Re: Donations to OpenBSD
On 14/08/14 01:10, Theo de Raadt wrote: How does it compare for using the SWIFT method outlined on the website? The SWIFT donations go to the Project. That is spent on things which the Foundation doesn't pay for. Gee - CDs, T-Shirts, Project, Foundation - all this discussion starts to confuse me. Theo, I am planning to donate, but I am loosing my understanding of the optimal way. Could you please just clarify: I have money and I want that to go to the OpenBSD project. I would like as much as possible to make it there (from the UK in my case), I would like to give the OpenBSD people the highest degree of freedom of what to do with it, and don't need any physical gadgets to go with it. What is the optimal way to achieve this? Thanks, Bernd
Re: Donations to OpenBSD
Talk to www.openbsdeurope.com, which happens to be in the UK. I'm sure they can arrange for donations in a simple-for-you way even if you don't need a product back. 2014-08-14 8:16 GMT+02:00 Bernte ber...@fams.de: On 14/08/14 01:10, Theo de Raadt wrote: How does it compare for using the SWIFT method outlined on the website? The SWIFT donations go to the Project. That is spent on things which the Foundation doesn't pay for. Gee - CDs, T-Shirts, Project, Foundation - all this discussion starts to confuse me. Theo, I am planning to donate, but I am loosing my understanding of the optimal way. Could you please just clarify: I have money and I want that to go to the OpenBSD project. I would like as much as possible to make it there (from the UK in my case), I would like to give the OpenBSD people the highest degree of freedom of what to do with it, and don't need any physical gadgets to go with it. What is the optimal way to achieve this? Thanks, Bernd -- May the most significant bit of your life be positive.
Re: Donations to OpenBSD
We've found this strangely difficult to do also.. Just want to donate, don't want stuff in return, don't want middle men taking a cut.. On 14/08/14 09:59, Janne Johansson wrote: Talk to www.openbsdeurope.com, which happens to be in the UK. I'm sure they can arrange for donations in a simple-for-you way even if you don't need a product back. 2014-08-14 8:16 GMT+02:00 Bernte ber...@fams.de: On 14/08/14 01:10, Theo de Raadt wrote: How does it compare for using the SWIFT method outlined on the website? The SWIFT donations go to the Project. That is spent on things which the Foundation doesn't pay for. Gee - CDs, T-Shirts, Project, Foundation - all this discussion starts to confuse me. Theo, I am planning to donate, but I am loosing my understanding of the optimal way. Could you please just clarify: I have money and I want that to go to the OpenBSD project. I would like as much as possible to make it there (from the UK in my case), I would like to give the OpenBSD people the highest degree of freedom of what to do with it, and don't need any physical gadgets to go with it. What is the optimal way to achieve this? Thanks, Bernd
Re: Donations to OpenBSD
options: 1) cash in envelope, put into mail 2) bank cheque in envelope, put in mail 3) suck it up, and stop caring about the middle man's cut 4) bank transfers (also: see #3) 5) fly to canada with a suitcase of money 6) bank transfers to the EUROPEAN bank 7) OpenBSD Foundatation On 2014 Aug 14 (Thu) at 10:02:42 +0100 (+0100), Andy wrote: :We've found this strangely difficult to do also.. Just want to donate, don't :want stuff in return, don't want middle men taking a cut.. : : :On 14/08/14 09:59, Janne Johansson wrote: :Talk to www.openbsdeurope.com, which happens to be in the UK. :I'm sure they can arrange for donations in a simple-for-you way even if you :don't need a product back. : : : :2014-08-14 8:16 GMT+02:00 Bernte ber...@fams.de: : :On 14/08/14 01:10, Theo de Raadt wrote: :How does it compare for using the SWIFT method outlined on the website? :The SWIFT donations go to the Project. That is spent on things which :the Foundation doesn't pay for. :Gee - CDs, T-Shirts, Project, Foundation - all this discussion starts to :confuse me. : :Theo, I am planning to donate, but I am loosing my understanding of the :optimal way. : :Could you please just clarify: I have money and I want that to go to the :OpenBSD project. I would like as much as possible to make it there (from :the UK in my case), I would like to give the OpenBSD people the highest :degree of freedom of what to do with it, and don't need any physical :gadgets to go with it. What is the optimal way to achieve this? : :Thanks, :Bernd : -- Democracy is good. I say this because other systems are worse. -- Jawaharlal Nehru
Re: [Bulk] i config'ed the ethernet card, do I have to do vlan0 now? just need some help here...
previously on this list Jules Gilbert contributed: Also, I've heard that running X weakens security, I'm going to OpenBSD because my FreBSD based Mac is, apparently, where hackers go to relax. Can I strengthen the X component? Well that's got a never ending answer but the main points. OpenBSD's xenocara uses priviledge seperation so X does not run as root. Why Linux has not picked up these patches I have no idea and I guess FreeBSD hasn't. Hardened Gentoo users sometime run X as a seperate user but as it is unpatched/unseperated they lose usb plug n play support. Also if you use an intel or non-ancient ATI chip then you can leave machdep.allowaperture at 0 and in fact I believe the installer now does for many, All? cards. That's a big deal as when the aperture is set to 2 it gives a potential opportunity to the heart of the system and can be used to bypass SELinux on desktops that regard that as their saving grace/excuse and such. The similar grsecurity option is disable raw I/O but again requires KMS drivers. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: [Bulk] i config'ed the ethernet card, do I have to do vlan0 now? just need some help here...
Also, I've heard that running X weakens security, I'm going to OpenBSD because my FreBSD based Mac is, apparently, where hackers go to relax. Can I strengthen the X component? Well that's got a never ending answer but the main points. Forgot the real main point, don't run X on any and especially an internet facing server. I cringe when I see Windows admins open Internet Explorer on their web server. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: tcpdump and circular logfile buffer
On 2014-08-13, Kevin Chadwick ma1l1i...@yahoo.co.uk wrote: previously on this list Kevin Chadwick contributed: [ -C file_size ] [ -W filecount ] tcpdump.orgs tcpdump has the above options so that you can constantly log and yet open a file of a certain time quickly with wireshark. I am trying to come up with some magic for doing similar with the more secure and in base tcpdump without porting the c so if anyone already does this then please let me know? Thanks, Kc I think split should work. I love Unix #!/bin/sh until /bin/dd if=/dev/zero | split -b 1k do /bin/dd if=/dev/zero | split -b 1k done There are headers to deal with. You might get somewhere with tcpslice or pcapmerge; if neither of these do what you want, pcapmerge is written in perl and shouldn't be too difficult to modify or use as a base for something else.
Re: Terminate session on serial terminal (com0) when ssh disconnects
On 2014-08-12, Clint Pachl pa...@ecentryx.com wrote: Here's my situation: I ssh into a remote server in my group. From that server, I connect to an adjacent, local server in the group via the serial terminal using tip(1) or cu(1). If the ssh connection is disconnected, the login session to the second server's serial com0 will remain open/active. Is there a reliable, system-wide method or configuration to terminate the serial session if the ssh connection dies? So far, all I have come up with is the shell's timeout variable (i.e., TMOUT). However, this can be overridden by the user. Also TMOUT doesn't trigger if you're not in the shell. I also tried the gettytab(5) timeout option to, but that didn't work as expected. It terminates and restarts the initial terminal login process, not the user session. Thanks, Clint It's not exactly what you're asking for, but I would recommend looking at conserver (in packages) and see if you can use it to get the desired results. The conserver(8) daemon runs and connects to the port (optionally logging to files) and allows (with per-user rw/ro authorisation) multiple users to connect with the console(1) client, it also has idle timeout options which can trigger a string or escape sequence (which can include sequences to disconnect etc).
Re: Terminate session on serial terminal (com0) when ssh disconnects
On Tue, 2014-08-12 at 00:37 -0700, Clint Pachl wrote: Here's my situation: I ssh into a remote server in my group. From that server, I connect to an adjacent, local server in the group via the serial terminal using tip(1) or cu(1). If the ssh connection is disconnected, the login session to the second server's serial com0 will remain open/active. Is there a reliable, system-wide method or configuration to terminate the serial session if the ssh connection dies? There already have been some answers, but you may also want to use tmux(1) when working over ssh. It will not close cu(1)/tip(1) connections when your ssh connection bugs out, but you can re-login and just attach to the running session and continue where you left of. I find that very convenient myself. So far, all I have come up with is the shell's timeout variable (i.e., TMOUT). However, this can be overridden by the user. I also tried the gettytab(5) timeout option to, but that didn't work as expected. It terminates and restarts the initial terminal login process, not the user session. Thanks, Clint
Re: [Bulk] Re: tcpdump and circular logfile buffer
previously on this list Stuart Henderson contributed: I think split should work. I love Unix #!/bin/sh until /bin/dd if=/dev/zero | split -b 1k do /bin/dd if=/dev/zero | split -b 1k done There are headers to deal with. You might get somewhere with tcpslice or pcapmerge; if neither of these do what you want, pcapmerge is written in perl and shouldn't be too difficult to modify or use as a base for something else. Hmm, As wireshark used to give truncated messages in the middle of a packet from tcpdumps output with -C and -W I assumed I may just lose a packet or could get the bytes right. i think there are also line modes on both tools. It's always better to use something designed for the job though so thanks, I'll look into them. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: Donations to OpenBSD
Greetings. On 2014 Aug 14, at 01:10, Worik Stanton worik.stan...@gmail.com wrote: Suggestion: Package the release notes, FAQ and some other documentation into a PDF and sell that at the same price as the CD, from the same place. I'd buy that. It would be better quality than the (often) crap O'Reilly sell, and I buy that. This is potentially quite a good idea. The T-shirts and CDs exist because (a) some people find them useful in themselves, and (b) some people prefer or find it more convenient to buy a physical thing they don't intend to use, as a means of making an indirect donation to the project. This of course is discussed at length in the rest of this thread. There's precedent for such a physical book being sellable. The Python Reference Manual [1] is a dead-tree version of the language and library description also available for free at [2]. There's clearly some story about the various reasons why people buy that, but it's clear that at least some do. I have considered doing so myself -- a paper document is superior to an on-screen one in some circumstances -- but in the end found it more convenient to print out selected sections of the downloaded PDF. Places like lulu.com will put a PDF on paper for you and sell/ship the result. I've no idea of the economic details of that, or alternatives to lulu, but such services do exist. I'm not making any promises here, but given mild encouragement I'd be very willing to take a look at how complicated it would be to turn the existing text or texts into a readable PDF (I've done this sort of thing before, and could probably do it fairly efficiently). However it's not obvious to me where the source of the FAQ is. The HTML is at [3] and there's a plain-text version at [4], but I presume these are generated from some other common source. The latter says that The FAQ is available in text form in the pub/OpenBSD/doc directory from many FTP mirrors, but I wasn't able to turn that into an actual URL, or a location on http://cvsweb.openbsd.org/cgi-bin/cvsweb/. All the best, Norman [1] http://www.amazon.com/Python-Language-Reference-Manual/dp/1906966141/ [2] https://docs.python.org/3/download.html [3] http://www.openbsd.org/faq/index.html [4] http://www.openbsd.org/faq/obsd-faq.txt -- Norman Gray : http://nxg.me.uk SUPA School of Physics and Astronomy, University of Glasgow, UK
SSH Fingerprint for anoncvs.jp.openbsd.org?
Is there a reason that the fingerprint for anon...@anoncvs.jp.openbsd.org is missing from http://www.openbsd.org/anoncvs.html? -- Joel Rees Be careful where you see conspiracy. Look first in your own heart.
cisco ASA and iked (OpenBSD-5.4)
Hello. I'm trying to make IKEv2/IPsec tunnel between cisco ASA and OpenBSD-5.4 iked (see configs debugs below)... Self-signed certificate and EAP with MS-CHAPv2 are configured on the ASA. The result - ASA says Username:Unknown IKEv2 Negotiation aborted due to ERROR: Failed to receive the AUTH msg before the timer expired. Please comment what can be missed in the iked.conf or somewhere else? -- AlexeiMalinin #cat /etc/iked.conf set passive user USER PASSWORD ikev2 TEST \ quick \ active \ esp \ inet \ from any to 10.0.7.0/24 \ local 10.0.62.27 peer 212.233.65.1 \ ikesa enc aes-256 auth hmac-sha2-256 prf hmac-sha2-256 group modp2048 \ childsa enc aes-256 auth hmac-sha2-256 \ srcid 10.0.62.27 dstid 212.233.65.1 \ lifetime 1h bytes 128M \ eap mschap-v2 \ config address 10.249.1.1 \ tag $name # ls /etc/iked/certs VPN_gateway.example.com.pem # clear ; iked -dvv /etc/iked.conf: loaded 2 configuration rules ca_reload: loaded cert file VPN_gateway.example.com.pem config_new_user: inserting new user USER user USER PASSWORD ca_validate_cert: /CN=VPN_gateway.example.com/unstructuredName=VPN_gateway.example.com self signed certificate config_getpolicy: received policy ikev2 TEST quick active esp inet from any to 10.0.7.0/24 local 10.0.62.27 peer 212.233.65.1 ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group modp2048 childsa enc aes-256 auth hmac-sha2-256 srcid 10.0.62.27 dstid 212.233.65.1 lifetime 3600 bytes 134217728 eap MSCHAP_V2 config address 10.249.1.1 tag $name config_getpfkey: received pfkey fd 4 config_getcompile: compilation done config_getsocket: received socket fd 11 config_getsocket: received socket fd 12 config_getsocket: received socket fd 14 config_getsocket: received socket fd 20 config_getmode: mode active - passive ikev2_init_ike_sa: initiating TEST ikev2_policy2id: srcid IPV4/10.0.62.27 length 8 ikev2_add_proposals: length 44 ikev2_next_payload: length 48 nextpayload KE ikev2_next_payload: length 264 nextpayload NONCE ikev2_next_payload: length 36 nextpayload NOTIFY ikev2_nat_detection: local source 0x164268426ab0c983 0x 10.0.62.27:500 ikev2_next_payload: length 28 nextpayload NOTIFY ikev2_nat_detection: local destination 0x164268426ab0c983 0x 212.233.65.1:500 ikev2_next_payload: length 28 nextpayload NONE ikev2_pld_parse: header ispi 0x164268426ab0c983 rspi 0x nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 432 response 0 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP ikev2_msg_send: IKE_SA_INIT from 10.0.62.27:500 to 212.233.65.1:500, 432 bytes sa_state: INIT - SA_INIT ikev2_recv: IKE_SA_INIT from responder 212.233.65.1:500 to 10.0.62.27:500 policy 'TEST' id 0, 585 bytes ikev2_recv: ispi 0x164268426ab0c983 rspi 0x89da921ef19c99e8 ikev2_recv: updated SA to peer 212.233.65.1:500 local 10.0.62.27:500 ikev2_pld_parse: header ispi 0x164268426ab0c983 rspi 0x89da921ef19c99e8 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 585 response 0 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 ikev2_pld_payloads: payload NONCE nextpayload VENDOR critical 0x00 length 68 ikev2_pld_payloads: payload VENDOR nextpayload VENDOR critical 0x00 length 23 ikev2_pld_payloads: payload VENDOR nextpayload VENDOR critical 0x00 length 59 ikev2_pld_payloads: payload VENDOR nextpayload NOTIFY critical 0x00
ulpt/libusb weirdness in -current
Dear misc@ readers, Still unable to make my old HP Deskjet F4280 printer working on -current (all was ok in 5.5). ulpt is disabled during boot stage; the printer is correctly installed (through the CUPS web interface) and device permissions seem ok: just22@poseidon:[~] sudo usbdevs -dv Controller /dev/usb0: addr 1: high speed, self powered, config 1, EHCI root hub(0x), Intel(0x8086), rev 1.00 uhub0 port 1 powered port 2 powered port 3 powered port 4 powered Controller /dev/usb1: addr 1: high speed, self powered, config 1, EHCI root hub(0x), Intel(0x8086), rev 1.00 uhub1 port 1 powered port 2 addr 2: high speed, self powered, config 1, Deskjet F4200 series(0x2504), HP(0x03f0), rev 1.00, iSerialNumber CN8C54F12J05BR ugen1 just22@poseidon:[~] ls -la /dev/usb1 crw-rw 1 _cups _saned 61, 1 Aug 13 09:30 /dev/usb1 just22@poseidon:[~] ls -la /dev/ugen1* crw-rw 1 _cups _saned 63, 16 Aug 13 09:30 /dev/ugen1.00 crw-rw 1 _cups _saned 63, 17 Aug 13 09:30 /dev/ugen1.01 crw-rw 1 _cups _saned 63, 18 Aug 13 09:30 /dev/ugen1.02 crw-rw 1 _cups _saned 63, 19 Aug 13 09:30 /dev/ugen1.03 crw-rw 1 _cups _saned 63, 20 Aug 13 09:30 /dev/ugen1.04 crw-rw 1 _cups _saned 63, 21 Aug 13 09:30 /dev/ugen1.05 crw-rw 1 _cups _saned 63, 22 Aug 13 09:30 /dev/ugen1.06 crw-rw 1 _cups _saned 63, 23 Aug 13 09:30 /dev/ugen1.07 crw-rw 1 _cups _saned 63, 24 Aug 13 09:30 /dev/ugen1.08 crw-rw 1 _cups _saned 63, 25 Aug 13 09:30 /dev/ugen1.09 crw-rw 1 _cups _saned 63, 26 Aug 13 09:30 /dev/ugen1.10 crw-rw 1 _cups _saned 63, 27 Aug 13 09:30 /dev/ugen1.11 crw-rw 1 _cups _saned 63, 28 Aug 13 09:30 /dev/ugen1.12 crw-rw 1 _cups _saned 63, 29 Aug 13 09:30 /dev/ugen1.13 crw-rw 1 _cups _saned 63, 30 Aug 13 09:30 /dev/ugen1.14 crw-rw 1 _cups _saned 63, 31 Aug 13 09:30 /dev/ugen1.15 But hplip GUI insists in reporting a Device communication error (which is the exact message I see when ulpt is enabled...). After debugging a bit further, I discovered: just22@poseidon:[~] sudo /usr/local/libexec/cups/backend/usb DEBUG: Loading USB quirks from /usr/local/share/cups/usb. DEBUG: Loaded 68 quirks. DEBUG: list_devices DEBUG: libusb_get_device_list=9 DEBUG: Failed to check whether 03f0:2504 has the usblp kernel module attached which sounds suspicious... Any hints/advices? I'm stuck at the moment. Thanks in advance -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
Re: ulpt/libusb weirdness in -current
On Thu, Aug 14, 2014 at 02:41:42PM +0200, Alessandro DE LAURENZIS wrote: Dear misc@ readers, Still unable to make my old HP Deskjet F4280 printer working on -current (all was ok in 5.5). ulpt is disabled during boot stage; the printer is correctly installed (through the CUPS web interface) and device permissions seem ok: just22@poseidon:[~] sudo usbdevs -dv Controller /dev/usb0: addr 1: high speed, self powered, config 1, EHCI root hub(0x), Intel(0x8086), rev 1.00 uhub0 port 1 powered port 2 powered port 3 powered port 4 powered Controller /dev/usb1: addr 1: high speed, self powered, config 1, EHCI root hub(0x), Intel(0x8086), rev 1.00 uhub1 port 1 powered port 2 addr 2: high speed, self powered, config 1, Deskjet F4200 series(0x2504), HP(0x03f0), rev 1.00, iSerialNumber CN8C54F12J05BR ugen1 just22@poseidon:[~] ls -la /dev/usb1 crw-rw 1 _cups _saned 61, 1 Aug 13 09:30 /dev/usb1 just22@poseidon:[~] ls -la /dev/ugen1* crw-rw 1 _cups _saned 63, 16 Aug 13 09:30 /dev/ugen1.00 crw-rw 1 _cups _saned 63, 17 Aug 13 09:30 /dev/ugen1.01 crw-rw 1 _cups _saned 63, 18 Aug 13 09:30 /dev/ugen1.02 crw-rw 1 _cups _saned 63, 19 Aug 13 09:30 /dev/ugen1.03 crw-rw 1 _cups _saned 63, 20 Aug 13 09:30 /dev/ugen1.04 crw-rw 1 _cups _saned 63, 21 Aug 13 09:30 /dev/ugen1.05 crw-rw 1 _cups _saned 63, 22 Aug 13 09:30 /dev/ugen1.06 crw-rw 1 _cups _saned 63, 23 Aug 13 09:30 /dev/ugen1.07 crw-rw 1 _cups _saned 63, 24 Aug 13 09:30 /dev/ugen1.08 crw-rw 1 _cups _saned 63, 25 Aug 13 09:30 /dev/ugen1.09 crw-rw 1 _cups _saned 63, 26 Aug 13 09:30 /dev/ugen1.10 crw-rw 1 _cups _saned 63, 27 Aug 13 09:30 /dev/ugen1.11 crw-rw 1 _cups _saned 63, 28 Aug 13 09:30 /dev/ugen1.12 crw-rw 1 _cups _saned 63, 29 Aug 13 09:30 /dev/ugen1.13 crw-rw 1 _cups _saned 63, 30 Aug 13 09:30 /dev/ugen1.14 crw-rw 1 _cups _saned 63, 31 Aug 13 09:30 /dev/ugen1.15 But hplip GUI insists in reporting a Device communication error (which is the exact message I see when ulpt is enabled...). After debugging a bit further, I discovered: just22@poseidon:[~] sudo /usr/local/libexec/cups/backend/usb DEBUG: Loading USB quirks from /usr/local/share/cups/usb. DEBUG: Loaded 68 quirks. DEBUG: list_devices DEBUG: libusb_get_device_list=9 DEBUG: Failed to check whether 03f0:2504 has the usblp kernel module attached which sounds suspicious... Any hints/advices? I'm stuck at the moment. Can you try this patch: --- backend/usb-libusb.c.orig Mon Dec 9 20:26:47 2013 +++ backend/usb-libusb.cThu Aug 14 14:45:19 2014 @@ -1473,9 +1473,14 @@ else { printer-usblp_attached = 0; -fprintf(stderr, DEBUG: Failed to check whether %04x:%04x has the \usblp\ kernel module attached\n, - devdesc.idVendor, devdesc.idProduct); -goto error; + +if (errcode != LIBUSB_ERROR_NOT_SUPPORTED) +{ + fprintf(stderr, + DEBUG: Failed to check whether %04x:%04x has the \usblp\ + kernel module attached\n, devdesc.idVendor, devdesc.idProduct); + goto error; +} } /* -- Antoine
Re: DVD how to overcome mkisofs
Josh's advise make me forward. i upgrade snapshots . and pkg_add zsh . then '/usr/local/share/zsh/5.0.5/functions/_genisoimage' appear . head /usr/local/share/zsh/5.0.5/functions/_genisoimage is next . #compdef genisoimage _arguments \ '-nobak[do not include backup files]' \ '-no-bak[do not include backup files]' but i do not understand how to make genisoimage . i only imagine _a2ps has the same method . genisoimage make smaller image than mkisofs. so it is useful to burn DVD. --- tuyosi
Re: ulpt/libusb weirdness in -current
On Thu, Aug 14, 2014 at 03:08:29PM +0200, Alessandro DE LAURENZIS wrote: On Thu 14/08 14:46, Antoine Jacoutot wrote: Can you try this patch: --- backend/usb-libusb.c.orig Mon Dec 9 20:26:47 2013 +++ backend/usb-libusb.cThu Aug 14 14:45:19 2014 @@ -1473,9 +1473,14 @@ else { printer-usblp_attached = 0; -fprintf(stderr, DEBUG: Failed to check whether %04x:%04x has the \usblp\ kernel module attached\n, - devdesc.idVendor, devdesc.idProduct); -goto error; + +if (errcode != LIBUSB_ERROR_NOT_SUPPORTED) +{ + fprintf(stderr, + DEBUG: Failed to check whether %04x:%04x has the \usblp\ + kernel module attached\n, devdesc.idVendor, devdesc.idProduct); + goto error; +} } /* Hello Antoine, First of all, thanks a lot for the very quick feedback. I'm all but an expert, so bear with me: I'm not able to find the file you patched: just22@poseidon:[src] ls -la total 120 drwxrwxr-x 17 root wsrc 512 Aug 14 11:33 . drwxr-xr-x 19 root wheel512 Aug 14 11:16 .. drwxr-xr-x2 root wsrc 512 Aug 14 11:33 CVS -rw-r--r--1 root wsrc3345 Jul 9 21:23 Makefile -rw-r--r--1 root wsrc 14303 Jul 16 03:23 Makefile.cross drwxr-xr-x 34 root wsrc1024 Aug 14 11:33 bin drwxr-xr-x 27 root wsrc1024 Aug 14 11:33 distrib drwxr-xr-x 33 root wsrc2048 Aug 14 11:33 etc drwxr-xr-x 44 root wsrc1024 Aug 14 11:33 games drwxr-xr-x8 root wsrc 512 Aug 14 11:33 gnu drwxr-xr-x7 root wsrc2048 Aug 14 11:28 include drwxr-xr-x 35 root wsrc1536 Aug 14 11:33 lib drwxr-xr-x 32 root wsrc1536 Aug 14 11:33 libexec drwxr-xr-x 15 root wsrc 512 Aug 14 11:29 regress drwxr-xr-x 70 root wsrc2560 Aug 14 11:33 sbin drwxr-xr-x 14 root wsrc 512 Aug 14 11:33 share drwxr-xr-x 27 root wsrc1024 Aug 14 11:33 sys drwxr-xr-x 207 root wsrc4608 Aug 14 11:33 usr.bin drwxr-xr-x 135 root wsrc4096 Aug 14 11:33 usr.sbin just22@poseidon:[src] find ./ -name *usb-libusb.c* This should be an updated source tree, of course. What am I doing wrong? The patch was for cups... Anyway, here is a patch directly for the print/cups port. Apply it, rebuild cups and re-install the package. Index: patches/patch-backend_usb-libusb_c === RCS file: patches/patch-backend_usb-libusb_c diff -N patches/patch-backend_usb-libusb_c --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-backend_usb-libusb_c 14 Aug 2014 13:18:30 - @@ -0,0 +1,21 @@ +$OpenBSD$ +--- backend/usb-libusb.c.orig Mon Dec 9 20:26:47 2013 backend/usb-libusb.c Thu Aug 14 15:18:15 2014 +@@ -1473,9 +1473,14 @@ open_device(usb_printer_t *printer, /* I - Printer */ + else + { + printer-usblp_attached = 0; +-fprintf(stderr, DEBUG: Failed to check whether %04x:%04x has the \usblp\ kernel module attached\n, +-devdesc.idVendor, devdesc.idProduct); +-goto error; ++ ++if (errcode != LIBUSB_ERROR_NOT_SUPPORTED) ++{ ++ fprintf(stderr, ++ DEBUG: Failed to check whether %04x:%04x has the \usblp\ ++ kernel module attached\n, devdesc.idVendor, devdesc.idProduct); ++ goto error; ++} + } + + /* -- Antoine
Re: ulpt/libusb weirdness in -current
Your patch doesn't apply cleanly to cups-1.7.5, which is now in the tree: It applies fine here. How did you patch the port? root@poseidon:[cups] make extract === Checking files for cups-1.7.5-source `/usr/ports/distfiles/cups-1.7.5-source.tar.bz2' is up to date. (SHA256) cups-1.7.5-source.tar.bz2: OK === cups-1.7.5 depends on: avahi-* - avahi-0.6.31p13 === cups-1.7.5 depends on: libusb1-* - libusb1-1.0.9p8 === cups-1.7.5 depends on: bzip2-* - bzip2-1.0.6p1 === cups-1.7.5 depends on: gmake-* - gmake-4.0p0 === cups-1.7.5 depends on: autoconf-2.68 - autoconf-2.68p0 === cups-1.7.5 depends on: automake-=1.9,1.10 - automake-1.9.6p11 === cups-1.7.5 depends on: metaauto-* - metaauto-1.0p1 === Verifying specs: avahi-client avahi-common crypto m pthread ssl stdc++ z c cups cupscgi cupsimage cupsmime cupsppdc dbus-1 usb-1.0 avahi-client avahi-common crypto m pthread ssl stdc++ z === found avahi-client.0.0 avahi-common.0.0 crypto.30.0 m.9.0 pthread.18.0 ssl.27.0 stdc++.57.0 z.5.0 c.77.0 cups.6.1 cupscgi.1.0 cupsimage.5.0 cupsmime.1.0 cupsppdc.1.0 dbus-1.11.0 usb-1.0.1.0 === Extracting for cups-1.7.5-source root@poseidon:[cups] make patch === Patching for cups-1.7.5-source 1 out of 1 hunks failed--saving rejects to backend/usb-libusb.c.rej *** patch-backend_usb-libusb_c did not apply cleanly *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2687 '/usr/obj/ports/cups-1.7.5-source/.patch_done': @if cd /usr/ports/mystuff/pr...) *** Error 2 in /usr/ports/mystuff/print/cups (/usr/ports/infrastructure/mk/bsd.port.mk:2488 'patch') Maybe you were working on 1.7.4 (which is in the package tree)? Is there a quick way to revert the port tree to the older version (I'm not an expert CVS user...)? Let me know -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis -- Antoine
Re: ulpt/libusb weirdness in -current
On Thu 14/08 15:59, Antoine Jacoutot wrote: Your patch doesn't apply cleanly to cups-1.7.5, which is now in the tree: It applies fine here. How did you patch the port? My bad. After applying the patch, the printer is still not responding, but the output of /usr/local/libexec/cups/backend/usb is different: root@poseidon:[cups] sudo /usr/local/libexec/cups/backend/usb DEBUG: Loading USB quirks from /usr/local/share/cups/usb. DEBUG: Loaded 68 quirks. DEBUG: list_devices DEBUG: libusb_get_device_list=14 DEBUG: Failed to open device, code: -99 (I reinstalled the printer from scratch). -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
troubleshooting carp
Hi Misc, I am having problems with setting up a pair of firewalls (Soekris 6501-70 with an extra lan1841 quad-card, i.e. total 8 em-ports) - I can not get CARP to work - both firewalls insist on becoming Master. I did have it working a week or two ago, since then I've been working on the rulesets and have updated to current snapshots several times, latest was last night. I've been thinking it was the rulesets that prevented the carp-traffic somehow, but even with pf turned off the carp announcements doesn't seem to be transmitted on the em-port. In order to isolate the problem I've turned on tcpdump in one session: # tcpdump -vvv -i em7 proto carp and then in another session I've done the following# pfctl -d# ifconfig carp7 down# ifconfig carp7 up -Should I not see some carp-traffic in the tcpdump-session? -I don't see any carp-traffic there, so I am starting to wonder whether something has changed with em-driver and/or carp in current? - -# ifconfig carp7 carp7: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 00:00:5e:00:01:01 description: ISP priority: 0 carp: MASTER carpdev em7 vhid 1 advbase 20 advskew 100 groups: carp status: master inet X.X.X.116 netmask 0xfff0 broadcast X.X.X.127 # ifconfig em7 em7: flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 00:00:24:d0:de:03 description: ISP priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet X.X.X.125 netmask 0xfff0 broadcast X.X.X.127 # dmesg sdhc0 at pci2 dev 4 function 0 Intel EG20T SDIO rev 0x01: apic 0 int 18 sdmmc0 at sdhc0 sdhc1 at pci2 dev 4 function 1 Intel EG20T SDIO rev 0x01: apic 0 int 18 sdmmc1 at sdhc1 ahci0 at pci2 dev 6 function 0 Intel EG20T AHCI rev 0x02: msi, AHCI 1.1 scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 0 lun 0: ATA, TS4GMSA500, 2012 SCSI3 0/direct fixed t10.ATA_TS4GMSA500_20140403B37910026705 sd0: 3775MB, 512 bytes/sector, 7732368 sectors ohci3 at pci2 dev 8 function 0 Intel EG20T USB rev 0x02: apic 0 int 16, version 1.0 ohci4 at pci2 dev 8 function 1 Intel EG20T USB rev 0x02: apic 0 int 16, version 1.0 ohci5 at pci2 dev 8 function 2 Intel EG20T USB rev 0x02: apic 0 int 16, version 1.0 ehci1 at pci2 dev 8 function 3 Intel EG20T USB rev 0x02: apic 0 int 16 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 Intel EG20T DMA rev 0x00 at pci2 dev 10 function 0 not configured puc0 at pci2 dev 10 function 1 Intel EG20T Serial rev 0x01: ports: 1 com com4 at puc0 port 0 apic 0 int 19: ti16750, 64 byte fifo puc1 at pci2 dev 10 function 2 Intel EG20T Serial rev 0x00: ports: 1 com com5 at puc1 port 0 apic 0 int 19: ti16750, 64 byte fifo puc2 at pci2 dev 10 function 3 Intel EG20T Serial rev 0x00: ports: 1 com com6 at puc2 port 0 apic 0 int 19: ti16750, 64 byte fifo puc3 at pci2 dev 10 function 4 Intel EG20T Serial rev 0x00: ports: 1 com com7 at puc3 port 0 apic 0 int 19: ti16750, 64 byte fifo Intel EG20T DMA rev 0x00 at pci2 dev 12 function 0 not configured Intel EG20T SPI rev 0x00 at pci2 dev 12 function 1 not configured Intel EG20T I2C rev 0x00 at pci2 dev 12 function 2 not configured Intel EG20T CAN rev 0x00 at pci2 dev 12 function 3 not configured Intel EG20T 1588 rev 0x01 at pci2 dev 12 function 4 not configured usb2 at ohci0: USB revision 1.0 uhub2 at usb2 Intel OHCI root hub rev 1.00/1.00 addr 1 usb3 at ohci1: USB revision 1.0 uhub3 at usb3 Intel OHCI root hub rev 1.00/1.00 addr 1 usb4 at ohci2: USB revision 1.0 uhub4 at usb4 Intel OHCI root hub rev 1.00/1.00 addr 1 usb5 at ohci3: USB revision 1.0 uhub5 at usb5 Intel OHCI root hub rev 1.00/1.00 addr 1 usb6 at ohci4: USB revision 1.0 uhub6 at usb6 Intel OHCI root hub rev 1.00/1.00 addr 1 usb7 at ohci5: USB revision 1.0 uhub7 at usb7 Intel OHCI root hub rev 1.00/1.00 addr 1 ppb2 at pci0 dev 24 function 0 Intel E600 PCIE rev 0x00 pci3 at ppb2 bus 3 ppb3 at pci3 dev 0 function 0 IDT 89HPES4T4 rev 0x0e pci4 at ppb3 bus 4 ppb4 at pci4 dev 2 function 0 IDT 89HPES4T4 rev 0x0e pci5 at ppb4 bus 5 em0 at pci5 dev 0 function 0 Intel 82574L rev 0x00: msi, address 00:00:24:d0:cd:c4 ppb5 at pci4 dev 3 function 0 IDT 89HPES4T4 rev 0x0e pci6 at ppb5 bus 6 em1 at pci6 dev 0 function 0 Intel 82574L rev 0x00: msi, address 00:00:24:d0:cd:c5 ppb6 at pci4 dev 4 function 0 IDT 89HPES4T4 rev 0x0e pci7 at ppb6 bus 7 ppb7 at pci0 dev 25 function 0 Intel E600 PCIE rev 0x00 pci8 at ppb7 bus 8 ppb8 at pci8 dev 0 function 0 IDT 89HPES4T4 rev 0x0e pci9 at ppb8 bus 9 ppb9 at pci9 dev 2 function 0 IDT 89HPES4T4 rev 0x0e pci10 at ppb9 bus 10 em2 at pci10 dev 0 function 0 Intel 82574L rev 0x00: msi, address 00:00:24:d0:cd:c6 ppb10 at pci9 dev 3 function 0 IDT 89HPES4T4 rev 0x0e pci11 at ppb10 bus 11 em3 at pci11 dev 0 function 0 Intel 82574L
Re: ulpt/libusb weirdness in -current
After applying the patch, the printer is still not responding, but the output of /usr/local/libexec/cups/backend/usb is different: root@poseidon:[cups] sudo /usr/local/libexec/cups/backend/usb DEBUG: Loading USB quirks from /usr/local/share/cups/usb. DEBUG: Loaded 68 quirks. DEBUG: list_devices DEBUG: libusb_get_device_list=14 DEBUG: Failed to open device, code: -99 What's the output of lsusb(1) ? -- Antoine
Re: ulpt/libusb weirdness in -current
On Thu 14/08 17:17, Antoine Jacoutot wrote: After applying the patch, the printer is still not responding, but the output of /usr/local/libexec/cups/backend/usb is different: root@poseidon:[cups] sudo /usr/local/libexec/cups/backend/usb DEBUG: Loading USB quirks from /usr/local/share/cups/usb. DEBUG: Loaded 68 quirks. DEBUG: list_devices DEBUG: libusb_get_device_list=14 DEBUG: Failed to open device, code: -99 What's the output of lsusb(1) ? root@poseidon:[cups] lsusb Bus 000 Device 001: ID 8086: Intel Corp. Bus 000 Device 002: ID 05e3:0608 Genesys Logic, Inc. USB-2.0 4-Port HUB Bus 000 Device 003: ID 05e3:0608 Genesys Logic, Inc. USB-2.0 4-Port HUB Bus 000 Device 004: ID 03f0:0024 Hewlett-Packard KU-0316 Keyboard Bus 000 Device 005: ID 046d:c050 Logitech, Inc. RX 250 Optical Mouse Bus 000 Device 006: ID 046d:089d Logitech, Inc. QuickCam E2500 series Bus 001 Device 001: ID 8086: Intel Corp. Bus 001 Device 002: ID 03f0:2504 Hewlett-Packard DeskJet F4200 series Bus 002 Device 001: ID 8086: Intel Corp. Bus 002 Device 002: ID 0a5c:2110 Broadcom Corp. BCM2045B (BDC-2) [Bluetooth Controller] Bus 003 Device 001: ID 8086: Intel Corp. Bus 004 Device 001: ID 8086: Intel Corp. Bus 005 Device 001: ID 8086: Intel Corp. Bus 006 Device 001: ID 8086: Intel Corp. -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
Re: Donations to OpenBSD
On Thu, Aug 14, 2014 at 07:16:41AM +0100, Bernte wrote: Could you please just clarify: I have money and I want that to go to the OpenBSD project. I would like as much as possible to make it there (from the UK in my case), I would like to give the OpenBSD people the highest degree of freedom of what to do with it, and don't need any physical gadgets to go with it. What is the optimal way to achieve this? The OpenBSD Foundation. http://www.openbsdfoundation.org/donations.html Theo has mentioned it several times this year as being the preferred route. It's as simple as possible. Nicolai
Re: [Bulk] Re: Donations to OpenBSD
previously on this list Nicolai contributed: The OpenBSD Foundation. http://www.openbsdfoundation.org/donations.html Theo has mentioned it several times this year as being the preferred route. It's as simple as possible. Another idea I guess with next to no work- high res copies of the stickers, paid for download at CD price. To fund the project yes but CD's are THE? route to fund Theo's ongoing full-time dedication. Cheque - more work than online so less likely? cash - risk, more work than online so less likely, knowing he actually got it? I guess Theo could publish his sort code and account number, are gifts tax free in Canada? -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
bgpctl manual has duplicate
Hi, I noticed bgpctl manpage has some duplicate information : --- bgpctl.8.orig Thu Aug 14 18:46:21 2014 +++ bgpctl.8Thu Aug 14 18:46:41 2014 @@ -359,12 +359,6 @@ Multiple options can be used at the same time and the .Ar neighbor filter can be combined with other filters. -.It Cm show summary -Show a list of all neighbors, including information about the session state -and message counters. -.It Cm show summary terse -Show a list of all neighbors, including information about the session state, -in a terse format. .It Cm show tables Show a list of all currently loaded fib routing tables. .El Regards, Denis
Re: [Bulk] Re: Donations to OpenBSD
Another idea I guess with next to no work- high res copies of the stickers, paid for download at CD price. Which then get shared, and reproduced by any asshole company on the net, much like ixsoft.de has been doing for years? To fund the project yes but CD's are THE? route to fund Theo's ongoing full-time dedication. Unfortunately it is that, or gifts to me. Which is not income. I still need an income to remain legit in the eyes of the tax man. Cheque - more work than online so less likely? cash - risk, more work than online so less likely, knowing he actually got it? Or dera...@openbsd.org paypal, even. That's more recent, though. I guess Theo could publish his sort code and account number, are gifts tax free in Canada? gifts are tax free.
Re: [Bulk] Re: tcpdump and circular logfile buffer
previously on this list Stuart Henderson contributed: There are headers to deal with. You might get somewhere with tcpslice or pcapmerge; if neither of these do what you want, pcapmerge is written in perl and shouldn't be too difficult to modify or use as a base for something else. They only seem to split on a timebase whereas I want to keep files small and make sure I don't fill the filesystem. This is what I have come up with so far if it's of any use to anyone, should work quite well but as many packets are small the circular buffer will overwrite before the filesystems full. I will probably fix that by monitoring the filesystem but for now it will do especially at a low snaplen. I've been set back with soldering a laptop power supply (yet again) which turned out to be the plug end after having cut the cable searching for the break :-{ #!/bin/sh EXT_IF=trunk0 PKTCAPSIZE=200 MBFILESIZE=15 STORAGEFILE=/var/log/inet-dump/internet-log STORAGEGB=95 PKTCOUNT=$(((1024*1024*$MBFILESIZE)/$PKTCAPSIZE)) FILECOUNT=$((($STORAGEGB*1024)/$MBFILESIZE)) f=-1 while true do if [ $f -gt $(($FILECOUNT-1)) ]; then f=0 else f=$(($f+1)) fi /usr/bin/sudo /usr/sbin/tcpdump -c $PKTCOUNT -s $PKTCAPSIZE -w $STORAGEFILE$f -i $EXT_IF done p.s. Why are C and sh syntax not closer than they are -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: troubleshooting carp
What switch do you have? advbase 20” and advskew 100” means that you’ll have to wait 20+ sec in order to see announcement in tcpdump. Are you sure you have waited enough? //mxb On 14 aug 2014, at 16:37, Stefan Olsson stur...@hotmail.com wrote: Hi Misc, I am having problems with setting up a pair of firewalls (Soekris 6501-70 with an extra lan1841 quad-card, i.e. total 8 em-ports) - I can not get CARP to work - both firewalls insist on becoming Master. I did have it working a week or two ago, since then I've been working on the rulesets and have updated to current snapshots several times, latest was last night. I've been thinking it was the rulesets that prevented the carp-traffic somehow, but even with pf turned off the carp announcements doesn't seem to be transmitted on the em-port. In order to isolate the problem I've turned on tcpdump in one session: # tcpdump -vvv -i em7 proto carp and then in another session I've done the following# pfctl -d# ifconfig carp7 down# ifconfig carp7 up -Should I not see some carp-traffic in the tcpdump-session? -I don't see any carp-traffic there, so I am starting to wonder whether something has changed with em-driver and/or carp in current? - -# ifconfig carp7 carp7: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 00:00:5e:00:01:01 description: ISP priority: 0 carp: MASTER carpdev em7 vhid 1 advbase 20 advskew 100 groups: carp status: master inet X.X.X.116 netmask 0xfff0 broadcast X.X.X.127 # ifconfig em7 em7: flags=28b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 00:00:24:d0:de:03 description: ISP priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet X.X.X.125 netmask 0xfff0 broadcast X.X.X.127 # dmesg sdhc0 at pci2 dev 4 function 0 Intel EG20T SDIO rev 0x01: apic 0 int 18 sdmmc0 at sdhc0 sdhc1 at pci2 dev 4 function 1 Intel EG20T SDIO rev 0x01: apic 0 int 18 sdmmc1 at sdhc1 ahci0 at pci2 dev 6 function 0 Intel EG20T AHCI rev 0x02: msi, AHCI 1.1 scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 0 lun 0: ATA, TS4GMSA500, 2012 SCSI3 0/direct fixed t10.ATA_TS4GMSA500_20140403B37910026705 sd0: 3775MB, 512 bytes/sector, 7732368 sectors ohci3 at pci2 dev 8 function 0 Intel EG20T USB rev 0x02: apic 0 int 16, version 1.0 ohci4 at pci2 dev 8 function 1 Intel EG20T USB rev 0x02: apic 0 int 16, version 1.0 ohci5 at pci2 dev 8 function 2 Intel EG20T USB rev 0x02: apic 0 int 16, version 1.0 ehci1 at pci2 dev 8 function 3 Intel EG20T USB rev 0x02: apic 0 int 16 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 Intel EG20T DMA rev 0x00 at pci2 dev 10 function 0 not configured puc0 at pci2 dev 10 function 1 Intel EG20T Serial rev 0x01: ports: 1 com com4 at puc0 port 0 apic 0 int 19: ti16750, 64 byte fifo puc1 at pci2 dev 10 function 2 Intel EG20T Serial rev 0x00: ports: 1 com com5 at puc1 port 0 apic 0 int 19: ti16750, 64 byte fifo puc2 at pci2 dev 10 function 3 Intel EG20T Serial rev 0x00: ports: 1 com com6 at puc2 port 0 apic 0 int 19: ti16750, 64 byte fifo puc3 at pci2 dev 10 function 4 Intel EG20T Serial rev 0x00: ports: 1 com com7 at puc3 port 0 apic 0 int 19: ti16750, 64 byte fifo Intel EG20T DMA rev 0x00 at pci2 dev 12 function 0 not configured Intel EG20T SPI rev 0x00 at pci2 dev 12 function 1 not configured Intel EG20T I2C rev 0x00 at pci2 dev 12 function 2 not configured Intel EG20T CAN rev 0x00 at pci2 dev 12 function 3 not configured Intel EG20T 1588 rev 0x01 at pci2 dev 12 function 4 not configured usb2 at ohci0: USB revision 1.0 uhub2 at usb2 Intel OHCI root hub rev 1.00/1.00 addr 1 usb3 at ohci1: USB revision 1.0 uhub3 at usb3 Intel OHCI root hub rev 1.00/1.00 addr 1 usb4 at ohci2: USB revision 1.0 uhub4 at usb4 Intel OHCI root hub rev 1.00/1.00 addr 1 usb5 at ohci3: USB revision 1.0 uhub5 at usb5 Intel OHCI root hub rev 1.00/1.00 addr 1 usb6 at ohci4: USB revision 1.0 uhub6 at usb6 Intel OHCI root hub rev 1.00/1.00 addr 1 usb7 at ohci5: USB revision 1.0 uhub7 at usb7 Intel OHCI root hub rev 1.00/1.00 addr 1 ppb2 at pci0 dev 24 function 0 Intel E600 PCIE rev 0x00 pci3 at ppb2 bus 3 ppb3 at pci3 dev 0 function 0 IDT 89HPES4T4 rev 0x0e pci4 at ppb3 bus 4 ppb4 at pci4 dev 2 function 0 IDT 89HPES4T4 rev 0x0e pci5 at ppb4 bus 5 em0 at pci5 dev 0 function 0 Intel 82574L rev 0x00: msi, address 00:00:24:d0:cd:c4 ppb5 at pci4 dev 3 function 0 IDT 89HPES4T4 rev 0x0e pci6 at ppb5 bus 6 em1 at pci6 dev 0 function 0 Intel 82574L rev 0x00: msi, address 00:00:24:d0:cd:c5 ppb6 at pci4 dev 4 function 0 IDT 89HPES4T4 rev 0x0e pci7 at ppb6 bus 7 ppb7 at pci0 dev 25 function 0
Re: troubleshooting carp
Subject: Re: troubleshooting carp From: m...@alumni.chalmers.se Date: Thu, 14 Aug 2014 19:31:06 +0200 CC: misc@openbsd.org To: stur...@hotmail.com What switch do you have? advbase 20 and advskew 100 means that youll have to wait 20+ sec in order to see announcement in tcpdump. Are you sure you have waited enough? -Yeah, I waited long enough, and in the meantime this came up in /var/log/messages: Aug 14 17:40:09 left /bsd: carp7: state transition: MASTER - INIT Aug 14 17:40:30 left /bsd: carp7: state transition: INIT - BACKUP Aug 14 17:41:30 left /bsd: carp7: state transition: BACKUP - MASTER By the way, here is some output from sysctl:$ sysctl net.inet.carpnet.inet.carp.allow=1net.inet.carp.preempt=1 net.inet.carp.log=7 -I don't actually see anything else from carp in /var/log/messages other than these transitions, even though net.inet.carp.log=7 -Just to clarify, when I do tcpdump without filtering, there is a lot of traffic entering and exiting, but nothing carp-related. I am not entirely sure what model the switch is since it is in Ireland and I'm in the U.S. - but it shouldn't really matter that much since I am trying to capture outgoing traffic from the host itself, or should it?
Re: I have several questions
On 2014-08-11, Theo de Raadt dera...@cvs.openbsd.org wrote: Did you use separate disk partitions, or just make one big / partition? If the latter, that would *probably* stop the signature verification from being possible. By installation files I mean installation files on CD The installation program says it can't verify and I have to make an answer to let installation program go ahead You mean you used the install*.iso or install*.fs files for installation. This is documented that these media do not have signatures for the contents inside themselves. For those install methods you have to verify the install media files themselves beforehands. Did you do that? You didn't, did you. And then you booted that on your machine? Tsk tsk. This is the least of your problems... This has not been an problem in the last twenty or so years. Best regards, J JOACHIM
Re: troubleshooting carp
From: stur...@hotmail.com To: m...@alumni.chalmers.se CC: misc@openbsd.org Subject: RE: troubleshooting carp Date: Thu, 14 Aug 2014 14:00:37 -0400 Subject: Re: troubleshooting carp From: m...@alumni.chalmers.se Date: Thu, 14 Aug 2014 19:31:06 +0200 CC: misc@openbsd.org To: stur...@hotmail.com What switch do you have? -OK, so I tried tcpdump and carp up/down on em1 instead as that is connected directly to the other firewall, i.e. no switch in between, and lo and behold, I can see CARPadvertisements! -So, considering that it is the same host and same driver (em), it seems to be a wrongly configured switch rather than anything else! That begs the question though - what is so special with CARP, and what in the switch would be preventing it?? Multicast? VLAN? ...? I believe the switch might be a Netgear GSM724, or it could be a GS105.
Re: bgpctl manual has duplicate
Hi Denis, Denis Fondras wrote on Thu, Aug 14, 2014 at 06:53:07PM +0200: I noticed bgpctl manpage has some duplicate information : Thanks, committed. I removed the first copies though and not the second as you proposed in order to preserve alphabetic ordering. Yours, Ingo --- bgpctl.8.orig Thu Aug 14 18:46:21 2014 +++ bgpctl.8Thu Aug 14 18:46:41 2014 @@ -359,12 +359,6 @@ Multiple options can be used at the same time and the .Ar neighbor filter can be combined with other filters. -.It Cm show summary -Show a list of all neighbors, including information about the session state -and message counters. -.It Cm show summary terse -Show a list of all neighbors, including information about the session state, -in a terse format. .It Cm show tables Show a list of all currently loaded fib routing tables. .El
Re: troubleshooting carp
On Thu, Aug 14, 2014 at 2:36 PM, Stefan Olsson stur...@hotmail.com wrote: That begs the question though - http://begthequestion.info/ :-) (former philosophy major ...) -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: [Bulk] Re: Donations to OpenBSD
Another idea I guess with next to no work- high res copies of the stickers, paid for download at CD price. Which then get shared, and reproduced by any asshole company on the net, much like ixsoft.de has been doing for years? I did a quick check out of curiosity and there they are, OpenBSD posters for sale. The interesting fact is that at Hersteller section (Manufacturer, tran.) is written OpenBSD.org! What does it mean?
Re: Terminate session on serial terminal (com0) when ssh disconnects
On 2014-08-12, Clint Pachl pa...@ecentryx.com wrote: Here's my situation: I ssh into a remote server in my group. From that server, I connect to an adjacent, local server in the group via the serial terminal using tip(1) or cu(1). If the ssh connection is disconnected, the login session to the second server's serial com0 will remain open/active. Is there a reliable, system-wide method or configuration to terminate the serial session if the ssh connection dies? It should just work... but it doesn't. When the ssh connection is disconnected, tip/cu will receive a SIGHUP and terminate. This will close the outgoing cua(4) device, de-asserting DTR, which with the usual null modem cable will de-assert DCD at the incoming tty(4) device, which in turn should result in a SIGHUP being sent to the processes on that tty. I don't know offhand why this doesn't work. -- Christian naddy Weisgerber na...@mips.inka.de
Re: [Bulk] Re: Donations to OpenBSD
It means Producer, or maker If you do a search, you will see that they sell a lot of OpenBSD stuffare they or are they not selling official merchandise? I'd like to hear what German OpenBSD users think of the situation. If they're too busy, let me know. Daniel Villarreal On Thu, Aug 14, 2014 at 4:03 PM, Mihai Popescu mih...@gmail.com wrote: Another idea I guess with next to no work- high res copies of the stickers, paid for download at CD price. Which then get shared, and reproduced by any asshole company on the net, much like ixsoft.de has been doing for years? I did a quick check out of curiosity and there they are, OpenBSD posters for sale. The interesting fact is that at Hersteller section (Manufacturer, tran.) is written OpenBSD.org! What does it mean?
Re: [Bulk] Re: Donations to OpenBSD
On Thu, Aug 14, 2014 at 4:40 PM, Daniel Villarreal yclwebmas...@gmail.com wrote: It means Producer, or maker also manufacturer ... -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: [Bulk] Re: Donations to OpenBSD
2014-08-14 19:13 GMT+02:00 Theo de Raadt dera...@cvs.openbsd.org: Which then get shared, and reproduced by any asshole company on the net, much like ixsoft.de has been doing for years? ? ixsoft.de is still listed as reseller on http://www.openbsd.org/orders.html Did I miss something? Best Martin
Re: troubleshooting carp
You should show configuration from the other side too. Youll have to start your troubleshooting from the base, eg. can you ping node2 from node1? //mxb On 14 aug 2014, at 20:36, Stefan Olsson stur...@hotmail.com wrote: From: stur...@hotmail.com To: m...@alumni.chalmers.se CC: misc@openbsd.org Subject: RE: troubleshooting carp Date: Thu, 14 Aug 2014 14:00:37 -0400 Subject: Re: troubleshooting carp From: m...@alumni.chalmers.se Date: Thu, 14 Aug 2014 19:31:06 +0200 CC: misc@openbsd.org To: stur...@hotmail.com What switch do you have? -OK, so I tried tcpdump and carp up/down on em1 instead as that is connected directly to the other firewall, i.e. no switch in between, and lo and behold, I can see CARP advertisements! -So, considering that it is the same host and same driver (em), it seems to be a wrongly configured switch rather than anything else! That begs the question though - what is so special with CARP, and what in the switch would be preventing it?? Multicast? VLAN? ...? I believe the switch might be a Netgear GSM724, or it could be a GS105.
Re: Donations to OpenBSD
We know... ;) Sent from my iPhone On 14 Aug 2014, at 16:14, Nicolai nicolai-om...@chocolatine.org wrote: On Thu, Aug 14, 2014 at 07:16:41AM +0100, Bernte wrote: Could you please just clarify: I have money and I want that to go to the OpenBSD project. I would like as much as possible to make it there (from the UK in my case), I would like to give the OpenBSD people the highest degree of freedom of what to do with it, and don't need any physical gadgets to go with it. What is the optimal way to achieve this? The OpenBSD Foundation. http://www.openbsdfoundation.org/donations.html Theo has mentioned it several times this year as being the preferred route. It's as simple as possible. Nicolai
Re: Donations to OpenBSD
Hahaha, lol!! Yes peter :) Sent from my iPhone On 14 Aug 2014, at 10:17, Peter Hessler phess...@theapt.org wrote: options: 1) cash in envelope, put into mail 2) bank cheque in envelope, put in mail 3) suck it up, and stop caring about the middle man's cut 4) bank transfers (also: see #3) 5) fly to canada with a suitcase of money 6) bank transfers to the EUROPEAN bank 7) OpenBSD Foundatation On 2014 Aug 14 (Thu) at 10:02:42 +0100 (+0100), Andy wrote: :We've found this strangely difficult to do also.. Just want to donate, don't :want stuff in return, don't want middle men taking a cut.. : : :On 14/08/14 09:59, Janne Johansson wrote: :Talk to www.openbsdeurope.com, which happens to be in the UK. :I'm sure they can arrange for donations in a simple-for-you way even if you :don't need a product back. : : : :2014-08-14 8:16 GMT+02:00 Bernte ber...@fams.de: : :On 14/08/14 01:10, Theo de Raadt wrote: :How does it compare for using the SWIFT method outlined on the website? :The SWIFT donations go to the Project. That is spent on things which :the Foundation doesn't pay for. :Gee - CDs, T-Shirts, Project, Foundation - all this discussion starts to :confuse me. : :Theo, I am planning to donate, but I am loosing my understanding of the :optimal way. : :Could you please just clarify: I have money and I want that to go to the :OpenBSD project. I would like as much as possible to make it there (from :the UK in my case), I would like to give the OpenBSD people the highest :degree of freedom of what to do with it, and don't need any physical :gadgets to go with it. What is the optimal way to achieve this? : :Thanks, :Bernd : -- Democracy is good. I say this because other systems are worse. -- Jawaharlal Nehru
rc.local mystery executables
I run an OpenBSD 5.5-stable amd64 server at home. Email, web, etc. Today I was doing some maintenance and I found my way to /etc/rc.local. When I opened it I saw this: $ cat rc.local # $OpenBSD: rc.local,v 1.44 2011/04/22 06:08:14 ajacoutot Exp $ # Site-specific startup actions, daemons, and other things which # can be done AFTER your system goes into securemode. For actions # which should be done BEFORE your system has gone into securemode # please see /etc/rc.securelevel. cd /etc;./sfewfesfs cd /etc;./gfhjrtfyhuf cd /etc;./rewgtf3er4t cd /etc;./sdmfdsfhjfe cd /etc;./gfhddsfew cd /etc;./ferwfrre cd /etc;./dsfrefr I don't remember adding those lines to my rc.local file. $ cd /etc ls -al ./sfewfesfs -rwsrwsrwt 1 root wheel 694680 Apr 4 07:47 /etc/sfewfesfs $ file dsfrefr dsfrefr: ELF 32-bit LSB executable, Intel 80386, version 1, statically linked, stripped Seems odd to have a bunch of randomly named executibles running at boot. And that they are compiled for 386 (I'm running amd64), and that they have suid set, and to root. $ clamscan * dsfrefr: OK ferwfrre: OK gfhddsfew: OK gfhjrtfyhuf: OK rc.local: OK rewgtf3er4t: OK sdmfdsfhjfe: OK sfewfesfs: OK Scanned directories: 0 Scanned files: 8 Infected files: 0 Data scanned: 3.21 MB Data read: 3.20 MB (ratio 1.00:1) Time: 10.842 sec (0 m 10 s) Hmm, ok let's run one. $ ./dsfrefr ./dsfrefr[1]: syntax error: `(' unexpected That's all any of them say when run. So...have I been p0wned or does anyone know what innocent thing might be happening here? Please CC sc...@ggr.com on any replies, as I'm not subscribed to updates from the list.
Re: rc.local mystery executables
Scott Bonds [sc...@ggr.com] wrote: I run an OpenBSD 5.5-stable amd64 server at home. Email, web, etc. Today ... $ file dsfrefr dsfrefr: ELF 32-bit LSB executable, Intel 80386, version ... So...have I been p0wned or does anyone know what innocent thing might be happening here? Please CC sc...@ggr.com on any replies, as I'm not subscribed to updates from the list. Yeah, you are compromised.
Re: DVD how to overcome mkisofs
On Thu, Aug 14, 2014 at 9:52 PM, Tuyosi Takesima nakajin.fu...@gmail.com wrote: Josh's advise make me forward. i upgrade snapshots . and pkg_add zsh . then '/usr/local/share/zsh/5.0.5/functions/_genisoimage' appear . head /usr/local/share/zsh/5.0.5/functions/_genisoimage is next . #compdef genisoimage _arguments \ '-nobak[do not include backup files]' \ '-no-bak[do not include backup files]' but i do not understand how to make genisoimage . i only imagine _a2ps has the same method . Would this page help? http://www.debianadmin.com/genisoimage-creates-iso-9660-cd-rom-filesystem-images.html Or is it information you already have? genisoimage make smaller image than mkisofs. so it is useful to burn DVD. --- tuyosi -- Joel Rees Be careful where you see conspiracy. Look first in your own heart.
Re: rc.local mystery executables
On 14-08-14 07:54 PM, Scott Bonds wrote: So...have I been p0wned or does anyone know what innocent thing might be happening here? I think you already know the answer, unless you've done something very, very strange back in April. However, it could be said that the 3rd party here isn't terribly competent, mixing arches and leaving traces behind. The most innocent thing I can think of is that someone is playing a prank of you... -- -Adam Thompson athom...@athompso.net
Re: rc.local mystery executables
On Thu, Aug 14, 2014 at 17:54, Scott Bonds wrote: So...have I been p0wned or does anyone know what innocent thing might be happening here? Please CC sc...@ggr.com on any replies, as I'm not subscribed to updates from the list. Bad news: yeah. They appear to have screwed up their rootkit by installing the i386 edition, but those files should not be there. I'd reinstall after giving some consideration to how this may have happened (and changing all your passwords, rotating ssh keys, etc.).
Re: DVD how to overcome mkisofs (zsh function)
thanks reply . i managed to find http://qiita.com/yuku_t/items/77c23390e52168a2754a . perhaps 1) chsh -s zsh 2) edit .zshrc fpath .or FPATH . /usr/local/share/zsh/5.0.5/functions/ autoload ...genisoimage then genisoimage go but i do not understand now how to use functons of zsh . imaginatin only --- tuyosi
minimums for /usr/ports, /usr/xenocara, and /usr/src
I'm trying re-learn how to bring a new install up to -stable, and I've been following the instructions on http://www.openbsd.org/stable.html and http://www.openbsd.org/faq/faq5.html#Bld and not doing a very good job of it. The recommended partition left me with only 1.4G for /usr, and it was 90% full when I finished unpacking the sys, src, ports, and xenocara tarballs. (ancient IBM thinkpad with only 256M RAM and 20G (17 real gig) or hard disk. 860 MHz or so CPU.) I had saved 2.5G out of the suggested size for /home, so I cut a 1G partition for /usr/ports and gave it the default newfs. mount on /mnt, cp -pR /usr/ports/ /mnt/ (I always mess that up -- mv /mnt/ports/* /mnt; mv /mnt/ports/.cvsignore /mnt.) Deleted the original contents of /usr/ports, which I now see was a mistake, and mounted the new partition on /usr/ports. And then I did a cvs co on src, ports, and xenocara. About an hour later, it tells me I have no inodes left on ports. df -ih tells me I have 398 M used on /usr/ports, which is 42%, but 155,676 inodes in use, which is 100%. I forgot to write down what it was trying to check out when it ran out. /usr/src looks like its complete, with 111,613 inodes in use and 70,273 free, 1.2G partition with 313M free. I'm thinking that's room enough to build the patches and a few other things I need. What size partition should I cut for /usr/ports, and how many inodes should I allocate it? Or should I just not try to bring /usr/ports up to stable? And what can I expect for /usr/xenocara? Just from unpacking the tarball, it's using close to 700M on /usr, so I'm planning on cutting it a partition, too. My thinking is to use my remaining 1.5G for a new /usr/ports, give it 500,000 inodes and cp -pR again, to save bandwidth on the mirror, then take the 1 G partition that would be freed, give it 300,000 inodes, and use it for /usr/xenocara. Can anyone tell me if that will be enough? Or maybe I should just do it the other way, from the patch sets, I think it was. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart.
tor status
I see no recent posts on the subject. Repository about 2 weeks ago shows a version 0.2.4.22p0. At the moment I cannot find manual for openbsd, on the net. What is prefered way to use it right now? On other systems it works fine through torsocks. And the user and group _tor are made for the purpose. If I asked something pretty obvious, I'd like to learn links for up to date articles. Best regards Zoran