Problems booting with floppyC38.fs on Latitude CPx

[daniel]

I'm unable to use floppyC38.fs to boot my laptop.
It is a Dell latitude CPx J650GT with bios A16
I've tried different floppy disks with the same results.
I've tried floppyC38.fs from 3.8 release
I've tried floppyC38.fs from snapshots date 11/2/05
Using the exact same floppy i can boot my pc just fine.
Any ideas on what i need to do to get this laptop going?


Loading;..
probing: pc0 com0 com1 apm mem[639K 510M a20=on]
disk: fd0 hd0+*
 OpenBSD/i386 BOOT 2.10
boot
booting fd0a:/bsd: 3306020+195116=0x356d74
entry point at 0x100120

complete freeze at this point, can't hit the caps lock button
I only got this once. All other times have been as follows.


Loading;..
probing: pc0 com0 com1 apm mem[639K 510M a20=on]
disk: fd0 hd0+*
 OpenBSD/i386 BOOT 2.10
boot
booting fd0a:/bsd: 3306020read text
 failed(0). will try /obsd
boot
booting fd0a:/obsd: open fd0a:/obsd: No such file or directory
 failed(2). will try /bsd.old
boot
booting fd0a:/bsd.old: open fd0a:/bsd.old: No such file or directory
 failed(2). will try /bsd
boot
booting fd0a:/bsd: 3306020read text
 failed(0). will try /obsd
boot
booting fd0a:/obsd: open fd0a:/obsd: No such file or directory
 failed(2). will try /bsd.old
boot
booting fd0a:/bsd.old: open fd0a:/bsd.old: No such file or directory
 failed(2). will try /bsd
Turning timeout off.
boot

supported USB tv-tuner card

[Daniel]

Hi!

I'm looking for a well supported USB tv-tuner device for my laptop. I've 
read the http://www.openbsd.org/i386.html page, and noticed that the 
bktr(4) driver could help me. But I'd be glad if someone would tell me 
some experience with various devices.

Any info would be appreciated.

Thanks!

Daniel

pf control with dynamic ip

[Daniel]

Hi!

My ISP provides me ADSL service with daily changing ip. Still I must 
somehow control the access to my postgresql server, to only accept 
connections from my computer. Is it possible to specify a hostname (my 
hostname, which gets updated at every ip change) in pf.conf and somehow 
tell pf to don't try to translate it when loading the rule, but try to 
lookup the hostname on every connections attempt?
Is this sane/possible?

Thanks!

Daniel

Re: pf control with dynamic ip

[Daniel]

2007. May 6. 18:45, Berk D. Demir:
 Daniel wrote:
  Hi!
 
  My ISP provides me ADSL service with daily changing ip. Still I
  must somehow control the access to my postgresql server, to only
  accept connections from my computer. Is it possible to specify a
  hostname (my hostname, which gets updated at every ip change) in
  pf.conf and somehow tell pf to don't try to translate it when
  loading the rule, but try to lookup the hostname on every
  connections attempt?
 
  Is this sane/possible?

 It's not possible without executing pfctl repeatedly.

 pf(4) operates at OSI Layers 3 and 4. Making a DNS query is a Layer 7
 operation and handled by pfctl(8), which is the userland controller
 and configuration parser for pf(4).

 Instead of relying on IP addresses, you can use authpf(8). Which
 won't limit you to work just from home when you can authenticate via
 ssh from anywhere.

 Using authpf is a more convenient and secure approach. So use it.

I would like to, but here is my problem:

I need to create a new user on the server which will have 
the /usr/sbin/authpf as it's shell. So now I have user1 (my regular 
account on that server, with a normal shell) and user1_authpf (the 
authpf account). But I'm connecting to the user1_authpf account from 
the same machine that I'm using for everything else, so after 
disconnecting with the authpf account, other connections (eg. imap, 
ftp, ssh) are closing too. I understand that authpf removes the rules 
and states related to the connecting ip address, so I think this is 
normal, but is not good for me. 
Any ideas for this?

Thanks!

Daniel

OpenBSD T-Shirt needed

[Daniel]

Hi!

I noticed that on the EU order page, the XL Wireframe Blowfish Shirt 
(#23) is on short supply. Anyone can recommend a place where I can get 
one of those (I'm really not that beefy to fill in the XXL ;).

Thanks!

Daniel

php5 missing the money_format() function

[Daniel]

Hi!

I'm using OpenBSD 4.1, and php5. When trying to use the money_format() 
function I get this error in my logs:
Fatal error: Call to undefined function money_format() in ...

I understand that The function money_format() is only defined if the 
system has strfmon capabilities. For example, Windows does not, so 
money_format() is undefined in Windows.
But I'm not using that :)

Any ideas?

Thanks!

Daniel

Re: cookie for the first one to port Micropolis

[Daniel]

On Tuesday 15 January 2008 19:53:10 you wrote:
 On Tue, 15 Jan 2008, Deanna Phillips wrote:
  Thanks for testing.  The tarball has been updated with a handful
  of changes, including a patch from kurt@ to fix the shared
  memory leak.
 
  Anyone want to ok it?
 
  http://freedaemon.com/~deanna/micropolis.tar.gz

 Doesn't work at all for me. The menu starts but it
 doesn't accept mouse nor keyboard. I'm using KDE on i386.
I ran into this, and the problem was that the numlock was on. I had to 
turn it off, and than I could use the keyboard and the mouse in the 
menu.

hth,

Daniel

Acer notebook with invilink wifi

[Daniel]

Hi!

I'm looking at these acer travelmate notebooks, which claims to be 
equipped with Acer InviLink wireless devices. What chipset is this? 
Is this supported?
Also, I heard some rumors that it uses marvell chipset for its gigabit 
lan. What are the experiences with these notebooks (if there are any)?

Thanks!

Daniel

test, ignore it

[Daniel]

test

Re: OpenTV

[daniel]

Julian Bolivar wrote:
Hi everybody, I installed a Video Streaming server using OpenBSD 3.9 and 
VideoLAN, I invite to all to visit my test page at 
http://jbolivar.sytes.net;. All comments are welcome.


A test page isn't so intresting... can you publish some documentation 
about your setup ? :)


sand
--
Hi, I'm a .signature virus! Copy me to your .signature file and
help me propagate, thanks!

Preliminary: Soekris 4501 + Wistron CM9

[daniel]

I've been using a Net 4501 for several years now (since at least  
OpenBSD 3.8) with no problems. I've recently added a mini-PCI Wistron  
CM9 (ath 5212). Very soon after bringing the interface up, I get all  
sorts of channel reset and wake up errors.


Before I start going crazy with posting all sorts of diagnostic info,  
I'm wondering if the first thing I should look at is my power supply.  
I've used a 12V 1.2A since the beginning, but have not ever used the  
PCI or mini-PCI slots.


Could my Net 4501, with the addition of the mini-PCI card, now be  
starved for electrons?


Daniel

Re: Preliminary: Soekris 4501 + Wistron CM9

[daniel]

On Feb 13, 2010, at 1:02 PM, Matt Bettinger wrote:

Had same issues with net 5501-70.  I use a psu from a linksys wifi  
ap and it is rock solid now.


Sent from my iPhone

On Feb 13, 2010, at 11:05 AM, daniel d...@redmountainfarm.net wrote:

I've been using a Net 4501 for several years now (since at least  
OpenBSD 3.8) with no problems. I've recently added a mini-PCI  
Wistron CM9 (ath 5212). Very soon after bringing the interface up,  
I get all sorts of channel reset and wake up errors.


Before I start going crazy with posting all sorts of diagnostic  
info, I'm wondering if the first thing I should look at is my power  
supply. I've used a 12V 1.2A since the beginning, but have not ever  
used the PCI or mini-PCI slots.


Could my Net 4501, with the addition of the mini-PCI card, now be  
starved for electrons?


Daniel




Well, I finally dug out a couple of other power supplies (5V 2.5A and
12V 1.5A) and I'm still having problems. I've tried a few things with
no luck. Most of the time the Soekris eventually hangs, sometimes with
no messages and other times with the following repeating on the
console with the Soekris hung (until I reboot it):

  ath0: ath_reset: unable to reset hardware; hal status 3534594048
  ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again)
  ath0: ath_reset: unable to reset hardware; hal status 3534594048
  ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again)
  etc...

Here's what I've tried:
/etc/hostname.ath0 (taken directly from ath(4)):
  inet 192.168.1.1 255.255.255.0 NONE media autoselect mediaopt  
hostap nwid my_net chan 11

After reboot or sh /etc/netstart ath0, ifconfig ath0 shows:
  ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST  
mtu 1500

  lladdr 00:0b:6b:de:1d:a1
  priority: 4
  groups: wlan
  media: IEEE802.11 autoselect hostap (autoselect mode 11a  
hostap)

  status: active
  ieee80211: nwid my_net chan 40 bssid 00:0b:6b:de:1d:a1
  inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
  inet6 fe80::20b:6bff:fede:1da1%ath0 prefixlen 64 scopeid 0x1
My macbook pro can see my_net and I have dhcpd serving on ath0 but
never get an IP. /var/log/messages shows:
  Feb 21 23:06:10 foo /bsd: ath0: ath_chan_set: unable to reset  
channel 11 (2462 MHz)


I've also tried ifconfig ath0 scan. It seems to see nothing and I'm in
an urban area where I generally see 10 to 12 APs.

I'm not sure what to do next to debug this. Any help will be greatly
appreciated. dmesg is below.

Thanks,

Daniel


OpenBSD 4.6 (GENERIC) #58: Thu Jul  9 21:24:42 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 (AuthenticAMD 486-class)
cpu0: FPU
real mem  = 66678784 (63MB)
avail mem = 54636544 (52MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/80/03, BIOS32 rev. 0 @ 0xf7840
pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00: product  
0 steppin

g 1.1, CPU clock 133MHz, reset 0
gpio0 at elansc0: 32 pins
ath0 at pci0 dev 16 function 0 Atheros AR5212 rev 0x01: irq 10
ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:0b:6b:de:1d:a1
sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00, DP83815D:  
irq 11, a

ddress 00:00:24:c1:96:70
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 19 function 0 NS DP83815 10/100 rev 0x00, DP83815D:  
irq 5, ad

dress 00:00:24:c1:96:71
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00, DP83815D:  
irq 9, ad

dress 00:00:24:c1:96:72
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: CF1G133
wd0: 1-sector PIO, LBA, 991MB, 2030112 sectors
wd0(wdc0:0:0): using BIOS timings
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask f1c5 netmask ffe5 ttymask 
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00, DP83815D:  
irq 9, ad

dress 00:00:24:c1:96:72
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using

Need advice re: Wistron CM9 and Net 4501

[daniel]

I'm running 4.6 (release, I think) on a Soekris Net 4501. See dmesg,
below. I recently got a Wistron CM9 (ath) mini-pci card for it (I've
been running, wired-only, for 4-5 years). I'm getting a couple
different error messages while attempting to use it. I initially thought
(hoped) that the problem was an insufficient power supply (12V 1.2A). I
have since tried two other power supplies (up to 12V 2.5A) and still
have the same problems.

Most of the time the Soekris ends up hanging or otherwise becoming
completely unresponsive until I pull the plug and reboot it. Sometimes
it takes several minutes to become unresponsive.

I've tried ifconfig ath0 scan but it doesn't seem to see anything--
even though I can usually see 10-12 APs from other machines. Before the
Soekris hangs, I can see it from a laptop.

I'm trying to use it in hostap mode; configuring it as described in
ath(4) like this:

inet 192.168.1.1 255.255.255.0 NONE media autoselect mediaopt hostap \
nwid my_net chan 11

I've tried bringing it up/down with ifconfig to try to reset and
reconfigure it but I can't seem to get anywhere.

At various times, I see:
ath0: ath_reset: unable to reset hardware; hal status 3534594048
ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again)
continuously on the console. ath(4) says the first line should not
happen and I can't find the status code enumerated in the HAL include
file. I couldn't find anything regarding the second line,
ar5k_ar5212_nic_wakeup.

I also see a lot of:
/bsd: ath0: ath_chan_set: unable to reset channel 11 (2462 MHz)
in /var/log/messages. ath(4) says this also should not happen.


I'd really appreciate some guidance on how to debug this.

Thanks,

Daniel


OpenBSD 4.6 (GENERIC) #58: Thu Jul  9 21:24:42 MDT 2009
   dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 (AuthenticAMD 486-class)
cpu0: FPU
real mem  = 66678784 (63MB)
avail mem = 54636544 (52MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/80/03, BIOS32 rev. 0 @ 0xf7840
pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00: product  
0 steppin

g 1.1, CPU clock 133MHz, reset 0
gpio0 at elansc0: 32 pins
ath0 at pci0 dev 16 function 0 Atheros AR5212 rev 0x01: irq 10
ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:0b:6b:de:1d:a1
sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00, DP83815D:  
irq 11, a

ddress 00:00:24:c1:96:70
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 19 function 0 NS DP83815 10/100 rev 0x00, DP83815D:  
irq 5, ad

dress 00:00:24:c1:96:71
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00, DP83815D:  
irq 9, ad

dress 00:00:24:c1:96:72
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: CF1G133
wd0: 1-sector PIO, LBA, 991MB, 2030112 sectors
wd0(wdc0:0:0): using BIOS timings
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask f1c5 netmask ffe5 ttymask 
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00, DP83815D:  
irq 9, ad

dress 00:00:24:c1:96:72
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: CF1G133
wd0: 1-sector PIO, LBA, 991MB, 2030112 sectors
wd0(wdc0:0:0): using BIOS timings
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask f1c5 netmask ffe5 ttymask 
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
WARNING: / was not properly unmounted   # [ because it keeps hanging ]

Re: Need advice re: Wistron CM9 and Net 4501

[daniel]

On Feb 25, 2010, at 4:58 AM, Aaron Mason wrote:

On Thu, Feb 25, 2010 at 7:25 AM, daniel d...@redmountainfarm.net  
wrote:

I'm running 4.6 (release, I think) on a Soekris Net 4501. See dmesg,
below. I recently got a Wistron CM9 (ath) mini-pci card for it (I've
been running, wired-only, for 4-5 years). I'm getting a couple
different error messages while attempting to use it. I initially  
thought
(hoped) that the problem was an insufficient power supply (12V  
1.2A). I

have since tried two other power supplies (up to 12V 2.5A) and still
have the same problems.

Most of the time the Soekris ends up hanging or otherwise becoming
completely unresponsive until I pull the plug and reboot it.  
Sometimes

it takes several minutes to become unresponsive.

I've tried ifconfig ath0 scan but it doesn't seem to see anything--
even though I can usually see 10-12 APs from other machines. Before  
the

Soekris hangs, I can see it from a laptop.

I'm trying to use it in hostap mode; configuring it as described in
ath(4) like this:

  inet 192.168.1.1 255.255.255.0 NONE media autoselect mediaopt  
hostap

\
  nwid my_net chan 11

I've tried bringing it up/down with ifconfig to try to reset and
reconfigure it but I can't seem to get anywhere.

At various times, I see:
  ath0: ath_reset: unable to reset hardware; hal status  
3534594048

  ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again)
continuously on the console. ath(4) says the first line should not
happen and I can't find the status code enumerated in the HAL include
file. I couldn't find anything regarding the second line,
ar5k_ar5212_nic_wakeup.

I also see a lot of:
  /bsd: ath0: ath_chan_set: unable to reset channel 11 (2462 MHz)
in /var/log/messages. ath(4) says this also should not happen.


I'd really appreciate some guidance on how to debug this.

Thanks,

Daniel


OpenBSD 4.6 (GENERIC) #58: Thu Jul  9 21:24:42 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 (AuthenticAMD 486-class)
cpu0: FPU
real mem  = 66678784 (63MB)
avail mem = 54636544 (52MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/80/03, BIOS32 rev. 0 @  
0xf7840

pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00:  
product 0

steppin
g 1.1, CPU clock 133MHz, reset 0
gpio0 at elansc0: 32 pins
ath0 at pci0 dev 16 function 0 Atheros AR5212 rev 0x01: irq 10
ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:0b:6b:de: 
1d:a1
sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00,  
DP83815D: irq

11, a
ddress 00:00:24:c1:96:70
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 19 function 0 NS DP83815 10/100 rev 0x00,  
DP83815D: irq

5, ad
dress 00:00:24:c1:96:71
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00,  
DP83815D: irq

9, ad
dress 00:00:24:c1:96:72
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: CF1G133
wd0: 1-sector PIO, LBA, 991MB, 2030112 sectors
wd0(wdc0:0:0): using BIOS timings
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask f1c5 netmask ffe5 ttymask 
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00,  
DP83815D: irq

9, ad
dress 00:00:24:c1:96:72
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: CF1G133
wd0: 1-sector PIO, LBA, 991MB, 2030112 sectors
wd0(wdc0:0:0): using BIOS timings
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask f1c5 netmask ffe5 ttymask 
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
WARNING: / was not properly unmounted   # [ because it keeps  
hanging ]





I presume this relates to the previous post where you mentioned that
you added a CM9 to a net4501.

Firstly, the scanning issue.  The CM9 is an industrial card designed
for use

Re: Opteron 250 Overheating

[daniel]

On Mar 4, 2010, at 9:18 AM, J.C. Roberts wrote:


On Wed, 3 Mar 2010 17:57:22 -0800 Christopher Ahrens
n...@leviacomm.net wrote:


Henning Brauer wrote:

* Jeff Ross jr...@openvistas.net [2010-03-02 16:59]:

I bought a replacement supermicro motherboard off fleabay that
has dual Opteron 250 @2.4GHz.  The cpus have passive heatsinks,
it is in a supermicro 2U chassis with 4 front fans.


do you have the air shroud? this plastic thing that forms a
tunnel over the heatsinks? it is required.



No, the motherboard didn't come with that.  If I can find one will
that mean I don't need the active heatsinks?


that's how supermicro delivers the 2U systems, so i'd say yes, you
won't

need them.

I had this problem before, an old Cereal box + Scissors + tape fixed
it right up.  But your mileage may vary


I'm Jealous! --I've always wanted a cereal console.


I know it's only Thursday but...

On a cereal console:
- exit doesn't work; you must type cheerio
- make release involves building Cap'n Crunchgen
- the secret to attaining Cocoa Puffy privilege is using Special K
  (NOTE: you must use the Corn Pops shell)
- you can mount ISO images with Fruit Loops

OK, I'm done.

Re: OT: multiple web servers on OpenBSD (WAS: OT: vmware blah blah)

[daniel]

On Mar 8, 2010, at 11:37 AM, Marc Espie wrote:


On Mon, Mar 08, 2010 at 09:40:30AM -0600, Marco Peereboom wrote:

OMG!! running multiple daemons???  Wow why didn't I think of that??

I *love* OS overhead on misbehaving hardware emulation because it is
what the industry prescribes.  Don't forget the 50% hit on I/O  
speed

because that is what every enterprise needs.  And lets not forget the
windows only license servers combined with management tools that  
also

run only on windows and IE.  Virtualization is so awesome.



It's more that the current industry standard kind-of is apache, or  
enterprise

shit based on jakarta AND multiple boxen.

solutions to the web server issues, such as using fastci + nginx/ 
lighthttpd,

only start to become more or less well-spread.

And of course, all the time investment of the so-called sys-admins  
who learnt
how to configure big apache/jakarta installations would go down the  
drain.


Can't have that. They need to protect their investment.


Like many things these days, the term enterprise has been co-opted by
those with an ulterior--and often opposite--motive. Enterprise should
mean reliable, scalable and simple (otherwise known as manageable). It
has become the opposite.

VMware makes a great toy on my macbook: I can build custom RPMs for
linuxy stuff, make release when I don't have a physical machine
available. In my enterprise, we have some Dell 1850s and a 1950 and an
xserve. I evaluated ESXi thinking I'd be able to build VMs on my
macbook and then deploy them on the xserve or the dells. I decided not
to screw around with converting VMs from fusion to esxi and back. The
final straw was how to intelligently manage exsi without windows/
internet exploder.

We're currently running about 15 rails, php and coldfusion apps with the
number growing almost weekly. As much as possible, each app gets its own
VM (or two) and is proxied to an outward facing web server. I use
running xen on centos. Not my first choice, but it is OK behind pf. With
a little scripting, I can create a VM and deploy an app in under 5
minutes.

We are a small non-profit and that necessarily rules out Enterprise
solutions.

Re: Need advice re: Wistron CM9 and Net 4501

[daniel]

Well, after _way_ too much messing around, I've determined that the
mini-pci slot on _my_ (at least) Net 4501 is pretty much useless. Both a
new Wistron CM9 and an OEM Intersil Prism (pgt) (taken from an SMC
barricade) fail. Don't quote me on these numbers, but the CM9 will draw
something like 430ma and the pgt something like 290ma and they both
behave the same way. I tried OpenBSD 4.6 (release and patch branch) and
4.7 (various snaps): the cards, once configured and/or are connected to,
cause the kernel to spew errors on the console continually and won't
stop until a reboot. I'm assuming they are starved for current.
Apparently other people have gotten mini-pci wlan cards to work in their
Net 4501s, but not me.

I'm making my employer buy me a TimeCapsule that I'll put behind my Net
4501 for now. In the future, I'll have to investigate other options like
a Net 5501 or even one of the nice RouterBoards mentioned here recently.

Thanks to all who chimed in.

Daniel

Re: Need advice re: Wistron CM9 and Net 4501

[daniel]

On Mar 18, 2010, at 3:13 PM, J.C. Roberts wrote:


On Thu, 18 Mar 2010 13:25:35 -0400 daniel d...@redmountainfarm.net
wrote:


Well, after _way_ too much messing around, I've determined that the
mini-pci slot on _my_ (at least) Net 4501 is pretty much useless.
Both a new Wistron CM9 and an OEM Intersil Prism (pgt) (taken from an
SMC barricade) fail. Don't quote me on these numbers, but the CM9
will draw something like 430ma and the pgt something like 290ma and
they both behave the same way. I tried OpenBSD 4.6 (release and patch
branch) and 4.7 (various snaps): the cards, once configured and/or
are connected to, cause the kernel to spew errors on the console
continually and won't stop until a reboot. I'm assuming they are
starved for current. Apparently other people have gotten mini-pci
wlan cards to work in their Net 4501s, but not me.

I'm making my employer buy me a TimeCapsule that I'll put behind my
Net 4501 for now. In the future, I'll have to investigate other
options like a Net 5501 or even one of the nice RouterBoards
mentioned here recently.

Thanks to all who chimed in.

Daniel



http://marc.info/?l=openbsd-miscw=2r=1s=CM9q=b
http://marc.info/?l=openbsd-miscm=126891871332534w=2

Though it could be your choice of mini-pci devices, if there really  
is a

problem in your Sokris (such as the slot really is starved of power),
then talk to Sokris about it. They'll want to know one way or another
about a potential defect and could lead you through proper testing.



J.C., thanks. I agree that it is probably my choice of mini-pci devices;
I believe that mini-pci wlan cards do exist that would work in the Net
4501--I've even read of people using their Net 4501s in this way. I've
posted on the Soekris list so Soekris can comment on this if they are so
inclined. But given that this is a one-off, hobby-ish situation, the Net
4501's design is 8+ years old, mine is perhaps 5 years old and I would
need to hunt down and try several different wlan cards, I'm not inclined
to pursue this any further.

GPRS/EDGE modems to use with a notebook

[Daniel]

Hi!

I'm looking for a mobile device which I could use for connecting to the 
internet with a notebook. I've read the www.openbsd.org/i386.html page 
and found some devices, but those are rather hard to find here in 
Hungary. Could someone inform me about some other GPRS/EDGE capable 
devices which will work with OpenBSD? (be it a pc-card or a mobile 
phone).

Thanks!

Daniel

Re: GPRS/EDGE modems to use with a notebook

[Daniel]

On 2007. November 2. 17:56.39 John Jackson wrote:
 I've had success with the Sierra Wireless Aircard 860 on a Thinkpad
 X40. Lately though the card seems to be acting flakey and causing
 hard lockups.  That could be a combination of the firmware which on
 the Aircard and the carrier which is ATT.  From what I've read, it's
 recommended to keep the firmware updated to keep in step with the
 carrier's infrastructure updates.  Unfortunately I haven't found a
 way to upgrade the cards firmware under OpenBSD or Linux.

 http://www.sierrawireless.com/estore/Default.aspx?SKU=1100521CID=1

 John

Thanks John, this would be great. Only one thing bothers me:
Attention: the AirCard 860 is in its End Of Life phase and no longer 
available. For more information, click here / from the above mentioned 
site /


 On Fri, Nov 02, 2007 at 05:01:16PM +0100, Daniel wrote:
  Hi!
 
  I'm looking for a mobile device which I could use for connecting to
  the internet with a notebook. I've read the
  www.openbsd.org/i386.html page and found some devices, but those
  are rather hard to find here in Hungary. Could someone inform me
  about some other GPRS/EDGE capable devices which will work with
  OpenBSD? (be it a pc-card or a mobile phone).
 
  Thanks!
 
  Daniel

Re: OpenBSD Sound

[Daniel]

On 2007. November 2. 14:23.27 Dorian B|ttner wrote:
 On Friday 02 November 2007 13:42:33 Dorian B|ttner wrote:
  On Friday 02 November 2007 13:07:54 Jacob Meuser wrote:
   On Fri, Nov 02, 2007 at 12:42:29PM +0100, Dorian B?ttner wrote:
On Wednesday 31 October 2007 22:22:15 Jacob Meuser wrote:
[...]
   
 probably not; at least not anytime soon.

 something for newbie hackers to work on: an ISC licensed
 audio daemon.
   
Sorry for hijacking this thread, propably anyone has a quick
hint to make my audio work in kde.
   
Built /usr/src/regress/sys/dev/audio/obj as described here
http://www.nabble.com/NVIDIA-MCP51-HD-Audio-azalia-problems-t46
   29307.ht ml and autest -r 48000 delivers good quality tone.
   
relevant dmesg seems to be this one:
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev
0x02: apic 2 int
21 (irq 10)
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Realtek/0x0862 (rev. 0.1), HDA version 1.0
azalia0: codec: Motorola/0x3055 (rev. 7.0), HDA version 1.0
azalia0: codec[1]: No support for modem function groups
azalia0: codec[1]: No audio function groups
audio0 at azalia0
   
However this doesn't seem to be a driver problem since autest
passed with success. It's just that kde doesn't detect the
device, where can I look at to nail down the problem? pkg_info
contains either esound and arts.
  
   is artsd running?
  
   $ pgrep -l artsd
 
  2299 artsd
 
   is the audio device opened for playback?
  
   $ audioctl play.open
 
  play.open=0
  seems not to be 'yes'? it is read-only variable.
 
   is it actuall artsd that has /dev/sound opened?  (artsd uses
   /dev/sound instead of /dev/audio)
  
   $ fstat /dev/sound
 
  empty table
 
   if all those are yes, then see if it works:
  
   $ artscat file.wav
  
   oh, and since you have azalia, you may need to tell artsd to
   resample to 48kHz.  K Menu - Settings - Sounds  Multimedia -
   Sound System In the Hardware tab.  Check Use custom sampling
   rate, set it to 48000 Hz.  or manually starts artsd with 'artsd
   -r 48000'.
 
  done, but didn't help. Shouldn't artsd appear in the list of
  available soundsystems, btw?
 
  THanks,
  Dorian

 ok I removed the auto-suspend checkbox in the control center audio
 settings. After restarting the system I now have better values:
 $ audioctl play.rate
 play.rate=48000
 $ audioctl play.open
 play.open=1
 $ artscat testcase.wav
 plays fine :)) however kde doesn't. There seems to be the glue
 missing between the artsd and the kde sound system?

If you mean the kde system notification sounds are not working check
this:

KDE Control Center / Sound  Multimedia / System Notifications:
Bottom Right corner - [Player Settings] button.

HTH,

Daniel

Re: GPRS/EDGE modems to use with a notebook

[Daniel]

On 2007. November 2. 19:30.56 Kevin Cheng wrote:
 Hi,

 these are summarized from documentation with tested or untested, up
 to 4.2+:

 Kevin

[...]

Thanks a lot! Where did you get this list?

Daniel

typo on i386.html

[Daniel]

Hi!

How does one report this kind of bug?

There is a typo on the http://www.openbsd.org/i386.html page:

Under the PC Cards (PCMCIA/CardBus (B)) section:

o Serial ports, including:
[...]
  o Sony Ericsson GC89 GSM/GPRS/EGDE modems

s/EGDE/EDGE/

What is the proper way of dealing with this? Send a mail to 
[EMAIL PROTECTED], or send a diff to [EMAIL PROTECTED]

Thanks!

Daniel

/tmp permissions, I don't get this...

[Daniel]

Hi!

Case 1:
$ id
uid=1000(leva) gid=1000(leva) groups=1000(leva)
$ ls -ld /tmp/
drwxwt  4 root  wheel  512 Nov  3 13:05:03 2007 /tmp//
$ touch /tmp/test  ls -l /tmp/test
-rw-r-  1 leva  wheel  0 Nov  3 13:09:04 2007 /tmp/test
$ rm /tmp/test  ls -l /tmp/test
ls: /tmp/test: No such file or directory

I can create and remove files in and from the /tmp directory. This is 
the expected behaviour (at least for me).


Case 2 (I've added myself to the wheel group):
$ id
uid=1000(leva) gid=1000(leva) groups=1000(leva), 0(wheel)
$ ls -ld /tmp/
drwxwt  4 root  wheel  512 Nov  3 13:05:03 2007 /tmp//
$ touch /tmp/test
touch: /tmp/test: Permission denied

^^^ I can not create the file in /tmp, although I got world write 
permissions to it. It seems if I'm in the wheel group and the wheel 
group owns the directory, then only the group permissions counts? 
(sounds lame, but I can not think of other reasons).
After changing the /tmp directory's group permissions to -wx, I can 
create and remove files from it while I'm in the wheel group.

What could cause this behaviuour?

Thanks!

Daniel

Re: /tmp permissions, I don't get this...

[Daniel]

On 2007. November 3. 14:12.14 Antoine Jacoutot wrote:
 On Sat, 3 Nov 2007, Daniel wrote:
  $ ls -ld /tmp/
  drwxwt  4 root  wheel  512 Nov  3 13:05:03 2007 /tmp//

 Why is your /tmp chmod this way?
 It should be 1777

I thought this question would arise :D but I (while being completely 
respectful and polite) think this is not the point. I just want to know 
why this is working this way.

Daniel

Re: how to support Intel 965?

[Daniel]

On 2007. November 3. 12:57.07 23e7 wrote:
 Hi,
[...]
 vga1 at pci0 dev 2 function 0 Intel 82965GM Video rev 0x03:
[...]

Hi!

This could be a long shot, but I think you need the intel driver from
xorg. It's called xf86-video-intel and it's in xenocara. Maybe you
should try to install it?

Daniel

Re: /tmp permissions, I don't get this...

[Daniel]

On 2007. November 3. 15:13.29 Marc Espie wrote:
 On Sat, Nov 03, 2007 at 01:14:20PM +0100, Daniel wrote:
  ^^^ I can not create the file in /tmp, although I got world write
  permissions to it. It seems if I'm in the wheel group and the wheel
  group owns the directory, then only the group permissions counts?

 Yes, that's the way Unix permissions work, and as far as I know,
 that's always been the case.

 Unix doesn't play `nice' tricks. The way permissions work is quite
 simple:

 - is your uid the same as the directory/file owner ?
 - then only the user permission bits apply.

 - do you have a gid/supplementary group the same as the
 directory/file group - then only the group permission bits apply.

 - otherwise, you get the other permission bits.

 Contrary to other systems, you don't *add* permission bits
 corresponding to various things that may apply to you. You stop at
 the most distinctive level that applies to you.


Thanks a lot!

Daniel

Re: Skype on the OpenBSD

[Daniel]

On Sun, 2 Dec 2007 16:48:14 +
Jacob Meuser [EMAIL PROTECTED] wrote:

 VoIP applications generally require full-duplex audio operation (or
 two soundcards, but that gets icky as far as configuration goes).
 you'll have much more luck with full-duplex audio in -current
 (or when 4.3 is released).
 
 also see ports/telephony/pjsua in -current.
 
Could you provide some information about which drivers provide
full-duplex audio in current?

Daniel

strange pfctl output

[Daniel]

Hi!

I'm having this problem:

# pfctl -sr |fgrep ftp
[...]
pass out on rl0 inet proto tcp from ip to __automatic_39c048b4_0
port = ftp flags S/SA keep state

What is that automatic stuff? I wish to see the corresponding (below)
rules' entries in pfctl's output.

The corresponding rules in the pf.conf would be:
pass out on $ext_if inet proto tcp from $ip to anga.funkfeuer.at port
ftp pass out on [...] to ftp.openldap.org port ftp
pass out on [...] to ftp.postgresql.org port ftp
pass out on [...] to ftp.pureftpd.org port ftp
etc...


Daniel

[no subject]

[Daniel]

Hi!

Anyone experiencing or experienced segfaults with openldap using the bdb
backed? I'm using -current ports tree, and built the
openldap-{client,server}, dbv4 and cyrus-sasl2 packages from there.

I will certanly provide much more info, I just want to know if there
are other people out there who are experiencing this same behaviour.

Thanks!

Daniel

openldap with dbv4 crash

[Daniel]

Hi (again, sorry, now with Subject)!

Anyone experiencing or experienced segfaults with openldap using the bdb
backed? I'm using -current ports tree, and built the
openldap-{client,server}, dbv4 and cyrus-sasl2 packages from there.

I will certanly provide much more info, I just want to know if there
are other people out there who are experiencing this same behaviour.

Thanks!

Daniel

Re: openldap with dbv4 crash

[Daniel]

On Sat, 29 Dec 2007 13:41:06 -0600
Vijay Sankar [EMAIL PROTECTED] wrote:

 On December 29, 2007 11:23:19 am Daniel wrote:
  Hi (again, sorry, now with Subject)!
 
  Anyone experiencing or experienced segfaults with openldap using
  the bdb backed? I'm using -current ports tree, and built the
  openldap-{client,server}, dbv4 and cyrus-sasl2 packages from there.
 
  I will certanly provide much more info, I just want to know if there
  are other people out there who are experiencing this same behaviour.
 
  Thanks!
 
  Daniel
 
 No problems here so far, my test servers are running -current as of
 Thu Dec 27 13:53:57 CST 2007. slapd and slurpd are OK and replication
 is also working well. No seg faults yet.
 
 
Can you tell me which FLAVOR are you using with dbv4 and openldap?

Daniel

Re: openldap with dbv4 crash

[Daniel]

On Sat, 29 Dec 2007 15:49:20 -0600
Vijay Sankar [EMAIL PROTECTED] wrote:

 On December 29, 2007 02:15:15 pm Daniel wrote:
  On Sat, 29 Dec 2007 13:41:06 -0600
 
  Vijay Sankar [EMAIL PROTECTED] wrote:
   On December 29, 2007 11:23:19 am Daniel wrote:
Hi (again, sorry, now with Subject)!
   
Anyone experiencing or experienced segfaults with openldap using
the bdb backed? I'm using -current ports tree, and built the
openldap-{client,server}, dbv4 and cyrus-sasl2 packages from
there.
   
I will certanly provide much more info, I just want to know if
there are other people out there who are experiencing this same
behaviour.
   
Thanks!
   
Daniel
  
   No problems here so far, my test servers are running -current as
   of Thu Dec 27 13:53:57 CST 2007. slapd and slurpd are OK and
   replication is also working well. No seg faults yet.
 
  Can you tell me which FLAVOR are you using with dbv4 and openldap?
 
  Daniel
 
 Hopefully I did not misunderstand your question.
 
 Here is what I did: 
 
 env FLAVOR=bdb make package
 
 ls -l /usr/ports/packages/i386/all/openld*
 
 -rw-r--r--  3 root  wheel  1244876 Dec 27 14:41
 openldap-client-2.3.33p0.tgz -rw-r--r--  3 root  wheel   916837 Dec
 27 14:44 openldap-server-2.3.33p2-bdb.tgz
 
 Then I just did a pkg_add for openldap-server-2.3.33p2-bdb.tgz. The
 db package was db-4.6.21.
 
Same here, but I get reproducible segfault :\
And it is caused by dbv4 unfortunately.
I would have tried with a newer openldap (2.3.40), but from 2.3.39,
openldap doesn't support db-4.6, only 4.2-4.5. So I'm kind of stuck
here. I think I going to have to try out openldap 2.4.

Daniel

Re: openldap with dbv4 crash

[Daniel]

Vijay Sankar mrta:

On December 30, 2007 08:03:09 pm Stuart Henderson wrote:

On December 29, 2007 11:23:19 am Daniel wrote:

Hi (again, sorry, now with Subject)!

Anyone experiencing or experienced segfaults with openldap using
the bdb backed? I'm using -current ports tree, and built the
openldap-{client,server}, dbv4 and cyrus-sasl2 packages from there.

openldap 2.3 doesn't support newer db 4.6 versions (should fail the
regression tests).

Yes, indeed, looking at this commit:
http://www.openldap.org/devel/cvsweb.cgi/configure.diff?r1=1.598.2.40r2=1.598.2.41hideattic=1sortbydate=0



there's support in 2.4 but iirc it's not a simple thing to backport.

Why should we backport the db4.6 support? We just need to use 2.4.



Thanks very much for this information. Not sure how to help, but I am not 
seeing any seg faults so far. If there is something helpful for me to do, 
please advise. It is not clear from Daniel's message as to whether there is 
any specific thing that causes the seg fault or whether slapd just simply 
does not start. 

Below I will write down how to reproduce the crash on an i386 machine,
openldap compiled from ports, with FLAVOR=bdb.

Start with a fresh database directory, use the stock DB_CONFIG options,
and of course the bdb backend. Add just the root dn, with the
domaincomponent attributes ie. dn: dc=domain,dc=com, and a rootdn
account. Now test it with a simple ldapsearch command (eg. filter
(objectclass=*), it succeeds. Exit from slapd, then restart it, with the
same slapd.conf as before. Now do that simple ldapsearch again, and then
slapd will segfault. Doing a not so informative gdb with slapd, it shows
that it crashes with the libdb libraries. Changing the database backend
to ldbm solves the problem, what also supports this theory.
In the above example, it doesn't matter if one use TLS or not.

With openldap-2.4, one can not use the ldbm backend anymore, but there
is no need to, because the bdb backend is working with it.

[...]

Normally I use packages. But some time ago, I was able to use syncrepl with 
OpenLDAP 2.3.33 and used the following ./configure command to build from 
source.


env CPPFLAGS=-I/usr/local/include/db4 -I/usr/local/include/sasl \ 
LDFLAGS=-L/usr/local/lib/db4 -L/usr/local/share/libtool/libltdl -L/usr/local/lib/sasl2 -L/usr/local/lib\

./configure \
--prefix=/usr/local \
--enable-slapd \
--enable-cleartext \
--enable-crypt \
--enable-rewrite \ 
--enable-wrapper \ 
--with-cyrus-sasl=yes \

--enable-spasswd \
--enable-dnssrv \
--enable-ldap \
--enable-ldbm \
--enable-bdb \
--enable-meta \
--enable-null \
--enable-passwd \
--disable-ipv6 \
--disable-shell \
--enable-slurpd \
--enable-overlays=mod \
--with-tls \
--disable-sql

Is this correct? Should I make any changes? Please let me know.

Same here, almost.



Thanks very much,

Vijay

Re: openldap with dbv4 crash

[Daniel]

On Wed, 2 Jan 2008 11:13:26 -0600
Vijay Sankar [EMAIL PROTECTED] wrote:

 On December 31, 2007 06:59:06 am Vijay Sankar wrote:
 
  env CPPFLAGS=-I/usr/local/include/db4 -I/usr/local/include/sasl \
  LDFLAGS=-L/usr/local/lib/db4 -L/usr/local/share/libtool/libltdl
  -L/usr/local/lib/sasl2 -L/usr/local/lib\ ./configure \
  --prefix=/usr/local \
  --enable-slapd \
  --enable-cleartext \
  --enable-crypt \
  --enable-rewrite \
  --enable-wrapper \
  --with-cyrus-sasl=yes \
  --enable-spasswd \
  --enable-dnssrv \
  --enable-ldap \
  --enable-ldbm \
  --enable-bdb \
  --enable-meta \
  --enable-null \
  --enable-passwd \
  --disable-ipv6 \
  --disable-shell \
  --enable-slurpd \
  --enable-overlays=mod \
  --with-tls \
  --disable-sql
 
[...]
 
 The OP said that his ./configure command was almost the same as what
 I did above but did not bother to say what the difference was. I
 followed the settings that Marc Balmer had in ports and so I wonder
 whether that is why I haven't seen any problems yet.
Okay then:

./configure \
--prefix=/usr/local --sysconfdir=/etc --localstatedir=/var \
--enable-shared --disable-static \
--enable-rewrite --without-cyrus-sasl --disable-ipv6 \
--enable-ldap --with-tls=openssl

Basically no backends were compiled in except bdb,hdb,monitor,relay and
ldap.
But really, I don't think these configure options are relevant,
because the crash happens with the db-4.6 libraries (according to gdb).

 
 Usually, I have problems even when no one else has any issues so I am 
 surprised to not have had a crash or any problems at all when I
 should have had seg faults! I am using all the samba-related schemas
 PLUS slurpd and I am still not seeing segfaults with OpenLDAP
 2.3.33p2 and DB 4.6.  I am not new to OpenBSD (have used it since 2.8
 and have the CD's to prove it :) but don't know whether I have
 somehow made a mistake in compiling userland or whether there is some
 other issue involved that is making use of older versions of DB4.
Can you try executing ldd(1) on slapd. Is it linked against the 4.6 db
libraries?


Daniel

sendmail in base not supporting AUTH?

[Daniel]

Hi!

I wish to use sendmail in base to use a SMART_HOST (my isp's smtp
server), and that SMART_HOST requires authentication. I was told that
sendmail must be compiled with SASL support even if it is only acting
as and smtp client when using AUTH. Is it right? Am I stuck here, and
won't be able configure sendmail to support AUTH as an smtp client?

Thanks!

Daniel

Re: kword crashes instantly when print or print preview selected

[Daniel Martini]

Hi Dave,

On Mon, Aug 15, 2005 at 06:57:27PM -0500, Dave Feustel wrote:
 I'm running 3.7 release with the koffice package installed.
 This is 100% repeatable. Has anyone else seen this?

Yes.
It's probably related to cups. Provided you do not insist on using cups
with kde, try this:
create a file .kde/share/config/kdeprintrc in your
home-directory and put the following lines into it:

[General]
PrintSystem=lpr

You can then uninstall cups, if you don't need it otherwise.

HTH,
Regards,
Daniel

isakmp vpn configuration

[Daniel Eyholzer]

Hi there


I have an OpenBSD box that is configured as firewall and vpn gateway. The
box has two physical interfaces. One interface is the WAN interface that
connects to the internet. The other interface connects to the LAN switch
and has defined several virtual VLAN interfaces for different LAN subnets.

The basic vpn configuration works. I can connect with the Greenbow vpn
client from Windows host and reach the hosts on the LAN interfaces. In the
Greenbow vpn client configuration I can define the subnet to which I want
to tunnel to. So if I define the subnet of the vlan 2 interface in the
Greenbow vpn client, I can reach the hosts that are in the vlan 2 subnet,
if I define the subnet of the vlan 3 interface, I can reach the hosts that
are in the vlan 3 subnet. I have no control to which subnet the vpn client
has access.


My isakmpd.conf looks like thist:
# 
# Defaults section
# 

[General]
Default-phase-1-lifetime=   3600,60:86400
Default-phase-2-lifetime=   1200,60:86400

# ---
# Connections
# ---

[Phase 1]
Default=ISAKMP-clients

[Phase 2]
Passive-Connections=IPsec-clients

# -
# Phase 1 peer sections
# -

[ISAKMP-clients]
Phase=  1
Transport=  udp
Configuration=  default-main-mode
Authentication= mekmitasdigoat

# 
# Phase 2 sections
# 

[IPsec-clients]
Phase=  2
Configuration=  default-quick-mode
Local-ID=   default-route
Remote-ID=  dummy-remote

# --
# Client ID sections
# --

[default-route]
ID-type=IPV4_ADDR_SUBNET
Network=0.0.0.0
Netmask=0.0.0.0

[dummy-remote]
ID-type=IPV4_ADDR
Address=0.0.0.0


[default-main-mode]
DOI=IPSEC
EXCHANGE_TYPE=  ID_PROT
Transforms= AES-SHA-GRP2

[default-quick-mode]
DOI=IPSEC
EXCHANGE_TYPE=  QUICK_MODE
Suites= QM-ESP-AES-SHA-PFS-GR2-SUITE 


I have tried to change Network and Netmask in the [default-route] section
from 0.0.0.0 to the network and netmask of one of the vlan subnetworks, but
it does not help. I can still connect to the other subnet if I define them
in the client. Anyone knows how I can restrict access to only one of the
vlan subnets?


Thanks, Daniel

Re: isakmp vpn configuration

[Daniel Eyholzer]

Hi Joel


j knight [EMAIL PROTECTED] wrote:
  I have tried to change Network and Netmask in the [default-route]
  section from 0.0.0.0 to the network and netmask of one of the vlan
  subnetworks, but it does not help. I can still connect to the other
  subnet if I define them in the client. Anyone knows how I can restrict
  access to only one of the vlan subnets?
 
 I don't know why those changes aren't working, however, have you tried:
 
 - setting a policy via isakmpd.policy that restricts 'remote_filter'

No. I will try that.


 - blocking traffic using pf

Yes, I have tried to filter on VPN client ip addresses on the enc0
interface. This works, but the problem is that not all users should be
allowed to do the same things. Since the VPN client ip address can be
chosen arbitrary on the VPN client, the user can chose an ip address that
is allowed to do what he wants to do. Therefore it is not secured, the user
has just to know which ip address has full access, and he can access all he
wants on all vlans.


Thanks, Daniel

Re: Migration to PF - some questions

[Daniel Hamlin]

Stephan A. Rickauer wrote:


Gaby vanhegan wrote:
  $if_in=xl0


$if_out=xl1
pass in on $if_in keep state
pass out on $if_out keep state



Ok, let's stick to that example. Imagine a firewall having three 
interfaces connecting Internet, LAN and DMZ. When I would like to 
allow SMTP traffic to my mail server in the DMZ, from LAN _and_ 
Internet, where would you filter?


Thanks,


int_if=xl0
ext_if=xl1
dmz_if=xl3
mail_server=192.168.0.1

pass in on { $int_if, $ext_if } proto tcp from any to $mail_server port 
smtp keep state

passive ftp-ssl client behind OpenBSD 3.7 NAT/pf

[Daniel Smereka]

Is it possible to get such a client running in passive mode using pf rdr/rules?
 
I understand that I can't use ftp-proxy for this b/c the PORT command coming 
back from the FTP server is encrypted.  Is there any way to do this?  thanks
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: passive ftp-ssl client behind OpenBSD 3.7 NAT/pf

[Daniel Smereka]

Hi Ed thx for the reply.  First I should mention that all non-ssl ftp traffic 
works great through the firewall (setup according to FAQ on openbsd site).
 
My setup is:
 
my client - my nat'd OpenBSD - internet - remote ftp-ssl server
 
I don't have any control over the remote server.  The client simply hangs 
saying Connected to server on port 21. Waiting for response
 
I did a tcpdump on the internal nic during a connection attempt from the client:
 
 tcpdump -ttt -n -i vr0 host remote_ip

Sep 23 19:01:51.887070 192.168.1.111.1156  remote_ip.21: S 
34496577:34496577(0) win 8192 mss 1460 (DF)
Sep 23 19:01:51.887122 remote_ip.21  192.168.1.111.1156: S 
2282047294:2282047294(0) ack 34496578 win 16384 mss 1460
Sep 23 19:01:51.887433 192.168.1.111.1156  remote_ip.21: . ack 1 win 8760 (DF)
Sep 23 19:02:56.887799 192.168.1.111.1156  remote_ip.21: F 1:1(0) ack 1 win 
8760 (DF)
Sep 23 19:02:56.887840 remote_ip.21  192.168.1.111.1156: . ack 2 win 17520

and another on the external nic at the same time:
 
 tcpdump -ttt -n -i fxp0 host remote_ip

 
Sep 23 19:01:51.891462 my_external_ip.63441  remote_ip.21: S 
3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 
0,nop,nop,timestamp 3166560978 0 (DF)
Sep 23 19:01:57.883262 my_external_ip.63441  remote_ip.21: S 
3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 
0,nop,nop,timestamp 3166560990 0 (DF)
Sep 23 19:02:09.883267 my_external_ip.63441  remote_ip.21: S 
3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 
0,nop,nop,timestamp 3166561014 0 (DF)
Sep 23 19:02:33.883268 my_external_ip.63441  remote_ip.21: S 
3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 
0,nop,nop,timestamp 3166561062 0 (DF)
 
I would appreciate if anyone can help me understand the tcpdump output.  thx
 Click here to donate to the Hurricane Katrina relief effort. 

Which SATA controller to purchase

[Daniel A. Ramaley]

I have an i386 file server running OpenBSD 3.7-release. I want to add an 
SATA drive to the system. Since the motherboard does not have SATA 
built-in, i need to purchase a controller card. I notice on 
http://www.openbsd.org/i386.html that a number of SATA chips are 
supported, though many will require an upgrade to -current or 3.8 when 
it is released (either of which i would be willing to do if necessary). 
My question is, given a chip number listed on i386.html, how do i find 
out what products the chip is used in?

For example, i was looking at the Promise SATA 150TX4 and i have not yet 
been able to find what chip that controller uses. Any suggestions on 
what controller card i should get?


Dan Ramaley
Network Programmer/Analyst
(515) 271-4540
Dial Center 118, Drake University

Re: Which SATA controller to purchase

[Daniel A. Ramaley]

On Monday 26 September 2005 20:10, you wrote:
Try this one out for size, I can vouch that it's super
http://www.lsilogic.com/products/megaraid/sata_150_4.html
Brandon

Is there an LSI SATA card that doesn't have RAID and works with OpenBSD? 
I don't want RAID support, so buying an expensive ($216 on newegg.com) 
card doesn't sound like a good deal.


Dan Ramaley
Network Programmer/Analyst
(515) 271-4540
Dial Center 118, Drake University

Compatibility question for the New Sun X4100 server with 4FastEthernet as possible BGP routers, or stick with HP DL-145 G2?

[Daniel Ouellet]

Hi,

I am stuck with many Cisco routers 7206 VXR that now run at 100% CPU 
process time to time. The BGP table grow to a level that when combine 
with a few access list on these routers, it now run out of steam! At a 
minimum, more then I would like to see anyway!


I guess no one will be surprise on that!

So, I need to convert them in dummy aggregation router for T1's, etc but 
without BGP or anything else on them for that matter, until I can get a 
few good and tested cards for channel DS3 and the like that will work 
well in OpenBSD.


I am stuck on this one and at the same time please to replace more Cisco 
gear!


However, picking the best servers for this is also important.

I was looking at the HP DL-145 G2 with SCSI on them and I also saw the 
new Sun X4100.


I really would need a minimum of 4x 10/100/1000 Ethernet ports in these 
boxes.


So, hopefully someone will be able to answer this question for me.

Looking at the less then complete technical information on the Sun 
server, I don't see the details of the chip set use in that server, 
network card, etc. So, I can't search to see if OpenBSD may work on it 
or not.


Google haven't return query with the X4100 and OpenBSD yet on this as 
well. To new most likely.


So, is anyone can actually confirm or deny if OpenBSD actually work well 
on this new Sun or not at all, or stay away from it, it would be greatly 
appreciated!


I saw a few posts on the Sun DL-145 G2 and looks like issues are solve 
with it and Brad work for the Broadcom network cards look like a 
success, but I am not 100% sure on the SCSI yet however. I need to read 
more on that.


I do use the DL-145 with great please so far, so I may be incline to 
stick with HP, but the Sun default 4x Ethernet ports did attract me however!


Any word of wisdom on my best bet? I need 8 of these new servers to 
start with, so I sure want to be sure to pick them right. Throwing money 
down the tube is not my forte if you know what I mean!


May be someone know something even better for this stuff?

I saw posts from Henning for best network cards, still true and what 
about a 4x ports in these new servers?


Many thanks for your input and your time as well!

Daniel

Re: Printer setup

[Daniel A. Ramaley]

The last time i had to use a non-postscript printer with OpenBSD i used 
foomatic. Since i was not familiar with the software, it was a bit of a 
pain to set up. But like most other software on OpenBSD, once i had it 
configured properly it worked without any problems. Just curious, why 
don't you want to use foomatic?

I haven't tried using cups on OpenBSD, though i have successfully 
configured cups on Debian Linux, with commands similar to this:
# gunzip -c /usr/share/ppd/Brother/Brother-HL-1430-hpijs.ppd.gz \
   /tmp/out.ppd
# lpadmin -p lp -E -v /dev/lpt0 -P /tmp/out.ppd -D Brother HL-1430 \
  -L Local Printer
# lpoptions -p lp -o page-left=18 -o page-right=18 \
  -o page-top=18  -o page-bottom=18 -o cpi=12 -o lpi=7
On my machine there are 3 different PPD files for the Brother HL-1430, 
each with one of either hl1250, hpijs, or ljet4 in their name. I'm not 
sure which one you actually want but you should be able to find them 
online; if not e-mail me privately and i can send them to you (please 
note however that using files from random strangers on the internet 
poses significant security risks).

On Friday 30 September 2005 07:12, you wrote:
I have been trying to setup a brother HL-1430 printer on OpenBSD 3.7
 but has been told it is near impossible.

I have installed cups but I am not sure if it is better to use it.

I can locate the printer on /dev/lpt0 and it's in dmesg.

 From that and getting some actually printing done, I haven't been
 able to find anything usefull on google except this
http://www.jakemsr.com/openbsd/foomatic.html, which wasn't what I had
 in mind.
Where to go from here? I have no prior experience with lp(d) but have
setup cupsd on other nix's before.


Dan Ramaley
Network Programmer/Analyst
(515) 271-4540
Dial Center 118, Drake University

Re: Compatibility question for the New Sun X4100 server with 4FastEthernet as possible BGP routers, or stick with HP DL-145 G2?

[Daniel Ouellet]

Henning Brauer wrote:
  I am more curious about the 2100 actually. Finally a vendor got it and
made a (apparently) decent single-CPU amd64 1U machine with a reasonable 
price tag. I am uncertain what chipset they use, might be nForce, might 


I like the 2100 better, but was looking at the 4100 ONLY because of the 
4 built in GigEs. Never to many Ethernet cards when use as a router! (; 
I would actually love a box with 8x and one with 8 fiber ports. That 
would be sweet! But you got me thinking twice now!

BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.

[Daniel Ouellet]

I am not sure that this is normal for routers configure with MD5 or not 
to react like this. Both side can and should be allow to initiate the 
bgp session. But when the session is not initiate from bgpd, then 
unexpected results occur.


OpenBSD  --- Cisco routers.

With MD5.

If the session is initiate from the OpenBSD side (tcp/xxx - to tcp/179) 
on a remote Cisco router, then any 'bgpctl neighbor x.x.x.x clear' on 
that remote router will work and the session clear and comes back 
instantly. Great!


However if the session in that condition is clear from the Cisco side 
(clear ip bgp x.x.x.x), then the OpenBSD side doesn't really reset the 
session and it will continue to expect the packets on the same return 
port tcp/xxx oppose to accept the new session on the port 179 that is 
initiate at that time from the remote side and then reply to the tcp/xxx 
request port.


When the session is reset from the remote side, then it should become 
Cisco - OpenBSD with ( tcp/xxx to tcp/179) so the 179 port should be on 
the OpenBSD side then no?


Then you will start to get the error in the log like this:

%TCP-6-BADAUTH: No MD5 digest from OpenBSD(179) to Cisco(48384) (RST)

where the OpenBSD is the OpenBSD IP's and same for the Cisco IP's.

Also, I haven't been able yet to establish a session where the Cisco 
side would initiate the session and then the OpenBSD side would be the 
remote side when the MD5 is configure. It may be possible and sure 
should be, but I haven't been able to yet.


I can provide more details if need be, or tests more as well, but that's 
in short what is going on.


It's been many days so far and that what I found on why my sessions with 
MD5 are not coming up, or when clear doesn't come back to live.


Looks to me like the bgpd wants to be the initiator of the connection 
every time and then it will work for itself well. Is it the case here?


I started to check deeper when I realize that one side always reset the 
session quicker then the other without MD5 and then got stuck when MD5 
is in use.


This is on 3.7 and I had what look like the same problem with 3.6 and 
3.8-current ( sep 29).


Am I missing something here? Was the the intention from the start?

Many thanks for putting some light on this for me.

Daniel

Re: Kprinter in KDE fails

[Daniel Martini]

Hi,

On Mon, Oct 03, 2005 at 02:29:55PM +0200, [EMAIL PROTECTED] wrote:
 I have managed to get OpenBSD printing with CUPS from the packages, but if I 
 try to start kprinter in KDE it crashes. Every other application in KDE 
 crashes too with I try to use print from the file menu.
 
 Is this a common problem in KDE on OpenBSD? Have I missed something? I have 
 testet this on two different installations and it's the same result.

Seen this too, check this post:
http://marc.theaimsgroup.com/?l=openbsd-miscm=112422708302678w=2

Regards,
Daniel

Re: OpenBSD and KDE printing

[Daniel Martini]

Hi,

On Sun, Oct 02, 2005 at 04:48:13AM +0200, [EMAIL PROTECTED] wrote:
 During this test I found that every single program, started from within KDE,
 crashes when I use the print option from (in most cases) the file menu.
 
 Kprinter crashes too.
 
 This is with or without any cups service running.

Check this post:
http://marc.theaimsgroup.com/?l=openbsd-miscm=112422708302678w=2

Regards,
Daniel

Re: BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.

[Daniel Ouellet]

More on this with test results, example, setup use, and more details.

The short of it is that bgpd will not establish an MD5 connection as 
slave ever! So, if you do get an MD5 session in normal operation, it may 
well not stay stable at all depending of bgp flap and who will try to 
become master after a flap. You may end up with bgp down until human 
action is perform to get it back up from both side of the session.


How did I show that. Checking the various possibility without MD5 
configure and then ONLY adding the MD5 on the working setup.


Tested summary. Try to see the results when one side is always force to 
be master or slave and see the impact of it. Also, make sure that after 
a reset the master will stay the master. The use of filter will 
accomplish this to try to isolate a possible problem.


Please read on, as I think this show the situation as is.

Daniel

==

Without MD5 configure.

With bgpd master
Clear session from bgpd side, session comes back up right away.
Clear session from remote side, session comes back up with delay.

With bgpd slave
Clear session from bgpd side, session comes back up with delay.
Clear session from remote side, session comes back up with possible very 
long delay. Much bigger then when master.




Now with MD5 configure. We only add

tcp md5sig password test on bgpd side and
neighbor 66.63.12.108 password test on the Cisco side.

With bgpd master
Clear session from bgpd side, session comes back up right away.
Clear session from remote side, session comes back up with possible very 
long delay.


With bgpd slave
Just can't establish a session what so ever! The Cisco side will get 
stuck in the OpenSent mode and cycle a few times all without success.


66.63.12.1084 65001   0   1000 neverOpenSent

The OpenBSD side will show an active session, but not up yet obviously:

dev1# bgpctl s neigh 66.63.12.107
BGP neighbor is 66.63.12.107, remote AS 65001
 Description: iBGP Test
  BGP version 4, remote router-id 0.0.0.0
  BGP state = Active
  Last read Never, holdtime 240s, keepalive interval 80s

  Message statistics:
  Sent   Received
  Opens1  0
  Notifications0  0
  Updates  0  0
  Keepalives   0  0
  Route Refresh0  0
  Total1  0

  Local host:  66.63.12.108, Local port:179
  Remote host: 66.63.12.107, Remote port: 56923

And the Cisco side will keep cycling there from active to open and back 
to active to open, etc.


66.63.12.1084 65001   0   2000 neverActive

Now looking at the logs from each side. OpenBSD try to use the port 
tcp/56923 and from the Cisco side we see this error:


35: *Oct  5 13:38:43.503 EDT: %TCP-6-BADAUTH: No MD5 digest from 
66.63.12.108(179) to 66.63.12.107(56923) (RST)
36: *Oct  5 13:38:44.503 EDT: %TCP-6-BADAUTH: No MD5 digest from 
66.63.12.108(179) to 66.63.12.107(56923) (RST)


Looks like the OpenBSD side do not provide the MD5 to the Cisco to 
establish the session.


It doesn't matter if I clean the session from the Cisco side, or the 
bgpd side, order, etc. Both side, many times, what ever. It will simply 
not come up!


Even reloading the Cisco router and killing the bpgd and starting new, 
it will not come up!


Always the same errors in the logs.

No MD5 digest received from the OpenBSD side looks like.

===

Why is bgpd will not establish a session as slave when MD5 is configure 
even if the RFC said both sides should be allow to do so?


bgpd wants to be the master every time?

Something sure looks weird here.



Setup and tests done with results.

OpenBSD 3.7 and Cisco 5350 connected via Fast Ethernet switch.

OpenBSD - switch - Cisco 5350

BGP minimal configurations used:


OpenBSD side:

dev1# more /etc/bgpd.conf
# Macros
Peer_Test=66.63.12.107

# Default global configuration
holdtime 30
holdtime min 10
listen on 66.63.12.108
AS 65001
router-id 66.63.12.108

# List of networks to announce from the router.
network 10.0.1.0/24

# neighbors and peers
group Peering iBGP on AS65001 {
remote-as 65001
local-address   66.63.12.108
announceall
neighbor $Peer_Test {
descr   iBGP Test
}
}

==
Cisco side:

router bgp 65001
 no synchronization
 bgp log-neighbor-changes
 network 10.0.0.0 mask 255.255.255.0
 neighbor 66.63.12.108 remote-as 65001
 neighbor 66.63.12.108 version 4
 neighbor 66.63.12.108 soft-reconfiguration inbound
 no auto-summary

===
Filters used and apply to the Fast Ethernet configuration of the Cisco 
router like this:


interface FastEthernet0/0
 description Connection to OpenBSD Test Lab
 ip address 66.63.12.107 255.255.255.192
 ip access

Re: BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.

[Daniel Ouellet]

Claudio Jeker wrote:

With bgpd master
Clear session from bgpd side, session comes back up right away.
Clear session from remote side, session comes back up with delay.

With bgpd slave
Clear session from bgpd side, session comes back up with delay.
Clear session from remote side, session comes back up with possible very 
long delay. Much bigger then when master.





I think this is fixed in -current. Henning commited something to make the
delays on neighbor clears faster.


My first tests was done with current (sep 29), but with a small 
difference in the setup lab. It was done in live network. But I will 
sure redo it again. It's to important to me for not be 150% sure it's 
working well. So far, it just wasn't. I have well over 100+ peer 
sessions, of witch ~70+  are using MD5 and I can't not have them stable. 
Plus I have no choice as well to either buy bigger Cisco routers, and 
hell I don't want that! Or use OpenBSD and that's what I want. I ma fed 
up with CPU limitation power of Cisco and I will kiss them goodbye!


Even reloading the Cisco router and killing the bpgd and starting new, 
it will not come up!


Always the same errors in the logs.

No MD5 digest received from the OpenBSD side looks like.




It looks like the tcpmd5 is enabled to late when opeining a session.
I try to have a look at it.


You have no idea how much I would appreciate that! I started to look at 
the code, but that's a long process for me.



===

Why is bgpd will not establish a session as slave when MD5 is configure 
even if the RFC said both sides should be allow to do so?


bgpd wants to be the master every time?

Something sure looks weird here.




That's more like a bug. Btw. MD5 between to bgpd is working, at least it
works for me.


That's what I thought, but I know better then starting to say there is a 
bug. Before I do, I sure want to be sure, but it does look like it to me 
however so far. My tests so far show that you can have MD5 as long as 
OpenBSD is master, but clear sessions, depending with side initiate it, 
doesn't come back in one case and are slow in the other. (That was with 
3.7 for my last tests on this one) Will redo.



==

But it should be establish however for MD5 for sure as any sides can be 
the master in a bgp session.


However, not here?

Comments on this?

I think my tests are valid. Am I doing something I should be doing here? 
I don't think so, but that's what I found so far and why I can't keep a 
stable session with MD5 enable on it.





For me it looks like a bug for now.


Same thought here.

Daniel

Re: BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.

[Daniel Ouellet]

Claudio Jeker wrote:

On Wed, Oct 05, 2005 at 06:33:05PM -0400, Daniel Ouellet wrote:


==

Without MD5 configure.

With bgpd master
Clear session from bgpd side, session comes back up right away.
Clear session from remote side, session comes back up with delay.

With bgpd slave
Clear session from bgpd side, session comes back up with delay.
Clear session from remote side, session comes back up with possible very 
long delay. Much bigger then when master.





I see similar delays with my test setup. Most of the time it takes longer
for a session to come back up because of different timers that are run.
After a clear a reopen is tried immediately and that is most often
blocked. In my case the cisco seems to be to slow to close the session in
time for the reopen.
It also matters where you close the connection because in one case the
idle timer is run (30s) instead of the connect retry timer (120s).
Also the idle timer has starts to grow if you flap the session often.


The interesting facts here for me were how different it was for each 
side. I did this many times 10x+ on each setup to see. bgpd master to 
Cisco and clear from bgpd side to Cisco, the Cisco session comes back up 
instantly. As for Cisco master initiate clear to bgpd, was the slowest 
by far. I mean much longer. The other two possibilities are pretty much 
equal. It was interesting finding never the less. Why, I am not sure 
however.




Now with MD5 configure. We only add

tcp md5sig password test on bgpd side and
neighbor 66.63.12.108 password test on the Cisco side.

With bgpd master
Clear session from bgpd side, session comes back up right away.
Clear session from remote side, session comes back up with possible very 
long delay.


With bgpd slave
Just can't establish a session what so ever! The Cisco side will get 
stuck in the OpenSent mode and cycle a few times all without success.


66.63.12.1084 65001   0   1000 neverOpenSent




I can't reproduce this. On my test setup all session come back up.


I will try current again, and send even more details on my setup, or if 
you ever want to check it out, I have no problem what so ever to provide 
you access to both boxes directly for you to check it out as well. Just 
say the words if interested? I try Cisco IOS 12.3x and 12.4x, same 
results so far.


Now looking at the logs from each side. OpenBSD try to use the port 
tcp/56923 and from the Cisco side we see this error:


35: *Oct  5 13:38:43.503 EDT: %TCP-6-BADAUTH: No MD5 digest from 
66.63.12.108(179) to 66.63.12.107(56923) (RST)
36: *Oct  5 13:38:44.503 EDT: %TCP-6-BADAUTH: No MD5 digest from 
66.63.12.108(179) to 66.63.12.107(56923) (RST)





This is a Cizzz-coee / RFC feature. They enforce a TCP MD5 digest on TCP RST
packets. Now that's just stupid because it is not possible to do that in
some cases because the other side does not know the key at that time (e.g.
to signalize that the port is unavailable).
In your case this means that somehow the connection from the cisco to your
OpenBSD box is blocked or there is nothing listening on port 179.


Last tests at ~5 AM this morning, still show me this and nothing was in 
the path for blocking it a tall. I will recheck as it's been a few days 
without sleep so far, so I admit, I could start to be fussz a bit. Lack 
of sleep, but I will make sure before saying false things here. But in 
any case, not that I like it what so ever, I am not sure of the 
Cizzz-coee stuff. The sad thing is that they have a huge portions of the 
Internet routers still, hopefully changing quickly, but still, we need 
to interact with them a lots.


Looks like the OpenBSD side do not provide the MD5 to the Cisco to 
establish the session.





OpenBSD only misses the MD5 digest on the RST packets and that is actually 
OK. RFC 2385 actually mentions this special case in 4.1:

   A connectionless reset will be ignored by the receiver of the reset,
   since the originator of that reset does not know the key, and so
   cannot generate the proper signature for the segment.  This means,
   for example, that connection attempts by a TCP which is generating
   signatures to a port with no listener will time out instead of being
   refused.  Similarly, resets generated by a TCP in response to
   segments sent on a stale connection will also be ignored.
   Operationally this can be a problem since resets help BGP recover
   quickly from peer crashes. 


I can deal with that delay and I agree that it makes sense to refuse the 
reset, or ignore it, however, looks like so far, the session doesn't 
resets. May be because it does receive message still from the Cisco side 
on wrong ports, but somehow see it as keep alive. I really don't know 
what I am saying here, just a weird thoughts, but so far the results are 
that it doesn't resets. I will tests in more details again. But just 
know that something is not active in the best interest of the session 
here

Re: The Wikipedia article on OpenBSD

[Daniel Ouellet]

Chris Zakelj wrote:

Jan Izary wrote:



Recently I and several other people have worked to improve the OpenBSD
article contained in the Wikipedia, I'm sure I need not explain how it
works.

Anyways, I've worked to get as much easily accessable information
regarding OpenBSD in that article as possible and I've pretty much run
into a wall, I've got little else I can add.

I am putting a call out to the OpenBSD community at large to give a
look at the article and see if they can improve it, fleshing out
anything that has gaps and explaining some of the more complex concepts.

Things like OpenBSD centred screenshots would be nice if people would
be willing to upload them and list them in the gallery.

I would have put this on the advocacy list, but really it seems to be
dead and most advocacy seems to run through the misc list.

Thanks

http://en.wikipedia.org/wiki/OpenBSD



Looks pretty good.  My only suggestions would be to note that Nick
handles the official FAQ, and adding Daniel Ouellet as the
organizer/caretaker of the unofficial user's library.


If you have any article(s) that you want to find a home for, I would be 
more then happy to provide it! Contributions have been rare, so calls 
was maid before, many times in fact. But actual contributions were very 
fare in between.


I do have two or three articles now that are waiting my free time to be 
posted, I apologies to the brave soles that actually send them to me! My 
apology guys, but I haven't forgotten them trust me.


As for more place to post things, my own view and that doesn't represent 
anyone else views, is that we sure don't need to duplicate efforts. The 
locations are available, up to the users to make it happen.


Again, great stuff directly for the system that deserve a place on 
OpenBSD.org, should be sent to the always ready and incredibly brave 
sole of Nick if that's a great quality for the FaQ. He sure will tell 
you if it is. But first, read his requirements here:


http://www.holland-consulting.net/obsd/faq-help.html

Then send what you have based on that, either to him, if it is FaQ stuff 
and of great quality, or me if that doesn't apply to the FaQ and we will 
find it a home.


Daniel

Re: BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.

[Daniel Ouellet]

Claudio Jeker wrote:

On Wed, Oct 05, 2005 at 06:33:05PM -0400, Daniel Ouellet wrote:



Now with MD5 configure. We only add

tcp md5sig password test on bgpd side and
neighbor 66.63.12.108 password test on the Cisco side.

With bgpd master
Clear session from bgpd side, session comes back up right away.
Clear session from remote side, session comes back up with possible very 
long delay.


With bgpd slave
Just can't establish a session what so ever! The Cisco side will get 
stuck in the OpenSent mode and cycle a few times all without success.


66.63.12.1084 65001   0   1000 neverOpenSent




I can't reproduce this. On my test setup all session come back up.


Configuration with MD5.

Well, let see if this help or not. Two example below. One might not be 
very elegant, but I think it may well show the problem. I force the bgpd 
to try to be slave using some filter on the Cisco router. The filter 
WILL be temporary in my case anyway as I want the session to be stuck in 
OpenSent mode and then at that time I will remove the filter an sit back 
and watch. So, what happen is that the session will never come up, I 
think it should anyway, but it doesn't.


Then when I see on the Cisco router OpenSent, I will simply remove the 
filter to be 100% sure nothing is blocking the regular traffic and see 
if the session can recover. It doesn't.


So, I use this filter to force this stage on the Interface facing the bgpd.

ip access-list extended bgpd-slave
 permit tcp any eq bgp any neq bgp
 deny   tcp any neq bgp any eq bgp
 permit ip any any

and apply it like this

interface FastEthernet0/0
 description Connection to OpenBSD Test Lab
 ip address 66.63.12.107 255.255.255.192
 ip access-group bgpd-slave in

I save my config and to be ultra sure nothing else interfere, I simply 
reload. No need to do that and it is stupid anyway, but just to be 
paranoid here I do that.


After I can ping the Cisco for a few seconds, I initiate my bgpd on both 
version of OpenBSD and then when I see the OpenSent stage on the Cisco 
router, because even if it should establish a slave connection with this 
filter, it doesn't. Why, I wish I knew, but anyway it doesn't. Then when 
in OpenSent mode, I remove the filter for the interface totally to be 
sure nothing is in the way. Also, remember no pf is running as well and 
the two server are fresh install with nothing on them other then they 
install and then configuring the bgpd. That's it.



So, when I see:

NeighborVAS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down 
State/PfxRcd

66.63.12.1064 65001   0   1000 neverOpenSent
66.63.12.1084 65001   0   1000 neverOpenSent

I do

no ip access-group bgpd-slave in

on my fast Ethernet interface and the sit back. Nothing will ever happen 
here. No session will ever get up. Never! It will cycle in close - idle 
- active - OpenSent and then stay there for a few minutes and then 
cycle again to the same point and do that over and over again.


What I see on the OpenBSD on 3.7 is

# bgpctl s neigh 66.63.12.107
BGP neighbor is 66.63.12.107, remote AS 65001
 Description: iBGP Test
  BGP version 4, remote router-id 0.0.0.0
  BGP state = Active
  Last read Never, holdtime 240s, keepalive interval 80s

  Message statistics:
  Sent   Received
  Opens1  0
  Notifications0  0
  Updates  0  0
  Keepalives   0  0
  Route Refresh0  0
  Total1  0

  Local host:  66.63.12.106, Local port:179
  Remote host: 66.63.12.107, Remote port: 14670

==

and at each cycle of close - idle - active - OpenSent, the port above 
will changed and in current, after the first cycle, it will show


Last error: unknown error code

instead and no ports informations and error logs like this:

Oct  7 05:44:42 dev2 bgpd[21803]: startup
Oct  7 05:44:42 dev2 bgpd[14625]: route decision engine ready
Oct  7 05:44:42 dev2 bgpd[16756]: listening on 66.63.12.106
Oct  7 05:44:42 dev2 bgpd[16756]: session engine ready
Oct  7 05:44:42 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): 
state change None - Idle, reason: None
Oct  7 05:44:42 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): 
state change Idle - Connect, reason: Start
Oct  7 05:44:42 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): 
state change Connect - OpenSent, reason: Connection open

ed
Oct  7 05:44:42 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): 
write error: Invalid argument
Oct  7 05:44:42 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): 
state change OpenSent - Idle, reason: Fatal error

Oct  7 05:44:49 dev2 ntpd[24590]: adjusting local clock by -170.192293s
Oct  7 05:45:12 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): 
state change Idle - Connect, reason: Start
Oct  7 05:46

Re: Sun's AMD 64 lineup

[Daniel Ouellet]

OpenBSD Admin wrote:

Does anyone have any experience with these sun boxes eg (the 'X' series
or aquarius are pretty new;

X2100
X4100
X4200


These three are new and not available now. Last time I check with Sun, 
they will start to ship early November. So, I don't expect to many 
feedback on these yet! (;




v20z
v40z


The archive provide feedback on them and well as the hardware support 
page will give you some too.


Daniel

Re: Happy Birthday OpenBSD ! 10 years !

[Daniel Ouellet]

Marco Peereboom wrote:

Neat now OpenBSD and I share the same birthday :-)


Neat in fact! But we won't wish you happy 10th birthday right?

Or you sure would have started to bang on that keyboard very early for 
sure! (; May be that's where some of the early bugs came from! (;


Unless you were already thinking OpenBSD before you see the light! (: 
Always possible I guess...


I know some of the OpenBSD guys really spend their life on the project, 
but that would be way to much...


Happy birthday to both of you early then!

Daniel

Re: OpenBSD's 10th birthday

[Daniel Seberle]

Now it is really OpenBSD's 10th birthday ;)



Happy birthday OpenBSD!
Best wishes from ex-Yugoslavia!

And a big thanks to all the people who invested their time in making such 
a great OS.

Re: BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.

[Daniel Ouellet]

Hi all,

Here is my latest update on this one and a work around as well. Not 
great, but it work for now until this bug is fix.


To reproduce the problem, you only need to enable:

ip tcp selective-ack

on your Cisco router and as soon as you will clean the BGP session setup 
with MD5 on your OpenBSD from the Cisco side, regardless of OS version, 
and even on current, it will never comes back to life. The only way 
would be for you to clear your cisco and when in idle mode, to clear 
form the OpenBSD side, then and only then will the session will come 
back up.


However, you will still have a LOTS of errors messages in your logs if 
you look regarding this MD5 session. These don't go away until a reload 
is done, so on busy network, not very friendly either, nor practical as 
well.


*** This bug ONLY show up when MD5 is configure WITH ip tcp 
selective-ack ***


Without MD5, it's working very well thank you! May be the same bug is 
there, but just not affecting the session, may be possible, but I do not 
know that however. My tests didn't show that to be true so far anyway.


I have been looking at the code for a few days, and I have to admit, I 
get lost at times trying to follow it. But it look to me that it would 
be either in tcp_input.c or tcp_output.c. Most likely in tcp_input.c and 
in the section that process the reset received command from the remote 
end. It also have to be when TCP_SIGNATURE is enable as well, so I 
would assume that it have to be common between the two, but that's just 
a guess for now. Looking at the standard from the September 81 page 65 
to 73, on how the process should be done, look it might be there, but I 
still haven't fully understood that yet. The tcp_input.c follow that 
very strictly, but there have to be a step omitted someplace and I can't 
put my finger on it yet. But look like a possibility of reply to the 
remote reset with ACK without the MD5 in the packet may be the cause of 
it, but again, not sure of that fact.


Why, no problem to setup the session at the start, and only show the 
problem when a reset is received at witch point the remote end expect 
the ack with MD5 and doesn't get it and will stay stuck in FINWAIT1 mode 
for ever. The OpenBSD show connected stage, but the remote end show 
OpenSent stage and will stay there.


The work around I use for now is to compile a kernel with

option  TCP_SACK# Selective Acknowledgements for TCP

disable. Not great I have to admit, but as I do not control the remote 
end of multiples peers and some may actually use the ip tcp 
selective-ack feature on their routers if they try to get more 
efficiency out of it, I would be the one impacted by this and I can't 
really see myself telling them not to use it because I have a bug on my 
side.


So, for now, I simply compile a kernel with that TCP_SACK disable and 
then no selective acknowledgment will be in use and then all peer 
sessions with MD5 will not suffer this bug.


So, if anyone is actually using BGPd on their network AND also use MD5, 
I would recommend to use for now a kernel without TCP_SACK enable in 
it if they do not want their bgp session going dead in case of reset 
from remote end and have to do manual interventions from both side to 
get it back up. If you are 100% sure that none of your peer actually use 
this feature, then, you are home free and don't even change anything 
with it!


Hope this help some, it sure helped me. I got stuck with this one and 
lost a few hairs in the process. (;



May be someone with better understanding of the process and specially of 
the tcp_input.c file might find the reason for this, great. If possible 
however, if someone find the problem, I would love if I may ask, to give 
me a bit of feedback if time allow on how the problem was solved as I 
would love to learn that in the process. I think I am getting close to 
it, but I can't put my finger on it yet. So, learning from it would be 
greatly appreciated if you would be so kind!


Regards,

Daniel

Re: iptables vs pf

[Daniel Ouellet]

I actually was reading a good document on PF tonight and I came across 
this quote that I think would answer your question as to the difference 
between iptables and pf.


OK, may be it's more poetic, but still I really liked it.

Hope it make you think as well! (:

And I think it describe it very well if you have played with them!

Daniel

Quote:

Compared to working with iptables, PF is like this haiku:

A breath of fresh air,
floating on white rose petals,
eating strawberries.

Now Im getting carried away:

Hartmeier codes now,
Henning knows not why it fails,
fails only for n00b.

Tables load my lists,
tarpit for the asshole spammer,
death to his mail store.

CARP due to Cisco,
redundant blessed packets,
licensed free for me.

Jason Dixon, on the PF email list, May 20th, 2004 
(http://www.benzedrine.cx/pf/msg04702.html)

Re: [Fwd: Re: Theo, I am truely sorry. You misunderstood me.]

[Daniel A. Ramaley]

On Thursday 20 October 2005 19:01, you wrote:
Currently tracking 30+ pieces of hardware.  However, I need help:  I
need people to email me supported hardware, or use the Submit New
 Kit link on the page to do it.  It's pretty easy, and the only
 requirement is that you need to have personally witnessed its
 (correct) operation with some version of OpenBSD, and that it is
 possible to buy it new. Speaking of which:  Which driver supports the
 Adaptec 1205SA?  Anybody? Bueller?  Manpages are not forthcoming.

I submitted the Adaptec 1205 SA to your list. I put it in my OpenBSD 3.7 
machine and it just worked. 

The drive plugged into the 1205 is wd1. I believe these are the relevant 
dmesg lines:

pciide1 at pci0 dev 16 function 0 CMD Technology SiI3112 SATA rev 
0x02: DMA
pciide1: using irq 10 for native-PCI interrupt
pciide1: port 0: device present, speed: 1.5Gb/s
wd1 at pciide1 channel 0 drive 0: ST3400832AS
wd1: 16-sector PIO, LBA48, 381554MB, 781422768 sectors
wd1(pciide1:0:0): using BIOS timings, Ultra-DMA mode 6

The full dmesg follows, in case what i quoted above isn't sufficient:


OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 451 
MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MM
X,FXSR
real mem  = 536453120 (523880K)
avail mem = 482713600 (471400K)
using 4278 buffers containing 26927104 bytes (26296K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 01/15/99, BIOS32 rev. 0 @ 
0xfdb60
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI BIOS has 10 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA 
rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x4800 0xcc800/0x2800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03
ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02
pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, 
channel 0 wi
red to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: Maxtor 5T010H1
wd0: 16-sector PIO, LBA, 9536MB, 19531250 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SONY, CD-ROM CDU55E, 1.0u SCSI0 5/cdrom 
removabl
e
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
cd0(pciide0:0:1): using PIO mode 0
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
Intel 82371AB Power Mgmt rev 0x02 at pci0 dev 7 function 3 not 
configured
fxp0 at pci0 dev 15 function 0 Intel 82557 rev 0x02: irq 9, address 
00:a0:c9:7
4:9a:a9
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
pciide1 at pci0 dev 16 function 0 CMD Technology SiI3112 SATA rev 
0x02: DMA
pciide1: using irq 10 for native-PCI interrupt
pciide1: port 0: device present, speed: 1.5Gb/s
wd1 at pciide1 channel 0 drive 0: ST3400832AS
wd1: 16-sector PIO, LBA48, 381554MB, 781422768 sectors
wd1(pciide1:0:0): using BIOS timings, Ultra-DMA mode 6
pciide2 at pci0 dev 18 function 0 Promise PDC20269 rev 0x02: DMA, 
channel 0 co
nfigured to native-PCI, channel 1 configured to native-PCI
pciide2: using irq 5 for native-PCI interrupt
wd2 at pciide2 channel 0 drive 0: Maxtor 6Y250P0
wd2: 16-sector PIO, LBA48, 239372MB, 490234752 sectors
wd2(pciide2:0:0): using PIO mode 4, Ultra-DMA mode 6
vga1 at pci0 dev 20 function 0 S3 Trio32/64 rev 0x54
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using 
wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
lm0 at isa0 port 0x290/8: W83781D
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ed65 netmask ef65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
dkcsum: wd1 matched BIOS disk 81
dkcsum: wd2 matched BIOS disk 82
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302



-- 

Re: C++ exceptions with OpenBSD 3.6 on amd64

[Daniel Ouellet]

Chad M Stewart wrote:
And if you'd pre-ordered 3.8 then you might have gotten an email like  I 
did today. :-)  Now I just need enough revenue from my new company  so I 
can replace all of my servers with real boxes like V20z and  X4100.  
Funny now that I'm now longer an employee of Sun I'll  potentially be 
purchasing more hardware from them than when I was an  employee.


Well, welcome to the self employed world!

Just to things for you here!

First, your business WILL be successful because you already maid the 
most important decision of all! You pick OpenBSD to run your business 
with! I did that 7 years ago after doing research for efficient OS and 
most importantly to me then and still now, security. Small business have 
limited resources and waisting your time trying to have your servers 
stay stable is not something that will be productive and help you! Many 
times, small business are one men game, or just a few friends at best, 
so all the time you have available needs to be put into making your 
business work!


The last thing you need is spending it doing patches and rebuilt like 
with Micro$oft, God help me here! (:


Now the second thing however, make sure you pick hardware that is fully 
supported and make your choices wisely. The X4100 is to new and now out 
yet, now do we know if it is supported yet. I love the box myself and I 
most likely will get one to test, but that's only because now I am able 
in limits obviously to get hardware and then put it on the self for a 
year if need be because it doesn't work now.


For the V20z, as far as I know, it work well!

So, welcome to the big OpenBSD small successful businesses!

You already had done the most important work!

Pick the right OS to get some most definitely needed good sleep in the 
months ahead! (: With OpenBSD on your server, you KNOW you can sleep at 
night when you actually have time to do so when you built your own business!


Good luck to you and welcome to OpenBSD!

I choose that OS 7 years ago and NEVER looked back!

Daniel

PS: Just a wise advise however, make it a policy to keep upgrading to 
the new OS when they release it as well and don't use the excuse that it 
work now, so why change it! I suffer this over confidence stage with the 
release 3.0 where I got bitten, by my own fault I have to admit, by the 
only bug ever known to OpenBSD and that Christmas, almost put me out of 
business! No one else to blame but myself on that one! I always been to 
busy doing business work and fell that I could wait a bit more to 
upgrade my server and why do it, it works well as it is now! If I can 
offer one advise, take it from my own stupidity and don't do that one! 
There is plenty of other one you will do! (:

Re: OpenBSD MetaStore: Distributed hosting?

[Daniel Ouellet]

Please guys, can we stop this fight over who does what and how to be 
accessible from where.


In the interest of bringing peace back on misc@ I will extend the offer 
to host this on high capacity network if the community really want it.


More then once the community always say, yes this is great, we need 
that, why don't we have this, and someone should do it!


So far, each time this happened, it was more wind talks then anything 
else and never was pursue for real! With few exceptions to be fully 
honest to some really brave sole that actually step in here and 
contribute something! But in every case, the wind blow and then the 
leafs fall on the ground to leave empty trees that never see the spring 
again!


If you really want it and if that is useful to some, I will offer to 
make it available to EVERYONE!


But, please understand this! STOP bugging the project with these things, 
they do what they do best and they don't need this to improve our 
beloved OS! So trying to make that part of the official project is 
really waisting everyone times.


And finally, no hardware company, or very few if you search the archive 
ever contribute back to the project, so if you think this might become a 
source of income for the project it's really an utopia! You want the 
project to get more income, well as far as I know, it's there:


http://openbsd.org/donations.html

Just give, to think you can setup something that will turn into a source 
of income and that the project will take under it's wing is having it's 
eyes close and not knowing that no one will step to actually do it and 
make it work and the dev's HAVE other things to do, nor do they are 
interested to do this! Don't forget, they do this OS for themselves and 
offer us the benefit to use it! They don't need a site providing 
supported hardware for them to see what they should use or have!


For crying at loud! If they like some hardware and it's not working for 
them! How long do you think it will take them to make it work on it if 
really they want it, hmmm!!!


Do you think they will even care about what's supported or not!!!

Think about it for a few seconds and you will have your answer!

Looked at the Sharp Zaurus C3000 PDAs It was a new CPU and OpenBSD 
wasn't design for it at all, but hey, they like that little box, so how 
long did it really take them!? If they want it, they don't need any of 
us to tell them what hardware it might work on! If they want it really 
badly, they will simply make it work for themselves!!!


So, I am done. I really didn't want to fall into answering this tread, 
but here I did, shame on me for doing it! I will not answer more on this 
list either for this tread.


If some of you want this moved, or hosted else where, or provide me the 
data to make it public, I will be more then happy to do so, but do it 
off list and lets stop this fight here please!


Can we do that?

I waisted way to much of everyone times already! Sorry for doing so!

Now NO ONE have any reason to continue complaining about this anymore. 
You want this else where fully accessible, I make the offer to do it in 
the interest of peace!


So, either put up of shut up!!! What will it be?

Your move next! And lets take it off list please!

Best regards,

Daniel

Re: openssh in other products

[Daniel Ouellet]

ok, i have sent them some nice feedback.
if some other people want to voice their dismay,
you can do it here: http://www.docs.hp.com/en/feedback.html
keep the flames in your fireplace at home,
probably just a massive typo...


Thanks Feedback sent in officially from my business with the list of 
hardware I got from them as well!


Daniel

[Fwd: Re: Your web comment on docs.hp.com]

[Daniel Ouellet]

Some feedback already.

Keep sending the feedback.

They extracted only that part for my email to them however.

I wrote more then that and strongly suggested that a politically correct 
moved would also be to give some hardware back to the project they 
benefit as well!


At a minimum, respecting the license and put a URL back to the project 
would be a minimum they could and should do!


Hope this help any! I won't hold my breath however, but may be they will 
fell guilty and do something... May be


Daniel


 Original Message 
Subject: Re: Your web comment on docs.hp.com
Date: Tue, 25 Oct 2005 12:28:58 -0600
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
References: [EMAIL PROTECTED]

Hi Daniel,

You sent feedback to Hewlett-Packard:


However, seeing how you don't even give credit, or respect that license of 
OpenSSH that you DO use in your product makes me very sad at best! The license 
for OpenSSH is not a public domain like you point out here:


We regret this error and are in the process of notifying the author to
immediately correct the book. Once corrected, it will be re-published
with the correct attribution.

At no time does Hewlett-Packard ever want to mis-represent the hard
work of the Open Source Community.  We are proud or our participation
in the Community and regret this mistake.

Thank you for calling it to our attention.

And thanks for using docs.hp.com,

Re: OpenBSD Metastore

[Daniel A. Ramaley]

On Thursday 03 November 2005 08:59, Martin Schrvder wrote:
On 2005-11-03 08:20:47 -0600, Jared Solomon wrote:
 The AOpen MiniPC measures 6.5 x 6.5 x 2 inches, is powered by an
 Intel Pentium M or Celeron M processor

http://www.heise.de/newsticker/meldung/65660

A MacMini is cheaper and runs OBSD.

That's not entirely accurate; though a Mac Mini will run OpenBSD, it is 
not cheaper. The original article that was posted gave a $399 price for 
the A-Open MiniPC. Apple lists their Mac Mini at $499. But, if you know 
a way to (legally) acquire a new Mac Mini for less than the $399 MiniPC 
price, i'd be very interested in hearing about it.


Dan Ramaley
Network Programmer/Analyst
(515) 271-4540
Dial Center 118, Drake University

Re: PHP-MySQL-Apache madness!

[Daniel Ouellet]

Kelly Martin wrote:

OpenBSD kernel panic'ed or was otherwise unresponsive. A full reboot
was required by pulling the plug, because the console would not
respond (I walked my brother through this over the phone - remote
location). When the system came back up, Apache would not start.


I know you wrote not to suggest to upgrade to 3.8, but look to me that 
you have your brother available to help. I know I wrote the instruction 
before for a friend that never even touch Unix in his life before on how 
to set this up (OpenBSD). If you think about it for a few seconds. I 
would definitely argue that you would have lost less time by writing the 
instruction and sending them to your brother, let him wipe it clean and 
bring it back up where you can then ssh to it and do all that you need 
form that point. From the CD, or even from the bsd.rd version, setting 
up a box is really quick, ok if you need to download the full system 
from the bsd.rd version over ftp it may take a bit more time, but still, 
a few simple question to answer and you are home free, unless you really 
don't trust your brother, but even then...


Not what you want to ear I know for sure, but just think about it...

I am sure it would take you less time this way and you would not have to 
deal with madness...


I am sure you can setup your box from scratch in less then 10 minutes 
with a CD. Have your brother do that over the phone if you have to. I am 
sure he will fell good in the end and your problem will be gone as well, 
plus you would have an upgraded version.


Think how much time you already spend on it.

Hope this provide you some moral support anyway.

Daniel

Re: pf.conf to only allow port 22, 25 and 80 to my server.

[Daniel Ouellet]

Larry Llong wrote:

I just want to allow port 22, 25 and 80 to my server.

I know I can activate and deactive pf with -e and -d, but that doesn't 
seem to reload the configuration. Does it?


Read the informations available here:

http://openbsd.org/faq/pf/index.html

Or even a very good step by step with a lots of explications here:

http://www.bgnett.no/~peter/pf/en/pf-firewall.pdf in PDF or
http://www.bgnett.no/~peter/pf/en/ in html.

Much better to understand what you are doing instead of using the cut 
and paste configuration of someone else.


Peter document will sure get you started and provide you valuable 
information in a step by step if you need that.

Re: Telnet daemon retired in 3.8 ?

[Daniel Ouellet]

Matthew S Elmore wrote:
I cannot appear to locate a telnet daemon in 3.8 installs now. It 
appears to have silently disappeared between 3.7 and 3.8.


Not really silently, but not with huge party either.

http://marc.theaimsgroup.com/?l=openbsd-cvsm=111700017509177w=2

I know it was announce as well, can't put my finger right away on the 
article, but definitely it was talked about and said to be gone.


I good thing really!

Re: Anyone tried a sun fire X2100 server yet?

[Daniel Ouellet]

Will H. Backman wrote:

Anyone put OpenBSD 3.8 on a Sun Fire X2100 AMD server yet?



Not yet. My shipping date for the X2100 is:

**BACK ORDERED ETA OF 11/22/05**


For the X4100, well...

**BACK ORDERED CONSTRAINED** (NO ETA AS OF 11-07-05)

So, my guess is not before December will have be able to put my hands on 
one at best.


Any feedback prior to this obviously would be more then welcome!

Re: Big discrepancy between df and du used space values (3.8)

[Daniel A. Ramaley]

On Tuesday 08 November 2005 10:36, you wrote:
I'm trying to track down why /var is full, and df and du report major
differences (or else I'm reading something wrong, in which case I
 submit to the verbal beatings).  Pay attention to what it says for
 /var. Running OpenBSD 3.8 GENERIC as a firewall.  Why does df report
 8G used, and du report 9M used?  What am I missing? (Don't comment on
 the size of the / partition, I just realized I made a mistake there,
 but there are no user accounts on this machine, and /var is on a
 different partition, so I don't have to worry about log file sizes
 killing the machine.)

One possible cause of this is if a process has one or more large files 
open on /var that have been deleted. The space from deleted files that 
are open at the time of deletion is not freed until the file is closed.

Innocuous causes for this would be a log file that wasn't rotated 
properly and the logging program is holding an old log open. Malicious 
causes for this could include a rootkit that stores data in deleted 
files to hide its presence, but this is rather unlikely on OpenBSD.

The lsof utility (available as a package or in ports) may help with 
investigating what process is holding a deleted file open, if that is 
really the problem. If it is, then killing or restarting the offending 
process should free up the space. In a worst-case scenario you could 
try rebooting and see if the space is freed.


Dan Ramaley
Network Programmer/Analyst
(515) 271-4540
Dial Center 118, Drake University

SOLVED: Re: Big discrepancy between df and du used space values (3.8)

[Daniel Hamlin]

Ted Unangst wrote:


On 11/8/05, Daniel Hamlin [EMAIL PROTECTED] wrote:
 


I'm trying to track down why /var is full, and df and du report major
differences (or else I'm reading something wrong, in which case I submit
to the verbal beatings).  Pay attention to what it says for /var.
Running OpenBSD 3.8 GENERIC as a firewall.  Why does df report 8G used,
and du report 9M used?  What am I missing? (Don't comment on the size of
   



unlinked (deleted) files can still be held open by a running process. 
fstat may help you find it.
 

fstat showed that pflogd still had a log file open.  I did a pkill 
pflogd (since my pf rules do not include logging now), which released 
the too-big-for-the-filesystem log file, thus freeing the space.


Thanks for the response!


For the archives:


# fstat -f /var
USER CMD  PID   FD MOUNT  INUM MODE   R/WDV|SZ
root fstat  118546 /var 391555 -rw-r--r--   r   659456
_pflogd  pflogd 23752 root /var 968576 drwxr-xr-x   r  512
_pflogd  pflogd 23752   wd /var 968576 drwxr-xr-x   r  512
_pflogd  pflogd 237524 /var 721282 -rw---  rw 21152615
root sendmail   27806   wd /var 144263 drwx--   r  512
root sendmail   278068 /var 453377 -rw---   w   70
root cron   27288   wd /var  41216 dr-xr-xr-x   r  512
root cron   272883 /var 453391 -rw-r--r--  rw6
_ntp ntpd   15607 root /var 968576 drwxr-xr-x   r  512
_ntp ntpd   15607   wd /var 968576 drwxr-xr-x   r  512
_pflogd  pflogd 13759 root /var 968576 drwxr-xr-x   r  512
_pflogd  pflogd 13759   wd /var 968576 drwxr-xr-x   r  512
_pflogd  pflogd 137594 /var 721292 -rw---  rw 8279529034
_syslogd syslogd19086 root /var 968576 drwxr-xr-x   r  512
_syslogd syslogd19086   wd /var 968576 drwxr-xr-x   r  512
_syslogd syslogd190868 /var 721291 -rw-r--r--   w  529
_syslogd syslogd190869 /var 721288 -rw-r-   w  278
_syslogd syslogd19086   11 /var 721307 -rw---   w0
_syslogd syslogd19086   12 /var  41222 -rw---   w  655
_syslogd syslogd19086   13 /var 721312 -rw-r-   w23114
_syslogd syslogd19086   14 /var 721310 -rw-r-   w0
_syslogd syslogd19086   15 /var 721304 -rw-r-   w0
_syslogd syslogd19086   16 /var 721287 -rw---   w 7302

Re: pf.conf to only allow port 22, 25 and 80 to my server.

[Daniel Ouellet]

Larry Llong wrote:

this list is no where as bad as people say.


The list is very good and welcoming to users that do their homework and 
try to find the answer first before asking. I think it's even one of the 
best one, if not THE BEST one!


People that told you the list is bad are most likely the one that didn't 
even read the wonderful FaQ to start with and that expected others to 
tell them what to do! I am the lazy King of the Unix, please feed me my 
meat with a spoon...


You will find that more research you do, more welcome you will be and 
more help you will get! In short, if a person don't want to help itself, 
none will jump the cliff to help them, why should they!

Re: Anyone tried a sun fire X2100 server yet?

[Daniel Hartmeier]

We ordered this very box for undeadly. It also took a while to arrive,
but here's a preliminary dmesg (thanks to Kurt Seifried), further tests
to follow (on-board RAID probably not working except for JBOD, second
NIC not seen yet).

Daniel


OpenBSD 3.8-current (GENERIC) #319: Tue Nov  1 13:55:52 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 535265280 (522720K)
avail mem = 447524864 (437036K)
using 13119 buffers containing 53735424 bytes (52476K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Opteron(tm) Processor 146, 2010.54 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
pci0 at mainbus0 bus 0: configuration mode 1
Nvidia nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 Nvidia nForce4 ISA rev 0xa3
Nvidia nForce4 SMBus rev 0xa2 at pci0 dev 1 function 1 not configured
ohci0 at pci0 dev 2 function 0 Nvidia nForce4 USB rev 0xa2: irq 10, 
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Nvidia OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 8 ports with 8 removable, self powered
ehci0 at pci0 dev 2 function 1 Nvidia nForce4 USB rev 0xa3: irq 11
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: Nvidia EHCI root hub, rev 2.00/1.00, addr 1
uhub1: 8 ports with 8 removable, self powered
pciide0 at pci0 dev 6 function 0 Nvidia nForce4 IDE rev 0xf2: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: MATSHITA, DVD-ROM SR-8178, PZ16 SCSI0 
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 7 function 0 Nvidia nForce4 SATA 1 rev 0xf3: DMA
pciide1: using irq 11 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: WDC WD800JD-00LSA0
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide1 channel 1 drive 0: WDC WD800JD-75JNC0
wd1: 16-sector PIO, LBA, 76293MB, 15625 sectors
wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide2 at pci0 dev 8 function 0 Nvidia nForce4 SATA 2 rev 0xf3: DMA
pciide2: using irq 10 for native-PCI interrupt
ppb0 at pci0 dev 9 function 0 Nvidia nForce4 PCI-PCI rev 0xa2
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Nvidia CK804 LAN rev 0xa3 at pci0 dev 10 function 0 not configured
ppb1 at pci0 dev 11 function 0 Nvidia nForce4 PCIE rev 0xa3
pci2 at ppb1 bus 2
ppb2 at pci0 dev 12 function 0 Nvidia nForce4 PCIE rev 0xa3
pci3 at ppb2 bus 3
ppb3 at pci0 dev 13 function 0 Nvidia nForce4 PCIE rev 0xa3
pci4 at ppb3 bus 4
bge0 at pci4 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 
(0x4101): irq 5, address 00:e0:81:58:38:86
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb4 at pci0 dev 14 function 0 Nvidia nForce4 PCIE rev 0xa3
pci5 at ppb4 bus 5
pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00
pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00
pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00
pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
sysbeep0 at pcppi0
uhidev0 at uhub0 port 1 configuration 1 interface 0
uhidev0: Logitech Logitech USB Keyboard, rev 1.10/15.00, addr 2, iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub0 port 1 configuration 1 interface 1
uhidev1: Logitech Logitech USB Keyboard, rev 1.10/15.00, addr 2, iclass 3/0
uhidev1: 3 report ids
uhid0 at uhidev1 reportid 1: input=2, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0
ums0 at uhidev1 reportid 3: 0 buttons and Z dir.
wsmouse0 at ums0 mux 0
dkcsum: wd0 matches BIOS drive 0x80
wd1: no disk label
dkcsum: wd1 matches BIOS drive 0x81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

net.inet.ip.ifq.maxlen and altq's qlimit

[Daniel Melameth]

I'm not certain how they interrelate, but if one is experiencing congestion,
and, as a result, tweaks net.inet.ip.ifq.maxlen to compensate, is safe to
assume that if altq is in use on the same system qlimit should match or be
less than the value of net.inet.ip.ifq.maxlen?  How does one determine the
optimal qlimit value?

 

Thanks.

Re: mysql problem

[Daniel Ouellet]

Marcos Laufer wrote:

Now what?


http://openbsdsupport.org/mysql.htm

Re: mysql problem

[Daniel Ouellet]

Marcos Laufer wrote:

Ok , i had followed the instructions at http://openbsdsupport.org/mysql.htm


Go back and read again many times over until you get it.

You didn't read it and you didn't pay attention to statement in bold 
either. I could tell you what to do to fix it, but then you wouldn't 
learn from it. If it wasn't explain there, I would be happy to tell you, 
but it is there and pretty clear as well.


You get the error #9 that is exactly explain there and instructions on 
how to address that is provided as well.


Read it please and you will see your mistake.

Just a hint in the text:

Remember, if you don't do this, it will use the default class! Same if 
you restart MySQL manually! Class are read and use on login


Hope this help you.

Also, there is reference to man pages there. You looked at them too right?

Best,

Daniel

Re: mysql problem

[Daniel Ouellet]

Marcos Laufer wrote:

Ok , i had followed the instructions at http://openbsdsupport.org/mysql.htm


I also forgot to add this as well in my previous reply, also in the text 
of the document you have been pointed to.


So, be wise and change what you need to change for your setup! But only 
what you need to absolutely change. Don't go nuts and start turning 
knobs left and right. That may well be what you need to do on some other 
Unix, or variations of... But on OpenBSD the default setup is really 
good and is done as such to protect youself. The bottom line is: don't 
change what you don't need to change and know what you do and why!


So, just don't go put big numbers and any numbers anywhere to make it 
work. This will give you more problem in the future. Do what you need to 
do for your setup and just that. And more importantly, learn why you 
need to do them, it will help you in many others situations.


Best,

Daniel

Re: Troubleshooting NFS/SFU

[Daniel Melameth]

On 7/2/07, David Higgs [EMAIL PROTECTED] wrote:

I followed Microsoft's instructions for SFU and found that it worked
quite well if all I cared about was read-only access.  I didn't have
any further success even after installing a bunch of SFU hotfixes
(http://www.duh.org/interix/hotfixes.php).

My troubleshooting seemed to indicate that the write requests were
being denied somewhere inside the kernel, for reasons unknown.  I
didn't have the time or interest to pursue it any further, so I went
back to samba and let the thread die.


I have the exact same issue hereFreeBSD works fine, OpenBSD fails.
I'm new to NFS, so I'm not too clear on the best way to troubleshoot
this further, but if there's someone here who is good with NFS and
cares to resolve the issue on OpenBSD, I'd be happy to work with them.
Details below:


Windows

C:\Users\Daniel\Documentsmount

LocalRemote Properties
-
--
Z:   \\openbsd\home\daniel  UID=-2, GID=-2
   rsize=32768, wsize=32768
   mount=soft, timeout=6.4
   retry=1, locking=no
   fileaccess=644, lang=ANSI
   casesensitive=no
Y:   \\freebsd\usr\home\daniel  UID=-2, GID=-2
   rsize=32768, wsize=32768
   mount=soft, timeout=0.8
   retry=1, locking=no
   fileaccess=644, lang=ANSI
   casesensitive=no


OpenBSD

$ cat /etc/exports
/home/daniel -mapall=daniel -network=192.168.255.224 -mask=255.255.255.224

$ ls -l /home
total 4
drwxr-xr-x  5 daniel  daniel  512 Jul 14 09:54 daniel


FreeBSD

$ cat /etc/exports
/usr/home/daniel -mapall=daniel -network=192.168.255.224
-mask=255.255.255.224

$ ls -l /usr/home
total 2
drwxr-xr-x  2 daniel  daniel  512 Jul 16 07:17 daniel

Re: mysql problem

[Daniel Ouellet]

Marcos Laufer wrote:

When i post a message on the OpenBSD misc list it is because one
of two reasons:


Mostly one looks like.


1) I want to report an error i found while testing OpenBSD, and by
reporting it i might be helping the project, somebody might be able
 to fix it and the OS grows.

2) I could be asking for help to the OpenBSD users, as it was this case.
I know this was not an OpenBSD or MySQL problem, but a
configuration problem , and  maybe some other OpenBSD user might
 have already been there and willing to help other OpenBSD users to
work things out.


And you got a lots of help from many. Just for fun however, I looked to 
see how many times you actually help or reply, versus how many times you 
actually started a tread asking for help, or provided not helpful 
feedback but added to complains:


http://marc.info/?a=11490241131r=1w=2

You do as you see fit, but doesn't look to me a lots of help, but mostly 
request. So, take, but gave back I am not saying I help as much as 
many on this list, some are very, very helpful, but I do my share when I 
know the answer, or can help anyway.



If you are an OpenBSD developer then i must tell you that i understand
your 'I could tell you what to do to fix it, but then you wouldn't learn
from it' attitude .
It's logic to think that developers want users to learn how to handle the OS
and how to properly use it.

If you are not an OpenBSD developer, but an OpenBSD user instead ,
then i must tell you that your 'I could tell you what to do to fix it, but
then you wouldn't learn from it' attitude just sucks.
I was asking for help, i mentioned that this was a production
server with 100 databases on it and i was urged to solve
it fast. That's why i asked help to other OpenBSD users who might have
suffered this problem on a production server and needed to solve it fast.

But i will take a shot and assume you are just another OpenBSD user, just
like me and many others looking for help in this list .
So , Daniel consider this : Next time i ask for help on this list , my post
won't be meant to be answered by you , i now know that you don't have a
helping community spirit but a 'bofh' attitude instead probably due to a
wannabeadeveloper feeling. If you want to help a user to solve his problems
that's just fine, but to talk other users in that tone, to me for example,
i won't allow it.


You got many replies to help you and tell you exactly where to look.

How can it be more specific then that?

You get the error #9 that is exactly explain there and instructions on 
how to address that is provided as well.


In short your calls wasn't use properly. The rest is for you to find why 
in your case.


Your problem was as you explain it to a modification on the
mysqld_safe script, so instead of complaining to me, or others for help 
we extended to you and pointed you where the problem was, may be you 
should kick the head of the admin that actually did something very 
stupid here in the first place by changing application script instead of 
doing a properly done setup!


In the end, it still stand. The error was with not using the class 
properly, period.


I said that it's important to learn from it, then you just learn that 
changing scripts to fix an issue quickly instead of doing the right 
thing will bit you in the future.


Granted as you said it wasn't you, so you got stuck by it, so be it. But 
don't get upset at me for helping you as no one could have told you that 
the problem was in the script changed, but that your setup simply didn't 
use the class properly and that's what the problem was. Up to you to 
find out why in your setup.


Even in the same document I explain how to test the exact error you got, 
error #9 by doing this:


mysqlcheck -m -A -uYourUsers -pYourPassword

If you get the error #9, then you simply don't use that class properly.

I think I provided you as much help as I could possibly have done in 
this instance. It's pretty obvious.


Get upset to the one that did this stupid thing and learn from it.

In the end, you can be upset, but still the document that you read and 
work with still I wrote it and it help you anyway. So, you can say what 
ever you want, I still helped you, even if you don't like it.


But if that make you fell better and relieve your frustrations, sure you 
can get upset at me. I have a pretty think skin and seen way worst as well.


Learn to get upset at the right people.

So, you are welcome!

Best,

Daniel

Re: support for Sun Fire

[Daniel Ouellet]

Toni Mueller wrote:

Hi Mark,

On Tue, 29.05.2007 at 14:13:06 +0100, mark reardon [EMAIL PROTECTED] wrote:

I just got a x2100 M2 from Sun yesterday on a 60 day trial and am having
trouble setting the MTU on one of the bge NICs. Just some initial findings.
Not a big problem for me really.


did you get it to run OpenBSD properly? Which model do you have?


I have one as well. Some results in the archive as well, but my biggest 
griff with it is with the admin console for this unit. Sun really cut 
way to short on it to make if a decent remote admin box. Plus the share 
the BGE with the admin port, instead of the nVidia, witch I could do 
without. The box is not bad, but could be better. It's more expensive, 
but it make me definitely switch to the 4100 instead. I only got one, 
and wouldn't get an other one, unless it's not in a remote setup 
configuration witch is pretty rear these days.


Even the serial console is limited in operation and work until OpenBSD 
start when it goes dead. Then you can do some more from the Ethernet 
port instead, but then if you reboot the box, you loose the admin on the 
Ethernet port and needs to go back to the serial console.


My own feedback is not a top of the line box, but not the worst either. 
Just not as good as it should be for me to recommend it however. It work 
well in some setup, not all.


YMMV,

Daniel

Re: support for Sun Fire

[Daniel Ouellet]

Dag Richards wrote:

I would recommend you take a look at the HP DL360,
one U
hardware raid
and have nice little management interface you can ssh to
which allows pretty complete console access, go into bios, watch boot 
messages, power set the system.


The Sun 4100 is a pretty good one as well. I have a few of them and I am 
happy so far. If you can swing the difference in price however.


The HP-145 M1 and IBM e326, witch both works well, with the IBM giving 
me some minor issues every few months, but looks like it cleared up over 
time with various upgrades.


However, a few more months before I can tell more, but so far looks like 
the Sun 4100 would be my favorite, specially if the built in RAID can be 
maid to work and I know based on the archive that there is/was some work 
done on it.


That's all for my feedback on this.

Best,

Daniel

Re: ral in hostap mode

[Daniel Melameth]

On 7/18/07, Alexey Suslikov [EMAIL PROTECTED] wrote:

Jurjen Oskam wrote:
 At home, I have a wireless access point which is directly connected to rl1.
 To eliminate the access point, I put a wireless PCI card in the machine,
 and configured it for hostap mode.

 A laptop running Linux is the wireless client. When the client associates
 with the ral0 card, the connection is established but has a packetloss of
 about 30%, and a noticeable amount of duplicate packets. When the client
 associates with the wireless access point, the connection has no packetloss
 and no duplicates. (Both tested using ping -f, directly pinging the
 access point and the IP adress on ral0.) I've tried to rule out things
 like distance.

CAVEATS section in ral's man page.

...
The ural driver supports automatic control of the transmit speed in BSS
mode only.  Therefore the use of a ural adapter in Host AP mode is dis-
couraged.
...


AFAIK, this caveat only applies to the USB ural--not the PCI ral.

Jurjen,

Have you tried setting the channel and/or forcing the mode?  I also
have a ral-based AP and while it performs fairly well, its reliability
and consistency does not appear to be as good as the wi-based APs.

Re: Allocate more memory than 512 MB with squid

[Daniel Ouellet]

Patrick Hemmen wrote:
Squid runs under the user _squid and this user is in the login class 
daemon in which the data size is set to infinity. Or do I have to set 
a another capability?


How do you start your squid is the key.

man 5 login.conf
man 8 rc

explain it. Just putting the class there for a specific user doesn't 
make it use it unless you specify that class at the start in your rc.local


It's not for squid, but check the principal and ideas here:

http://openbsdsupport.org/mysql.htm#/etc/login.conf
http://openbsdsupport.org/mysql.htm#/etc/rc.local

You will see that unless you specifically tell it to use it, it will not 
use it and only gets the default class no matter what you put in there.


Hope this help you.

Daniel

Re: VPN site to site with ipsec

[Daniel Ouellet]

sonjaya wrote:

http://www.openbsdsupport.org/vpn-ipsec.html


This is almost 3 years old and there is so many changes, please don't 
follow this on 4.1!


I most likely will remove it if we can get an updated version.


Consider this:

http://www.serverwatch.com/tutorials/article.php/3659686

or

may be this:

http://www.securityfocus.com/infocus/1859

But just read the man page witch will help you much more.

There was major changes to this to make your life much simpler.

Best,

Daniel

Re: VPN site to site with ipsec

[Daniel Ouellet]

sonjaya wrote:

http://www.openbsdsupport.org/vpn-ipsec.html


May be you could also have a look at this nice presentation that show 
many changes done on OpenBSD.


You can start here to see some OpenBSD suggestions, but you can look it 
all as well as it's nice. (;


http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00057.html

Re: Macbook on Openbsd

[Daniel A. Ramaley]

On Wednesday 25 July 2007 01:13, you wrote:
Why would any one use amd64 since it's not even a amd? Is it because
it's a 64bit? Do both amd64 and i386/64bit share so much?

My understanding (and i'm sure someone else will correct me if i'm 
wrong) is that AMD extended their processors with 64-bit instructions. 
This was after Intel released the Itanium, with its own set of 64-bit 
instructions. But for various reasons the Itanium was not a commercial 
success on the desktop market and eventually Intel adopted a slightly 
modified version of AMD's 64-bit instruction set for its desktop chips. 
AMD calls the architecture of its 64-bit chips AMD64 while Intel 
calls it Intel 64. Sometimes both are referred to as x86_64. Since 
AMD and Intel's implementation are very similar, it is possible (and 
very common) for a compiler to generate code that runs on both. Most 
operating systems that run on one run on both, though right now it 
seems most typical to label the architecture as amd64 regardless of 
whether it is running on an AMD or an Intel chip.


Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

Re: Troubleshooting NFS/SFU

[Daniel Melameth]

On a whim I decided to change the transport protocol that the Client
for NFS uses and my problem has gone away.  By default TCP+UDP is
used, but if I set this to just UDP or TCP (via nfsadmin client), and
then restart the Client for NFS service, NFS largely works as
expected--with UDP apparently providing a bit higher throughput over
my WLAN.  I haven't tried changing nfsd's flags on the server side
instead, but this might work as well.

Why TCP+UDP works for FreeBSD is unknown to me, but I'm content now.
I guess it's one of those interoperability issues...

On 7/16/07, Daniel Melameth [EMAIL PROTECTED] wrote:

On 7/2/07, David Higgs [EMAIL PROTECTED] wrote:
 I followed Microsoft's instructions for SFU and found that it worked
 quite well if all I cared about was read-only access.  I didn't have
 any further success even after installing a bunch of SFU hotfixes
 (http://www.duh.org/interix/hotfixes.php).

 My troubleshooting seemed to indicate that the write requests were
 being denied somewhere inside the kernel, for reasons unknown.  I
 didn't have the time or interest to pursue it any further, so I went
 back to samba and let the thread die.

I have the exact same issue hereFreeBSD works fine, OpenBSD fails.
I'm new to NFS, so I'm not too clear on the best way to troubleshoot
this further, but if there's someone here who is good with NFS and
cares to resolve the issue on OpenBSD, I'd be happy to work with them.
 Details below:


Windows

C:\Users\Daniel\Documentsmount

LocalRemote Properties


-
--

Z:   \\openbsd\home\daniel  UID=-2, GID=-2
   rsize=32768, wsize=32768
   mount=soft, timeout=6.4
   retry=1, locking=no
   fileaccess=644, lang=ANSI
   casesensitive=no
Y:   \\freebsd\usr\home\daniel  UID=-2, GID=-2
   rsize=32768, wsize=32768
   mount=soft, timeout=0.8
   retry=1, locking=no
   fileaccess=644, lang=ANSI
   casesensitive=no


OpenBSD

$ cat /etc/exports
/home/daniel -mapall=daniel -network=192.168.255.224 -mask=255.255.255.224

$ ls -l /home
total 4
drwxr-xr-x  5 daniel  daniel  512 Jul 14 09:54 daniel


FreeBSD

$ cat /etc/exports
/usr/home/daniel -mapall=daniel -network=192.168.255.224

-mask=255.255.255.224


$ ls -l /usr/home
total 2
drwxr-xr-x  2 daniel  daniel  512 Jul 16 07:17 daniel

Re: Unstable PPPoE

[Daniel Melameth]

On 7/27/07, Timothy Wilson [EMAIL PROTECTED] wrote:
 I'm having a frustrating problem. My internet is highly unstable when
 using bit torrent. I don't think there's anything special about my
 configuration: my gateway is a craptop with inbuilt Intel ethernet and
 a url0 USB ethernet for the modem. The connection is bridged, using pf
 (obviously) for routing / firewall and kernel PPPoE for dialing via my
 bridged netcomm nb5+.

 Basically, when I try to use bit torrent the connection dies after
 about 20mins. The kernel PPPoE daemon doesn't bring it back up. In
 fact, even doing
 #sh /etc/netstart
 doesn't bring it back up. The only way to bring it back up is via a
 reboot :( Very frustrating. It also takes about 10-15mins to
 reconnect; surely that's a bit too long, even for PPPoE? I know this
 isn't a problem with my ISP as I've always been able to download bt
 stably when I was using the modem in router mode. I thought it might
 have been an MTU problem, but I'm using the mss fix in /etc/pf.conf,
 so I don't think it's that. I played around with a few values just to
 be sure, but I'm open to suggestions.

 dmesg:

 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 url0: usb error on tx: TIMEOUT
 pppoe0: LCP keepalive timeout

Based on your dmesg, it appears this might be related to url0whether
it's the hardware, driver or something associated, I don't know.  You
might want to try another Ethernet connection.  FWIW, I've never been
a fan of USB Ethernet.

Re: pppoe getting limited to 150k/sec?

[Daniel Melameth]

On 8/3/07, M. Parsons [EMAIL PROTECTED] wrote:
 Running Openbsd 4.1 i386 as a firewall/nat box.  I have connected to it a 6
 mbps DSL pppoe connection.

 The pppoe works fine, as do all machines behind the openbsd box, they all
 can max out the 6mbps.

 But, transfers directly on the openbsd box (wget, ftp, whatever) all are
 limited to 150k/sec.  I can run 4 of them at a time to max out the 6 mbps,
 but individually, they never go above 150k/sec.

This is likely a BPD issue--see
http://marc.info/?l=openbsd-miscm=111910098716125w=2 for details.

Anchor File Consolidation

[Daniel Melameth]

I keep my anchor rules in separate files and load them as needed, but I'd
like to get away from this anchor file sprawl.  I understand I can move
all these anchors into pf.conf inline, but doing so causes all of them to be
loaded at startup and this doesn't meet my needs.

 

Perhaps I'm missing something, but, outside of simply tweaking rc to flush
the anchors after pf.conf is loaded, is there a way for me to keep all my
anchors in pf.conf inline, but only have individual anchors load when I want
them to?  Is there a better way to achieve what I want?

 

Thank you.

Re: scp batch mode?

[Daniel A. Ramaley]

On Wednesday 15 August 2007 13:50, you wrote:
How can scp be run without prompting for a password?

Set up ssh shared keys.


Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

Re: dmesg amd64-current on Sun Fire X4600 M2

[Daniel Ouellet]

Rolf Sommerhalder wrote:

Please find below the dmesg of amd64.mp-current (snapshot 23-Aug-2007)
on a Sun Fire X4600 M2 which is equipped with four dual-core Opteron
8220 CPU, 32 GB of RAM and four built-in NICs.


Sadly, the only problem is that you will not be able to use that much 
memory here.

Re: OT Strange Punishment

[Daniel A. Ramaley]

On Tuesday 28 August 2007 10:32, you wrote:
There is a bill before Congress now to roll back patent protection,
notably in the field of software. American users of OpenBSD might
want to follow this struggle, which is running into massive opposition
from non-comp-sci patent holders.

Software patents were just a bad idea to begin with. Patenting numbers 
and algorithms is ridiculous.

I wish i had a patent on determining the total number of objects in a 
set when the numbers of objects in all mutually exclusive subsets of 
the set are known [my lame attempt to translate addition into 
patent-speak]. Imagine how much money i could make if i controlled such 
a basic operation! Oh wait, civilization as we know it would never have 
been able to develop and instead of working a civilized job at a 
computer i'd be in out hunting and gathering or (more likely) wouldn't 
have been born at all.


Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

Re: That whole Linux stealing our code thing

[Daniel A. Ramaley]

On Saturday 01 September 2007 17:49, Rui Miguel Silva Seabra wrote:
On Sat, Sep 01, 2007 at 04:40:53PM -0600, Theo de Raadt wrote:
  Most dictionaries I had at my hand define alternative as choices.
  You can get http://en.wiktionary.org/wiki/alternative

 Wow.  Let's all go practice law with a dictionary.

? But you mentioned dictionaries first...

You do realize that when it comes to legal documents, such as licenses, 
that general-purpose dictionaries are inadequate, right? If you want to 
look up legal terms, you need a law dictionary.

I think that if one is ignorant enough of law that one needs to consult 
a legal dictionary for more than one or two terms in order to 
understand a document, then perhaps it would be best to either do a lot 
of studying to become more knowledgeable, or find someone with more 
legal training to interpret the document. As a layperson with little 
in-depth knowledge of legal code, that's how i see things anyway.


Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

Re: Options for 1U server with watchdog?

[Daniel Ouellet]

K K wrote:

happens on the same approximate schedule.  I suspect a power glitch.


It this is power glitch to the point of affecting your server, wouldn't 
the LOM also show that to you? Then you would know the answer.


lomloghistory
Eventlog:
   +0h35m1s host power on
   +0h37m51s host power off
   +0h0m0s LOM booted
   +0h0m4s host power on
   +279d+16h50m55s host reset
   +279d+17h2m22s host reset
   +279d+17h8m9s host reset
   +298d+18h49m51s host reset
   +298d+18h57m39s host reset
   +298d+19h9m31s host reset

Re: bioctl on X4100 M2

[Daniel Ouellet]

Henning Brauer wrote:

bio is not implemented for mpi (yet).
bioctl in 4.2 onwards shows some inquiry data (vendor model fw serial) 
for non-bio-capable disks. i. e. it falls back from bioctl -i to bioctl 
-q if teh disk doesn't support bio.


Thanks Henning!

Re: bioctl on X4100 M2

[Daniel Ouellet]

Jonathan Gray wrote:

mpi(4) currently has no bioctl support.

The  2 port LSI SAS RAID (mfi(4)) supports bioctl, however
sun don't sell any machines with this interestingly enough.


Thanks! That's what I figure, but wanted to check in case I wasn't 
looking at the right place. Oh well. May be one day. One guy can dream.


Thanks

Re: OT: Sun X4100 M2 management interface out of wack suggestions?

[Daniel Ouellet]

Hi,

Quick updates on this one.

My problem is now solved and I got very nice help from some gentlemen 
working at Sun that step in off list to help me out and all is now 
finally work.


Nice to see some good guys following misc@ and be interested to make 
sure Sun hardware (some of them anyway) works with our favorite OS.


Thanks

Daniel

Re: Show your appreciation and get your 4.2 DVD

[Daniel Ouellet]

On Tue, 11 Sep 2007, Siju George wrote:


Can't find a DVD in

[snip]

As stated in the beginning of this thread,
DVD discs are not available, just CDs in DVD case.


Yes guys. It was my mistake in my Divine Vast Drewling extase of the 
event instead of the Complete Domination release of 4.2. I maid a 
mistake in my emails. I guess when I wrote it, it was to existed and cut 
off on some words.


Excuse my mishaps that so many enjoy pointing out. It was just that a 
mistake.


Never the less, don't let that hold you up and go get your new release 
of your Compete Domination in a Durable Valuable Docket. (;


Best,

Daniel