Re: netstat -I in 4.3 shows lo0 too

[Andreas Maus]

On Tue, Sep 09, 2008 at 04:14:48PM +0200, Federico Giannici wrote:
 Since we upgraded from 4.2 to 4.3 the netstat -I ifname command changed 
 it's output and now includes the lo0 statistics too.
Hi.

Yes it is a bug and was previously discussed here:

http://marc.info/?l=openbsd-miscm=121403404706602w=2 

You can download a diff for this issue here:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/netstat/if.c.diff?r1=1.56r2=1.57

and rebuilding netstat by

cd /usr/src/usr.bin/netstat/
make  make install

(Assuming you installed the src.tar.gz tarball).

HTH,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Is it necessary to recompile just to apply a security patch?

[Andreas Maus]

On Tue, Jul 29, 2008 at 08:41:36AM -0700, skogzort wrote:
 Is it necessary to recompile just to apply a security patch?
Of course! ;)

 In order to do this it appears that I have to download the source code
 re-compile the entire OS. Recompiling the OS seems to involve a lot of steps.
 Before I continue to read through them all, I just want to confirm that it is
 actually necessary to do all of this, simply to apply a security patch:
Do you use the current 4.3 or do you use a CVS snapshot ?

If you use 4.3 you _have_ to download and install src.tar.gz and
install it. Now download only the bind patch for 4.3 and apply
the patch and rebuild and reinstall named. (Don't forget to restart
named ;) )

If you use a older version check the appropriate errata page instead ;)

Its OpenBSD. Its soo easy :P

HTH,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Actual BIND error - Patching OpenBSD 4.3 named ?

[Andreas Maus]

Hi.

I guess OpenBSDs named is affected by the actual issue:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://www.kb.cert.org/vuls/id/800113

So I hope a patch is in progress ?
Or is OpenBSD not affected by this issue?

So long,

Andreas.
-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Actual BIND error - Patching OpenBSD 4.3 named ?

[Andreas Maus]

On Wed, Jul 09, 2008 at 11:19:24AM +0100, mark reardon wrote:
 Hi Andreas,
 
 Aren't you dumping on the wrong interface here?
 Should it not be your $ext_if where the alleged poisoning will come from?
Hi Mark.

Excuse me? The tcpdump was provided by Rod Whitworth
[EMAIL PROTECTED].

So long,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

[Andreas Maus]

On Wed, Jul 09, 2008 at 10:45:09PM +0800, Zamri Besar wrote:
 Good morning,
 
 Today, I'm received alert from one of my friends regarding to
 Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable
 to cache poisoning.
 http://www.kb.cert.org/vuls/id/800113
 
 I checked the above site, and found that most of the *BSD status are
 unknown. Is this bug affected OpenBSD default bind dns?
 
 I'm don't know either the above bug is similar to this thread or not.
 http://marc.info/?l=openbsd-miscm=118539211412877w=2
I think named on OpenBSD 4.3 is affected too.
See
http://www.nabble.com/Actual-BIND-error---Patching-OpenBSD-4.3-named---td18357465.html

So long,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

[Andreas Maus]

On Wed, Jul 09, 2008 at 12:22:17PM -0400, bofh wrote:
 Love your gimme gimme attitude.  If you spent half a second thinking about 
 this:
Hehehe ;)

Furthermore you can see in the US-CERT that this VULN was:

Date First Published07/08/2008 02:46:15 PM

As you know some developers may live outside .us in a different
timezone (and developers in .us/.ca have to work at this time).
So in e.g. Europe this was yesterdays evening.

You can accelerate proceedings by a) donating to OpenBSD
and b) - if you need this patch REALLY FAST - hire a paid
conslutant to develope the patch and send it to the list.

And OpenBSD doesn't have a SLA ...

So long,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Unexpected behavior of netstat in 4.3

[Andreas Maus]

Hi.

I noticed the following misbehavior of netstat in 4.3.

The manual page says:

[... snipp ...]
 -I interface
Show information about the specified interface; used with a wait
interval as described below.
[... snipp ...]

O.K.

Using 4.2 netstat -I interface works as expected:

-bash-3.2$ uname -a 
OpenBSD piglet.badphish.dyndns.org 4.2 GENERIC#0 i386
-bash-3.2$ netstat -ib -I fxp0
NameMtu   Network Address   Ibytes Obytes
fxp01500  Link  00:a0:c9:a0:73:84  514885834  263525662
fxp01500  fe80::%fxp0 fe80::2a0:c9ff:fe  514885834  263525662

But using the same command in 4.3 returns:

-bash-3.2$ uname -a 
OpenBSD son-goku.badphish.dyndns.org 4.3 GENERIC#698 i386
-bash-3.2$ netstat -ib -I vr0 
NameMtu   Network Address   Ibytes Obytes
lo0 33208 localhost   localhost.badphis   37219614   37219614
lo0 33208 localhost.b localhost.badphis   37219614   37219614
lo0 33208 fe80::%lo0/ fe80::1%lo0 37219614   37219614
vr0 1500  Link  00:00:24:ca:68:38 26230376471 6788235902
vr0 1500  son-goku-un son-goku-untruste 26230376471 6788235902
vr0 1500  fe80::%vr0/ fe80::200:24ff:fe 26230376471 6788235902
vr1 1500  son-goku-dm son-goku-dmz.badp 21983028148 89288229482
vr1 1500  fe80::%vr1/ fe80::200:24ff:fe 21983028148 89288229482
vr2 1500  son-goku-tr son-goku-trusted. 93517695317 47526180347
vr2 1500  fe80::%vr2/ fe80::200:24ff:fe 93517695317 47526180347
vr3 1500  192.168.211 192.168.211.1  174328335  863529211
vr3 1500  fe80::%vr3/ fe80::200:24ff:fe  174328335  863529211

At least list of changes (http://openbsd.org/plus43.html) notes some
modifications to netstat but not this behavior.

Maybe a bug? Or how do I request the information for just a single
interface?

So long,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Unexpected behavior of netstat in 4.3

[Andreas Maus]

On Sat, Jun 21, 2008 at 09:07:14AM +0100, Jason McIntyre wrote:
 this was fixed here:
 
 
 revision 1.57
 date: 2008/03/18 20:03:37;  author: claudio;  state: Exp;  lines: +4 -1
 Make -I work correctly. RTM_NEWADDR needs to filter the ifname as well.
 
Aha! Known issue ;)

Well I will extract a diff and recompile only netstat.
(I'm not comfortable rebuilding everything on a 500MHz
server ...)

Thanks for your help.

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Wrong ownership of /var/named/master ?

[Andreas Maus]

On Sun, Jun 15, 2008 at 09:15:41PM +0200, Dorian B|ttner wrote:
 propably the file you gave named in the zone-section of named.conf needs to
 be existing in the first place. give named sufficient permission to read
 and, for dynamic update, to write in it - no bug here and no need to change
 directory ownership.
Hi.

I don't think so.

a) The manual (http://www.isc.org/sw/bind/arm95/Bv9ARM-all.html) doesn't
list an option to specify the location of the journal file.

b) It is automagically created by named
(http://www.isc.org/sw/bind/arm95/Bv9ARM.ch04.html#journal)
[... snipp ...]
This file is automatically created by the server when the first dynamic
update takes place.
[... snipp ...]
Although the documentation didn't specify the location of the journal.

But even it would do so named _NEEDS_ to write to the master directory
because

c)
(http://www.isc.org/sw/bind/arm95/Bv9ARM.ch04.html#journal again):
[... snipp ...]
The server will also occasionally write (dump) the complete contents
of the updated zone to its zone file. This is not done immediately after
each dynamic update, because that would be too slow when a large zone is
updated frequently. Instead, the dump is delayed by up to 15 minutes,
allowing additional updates to take place.
[... snipp ...]

Oh and BTW. /var/named/slave _IS_ writeble by named:

# ls -ld /var/named/slave/
drwxrwxr-x  2 root  named  512 Mar 12 17:28 /var/named/slave/

Of cause it is. named needs it to store and update zone data from the master.
So slave/ is writeble by named because it needs to update the (slave)
zone files. The same applies to the master directory (see c) ).

So long,

Andreas.

--
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Wrong ownership of /var/named/master ?

[Andreas Maus]

On Mon, Jun 16, 2008 at 03:06:46AM -0500, Jamie Gavahan wrote:
 Hello,
Hi.

 A quick search of the archives yielded these results* (among others):
 
 Someone correct me if I'm wrong.
You are wrong :P

named supports dynamic updates via allow-update { key ...; };
But the _DHCP_ server does not support dynamic updates.
I've never said the the dhcpd runs on the OpenBSD system.

So long,

Andreas.

P.S.:
 * http://marc.info/?l=openbsd-miscm=109755604901842w=2
 * http://marc.info/?l=openbsd-miscm=115312797220810w=2
 * http://marc.info/?l=openbsd-miscm=115296366703096w=2
 * http://marc.info/?l=openbsd-miscm=117662121618527w=2
They are all talking about the dhcpd of OpenBSD.
In my case the dhcpd comes from a Linux system and is a
ISC DHCPD v3.0.3 (which supports dynamic updates).

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Wrong ownership of /var/named/master ?

[Andreas Maus]

On Mon, Jun 16, 2008 at 09:32:39AM +, Jussi Peltola wrote:
Hi.

 It's reasonable to me: named doesn't need to modify master zones, so don't let
 it do that. Principle of the least privilege.
Using static zones ... I totally agree.

 Simpler fix: put dynamically updated zones in slave, which I have done for
 years.
O.K. But I am easy to confuse ;)
I will never look into slave/ for dynamic zones.

So I guess the best method - and to close this thread ;) - is to
make a directory called ... say ... dynamic make it writable by
named and put the zone file of the dynamic zones in it.

Case closed ^^

Thanks for your input.

So long,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Wrong ownership of /var/named/master ?

[Andreas Maus]

Hi.

While configuring named on my sweet new Soekris 5501 I discovered
a little *uhm* misconfiguration (I would not call it a bug).

By default the permissions of /var/named/master is set to 0755
and owned by root:wheel. named runs in the chroot /var/named
with the user named, group named.

For most operations this permission/ownership is sufficient.
But if you try to use dynamic updates named will fail to create
the required journals:

15-Jun-2008 16:31:29.885 zone internal.wlan.badphish.dyndns.org/IN: sending 
notifies (serial 200806131)
15-Jun-2008 16:40:22.278 client 192.168.254.202#1025: updating zone 
'11g.wlan.badphish.dyndns.org/IN': adding an RR at 
'nibbler.11g.wlan.badphish.dyndns.org' A 
15-Jun-2008 16:40:22.279 client 192.168.254.202#1025: updating zone 
'11g.wlan.badphish.dyndns.org/IN': adding an RR at 
'nibbler.11g.wlan.badphish.dyndns.org' TXT
15-Jun-2008 16:40:22.280 journal file master/11g.wlan.badphish.dyndns.org.jnl 
does not exist, creating it
15-Jun-2008 16:40:22.280 master/11g.wlan.badphish.dyndns.org.jnl: create: 
permission denied
15-Jun-2008 16:40:22.280 client 192.168.254.202#1025: updating zone 
'11g.wlan.badphish.dyndns.org/IN': error: journal open failed: unexpected error

and dynmic updates will not work.

Simple fix:

chown named /var/named/master

Is this a known issue? At least the permissions of /var/named/master
is root:wheel since 4.1 (I am using 4.3 right now).

Perhaps can be fixed in 4.4 or is there a special reason to set
/var/named/master to root:wheel?

Many thanks in advance,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Unbound: a validating, recursive, and caching DNS resolver

[Andreas Maus]

On Wed, May 21, 2008 at 02:09:23PM -0300, Andris wrote:
 I just read about this project, might be of interest:
 http://unbound.net/
Hi.

Yeah and a port for unbound is just in progress ;)
http://marc.info/?l=openbsd-portsm1131428431723w=2

So long,

Andreas.

--
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: gmake error, please help :)

[Andreas Maus]

On Thu, May 08, 2008 at 10:22:01AM -0700, vatocleti wrote:
 Hey all,
Hi.

   I'm running OpenBSD 4.2/i386 and am booting bsd.mp. I have brought over a
 linux program that uses gcc as the compiler.
 
 I have installed the following sets:
 
 - gmake-3.80p1.tgz
 - gettext-0.14.6p0.tgz
 - libiconv-1.9.2p3.tgz
 
 and when I do a gmake I get the following two errors:
 
 -  /bin/gmake[1]: ELF: not found
 - /bin/gmake[365]: no closing quote
*ahem*
Where does /bin/gmake come from ?
The gmake from gmake-3.80p1.tgz lives in /usr/local/bin/gmake

(And your /bin/gmake looks like a shell script.
Did you take a look at this script?)

HTH,

Andreas.


-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Editing C with...

[Andreas Maus]

On Sat, May 03, 2008 at 02:15:19PM -0400, bofh wrote:
 Real men use ed.
No.
REAL programmers use ...

http://xkcd.com/378/

Sorry, couldn't resist ;)

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Abort trap on 4.3 release

[Andreas Maus]

On Tue, Apr 15, 2008 at 08:01:37PM +0200, Pieter Verberne wrote:
 Hi guys,
Hi Pieter.

 Yesterday I installed OpenBSD 4.3 release from CD. I copied both
Congratulations for your OpenBSD 4.3 CD set ;)

 PORTS_TA.GZ and SRC_TAR.GZ to /tmp. I extracted the ports to /usr/, and
And here is your error.

src.tgz has to be extractes in /usr/src.
You extracted in in /tmp and copied the files to /usr.

tigger:/share/netinst/pub/OpenBSD/4.2# tar tvzf src.tar.gz 
[... snipp ...]
drwxr-xr-x root/wheel0 2007-06-18 22:25 ./bin/chmod
drwxr-xr-x root/wheel0 2007-08-21 00:24 ./bin/chmod/CVS
-rw-r--r-- root/wheel   14 2006-03-01 03:10 ./bin/chmod/CVS/Repository
-rw-r--r-- root/wheel  250 2007-06-18 22:25 ./bin/chmod/CVS/Entries
-rw-r--r-- root/wheel  421 2001-09-06 20:52 ./bin/chmod/Makefile
-rw-r--r-- root/wheel 4864 2007-06-18 22:25 ./bin/chmod/chflags.1
-rw-r--r-- root/wheel 3651 2007-06-18 22:25 ./bin/chmod/chgrp.1

and this will overwrite e.g. /usr/bin/chmod (the file) with the
directory /usr/bin/chmod. And this is causing the abort trap
because under /usr the files has been replaced by directories.

 [date] init: can't exec getty '/usr/libexec/getty' for port
 /dev/sttyC[012345]: Is a directory
--^
See it has been replaced by a directory.
If you extract src.tar.gz to /tmp make sure you copy this to /usr/src.

 (Uhm, I'm not sure if I'll try to fix this install. I think I'll do just
 a fresh install instead. But let's just wait for yours commends)
Either do a fresh install or boot the installation CD, exit to the shell
when prompted if you want to (I)nstall, (U)grade or (S)hell.

Mount your partition and change to the mount point and extract the
filesets you need (base43.tgz, ...) using tar xvzpf ...

HTH,

Andreas.

P.S.: Don't worry I made this error several times ;)

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: download problems

[Andreas Maus]

On Tue, Jan 08, 2008 at 11:03:50AM -0500, Frank Bax wrote:
  Doug:
 
  Just curious.  Does the same problem exist on your OpenBSD boxes?  You
  can also use lynx if you don't have wget installed.
 
  time lynx -dump http://www.openbsd.org/spamd/traplist.gz  /dev/null
 
  Frank
Well, of couse it depends on your link saturation (and other details)
but I don't have a problem downloading this file:

[EMAIL PROTECTED]:/tmp $ time wget http://www.openbsd.org/spamd/traplist.gz
--20:06:41--  http://www.openbsd.org/spamd/traplist.gz
   = `traplist.gz'
Resolving www.openbsd.org... 129.128.5.191
Connecting to www.openbsd.org|129.128.5.191|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 648,560 (633K) [text/plain]

100%[==]
 648,560   48.22K/sETA 00:00

20:06:56 (44.73 KB/s) - `traplist.gz' saved [648560/648560]


real0m14.712s
user0m0.000s
sys 0m0.016s

HTH,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: avoiding a mac address filter

[Andreas Maus]

On Mon, Jan 07, 2008 at 12:19:26PM -0500, Dave Anderson wrote:
 On Mon, 7 Jan 2008, Pau Amaro-Seoane wrote:
 
 loosen up a bit, you're too tight up... I just want to check my
 emails, I don't want to download p0nr movies
 
 Theft of service is theft, regardless of how much or little service
 you're stealing.  If someone's gone to the trouble of filtering on MAC
 addresses, they've clearly indicated that they're not a public service
 -- and no amount of weasel-wording will get around that.
ACK!

Furthermore, depending on your origin this is considered a criminal
act if you circumvent the MAC filter. E.g. here in germany you will
pay for that crime or go to jail (for up to 5 years)
doing this for a: sniffing the traffic to get a valid IP/MAC
association b: breaking into the system which is protected
(even a MAC filter is considered a protection).

And NO A SYSTEM THAT USES MAC FILTERING IS NOT AN OPEN ACCESSPOINT!

Oh and by the way it may be considered a crime trying to do or giving
you tips how to do this (incitement).

If you have a similar system at work and you will try to figure out
how bad guys may attack this ... well talk to your boss or your IT
security team. Maybe you will be assigned to a penetration test.
But in this case you have to sign an agreement what you should
do, what you shouldn't do and when and how to to such tests.
(and if you are in a position to do penetration test you wouldn't
ask such questions ;) )

So don't expect any answer on this list.

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: https access error www.fistofiron.com

[Andreas Maus]

On Mon, Dec 24, 2007 at 09:19:13AM -0800, badeguruji wrote:
 Hello,
Hi.

 I am hosting www.fistofiron.com on a home network behind dsl link. i am able 
 to pull up the site on netscape sometimes, and sometimes it gives error 
 (timeout). it is a very small page. i am not sure, if there is some 
 configuration error.
Well do you use ADSL? If one of your links (up- or download) are saturated you 
will see this error.

  $  lynx -dump https://www.fistofiron.com  
 
 Looking up www.fistofiron.com
 Making HTTPS connection to www.fistofiron.com
 Retrying connection without TLS.
 Looking up www.fistofiron.com
 Making HTTPS connection to www.fistofiron.com
 Alert!: Unable to make secure connection to remote host.
 
 lynx: Can't access startfile https://www.fistofiron.com/
Well ... you think this is somehow OpenBSD related why not posting
more info? Did you try it from an internal host? From an external host?
Do you have _ANY_ pf related rules installed? If yes post these rules.

The usual questions:

 - can you ping the host (without packet loss?)
 - is your lynx SSL-aware?
 - what does openssl s_client -host www.fistofiron.com -port 443
say?

This is somehow OpenBSD related, isnt it ?

HTH,

Andreas.

P.S.: Oh and merry christmas ;)

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

OT: 5 years of OpenBSD ... Thank you ;)

[Andreas Maus]

O.K. This is totally off-topic.
But I wish to say Thank you. ;)

In the end of 2002 I used Linux and ipchains (now iptables) and I was
really pissed off by making a syntax error and I shot myself right in
the foot. So someone tells me about about this pf thingy. (*)

After installing OpenBSD 3.2 on my front router I was VERY pleased ;)

So I installed OpenBSD on every host in my DMZ (and since 2005 on
every Desktop system).

To make this post as short as possible ... I NEVER regret this
decission. O.K. PenguinOS has been installed on some hosts but as years passing 
by
I was frustrated that it includes new drivers but the drivers
was never tested (even on i386 !!1!elf!!). E.g. the -binary only-
bcm43xx firmware using 2.6.19 (or so) locked up the system after
a few frames. Well it compiled o.k but does anyone tested it on
a real system ?!?

So I really stick with OpenBSD. It doesn't cover the ultra-up-to-date 
hardware but the at least it was tested on a real systems! And if it
doesn't work I file a bug report. And I don't have any problems using
a daily CVS snapshot and recompile it. Usually it works more stable
than the so called stable kernel.

O.K. I stop the rant ... ;)

So ... I love OpenBSD. And THANK YOU FOR 5 YEARS OF PROTECTING MY
NETWORK ;) Keep on running!

A.

(*) To be exactly I installed my first OpenBSD system on 
26-Dec-2002

P.S.: Since 3.4 I bought every CD set. Even the one I doesn't need
anymore (like my 4.1 set bought on 27-Oct ;) )

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: BIND and the measure of system entropy (randomness?)

[Andreas Maus]

On Wed, Dec 12, 2007 at 01:08:42AM +1100, mufurcz wrote:
Hi.

  Greetings,
 
  A disk in one of the old firewalls (not exactly critical) failed (running 
  OpenBSD 2.9!), and I urgently
  need a DNS server to work.  Replaced the disk and installed 4.2.  Starting 
  `named -g`  (listing below),
  produces a few surprising messages, like:
 
  a) line 3:  BIND trying to load the configuration from /etc an not from 
  /var/named/etc (my understanding
  was that the default -c option looks for the named.config in /var/named/etc 
  an not in /etc);
AFAIK the originale,unmodified bind from OpenBSD runs in a chroot()ed 
environment
under /var/named. So its root is really at /. So if it says it reads from 
/etc/named.conf
it _REALLY_ reads from /var/named/etc/named.conf because of the chroot.

  b) lines 34 and 35:  `could not open entropy source /dev/arandom: file not 
  found` and `using pre-chroot
  entropy source /dev/arandom` complaining about a missing 
  /var/named/dev/arandom device.
Same as above. /dev/arandom is _REALLY_ /var/named/dev/arandom.
So just why not creating this device?
cd /var/named/dev
mknod arandom c 45 4

  What BIND has to do with the laws of thermo-dynamics?  Can I safely ignore 
  the above messages.
BIND needs /dev/arandom for some stuff like generating random IDs.

  BTW, I am NOT a BIND expert!
Neither do I ;)

Oh and don't forget the chroot() thingy mentioned above.
If you write to logfiles etc. they will get written
to /var/named/var/log/... !

HTH,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: inetd needed for basic NAT/Firewall operation?

[Andreas Maus]

On Wed, Dec 05, 2007 at 11:49:07AM -0500, Chris Smith wrote:
 Hello,

 When using OpenBSD only as a NAT router / Firewall with all of the 
 services in inetd.conf commented out is there any need to enable inetd? 
Hi Chris.

The only service that should (or could,depends on your point of view)
be allowed from the internet is IMHO the identd service.

Blocking this service may cause some delay because some mailers and
irc servers are checking for this service.

OTOH it may be considered as a security risc to give strangers valid
usernames. (If you need inetd requests from the outside and dont want
to give them valid usernames you can install a other identd, e.g.
oidentd or just a fakeidentd to return an arbitrary username)

 I believe it's no longer necessary for ftp-proxy and want to make sure 
 I'm not missing anything.
I don't run ftp-proxy so I don't know about this, sorry.

HTH,

Andreas

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: OT: OpenBSD on Asus eeePC

[Andreas Maus]

On Wed, Nov 14, 2007 at 01:02:55AM +0200, Alexey Suslikov wrote:
Hi Alexey.

 Looks like WLAN is Atheros 5212 which is ath(4) under OpenBSD.
 See here http://forums.bsdnexus.com/viewtopic.php?pid=16360#p16360
 
 About LAN. I think it is Attansic/Atheros L2. It is unsupported as of
 4.2 and -current. There are linux drivers:
Thank you for your enlightment ;)

 Attansic L1 Gigabit (also can be found on ASUS P5K mainboards)
 http://atl1.sourceforge.net/
 
 Attansic L2 10/100 (also can be found on ASUS F5R laptops)
 http://lwn.net/Articles/218588/
 
 Btw, Attansic drivers (according to source code and module naming)
 are somehow based on (derived from) Intel drivers.
O.K. As long as the WLAN interface is working I have no problem.
The CPU is powerfull enough to do IPSec so LAN is a nice to have
for me ;)

 Ask developers. Maybe these drivers are easy to port if you'll donate
 couple of Eee-PCs. They are so cheap :)
H  I'm really thinking about this idea ;)

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: OT: OpenBSD on Asus eeePC

[Andreas Maus]

On Wed, Nov 14, 2007 at 08:27:00AM +0100, Marc Balmer wrote:
  nice to see you have one.  can you boot -current and mail the dmesg to
  [EMAIL PROTECTED]
 
  Does anybody know where I could buy such a machine, preferrably in
  .ch or .de?
Hi Marc.

I found only 4 online shops in germany which sells the eee:

http://www.arlt.com/index.php?cl=detailsanid=3002853
http://www.campuspoint.de/shop/notebooks/notebooks-nach-hersteller/basusb/nach-modellen/eee-pc/asus-asus-eee-pc-black.html
http://www.notebook.de/index.php?section=shopgroup=734productid=9474
http://www.t-online-shop.de/tonline/product.do?action=getProductDetailproduct=38444

Unfortunately you have to wait several weeks :/

If someone on the list knows where to get a eeePC in .de without 
waiting several weeks ... contact me offlist ;)

So long,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Remove escape characters from file

[Andreas Maus]

On Fri, Oct 26, 2007 at 03:45:39PM +0200, Pieter Verberne wrote:
 Hi,
Hi Pieter.

 does OpenBSD have a program/script to remove control characters (escape
 sequence) from text files?
Do you mean something like the ^M (\r) character ?
I recommend using tr, e.g.:

tr -d '\r'  name_of_inputfile  name_of_outputfile

HTH,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Loading PF after ppp

[Andreas Maus]

On Wed, Sep 26, 2007 at 05:54:58PM +0200, Amit Finkler wrote:
 I connect to the internet using pppoe(8) by putting the following line
 in /etc/rc.local.conf:
 
 ppp -ddial pppoe
 
 However, the pf rules load before I have an internet connection and
 therefore pfctl reports an error.
 
 How does one load PF after ppp?
Hi  Amit.

I guess pf complains about the non-existant interface.

Starting and stopping pf can be done with entries in 
/etc/ppp/ppp.linkup and /etc/ppp/ppp.linkdown

e.g I use:

# cat /etc/ppp/ppp.linkup
[... snipp ...]
  ! sh -c ifconfig pflog0 up
  ! sh -c pfctl -e
  ! sh -c pfctl -f /etc/pf.conf
  ! sh -c /usr/local/bin/svc -u /service/pflogd
[... snipp ...]

and 

# cat /etc/ppp/ppp.linkdown
[... snipp ...]
  ! sh -c /usr/local/bin/svc -d /service/pflogd
  ! sh -c /usr/local/bin/svc -t /service/pflogd
  ! sh -c pfctl -d
[... snipp ...]

I use djbs daemontools to start and stop pflogd, but I think you
can also use ! sh -c /sbin/pflogd and ! sh -c pkill pflogd

HTH,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: help needed with laptop hdd

[Andreas Maus]

On Mon, Sep 10, 2007 at 05:48:31PM +0200, Henning Brauer wrote:
 Hi,
 
 unfortunately the harddisk in my X40 died. And even worse, I just 
 learned that the disk in the X40 is kind of special. It is a 1.8 hard 
 disk that does NOT use the ZIF connector (these are somewhat common) 
 but the same 44pin connector 2.5 disks use. 1.8 disks with that 
 connector have only ever been made by Hitachi. I have looked for a disk 
 up and down all day without success. So, if anyone is able to kind-of 
 quickly get me a Hitachi HTC426060G9AT00, that would be most welcome 
 and would allow me to hack when I am at home again ;(
 I am in Hamburg/Germany, btw.
Hi Henning.

Unfortunately my X40 died too (acid from the battery leaked into the
system killing half of the keyboard and almost all of the screen :/)

But the Harddisk seems to be intact (I could retrieve the data without
any problems). 

I can ship it to you (I from germany too ;).

So if you whish contact me offlist.

So long,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: sockaddr_in in manpage and /usr/include different

[Andreas Maus]

On Tue, Jun 05, 2007 at 03:29:52PM +0200, Karel Kulhavy wrote:
Hi.

 OpenBSD 4.0 man 7 ip says:
Thats interesting. On my OpenBSD 4.0 systems I don't have a man 7 ip.
I have a man 4 ip instead - and only man 4 ip.

Where did your man 7 ip come from? Section 7 of the man pages are dedicated
to Macros and Conventions. What file will be use when you run man 7 ip ?
My systems will use:

[EMAIL PROTECTED] ~ $ man -w ip
/usr/share/man/cat4/ip.0

HTH,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: sockaddr_in in manpage and /usr/include different

[Andreas Maus]

On Tue, Jun 05, 2007 at 05:29:47PM +0200, Karel Kulhavy wrote:
 I made a mistake I actually looked on a manpage in a Linux system. But there
O.K. Good to hear ^^

 is still a problem, in which manpage on OpenBSD 4.0 is the sockaddr_in
 described, then? I tried various ones like ip, socket, bind, and couldn't
 find any.
Take a look at man 4 inet (man inet will take you to man 3 inet).

HTH,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: nv(4) driver on nVidia 7600GS card

[Andreas Maus]

On 3/1/07, Joachim Schipper [EMAIL PROTECTED] wrote:


No, but you can already use 7.1 in -current. (To help with testing,
obviously, and some stuff is still broken. So it's not a good idea if
you want the easy way out. Xenocara, and 7.1, will be merged as soon as
4.1 is sent to the CD guys).

You guys rock ! ;)

Running xenocara for 8 days and it is amazing!
nv driver works like a charm-
Although I'm still in the process of rebuilding apps,
it is running without any crashes nor problems yet
(neither applications nor X).

This is sooo awesome ^^

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Strange behavior with new suse dostro, vista and openbsd vpn tunel

[Andreas Maus]

On 3/9/07, Claude Brassel [EMAIL PROTECTED] wrote:

Hello,

I'm using two openbsd VPN gateways between my home and my office, everything
work's fine, but ..

I have try some new linux distro (opensuse 10.2, mandriva 2007) so if I try
to join a host through the vpn it's working only for small packets in ex:
the telnet login session work's great, but if I try some ls or everithing
else that produce a big amount of lines the connection will timed out, I
have no idea why.
The same is for the new vista, on my XP hosts I can do anything (telnet,
ssh, remote desktop) but on the new vista (same hardware) I have the same
problem as on the linux boxes.

Have somebody any idea ?

Try lowering the MTU.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: nv(4) driver on nVidia 7600GS card.

[Andreas Maus]

On 3/1/07, Joachim Schipper [EMAIL PROTECTED] wrote:

No, but you can already use 7.1 in -current. (To help with testing,
obviously, and some stuff is still broken. So it's not a good idea if
you want the easy way out. Xenocara, and 7.1, will be merged as soon as
4.1 is sent to the CD guys).

I _LOVE_ to try it from the current tree! ;)
(I already use the current tree - except XF4 - because of some
problems with the nfe* NICs).

I will try it.

Many thanks,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: nv(4) driver on nVidia 7600GS card.

[Andreas Maus]

On 3/1/07, Sunnz [EMAIL PROTECTED] wrote:

Hi,

I have an nVidia 7600GS Graphics card, and attempted to get it to work
with the NV(4) driver.

There shall be no hardware problem, as I have tested it with VESA(4)
driver, and X -config /root/xorg.conf.new works.

This is the monitor that I was trying to get to work:
http://support.ap.dell.com/support/edocs/monitors/2407WFP/en/about.htm#Specifications

Its modeline has been specified in the xorg.conf.new file.

I don't quite get the warnings in the log, I have only specified ONE
resolution to be used in xorg.conf.new but it is trying all different
one's??

Attached dmesg, xorg.conf.new and Xorg.0.log, hope they can help. If
you do not prefer attachments I can upload it to a http server
instead.

Thanks for the help.


Hi.

Look at your Xorg.0.log file. Your problem is:

Fatal server error:
Caught signal 8.  Server aborting

This is not a hardware problem. It is the nv driver.
I had similar problems with my 7800GS.
The thread was discussed here:

http://marc.theaimsgroup.com/?l=openbsd-miscm=116017301426487w=2

As a workaround you have to use the vesa driver till we have X 7.x

HTH,

Andreas.

P.S.: By the way ... will we switch to X 7.x in 4.1 ? The vesa driver
can be annoying, because I can't watch movies in fullscreen with mplayer. ;)

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: OpenBSD as Virtualbox guest

[Andreas Maus]

On 2/27/07, Peter [EMAIL PROTECTED] wrote:

I'm looking for comments from people who have installed OpenBSD 4.0 as a
Virtualbox guest.  I am currently running Virtualbox 1.3.6 on Gentoo
Linux 2006.1.  The manual does not mention OBSD as guest even though
their website states that it is possible.  My main question is how to
create an OBSD image since it seems that I need an ISO image.

You can fetch a installation iso (cd40.iso) from a mirror
and install via network. Or support OpenBSD and buy the CD sets ^^

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: hot spot with OBSD 4.0

[Andreas Maus]

On 2/22/07, sonjaya [EMAIL PROTECTED] wrote:

more secure more better , i would happy if you want share to all .

Thats the right attitude! ;)

O.K. I will dump my /dev/brain into a documentation and put it online
today or tomorrow.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: hot spot with OBSD 4.0

[Andreas Maus]

On 2/22/07, earx [EMAIL PROTECTED] wrote:

Le Thu, 22 Feb 2007 16:22:35 +0700
sonjaya [EMAIL PROTECTED] a pris sa plume:

 more secure more better , i would happy if you want share to all .

if it is just for you and familly/friends
authpf and openvpn is the solution

Right.
My access  point is only for my friends, but never the less
it uses ipsec. Because openvpn was too easy and
any unexperienced user can setup a vpn with
openvpn. So we decided we are experienced users
and used ipsec (with certificates) ;)

So I can (and will) contribute a a AP with WEP+ipsec (not with ipsec.conf)
and configurations for OpenBSD and Linux clients (I'm still
working on WinDOS XP).

Andreas.


--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: FuzzyOCR on OpenBSD?

[Andreas Maus]

On 2/16/07, Peter [EMAIL PROTECTED] wrote:

I'm looking for guidance in installing the FuzzyOCR SA plugin on OpenBSD 4.0.  
Has anyone done this?

Hi.

The basic steps (for debian) are documented here:

http://www200.pair.com/mecham/spam/image_spam2.html

AFAIK, I installed every required program from ports except orcad
and the -required, but not mentioned - Perl module String::Approx
(from cpan.org)

HTH,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: remove sendmail/install postfix

[Andreas Maus]

On 2/3/07, Toni Mueller [EMAIL PROTECTED] wrote:
Hi.

I dislike the mailwrapper and instead adjust the link in
/usr/sbin/sendmail to point to the real sendmail program. But doing
the mailwrapper thing is probably the safe(r) way to go. I also don't
need (nor get) the mailq etc functionality wrapped...

This will work too.
But the mailwraper provides a more generic way for
OpenBSD to use mail without dealing much about
the uses mail system. (sendmail,postfix,exim,qmail, ...)

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Troubles with nfe0 and system freezes with MP kernel

[Andreas Maus]

On 2/1/07, Srebrenko Sehic [EMAIL PROTECTED] wrote:

 the problem remains.

You should try 2 different things.

1) Get the latest -current and try that. I think some fixes went into
post 4.0 for the nfe(4) driver which might fix your issue.

Sure. Thats the first thing I will do.


2) nfe(4) phy has issues with 10 mbit. You should try 1gbit and make
sure to set the full-duplex mode. I remember havning an nfe(4) system
which whould not work unless I forced mediaopt mode to full-duplex.

Nope.
The card is connected with 1000MBit.

I remembered a problem in the Linux driver which locks the system
when running with 10 or 100 MBit and autonegotiation was set to
off (and duplexmode and speed were set manually). This problem
went away using autonegotiation.

Anyway, I will try the latest -cuurent this weekend.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Out of Office AutoReply:

[Andreas Maus]

Respect!

1 line greeting
3 lines message
2 lines regards
and 20 LINES OF STUPID DISCLAIMER !

(sorry couldn't resist ;)

On 2/2/07, Richard Francis [EMAIL PROTECTED] wrote:

Thank you for your email.

I am currently out of the office until Monday the 12th of February and will
have no access to emails until then.  If you have an urgent requirement please
contact Ruth Hardacre on +44 161 772 7100.


Regards
Richard


This communication is confidential and the information in it may not be used
or disclosed except for the purpose for which it has been sent. If you are not
the intended recipient, please contact the sender immediately and delete this
message from your system. Do not open or store any attachments.

Opinions, conclusions and statements of intent contained in this communication
are those of the sender and not Amcat unless confirmed independently of this
message. Computer viruses can be transmitted by email and Amcat do not accept
any responsibility for their presence. Whilst all reasonable measures have
been taken to scan this email for known viruses, it is the responsibility of
the recipient to check this email and any attachments.

Please note that communication sent to and from Amcat is routinely monitored
for record keeping, quality control and training purposes in order to ensure
regulatory compliance and prevent viruses and unauthorised use of Amcat's
computer systems.

Amcat Ltd
Registered in England. Reg No. 03869504
European Development Centre, 11 Commerce Way, Westinghouse Road, Manchester,
M17 1HW


This disclaimer was brought to you by a trial version of mxClaim from
www.mxclaim.com





--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Troubles with nfe0 and system freezes with MP kernel

[Andreas Maus]

Hi.

Last week I got a fresh system (my old system died)
and so I had to install.

The system is a DualCore AMD64 X2 4600+ with integrated
NVIDIA NICs (nfe0 and nfe1) and build in NVIDIA RAID.
(for details see dmesg below)

The first problem I ran into was the problem with the onboard NICs.
I had to boot about 20 or 30 times to get networking working (read
get a DHCP lease). Usually the network starts, dhclient tries to obtain
a IP address and fails after about  5 sec. with
nfe0: watchdog timeout. I tried the latest CVS snapshot yesterday
(it wasn't that fun to fetch it without a sporadic working NIC) but
the problem remains.

The second problem is the permanent system freeze without any error
(or kernel panic) after some minutes when using the MP kernel.
At first I suspected a borken RAM, but I had no problems building
Gentoolinux from stage1 and memtest reports no error.
Curiously the problem disappears when I boot the vanilla
(read non-SMP) kernel.

I will look for a old 3com card tomorrow and install it so I can
at least fetch the new CVS tree ;)

Is there anyone out there who can point me to a possible solution
of these problems? (A SMP system would be nice but I can live
with the non-SMP kernel but the network issue is driving me nuts ;)

Andreas.

dmesg:

OpenBSD 4.0 (GENERIC.MP) #967: Sat Sep 16 20:38:15 MDT 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2146881536 (2096564K)
avail mem = 1835012096 (1792004K)
using 22937 buffers containing 214896640 bytes (209860K) of memory
mainbus0 (root)
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfb990 (54 entries)
bios0: MSI MS-7250
mainbus0: Intel MP Specification (Version 1.4) (nVidia   MCP55   )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, 2412.72 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 201MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, 2412.37 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
mpbios: bus 0 is type PCI
mpbios: bus 1 is type PCI
mpbios: bus 2 is type PCI
mpbios: bus 3 is type PCI
mpbios: bus 4 is type PCI
mpbios: bus 5 is type PCI
mpbios: bus 6 is type PCI
mpbios: bus 7 is type PCI
mpbios: bus 8 is type ISA
ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1
NVIDIA MCP55 Memory rev 0xa1 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 NVIDIA MCP55 ISA rev 0xa2
nviic0 at pci0 dev 1 function 1 NVIDIA MCP55 SMBus rev 0xa2
iic0 at nviic0
iic1 at nviic0
unknown at iic1 addr 0x2f not configured
admtemp0 at iic1 addr 0x4c: gl523sm
ohci0 at pci0 dev 2 function 0 NVIDIA MCP55 USB rev 0xa1: apic 2 int
10 (irq 10), version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 10 ports with 10 removable, self powered
ehci0 at pci0 dev 2 function 1 NVIDIA MCP55 USB rev 0xa2: apic 2 int
11 (irq 11)
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
uhub1: 10 ports with 10 removable, self powered
pciide0 at pci0 dev 4 function 0 NVIDIA MCP55 IDE rev 0xa1: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TSSTcorp, DVD-ROM SH-D162C, TS04 SCSI0
5/cdrom removable
atapiscsi1 at pciide0 channel 0 drive 1
scsibus1 at atapiscsi1: 2 targets
cd1 at scsibus1 targ 0 lun 0: TSSTcorp, CD/DVDW SH-S182D, SB04 SCSI0
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
cd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 5 function 0 NVIDIA MCP55 SATA rev 0xa2: DMA
pciide1: using apic 2 int 5 (irq 5) for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: SAMSUNG SP2504C
wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide1 channel 1 drive 0: SAMSUNG SP2504C
wd1: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide2 at pci0 dev 5 function 1 NVIDIA MCP55 SATA rev 0xa2: DMA
pciide2: using 

Re: remove sendmail/install postfix

[Andreas Maus]

On 2/1/07, David B. [EMAIL PROTECTED] wrote:

hi, hate to bother, but...

I looked around on the net and couldn't find a howto on howto uninstall
sendmail, the default in 3.8, and then install postfix.

You don't need to do this (well at least on OpenBSD).
Just install  postfix form the ports.
It will tell you what to do to enable postfix and disable sendmail:

[... snipp ...]
===  Installing postfix-2.3.3 from /usr/ports/packages/i386/all/
postfix-2.3.3: complete
--- postfix-2.3.3 ---
- Creating /etc/mailer.conf.postfix
- Creating Postfix spool directory and chroot area under /var/spool/postfix

   Warning: you still need to edit myorigin/mydestination/mynetworks
   parameter settings in /etc/postfix/main.cf.

   See also http://www.postfix.org/faq.html for information about
   dialup sites or about sites inside a firewalled network.

   BTW: Check your /etc/mail/aliases file and be sure to set up
   aliases that send mail for root and postmaster to a real person,
   then run /usr/local/sbin/newaliases.

+---
| Configuration files has been installed in /etc/postfix.
| Please update these files to meet your needs.
+---
+---
| Postfix can be set up to replace sendmail entirely. Please read the
| documentation at file:/usr/local/share/doc/postfix/html/index.html or
| http://www.postfix.org/ carefully before you decide to do this!
|
| To replace sendmail with postfix you have to install a new mailer.conf
| using the following command:
|
| /usr/local/sbin/postfix-enable
|
| If you want to restore sendmail, this is done using the following command:
|
| /usr/local/sbin/postfix-disable
+---
[... snipp ...]


I know how to install postfix, but how do you completely remove
sendmail, since it isn't a package where I can just pkg_delete it?

Because its in the base system.


my understanding is that postfix and sendmail aren't friendly on the same
box, and I've found quite a few articles that strongly suggest removing
sendmail if you've chosen to use postfix.

Why not having sendmail and postfix on a box.
As long as the right executables are installed for the current
mail system, there is no problem ...

HTH,

Andreas

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: 64-bit Linux Emulation on AMD64?

[Andreas Maus]

On 12/19/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi Alex.


Hello,

I've got a fresh new 4.0/AMD64 system installed, and after sitting down

Congratulations ;)


to add Linux binary compatibility, I see that it apparently doesn't
exist on this platform. After some archive digging, it doesn't appear
that the idea has been thoroughly discussed, especially since adding
32-bit Linux binary support would be difficult at best
(http://marc.theaimsgroup.com/?l=openbsd-miscm=109036873227847w=2).

Unfortunately Linux compatbility is for i386 only - from options(4):

option COMPAT_LINUX
On those architectures that support it, this enables binary compatibility
with Linux ELF and a.out applications built for the same architecture.
This option is supported on the i386 architecture.  See compat_linux(8).

Although I would love to see compatibilty for Linux 64Bit (amd64 - not ia64 ;)
on OpenBSD, I can live without it.

If there applications that ships _only_ with Linux binaries - and without
source code to compile for myself - I consider this apps as BLOBs
and BLOBs are bd! ^^

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Block device required

[Andreas Maus]

On 12/19/06, ibanex22 [EMAIL PROTECTED] wrote:
Hi.

mount_ext2fs: /dev/rwd1c on /mnt: Block device required

Of cause!
rwd1c is a charcter device, not a block device:
$ ls -l /dev/rwd1c
crw-r-  1 root  operator3,  18 Dec  9 12:03 /dev/rwd1c

You have to use wd1c instead, which is a block device:
$ ls -l /dev/wd1c
brw-r-  1 root  operator0,  18 Dec  9 12:03 /dev/wd1c


fdisk /dev/rwd1c returns:

... make sure you don't mistake fdisk for disklabel.
fdisk on OpenBSD is way different than on Linux.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Block device required

[Andreas Maus]

On 12/19/06, Greg Thomas [EMAIL PROTECTED] wrote:


How do you know it's i?

disklabel wd1

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Problems in my wireless card

[Andreas Maus]

On 12/18/06, Eduardo Jorge [EMAIL PROTECTED] wrote:
Hi.


This is my dmesg

OpenBSD 4.0 (NEIN) #0: Sun Dec 17 05:20:14 BRST 2006

^
At first. Before you post make sure you use a GENERIC kernel
(because we can only guess what option your kernel uses).


vendor Atheros, unknown product 0x001a (class network subclass ethernet, rev 
0x01) at pci1 dev 5 function 0 not configured

As you can see your card vendor is recognized but not the card itself.
It is not supported by OpenBSD.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: 4.0 frozen

[Andreas Maus]

Hi Stephen.

On 12/17/06, Stephen Schaff [EMAIL PROTECTED] wrote:

wd0(pciide1:0:0): timeout
type: ata
c_bcount: 65536
c_skip: 0
pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21
wd0d: device timeout reading fsbn 234162112 of 234162112-234162239
(wd0 bn 235334857; cn 14648 tn 233 sn 58), retrying
wd0: soft error (corrected)
wd0(pciide1:0:0): timeout
type: ata
c_bcount: 65536
c_skip: 0
pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21
wd0d: device timeout reading fsbn 234997440 of 234997440-234997567
(wd0 bn 236170185; cn 14700 tn 233 sn 6), retrying
wd0: soft error (corrected)
wd0(pciide1:0:0): timeout
type: ata
c_bcount: 65536
c_skip: 0
pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21
wd0d: device timeout reading fsbn 235719872 of 235719872-23571
(wd0 bn 236892617; cn 14745 tn 225 sn 17), retrying
wd0: soft error (corrected)

I guess wd0 holds your root file system, right?

I had the same problem with my OpenBSD access point over one
year ago. After replacing the disk my system works like a charm :)

I suggest that you replace the dying harddisk with a new one and give
it a try.

HTH,

Andreas.


--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Moving a 100GB directory tree with lots of hardlinks

[Andreas Maus]

Hi.

Just a wild guess ...
Do you tried rsync?
(Although I don't know how rsync deals with _hard_ links).

HTH,

Andreas.


On 12/15/06, Matthias Bertschy [EMAIL PROTECTED] wrote:

OpenBSD 3.7 - i386
Pentium 4 3GHz - 1GB RAM - 2GB swap

Hello list,

For the past 3 weeks, I have been working on a difficult problem: moving
a backuppc (http://backuppc.sourceforge.net/) pool from a RAID0 to a big
disk, in order to free the RAID0 before rebuilding a RAID5.

The RAID0 has one partition, its size is 2112984700 blocks (512-blocks),
roughly 1008GB, which is close to the maximum allowed by ffs. The big
disk is 300GB.

I need to move 96GB of data which are, due to backuppc design, full of
hardlinks!

So far, I have tried to use:
1) dd: impossible because the partitions cannot be the same size
(and the RAID5 won't be the same size as the RAID0)
2) pax -rw: after transferring almost 70GB, it bails out with a
Segmentation fault
3) tar to archive: after something like 60GB, it complains with some
file name too long errors
4) gtar to archive (from package gtar-1.15.1p0-static.tgz): ends up
with a gtar: memory exhauted error
5) dump to file: successful but
5') restore from file: stops even before starting due to a no
memory for entry table error (there is still a lot of unused memory and
swap - and no ulimit)

Any help is appreciated because I really don't know what to do next.

Matthias Bertschy
Echo Technologies SA





--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Moving a 100GB directory tree with lots of hardlinks

[Andreas Maus]

Ahhh I was enlightened by you and Andy Hayward ;)

If it is memory consumption is the problem, adding a swapfile
via swapon could help.

Andreas.

On 12/15/06, Jaye Mathisen [EMAIL PROTECTED] wrote:

You might need to compile a kernel with a large default
data segment size, make sure tmp has enough room, or
set TMPDIR/TEMPDIR for restore.

Dump/resture should DTRT.

rsync -H will as well, but again, going back to needing lots of memory to
store all that hardlink info...

On Fri, Dec 15, 2006 at 11:04:25PM +0100, Andreas Maus wrote:
 Hi.

 Just a wild guess ...
 Do you tried rsync?
 (Although I don't know how rsync deals with _hard_ links).

 HTH,

 Andreas.


 On 12/15/06, Matthias Bertschy [EMAIL PROTECTED]
 wrote:
 OpenBSD 3.7 - i386
 Pentium 4 3GHz - 1GB RAM - 2GB swap
 
 Hello list,
 
 For the past 3 weeks, I have been working on a difficult problem: moving
 a backuppc (http://backuppc.sourceforge.net/) pool from a RAID0 to a big
 disk, in order to free the RAID0 before rebuilding a RAID5.
 
 The RAID0 has one partition, its size is 2112984700 blocks (512-blocks),
 roughly 1008GB, which is close to the maximum allowed by ffs. The big
 disk is 300GB.
 
 I need to move 96GB of data which are, due to backuppc design, full of
 hardlinks!
 
 So far, I have tried to use:
 1) dd: impossible because the partitions cannot be the same size
 (and the RAID5 won't be the same size as the RAID0)
 2) pax -rw: after transferring almost 70GB, it bails out with a
 Segmentation fault
 3) tar to archive: after something like 60GB, it complains with some
 file name too long errors
 4) gtar to archive (from package gtar-1.15.1p0-static.tgz): ends up
 with a gtar: memory exhauted error
 5) dump to file: successful but
 5') restore from file: stops even before starting due to a no
 memory for entry table error (there is still a lot of unused memory and
 swap - and no ulimit)
 
 Any help is appreciated because I really don't know what to do next.
 
 Matthias Bertschy
 Echo Technologies SA
 
 


 --
 Hobbes : Shouldn't we read the instructions?
 Calvin : Do I look like a sissy?


 !DSPAM:45831ea2743981250431860!





--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: dhcpd question

[Andreas Maus]

Hi Richard.


 yes, don't :)

True.

 You could write a simple script to modify dhcpd.conf as needed, but I set

I don't recommend that.
A little typo or unexpected error and all your clients are unable to resolve
or even get a lease - depending on the errors the script introduces.
This happens to me some years ago :/


Very true :-)

long time back I did this on my firewalls

http://cr.yp.to/djbdns/install.html
http://cr.yp.to/djbdns/run-cache-x.html

I installed djbdns/dnscache from DJB some years ago because
of this problem. It gives you a DNS cache too so
you clients DNS lookups will speed up, especially if
your line to your ISP is nearly saturated.
I used a real old Pentium 120 with 64MB RAM and give
the DNS cache about 30 MB and that was a good thing
(tm) for my small network (5 active users).

Although the djbdns is a old package, it is reliable and secure
with a small memory footprint. (It is not in the ports because of
the copyright issues I guess).


you could use bind that comes with the base also :-)

Thats also a solution. But for small LANs I recommend
djbdns because I am a DJB fanatic ;)

HTH,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: STUPID file permission question

[Andreas Maus]

On 12/13/06, stupidmail4me [EMAIL PROTECTED] wrote:
Hi.


My username is foo and primary group is therefore also
foo. I am also in the group bar.

Did you logout and login again after adding yourself
to the group bar? If not do so.

Whats the output of id?


I have a directory called anything owned by bar:bar.
It's permissions are 770. Why can't I traverse it's
tree? Doesn't my being in the bar group allow me with
the second 7 to traverse anything's tree?

Depends on the permissions of the upper directory.
e.g. if the directory is /home/bar/foo_bar and /home/bar
is only readable+executable for user bar (read 0700)
you are not allowed to enter this directory and so you can't
enter any directories below that dir.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: autoconf error message suggestion

[Andreas Maus]

On 12/12/06, Karel Kulhavy [EMAIL PROTECTED] wrote:
Hi.


 You are kidding, aren't you ?

No.

o.k.


 csh/tcsh uses setenv and sh/ksh/bash uses export

No I mean explanation how the user obtains a list of available numbers and
how to select from them.

Short answer:

[EMAIL PROTECTED] ~ $ ls -l /usr/local/bin/autoconf-*
-r-xr-xr-x  1 root  bin  4853 Jul 28 09:59 /usr/local/bin/autoconf-2.13
-r-xr-xr-x  1 root  bin  7686 Jun 27 16:38 /usr/local/bin/autoconf-2.57
-r-xr-xr-x  1 root  bin  7674 Jun 27 16:35 /usr/local/bin/autoconf-2.59

Or you can use pkg_info to get a more detailed output:

[EMAIL PROTECTED] ~ $ pkg_info autoconf
Information for autoconf-2.13p0

Comment:
automatically configure source code on many Un*x platforms

Description:
Autoconf is an extensible package of m4 macros that produce shell
scripts to automatically configure software source code packages.
These scripts can adapt the packages to many kinds of UNIX-like
systems without manual user intervention.  Autoconf creates a
[EMAIL PROTECTED] ~ $ pkg_info autoconf | head -n 20
Information for autoconf-2.13p0

Comment:
automatically configure source code on many Un*x platforms

Description:
Autoconf is an extensible package of m4 macros that produce shell
scripts to automatically configure software source code packages.
These scripts can adapt the packages to many kinds of UNIX-like
systems without manual user intervention.  Autoconf creates a
configuration script for a package from a template file that lists the
operating system features that the package can use, in the form of m4
macro calls.

The FSF would make you believe that only gnu-m4 can handle autoconf.
This is no longer true. This package does not depend on gnu-m4.

This is autoconf-2.13.

The actual autoconf drivers for selecting autoconf version are in
[... snipp ...]


 No, because you should have at least basic Un*x knowledge.

I have a basic Unix knowledge. Do you think that someone who wrote 25% of a
graphical web browser that runs on the following platforms:

[... snipp ...]

PMShell, AtheOS GUI, doesn't have a basic Unix knowledge?

Honestly, I dont care about that.


I don't understand what's the point in refusing to do this - this looks like
some kind of OpenBSD script and it should be easy to change the text it prints,
shouldn't? I guess the work will be minimal and the benefit will be obvious.

Sure. The file is not brand new:

[EMAIL PROTECTED] ~ $ head  /usr/local/bin/autoconf
#! /bin/sh
# $OpenBSD: meta.in,v 1.3 2004/11/08 22:00:09 mbalmer Exp $

# Copyright (c) 2003,2004 Marc Espie.
#

You can make the changes, update the corresponding package (metaauto-0.5)
and commit the changes after testing.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

OpenBSD 4.0 seems to be very picky about USB mass storage devices

[Andreas Maus]

Hi * !

After upgrading my X40 from 3.9 to 4.0 I have problems mounting
a specific USB stick. Running OpenBSD 3.9 I see some errors when
accessing this USB stick after it is plugged in:

sd1 at scsibus2 targ 1 lun 0: USB, Flash Disk, 2.00 SCSI2 0/direct removable
sd1: 62MB, 62 cyl, 64 head, 32 sec, 512 bytes/sec, 127744 sec total
sd1(umass1:1:0): Check Condition (error 0x70) on opcode 0x0
   SENSE KEY: Not Ready
ASC/ASCQ: Medium Not Present

But I can mount the stick. After upgrading to OpenBSD 4.0 the system
sets the USB mass storage device to offline:

umass0 at uhub3 port 3 configuration 1 interface 0
umass0: vendor 0x0204 product 0x6025, rev 2.00/1.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets
sd0 at scsibus0 targ 1 lun 0: USB, Flash Disk, 2.00 SCSI2 0/direct removable
sd0: drive offline

And of cause this action I am not able to access the USB stick:

# disklabel sd0
disklabel: ioctl DIOCGDINFO: Input/output error

Using an othe USB stick - which doesnt print the Medium Not Present on OpenBSD
3.9 - there is no problem with this stick:

umass0 at uhub3 port 3 configuration 1 interface 0
umass0: TTI-WDE U20 Mobile Disk, rev 2.00/2.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets
sd0 at scsibus0 targ 1 lun 0: USB 2.0, Mobile Disk, 2.00 SCSI2
0/direct removable
sd0: 125MB, 125 cyl, 64 head, 32 sec, 512 bytes/sec, 256000 sec total

Is it possible to enforce a more relaxed handling of the problematic USB stick
or should I just backup the data (under OpenBSD 3.9) and throw the stick away?

Thanks for your help.

Andreas.

P.S.: OpenBSD 3.9 and 4.0 are using the GENERIC kernel.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: autoconf error message suggestion

[Andreas Maus]

Hi.

On 12/4/06, Karel Kulhavy [EMAIL PROTECTED] wrote:

[EMAIL PROTECTED]:~$ autoconf
Provide an AUTOCONF_VERSION environment variable, please

Yes. Just do it. e.g.:

[EMAIL PROTECTED]:~ $ env | grep AUTO
AUTOMAKE_VERSION=1.9
AUTOCONF_VERSION=2.59


I suggest this error message to be extended with a pointer to information
how to set this environment variable. As I wrote, I didn't find any manpage

You are kidding, aren't you ?

Setting up environment variables depends on your shell.
csh/tcsh uses setenv and sh/ksh/bash uses export


but maybe there is some URL explaining this topic.

No, because you should have at least basic Un*x knowledge.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: [EMAIL PROTECTED]: ET1310 Documentation]

[Andreas Maus]

On 12/4/06, Martin Schrvder [EMAIL PROTECTED] wrote:

And now they have been bought by LSI. :-)
http://www.lsi.com/news/corporate_news/2006_12_04.html

So there is hope that LSI will release specifications :)

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: [EMAIL PROTECTED]: ET1310 Documentation]

[Andreas Maus]

Hi.

Thanks for the information.
If I see any of their products on a list for my customer
I will _strongly_ vote against their product - independant
of used the OS.

On 11/28/06, Jonathan Gray [EMAIL PROTECTED] wrote:

This is an example of us trying to talk to a vendor and
being totally shut down. Not only did they license the PCI express and
MAC portions, but they don't want to help us to support their products
at all. No information, no people to talk to, nothing.


Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: problem with 003_systrace.patch

[Andreas Maus]

On 11/22/06, martin g [EMAIL PROTECTED] wrote:

Hello all

when i apply this patch system asks me

File to patch:

what should i enter here

Hi.

Nothing.

You are

a) not standing in /usr/src (read the first few lines from the patch file)
or
b) you don't have anythin under /usr/src

Andreas.


--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: problem with 003_systrace.patch

[Andreas Maus]

On 11/22/06, martin g [EMAIL PROTECTED] wrote:


if it is allready patched

i have the latest sources. is this possible


Nope.

If it is already patched you will see something like this:

# cd /usr/src
# patch -p0  4.0/common/003_systrace.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--
|Apply by doing:
|   cd /usr/src
|   patch -p0  003_systrace.patch
|
|And then rebuild your kernel.
|
|Index: sys/dev/systrace.c
|===
|RCS file: /cvs/src/sys/dev/systrace.c,v
|retrieving revision 1.42
|retrieving revision 1.42.2.1
|diff -u -p -r1.42 -r1.42.2.1
|--- sys/dev/systrace.c 28 May 2006 17:06:38 -  1.42
|+++ sys/dev/systrace.c 1 Nov 2006 20:03:35 -   1.42.2.1
--
Patching file sys/dev/systrace.c using Plan A...
Reversed (or previously applied) patch detected!  Assume -R? [y] ^C#

Andreas.

P.S.: Please Cc to the list. Maybe there are other guys/girls out there
who could give you a clue.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: problem with 003_systrace.patch

[Andreas Maus]

On 11/22/06, Andreas Maus [EMAIL PROTECTED] wrote:

|And then rebuild your kernel.

*ahem*

Do you have the kernel sources (sys.tar.gz) installed
in /usr/src/sys ?

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Problems applying 002_openssl.patch for OpenBSD 4.0

[Andreas Maus]

Hi.

After updating from OpenBSD 3.9 to 4.0 I extracted the new tarballs
src.tar.gz and sys.tar.gz and got the patches for OpenBSD 4.0
from openbsd.org/errata.html

I had no problem applying the patches except for 002_openssl which
stops while make with:

# make
[... snipp ...]
=== crypto
cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
-DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
-DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
-DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
-DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
-DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
-I/usr/src/lib/libssl/crypto/../src
-I/usr/src/lib/libssl/crypto/../src/crypto
-I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
-DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
/usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c -o rsa_eay.o
cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
-DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
-DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
-DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
-DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
-DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
-I/usr/src/lib/libssl/crypto/../src
-I/usr/src/lib/libssl/crypto/../src/crypto
-I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
-DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
/usr/src/lib/libssl/src/crypto/rsa/rsa_err.c -o rsa_err.o
cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
-DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
-DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
-DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
-DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
-DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
-I/usr/src/lib/libssl/crypto/../src
-I/usr/src/lib/libssl/crypto/../src/crypto
-I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
-DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c -o rsa_x931.o
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c: In function `RSA_X931_hash_id':
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: `NID_sha256'
undeclared (first use in this function)
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: (Each
undeclared identifier is reported only once
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: for each
function it appears in.)
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:168: error: `NID_sha384'
undeclared (first use in this function)
/usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:171: error: `NID_sha512'
undeclared (first use in this function)
*** Error code 1

Stop in /usr/src/lib/libssl/crypto.
*** Error code 1

Stop in /usr/src/lib/libssl.

All previous commands for this patch ( cd lib/libssl,
make obj make depend make includes ) didn't produce
any errors.

Can someone give me some hints about this?

Thanks,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Problems applying 002_openssl.patch for OpenBSD 4.0

[Andreas Maus]

Hi Allie.

Thanks.
Clearing /usr/obj did it.
I guess running make clean (as suggested
by Christopher [EMAIL PROTECTED]) would also
a solution.

Thanks,

Andreas.

On 11/12/06, Allie D. [EMAIL PROTECTED] wrote:

rm -rf /usr/obj/* and then try again.

P.S. I have an error code 71 on one of my boxes on the make
install...think my disk is now full of cruft from countless upgrades, it's
time to wipe it and start over.
--
~Allie D.


On Sun, November 12, 2006 09:28, Andreas Maus wrote:
 Hi.

 After updating from OpenBSD 3.9 to 4.0 I extracted the new tarballs
 src.tar.gz and sys.tar.gz and got the patches for OpenBSD 4.0
 from openbsd.org/errata.html

 I had no problem applying the patches except for 002_openssl which
 stops while make with:

 # make
 [... snipp ...]
 === crypto
 cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
 -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
 -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
 -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
 -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
 -I/usr/src/lib/libssl/crypto/../src
 -I/usr/src/lib/libssl/crypto/../src/crypto
 -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
 -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
 /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c -o rsa_eay.o
 cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
 -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
 -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
 -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
 -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
 -I/usr/src/lib/libssl/crypto/../src
 -I/usr/src/lib/libssl/crypto/../src/crypto
 -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
 -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
 /usr/src/lib/libssl/src/crypto/rsa/rsa_err.c -o rsa_err.o
 cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H
 -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM
 -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2
 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER
 -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC
 -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
 -I/usr/src/lib/libssl/crypto/../src
 -I/usr/src/lib/libssl/crypto/../src/crypto
 -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM
 -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM   -c
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c -o rsa_x931.o
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c: In function
 `RSA_X931_hash_id':
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: `NID_sha256'
 undeclared (first use in this function)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: (Each
 undeclared identifier is reported only once
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: for each
 function it appears in.)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:168: error: `NID_sha384'
 undeclared (first use in this function)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:171: error: `NID_sha512'
 undeclared (first use in this function)
 *** Error code 1

 Stop in /usr/src/lib/libssl/crypto.
 *** Error code 1

 Stop in /usr/src/lib/libssl.

 All previous commands for this patch ( cd lib/libssl,
 make obj make depend make includes ) didn't produce
 any errors.

 Can someone give me some hints about this?

 Thanks,

 Andreas.

 --
 Hobbes : Shouldn't we read the instructions?
 Calvin : Do I look like a sissy?





--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Bizarre Abort Trap on sparc64

[Andreas Maus]

Hi.

On 11/9/06, Edd Barrett [EMAIL PROTECTED] wrote:

Same again. This time i noted when it started happening. After tar
zxvf src.tar.gz -C /usr . At this point I assumed bad hardware and
bought a new box.

*ahem*
You shoul untar src.tar.gz to /usr/src not /usr.
Untarring the file to /usr will overwrite your binaries (e.g. tar)
with the _directories_ (e.g. bin/tar/) and this will confuse the
system.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Problem when apply 001_httpd.patch

[Andreas Maus]

Hi.

So whats your question/problem ?

Andreas.

On 11/9/06, Maverick [EMAIL PROTECTED] wrote:

Hi i am trying to apply the 001 patch
 What i have done is

 cd /usr/src
 patch -p0  001_httpd.patch

 and i come back to me as:

 Hmm... Looks like a unified diff to me...
 The text leading up to this was:
 --
 |Apply by doing:
 | cd /usr/src
 | patch -p0  001_httpd.patch
 |
 |And then rebuild and install httpd and its modules:
 | cd usr.sbin/httpd
 | make -f Makefile.bsd-wrapper obj
 | make -f Makefile.bsd-wrapper cleandir
 | make -f Makefile.bsd-wrapper depend
 | make -f Makefile.bsd-wrapper
 | make -f Makefile.bsd-wrapper install
 |
--
View this message in context: 
http://www.nabble.com/Problem-when-apply-001_httpd.patch-tf2603928.html#a7265560
Sent from the openbsd user - misc mailing list archive at Nabble.com.





--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: How do I convert a man page to PS or PDF?

[Andreas Maus]

Hi Steve.

On 10/20/06, Steve B [EMAIL PROTECTED] wrote:

I'm leaving on vacation and wanted to have something to read on the plane
and at the beach. How can I convert a couple of man pages into either PS or
PDF so that I can print them?

Thats easy ;)
To convert a man page you just have to find the file and use the -T parameter
of groff.

e.g. convert man (4) em to a PS file:
groff -Tps /usr/src/share/man/man4/em.4  em.ps

if you have ps2pdf installed you can pipe the groff -Tps output
directly into it:

e.g.
groff -Tps /usr/src/share/man/man4/em.4 | ps2pdf - em.pdf

HTH,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: How do I convert a man page to PS or PDF?

[Andreas Maus]

*ahem*
Using a man page from /usr/src is not that good :)
Try e.g. /usr/share/man/cat4/em.0

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: How do I convert a man page to PS or PDF?

[Andreas Maus]

On 10/20/06, Sevan / Venture37 [EMAIL PROTECTED] wrote:


man2ps
http://spectral.mscs.mu.edu/USA2005/examples/man2ps/

or use man2web from ports  print off the html files?

Why install extra packages?
groff is capable of converting man pages to ps (-Tps)
and HTML (-Thtml)

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: PPP problems

[Andreas Maus]

HI.


You can place the call in the /etc/inittab or use e.g.
daemontools ( http://cr.yp.to/daemontools.html ) to restart
it automagically.

By the way you have to keep the dialin command in the foreground.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: PPP problems

[Andreas Maus]

Hi.

On 10/16/06, Monah Baki [EMAIL PROTECTED] wrote:

Hi All,

I'm running PPP on OpenBSD 3.9, machine runs great for 3-4 weeks and then
disconnects then I have to restart PPP for it to work. Is this normal, is

I think thats normal. My PPPoE connection will be terminated every 24 hours
by my ISP :/


there a way to keep it up indefinitely?

Sure.
You can place the call in the /etc/inittab or use e.g.
daemontools ( http://cr.yp.to/daemontools.html ) to restart
it automagically.

HTH,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: web browsing

[Andreas Maus]

Hi.


i have a pppoe conn. to my isp and i managed to get it working.

Working from which host? The gateway or an internal host.


on the internal interface rl1 my hostname.rl1 looks like this:  inet
192.168.0.1 255.255.255.0 NONE

Assuming your interface rl1 is up ...


1. Is my hostname.rl1 OK do i have to add an alias for client( XP ) comp

Is IP forwarding enabled?
(Check by running sysctl  net.inet.ip.forwarding)
If not enable it.


2. what would be the NAT rule in my case
I tried the rule from pf - NAT section and pf - firewall for home of
small office and it doesnt work

Whats your internal and whats your external interface?
My internal interface is xl0 and my external tun0 and so this
NAT line works for me:

ext_if=tun0
int_if=xl0
nat on $ext_if from $intranet to any - $ext_if

HTH,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Kismet - Propably problems with ath0 (IBM brand)?

[Andreas Maus]

Hi Sebastian.

On 10/13/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:

Hello everybody,


[... snipp ...]
Yes this is a problem with kismet (even the current svn snapshot).

It was already mentioned a while ago:

http://marc.theaimsgroup.com/?l=openbsd-miscm=115548207902728w=2

Due to the lack of a recent mailinglist (only a forum) I didn't report this
to the kismet developers.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Kismet - Propably problems with ath0 (IBM brand)?

[Andreas Maus]

Hi.

On 10/13/06, Matthias Kilian [EMAIL PROTECTED] wrote:

 to the kismet developers.

Unfortunately, i've no ath(4) available. I'll see wether I can do
something next week. I'll also drop a mail to upstream.

It would be nice if other people could verify wether this is really
ath(4) specific (afaik, at least wi(4) and ral(4) are fine).

Tested with an RALink card (RaLink RT2500) and it kismet works
with this card.

Andreas.
--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: X not working with NVIDIA GeForce 7800 GS on amd64

[Andreas Maus]

Hi Matthew.

On 10/7/06, Matthew Weigel [EMAIL PROTECTED] wrote:

[demime 1.01d removed an attachment of type application/octet-stream
which had a name of dmesg]

Attachments are stripped on misc@ emails.

Doh!


Second, have you verified that you *need* an xorg.conf?  X.org now
auto-detects many things for you.  You may be fine without one, or you

Didn't know that. I usually did it the old school way by creating
an xorg.conf file...


may find that you only need certain sections of the configuration file.

Unfortunately this doesn't work.

If that doesn't work, try again but including the three files in line.


O.K. Here we go:

At first the Xorg.0.log file (from the X startup without any xorg.conf file):
X Window System Version 6.9.0 (for OpenBSD)
Release Date: 21 December 2005
X Protocol Version 11, Revision 0, Release 6.9
Build Operating System: OpenBSD 3.9 amd64 [ELF]
Current Operating System: OpenBSD gorg.badphish.dyndns.org 3.9 GORG#4 amd64
Build Date: 07 July 2006
Before reporting problems, check http://wiki.X.Org
to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: /var/log/Xorg.0.log, Time: Sun Oct  8 00:12:22 2006
(EE) Unable to locate/open config file
(II) Module ABI versions:
X.Org ANSI C Emulation: 0.2
X.Org Video Driver: 0.8
X.Org XInput driver : 0.5
X.Org Server Extension : 0.2
X.Org Font Renderer : 0.4
(II) Loader running on openbsd
(II) LoadModule: bitmap
(II) Loading /usr/X11R6/lib/modules/fonts/libbitmap.so
(II) Module bitmap: vendor=X.Org Foundation
compiled for 6.9.0, module version = 1.0.0
Module class: X.Org Font Renderer
ABI class: X.Org Font Renderer, version 0.4
(II) Loading font Bitmap
(II) LoadModule: pcidata
(II) Loading /usr/X11R6/lib/modules/libpcidata.so
(II) Module pcidata: vendor=X.Org Foundation
compiled for 6.9.0, module version = 1.0.0
ABI class: X.Org Video Driver, version 0.8
(II) PCI: Probing config type using method 1
(II) PCI: Config type is 1
(II) PCI: stages = 0x03, oldVal1 = 0x8000c29c, mode1Res1 = 0x8000
(II) PCI: PCI scan (all values are in hex)
(II) PCI: 00:00:0: chip 1106,0282 card 1043,80a3 rev 00 class 06,00,00 hdr 80
(II) PCI: 00:00:1: chip 1106,1282 card , rev 00 class 06,00,00 hdr 00
(II) PCI: 00:00:2: chip 1106,2282 card , rev 00 class 06,00,00 hdr 00
(II) PCI: 00:00:3: chip 1106,3282 card , rev 00 class 06,00,00 hdr 00
(II) PCI: 00:00:4: chip 1106,4282 card , rev 00 class 06,00,00 hdr 00
(II) PCI: 00:00:7: chip 1106,7282 card , rev 00 class 06,00,00 hdr 00
(II) PCI: 00:01:0: chip 1106,b188 card , rev 00 class 06,04,00 hdr 01
(II) PCI: 00:07:0: chip 1106,3044 card 1043,808a rev 80 class 0c,00,10 hdr 00
(II) PCI: 00:09:0: chip 109e,036e card 0070,13eb rev 02 class 04,00,00 hdr 80
(II) PCI: 00:09:1: chip 109e,0878 card 0070,13eb rev 02 class 04,80,00 hdr 80
(II) PCI: 00:0a:0: chip 11ab,4320 card 1043,811a rev 13 class 02,00,00 hdr 00
(II) PCI: 00:0e:0: chip 1102,0004 card 1102,2002 rev 04 class 04,01,00 hdr 80
(II) PCI: 00:0e:1: chip 1102,7003 card 1102,0040 rev 04 class 09,80,00 hdr 80
(II) PCI: 00:0e:2: chip 1102,4001 card 1102,0010 rev 04 class 0c,00,10 hdr 80
(II) PCI: 00:0f:0: chip 1106,3149 card 1043,80ed rev 80 class 01,04,00 hdr 80
(II) PCI: 00:0f:1: chip 1106,0571 card 1043,80ed rev 06 class 01,01,8a hdr 00
(II) PCI: 00:10:0: chip 1106,3038 card 1043,80ed rev 81 class 0c,03,00 hdr 80
(II) PCI: 00:10:1: chip 1106,3038 card 1043,80ed rev 81 class 0c,03,00 hdr 80
(II) PCI: 00:10:2: chip 1106,3038 card 1043,80ed rev 81 class 0c,03,00 hdr 80
(II) PCI: 00:10:3: chip 1106,3038 card 1043,80ed rev 81 class 0c,03,00 hdr 80
(II) PCI: 00:10:4: chip 1106,3104 card 1043,80ed rev 86 class 0c,03,20 hdr 80
(II) PCI: 00:11:0: chip 1106,3227 card 1043,80ed rev 00 class 06,01,00 hdr 80
(II) PCI: 00:18:0: chip 1022,1100 card , rev 00 class 06,00,00 hdr 80
(II) PCI: 00:18:1: chip 1022,1101 card , rev 00 class 06,00,00 hdr 80
(II) PCI: 00:18:2: chip 1022,1102 card , rev 00 class 06,00,00 hdr 80
(II) PCI: 00:18:3: chip 1022,1103 card , rev 00 class 06,00,00 hdr 80
(II) PCI: 01:00:0: chip 10de,00f5 card 10b0,0801 rev a2 class 03,00,00 hdr 00
(II) PCI: End of PCI scan
(II) Host-to-PCI bridge:
(II) Bus 0: bridge is at (0:0:0), (0,0,1), BCTRL: 0x0008 (VGA_EN is set)
(II) Bus 0 I/O range:
[0] -1  0   0x - 0x (0x1) IX[B]
(II) Bus 0 non-prefetchable memory range:
[0] -1  0   0x8000 - 0x (0x8000) MX[B]
(II) Bus 0 prefetchable memory range:
[0] -1  0   0x8000 - 0x (0x8000) MX[B]
(II) PCI-to-PCI bridge:
(II) Bus 1: bridge is at (0:1:0), (0,1,1), BCTRL: 0x000a (VGA_EN is set)
(II) 

Re: X not working with NVIDIA GeForce 7800 GS on amd64

[Andreas Maus]

Hi Andreas.

On 10/8/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote:

I have the same problem with a GeForce 7300GT. The problem is these
chips are only supported by X.org 7.x (which is not yet in OpenBSD).
After reading:
http://www.undeadly.org/cgi?action=articlesid=2006071016

I guess you are right. It works under Linux and it uses X v7 instead
v6.9.


I hope 7.x will be OpenBSD soon. I already mailed  matthieu@, but I
didn't receive an answer. Since I'm the one asking for a favor and he is
the one doing the work I didn't bother him further and will use the
vesa driver until 7.x hits the tree. At that time I'll be a happy
current tester :)

Yeah! Running a -current system is no problem for me. Ususally it runs
more stable than a so called stable Linux. :)


p.s. This xorg.conf section might be of interest to you.
Section Device
Identifier  Card0
Driver  vesa
#Driver  nv
VendorName  nVidia Corporation
BoardName   Unknown Board
BusID   PCI:2:0:0
EndSection

Interesting!
I will try it this when I'm at home.

Thanks.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: X not working with NVIDIA GeForce 7800 GS on amd64

[Andreas Maus]

Hi.

On 10/8/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote:
[... snipp ...]

p.s. This xorg.conf section might be of interest to you.
Section Device
Identifier  Card0
Driver  vesa
#Driver  nv
VendorName  nVidia Corporation
BoardName   Unknown Board
BusID   PCI:2:0:0
EndSection

[... snipp ...]

Ahhh. Good old vesa!
It gives me my 1280x1024 with a color depth 24 bits and thats
all I need ;)

Thanks,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Wireless trouble

[Andreas Maus]

Hi Rafael.

On 10/9/06, Rafael Morales [EMAIL PROTECTED] wrote:


I have OpenBSD 3.8 on a PowerBook G4, an Avaya
wireless card (wi0) and my AP.
My problem is when I active the WEP in the AP
(WEP-Open), my wireless lost connection.

This my card configuration:
wicontrol -e 1 -k abcde123456 -t 6 -n MyName -p1  -f 6

[... snip ...]
Never used wicontrol ... but you can do the same thing using
ifconfig. In this case it would be:

/sbin/ifconfig wi0 chan 6 media autoselect mode 11b nwid MyName \
nwkey persist:abcde123456

You can even put this in your /etc/hostname.wi0 file (writing ! before
ifconfig) and replace wi0 with $if. E.g.

inet 172.16.211.1 255.255.255.0 NONE
!ifconfig $if chan 6 media autoselect mode 11b nwid MyName nwkey
persist:abcde123456

Then it should be set on boot time.

Hope that helps,

Andreas.

P.S.: See man ifconfig and get the list of supported modes running
ifconfig -m wi0

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Wireless trouble

[Andreas Maus]

Hi Stuart.

On 10/9/06, Stuart Henderson [EMAIL PROTECTED] wrote:

 ifconfig. In this case it would be:

this is wi(4) on 3.8, ifconfig didn't know how to configure
wireless settings on prism/wavelan cards back then

Doh! I assumed a current 3.9.
I guess (because I don't have any wi cards - just ath and ra)
it would work with 3.9.

Anyway upgrading to 3.9 is not a bad idea ;)

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Wireless trouble

[Andreas Maus]

On 10/9/06, Fred Crowson [EMAIL PROTECTED] wrote:

hostname.if does not need the !ifconfig command, the netstart(8)
script calls ifconfig.

Hence hostname.wi0 would be:
inet 172.16.211.1 255.255.255.0 NONE \
chan 6 media autoselect mode 11b \
nwid MyName nwkey persist:abcde123456

Amazing! ;)
Never thought about that.

Thank you for this tip,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: squid ldap auth on OpenBSD

[Andreas Maus]

Hi Alexandre.

On 10/6/06, Alexandre ADAM [EMAIL PROTECTED] wrote:

But when I launch make again, there is the following error message :
warning: strcpy() is almost always misused, please use strlcpy()

Thats not an error. Its just a warning.


Do you know what means this message ?

It means that strcpy() is almos always misused and should be
replaced by strlcpy() (or strncpy but OpenBSD prefers strlcpy).

HTH,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

X not working with NVIDIA GeForce 7800 GS on amd64

[Andreas Maus]

Hi.

I recently replaced my ATI X800 with a new NVIDIA GeForce 7800 GS.
Checking the nv(4) man page and it states that it supports:

[... snipp ...]
GeForce 7XXX
[... snipp ...]

So I setup the corresponding Device section to:

Section Device
Identifier  NVIDIA
Driver  nv
#VideoRam524288
# Insert Clocks lines here if appropriate
EndSection

(see attached xorg.conf) and started X.

Unfortunately X died instantly with signal 8 (SIGFPE):

[... snipp ...]
(WW) NV(0): remove MTRR 0 - 1000
(--) Depth 24 pixmap format is 32 bpp
(WW) NV(0): set MTRR e000 - f000
(WW) NV(0): remove MTRR a - b

   *** If unresolved symbols were reported above, they might not
   *** be the reason for the server aborting.

Fatal server error:
Caught signal 8.  Server aborting


Please consult the The X.Org Foundation support
 at http://wiki.X.Org
 for help.
Please also check the log file at /var/log/Xorg.0.log for additional
information.
[... snipp ...]

(Xorg.0.log is also attached).

Using the nv driver under Linux (Gentoo) and the X starts and works as
expected.

The card -listed by pcitweak -l - is:

[... snipp ...]
PCI: 01:00:0: chip 10de,00f5 card 10b0,0801 rev a2 class 03,00,00 hdr 00
[... snipp ...]

System is running OpenBSD 3.9 (GENERIC kernel) from the CDs on amd64.

Has someone running an amd64 system with this graphic card?

Many thanks in advance,

Andreas.

P.S.: dmesg is also attached.

-- 
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of xorg.conf]

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of Xorg.0.log]

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of dmesg]

Re: OpenBSD 4.0 pre-orders are up

[Andreas Maus]

Hi.

On 9/20/06, Theo de Raadt [EMAIL PROTECTED] wrote:

We have activated OpenBSD 4.0 pre-orders.  The official release date
is November 1.

For more information on the release, please see

http://www.openbsd.org/40.html

And don't forget to order the cute Pluffy:

http://undeadly.org/cgi?action=articlesid=20060921164308
https://https.openbsd.org/images/pluffy.jpg

;)

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: How do I redirect the daily log messages to another address?

[Andreas Maus]

On 9/21/06, Steve B [EMAIL PROTECTED] wrote:

Hi Steve.


I'd like to redirect the daily log messages that go to root to an external

[... snip ...]

Could someone point me in the right direction as to what I should be looking
for? I'm pretty sure it has to do with Sendmail.

Setting up an alias for root that points to the external address should work.
Putting the alias in /etc/mail/aliases and rebuild the aliases database with
newaliases -see man 8 newaliases.

HTH,

Andreas.

P.S.: Of cause the external address can be resolved.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Sometimes OpenBSD forgets the disklabel

[Andreas Maus]

On 8/23/06, Kyle George [EMAIL PROTECTED] wrote:
Hi Kyle.


 or what I should do the fix this behaviour?

See: http://inglorion.net/documents/tutorials/ccd
See: http://morgenes.shire.sytes.net/~inglorion/documents/tutorials/ccd

Thanks I will take a look at this.
And as far I can see I use ccd0c as a file system.
Ooops! I will change this to ccd0a as soon as I can.
Note: I dont use the mirror option. I just want a RAID0.


Assuming you don't have any bad disks, I think you are forgetting that the

Nope. I can read both disks with dd without any errors.


I don't see your fstab.  Are you trying to mount ccd0c?

Yes. Here is /etc/fstab:
# cat /etc/fstab
/dev/wd0a / ffs rw 1 1
/dev/wd0d /usr ffs rw,nodev 1 2
/dev/ccd0c /home ffs rw,nodev,nosuid,softdep 1 2

Ugh *ahem* I try to mount ccd0c.


Treat ccd0 like it's it's own disk; like how you would treat a physical
disk.

This is what I do.


See below for my 3.9 ccd configuration which is working fine.

O.K. First I will move the filesystem from ccd0c to ccd0a.

Whats puzzling me is the fact that it works most of the time.
(Only 5 -or so- failures because of the disklabel of wd1.
I use this desktop system with OpenBSD since 3 months
and the system was shutdown every night).

So long,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: Sometimes OpenBSD forgets the disklabel

[Andreas Maus]

On 8/23/06, Nick Guenther [EMAIL PROTECTED] wrote:
Hi Nick.

 Does anyone knows whats wrong or what I should do the fix this
 behaviour?

My first guess is that something is wiping out the disklabel on wd1.
That is, some boundary is configured wrong and, in the process of
writing to the ccd, sometimes it spills over and smashes the
disklabel. In that case you'd also be losing whatever data is getting
put there when you fix the disklabel. Oh look, the disklabel is stored
in the first 512b of wd1a, and you are using wd1a as part of the ccd.

Aha! This would explain the mysterious works mostly thing ;)
Maybe the man page should mention something like this ?
(Or I missed it while reading it ;)


Here, to fix it, make wd1a small, only one sector (or more, if you
aren't comfortable with it being that small) and then make wd1d start

Nope. I dont have a problem with such small things ;)


after it, and use wd1d as part of your ccd instead.

O.K.
Together with the reply from Kyle I will recreate the ccd0 next
week (after a backup of several gigabytes).

So long,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: port kismet wont run as it should on openbsd current

[Andreas Maus]

Hi.

Tested some wireless chipsets (ti,ra,ath0).
It seems that only ath doesn't show anything
in kismet (neither from ports nor from the latest
svn sources) - no powerlevel,no packets, no
packet rates.

Anyhow I would blame kismet,because
monitor mode can be set using ifconfig
ans I can see access points using
ifconfig -M.

So long,

Andreas.

P.S.: Is there a kismet mailinglist? I only found a forum
on there page.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: port kismet wont run as it should on openbsd current

[Andreas Maus]

On 8/15/06, Matthias Kilian [EMAIL PROTECTED] wrote:
Hi.


 source=radiotap_bsd_b,ath0,scan
Did you try with other source types than radiotap_bsd_b?

I never tried another source. I wasn't sure if a/g are working


Any error messages? What does ifconfig ath0 say, is the interface
in monitor mode?

If I remember correctly, yes.


And heere I stopped reading.

I confirm this behaviour with 3.8 and 3.9 (installed from CD)
But I blamed it to kismet, because ifconfig -M works as expected.

So long,

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Samba 3.0.21b from ports dies with SIGABRT when creating password file (tdbsam)

[Andreas Maus]

Hi.

After installing Samba from the ports tree (Samba version 3.021b
without any flavors)
running smbd the first time -the password file passdb.tdb does not
exist- smbd dies
with SIGABRT after creating the password file

# /usr/local/libexec/smbd -D
# ps axuw | grep smbd
root  4370  0.0  0.1   452   476 p2  S+ 3:41PM0:00.02 grep smbd
root  7642  0.0  0.1   352   420 p3  S+ 3:36PM0:00.02 tail
-f /var/log/samba/log.smbd

The generated logfile (/var/log/samba/log.smbd) shows an INTERNAL ERROR:

[2006/07/04 15:40:50, 1]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/smbd/files.c:file_init(197)
 file_init: Information only: requested 1 open files, 1752 are available.
[2006/07/04 15:40:50, 0]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/passdb/pdb_tdb.c:tdbsam_tdbopen(196)
 Unable to open/create TDB passwd
[2006/07/04 15:40:50, 0]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/passdb/pdb_tdb.c:tdbsam_getsampwrid(490)
 pdb_getsampwrid: Unable to open TDB rid database!
[2006/07/04 15:40:50, 0]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/passdb/pdb_tdb.c:tdbsam_tdbopen(196)
 Unable to open/create TDB passwd
[2006/07/04 15:40:50, 0]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/passdb/pdb_tdb.c:tdbsam_tdbopen(196)
 Unable to open/create TDB passwd
[2006/07/04 15:40:50, 0]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/passdb/pdb_tdb.c:tdbsam_getsampwnam(425)
 pdb_getsampwnam: TDB passwd (/etc/samba/passdb.tdb) did not exist.
File successfully created.
[2006/07/04 15:40:50, 0]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/lib/fault.c:fault_report(36)
 ===
[2006/07/04 15:40:50, 0]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/lib/fault.c:fault_report(37)
 INTERNAL ERROR: Signal 11 in pid 13571 (3.0.21b)
 Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/07/04 15:40:50, 0]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/lib/fault.c:fault_report(39)

 From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/07/04 15:40:50, 0]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/lib/fault.c:fault_report(40)
 ===
[2006/07/04 15:40:50, 0]
/usr/ports/net/samba/w-samba-3.0.21bp2/samba-3.0.21b/source/lib/util.c:smb_panic2(1554)
 PANIC: internal error

The password file was created successfully and smbd can be restarted
and runs without
any problems. I can reproduce this behaviour by stopping smbd and
removing the password
file.

This system is running:

# uname -a
OpenBSD son-goku.badphish.dyndns.org 3.9 GENERIC#617 i386

Did anyone see such a behaviour?
Is this an OpenBSD specific bug or should I report this to the
bugzilla.samba.org?

Many thanks in advance,

Andreas.

P.S.: If someone is interested I can provide a ktrace output.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: DDOS attack

[Andreas Maus]

Hi.

You can bind ssh to another port and/or you can play with a little scripting
and the excellent packet filter. I run a script from cron that greps the
IP addresses from the sshscans, dups them in an file and a pf table
uses this file to drop connections from these IPs. Depending on the
type these IP addresses will be removed after a specific amount of time.

The script is really stupid and easy:

#!/bin/sh
exec 21

LOGTAIL=/usr/local/bin/logtail

PF_TABLE=sshscanners

# Penalties:
PENALTY_SCAN=1.0
PENALTY_INVALID_USER=2.0
PENALTY_ROOT_ACCESS=4.0

# Time to expire
TTE_BLACK_LIST=43200 # 12 hours

TMPFILE=/tmp/authlog.tail.$$
NOW=`date +'%s'`

$LOGTAIL /var/log/authlog  $TMPFILE

grep 'Did not receive identification string from' $TMPFILE | awk -v
SCORE=$PENALTY_SCAN '{print $12,SCORE;}' | grep -v '[a-zA-Z]' | sort |
uniq -c  /tmp/sshd_no_id.$$
grep 'Invalid user' $TMPFILE | awk -v SCORE=$PENALTY_INVALID_USER
'{print $10,SCORE;}' | grep -v '[a-zA-Z]' | sort | uniq -c 
/tmp/sshd_invalid_users.$$
grep 'Failed password for root from' $TMPFILE | awk -v
SCORE=$PENALTY_ROOT_ACCESS '{print $11,SCORE;}' | grep -v '[a-zA-Z]' |
sort | uniq -c  /tmp/sshd_root_hackers.$$
cat /tmp/sshd_root_hackers.$$ /tmp/sshd_invalid_users.$$
/tmp/sshd_no_id.$$ | awk -v STAMP=$NOW '{bastards[$2]+=$1*$3;} END{for
(ip in bastards) {print ip # bastards[ip] STAMP;}}' 
/tmp/new_bastards.$$

cp /etc/pf.d/sshscans /tmp/sshscans.$$

echo Updating table ${PF_TABLE}: 
echo 

cat /tmp/sshscans.$$ /tmp/new_bastards.$$ | grep '^[0-9]' | awk -v
NOW=$NOW -v TTE=$TTE_BLACK_LIST '{if ((NOW-$4)TTE*$3) {print $0;}}' 
/etc/pf.d/sshscans
/sbin/pfctl -t $PF_TABLE -T replace -f /etc/pf.d/sshscans -v | grep -v
'^X' | sed -e 's/^A /Adding /g' -e 's/`D /Deleting /g' 21
echo 
/bin/rm -f /tmp/sshd_root_hackers.$$ /tmp/sshd_invalid_users.$$
/tmp/sshd_no_id.$$ /tmp/new_bastards.$$ $TMPFILE

pf.conf defines a table with the addresse build from that file and drops them:

[... snipp ...]
table sshscanners file /etc/pf.d/sshscans persist
[...]
block return-rst in log quick on $ext_if proto tcp from sshscanners
to any port 22
[... snipp ...]

This works for me but zour mileage may vary.

HTH,

Andreas.

On 7/4/06, sonjaya [EMAIL PROTECTED] wrote:

Dear all

 How to blok ddos/Flooding/ssh brute attack  with pf .



-sonjaya-





--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Re: make install is not the same as pkg_add' ?

[Andreas Maus]

Thanks for all your help.
Now it is cristal clear ;)

Although using ports for years, I should read the fine manual pages
before posting ;)

... next step, kill the penguin OS on my desktop (this was just my laptop)
and install a reliable OS ;)

Andreas.

make install is not the same as pkg_add' ?

[Andreas Maus]

Hello everbody.

I'm using OpenBSD since version 3.1 (or so) usually for servers and my
firewalls.
Getting my IBM X40 and I installed OpenBSD 3.9 and started to build
the packages I need
from /usr/ports. Everything works as expected (means without any problem ;)

But after installing xmms from /usr/ports/audio/xmms/ I discovered that xmms was
not able to play MP3 and OGG files. After some hours of searching and
looking around
I found a package named xmms-mp3-*(and xmms-vorbis) in
/usr/ports/packages/i386/all/.

So I run pkg_add /usr/ports/packages/i386/all/xmms-mp3-1.2.10p6.tgz.

After this pkg_add xmms was able to play MP3 files.

All the years I believed that make install will do the same as a pkg_add.
Now I am real confused ;)

Am I missing something? Is this a bug or does it work as expected?

Many thanks in advance.

Andreas.

Re: Laptop recommendations

[Andreas Maus]

Hi RJ.

I would recommend IBM/Lenovo.
OpenBSD 3.9 works out of the box including (but not limited to ;)
suspend, buttons, ... on my IBM X40.

After a hard disk error on my Mac PowerBook (ppc architecture)
I discovered that the support from Mac is really sh*t.

Having a choice between IBM/Lenovo I strongly recommend an IBM/Lenovo
notebook. But check http://www.openbsd.org/laptop.html .

HTH,

Andreas.

On 5/11/06, rjn [EMAIL PROTECTED] wrote:

Hi all,

I'm looking into getting a new laptop (I start college in the fall).
In particular, I'm looking for something OpenBSD compatible.  I
considering either a Lenovo Thinkpad or the MacBook Pro.  From what
I've seen you can only boot the macbook pro if you have windows
installed.

I'm wondering if anybody has experience with the new Lenovo models and
the macbook pro?

Thanks,
RJ

--
em: [EMAIL PROTECTED]

Poster: I am a Windows Systems Administrator and work for a pretty
large corporation
Anonymous: I am so very sorry for you...
-- Slashdot