em driver OACTIVE flag
we have two Pentium III Xeon, OpenBSD 3.8 boxes running pf in transparent bridging mode on our primary and backup Internet links, which is currently fed via an OC-3 (155Mbps) connection to the Internet. On an average day we run 70Mbps/50Mbps (14K pps/13K pps) in/out. after upgrading to OpenBSD 3.8 and swapping out our original SysKonnect cards for a single Intel Dual Port Gigabit Server Adapter, we've been experiencing a problem where the inside interface (em0) stops transmitting, but continues to receive traffic - verified via tcpdump output on the interface. when this occurs, the output of an 'ifconfig em0' shows the OACTIVE flag set on em0. the only way to get the box to continue bridging (and passing traffic) is to manually bring the interface down and up via ifconfig - which also clears the OACTIVE flag from the interface. the frequency of occurrence is anywhere from every few hours to every couple days and I am unable to correlate it with a burst of traffic based on Cricket graphs. nothing of relevance appears in the /var/log/*. anyone running in a similar setup seen this behavior with the em driver under OpenBSD 3.8? I cannot verify whether this behavior occurs with earlier versions of OpenBSD, as I just upgraded the cards at app! roximately the same time I upgraded to 3.8. thanks much... - Gabriel Kuri | Sr. Network Analyst Instructional and Information Technology Division California State Polytechnic University, Pomona http://www.csupomona.edu/~iit | +1 909 979 6363
Re: Bluetooth in OpenBSD
Dunno about USB-BT adapter, but GPRS does work - at least with my Nokia 9300 and infrared (the birda package) http://archives.neohapsis.com/archives/openbsd/2005-09/1387.html On 4/3/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have installed OpenBSD 3.8 in a laptop with a winmodem so I can't connect to the internet with it but recently by chance I realised that OpenBSD3.8 recognised the bluetooth adapter I had plugged in on the USB, a Belkin v1.2 10m range, during boot up time it highlited it and acknowledged the model. Since I also own a mobile phone with bluetooth I could use it as a modem, I know it works as I have already used it this way from Windows XP and although data is quite expensive text only mode works out fine. Now the problem I have with OpenBSD is this: I configured ppp.conf with the phone number I have to dial to connect to the internet which is *99# (yes an asterisk and a hash but that is the number, and it works with windows), then I configure the password and username I save the ppp.conf and: #ppp myisp Working in interactive mode using interface: tun0 #dial Warning:Chat script failed --- Something is failing and I am quite new in Unix and OpenBSD I do not work in IT, so some help appreciated, my main doubts are: 1) I write ppp.conf based on the ppp.conf.sample I do not know if I need to delete everything that I am not using and it is not under the comment (#) mark, in my ppp.conf I only leave scripts containing the modem device and the part where my phone number is, I delete all the rest. Exemple: the original ppp.conf.sample is 10k, my ppp.conf is 2k as I have deleted everything is not used to avoid this interfering with the rest. 2)In the ppp.conf where it says modem device I leave the default dev/cua01 , I do not know if that is also the right one for a bluetooh device as I dont think it was intended for that.
Re: Bluetooth in OpenBSD
On Mon, 3 Apr 2006, [EMAIL PROTECTED] wrote: I have installed OpenBSD 3.8 in a laptop with a winmodem so I can't connect to the internet with it but recently by chance I realised that OpenBSD3.8 recognised the bluetooth adapter I had plugged in on the USB, a Belkin v1.2 10m range, during boot up time it highlited it and acknowledged the model. Since I also own a mobile phone with bluetooth I could use it as a modem, I know it works as I have already used it this way from Windows XP and although data is quite expensive text only mode works out fine. Now the problem I have with OpenBSD is this: I configured ppp.conf with the phone number I have to dial to connect to the internet which is *99# (yes an asterisk and a hash but that is the number, and it works with windows), then I configure the password and username I save the ppp.conf and: #ppp myisp Working in interactive mode using interface: tun0 #dial Warning:Chat script failed --- Something is failing and I am quite new in Unix and OpenBSD I do not work in IT, so some help appreciated, my main doubts are: 1) I write ppp.conf based on the ppp.conf.sample I do not know if I need to delete everything that I am not using and it is not under the comment (#) mark, in my ppp.conf I only leave scripts containing the modem device and the part where my phone number is, I delete all the rest. Exemple: the original ppp.conf.sample is 10k, my ppp.conf is 2k as I have deleted everything is not used to avoid this interfering with the rest. 2)In the ppp.conf where it says modem device I leave the default dev/cua01 , I do not know if that is also the right one for a bluetooh device as I dont think it was intended for that. I havent got a clue about how to do any analysis,tcpdump or wherever if anybody in the list has managed to use OpenBSD in this way please let me know. How can you see a bluetooth device? Bluetooth support is not in GENERIC. Send in a dmesg; it'll probably show that device is recognized as ugenN, which basically says it's not gonna work. -Otto
Re: The HP nc7170 dual port
In case anyone was wondering, they work well with OpenBSD, they show up as em nics. em0 at pci5 dev 7 function 0 Intel PRO/1000MT (82546EB) rev 0x01: apic 7 int 2 (irq 11), address 00:11:0a:5c:6b:04 em1 at pci5 dev 7 function 1 Intel PRO/1000MT (82546EB) rev 0x01: apic 7 int 3 (irq 5), address 00:11:0a:5c:6b:05 em2 at pci5 dev 8 function 0 Intel PRO/1000 (82542) rev 0x02: apic 7 int 0 (irq 7), address 00:90:27:c2:2a:a6
Re: ADSL with pppoa (over ATM)
On Sat, Apr 01, 2006 at 01:05:50PM +0100, tony sarendal wrote: I'm afraid it is. Look at the third option in 4.4.2.10. (PPPoE LLC/SNAP) That is optional at the discretion of the ISP, default UK ADSL is VC-MUX and therefore PPPoA. It can't be both PPPoE and PPPoA. It is unusual for UK ISPs to use PPPoE for ADSL, some use it for (LLU) SDSL. You may want to check with your provider to ensure that you are using the correct protocol.
Re: SGI O2 R12000 [SOLVED]
On 25/03/06, Per Fogelstrvm [EMAIL PROTECTED] wrote: On Friday 24 March 2006 08.36, David Coppa wrote: On Thu, 2006-03-23 at 22:15 +, Miod Vallat wrote: There is currently no X server support on sgi O2. This is being worked on, but don't hold your breath. I'm wondering if I can have X by putting a normal graphic card in a free PCI slot. Any suggestion? It's possible if someone want's to play around with it. I've tested with a normal PCI gfx without any luck. Looks like no signal is sent to the external PCI graphics card. And I don't know if there are any options that has to be changed to activate a external graphics card on SGIs since I don't even get the bootup screen when I power on the computer. Anyone who have had a external _normal_ 32bit PCI card working on R12000? pefo mentioned that he didn't know of support for any external pci graphics on SGIs, (but..) there still might be a workaround. /bkw
Re: ADSL with pppoa (over ATM)
On 04/04/06, Craig Skinner [EMAIL PROTECTED] wrote: On Sat, Apr 01, 2006 at 01:05:50PM +0100, tony sarendal wrote: I'm afraid it is. Look at the third option in 4.4.2.10. (PPPoE LLC/SNAP) That is optional at the discretion of the ISP Correct default UK ADSL is VC-MUX and therefore PPPoA. It can't be both PPPoE and PPPoA. Over a period it can, at the same time,no. It is unusual for UK ISPs to use PPPoE for ADSL, some use it for (LLU) SDSL. Maybe unusual in number of ISP's doing it, but not unusual counting number of subscribers doing it. You may want to check with your provider to ensure that you are using the correct protocol. Done that. /T Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: OpenBSD 3.9-stable (not current) install?
you can specify /pub/OpenBSD/snapshots/arch/ instead of the normal /pub/OpenBSD/3.8/arch/ directory during the install. Guaranteed to most likely hurt something. I would just wait for the Cd's to arrive. On 4/3/06, Steve Williams [EMAIL PROTECTED] wrote: Hi, I understand the whole issue with snapshots being held up for the release cycle. I have followed the mail list and archives, and still have not figured out the answer... If I want to install OpenBSD 3.9-stable (or the release ..), what is the easiest way to do that? There is no 3.9 directory in the directory structure pub/OpenBSD. I see there are snapshots available dated April 2, 2006, but I know installing that will give me 3.9-current. I can CVS checkout the 3.9-stable tag...(or it appears I can) I am building sparc64 on a Sunfire 150. OpenBSD 3.8 installed like a dream, but I'd like to try to get 3.9 on it to see if the new sensor work will work on it. This will be going into production, so I'd kind of like to have as close as possible to the proper install. I was wondering about doing a cvs update of 3.9-stable, make, make release, then boot the 3.9-current iso and install from my self compiled release. Given there was a thread about stupid users, feel free to call me one :-P I have installed OpenBSD many times, just never this close to a release, and I can't wait for May 1 to get the 3.9 CD's. I know I could go to 3.9-current, but I have never done that on a production system, always followed the -stable branch. Thanks, for any assistance. Cheers,
Re: fatal in RDE: attr_diff: equal attributes encountered
On 04/04/06, Claudio Jeker [EMAIL PROTECTED] wrote: On Mon, Apr 03, 2006 at 10:37:38PM +0100, tony sarendal wrote: I'm playing a bit with bgpd while trying to get the kids to sleep, 50% to go. With Hennings next-hop self patch I made a minimal config and slapped together a network with a handful of routers with a config like below: AS 65000 network 172.16.0.1/32 network connected network static group ibgp { remote-as 65000 route-reflector set metric +100 set nexthop self holdtime 10 neighbor 172.16.1.2 { local-address 172.16.1.1 } neighbor 172.16.1.6 { local-address 172.16.1.5 } } All routers are in the same AS with same config with exception of the loopback /32 and the neighbors. If I flap the links a bit I get fatal in RDE: attr_diff: equal attributes encountered. Bug or expected behaviour ? It looks like the rde takes a dive when it receives an ibgp prefix it already has from another ibgp peer, nexthop, clusterlist should be different though, metric might be the same as previous prefix. If I get the little guy to sleep before me I'll try to have a closer look. Smells like a bug. The only thing I do not understand is why you use route-reflector. Form you descripton it seems like you are running a full mesh so route-reflector makes no sense. I use a bgp setup where a router only peers with it's connected neighbors. Route-reflecting or confeds needed to propagate the prefixes. Anyway I'll have a look at it today (if time permits) Thanks Claudio. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
3.9 cds are arriving in Europe
Hi all, Well, thanks again to Wim: the 3.9 cds are arriving. :-) Nicely wrapped in a top notch t-shirt (if you ordered one, of course) comes beautiful artwork, with some cds to match, swiftly delivered via the friendly UPS guy. And blob-free, no less! :-) This package is once again well worth the money, so order up if you haven't done so already. A happy camper... Nico
Re: OpenBGP: aggregating routes / set neighbor next-hop
Am 29.03.2006 um 14:32 schrieb Falk Brockerhoff: that, again, is sth nobody ever asked for or missed :) however, the (completely untested except for compilation) diff below should add set nexthop self. Ui, you're realy fast :-) Thank you for your quick response. I'll compile this and test it with a spare old Cisco-Router as Development-Core next weekend. I'll give you a feedback about it. The next-hop patch is working perfectly, thanks! But I've got another problem: actually I'm announcing the following prefixes from a testing core-router to the border-router running openBGPd: Dest/mask Next-Hop Med LocalPref 192.168.0.0/24 10.0.0.6--- 100 192.168.0.0/29 10.0.0.6 --- 100 10.0.0.4/30 10.0.0.6 --- 100 192.168.1.153/32 10.0.0.6--- 100 - 192.168.0.0/24 is an aggregated prefix, caused by 192.168.0.1/29. - 10.0.0.4/30 is from the transfer-network between my core (10.0.0.6) and the openbgpd-router (10.0.0.5). - 192.168.1.153/32 is the loopback-address of the core. In the openbgpd.conf I configured network 192.168.0.0/24. This prefix is correctly announced by openbgpd to my external neighbor. But on my open BGPd-router I can't ping the address 192.168.0.1, which is configured on a interface at the core-router: $ ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes ping: sendto: No route to host ping: wrote 192.168.0.1 64 chars, ret=-1 $ bgpctl sh rib 192.168.0.1 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI* 192.168.0.0/240.0.0.0100 0 i I*192.168.0.0/2410.0.0.6 100 0 i Any idea, what's going on here? my bgpd.conf: AS 64400 router-id 192.168.1.150 network 192.168.0.0/24 neighbor 10.0.0.6 { remote-as 64000 descr test local-address 10.0.0.5 set nexthop self holdtime180 holdtime min3 announceall tcp md5sig password testpass } # filter out prefixes longer than 24 or shorter than 8 bits deny from any allow from any prefixlen 8 - 24 # do not accept a default route deny from any prefix 0.0.0.0/0 Regards, Falk Brockerhoff
Re: Bluetooth in OpenBSD
Hi, I must admit I never tried that before myself on OBSD, but did use BT on phones on different occasions. I see several points of potential failures here. 1.) Bluetooth connection Are you sure you have connected to the phone? Did you exchange Bluetooth passphrase (a few characters, that you chose yourself) on the computer and on the mobile? Or is the phone paired with your computer (it allows connection establishment automatically)? When used with Windows the phone is paired with the computer with a PIN number, with OBSD I am still trying to work out how to pair it once I know if it is recognised. 2.) GPRS/3G connection when you use *99#, you use a GPRS (or 3G) connection for data transfer. Depending on the phone model you use, you might still need to set the GPRS (3G) access point correctly. So when you issue the at dt*99#; commamd in a terminal window, does the phone start a GPRS (3G) connection? This is usually indicated by some status indicators in the phone's display. If nothing happens, you might need to set the PDP GPRS context information via AT+CGDCONT= command. See http://www.3gpp.org/ftp/Specs/html-info/27060.htm for more information on mobile stations in the packet data domain. The phone is not 3G, so it uses GPRS, you are right I had to set up some instruccions in the configurations, but it was fairly easy as my Telecom provider told me what to do on a free phonenumber. Again this is on Windows. 3.) Your ppp scripts :-) I'm not an expert here and cannot help here. OK, I understand the best I can do is to get the dmesg and post it here so somebody who understands can see what is going on, I would have already done so if I could email it straight from OBSD, I just need to work out some way of copying the dmesg file to Windows, I will post it tomorrow. Thanks Zoraya PS: Something tells me is not going to work :(
Re: OpenBGP: aggregating routes / set neighbor next-hop
On 04/04/06, Falk Brockerhoff [EMAIL PROTECTED] wrote: Am 29.03.2006 um 14:32 schrieb Falk Brockerhoff: that, again, is sth nobody ever asked for or missed :) however, the (completely untested except for compilation) diff below should add set nexthop self. Ui, you're realy fast :-) Thank you for your quick response. I'll compile this and test it with a spare old Cisco-Router as Development-Core next weekend. I'll give you a feedback about it. The next-hop patch is working perfectly, thanks! But I've got another problem: actually I'm announcing the following prefixes from a testing core-router to the border-router running openBGPd: Dest/mask Next-Hop Med LocalPref 192.168.0.0/24 10.0.0.6--- 100 192.168.0.0/29 10.0.0.6 --- 100 10.0.0.4/30 10.0.0.6 --- 100 192.168.1.153/32 10.0.0.6--- 100 - 192.168.0.0/24 is an aggregated prefix, caused by 192.168.0.1/29. - 10.0.0.4/30 is from the transfer-network between my core (10.0.0.6) and the openbgpd-router (10.0.0.5). - 192.168.1.153/32 is the loopback-address of the core. In the openbgpd.conf I configured network 192.168.0.0/24. This prefix is correctly announced by openbgpd to my external neighbor. But on my open BGPd-router I can't ping the address 192.168.0.1, which is configured on a interface at the core-router: $ ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes ping: sendto: No route to host ping: wrote 192.168.0.1 64 chars, ret=-1 $ bgpctl sh rib 192.168.0.1 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI* 192.168.0.0/240.0.0.0100 0 i I*192.168.0.0/2410.0.0.6 100 0 i Any idea, what's going on here? my bgpd.conf: AS 64400 router-id 192.168.1.150 network 192.168.0.0/24 Why do you have network 192.168.0.0/24 in bgpd.conf if you already get that prefix from the core router ? Above you could see 192.168.0.0/24 from the core router and the local box, the local /24 was chosen as best path. Some pure guess work here: Do you have a /24 network statement in your bgpd.conf but no real route for it ? Maybe this in bgpd means that you will announce that /24, basically beating the /24 you are receiving from the core, and thus not installing that /24 into the routing table. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: OpenBSD 3.9-stable (not current) install?
Jeff Quast schreef: I would just wait for the cd's to arrive. Which they did. Just received my copy in the mail. Damn, that was fast... Moral of the story: pre-order, good. FTP/AFS/RSYNC: bad, VERY BAD! :) Again, thanks Wim!
Problem with DHCP (or bce?) on 3.8
Hi, I'm new to OBSD.I tried to install it on my HP nx6110,but there are two things which dos not work.First is X server,I have i915 and as I read this vga will be fully supported in 3.9 so I hope that than will be OK.But worst thing is that my Broadcom 440x isn't running.I use dhcp in work and at home too,but when I'm installing OBSD LED's on my card are blinking.When I'm in step where can i setup my network they are off.After install and reboot my card is bce0 in dmesg without error.But command ifconfig -a says that bce0 is UP,but no carrier :-/ After enabling dhcp is this in dmesg : time out during disabling MAC Can you helo me? Thanks a lot TB
Re: OpenBGP: aggregating routes / set neighbor next-hop
On Tue, Apr 04, 2006 at 11:46:24AM +0100, tony sarendal wrote: On 04/04/06, Falk Brockerhoff [EMAIL PROTECTED] wrote: Am 29.03.2006 um 14:32 schrieb Falk Brockerhoff: that, again, is sth nobody ever asked for or missed :) however, the (completely untested except for compilation) diff below should add set nexthop self. Ui, you're realy fast :-) Thank you for your quick response. I'll compile this and test it with a spare old Cisco-Router as Development-Core next weekend. I'll give you a feedback about it. The next-hop patch is working perfectly, thanks! But I've got another problem: actually I'm announcing the following prefixes from a testing core-router to the border-router running openBGPd: Dest/mask Next-Hop Med LocalPref 192.168.0.0/24 10.0.0.6--- 100 192.168.0.0/29 10.0.0.6 --- 100 10.0.0.4/30 10.0.0.6 --- 100 192.168.1.153/32 10.0.0.6--- 100 - 192.168.0.0/24 is an aggregated prefix, caused by 192.168.0.1/29. - 10.0.0.4/30 is from the transfer-network between my core (10.0.0.6) and the openbgpd-router (10.0.0.5). - 192.168.1.153/32 is the loopback-address of the core. In the openbgpd.conf I configured network 192.168.0.0/24. This prefix is correctly announced by openbgpd to my external neighbor. But on my open BGPd-router I can't ping the address 192.168.0.1, which is configured on a interface at the core-router: $ ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes ping: sendto: No route to host ping: wrote 192.168.0.1 64 chars, ret=-1 $ bgpctl sh rib 192.168.0.1 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI* 192.168.0.0/240.0.0.0100 0 i I*192.168.0.0/2410.0.0.6 100 0 i Any idea, what's going on here? my bgpd.conf: AS 64400 router-id 192.168.1.150 network 192.168.0.0/24 Why do you have network 192.168.0.0/24 in bgpd.conf if you already get that prefix from the core router ? Above you could see 192.168.0.0/24 from the core router and the local box, the local /24 was chosen as best path. Some pure guess work here: Do you have a /24 network statement in your bgpd.conf but no real route for it ? Maybe this in bgpd means that you will announce that /24, basically beating the /24 you are receiving from the core, and thus not installing that /24 into the routing table. Yes. Announced networks will not install routes in the FIB additionally they do not need a present route in the FIB (this is different from most other routing suites). So you either need to install a static route for 192.168.0.0/24, remove the network 192.168.0.0/24 on the border router, twiddle with localpref to make the core router prefix prefered or use some IGP. -- :wq Claudio
Re: Problem with DHCP (or bce?) on 3.8
On 2006/04/04 14:01, Tomas Bodzar wrote: But worst thing is that my Broadcom 440x isn't running. It's possible that support for your NIC was added between 3.8 and 3.9; you could try booting from the install kernel (bsd.rd) for a -current snapshot and see if it behaves. If so, you could wait for 3.9 as it's likely to work there too (not too long a wait if you've ordered CDs), or run -current snapshots if you are happy to do so.
Re: OpenBSD 3.9-stable (not current) install?
Paulo Rodriguez wrote: - Oorspronkelijk bericht - Van: Steve Williams [mailto:[EMAIL PROTECTED] Verzonden: dinsdag, april 4, 2006 05:55 AM Aan: misc@openbsd.org Onderwerp: OpenBSD 3.9-stable (not current) install? ... If I want to install OpenBSD 3.9-stable (or the release ..), what is the easiest way to do that? I'd reckon that would be purchasing the cd's :) They seem to be available in Europe already if I'm correct! Hi, OK, Thanks for that info. I did not realize that pre-order meant available before release date. I thought they would be available May 1. Given that I live in the same city as Theo (Calgary, Canada), I better be able to find them! :-) Thanks, Steve Williams
character devices
Hi everyone, 1. Is it possible to create character device on fly from kernel module after modules is loaded? 2. If not, can I clone my main char device that created with kernel module? 3. If not. I can create symbolic link to the main char device and then use it to read/write/ioctl function. Is it possible to find out which file application was trying to open. For example, I will create link from /dev/test to /dev/test_main. I need to know that application opened /dev/test and not /dev/test_main. Thank you for any ideas Al
svnd security
I recently read this in an interview dated December 2005 to a NetBSD programmer: The biggest drawback of svnd is its lack of security in the general use case. It is vulnerable to an offline dictionary attack. That is, you can generate a database mapping known ciphertext blocks on the disk back into pass phrases that can be accessed in O(1) without even being in possession of the disk. What's even worse is that the same database will work on any svnd disk. It is possible--and perhaps even likely--that large agencies such as the NSA have constructed such a database and can crack a majority of the svnds in the world in less than a second. It sounds scary,specially for those of us who do not understand too much about computers, I basically wanted to know if there is any truth in all this or it just another persorn trying to sell his product well by undermining others. Zoraya Source of interview: http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html
Re: OpenBSD 3.9-stable (not current) install?
I apologize, maybe I wasn't totally clear. Pre-ordering does usually mean you get the cds quite early. However there is no guarantee this happens BEFORE the official release date. Off the record though, I've been buying the CD's since 3.2 and everytime I got it a couple of days before official release date, sometimes even earlier. It does pay off to support the project :) I mean, who can't spare 8 euros a month for a top-notch OS? Specially since at some point, you were able to purchase the material to run it on... Cheers, P Steve Williams schreef: Paulo Rodriguez wrote: - Oorspronkelijk bericht - Van: Steve Williams [mailto:[EMAIL PROTECTED] Verzonden: dinsdag, april 4, 2006 05:55 AM Aan: misc@openbsd.org Onderwerp: OpenBSD 3.9-stable (not current) install? ... If I want to install OpenBSD 3.9-stable (or the release ..), what is the easiest way to do that? I'd reckon that would be purchasing the cd's :) They seem to be available in Europe already if I'm correct! Hi, OK, Thanks for that info. I did not realize that pre-order meant available before release date. I thought they would be available May 1. Given that I live in the same city as Theo (Calgary, Canada), I better be able to find them! :-) Thanks, Steve Williams
Re: svnd security
It sounds scary,specially for those of us who do not understand too much about computers, I basically wanted to know if there is any truth in all this or it just another persorn trying to sell his product well by undermining others. say hello to the archives.
Re: 3.9 coming out
My guess is that it was a PHP exploit. There are a plethora of them available. Ken -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David B. Sent: Monday, April 03, 2006 4:41 AM To: misc@openbsd.org Subject: 3.9 coming out hi, I see 3.9 is getting ready to be released. Do you plan on bundling Apache2 with it? it would seem a logical thing to do, since the Apache version currently bundled with it seems to have problems. I just lost my entire development box to a hack this week, right through smoothwall's DMZ. I had apache up, postgresql installed with the mod_php as the middleware. All settings were default and the only port I had open was 80 through smoothwall. I even had all packets dropped that came from asia, south america and africa. The point being, if you sell security as your market niche, you might want to make sure that, at least, Apache be up to date, and not a version from 5 years ago where who knows how many hacks there are out there for it. I don't mind rebuilding my development box from scratch because that's why I had it on the net like that anyway, simply to see how long it would take for someone to crash it. It took less than a month - that's not very good from a default security viewpoint. I'm assuming of course that Apache is the problem, as there are no logs or anyway to tell what happened, but the hard drive started to make an awful screaching sound as the drive was apparently being forced to track the heads back and forth very quickly. The drive is fine, but apache and postgresql won't start, and the wtmp file was erased, so that when I did a 'last' only my most recent login came up. Anyway, it would be nice if Apache 2 were available for 3.9
First OpenBSD 3.9 CD in Europe
Hi guys! I couldn't resist posting a picture of the first delivered 3.9 CD in Europe (bwahaha victory is mine!!!). So, enjoy this fantastic life action picture ;) http://users.pandora.be/parecon/firstowyeah.jpg Either way, for those in Europe who haven't ordered their CD-set yet... WHAT THE HELL YOU WAITING FOR?!? The stickers are great, upgrade was painless and quick on 3 machines, and it contains one of the catchiest songs ever released. Cheers, P
Re: 3.9 cds are arriving in Europe
Op 4/4/2006 schreef Nico Meijer [EMAIL PROTECTED]: Hi all, Well, thanks again to Wim: the 3.9 cds are arriving. :-) Nicely wrapped in a top notch t-shirt (if you ordered one, of course) comes beautiful artwork, with some cds to match, swiftly delivered via the friendly UPS guy. And blob-free, no less! :-) This package is once again well worth the money, so order up if you haven't done so already. A happy camper... Nico Ah, I can't wait to get home ;-) Cheers, Jasper
Re: OpenBGP: aggregating routes / set neighbor next-hop
On 04/04/06, Claudio Jeker [EMAIL PROTECTED] wrote: On Tue, Apr 04, 2006 at 11:46:24AM +0100, tony sarendal wrote: On 04/04/06, Falk Brockerhoff [EMAIL PROTECTED] wrote: Am 29.03.2006 um 14:32 schrieb Falk Brockerhoff: that, again, is sth nobody ever asked for or missed :) however, the (completely untested except for compilation) diff below should add set nexthop self. Ui, you're realy fast :-) Thank you for your quick response. I'll compile this and test it with a spare old Cisco-Router as Development-Core next weekend. I'll give you a feedback about it. The next-hop patch is working perfectly, thanks! But I've got another problem: actually I'm announcing the following prefixes from a testing core-router to the border-router running openBGPd: Dest/mask Next-Hop Med LocalPref 192.168.0.0/24 10.0.0.6--- 100 192.168.0.0/29 10.0.0.6 --- 100 10.0.0.4/30 10.0.0.6 --- 100 192.168.1.153/32 10.0.0.6--- 100 - 192.168.0.0/24 is an aggregated prefix, caused by 192.168.0.1/29. - 10.0.0.4/30 is from the transfer-network between my core (10.0.0.6) and the openbgpd-router (10.0.0.5). - 192.168.1.153/32 is the loopback-address of the core. In the openbgpd.conf I configured network 192.168.0.0/24. This prefix is correctly announced by openbgpd to my external neighbor. But on my open BGPd-router I can't ping the address 192.168.0.1, which is configured on a interface at the core-router: $ ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes ping: sendto: No route to host ping: wrote 192.168.0.1 64 chars, ret=-1 $ bgpctl sh rib 192.168.0.1 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI* 192.168.0.0/240.0.0.0100 0 i I*192.168.0.0/2410.0.0.6 100 0 i Any idea, what's going on here? my bgpd.conf: AS 64400 router-id 192.168.1.150 network 192.168.0.0/24 Why do you have network 192.168.0.0/24 in bgpd.conf if you already get that prefix from the core router ? Above you could see 192.168.0.0/24 from the core router and the local box, the local /24 was chosen as best path. Some pure guess work here: Do you have a /24 network statement in your bgpd.conf but no real route for it ? Maybe this in bgpd means that you will announce that /24, basically beating the /24 you are receiving from the core, and thus not installing that /24 into the routing table. Yes. Announced networks will not install routes in the FIB additionally they do not need a present route in the FIB (this is different from most other routing suites). So you either need to install a static route for 192.168.0.0/24, remove the network 192.168.0.0/24 on the border router, twiddle with localpref to make the core router prefix prefered or use some IGP. Just removing the network statement should do it since he already sets nexthop self on the core router. /Tony
Re: Problem with DHCP (or bce?) on 3.8
Stuart Henderson wrote: On 2006/04/04 14:01, Tomas Bodzar wrote: But worst thing is that my Broadcom 440x isn't running. It's possible that support for your NIC was added between 3.8 and 3.9; you could try booting from the install kernel (bsd.rd) for a -current snapshot and see if it behaves. If so, you could wait for 3.9 as it's likely to work there too (not too long a wait if you've ordered CDs), or run -current snapshots if you are happy to do so. If we had a dmesg, that would be nice... I had the same issue recently with my laptop with a broadcom 440x NIC. My problem was that I was dual-booting the laptop, and when I would reboot windows and boot into OBSD, Windows shuts down and leaves the NIC in a state where OBSD can't use it. A patch was issued in February, and I still get the error messsage when I boot up. A workaround (for me, anyway) is to issue the commands like this: # ifconfig bce0 up (I get the error message: timed out disabling ethernet mac) #ifconfig bce0 up (no error message) then issue: #dhclient bce0 (if you use dhcp) That works for me. of course, YMMV... Hope that helps... Bryan
Re: svnd security
[EMAIL PROTECTED] wrote: It sounds scary,specially for those of us who do not understand too much about computers, I basically wanted to know if there is any truth in all this or it just another persorn trying to sell his product well by undermining others. If the NSA really wants to get your info then there are many ways they can try. Does this really worry you? Svnd will stop your coworker, boss, wife, thieves, script kiddies, the local police, and almost anyone else. Try to keep your really secret things written on flash paper so that you can burn them at a moment's notice. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: First OpenBSD 3.9 CD in Europe
Very nice T-Shirt! Paulo Rodriguez wrote: Hi guys! I couldn't resist posting a picture of the first delivered 3.9 CD in Europe (bwahaha victory is mine!!!). So, enjoy this fantastic life action picture ;) http://users.pandora.be/parecon/firstowyeah.jpg Either way, for those in Europe who haven't ordered their CD-set yet... WHAT THE HELL YOU WAITING FOR?!? The stickers are great, upgrade was painless and quick on 3 machines, and it contains one of the catchiest songs ever released. Cheers, P
VLAN-Problems
Hi all, i am currently setting up a new firewall for our department. I already set up an OpenBSD Firewall and i am very satisfied with it :-) The new machine is set up to use dot1q vlans in order to save on interfaces and ports in our Cisco switch. This is the first time i am using dot1q and i am experiencing strange problems, which are not easy to describe, but i will try: Generally, operation is *very* slow, if i try to ping one of the machine's interfaces, one ping is echoed, then it pauses for a minute, then another ping comes though. ssh'ing into the box is possible after some 20 seconds delay (no, it is not reserve dns lookup), i can type commands and see the outputs, interspersed with occasional delays. As soon as i do a tcpdump on the interface that i used to login, the connection is dead. Logging in and working locally works w/o problems. Routing is very sluggish, close to unusable. Some questions (could not find answers with google or mailinglist): - Do the physical interfaces need an ip address (i guess not) - Can i filter on the physical interfaces in pf / do i have to explicitly pass them (does not seem to make a difference) If i change the configuration to non-vlan operation everything runs fine :-) I am attaching ifconfig and dmesg output. The physical interface, sk0 is shown as having no carrier, this is because i had to pull the plug while taking the information because another machine (our old firewall) was running with the same address. I have googled and looked in the mailing list, but did not find such problems mentioned. Does anybody have an idea? If i cannot get this to work, someone else will probably set up a linux firewall, which i would rather try to avoid.. I am not sure what type of switch is on the other end, here is some output that the admin mailed me: vlan 86 name WLAN ! vlan 182 name BackBone ! interface FastEthernet6/19 description k307 n2340-19a switchport trunk encapsulation dot1q switchport trunk allowed vlan 16,86,182,231,232 switchport mode trunk duplex full Thanks for any hints, Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - Phone : +49/421/218-4664 Fax :-3341 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 sk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 media: Ethernet autoselect (1000baseT half-duplex) status: no carrier xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0a:5e:61:7a:2d media: Ethernet autoselect (none) status: no carrier xl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0a:5e:61:7a:04 media: Ethernet autoselect (none) status: no carrier pflog0: flags=0 mtu 33224 pfsync0: flags=0 mtu 1348 enc0: flags=0 mtu 1536 vlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 16 parent interface: sk0 groups: vlan inet 134.102.176.250 netmask 0xff00 broadcast 134.102.176.255 vlan1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 231 parent interface: sk0 groups: vlan vlan4: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 182 parent interface: sk0 groups: vlan egress inet 134.102.186.20 netmask 0xff00 broadcast 134.102.186.255 vlan5: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 86 parent interface: sk0 groups: vlan inet 172.21.1.8 netmask 0x broadcast 172.21.255.255 OpenBSD 3.8-stable (ANT) #2: Thu Mar 30 16:59:00 CEST 2006 [EMAIL PROTECTED]:/root/flashboot-0.9beta1/obj/ANT cpu0: AMD Athlon(tm) 64 Processor 3000+ (AuthenticAMD 686-class, 512KB L2 cache) 1.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD Powernow: FID VID TTP TM STC real mem = 536125440 (523560K) avail mem = 459415552 (448648K) using 4278 buffers containing 26910720 bytes (26280K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 11/03/05, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5980/192 (10 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x800 0xcb800/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA K8HTB Host rev 0x00 pchb1 at pci0
Re: OpenBSD 3.9-stable (not current) install?
Pre-ordering does usually mean you get the cds quite early. However there is no guarantee this happens BEFORE the official release date. Sometimes the plant is slow. Sometimes the plant is fast. Sometimes the printed art comes back early, sometimes it does not. Here's a little surprising thing. There is no machine in Canada which can do inserts into this particular CD case (becuase of the swing tray) so all the parts have to be hand assembled. This time the CDs came very early. But not everything came fast - in Canada we still do not have the new tshirts. We may do the actual release a little bit earlier. We'll see.
Re: Bluetooth in OpenBSD
[EMAIL PROTECTED] wrote: Hi, I must admit I never tried that before myself on OBSD, but did use BT on phones on different occasions. I see several points of potential failures here. 1.) Bluetooth connection Are you sure you have connected to the phone? Did you exchange Bluetooth passphrase (a few characters, that you chose yourself) on the computer and on the mobile? Or is the phone paired with your computer (it allows connection establishment automatically)? When used with Windows the phone is paired with the computer with a PIN number, with OBSD I am still trying to work out how to pair it once I know if it is recognised. This tells me that you don't have a BT connection working, possibly because there is no BT support in GENERIC, as Otto pointed out. 2.) GPRS/3G connection when you use *99#, you use a GPRS (or 3G) connection for data transfer. Depending on the phone model you use, you might still need to set the GPRS (3G) access point correctly. So when you issue the at dt*99#; commamd in a terminal window, does the phone start a GPRS (3G) connection? This is usually indicated by some status indicators in the phone's display. If nothing happens, you might need to set the PDP GPRS context information via AT+CGDCONT= command. See http://www.3gpp.org/ftp/Specs/html-info/27060.htm for more information on mobile stations in the packet data domain. The phone is not 3G, so it uses GPRS, you are right I had to set up some instruccions in the configurations, but it was fairly easy as my Telecom provider told me what to do on a free phonenumber. Again this is on Windows. You probably have to set the same information in your ppp scripts. 3.) Your ppp scripts :-) I'm not an expert here and cannot help here. OK, I understand the best I can do is to get the dmesg and post it here so somebody who understands can see what is going on, I would have already done so if I could email it straight from OBSD, I just need to work out some way of copying the dmesg file to Windows, I will post it tomorrow. Thanks Zoraya PS: Something tells me is not going to work :( At least not immediately :-) BR Marcus
Re: VLAN-Problems
The first thing I noticed is that SK0 is only at half duplex and you have duplex full on the switch port. This can cause similar problems to what you are describing. I've found it always best to set the speed duplex on both devices (switch and PC) when creating trunks. HTH -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heinrich Rebehn Sent: Tuesday, April 04, 2006 12:13 PM To: misc@openbsd.org Subject: VLAN-Problems Hi all, i am currently setting up a new firewall for our department. I already set up an OpenBSD Firewall and i am very satisfied with it :-) The new machine is set up to use dot1q vlans in order to save on interfaces and ports in our Cisco switch. This is the first time i am using dot1q and i am experiencing strange problems, which are not easy to describe, but i will try: Generally, operation is *very* slow, if i try to ping one of the machine's interfaces, one ping is echoed, then it pauses for a minute, then another ping comes though. ssh'ing into the box is possible after some 20 seconds delay (no, it is not reserve dns lookup), i can type commands and see the outputs, interspersed with occasional delays. As soon as i do a tcpdump on the interface that i used to login, the connection is dead. Logging in and working locally works w/o problems. Routing is very sluggish, close to unusable. Some questions (could not find answers with google or mailinglist): - Do the physical interfaces need an ip address (i guess not) - Can i filter on the physical interfaces in pf / do i have to explicitly pass them (does not seem to make a difference) If i change the configuration to non-vlan operation everything runs fine :-) I am attaching ifconfig and dmesg output. The physical interface, sk0 is shown as having no carrier, this is because i had to pull the plug while taking the information because another machine (our old firewall) was running with the same address. I have googled and looked in the mailing list, but did not find such problems mentioned. Does anybody have an idea? If i cannot get this to work, someone else will probably set up a linux firewall, which i would rather try to avoid.. I am not sure what type of switch is on the other end, here is some output that the admin mailed me: vlan 86 name WLAN ! vlan 182 name BackBone ! interface FastEthernet6/19 description k307 n2340-19a switchport trunk encapsulation dot1q switchport trunk allowed vlan 16,86,182,231,232 switchport mode trunk duplex full Thanks for any hints, Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - Phone : +49/421/218-4664 Fax :-3341 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 sk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 media: Ethernet autoselect (1000baseT half-duplex) status: no carrier xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0a:5e:61:7a:2d media: Ethernet autoselect (none) status: no carrier xl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0a:5e:61:7a:04 media: Ethernet autoselect (none) status: no carrier pflog0: flags=0 mtu 33224 pfsync0: flags=0 mtu 1348 enc0: flags=0 mtu 1536 vlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 16 parent interface: sk0 groups: vlan inet 134.102.176.250 netmask 0xff00 broadcast 134.102.176.255 vlan1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 231 parent interface: sk0 groups: vlan vlan4: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 182 parent interface: sk0 groups: vlan egress inet 134.102.186.20 netmask 0xff00 broadcast 134.102.186.255 vlan5: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 86 parent interface: sk0 groups: vlan inet 172.21.1.8 netmask 0x broadcast 172.21.255.255 OpenBSD 3.8-stable (ANT) #2: Thu Mar 30 16:59:00 CEST 2006 [EMAIL PROTECTED]:/root/flashboot-0.9beta1/obj/ANT cpu0: AMD Athlon(tm) 64 Processor 3000+ (AuthenticAMD 686-class, 512KB L2 cache) 1.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD Powernow: FID VID TTP TM STC real mem = 536125440 (523560K) avail mem = 459415552 (448648K) using 4278 buffers containing 26910720 bytes (26280K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 11/03/05, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at
Re: VLAN-Problems
On 04/04/06, Heinrich Rebehn [EMAIL PROTECTED] wrote: interface FastEthernet6/19 description k307 n2340-19a switchport trunk encapsulation dot1q switchport trunk allowed vlan 16,86,182,231,232 switchport mode trunk duplex full sk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:d4:de:cf:88 media: Ethernet autoselect (1000baseT half-duplex) status: no carrier Do you have full duplex hardcoded on the switch and sk0 set to auto negotiate ? /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: VLAN-Problems
On 2006/04/04 13:24, Rob Gault wrote: The first thing I noticed is that SK0 is only at half duplex OP says the cable is out. However auto and duplex full are likely to not be compatible (they aren't for 10/100, though I'm not sure about gig). I am attaching ifconfig and dmesg output. The physical interface, sk0 is shown as having no carrier, this is because i had to pull the plug while taking the information because another machine (our old firewall) was running with the same address. What steps are taken to clear ARP caches, etc?
Belkin wireless adapter
Hello, I've just gotten a Belkin F5D7050 USB wireless adapter and it's not being recognized. When I insert the adapter, I get: ugen1: Belkin USB2.0 WLAN, rev 2.00/48.10, addr 2 From the archives, the ural driver should be picking this up but it's not. I'm running a GENERIC -snapshot kernel. Thank you. - Sky.
Re: Belkin wireless adapter
On Tue, 2006-04-04 at 10:45 -0700, Sky McKinley wrote: Hello, I've just gotten a Belkin F5D7050 USB wireless adapter and it's not being recognized. When I insert the adapter, I get: ugen1: Belkin USB2.0 WLAN, rev 2.00/48.10, addr 2 From the archives, the ural driver should be picking this up but it's not. usbdevs -dv output?
Re: Belkin wireless adapter
HI, Sky McKinley wrote: ugen1: Belkin USB2.0 WLAN, rev 2.00/48.10, addr 2 From the archives, the ural driver should be picking this up but it's not. could you show us the output from # usbdevs -v reyk
Re: why is there . [dot] in default PATH?
On Mon, 2006-04-03 at 23:09 +0100, Nick Guenther wrote: On 4/3/06, Han Boetes [EMAIL PROTECTED] wrote: Jon Kent wrote: This one kinda supprised me. When I was looking around by new 3.8 install I noticed that in /etc/skel/.profile that PATH contains a . in it, which I found supprising as I've always assumed that this was not a sensible thing to do. I've taken it out as I'm not too happy when having the current directory in the path. As long as it is at the end of your PATH it's not that bad. That's good to know. I never even noticed that before. Also: root never gets . in $PATH, right? -Nick You right, root does not get the . in the $PATH. Having . in anyones $PATH is very brain dead and I'm supprised to see it in OpenBSD Regards Jon
Re: 3.9 coming out
The Apache 1.3 series is being actively maintained, and developed at a leisurely pace, to maintain stability. Releases will be made to address security issues, or after a comfortable number of bug fixes or improvements have been made. Significantly new features are unlikely to be added to 1.3 in preference to 2.0, although important new features and enhancements will be seriously considered for inclusion in 1.3. -- http://httpd.apache.org/download.cgi The Apache 1.3 strain is still a very active project. The code is much less complex than V2 and thus easier to debug/secure. If you don't need all of the added bells whistles in V2, then sticking with 1.3 is a pretty decent idea. In fact, it's still actively packaged with commercial solutions (including OS X/OS X Server 10.4). One of the main advantages of OpenBSD is that it doesn't bundle a ton of features with the OS. It's a very clean, lean, basic installation that I can add the few things I need running on a server. Compared to Red Hat Enterprise, OpenBSD is much easier to manage/secure because of it's clean design. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David B. Sent: Monday, April 03, 2006 4:41 AM To: misc@openbsd.org Subject: 3.9 coming out hi, I see 3.9 is getting ready to be released. Do you plan on bundling Apache2 with it? it would seem a logical thing to do, since the Apache version currently bundled with it seems to have problems. I just lost my entire development box to a hack this week, right through smoothwall's DMZ. I had apache up, postgresql installed with the mod_php as the middleware. All settings were default and the only port I had open was 80 through smoothwall. I even had all packets dropped that came from asia, south america and africa. The point being, if you sell security as your market niche, you might want to make sure that, at least, Apache be up to date, and not a version from 5 years ago where who knows how many hacks there are out there for it. I don't mind rebuilding my development box from scratch because that's why I had it on the net like that anyway, simply to see how long it would take for someone to crash it. It took less than a month - that's not very good from a default security viewpoint. I'm assuming of course that Apache is the problem, as there are no logs or anyway to tell what happened, but the hard drive started to make an awful screaching sound as the drive was apparently being forced to track the heads back and forth very quickly. The drive is fine, but apache and postgresql won't start, and the wtmp file was erased, so that when I did a 'last' only my most recent login came up. Anyway, it would be nice if Apache 2 were available for 3.9
Re: Belkin wireless adapter
On Apr 4, 2006, at 11:10 AM, Reyk Floeter wrote: HI, Sky McKinley wrote: ugen1: Belkin USB2.0 WLAN, rev 2.00/48.10, addr 2 From the archives, the ural driver should be picking this up but it's not. could you show us the output from # usbdevs -v reyk Sure enough... Controller /dev/usb0: addr 1: full speed, self powered, config 1, OHCI root hub(0x), Apple(0x106b), rev 1.00 port 1 powered port 2 powered Controller /dev/usb1: addr 1: full speed, self powered, config 1, OHCI root hub(0x), Apple(0x106b), rev 1.00 port 1 powered port 2 powered Controller /dev/usb2: addr 1: full speed, self powered, config 1, OHCI root hub(0x), Apple(0x106b), rev 1.00 port 1 addr 2: full speed, self powered, config 1, product 0x8203(0x8203), Apple Computer(0x05ac), rev 5.26 port 2 powered Controller /dev/usb3: addr 1: full speed, self powered, config 1, OHCI root hub(0x), NEC(0x1033), rev 1.00 port 1 powered port 2 powered port 3 powered Controller /dev/usb4: addr 1: full speed, self powered, config 1, OHCI root hub(0x), NEC(0x1033), rev 1.00 port 1 powered port 2 powered Controller /dev/usb5: addr 1: high speed, self powered, config 1, EHCI root hub(0x), NEC(0x1033), rev 1.00 port 1 addr 3: high speed, power 500 mA, config 1, USB2.0 WLAN(0x705c), Belkin(0x050d), rev 48.10 port 2 addr 2: high speed, power 200 mA, config 1, Cruzer Mini(0x5150), SanDisk Corporation(0x0781), rev 0.10 port 3 powered port 4 powered port 5 powered - Sky.
Re: why is there . [dot] in default PATH?
Jon Kent wrote: Hi, This one kinda supprised me. When I was looking around by new 3.8 install I noticed that in /etc/skel/.profile that PATH contains a . in it, which I found supprising as I've always assumed that this was not a sensible thing to do. I've taken it out as I'm not too happy when having the current directory in the path. Any ideas why this is there? Thanks I cannot see how this would be exploitable. root doesn't have . in it's PATH. Other people were discussing cat and cta for example. For this to work, one would have to be able to write to the victim's home directory, and - of course - the victim would have to make that typo. And it only works when targeting a user, not the computer itself. I would consider it something handy, in case you don't have write access outside your home directory, so you can use your own executables, that can be executed without adding the full path. In my opinion this bug|feature|exploit doesn't pose any threat to system security. Actually that . has been there since the very first version of skel/dot.profile CVS check in. Glenn
Re: VLAN-Problems
Stuart Henderson wrote: On 2006/04/04 13:24, Rob Gault wrote: The first thing I noticed is that SK0 is only at half duplex OP says the cable is out. However auto and duplex full are likely to not be compatible (they aren't for 10/100, though I'm not sure about gig). I will double check that when i'm at work again tomorrow. The switch port is set to 10/100. I am attaching ifconfig and dmesg output. The physical interface, sk0 is shown as having no carrier, this is because i had to pull the plug while taking the information because another machine (our old firewall) was running with the same address. What steps are taken to clear ARP caches, etc? I did an arp -d ip_of_firewall on the accessing host. However, the setup worked perfectly, when i switched to non-vlan mode, so i do not think it is an arp problem. I did have to select different port switches for non-vlan mode, though. So i cannot rule out a problem with the switch port. I will ask the switch admin for help, maybe there is some debugging facility on the cisco. Any other ideas? Heinrich
Re: Belkin wireless adapter
On Tue, 2006-04-04 at 11:52 -0700, Sky McKinley wrote: port 1 addr 3: high speed, power 500 mA, config 1, USB2.0 WLAN(0x705c), Belkin(0x050d), rev 48.10 The 0x705c has a ZyDAS ZD1211 chipset in it, the 0x7050 is Ralink. You're another victim of wireless vendors who are in the nasty habit of changing chipsets without changing card model number: welcome in the club ;) -David
Re: why is there . [dot] in default PATH?
On Tue, Apr 04, 2006 at 09:15:58PM +0200, RedShift wrote: [...] Other people were discussing cat and cta for example. For this to work, one would have to be able to write to the victim's home directory, Do you never cd out of your home? Ciao Kili
IPCP: timeout sending Config-Requests - vodafone mobile connect 3g card
Hi, I got a vodafone pcmcia mobile connect 3g/gprs datacard today. I tried it on my laptop running 3.9-stable. Previously, I used a siemens connect 2 air cf card to connect via gprs without problems and I used almost identical pppd scripts. With the vodafone card (actually from www.OPTION.com) I'm not able to make a gprs connection as I get the following error after +/- 20 seconds: Apr 4 21:08:14 nc6000 pppd[22150]: pppd 2.3.5 started by didier, uid 0 Apr 4 21:08:18 nc6000 pppd[22150]: Connect: ppp0 -- /dev/ttyU0 Apr 4 21:08:48 nc6000 pppd[22150]: IPCP: timeout sending Config-Requests Apr 4 21:08:54 nc6000 pppd[22150]: Connection terminated. Here is the (partial) output of usbdevs -v: Controller /dev/usb4: addr 1: full speed, self powered, config 1, OHCI root hub(0x), Opti(0x1045), rev 1.00 port 1 addr 2: full speed, power 100 mA, config 1, Vodafone Mobile Connect Card - 3G(0x5000), Vodafone(0x0af0), rev 0.01 port 2 powered Here is my pppd gprs script (this script works with the siemens card): /dev/ttyU0 115200 defaultroute lock noauth debug connect '/usr/sbin/chat -f /etc/ppp/peers/gprs.chat' Here is the gprs chat script (it works with the siemens card). ABORT BUSY ABORT 'NO CARRIER' ABORT VOICE ABORT NO DIALTONE ATZ OK AT+CPIN= OK AT+CGDCONT=1,IP,web.pt.lu OK ATDT*99***1# 'CONNECT' '\c' 'TIMEOUT' '5' I had a look at the pppd man and tried the following 2 options: ipcp-accept-local and ipcp-accept-remote, without success. I must admit that I'm not very comfortable with pppd, so any help is welcome. Thanks a lot Didier
Re: why is there . [dot] in default PATH?
On Tue, 2006-04-04 at 21:15 +0200, RedShift wrote: I cannot see how this would be exploitable. root doesn't have . in it's PATH. Other people were discussing cat and cta for example. For this to work, one would have to be able to write to the victim's home directory, and - of course - the victim would have to make that typo. And it only works when targeting a user, not the computer itself. I would consider it something handy, in case you don't have write access outside your home directory, so you can use your own executables, that can be executed without adding the full path. In my opinion this bug|feature|exploit doesn't pose any threat to system security. Actually that . has been there since the very first version of skel/dot.profile CVS check in. Glenn Can see your point here, but I prefer to play on the paranoid side of fence hence my dislike of this. I'm not sure it should be there by default, rather if you like it you should add it. Jon
Re: why is there . [dot] in default PATH?
--- Matthias Kilian [EMAIL PROTECTED] wrote: On Tue, Apr 04, 2006 at 09:15:58PM +0200, RedShift wrote: [...] Other people were discussing cat and cta for example. For this to work, one would have to be able to write to the victim's home directory, Do you never cd out of your home? No, he never goes out. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: IPCP: timeout sending Config-Requests - vodafone mobile connect 3g card
On Tue, Apr 04, 2006 at 07:50:15PM +, Didier Wiroth wrote: | Hi, | | I got a vodafone pcmcia mobile connect 3g/gprs datacard today. I tried it on my laptop running 3.9-stable. | Previously, I used a siemens connect 2 air cf card to connect via gprs without problems and I used almost identical pppd scripts. | | With the vodafone card (actually from www.OPTION.com) I'm not able to make a gprs connection as I get the following error after +/- 20 seconds: | Apr 4 21:08:14 nc6000 pppd[22150]: pppd 2.3.5 started by didier, uid 0 | Apr 4 21:08:18 nc6000 pppd[22150]: Connect: ppp0 -- /dev/ttyU0 | Apr 4 21:08:48 nc6000 pppd[22150]: IPCP: timeout sending Config-Requests | Apr 4 21:08:54 nc6000 pppd[22150]: Connection terminated. | | Here is the (partial) output of usbdevs -v: | Controller /dev/usb4: | addr 1: full speed, self powered, config 1, OHCI root hub(0x), Opti(0x1045), rev 1.00 | port 1 addr 2: full speed, power 100 mA, config 1, Vodafone Mobile Connect Card - 3G(0x5000), Vodafone(0x0af0), rev 0.01 | port 2 powered | | Here is my pppd gprs script (this script works with the siemens card): | /dev/ttyU0 | 115200 | defaultroute | lock | noauth | debug | connect '/usr/sbin/chat -f /etc/ppp/peers/gprs.chat' | | Here is the gprs chat script (it works with the siemens card). | ABORT BUSY | ABORT 'NO CARRIER' | ABORT VOICE | ABORT NO DIALTONE | ATZ | OK AT+CPIN= | OK AT+CGDCONT=1,IP,web.pt.lu | OK ATDT*99***1# | 'CONNECT' '\c' | 'TIMEOUT' '5' Try some more debugging on the chatscript. Change the pppd gprs script to use the following : connect '/usr/sbin/chat -v -f /etc/ppp/peers/gprs.chat' Also try using kdebug 7 This greatly increases pppd debugging, both from the in-kernel ppp driver and from the chatscript. Closely watch your logfiles and see what you can find from there. Cheers, Paul 'WEiRD' de Weerd PS: Please wrap your lines at 72 chars. -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: odd dmesg
--- Theo de Raadt [EMAIL PROTECTED] wrote: On iic bus 0, you have a sch5017 chip at address 0x2e for which we do not have a driver yet: http://ftp.smsc.com/main/datasheets/5017.pdf start at page 230 Your other iic bus appears has the same chip, or maybe it is two iic busses wired together. Thanks. I started to dig in /usr/src/sys/dev/i2c, and, I think, I found the function that is resulting in my dmesg dump for iic. The result seems to be coming from /usr/src/sys/dev/i2c/i2c_scan.c (function icc_dump). If I am following the source code correctly, it looks like the setup for iic is: pci-iic-individual iic drivers. Looks like the drivers have a parent/child relationship. Each driver writes to the following structures: cfattach (which contains the malloc size of struct xx_softc) cfdriver which are a part of cfdata and the drivers also write to struct sensor. The drivers also contain the registers per their docs. It looks like reads are performed on the register using iic_exec() at the address of the device, which is passed down from the parent as a parameter (void *aux). In this case, I guess the driver for all iic devices. The drivers look to contain match, attach, and refresh functions. Where I seem to be lost is how the driver data coming from the calls to iic_exec ends up in sysctl. And if I were to write a driver based on the previous drivers all ready in /usr/src/sys/dev/i2c, how would I debug it? And I still am not sure how I would add it to the kernel since I have all ways used GENERIC. I guess I can dig through the config man pages. I have never written a driver, so I am clueless. I guess I'll keep digging, but thanks for the help. Cheers, Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: IPCP: timeout sending Config-Requests - vodafone mobile connect 3g card
On Tue, Apr 04, 2006 at 07:50:15PM +, Didier Wiroth wrote: Here is my pppd gprs script (this script works with the siemens card): I've noticed that the options I had to use with the Siemens Connect2Air card differed from what I had to use with the 3G cards I used. For use with the german telco e-plus I had to add various options to the pppd option file that change the behaviour in ip negotiation. Here is the gprs chat script (it works with the siemens card). that it works with the siemens card does not mean anything. While most of the cards have generally a set of commands that is the same across all of them (AT+CPIN, AT+CGDCONT), some of them have a subset to their own. I see you've added debug to the pppd option file, have you enabled the debugging to the logfile in syslog as well (pppd(8) explains that). Your syslogd.conf should be configured to log daemon.debug as well, otherwise the output that debug triggers is not logged to /var/log/messages. (if this would be the case, there would be lots more debugging output). felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based hosting/solutions/ideas
IO fencing question
Greetings, I've built a pair of 6-interface OBSD 3.7 routers for use at work. These routers have 4 Fibre GigE interfaces each, and 2 copper GigE interfaces ea as follows: carp{0,1,2,3,4} production,integration,staging,systest,dmz_1 respectively stge{0,1,2,3} production,integration,staging,systest respectively em0 sync device rl0 dmz_1 the machines are core-master and core-backup, the vip is core-rtr. stge1 on core-master has a fibre running to the left fiber MDA port on a Nortel (BayStack) 350-24T switch, while stge1 on core-backup runs to the right MDA port (they both are 'port 25' in the switch). stge{2,3} behave similarly on 2 other identical switches. stge0 on both routers go to 2 separate fibre ports on a larger Nortel 8600. Example: If I'm out on the production net (stge0) and start an ssh session to a host out on the development net (stge1), and start a ping in the session back to a host on the production network, and then pull plug on core-master (I know, ouch) it might drop a ping, but otherwise works flawlessly! Really sweet. The problems occur during a 'soft' failure, e.g. a reboot or a halt without power off. To be fair, I do not think it's carp that's causing the problem, the backup instantly becomes the master. It appears to be something with either the MDAs not failing over or an issue with the stge0 interfaces on two separate fibre ports on the big switch. It's only a problem if the failing host does not get powered off. My thoughts have been: * put both hosts on a serial power strip - on a failure, surviving node powers off the failed node. * have a scripted way to simulate that all of the interfaces are powered off. (or heck, maybe even just being automatically downed might do it) Question: Can someone recommend a solution to this problem, or point me at a doc or software that can help me with this? Thanks, Chris
Re: why is there . [dot] in default PATH?
On Tue, Apr 04, 2006 at 08:56:39PM +0100, Jon Kent wrote: Can see your point here, but I prefer to play on the paranoid side of fence hence my dislike of this. I'm not sure it should be there by default, rather if you like it you should add it. Inexperienced users might add it to the beginning of PATH, so having it at the end by default is a reasonable compromise. Anyone with enough experience to know why they want it removed also has enough experience to remove it themselves. Regards, Andrew Dalgleish
Re: why is there . [dot] in default PATH?
Hi! On Tue, Apr 04, 2006 at 09:15:58PM +0200, RedShift wrote: [...] I cannot see how this would be exploitable. root doesn't have . in it's PATH. Other people were discussing cat and cta for example. For this to work, one would have to be able to write to the victim's home directory, and - of course - the victim would have to make that typo. And it only works when targeting a user, not the computer itself. 1. IIRC sudo keeps $PATH 2. Both as root and as me, I sometimes cd to /tmp or /var/tmp I would consider it something handy, in case you don't have write access outside your home directory, so you can use your own executables, that can be executed without adding the full path. For that, I routinely add $HOME/bin to the path and put my own stuff (mostly shell scripts though) there. In my opinion this bug|feature|exploit doesn't pose any threat to system security. And in my opinion, it does. What about secure by default? If you want it less secure/paranoid, you can still change it yourself. Kind regards, Hannah.
Re: disable listen on ports
On Sun, Apr 02, 2006 at 10:14:11PM +0530, Niklaus wrote: How do i disable users on a system to run their own http proxy. I don't want to allow users who have login accounts on my system to listen to any port . How do i do that. man pf.conf search for the word 'user', you need the third match. -- Igor CacoDem0n Grabin, http://violent.death.kiev.ua/
OpenBSD 3.9 CDs at LinuxWorld Boston
Thanks to Austin, I have a stack of OpenBSD 3.9 CDs for sale at the BSD expo booth. Come out tomorrow and get them while they're still hot! :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: why is there . [dot] in default PATH?
Hi! On Wed, Apr 05, 2006 at 07:35:32AM +1000, Andrew Dalgleish wrote: On Tue, Apr 04, 2006 at 08:56:39PM +0100, Jon Kent wrote: Can see your point here, but I prefer to play on the paranoid side of fence hence my dislike of this. I'm not sure it should be there by default, rather if you like it you should add it. Inexperienced users might add it to the beginning of PATH, so having it at the end by default is a reasonable compromise. For that it'd be enough to have a line with dot at the end of the path in there, commented out, perhaps with a line like #If you really want the current directory in your path, you should #at least add it at the end, like this: #PATH=foo:bar:. ^^^ Here copy the path you set by default, w/o . Anyone with enough experience to know why they want it removed also has enough experience to remove it themselves. Secure by Default. Regards, Andrew Dalgleish Kind regards, Hannah.
Re: why is there . [dot] in default PATH?
--- Hannah Schroeter [EMAIL PROTECTED] wrote: Hi! On Wed, Apr 05, 2006 at 07:35:32AM +1000, Andrew Dalgleish wrote: On Tue, Apr 04, 2006 at 08:56:39PM +0100, Jon Kent wrote: Can see your point here, but I prefer to play on the paranoid side of fence hence my dislike of this. I'm not sure it should be there by default, rather if you like it you should add it. Inexperienced users might add it to the beginning of PATH, so having it at the end by default is a reasonable compromise. For that it'd be enough to have a line with dot at the end of the path in there, commented out, perhaps with a line like #If you really want the current directory in your path, you should #at least add it at the end, like this: #PATH=foo:bar:. ^^^ Here copy the path you set by default, w/o . Anyone with enough experience to know why they want it removed also has enough experience to remove it themselves. Secure by Default. Regards, Andrew Dalgleish Kind regards, Hannah. If my suggestion is completely ridiculous, sorry. But, if . is removed from the default path, wouldn't it make sense to add in a comment in afterboot (8)? It does seem to be a deviation from the way that the other *nix's have there defaults. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
When would you NOT use OpenBSD?
This is a serious question, for heavy users of OpenBSD in big/production/heavy-traffic situations. For years, our small company used OpenBSD for *EVERYTHING* because I personally prefer it. (We run a pretty popular database-driven website.) All mail servers, web servers, database servers, were all OpenBSD. But then some threads-issue with MySQL on OpenBSD made us switch to FreeBSD for our database server, in an emergency. The increasing load on the server was making OpenBSD buckle, and switching to FreeBSD (on the same hardware!) was a 100x speed improvement. Unfortunately, we switched other servers to FreeBSD, too, to standardize, and have been almost entirely FreeBSD, since. Ah, but this was back in 2001 or so. I know things in OpenBSD are better now. SMP. Etc. Things at our company have grown enough so that we finally have load-balanced servers, so not all traffic needs to be whomping a single server. We're setting up some new hardware, and I want us to take a look at OpenBSD again for things like webservers and database servers. (Not too happy with the SMP in FreeBSD.) Maybe even get back to our old situation of being 100% OpenBSD for everything. Which leads me to my real question for you heavy users of OpenBSD in big/production/heavy-traffic situations: When would you NOT use OpenBSD? When would you choose one of the other *nix over OpenBSD? Is OpenBSD appropriate for a busy webserver or super-loaded database server? I've seen old O.S. shootouts benchmarks comparing O.S.'s and often showing Linux or FreeBSD excelling at webserving or database-performance, but I don't know if that's just old data or the benchmarkers didn't have OpenBSD tweaked right. As you can tell I'd *like* to go back to OpenBSD-everywhere but thought it would be wise to ask the misc@ gang about this first. Thanks!
GNU license files rules replacement guidelines with BSD one
I am not sure that this is a simple question, but what's the rules if any, or guide line someone can go under to replace files and code with BSD type in a project for example. I need some help understanding what's right and what's wrong and where the line is if any and what's proper and what's not. Let say that you have a GNU project and that you need to keep full compatibility with the system calls, in/out, same function names and in some cases structure, but the way the process is done is different. At what point is it correct and possible to ripe a GNU file and replace it with a BSD file if possible. Can that be done? What about if a file only have include files left in it, but is still under a GNU license. I guess it can't be replace right? Example would: /* * license text * bla bla bla * */ #include shit.h and shit.h is a file from that project but the content of shit.h have changed or will changed. Is that burn in for ever in it's life and the only way to do this would be to have a new file called newshit.h and then call it from ever everywhere shit.h was called from. I hope my question make sense, I am trying to understand that process if that's even possible to understand it somewhat. This is very confusing to me. Reading on the subject doesn't provide clear guideline someone could go by if any. I don't want this to turn into a flame war however. If that's where it might be going, don't answer. I am just trying to understand the process and how it's getting done properly. I see on Google that some project were GNU and then got switch to BSD after some part that were include in the original project were replace by other BSD version. So, no more GNU was there, so it didn't apply anymore. Google give me huge results on the subject, but so far, nothing clean that I can understand properly. SO, I guess it's not an easy question. I hope I am not offending anyone asking that question! Thanks Daniel
C++ textbooks: recommendations?
i need to learn C++, but do not know where to begin with textbooks or online docs. since, AFAICT, there are a great many skilled programmers on list, i would appreciate any recommendations that can be made about introductory and intermediate texts on C++. my motivation for asking this is to avoid purchasing texts that will sit on my shelf and collect dust. there are a great many introductory texts on nearly every subject that do just that and/or don't cover enough material in sufficient depth. are there any texts on best practices for writing exploit-free code? if you feel this is insufficiently openbsd related, please reply off-list to reduce chatter. cheers, jake
Re: GNU license files rules replacement guidelines with BSD one
On 4/4/06, Daniel Ouellet [EMAIL PROTECTED] wrote: I am not sure that this is a simple question, but what's the rules if any, or guide line someone can go under to replace files and code with BSD type in a project for example. I need some help understanding what's right and what's wrong and where the line is if any and what's proper and what's not. Let say that you have a GNU project and that you need to keep full compatibility with the system calls, in/out, same function names and in some cases structure, but the way the process is done is different. At what point is it correct and possible to ripe a GNU file and replace it with a BSD file if possible. Can that be done? What about if a file only have include files left in it, but is still under a GNU license. I guess it can't be replace right? Example would: /* * license text * bla bla bla * */ #include shit.h and shit.h is a file from that project but the content of shit.h have changed or will changed. Is that burn in for ever in it's life and the only way to do this would be to have a new file called newshit.h and then call it from ever everywhere shit.h was called from. I hope my question make sense, I am trying to understand that process if that's even possible to understand it somewhat. I am just trying to understand the process and how it's getting done properly. I see on Google that some project were GNU and then got switch to BSD after some part that were include in the original project were replace by other BSD version. So, no more GNU was there, so it didn't apply anymore. Google give me huge results on the subject, but so far, nothing clean that I can understand properly. SO, I guess it's not an easy question. I hope I am not offending anyone asking that question! My understanding is that the owner of the copyright can change the license at any time, but that that change only applies to new versions. So: if you are forking someone else's GNU code then you can't arbitrarily make it BSD (because of the restrictions in the GPL). I think, though, that it doesn't work the other way; the very open BSD license allows for someone to take BSD code, make a change (or none?) and relabel it all GPL. if you are the original author of the code (and you haven't given the rights away) then you can change the license at any time, but that change only applies to new versions. You can take down old versions but it's still perfectly legal for anyone with a copy of it to post it and continue to work on it under the old license. Correct me if I'm wrong! -Nick
gcc miscompiles ntohs16() inline assembly in OpenBSD 3.8
We have found an 'interesting interaction' between the gcc compiler and OpenBSD's inline assembly definition of ntohs(). The resulting bug in the generated assembly causes corrupted data under the following circumstances: * The 16-bit value from ntohs() is directly assigned to a 32-bit variable. * The 32-bit variable is a local stack variable. * gcc is set to -march=i686 * OpenBSD 3.8 (gcc 3.3.5) The attached .tar.gz contains detailed information including test code and assembly output. Summary: gcc uses a 16-bit 'movw' instruction to move the ntohs() end result to the 32-bit stack variable, which leaves the upper 2 bytes of the 32-bit stack variable uninitialized with random garbage. The problem was not immediately apparent on Debian Sarge, which also uses gcc 3.3.5 (but with different default settings, and no pro-police, etc). This is probably a bug we need to file with the gcc people, but we want to give a heads-up to OpenBSD first, and see if this rings a bell here. (Or yell if we missed something!) +++chefren p.s. If the attachment is stripped: http://idd.nl/test-ntohs.tar.gz [demime 1.01d removed an attachment of type application/gzip which had a name of test-ntohs.tar.gz]
Re: GNU license files rules replacement guidelines with BSD one
Nick Guenther wrote: My understanding is that the owner of the copyright can change the license at any time, but that that change only applies to new versions. So: if you are forking someone else's GNU code then you can't arbitrarily make it BSD (because of the restrictions in the GPL). I think, though, that it doesn't work the other way; the very open BSD license allows for someone to take BSD code, make a change (or none?) and relabel it all GPL. if you are the original author of the code (and you haven't given the rights away) then you can change the license at any time, but that change only applies to new versions. You can take down old versions but it's still perfectly legal for anyone with a copy of it to post it and continue to work on it under the old license. Correct me if I'm wrong! -Nick IANAL, but I believe the copyright holder can offer the work under any license they wish, even without making a new version, as long as the licenses are non-exclusive (i.e., if I've licensed my work to you exclusively, then I can NOT also license it under GPL or BSD.) There are examples out there of multiple simultaneous licenses. So, the trick here might be to ask the author(s) if they'd be willing to put it out under BSD as well as GPL. Many open source people use GPL by default and are not fanatics about it either way. Worth an email... -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: gcc miscompiles ntohs16() inline assembly in OpenBSD 3.8
On 2006/04/05 01:06, chefren wrote: * gcc is set to -march=i686 fwiw, this is recommended against for OpenBSD..
Re: GNU license files rules replacement guidelines with BSD one
No, I don't think this is quite correct. GPL cannot be revoked by the author and, what is more, a new version being classed as a 'derived work' would still under the terms of GPL be classed as GPL and the original author couldn't do anything about it. - Linus faces this issue with future versions of Linux, he doesn't like GPL 3 and won't accept it but he can't take GPL 2 off Linux kernel since it is an evolving project and is derived from previous versions. If the author, however, stated that the code could be used within GPL projects with a primary license being an alternative to GPL and that the use of the software within GPL projects was under the proviso that the rights of the author and the original license weren't broken then GPL couldn't be enforced... strictly speaking this may mean that you wouldn't be strictly legitimate in using the software in many GPL license scenarios since the licensing terms conflict, however, some 'open source' communities don't seem to care about that as much as we do. -Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Guenther Sent: 04 April 2006 23:49 To: OpenBSD-Misc Subject: Re: GNU license files rules replacement guidelines with BSD one On 4/4/06, Daniel Ouellet [EMAIL PROTECTED] wrote: I am not sure that this is a simple question, but what's the rules if any, or guide line someone can go under to replace files and code with BSD type in a project for example. I need some help understanding what's right and what's wrong and where the line is if any and what's proper and what's not. Let say that you have a GNU project and that you need to keep full compatibility with the system calls, in/out, same function names and in some cases structure, but the way the process is done is different. At what point is it correct and possible to ripe a GNU file and replace it with a BSD file if possible. Can that be done? What about if a file only have include files left in it, but is still under a GNU license. I guess it can't be replace right? Example would: /* * license text * bla bla bla * */ #include shit.h and shit.h is a file from that project but the content of shit.h have changed or will changed. Is that burn in for ever in it's life and the only way to do this would be to have a new file called newshit.h and then call it from ever everywhere shit.h was called from. I hope my question make sense, I am trying to understand that process if that's even possible to understand it somewhat. I am just trying to understand the process and how it's getting done properly. I see on Google that some project were GNU and then got switch to BSD after some part that were include in the original project were replace by other BSD version. So, no more GNU was there, so it didn't apply anymore. Google give me huge results on the subject, but so far, nothing clean that I can understand properly. SO, I guess it's not an easy question. I hope I am not offending anyone asking that question! My understanding is that the owner of the copyright can change the license at any time, but that that change only applies to new versions. So: if you are forking someone else's GNU code then you can't arbitrarily make it BSD (because of the restrictions in the GPL). I think, though, that it doesn't work the other way; the very open BSD license allows for someone to take BSD code, make a change (or none?) and relabel it all GPL. if you are the original author of the code (and you haven't given the rights away) then you can change the license at any time, but that change only applies to new versions. You can take down old versions but it's still perfectly legal for anyone with a copy of it to post it and continue to work on it under the old license. Correct me if I'm wrong! -Nick
Re: gcc miscompiles ntohs16() inline assembly in OpenBSD 3.8
On 04/05/06 01:18, Stuart Henderson wrote: On 2006/04/05 01:06, chefren wrote: * gcc is set to -march=i686 fwiw, this is recommended against for OpenBSD.. Of course we know that... How do you think that irritating recommendation will ever get away without debugging? +++chefren (Who doesn't know if this is strictly -march=i686 )
Re: gcc miscompiles ntohs16() inline assembly in OpenBSD 3.8
On Wed, 5 Apr 2006, chefren wrote: [snip] How do you think that irritating recommendation will ever get away without debugging? By getting rid of gcc. ; Sorry could not resist that one ;-) ++mbk
Re: gcc miscompiles ntohs16() inline assembly in OpenBSD 3.8
On Wed, 5 Apr 2006, chefren wrote: [snip] How do you think that irritating recommendation will ever get away without debugging? By getting rid of gcc. ; Sorry could not resist that one ;-) Actually I bet ntohs16 is violating C aliasing rules. So getting rid of GCC actually is wrong. Getting rid of these aliasing violations is the correct way. -- Pinski
problem installing OpenBSD on LSI MegaRAID
I bought a new 1U server with an Intel SE7221BK-1E Entry Server Board, a LSI MegaRAID Sata 150-4D SER523 REV B2 card, and two Seagate Barracuda 400 GBytes hard drives. Problem: When I install OpenBSD 3.8, and I get to the part that says: Proceed with install? [no] I type y and I get: No disks found Is there anything I can do at this point? Below is my dmesg: OpenBSD 3.8 (RAMDISK_CD) #794: Sat Sep 10 15:58:32 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,EST,CNXT-ID real mem = 1064824832 (1039868K) avail mem = 966029312 (943388K) using 4278 buffers containing 53342208 bytes (52092K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 04/19/05, BIOS32 rev. 0 @ 0xf0010 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf54a0/240 (13 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x2640 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x9400! 0xc9800/0x1000 0xca800/0x2200 0xcd000/0x1000 0xce000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7221 MCH Host rev 0x05 vga1 at pci0 dev 2 function 0 Intel E7221 Video rev 0x05 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci2 at ppb1 bus 4 ppb2 at pci1 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 3 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 3 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 5 ehci0: timed out waiting for BIOS usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xd3 pci4 at ppb3 bus 2 em0 at pci4 dev 3 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 3, address: 00:0e:0c:4b:73:ea ichpcib0 at pci0 dev 31 function 0 Intel 82801FB LPC rev 0x03: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LITE-ON, DVD SOHD-16P9SV, F$01 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801FR SATA rev 0x03: DMA, channel 0 wired to native-PCI, channel 1 wired to compatibility pciide1: using irq 11 for native-PCI interrupt pciide1: couldn't map channel 1 cmd regs Intel 82801FB SMBus rev 0x03 at pci0 dev 31 function 3 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ffed netmask ffed ttymask ffef rd0: fixed, 3800 blocks root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02 fd0: timeout (st0 20seek_cmplt cyl 0) fd0a: soft error reading fsbn 0
Re: GNU license files rules replacement guidelines with BSD one
On Wed, 5 Apr 2006 00:15:02 +0100 Andrew Smith [EMAIL PROTECTED] wrote: GPL cannot be revoked by the author and, what is more, a new version being classed as a 'derived work' would still under the terms of GPL be classed as GPL and the original author couldn't do anything about it. Revoking is not involved here. The copyright holder can do whatever he or she wants with their code. If I made something GPL, I can turn around and make it BSD licensed, or close the source and not license it at all, its up to me. If you can still get your hands on the code from when it was licensed under the GPL, then your copy is still under the GPL, and you can do whatever the GPL allows. But it has no impact at all on future versions and how I choose to license them. - Linus faces this issue with future versions of Linux, he doesn't like GPL 3 and won't accept it but he can't take GPL 2 off Linux kernel since it is an evolving project and is derived from previous versions. No, he can't take the GPL 2 off because hundreds of different people own the copyright to GPL code in the kernel. All of them would need to agree to re-license it. Adam
Re: GNU license files rules replacement guidelines with BSD one
On 2006/04/05 00:15, Andrew Smith wrote: GPL cannot be revoked by the author Cannot be revoked but can be re-licenced by the author under another license. Where there's more than one author, all must agree to the change. This leads to dual-licensed code having things like http://www.digium.com/disclaimer.txt for submitters. Yeuch.
Re: problem installing OpenBSD on LSI MegaRAID
On Tue, Apr 04, 2006 at 05:01:21PM -0700, Smith wrote: I bought a new 1U server with an Intel SE7221BK-1E Entry Server Board, a LSI MegaRAID Sata 150-4D SER523 REV B2 card, and two Seagate Barracuda 400 GBytes hard drives. Problem: When I install OpenBSD 3.8, and I get to the part that says: Proceed with install? [no] I type y and I get: No disks found Is there anything I can do at this point? Below is my dmesg: OpenBSD 3.8 (RAMDISK_CD) #794: Sat Sep 10 15:58:32 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,EST,CNXT-ID real mem = 1064824832 (1039868K) avail mem = 966029312 (943388K) using 4278 buffers containing 53342208 bytes (52092K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 04/19/05, BIOS32 rev. 0 @ 0xf0010 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf54a0/240 (13 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x2640 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x9400! 0xc9800/0x1000 0xca800/0x2200 0xcd000/0x1000 0xce000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7221 MCH Host rev 0x05 vga1 at pci0 dev 2 function 0 Intel E7221 Video rev 0x05 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci2 at ppb1 bus 4 ppb2 at pci1 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 3 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 3 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 5 ehci0: timed out waiting for BIOS usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xd3 pci4 at ppb3 bus 2 em0 at pci4 dev 3 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 3, address: 00:0e:0c:4b:73:ea ichpcib0 at pci0 dev 31 function 0 Intel 82801FB LPC rev 0x03: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LITE-ON, DVD SOHD-16P9SV, F$01 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801FR SATA rev 0x03: DMA, channel 0 wired to native-PCI, channel 1 wired to compatibility pciide1: using irq 11 for native-PCI interrupt pciide1: couldn't map channel 1 cmd regs Intel 82801FB SMBus rev 0x03 at pci0 dev 31 function 3 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ffed netmask ffed ttymask ffef rd0: fixed, 3800 blocks root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02 fd0: timeout (st0 20seek_cmplt cyl 0) fd0a: soft error reading fsbn 0 Are you using floppyB, which supports RAID controllers? http://www.openbsd.org/faq/faq4.html#MkInsMedia - David
Re: C++ textbooks: recommendations?
That's easy. Get the information for the guy who envisioned the language. _The C++ Programming Language_ Bjarne Stroustrup. Addison-Wesley, 2000 ISBN: 0201700735 http://www.amazon.com/gp/product/0201700735/sr=1-1/qid=1144196764/ref=sr_1_1/104-6908142-7055123?%5Fencoding=UTF8s=books -- Original message -- From: [EMAIL PROTECTED] i need to learn C++, but do not know where to begin with textbooks or online docs. since, AFAICT, there are a great many skilled programmers on list, i would appreciate any recommendations that can be made about introductory and intermediate texts on C++. my motivation for asking this is to avoid purchasing texts that will sit on my shelf and collect dust. there are a great many introductory texts on nearly every subject that do just that and/or don't cover enough material in sufficient depth. are there any texts on best practices for writing exploit-free code? if you feel this is insufficiently openbsd related, please reply off-list to reduce chatter. cheers, jake
Re: GNU license files rules replacement guidelines with BSD one
On 4/4/06, Daniel Ouellet [EMAIL PROTECTED] wrote: Let say that you have a GNU project and that you need to keep full compatibility with the system calls, in/out, same function names and in some cases structure, but the way the process is done is different. At what point is it correct and possible to ripe a GNU file and replace it with a BSD file if possible. Can that be done? What about if a file only have include files left in it, but is still under a GNU license. I guess it can't be replace right? if there is code in the header file, it can be copyrighted. however, i don't believe interfaces for the most part can be. if you want to play it safe: find a partner. write down there is a function called foo taking 2 int arguments. there is a struct called bar with fields a, b and c. slide paper across desk to partner; tell him to start typing.
Re: problem installing OpenBSD on LSI MegaRAID
On 2006/04/04 20:21, David Hill wrote: Are you using floppyB, which supports RAID controllers? http://www.openbsd.org/faq/faq4.html#MkInsMedia OpenBSD 3.8 (RAMDISK_CD) #794: Sat Sep 10 15:58:32 MDT 2005 So does the CD - the controller would appear as an unsupported device if this was the case anyway, and it's not listed at all. Unsupported bridge somewhere perhaps? Try a snapshot...
Re: Moving a file mount point
--- Karl Kopp [EMAIL PROTECTED] wrote: Hi All, I've setup a Cisco replacement using OpenBSD and OpenBGPd and man, this thing FLIES :) I paid almost $3k AUD recently for another 64MB of RAM for our Cisco 2610 and it was still struggling under the load of 6 - 8mb/sec! The new OpenBSD box is running at less that 2% CPU pushing 20mb/sec - and cost less than the RAM alone :) One thing I need to do urgently tho is move my /var mount - I'm not 100% how to do this on a running box with the least amount of down time. Any hints / advice would be greatly appreciated! Thanks Karl Does this help: http://www.openbsd.org/faq/faq14.html#NewDisk I am not sure what you mean by move. Move where? I assume you meant to a new drive, so the FAQ above should help. Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Cross compiling 3.8-stable on i386 for mac68k
I have a source tree for 3.8-stable, updated using cvsup. Have successfully used this source tree to do a 'make build' for i386, however, when I attempt the first step for cross compiling for mac68k: ( cd /usr/src; make TARGET=mac68k cross-distrib ) It hangs at the following: (cd /usr/src/gnu/usr.bin/binutils; MAKEOBJDIR=obj.i386.mac68k TARGET_ARCH=`cat /usr/cross/mac68k/TARGET_ARCH` make -f Makefile.bsd-wrapper depend MAKEOBJDIR=obj.i386.mac68k TARGET_ARCH=`cat /usr/cross/mac68k/TARGET_ARCH` make -f Makefile.bsd-wrapper all DESTDIR=/usr/cross/mac68k MAKEOBJDIR=obj.i386.mac68k make -f Makefile.bsd-wrapper install) # Nothing here so far... make: don't know how to make gas/doc/as.cat1. Stop in /usr/src/gnu/usr.bin/binutils. *** Error code 2 Stop in /usr/src (line 131 of Makefile.cross). Any suggestions on what I could edit (perhaps in /usr/src/gnu/usr.bin/binutils/Makefile.bsd-wrapper) to make this work? I have moved the same source tree over to the quadra 700 machine using rsync, and attempted a build on there too, but it hangs during libc. On that same machine, I had previously attempted it with a anon cvs obtained src tree for 3.8-stable and the same hang happens, so something seems to be not right. I am well aware that in http://www.openbsd.org/faq/faq5.html it states Compiling your own system as a way of upgrading it is not supported., however, it is the most convenient way for me at this time, as for starters, it is a headless machine. Ideally I would like to get cross compiling working, as it takes forever to native compile mac68k on the quadra, let alone the se/30. Any advice to help to get this working would be greatly appreciated. .d.d.
Re: Belkin wireless adapter
The 0x705c has a ZyDAS ZD1211 chipset in it, the 0x7050 is Ralink. A Ralink based F5D7050 can be unambiguously identified via it's FCC ID. It will be printed on the device (and IIRC the box). FCC ID K7SF5D7050A is an RT25xx based device. ural0: Belkin Belkin 54g USB Network Adapter, rev 2.00/0.01, addr 2 ural0: MAC/BBP RT2571 (rev 0x03), RF RT2526, address 00:11:50:nn:nn:nn https://gullfoss2.fcc.gov/prod/oet/cf/eas/reports/ViewExhibitReport.cfm?mode=ExhibitsRequestTimeout=500calledFromFrame=Napplication_id=228345fcc_id='K7SF5D7050A'
Re: Belkin wireless adapter
On Wed, Apr 05, 2006 at 02:07:54AM +0100, pedro la peu wrote: The 0x705c has a ZyDAS ZD1211 chipset in it, the 0x7050 is Ralink. A Ralink based F5D7050 can be unambiguously identified via it's FCC ID. It will be printed on the device (and IIRC the box). FCC ID K7SF5D7050A is an RT25xx based device. ural0: Belkin Belkin 54g USB Network Adapter, rev 2.00/0.01, addr 2 ural0: MAC/BBP RT2571 (rev 0x03), RF RT2526, address 00:11:50:nn:nn:nn https://gullfoss2.fcc.gov/prod/oet/cf/eas/reports/ViewExhibitReport.cfm?mode=ExhibitsRequestTimeout=500calledFromFrame=Napplication_id=228345fcc_id='K7SF5D7050A' Right, RT2571 is the second generation USB Ralink wireless. It is mostly a total redesign like the rt2600 was for PCI/CardBus. It is quite similiar to the rt2600 in terms of register layout, efforts are underway to support them but are not yet complete.
ipsec.conf - specifying peer as a fqdn, possible?
Hello, i've been testing some vpn configurations with ipsecctl - ipsec.conf on 3.9-CURRENT (i386), a snapshot from March 30 2006. Is there a way to specify the peer as a fqdn in a ike esp rule? something like: ike dynamic esp from 10.150.150.2 to 192.168.1.0/24 peer vpn.example.com (dstid should probably be added) when using this, i get the following error: # ipsecctl -vnf ipsec.conf no IP address found for vpn.example.com I know the man page quite clearly says that all addresses in such a rule have to be specified in CIDR notation, but using a fqdn for the peer could be useful for setups in which the endpoint has a dynamic ip and uses something like dyndns to have a fqdn pointing at the right ip. Did I miss something obvious, or there are legitimate reasons for making this stuff ip addresses only? Thanks Jean
Re: When would you NOT use OpenBSD?
Lars Hansson wrote: On Wednesday 05 April 2006 06:25, Miles Keaton wrote: When would you NOT use OpenBSD? When you run applications that *REALLY* needs SMP, not that there are a lot of those. Or when your application simply do not run on OpenBSD for some reason. When would you choose one of the other *nix over OpenBSD? When they're more suitable for the task. Not that it has ever been the case for me. Is OpenBSD appropriate for a busy webserver or super-loaded database server? Webserver yes. Super-loaded MySql server? Dunno, depends on how much MySql sucks these days. I've seen old O.S. shootouts benchmarks comparing O.S.'s and often showing Linux or FreeBSD excelling at webserving or database-performance, but I don't know if that's just old data or the benchmarkers didn't have OpenBSD tweaked right. Benchmarks are like assholes, everyone has one but you're better off only minding your own. Lars Hansson Loved the last one so I wanna add that I m comming from a Linux background, used freebsd for years, I m gonna never regret I found OpenBsd in the way. My Last Linux box (Suse) was the day I found my router in my office with a kernel panic message after 1 year working fine patched up as always. In the same box without any hardware changes I run now an Openbsd Webserver from then till now holding more than 30 domain names some with lot of traffic almost unpatched and unupdated (3.2 stable). I bet if I left it there unpatched for the next 5 years I will not wake up one morning and find it down if will be no hardware problem. And yes thats not the proper way to go as an administrator but thats what I like on Openbsd. Very glad for the $1 from mozzila I hope We can do that too one day. -Chris. PS. Yes When I want to play Fancy Games and just kill my time I have no prob using Windows. I had even a Game Server in Openbsd and it wasn t never down.
Re: C++ textbooks: recommendations?
I would not suggest C++ for anything! On 4/4/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: i need to learn C++, but do not know where to begin with textbooks or online docs. since, AFAICT, there are a great many skilled programmers on list, i would appreciate any recommendations that can be made about introductory and intermediate texts on C++. my motivation for asking this is to avoid purchasing texts that will sit on my shelf and collect dust. there are a great many introductory texts on nearly every subject that do just that and/or don't cover enough material in sufficient depth. are there any texts on best practices for writing exploit-free code? if you feel this is insufficiently openbsd related, please reply off-list to reduce chatter. cheers, jake
Re: ipsec.conf - specifying peer as a fqdn, possible?
On Tue, 4 Apr 2006 22:54:54 -0400, Jean Raby wrote: Hello, i've been testing some vpn configurations with ipsecctl - ipsec.conf on 3.9-CURRENT (i386), a snapshot from March 30 2006. Is there a way to specify the peer as a fqdn in a ike esp rule? something like: ike dynamic esp from 10.150.150.2 to 192.168.1.0/24 peer vpn.example.com (dstid should probably be added) when using this, i get the following error: # ipsecctl -vnf ipsec.conf no IP address found for vpn.example.com I know the man page quite clearly says that all addresses in such a rule have to be specified in CIDR notation, but using a fqdn for the peer could be useful for setups in which the endpoint has a dynamic ip and uses something like dyndns to have a fqdn pointing at the right ip. Did I miss something obvious, or there are legitimate reasons for making this stuff ip addresses only? I have a patch from Hans-Joerg Hoexer which should allow this but I cannot test it for a little while because my build machine is tied up with another task that has several days to run yet. Of course you'll have to run -current to use it. Meanwhile you can do what I did where one end of a connection was on a dynamic ip: Register the dynamic host with dydndns.com (f.q.d.n used here as a guide) Have ipsec.conf rules look like: ike esp from 10.99.99.0/24 to 172.16.99.0/24 peer 1.2.3.4 srcid static.example.com dstid f.q.d.n (for example. You'll need a full set at each end.) Then have a cron job at the static end that checks to see if the IP changes and if it does then have a script that rewrites ipsec.conf with the new peer IP and does ipsecctl -f /etc/ipsec.conf at the end. The script, of course, only needs to update the static end rules. That isn't really hard to do. From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Re: ipsec.conf - specifying peer as a fqdn, possible?
Yup, sounds like a good workaround. Actually, both end points have dynamic ips so the script would have to get the peer's ip from the fqdn but that's not a problem. If you don't mind sending the patch my way, i'd like to see the diff, i tried to figure out how that stuff worked yesterday, but it was getting late... Thanks Jean On 4/4/06, Rod.. Whitworth [EMAIL PROTECTED] wrote: On Tue, 4 Apr 2006 22:54:54 -0400, Jean Raby wrote: Hello, i've been testing some vpn configurations with ipsecctl - ipsec.conf on 3.9-CURRENT (i386), a snapshot from March 30 2006. Is there a way to specify the peer as a fqdn in a ike esp rule? something like: ike dynamic esp from 10.150.150.2 to 192.168.1.0/24 peer vpn.example.com (dstid should probably be added) when using this, i get the following error: # ipsecctl -vnf ipsec.conf no IP address found for vpn.example.com I know the man page quite clearly says that all addresses in such a rule have to be specified in CIDR notation, but using a fqdn for the peer could be useful for setups in which the endpoint has a dynamic ip and uses something like dyndns to have a fqdn pointing at the right ip. Did I miss something obvious, or there are legitimate reasons for making this stuff ip addresses only? I have a patch from Hans-Joerg Hoexer which should allow this but I cannot test it for a little while because my build machine is tied up with another task that has several days to run yet. Of course you'll have to run -current to use it. Meanwhile you can do what I did where one end of a connection was on a dynamic ip: Register the dynamic host with dydndns.com (f.q.d.n used here as a guide) Have ipsec.conf rules look like: ike esp from 10.99.99.0/24 to 172.16.99.0/24 peer 1.2.3.4 srcid static.example.com dstid f.q.d.n (for example. You'll need a full set at each end.) Then have a cron job at the static end that checks to see if the IP changes and if it does then have a script that rewrites ipsec.conf with the new peer IP and does ipsecctl -f /etc/ipsec.conf at the end. The script, of course, only needs to update the static end rules. That isn't really hard to do. From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.