Re: Build GENERIC with IPX support
W dniu 2013-05-13 00:45, Adrian Chadd pisze: It's supported as long as someone wants to use it and can help in at least diagnosing issues. So, if you have a segfault, run it inside gdb and report where its dying. Chances are things have just bitrotted a bit but not so much that it's worth killing. # gdb ncplogin GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as amd64-marcel-freebsd...(no debugging symbols found)... (gdb) run Starting program: /usr/bin/ncplogin (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x000800d285f7 in strlen () from /lib/libc.so.7 (gdb) bt #0 0x000800d285f7 in strlen () from /lib/libc.so.7 #1 0x000800d205b0 in gettimeofday () from /lib/libc.so.7 #2 0x000800d2163e in gettimeofday () from /lib/libc.so.7 #3 0x000800d21798 in vfprintf_l () from /lib/libc.so.7 #4 0x000800d0e701 in fprintf () from /lib/libc.so.7 #5 0x000800822a85 in ncp_error () from /usr/lib/libncp.so.4 #6 0x00080081fa7c in ncp_li_readrc () from /usr/lib/libncp.so.4 #7 0x00400ea7 in ?? () #8 0x00400d2e in ?? () #9 0x00080061c000 in ?? () #10 0x in ?? () #11 0x0001 in ?? () #12 0x7fffddf8 in ?? () #13 0x in ?? () #14 0x7fffde0a in ?? () #15 0x7fffde1e in ?? () #16 0x7fffde35 in ?? () #17 0x7fffde3d in ?? () #18 0x7fffde49 in ?? () #19 0x7fffde52 in ?? () #20 0x7fffde67 in ?? () #21 0x7fffde74 in ?? () #22 0x7fffde88 in ?? () #23 0x7fffdee5 in ?? () #24 0x7fffdef3 in ?? () #25 0x7fffdf07 in ?? () #26 0x7fffdf12 in ?? () #27 0x7fffdf1d in ?? () #28 0x7fffdf27 in ?? () #29 0x7fffdf40 in ?? () #30 0x7fffdf50 in ?? () #31 0x7fffdf5e in ?? () #32 0x in ?? () #33 0x0003 in ?? () #34 0x00400040 in ?? () #35 0x0004 in ?? () #36 0x0038 in ?? () #37 0x0005 in ?? () #38 0x0008 in ?? () #39 0x0006 in ?? () #40 0x1000 in ?? () #41 0x0008 in ?? () #42 0x in ?? () #43 0x0009 in ?? () #44 0x00400ca0 in ?? () #45 0x0007 in ?? () #46 0x000800601000 in ?? () #47 0x000f in ?? () #48 signal handler called #49 0x in ?? () Previous frame inner to this frame (corrupt stack?) (gdb) # my /etc/rc.conf file contains these lines: ifconfig_em0f1_ipx=ipx 0x0123.1 ipxrouted_enable=YES and in /boot/loader.conf: if_ef_load=YES What's more, the 'ncplist s' command is unable to find any NetWare servers: # ncplist s Can't find any file server # But Frame type (802.3) and network number (0x0123) are correct. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Build GENERIC with IPX support
On Mon, May 13, 2013 at 08:07:42AM +0200, Marek Salwerowicz wrote: W dniu 2013-05-13 00:45, Adrian Chadd pisze: It's supported as long as someone wants to use it and can help in at least diagnosing issues. So, if you have a segfault, run it inside gdb and report where its dying. Chances are things have just bitrotted a bit but not so much that it's worth killing. # gdb ncplogin GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as amd64-marcel-freebsd...(no debugging symbols found)... (gdb) run Starting program: /usr/bin/ncplogin (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x000800d285f7 in strlen () from /lib/libc.so.7 (gdb) bt #0 0x000800d285f7 in strlen () from /lib/libc.so.7 #1 0x000800d205b0 in gettimeofday () from /lib/libc.so.7 #2 0x000800d2163e in gettimeofday () from /lib/libc.so.7 #3 0x000800d21798 in vfprintf_l () from /lib/libc.so.7 #4 0x000800d0e701 in fprintf () from /lib/libc.so.7 #5 0x000800822a85 in ncp_error () from /usr/lib/libncp.so.4 #6 0x00080081fa7c in ncp_li_readrc () from /usr/lib/libncp.so.4 #7 0x00400ea7 in ?? () #8 0x00400d2e in ?? () #9 0x00080061c000 in ?? () #10 0x in ?? () #11 0x0001 in ?? () #12 0x7fffddf8 in ?? () #13 0x in ?? () #14 0x7fffde0a in ?? () #15 0x7fffde1e in ?? () #16 0x7fffde35 in ?? () #17 0x7fffde3d in ?? () #18 0x7fffde49 in ?? () #19 0x7fffde52 in ?? () #20 0x7fffde67 in ?? () #21 0x7fffde74 in ?? () #22 0x7fffde88 in ?? () #23 0x7fffdee5 in ?? () #24 0x7fffdef3 in ?? () #25 0x7fffdf07 in ?? () #26 0x7fffdf12 in ?? () #27 0x7fffdf1d in ?? () #28 0x7fffdf27 in ?? () #29 0x7fffdf40 in ?? () #30 0x7fffdf50 in ?? () #31 0x7fffdf5e in ?? () #32 0x in ?? () #33 0x0003 in ?? () #34 0x00400040 in ?? () #35 0x0004 in ?? () #36 0x0038 in ?? () #37 0x0005 in ?? () #38 0x0008 in ?? () #39 0x0006 in ?? () #40 0x1000 in ?? () #41 0x0008 in ?? () #42 0x in ?? () #43 0x0009 in ?? () #44 0x00400ca0 in ?? () #45 0x0007 in ?? () #46 0x000800601000 in ?? () #47 0x000f in ?? () #48 signal handler called #49 0x in ?? () Previous frame inner to this frame (corrupt stack?) (gdb) # my /etc/rc.conf file contains these lines: ifconfig_em0f1_ipx=ipx 0x0123.1 ipxrouted_enable=YES and in /boot/loader.conf: if_ef_load=YES What's more, the 'ncplist s' command is unable to find any NetWare servers: # ncplist s Can't find any file server # But Frame type (802.3) and network number (0x0123) are correct. Without debugging symbols this will be annoying to debug. From a brief skim of the code, it looks like the author has very horrible error checking and makes a lot of assumptions about the user's environment (dot files, etc.). IPX has been neglected for what should be obvious reasons. As someone who got his CNE back in 1994 (circa Netware 3.11), you're the first person I have encountered since roughly 1997 who is actively using IPX. Netware does support TCP/IP, you know... Anyway, in your case, you're in luck: #0 0x000800d285f7 in strlen () from /lib/libc.so.7 #1 0x000800d205b0 in gettimeofday () from /lib/libc.so.7 #2 0x000800d2163e in gettimeofday () from /lib/libc.so.7 #3 0x000800d21798 in vfprintf_l () from /lib/libc.so.7 #4 0x000800d0e701 in fprintf () from /lib/libc.so.7 #5 0x000800822a85 in ncp_error () from /usr/lib/libncp.so.4 #6 0x00080081fa7c in ncp_li_readrc () from /usr/lib/libncp.so.4 ncp_li_readrc(), which is part of libncp, only has one call to ncp_error() in it: src/lib/libncp/ncpl_conn.c -- 180 /* 181 * read rc file as follows: 182 * 1. read [server] section 183 * 2. override with [server:user] section 184 * Since abcence of rcfile is not a bug, silently ignore that fact. 185 * rcfile never closed to reduce number of open/close operations. 186 */ 187 int 188 ncp_li_readrc(struct ncp_conn_loginfo *li) { 189 int i, val, error; 190 char uname[NCP_BINDERY_NAME_LEN*2+1]; 191 char *sect = NULL, *p; 192 193 /* 194 * if info from cmd line incomplete, try to find existing 195 *
kernel panic: ffs_valloc: dup alloc
The core.txt and info files can be found in attached archive. If you need vmcore, just let me know where I can upload it. ASUS K73E Architecture: i386 OS: FreeBSD 9.1-RELEASE-p3 Please let me know should you need some other information. Thanks. Andriy___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
freebsd-update and /boot/kernel/linker.hints
Hi, since last freebsd-update fetch install I always get this message after freebsd-update fetch: The following files will be updated as part of updating to 9.1-RELEASE-p3: /boot/kernel/linker.hints but freebsd-update install doesn't install anything. Is there something wrong with my system or is this a bug in freebsd-update? kind regards Wolfgang ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
kernel panic: ffs_valloc: dup alloc
The core.txt and info files can be found in attached archive (there are 2 crash reports there). If you need vmcores, just let me know where I can upload them. ASUS K73E Architecture: i386 OS: FreeBSD 9.1-RELEASE-p3 Please let me know should you need some other information. Thanks. Andriy___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: kernel panic: ffs_valloc: dup alloc
On Mon, 13 May 2013 11:10:04 +0200, Andriy Kornatskyy andriy.kornats...@live.com wrote: The core.txt and info files can be found in attached archive (there are 2 crash reports there). If you need vmcores, just let me know where I can upload them. ASUS K73E Architecture: i386 OS: FreeBSD 9.1-RELEASE-p3 Please let me know should you need some other information. Thanks. Andriy Attachments are stripped by the mailinglist. Put them inline or on something like http://pastebin.com/. Ronald. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: IKEv2/IPSEC Road Warrior VPN Tunneling?
On Wed, Apr 17, 2013 at 11:57:19AM +0200, Willy Offermans wrote: Hello Karl and FreeBSD friends, Hi all. I recall having read about racoon and roadwarrior. Have a look to /usr/local/share/examples/ipsec-tools/, if you have installed it. I'm also planning to install this on my server. However I have only little time at the moment. I'm also looking for examples of configuration files to work with. First, ipsec-tools is for IKEv1 only, as the subject of the original mail talks about IKEv2. For IKEv1 (with ipsec-tools), the simplest way to do this would be to create a remote anonymous and a sainfo anonymous section, with generate_policy set to on: racoon will negociate phase 1 / phase 2, then will generate SPD entries from peer's proposal. Of course, this means that you'll have to trust what your peers will negociate as traffic endpoints ! If you have some more time to spend on configuration (recommanded !), you can specify traffic endpoints for the sainfo section: valid endpoints (which match the sainfo) negociated by peer will work as described upper, and other traffic endpoints will not negociate, as racoon won't find any related sainfo. Yvan. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: IKEv2/IPSEC Road Warrior VPN Tunneling?
On 5/13/2013 8:44 AM, VANHULLEBUS Yvan wrote: On Wed, Apr 17, 2013 at 11:57:19AM +0200, Willy Offermans wrote: Hello Karl and FreeBSD friends, Hi all. I recall having read about racoon and roadwarrior. Have a look to /usr/local/share/examples/ipsec-tools/, if you have installed it. I'm also planning to install this on my server. However I have only little time at the moment. I'm also looking for examples of configuration files to work with. First, ipsec-tools is for IKEv1 only, as the subject of the original mail talks about IKEv2. For IKEv1 (with ipsec-tools), the simplest way to do this would be to create a remote anonymous and a sainfo anonymous section, with generate_policy set to on: racoon will negociate phase 1 / phase 2, then will generate SPD entries from peer's proposal. Of course, this means that you'll have to trust what your peers will negociate as traffic endpoints ! If you have some more time to spend on configuration (recommanded !), you can specify traffic endpoints for the sainfo section: valid endpoints (which match the sainfo) negociated by peer will work as described upper, and other traffic endpoints will not negociate, as racoon won't find any related sainfo. Yvan. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org I have successfully configured StrongSwan for IPSEC/IKEv2 and have it operating both with Windows clients and also with the BlackBerry Z-10. It is fast and works very well; I went for the current source directly rather than the port as I wanted to enable a number of options. If readers believe there's value in posting the recipe I used here let me know. -- Karl Denninger k...@denninger.net /Cuda Systems LLC/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: IKEv2/IPSEC Road Warrior VPN Tunneling?
Please share the confs. Sami On May 13, 2013 5:25 PM, Karl Denninger k...@denninger.net wrote: On 5/13/2013 8:44 AM, VANHULLEBUS Yvan wrote: On Wed, Apr 17, 2013 at 11:57:19AM +0200, Willy Offermans wrote: Hello Karl and FreeBSD friends, Hi all. I recall having read about racoon and roadwarrior. Have a look to /usr/local/share/examples/ipsec-tools/, if you have installed it. I'm also planning to install this on my server. However I have only little time at the moment. I'm also looking for examples of configuration files to work with. First, ipsec-tools is for IKEv1 only, as the subject of the original mail talks about IKEv2. For IKEv1 (with ipsec-tools), the simplest way to do this would be to create a remote anonymous and a sainfo anonymous section, with generate_policy set to on: racoon will negociate phase 1 / phase 2, then will generate SPD entries from peer's proposal. Of course, this means that you'll have to trust what your peers will negociate as traffic endpoints ! If you have some more time to spend on configuration (recommanded !), you can specify traffic endpoints for the sainfo section: valid endpoints (which match the sainfo) negociated by peer will work as described upper, and other traffic endpoints will not negociate, as racoon won't find any related sainfo. Yvan. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org I have successfully configured StrongSwan for IPSEC/IKEv2 and have it operating both with Windows clients and also with the BlackBerry Z-10. It is fast and works very well; I went for the current source directly rather than the port as I wanted to enable a number of options. If readers believe there's value in posting the recipe I used here let me know. -- Karl Denninger k...@denninger.net /Cuda Systems LLC/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Apparent fxp regression in FreeBSD 8.4-RC3
I'm not sure this is a kernel issue. I re-installed 8.3Release p8 (have to get work done!) and then installed a 8.4 Prerelease kernel (I'm still running cvsup, going to svn is a number of crisis problems down from the list of things to fix today). Booted with the 8.4 Prerelease kernel but using the 8.3R p8 world - no problems with fxp0. I've tried that twice, same results. This suggests to me that the problem may not be in 8.4 at all, but in some weirdness of my setup. The motherboard is old; it's one of the Supermicro Xeon boards using the Serverworks chipset which they had to produce when the Intel support chipset turned out to be buggy, which is a number of years ago. I have another box at work which I will set up as my NAT box (the system in question is my NAT box) from scratch with 8.4 and then take the current box off-line, and then reinstall 8.4 from scratch on that system. When that is done I'll report. This probably won't happen until later this week, Friday. No issues with 8.4 with the other two systems at home, one a Tyan S4882 and the other a Tyan S2882. Mike Squires ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Reinstalling boot blocks on a ZFS-only system
On May 12, 2013, at 23:17 , Jeremy Chadwick wrote: On Sun, May 12, 2013 at 10:20:26PM -0400, Chris Ross wrote: In the past, I've found I've been unable to install all of the bootblocks if I boot from the ZFS root. When booting from a cd, the basic: gpart bootcode -p ${bootdir}/zfsboot ${disk} dd if=${bootdir}zfsloader of=/dev/${disk}a bs=512 oseek=1024 conv=notrunc,sync works. But, if I boot from ZFS, then I can't dd anything into the front of the drives. Right now, the problem after booting from the CD, is trying to mount a read/write filesystem (mfs, or the like) so that I can scp the bootblocks onto the system and install them. But, I eventually found the command I'd lost. so I think I'm alright. Thanks... What does unable to install mean? What output/error do you get? I am going to assume you get EPERM (Operation not permitted), which would be caused by GEOM's preventive foot-shooting (keep reading). Is there some reason you're sticking with the MBR scheme instead of GPT? I apologize for all of the noise on the list. I failed to mention the important detail, which is that I'm working on a sparc64 system, so it's all VTOC8, not MBR nor GPT. But as noted, I was able to mount an MBR an accomplish what I'd intended when booting from a CD-R. Thanks. - Chris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Build GENERIC with IPX support
W dniu 2013-05-13 08:52, Jeremy Chadwick pisze: IPX has been neglected for what should be obvious reasons. As someone who got his CNE back in 1994 (circa Netware 3.11), you're the first person I have encountered since roughly 1997 who is actively using IPX. Netware does support TCP/IP, you know... Yes, I am aware of it but in that case I would like to connect to Netware 3.12, which is configured in IPX-only environment. As you see some people still use it, it still works (and works good) and is a perfect back-end for applications and environments working on it. Anyway, in your case, you're in luck: #0 0x000800d285f7 in strlen () from /lib/libc.so.7 #1 0x000800d205b0 in gettimeofday () from /lib/libc.so.7 #2 0x000800d2163e in gettimeofday () from /lib/libc.so.7 #3 0x000800d21798 in vfprintf_l () from /lib/libc.so.7 #4 0x000800d0e701 in fprintf () from /lib/libc.so.7 #5 0x000800822a85 in ncp_error () from /usr/lib/libncp.so.4 #6 0x00080081fa7c in ncp_li_readrc () from /usr/lib/libncp.so.4 ncp_li_readrc(), which is part of libncp, only has one call to ncp_error() in it: src/lib/libncp/ncpl_conn.c -- 180 /* 181 * read rc file as follows: 182 * 1. read [server] section 183 * 2. override with [server:user] section 184 * Since abcence of rcfile is not a bug, silently ignore that fact. 185 * rcfile never closed to reduce number of open/close operations. 186 */ 187 int 188 ncp_li_readrc(struct ncp_conn_loginfo *li) { 189 int i, val, error; 190 char uname[NCP_BINDERY_NAME_LEN*2+1]; 191 char *sect = NULL, *p; 192 193 /* 194 * if info from cmd line incomplete, try to find existing 195 * connection and fill server/user from it. 196 */ 197 if (li-server[0] == 0 || li-user == NULL) { 198 int connHandle; 199 struct ncp_conn_stat cs; 200 201 if ((error = ncp_conn_scan(li, connHandle)) != 0) { 202 ncp_error(no default connection found, errno); 203 return error; 204 } To me, this may indicate you have some kind of ncp rc file (I believe this is ~/.nwfsrc according to the ncplist(1) man page) that may contain something invalid, or maybe you lack such a file altogether (creating one might work around the problem). Seems you're right. What's more surprising, using % sudo ncplogin Results in no seg fault errors. It creates a file in home directory: arch-gate% sudo file ncplogin.core ncplogin.core: ELF 64-bit LSB core file x86-64, version 1 (FreeBSD), FreeBSD-style, from 'n' arch-gate% But, from shell account it results in segfault. Back to the actual segfault itself: ncp_error() is pretty simple: src/lib/libncp/ncpl_subr.c -- 447 /* 448 * Print a (descriptive) error message 449 * error values: 450 * 0 - no specific error code available; 451 * -999..-1 - NDS error 452 * 1..32767 - system error 453 * the rest - requester error; 454 */ 455 void 456 ncp_error(const char *fmt, int error, ...) { 457 va_list ap; 458 459 fprintf(stderr, %s: , _getprogname()); 460 va_start(ap, error); 461 vfprintf(stderr, fmt, ap); 462 va_end(ap); 463 if (error == -1) 464 error = errno; 465 if (error -1000 error 0) { 466 fprintf(stderr, : dserr = %d\n, error); 467 } else if (error 0x8000) { 468 fprintf(stderr, : nwerr = %04x\n, error); 469 } else if (error) { 470 fprintf(stderr, : syserr = %s\n, strerror(error)); 471 } else 472 fprintf(stderr, \n); 473 } What I don't understand from the calling stack is how gettimeofday() is involved. I have looked at the libc code, looked at the underlying calling functions and so on (from fprintf() to vfprintf_l() and deeper), and I don't see how or where gettimeofday() would be called. The only place I can think of might be the related locale stuff, but I'm doubting that given what I've looked at but could still be wrong. Have world/kernel on this system ever been rebuilt? If they have, were both kernel and world rebuilt together from the same source code and not at different times? I've installled the 9.1-RELEASE from ISO, then updated using: # freebsd-update fetch install And then recompiled the kernel from sources. I haven't rebuilt the world. If you're setting LANG, LC_CTYPE, LC_COLLATE, or other locale-oriented settings in your environment (and my gut feeling is that you are), you could try removing them and see if you get an actual useful error message on stderr, but I'm not holding my breath. No, I don't change any environment variables: arch-gate% sudo env PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/home/marek/bin TERM=xterm SHELL=/usr/local/bin/zsh MAIL=/var/mail/root LOGNAME=root USER=root USERNAME=root HOME=/root
Re: IKEv2/IPSEC Road Warrior VPN Tunneling?
On 5/13/2013 9:36 AM, Sami Halabi wrote: Please share the confs. Sami On May 13, 2013 5:25 PM, Karl Denninger k...@denninger.net wrote: On 5/13/2013 8:44 AM, VANHULLEBUS Yvan wrote: On Wed, Apr 17, 2013 at 11:57:19AM +0200, Willy Offermans wrote: Hello Karl and FreeBSD friends, Hi all. I recall having read about racoon and roadwarrior. Have a look to /usr/local/share/examples/ipsec-tools/, if you have installed it. I'm also planning to install this on my server. However I have only little time at the moment. I'm also looking for examples of configuration files to work with. First, ipsec-tools is for IKEv1 only, as the subject of the original mail talks about IKEv2. For IKEv1 (with ipsec-tools), the simplest way to do this would be to create a remote anonymous and a sainfo anonymous section, with generate_policy set to on: racoon will negociate phase 1 / phase 2, then will generate SPD entries from peer's proposal. Of course, this means that you'll have to trust what your peers will negociate as traffic endpoints ! If you have some more time to spend on configuration (recommanded !), you can specify traffic endpoints for the sainfo section: valid endpoints (which match the sainfo) negociated by peer will work as described upper, and other traffic endpoints will not negociate, as racoon won't find any related sainfo. Yvan. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org I have successfully configured StrongSwan for IPSEC/IKEv2 and have it operating both with Windows clients and also with the BlackBerry Z-10. It is fast and works very well; I went for the current source directly rather than the port as I wanted to enable a number of options. If readers believe there's value in posting the recipe I used here let me know. -- Karl Denninger k...@denninger.net /Cuda Systems LLC/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org %SPAMBLOCK-SYS: Matched [@freebsd.org+], message ok Here's a link to a rather long post on setting it up that I put up on my blog that pretty much walks through the details. http://market-ticker.org/akcs-www?post=220395 The configuration for StrongSwan looks like this: # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrlpolicy=yes # uniqueids = no # Add connections here. # Sample VPN connections conn %default keyingtries=1 keyexchange=ikev2 conn BB10 left=%any leftsubnet=0.0.0.0/0 right=%any rightsourceip=192.168.2.0/24 rightid=my@email.address rightauth=psk leftauth=pubkey leftcert=my-host-certificate.pem auto=add conn Win7 left=%any leftsubnet=0.0.0.0/0 leftauth=pubkey leftcert=my-host-certificate.pem leftid=@my-host-name right=%any rightsourceip=192.168.2.0/24 rightauth=eap-mschapv2 rightsendcert=never eap_identity=%any rekey=no dpdaction=clear dpddelay=300s auto=add You must have built StrongSwan with: $ ./configure --enable-kernel-pfkey --enable-kernel-pfroute --disable-kernel-netlink --disable-tools --disable-scripts --with-group=wheel --enable-eap-gtc --enable-xauth-pam --enable-eap-mschapv2 --enable-md4 --enable-eap-identity I have both Windows 7 and BlackBerry 10 clients working against this without problems. -- Karl Denninger k...@denninger.net /Cuda Systems LLC/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Apparent fxp regression in FreeBSD 8.4-RC3
On Sat, May 11, 2013 at 7:57 PM, Michael L. Squires mi...@siralan.orgwrote: I upgraded to FreeBSD 8.4-RC3 and noticed a problem with the fxp driver on an older Supermicro single CPU single core Xeon motherboard. I know that 8.3-Release does not have this issue, but don't know when in the updates to that release the regression was introduced. I use the fxp driver to connect to a Motorola Surfboard cable modem, and immediately saw the following occur many times: May 10 23:00:04 familysquires kernel: fxp0: link state changed to DOWN May 10 23:00:04 familysquires dhclient: New Subnet Mask (fxp0): 255.255.240.0 May 10 23:00:04 familysquires dhclient: New Broadcast Address (fxp0): 255.255.25 5.255 May 10 23:00:04 familysquires dhclient: New Routers (fxp0): xx.xxx.xxx.1 May 10 23:00:06 familysquires kernel: fxp0: link state changed to UP May 10 23:00:22 familysquires dhclient: New IP Address (fxp0): xx.xxx.xxx.163 May 10 23:00:22 familysquires kernel: fxp0: link state changed to DOWN May 10 23:00:22 familysquires dhclient: New Subnet Mask (fxp0): 255.255.240.0 May 10 23:00:22 familysquires dhclient: New Broadcast Address (fxp0): 255.255.255.255 May 10 23:00:22 familysquires dhclient: New Routers (fxp0): xx.xxx.xxx.1 May 10 23:00:24 familysquires kernel: fxp0: link state changed to UP repeated without end. I recently upgraded one of my systems from FreeBSD 7.4 to FreeBSD releng/8, and had DHCP problems. My system though is running a bge NIC, not fxp. I don't know if this solution can help your case, but I found that this helped me. I added the following line to my /etc/rc.conf: synchronous_dhclient=YES Without that line, my system would not boot up properly with networking working. -- Craig ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Build GENERIC with IPX support
Hi, Are you able to help someone figure out what's going on? The main problem with IPX / netware testing is that we just don't have netware servers lying around. :) Adrian On 13 May 2013 14:10, Marek Salwerowicz marek_...@wp.pl wrote: W dniu 2013-05-13 08:52, Jeremy Chadwick pisze: IPX has been neglected for what should be obvious reasons. As someone who got his CNE back in 1994 (circa Netware 3.11), you're the first person I have encountered since roughly 1997 who is actively using IPX. Netware does support TCP/IP, you know... Yes, I am aware of it but in that case I would like to connect to Netware 3.12, which is configured in IPX-only environment. As you see some people still use it, it still works (and works good) and is a perfect back-end for applications and environments working on it. Anyway, in your case, you're in luck: #0 0x000800d285f7 in strlen () from /lib/libc.so.7 #1 0x000800d205b0 in gettimeofday () from /lib/libc.so.7 #2 0x000800d2163e in gettimeofday () from /lib/libc.so.7 #3 0x000800d21798 in vfprintf_l () from /lib/libc.so.7 #4 0x000800d0e701 in fprintf () from /lib/libc.so.7 #5 0x000800822a85 in ncp_error () from /usr/lib/libncp.so.4 #6 0x00080081fa7c in ncp_li_readrc () from /usr/lib/libncp.so.4 ncp_li_readrc(), which is part of libncp, only has one call to ncp_error() in it: src/lib/libncp/ncpl_conn.c -- 180 /* 181 * read rc file as follows: 182 * 1. read [server] section 183 * 2. override with [server:user] section 184 * Since abcence of rcfile is not a bug, silently ignore that fact. 185 * rcfile never closed to reduce number of open/close operations. 186 */ 187 int 188 ncp_li_readrc(struct ncp_conn_loginfo *li) { 189 int i, val, error; 190 char uname[NCP_BINDERY_NAME_LEN*2+1]; 191 char *sect = NULL, *p; 192 193 /* 194 * if info from cmd line incomplete, try to find existing 195 * connection and fill server/user from it. 196 */ 197 if (li-server[0] == 0 || li-user == NULL) { 198 int connHandle; 199 struct ncp_conn_stat cs; 200 201 if ((error = ncp_conn_scan(li, connHandle)) != 0) { 202 ncp_error(no default connection found, errno); 203 return error; 204 } To me, this may indicate you have some kind of ncp rc file (I believe this is ~/.nwfsrc according to the ncplist(1) man page) that may contain something invalid, or maybe you lack such a file altogether (creating one might work around the problem). Seems you're right. What's more surprising, using % sudo ncplogin Results in no seg fault errors. It creates a file in home directory: arch-gate% sudo file ncplogin.core ncplogin.core: ELF 64-bit LSB core file x86-64, version 1 (FreeBSD), FreeBSD-style, from 'n' arch-gate% But, from shell account it results in segfault. Back to the actual segfault itself: ncp_error() is pretty simple: src/lib/libncp/ncpl_subr.c -- 447 /* 448 * Print a (descriptive) error message 449 * error values: 450 * 0 - no specific error code available; 451 * -999..-1 - NDS error 452 * 1..32767 - system error 453 * the rest - requester error; 454 */ 455 void 456 ncp_error(const char *fmt, int error, ...) { 457 va_list ap; 458 459 fprintf(stderr, %s: , _getprogname()); 460 va_start(ap, error); 461 vfprintf(stderr, fmt, ap); 462 va_end(ap); 463 if (error == -1) 464 error = errno; 465 if (error -1000 error 0) { 466 fprintf(stderr, : dserr = %d\n, error); 467 } else if (error 0x8000) { 468 fprintf(stderr, : nwerr = %04x\n, error); 469 } else if (error) { 470 fprintf(stderr, : syserr = %s\n, strerror(error)); 471 } else 472 fprintf(stderr, \n); 473 } What I don't understand from the calling stack is how gettimeofday() is involved. I have looked at the libc code, looked at the underlying calling functions and so on (from fprintf() to vfprintf_l() and deeper), and I don't see how or where gettimeofday() would be called. The only place I can think of might be the related locale stuff, but I'm doubting that given what I've looked at but could still be wrong. Have world/kernel on this system ever been rebuilt? If they have, were both kernel and world rebuilt together from the same source code and not at different times? I've installled the 9.1-RELEASE from ISO, then updated using: # freebsd-update fetch install And then recompiled the kernel from sources. I haven't rebuilt the world. If you're setting LANG, LC_CTYPE, LC_COLLATE, or other locale-oriented settings in your environment (and my gut feeling is that you are), you could try removing them and see if you get an actual useful