Re: OT: TinyMCE security and track records

[Daniel Ouellet]

Marc Espie wrote:

I think that, to go further, you need actual development tools that you
can customize to the level  of your website code. I assume eclipse will
have this kind of plugin.

The kde webdev suite is definitely a nice candidate there, though 
I haven't tried to customize it to get WYSIWYG editing of 
my Mason/Catalyst code...


Thanks for the reply and feedback. I saw you recommending Mason/Catalyst 
a few times and look like eclipse is coming more often as well. May be 
it's time I give it a fair try and see if either one can do some good work.


Thanks again.

Daniel

Anyone setup mod_security on bridge PF (transparent firewall) ?

[Edy]

Hi,

I am wondering if anyone has configured PF transparent firewall to 
perform mod_security?


Assuming you have 4 interfaces

ext_if and int_if setup as bridge
state_if is for pfsync
mgmt_if has an IP address and able to route to internet

Cheers,
Edy

following -stable

[Toni Mueller]

Hello,

when following -stable and also following the advice to place /usr/obj
on a separate partition, how much space is recommended these days? I've
just discovered that 1 gig isn't enough.

Thank you!


Best,
--Toni++

Max memory in OpenBSD (4.0)

[Cristiano Deana]

Hi all,

i can't find any reference about max memory in openbsd, only some
questions about it (from me and others).

i tried with 4.0 i386 and amd64 and it seems i have no luck to see all
my memory (4G).
i also tried the patch who someone post the link but it doesn't work.

so, just two question:
1) how much memory can i use with openbsd?
2) is there any patch to see all?

thanks

--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/

Re: disable SpeedStep ?

[gklok]

On Thu, Dec 21, 2006 at 12:47:01PM -0800, Rich Dunkle wrote:
 How can I disable the SpeedStep feature in OpenBSD 4.0 ?
 Is there something in UKC ?

It looks like dimitry has already resolved the issue. To answer your
question however: yes there is an inelegant way to disable
est/speedstep and some of the other frequency/voltage scaling
technologies on i386 and amd64

boot into ddb and write a large value to global setperf_prio e.g.:

boot -d
ddb w setperf_prio 666
ddb cont

Code that honours the priority will bail in its init routine.

gwk

Re: OT: TinyMCE security and track records

[Nico Meijer]

Hi Daniel,

 Sorry for this off topic question, but I get more and more requests to 
 have WYSIWYG editing on web management servers. I have been resisting 
 this for many years so far as I hate this, but look likes more and more 
 demands may force me to do it anyway.

We use mostly TinyMCE for this task. From what I've tried, this one sucks
the least, though you need paid addons to help with file and image
management. Its imagemanager is wonderful.

We only give clients the option to edit _parts_ of their pages with
TinyMCE.

Clients will produce poo with TinyMCE, FCKeditor or any
WYSIWYG-editor for that matter. They will copy-past directly from
Word-documents and wonder why their page looks like crap.  Telling them
that it IS crap does not help. They'll just scream louder for you to fix
it and they just want it 'to work'.

HTH... Nico

Re: VPN solutions for OpenBSD to Windows

[Toni Mueller]

Hello,

On Fri, 22.12.2006 at 05:03:11 +, [EMAIL PROTECTED] [EMAIL PROTECTED] 
wrote:
 I'm looking for peoples' experiences and advice for setting up a VPN
 between OpenBSD (I will be using 4.0) and Windows XP/2000 systems.  I
 have tested the Greenbow client and it seems ok.  What of the
 built-in VPN client for the Windows OS?  I am mostly interested in
 ease of configuration and reliability of the tunnel.  I am ok on
 IPSEC theory.

we have good experience with the NCP Secure Entry client (www.ncp.de).
It is very capable and easy to handle, although also one of the most
expensive pieces out there that I'm aware of.


Best,
--Toni++

Re: following -stable

[Nico Meijer]

Hi Toni,

 when following -stable and also following the advice to place /usr/obj
 on a separate partition, how much space is recommended these days?

I've never done that, as disks on my build machines tend to be regularly
fast PATA/SATA disks. `sudo rm -rf /usr/obj/*` takes some 8 seconds or
so with soft updates?

HTH... Nico

Re: OT: TinyMCE security and track records

[Daniel Ouellet]

Nico Meijer wrote:

Clients will produce poo with TinyMCE, FCKeditor or any
WYSIWYG-editor for that matter. They will copy-past directly from
Word-documents and wonder why their page looks like crap.  Telling them
that it IS crap does not help. They'll just scream louder for you to fix
it and they just want it 'to work'.


Thanks for the Word warning. I already have users that are pasting crap 
from word and complains. Sad to see that it will get worst if that's the 
direction this will take.


Daniel

Re: Squid 2.6 transparent proxy with pf

[Sylwester S. Biernacki]

On Thursday, December 21, 2006, at 14:04:34, misc@openbsd.org wrote:

 Dominik Zalewski [EMAIL PROTECTED] writes:

 I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http 
 requests to my squid web proxy.

 Daniel Hartmeier wrote about this a while back, his article can be found at
 http://www.benzedrine.cx/transquid.html


However Daniel's article doesn't cover squid-2.6. Guys from squid team
changed configuration options in squid.conf which you should use to
make it working.

Here you are working config for 2.6.STABLE5:

http_port 3128 transparent

#httpd_accel_host virtual
#httpd_accel_port 80
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on


Daniel: can you change it also at your page to cover that ?

-- 
Sylwester S. Biernacki [EMAIL PROTECTED]
X-NET, http://www.xnet.com.pl/

OpenBSD on VMware fusion (dmesg) -- yes it works

[Brian Keefer]

Not sure if anyone else has noticed, but VMware finally released  
Fusion for public beta.  It's the port to Macintel.


Only caveat so far is that Fusion wouldn't mount the OpenBSD CDs.  I  
think it might have a problem mounting volumes that have spaces in  
the path.  I downloaded cd40.iso and did an FTP install and that  
worked fine (NAT for networking, choose dhcp during the install since  
it doesn't have any way that I could find to configure vmnet).


Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15  
CoreDuo 2.16GHz:


OpenBSD 4.0 (RAMDISK_CD) #39: Sat Sep 16 19:34:26 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Genuine Intel(R) CPU T2600 @ 2.16GHz (GenuineIntel 686-class)  
2.19 GHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH 
,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3

real mem  = 267939840 (261660K)
avail mem = 238141440 (232560K)
using 3296 buffers containing 13500416 bytes (13184K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(2b) BIOS, date 12/06/06, BIOS32 rev. 0 @  
0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries)

bios0: VMware, Inc. VMware Virtual Platform
apm0 at bios0: Power Management spec V1.2
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev  
0x00)

pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000!  
0xe/0x4000!

cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01
ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08
pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA,  
channel 0 configured to compatibility, channel 1 configured to  
compatibility

wd0 at pciide0 channel 0 drive 0: VMware Virtual IDE Hard Drive
wd0: 64-sector PIO, LBA, 8192MB, 16777216 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: NECVMWar, VMware IDE CDR10, 1.00  
SCSI0 5/cdrom removable

cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
Intel 82371AB Power rev 0x08 at pci0 dev 7 function 3 not configured
vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
bha3 at pci0 dev 16 function 0 BusLogic MultiMaster rev 0x01: irq  
11, BusLogic 9xxC SCSI

bha3: model BT-958, firmware 5.07B
bha3: sync, parity
scsibus1 at bha3: 8 targets
ppb1 at pci0 dev 17 function 0 vendor VMware, unknown product  
0x0790 rev 0x01

pci2 at ppb1 bus 2
pcn0 at pci2 dev 0 function 0 AMD 79c970 PCnet-PCI rev 0x10,  
Am79c970A, rev 0: irq 9, address 00:0c:29:c9:d7:96

Ensoniq AudioPCI97 rev 0x02 at pci2 dev 1 function 0 not configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask fde5 netmask ffe5 ttymask ffe7
rd0: fixed, 3800 blocks
wd0: no disk label
dkcsum: wd0 matches BIOS drive 0x80
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
wd0: no disk label
syncing disks... done
rebooting...
OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Genuine Intel(R) CPU T2600 @ 2.16GHz (GenuineIntel 686-class)  
2.17 GHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH 
,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3

real mem  = 267939840 (261660K)
avail mem = 236609536 (231064K)
using 3296 buffers containing 13500416 bytes (13184K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(4a) BIOS, date 12/06/06, BIOS32 rev. 0 @  
0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries)

bios0: VMware, Inc. VMware Virtual Platform
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev  
0x00)

pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000!  
0xe/0x4000!

mainbus0: Intel MP Specification (Version 1.4) (INTEL440BX   )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: unknown Core FSB_FREQ value 0 (0x0)
cpu0: apic clock running at 66 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Genuine Intel(R) CPU T2600 @ 2.16GHz (GenuineIntel 686-class)  
2.17 GHz
cpu1:  

Re: VPN solutions for OpenBSD to Windows

[Peter Hopfgartner]

Can you better define your set up?

If you want to connect from a Windows road warrior which may or may not 
be behind a NAT, OpenVPN can hardly be beat in ease of use, robustness 
etc. It runs fine as a service or on demand, has  optionally a nice GUI 
and I had no issues with packet length etc.


If the Windows machine is not behind a NAT and is directly connected to 
the Internet Greenbow is really a fine product.


Regards

Peter

http://www.hopfgartner.it

Edy wrote:

Hi Peter,

Have you look at OpenVPN?

Please check out this document

http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd

Cheers,
Edy

[EMAIL PROTECTED] wrote:

Hi gang,

I'm looking for peoples' experiences and advice for setting up a VPN 
between OpenBSD (I will be using 4.0) and Windows XP/2000 systems.  I 
have tested the Greenbow client and it seems ok.  What of the built-in 
VPN client for the Windows OS?  I am mostly interested in ease of 
configuration and reliability of the tunnel.  I am ok on IPSEC theory.


Thanks in advance for any comments,

Peter

Re: OpenBSD on VMware fusion (dmesg) -- yes it works

[Reyk Floeter]

On Fri, Dec 22, 2006 at 02:35:00AM -0800, Brian Keefer wrote:
 Not sure if anyone else has noticed, but VMware finally released  
 Fusion for public beta.  It's the port to Macintel.
 
 Only caveat so far is that Fusion wouldn't mount the OpenBSD CDs.  I  
 think it might have a problem mounting volumes that have spaces in  
 the path.  I downloaded cd40.iso and did an FTP install and that  
 worked fine (NAT for networking, choose dhcp during the install since  
 it doesn't have any way that I could find to configure vmnet).
 
 Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15  
 CoreDuo 2.16GHz:
 

can you try 4.0-current (or a recent snapshot)? it should use the new
vic(4) driver instead of pcn(4).

 OpenBSD 4.0 (RAMDISK_CD) #39: Sat Sep 16 19:34:26 MDT 2006
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
 cpu0: Genuine Intel(R) CPU T2600 @ 2.16GHz (GenuineIntel 686-class)  
 2.19 GHz
 cpu0:  
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH 
 ,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3
 real mem  = 267939840 (261660K)
 avail mem = 238141440 (232560K)
 using 3296 buffers containing 13500416 bytes (13184K) of memory
 mainbus0 (root)
 bios0 at mainbus0: AT/286+(2b) BIOS, date 12/06/06, BIOS32 rev. 0 @  
 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries)
 bios0: VMware, Inc. VMware Virtual Platform
 apm0 at bios0: Power Management spec V1.2
 apm0: flags 30102 dobusy 0 doidle 1
 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
 pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev  
 0x00)
 pcibios0: PCI bus #2 is the last bus
 bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000!  
 0xe/0x4000!
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01
 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01
 pci1 at ppb0 bus 1
 pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08
 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA,  
 channel 0 configured to compatibility, channel 1 configured to  
 compatibility
 wd0 at pciide0 channel 0 drive 0: VMware Virtual IDE Hard Drive
 wd0: 64-sector PIO, LBA, 8192MB, 16777216 sectors
 wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
 atapiscsi0 at pciide0 channel 1 drive 0
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0: NECVMWar, VMware IDE CDR10, 1.00  
 SCSI0 5/cdrom removable
 cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
 Intel 82371AB Power rev 0x08 at pci0 dev 7 function 3 not configured
 vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 bha3 at pci0 dev 16 function 0 BusLogic MultiMaster rev 0x01: irq  
 11, BusLogic 9xxC SCSI
 bha3: model BT-958, firmware 5.07B
 bha3: sync, parity
 scsibus1 at bha3: 8 targets
 ppb1 at pci0 dev 17 function 0 vendor VMware, unknown product  
 0x0790 rev 0x01
 pci2 at ppb1 bus 2
 pcn0 at pci2 dev 0 function 0 AMD 79c970 PCnet-PCI rev 0x10,  
 Am79c970A, rev 0: irq 9, address 00:0c:29:c9:d7:96
 Ensoniq AudioPCI97 rev 0x02 at pci2 dev 1 function 0 not configured
 isa0 at pcib0
 isadma0 at isa0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 npx0 at isa0 port 0xf0/16: using exception 16
 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
 biomask fde5 netmask ffe5 ttymask ffe7
 rd0: fixed, 3800 blocks
 wd0: no disk label
 dkcsum: wd0 matches BIOS drive 0x80
 root on rd0a
 rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
 wd0: no disk label
 syncing disks... done
 rebooting...
 OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
 cpu0: Genuine Intel(R) CPU T2600 @ 2.16GHz (GenuineIntel 686-class)  
 2.17 GHz
 cpu0:  
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH 
 ,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3
 real mem  = 267939840 (261660K)
 avail mem = 236609536 (231064K)
 using 3296 buffers containing 13500416 bytes (13184K) of memory
 mainbus0 (root)
 bios0 at mainbus0: AT/286+(4a) BIOS, date 12/06/06, BIOS32 rev. 0 @  
 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries)
 bios0: VMware, Inc. VMware Virtual Platform
 apm0 at bios0: Power Management spec V1.2
 apm0: AC on, battery charge unknown
 apm0: flags 30102 dobusy 0 doidle 1
 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
 pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev  
 0x00)
 pcibios0: PCI bus #2 is the last bus
 bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000!  
 0xe/0x4000!
 mainbus0: Intel MP Specification (Version 1.4) (INTEL440BX   )
 cpu0 at 

Re: following -stable

[Nick Holland]

Toni Mueller wrote:
 Hello,
 
 when following -stable and also following the advice to place /usr/obj
 on a separate partition, how much space is recommended these days? I've
 just discovered that 1 gig isn't enough.
 
 Thank you!
 
 
 Best,
 --Toni++

barely over 1G...at the moment.

It's not getting smaller anytime soon, so if planning ahead is something
you like to do, I'd probably leave at least 2G for future growth.

Granted, the goal of having a /usr/obj partition is usually to make it fast
to newfs, so you don't want to make it too big.  Of course, you can leave
(say) 3G of empty space, but make the partition 1.2G in size.  When 1.2G is
no longer enough, just edit the partition size, newfs (or growfs, but
that's not really needed in THIS case), and now you have a 1.5G obj partition.

Or, just skip the usr/obj partition...  Having been stung a few times by
over partitioning recently, it might just not be worth the trouble.  As
Nico Meijer pointed out, on modern HW, you may not see a significant
difference in time.  Biggest reason I use a usr/obj partition on one of my
build machines is because it is hard to get 4G disks narrow SCSI disks, so
/usr/obj is on an old 2G drive on my mac68k build machine...  Even there,
where the newfs is significantly faster than a rm -r /usr/obj/*, the
difference in the nearly five-day build time Just Doesn't Matter. :)

Nick.

OpenBSD dropping individual packets

[Richard Thornton]

Hi

OpenBSD rocks and I have donated to this great cause :-)

Hope you can help.  So I have the following setup:

 DMZ
|
|
LAN-OpenBSD/PF/Snort?--Internet

So in a nutshell I want to drop packets (not sessions) that match a IDS
signature after PF filtering.

So for example (PF is a Layer 3 filter):

1. A PF rule allows SMTP to the DMZ from the Internet
2. SMTP traffic is permitted by PF
3. IDS detects an attack packet that would be permitted by the above
rule
4. System (Snort) drops only the matching attack packets

So AFAIK flexresp, snortsam, snort2pf and guardian are out.

Snort has to be inline, which it is, so can I drop single packets after
PF filtering that match a signature?

Is this available currently, if so, how do I go about it, can something
be put together?

Thanks for your time.

Cheers
Richard

Re: OpenBSD on VMware fusion (dmesg) -- yes it works

[Brian Keefer]

On Dec 22, 2006, at 3:09 AM, Reyk Floeter wrote:


On Fri, Dec 22, 2006 at 02:35:00AM -0800, Brian Keefer wrote:

Not sure if anyone else has noticed, but VMware finally released
Fusion for public beta.  It's the port to Macintel.

Only caveat so far is that Fusion wouldn't mount the OpenBSD CDs.  I
think it might have a problem mounting volumes that have spaces in
the path.  I downloaded cd40.iso and did an FTP install and that
worked fine (NAT for networking, choose dhcp during the install since
it doesn't have any way that I could find to configure vmnet).

Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15
CoreDuo 2.16GHz:



can you try 4.0-current (or a recent snapshot)? it should use the new
vic(4) driver instead of pcn(4).


I added Ethernet0.virtualDev to vmxnet (wasn't present by default)  
and this is what I got with the latest i386 snap:
vic0 at pci2 dev 0 function 0 VMware Virtual NIC rev 0x10: apic 2  
int 18 (irq 9)

vic0: VMXnet 864F, address 00:0c:29:c9:d7:96

Boots fine, but when it searches for DHCP lease I get:
vic0: no link . giving up

I tried to ifconfig vic0 down ; ifconfig vic0 up, but it still didn't  
get a link.


I tried e1000 instead of vmxnet and em0 was able to get a link  
just fine.


Any other options I should try?

Here's the .vmx:
config.version = 8
virtualHW.version = 6
numvcpus = 2
scsi0.present = TRUE
memsize = 256
MemAllowAutoScaleDown = FALSE
ide0:0.present = TRUE
ide0:0.fileName = OpenBSD.vmdk
ide1:0.present = TRUE
ide1:0.fileName = /Users/chort/scratch/cd40.iso
ide1:0.deviceType = cdrom-image
floppy0.present = FALSE
ethernet0.present = TRUE
ethernet0.connectionType = nat
ethernet0.wakeOnPcktRcv = FALSE
sound.present = TRUE
sound.fileName = -1
sound.autodetect = TRUE
pciBridge0.present = TRUE
isolation.tools.hgfs.disable = TRUE
displayName = OpenBSD
guestOS = other
nvram = OpenBSD.nvram
deploymentPlatform = windows
virtualHW.productCompatibility = hosted
RemoteDisplay.vnc.port = 0
tools.upgrade.policy = useGlobal
powerType.powerOff = soft
powerType.powerOn = soft
powerType.suspend = soft
powerType.reset = soft

ethernet0.addressType = generated
uuid.location = 56 4d b4 c8 87 f5 fa 58-c7 59 8e d7 8b c9 d7 96
uuid.bios = 56 4d b4 c8 87 f5 fa 58-c7 59 8e d7 8b c9 d7 96
ide0:0.redo = 
pciBridge0.pciSlotNumber = 17
scsi0.pciSlotNumber = 16
ethernet0.pciSlotNumber = 32
sound.pciSlotNumber = 33
vmi.pciSlotNumber = 34
ethernet0.generatedAddress = 00:0c:29:c9:d7:96
ethernet0.generatedAddressOffset = 0
tools.remindInstall = TRUE
Ethernet0.virtualDev = vmxnet

checkpoint.vmState = 


Brian Keefer
www.Tumbleweed.com
The Experts in Secure Internet Communication

Re: OpenBSD on VMware fusion (dmesg) -- yes it works

[Reyk Floeter]

On Fri, Dec 22, 2006 at 03:59:10AM -0800, Brian Keefer wrote:
 Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15
 CoreDuo 2.16GHz:
 
 
 can you try 4.0-current (or a recent snapshot)? it should use the new
 vic(4) driver instead of pcn(4).
 
 I added Ethernet0.virtualDev to vmxnet (wasn't present by default)  
 and this is what I got with the latest i386 snap:
 vic0 at pci2 dev 0 function 0 VMware Virtual NIC rev 0x10: apic 2  
 int 18 (irq 9)
 vic0: VMXnet 864F, address 00:0c:29:c9:d7:96
 
 Boots fine, but when it searches for DHCP lease I get:
 vic0: no link . giving up
 

hmmm, can you try it with GENERIC (without MP)?

 I tried to ifconfig vic0 down ; ifconfig vic0 up, but it still didn't  
 get a link.
 
 I tried e1000 instead of vmxnet and em0 was able to get a link  
 just fine.
 
 Any other options I should try?
 
 Here's the .vmx:
 config.version = 8
 virtualHW.version = 6
 numvcpus = 2
 scsi0.present = TRUE
 memsize = 256
 MemAllowAutoScaleDown = FALSE
 ide0:0.present = TRUE
 ide0:0.fileName = OpenBSD.vmdk
 ide1:0.present = TRUE
 ide1:0.fileName = /Users/chort/scratch/cd40.iso
 ide1:0.deviceType = cdrom-image
 floppy0.present = FALSE
 ethernet0.present = TRUE
 ethernet0.connectionType = nat
 ethernet0.wakeOnPcktRcv = FALSE
 sound.present = TRUE
 sound.fileName = -1
 sound.autodetect = TRUE
 pciBridge0.present = TRUE
 isolation.tools.hgfs.disable = TRUE
 displayName = OpenBSD
 guestOS = other
 nvram = OpenBSD.nvram
 deploymentPlatform = windows
 virtualHW.productCompatibility = hosted
 RemoteDisplay.vnc.port = 0
 tools.upgrade.policy = useGlobal
 powerType.powerOff = soft
 powerType.powerOn = soft
 powerType.suspend = soft
 powerType.reset = soft
 
 ethernet0.addressType = generated
 uuid.location = 56 4d b4 c8 87 f5 fa 58-c7 59 8e d7 8b c9 d7 96
 uuid.bios = 56 4d b4 c8 87 f5 fa 58-c7 59 8e d7 8b c9 d7 96
 ide0:0.redo = 
 pciBridge0.pciSlotNumber = 17
 scsi0.pciSlotNumber = 16
 ethernet0.pciSlotNumber = 32
 sound.pciSlotNumber = 33
 vmi.pciSlotNumber = 34
 ethernet0.generatedAddress = 00:0c:29:c9:d7:96
 ethernet0.generatedAddressOffset = 0
 tools.remindInstall = TRUE
 Ethernet0.virtualDev = vmxnet
 
 checkpoint.vmState = 
 
 Brian Keefer
 www.Tumbleweed.com
 The Experts in Secure Internet Communication

Re: OpenBSD on VMware fusion (dmesg) -- yes it works

[Jason Dixon]

On Dec 22, 2006, at 6:59 AM, Brian Keefer wrote:


On Dec 22, 2006, at 3:09 AM, Reyk Floeter wrote:


can you try 4.0-current (or a recent snapshot)? it should use the new
vic(4) driver instead of pcn(4).


I added Ethernet0.virtualDev to vmxnet (wasn't present by  
default) and this is what I got with the latest i386 snap:
vic0 at pci2 dev 0 function 0 VMware Virtual NIC rev 0x10: apic 2  
int 18 (irq 9)

vic0: VMXnet 864F, address 00:0c:29:c9:d7:96

Boots fine, but when it searches for DHCP lease I get:
vic0: no link . giving up

I tried to ifconfig vic0 down ; ifconfig vic0 up, but it still  
didn't get a link.


Both stable and current work fine on my new MBP (Core 2 Duo  
2.33GHz).  vic grabs a NAT fine in stable, pcn in current.


# sysctl hw
hw.machine=i386
hw.model=Intel(R) Core(TM)2 CPU T7600 @ 2.33GHz (GenuineIntel 686- 
class)

hw.ncpu=2
hw.byteorder=1234
hw.physmem=267939840
hw.usermem=267927552
hw.pagesize=4096
hw.disknames=wd0,cd0
hw.diskcount=2
hw.cpuspeed=2328
hw.vendor=VMware, Inc.
hw.product=VMware Virtual Platform
hw.version=None
hw.serialno=VMware-56 4d 0b 8d 44 53 f8 c2-8e 13 fa e0 1b 15 bd b8
hw.uuid=564d0b8d-4453-f8c2-8e13-fae01b15bdb8

# dmesg
OpenBSD 4.0-current (GENERIC.MP) #1106: Wed Dec 20 14:22:11 MST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 CPU T7600 @ 2.33GHz (GenuineIntel 686- 
class) 2.33 GHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, 
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL,CX16

real mem  = 267939840 (261660K)
avail mem = 236470272 (230928K)
using 3302 buffers containing 13524992 bytes (13208K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(4a) BIOS, date 12/06/06, BIOS32 rev. 0 @  
0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries)

bios0: VMware, Inc. VMware Virtual Platform
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev  
0x00)

pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000!  
0xe/0x4000!

acpi at mainbus0 not configured
mainbus0: Intel MP Specification (Version 1.4)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 65 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU T7600 @ 2.33GHz (GenuineIntel 686- 
class) 2.33 GHz
cpu1:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, 
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL,CX16

mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 2 is type PCI
mainbus0: bus 3 is type ISA
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01
ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08
pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA,  
channel 0 configured to compatibility, channel 1 configured to  
compatibility

wd0 at pciide0 channel 0 drive 0: VMware Virtual IDE Hard Drive
wd0: 64-sector PIO, LBA, 4096MB, 8388608 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: NECVMWar, VMware IDE CDR10, 1.00  
SCSI0 5/cdrom removable

cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x08:  
SMBus disabled

vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
bha3 at pci0 dev 16 function 0 BusLogic MultiMaster rev 0x01: apic  
2 int 17 (irq 11), BusLogic 9xxC SCSI

bha3: model BT-958, firmware 5.07B
bha3: sync, parity
scsibus1 at bha3: 8 targets
ppb1 at pci0 dev 17 function 0 vendor VMware, unknown product  
0x0790 rev 0x01

pci2 at ppb1 bus 2
pcn0 at pci2 dev 0 function 0 AMD 79c970 PCnet-PCI rev 0x10,  
Am79c970A, rev 0: apic 2 int 18 (irq 9), address 00:0c:29:15:bd:b8
eap0 at pci2 dev 1 function 0 Ensoniq AudioPCI97 rev 0x02: apic 2  
int 19 (irq 10)

ac97: codec id 0x43525913 (Cirrus Logic CS4297A rev 3)
audio0 at eap0
midi0 at eap0: AudioPCI MIDI UART
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi1 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte 

Re: VPN solutions for OpenBSD to Windows

[Brian Candler]

On Fri, Dec 22, 2006 at 05:03:11AM +, [EMAIL PROTECTED] wrote:
 I'm looking for peoples' experiences and advice for setting up a VPN
 between OpenBSD (I will be using 4.0) and Windows XP/2000 systems.  I have
 tested the Greenbow client and it seems ok.  What of the built-in VPN
 client for the Windows OS?

The Windows build-in VPN client uses L2TP running over IPSEC transport mode.

It's straightforward to set up IPSEC transport mode between Windows and
OBSD. Unfortunately finding a working L2TP daemon for OBSD is harder.

I made some patches to rp-l2tp, and posted them to this list a few weeks
ago. It kind-of worked, but I had a problem with vty's and packets over 1024
bytes, and nobody here was able to provide any assistance in debugging the
problem. If you want to have a go, please feel free.

I can't find an open archive of [EMAIL PROTECTED] You can try these links,
but I removed my username and password from them. Otherwise scan the archive
for December looking for subject rp-l2tp, ppp and pty problem
http://lists.openbsd.org/cgi-bin/mj_wwwusr?list=miscbrief=onfunc=archive-get-partextra=200612/293
http://lists.openbsd.org/cgi-bin/mj_wwwusr?list=miscbrief=onfunc=archive-get-partextra=200612/299

Regards,

Brian.

Re: VPN solutions for OpenBSD to Windows

[Joachim Schipper]

On Fri, Dec 22, 2006 at 01:41:05PM +0800, Lars Hansson wrote:
 On Friday 22 December 2006 13:03, [EMAIL PROTECTED] wrote:
  What of the built-in VPN client for the Windows OS?
 
 While it works it suffers mainly from two things; being confusing to
 configure and lacking strong ciphers (you only get DES and 3DES).

I'll second this, but with the footnote that 3DES is not so much
insecure as it is slow.

Joachim

Re: hotplugd umass kernel crash

[Michael]

Hi,

Marc Balmer schrieb:
 I assume you have an /etc/hotplugd/attach script, can you post that?

# cat /etc/hotplug/attach
#!/bin/sh

DEVCLASS=$1
DEVNAME=$2

case $DEVCLASS in
2)
# disk devices
#
label=`disklabel $DEVNAME 21 | sed -n '/^label: /s/^label: //p'`
case $label in
USB*DISK*28X*)
[ -d /media/usb ] || mkdir -p /media/usb
mount_msdos -o ro,nodev,nosuid /dev/$DEVNAMEi /media/usb
esac
;;

3)
# network devices
#
;;
esac

Re: following -stable

[Joachim Schipper]

On Fri, Dec 22, 2006 at 10:06:03AM +0100, Toni Mueller wrote:
 Hello,
 
 when following -stable and also following the advice to place /usr/obj
 on a separate partition, how much space is recommended these days? I've
 just discovered that 1 gig isn't enough.

About 4 GB here, which seems to be comfortable for most of what I do.
OpenOffice might or might not want to build in that, though.

Joachim

Re: VPN solutions for OpenBSD to Windows

[Peter Landry]

I second that -- OpenVPN is great. Easy and quick to set up, clients for
most OSes (and you can re-use the config files across OSes. that was a
nice bonus when the boss wanted his Mac to connect to the VPN). Unless
there's another requirement that means you can't use OpenVPN, you should
check it out.

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
 Peter Hopfgartner
 Sent: Friday, December 22, 2006 6:09 AM
 To: misc@openbsd.org
 Subject: Re: VPN solutions for OpenBSD to Windows
 
 Can you better define your set up?
 
 If you want to connect from a Windows road warrior which may or may
not
 be behind a NAT, OpenVPN can hardly be beat in ease of use, robustness
 etc. It runs fine as a service or on demand, has  optionally a nice
GUI
 and I had no issues with packet length etc.
 
 If the Windows machine is not behind a NAT and is directly connected
to
 the Internet Greenbow is really a fine product.
 
 Regards
 
 Peter
 
 http://www.hopfgartner.it
 
 Edy wrote:
  Hi Peter,
 
  Have you look at OpenVPN?
 
  Please check out this document
 
  http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd
 
  Cheers,
  Edy
 
  [EMAIL PROTECTED] wrote:
  Hi gang,
 
  I'm looking for peoples' experiences and advice for setting up a
VPN
  between OpenBSD (I will be using 4.0) and Windows XP/2000 systems.
I
  have tested the Greenbow client and it seems ok.  What of the
built-in
  VPN client for the Windows OS?  I am mostly interested in ease of
  configuration and reliability of the tunnel.  I am ok on IPSEC
theory.
 
  Thanks in advance for any comments,
 
  Peter

Re: following -stable

[Toni Mueller]

Hi,

thanks for all the answers. I was being imprecise, and have solved the
problem in the meantime.

-stable means for me only the non-X11 stuff and no ports. When I've
finished building -stable, I usually wrap a release, then erase the obj
space and continue with ports.

On Fri, 22.12.2006 at 06:29:23 -0500, Nick Holland [EMAIL PROTECTED] wrote:
 Toni Mueller wrote:
  when following -stable and also following the advice to place /usr/obj
  on a separate partition, how much space is recommended these days? I've
  just discovered that 1 gig isn't enough.
 barely over 1G...at the moment.

8-}

 It's not getting smaller anytime soon, so if planning ahead is something
 you like to do, I'd probably leave at least 2G for future growth.

That's why I asked... any estimates about the growth rate?

 Granted, the goal of having a /usr/obj partition is usually to make it fast
 to newfs, so you don't want to make it too big.

Yes. The disk in question has 73 gigs, so it's reasonably fast, but
newfs is still much faster than is rm -fr.

 no longer enough, just edit the partition size, newfs (or growfs, but
 that's not really needed in THIS case), and now you have a 1.5G obj partition.

Not quite, because it happened on a machine already in production. So,
there's no all-too-easy repartitioning right now. I did find another
partition that I'll probably join to this one in the future, but for
the time being, I opted for placing stuff on a different partition
which already is big enough for everything (and adjust /etc/mk.conf,
again).

 Or, just skip the usr/obj partition...  Having been stung a few times by
 over partitioning recently,

What's overpartitioning? ;-)

I usually have 8-12 partitions on my machines, converging to about 9.

But a toolset for relocating and resizing file systems, during live
operation if possible, would be really great... although I think this
will be quite hard, if possible at all.


Best,
--Toni++

Re: OpenBSD dropping individual packets

[Jason George]

Hi

OpenBSD rocks and I have donated to this great cause :-)

Hope you can help.  So I have the following setup:

  DMZ
 |
 |
LAN-OpenBSD/PF/Snort?--Internet

So in a nutshell I want to drop packets (not sessions) that match a IDS
signature after PF filtering.

So for example (PF is a Layer 3 filter):

1. A PF rule allows SMTP to the DMZ from the Internet
2. SMTP traffic is permitted by PF
3. IDS detects an attack packet that would be permitted by the above
rule
4. System (Snort) drops only the matching attack packets

So AFAIK flexresp, snortsam, snort2pf and guardian are out.

Snort has to be inline, which it is, so can I drop single packets after
PF filtering that match a signature?

Is this available currently, if so, how do I go about it, can something
be put together?



http://www.openbeer.it/?open=pq

Unfortunately, this code is likely stale in certain areas, as it has not been 
updated in just over a year.  The first thing that would have to be done is to 
sync the code against at least 4.0, then patches for snort would have to be 
re-done.

From the README:

-[ Userspace Packet Queueing ]-

by Michele 'mydecay' Marchetto
[EMAIL PROTECTED]

1. Content

* Kernel patch (3.8-stable)
* libpq
* pfctl patch (3.8-stable)
* /usr/include patch (3.8-stable)
* snort_inline patch (2.1.3b)
* stats tools

2. Features

* This series of patches allow you to queue packet to userspace,
specifying pf rules accordingly. This let you use tools like
snort_inline, or even make use of self-made tools based on libpq.

3. Version

This is the very first version of this infrastructure, so it is
very very very (very) experimental. Discussion about bugs, features
and other things related, can take place on [EMAIL PROTECTED] For
everything else, feel free to mail me. Bugs report are welcome.

4. BUGS!

This beta version does not support IPSec. This is the first thing
that will be fixed in the next version.
The 3.8 version seems to work well on layer 2 and 3, even mixed with
altq. Pfsync untested.

5. Installation

To compile correctly snort_inline you need to install libpcre, gmake and
libnet 1.0.x from ports or packages.

Apply all the patches, and then build libpq with make  make install 
make clean. Then you are able to work with the infrastructure.
It is important to note that snort_inline myst be compiled with gmake
instead of make, and you must create by yourself the log directory.
Run snort_inline with -Q argument.

Re: VPN solutions for OpenBSD to Windows

[Michael Alaimo]

I would also agree that OpenVPN is nice and fairly simple to set up...
I use it and enjoy it.
The only problem I could point out about OpenVPN, is that it cannot 
interact with other VPNS

- I.E. OpenSwan or Other Hardware/Software solutions running ipsec.

Please correct me if I am wrong.

Amedeo


Peter Landry wrote:

I second that -- OpenVPN is great. Easy and quick to set up, clients for
most OSes (and you can re-use the config files across OSes. that was a
nice bonus when the boss wanted his Mac to connect to the VPN). Unless
there's another requirement that means you can't use OpenVPN, you should
check it out.

  

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf


Of
  

Peter Hopfgartner
Sent: Friday, December 22, 2006 6:09 AM
To: misc@openbsd.org
Subject: Re: VPN solutions for OpenBSD to Windows

Can you better define your set up?

If you want to connect from a Windows road warrior which may or may


not
  

be behind a NAT, OpenVPN can hardly be beat in ease of use, robustness
etc. It runs fine as a service or on demand, has  optionally a nice


GUI
  

and I had no issues with packet length etc.

If the Windows machine is not behind a NAT and is directly connected


to
  

the Internet Greenbow is really a fine product.

Regards

Peter

http://www.hopfgartner.it

Edy wrote:


Hi Peter,

Have you look at OpenVPN?

Please check out this document

http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd

Cheers,
Edy

[EMAIL PROTECTED] wrote:
  

Hi gang,

I'm looking for peoples' experiences and advice for setting up a


VPN
  

between OpenBSD (I will be using 4.0) and Windows XP/2000 systems.


I
  

have tested the Greenbow client and it seems ok.  What of the


built-in
  

VPN client for the Windows OS?  I am mostly interested in ease of
configuration and reliability of the tunnel.  I am ok on IPSEC


theory.
  

Thanks in advance for any comments,

Peter

routing 2 identical subnets

[Jacob Yocom-Piatt]

at work there are 2 pieces of heavy machinery that each are hard-wired 
to communicate on the, say, 192.168.101/24 subnet and i would like to 
access both subnets from a machine in the office on the 172.16.16/24 
subnet. to avoid the issue of having 2 routes to the same subnet, i plan 
on having an intermediate machine in front of each subnet that will run 
ipsec and then NAT the 172.16.16/24 host to a 192.168.101/24 address. 
this way i should be able to avoid the 2 route issue.


there are likely other solutions to this problem that don't involve 
ipsec and i am interested in hearing them. could the multiple routing 
tables feature be useful here?


cheers,
jake

problem with device adt

[Rich Dunkle]

The i386 21 Dec snapshot seems to
have a problem with device adt.

The install went fine, but upon reboot of
the new OS, it was hung at:

iic0 at ichiic0
adt0 at iic0 addr 0x2e: emc6d100 rev 0x68


And I cannot seem to bypass by disabling in UKC ?

Here are the logs:

rebooting...
 OpenBSD/i386 BOOT 2.12t)
bios0 a
bootbus0:
booting hd0a:/bsd: 5573716+869404 [52+284400+264819]=0x6ab37c
entry point at 0x200120*ies)
bios0: Int
[ using 549644 bytes of bsd ELF symbol table ]
apm0 at bios0: Power Management spec V
Copyright (c) 1982, 1986, 1989, 1991, 1993
apm0: AC on, battery charge unknown, est
The Regents of the University of California.  All rights
reserved.apm0: flags 30102 dobusy 0 doidle 1
pci
Copyright (c) 1995-2006 OpenBSD. All rights reserved.  http://www.OpenBSD.org
bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000

OpenBSD 4.0-current (GENERIC) #1309: Thu Dec 21 19
acpi at mainbus0 not c
boot
booting fd0a:/bsd: 4666580+740868=0x528420
real mem  = 2144796672 (2094528K)y point at 0x200120,
avail mem = 1948184576 (1902524K)1986, 1989, 1991, 1993
using 4256 buffers containing 107425792 bytes (104908K) of memoryity of
California.  All rights reserved.
RTC BIOS diagnostic erro
5 entries) 21 19:47:
bios0: Intel Corporation D975XBX
apm0 at bios0: Power Management spec
V1.2:/usr/src/sys/arch/i386/compile/RAMDISK_C
apm0: AC on, battery charge unknown, estimated 0:00 hours
RTC BIOS diagnostic error 80clock_battery
apm0: flags 30102 dobusy 0 doidle 1
cpu0: Intel(R) Core(TM)2 Du
pcibios at bios0 function 0x1a not configureds) 2.94
bios0: ROM list: 0xc/0x1 0xd/0x1000
0xd1000/0x100086,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,P
acpi at mainbus0 not configured
cpu0 at mainbus0
LUSH,DS,
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)VMX,EST,TM2,CX16
vga1 at pci1 dev 0 function 0 ATI Radeon X300 rev 0x00286+(00) BIOS,
date 11/29/06, SMBIOS rev. 2.3 @ 0xe4cc0
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
5 entries)
bios0: Intel
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)m0 at bios0: Power
Management spec V1.2
ATI Radeon X300 Sec rev 0x00 at pci1 dev 0 function 1 not configured
pcibios at bios0 function 0x1a not configu
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01: irq
9x1 0xd/0x1000 0xd1000/0x1000
azalia0: host: High Defi
ppb2 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x011 function 0
vendor Intel, unknown product 0x277d rev 0x0
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01
vga1 at pci1 dev 0 function 0 ATI Radeo
pci4 at ppb3 bus 4
em0 at pci4 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: irq 10,
addre00 emulation)
ATI Rad
ss 00:16:76:6e:58:db0 at pci1 dev 0 func
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: irq 11
Intel 82801GB HD Audio rev 0x01 at pci0 dev
usb0 at uhci0: USB revision
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: irq 9 ppb2
bus 3
ppb3 at pci0 dev 28 function 5 Intel
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
pci4 at
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1ction 0 Intel PRO/1000MT
(82573L) rev 0x00: irq
uhub1: 2 ports with 2 removable, self powered

uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: irq 11
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: irq 11
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
ppb4 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1
pci5 at ppb4 bus 5
TI TSB43AB23 FireWire rev 0x00 at pci5 dev 4 function 0 not configured
ichpcib0 at pci0 dev 31 function 0 Intel 82801GH LPC rev 0x01: PM disabled
pciide0 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA,
channel 0
configured to native-PCI, channel 1 configured to native-PCI
pciide0: using irq 9 for native-PCI interrupt
pciide0: couldn't map channel 0 cmd regs
pciide0: couldn't map channel 1 cmd regs
ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: irq 9
iic0 at ichiic0
adt0 at iic0 addr 0x2e: emc6d100 rev 0x68

 hangs at this point 
 unless UKC disable pciide
-
-
Here is the verbose output:

 admcts probe returned 0
 probing for asbtm*
 asbtm probe returned 0
 probing for wbenv*
 wbenv probe returned 0
 probing for glenv*
 glenv probe returned 0
 adt probe won
adt0 at iic0 addr 0x2e: emc6d100 rev 0x68


--
Now disable adt using UKC


Try to disable adt

boot boot -c
booting hd0a:/bsd: 5573716+869404 [52+284400+264819]=0x6ab37c
entry point at 0x200120*
[ using 549644 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All 

brconfig: bridge0: Operation not permitted

[Edy]

Hi

I am trying to execute the following command from CLI (as root user)

brconfig bridge0 add fxp0 add fxp1 stp fxp0 stp fxp1 hellotime 2 maxage 
20 fwdelay 15 up


but it says the following

brconfig: bridge0: Operation not permitted

After that I executed brconfig bridge0 and it shows that bridge is up??!!

shu:/root# brconfig bridge0
bridge0: flags=0
   priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto 
rstp

   designated: id 00:03:47:08:a3:66 priority 32768
   fxp1 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P
   port 2 ifpriority 128 ifcost 20 discarding role 
designated

   fxp0 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P
   port 1 ifpriority 128 ifcost 20 discarding role 
designated

   Addresses (max cache: 100, timeout: 240):

any idea?

Thanks,
edy

Extract IP to table

[Bob DeBolt]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Greets

I have a client with a single VOIP connection and a dynamic IP
shared with the PC. It works.

What I am looking for and I know I've seen it but haven't been able to
find it again, is to extract the IP address from traffic and put it into
a table to allow the VOIP phone to reestablish connectivity to the
border firewall when the IP changes. I have looked through dynamic dns
but the potential latency to restablish the correct IP is said to be up
to 20 minutes, that won't do.

Better ideas, documents, sites?

Bob D
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFjBNUK35IA5yVGFsRAntKAKCLRLu2MK9XHwcgfqGQCSoPHjtxoACdHih8
79NTjQkAI64guFqsaOI7Y9A=
=EcmC
-END PGP SIGNATURE-

Re: OpenBSD on VMware fusion (dmesg) -- yes it works

[Brian Keefer]

On Dec 22, 2006, at 5:15 AM, Reyk Floeter wrote:


On Fri, Dec 22, 2006 at 03:59:10AM -0800, Brian Keefer wrote:

Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15
CoreDuo 2.16GHz:



can you try 4.0-current (or a recent snapshot)? it should use the  
new

vic(4) driver instead of pcn(4).


I added Ethernet0.virtualDev to vmxnet (wasn't present by default)
and this is what I got with the latest i386 snap:
vic0 at pci2 dev 0 function 0 VMware Virtual NIC rev 0x10: apic 2
int 18 (irq 9)
vic0: VMXnet 864F, address 00:0c:29:c9:d7:96

Boots fine, but when it searches for DHCP lease I get:
vic0: no link . giving up



hmmm, can you try it with GENERIC (without MP)?


It didn't make a difference.  I tried commenting out the virtualDev  
setting to see which one it would detect if no device type was  
specified in the .vmx, and it went back to pcn.


Jason, what does your .vmx look like?

Oddly, I also found a statement:  deploymentPlatform = windows,  
which I found rather odd since I choose other/other for the OS and  
type.  I comment that out, but it didn't change anything.



Brian Keefer
www.Tumbleweed.com
The Experts in Secure Internet Communication

Re: OpenBSD on VMware fusion (dmesg) -- yes it works

[Jason Dixon]

On Dec 22, 2006, at 12:31 PM, Brian Keefer wrote:


Jason, what does your .vmx look like?

Oddly, I also found a statement:  deploymentPlatform = windows,  
which I found rather odd since I choose other/other for the OS and  
type.  I comment that out, but it didn't change anything.


config.version = 8
virtualHW.version = 6
numvcpus = 2
scsi0.present = TRUE
memsize = 256
MemAllowAutoScaleDown = FALSE
ide0:0.present = TRUE
ide0:0.fileName = OpenBSD 4.0.vmdk
ide1:0.present = TRUE
ide1:0.fileName = /Users/jasondixon/cd40.iso
ide1:0.deviceType = cdrom-image
floppy0.present = FALSE
ethernet0.present = TRUE
ethernet0.connectionType = nat
ethernet0.wakeOnPcktRcv = FALSE
sound.present = TRUE
sound.fileName = -1
sound.autodetect = TRUE
pciBridge0.present = TRUE
isolation.tools.hgfs.disable = TRUE
displayName = OpenBSD 4.0
guestOS = other
nvram = OpenBSD 4.0.nvram
deploymentPlatform = windows
virtualHW.productCompatibility = hosted
RemoteDisplay.vnc.port = 0
tools.upgrade.policy = useGlobal
powerType.powerOff = soft
powerType.powerOn = soft
powerType.suspend = soft
powerType.reset = soft

ethernet0.addressType = generated
uuid.location = 56 4d 0b 8d 44 53 f8 c2-8e 13 fa e0 1b 15 bd b8
uuid.bios = 56 4d 0b 8d 44 53 f8 c2-8e 13 fa e0 1b 15 bd b8
ide0:0.redo = 
pciBridge0.pciSlotNumber = 17
scsi0.pciSlotNumber = 16
ethernet0.pciSlotNumber = 32
sound.pciSlotNumber = 33
vmi.pciSlotNumber = 34
ethernet0.generatedAddress = 00:0c:29:15:bd:b8
ethernet0.generatedAddressOffset = 0
tools.remindInstall = TRUE


--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: OpenBSD on VMware fusion (dmesg) -- yes it works

[Brian Keefer]

On Dec 22, 2006, at 10:26 AM, Jason Dixon wrote:


On Dec 22, 2006, at 12:31 PM, Brian Keefer wrote:


Jason, what does your .vmx look like?

Oddly, I also found a statement:  deploymentPlatform = windows,  
which I found rather odd since I choose other/other for the OS and  
type.  I comment that out, but it didn't change anything.


config.version = 8
...
tools.remindInstall = TRUE


--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net


It's the same, other than the MAC addresses of course.

I'm running e.x.p. 36932, but I don't figure they did another in the  
3 hours between when I downloaded it and when you posted.


So the only difference we know of is that you have a Core Duo2-based  
system?  Which version of OS X?  I'm on 10.4.8 with all the patches  
(including EFI firmware update), except for the most recent Quartz   
QuickTime security patch.


It's strange that when you boot -current it loads vic w/o having to  
specify vmxnet as your dev, but when I boot the snapshot from 21st it  
loads pcn unless I specifically change the dev to vmxnet, then it's  
vic, but it has no link.  Maybe I should cvsup and build from source?



Brian Keefer
www.Tumbleweed.com
The Experts in Secure Internet Communication

Re: brconfig: bridge0: Operation not permitted

[Edy]

Issue resolved!

It seems like in 4.0 current you are not allowed to have hellotime 
parameter in /etc/bridgename.bridge0


by removing that sentence from the file stops the error message.

Cheers,
Edy

Edy wrote:

Hi

I am trying to execute the following command from CLI (as root user)

brconfig bridge0 add fxp0 add fxp1 stp fxp0 stp fxp1 hellotime 2 
maxage 20 fwdelay 15 up


but it says the following

brconfig: bridge0: Operation not permitted

After that I executed brconfig bridge0 and it shows that bridge is up??!!

shu:/root# brconfig bridge0
bridge0: flags=0
   priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 
proto rstp

   designated: id 00:03:47:08:a3:66 priority 32768
   fxp1 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P
   port 2 ifpriority 128 ifcost 20 discarding role 
designated

   fxp0 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P
   port 1 ifpriority 128 ifcost 20 discarding role 
designated

   Addresses (max cache: 100, timeout: 240):

any idea?

Thanks,
edy

dylan language

[Joe]

Today I saw a blog post about a wireshark alternative called 
networtnightvision that claims to be more secure than wireshark. I'm 
very interested in this because wireshark is just too dangerous to run, 
IMO. Anyways, the sniffer is written in dylan. I have never heard of 
dylan before. Here is a snippet from a paper [0] which the author claims:


snip from the paper
Since we noticed a lack of a decent secure framework for handling 
network packets, we have designed and implemented major parts of a 
TCP/IP stack in the high level programming language Dylan, focusing on 
security, performance and code reuse.


Dylan is a high level language that provides a number of features to 
detect and prevent data reference failures, one of the most common 
sources of vulnerabilities in C software.


Bounds checks for array accesses are inserted where needed by the 
compiler. Also a garbage collector is used, avoiding the need to care 
about manual memory management, and preventing bugs from early frees or 
double frees. Dylan is strongly typed, so bypassing the type system by 
doing casts and pointer arithmetic is not possible.

snip from the paper


Is this for real? I figured if anyone could shed some light on this, an 
OpenBSD developer might be able to comment on this dylan language. I'm 
not looking to learn dylan, but am just wondering if this is legit. I 
wouldn't mind running one of these tools if they are indeed safer to 
run than wireshark. (yes i use tcpdump regularly)




[0] http://www.opendylan.org/~hannes/secure-networking.pdf

Dell 490

[Jack J. Woehr]

Tried latest i386 snapshot on a Dell 490. Boots, but Install doesn't  
find any disks.

-- 
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Dell 490

[Jack J. Woehr]

 Tried latest i386 snapshot on a Dell 490. Boots, but Install  
doesn't find any disks.

I guess Intel 6321ESB AHCI SATA ('not configured')  is not  
supported yet :(

-- 
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Re: dylan language

[Marc Espie]

On Fri, Dec 22, 2006 at 11:42:44AM -0800, Joe wrote:
 
 Is this for real? I figured if anyone could shed some light on this, an 
 OpenBSD developer might be able to comment on this dylan language. I'm 
 not looking to learn dylan, but am just wondering if this is legit. I 
 wouldn't mind running one of these tools if they are indeed safer to 
 run than wireshark. (yes i use tcpdump regularly)

I have the beginning of a port of gwydiondylan, there are still a lot
of issues to fix. The byte-code compiler (mindy) is slow as hell, d2c doesn't
quite work for me yet. Outside of that, dylan-binary does not work on a
range of architectures.

Dylan reminds me of haskell. Both are high-level languages, better than
sliced bread, and *everything* you want to build with them involves
compilation speeds that make g++ look like it's the fastest thing out
there...

Re: brconfig: bridge0: Operation not permitted

[Reyk Floeter]

On Sat, Dec 23, 2006 at 02:55:45AM +0800, Edy wrote:
 Issue resolved!
 
 It seems like in 4.0 current you are not allowed to have hellotime 
 parameter in /etc/bridgename.bridge0
 
 by removing that sentence from the file stops the error message.
 
 Cheers,
 Edy
 

thanks for the hint, i will add a note to the brconfig(8) manpage:

the hellotime can only be changed in STP mode but the bridge has been
changed to use RSTP mode by default in -current.

try brconfig bridge0 proto stp to enable STP-only mode.

 Edy wrote:
 Hi
 
 I am trying to execute the following command from CLI (as root user)
 
 brconfig bridge0 add fxp0 add fxp1 stp fxp0 stp fxp1 hellotime 2 
 maxage 20 fwdelay 15 up
 
 but it says the following
 
 brconfig: bridge0: Operation not permitted
 
 After that I executed brconfig bridge0 and it shows that bridge is up??!!
 
 shu:/root# brconfig bridge0
 bridge0: flags=0
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 
 proto rstp
designated: id 00:03:47:08:a3:66 priority 32768
fxp1 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P
port 2 ifpriority 128 ifcost 20 discarding role 
 designated
fxp0 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P
port 1 ifpriority 128 ifcost 20 discarding role 
 designated
Addresses (max cache: 100, timeout: 240):
 
 any idea?
 
 Thanks,
 edy

Re: OpenBSD on VMware fusion (dmesg) -- yes it works

[Jason Dixon]

On Dec 22, 2006, at 1:41 PM, Brian Keefer wrote:

So the only difference we know of is that you have a Core Duo2- 
based system?  Which version of OS X?  I'm on 10.4.8 with all the  
patches (including EFI firmware update), except for the most recent  
Quartz  QuickTime security patch.


Yes, this is a Core 2 Duo system running 10.4.8 with all patches.   
We're comparing apples to oranges (excuse the half-pun);  it would be  
more appropriate to boot up another Core Duo and compare results.


It's strange that when you boot -current it loads vic w/o having to  
specify vmxnet as your dev, but when I boot the snapshot from 21st  
it loads pcn unless I specifically change the dev to vmxnet, then  
it's vic, but it has no link.  Maybe I should cvsup and build from  
source?


My snapshot is from 12/20 (ftp2.usa.openbsd.org).

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: dylan language

[Darren Spruell]

On 12/22/06, Joe [EMAIL PROTECTED] wrote:

Today I saw a blog post about a wireshark alternative called
networtnightvision that claims to be more secure than wireshark. I'm
very interested in this because wireshark is just too dangerous to run,
IMO. Anyways, the sniffer is written in dylan. I have never heard of
dylan before. Here is a snippet from a paper [0] which the author claims:


[snip]


Is this for real? I figured if anyone could shed some light on this, an
OpenBSD developer might be able to comment on this dylan language. I'm
not looking to learn dylan, but am just wondering if this is legit. I
wouldn't mind running one of these tools if they are indeed safer to
run than wireshark. (yes i use tcpdump regularly)


The CCC also had some features on the use of Dylan and its role in the
design of a new network analysis framework. Some other things they
mention in relation are the implementation of a userland TCP/iP stack
and the challenge to keep performance reasonable (a noble goal
considering the rising link speeds we need to analyze).

At that time networknightvision is referred to as PoC only. It's
reported to have a fraction of the features of Ethereal and Dylan's
resulting compiled code is reported to be a little slower than Perl.
To me it sounds like something that is in a bit of an infancy.

DS

Re: Dell 490

[Jonathan Gray]

On Fri, Dec 22, 2006 at 11:39:28AM -0700, Jack J. Woehr wrote:
  Tried latest i386 snapshot on a Dell 490. Boots, but Install  
 doesn't find any disks.
 
 I guess Intel 6321ESB AHCI SATA ('not configured')  is not  
 supported yet :(

Go into the BIOS and chance the SATA mode to something
like enhanced/compatible and it will work.

Re: Dell 490

[Jack J. Woehr]

On Dec 22, 2006, at 1:32 PM, L. V. Lammert wrote:



 Check the BIOS and turn off any fake RAID settings. Had to do that  
 on some new Dell machines here, though I do not remember the model.

More like change from one set of fake RAID settings to another
set of fake RAID settings but yes that worked, thanks!

-- 
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

23C3 Chaos Communication Congress in Berlin, December 27 - 30, 2006, Berlin, Germany.

[Wim Vandeputte]

Hi,

In the spirit of Xmas or should I say vapor of spirits, OpenBSD users and
developers gather every year in Berlin to celebrate another year without
root holes.

You are all welcome to join our OpenBSD lounge at the 23C3 Chaos Communication 
Congress in Berlin, December 27 - 30, 2006, Berlin, Germany.

You can find us down in the Hackcenter, we'll have all the unusual items 
on display and all the usual suspects to have a chat with.

More info at https://events.ccc.de/congress/2006/Home

Wim.

-- 
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=   
https://kd85.com/notforsale.html
 --

Re: 23C3 Chaos Communication Congress in Berlin, December 27 - 30, 2006, Berlin, Germany.

[Jeroen Massar]

Wim Vandeputte wrote:
 Hi,

 In the spirit of Xmas or should I say vapor of spirits,

Those spirits are actually quite liquid ;) Enjoy your whiskey guys!

Oh and of course the large number of great talks they are giving, they
managed to get a great lineup again!

Greets,
 Jeroen

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: dylan language

[John Wright]

On Fri, Dec 22, 2006 at 11:42:44AM -0800, Joe wrote:
 Today I saw a blog post about a wireshark alternative called 
 networtnightvision that claims to be more secure than wireshark. I'm 
 very interested in this because wireshark is just too dangerous to run, 
 IMO. Anyways, the sniffer is written in dylan. I have never heard of 
 dylan before. Here is a snippet from a paper [0] which the author claims:

Isn't Dylan the one that Apple were talking about around the same time that
Sun released Java?

Re: Max memory in OpenBSD (4.0)

[Clint Pachl]

Cristiano Deana wrote:

i can't find any reference about max memory in openbsd, only some
questions about it (from me and others).

i tried with 4.0 i386 and amd64 and it seems i have no luck to see all
my memory (4G).
i also tried the patch who someone post the link but it doesn't work.

so, just two question:
1) how much memory can i use with openbsd?
2) is there any patch to see all?


From http://www.openbsd.org/plus40.html

Implemented separate pmap for PAE i386 machines, allows for support for 
machines with more than 4G RAM. Not enabled by default.


Post your dmesg.

-pachl

Re: Max memory in OpenBSD (4.0)

[Cristiano Deana]

2006/12/23, Clint Pachl [EMAIL PROTECTED]:


 i tried with 4.0 i386 and amd64 and it seems i have no luck to see all
 my memory (4G).



 From http://www.openbsd.org/plus40.html



Implemented separate pmap for PAE i386 machines, allows for support for
machines with more than 4G RAM. Not enabled by default.


Hi Clint,

now i'm using amd64.
i usually use freebsd, with have pae option for i386 and no limit for
amd64, so i hoped was the same for openbsd.

following my dmesg. thank in advance.

OpenBSD 4.0 (GENERIC.MP) #967: Sat Sep 16 20:38:15 MDT 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3488907264 (3407136K)
avail mem = 2990874624 (2920776K)
using 22937 buffers containing 349097984 bytes (340916K) of memory
mainbus0 (root)
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xcffbc000 (62 entries)
bios0: Dell Inc. PowerEdge 1950
ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4
mainbus0: Intel MP Specification (Version 1.4) (DELL PE 01B3 )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz, 1596.68 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 266MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz, 1596.48 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG
cpu1: 4MB 64b/line 16-way L2 cache
mpbios: bus 0 is type PCI
mpbios: bus 1 is type PCI
mpbios: bus 2 is type PCI
mpbios: bus 3 is type PCI
mpbios: bus 4 is type PCI
mpbios: bus 5 is type PCI
mpbios: bus 6 is type PCI
mpbios: bus 7 is type PCI
mpbios: bus 8 is type PCI
mpbios: bus 9 is type PCI
mpbios: bus 10 is type PCI
mpbios: bus 11 is type PCI
mpbios: bus 12 is type PCI
mpbios: bus 13 is type PCI
mpbios: bus 14 is type PCI
mpbios: bus 15 is type PCI
mpbios: bus 16 is type PCI
mpbios: bus 17 is type PCI
mpbios: bus 18 is type PCI
mpbios: bus 19 is type ISA
ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
ioapic1 at mainbus0 apid 3 pa 0xfec8, version 20, 24 pins
ioapic1: misconfigured as apic 0, remapped to apid 3
ioapic2 at mainbus0 apid 4 pa 0xfec81000, version 20, 24 pins
ioapic2: misconfigured as apic 0, remapped to apid 4
ioapic3 at mainbus0 apid 5 pa 0xfec82000, version 20, 24 pins
ioapic3: misconfigured as apic 0, remapped to apid 5
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12
ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12
pci1 at ppb0 bus 6
ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci2 at ppb1 bus 7
ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci3 at ppb2 bus 8
ppb3 at pci3 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc2
pci4 at ppb3 bus 9
bnx0 at pci4 dev 0 function 0 Broadcom BCM5708 rev 0x11: apic 2 int
16 (irq 5), address 00:15:c5:e9:08:bc
brgphy0 at bnx0 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 5
ppb4 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01
pci5 at ppb4 bus 10
ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01
pci6 at ppb5 bus 11
ppb6 at pci6 dev 1 function 0 Intel S21154AE/BE PCI-PCI rev 0x00
pci7 at ppb6 bus 12
fxp0 at pci7 dev 4 function 0 Intel 8255x rev 0x0d, i82550: apic 3
int 0 (irq 5), address 00:02:b3:d9:96:9a
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci7 dev 5 function 0 Intel 8255x rev 0x0d, i82550: apic 3
int 1 (irq 11), address 00:02:b3:d9:96:9b
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
ppb7 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12
pci8 at ppb7 bus 1
ppb8 at pci8 dev 0 function 0 Intel IOP333 PCIE-PCIX rev 0x00
pci9 at ppb8 bus 2
mfi0 at pci9 dev 14 function 0 Dell PERC 5 rev 0x00: apic 4 int 14 (irq 6)
mfi0: logical drives 1, version 5.0.1-0030, 256MB RAM
scsibus0 at mfi0: 1 targets
sd0 at scsibus0 targ 0 lun 0: DELL, PERC 5/i, 1.00 SCSI3 0/direct fixed
sd0: 69376MB, 69376 cyl, 64 head, 32 sec, 512 bytes/sec, 142082048 sec total
ppb9 at pci8 dev 0 function 2 Intel IOP333 PCIE-PCIX rev 0x00
pci10 at ppb9 bus 3
ppb10 at pci0 dev 4 function 0 Intel 5000 PCIE rev 0x12
pci11 at ppb10 bus 13
ppb11 at pci11 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci12 at ppb11 bus 14
ppb12 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12
pci13 at ppb12 bus 15
ppb13 at pci0 dev 6 function 0 Intel 5000 PCIE rev 0x12
pci14 at ppb13 bus 16
ppb14 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0x12
pci15 at ppb14 bus 17
pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0x12
pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0x12
pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0x12
pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0x12
pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0x12
pchb6 at pci0 dev 21 

Re: following -stable

[Nick Holland]

Toni Mueller wrote:
...
 It's not getting smaller anytime soon, so if planning ahead is something
 you like to do, I'd probably leave at least 2G for future growth.
 
 That's why I asked... any estimates about the growth rate?

not really.
Things putt along slowly for a while, then suddenly someone puts decides
debugging symbols would make a lot of sense in the libraries, and
BOOM...Nick is off to find another disk for his mac68k build machine.  A
great improvement, no doubt, but not without expected side-effects.
Fortunately, my parts pile is wide and deep.

I'm not sure, but Xenocara *may* use /usr/obj, that may create a jump in
usage if that's true if you don't erase it between base and X compiles
(which I would slightly recommend...I tend to think of the builds as one
big project, and don't like deleting stuff mid-way through.  But that's
me.  I don't think that will take you near 2G, however.  But I could be
wrong. :)

...
 Or, just skip the usr/obj partition...  Having been stung a few times by
 over partitioning recently,
 
 What's overpartitioning? ;-)

That's when you say, 500M is plenty large for /var, except for this mail
archive directory, which could grow really big under some failure
conditions, so you create a 100G /var/archive partition and 500M /var
partition, then discover that under the OPPOSITE failure conditions,
massive amounts of mail ends up in /var/spool.  At that point, you realize
that splitting off the two partitions sounded good, but instead it just
cost you some embarrassing down time and didn't help you in the slightest,
AND PROBABLY NEVER WILL (and in fact, I can now think of other failure
modes where it could bite me).  Should have just put it in one huge /var
partition.

...
 But a toolset for relocating and resizing file systems, during live
 operation if possible, would be really great... although I think this
 will be quite hard, if possible at all.

Much is possible if you spend enough time and effort and everything is
possible if you are willing to redefine success. :)

growfs is already there, and very cool.  It would be great to have a
shrinkfs command, but that would be much more difficult (and someone
would have to actually do it, and I wouldn't suggest waiting for me).  Live
file system manipulations are scary, BUT in some cases, you can come
respectably close if you understand your system and tools (and practice on
non-critical systems).  It is also a very good argument for leaving free
space on the disk, you can accomplish a lot if you have a little free space.

Nick.

Re: CPAN error

[Martin Schröder]

2006/8/30, Monah Baki [EMAIL PROTECTED]:

Yesterday I installed Openbsd3.9 and wanted to install Digest::SHA1 using
CPAN
I get an error complaining the MD5 checksum is incorrect and to delete it
from /root/.cpan../../etc etc (which I did). This happens with other
modules too. I can download the modules manually and run perl
Makefile.pl, make  make install, but was wandering why I'm having
this problem.


I have the same problem with cpan on 4.0; trying to install anything
(e.g. HTTP::Date) ends with errors about incorrect checksums, although
gzip finds the tar.gz to be correct. Here's a log:
--
cpan install HTTP::Date
Running install for module HTTP::Date
Running make for G/GA/GAAS/libwww-perl-5.805.tar.gz
LWP not available
CPAN: Net::FTP loaded ok
Fetching with Net::FTP:
 
ftp://ftp.freenet.de/pub/ftp.cpan.org/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz
Couldn't fetch libwww-perl-5.805.tar.gz from ftp.freenet.de
LWP not available
Fetching with Net::FTP:
 ftp://cpan.noris.de/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz
Couldn't fetch libwww-perl-5.805.tar.gz from cpan.noris.de
LWP not available
Fetching with Net::FTP:
 
ftp://ftp.gwdg.de/pub/languages/perl/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz
Couldn't fetch libwww-perl-5.805.tar.gz from ftp.gwdg.de
LWP not available
Fetching with Net::FTP:
 ftp://ftp.leo.org/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz

Trying with /usr/bin/lynx -source to get
   
ftp://ftp.freenet.de/pub/ftp.cpan.org/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz
gzip: /home/ms/.cpan/sources/authors/id/G/GA/GAAS/libwww-perl-5.805.tar:
unknown suffix: ignored

Checksum mismatch for distribution file. Please investigate.

Distribution id = G/GA/GAAS/libwww-perl-5.805.tar.gz
   CPAN_USERID  GAAS (Gisle Aas [EMAIL PROTECTED])
   CALLED_FOR   HTTP::Date
   CONTAINSMODS LWP::Protocol::cpan LWP::Protocol::ftp HTTP::Status
File::Listing LWP::Protocol::http10 HTTP::Headers
HTTP::Cookies::Microsoft LWP::Protocol::nogo LWP::Protocol::nntp
HTTP::Daemon LWP::Protocol::mailto HTML::Form LWP::Protocol::gopher
LWP::ConnCache Net::HTTPS HTTP::Message HTTP::Cookies
HTTP::Headers::Auth HTTP::Request::Common HTTP::Response
LWP::Protocol::loopback HTTP::Cookies::Netscape LWP::Authen::Ntlm
LWP::Authen::Basic HTTP::Request WWW::RobotRules LWP::Protocol LWP
LWP::Protocol::data LWP::MediaTypes HTTP::Negotiate
LWP::Protocol::https Net::HTTP::NB LWP::Simple Net::HTTP
LWP::DebugFile LWP::RobotUA LWP::Protocol::file HTTP::Headers::Util
HTTP::Headers::ETag LWP::Authen::Digest HTTP::Date LWP::Protocol::http
LWP::MemberMixin LWP::UserAgent LWP::Protocol::GHTTP LWP::Debug
LWP::Protocol::https10 WWW::RobotRules::AnyDBM_File Net::HTTP::Methods
   MD5_STATUS
   incommandcolor 1
   localfile
/home/ms/.cpan/sources/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz

I'd recommend removing
/home/ms/.cpan/sources/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz. Its
MD5
checksum is incorrect. Maybe you have configured your 'urllist' with
a bad URL. Please check this array with 'o conf urllist', and
retry.
--
Now, while there might be a port of some perls, cpan should also work.
So what am I doing wrong?

Update: I installed p5-libwww-5.803, and cpan _now_ works. Me thinks
some perls are missing for cpan to work...

Best
  Martin

Re: piixpm0: timeout, status 0x1BUSY?

[Mike Shaw]

BTW, sorry for the silly question on permanently through reboots.
Quck man page read got me straight.

-Mike

On 12/22/06, Mike Shaw [EMAIL PROTECTED] wrote:

I will try disabling admtemp but will hold off on the patch for
obvious reasons.  Is there a way to do this permanently through
reboots?

piixpm0: timeout, status 0x1BUSY?

[Mike Shaw]

Hey misc, maybe someone out there can help me out.  I'm getting tons of these:
piixpm0: timeout, status 0x1BUSY

Server will stay solid for about 24 hours then they start.  I searched
and saw a couple posts here and there without follow up.  I also saw
one from Feb (3.9-beta) that suggested disabling admtemp and had a
patch, but it's been awhile so I wanted to see if anyone else had
worked through this.

I will try disabling admtemp but will hold off on the patch for
obvious reasons.  Is there a way to do this permanently through
reboots?  I kind of need this server to work, so I'm willing to jump
through some guinea pig hoops if it turns out to be a bug.

Thanks!
-Mike

-
Server is an Intel ISP1100.  I just flashed the BIOS to the latest on
the intel website (v. 15).

dmesg:
OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 752 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 1073049600 (1047900K)
avail mem = 970825728 (948072K)
using 4256 buffers containing 53755904 bytes (52496K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 07/20/01, BIOS32 rev. 0 @
0xfda74, SMBIOS rev. 2.3 @ 0xf10f0 (55 entries)
bios0: Intel Corporation TR440BXA
apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled)
apm0: APM power management enable: unrecognized device ID (9)
apm0: APM engage (device 1): power management disabled (1)
apm0: AC on, battery charge unknown
apm0: flags b0102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2a80/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xc9800/0x1800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82443BX rev 0x03
pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02
pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: ST3802110A
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x02: polling
iic0 at piixpm0
unknown at iic0 addr 0x18 not configured
lmenv0 at iic0 addr 0x2d: adm9240 rev 2, starting scan
fxp0 at pci0 dev 12 function 0 Intel 8255x rev 0x08, i82559: irq 15,
address 00:02:b3:23:6f:5e
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci0 dev 13 function 0 Intel 8255x rev 0x08, i82559: irq 15,
address 00:02:b3:23:6f:5f
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci0 dev 14 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 7fe5 netmask ffe5 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

Allen Delong, Out of Office-Jan. 02

[adelong2]

Many thanks for your note. I am out of the office until Tuesday, January 2.  I 
will be checking email infrequently during this time, but will return your 
message on my return. 

best wishes for a happy new year.