Re: Strange behavior with carp and preemption

2005-11-24 Thread Ralf Hornik Mailings 
Hi Eli,

 Eli K. Breen wrote:
 Have you tried simply unplugging one's network cable? (to more closely
 replicate what would happen during a hard lock or panic?) I should think
 things won't be as smooth.

Thats correct. When ifconfig down one IF, then it works and the backup
becomes master on both interfaces. Not by unplugging the cable or power
off the switch. That was what I wanted to test

 Additionally, what happens if you shut the master down in to Single-User
 mode?
 I'm seeing a bug where if the MASTER is shutdown to single user mode it
 stops the BACKUP from becoming MASTER. ...which is somewhat disturbing
 as the original MASTER no longer actually performs any useful network
 functions, but it does prevent takeover of the ARP address.

 Has anyone else tested/run in to this?

This could be done in therory. Does the master send advertisements in
single user mode? When no network is enabled I don't think, that it keeps
being master.

However, the problem reproduced by unplugging the cable, can be solved by
workarounding using ifstated(8). :-(

Best regards

Ralf

Re: additional features in bsd.rd

2005-11-24 Thread Matthias Kilian 
On Wed, Nov 23, 2005 at 10:54:55PM +, Stuart Henderson wrote:
  You can download and upload files using ftp(1).
  I use to do it since OpenBSD 2.9, using standard floppies.
 
 With ftp in a pipe, you can only retrieve.

Strange. I do backups on a server located at Strato using ftp(1)
and dump(8). I do this every day via cron(8). So either you're wrong
or I'm doing what's impossible.

Ciao,
Kili

hw.setperf strangeness

2005-11-24 Thread Lars Hansson 
This seems a bit strange to ne:
$ sysctl hw | tail -2
hw.cpuspeed=1296
hw.setperf=100

$ sudo sysctl -w hw.setperf=0
hw.setperf: 100 - 0
$ sysctl hw | tail -2
hw.cpuspeed=1296
hw.setperf=0

Hmm..shouldnt cpuspeed have changed?

$ sudo sysctl -w hw.setperf=10
hw.setperf: 0 - 10
$ sysctl hw | tail -2  
hw.cpuspeed=1296
hw.setperf=10

Still no change.

$ sudo sysctl -w hw.setperf=80 
hw.setperf: 10 - 80
$ sysctl hw | tail -2  
hw.cpuspeed=750
hw.setperf=80

Say what? 80% is 750? Ok, at least something happened now.

$ sudo sysctl -w hw.setperf=60 
hw.setperf: 80 - 60
$ sysctl hw | tail -2  
hw.cpuspeed=750
hw.setperf=60

Ok, I guess I cant go lower than 750.

$ sudo sysctl -w hw.setperf=90 
hw.setperf: 60 - 90
$ sysctl hw | tail -2  
hw.cpuspeed=750
hw.setperf=90

Hmmm..Shouldnt this have set cpuspeed higher than 750?

$ sudo sysctl -w hw.setperf=100
hw.setperf: 90 - 100
$ sysctl hw | tail -2   
hw.cpuspeed=750
hw.setperf=100

Shouldnt cpuspeed be back to full now?
(dmesg in previous email)

---
Lars Hansson

Re: usb2ether hw recommendation

2005-11-24 Thread Stephan A. Rickauer 

Stuart Henderson wrote:

--On 23 November 2005 11:49 +0100, Stephan A. Rickauer wrote:


are there any device recommendations for usb Ethernet network
adapters supported by the drivers listed by 'apropos usb|grep -i
ether|grep -v Class' on 3.8? Searching the web for the chipsets
usually gives me Japanese, Taiwanese web sites or driver issues but
no concrete devices (= things I can touch) ...


There are plenty listed in the manpages. I think you'd be unlucky to buy 
a usb-ethernet that's not supported (and if you do, you could send it to 
a developer and buy something different..) HK-based vendors on Ebay are 
quite good for these.


ugen0 at uhub4 port 1
ugen0: ASIX Electronics AX88178, rev 2.00/0.01, addr 2

I guess I _was_ unlucky. It's a Level one usb-0200.

--

 Stephan A. Rickauer

 
 Institut f|r Neuroinformatik
 Universitdt / ETH Z|rich
 Winterthurerstriasse 190
 CH-8057 Z|rich

 Tel: +41 44 635 30 50
 Sek: +41 44 635 30 52
 Fax: +41 44 635 30 53

 http://www.ini.ethz.ch

Re: usb2ether hw recommendation

2005-11-24 Thread Lars Hansson 
Compeletely unbranded ~$13 USB ethernet adapter:

url0 at uhub2 port 1
url0: REALTEK USB 10/100 LAN, rev 1.10/1.00, addr 2
url0: address 00:e0:4c:03:17:4a
urlphy0 at url0 phy 0: RTL internal phy

---
Lars Hansson

ipsec.conf / What am I dooing wrong?

2005-11-24 Thread raff 
following ipsec.conf(5) i was trying to set up connection between to
hosts 192.168.1.115 and 192.168.1.125
I can set it using ipsecadm, and everything works fiine, but using
ipsecctl i'm getting some errors like below:


# ipsecctl -vvf ipsec.conf
@0 flow esp out from 192.168.1.115 to 192.168.1.125 peer 192.168.1.125
type require
@1 flow esp in from 192.168.1.125 to 192.168.1.115 peer 192.168.1.125
type use
@2 esp from 192.168.1.115 to 192.168.1.125 spi 0x0115 auth sha1 enc
3des-cbc
authkey 0x507a89ddbbca07ea595b338f78c9cf44162ef92e
enckey 0x9f2d7686ee16363909e94c8334cc8492b53cb8d7d0734e29
@3 esp from 192.168.1.125 to 192.168.1.115 spi 0x0125 auth sha1 enc
3des-cbc
authkey 0x513dc7a1b41d9a5ad9fca0eedc78180be2a82ba5
enckey 0x44c4006f164234375e892d64e8fbc42c6093064fb1aa3bb9
ipsecctl: writev failed: Invalid argument
ipsecctl: failed to add rule 2
ipsecctl: writev failed: Invalid argument
ipsecctl: failed to add rule 3

thanks in advance

Re: ipsec.conf / What am I dooing wrong?

2005-11-24 Thread Hans-Joerg Hoexer 
Hi,

ok, please use hmac-sha1 instead of sha1
HJ.

On Thu, Nov 24, 2005 at 11:04:45AM +0100, raff wrote:
 following ipsec.conf(5) i was trying to set up connection between to
 hosts 192.168.1.115 and 192.168.1.125
 I can set it using ipsecadm, and everything works fiine, but using
 ipsecctl i'm getting some errors like below:
 
 
 # ipsecctl -vvf ipsec.conf
 @0 flow esp out from 192.168.1.115 to 192.168.1.125 peer 192.168.1.125
 type require
 @1 flow esp in from 192.168.1.125 to 192.168.1.115 peer 192.168.1.125
 type use
 @2 esp from 192.168.1.115 to 192.168.1.125 spi 0x0115 auth sha1 enc
 3des-cbc
 authkey 0x507a89ddbbca07ea595b338f78c9cf44162ef92e
 enckey 0x9f2d7686ee16363909e94c8334cc8492b53cb8d7d0734e29
 @3 esp from 192.168.1.125 to 192.168.1.115 spi 0x0125 auth sha1 enc
 3des-cbc
 authkey 0x513dc7a1b41d9a5ad9fca0eedc78180be2a82ba5
 enckey 0x44c4006f164234375e892d64e8fbc42c6093064fb1aa3bb9
 ipsecctl: writev failed: Invalid argument
 ipsecctl: failed to add rule 2
 ipsecctl: writev failed: Invalid argument
 ipsecctl: failed to add rule 3
 
 thanks in advance

Re: usb2ether hw recommendation

2005-11-24 Thread David Coppa 
What a usbdevs -dv gives to you?

-David

On 11/24/05, Stephan A. Rickauer [EMAIL PROTECTED] wrote:
 Hello,

 Stephan A. Rickauer wrote:
  ugen0 at uhub4 port 1
  ugen0: ASIX Electronics AX88178, rev 2.00/0.01, addr 2
 
  I guess I _was_ unlucky. It's a Level one usb-0200.
 
  Seems I was to quick. axe(4) should be the right one ... I'll try.

 I am stuck now. All I could find out was that I have this device
 connected at hub4, which theoretically is supported by the axe driver:

 Controller /dev/usb4:
 addr 1: high speed, self powered, config 1, EHCI root hub(0x),
 Intel(0x8086), rev 1.00
uhub4
  port 1 addr 2: high speed, power 450 mA, config 1, AX88178(0x1780),
 ASIX Electronics(0x0b95), rev 0.01
ugen0

 But I have no clue whether the desirable axe0 should have been created
 automatically or whether I have to do that. I've read the usb, axe and
 ugen man pages and searched the openbsd website but it's unclear to me
 what I am supposed to do now. At the end I'd like to be able to
 configure the device using ifconfig.

 Please help me. Thanks.


 --

   Stephan A. Rickauer

   
   Institut f|r Neuroinformatik
   Universitdt / ETH Z|rich
   Winterthurerstriasse 190
   CH-8057 Z|rich

   Tel: +41 44 635 30 50
   Sek: +41 44 635 30 52
   Fax: +41 44 635 30 53

   http://www.ini.ethz.ch

Re: usb2ether hw recommendation

2005-11-24 Thread Stephan A. Rickauer 

Hello,

Stephan A. Rickauer wrote:

ugen0 at uhub4 port 1
ugen0: ASIX Electronics AX88178, rev 2.00/0.01, addr 2

I guess I _was_ unlucky. It's a Level one usb-0200.


Seems I was to quick. axe(4) should be the right one ... I'll try.


I am stuck now. All I could find out was that I have this device 
connected at hub4, which theoretically is supported by the axe driver:


   Controller /dev/usb4:
   addr 1: high speed, self powered, config 1, EHCI root hub(0x), 
Intel(0x8086), rev 1.00

  uhub4
port 1 addr 2: high speed, power 450 mA, config 1, AX88178(0x1780), 
ASIX Electronics(0x0b95), rev 0.01

  ugen0

But I have no clue whether the desirable axe0 should have been created 
automatically or whether I have to do that. I've read the usb, axe and 
ugen man pages and searched the openbsd website but it's unclear to me 
what I am supposed to do now. At the end I'd like to be able to 
configure the device using ifconfig.


Please help me. Thanks.


--

 Stephan A. Rickauer

 
 Institut f|r Neuroinformatik
 Universitdt / ETH Z|rich
 Winterthurerstriasse 190
 CH-8057 Z|rich

 Tel: +41 44 635 30 50
 Sek: +41 44 635 30 52
 Fax: +41 44 635 30 53

 http://www.ini.ethz.ch

Re: usb2ether hw recommendation

2005-11-24 Thread Stephan A. Rickauer 

On 11/24/05, Stephan A. Rickauer [EMAIL PROTECTED] wrote:

Hello,

Stephan A. Rickauer wrote:

ugen0 at uhub4 port 1
ugen0: ASIX Electronics AX88178, rev 2.00/0.01, addr 2

I guess I _was_ unlucky. It's a Level one usb-0200.

Seems I was to quick. axe(4) should be the right one ... I'll try.

I am stuck now. All I could find out was that I have this device
connected at hub4, which theoretically is supported by the axe driver:

Controller /dev/usb4:
addr 1: high speed, self powered, config 1, EHCI root hub(0x),
Intel(0x8086), rev 1.00
   uhub4
 port 1 addr 2: high speed, power 450 mA, config 1, AX88178(0x1780),
ASIX Electronics(0x0b95), rev 0.01
   ugen0

But I have no clue whether the desirable axe0 should have been created
automatically or whether I have to do that. I've read the usb, axe and
ugen man pages and searched the openbsd website but it's unclear to me
what I am supposed to do now. At the end I'd like to be able to
configure the device using ifconfig.


David Coppa wrote:
 What a usbdevs -dv gives to you?

 -David

The output above is it. I just listed the relevant part, the rest of 
usbdevs' output shows the other controllers the system have.


Stephan

Re: VLANs not isolated

2005-11-24 Thread Jason Dixon 

On Nov 24, 2005, at 2:29 AM, Camiel Dobbelaar wrote:


On Thu, 24 Nov 2005, Jason Dixon wrote:
I'm testing PF on a proposed network design and experiencing some  
unexpected
behavior.  With three vlan(4) interfaces on the interior of an  
OpenBSD
gateway, each of the clients on a segment is able to ping the  
gateway address
for at least one of the other VLAN gateways.  I'm not sure whether  
this is a
bug with OpenBSD or my switch.  I wouldn't be surprised that it's  
the fault of
this Dell PowerConnect 3024, but I'm still wondering why OpenBSD  
honors the
tagged packet on the wrong vlan(4) interface.  I know the Dell  
PowerConnects
are crap, but it's what I have in my home for testing.  The  
production network

will be running Catalyst 2950s.

The clients are all connected to untagged VLAN ports on the  
switch.  The

OpenBSD gateway is plugged into a port tagged with all 3 VLANs.


Your clients have the OpenBSD system as their gateway right?


Yes.

I think it's normal for a multi-homed BSD system to accept traffic  
for all

it's IP addresses (even with forwarding turned off).

That does not explain why some of your ping tests fail though.


I suspect the failed pings are the cause of the switch.  For example,  
traffic wouldn't work at all until I:


a) enable tagged vlan on the client port
b) apply the change
c) enable untagged vlan on the client port
d) apply the change

Packets get passed the moment I apply this final setting and not a  
moment before.  I think you're probably right about OpenBSD  
responding for all homed segments, but this is just an example of how  
hokey this switch can be.


Thanks,

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

isakmpd tunnels get lost

2005-11-24 Thread Tobias Walkowiak 
following scenario:

|
| LAN A
|
.---+---.
|   Firewall A  |
|  and  |
| VPN-gateway A |
+---+---+
|\
| \
|  public IP A
|
 ==
  inet
 ==
|
| public IP B
|/
  .-+--.
  | Firewall B |
  +-+--+
|
| NAT public IP B - private IP B
|
| private IP B
|/
.---+---.
| VPN-Gateway B |
+---+---+
|
| LAN B
|

now the situation:
establishing a VPN connection between LAN A and LAN B works fine. i run this
scenario for nearly four years. since release 3.5 the problem occurs that
the tunnel on gateway B (the natted one behind the separate firewall) falls
down. a 'netstat -rnf encap' then shows

Routing tables

Encap:
Source Port  DestinationPort  Proto 
SA(Address/Proto/Type/Direction)

and no ping comes through although isakmpd is still running! i run a script
every 3 minutes that in such case kills isakmpd and restarts it. the failing
of the tunnels happens with NAT-T activated as well as without. does that
have something to do with any lifetime settings? i dont yet wanna bother you
with my isakmpd.conf but i post it of wished.

is there anyone who experienced the same or has a clue about that?

TIA
-- 
tobias

Re: additional features in bsd.rd

2005-11-24 Thread Stuart Henderson 

--On 24 November 2005 09:12 +0100, Matthias Kilian wrote:


 You can download and upload files using ftp(1).
 I use to do it since OpenBSD 2.9, using standard floppies.

With ftp in a pipe, you can only retrieve.


Strange. I do backups on a server located at Strato using ftp(1)
and dump(8). I do this every day via cron(8). So either you're wrong
or I'm doing what's impossible.


ahh, I missed paragraph 2 of 'file naming conventions' in ftp(1).

(echo cd /pub/incoming
put |dmesg dmesg.txt) | ftp -a some.server

I still can't work out how to pipe the output directly through ftp but 
this is better and less confusing anyway. Thanks for the prod.

Borghi Toscani News della 47� settimana 2005

2005-11-24 Thread Borghi Toscani News 
[IMAGE]

[IMAGE]

Borghi Toscani | E - mail | Registrati | Inserisci un locale | Meteo |
News

[IMAGE]

NUOVI
INSERIMENTI

Newsletter della 47B0 settimana 2005

LINK
CONSIGLIATI

Hotel Alex

LAST MINUTE IN TOSCANA

OFFERTE SOGGIORNI IN TOSCANA

LAST MINUTE FIRENZE

NEW WEB SITE ABETONE.COM

MULTIPASS ABETONE

[IMAGE]

Cottage Vecoli

Offerte Last minute Abetone

News, eventi e manifestazioni in Toscana questa settimana

Data

Evento

Tipologia

23/11/2005

Volterragusto

(Sagre e Fiere)

24/11/2005

La Focarazza ROCCALBEGNA

(Feste Paesane)

24/11/2005

Ritorno a casa Gori QUARRATA

(Teatro)

25/11/2005

Verso la disfida del tortello di patate VERNIO

(Sagre e Fiere)

26/11/2005

Rassegna letteraria PORRETTA TERME

(Mostre)

26/11/2005

Itinerario della pietra GAVINANA

(Mostre)

26/11/2005

Ininterrotta FIRENZE

(Mostre)

26/11/2005

Mostra mercato del tartufo bianco SAN MINIATO

(Mostre)

26/11/2005

Fiera di Santa Caterina MONTE S. SAVINO

(Sagre e Fiere)

26/11/2005

Festa della Toscana SAN PIERO A SIEVE

(Sagre e Fiere)

26/11/2005

10B0 Festival Nazionale di Teatro PESCIA

(Teatro)

27/11/2005

Fiera di S. Andrea MONTEPULCIANO

(Feste Paesane)

27/11/2005

Bagni a natale BAGNI DI LUCCA

(Mercatini)

27/11/2005

Mercatino etrusco CHIUSI

(Mercatini)

27/11/2005

Pievi montane PORRETTA TERME

(Mostre)

28/11/2005

I capolavori dei Sensi SAN GIMIGNANO

(Mostre)

29/11/2005

La piC9 bella sei tu PRATO

(Mostre)

30/11/2005

Olio novo e gusti d'autunno IMPRUNETA

(Sagre e Fiere)

30/11/2005

Fiera di S. Andrea CARRARA

(Sagre e Fiere)

01/12/2005

Porretta Cinema PORRETTA TERME

(Cinema)

01/12/2005

Impruneta Natale

(Sagre e Fiere)

02/12/2005

Mercatino dell'avvento ABETONE

(Mercatini)

02/12/2005

Festa dell'olio novo CASTELNUOVO B.GA

(Sagre e Fiere)

escursioni toscana

MOSTRA MERCATO NAZIONALE DEL TARTUFO BIANCO

FESTA DELL' OLIO 2005

Vellano Arte 2005Come ogni anno a novembre riapre anche questbanno le
porte la mostra mercato del tartufo bianco a San miniato, arrivata alla
sua XXXVB0 edizione.

Mostra mercato del tartufo bianco

Settembre lucchesePROGRAMMA FESTA DELLbOLIO 2005 (SAN QUIRICO DbORCIA
SIENA)

Sabato 3 dicembre
Ore 10.00 apertura stand
16.00 Centro storico- Spettacolo

Festa dell' olio 2005

Raccolta delle informazioni e Registrazione ai servizi
Piramedia srl, in qualitC  di titolare del trattamento, Ti informa che i
dati personali che ci avrai fornito, volontariamente o automaticamente
attraverso i nostri portali, saranno trattati, con il tuo consenso allo
scopo di trasmetterti i servizi da te richiesti. In particolare ti
verranno inviate tramite posta elettronica o sms, informative o offerte a
carattere commerciale o pubblicitario, inerenti al Turismo. Ti verranno
inviate inoltre comunicazioni circa modifiche, miglioramenti, o
cambiamenti dei servizi da noi proposti. In coda ad ognuno di questi
messaggi sarC  sempre presente il modo perchC) tu possa rimuovere i tuoi
dati dal nostro archivio.
Piramedia srl, non raccoglierC  in nessun modo dati ritenuti sensibili e
si impegna a non utilizzare i tuoi dati, o cederli a terzi, per finalitC 
che siano diverse da quelle qui sopra elencate.
Formula di acquisizione del consenso dell'interessato.
Il/la sottoscritto/a, acquisite le informazioni fornite dal titolare del
trattamento ai sensi dell'articolo 13 del D.Lgs. 196/2003, l'interessato:
- presta il suo consenso al trattamento dei dati personali per i fini
indicati nella suddetta informativa.
- presta il suo consenso per la comunicazione dei dati personali per le
finalitC  ed ai soggetti indicati nell'informativa.
- presta il suo consenso per la diffusione dei dati personali per le
finalitC  e nell'ambito indicato nell'informativa.

DISDETTA
Se non vuoi piC9 ricevere l'edizione gratuita di BorghiToscani.com
clicca su questo link: disdetta

Vecoli

Cottage Vecoli

Tenuta il Cicalino

Centro Velico Naregno

Centro Velico Naregno

Centro Velico Naregno

Tirrenia Ferries

Tirrenia
Ferries

Hotel Le Acacie

Hotel Le Acacie

Hotel Tornese

Madrugada
Travel

A casa di Dante

BB Gilda

Podere Giarlinga

Fonte del Cieco

Ninna Nanna

Campo di Carlo

Hotel La Pergola

Podere Saliciaia

Hotel Galli

Villa Conti

Albergo La Scogliera

Valle Santa Maria

Hotel Fontalleccio

Hotel Il Ponte

Casa del Golfo

Il Viottolo

Hotel Riva del Sole

Hotel Montecristo

Villa Cristina

Ideamare

Agriturismo Rebua

Enoteca Il Salotto

Villa Volpi

Hotel Rex

Belvedere

Domotourist

Casa Mazzoni

Residence L'Oasis

Agriturismo Bonello

La Meridiana

Al Mercato

Abitare In

Villa Parisi

Hotel Corallo

La Concia

Alba Chiara

Cuor di Lupo

Le Vigne di Caldana

Guida ambientale Maddalena Zuddas

MTB Adventure

La Piana

Rotonda in Chianti

1999 - 2005 - Copyright and Project by Piramedia srl - Tutti I Diritti
Riservati -Privacy

[IMAGE]

CCD Mirroring HOWTO

2005-11-24 Thread Robbert Haarman 
For those who are interested, I've uploaded a tutorial on setting up 
mirroring using ccd(4) to http://inglorion.net/documents/tutorials/ccd/.

-- Bob

Re: hw.setperf strangeness

2005-11-24 Thread Theo de Raadt 
*classic* bug report.  You completely fail to mention the machine
type, or show a dmesg.  I just don't get it.  How is it that people
keep forgetting that?  Are they just totally unaware that there
are machine differences, and they might matter?

 This seems a bit strange to ne:
 $ sysctl hw | tail -2
 hw.cpuspeed=1296
 hw.setperf=100
 
 $ sudo sysctl -w hw.setperf=0
 hw.setperf: 100 - 0
 $ sysctl hw | tail -2
 hw.cpuspeed=1296
 hw.setperf=0
 
 Hmm..shouldnt cpuspeed have changed?
 
 $ sudo sysctl -w hw.setperf=10
 hw.setperf: 0 - 10
 $ sysctl hw | tail -2  
 hw.cpuspeed=1296
 hw.setperf=10
 
 Still no change.
 
 $ sudo sysctl -w hw.setperf=80 
 hw.setperf: 10 - 80
 $ sysctl hw | tail -2  
 hw.cpuspeed=750
 hw.setperf=80
 
 Say what? 80% is 750? Ok, at least something happened now.
 
 $ sudo sysctl -w hw.setperf=60 
 hw.setperf: 80 - 60
 $ sysctl hw | tail -2  
 hw.cpuspeed=750
 hw.setperf=60
 
 Ok, I guess I cant go lower than 750.
 
 $ sudo sysctl -w hw.setperf=90 
 hw.setperf: 60 - 90
 $ sysctl hw | tail -2  
 hw.cpuspeed=750
 hw.setperf=90
 
 Hmmm..Shouldnt this have set cpuspeed higher than 750?
 
 $ sudo sysctl -w hw.setperf=100
 hw.setperf: 90 - 100
 $ sysctl hw | tail -2   
 hw.cpuspeed=750
 hw.setperf=100
 
 Shouldnt cpuspeed be back to full now?
 (dmesg in previous email)
 
 ---
 Lars Hansson

Re: spamd vs the sober worm

2005-11-24 Thread Bob Beck 
My running blacklist (24 hour expiry) from my greytraps bloated
from a usual total of about 6000 hosts to over 20,000 during the worst
of it. 

Net result being most of them hit the wall, unless they
came via a previously whitelisted mailhost - and then you go
at them other ways.

The only ones I actually got in my inbox were from on-campus
hosts (i.e virus run-time environments using mmmSexChange servers) 
but this is because we don't subject on-campus hosts to greylisting.
That fact alone pretty much speaks to it. The only stuff I got
was from compromised machines on our class B.

-Bob

* Peter N. M. Hansteen [EMAIL PROTECTED] [2005-11-23 06:15]:
 When the mainstream press started reporting stories like You are not
 under FBI surveillance about the newest windows worm variety, I started
 checking my logs for signs of what the stories described.  Nothing of 
 the sort reported had reached any windows machine on our network, so I 
 started looking at the gateway's logs.  The result is a very preliminary
 draft which I've put at 
 http://www.bgnett.no/~peter/pf/spamd-vs-sober-prelim.txt
 
 My problem is that the sample size is so tiny.  If I am to turn this
 into a publishable article, I need more data.  Would anyone running pf
 plus spamd in greylisting mode volunteer to do the same tests and send
 me their results (or raw data for that matter)?  Any other feedback
 would be welcome of course, and useful data or other useful feedback
 will merit at least a mention in the thanks to list if this gets
 published.
 
 - P
 -- 
 Peter N. M. Hansteen, member of the first RFC 1149 implementation team
 http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
 First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
 

-- 
| | | The ASCII Fork Campaign
 \|/   against gratuitous use of threads.
  |

OpenBSD Crypto Globe Shirt

2005-11-24 Thread Bruno Carnazzi 
   Hi all,

Will this powerfull shirt be available in Europe/Worldwide ? Is there
something special about it which make it not available ? I really love
it !! :)

Best regards,

Bruno.

Re: CCD Mirroring HOWTO

2005-11-24 Thread Robbert Haarman 
  http://inglorion.net/documents/tutorials/ccd/
 
 I have a few questions/comments about the above and about ccd
 in OpenBSD in general.
 
 1) You talk about RAID only works with whole disks?  I'm curious 
 which RAID implementation you're referring to... it seems like you 
 might be talking about RAIDframe, but it works with partitions 
 instead of disks too.  (In fact, it only cares about parititions.)

I might be wrong. I've only ever seen RAID used on whole disks. I'll 
look into RAIDframe; if that supports using partitions as components, 
I'll change the HOWTO. Thanks for pointing this out.

 2) How does ccd keep track of the mirror getting out-of-sync?  (i.e. 
 if the system happens to fall over at the exact instant where a write 
 hits one of the disks, but not the other?)  I know how this is done in 
 RAIDframe, but I don't see a similar mechanism in ccd, and lacking 
 that mechanism would be Very Dangerous.  (if that data is never 
 overwritten, and a disk fails, you might be left with the disk with 
 correct data, or the one without correct data.  You flip the coin.)

AFAIK, ccd doesn't have any mechanisms for that. If one disk fails, all 
you can do is reconfigure the ccd device to use only the remaining 
disks, dump the filesystem, replace the failed disk, set up your old ccd 
configuration, newfs, and restore. This is all manual. To me, that's 
acceptible, because I don't expect my disks to fail more than once a 
year, and I don't mind spending an hour per year rebuilding filesystems.

 3) The code appears to only ever do reads from the first partition
 in 'old_io'-mode (the current default). That is fine if only the 
 mirror fails, I suppose.  I havn't dug deep enough into ccd.c to 
 determine what's really going on in !old_io mode, but it looks like
 it reads from both parts of the mirror? (whether it needs to or not) 
 There doesn't appear to be any mechanism here to say this write failed
 and then to note that the data on a particular block is now invalid.  

I don't know any implementation details; I haven't actually looked at 
the code. To me, it's enough that I have a second copy of my data.

 4) Nothing is mentioned about how to recover from a disk failure.  
 This is perhaps the most important part of any mirroring setup!! 

See my answer to point 2.

 I think I saw mention of 'dd' in another post -- if that is indeed 
 the mechanism, then, at a minimum, care must be taking to make sure 
 the filesystem is not being written while the 'dd' is being done!!

You do the recovery offline.

 I believe there are some very good reasons to be using the mirroring 
 in RAIDframe, and to not be even thinking of using the 
 so-called-mirroring support in ccd -- to me using ccd for 
 mirroring is just asking for trouble.

It depends on what you need, I guess. If you want availability and 
automatic recovery, ccd is simply not an option. If all you want is to 
have your data mirrored, then ccd seems to do just fine. I'm in the 
latter category - for now anyway.

 But that's just my $0.02, and yes, I'll admit to being biased towards 
 RAIDframe.  At the same time, however, I don't want to see to see people
 get badly burned by something that is advertised as a solution when
 it really isn't (and when other real solutions do exist -- RAIDframe 
 only adds 150K to SomeOtherBSD's kernel these days).

I think I should add a few more warnings to my HOWTO, just to make sure 
people aren't expecting ccd to things it simply doesn't do.

 Thanks for your time.

Thanks for yours. You've made some very insightful comments.

Regards,

Bob

---
I can't remember the last time I forgot something.

Re: additional features in bsd.rd

2005-11-24 Thread Alexander Hall 

Stuart Henderson wrote:


(echo cd /pub/incoming
put |dmesg dmesg.txt) | ftp -a some.server

I still can't work out how to pipe the output directly through ftp but 
this is better and less confusing anyway. Thanks for the prod.




Something like

  { echo put - kalle; cat; } | ftp -a localhost

could get you going. I was surprised to realize that while it _does_ 
work when hammering the keyboard, it does _not_ work when piping stuff 
to it, at least not for me. Maybe you have better luck (and more time) 
than me. :-)


/Alexander

huge passwd/group database

2005-11-24 Thread Gustavo Rios 
Hey folks,

reading groups functions for openbsd i could realize that in order to
have supplementary groups retrieved, the routine pass through the
entire database group.
For each of the group entry, it scans if the given user matches in the
list of the group member. I believe this approach does not scale
(O(n*m)). Am i wrong?

Since this is a many-read-few-write database, what about an aditional
register for each of the users with supplementary group? In this case
a single database probe could be enough.

Where am i wrong?

Thanks in advance.

3.8: ath(4) card not working in 11a/g mode?

2005-11-24 Thread Robert Stepanek 

Hi,

I have two cards using the atheros chipset. However, setting up one  
as access point and the other as client only yields a connection when  
I enforce 11b mode on both cards.


I am using a 3.8 GENERIC  kernel (dated 27 Oct):
OpenBSD 3.8 (GENERIC) #1: Thu Oct 27 18:22:38 CEST 2005

It detects the ath card on both machines:
ath0 at pci0 dev 14 function 0 Atheros AR5212 rev 0x01: irq 11
ath0: AR5212 5.9 phy 4.3 rf5112 3.6, FCC1A, address 00:0b:6b:36:fd:a6

ath0 at pci0 dev 14 function 0 Atheros AR5212 rev 0x01: irq 11
ath0: AR5212 5.9 phy 4.3 rf5112 3.6, FCC1A, address 00:0b:6b:36:fe:43

I then clear the ath card settings as indicated in the man page:
ifconfig ath0 -bssid -chan media autoselect nwid  -nwkey -powersave  
down


I set up the hostap with:
ifconfig ath0 10.4.0.1 netmask 0xff00 media autoselect mode 11a  
mediaopt hostap nwid foo nwkey bar up


ifconfig shows that the hostap is running:
ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST  
mtu 1500

lladdr 00:0b:6b:36:fd:a6
media: IEEE802.11 autoselect mode 11a hostap
status: active
ieee80211: nwid foo chan 36 bssid 00:0b:6b:36:fd:a6 nwkey bar
inet6 fe80::20b:6bff:fe36:fda6%ath0 prefixlen 64 scopeid 0x2
inet 10.4.0.1 netmask 0xff00 broadcast 10.255.255.255

I start the client with:
ifconfig ath0 10.4.0.2 netmask 0xff00 media autoselect mode 11a  
nwid foo  nwkey bar up


but it does not find any network (I let it wait awhile to do some  
scanning):
ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST  
mtu 1500

lladdr 00:0b:6b:36:fe:43
media: IEEE802.11 autoselect mode 11a (OFDM6 mode 11a)
status: no network
ieee80211: nwid foo nwkey bar
inet6 fe80::20b:6bff:fe36:fe43%ath0 prefixlen 64 scopeid 0x2
inet 10.4.0.2 netmask 0xff00 broadcast 10.255.255.255

Same story with enforced mode 11g

However setting mode 11b in the same command line as above  
immediately yields a connection on the client:
ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST  
mtu 1500

lladdr 00:0b:6b:36:fe:43
media: IEEE802.11 autoselect mode 11b (DS11 mode 11b)
status: active
ieee80211: nwid foo chan 1 bssid 00:0b:6b:36:fd:a6 nwkey bar
inet6 fe80::20b:6bff:fe36:fe43%ath0 prefixlen 64 scopeid 0x2
inet 10.4.0.2 netmask 0xff00 broadcast 10.255.255.255

Not setting any mode at all starts the hostap in 11a mode and the  
client is not able to connect as well.


Note: The boxes are standing right next to each other. I tried it in  
several buildings so I do not think that this might be due to  
interference.


I wonder if this is a driver issue? Or could it be a problem with the  
hardware?


Thanks a lot,
Robert

Re: New idea on CPU fan problem

2005-11-24 Thread Alexander Hall 

PARAMVIR DHINDSA wrote:


Date : Nov 25, 2005
  Dear Sir,
  
  I want to  know whether I can replace  the generic   kernel  included  in the OpenBSD distribution with   Kernel included in the bootable(installation) floppy as  problem  of CPU fan is not present in that (floppy37.fs) case. If yes, please  let me know how to perform it.
  
 Nov 1,2005


Do not cross post to many lists.

You may have issues with other drivers. People use to be able to solve 
thinks like this by booting using boot -c and disabling stuff in the ukc.


Search for ukc openbsd fan speed or so in google or in the archives.

/Alexander

Re: mozilla/firefox serif font

2005-11-24 Thread Speek 
Jimmy Scott jimmy at inet-solutions.be writes:

 The problem I'm facing is that on sites which don't use a specific font,
 which should default to 'serif' and actually is 'bitstream vera serif',
 the text is/looks bold/blurry (wider than 1px). This really anoyes me
 when reading text/books because it give me a headache on an LCD screen.

Yes, the serif font looks fat/bold here too. But I've set the default
proportional font to sans-serif and that looks fine.

Regards,

Speek

Re: CPU time off by a factor of two

2005-11-24 Thread Uwe Dippel 
On Thu, 24 Nov 2005 14:40:59 -0600, J Moore wrote:

 I'm not clear on something... does the time drift with OpenBSD *alone*; 
 i.e. without ntpd running?

Yes. Now I let it run on its own, without ntpd, through the last night and
send me a mail (I am not at it) each minute.
Starting at 19.00 exactly, with a single rdate -s, at 23.00 the mail said
21.00. So the factor is 2, pretty exact.

When I get to the box later, I will reboot with single CPU kernel.
Since it goes into production today, I need it to be up. If necessary, I
will have to rdate it once per minute to advance its clock by 30 seconds
each minute. I consider this quite a bug, by now.

Uwe

Re: hw.setperf strangeness

2005-11-24 Thread Lars Hansson 
On Thu, 24 Nov 2005 09:23:32 -0700
Theo de Raadt [EMAIL PROTECTED] wrote:

 *classic* bug report.  You completely fail to mention the machine
 type, or show a dmesg.
Actually, I sent the dmesg in my immediatelly previous message to the list
and therefore I didnt attach again.
As for the machine type, it's a completely generic laptop called X-Mobile C24i.
I really did forget to attach the md5 -t output so here it is:

$ sysctl hw | tail -2
hw.cpuspeed=1296
hw.setperf=100

$ md5 -t 
MD5 time trial.  Processing 1 1-byte blocks...
Digest = 52e5f9c9e6f656f3e1800dfa5579d089
Time   = 0.691865 seconds
Speed  = 144536867.741539 bytes/second

$ sudo sysctl -w hw.setperf=0
hw.setperf: 100 - 0
$ sysctl hw | tail -2  
hw.cpuspeed=1296
hw.setperf=0
$ md5 -t  
MD5 time trial.  Processing 1 1-byte blocks...
Digest = 52e5f9c9e6f656f3e1800dfa5579d089
Time   = 0.693320 seconds
Speed  = 144233542.952749 bytes/second

$ sudo sysctl -w hw.setperf=80
hw.setperf: 0 - 80
$ sysctl hw | tail -2  
hw.cpuspeed=750
hw.setperf=80
MD5 time trial.  Processing 1 1-byte blocks...
Digest = 52e5f9c9e6f656f3e1800dfa5579d089
Time   = 0.695775 seconds
Speed  = 143724623.621142 bytes/second

It would appear that changing hw-setperf doesn't actually do anything at all
on this box. The dmesg says it has Speedstep though.
(dmesg attached again)

---
Lars Hansson
OpenBSD 3.8-current (GENERIC) #265: Wed Nov 23 15:06:35 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) M processor 1.30GHz (GenuineIntel 686-class) 1.30 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF
real mem  = 234397696 (228904K)
avail mem = 206987264 (202136K)
using 2886 buffers containing 11821056 bytes (11544K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(17) BIOS, date 05/21/01, BIOS32 rev. 0 @ 0xe9b90
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xe7000/0x661
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfe840/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801AA LPC rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xc800! 0xe/0x1800 0xe6000/0x1000!
cpu0 at mainbus0
esm at mainbus0 not configured
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82852GM Hub-PCI rev 0x02
Intel 82852GM Memory rev 0x02 at pci0 dev 0 function 1 not configured
Intel 82852GM Configuration rev 0x02 at pci0 dev 0 function 3 not configured
vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture at 
0xb000, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel 82852GM AGP rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x03: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x03: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x03: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x03: irq 7
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x83
pci1 at ppb0 bus 1
cbb0 at pci1 dev 0 function 0 Texas Instruments PCI1410 CardBus rev 0x02: irq 
5
rl0 at pci1 dev 2 function 0 Realtek 8139 rev 0x10: irq 11, address 
00:e0:4c:44:00:4e
rlphy0 at rl0 phy 0: RTL internal phy
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x40
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x03: SpeedStep
pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x03: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: FUJITSU MHT2040AT
wd0: 16-sector PIO, LBA, 38154MB, 78140160 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: QSI, CDRW/DVD SBW-243, TX08 SCSI0 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
Intel 82801DB SMBus rev 0x03 at pci0 dev 31 function 3 not configured
auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x03: irq 5, ICH4 AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655)
audio0 at auich0
Intel 82801DB Modem rev 0x03

Re: hw.setperf strangeness

2005-11-24 Thread Theo de Raadt 
  *classic* bug report.  You completely fail to mention the machine
  type, or show a dmesg.
 Actually, I sent the dmesg in my immediatelly previous message to the list
 and therefore I didnt attach again.

Oh come on.

You think we have all day to find various mails from various people and
piece them together?

Maybe there is a bug.  Maybe it should be fixed.  But this particular
bug right here, with your attitude -- wow -- you just lost my attention.

Re: hw.setperf strangeness

2005-11-24 Thread Lars Hansson 
On Thu, 24 Nov 2005 10:03:44 +0800
Lars Hansson [EMAIL PROTECTED] wrote:
 It would appear that changing hw-setperf doesn't actually do anything at all
 on this box. The dmesg says it has Speedstep though.

Err, it has speedstep but that's not in the dmesg.

---
Lars Hansson

Re: hw.setperf strangeness

2005-11-24 Thread Lars Hansson 
On Thu, 24 Nov 2005 18:48:44 -0700
Theo de Raadt [EMAIL PROTECTED] wrote:
 Oh come on.
 
 You think we have all day to find various mails from various people and
 piece them together?


Indeed, that would be silly. I should have attached it. My mistake.

---
Lars Hansson