Re: Low priority or real coders
On Thu, Sep 14, 2006 at 07:16:24AM -0400, Nick Holland wrote: $ ldd /usr/local/bin/vim /usr/bin/vi /usr/local/bin/vim: StartEnd Type Open Ref GrpRef Name exe 10 0 /usr/local/bin/vim 02be4000 22bf7000 rlib 01 0 /usr/lib/libcurses.so.10.0 00801000 208dd000 rlib 01 0 /usr/local/lib/libiconv.so.4.0 044fd000 24501000 rlib 01 0 /usr/local/lib/libintl.so.3.0 01af5000 21b26000 rlib 01 0 /usr/lib/libc.so.39.3 09814000 09814000 rtld 01 0 /usr/libexec/ld.so ... $ ls -l /usr/local/lib/libiconv.so.4.0 /usr/local/lib/libintl.so.3.0 -r--r--r-- 1 root bin 1005395 Jan 14 2006 /usr/local/lib/libiconv.so.4.0 -r--r--r-- 1 root bin39135 May 7 14:10 /usr/local/lib/libintl.so.3.0 To be fair, you *can* build vim without internationalization support. which would make the libraries used by vim the same as vi. Or, you could make the argument that vi does NOT support internationalization. Although, on my linux box, I can make your point even better: $ ldd `which vim` libncurses.so.5 = /lib/libncurses.so.5 (0x2abc7000) libgpm.so.1 = /lib/libgpm.so.1 (0x2ad22000) libperl.so.1 = /usr/lib/libperl.so.1 (0x2ae28000) libutil.so.1 = /lib/libutil.so.1 (0x2b048000) libc.so.6 = /lib/libc.so.6 (0x2b14b000) libpthread.so.0 = /lib/libpthread.so.0 (0x2b376000) libm.so.6 = /lib/libm.so.6 (0x2b48d000) libdl.so.2 = /lib/libdl.so.2 (0x2b5e2000) libnsl.so.1 = /lib/libnsl.so.1 (0x2b6e6000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x2b7fd000) /lib64/ld-linux-x86-64.so.2 (0x2aaab000) $ ls -lah `which vim` -rwxr-xr-x 1 root root 2.6M Sep 12 01:57 /usr/bin/vim* Oink oink! Matt
Re: struggling with pf
On Sun, Aug 27, 2006 at 05:28:53PM +0100, Stuart Henderson wrote: You didn't mention the OS version; if I can assume you're running an up-to-date OS then you have followed some out-of-date sample Badness on my part: I neglected to mention that I'm still on 3.7. file based on the default /etc/pf.conf (or from scratch) rather than following a non-OpenBSD.org guide. (I know there are plenty That was an openbsd.org guide, just for 3.7 ;) How can I tell which rule is rule 4? # pfctl -sr -vv Cool! Anyway, thanks to all for the help! I've got the 3.9 CDs on order (I actually have 3.8 CDs that I never installed). I'm also going to spend some quality time with the pf.conf manpage (my needs have grown beyond just blindly following the FAQ's example). Thanks again, Matt
struggling with pf
For some reason, I'm not getting it when it comes to pf... Two
things I can't figure out: (1) filtered vs blocked for some TCP
ports and (2) rules for tun0, my vpn interface.
First, my /etc/pf.conf:
int_if = vr1
ext_if = vr0
vpn_if = tun0
tcp_services = { 22 }
udp_services = { 1194 }
priv_nets = { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
set block-policy return
set loginterface $ext_if
scrub in all
scrub out on $ext_if all max-mss 1452
nat on $ext_if from $int_if:network to any - ($ext_if)
#nat on $ext_if from $vpn_if:network to any - ($ext_if)
block log all
pass quick log on lo0 all
#pass quick on { lo, $int_if, $vpn_if }
antispoof quick log for { lo0 $int_if $vpn_if }
block drop in quick log on $ext_if from $priv_nets to any
block drop out quick log on $ext_if from any to $priv_nets
pass in log on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in log on $ext_if inet proto udp from any to ($ext_if) \
port $udp_services keep state
pass in log on $ext_if inet proto tcp from port 20 to ($ext_if) \
user proxy flags S/SA keep state
pass in log on $int_if from $int_if:network to any keep state
pass out log on $int_if from any to $int_if:network keep state
pass in log on $vpn_if from any to any keep state
pass out log on $vpn_if from any to any keep state
pass out log on $ext_if proto tcp all modulate state flags S/SA
pass out log on $ext_if proto { udp, icmp } all keep state
Now, regarding issue (1), if I do a nmap -v -A my obsd box from
another computer, I get this:
...
Interesting ports on my obsd box:
(The 1663 ports scanned but not shown below are in state: closed)
PORT STATESERVICEVERSION
22/tcp open sshOpenSSH 4.1 (protocol 1.99)
25/tcp filtered smtp
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1080/tcp filtered socks
...
Why are all those ports (except 22) filtered instead of closed?
Does one of my pf rules above implicitly allow those ports to be
filtered? I don't use or run any of those services on this box, so
I'd prefer those ports just be closed.
Now, regarding (2), I'm trying to set up OpenVPN. I've got a mostly
default setup (i.e. followed the openvpn HOWTO almost verbatim). I
can establish the VPN tunnel, but cannot ping the obsd box.
So, if I do a tcpdump -n -e -ttt -i pflog0 while trying to ping
the obsd box from the vpn client, I see this:
Aug 26 21:08:49.371324 rule 4/(match) block in on tun0: \
192.168.2.6 192.168.2.1: icmp: echo request (DF)
How can I tell which rule is rule 4?
pfctl -s rules:
0 scrub in all fragment reassemble
1 scrub out on vr0 all max-mss 1452 fragment reassemble
2 block return log all
3 pass log quick on lo0 all
4 block drop in log quick on ! lo0 inet6 from ::1 to any
5 block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any
6 block drop in log quick on ! vr1 inet from 192.168.0.0/16 to any
7 block drop in log quick on vr1 inet6 from fe80::240:63ff:fed9:3f9f \
8 to any
9 block drop in log quick inet from 192.168.1.1 to any
block drop in log quick on ! tun0 inet from 192.168.2.1 to any
block drop in log quick inet from 192.168.2.1 to any
block drop in log quick on vr0 inet from 127.0.0.0/8 to any
block drop in log quick on vr0 inet from 192.168.0.0/16 to any
block drop in log quick on vr0 inet from 172.16.0.0/12 to any
block drop in log quick on vr0 inet from 10.0.0.0/8 to any
block drop out log quick on vr0 inet from any to 127.0.0.0/8
block drop out log quick on vr0 inet from any to 192.168.0.0/16
block drop out log quick on vr0 inet from any to 172.16.0.0/12
block drop out log quick on vr0 inet from any to 10.0.0.0/8
pass in log on vr0 inet proto tcp from any to (vr0) port = ssh flags \
S/SA keep state
pass in log on vr0 inet proto udp from any to (vr0) port = 1194 keep \
state
pass in log on vr0 inet proto tcp from any port = ftp-data to (vr0)
user = 71 flags S/SA keep state
pass in log on vr1 inet from 192.168.0.0/16 to any keep state
pass out log on vr1 inet from any to 192.168.0.0/16 keep state
pass in log on tun0 all keep state
pass out log on tun0 all keep state
pass out log on vr0 proto tcp all flags S/SA modulate state
pass out log on vr0 proto udp all keep state
pass out log on vr0 proto icmp all keep state
(I added the numbers and line breaks.) So it looks to me like line
6 is responsible for blocking the ping... but where does that rule
come from in my pf.conf file?
Thanks in advance for any assistance!
Matt
auto-update named via dhcpd?
I've got the (ubiquitous?) home LAN setup, with OpenBSD 3.7 as my firewall/gateway/router. (I know, need to upgrade.) Previously, my LAN was setup as follows: all machines had static IP addresses, and had the same /etc/hosts file. All machines also had the same /etc/resolv.conf file. I got a laptop, and decided that I'd like to run a dhcp server on the OpenBSD box (didn't want to update a bunch of /etc/hosts files). Also, my ISP kept changing their DNS servers, so I had to update /etc/resolv.conf on every box several times. Now I'm thinking that the least maintenance approach is to have the OpenBSD box run named and dhcpd, and have all the other boxes be dynamically configured. I've got dhcpd and named working, but they are not talking to each other. In other words, I don't know how to have named updated by dhcpd. There's a handful of howto-type documents on the net for this, but the dhcpd shipped with OpenBSD 3.7 doesn't seem to support the needed features. For example, if I put this line in /etc/dhcpd.conf: ddns-update-style interim; I get this in /var/log/daemon when starting dhcpd: Jul 14 09:06:53 excrement dhcpd: /etc/dhcpd.conf line 13: expecting a parameter or declaration. Jul 14 09:06:53 excrement dhcpd: ddns-update-style Jul 14 09:06:53 excrement dhcpd: ^ My assumption is that the dhcpd that ships with OpenBSD 3.7 doesn't support the ddns-update-style option. Some of the 'howto' documents I found on the net suggest installing ISC DHCP version 3. So my questions are: - Is installing isc-dhcp-3 the right path to take for OpenBSD 3.7? - In there some way to use the default dhcpd in 3.7 to get dynamic dns updates? - Does the dhcpd in OpenBSD 3.9 make this process any easier? Thank you for any suggestions! Matt
Re: auto-update named via dhcpd?
Someone mailed me offlist, and said that it wasn't clear what I was asking in my initial post... I'll try a more terse version: I want to run a DNS server (named) and dhcpd on my OpenBSD box (which is the firewall/gateway/router for my home network). I also want the DNS server to provide name resolution for the dynamically-addressed hosts in my LAN. Does the dhcpd that is shipped with OpenBSD 3.7 support the ability to update bind? Does the dhcpd that is shipped with OpenBSD 3.9 support this? If not, is the recommended approach to install ISC DHCP 3.x, as suggested by documents such as this: http://www.bsdguides.org/guides/openbsd/networking/dynamic_dns_dhcp.php Thanks again, Matt On Fri, Jul 14, 2006 at 10:49:34AM -0500, [EMAIL PROTECTED] wrote: I've got the (ubiquitous?) home LAN setup, with OpenBSD 3.7 as my firewall/gateway/router. (I know, need to upgrade.) Previously, my LAN was setup as follows: all machines had static IP addresses, and had the same /etc/hosts file. All machines also had the same /etc/resolv.conf file. I got a laptop, and decided that I'd like to run a dhcp server on the OpenBSD box (didn't want to update a bunch of /etc/hosts files). Also, my ISP kept changing their DNS servers, so I had to update /etc/resolv.conf on every box several times. Now I'm thinking that the least maintenance approach is to have the OpenBSD box run named and dhcpd, and have all the other boxes be dynamically configured. I've got dhcpd and named working, but they are not talking to each other. In other words, I don't know how to have named updated by dhcpd. There's a handful of howto-type documents on the net for this, but the dhcpd shipped with OpenBSD 3.7 doesn't seem to support the needed features. For example, if I put this line in /etc/dhcpd.conf: ddns-update-style interim; I get this in /var/log/daemon when starting dhcpd: Jul 14 09:06:53 excrement dhcpd: /etc/dhcpd.conf line 13: expecting a parameter or declaration. Jul 14 09:06:53 excrement dhcpd: ddns-update-style Jul 14 09:06:53 excrement dhcpd: ^ My assumption is that the dhcpd that ships with OpenBSD 3.7 doesn't support the ddns-update-style option. Some of the 'howto' documents I found on the net suggest installing ISC DHCP version 3. So my questions are: - Is installing isc-dhcp-3 the right path to take for OpenBSD 3.7? - In there some way to use the default dhcpd in 3.7 to get dynamic dns updates? - Does the dhcpd in OpenBSD 3.9 make this process any easier? Thank you for any suggestions! Matt
Re: Static functions in C code
On Fri, May 26, 2006 at 08:29:58AM -0500, Marco Peereboom wrote: My answer is correct. It is not my fault that you don't have a clue about programming. Static has it's uses however for some reason the (open source) world at large seem not to understand what they are. Same is true with typedef, it has its uses too but mostly it is abused. What are some examples of abuse/misuse of typedef? (That's an honest question, not trolling.) I bet you have never wasted days finding a non-bug because of static. So how do you specify that a function should be visible only to the local compilation unit? Or, how do you keep others from using your locally-scoped (but not declared static) function in a global context? I've seen situations where someone saw a function that was not declared static, but clearly intended to have only local visibility, and someone went off and prototyped that function in some other module so they could use it. (Then again, even using 'static' probably wouldn't have solved the problem---that person would have just deleted the keyword!) Just curious! Thanks, Matt
Re: head.c usage function
On Fri, May 26, 2006 at 08:47:15PM +0100, Nick Guenther wrote: least, it should be) in usage() because the proper form is fprintf(stderr, usage: %s [-ks]\n, __progname); where __progname gets filled in automatically with the name of the program. I don't know the details of how it works though, does anyone have a link to an explanation? I'm not sure about this, but isn't __progname a compiler-specific extension? I usually write a usage function to take a single argument, i.e. usage(const char *progname). When I call usage(), which is always from main(), I just pass in argv[0]. I'm under the impression that argv[0] being set to the name of the program is standard (could be wrong though). MG
Re: extreme latency in LAN pings, ssh, etc
On Mon, May 01, 2006 at 12:22:17PM -0700, Spruell, Darren-Perot wrote: Just today, however, I noticed huge latencies when I try to ssh to another computer on the LAN. Previously, I was connect an instant after pressing return. Now it takes several seconds before the connection is made. Can you verify for sure that your DNS is working properly? Is reverse DNS configured and working right? You guys were much too easy on me :) RTFM - FAQ Question 8.22. I was missing the lookup file bind directive in /etc/resolv.conf. Thanks everyone! Matt
Re: C++ textbooks: recommendations?
On Tue, Apr 04, 2006 at 05:50:48PM -0500, [EMAIL PROTECTED] wrote: i need to learn C++, but do not know where to begin with textbooks or online docs. since, AFAICT, there are a great many skilled programmers on list, i would appreciate any recommendations that can be made about introductory and intermediate texts on C++. There's a good collection of reviews on C/C++ books at the Association of C/C++ Users website: http://accu.org/index.php/book_reviews I've bought a couple books based on reviews at that site, and have been happy. (Note that I'm not a member or anything, I just found their website useful.) It's already been mentioned, but it's worth repeating: Bjarne Stroustrup's book, _The_C++_Programming_Language_ will teach you a *lot* about C++. I don't recommend it for beginners, though. It's pretty terse (but very thorough). my motivation for asking this is to avoid purchasing texts that will sit on my shelf and collect dust. there are a great many introductory texts on nearly every subject that do just that and/or don't cover enough material in sufficient depth. I hear that. Caveat: everyone learns differently. But, in general, I've found that reading existing code and writing sample programs is the best way to learn. I've also got a lot of good feedback from Usenet (comp.lang.c++ I think). The only problem, in my opinion, is that if you pick up some code and start looking over it, you may learn bad habbits or techniques. Thanks to the gaining popularity of the open source movement, there's more free example code out there than you could look at in your lifetime. The downside is, without experience, you don't know what's good and what's bad. Obviously you want to be looking at well-written code. Another idea might be to get involved in a C++ open source project (one that interests you obviously). Code up a feature, submit it, and see what kind of feedback you get. (This assumes that, like me, learn by doing is the best way for you to learn something.) are there any texts on best practices for writing exploit-free code? if you feel this is insufficiently openbsd related, please reply off-list to reduce chatter. Not that I've found. You can certainly find tons of tidbits and best practices by searching the web. General rule of thumb: buffer and array bounds problems are probably the number one killer in C and C++ applications. It would be awesome if the collective expertise of the OpenBSD development team could be captured and put into book form (and I suppose it is, to a degree, in the code itself). Even though OpenBSD is vanilla C, generally good practices in C are good practices in C++. Hope that helps! Matt
Re: Effecient window manager layout
Oleg Petrov ([EMAIL PROTECTED]) dixit: configuring it. So my question goes to all OpenBSD hackers who uses some simple WM instead of huge DE-s.. Can you give me basic points of building simple and effective desktop layout? All fvwmrc-s, screenshots of your boring (or may be fancy :-)) desktop configurations are very welcome. I'm not too FVWM savvy, but there are so many window managers out there. A good place to get a good overview of the more popular window managers is here: http://xwinman.org/ FVWM is great because it's fast and lightweight, but also infinitely customizable. The downside is that it's infinitely customizable :) You might enjoy looking at other folks' desktop screenshots to get an idea of what you want or what is possible. Of the many sites that have screenshots, this one seems to have a lot of pretty ones: http://www.lynucs.org/ You might also be interested in Fvwm-Crystal, which is basically a complete Desktop Environment using FVWM and some other components: http://fvwm-crystal.berlios.de/ There's tons of information out there... have fun! Matt -- Matt Garman email at: http://raw-sewage.net/index.php?file=email
OT: server quality hardware; was: Re: RAID card recommendations
On Wed, Jan 11, 2006 at 04:19:12PM -0500, Jim Razmus wrote: I have already replaced two Adaptec controllers with LSI Logic MEGARAID SATA 150-6 cards. I then added a call to bioctl in These LSI Megaraid cards are 64-bit PCI, right? Do they have a PCI Express version? What motherboards are folks using that support these (64 bit) PCI slots? Most consumer grade x86 motherboards only have 32-bit PCI slots. I've seen very few motherboards (at least at newegg) that have 64-bit PCI, and they're very expensive. I have them setup with 5 drives in a RAID 5 configuration and the sixth drive is a hot spare. I can't say enough about this card and it's support with OpenBSD. In addition to replacing the existing cards, we build our new machines with them. I get the impression that you're building commercial or industrial quality machines... I use those terms very loosely, i.e. you're building something that you expect to have as little downtime as possible and last a while, correct? What kind of hard drives are you using in your RAID? I gather they are SATA, but are they specially designed/manufactured server grade drives, or just off-the-shelf consumer grade drives? What I'm getting at is that I'd like to build a fairly beefy mass storage box. OpenBSD is so nice as a set it and forget it OS; I'd like to have the same kind of confidence in my hardware (without going broke). Thanks! Matt -- Matt Garman email at: http://raw-sewage.net/index.php?file=email
slightly OT: OpenNTPd on Linux still allows drift
This is probably kind of a long shot, but does anyone use OpenNTPd on Linux machines? I've struggled for what seems like forever trying to get regular NTP to properly sync my clock on my Linux boxes, but have never been successful. OpenNTPd's goals are perfectly in line with my needs, so I figured, why not? I have set it up, and it *seems* to be running as expected, but my system clock still runs too fast. To further clarify, I have 3 Linux boxes and one OpenBSD box. OpenNTPd works admirably on one Linux and the OBSD box. But the other two Linux boxes still run too fast. If anyone has any thoughts, ideas or suggestions, I'd be glad to hear them! Thank you, Matt -- Matt Garman email at: http://raw-sewage.net/index.php?file=email
