Re: npppd with tun interface not work on i386?

2013-01-31 Thread csszep
Thx

It works as expected.


2013/1/31 YASUOKA Masahiko yasu...@yasuoka.net:
 Hi,

 On Tue, 29 Jan 2013 20:20:24 +0100
 csszep css...@gmail.com wrote:
 I tried to start npppd with the default config with tun0 interface on
 my Alix board:

 I get the following error message:

 # npppd -d
 2013-01-29 19:54:38:NOTICE: Starting npppd pid=13464 version=5.0.0
 2013-01-29 19:54:38:NOTICE: Load configuration
 from='/etc/npppd/npppd.conf' successfully.
 2013-01-29 19:54:38:ERR: tun0 delete ipaddress tun0 failed: Device not
 configured

 This was from a bug.  I fixed it on cvs.  Please update your source
 code from cvs or apply a patch below.

 Thank you for your report.

 Index: privsep.c
 ===
 RCS file: /cvs/src/usr.sbin/npppd/npppd/privsep.c,v
 retrieving revision 1.7
 diff -u -p -r1.7 privsep.c
 --- privsep.c   28 Sep 2012 23:46:00 -  1.7
 +++ privsep.c   31 Jan 2013 02:03:36 -
 @@ -463,7 +463,7 @@ priv_get_if_addr(const char *ifname, str
 struct PRIVSEP_GET_IF_ADDR_RESP  r;

 a.cmd = PRIVSEP_GET_IF_ADDR;
 -   strlcpy(a.ifname, ifname, sizeof(ifname));
 +   strlcpy(a.ifname, ifname, sizeof(a.ifname));
 if ((retval = send(privsep_sock, a, sizeof(a), 0))  0)
 return retval;
 if ((retval = recv(privsep_sock, r, sizeof(r), 0))  0) {
 @@ -488,7 +488,7 @@ priv_delete_if_addr(const char *ifname)
 struct PRIVSEP_DEL_IF_ADDR_ARG   a;

 a.cmd = PRIVSEP_DEL_IF_ADDR;
 -   strlcpy(a.ifname, ifname, sizeof(ifname));
 +   strlcpy(a.ifname, ifname, sizeof(a.ifname));
 if ((retval = send(privsep_sock, a, sizeof(a), 0))  0)
 return retval;
 retval = privsep_common_resp();
 @@ -503,7 +503,7 @@ priv_set_if_addr(const char *ifname, str
 struct PRIVSEP_SET_IF_ADDR_ARG   a;

 a.cmd = PRIVSEP_SET_IF_ADDR;
 -   strlcpy(a.ifname, ifname, sizeof(ifname));
 +   strlcpy(a.ifname, ifname, sizeof(a.ifname));
 a.addr = *addr;
 if ((retval = send(privsep_sock, a, sizeof(a), 0))  0)
 return retval;
 @@ -519,7 +519,7 @@ priv_get_if_flags(const char *ifname, in
 struct PRIVSEP_GET_IF_FLAGS_RESP  r;

 a.cmd = PRIVSEP_GET_IF_FLAGS;
 -   strlcpy(a.ifname, ifname, sizeof(ifname));
 +   strlcpy(a.ifname, ifname, sizeof(a.ifname));
 if ((retval = send(privsep_sock, a, sizeof(a), 0))  0)
 return retval;
 if ((retval = recv(privsep_sock, r, sizeof(r), 0))  0) {
 @@ -543,7 +543,7 @@ priv_set_if_flags(const char *ifname, in
 struct PRIVSEP_SET_IF_FLAGS_ARG   a;

 a.cmd = PRIVSEP_SET_IF_FLAGS;
 -   strlcpy(a.ifname, ifname, sizeof(ifname));
 +   strlcpy(a.ifname, ifname, sizeof(a.ifname));
 a.flags = flags;
 if ((retval = send(privsep_sock, a, sizeof(a), 0))  0)
 return retval;



Re: npppd radius on current jan 21

2013-01-31 Thread YASUOKA Masahiko
On Wed, 30 Jan 2013 12:07:05 +0100
mxb m...@alumni.chalmers.se wrote:
 Yasuoka forgot to commit his fix.
 I have it working.

Oops, I forgot about that fix...

I've commited.  Also here is the diff.  Thanks,

Index: npppd_auth.c
===
RCS file: /cvs/src/usr.sbin/npppd/npppd/npppd_auth.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- npppd_auth.c22 Sep 2012 20:22:48 -  1.11
+++ npppd_auth.c31 Jan 2013 09:44:21 -  1.12
@@ -1,4 +1,4 @@
-/* $OpenBSD: npppd_auth.c,v 1.11 2012/09/22 20:22:48 espie Exp $ */
+/* $OpenBSD: npppd_auth.c,v 1.12 2013/01/31 09:44:21 yasuoka Exp $ */
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -26,7 +26,7 @@
  * SUCH DAMAGE.
  */
 /**@file authentication realm */
-/* $Id: npppd_auth.c,v 1.11 2012/09/22 20:22:48 espie Exp $ */
+/* $Id: npppd_auth.c,v 1.12 2013/01/31 09:44:21 yasuoka Exp $ */
 #include sys/types.h
 #include sys/stat.h
 #include sys/socket.h
@@ -561,6 +561,10 @@ npppd_auth_radius_reload(npppd_auth_base
break;
memcpy(rad-server[i].peer, server-address,
server-address.ss_len);
+   if (((struct sockaddr_in *)rad-server[i].peer)-sin_port
+   == 0)
+   ((struct sockaddr_in *)rad-server[i].peer)-sin_port
+   = htons(DEFAULT_RADIUS_AUTH_PORT);
strlcpy(rad-server[i].secret, server-secret,
sizeof(rad-server[i].secret));
rad-server[i].enabled = 1;
@@ -578,6 +582,10 @@ npppd_auth_radius_reload(npppd_auth_base
break;
memcpy(rad-server[i].peer, server-address,
server-address.ss_len);
+   if (((struct sockaddr_in *)rad-server[i].peer)-sin_port
+   == 0)
+   ((struct sockaddr_in *)rad-server[i].peer)-sin_port
+   = htons(DEFAULT_RADIUS_ACCT_PORT);
strlcpy(rad-server[i].secret, server-secret,
sizeof(rad-server[i].secret));
rad-server[i].enabled = 1;
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/npppd/npppd/parse.y,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- parse.y 13 Nov 2012 17:10:40 -  1.3
+++ parse.y 31 Jan 2013 09:44:21 -  1.4
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.3 2012/11/13 17:10:40 yasuoka Exp $ */
+/* $OpenBSD: parse.y,v 1.4 2013/01/31 09:44:21 yasuoka Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer henn...@openbsd.org
@@ -677,7 +677,8 @@ radopt  : ADDRESS address optport SECRET
YYERROR;
}
n-address = $2;
-   ((struct sockaddr_in *)n-address)-sin_port = $3;
+   ((struct sockaddr_in *)n-address)-sin_port =
+   htons($3);
n-secret = $5;
TAILQ_INSERT_TAIL(curr_radconf-servers, n, entry);
}



Re: frontiernet mirror

2013-01-31 Thread Stuart Henderson
On 2013-01-31, Andrew Ngo andrew@gmail.com wrote:
 I think the openbsd.mirror.frontiernet.net mirror is stale; its most recent
 packages are dated Jan 8th to me. Does anyone else see this?



Yes. I have just gone through the mirror list and fixed some incorrect
entries, please choose another one from the list.



pppx(4) and a pppx interface group

2013-01-31 Thread Mattieu Baptiste
Hi,

I'm testing npppd with pppx(4).

As i'm understanding npppd, a new pppx(4) interface is created for every
new session. Thus, new /dev/pppxN nodes must be created for the sessions
that we intend to have.

But at this point, filtering with PF needs special handling for every
pppx(4) interface. How about adding these interfaces to a pppx interface
group, by adding the if_addgroup() call ?

What do you think ?



-- 
Mattieu Baptiste
/earth is 102% full ... please delete anyone you can.



mailx : mbox management strategies

2013-01-31 Thread Mayuresh Kathe
may i know the sort of mbox management strategies used
by those using mailx (hence mbox) as the mail handler?
i wish to know how mailx users keep their mbox within
manageable size limits.
do they start a new mbox every month/year?
do they use folders support to sort mails?
or do they simply discard those mails which aren't
really of great importance?
thanks.



Microsoft VPN PPTP

2013-01-31 Thread R0me0 ***
Hello misc,

I've the follow situation:


WAN --OBSD---LAN
   |
   |__DMZ 192.168.1.0/24 ---Windows 2003 - RRAS --
10.20.30.x/27- VPN IP's CLIENT


Clients connect to RRAS server and pf, filter traffic from VPN clients to
LAN services.

The problem is: when vpn clients die, PF keep state of connections and I've
a storm of tcp packets with PSH flag or RST , and bandwidth traffic
increase incredibly.

when storm occurs, if executed : 'pfctl -k 10.20.30.7' , by example, storm
stop instantly.

I'm searching by incidentes, but i no founded nothing.

Someone would could show me a correct direction to solve this issue ?

Regards,



Re: openBSD 5.2 amd64 on lenovo x201s, part 2 apm support and overheating

2013-01-31 Thread Andriy Samsonyuk
i've applied your patch. So far it works!
Thanx again!


 David Coppa already sent you a patch but probably I should clarify
 some things more.

 Many modern ThinkPad allow to either delegate management of fan speed
 to BIOS or to set it manually. OpenBSD point of view is that manual
 setting fans from userland is a BAD idea. So what's the patch
 mentioned does is taking management from BIOS to OS.

 BIOS does a good thing at managing fan speed until it gets too hot.
 But when overheating happens, there are two complimentary ways to
 handle the situation: a) raise the fan speed; b) lower CPU speed.

 (a) is what OpenBSD with the patch mentioned starts to do. The fan is
 put in so called disengaged mode, fan goes to 6000+ RPM and became
 spinning as if it's trying to make your laptop flying. This probably
 could damage the fan, but mine is still there for about two years.

 The same functionality exists in the Linux kernel but the code is
 (was? Didn't check for a year) disabled; I've actually picked up
 register addresses from there.

 (b) is what Windows does. Your videoplayer will start dropping frames
 but it'll be more or less quiet around.

 Probably some overheating logic could be added to apmd(8), but this
 daemon already wants too many options and thus probably needs
 refactoring. Or there could be some default scripts for sensorsd(8)
 written...

 --
   WBR,
   Vadim Zhukov


--
Stay away from flying saucers today.

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]



rd0 full during upgrade

2013-01-31 Thread Zé Loff
Sorry in advance if this is silly, but I'm not familiar enough with the
install/upgrade process and ramdisks to figure it out myself.

I'm trying to upgrade a Soekris box (net4801, 128Mb RAM, 4Gb CF card)
via tftp with the .tgz sets on a usb stick, and the root filesystem (on
rd0a) gets full. The system has / mounted read-only and /etc, /var, /dev
and /root mounted as mfs, but I'm not sure if this has anything to do
with the problem at hand.


right before getting the sets:

# mount
/dev/rd0a on / type ffs (local)
/dev/wd0a on /mnt type ffs (local, noatime)
/dev/wd0d on /mnt/mfs type ffs (local, noatime, nodev, nosuid)
/dev/wd0e on /mnt/home type ffs (local, noatime, nodev, nosuid)

# df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/rd0a  1.8M1.6M156K91%/
/dev/wd0a  2.5G256M2.1G11%/mnt
/dev/wd0d  255M   11.4M231M 5%/mnt/mfs
/dev/wd0e  972M   54.2M870M 6%/mnt/home


getting the sets:

bsd  100% |*** (trimmed) ***|  8934 KB 00:14
bsd.rd   100% |*** (trimmed) ***|  6330 KB 00:10
base52.tgz   100% |*** (trimmed) ***| 55648 KB 07:57 
uid 0 on /: file system full

/: write failed, file system is full
man52.tgz100% |*** (trimmed) ***|  9507 KB 03:56
uid 0 on /: file system full

/: write failed, file system is full
Location of sets? (disk ftp http or 'done') [done]


jumping to shell:

# df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/rd0a  1.8M1.8M2.0K   100%/
/dev/wd0a  2.5G256M2.1G11%/mnt
/dev/wd0d  255M   11.4M231M 5%/mnt/mfs
/dev/wd0e  972M   54.2M870M 6%/mnt/home


Any clues?

Many thanks



Re: rd0 full during upgrade

2013-01-31 Thread Alexander Hall

On 01/31/13 14:11, Zé Loff wrote:

Sorry in advance if this is silly, but I'm not familiar enough with the
install/upgrade process and ramdisks to figure it out myself.

I'm trying to upgrade a Soekris box (net4801, 128Mb RAM, 4Gb CF card)
via tftp with the .tgz sets on a usb stick, and the root filesystem (on
rd0a) gets full. The system has / mounted read-only and /etc, /var, /dev
and /root mounted as mfs, but I'm not sure if this has anything to do
with the problem at hand.


right before getting the sets:

# mount
/dev/rd0a on / type ffs (local)
/dev/wd0a on /mnt type ffs (local, noatime)
/dev/wd0d on /mnt/mfs type ffs (local, noatime, nodev, nosuid)
/dev/wd0e on /mnt/home type ffs (local, noatime, nodev, nosuid)

# df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/rd0a  1.8M1.6M156K91%/
/dev/wd0a  2.5G256M2.1G11%/mnt
/dev/wd0d  255M   11.4M231M 5%/mnt/mfs
/dev/wd0e  972M   54.2M870M 6%/mnt/home


getting the sets:

bsd  100% |*** (trimmed) ***|  8934 KB 00:14
bsd.rd   100% |*** (trimmed) ***|  6330 KB 00:10
base52.tgz   100% |*** (trimmed) ***| 55648 KB 07:57
uid 0 on /: file system full

/: write failed, file system is full
man52.tgz100% |*** (trimmed) ***|  9507 KB 03:56
uid 0 on /: file system full

/: write failed, file system is full
Location of sets? (disk ftp http or 'done') [done]


jumping to shell:

# df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/rd0a  1.8M1.8M2.0K   100%/
/dev/wd0a  2.5G256M2.1G11%/mnt
/dev/wd0d  255M   11.4M231M 5%/mnt/mfs
/dev/wd0e  972M   54.2M870M 6%/mnt/home


Any clues?

Many thanks




Absolute symlinks in the target file system?

/Alexander



Re: rd0 full during upgrade

2013-01-31 Thread Zé Loff
On Thu, Jan 31, 2013 at 06:44:56PM +0100, Alexander Hall wrote:
 
 Absolute symlinks in the target file system?
 
 /Alexander
 

Bullseye!

-- 



Re: Microsoft VPN PPTP

2013-01-31 Thread Aaron Mason
If you can, change to a different type of VPN.  Not because of the storm,
but because PPTP has been broken security-wise.  Good results have been
achieved with OpenVPN.


On Thu, Jan 31, 2013 at 11:56 PM, R0me0 *** knight@gmail.com wrote:

 Hello misc,

 I've the follow situation:


 WAN --OBSD---LAN
|
|__DMZ 192.168.1.0/24 ---Windows 2003 - RRAS --
 10.20.30.x/27- VPN IP's CLIENT


 Clients connect to RRAS server and pf, filter traffic from VPN clients to
 LAN services.

 The problem is: when vpn clients die, PF keep state of connections and I've
 a storm of tcp packets with PSH flag or RST , and bandwidth traffic
 increase incredibly.

 when storm occurs, if executed : 'pfctl -k 10.20.30.7' , by example, storm
 stop instantly.

 I'm searching by incidentes, but i no founded nothing.

 Someone would could show me a correct direction to solve this issue ?

 Regards,




-- 
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse



Re: Microsoft VPN PPTP

2013-01-31 Thread Johan Beisser
On Thu, Jan 31, 2013 at 4:06 PM, Aaron Mason simplersolut...@gmail.com wrote:
 If you can, change to a different type of VPN.  Not because of the storm,
 but because PPTP has been broken security-wise.  Good results have been
 achieved with OpenVPN.

I'm having remarkable success with npppd(8) and L2TP. I'm using it
with MacOS and iOS clients, no problems. I'll be testing with Linux
ones later this week (including Android, etc).

Outside of the tun(4) bug that bit me, it's been rock solid.



Re: Microsoft VPN PPTP

2013-01-31 Thread R0me0 ***
In future I will migrate, but for now, i need solve this issue.
I' ve tried to change tcp.closed and tcp.closing timeout but without
success.

Thanks for replies.
Any tips will be apprecited,

Regards

2013/1/31 Aaron Mason simplersolut...@gmail.com

 If you can, change to a different type of VPN.  Not because of the storm,
 but because PPTP has been broken security-wise.  Good results have been
 achieved with OpenVPN.


 On Thu, Jan 31, 2013 at 11:56 PM, R0me0 *** knight@gmail.com wrote:

 Hello misc,

 I've the follow situation:


 WAN --OBSD---LAN
|
|__DMZ 192.168.1.0/24 ---Windows 2003 - RRAS --
 10.20.30.x/27- VPN IP's CLIENT


 Clients connect to RRAS server and pf, filter traffic from VPN clients to
 LAN services.

 The problem is: when vpn clients die, PF keep state of connections and
 I've
 a storm of tcp packets with PSH flag or RST , and bandwidth traffic
 increase incredibly.

 when storm occurs, if executed : 'pfctl -k 10.20.30.7' , by example, storm
 stop instantly.

 I'm searching by incidentes, but i no founded nothing.

 Someone would could show me a correct direction to solve this issue ?

 Regards,




 --
 Aaron Mason - Programmer, open source addict
 I've taken my software vows - for beta or for worse



Re: tor + rdomain

2013-01-31 Thread Sébastien Marie
On Sat, Jan 26, 2013 at 05:03:28PM -0500, Jiri B wrote:
 On Sat, Jan 26, 2013 at 02:11:06PM +0100, Sébastien Marie wrote:
  Hi,
  
  I would like to have some help for perform a network isolation using 
  rtable, to use tor without network leak.
  I use -current. The host is a workstation (no forwarding set in sysctl).
 
 I just run a program which should use Tor only under different user
 and use PF to block any outgoing traffic of such user.
 
 It's not what you want but this works for me.
 
 jirib
 

Thanks for your response.

It is not exactly what I want, because I try to play with rdomain. But
your contribution is appreciate !

Regards.
-- 
Sébastien Marie