Помощь юриста.

[Вероника]

PP4QP0P2Q
QP2QP9QP5! PP5P=Q P7PP2QQ  PP5QPP=P8P:P0.

 PPP4P3PQPP2P;Q P4PP:QPP5P=QQ P4P;Q QP5P3P8Q
QQP0QP8P8 ,
P?P5QP5QP5P3P8Q
QQP0QP8P8, P;P8P:P2P8P4P0QP8P8 PPP  P8 PP, P0
QP0P:P6P5 Q
PQ
QP0P2P;Q P4PP3PP2PQ, P?QP5QP5P=P7P8Q P8  P8P=QP5
P4PP:QPP5P=QQ. PQPP:PP=Q
QP;QQP8QQQ P?P P2PP?QPQ
P0P
P1P8P7P=P5Q
P0.

P! QP2P0P6P5P=P8P5P, PP5QPP=P8P:P0
P.QP8P4P8QP5Q
P:P8P9 PQP4P5P;

PP5P;: (495)721-84-10

APP - a timesaving electronic solution - free info pack

[Chris Scarth]

Please forward to the Headteacher or School Office Manager if incorrectly
addressed | If you have trouble reading this email click here

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

APP Assessment Online

Classroom Monitor is a simple, online APP Assessment tool for primary and
secondary schools. Each teachers uses simple APP markbooks to record
pupil progress against APP criteria and assessment focuses. Classroom
Monitor works hard so that one ongoing teacher assessment feeds into:

  *  Assessment for learning - detailed next steps in pupil friendly
speak can be shared instantly with pupils.

  * Planning - teachers can share resources, lesson plans and resources
across the school using the markbook. More info

  * Evidence recording - As pupil's work is assessed, evidence can be
attached to pupils' records instantly (and then shared with parent
and pupil online). More info

  * Detailed pupil and cohort tracking information - available instantly
including: target setting, termly tracking sheets, progress graphs
etc.

  * Online reporting to parents- teachers can note comments and
observations from their assessment, link photos, targets and
resources: available late 2010.

  *  Choose your phase of education using the quick links below

Click here to request your free information Pack

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

New Release!



Contact us



Evidence and Resources February 2010
You can now add evidence to support assessments in Classroom Monitor and
attach teaching resources to share best practice!

[IMAGE]

Arrange a no obligation in-school consultation, an online phone demo or
order a memory stick with full information pack from us.

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Email communications are consistent with the 'e-confident school'
initiative and the government's e-business and e-government initiatives.
This is a legitimate business-to-business email, addressed to the
official administrative email address of the school, published by the
Local Authority or the school.
This email is not 'spam' - a term that applies to emails sent to personal
addresses.
This email is delivered under DMA guidelines to the published email
contact and is valuable information which we ask you to forward to the
relevant staff member.
To manage your preferences, please contact subscr...@edmailing.com.

[IMAGE]

Re: format of i386/index.txt

[Jan Stary]

http://marc.info/?l=openbsd-miscm=126678113118214w=2

Has the format of
ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/index.txt
changed again?  It seems to be 'ls -l' now.

Re: installing amd64 using i386 to boot then amd64 for install?

[Cameron Simpson]

On 15Mar2010 23:11, J.C. Roberts list-...@designtools.org wrote:
| On Tue, 16 Mar 2010 14:59:01 +1100 Cameron Simpson c...@zip.com.au
| wrote:
| 
|  I have the apparently common problem of CD2 (amd64) from the OpenBSD
|  distro not booting on an IBM x336. And of course there's no floppy
|  and the box won't boot off a USB device at all.
| 
| apparently common ? --Never heard of it.

This is the bought amd64+macppc CD2 disc image. It seems common enough
for the shipped install instructions to suggest using the floppy image
as a boot alternative for this architecture and for me to have tripped
over this issue in the past.

For what it's worth, I've downloaded the 4.5 amd64 install45.iso image
and _it_ boots just fine. I've installed from there now.

However, if I use the amd64 disc from the bought distro, it does not
boot. I'm presuming its weird and different, perhaps doing something odd
in an attempt to also boot on a PPC system? Just guessing.

| If there is something wrong with your install media for amd64, then
| download the ISO and burn a new copy.
|  ftp://ftp.openbsd.org/pub/OpenBSD/4.6/amd64/install46.iso
| Even better, since we're right next to 4.7 release, install the
| most recent -current snapshot:
| ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/install47.iso
| Your subsequent upgrade to 4.7 -release in a month or two will go a lot
| more smoothly.

I'm actually going with 4.5 to match this machine's partner machine.

|  One of the avenues I'm considering is booting off the i386 CD1 and
|  then using the CD2 disc for the install data. Will that work, or will
|  the i386 install still load up some inappropriate i386 items (eg the
|  boot sector)?
| 
| Why shoot yourself in the foot?

Because I was facing an install on a machine which won't boot off USB,
has no floppy and an apparently useless amd64 install CD. Hence my
desire to try getting off the ground with the i386 CD.

| A better and supported alternative is to netboot the system with
| the correct bsd.rd kernel and install the sets via ftp.

I'll try to find the time to try out such a setup at home sometime.
I was in a co-lo with few resources and some time pressure.

I'd like to thank folks for the many replies to my unusual query.

Cheers,
-- 
Cameron Simpson c...@zip.com.au DoD#743
http://www.cskk.ezoshosting.com/cs/

ep0: 3c509 in test mode. Erase pencil mark!
   This means that someone has scribbled with pencil in the test area
   on the card. Erase the pencil mark and reboot. (This is not a joke).
- OpenBSD 2.3 ep(4) ethernet drive manual entry

В Э Д компании: особенности таможенного регулирования в рамках Таможенного союзаbo

[24-26 марта 2010г.]

*   24 - 26 PP0QQP0 2010 P3. (3 P4P=Q)
*
*   PP-P P:PPP?P0P=P8P8: PQ
PP1P5P=P=PQ
QP8  PPPPPPPPPPP
P PPP#PPP PPPPPP/ P2 QP0PP:P0Q PPPPPPPPPPP  P!PP.PP
*


PQP5QP4P=P5P2P=QP9 P?QP0P:QP8QP5Q
P:P8P9 P:QQQ

PP PPPPPPPP'PP P4P;Q: P3P5P=P5QP0P;QP=QQ P4P8QP5P:QPQPP2,
QQP:PP2PP4P8QP5P;P5P9 P8 Q
PQQQP4P=P8P:PP2 Q
P;QP6P1 PP-P P8
P;PP3P8Q
QP8P:P8, QQP8Q
QPP2 P:PPP?P0P=P8P9, P7P0P=P8PP0QQ P8QQ
Q
P2P=P5QP=P5Q
P:PP=PPP8QP5Q
P:PP9 P4P5QQP5P;QP=PQ
QQQ.



PP0 Q
P0PPP8QP5 PP5P6P3PQ
QP4P0QQ
QP2P5P=P=PP3P Q
PP2P5QP0
PP2QPP7P-Q
, Q
PQ
QPQP2QP5PQ
Q 27 P=PQP1QQ 2009 P3PP4P0 P2
PP8P=Q
P:P5, P8 P=P0 P7P0Q
P5P4P0P=P8P8 P3P;P0P2 PQP0P2P8QP5P;QQ
QP2
Q
QQP0P= PP2QPP7P-Q
 11 P4P5P:P0P1QQ 2009 P3PP4P0 P2
P!P0P=P:Q-PP5QP5QP1QQP3P5, P1QP;P0 P?PP4P?P8Q
P0P=Q PQ
P=PP2P=QP5
P4PP:QPP5P=QQ P=PQPP0QP8P2P=P-P?QP0P2PP2PP9  P1P0P7Q
PP0PPP6P5P=P=PP3P Q
PQP7P0 P P$, PP0P7P0QQ
QP0P=P0 P8
PP5P;P0QQQ
P8.

P! 01 QP=P2P0QQ 2010 P3PP4P0 P2Q
QQP?P8P;P8 P2 Q
P8P;Q:
   - PPP2P0QP=P0Q P=PPP5P=P:P;P0QQQP0 PP-P P8 PP0PPP6P5P=P=QP9
QP0QP8Q PP0PPP6P5P=P=PP3P Q
PQP7P0.
   - PP4P8P=QP5 P?QP0P2P8P;P0 P=P5QP0QP8QP=PP3P
QP5P3QP;P8QPP2P0P=P8Q P=P0 QP5QQP8QPQP8P8 PP0PPP6P5P=P=PP3P
Q
PQP7P0.
   - PP4P8P=QP5 P?QP0P2P8P;P0 QP0PPP6P5P=P=P-QP0QP8QP=PP3P
QP5P3QP;P8QPP2P0P=P8Q P=P0 QP5QQP8QPQP8P8
P3PQ
QP4P0QQ
QP2-QQP0Q
QP=P8P:PP2 PP0PPP6P5P=P=PP3P Q
PQP7P0.

PP;P0P2P0PP8 QQP5Q P3PQ
QP4P0QQ
QP2 P?QP8P=QQ PP0PPP6P5P=P=QP9
P:PP4P5P:Q
 PP0PPP6P5P=P=PP3P Q
PQP7P0, P:PQPQQP9 Q
 01 P8QP;Q
2010 P3PP4P0 Q
QP0P=P5Q P3P;P0P2P=QP P7P0P:PP=PP4P0QP5P;QP=QP
P0P:QPP, P:PQPQQP P1QP4QQ QQP:PP2PP4Q
QP2PP2P0QQQ
Q
P?QP8 Q
PP2P5QQP5P=P8P8 P2P=P5QP=P5QPQP3PP2QQ PP?P5QP0QP8P9
QQP0Q
QP=P8P:P8 PP-P.

PPP5Q
QP5 Q
 PP0PPP6P5P=P=QP P:PP4P5P:Q
PP PP0PPP6P5P=P=PP3P
Q
PQP7P0 01 P8QP;Q 2010 P3PP4P0 P2Q
QQP?QQ P2 Q
P8P;Q:
   - P!PP3P;P0QP5P=P8Q P P?PQQP4P:P5 P4P5P:P;P0QP8QPP2P0P=P8Q
QP0PPP6P5P=P=PP9 Q
QPP8PPQ
QP8 QPP2P0QPP2 P8 P P?PQQP4P:P5
PQ
QQ P5Q
QP2P;P5P=P8Q P:PP=QQPP;Q P?QP0P2P8P;QP=PQ
QP8
PP?QP5P4P5P;P5P=P8Q QP0PPP6P5P=P=PP9 Q
QPP8PPQ
QP8 QPP2P0QPP2,
P?P5QP5PP5QP0P5PQQ QP5QP5P7 QP0PPP6P5P=P=QQ P3QP0P=P8QQ
QP0PPP6P5P=P=PP3P Q
PQP7P0.
   - PP0P:P5Q P4PP:QPP5P=QPP2, QP5P3P;P0PP5P=QP8QQQQ P8Q
P?PQQP4PP: P?QP8PP5P=P5P=P8Q Q
P0P=P8QP0QP=QQ,
P2P5QP5QP8P=P0QP=P-Q
P0P=P8QP0QP=QQ P8 QP8QPQ
P0P=P8QP0QP=QQ
PP5Q, PQ
PP1P5P=P=PQ
QP8 P8 P?PQQP4PP: PP1QP0Q P5P=P8Q
P?QPP4QP:QP8P8, P?PP4P;P5P6P0Q  P5P9 PP1QP7P0QP5P;QP=PP9 
PQP5P=P:P5
(P?PP4QP2P5QP6P4P5P=P8Q) Q
PPQP2P5QQ
QP2P8Q P=P0
QP0PPP6P5P=P=PP9 QP5QQP8QPQP8P8 PP0PPP6P5P=P=PP3P Q
PQP7P0.
   - P!PP3P;P0QP5P=P8P5 P P?QP8P=QP8P?P0Q P2P7P8PP0P=P8Q
P:PQ
P2P5P=P=QQ P=P0P;PP3PP2 P?QP8 Q
P:Q
P?PQQP5 P8 P8PP?PQQP5
QPP2P0QPP2 P8 P?QPQPP:PP; P P?PQQP4P:P5 P2P7P8PP0P=P8Q
P:PQ
P2P5P=P=QQ P=P0P;PP3PP2 P8 PP5QP0P=P8P7PP5 P:PP=QQPP;Q P7P0
P8Q QP?P;P0QPP9 P?QP8 Q
P:Q
P?PQQP5 P8 P8PP?PQQP5 QPP2P0QPP2
P2 PP0PPP6P5P=P=PP Q
PQP7P5.

PP5P4P5QQ
Q QP0P7QP0P1PQP:P0 P=PQPP0QP8P2P=P-P?QP0P2PP2PP9
P1P0P7Q, P:PP=P:QP5QP8P7P8QQQQ P5P9 PQ
PP1P5P=P=PQ
QP8
P?QP0P2PP?QP8PP5P=P8QP5P;QP=PP9 P?QP0P:QP8P:P8 P2P=PP2Q
P?QP8P=QQQQ P7P0P:PP=PP4P0QP5P;QP=QQ P0P:QPP2
PP0PPP6P5P=P=PP3P Q
PQP7P0.

PPPP,  P!PPPPPP P: P?PP4P3PQPP2P8QQ QQP0Q
QP=P8P:PP2 PP-P
P: P?QP0P:QP8QP5Q
P:PP9 QP0P1PQP5 P2 QQ
P;PP2P8QQ P4P5P9Q
QP2P8Q
QP0PPP6P5P=P=PP3P P7P0P:PP=PP4P0QP5P;QQ
QP2P0 PP0PPP6P5P=P=PP3P
Q
PQP7P0.



PP PPP PPPP  P!PPPPPP P

PPPPP PPP/  PPPPPPPPPP#P P
P2P=P5QP=P5Q
P:PP=PPP8QP5Q
P:PP9 P4P5QQP5P;QP=PQ
QP8 (PP-P)
PP0PPP6P5P=P=PP3P P!PQP7P0 (PP!), P2Q
QQP?P8P2QP0Q P2 Q
P8P;Q Q

01 QP=P2P0QQ 2010 P3PP4P0, P5P5 PQ
P=PP2P=QP5 PQP;P8QP8Q PQ PP
PP-P P P$. PQ
PP1P5P=P=PQ
QP8 QP0PPP6P5P=P=P-QP0QP8QP=PP3P
QP5P3QP;P8QPP2P0P=P8Q P=P0 QP5QQP8QPQP8P8 PP0PPP6P5P=P=PP3P
Q
PQP7P0 Q
 01 QP=P2P0QQ 2010 P3PP4P0
   - PP4P8P=QP9 QP0PPP6P5P=P=QP9 QP0QP8Q PP0PPP6P5P=P=PP3P
Q
PQP7P0.
   - PP0QP8QP=QP5 P?QP5QP5QP5P=QP8P8 P2 PQP=PQP5P=P8P8
QPP2P0QPP2, P2P2PP7P8PQQ P=P0 QP5QQP8QPQP8Q
PP0PPP6P5P=P=PP3P Q
PQP7P0.
   - PP0QP8QP=QP5 P;QP3PQQ.
   - PP0QP8QP=QP5 P:P2PQQ.

PPPPPP  PPPPP PP$PPP  P PPP#PPP PPPPPP P=P0
QP5QQP8QPQP8P8 PP0PPP6P5P=P=PP3P Q
PQP7P0 Q
 01 QP=P2P0QQ 2010
P3PP4P0
   - PPQQP4PP: P2P2P5P4P5P=P8Q P8 P?QP8PP5P=P5P=P8Q PP5Q,
P7P0QQP0P3P8P2P0QQP8Q P2P=P5QP=QQ QPQP3PP2P;Q QPP2P0QP0PP8,
P=P0 P5P4P8P=PP9 QP0PPP6P5P=P=PP9 QP5QQP8QPQP8P8 P2
PQP=PQP5P=P8P8 QQP5QQP8Q Q
QQP0P=.
   - PPP2P0QQ, P2 

Re: format of i386/index.txt

[J.C. Roberts]

On Wed, 17 Mar 2010 11:34:16 +0100 Jan Stary h...@stare.cz wrote:

 http://marc.info/?l=openbsd-miscm=126678113118214w=2
 
 Has the format of
 ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/index.txt
 changed again?  It seems to be 'ls -l' now.
 

Hi Jan,

I think this is the second time I've seen you mention the format of the
index.txt file... so it seems you're mistakenly trying to parse
index.txt to get the file/path names of the stuff you need to download.
(pardon me if my mind reading skills are slightly off)

---
#!/bin/ksh

ftp_host=ftp.openbsd.org
basepath=pub/OpenBSD/snapshots
arch=`uname -m`

ftp -i -n EOF ftp.log
open $ftp_host
user anonymous none@
nlist $basepath/$arch ftp.files
EOF

# exclude floppy*.fs and *.iso
for FNAME in `grep -v -e \.iso -e \.fs ftp.files | 
sed -e s:$basepath/$arch/::`; do
if [[ -z $FLIST ]]; then
FLIST=$FNAME;
else
FLIST=$FLIST FNAME
fi
done
---
NOTE the for ... is wrapped, 

The result is $FLIST contains just a list of all the file names of the
stuff on the ftp server in the given directory excluding the *.fs and
*.iso files.

The real magic in the above is in the nlist command of ftp, and you
don't necessarily need to do it in a shell script. perl would work
equally well.

If my mind reading skills are off, and you're trying to check the time
stamp of files on the ftp server, then check out the ftp modtime
command, and point it at the SHA256 file (that should be there).

In other words, the format of index.txt should not matter since there
are better ways to get the information you want.

jcr

ident message in /var/log/daemon

[Chris Bennett]

I get the following messages in /var/log/daemon

Mar 17 07:41:29 b03ls15le inetd[29887]: ident/tcp: bind: Address already 
in use
Mar 17 07:51:29 b03ls15le inetd[29887]: ident/tcp6: bind: Address 
already in use


it is a -current a week or two old, i386

Should I care about this? What does it mean?

OpenBSD 4.7-beta (GENERIC) #538: Thu Feb 25 16:05:09 MST 2010
   dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,

SSE3,MWAIT,DS-CPL,TM2,CNXT-ID,CX16,xTPR
real mem  = 519598080 (495MB)
avail mem = 494772224 (471MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/28/06, BIOS32 rev. 0 @ 0xfad60, 
SMBIOS rev. 2.3 @ 0xf0100 (34 entries)
bios0: vendor Award Software International, Inc. version F4 date 
11/28/2006

bios0: Gigabyte Technology Co., Ltd. 8I865GME-775-RH
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices HUB0(S4) USB0(S1) USB1(S1) USB2(S1) USB3(S1) 
USBE(S1) PCI0(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 4, remapped to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (HUB0)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature 75 degC
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xa400!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82865G Host rev 0x02
vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xf000, size 0x800
inteldrm0 at vga1: apic 2 int 16 (irq 5)
drm0 at inteldrm0
uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic 2 
int 16 (irq 5)
uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic 2 
int 19 (irq 6)
uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: apic 2 
int 18 (irq 11)
uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: apic 2 
int 16 (irq 5)
ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: apic 2 
int 23 (irq 9)

usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xc2
pci1 at ppb0 bus 1
fxp0 at pci1 dev 8 function 0 Intel PRO/100 VE rev 0x02, i82562: apic 
2 int 20 (irq 10), address 00:1a:4d:60:a0:01

inphy0 at fxp0 phy 1: i82562G 10/100 PHY, rev. 0
ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02
pciide0 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, 
channel 0 configured to compatibility, channel 1 configwd0 at pciide0 
channel 0 drive 0: WDC WD800JD-00MSA1

wd0: 16-sector PIO, LBA48, 76318MB, 156299375 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: 
apic 2 int 17 (irq 3)

iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL3.0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x2e/2: IT8712F rev 8, EC port 0x290
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
uhidev0 at uhub2 port 1 configuration 1 interface 0 Peppercon AG 
Multidevice rev 2.00/0.01 addr 2

uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub2 port 1 configuration 1 interface 1 Peppercon AG 
Multidevice rev 2.00/0.01 addr 2

uhidev1: iclass 3/1
ums0 at uhidev1: 3 buttons, Z dir
wsmouse1 at ums0 mux 0
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
wskbd1: disconnecting from wsdisplay0
wskbd1 detached
ukbd0 detached
uhidev0 detached
wsmouse1 detached
ums0 detached
uhidev1 detached

ured to compatibility


--
A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a 

Re: format of i386/index.txt

[Jan Stary]

On Mar 17 05:16:32, J.C. Roberts wrote:
 On Wed, 17 Mar 2010 11:34:16 +0100 Jan Stary h...@stare.cz wrote:
 
  http://marc.info/?l=openbsd-miscm=126678113118214w=2
  
  Has the format of
  ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/index.txt
  changed again?  It seems to be 'ls -l' now.
  
 
 Hi Jan,
 
 I think this is the second time I've seen you mention the format of the
 index.txt file... so it seems you're mistakenly trying to parse
 index.txt to get the file/path names of the stuff you need to download.
 (pardon me if my mind reading skills are slightly off)
 

Indeed, that's what I've been using index.txt for.
(Sorry for not enough mind writing.)
Isn't that why index.txt is there?


 #!/bin/ksh
 
 ftp_host=ftp.openbsd.org
 basepath=pub/OpenBSD/snapshots
 arch=`uname -m`
 
 ftp -i -n EOF ftp.log
 open $ftp_host
 user anonymous none@
 nlist $basepath/$arch ftp.files
 EOF
 
 # exclude floppy*.fs and *.iso
 for FNAME in `grep -v -e \.iso -e \.fs ftp.files | 
 sed -e s:$basepath/$arch/::`; do
   if [[ -z $FLIST ]]; then
   FLIST=$FNAME;
   else
   FLIST=$FLIST FNAME
   fi
 done
 ---
 NOTE the for ... is wrapped, 
 The result is $FLIST contains just a list of all the file names of the
 stuff on the ftp server in the given directory excluding the *.fs and
 *.iso files.

Very similar to my script here, except I get my list from index.txt



#!/bin/sh

error() {
echo $@ 2
}

fatal() {
error $@
exit 1
}

usage() {
error usage: ${0##*/} release destination [master]
error as in: ${0##*/} '`uname -r` ~/WWW ftp://openbsd.ftp.fu-berlin.de'
error as in: ${0##*/} snapshots /install ftp://ftp.openbsd.org
error as in: ${0##*/} snapshots /install
exit 1
}

[ $# -ge 2 ] || usage

DEST=$2/pub/OpenBSD/$1/`uname -m`
mkdir -p $DEST || fatal cannot create $DEST
cd $DEST   || fatal cannot cd to $DEST

SITE=${3:-ftp://ftp.openbsd.org}
SITE=$SITE/pub/OpenBSD/$1/`uname -m`

ftp -a -V $SITE/index.txt || fatal cannot fetch index.txt
cat index.txt | sed s,^,$SITE/, | xargs ftp -a -k30 -V

cksum -c SHA256




 The real magic in the above is in the nlist command of ftp, and you
 don't necessarily need to do it in a shell script. perl would work
 equally well.

(Aaargh, I use a shell script whenever I don't necessarily need to
use perl, thank you.)

 If my mind reading skills are off, and you're trying to check the time
 stamp of files on the ftp server, then check out the ftp modtime
 command, and point it at the SHA256 file (that should be there).
 
 In other words, the format of index.txt should not matter since there
 are better ways to get the information you want.

It's been a long time I have read ftp(1), and apparently
I forgot about 'nlist' - thanks.

Anyway, what really is the purpose of index.txt being there then?
To tell the times and sizes?

Jan

Re: bsd.mp and dual/quad core cpu

[Owain Ainsworth]

On Tue, Mar 16, 2010 at 10:36:25PM -0600, Ted Roby wrote:
 I believe OpenBSD supports up to 16 processors or cores?

That is architecture dependant.

it's 32 on i386 or amd64 (it is just a bit mask). 256 on sparc64 (for
the niagra boxen).

-0-
-- 
You can measure a programmer's perspective by noting his attitude on
the continuing viability of FORTRAN.
-- Alan Perlis

Re: kde4 dead?

[Mike Small]

On Wed, Mar 17, 2010 at 02:18:21PM +0900, Jordi Beltran Creix wrote:
 2010/3/16 Marc Espie es...@nerim.net:
...
  the C++ is crap, everything that matters should be written in C
  mentality.
...
 clang+LLVM is barely able of bootstrapping itself while already
 generating highly optimized code for C and Objective-C for a long
 time. If compiler-crafting C++ wizards have such a hard time getting
 it right, what chance is there for newcomers?

Parsing C++ must be really difficult, but it doesn't stop idiots
like me from making a living writing C++ code.  If being capable
of writing the front end to a compiler for a langauge were a
prerequisite for programming in that language, then I wonder how
many modules CPAN would have.  Hmmm, I better not say that again.
I can think of some people who would consider that a great gatekeeper
for the profession: everyone has to write his or her own compiler
for all the coding they do.

-- 
Mike Small
sma...@panix.com

anoncvs.nl.openbsd.org password ?

[a b]

Hi,

There's no maintainer listed for anoncvs.nl.openbsd.org, so perhaps
someone can enlighten me as to the correct password to use for anoncvs access
over ssh.

I've tried anonymous, blank, anoncvs . nothing seems to work ?

Re: pfctl(8): unclear docs

[Henning Brauer]

* Toni Mueller openbsd-m...@oeko.net [2010-03-15 12:59]:
 Not using -R is not too good, either, as on this particular box,
 reloading everything results in a severance of all existing
 connections.

I don't believe you.
  pfctl -f /etc/pf.conf
doesn't do that.
ok, shouldn't, but I don't see where that could break.

 A clarification in the docs is imho the way to go.

no, we'll kill that bullshit, soon. it is just leftover pf must be
ipf alike goo.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: pfctl(8): unclear docs

[Henning Brauer]

* Toni Mueller openbsd-m...@oeko.net [2010-03-15 10:52]:
 I've just run into the following problem on a 4.6 box:
 
 /etc/pf.conf (excerpt):
 
 
 table rfc1918 const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }
 block out on $extif from rfc1918
 
 
 # /sbin/pfctl -F rules -R -f pf.conf
 rules cleared
 pfctl: Must enable table loading for optimizations
 # /sbin/pfctl  -s r
 #
 
 
 Imho, this interaction should be documented in the man page. One needs
 to specify '-Tl', or else no rules will be loaded.

-A, -O, -R are bullshit and I'll happily remove them. soon.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: questions about OpenBSD 4.7

[Henning Brauer]

* Andreas Gerdd kryptos...@gmail.com [2010-03-16 17:14]:
 -Why is the stock Apache not getting a version update?
 It is dozens times older than the current 1.3.42 one.
 I know that its a modified-by-openbsd one with bugfixes, and so.
 But such a huge version difference makes me think,
 there might be at least some performance, stability improvements.

yes, there are massive improvents.
in ours. not theirs.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: anoncvs.nl.openbsd.org password ?

[Otto Moerbeek]

On Wed, Mar 17, 2010 at 03:12:50PM +, a b wrote:

 Hi,
 
 There's no maintainer listed for anoncvs.nl.openbsd.org, so perhaps
 someone can enlighten me as to the correct password to use for anoncvs access
 over ssh.
 
 I've tried anonymous, blank, anoncvs . nothing seems to work

calyx.nl (which was runing the cvs mirror) was taken over some time ago.
I suppose they stopped runing te cvs mirror. I'll remove the entry
from the list.

-Otto

addendum: 4.7 causes different problem Re: spurious need to frag messages

[Toni Mueller]

Hi,

On Mon, 15.03.2010 at 19:10:12 +0100, Toni Mueller openbsd-m...@oeko.net 
wrote:
 # pfctl -s a |grep mss
 # ifconfig|grep mtu|grep -v 1500
 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33152
 enc0: flags=41UP,RUNNING mtu 1536
 pflog0: flags=141UP,RUNNING,PROMISC mtu 33152
 #
 
 And that's it...

 Sample message from tcpdump:
 
 19:03:59.805030 1.2.3.4  5.6.7.8: icmp: 1.2.3.20 unreachable - need to frag 
 (mtu 1420) for 5.6.7.8.80  1.2.3.20.59495: 2079874237 [|tcp] (DF) (ttl 243, 
 id 22121, len 1500) (ttl 255, id 23060, len 56)


I've rebooted the machine, and the problem went away. I don't know for
how long, though.


-- 
Kind regards,
--Toni++

Re: format of i386/index.txt

[J.C. Roberts]

On Wed, 17 Mar 2010 15:02:19 +0100 Jan Stary h...@stare.cz wrote:

 Anyway, what really is the purpose of index.txt being there then?
 To tell the times and sizes?

To break scripts? ;)

To put it bluntly, index.txt seems pointless, or more likely, there is
some super double secret reason for it to still exist that I simply
don't know...

My only *GUESS* is, some mirrors are HTTP, but due to brainless
accountants mindlessly running security auditing tools, they forbid
real directory listings, and are configured to only return an existing
/index.* file to the useragent.

Hopefully, someone who actually has a clue (not me) will chime in with
the real reason why index.txt exists.

jcr

4.7: doesn't route IPSEC traffic very well

[Toni Mueller]

Hi,

I've installed the latest snapshot, with kernel bsd.mp#488, on a
machine that has several IPSEC connections to handle, some fixed
(branch offices), some for road warriors. The setup per se runs well
for several years, but after this upgrade, traffic to the branch
offices stopped. I checked one of the branch office's firewalls, which
runs a slightly older version of OpenBSD, that the encryped packets
arrive on the WAN interface. So I conclude that the gateway, running
the snapshot, pushes the packets out ok (I can observe these packets on
the gateway's enc0 interface, too, so confidence is high). In the
branch office's gateway, using 'netstat -rnf encap', I see all the
entries that there used to be, but I see _NO_ packets on its enc0
interface.

Ideas about how to debug these, are most welcome!


Kind regards,
--Toni++

Re: pfctl(8): unclear docs

[Toni Mueller]

Hi,

On Wed, 17.03.2010 at 16:24:42 +0100, Henning Brauer lists-open...@bsws.de 
wrote:
 -A, -O, -R are bullshit and I'll happily remove them. soon.

that's ok with me. I thought that changing the docs was the
less-intrusive thing to do, and I have no experience with ipf, so that
certainly wasn't on my mind.

TIA!

-- 
Kind regards,
--Toni++

Re: 4.7: doesn't route IPSEC traffic very well

[Toni Mueller]

Darn, I should write better messages. So here goes an important
addendum:

On Wed, 17.03.2010 at 17:55:34 +0100, Toni Mueller openbsd-m...@oeko.net 
wrote:
 I've installed the latest snapshot, with kernel bsd.mp#488, on a
 machine that has several IPSEC connections to handle, some fixed
 (branch offices), some for road warriors. The setup per se runs well
 for several years, but after this upgrade, traffic to the branch
 offices stopped. I checked one of the branch office's firewalls, which
 runs a slightly older version of OpenBSD, that the encryped packets
 arrive on the WAN interface. So I conclude that the gateway, running
 the snapshot, pushes the packets out ok (I can observe these packets on
 the gateway's enc0 interface, too, so confidence is high). In the
 branch office's gateway, using 'netstat -rnf encap', I see all the
 entries that there used to be, but I see _NO_ packets on its enc0
 interface.

This was binary-upgrading an existing machine from 4.6-stable to
-current, including 'sysmerge', and it is i386 (again).

Traffic from and to road warriors is unaffected by the problem, only
traffic to networks (with a netmask  32 - I can only test /16 so far).

If you want me to test something, that can probably be arranged.


-- 
Kind regards,
--Toni++

Re: format of i386/index.txt

[Nick Bender]

On Wed, Mar 17, 2010 at 9:44 AM, J.C. Roberts list-...@designtools.org
wrote:
 On Wed, 17 Mar 2010 15:02:19 +0100 Jan Stary h...@stare.cz wrote:

 Anyway, what really is the purpose of index.txt being there then?
 To tell the times and sizes?

 To break scripts? ;)

 To put it bluntly, index.txt seems pointless, or more likely, there is
 some super double secret reason for it to still exist that I simply
 don't know...

 My only *GUESS* is, some mirrors are HTTP, but due to brainless
 accountants mindlessly running security auditing tools, they forbid
 real directory listings, and are configured to only return an existing
 /index.* file to the useragent.

 Hopefully, someone who actually has a clue (not me) will chime in with
 the real reason why index.txt exists.

jcr


Actually the installer uses it to make a list of file sets to present
to the user.
If it isn't there then no sets are presented.

From src/distrib/miniroot/install.sub:

# Get list of files from the server.
if [[ $_url_type == ftp  -z $ftp_proxy ]] ; then
_file_list=$(ftp $FTPOPTS $_url_base/)
ftp_error Login failed. $_file_list  return
ftp_error No such file or directory. $_file_list  return
else
# Assumes index file is index.txt for http (or proxy)
# We can't use index.html since the format is server-dependent
_file_list=$(ftp $FTPOPTS -o - $_url_base/index.txt | \
sed -e 's/^.* //' | sed -e 's/
//')
fi

-N

Re: format of i386/index.txt

[Robert]

On Wed, 17 Mar 2010 09:44:50 -0700
J.C. Roberts list-...@designtools.org wrote:

 On Wed, 17 Mar 2010 15:02:19 +0100 Jan Stary h...@stare.cz wrote:
 
  Anyway, what really is the purpose of index.txt being there then?
  To tell the times and sizes?
 
 To break scripts? ;)
 
 To put it bluntly, index.txt seems pointless, or more likely, there is
 some super double secret reason for it to still exist that I simply
 don't know...
 
 My only *GUESS* is, some mirrors are HTTP, but due to brainless
 accountants mindlessly running security auditing tools, they forbid
 real directory listings, and are configured to only return an existing
 /index.* file to the useragent.
 
 Hopefully, someone who actually has a clue (not me) will chime in with
 the real reason why index.txt exists.
 
   jcr

afaik you guessed right.
It is used by install.sub to get a list of the files, because of funny
http servers.

Re: 4.7: doesn't route IPSEC traffic very well

[Vijay Sankar]

Toni Mueller wrote:

Darn, I should write better messages. So here goes an important
addendum:

On Wed, 17.03.2010 at 17:55:34 +0100, Toni Mueller openbsd-m...@oeko.net 
wrote:

I've installed the latest snapshot, with kernel bsd.mp#488, on a
machine that has several IPSEC connections to handle, some fixed
(branch offices), some for road warriors. The setup per se runs well
for several years, but after this upgrade, traffic to the branch
offices stopped. I checked one of the branch office's firewalls, which
runs a slightly older version of OpenBSD, that the encryped packets
arrive on the WAN interface. So I conclude that the gateway, running
the snapshot, pushes the packets out ok (I can observe these packets on
the gateway's enc0 interface, too, so confidence is high). In the
branch office's gateway, using 'netstat -rnf encap', I see all the
entries that there used to be, but I see _NO_ packets on its enc0
interface.


This was binary-upgrading an existing machine from 4.6-stable to
-current, including 'sysmerge', and it is i386 (again).

Traffic from and to road warriors is unaffected by the problem, only
traffic to networks (with a netmask  32 - I can only test /16 so far).

If you want me to test something, that can probably be arranged.




Could the following be your issue

2010/01/10 - IPsec/HMAC-SHA2 incompatible change

Two bugs in IPsec/HMAC-SHA2 were fixed, resulting in an incompatibility 
with the HMAC-SHA-256/384/512 hash algorithms with previous versions of 
OpenBSD and other IPsec implementations sharing the bugs. In particular 
the default authentication algorithm HMAC-SHA-256 is affected. Upgrade 
both sides together, or switch to another authentication algorithm 
during the transition. The per-packet overhead has increased; if you are 
clamping the MSS to exact values (i.e. without slack), this will need to 
be recalculated.

--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca

Re: anoncvs.nl.openbsd.org password ?

[a b]

Sounds good to me.  Thanks Otto !


- Original Message 
From: Otto
Moerbeek o...@drijf.net
To: a b obsdmisc...@yahoo.co.uk
Cc:
misc@openbsd.org
Sent: Wed, 17 March, 2010 16:06:09
Subject: Re:
anoncvs.nl.openbsd.org password ?

On Wed, Mar 17, 2010 at 03:12:50PM +, a
b wrote:

 Hi,
 
 There's no maintainer listed for anoncvs.nl.openbsd.org,
so perhaps
 someone can enlighten me as to the correct password to use for
anoncvs access
 over ssh.
 
 I've tried anonymous, blank, anoncvs .
nothing seems to work

calyx.nl (which was runing the cvs mirror) was taken
over some time ago.
I suppose they stopped runing te cvs mirror. I'll remove
the entry
from the list.

-Otto

Re: format of i386/index.txt

[Jan Stary]

On Mar 17 10:14:36, Nick Bender wrote:
 On Wed, Mar 17, 2010 at 9:44 AM, J.C. Roberts list-...@designtools.org
 wrote:
  On Wed, 17 Mar 2010 15:02:19 +0100 Jan Stary h...@stare.cz wrote:
 
  Anyway, what really is the purpose of index.txt being there then?
  To tell the times and sizes?
 
  To break scripts? ;)
 
  To put it bluntly, index.txt seems pointless, or more likely, there is
  some super double secret reason for it to still exist that I simply
  don't know...
 
  My only *GUESS* is, some mirrors are HTTP, but due to brainless
  accountants mindlessly running security auditing tools, they forbid
  real directory listings, and are configured to only return an existing
  /index.* file to the useragent.
 
  Hopefully, someone who actually has a clue (not me) will chime in with
  the real reason why index.txt exists.
 
 jcr
 
 
 Actually the installer uses it to make a list of file sets to present
 to the user.
 If it isn't there then no sets are presented.
 
 From src/distrib/miniroot/install.sub:
 
   # Get list of files from the server.
   if [[ $_url_type == ftp  -z $ftp_proxy ]] ; then
   _file_list=$(ftp $FTPOPTS $_url_base/)
   ftp_error Login failed. $_file_list  return
   ftp_error No such file or directory. $_file_list  return
   else
   # Assumes index file is index.txt for http (or proxy)
   # We can't use index.html since the format is server-dependent
   _file_list=$(ftp $FTPOPTS -o - $_url_base/index.txt | \
   sed -e 's/^.* //' | sed -e 's/
 //')
   fi
 

In fact, the above just gets the content of index.txt
and applies the 's/^.* //' smartness, thus eliminating
exactly the difference between 'ls' and 'ls -l'.

The installer does further work with this list:

# Initialize _sets to the list of sets found in _src, and initialize
# _get_sets to the intersection of _sets and DEFAULTSETS.

(Indeed, I have never seen the installer present me with 'install.iso'
or 'index.txt', which _are_ listed in index.txt too.)

It still looks like index.txt is just a list of files that are there.
Is there any reason to have this information in the 'ls' or 'ls -l'
specifically? (It has changed back and forth in the last month.)

help with pf redirection (openbsd 4.6)

[N. Arley Dealey]

Help! I'm obviously overlooking something really obvious but I just 
can't see it.


I'm building my first PF-based router/firewall using OpenBSD 4.6. For 
now, what I

need it to do is pretty simple:

1. Allow all outbound traffic via NAT and allow all inbound responses.
2. Allow only ssh and auth to the external interface.
3. Redirect to ports (2000  4200) to two different hosts on the 
internal net.


I've created a minimal pf.conf file that I thought would accomplish 
this. Goals
1  2 are working fine (I can connect outbound from hosts on the 
internal net
and I can connect to the firewall inbound via ssh) but the redirections 
are not

going anywhere.

I don't know what to do next other than enable logging, fire up tcpdump 
and try
to see what is actually happening. But I thought I'd ask first if 
anybody more

familiar with pf can see something fundamentally flawed with my config.

Here is the pf.conf (slightly edited to obscure the actual IPs)
# pf.conf: agilulf.det2.gw00

#
# MACROS
#

# interfaces
ifExt = fxp0# 66.b.c.118
ifInt = fxp1# 192.x.y.2


# OPTIONS
#

set block-policy return
set loginterface $ifExt
set skip on lo


# NAT  Redirection
#

nat on $ifExt from !$ifExt - $ifExt:0

rdr pass on $ifExt proto tcp from any to any port 4200 - 192.x.y.40 
port 4200
rdr pass on $ifExt proto tcp from any to any port 2000 - 192.x.y.21 
port 2000


#
# FILTER RULES
#

block in
pass out keep state

# internal clients
pass in quick on $ifInt

# external
pass in inet proto icmp all icmp-type echoreq
pass in on $ifExt inet proto tcp from any to $ifExt port { ssh, auth }

###EoF###


And here is the result of loading pf.conf
# pfctl -vf /etc/pf.conf
ifExt = fxp0
ifInt = fxp1
set block-policy return
set loginterface fxp0
set skip on { lo }
nat on fxp0 inet from ! 66.b.c.118 to any - 66.b.c.118
rdr pass on fxp0 inet proto tcp from any to any port = 4200 - 
192.x.y.40 port 4200
rdr pass on fxp0 inet proto tcp from any to any port = 2000 - 
192.x.y.21 port 2000

block return in all
pass out all flags S/SA keep state
pass in quick on fxp1 all flags S/SA keep state
pass in on fxp0 inet proto tcp from any to 66.b.c.118 port = ssh 
flags S/SA keep state
pass in on fxp0 inet proto tcp from any to 66.b.c.118 port = auth 
flags S/SA keep state

pass in inet proto icmp all icmp-type echoreq keep state
#

From the firewall box, I can ping and traceroute successfully to the 
two destination
hosts for the redirections and I can connect to the destination ports of 
the redirections.
I just can't make the redirected connections via the external interface 
of the firewall.


Any help would be greatly appreciated.

Re: 4.7: doesn't route IPSEC traffic very well

[Henning Brauer]

* Toni Mueller openbsd-m...@oeko.net [2010-03-17 18:02]:
 Ideas about how to debug these, are most welcome!

you forgot to read the release notes.
ok, they don't exist yet. so it is current.html instead.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: 4.7: doesn't route IPSEC traffic very well

[Todd T. Fries]

Try s/hmac-sha2-256/hmac-sha1/ until you have updated all your firewalls.

Also try seeing http://www.openbsd.org/faq/current.html#20100110 ..

Penned by Toni Mueller on 20100317 17:55.34, we have:
| Hi,
| 
| I've installed the latest snapshot, with kernel bsd.mp#488, on a
| machine that has several IPSEC connections to handle, some fixed
| (branch offices), some for road warriors. The setup per se runs well
| for several years, but after this upgrade, traffic to the branch
| offices stopped. I checked one of the branch office's firewalls, which
| runs a slightly older version of OpenBSD, that the encryped packets
| arrive on the WAN interface. So I conclude that the gateway, running
| the snapshot, pushes the packets out ok (I can observe these packets on
| the gateway's enc0 interface, too, so confidence is high). In the
| branch office's gateway, using 'netstat -rnf encap', I see all the
| entries that there used to be, but I see _NO_ packets on its enc0
| interface.
| 
| Ideas about how to debug these, are most welcome!
| 
| 
| Kind regards,
| --Toni++

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| ..in support of free software solutions.  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt

Re: format of i386/index.txt

[Stuart Henderson]

On 2010-03-17, Jan Stary h...@stare.cz wrote:
 (It has changed back and forth in the last month.)

I tried using index.txt files for timestamps to monitor the latency
of mirror updates, but had problems with some of them flipping
between formats; I have a suspicion that some site or other
regenerates index.txt files but I haven't been able to track it
down yet...

Relayd

[Glenn Beadle]

Hello,

I know this is the OpenBSD mailing list, but I'm having an issue with 
relayd on FreeBSD and was just hoping to get some direction. 

I'm currently using relayd as a load balancer, and it's working fine.  
Now I'm trying to add ssl accelration, and that's where I'm having an 
issue. 

I can get relayd to run, and as the _relayd user I can use the random 
number generator, but when I try to make an ssl connection to the load 
balancer I get the following error:


SSL library error: httpproxy: relay_ssl_accept: error:140B512D:SSL 
routines:SSL_GET_NEW_SESSION:ssl session id callback failed
relay httpproxy, session 1 (1 active), 0, 192.168.103.80 - :80, SSL 
accept error



This bug has been reported to FreeBSD, but no action has been taken on 
it in over a year. 


I'm wondering if anyone in the OpenBSD community has any insight?


Thanks,
Glenn

Re: format of i386/index.txt

[Landry Breuil]

On Wed, Mar 17, 2010 at 10:55 PM, Stuart Henderson s...@spacehopper.org wrote:
 On 2010-03-17, Jan Stary h...@stare.cz wrote:
 (It has changed back and forth in the last month.)

 I tried using index.txt files for timestamps to monitor the latency
 of mirror updates, but had problems with some of them flipping
 between formats; I have a suspicion that some site or other
 regenerates index.txt files but I haven't been able to track it
 down yet...

That's why i used the timestamp method (mdtm) in Net::FTP for
http://gruiik.info/up2date.html.. instead of parsing unknown-formatted
files :)

Landry

round-robin sticky-address Issues

[Daniel Melameth]

In doing round-robin on two egress connections on 4.6, I am expecting all
outgoing connections from a single IP to be redirected to the same
redirection address, but this is not what's happening.  In the details
below, LAN client 172.16.0.101 is being redirected out both redirection
addresses--with four established TCP states to one redirection address and
one established TCP state to the other, which I thought was not possible
with sticky-address.


Relevant pf.conf snippets:
pass in log on vr0 route-to { (vr1 72.x.y.z), (vr2 192.168.1.254) }
round-robin sticky-address inet from any to ! 172.16.0.1 flags S/SA keep
state
pass in log on vr0 route-to { (vr1 72.x.y.z), (vr2 192.168.1.254) }
round-robin sticky-address inet proto tcp from any to ! 172.16.0.1 port =
ssh flags S/SA keep state tag interac
...
pass out log on vr2 all flags S/SA keep state queue vr2_interac tagged
interac
pass out log on vr2 route-to (vr1 72.x.y.z) inet from 72.x.y.z to any flags
S/SA keep state
pass out log on vr1 all flags S/SA keep state queue vr1_interac tagged
interac
pass out log on vr1 route-to (vr2 192.168.1.254) inet from 192.168.1.65 to
any flags S/SA keep state

# pfctl -s states | grep ESTABLISHED
all tcp 76.x.y.z:5050 - 172.16.0.101:55367   ESTABLISHED:ESTABLISHED
all tcp 72.x.y.z:55812 (172.16.0.101:55367) - 76.x.y.z:5050
ESTABLISHED:ESTABLISHED
all tcp 68.x.y.z:443 - 172.16.0.101:55372   ESTABLISHED:ESTABLISHED
all tcp 72.x.y.z:53949 (172.16.0.101:55372) - 68.x.y.z:443
ESTABLISHED:ESTABLISHED
all tcp 208.x.y.z:80 - 172.16.0.101:58751   ESTABLISHED:ESTABLISHED
all tcp 72.x.y.z:54337 (172.16.0.101:58751) - 208.x.y.z:80
ESTABLISHED:ESTABLISHED
all tcp 216.x.y.z:80 - 172.16.0.101:55699   ESTABLISHED:ESTABLISHED
all tcp 192.168.1.65:55021 (172.16.0.101:55699) - 216.x.y.z:80
ESTABLISHED:ESTABLISHED
all tcp 74.x.y.z:80 - 172.16.0.101:59518   ESTABLISHED:ESTABLISHED
all tcp 192.168.1.65:53237 (172.16.0.101:59518) - 74.x.y.z:80
ESTABLISHED:ESTABLISHED

# pfctl -s Sources
172.16.0.101 - 72.x.y.z ( states 2, connections 1, rate 0.0/0s )
172.16.0.101 - 72.x.y.z ( states 2, connections 2, rate 0.0/0s )
172.16.0.101 - 192.168.1.254 ( states 1, connections 1, rate 0.0/0s )


I would appreciate it if someone would clue me in to what I'm missing/how to
troubleshoot/fix this.

Thank you.

Re: kde4 dead?

[Marc Espie]

On Wed, Mar 17, 2010 at 10:42:26AM -0400, Mike Small wrote:
 I can think of some people who would consider that a great gatekeeper
 for the profession: everyone has to write his or her own compiler
 for all the coding they do.

With enough time on my hands, sure, why not ?
But that's a main issue: I still need to have a day job to earn a living.
Sponsor me to play with OpenBSD fulltime, and I might do wonderous things... ;)

Re: Relayd

[Stuart Henderson]

On 2010-03-17, Glenn Beadle gl...@experts-exchange.com wrote:
 I know this is the OpenBSD mailing list, but I'm having an issue with 
 relayd on FreeBSD and was just hoping to get some direction. 

the version in FreeBSD ports dates from December 2007, there have
been many bug fixes and other improvements to relayd since then.

imho if you're running relayd, especially with SSL, you really
want to be tracking fairly -current code, which at this point
means that the rest of the OS has to be later than the last big
PF changes (i.e. -current not 4.6; at this point -current is well
on the way towards becoming 4.7).

pf route-to and ifstated

[Carlos Ramos Gómez]

Hello, I have this PF firewall with two ISPs connected to it and an
internal network. This firewall is balancing the traffic through both
ISPs, and it works great. Now I'm up to the task of making this
firewall react when an ISP goes down and reroute all traffic to the
other one. Both ISPs are unable to provide OSPF, BGP or RIP so those
are out of question and a multi-path route would only react if my
ethernet link goes down which is not really an indication of anything
so I decided to go with ifstated. The rules that do the balancing
magic are the following:

pass in on $lan_if route-to {($ext1_if $ext1_gw),($ext2_if $ext2_gw)} \
round-robin inet proto tcp from $lan_net to any \
port $lan2net_tcp_services flags S/SA modulate state
pass in on $lan_if route-to {($ext1_if $ext1_gw),($ext2_if $ext2_gw)} \
round-robin inet proto udp from $lan_net to any \
port $lan2net_udp_services
pass in on $lan_if route-to {($ext1_if $ext1_gw),($ext2_if $ext2_gw)} \
round-robin inet proto icmp from $lan_net to any \
icmp-type $lan2net_icmp_services


After asking around on irc and checking this maling list and other
sources on the web, the only way I could come up to do it was to get
this rules and put them inside an Anchor and make ifstated load
different files for the different states of my interfaces and ping
checks, this works but is ugly and doesn't scale well when adding more
ISPs. But then I found this piece of documentation which gave me hope,
from man pf.conf:

 Tables can also be used for the redirect address of nat and rdr
rules and in the routing options of filter rules,
 but only for round-robin pools.

Even if the man says this, it won't let me do the following:

   table gateways { 192.0.2.1, 192.0.2.10 }
   pass in on $lan_if route-to (gateways) round-robin from $lan_net to any

Because according to the BNF syntax on the same man page it does
requires the interface name. It's very powerful that we can specify
the interface through which we want to route our packets, but would
also be very nice if pf was capable of determining the interface by
itself just by having the next-hop address. If this was possible,
redirecting the traffic would be as simple as adding/deleting values
from that table.

I'm using 4.5 right now and I'm almost certain that all this is not
possible and even though I read the changes for 4.6 and did not see
anything like this, I wanted to ask if anyone knew this was possible
in 4.6?. If not, maybe for 4.7? :P

Thanks a lot for the great software and all the hard work.

Re: Relayd

[Theo de Raadt]

 I know this is the OpenBSD mailing list, but I'm having an issue with 
 relayd on FreeBSD and was just hoping to get some direction. 

Sorry.

Re: How to make FTP work from the firewall system?

[Daniel Gracia Garallar]

From the FAQ, read:

http://www.openbsd.org/faq/pf/ftp.html

Regards,

Dani

El 16/03/2010 4:49, Dave Anderson escribis:

I'm configuring a notebook which will use PF to protect itself from the
environments in which I use it, and would like to have FTP 'just work'
on it -- whether it's from an explicit FTP command, from a browser, or
embedded in some other program or script.  Unfortunatly there doesn't
seem to be any really good way to do this when a system is its own
firewall; the best tool I've found so far is 'ftpsesame', which
acknowledges a couple of significant problems (there's no guarantee that
the PF rules changes it makes will happen in time, and inspecting
packets 'on the fly' without a full TCP stack is errorprone).

I'd expect this to be a rather common desire; is there a good solution
that I've missed?  Suggestions are very welcome.

I do notice that 4.7 has a new divert-to-userland ability that looks
like it could be used to solve this problem properly, by intercepting
outbound and inbound control-connection packets on the egress interface.
If I read the documentation correctly, ftp-proxy has not (yet) been
updated to work this way; is anyone known to be planning to do this?

Thanks,

Dave

Re: Configuring openSBD like nat32

[Duncan Patton a Campbell]

On Tue, 9 Mar 2010 13:49:20 +0530
Siju George sgeorge...@gmail.com wrote:

 Hi,
 
 How do I configure OpenBSD PF to be like Nat32 ( http://nat32.com/ )
 
 The Idea is it has two internet connections and the second one should
 pick up if the first goes down and when the first one comes up it
 shoudl be the default route again.
 
 Thanks
 
 --Siju
 

Hm.  I looked at this nat32 and it looks relatively easy to do that sort of
thing with obsd using the kind of hooks I describe in 
Message-Id: 20080806141429.01f689d4.campb...@neotext.ca
Subject: Re: PF and DHCP hakz

...

The basic idea in this hack was to allow the assignment of multiple external 
dhcp routes based on internal address (ip|port) using pf and dhclient-script.
Since you can use this technique to map ports as well as address ranges 
to different external dhcp routes you can map services from internal 
networks to a pool of eternal links that you test/maintain with ifstated.

Putting together all those picklists and radios and such might be a bit
of a bear tho'.

Dhu

Re: format of i386/index.txt

[Jan Stary]

On Mar 17 21:55:33, Stuart Henderson wrote:
 On 2010-03-17, Jan Stary h...@stare.cz wrote:
  (It has changed back and forth in the last month.)
 
 I tried using index.txt files for timestamps to monitor the latency
 of mirror updates, but had problems with some of them flipping
 between formats; I have a suspicion that some site or other
 regenerates index.txt files but I haven't been able to track it
 down yet...

I suspected a delayed mirror first, but this is actually
ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/index.txt
And it's back to 'ls' right now. Huh.