Re: pledge(2) API ideas for libraries

[Ray Lai]

pledge should be used to restrict a program to whatever it is necessary to do,
rather than everything the library can do. So if I use libimaginarydb to parse
a csv file I've already read into a memory buffer (nearly pledge("", NULL)),
but the library can read/write/create files, do remote db connections, and
fork shells, we don't want it to do all that (pledge("rpath wpath cpath dns
inet exec proc", NULL)).

> On Jun 13, 2016, at 12:56 PM, 
 wrote:
>
> I have thought of a way pledge(2) can be made a little more
> library-friendly.
>
> This is not a patch, but just a thought.
> There are 2 setups I have thought of:
>
> === 1. Variable arguments ===
>
> int pledge(const char *promises, const char *paths[])
> {
>return vpledge(1, promises, paths);
> }
>
> int vpledge(const size_t npledge, ...);
>
> -
>
> In a program, this may be something like this:
>
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
>
> int main(void) {
>if(vpledge(5, "stdio rpath wpath cpath", NULL,
>ultra_promises, ultra_pledgepaths,
>extra_promises, NULL, super_promises, NULL,
>mecha_promises, mecha_pledgepaths) == -1)
>errx("pledge");
>
>... [other code] ...
> };
>
>
> ---
>
> In vpledge(), "npledge" refers to the number of pledge-pairs, which
> consist of:
>
>const char *promises, const char *paths[]
>
> These have the same semantics as the original pledge().
>
> A library can export *_promises and *_pledgepaths symbols, pointing to
> static text. This allows the library to change without the program
> being affected because the new library changes call something outside
> the original pledge() of a program.
>
> = 2. Using a struct ==
>
> -
>
> struct pledge {
>char *promises;
>char *paths[];
> };
>
> -
>
> int pledge(const char *promises, const char *paths[])
> {
>struct pledge pl = {
>.promises, paths
>};
>
>return pledges(1, &pl);
> }
>
> int pledges(const size_t npledge, const struct pledge pledge_array[]);
>
> -
>
> In a program, this may be something like this:
>
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
>
> int main(void) {
>struct pledge pl[4];
>
>pl[0].promises = "stdio rpath wpath cpath";
>ultra_getpledge(&pl[1]);
>extra_getpledge(&pl[2]);
>super_getpledge(&pl[3]);
>mecha_getpledge(&pl[4]);
>
>if(pledges(5, pl) == -1)
>errx("pledge");
>
>... [other code] ...
>
>
> };
>
>
> ---
>
>
> A library can tell the application what pledges are in use as follows:
>
>
> static const char *pledge_promises = "stdio fattr sendfd recvfd"
>
> void ultra_getpledge(struct pledge *const pl)
> {
>pl->promises = pledge_promises;
>pl->paths = NULL;
> }
>
>
> ==
>
> I think that #1 has the advantage of it being easier to code so a
> program can ratchet down its abilities. #2 allows one to group the
> pledge arguments into a single struct.
>
> Thoughts?

Re: wifind(8) find your wifi

[Ray Lai]

> On Jun 3, 2016, at 8:42 PM, Erling Westenvik 
wrote:
> As much as I endorse and approve of any effort to create a good solution
> for handling wifi's, I must say I find the use of perl and json
> unnecessary for such a project. I've been using a "pure ksh" solution
> named wiconfig since 2013 and which was posted here at @misc back in
> 2011 or 2012:

I've checked out wiconfig prior to wifind, but I couldn't figure out how to
use it, and couldn't figure it out from the 500-line shell script.

This script, for now, merely parses a config file and ifconfig scan output and
writes a new hostname.if. I understand it.

>
http://openbsd-archive.7691.n7.nabble.com/wiconfig-simplifies-the-configurati
on-of-wireless-interfaces-td89829.html
>
> It is available on github:
>
> https://github.com/devious/wiconfig/blob/master/wiconfig
>
> wiconfig:
> - Works great with apm/resume, including trunk(4) interfaces.
> - Has no dependencies. Just pure old fashioned ksh.

This is a nice benefit, as it can be run even when upgrading, theoretically.

> - Stores (accepted) connections in plain text format. (/etc/wiconfig.db)

I couldn't figure this out from the documentation and code, unfortunately.

> - Handles quoted nwids.

Does it handle nwids with quotes within, eg "network "name""?

> - Does not require writing to /etc/hostname.if-files.

The reason I chose to write hostname.if files is upgrades. I don't expect this
program to be functional during upgrades, nor any other non-base solution. So
the simplest solution was to save the latest best-known network configuration
so that the network would have a decent chance of being usable during
upgrades.

Cheers,
Ray

Re: wifind(8) find your wifi

[Ray Lai]

On Fri, 3 Jun 2016 10:33:47 +0100
skin...@britvault.co.uk (Craig Skinner) wrote:

> Hi Ray,
> 
> On 2016-06-03 Fri 00:26 AM |, Ray Lai wrote:
> > 
> > I got tired of configuring my wifi every time I had to move my laptop.
> > Here's a script a whipped up.  
> 
> port it up: http://www.OpenBSD.Org/faq/ports/guide.html
> 
> Cheers!

Done: http://permalink.gmane.org/gmane.os.openbsd.ports/80223

Re: wifind(8) find your wifi

[Ray Lai]

On Fri, 3 Jun 2016 15:52:34 +0200
Stefan Sperling  wrote:

> On Fri, Jun 03, 2016 at 03:22:19PM +0200, Kamil Cholewiński wrote:
> > Perhaps it's time that the best tool be chosen and made a part of the
> > base install? I've already seen like a 100 different OBSD WiFi scripts
> > floating around the 'net, and naturally I also have a DIY one.
>
> No scripts for this, please.
>
> We need a well engineered to make the kernel handle this, perhaps with some
> help from userland. Various ideas have been porposed (not always on list,
> but mostly during face-to-face discussions at hackathons).
>
> What we need is someone who wants to sit down and drive the project home,
> i.e. wrap up the design discussion within the community and write the code.
> I'm up for helping people through this, but it really needs someone else
> dedicated to take responsibility for this project and the implementation.
>
> One thing we should probably fix first is roaming support in the kernel.

Do you mean 802.11r support?

Re: wifind(8) find your wifi

[Ray Lai]

> On Jun 3, 2016, at 8:59 PM, Etienne  wrote:
> On 06/03/16 05:12, Ray Lai wrote:
>>>
>>> #!/bin/sh
>>>
>>> if [[ $1 == "home" ]]; then
>>>doas ifconfig run0 nwid foonet wpa wpakey ultrasecret
>>>doas dhclient run0
>>> fi
>> Yup. The goal of wifind is to do exactly this, the moment I resume my
laptop,
>> without my interaction.
> May I know what's triggering it? I have something similar, but I need to
click on a button to run it.

/etc/apm/resume

Check apmd(8)

Re: wifind(8) find your wifi

[Ray Lai]

> On Jun 3, 2016, at 6:17 AM, Gleydson Soares  wrote:
>
> I usually just use a small script that lives in ~/bin
>
> cat ~/bin/wifi
>
> #!/bin/sh
>
> if [[ $1 == "home" ]]; then
>doas ifconfig run0 nwid foonet wpa wpakey ultrasecret
>doas dhclient run0
> fi

Yup. The goal of wifind is to do exactly this, the moment I resume my laptop,
without my interaction.

Ray

Re: wifind(8) find your wifi

[Ray Lai]

> On Jun 3, 2016, at 2:36 AM, Kamil Cholewiński  wrote:
>> On Thu, 02 Jun 2016, Ray Lai  wrote:
>> use JSON::PP;
>
> That's just my personal opinion, but JSON sucks for configuration files.
> It's more of a human-readable data interchange format.
>
> It feels like the same functionality can be achieved with something much
> simpler, getent or CSV style.

I agree. All I need are hashes and arrays. Any examples would be welcome, I'm
open to changing the file format. But as wifind.conf(5) says, I chose json
because it's included in Perl. I was more concerned with having a
set-it-and-forget-it solution. The config file is a minor detail that can be
changed.
>
>> my $tmp = "/etc/wifind.tmp";
>
> mkstemp?

Will fix

>> Please avoid nwid or wpakey with quotes, dollar signs, or backslashes.
>
> Without knowing or assuming much about how WiFi works, why would this be
> a concern in a well-designed program?

Currently wifind parses 'ifconfig if scan' output, which, according to my
reading of the code, simply adds "double quotes" around any nwid with white
space when printing. (I've not tested my theory that nwid with " in the name
would cause problem. )

Likewise, netstart takes nwid and wpakey, which could include spaces, but as
netstart is a shell script, I have not tested what happens when the values
contain backslashes, dollar signs, or double quotes. Caveat emptor!


Thanks for your feedback, I appreciate it!

Ray

wifind(8) find your wifi

[Ray Lai]

Hi all,

I got tired of configuring my wifi every time I had to move my laptop.
Here's a script a whipped up. It scans the wifi for known networks and
writes the strongest one to /etc/hostname.if. Then it runs netstart.
Easy to use, simple config file, no arguments needed, perfect
for /etc/apm/resume.

Oh, and it uses pledge for good measure.

I hope this is helpful!

Ray



wifind(8)   System Manager's Manual
wifind(8)

NAME
 wifind – connect to known wifi networks

SYNOPSIS
 wifind

DESCRIPTION
 The wifind utility scans for the strongest recognized wifi networks,
 writes an appropriate hostname.if(5) file, and starts the network with
 /etc/netstart(8).

FILES
 /etc/wifind.conf

EXIT STATUS
 Exits 0 on success, 1 if no network found.

EXAMPLES
 Add the following line to your /etc/apm/resume:

 wifind

SEE ALSO
 hostname.if(5)

HISTORY
 I got really tired of editing hostname.if(5) every time I moved my
 laptop.

AUTHORS
     Ray Lai 

CAVEATS
 Please avoid nwid or wpakey with quotes, dollar signs, or backslashes.

 I'm sorry if you dislike Perl, but it comes stock with OpenBSD.

OpenBSD 6.0  June 3, 2016  OpenBSD
6.0

==
wifind
==
#!/usr/bin/env perl
# Written by Ray Lai .
# Public domain.

use JSON::PP;
use OpenBSD::Pledge;
use strict;
use warnings;

my $ifconfig = '/sbin/ifconfig';
my $tmp = "/etc/wifind.tmp";
my $head = "lladdr random\n" .
"-chan -bssid -wpakey\n";
my $tail = "dhcp\n";

sub slurp
{
my $file = shift;
open F, '<', $file or die "Can't read $file: $!";
local $/;   # enable slurp mode, locally.
my $data = ;
close F;
$data;
}

sub write_hostname_if
{
my ($if, $ap) = @_;
my $hostname_if = "/etc/hostname.$if";

umask 077;
open TMP, '>', $tmp or die "Unable to open $tmp: $!";

print TMP $head;
# set nwid, bssid, chan
printf TMP 'nwid "%s"', $ap->{nwid};
printf TMP ' bssid "%s"', $ap->{bssid} if $ap->{bssid};
printf TMP ' chan "%s"', $ap->{chan} if $ap->{chan};
print TMP "\n";
# wpa needs to be set after nwid
printf TMP "wpakey \"%s\"\n", $ap->{wpakey} if $ap->{wpakey};
print TMP $tail;
close TMP;

rename $hostname_if, "$hostname_if.orig" or die "rename failed: $!";
rename $tmp, $hostname_if or die "rename failed: $!";

print STDERR "found $ap->{nwid}, wrote $hostname_if\n";
}

# we only need rpath to read config file
pledge(qw( rpath wpath cpath proc exec )) || die "Unable to pledge: $!";

my $conf = decode_json(slurp '/etc/wifind.conf');
my $wlan = $conf->{wlan};
my $if = $conf->{if};

# initial scan
open L, '-|', $ifconfig, $if, 'scan' or die "Can't open pipe: $!";

pledge(qw( rpath wpath cpath exec )) || die "Unable to pledge: $!";
for () {
if (/^\s+nwid (.+) chan (\d+) bssid ([0-9a-f:]+) (-\d+)dBm ([\w-]+)
([\w,-]+)\s*$/) {
my ($nwid, $chan, $bssid, $dbm, $mystery, $csv) =
($1, $2, $3, $4, $5, $6);
my %cap = map { $_ => 1 } split(/,/, $csv);

# remove quotes from nwid, if any
$nwid =~ s/^"(.*)"$/$1/;

# reject hostile characters
if ($nwid =~ /["\\\$]/) {
print STDERR "malformed nwid: $nwid\n";
next;
}
# check for recognized access points
# i assume we will match the strongest signal first
for my $ap (@$wlan) {
next if $ap->{nwid} ne $nwid ||
($ap->{bssid} && $ap->{bssid} ne $bssid) ||
($ap->{chan} && $ap->{chan} ne $chan) ||
($ap->{wpakey} && !$cap{wpa2});

# reject hostile characters
if ($ap->{wpakey} =~ /["\\\$]/) {
        print STDERR "malformed wpakey\n";
next;
}

write_hostname_if $if, $ap;
exec '/bin/sh', '/etc/netstart', $if
or die "exec failed: $!";
}
}
}

print STDERR "no network found\n";
exit 1;


=
wifind.conf.5
=
.\" $OpenBSD$
.\"
.\" Written by Ray Lai .
.\" Public domain.
.\"
.Dd $Mdoc

Re: Can't use sshfs as user

[Ray Lai]

I've fixed "sshfs -o idmap=user", please test and give feedback:

https://marc.info/?l=openbsd-tech&m=146383589632694&w=2

Index: fuse_opt.c
===
RCS file: /home/cvs/src/lib/libfuse/fuse_opt.c,v
retrieving revision 1.15
diff -u -p -r1.15 fuse_opt.c
--- fuse_opt.c  19 Oct 2015 17:24:07 -  1.15
+++ fuse_opt.c  21 May 2016 12:53:57 -
@@ -247,13 +247,14 @@ parse_opt(const struct fuse_opt *o, cons
ret = f(data, &val[idx], o->val, arg);
else
ret = f(data, val, o->val, arg);
-   }
-
-   if (o->off != ULONG_MAX && data && o->val >= 0) {
-   ret = f(data, val, o->val, arg);
-   int *addr = (int *)(data + o->off);
-   *addr = o->val;
-   ret = 0;
+   /* exact match, e.g. "idmap=user" (instead of 
"idmap=%s") */
+   } else if (keyval && strcmp(val, o->templ) == 0) {
+   if (data && o->val >= 0) {
+   ret = f(data, val, o->val, arg);
+   int *addr = (int *)(data + o->off);
+   *addr = o->val;
+   ret = 0;
+   }
}
 
if (ret == -1)

Re: pftpx

[Ray Lai]

On Thu, May 25, 2006 at 08:28:12PM +0100, Gaby vanhegan wrote:
> The last mention of this on misc@ was march, and not much prior to  
> that.  Does anybody have any good/bad experiences with pftpx?  I plan  
> to use it to proxy incoming FTP connections, the opposite of what I'd  
> use ftp-proxy for...

It's been imported as the new ftp-proxy:

http://marc.theaimsgroup.com/?m=111708277030478

-Ray-

Re: bash vs. ksh

[Ray Lai]

On Wed, May 10, 2006 at 04:35:46PM -0400, Michael Erdely wrote:
> Janjaap van Velthooven wrote:
> >>Luke Bakken wrote:
> cmd1 2>&1 >$WHERE
> >What you would want is 
> >cmd1 >$WHERE 2>&1
> 
> I was going to respond with the exact same thing.  Then, just for kicks, 
> I decided to read ksh(1) from 3.9 and searched for "2>".  I found:
> "$ cat /foo/bar 2>&1 > /dev/null | cat -n"
> 
> Here's a patch:
> --- ksh.1.orig  Wed May 10 16:33:50 2006
> +++ ksh.1   Wed May 10 16:34:27 2006
> @@ -2108,7 +2108,7 @@
>  pipelines are created and in the order they are given, so the following
>  will print an error with a line number prepended to it:
>  .Pp
> -.D1 $ cat /foo/bar 2\*(Gt&1 \*(Gt /dev/null \*(Ba cat -n
> +.D1 $ cat /foo/bar \*(Gt /dev/null 2\*(Gt&1 \*(Ba cat -n
>  .Ss Arithmetic expressions
>  Integer arithmetic expressions can be used with the
>  .Ic let

Did you read the text above the example?

-Ray-

Re: www.openbsd.org defaults to Japanese

[Ray Lai]

On Tue, May 02, 2006 at 11:26:37PM +, Tan Dang wrote:
> Any reason why www.openbsd.org displays Japanese by default now?

April Fools!

-Ray-

Re: OpenBSD via serial line

[Ray Lai]

On Tue, May 02, 2006 at 12:15:09PM +1000, John Kintaro Tate wrote:
> I was wondering about installing OpenBSD on a very old laptop (no cdrom) via
> serial line. I am aware it would take literally ages.
> 
> I am guessing slip would be the way to go, I have never used it before. Does
> anyone have anything they can point me at with a reasonable introduction,
> such as certain manpages etc.

No network?

-Ray-

Re: Verizon PC5740 card (Curitel Communications) wireless WAN card

[Ray Lai]

On Mon, Apr 24, 2006 at 08:52:09PM -0500, Chris Paul wrote:
> Thanks to Jolan's recommendation to fiddle with umodem.c has helped. I 
> now have
> 
> #define UMODEMIBUFSIZE 2048
> #define UMODEMOBUFSIZE 2048
> 
> It works quite well now except that almost everytime I pull out the card, 
> OpenBSD freezes. I guiltily admit that this may be due to me using an 
> instable window manager (fvwm 2.5). I supposed I could try killing the 
> window manager next time.

Try doing that in console mode instead of X, you'll probably get a
kernel panic.  Follow the instructions.

-Ray-

Re: Problem Compiling Stevens' Socket Source Code

[Ray Lai]

On Tue, Apr 25, 2006 at 12:10:14AM +0200, Tobias Ulmer wrote:
> Here's a patch that removes all(?) warnings/errors from the
> intro chapter if you followed the instructions in the readme...
> 
>  
> diff -ru unpv13e.orig/intro/byteorder.c unpv13e/intro/byteorder.c
> --- unpv13e.orig/intro/byteorder.cThu Nov 14 04:33:33 2002
> +++ unpv13e/intro/byteorder.c Tue Apr 18 04:39:40 2006
> @@ -18,7 +18,7 @@
>   else
>   printf("unknown\n");
>   } else
> - printf("sizeof(short) = %d\n", sizeof(short));
> + printf("sizeof(short) = %zd\n", sizeof(short));

Use %zu for sizeof(), since it returns size_t, an unsigned type.

-Ray-

Re: heads up about filesystem troubles

[Ray Lai]

On Wed, Apr 12, 2006 at 04:49:29PM +0200, Jonathan Thornburg wrote:
> Hi,
> 
> >The window of danger was booting a kernel from any time _after_ 2
> >weeks ago and running a fsck from any time _before_ 4 days ago.  If
> >you have booted a new kernel, do not use the old fsck.
> 
> Do I infer correctly from the following paragraph
> >I have backed out the new superblock changes.  The next snapshot will
> >not upgrade the superblock and will simply use the old format.  You
> >are encouraged to move away from any snapshot installed in the last 2
> >weeks.
> that these changes *only* went into -current, and did *not* go into
> -stable?

Yes.

-Ray-

Re: OpenBSD todo list?

[Ray Lai]

On Mon, Apr 10, 2006 at 08:44:36PM -0700, Shawn Nock wrote:
> A quick search of the archive and google didn't turn anything up, so 
> I'll ask here.
> 
> Is there (if not could there be) a document that describes portions of 
> the tree that particularly need attention? I am looking for a way to 
> contribute and without a little direction the task seems daunting. The 
> FreeBSD folks recently started maintaining such a todo list. It seems to 
> have worked out fairly well for them. I realize that those in a position 
> to put together such a list are also the ones not likely to have the 
> time, but I believe this could prove useful (I assume there are more 
> like me who are new and/or haven't found a comfort zone/focus yet).

OpenRCS needs help.  Diffs that implement missing functionality,
diffs that match GNU RCS behavior in existing functions, and
additional regression tests are all welcome.

I look forward to your code.

-Ray-

Re: RedBlack trees

[Ray Lai]

On Thu, Apr 06, 2006 at 05:07:14PM -0300, Gustavo Rios wrote:
> Hey folks,
> 
> i saw OpenBSD comes with a library that implements a redblack tree
> features. I know there are many ways to implement it. The difference
> is in performance. I don't know the fastest one.
> 
> May some of the openbsd friends suggest one?
> 
> Thanks a lot for your time and cooperation.

man tree(3)

-Ray-

Re: openbsd and the money

[Ray Lai]

On Mon, Mar 27, 2006 at 09:57:25PM +0200, Tobias Kirschstein wrote:
> On Mon, 27 Mar 2006 13:50:04 +0200
> Henning Brauer <[EMAIL PROTECTED]> wrote:
> > * Tobias Kirschstein <[EMAIL PROTECTED]> [2006-03-25 20:26]:
> > > > Maybe our friends of humppa.com will make a "Humppa OpenBSD
> > > > Support Tour 2006" or add them to the 11 OpenBSD songs.
> > > 
> > > ... as you mention it: an (maybe more funny) idea would be some
> > > benefit humppa concerts with e.g. Elaekelaeiset where some percent
> > > of the entrance fee will be donated to the OpenBSD project. Some
> > > CDs and t-shirts can be sold there, too. This way nobody has to pay
> > > for any
> > 
> > have you organzied that yet?
> 
> is this a rhetorical question? :)
> 
> no i haven't, but oliver and i will meet Elaekelaeiset next week in
> regensburg maybe i could ask them there if they are interested in such
> a thing at all.
> it doesn't hurt to ask.

(This rant applies to every respondent to these threads, not one
person in particular.)

But it does.  Ideas like these have been filling up my mailbox and
wasting everybody's time and bandwidth.  Under your logic, spam
doesn't hurt either.  Prank calls don't hurt.  What you don't realize
is that it wastes everybody's time to read and respond.  That doesn't
even take into account the implementation cost of each idea.

Want to help?  Really help?  Just do it.  Organize a benefit Humppa
concert, then let us know.  Set up collection funds, sell M&Ms for
$1 each, whatever.  Whatever idea it is you have, implement it.
Then pass the proceeds to the project.

This has been done in the past.  That's how the G5 was donated to
the project.  Someone stepped up to organize the collection funds
and once the funds were complete the money was sent to the appropriate
people.  Do you think the same thing would have happened if 50
people just kept saying, "Apple should donate to OpenBSD.  Somebody
should organize a fund raiser.  Let's sign up for an online petition!"?

You may think your ideas are easy to set up and that you are being
helpful by submitting more and more ideas (despite being repeatedly
told otherwise), but all these things take time to do, and every
idea without an action just wastes time.

-Ray-

Re: Spamd and verbose logging...

[Ray Lai]

On Mon, Mar 27, 2006 at 09:53:01AM -0700, Jeff Ross wrote:
> Hi all,
> 
> I'm trying to understand why spamd isn't doing any verbose logging on my 
> mail server.  Spamd is working fine, so this is more curiosity/learning 
> than anything else.
> 
> NOTE: I have replaced the standard syslog with socklog.  I understand that 
> this may be a socklog problem and not a spamd problem, but socklog is 
> working fine with other processes logging to syslog (including chrooted 
> httpd error logs) so I thought I'd start here.

Do you have socklog logging from /var/empty/dev/log?  spamd chroots
to /var/empty.

-Ray-

> I use this in /etc/rc.conf.local:
> 
> spamd_flags="-v -p 8024 -G 25:4:864"
> spamd_grey=YES
> spamlogd_flags=""
> 
> and the correct parameters are being picked up by spamd:
> 
> [EMAIL PROTECTED]:/tmp $ ps -wwwaux | grep [s]pam
> _spamd   18445  0.0  0.2  8720   548 ??  Is11Mar06   22:08.83 spamd: 
> (pf  update) (spamd)
> _spamd 290  0.0  1.9  9892  4888 ??  S 11Mar06   32:48.75 
> /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g
> _spamd2714  0.0  0.2  8688   376 ??  I 11Mar061:43.45 spamd: 
> (/var/db/spamd update) (spamd)
> root 19930  0.0  0.1   380   348 ??  Is11Mar060:25.46 
> /usr/libexec/spamlogd
> 
> Some logging, and logging at the debug level, does occur.
> 
> 2006-03-27 07:28:41.855565500 daemon.debug: spamd[18445]: whitelisting 
> 209.59.202.133 in /var/db/spamd
> 
> I ran ktrace on spamd with the following:
> 
> sudo ktrace -id -p 290 -f /tmp/spamd.trace
> 
> and even caught a spammer in action ;-)
> 
> 
>290 spamdEMUL  "native"
>290 spamdRET   select 1
>290 spamdCALL  read(0x7,0x84e0,0x4000)
>290 spamdGIO   fd 7 read 388 bytes
>"spamd-greytrap;"Your address %A has mailed to spamtraps 
> here\\n";12.24.45.234/32;140.134.27.177/32;194.\
> 
> 50.7.57/32;200.243.249.130/32;200.50.112.201/32;200.86.156.91/32;200.90.205.20/32;201.215.80.209/32;203\
> 
> .200.147.5/32;212.158.149.62/32;216.127.70.18/32;217.125.161.0/32;222.165.171.51/32;69.63.58.88/32;81.5\
> 
> 7.208.215/32;82.194.48.154/32;82.224.12.56/32;82.67.89.103/32;84.227.237.99/32;
>"
>290 spamdRET   read 388/0x184
>290 spamdCALL  gettimeofday(0xcfbe6d88,0)
>290 spamdRET   gettimeofday 0
>290 spamdCALL  select(0xb,0x80eb4080,0x80eb40e0,0,0)
>290 spamdRET   select 1
>290 spamdCALL  accept(0x3,0xcfbe6e14,0xcfbe6de0)
>290 spamdRET   accept 5
>290 spamdCALL  gettimeofday(0xcfbe6d58,0)
>290 spamdRET   gettimeofday 0
>290 spamdCALL  mmap(0,0x2000,0x3,0x1002,0x,0,0,0)
>290 spamdRET   mmap 2142023680/0x7facb000
>290 spamdCALL  mmap(0,0x1000,0x3,0x1002,0x,0,0,0)
>290 spamdRET   mmap -2040590336/0x865f1000
>290 spamdCALL  getpid()
>290 spamdRET   getpid 290/0x122
>290 spamdCALL  socket(0x1,0x2,0)
>290 spamdRET   socket 8
>290 spamdCALL  fcntl(0x8,0x2,0x1)
>290 spamdRET   fcntl 0
>290 spamdCALL  connect(0x8,0xcfbe6030,0x6a)
>290 spamdNAMI  "/dev/log"
>290 spamdRET   connect -1 errno 2 No such file or directory
>290 spamdCALL  close(0x8)
>290 spamdRET   close 0
>290 spamdCALL  sendto(0x,0xcfbe6530,0x2f,0,0,0)
>290 spamdRET   sendto -1 errno 9 Bad file descriptor
>290 spamdCALL  socket(0x1,0x2,0)
>290 spamdRET   socket 8
>290 spamdCALL  fcntl(0x8,0x2,0x1)
>290 spamdRET   fcntl 0
>290 spamdCALL  connect(0x8,0xcfbe6030,0x6a)
>290 spamdNAMI  "/dev/log"
>290 spamdRET   connect -1 errno 2 No such file or directory
>290 spamdCALL  close(0x8)
> 
> Yet, /dev/log certainly does exist:
> 
> ls -al /dev/log
> srwxrwxrwx  1 root  wheel  0 Mar 11 13:10 /dev/log
> 
> I've read the connect(2) man page (and again and again), but other than 
> the fact that connect is failing and returning -1 and errno, I'm stuck.
> 
> Any clues or pointers in how better to investigate would be greatly 
> appreciated.
> 
> Jeff

Re: UPEK Fingerprint-Reader (ThinkPad Notebooks)

[Ray Lai]

On Fri, Mar 24, 2006 at 02:24:31AM +, Deanna Phillips wrote:
> "Karsten McMinn" <[EMAIL PROTECTED]> writes:
> 
> > On 3/20/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >>
> >> Oops, that's a good heads up. I was considering getting an R51. Is that
> >> going to have an unsupported wireless NIC?
> >>
> >> Paul
> >
> >
> > ath0 at pci4 dev 0 function 0 "Atheros AR5212 (IBM MiniPCI)" rev 0x01:
> > cannot map register space
> >
> > I've turned all knobs on the laptop (rf switch, varios bios settings, bios
> > versions etc) to
> > no avail. Its on my todo list though.
> 
> Huh.
> 
> ath0 at pci4 dev 2 function 0 "Atheros AR5212 (IBM MiniPCI)" rev 0x01: irq 11

What's in your /etc/hostname.ath0?  You can XXX out the IPs if you
want, I'm mainly interested in what parameters you pass ifconfig.
Thanks!

-Ray-

Re: Reminder about the X Aperture

[Ray Lai]

On Thu, Mar 16, 2006 at 01:56:44PM -0800, A Rossi wrote:
> 
> > modern PC video card architecture containing a large
> > quantity of PURE EVIL.
> 
> This joke has a whole new meaning...
> http://ctrlaltdel-online.com/comic.php?d=20021029
> 
> As an aside, there are no alternative windows systems that are 
> functional or secure?

Use a -current Zaurus.  And I think you mean functional AND secure.
=)

-Ray-

Re: Why packets are not blocked

[Ray Lai]

On Wed, Mar 08, 2006 at 10:29:53AM -0800, Bryan Irvine wrote:
> On 3/7/06, Jim <[EMAIL PROTECTED]> wrote:
> > When my kid gets grounded I block the gameroom computer from getting to the
> > internet.  The script that runs is
> >
> > #!/bin/sh -
> > cp /home/jmays/pf.conf.noGameroom /etc/pf.conf
> > pfctl -F rules -f /etc/pf.conf
> > pfctl -F nat -f /etc/pf.conf
> >
> 
> The script should probably read
> 
> #!/bin/sh -
> cp /home/jmays/pf.conf.noGameroom /etc/pf.conf
> pfctl -F rules -f /etc/pf.conf
> pfctl -F nat -f /etc/pf.
> pfctl -k 192.168.100.130

Loading pf.conf will automatically flush NAT and the rules.

-Ray-

Re: Fw: Why packets are not blocked

[Ray Lai]

On Tue, Mar 07, 2006 at 09:48:14PM -0600, Jim wrote:
> >>don't forget to flush/kill states if you want existing connections to
> be torn down.
> 
> How do I do that?

pfctl -k

-Ray-

Re: Dependancies with make search key=

[Ray Lai]

On Tue, Feb 28, 2006 at 04:04:46PM -0600, Harry Putnam wrote:
> Maybe I don't understand what the dependancy lines are supposed to
> do.  I thought they would list any dependancies.
> 
> I have no part of X installed so should I see some dependancies listed
> here?
># make search key=ratpoison
>   Port:   ratpoison-1.3.0p1
>   Path:   x11/ratpoison
>   Info:   minimal wm based on GNU screen
>   Maint:  William Yodlowsky <[EMAIL PROTECTED]>
>   Index:  x11
>   L-deps: 
>   B-deps: 
>   R-deps: 
>   Archs:  any

I guess this means ratpoison is unbelievably lightweight, having
no dependencies (other than X, of course).

-Ray-

Re: systrace filename exists rule

[Ray Lai]

On Mon, Feb 27, 2006 at 05:48:26PM +0200, [EMAIL PROTECTED] wrote:
> i was writing a systrace rule and i could not find a way to create 
> a rule that would permit writing 
> to a file but only if it does not exists, so it could only create 
> new files but not override old ones. 
> Would that require a new feature to systrace or is it already 
> possible do it in a way that I'm not 
> seeing.

Use ``systrace -u''.  It allows for finer-grained control of system
calls.

-Ray-

Re: squid cachemgr: Unknown host: localhost

[Ray Lai]

On Fri, Feb 24, 2006 at 09:57:24PM +0100, Martin Schr?der wrote:
> Hi,
> I've a firewall/proxy with 3.7 running a named and transparent
> squid. I want to use cachemgr.cgi, so I've setup apache to listen
> on port 8080 and copied /usr/local/libexec/cachemgr.cgi to
> /var/www/cgi-bin
> 
> Now, the Cache Manager Interface comes up on
> http://firewall:8080/cgi-bin/cachemgr.cgi, but whatever I enter
> (or if I simply press Continue), I always get an error page:
> 
> Cache Manager Error
> 
> Unknown host: localhost 
> 
> I'm stymied; dig localhost works. :-(
> 
> Any clues?

Apache is chrooted so it has no access to /etc/hosts and /etc/resolv.conf.
Try changing all ``localhost'' references to ``127.0.0.1'' in the CGI.

-Ray-

Re: auto-adding bad hosts to a table

[Ray Lai]

On Wed, Feb 22, 2006 at 04:48:19PM -0500, Daniel Ouellet wrote:
> Ray Lai wrote:
> >I thought you meant you could do something like:
> >
> > block in log-table  to port 25
> >
> >where  is updated automatically.
> 
> If you read on the PF and look at what I send you, you will see that 
>  IS updated automatically.
> 
> That's what the line:
> 
> (max-src-conn-rate 5/30, overload  flush global)
> 
> does. After 5 connection in 30 seconds, the IP address is put 
> automatically into the table  and flush global remove any state 
> in the PF table.
> 
> Just adjust the max-src-conn-rate 5/30 for what you want.
> 
> Hope this make it more clear.

Ah, neat.

-Ray-

Re: auto-adding bad hosts to a table

[Ray Lai]

On Wed, Feb 22, 2006 at 04:17:35PM -0500, Daniel Ouellet wrote:
> Ray Lai wrote:
> >On Wed, Feb 22, 2006 at 03:31:41PM -0500, Daniel Ouellet wrote:
> >>Chris Smith wrote:
> >>>In addition to preventing infected PC's from using their own SMTP engine 
> >>>to send out spam by blocking port 25 from all but the mail server. I 
> >>>would also like to add those hosts automatically to a table in order to 
> >>>block their access altogether so that the infected PC's cannot attempt 
> >>>other damage. How can this be accomplished?
> >>>
> >>You can use PF for that.
> >>
> >>pass connection from any to your smtp server and block everything else 
> >>to port 25 with log into a table. You also use that table to block all 
> >>outgoing connections.
> >
> >Can you really log into a table?  I don't see anything in pf.conf(5)
> >for that.
> 
> Why not?
> 
> spamd use it and you can do many things.
> 
> I use something like this for example to limit the connection to ssh. 
> Just reverse it to limit connection to smtp instead. And then instead of 
> blocking the users in the table to the port ssh only, block all.
> 
> Just play with it, it's fun! (:>
> 
> I use different rules to trap various virus for example. Very efficient!
> 
> 
> # define macros for each network interface
> ext_if="fxp0"
> 
> 
> # Define some variable for clarity
> SSH_LIMIT="(max-src-conn-rate 5/30, overload  flush global)"
> 
> 
> # Table directive
> table  persist file "/var/log/bad_ssh"
> 
> 
> # Allow quick valid traffic to ssh but log all attempts as well
> block return-rst log quick proto tcp from  label "ssh-pirate"
> pass in log quick on $ext_if inet proto tcp from ! \
>to $ext_if port ssh flags S/SA keep state \
>$SSH_LIMIT label "ssh"
> 
> 
> 
> Then you add a cronjob to update your file /var/log/bad_ssh once a day 
> or something in case you patch your box and reboot as to not loose the 
> list. Or you can flush it every 24 hours as well, your choice really if 
> you want to be more forgiving.

I thought you meant you could do something like:

block in log-table  to port 25

where  is updated automatically.

-Ray-

Re: auto-adding bad hosts to a table

[Ray Lai]

On Wed, Feb 22, 2006 at 03:31:41PM -0500, Daniel Ouellet wrote:
> Chris Smith wrote:
> >In addition to preventing infected PC's from using their own SMTP engine 
> >to send out spam by blocking port 25 from all but the mail server. I 
> >would also like to add those hosts automatically to a table in order to 
> >block their access altogether so that the infected PC's cannot attempt 
> >other damage. How can this be accomplished?
> >
> 
> You can use PF for that.
> 
> pass connection from any to your smtp server and block everything else 
> to port 25 with log into a table. You also use that table to block all 
> outgoing connections.

Can you really log into a table?  I don't see anything in pf.conf(5)
for that.

-Ray-

Re: auto-adding bad hosts to a table

[Ray Lai]

On Wed, Feb 22, 2006 at 02:47:02PM -0500, Chris Smith wrote:
> In addition to preventing infected PC's from using their own SMTP engine 
> to send out spam by blocking port 25 from all but the mail server. I 
> would also like to add those hosts automatically to a table in order to 
> block their access altogether so that the infected PC's cannot attempt 
> other damage. How can this be accomplished?

Do ``block in log on port 25'' and listen to pflog0 to add bad
hosts.  Basically the opposite of spamlogd(8).

-Ray-

Re: filesystem full problem

[Ray Lai]

On Fri, Feb 17, 2006 at 02:54:43PM +0100, Adam Papai wrote:
> Hello list,
> 
> I've run into a problem.
> 
> My /var reached the 105% disk usage. I've deleted 1.5G from /var but the
> df shows me still 2Gb.
> 
> du -csh /var shows 38M
> 
> What can I do? I tried: sync but nothin happens. The programs can't write
> to /var so it intiditaces a little deffect..
> 
> What's the solution? Only the reboot?

There is probably a program that is running with an open file handle.
Whichever program caused your /var to be filled up is probably still
growing that file, so you have to close it.  Try fstat(1).

-Ray-

Re: "iwlist scan" equivalent command under OpenBSD

[Ray Lai]

On Thu, Feb 16, 2006 at 05:17:30PM +0100, Ramiro Aceves wrote:
> Hi OpenBSD fans.
> 
> I have been googling around and have not been able to solve this
> question. ?How can one discover what wireless networks are available
> under OpenBSD?
> I am used to the "iwlist scan eth0" under Linux, and I hate to halt
> OpenBSD and boot Linux only to discover the networks, then come back
> and start OpenBSD again to continue the configuration. What is the
> OpenBSD equivalent to Linux "iwlist"?
> 
> Anyway, my Intel 2200 card is recogniced very well under OpenBSD with
> "iwi" driver.
> 
> Thank you very much in advance.

I usually use the kismet package, but I think you can do ``ifconfig -M''
as well.

-Ray-

Re: xargs PF or BPF

[Ray Lai]

On Tue, Feb 14, 2006 at 11:39:45AM +0100, Otto Moerbeek wrote:
> On Tue, 14 Feb 2006, Michael Schmidt wrote:
> 
> > Matthias Kilian wrote:
> > 
> > > And watch out for silly file names containing whitespace.
> > > 
> > > BTW: if this is a contest on creative use of find(1) and other
> > > standard tools:
> > > 
> > > $ find . -type f | sed '[EMAIL PROTECTED]@grep -l -- foo @' | sh
> > > 
> > > Yes, this isn't robust against whitespace, either PLUS it's
> > > inefficient. But in some cases the find ... | sed ... | sh pattern
> > > is quite useful.
> > >  
> > 
> > Sometime ago I have had the same problem with spaces in filenames and 
> > dealing
> > with them as xargs parameters. There I have used (here only as an example):
> > 
> > find . -print | grep -i ' ' | xargs -I {} ls -ald {}
> > 
> > FYI, that has been on a non-OpenBSD system.
> > I4m not at my OpenBSD system at the moment, so I can4t check whether OpenBSD
> > xargs supports the shown options. Maybe someone may test it.
> > 
> > One may check this at a directory with space-containing filenames.
> > Without the "-I {}" and "{}" parts you get funny output.
> > 
> 
> Well, -print0 in find and xargs -0 are designed to deal with that.
> Sadly these are not in POSIX (which is not documented correctly in the
> xargs case).

Does this diff fix it?  (I also added a comma after the last -R.)

-Ray-

Index: xargs.1
===
RCS file: /cvs/src/usr.bin/xargs/xargs.1,v
retrieving revision 1.15
diff -u -r1.15 xargs.1
--- xargs.1 12 Sep 2005 09:44:59 -  1.15
+++ xargs.1 14 Feb 2006 13:37:48 -
@@ -316,7 +316,8 @@
 .St -p1003.2
 compliant.
 The
-.Fl J , o , P , R
+.Fl 0 , J , o , P ,
+.Fl R ,
 and
 .Fl r
 options are non-standard

Re: Interface ranges in pf.conf (i.e. tun[0-10])

[Ray Lai]

On Mon, Feb 13, 2006 at 11:13:17PM -0500, Ray Lai wrote:
> On Tue, Feb 14, 2006 at 04:26:29AM +0100, Tobias Ulmer wrote:
> > On Mon, Feb 13, 2006 at 09:28:12PM -0500, kyle wrote:
> > > Im having trouble finding out if(I'm sure it does) the pf.conf supports
> > > interface ranges and how to implement it. Right now, I have an ugly rule
> > > that specifies each interface(tun0, tun1, tun2, etc..). If I somehow 
> > > missed
> > > this in some documentation, please feel free to tell me to STFA or RTFM -
> > > but I have checked both the past week and haven't found anything. I also
> > > don't have the luxury to just try it out at the moment..Any help is
> > > appreciated - thanks!
> > 
> > I don't know if this works with regular rules, but there is a recent 
> > post from Ray Lai where he points out that it's possible to use just 
> > interface instead of interface[0-n] [1].
> 
> Wow, I'm referenced. =)
> 
> > I didn't find this documented in pf.conf(5), but maybe I just should get 
> > some sleep...
> 
> They are called ``interface groups'', and there are several of them.
> ifconfig(8) can show some groups:

And is the post by Henning:

https://marc.theaimsgroup.com/?m=111894940807554

-Ray-

Re: Interface ranges in pf.conf (i.e. tun[0-10])

[Ray Lai]

On Tue, Feb 14, 2006 at 04:26:29AM +0100, Tobias Ulmer wrote:
> On Mon, Feb 13, 2006 at 09:28:12PM -0500, kyle wrote:
> > Im having trouble finding out if(I'm sure it does) the pf.conf supports
> > interface ranges and how to implement it. Right now, I have an ugly rule
> > that specifies each interface(tun0, tun1, tun2, etc..). If I somehow missed
> > this in some documentation, please feel free to tell me to STFA or RTFM -
> > but I have checked both the past week and haven't found anything. I also
> > don't have the luxury to just try it out at the moment..Any help is
> > appreciated - thanks!
> 
> I don't know if this works with regular rules, but there is a recent 
> post from Ray Lai where he points out that it's possible to use just 
> interface instead of interface[0-n] [1].

Wow, I'm referenced. =)

> I didn't find this documented in pf.conf(5), but maybe I just should get 
> some sleep...

They are called ``interface groups'', and there are several of them.
ifconfig(8) can show some groups:

lo0: flags=8049 mtu 33224
groups: lo 
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet 127.0.0.1 netmask 0xff00 
em0: flags=8843 mtu 1500
lladdr 00:0a:e4:34:0c:ed
media: Ethernet autoselect
status: no carrier
inet6 fe80::20a:e4ff:fe34:ced%em0 prefixlen 64 scopeid 0x1
wi0: flags=8843 mtu 1358
lladdr 58:de:ad:5a:d7:ab
groups: egress 
media: IEEE802.11 autoselect adhoc (DS11)
status: active
ieee80211: nwid hyperbl0ck chan 9 -10dBm (auto) 
inet6 fe80::20a:e4ff:fe34:ced%wi0 prefixlen 64 scopeid 0x2
inet 192.168.1.4 netmask 0xff00 broadcast 192.168.1.255
pflog0: flags=141 mtu 33224
pfsync0: flags=0<> mtu 1460
enc0: flags=0<> mtu 1536

In this example ifconfig(8) shows that I have groups ``lo'' and
``egress'', so in the pf.conf you can stick an interface group
(almost?) anywhere you can stick an interface.  (Actually there's
a missing interface group in this example: ``enc''.  I'm not sure
if it's a bug in ifconfig(8).)  You can also add your own groups
using ifconfig(8).

pf.conf(5) doesn't describe interface groups, but you can find a
description in ifconfig(8) under ``group''.

-Ray-

Re: PF or BPF

[Ray Lai]

On Mon, Feb 13, 2006 at 05:28:22PM -0500, Jason Crawford wrote:
> Well in the case of /usr/src, I think you must MIGHT hit the maximum
> argument length for the shell by using xargs, unless you did it inside
> of each directory in /usr/src. That and well, explaining xargs to Dave
> will end up leading to another 20+ mail thread

xargs runs the command multiple times when it hits this limit:

[EMAIL PROTECTED] jot 0 | xargs echo | sed 's/ .*//'
1
5001
10001
15001
20001
25001
^C

The manual tries to describe this behavior:

Any arguments specified on the command line are given to the utility 
upon
each invocation, followed by some number of the arguments read from 
stan-
dard input.  The utility is repeatedly executed one or more times until
standard input is exhausted.

-Ray-

Re: users filling partitions crashing system

[Ray Lai]

On Tue, Feb 07, 2006 at 11:00:41AM +, MikeyG wrote:
> Is there any way to direct cores to be saved somewhere else?
...
> Feb  6 10:36:36 boxname /bsd: WARNING: / was not properly unmounted
> Feb  6 10:37:37 boxname savecore: reboot after panic: trap type 6, 
> code=2, pc=d033737c
> Feb  6 10:37:37 boxname savecore: no dump, not enough free space on device
> Feb  6 13:00:01 boxname syslogd: restart
> Feb  6 17:00:01 boxname syslogd: restart
> Feb  7 10:00:01 boxname syslogd: restart
> 
> And just to check:
> $ swapctl -l
> Device  512-blocks UsedAvail Capacity  Priority
> swap_device10483200  1048320 0%0

You also need enough space in /var/crash to store the core dump.
See crash(8).

-Ray-

Re: pf question - solved

[Ray Lai]

On Thu, Feb 02, 2006 at 05:59:54PM -0500, Dave Feustel wrote:
> I found the solution in the pf faq:  skip lo0.
> This rule is not mentioned in Artymiak's book
> which I had been reading. I will now read the
> complete pf faq to see what I have not been
> aware of.

You can also do ``set skip on lo'' to skip all loopback interfaces
(not that most people have more than one).

-Ray-

Re: Brain wash for live partition, or directory mirroring concept idea(s)?

[Ray Lai]

On Wed, Feb 01, 2006 at 11:37:19PM -0500, Daniel Ouellet wrote:

> This way, continuous live mirroring can be done and no need for cronjob, 
> etc. And this would be much more efficient as well.


https://marc.theaimsgroup.com/?l=openbsd-misc&m=86187916316
https://marc.theaimsgroup.com/?l=openbsd-misc&m=105358689405500

-Ray-

Re: A small patch to make "input" style in license.template consistent

[Ray Lai]

On Sun, Jan 29, 2006 at 12:37:07PM -0300, Andr??s Delfino wrote:
> Or... somehow I changed that word when sending the message. Anyway,
> this is the correct diff:
> 
> --- license.templateTue Jun  3 19:37:00 2003
> +++ license.template.1  Sun Jan 29 12:33:55 2006
> @@ -5,11 +5,14 @@
>  should be separated by a comma, e.g.
>  Copyright (c) 2003, 2004
> 
> +Note that less than and greater than signs below must be removed;
> +they are there for you to enter your own information.
> +
>  If you add extra text to the body of the license, be careful not to
>  add further restrictions.
> 
>  /*
> - * Copyright (c) CCYY YOUR NAME HERE <[EMAIL PROTECTED]>
> + * Copyright (c)   
>   *
>   * Permission to use, copy, modify, and distribute this software for any
>   * purpose with or without fee is hereby granted, provided that the above

1. I think the original was clearer (though I prefer  to CCYY).
   What should I type for , 1984, 84, or Nineteen Eighty-Four?
2. The angle brackets around the e-mail address are lost.
3. ``Copyright (c) CCYY YOUR NAME HERE <[EMAIL PROTECTED]>'' is
   obvious enough and does not need an explanatory note.

-Ray-

Re: Ralink - device timeout

[Ray Lai]

On Mon, Jan 23, 2006 at 01:20:36PM +0100, Joakim Aronius wrote:
> * Jonathan Gray ([EMAIL PROTECTED]) wrote:
> > On Mon, Jan 23, 2006 at 12:36:46PM +0100, Joakim Aronius wrote:
> > > Hi Anders,
> > > 
> > > >From your dmesg:
> > > pcibios0 at bios0: rev 2.1 @ 0xfd7a0/0x860
> > > 
> > > >From RAL(4)
> > > CAVEATS
> > >  PCI ral adapters seem to strictly require a system supporting PCI 
> > > 2.2 or
> > >  greater and will likely not work in systems based on older revisions 
> > > of
> > >  the PCI specification.
> > > 
> > > /jkm
> > 
> > I keep saying this no one listens.
> > The pcibios string does _not_ indicate PCI 2.2 compliance or not.
> > If you have a system that can't deal with the 3V PCI 2.2+ cards
> > and you put a ral in it, it will not post.
> 
> Oh. And how does one know if the system can handle 3V PCI 2.2+
> cards? Any hint in the dmesg or do i need to dig up the mobo
> manual?

Depending on jsg's definition of ``post'' (Power On Self Test or
post in dmesg?) your system will either refuse to boot or won't
show up in the dmesg.  That is, if you have a ral card.

-Ray-

Re: ipv6 tentative address generation

[Ray Lai]

On Tue, Jan 17, 2006 at 01:11:29AM -0600, Travers Buda wrote:
> Ipv6 allows for stateless configuration of a interface. The IEEE (aka 
> MAC or hardware address) is generally used to generate tentative 
> addresses which commonly end up being the assigned address provided 
> stateful addressing does not exist on the network (such as DHCP.) This 
> is the case in OpenBSD's import of KAME. 
> 
> Since the same method to generate an IP is used over an over (the host 
> has an unchanging, persistant address,) the traffic generated and 
> recieved by hosts would be open to many forms of analysis not 
> necessairly confined to the computing world. For example, when some is 
> at home, at work; what they access could be more easily tied to them 
> (and the hardware they use,) decreasing anonymity. 
> 
> The problem and solution are outlined in RFC 3041. 
> http://www.ietf.org/rfc/rfc3041.txt
> 
> The solution is to use random data to generate ipv6 stateless addresses. 
> 
> Trying to be productive and not an asshole, 

Is there a question?

If you wish to generate random ipv6 stateless addresses,
``jot -rs: -w%.2x 6 0 255'' and ifconfig(8) work.

-Ray-

Re: which cf wifi card for a Zaurus C3100?

[Ray Lai]

On Mon, Jan 16, 2006 at 05:29:02PM +0100, Maik Kuendig wrote:
> can someone recommend a CF WiFi card for a Zaurus C3100?
> 
> My dealer has the following cards available:
>   - D-Link DCF-660W
>   - Linksys WCF12-EU

I use a Linksys WCF12 (no ``-EU'', bought in the US).  Works great.

-Ray-

Re: Linksys WMP55AG (ath0) Not Finding Wireless Network

[Ray Lai]

On Thu, Jan 12, 2006 at 10:55:35PM -0700, Theo de Raadt wrote:
> > Some AR5212 chips seem to have problems, even though they are
> > detected by OpenBSD.  I read something about newer firmwares?
> 
> The atheros chips do not use firmware.

Please ignore my ignorance, I meant PHY:

http://www.monkey.org/openbsd/archive2/misc/200507/msg00564.html

-Ray-

Re: Linksys WMP55AG (ath0) Not Finding Wireless Network

[Ray Lai]

Some AR5212 chips seem to have problems, even though they are
detected by OpenBSD.  I read something about newer firmwares?  Try
searching the archives.  One person recently reported having success
by setting COUNTRYCODE to "de" and rebuilding his kernel; it didn't
work for me but I guess it's worth a shot.

Good luck.

As this is not a tech@ topic I've moved it back to [EMAIL PROTECTED]

-Ray-

On Thu, Jan 12, 2006 at 11:24:41PM -0500, [EMAIL PROTECTED] wrote:
> I apologize for the cross-post, but since this has gone unanswered on 
> misc@ for 3+ days, I figured that it was unlikely to ever get a 
> response there.
> 
> 
> 
> Hello All,
> 
> I've got a Linksys WMP55AG that's refusing to see my wireless network. While
> it's entirely possible that I've misconfigured it, given other somewhat 
> recent
> posts I've seen about problems with ath devices (i.e.
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=113166150212987&w=2), I 
> figure
> it's also possible that there's some sort of a driver bug, which I'd like to
> help fix if it exists.
> 
> My setup should be relatively straightforward: I've got a 3.7-stable system
> running a National Datacomm NCP130 as an access point. Its relevant info is:
> 
> dmesg:
> wi0 at pci0 dev 12 function 0 "National Datacomm Corp NCP130 Rev A2" 
> rev 0x01: irq 9
> wi0: PRISM2 HWB3163 rev.B, Firmware 0.3.0 (primary), 1.7.1 (station), 
> address
> 00:80:c6:e3:72:2c
> 
> wicontrol wi0 output:
> NIC serial number:  [ 99SA0100 ]
> Station name:   [ WaveLAN/IEEE node ]
> SSID for IBSS creation: [ kirknet ]
> Current netname (SSID): [ kirknet ]
> Desired netname (SSID): [ kirknet ]
> Current BSSID:  [ 00:80:c6:e3:72:2c ]
> Channel list:   [ 2047 ]
> IBSS channel:   [ 3 ]
> Current channel:[ 3 ]
> Comms quality/signal/noise: [ 0 81 27 ]
> Promiscuous mode:   [ Off ]
> Process 802.11b Frame:  [ Off ]
> Port type (1=BSS, 3=ad-hoc, 6=Host AP): [ 6 ]
> MAC address:[ 00:80:c6:e3:72:2c ]
> TX rate (selection):[ 3 ]
> TX rate (actual speed): [ 2 ]
> Maximum data length:[ 2304 ]
> RTS/CTS handshake threshold:[ 2347 ]
> Create IBSS:[ Off ]
> Antenna diversity (0=auto,1=pri,2=aux): [ ]
> Microwave oven robustness:  [ On ]
> Roaming mode(1=firm,3=disable): [ 1 ]
> Access point density:   [ 1 ]
> Power Management:   [ Off ]
> Max sleep time: [ 100 ]
> Enhanced Security mode: [ 0 ]
> Intersil Prism2-based card: [ 1 ]
> Card info:  [ PRISM2 HWB3163 rev.B, 
> Firmware 1.7.1 ]
> Encryption: [ On ]
> Encryption algorithm:   [ Firmware WEP ]
> Authentication type
> (1=OpenSys, 2=Shared Key):  [ 2 ]
> TX encryption key:  [ 1 ]
> Encryption keys:[  ][  ][  ][  ]
> 
> ifconfig:
> wi0: flags=8843 mtu 1500
> address: 00:80:c6:e3:72:2c
> ieee80211: nwid kirknet nwkey  -11dBm (auto)
> media: IEEE802.11 autoselect hostap (DS2)
> status: active
> inet 192.168.1.42 netmask 0xff00 broadcast 192.168.1.255
> inet6 fe80::280:c6ff:fee3:722c%wi0 prefixlen 64 scopeid 0x3
> 
> Several clients with different OSes connect to this AP without hassle, 
> including
> WinXP SP2, OS X 10.2.8, and Ubuntu's 5.10 release (a 2.6.12 Linux kernel), 
> so
> clearly the access point is working.
> 
> My client with the Linksys card shows the following from dmesg:
> 
> ath0 at pci1 dev 10 function 0 "Atheros AR5212" rev 0x01: irq 11
> ath0: AR5213 5.6 phy 4.1 rf5111 1.7 rf2111 2.3, FCC1A, address 
> 00:0c:41:16:cb:d4
> 
> Going along with "man ath", I figured I could just run "ifconfig ath0 nwid
> kirknet nwkey " and be good to go. After doing so, I can see that 
> the
> card has picked up the right AP and channel; unfortunately, however, it 
> thinks
> it's not connected to the network:
> 
> ath0: flags=8863 mtu 1500
> lladdr 00:0c:41:16:cb:d4
> media: IEEE802.11 autoselect mode 11b (DS1 mode 11b)
> status: no network
> ieee80211: nwid kirknet chan 3 bssid 00:80:c6:e3:72:2c nwkey  key>
> inet 192.168.1.101 netmask 0xff00 broadcast 192.168.1.255
> inet6 fe80::20c:41ff:fe16:cbd4%ath0 prefixlen 64 scopeid 0x2
> 
> What's particularly strange is the output of "wicontrol wi0 -l" on the 
> access point:
> 
> 00:04:23:4b:38:fd  asid=02d0, flags=3,
> caps=31, rates=f<1M,2M,5.5M,11M>, sig=35/14
> 00:30:65:11:35:b0  asid=0140, flags=3, caps=11,
> rates=f<1M,2M,5.5M,11M>, sig=45/13
> 00:0c:41:16:cb:d4  asid=0620, flags=0<>, c

Re: MAXNAMLEN, NAME_MAX, FILENAME_MAX Plus One or Not?

[Ray Lai]

On Sat, Jan 07, 2006 at 12:11:32AM +0100, Otto Moerbeek wrote:
> 
> On Fri, 6 Jan 2006, Ray Lai wrote:
> 
> > What are the proper uses of MAXNAMLEN, NAME_MAX, and FILENAME_MAX?
> > Do they represent filenames with or without paths?  Do they include
> > the terminating null or not?  The source seems inconsistent:
> 
> Posix says: "{NAME_MAX} Maximum number of bytes in a filename (not
> including terminating null).  Minimum Acceptable Value:
> {_POSIX_NAME_MAX}"
> 
> The other two are non-posix:
> 
> MAXNAMLEN is file name length, not a path, excluding the NUL byte.
> 
> FILENAME_MAX is from ANSI C, in practise it's value is equal to the
> posix PATH_MAX, which is the maximum length of a path name _including_
> NUL.
> 
> In practice, a lot of unix programs use MAXPATHLEN, which is in
> general equal to the posix PATH_MAX.

I keep forgetting to, but thanks to everybody for answering my
questions.

-Ray-

MAXNAMLEN, NAME_MAX, FILENAME_MAX Plus One or Not?

[Ray Lai]

What are the proper uses of MAXNAMLEN, NAME_MAX, and FILENAME_MAX?
Do they represent filenames with or without paths?  Do they include
the terminating null or not?  The source seems inconsistent:

[EMAIL PROTECTED]/usr/src] egrep -R '(MAXNAMLEN|NAME_MAX) ?\+ ?1' .
./bin/csh/file.c:Charname[MAXNAMLEN + 1], extended_name[MAXNAMLEN + 1];
./games/hunt/huntd/conf.c:  char nm[MAXNAMLEN + 1];
./gnu/egcs/gcc/config/winnt/dirent.h:char   d_name[MAXNAMLEN + 1];
./gnu/usr.bin/cvs/contrib/dirfns.shar:X chard_name[MAXNAMLEN + 1];  /* name 
must be no longer than this */
./gnu/usr.bin/cvs/contrib/dirfns.shar:X chard_name[MAXNAMLEN + 1];  /* name 
must be no longer than this */
./gnu/usr.bin/cvs/contrib/dirfns.shar:X((sizeof (struct direct) - 
(MAXNAMLEN+1)) + (((dp)->d_namlen+1 + 3) &~ 3))
./gnu/usr.bin/cvs/vms/ndir.h:   chard_name[MAXNAMLEN+1];/* name 
of file */
./gnu/usr.bin/cvs/windows-NT/ndir.h:  char d_name[MAXNAMLEN + 1];   /* 
garentee null termination */
./gnu/usr.bin/gcc/gcc/config/i386/xm-djgpp.h:  static char 
fixed_path[FILENAME_MAX + 1];\
./gnu/usr.bin/lynx/WWW/Library/Implementation/HTVMSUtils.c: char
d_name[255+1];  /* name (up to MAXNAMLEN + 1) */
./gnu/usr.bin/lynx/WWW/Library/Implementation/HTVMSUtils.c: * at least 
MAXNAMLEN + 1 (more may be added for padding).
./gnu/usr.bin/lynx/WWW/Library/Implementation/HTVMSUtils.c: 
(((sizeof(struct dirent) - (MAXNAMLEN+1) + ((dp)->d_namlen+1)) +3) & ~3)
./gnu/usr.bin/perl/doio.c:char newname[FILENAME_MAX+1];
./lib/csu/common.h:char __progname_storage[NAME_MAX+1];
./lib/csu/alpha/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/amd64/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/arm/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/hppa/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/i386/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/powerpc/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/sparc/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/sparc64/crt0.c:char   __progname_storage[NAME_MAX+1];
./lib/csu/hppa64/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/libc/gen/authenticate.c:  char namebuf[MAXLOGNAME + 1 + NAME_MAX + 1];
./lib/libc/gen/authenticate.c:  char namebuf[MAXLOGNAME + 1 + NAME_MAX + 1];
./lib/libc/gen/getcwd.c:if (bup + 3  + MAXNAMLEN + 1 >= eup) {
./lib/libc/sys/getdirentries.2:char d_name[MAXNAMLEN + 1]; /* see below */
./lib/libc/sys/.#getdirentries.2.1.19:char  d_name[MAXNAMLEN + 1]; /* see 
below */
./lib/libc/time/localtime.c:(2 * (MY_TZNAME_MAX + 
1)))];
./lib/libssl/src/crypto/dso/dso_vms.c:  char filename[FILENAME_MAX+1];
./lib/libssl/src/crypto/dso/dso_vms.c:  char imagename[FILENAME_MAX+1];
./sbin/newfs/mkfs.c:u_char  d_name[MAXNAMLEN + 1];
./share/man/man5/dir.5: chard_name[MAXNAMLEN + 1];  /* maximum name length 
*/
./sys/compat/ibcs2/ibcs2_dirent.h:  chard_name[IBCS2_MAXNAMLEN 
+ 1];
./sys/compat/linux/linux_dirent.h:  chard_name[LINUX_MAXNAMLEN 
+ 1];
./sys/compat/linux/linux_dirent.h:  chard_name[LINUX_MAXNAMLEN 
+ 1];
./sys/compat/linux/linux_getcwd.c:#define DIRENT_MINSIZE (sizeof(struct dirent) 
- (LINUX_MAXNAMLEN+1) + 4)
./sys/compat/netbsd/netbsd_getcwd.c:#define DIRENT_MINSIZE (sizeof(struct 
dirent) - (MAXNAMLEN+1) + 4)
./sys/compat/sunos/sunos_dirent.h:  chard_name[SUNOS_MAXNAMLEN 
+ 1];
./sys/compat/svr4/svr4_dirent.h:chard_name[SVR4_MAXNAMLEN + 
1];
./sys/compat/svr4/svr4_dirent.h:chard_name[SVR4_MAXNAMLEN + 
1];
./sys/isofs/udf/udf_vnops.c:((sizeof (struct dirent) - (MAXNAMLEN+1)) + 
(((dp)->d_namlen+1 + 3) &~ 3))
./sys/nfs/nfs_vnops.c:#define   NFS_DIRHDSIZ(sizeof (struct nfs_dirent) - 
(MAXNAMLEN + 1))
./sys/stand/ls.c:   if (((DP *)dp)->d_namlen > MAXNAMLEN+1) 
{
./sys/sys/dir.h:((sizeof (struct direct) - (MAXNAMLEN+1)) + 
(((dp)->d_namlen+1 + 3) &~ 3))
./sys/sys/dirent.h: chard_name[MAXNAMLEN + 1];  /* name must be no 
longer than this */
./sys/sys/dirent.h:((sizeof (struct dirent) - (MAXNAMLEN+1)) + 
(((dp)->d_namlen+1 + 3) &~ 3))
./sys/ufs/ufs/dir.h:char  d_name[MAXNAMLEN + 1];/* name with length <= 
MAXNAMLEN */
./sys/ufs/ufs/dir.h:((sizeof(struct direct) - (MAXNAMLEN+1)) + 
(((dp)->d_type+1 + 3) &~ 3)) : \
./sys/ufs/ufs/dir.h:((sizeof(struct direct) - (MAXNAMLEN+1)) + 
(((dp)->d_namlen+1 + 3) &~ 3)))
./sys/ufs/ufs/dir.h:((sizeof(struct direct) - (MAXNAMLEN+1)) + 
(((dp)->d_namlen+1 + 3) &~ 3))
./sys/ufs/ufs/dirhash.h:#define DH_NFSTATS  (DIRECTSIZ(MAXNAMLEN + 1) / 
DIRALIGN)
./sys/xfs/xfs_node-bsd.c:char name[MAXNAMLEN + 1];
./usr.bin/ar/archive.h: char name[MAXNAMLEN + 1];   /* name */
./usr.bin/ctags/tree.c: charnbuf[1+MAXNAMLEN+1];
./usr.bin/less/lsystem.c:   char cwd[FILENAME_MAX+1];
./usr.bin/patch/patch.c:st

How Do I Get snprintf(3) to Return -1?

[Ray Lai]

According to printf(3):

snprintf() and vsnprintf() will write at most size-1 of the characters
printed into the output string (the size'th character then gets the ter-
minating `\0'); if the return value is greater than or equal to the size
argument, the string was too short and some of the printed characters
were discarded.  If size is zero, str may be a null pointer and no char-
acters will be written; the number of bytes that would have been written
excluding the terminating `\0' byte, or -1 on error, will be returned.

and:

The snprintf() and vsnprintf() functions return the number of characters
that would have been output if the size were unlimited (again, not
including the final `\0').  If an output or encoding error occurs, a 
val-
ue of -1 is returned instead.

I'm having trouble making snprintf return -1.  I've tried stuff like:

len = snprintf(str, 0, "%.-Z\n", 9);
printf("%d", len);

but that just prints `2'.  Does snprintf ever return -1?

-Ray-

sdiff implementation

[Ray Lai]

Ever since the GNU diffutils were removed from OpenBSD there hasn't
been an sdiff.  So I wrote one and placed it into the public domain.
It can be found at .

This sdiff supports all of GNU sdiff's options and is compatible
with OpenBSD's diff.  All feedback is welcome.

-Ray-

Re: additional features in bsd.rd

[Ray Lai]

On Tue, Nov 22, 2005 at 12:01:05PM +0100, Pete Vickers wrote:
> 1. Get a dmesg output from CD-ROM booted bsd.rd  to my other machine  
> for emailing etc.
>   # dmesg | nc 10.20.30.40 1234
> 
> 2. Get information off a machine, either for backup purposes or data  
> recovery etc.
>   # dd if=/dev/rwd0c | nc 10.20.30.40 1234
> 
> 3. Restore a  'disk image' from above...
>   #  nc -l 1234 | dd of=/dev/rwd0c

Why not just use ftp?

-Ray-

Re: Assigning static device names for USB devices

[Ray Lai]

On Sun, Oct 16, 2005 at 09:00:16PM +0300, Antti Harri wrote:
> I have two USB printers, is there a way to assign
> a fixed device name instead of device name being
> assigned dynamically? If it's not possible at all,
> are there plans to implement it?

If it's not possible at all, how does one go about implementing it?

-Ray-

Re: Webmail recommendations?

[Ray Lai]

On Tue, Oct 04, 2005 at 01:20:24PM -0500, Bob Bostwick (Lists) wrote:
> Not sure if it will run on OBSD or not (haven't had time to try yet...),
> but hands down Zimbra is the best looking web interface out there -
> including Exchange OWA.
> 
> http://www.zimbra.com/

Egads, it's 150 MB!  Just for webmail?  It does look good, though.

-Ray-

> >>-Original Message-
> >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> 
> >>Of Chris
> >>Sent: Saturday, October 01, 2005 5:35 PM
> >>To: misc@openbsd.org
> >>Subject: Webmail recommendations?
> >>
> >>Hello
> >>
> >>I want to setup a OBSD box for my email server.  It will service 
> >>probably about 2 dozen people, but It could conceivably double or more
> 
> >>over the next year or two.
> >>
> >>I was wondering if anyone had any recommendations for an mta, and for 
> >>a webmail program that is easy to use and fully featured for users who
> 
> >>are not so computer savvy.
> >>
> >>I am pretty comfortable with Sendmail, but I hear a lot of people are 
> >>moving more toward postfix (which I know nothing about).
> >>
> >>I am at a loss for a good web interface.
> >>
> >>Anyone care to make any recommendations?
> >>
> >>Thank you.
> >>
> >>
> >>Chris

Re: OpenBSD on IBM X40 ...

[Ray Lai]

On Thu, Sep 29, 2005 at 12:46:26PM +0200, Reyk Floeter wrote:
> hi,
> 
> Waldemar Brodkorb wrote:
> > ... just rocks :}
> > 
> 
> openbsd always rocks ;)
> 
> > Thanks to the developers. I got some minor problems with one of the
> > snapshots (ath0 kernel crash), but this is already fixed in
> > -current. 
> > 
> > thx
> > Waldemar
> 
> which crash exactly? and btw., does your thinkpad wireless led work
> (i haven't test it with x40, i have a t42)?

Doesn't work for me, but then the ath0, while detected, doesn't
actually work.

How are you supposed to turn on the LED, anyway?  Fn-wireless?

-Ray-

Re: Time limited internet connection

[Ray Lai]

On Sun, Sep 25, 2005 at 11:27:05PM +0200, Remy Heiden wrote:
> OR:
> 
> root cron job:
> 
> 11pm: pfctl -f /etc/pf.conf-night
> 6am: pfctl -f pf.conf-day

Until the kid learns, "Hey, I can reboot daddy's firewall and have
internet access again!"  (Assuming /etc/pf.conf allows it.)

-Ray-

Latest ath changes panics system

[Ray Lai]

On Mon, Sep 19, 2005 at 04:27:09AM -0600, Reyk Floeter wrote:
> CVSROOT:  /cvs
> Module name:  src
> Changes by:   [EMAIL PROTECTED]   2005/09/19 04:27:08
> 
> Modified files:
>   sys/dev/ic : ar5210.c ar5211.c ar5212.c ar5xxx.c ar5xxx.h 
>ath.c 
> 
> Log message:
> don't attach unsupported radio chipsets

Hi,

This seems to have broken my laptop entirely (dmesg at
).

...
ath0 at pci1 dev 2 function 0 "Atheros AR5212" rev 0x01: irq 11
ath: AR5213 5.9 phy 4.3 rf2112a 4.6, WOR4W, address 00:0e:9b:b3:27:d1
uvm_fault(0xd05cd960, 0x4000, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at  ar5k_ar5212_set_gpio_input+0x4d:movl0x4014(%ebx),%e
ax
ddb> trace
ar5k_ar5212_set_gpio_input(d1f81000,3,10,d1f80030,1) at ar5k_ar5212_set_gpio_in
put+0x4d
ath_gpio_attach(d1f8,13,d0596a28,d1f8) at ath_gpio_attach+0x4b
ath_attach(13,d1f8,4,d057aeac) at ath_attach+0x50c
ath_pci_attach(d1f7dec0,d1f8,d06f2cb0,0,0) at ath_pci_attach+0x123
config_attach(d1f7dec0,d057aeac,d06f2cb0,d0360808) at config_attach+0xef
pciattach(d1f7df00,d1f7dec0,d06f2d50,0,d05807e4) at pciattach+0x1c8
config_attach(d1f7df00,d0579fe8,d06f2d50,d03a1cb0,d0547d64) at config_attach+0x
ef
ppbattach(d1f60f40,d1f7df00,d06f2df0,0,0) at ppbattach+0x8e
config_attach(d1f60f40,d057a660,d06f2df0,d0360808) at config_attach+0xef
pciattach(d1f60fc0,d1f60f40,d06f2eb0,0,d0589b98) at pciattach+0x1c8
config_attach(d1f60fc0,d0579fe8,d06f2eb0,d03603d4) at config_attach+0xef
mainbus_attach(0,d1f60fc0,0,0,d06f2f10) at mainbus_attach+0x164
config_attach(0,d0579fc4,0,0,d05cda40) at config_attach+0xef
config_rootfound(d0514cbc,0,d06f2f58,d03373f8) at config_rootfound+0x27
cpu_configure(0,1,3,0,5f6e) at cpu_configure+0x1f
main(0,0,0,0,0) at main+0x339
ddb> ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT   COMMAND
*0 -1  0  0  7 0x80204 swapper
ddb>
...

Following , I have
narrowed down the crash point to line 122 of machine/pio.h:

...
/usr/src/sys/dev/ic/ar5212.c:1933
34ac:   8b 59 14mov0x14(%ecx),%ebx
34af:   ba 03 00 00 00  mov$0x3,%edx
34b4:   8d 0c 00lea(%eax,%eax,1),%ecx
34b7:   d3 e2   shl$cl,$edx
machine/pio.h:122
34b9:   9b 83 14 40 00 00   mov0x4014(%ebx),%eax
/usr/src/sys/dev/ic/ar5212.c:1933
34bf:   f7 d2   not%edx
...

And the actual C file:

...
AR4K_REG_WRITE(AR4K_AR5212_GPIOCR,
(AR5K_REG_READ(AR5K_AR5212_GPIOCR) &~ AR5K_AR5212_GPIOCR_ALL(gpio))
| AR5K_AR5212_GPIOCR_NONE(gpio));
...

I hope I didn't copy anything wrong.  I still have the exact CVS
checkout that I built this kernel with, if it can be of any use.

-Ray-

Re: want to get a zaurus - anybody in japan willing to help?

[Ray Lai]

On Wed, Sep 14, 2005 at 11:33:28PM -0400, Joe . wrote:
> On 9/14/05, Ted Unangst <[EMAIL PROTECTED]> wrote:
> 
> > the fujitsu lifebook p2000 models work (early ones are best; they added
> > acpi or something and dicked up usb in later models from what i've
> > gathered).  p1000 should be the same.  while it's a lot faster than a
> > zaurus, it's nowhere close to what you'd get with a pentium m cpu.
> 
> Someone else recommended those as well and they look pretty excellent!
> The newer ones seem to have a touch screen on some models as well - is
> there any chance that is supported?

The touch screen isn't supported on my P-1035.

> Also how is the battery life? Thanks for the feedback!

The battery life is decent, but my ThinkPad X40 + 8 cell battery
has much better battery life.  Sorry, no numbers.

There are several reasons why I decided to replace my P-1035 with the X40:
 - Screen size: While it was nice at first to be able to carry my
   laptop all over without having much bulk, the screen is really
   difficult to look at after a while.   Everything is too small,
   and the 1024x600 resolution meant that not everything fit on the
   screen.  And while the screen size reduces the length and width
   of the laptop, the extra depth (1.5 inches versus today's < 1
   inch laptops) is noticable.
 - Speed: I'm not sure what exactly causes its slowness, but I don't
   think it's purely the CPU's fault.  My old Dell Inspiron 3500
   Celeron 400 felt faster.  It also doesn't help to have only
   128 MB ram, non-upgradable.  (The newer models probably have
   more.)
 - Mouse: The eraser head is really small and not nearly as nice
   as the nice, wide, grippy ones the ThinkPads have.  They also
   wear out into a very smooth ball-bearing after a while, making
   using a mouse rather unpleasant.
 - Keyboard: Page Up/Down, two rather important keys for web browsing,
   are Fn-Up/Down combinations.  The right shift and the / keys are
   swapped, making typing paths very tedious.
 - Battery Life: Okay, this is something I discovered after getting
   the X40: the battery life while doing a make build, surfing
   the web using tor on a 802.11g USB (seems to) exceed that of the
   P-1035 while doing simple editing/compiling cycles.  Then again,
   the battery for the P-1035 is much older (by two, three years)
   so it might have just worn out.

On the other hand, hardware support on OpenBSD is pretty good.  The
builtin 802.11b card works perfectly, the USB works perfectly (until
you suspend and resume, at which point any USB device attached will
cause a panic), suspend + resume works, cardbus works, X works.

My girlfriend has the P-2000 and aside from the screen, which is
marginally more comfortable to use (larger and higher resolution),
the same issues apply.  Plus it's noticably heavier than the P-1035.

I've heard reports that all Transmeta CPUs are slow.  I'm not sure
if it's to the extent that I've suffered, or if Fujitsus are
exceptionally slow.  I would be wary of Transmeta CPUs in general
and definitely try them out before buying one.

Sorry, I definitely do not recommend getting any Fujitsu Lifebook
+ Transmeta CPU laptops.

-Ray-

Trouble with ath

[Ray Lai]

Hi,

I'm having trouble with the atheros minipci card that came with my
ThinkPad X40.  It worked fine in Windows XP, but in OpenBSD nothing
but pings go through (and even those are a bit lossy).  For example,
here is one ping session:

[EMAIL PROTECTED] ping -s 1500 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 1500 data bytes
1508 bytes from 192.168.2.1: icmp_seq=0 ttl=255 time=4.319 ms
1508 bytes from 192.168.2.1: icmp_seq=3 ttl=255 time=4.371 ms
1508 bytes from 192.168.2.1: icmp_seq=4 ttl=255 time=4.324 ms
1508 bytes from 192.168.2.1: icmp_seq=5 ttl=255 time=4.270 ms
1508 bytes from 192.168.2.1: icmp_seq=6 ttl=255 time=4.691 ms
1508 bytes from 192.168.2.1: icmp_seq=7 ttl=255 time=4.594 ms
1508 bytes from 192.168.2.1: icmp_seq=8 ttl=255 time=4.814 ms
--- 192.168.2.1 ping statistics ---
9 packets transmitted, 7 packets received, 22.2% packet loss
round-trip min/avg/max/std-dev = 4.270/4.483/4.814/0.204 ms

ssh has connected maybe once, and the connection was very spotty.  Here is a 
failed attempt:

[EMAIL PROTECTED] sudo tcpdump -tttnei ath0 host 192.168.2.3
tcpdump: listening on ath0, link-type EN10MB
Sep 13 23:21:16.323091 0:e:9b:b3:27:d1 0:12:17:63:80:d6 0800 78: 
192.168.2.3.40181 > 192.168.2.1.22: S 2466529590:2466529590(0) win 16384  (DF)
Sep 13 23:21:16.324008 0:12:17:63:80:d6 0:e:9b:b3:27:d1 0800 78: 192.168.2.1.22 
> 192.168.2.3.40181: S 3357299196:3357299196(0) ack 2466529591 win 16384 
Sep 13 23:21:16.324047 0:e:9b:b3:27:d1 0:12:17:63:80:d6 0800 66: 
192.168.2.3.40181 > 192.168.2.1.22: . ack 1 win 16384  (DF)
Sep 13 23:21:16.366656 0:12:17:63:80:d6 0:e:9b:b3:27:d1 0800 87: 192.168.2.1.22 
> 192.168.2.3.40181: P 1:22(21) ack 1 win 17376 
Sep 13 23:21:16.366897 0:e:9b:b3:27:d1 0:12:17:63:80:d6 0800 86: 
192.168.2.3.40181 > 192.168.2.1.22: P 1:21(20) ack 22 win 16384 
 (DF)
Sep 13 23:21:17.866222 0:e:9b:b3:27:d1 0:12:17:63:80:d6 0800 798: 
192.168.2.3.40181 > 192.168.2.1.22: P 1:733(732) ack 22 win 16384 
 (DF)
Sep 13 23:21:20.866224 0:e:9b:b3:27:d1 0:12:17:63:80:d6 0800 798: 
192.168.2.3.40181 > 192.168.2.1.22: P 1:733(732) ack 22 win 16384 
 (DF)
Sep 13 23:21:26.866224 0:e:9b:b3:27:d1 0:12:17:63:80:d6 0800 798: 
192.168.2.3.40181 > 192.168.2.1.22: P 1:733(732) ack 22 win 16384 

Sep 13 23:21:38.866228 0:e:9b:b3:27:d1 0:12:17:63:80:d6 0800 798: 
192.168.2.3.40181 > 192.168.2.1.22: P 1:733(732) ack 22 win 16384 

Sep 13 23:22:02.866228 0:e:9b:b3:27:d1 0:12:17:63:80:d6 0800 798: 
192.168.2.3.40181 > 192.168.2.1.22: P 1:733(732) ack 22 win 16384 

Sep 13 23:22:50.866232 0:e:9b:b3:27:d1 0:12:17:63:80:d6 0800 798: 
192.168.2.3.40181 > 192.168.2.1.22: P 1:733(732) ack 22 win 16384 

Sep 13 23:22:50.891957 0:12:17:63:80:d6 0:e:9b:b3:27:d1 0800 66: 192.168.2.1.22 
> 192.168.2.3.40181: . ack 733 win 17376 
Sep 13 23:23:16.366395 0:12:17:63:80:d6 0:e:9b:b3:27:d1 0800 66: 192.168.2.1.22 
> 192.168.2.3.40181: F 702:702(0) ack 733 win 17376 
Sep 13 23:23:16.366434 0:e:9b:b3:27:d1 0:12:17:63:80:d6 0800 78: 
192.168.2.3.40181 > 192.168.2.1.22: . ack 22 win 16384 
Sep 13 23:24:46.259978 0:12:17:63:80:d6 0:e:9b:b3:27:d1 0800 54: 192.168.2.1.22 
> 192.168.2.3.19022: R 2616010305:2616010305(0) ack 2719100266 win 0

The ath0 in question:

[EMAIL PROTECTED] ifconfig ath0
ath0: flags=8963 mtu 
1500
lladdr 00:0e:9b:b3:27:d1
media: IEEE802.11 autoselect (DS11 mode 11b)
status: active
ieee80211: nwid JenJen chan 3 bssid 00:12:17:63:80:d6 
inet6 fe80::20e:9bff:feb3:27d1%ath0 prefixlen 64 scopeid 0x2
inet 192.168.2.3 netmask 0xff00 broadcast 192.168.2.255

A working ural0:

[EMAIL PROTECTED] ifconfig ural0
ural0: flags=8843 mtu 1500
lladdr 00:11:95:eb:05:0a
media: IEEE802.11 autoselect (DS1)
status: active
ieee80211: nwid JenJen chan 3 bssid 00:12:17:63:80:d6 100dBm 
inet 192.168.2.4 netmask 0xff00 broadcast 192.168.2.255
inet6 fe80::211:95ff:feeb:50a%ural0 prefixlen 64 scopeid 0x9

Anybody else have this problem?

-Ray-

dmesg:
OpenBSD 3.8-current (GENERIC) #0: Sat Sep 10 15:34:26 EDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.50GHz ("GenuineIntel" 686-class) 598 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 600 MHz (988 mV): speeds: 1500, 1200, 1000, 800, 600 
MHz
real mem  = 1600626688 (1563112K)
avail mem = 1453158400 (1419100K)
using 4278 buffers containing 80134144 bytes (78256K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(1c) BIOS, date 06/15/05, BIOS32 rev. 0 @ 0xfd740
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 89%
apm0: AC off, battery charge high, estimated 3:23 hours
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd6d0/0x930
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #2 is the

Re: more 1 than client can use same port from router (for bittorrent)

[Ray Lai]

On Sat, Aug 06, 2005 at 05:19:46PM +0200, Erik Wikstrvm wrote:
> On 2005-08-06 16:48, Vivek Ayer wrote:
> >Hi guys,
> >
> >I was wondering if it was possible to port forward the same port to
> >more than one client behind a router. Currently, my client is the only
> >one using bittorrent behind the router. I have this in /etc/pf.conf:
> >
> >rdr pass on $ext_if proto tcp to port 6881:6889 -> 192.168.0.3 port 
> >6881:6889
> >
> >What do I do if other people on the subnet wanted to use the same
> >ports (6881:6889) to use bittorrent (clients other than 192.168.0.3)?
> >Thanks.
> 
> Sorry, no can do. The other clients would have to use a BT-client where
> they can specify the port(s) to use and forward those to the right one.

Or round-robin redirect to each client and pray.  With so many
connections, it might not even be noticable.

-Ray-

Re: '.' in username

[Ray Lai]

On Wed, Jul 20, 2005 at 08:32:45PM -0700, Tim Hammerquist wrote:
> telnet is still a wonderful tool that I use all the time.
> 
> $ telnet hostname 25
> 
> $ telnet hostname 80
> 
> $ telnet hostname 22
> 
> It's great for testing basic service availability, version strings, or
> even a manual session without a lot of process overhead or connection
> negotiation.

nc(1) is better.

-Ray-

Re: Mirroring data over network with failover?

[Ray Lai]

On Fri, Jul 15, 2005 at 01:53:43PM +0200, Dexter Fillmore wrote:
> Is there any way to mirroring data over network with failover in
> OpenBSD? I mean something like a raid-1 over network. Maybe with CARP
> in some way like it can handle pf with no data lost? Im looking for a
> solution that can handle that servers burns up with no broken and lost
> data for the users.

https://marc.theaimsgroup.com/?l=openbsd-misc&m=86187916316&w=2