO=0db
ACTIVE_CH=all
PROTO=ppp

$ sudo sanconfig san3
ALEX2

Hardware configuration for san3:
AFT-A102   : SLOT=8 : BUS=0 : IRQ=10 : CPU=B : PORT=PRI

Interface configuration for san3:
MEDIA=T1
LCODE=B8ZS
FRAME=ESF
TECLOCK=Normal
LBO=0db
ACTIVE_CH=all
PROTO=ppp


For the other, I will just quote what I wrote before.

 From: andrew fresh [mailto:[EMAIL PROTECTED]
  There are two resons I believe it is the Sangoma driver causing the
  problem.
  
  The first is the message from Theo that you can read in the archives
  here:
  
  http://marc.info/?l=openbsd-miscm=118246162917905w=2
  
  where he said I suggest you call [Sangoma].
  
  
  The second being the logs.  They are in the messages linked above, but
  just before the router locked up there were san messages in
  /var/log/messages and on the console there is san2: LCP keepalive
  timeout.


And this:
  I am not
  sure what triggers this problem and it has not happened again since the
  times mentioned in that email so it is fairly difficult to debug.


l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: Pentium FDIV bug

Re: Strange crashes started this morning

2007-06-22 Thread andrew fresh 
On Fri, Jun 22, 2007 at 04:45:34PM -0400, Alex Feldman wrote:
 Hello Andrew,
 
 I'm sorry for the delay. I don't have always time to got through mailing
 list.
 It is not so clear that the crash related to Sangoma driver. I would like to
 see the crash dump at that moment. This will help me to resolve the issue.

I included the trace and other information in my original message to the list.
You can see it in the archives here:

http://marc.info/?l=openbsd-miscm=118245939832197w=2

I also submitted that information to [EMAIL PROTECTED] from
[EMAIL PROTECTED]


There are two resons I believe it is the Sangoma driver causing the
problem.

The first is the message from Theo that you can read in the archives
here:

http://marc.info/?l=openbsd-miscm=118246162917905w=2

where he said I suggest you call [Sangoma].


The second being the logs.  They are in the messages linked above, but
just before the router locked up there were san messages in
/var/log/messages and on the console there is san2: LCP keepalive
timeout.  


Is there some additional information that you need that I can provide?
I believe everything is in that first message linked above.  I am not
sure what triggers this problem and it has not happened again since the
times mentioned in that email so it is fairly difficult to debug.

I worry that it will happen when I am not available to restart it and so
would like to get it resolved.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

A printer consists of three main parts:
the case, the jammed paper tray and the blinking red light.

Re: Strange crashes started this morning

2007-06-21 Thread andrew fresh 
On Thu, Jun 21, 2007 at 03:29:04PM -0600, Theo de Raadt wrote:
 Sangoma has made it pretty clear (by ignoring problem reports
 from our developers) that they don't care at all.
 
 I suggest you call them, and add your voice there.

I certainly will.  Unfortunately I think these cards showed up on the
same day that the announcement about accoom.kd85.com showed up in my
mailbox.

Is there anyone in particular I should ask to speak with there or just
anyone who answers the phone?

 Otherwise, I suggest that everyone running Sangoma projects
 learn from this experience...

I certainly would recommend a different card.  I am trying to replace
some of these with an ethernet connection but getting anything other
than T1s has been a problem here.


When I do get this fast ethernet line, does anyone want to trade 5 dual
port san(4) cards for 3 dual port art(4)?  :-) Otherwise I will have to
try to get a budget approved to just replace them.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

At the source of every error which is blamed on the computer, you
will find at least two human errors, including the error of blaming
it on the computer.

OpenBSD 4.1 Torrents

2007-05-01 Thread andrew fresh 
Probably everyone knows already, but I just wanted to get the word out
that there are OpenBSD 4.1 torrents now on the torrent site:

http://openbsd.somedomain.net/index.php?version=4.1

So far they are mostly just the files off of the CDs, but as I get
synced up, the package torrents will update.

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: The Borg tried to assimilate your system.
Resistance is futile.

Re: -current sensorsd doesn't work for me

2007-01-13 Thread andrew fresh 
I am CC'ing tech@ not because I like to crosspost, but because I believe
this to be the end of a conversation on misc@ and the start of a
discussion on tech@ about hopefully getting this changed.

On Sat, Jan 13, 2007 at 10:11:24AM -0500, Constantine A. Murenin wrote:
 On 12/01/07, andrew fresh [EMAIL PROTECTED] wrote:
 I am trying to shut down my laptop using the voltage sensors.
 Unfortunatly I can't test this with a generic kernel because all my
 sensors on my only -current box come from the ACPI subsystem.
 
 The problem is, the limits don't seems to work:
 
 $ sysctl hw.sensors.acpibat0.volt1
 hw.sensors.acpibat0.volt1=7.96 VDC (current voltage), OK
 $ tail -3 /etc/sensorsd.conf
 hw.sensors.acpibat0.volt1:low=8V:high=9V

no matter what I set, sensorsd always says within limits.

 sensorsd.conf(5) says [that's how it is supposed to work]
 
 The following patch will allow you to set high and low values for
 volt0 and volt1 on acpibat in sensorsd:

I think would prefer this patch, or something like it, just in case I
want to override the choices someone made for other sensors.

I believe this diff adds useful functionality without losing anything.
However, I am NOT a C programmer, so I may have screwed something up.

Index: sensorsd.c
===
RCS file: /cvs/src/usr.sbin/sensorsd/sensorsd.c,v
retrieving revision 1.27
diff -u -r1.27 sensorsd.c
--- sensorsd.c  6 Jan 2007 18:17:06 -   1.27
+++ sensorsd.c  13 Jan 2007 18:15:12 -
@@ -218,7 +218,9 @@
 * status had failed so warn about it */
if (newstatus == SENSOR_S_UNKNOWN)
newstatus = SENSOR_S_WARN;
-   else if (newstatus == SENSOR_S_UNSPEC) {
+   else if (newstatus == SENSOR_S_UNSPEC ||
+   limit-upper != LLONG_MAX  ||
+   limit-lower != LLONG_MIN) {
if (sensor.value  limit-upper ||
sensor.value  limit-lower)
newstatus = SENSOR_S_CRIT;
Index: sensorsd.conf.5
===
RCS file: /cvs/src/usr.sbin/sensorsd/sensorsd.conf.5,v
retrieving revision 1.10
diff -u -r1.10 sensorsd.conf.5
--- sensorsd.conf.5 28 Dec 2006 10:04:27 -  1.10
+++ sensorsd.conf.5 13 Jan 2007 18:15:12 -
@@ -58,8 +58,8 @@
 .Xr esm 4 ,
 or
 .Xr ipmi 4 )
-do not require boundary values specified (that otherwise will be
-ignored) and simply trigger on status transitions.
+do not require boundary values specified and simply trigger on status
+transitions unless you specify either boundry.
 .Pp
 The command is executed on transitions out of, and back into, given limits.
 Tokens in the command are substituted as follows:
===

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: (l)user error

-current sensorsd doesn't work for me

2007-01-12 Thread andrew fresh 
I am trying to shut down my laptop using the voltage sensors.
Unfortunatly I can't test this with a generic kernel because all my
sensors on my only -current box come from the ACPI subsystem.

The problem is, the limits don't seems to work:

$ sysctl hw.sensors.acpibat0.volt1
hw.sensors.acpibat0.volt1=7.96 VDC (current voltage), OK
$ tail -3 /etc/sensorsd.conf
hw.sensors.acpibat0.volt1:low=8V:high=9V
#:command=/etc/sensorsd/shutdown %2 %3

$ sudo sensorsd -d
^C
$ tail -1 /var/log/messages
Jan 12 18:25:24 trin sensorsd[15369]: hw.sensors.acpibat0.volt1: within limits, 
value: 7.96 V DC
$

I think that should trip the low limit.

I changed it to low=5V:high=9V and it works as expected.  The log says
it is within limits.

But, if I change the entry in sensorsd.conf to low=5V:high=6V (should
trip the high limit) it still claims the sensors are within limits.

Am I doing something stupid?


The diff for the acpi kernel

--- GENERIC Fri Jan  5 18:54:24 2007
+++ ACPIThu Jan 11 21:20:37 2007
@@ -57,19 +57,19 @@
 eisa0  at mainbus0
 pci*   at mainbus0
 
-#optionACPIVERBOSE
-#optionACPI_ENABLE
+option ACPIVERBOSE
+option ACPI_ENABLE
 
-acpi0  at mainbus? disable
-#acpitimer*at acpi?
-#acpihpet* at acpi?
-#acpiac*   at acpi?
-#acpibat*  at acpi?
-#acpibtn*  at acpi?
-#acpicpu*  at acpi?
-acpiec*at acpi?disable
+acpi0  at mainbus?
+acpitimer* at acpi?
+acpihpet*  at acpi?
+acpiac*at acpi?
+acpibat*   at acpi?
+acpibtn*   at acpi?
+acpicpu*   at acpi?
+acpiec*at acpi?
 acpiprt*   at acpi?
-#acpitz*   at acpi?
+acpitz*at acpi?
 
 option PCIVERBOSE
 option EISAVERBOSE

and my DMESG

OpenBSD 4.0-current (ACPI) #1: Thu Jan 11 21:42:30 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ACPI
cpu0: Intel(R) Pentium(R) M processor 1.30GHz (GenuineIntel 686-class) 1.30 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
real mem  = 1063415808 (1038492K)
avail mem = 961875968 (939332K)
using 4256 buffers containing 53293056 bytes (52044K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(d8) BIOS, date 12/01/05, BIOS32 rev. 0 @ 0xfd6a0, 
SMBIOS rev. 2.3 @ 0xd8010 (17 entries)
bios0: Sony Corporation VGN-TX770P
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd6a0/0x960
pcibios0: PCI BIOS has 17 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801FBM LPC rev 0x00)
pcibios0: PCI bus #7 is the last bus
bios0: ROM list: 0xc/0x1! 0xd8000/0x4000! 0xdc000/0x4000!
acpi0 at mainbus0: rev 0
acpi0: tables DSDT FACP APIC BOOT MCFG SSDT SSDT SSDT SSDT 
acpitimer0 at acpi0: can't identify bus
acpi device at acpi0 from table DSDT not configured
acpi device at acpi0 from table FACP not configured
acpi device at acpi0 from table APIC not configured
acpi device at acpi0 from table BOOT not configured
acpi device at acpi0 from table MCFG not configured
acpi device at acpi0 from table SSDT not configured
acpi device at acpi0 from table SSDT not configured
acpi device at acpi0 from table SSDT not configured
acpi device at acpi0 from table SSDT not configured
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 0 (PEGP)
acpiprt2 at acpi0: bus 6 (PCIB)
acpiec0 at acpi0: EC0_
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PWRB
acpibat0 at acpi0: BAT1: model:  serial:  type: LION oem: Sony Corp.
acpiac0 at acpi0: AC unit online
acpicpu0 at acpi0: CPU0: 1300, 1000, 800, 600 MHz
acpitz0 at acpi0, critical temperature: 99 degC
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82915GM/PM/GMS Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 82915GM/GMS Video rev 0x03: aperture at 
0xb008, size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel 82915GM/GMS Video rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 Intel 82801FB HD Audio rev 0x03: irq 10
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Realtek ALC260 (rev. 3.0), HDA version 1.0
azalia0: codec: 0x04x/0x14f1 (rev. 0.0), HDA version 0.9
azalia0: codec[1]: No support for modem function groups
azalia0: codec[1]: No audio function groups
audio0 at azalia0
uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at

Nagios check_hw_sensors for the new two level sensors

2007-01-05 Thread andrew fresh 
I am doing better this time, I saw that the sensors output changed, and
I am running -current on my laptop :-)  

However, that doesn't give me a lot of sensors to try, so if you are
using Nagios and -current or just want to try it, grab version 1.22 of
check_hw_sensors and let me know about anything that is broken.  

If you do have problems, if you could include the output from sysctl
hw.sensors with any reports, I can see what I can do.

The latest version is available here:
http://openbsd.somedomain.net/nagios/check_hw_sensors.html

and should still work on older versions of OpenBSD.

A direct download link for 1.22 is here:
http://openbsd.somedomain.net/nagios/check_hw_sensors-1.22.tar.gz

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: The hardware bus needs a new token.

Re: What it this mean?

2006-12-13 Thread andrew fresh 
On Mon, Dec 11, 2006 at 09:16:50AM -0700, Carlos A. Garcia G wrote:
 i have recived a mail from the server with this information
 
 Checking setuid/setgid files and devices:
 Setuid/device find errors:
 find: /tmp/PerlIO_W32319: No such file or directory
 
 what is it? and what can i do to fix the problem?

Since amazingly no one else has written in with the correct answer:

This output comes from the daily insecurity output email.

It is caused by the find for new/updated set[ug]id files in
/etc/security.  It is generated when find attempts to enter a directory
that was there when listing the contents parent directory but was
removed before find had a chance to traverse it.

I get these errors regularly on my servers running mimedefang as there
are generally quite a few directories in /var/spool/mimedefang that get
created and deleted quickly.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: Communications satellite used by the military
for star wars.

New version of check_hw_sensors to support the sysctl hw.sensors output changes

2006-12-05 Thread andrew fresh 
Ahh the joys of not enough time to follow -current.  

I am finally working on upgrading my machines to 4.0 and have found that
in sysctl.c v1.135[1], Otto changed the output to be simpler[2].
However, I was using some of the output that is now gone for my Nagios
check[3] so the old version is broken.  

That means there is now a new version[4] available that works on OpenBSD
4.0.  I have not done extensive testing, but it seems to work so far.

[1] 
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/sysctl/sysctl.c.diff?r1=1.134r2=1.135f=h
[2] http://marc.theaimsgroup.com/?l=openbsd-cvsm=114948953703830w=2
[3] http://openbsd.somedomain.net/nagios/check_hw_sensors.html
[4] http://openbsd.somedomain.net/nagios/check_hw_sensors-1.21.tar.gz

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: Atilla the Hub

OpenBSD 4.0 torrents available

2006-11-01 Thread andrew fresh 
Torrents for OpenBSD 4.0 are now available from:
http://openbsd.somedomain.net/index.php?version=4.0

Not everything is synced yet, but the mirror is running and new torrents
will be posted as they are generated.  The only things that should
really change are the package torrents and additional architectures.

As the torrents are unofficial, I would recommend that you grab a CKSUM
or MD5 file from an official mirror and check it against the files that
you downloaded.
http://www.openbsd.org/ftp.html

Please, be sure to donate to the project.  
http://www.openbsd.org/donations.html

The paypal subscriptions are very convenient.

Latest version torrents are generally available here:
http://openbsd.somedomain.net/index.php?version=latest+release

and of course, all available torrents are listed on the main page:
http://openbsd.somedomain.net/

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: permission denied

Thank you OpenBSD, the sensors framework ROX!

2006-10-24 Thread andrew fresh 
I just want to say thank you to the OpenBSD team.

Over the weekend, one of our OpenBSD servers[1] had a fan die.  Thanks to
the sensors framework, and the Nagios[2] plugin I wrote[3], I found out
it was broken, and I could also tell that the rest of the fans in the
server were doing a fine job keeping it cool.  That means I was able to
replace the fan at my convienience.  Without the sensors framework, I
would probably not have noticed the fan being out until more fans died
and the server overheated.

[1] It one of our Internet routers, running OpenBGPd[4]
[2] http://www.nagios.org
[3] I swear this isn't an advertisement, but here's the link[5]
[4] Thanks for OpenBGPd too!
[5] http://openbsd.somedomain.net/nagios/

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: Stale file handle (next time use
Tupperware(tm)!)

Re: Run script on cd insertion

2006-08-04 Thread andrew fresh 
On Wed, Aug 02, 2006 at 07:29:42PM -0500, L. V. Lammert wrote:
 At 12:16 PM 8/2/2006 -0700, andrew fresh wrote:
  I never checked for CD's, but hotplugd might say something when it is
  inserted, I know it works for USB disks.
 
 AFAIK hotplug only works for drives not disks.  My testing just now
 shows that hotplugd does not see an event when I put in a CD
 
 You're on the wrong track:
 
 http://research.silmaril.ie/autoruncd/

that assumes you have something like this installed on your linux box.

http://autorun.sourceforge.net/

And, although in the sourceforge category it claims
Operating System: All POSIX (Linux/BSD/UNIX-like OSes), Linux, it
appears that they really mean linux.

It also appears, from what little C++ I can guess the meaning of, that it
just loops, checking the cd devices to see if they are ready and mounts
them if they are.

http://autorun.cvs.sourceforge.net/autorun/autorun/autorun.cc?revision=1.5view=markup

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: Traceroute says that there is a routing problem
in the backbone.  It's not our problem.

Re: Run script on cd insertion

2006-08-04 Thread andrew fresh 
On Fri, Aug 04, 2006 at 04:13:26PM -0700, Michael Coulter wrote:
 On Tue, Aug 01, 2006 at 02:28:25PM -0700, andrew fresh wrote:
  I am in need the ability to run a script when a cd is inserted.  I am
  not finding any way of getting notified when that happens, so I am
  asking here.  If not, I can just loop cdio info and check for a disk.  
  
  Is there something that will run a script when I insert a CD?
 
 If you grab a copy of INF-8090.pdf, have a look at Appendix E.
 It would probably require a little bit of programming, but
 if you want to do this nicely, it appears to be the right way.

That doc says that:

Current ATAPI implementations do not support queuing nor
overlap, so the immediate mode must be used.

and that: 

The Immediate mode allows the host to periodically poll the
device to find events and examine status. 

So it sounds like no matter what you have to poll for the disk being
inserted.  It MAY be less work for the system if that feature were added
somewhere and then hotplug (or something) were notified, but for my
purpose, when not burning disks there is plenty of CPU so for now
while [ true ]; do burn_disc; sleep 3; done
is a good enough solution.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: Someone was smoking in the computer room and
set off the halon systems.

Re: Run script on cd insertion

2006-08-02 Thread andrew fresh 
On Tue, Aug 01, 2006 at 08:53:15PM -0400, Jeff Quast wrote:
 On 8/1/06, andrew fresh [EMAIL PROTECTED] wrote:
 I am in need the ability to run a script when a cd is inserted.  I am
 not finding any way of getting notified when that happens, so I am
 asking here.  If not, I can just loop cdio info and check for a disk.
 
 Is there something that will run a script when I insert a CD?
 
 
 I never checked for CD's, but hotplugd might say something when it is
 inserted, I know it works for USB disks.

AFAIK hotplug only works for drives not disks.  My testing just now
shows that hotplugd does not see an event when I put in a CD

 If it doesn't, and you write a patch to make it say something, it
 might be appreciated.

ya, that takes more C than I know at the moment, or that I have time to
learn.

 Of course, I would never do anything with it. But for headless
 systems, it might be nice 'feature' for very certain situations.
 
 Never mentioned what you need it for..

What I am using it for is a CD burning machine.  We are an ISP and have
a CD that we give to our customers.  It has a wizard that sets up their
windows box to dial up and configures their email client.  It also has
some other software on it that we find handy if they don't have to
download.  Firefox, Thunderbird, AVG Antivirus, Windows service packs,
stuff that is faster to drive and get a CD than it is to download over a
modem.

Most people don't need this, so it has not been cost effective to have
them professionally pressed.  Plus, doing it ourselves allows us to put
new versions of the software on the disk more frequently.

I have a script that uses the new cd burning capabilities of cdio to
burn an iso onto a CD.  For now I just have to have a loop that checks
for a disk and burns it if one is inserted, what I would prefer is to
just have the script run when a CD is put in.

--- BEGIN burn_disk ---

#!/bin/sh

# You can run this like:
# while [ true ]; do burn_disk ; sleep 3 ; done

export DISC=cd0
export ISO=rraz.iso

TRACK=`cdio -s info 2 /dev/null | cut -d   -f 1`

if [ X$TRACK = X ]; then
echo No CD inserted, abort!
exit 255
fi

if [ $TRACK -gt 0 ]; then
echo disk is not blank, abort!
echo o2EC  /dev/speaker 
cdio eject
exit 255
fi

if [ $TRACK -eq 0 ]; then
echo Disk is blank, we are go for burn!
cdio tao $ISO
if [ $? -eq 0 ]; then 
echo o3l10c.cf..  /dev/speaker 
cdio eject
else
echo Error with burn!
echo o2EC  /dev/speaker 
cdio eject
exit 255
fi

fi

--- END burn_disk ---

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: Robotic tape changer mistook operator's tie for
a backup tape.

Re: Nagios check_bioctl available

2006-07-31 Thread andrew fresh 
On Fri, Jul 28, 2006 at 09:17:28PM -0500, Marco Peereboom wrote:
 andrew fresh wrote:
 I have written a perl script that parses the output from bioctl and
 returns it in a format that Nagios can use.  
 
 Sweet :-)

Thanks!

 One thing I ran into is that bioctl needs to run as root to get access
 to /dev/bio, even for read only access.  Is there a way to query bioctl
 without needing root?
 
 No!

dang! oh well, sudo is a good enough solution then.  

 Also, in biovar.h, both a raid volume and a disk can be Offline.
 However, I am not sure what that means.  Currently it is a WARNING, but
 I don't know what status it should be set to.
 
 If 2 or more physical disks of a RAID 5 are offline a volume will be 
 marked offline as well.  An offline RAID 5 is obviously a critical 
 event.  Hope this makes sense since I am not exactly sure what you are 
 asking.

I will change Offline to be a CRITICAL error.  

and here is the new version:
http://openbsd.somedomain.net/nagios/check_bioctl-1.4.tar.gz

However, I guess my question is what would cause a disk to be Offline?

There is a separate status for Failed, and I could see the RAID being
Offline if too many disks had Failed.


Are there any other status that should be different?  They seemed to be
fairly straight forward, but there may be good arguments for them to be
changed.

my %Status_Map = (
Online  = 'OK',
Offline = 'CRITICAL',
Degraded= 'CRITICAL',
Failed  = 'CRITICAL',
Building= 'WARNING',
Rebuild = 'WARNING',
'Hot spare' = 'OK',
Unused  = 'OK',
Scrubbing   = 'WARNING',
Invalid = 'CRITICAL',
);

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: Windows 95 undocumented feature

Re: Nagios check_bioctl available

2006-07-31 Thread andrew fresh 
On Sun, Jul 30, 2006 at 03:03:26AM +0200, Wijnand Wiersma wrote:
 2006/7/29, andrew fresh [EMAIL PROTECTED]:
 One thing I ran into is that bioctl needs to run as root to get access
 to /dev/bio, even for read only access.  Is there a way to query bioctl
 without needing root?
 
 Well, I think you only need the status of the drives and that is
 availlable using sysctl hw.sensors in current (you already mentioned
 sysctl). A monitoring system should not use the capabilities of
 bioctl, it just needs to know the status and report that.

If that is the case, then this check will become obsolete.  That would
be nice!  I will have to go put -current on my test box and try it out.  


As it is, on my 3.9-stable box, the output from sysctl if it is
available does not seem very reliable:

hw.sensors.29=esm0, Drive 0, drive, online
hw.sensors.30=esm0, Drive 1, drive, online
hw.sensors.31=esm0, Drive 2, drive, unknown
hw.sensors.32=esm0, Drive 3, drive, unknown
hw.sensors.33=esm0, Drive 4, drive, online
hw.sensors.34=esm0, Drive 5, drive, online
hw.sensors.35=esm0, Drive 6, drive, unknown
hw.sensors.36=esm0, Drive 7, drive, unknown

$ sudo bioctl ami0
Password:
Volume  Status Size   Device
 ami0 0 Online 8984199168 sd0 RAID1
  0 Online 8984199168 0:0.0   safte0 IBM DRVS09D 0140
  1 Online 8984199168 0:1.0   safte0 IBM DRVS09D 0140
 ami0 1 Online36234592256 sd1 RAID10
  0 Online18117296128 0:3.0   safte0 QUANTUM ATLAS10K2-TY184JDA40
  1 Online18117296128 0:4.0   safte0 QUANTUM ATLAS10K2-TY184JDA40
  2 Online18117296128 0:5.0   safte0 QUANTUM ATLAS10K2-TY184JDA40
  3 Online18117296128 0:8.0   safte0 QUANTUM ATLAS10K2-TY184JDA40
 ami0 2 Hot spare  8984199168 0:2.0   safte0 IBM DMVS09M 0220
 ami0 3 Hot spare 18117296128 0:9.0   safte0 QUANTUM ATLAS 10K 18SCA UCHD


The rest of the sensors seem mostly correct though, and there are sure
enough of them!

$ sysctl hw.sensors | tail -1
hw.sensors.99=safte0, temp1, OK, temp, 27.78 degC / 82.00 degF


Also, on another box that has external disk box connected with ses, I
don't get any status for those disks in sysctl.  The disks that are
actually in the server are using safte and those show up in sysctl.  I
don't know why, so now I have this check :-)


 Now that I think of it, I should add support to the upwatch monitoring
 system too, but I am not that lucky to have hardware to actually test
 it :-)

If the information is available in sysctl in 4.0, that would be the
check to integrate.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: dynamic software linking table corrupted

Nagios check_bioctl available

2006-07-28 Thread andrew fresh 
I have written a perl script that parses the output from bioctl and
returns it in a format that Nagios can use.  

check_bioctl is avaliable here:
http://openbsd.somedomain.net/nagios/check_bioctl-1.3.tar.gz

It is useful to me, and so I thought it might be useful to someone else.  

I wrote this on OpenBSD 3.9 and tested on Dell PERC 3/DC controllers
using the ami driver. It should work just fine on other versions of
OpenBSD as well as with other cards and drivers. If you do run into
trouble, send me the output from bioctl on the system you are having
trouble with and I can try to help. Patches to fix problems would be
even better.


One thing I ran into is that bioctl needs to run as root to get access
to /dev/bio, even for read only access.  Is there a way to query bioctl
without needing root?


Also, in biovar.h, both a raid volume and a disk can be Offline.
However, I am not sure what that means.  Currently it is a WARNING, but
I don't know what status it should be set to.

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/biovar.h?rev=1.25content-type=text/x-cvsweb-markup

If anyone knows what the Offline status means, I would sure like to
know.


An additional useful feature is that you can specify multiple devices to
check in a single check

/usr/local/libexec/nagios/check_bioctl -d ami0 -d ami1


Output is similar to below, except with NAGIOS_OUTPUT set to 1 in the
source (as it usually is) all output is on a single line separated with
br and it hides any devices that are OK because Nagios has a limit on
the length of a response.

CRITICAL (1):
   ami0 sd1 Degraded
WARNING (1):
   ami0 0:8.0 Rebuild QUANTUM ATLAS10K2-TY184JDA40
OK (7):
   ami0 sd0 Online
   ami0 0:0.0 Online IBM DMVS09M 0220
   ami0 0:1.0 Online IBM DRVS09D 0140
   ami0 0:3.0 Online QUANTUM ATLAS10K2-TY184JDA40
   ami0 0:4.0 Online QUANTUM ATLAS10K2-TY184JDA40
   ami0 0:5.0 Online QUANTUM ATLAS10K2-TY184JDA40
   ami0 0:2.0 Hot spare IBM DRVS09D 0140


I currently configure it something like this:

$ grep check_bioctl /etc/sudoers /etc/nrpe.cfg
/etc/sudoers:_nrpe   ALL = NOPASSWD:/usr/local/libexec/nagios/check_bioctl -d 
ami0
/etc/nrpe.cfg:command[check_bioctl]=/usr/bin/sudo 
/usr/local/libexec/nagios/check_bioctl -d ami0


Also available is check_hw_sensors for checking of sysctl hw.sensors
from Nagios.

http://openbsd.somedomain.net/nagios/

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: YOU HAVE AN I/O ERROR - Incompetent Operator
error

Re: Sound card with supported digital out

2006-06-12 Thread andrew fresh 
On Sat, May 27, 2006 at 08:18:59PM +0200, Jan Johansson wrote:
 andrew fresh [EMAIL PROTECTED] wrote:
  I have tried one of those, I had forgotten about that.  The
  problem with the USB digital output that I have tried is that
  it does not do AC3/DTS passthrough, all it does is output 2
  channel PCM over the optical digital connection.  
  
  I believe the one I tried was a Turtle Beach Audio Advantage
  Micro.  If there is USB audio that will do AC3/DTS passthrough
  on OpenBSD, I would be happy with that.
 
 I have a Sinovoice UAC-05 which identifies like this
 
 uaudio0 at uhub0 port 2 configuration 1 interface 0: ABC C-Media USB 
 Headphone Set, rev 1.10/1.00, addr 2
 uaudio0: audio rev 1.00, 8 mixer controls
 audio0 at uaudio0

I found the Turtle Beach AudioAdvantage Micro that I tried before:
uaudio0 at uhub0 port 1 configuration 1 interface 0: C-Media INC. USB Audio, 
rev 1.10/0.10, addr 2
uaudio0: audio rev 1.00, 4 mixer controls
audio1 at uaudio0

and a Creative USB SoundBlaster Model SB0270:
uaudio0: audio rev 1.00, 3 mixer controls
audio1 at uaudio0
uhidev1 at uhub1 port 2 configuration 1 interface 3
uhidev1: Creative Labs USB Audio, rev 1.10/1.00, addr 2, iclass 3/0
uhid0 at uhidev1: input=3, output=3, feature=0

 it is connected to my NAD T-760 receiver using a toslink
 (optical) cable.

Mine connects to my Yamaha RX-V1400 through optical.

 In the following examples I use Gladiator (region 2).
 To get DTS on the receiver:
 To get Dolby Digital on the receiver:
 (On Shrek (region 1) I had to use -aid to get DTS.)

I am trying an Xvid with AC3 5.1 encoded into it (the machine I have
that can get close enough to the reciever doesn't have a DVD drive) 

doing 
$ mplayer file 

I get:
==
Opening audio decoder: [liba52] AC3 decoding with liba52
Using SSE optimized IMDCT transform
AC3: 5.1 (3f+2r+lfe)  48000 Hz  448.0 kbit/s
Using MMX optimized resampler
AUDIO: 48000 Hz, 2 ch, s16le, 448.0 kbit/29.17% (ratio: 56000-192000)
Selected audio codec: [a52] afm:liba52 (AC3-liba52)
==

which I believe means that it sees the file is AC3 5.1 but it is
decoding it to 2ch s16le and outputting it to the headphone jack.

when I 
$ mplayer -ac hwac3 file

I get:
==
Forced audio codec: hwac3
Opening audio decoder: [hwac3] AC3/DTS pass-through S/PDIF
No accelerated IMDCT transform found
hwac3: switched to AC3, 448000 bps, 48000 Hz
AUDIO: 48000 Hz, 2 ch, ac3, 448.0 kbit/29.17% (ratio: 56000-192000)
Selected audio codec: [hwac3] afm:hwac3 (AC3 through S/PDIF)
==

Mplayer claims it is converting it to 2ch AC3, but according to this, it
is just lying:

http://marc.theaimsgroup.com/?l=mplayer-usersm=114837108311020w=2

mplayer was throwing me a red herring by telling me it was playing 
2-channel when in fact hwac3 was sending the full raw audio to the amp.

So, I tried 2 different files, one with 5.1ch and one with 2ch.  My
reciever shows that it is recieving the correct number of channels
depending on the file.

 Hope this helps.

It did!  It got me to try it again and I see now that It Just Works![1]

I get AC3 passthrough working correctly with both sound cards.  w00 h00!

[1] unlike the linux box I have that claims to pass through AC3 but
instead just sends garbage to the reciever.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: We already sent around a notice about that.

Re: PHP vs Mason vs Ruby vs JSP/Tomcat

2006-05-22 Thread andrew fresh 
On Mon, May 22, 2006 at 11:53:27PM +0100, Craig Skinner wrote:
 *) Mason
 - not practical in chroot without half of CPAN, so what is the point?

 I am leaning towards Mason behind a reverse Squid proxy

I would think that if you use mason with mod_perl[1] instead of running
it as a CGI, you don't need anything (even perl) in the chroot.  You do
need to tell Apache to pre-load whatever modules you want to use when it
starts, but I don't recall that being TOO difficult.  

It has been a while since I played with mod_perl but that is what I
remember, I could be wrong.  I do know that I am using perl modules from
mod_perl that are not inside the chroot.

[1] http://www.masonbook.com/book/chapter-7.mhtml

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: There isn't any problem

Re: Sound card with supported digital out

2006-05-20 Thread andrew fresh 
On Sat, May 20, 2006 at 05:46:42AM +0200, Jan Johansson wrote:
 andrew fresh [EMAIL PROTECTED] wrote:
  Is there a supported sound card that supports digital outputs?
 
 I think your best bet is USB audio. I have a simple USB audio
 stick that does optic digital signal or headphones under OpenBSD.
 

I have tried one of those, I had forgotten about that.  The problem with
the USB digital output that I have tried is that it does not do AC3/DTS
passthrough, all it does is output 2 channel PCM over the optical
digital connection.  

I believe the one I tried was a Turtle Beach Audio Advantage Micro.  If
there is USB audio that will do AC3/DTS passthrough on OpenBSD, I would
be happy with that.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: wrong polarity of neutron flow

Sound card with supported digital out

2006-05-19 Thread andrew fresh 
Is there a supported sound card that supports digital outputs?

I am trying to build a media pc that is similar to GeeXboX[2].  Pretty
much just minimal system that will netboot and get mplayer running, but
on an OS I like, OpenBSD :-) However, I want to be able to do AC3 and
DTS passthrough and I am not sure if any digital audio out is supported
on any cards in OpenBSD.

Looking though the cards listed on i386.html[3] and searching the
archives, I didn't find any support for digital outputs.  

On the SBLive! and Audigy cards that I have, emu(4)[1] claims not to
support the S/PDIF.

I do see that the Turtle Beach Santa Cruz is supposed to be supported by
clcs(4)[4] and clcs(4) doesn't say that the S/PDIF out is not supported
so I am not sure.

Thank you for any information.

[1] http://www.openbsd.org/cgi-bin/man.cgi?query=emuarch=i386sektion=4
[2] http://geexbox.org/
[3] http://www.openbsd.org/i386.html
[4] http://www.openbsd.org/cgi-bin/man.cgi?query=clcsarch=i386sektion=4

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: Your packets were eaten by the terminator

Re: Problems while replacing Cisco 3640 with OpenBSD and OpenBGPd (LONG)

2006-05-11 Thread andrew fresh 
On Wed, Feb 22, 2006 at 05:08:15PM +0100, Henning Brauer wrote:
 * andrew fresh [EMAIL PROTECTED] [2006-02-17 23:57]:
  I have a Cisco router I am trying to replace.  I will describe the Cisco
  box, the replacement OpenBSD router, the setup and finally what issues I
  am having.  The bgpd.conf contents are at the bottom of the email.  If
  there is some additional information that would be useful, please let me
  know.
 
 this has been tracked down to be an incorrect nexthop in private mail 
 exchange - in short, the joys of iBGP.

It actually ended up being my own stupidity.  I finally had time to
finish testing the last change, back to no set nexthop in bgpd.conf.

For the archives, what caused the issue was me trying to do something
fancy.  I had multiple routes to the same networks and I set those up
with ifconfig -mpath.  Kernel multipath does not yet work, and it really
confused bgpd.  With the multiple routes to the same networks removed,
everything works as expected and OpenBGPd has made me very happy!

Now all I have to do is finish my migration from eigrp to ospf so I can
get rid of the static routes on my OpenBSD routers and all will be good.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: somebody was calculating pi on the server

Nagios plugin to check hw.sensors

2006-05-04 Thread andrew fresh 
I monitor most of the stuff around here with Nagios, and, with the new
sensors framework that gives me a whole bunch of stuff to monitor.  But,
I found there wasn't an easy way to monitor them remotely.  So, I put
some work into a Nagios plugin.  

It is a bit rough yet, so patches are welcomed.  

So far, it has been working fairly well.  The exception being one of the
machines I am using it on (a Dell PowerEdge 2450) doesn't show the same
sensors everytime I restart.  It is probably an issue with the machine,
not the plugin though.

Details and download are here:

http://openbsd.somedomain.net/nagios/

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]

BOFH excuse of the day: short leg on process table

ospfd.conf example inheritance problem

2006-04-12 Thread andrew fresh 
I was trying to set default auth-type and auth-md and ran into some
trouble.  Doing some debugging, I tried just uncommenting part of the
example ospfd.conf and have found it doesn't work.  Here is what I did:

ospfd.conf.orig is the v1.2 available here:
http://www.openbsd.org/cgi-bin/cvsweb/src/etc/ospfd.conf?rev=1.2content-type=text/x-cvsweb-markup

$ sudo diff -u ospfd.conf.orig ospfd.conf
--- ospfd.conf.orig Wed Apr 12 14:57:51 2006
+++ ospfd.conf  Wed Apr 12 14:58:09 2006
@@ -9,8 +9,8 @@
 # spf-delay 1
 # spf-holdtime 5

-# auth-key $password
-# auth-type simple
+auth-key $password
+auth-type simple
 # hello-interval 10
 # metric 10
 # retransmit-interval 5

$ sudo ospfd -n
/etc/ospfd.conf:12: syntax error
/etc/ospfd.conf:23: unknown interface em0
/etc/ospfd.conf:35: unknown interface em2
/etc/ospfd.conf:37: syntax error

$ sudo head -12 ospfd.conf | tail -1
auth-key $password

I don't have em0 or em2, so the rest of the errors are mostly expected
but the line 12 syntax error seems odd since all I did was uncomment
those options.  I also don't have an em1, but ospfd doesn't error on that.

I can't tell for sure from the man page, but the example looks like it
should work, but it doesn't.

Is this the expected behaviour?  

I have tried on 3.8-stable as well as a 3.9 snapshot from March second
with the same results.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: backup tape overwritten with copy of system
manager's favourite CD

Can net-snmp show the interface description for ifAlias?

2006-02-23 Thread andrew fresh 
Is it possible to get net-snmp's snmpd to return an interface
description for ifAlias[1]?  If so, how?

I am sure that it is, but I am hoping that someone has an example
because I am not sure how to figure out how to match it to the
interfaces ifIndex value.   

It looks like net-snmp 5.2 there is going to be some ifXTable support
for Red Hat.  However, I only want ifAlias for MRTG, so has anyone done
anything like that? or does this need to go on my free time list?

It appears that the entries in ifTable[3] are in the same order that
ifconfig outputs.  Does anyone know if that is the case for sure?  If
so, a script to do what I want shouldn't be too tough.


I tried adding this to my /etc/snmpd.conf:
# A good attemt, too bad it failed.
exec .1.3.6.1.2.1.31.1.1.1.18 /home/andrew/ifAlias

where the ifAlias script is this:
#!/bin/sh

# The whitespace in the grep is a tab
INTERFACES=`ifconfig | grep -v ^| sed 's/:.*$//'`

for i in ${INTERFACES}; do
  ifconfig $i | grep description | sed -e 's/^.*description:.//'
done


Unfortunanately, that doesn't work :-(

$ snmpwalk -v1 -c public testhost .1.3.6.1.2.1.31.1.1.1.18
IF-MIB::ifAlias.1.1 = Wrong Type (should be OCTET STRING): INTEGER: 1
IF-MIB::ifAlias.2.1 = STRING: /home/andrew/ifAlias
IF-MIB::ifAlias.3.1 = STRING:
IF-MIB::ifAlias.100.1 = Wrong Type (should be OCTET STRING): INTEGER: 1
IF-MIB::ifAlias.101.1 = STRING: No such file or directory
IF-MIB::ifAlias.102.1 = Wrong Type (should be OCTET STRING): INTEGER: 0
IF-MIB::ifAlias.103.1 = STRING:


So, that probably means writing a script to do pass through control[5] and
that looks to be a bit of a pain, so I am hoping someone has one already.

[1] .1.3.6.1.2.1.31.1.1.1.18 [2]
[2] 
.iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifAlias
[3] .1.3.6.1.2.1.2.2 [4]
[4] .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable
[5] look here[6] for MIP-Specific Extension Commands
[6] http://www.net-snmp.net/docs/man/snmpd.conf.html

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: Police are examining all internet packets in
the search for a narco-net-trafficker

Re: Can net-snmp show the interface description for ifAlias?

2006-02-23 Thread andrew fresh 
On Thu, Feb 23, 2006 at 05:51:24PM -0700, andrew fresh wrote:
 Is it possible to get net-snmp's snmpd to return an interface
 description for ifAlias[1]?  If so, how?

Well, nevermind, it got my interest up so here is a way that works.

It doesn't check for bad input as well as it probably should.  But the
stuff that is passed in is never actually used as a shell command so
although it might through some strange errors I don't think it is a
security risk.  

However, cfgmaker from MRTG doesn't think that it should check for
ifAlias because there is no Vendor returned by default and so it can't
even attempt to match it.  But, change cfgmaker to always query ifAlias
and w00 h00 my configs now have descriptions!

Anyway, mostly for the archives, here is how it ends up:

add something like this into your snmpd.conf
pass .1.3.6.1.2.1.31.1.1.1.18 /usr/local/libexec/ifAlias

and this script in /usr/local/libexec/ifAlias
--- BEGIN ---
#!/bin/sh
# $RedRiver: ifAlias,v 1.3 2006/02/24 03:47:59 andrew Exp $

BASE='.1.3.6.1.2.1.31.1.1.1.18'

# The whitespace here for the grep needs to be a tab
set -A INTERFACES `ifconfig | grep -v ^ | sed 's/:.*$//'`

if [ $1 = -s ]; then
  #echo $*  /tmp/passtest.log
  exit 0
fi

REQ=$2
ID=${REQ##${BASE}.}

if [ X${REQ} = X${BASE} ]; then
  ID=0
fi

if [ $1 = -n ]; then
  INDEX=$ID
  ID=$(( $ID + 1 ))
else
  INDEX=$(( $ID - 1 ))
fi

if [ X$ID = X ] || [ X$ID = X0 ] || [ X$ID = X-1 ]; then
  exit 0
fi

INTERFACE=${INTERFACES[$INDEX]}

echo ${BASE}.${ID}
if [ X${INTERFACE} = X ]; then
  echo noSuchName
  exit 0
fi

echo string
echo `ifconfig ${INTERFACE} | grep description | \
  sed -e 's/^.*description:.//'`
exit 0
--- END ---

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: The file system is full of it

Problems while replacing Cisco 3640 with OpenBSD and OpenBGPd (LONG)

2006-02-17 Thread andrew fresh 
I have a Cisco router I am trying to replace.  I will describe the Cisco
box, the replacement OpenBSD router, the setup and finally what issues I
am having.  The bgpd.conf contents are at the bottom of the email.  If
there is some additional information that would be useful, please let me
know.

The old Cisco router (CiscoRTR01) is a 3640 with 128 megs of memory.  It
has 4 T1's out to the internet, 2 from Sprint (AS1239) and 2 from ATT
(AS7018).  Each pair of lines has a BGP session associated with it.
However, it needs replacing because it is too slow to deal with the
number of pps as well as handle all of the BGP sessions. In addition, I
have to do major filtering of the BGP feeds because of memory limits. 

There is also a second router (RTR05), this one running OpenBSD and
OpenBGPd and working very well.  This router has 4 T1's as well, but
they are all from Frontier Communications (AS7011) so there is only a
single BGP session here.  

The two routers also have an iBGP session between them.

Both OpenBSD routers are as close to identical hardware as I could get
them.  Both are Dell PowerEdge 2450's with 512M ram, dual 733s, 2
Sangoma A102u cards and an additional dual port fxp card as well as the
on board fxp.  Both are running OpenBSD 3.8-stable.  Currently with
GENERIC kernal, not GENERIC-MP although I get the same issues with
GENERIC-MP.

The new OpenBSD router (RTR01) is supposed to be a drop in replacement
for the Cisco box.

As it is now, everything seems to work except the Cisco box is straining
to keep up.  When I swap in the OpenBSD box, everything appears to come
up, all the T1's come up (although one of the Sprint lines takes quite a
while) and all 3 bgp sessions come up (and get in sync amazingly faster
than the Cisco box).  

However, all routes show up as 'Incomplete' with a ? at the end of
bgpctl s rib:
RTR01 $ bgpctl s rib 199.104.207.8 all
flags: * = Valid,  = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
*199.104.207.0/2466.185.224.3   10029 1239 5650 5650 7011 ?
* 199.104.207.0/2466.185.224.3   100 0 7018 5650 5650 7011 ?

66.185.224.3 is the default gateway on RTR01.  If I just do 'bgpctl s
rib', looking through, I did not see any routes that did not have a '?'
at the end.  I didn't grep for that while the box was up though so I am
not sure that there weren't some.

On RTR05, while this new router is not plugged in, I get what I would
expect:
RTR05 $ bgpctl s rib 199.104.207.8 all
flags: * = Valid,  = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
*199.104.128.0/17216.190.36.145 100 0 7011 5650 6461 26978 
2900 i

But once the new RTR01 is plugged in, I get this on RTR05 (and I can no
longer get to the Internet):
RTR05 $ bgpctl s rib 199.104.207.8 all
flags: * = Valid,  = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
I*   199.104.207.0/24216.190.36.145 10029 1239 5650 5650 7011 ?


AS5650 is also Frontier, but the second AS on any of the AS paths out of
RTR05.

When RTR01 is plugged in, but RTR05 is not, I get the same issues with
the default gateway being chosen and the '?' indicating Incomplete.
However I don't have output from 'bgpctl s rib 199.104.207.8' all when
that is happening, so I do not remember what the aspath is.

On the new RTR01 all of the sessions come up and I get lots of prefixes:
$ bgpctl s
Neighbor ASMsgRcvdMsgSentOutQ  Up/Down
State/PrefixRcvd
AS 7018 ATT  7018  33342 15 0 00:05:39 175331
AS 1239 Sprint1239  33232 11 0 00:04:17 176981
AS 22429 rrlhcrtr050 22429  34629  56030 0 00:06:45  13144

It seems that I should get more routes from RTR05 but I could be wrong.

BGP seems to work well on RTR05 as well:
$ bgpctl s
Neighbor ASMsgRcvdMsgSentOutQ  Up/Down
State/PrefixRcvd
AS 7011 Frontier (EL  7011  55893   1924 0 15:57:53 12
AS 22429 rrlhcrtr100 22429 104162 120304 0 00:00:46 174008

My problem appears to be an issue with the routes recieved on RTR01
being marked as 'Incomplete' but I am not sure how to figure out why
that would be.  

RTR01 bgpd.conf:
#macros
rrlhcrtr0500=66.185.224.9

# global configuration
AS 22429
router-id 66.185.224.1
network 66.185.224.0/20

# neighbors and peers
group peering AS22429 {
set weight  50
remote-as   22429
local-address   66.185.224.1
neighbor $rrlhcrtr0500 {
descr   AS 22429 rrlhcrtr0500
}
}

neighbor 144.228.242.172 {
remote-as   1239
descr   AS 1239 Sprint
local-address   66.185.239.55
multihop3
}

Re: OT marc.theaimsgroup.com

2006-01-24 Thread andrew fresh 
On Tue, Jan 24, 2006 at 01:48:12AM -0500, Daniel Ouellet wrote:
 Sorry to have to asked this, but I fell at a lots now.
 
 Is there an other location a kind sole could provide me to access their 
 content? Looking for the various openbsd lists here.
 
 Or an other archive list that is as friendly to use as well.

I have been using gmane recently.

 Look likes the site was very slow, then on/off time to time, and now for 
 a week, I am totally cut off from it.

Same results from here, slow, on/off, and hasn't worked for about a
week.  What is odd is that www.theaimsgroup.com works fine.

$ lynx marc.theaimsgroup.com

Looking up marc.theaimsgroup.com first
Looking up marc.theaimsgroup.com
Making HTTP connection to marc.theaimsgroup.com
Alert!: Unable to connect to remote host.

lynx: Can't access startfile http://marc.theaimsgroup.com/

$ telnet marc.theaimsgroup.com 80
Trying 66.92.20.25...
telnet: connect to address 66.92.20.25: Connection timed out

$ ping -c 5 marc.theaimsgroup.com
PING marc.theaimsgroup.com (66.92.20.25): 56 data bytes
--- marc.theaimsgroup.com ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss

$ traceroute marc.theaimsgroup.com
traceroute to marc.theaimsgroup.com (66.92.20.25), 64 hops max, 40 byte packets
 1  rrlhcrtr2003 (66.185.225.1)  0.547 ms  0.500 ms  0.501 ms
 2  rrlhcrtr0501 (66.185.224.9)  0.248 ms  0.261 ms  0.253 ms
 3  216.190.36.145 (216.190.36.145)  1.944 ms 216.190.36.133 (216.190.36.133)  
1.831 ms 216.190.36.145 (216.190.36.145)  1.928 ms
 4  p10-2.gw01.lsvl.eli.net (70.98.98.153)  6.37 ms  5.851 ms  5.899 ms
 5  srp3-0.cr01.lsvl.eli.net (208.186.20.161)  6.106 ms  5.760 ms  5.941 ms
 6  p9-0.cr02.lsan.eli.net (207.173.114.34)  13.664 ms  13.637 ms 13.697 ms
 7  srp3-0.cr01.lsan.eli.net (208.186.20.209)  18.544 ms  27.363 ms 13.492 ms
 8  p9-0.cr02.sntd.eli.net (207.173.114.54)  22.712 ms  22.623 ms 22.689 ms
 9  srp3-0.cr01.sntd.eli.net (208.186.21.33)  28.576 ms  25.138 ms 22.692 ms
10  so-0-0-0--0.er01.plal.eli.net (207.173.114.138)  27.929 ms  24.519 ms  
33.84 ms
11  paix.ge-0-2-0.cr2.sfo1.speakeasy.net (198.32.176.49)  23.608 ms 23.441 ms  
32.316 ms
12  fe-0-3-1.cr2.wdc1.speakeasy.net (69.17.83.38)  85.1 ms  83.236 ms 82.813 ms
13  220.ge-3-0.er1.wdc1.speakeasy.net (69.17.83.46)  91.320 ms  87.299 ms  
84.863 ms
14  dsl092-171-210.wdc2.dsl.speakeasy.net (66.92.171.210)  93.724 ms 94.754 ms  
106.813 ms
15  * * *
16  * * *
17  * * *

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: High nuclear activity in your area.

Re: my multipath routing questions... SOLVED!

2005-12-12 Thread andrew fresh 
On Thu, Dec 08, 2005 at 02:14:45PM -0700, andrew fresh wrote:
 On Fri, Dec 02, 2005 at 04:08:13PM -0700, andrew fresh wrote:
  I am getting 3 different DDB's.  Mostly kernel: page fault trap,
  code=0 and Panic: rtfree 2.  I have also gotten some Panic: sbdrop,
  but not since I got the serial console attached.  When I got the sbdrop,
  trace showed calls to pf_* but I did not write it down as I thought I
  would see it again with the
  serial console.
  
  It seems to DDB anywhere from 5 minutes to 90 minutes after a reboot.
  Once I got 6.5 hours, but mostly closer to 10 minutes.  The only thing
  that seems to make a difference is disabling pf, I am up 17.5 hours now
  with pf disabled.
  
  DMESG and the trace/ps from the DDBs are below.
 
 They are actually available in the archives so as not to waste
 bandwidth.
 http://marc.theaimsgroup.com/?l=openbsd-miscm=113356535818065w=2

the whole thread is here:
http://marc.theaimsgroup.com/?t=1125791r=1w=2

or something with 'route-to' in pf?
 
 It appears that it is the route-to that is causing it to crash.  

I believe my router has been crashing because I was generating routing
loops the way I was using route-to.

It appears after a route-to, the packet then gets re-evaluated by
additional rules including additional route-to rules (as it probably
should).

If I have this rule
pass out on { san0, san1, san2, san3 } route-to { 
  (san0, 10.0.0.1), (san1, 10.1.1.1), 
  (san2, 10.2.2.1), (san3, 10.3.3.1) 
} round-robin

If san0 is the default route that the kernel picks (no kernel
multipath), I think it does something like this:

First packet hits san0 and gets routed out san0.

Second packet hits san0 and gets routed to san1, then san0, then san2,
then san0, then san3, then san0, and out san0.

Third packet hits san0 and gets routed to san1, and out san1.

Fourth packet hits san0 and gets routed to san2, then san1, then san2,
and out san2

Fifth packet kits san0 and gets routed to san3 then san2, then san3, and
out san3.

Sixth packet hits san0 and gets routed out san0.

Seventh packet hits san0 and gets routed to san1, then san2, then san1,
then san3, then san0, then san2, and out san2.

At some point, the loop becomes long enough to cause ddbs.  With
multiple packets at once, the round robining may be able to get the
loops even longer.  

I don't know what the proper fix for this would be if anything, but
something that says Rule X has already rerouted this packet, there may
be a loop somewhere error message would be nicer than a page fault, or
rtfree 2 ddb.

I could also be completely wrong as to the cause of the crashes, but
this seems to be a fairly good guess.

I resolved the crashing by adding some tagging smarts to the rule:
pass out on { san0, san1, san2, san3 } route-to { 
  (san0, 10.0.0.1), (san1, 10.1.1.1), 
  (san2, 10.2.2.1), (san3, 10.3.3.1) 
} round-robin tag ROUTED ! tagged ROUTED

This has so far made the load balancing work very well, and it has gone 
for over 48 hours and not DDB'd yet.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: Dyslexics retyping hosts file on servers

Re: my multipath routing questions...

2005-12-08 Thread andrew fresh 
On Fri, Dec 02, 2005 at 04:08:13PM -0700, andrew fresh wrote:
 I am getting 3 different DDB's.  Mostly kernel: page fault trap,
 code=0 and Panic: rtfree 2.  I have also gotten some Panic: sbdrop,
 but not since I got the serial console attached.  When I got the sbdrop,
 trace showed calls to pf_* but I did not write it down as I thought I
 would see it again with the
 serial console.
 
 It seems to DDB anywhere from 5 minutes to 90 minutes after a reboot.
 Once I got 6.5 hours, but mostly closer to 10 minutes.  The only thing
 that seems to make a difference is disabling pf, I am up 17.5 hours now
 with pf disabled.
 
 DMESG and the trace/ps from the DDBs are below.

They are actually available in the archives so as not to waste
bandwidth.
http://marc.theaimsgroup.com/?l=openbsd-miscm=113356535818065w=2

   or something with 'route-to' in pf?

It appears that it is the route-to that is causing it to crash.  

(czn is the interface group of all of the T1s) 

This works:
  set skip on { lo }
  scrub in all fragment reassemble
  block drop log all
  pass on czn all
  pass on fxp0 all

as does this (although this makes data transfers VERY slow):
  set skip on { lo }
  block drop log all
  pass on czn all
  pass in on san0 reply-to (san0 216.190.36.133) inet all keep state
  pass in on san1 reply-to (san1 216.190.36.137) inet all keep state
  pass in on san2 reply-to (san2 216.190.36.141) inet all keep state
  pass in on san3 reply-to (san3 216.190.36.145) inet all keep state
  pass on fxp0 all

But it crashes when my rules are this:
  set skip on { lo }
  block drop log all
  pass on czn all
  pass out on czn route-to { \
(san0 216.190.36.133),   \
(san1 216.190.36.137),   \
(san2 216.190.36.141),   \
(san3 216.190.36.145)\
  } round-robin inet all
  pass on fxp0 all

or this:
  set skip on { lo }
  scrub in all fragment reassemble
  block drop log all
  pass on czn all
  pass out on san0 route-to { \
(san0 216.190.36.133),\
(san1 216.190.36.137),\
(san2 216.190.36.141),\
(san3 216.190.36.145) \
  } round-robin inet all
  pass out on san1 route-to { \
(san0 216.190.36.133),\
(san1 216.190.36.137),\
(san2 216.190.36.141),\
(san3 216.190.36.145) \
  } round-robin inet all
  pass out on san2 route-to { \
(san0 216.190.36.133),\
(san1 216.190.36.137),\
(san2 216.190.36.141),\
(san3 216.190.36.145) \
  } round-robin inet all
  pass out on san3 route-to { \
(san0 216.190.36.133),\
(san1 216.190.36.137),\
(san2 216.190.36.141),\
(san3 216.190.36.145) \
  } round-robin inet all
  pass on fxp0 all

Is there something that I am obviously doing wrong?

Is there some way I can load balance outbound traffic across these 4
interfaces in a different wat?

Should I submit this as a bug report?

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: Sticky bits on disk.

ospfd and virtual links

2005-12-06 Thread andrew fresh 
I just want to make sure that virtual links are not yet supported in
ospfd.  I don't see anything in the ospfd.conf(5) or ospfd(8) so I
assume not, but I did see that Claudio mentioned[1] testing it at the
hackathon, so it may well be that I just don't understand the man page.

I do have to say that in my testing, ospfd is really schweet.  Takes
about 10 seconds to route around a downed t1 link, it is so kewl!

[1] http://marc.theaimsgroup.com/?l=openbsd-techm=111695163015683w=2

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: stop bit received

Re: my multipath routing questions...

2005-12-02 Thread andrew fresh 
On Wed, Nov 30, 2005 at 01:33:14PM +0100, Claudio Jeker wrote:

First I want to say thank you very much to Claudio, I appreciate the
response and using pf sure seems like it SHOULD work, but it keeps
crashing on me :-(

Sorry this is so long, but I wanted to provide as much information as
possible.  If there is any other information that will help, I will do
my best to provide it.

 On Tue, Nov 29, 2005 at 11:26:49PM -0700, andrew fresh wrote:
  I want to load balancing across those 4 T1s and it is sounding like I
  will not be able to do that and will have to figure out how to get these
  4 new lines into my old cisco router.
 
 It could be possible to use trunk with sppp but that needs some patching.
 At least a round-robin trunk should be possible.

Dang that would be handy, because using PF as below, I have 2 different
boxes that DDB on me.  It seems like maybe they DDB when they get too
much outbound traffic, but I have not been able to determine what causes
it apart from having PF enabled.  Ifstated being enabled or disabled
doesn't seem to make a difference.  Neither do hardware changes.  Same
issues with both the bsd and bsd.mp kernels.

I am getting 3 different DDB's.  Mostly kernel: page fault trap,
code=0 and Panic: rtfree 2.  I have also gotten some Panic: sbdrop,
but not since I got the serial console attached.  When I got the sbdrop,
trace showed calls to pf_* but I did not write it down as I thought I
would see it again with the
serial console.

It seems to DDB anywhere from 5 minutes to 90 minutes after a reboot.
Once I got 6.5 hours, but mostly closer to 10 minutes.  The only thing
that seems to make a difference is disabling pf, I am up 17.5 hours now
with pf disabled.

DMESG and the trace/ps from the DDBs are below.

  or do I have to do weird things with ifstated(8) (like 16 states for the
  4 lines and lots of route add/delete statements)?  
 
 You most probably need ifstated to make sure that failed routes get
 removed (if link is down).

I wish it were automatic, but it seems to work, although I need more
testing.

$ wc -l /etc/ifstated.conf
 258 /etc/ifstated.conf

  or something with 'route-to' in pf?
  http://marc.theaimsgroup.com/?l=openbsd-miscm=112831360613745w=2
  
  This seems to work in my test environment:
  # t1s is an interface group containing all of the links to that provider
  pass out on t1s route-to { \
  (san0 10.35.0.2) \
  (san1 10.35.1.2) \
  (san2 10.35.2.2) \
  (san3 10.35.3.2) \
  } round-robin keep state
  pass in  on san0 reply-to (san0 10.35.0.2) keep state
  pass in  on san1 reply-to (san1 10.35.1.2) keep state
  pass in  on san2 reply-to (san2 10.35.2.2) keep state
  pass in  on san3 reply-to (san3 10.35.3.2) keep state
 
 I would probably do it the same way.
 I'm not sure if pf pays attetion to the link state of route-to interfaces.


This is my entire pf.conf (apart from macro definitions), it is as
simple as I could make it.

-- pf.conf

set skip on { lo }

scrub in

block in
pass out keep state

# inet is an interface group containing all 4 of the san interfaces
pass out on inet route-to { \
($inet_if0 $inet_dest0) \
($inet_if1 $inet_dest1) \
($inet_if2 $inet_dest2) \
($inet_if3 $inet_dest3) \
} round-robin keep state
pass in  on $inet_if0 reply-to ($inet_if0 $inet_dest0) keep state
pass in  on $inet_if1 reply-to ($inet_if1 $inet_dest1) keep state
pass in  on $inet_if2 reply-to ($inet_if2 $inet_dest2) keep state
pass in  on $inet_if3 reply-to ($inet_if3 $inet_dest3) keep state

pass on $int_if

-- dmesg from the first box

OpenBSD 3.8-stable (GENERIC.MP) #0: Thu Nov  3 14:39:08 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel Pentium III Xeon (GenuineIntel 686-class) 699 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 1073319936 (1048164K)
avail mem = 972726272 (949928K)
using 4278 buffers containing 53768192 bytes (52508K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 07/07/04, BIOS32 rev. 0 @ 0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc350/208 (11 entries)
pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks ROSB4
SouthBridge rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0xe00
mainbus0: Intel MP Specification (Version 1.4) (DELL POWEREDGE A2)
cpu0 at mainbus0: apid 1 (boot processor)
cpu0: apic clock running at 99 MHz
cpu1 at mainbus0: apid 0 (application processor)
cpu1: Intel Pentium III Xeon (GenuineIntel 686-class) 699 MHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 2 is type PCI
mainbus0: bus 3 is type PCI
mainbus0: bus 4 is type PCI
mainbus0: bus 5 is type PCI
mainbus0: bus 6 is type PCI
mainbus0: bus 7 is type PCI
mainbus0: bus 8 is type PCI

my multipath routing questions...

2005-11-29 Thread andrew fresh 
Hijacking this thread, cuZ now I am worried . . . .

 On Mon, Nov 28, 2005 at 11:46:56PM -0800, David Ulevitch wrote:
  I'd like to hear how people are using OpenOSPFd

I will prbly use OpenOSPFd in the future, but at the moment, my question
is about using OpenBGPd and multiple lines from the same provider.

I am getting 4 T1s from a single provider.  Issues with local telco
facilities for T3's and other things are causing me problems with
getting anything different.

I am going to end up with something like this:
san0-\
san1-\\ all connected to a single provider 
san2-//
san3-/

Now, I assume I will have a single BGP session with them.  (I have very
little information for lines that are supposed to be installed tomorrow
morning at 9am).  

Right now I have a cisco 3640 that has 2 T1's from ATT and 2 from
Sprint, it has enough trouble with those which is why I want to replace
it with an OpenBSD box.  I am going to have an iBGP session with the
3640 and an eBGP session with my new provider.  

I will be adding 20Mb over ethernet at some point in the fairly near future
(if they can ever get it installed) and will hopefully be getting rid of
the 3640 at that point.

The OpenBSD router will not be doing any NAT, it will be passing public IPs.


This is what has me worried:
On Tue, Nov 29, 2005 at 03:33:07PM +0100, Claudio Jeker wrote:
 There is no kernel support for multipath routing.


I want to load balancing across those 4 T1s and it is sounding like I
will not be able to do that and will have to figure out how to get these
4 new lines into my old cisco router.

Unfortunately trunk(4) doesn't work with san interfaces :-( and that is
how it looked possible to do the bonding/inverse muxing that I was going
for.  

$ ifconfig trunk0 trunkport san0 trunkport san1
ifconfig: SIOCSTRUNKPORT: Protocol not supported

It would be really kewl to use the trunk(4) interface for the BGP
peer address, since it now does failover, it would be up as long as any
individual lines were up.  It would be even kewler if it would be able
to change the weighting on that interface depending on the number of
lines in the trunk, but I guess I am dreaming again.  

I guess I am looking for something like 'ip load-sharing per-packet' in
cisco terms.  But my real question is:  How do I get OpenBSD to treat
those 4 T1s as a single line and share the load across them?  

or, how do I get a reasonable approximation from OpenBSD?


Also, with those 4 T1s, I want to make sure that in case any of the 4 go down,
the BGP session will stay up.  With a cisco box, I just bind the session
to a loopback address, add routes for each interface and it will choose
one of the interfaces that is up to get to the destination.  How do I do
this with OpenBSD?

Will the BGP session just work when I solve the load balancing issue?

or do I have to do weird things with ifstated(8) (like 16 states for the
4 lines and lots of route add/delete statements)?  

or something with 'route-to' in pf?
http://marc.theaimsgroup.com/?l=openbsd-miscm=112831360613745w=2

This seems to work in my test environment:
# t1s is an interface group containing all of the links to that provider
pass out on t1s route-to { \
(san0 10.35.0.2) \
(san1 10.35.1.2) \
(san2 10.35.2.2) \
(san3 10.35.3.2) \
} round-robin keep state
pass in  on san0 reply-to (san0 10.35.0.2) keep state
pass in  on san1 reply-to (san1 10.35.1.2) keep state
pass in  on san2 reply-to (san2 10.35.2.2) keep state
pass in  on san3 reply-to (san3 10.35.3.2) keep state


l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: telnet: Unable to connect to remote host:
Connection refused

Sangoma AFT A104 PCI supported by the san driver?

2005-11-15 Thread andrew fresh 
Is the Sangoma AFT A104[1] PCI card supported?  

I assume if it is, it would be supported by the san[2] driver, but all I
see listed in the man page are the A101 and A102[3].

I am guessing since they have different spec sheets, that they are
different enough cards that it doesn't work, but I couldn't find
anything about the A104 in the archives, although I did see the A101 and
A102.

It appears from if_san_front_end.h[4] that it is unlikely, but I thought
I would ask.  It could just get detected as UNKNOWN and work anyway or
maybe someone has a small patch to make it detect and then it works. 

[1] http://www.sangoma.com/products/p_aft-104-specs.htm
[2] http://www.openbsd.org/cgi-bin/man.cgi?query=san
[3] http://www.sangoma.com/products/p_aft-et1-specs.htm
[4] 
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_san_front_end.h?rev=1.4content-type=text/x-cvsweb-markup

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: secretary plugged hairdryer into UPS

Unoffical OpenBSD 3.8 torrents available

2005-11-01 Thread andrew fresh 
There are some unoffical 3.8 torrents now available.  Packages will be
available as they finish rsyncing.

http://openbsd.somedomain.net/index.php?version=latest+release

As always, I recommend you check the MD5 or CKSUMs against the MD5 or
CKSUM files you get from an official mirror

http://www.openbsd.org/ftp.html

There is also a perl script avalable that will keep the torrents up to
date using the rss feed.

http://openbsd.somedomain.net/files/

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: NOTICE: alloc: /dev/null: filesystem full

Re: SBE wanPMC-xT3E3 support

2005-09-29 Thread andrew fresh 
I am going to post again in hopes that someone has possibly found
something because I don't want to have to buy a Cisco box.

My first T3 is going to be installed sometime in the near future and I
want to be prepared for it when it shows up. 

I did get the recommendation for something like an AT-TN1000 from Allied
Telesyn, and I have sent them an email to see if it will work in this
case, but I have not heard anything yet.  I will be pursuing that.

http://www.alliedtelesyn.com/products/details.aspx?518


Is there a T3 card that is supported by OpenBSD?  The only one I see on
http://www.openbsd.org/i386.html
is the SBEi wanPCI-1T3, and that one has been EOLed and their new one does
not appear to be supported.

I know the wanPCI-1T3 should work, so if someone knows where to get 
those, I would appreciate the information.

l8rZ,

On Mon, Aug 22, 2005 at 12:16:19PM -0700, andrew fresh wrote:
 I am wondering if the wanPMC-xT3E3 from SBE is supported.  
 http://www.sbei.net/content/products/wan/wanpmc_xt3e3/
 
 Obviously with an adaptor like the adaptPCI-PMC 
 http://www.sbei.net/content/products/platforms/adaptpci_pmc/
 
 They have recently taken the wanPCI-1T3 off of their site, and I am
 assuming EOL'd it, although I have not talked to them about it yet.
 
 The Ethernet controller is Intel's 21143TD 10/100 LAN Controller which
 is different than the DEC 21140 Ethernet chip that is listed in the
 lmc(4) man page.  
 
 Based on 
 
   if (PCI_CHIPID(pa-pa_id) != PCI_PRODUCT_DEC_21140)
 return 0;
 
 from if_lmc_obsd.c I am assuming it is not supported, but I am not a C 
 programmer, and especially not drivers.
 
 Unfortunately, I am not able to purchase one to see if it works at this
 point so I am hoping someone here knows.
 
 Does anyone know of a vendor that sells the SBE products and is OpenBSD
 friendly, preferably one who has donated to the project?  If not, a
 decent vendor for SBE at all?
 
 Is there another T3 card that is supported by OpenBSD?
 

-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: We already sent around a notice about that.

SBE wanPMC-xT3E3 support

2005-08-22 Thread andrew fresh 
I am wondering if the wanPMC-xT3E3 from SBE is supported.  
http://www.sbei.net/content/products/wan/wanpmc_xt3e3/

Obviously with an adaptor like the adaptPCI-PMC 
http://www.sbei.net/content/products/platforms/adaptpci_pmc/

They have recently taken the wanPCI-1T3 off of their site, and I am
assuming EOL'd it, although I have not talked to them about it yet.

The Ethernet controller is Intel's 21143TD 10/100 LAN Controller which
is different than the DEC 21140 Ethernet chip that is listed in the
lmc(4) man page.  

Based on 

  if (PCI_CHIPID(pa-pa_id) != PCI_PRODUCT_DEC_21140)
return 0;

from if_lmc_obsd.c I am assuming it is not supported, but I am not a C 
programmer, and especially not drivers.

Unfortunately, I am not able to purchase one to see if it works at this
point so I am hoping someone here knows.

Does anyone know of a vendor that sells the SBE products and is OpenBSD
friendly, preferably one who has donated to the project?  If not, a
decent vendor for SBE at all?

Is there another T3 card that is supported by OpenBSD?

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: filesystem not big enough for Jumbo Kernel
Patch

isakmpd.conf man page additions

2005-08-15 Thread andrew fresh 
I am attaching a diff to the isakmpd.conf man page that I hope clarifies using 
certificate based authentication.  I found the information in the archives, and 
I thought they might be better documented in the man page.  

I believe the changes to be correct, but please do not take my word on it as I 
am new to IPSec.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: boss forgot system password
--- isakmpd.conf.5.orig Mon Aug 15 11:24:10 2005
+++ isakmpd.conf.5  Mon Aug 15 12:22:53 2005
@@ -886,12 +886,13 @@
 # Incoming phase 1 negotiations are multiplexed on the source IP address
 [Phase 1]
 10.1.0.1=  ISAKMP-peer-west
+10.1.0.3=  ISAKMP-peer-north
 
 # These connections are walked over after config file parsing and told
 # to the application layer so that it will inform us when traffic wants to
 # pass over them.  This means we can do on-demand keying.
 [Phase 2]
-Connections=   IPsec-east-west
+Connections=   IPsec-east-west,IPsec-east-north
 
 # Default values are commented out.
 [ISAKMP-peer-west]
@@ -905,6 +906,20 @@
 Authentication=mekmitasdigoat
 #Flags=
 
+# This connection uses certifiates, it assumes you have generated a valid 
+# certificate from your Private-key, that includes the subjectAltName 
+# as used in the ID-east section and placed it in the Cert-directory.
+[ISAKMP-peer-north]
+Phase= 1
+#Transport=udp
+Local-address= 10.1.0.2
+Address=   10.1.0.3
+#Port= isakmp
+#Port= 500
+Configuration= RSA_SIG-phase-1-configuration
+ID=ID-east
+#Flags=
+
 [IPsec-east-west]
 Phase= 2
 ISAKMP-peer=   ISAKMP-peer-west
@@ -929,6 +944,19 @@
 EXCHANGE_TYPE= QUICK_MODE
 Suites=
QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-AES-SHA-PFS-SUITE
 
+# Phase 1 description (Main Mode) using AUTHENTICATION_METHOD= RSA_SIG 
+# RSA_SIG is needed when using certificates for authentication
+
+[RSA_SIG-phase-1-configuration]
+EXCHANGE_TYPE= ID_PROT
+Transforms=3DES-SHA-RSA_SIG
+
+# The values here are what would be used by default in this configuration
+# if an ID was not specified in the ISAKMP-peer-north section.
+[ID-east]
+ID-type=   IPV4_ADDR
+Address=   10.1.0.2
+
 # Data for an IKE mode-config peer
 [asn1_dn//C=SE/L=SomeCity/O=SomeCompany/CN=SomePeer.company.com]
 Address=   192.168.1.123
@@ -983,6 +1011,13 @@
 GROUP_DESCRIPTION= MODP_1024
 Life=  Default-phase-1-lifetime
 
+[DES-MD5-RSA_SIG]
+ENCRYPTION_ALGORITHM=  DES_CBC
+HASH_ALGORITHM=MD5
+AUTHENTICATION_METHOD= RSA_SIG
+GROUP_DESCRIPTION= MODP_1024
+Life=  Default-phase-1-lifetime
+
 [DES-SHA]
 ENCRYPTION_ALGORITHM=  DES_CBC
 HASH_ALGORITHM=SHA
@@ -990,6 +1025,13 @@
 GROUP_DESCRIPTION= MODP_1024
 Life=  Default-phase-1-lifetime
 
+[DES-SHA-RSA_SIG]
+ENCRYPTION_ALGORITHM=  DES_CBC
+HASH_ALGORITHM=SHA
+AUTHENTICATION_METHOD= RSA_SIG
+GROUP_DESCRIPTION= MODP_1024
+Life=  Default-phase-1-lifetime
+
 # 3DES
 
 [3DES-SHA]
@@ -999,6 +1041,13 @@
 GROUP_DESCRIPTION= MODP_1024
 Life=  Default-phase-1-lifetime
 
+[3DES-SHA-RSA_SIG]
+ENCRYPTION_ALGORITHM=  3DES_CBC
+HASH_ALGORITHM=SHA
+AUTHENTICATION_METHOD= RSA_SIG
+GROUP_DESCRIPTION= MODP_1024
+Life=  Default-phase-1-lifetime
+
 # Blowfish
 
 [BLF-SHA]
@@ -1006,6 +1055,14 @@
 KEY_LENGTH=128,96:192
 HASH_ALGORITHM=SHA
 AUTHENTICATION_METHOD= PRE_SHARED
+GROUP_DESCRIPTION= MODP_1024
+Life=  Default-phase-1-lifetime
+
+[BLF-SHA-RSA_SIG]
+ENCRYPTION_ALGORITHM=  BLOWFISH_CBC
+KEY_LENGTH=128,96:192
+HASH_ALGORITHM=SHA
+AUTHENTICATION_METHOD= RSA_SIG
 GROUP_DESCRIPTION= MODP_1024
 Life=  Default-phase-1-lifetime

isakmpd with certificates, I must be missing the goat

2005-08-12 Thread andrew fresh 
I am not sure if I need to sacrifice a goat or a chicken to get this working, 
but I am sure it is something stupid that I am doing that is causing the 
problem.

I am trying to get isakmpd to create a tunnel with certificates, and although I 
have it working well with preshared keys, I am unable to figure out what I am 
doing wrong, so I am here asking for help.  I believe I have all the 
information I have on what I have done to try to make it work, what is not 
working and the different config files here:


http://openbsd.somedomain.net/isakmpd_with_certs/


If there is any further information that I am missing that would help with 
solving this, please let me know.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: Firmware update in the coffee machine

Re: isakmpd with certificates, I found the goat

2005-08-12 Thread andrew fresh 
On Fri, Aug 12, 2005 at 02:16:40PM -0700, andrew fresh wrote:
 I am trying to get isakmpd to create a tunnel with certificates

It works now, although I need to get a working policy.

In isakmpd.conf, remember to use a something-RSA_SIG transform for MainMode

http://marc.theaimsgroup.com/?l=openbsd-miscm=104045774627096w=2

Now I just need to figure out why it needs that and what it means.  

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: Plumber mistook routing panel for decorative
wall fixture

Re: Requesting an change in the installer

2005-08-05 Thread andrew fresh 
On Fri, Aug 05, 2005 at 01:48:13PM -0700, Tim Leslie wrote:
 After determining nomenclature, why not have a detect in the install,
 and then ask a question with the detected kernel as the default? ala
 
 magical CPU count detection code
 Do you want to use the single (sp) or multiprocessor (mp) kernel? [detected]
 apply appropriate link

My thoughts would be more along the lines of keeping track of bsd* that are 
downloaded during install, then ask which of those you would like as default.  
That would reduce the magical CPU count code required.  The rest I would agree 
with.  This would allow you to NOT download the bsd.{mp|sp|up|??} and it would 
link the other.

 This would streamline things a bit, I think.

I agree.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: Electrons on a bender

OpenBSD torrent updating script available

2005-07-01 Thread andrew fresh 
There is now a script available to help keep your OpenBSD torrents up to date.  
There are details on how to use it available at:

http://openbsd.somedomain.net/files/

You can use it to help seed, to keep up to date with the latest packages for 
the current release or anything in between.

It works with the torrents available from:

http://openbsd.somedomain.net/

Also available on the same site is a port for BitTorrent 4.0.1 for OpenBSD 3.6 
and 3.7.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: loop found in loop in redundant loopback

OpenBSD 3.7 Torrents are now available

2005-05-19 Thread andrew fresh 
You can get OpenBSD 3.7 from the torrent site here:

http://openbsd.somedomain.net/index.php?version=latest+release


quick links:

AMD 64:
http://openbsd.somedomain.net/torrents/OpenBSD_3_7_amd64-2005-05-19-1824.torrent

i386:
http://openbsd.somedomain.net/torrents/OpenBSD_3_7_i386-2005-05-19-2115.torrent

Anything else you should be able to get from the url above.  Not all 
architectures are synced yet, but they are going.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: Your computer's union contract is set to expire 
at midnight.

Re: OpenBSD Torrents available

2005-05-17 Thread andrew fresh 
On Tue, May 17, 2005 at 04:49:37AM -0600, jared r r spiegel wrote:
 On Mon, May 16, 2005 at 04:45:11PM -0700, andrew fresh wrote:
  We have set up an site from which you can get OpenBSD Torrents.
  
  The torrents are generated automatically on a server that is
  rsynced to ftp3.usa.openbsd.org every 4 hours.
 
   that's cool, but would it make sense to use  4h?

Maybe,  I wasn't sure, and it seems to get a fair number of new snapshots 
whenever it syncs, so it seems to be a workable amount of time.  I will look 
into changing timing of updates as time goes on.  The reason I chose 4 hours is 
that seemed to be what most of the CVS mirrors chose as a sync time and I 
didn't have any other gauges.

   when the contents of a specific $arch directory changes, 
   does that render out a new .torrent file and update the
   link in the -current section on the www; or does it just
   overwrite the same name of the torrent?
  
   if it is the latter, and you're seeding the torrent for
   may 12th i386 -current; and then the rsync updates that
   dir and a new .torrent is made, and then i d/l the new
   one and join it, do we collide or do we just not see 
   each other (like, the torrent in the tracker is by
   hash of contents or something?)

When the contents of a dir change, it generates a new torrent (that is the date 
part of the filename), that means the old torrent is out of date, however, on 
the torrent clients I have tested, downloading the new torrent will not start 
your download over, it will just download the changed pieces.  However, as far 
as the tracker goes, it doesn't actually care about the filename, it just cares 
about the info hash, which is does change, and what actually renders the old 
torrent out of date.

I am hoping if I have time, to write up a script that is available for download 
that will watch the RSS feed for new torrents that you want, check what you 
have, remove the old one and download the new one.  I don't know how that will 
screw with different torrent clients though.

   can i suggest that the torrents only have the subdir
   instead of OpenBSD/subdir?  

I will definately consider this,  I guess I just wasn't sure what the best 
layout for them was, and during my testing, doing it with OpenBSD/subdir caused 
all of the files to end up in the OpenBSD dir as they appear on the FTP server.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: not enough memory, go get system upgrade

OpenBSD Torrents available

2005-05-16 Thread andrew fresh 
OpenBSD Users:

We have set up an site from which you can get OpenBSD Torrents.

The site is http://openbsd.somedomain.net.

The torrents are generated automatically on a server that is rsynced to 
ftp3.usa.openbsd.org every 4 hours.  We are also seeding current torrents from 
that server.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: monitor resolution too high