Re: OT: TinyMCE security and track records
Marc Espie wrote: I think that, to go further, you need actual development tools that you can customize to the level of your website code. I assume eclipse will have this kind of plugin. The kde webdev suite is definitely a nice candidate there, though I haven't tried to customize it to get WYSIWYG editing of my Mason/Catalyst code... Thanks for the reply and feedback. I saw you recommending Mason/Catalyst a few times and look like eclipse is coming more often as well. May be it's time I give it a fair try and see if either one can do some good work. Thanks again. Daniel
Anyone setup mod_security on bridge PF (transparent firewall) ?
Hi, I am wondering if anyone has configured PF transparent firewall to perform mod_security? Assuming you have 4 interfaces ext_if and int_if setup as bridge state_if is for pfsync mgmt_if has an IP address and able to route to internet Cheers, Edy
following -stable
Hello, when following -stable and also following the advice to place /usr/obj on a separate partition, how much space is recommended these days? I've just discovered that 1 gig isn't enough. Thank you! Best, --Toni++
Max memory in OpenBSD (4.0)
Hi all, i can't find any reference about max memory in openbsd, only some questions about it (from me and others). i tried with 4.0 i386 and amd64 and it seems i have no luck to see all my memory (4G). i also tried the patch who someone post the link but it doesn't work. so, just two question: 1) how much memory can i use with openbsd? 2) is there any patch to see all? thanks -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: disable SpeedStep ?
On Thu, Dec 21, 2006 at 12:47:01PM -0800, Rich Dunkle wrote: How can I disable the SpeedStep feature in OpenBSD 4.0 ? Is there something in UKC ? It looks like dimitry has already resolved the issue. To answer your question however: yes there is an inelegant way to disable est/speedstep and some of the other frequency/voltage scaling technologies on i386 and amd64 boot into ddb and write a large value to global setperf_prio e.g.: boot -d ddb w setperf_prio 666 ddb cont Code that honours the priority will bail in its init routine. gwk
Re: OT: TinyMCE security and track records
Hi Daniel, Sorry for this off topic question, but I get more and more requests to have WYSIWYG editing on web management servers. I have been resisting this for many years so far as I hate this, but look likes more and more demands may force me to do it anyway. We use mostly TinyMCE for this task. From what I've tried, this one sucks the least, though you need paid addons to help with file and image management. Its imagemanager is wonderful. We only give clients the option to edit _parts_ of their pages with TinyMCE. Clients will produce poo with TinyMCE, FCKeditor or any WYSIWYG-editor for that matter. They will copy-past directly from Word-documents and wonder why their page looks like crap. Telling them that it IS crap does not help. They'll just scream louder for you to fix it and they just want it 'to work'. HTH... Nico
Re: VPN solutions for OpenBSD to Windows
Hello, On Fri, 22.12.2006 at 05:03:11 +, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. we have good experience with the NCP Secure Entry client (www.ncp.de). It is very capable and easy to handle, although also one of the most expensive pieces out there that I'm aware of. Best, --Toni++
Re: following -stable
Hi Toni, when following -stable and also following the advice to place /usr/obj on a separate partition, how much space is recommended these days? I've never done that, as disks on my build machines tend to be regularly fast PATA/SATA disks. `sudo rm -rf /usr/obj/*` takes some 8 seconds or so with soft updates? HTH... Nico
Re: OT: TinyMCE security and track records
Nico Meijer wrote: Clients will produce poo with TinyMCE, FCKeditor or any WYSIWYG-editor for that matter. They will copy-past directly from Word-documents and wonder why their page looks like crap. Telling them that it IS crap does not help. They'll just scream louder for you to fix it and they just want it 'to work'. Thanks for the Word warning. I already have users that are pasting crap from word and complains. Sad to see that it will get worst if that's the direction this will take. Daniel
Re: Squid 2.6 transparent proxy with pf
On Thursday, December 21, 2006, at 14:04:34, misc@openbsd.org wrote: Dominik Zalewski [EMAIL PROTECTED] writes: I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. Daniel Hartmeier wrote about this a while back, his article can be found at http://www.benzedrine.cx/transquid.html However Daniel's article doesn't cover squid-2.6. Guys from squid team changed configuration options in squid.conf which you should use to make it working. Here you are working config for 2.6.STABLE5: http_port 3128 transparent #httpd_accel_host virtual #httpd_accel_port 80 #httpd_accel_with_proxy on #httpd_accel_uses_host_header on Daniel: can you change it also at your page to cover that ? -- Sylwester S. Biernacki [EMAIL PROTECTED] X-NET, http://www.xnet.com.pl/
OpenBSD on VMware fusion (dmesg) -- yes it works
Not sure if anyone else has noticed, but VMware finally released Fusion for public beta. It's the port to Macintel. Only caveat so far is that Fusion wouldn't mount the OpenBSD CDs. I think it might have a problem mounting volumes that have spaces in the path. I downloaded cd40.iso and did an FTP install and that worked fine (NAT for networking, choose dhcp during the install since it doesn't have any way that I could find to configure vmnet). Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15 CoreDuo 2.16GHz: OpenBSD 4.0 (RAMDISK_CD) #39: Sat Sep 16 19:34:26 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Genuine Intel(R) CPU T2600 @ 2.16GHz (GenuineIntel 686-class) 2.19 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH ,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3 real mem = 267939840 (261660K) avail mem = 238141440 (232560K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(2b) BIOS, date 12/06/06, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) bios0: VMware, Inc. VMware Virtual Platform apm0 at bios0: Power Management spec V1.2 apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000! 0xe/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01 pci1 at ppb0 bus 1 pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: VMware Virtual IDE Hard Drive wd0: 64-sector PIO, LBA, 8192MB, 16777216 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: NECVMWar, VMware IDE CDR10, 1.00 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 Intel 82371AB Power rev 0x08 at pci0 dev 7 function 3 not configured vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) bha3 at pci0 dev 16 function 0 BusLogic MultiMaster rev 0x01: irq 11, BusLogic 9xxC SCSI bha3: model BT-958, firmware 5.07B bha3: sync, parity scsibus1 at bha3: 8 targets ppb1 at pci0 dev 17 function 0 vendor VMware, unknown product 0x0790 rev 0x01 pci2 at ppb1 bus 2 pcn0 at pci2 dev 0 function 0 AMD 79c970 PCnet-PCI rev 0x10, Am79c970A, rev 0: irq 9, address 00:0c:29:c9:d7:96 Ensoniq AudioPCI97 rev 0x02 at pci2 dev 1 function 0 not configured isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask fde5 netmask ffe5 ttymask ffe7 rd0: fixed, 3800 blocks wd0: no disk label dkcsum: wd0 matches BIOS drive 0x80 root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02 wd0: no disk label syncing disks... done rebooting... OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Genuine Intel(R) CPU T2600 @ 2.16GHz (GenuineIntel 686-class) 2.17 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH ,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3 real mem = 267939840 (261660K) avail mem = 236609536 (231064K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(4a) BIOS, date 12/06/06, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) bios0: VMware, Inc. VMware Virtual Platform apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000! 0xe/0x4000! mainbus0: Intel MP Specification (Version 1.4) (INTEL440BX ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: unknown Core FSB_FREQ value 0 (0x0) cpu0: apic clock running at 66 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU T2600 @ 2.16GHz (GenuineIntel 686-class) 2.17 GHz cpu1:
Re: VPN solutions for OpenBSD to Windows
Can you better define your set up? If you want to connect from a Windows road warrior which may or may not be behind a NAT, OpenVPN can hardly be beat in ease of use, robustness etc. It runs fine as a service or on demand, has optionally a nice GUI and I had no issues with packet length etc. If the Windows machine is not behind a NAT and is directly connected to the Internet Greenbow is really a fine product. Regards Peter http://www.hopfgartner.it Edy wrote: Hi Peter, Have you look at OpenVPN? Please check out this document http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd Cheers, Edy [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter
Re: OpenBSD on VMware fusion (dmesg) -- yes it works
On Fri, Dec 22, 2006 at 02:35:00AM -0800, Brian Keefer wrote: Not sure if anyone else has noticed, but VMware finally released Fusion for public beta. It's the port to Macintel. Only caveat so far is that Fusion wouldn't mount the OpenBSD CDs. I think it might have a problem mounting volumes that have spaces in the path. I downloaded cd40.iso and did an FTP install and that worked fine (NAT for networking, choose dhcp during the install since it doesn't have any way that I could find to configure vmnet). Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15 CoreDuo 2.16GHz: can you try 4.0-current (or a recent snapshot)? it should use the new vic(4) driver instead of pcn(4). OpenBSD 4.0 (RAMDISK_CD) #39: Sat Sep 16 19:34:26 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Genuine Intel(R) CPU T2600 @ 2.16GHz (GenuineIntel 686-class) 2.19 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH ,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3 real mem = 267939840 (261660K) avail mem = 238141440 (232560K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(2b) BIOS, date 12/06/06, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) bios0: VMware, Inc. VMware Virtual Platform apm0 at bios0: Power Management spec V1.2 apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000! 0xe/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01 pci1 at ppb0 bus 1 pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: VMware Virtual IDE Hard Drive wd0: 64-sector PIO, LBA, 8192MB, 16777216 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: NECVMWar, VMware IDE CDR10, 1.00 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 Intel 82371AB Power rev 0x08 at pci0 dev 7 function 3 not configured vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) bha3 at pci0 dev 16 function 0 BusLogic MultiMaster rev 0x01: irq 11, BusLogic 9xxC SCSI bha3: model BT-958, firmware 5.07B bha3: sync, parity scsibus1 at bha3: 8 targets ppb1 at pci0 dev 17 function 0 vendor VMware, unknown product 0x0790 rev 0x01 pci2 at ppb1 bus 2 pcn0 at pci2 dev 0 function 0 AMD 79c970 PCnet-PCI rev 0x10, Am79c970A, rev 0: irq 9, address 00:0c:29:c9:d7:96 Ensoniq AudioPCI97 rev 0x02 at pci2 dev 1 function 0 not configured isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask fde5 netmask ffe5 ttymask ffe7 rd0: fixed, 3800 blocks wd0: no disk label dkcsum: wd0 matches BIOS drive 0x80 root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02 wd0: no disk label syncing disks... done rebooting... OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Genuine Intel(R) CPU T2600 @ 2.16GHz (GenuineIntel 686-class) 2.17 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH ,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3 real mem = 267939840 (261660K) avail mem = 236609536 (231064K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(4a) BIOS, date 12/06/06, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) bios0: VMware, Inc. VMware Virtual Platform apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000! 0xe/0x4000! mainbus0: Intel MP Specification (Version 1.4) (INTEL440BX ) cpu0 at
Re: following -stable
Toni Mueller wrote: Hello, when following -stable and also following the advice to place /usr/obj on a separate partition, how much space is recommended these days? I've just discovered that 1 gig isn't enough. Thank you! Best, --Toni++ barely over 1G...at the moment. It's not getting smaller anytime soon, so if planning ahead is something you like to do, I'd probably leave at least 2G for future growth. Granted, the goal of having a /usr/obj partition is usually to make it fast to newfs, so you don't want to make it too big. Of course, you can leave (say) 3G of empty space, but make the partition 1.2G in size. When 1.2G is no longer enough, just edit the partition size, newfs (or growfs, but that's not really needed in THIS case), and now you have a 1.5G obj partition. Or, just skip the usr/obj partition... Having been stung a few times by over partitioning recently, it might just not be worth the trouble. As Nico Meijer pointed out, on modern HW, you may not see a significant difference in time. Biggest reason I use a usr/obj partition on one of my build machines is because it is hard to get 4G disks narrow SCSI disks, so /usr/obj is on an old 2G drive on my mac68k build machine... Even there, where the newfs is significantly faster than a rm -r /usr/obj/*, the difference in the nearly five-day build time Just Doesn't Matter. :) Nick.
OpenBSD dropping individual packets
Hi OpenBSD rocks and I have donated to this great cause :-) Hope you can help. So I have the following setup: DMZ | | LAN-OpenBSD/PF/Snort?--Internet So in a nutshell I want to drop packets (not sessions) that match a IDS signature after PF filtering. So for example (PF is a Layer 3 filter): 1. A PF rule allows SMTP to the DMZ from the Internet 2. SMTP traffic is permitted by PF 3. IDS detects an attack packet that would be permitted by the above rule 4. System (Snort) drops only the matching attack packets So AFAIK flexresp, snortsam, snort2pf and guardian are out. Snort has to be inline, which it is, so can I drop single packets after PF filtering that match a signature? Is this available currently, if so, how do I go about it, can something be put together? Thanks for your time. Cheers Richard
Re: OpenBSD on VMware fusion (dmesg) -- yes it works
On Dec 22, 2006, at 3:09 AM, Reyk Floeter wrote: On Fri, Dec 22, 2006 at 02:35:00AM -0800, Brian Keefer wrote: Not sure if anyone else has noticed, but VMware finally released Fusion for public beta. It's the port to Macintel. Only caveat so far is that Fusion wouldn't mount the OpenBSD CDs. I think it might have a problem mounting volumes that have spaces in the path. I downloaded cd40.iso and did an FTP install and that worked fine (NAT for networking, choose dhcp during the install since it doesn't have any way that I could find to configure vmnet). Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15 CoreDuo 2.16GHz: can you try 4.0-current (or a recent snapshot)? it should use the new vic(4) driver instead of pcn(4). I added Ethernet0.virtualDev to vmxnet (wasn't present by default) and this is what I got with the latest i386 snap: vic0 at pci2 dev 0 function 0 VMware Virtual NIC rev 0x10: apic 2 int 18 (irq 9) vic0: VMXnet 864F, address 00:0c:29:c9:d7:96 Boots fine, but when it searches for DHCP lease I get: vic0: no link . giving up I tried to ifconfig vic0 down ; ifconfig vic0 up, but it still didn't get a link. I tried e1000 instead of vmxnet and em0 was able to get a link just fine. Any other options I should try? Here's the .vmx: config.version = 8 virtualHW.version = 6 numvcpus = 2 scsi0.present = TRUE memsize = 256 MemAllowAutoScaleDown = FALSE ide0:0.present = TRUE ide0:0.fileName = OpenBSD.vmdk ide1:0.present = TRUE ide1:0.fileName = /Users/chort/scratch/cd40.iso ide1:0.deviceType = cdrom-image floppy0.present = FALSE ethernet0.present = TRUE ethernet0.connectionType = nat ethernet0.wakeOnPcktRcv = FALSE sound.present = TRUE sound.fileName = -1 sound.autodetect = TRUE pciBridge0.present = TRUE isolation.tools.hgfs.disable = TRUE displayName = OpenBSD guestOS = other nvram = OpenBSD.nvram deploymentPlatform = windows virtualHW.productCompatibility = hosted RemoteDisplay.vnc.port = 0 tools.upgrade.policy = useGlobal powerType.powerOff = soft powerType.powerOn = soft powerType.suspend = soft powerType.reset = soft ethernet0.addressType = generated uuid.location = 56 4d b4 c8 87 f5 fa 58-c7 59 8e d7 8b c9 d7 96 uuid.bios = 56 4d b4 c8 87 f5 fa 58-c7 59 8e d7 8b c9 d7 96 ide0:0.redo = pciBridge0.pciSlotNumber = 17 scsi0.pciSlotNumber = 16 ethernet0.pciSlotNumber = 32 sound.pciSlotNumber = 33 vmi.pciSlotNumber = 34 ethernet0.generatedAddress = 00:0c:29:c9:d7:96 ethernet0.generatedAddressOffset = 0 tools.remindInstall = TRUE Ethernet0.virtualDev = vmxnet checkpoint.vmState = Brian Keefer www.Tumbleweed.com The Experts in Secure Internet Communication
Re: OpenBSD on VMware fusion (dmesg) -- yes it works
On Fri, Dec 22, 2006 at 03:59:10AM -0800, Brian Keefer wrote: Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15 CoreDuo 2.16GHz: can you try 4.0-current (or a recent snapshot)? it should use the new vic(4) driver instead of pcn(4). I added Ethernet0.virtualDev to vmxnet (wasn't present by default) and this is what I got with the latest i386 snap: vic0 at pci2 dev 0 function 0 VMware Virtual NIC rev 0x10: apic 2 int 18 (irq 9) vic0: VMXnet 864F, address 00:0c:29:c9:d7:96 Boots fine, but when it searches for DHCP lease I get: vic0: no link . giving up hmmm, can you try it with GENERIC (without MP)? I tried to ifconfig vic0 down ; ifconfig vic0 up, but it still didn't get a link. I tried e1000 instead of vmxnet and em0 was able to get a link just fine. Any other options I should try? Here's the .vmx: config.version = 8 virtualHW.version = 6 numvcpus = 2 scsi0.present = TRUE memsize = 256 MemAllowAutoScaleDown = FALSE ide0:0.present = TRUE ide0:0.fileName = OpenBSD.vmdk ide1:0.present = TRUE ide1:0.fileName = /Users/chort/scratch/cd40.iso ide1:0.deviceType = cdrom-image floppy0.present = FALSE ethernet0.present = TRUE ethernet0.connectionType = nat ethernet0.wakeOnPcktRcv = FALSE sound.present = TRUE sound.fileName = -1 sound.autodetect = TRUE pciBridge0.present = TRUE isolation.tools.hgfs.disable = TRUE displayName = OpenBSD guestOS = other nvram = OpenBSD.nvram deploymentPlatform = windows virtualHW.productCompatibility = hosted RemoteDisplay.vnc.port = 0 tools.upgrade.policy = useGlobal powerType.powerOff = soft powerType.powerOn = soft powerType.suspend = soft powerType.reset = soft ethernet0.addressType = generated uuid.location = 56 4d b4 c8 87 f5 fa 58-c7 59 8e d7 8b c9 d7 96 uuid.bios = 56 4d b4 c8 87 f5 fa 58-c7 59 8e d7 8b c9 d7 96 ide0:0.redo = pciBridge0.pciSlotNumber = 17 scsi0.pciSlotNumber = 16 ethernet0.pciSlotNumber = 32 sound.pciSlotNumber = 33 vmi.pciSlotNumber = 34 ethernet0.generatedAddress = 00:0c:29:c9:d7:96 ethernet0.generatedAddressOffset = 0 tools.remindInstall = TRUE Ethernet0.virtualDev = vmxnet checkpoint.vmState = Brian Keefer www.Tumbleweed.com The Experts in Secure Internet Communication
Re: OpenBSD on VMware fusion (dmesg) -- yes it works
On Dec 22, 2006, at 6:59 AM, Brian Keefer wrote: On Dec 22, 2006, at 3:09 AM, Reyk Floeter wrote: can you try 4.0-current (or a recent snapshot)? it should use the new vic(4) driver instead of pcn(4). I added Ethernet0.virtualDev to vmxnet (wasn't present by default) and this is what I got with the latest i386 snap: vic0 at pci2 dev 0 function 0 VMware Virtual NIC rev 0x10: apic 2 int 18 (irq 9) vic0: VMXnet 864F, address 00:0c:29:c9:d7:96 Boots fine, but when it searches for DHCP lease I get: vic0: no link . giving up I tried to ifconfig vic0 down ; ifconfig vic0 up, but it still didn't get a link. Both stable and current work fine on my new MBP (Core 2 Duo 2.33GHz). vic grabs a NAT fine in stable, pcn in current. # sysctl hw hw.machine=i386 hw.model=Intel(R) Core(TM)2 CPU T7600 @ 2.33GHz (GenuineIntel 686- class) hw.ncpu=2 hw.byteorder=1234 hw.physmem=267939840 hw.usermem=267927552 hw.pagesize=4096 hw.disknames=wd0,cd0 hw.diskcount=2 hw.cpuspeed=2328 hw.vendor=VMware, Inc. hw.product=VMware Virtual Platform hw.version=None hw.serialno=VMware-56 4d 0b 8d 44 53 f8 c2-8e 13 fa e0 1b 15 bd b8 hw.uuid=564d0b8d-4453-f8c2-8e13-fae01b15bdb8 # dmesg OpenBSD 4.0-current (GENERIC.MP) #1106: Wed Dec 20 14:22:11 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 CPU T7600 @ 2.33GHz (GenuineIntel 686- class) 2.33 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL,CX16 real mem = 267939840 (261660K) avail mem = 236470272 (230928K) using 3302 buffers containing 13524992 bytes (13208K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(4a) BIOS, date 12/06/06, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) bios0: VMware, Inc. VMware Virtual Platform apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000! 0xe/0x4000! acpi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 65 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU T7600 @ 2.33GHz (GenuineIntel 686- class) 2.33 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL,CX16 mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01 pci1 at ppb0 bus 1 pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: VMware Virtual IDE Hard Drive wd0: 64-sector PIO, LBA, 4096MB, 8388608 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: NECVMWar, VMware IDE CDR10, 1.00 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x08: SMBus disabled vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) bha3 at pci0 dev 16 function 0 BusLogic MultiMaster rev 0x01: apic 2 int 17 (irq 11), BusLogic 9xxC SCSI bha3: model BT-958, firmware 5.07B bha3: sync, parity scsibus1 at bha3: 8 targets ppb1 at pci0 dev 17 function 0 vendor VMware, unknown product 0x0790 rev 0x01 pci2 at ppb1 bus 2 pcn0 at pci2 dev 0 function 0 AMD 79c970 PCnet-PCI rev 0x10, Am79c970A, rev 0: apic 2 int 18 (irq 9), address 00:0c:29:15:bd:b8 eap0 at pci2 dev 1 function 0 Ensoniq AudioPCI97 rev 0x02: apic 2 int 19 (irq 10) ac97: codec id 0x43525913 (Cirrus Logic CS4297A rev 3) audio0 at eap0 midi0 at eap0: AudioPCI MIDI UART isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi1 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte
Re: VPN solutions for OpenBSD to Windows
On Fri, Dec 22, 2006 at 05:03:11AM +, [EMAIL PROTECTED] wrote: I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? The Windows build-in VPN client uses L2TP running over IPSEC transport mode. It's straightforward to set up IPSEC transport mode between Windows and OBSD. Unfortunately finding a working L2TP daemon for OBSD is harder. I made some patches to rp-l2tp, and posted them to this list a few weeks ago. It kind-of worked, but I had a problem with vty's and packets over 1024 bytes, and nobody here was able to provide any assistance in debugging the problem. If you want to have a go, please feel free. I can't find an open archive of [EMAIL PROTECTED] You can try these links, but I removed my username and password from them. Otherwise scan the archive for December looking for subject rp-l2tp, ppp and pty problem http://lists.openbsd.org/cgi-bin/mj_wwwusr?list=miscbrief=onfunc=archive-get-partextra=200612/293 http://lists.openbsd.org/cgi-bin/mj_wwwusr?list=miscbrief=onfunc=archive-get-partextra=200612/299 Regards, Brian.
Re: VPN solutions for OpenBSD to Windows
On Fri, Dec 22, 2006 at 01:41:05PM +0800, Lars Hansson wrote: On Friday 22 December 2006 13:03, [EMAIL PROTECTED] wrote: What of the built-in VPN client for the Windows OS? While it works it suffers mainly from two things; being confusing to configure and lacking strong ciphers (you only get DES and 3DES). I'll second this, but with the footnote that 3DES is not so much insecure as it is slow. Joachim
Re: hotplugd umass kernel crash
Hi, Marc Balmer schrieb: I assume you have an /etc/hotplugd/attach script, can you post that? # cat /etc/hotplug/attach #!/bin/sh DEVCLASS=$1 DEVNAME=$2 case $DEVCLASS in 2) # disk devices # label=`disklabel $DEVNAME 21 | sed -n '/^label: /s/^label: //p'` case $label in USB*DISK*28X*) [ -d /media/usb ] || mkdir -p /media/usb mount_msdos -o ro,nodev,nosuid /dev/$DEVNAMEi /media/usb esac ;; 3) # network devices # ;; esac
Re: following -stable
On Fri, Dec 22, 2006 at 10:06:03AM +0100, Toni Mueller wrote: Hello, when following -stable and also following the advice to place /usr/obj on a separate partition, how much space is recommended these days? I've just discovered that 1 gig isn't enough. About 4 GB here, which seems to be comfortable for most of what I do. OpenOffice might or might not want to build in that, though. Joachim
Re: VPN solutions for OpenBSD to Windows
I second that -- OpenVPN is great. Easy and quick to set up, clients for most OSes (and you can re-use the config files across OSes. that was a nice bonus when the boss wanted his Mac to connect to the VPN). Unless there's another requirement that means you can't use OpenVPN, you should check it out. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Hopfgartner Sent: Friday, December 22, 2006 6:09 AM To: misc@openbsd.org Subject: Re: VPN solutions for OpenBSD to Windows Can you better define your set up? If you want to connect from a Windows road warrior which may or may not be behind a NAT, OpenVPN can hardly be beat in ease of use, robustness etc. It runs fine as a service or on demand, has optionally a nice GUI and I had no issues with packet length etc. If the Windows machine is not behind a NAT and is directly connected to the Internet Greenbow is really a fine product. Regards Peter http://www.hopfgartner.it Edy wrote: Hi Peter, Have you look at OpenVPN? Please check out this document http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd Cheers, Edy [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter
Re: following -stable
Hi, thanks for all the answers. I was being imprecise, and have solved the problem in the meantime. -stable means for me only the non-X11 stuff and no ports. When I've finished building -stable, I usually wrap a release, then erase the obj space and continue with ports. On Fri, 22.12.2006 at 06:29:23 -0500, Nick Holland [EMAIL PROTECTED] wrote: Toni Mueller wrote: when following -stable and also following the advice to place /usr/obj on a separate partition, how much space is recommended these days? I've just discovered that 1 gig isn't enough. barely over 1G...at the moment. 8-} It's not getting smaller anytime soon, so if planning ahead is something you like to do, I'd probably leave at least 2G for future growth. That's why I asked... any estimates about the growth rate? Granted, the goal of having a /usr/obj partition is usually to make it fast to newfs, so you don't want to make it too big. Yes. The disk in question has 73 gigs, so it's reasonably fast, but newfs is still much faster than is rm -fr. no longer enough, just edit the partition size, newfs (or growfs, but that's not really needed in THIS case), and now you have a 1.5G obj partition. Not quite, because it happened on a machine already in production. So, there's no all-too-easy repartitioning right now. I did find another partition that I'll probably join to this one in the future, but for the time being, I opted for placing stuff on a different partition which already is big enough for everything (and adjust /etc/mk.conf, again). Or, just skip the usr/obj partition... Having been stung a few times by over partitioning recently, What's overpartitioning? ;-) I usually have 8-12 partitions on my machines, converging to about 9. But a toolset for relocating and resizing file systems, during live operation if possible, would be really great... although I think this will be quite hard, if possible at all. Best, --Toni++
Re: OpenBSD dropping individual packets
Hi OpenBSD rocks and I have donated to this great cause :-) Hope you can help. So I have the following setup: DMZ | | LAN-OpenBSD/PF/Snort?--Internet So in a nutshell I want to drop packets (not sessions) that match a IDS signature after PF filtering. So for example (PF is a Layer 3 filter): 1. A PF rule allows SMTP to the DMZ from the Internet 2. SMTP traffic is permitted by PF 3. IDS detects an attack packet that would be permitted by the above rule 4. System (Snort) drops only the matching attack packets So AFAIK flexresp, snortsam, snort2pf and guardian are out. Snort has to be inline, which it is, so can I drop single packets after PF filtering that match a signature? Is this available currently, if so, how do I go about it, can something be put together? http://www.openbeer.it/?open=pq Unfortunately, this code is likely stale in certain areas, as it has not been updated in just over a year. The first thing that would have to be done is to sync the code against at least 4.0, then patches for snort would have to be re-done. From the README: -[ Userspace Packet Queueing ]- by Michele 'mydecay' Marchetto [EMAIL PROTECTED] 1. Content * Kernel patch (3.8-stable) * libpq * pfctl patch (3.8-stable) * /usr/include patch (3.8-stable) * snort_inline patch (2.1.3b) * stats tools 2. Features * This series of patches allow you to queue packet to userspace, specifying pf rules accordingly. This let you use tools like snort_inline, or even make use of self-made tools based on libpq. 3. Version This is the very first version of this infrastructure, so it is very very very (very) experimental. Discussion about bugs, features and other things related, can take place on [EMAIL PROTECTED] For everything else, feel free to mail me. Bugs report are welcome. 4. BUGS! This beta version does not support IPSec. This is the first thing that will be fixed in the next version. The 3.8 version seems to work well on layer 2 and 3, even mixed with altq. Pfsync untested. 5. Installation To compile correctly snort_inline you need to install libpcre, gmake and libnet 1.0.x from ports or packages. Apply all the patches, and then build libpq with make make install make clean. Then you are able to work with the infrastructure. It is important to note that snort_inline myst be compiled with gmake instead of make, and you must create by yourself the log directory. Run snort_inline with -Q argument.
Re: VPN solutions for OpenBSD to Windows
I would also agree that OpenVPN is nice and fairly simple to set up... I use it and enjoy it. The only problem I could point out about OpenVPN, is that it cannot interact with other VPNS - I.E. OpenSwan or Other Hardware/Software solutions running ipsec. Please correct me if I am wrong. Amedeo Peter Landry wrote: I second that -- OpenVPN is great. Easy and quick to set up, clients for most OSes (and you can re-use the config files across OSes. that was a nice bonus when the boss wanted his Mac to connect to the VPN). Unless there's another requirement that means you can't use OpenVPN, you should check it out. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Hopfgartner Sent: Friday, December 22, 2006 6:09 AM To: misc@openbsd.org Subject: Re: VPN solutions for OpenBSD to Windows Can you better define your set up? If you want to connect from a Windows road warrior which may or may not be behind a NAT, OpenVPN can hardly be beat in ease of use, robustness etc. It runs fine as a service or on demand, has optionally a nice GUI and I had no issues with packet length etc. If the Windows machine is not behind a NAT and is directly connected to the Internet Greenbow is really a fine product. Regards Peter http://www.hopfgartner.it Edy wrote: Hi Peter, Have you look at OpenVPN? Please check out this document http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd Cheers, Edy [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter
routing 2 identical subnets
at work there are 2 pieces of heavy machinery that each are hard-wired to communicate on the, say, 192.168.101/24 subnet and i would like to access both subnets from a machine in the office on the 172.16.16/24 subnet. to avoid the issue of having 2 routes to the same subnet, i plan on having an intermediate machine in front of each subnet that will run ipsec and then NAT the 172.16.16/24 host to a 192.168.101/24 address. this way i should be able to avoid the 2 route issue. there are likely other solutions to this problem that don't involve ipsec and i am interested in hearing them. could the multiple routing tables feature be useful here? cheers, jake
problem with device adt
The i386 21 Dec snapshot seems to have a problem with device adt. The install went fine, but upon reboot of the new OS, it was hung at: iic0 at ichiic0 adt0 at iic0 addr 0x2e: emc6d100 rev 0x68 And I cannot seem to bypass by disabling in UKC ? Here are the logs: rebooting... OpenBSD/i386 BOOT 2.12t) bios0 a bootbus0: booting hd0a:/bsd: 5573716+869404 [52+284400+264819]=0x6ab37c entry point at 0x200120*ies) bios0: Int [ using 549644 bytes of bsd ELF symbol table ] apm0 at bios0: Power Management spec V Copyright (c) 1982, 1986, 1989, 1991, 1993 apm0: AC on, battery charge unknown, est The Regents of the University of California. All rights reserved.apm0: flags 30102 dobusy 0 doidle 1 pci Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 OpenBSD 4.0-current (GENERIC) #1309: Thu Dec 21 19 acpi at mainbus0 not c boot booting fd0a:/bsd: 4666580+740868=0x528420 real mem = 2144796672 (2094528K)y point at 0x200120, avail mem = 1948184576 (1902524K)1986, 1989, 1991, 1993 using 4256 buffers containing 107425792 bytes (104908K) of memoryity of California. All rights reserved. RTC BIOS diagnostic erro 5 entries) 21 19:47: bios0: Intel Corporation D975XBX apm0 at bios0: Power Management spec V1.2:/usr/src/sys/arch/i386/compile/RAMDISK_C apm0: AC on, battery charge unknown, estimated 0:00 hours RTC BIOS diagnostic error 80clock_battery apm0: flags 30102 dobusy 0 doidle 1 cpu0: Intel(R) Core(TM)2 Du pcibios at bios0 function 0x1a not configureds) 2.94 bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x100086,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,P acpi at mainbus0 not configured cpu0 at mainbus0 LUSH,DS, pci0 at mainbus0 bus 0: configuration mode 1 (no bios)VMX,EST,TM2,CX16 vga1 at pci1 dev 0 function 0 ATI Radeon X300 rev 0x00286+(00) BIOS, date 11/29/06, SMBIOS rev. 2.3 @ 0xe4cc0 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) 5 entries) bios0: Intel wsdisplay0: screen 1-5 added (80x25, vt100 emulation)m0 at bios0: Power Management spec V1.2 ATI Radeon X300 Sec rev 0x00 at pci1 dev 0 function 1 not configured pcibios at bios0 function 0x1a not configu azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01: irq 9x1 0xd/0x1000 0xd1000/0x1000 azalia0: host: High Defi ppb2 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x011 function 0 vendor Intel, unknown product 0x277d rev 0x0 pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 vga1 at pci1 dev 0 function 0 ATI Radeo pci4 at ppb3 bus 4 em0 at pci4 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: irq 10, addre00 emulation) ATI Rad ss 00:16:76:6e:58:db0 at pci1 dev 0 func uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: irq 11 Intel 82801GB HD Audio rev 0x01 at pci0 dev usb0 at uhci0: USB revision uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: irq 9 ppb2 bus 3 ppb3 at pci0 dev 28 function 5 Intel usb1 at uhci1: USB revision 1.0 uhub1 at usb1 pci4 at uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1ction 0 Intel PRO/1000MT (82573L) rev 0x00: irq uhub1: 2 ports with 2 removable, self powered uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: irq 11 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: irq 11 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb4 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci5 at ppb4 bus 5 TI TSB43AB23 FireWire rev 0x00 at pci5 dev 4 function 0 not configured ichpcib0 at pci0 dev 31 function 0 Intel 82801GH LPC rev 0x01: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using irq 9 for native-PCI interrupt pciide0: couldn't map channel 0 cmd regs pciide0: couldn't map channel 1 cmd regs ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: irq 9 iic0 at ichiic0 adt0 at iic0 addr 0x2e: emc6d100 rev 0x68 hangs at this point unless UKC disable pciide - - Here is the verbose output: admcts probe returned 0 probing for asbtm* asbtm probe returned 0 probing for wbenv* wbenv probe returned 0 probing for glenv* glenv probe returned 0 adt probe won adt0 at iic0 addr 0x2e: emc6d100 rev 0x68 -- Now disable adt using UKC Try to disable adt boot boot -c booting hd0a:/bsd: 5573716+869404 [52+284400+264819]=0x6ab37c entry point at 0x200120* [ using 549644 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All
brconfig: bridge0: Operation not permitted
Hi I am trying to execute the following command from CLI (as root user) brconfig bridge0 add fxp0 add fxp1 stp fxp0 stp fxp1 hellotime 2 maxage 20 fwdelay 15 up but it says the following brconfig: bridge0: Operation not permitted After that I executed brconfig bridge0 and it shows that bridge is up??!! shu:/root# brconfig bridge0 bridge0: flags=0 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp designated: id 00:03:47:08:a3:66 priority 32768 fxp1 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P port 2 ifpriority 128 ifcost 20 discarding role designated fxp0 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P port 1 ifpriority 128 ifcost 20 discarding role designated Addresses (max cache: 100, timeout: 240): any idea? Thanks, edy
Extract IP to table
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greets I have a client with a single VOIP connection and a dynamic IP shared with the PC. It works. What I am looking for and I know I've seen it but haven't been able to find it again, is to extract the IP address from traffic and put it into a table to allow the VOIP phone to reestablish connectivity to the border firewall when the IP changes. I have looked through dynamic dns but the potential latency to restablish the correct IP is said to be up to 20 minutes, that won't do. Better ideas, documents, sites? Bob D Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFjBNUK35IA5yVGFsRAntKAKCLRLu2MK9XHwcgfqGQCSoPHjtxoACdHih8 79NTjQkAI64guFqsaOI7Y9A= =EcmC -END PGP SIGNATURE-
Re: OpenBSD on VMware fusion (dmesg) -- yes it works
On Dec 22, 2006, at 5:15 AM, Reyk Floeter wrote: On Fri, Dec 22, 2006 at 03:59:10AM -0800, Brian Keefer wrote: Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15 CoreDuo 2.16GHz: can you try 4.0-current (or a recent snapshot)? it should use the new vic(4) driver instead of pcn(4). I added Ethernet0.virtualDev to vmxnet (wasn't present by default) and this is what I got with the latest i386 snap: vic0 at pci2 dev 0 function 0 VMware Virtual NIC rev 0x10: apic 2 int 18 (irq 9) vic0: VMXnet 864F, address 00:0c:29:c9:d7:96 Boots fine, but when it searches for DHCP lease I get: vic0: no link . giving up hmmm, can you try it with GENERIC (without MP)? It didn't make a difference. I tried commenting out the virtualDev setting to see which one it would detect if no device type was specified in the .vmx, and it went back to pcn. Jason, what does your .vmx look like? Oddly, I also found a statement: deploymentPlatform = windows, which I found rather odd since I choose other/other for the OS and type. I comment that out, but it didn't change anything. Brian Keefer www.Tumbleweed.com The Experts in Secure Internet Communication
Re: OpenBSD on VMware fusion (dmesg) -- yes it works
On Dec 22, 2006, at 12:31 PM, Brian Keefer wrote: Jason, what does your .vmx look like? Oddly, I also found a statement: deploymentPlatform = windows, which I found rather odd since I choose other/other for the OS and type. I comment that out, but it didn't change anything. config.version = 8 virtualHW.version = 6 numvcpus = 2 scsi0.present = TRUE memsize = 256 MemAllowAutoScaleDown = FALSE ide0:0.present = TRUE ide0:0.fileName = OpenBSD 4.0.vmdk ide1:0.present = TRUE ide1:0.fileName = /Users/jasondixon/cd40.iso ide1:0.deviceType = cdrom-image floppy0.present = FALSE ethernet0.present = TRUE ethernet0.connectionType = nat ethernet0.wakeOnPcktRcv = FALSE sound.present = TRUE sound.fileName = -1 sound.autodetect = TRUE pciBridge0.present = TRUE isolation.tools.hgfs.disable = TRUE displayName = OpenBSD 4.0 guestOS = other nvram = OpenBSD 4.0.nvram deploymentPlatform = windows virtualHW.productCompatibility = hosted RemoteDisplay.vnc.port = 0 tools.upgrade.policy = useGlobal powerType.powerOff = soft powerType.powerOn = soft powerType.suspend = soft powerType.reset = soft ethernet0.addressType = generated uuid.location = 56 4d 0b 8d 44 53 f8 c2-8e 13 fa e0 1b 15 bd b8 uuid.bios = 56 4d 0b 8d 44 53 f8 c2-8e 13 fa e0 1b 15 bd b8 ide0:0.redo = pciBridge0.pciSlotNumber = 17 scsi0.pciSlotNumber = 16 ethernet0.pciSlotNumber = 32 sound.pciSlotNumber = 33 vmi.pciSlotNumber = 34 ethernet0.generatedAddress = 00:0c:29:15:bd:b8 ethernet0.generatedAddressOffset = 0 tools.remindInstall = TRUE -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: OpenBSD on VMware fusion (dmesg) -- yes it works
On Dec 22, 2006, at 10:26 AM, Jason Dixon wrote: On Dec 22, 2006, at 12:31 PM, Brian Keefer wrote: Jason, what does your .vmx look like? Oddly, I also found a statement: deploymentPlatform = windows, which I found rather odd since I choose other/other for the OS and type. I comment that out, but it didn't change anything. config.version = 8 ... tools.remindInstall = TRUE -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net It's the same, other than the MAC addresses of course. I'm running e.x.p. 36932, but I don't figure they did another in the 3 hours between when I downloaded it and when you posted. So the only difference we know of is that you have a Core Duo2-based system? Which version of OS X? I'm on 10.4.8 with all the patches (including EFI firmware update), except for the most recent Quartz QuickTime security patch. It's strange that when you boot -current it loads vic w/o having to specify vmxnet as your dev, but when I boot the snapshot from 21st it loads pcn unless I specifically change the dev to vmxnet, then it's vic, but it has no link. Maybe I should cvsup and build from source? Brian Keefer www.Tumbleweed.com The Experts in Secure Internet Communication
Re: brconfig: bridge0: Operation not permitted
Issue resolved! It seems like in 4.0 current you are not allowed to have hellotime parameter in /etc/bridgename.bridge0 by removing that sentence from the file stops the error message. Cheers, Edy Edy wrote: Hi I am trying to execute the following command from CLI (as root user) brconfig bridge0 add fxp0 add fxp1 stp fxp0 stp fxp1 hellotime 2 maxage 20 fwdelay 15 up but it says the following brconfig: bridge0: Operation not permitted After that I executed brconfig bridge0 and it shows that bridge is up??!! shu:/root# brconfig bridge0 bridge0: flags=0 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp designated: id 00:03:47:08:a3:66 priority 32768 fxp1 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P port 2 ifpriority 128 ifcost 20 discarding role designated fxp0 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P port 1 ifpriority 128 ifcost 20 discarding role designated Addresses (max cache: 100, timeout: 240): any idea? Thanks, edy
dylan language
Today I saw a blog post about a wireshark alternative called networtnightvision that claims to be more secure than wireshark. I'm very interested in this because wireshark is just too dangerous to run, IMO. Anyways, the sniffer is written in dylan. I have never heard of dylan before. Here is a snippet from a paper [0] which the author claims: snip from the paper Since we noticed a lack of a decent secure framework for handling network packets, we have designed and implemented major parts of a TCP/IP stack in the high level programming language Dylan, focusing on security, performance and code reuse. Dylan is a high level language that provides a number of features to detect and prevent data reference failures, one of the most common sources of vulnerabilities in C software. Bounds checks for array accesses are inserted where needed by the compiler. Also a garbage collector is used, avoiding the need to care about manual memory management, and preventing bugs from early frees or double frees. Dylan is strongly typed, so bypassing the type system by doing casts and pointer arithmetic is not possible. snip from the paper Is this for real? I figured if anyone could shed some light on this, an OpenBSD developer might be able to comment on this dylan language. I'm not looking to learn dylan, but am just wondering if this is legit. I wouldn't mind running one of these tools if they are indeed safer to run than wireshark. (yes i use tcpdump regularly) [0] http://www.opendylan.org/~hannes/secure-networking.pdf
Dell 490
Tried latest i386 snapshot on a Dell 490. Boots, but Install doesn't find any disks. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Dell 490
Tried latest i386 snapshot on a Dell 490. Boots, but Install doesn't find any disks. I guess Intel 6321ESB AHCI SATA ('not configured') is not supported yet :( -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: dylan language
On Fri, Dec 22, 2006 at 11:42:44AM -0800, Joe wrote: Is this for real? I figured if anyone could shed some light on this, an OpenBSD developer might be able to comment on this dylan language. I'm not looking to learn dylan, but am just wondering if this is legit. I wouldn't mind running one of these tools if they are indeed safer to run than wireshark. (yes i use tcpdump regularly) I have the beginning of a port of gwydiondylan, there are still a lot of issues to fix. The byte-code compiler (mindy) is slow as hell, d2c doesn't quite work for me yet. Outside of that, dylan-binary does not work on a range of architectures. Dylan reminds me of haskell. Both are high-level languages, better than sliced bread, and *everything* you want to build with them involves compilation speeds that make g++ look like it's the fastest thing out there...
Re: brconfig: bridge0: Operation not permitted
On Sat, Dec 23, 2006 at 02:55:45AM +0800, Edy wrote: Issue resolved! It seems like in 4.0 current you are not allowed to have hellotime parameter in /etc/bridgename.bridge0 by removing that sentence from the file stops the error message. Cheers, Edy thanks for the hint, i will add a note to the brconfig(8) manpage: the hellotime can only be changed in STP mode but the bridge has been changed to use RSTP mode by default in -current. try brconfig bridge0 proto stp to enable STP-only mode. Edy wrote: Hi I am trying to execute the following command from CLI (as root user) brconfig bridge0 add fxp0 add fxp1 stp fxp0 stp fxp1 hellotime 2 maxage 20 fwdelay 15 up but it says the following brconfig: bridge0: Operation not permitted After that I executed brconfig bridge0 and it shows that bridge is up??!! shu:/root# brconfig bridge0 bridge0: flags=0 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp designated: id 00:03:47:08:a3:66 priority 32768 fxp1 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P port 2 ifpriority 128 ifcost 20 discarding role designated fxp0 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P port 1 ifpriority 128 ifcost 20 discarding role designated Addresses (max cache: 100, timeout: 240): any idea? Thanks, edy
Re: OpenBSD on VMware fusion (dmesg) -- yes it works
On Dec 22, 2006, at 1:41 PM, Brian Keefer wrote: So the only difference we know of is that you have a Core Duo2- based system? Which version of OS X? I'm on 10.4.8 with all the patches (including EFI firmware update), except for the most recent Quartz QuickTime security patch. Yes, this is a Core 2 Duo system running 10.4.8 with all patches. We're comparing apples to oranges (excuse the half-pun); it would be more appropriate to boot up another Core Duo and compare results. It's strange that when you boot -current it loads vic w/o having to specify vmxnet as your dev, but when I boot the snapshot from 21st it loads pcn unless I specifically change the dev to vmxnet, then it's vic, but it has no link. Maybe I should cvsup and build from source? My snapshot is from 12/20 (ftp2.usa.openbsd.org). -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: dylan language
On 12/22/06, Joe [EMAIL PROTECTED] wrote: Today I saw a blog post about a wireshark alternative called networtnightvision that claims to be more secure than wireshark. I'm very interested in this because wireshark is just too dangerous to run, IMO. Anyways, the sniffer is written in dylan. I have never heard of dylan before. Here is a snippet from a paper [0] which the author claims: [snip] Is this for real? I figured if anyone could shed some light on this, an OpenBSD developer might be able to comment on this dylan language. I'm not looking to learn dylan, but am just wondering if this is legit. I wouldn't mind running one of these tools if they are indeed safer to run than wireshark. (yes i use tcpdump regularly) The CCC also had some features on the use of Dylan and its role in the design of a new network analysis framework. Some other things they mention in relation are the implementation of a userland TCP/iP stack and the challenge to keep performance reasonable (a noble goal considering the rising link speeds we need to analyze). At that time networknightvision is referred to as PoC only. It's reported to have a fraction of the features of Ethereal and Dylan's resulting compiled code is reported to be a little slower than Perl. To me it sounds like something that is in a bit of an infancy. DS
Re: Dell 490
On Fri, Dec 22, 2006 at 11:39:28AM -0700, Jack J. Woehr wrote: Tried latest i386 snapshot on a Dell 490. Boots, but Install doesn't find any disks. I guess Intel 6321ESB AHCI SATA ('not configured') is not supported yet :( Go into the BIOS and chance the SATA mode to something like enhanced/compatible and it will work.
Re: Dell 490
On Dec 22, 2006, at 1:32 PM, L. V. Lammert wrote: Check the BIOS and turn off any fake RAID settings. Had to do that on some new Dell machines here, though I do not remember the model. More like change from one set of fake RAID settings to another set of fake RAID settings but yes that worked, thanks! -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
23C3 Chaos Communication Congress in Berlin, December 27 - 30, 2006, Berlin, Germany.
Hi, In the spirit of Xmas or should I say vapor of spirits, OpenBSD users and developers gather every year in Berlin to celebrate another year without root holes. You are all welcome to join our OpenBSD lounge at the 23C3 Chaos Communication Congress in Berlin, December 27 - 30, 2006, Berlin, Germany. You can find us down in the Hackcenter, we'll have all the unusual items on display and all the usual suspects to have a chat with. More info at https://events.ccc.de/congress/2006/Home Wim. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= https://kd85.com/notforsale.html --
Re: 23C3 Chaos Communication Congress in Berlin, December 27 - 30, 2006, Berlin, Germany.
Wim Vandeputte wrote: Hi, In the spirit of Xmas or should I say vapor of spirits, Those spirits are actually quite liquid ;) Enjoy your whiskey guys! Oh and of course the large number of great talks they are giving, they managed to get a great lineup again! Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: dylan language
On Fri, Dec 22, 2006 at 11:42:44AM -0800, Joe wrote: Today I saw a blog post about a wireshark alternative called networtnightvision that claims to be more secure than wireshark. I'm very interested in this because wireshark is just too dangerous to run, IMO. Anyways, the sniffer is written in dylan. I have never heard of dylan before. Here is a snippet from a paper [0] which the author claims: Isn't Dylan the one that Apple were talking about around the same time that Sun released Java?
Re: Max memory in OpenBSD (4.0)
Cristiano Deana wrote: i can't find any reference about max memory in openbsd, only some questions about it (from me and others). i tried with 4.0 i386 and amd64 and it seems i have no luck to see all my memory (4G). i also tried the patch who someone post the link but it doesn't work. so, just two question: 1) how much memory can i use with openbsd? 2) is there any patch to see all? From http://www.openbsd.org/plus40.html Implemented separate pmap for PAE i386 machines, allows for support for machines with more than 4G RAM. Not enabled by default. Post your dmesg. -pachl
Re: Max memory in OpenBSD (4.0)
2006/12/23, Clint Pachl [EMAIL PROTECTED]: i tried with 4.0 i386 and amd64 and it seems i have no luck to see all my memory (4G). From http://www.openbsd.org/plus40.html Implemented separate pmap for PAE i386 machines, allows for support for machines with more than 4G RAM. Not enabled by default. Hi Clint, now i'm using amd64. i usually use freebsd, with have pae option for i386 and no limit for amd64, so i hoped was the same for openbsd. following my dmesg. thank in advance. OpenBSD 4.0 (GENERIC.MP) #967: Sat Sep 16 20:38:15 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3488907264 (3407136K) avail mem = 2990874624 (2920776K) using 22937 buffers containing 349097984 bytes (340916K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xcffbc000 (62 entries) bios0: Dell Inc. PowerEdge 1950 ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4 mainbus0: Intel MP Specification (Version 1.4) (DELL PE 01B3 ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz, 1596.68 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz, 1596.48 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 6 is type PCI mpbios: bus 7 is type PCI mpbios: bus 8 is type PCI mpbios: bus 9 is type PCI mpbios: bus 10 is type PCI mpbios: bus 11 is type PCI mpbios: bus 12 is type PCI mpbios: bus 13 is type PCI mpbios: bus 14 is type PCI mpbios: bus 15 is type PCI mpbios: bus 16 is type PCI mpbios: bus 17 is type PCI mpbios: bus 18 is type PCI mpbios: bus 19 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 ioapic1 at mainbus0 apid 3 pa 0xfec8, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apid 3 ioapic2 at mainbus0 apid 4 pa 0xfec81000, version 20, 24 pins ioapic2: misconfigured as apic 0, remapped to apid 4 ioapic3 at mainbus0 apid 5 pa 0xfec82000, version 20, 24 pins ioapic3: misconfigured as apic 0, remapped to apid 5 pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12 pci1 at ppb0 bus 6 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 7 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 8 ppb3 at pci3 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc2 pci4 at ppb3 bus 9 bnx0 at pci4 dev 0 function 0 Broadcom BCM5708 rev 0x11: apic 2 int 16 (irq 5), address 00:15:c5:e9:08:bc brgphy0 at bnx0 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 5 ppb4 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01 pci5 at ppb4 bus 10 ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci6 at ppb5 bus 11 ppb6 at pci6 dev 1 function 0 Intel S21154AE/BE PCI-PCI rev 0x00 pci7 at ppb6 bus 12 fxp0 at pci7 dev 4 function 0 Intel 8255x rev 0x0d, i82550: apic 3 int 0 (irq 5), address 00:02:b3:d9:96:9a inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 fxp1 at pci7 dev 5 function 0 Intel 8255x rev 0x0d, i82550: apic 3 int 1 (irq 11), address 00:02:b3:d9:96:9b inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 ppb7 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12 pci8 at ppb7 bus 1 ppb8 at pci8 dev 0 function 0 Intel IOP333 PCIE-PCIX rev 0x00 pci9 at ppb8 bus 2 mfi0 at pci9 dev 14 function 0 Dell PERC 5 rev 0x00: apic 4 int 14 (irq 6) mfi0: logical drives 1, version 5.0.1-0030, 256MB RAM scsibus0 at mfi0: 1 targets sd0 at scsibus0 targ 0 lun 0: DELL, PERC 5/i, 1.00 SCSI3 0/direct fixed sd0: 69376MB, 69376 cyl, 64 head, 32 sec, 512 bytes/sec, 142082048 sec total ppb9 at pci8 dev 0 function 2 Intel IOP333 PCIE-PCIX rev 0x00 pci10 at ppb9 bus 3 ppb10 at pci0 dev 4 function 0 Intel 5000 PCIE rev 0x12 pci11 at ppb10 bus 13 ppb11 at pci11 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci12 at ppb11 bus 14 ppb12 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12 pci13 at ppb12 bus 15 ppb13 at pci0 dev 6 function 0 Intel 5000 PCIE rev 0x12 pci14 at ppb13 bus 16 ppb14 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0x12 pci15 at ppb14 bus 17 pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0x12 pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0x12 pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0x12 pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0x12 pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0x12 pchb6 at pci0 dev 21
Re: following -stable
Toni Mueller wrote: ... It's not getting smaller anytime soon, so if planning ahead is something you like to do, I'd probably leave at least 2G for future growth. That's why I asked... any estimates about the growth rate? not really. Things putt along slowly for a while, then suddenly someone puts decides debugging symbols would make a lot of sense in the libraries, and BOOM...Nick is off to find another disk for his mac68k build machine. A great improvement, no doubt, but not without expected side-effects. Fortunately, my parts pile is wide and deep. I'm not sure, but Xenocara *may* use /usr/obj, that may create a jump in usage if that's true if you don't erase it between base and X compiles (which I would slightly recommend...I tend to think of the builds as one big project, and don't like deleting stuff mid-way through. But that's me. I don't think that will take you near 2G, however. But I could be wrong. :) ... Or, just skip the usr/obj partition... Having been stung a few times by over partitioning recently, What's overpartitioning? ;-) That's when you say, 500M is plenty large for /var, except for this mail archive directory, which could grow really big under some failure conditions, so you create a 100G /var/archive partition and 500M /var partition, then discover that under the OPPOSITE failure conditions, massive amounts of mail ends up in /var/spool. At that point, you realize that splitting off the two partitions sounded good, but instead it just cost you some embarrassing down time and didn't help you in the slightest, AND PROBABLY NEVER WILL (and in fact, I can now think of other failure modes where it could bite me). Should have just put it in one huge /var partition. ... But a toolset for relocating and resizing file systems, during live operation if possible, would be really great... although I think this will be quite hard, if possible at all. Much is possible if you spend enough time and effort and everything is possible if you are willing to redefine success. :) growfs is already there, and very cool. It would be great to have a shrinkfs command, but that would be much more difficult (and someone would have to actually do it, and I wouldn't suggest waiting for me). Live file system manipulations are scary, BUT in some cases, you can come respectably close if you understand your system and tools (and practice on non-critical systems). It is also a very good argument for leaving free space on the disk, you can accomplish a lot if you have a little free space. Nick.
Re: CPAN error
2006/8/30, Monah Baki [EMAIL PROTECTED]: Yesterday I installed Openbsd3.9 and wanted to install Digest::SHA1 using CPAN I get an error complaining the MD5 checksum is incorrect and to delete it from /root/.cpan../../etc etc (which I did). This happens with other modules too. I can download the modules manually and run perl Makefile.pl, make make install, but was wandering why I'm having this problem. I have the same problem with cpan on 4.0; trying to install anything (e.g. HTTP::Date) ends with errors about incorrect checksums, although gzip finds the tar.gz to be correct. Here's a log: -- cpan install HTTP::Date Running install for module HTTP::Date Running make for G/GA/GAAS/libwww-perl-5.805.tar.gz LWP not available CPAN: Net::FTP loaded ok Fetching with Net::FTP: ftp://ftp.freenet.de/pub/ftp.cpan.org/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz Couldn't fetch libwww-perl-5.805.tar.gz from ftp.freenet.de LWP not available Fetching with Net::FTP: ftp://cpan.noris.de/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz Couldn't fetch libwww-perl-5.805.tar.gz from cpan.noris.de LWP not available Fetching with Net::FTP: ftp://ftp.gwdg.de/pub/languages/perl/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz Couldn't fetch libwww-perl-5.805.tar.gz from ftp.gwdg.de LWP not available Fetching with Net::FTP: ftp://ftp.leo.org/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz Trying with /usr/bin/lynx -source to get ftp://ftp.freenet.de/pub/ftp.cpan.org/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz gzip: /home/ms/.cpan/sources/authors/id/G/GA/GAAS/libwww-perl-5.805.tar: unknown suffix: ignored Checksum mismatch for distribution file. Please investigate. Distribution id = G/GA/GAAS/libwww-perl-5.805.tar.gz CPAN_USERID GAAS (Gisle Aas [EMAIL PROTECTED]) CALLED_FOR HTTP::Date CONTAINSMODS LWP::Protocol::cpan LWP::Protocol::ftp HTTP::Status File::Listing LWP::Protocol::http10 HTTP::Headers HTTP::Cookies::Microsoft LWP::Protocol::nogo LWP::Protocol::nntp HTTP::Daemon LWP::Protocol::mailto HTML::Form LWP::Protocol::gopher LWP::ConnCache Net::HTTPS HTTP::Message HTTP::Cookies HTTP::Headers::Auth HTTP::Request::Common HTTP::Response LWP::Protocol::loopback HTTP::Cookies::Netscape LWP::Authen::Ntlm LWP::Authen::Basic HTTP::Request WWW::RobotRules LWP::Protocol LWP LWP::Protocol::data LWP::MediaTypes HTTP::Negotiate LWP::Protocol::https Net::HTTP::NB LWP::Simple Net::HTTP LWP::DebugFile LWP::RobotUA LWP::Protocol::file HTTP::Headers::Util HTTP::Headers::ETag LWP::Authen::Digest HTTP::Date LWP::Protocol::http LWP::MemberMixin LWP::UserAgent LWP::Protocol::GHTTP LWP::Debug LWP::Protocol::https10 WWW::RobotRules::AnyDBM_File Net::HTTP::Methods MD5_STATUS incommandcolor 1 localfile /home/ms/.cpan/sources/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz I'd recommend removing /home/ms/.cpan/sources/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz. Its MD5 checksum is incorrect. Maybe you have configured your 'urllist' with a bad URL. Please check this array with 'o conf urllist', and retry. -- Now, while there might be a port of some perls, cpan should also work. So what am I doing wrong? Update: I installed p5-libwww-5.803, and cpan _now_ works. Me thinks some perls are missing for cpan to work... Best Martin
Re: piixpm0: timeout, status 0x1BUSY?
BTW, sorry for the silly question on permanently through reboots. Quck man page read got me straight. -Mike On 12/22/06, Mike Shaw [EMAIL PROTECTED] wrote: I will try disabling admtemp but will hold off on the patch for obvious reasons. Is there a way to do this permanently through reboots?
piixpm0: timeout, status 0x1BUSY?
Hey misc, maybe someone out there can help me out. I'm getting tons of these: piixpm0: timeout, status 0x1BUSY Server will stay solid for about 24 hours then they start. I searched and saw a couple posts here and there without follow up. I also saw one from Feb (3.9-beta) that suggested disabling admtemp and had a patch, but it's been awhile so I wanted to see if anyone else had worked through this. I will try disabling admtemp but will hold off on the patch for obvious reasons. Is there a way to do this permanently through reboots? I kind of need this server to work, so I'm willing to jump through some guinea pig hoops if it turns out to be a bug. Thanks! -Mike - Server is an Intel ISP1100. I just flashed the BIOS to the latest on the intel website (v. 15). dmesg: OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 752 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 1073049600 (1047900K) avail mem = 970825728 (948072K) using 4256 buffers containing 53755904 bytes (52496K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 07/20/01, BIOS32 rev. 0 @ 0xfda74, SMBIOS rev. 2.3 @ 0xf10f0 (55 entries) bios0: Intel Corporation TR440BXA apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled) apm0: APM power management enable: unrecognized device ID (9) apm0: APM engage (device 1): power management disabled (1) apm0: AC on, battery charge unknown apm0: flags b0102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2a80/144 (7 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xc9800/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX rev 0x03 pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: ST3802110A wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x02: polling iic0 at piixpm0 unknown at iic0 addr 0x18 not configured lmenv0 at iic0 addr 0x2d: adm9240 rev 2, starting scan fxp0 at pci0 dev 12 function 0 Intel 8255x rev 0x08, i82559: irq 15, address 00:02:b3:23:6f:5e inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 fxp1 at pci0 dev 13 function 0 Intel 8255x rev 0x08, i82559: irq 15, address 00:02:b3:23:6f:5f inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 14 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask 7fe5 netmask ffe5 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302
Allen Delong, Out of Office-Jan. 02
Many thanks for your note. I am out of the office until Tuesday, January 2. I will be checking email infrequently during this time, but will return your message on my return. best wishes for a happy new year.