google team and the DIY way of life

[xavier brinon]

-- Forwarded message --
From: xavier brinon [EMAIL PROTECTED]
Date: Nov 12, 2007 10:12 AM
Subject: Re: google team and the DIY way of life
To: michael hamerski [EMAIL PROTECTED]


I'm working for a French ISP where the dev team seems to live in a
kind of secret chamber.
I tried 3 times to code my own tools, sharing it with collegues. I've
been told to quickly remove them, even if the tools helped a lot my
collegues and myself.
It's a shame, they didn't look at it and we were all back to the old tools.

It's just for me to show that sharing code inside a company and having
the ability to work with it is not available for everyone.

It's not what they do, it's the way they work that is important for me here.
I don't know how your company deals with that kind of thing, mine just don't.

you must read that post like : hey, what you do here is great ! Even
big companies know that !
I can post it in every open source community list, but i'm just an openBSD fan.
And Misc@ seemed the most relevant to me.

Sorry if it is not.


On Nov 11, 2007 11:15 PM, michael hamerski [EMAIL PROTECTED] wrote:
  Posted by Reza Behforooz, Software Engineer
 
  In my first month at Google, I complained to a friend on the Gmail
  team about a couple of small things that I disliked about Gmail. I
 ...

 Dear Google,

 Could you get Reza to fix contact/label whitelisting in Gmail while he's at 
 it?

 thanks,

 mike

Re: Any Ethereal, Wireshark related software in 4.2 ports?

[Stuart Henderson]

On 2007/11/11 14:20, Ray Percival wrote:
 On Nov 11, 2007, at 10:03 AM, Barry Miller wrote:
 Of course, if a bad guy _does_ get control of wireshark, he OWNS your
 network, but at least you're not totally rooted.  Take your chances.

 How so? Given that all it is a frontend to libpcap. And how does this not 
 apply to tcpdump?

tcpdump runs the scary code in a jail.

Re: MacBook remote control

[Karl Sjodahl - dunceor]

On Nov 10, 2007 10:03 PM, Richard Storm [EMAIL PROTECTED] wrote:
 Hello!
 I have macbook:
 hw.model=Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz
 hw.vendor=Apple Inc.
 hw.product=MacBook2,1
 hw.version=1.0

 On http://wiki.freebsd.org/AppleMacbook IR receiver section there is
 tool available at http://fnop.net/~rpaulo/priv/freebsd/aird.tgz.

 Here is patch that makes it compile/work under openbsd with my macbook
 and remote control.

 Ignore manpage, run like this:
 ./aird -vd -f /dev/uhid1 -M echo menu -P echo play -F echo
 forward -B echo backward -U echo volumeup -D echo volumedown


 --- aird.c.orig Tue Jul 31 21:26:36 2007
 +++ aird.c  Sat Nov 10 22:56:10 2007
 @@ -50,7 +50,6 @@
   */

  #include sys/cdefs.h
 -__FBSDID($FreeBSD$);

  #include err.h
  #include errno.h
 @@ -69,24 +68,17 @@
  #include sys/ioctl.h
  #include sys/stat.h

 -#include libutil.h
  #include dev/usb/usb.h
  #include dev/usb/usbhid.h

 -static struct pidfh *pfh;
 -
  static voidsighandler(int sig);
  static voidusage(void);
  static voidruncmd(const char *cmd, int fd);


 -static void
 -sighandler(__unused int sig)
 +static void sighandler(int sig)
  {

 -   if (pfh)
 -   pidfile_remove(pfh);
 -
 exit(EXIT_SUCCESS);
  }

 @@ -96,7 +88,7 @@
 fprintf(stderr, usage: %s [-vd] [-p pidfile] -f device 
 [-M menu command]\n\t[-P play command] [-F forward command] 
 [-B backward command]\n\t[-U volume up command] 
 -   [-D volume down command]\n, getprogname());
 +   [-D volume down command]\n, aird);

 exit(1);
  }
 @@ -132,8 +124,6 @@
 const char *deventry;
 unsigned char key;

 -   pfh = NULL;
 -
 signal(SIGHUP, sighandler);
 signal(SIGINT, sighandler);
 signal(SIGCHLD, SIG_IGN);
 @@ -207,23 +197,9 @@
 err(EXIT_FAILURE, open %s, deventry);

 if (!foreground) {
 -   pfh = pidfile_open(pidfile, 0600, otherpid);
 -   if (pfh == NULL) {
 -   if (errno == EEXIST) {
 -   errx(EXIT_FAILURE,
 -   Daemon already running, pid: %jd.,
 -   (intmax_t)otherpid);
 -   }
 -   /* If we cannot create pidfile from other reasons,
 -  only warn. */
 -   warn(Cannot open or create pidfile);
 -   }
 -
 if (daemon(0, 0)  0) {
 -   pidfile_remove(pfh);
 err(EXIT_FAILURE, daemon);
 }
 -   pidfile_write(pfh);
 }

 memset(prevbuf, 0, sizeof(prevbuf));
 @@ -243,9 +219,6 @@
 exit(EXIT_SUCCESS);
 }

 -   if (key  buf[3] != key)
 -   continue;
 -
 /*
  * Check for key repeats.
  */
 @@ -273,7 +246,7 @@
 repeating = 0;
 }

 -   switch (buf[4]) {
 +   switch (buf[3]) {
 /* Menu */
 case 0x02:
 case 0x03:
 @@ -308,7 +281,6 @@
 }

 }
 -   pidfile_remove(pfh);
 close(fd);

 return (0);


Cool!
I'm slacking behind on my coding so I really need to update my source
and see if my bluetooth patches works.
I'll see if I get time to test this when I get home.

BR
dunceor

Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt

[Koenig, Thomas]

Hi,

with help form Insan Praja, I able to enable acpi now.
But I have still the same problems with the QuadPort NIC. :(

My last try was to build on this system a fresh new Kernel from the
current CVS but still the same problem.


dmesg from the snapshot from Thu Nov 8:
 
OpenBSD 4.2-current (GENERIC) #2: Thu Nov  8 10:46:42 WIT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1069268992 (1019MB)
avail mem = 1026822144 (979MB)
User Kernel Config
UKC disable apm
UKC enable acpi
272 acpi0 enabled
UKC quit
Continuing...
RTC BIOS diagnostic error ffixed_disk,invalid_time
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc1d000 (43 entries)
bios0: vendor Intel Corporation version
S3000.86B.02.00.0035.111020061326 date 11/10/2006
bios0: Intel S3000AHLX
acpi0 at mainbus0: rev 0
acpi0: tables DSDT FACP APIC WDDT MCFG ASF! SSDT SSDT SSDT SSDT SSDT 
acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4)
UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) 
acpitimer at acpi0 not configured
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 9 (P32_)
acpiprt2 at acpi0: bus 5 (PEX0)
acpiprt3 at acpi0: bus 6 (PXS1)
acpiprt4 at acpi0: bus -1 (PEX1)
acpiprt5 at acpi0: bus -1 (PEX2)
acpiprt6 at acpi0: bus -1 (PEX3)
acpiprt7 at acpi0: bus 7 (PEX4)
acpiprt8 at acpi0: bus 8 (PEX5)
acpicpu at acpi0 not configured
acpicpu at acpi0 not configured
acpicpu at acpi0 not configured
acpicpu at acpi0 not configured
acpibtn0 at acpi0: SLPB
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, 2200.25 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2
,CX16,xTPR,NXE,LONG
cpu0: 2MB 64b/line 8-way L2 cache
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0x00
ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci3 at ppb2 bus 3
em0 at pci3 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev
0x06pci_intr_map: bad interrupt line 128
: couldn't map interrupt
em0: Allocation of PCI resources failed
em1 at pci3 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev
0x06pci_intr_map: bad interrupt line 128
: couldn't map interrupt
em1: Allocation of PCI resources failed
ppb3 at pci2 dev 1 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci4 at ppb3 bus 4
em2 at pci4 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev
0x06pci_intr_map: bad interrupt line 128
: couldn't map interrupt
em2: Allocation of PCI resources failed
em3 at pci4 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev
0x06pci_intr_map: bad interrupt line 128
: couldn't map interrupt
em3: Allocation of PCI resources failed
ppb4 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01
pci5 at ppb4 bus 5
ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci6 at ppb5 bus 6
ppb6 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01
pci7 at ppb6 bus 7
ppb7 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01
pci8 at ppb7 bus 8
em4 at pci8 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: irq
9, address 00:15:17:29:70:25
Intel 82573E AMT rev 0x03 at pci8 dev 0 function 3 not configured
Intel 82573E KCS (Active Management) rev 0x03 at pci8 dev 0 function 4
not configured
ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1
pci9 at ppb8 bus 9
vga1 at pci9 dev 4 function 0 ATI ES1000 rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em5 at pci9 dev 5 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq
9, address 00:15:17:29:70:26
pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01
pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: Optiarc, DVD RW AD-7540A, 1.01 SCSI0
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using irq 10 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: Hitachi HDS721680PLA380
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: irq 10
iic0 at ichiic0
adt0 at iic0 addr 0x2e: emc6d100 rev 0x69
spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM ECC PC2-5300CL5
spdmem1 at iic0 addr 0x52: 512MB DDR2 SDRAM ECC PC2-5300CL5
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at 

anyone succeeded with compiling cvsup on linux recently?

[Úlfar M . E . Johnson]

Hi,



I have been trying to compile ezm3 and bootstrap for linuxlibc6 to use with
cvup-snap-16.1h but to no avail.  I would be interested in hearing if anyone
on this list has succeeded with installing cvsup on linux, and if so would
they be willing to share their knowledge.








Zlfar M. E. Johnson
Sk}rr

[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] 569 5100
http://www.skyrr.is
http://www.skyrr.is
http://www.skyrr.is/legal/disclaimer.txt
http://www.skyrr.is/legal/disclaimer.txt

Re: Seeking info for RAID 1 on OpenBSD

[Siju George]

On Aug 4, 2007 9:26 PM, Greg Oster [EMAIL PROTECTED] wrote:

 L. V. Lammert writes:
  On Fri, 3 Aug 2007, Joel Knight wrote:
 
   --- Quoting HDC on 2007/08/02 at 20:26 -0300:
  
Read this...
http://www.packetmischief.ca/openbsd/doc/raidadmin/http://www.packetmisc
  hief
.ca/openbsd/
   
  
   I used to use raidframe and followed the procedures in that doc for
   doing so, but now there's no point. If the system requires any type of
   raid, go hardware. Long live bio(4).
  
  IF you choose to NOT use a h/w controller, use rsync instead. Permits
  quick recovery in the case of a drive failure (swap drive cables 
  reboot), does not require lengthy parity rebuild.

 And you only lose the data written since the last rsync...
 and your system probably goes down instead of staying up until you
 can fix it..

 RAIDframe, like hardware RAID and rsync, is just another tool.
 Understand the pros and cons of each, but be willing to accept the
 risks associated with whatever you choose... (if you think hardware
 RAID is riskless, then you've never had a 2TB RAID set suddenly
 decide that all components were offline and mark them as such!)

 For the folks who dislike the long parity checks... If you're
 willing to accept a window during which some of your data *might* be
 at risk, change:
  raidctl -P all
 to something like
  sleep 3600 ; raidctl -P all 


Greg does a minor correction
it should actually be

(sleep 3600 ; raidctl -P all) 

What I do id I comment out

raidctl -P all

in /etc/rc

and put

(sleep 600; raidctl -P all) 

 at the end of  /etc/rc.local.

So the parity rebuild starts only 10 minutes after the system is up an
running from the master disk.

thanks :-)

Siju
 in /etc/rc .  This will, of course, delay the start of the parity
 computation for an hour or so, giving your system a chance to do the
 fscks and get back to multi-user as quickly as possible.

 The risk here is as follows (this is for RAID 1.. risks for RAID 5
 are slightly higher):
   1) even though parity is marked 'dirty', it might actually be in
 sync.  In this case if you have a component failure, your data is
 fine.
   2) until the parity check is done, only the 'master' component is
 used for reading.  But any writes will be done are mirrored to both
 components.  That means that when the fsck is being done, any
 problems found will be fixed on *both* components, and writes will
 keep the two in sync even before parity is checked.
   3) Where the risk of data loss comes in is if the master dies
 before the parity check gets done.  In this case, data on the master
 that was not re-written or that was out-of-sync with the slave will
 be lost.  This could result in the loss of pretty much anything.

 The important thing here is for you to evaluate your situation and
 decide whether this level of risk is acceptable... For me, I use the
 equivalent to 'sleep 3600' on my home desktop.. and slightly modified
 versions of it on other home servers and other boxen I look after..
 But don't blindly listen to me or anyone else -- learn what the risks
 are for your situation, determine what level of risk you can accept,
 and go from there...

 Later...

 Greg Oster

access denied

[CIBC]

Sign-In Protection Alert

An attempt to access Online Banking was denied on:

Monday, 12 Nov 2007 at 2:04:26 EST

Access was denied for one of two reasons:

  * Incorrect attempts to access and Login failures.

  * Signing on from a different location or device different from your
location and your IP address.

If you remember trying to access Online Banking on the above date and
time, please select That was me.

If you do not remember trying to access Online Banking on the above date
and time, please select That was NOT me. You will then be prompted to
safeguards your account.

That was me

That was not me

) At CIBC, we take our commitment to our customers very seriously.

Re: bgpd patch, WAS: bgpd causing black-holes with bgp-only setup

[Tony Sarendal]

On 11/12/07, Claudio Jeker [EMAIL PROTECTED] wrote:

 On Tue, Nov 06, 2007 at 06:26:47PM +0100, Tony Sarendal wrote:
  New version. Less duplication and a nice feature as bonus.
  With softreconfig in enabled the looped prefixes are accepted
  into the Adj-RIB-In.
 
  This means that I can tell if my neighbor AS is using
  a path via myself. Either I'm tired or that is cool.
 
  router-02# bgpctl show rib 192.168.0.0
  flags: * = Valid,  = Selected, I = via IBGP, A = Announced
  origin: i = IGP, e = EGP, ? = Incomplete
 
  flags destination gateway  lpref   med aspath origin
  *192.168.0.0/16  192.168.100.5  100 0 65100 i
  * 192.168.0.0/16  172.17.1.1 100 0 65200 65100 i
  * 192.168.0.0/16  172.17.1.5 100 0 65200 65200 65200
 65200 65100 i
  router-02#
 
  I now kill the peering that 65200 has to 65100, removing their
  direct path to 192.168.0.0/16.
 
  router-02# bgpctl show rib 192.168.0.0
  flags: * = Valid,  = Selected, I = via IBGP, A = Announced
  origin: i = IGP, e = EGP, ? = Incomplete
 
  flags destination gateway  lpref   med aspath origin
  *192.168.0.0/16  192.168.100.5  100 0 65100 i
  router-02#
 
  Sweet, the looping issue is gone.
  Here is the bonus:
 
  router-02# bgpctl show rib neigh 172.17.1.5 in  | grep 65300
  * 172.17.0.2/32   172.17.1.5 100 0 65200 65300 i
  * 192.168.0.0/16  172.17.1.5 100 0 65200 65300 65100
 i
  * 192.168.100.4/30172.17.1.5 100 0 65200 65300 i
  router-02#
 
  I now see the paths that the peer uses my network to access.
  Note that this depends a bit on remote implementation.
  I think this works agains a cisco router.
 
  /Tony
 
 
  Index: rde.c
  ===
  RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
  retrieving revision 1.228
  diff -u -r1.228 rde.c
  --- rde.c 16 Sep 2007 15:20:50 -  1.228
  +++ rde.c 6 Nov 2007 17:08:50 -
  @@ -919,12 +919,6 @@
/* shift to NLRI information */
p += 2 + attrpath_len;
 
  - /* aspath needs to be loop free nota bene this is not a hard error
 */
  - if (peer-conf.ebgp  !aspath_loopfree(asp-aspath, conf-as)) {
  - error = 0;
  - goto done;
  - }
  -
/* parse nlri prefix */
while (nlri_len  0) {
if ((pos = rde_update_get_prefix(p, nlri_len, prefix,
  @@ -977,10 +971,18 @@
if (fasp == NULL)
fasp = asp;
 
  - rde_update_log(update, peer,
 fasp-nexthop-exit_nexthop,
  - prefix, prefixlen);
  - path_update(peer, fasp, prefix, prefixlen, F_LOCAL);
  -
  + rde_update_log(update, peer,
  + fasp-nexthop-exit_nexthop,prefix,
  + prefixlen);
  + /* handle an update with loop as a withdraw */
  + if (peer-conf.ebgp  !aspath_loopfree(asp-aspath,
  + conf-as))
  + prefix_remove(peer, prefix, prefixlen,
  + F_LOCAL);
  + else
  + path_update(peer, fasp, prefix, prefixlen,
  + F_LOCAL);
  +
/* free modified aspath */
if (fasp != asp)
path_put(fasp);
  @@ -1075,9 +1077,15 @@
 
rde_update_log(update, peer,
asp-nexthop-exit_nexthop,
  - prefix, prefixlen);
  - path_update(peer, fasp, prefix,
 prefixlen,
  - F_LOCAL);
  + prefix, prefixlen);
  + /* handle an update with loop as a
 withdraw */
  + if (peer-conf.ebgp 
  +
 !aspath_loopfree(asp-aspath,conf-as))
  + prefix_remove(peer, prefix,
  + prefixlen,F_LOCAL);
  + else
  + path_update(peer, fasp, prefix,
  + prefixlen,F_LOCAL);
 
/* free modified aspath */
if (fasp != asp)

 I looked a bit closer at this problem and the RFC mentions that pathes
 with loops need to be inserted into the RIB and will be ignored in phase 2
 of the decision process.

 So this diff does just about that. It does not remove any prefix if there
 is a loop but instead is ignoring them during the route decision process.
 This seems to work for me but I'm currently unable to do larger tests.

 --
 :wq Claudio

 Index: rde.c
 ===
 RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
 retrieving revision 1.228
 diff -u -p -r1.228 rde.c
 --- rde.c   16 

Re: Any Ethereal, Wireshark related software in 4.2 ports?

[Siju George]

On Nov 12, 2007 3:09 PM, Stuart Henderson [EMAIL PROTECTED] wrote:

 On 2007/11/11 14:20, Ray Percival wrote:
  On Nov 11, 2007, at 10:03 AM, Barry Miller wrote:
  Of course, if a bad guy _does_ get control of wireshark, he OWNS your
  network, but at least you're not totally rooted.  Take your chances.
 
  How so? Given that all it is a frontend to libpcap. And how does this not
  apply to tcpdump?

 tcpdump runs the scary code in a jail.



Thanks a lot Cabillot, Kevin, Barry, Ray, Bryan and Stuart for the
Detailed Information :-)

Kind Regards

Siju

Re: Printing with apsfilter

[n0g0013]

On 11.11-18:31, Predrag Punosevac wrote:
[ ... ]
 Could you give any comments about LPRng please?

only that i have never really needed it.  the stardand lpr distribution
has always been sufficient.  i've never tried to deploy complex
groups/queuing/policies with lpr except under AIX (which has it's
own setup/configuration).

-- 
t
 t
 w

Re: when was a pkg installed !!!

[frantisek holop]

hmm, on Wed, Nov 07, 2007 at 12:40:21PM -0800, badeguruji said that
 i ran pkg_info with all common options but none tell me when was the pkg 
 installed!!!

the daily script will check also added packages.
http://www.openbsd.org/cgi-bin/cvsweb/src/etc/security?rev=1.79content-type=text/x-cvsweb-markup

(hopefully the simpler diff will get in too, search the archives)

-f
-- 
when childhood dies, its corpses are called adults.

Re: Printing with apsfilter

[n0g0013]

On 12.11-12:58, Girish Venkatachalam wrote:
[ ... ]
 Thanks. I definitely stand corrected. I definitely meant PDL and not
 PCL. My memory failed due to lack of proper understanding. Sorry...

often make the same error.
:-)

[ ... ]
 I want to know what happens behind the scenes when you type 
 
 $ lpr foo.ps
 
 Assuming that foo.ps is the output of a2ps.

depends on the scenario.  if your printer supports postscript then
nothing much.  the lpd accepts the print job, queues it and
eventually routes it on to the correct device (sometimes across
another lpr session, sometimes via jetdirect, sometimes parallel
port, usb, etc, etc).

if it's not a postscript printer (e.g. an old hp laserjet that supports
PCL) then the lpr system needs to be configured with a filter.  this
filter simply takes the input, processes it in some way and passes
it back to lpd for queuing.  generally this filter is ghostscript
which processes the postscript to the correct printer language but we
used to write scripts and progs for various conversions (e.g.
EBCDIC-ASCII, XES-PCL) too, and there are still some examples out
there (probably one or too in the standard distribution if you look
under /usr/share somewhere).

i haven't used the filter program others mentioned but i would guess
that it installs itself as the standard lpd filter and is smart enough
to make the correct conversions (probably passing a lot of the work
to ghostscript for postscript input, hence the reason it asks for
which gs printer driver it should use for each device).

[ ... ]
 And what is the relation between PS and PDF?
 
 I hear that even PDF is some form of PDL. As you can see I am quite
 lost at this point. :)

then you need to do a little more research.
:-)

PDF is very similar to PostScript but it produces much smaller documents
(using JPEG compression and other tricks not normally used in PS as
they just cause the printer more work) and so is more suitable for
storing and exchanging documents in that format (it also has some
extensions relating to the document it's describing).  i don't know
of any printers that support printing PDF documents directly but i'm
sure they're out there.

-- 
t
 t
 w

HP Procurve or Soekris w. OpenBSD ?

[Matt]

Goodday,

Looking to manage several webservers I am wondering if anybody uses 
something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ?
(That image shows Wim's net4801-50 plus quadport lan1641 firewall box, 
giving 7 ports with low powerconsumption - on OpenBSD)


The standard choice in my datacenter (linux users mostly) seems to be HP 
Procurve but I'd prefer the power of PF.


I have no idea how rigid /stable/fast the Soekris machines are, I've 
never used one.
I'm wondering if a setup as mentioned could (speedwise) compete and if 
it is a sane idea to deploy something like this in the DC.


Any advise is appreciated. Thanks.

Matt

Re: HP Procurve or Soekris w. OpenBSD ?

[knitti]

On 11/12/07, Matt [EMAIL PROTECTED] wrote:
 Goodday,

 Looking to manage several webservers I am wondering if anybody uses
 something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ?
 (That image shows Wim's net4801-50 plus quadport lan1641 firewall box,
 giving 7 ports with low powerconsumption - on OpenBSD)

 The standard choice in my datacenter (linux users mostly) seems to be HP
 Procurve but I'd prefer the power of PF.

 I have no idea how rigid /stable/fast the Soekris machines are, I've
 never used one.
 I'm wondering if a setup as mentioned could (speedwise) compete and if
 it is a sane idea to deploy something like this in the DC.

 Any advise is appreciated. Thanks.

If you are looking for raw networking performance, don't go for soekris.
I don't know exactly the 4801, but I use a couple of 4501 as firewalls and
IPSec-Routers for connections of up to 5 MBit/sec. Seeing the specs of
the 4801 and knowing the 4501, I wouldn't use them for more than about
40-50 Mbit/sec. There are people on this list, who have more experience
with the 4801. BUT you have to test for yourself if it fits your needs, and
your performance depends a lot on your setting.


--knitti

IPMI

[Kleber Rocha]

How I would disable the ipmi?
I get this error on my system, /bsd: ipmi0: error code: ff when
watchdog is running


Thanks

Re: [OT] making Firefox respect telnet:// URLs

[n0g0013]

On 11.11-22:32, ropers wrote:
[ ... ]
 So far, I have created a script .telnet4firefox.sh in my home folder,
 made that executable (chmod u+x), and in Firefox' about:config I have
 added a new boolean network.protocol-handler.external.telnet (set to
 true) and a new string network.protocol-handler.app.telnet (set to
 /home/ropers/.telnet4firefox.sh). The contents of the script are:
 
 #!/bin/sh
 xterm -e telnet ${1##telnet://}
 
 When I click a telnet URL that does not specify a port, it works,
 xterm launches with telnet, which duly connects to the port.
[ ... ]
 Currently, if I click on telnet://mud.vhdev.com:1991, telnet is called with
 
 telnet mud.vhdev.com:1991
 
 instead of
 
 telnet mud.vhdev.com 1991

just do a little more work with '/bin/sh'.  the other example posted
is fine if all URLs are well formed, otherwise i'd suggest you do a
little more work (i.e. don't trust IFS to work).

#!/bin/sh
### execute telnet in xterm
# grab the url ...
URL=$1
# ... and strip the protocol from the front
URL_noproto=${URL#telnet://}
# remove any trailing bits from URL
URL_addr=${URL_noproto%%/*}
# strip URL_addr to the first ':' to get the host ...
host_taint=${URL_addr%:*}
# ... and strip unexpected stuff
host=${host_taint%%[^A-Za-z.-]*}
# strip URL_addr to the last ':' to get the port ...
port_taint=${URL_addr##*:}
#... and strip unexpected stuff
port=${port_taint%%[^0-9]*}

xterm -e telnet ${host} ${port}

you could also do a little more sanity checking if you're paranoid
(sensible?) but you won't gain much except overhead by using awk
as the amount of sanity required checking for URLs and all the
possible encodings is extensive.

the best option is probably to invoke perl or python and use a standard
URL library to parse the argument.

-- 
t
 t
 w

Re: IPMI

[Karl Sjodahl - dunceor]

On Nov 12, 2007 1:10 PM, Kleber Rocha [EMAIL PROTECTED] wrote:
 How I would disable the ipmi?
 I get this error on my system, /bsd: ipmi0: error code: ff when
 watchdog is running


 Thanks



Just boot with boot -c so you get into UKC.
Then disable ipmi with 'disable ipmi'.
You can also comment it our in your config and build a new kernel if
you want it to stay more permanantly.

BR
dunceor

Re: [OT] making Firefox respect telnet:// URLs

[n0g0013]

On 12.11-02:24, Ingo Schwarze wrote:
[ ... ]
 On a side note, do not use
   exec xmessage $url: parse error;
 or surfing to
   telnet://localhost:1234halt#
 might yield surprising results.
 
 Your sh-kludge cited above is even worse; please DO try surfing to
   telnet://localhost:1234xmessage:bad:guys:got:in
 but do NOT try surfing to
   telnet://localhost:1234__rm:-rf:~
^^ mangled to avoid damaged feet

nice examples but don't think they'll work.  $3 (i.e.  the port
parameter) will not include the command arguments.  replacing the with
'%5C%20' may work depending on how firefox pre-processes the URLs
prior to execution.

-- 
t
 t
 w

Re: IPMI

[Peter N. M. Hansteen]

Karl Sjodahl - dunceor [EMAIL PROTECTED] writes:

 You can also comment it our in your config and build a new kernel if
 you want it to stay more permanantly.

You can also use config -e to edit the kernel binary as described in
the FAQ, http://www.openbsd.org/faq/faq5.html#config, quicker than a
kernel rebuild.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt

[Koenig, Thomas]

 Looks like you need to update your bios, you are using old 
 BIOS, the newest one is ver.44 (mine is). Try to upgrade the 
 BIOS, and update us with good news :D (I Hope).
 
 Thanks,
 --
 Insan Praja SW


Hello Insan,

I'm now on version .44, but this dont solve my problem.


bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc03000 (43 entries)
bios0: vendor Intel Corporation version
S3000.86B.02.00.0044.071120071047 date 07/11/2007
bios0: Intel S3000AHLX

: couldn't map interrupt
em0: Allocation of PCI resources failed


regards,
Thomas

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: [OT] making Firefox respect telnet:// URLs

[Linus Swälas]

On Mon, 12 Nov 2007 02:24:37 +0100, Ingo Schwarze [EMAIL PROTECTED] wrote:


Your sh-kludge cited above is even worse; please DO try surfing to
  telnet://localhost:1234xmessage:bad:guys:got:in


And with my kludge it'd work with an url such as:
telnet://host:porttouch /tmp/test

or, if you use ssh or rsh in the script instead: (I don't have telnet)
telnet://host:port touch /tmp/test'

would create /tmp/test on host instead of localhost
as in the first example.

However, I can't get that to misbehave if I do:

exec xterm -e telnet $host $port
or
exec xterm -e telnet $host $port



--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

Re: HP Procurve or Soekris w. OpenBSD ?

[Stuart Henderson]

On 2007/11/12 12:56, knitti wrote:
  Looking to manage several webservers I am wondering if anybody uses
  something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ?
  (That image shows Wim's net4801-50 plus quadport lan1641 firewall box,
  giving 7 ports with low powerconsumption - on OpenBSD)

what sort of bandwidth / packets per second?

  The standard choice in my datacenter (linux users mostly) seems to be HP
  Procurve but I'd prefer the power of PF.

they're most likely switches. (Vantronix have a module for HP 5300xl
switches that runs PF, though).

 I don't know exactly the 4801, but I use a couple of 4501 as firewalls and
 IPSec-Routers for connections of up to 5 MBit/sec. Seeing the specs of
 the 4801 and knowing the 4501, I wouldn't use them for more than about
 40-50 Mbit/sec.

I feel 40-50M would be pushing it, given that you might like some
overhead to allow for occasional heavy numbers of packets. 5501
might do better (maybe with a nic rather than the on-board vr).

I'd normally prefer a standard amd64/i386 box for a datacentre
firewall though. I may change my mind when the net7501 eventually
surfaces...

Re: MacBook remote control

[Steven Mestdagh]

Richard Storm [2007-11-11, 00:03:37]:
 Hello!
 I have macbook:
 hw.model=Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz
 hw.vendor=Apple Inc.
 hw.product=MacBook2,1
 hw.version=1.0
 
 On http://wiki.freebsd.org/AppleMacbook IR receiver section there is
 tool available at http://fnop.net/~rpaulo/priv/freebsd/aird.tgz.
 
 Here is patch that makes it compile/work under openbsd with my macbook
 and remote control.
 
 Ignore manpage, run like this:
 ./aird -vd -f /dev/uhid1 -M echo menu -P echo play -F echo
 forward -B echo backward -U echo volumeup -D echo volumedown

works nicely on my macbook.  maybe this can be added to the ports tree?

Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt

[Marco Peereboom]

There are still interrupt issues on this box.  Can you try GENERIC.MP +
acpi and send the dmesg?

Thanks,
/marco

On Mon, Nov 12, 2007 at 11:04:16AM +0100, Koenig, Thomas wrote:
 Hi,
 
 with help form Insan Praja, I able to enable acpi now.
 But I have still the same problems with the QuadPort NIC. :(
 
 My last try was to build on this system a fresh new Kernel from the
 current CVS but still the same problem.
 
 
 dmesg from the snapshot from Thu Nov 8:
  
 OpenBSD 4.2-current (GENERIC) #2: Thu Nov  8 10:46:42 WIT 2007
 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
 real mem = 1069268992 (1019MB)
 avail mem = 1026822144 (979MB)
 User Kernel Config
 UKC disable apm
 UKC enable acpi
 272 acpi0 enabled
 UKC quit
 Continuing...
 RTC BIOS diagnostic error ffixed_disk,invalid_time
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc1d000 (43 entries)
 bios0: vendor Intel Corporation version
 S3000.86B.02.00.0035.111020061326 date 11/10/2006
 bios0: Intel S3000AHLX
 acpi0 at mainbus0: rev 0
 acpi0: tables DSDT FACP APIC WDDT MCFG ASF! SSDT SSDT SSDT SSDT SSDT 
 acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4)
 UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) 
 acpitimer at acpi0 not configured
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 9 (P32_)
 acpiprt2 at acpi0: bus 5 (PEX0)
 acpiprt3 at acpi0: bus 6 (PXS1)
 acpiprt4 at acpi0: bus -1 (PEX1)
 acpiprt5 at acpi0: bus -1 (PEX2)
 acpiprt6 at acpi0: bus -1 (PEX3)
 acpiprt7 at acpi0: bus 7 (PEX4)
 acpiprt8 at acpi0: bus 8 (PEX5)
 acpicpu at acpi0 not configured
 acpicpu at acpi0 not configured
 acpicpu at acpi0 not configured
 acpicpu at acpi0 not configured
 acpibtn0 at acpi0: SLPB
 cpu0 at mainbus0: (uniprocessor)
 cpu0: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, 2200.25 MHz
 cpu0:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
 CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2
 ,CX16,xTPR,NXE,LONG
 cpu0: 2MB 64b/line 8-way L2 cache
 pci0 at mainbus0 bus 0: configuration mode 1
 pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0x00
 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00
 pci1 at ppb0 bus 1
 ppb1 at pci1 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
 0x04
 pci2 at ppb1 bus 2
 ppb2 at pci2 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
 0x04
 pci3 at ppb2 bus 3
 em0 at pci3 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev
 0x06pci_intr_map: bad interrupt line 128
 : couldn't map interrupt
 em0: Allocation of PCI resources failed
 em1 at pci3 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev
 0x06pci_intr_map: bad interrupt line 128
 : couldn't map interrupt
 em1: Allocation of PCI resources failed
 ppb3 at pci2 dev 1 function 0 vendor IDT, unknown product 0x8018 rev
 0x04
 pci4 at ppb3 bus 4
 em2 at pci4 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev
 0x06pci_intr_map: bad interrupt line 128
 : couldn't map interrupt
 em2: Allocation of PCI resources failed
 em3 at pci4 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev
 0x06pci_intr_map: bad interrupt line 128
 : couldn't map interrupt
 em3: Allocation of PCI resources failed
 ppb4 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01
 pci5 at ppb4 bus 5
 ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09
 pci6 at ppb5 bus 6
 ppb6 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01
 pci7 at ppb6 bus 7
 ppb7 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01
 pci8 at ppb7 bus 8
 em4 at pci8 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: irq
 9, address 00:15:17:29:70:25
 Intel 82573E AMT rev 0x03 at pci8 dev 0 function 3 not configured
 Intel 82573E KCS (Active Management) rev 0x03 at pci8 dev 0 function 4
 not configured
 ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1
 pci9 at ppb8 bus 9
 vga1 at pci9 dev 4 function 0 ATI ES1000 rev 0x02
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 em5 at pci9 dev 5 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq
 9, address 00:15:17:29:70:26
 pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01
 pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA,
 channel 0 configured to compatibility, channel 1 configured to
 compatibility
 atapiscsi0 at pciide0 channel 0 drive 0
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0: Optiarc, DVD RW AD-7540A, 1.01 SCSI0
 5/cdrom removable
 cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
 pciide0: channel 1 disabled (no drives)
 pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA,
 channel 0 configured to native-PCI, channel 1 configured to native-PCI
 pciide1: using irq 10 for native-PCI interrupt
 wd0 at pciide1 channel 0 drive 0: Hitachi HDS721680PLA380
 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
 wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
 ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: irq 10
 iic0 

pf max-src-conn states

[ttw+bsd]

two questions relating to the above

1.  trying to use 'max-src-conn 1' to limit service to one
connection per host (with overload table) but when i disconnect and
re-reconnect i get blocked.  should this state expire when
correctly closed, allowing a second connection, or is the timeout
needed?

2.  is source-track required for the above?  i can't decipher the
relationship.  current confusion is does source-track turn 'max'
into a per-IP match or simply allow the per-IP functions to operate?

nb: not sure the service is closing the connection correctly which
may be causing the timeout issue.

Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt

[Insan Praja SW]

On Mon, 12 Nov 2007 18:53:44 +0700, Koenig, Thomas [EMAIL PROTECTED]  
wrote:



Looks like you need to update your bios, you are using old
BIOS, the newest one is ver.44 (mine is). Try to upgrade the
BIOS, and update us with good news :D (I Hope).

Thanks,
--
Insan Praja SW



Hello Insan,

I'm now on version .44, but this dont solve my problem.


bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc03000 (43 entries)
bios0: vendor Intel Corporation version
S3000.86B.02.00.0044.071120071047 date 07/11/2007
bios0: Intel S3000AHLX

: couldn't map interrupt
em0: Allocation of PCI resources failed


regards,
Thomas


Hi Thomas,
I'm afraid I can't help you with this one, seems to be either the BIOS  
needs to be configure (I guess) or the driver needs to be fixed. So, I  
believe this is the time when all the good openBSD Coders and Developers  
come into rescue :D
Don't worry, if they don't respond quickly, it is because their motto is   
shut up and code. Don't forget sending them the full dmesg, or email to  
[EMAIL PROTECTED] (if I not mistaken).
Almost forget, Chris Kuethe pointed me out the -current as the cure to  
acpi related things.. and I believed other developers and coders play  
greater deals.

Peace.
Thanks,



--
Insan Praja SW

Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt

[Koenig, Thomas]

Hi,

I got it!


I try to build a GENERIC.MP for Marco - and now its running.I cant
belive it. :)

Thank you people, for your help.

If you need some more tests with my hardware, let me know.

regards,
Thomas



# dmesg
OpenBSD 4.2-current (GENERIC.MP) #0: Mon Nov 12 08:00:48 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1069162496 (1019MB)
avail mem = 1026580480 (979MB)
User Kernel Config
UKC disable apm
UKC enable acpi
275 acpi0 enabled
UKC quit
Continuing...
RTC BIOS diagnostic error ffixed_disk,invalid_time
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc03000 (43 entries)
bios0: vendor Intel Corporation version
S3000.86B.02.00.0044.071120071047 date 07/11/2007
bios0: Intel S3000AHLX
acpi0 at mainbus0: rev 0
acpi0: tables DSDT FACP APIC WDDT MCFG ASF! SSDT SSDT SSDT SSDT SSDT 
acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4)
UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) 
acpitimer at acpi0 not configured
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, 2200.22 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2
,CX16,xTPR,NXE,LONG
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, 2199.92 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2
,CX16,xTPR,NXE,LONG
cpu1: 2MB 64b/line 8-way L2 cache
ioapic0 at mainbus0 apid 5 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 5
ioapic1 at mainbus0 apid 6 pa 0xfec1, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 9 (P32_)
acpiprt2 at acpi0: bus 5 (PEX0)
acpiprt3 at acpi0: bus 6 (PXS1)
acpiprt4 at acpi0: bus -1 (PEX1)
acpiprt5 at acpi0: bus -1 (PEX2)
acpiprt6 at acpi0: bus -1 (PEX3)
acpiprt7 at acpi0: bus 7 (PEX4)
acpiprt8 at acpi0: bus 8 (PEX5)
acpicpu at acpi0 not configured
acpicpu at acpi0 not configured
acpicpu at acpi0 not configured
acpicpu at acpi0 not configured
acpibtn0 at acpi0: SLPB
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0x00
ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci3 at ppb2 bus 3
em0 at pci3 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06:
apic 5 int 16 (irq 128), address 00:15:17:4d:fe:c8
em1 at pci3 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06:
apic 5 int 17 (irq 128), address 00:15:17:4d:fe:c9
ppb3 at pci2 dev 1 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci4 at ppb3 bus 4
em2 at pci4 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06:
apic 5 int 17 (irq 128), address 00:15:17:4d:fe:ca
em3 at pci4 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06:
apic 5 int 18 (irq 128), address 00:15:17:4d:fe:cb
ppb4 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01
pci5 at ppb4 bus 5
ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci6 at ppb5 bus 6
ppb6 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01
pci7 at ppb6 bus 7
ppb7 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01
pci8 at ppb7 bus 8
em4 at pci8 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: apic
5 int 17 (irq 9), address 00:15:17:29:70:25
Intel 82573E AMT rev 0x03 at pci8 dev 0 function 3 not configured
Intel 82573E KCS (Active Management) rev 0x03 at pci8 dev 0 function 4
not configured
ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1
pci9 at ppb8 bus 9
vga1 at pci9 dev 4 function 0 ATI ES1000 rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em5 at pci9 dev 5 function 0 Intel PRO/1000MT (82541GI) rev 0x05: apic
5 int 17 (irq 9), address 00:15:17:29:70:26
pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01
pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: Optiarc, DVD RW AD-7540A, 1.01 SCSI0
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 5 int 19 (irq 10) for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: Hitachi HDS721680PLA380
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO 

Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt

[Insan Praja SW]

On Mon, 12 Nov 2007 18:53:44 +0700, Koenig, Thomas [EMAIL PROTECTED]  
wrote:



Looks like you need to update your bios, you are using old
BIOS, the newest one is ver.44 (mine is). Try to upgrade the
BIOS, and update us with good news :D (I Hope).

Thanks,
--
Insan Praja SW



Hello Insan,

I'm now on version .44, but this dont solve my problem.


bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc03000 (43 entries)
bios0: vendor Intel Corporation version
S3000.86B.02.00.0044.071120071047 date 07/11/2007
bios0: Intel S3000AHLX

: couldn't map interrupt
em0: Allocation of PCI resources failed


regards,
Thomas


Ok Thomas,
Searching through the mail-list (kinda curious..) I found this..

On 2007/09/17 11:09, slug bait wrote:

I am currently having problems with my new OpenBSD-4.1 firewall.  I have
installed a PCI-X 4-port Intel Gigabit Ethernet card, but something  
appears
to be broken.  The 4 interfaces are detected as em0-3 while the two  
on-board

GB NICs are bge0 and bge1.


Stuart Henderson wrote:
Find a spare jumper, open the box up, remove the NIC (yeah, I know.
you're going to love me when you have to put it back if it's in a 1U  
case...)

to access JPXA1 (between the heatsink-covered HT-1000 and the ATI GPU),
put the jumper on 1-2 becuase it's broken at 133MHz (gotta love that
checksum offloading)...

While you're there, you may also want to move JPL1 to disable the
BCM5704C bge(4) unless you really need them (next to the slot for the
IPMI riser).

If the box is somewhere with inconvenient access you may also want to
put a jumper on JP2 (front, near the fan header) to force power on
(the BIOS options about this are ... somewhat lacking)


bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, BIOS32 rev. 0 @ 0xf0010,


lucky you - mine won't POST with that version unless CMOS is clear
first (every boot), yum...

I still *mostly* prefer them to X2100 though...

and...
This is from Clint Pachl
Always remember to look through the drivers section (4) of the man pages  
for device support. For example:


$ apropos intel | grep -i gigabit
em (4) - Intel PRO/1000 10/100/Gigabit Ethernet device
$ man 4 em

And here is what I found under supported models in em(4):

  Intel PRO/1000MT Quad PCI-X Adapter (PWLA8494MT)
  Intel PRO/1000GT Quad PCI-X Adapter (PWLA8494GT)
  Intel PRO/1000PT Desktop Adapter
  Intel PRO/1000PT Server Adapter
  Intel PRO/1000PT Dual Port Server Adapter
  Intel PRO/1000PT Quad Port Server Adapter
  Intel PRO/1000PF Server Adapter (SX Fiber)
  Intel PRO/1000PF Dual Port Server Adapter (SX Fiber)

There is also a list of supported ICs that may be helpful.

-pachl

That's it (Maybe)
Thanks,


--
Insan Praja SW

pkg_add keeps giving errors

[Pieter Verberne]

Hi all,

since a few weeks, I'm not able to install anything. (both packages and
ports). I'm running current.
My first guess was that I have to upgrade OpenBSD by following current
in de faq. So I compiled and installed a new kernel and userland but
it doesn't make any difference. I'v also tried multiple mirrors.

I'v consult the FAQ several times but couldn't find an answer.

Pieter Verberne

Examples:
$ sudo pkg_add -i dia
Can't install shared-mime-info-0.22: lib not found glib-2.0.1400.0
Dependencies for shared-mime-info-0.22 resolve to: gettext-0.14.6p0,
glib2-2.12.12p1, libiconv-1.9.2p3, libxml-2.6.29
Full dependency tree is
gettext-0.14.6p0,glib2-2.12.12p1,libiconv-1.9.2p3,libxml-2.6.29
glib-2.0.1400.0: partial match in /usr/local/lib: major=1200, minor=12
(bad major)
Can't install shared-mime-info-0.22: lib not found intl.4.0
intl.4.0: partial match in /usr/local/lib: major=3, minor=0 (bad major)
Can't install shared-mime-info-0.22: lib not found xml2.9.7
xml2.9.7: partial match in /usr/local/lib: major=9, minor=6 (minor not
large enough)
Can't install dia-0.96.1p3: can't resolve shared-mime-info-0.22


$ cd /usr/ports/graphics/dia
$ sudo make
===  dia-0.96.1p2 depends on: gettext-=0.16.1 - not found
===  Verifying install for gettext-=0.16.1 in devel/gettext
===  Installing gettext-0.16.1 from /usr/ports/packages/i386/all/
Can't install gettext-0.16.1 because of conflicts (gettext-0.14.6p0)
/usr/sbin/pkg_add: gettext-0.16.1:Fatal error
*** Error code 1

Stop in /usr/ports/devel/gettext (line 1403 of
/usr/ports/infrastructure/mk/bsd.port.mk).
*** Error code 1

Stop in /usr/ports/graphics/dia (line 1531 of
/usr/ports/infrastructure/mk/bsd.port.mk).


# sudo pkg_add -u
Not updating .libs-png-1.2.18, remember to clean it
Candidates for updating ImageMagick-6.3.4.1 - ImageMagick-6.3.5.9
Candidates for updating ORBit2-2.14.7 - ORBit2-2.14.7 #same version?
Candidates for updating Xaw3d-1.5p0 - Xaw3d-1.5p0 #same version?
Candidates for updating aalib-1.2p2 - aalib-1.2p2 #etc.
Candidates for updating abook-0.5.5 - abook-0.5.5
Candidates for updating agg-2.4 - agg-2.4p0
Candidates for updating antiword-0.37 - antiword-0.37
...
Candidates for updating zip-2.32 - zip-2.32
Looking for updates: complete
Cannot find updates for jdk-1.5.0.12 unrar-3.76 wpi-firmware-2.14.4
Proceeding anyways
Running the equivalent of pkg_add -r ImageMagick-6.3.5.9 ORBit2-2.14.7
Xaw3d-1.5p0 aalib-1.2p2 abook-0.5.5 agg-2.4p0 antiword-0.37 apache-httpd-2.2.6
apr-1.2.11p1 apr-util-1.2.10p0 atk-1.20.0p0 audacity-1.3.3p1 barcode-0.98p0
boost-libs-1.33.1p3 cairo-1.4.10 cdparanoia-3.a9.8p0 cdrtools-2.01p0
cups-1.2.7p8 curl-7.17.0 db-4.6.21 dbus-1.0.2p1 dbus-glib-0.73p0
desktop-file-utils-0.14p0 detex-2.6p0 dictd-client-1.9.15p1 docbook-4.4
docbook-xsl-1.68.1p1 dvi2tty-5.3.1 esound-0.2.34p1v0 faac-1.24 faad-2.0p6
fam-2.7.0p2 ffmpeg-20070910p1 flac-1.2.1 fox-1.6.28 fribidi-0.10.4p0
fvwm2-2.4.19 g++-4.2.20070307p3 gcc-4.2.20070307p3 gconf2-2.18.0.1 gd-2.0.35
gettext-0.16.1 gfract-0.33p2 ghostscript-8.54p1 gimp-2.2.17 glib2-2.14.2p0
glib2mm-2.14.1 glitz-0.5.6p0 gmake-3.80p1 gmp-4.2.2 gnash-0.8.0p2 gnet-2.0.7
gopher-3.0.11p0 gqview-2.0.4p0 gtar-1.19 gtk+-1.2.10p6 gtk+2-2.12.1p0
gtk-engines2-2.12.2 gtk-gnutella-0.96.4 hellanzb-0.13p0 herrie-1.8.4
hydrogen-0.9.3p2 id3lib-3.8.3p2 imlib-1.9.14p5 iodbc-3.52.4p1 iso-codes-1.5
ispell-3.2.06p3 jikes-1.22p3 kaffe-1.1.7p3 lame-3.96.1p2 libIDL-0.8.8p0
liba52-0.7.4p2 libaudiofile-0.2.6p0 libbonobo-2.18.0 libdnet-1.10p2
libexif-0.6.16 libgcrypt-1.2.4 libglade2-2.6.2 libgpg-error-1.5
libgsf-1.14.3p3 libiconv-1.9.2p4 libidn-1.1 libltdl-1.5.22p3 libmpcdec-1.2.4
libmpeg2-0.4.0bp0 libsamplerate-0.1.2p0 libsigc++-2.0.18-main
libsndfile-1.0.11p0 libstdc++-4.2.20070307p2 libtool-1.5.22p14
libungif-4.1.4p1 libwmf-0.2.8.3p3 libwpd-0.8.9p0 libxml++-2.17.1 libxml-2.6.30
libxslt-1.1.22 lua-5.1.2p1 mozilla-firefox-2.0.0.8p0 mutt-1.5.16p0
mysql-client-5.0.45p0 neon-0.26.2 nmap-4.20 nspr-4.6.7 nss-3.11.7
openmotif-2.3.0p0 p5-XML-LibXML-1.64 p5-XML-LibXML-Common-0.13
p5-XML-Parser-2.34p0 p5-XML-SAX-0.16 pango-1.18.3p0 par2cmdline-0.4 pcre-7.4
postgresql-client-8.2.5p0 postgresql-server-8.2.5p3 ps2eps-1.64
psutils-0.17p0-a4 py-SOAPpy-0.11.6p2 py-fpconst-0.7.2p1 py-libxml-2.6.30p0
py-openssl-0.5.1p1 py-twisted-core-2.4.0p0 py-twisted-web-0.6.0p0
py-xml-0.8.4p3 py-zopeinterface-3.0.1p0 python-2.4.4p6 python-expat-2.4.4p6
qdbm-1.8.75 qt3-mt-3.7p6 qt4-4.3.2p0 ruby-1.8.5p7 screen-4.0.3p1
scrollkeeper-0.3.14p4 sdl-1.2.12-sun sdl-gfx-2.0.13p1 sdl-image-1.2.4p3
sdl-mixer-1.2.6p6 sdl-net-1.2.5p5 sdl-ttf-2.0.8p3 smpeg-0.4.4p5
snownews-1.5.7p3 sodipodi-0.34p7 speex-1.2beta2 sqlite-2.8.17p1
startup-notification-0.9 t1lib-5.1.0p1 t1utils-1.32 tcl-8.4.7p5 ted-2.17
texlive_base-2007p1 texlive_texmf-docs-2007p0 texlive_texmf-full-2007p0
texlive_texmf-minimal-2007p0 tidy-051026 tightvnc-viewer-1.2.9 tk-8.4.7p1
transfig-3.2.4p0 tree-0.61p0 unzip-5.52 vlc-0.8.6cp4 vorbis-tools-1.1.1p2
vte-0.16.9p0 wget-1.10.2p1 wxWidgets-gtk2-2.8.6 

Handelsvertreter......

[Tkany]

 Sehr geehrte Damen und Herren,

f|r den Neuaufbau eines Vertriebes, suchen wir F|hrungskrdfte f|r
Deutschland, Vsterreich und Polen.

NWSS - das Unternehmen
Hinter NWSS stehen 25 Jahre Unternehmens-Erfahrung. NWSS startet den
europaweiten Vertrieb von innovativen Telematik-Ortungssystemen. Damit
kvnnen Personen und Fahrzeuge weltweit und punktgenau geortet werden. Die
Technik bezieht NWSS direkt von einem der f|hrenden Hersteller in
Deutschland.

Referenzen
Die einzigartigen Ortungssysteme unseres Herstellers werden heute schon
in die gro_en Limousinen von BMW, Audi, Mercedes, Jaguar eingebaut (Stand
nur 2007: ca. 22.000 Einheiten). Die Abteilung f|r organisierte
Kriminalitdt (OK) testet derzeit in Deutschland die Gerdte. In der T|rkei
ist es mittlerweile Pflicht, das System in jedes Taxi einzubauen. NWSS
liefert damit Hightech und Sicherheit mit Ihnen gemeinsam an jeden
Kunden.

Der Markt - Hightech und Sicherheit f|r jeden
In Deutschland sind zur Zeit ca. 1650 Kinder vermisst. Mehr als 200 000
Kinder werden jedes Jahr sexuell missbraucht, schdtzen Experten.
NWSS-Technik sch|tzt nicht nur Kinder. Auch Senioren, Sportlern,
Motorrad- und Autofahrern bieten unsere Produkte ein Hvchstma_ an
Komfort, Ersparnisse und Sicherheit.

Das System
Der Clou ist die punktgenaue Ortung von Personen, die mit NWSS-Technik
ausger|stet sind. Alle Gerdte verf|gen |ber eine Alarm-Taste. Einmal
gedr|ckt und innerhalb von Sekunden wird die Rettungskette punktgenau in
Gang gesetzt. 365 Tage im Jahr, 24 Stunden am Tag.

Karriere 2007 - Ihre Mvglichkeiten
wir bieten:

  * Vertriebsrechte der NWSS-Produkte europaweit

  * breite Zielgruppe im privaten und gewerblichen Bereich

  * professionelle Ausbildung und Unterst|tzungstools f|r das
Produktangebot

  * eigene Homepage und personalisiertes Abrechnungssystem

  * lukrative, leistungsbezogene Verg|tung von Anfang an (14-tdgige
Auszahlung)

  * Erfolgs- und Umsatzbeteiligung

  * Sondervereinbarungen f|r Teamleiter und F|hrungskrdfte

wir erwarten:

  * Erfahrung im Au_endienst / Vertrieb

  * sicheres und kundenorientiertes Auftreten

  * hohe Leistungsbereitschaft,

  * selbstdndiges und unternehmerisches Denken

  * Mobilitdt, Lernbereitschaft und Kreativitdt

Bitte rufen Sie uns an unter: 036969-54959 oder senden Sie uns eine Mail
an: [EMAIL PROTECTED]

Hans Peter Tkany
www.hptconsulting.de
http://www.xing.com/go/invite/7028732.f056b2

Re: pkg_add keeps giving errors

[Stuart Henderson]

On 2007/11/12 15:09, Pieter Verberne wrote:
 $ sudo pkg_add -i dia
 Can't install shared-mime-info-0.22: lib not found glib-2.0.1400.0

You have old packages in PKG_PATH; clean them all out. If it's pointing
to a 3rd-part package repo (e.g. an ftp mirror), remove it from PKG_PATH.

 Can't install gettext-0.16.1 because of conflicts (gettext-0.14.6p0)
 /usr/sbin/pkg_add: gettext-0.16.1:Fatal error

Updating your installed packages will fix this.
Or make FORCE_UPDATE=Yes.

 # sudo pkg_add -u

you're already root here (-:

Either choose pkg_add -ui for an interactive update, or 
pkg_add -u -F update -F updatedepends, to permit this update:

 New package libxml-2.6.30 contains potentially unsafe operations
 @exec /usr/local/share/libxml2/rebuild
 Can't safely update to libxml-2.6.30 (use -F update to force it)

...

 Candidates for updating ORBit2-2.14.7 - ORBit2-2.14.7 #same version?
 Candidates for updating Xaw3d-1.5p0 - Xaw3d-1.5p0 #same version?

That's normal, depended-on libraries have changed.

 Can't install ghostscript-8.54p1: lib not found X11.11.0

Install xbase from a newer snap.

While you're there, you might also not have followed the instructions
about expat files; see http://openbsd.org/faq/current.html#20071020

Re: pkg_add keeps giving errors

[Pieter Verberne]

On Mon, Nov 12, 2007 at 03:12:12PM +, Stuart Henderson wrote:
 On 2007/11/12 15:09, Pieter Verberne wrote:
  $ sudo pkg_add -i dia
  Can't install shared-mime-info-0.22: lib not found glib-2.0.1400.0
 
 You have old packages in PKG_PATH; clean them all out. If it's pointing
 to a 3rd-part package repo (e.g. an ftp mirror), remove it from PKG_PATH.

I havn't tried your solution yet. (but thanks for your help) First; what
PKG_PATH should I use? The mirror I'm using is close to me. And how old
are these packages actually?

Logging bandwidth usage with PF

[Joel Gudknecht]

Misc list:

I'm trying to figure out a way to log and analyze bandwidth usage
passing through my PF gateway. It's doing NAT for ~60 users.

Here are the pertinent logging rules;

rdr pass log on $ext_if proto tcp to port smtp - $host
rdr pass log on $ext_if proto tcp to port www - $host
rdr pass log on $ext_if proto tcp to port pop3 - $host
rdr pass log on $ext_if proto tcp to port 1494 - $host
rdr pass log on $ext_if proto tcp to port 3389 - $host

pass out log keep state

I've tried analyzing pflogs using ethereal/wireshark but could not get
specifics about IP's and connection rates from it. I've also looked at
ntop and pftop, which looks good for real-time monitoring but I don't
think they apply for what I'm trying to do.

I'd like to generate a sorted list of top bandwidth hogs and their IP addresses.

Thanks.

Joel

reverse route

[Beavis]

hi folks,

   I have setup a network as follows

internet --[L3_switch1]--(out)[openbsd pf](in)--L3
Switch]--[LAN1] / [LAN2]

I configure nat for LAN1(192.168.0.0/24) and LAN2(192.168.1.0/24)

nat on $ext_if inet proto $proto_natg from { $LAN1, LAN2 } to any -
$ext_if port 1:15000

i can't seem to route traffic from LAN2 to the internet. I've
configured the L3 Switches to route everything to their corresponding
fw's

(L3_switch1) 0.0.0.0 0.0.0.0 Internet-Router
(L3_switch2) 0.0.0.0 0.0.0.0 192.168.0.1


Is there a way for me to route traffic that LAN2 sent to the
L3SwitchIP ? sort of a reverse route.

I have tried to put in the following

rdr pass on $ext_if proto tcp from any to $LAN2 - 192.168.0.6 (ip of switch2)

but to no avail. any comments would be greatly appreciated.


-pf

Re: Logging bandwidth usage with PF

[Peter N. M. Hansteen]

Joel Gudknecht [EMAIL PROTECTED] writes:

 rdr pass log on $ext_if proto tcp to port smtp - $host

this only gives you the initial packet. for tracking traffic you
probably want to look at log (all).

 I've tried analyzing pflogs using ethereal/wireshark but could not get
 specifics about IP's and connection rates from it. I've also looked at
 ntop and pftop, which looks good for real-time monitoring but I don't
 think they apply for what I'm trying to do.

the output of something like tcpdump -n -e -ttt -v -i pflog0 gives you
quite a bit of data to play with if you want to do your own parsing,
but 

 I'd like to generate a sorted list of top bandwidth hogs and their IP 
 addresses.

for that purpose, the more promising path is probably to use labels
with the $srcaddr macro in them, and collect your statistics at
regular intervals for processing.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: MacBook remote control

[Richard Storm]

On 11/12/07, Steven Mestdagh [EMAIL PROTECTED] wrote:
 Richard Storm [2007-11-11, 00:03:37]:
  Hello!
  I have macbook:
  hw.model=Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz
  hw.vendor=Apple Inc.
  hw.product=MacBook2,1
  hw.version=1.0
 
  On http://wiki.freebsd.org/AppleMacbook IR receiver section there is
  tool available at http://fnop.net/~rpaulo/priv/freebsd/aird.tgz.
 
  Here is patch that makes it compile/work under openbsd with my macbook
  and remote control.
 
  Ignore manpage, run like this:
  ./aird -vd -f /dev/uhid1 -M echo menu -P echo play -F echo
  forward -B echo backward -U echo volumeup -D echo volumedown

 works nicely on my macbook.  maybe this can be added to the ports tree?


Don't know if ports is good idea, because it is hacked up version which supports
only macbook remotes (it seems), since macbook pro remotes needs pairing(!?) and
can do key repeats (like in original aird.c).
Don't have any macbook pro remote to test with. I assume this diff
breaks macbook pro remotes...

btw: look at my cool config :))

#!/bin/sh
aird -vd -f /dev/uhid1 -M audacious --show-main-window -P audacious
-t -F audacious -f -B audacious -r -U mixerctl
outputs.master=+5,+5 -D mixerctl outputs.master=-5,-5

php5-pear not found

[Marcos Laufer]

Hello list ,

I can see that the php5-pear package is missing in 4.2. How is it supposed to
be installed now?

Thanks!
Marcos

reverse route

[Beavis]

for those that are about to answer my first email.. i would like to
say thanks. I was able to figure it out

man route :)

thank you folks!

-pf

Re: pkg_add keeps giving errors

[Stuart Henderson]

On 2007/11/12 16:28, Pieter Verberne wrote:
 On Mon, Nov 12, 2007 at 03:12:12PM +, Stuart Henderson wrote:
  On 2007/11/12 15:09, Pieter Verberne wrote:
   $ sudo pkg_add -i dia
   Can't install shared-mime-info-0.22: lib not found glib-2.0.1400.0
  
  You have old packages in PKG_PATH; clean them all out. If it's pointing
  to a 3rd-part package repo (e.g. an ftp mirror), remove it from PKG_PATH.
 
 I havn't tried your solution yet. (but thanks for your help) First; what
 PKG_PATH should I use? The mirror I'm using is close to me. And how old
 are these packages actually?

The latest -current package snapshot for i386 is dated Nov 3.
Just ftp and use ls if you'd like to see how old they are; you might
try bytemine.net (de), calyx.nl, btradianz.se, lth.se, freenet.de, bsd.lv
who all seem to have up-to-date snaps.

You'll need to complete an update of the installed packages and
OS before you'll be able to add some of the new ones to your system.

Packages are generally produced for whatever version of the OS was
current when the bulk build started and will depend on those
libraries being available in the base system, and often expect
other installed packages to come from the same set.

Re: php5-pear not found

[Nico Meijer]

Hi Marcos,

 I can see that the php5-pear package is missing in 4.2. How is it
 supposed to be installed now?

It's called `pear` these days.

HTH... Nico

Re: php5-pear not found

[Stuart Henderson]

On 2007/11/12 13:18, Marcos Laufer wrote:
 I can see that the php5-pear package is missing in 4.2. How is it supposed to
 be installed now?

It is now just 'pear'

traceproto

[Kleber Rocha]

Someone has compiled the traceproto in openbsd?
The configuration not find the libnet.

Excess interrupts using ALTQ

[Fernando Braga]

Hi,

I've setup a bridge over a 200Mb link, and everytime I turn ALTQ on,
top shows interrupts at 99.2%. If I flush queue (pfctl -Fq), interrupt
usage drop to 35% instantly. I've also noticed that only cpu0 is able
to handle interrupts.

Is there a way to minimize interrupts usage in this configuration ?

My pf.conf is:

#   $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $

ext_if=bnx0
int_if=bnx1

table network-int persist { 200.254.131.128/25 }
table redes-biz   persist file /etc/pf.biz

set skip on lo
set limit states 75

scrub in

altq on $int_if bandwidth 1000Mb hfsc queue { local, embratel }
altq on $ext_if bandwidth 1000Mb hfsc queue { local, embratel }

queue local bandwidth 100Mb hfsc

queue embratel bandwidth 200Mb hfsc(ecn realtime 200Mb upperlimit
200Mb )\
{ Q-pri Q-icmp Q-vpn Q-biz Q-mail Q-http Q-ftp Q-def }

queue Q-pri  bandwidth  25Mb hfsc(realtime  15Mb linkshare 25Mb
upperlimit 180Mb) priority 7
queue Q-icmp bandwidth  25Mb hfsc(realtime  15Mb linkshare 25Mb
upperlimit  30Mb) priority 7
queue Q-vpn  bandwidth  25Mb hfsc(realtime  15Mb linkshare 25Mb
upperlimit 180Mb) priority 6
queue Q-biz  bandwidth  25Mb hfsc(realtime  15Mb linkshare 25Mb
upperlimit 180Mb) priority 6
queue Q-mail bandwidth  25Mb hfsc(realtime  15Mb linkshare 25Mb
upperlimit 180Mb) priority 4
queue Q-http bandwidth  25Mb hfsc(realtime  15Mb linkshare 25Mb
upperlimit 180Mb) priority 4
queue Q-ftp  bandwidth  25Mb hfsc(realtime  15Mb linkshare 25Mb
upperlimit 180Mb) priority 4
queue Q-def  bandwidth  25Mb hfsc(defaultlinkshare 25Mb
upperlimit 128Mb) priority 0

block in log
pass out

antispoof quick for { lo $ext_if }
pass in quick on lo0 no state

## Regras de merovingio -- bridge
pass in on $ext_if proto tcp to ($ext_if) port ssh queue(local)

pass in on $int_if
queue(Q-def  Q-pri) label int-DEFA
pass in on $int_if proto icmp
queue(Q-icmp  ) label int-ICMP
pass in on $int_if proto gre
queue(Q-vpn   ) label int-VPN-gre
pass in on $int_if proto esp
queue(Q-vpn   ) label int-VPN-esp
pass in on $int_if proto ah
queue(Q-vpn   ) label int-VPN-ah
pass in on $int_if proto l2tp
queue(Q-vpn   ) label int-VPN-l2tp
pass in on $int_if proto { tcp udp } to port { 500 4500   }
queue(Q-vpn   ) label int-VPN-ipsec
pass in on $int_if proto { tcp udp } to port { pptp   }
queue(Q-vpn   ) label int-VPN-pptp
pass in on $int_if proto tcp to port { snmp   }
queue(Q-icmp Q-pri) label int-ICMP-snmp
pass in on $int_if proto tcp to port { www}
queue(Q-http Q-pri) label int-HTTP
pass in on $int_if proto tcp to port {  https }
queue(Q-biz  Q-pri) label int-BIZZ-https
pass in on $int_if proto { tcp udp } to port { domain ntp } queue(
  Q-pri) label int-PRII

pass in on $int_if   to redes-biz
queue(Q-biz  Q-pri) label int-BIZZ-redes
pass in on $int_if proto tcp to port { smtp pop3 imap 465 995 }
queue(Q-mail q-pri) label int-MAIL

pass in on $ext_if
queue(Q-def  Q-pri) label ext-DEFA
pass in on $ext_if proto icmp
queue(Q-icmp  ) label ext-ICMP
pass in on $ext_if proto gre
queue(Q-vpn   ) label ext-VPN-gre
pass in on $ext_if proto esp
queue(Q-vpn   ) label ext-VPN-esp
pass in on $ext_if proto ah
queue(Q-vpn   ) label ext-VPN-ah
pass in on $ext_if proto l2tp
queue(Q-vpn   ) label ext-VPN-l2tp
pass in on $ext_if proto { tcp udp } to port { 500 4500   }
queue(Q-vpn   ) label ext-VPN-ipsec
pass in on $ext_if proto { tcp udp } to port { pptp   }
queue(Q-vpn   ) label ext-VPN-pptp
pass in on $ext_if proto tcp to port { snmp   }
queue(Q-icmp Q-pri) label ext-ICMP-snmp
pass in on $ext_if proto tcp to port { www}
queue(Q-http Q-pri) label ext-HTTP
pass in on $ext_if proto tcp to port {  https }
queue(Q-biz  Q-pri) label ext-BIZZ-https
pass in on $ext_if proto { tcp udp } to port { domain ntp } queue(
  Q-pri) label ext-PRII

pass in on $ext_if   from redes-biz
queue(Q-biz  Q-pri) label ext-BIZZ-https
pass in on $ext_if proto tcp to port { smtp pop3 imap 465 995 }
queue(Q-mail q-pri) label ext-MAIL

dmesg follows:

OpenBSD 4.2 (GENERIC.MP) #1378: Tue Aug 28 10:48:58 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3488907264 (3327MB)
avail mem = 3373899776 (3217MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xcffbc000 (62 entries)
bios0: vendor Dell Inc. version 1.3.7 date 03/26/2007
bios0: Dell Inc. PowerEdge 1950
acpi at mainbus0 not configured
ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4
mainbus0: Intel MP Specification (Version 1.4)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz, 2327.87 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 332MHz
cpu1 at mainbus0: 

Re: Logging bandwidth usage with PF

[Juan Miscaro]

--- Joel Gudknecht [EMAIL PROTECTED] wrote:

 Misc list:
 
 I'm trying to figure out a way to log and analyze bandwidth usage
 passing through my PF gateway. It's doing NAT for ~60 users.
 
 Here are the pertinent logging rules;
 
 rdr pass log on $ext_if proto tcp to port smtp - $host
 rdr pass log on $ext_if proto tcp to port www - $host
 rdr pass log on $ext_if proto tcp to port pop3 - $host
 rdr pass log on $ext_if proto tcp to port 1494 - $host
 rdr pass log on $ext_if proto tcp to port 3389 - $host
 
 pass out log keep state
 
 I've tried analyzing pflogs using ethereal/wireshark but could not
 get
 specifics about IP's and connection rates from it. I've also looked
 at
 ntop and pftop, which looks good for real-time monitoring but I don't
 think they apply for what I'm trying to do.
 
 I'd like to generate a sorted list of top bandwidth hogs and their IP
 addresses.

I don't think there is any built-in way of doing this.  What I did was
write a shell script that interacts with labels contained in pf.conf. 
The script runs every five minutes and processes the data.  I used to
have it according to IP and protocol but eventually got rid of the IP
side as my pf.conf was getting really messy.

// juan 


  Ask a question on any topic and get answers from real people. Go to 
Yahoo! Answers and share what you know at http://ca.answers.yahoo.com

Re: [OT] making Firefox respect telnet:// URLs

[William Boshuck]

On Mon, Nov 12, 2007 at 02:02:32AM +0100, Linus Swdlas wrote:
 On Mon, 12 Nov 2007 00:25:29 +0100, ropers [EMAIL PROTECTED] wrote:
 
 The ${var##string} part is ksh or bash specific, see Parameter Expansion
 in the bash man page if you're using bash.
 I see your #! line says /bin/sh but to my knowledge a real sh, not
 emulated by bash or ksh doesn't support ${##} and friends, if I'm wrong
 feel free to correct me. =)

This kind of parameter substitution is in the POSIX 1 specification
for sh.  See the parameters section of the man page for sh(1).


 Yes. $@ is also all the positional parameters, they expand differently
 when expanded inside . A full explaination can be found under Special
 Parameters in the bash man page.

Since the other person is using sh, at the moment, it is
probably more apt to point to the Parameters section of
the man page for sh(1).


 But I wouldn't, I'd let bash do it:

Probably better to use sh, or ksh, since they
are in OpenBSD by default, and are more than
up to the task.

cheers,
-b

Re: Any Ethereal, Wireshark related software in 4.2 ports?

[Steve Shockley]

Stuart Henderson wrote:

tcpdump runs the scary code in a jail.


Doesn't http://marc.info/?m=117390704628262 do the same thing?  I 
haven't looked at it, just saw the post.

Re: google team and the DIY way of life

[Ted Unangst]

On 11/11/07, Sean Darby [EMAIL PROTECTED] wrote:
 If anybody from the OpenBSD team ever works for Google, it will certainly be 
 a very wise move on behalf of Google for hiring them.

do the people currently working at google count?  or does it have to
be a new hire?

Re: pf max-src-conn states

[Henning Brauer]

* [EMAIL PROTECTED] [EMAIL PROTECTED] [2007-11-12 15:14]:
 two questions relating to the above
 
 1.trying to use 'max-src-conn 1' to limit service to one
 connection per host (with overload table) but when i disconnect and
 re-reconnect i get blocked.  should this state expire when
 correctly closed, allowing a second connection, or is the timeout
 needed?

there is always a 2*MSL timeout - any better book covering TCP/IP 
basics should give you the plethora of reasons.

 2.is source-track required for the above?  i can't decipher the
 relationship.  current confusion is does source-track turn 'max'
 into a per-IP match or simply allow the per-IP functions to operate?

it makes use of sr ctrack yes,but you don't need tomanually enable 
anything.

 nb: not sure the service is closing the connection correctly which
 may be causing the timeout issue.

that would extend the timeout a lot.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: pkg_add keeps giving errors

[Pieter Verberne]

On Mon, Nov 12, 2007 at 03:12:12PM +, Stuart Henderson wrote:
 Either choose pkg_add -ui for an interactive update, or 
 pkg_add -u -F update -F updatedepends, to permit this update:

Done that. If I do this again I get the following output:
 
  Can't install ghostscript-8.54p1: lib not found X11.11.0
 Install xbase from a newer snap.

Done that.

Re: pkg_add keeps giving errors

[Pieter Verberne]

On Mon, Nov 12, 2007 at 07:19:19PM +0100, Pieter Verberne wrote:
 On Mon, Nov 12, 2007 at 03:12:12PM +, Stuart Henderson wrote:
  Either choose pkg_add -ui for an interactive update, or 
  pkg_add -u -F update -F updatedepends, to permit this update:
 
 Done that. If I do this again I get the following output:
  
   Can't install ghostscript-8.54p1: lib not found X11.11.0
  Install xbase from a newer snap.
 
 Done that.

Sorry, I meant to postpone this message. However, I don't know exactly
what I did, and I don't know what went exacly wrong but it looks like
it's working now. But right now I'm updating, so I still have to see..

Ntop

[Kleber Rocha]

It is possible to compile the ntop - 3.3 in openbsd?

Re: Logging bandwidth usage with PF

[Calomel]

Joel,

Check out pfflowd. This site has a how to.


Configuration of NetFlow, Flowtools, pfflowd on OpenBSD

Have you ever wanted to keep track of every packet going through your
firewall? How about getting some stats on the hosts using your network.
Stats like most bandwidth used or most popular ports or ip's. Well NetFlow
is what your looking for. NetFlow is an open but proprietary network
protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment
for collecting IP traffic information.

http://www.pantz.org/software/flowtools/configflowtoolspfflow.html

--
 Calomel @ http://calomel.org
 Open Source Research and Reference


On Mon, Nov 12, 2007 at 09:31:08AM -0600, Joel Gudknecht wrote:
Misc list:

I'm trying to figure out a way to log and analyze bandwidth usage
passing through my PF gateway. It's doing NAT for ~60 users.

Here are the pertinent logging rules;

rdr pass log on $ext_if proto tcp to port smtp - $host
rdr pass log on $ext_if proto tcp to port www - $host
rdr pass log on $ext_if proto tcp to port pop3 - $host
rdr pass log on $ext_if proto tcp to port 1494 - $host
rdr pass log on $ext_if proto tcp to port 3389 - $host

pass out log keep state

I've tried analyzing pflogs using ethereal/wireshark but could not get
specifics about IP's and connection rates from it. I've also looked at
ntop and pftop, which looks good for real-time monitoring but I don't
think they apply for what I'm trying to do.

I'd like to generate a sorted list of top bandwidth hogs and their IP 
addresses.

Thanks.

Joel

Re: pkg_add keeps giving errors

[Josh Grosse]

On Mon, 12 Nov 2007 19:19:19 +0100, Pieter Verberne wrote
 On Mon, Nov 12, 2007 at 03:12:12PM +, Stuart Henderson wrote:
  Either choose pkg_add -ui for an interactive update, or 
  pkg_add -u -F update -F updatedepends, to permit this update:
 
 Done that. If I do this again I get the following output:
 
   Can't install ghostscript-8.54p1: lib not found X11.11.0
  Install xbase from a newer snap.
 
 Done that.

X11.11.0 was a 30 September patch:

http://www.openbsd.org/cgi-bin/cvsweb/xenocara/lib/libX11/Makefile.bsd-wrapper?sortby=date

The latest xbase42.tgz contains:

-rw-r--r-- root/wheel  1040088 2007-11-03 00:58 ./usr/X11R6/lib/libX11.so.11.0
-rw-r--r-- root/wheel  1386880 2007-11-03 00:58 ./usr/X11R6/lib/libX11.a
-rw-r--r-- root/wheel  849 2007-11-03 00:58 ./usr/X11R6/lib/libX11.la

Check to make sure you have the appropriate libX11 files in /usr/X11R6/lib.

Re: pkg_add keeps giving errors

[Pieter Verberne]

On Mon, Nov 12, 2007 at 01:41:19PM -0500, Josh Grosse wrote:
 X11.11.0 was a 30 September patch:

 http://www.openbsd.org/cgi-bin/cvsweb/xenocara/lib/libX11/Makefile.bsd-wrapper?sortby=date

 The latest xbase42.tgz contains:

 -rw-r--r-- root/wheel  1040088 2007-11-03 00:58 ./usr/X11R6/lib/libX11.so.11.0
 -rw-r--r-- root/wheel  1386880 2007-11-03 00:58 ./usr/X11R6/lib/libX11.a
 -rw-r--r-- root/wheel  849 2007-11-03 00:58 ./usr/X11R6/lib/libX11.la

 Check to make sure you have the appropriate libX11 files in /usr/X11R6/lib.
 
I checkt, but I was very sure about it. I just downloaded xbase42.tgz a hour 
ago and 
installed it.

mount_cd9660 options

[frantisek holop]

hi there,

i just noticed that i see an option i haven't seen before..

/dev/cd0c on /cdrom type cd9660 (local, noexec, read-only, norrip)

what is norrip?
it is not in mount_cd9660(8) or in mount(8)...

-f
-- 
the borg assimilated my race  all i got was this t-shirt

ASUS P5B-VM SE and 3 sata drives, GURU need help ...

[Rover]

I have a problem initializing SATA HDDs in OpenBDS, please help:
ASUS P5B-VM SE, there is an onboard controller: SATA Intel (4) and IDE
Jmicron (1). I have 3 SATA drives connected (160GB, 500GB and 500GB), no
RAID configured, and one CD-ROM drive, so the BIOS recognize them correctly
as hd0+*, hd1+, hd2, cd0.

When I finished installing the OS I could see only wd0 and wd1 (160MB and
500MB) connected ONLY(!) via SATA 3 and 4 ports on motherboard (and any HHDs
connected to this one, 500+500, 500+160 and etc), and wd2 is always
unavailable no matter how and what I dob

What else should I try? :,(
--
View this message in context:
http://www.nabble.com/ASUS-P5B-VM-SE-and-3-sata-drives%2C-GURU-need-help-...-
tf4793593.html#a13713393
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: mount_cd9660 options

[Jason McIntyre]

On Mon, Nov 12, 2007 at 08:57:24PM +0100, frantisek holop wrote:
 
 i just noticed that i see an option i haven't seen before..
 
 /dev/cd0c on /cdrom type cd9660 (local, noexec, read-only, norrip)
 
 what is norrip?
 it is not in mount_cd9660(8) or in mount(8)...
 

if you mount a cd9660 filesystem w/ -R (no rockridge extensions) you get
norrip in the output. i don;t think you can specify this as a mount
option though, so i'm not sure where we'd document this.

jmc

Re: ASUS P5B-VM SE and 3 sata drives, GURU need help ...

[Adriaan]

On Nov 12, 2007 9:21 PM, Rover [EMAIL PROTECTED] wrote:
 I have a problem initializing SATA HDDs in OpenBDS, please help:
 ASUS P5B-VM SE, there is an onboard controller: SATA Intel (4) and IDE
 Jmicron (1). I have 3 SATA drives connected (160GB, 500GB and 500GB), no
 RAID configured, and one CD-ROM drive, so the BIOS recognize them correctly
 as hd0+*, hd1+, hd2, cd0.

 When I finished installing the OS I could see only wd0 and wd1 (160MB and
 500MB) connected ONLY(!) via SATA 3 and 4 ports on motherboard (and any HHDs
 connected to this one, 500+500, 500+160 and etc), and wd2 is always
 unavailable no matter how and what I dob

 What else should I try? :,(
 --

You could start by posting the full dmesg output, so people can see
what kind of hardware you have and which version of OpenBSD.

=Adriaan=

Re: HP Procurve or Soekris w. OpenBSD ?

[David Newman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/12/07 5:01 AM, Stuart Henderson wrote:
 On 2007/11/12 12:56, knitti wrote:
 Looking to manage several webservers I am wondering if anybody uses
 something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ?
 (That image shows Wim's net4801-50 plus quadport lan1641 firewall box,
 giving 7 ports with low powerconsumption - on OpenBSD)
 
 what sort of bandwidth / packets per second?
 
 The standard choice in my datacenter (linux users mostly) seems to be HP
 Procurve but I'd prefer the power of PF.
 
 they're most likely switches. (Vantronix have a module for HP 5300xl
 switches that runs PF, though).
 
 I don't know exactly the 4801, but I use a couple of 4501 as firewalls and
 IPSec-Routers for connections of up to 5 MBit/sec. Seeing the specs of
 the 4801 and knowing the 4501, I wouldn't use them for more than about
 40-50 Mbit/sec.
 
 I feel 40-50M would be pushing it, given that you might like some
 overhead to allow for occasional heavy numbers of packets. 5501
 might do better (maybe with a nic rather than the on-board vr).
 
 I'd normally prefer a standard amd64/i386 box for a datacentre
 firewall though. I may change my mind when the net7501 eventually
 surfaces...

I was just about to ask about this. I've been very happy with Nexcom
1563s as pf firewalls, especially with the disk-on-chip. No moving parts
is good. (And thanks misc@ for this recommendation.)

But the Nexcoms have only 100Base-T interfaces and now I've got a
requirement for gig boxes in a couple of data centers.

Any recommendations for carp/pfsync hardware with these specs on each box?

- - at least 3 x 1000Base-T (mandatory)
- - disk on chip if possible (not mandatory)
- - fanless (not mandatory)
- - rack-mountable (not manadatory)

Any reasonable RAM and CPU speed considered, in the context of pushing
traffic at ~100-300 Mbit/s.

Or am I better off just buying el cheapo PCs and relying on carp and
pfsync for redundancy?

thanks

dn
iD8DBQFHOLiRyPxGVjntI4IRAp1hAJ9Uy0cbbip3EEXIlQ+Nnzlqr21ECwCg18g5
vDFGHhVj2htXbuEGqfgXFRY=
=wNZl
-END PGP SIGNATURE-

Re: mount_cd9660 options

[frantisek holop]

hmm, on Mon, Nov 12, 2007 at 08:24:40PM +0001, Jason McIntyre said that
 On Mon, Nov 12, 2007 at 08:57:24PM +0100, frantisek holop wrote:
  
  i just noticed that i see an option i haven't seen before..
  
  /dev/cd0c on /cdrom type cd9660 (local, noexec, read-only, norrip)
  
  what is norrip?
  it is not in mount_cd9660(8) or in mount(8)...
  
 
 if you mount a cd9660 filesystem w/ -R (no rockridge extensions) you get
 norrip in the output. i don;t think you can specify this as a mount
 option though, so i'm not sure where we'd document this.

well, there might be a NOTE(S) section in mount_cd9660...



and i've meant to ask this for some time now:

the disc in question is a dvd...  so it's udf and udf is
considered to be a replacement of ISO 9660, and today is widely
used for (re)writable optical media.

so if cd9660 != udf and one is the replacement of the other,
i was wondering if mount_cd9660 might be overhauled a bit
to reflect this situation...

-f
-- 
i'm not old.  i'm chronologically gifted.

Re: ASUS P5B-VM SE and 3 sata drives, GURU need help ...

[Dorian Büttner]

Adriaan schrieb:

On Nov 12, 2007 9:21 PM, Rover [EMAIL PROTECTED] wrote:
  

I have a problem initializing SATA HDDs in OpenBDS, please help:
ASUS P5B-VM SE, there is an onboard controller: SATA Intel (4) and IDE
Jmicron (1). I have 3 SATA drives connected (160GB, 500GB and 500GB), no
RAID configured, and one CD-ROM drive, so the BIOS recognize them correctly
as hd0+*, hd1+, hd2, cd0.

When I finished installing the OS I could see only wd0 and wd1 (160MB and
500MB) connected ONLY(!) via SATA 3 and 4 ports on motherboard (and any HHDs
connected to this one, 500+500, 500+160 and etc), and wd2 is always
unavailable no matter how and what I dob

What else should I try? :,(
--



You could start by posting the full dmesg output, so people can see
what kind of hardware you have and which version of OpenBSD.

=Adriaan=
  


Have you tried playing with the bios settings? I had some issues with an 
ide controller in native or legacy mode. I think legacy mode works better.


Regards,
Dorian

Re: Any Ethereal, Wireshark related software in 4.2 ports?

[Stuart Henderson]

On 2007/11/12 12:38, Steve Shockley wrote:
 Stuart Henderson wrote:
 tcpdump runs the scary code in a jail.

 Doesn't http://marc.info/?m=117390704628262 do the same thing?  I haven't 
 looked at it, just saw the post.

ah, Nikns' port: this isn't a full jail, but it does drop privileges
so it's a start. http://wiki.wireshark.org/Development/PrivilegeSeparation
references this (so, some wireshark developers do recognise it needs to
be done).

IIRC (it's a while since I looked at it) there are some problems:
you run the whole thing as root (including the GUI, which uses
toolkits which are specifically not meant to be run as root), then
after opening the capture device privs are dropped, at which point
you can no longer access files you should have access to.

There is another hackish workaround: mkfifo a file, then use
tcpdump to do the capture into that. Run wireshark as a normal or
(better) jailed user, and read from the FIFO. Messy, though...

Anyway, this is probably of limited interest on misc@, so
if anyone is interested in continuing this, ports@ is a better
place (or the wireshark lists).

uvm_fault crash on fresh 4.2

[Nick Guenther]

I just installed an old compaq desktop that I intend to use as a
webserver. I haven't installed anything on it yet, it's using vanilla
4.2-RELEASE.
Twice now, I've booted it and left it running, intending to ssh in and
work on it, except I've found that I couldn't because it's crashed on
me. It has literally nothing running except the standard daemons
(ntpd, sshd, httpd...) when this (faithfully transcribed) happens:
uvm_fault(0xd687875c, 0xcfc7, 0, 1) - e
kernel: page fault trap, code=0
Stopped at  pmap_enter+0xaf:movl0(%edx,%eax,4),%eax
ddb trace
pmap_enter(d69c7a2c, 1c022000, 2353000,5,20,1c027000,da433ea4,0) at
pmap_enter+0xaf
uvm_fault(d687875c,1c023000,0,1,da3efea0) at uvm_fault+0xd0c
trap() at trap+0x269
--- trap (number 6) --
0x1c023261:
ddb ps
PID PPIDPGRPUID S   FLAGS   WAITCOMMAND
131117544   648 0   2   0   sh
*22991  17544   648 0   7   0   sh
17544   14843   648 0   3   0x80pause   sh
14843   27930   648 0   3   0x4080  piperd  sh
22189   648 648 0   3   0x4080  piperd  mail
15690   648 648 0   3   0x4080  piperd  tee
27930   648 648 0   3   0x4080  pause   sh
648 11321   648 0   3   0x4080  pause   sh
11321   446844680   3   0x80piperd  cron
63211   63210   3   0x4082  ttyin   getty
16590   1   16590   0   3   0x4082  ttyin   getty
28581   1   28581   0   3   0x4082  ttyin   getty
29125   1   29125   0   3   0x4082  ttyin   getty
13313   1   13313   0   3   0x4082  ttyin   getty
44681   44680   3   0x80select  cron
30525   1   30525   0   3   0x80select  sshd
14729   5611561167  3   0x180   netcon  httpd
11199   5611561167  3   0x180   netcon  httpd
20250   5611561167  3   0x180   netcon  httpd
76975611561167  3   0x180   netcon  httpd
18435611561167  3   0x180   netcon  httpd
24949   1   24949   0   3   0x40180 select  sendmail
87521   87520   3   0x180   select  inetd
56111   561167  3   0x180   select  httpd
20884   29121   29121   83  3   0x180   pollntpd
29121   1   29121   0   3   0x80pollntpd
13148   1   12414   73  2   0x180   syslogd
12414   1   12414   0   3   0x88netio   syslogd
36281   362877  3   0x180   polldhclient
14719   1   24228   0   3   0x82polldhclient
16  0   0   0   3   0x100200crypto_wait crypto
15  0   0   0   3   0x100200aiodonedaiodoned
14  0   0   0   3   0x100200syncer  update
13  0   0   0   3   0x100200cleaner cleaner
12  0   0   0   3   0x100200reaper  reaper
11  0   0   0   3   0x100200pgdaemon
 pagedaemon
10  0   0   0   3   0x100200pftmpfpurge
9   0   0   0   3   0x100200usbevt  usb4
8   0   0   0   3   0x100200usbevt  usb3
7   0   0   0   3   0x100200usbevt  usb2
6   0   0   0   3   0x100200usbevt  usb1
5   0   0   0   3   0x100200usbtsl  usbtask
4   0   0   0   3   0x100200usbevt  usb0
3   0   0   0   3   0x100200bored   syswq
2   0   0   0   3   0x100200kmalloc kmthread
1   0   1   0   3   0x4080  waitinit
0   -1  0   0   3   0x80200 scheduler   swapper



So what's the deal? Is this a bug? Is it flakey hardware? I mixed and
matched the RAM a bit, could that be it? Could the RAM be slightly
unseated?


I found this, which has the same issue:
http://archive.netbsd.se/?ml=openbsd-newbiesa=2005-08m=1127711


dmesg:
OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Duron(tm) Processor (AuthenticAMD 686-class, 64KB L2 cache) 902 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem  = 528052224 (503MB)
avail mem = 502943744 (479MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/03/01, BIOS32 rev. 0 @
0xfa100, SMBIOS rev. 2.3 @ 0xf (19 entries)
bios0: vendor Compaq version 786K3 date 05/03/2001
bios0: Compaq Presario 5100CA 470013-866
pcibios0 at bios0: rev 2.1 @ 0xfa040/0x1000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfa040/128 (6 entries)
pcibios0: PCI Interrupt Router at 000:20:0 (VIA VT82C686 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x1 

Re: [OT] making Firefox respect telnet:// URLs

[Linus Swälas]

On Mon, 12 Nov 2007 18:25:57 +0100, William Boshuck
[EMAIL PROTECTED] wrote:


On Mon, Nov 12, 2007 at 02:02:32AM +0100, Linus Swdlas wrote:

On Mon, 12 Nov 2007 00:25:29 +0100, ropers [EMAIL PROTECTED] wrote:



feel free to correct me. =)


This kind of parameter substitution is in the POSIX 1 specification
for sh.  See the parameters section of the man page for sh(1).

I stand corrected. ;)



But I wouldn't, I'd let bash do it:


Probably better to use sh, or ksh, since they
are in OpenBSD by default, and are more than
up to the task.


OpenBSD's ksh is great, I've never bothered to check if it's
available for Solaris for example. I've just assumed that it's
not, and bash is. And I use Linux too, so, I personally prefer
bash. =)
Though in this case I agree with you, at least if he doesn't
already have bash installed. =)


--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

Subversion/Apache Mod dav

[Duncan Patton a Campbell]

Howdy?  

I'm trying to install mod_dav_svn and mod_authz_svn with apache 2.0.xx
and find that they have been moved into the ap2-subversion-1.4.4 package that
requires apache 2.2.  When I go to the ports tree there is nothing equivalent
to this module.  

Does anyone know what is going on?  Is subversion under apache 2.0 no longer 
supported?

Any help would be greatly appreciated.

Thanks,

Dhu

OS not seeing all RAM (1GiB less)

[C Thala]

What would cause an 4.1 machine running on a Dell PowerEdge 1950 to see only
3,220,439,040 bytes of  RAM as opposed to the 4GB that it really has
(confirmed by BIOS)?

Re: uvm_fault crash on fresh 4.2

[Jeff Quast]

On Nov 12, 2007 7:25 PM, Nick Guenther [EMAIL PROTECTED] wrote:
 I just installed an old compaq desktop that I intend to use as a
 Stopped at  pmap_enter+0xaf:movl0(%edx,%eax,4),%eax
 ddb trace
 pmap_enter(d69c7a2c, 1c022000, 2353000,5,20,1c027000,da433ea4,0) at
 pmap_enter+0xaf
 uvm_fault(d687875c,1c023000,0,1,da3efea0) at uvm_fault+0xd0c
 trap() at trap+0x269

every fault i've had in the area of pmap on i386 has been due to bad
ram, at least 6 or more times in my experience with garbage resecued
machines.

CARP Advertisement Issue

[Shane Lazarus]

Heya

In the network:
OpenBSD Firewall (x2) -- Metropolitan Layer 2 Network -- ISP(s)

CARP advertisements are forming some 7% of the 'noise' traffic across the
Metro L2 resulting in complaints from other clients of the Metro L2
provider.

All production and testing done with:
OpenBSD 4.0 release + errata
OpenBSD 4.1 release + errata

I have read through the 4.1 to 4.2 changes documentation
(http://www.openbsd.org/plus42.html).
I can see nothing there that would alter the below results.


Thanks in advance for all suggestions and/or recommendations.

I have some Feature Requests as a result of this testing, but will hold off
on those until feedback is received.  :)


Upon receiving a request from the L2 provider, we thought of or tried the
following:

* Unicast CARP advertisements;
Unlike pfsync, CARP does not currently have support for Unicast
communications.

* lladdr filtering by the L2 provider;
All of the CARP advertisements are coming from the shared lladdr of the carp
interface, not from the lladdr of the carpdev's.
(True also on the other carp interfaces.)

* netstart + pf + ifstated;
Start the external facing carpdev's configured and down and the internal
facing carpdev's configured and up on boot.

Use pf to explicitly allow CARP advertisements on the internal facing
carpdev's and block all others (including the external facing carpdev's).

Use ifstated to monitor the state changes on the internal facing carp
devices.
Run 'ifconfig $carp [up|down]' on the external facing carp devices depending
upon the state of the internal facing carp devices.


/etc/netstart currently does not deal with configuring and then setting an
interface to down upon boot.
example /etc/hostname.if:
inet 192.168.0.1 255.255.255.0 NONE
down

CARP seems inconsistent in its handling of the carpdev status.
Discovered that upon booting with all physical cables unplugged that carp
interfaces enter master state despite carpdev's (em - Intel PRO/1000
10/100/Gigabit Ethernet devices) not having physical network connectivity.

In general, this setup is not considered an optimal solution anyway.



Thanks Again



Shane Lazarus
Infrastructure Engineer
DataTorque

+64 21 529278

[EMAIL PROTECTED]

Re: OS not seeing all RAM (1GiB less)

[Brian A. Seklecki]

On Mon, 2007-11-12 at 22:40 -0500, C Thala wrote:
 What would cause an 4.1 machine running on a Dell PowerEdge 1950 to see only
 3,220,439,040 bytes of  RAM as opposed to the 4GB that it really has
 (confirmed by BIOS)?

A little something-something called PAE.

You're probably running 4.1/i386? 

What you want to do is install the amd64 release on the 9th gen.  

~BAS

Re: Logging bandwidth usage with PF

[Jason Dixon]

On Nov 12, 2007, at 10:31 AM, Joel Gudknecht wrote:


Misc list:

I'm trying to figure out a way to log and analyze bandwidth usage
passing through my PF gateway. It's doing NAT for ~60 users.

Here are the pertinent logging rules;

rdr pass log on $ext_if proto tcp to port smtp - $host
rdr pass log on $ext_if proto tcp to port www - $host
rdr pass log on $ext_if proto tcp to port pop3 - $host
rdr pass log on $ext_if proto tcp to port 1494 - $host
rdr pass log on $ext_if proto tcp to port 3389 - $host

pass out log keep state

I've tried analyzing pflogs using ethereal/wireshark but could not get
specifics about IP's and connection rates from it. I've also looked at
ntop and pftop, which looks good for real-time monitoring but I don't
think they apply for what I'm trying to do.

I'd like to generate a sorted list of top bandwidth hogs and their  
IP addresses.



You've gotten some good suggestions.  For no particular reason at all,  
I figured I would mention this related project.  I don't know the  
author, but it looks vaguely interesting.  Rumors are it will have a  
port for OpenBSD when it's ready for testing.  It's designed to read  
in data from flowd (via fifo).  The examples are live NetFlow streams  
generated by pfflowd.


http://www.netflowdashboard.com/demo/

user = guest
pass = guest

---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Prihvati izazov, nastavi igru

[igra]

Poklon za znanje - bod za prijateljstvo http://www.e-topshop.tv
http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi
f
Hvala Ti na odluci da se igra9 sa nama!
Sakupljaj bodove i osvoji LCD TV, digitalnu kameru ili Walkman mobilni
telefon. I to nije sve...



 Podsefamo Te da moe9 osvojiti i bodove za prijateljstvo!
Svaki prijatelj koga pozove9 na uhe9fe i koji tahno odgovori na na9e
nagradno pitanje donosi Ti dodatnih 5 poena...

 Ni to nije sve!
Ukoliko pozove9 najmanje 1 prijatelja dobija9 10% popusta na bilo koji
proizvod iz specijalno odabrane grupe najpopularnijih Top Shop
proizvoda.

Pozovi prijatelje i uvefaj zbir svojih bodova.
http://www.e-topshop.tv/igra/recommend.asp?vid=1779920sid=36871email=
misc@openbsd.orgmed=emtyp=efdorig=intbrd=tsctn=scgvir=yesreferrer
=scg_thankyousrc=scg_thankyou

 Svako dobija!
Svaki uhesnik nagradne igre dobija besplatnu e-knjigu Ljubav, zdravlje
i jo9 po ne9to sa brojnim savetima o ljubavi, zdravlju, lepoti,
fitnesu, roditeljstvu...

 Osvoji poklon za znanje!
U naredna dva meseca, na Tvoju e-mail adresu stifi fe jo9 5 pitanja.
Svaki tahan odgovor donosi Ti dodatne poene i to - svako pitanje - sve
vi9e i vi9e!

Prihvati izazov...
Pokai znanje, pozovi prijatelje i uvefaj broj svojih bodova i 9anse da
osvoji9 neki od vrednih poklona!

Vi9e bodova - vi9e 9anse za poklon! Pozovi prijatelje i uvefaj zbir
svojih bodova.
http://www.e-topshop.tv/igra/recommend.asp?vid=1779920sid=36871email=
misc@openbsd.orgmed=emtyp=efdorig=intbrd=tsctn=scgvir=yesreferrer
=scg_thankyousrc=scg_thankyou

Srefno!

 Top
Shophttp://images.studio-moderna.com/upload/topshop_SCG/image/viral_img
/TopShop_officiallogo.jpg
Poklon #1
LCD TV!
LCD TV
http://www.e-topshop.tv/igra/recommend.asp?vid=1779920sid=36871email=
misc@openbsd.orgmed=emtyp=efdorig=intbrd=tsctn=scgvir=yesreferrer
=scg_thankyousrc=scg_thankyou

http://images.studio-moderna.com/upload/topshop_SCG/image/viral_sr/offe
r_box_b.jpg

http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi
f
Poklon #2

http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi
f Digitalna kamera!
Digitalna kamera
http://www.e-topshop.tv/igra/recommend.asp?vid=1779920sid=36871email=
misc@openbsd.orgmed=emtyp=efdorig=intbrd=tsctn=scgvir=yesreferrer
=scg_thankyousrc=scg_thankyou

http://images.studio-moderna.com/upload/topshop_SCG/image/viral_sr/offe
r_box_b.jpg

http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi
f
Poklon #3

http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi
f Mobilni telefon!
Mobilni telefon
http://www.e-topshop.tv/igra/recommend.asp?vid=1779920sid=36871email=
misc@openbsd.orgmed=emtyp=efdorig=intbrd=tsctn=scgvir=yesreferrer
=scg_thankyousrc=scg_thankyou

http://images.studio-moderna.com/upload/topshop_SCG/image/viral_sr/offe
r_box_b.jpg

http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi
f
VA.NO!
Tahan odgovor samo jednog prijatelja donosi ti 10% popusta na odabrane
proizvode.

http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi
f
 .elim da vidim op9irnija pravila nagradne igre.
Ukoliko vi9e ne elite da primate e-mailove od nas kliknite ovde.
http://ca.avenija.com/unsubscribe/unsubscribe.asp
Studio Moderna d.o.o., Laze Nanhifa 50, 21 000 Novi Sad, Srbija

Re: Subversion/Apache Mod dav

[Duncan Patton a Campbell]

On Mon, 12 Nov 2007 20:49:08 -0600
Duncan Patton a Campbell [EMAIL PROTECTED] wrote:

 Howdy?  
 
 I'm trying to install mod_dav_svn and mod_authz_svn with apache 2.0.xx
 and find that they have been moved into the ap2-subversion-1.4.4 package that
 requires apache 2.2.  When I go to the ports tree there is nothing equivalent
 to this module.  
 
 Does anyone know what is going on?  Is subversion under apache 2.0 no longer 
 supported?
 
 Any help would be greatly appreciated.
 
 Thanks,
 
 Dhu
 
 

Addenedum:

subversion 1.4.5 now appears to build on OBSD with mod_dav_svn, so this is less 
problematic.. still(?)

Dhu