Re: Redundant web servers

[Pierre-Yves Ritschard]

Nick Ryan wrote:
If you haven't already seen it on undeadly.org this might be what you're 
after:


http://spootnik.org/hoststated/hoststated_introduction.html

Cheers

This means having a third machine.
If its OK with you you can indeed use hoststated (with 2 tables 
containing 1 host each):


table slave {
check ...
host $slavehost
}
table master {
check ...
host $masterhost
}
service http {
virtual ip ...
table master
backup table slave
}

Otherwise you can also use sysutils/monit to monitor your HTTP server 
and increase the demote counter in case of HTTP failure. Which would 
seem simpler and more to the point in your scenario (and you keep only 
two machines).

Proposition NDD

[Marie-Thé Robin]

Bonjour,

Suite ` la libiralisation de lextension frangaise, vous avez
probablement riservi votre nom de domaine en .FR

Virifiez dhs ` prisent la disponibiliti de votre extension en .COM ou
.EU, et protigez efficacement votre adresse Internet.

Dans lattente dun prochain contact,

Veuillez accepter mes sinchres salutations.

Marie-thi Robin
Responsable Diveloppement /b

http://www.nom-domaine.fr

Offre riservie exclusivement aux entreprises.

Conformiment ` la Loi Informatique et Libertis parue au Journal Officiel
du 6 janvier 1978, vous disposez d'un droit d'acchs, de rectification, et
d'opposition aux donnies personnelles vous concernant. Pour ne plus
recevoir d'informations de notre part, Cliquez ici

Cups not listing devices

[Victor Abeytua]

I'm quite new with OpenBSD, but so far I've been able to replicate all
the services I had in my linux box except for cups.

The printer I'm trying to set up is a Brother HL-1430. When I try to
setup the printer through the web interface I can't get past the select
device screen. The dropdown appears empty, so I can't select one  :(
After checking previous mailing archives and googling I tried changing
the group owner of the device (/dev/ulpt0) but nothing happens. If I try
to install the printer from the command line, it apparently works :

/usr/local/sbin/lpadmin Brother_HL1430 -v usb:/dev/ulpt0 -P
/root/Brother-HL-1430-hl1250.ppd -E

But the web interface still shows no printers. In fact, when I try to
list the printers, cups logs the following:

E [18/Jan/2007:20:25:59 +0100] [CGI] CUPS-Get-Printers request failed -
server-error-internal-error (500)

Right now I'm quite at a loss and would really appreciate some help.

V.

GENERIC_ACPI

[Vim Visual]

Hi,

I enabled acpi and compiled the kernel etc but still acpi is not
working (not configured)

Anyway, my question is whether the possible developers of [EMAIL PROTECTED]
would be interested in my dmesg GENERIC_ACPI and where should I send
it (I guess [EMAIL PROTECTED] is not the right place?)

Cheers,

Pau

Re: Sony VAIO needed

[Didier Wiroth]

Marco Peereboom wrote:

A few weeks ago I asked for a Sony VAIO on the list and some folks
offered to give me root access.  As much as I appreciated the offer I
had to turn it down due to the nature of ACPI development.  It requires
frequent hard reboots when debugging hairy issues and this is really
impractical when the machine is on the other side of the world and no
real contact with the person manning it.

Anyway, long story short, Deanna Phillips' laptop died the other day and
She is in a real pickle for a new one.  Lets combine ACPI, ports
development and undeadly work in one fell swoop.

I am taking paypal donations on [EMAIL PROTECTED] for a new or used
laptop.  I think we need about $1000 or so to get a laptop with the
features we want to develop for.  As soon as we get enough money in I
will let you know.  Any leftovers will be put towards the regular
OpenBSD donations.

Please contact me off list with questions.

Thanks!
/marco


I'm in, come on guys !!!
Let's get this laptop!
Kind regards,
Didier

rc.conf.local

[Lawrence Horvath]

when using rc.conf.local do you need to add
#!/bin/sh -
at the top of the file, or just start inserting lines?

thanks


--
-Lawrence
-Student ID 1028219
-CCNA

Re: rc.conf.local

[Fred Crowson]

Lawrence Horvath wrote:

when using rc.conf.local do you need to add
#!/bin/sh -
at the top of the file, or just start inserting lines?

thanks



Just start inserting the lines.

The hashbang is in the rc.conf script.

HTH

Fred
--
http://www.crowsons.net/puters/zaurus.php

Re: rc.conf.local

[Nico Meijer]

Hey Lawrence,

 when using rc.conf.local do you need to add
 #!/bin/sh -
 at the top of the file, or just start inserting lines?

Its syntax is similar to rc.conf. Therefore: the latter.

HTH... Nico

Re: rc.conf.local

[Joachim Schipper]

On Fri, Jan 19, 2007 at 03:18:09AM -0800, Lawrence Horvath wrote:
 when using rc.conf.local do you need to add
 #!/bin/sh -
 at the top of the file, or just start inserting lines?

The latter, it's included, not called separately (which would also make
getting at the variables somewhat difficult...).

Joachim

Re: GENERIC_ACPI

[Vijay Sankar]

On Friday 19 January 2007 04:47, Vim Visual wrote:
 Hi,

 I enabled acpi and compiled the kernel etc but still acpi is not
 working (not configured)

Did you do a quit or an exit in config? One saves the settings, the other 
doesn't. I am mentioning this only because it happened to me yesterday while 
enabling ACPI.


 Anyway, my question is whether the possible developers of [EMAIL PROTECTED]
 would be interested in my dmesg GENERIC_ACPI and where should I send
 it (I guess [EMAIL PROTECTED] is not the right place?)

 Cheers,

 Pau


 !DSPAM:1,45b0a480251761744846740!

-- 
Vijay Sankar
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: +1 (204) 885-9535, E-Mail: [EMAIL PROTECTED]

Re: Performance Statistics: -current

[Brian Candler]

On Thu, Jan 18, 2007 at 12:03:05PM -0600, Vijay Sankar wrote:
  if top shows ~20% system load, even when idle, try disabling iic and ichiic
  in UKC.  sth we have to do here with an ASUS server.
 
 Thank you very much for your reply.
 
 I did not notice the system load to be very high (it was 3.5% or so when 
 building

Are you sure you saw only 3.5% CPU utilisation while building the OpenBSD
base system? That means the CPU was idle almost all of the time.

If true, it means the system was spending most of its time waiting for
something else before it could continue - probably the disk.

Try looking at the output of iostat -w2 while building. Particularly of
interest is the t/s (transfers per second) column.

When compiling code, most transfers will be small. A single hard drive
spinning at 7200rpm is in theory capable of 240 transfers per second
(assuming each transaction requires the platter to rotate on average by half
a turn), so values in the range 200-300 are to be expected.

If you are seeing much less than this, then maybe your disk subsystem has a
problem - a badly setup RAID? No DMA? A faulty drive which is doing retries?
A bad IDE cable? (Check for warnings in /var/log/messages)

If it looks like disk I/O is slow, then using a disk benchmark program might
help you more systematically investigate and tweak. For example, you will
find bonnie and bonnie++ in packages.

If you post the full output of dmesg, mount and df -k, plus a
description of your disk subsystem, people might have some more suggestions.

HTH,

Brian.

stupid clamav question

[J.C. Roberts]

Yes, I know this is an OpenBSD list not the ClamAV list...

Anyhow, I'm working on an updated archivers/unarj port for use with 
clamav so you can scan inside ARJ archives. Though the current port 
shows unarj has an x switch to extract files from ARJ archives with 
path names, said switch doesn't work, and never has worked since the 
code to create directories is just plain missing.

You can use the e switch to extract files from ARJ archives but not 
path is created, hence, files with identical names will be skipped 
rather overwritten.

So my question for the clamav users is how the heck does clamav work 
with compressed archives?

  -Does it extract archives with full paths to a temporary directory and 
   then scan inside the temp directory?

  -Or does it extract individual files from the archive to a temp 
   directory, and then scan the individual files?

And lastly yes, I've got the updated unarj port (v.2.65) working and 
have fixed all of string handling so it's safe(r) to use with clamav 
but the new code still has the same license limitations as the existing 
unarj port. 

As for the sourcefore arj port which is GPL'd, I also have it working 
but the code is such a mess I may not be able to fix all of it's 
problems.

Thanks,
JCR

Re: spamd started missing some fakes?

[Peter N. M. Hansteen]

Seth Hanford [EMAIL PROTECTED] writes:

 2 of the 5 messages came to me via a backup MX, so I don't expect spamd
 to be much help there -- that IP sends me lots of mail, so it's
 naturally whitelisted. 

2 things which may or may not help, but worth mentioning anyway - 

-  If your backup is somewhere friendly, see if you can't get the admins
   at that site to put the machine behind a greylisting spamd too.

-  Second, local greytrapping seems to actually take care of a lot of the
   remaining 3% of the messages spammers attempt to send.  

If you're not already greytrapping, check your mail logs for attempts
at delivery to unknown users you know will never exist and make them
traps using spamdb.  A handful of trap addresses should have very
visible effect.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Performance Statistics: -current

[Vijay Sankar]

On Friday 19 January 2007 06:07, Brian Candler wrote:
 On Thu, Jan 18, 2007 at 12:03:05PM -0600, Vijay Sankar wrote:
   if top shows ~20% system load, even when idle, try disabling iic and
   ichiic in UKC.  sth we have to do here with an ASUS server.
 
  Thank you very much for your reply.
 
  I did not notice the system load to be very high (it was 3.5% or so when
  building

Thank you very much for the detailed explanation. I will try to use the disk 
benchmarking program bonnie you mentioned. I followed Stuart Henderson's 
advice and updated the BIOS. That has resolved this problem. The other 
suggestions that were made and the explanations also helped me a lot (now I 
know a little bit more about what is iic and ichiic and vmstat!), especially 
in pointing out where I should look. 

 Are you sure you saw only 3.5% CPU utilisation while building the OpenBSD
 base system? That means the CPU was idle almost all of the time.

 If true, it means the system was spending most of its time waiting for
 something else before it could continue - probably the disk.

 Try looking at the output of iostat -w2 while building. Particularly of
 interest is the t/s (transfers per second) column.

 When compiling code, most transfers will be small. A single hard drive
 spinning at 7200rpm is in theory capable of 240 transfers per second
 (assuming each transaction requires the platter to rotate on average by
 half a turn), so values in the range 200-300 are to be expected.

 If you are seeing much less than this, then maybe your disk subsystem has a
 problem - a badly setup RAID? No DMA? A faulty drive which is doing
 retries? A bad IDE cable? (Check for warnings in /var/log/messages)

 If it looks like disk I/O is slow, then using a disk benchmark program
 might help you more systematically investigate and tweak. For example, you
 will find bonnie and bonnie++ in packages.

 If you post the full output of dmesg, mount and df -k, plus a
 description of your disk subsystem, people might have some more
 suggestions.

 HTH,

 Brian.

 !DSPAM:1,45b0b49a17315683411216!

-- 
Vijay Sankar
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: +1 (204) 885-9535, E-Mail: [EMAIL PROTECTED]

Re: rc.conf.local

[Han Boetes]

Lawrence Horvath wrote:
 when using rc.conf.local do you need to add
 #!/bin/sh -
 at the top of the file, or just start inserting lines?

The file is `sourced.' Which means it is read and executed by sh
running /etc/rc. You don't have to add a `shebang.' Also notice
the file isn't executable.


# Han

Re: stupid clamav question

[Stuart Henderson]

On 2007/01/19 04:56, J.C. Roberts wrote:
 Anyhow, I'm working on an updated archivers/unarj port for use with 
 clamav so you can scan inside ARJ archives. Though the current port 
 shows unarj has an x switch to extract files from ARJ archives with 
 path names, said switch doesn't work, and never has worked since the 
 code to create directories is just plain missing.

 So my question for the clamav users is how the heck does clamav work 
 with compressed archives?

clamscan calls 'arj x -y' (n.b. arj, not unarj). For scanning emails,
I think only MailScanner users are likely to use clamscan (they don't
mind the startup overhead so much since they batch the mail up and then
scan it).

Other mail virus-scanners I've seen use clamd, so you need to look at
the mail-scanner and see what _it_ does;

smtp-vilter and clamsmtp pass files straight to clamd, so .arj/rar
are all passed (unless a clamav signature matches the entire archive),
or smtp-vilter users might block them by filename, but you can't
scan individual archive members.

amavisd-new unpacks the files itself before feeding to clamd, this
uses either 'unarj e' or arj with some complex set of parameters, but
it makes my brain hurt to read even just their sample config let
alone the code..ugh..how can an email scanner be more hassle to
configure than, oh say, totally setting up Opus-CBCS...

Re: Sony VAIO needed

[Mike Erdely]

Didier Wiroth wrote:

Marco Peereboom wrote:

I am taking paypal donations on [EMAIL PROTECTED] for a new or used
laptop.

I'm in, come on guys !!!


+$100


Let's get this laptop!
Kind regards,
Didier


-ME

Re: stupid clamav question

[J.C. Roberts]

On Friday 19 January 2007 06:46, Stuart Henderson wrote:
 On 2007/01/19 04:56, J.C. Roberts wrote:
  Anyhow, I'm working on an updated archivers/unarj port for use with
  clamav so you can scan inside ARJ archives. Though the current port
  shows unarj has an x switch to extract files from ARJ archives
  with path names, said switch doesn't work, and never has worked
  since the code to create directories is just plain missing.
 
  So my question for the clamav users is how the heck does clamav
  work with compressed archives?

 clamscan calls 'arj x -y' (n.b. arj, not unarj). For scanning emails,
 I think only MailScanner users are likely to use clamscan (they don't
 mind the startup overhead so much since they batch the mail up and
 then scan it).


Thanks Stuart. Since we do not have the GPL'd arj (sourceforge) in the 
ports tree, and the proprietary version (arjsoftware.com) does not have 
UNIX support, people are most likely not using the clamscan method.

The one thing I can say with certainty is the GPL'd version of arj on 
sourceforge is some of the worst and most dangerous C code I've ever 
seen. Though I absolutely hate to ever utter the words rewrite or 
fork it may be justified. Sure, it will run with some minor patches, 
but in trying to actually correcting the damn thing, I've done 
countless patches but I'm still a *long* way from completing the port.

 Other mail virus-scanners I've seen use clamd, so you need to look at
 the mail-scanner and see what _it_ does;

 smtp-vilter and clamsmtp pass files straight to clamd, so .arj/rar
 are all passed (unless a clamav signature matches the entire
 archive), or smtp-vilter users might block them by filename, but you
 can't scan individual archive members.

 amavisd-new unpacks the files itself before feeding to clamd, this
 uses either 'unarj e' or arj with some complex set of parameters, but
 it makes my brain hurt to read even just their sample config let
 alone the code..ugh..how can an email scanner be more hassle to
 configure than, oh say, totally setting up Opus-CBCS...

Using 'unarj -e' gives a false sense of security, since you can not 
actually scan all the files in an archive. Duplicated file names stored 
in different directories within the archive (from the original source 
of said files), quietly fail to be extracted, so they are never 
scanned.

In the unarj port, I can add support for the -x switch. Is this a good 
way to deal with it?

jcr

Connections misteriously ignored while passing on an OpenBSD 4.0 redundant packet-filter

[Rui Miguel Silva Seabra]

Hello,

On a backend we notice the following very strange behaviour:

[EMAIL PROTECTED] ~]$ nc -nv otherhost 1024
otherhost [otherhost_IP] 1024 (?) open
 punt!
[EMAIL PROTECTED] ~]$ nc -nv otherhost 1024
 punt!
[EMAIL PROTECTED] ~]$ nc -nv otherhost 1024
otherhost [otherhost_IP] 1024 (?) open
 punt!
[EMAIL PROTECTED] ~]$ nc -nv otherhost 1024
 punt!
[EMAIL PROTECTED] ~]$ nc -nv otherhost 1024
otherhost [otherhost_IP] 1024 (?) open
 punt!
[EMAIL PROTECTED] ~]$ nc -nv otherhost 1024
otherhost [otherhost_IP] 1024 (?) open
^[[Ac punt!
[EMAIL PROTECTED] ~]$ nc -nv otherhost 1024
otherhost [otherhost_IP] 1024 (?) open
 punt!
[EMAIL PROTECTED] ~]$ nc -nv otherhost 1024
 punt!
[EMAIL PROTECTED] ~]$ nc -nv otherhost 1024
otherhost [otherhost_IP] 1024 (?) open
 punt!

What seems to be the problem here, I ask? Sometimes the socket doesn't
open...

After much investigation, we found out that when the connection arrives
to the packet-filter, it's not always following through to anywhere.
Worse... sometimes after a few seconds the connection opens

I've noticed that if I disable pf, and just get an open gateway, the
packets always follow through from the backend to the otherhost, so it
seems to be related to PF.

However, if the rules weren't OK, then the connection would *always*
fail, right?

My rules start with:

set debug loud

scrub in all
pass quick on { ... interfaces with carp ... } proto carp keep state
pass quick on $pfsync_if proto pfsync keep state (no-sync)
set skip on lo0

pass quick on lo
antispoof quick log for { ... all interfaces ... }
block in quick to 224.0.0.0/8
block log all

then I have

pass in on $backend_if inet proto tcp from $backend to $otherhost port \
1024 flags S/SA keep state
pass out on $other_if inet proto tcp from $backend to $otherhost port \
1024 flags S/SA keep state

Of course it has a few other rules like allowing me to ssh to the
machine, and a few other pass' rules for other services, but the only
rule relating to $backend, $otherhost and port 1024 is this one.

Loud debug doesn't seem to provide any hints.
These lost packets don't show up on pflog
/var/log/messages complains frequently about invalid size packets...

Any suggestions?

Thanks in advance,
Rui

PS: here's a dmesg from fresh boot, with the IP on the last line
replaced by otherhost2:

OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 3.40GHz (GenuineIntel 686-class) 3.41 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16
cpu0: EST: strange msr value 0x112d112d
real mem  = 1073258496 (1048104K)
avail mem = 971022336 (948264K)
using 4256 buffers containing 53764096 bytes (52504K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @
0xf, SMBIOS rev. 2.3 @ 0xec000 (73 entries)
bios0: HP ProLiant DL360 G4p
pcibios0 at bios0: rev 2.1 @ 0xf/0x2000
pcibios0: PCI BIOS has 7 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 6300ESB LPC rev
0x00)
pcibios0: PCI bus #13 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xcc000/0x1000
0xcd000/0x1800 0xce800/0x1600 0xee000/0x2000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x0c
ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0c
pci1 at ppb0 bus 13
ppb1 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x0c
pci2 at ppb1 bus 6
ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci3 at ppb2 bus 7
ppb3 at pci3 dev 1 function 0 Pericom PI7C21P100 PCIX-PCIX rev 0x01
pci4 at ppb3 bus 8
em0 at pci4 dev 4 function 0 Intel PRO/1000MT QP (82546GB) rev 0x03:
irq 5, address 00:13:21:78:0e:8c
em1 at pci4 dev 4 function 1 Intel PRO/1000MT QP (82546GB) rev 0x03:
irq 5, address 00:13:21:78:0e:8d
em2 at pci4 dev 6 function 0 Intel PRO/1000MT QP (82546GB) rev 0x03:
irq 7, address 00:13:21:78:0e:8e
em3 at pci4 dev 6 function 1 Intel PRO/1000MT QP (82546GB) rev 0x03:
irq 5, address 00:13:21:78:0e:8f
ppb4 at pci2 dev 0 function 2 Intel PCIE-PCIE rev 0x09
pci5 at ppb4 bus 10
em4 at pci5 dev 1 function 0 Intel PRO/1000MT (82546EB) rev 0x01: irq
5, address 00:11:0a:59:d8:6c
em5 at pci5 dev 1 function 1 Intel PRO/1000MT (82546EB) rev 0x01: irq
5, address 00:11:0a:59:d8:6d
ppb5 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x0c
pci6 at ppb5 bus 3
ppb6 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02
pci7 at ppb6 bus 2
ciss0 at pci7 dev 1 function 0 Compaq Smart Array 64xx rev 0x01: irq 5
ciss0: 1 LD, HW rev 1, FW 2.68/2.68
scsibus0 at ciss0: 1 targets
sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 2.68 SCSI0 0/direct
fixed
sd0: 69459MB, 69459 cyl, 64 head, 32 sec, 512 bytes/sec, 142253280 sec
total
bge0 at pci7 dev 2 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0
(0x2100): irq 5, address 

Re: Should fopen() succeed on a directory?

[Adam]

Darrin Chandler [EMAIL PROTECTED] wrote:

 On Thu, Jan 18, 2007 at 05:17:50PM -0500, Adam wrote:
  Why does fopen()ing a directory for reading succeed instead of failing
  with EISDIR?  This has the possibly unexpected consequence of letting
  you pass yyin to yylex() as a fopen()ed directory, which then thinks it
  finished successfully because fread() returns 0 immediately.
 
 Directories are files and can be open(2)ed as such for reading.

We're not talking about the low level open() interface, we're talking
about the abstracted fopen() wrapper.  You can't use fread() on a
fopen()ed directory, and when passed a FILE * you can't tell wether its
a directory or just an empty file.  If you can't fread() from a stream
that is associated with a directory, then why associate the stream with
a directory in the first place?

Adam

Re: Performance Statistics: -current (SOLVED)

[Vijay Sankar]

Thanks to everyone's suggestions, especially the one by Stuart Henderson about 
updating the bios, I am now able to build and test OpenOffice more 
efficiently, using -current! 
 
Since I am in a learning mode, I decided to run the builds on two different 
machines simultaneously (AMD 4600 on ASUS M2N-SLI Deluxe motherboard and 
Pentium Core Duo 6400 on ASUS P5N32-SLI Premium, both with 4GB RAM and a few 
SATA 320GB drives with 16MB cache) just to gather some statistics.

Just in case it helps someone who is wondering how long a typical kernel build 
may take, here are the stats from my two machines. I was looking at vmstat 
-i, iostat -w2, and top through an SSH session, while the builds were going 
on. I have softdep enabled on /usr. I don't know whether the following has 
any impact on building X but the AMD 4600 box has two working GeForce 7100GS 
video cards and the Core Duo box has one unsupported GeForce 7300GT card:

TaskAMD 4600
Core Duo 6400
Building Kernel 4 minutes, 38 seconds   4 minutes, 25 
seconds
Building Userland   45 minutes, 6 seconds   43 minutes, 30 
seconds
Building X  35 minutes, 2 seconds   35 
minutes, 12 seconds
Building MP Kernel  5 minutes, 1 second 4 minutes, 50 
seconds

Time for building X includes the download times for building Tk and Tcl from 
ports. While building MP Kernel, I was looking at disk performance using 
iostat -w2 throughout the build process.

Finally, the dmesg from these two systems is attached in case that is useful.

Thanks again for all your help, 

Vijay

-- 
Vijay Sankar
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: +1 (204) 885-9535, E-Mail: [EMAIL PROTECTED]
OpenBSD 4.0-current (GENERIC.MP) #0: Fri Jan 19 08:32:10 CST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.14 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16
real mem  = 3219681280 (3144220K)
avail mem = 2943291392 (2874308K)
using 4256 buffers containing 161107968 bytes (157332K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 12/05/06, BIOS32 rev. 0 @ 0xfbe30, SMBIOS 
rev. 2.4 @ 0xf (71 entries)
bios0: ASUSTeK Computer INC. P5N32-SLI PREMIUM
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xdef4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfddb0/320 (18 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 18 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 7 10 11
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #6 is the last bus
bios0: ROM list: 0xc/0xec00 0xd/0x4000!
acpi at mainbus0 not configured
mainbus0: Intel MP Specification (Version 1.4)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 266 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.14 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16
mainbus0: bus 0 is type PCI   
mainbus0: bus 1 is type PCI   
mainbus0: bus 2 is type PCI   
mainbus0: bus 3 is type PCI   
mainbus0: bus 4 is type PCI   
mainbus0: bus 5 is type PCI   
mainbus0: bus 6 is type PCI   
mainbus0: bus 7 is type ISA   
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 vendor NVIDIA, unknown product 0x0071 rev 0xc1
vendor NVIDIA, unknown product 0x007f (class memory subclass RAM, rev 0xa1) 
at pci0 dev 0 function 1 not configured
vendor NVIDIA, unknown product 0x0075 (class memory subclass RAM, rev 0xa1) 
at pci0 dev 0 function 2 not configured
vendor NVIDIA, unknown product 0x006f (class memory subclass RAM, rev 0xa1) 
at pci0 dev 0 function 3 not configured
vendor NVIDIA, unknown product 0x00b4 (class memory subclass RAM, rev 0xa1) 
at pci0 dev 0 function 4 not configured
vendor NVIDIA, unknown product 0x0076 (class memory subclass RAM, rev 0xa1) 
at pci0 dev 1 function 0 not configured
vendor NVIDIA, unknown product 0x0078 (class memory subclass RAM, rev 0xa1) 
at pci0 dev 1 function 1 not configured
vendor NVIDIA, unknown product 0x0079 (class memory subclass RAM, rev 0xa1) 
at pci0 dev 1 function 2 not configured
vendor NVIDIA, unknown product 0x007a (class memory subclass RAM, rev 0xa1) 
at pci0 dev 1 function 3 not configured
vendor NVIDIA, unknown product 0x007b (class memory subclass RAM, rev 0xa1) 
at pci0 dev 1 function 4 not 

Re: stupid clamav question

[Stuart Henderson]

On 2007/01/19 07:37, J.C. Roberts wrote:
 On Friday 19 January 2007 06:46, Stuart Henderson wrote:
  On 2007/01/19 04:56, J.C. Roberts wrote:
   Anyhow, I'm working on an updated archivers/unarj port for use with
   clamav so you can scan inside ARJ archives. Though the current port
   shows unarj has an x switch to extract files from ARJ archives
   with path names, said switch doesn't work, and never has worked
   since the code to create directories is just plain missing.
  
   So my question for the clamav users is how the heck does clamav
   work with compressed archives?
 
  clamscan calls 'arj x -y' (n.b. arj, not unarj). For scanning emails,
  I think only MailScanner users are likely to use clamscan (they don't
  mind the startup overhead so much since they batch the mail up and
  then scan it).
 
 Thanks Stuart. Since we do not have the GPL'd arj (sourceforge) in the 
 ports tree, and the proprietary version (arjsoftware.com) does not have 
 UNIX support, people are most likely not using the clamscan method.

correct.

 The one thing I can say with certainty is the GPL'd version of arj on 
 sourceforge is some of the worst and most dangerous C code I've ever 
 seen. Though I absolutely hate to ever utter the words rewrite or 
 fork it may be justified. Sure, it will run with some minor patches, 
 but in trying to actually correcting the damn thing, I've done 
 countless patches but I'm still a *long* way from completing the port.

The actual page just says, 'open source'.
The project description says 'GPL',
there's no license in the tar.gz.

I don't think it's worth a fork unless the license is clear in the first
place (it seems like it's already a fork of the commercial version).

  Other mail virus-scanners I've seen use clamd, so you need to look at
  the mail-scanner and see what _it_ does;
 
  smtp-vilter and clamsmtp pass files straight to clamd, so .arj/rar
  are all passed (unless a clamav signature matches the entire
  archive), or smtp-vilter users might block them by filename, but you
  can't scan individual archive members.
 
  amavisd-new unpacks the files itself before feeding to clamd, this
  uses either 'unarj e' or arj with some complex set of parameters, but
  it makes my brain hurt to read even just their sample config let
  alone the code..ugh..how can an email scanner be more hassle to
  configure than, oh say, totally setting up Opus-CBCS...
 
 Using 'unarj -e' gives a false sense of security, since you can not 
 actually scan all the files in an archive. Duplicated file names stored 
 in different directories within the archive (from the original source 
 of said files), quietly fail to be extracted, so they are never 
 scanned.

Yes I understand this. Yeuch...

 In the unarj port, I can add support for the -x switch. Is this a good 
 way to deal with it?

I think so - the best situation would be to accept 'x -y' (currently
unarj dislikes the -y and fails to unpack) in which case clamscan could
use it directly without patching: clamscan --arj=/usr/local/bin/unarj

Re: Connections misteriously ignored while passing on an OpenBSD 4.0 redundant packet-filter

[Rui Miguel Silva Seabra]

More debug details: I sniffed traffic on the backend interface, and both
packet-filter interfaces. Notice how weird it is, the first two packets
don't follow through, then the third one does and the socket opens.

The network diagram is:

backend -- cisco switch -- packet-filter -- cisco switch -- otherhost


On backend interface:

16:21:03.314620 IP (tos 0x0, ttl  64, id 19715, offset 0, flags [DF],
proto 6, length: 60) backend.47061  otherhost.1024: S [tcp sum ok]
115692:115692(0) win 5840 mss 1460,sackOK,timestamp 780638207
0,nop,wscale 2

16:21:06.314399 IP (tos 0x0, ttl  64, id 19717, offset 0, flags [DF],
proto 6, length: 60) backend.47061  otherhost.1024: S [tcp sum ok]
115692:115692(0) win 5840 mss 1460,sackOK,timestamp 780641207
0,nop,wscale 2

16:21:12.313302 IP (tos 0x0, ttl  64, id 19719, offset 0, flags [DF],
proto 6, length: 60) backend.47061  otherhost.1024: S [tcp sum ok]
115692:115692(0) win 5840 mss 1460,sackOK,timestamp 780647207
0,nop,wscale 2

16:21:12.313803 IP (tos 0x0, ttl 127, id 56156, offset 0, flags [none],
proto 6, length: 64) otherhost.1024  backend.47061: S [tcp sum ok]
358573471:358573471(0) ack 115693 win 16384 mss 1460,nop,wscale
0,nop,nop,timestamp 0 0,nop,nop,sackOK

16:21:12.313828 IP (tos 0x0, ttl  64, id 19721, offset 0, flags [DF],
proto 6, length: 52) backend.47061  otherhost.1024: . [tcp sum ok]
1:1(0) ack 1 win 1460 nop,nop,timestamp 780647208 0


On packet-filter backend_if:

16:19:22.268809 backend.47061  otherhost.1024: S [tcp sum ok]
115692:115692(0) win 5840 mss 1460,sackOK,timestamp 780638207
0,nop,wscale 2 (DF) (ttl 64, id 19715, len 60)

16:19:25.268606 backend.47061  otherhost.1024: S [tcp sum ok]
115692:115692(0) win 5840 mss 1460,sackOK,timestamp 780641207
0,nop,wscale 2 (DF) (ttl 64, id 19717, len 60)

16:19:31.267825 backend.47061  otherhost.1024: S [tcp sum ok]
115692:115692(0) win 5840 mss 1460,sackOK,timestamp 780647207
0,nop,wscale 2 (DF) (ttl 64, id 19719, len 60)

16:19:31.268188 otherhost.1024  backend.47061: S [tcp sum ok]
358573471:358573471(0) ack 115693 win 16384 mss 1460,nop,wscale
0,nop,nop,timestamp 0 0,nop,nop,sackOK (ttl 127, id 56156, len 64)

16:19:31.268329 backend.47061  otherhost.1024: . [tcp sum ok] 1:1(0)
ack 1 win 1460 nop,nop,timestamp 780647208 0 (DF) (ttl 64, id 19721,
len 52)



On packet-filter otherhost_if:

16:19:31.267881 backend.47061  otherhost.1024: S [tcp sum ok]
115692:115692(0) win 5840 mss 1460,sackOK,timestamp 780647207
0,nop,wscale 2 (DF) (ttl 63, id 19719, len 60)

16:19:31.268167 otherhost.1024  backend.47061: S [tcp sum ok]
358573471:358573471(0) ack 115693 win 16384 mss 1460,nop,wscale
0,nop,nop,timestamp 0 0,nop,nop,sackOK (ttl 128, id 56156, len 64)

16:19:31.268351 backend.47061  otherhost.1024: . [tcp sum ok] 1:1(0)
ack 1 win 1460 nop,nop,timestamp 780647208 0 (DF) (ttl 63, id 19721,
len 52)




Rui
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

BGP OSPF question

[Toni Mueller]

Hi,

I'd like to do the following:

 network 1  O1 --- wan1 -- O2  network2 --- O4 --- Internet
   \-- R1 -- wan2 --- O3 --/

R1 is a non-OSPF speaking router, O1, O2, O3, and O4 are OSPF-speaking
routers (O3 still being a Cisco). Anyway, as you can already guess, the
idea is to have failover between wan1 and wan2 via OSPF, and Internet
connectivity at network 1.

To do this, I should announce a default route from O2 and O3 to O1. I
designed the network to have two areas, network1 and network 2, but in
O2, I can't say redistribute default because that should screw up
routing in network 2. I only want to announce the default route in area
1 (network 2 = backbone, network 1 = area 1). The man page suggest that
this isn't possible right now in OpenOSPFD.

How do I solve this problem with 4.0, except using a hack with
script-based manipulation of static routes?

Before I tried this, I wanted to do this in BGP (setting NO_EXPORT on
routes announced by O1), but no luck either. The small networks (eg.
/28) don't seem to get injected... bgpctl shows the networks to be
announced, but on the receiving box (O2) bgpctl show neighbor says that
it has not received any prefix.

O1, O2, and O4 are OpenBSD 4.0 systems.


The BGP filter section in O1 looks like this ($peer2 == O2 in this
scenario):

-- cut
allow quick from $peer2
allow quick to $peer2 set community NO_EXPORT

# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen = 8
deny from any prefix 172.16.0.0/12 prefixlen = 12
deny from any prefix 192.168.0.0/16 prefixlen = 16
deny from any prefix 169.254.0.0/16 prefixlen = 16
deny from any prefix 192.0.2.0/24 prefixlen = 24
deny from any prefix 224.0.0.0/4 prefixlen = 4
deny from any prefix 240.0.0.0/4 prefixlen = 4
-- cut

On a side note, it would be nice if I could say something like

deny source-as 65000..65535

in bgpd.conf... or is using communities computationally more efficient?


TIA!


Best,
--Toni++

Re: Connections misteriously ignored while passing on an OpenBSD 4.0 redundant packet-filter

[Rui Miguel Silva Seabra]

Aha! I finally found what was happening. An application in the
certification interfaces went crazy. It tried to open so many
connections it exhausted the state table, which explains the hanging
packet.

Hurray for pfctl -s state | wc -l (10k, 9k, 9k, 10k, 10k, )

Now to strangle that bastard

Rui

--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Should fopen() succeed on a directory?

[Matthew R. Dempsky]

On Fri, Jan 19, 2007 at 11:07:14AM -0500, Adam wrote:
 If you can't fread() from a stream
 that is associated with a directory, then why associate the stream with
 a directory in the first place?

Does the C (or any) standard say it should fail?  fopen(3) works on
directories under Linux and Solaris, so OpenBSD certainly isn't unique
in this regard.

ntp is blocked because of my pf.conf

[Didier Wiroth]

Hello,
I'm currently connecting to the internet via a soekris box and kernel pppoe. 
The soekris box runs:
OpenBSD 4.0-current (GENERIC) #1303: Wed Dec 20 19:13:07 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

I configured ntpd on the soekris box to sync the time, but the traffic is 
blocked and I do not understand why.
Here is the log of the blocked ntp traffic, (my external pppoe0 address is 
158.64.137.18):
rule 3/(match) block out on pppoe0: 158.64.137.18.25043  217.20.119.125.123: 
v4 client strat 0 poll 0 prec 0 [tos 0x10]
rule 3/(match) block out on pppoe0: 158.64.137.18.35174  213.133.123.125.123: 
v4 client strat 0 poll 0 prec 0 [tos 0x10]
rule 3/(match) block out on pppoe0: 158.64.137.18.5537  212.112.228.242.123: 
v4 client strat 0 poll 0 prec 0 [tos 0x10]

I have the following rule (the entire pf.conf is below):
pass out quick on $ext_if inet proto udp from ($ext_if) to any \
keep state
Shouldn't this rule allow the ntp traffic to pass through?

I would really appreciate some help to understand what is my problem.

Kind regards
Didier

Here is my pf.conf:

int_if=sis0
ext_if=pppoe0
wifi_if=sis1
localnet=172.16.43.0/24
wifinet=192.168.0.0/24
icmp_types=echoreq

# TABLES SECTION #
table bad_hosts_ssh persist
table hostile persist
table wifi

# OPTIONS SECTION #
set block-policy drop
set loginterface $ext_if
set skip on { lo0 }

# SCRUBBING SECTION #
scrub out on $ext_if max-mss 1440

# NAT SECTION #
nat-anchor ftp-proxy/*
nat on $ext_if from {$localnet,$wifinet} to any - ($ext_if)

# REDIRECT #
rdr on $int_if proto tcp from !$ext_if to {!$localnet,$wifinet} port ftp \
- 127.0.0.1 port 8021
rdr on $int_if proto tcp from $localnet to $int_if port ssh \
- $int_if port 8022
rdr on $wifi_if proto tcp from $wifi_if:network to $wifi_if port ssh \
- $wifi_if port 8022

rdr-anchor ftp-proxy/*
rdr-anchor authpf/*
rdr-anchor emule
rdr-anchor torrent

### LOCALHOST OK 
block quick from bad_hosts_ssh
block quick from hostile
block quick inet6 all
block log (all) all

pass on $ext_if inet proto icmp icmp-type $icmp_types keep state
pass quick on $int_if all

### WIRELESS LAN ###
pass in quick on $wifi_if inet proto tcp from $wifi_if:network\
to $wifi_if port 8022 keep state
pass in on $wifi_if inet from wifi to any keep state
pass out on $wifi_if inet from $int_if:network to $wifi_if:network keep state

 EXTERNAL INTERFACE 
pass out quick on  $ext_if inet proto tcp from ($ext_if) to any \
modulate state
pass out quick on $ext_if inet proto udp from ($ext_if) to any \
keep state
pass out quick on $ext_if inet proto tcp from ($ext_if) to any \
port  1023 user proxy modulate state label ftpproxy
pass in quick inet proto tcp from friends to $ext_if \
port ssh modulate state
pass in quick inet proto tcp from any to $ext_if \
port ssh modulate state (max-src-conn-rate 4/120, \
overload bad_hosts_ssh flush global)
anchor emule
anchor torrent
anchor authpf/*
anchor ftp-proxy/*

Re: Friendly registrar

[Tonnerre LOMBARD]

Salut,

On Sun, Jan 14, 2007 at 09:55:16PM +0100, Nico Meijer wrote:
 I like GoDaddy. They're on donations.html.

On the other hand, they're known for their Windows business.

We chose Gandi for controversial web sites (like ffii.org) because
they tend not to shut down the delegation whenever they receive a
preliminary injunction.

For any kind of Open Source movement, this might become crucial
in the future...

Tonnerre

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: ntp is blocked because of my pf.conf

[Alexander Hall]

Didier Wiroth wrote:


I configured ntpd on the soekris box to sync the time, but the
traffic is blocked and I do not understand why.



I have the following rule (the entire pf.conf is below):
pass out quick on $ext_if inet proto udp from ($ext_if) to any \
   keep state
Shouldn't this rule allow the ntp traffic to pass through?



# TABLES SECTION #
table bad_hosts_ssh persist
table hostile persist
table wifi



### LOCALHOST OK 
block quick from bad_hosts_ssh
block quick from hostile
block quick inet6 all
block log (all) all


What's in the bad_hosts_ssh and hostile tables?


pass out quick on $ext_if inet proto udp from ($ext_if) to any \
   keep state


Will it work if you put it as the first rule?

/Alexander

Re: ntp is blocked because of my pf.conf

[Bob DeBolt]

Didier Wiroth wrote:

rule 3/(match) block out on pppoe0: 158.64.137.18.5537 
212.112.228.242.123: v4 client strat 0 poll 0 prec 0 [tos 0x10]

 I have the following rule (the entire pf.conf is below):
 pass out quick on $ext_if inet proto udp from ($ext_if) to any \
 keep state

I had a  similar issue, entering a destination port 123 fixed it

Bob D

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Should fopen() succeed on a directory?

[Tobias Ulmer]

On Fri, Jan 19, 2007 at 11:07:14AM -0500, Adam wrote:
 Darrin Chandler [EMAIL PROTECTED] wrote:
 
  On Thu, Jan 18, 2007 at 05:17:50PM -0500, Adam wrote:
   Why does fopen()ing a directory for reading succeed instead of failing
   with EISDIR?  This has the possibly unexpected consequence of letting
   you pass yyin to yylex() as a fopen()ed directory, which then thinks it
   finished successfully because fread() returns 0 immediately.
  
  Directories are files and can be open(2)ed as such for reading.
 
 We're not talking about the low level open() interface, we're talking
 about the abstracted fopen() wrapper.  You can't use fread() on a
 fopen()ed directory, and when passed a FILE * you can't tell wether its
 a directory or just an empty file.  If you can't fread() from a stream
 that is associated with a directory, then why associate the stream with
 a directory in the first place?
 
 Adam
 


C* doesn't know about directories and makes no assumptions about them.
Directories in Unix happen to be implemented as a file, so that's
perfectly legal. Reading and writing from/to the file depends on the
OS, and the C* standard doesn't require that this must succeed/fail.
If and how it fails is implemented by the OS and documented here:
http://www.opengroup.org/onlinepubs/009695399/functions/fopen.html

use stat(2) before you fopen anything to make sure it's not a
dir/device/etc (race condition...).

Tobias

*C89 + C99

Re: ntp is blocked because of my pf.conf

[Toni Mueller]

Hi,

On Fri, 19.01.2007 at 14:35:09 -0700, Bob DeBolt [EMAIL PROTECTED] wrote:
 Didier Wiroth wrote:
 
 rule 3/(match) block out on pppoe0: 158.64.137.18.5537 
 212.112.228.242.123: v4 client strat 0 poll 0 prec 0 [tos 0x10]
 
  I have the following rule (the entire pf.conf is below):
  pass out quick on $ext_if inet proto udp from ($ext_if) to any \
  keep state
 
 I had a  similar issue, entering a destination port 123 fixed it

I guess that Didier wants to pass other packets out, too. Like DNS
queries, for example. Did you have that problem (and that solution)
also with other UDP based applications?


Best,
--Toni++

Re: Should fopen() succeed on a directory?

[Otto Moerbeek]

On Fri, 19 Jan 2007, Tobias Ulmer wrote:

 On Fri, Jan 19, 2007 at 11:07:14AM -0500, Adam wrote:
  Darrin Chandler [EMAIL PROTECTED] wrote:
  
   On Thu, Jan 18, 2007 at 05:17:50PM -0500, Adam wrote:
Why does fopen()ing a directory for reading succeed instead of failing
with EISDIR?  This has the possibly unexpected consequence of letting
you pass yyin to yylex() as a fopen()ed directory, which then thinks it
finished successfully because fread() returns 0 immediately.
   
   Directories are files and can be open(2)ed as such for reading.
  
  We're not talking about the low level open() interface, we're talking
  about the abstracted fopen() wrapper.  You can't use fread() on a
  fopen()ed directory, and when passed a FILE * you can't tell wether its
  a directory or just an empty file.  If you can't fread() from a stream
  that is associated with a directory, then why associate the stream with
  a directory in the first place?
  
  Adam
  
 
 
 C* doesn't know about directories and makes no assumptions about them.
 Directories in Unix happen to be implemented as a file, so that's
 perfectly legal. Reading and writing from/to the file depends on the
 OS, and the C* standard doesn't require that this must succeed/fail.
 If and how it fails is implemented by the OS and documented here:
 http://www.opengroup.org/onlinepubs/009695399/functions/fopen.html
 
 use stat(2) before you fopen anything to make sure it's not a
 dir/device/etc (race condition...).

To avoid that race, use fstat(2) after you've opened.

-Otto

Re: Sony VAIO needed

[Bryan]

+$50.00

Hope it helps...

Bryan

On 1/19/07, Mike Erdely [EMAIL PROTECTED] wrote:

Didier Wiroth wrote:
 Marco Peereboom wrote:
 I am taking paypal donations on [EMAIL PROTECTED] for a new or used
 laptop.
 I'm in, come on guys !!!

+$100

 Let's get this laptop!
 Kind regards,
 Didier

-ME

amavisd-new under OpenBSD 4.0

[Bob Eby]

Hi folks,

I'm trying to follow this HOWTO: 

http://www.openbsdsupport.org/mail-spam-filter-anti-virus-web-interface.
html 

to create an external mail gateway on OpenBSD 4.0 (It'll be stable,
when I figure out how to get there...).

dmesg version line is:
OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006

About 1/3 of the way through the document, there is a section for
downloading and installing amavisd manually starting with this command:
lynx http://www.ijs.si/software/amavisd/amavisd-new-20030616-p10.tar.gz

However, I notice the package amavisd-new-2.3.2 exists in OpenBSD 4.0,
so I figured Why not just use that instead.  

So, I issued the command:
sudo pkg_add amavisd-new

With the following result:
Error from ftp://mirror.sg.depaul.edu/pub/OpenBSD/4.0/packages/i386/:
550 Failed to open file.
amavisd-new-2.3.2:Can't find freeze-2.5
/usr/sbin/pkg_add: freeze-2.5:Fatal error

What is freeze-2.5, and why would an OpenBSD 4.0 amavisd-new package be
including it?  The most recent reference I see to freeze-2.5 is in the
OpenBSD 2.8 release notes.  

And more importantly, what am I missing?  Does -new on the end of a
package mean I shouldn't be trying to use it?

-Bob

Re: Sony VAIO needed

[nothingness]

How about specifying the model / specs needed for dev? I've got an old
Vaio SR31K available (has ACPI but some hw is not working, especially
PCMCIA) . Newer Vaio hardware uses a different sensor chip for hw stuff
so it wouldn't be that useful (I'm using a TX1-XP ).

Noth

Re: amavisd-new under OpenBSD 4.0

[Tobias Ulmer]

On Fri, Jan 19, 2007 at 03:43:05PM -0800, Bob Eby wrote:
 Hi folks,
 
 I'm trying to follow this HOWTO: 
 
 http://www.openbsdsupport.org/mail-spam-filter-anti-virus-web-interface.
 html 
 
 to create an external mail gateway on OpenBSD 4.0 (It'll be stable,
 when I figure out how to get there...).
 
 dmesg version line is:
 OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
 
 About 1/3 of the way through the document, there is a section for
 downloading and installing amavisd manually starting with this command:
 lynx http://www.ijs.si/software/amavisd/amavisd-new-20030616-p10.tar.gz
 
 However, I notice the package amavisd-new-2.3.2 exists in OpenBSD 4.0,
 so I figured Why not just use that instead.  
 
 So, I issued the command:
 sudo pkg_add amavisd-new
 
 With the following result:
 Error from ftp://mirror.sg.depaul.edu/pub/OpenBSD/4.0/packages/i386/:
 550 Failed to open file.
 amavisd-new-2.3.2:Can't find freeze-2.5
 /usr/sbin/pkg_add: freeze-2.5:Fatal error
 
 What is freeze-2.5, and why would an OpenBSD 4.0 amavisd-new package be
 including it?  The most recent reference I see to freeze-2.5 is in the
 OpenBSD 2.8 release notes.  
 
 And more importantly, what am I missing?  Does -new on the end of a
 package mean I shouldn't be trying to use it?
 
 -Bob
 


uran:tobiasu$ grep PERMIT /usr/ports/archivers/freeze/Makefile  
PERMIT_PACKAGE_CDROM=   No
PERMIT_PACKAGE_FTP= No
PERMIT_DISTFILES_CDROM= No
PERMIT_DISTFILES_FTP=   No

freeze is not available as package, you need to install it from the
ports tree.

read:
http://www.openbsd.org/faq/faq15.html#Ports
ports(7)

Tobias

Re: amavisd-new under OpenBSD 4.0

[J.C. Roberts]

On Friday 19 January 2007 15:43, Bob Eby wrote:
 Hi folks,

 I'm trying to follow this HOWTO:

 http://www.openbsdsupport.org/mail-spam-filter-anti-virus-web-interfa
ce. html

 to create an external mail gateway on OpenBSD 4.0 (It'll be stable,
 when I figure out how to get there...).

 dmesg version line is:
 OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006

 About 1/3 of the way through the document, there is a section for
 downloading and installing amavisd manually starting with this
 command: lynx
 http://www.ijs.si/software/amavisd/amavisd-new-20030616-p10.tar.gz

 However, I notice the package amavisd-new-2.3.2 exists in OpenBSD
 4.0, so I figured Why not just use that instead.

 So, I issued the command:
 sudo pkg_add amavisd-new

 With the following result:
 Error from ftp://mirror.sg.depaul.edu/pub/OpenBSD/4.0/packages/i386/:
 550 Failed to open file.
 amavisd-new-2.3.2:Can't find freeze-2.5
 /usr/sbin/pkg_add: freeze-2.5:Fatal error

 What is freeze-2.5, and why would an OpenBSD 4.0 amavisd-new package
 be including it?  The most recent reference I see to freeze-2.5 is in
 the OpenBSD 2.8 release notes.

 And more importantly, what am I missing?  Does -new on the end of a
 package mean I shouldn't be trying to use it?

 -Bob

disclaimer
I don't use anti-virus mail scanners.
/disclaimer

The most likely reason why pkg_add died is because you do not have your 
PKG_PATH variable set to your nearest mirror.
# export 
PKG_PATH=ftp://ftp3.usa.openbsd.org/pub/OpenBSD/4.0/packages/i386/

If you want to know more about freeze-2.5 you can easily type:
  # cd /usr/ports
  # make search key=freeze

In general, the anti-virus scanners have a lot of dependencies and not 
all of the dependencies (or all scanners) are licensed to allow 
redistribution. Some of the dependencies needed to get certain scanning 
features working means you'll be running closed source software; a good 
example is the ability to scan withing proprietary archive formats like 
RAR, ARJ, freeze and similar.

All of this means you'll be using the ports tree to install your 
antivirus gateway. When you need to download something that has a 
click-through license on the web before you're allowed to download the 
file (true for java and similar proprietary/restricted software), the 
ports system die but will instruct you on what you need to download 
manually. Just place the files in /usr/ports/distfiles and the ports 
system will find them on the next run.

The *only* reason why I know anything about this is because I'm 
currently working on new arj and unarj ports, so I'm certainly not an 
expert on the anti-virus installation stuff.

Kind Regards,
JCR

soekris net4511 + ral + wep

[James Turner]

I just got my soekris net4511 in the mail today.  I've got it setup to my
liking minus wep support.  Below is my /etc/hostname.ral0 and my dmesg.
 When I use nwkey 0x0... my clients can no longer connect to the
wireless network.  I was wondering if this is the method you use to set a
wep
 key in hostap mode or if there is another way to do so.

Also I set /dev/wd0a / ffs ro,noatime 1 1 is my /etc/fstab, but it
doesn't seem to mount read-only.  I can still write to the system and my
chan
ges stay after a reboot.  I get a Device-busy when it attempts to mount
during bootup.

Thanks.

/etc/hostname.ral0:
inet 192.168.1.1 255.255.255.0 NONE media autoselect mediaopt hostap mode
11g nwid soek
ris nwkey 0x4782cacc2983fefa894ff45863 chan 9

dmesg:
OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 (AuthenticAMD 486-class)
cpu0: FPU
real mem  = 66678784 (65116K)
avail mem = 52568064 (51336K)
using 839 buffers containing 3436544 bytes (3356K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 20/50/27, BIOS32 rev. 0 @ 0xf7840
pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc8000/0x9000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00: product 0
stepping 1.1, CPU clock 100MHz, reset 40SCP
gpio0 at elansc0: 32 pins
cbb0 at pci0 dev 9 function 0 TI PCI1410 CardBus rev 0x02: irq 10
ral0 at pci0 dev 16 function 0 Ralink RT2561 rev 0x00: irq 11, address
00:13:d3:85:7e:b4
ral0: MAC/BBP RT2561C, RF RT2527
sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq
5, address 00:00:24:c6:c3:a8
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 19 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq
9, address 00:00:24:c6:c3:a9
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 1 device 0 cacheline 0x10, lattimer 0x3f
pcmcia0 at cardslot0
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: SanDisk SDCFB-1024
wd0: 4-sector PIO, LBA, 977MB, 2001888 sectors
wd0(wdc0:0:0): using BIOS timings
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask f5c5 netmask ffe5 ttymask ffe7
pctr: no performance counters in CPU
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

Re: soekris net4511 + ral + wep

[James Turner]

Quick update.  When I run ral0 in 11b mode with wep enabled clients can
associate with the access point.  Anyone know why wep doesn't work in 11g
mode?

 I just got my soekris net4511 in the mail today.  I've got it setup to my
 liking minus wep support.  Below is my /etc/hostname.ral0 and my dmesg.
  When I use nwkey 0x0... my clients can no longer connect to the
 wireless network.  I was wondering if this is the method you use to set a
 wep
  key in hostap mode or if there is another way to do so.

 Also I set /dev/wd0a / ffs ro,noatime 1 1 is my /etc/fstab, but it
 doesn't seem to mount read-only.  I can still write to the system and my
 chan
 ges stay after a reboot.  I get a Device-busy when it attempts to mount
 during bootup.

 Thanks.

 /etc/hostname.ral0:
 inet 192.168.1.1 255.255.255.0 NONE media autoselect mediaopt hostap mode
 11g nwid soek
 ris nwkey 0x4782cacc2983fefa894ff45863 chan 9

 dmesg:
 OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 (AuthenticAMD 486-class)
 cpu0: FPU
 real mem  = 66678784 (65116K)
 avail mem = 52568064 (51336K)
 using 839 buffers containing 3436544 bytes (3356K) of memory
 mainbus0 (root)
 bios0 at mainbus0: AT/286+(00) BIOS, date 20/50/27, BIOS32 rev. 0 @
 0xf7840
 pcibios0 at bios0: rev 2.0 @ 0xf/0x1
 pcibios0: pcibios_get_intr_routing - function not supported
 pcibios0: PCI IRQ Routing information unavailable.
 pcibios0: PCI bus #1 is the last bus
 bios0: ROM list: 0xc8000/0x9000
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00: product 0
 stepping 1.1, CPU clock 100MHz, reset 40SCP
 gpio0 at elansc0: 32 pins
 cbb0 at pci0 dev 9 function 0 TI PCI1410 CardBus rev 0x02: irq 10
 ral0 at pci0 dev 16 function 0 Ralink RT2561 rev 0x00: irq 11, address
 00:13:d3:85:7e:b4
 ral0: MAC/BBP RT2561C, RF RT2527
 sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq
 5, address 00:00:24:c6:c3:a8
 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
 sis1 at pci0 dev 19 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq
 9, address 00:00:24:c6:c3:a9
 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
 cardslot0 at cbb0 slot 0 flags 0
 cardbus0 at cardslot0: bus 1 device 0 cacheline 0x10, lattimer 0x3f
 pcmcia0 at cardslot0
 isa0 at mainbus0
 isadma0 at isa0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard
 wdc0 at isa0 port 0x1f0/8 irq 14
 wd0 at wdc0 channel 0 drive 0: SanDisk SDCFB-1024
 wd0: 4-sector PIO, LBA, 977MB, 2001888 sectors
 wd0(wdc0:0:0): using BIOS timings
 pcppi0 at isa0 port 0x61
 midi0 at pcppi0: PC speaker
 spkr0 at pcppi0
 npx0 at isa0 port 0xf0/16: using exception 16
 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 pccom0: console
 pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
 biomask f5c5 netmask ffe5 ttymask ffe7
 pctr: no performance counters in CPU
 dkcsum: wd0 matches BIOS drive 0x80
 root on wd0a
 rootdev=0x0 rrootdev=0x300 rawdev=0x302