Re: Hardware RNG speed

2005-12-20 Thread Michael Alexander Hamburg 
On Mon, 19 Dec 2005, Theo de Raadt wrote:

 Until you can justify actual real scientific reasons why you cannot
 use it, I think you should use arc4random().

 And I am entirely serious.  The entire idea in OpenBSD is to have many
 consumers, as this strengthens the source.

Thanks for your comments, but I will attempt to justify why I cannot use
arc4random() or /dev/arandom.

I'm working on Professor Rabin's HyperEncryption project.  The goal is to
create a system for distributing random numbers to form one-time pads such
that even an adversary who can break whatever crypto you happen to have
devised is stopped by other limitations, such as limited storage or
limited access to your data lines (that is, you have several links and the
adversary can monitor some but not all of them).  The idea is to offer a
system which is cheaper and more flexible than quantum cryptography, but
almost as secure (i.e. perfectly, information-theoretically secure with
very high probability in the ideal case, requiring more assumptions for
this ideal case than quantum cryptography, but not requiring a short,
private, dedicated fiber-optic line and $50k worth of hardware on either
end).  Obviously, within these design goals, truly random numbers are
necessary, because a computationally unbounded opponent can break
arc4random().  Such an adversary can break other things, too, so we'll
have to do a whole bunch of other things (turning off SYN cookies comes to
mind), but the random numbers are a more immediate design parameter.

Now, the project isn't in production or anything yet; we have some
prototypes are exploring their design spaces, but a very important
parameter is the cost and data rate of commercially available high-quality
random number generators, and their software support under various
operating systems.  Under a limited-access model, the rate is not too
important (while it adds to the amount of data that can be transmitted and
marginally to its security, it is not essential that the data rate be very
high), but 200B/s is still probably too slow.

An important security and maintenance feature of this system will be
whether it can be engineered cleanly.  OpenBSD is considered a relatively
secure OS, has a wide variety of hardware random number generator support,
and perhaps most importantly is relatively easy to configure minimally on
embedded hardware.  So, we're very interested in supporting it,
particularly on embedded hardware, but we need to know what kind of random
number generators work on it at an acceptable rate.  It looks like this
will probably mean the VIA C3 or C7, but we'd like to give Hifn cards a
shot.  Also, given the terrible performance of the Hifn card, it's not
clear that even the VIA C7 would be faster or whether the drivers are the
rate-limiting step, which is why I'm asking for clarification here.  I
could, of course, write a VIA-specific user-mode RNG driver because their
chips allow that. This is a strong draw to VIA, but OS support would be
preferable.

@Jason Crawford, we have considered and even prototyped sound-card-based
solutions (mostly involving running a simple radio noise source into the
microphone port, which is likely to have less pure-tone noise than your
suggestion), and while they aren't out of the running yet they have two
important problems.  First, it will be more difficult to determine whether
the output of this system is sufficiently random.  We can run FIPS tests
in real time at the rates we're dealing with, but the audio system will
almost certainly not pass this or even come close.  Massaging the data
into a form which is both white and sufficiently simple that a breakdown
will be detected is rather difficult.  On the other hand, most hardware
RNGs create noise with only very local biases (in raw mode) which should
be easier to filter out without hiding breakages.  Second, most embedded
boards do not have sound cards, an almost none have microphones.

Thanks a lot,
Mike Hamburg

Re: disklabel and ext3 partitions on amd64

2005-12-20 Thread steven mestdagh 
On Mon, Dec 19, 2005 at 12:00:52PM +, Simon Morgan wrote:
 On 18/12/05, steven mestdagh [EMAIL PROTECTED] wrote:
  I see the same happening on 3.8-release vs. 3.8-current on i386 for
  systems with foreign filesystems. Not sure why.
 
 Think it could be a bug?

this change in behavior is caused by
sys/arch/amd64/amd64/disksubr.c v 1.4
sys/arch/i386/i386/disksubr.c v 1.46

because the context is gone, here is the OP's problem summarized:
'D' in the disklabel editor now wipes everything except the 'c' partition,
whereas it used to leave 'c', a modified 'a', and foreign filesystem ( 'i')
partitions in place.

maybe someone can comment on this?

-- 
steven

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

OpenBSD 3.8 and slapd 2.0.27

2005-12-20 Thread yance 
Hi all,

I am learning to install and configure slapd on OpenBSD 3.8. Followed the
installation howto
(http://www.openbsdsupport.org/qmail-ldap-OpenBSD.html#2.0)
but here is what I get when I run slapd -d -1

SNIP
line 10 (include/etc/openldap/schema/krb5-kdc.schema)
could not open config file /etc/openldap/schema/krb5-kdc.schema: No such
file or directory (2)
slapd shutdown: freeing system resources.
slapd stopped.

Hmm, apparently krb5-kdc.schema is notpresent in my system.

How can this be? What should I install? Any pointers?


Thanks,


Yance

Re: MN-520 802.11b wireless PCMCIA card not found in -CURRENT on AMD Sempron?

2005-12-20 Thread Jonathan Gray 
On Mon, Dec 19, 2005 at 10:57:44PM -0600, C. Bensend wrote:
 Hey folks,
 
I've never been lucky enough to actually own my own laptop until
 yesterday, when a friend pointed me at a special at Staples.  I
 picked up a Compaq Presario V2405US (AMD Sempron) for a pretty good
 price.  Yes, I know, Compaq and Staples, fear.  But for $500, I can
 cope.
 
I installed Saturday's snapshot, crossing my fingers and hoping
 the magical 802.11b/g fairy would grace me and it would recognize
 the built-in wireless.  Alas, it's a Broadcom BCM4318.  That's OK,
 I didn't expect the one that's built in to work.  Stupid Broadcom.
 
However, I was a little surprised when my Microsoft MN-520 PCMCIA
 adapter isn't found.  This is the same physical adapter that works
 great with my work laptop (a straight Pentium-M Dell).
 
It's this one, and works flawlessly with my D600:
 
 http://marc.theaimsgroup.com/?l=openbsd-miscm=109286218613735w=2
 
So, here is the dmesg from the new laptop, running Saturday's
 snapshot (pardon any funkiness from cut-n-paste):
 
 
 OpenBSD 3.8-current (GENERIC) #320: Sat Dec 17 10:09:10 MST 2005
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Mobile AMD Sempron(tm) Processor 3000+ (AuthenticAMD 686-class,
 128KB L2 cache) 1.80 GHz
 cpu0:
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
 LUSH,MMX,FXSR,SSE,SSE2,SSE3
 cpu0: AMD Powernow: TS FID VID TTP TM STC
 cpu0: AMD PowerNow! K8 available states (35400,70700,79500)
 real mem  = 233349120 (227880K)
 avail mem = 206016512 (201188K)
 using 2874 buffers containing 11771904 bytes (11496K) of memory
 mainbus0 (root)
 bios0 at mainbus0: AT/286+(51) BIOS, date 08/04/05, BIOS32 rev. 0 @ 0xfd660
 pcibios0 at bios0: rev 2.1 @ 0xfd660/0x9a0
 pcibios0: PCI BIOS has 10 Interrupt Routing table entries
 pcibios0: no compatible PCI ICU found
 pcibios0: Warning, unable to fix up PCI interrupt routing
 pcibios0: PCI bus #3 is the last bus
 bios0: ROM list: 0xc/0x1 0xd/0x1000 0xdc000/0x4000!
 0xe/0x4000!

ATI IXP PCI interrupt quirks aren't known.  I went looking
for documentation on the ATI chipsets some time ago but
couldn't find any.

 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x01
 ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00
 pci1 at ppb0 bus 1

...

 cbb0 at pci2 dev 9 function 0 Texas Instruments PCI7XX1 CardBus rev
 0x00pci_in
 tr_map: no mapping for pin A
 : couldn't map interrupt

The CardBus slot can not be used as interrupt routing is busted
in ways not apparent without documentation.

 
 
So, no wireless as of right now.  But I am curious to know why
 the same card works fine in my Dell, but not in my Presario.  Would I
 be lucky enough that it would be a quick fix?

Depends if you can find documentation on the ATI chipset the
laptop is based on...

Re: MN-520 802.11b wireless PCMCIA card not found in -CURRENT on AMD Sempron? ScanMail has blocked your mail due to a mail policy.

2005-12-20 Thread IOT-DTAG 
[EMAIL PROTECTED]
Reason the mail was blocked:


Scanned by ScanMail for Lotus Notes 2.6 SP1
with scanengine 7.510-1002
and pattern version 3.115.00

pid of last started process

2005-12-20 Thread Дмитрий Лебедь 
Sorry, may be I've written in wrong place, but what variable contained pid
of last started process from this shell (script) in ksh?

Re: pid of last started process

2005-12-20 Thread Andreas Kahari 
Dimaz,

#!/bin/ksh
somecommand 
echo PID of last backgrounded command is $!

Read the manual for more info.
Andreas

On 20/12/05, dMITRIJ lEBEDX [EMAIL PROTECTED] wrote:
 Sorry, may be I've written in wrong place, but what variable contained pid
 of last started process from this shell (script) in ksh?




--
Andreas Kahari

Re: VPN: solutions that interoperate with win xp

2005-12-20 Thread Stuart Henderson 
  i have also setup openvpn, which works great for me from home, and i have 
  been
  able to successfully get this working. however, one of the users that 
  connects
  to my VPN is having problems making openvpn and his kerio firewall play 
  nice,
  and a working openvpn configuration cannot survive a reboot due to win xp 
  being
  such a great OS.
  
 
 I would definately stick with the openvpn solution. It's simplier to
 implement, and i didn't understood the part that the configuration
 cannot survive a reboot. Is this a problem on the user side? If it is,
 the same potential to damage the openvpn setup, could be used to dmage
 the ipsec setup.

The same problem probably won't affect ipsec, since there's no extra
network interface involved there.  http://openvpn.se/xpsp2_problem.html

 Yes, that's another advantage, it use only ONE port, and is NAT
 friendly.

This is no different to ipsec nat-t. There are both advantages
and disadvantages with ipsec, openvpn, and openssh tun-forwarding.
Use what fits best for the job...

Re: VPN: solutions that interoperate with win xp

2005-12-20 Thread Giancarlo Razzolini 
Stuart Henderson wrote:
  The same problem probably won't affect ipsec, since there's no extra
 network interface involved there.  http://openvpn.se/xpsp2_problem.html

I meant that if one user can misconfigure the openvpn setup, he or she
have the same potential to misconfigure the ipsec setup.

 This is no different to ipsec nat-t. There are both advantages
 and disadvantages with ipsec, openvpn, and openssh tun-forwarding.
 Use what fits best for the job...
 
I see one difference: AFAIK when you are using ipsec with nat-t, you
have to give up some of the protection that the AH gives to you, and you
stay only with the full ESP protection. With openvpn, you use the
tls-auth directive and have the same level of protection that AH
provides you. Implementing and keeping IPSEC solution is far more
comples than a openvpn solution, so i would definately try the openvpn
solution.

My regards,

-- 
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

Re: pfsync/carp via 2 ISP's

2005-12-20 Thread eneville (sent by Nabble.com) 
Stoyan Genov wrote: 
 
 Joachim Schipper wrote:
 On Tue, Nov 29, 2005 at 10:31:03AM +0100, David Coppa wrote:
 
On 11/29/05, Joachim Schipper  wrote:


Why don't you just put a switch in front of the two firewalls, and then
do CARP (for firewall failover) plus some smart routing tricks (for ISP
failover - search the archives, I forgot the proper keywords)?

pf route-to?
 
 
 Hmm, wouldn't that require some additional scripting? Would work,
 though...
 
 
 We have this running for several months. Setup is the following
 (sorry, no time for ascii art):
 
 *) 2 x obsd37/i386 boxes, 4 NICs each
 *) each box connects to both ISPs
 *) each box connects to internal LAN
 *) the two boxes are interconnected for pfsync purposes
 with a dedicated crossover ethernet cable
 *) CARPed on the inside is the LAN gateway IP address
 *) CARPed on the outside are IPs for a couple of pub services
 *) each box has it's own IP on the inside and the outside
 (so, 4 IPs used on the outside -- each ISP, each box)
 *) pf.conf on both boxes is identical; they differ in the
 default route (master box defaults through master ISP,
 backup box defaults through backup ISP (we want to use
 also the backup ISP through the backup box when everything
 is OK)
 *) upon becoming a master, a box would change its gateway
 through the master ISP, plus starting a couple of services
 *) upon becoming a backup, a box would change its gateway
 through the backup ISP, plus stopping a couple of services
 *) upon unavailability of its default ISP (cron+ping checks)
 each box would change default gateway to the other ISP
 
 An over-simplified pf.conf would look roughly like this:
 
 
 # nat on both interfaces; default route will choose which exactly
 nat on $if_isp1 from $net_int to $net_int_not - $if_isp1:0
 nat on $if_isp2 from $net_int to $net_int_not - $if_isp2:0
 
 block log all
 
 pass proto carp all
 pass on $if_loc all
 
 pass in on $if_int from $net_int to any
 pass out on $if_int from any to $net_int
 
 # pass from my IPs to everywhere rules
 # left as an exercise for the reader
 
 pass on $if_pfsync proto $pfsync_protos from $pfsync_peers \
 to $pfsync_peers
 
 # NO KEEP STATE HERE
 pass on $if_isp1 proto $pub_serv_proto from any to $pub_serv_IP_on_isp1
 pass on $if_isp2 proto $pub_serv_proto from any to $pub_serv_IP_on_isp2
 # also, pub IPs are CARPed
 
 # KEEP THE STATE HERE
 # FOR PUB SERVICE, IT'S THE *RESPONSE* THAT CREATES A STATE
 pass out route-to ($if_isp1 $gw_isp1) from $net_isp1 to $net_isp1_not \
   modulate state
 pass out route-to ($if_isp2 $gw_isp2) from $net_isp2 to $net_isp2_not \
   modulate state
 
 
 I probably forget some minor but important details.
 
 I wish I could get an AS and use BGP to route through both ISPs.
 
 Best Regards,
 Stoyan Genov
 
 
 

I am having some problems with a similar setup based on 
http://www.monkey.org/openbsd/archive/misc/0409/msg02994.html, but with CARP 
layers in front of the int/ext interfaces.

Have you tried using packet tagging and decided it would not work?
--
Sent from the openbsd user - misc forum at Nabble.com:
http://www.nabble.com/pfsync-carp-via-2-ISP%27s-t632647.html#a2027119

Re: MN-520 802.11b wireless PCMCIA card not found in -CURRENT on AMD Sempron?

2005-12-20 Thread C. Bensend 
 The CardBus slot can not be used as interrupt routing is busted
 in ways not apparent without documentation.

...

 Depends if you can find documentation on the ATI chipset the
 laptop is based on...

Doh.  I figured it was going to be something like that.  I'll do
some searching, but if you've already tried, I'm not too optomistic.

Thanks for the explaination, Jonathan.

Benny


-- 
As a general rule, don't solve puzzles that open portals
to Hell.   - Unknown

Re: pf and two ADSL links

2005-12-20 Thread Craig Skinner 
On Tue, Dec 20, 2005 at 02:40:28AM +, pedro la peu wrote:
  all UK ADSL is operated by them, with the minor exception of LLU.
 
 What?
 
  AFAIK there is only one UK operator unbundling for ADSL, in some southern
  exchanges (eg London  there abouts).
 
 What?
 

I can see from whois that you have some connection with the UK, as do some of
the other posters on this thread.

Therefore, if you don't know what LLU and unbundling are, I can only
assume that you are a dialup windows user who is posting on the wrong
mailing list.

  I've seen it often enough where [...] a JCB has dug though the footpath and 
  taken the lot out
 
 There are cheap enough alternatives.
 
  Look to different media alltogether for HA.
 
 Don't exclude the cheap, predictable thing right under your nose.
 
  This is all fine for messing about at home or in a small style, no SLA
  business.
 
 It's better than you think.

Ignorance is bliss, until the shit hits the fan.

 
  When an ADSL is faulted to BT via eCo once a fault has been detected
  though Woosh, the GPMS case will sit in the diagnostics queue for 48
  hours before it is even looked at. Then resolution will typically
  take another 3-5 days.
 
 BS. Shame on you.

I work for an ISP, you obviously are just a user.

BGPD on FreeBSD

2005-12-20 Thread Reto Burkhalter 
Hi list

May be a little bit OT - but are there any users with experiences
in using OpenBGPD on FreeBSD? I have some strange problems here.

Setup is OpenBGPD 3.7 on FreeBSD 6-RELEASE. Just a basic config
with one transit and one iBGP session with some standard filters
(check prefixlen and rfc1918 networks) works fine. But as soon as
we add more peers and filters, the bgpd daemon dies regularly with
different messages:

E.g.
fatal in RDE: nexthop_cmp: unknown af
dispatch_imsg in main: pipe closed

- This should not happen (the code could not compare either
Inet4 or Inet6)?!?

We also have entries in /var/log/messages like these: exited on signal
6

I can provide more information (config file, etc.) if needed.


Please contact me directly if this topic does not fit into this list.

Regards,
Reto

cruft?

2005-12-20 Thread J.C. Roberts 
I hit a panic while doing make build on the Alpha PSW-433. My uneducated guess
is that I somehow managed to leave cruft in my -STABLE tree when I moved it over
from an i386 box. I did all the expected cleaning (make clean and rm -rf
/usr/obj/*) and I tried to repeat the problem a second time while running over
serial (to save myself from typing it all the ps and trace output again) but on
the second try, make build worked perfectly.

The only thing I can think of doing is running make build a few more times and
see what shows up but that's a less than scientific approach. I want to know if
I'm dealing with flaky hardware or if I managed to cruft myself. -Is there an
easy way to identify cruft problems? 

Output for trace, ps and dmesg.boot are below.

Thanks,
JCR


cc -O2 -pipe -I/usr/src/lib/libmenu -I/usr/src/lib/libmenu/../libcurses
-DHAVE_CONFIG_H  -c /usr/src/lib/libmenu/m_win.c -o m_win.o
panic:trap
Stopped at Debugger+0x4:retzero,(ra)
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DON NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb ps
   PIDPPIDPGRP  UID  SFLAGS  WAITCOMMAND
*10545427555350  3   0x4006  biowait  ld
  4275   2798955350  3   0x4086  wait make
 27989127455350  3 0x86  pausesh
  1274   2610955350  3   0x4086  pausesh
 26109560755350  3   0x4086  wait make
  5607 22755350  3   0x4086  pausesh
   227   1 2270  3   0x4086  wait ksh
 20897   1   208790  3 0x84  select   cron
 19219   1   192190  3  0x40184  select   sendmail
 24576   1   245760  3 0x84  select   sshd
 29076   1   290760  30x184  select   inetd
 12040   11304   11304   73  30x184  poll syslogd
 11304   1   113040  3 0x84  netiosyslogd
 8   0   00  3 0x100204  crypto_wacrypto
 7   0   00  3 0x100204  aiodoned aiodoned
 6   0   00  2 0x100204   update
 5   0   00  3 0x100204  cleaner  cleaner
 4   0   00  3 0x100204  reaper   reaper
 3   0   00  3 0x100204  pgdaemon pgdaemon
 2   0   00  3 0x100204  pftm pfpurge
 1   0   10  3   0x4084  wait init
 0  -1   00  3  0x80204  schedulerswapper
ddb trace
Debugger(6, fc787758, 2d, 0, 2, fc8248a8) at Debugger+0x4
panic(fc766e74, 1, 1, 2, fe001226b7c0, fc827a70) at
panic+0x130
trap(?, ?, 1, 2, fe001226b7c0, fc827a70) at trap+0x51c
XentMM(?, ?, 1, 2, ?, fe001226b7c0) at XentMM+0x20
pmap_activate(?, ?, fc7064ed, 0, 0, fc827a70) at
pmap_activate+0xdc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc
cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70)

Re: cruft?

2005-12-20 Thread Tamas TEVESZ 
On Tue, 20 Dec 2005, J.C. Roberts wrote:

  I hit a panic while doing make build on the Alpha PSW-433. My uneducated 
  guess

http://marc.theaimsgroup.com/?t=11082572061r=1w=2


-- 
[-]

mkdir /nonexistent

Re: cruft?

2005-12-20 Thread J.C. Roberts 
On Tue, 20 Dec 2005 18:28:27 +0100 (CET), Tamas TEVESZ [EMAIL PROTECTED] 
wrote:

On Tue, 20 Dec 2005, J.C. Roberts wrote:

  I hit a panic while doing make build on the Alpha PSW-433. My uneducated 
  guess

http://marc.theaimsgroup.com/?t=11082572061r=1w=2

Thanks Tamas!

jcr

src.tar.gz and sys.tar.gz in snapshots?

2005-12-20 Thread Raul Aldaz 
Hi,

Why are not provided the corresponding source files? a resource limit I
suppose... 











 



Este correo electrsnico y la informacisn contenida en el mismo es de
 caracter confidencial y esta sometida al secreto profesional, dirigiindose
 exclusivamente al destinatario mencionado en el encabezamiento, cuyos datos
 forman parte de un fichero responsabilidad del GRUPO CARRERAS  y cuya
 finalidad es contactar con el titular de los datos a travis del correo
 electrsnico. Le informamos que cuenta con los derechos de acceso,
 rectificacisn y cancelacisn, que podra ejercitar  mediante el envmo de un e-
 mail a la siguiente direccion: [EMAIL PROTECTED]
 Si  el  receptor de la comunicacisn no fuera el destinatario, le informamos
 que cualquier divulgacisn, copia,  distribucisn  o utilizacisn  no
 autorizada de la informacisn contenida en la misma esta prohibida por la
 legislacisn vigente.

http://www.grupocarreras.com

Re: src.tar.gz and sys.tar.gz in snapshots?

2005-12-20 Thread Raul Aldaz 
On Tue, 20 Dec 2005 18:59:35 +0100, Raul Aldaz wrote
 Hi,
 
 Why are not provided the corresponding source files? a resource limit I
 suppose...

I've found the reasons in the archives, sorry for the noise!




Este correo electrsnico y la informacisn contenida en el mismo es de
 caracter confidencial y esta sometida al secreto profesional, dirigiindose
 exclusivamente al destinatario mencionado en el encabezamiento, cuyos datos
 forman parte de un fichero responsabilidad del GRUPO CARRERAS  y cuya
 finalidad es contactar con el titular de los datos a travis del correo
 electrsnico. Le informamos que cuenta con los derechos de acceso,
 rectificacisn y cancelacisn, que podra ejercitar  mediante el envmo de un e-
 mail a la siguiente direccion: [EMAIL PROTECTED]
 Si  el  receptor de la comunicacisn no fuera el destinatario, le informamos
 que cualquier divulgacisn, copia,  distribucisn  o utilizacisn  no
 autorizada de la informacisn contenida en la misma esta prohibida por la
 legislacisn vigente.

http://www.grupocarreras.com

Re: Hardware RNG speed

2005-12-20 Thread Jack Bates 
 Hello to the list,

 ...I set up OpenBSD on a board with a (Soekris) Hifn 7955
 accelerator card, but the rate I'm getting by reading out of /dev/srandom
 is pretty low (200B/s).

I am happily using VIA C3s for a project that requires high-quality
entropy.  In the industry I'm involved in, hardware random is de-rigeur. 
The VIA C3, using /dev/srandom, gives me somewhere right around 6KB/s.  I
was hoping for a higher rate, but we just ended up using multiple machines
as a network random-number service (also yields fault-tolerance).

In doing reading (but not of the acutal code), I remember having the
distinct impression that /dev/srandom uses MD5 to cook the actual stream
generated by the C3's on-die HRNG.  You have to figure that it is
compressing the stream.  You may wish to look closely at the device driver
code.  There is quite a bit of very good data about the C3's HRNG
available via google.  One analysis of this HRNG made it clear that
cooking may be redundant, given the right settings in the driver.  I
made the decision that the developers know what they're up to and left it
at that.

Hope this is helpful.

-- 
Jack Bates
Venice, CA, USA
I play Texas Hold'Em at http://www.fulltiltpoker.com

OpenBSD 3.8 PPPoE Broadband Connection Howto

2005-12-20 Thread Siju George 
Hi all,

I have a new Broadband Internet connection. It uses PPPoE with a
username and password to connect to internet.
I can connect to Internet with Windows 2003 (easy click and configure)
so the DSL Router is working and the username and password is correct.
I would like to use OpenBSD 3.8 to connect to Internet with it and not
Windows 2003.

I read the man pages and FAQ and did accordingly ( I suppose ) and it
is not working. Could some one please point out as to what could I
have done wrong?

Details of my OpenBSD 3.8 system:

I have two interfaces rl0 rl1

rl0 has the PPPoE connection and rl1 is connected to the LAN Switch.

# ifconfig -a
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:fc:7d:4e:50
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::250:fcff:fe7d:4e50%rl0 prefixlen 64 scopeid 0x1
rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:08:a1:7b:bf:52
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 172.17.1.1 netmask 0xfff0 broadcast 172.31.255.255
inet6 fe80::208:a1ff:fe7b:bf52%rl1 prefixlen 64 scopeid 0x2
pflog0: flags=141UP,RUNNING,PROMISC mtu 33224
pfsync0: flags=0 mtu 1348
enc0: flags=0 mtu 1536
pppoe0: flags=a851UP,POINTOPOINT,RUNNING,SIMPLEX,LINK1,MULTICAST mtu 1492
dev: rl0 state: session
sid: 0x10f1 PADI retries: 1 PADR retries: 0 time: 00:00:06
groups: pppoe egress
inet 0.0.0.0 -- 0.0.0.1 netmask 0x
inet6 fe80::250:fcff:fe7d:4e50%pppoe0 -  prefixlen 64 scopeid 0x7

# cat /etc/sysctl.conf |grep inet.ip.forwarding
net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of packets
#
# cat /etc/mygate
cat: /etc/mygate: No such file or directory
#
# cat /etc/hostname.rl0
up
#
# cat /etc/hostname.rl1
inet 172.17.1.1 255.240.0.0 NONE
#
# cat /etc/hostname.pppoe0
pppoedev rl0
!/sbin/ifconfig rl0 up
!/usr/sbin/spppcontrol \$if myauthproto=pap [EMAIL PROTECTED]
myauthkey=zz
!/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x
!/sbin/route add default 0.0.0.1
link1 up
#
# cat /etc/pf.conf
pass all
#

route show commands hangs for a long time :-(

# route flush
default  0.0.0.1  done
loopback localhostdone
172.16.1.0   00:11:95:c0:c7:33done
BASE-ADDRESS.MCAST.N localhostdone
::/128   localhost.broadband. done
::/128   localhost.broadband. done
::127.0.0.0/128  localhost.broadband. done
::224.0.0.0/128  localhost.broadband. done
::255.0.0.0/128  localhost.broadband. done
:::0.0.0.0/128   localhost.broadband. done
2002::/128   localhost.broadband. done
2002:7f00::/128  localhost.broadband. done
2002:e000::/128  localhost.broadband. done
2002:ff00::/128  localhost.broadband. done
fe80::/128   localhost.broadband. done
fe80::250:fcff:fe7d: 00:50:fc:7d:4e:50done
fe80::208:a1ff:fe7b: 00:08:a1:7b:bf:52done
fe80::1%lo0  link#6   done
fe80::250:fcff:fe7d: link#7   done
fec0::/128   localhost.broadband. done
#
# sh /etc/netstart
spppcontrol: SIOCSIFGENERIC(SPPPIOSDEFS): Device busy
add net default: gateway 0.0.0.1
#

What could be the problem?

How do I debug this?

Thankyou so much :-)

kind regards

Siju

Re: src.tar.gz and sys.tar.gz in snapshots?

2005-12-20 Thread Nick Holland 
On Tue, Dec 20, 2005 at 09:36:05PM +0100, Andreas Bihlmaier wrote:
 On Tue, Dec 20, 2005 at 07:10:02PM +0100, Raul Aldaz wrote:
  On Tue, 20 Dec 2005 18:59:35 +0100, Raul Aldaz wrote
   Hi,
   
   Why are not provided the corresponding source files? a resource limit I
   suppose...
  
  I've found the reasons in the archives, sorry for the noise!
 
 A link to your findings would be very helpful since I couldn't find it!
 
 I was wondering about this for a long while as well because the ftp
 mirror I'm using has them for every snapshot
 ftp://ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/
 
huh?  That mirror doesn't seem to be updating at all.  There's nothing
there that's been updated since 3.8 release.

They most certainly do not have source files for every snapshot.

 As stated sorry for making noice, but I guess I'm using the wrong key
 words (on marc.)

http://www.openbsd.org/faq/faq5.html
first article.


Nick.

Re: OpenBSD 3.8 PPPoE Broadband Connection Howto

2005-12-20 Thread Jason McIntyre 
On Wed, Dec 21, 2005 at 02:54:23AM +0530, Siju George wrote:
 
 I have two interfaces rl0 rl1
 
 rl0 has the PPPoE connection and rl1 is connected to the LAN Switch.
 
 # ifconfig -a
 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224
 groups: lo
 inet 127.0.0.1 netmask 0xff00
 inet6 ::1 prefixlen 128
 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
 rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:50:fc:7d:4e:50
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 inet6 fe80::250:fcff:fe7d:4e50%rl0 prefixlen 64 scopeid 0x1
 rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:08:a1:7b:bf:52
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 inet 172.17.1.1 netmask 0xfff0 broadcast 172.31.255.255
 inet6 fe80::208:a1ff:fe7b:bf52%rl1 prefixlen 64 scopeid 0x2
 pflog0: flags=141UP,RUNNING,PROMISC mtu 33224
 pfsync0: flags=0 mtu 1348
 enc0: flags=0 mtu 1536
 pppoe0: flags=a851UP,POINTOPOINT,RUNNING,SIMPLEX,LINK1,MULTICAST mtu 1492
 dev: rl0 state: session
 sid: 0x10f1 PADI retries: 1 PADR retries: 0 time: 00:00:06
 groups: pppoe egress
 inet 0.0.0.0 -- 0.0.0.1 netmask 0x
 inet6 fe80::250:fcff:fe7d:4e50%pppoe0 -  prefixlen 64 scopeid 0x7
 
 # cat /etc/sysctl.conf |grep inet.ip.forwarding
 net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of packets
 #
 # cat /etc/mygate
 cat: /etc/mygate: No such file or directory
 #
 # cat /etc/hostname.rl0
 up

you don't need this file, since hostname.pppoe0 effectively brings the
interface up

 #
 # cat /etc/hostname.rl1
 inet 172.17.1.1 255.240.0.0 NONE
 #
 # cat /etc/hostname.pppoe0
 pppoedev rl0
 !/sbin/ifconfig rl0 up
 !/usr/sbin/spppcontrol \$if myauthproto=pap [EMAIL PROTECTED]
 myauthkey=zz
 !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x
 !/sbin/route add default 0.0.0.1
 link1 up

are you cut'n'paste here? that is not helpful...

- the spppcontrol line should all be on one line: you need a `\' otherwise
- try `link1 up' - `up'

to debug this - try following the steps in ppp(8). it is easy to set up
and debug. it might show some info you are missing.

jmc

Re: OpenBSD related wallpaper

2005-12-20 Thread ed 
On Sun, 18 Dec 2005 23:50:02 -0800 (PST)
Viktor Berke [EMAIL PROTECTED] wrote:

 I've found some nice wallpapers here:
 
 http://www.bsdnexus.com/wallpapers.htm

Hummm it promotes bad code:

http://www.bsdnexus.com/wallpapers/carry_code_single.jpg

Should never allocate memory within the function. At worst, pass the
pointer to need_coffee and free the pointer after need_coffee returns. I
suppose some might say its possible to do that anyway, but it's just bad
practise.

-- 
Regards, Ed http://www.usenix.org.uk - http://irc.is-cool.net 
:%s/Open Source/Free Software/g

Re: OpenBSD 3.8 PPPoE Broadband Connection Howto

2005-12-20 Thread J.C. Roberts 
On Wed, 21 Dec 2005 02:54:23 +0530, Siju George [EMAIL PROTECTED]
wrote:

I have a new Broadband Internet connection. It uses PPPoE with a
username and password to connect to internet.

Hi Siju,

You left out a few important details about the service package from your
provider. PPPoE is cheap way for providers to prevent people from
stealing service (i.e. hooking up their own DSL gear to an
abandoned/unused line). 

I've seen PPPoE used in service packages with a dynamic IP and service
packages with a static IP (or a small block of static IP's).

At times the service provider will be using DHCP to configure the
external interface (often based in the DSL modem/router itself) and
other times, they don't offer DHCP and you're expected to configure the
interface yourself.

Details of the exact kind of service package you have from your provider
and occasionally info on the DSL hardware you're using are needed to
figure out how things should be set up on your end.

Kind Regards,
JCR

Re: BGPD on FreeBSD

2005-12-20 Thread Claudio Jeker 
On Tue, Dec 20, 2005 at 03:53:45PM +0100, Reto Burkhalter wrote:
 Hi list
 
 May be a little bit OT - but are there any users with experiences
 in using OpenBGPD on FreeBSD? I have some strange problems here.
 

Are you using the FreeBSD port or did you patch OpenBGPD yourself?

 Setup is OpenBGPD 3.7 on FreeBSD 6-RELEASE. Just a basic config
 with one transit and one iBGP session with some standard filters
 (check prefixlen and rfc1918 networks) works fine. But as soon as
 we add more peers and filters, the bgpd daemon dies regularly with
 different messages:
 

Could you try a more current version of OpenBGPD? You have to pull it out
of the CVS or I can make you a tar ball.

 E.g.
 fatal in RDE: nexthop_cmp: unknown af
 dispatch_imsg in main: pipe closed
 
 - This should not happen (the code could not compare either
 Inet4 or Inet6)?!?
 

I think it is/was a bug hidden somewhere else and the af did not get
initialized.

 We also have entries in /var/log/messages like these: exited on signal
 6
 

Hmm. bgpd does not call abort so that is comming from somewhere else
(malloc?).

 I can provide more information (config file, etc.) if needed.
 

I would like to get the config file, then I can have a look at it.

-- 
:wq Claudio

Re: isakmpd does not enter phase 2

2005-12-20 Thread Tamas TEVESZ 
On Tue, 20 Dec 2005, Matthew Closson wrote:

matt, all,

[Remote-peer-quick-mode]
EXCHANGE_TYPE=  QUICK_MODE
Transforms= QM-ESP-3DES-SHA-SUITE

notice the typo (s/Transforms/Suites/ for correct operation) that only
became obvious after a healthy dose of sleep.

thanks anyway.


-- 
[-]

mkdir /nonexistent

OBSD indirect call

2005-12-20 Thread Gustavo Rios 
Hey folks,

i wonder if OpenBSD allows for RPC Indirect (RPC_PROC_CALLIT) call
message to be received by means of TCP too, or it is only by UDP?

Thanks for your time and cooperation.

best regards.

exit and eject should have their second letter in upper-case in cdio(1) help output

2005-12-20 Thread Andrés Delfino 
Since E is an ambiguous command, one must use either type EJ or EX
to eject a cd or otherwise exit cdio, but both have an E shorcut.
That's why these two lines must be changed:

{ CMD_EJECT, eject, 1,  }
to:
{ CMD_EJECT, eject, 2,  },

{ CMD_QUIT, exit, 1,  },
to:
{ CMD_QUIT, exit, 2,  },

at http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cdio/cdio.c

Thanks! ;)

Re: OpenBSD 3.8 PPPoE Broadband Connection Howto

2005-12-20 Thread Alex M. 

Siju George wrote:


Hi all,

I have a new Broadband Internet connection. It uses PPPoE with a
username and password to connect to internet.
I can connect to Internet with Windows 2003 (easy click and configure)
so the DSL Router is working and the username and password is correct.
I would like to use OpenBSD 3.8 to connect to Internet with it and not
Windows 2003.
 


Details of my OpenBSD 3.8 system:

I have two interfaces rl0 rl1

rl0 has the PPPoE connection and rl1 is connected to the LAN Switch.

 

Not entirely sure that you have to set up PPPoE for rl0. I never did 
this for the interface
connected to my dsl router. All I did was give the interface an ip, set 
my default gateway
to my router's ip, put my isp's nameserver in /etc/resolv.conf and it 
just worked.
I don't know about your router but I can manage mineusing a web browser. 
That is,

I point my web browser to my router and I set all my PPPoE
settings through that.

Unexpected Expect timeout in chat script (ppp -auto)

2005-12-20 Thread Andrew C 
I'm running PPP 3.1 (/usr/sbin/ppp) on OpenBSD 3.7 / i386. Every now
and then, I run into a problem in which the chat script stops working
in -auto mode:

Dec 20 20:45:05 wally ppp[20296]: tun0: Physical: write
Dec 20 20:45:05 wally ppp[20296]: tun0: Physical:  41 54 44 54 36 32 33
37 30 37
 31 30 32 36 0d ATDT6237071026.
Dec 20 20:45:08 wally ppp[20296]: tun0: Chat: Expect(650): CONNECT
115200
Dec 20 20:45:21 wally ppp[20296]: tun0: Chat: Expect timeout
Dec 20 20:45:21 wally ppp[20296]: tun0: Warning: Chat script failed
Dec 20 20:45:21 wally ppp[20296]: tun0: Phase: deflink: dial - hangup

I'm using the following dial commnad:

 set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 650 \\ AT OK-AT-OK
ATM1L1E0Q0
 OK \\dATDT\\T CONNECT\\s115200

As I understand TIMEOUT, my machine should be sitting around for up to
650 seconds before it times out. So why is it timing out in 13 seconds?

If I go to terminal mode and let the modem connect manually, the rest
of the chat script works fine.

What key fact am I missing?

Many thanks!

Andrew Jr.
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com