Re: they say openbsd is not as scalable as others

[Karsten McMinn]

On 5/29/06, Marian Hettwer [EMAIL PROTECTED] wrote:

-BEGIN PGsnip

so what is best served?


exactly what I said. I've used opensbd to serve just
about everything as a service provider. includes stuff
like mysql/postgresql, apache, php, perl, mail, squid,
pf and on down the line. My opinion was formed
after I had worked heavily with solaris, freebsd, * linux,
M$, cisco * and lots of other hardware and software.
thats just me.


On 5/29/06, Raja Subramanian [EMAIL PROTECTED] wrote:

So in the end, the freedom wins!


well said.

UPS with USB: hidups or newhidups drivers in nut

[cniesen]

As far as I understand I need either the hidups or the newhidups driver of nut 
in order to use the APC Back-UPS XS 1500 (aka BX1500) with a USB interface 
cable.  Unfortunately the 3.9 nut-2.0.0p1 package doesn't come with either of 
the two drivers.  Neither does the current nut-2.0.3 port.  I even tried to 
compile the nut-2.0.3 port with --with-drivers=newhidups configuration arg 
added to the Makefile.  After a few guess-fixes [1] I finally got sucked with 
my extremely limited hacking knowledge [2].

A change log over at www.networkupstools.org was teasing me with all the 
improvements on newhidups and the removal of the experimental status flag.  Are 
the hidups and newhidups only available under Linux?   

What are my alternatives?  Both apc-upsd and upsd look quite old and they don't 
look like they support USB either. 
http://www.apcupsd.org/ looks promising.  Has that been compiled and used 
successfully on OpenBSD, maybe even with USB?

Thanks for your time,
  Claus

BTW, sorry for the blank mail earlier.



[1]  changed includes busb.hb to dev/usb/usb.h in files 
w-nut-2.0.3/nut-2.0.3/drivers/libhid.h and 
w-nut-2.0.3/nut-2.0.3/drivers/libusb.h

[2]  It looks like the references to HIDDevice isnbt liked even though its 
defined as a struct.

===  Building for nut-2.0.3
common/
drivers/
cc -I../include -O2 -pipe -Wall -Wsign-compare -s  -c newhidups.c
In file included from newhidups.c:25:
libhid.h:160: error: syntax error before '*' token
libhid.h:170: error: syntax error before '*' token
libhid.h:175: error: syntax error before '*' token
libhid.h:180: error: syntax error before '*' token
libhid.h:185: error: syntax error before '*' token
libhid.h:190: error: syntax error before '*' token
libhid.h:196: error: syntax error before '*' token
In file included from newhidups.h:32,
 from newhidups.c:26:
libusb.h:41: error: syntax error before '*' token
libusb.h:42: error: syntax error before '*' token
libusb.h:45: error: syntax error before '*' token
libusb.h:46: error: syntax error before '*' token
libusb.h:47: error: syntax error before '*' token
libusb.h:48: error: syntax error before '*' token
In file included from newhidups.c:26:
newhidups.h:36: error: syntax error before '*' token
newhidups.h:36: warning: type defaults to `int' in declaration of `udev'
newhidups.h:36: warning: data definition has no type or storage class
newhidups.c:54: error: syntax error before '*' token
newhidups.c:54: warning: type defaults to `int' in declaration of `udev'
newhidups.c:54: warning: data definition has no type or storage class
*** Error code 1

Stop in /usr/ports/sysutils/nut/w-nut-2.0.3/nut-2.0.3/drivers (line 102 of 
Makefile).
*** Error code 1

Stop in /usr/ports/sysutils/nut/w-nut-2.0.3/nut-2.0.3 (line 27 of Makefile).
*** Error code 1

Stop in /usr/ports/sysutils/nut (line 1924 of 
/usr/ports/infrastructure/mk/bsd.port.mk).

-- 
 

Bis zu 70% Ihrer Onlinekosten sparen: GMX SmartSurfer!
  Kostenlos downloaden: http://www.gmx.net/de/go/smartsurfer

Re: cgi with chroot

[Aiko Barz]

On Tue, 2006-05-30 at 15:34 -0700, prad wrote:
 i tried to got a ksh script to work after i copied the ksh into /var/www/bin
 my understanding is that the chrooted environment doesn't give access to 
 the /bin/ksh program.

/var/www/bin/sh is working for me.

 i tried the same thing with ruby (copied both ruby and erb into /var/www/bin) 
 and got the same thing again.

Ruby is working for me too. Check this out:

#!/bin/sh
WWW=/var/www
# Path
[ ! -d $WWW/bin ]  mkdir -p $WWW/bin
[ ! -d $WWW/usr/bin ]  mkdir -p $WWW/usr/bin
[ ! -d $WWW/usr/local/bin ]mkdir -p $WWW/usr/local/bin
[ ! -d $WWW/usr/local/sbin ]   mkdir -p $WWW/usr/local/sbin
[ ! -d $WWW/usr/local/lib ]mkdir -p $WWW/usr/local/lib
[ ! -d $WWW/usr/lib ]  mkdir -p $WWW/usr/lib
[ ! -d $WWW/var/run ]  mkdir -p $WWW/var/run
# cp ruby
RUBY=$(which ruby)
cp -f $RUBY $WWW/$RUBY
# cp env
ENV=$(which env)
cp -f $ENV $WWW/$ENV
# Ruby stuff
rsync -va /usr/local/lib/ruby $WWW/usr/local/lib
# cp libs
for LIB in $(ldd $RUBY | awk '{if ($3 == rlib) {print $7}}'); do
cp -f $LIB $WWW/$LIB
done
# cp hints
cp -f /var/run/ld.so.hints $WWW/var/run/ld.so.hints


I have got one more script that fixes ImageMagick which is needed by
Typo3.

Bye,
Aiko

-- 
Aiko Barz [EMAIL PROTECTED]
Web: http://www.haeckser.de

Re: Static functions in C code

[Denis Doroshenko]

On 5/31/06, Brett Lymn [EMAIL PROTECTED] wrote:

On Tue, May 30, 2006 at 04:55:14PM +0300, Denis Doroshenko wrote:

 why would you even want that (moreover in opensource)? hide for what reason?

It's called lexical scoping - it has nothing really to do with
security more to do with preventing namespace pollution.  Clearly you
have never written a library.


clearly you're impying too much here. i must admit that i have not
used statics since there was nothing in my tiny projects that would
need it. i won't argue with you, from you have never written a
library sounds like it would be fruitless.

if you want multiple functions named say do_it in your code to not
cause name clashes, then do_it(); i always try to name things the way
they very unlikely to clash with something and yet  such names seem to
make more sense. i like to debug my problems fast, to see every step,
what was called, where and with what parameters. as i said, i didn't
hit the need for it.

Re: Recommended window manager for OpenBSD

[Martin Toft]

akonsu wrote:
 hello
 
 has anyone tried evilwm (http://www.6809.org.uk/evilwm/)? is it any good? i
 am looking for a good simple keyboard controllable WM. i am doing mostly
 development.
 
 thanks
 konstantin


I've been using evilwm for almost a year on my workstation and laptop, 
and I must say that I'm very satisfied. I used it a couple of months 
with Debian unstable before moving on to OpenBSD 3.8, and later 3.9. 
I've made a screenshot available here for limited time:

http://www.cs.aau.dk/~mt/evilwm.png

I use it in conjunction with Enlightenment's terminal, Eterm, and (at 
the moment) a nice wallpaper from 
http://themes.freshmeat.net/projects/opuwa/

Everything you need to know to use evilwm is described in its manual 
page. Go and try it out - just install the package. My .xsession and 
Eterm theme file are attached for your convenience.

/Martin
Eterm-0.8.10
begin main

  begin color
foreground white
background black
tint 0xff
shade 0%
cursor #00
cursor_text #88
menu_text white
scrollbar #3f1c00
unfocusedscrollbar #77
pointer white
video normal
color 0 rgb:0/0/0
color 1 rgb:cc/00/00
color 2 rgb:00/cc/00
color 3 rgb:cc/cc/00
color 4 rgb:00/00/cc
color 5 rgb:cc/00/cc
color 6 rgb:00/cc/cc
color 7 rgb:fa/eb/d7
color 8 rgb:33/33/33
color 9 rgb:ff/00/00
color 10 rgb:00/ff/00
color 11 rgb:ff/ff/00
color 12 rgb:00/00/ff
color 13 rgb:ff/00/ff
color 14 rgb:00/ff/ff
color 15 rgb:ff/ff/ff
  end color

  begin attributes
title Eterm-0.8.10
name Eterm-0.8.10
iconname Eterm-0.8.10
scrollbar_type motif
scrollbar_width 10
font 0 fixed
font 1 6x10
font 2 6x13
font 3 8x13
font 4 9x15
  end attributes

  begin pixmaps
path /usr/local/share/Eterm/pix/
  end pixmaps

  begin toggles
map_alert 1
visual_bell 0
login_shell 1
scrollbar 0
menubar 0
utmp_logging 1
meta8 0
iconic 0
home_on_echo 1
home_on_input 0
home_on_refresh 1
scrollbar_floating 0
scrollbar_right 1
scrollbar_popup 0
borderless 0
save_under 0
trans 0
watch_desktop 0
no_cursor 0
menubar_move 0
pause 0
xterm_select 0
select_line 0
select_trailing_spaces 0
viewport_mode 0
  end toggles

  begin keyboard
smallfont_key less
bigfont_key greater
app_keypad 0
app_cursor 0
  end keyboard

  begin misc
print_pipe lp
save_lines 1024
min_anchor_size 0
border_width 5
menu Eterm.menu
term_name xterm-color
debug 0
  end misc

end main
/usr/X11R6/bin/xset m 0 4 
/usr/X11R6/bin/xset s off 
/usr/X11R6/bin/xset b off 
/usr/X11R6/bin/xset -dpms 
/usr/local/bin/Esetroot ~/.wallpaper.png 
/usr/local/bin/evilwm -term /usr/local/bin/Eterm

Re: UPS with USB: hidups or newhidups drivers in nut

[Jeff Quast]

On 5/31/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:

 http://www.apcupsd.org/ looks promising.  Has that been compiled and used
 successfully on OpenBSD, maybe even with USB?



yes

I might even have the same model. Give it a try. It works well.

Re: UPS with USB: hidups or newhidups drivers in nut

[Stuart Henderson]

On 2006/05/31 08:52, [EMAIL PROTECTED] wrote:
 As far as I understand I need either the hidups or the newhidups
 driver of nut in order to use the APC Back-UPS XS 1500 (aka BX1500)
 with a USB interface cable. [...] Are the hidups and newhidups
 only available under Linux?

Not tested, but NUT is probably looking for /usr/local/include/usb.h
from the libusb port/package, not the system /usr/include/dev/usb/usb.h

Programs using libusb should be reasonably portable between OS.

Re: dd problem

[Nick Holland]

akonsu wrote:

hello,

i wanted to create an ISO image of a CDROM, so i ran this command:

dd if=/dev/cd0a of=my.iso

and i waited and waited for about 30 minutes until i just gave up and
pressed ^C. the resulting iso file was much larger than the source disc.


try
   dd if=/dev/rcd0c of=disk.iso bs=32k

note the rcd0c instead of cd0a.  The 'a' vs. 'c' doesn't (seem to) 
matter, I just philosophically prefer the 'c' implying entire disk, 
rather than just one partition.  The raw mode of access makes a lot of 
difference here.


I put the bs=32k in there for a bit of additional performance, but it 
turns out that without the bs= line, it didn't work at all.  After a 
little thought (and testing), I remembered that on most modern 
platforms, CDROM drives have a 2k block size, so apparently dd has 
trouble moving 512 bytes at a time out of CDROM drives.  I confirmed 
that bs=2k worked, bs=1k does not, so I might possibly be not 
totally wrong on that.  bs=32k seemed to go about twice as fast as 
bs=2k.


Well, I learned something. :)

Nick.

hotspot software

[artjom]

Hello,

Does anybody uses software for managing hotspot clients and to count
traffic?

Thanks,

Artyom

Problems trying to log on squirrelmail.

[João Salvatti]

Hi all,

After three days facing a lot of problems to install an OpenBSD server
with postfix, cyrus and squirrelmail, I could finally log on webmail.
But now I'm facing a new problem that I could solve, and it shows as
soon as I log in. I've tried everything I found on the Internet, but I
didn't succeed. The error message is how it follows:


On the left side, where the folders are shown:

   ERROR:
   ERROR: Could not complete request.
   Query: CREATE INBOX.Sent 
   Reason Given: Permission denied

On the right side, where the messages are placed:

   ERROR:
   ERROR: Could not complete request.
   Query: SELECT INBOX
   Reason Given: Mailbox does not exist

Has anyone ever faced this problem? I'd also be thankful if anyone
could point me a set of servers that I could use to build an e-mail
server over OpenBSD.

--
Joco Salvatti
Undergraduating in Computer Science
Federal University of Para - UFPA
web: http://www.openbsd-pa.org
e-mail: [EMAIL PROTECTED]

Re: CGI in C: getenv(CONTENT_LENGTH)

[Alexander Farber]

On 5/30/06, vladas [EMAIL PROTECTED] wrote:

I am concerned for the cases where URL given by the cliend side is like 2MB.

In my understanding, there is a gap between the server opening a socket
for the connection and starting reading in the data from the client until
the end of that readining-in when server stores the info about the request
in the env variables.  So if URL is very big, it would be first transfered to
the httpd cache and httpd would determine the CONTENT_LENGTH and
would store that info in the env of the httpd, right?


The CGI's env. variable CONTENT_LENGTH is set from the
client's header (see /usr/src/usr.sbin/httpd/src/main/util_script.c:

   else if (!strcasecmp(hdrs[i].key, Content-length)) {
   ap_table_addn(e, CONTENT_LENGTH, hdrs[i].val);
   }
)

Re: CGI in C: getenv(CONTENT_LENGTH)

[Alexander Farber]

This is bad because CONTENT_LENGTH could be  sizeof(buff):

On 5/30/06, vladas [EMAIL PROTECTED] wrote:

   char buff[1];
   const char *len1 = getenv(CONTENT_LENGTH);
   contentlength=strtol(len1, endptr, 10);
   fread(buff, contentlength, 1, stdin);

Re: Problems trying to log on squirrelmail.

[Stuart Henderson]

On 2006/05/31 08:41, Joco Salvatti wrote:
ERROR:
ERROR: Could not complete request.
Query: SELECT INBOX
Reason Given: Mailbox does not exist

Sounds like you didn't create the inbox.

$ telnet xxx 143
Trying xxx...
Connected to xxx.
Escape character is '^]'.
* OK xxx Cyrus IMAP4 v2.2.12 server ready
. login yourusername pass
. OK User logged in
. create INBOX
. OK Completed
. logout
* BYE LOGOUT received
. OK Completed

(or you can use cyradm to connect as a cyrus administrator
and issue the command 'cm user.yourusername', or use cyradm
to connect as the user and 'cm INBOX').

 Has anyone ever faced this problem? I'd also be thankful if anyone
 could point me a set of servers that I could use to build an e-mail
 server over OpenBSD.

Cyrus can do some useful and unusual things (for example, indexed
full-text search of mailboxes, if you configure it to do so), but it
is a complex piece of software, and you will need to read the
documentation to learn how to carry out admin tasks and use it
effectively.

If you are simply looking for a decent IMAP server and don't
particularly need the features of Cyrus, try Dovecot instead.
It's simpler and quite easy to use.

Re: FTP download/CD sales ratio

[Joakim Aronius]

Ordering from Wim (kd85.org) works great, there is no point in using other 
resellers than the two alternatives on openbsd.org. 

/jkm
 
* Henrik Borgh ([EMAIL PROTECTED]) wrote:
 On 5/4/06, Michael Erdely [EMAIL PROTECTED] wrote:
 As soon as you see pre-orders are up, order.  I did
 and have had my 3.9 CDs for a couple weeks now.  For me, not wanting to
 build all the packages I use, I only wait until release day to download
 the rest of the packages (from a mirror).
 
 Except that not all resellers are eqully fast. Neither of the danish
 resellers has announced having OpenBSD 3.9, and i'm not sure that they
 differs from so many other resellers.
 So i guess that one have to order the CD-ROM's from kd85.com or
 computershop.ca, to be sure to have them, on at least the release day.
 
 -- 
 Regards
 Henrik

Re: CGI in C: getenv(CONTENT_LENGTH)

[vladas]

Alexander, thank you - really - very much for the reply.

Shame on me for a slow response.


The CGI's env. variable CONTENT_LENGTH is set from the
client's header (see /usr/src/usr.sbin/httpd/src/main/util_script.c:


Please excuse me for being mistaken in these (as well as the ones
in the previous mails) basics.

On 31/05/06, Alexander Farber [EMAIL PROTECTED] wrote:

This is bad because CONTENT_LENGTH could be  sizeof(buff):


So client could cause buff overflow by specifying wrong
CONTENT_LENGTH in the custom-crafted headers. In that case,
even the apache's 414 Request-URI Too Large could not prevent the
problem,right?

So the only solution I can figure out is allocate buffer = than
#define DEFAULT_LIMIT_REQUEST_LINE 8190 and to sscanf it to
pick up the needed data from the headers sent from client.

It seems like reinventing the wheel, really. Of course, I will google
on it right away, but how e.g. mod_perl or other cgi's are dealing with it?

I missed something obvious, right?

Re: FTP download/CD sales ratio

[Marc Balmer]

* Joakim Aronius wrote:

 Ordering from Wim (kd85.org) works great, there is no point in using other 
 resellers than the two alternatives on openbsd.org. 

As for Switzerland, we resell it so people can save a bit on freight.
So there probably is a point buying from local reseller.

Re: CGI in C: getenv(CONTENT_LENGTH)

[Alexander Farber]

Hi

Why 8190? IMHO just malloc() a buffer of any length you like
(depends on what data len your app would typically receive),
then read() into it and if you exceed its sizeof while read() still
returns positive values (i.e. not -1 and not 0), realloc() the buffer.

On 5/31/06, vladas [EMAIL PROTECTED] wrote:

So client could cause buff overflow by specifying wrong
CONTENT_LENGTH in the custom-crafted headers. In that case,
even the apache's 414 Request-URI Too Large could not prevent the
problem,right?

So the only solution I can figure out is allocate buffer = than
#define DEFAULT_LIMIT_REQUEST_LINE 8190 and to sscanf it to
pick up the needed data from the headers sent from client.

It seems like reinventing the wheel, really. Of course, I will google
on it right away, but how e.g. mod_perl or other cgi's are dealing with it?


Maybe mod_perl and mod_cgi don't malloc() + read() the body,
but just pass stdin file descriptor to the user?

poka
Alex

Re: CGI in C: getenv(CONTENT_LENGTH)

[vladas]

So client could cause buff overflow by specifying wrong
CONTENT_LENGTH in the custom-crafted headers. In that case,
even the apache's 414 Request-URI Too Large could not prevent the
problem,right?


Not to waste readers' (if any) time, I will be more detailed:

I have meant

In that case, even the apache's 414 Request-URI Too Large could not prevent the
problem, as buff overflow still could be caused for the headers smaller
than 8190 as they would pass httpd check but misinform and would
potencialy make to panic my cgi.c, right?


And there is no reliable way to determine the CONTENT_LENGTH inside the
httpd from the client input given as headers might vary, right?

Re: CGI in C: getenv(CONTENT_LENGTH)

[vladas]

On 31/05/06, Alexander Farber [EMAIL PROTECTED] wrote:

Hi

Why 8190? IMHO just malloc() a buffer of any length you like
(depends on what data len your app would typically receive),
 then read() into it and if you exceed its sizeof while read() still
returns positive values (i.e. not -1 and not 0), realloc() the buffer.


That's nice, laconic. But still, as far as I understand, anything could
have came in under this scheme and I still have to figure out what
the real content size is (given that I do not trust CONTENT_LENGTH).

Its not like a big deal to write some checks, I ask just to make sure
I got it right.


On 5/31/06, vladas [EMAIL PROTECTED] wrote:
 So client could cause buff overflow by specifying wrong
 CONTENT_LENGTH in the custom-crafted headers. In that case,
 even the apache's 414 Request-URI Too Large could not prevent the
 problem,right?

 So the only solution I can figure out is allocate buffer = than
 #define DEFAULT_LIMIT_REQUEST_LINE 8190 and to sscanf it to
 pick up the needed data from the headers sent from client.

 It seems like reinventing the wheel, really. Of course, I will google
 on it right away, but how e.g. mod_perl or other cgi's are dealing with it?

Maybe mod_perl and mod_cgi don't malloc() + read() the body,
but just pass stdin file descriptor to the user?


In which case the CONTENT_LENGTH would rely on what? Just on connection
socket?
(But I say this still without checking what really the mod_perl does, so
please feel free to ignore this).



poka
Alex

PF load balance problem

[Diego Linke]

Hello Everybody.

I have a small, yet relevant question regarding PF's load balancing
features. Today I run PF with load balacing in substitution for Layer 3
load balancer switches, in two type of scenarios, the very first where
applications share sessions and the other, where sessions are not shared.

My problem is...

Here is my enviroment

Basically the example enviroment is one server with PF and three Web
Servers which do not share their sessions:

table lb { 10.0.0.1, 10.0.0.2, 10.0.0.3 }
rdr on xl0 inet proto tcp from any to IP_PUBLICO port 80 - { lb }
round-robin sticky-address
pass in quick log on xl0 proto tcp from any to lb port 80 flags S/SA
modulate state (src.track 1800)

stick-address option makes PF always redirect a connection to a
server, it creates a entry in the Source table (source-track, which
can be seen with pfctl -vs Source) and while this entry stills alive
it forwards every other request from the same IP address to this same
Web Server. By default, the entry is alive on Source untill the last
state is still alive.

To raise this value we need to set new limit to src.track (set timeout
src.track), I did this through the rule which allows the connection, as
you can see in the mentioned rule.

To make it short, PF will load balance connections among the servers on
lb table, and keep the same server to the same cliente up to 1800
seconds (30 minutes) after the last state was excluded.

My problem starts to happen now:

Everything above mentioned works perfectly, the issue starts when we
have to delete one IP from the load balance table. For example, if
10.0.0.2 server is down, I need to take it out of the balancing table:

pfctl -t lb -T del 10.0.0.2

In this case, technically load balancing will be kept only among the IPs
10.0.0.1 and 10.0.0.3, which are the only ones that still exists in the
lb table. But the problem is, even when the just deleted 10.0.0.2
server is not on lb anymore, clients requests/states which were in
Source before and that pointed 10.0.0.2, will still there, and
therefore redirections to 10.0.0.2 will continue to happen until
src.track expires (30 minutes in the mentioned situation), or when I do
pfctl -F Source. But if I do the second approach, I will flush all my
references and sessions for this and all other source-tracks data in my
firewall.

Possible solutions I see:

The only solution I found was to change PF source code, where we could:

1) Create something similar to pfctl -k used for states, but  Source
version of it.

In this case, to delete a server, we would do

pfctl -t lb -T del 10.0.0.2
pfctl -new -flag 10.0.0.2

2) Make sticky-address verify if the IP address is still in the load
balacing options (in this case, if it is on lb table still). This
second approach would (maybe) suffer from performance issues, since we
are adding a new check before stick-address handles the request.

Anyone has any better option?
Does any hacker have available time to do this?

Thank you a lot.

-- 
Diego Linke
Public Key: http://www.gamk.com.br/gamk.asc

PF load balance problem

[Alexey E. Suslikov]

 Everything above mentioned works perfectly, the issue starts when we
 have to delete one IP from the load balance table. For example, if
 10.0.0.2 server is down, I need to take it out of the balancing table:

 pfctl -t lb -T del 10.0.0.2

 In this case, technically load balancing will be kept only among the IPs
 10.0.0.1 and 10.0.0.3, which are the only ones that still exists in the
 lb table. But the problem is, even when the just deleted 10.0.0.2
 server is not on lb anymore, clients requests/states which were in
 Source before and that pointed 10.0.0.2, will still there, and
 therefore redirections to 10.0.0.2 will continue to happen until
 src.track expires (30 minutes in the mentioned situation), or when I do
 pfctl -F Source. But if I do the second approach, I will flush all my
 references and sessions for this and all other source-tracks data in my
 firewall.

from pfctl(8):

 A network prefix length of 0 can be used as a wildcard.  To kill
 all states with the target ``host2'':

 # pfctl -k 0.0.0.0/0 -k host2

so why don't you kill all states to dead pool member right after removing
it from the lb table?

Re:

[Auto-reply from [EMAIL PROTECTED]]

Hola. Gracias por su mensaje. 

Por favor tomen nota del NUEVO EMAIL de Winner y modifiquenlo en su libreta de 
direcciones.

GRACIAS !



El nuevo mail es :   [EMAIL PROTECTED]







Hi ! Thanks for your message.

Note that we have a NEW EMAIL ADDRESS.  Please use that one in the future.

THANKS !



The new address is:   [EMAIL PROTECTED]

Re: dd problem

[akonsu]

 thanks everybody.

1. how do i determine the corect block size for a device?
2. is the fact that dd does not work without any bs parameter a bug and
should be reported?

thanks
konstantin

try
dd if=/dev/rcd0c of=disk.iso bs=32k

 note the rcd0c instead of cd0a.  The 'a' vs. 'c' doesn't (seem to)
 matter, I just philosophically prefer the 'c' implying entire disk,
 rather than just one partition.  The raw mode of access makes a lot of
 difference here.

 I put the bs=32k in there for a bit of additional performance, but it
 turns out that without the bs= line, it didn't work at all.  After a
 little thought (and testing), I remembered that on most modern
 platforms, CDROM drives have a 2k block size, so apparently dd has
 trouble moving 512 bytes at a time out of CDROM drives.  I confirmed
 that bs=2k worked, bs=1k does not, so I might possibly be not
 totally wrong on that.  bs=32k seemed to go about twice as fast as
 bs=2k.

 Well, I learned something. :)

 Nick.

Re: PF load balance problem

[Diego Linke]

Alexey,

 
  A network prefix length of 0 can be used as a wildcard.  To kill
  all states with the target ``host2'':
 
  # pfctl -k 0.0.0.0/0 -k host2
 
 so why don't you kill all states to dead pool member right after removing
 it from the lb table?
 
 

This is not work!
The problem is that this command to erase the STATES, however the SOURCE
keeps.

Thanks

-- 
Diego Linke
Public Key: http://www.gamk.com.br/gamk.asc

license for getopt.c?

[Will H. Backman]

While wandering through the usr.bin source tree (not to imply that I am 
qualified to take the journey), I noticed that getopt.c doesn't have a 
license clause in it.

Anyone know who david might be?
   $OpenBSD: getopt.c,v 1.6 2003/07/10 00:06:51 david Exp $

-- Will

Re: cgi with chroot

[Adam]

On Wed, 31 May 2006 06:58:51 +0200 Marcus Glocker [EMAIL PROTECTED] wrote:

 On Wed, May 31, 2006 at 12:38:10AM -0400, Adam wrote:
 
#!/bin/sh

echo Content-Type: text/html
echo 
echo I'm sorry Dave, I'm afraid I can't do that.
  
  HTTP headers are terminated by \r\n not \n.
 
 Yes, correctly HTTP headers are terminated by \r\n.  But most
 webservers also understand \n in case of a CGI header.  And this
 example generates \n not \r\n:

I know that example generates \n instead of \r\n, that's why I said
its wrong.  Just because apache will fix your incorrect output, doesn't
mean you should go ahead and write CGIs that way and rely on webservers
to fix it for you.  Not all of them will, and there's no benefit from
doing it wrong.

Adam

Re: license for getopt.c?

[Dries Schellekens]

Will H. Backman wrote:

While wandering through the usr.bin source tree (not to imply that I am 
qualified to take the journey), I noticed that getopt.c doesn't have a 
license clause in it.

Anyone know who david might be?


david@ = David Krause


Cheers,

Dries

Re: CGI in C: getenv(CONTENT_LENGTH)

[vladas]

On 31 May 2006 08:21:03 -0700, Randal L. Schwartz merlyn@stonehenge.com wrote:

why are you doing CGI in C?  you can get the same code written
much faster in Perl.  And if you need speed, you can migrate that same
code to running under mod_perl, and then it'll be FAR faster than
forking a separate process for a C program each time.


1. Why in C?

To keep it drastically minimal. Yes, in my case, it is worth
to take  all that time to get the app done in C (no UTF etc).

Kernel is in C and I want to learn both of them. Look at this
in terms of people who like to hack.

2. Why not Perl?

I do love perl. Perl is ok. But I do not like the idea of calling libperl plus
dbi stuff with every request as I will have enough overhead with other
parts of the app.

Perl will be used only for internal pages, the ones used not too often.

3. Why not mod_perl?

I do not like idea of debugging in the pool. Standalone does not
represent the real life env. I do not want to create some add-on
just to test it right. I want to keep it simple as its me who is too
stupid for the right way to debug.

Besides, I do not need to have compiler inside my httpd. No way.
I am not saying that I do not trust OpenBSD. I do not trust myself
in this aspect.

4. Forking

FastCGI will solve this if this will be an issue. Before that, I put
high hopes into mfs. And if processes are light and fast, they rotate
fast too ( or so I believe ).


I wrote all this to show respect for the long replies that I get about
the topic. Sorry for resources used.


Please take no offense, if some of my questions or statements are
stupid for you all being experts.

Re: CGI in C: getenv(CONTENT_LENGTH)

[Joachim Schipper]

On Wed, May 31, 2006 at 02:14:09AM +0900, vladas wrote:
 Does (the above) really mean that URL more than 8190 bytes would be
 rejected?  Or I am mixing something here?

Yes, overly-long URLs will be rejected. Use POST, not GET, in such
cases.

All recent Apache versions are configured this way, I believe.

Joachim

Re: CGI in C: getenv(CONTENT_LENGTH)

[vladas]

Carson Harding,

Thank you for the inspiring guide!
Thank you for your time.

On 01/06/06, Carson Harding [EMAIL PROTECTED] wrote:
...




Respecfuly.

Re: UPS with USB: hidups or newhidups drivers in nut

[Claus]

On 5/31/2006 4:27 AM, Jeff Quast wrote:

On 5/31/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:

http://www.apcupsd.org/ looks promising.  Has that been compiled and used
successfully on OpenBSD, maybe even with USB?



yes

I might even have the same model. Give it a try. It works well.



Jeff, did you need to disable the uhid driver in order to prevent it 
from grabbing the UPS device as it was stated in apcupsd's documentation 
[1]?


  Claus

[1] 
http://www.apcupsd.org/manual/USB_Configuration.html#SECTION000102100

Re: license for getopt.c?

[Ted Unangst]

On 5/31/06, Will H. Backman [EMAIL PROTECTED] wrote:

While wandering through the usr.bin source tree (not to imply that I am
qualified to take the journey), I noticed that getopt.c doesn't have a
license clause in it.
Anyone know who david might be?
   $OpenBSD: getopt.c,v 1.6 2003/07/10 00:06:51 david Exp $


it would be helpful if you mentioned *which* getopt.c.  the one in
libc (before it was deleted) certainly did have a license.  i also
doubt david wrote the file in question if that's why you're asking.

Re: license for getopt.c?

[Will H. Backman]

Ted Unangst wrote:

On 5/31/06, Will H. Backman [EMAIL PROTECTED] wrote:

While wandering through the usr.bin source tree (not to imply that I am
qualified to take the journey), I noticed that getopt.c doesn't have a
license clause in it.
Anyone know who david might be?
   $OpenBSD: getopt.c,v 1.6 2003/07/10 00:06:51 david Exp $


it would be helpful if you mentioned *which* getopt.c.  the one in
libc (before it was deleted) certainly did have a license.  i also
doubt david wrote the file in question if that's why you're asking.

Here is where I found it:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/getopt/

Re: dd problem

[Jason Crawford]

1) stat(2), the st_blksize field in the stat struct
2) no, because it's the device, not dd, that's not letting it work.
CD-ROMS only want to output 2K of data at a time, so if you request
less than that, they just won't do it. Generally though, most devices
will output less than st_blksize, but it'll just go damn slow.

Jason

On 5/31/06, akonsu [EMAIL PROTECTED] wrote:

 thanks everybody.

1. how do i determine the corect block size for a device?
2. is the fact that dd does not work without any bs parameter a bug and
should be reported?

thanks
konstantin

try
dd if=/dev/rcd0c of=disk.iso bs=32k

 note the rcd0c instead of cd0a.  The 'a' vs. 'c' doesn't (seem to)
 matter, I just philosophically prefer the 'c' implying entire disk,
 rather than just one partition.  The raw mode of access makes a lot of
 difference here.

 I put the bs=32k in there for a bit of additional performance, but it
 turns out that without the bs= line, it didn't work at all.  After a
 little thought (and testing), I remembered that on most modern
 platforms, CDROM drives have a 2k block size, so apparently dd has
 trouble moving 512 bytes at a time out of CDROM drives.  I confirmed
 that bs=2k worked, bs=1k does not, so I might possibly be not
 totally wrong on that.  bs=32k seemed to go about twice as fast as
 bs=2k.

 Well, I learned something. :)

 Nick.

Re: license for getopt.c?

[Jason Crawford]

On 5/31/06, Ted Unangst [EMAIL PROTECTED] wrote:

On 5/31/06, Will H. Backman [EMAIL PROTECTED] wrote:
 While wandering through the usr.bin source tree (not to imply that I am
 qualified to take the journey), I noticed that getopt.c doesn't have a
 license clause in it.
 Anyone know who david might be?
$OpenBSD: getopt.c,v 1.6 2003/07/10 00:06:51 david Exp $

it would be helpful if you mentioned *which* getopt.c.  the one in
libc (before it was deleted) certainly did have a license.  i also
doubt david wrote the file in question if that's why you're asking.


Well he mentioned the usr.bin source tree, and there is only one
getopt.c file in usr.bin source tree. And he mentioned david because
he's the last one to edit the file according to the $OpenBSD$ RCS Id.
If I recall correctly, not having a license means full Copyright law
is in effect, which means no copying allowed, however getopt.c in
/usr/src/usr.bin/getopt/ doesn't seem to have much of anything except
a call to getopt(3).

Jason

Re: UPS with USB: hidups or newhidups drivers in nut

[Claus]

On 5/31/2006 5:43 AM, Stuart Henderson wrote:

On 2006/05/31 08:52, [EMAIL PROTECTED] wrote:

As far as I understand I need either the hidups or the newhidups
driver of nut in order to use the APC Back-UPS XS 1500 (aka BX1500)
with a USB interface cable. [...] Are the hidups and newhidups
only available under Linux?


Not tested, but NUT is probably looking for /usr/local/include/usb.h
from the libusb port/package, not the system /usr/include/dev/usb/usb.h

Programs using libusb should be reasonably portable between OS.


Thanks Stuart.  You are right, the libusb-0.1.10ap1 package contains the 
needed /usr/local/include/usb.h file.  I got it all compiled now but I'm 
already stuck again.


The newhidups driver doesn't detect the UPS.  I read somewhere [1] that 
the uhid device needed to be disabled in order to get the driver to run 
in FreeBSD.  Apcupsd specifically requires that from OpenBSD [2].  Does 
that really mean that a custom build of OpenBSD is required?


  Claus

[1] 
http://www.mail-archive.com/nut-upsuser@lists.alioth.debian.org/msg00558.html

http://wiki.botka.homeunix.org/bin/view/Main/NetworkUpsToolsUsb
[2]
http://www.apcupsd.org/manual/USB_Configuration.html

Enclosures:
 - newhidups debug output
 - usbdevs info
 - dmesg
 - What I did to get nut with newhidups to compile

== newhidups debug output ==
# USB_DEBUG=2 newhidups -u root -DD auto
Network UPS Tools: New USB/HID UPS driver 0.28 (2.0.3)

debug level is '2'
usb_set_debug: Setting debugging level to 2 (on)
usb_os_find_busses: Found /dev/usb0
usb_os_find_busses: Found /dev/usb1
No appropriate HID device found
No matching USB/HID UPS found

== usbdevs info ==
# usbdevs -dv
Controller /dev/usb0:
addr 1: full speed, self powered, config 1, UHCI root hub(0x), 
VIA(0x1106), rev 1.00

  uhub0
 port 1 powered
 port 2 addr 2: low speed, self powered, config 1, Back-UPS RS 1500 
FW:8.g2 .D USB FW:g2(0x0002), American Power Conversion(0x051d), rev 1.06

   uhidev0
Controller /dev/usb1:
addr 1: full speed, self powered, config 1, UHCI root hub(0x), 
VIA(0x1106), rev 1.00

  uhub1
 port 1 powered
 port 2 powered

== dmesg ==
OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) processor (AuthenticAMD 686-class, 256KB L2 
cache) 1.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR

real mem  = 536387584 (523816K)
avail mem = 482426880 (471120K)
using 4278 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(f1) BIOS, date 07/11/02, BIOS32 rev. 0 @ 0xfb4b0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf94
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdee0/176 (9 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11 12
pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C596A ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xb000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA VT8363 Host rev 0x03
ppb0 at pci0 dev 1 function 0 VIA VT8363 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI AIW Radeon rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 VIA VT82C686 ISA rev 0x40
pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x06: ATA100, 
channel 0 configured to compatibility, channel 1 configured to compatibility

wd0 at pciide0 channel 0 drive 0: ST360021A
wd0: 16-sector PIO, LBA, 57241MB, 117231408 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: MITSUMI, CR-48XCTE, 1.0D SCSI0 5/cdrom 
removable

cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 7 function 2 VIA VT83C572 USB rev 0x16: irq 12
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 7 function 3 VIA VT83C572 USB rev 0x16: irq 12
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
viaenv0 at pci0 dev 7 function 4 VIA VT82C686 SMBus rev 0x40
emu0 at pci0 dev 9 function 0 Creative Labs SoundBlaster Live rev 
0x07: irq 5

ac97: codec id 0x83847608 (SigmaTel STAC9708/11)
ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D
audio0 at emu0
Creative Labs PCI Gameport Joystick rev 0x07 at pci0 dev 9 function 1 
not configured

bktr0 at pci0 dev 11 function 0 Brooktree BT848 rev 0x11: irq 12
bktr0: Intel Smart Video III/VideoLogic Captivator PCI, no tuner.
sis0 at pci0 dev 13 function 0 NS DP83815 10/100 rev 0x00, DP83816A: 
irq 11, address 00:09:5b:bc:78:39

nsphyter0 at sis0 phy 0: DP83815 

Re: cgi with chroot

[Marcus Glocker]

On Wed, May 31, 2006 at 12:07:16PM -0400, Adam wrote:

 I know that example generates \n instead of \r\n, that's why I said
 its wrong.  Just because apache will fix your incorrect output, doesn't
 mean you should go ahead and write CGIs that way and rely on webservers
 to fix it for you.  Not all of them will, and there's no benefit from
 doing it wrong.

Well, I wouldn't say that I am doing it wrong, maybe you are just a
little bit intolerant;

snip
RFC2616, 19.3, Tolerant Applications
...

The line terminator for message-header fields is the sequence CRLF.
However, we recommend that applications, when parsing such headers,
recognize a single LF as a line terminator and ignore the leading CR.

...
/snip

The HTTP header termination is a empty message-header field line.

In the real world I don't know a single HTTP server which is that
intolerant, including my own webserver.  My intention was to give
somebody a help and not starting an argue with you.

And before you start to offend that snip is not a vaild HTML tag,
I know that by myself ;)

Thread over for me.

Regards,
Marcus

-- 
Marcus Glocker, [EMAIL PROTECTED], http://www.nazgul.ch -

Re: UPS with USB: hidups or newhidups drivers in nut

[Stuart Henderson]

On 2006/05/31 11:12, Claus wrote:
 On 5/31/2006 5:43 AM, Stuart Henderson wrote:
 On 2006/05/31 08:52, [EMAIL PROTECTED] wrote:
 As far as I understand I need either the hidups or the newhidups
 driver of nut in order to use the APC Back-UPS XS 1500 (aka BX1500)
 with a USB interface cable. [...] Are the hidups and newhidups
 only available under Linux?
 Not tested, but NUT is probably looking for /usr/local/include/usb.h
 from the libusb port/package, not the system /usr/include/dev/usb/usb.h
 Programs using libusb should be reasonably portable between OS.
 
 Thanks Stuart.  You are right, the libusb-0.1.10ap1 package contains
 the needed /usr/local/include/usb.h file.  I got it all compiled now

Good stuff, and thanks for the useful and detailed information
you included.

 but I'm already stuck again.
 The newhidups driver doesn't detect the UPS.  I read somewhere [1]
 that the uhid device needed to be disabled in order to get the driver
 to run in FreeBSD.  Apcupsd specifically requires that from OpenBSD 
 [2].  Does that really mean that a custom build of OpenBSD is required?

Well, it needs a change making to the OS, but I don't see any
reason for it to be a custom build, it seems like it's quite
suitable to go into the standard OS.

 uhidev0 at uhub0 port 2 configuration 1 interface 0
 uhidev0: American Power Conversion Back-UPS RS 1500 FW:8.g2 .D USB FW:g2, rev 
 1.10/1.06, addr 2, iclass 
 3/0
 uhidev0: 123 report ids
 uhid0 at uhidev0 reportid 1: input=0, output=0, feature=1

Fortunately matthieu@ recently made it easy to work with this
when he made changes to uhid to accommodate the metageek wi-spy. [1]

Please try this 1-line change and rebuild the kernel (just GENERIC,
you don't need anything custom);

Index: /usr/src/sys/dev/usb/usb_quirks.c
===
RCS file: /data/cvsroot/OpenBSD/src/sys/dev/usb/usb_quirks.c,v
retrieving revision 1.22
diff -u -r1.22 usb_quirks.c
--- /usr/src/sys/dev/usb/usb_quirks.c   14 May 2006 12:00:04 -  1.22
+++ /usr/src/sys/dev/usb/usb_quirks.c   31 May 2006 17:33:07 -
@@ -128,6 +128,7 @@
  { USB_VENDOR_NEC, USB_PRODUCT_NEC_PICTY920,   ANY,   { UQ_BROKEN_BIDIR }},
  { USB_VENDOR_NEC, USB_PRODUCT_NEC_PICTY800,   ANY,   { UQ_BROKEN_BIDIR }},
  { USB_VENDOR_METAGEEK, USB_PRODUCT_METAGEEK_WISPY, ANY,   { UQ_BAD_HID }},
+ { USB_VENDOR_APC, USB_PRODUCT_APC_UPSPRO500,  ANY,   { UQ_BAD_HID }},
  { 0, 0, 0, { 0 } }
 };

This should prevent the UPS attaching to uhid, instead it should
show as ugen in dmesg and be available for apcupsd.


[1] (One can see why the wi-spy attaches to uhid since the board
is intended for wireless remote keyboard/mouse but someone worked
out how to make better use of it - but why this UPS, and the
cypress usb-serial, report themselves as being HID is less clear..)

Re: UPS with USB: hidups or newhidups drivers in nut

[Stuart Henderson]

 Please try this 1-line change and rebuild the kernel

here's a more complete diff, bringing across other HID quirks from
FreeBSD - a couple of MGE UPS, and a GPS receiver.

Index: sys/dev/usb/usb_quirks.c
===
RCS file: /data/cvsroot/OpenBSD/src/sys/dev/usb/usb_quirks.c,v
retrieving revision 1.22
diff -u -r1.22 usb_quirks.c
--- sys/dev/usb/usb_quirks.c14 May 2006 12:00:04 -  1.22
+++ sys/dev/usb/usb_quirks.c31 May 2006 17:56:38 -
@@ -128,6 +128,11 @@
  { USB_VENDOR_NEC, USB_PRODUCT_NEC_PICTY920,   ANY,   { UQ_BROKEN_BIDIR }},
  { USB_VENDOR_NEC, USB_PRODUCT_NEC_PICTY800,   ANY,   { UQ_BROKEN_BIDIR }},
  { USB_VENDOR_METAGEEK, USB_PRODUCT_METAGEEK_WISPY, ANY,   { UQ_BAD_HID }},
+ { USB_VENDOR_APC, USB_PRODUCT_APC_UPSPRO500,  ANY,   { UQ_BAD_HID }},
+ { USB_VENDOR_DELORME, USB_PRODUCT_DELORME_EARTHMATE,
+   ANY,   { UQ_BAD_HID }},
+ { USB_VENDOR_MGE, USB_PRODUCT_MGE_UPS1,   ANY,   { UQ_BAD_HID }},
+ { USB_VENDOR_MGE, USB_PRODUCT_MGE_UPS2,   ANY,   { UQ_BAD_HID }},
  { 0, 0, 0, { 0 } }
 };
 
Index: sys/dev/usb/usbdevs
===
RCS file: /data/cvsroot/OpenBSD/src/sys/dev/usb/usbdevs,v
retrieving revision 1.200
diff -u -r1.200 usbdevs
--- sys/dev/usb/usbdevs 13 May 2006 20:32:52 -  1.200
+++ sys/dev/usb/usbdevs 31 May 2006 17:55:36 -
@@ -89,6 +89,7 @@
 vendor DIAMOND20x045a  Diamond (Supra)
 vendor MICROSOFT   0x045e  Microsoft
 vendor PRIMAX  0x0461  Primax Electronics
+vendor MGE 0x0463  MGE UPS Systems
 vendor AMP 0x0464  AMP
 vendor CHERRY  0x046a  Cherry Mikroschalter
 vendor MEGATRENDS  0x046b  American Megatrends
@@ -1375,6 +1376,10 @@
 
 /* Metricom products */
 product METRICOM RICOCHET_GS   0x0001  Ricochet GS
+
+/* MGE UPS Systems products */
+product MGE UPS1   0x0001  Protection Center 1 UPS
+product MGE UPS2   0x  Protection Center 2 UPS
 
 /* Micro Star International products */
 product MSI WLAN   0x1020  WLAN
Index: sys/dev/usb/usbdevs.h
===
RCS file: /data/cvsroot/OpenBSD/src/sys/dev/usb/usbdevs.h,v
retrieving revision 1.204
diff -u -r1.204 usbdevs.h
--- sys/dev/usb/usbdevs.h   13 May 2006 20:33:32 -  1.204
+++ sys/dev/usb/usbdevs.h   31 May 2006 17:55:55 -
@@ -1,4 +1,4 @@
-/* $OpenBSD: usbdevs.h,v 1.204 2006/05/13 20:33:32 matthieu Exp $  */
+/* $OpenBSD$   */
 
 /*
  * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
@@ -96,6 +96,7 @@
 #defineUSB_VENDOR_DIAMOND2 0x045a  /* Diamond (Supra) */
 #defineUSB_VENDOR_MICROSOFT0x045e  /* Microsoft */
 #defineUSB_VENDOR_PRIMAX   0x0461  /* Primax Electronics */
+#defineUSB_VENDOR_MGE  0x0463  /* MGE UPS Systems */
 #defineUSB_VENDOR_AMP  0x0464  /* AMP */
 #defineUSB_VENDOR_CHERRY   0x046a  /* Cherry Mikroschalter 
*/
 #defineUSB_VENDOR_MEGATRENDS   0x046b  /* American Megatrends 
*/
@@ -1382,6 +1383,10 @@
 
 /* Metricom products */
 #defineUSB_PRODUCT_METRICOM_RICOCHET_GS0x0001  /* 
Ricochet GS */
+
+/* MGE UPS Systems products */
+#defineUSB_PRODUCT_MGE_UPS10x0001  /* Protection Center 1 
UPS */
+#defineUSB_PRODUCT_MGE_UPS20x  /* Protection Center 2 
UPS */
 
 /* Micro Star International products */
 #defineUSB_PRODUCT_MSI_WLAN0x1020  /* WLAN */
Index: sys/dev/usb/usbdevs_data.h
===
RCS file: /data/cvsroot/OpenBSD/src/sys/dev/usb/usbdevs_data.h,v
retrieving revision 1.204
diff -u -r1.204 usbdevs_data.h
--- sys/dev/usb/usbdevs_data.h  13 May 2006 20:33:32 -  1.204
+++ sys/dev/usb/usbdevs_data.h  31 May 2006 17:55:55 -
@@ -1,4 +1,4 @@
-/* $OpenBSD: usbdevs_data.h,v 1.204 2006/05/13 20:33:32 matthieu Exp $ 
*/
+/* $OpenBSD$   */
 
 /*
  * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
@@ -2355,6 +2355,14 @@
Ricochet GS,
},
{
+   USB_VENDOR_MGE, USB_PRODUCT_MGE_UPS1,
+   Protection Center 1 UPS,
+   },
+   {
+   USB_VENDOR_MGE, USB_PRODUCT_MGE_UPS2,
+   Protection Center 2 UPS,
+   },
+   {
USB_VENDOR_MSI, USB_PRODUCT_MSI_WLAN,
WLAN,
},
@@ -4137,6 +4145,10 @@
{
USB_VENDOR_PRIMAX,
Primax Electronics,
+   },
+   {
+   USB_VENDOR_MGE,
+   MGE UPS Systems,
},
{
USB_VENDOR_AMP,

Re: Recommended window manager for OpenBSD

[Need Coffee]

plan9/larswm.  Small, fast, and shuffles windows around so you don't have to.

Also very good for folks that prefer the keyboard over the mouse.


On 5/30/06, Sam Chill [EMAIL PROTECTED] wrote:

On 5/30/06, akonsu [EMAIL PROTECTED] wrote:
 hello

 has anyone tried evilwm (http://www.6809.org.uk/evilwm/)? is it any good?
Try it yourself. Its one of the smallest wms I have ever used. It
doesn't do much, but it does all it claims well. I've used it in the
past when I just wanted a bunch of xterms and I have no complaints.

-Sam

Re: Recommended window manager for OpenBSD

[Gleydson Soares]

 On 5/30/06, akonsu [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
  hello
 
  has anyone tried evilwm (http://www.6809.org.uk/evilwm/)? is it any
good?
 Try it yourself. Its one of the smallest wms I have ever used. It
 doesn't do much, but it does all it claims well. I've used it in the
 past when I just wanted a bunch of xterms and I have no complaints.

 -Sam

i am using the fvwm, default on OpenBSD.
you can to try ion3, is a good choice as well.
http://www.modeemi.fi/~tuomov/ion/

gsoares

Re: ssh attacks

[Matthias Kilian]

On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
 block in on Outsize proto tcp port ssh flags S/SA 
  state (max-src-conn-rate 100/10, overload bad_hosts flush global)
 
 This does not work. One gets a message that keeping state on
 a blocked run makes no sense.

See the example on overload at
http://www.openbsd.org/faq/pf/filter.html#stateopts

Basically, you pass and just block verything from bad_hosts in a
separate rule.

Ciao,
Kili

Kerberos/OpenLDAP/Samba

[Vijay Sankar]

Good day,

I am trying to set up a network with OpenBSD 3.9 as core of a single
sign-on solution using Kerberos5 authentication, OpenLDAP as the
directory service, with Samba serving Windows clients. I followed the
steps in info heimdal and can get tickets. I then set up OpenLDAP,
added the schemas (including samba.schema) and added the samba-ldap and
samba-docs packages for OpenBSD 3.9. I can traverse the ldap directory
and see the users organizational unit I had created but a Windows
client (XP SP2) is not able to access the Samba Share.

Are there any documents that are specific to OpenBSD that gives the
various steps required in making this work? If you have any pointers,
please let me know. I have read documents related to samba-ldap at
Gentoo Linux, FreeBSD and NetBSD that give some details and also tried
to follow what was available at openldap.org but it hasn't worked for me
yet. In fact the instructions I have followed have made matters worse
and left me somewhat confused. So at this point the only thing that I
know is working properly is krb5.

If there are no documents that are easy and straightforward to follow, I
would like to take a stab at creating one but will need help. If anyone
who has had experience in this area is willing to work with me, I will
be grateful. 

Thanks very much,

Vijay

-- 
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: 204 885 9535, E-Mail: [EMAIL PROTECTED]

Re: ssh attacks

[Peter Fraser]

Expect I was not clear.

Someone is attacking address 1, address 2, address 3, those
address are all blocked with respect to ssh. , but because he
is attacking those addresses, I want to stop an expected attack
on address 4. I never want to pass ssh on address 1, address 2
or address 3 ever, I want to use the information that someone
was trying to ssh to those address to identify person as
an attacker.


-Original Message-
From: Matthias Kilian [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 31, 2006 3:02 PM
To: Peter Fraser
Cc: misc@openbsd.org
Subject: Re: ssh attacks

On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
 block in on Outsize proto tcp port ssh flags S/SA 
  state (max-src-conn-rate 100/10, overload bad_hosts flush global)
 
 This does not work. One gets a message that keeping state on
 a blocked run makes no sense.

See the example on overload at
http://www.openbsd.org/faq/pf/filter.html#stateopts

Basically, you pass and just block verything from bad_hosts in a
separate rule.

Ciao,
Kili

Wouldn't It Be Wonderful To WIN EVERY LISTING?

[Pre-Listing Package]

Wouldnt It Make A Difference IfYou Increased Your Business By 40% Or
More This Year?

The testimonials are still flooding in about our new customizable
Pre-Listing Package. Heres an excerpt from one I received recently:

 your previous suggestions helped elevate my business in 2005 to the
BEST year I've ever experienced in Real Estate (40% increase from 2004).
Not to mention the confidence boost and increased number of listings I
received from using your pre-listing package (I'm in the midst of
implementing your NEW one which blows away your previous one...I'm so
excited. I've already successfully used the mini pre listing pkg.
Marketing System Solutions, thank you so-o-o-o much.

L. Abrams, Coldwell Banker, PA

Click here to learn about our new *KILLER* Pre-Listing package.

If you arent immediately directed to our webpage, please enter the
following into the address bar of your Internet browser:
www.mssincproducts.com/prelistingpackage.html

Please do not reply to this message  this mailbox is not monitored.

[IMAGE]
[IMAGE] Marketing System Solutions, Inc. 7 P.O. Box 266 7 Washington, NJ
07882

Re: ssh attacks

[Terry]

On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
 Right now someone is trying out each IP address I have
 with an ssh attack. Only one of those IP addresses is
 enabled for ssh. I have a (max-src-conn-rate 100/10,
 overload bad_guys flush global) on that address.
 
 I would like to know how to get pf to note these
 other atempts and block the sender. To me the obvious
 would be 
 
 block in on Outsize proto tcp port ssh flags S/SA 
  state (max-src-conn-rate 100/10, overload bad_hosts flush global)
 
 This does not work. One gets a message that keeping state on
 a blocked run makes no sense.
 

These are the rules I use for this.

block in log quick on $ext_if from bruteforce to any

pass in log on $ext_if inet proto tcp from any to ($ext_if) \
   port ssh flags S/SA keep state\
(max-src-conn 5, max-src-conn-rate 5/60, \
overload bruteforce flush global)

HTH
-- 
Terry
http://tyson.homeunix.org

openvpn bridge ip/netmask

[shadrock]

I have a lan interface 
A tun0 interface
Both are bridged with bridge0
Bridge0 is configured by brconfig 
I have setup openvpn in bridge mode 
But only broadcasts and arp request pass tun0 

How do I add an address/ip to bridge0 ?

shadrock


-
Email sent from www.ntlworld.com
Virus-checked using McAfee(R) Software 
Visit www.ntlworld.com/security for more information

Re: ssh attacks

[Darrin Chandler]

On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
 Right now someone is trying out each IP address I have
 with an ssh attack. Only one of those IP addresses is
 enabled for ssh. I have a (max-src-conn-rate 100/10,
 overload bad_guys flush global) on that address.
 
 I would like to know how to get pf to note these
 other atempts and block the sender. To me the obvious
 would be 
 
 block in on Outsize proto tcp port ssh flags S/SA 
  state (max-src-conn-rate 100/10, overload bad_hosts flush global)
 
 This does not work. One gets a message that keeping state on
 a blocked run makes no sense.

You already have or will get answers to your question. Having gone
through this myself I'll propose something else: secure your machines
and forget about the ssh scanners.

I blocked these guys by various means and watched what happened for a
while. Sometimes there were lots of scans and other times there were
only a few per day. But they were all hit and run scans, from IPs all
over the place. You're going to fill your tables with IPs that aren't
coming back. Pf does a fine job with tables, and my boxes never got slow
or low on memory. But why waste resources for nothing? At that point
you're really doing the same job as pflog.

I ended up using a table for IPs allowed to ssh, others are blocked.

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

OT: thanks

[poncenby]

My dmesg:

OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Samuel 2 (CentaurHauls 686-class) 533 MHz
cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX
real mem  = 158900224 (155176K)
avail mem = 138125312 (134888K)
using 1965 buffers containing 8048640 bytes (7860K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(30) BIOS, date 03/18/02, BIOS32 rev. 0 @  
0xfb370

apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdce4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdc70/112 (5 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11 12
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8231 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x9800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA VT8601 PCI rev 0x05
ppb0 at pci0 dev 1 function 0 VIA VT82C601 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 Trident CyberBlade i1 rev 0x6a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 17 function 0 VIA VT8231 ISA rev 0x10
pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06:  
ATA100, channel 0 configured to compatibility, channel 1 configured  
to compatibility

wd0 at pciide0 channel 0 drive 0: Maxtor 6B160P0
wd0: 16-sector PIO, LBA48, 156334MB, 320173056 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 17 function 2 VIA VT83C572 USB rev 0x1e: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 17 function 3 VIA VT83C572 USB rev 0x1e: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
viaenv0 at pci0 dev 17 function 4 VIA VT8231 PMG rev 0x10
auvia0 at pci0 dev 17 function 5 VIA VT82C686 AC97 rev 0x40: irq 12
auvia0: codec reset timed out
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
ac97: codec id not read
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
auvia0: codec busy
audio0 at auvia0
vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x51: irq 10  
address 00:40:63:c1:1d:13

ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface
ukphy0: OUI 0x004063, model 0x0032, rev. 5
rl0 at pci0 dev 20 function 0 Realtek 8139 rev 0x10: irq 11 address  
00:e0:4c:39:05:0f

rlphy0 at rl0 phy 0: RTL internal phy
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
biomask e36d netmask ef6d ttymask efef
pctr: user-level cycle counter enabled
ugen0 at uhub0 port 1
ugen0: THOMSON Speed Touch 330, rev 1.10/4.00, addr 2
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

I've been flitting with other operating systems to see if I can make  
compile times quicker and less pppoa2[9464]: write_dest: ENOBUFS errors.
so have tried freebsd/ubuntu etc etc and none have performed so well  
on such poor hardware as openbsd.


just thought I'd mail and say thanks and well done guys!

p.s. is anyone working on reverse engineering the firmware for usb  
adsl modems? i'd love to do it myself but would take a very long time :)


regards

poncenby

Re: ssh attacks

[Clint M. Sand]

If these attempts all come from the same source, why not filter that ip
at the gateway level. What legit use does this person have on your
network on any port, much less ssh?



On Wed, May 31, 2006 at 03:15:34PM -0400, Peter Fraser wrote:
 Expect I was not clear.
 
 Someone is attacking address 1, address 2, address 3, those
 address are all blocked with respect to ssh. , but because he
 is attacking those addresses, I want to stop an expected attack
 on address 4. I never want to pass ssh on address 1, address 2
 or address 3 ever, I want to use the information that someone
 was trying to ssh to those address to identify person as
 an attacker.
 
 
 -Original Message-
 From: Matthias Kilian [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, May 31, 2006 3:02 PM
 To: Peter Fraser
 Cc: misc@openbsd.org
 Subject: Re: ssh attacks
 
 On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
  block in on Outsize proto tcp port ssh flags S/SA 
   state (max-src-conn-rate 100/10, overload bad_hosts flush global)
  
  This does not work. One gets a message that keeping state on
  a blocked run makes no sense.
 
 See the example on overload at
 http://www.openbsd.org/faq/pf/filter.html#stateopts
 
 Basically, you pass and just block verything from bad_hosts in a
 separate rule.
 
 Ciao,
   Kili

Re: Problems trying to log on squirrelmail.

[Sigfred Håversen]

Stuart Henderson wrote:
[snip]

If you are simply looking for a decent IMAP server and don't
particularly need the features of Cyrus, try Dovecot instead.
It's simpler and quite easy to use.


In -current, Postfix (mail/postfix/snapshot/) supports Dovecot SASL:

http://wiki.dovecot.org/Sasl

/Sigfred

Re: ssh attacks

[Matthias Kilian]

On Wed, May 31, 2006 at 03:15:34PM -0400, Peter Fraser wrote:
 Expect I was not clear.
 
 Someone is attacking address 1, address 2, address 3, those
 address are all blocked with respect to ssh. , but because he
 is attacking those addresses, I want to stop an expected attack
 on address 4. I never want to pass ssh on address 1, address 2
 or address 3 ever, I want to use the information that someone
 was trying to ssh to those address to identify person as
 an attacker.

Oh, sorry for not reading exactly.

So your problem is that you want to get state for ssh connection
attempts to addresses 1, 2 and 3 but at the same time want to block
those connections. This isn't possible (no connection - no state).

(QUICK HACK ALERT)

But it may be possible to redirect those connections to some unused
port on localhost (i.e. the firewall) let something listen on this
port, accept everything but immediately closing the connection.
Then use a simple pass rule with overload and max-src-conn options
to add offending addresses to your table.

Ciao,
Kili

ps: I didn't test the above, so if it's complete nonsense, feel
free to flame me.

Re: data DVD mounting on OpenBSD 3.8

[Martin Vahi]

From [EMAIL PROTECTED] Thu May 25 10:23:13 2006
Date: Thu, 25 May 2006 09:13:45 +0200
From: Bachman Kharazmi [EMAIL PROTECTED]

I've not used dvd's with obsd myself, but I assume you've read
http://www.openbsd.org/faq/faq13.html#playDVD
AND the link about how to mount DVDs.
http://www.openbsd.org/cgi-bin/man.cgi?query=mount_cd9660sektion=8

If the mount doesn't work, reply with error and the commands you ran.


Unfortunately I have read those sources, but they were of no
help. Commands and their output after inserting a kind of
data DVD, which mounts on Windows, in to the DVD-RW-drive:

verbatim--start--
# whoami
root
# ls -l /mnt/
total 12
drwxrwxrwx  2 root  wheel  512 May 12 07:37 CDROM
drwxrwxrwx  2 root  wheel  512 Mar 10 03:52 DVDROM
drwxrwxrwx  2 root  wheel  512 Feb 27 13:49 M2luFlopi
# mount_cd9660 -e /dev/rcd0c /mnt/DVDROM/
mount_cd9660: /dev/rcd0c on /mnt/DVDROM: Block device required
# ls -l /dev/*dvd*
ls: /dev/*dvd*: No such file or directory
# mount -a /dev/rcd0c /mnt/DVDROM/
mount_ffs: /dev/rcd0c on /mnt/DVDROM: Block device required
# ls -l /dev/*cd0*
brw-r-  1 root  operator   16,   0 Feb 27 06:20 /dev/ccd0a
brw-r-  1 root  operator   16,   1 Feb 27 06:20 /dev/ccd0b
brw-r-  1 root  operator   16,   2 Feb 27 06:20 /dev/ccd0c
brw-r-  1 root  operator   16,   3 Feb 27 06:20 /dev/ccd0d
brw-r-  1 root  operator   16,   4 Feb 27 06:20 /dev/ccd0e
brw-r-  1 root  operator   16,   5 Feb 27 06:20 /dev/ccd0f
brw-r-  1 root  operator   16,   6 Feb 27 06:20 /dev/ccd0g
brw-r-  1 root  operator   16,   7 Feb 27 06:20 /dev/ccd0h
brw-r-  1 root  operator   16,   8 Feb 27 06:20 /dev/ccd0i
brw-r-  1 root  operator   16,   9 Feb 27 06:20 /dev/ccd0j
brw-r-  1 root  operator   16,  10 Feb 27 06:20 /dev/ccd0k
brw-r-  1 root  operator   16,  11 Feb 27 06:20 /dev/ccd0l
brw-r-  1 root  operator   16,  12 Feb 27 06:20 /dev/ccd0m
brw-r-  1 root  operator   16,  13 Feb 27 06:20 /dev/ccd0n
brw-r-  1 root  operator   16,  14 Feb 27 06:20 /dev/ccd0o
brw-r-  1 root  operator   16,  15 Feb 27 06:20 /dev/ccd0p
br--rw-rw-  1 root  operator6,   0 Feb 27 06:20 /dev/cd0a
brw---  1 root  operator6,   2 Apr  9 05:00 /dev/cd0c
brw-r-  1 root  operator7,   0 Feb 27 06:20 /dev/mcd0a
brw-r-  1 root  operator7,   2 Feb 27 06:20 /dev/mcd0c
crw-r-  1 root  operator   18,   0 Feb 27 06:20 /dev/rccd0a
crw-r-  1 root  operator   18,   1 Feb 27 06:20 /dev/rccd0b
crw-r-  1 root  operator   18,   2 Feb 27 06:20 /dev/rccd0c
crw-r-  1 root  operator   18,   3 Feb 27 06:20 /dev/rccd0d
crw-r-  1 root  operator   18,   4 Feb 27 06:20 /dev/rccd0e
crw-r-  1 root  operator   18,   5 Feb 27 06:20 /dev/rccd0f
crw-r-  1 root  operator   18,   6 Feb 27 06:20 /dev/rccd0g
crw-r-  1 root  operator   18,   7 Feb 27 06:20 /dev/rccd0h
crw-r-  1 root  operator   18,   8 Feb 27 06:20 /dev/rccd0i
crw-r-  1 root  operator   18,   9 Feb 27 06:20 /dev/rccd0j
crw-r-  1 root  operator   18,  10 Feb 27 06:20 /dev/rccd0k
crw-r-  1 root  operator   18,  11 Feb 27 06:20 /dev/rccd0l
crw-r-  1 root  operator   18,  12 Feb 27 06:20 /dev/rccd0m
crw-r-  1 root  operator   18,  13 Feb 27 06:20 /dev/rccd0n
crw-r-  1 root  operator   18,  14 Feb 27 06:20 /dev/rccd0o
crw-r-  1 root  operator   18,  15 Feb 27 06:20 /dev/rccd0p
-rw-r--r--  1 root  wheel 1024 Apr  9 05:40 /dev/rcd0
crw-r-  1 root  operator   15,   0 Feb 27 06:20 /dev/rcd0a
crw-r--r--  1 root  operator   15,   2 Apr  9 05:40 /dev/rcd0c
crw-r-  1 root  operator   39,   0 Feb 27 06:20 /dev/rmcd0a
crw-r-  1 root  operator   39,   2 Feb 27 06:20 /dev/rmcd0c
# mount_cd9660 -e /dev/rccd0c /mnt/DVDROM/
mount_cd9660: /dev/rccd0c on /mnt/DVDROM: Block device required
# mount_cd9660 -e /dev/cd0c /mnt/DVDROM/
mount_cd9660: /dev/cd0c on /mnt/DVDROM: Invalid argument
# mount_cd9660 -e /dev/mcd0c /mnt/DVDROM/
mount_cd9660: /dev/mcd0c on /mnt/DVDROM: Device not configured
# mount_cd9660 -e /dev/rmcd0c /mnt/DVDROM/
mount_cd9660: /dev/rmcd0c on /mnt/DVDROM: Block device required
# mount_cd9660 -e /dev/ccd0c /mnt/DVDROM/
mount_cd9660: /dev/ccd0c on /mnt/DVDROM: Device not configured
verbatim--end

The type of the writeable DVD is DVD+R.

Regards,
Martin Vahi

Re: data DVD mounting on OpenBSD 3.8

[Stuart Henderson]

On 2006/05/31 23:14, Martin Vahi wrote:
 mount_cd9660: /dev/rccd0c on /mnt/DVDROM: Block device required
 mount_cd9660: /dev/cd0c on /mnt/DVDROM: Invalid argument
 mount_cd9660: /dev/mcd0c on /mnt/DVDROM: Device not configured
 mount_cd9660: /dev/rmcd0c on /mnt/DVDROM: Block device required
 mount_cd9660: /dev/ccd0c on /mnt/DVDROM: Device not configured

Look at the error messages, the ones for the devices
starting with an r (raw devices) say Block device required.
The ones for devices not present on your system say, Device
not configured. And there's one different message, for cd0c.

Or, look at cd(4) i.e. 'man 4 cd', ccd(4), mcd(4), and see
which you think is most likely.

Hopefully that has got you looking more closely at cd0;
what else could you try? Are you mounting the correct
partition? Note what cd(4) says about disklabel.

Re: ssh attacks

[A. Khattri]

On Wed, 31 May 2006, Peter Fraser wrote:

 Expect I was not clear.

 Someone is attacking address 1, address 2, address 3, those
 address are all blocked with respect to ssh. , but because he
 is attacking those addresses, I want to stop an expected attack
 on address 4. I never want to pass ssh on address 1, address 2
 or address 3 ever, I want to use the information that someone
 was trying to ssh to those address to identify person as
 an attacker.

Have a look at denyhosts (Google for that).



-- 
A

Nouveaux produits

[TDF]

Cher Monsieur, Chhre Madame 
La boutique   technologie du futur  vous prisente ses nouveaux produits : 
Nous avons rajoutis une gamme de  CD Audio Strobe personnalisis qui traitent 
plus spicifiquement les points disiris. Et toujours nos produits d'avant-garde 
pour :  Apprentissage acciliri  , Etude  ,   Hypnose  ,  Ditente , Relaxation   
, Hyperactiviti  , Concentration  , Mimoire  , Croissance  , Guirison  ,  
Dipendances (Midicaments, Alcool, Drogues...)   l'Anxiiti  
CD personnalisis subliminaux ou d'auto-hypnose (relaxation, cigarette, 
rigime...) 
Nos stimulateurs ciribraux qui vous permettent de divelopper au maximum votre 
potentiel. 
Dans l'attente de vos nouvelles, meilleures salutations. 
5/11/2006 9:40:32 Team TDF 



Accidez ` la boutique en cliquant ici 

Re: Recommended window manager for OpenBSD

[Henry Lenzi]

No. Just by lookin at the screenshots you can see it doesn't do what
Ion does. With Ion, space is managed for you (that is its whole
point). The point is stopping with that foolish
oh-where-am-I-going-to-place-this-window attitude.

Re: openvpn bridge ip/netmask

[Stuart Henderson]

On 2006/05/31 18:20, [EMAIL PROTECTED] wrote:
 I have a lan interface 
 A tun0 interface

You put this into what OpenVPN calls 'tap' mode, didn't
you? See tun(4) about layer 2 tunneling mode.

 Both are bridged with bridge0

If the above doesn't help, send your config to misc@ (or
the openvpn mailing list), including: hostname.tun0,
openvpn config, netstat -rn, pf.conf, brconfig -a, and
whatever else you can think of that may be relevant.

 Bridge0 is configured by brconfig 
 I have setup openvpn in bridge mode 
 But only broadcasts and arp request pass tun0 
 
 How do I add an address/ip to bridge0 ?

It happens automatically (unless you tell it otherwise).
See brconfig(8).

fwiw: on OpenBSD 3.9, IPSEC is __very much__ simpler to
setup than OpenVPN, and you don't need to keep watching
for security fixes.

vpn1411 problem related to software error? (was Re: [Fwd: 'Corrupted MAC on input' points to vpn1411 problem])

[Breen Ouellette]

Didier Wiroth wrote:

I run the test for almost 20 minutes, there was no problem anymore!
Regards
Didier
  

Thank you for your report.

Here's where I stick my head out farther than I probably should and hope 
it doesn't get taken off.


I checked the hifn code to see if it had changed since 3.9 Release. It 
hasn't. I took a look at the list of includes and noticed that several 
files have changed since 3.9 Release. Not being skilled enough to know 
if this is the right train of thought, I have to ask: is it possible 
that something was changed before 3.9 Release which broke hifn, and was 
later (lately) adjusted back to a state which works with hifn? If so, if 
the cause is not identified now is there a possibility that hifn could 
be broken again in the future?


The reason I ask is that hifn has a somewhat muddy history of breakage 
which has often been blamed on hardware. Is the hardware junk or is the 
problem hard to nail down? Or is this a combination of both - is the 
previous evidence of junk hardware + hifn problems resulting in a knee 
jerk reaction of blaming the hardware by default?


Also relevant for mere users like myself (ie not qualified to fix this 
problem), should we just downgrade to an earlier release or upgrade to 
current, or is this the sort of thing that would get patched if a 
problem was indeed identified?


Thanks.

Breeno

CARP

[Bachman Kharazmi]

I finally got CARP _working_ :)

I've a problem when I do ifconfig carp1 down on the MASTER host to
test if BACKUP takes over the traffic..

It does work so far. But the problem is that if I'm streaming Internet
radio or are connected to IRC the radio will get stalled when I do
ifconfig carp1 down on MASTER, and the IRC disconnects and then
tries to reconnect which of course works.

I think something is wrong, since it shouldn't affect the traffic flow
at all when MASTER interrupt.

I have three interfaces in each host. and my setup looks like
(here is a diff link http://pastebin.com/pastebin.php?diff=749904)

MASTER HOST:
# ifconfig
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33192
   groups: lo
   inet 127.0.0.1 netmask 0xff00
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
hme0: 
flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
   lladdr 08:00:20:9e:7c:60
   groups: egress
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet6 fe80::a00:20ff:fe9e:7c60%hme0 prefixlen 64 scopeid 0x1
   inet 192.168.1.10 netmask 0xff00 broadcast 192.168.1.255
rl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:08:a1:8e:64:70
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 192.168.10.100 netmask 0xff00 broadcast 192.168.10.255
   inet6 fe80::208:a1ff:fe8e:6470%rl0 prefixlen 64 scopeid 0x2
fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:50:8b:0e:30:02
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 192.168.254.254 netmask 0xff00 broadcast 192.168.254.255
   inet6 fe80::250:8bff:fe0e:3002%fxp0 prefixlen 64 scopeid 0x3
pflog0: flags=141UP,RUNNING,PROMISC mtu 33192
pfsync0: flags=41UP,RUNNING mtu 1460
   pfsync: syncdev: fxp0 maxupd: 128
enc0: flags=0 mtu 1536
carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   carp: MASTER carpdev hme0 vhid 1 advbase 1 advskew 0
   groups: carp
   inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255
carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   carp: MASTER carpdev rl0 vhid 2 advbase 1 advskew 0
   groups: carp
   inet 192.168.10.50 netmask 0xff00 broadcast 192.168.10.255
# cat /etc/hostname.*
inet 192.168.1.100 255.255.255.0 192.168.1.255 vhid 1 pass foo
inet 192.168.10.50 255.255.255.0 192.168.10.255 vhid 2 pass bar
inet 192.168.254.254 255.255.255.0 NONE
dhcp NONE NONE NONE
up syncif fxp0
inet 192.168.10.100 255.255.255.0 NONE

BACKUP HOST:
# ifconfig
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33192
   groups: lo
   inet 127.0.0.1 netmask 0xff00
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
hme0: 
flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
   lladdr 08:00:20:9c:5d:3a
   groups: egress
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet6 fe80::a00:20ff:fe9c:5d3a%hme0 prefixlen 64 scopeid 0x1
   inet 192.168.1.7 netmask 0xff00 broadcast 192.168.1.255
rl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:c0:26:6d:ff:6c
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 192.168.10.200 netmask 0xff00 broadcast 192.168.10.255
   inet6 fe80::2c0:26ff:fe6d:ff6c%rl0 prefixlen 64 scopeid 0x2
fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:50:8b:0e:7d:7d
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 192.168.254.253 netmask 0xff00 broadcast 192.168.254.255
   inet6 fe80::250:8bff:fe0e:7d7d%fxp0 prefixlen 64 scopeid 0x3
pflog0: flags=141UP,RUNNING,PROMISC mtu 33192
pfsync0: flags=41UP,RUNNING mtu 1348
   pfsync: syncdev: fxp0 maxupd: 128
enc0: flags=0 mtu 1536
carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   carp: BACKUP carpdev hme0 vhid 1 advbase 1 advskew 50
   groups: carp
   inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255
carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   carp: BACKUP carpdev rl0 vhid 2 advbase 1 advskew 50
   groups: carp
   inet 192.168.10.50 netmask 0xff00 broadcast 192.168.10.255
# cat /etc/hostname.*
inet 192.168.1.100 255.255.255.0 192.168.1.255 vhid 1 advskew 50 pass foo
inet 192.168.10.50 255.255.255.0 192.168.10.255 vhid 2 advskew 50 pass bar
inet 192.168.254.253 255.255.255.0 NONE
dhcp NONE NONE NONE
up syncif fxp0
inet 192.168.10.200 255.255.255.0 NONE

And pf.conf at both hosts are identical:
# cat /etc/pf.conf
set loginterface fxp0
nat on hme0 from rl0:network to any - hme0
pass in  on hme0  all
pass out on hme0  all
pass quick on { fxp0 } proto pfsync keep state
pass on { hme0 rl0 } 

Re: cgi with chroot

[prad]

On Wednesday 31 May 2006 00:20, Aiko Barz wrote:
 Ruby is working for me too. Check this out:

the script is great, aiko and has helped my understanding a lot (i'm trying to 
learn ksh as well and it was nice to see a script like this in action!)

(also thanks to marcus (and others) for the various tips. marcus, i will 
follow through on the scripting as per your suggestions, after i get the 
embedded ruby with mod_ruby to work.)

i ran the script and the environment is all setup nicely.
then i went to /usr/local/share/examples/mod_ruby and got the httpd.conf 
addititons (copied below) from there and put it into my httpd.conf file.

then something happens that i don't understand. 

the RubyRequire apache/ruby-run
causes no problems when i start apache,

but

when i try 
RubyRequire apache/eruby-run (which i need, i presume, to run the 
embedded .rhtml files)
i get error messages spewed out:
[Wed May 31 14:13:04 2006] [error] mod_ruby: failed to require 
apache/eruby-run
[Wed May 31 14:13:04 2006] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Wed May 31 14:13:04 2006] [error] mod_ruby: failed to require 
apache/eruby-run
[Wed May 31 14:13:04 2006] [error] mod_ruby: error in ruby
[Wed May 31 14:13:04 2006] [error] mod_ruby: error in ruby
[Wed May 31 14:13:04 2006] [error] 
mod_ruby: /usr/local/lib/ruby/1.8/apache/eruby-run.rb:45:in `require': no 
such file to load -- eruby (LoadError)

i find this weird because eruby is sitting right beside ruby in the apache 
folder!!??? yet it seems that it can't be found.

finally, don't i also need a
AddType application/x-httpd-ruby .rhtml


-- 
In friendship,
prad

  ... with you on your journey
Towards Freedom
http://www.towardsfreedom.com (website)
Information, Inspiration, Imagination - truly a site for soaring I's


#   You should specify the correct path to mod_ruby.so.
LoadModule ruby_module /usr/local/apache/libexec/mod_ruby.so
#note: this needs to be /usr/lib/apache/modules/mod_ruby.so#

# # If ClearModuleList is used in your httpd.conf, you should use AddModule
# # to activate the ruby module.
# AddModule mod_ruby.c

# If the ruby module is installed, this will be enabled.
IfModule mod_ruby.c
  # for Apache::RubyRun
  RubyRequire apache/ruby-run

  # exec files under /ruby as ruby scripts.
  Location /ruby
SetHandler ruby-object
RubyHandler Apache::RubyRun.instance
Options +ExecCGI
  /Location

  # exec *.rbx as ruby scripts.
  Files *.rbx
SetHandler ruby-object
RubyHandler Apache::RubyRun.instance
  /Files

  # # for Apache::ERubyRun
  # RubyRequire apache/eruby-run
  #
  # # handle files under /eruby as eRuby files by eruby.
  # Location /eruby
  #   SetHandler ruby-object
  #   RubyHandler Apache::ERubyRun.instance
  # /Location
  #
  # # handle *.rhtml as eruby files.
  # Files *.rhtml
  #   SetHandler ruby-object
  #   RubyHandler Apache::ERubyRun.instance
  # /Files

  # # for Apache::ERbRun
  # RubyRequire apache/erb-run
  #
  # # handle files under /erb as eRuby files by ERb.
  # Location /erb
  #   SetHandler ruby-object
  #   RubyHandler Apache::ERbRun.instance
  # /Location

  # # for debug
  # RubyRequire auto-reload
/IfModule

other languages support?

[akonsu]

Hello,

is there a way to install several languages on one system? say, if i have an
english system, is there a way to add cyrillic to it and switch between the
two languages when typing?

thanks for any pointers!
konstantin

Ответ: other languages support?

[Vadim Jukov]

http://www.openbsd.ru/

2006/6/1, akonsu [EMAIL PROTECTED]:

Hello,

is there a way to install several languages on one system? say, if i have an
english system, is there a way to add cyrillic to it and switch between the
two languages when typing?

thanks for any pointers!
konstantin

Re: CARP

[Stuart Henderson]

On 2006/05/31 23:21, Bachman Kharazmi wrote:
 # cat /etc/hostname.*
 inet 192.168.1.100 255.255.255.0 192.168.1.255 vhid 1 pass foo
 inet 192.168.10.50 255.255.255.0 192.168.10.255 vhid 2 pass bar
 inet 192.168.254.254 255.255.255.0 NONE
 dhcp NONE NONE NONE
 up syncif fxp0
 inet 192.168.10.100 255.255.255.0 NONE

this doesn't answer your question, but can I recommend this,
which I find useful in many situations since it displays the lines
from the file prefixed with the filename, so people can tell which
line is from which file:

$ grep . /etc/hostname.*

You can use head/tail to similar effect too, but grep gives more
compact output, also particularly good for reading pkg/DESCR of
several ports at once.

Re: ??????????: other languages support?

[Darrin Chandler]

On Thu, Jun 01, 2006 at 02:26:46AM +0400, Vadim Jukov wrote:
 http://www.openbsd.ru/
 
 2006/6/1, akonsu [EMAIL PROTECTED]:
 is there a way to install several languages on one system? say, if i have 
 an
 english system, is there a way to add cyrillic to it and switch between 
 the
 two languages when typing?

I find that if I use the Caps Lock key I can enter some simple cyrillic
words like PRIVET and even some proper names like CBETA. Of course this
doesn't work for all words, but you can spell bedroom in Russian that
way. Yes, it's not the perfect answer but it saves mucking with config
files and stuff.

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: ??????????: other languages support?

[akonsu]

huh? bedroom? is this a joke?

2006/5/31, Darrin Chandler [EMAIL PROTECTED]:


 I find that if I use the Caps Lock key I can enter some simple cyrillic
 words like PRIVET and even some proper names like CBETA. Of course this
 doesn't work for all words, but you can spell bedroom in Russian that
 way. Yes, it's not the perfect answer but it saves mucking with config
 files and stuff.

 --
 Darrin Chandler|  Phoenix BSD Users Group
 [EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
 http://www.stilyagin.com/  |

Re: ??????????: other languages support?

[Spruell, Darren-Perot]

 huh? bedroom? is this a joke?

KOMHATA.

Not that I'd really consider this multi-language support... :)

DS

Re: Your DriverGuide.com Inquiry

[join . 1]

Greetings from DriverGuide.com.

We're sorry. You replied to a notification-only address that cannot
accept incoming e-mail. But that's OK--this automated response will
direct you to the right place at DriverGuide.com to answer your question.

Many common questions are answered in our FAQ, please visit:
http://members.driverguide.com/index.php?action=faq

If you have already registered but have not received your membership email, 
visit:
http://members.driverguide.com/ums/index.php?action=rs

If you have already registered but forgotten your password, visit:
http://members.driverguide.com/ums/index.php?action=fd

If you are having trouble with registration, visit:
http://members.driverguide.com/index.php?action=feedbackid=27s=1

For all other questions or inquiries, visit:
http://members.driverguide.com/index.php?action=feedback

Thanks for using DriverGuide.com!


Sincerely,

DriverGuide team
http://www.DriverGuide.com


To unsubscribe from DriverGuide, click on this link:
http://members.driverguide.com/ums/[EMAIL PROTECTED]


P.S. You received this message because DriverGuide.com received
a message with the following headers:

From: misc@openbsd.org
To: [EMAIL PROTECTED]
Subject: Important
Date: Thu, 1 Jun 2006 06:41:18 +0700

The Unix Haters Handbook

[Rico]

Hi all.

I had not before seen this book, but doing some Unix research I found it 
at http://research.microsoft.com/~daniel/uhh-download.html


Loving Unix I found the book hilarious and quite entertaining and still 
containing some truth. The chapter about the rm command is very funny 
because everybody has tried that mistake once.


Anyway, wanted to share my discovery. I know many knows this book, but 
perhaps many also don't.


Best and kind regards,
Rico

Re: UPS with USB: hidups or newhidups drivers in nut

[Theo de Raadt]

 Index: sys/dev/usb/usb_quirks.c
 ===
 RCS file: /data/cvsroot/OpenBSD/src/sys/dev/usb/usb_quirks.c,v
 retrieving revision 1.22
 diff -u -r1.22 usb_quirks.c
 --- sys/dev/usb/usb_quirks.c  14 May 2006 12:00:04 -  1.22
 +++ sys/dev/usb/usb_quirks.c  31 May 2006 17:56:38 -
 @@ -128,6 +128,11 @@
   { USB_VENDOR_NEC, USB_PRODUCT_NEC_PICTY920, ANY,   { UQ_BROKEN_BIDIR }},
   { USB_VENDOR_NEC, USB_PRODUCT_NEC_PICTY800, ANY,   { UQ_BROKEN_BIDIR }},
   { USB_VENDOR_METAGEEK, USB_PRODUCT_METAGEEK_WISPY, ANY,   { UQ_BAD_HID }},
 + { USB_VENDOR_APC, USB_PRODUCT_APC_UPSPRO500,ANY,   { UQ_BAD_HID 
 }},
 + { USB_VENDOR_DELORME, USB_PRODUCT_DELORME_EARTHMATE,
 + ANY,   { UQ_BAD_HID }},
 + { USB_VENDOR_MGE, USB_PRODUCT_MGE_UPS1, ANY,   { UQ_BAD_HID }},
 + { USB_VENDOR_MGE, USB_PRODUCT_MGE_UPS2, ANY,   { UQ_BAD_HID }},
   { 0, 0, 0, { 0 } }
  };

I think we need a much more compressed do not attach as hid table
inside the uhid driver itself, since there are going to mny more
than this in the long run.  I think hid has it backwards.  I will
discuss it this evening with dlg and pascoe.

Re: Kernel panic -- Processor State .. PState

[Jerome Loyet]

Hello,

After a large investigation I figured out that some people have problems
with OpenBSD on that machine and some don't.

The hardware is strictly the same. All hardware tests pass fine.
The only difference between the 2 kind of machine is about the BIOS version
installed.

The differences between the two BIOS are: 
 - The vcore has been updated to +0.1v
 - Pstate has been removed

The second release of the BIOS seams to be buggy on OpenBSD.

Someone could help me to understand on this please ?

Thx ++ Jerome


 -Message d'origine-
 De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
 De la part de Jerome Loyet
 Envoye : mardi 30 mai 2006 23:28
 A : misc@openbsd.org
 Objet : Re: Kernel panic smashed stack in ufs_makeinode
 
 In fact this is not just a problem with my machine.
 I bought a dedicated server (www.dedibox.fr). I installed 
 OpenBSD 3.9 on it.
 Other people did exactly the same and the have the same problem.
 
 This is NOT a hardware which is disfunctioning. This must be 
 a problem of compatibility.
 
 Any idees ?
 
  -Message d'origine-
  De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
 De la part 
  de Spruell, Darren-Perot Envoyi : mardi 30 mai 2006 23:06 @ : 
  misc@openbsd.org Objet : Re: Kernel panic smashed stack in 
  ufs_makeinode
 
  From: [EMAIL PROTECTED]
   I got another kernel panic: free: non-malloced addr 0x10 type temp
  
   Many programs seg fault with Program terminated with signal 11, 
   Segmentation fault
  
   The memory has been tested with memtest86.
  
   Any idees?
 
  I've had memtest86 report good memory when I had a system throwing 
  spurious signal 11s. The fix was swapping out memory in the end. I 
  don't suppose
  memtest86 is supposed to be able to detect all memory 
 problems, yeah?
 
  DS
 
 [demime 1.01d removed an attachment of type 
 application/x-pkcs7-signature which had a name of smime.p7s]

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: CARP

[Chad M Stewart]

On May 31, 2006, at 5:21 PM, Bachman Kharazmi wrote:


I've a problem when I do ifconfig carp1 down on the MASTER host to
test if BACKUP takes over the traffic..



You're not alone.  I have a pair of boxes running 3.8/pf/carp/etc..
I upgraded them to 3.9 and during the upgrade discovered that if I do  
'ifconfig carp0|1 down' that fail over does not happen properly.  : 
(   If I do 'ifconfig rl0 down' (rl0 being the physical interface for  
carp0) that things then do fail over as expected.  I thought maybe  
this was an issue with 3.9 so I did a fresh install of 3.8 on both  
and still the problem persists.  I have not bothered with the upgrade  
to 3.9 again, no time just yet.


I know that 3.8  3.9 boxes can't keep sync together.  I'm seeing the  
problem when both boxes are at the same version, either 3.8 or 3.9.   
I know it worked at one point back in my lab but that was 3.7.


When I do fail rl0, state is preserved for connections.  I have a  
VOIP line and had a connection between that and my cell phone going  
when I failed rl0.  The telephone call stayed live.  This is all from  
memory but I recall that when I did fail carp0 connections stopped.   
I think it was a case of the master node still had carp1 as master,  
yet the second node had carp0 as master or something like that where  
each thought it had half and thus no connections would work.


I'm at a loss as to why this might be happening.   Annoying issue  
too.  If I wanted to take a host out of the pool of firewalls then  
I'd take down the carp interface, leaving the physical interfaces up,  
so access to the box would still work.  Now I can't do that.  :(



-Chad

Libpcap library version

[Bryan Chapman]

I was trying working with ettercap today, and found out the only version 0.6.bp3
is in the ports tree.  This version is described as deprecated on the ettercap
webpage.  I downloaded the most recent version (0.7.3) and tried to install it.
 When I run the configure script included in I get the following output:

$ ./configure --with-libpcap=/usr/src/lib/libpcap
...
checking for libpcap... /usr/src/lib/libpcap
checking for pcap_datalink_val_to_description in -lpcap... no
configure: error: Incorrect libpcap version. libpcap = 0.8.1 required

I was told on the #openbsd irc channel that openbsd maintains its own versions
of the libraries.  Is this just due to an old library version, or am I missing
something else?


--
There are no stupid questions, but there are a lot of inquisitive idiots.

Re: Kernel panic -- Processor State .. PState

[Stuart Henderson]

On 2006/06/01 01:55, Jerome Loyet wrote:
 The only difference between the 2 kind of machine is about the BIOS version
 installed.
 
 The differences between the two BIOS are: 
  - The vcore has been updated to +0.1v
  - Pstate has been removed
 
 The second release of the BIOS seams to be buggy on OpenBSD.
 
 Someone could help me to understand on this please ?

BIOS sets a lot of parameters on the machine which can cause
instability if they're wrong - memory timings, PCI bus settings
etc.

Seems like you need to report this regression to someone who
can fix the BIOS (hardware manufacturer?). I would expect most
manufacturers prefer to respond to someone buying 100s or
1000s of boxes than a private individual, so perhaps it would
be better if someone at dedibox could contact them.

[Resolved] Help with CUPS and Samsung ML-1710

[ip]

I have resolved configuring the printer in raw mode...and reading
carefully the official samba how-to: Classical Printing, and CUPS
Printing

;-)

-- Forwarded message --
From: ip [EMAIL PROTECTED]
Date: May 30, 2006 5:06 PM
Subject: Help with CUPS and Samsung ML-1710
To: misc@openbsd.org


Hello,
I've been trying to get my Samsung ML-1710 running under OpenBSD with
CUPS.
Installation of everything seems to have gone o.k., but I can't print
anything...

From dmesg I receive:


ulpt0 at uhub1 port 2 configuration 1 interface 0
ulpt0: Samsung Electronics Co., Ltd. Samsung ML-1710 Series, rev
1.10/1.00, addr 2, iclass 7/1
ulpt0: using bi-directional mode

I have configured it via web,

Samsung ML-1710 Foomatic/gdi (recommended)
Description: Stampante Laser B/N
Location:
Printer State: idle, accepting jobs.
Device URI: usb:/dev/ulpt0

but if I running /usr/local/libexec/cups/backend/usb manually, the prompt shows:

# ./usb
direct usb:/dev/ulpt0 Unknown USB Printer #1
direct usb:/dev/ulpt1 Unknown USB Printer #2

The cps's error_log file don't show errors,

I [30/May/2006:15:18:34 +0200] Started
/usr/local/libexec/cups/cgi-bin/printers.cgi (pid=28574)
I [30/May/2006:15:18:35 +0200] Adding start banner page none to job 1.
I [30/May/2006:15:18:35 +0200] Adding end banner page none to job 1.
I [30/May/2006:15:18:35 +0200] Job 1 queued on 'ML1710' by 'root'.
I [30/May/2006:15:18:35 +0200] Started filter
/usr/local/libexec/cups/filter/pstops (PID 1194) for job 1.
I [30/May/2006:15:18:35 +0200] Started filter
/usr/local/libexec/cups/filter/foomatic-rip (PID 5490) for job 1.
I [30/May/2006:15:18:35 +0200] Started backend
/usr/local/libexec/cups/backend/usb (PID 26302) for job 1.
I [30/May/2006:15:18:36 +0200] Started
/usr/local/libexec/cups/cgi-bin/printers.cgi (pid=28339)

and also when I search to bypass the spooler mechanism,

# lptest  /dev/ulpt0

it doesn't print :(


I hope in your help :)
Thanks,

--
 ip

Re: ??????????: other languages support?

[Darrin Chandler]

On Wed, May 31, 2006 at 04:16:12PM -0700, Spruell, Darren-Perot wrote:
  huh? bedroom? is this a joke?
 
 KOMHATA.
 
 Not that I'd really consider this multi-language support... :)

You surprise me sometimes. ;)

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: ssh attacks

[Smith]

This has been asked before, and I tried many of the suggestions given 
especially with pf (max-src-conn).  But the simplest way to stop this, 
is to change your ssh port.  You can do all that tweaking in pf but your 
logs will still show that someone tried, just that your logs will be 
smaller.  But change the port and you'll see no attempts whatsoever.  
This is my experience.  I agree with what this guy below says.  I too 
ended up only allowing certain IP addresses to ssh into my servers but 
this is troublesome when you're at a new location and that location has 
a dynamic address.  I ultimately changed the port number and the only 
inconvenience to me was remembering the new port number.


I blocked these guys by various means and watched what happened for a
while. Sometimes there were lots of scans and other times there were
only a few per day. But they were all hit and run scans, from IPs all
over the place. You're going to fill your tables with IPs that aren't
coming back. Pf does a fine job with tables, and my boxes never got slow
or low on memory. But why waste resources for nothing? At that point
you're really doing the same job as pflog.

I ended up using a table for IPs allowed to ssh, others are blocked.

Re: [Fwd: 'Corrupted MAC on input' points to vpn1411 problem]

[jared r r spiegel]

On Tue, May 30, 2006 at 07:49:39AM -0600, Breen Ouellette wrote:
 
 Thanks for your post. I hope you take it one step further and run that 
 script (and then report your result to this list)!  :)

  i just run worms(6) or rain(6) in a screen(1) window and then set it 
  to monitor for 30s silence ('^a _').

  reminds me, i think i did see it on 3des as well as aes now that 
  you mention that.

  but it is not happening as of may1st current.

http://marc.theaimsgroup.com/?l=openbsd-miscm=114349587814641w=2

  don't remember the interval of it happening prior to that.

-- 

  jared

[ openbsd 3.9-current GENERIC ( may  1 ) // i386 ]

Spamd log question

[Mike Spenard]

I can't seem to find an explanation for this in the man pages (excuse my 
blindness if it is stated), but

what does the '(17/16)' indicate in log entries such as this..

Jun  1 00:01:33 guardian spamd[9554]: 209.59.102.252: connected (17/16)

Mike

Re: Spamd log question

[Darrin Chandler]

On Wed, May 31, 2006 at 10:31:18PM -0400, Mike Spenard wrote:
 I can't seem to find an explanation for this in the man pages (excuse my 
 blindness if it is stated), but
 what does the '(17/16)' indicate in log entries such as this..
 
 Jun  1 00:01:33 guardian spamd[9554]: 209.59.102.252: connected (17/16)

From what I've gathered by watching logs, it's (total conns/blacklist
conns)

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: Spamd log question

[Mike Spenard]

What would the remainder be then if 16 out of 17 are black. Is the remaining
1 a greylist connection?



Darrin Chandler wrote:

On Wed, May 31, 2006 at 10:31:18PM -0400, Mike Spenard wrote:
  
I can't seem to find an explanation for this in the man pages (excuse my 
blindness if it is stated), but

what does the '(17/16)' indicate in log entries such as this..

Jun  1 00:01:33 guardian spamd[9554]: 209.59.102.252: connected (17/16)



From what I've gathered by watching logs, it's (total conns/blacklist
conns)

Re: Spamd log question

[Darrin Chandler]

On Wed, May 31, 2006 at 10:56:40PM -0400, Mike Spenard wrote:
 What would the remainder be then if 16 out of 17 are black. Is the 
 remaining
 1 a greylist connection?

Yes, if I'm right (and I think I am.) Grep the logs for 'connected '
and the numbers should make sense. You should see something like:

... connected (11/10), lists: whatever
... connected (12/10)
... connected (13/11), lists: baz
... disconnected after 30 seconds.
... connected (12/11)
... disconnected after 402 seconds. lists: whatever

So whenever there's a connect with lists after it both numbers go
up, otherwise only the first goes up. Disconnected is analogous, but you
don't get the number of connections there.

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: ssh attacks

[Tobias Ulmer]

On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
 Right now someone is trying out each IP address I have
 with an ssh attack. Only one of those IP addresses is
 enabled for ssh. I have a (max-src-conn-rate 100/10,
 overload bad_guys flush global) on that address.
 
 I would like to know how to get pf to note these
 other atempts and block the sender. To me the obvious
 would be 
 
 block in on Outsize proto tcp port ssh flags S/SA 
  state (max-src-conn-rate 100/10, overload bad_hosts flush global)
 
 This does not work. One gets a message that keeping state on
 a blocked run makes no sense.
 


This topic comes up in regular intervals of 6 month on every *nix
mailinglist i'm on.

It will result in everybody screaming for some scripts that analyze log
files and block ips, do firewall-tricks, port changes and whatnot.

It's stupid (sorry, but it is):

- Attacks are automated.
- Stupid user/password combinations.
- From zombie host.

Countermeassures:

- Block the evil guys (here is the big thread about how to do it, and
  most people successful DOS themselves or even create security holes)

After the scriptkiddies have stoped ROTFL:

- Use their botnet with 10k hosts from all over the world.
- Connect only 3 times per bot to one ip.

Gained security = 0%

Leave it just as it is. You don't have anything to fear anything if
you use decent passwords. Otherwise don't offer a ssh service!

Remember, there is a chance to hit _the_  password with the first try...

Things that really improve security:

- use keyfiles, disable password auth
- good passwords (here size matters, men :p)
- whitelist know safe networks

I just had to write this down, because it really annoys me :) Please
don't take it personally.

Have fun, i'm going to sleep a bit now...
Tobias