Re: BGPD: crash
Hi Claudio, On Wed, 13.07.2005 at 23:58:30 +0200, Claudio Jeker [EMAIL PROTECTED] wrote: For some reasons you end up with two prefixes in the RIB that are indistinguishable. The decision process should in any case find a more prefered route or it will fatal with the given message. imho just dropping one of them should be sufficient to solve the problem if they are indistinguishable anyway (perhaps together with a warning)? Currently I know only one way to produce this by announcing a network twice, once via config file and the other is added via bgpctl. This may well be - I tried to manually remove an announced network via bgpctl and later add it again (btw, setting the peer to down didn't help - after a while it was back up without me setting it up again). Best, --Toni++
Your Message Could Not Be Delivered
Your message could not be delivered. The recipient's account is temporarily over the maximum allowed number of messages. [EMAIL PROTECTED] We hope this information is helpful. For more information, visit us at http://help.telus.net or e-mail TELUS at [EMAIL PROTECTED]. The original message has been removed from the bounce message. Reporting-MTA: dns; priv-edtnes09.telusplanet.net Arrival-Date: Thu, 14 Jul 2005 01:26:52 -0600 Received-From-MTA: dns; openbsd.org (81.182.232.179) Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 4.2.2
Re: UK Keymap issue
Edd Barrett [EMAIL PROTECTED] wrote: I have here two x86 machines set up with the uk keymap (console not X). holding shift and pressing three should send #. It sends # followed by a newline. why is this? It should send a pound sign, but a hash followed by \n is sent. The list changed the pound sign to a hash for some reason. The top bit got stripped (reset to 0). Anyway, the console driver does send a pound sign. This character is not part of (US-)ASCII. The console produces the byte value 0xA3, which encodes a pound sign in ISO Latin 1 and related character sets. By default, ksh treats characters that have the top bit set as Meta-character 0x7F, i.e., in your case the pound sign is handled just like the sequence esc# would be handled. From ksh(1): comment: ^[# If the current line does not begin with a comment character, one is added at the beginning of the line and the line is entered (as if return had been pressed); otherwise, the existing comment characters are removed and the cursor is placed at the beginning of the line. So the console is fine, the keymap is fine, it is the application that handles the character differently than you expect. For OpenBSD's ksh, there is a switch if you want to use 8-bit characters on the command line: $ set +o emacs-usemeta -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: UK Keymap issue
Christian Weisgerber wrote: Edd Barrett [EMAIL PROTECTED] wrote: I have here two x86 machines set up with the uk keymap (console not X). holding shift and pressing three should send #. It sends # followed by a newline. why is this? It should send a pound sign, but a hash followed by \n is sent. The list changed the pound sign to a hash for some reason. The top bit got stripped (reset to 0). Anyway, the console driver does send a pound sign. This character is not part of (US-)ASCII. The console produces the byte value 0xA3, which encodes a pound sign in ISO Latin 1 and related character sets. By default, ksh treats characters that have the top bit set as Meta-character 0x7F, i.e., in your case the pound sign is handled just like the sequence esc# would be handled. From ksh(1): comment: ^[# If the current line does not begin with a comment character, one is added at the beginning of the line and the line is entered (as if return had been pressed); otherwise, the existing comment characters are removed and the cursor is placed at the beginning of the line. So the console is fine, the keymap is fine, it is the application that handles the character differently than you expect. For OpenBSD's ksh, there is a switch if you want to use 8-bit characters on the command line: $ set +o emacs-usemeta Many thanks for clarifying this. Edd
Re: Multiple SSH daemons
Dave Harrison wrote: My current solution is to run a second sshd on another port and have that be the externally accessible sshd (and configure it to only allow public key connections). However the way sshd logs, I can't work out what was logged by which daemon. Just give the external sshd a distinguishable name. When sshd calls log_init it uses argv[0] so the name will show up in syslog: # ln -s /usr/sbin/sshd /usr/sbin/extsshd # /usr/sbin/extsshd -p 222 # grep extsshd /var/log/authlog [...] extsshd[15393]: Server listening on :: port 222. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Re: UK Keymap issue
--- Edd Barrett [EMAIL PROTECTED] wrote: Christian Weisgerber wrote: Edd Barrett [EMAIL PROTECTED] wrote: I have here two x86 machines set up with the uk keymap (console not X). holding shift and pressing three should send #. It sends # followed by a newline. why is this? It should send a pound sign, but a hash followed by \n is sent. The list changed the pound sign to a hash for some reason. The top bit got stripped (reset to 0). Anyway, the console driver does send a pound sign. This character is not part of (US-)ASCII. The console produces the byte value 0xA3, which encodes a pound sign in ISO Latin 1 and related character sets. By default, ksh treats characters that have the top bit set as Meta-character 0x7F, i.e., in your case the pound sign is handled just like the sequence esc# would be handled. From ksh(1): comment: ^[# If the current line does not begin with a comment character, one is added at the beginning of the line and the line is entered (as if return had been pressed); otherwise, the existing comment characters are removed and the cursor is placed at the beginning of the line. So the console is fine, the keymap is fine, it is the application that handles the character differently than you expect. For OpenBSD's ksh, there is a switch if you want to use 8-bit characters on the command line: $ set +o emacs-usemeta Many thanks for clarifying this. Edd Or you could use vi mode (for vi fans): $ set -o vi Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Some questions related to shell scripts
I started off with what I thought was a simple question, but googling,
searching mailing list archives, reading man pages, and testing hasn't
turned up anything I'm happy with and has raised some new issues...
In a past life, on a non-Unix system, I was able to set up simple and
effective mutual exclusion in the equivalent of shell scripts by
opening a file for write access (which created an exclusive lock on the
file) at the start of the protected section and not closing it until
the end of that section. This had no race conditions and had no
problem of stale locks since the lock was automatically released if the
process holding it terminated abnormally.
My original question was What is the equivalent idiom for OpenBSD
shell scripts, or is there none?
The best approximation I've found so far is (assuming that the details
of the semantics of ln and kill -0 under OpenBSD's /bin/sh are as
the author expects; I haven't yet checked this)
function my_lockfile ()
{
TEMPFILE=$1.$$
LOCKFILE=$1.lock
{ echo $$ $TEMPFILE } /dev/null || {
echo You don't have permission to access `dirname
$TEMPFILE`
return 1
}
ln $TEMPFILE $LOCKFILE /dev/null {
rm -f $TEMPFILE
return 0
}
kill -0 `cat $LOCKFILE` /dev/null {
rm -f $TEMPFILE
return 1
}
echo Removing stale lock file
rm -f $LOCKFILE
ln $TEMPFILE $LOCKFILE /dev/null {
rm -f $TEMPFILE
return 0
}
rm -f $TEMPFILE
return 1
but this is more complicated than I like and has the intrinsic problem
that one can't be sure of detecting a stale lock file (the process
creating the lock file may have died and a new process with the same
process id been created; this seems rather unlikely in practice but
AFAIK is definitely possible).
It also, at least under OpenBSD, has the serious problem that $$
isn't the PID of the shell running the script but rather the PID of the
original shell (whatever exactly that means; some testing suggests
that it's the last process on the PPID chain which is still in this
process group) and I haven't yet found any straightforward way of
getting the PID of the bottom-level shell, which is what is needed
for the stale-lock testing to work at all when the exclusion needed is
among scripts run in subshells of the same shell. (I realize that I
could create a trivial program which writes its PPID to stdout, or hack
/bin/sh to add a new variable which contains the PID I want -- but I'd
prefer to use the tools which come as part of the base system. This
has also left me rather curious as to *why* the PID and PPID of the
original shell are easily accessible in scripts but those of the
subshell actually running the script aren't.)
Another obvious possibility is to use something other than a shell
script (probably perl, which I strongly suspect is capable of doing
this), but I'm not at all sure it makes sense to stop and learn yet
another language *right* *now*. If this *is* the way to go,
recommendations as to the best language for general sysadmin-type
scripting would be appreciated.
Thanks in advance for any advice,
Dave
--
Dave Anderson
[EMAIL PROTECTED]
Re: BGPD: crash
Hi, On Thu, 14.07.2005 at 09:07:48 +0200, Toni Mueller [EMAIL PROTECTED] wrote: imho just dropping one of them should be sufficient to solve the problem if they are indistinguishable anyway (perhaps together with a warning)? sorry for the noise - of course that might be not so good an idea after all if we are looking forward to multipath routing. Should have thought about it earlier :-| Best, --Toni++
Re: Some questions related to shell scripts
On Thu, 14 Jul 2005, Dave Anderson wrote: It also, at least under OpenBSD, has the serious problem that $$ isn't the PID of the shell running the script but rather the PID of the original shell (whatever exactly that means; some testing suggests that it's the last process on the PPID chain which is still in this process group) and I haven't yet found any straightforward way of getting the PID of the bottom-level shell, which is what is needed for the stale-lock testing to work at all when the exclusion needed is among scripts run in subshells of the same shell. (I realize that I could create a trivial program which writes its PPID to stdout, or hack /bin/sh to add a new variable which contains the PID I want -- but I'd prefer to use the tools which come as part of the base system. This has also left me rather curious as to *why* the PID and PPID of the original shell are easily accessible in scripts but those of the subshell actually running the script aren't.) I did not check your script, but POSIX says this: $ Expands to the decimal process ID of the invoked shell. In a subshell (see Shell Execution Environment ), '$' shall expand to the same value as that of the current shell. There's a similar phrase in the man page, -Otto
Re: BGPD: crash
* Toni Mueller [EMAIL PROTECTED] [2005-07-14 16:21]: Hi, On Thu, 14.07.2005 at 09:07:48 +0200, Toni Mueller [EMAIL PROTECTED] wrote: imho just dropping one of them should be sufficient to solve the problem if they are indistinguishable anyway (perhaps together with a warning)? sorry for the noise - of course that might be not so good an idea after all if we are looking forward to multipath routing. Should have thought about it earlier :-| no, it is a bad idea because it'd just hides bugs elsewhere. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: NNTP server (inn-2.4.1) on OpenBSD 3.7?
I get the same error (below in detail) inn hasn't been working right either. news gets into the tradspool but doesn't make it into the index correctly. I get the old 1 new message but when slected isn't found all the time during my test. Dunno if that's related. ok 82 not ok 83 wanted 972808200 seen 972811800 001029 013000 1 not ok 84 wanted 972808200 seen 972811800 20001029 013000 1 ok 85 not ok 86 wanted 97280 seen 972813599 001029 015959 1 not ok 87 wanted 97280 seen 972813599 20001029 015959 1 ok 88
Re: Some questions related to shell scripts
** Reply to message from Otto Moerbeek [EMAIL PROTECTED] on Thu, 14 Jul 2005 17:11:10 +0200 (CEST) The developer of the shell has the freedom to either spawn a separate process for a subshell expression or execute the subshell commands in the in a newly created enviroment that is a copy of the current environment environment. It is wrong to assume using (...) will actually create a new process. *That* was not at all obvious (at least to me), and is important to know. Thanks! Dave -- Dave Anderson [EMAIL PROTECTED]
Re: Alpha CS20 wanted
Looks like we would have enough people willing to give enough money to get one of these. No, I didn't win the first one, but the same seller is offering another. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=5219321518category=51116rd=1 That said, it appears to be a bit under spec. Theo mentioned that it was about half as fast as the CS20. Since this would be build host, can't say I blame him. So, I would still be more than happy to coordinate getting a replacement machine, but I don't want to waste everyone's money a machine that doesn't do what Theo needs it to do. I'll keep trolling eBay. Another option *could* be to get this machine and upgrade it, but I don't know a damn thing about Alpha hardware, so someone else would have to tell me what we would need/what's a good price, etc. -Matt Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: build KDE from scratch
Hi, On Wed, Jul 13, 2005 at 09:11:48PM +0800, Glamous wrote: I just downloaded the QT3 and arts, kdelib, kdebase src pkg and want to build a new kde from scratch by hand. I'm so confused that sometimes the configure program can not check pass for some of the lib missing which I'm sure pkg_add has installed in my /usr/local/lib. OpenBSD developers expect you to read. But as a newbie coming from Linux, you often don't know where to start. Some hints to help you get your homework done: you go read: man gcc-local first item under DESCRIPTION has an answer to your question. Then you read the FAQ, especially the section about ports and packages here: http://www.openbsd.org/faq/faq8.html and the content of the pages linked from there. Then you read: - man make - man bsd.port.mk - the Makefiles of the currently available qt and kde ports - the output of ./configure --help of the particular package. - the output of make show=CONFIGURE_ARGS make show=CONFIGURE_ENV in the directories of the respective currently available qt and kde ports to find out about the environment and flags passed to configure. And perhaps a bunch of other make show=BLABLA commands... I know there's a /etc/ld.so.conf (in linux) which control the ldconfig to cache the dyn-lib search path when doing some ld operation during building. But I can't find it now. I wonder how the OpenBSD control its ld search path, by LD_LIBRARY_PATH? ldconfig is used for ld.so, the runtime linker. You have a problem at compile time. The compile time linker is called ld. Try to understand the difference by reading the manpages. Regards, Daniel
Spamprobe - what happened to the port?
I found in archives two attempts at bringing it to ports tree, and it seems to be an interesting project... What happened to it? (and yes, i just tried modifying the old makefile with new version number, seems it built without problems, didn't yet try it in action) viq -- Najnowsze wiadomosci!!! http://link.interia.pl/f18a0
[OT] Re: links vs firefox vs ..
On Wed, Jul 13, 2005 at 04:16:10PM +0700, Neta wrote: If your conclusion is right. Why so many internet banking used it? Do you have any real experiences with your box? They can get their insurers to cover what they've tested. They've no incentive to test more browsers to check that they do the right thing with their site and vice versa, because not enough people use other options. It doesn't matter what's REALLY secure, only what they can get someone to cover their liability for.
Re: 3.7 panic after removing ath0 pcmcia card
-Original Message- From: Rogier Krieger [mailto:[EMAIL PROTECTED] Sent: Thursday, July 14, 2005 5:37 PM To: OpenBSD-misc list Cc: Will H. Backman Subject: Re: 3.7 panic after removing ath0 pcmcia card On 7/14/05, Will H. Backman [EMAIL PROTECTED] wrote: Transcribed by hand, more data to follow in next email (dmesg etc): Computer is a Dell Latitude PPL Ath card was a Netgear WG511T Multiply freed item 0xd09d7000 Panic: free: duplicated free Did you search the archives? I'm quite sure this came up during the week. In fact, a snapshot (July 8th) fixed my problem, which seems highly similar to yours. Cheers, Rogier -- If you don't know where you're going, any road will get you there. Yes, I saw it in the archives, but I thought I would report it so the developers would have more information. Off list, I have been told that the fix will not be put into -stable, so moving to -current or using a different card seems to be the choice for now until -current becomes -release.
Bank of the West Online Banking Account Access Limited (Security Code: PP-090-227-814)
[IMAGE] Dear Bank Of The West Customer, This is your official notification from Bank Of The West that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous notifications have been sent to the Billing Contact assigned to this account. As the Primary Contact, you must renew the service(s) listed below or it will be deactivated and deleted. Renew Now SERVICE : Bank Of The West eTimeBanker with Bill Pay. EXPIRATION: Jul 14, 2005 Thank you,Bank Of The West Management Center Customer Support * IMPORTANT CUSTOMER SUPPORT INFORMATION * Please do not reply to this message. For any inquiries, contact Customer Service.Document Reference: (87051203).Bank Of The West, N.A. Member FDIC. Equal Housing Lender. Copyright ) 2005 Bank Of The West, N.A. All rights reserved.
pf questions
Hi guys, I'm a newbie in pf. Got a question about pinging and ssh stuff. Say I have two clients connected to a firewall that's running pf to the internet. I can ssh from one client to the other or vice versa. I can't ping either. I feel pf is not allowing it. What do I modify in pf to let hosts on network talk to each other. Thanks. Vivek
openbsd and libcap
greetings, this is an extremely complicated area and one which I am completely naive, so could some kind person out there answer the following question: will using Phil Wood's libpcap (http://public.lanl.gov/cpw/) bring any advantages for programs (such as tcpdump) that are linked to this version of libpcap? is Phil's solution only for stinky old linux kernels because the bog standard libpcap is not up to scratch? another side question: what platform performs best when capturing packets under extreme loads? i've heard solaris is good, as is openbsd. any others which are worth mentioning? thanks for your time, I'm sure this post merits the abuse it will obviously generate - or it'll be ignored completely :( poncenby
Re: pf questions
Sorry for the short question. No, actually one is one a wired network,
the other is on a wireless network both connected to the firewall. I'm
sending you my pf.conf. Check it out. The reason this is a problem is
because I keep getting a NAT error in Azureus when I test the port.
/etc/pf.conf
# $OpenBSD: pf.conf,v 2.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
# macros
ext_if=dc1
int_if=dc0
wir_if=ral0
tcp_services = { 22, 113 }
icmp_types = echoreq
auth_server = 127.0.0.1 port 8080
table authorized_hosts { 10.0.0.3 }
# options
set block-policy return
set loginterface $ext_if
# scrub
scrub in all
scrub out all
# nat/rdr
nat on $ext_if from $int_if:network - ($ext_if:0)
nat on $ext_if from $wir_if:network - ($ext_if:0)
#rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 port 8021
#rdr on $wir_if proto tcp from any to any port 21 - 127.0.0.1 port 8021
#rdr on $wir_if proto tcp from !authorized_hosts to any port www - \
$auth_server
rdr on $ext_if proto tcp from any to any port 6881 - $int_if
rdr on $ext_if proto tcp from any to any port 6881 - $wir_if
rdr on $ext_if proto tcp from any to any port 8000 - $int_if
rdr on $ext_if proto tcp from any to any port 8000 - $wir_if
# filter rules
block in log all
pass quick on { lo $int_if }
pass quick on { lo $wir_if }
antispoof quick for { lo $int_if }
antispoof quick for { lo $wir_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto tcp from any to ($ext_if) \
user proxy flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass in on $wir_if from authorized_hosts to any keep state
pass in on $wir_if proto tcp from !authorized_hosts to $auth_server
pass out on $int_if from any to $int_if:network keep state
pass out on $wir_if from any to authorized_hosts keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
#pass in on $ext_if proto tcp to ($ext_if) port ssh keep state
I'd like to download bit torrent stuff at a high speed rate and also
have some pinging going on between my clients. Anything you see I
don't? Thanks.
Vivek
Re: Reboot and halt problem
Never mind, I found out. fsck -y / Rico. Hi, I have just updated some of our obsd servers at our datacenter the other day. One of them was via the upgrade procedure on the CD. From 3.6 to 3.7. Now each time I issue the reboot command or the halt command, the machine reboots and then gives WARNING: / was not proberly unmounted and it does this each time I reboot or halts it. What can be causing this? Thanks, Rico
Re: Alpha CS20 wanted
Does anyone have an API alpha CS20 (the 1U blue things at http://www.microway.com/21264dual.htm) that they could offer the project? I would accept something else, except there really is *no room* left anywhere to put another kind of alpha. That's all that fits, or this is the end OpenBSD/alpha The existing CS20 was donated by a kind person. Perhaps there is another one out there? I've spoken with Matt Theo off list about this, and it seems likely that I'm going to be the one trying to snag one of these machines. Right now between Matt, Patrick, Marcos, and myself, I know of ~$360 being pledged for the cause. It looks like the ones we have our eyes on online and from talking to vendors are likely to run in the $700 range. Alternately, should we miss out on one of these machines, Microway has kindly offered to rebuild the current machine for $1,000. I believe the consensus right now is to try to get a less expensive (though equally performing machine), though I'm sure Theo will correct me if I misinterpreted that. :-) Either way, we're about: $340 - $650 short depending on which option we choose / are forced to choose . . . and that's assuming everyone actually comes through on their pledges, and we only have 3 days left on one of the auctions, so time is of the essence. For all of you out there who're using / depending on OpenBSD/alpha, please step up and help us cover this teeny cash shortage. You can send the donations to Theo via the normal channels or email me off-list and I'll send my paypal address to you. For those of you who're looking at or using the AMD Athlon 64s and Opterons, many of the foundations of the 64 bit code come from the work originally done on the alpha. Maintaining good support on the alpha is so much more than just supporting a (semi-) legacy system as some people perceive it to be. It's also giving support to the blossoming technology of tomorrow in platforms like these. Little things that come to light in one similar platform are often found to be troublesome in others, too. Given the importance of the alpha platform to me, I would most likely reach into Ye Olde Savings and personally cover the difference if I had to, but like most of you, I'd rather not. This is one of those places where given its importance to the community, some more of us can--and really should--step up immediately and help cover the small cost. We're talking about a lousy $500 or so in pledges that we're short, so covering this should be trivial with a few (even $10 or $20) donations. Let's help get things back on solid footing once more. Best, Kevin Smith P.S. For those of you who wonder if I'm going to take your loot and run: relax. I've bought every CD since 2.7 and have personally donated hundreds (maybe thousands?) of dollars in cash, hardware, and gifts. In fact, the ports server has a dual port gigabit NIC because of me. I'm sure Theo, Henning, Daniel Hartmeier, Jason Dixon, and others can vouch for me if it's needed. That said, I would still prefer Theo gets the donations directly. :-) -- http://www.ebiinc.com - employee background screening by EBI Global / national background checks drug testing
