Re: DadOS - sys shutdown with XDM

[patrick ~]

 The first thing I did was add a flag file to my dad's home directory
 and made sure he cant modify or delete it.

   # touch /home/dad/.xshutdown
   # chown root:wheel /home/dad/.xshutdown
   # chmod 400 /home/dad/.xshutdown


login: dad
password: 
dadsbox $ ls -l .xshutdown
-r1 root wheel   0 Jan  3 11:11 .xshutdown
dadsbox $ mv .xshutdown /tmp
dadsbox $ echo :-)
:-)



Assuming, of course, that /tmp and /home are
one partition.

--patrick

Re: low-MHz server

[patrick]

Have you considered a PowerPC-based machine? They run at lower
frequencies, using less power. Might be something to consider.
Something like an old beige PowerMac 6200 or something from that era.
In Vancouver, we have a Mac consignment shop that always has old
machines like this. Maybe you have something like that out your way.
We actually used such a machine as recent as 2000 to run a pretty
functional web and terminal server. If your wife is comfortable using
Pine or Elm for email, you could easily use a machine like this. (I
believe OpenBSD's PowerPC/RISC support is quite good.)

http://en.wikipedia.org/wiki/Power_Macintosh_6200



On Jan 30, 2008 8:08 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote:

 On Thu, Jan 31, 2008 at 05:14:32AM +0200, Jussi Peltola wrote:
  I haven't had any difficulty finding PII / PPro based HP Netservers that
  are too heavy to carry up the stairs. Any i386 server from that time
  should be pretty reliable if it still works...
 
  Running OpenBSD is a whole another thing. I've found most of the early
  PII servers very quirky, the netservers being a bit less so than some of
  the worst. I'd recommend just carrying a bunch of them home and throwing
  out the useless ones.

 P-II runs too fast.  I'm looking at P or P-Pro (or 486).  I haven't
 found any.  Know of a source of such servers?

 Thanks,

 Doug.

Re: pre-orders

[patrick ~]

OK, I know this is very annoying and lame, but for
whatever reason I'm just very excited about my pre-
order, which I just placed! =)


- 2 Stop Blob! (L)
- 2 OpenBSD 3.9 CD
- 1 Wireframe Daemon Shirt (L, Navy Blue)
- USD small DONATION to the OpenBSD Project


I actually like this art work very much!  Though I
don't yet have a clue as to what it may be about =P

Keep up the great work everyone!

--patrick
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

majordomo archive-index command? (possibly OT)

[patrick ~]

I'm not sure which list would be the proper place for
this question.

I get the pre-dawn digest of the misc list.  Sometimes
I want to reply to a particular post, but since it is in
a digest form, I can't pick a specific post to reply to.

So, I figured that majordomo could possibly have a feature
by which I could get a particular posted message sent
to me individually.

Looking through the Mailing Lists link and clicking
around I go to the page where some of the majordomo
commands are explained[1].

Specifically, I found that the archive-index command
would return me a list of posts with their message
numbers, which I could then use with archive-get
command to retrieve the specific message as a separate
email.

Well, the problem is a) I don't understand these commands
as explained on the help page[1] and/or b) these commands
are not enabled for non-administrative users (as the
respond to my archive-index command states).


Help? :-)


--patrick


[1] 
http://lists.openbsd.org/cgi-bin/mj_wwwusr?user=passw=list=GLOBALfunc=helpextra=archive
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

4 port pf setup - comments?

[patrick ~]

Hi all,

Just wanted some comments on this pf.conf design.  Mostly,
I am hoping a second pair of eyes to spot any major over-sight
on my part.  I've not tested this set-up, yet!  Just some
scratch-pad design/brain-storming.

Thanks :-)
--patrick



# Pseudo PF design:
#
# I'm preparing to replace a current firewall with a PF firewall.
# I've been reading through PF User's Guide again to refresh
# my memory of what can and cannot be done with PF.  The PF
# firewall will have 4 interfaces in bridge mode.  One connects
# to the DSL router. One to the DMZ. One to the LAN and the
# last to the Wireless router (not yet in place -- planned for
# near future).  The last interface will probably need an
# IP since I plan to use IPsec over the wireless (I don't yet
# know much about this process and skipping it in this discussion).
# Potentailly using PF firewall as the access-point (have to
# research this further as well).
#
# I just wanted to present what I'm thinking of doing in semi-
# pseudo PF code, and get your feedback on whether I'm thinking
# through this straight or do I need to adjust my thinking.
#
# Static IP Subnet:
# x.x.x.0/28
# Divided into 4 sections
# a) DSL router
# b) Wifi router (planned for near future with IPsec)
# c) LAN section (workstations, laptops)
# d) DMZ section: servers (www, dns, mail)
#
# DSL Router:
# has a WAN side IP
# has a LAN side IP (x.x.x.1)
#
# PF server:
# has 4 interfaces: a, b, c and d
# 1 static IP on interface b: x.x.x.6 (for IPsec and possibly hostap)
#
# __DMZ__:
# 4 static IPs x.x.x.2-.5
#
# __WIFI__:
# 4 static IPs x.x.x.7-.10
#
# __LAN__:
# 4 static IPs x.x.x.11-.14
#
#
#   /Internet/
#   |
#  [DSL Router]
#   .1  |
#   |
#   __WIFI__   (a) ___DMZ___
#  .7  +++ .2  dns1 / mail1
#  .8  -(b)|   PF|(d)- .3  dns2 / mail2
#  .9   .6 +++ .4  www1
# .10  (c) .5  www2
#   |
#   |
#__LAN__
#.11 .12 .13 .14


dsl_if = de0
dmz_if = ...
lan_if = ...
wifi_if = ath0 # maybe...
 # but maybe xl0 connecting to a port on a wifi router

# Local network
locnet = x.x.x.0/28

# DSL Router
dsl_router = x.x.x.1

# VPN interface for IPsec path for Wifi users (or even as the access-point
# interface)
vpn = x.x.x.6

# DMZ servers
dns1  = x.x.x.2
mail1 = x.x.x.2
dns2  = x.x.x.3
mail2 = x.x.x.3
www1  = x.x.x.4
www2  = x.x.x.5
dmz_grp = { $dns1 $dns2 $www1 $www2 }

# Wifi users
mobile1 = x.x.x.7
mobile2 = x.x.x.8
mobile3 = x.x.x.9
mobile4 = x.x.x.10
wifi_grp = { $mobile1 $mobile2 $mobile3 $mobile4 }

# LAN clients
desk1 = x.x.x.11
desk2 = x.x.x.12
desk3 = x.x.x.13
desk4 = x.x.x.14
lan_grp = { $desk1 $desk2 $desk3 $desk4 }

wifi2net_ports = { 80 443 5190 }
wifi2dmz_ports = { 53 80 }
ping = echoreq

# Shorthand
dns  = { $dns1 $dns2 } port 53
mail = { $mail1 $mail2 } port 25 flags S/SA
www  = { $www1 $www2 } port {80 443} flags S/SA 
keep_sane = keep state (max-src-conn 50, max-src-conn-rate 15/5,  \
overload abusers flush global)

table abusers persist

table spamd persist
table spamd-white persist


set skip on { lo }
set block-policy return

scrub in

rdr pass on $lan_if proto tcp to port ftp - 127.0.0.1 port 8021
rdr pass on $dsl_if proto tcp from spamd to port smtp \
- 127.0.0.1 port spamd
rdr pass on $dsl_if proto tcp from !spamd-white to port smtp \
- 127.0.0.1 port spamd

block in quick from abusers
block all

antispoof quick for { lo }

#--
# Interface a / $dsl_if
# - LAN workstations are trusted more than those on WIFI
pass out on $dsl_if proto {tcp udp} from $lan_grp to any keep state
pass out on $dsl_if proto tcp from $wifi_grp to \
any port $wifi2net_ports keep state
#
# Any traffic coming in on $dsl_if should be destined for DMZ only!
pass in on $dsl_if proto tcp from any to $mail $keep_sane
pass in on $dsl_if proto tcp from any to $www $keep_sane
pass in on $dsl_if proto udp from any to $dns $keep_sane
# Allow pings to DMZ
pass in on $dsl_if proto icmp from any to $dmz_grp icmp-type $ping $keep_sane

#---
# Interface b / $wifi_if
# - Nothing should be connecting to wifi clients
#   (default block all)
# - WIFI group only gets to use DMZ DNS and Web servers (no mail!)
pass in on $wifi_if proto tcp from $wifi_grp to $www keep state
pass in on $wifi_if proto udp from $wifi_grp to $dns keep state
# This should cover any out-bound traffic (to the net)
pass in on $wifi_if from $wifi_grp to !$locnet

#---
# Interface c / $lan_if
# - Nothing should be connecting to lan workstations
#   (default block all)
# LAN workstations should be able to connect to all DMZ servers
pass in on $lan_if from $lan_grp to $dmz_grp keep state
# Covers out-bound

fs block-number (soft) error - uncorrectable/corrected?

[patrick ~]

Hi,

This is the second time I've been seeing this type of
an error:

Mar 27 01:30:47 box /bsd: wd0f:   reading fsbn 3967732 of 3967732-3967735 (wd0
bn 9723412; cn 9646 tn 3 sn 55), retrying
Mar 27 01:30:48 box /bsd: wd0: soft error (corrected)
--
Apr 17 01:30:34 box /bsd: wd0f:  uncorrectable data error reading fsbn 3655388
of 3655388-3655391 (wd0 bn 9411068; cn 9336 tn 6 sn 2), retrying
Apr 17 01:30:36 box /bsd: wd0: soft error (corrected)


wd0f is my /usr partition.


How serious is this?  Should I start looking into a
hard-disk replacement?  Obviously I'm making a back-up
of data files I would like to keep.

This is on OpenBSD 3.7 GENERIC (I'm about to upgrade
it to 3.9).


I noticed (google/MARC searched) that there is no
definitive answer given for this topic.   Some
suggestions that it might be a drive going bad [1].

Wondering if I should simply wait to replace the
drive before upgrading.


Thanks in advance,
--patrick


[1] http://marc.theaimsgroup.com/?l=openbsd-miscm=108121869925371w=2



OpenBSD 3.7-stable (GENERIC) #0: Mon Aug  1 19:32:49 PDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Sempron(tm) Processor 2600+ (AuthenticAMD 686-class) 1.61 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2
real mem  = 536387584 (523816K)
avail mem = 482521088 (471212K)
using 4278 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(6b) BIOS, date 04/08/05, BIOS32 rev. 0 @ 0xfa120
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0xc4b4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc380/288 (16 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 17 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 3 5 10 11 12
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Nvidia nForce3 250 PCI Host rev 0xa1
pcib0 at pci0 dev 1 function 0 Nvidia nForce3 250 ISA rev 0xa2
Nvidia nForce3 250 SMBus rev 0xa1 at pci0 dev 1 function 1 not configured
ohci0 at pci0 dev 2 function 0 Nvidia nForce3 250 USB rev 0xa1: irq 12,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
ohci1 at pci0 dev 2 function 1 Nvidia nForce3 250 USB rev 0xa1: irq 10,
version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 4 ports with 4 removable, self powered
ehci0 at pci0 dev 2 function 2 Nvidia nForce3 250 USB2 rev 0xa2: irq 11
ehci0: EHCI version 1.0
ehci0: companion controllers, 4 ports each: ohci0 ohci1
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: Nvidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub2: single transaction translator
uhub2: 8 ports with 8 removable, self powered
Nvidia nForce3 LAN rev 0xa2 at pci0 dev 5 function 0 not configured
auich0 at pci0 dev 6 function 0 Nvidia nForce3 250 AC-97 Audio rev 0xa1: irq
3, nForce3 AC97
ac97: codec id 0x414c4780 (Avance Logic ALC658)
ac97: codec features 20 bit DAC, 18 bit ADC, No 3D Stereo
audio0 at auich0
pciide0 at pci0 dev 8 function 0 Nvidia nForce3 250 IDE rev 0xa2: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: Maxtor 6Y080P0
wd0: 16-sector PIO, LBA, 78167MB, 160086528 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: _NEC, DVD_RW ND-3540A, 1.01 SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 10 function 0 Nvidia nForce3 250 SATA rev 0xa2: DMA
(unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
pciide1: using irq 11 for native-PCI interrupt
pciide1: channel 0 ignored (not responding; disabled or no drives?)
pciide1: channel 1 ignored (not responding; disabled or no drives?)
ppb0 at pci0 dev 11 function 0 Nvidia nForce3 250 AGP rev 0xa2
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Rage 128 Pro TF rev 0x00
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 14 function 0 Nvidia nForce3 250 PCI-PCI rev 0xa2
pci2 at ppb1 bus 2
xl0 at pci2 dev 7 function 0 3Com 3c905C 100Base-TX rev 0x74: irq 10, address
00:01:02:c2:a1:b9
bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY, rev. 6
pchb1 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00
pchb2 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00
pchb3 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00
pchb4 at pci0 dev 24 function

pf/bridge/routing: packet sent out on wrong interface

[patrick ~]

Hi,

In a previous message (about a week ago?) I mentioned plans
to replace a current firewall with a pf-based one.  I gave
a little outline of things I'd jot down on paper.  Well,
this weekend, I spent some time putting the actual pf.conf
together, and debugging some mistakes (oversights).

Anyway, I got it to a point where I felt confident to do a
test run in production.  I swapped out the production firewall
box with the pf-based one.

I've been monitoring the traffic to see any anomalies, or things
that I may have missed.  Kinda QA-ing if you will.  One thing
I did notice is that my ibook is spewing lots of crap, but this
message isn't about that :)

While monitoring pflog0 I noticed a blocked packet from one of
my web-servers to 68.142.250.133.  I didn't understand why that
was.  So I ran:

# tcpdump -n -e -ttt -r /var/log/pflog host 68.142.250.133 
tcpdump: WARNING: snaplen raised from 96 to 116
Apr 23 19:59:26.010917 rule 2/(match) block out on de2: 68.142.250.133.45648 
a.b.c.d.80: S 3164412190:3164412190(0) win 5840 mss 1460,sackOK,timestamp
103193913[|tcp] (DF)
Apr 23 20:00:59.803910 rule 2/(match) block in on de1: a.b.c.d.80 
68.142.250.133.45648: S 873225897:873225897(0) ack 3164412191 win 5792 mss
1460,sackOK,timestamp 431195378[|tcp] (DF)


Here is my set-up from my earlier post:

#   /Internet/
#   |
#  [DSL Router]
#   .1  |
#   |
#   __WIFI__  (de0)___DMZ___
#  +++ .2  www1
#  --X--(b)|   PF|(de1)--- .3  www2
#   (down) +++ .4  dns1
# (de2).5  mail1
#   |
#   |
#__LAN__
#.11 .12 .13 .14


What I'm confused about is why did the original packet
from 68.142.250.133 try to out on de2 interface and not
on de1 as it should have?


pf-based box is running a 'cvs up -rOPENBSD_3_9 -dP'
build.

All my pf filtering are using pass with tag on entry
interface, then using pass tagged on out-going interfaces.
Blocking by default.  I'm not using any rdr, no nat, etc.

e.g.,

pass in on de0 from any to $web_server port www \
flags S/SA keep state tag NET2DMZ
pass out quick on de1 all keep state tagged NET2DMZ

Nothing is accepted on de0 destined for anything other
than dmz_grp.

Is there more info I can provide?  What else should I
look for?

I obviously have ip forwarding enabled.  All four
interfaces are bridged together, though currently the
wifi interface is disabled.

Is this something I need to use route-to to force
traffic to proper internal interface containing
destination host address?


Any thoughts on the matter are appreciated!
--patrick
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: pf/bridge/routing: packet sent out on wrong interface

[patrick ~]

Since I didn't get any reply, I decided to do more digging
on my own.  Although, I didn't even get my pre-dawn misc
digest either, so maybe something is wrong with the mailing
list(s).

Some more google-ing using different combination of phrases
I go to two threads on obsd-misc and -sparc from a Jim Fron
j-fron {at} q {at} public {at} comcast {dot} net (email
address no longer valid according to comcast).

The issue he was asking help for (and received more responses
than I did) seems pretty similar to that of mine.  In his own
words:

Issue: bridging causes pf to mis-apply frames to
 the wrong interface.

This is back in February '05:

http://article.gmane.org/gmane.os.openbsd.sparc/1751
http://thread.gmane.org/gmane.os.openbsd.sparc/1745/focus=1745


It was a relief to find out I'm not the only one with this
issue.

He mentions having use a patch that helped his issue.  I
assume he means this patch (but not certain):

http://monkey.org/openbsd/archive/misc/0411/msg01560.html

I attempted to email him, but comcast claims to have broken
off with with Jim.  Poor Jim ='(


I don't mind digging in source code at all.  I would, however,
appreciate some pointers as to where to start looking.


Also, my idea of using route-to didn't work quite as expected.
It worked for a while, but when I checked in the morning, I
found that none of the packets would get to the right interface.

I put log statements on all pass rules for packets entering
$dsl_if and destined for $dmz_if.

Then I monitored pflog0 using tcpdump -ne -ttt -i pflog0.  I
would see a DNS lookup come in on $dsl_if and be sent out on
$dmz_if. Great right?  BUT, although, tcpdump on $dsl_if would
show the packet enter, it would show NO activity on $dmz_if!!

I believe there is something seriously wrong with the way the
combination of pf, bridging and routing interact with one
another.

Anyone interested in helping here? I'm obviously volunteering
to be the guinea pig here.

Again system is a freshly installed -rOPENBSD_3_9.


My latest attempt for a solution is to set up static entries
for my servers on $dmz_if using brconfig.  Though I think this
is very hokey as far as solutions go.  I'm monitoring to see
if I see any instances of the issue or any other side-effects
thereof.


--patrick
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: X.Org server security vulnerability

[patrick ~]

Just a thought, but in accordance with FAQ section 5.5
Building X (http://www.openbsd.org/faq/faq5.html#Xbld)

Shouldn't the patch instruct user to cd in /usr/Xbld to
perform the make build?


Best regards,
--patrick


Patch for 002_xorg.patch :-)

--8CUT-8--
--- 002_xorg.patch-orig Wed May  3 00:01:32 2006
+++ 002_xorg.patch  Wed May  3 00:40:26 2006
@@ -1,8 +1,11 @@
 Apply by doing:
-   cd /usr/src/XF4
+   cd /usr/XF4
patch -p0  002_xorg.patch
 
 And then rebuild and install X:
+   test -d /usr/Xbld || \
+   (mkdir -p /usr/Xbld  cd /usr/Xbld  lndir ../XF4)
+   cd /usr/Xbld
make build
 
 Index: xc/programs/Xserver/render/mitri.c

--8CUT-8--








--- Peter Valchev [EMAIL PROTECTED] wrote:

 A security vulnerability has been found in the X.Org server --
 CVE-2006-1526. Clients authorized to connect to the X server are able to
 crash it and to execute malicious code within the X server.
 
 Patches for the respective releases:
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/002_xorg.patch
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/007_xorg.patch
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/013_xorg.patch
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: PS/2 keyboard failing on generic MP-kernel (Dell SC1425)

[patrick ~]

  Looks like bug in BIOS. Some motherboards affected but some not.
  
  I saw this on Dual P3 Supermicro motherboards on versions earlier
  than 3.9. I see some people on misc@ experiencing similar trouble
  
  http://marc.theaimsgroup.com/?l=openbsd-miscm=114656073922504w=2
  http://marc.theaimsgroup.com/?l=openbsd-miscm=110540231317022w=2
  
  IMO, it is cheaper to buy USB-keyboard than working around bugs in
  some vendors' BIOS code.
  
  Or maybe if some other people with such problem will speak up, we
  can go further and fix it...

FWIIW,

The first link to marc is my post about a dual PIII Xeon.  I
don't think the problem is from a BIOS problem since the
keyboard worked fine with the /bsd image.  It only stopped
responding after I booted using the /bsd.mp image.

As I mentioned in my post, there may be a problem with the
motherboard since I noticed some problems/flakiness with the
CDRom drive as well during installation procedure.

I do recall that after another reboot the keyboard did
start to work once again.

Since then I have removed the installed video and sound
cards from this server.  Hence, no keyboard is attached
at the moment either.

Since I suspect something might be wrong with mobo, I
didn't go further with testing/trouble-shooting it.

--patrick
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Monitor not suspending? (Xorg, DPMS, OBSD 3.9)

[patrick ~]

Greetings,

This may just be a problem with my video card, but
I thought I'd ask since I couldn't find a definitive
answer from googling.

I noticed that none of the DPMS settings (Standby,
Suspend nor Off) would take effect at their designated
time periods.  In short, X wouldn't shut-off my monitor.

Now I used to have a Linux system connected to this
monitor, and I am 100% positive with DPMS enabled, my
monitor would shut-off at the proper/expected time.


The interesting bit is that even though the monitor
isn't shutting down, X seems to pause (for a lack
of better term).  I can explain it this way:

For example, if I lock the terminal using:

$ xlock -mode marquee

Marquee uses fortune to put up text on the screen (if
you didn't know this).  After some time passing, with
no interaction with the system via keyboard or mouse,
the marquee would get stuck, or pause mid-sentence:

e.g.,

The opposite of a profound truth may well be ano


However, if you were to move the mouse the fortune
would continue from where it had paused (and this
could be many hours after its original pause time):


...ther profound truth.
 -- Bohr


I'd like to clarify that this is not an xlock issue,
since the screen doesn't blank even if I don't run
xlock.


Since I produce this on two different DPMS aware monitors,
I can only consider either of the following: OpenBSD's
Xorg release or the video card.


Anyone else experience similar issues?  If not, does
anyone know whether an ATI Rage 128 Pro video card
is DPMS capable? I couldn't find my answer using google.
Since there are so many posts of X{,org}.0.log out on
the net, searching using the DPMS as a keyword isn't
very effective.

TIA

--patrick


ps., I also cron'ed a script that would print `date'
and `xset -q | grep -A 1 -i dpms' into a file every
5 minutes.  The output indicates that X is in fact
thinking (or being lead to believe) the monitor is
in fact transitioning though each of the states,
while in reality, the monitor is still on :-)


$ cat dpms_test.out

Fri Sep 29 23:05:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is On


Fri Sep 29 23:10:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is On


Fri Sep 29 23:15:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is On


Fri Sep 29 23:20:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is On


Fri Sep 29 23:25:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is On


Fri Sep 29 23:30:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is On


Fri Sep 29 23:35:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is On


Fri Sep 29 23:40:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is in Standby


Fri Sep 29 23:45:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is in Standby


Fri Sep 29 23:50:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is in Standby


Fri Sep 29 23:55:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is in Standby


Sat Sep 30 00:00:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is in Standby


Sat Sep 30 00:05:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend: 1800Off: 2400
  DPMS is Enabled
  Monitor is in Standby


Sat Sep 30 00:10:01 PDT 2006
DPMS (Energy Star):
  Standby: 1200Suspend

Re: Monitor not suspending? (Xorg, DPMS, OBSD 3.9) [solved]

[patrick ~]

Just thought I'd reply to the list, as this may serve
someone else in the future.

The problem was user configuration error (or it seems).

After some more googling and reading more man pages, I
wondered about the following suggestion in xorg.conf(5):


Options
Some Option flags that may be useful to include in
Monitor sections (when needed) include DPMS, and
SyncOnGreen.


So I thought I would give it a go since I had nothing
to lose.  Well, putting 'Option DPMS' in the Monitor
section of my xorg.conf file and restarting X seems to
have done the trick.

I don't understand why though, since 'xset q' was
reporting that DPMS was enabled prior to this change.


Cheers




--- patrick ~ [EMAIL PROTECTED] wrote:

 Greetings,
 
 This may just be a problem with my video card, but
 I thought I'd ask since I couldn't find a definitive
 answer from googling.
 
 I noticed that none of the DPMS settings (Standby,
 Suspend nor Off) would take effect at their designated
 time periods.  In short, X wouldn't shut-off my monitor.
 
 Now I used to have a Linux system connected to this
 monitor, and I am 100% positive with DPMS enabled, my
 monitor would shut-off at the proper/expected time.
 
 
 The interesting bit is that even though the monitor
 isn't shutting down, X seems to pause (for a lack
 of better term).  I can explain it this way:
 
 For example, if I lock the terminal using:
 
 $ xlock -mode marquee
 
 Marquee uses fortune to put up text on the screen (if
 you didn't know this).  After some time passing, with
 no interaction with the system via keyboard or mouse,
 the marquee would get stuck, or pause mid-sentence:
 
 e.g.,
 
 The opposite of a profound truth may well be ano
 
 
 However, if you were to move the mouse the fortune
 would continue from where it had paused (and this
 could be many hours after its original pause time):
 
 
 ...ther profound truth.
  -- Bohr
 
 
 I'd like to clarify that this is not an xlock issue,
 since the screen doesn't blank even if I don't run
 xlock.
 
 
 Since I produce this on two different DPMS aware monitors,
 I can only consider either of the following: OpenBSD's
 Xorg release or the video card.
 
 
 Anyone else experience similar issues?  If not, does
 anyone know whether an ATI Rage 128 Pro video card
 is DPMS capable? I couldn't find my answer using google.
 Since there are so many posts of X{,org}.0.log out on
 the net, searching using the DPMS as a keyword isn't
 very effective.
 
 TIA
 
 --patrick
 
 
 ps., I also cron'ed a script that would print `date'
 and `xset -q | grep -A 1 -i dpms' into a file every
 5 minutes.  The output indicates that X is in fact
 thinking (or being lead to believe) the monitor is
 in fact transitioning though each of the states,
 while in reality, the monitor is still on :-)

[snip...]
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Hard drive going bad? or something else? (obsd4.0)

[patrick ~]

I just finished installing OpenBSD 4.0 on a
machine of mine.  After installation first
thing I did was to get some ports installed.
First post was PostgreSQL.  Running 'make build'
failed with an error pointing in configure
script.  I looked at it to see if it was the
patch process that messed up or not.  I couldn't
be too sure.  I did a 'make clean' and started
the build over again.  This time configure
went on and the build process began, but soon
after failed again with:

cc -O2 -pipe -Wall -Wmissing-prototypes -Wpointer-arith -Winline -Wendif-labels
-fno-strict-aliasing -fpic -DPIC -I../../../../../../src/include
-I/usr/include/kerberosV  -c -o utf8_and_gb18030.o utf8_and_gb18030.c
In file included from utf8_and_gb18030.c:17:
../../Unicode/gb18030_to_utf8.map:29313: error: syntax error before '{' token
gmake[3]: *** [utf8_and_gb18030.o] Error 1
gmake[3]: Leaving directory
`/usr/ports/databases/postgresql/w-postgresql-8.1.4/postgresql-8.1.4/src/backend/utils/mb/conversion_procs/utf8_and_gb18030'
gmake[2]: *** [all] Error 2



I thought that was strange.  This wasn't one
of the patched files.

I wondered if something might be wrong with
the dist-file.  I untared it in my home dir
and ran a recursive 'diff -qr' on both dirs
and found a handful of files different.

I did a manual diff on these files and strange
difference appear (see pasted output at end
of message).

So, I untared the dist-file again in my home
dir, in a different dir and ran the diff -rq
on the two virgin directories in my home.
Again a few files came up different.

I checksums on the dist-file are matching fine,
so it isn't the source of the problem.

I've not see this type of problem before, so I
turn to you guys.  Is this a sign that maybe
a drive is going bad?  Or sign of bad memory?

What's going on here!?  I know it is almost
Halloween and all, but this is kinda _spooky_
to say the least.


Idea? Please? :-)



gmake[3]: Leaving directory
`/usr/ports/databases/postgresql/w-postgresql-8.1.4/postgresql-8.1.4/src/backend/utils/mb/conversion_procs/utf8_and_euc_tw'
gmake[3]: Entering directory
`/usr/ports/databases/postgresql/w-postgresql-8.1.4/postgresql-8.1.4/src/backend/utils/mb/conversion_procs/utf8_and_gb18030'
cc -O2 -pipe -Wall -Wmissing-prototypes -Wpointer-arith -Winline -Wendif-labels
-fno-strict-aliasing -fpic -DPIC -I../../../../../../src/include
-I/usr/include/kerberosV  -c -o utf8_and_gb18030.o utf8_and_gb18030.c
In file included from utf8_and_gb18030.c:17:
../../Unicode/gb18030_to_utf8.map:29313: error: syntax error before '{' token
gmake[3]: *** [utf8_and_gb18030.o] Error 1
gmake[3]: Leaving directory
`/usr/ports/databases/postgresql/w-postgresql-8.1.4/postgresql-8.1.4/src/backend/utils/mb/conversion_procs/utf8_and_gb18030'
gmake[2]: *** [all] Error 2


--- src/backend/utils/mb/Unicode/gb18030_to_utf8.mapSat Aug 23 22:18:04
2003
+++
/home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode//gb18030_to_utf8.map
   Sat Aug 23 22:18:04 2003
@@ -29309,9 +29309,8 @@ static pg_local_to_utf LUmapGB18030[ 633
   {0x8134a137, 0xe19895},
   {0x8134a138, 0xe19896},
   {0x8134a139, 0xe19897},
-  {0x8134a230, 0xe19898
-  {0x8134a136, 0xe19894},
- 
+  {0x8134a230, 0xe19898},
+  {0x8134a231, 0xe19899},
   {0x8134a232, 0xe1989a},
   {0x8134a233, 0xe1989b},
   {0x8134a234, 0xe1989c},

$ ls -l src/backend/utils/mb/Unicode/gb18030_to_utf8.map
-rw-r--r--  1 root  wheel  1547811 Aug 23  2003
src/backend/utils/mb/Unicode/gb18030_to_utf8.map

$ ls -l
/home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode//gb18030_to_utf8.map
-rw-r--r--  1 sidster  sidster  1547811 Aug 23  2003
/home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode//gb18030_to_utf8.map


$ md5 src/backend/utils/mb/Unicode/gb18030_to_utf8.map
/home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode//gb18030_to_utf8.map
MD5 (src/backend/utils/mb/Unicode/gb18030_to_utf8.map) =
c38472696883c20280cabe6aa122d1ac
MD5 (/home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode/) =
d41d8cd98f00b204e9800998ecf8427e


$ diff -qr . /home/sidster/src/postgresql-8.1.4/ | grep -v ^Only
diff -qr ./config/config.sub
/home/sidster/src/postgresql-8.1.4/config/config.sub
Files ./config/config.sub and
/home/sidster/src/postgresql-8.1.4/config/config.sub differ
diff -qr ./configure /home/sidster/src/postgresql-8.1.4/configure
Files ./configure and /home/sidster/src/postgresql-8.1.4/configure differ
diff -qr ./src/Makefile.shlib
/home/sidster/src/postgresql-8.1.4/src/Makefile.shlib
Files ./src/Makefile.shlib and
/home/sidster/src/postgresql-8.1.4/src/Makefile.shlib differ
diff -qr ./src/backend/po/ru.po
/home/sidster/src/postgresql-8.1.4/src/backend/po/ru.po
Files ./src/backend/po/ru.po and
/home/sidster/src/postgresql-8.1.4/src/backend/po/ru.po differ
diff -qr ./src/backend/utils/mb/Unicode/gb18030_to_utf8.map
/home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode/gb18030_to_utf8.map
Files ./src/backend/utils/mb/Unicode/gb18030_to_utf8.map and

Re: Hard drive going bad? or something else? (obsd4.0)

[patrick ~]

Thanks for the insightful info. Yes, as another
user had suggested privately, I was running
memtest86 since pretty much my post last night
(early morning).

Thus far 16 passes, running almost 17 hours and
no errors.  Although, I know, and as you pointed
out, no errors doesn't really rule out bad memory
module(s).

I'm going to try swapping out modules, maybe I'll
get lucky.



--- Marcus Watts [EMAIL PROTECTED] wrote:

  I've not see this type of problem before, so I
  turn to you guys.  Is this a sign that maybe
  a drive is going bad?  Or sign of bad memory?
  
  What's going on here!?  I know it is almost
  Halloween and all, but this is kinda _spooky_
  to say the least.
  
  
  Idea? Please? :-)
 
 Hard drives contain lots of moving parts, a known reliability risk.
 Therefore most if not all modern hard disks and associated logic
 contain more or less elaborate internal self-checking logic to detect
 failing media, failing spindle motor, failing head positioning
 mechanism, over and under voltage, bus driver failure, etc.  Most of
 these will result in kernel messages and/or other obvious signs of
 system distress.  Your dmesg (assuming it was done after the failed
 build) doesn't show any evidence of such problem, so there's no reason
 to suspect a hard disk going bad.
 
 More likely possibilities are bad memory, a bad motherboard,
 incompatible memory, bad disk controller, mis-configured bus speeds,
 environmental problem, or possibly but less likely, a bad cpu.  Memory
 is simple: if you buy a consumer grade home machine, you get memory
 that has no self-check logic.  A chip going bad could well produce the
 problems you show below.  A server class machine will nearly always
 contain ECC memory.  A few companies (Dell, Sun) also make commercial
 grade desktop machines, which usually also contain ECC.  Note that
 most home computer stores and even many professionals don't understand
 or value ECC memory, and will steer you away from such technology.
 
 If it's memory, even without self-check logic that may still be easy to
 see if it's broken.  memcheck86+ has a good reputation.  This is a
 stand-alone program, which you can leave running overnight.  If it
 fails memcheck86+, then the problem is obvious.  If it passes, the
 memory is still not in the clear; for instance, it's in theory possible
 for the memory to fail when accessed by DMA but not by the processor.
 If you can get the memory to fail more or less predictably, and you
 have multiple memory modules, you may be able to play remove  swap
 games to identify which module is bad.  Check your hardward doc first -
 on some systems, modules may need to be paired in some particular
 fashion.
 
 It is certainly worth checking your machine for obvious physical
 problems.  For instance, check air paths to ensure they aren't
 blocked.  Be suspicious of burning smells, obvious heat, excessive fan
 noise, or lack of distinct air flow.  Check the inside of the machine.
 Is there excessive dust build-up?  Are the fan blades clean?  Do the
 fans spin very smoothly and fairly freely?  Are the cables in the way?
 Are there any loose cables?  Loose boards?  Bad solder joints or
 cracks?  (On most modern motherboards, it's not worth spending much
 time checking this if it's not easy to get to; removing the motherboard
 may itself cause damage, and even a large crack sufficient to produce
 complete failure may be nearly impossible to spot).  Other signs of
 physical distress?  Ideally you want your machine to be in a
 climate-controlled environment comfortable to people.  Dust, very dry
 air, excessive moisture, temperature cycles, etc. are all bad.
 Electrically conductive dust can become particularly exciting.
 
 An older or fancier machine may have a separate disk controller, in
 which case if you have a spare it may be worth swapping.  Your machine
 is probably not one of these.
 
 On many newer machines, the BIOS can contain settings which alter the
 speed or timing of various bus components.  Getting this wrong can
 produce subtle weirdness, or obvious and drammatic signs of failure.
 It may take a while for subtle weirdness to manifest itself in any
 obvious fashion.  If you have ECC memory, make sure the bios knows that.
 
 Sorting all this out can take time.  If the machine is an older one, it
 may be cheaper to replace it than figure out what failed.
 
 Also, in case you missed it, building large software packages is
 an excellent way to burn a new machines in or establish
 that an existing machine is reliable.  :-)
 
   -Marcus


 

Get your email and see which of your friends are online - Right on the New 
Yahoo.com 
(http://www.yahoo.com/preview) 

failedlogin

[patrick ~]

Greetings,

This is on a 4.0 test system.  I'm preping it
to move over a 3.9 system.  It was cvs updated
to -rOPENBSD_4_0 and new kernel then system
built.

Noticed that /var/log/failedlogin grew from 0
bytes to 304304 bytes.

I couldn't find much about the file. Some googling
brings some AIX related pages.  One reference to
3.7 COLUG[0] post.

A search in misc@ list on MARC doesn't really show
much either.  A few references between 2001-2004.

I don't see any tool that will display the contents
of it either.

Here is a hex dump of it:

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
74 74 79 43 30 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
00 00 00 00 00 00 00 00 20 58 5d 45 00 00 00 00


-rw---  1 root  wheel  304304 Nov 16 22:35 failedlogin


Mainly empty with only a reference to:

ttyC0
 X]E


Could someone give me some pointers please?

TIA.




[0] http://www.colug.net/pipermail/colug432/2005-September/001405.html


 

The all-new Yahoo! Mail beta
Fire up a more powerful email and get things done faster. 
http://new.mail.yahoo.com

Xft font rendering extremely slow

[Patrick]

I recently configured urxvt to use an Xft font, specifically
LucidaTypewriter. I noticed after doing so that font rendering is
extremely slow -- Page-Down'ing a manpage takes 25% of the CPU,
whereas using the Fixed font uses 0% of the CPU. Also, when conky is
configured to use an Xft font, it uses about 4% of the CPU (0% when
using the Fixed font). Navigating a web-page that uses an Xft font
gives major lag.

Why is this? I'm using OpenBSD 4.3. I can provide a dmesg by request.

Samsung (SH-S182M) DVD/CD-R burn/read-back issue

[patrick ~]

Greetings,

Early October I bought this Samsung DVD/CD burner [1]
(OEM) from newegg.  I put in a computer I was going
to put 4.0 on.

After installing 4.0 and updating source with cvs
-rOPENBSD_4_0 I made a release.  I attempted to burn
a CD so I can use for upgrading my other i386 systems
as well.

I built cdrtools from ports.  After burning a CD-R
I couldn't boot from it.  I tried another CD-R and
same problem.  Tried yet a 3rd one and had the same
problem.

I mounted the CD and I could list contents of the
CD, but couldn't read back contents of any of the
files.

e.g.,

  $ cat /mnt/cd/4.0/i386/CKSUM
  cat: /mnt/cd/4.0/i386/CKSUM: Input/output error

(also see tail of dmesg [2])

I got curious.  I took the ISO image I used to burn
the CD-R to a 3.9 box I have and used it to burn a
CD-R and that one works just fine.

I thought maybe something wrong with the burner.
Called newegg they sent me a new one after I sent
mine back.  It took me a while but I finally got
motivated enough to go through the same exercise
over again.  But have the same exact problem.  I
burn a CD-R but unable to read-back data.


I'd appreciate any ideas anyone may have on this.
Otherwise, I'm tossing this item and getting me
another non-Samsung equivalent.

TIA,
--patrick



[1] SAMSUNG|SH-S182M
http://www.newegg.com/Product/Product.asp?Item=N82E16827151136

[2]
OpenBSD 4.0-stable (GENERIC) #0: Wed Dec 13 02:11:04 PST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Sempron(tm) Processor 2600+ (AuthenticAMD 686-class, 128KB L2
cache) 1.61 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2
real mem  = 536375296 (523804K)
avail mem = 481329152 (470048K)
using 4256 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(6b) BIOS, date 04/08/05, BIOS32 rev. 0 @ 0xfa120,
SMBIOS rev. 2.2 @ 0xf (34 entries)
bios0: http://www.abit.com.tw/ NF8/NF8-V (nVidia nForce3 250GB)
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xc4b4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc380/288 (16 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 17 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 3 5 10 11 12
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xcc000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 NVIDIA nForce3 250 PCI Host rev 0xa1
pcib0 at pci0 dev 1 function 0 NVIDIA nForce3 250 ISA rev 0xa2
nviic0 at pci0 dev 1 function 1 NVIDIA nForce3 250 SMBus rev 0xa1
iic0 at nviic0
unknown at iic0 addr 0x2e not configured
iic1 at nviic0
ohci0 at pci0 dev 2 function 0 NVIDIA nForce3 250 USB rev 0xa1: irq 12,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
ohci1 at pci0 dev 2 function 1 NVIDIA nForce3 250 USB rev 0xa1: irq 10,
version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 4 ports with 4 removable, self powered
ehci0 at pci0 dev 2 function 2 NVIDIA nForce3 250 USB2 rev 0xa2: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 8 ports with 8 removable, self powered
nfe0 at pci0 dev 5 function 0 NVIDIA nForce3 LAN rev 0xa2: irq 12, address
00:50:8d:7c:06:8c
ciphy0 at nfe0 phy 1: Cicada CS8201 10/100/1000TX PHY, rev. 3
auich0 at pci0 dev 6 function 0 NVIDIA nForce3 250 AC97 rev 0xa1: irq 3,
nForce3 AC97
ac97: codec id 0x414c4780 (Avance Logic ALC658 rev 0)
ac97: codec features 20 bit DAC, 18 bit ADC, No 3D Stereo
audio0 at auich0
pciide0 at pci0 dev 8 function 0 NVIDIA nForce3 250 IDE rev 0xa2: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: IC35L120AVVA07-0
wd0: 16-sector PIO, LBA, 117799MB, 241252607 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CD/DVDW SH-S182M, SB02 SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 10 function 0 NVIDIA nForce3 250 SATA rev 0xa2: DMA
pciide1: using irq 11 for native-PCI interrupt
ppb0 at pci0 dev 11 function 0 NVIDIA nForce3 250 AGP rev 0xa2
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Rage 128 Pro TF rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 14 function 0 NVIDIA nForce3 250 PCI-PCI rev 0xa2
pci2 at ppb1 bus 2
xl0 at pci2 dev 7 function 0 3Com 3c905C 100Base-TX rev

qualcom gobi 2000 support

[patrick]

Can someone share some information on the support of the qualcom gobi 2000 mini 
pci express card in openbsd?
Kind regards

Firewall: Where is the bottleneck?

[Patrick]

Hi,

I use a OpenBSD based firewall (version 5.2, I know I should upgrade but ...) 
between a 8 host cluster of Linux server and 300 clients which will access this 
clutser via VNC. Each server is connected with one gigabit port to a dedicated 
switch and the firewall has on each site one gigabit (dedicated switch and 
campus network).

The users complains about slow VNC response times (if I connect a client system 
to the dedicated switch, the access is faster, even during peak hours), and the 
admins of the cluster blame my firewall :(.

I use MRTG for traffic monitoring (data retrieves from OpenBSD in one minute 
interval) and can see average traffic of 160 Mbit/s during office hours and 
peaks and 280 Mbit/s. With bwm-ng and a five second interval I can see peaks 
and 580 Mbit/s. The peak packets per second is arround 8 packets (also 
measured with bwm-ng). The interrupt of CPU0 is in peak 25%. So with this data 
I don't think the firewall is at the limit, I'm right?

The server is a standard Intel Xeon (E3-1220V2, 4 Cores, 3.10 GHz) with 4 GByte 
of memory and 4 1 Gbit/s ethernet cooper Intel nics (driver em).

Where is the problem? Can't the nics handle more packets/second? How can I 
check for this?

If I connect a client system directly to the dedicated system, the response 
times are better.

Thanks for your help,
Patrick

Re: Firewall: Where is the bottleneck?

[Patrick]

Hi Hrvoje,

nestat -i shows nothing special.

NameMtu   Network Address  Ipkts IerrsOpkts Oerrs Colls
lo0 33152 Link   91235 091235 0 0
lo0 33152 localhost/1 localhost91235 091235 0 0
lo0 33152 fe80::%lo0/ fe80::1%lo0  91235 091235 0 0
lo0 33152 localhost   localhost91235 091235 0 0
em0 1500  Link  00:25:90:a6:08:52 16371757334772 297519394073 
0 0
em0 1500  megagw06a.o megagw06a.ohb-sys 16371757334772 297519394073 
0 0
em0 1500  fe80::%em0/ fe80::225:90ff:fe 16371757334772 297519394073 
0 0
em1 1500  Link  00:25:90:a6:08:53 297512809627   489 163342615216 
0 0
em1 1500  10.242.13/2 10.242.13.1   297512809627   489 163342615216 
0 0
em1 1500  fe80::%em1/ fe80::225:90ff:fe 297512809627   489 163342615216 
0 0
em2*1500  Link  00:25:90:a6:08:540 00 0 0
em3*1500  Link  00:25:90:a6:08:550 00 0 0
enc0*   0 Link   0 00 0 0
pflog0  33152 Link   0 0 146527095 0 0

I will try to have a maintenance window for the upgrade.

Thanks for the help,
Patrick

Am 04.11.2014 um 23:22 schrieb Hrvoje Popovski hrv...@srce.hr:

 out of curiosity, could you post netstat -i
 
 if you can, why don't you upgrade bios and install openbsd 5.6

Re: Problems building userland

[Patrick]

Josh Grosse  jggimi.homeip.net> writes:

> 
> On Sat, Sep 19, 2015 at 10:35:07AM -0500, Amit Kulkarni wrote:
> > Hello,
> > 
> > How are you guys able to build userland? I double-checked that the
> > 
> >
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/Makefile?rev=1.125=text/plain
> > 
> > is still referring to ${SUDO}
> > 
> > here is the result.
> > 
> > # make build
> > cd /usr/src/share/mk && exec /usr/bin/sudo -E make install
> > /bin/sh: /usr/bin/sudo: not found
> > *** Error 127 in /usr/src (Makefile:75 'build')
> > 
> > Thanks
> > 
> 
> The sudo application moved from built-in to ports.  See the details in
> the Following -current FAQ:
> 
> http://www.openbsd.org/faq/current.html#20150703
> 
> Greetings I use the FAQ 5.3.5 to build userland 
it works on amd64 and i386
5.3.5 - Building the userland
There is a specific process used by OpenBSD. Processes used on other OSs you
may have been familiar with will most likely not work on OpenBSD, and will
get you laughed at when you ask why.

Clear your /usr/obj directory and rebuild symbolic links:

# rm -rf /usr/obj/*
# cd /usr/src
# make obj

Note that the use of the /usr/obj directory is mandatory. Failing to do
this step before building the rest of the tree will likely leave your src
tree in bad shape.

Make sure all the appropriate directories are created.

# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs

Build the system:

# cd /usr/src
# make build

This compiles and installs all the "userland" utilities in the
appropriate order. This is a fairly time consuming step -- a very fast
machine may be able to complete it in well under an hour, a very slow
machine may take many days. When this step is complete, you have newly
compiled binaries in place on your system. 
>> cheers

Re: OpenBSD on Fiber

[Patrick]

I understand the fact about an dedicated server and the fact that not
ervery speedtest is the same. But there is another angle. I have installed
FreeBSD with the same specs and also a PF enabled and in testing its is
much better. I have also a VPS in a DC normal the speeds is average 48 and
with OpenBSD it is average 17. So is there a good explanation for this?

On Sunday, August 30, 2015, Vivek Vinod vi...@icanconnect.com wrote:

 I run a miniscule ISP. Speed tests are flawed. Depends on which ones you
 are running - they basically download a file (typically 2 to 10 MB) and
 determine how much time that took. Then they report the mbps.

 Issues like latency are almost never taken into account when reporting
 these tests. It totally depends on how far your speedtest server is.
 Internet is much more than just the thickness of your pipe.

 Also, apologies for assuming you don't know‎, but Internet speeds
 (throughput) are in mega bits per second and not mega bytes per second.

 Vivek

 Sent from my BlackBerry 10 smartphone.
   Original Message
 From: Patrick‎
 Sent: Sunday 30 August 2015 23:39
 To: misc@openbsd.org javascript:;‎
 Subject: OpenBSD on Fiber

 Hello,

 I have a fiber internet connection with 500Mbs download and 500Mbs upload.
 I installed a long time ago a firewall with OpenBSD 5.5 with routing and
 PF. But after a speedtest the line is stuck at around 200Mbs. Even when i
 download a test bin the speed is around 17Mbs. After this experience i had
 FreeBSD installed which doing fine with my fiber network. I have tested 5.6
 and 5.7 and even 5.8 for testing any improvements in the network speed.
 Does anybody now what can cause this problem? Below i have my specs posted:

 *Hardware / OS*
 HP DL380 G6
 vSphere ESXI 6 (Updated to last patches)

 *VM*
 Virtual Machine 11 (Also tried 8)
 Type: Other 32Bit / Other 64Bit And FreeBSD 64bit same results
 1 CPU  1 core
 4GB

 *What i have tried (This all had no results)*
 Upgrade the virtual machine hardware.
 Forward the network cards from pci slots to the VM
 Different ethernet adapters, VMXNET3 is still the best which is getting the
 highest speeds.
 Add system tweaks in sysctl.conf  disabling PF
 Use other versions of OpenBSD 32Bit / 64Bit.

 Best Regards,

 Patrick



--
Met vriendelijke groet,

*Patrick Koreneef*

T: +316-40951631
E: patr...@natpnk.nl

Re: OpenBSD on Fiber

[Patrick]

Met vriendelijke groet,

*Patrick Koreneef*

T: +316-40951631
E: patr...@natpnk.nl


On 30 August 2015 at 23:28, Patrick patr...@natpnk.nl wrote:

 So upgrade righ now.
 I am currently runnig 5.8

 What does download a test bin mean, exactly?
 A 1000mb.bin with zero's to test the download speed for a DC

 Meaning what, exactly?
 After removing OpenBSD and install FreeBSD the speeds where normal for my
 internet connection

 What problem?
 I willing to know what can cause this network speed lag

 What i mean with the hardware version is the hardware version in ESXI.

 PS: I am a system engineer in daily life.



 Met vriendelijke groet,

 *Patrick Koreneef*

 T: +316-40951631
 E: patr...@natpnk.nl


 On 30 August 2015 at 23:20, Jan Stary h...@stare.cz wrote:

  I have a fiber internet connection with 500Mbs download and 500Mbs
 upload.
  I installed a long time ago a firewall with OpenBSD 5.5 with routing and
  PF.

 So upgrade righ now.

  But after a speedtest the line is stuck at around 200Mbs. Even when i
  download a test bin the speed is around 17Mbs.

 What does download a test bin mean, exactly?

  After this experience i had
  FreeBSD installed which doing fine with my fiber network.

 Meaning what, exactly?

  I have tested 5.6
  and 5.7 and even 5.8 for testing any improvements in the network speed.
  Does anybody now what can cause this problem?

 What problem?

  *Hardware / OS*
  HP DL380 G6
  vSphere ESXI 6 (Updated to last patches)
 
  *VM*
  Virtual Machine 11 (Also tried 8)
  Type: Other 32Bit / Other 64Bit And FreeBSD 64bit same results
  1 CPU  1 core
  4GB

 Ah, so you are not really running OpenBSD.
 The first and obvious thing to try
 is to run OpenBSD on the HW itself.

  *What i have tried (This all had no results)*
  Upgrade the virtual machine hardware.
  Forward the network cards from pci slots to the VM
  Different ethernet adapters, VMXNET3 is still the best which is getting
 the
  highest speeds.
  Add system tweaks in sysctl.conf  disabling PF
  Use other versions of OpenBSD 32Bit / 64Bit.

 Try the first and obvious first.

OpenBSD on Fiber

[Patrick]

Hello,

I have a fiber internet connection with 500Mbs download and 500Mbs upload.
I installed a long time ago a firewall with OpenBSD 5.5 with routing and
PF. But after a speedtest the line is stuck at around 200Mbs. Even when i
download a test bin the speed is around 17Mbs. After this experience i had
FreeBSD installed which doing fine with my fiber network. I have tested 5.6
and 5.7 and even 5.8 for testing any improvements in the network speed.
Does anybody now what can cause this problem? Below i have my specs posted:

*Hardware / OS*
HP DL380 G6
vSphere ESXI 6 (Updated to last patches)

*VM*
Virtual Machine 11 (Also tried 8)
Type: Other 32Bit / Other 64Bit And FreeBSD 64bit same results
1 CPU  1 core
4GB

*What i have tried (This all had no results)*
Upgrade the virtual machine hardware.
Forward the network cards from pci slots to the VM
Different ethernet adapters, VMXNET3 is still the best which is getting the
highest speeds.
Add system tweaks in sysctl.conf  disabling PF
Use other versions of OpenBSD 32Bit / 64Bit.

Best Regards,

Patrick

Re: SPA112 VoIP with pf and NAT - States keeps open on address change

[Patrick]

 
> On 06.02.2019, at 11:15, Sebastian Reitenbach  
> wrote:
> 
> Am Mittwoch, Februar 06, 2019 10:57 CET, jum...@yahoo.de schrieb:
> 
>> Hello,
>> I have a Cisco SPA112 VoIP to connect my analog phone to my provider SIP 
>> system. Recently I replaced my Linux based (Fritzbox) with a OpenBSD 6.4 
>> firewall. The firewall is connected to a vDSL modem and performs NAT for 
>> outgoing IPv4 connection. The connection to the SIP server from the SPA112 
>> is a IPv4 with NAT via UDP port 5060. The connection works and I can see the 
>> NAT in the state table. I have configured NAT-Keepalive on the SPA112 to 
>> keep the state open. After 24 hours my provider terminate my connection and 
>> after established a new connection the firewall has a new public IPv4 
>> address. 
>> After this change the SPA112 can't longer communicate to the SIP server 
>> because it's still using the old state with the old public IPv4 address. If 
>> I deleted the state manually on the firewall the force the SPA112 to 
>> register again it works. The SPA112 has also an automatism to re-register 
>> after 60 minutes. But without deleting the state the SPA112 will use again 
>> the old state/connection.
>> From my point of view the SPA112 should use a new connection for the 
>> re-register or at least a new connection, if it detects the lost of the 
>> previous registration. But this problem doesn't exist with the old Linux 
>> based firewall. I can also see a lot of other NAT entries in the state table 
>> with the old public IPv4 address. Is there a feature of pf to delete all NAT 
>> entries with the no longer existing public IPv4 on a address change? 
>> Best Regards,Patrick
> 
> some lines of pf.conf would be helpful. Do you have parentheses around your 
> interface name in the  nat-to rule, like nat-to ($ext_if)
> that should update the rules when addresses change, but I don't think that 
> will touch active states.
> However, SIP and UDP might be problematic, since states are consulted first, 
> before the rules are traversed. Since UDP is stateless, PF only seems 
> sending/receiving IP and port, but with SIP the sending port always might be 
> 5060 as well, so it may match the existing state, even if the external IP 
> changed.
> 
> Sebastian
> 

Hi Sebastian,

Thanks for your quick reply.

My nat rule use the parenthesis and all other devices behind the firewall works 
fine. I think it’s more a specific issue with the SPA112. I have also set the 
ruleset optimization to conservative but in this case the generated state has 
just a longer time to live. This isn’t the problem because the SPA112 sends 
regular keep alive packets which reset the counter for the state.

Here the related rules:
pass out quick on egress inet from (vether0:network) nat-to (egress) modulate 
state
pass in on egress inet proto udp from  to (egress) port 5060

As I’m just reading again my rules. Is the modulate state the problem? Or will 
pf use keep state for UDP packets as the default?

Best Regards,
Patrick

Re: SPA112 VoIP with pf and NAT - States keeps open on address change

[Patrick]

> On 07.02.2019, at 14:21, Stuart Henderson  wrote:
> 
> On 2019-02-06, Patrick  wrote:
>> My nat rule use the parenthesis and all other devices behind the
>> firewall works fine. I think it’s more a specific issue with the SPA112.
>> I have also set the ruleset optimization to conservative but in this
>> case the generated state has just a longer time to live. This isn’t the
>> problem because the SPA112 sends regular keep alive packets which reset
>> the counter for the state.
> 
> Setting to 'conservative' (i.e. hanging on to states for longer) can't
> help with this.
> 
> Using parentheses won't help either, that means "do a lookup at state
> creation time", but you aren't getting a new state created because the 
> old one hasn't expired.
> 
>> 
>> Here the related rules:
>> pass out quick on egress inet from (vether0:network) nat-to (egress) 
>> modulate state
>> pass in on egress inet proto udp from  to (egress) port 5060
>> 
>> As I’m just reading again my rules. Is the modulate state the problem?
>> Or will pf use keep state for UDP packets as the default?
> 
> PF uses "keep state" by default, and "keep state" is required for NAT.
> 
> I think your main options are:
> 
> - use a *shorter* timeout for this rule (this can be set per-rule
> and overrides the default from "set optimization") and have a port
> forward rule so that incoming packets still work even when the
> state has timed out
> 
> - arrange a way to flush these states when the IP changes
> 
> The first of these is probably easiest if you can do it ..
> 
> 

Thanks for suggestions. I tried to change the timeouts but every time the state 
gets deleted the SIP server refused the new connection. I think because of the 
change of source port. Maybe it would work with static-port option. I choose 
option two and have created a cron job to reconnect my VDSL connection and 
flush the state table at 2am in the night. This moved the force termination 
after 24 hours to the night. I remember that the old firewall had a similar 
option and probably also deleted the state table at the same time. I didn’t 
noticed the disconnection of my SPA112 in the middle of the night. To recover 
quicker from a termination at day I have set the re-register timeout to 30 
minutes and also runs a script every five minutes on the firewall to check the 
current public IPv4 address and the one in the state table for the SPA112 and 
if it not match delete the state.

Best Regards,
Patrick

Allocate more memory than 512 MB with squid

[Patrick Hemmen]

Hi all,

I use the squid web-proxy on a OpenBSD 4.1 i386 machine with 1024 MB of 
RAM.
Squid can only allocate 512 MB of RAM. If squid tries to allocate more
than that, the process kills himself and starts automatically again with 
the following message in /var/log/messages.

FATAL: xcalloc: Unable to allocate 4096 blocks of 1 bytes!

Squid runs under the user _squid. This user is in the login class 
daemon in which the data size is set to infinity.
I also checked the file /usr/src/sys/arch/i386/include/vmparam.h where
I found the line.

#define MAXDSIZ   (1024*1024*1024) /* max data size */

Can anybody give me a hint where I can set the maximum RAM usage of one
process?

Thanks in advance
Patrick

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: Allocate more memory than 512 MB with squid

[Patrick Hemmen]

Thanks for your reply.
I installed squid from the Package squid-2.6.STABLE9.tgz on OpenBSD 
4.1-stable i386.
Here the relevant parts of my squid.conf.

cache_mem 192 MB
maximum_object_size 16 MB
cache_dir ufs /var/squid/cache 5000 16 256

With this cache_mem size, the squid process use 498 MB of RAM.
In a few days I will try to run a little C-Program which allocate more 
than 512 MB and post the output here.

Here my dmesg.

OpenBSD 4.1 (GENERIC) #2: Tue May 29 17:53:25 CEST 2007 
[EMAIL 
PROTECTED]:/usr/binpatch/work-binpatch-4.1/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 804 MHz
cpu0:FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 1073233920 (1048080K)
avail mem = 971886592 (949108K)
using 4278 buffers containing 53784576 bytes (52524K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 11/02/00, BIOS32 rev. 0 @ 0xf0aa0, 
SMBIOS rev. 2.3 @ 0xf2930 (45 entries)
bios0: ASUSTeK Computer INC. CUV4X
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x12e2
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1250/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:04:0 (VIA VT82C586 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA VT8605 PCI rev 0x81
ppb0 at pci0 dev 1 function 0 VIA VT8605 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Rage Fury rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 4 function 0 VIA VT82C686 ISA rev 0x22
pciide0 at pci0 dev 4 function 1 VIA VT82C571 IDE rev 0x10: ATA66, 
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: QUANTUM FIREBALL CX10.2A
wd0: 16-sector PIO, LBA, 9787MB, 20044080 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: E-IDE, CD-950E/AKU, A4Q SCSI0 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 4 function 2 VIA VT83C572 USB rev 0x10: irq 12
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 4 function 3 VIA VT83C572 USB rev 0x10: irq 12
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
viaenv0 at pci0 dev 4 function 4 VIA VT82C686 SMBus rev 0x30: HWM disabled
xl0 at pci0 dev 14 function 0 3Com 3c905C 100Base-TX rev 0x78: irq 10, 
address 00:01:02:e3:19:86
exphy0 at xl0 phy 24: 3Com internal media interface
xl1 at pci0 dev 15 function 0 3Com 3c905 100Base-TX rev 0x00: irq 12, 
address 00:60:08:55:98:9b
nsphy0 at xl1 phy 24: DP83840 10/100 PHY, rev. 1
xl2 at pci0 dev 16 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 5, 
address 00:a0:24:a9:1c:23
exphy1 at xl2 phy 24: 3Com internal media interface
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask fb45 netmask ff65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

Best regards.
Patrick


Whyzzi schrieb:
 Curious. Well there's not much we can say on the matter:
 
 1) no dmesg
 2) no squid conf
 
 I personally recommend testing your squid server's memory for problems
 and providing at least the whole dmesg and relevant parts of your
 squid.conf (eg cache_mem).
 
 BTW: Shouldn't this be in the ports list?
 
 Cheers!
 
 On 15/07/07, Patrick Hemmen [EMAIL PROTECTED] wrote:
 Hi all,

 I use the squid web-proxy on a OpenBSD 4.1 i386 machine with 1024 MB of
 RAM.
 Squid can only allocate 512 MB of RAM. If squid tries to allocate more
 than that, the process kills himself and starts automatically again with
 the following message in /var/log/messages.

 FATAL: xcalloc: Unable to allocate 4096 blocks of 1 bytes!

 Squid runs under the user _squid. This user is in the login class
 daemon in which the data size is set to infinity.
 I also checked the file /usr/src/sys/arch/i386/include/vmparam.h where

Re: Allocate more memory than 512 MB with squid

[Patrick Hemmen]

Thanks for the hint.
I will test the memory and view the BIOS settings as soon as possible.

Best regards.
Patrick

Whyzzi schrieb:
 Again I highly recommend you check the memory for problems:
 
 http://www.memtest86.com/
 
 Another thing I've noticed that can cause strange problems:
 miss-matched memory timings caused by mixture of RAM, especially if
 the BIOS is set to auto detect timings. Double check the memory module
 RAS/CAS timings between each module and if they are not the same,
 force the timing in the BIOS from the highest timing module. I also
 recommend checking to see if there is a BIOS update for your board.
 
 Good luck.
 
 PV
 
 As a comparison, I'm running squid-2.5.STABLE13 on a 4.0 snapshot 
 without issue:
 
 OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.44 GHz
 cpu0: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM
  
 
 real mem  = 1073217536 (1048064K)
 avail mem = 970981376 (948224K)
 using 4256 buffers containing 53764096 bytes (52504K) of memory
 mainbus0 (root)
 bios0 at mainbus0: AT/286+(ed) BIOS, date 11/10/03, BIOS32 rev. 0 @
 0xf1e30, SMBIOS rev. 2.3 @ 0xf0040 (56 entries)
 bios0: ASUSTeK Computer INC. P4PE
 apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled)
 apm0: APM power management enable: unrecognized device ID (9)
 apm0: APM engage (device 1): power management disabled (1)
 apm0: AC on, battery charge unknown
 apm0: flags b0102 dobusy 0 doidle 1
 pcibios0 at bios0: rev 2.1 @ 0xf/0x24b2
 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf23d0/224 (12 entries)
 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
 pcibios0: PCI bus #2 is the last bus
 bios0: ROM list: 0xc/0xc800 0xd/0x7c00! 0xd8000/0x1000
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 pchb0 at pci0 dev 0 function 0 Intel 82845G/GL rev 0x02
 ppb0 at pci0 dev 1 function 0 Intel 82845G/GL/GV/GE/PE AGP rev 0x02
 pci1 at ppb0 bus 1
 vga1 at pci1 dev 0 function 0 NVIDIA GeForce2 MX rev 0xb2
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 12
 usb0 at uhci0: USB revision 1.0
 uhub0 at usb0
 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
 uhub0: 2 ports with 2 removable, self powered
 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 3
 usb1 at uhci1: USB revision 1.0
 uhub1 at usb1
 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
 uhub1: 2 ports with 2 removable, self powered
 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 14
 usb2 at uhci2: USB revision 1.0
 uhub2 at usb2
 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
 uhub2: 2 ports with 2 removable, self powered
 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 11
 usb3 at ehci0: USB revision 2.0
 uhub3 at usb3
 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
 uhub3: 6 ports with 6 removable, self powered
 ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x82
 pci2 at ppb1 bus 2
 VIA VT6306 FireWire rev 0x80 at pci2 dev 3 function 0 not configured
 pciide0 at pci2 dev 4 function 0 Promise PDC20376 rev 0x02: DMA
 wd0 at pciide0 channel 0 drive 0: ST380013AS
 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
 wd0(pciide0:0:0): using BIOS timings, Ultra-DMA mode 6
 pciide0: using irq 11 for native-PCI interrupt
 bge0 at pci2 dev 5 function 0 Broadcom BCM5702X rev 0x02, BCM5703 A2
 (0x1002): irq 10, address 00:e0:18:bf:77:eb
 brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
 em0 at pci2 dev 10 function 0 Intel PRO/1000GT (82541GI) rev 0x05:
 irq 5, address 00:0e:0c:bc:33:44
 ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02
 pciide1 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA,
 channel 0 configured to compatibility, channel 1 configured to
 compatibility
 pciide1: no compatibility interrupt for use by channel 0
 atapiscsi0 at pciide1 channel 1 drive 0
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVD-ROM GDR8161B, 0100 SCSI0
 5/cdrom removable
 cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2
 isa0 at ichpcib0
 isadma0 at isa0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 pcppi0 at isa0 port 0x61
 midi0 at pcppi0: PC speaker
 spkr0 at pcppi0
 lpt0 at isa0 port 0x378/4 irq 7
 npx0 at isa0 port 0xf0/16: using exception 16
 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
 biomask fb4d netmask ff6d ttymask ffef
 pctr: user-level cycle counter enabled
 dkcsum: wd0 matches BIOS drive 0x80
 root on wd0a
 
 
 On 16/07/07, Patrick Hemmen

Re: Allocate more memory than 512 MB with squid

[Patrick Hemmen]

Squid runs under the user _squid and this user is in the login class 
daemon in which the data size is set to infinity. Or do I have to set 
a another capability?

Best regards.
Patrick

Tim Kuhlman schrieb:
 On Mon July 16 2007 12:00:41 pm Patrick Hemmen wrote:
 Thanks for your reply.
 I installed squid from the Package squid-2.6.STABLE9.tgz on OpenBSD
 4.1-stable i386.
 Here the relevant parts of my squid.conf.

  cache_mem 192 MB
  maximum_object_size 16 MB
  cache_dir ufs /var/squid/cache 5000 16 256

 With this cache_mem size, the squid process use 498 MB of RAM.
 In a few days I will try to run a little C-Program which allocate more
 than 512 MB and post the output here.
 
 Sounds like a login.conf restriction to me, which your little c program 
 should 
 encounter also. 
 
 man 5 login.conf

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: Allocate more memory than 512 MB with squid

[Patrick Hemmen]

I start squid with the following entry in /etc/rc.local.

if [ -x /usr/local/sbin/squid ]; then
echo -n ' squid';   /usr/local/sbin/squid
fi

Best regards.
Patrick

Daniel Ouellet schrieb:
 Patrick Hemmen wrote:
 Squid runs under the user _squid and this user is in the login class 
 daemon in which the data size is set to infinity. Or do I have to 
 set a another capability?
 
 How do you start your squid is the key.
 
 man 5 login.conf
 man 8 rc
 
 explain it. Just putting the class there for a specific user doesn't 
 make it use it unless you specify that class at the start in your rc.local
 
 It's not for squid, but check the principal and ideas here:
 
 http://openbsdsupport.org/mysql.htm#/etc/login.conf
 http://openbsdsupport.org/mysql.htm#/etc/rc.local
 
 You will see that unless you specifically tell it to use it, it will not 
 use it and only gets the default class no matter what you put in there.
 
 Hope this help you.
 
 Daniel

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: Allocate more memory than 512 MB with squid

[Patrick Hemmen]

Hi,

yesterday I run the little c-program under the user root and it works.

Here is the source code of the program.

 #include stdio.h
 #include stdlib.h
 int main() {
 size_t size = 936870912;
 char *a = malloc(size);
 if (a)
 printf(yes);
 else
 perror(no);
 }

Do I start squid correctly with the entry in /etc/rc.local?

Thanks.
Patrick


  Patrick Hemmen wrote:
  I start squid with the following entry in /etc/rc.local.
 
   if [ -x /usr/local/sbin/squid ]; then
   echo -n ' squid';   /usr/local/sbin/squid
   fi
 
  Best regards.
  Patrick

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: spamd question (4.1)

[patrick keshishian]

On 7/23/07, Darrin Chandler [EMAIL PROTECTED] wrote:

It seems normal enough. What I and some others have done in addition is
to add a whitelist that bypasses spamd altogether. Into that whitelist
goes gmail (host -ttxt gmail.com) and other large providers using pools
for outgoing mail.


Good point.



If you are concerned about the entries that you saw whitelisted, have
you checked where the mail went that they sent? If this is wholly your
domain then you should be able to easily see that. If you can't look
(because it's other people's mail) then you can still ask around and see
if people have been getting spam.


I've not had a chance to examine where the white listed hosts
were trying to send to (yet).  I have yet to run sendmail to
accept incoming mail.  However, while monitoring the output
from spamdb, I did noticed most to addresses for the GREY
trapped hosts were bogus recipients.


Also, though spamd works GREAT, it is what it is. As I mentioned above,
it will not stop spam from real mail servers, whether open relays or
spam house servers. You may get to the point where you do want to add


I see your point about open relays and such.

Thanks for your input!
--patrick

SMTP flood + spamdb

[patrick keshishian]

Hi all,

At around 1:40 PM (PDT) my SMTP server started getting flooded
by enormous amount of connections.  The connections were for
seemingly random users @my-domain-name.

I'm running spamdb in greylist mode, but these servers were
getting white-listed very quickly.

$ /usr/sbin/spamdb | /usr/bin/grep -c ^WHITE
717

Typical value for above is not more than 20.  Traffic going
in/out of my mail-server is minimal.

I would remove them from the WHITE list and they would fill up
almost immediately.

My guess is someone is using these faked addresses ([EMAIL PROTECTED])
to send out SPAM and I'm getting the bounces from these.

I'm basically looking for opinions as how to combat this problem
right now.  I'm not even 100% on the bounced email theory, but
this had happened to me once before back in May 2003, but the
bounces were mainly from gc.ca domain.

I use gmane to read the list. If not too much to ask, please CC
me on your reply(ies).

Thanks,
--patrick

p.s., Server is running cvs updated -rOPENBSD_4_1 code.

Re: SMTP flood + spamdb

[patrick keshishian]

On 9/23/07, Darrin Chandler [EMAIL PROTECTED] wrote:
 On Sun, Sep 23, 2007 at 03:33:03PM -0700, patrick keshishian wrote:
  At around 1:40 PM (PDT) my SMTP server started getting flooded
  by enormous amount of connections.  The connections were for
  seemingly random users @my-domain-name.
 
  I'm running spamdb in greylist mode, but these servers were
  getting white-listed very quickly.
 
  $ /usr/sbin/spamdb | /usr/bin/grep -c ^WHITE
  717

 I've seen something *very* similar. In my case the user portions
 seemed random at first glance, but some were repeated a LOT. See if you
 have that, too. If so, enter those random addresses as SPAMTRAP
 entries. That way they're blocked for 24 hours, and will reblock
 themselves if they persist.


They seemed pretty random to me, but I did a quick
check after reading your response and I see 468 unique
fake email address @my-domain, only one was
duplicated twice.

This was in the span of about 1 hour, from 13:38 to 14:31
Pacific time.  After which I enabled filtering of SMTP port
'til I figure out what I am going to do.

I can't imagine entering all those address as spamtraps.


Another user suggested greytrapping in private email,
which made me reread spamd(8) a couple of times, at
least the 'GREYTRAPPING' section, which mentions
/etc/mail/spamd.alloweddomains file.  It doesn't specifically
say one could use it to enter valid email address in that
file, but a naive look at the source spamd/grey.c suggests
it could work.  I plan on giving this a try unless someone
from the list advises against it.


Is there anyway one could flush the GREY entries from
spamdb?  I had the problem where I would clear the WHITE
entries that didn't belong, but the WHITE list would grow
rapidly out of control again.

I'm not sure if this is related or not, but I have noticed
that a few times yesterday and once again tonight around 8PM
PDT, spamd-setup failed on ftp with connection time out.

Thanks for all the replies.



 I had also done a log tailer that added to a blacklist, but that turned
 out not to be needed with the above. ymmv.

 --
 Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
 [EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
 http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation



-- 
How romantic. Two lovers' first kiss shared on
 the banks of the river Seine -- LL as CK  (ep.72 s04e06)

Re: SMTP flood + spamdb

[patrick keshishian]

On 9/24/07, Stuart Henderson [EMAIL PROTECTED] wrote:
 On 2007/09/23 20:53, patrick keshishian wrote:
 
  They seemed pretty random to me, but I did a quick
  check after reading your response and I see 468 unique
  fake email address @my-domain, only one was
  duplicated twice.

 What's the problem, they'll just be dropped user unknown
 by your MTA won't they?

It wouldn't be a problem if it didn't mimic a DDOS attack.
Getting bombarded by many dozen SMTP connection in a very
short time-span iss a bit alarming (at least was to me).

Other than that, I agree, sendmail would drop them as User
unknown and that's the end of story.


Btw, your reply-to field contains my e-mail address.  Is that
intended?

Cheers,
--patrick

Re: SMTP flood + spamdb

[patrick keshishian]

On 9/23/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote:
 patrick keshishian [EMAIL PROTECTED] writes:

  I'm running spamdb in greylist mode, but these servers were
  getting white-listed very quickly.

 Then it sounds almost like you were running with a too short passtime,
 but then that's easy to adjust.

The default (which I believe is 25 minutes).


  At around 1:40 PM (PDT) my SMTP server started getting flooded
  by enormous amount of connections.  The connections were for
  seemingly random users @my-domain-name.

 We've been seeing a lot of that here, too.  Mostly it's a few (maybe
 20) a day to the most widely known domain here, then occasionally
 somebody pushes the generate button for too long and one domain
 almost nobody actually uses gets the bouces for 700+ fake
 addresses[1].  Bob Beck's greyscanner is rather effective, as is the
 more manual methods I've blogged about the observations quite a bit,
 starting with [2].

I have just re-opened my SMTP port which I had shut since 1440
Sunday. Not 1 hour has passed yet and my GREY list is almost
at 300.

I've added about 250 (count at the time) bogus emails to the
greytrap list but since they are unique I don't think it will
help the situation much.

I'm very certain right now, this flood is due to a spammer
using these fake addresses @my-domain-name to spam these mail
server (all around the world -- Japan, South America, US,
Germany, Ireland, etc...) and I'm getting the brunt of it in
the form of these bounced messages.

At this point I think I have no other choice but to wait out
the storm.


 Short summary for those who are not too interested in blog posts: I
 started seeing more than the usual amount of bounce activity in my
 mail server log summaries, close enough to what you describe.  So
 after a bit of thinking and log browsing I decided this was generated
 mainly by misconfigured mail servers bouncing spam.  Then I decided I
 wanted to do an experiment, to see if I could poison the well and at
 the same time get a feel for the data I was collecting.


When you speak of misconfigured mail servers bouncing spam,
what exactly is a proper configured mail server supposed to
do with spam directed at non-existing user @their-host-name?

Just curious.


FYI, as of now my:

 - GREY list count is 342 (and growing)
 - unique bogus email count is 341
 - ESTABLISHED spamd connection count is 63 (and growing)


This is not fun :-\



 I started publishing the fake addresses on a web page[3] as well as
 entering them into the list of trap addresses.  I've been seeing
 evidence that the addresses are actually being harvested and used as
 to-be-spammed addresses too: addresses which are all uppercase on the
 web page turning up in the spamd logs and greylist dumps in all
 lowercase, addresses which have been on my flypaper list for months
 turn up all the time, and we see a steadily growing number of hosts in
 TRAPPED state.

 My users here are not getting any more spam than they used to (as
 close as does not matter to none), false positives are pretty much an
 unknown, and it looks like we're succeeding in making the spammers
 work harder.

 [1] 
 http://bsdly.blogspot.com/2007/08/lady-in-distress-or-then-again-maybe.html
 [2] http://bsdly.blogspot.com/2007/07/hey-spammer-heres-list-for-you.html
 [3] http://www.bsdly.net/~peter/traplist.html

ipsec with carp

[Patrick Hemmen]

Hello all,

I have two OpenBSD machines for a redundancy VPN-Gateway. They use
carp to share one IP-Address and sasyncd to synchronize SAs and SPDs.
I setup a ipsec-tunnel in /etc/ipsec.conf. The tunnel isn't
established and the error PAYLOAD_MALFORMED appears in the logs.
With tcpdump I can see that the initial packet (isakmp v1.0 exchange
ID_PROT) to establish the tunnel come from the host IP-Address and not
from the carp address.

Thanks in advance.
Patrick

Re: ipsec with carp

[Patrick Hemmen]

Ok.

Before using carp/sasyncd the IPSEC tunnel had worked.
The isakmpd daemon listen on all interfaces/ip addresses.

I am illustrating my set up

vpngw01: 10.10.10.101   
carp: 10.10.10.1 -- INTERNET -- remote gateway: 192.168.1.1
vpngw02: 10.10.10.102

My machines are vpngw01 and 02.
The IPSEC tunnel is negotiated between the addresses
10.10.10.1 and 192.168.1.1. But my master (vpngw01) tries to establish
the IPSEC connection with the non-carp address 10.10.10.101. The other
side is in passive mode.

Thanks for the replies.
Patrick

Brian A. Seklecki schrieb:
 Also:
 
 1) Does the documentation in ipsec(4) / isakmpd.conf(5) /
 sasyncd.conf(5) imply that all policies / security associations should
 be between the CARP HA L3 address?
 
 2) Is your isakmpd(8) binding to wildcard address?
 
 3) Did this problem evolve with the implementation of sasyncd(8) or did
 your IPSEC never work?
 
 ~BAS
 
 
 On Mon, 2007-10-01 at 08:16 -0700, Dag Richards wrote:
 Patrick Hemmen wrote:
 Hello all,

 I have two OpenBSD machines for a redundancy VPN-Gateway. They use
 carp to share one IP-Address and sasyncd to synchronize SAs and SPDs.
 I setup a ipsec-tunnel in /etc/ipsec.conf. The tunnel isn't
 established and the error PAYLOAD_MALFORMED appears in the logs.
 With tcpdump I can see that the initial packet (isakmp v1.0 exchange
 ID_PROT) to establish the tunnel come from the host IP-Address and not
 from the carp address.

 Thanks in advance.
 Patrick

 Maybe it's the humidity.
 Maybe it's  something in your ipsec.conf file.
 Based on the info you have provided so far, both seem to be about as 
 like as each other  ;)

 ipsec.conf
 ifconfig -A

 maybe a quote from your dumps
 and perhaps a bit of logging info 

Re: ipsec with carp

[Patrick Hemmen]

Heinrich Rebehn schrieb:
 Patrick Hemmen wrote:
 Ok.

 Before using carp/sasyncd the IPSEC tunnel had worked.
 The isakmpd daemon listen on all interfaces/ip addresses.

 I am illustrating my set up

 vpngw01: 10.10.10.101   
 carp: 10.10.10.1 -- INTERNET -- remote gateway: 192.168.1.1
 vpngw02: 10.10.10.102

 
 Remove the IP addresses from the physical interfaces. The master will
 then use 10.10.10.1 as source address. Use the carpdev clause in
 ifconfig to specify the physical interface used for carp.
 
 Note however that the machine will no longer respond to broadcast packets.
 
 -- Heinrich
 

I fixed this problem by adding local 10.10.10.1 before peer
192.168.1.1 to the /etc/ipsec.conf file. I have to read the manual more
thoroughly ;).
I think the tunnel isn't available because of wrong lifetimes settings.
The remote gateway returns a NO PROPOSAL CHOSEN and all other settings
are correct. Now, I'm waiting for the lifetimes settings information of
the remote site.

Best regards.
Patrick

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: ipsec with carp

[Patrick Hemmen]

Heinrich Rebehn schrieb:
 Patrick Hemmen wrote:
 Ok.

 Before using carp/sasyncd the IPSEC tunnel had worked.
 The isakmpd daemon listen on all interfaces/ip addresses.

 I am illustrating my set up

 vpngw01: 10.10.10.101   
 carp: 10.10.10.1 -- INTERNET -- remote gateway: 192.168.1.1
 vpngw02: 10.10.10.102

 
 Remove the IP addresses from the physical interfaces. The master will
 then use 10.10.10.1 as source address. Use the carpdev clause in
 ifconfig to specify the physical interface used for carp.
 
 Note however that the machine will no longer respond to broadcast packets.
 
 -- Heinrich
 

I fixed this problem by adding local 10.10.10.1 before peer
192.168.1.1 to the /etc/ipsec.conf file. I have to read the manual more
thoroughly ;).
I think the tunnel isn't available because of wrong lifetimes settings.
The remote gateway returns a NO PROPOSAL CHOSEN and all other settings
are correct. Now, I'm waiting for the lifetimes settings information of
the remote site.

Best regards.
Patrick

Now the tunnel is up and running.
The remote site used the wrong ip address for our vpn-gw in their config. I see 
this after they switch to active mode.
That's also the reason for the NO PROPOSAL CHOSEN error that I saw.

Thanks a lot.
Patrick Hemmen

I have a new email address.

Re: F-Secure Computer Virus Information Pages: Googkle

[Patrick BURNAND]

On Sunday 08 May 2005 17:15, Mike wrote:
 I'm very prone to go and poke around there with Firefox - though I wish
 F-secure was more explicit about the exploits that they're describing -
 ...


That's quite typical for these security organizations, not to speak any bad 
about Windows.

It's a matter of fact in the security circles, that almost all problems are 
due to Windows.  But the security companies who make their living on the bugs 
of Windows (Symantec, Norton and others) simply dno't want to loose their 
streams of revenue.  They don't want the people to switch to other systems.

When a problem affects Linux exclusively (there has been some especially with 
PHP and Apache), they almost trumpet it, clearly stating that it was Linux.  
When a problem affects a mix of platforms (some Apache versions had problems 
on Linux and Windows) they mention it to.  But when a problem only affects 
Windows, they seem to suddenly forget to mention which systems are affected, 
specially in the non technical medias.  Thus Microsoft can blatantly lie 
about the security of their systems and claim that security problems are as 
much numerous on other platforms.

If you go to CNN.com, you'll see alerts like: A virus spreads on the internet 
and infects thousands of PCs per hour !  But are these really any PC ??  No 
obviously not !  These only affects IBM compatible PC (not Macintoshes nor 
Amiga, nor Amstrad nor whatever) running only on Intel x86 and compatible 
processor serie, running a version of Windows or MS-DOS.  These problems 
these days typically involve IE, Word documents and Outlook, which only run 
on Windows.
You can read the whole article, you'll typically find no mention of Windows.

The question is why is it so ?  It's because Microsoft buys ad space in the 
major medias, incuding CNN.  With this scheme, the IT deciders who typically 
don't read technical articles come to believe that virus and malwares spread 
regardless of the OS and so the intended effect is reached: they don't think 
about switching to an alternative platform to enhance security.  That's why 
Microsoft continuously run advertising campaigns for Windows although there 
is no hope to expand the market share of Windows, because the market is 
almost saturated.


-- 
Patrick BURNAND [EMAIL PROTECTED]

OpenBSD Zaurus - Installed but fails to boot

[Patrick Heim]

I tried sending this to the [EMAIL PROTECTED] list but got no response, so
let me try misc.

The install of the OS and core packages completes just fine.  I am pretty
sure that fdisk and disklabel configs are correct. Boot behaves very
strangely in that it doesn't appear to see hd0a at all and can't find the
kernel /bsd (or anyhting else...).

When I boot to bsd.rd using the puffy icon under Linux and shell out, I
can mount /dev/wd0a and I can see that everything installed just find and
can verify that /bsd exists.

Since I originally sent the message below, I have tried a complete clean
install by deleting the old bsd partition on the disk and removing the
OpenBSD IPK.  I also used the latest snapshot as of today.  The problem
remains constant and annoying.

I *really* would appreciate some insight into fixing this.

Thanks,

Patrick

 Original Message 
Subject: Re: OpenBSD Zaurus - Installed but fails to boot
From:Patrick Heim PatrickHeim at maldoror.cotse.net
Date:Sat, June 25, 2005 7:16 pm
To:  PatrickHeim at maldoror.cotse.net
Cc:  [EMAIL PROTECTED]
--

I've re-read the documents and tried various tweaks in fdisk and disklabel
and can't figure out how to get openbsd to boot.  Below is the output from
fdisk, dislabel, and the boot process.

The only deviation from the normal network install is that I am pulling
the packages from a BSD formatted compact flash disk (wd1c) rather than a
network interface.

Thanks for the help.

Cheers,

Patrick



fdisk info:
---

Disk: wd0   geometry: 1024/8/17 [7999488 Sectors]
Offset: 0   Signature: 0xAA55
 Starting  Ending  LBA Info:
 #: id C  H  S -C   H S  [start:  size  ]
---
 0: 83 0  3 13 - 1511   7 17 [  63:  205569 ] Linux files*
1: 83  1512  0  1 - 7559   7 17 [  205632:  822528 ] Linux files*
2: 0C  7560  0  1 - 13442  2 14 [ 1028160:  80 ] Win95 FAT32L
*3: A6 12442  4 11 - 58820  3 10 [ 1828160: 6171391 ] OpenBSD
fdisk: /using/mdec/mbr: No such file of directory
fdisk: using builtin MBR

disklabel info:
---

device: /dev/rwd0c
type: ST506
disk: ST506/MFM/RLL
label: ST506
bytes/sector: 512
sectors/track: 17
tracks/cylinder: 8
sectors/cylinder: 136
cylinders: 1024
total sectors: 7999488
free sectors: 63
rpm: 3600

16 partitions:
# size  offset  fstype [fsize bsize  cpg]
  a:   5761744 2237744  4.2BSD   2048 16384 1364
  b:409584 1828160swap
  c:   7999488   0  unused  0 0
  i:205569  63  ext2fs
  j:822528  205632  ext2fs
  k:80 1028160   MSDOS



boot process:
-

probing: cn0 com0 com1 com2
disk: hd0*
 OpenBSD/zaurus BOOT 2.0
open(hd0a:/etc/boot.conf): Invalid argument
boot
booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
 failed(22). will try /obsd
boot
booting hd0a:/obsd: open hd0a:/obsd: Invalid argument
 failed(22). will try /bsd.old
boot
booting hd0a:/bsd.old: open hd0a:/bsd.old: Invalid argument
 failed(22). will try /bsd
 boot
booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
 failed(22). will try /obsd
 boot
booting hd0a:/obsd: open hd0a:/obsd: Invalid argument
 failed(22). will try /bsd.old
 boot
booting hd0a:/bsd.old: open hd0a:/bsd.old: Invalid argument
 failed(22). will try /bsd
Turning timeout off
boot




 The install completed successfuly, but now it sits on the boot prompt
with this error:

 open(hd0a:/etc/boot.conf): Invalid argument

 Any help?  A reboot command restores Linux.

 Cheers,

 Patrick

Re: OpenBSD Zaurus - Installed but fails to boot

[Patrick Heim]

Thanks for the reply.

I'm not sure I understand what you mean with the discrepancy between the
start of the BSD partition and the OpenBSD block.

fdisk shows the A6 partition starting at 1828160.  I chose to put the swap
disklabel at 1828160 with a size of 409584 and a: at 2237744
(1828160+409584) with a size of 5761744.  Are you saying the a: disklabel
needs to be the first in the A6 partition (at 1828160)?

If this is what you meant, I will it a shot...

...I just gave it a shot.  Problem solved!  Thank you!

Maybe it wasn't stated in the instructions (or maybe I glazed over it),
but it appears that the a: disklabel needs to be the first one in the A6
partition.

Cheers,

Patrick

 On Mon, Jun 27, 2005 at 03:10:12PM -0700, Patrick Heim wrote:
 I tried sending this to the [EMAIL PROTECTED] list but got no response, so
 let me try misc.

 The install of the OS and core packages completes just fine.  I am
 pretty
 sure that fdisk and disklabel configs are correct. Boot behaves very
 strangely in that it doesn't appear to see hd0a at all and can't find
 the
 kernel /bsd (or anyhting else...).

 When I boot to bsd.rd using the puffy icon under Linux and shell out, I
 can mount /dev/wd0a and I can see that everything installed just find
 and
 can verify that /bsd exists.

 Since I originally sent the message below, I have tried a complete clean
 install by deleting the old bsd partition on the disk and removing the
 OpenBSD IPK.  I also used the latest snapshot as of today.  The problem
 remains constant and annoying.

 I *really* would appreciate some insight into fixing this.

 Thanks,

 Patrick
 Subject: Re: OpenBSD Zaurus - Installed but fails to boot
 From:Patrick Heim PatrickHeim at maldoror.cotse.net
 Date:Sat, June 25, 2005 7:16 pm
 To:  PatrickHeim at maldoror.cotse.net
 Cc:  [EMAIL PROTECTED]
 --

 I've re-read the documents and tried various tweaks in fdisk and
 disklabel
 and can't figure out how to get openbsd to boot.  Below is the output
 from
 fdisk, dislabel, and the boot process.

 The only deviation from the normal network install is that I am pulling
 the packages from a BSD formatted compact flash disk (wd1c) rather than
 a
 network interface.

 Thanks for the help.

 Cheers,

 Patrick



 fdisk info:
 ---

 Disk: wd0   geometry: 1024/8/17 [7999488 Sectors]
 Offset: 0   Signature: 0xAA55
  Starting  Ending  LBA Info:
  #: id C  H  S -C   H S  [start:  size  ]
 ---
  0: 83 0  3 13 - 1511   7 17 [  63:  205569 ] Linux
 files*
 1: 83  1512  0  1 - 7559   7 17 [  205632:  822528 ] Linux
 files*
 2: 0C  7560  0  1 - 13442  2 14 [ 1028160:  80 ] Win95
 FAT32L
 *3: A6 12442  4 11 - 58820  3 10 [ 1828160: 6171391 ] OpenBSD
 fdisk: /using/mdec/mbr: No such file of directory
 fdisk: using builtin MBR

 disklabel info:
 ---

 device: /dev/rwd0c
 type: ST506
 disk: ST506/MFM/RLL
 label: ST506
 bytes/sector: 512
 sectors/track: 17
 tracks/cylinder: 8
 sectors/cylinder: 136
 cylinders: 1024
 total sectors: 7999488
 free sectors: 63
 rpm: 3600

 16 partitions:
 # size  offset  fstype [fsize bsize  cpg]
   a:   5761744 2237744  4.2BSD   2048 16384 1364
   b:409584 1828160swap
   c:   7999488   0  unused  0 0
   i:205569  63  ext2fs
   j:822528  205632  ext2fs
   k:80 1028160   MSDOS




 Sorry,  been very busy lately and not been keeping up on things.

 It appears that you have some discrepancy between the start
 of you BSD partition and the OpenBSD block on the MBR

 *3: A6 12442  4 11 - 58820  3 10 [ 1828160: 6171391 ] OpenBSD
   a:   5761744 2237744  4.2BSD   2048 16384 1364

 Mine is slightly different:
 ---
  #: idC   H  S -C   H  S [   start:  size   ]
  3: A6 9065   7  2 - 58819   6  2 [ 1232960: 6766528 ] OpenBSD
 ---
 # sizeoffset  fstype [fsize bsize  cpg]
   a:   6635456   1232960  4.2BSD   2048 16384 1364 # Cyl  9065*-
 57855
 ---

 However, notice that the offset of the a parittion and the start of the
 mbr
 entry is the same value.

 Try repartitioning with disklabel so those values are the same, reinstall
 and try again.

 Dale Rahn [EMAIL PROTECTED]

Re: Clustering using OpenBSD

[Patrick Boyer]

On 1/29/06, Gabriel George POPA [EMAIL PROTECTED] wrote:

 Hello all,

I'm planning to deploy a small cluster behind my firewall (for test
 purposes). What would be the recommender program
 to use for clustering and wht can it do? Where should I start? I have 5
 workstations (1GHz Intel Celeron)+server 3GHz Intel P4.
 I know several ways of clustering, but I ask you because you might
 know what is the best method to use with OpenBSD.
 Oh, and what's with that picture on www.openbsd.org (lower-right corner)?


 Respectfully yours,

 Gabriel George POPA


What kind of cluster do you want to create? There are essentially three
types: high availability/failover, load-balancing, and high performance
computing. Each requires very different approaches. Let us know more about
the problem you're trying to solve and we can give you more info.

uath firmware load crash/freeze

[patrick keshishian]

Greetings,

I'm not sure whether this belongs to misc@ or tech@, so I'm posting
it first in [EMAIL PROTECTED]

I have this TRENDnet TEW-444UB/A wireless USB adaptor lying around
and I was hoping to use it with one of my laptops (using -current).

I downloaded the latest firmware from TRENDnet's download page [1]
and placed, what I believe to be the firmware file (ar5523.bin)
in /etc/firmware/uath-ar5523.

Next I plugged in the USB adaptor and I got:

Apr 25 23:53:40 foo /bsd: uath0 at uhub0 port 1
Apr 25 23:53:40 foo /bsd:
Apr 25 23:53:40 foo /bsd: uath0: Atheros Communications Inc AR5523, rev 2.00/0.0
1, addr 2
Apr 25 23:53:41 foo /bsd: uath0: at uhub0 port 1 (addr 2) disconnected
Apr 25 23:53:41 foo /bsd: uath0 detached
Apr 25 23:53:42 foo /bsd: uath0 at uhub0 port 1
Apr 25 23:53:42 foo /bsd:
Apr 25 23:53:42 foo /bsd: uath0: Atheros Communications Inc AR5523, rev 2.00/0.0
1, addr 2
Apr 25 23:53:52 foo /bsd: uath0: could not send firmware block data
Apr 25 23:53:52 foo /bsd: uath0: could not load firmware (error=TIMEOUT)



Next I got the CD that came with the adaptor package and on
there I find two .bin files (assuming they are the firmwares):

$ ls -l /mnt/cd/Driver/*.bin
-r-xr-xr-x  1 root  wheel  142768 Feb 24  2005 /mnt/cd/Driver/ar5523.bin*
-r-xr-xr-x  1 root  wheel  143536 Jan 24  2005 /mnt/cd/Driver/ar55239x.bin*


I don't know exactly why there are two, but the 9x hints at
Win9x, which still doesn't explain why there would be two versions
of the firmware.

Anyway, I picked the first one (listed) and place it in the firmware
directory and renamed it to uath-ar5523.  Plugged the USB adaptor in
and a couple of seconds later the laptop froze.  The computer wasn't
dead, but the OS seemed to be.  I could toggle num-lock and caps-lock
keys.  I could get in and out of the BIOS using function keys.  But
the OS was unresponsive.  Last lines in /var/log/messages were:


Apr 26 23:04:28 foo /bsd: uath0 at uhub0 port 1
Apr 26 23:04:28 foo /bsd:
Apr 26 23:04:28 foo /bsd: uath0: Atheros Communications Inc AR5523, rev 2.00/0.0
1, addr 2
Apr 26 23:04:29 foo /bsd: uath0: at uhub0 port 1 (addr 2) disconnected
Apr 26 23:04:29 foo /bsd: uath0 detached
Apr 26 23:04:32 foo /bsd: uath0 at uhub0 port 1
Apr 26 23:04:32 foo /bsd:
Apr 26 23:04:32 foo /bsd: uath0: Atheros Communications Inc AR5523, rev 2.00/0.0
1, addr 2


I tried the second .bin file from the CD and had the same result.
I'm not quite sure where to go from this point on.  I was thinking
of recompiling a new kernel with debug printf()s, but not sure
how far would that get me.

I realize that this laptop is old enough that it does not support
USB 2.0.  But my other laptop (also on -current) does, and although
I have not yet tried the .bin files from the CD on it, the one
downloaded off the TRENDnet's web-site got me the same TIMEOUT
error/result.

I'm open to suggestions and ideas, especially if you can recommend
a reasonably priced alternative USB wireless network adaptor which
will work on both i386 and macppc architectures.

Thanks,

--patrick

p.s., If at all possible, consider cc-ing me on replies, as I am
subscribed to the digest version of the mailing-lists.


[1] http://www.trendnet.com/downloads/info/TEW-444UB.htm
[2] dmesg

OpenBSD 4.1-current (GENERIC) #1: Mon Apr 23 21:14:08 PDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 549 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXS
R,SSE
real mem  = 267915264 (261636K)
avail mem = 236519424 (230976K)
using 3301 buffers containing 13520896 bytes (13204K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 09/20/01, BIOS32 rev. 0 @ 0xffe90, SMBIOS
rev. 2.3 @ 0xf6c00 (60 entries)
bios0: Dell Computer Corporation Inspiron 8000
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 59%
apm0: AC off, battery charge high, estimated 3:04 hours
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbc20/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371 ISA and IDE rev 0x00)
pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0x1
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82815 Hub rev 0x02: rng active, 800Kb
/sec
ppb0 at pci0 dev 1 function 0 Intel 82815 AGP rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Rage 128 Mobility MF rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x02
pci2 at ppb1 bus 2
esa0 at pci2 dev 3 function 0 ESS Maestro 3 rev 0x10: irq 5
ac97: codec id 0x83847609 (SigmaTel STAC9721/23)
ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D
audio0 at esa0
ppb2 at pci2 dev 6 function 0 unknown vendor 0x1668

Re: uath firmware load crash/freeze

[patrick keshishian]

On 4/27/07, Niall O'Higgins [EMAIL PROTECTED] wrote:

On Fri, Apr 27, 2007 at 12:07:04AM -0700, patrick keshishian wrote:

 I downloaded the latest firmware from TRENDnet's download page [1]
 and placed, what I believe to be the firmware file (ar5523.bin)
 in /etc/firmware/uath-ar5523.

You are making this much harder for yourself than it needs be.  As the
uath(4) manual page says, you can just


Yes. I have read the uath(4) man page prior to attempting to use
the adaptor.  After looking at the mentioned package I noticed there
was a newer firmware on the vendor's web-site and hence decided
to use it instead [1].

After trying the newer firmware I noticed the TIMEOUT problem
during firmware loading process.  Next I decided to try the firmware
shipped with the adaptor on the original CD. That's when I
observed the freezing of OpenBSD-current.  The only reason I
decided to post to the list.

Personally, I find it a slight bit disturbing that simply loading
a firmware would cause what could be categorized as a DoS
attack, albeit a self-induced one.




pkg_add http://damien.bergamini.free.fr/packages/openbsd/uath-firmware-1.0.tgz

 I'm open to suggestions and ideas, especially if you can recommend
 a reasonably priced alternative USB wireless network adaptor which
 will work on both i386 and macppc architectures.

uath(4) is not very good.  There are no docs and little incentive to fix
bugs in a driver with such an unfriendly vendor.  ural(4) and rum(4) are
both pretty solid USB wifi devices, and Ralink are pretty friendly.



Yes, thanks :-)

--patrick


[1] $ zcat uath-firmware-1.0.tgz | pax -v
-rw-r--r--  1 root wheel  257 Sep 16  2006 +CONTENTS
-rw-r--r--  1 root wheel  175 Sep 16  2006 +DESC
-rw-r--r--  1 root wheel   147664 Sep 16  2006 etc/firmware/uath-ar5523

vs. one available on TRENDnet's web-site dated 3/17/2007.

NVIDIA nForce Pro support

[Patrick Cummings]

Hi,
does anyone know if this chipset NVIDIA nForce Professional 3400 MCP is
completely supported by openBSD?? The hardware support page is not clear about
that, it only shows NVIDIA
nForce/nForce2/nForce2-400/nForce3/nForce3-250/nForce4,
MCP04/MCP51/MCP55/MCP61/MCP65/MCP67.
Thanks
_
Soyez parmi les premiers ` essayer Windows Live Mail.
http://ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911
fb2b2e6d

nfe0 problem (obsd 4.1)

[patrick keshishian]

Hi,

I've been noticing some strange problems with the built-in nfe0
interface on my desktop.  Actually I've seen it on two such
computers, but the description below is for my current desktop PC.

The PC is running `cvs up -dP -rOPENBSD_4_1' built. I'm including
netstat, ifconfig output[1] and dmesg below[2].

I've noticed that once in a while the nfe0 interface will stop
sending and receiving data.  At this point I can not make it work
again.  The only solution I have is to reboot the box.  I have
installed a dc0 card in the box since.  The problem seemed
intermittent and not reliably reproducible.  But I think I found
a way to reproduce this problem on demand (at least for the time
being).  I have an ssh session to another box, on which I run
'/usr/bin/nm somelib.so'.  After a page or two of output the
terminal hangs.  At this point nfe0 becomes unresponsive.

I switch to the dc0 interface and the terminal finishes the output.
Running the nm command while using the dc0 interface doesn't cause
any problems.

Interestingly enough, if I redirect the output of nm to a file
and subsequently cat the file the nfe0 interface doesn't seem
to exhibit the same problem.

I am not sure how to diagnose this problem further.  I've enabled
debug on the nfe0 interface (/sbin/ifconfig nfe0 debug), but don't
see any output.

Any and all suggestions are welcome.
--patrick

[1] netstat and ifconfig outputs:
$ /usr/bin/netstat -in
NameMtu   Network Address  Ipkts IerrsOpkts Oerrs Colls
lo0 33224 Link   1 01 0 0
lo0 33224 127/8   127.0.0.11 01 0 0
lo0 33224 ::1/128 ::1  1 01 0 0
lo0 33224 fe80::%lo0/ fe80::1%lo0  1 01 0 0
dc0 1500  Link  00:02:e3:07:cc:df 1713 0  424 7 0
dc0 1500  fe80::%dc0/ fe80::202:e3ff:fe 1713 0  424 7 0
nfe01500  Link  00:16:e6:82:17:da 1520   613  878 0 0
nfe01500  fe80::%nfe0 fe80::216:e6ff:fe 1520   613  878 0 0
nfe01500  xx.yy.ww.zz xx.yy.ww.zz2  1520   613  878 0 0
pflog0  33224 Link   0 00 0 0
enc0*   1536  Link   0 00 0 0

$ /usr/bin/netstat -rnfinet
Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu  Interface
defaultxx.yy.ww.zz9   UGS 00  -   nfe0
xx.yy.ww.zz8/28link#2 UC  40  -   nfe0
xx.yy.ww.zz9   00:20:6f:03:a2:e5  UHLc10  -   nfe0
xx.yy.ww.zz1   link#2 UHLc02  -   nfe0
xx.yy.ww.zz3   00:01:02:c2:a1:b9  UHLc1  159  -   nfe0
xx.yy.ww.zz0   00:20:e0:68:5d:c8  UHLc1   11  - L nfe0
127/8  127.0.0.1  UGRS00  33224   lo0
127.0.0.1  127.0.0.1  UH  10  33224   lo0
224/4  127.0.0.1  URS 00  33224   lo0


$ /sbin/ifconfig
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224
   groups: lo
   inet 127.0.0.1 netmask 0xff00
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:02:e3:07:cc:df
   media: Ethernet autoselect (none)
   status: no carrier
   inet6 fe80::202:e3ff:fe07:ccdf%dc0 prefixlen 64 scopeid 0x1
nfe0: flags=8847UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:16:e6:82:17:da
   groups: egress
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet6 fe80::216:e6ff:fe82:17da%nfe0 prefixlen 64 scopeid 0x2
   inet xx.yy.ww.zz2 netmask 0xfff0 broadcast xx.yy.ww.zz3
pflog0: flags=141UP,RUNNING,PROMISC mtu 33224
enc0: flags=0 mtu 1536



[2] dmesg
OpenBSD 4.1-stable (GENERIC) #0: Mon May 28 18:06:28 PDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) 64 Processor 3200+ (AuthenticAMD 686-class, 512KB L2 cach
e) 2.02 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD erratum 89 present, BIOS upgrade may be required
real mem  = 536375296 (523804K)
avail mem = 481710080 (470420K)
using 4278 buffers containing 26943488 bytes (26312K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 05/11/06, BIOS32 rev. 0 @ 0xfb5f0, SMBIOS
rev. 2.3 @ 0xf0100 (43 entries)
bios0: Gigabyte Technology Co., Ltd. GA-K8N-SLi / GA-K8N-SLi-RH
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xdd64
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdc00/352 (20 entries)
pcibios0: PCI

Re: nfe0 problem (obsd 4.1)

[patrick keshishian]

On 6/24/07, Vijay Sankar [EMAIL PROTECTED] wrote:

On Sunday 24 June 2007 13:50, patrick keshishian wrote:
 Hi,

 I've been noticing some strange problems with the built-in nfe0
 interface on my desktop.  Actually I've seen it on two such
 computers, but the description below is for my current desktop PC.

 The PC is running `cvs up -dP -rOPENBSD_4_1' built. I'm including
 netstat, ifconfig output[1] and dmesg below[2].

 I've noticed that once in a while the nfe0 interface will stop
 sending and receiving data.  At this point I can not make it work
 again.  The only solution I have is to reboot the box.  I have
 installed a dc0 card in the box since.  The problem seemed
 intermittent and not reliably reproducible.  But I think I found
 a way to reproduce this problem on demand (at least for the time
 being).  I have an ssh session to another box, on which I run
 '/usr/bin/nm somelib.so'.  After a page or two of output the
 terminal hangs.  At this point nfe0 becomes unresponsive.

 I switch to the dc0 interface and the terminal finishes the output.
 Running the nm command while using the dc0 interface doesn't cause
 any problems.

I experienced similar problems last year and can empathize.

The following items improved my situation somewhat:

1) BIOS upgrade
2) Removing dual boot (I had both OpenBSD and Windows 2003 on one
machine. There were more errors if I did not power off after shutting
down Windows 2003 and just did a restart from within Windows. If I did
not unplug the machine after shutting down Windows, most of the time I
saw watchdog timeouts but if I powered off the host, and then powered
it back on, there were fewer errors)


Both boxes I have run solely OpenBSD.


One thing that I did notice was that after switching to the dc0
interface for a short while (5 min or so?), I could switch back
to the nfe0 and it would start responding again. Basically:

# /sbin/ifconfig dc0 delete
# /sbin/route delete default
# /sbin/ifconfig nfe0 inet IP netmask netmask up
# /sbin/route add default gateway

Therefore, a reboot isn't the only way to fix the problem (reset
the interface) as I had previously thought.  I am not sure exactly
what causes the interface to reset: idle time, no carrier, or
something completely random?


Either way, thanks for all the replies!




I experimented with different combinations and different switches
(10/100/1000, 10/100, and 10-Base-T). When all the hosts connected to a
10/100 switch were running at 100 MB/s then changing nfe0 from
autoselect to full-duplex using

ifconfig nfe0 media 100baseTX mediaopt full-duplex

seemed to eliminate nfe0 hangs as well as timeouts completely. I am not
sure whether this has any rational basis or is specific to some weird
situation in my network, but that has been my experience.

Vijay



 Interestingly enough, if I redirect the output of nm to a file
 and subsequently cat the file the nfe0 interface doesn't seem
 to exhibit the same problem.

 I am not sure how to diagnose this problem further.  I've enabled
 debug on the nfe0 interface (/sbin/ifconfig nfe0 debug), but don't
 see any output.

 Any and all suggestions are welcome.
 --patrick

Re: multi-disk external scsi enclosures

[Patrick Cummings]

 Date: Wed, 6 Feb 2008 07:12:55 -0500 From: [EMAIL PROTECTED] To:
misc@openbsd.org Subject: Re: multi-disk external scsi enclosures  Not sure
how much storage you are after here, but I'm not sure I believe that ten 9G
disks are better for your quest than one 100G disk. ONE 9G vs. ONE 100G?
Maybe (and even then...keep in mind that SATA cables are shielded, PATA and
older SCSI cables are not really shielded), but the fact that you need a lot
of them and they use more cabling is very possibly going to add up on you.

SATA cables aren't shielded either, because they're supposed to be used inside
an enclosure. eSATA cables are shielded.

_

Couple of MacBook Questions

[patrick keshishian]

Greetings,

I'm considering replacing my iBook G4 with possibly a MacBook
and I was hoping I'd find a couple of MacBook users that run
OpenBSD regularly on their MacBooks who could answer the
following for me.

First question I have is regarding swapping the caps-lock and
control keys (in OpenBSD... Google tells me that MacOS X 10.4+
has options to allow this).  My iBook laptop with its ADB
keyboard has given me enough grief and stress over this.  I
also am aware of Apple's Aluminum keyboards and their smart
caps-lock feature that requires a key-press of more than a
fraction of a second before it activates.  Good grief... I just
want to make sure I'm not setting myself up for disappointment
as I can't find any relevant info using Google.

Second question I have is about virtualization.  Just curious
to hear about any success stories.  Particularly interested in
Xen or similar and how they compare to Parallels.

TIA,
--patrick

problems configuring and making nmap 4.11 on OpenBSD 3.9 stable

[Patrick McNamee]

I'm running OpenBSD 3.9 stable, arch i386. Also
autoconf-2.59. I'd install the nmap package, but 
it's an older version.

When I run ./configure --with-openssl=/usr/sbin/ I get a
number of warnings like the following:

configure: WARNING: net/if.h: present but cannot be compiled
configure: WARNING: net/if.h: check for missing
prerequisite headers?
configure: WARNING: net/if.h: see the Autoconf documentation
configure: WARNING: net/if.h: section Present But
Cannot Be Compiled
configure: WARNING: net/if.h: proceeding with the
preprocessor's result
configure: WARNING: net/if.h: in the future, the compiler
will take precedence
configure: WARNING: ##
-- ##
configure: WARNING: ## Report this to the
AC_PACKAGE_NAME lists.  ##
configure: WARNING: ##
-- ##

This happens for several files: net/if.h, sys/sysctl.h, 
net/if_arp.h, net/fpvar.h, net/route.h, and
netinet/in_var.h. 

Then when I run make I get:

Makefile, line 1: Need an operator
Makefile, line 14: Need an operator
Makefile, line 15: Need an operator
Makefile, line 21: Need an operator
Makefile, line 38: Need an operator
Makefile, line 49: Need an operator
Makefile, line 51: Need an operator
Makefile, line 190: Could not find makefile.dep
Fatal errors encountered -- cannot continue

I can provide the contents of my config.log file if
necessary.

TIA for help.

Socket 10/100 Ethernet CF Card

[Patrick Heim]

I have a little problem - my Socket 10/100 CF Ethernet card is not
properly recognized under 4.0 snapshot (9/1/06).  It never was, but I saw
a changelong entry Support Compaq Flash Socket CF 10/100 card in ne(4).
(http://www.openbsd.org/plus.html) and was expecting that it would.

dmesg output is:
ne0 at pcmcia1 function 0 Socket, CF+ 10/100 Ethernet, 1.0 port 0x0/32:
can't match ethernet vendor code

It looks like all that may be needed is binding the corect vendor code to
the ne driver

I can't figure out how to get the vendor code under OpenBSD.  Under Linux,
cardctl reports:
   product info: Socket, CF+ 10/100 Ethernet, 1.0
   manfid: 0x0104, 0x0145
   function: 6 (network)

Any help?

Cheers,

Patrick

disks not detected during install

[Patrick Cummings]

Hi misc,

I'm trying to setup a new openbsd 3.9 install on i386. It worked before on 
that computer when I installed quickly to test for compatibility, but I 
needed to finish up some hardware stuff on it and then I wanted to install 
for real but it does not work anymore.


It hangs at the disk: line

Loading /3.9/I386/CDBOOT
probing: pc0 com0 apm mem[639K 382M a20=on]
disk:

and then it stays there forever.

The computer has two storage controllers. One is an ami-compatible raid 
controller. The other is the pciide-compatible sata sil3114 chip. Both 
appear to be working.


If I unplug the scsi drives from the controller and leave the controller in, 
it will work.

Also if I unplug the sata drives and leave the controller in, it will work.

However all appears to be working quite well as I can install win2000 on it 
and all drives work well. Also as I've said openbsd 3.9 worked on it just a 
few days ago, but I can't find what I've changed. I thought it might be a 
bios settings problem so I played with the settings, but nothing seemed to 
help.


Overall I think this makes no sense, what are some of the problems that 
might be happening?

Re: disks not detected during install

[Patrick Cummings]

On 11/10/06, Patrick Cummings [EMAIL PROTECTED] wrote:

Hi misc,

I'm trying to setup a new openbsd 3.9 install on i386. It worked before on
that computer when I installed quickly to test for compatibility, but I
needed to finish up some hardware stuff on it and then I wanted to install
for real but it does not work anymore.

It hangs at the disk: line

Loading /3.9/I386/CDBOOT
probing: pc0 com0 apm mem[639K 382M a20=on]
disk:

and then it stays there forever.

The computer has two storage controllers. One is an ami-compatible raid
controller. The other is the pciide-compatible sata sil3114 chip. Both
appear to be working.

If I unplug the scsi drives from the controller and leave the controller 
in,

it will work.
Also if I unplug the sata drives and leave the controller in, it will 
work.


However all appears to be working quite well as I can install win2000 on 
it
and all drives work well. Also as I've said openbsd 3.9 worked on it just 
a

few days ago, but I can't find what I've changed. I thought it might be a
bios settings problem so I played with the settings, but nothing seemed to
help.

Overall I think this makes no sense, what are some of the problems that
might be happening?


Can you boot from any of the install boot floppies?
If so, can you provide a dmesg?



Sure, I can get a dmesg if I use it with the two sata drives unplugged:

OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 1 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXS   
   R,SSE

real mem  = 402169856 (392744K)
avail mem = 359616512 (351188K)
using 4278 buffers containing 20209664 bytes (19736K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(71) BIOS, date 04/12/01, BIOS32 rev. 0 @ 0xfb1b0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdbd4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdb40/144 (7 entries)
pcibios0: PCI Exclusive IRQs: 10 11 15
pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C596A ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xa000 0xcc000/0x2200
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA VT82C691 PCI rev 0xc4
ppb0 at pci0 dev 1 function 0 VIA VT82C598 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 S3 Savage 4 rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 VIA VT82C686 ISA rev 0x40
pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x06: ATA100, 
channel 0   configured to compatibility, channel 1 configured to 
compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SONY, CD-ROM CDU5221, 0.30 SCSI0 5/cdrom 
removab  le

cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 7 function 2 VIA VT83C572 USB rev 0x16: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 7 function 3 VIA VT83C572 USB rev 0x16: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
viaenv0 at pci0 dev 7 function 4 VIA VT82C686 SMBus rev 0x40
rl0 at pci0 dev 11 function 0 Realtek 8139 rev 0x10: irq 10, address 
00:02:44:  26:2f:12

rlphy0 at rl0 phy 0: RTL internal PHY
ami0 at pci0 dev 12 function 0 AMI MegaRAID Series 428 rev 0x04: irq 11 
AMI 42  8 32b

ami0: FW UF82, BIOS v1.66, 16MB RAM
ami0: 2 channels, 16 targets, 1 logical drives
scsibus1 at ami0: 1 targets
sd0 at scsibus1 targ 0 lun 0: AMI, Host drive #00,  SCSI2 0/direct fixed
sd0: 34730MB, 34730 cyl, 64 head, 32 sec, 512 bytes/sec, 71127040 sec total
pciide1 at pci0 dev 13 function 0 CMD Technology SiI3114 SATA rev 0x02: 
DMA

pciide1: using irq 15 for native-PCI interrupt
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
biomask fbed netmask ffed ttymask ffef
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: sd0 matches BIOS drive 0x80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02

Re: c.93.3 not found when installing packages

[patrick keshishian]

Christian Weisgerber [EMAIL PROTECTED] wrote:


I expect a new snapshot to be available by Monday.

(Building a full package snapshot now takes ~68 hours on the Xeon
2.66 GHz dedicated to the job.  If somebody wants to donate a new
high-end machine for the task, talk to Theo what his rack can
accommodate.)



Hmm.. can you use a few such machines and employ distcc?
I couldn't help notice that a port for it was recently submitted
to [EMAIL PROTECTED]

distcc significantly reduces compile time.  At work we used
to run it on our individual boxes and our compiles would take
a fraction of the normal time.





--
Christian naddy Weisgerber  [EMAIL PROTECTED]

Unknown . dir in a daily insecurity report

[Patrick Rutkowski]

I don't know what I'm supposed to make of this:

=== Start Message ===

Subject: my host name daily insecurity output

Checking special files and directories.
Output format is:
filename:
criteria (shouldbe, reallyis)
.:  permissions (0755, 0777)

=== End Message ===

Normally I don't get daily insecurity reports, which I take to mean  
that everything is OK. But for the past two nights I have gotten this  
one; and I can't figure out what it's trying to tell me.


cmd sudo find / -perm 777 /cmd will show no output other than  
when I deliberately create a single chmod 777 file, at which point it  
will show only that one file. This proves that that find is working  
properly and that there are, as far as I can tell, no chmod 777 files  
on my system.


The only thing worth mentioning about my system is that it's still  
running 3.8.


-Patrick

Re: Unknown . dir in a daily insecurity report

[Patrick Rutkowski]

On Oct 26, 2006, at 4:04 AM, Otto Moerbeek wrote:



On Thu, 26 Oct 2006, Patrick Rutkowski wrote:


I don't know what I'm supposed to make of this:

=== Start Message ===

Subject: my host name daily insecurity output

Checking special files and directories.
Output format is:
filename:
criteria (shouldbe, reallyis)
.:  permissions (0755, 0777)

=== End Message ===

Normally I don't get daily insecurity reports, which I take to  
mean that
everything is OK. But for the past two nights I have gotten this  
one; and I

can't figure out what it's trying to tell me.

cmd sudo find / -perm 777 /cmd will show no output other than  
when I
deliberately create a single chmod 777 file, at which point it  
will show only
that one file. This proves that that find is working properly and  
that there

are, as far as I can tell, no chmod 777 files on my system.

The only thing worth mentioning about my system is that it's still  
running

3.8.


It looks like your / dir has the wrong permissions.

-Otto



Yup, that was it; ty :-D

problems installing mysql-python

[Patrick McNamee]

Hi all,

I've been unable to successfully install mysql-python. 

Here are the details:


##
# versions:
##
OpenBSD 3.9 stable
Python 2.5
MySQL 3.23.58
MySQL-python-1.2.1_p2


##
# build results:
##
% python setup.py build
running build
running build_py
creating build
creating build/lib.openbsd-3.9-i386-2.5
copying _mysql_exceptions.py - build/lib.openbsd-3.9-i386-2.5
creating build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/__init__.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/converters.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/connections.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/cursors.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/release.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/times.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb
creating build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/__init__.py -
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/CR.py -
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/FIELD_TYPE.py -
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/ER.py -
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/FLAG.py -
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/REFRESH.py -
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/CLIENT.py -
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
running build_ext
building '_mysql' extension
creating build/temp.openbsd-3.9-i386-2.5
gcc -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC
-I/usr/local/include/mysql -I/usr/local/include/python2.5 -c _mysql.c -o
build/temp.openbsd-3.9-i386-2.5/_mysql.o
-Dversion_info=(1,2,1,'final',2) -D__version__=1.2.1_p2
_mysql.c: In function `_mysql_server_init':
_mysql.c:222: warning: unused variable `s'
_mysql.c:223: warning: unused variable `cmd_argc'
_mysql.c:223: warning: unused variable `i'
_mysql.c:223: warning: unused variable `groupc'
_mysql.c:224: warning: unused variable `item'
_mysql.c:298: warning: label `finish' defined but not used
_mysql.c: In function `_mysql_escape_dict':
_mysql.c:1132: warning: passing arg 2 of `PyDict_Next' from incompatible
pointer type
gcc -shared -fPIC build/temp.openbsd-3.9-i386-2.5/_mysql.o
-L/usr/local/lib/mysql -lmysqlclient -lz -lm -o
build/lib.openbsd-3.9-i386-2.5/_mysql.so


##
# install results:
##
[root]# python setup.py install
running install
running build
running build_py
copying MySQLdb/release.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb
running build_ext
running install_lib
copying build/lib.openbsd-3.9-i386-2.5/_mysql_exceptions.py -
/usr/local/lib/python2.5/site-packages
creating /usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/__init__.py -
/usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/converters.py -
/usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/connections.py -
/usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/cursors.py -
/usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/release.py -
/usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/times.py -
/usr/local/lib/python2.5/site-packages/MySQLdb
creating /usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/__init__.py -
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/CR.py -
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/FIELD_TYPE.py
- /usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/ER.py -
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/FLAG.py -
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/REFRESH.py -
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/CLIENT.py -
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/_mysql.so -
/usr/local/lib/python2.5/site-packages
byte-compiling
/usr/local/lib/python2.5/site-packages/_mysql_exceptions.py to
_mysql_exceptions.pyc
byte-compiling
/usr/local/lib/python2.5/site-packages/MySQLdb/__init__.py to
__init__.pyc
byte-compiling
/usr/local/lib/python2.5/site-packages/MySQLdb/converters.py to
converters.pyc
byte-compiling
/usr/local/lib/python2.5/site-packages/MySQLdb/connections.py to
connections.pyc
byte-compiling /usr/local/lib/python2.5/site-packages/MySQLdb/cursors.py
to 

Re: problems installing mysql-python

[Patrick McNamee]

On Fri, Oct 27, 2006 at 05:25:50PM +0200, Joerg Zinke wrote:

 mysql-python is in ports/packages.

When I tried to install the package, it wanted a newer version of MySQL.


 i assume you want to install or have already installed all this versions
 from source on 3.9? a bleeding edge python version vs. a historic mysql-
 version, why?

I like MySQL 3.23.58. It's easy to use, fast, and meets my needs.

 why did you not take the versions from ports in -current or the
 packages from 3.9?

I wanted the newest Python and mysql-python.

Rexx on openBSD

[Patrick Cummings]

Hi misc,

I would like to know if I can use the Rexx programming language on openBSD, 
and if yes, how.


Thanks

_
Ne perdez pas de temps dans les files dattente magasinez en ligne.  
http://magasiner.sympatico.msn.ca

Re: disks not detected during install

[Patrick Cummings]

On 11/10/06, Patrick Cummings [EMAIL PROTECTED] wrote:

Hi misc,

I'm trying to setup a new openbsd 3.9 install on i386. It worked before 
on

that computer when I installed quickly to test for compatibility, but I
needed to finish up some hardware stuff on it and then I wanted to 
install

for real but it does not work anymore.

It hangs at the disk: line

Loading /3.9/I386/CDBOOT
probing: pc0 com0 apm mem[639K 382M a20=on]
disk:

and then it stays there forever.

The computer has two storage controllers. One is an ami-compatible raid
controller. The other is the pciide-compatible sata sil3114 chip. Both
appear to be working.

If I unplug the scsi drives from the controller and leave the controller 
in,

it will work.
Also if I unplug the sata drives and leave the controller in, it will 
work.


However all appears to be working quite well as I can install win2000 on 
it
and all drives work well. Also as I've said openbsd 3.9 worked on it just 
a

few days ago, but I can't find what I've changed. I thought it might be a
bios settings problem so I played with the settings, but nothing seemed 
to

help.

Overall I think this makes no sense, what are some of the problems that
might be happening?


Can you boot from any of the install boot floppies?
If so, can you provide a dmesg?



Sure, I can get a dmesg if I use it with the two sata drives unplugged:

OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
. (end deleted)



I just tried back a few days ago, now it's working. I think it might be 
caused by a flawed bios on the motherboard. Also I noticed the operating 
sytem won't boot if either the mouse or keyboard is unplugged. It simply 
hangs when it should boot with no errors. That might be bios problems too if 
I'm not wrong. I think I will buy a new motherboard. This time I'll try with 
a gigabyte board instead of ECS. The hardware was a few years old anyway. 
ECS refused to provide support when I contacted them because the motherboard 
is EOL'ed.


_
Achetez ce que vous voulez, quand vous voulez sur Sympatico / MSN Magasiner 
http://magasiner.sympatico.msn.ca/content/shp/?ctId=101,ptnrid=176,ptnrdata=081805

Re: OT Was: Wanted: OpenBSD Systems Administrator

[Patrick Useldinger]

Jack J. Woehr wrote:
The real problem is that when outsiders stumble into our newsgroups,  
we shriek, Ni! Ni! and

demand another shrubbery. Maybe we should just chill out a bit.


True. I'm currently evaluating OpenBSD and I am trying to understand the 
mindset of OpenBSD users by reading the newsgroups. And this thread *is* 
strange.


-pu

mixed (compile from source, binary update) approach

[Patrick Useldinger]

Hi,

I expected that this question had come up many times before but I didn't 
find anything in the archives, so here I go.


My understanding is that OpenBSD version updates can only be done with 
binaries. Likewise, for additional application installation, packages 
i.e. binaries are favored over ports i.e. compiling from source.


Why then, otoh, does following -stable involve compiling from source?

I thought that the rationale for using binaries was security: everybody 
is guaranteed to use exactly the same binaries so there's no risk that 
for some reason, on one machine, the compile process would yield in a 
different result. Yet the same argument would be true for following 
-stable, especially as using the GENERIC kernel is the only supported 
configuration.


So I guess I am missing something decisive here. Can anybody shed some 
light on _why_ there are 2 different ways to update?



Regards,
-pu

Re: mixed (compile from source, binary update) approach

[Patrick Useldinger]

Nick Holland wrote:


UpGRADING (changing functionality, changing version numbers) from source
is HARD.  Having thousands of people thinking they should be able to
build a new version from some arbitrary old version by source is a
leading cause of developer hair loss, and helping those people would
waste an incredible amount of developer time.


Why is is hard? If I pull the complete sources from cvs, so that every 
file used in the Makefiles is present and up to date, the build process 
would be just as trivial I assume. In what case would this _not_ be true?


(I'm really trying to understand where the risk is)


ON THE OTHER HAND, upDATING (patching) by source is trivial.  It Just
Works (when you follow the directions).


Yes, I updated a 3.9 yesterday, and it worked fine. Updating from source 
would be just as easy (but quicker). So I understand that it's more a 
lack of resources and that you'd be just as fine with binary upgrades if 
they were officially supported.


Which raises a second question - why are packages used for additional 
software but not for OpenBSD core?


Regards,
-pu

Re: mixed (compile from source, binary update) approach

[Patrick Useldinger]

Nick Holland wrote:


I think you were confusing UPGRADE and UPDATE there someplace.


No, I updated 3.9-release to 3.9-stable.


Remove (or don't install) Sendmail...  Boom, your daily reports are
now non-functional.  There are other ways you could get the same info,
but none of them quite as simple or built-in.  Remove Perl, suddenly,
the package tools would stop working (and that would be unfortunate
when you wished to reinstall Perl). The developers have assumed
certain things are in the basic installation.  Verifying the
dependencies for every combination of core packages would be
difficult...and pointless.


Well I think that's feasible, it the package manager manages 
dependencies and the dependencies in the packages are correct.



Plus, the whole thing would look like a number of Linux distributions,
which think nothing of requiring some of six CDs for a basic install,
installing five different screen editors, but think that locate(1) and
sudo(8) are options (and lots of the stuff is broken, because there
is just too much stuff to test).  The developers have picked a set of
apps they feel makes a system highly useful, and yet keep the system
very lean.  We can be pretty sure that unless you do something strange,
your base system looks a lot like my base system.  The base system
can still be installed with ease on a 250M flash device or a very old
hard disk, which is leaner than most of the more modular systems
end up being.


That's true, but by actually using packages, following -stable could be 
done by updating small packages and it would perhaps make binary updates 
easier because only parts of the OS would have to be updated.


-pu

Re: mixed (compile from source, binary update) approach

[Patrick Useldinger]

Joachim Schipper wrote:


For instance, OpenBSD 4.0 introduced a warning for large stacks, and 4.0
kernels are compiled with this option. Compiling a pre-4.0 -current on
3.9 is thus impossible.


That's indeed a good example. While there's probably a way around it by 
upgrading in several steps, indeed the upgrade could become quite messy 
and complicated, and change from release to release.



Other, usually more subtle, problems also exist. Since snapshots are
easy to support and easy to use, they are preferred.


Don't get me wrong, I prefer the binary approach. I'd rather have only 
binary upgrades and updates than only upgrades and updates from source.



Again, because there are lots of interdependencies. It's not like you
can get away with using packages for gcc, glibc and binutils on Linux,
for instance. Sure, they'll package them for you, but don't try to make
any other combination than the official...


Well, you could, if your package manager manages dependencies correctly. 
OpenBSD's package manager does AFAIK.



However, some things are just that way for historical reasons - it might
be possible to make a package out of Apache 1.3, for instance. (However,
Apache in particular has been changed quite a bit from the 'official'
version.)


Yes, that's probably the main reason.

Thanks for your explanations. Now I'm wondering why FreeBSD maintains 
the upgrade from source approach, but that's for a different list 
(yes, I read that in FreeBSD 6.2 you can do binary upgrades now - but 
actually I am not interested in FreeBSD at this point).


Thanks very much for your explanations. I hate it when things don't make 
sense to me.


-pu

more than one OBSD slice on the same harddisk?

[Patrick Useldinger]

List,

If I have a harddisk with one OBSD slice and one other slice (say 
Linux), can I convert that second slice to OBSD A6 and use it from the 
same OBSD installation?

If so, what will be the disklabel numbering?

Regards,
-pu

rdr woes (3.9) transparent bridge pf

[patrick keshishian]

Greetings,

I have a transparent bridged pf serving my home network.
It has been running fairly nicely for some time now.

I have a web server behind it which I'm trying to move
to another server, same network, different IP.

I thought it might be a simple thing to just use a rdr
rule to point traffic intended for web server one (www1)
to web server two (www2) until the DNS changes take place.

But it doesn't seem to be working as expected.  Just to
test this out before committing to it, I added the following
to my pf.conf

   rdr proto tcp to $www1 port 8080 - $www2 port www

I fire up a browser and type in the URL:

   http://www1:8080/

But it just sits there trying to load.  Client shows SYN_SENT
state.  www2 shows no states.  `pfctl -ss -v' shows:


all tcp www2:80 - www1:8080 - client:49639   CLOSED:SYN_SENT
all tcp client:49639 - www2:80   SYN_SENT:CLOSED



Is there something I'm missing?

Anything else I should be keeping an eye on?


Note that client can connect to either web server directly,
that is there are no filter rules blocking client from
connecting to www[12]:80.


The only thing I can think of that may be putting a kink in
this picture is that the pf server is bridging the
interfaces transparently, and I'm using tags to base my
filtering policies on.  Reading pf.conf(5) I don't see any
particular thing that could cause problems with this
set up.


Any help would be appreciated.

--patrick

ccd, disklabel and partition 'a'

[Patrick Useldinger]

I am currently experimenting with ccd(4) and although it appears to 
work, I am uncomfortable with one point.


I have configured 2 partitions as a JBOD (interleave 0). However, the 
first of these partitions is partition 'a' of one disk. So the first 
effect I had was that ccd0 appeared to have the same disklabel as the 
first disk.


I read through the mailing list archives and found a thread explaining 
that the disklabel is stored around the beginning of partition 'a' and 
that one should allocate a small partition 'a' which should not be made 
part of the JBOD.


What I am uncomfortable with is that

1) this does not appear to be documented in the man pages anywhere

2) that the size and position of the disklabel of partition 'a' is not 
clearly stated anywhere so that I can be certain that it doesn't get 
overwritten and that I am not wasting too much space.


Can anybody please shed some light on this?

Regards,
-pu

Re: ccd, disklabel and partition 'a'

[Patrick Useldinger]

Otto Moerbeek wrote:


I read through the mailing list archives and found a thread explaining that
the disklabel is stored around the beginning of partition 'a' and that one
should allocate a small partition 'a' which should not be made part of the
JBOD.


I think you misread. It's enough to make sure the a partitions starts
after the first track. Just run fdisk -i on a new (ccd) disk. It
takes care of that. 


I am talking about the physical disk, not the ccd disk.

In this case, the physical disk is wd1, which has been initialized by 
fdisk -i. I then created wd1a and wd1b. wd1's disklabel gets put into 
the beginning of wd1a if I understood correctly. Because when I create 
ccd0 with wd1a and wd1b as members, ccd0 has the same disklabel as wd1.



What I am uncomfortable with is that

1) this does not appear to be documented in the man pages anywhere


http://www.openbsd.org/faq/faq14.html#disklabel

True, the FAQ is not 'offcial documentation'


To me it is. But the information isn't there. What comes close is 
disklabel(5) which states:


The label is located in sector number LABELSECTOR of the drive, usually 
 sector 0 where it may be found without any information about the 
disk ge   ometry. 


Usually sector 0 is a little vague.

Still confused,
-pu

Re: ccd, disklabel and partition 'a'

[Patrick Useldinger]

Otto Moerbeek wrote:

How are we supposed to help if you omit all relevant info? dmesg,
disklabels, fdisk info...


A good start would be to read my post, all the information is there. 
Except for dmesg, which is not useful in this case.


-pu

Re: ccd, disklabel and partition 'a'

[Patrick Useldinger]

christian widmer wrote:


man ccd:
 Note that the `raw' partitions of the disks should not be combined. Each 
component partition should be offset at least one cylinder from the beginning 
of the component disk.


What is a raw partition in that case? In the examples I found, the 
members of the ccd disk were always wdxy such as wd1a, wd1b, which is 
exactly what I did.



see also thread on misc:
CCD: started on 17 jan 2007 by Chris Mika


I did. But in that thread it doesn't become clear how much space to skip.

i used 'disklabel -e ccd0' to change the type to 'unused'. after that i 
created one big partition 'd' on the ccd0 drive.


Does the name really matter? Whether your partition is called 'a' or 
'd', doesn't the disklabel get stored into the beginning of the first 
partition anyway?


-pu

Re: Intel D945GCLF2

[Patrick Hemmen]

I use a Morex CUBID CP2600 [1] with a Morex 60W Power Kit. In Germany 
for approximately 110 Euro. I installed a  2.5 hard drive and pinched 
off the noisy case fans. Also I bought a new north bridge fan [2]. It 
could be still quieter, but it's much better as before.


[1] 
http://www.morex.com.tw/products/productdetail.php?fd_id=35PHPSESSID=c88735b8e065cbbc0dcf57dce9f48f8e

[2] http://www.scythe-usa.com/product/acc/016/sy124010l_detail.html

--
Patrick
Chris Cohen wrote:

Anathae Townsend wrote:

checkout http://kerneltrap.org/mailarchive/openbsd-misc/2008/9/30/3457064

 

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of Chris Cohen
Sent: Friday, January 02, 2009 12:41 PM
To: misc@openbsd.org
Subject: Intel D945GCLF2

Has anyone installed openbsd on the Atom board D945GCLF2? If so could
you post a dmesg and does it run stable?

--
Thanks
Chris


thanks!
could someone please share what case he is using? I've found serveral,
but they are all either too expensive or for in-car use.

Re: Intel D945GCLF2

[Patrick Hemmen]

No problem. Here the output of 'sysctl -a|grep  hw'.

hw.machine=i386
hw.model=Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class)
hw.ncpu=2
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=wd0
hw.diskcount=1
hw.sensors.cpu0.temp0=32.00 degC
hw.sensors.admtm0.temp0=22.00 degC (Internal)
hw.sensors.admtm0.temp1=36.00 degC (External)
hw.sensors.admtm0.temp2=28.00 degC (External)
hw.sensors.admtm0.volt0=2.54 VDC (2.5 V)
hw.sensors.admtm0.volt1=0.00 VDC (Vccp)
hw.sensors.admtm0.volt2=2.44 VDC (3.3 V)
hw.sensors.admtm0.volt3=4.97 VDC (5 V)
hw.sensors.admtm0.volt4=12.12 VDC (12 V)
hw.sensors.admtm0.volt5=3.27 VDC (Vcc)
hw.sensors.admtm0.volt6=1.57 VDC (1.5 V)
hw.sensors.admtm0.volt7=1.78 VDC (1.8 V)
hw.cpuspeed=1613
hw.setperf=100
hw.vendor=Intel Corporation
hw.product=D945GCLF2
hw.uuid=c3d16cf0-8dd7-11dd-b190-00112550a074
hw.physmem=2135662592
hw.usermem=2135646208

--
Patrick

Chris Cohen wrote:

Patrick Hemmen wrote:
I use a Morex CUBID CP2600 [1] with a Morex 60W Power Kit. In Germany 
for approximately 110 Euro. I installed a  2.5 hard drive and pinched 
off the noisy case fans. Also I bought a new north bridge fan [2]. It 
could be still quieter, but it's much better as before.


Thanks for your two replies. I've just got one more question.
Can you read the temperatures with sysctl? (I'm thinking about a totally 
 fanless design, since this thing would only route (Gbit LAN+DMZ and 
DSL) and run pf. So temperature monitoring would be nice)

pppd, ip-up script and privileges

[patrick keshishian]

Hi,

I'm curious about why privileges are revoked before executing
ip-{up,down} scripts?

ROUTING section of pppd(8) says:

+--- pppd(8)
| When IPCP negotiation is completed successfully,
| pppd will inform the kernel of the local and remote
| IP addresses ... to create a host route to the remote
| end ... which will enable the peers to exchange IP
| packets. Communication with other machines generally
| requires further modification to routing tables. In
| most cases the defaultroute [is] sufficient for this,
| but in some cases further intervention is required.
| The /etc/ppp/ip-up script can be used for this.
+-

However, if ip-up is to change the routing table it will require
root privilege.

Am I missing something?

--patrick

gumstix port: any plans to include the OVERO board?

[Patrick Oeschger]

gumstix support for the PXA270 (ARM based) seems to be included in the
current cvs sources..
...as you know there is a new board from gumstix with the OMAP3503
processor from Texas Instruments
any plans to support this board in the near future?
i would be glad to test and support (but am no kernel developer yet)
thx
/pat

Re: pppd, ip-up script and privileges

[patrick keshishian]

Stuart Henderson stu at spacehopper.org writes:

 
 On 2009-01-04, patrick keshishian sidster at boxsoft.com wrote:
  Hi,
 
  I'm curious about why privileges are revoked before executing
  ip-{up,down} scripts?
 
  ROUTING section of pppd(8) says:
 
  +--- pppd(8)
  | When IPCP negotiation is completed successfully,
  | pppd will inform the kernel of the local and remote
  | IP addresses ... to create a host route to the remote
  | end ... which will enable the peers to exchange IP
  | packets. Communication with other machines generally
  | requires further modification to routing tables. In
  | most cases the defaultroute [is] sufficient for this,
  | but in some cases further intervention is required.
  | The /etc/ppp/ip-up script can be used for this.
  +-
 
  However, if ip-up is to change the routing table it will require
  root privilege.
 
  Am I missing something?

 Looks like a bug to me. The actual behaviour is not what is documented
 in the SCRIPTS section of the manual The scripts are executed as root
 (with the real and effective user ID set to 0).
 
 Upstream (now hosted at ppp.samba.org) changed this to setuid(0), we
 haven't synced since then.
 
 - (void) chdir (/); /* no current directory. */
 - setuid(geteuid());
 + (void) chdir (/); /* no current directory. */
 + setuid(0);  /* set real UID = root */
 

http://git.ozlabs.org/?p=ppp.git;a=commit;h=a00baab063b349591289cbde22ab40cf80b8f0af
 
 We changed to use setresuid() rather than setuid(), but this didn't change
 behaviour here. I guess many people will run pppd as root so they won't
 notice the problem (afaict, it only happens if you start as a non-root
 member of the group network).


As discussed (off-line) this was changed in -r1.45 by d...@.
Since no one else is chiming in, I'm asking if someone will
looking into updating this, or was there a valid reason why
it was decided to prevent scripts to run with root privilege
in our local copy of pppd?

I'm not a heavy pppd user so I can't test this patch thoroughly.
But if there are not glaring issues with running the scripts
from pppd (ip-up, ip-down, ...) with uid set to 0 I can give
it a go.

--patrick

Re: pppd, ip-up script and privileges

[patrick keshishian]

Stuart Henderson stu at spacehopper.org writes:

 
 On 2009-01-07, patrick keshishian pkeshish at gmail.com wrote:
 
  
 
 
http://git.ozlabs.org/?p=ppp.git;a=commit;h=a00baab063b349591289cbde22ab40cf80b8f0af
  
  We changed to use setresuid() rather than setuid(), but this didn't change
  behaviour here. I guess many people will run pppd as root so they won't
  notice the problem (afaict, it only happens if you start as a non-root
  member of the group network).
 
 
  As discussed (off-line) this was changed in -r1.45 by d...@.
  Since no one else is chiming in, I'm asking if someone will
  looking into updating this, or was there a valid reason why
  it was decided to prevent scripts to run with root privilege
  in our local copy of pppd?
 
 you misinterpreted this,
 
  We changed to use setresuid() rather than setuid(), but this didn't change
^^
  behaviour here.
^^
 
 upstream's old code: drop privileges
 
  -  (void) chdir (/); /* no current directory. */
  -  setuid(geteuid());

I don't know how to use git, nor am I finding their web-interface very
intuitive, but from the link you provided, looking at the diff for
main.c, upstream never had setuid(geteuid()) as far as I can see:

/* Leave the current location */
-   (void) setsid();/* No controlling tty. */
+   (void) setsid();/* No controlling tty. */
(void) umask (S_IRWXG|S_IRWXO);
-   (void) chdir (/); /* no current directory. */
+   (void) chdir (/); /* no current directory. */
+   setuid(0);  /* set real UID = root */
setgid(getegid());

They only added the setuid(0).


 upstream's new code: setuid(root) (even though it's already running
 as root..?)

Effective uid may be root, assuming they are installing it like OpenBSD
is, set-user-ID bit set, but real uid is that of the user who invoked
pppd.

  +  (void) chdir (/); /* no current directory. */
  +  setuid(0);  /* set real UID = root */
 
 the setuid() - setresuid() change made in OpenBSD did not affect this.
 the old version in OpenBSD and upstream both dropped privileges for
 these scripts.

OpenBSD's copy changed this -r1.44 -r1.45 main.c

@@ -1195,8 +1203,14 @@ run_program(prog, args, must_exist)
(void) setsid();/* No controlling tty. */
(void) umask (S_IRWXG|S_IRWXO);
(void) chdir (/); /* no current directory. */
-   setuid(geteuid());
-   setgid(getegid());
+
+   /* revoke privs */
+   uid = getuid();
+   gid = getgid();
+   if (setresgid(gid, gid, gid) == -1 || setresuid(uid, uid, uid) == -1) {
+   syslog(LOG_ERR, revoke privileges: %s, strerror(errno));
+   _exit(1);
+   }

setuid(geteuid()) is equivalent to setuid(0) since set-user-ID pppd
will have effective uid of 0 (file owner is root). This was changed
to setuid(getuid()) which changes the uid to the userid invoking
pppd.

Which is causing the problem of ip-up not being able to update the
routes: insufficient privileges.

--patrick

after 4.3 - 4.4 upgrade, fails to boot

[Patrick Cummings]

Hello to everyone,
I have one home firewall/router PC that I use since 3.8 that I upgrade every 6
month. Yesterday I did the 4.3 - 4.4 upgrade using a boot cd. However, it
fails to boot when I reboot (after the upgrade, when I boot it for the first
time from the hard drive). And by that, I mean that it simply prints this:

 OpenBSD/i386 BOOT 3.02
boot
booting hd0a:/bsd: 6238560+1041588=0x6f1788
entry point at 0x200120


And then nothing else. Forever. It just stays there.

Is there any change from 4.3 to 4.4 that could have caused this with my
hardware? (a dmesg follows) Could it be that I now need a custom kernel? How
could I get more infos about what is wrong with it (I don't know how to get
more debugging). I have recovered 4.3 from backups and it works like it used
to.

Thanks to anyone that can help!


OpenBSD 4.3 (GENERIC) #0: Mon Sep  1 01:52:32 EDT 2008
r...@.***.**.net:/usr/src/sys/arch/i386/compile/GENER
IC
cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 234 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
cpu0: F00F bug workaround installed
real mem  = 267939840 (255MB)
avail mem = 251023360 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/15/95, BIOS32 rev. 0 @ 0xfdb80
apm0 at bios0: Power Management spec V1.2 (BIOS management disabled)
apm0: APM power management enable: power management disabled (1)
apm0: APM engage (device 1): power management disabled (1)
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI BIOS has 5 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA rev
0x00)
pcibios0: PCI bus #1 is the last bus
WARNING: can't reserve area for I/O APIC.
bios0: ROM list: 0xc/0x8000 0xc8000/0x2c00 0xcb000/0x1000 0xcc000/0x1000
0xcd000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82439TX System rev 0x01
piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x01
pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 10
piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x01: polling
iic0 at piixpm0
iic0: addr 0x2d 00=a8 01=c3 02=68 03=30 05=18 06=02 07=59 08=18 09=0b 0a=60
0b=46 0c=a0 0d=d4 0e=80 10=24 11=4c 12=68 13=04 14=33 15=99 16=28 17=40 18=52
19=5c 1a=a4 1b=49 1c=45 1d=a0 1e=cc 1f=92 20=b7 21=3c 22=01 23=80 24=11 26=e2
27=5e 28=23 29=f1 2a=2c 2b=3c 2c=60 2d=2f 2e=a3 2f=b0 30=cc 31=23 32=0b 33=ac
34=76 35=98 36=1c 37=05 38=04 39=10 3a=0a 3b=0a 3c=5e 3d=03 3e=78 3f=82 40=08
46=40 47=57 48=2d 49=40 4b=40 4c=40 4d=40 4e=78 50=08 56=40 57=57 58=2d 59=40
5a=40 5b=40 5c=40 5d=40 5e=40 60=b7 61=3c 62=01 63=80 64=11 66=e2 67=5e 68=23
69=f1 6a=2c 6b=3c 6c=60 6d=2f 6e=a3 6f=b0 70=cc 71=23 72=0b 73=ac 74=76 75=98
76=1c 77=05 78=04 79=10 7a=0a 7b=0a 7c=5e 7d=03 7e=78 7f=82 80=a8 81=c3 82=68
83=30 85=18 86=02 87=59 88=18 89=0b 8a=60 8b=46 8c=a0 8d=d4 8e=80 90=24 91=4c
92=68 93=04 94=33 95=99 96=28 97=40 98=52 99=5c 9a=a4 9b=49 9c=45 9d=a0 9e=cc
9f=92 a0=b7 a1=3c a2=01 a3=80 a4=11 a6=e2 a7=5e a8=23 a9=f1 aa=2c ab=3c ac=60
ad=2f ae=a3 af=b0 b0=cc b1=23 b2=0b b3=ac b4=76 b5=98 b6=1c b7=05 b8=04 b9=10
ba=0a bb=0a bc=5e bd=03 be=78 bf=82 c0=08 c6=40 c7=57 c8=2d c9=40 ca=40 cb=40
cc=40 cd=40 ce=40 d0=08 d6=40 d7=57 d8=2d d9=40 da=40 db=40 dc=40 dd=40 de=40
e0=b7 e1=3c e2=01 e3=80 e4=11 e6=e2 e7=5e e8=23 e9=f1 ea=2c eb=3c ec=60 ed=2f
ee=a3 ef=b0 f0=cc f1=23 f2=0b f3=ac f4=76 f5=98 f6=1c f7=05 f8=04 f9=10 fa=0a
fb=0a fc=5e fd=03 fe=78 ff=82 words 00=a880 01=c380 02=6880 03=3080 04=0080
05=1880 06=0280 07=5980 08=1880 09=0b80 0a=6080 0b=4680 0c=a080 0d=d480
0e=8080 0f=0080
lmtemp0 at iic0 addr 0x4a: lm75
spdmem0 at iic0 addr 0x50: 256MB SDRAM non-parity PC133CL3
ppb0 at pci0 dev 17 function 0 Intel i960 RP PCI-PCI rev 0x03
pci1 at ppb0 bus 1
ami0 at pci0 dev 17 function 1 Intel 80960RP ATU rev 0x03: irq 11
ami0: AMI 438, 32b, FW GH8E, BIOS v1.48, 64MB RAM
ami0: 3 channels, 16 targets, 1 logical drives
scsibus1 at ami0: 1 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI2 0/direct fixed
sd0: 17017MB, 2169 cyl, 255 head, 63 sec, 512 bytes/sec, 34850816 sec total
fxp0 at pci0 dev 18 function 0 Intel 8255x rev 0x08, i82559: irq 15, address
00:04:ac:d3:04:e6
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci0 dev 19 function 0 Intel 8255x rev 0x08, i82559: irq 9, address
00:04:ac:a3:fc:ac
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
fxp2 at pci0 dev 20 function 0 Intel 8255x rev 0x08, i82559: irq 10, address
00:04:ac:e3:f7:b0
inphy2 at fxp2 phy 1: i82555 10/100 PHY, rev. 4
isa0 at piixpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at 

Re: why skip is not shown in pfctl -s rules ?

[Patrick Lamaiziere]

Le Thu, 20 Oct 2011 15:41:51 +0600,
PP;QQ P(P8P?P8QP8P= chipits...@gmail.com a C)crit :

Hello,

 but I do not find skip in pfctl -s rules output:

Yes, you can check that the interface is skiped with

# pfctl -vs Interfaces -i lo0   
lo0 (skip)

Regards.

Re: Synaptic Touchpad doesn't work

[patrick keshishian]

ahm... so where I left this off was back in mid-September, where
Alexandr Shadchin and I exchanged a couple of emails privately on this
topic, and I went on building a debug kernel print-ing pms packets,
and pms_ioctl_synaptics, pms_{dis,en}able_synaptics and
pms_{pric,sync}_synapctics calls to see why the touchpad was remaining
in disabled mode.

I was hoping for some guidance as to which area to concentrate on, but
without any nudges, I soon got distracted with work and didn't return
to poking at the code. I have not since update my source on this
netbook and the touchpad has remained disabled.

Just now, for the first time since this thread, I unintentionally
touched the touchpad and my window manager scrolled through the
virtual desktops/workspaces and I noticed the massive amounts of
logging in /var/log/message.

The kernel is the same as back then, so what would make it just behave
differently now?

The only difference I see going back in the /var/log/message*.gz
history is that right after i plugged in my camera in the USB socket
to grab some images, pms_sync_synaptics started to appear @ 21:43:16
mark[1].

But I have plugged in this same camera in before, but I have not
noticed the touchpad coming alive.

Lets see what happens if I detach the camera. The touchpad still seems
to work.

What happened here? Anyone? Someone smarter than I?

--patrick
p.s., Yea, I realize it is Halloween and this may be some spooky joke on me.


[1] /var/log/message:

Oct 31 18:07:33 noir syslogd: start
Oct 31 18:07:33 noir /bsd: OpenBSD 5.0-current (SYNAPK) #12: Sat Sep
17 00:55:52 PDT 2011
Oct 31 18:07:33 noir /bsd:
sids...@noir.my-domain-name.com:/usr/build/src/sys/arch/amd64/compile/SYNAPK
Oct 31 18:07:33 noir /bsd: real mem = 1876754432 (1789MB)
Oct 31 18:07:33 noir /bsd: avail mem = 1812758528 (1728MB)
Oct 31 18:07:33 noir /bsd: mainbus0 at root
Oct 31 18:07:33 noir /bsd: bios0 at mainbus0: SMBIOS rev. 2.4 @
0xf10d0 (17 entries)
Oct 31 18:07:33 noir /bsd: bios0: vendor Phoenix Technologies LTD
version v1.3201 date 06/18/2009
Oct 31 18:07:33 noir /bsd: bios0: Gateway LT31
Oct 31 18:07:33 noir /bsd: acpi0 at bios0: rev 2
Oct 31 18:07:33 noir /bsd: acpi0: sleep states S0 S3 S4 S5
Oct 31 18:07:33 noir /bsd: acpi0: tables DSDT FACP APIC MCFG HPET BOOT SLIC
Oct 31 18:07:33 noir /bsd: acpi0: wakeup devices PB5_(S5) OHC1(S3)
OHC2(S3) EHCI(S3) HDAU(S3)
Oct 31 18:07:33 noir /bsd: acpitimer0 at acpi0: 3579545 Hz, 32 bits
Oct 31 18:07:33 noir /bsd: acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
Oct 31 18:07:33 noir /bsd: cpu0 at mainbus0: apid 0 (boot processor)
Oct 31 18:07:33 noir /bsd: cpu0: AMD Athlon(tm) Processor L110, 1197.23 MHz
Oct 31 18:07:33 noir /bsd: cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
Oct 31 18:07:33 noir /bsd: cpu0: 64KB 64b/line 2-way I-cache, 64KB
64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache
Oct 31 18:07:33 noir /bsd: cpu0: ITLB 32 4KB entries fully
associative, 8 4MB entries fully associative
Oct 31 18:07:33 noir /bsd: cpu0: DTLB 32 4KB entries fully
associative, 8 4MB entries fully associative
Oct 31 18:07:33 noir /bsd: cpu0: apic clock running at 199MHz
Oct 31 18:07:33 noir /bsd: ioapic0 at mainbus0: apid 1 pa 0xfec0,
version 21, 24 pins
Oct 31 18:07:33 noir /bsd: acpimcfg0 at acpi0 addr 0xe000, bus 0-8
Oct 31 18:07:33 noir /bsd: acpihpet0 at acpi0: 14318180 Hz
Oct 31 18:07:33 noir /bsd: acpiprt0 at acpi0: bus 0 (PCI0)
Oct 31 18:07:33 noir /bsd: acpiprt1 at acpi0: bus -1 (PB3_)
Oct 31 18:07:33 noir /bsd: acpiprt2 at acpi0: bus -1 (PB4_)
Oct 31 18:07:33 noir /bsd: acpiprt3 at acpi0: bus 3 (PB5_)
Oct 31 18:07:33 noir /bsd: acpiprt4 at acpi0: bus 4 (PB6_)
Oct 31 18:07:33 noir /bsd: acpiprt5 at acpi0: bus -1 (PB7_)
Oct 31 18:07:33 noir /bsd: acpiprt6 at acpi0: bus 9 (P2P_)
Oct 31 18:07:33 noir /bsd: acpiprt7 at acpi0: bus 1 (AGP_)
Oct 31 18:07:33 noir /bsd: acpiec0 at acpi0
Oct 31 18:07:33 noir /bsd: acpicpu0 at acpi0: C3, C2
Oct 31 18:07:33 noir /bsd: acpitz0 at acpi0: critical temperature is 100 degC
Oct 31 18:07:33 noir /bsd: acpiac0 at acpi0: AC unit online
Oct 31 18:07:33 noir /bsd: acpibat0 at acpi0: BAT1 model UM09B44
serial 210 type LION oem SONY
Oct 31 18:07:33 noir /bsd: acpibtn0 at acpi0: LID_
Oct 31 18:07:33 noir /bsd: acpibtn1 at acpi0: SLPB
Oct 31 18:07:33 noir /bsd: acpibtn2 at acpi0: PWRB
Oct 31 18:07:33 noir /bsd: acpivideo0 at acpi0: VGA_
Oct 31 18:07:33 noir /bsd: acpivout0 at acpivideo0: LCD_
Oct 31 18:07:33 noir /bsd: pci0 at mainbus0 bus 0
Oct 31 18:07:33 noir /bsd: pchb0 at pci0 dev 0 function 0 ATI RS690
Host rev 0x00
Oct 31 18:07:33 noir /bsd: ppb0 at pci0 dev 1 function 0 ATI RS690
PCIE rev 0x00
Oct 31 18:07:33 noir /bsd: pci1 at ppb0 bus 1
Oct 31 18:07:33 noir /bsd: vga1 at pci1 dev 5 function 0 ATI Radeon
X1250 IGP rev 0x00
Oct 31 18:07:33 noir /bsd: wsdisplay0 at vga1 mux 1: console (80x25,
vt100 emulation)
Oct 31 18:07:33 noir /bsd: wsdisplay0: screen

Re: PF.CONF - with DMZ and packet tagging example

[Patrick Lamaiziere]

Le Mon, 7 Nov 2011 16:58:29 -0500,
Bentley, Dain dbent...@nas.edu a icrit :

Hello,

 block in on $ext from bastards
 #NAT INBOUND TO DMZ
 pass in on $ext proto tcp from any to any port $web_services rdr-to
 $webserver tag INET_TO_DMZ
 pass in on $ext proto tcp from any to any port $mail_services rdr-to
 $mailserver tag INET_TO_DMZ

Looks not good, missing quick in the block rule?

Regards.

Re: Multiple ISPs: send packets to the interface they came from

[Patrick Lamaiziere]

Le Tue, 08 Nov 2011 15:27:02 -0500,
Guillaume Filion g...@logidac.com a icrit :

 Hi all,

Hello,

 I also tried using pf route-to but that seems to only work with
 NAT...

No it does routing. I use it without nat.

 So basically my question is how to tell OpenBSD to send packets to the
 interface they came from?

See reply-to

Regards.

Re: cd boot panic on 5.0 but not 4.9 or earlier

[patrick keshishian]

On Sat, Nov 19, 2011 at 5:44 PM, quartz qua...@sneakertech.com wrote:
 first off, apologies if this is a known issue. I didn't see anything
 relevant in the release notes/changes, and nothing came up in a google
 search.

 I have an older pentium 3 machine. 450mhz cpu, 100mhz bus, intel sun
 river 440bx motherboard, 128mb of ram (of which something like 12 are
 being used for the onboard video). generic seagate 10gb ata drive
 connected with one ribbon cable, cd drive connected with another. no pci
 cards or other addons.

 a couple days ago I tried to install 5.0 release via the install50.iso I
 downloaded off a mirror. however, the installer doesn't get very far. it
 completely loads the ram disk, but then it kernel panics instantly with a
 'trap type 6'. no messages about found hardware or anything, it prints out
 the copyright message and the panic message all in one swift motion. I
 don't even get enough text to scroll the disk prompt off the top of the
 screen. nothing I do changes this behavior.

 I have tried the following:
 - typing boot -c at the boot prompt (still panics)
 - disabling different combinations of things in the bios
 - swapping cd drives
 - swapping ata cables
 - swapping which ata port the cd was connected to
 - swapped ram
 - ran a memtest overnight
 - verified the checksum on the install50.iso
 - tried booting from cd50.iso

 now, the fun part is that this only happens with 5.0, I can boot and
 install off the 4.9 and 4.5 'install##.iso' cds just fine.

 I don't have the knowledge or hardware to try and debug this via serial,
 and I can't try booting off a floppy because I threw out all my floppy
 drives years ago. I can give a dmesg from 4.9 if people think it might
 help.

dmesg can only help. also, periodically try newer snapshots.

Re: cd boot panic on 5.0 but not 4.9 or earlier

[patrick keshishian]

On Mon, Nov 21, 2011 at 10:09 PM, quartz qua...@sneakertech.com wrote:
 ok, so whatever was wrong has fixed itself sometime between release and
 11/16, because both the 11/16 and 11/20 install50 snapshot images boot
 fine.

 how safe are those two images? would it be ok to run on a production
 system or should I wait for the official 5.0 stable branch?

those images are far past 5.0.

many run snapshots on their daily use computers/laptops/servers. It
all depends on what production means to you. If you have to ask that
question, you probably should stick to running official releases for a
while until you are more comfortable with OBSD.

Glad, things resolved for you.
--patrick

Re: DNS Google ?

[patrick keshishian]

On Tue, Nov 22, 2011 at 9:16 AM, Nick Holland
n...@holland-consulting.net wrote:
 On 11/22/11 10:31, Claer wrote:
 On Tue, Nov 22 2011 at 13:16, Jan Stary wrote:
 On Nov 22 08:16:21, Nick Holland wrote:
  Long term, BIND is done.
  Long term, unbound will probably be replacing it in OpenBSD.
 
  IF you are doing anything beyond a simple resolver, I'd agree
  completely...take the time to learn unbound/nsd (or djbdns or ...)
 
  However, right now, unbound is a package requiring separate install and
  maintenance.

 Nick, would you please clarify:

 nsd(8) is in base, unbound is a package;
 yet it is unbound who's gonna be the default resolver?
 What is the status of nsd then? (I am just about to try
 it on one of my resolvers).

 NSD is just an autoritative name server that doesn't do cache and does not
 answer recursive queries.
 nsd and unbound are complementary.

 Claer

 right...
 BIND lumps these two functions together, with the effect of confusing
 people, but they are really two separate tasks...  BE the authoritative
 source for DNS information about certain zones (nsd, tinydns, etc.) OR
 find the correct resolution information by checking with other DNS
 servers, which ARE authoritative (a resolver, like unbound, dnscache,
etc.).

Unless I'm misreading you, what you say doesn't make much sense. It
has its use-case, fine; when you just need the resolver. e.g., typical
home user where s/he doesn't host domains. But at this point you might
as well use your ISP's DNS service -- it's not reliable? that's a
different issue and not one you and should set out to solve for every
one out there.

But for a small business where they have their own domain, running
an authoritative DNS server, and local users using the intertubes,
that service needs to also do the recursive lookups.

The setup you suggest is more involved. Two servers: one resolving,
and the other dealing w/the authoritative responses.

--patrick


 In the case where you think you want both (i.e., you want resolution of
 internal names AND external names), it's still easy -- run your
 authoritative on localhost and your resolver on the external IP, and
 tell your resolver to consult with your authoritative server for the
 appropriate subdomains.

 Really, it works better this way.

 Nick.

[5.0] pkg_add too many FTP connections

[Patrick Lamaiziere]

Hello,

I'm trying to update packages with pkg_add via ftp :

# pkg_add -ui  
Error from
ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gperf-3.0.4.tgz 421
There are too many connections from your internet address. ftp: Can't
connect or login to host `ftp.irisa.fr'
Error from
ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gtar-1.26p0.tgz 421
There are too many connections from your internet address. ftp: Can't
connect or login to host `ftp.irisa.fr'
...

Is there a way to limit the number of FTP connections for pkg_add?

Thanks, regards.

Re: [5.0] pkg_add too many FTP connections

[Patrick Lamaiziere]

Le Wed, 30 Nov 2011 12:35:40 +0100,
Marc Espie es...@nerim.net a icrit :

 Fix your proxy/connection. pkg_add keeps one ftp connection alive,
 not more, but it does interrupt connections brutally as soon as it
 has the information it wants.
 
 All such problems come from stale ftp connections, there's something
 flaky in your network setup that means ftp.irisa.fr does not see the
 severed connections.

Thanks Marc, 

Could it be that this ftp server (irisa) is near from here (1Gbit) and
doesn't have the time to see that the connection was dropped?

I don't have any problem with other mirror (ex ftp://fr.openbsd.org)

Thanks, regards.

Re: network bandwith with em(4)

[Patrick Lamaiziere]

Le Tue, 22 Feb 2011 18:09:32 +0100,
Patrick Lamaiziere patf...@davenulle.org a icrit :

 (4.8/amd64)
 I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a
 firewall (one fiber and one copper).
 
 The problem is that we don't get more than ~320 Mbits/s of bandwith
 beetween the internal networks and internet (gigabit).
 
 As far I can see, on load there is a number of Ierr on the interface
 connected to Internet (between 1% to 5%).
 
 --
 dmesg (on 4.8):
 em0 at pci5 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev
 0x06: apic 1 int 13 (irq 14), address 00:15:17:ed:98:9d
 
 em4 at pci9 dev 0 function 0 Intel PRO/1000 QP (82575GB) rev 0x02:
 apic 1 int 23 (irq 11), address 00:1b:21:38:e0:80

Hello,

This issue (IERR on em) looks to be fixed on 5.0. With 4.8 and 4.9
there were IERR errors with traffic  150 Mbs. With 5.0 there are
only few IERR from time to time, even on high load ( 400 Mbits/s,
40K packets/s in, 30K packets/s out)

I guess that the fixes on em(4) helps. May be the use of MSI interrupts
too because I see a significant improvement on CPU interrupt load
(around 60% in load to 50% with 5.0).
(the measures are averaged on 5 minutes)

That's cool!

There are still some PF congestions from time to time but I have to
investigate. It happens even when the box is idle but may be there are
some burst of traffic. The box has 6 interfaces and I don't believe it
can handle 6 Gbits at once.

Too finish this too long thread, since february we (an university) are
very happy with the reliability of our two PF firewalls, that just
works.

Thanks a lot, regards.

Re: Postscript printer: is poscript support enough to get it running?

[patrick keshishian]

Print languages:HP PCL 5c; HP PCL 6; HP postscript level 3
emulation with automatic language switching

source:
http://www.shopping.hp.com/product/printer/LaserJet/1/storefronts/CE459A%2523
ABA;HHOJSID=PhcXT2lHNxpKCxk8X1TLbrMJ35K5BT2F5Z5XnzGRDmgZJhKtM9nh!743062901



On Sat, Dec 24, 2011 at 9:38 AM, Hugo Osvaldo Barrera
h...@osvaldobarrera.com.ar wrote:
 Hi,

 I've been considering buying a printer, and after a bit of homework, I
 found that postscript is the standard supported method for printing
 (even though most printers nowdays do all the work on CPU rather than
 themselves to cut costs).

 So I looked up a model but  I really *don't* understand that much, this
 is the first time *ever* I'd be buying/using/installing a printer, so
 what I'd like to know is:

 Is postscript support in an ethernet/USB printer enough? Or do I need to
 take some other specification into consideration? If so, which? I don't
 want to go out and buy a printer, only to find out that I need support
 for X, for Y software for the platform where I'll use it.

 As a side note, it's the HP P2055 I've been considering, and supports PS3.

 Thanks


 --
 Hugo Osvaldo Barrera

[PF] bug in port range.

[Patrick Lamaiziere]

Hello, happy new year.

I think there is a off-by-one error in Packet Filter port ranges, for
example with an exclude boundary range : port1  port2

PF or pfctl does not check that port1 = port2 and if port1  port2 the
port range is not correct. 

For example 82  80 is not the same as 80  82 (but should IMO).

I've tested with these rules:

pass in quick
block out quick proto tcp from self to 94.23.254.147 port 82  80
pass out quick

Then, port 81 is not filtered out.

Thanks, regards.

Re: [PF] bug in port range.

[Patrick Lamaiziere]

Le Tue, 3 Jan 2012 17:54:18 +0100,
Henning Brauer lists-open...@bsws.de a icrit :

Hello,

 * Patrick Lamaiziere patf...@davenulle.org [2012-01-03 17:45]:
  I think there is a off-by-one error in Packet Filter port ranges,
  for example with an exclude boundary range : port1  port2
 
 nope.
 
  Ports and ranges of ports are specified using these
 operators: :   (range including boundaries)
  (range excluding boundaries)
 
 yes, that is from the manpage, of course.
  explicitely EXCLUDES the boundaries. now where is that off by one?

Please forget the off-by-one, I've found that 82:80 differs from
80:82 :)
 
  PF or pfctl does not check that port1 = port2 and if port1  port2
  the port range is not correct. 
 
 pf does what you, the operator, tells it to do.
 
  For example 82  80 is not the same as 80  82 (but should IMO).
 
 should? why?

Well because for me 80:82 is (80, 81, 82) and 82:80 the same
items and so the same range.

But you are right, the man page is explicit. I should re-read it
more often.

So what is the meaning for PF of the range 82:80? If this is a non
sense, an error from pfctl would be cool.

 port 82  80 defines a range that can't match, and it doesn't. as in,
 all is good. when you mean 80  82 you ought to write 80  82 and
 not 82  80.

Sure, but when using service name it's easy to make a mistake. In fact
I've found this strange behavior while translating a Cisco acl :

permit tcp any any range ftp ftp-data 

Translated to port ftp:ftp-data, which if I understand well does not
mean anything for PF.

Thanks, regards.

Re: strange localhost address

[patrick keshishian]

On Sat, Jan 21, 2012 at 1:45 AM, Jan Stary h...@stare.cz wrote:
 On Jan 21 10:42:58, Jan Stary wrote:
  On Sat, 21 Jan 2012 09:01:35 +0100, Jan Stary h...@stare.cz wrote:
   On Jan 21 11:40:32, Wesley M. wrote:
   When i ping localhost it give me : 208.73.210.29 instead of 127.0.0.1
!
   Where does it come from ? I don't understand.
   I use OpenBSD 5.0 with bind patch.
  
   Before I burst into howls of derisive laughter:
   what bind patch?

 On Jan 21 12:05:00, Wesley M. wrote:
  see http://www.openbsd.org/errata50.html

 Ah, sorry.

 It *seems* that 208.73.210.29 is your public IP,
 bound to the wifi interface you configured, right?
 It would help if you also posted your ifconfig.

 From what I can gather from you OP:

 - if both rl0 and iw0 are down,
   'ping localhost' pings 127.0.0.1
 - if iwi0 is up (how? dhcp? show ifconfig, netstat, resolv.conf, ...),
   'ping localhost' pings 208.73.210.29
 - if rl0 is up (how? dhcp? show ifconfig, netstat, resolv.conf, ...),
   'ping localhost' pings 208.73.210.29

 Is that what you see?

   Jan

 Also, your resolv.conf says just

nameserver 192.168.1.1

 so /etc/hosts doesn't even get consulted, right?

sure it does.

--patrick


 So who is 192.168.1.1 and how does it resolve 'localhost'
 (under the different network settings)?

Re: should 'make -j8 build' work?

[patrick keshishian]

On Tue, Feb 7, 2012 at 10:45 AM, Kenneth R Westerback
kwesterb...@rogers.com wrote:
 On Tue, Feb 07, 2012 at 01:01:42PM -0500, Joe Gidi wrote:
 I just built a new box with one of AMD's FX-8120 8-core processors and
 wanted to stress-test it a bit. I installed the Feb 6 amd64 snapshot,
 checked out a src tree, and had no trouble compiling GENERIC.MP. I tried
 compiling userland with make -j8 build and the box hung.

 Before I go further in depth with troubleshooting, I'd just like to know
 if this should work properly on good hardware. If it's known not to
 work, I won't waste my (or the lists') time on figuring out why it's
 hanging.

 Also, is there a maximum number of make jobs that should work? I used to
 run 'make -j4 build successfully on my previous 4-core system...

 Thanks for any feedback,

 --
 Joe Gidi
 j...@entropicblur.com

 You cannot buy skill. -- Ross Seyfried


 Sometimes it works and sometimes not. There are parts of the tree that
 have races.

it is one thing for the build to fail, but the guy said the box
hung, which indicates something is amiss.

Re: Does cvsync let ancient patches escape from the attic?

[patrick keshishian]

On Thu, Feb 9, 2012 at 4:43 PM, Brett brett.ma...@gmx.com wrote:
 Hi,

 Yesterday I updated to current and rebuilt the ports I use. All went
 well except building mupdf, which stalled at file to patch::

 # cd textproc/mupdf/
 # make install
 ===  Checking files for mupdf-0.9
 `/usr/ports/distfiles/mupdf-0.9-source.tar.gz' is up to date.
 (SHA256) mupdf-0.9-source.tar.gz: OK
 .
 ===  Extracting for mupdf-0.9
 ===  Patching for mupdf-0.9
 File to patch:



 Looking in /usr/ports/textproc/mupdf/patches/
 $ ls
 CVS
 patch-apps_unix_ximage_c
 patch-debian_mupdf_pc
 patch-Makerules
 patch-debian_mupdf_desktop

 Somehow patch-apps_unix_ximage_c has gotten in there, even though
 (according to
 http://www.openbsd.org/cgi-bin/cvsweb/ports/textproc/mupdf/patches/Attic/
 ) it was moved to the attic over 2 years ago.

$ cvs status patch-apps_unix_ximage_c

see if there is sticky tag there. If so, then do:

$ cvs up -dPA

--patrick

Re: Does cvsync let ancient patches escape from the attic?

[patrick keshishian]

On Thu, Feb 9, 2012 at 6:26 PM, Brett brett.ma...@gmx.com wrote:
 
  Somehow patch-apps_unix_ximage_c has gotten in there, even though
  (according to
 
http://www.openbsd.org/cgi-bin/cvsweb/ports/textproc/mupdf/patches/Attic/
  ) it was moved to the attic over 2 years ago.

 $ cvs status patch-apps_unix_ximage_c

 see if there is sticky tag there. If so, then do:

 $ cvs up -dPA

 --patrick


 # cvs -d/usr/cvsync status
/usr/ports/textproc/mupdf/patches/patch-apps_unix_ximage_c
 ===
 File: patch-apps_unix_ximage_c  Status: Up-to-date

   Working revision:1.1 Fri Feb 10 00:17:20 2012
   Repository revision: 1.1
/usr/cvsync/ports/textproc/mupdf/patches/patch-apps_unix_ximage_c,v
   Sticky Tag:  (none)
   Sticky Date: (none)
   Sticky Options:  (none)

 I ran the $ cvs up -dPA command anyway but patch-apps_unix_ximage_c did not
return to the attic.

 The hostname in my cvsync config file is cvsync.allbsd.org if that would
make any difference.

I would try another cvsync host and see if the issue gets resolved.

--patrick

Re: CVS checkout for OPENBSD_5_0 : aborted

[patrick keshishian]

On Mon, Feb 13, 2012 at 11:41 PM, Giridhari giridh...@live.com.au wrote:
 I'm not sure what you mean. Are you suggesting I should read up on how to
 operate cvs, or is there something specific about CVS and OPenBSD I should
 be aware of? I'm following the faq. I have updated several times in the past
 with CVS with no trouble at all.

 -Original Message- From: Richard Toohey
 Sent: Tuesday, February 14, 2012 5:15 PM
 To: Giridhari
 Cc: misc@openbsd.org
 Subject: Re: CVS checkout for OPENBSD_5_0 : aborted


 On 14/02/2012, at 5:01 PM, Giridhari wrote:

 HELO

 have tried a cvs checkout of OPENBSD_5_0 several times in the last week or

 two

 and have seen cvs abort:



 cvs checkout: Updating src/games/snake
 cvs [chckout aborted]: could not chdir to src/games/snake/snake : Not a
 directory

$ ls -F src/games/snake/

did you `make build' without `make obj' first?

--patrick

Re: CVS checkout for OPENBSD_5_0 : aborted

[patrick keshishian]

On Mon, Feb 13, 2012 at 11:59 PM, Giridhari giridh...@live.com.au wrote:
 $ ls -F src/games/snake/

 did you `make build' without `make obj' first?

 --patrick

 I'm not sure why I would do that. CVS doesn't build anything. Can you
 explain a bit about why you suggest that? Please excuse me if I don't know
 what you mean.

One reason one might use cvs to get the OpenBSD sources is to build
the system using these sources.

--patrick