Shouldn't loopback interface like hostname.lo1 show up in the bgpd fib table just like any other configured interfaces?
Hi, I am curious as to if this is really normal. I would say not, but may be I miss something, or miss understood something. All active and configured interfaces does show up in the fib table as they should and same for the standard loopback on as well as below: Loopback interface lo0 at 127.0.0.1/8 is present in the fib table: # ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33160 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 # bgpctl s f 127.0.0.0 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags destination gateway *S r 127.0.0.0/8 127.0.0.1 So, I would assume that configuring and additional loopback interface in hostname.lo2 for example should show up the same way on reboot just like any other interfaces on the router specially if it is showing up in the ipconfig as well no? Why is it not present in the fib table? Example: # ifconfig lo2 inet 10.0.0.1 netmask 255.255.255.0 # ifconfig lo2 up # # ifconfig lo2 lo2: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33160 groups: lo inet 10.0.0.1 netmask 0xff00 Should show up the same way in the fib table no? # bgpctl s f 10.0.0.0 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags destination gateway *SN 0.0.0.0/066.63.0.145 Is there something I am missing? This is on 4.4 Thanks for your time and input. Daniel == OpenBSD 4.4 (GENERIC) #1559: Wed Aug 6 11:30:53 MDT 2008 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1059876864 (1010MB) avail mem = 1028841472 (981MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.34 @ 0x3ff7c000 (46 entries) bios0: vendor IBM version IBM BIOS Version 1.28 -[P4E128AUS-1.28]- date 03/29/ 2006 bios0: IBM IBM eServer 326m -[796976U]- acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SRAT SSDT SSDT APIC SPCR acpi0: wakeup devices RTC_(S5) COMA(S5) COMB(S5) PXB2(S5) PXB3(S5) EXB2(S5) EXB3 (S5) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PPBX) acpiprt2 at acpi0: bus 1 (PXB_) acpiprt3 at acpi0: bus 3 (PXB2) acpiprt4 at acpi0: bus 4 (PXB3) acpiprt5 at acpi0: bus 6 (EXB1) acpiprt6 at acpi0: bus 5 (EXB2) acpiprt7 at acpi0: bus 7 (EXB3) acpicpu0 at acpi0 acpibtn0 at acpi0: PWRB ipmi at mainbus0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: Dual Core AMD Opteron(tm) Processor 280, 2394.35 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16- way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 89 present, BIOS upgrade may be required pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 1 function 0 ServerWorks HT-1000 PCI rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 13 function 0 ServerWorks HT-1000 PCIX rev 0xb2 pci2 at ppb1 bus 2 pciide0 at pci1 dev 14 function 0 ServerWorks HT-1000 SATA rev 0x00: DMA pciide0: using irq 11 for native-PCI interrupt pciide0: port 0: device present, speed: 1.5Gb/s wd0 at pciide0 channel 0 drive 0: WDC WD800JD-23LSA0 wd0: 16-sector PIO, LBA48, 76324MB, 156312576 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: port 1: PHY offline pciide0: port 2: PHY offline pciide0: port 3: PHY offline pciide1 at pci1 dev 14 function 1 ServerWorks HT-1000 SATA rev 0x00 piixpm0 at pci0 dev 2 function 0 ServerWorks HT-1000 rev 0x00: polling iic0 at piixpm0 spdmem0 at iic0 addr 0x52: 512MB DDR SDRAM registered ECC PC3200CL3.0 spdmem1 at iic0 addr 0x53: 512MB DDR SDRAM registered ECC PC3200CL3.0 pciide2 at pci0 dev 2 function 1 ServerWorks HT-1000 IDE rev 0x00: DMA atapiscsi0 at pciide2 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8240N, 1.06 ATAPI 5/cdrom r emovable cd0(pciide2:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 0 pcib0 at pci0 dev 2 function 2 ServerWorks HT-1000 LPC rev 0x00 ohci0 at pci0 dev 3 function 0 ServerWorks HT-1000 USB rev 0x01: irq 10, versi on 1.0, legacy support ohci1 at pci0 dev 3 function 1 ServerWorks HT-1000 USB rev 0x01: irq 10, versi on 1.0, legacy support ehci0 at pci0 dev 3
Re: (bit)torrent openbsd client
On Wed, 28 Jan 2009, Matt Bettinger wrote: I use rtorrent. This is a console based client , check the ports. It works fine and has many features and views. The only problem I have with it is that everytime you start the client it rehashes all of your files. It does this even if the option to rehash complete files is set to off or no in the .rtorrent.rc file in ~ which can a pita if you have some huge files. I typically keep it running all the time so this isn't really THAT much of an issue for me. It will only rehash on startup if you are the initial seeder AFAIR. Kind regards, Markus
Re: Shouldn't loopback interface like hostname.lo1 show up in the bgpd fib table just like any other configured interfaces?
On Thu, Jan 29, 2009 at 02:57:09AM -0500, Daniel Ouellet wrote: Hi, I am curious as to if this is really normal. I would say not, but may be I miss something, or miss understood something. All active and configured interfaces does show up in the fib table as they should and same for the standard loopback on as well as below: Loopback interface lo0 at 127.0.0.1/8 is present in the fib table: # ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33160 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 # bgpctl s f 127.0.0.0 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags destination gateway *S r 127.0.0.0/8 127.0.0.1 So, I would assume that configuring and additional loopback interface in hostname.lo2 for example should show up the same way on reboot just like any other interfaces on the router specially if it is showing up in the ipconfig as well no? Why is it not present in the fib table? Example: # ifconfig lo2 inet 10.0.0.1 netmask 255.255.255.0 # ifconfig lo2 up # # ifconfig lo2 lo2: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33160 groups: lo inet 10.0.0.1 netmask 0xff00 Should show up the same way in the fib table no? # bgpctl s f 10.0.0.0 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags destination gateway *SN 0.0.0.0/066.63.0.145 Is there something I am missing? This is on 4.4 It does but not when the interface is added during runtime. Bgpd is missing the necessary hooks to get new interface addresses during runtime. This is an item on my todolist. -- :wq Claudio
Re: Shouldn't loopback interface like hostname.lo1 show up in the bgpd fib table just like any other configured interfaces?
Claudio Jeker wrote: On Thu, Jan 29, 2009 at 02:57:09AM -0500, Daniel Ouellet wrote: Hi, I am curious as to if this is really normal. I would say not, but may be I miss something, or miss understood something. All active and configured interfaces does show up in the fib table as they should and same for the standard loopback on as well as below: Loopback interface lo0 at 127.0.0.1/8 is present in the fib table: # ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33160 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 # bgpctl s f 127.0.0.0 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags destination gateway *S r 127.0.0.0/8 127.0.0.1 So, I would assume that configuring and additional loopback interface in hostname.lo2 for example should show up the same way on reboot just like any other interfaces on the router specially if it is showing up in the ipconfig as well no? Why is it not present in the fib table? Example: # ifconfig lo2 inet 10.0.0.1 netmask 255.255.255.0 # ifconfig lo2 up # # ifconfig lo2 lo2: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33160 groups: lo inet 10.0.0.1 netmask 0xff00 Should show up the same way in the fib table no? # bgpctl s f 10.0.0.0 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags destination gateway *SN 0.0.0.0/066.63.0.145 Is there something I am missing? This is on 4.4 It does but not when the interface is added during runtime. Bgpd is missing the necessary hooks to get new interface addresses during runtime. This is an item on my todolist. The reason I asked is because for example I was testing configuration using loopback interface and when I reboot and I do not run bgpd I can ping the loopback interface no problem, however if I reboot and bgpd run I can still ping it, however it will time out regularly and sometime be dead for as much as a minutes in worst case and go up/down and the bgp sessions with the loopback interface will flap. Not always but sometime it does. I just find out by luck I guess when I work doing constant ping. if I stop bgpd, all goes normal and no lost packets what so ever, if I restart bgpd, then sessions come up, can stay up for a long time no problem, but ping time to time to the same loopback will fail and it will happened that some bgp sessions will flap. I don't recall have seen this on previous version of bgpd and the configuration stayed the same, just upgrade to 4.4. It's been running for a few months, but I see rare flaps and digging in it, that's what I found. So, I was curious as to if any loopback interface shouldn't be use with bgpd, witch I am pretty darn sure it can be done like any other bgp router. If I configure the sessions with the interface itself, it's good, if I configure sessions with the loopback, I could see time to time flap and ping fail to the loopback interface. Somewhat weird. Daniel
Re: Problems with ath wireless on 4.2
Dirk Mast wrote: Adam Retter wrote: Hi there I am hoping someone can help me with a weird wireless problem... I have a Soekris net4801 with an Atheros AR5212 mini-PCI card and OpenBSD 4.2 installed - I am trying to use the Soekris as an Access Point amongst other things. I setup the Atheros card with the hostname.ath0 file, containing - up inet 192.168.0.254 netmask 255.255.255.0 media autoselect mediaopt hostap mode 11a nwid MY_NET nwkey mykey12345678 Now from my laptop (192.168.0.251) I can see the MY_NET Wireless network and connect to it fine (excellent signal strength), however at a first glance I dont seem to be to send any data forwards or backwards?!? I cant ping either machine from the other. However route show on the Soekris does show an entry for the laptops 192.168.0.251 address so there must of been an interchange of arp traffic, and the arp table (arp -a) shows the laptops IP address and MAC address - ? (192.168.0.251) at 00:1b:77:a8:66:f4 on ath0 On the laptop (Windows XP), the arp table does have the Soekris IP in it but its marked as invalid - 192.168.0.254 00-00-00-00 invalid Now I dont understand how I can connect to the wireless network and have the arp tables on each machine know about the others IP addresses but yet am unable to send any tcp/ip traffic forwards and backwards. I have disabled pf with pfctl -d to test this as well, with no change in result. Is there some configuration I have missed to enable tcp/ip on the ath0 interface? or any suggestions about what the problem may be? Thanks AR5212 is not well supported in 4.2, try a newer OpenBSD version. Oh mixed it with AR2413, might not be the issue then... Anyway upgrading gives you WPA, which you'd surely want and some other fixes, too...
Re: Firewall 4.3 is limiting bandwidth
I'd try manually changing the interface media type just in case it's that. I've seen odd things happen if you have it autodetect compared to manually setting it to 100mbTX full duplex... (and vice versa) Then I'd look at cables, try switching out the network card for another, that sort of thing. ifconfig vr0 media 100baseTX mediaopt full-duplex Change vr0 to whatever your network card is. Also I'm assuming you're not using PPPOE - if you are try setting the maximum mtu size in your pf.conf file... scrub out on pppoe0 max-mss 1440 anyway - if it's neither of these then we'll need more info on what your set up is. A dmesg would also help. On 29 Jan 2009, at 05:21, numb3rs1x wrote: I've aalso tried the sysctl adjustment listed in the man pages. net.inet.tcp.sendspace: 65536 net.inet.tcp.recvspace=65536 That seemed to make it worse if anything. -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21721077.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Firewall 4.3 is limiting bandwidth
Sorry pppoe in that example should have been $pppoe and it should correspond to the interface you're using for pppoe and declared in the pf.conf file. It's in the man pages anyway. On 29 Jan 2009, at 10:06, Nick Ryan wrote: I'd try manually changing the interface media type just in case it's that. I've seen odd things happen if you have it autodetect compared to manually setting it to 100mbTX full duplex... (and vice versa) Then I'd look at cables, try switching out the network card for another, that sort of thing. ifconfig vr0 media 100baseTX mediaopt full-duplex Change vr0 to whatever your network card is. Also I'm assuming you're not using PPPOE - if you are try setting the maximum mtu size in your pf.conf file... scrub out on pppoe0 max-mss 1440 anyway - if it's neither of these then we'll need more info on what your set up is. A dmesg would also help. On 29 Jan 2009, at 05:21, numb3rs1x wrote: I've aalso tried the sysctl adjustment listed in the man pages. net.inet.tcp.sendspace: 65536 net.inet.tcp.recvspace=65536 That seemed to make it worse if anything. -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21721077.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
destroying vlan interfaces
Hi misc Has anyone had crashes when destroying vlan interfaces? I had two issues with the 4.4-current snap from 16. jan. When running ex: ifconfig vlan1804 destroy crash... unfortunately i havent got any kernel debugger output, but will setup conserver today and do a detailed error report if it happens again. Best regards Martin
Re: destroying vlan interfaces
On Thu, Jan 29, 2009 at 11:35:01AM +0100, Martin Hein wrote: Hi misc Has anyone had crashes when destroying vlan interfaces? I had two issues with the 4.4-current snap from 16. jan. When running ex: ifconfig vlan1804 destroy crash... unfortunately i havent got any kernel debugger output, but will setup conserver today and do a detailed error report if it happens again. And please thest a current snapshot some stuff may be already fixed by now. -- :wq Claudio
Re: Shouldn't loopback interface like hostname.lo1 show up in the bgpd fib table just like any other configured interfaces?
On 2009-01-29, Daniel Ouellet dan...@presscom.net wrote: The reason I asked is because for example I was testing configuration using loopback interface and when I reboot and I do not run bgpd I can ping the loopback interface no problem, however if I reboot and bgpd run I can still ping it, however it will time out regularly and sometime be dead for as much as a minutes in worst case and go up/down and the bgp sessions with the loopback interface will flap. Not always but sometime it does. I just find out by luck I guess when I work doing constant ping. if I stop bgpd, all goes normal and no lost packets what so ever, if I restart bgpd, then sessions come up, can stay up for a long time no problem, but ping time to time to the same loopback will fail and it will happened that some bgp sessions will flap. I don't recall have seen this on previous version of bgpd and the configuration stayed the same, just upgrade to 4.4. It's been running for a few months, but I see rare flaps and digging in it, that's what I found. So, I was curious as to if any loopback interface shouldn't be use with bgpd, witch I am pretty darn sure it can be done like any other bgp router. If I configure the sessions with the interface itself, it's good, if I configure sessions with the loopback, I could see time to time flap and ping fail to the loopback interface. I'm using a loopback address on lo1 on my routers, but I assign the loopback a /32 and distribute that into OSPF. I don't have a route covering the subnet holding those /32, and I route add -reject default 127.0.0.1, so if they're withdrawn from OSPF the route to the address goes away. I'm explicitly using these addresses as router-id in both bgpd and ospfd, and of course running the BGP sessions to (neighbour address) and from (local-address) those addresses. A loopback on the local router shows up like this in bgpctl sh fib: ... flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *4 195.95.187.1/32 195.95.187.1 ... and another router's loopback like this: ... * 32 195.95.187.3/32 195.95.187.243 (this is on -current; on 4.4 you won't have the priorities. prio 4 is connected, 32 is ospf, bgp would be 48).
Re: Problems with ath wireless on 4.2
Hmm the manual page doesnt metion AR2413 at all - http://www.openbsd.org/cgi-bin/man.cgi?query=athapropos=0sektion=0manpath=OpenBSD+4.4arch=i386format=html It also mentions that some WPA stuff is unsupported - is the manual page out of date? 2009/1/29 Dirk Mast condo...@gmail.com: Dirk Mast wrote: Adam Retter wrote: Hi there I am hoping someone can help me with a weird wireless problem... I have a Soekris net4801 with an Atheros AR5212 mini-PCI card and OpenBSD 4.2 installed - I am trying to use the Soekris as an Access Point amongst other things. I setup the Atheros card with the hostname.ath0 file, containing - up inet 192.168.0.254 netmask 255.255.255.0 media autoselect mediaopt hostap mode 11a nwid MY_NET nwkey mykey12345678 Now from my laptop (192.168.0.251) I can see the MY_NET Wireless network and connect to it fine (excellent signal strength), however at a first glance I dont seem to be to send any data forwards or backwards?!? I cant ping either machine from the other. However route show on the Soekris does show an entry for the laptops 192.168.0.251 address so there must of been an interchange of arp traffic, and the arp table (arp -a) shows the laptops IP address and MAC address - ? (192.168.0.251) at 00:1b:77:a8:66:f4 on ath0 On the laptop (Windows XP), the arp table does have the Soekris IP in it but its marked as invalid - 192.168.0.254 00-00-00-00 invalid Now I dont understand how I can connect to the wireless network and have the arp tables on each machine know about the others IP addresses but yet am unable to send any tcp/ip traffic forwards and backwards. I have disabled pf with pfctl -d to test this as well, with no change in result. Is there some configuration I have missed to enable tcp/ip on the ath0 interface? or any suggestions about what the problem may be? Thanks AR5212 is not well supported in 4.2, try a newer OpenBSD version. Oh mixed it with AR2413, might not be the issue then... Anyway upgrading gives you WPA, which you'd surely want and some other fixes, too... -- Adam Retter
tcpdump additions : paid work
Hi, We're interested in getting GTP protocol [1,2] support into OpenBSD's tcpdump, however there doesn't appear to be any upstream support for it [0]. So, if any of the devs are interested in paid work to add this then please drop me a line. This would ideally be someone with CVS write access, so that we're supporting the project more directly. Ethereal/wireshark, already has some support [4] so that could be of assistance, but appears to be GPL. The official protocol specs are freely available from [3] [0] http://github.com/mcr/tcpdump/tree/master [1] http://en.wikipedia.org/wiki/GPRS_Tunnelling_Protocol [2] http://en.wikipedia.org/wiki/GTP%27 [3] http://www.3gpp.org/ftp/Specs/ [4] http://anonsvn.wireshark.org/wireshark/trunk/epan/dissectors/packet-gtp.c /Pete
Re: Firefox and Abiword don't see my printer
2009/1/28 Antoine Jacoutot ajacou...@bsdfrog.org On Thu, 29 Jan 2009, Eugene Ryazanov wrote: Try to istall libgnomecups. AbiWord is a GNOME application. That has nothing to do with that. We don't even ship libgnomecups. Just print using 'Custom'. - lpr -Pfoobar where foobar is your CUPS printer name. -- Antoine I had to create the /var/spool/output/lpd directory as it didn't exist. I then had to chmod it to 777 as AbiWord complained about permissions. I have one printer on my home network. It is called 'HPLJ018'. I tried lpr -PHPLJ1018 but I got the messages: lpr: connect: No such file or directory jobs queued, but cannot start daemon. I'm clueless as to what this means. I also tried lpt -Psocket://192.168.1.1:9100/printers/HPLJ1018 but that gave me the error message lpr: socket://192.168.1.1:9100/printers/HPLJ1018: unknown printer I really appreciate you guys helping me out. Could you please tell me what I'm doing wrong? Kind regards
Re: Assigning group or effective group to processes
Lars Noodin wrote: I have a bunch of processes that I wish to kill, but which have the same name and owner as process I wish to leave running. ps, pgrep and pkill can select based on a process' gid or egid. How can gid or egid be set when starting a process from shell? sudo(8)?
Re: Correct way to enable aucat -l?
I've been launching aucat exactly the same way you are, including the test to see if it's already running. And of course it works just fine that way; my thinking was that since aucat is acting as a daemon, maybe I should be starting it somewhere other than in .xsession. IMO, thats best way to start it for now. This also allows to create the socket in a private directory (by using -s option and the exporting the AUDIODEVICE environment variable). I notice that the aucat process stays alive across sessions (which was why I added the pgrep test in my .xsession; during testing I saw I had 8 aucats running!); is this the expected behavior? somewhat ugly, but yes, that's the expected behaviour. Each aucat process will become the client of the previous one, because it doesn't check if there's already anoter process running. -- Alexandre Excellent, thank you for your response and for all your work on aucat! -- Joe Gidi j...@entropicblur.com
Re: Firefox and Abiword don't see my printer
On Thu, 29 Jan 2009, Shagbag OpenBSD wrote: 2009/1/28 Antoine Jacoutot ajacou...@bsdfrog.org On Thu, 29 Jan 2009, Eugene Ryazanov wrote: Try to istall libgnomecups. AbiWord is a GNOME application. That has nothing to do with that. We don't even ship libgnomecups. Just print using 'Custom'. - lpr -Pfoobar where foobar is your CUPS printer name. -- Antoine I had to create the /var/spool/output/lpd directory as it didn't exist. I then had to chmod it to 777 as AbiWord complained about permissions. I have one printer on my home network. It is called 'HPLJ018'. I tried lpr -PHPLJ1018 but I got the messages: lpr: connect: No such file or directory jobs queued, but cannot start daemon. I'm clueless as to what this means. I also tried lpt -Psocket://192.168.1.1:9100/printers/HPLJ1018 but that gave me the error message lpr: socket://192.168.1.1:9100/printers/HPLJ1018: unknown printer I really appreciate you guys helping me out. Could you please tell me what I'm doing wrong? Did you run the cups-enable script after installing the cups package? -- Antoine
Re: Firefox and Abiword don't see my printer
2009/1/29 Antoine Jacoutot ajacou...@bsdfrog.org On Thu, 29 Jan 2009, Shagbag OpenBSD wrote: 2009/1/28 Antoine Jacoutot ajacou...@bsdfrog.org On Thu, 29 Jan 2009, Eugene Ryazanov wrote: Try to istall libgnomecups. AbiWord is a GNOME application. That has nothing to do with that. We don't even ship libgnomecups. Just print using 'Custom'. - lpr -Pfoobar where foobar is your CUPS printer name. -- Antoine I had to create the /var/spool/output/lpd directory as it didn't exist. I then had to chmod it to 777 as AbiWord complained about permissions. I have one printer on my home network. It is called 'HPLJ018'. I tried lpr -PHPLJ1018 but I got the messages: lpr: connect: No such file or directory jobs queued, but cannot start daemon. I'm clueless as to what this means. I also tried lpt -Psocket://192.168.1.1:9100/printers/HPLJ1018 but that gave me the error message lpr: socket://192.168.1.1:9100/printers/HPLJ1018: unknown printer I really appreciate you guys helping me out. Could you please tell me what I'm doing wrong? Did you run the cups-enable script after installing the cups package? -- Antoine No. That's fixed it. I can now print with 'lpr -PHPLJ1018'. Thanks. It's a mystery to me, however, why AbiWord doesn't see my printer by default while Firefox does.
PCmanFM 0.3.5.10 - how do I associate file types with applications?
I'm using PCmanFM 0.3.5.10 on top of Openbox 3.4.7.2 (I'm trying to run a minimalist system). Currently, when I right-click on a .png or .jpg file in PCmanFM I get an option open with open with another program. I would like it to show open with GQview since I use GQview to view images. I believe the solution has something to do with associating MIME-types to applications (I could be wrong about this), but I don't know the first thing about how to do it. I've googled and googled but haven't found the solution. The PCmanFM homepage doesn't give any guidance either. Can anyone please help me with my dilemma? Kind regards
Re: Fujitsu-siemens machine freezes
BOG BOG wrote: I have followed your suggestions regarding -current. amd64 -current (GENERIC.MP) does no longer hangs when trying to detach re0, but now, \ re0 is sometimes detected correctly and sometimes not: no. main controller itself works in both shown cases. there is something wrong with PHY and you need to find out a way to make this issue reproducible. I give the messages in both cases: Failure: re0 an pci2 dev0 function 0 Realtek 8168 rev 0x02: RTL8168C/8111C (0x3c00), apic2 \ int 16 (irq 11), address 00:19:99:54:31:7f re0: PHY write failed re0: PHY write failed re0: no PHY found! re0: reset never completed! re0 detached Success: re0 an pci2 dev0 function 0 Realtek 8168 rev 0x02: RTL8168C/8111C (0x3c00), apic2 \ int 16 (irq 11), address 00:19:99:54:31:7f rgephy0 at re0 phy 7: RTL8169S/8110S PHY, \ rev. 2 the controller is: 10/100/1000 MBit/s Realtek RTL8111C, so i think the kernel \ sometimes initializes the controller with a driver and sometimes with a 'close enough \ driver', and in the later case it works. Alexey
Re: OpenBGPD Flaps, 32bit ASn in the wild.
Hi, On Sat, 10.01.2009 at 12:11:03 -0600, tico t...@raapid.net wrote: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bgpd/rde.c looking at CVS, it seems that multiple patches are needed, right? And we get the joy of threading them together ourselves, understanding OpenBGPd's code in the process... maybe. Kind regards, --Toni++
Re: Firefox and Abiword don't see my printer
On Thu, 29 Jan 2009, Shagbag OpenBSD wrote: No. That's fixed it. I can now print with 'lpr -PHPLJ1018'. Thanks. It's a mystery to me, however, why AbiWord doesn't see my printer by default while Firefox does. Firefox most probably uses gtkprint. As for Abiword, I don't know, but our version is old. I have an update here, but it is not quite ready yet. Cheers! -- Antoine
Re: Assigning group or effective group to processes
On Thu, Jan 29, 2009 at 01:59:55PM +0100, Alexander Hall wrote: Lars Noodin wrote: I have a bunch of processes that I wish to kill, but which have the same name and owner as process I wish to leave running. ps, pgrep and pkill can select based on a process' gid or egid. How can gid or egid be set when starting a process from shell? sudo(8)? chroot might be easier: # chroot -g nobody,wsrc -u bin / /usr/bin/id uid=3(bin) gid=32767(nobody) groups=32767(nobody), 9(wsrc) -- Janusz Gumkowski http://www.am.torun.pl/~ja
Re: Firefox and Abiword don't see my printer
As I can see on my openSUSE installation, AbiWord requires libgnomeprint and libgnomeprint requires libgnomecups. You can try x11/gnome/libgnomecups/ and x11/gnome/libgnomeprint ports.
Re: pf: how to set per-rule options?
Hi Henning, On Mon, 22.12.2008 at 21:41:18 +0100, Henning Brauer lists-open...@bsws.de wrote: scrub in $somewhere from $foo to $bar max-mss 1400 is perfectly valid. thanks for the example! -- Kind regards, --Toni++
Re: OpenBGPD Flaps, 32bit ASn in the wild.
Hi, On Thu, 29.01.2009 at 14:47:30 +0100, Toni Mueller openbsd-m...@oeko.net wrote: And we get the joy of threading them together ourselves, understanding OpenBGPd's code in the process... maybe. can I just plug in a bgpd from -current into a 4.4, or preferably 4.3 system, assuming that I compile the code from source? Or did any kernel structures or system calls change that would cause problems? Overall, the code from -current looks like having been much improved, but unfortunately, just swapping out the box is currently not an attractive option (despite having capable standby hardware). TIA! -- Kind regards, --Toni++
Re: Firefox and Abiword don't see my printer
2009/1/29 Eugene Ryazanov kat...@gmail.com: As I can see on my openSUSE installation, AbiWord requires libgnomeprint and libgnomeprint requires libgnomecups. You can try x11/gnome/libgnomecups/ and x11/gnome/libgnomeprint ports. x11/gnome/libgnomecups is marked broken... -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: Sendmail: new one on me..
Thanks for the reply! So this sounds like MY server talking to dell's server, attempting to use TLS in the transfer, and the certificate fails. The message still gets sent (though I imagine unencrypted, which is fine) -- correct? There was no error output, that was the closest thing to an error... I still have not received the quote from Dell, so it seems reasonable to conclude the problem is on their end -- correct? My Server is functioning normally? I appreciate the help. Quoting Jason George li...@masterplan.org: Hi everyone. I have been using sendmail on my open BSD server for some time now. I am using smtpvilter with clamwin and spam assassin. I am using TLS with a self-signed certificate. I haven't had an issue for 2 years... then suddenly I get this: sm-mta[23903]: STARTTLS=client, relay=smtp.ins.dell.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 28 17:58:29 mx1 imapd[21971]: I am getting this when our dell rep is trying to send me a quote. I receive all of his other email just fine -- but when he sends a quote I get the error above. I do not understand why TLS even comes into play here, because he is not relaying off of my server (at least, he shouldn't be). Is this a misconfiguration on their end -- or mine? I've been good for 2 years, so I can't beleive it is something I did or did not do... Can someone help? Thanks. There is nothing wrong with your configuration. That particular Dell mail server is talking to your mail server in that particular way (TLS/SSL) with a self-signed certificate. It simply means that the conversation is encrypted by that the verification of the communication partner cannot be validated with a certificate authority. You are mis-reading the log message. http://www.sendmail.org/~ca/email/starttls.html Here is an outbound email from one of my servers... Jan 28 08:46:47 chromatic sm-mta[18018]: STARTTLS=client, relay=meleagros.siemens.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 And one inbound... Jan 28 09:36:21 chromatic sm-mta[18298]: STARTTLS=server, relay=tdwems06x08.thindata.net [64.34.54.224], version=TLSv1/SSLv3, verify=NO, cipher=DHE-DSS-AES256-SHA, bits=256/256 The relay is simply the the partner in the transaction. -- Reduce spam! Please send emails directly to an email address only from your trusted email service -- Please do not enter a friend's email address on any web site (such as tagged, any e-card, or anything similar to mail to a friend). Respectable sites will not ask you for your friend's and family's email addresses.
Re: Sendmail: new one on me..
Wait... I get it now. I did some more reading. The dell server is trying to send the message to my server encrypted, it gets to my server, my server has a self-signed certificate and because of this, the transaction fails. According to what I'm reading here (http://www.ietf.org/rfc/rfc2487.txt and http://www.sendmail.org/~ca/email/starttls.html), if I had my certificate signed, the two servers would have been able to negotiate a connection, and it would probably go through. So I am not misconfigured, I'm just not set up to receive this sort of communication... Quoting Chris Ditri groove...@brokensolstice.com: Thanks for the reply! So this sounds like MY server talking to dell's server, attempting to use TLS in the transfer, and the certificate fails. The message still gets sent (though I imagine unencrypted, which is fine) -- correct? There was no error output, that was the closest thing to an error... I still have not received the quote from Dell, so it seems reasonable to conclude the problem is on their end -- correct? My Server is functioning normally? I appreciate the help. Quoting Jason George li...@masterplan.org: Hi everyone. I have been using sendmail on my open BSD server for some time now. I am using smtpvilter with clamwin and spam assassin. I am using TLS with a self-signed certificate. I haven't had an issue for 2 years... then suddenly I get this: sm-mta[23903]: STARTTLS=client, relay=smtp.ins.dell.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 28 17:58:29 mx1 imapd[21971]: I am getting this when our dell rep is trying to send me a quote. I receive all of his other email just fine -- but when he sends a quote I get the error above. I do not understand why TLS even comes into play here, because he is not relaying off of my server (at least, he shouldn't be). Is this a misconfiguration on their end -- or mine? I've been good for 2 years, so I can't beleive it is something I did or did not do... Can someone help? Thanks. There is nothing wrong with your configuration. That particular Dell mail server is talking to your mail server in that particular way (TLS/SSL) with a self-signed certificate. It simply means that the conversation is encrypted by that the verification of the communication partner cannot be validated with a certificate authority. You are mis-reading the log message. http://www.sendmail.org/~ca/email/starttls.html Here is an outbound email from one of my servers... Jan 28 08:46:47 chromatic sm-mta[18018]: STARTTLS=client, relay=meleagros.siemens.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 And one inbound... Jan 28 09:36:21 chromatic sm-mta[18298]: STARTTLS=server, relay=tdwems06x08.thindata.net [64.34.54.224], version=TLSv1/SSLv3, verify=NO, cipher=DHE-DSS-AES256-SHA, bits=256/256 The relay is simply the the partner in the transaction. -- Reduce spam! Please send emails directly to an email address only from your trusted email service -- Please do not enter a friend's email address on any web site (such as tagged, any e-card, or anything similar to mail to a friend). Respectable sites will not ask you for your friend's and family's email addresses. -- Reduce spam! Please send emails directly to an email address only from your trusted email service -- Please do not enter a friend's email address on any web site (such as tagged, any e-card, or anything similar to mail to a friend). Respectable sites will not ask you for your friend's and family's email addresses.
Re: Firefox and Abiword don't see my printer
On Thu, 29 Jan 2009, Eugene Ryazanov wrote: As I can see on my openSUSE installation, AbiWord requires libgnomeprint and libgnomeprint requires libgnomecups. You can try x11/gnome/libgnomecups/ and x11/gnome/libgnomeprint ports. Once again, we do *not* ship libgnomecups. Cheers! -- Antoine
Re: Sendmail: new one on me..
On Thu, Jan 29, 2009 at 09:57:26AM -0500, Chris Ditri wrote: Wait... I get it now. I did some more reading. The dell server is trying to send the message to my server encrypted, it gets to my The part of the log you pasted was an outgoing connection from your server. If it was incoming, then you would see STARTTLS=server. You're barking up the wrong tree. The only relevance that snippet may have is that something was sent to Dell's server (possible bounce, virus warning, etc). server, my server has a self-signed certificate and because of this, the transaction fails. According to what I'm reading here (http://www.ietf.org/rfc/rfc2487.txt and http://www.sendmail.org/~ca/email/starttls.html), if I had my certificate signed, the two servers would have been able to negotiate a connection, and it would probably go through. There hasn't been any indication that the message didn't go through. The certificate that failed verification was Dell's, not yours. Either you don't have a proper chain of trust setup, or Dell is using a certificate in which you do not have the signer's public certificate (self-signed, oddball unpopular company, etc). So I am not misconfigured, I'm just not set up to receive this sort of communication... Failing the certificate verification won't necessarily prevent the encryption or the delivery. It's just an indicator that you shouldn't place any trust the communication channel. You can configure sendmail not to even bother trying to verify via the access map or the configuration file. An example for the access map. This will enable verification for hosts that resolve to 'my.domain', but not for anyone else. Note that it will not prevent delivery should the certificates in 'my.domain' fail verification. Srv_Features:my.domainv Srv_Features: V If you think you're having an issue with STARTTLS when communication with Dell (which you haven't shown any indication of), then you can also do something like this in the access map to disable it. Try_TLS:smtp.ins.dell.com NO Try_TLS:smtp2.ins.dell.comNO Most of this is covered in /usr/share/sendmail/README.
Re: Sendmail: new one on me..
On Thu, Jan 29, 2009 at 09:57:26AM -0500, Chris Ditri wrote: So I am not misconfigured, I'm just not set up to receive this sort of communication... Snippet from your own message headers. Received: from mx1.brokensolstice.com (h-72-245-233-170.sfldmidn.covad.net [72.245.233.170]) by shear.ucar.edu (8.14.3/8.14.3) with ESMTP id n0TEvXXr014459 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=FAIL) for misc@openbsd.org; Thu, 29 Jan 2009 07:57:34 -0700 (MST) As you can see, verify=FAIL when your server was communicating with the list server. It neither stopped delivery of your message, or prevented it from being encrypted. If you know the recipient or sender address, then you should be able to find the info you're looking for. Just use grep to search your sendmail logs. Once you find a related bit, you can track the related log pieces using the message ID. If that comes up blank, then you could start looking for other information like Dell's SPF records (host -t txt dell.com), or spamd and other filters.
Re: OpenBGPD Flaps, 32bit ASn in the wild.
On Thu, Jan 29, 2009 at 03:28:14PM +0100, Toni Mueller wrote: Hi, On Thu, 29.01.2009 at 14:47:30 +0100, Toni Mueller openbsd-m...@oeko.net wrote: And we get the joy of threading them together ourselves, understanding OpenBGPd's code in the process... maybe. can I just plug in a bgpd from -current into a 4.4, or preferably 4.3 system, assuming that I compile the code from source? Or did any kernel structures or system calls change that would cause problems? Overall, the code from -current looks like having been much improved, but unfortunately, just swapping out the box is currently not an attractive option (despite having capable standby hardware). Will most probably not work. The -current bgpd has a reworked kroute.c that needs a -current kernel. -- :wq Claudio
Bug OpenBGPD, IPv6 peer gets cleared, never gets up again
Hi, I found a bug while working on a route server implementation based on OpenBGPD. I have a IPv6 session from OpenBGPD 4.4 (on OpenBSD 4.4, routeertnix) to Quagga 0.99.5 (laborantix). I have multiple IPv4 peers, and multiple IPv6 peers in the setup. When I start the BGP daemon, everything starts up nicely. All sessions come up. When I clear a IPv6 peering session, the connection shifts to the Idle state. When I look in the log, I can see it connect and establish a connection, but break as soon as a mistery update gets send out. While looking in to the problem, we found out that OpenBGPD sends a empty UPDATE, on which quagga responds by terminating the process. The /var/log/daemon log shows the following: Jan 29 16:07:39 routeertnix bgpd[31121]: neighbor 2001:db8:1::a506:5502:1 (laborantix ipv6): state change Idle - Connect, reason: Start Jan 29 16:07:39 routeertnix bgpd[31121]: neighbor 2001:db8:1::a506:5502:1 (laborantix ipv6): state change Connect - OpenSent, reason: Connection opened Jan 29 16:07:39 routeertnix bgpd[31121]: neighbor 2001:db8:1::a506:5502:1 (laborantix ipv6): state change OpenSent - OpenConfirm, reason: OPEN message received Jan 29 16:07:39 routeertnix bgpd[31121]: neighbor 2001:db8:1::a506:5502:1 (laborantix ipv6): state change OpenConfirm - Established, reason: KEEPALIVE message received Jan 29 16:07:40 routeertnix bgpd[16710]: neighbor 2001:db8:1::a506:5502:1 (laborantix ipv6) AS65502: update 2001:db8:97::/64 via 2001:db8:1::a506:5502:1 Jan 29 16:07:40 routeertnix bgpd[25774]: nexthop 2001:db8:1::a506:5502:1 now valid: directly connected Jan 29 16:07:40 routeertnix bgpd[31121]: neighbor 2001:db8:1::a506:5502:1 (laborantix ipv6): received notification: error in UPDATE message, network unacceptable Jan 29 16:07:40 routeertnix bgpd[31121]: neighbor 2001:db8:1::a506:5502:1 (laborantix ipv6): state change Established - Idle, reason: NOTIFICATION received While doing a tcpdump we found the following packets leading to a NOTIFICATION. As you can see, frame 19 is an empty UPDATE packet. Frame 18 (167 bytes on wire, 167 bytes captured) Arrival Time: Jan 29, 2009 15:54:28.184019000 [Time delta from previous packet: 0.807505000 seconds] [Time since reference or first frame: 1.009967000 seconds] Frame Number: 18 Packet Length: 167 bytes Capture Length: 167 bytes [Frame is marked: False] [Protocols in frame: eth:ipv6:tcp:bgp] Ethernet II, Src: 00:06:5b:8d:1a:ec (00:06:5b:8d:1a:ec), Dst: 00:06:5b:8d:1a:c2 (00:06:5b:8d:1a:c2) Destination: 00:06:5b:8d:1a:c2 (00:06:5b:8d:1a:c2) Address: 00:06:5b:8d:1a:c2 (00:06:5b:8d:1a:c2) ...0 = IG bit: Individual address (unicast) ..0. = LG bit: Globally unique address (factory default) Source: 00:06:5b:8d:1a:ec (00:06:5b:8d:1a:ec) Address: 00:06:5b:8d:1a:ec (00:06:5b:8d:1a:ec) ...0 = IG bit: Individual address (unicast) ..0. = LG bit: Globally unique address (factory default) Type: IPv6 (0x86dd) Internet Protocol Version 6 Version: 6 Traffic class: 0x00 Flowlabel: 0x0 Payload length: 113 Next header: TCP (0x06) Hop limit: 1 Source address: 2001:db8:1::a506:5502:1 (2001:db8:1::a506:5502:1) Destination address: 2001:db8:1::a500:6777:1 (2001:db8:1::a500:6777:1) Transmission Control Protocol, Src Port: 179 (179), Dst Port: 10379 (10379), Seq: 84, Ack: 229, Len: 81 Source port: 179 (179) Destination port: 10379 (10379) Sequence number: 84(relative sequence number) [Next sequence number: 165(relative sequence number)] Acknowledgement number: 229(relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... = Congestion Window Reduced (CWR): Not set .0.. = ECN-Echo: Not set ..0. = Urgent: Not set ...1 = Acknowledgment: Set 1... = Push: Set .0.. = Reset: Not set ..0. = Syn: Not set ...0 = Fin: Not set Window size: 5712 Checksum: 0x626e [incorrect, should be 0xc328 (maybe caused by checksum offloading?)] Options: (12 bytes) NOP NOP Timestamps: TSval 2877490800, TSecr 257498766 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 17] [The RTT to ACK the segment was: 0.807505000 seconds] Border Gateway Protocol UPDATE Message Marker: 16 bytes Length: 81 bytes Type: UPDATE Message (2) Unfeasible routes length: 0 bytes Total path attribute length: 58 bytes Path attributes ORIGIN: IGP (4 bytes) Flags: 0x40 (Well-known, Transitive, Complete) 0... = Well-known .1.. = Transitive ..0. = Complete ...0 = Regular length Type code: ORIGIN (1)
problema con vmware sobre freebsd 7.1
saludos,B Tengo un problema con lo cual ya llevo varios dias, actualice mi sistema a freebsd 7.1R y he instalado vmware3 sin problema alguno con linux_base-f8-8_10, lo que pasa es que cuando ejecuto vmware me sale:# vmware Setting TMPDIR=/var/tmp. # XIO: fatal IO error 0 (Success) on X server :0.0 B after 3 requests (0 known processed) with 0 events remaining. he visto que XIO: fatal IO error 0 es un error comun en emuladores pero no he dado con una solucion, pero para encontrar este error me gustaria saber a que se debe? quien lo causo y porque motivo?... agradeceria mucho me puedan alcanzar cualquier informacion que a ustedes les pueda surgir. De antemano muchas gracias.
Re: OpenBGPD Flaps, 32bit ASn in the wild.
On 2009-01-29, Toni Mueller openbsd-m...@oeko.net wrote:
Hi,
On Sat, 10.01.2009 at 12:11:03 -0600, tico t...@raapid.net wrote:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bgpd/rde.c
looking at CVS, it seems that multiple patches are needed, right?
And we get the joy of threading them together ourselves, understanding
OpenBGPd's code in the process... maybe.
This should work, but I run -current everywhere, I have no 4.4 boxes
to test it on.
Incidentally this looks like the same approach suggested by the
draft RFC4893bis
Index: rde.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.232
diff -u -p -r1.232 rde.c
--- rde.c 15 Jun 2008 10:03:46 - 1.232
+++ rde.c 29 Jan 2009 16:51:04 -
@@ -1,4 +1,4 @@
-/* $OpenBSD: rde.c,v 1.232 2008/06/15 10:03:46 claudio Exp $ */
+/* $OpenBSD: rde.c,v 1.234 2008/12/28 15:19:21 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer henn...@openbsd.org
@@ -797,8 +797,10 @@ rde_update_dispatch(struct imsg *imsg)
/*
* if either ATTR_NEW_AGGREGATOR or ATTR_NEW_ASPATH is present
* try to fixup the attributes.
+* XXX do not fixup if F_ATTR_LOOP is set.
*/
- if (asp-flags F_ATTR_AS4BYTE_NEW)
+ if (asp-flags F_ATTR_AS4BYTE_NEW
+ !(asp-flags F_ATTR_LOOP))
rde_as4byte_fixup(peer, asp);
/* enforce remote AS if requested */
@@ -1347,10 +1349,17 @@ bad_flags:
ATTR_PARTIAL))
goto bad_flags;
if (aspath_verify(p, attr_len, 1) != 0) {
- /* XXX draft does not specify how to handle errors */
- rde_update_err(peer, ERR_UPDATE, ERR_UPD_ASPATH,
- NULL, 0);
- return (-1);
+ /*
+* XXX
+* XXX RFC does not specify how to handle errors.
+* XXX Instead of dropping the session because of a
+* XXX bad path just mark the full update as not
+* XXX loop-free the update is no longer eligible and
+* XXX will not be considered for routing or
+* XXX redistribution. Something better is needed.
+*/
+ a-flags |= F_ATTR_LOOP;
+ goto optattr;
}
a-flags |= F_ATTR_AS4BYTE_NEW;
goto optattr;
Re: ftp-proxy on a nat firewall
On Fri, Jan 23, 2009 at 3:06 PM, (private) HKS hks.priv...@gmail.com wrote:
On Fri, Jan 23, 2009 at 8:49 AM, Daniel A. Ramaley
daniel.rama...@drake.edu wrote:
I've gotten a couple of off-list replies with suggestions to try. I
greatly appreciate any ideas, but still have not had any luck so far.
I've trimmed my ruleset and adjust some of it to be more permissive.
Any ideas as to why ftp-proxy still doesn't work?
ext_if = vr0
int_if = fxp0
icmp_types = { echoreq, unreach }
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# packet hygiene
scrub in all fragment reassemble
# nat
nat on $ext_if from !($ext_if) - ($ext_if)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
# filter rules
#block in all
#block quick inet6 all
anchor ftp-proxy/*
pass out keep state
pass out quick proto tcp from lo to any port ftp
pass in inet proto icmp all icmp-type $icmp_types keep state
#pass from !($ext_if) to any keep state
pass from any to any keep state
Running ftp-proxy with the args -r -d -D 6, can you do a packet
capture when you run ls? You'll want to find all packets that involve
the internal host, and all packets that involve your external
destination, so you'll probably need to do two separate captures. This
should at least give an idea of what's breaking.
Something is definitely amiss. Does anybody have a working
nat/ftp-proxy setup with 4.4? If so, can you post your rules and
ftp-proxy flags?
My 4.3 router is working fine, but when I try this on 4.4 I get some
very weird behavior. The anchor rules and such are all inserted
correctly and ftp-proxy -vv logs the following (munged for clarity)
repeatedly until I kill the connection or it times out:
11:42:32.540840 rule 331.19328.1.0/(match) pass in on $ext_if:
$server.20 $client_private.1830: S 67547520:67547520(0) win 16384
mss 1460,nop,nop,sackOK,nop,wscale 0,[|tcp] (DF)
11:42:32.540892 rule 331.19328.1.1/(match) pass out on $int_if:
$server.20 $client_private.1830: S 67547520:67547520(0) win 16384
mss 1460,nop,nop,sackOK,nop,wscale 0,[|tcp] (DF)
11:42:32.540911 rule 331/(match) pass out on $ext_if: $ext_ip
$server: icmp: host $ext_ip unreachable
The second log entry refers to traffic that was supposedly passed, but
my packet sniffer on $int_if never saw it (I tested with tcpdump
filters 'host $client_private' and 'host $server'). The anchor
information is in there:
# pfctl -a ftp-proxy/19328.1 -s rules
pass in log (all) quick inet proto tcp from $server to $client_private
port = 1830 flags S/SA keep state (max 1) rtable 0
pass out log (all) quick inet proto tcp from $server to
$client_private port = 1830 flags S/SA keep state (max 1) rtable 0
# pfctl -a ftp-proxy/19328.1 -s nat
nat inet proto tcp from $server to $client_private port = 1830 rtable
0 - 129.128.5.191 port 20
rdr inet proto tcp from $server to $ext_ip port = 63607 rtable 0 -
10.2.0.13 port 1830
The only block in pf.conf is a block all at the top. Aside from a
bunch of other pass statements, it looks very similar to what Daniel
posted before.
Running ftp-proxy with: ftp-proxy -r -dvvD 7
Can anyone else replicate this?
-HKS
Re: OpenBGPD Flaps, 32bit ASn in the wild.
Hi Stuart, On Thu, 29.01.2009 at 16:52:55 +, Stuart Henderson s...@spacehopper.org wrote: This should work, but I run -current everywhere, I have no 4.4 boxes to test it on. thanks! I'll try that first, although I hoped to also bag the other improvements while I'm at it. Incidentally this looks like the same approach suggested by the draft RFC4893bis I should dig this one up. In any case, the patch looks much like the minimal patch that Claudio floated on the list in December. Can someone please promote it to errata? -- Kind regards, --Toni++
Re: Firewall 4.3 is limiting bandwidth
Thanks for the response. I did manually change the media type last night from half to full. It was set to auto, and the switch port to which it was connected was set to full, but for some reason it went to half. After I changed the duplex, I didn't see any improvement. This morning I came in, and although I know I've done this before, I tried switching the port and the cable, and it immediately improved. This will have to be chalked to either the cable or the port, although I've never seen it happen that a cable would not drop packets or log errors and still cause be limitations? The port is new, and there is no QoS or anything else I can detect that might have caused something like this. I'm glad it's fixed though. It was driving me nuts. Nick Ryan wrote: Sorry pppoe in that example should have been $pppoe and it should correspond to the interface you're using for pppoe and declared in the pf.conf file. It's in the man pages anyway. On 29 Jan 2009, at 10:06, Nick Ryan wrote: I'd try manually changing the interface media type just in case it's that. I've seen odd things happen if you have it autodetect compared to manually setting it to 100mbTX full duplex... (and vice versa) Then I'd look at cables, try switching out the network card for another, that sort of thing. ifconfig vr0 media 100baseTX mediaopt full-duplex Change vr0 to whatever your network card is. Also I'm assuming you're not using PPPOE - if you are try setting the maximum mtu size in your pf.conf file... scrub out on pppoe0 max-mss 1440 anyway - if it's neither of these then we'll need more info on what your set up is. A dmesg would also help. On 29 Jan 2009, at 05:21, numb3rs1x wrote: I've aalso tried the sysctl adjustment listed in the man pages. net.inet.tcp.sendspace: 65536 net.inet.tcp.recvspace=65536 That seemed to make it worse if anything. -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21721077.html Sent from the openbsd user - misc mailing list archive at Nabble.com. -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21731315.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBGPD Flaps, 32bit ASn in the wild.
Hi Claudio, On Thu, 29.01.2009 at 17:13:32 +0100, Claudio Jeker cje...@diehard.n-r-g.com wrote: Will most probably not work. The -current bgpd has a reworked kroute.c that needs a -current kernel. thanks for confirming my doubts. Now I can try to find out whether the changes in kroute.c are sufficiently isolated from the rest... Btw, I've just rebuilt bgpd with code tagged OPENBSD_4_3_BASE, but the checksum is different from that in the distribution. The difference shown with cmp -l is way too large to be just a different timestamp and/or what(1) info. Now I'm a bit scared... -- Kind regards, --Toni++
Re: Bug OpenBGPD, IPv6 peer gets cleared, never gets up again
Arnoud Vermeer wrote: Hi, I found a bug while working on a route server implementation based on OpenBGPD. I have a IPv6 session from OpenBGPD 4.4 (on OpenBSD 4.4, routeertnix) to Quagga 0.99.5 (laborantix). Hello Arnoud, I'm running a native IPv6 session from OpenBGPD 4.4 to a Foundry of some sort operated by my transit, so my experience below is not a duplicate of your test, but I've included it for whatever it's worth. I have multiple IPv4 peers, and multiple IPv6 peers in the setup. When I start the BGP daemon, everything starts up nicely. All sessions come up. Same here. When I clear a IPv6 peering session, the connection shifts to the Idle state. When I look in the log, I can see it connect and establish a connection, but break as soon as a mistery update gets send out. snip Here is where I don't match your experience: $ bgpctl sho nei 2001:470:1:53::1 BGP neighbor is 2001:470:1:53::1, remote AS 6939 Description: Hurricane_rtr0_v6 BGP version 4, remote router-id 216.218.252.162 BGP state = Established, up for 04w3d02h Last read 00:00:10, holdtime 90s, keepalive interval 30s Neighbor capabilities: Multiprotocol extensions: IPv6 Unicast Route Refresh Message statistics: Sent Received Opens1 1 Notifications0 0 Updates 1 109606 Keepalives 86391 72742 Route Refresh1 0 Total86394 182349 Update statistics: Sent Received Updates 1 99044 Withdraws0 22196 Local host: 2001:470:1:53::2, Local port:179 Remote host: 2001:470:1:53::1, Remote port: 8028 $ bgpctl nei 2001:470:1:53::1 clear request processed $ bgpctl sho nei 2001:470:1:53::1 BGP neighbor is 2001:470:1:53::1, remote AS 6939 Description: Hurricane_rtr0_v6 BGP version 4, remote router-id 216.218.252.162 BGP state = Idle, down for 00:00:03 Last read 00:00:04, holdtime 240s, keepalive interval 80s Message statistics: Sent Received Opens1 1 Notifications1 0 Updates 1 109632 Keepalives 86391 72742 Route Refresh1 0 Total86395 182375 Update statistics: Sent Received Updates 0 0 Withdraws0 0 Last error: Cease $ bgpctl sho nei 2001:470:1:53::1 BGP neighbor is 2001:470:1:53::1, remote AS 6939 Description: Hurricane_rtr0_v6 BGP version 4, remote router-id 216.218.252.162 BGP state = Active, down for 00:00:09 Last read 00:00:10, holdtime 240s, keepalive interval 80s Message statistics: Sent Received Opens1 1 Notifications1 0 Updates 1 109632 Keepalives 86391 72742 Route Refresh1 0 Total86395 182375 Update statistics: Sent Received Updates 0 0 Withdraws0 0 Local host: 2001:470:1:53::2, Local port:179 Remote host: 2001:470:1:53::1, Remote port: 8028 $ bgpctl sho nei 2001:470:1:53::1 BGP neighbor is 2001:470:1:53::1, remote AS 6939 Description: Hurricane_rtr0_v6 BGP version 4, remote router-id 216.218.252.162 BGP state = Established, up for 00:00:08 Last read 00:00:08, holdtime 90s, keepalive interval 30s Neighbor capabilities: Multiprotocol extensions: IPv6 Unicast Route Refresh Message statistics: Sent Received Opens2 2 Notifications1 0 Updates 2 110178 Keepalives 86392 72743 Route Refresh1 0 Total86398 182923 Update statistics: Sent Received Updates 1731 Withdraws0 0 Local host: 2001:470:1:53::2, Local port:179 Remote host: 2001:470:1:53::1, Remote port: 8119 $ uname -a OpenBSD earth.raapid.net 4.4 GENERIC#1021 i386 $ bgpctl sho rib mem RDE memory statistics 272868 IPv4 network entries using 8.3M of memory 1566 IPv6 network entries using 67.3K of memory 275328 prefix entries using 8.4M of memory 47567 BGP path attribute entries using 3.6M of memory 43683 BGP AS-PATH attribute entries using 1.6M of memory, and holding 47567 references 4696 BGP attributes entries using 110K of memory and holding 9090 references 4695 BGP attributes using 36.7K of memory RIB using 22.2M of memory When the NOTIFICATION is received, the peer is set back to the state Idle, where the process starts again. The only way to break the cicle is to restart the entire OpenBGPD daemon. The only time
Re: Bug OpenBGPD, IPv6 peer gets cleared, never gets up again
* tico tico-o...@raapid.net [2009-01-29 18:53]: The only time I've had a session get hung down is once or twice when running 4.3 and having made several bgpd.conf changes and issuing bgpctl reload several times -- I believe it was regarding changing an MD5 secret but I can't remember for sure. Either way, I eventually restarted bgpd at that time and the sessions came right up, and I haven't seen that behavior occur again after I upgraded to 4.4, but YMMV. it is still there. I just reproduced and found the root cause two days ago. there is a bug in the ipsec stack (that handles tcpmd5 on openbsd), it is not in bgpd. basically, removing the SAs and re-adding them quickly - as bgpd does when going through idle - fails the re-addition. it is beeing looked into. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: OpenBGPD Flaps, 32bit ASn in the wild.
On Thu, Jan 29, 2009 at 04:52:55PM +, Stuart Henderson wrote: On 2009-01-29, Toni Mueller openbsd-m...@oeko.net wrote: Hi, On Sat, 10.01.2009 at 12:11:03 -0600, tico t...@raapid.net wrote: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bgpd/rde.c looking at CVS, it seems that multiple patches are needed, right? And we get the joy of threading them together ourselves, understanding OpenBGPd's code in the process... maybe. This should work, but I run -current everywhere, I have no 4.4 boxes to test it on. Incidentally this looks like the same approach suggested by the draft RFC4893bis I just glanced over it and I'm very unhappy with the direction they're taking. It is not what we do and IMO trying to fiddle out bad path attributes and still use the crippled rest smells like routing loops comming soon to a network near you. Bad prefixes should not get redistributed this will also ensure that only the originator of the problem is affected. -- :wq Claudio
Re: Assigning group or effective group to processes
On Wed, Jan 28, 2009 at 2:44 AM, Lars Noodin larsnoo...@openoffice.org wrote: I have a bunch of processes that I wish to kill, but which have the same name and owner as process I wish to leave running. ps, pgrep and pkill can select based on a process' gid or egid. How can gid or egid be set when starting a process from shell? The command you're looking for is 'newgrp'...which OpenBSD doesn't currently have. sudo is probably the most direct workaround for now. Philip Guenther
Re: OpenBGPD Flaps, 32bit ASn in the wild.
On 2009-01-29, Claudio Jeker cje...@diehard.n-r-g.com wrote: On Thu, Jan 29, 2009 at 04:52:55PM +, Stuart Henderson wrote: On 2009-01-29, Toni Mueller openbsd-m...@oeko.net wrote: Hi, On Sat, 10.01.2009 at 12:11:03 -0600, tico t...@raapid.net wrote: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bgpd/rde.c looking at CVS, it seems that multiple patches are needed, right? And we get the joy of threading them together ourselves, understanding OpenBGPd's code in the process... maybe. This should work, but I run -current everywhere, I have no 4.4 boxes to test it on. Incidentally this looks like the same approach suggested by the draft RFC4893bis I just glanced over it and I'm very unhappy with the direction they're taking. It is not what we do and IMO trying to fiddle out bad path attributes and still use the crippled rest smells like routing loops comming soon to a network near you. Bad prefixes should not get redistributed this will also ensure that only the originator of the problem is affected. Oh yeuch, I misinterpreted it. More discussion at http://permalink.gmane.org/gmane.ietf.idr/5354
Re: (bit)torrent openbsd client
Yeah, if you are looking for something simply and lightweight, give unworkable a try. I haven't been hacking on it much lately because it downloads every torrent I throw at it fine. Also runs on zaurus and sparc64 quite nicely ;-) On Wed, Jan 28, 2009 at 08:11:30PM +0100, frantisek holop wrote: transmission is ok and you could also try unworkable that is developed on openbsd. -f -- why does the att logo look like the death star? -- Niall O'Higgins P2P Research http://p2presearch.com http://niallohiggins.com
Supported uvideo(4) device not recognized: Logitech QuickCam E 3500 Plus
man 4 uvideo says that Logitech QuickCam E 3500 Plus is supported. My OpenBSD 4.4 release boxes do not recognize the device at all (while recognized as uaudio by OpenBSD 4.0, e. g.). usbdevs(8) says: getdevicedesc: ioctl: Input/output error getstring: ioctl: Input/output error (full output below). With 4.4 there is no output in /var/log/messages. Problem seems to be OpenBSD 4.4 specific (see below for other versions). I have connected the camera to at least 3 different OpenBSD 4.4 boxes and have experimented with 3 different USB PCI cards in conjunction with 2 of those boxes (output of one 4.4 box below). I have re-checked the behaviour with a 2nd camera of the same type (not all combinations mentioned, though). In addition, a USB stick connected to the same USB card (after the camera but while the camera was still plugged in) did not even show up in usbdevs(8) output. To produce some dmesg-style output I have connected the camera to several non-4.4 OpenBSD boxes, including 3.x, 4.0 and 4.3. All of the non-4.4 boxes have shown somewhat expected behaviour (output of a 4.0 box below). Questions: 1. I have seen that there were many uvideo(4) changes between 4.4 and 4.5. Do they fix the problem? 2. Am I missing anything obvious? Any way to get this up and running without using -current? Output of a 4.0 box first because with 4.4 there is only usbdevs(8) but nothing in /var/log/messages. 4.0 === # uname -a OpenBSD host.domain 4.0 GENERIC#1107 i386 # tail /var/log/messages Jan 28 18:16:54 test /bsd: uaudio0 at uhub2 port 1 configuration 1 interface 2: Logitech product 0x09a4, rev 2.00/0.06, addr 2 Jan 28 18:16:55 test /bsd: uaudio0: audio rev 1.00, 2 mixer controls Jan 28 18:16:55 test /bsd: audio0 at uaudio0 # usbdevs -dv -f /dev/usb1 Controller /dev/usb2: addr 1: high speed, self powered, config 1, EHCI root hub(0x), VIA(0x1106), rev 1.00 uhub2 port 1 addr 2: high speed, power 500 mA, config 1, product 0x09a4(0x09a4), Logitech(0x046d), rev 0.06 uaudio0 port 2 powered port 3 powered port 4 powered 4.4 === # uname -a OpenBSD host.domain 4.4 GENERIC#1021 i386 # tail /var/log/messages [no messages here when (dis)connecting the device] # usbdevs -dv -f /dev/usb0 Controller /dev/usb0: addr 1: high speed, self powered, config 1, EHCI root hub(0x), NEC(0x1033), rev 1.00 uhub0 port 1 powered port 2 powered port 3 powered getdevicedesc: ioctl: Input/output error getstring: ioctl: Input/output error port 4 addr 2: high speed, self powered, unconfigured, QuickCam E 3500 Plus(0x09a4), Logitech(0x046d), rev 0.06 port 5 powered -- Pt! Schon vom neuen GMX MultiMessenger gehvrt? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01
Re: Assigning group or effective group to processes
Philip Guenther wrote: On Wed, Jan 28, 2009 at 2:44 AM, Lars Noodin larsnoo...@openoffice.org How can gid or egid be set when starting a process from shell? The command you're looking for is 'newgrp'...which OpenBSD doesn't currently have. sudo is probably the most direct workaround for now. Ok. Thanks, I was looking for newgrp (or something like it) but hoping that it merely had a different name. sudo it must be then. Regards, -Lars
Re: Dealing with Seagate's problematic 7200.11 firmware.
Has anyone looked into disassembling the firmware?
Re: nc -w with -z does not seems to work.
On Thu, Jan 29, 2009 at 12:26:21PM +0530, Rajkumar S wrote: Help says -w is timeout for connects and final net reads, so nc should exit after 2 seconds, and it does exit when tested under linux, but not under openbsd. check the obsd manpage, it is specifically different and does not mention connects:' --- -w timeout If a connection and stdin are idle for more than timeout seconds, then the connection is silently closed. The -w flag has no ef- fect on the -l option, i.e. nc will listen forever for a connec- tion, with or without the -w flag. The default is no timeout. --- it is only for idles Am i doing some thing wrong or is this a bug in nc ? the gnu nc is different than the obsd one, even tho they're (iirc) both derived from the same source a while ago. the one in gnu land's -w option does what you want regarding connect timeouts. the openbsd one does not. -- jared
