[leaf-user] SSH login takes 40 seconds

[cpu memhd]

Bering uClibc 2.2 - I got SSH working a few weeks ago. Now for some
reason it takes 40 seconds to display a console screen after I login. I
have read that this is likely a reverse DNS problem. But why should it
matter if I'm using private, 10.x.x.x IPs? Also, I don't recall making
any changes between the time SSH worked and now. Any ideas?



__ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com 
 



---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] SSH login takes 40 seconds

[cpu memhd]

Okay, I figured out a solution reading the DNSMASQ docs (I'm using
DNSMASQ with messy DHCP). I forgot exactly everything I did, but I'm
pretty sure this is it (sorry to take so long to respond):

First I modified the dnsmasq config, note the change below:

# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
#resolv-file=
resolv-file=/etc/resolv.dnsmasq

Then...

- Early in the bootup process, after I get my IP via DHCP (cable modem)
I rename resolv.conf (with DHCP updates) to resolv.dnsmasq via a
startup script

- Then I do an echo "nameserver 127.0.0.1" > /etc/resolv.conf (same
script)

That's it. No more delay, no host file maintenance for every possible client.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Order of packages in LEAF.CFG, LRP=

[cpu memhd]

Bering uClibc 2.2: are any of the packages sensitive to the order in
which they're placed?



__ 
Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 
http://mobile.yahoo.com/maildemo 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Via Padlock RNG/ACE in Bering uClibc

[cpu memhd]

Do any of the crypto packages (IPsec, SS*, etc) make use of Via's
Padlock features found in Nehemiah C3 processors?

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] EZ-IPUPD -> DynDNS.org blocked because of abuse

[cpu memhd]

As the topic says, I was blocked because of abuse:

"The abuse system automatically blocks any hostname that repeatedly
tries to update a hostname from the same IP. This is done to conserve
bandwidth and prevent computers from updating every 5 minutes,
regardless of whether or not their IP address had changed."

Does EZ-IPUPD attempt to update DynDNS at regular intervals or every
reboot? What should I do to prevent it from causing this problem? My
account will be "automatically deleted" if this continues. Thanks.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] global environment variables

[cpu memhd]

Is there such a thing as global variables in Linux/Unix? To be more
specific, variables that are accessible to system processes, with out
having to login? If so, how/where do you set them?

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

re: [leaf-user] EZ-IPUPD -> DynDNS.org blocked because of abuse - should be solved now

[cpu memhd]

Thanks everyone for the help, I appreciate it very much.

I think the reason it was updating too frequently is logically because
ez-ipupd is saving to the RAM disk, which gets recreated upon every
reboot. This of course means that EZ-IPUPD will update DynDNS every
time I reboot.

So, I created a second partition on my flash media and pointed the
ez-ipup file there. No unnecessary updates to the cache file so far. I
think this will work. But I'll have to wait and see.



__ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com 
 



---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] EZ-IPUPD -> DynDNS.org blocked because of abuse - should be solved now

[cpu memhd]

That's easy to answer: so many packages/so little time. The box is not
yet in production.

K.-P. Kirchdörfer wrote:

>Am Montag, 6. Dezember 2004 10:58 schrieb cpu memhd:
>
>>Thanks everyone for the help, I appreciate it very much.
>>
>>I think the reason it was updating too frequently is logically
>>because ez-ipupd is saving to the RAM disk, which gets recreated
>>upon every reboot. This of course means that EZ-IPUPD will update
>>DynDNS every time I reboot.
>>
>>So, I created a second partition on my flash media and pointed the
>>ez-ipup file there. No unnecessary updates to the cache file so
>>far. I think this will work. But I'll have to wait and see.
>
>
>If that's work for you, it's ok; I just start to wonder how often you 
>reboot a leaf box  - and why?
>
>
>kp
>
>
>---
>SF email is sponsored by - The IT Product Guide
>Read honest & candid reviews on hundreds of IT Products from real
users.
>Discover which products truly live up to the hype. Start reading now. 
>http://productguide.itmanagersjournal.com/
>
>leaf-user mailing list: [EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user
>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>
>




__ 
Do you Yahoo!? 
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] stupid linux question

[cpu memhd]

I asked this question before but received no replies, I will ask again,
if anyone knows…

Is it possible to create environment variables in linux/unix like you
would in DOS using CONFIG.SYS or AUTOEXEC.BAT? That is, a variable that
is accessible to any subsequent running program?

I vaguely remember reading sometime back that this was not possible
because of fundamental differences between DOS/Win and Unix. While I do
know you can set environment variables in /etc/profile, the problem is
they are only accessible to a logged in user, not the system.
 
Thanks.




__ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] stupid linux question

[cpu memhd]

I do plan to start with a base image. This will help, but in the long
run, working with variables will pay off in a big way.

I am hoping I can keep most of shorewall exactly the same. If I change
rules, then all's I have to do is sftp the rules file and restart
shorewall. Same goes for IPsec. There are lots of possibilities.

Patrick Benson wrote:

>cpu memhd wrote:
>
>>Thanks everyone for the help. I will certainly look into your
>>suggestions. I wish I could elaborate more but I've been very busy.
>>
>>Basically, I find myself typing the same information (IP address,
>>subnet, broadcast, etc) in many different places. I will be rolling
out
>>about 20 leaf boxes. About 15 of them will have near identical
>>configurations. It is important to keep things as abstract as
possible.
>>So I plan to use environment variables wherever possible.
>
>
>Why not create a basic image which matches those 15, as close as
>possible, then install the image on them and polish it off with the
>little amount of editing which may be needed at the end?
>
>
>


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] environment variables (was: stupid linux question)

[cpu memhd]

Okay. I figured out an easy way to do this. I stuck this in my
/etc/init.d/rc, /etc/init.d/rcS (and /etc/profile) files:

. /etc/myenv

Putting a "." (period) was necessary otherwise the variables don't
export to the proceeding scripts. Why this is important, I don't know,
still learning Linux.

myenv has:

export varslikethis="10.0.0.1"

Is there an easier way? Such as:

varslikethis="10.0.0.1"
... and so on ...

export all (??)

/etc/network/interfaces does not support variables, only literals, so
it seems(?). I had to remove some of my interface settings (eth0, eth1,
etc) from there. Then I created a (basic) ifsetup script then modified
/etc/init.d/networking to call it.

I am currently using networking/interfaces to configure my dhcp
interface since I don't yet know how to do this with "ip link set...".

I also created my first custom package that allows easy maintenance of
the files I work with most. This gets more interesting as I go. Thanks
to everyone.





__ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com 
 



---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] stupid linux question

[cpu memhd]

Thanks everyone for the help. I will certainly look into your
suggestions. I wish I could elaborate more but I've been very busy.

Basically, I find myself typing the same information (IP address,
subnet, broadcast, etc) in many different places. I will be rolling out
about 20 leaf boxes. About 15 of them will have near identical
configurations. It is important to keep things as abstract as possible.
So I plan to use environment variables wherever possible.






__ 
Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 
http://mobile.yahoo.com/maildemo 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] MHTTPDS mini_httpd with SSL - need help - bering uclibc

[cpu memhd]

Anyone using mini_httpd with ssl support? I can't get this to work with
either weblet or webconf no matter what I do. I keep getting
'connection refused'. I have libssl and libcrpto.

Most current mhttpds.lrp at leaf-project.org is:
Version: 1.19 Rev 1 - 2004-02-11

But I have:
1.19 Rev 2 - 2004-08-14




__ 
Do you Yahoo!? 
Send holiday email and support a worthy cause. Do good. 
http://celebrity.mail.yahoo.com


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Re: MHTTPDS mini_httpd with SSL - need help - bering uclibc

[cpu memhd]

eh... here was my problem:

*cgipat=cgi-bin/**|plugins/**
cgipat=**.cgi

Brownie points for those who can guess why I used an asterisk instead
of a # for the above comment.



__ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] where are the dnscache sources?

[cpu memhd]

I am trying to download the dnscache sources from the CVS repository
(using buildtool.pl), but it is not there. Being that I'm new to LEAF
and CVS, I don't know what to ask other than, is dnscache no longer a
part of bering-uclibc?





__ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] where are the dnscache sources?

[cpu memhd]

Thanks for the help.
Where can I find dnscache sources?

Luis.F.Correia wrote:

>Hi! 
>
>>-Original Message-----
>>From: cpu memhd [mailto:[EMAIL PROTECTED] 
>>Sent: Tuesday, December 28, 2004 8:52 PM
>>To: leaf-user@lists.sourceforge.net
>>Subject: [leaf-user] where are the dnscache sources?
>>
>>I am trying to download the dnscache sources from the CVS repository
>>(using buildtool.pl), but it is not there. Being that I'm new to LEAF
>>and CVS, I don't know what to ask other than, is dnscache no longer a
>>part of bering-uclibc?
>
>
>In our base image, we are now using dnsmasq.
>Therefore only dnsmasq is built by buildtool.
>
>Luis Correia   
>Bering uClibc Team Member
>
>PGP Fingerprint: BC44 D7DA 5A17 F92A CA21 9ABE DFF0 3540 2322 21F6 
>Key Server: http://pgp.mit.edu
>
>
>
>---
>SF email is sponsored by - The IT Product Guide
>Read honest & candid reviews on hundreds of IT Products from real
users.
>Discover which products truly live up to the hype. Start reading now. 
>http://productguide.itmanagersjournal.com/
>
>leaf-user mailing list: leaf-user@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/leaf-user
>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>
>





__ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com 
 



---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Buildtool

[cpu memhd]

I had the same problem. 

>From the CVS help page:
http://www.leaf-project.org/doc/guide/buc-buildtool.html

This line didn't work for me:
cvs -d :pserver:[EMAIL PROTECTED]:/cvsroot/leaf login

But this one did:
cvs -z3 -d :pserver:[EMAIL PROTECTED]:/cvsroot/leaf \
  co src/bering-uclibc/buildtool

Perhaps the docs need updating?



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Buildtool

[cpu memhd]

Hello,

Excuse me. I can't help but notice a negative tone in your reply. Maybe
I am mistaken. Please clarify:

Martin Hejl wrote:

>
> cpu memhd wrote:
>
>> I had the same problem.
>>
>>> From the CVS help page:
>>
>> http://www.leaf-project.org/doc/guide/buc-buildtool.html
>>
>> This line didn't work for me:
>> cvs -d :pserver:[EMAIL PROTECTED]:/cvsroot/leaf login
>
> "didn't work for me" is pretty hard to debug for anyone but you.

What is this supposed to mean?

I wasn't trying to debug anything, or even imply that I was debugging.
The command: "cvs -d
:pserver:[EMAIL PROTECTED]:/cvsroot/leaf login" did not
work for me on the three or four occasions that I tried it.

>
>> But this one did:
>> cvs -z3 -d :pserver:[EMAIL PROTECTED]:/cvsroot/leaf \
>>   co src/bering-uclibc/buildtool
>>
>> Perhaps the docs need updating?
>
> I doubt it, since it works just fine here:
>
> $ cvs -d :pserver:[EMAIL PROTECTED]:/cvsroot/leaf login
> Logging in to
:pserver:[EMAIL PROTECTED]:2401/cvsroot/leaf
> CVS password:
>
> $ cvs -z3 -d :pserver:[EMAIL PROTECTED]:/cvsroot/leaf co
src/bering-uclibc/buildtool
> cvs checkout: Updating src/bering-uclibc/buildtool
> U src/bering-uclibc/buildtool/COPYING
> U src/bering-uclibc/buildtool/Changes
> U src/bering-uclibc/buildtool/README
> (...)
>
> Martin
>

The fact that it works for you does not mean it will work for everyone
else. 

Something is causing a problem for at least two of us. I was able to
overcome this problem. I thought I might be able to help. Apparently,
my assistance did not measure up to your standards. Or if there is
something inherently wrong in my reply, please let me know what the
guidelines are for posting.


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Buildtool

[cpu memhd]

Mike Noyes wrote:

>On Wed, 2005-01-12 at 20:21, cpu memhd wrote:
>
>>>"didn't work for me" is pretty hard to debug for anyone but you.
>>
>>What is this supposed to mean?
>
>
>cpu,
>I believe it means, it's nearly impossible to tell what went wrong on
>your side without better information.

Yes, I agree. But from my perspective, I wasn't trying to describe why
it wasn't working, only what worked for me. That was the best help I
could offer. Especially since I had forgotten the error message.

>
>I'll make a guess though. Have you used any other SourceForge hosted
>project repositories with pserver? If so, login won't do much for you.
>

This is what I mean about understanding the fundamentals. I don't know
what pserver is, so the answer is... no? I have only used CVS one other
time on a different project, but that was several months ago.

>
>>>>But this one did:
>>>>cvs -z3 -d :pserver:[EMAIL PROTECTED]:/cvsroot/leaf \
>>>>  co src/bering-uclibc/buildtool
>>>>
>>>>Perhaps the docs need updating?
>>>
>>>I doubt it, since it works just fine here:
>
>
>As Martin says, I doubt it too. The fact that the second command works
>indicates you've already logged into SF pserver before. You should be
>able to continue the checkout successfully.
>
>cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/leaf co
src/bering-uclibc/buildtool
>

I don't remember what the error was, but it had something to do with
logging in. After giving up, I decided to try the second command and it
worked. This happened several times the same day.

Anyway, I just tried the first command and it now works with out error.
So it is working as documentated. -cpumemhd

>
>>The fact that it works for you does not mean it will work for
everyone
>>else.
>
>
>True, but the SF Site Status doesn't indicate a problem with pserver,
>and it's working for me in addition to Martin. If there is a problem,
>it's not global.
>
>https://sourceforge.net/docman/display_doc.php?group_id=1&docid=2352
>
>If you continue to have problems, please open a support request with
the
>SoruceForge staff so they can address the issue. Thanks.
>
>https://sourceforge.net/tracker/?group_id=1&atid=21
>
>>Something is causing a problem for at least two of us. I was able to
>>overcome this problem. I thought I might be able to help. Apparently,
>>my assistance did not measure up to your standards. Or if there is
>>something inherently wrong in my reply, please let me know what the
>>guidelines are for posting.
>
>
>The SF Site Docs are a good place to look for information on accessing
>services they provide.
>
>https://sourceforge.net/docman/?group_id=1
>





__ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250


---
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Buildtool

[cpu memhd]

Okay, I see things more clearly now. A meaningful message is usually a
balance one: don't say too much, don't say too little.

I think we both said too little, and then jumped to conclusions because
of it.

My post was short honestly because I'm new not only to LEAF but to the
CVS and I did not want to sound like an expert. Also because I didn't
remember the error message. And also, because my understanding is
sometimes fundamentally wrong. If I would have said more, there might
have been a lot of "virtual" blank faces staring at me. :)

I have been learning LEAF and ultimately, a lot more about Linux
recently and I frequently run into documentation that is slightly off.
But close enough to where you eventually get things working. Such was
the case with with CVS and the build environment. It's possible that
the documentation is correct however, but CVS has changed.

Before the leaf website transformation there were lots of broken links.
Also, the Bering documentation sometimes does not apply to
Bering-uClibc, where it is implied that it does. So I am constantly
suspicious of the docs. But I'm not complaining, only pointing out a
possible culprit.

If I would document the problems I run into I could probably help out
more. But I'm really just using the product. I have two leaf boxes in
production and more to come. -cpumemhd

Martin Hejl wrote:

>
> cpu memhd wrote:
>
>> Excuse me. I can't help but notice a negative tone in your reply.
Maybe
>> I am mistaken. Please clarify:
>
> Maybe you're reading too much into the two lines that I wrote (apart
from the output of the commands). The mail wasn't meant to be negative
(but maybe it sounded negative because it wasn't more verbose).
>
>>>>> From the CVS help page:
>>>>
>>>>
>>>> http://www.leaf-project.org/doc/guide/buc-buildtool.html
>>>>
>>>> This line didn't work for me:
>>>> cvs -d :pserver:[EMAIL PROTECTED]:/cvsroot/leaf login
>>>
>>>
>>> "didn't work for me" is pretty hard to debug for anyone but you.
>>
>>
>>
>> What is this supposed to mean?
>
> You say that a line from the docs "didn't work for you", and a couple
of lines later you suggest that the docs need to be updated. But as
long as we don't know what "didn't work for me" actually implied (what
kind of errors did you get), nobody for whom it is working already
would know what the docs might have to be changed to.
>
>> I wasn't trying to debug anything, or even imply that I was
debugging.
>> The command: "cvs -d
>> :pserver:[EMAIL PROTECTED]:/cvsroot/leaf login" did not
>> work for me on the three or four occasions that I tried it.
>
> What happened after you entered that command? You may not be trying
to debug anything, but if I'm supposed to update the docs, I'll surely
have to.
>
>>>> Perhaps the docs need updating?
>>>
>>>
>>> I doubt it, since it works just fine here:
>>> (...)
>>
>> The fact that it works for you does not mean it will work for
everyone
>> else. 
>
> Absolutely - but at the same time, the fact that it works for me and
other people also suggests that the docs aren't plain wrong. And to be
able to figure out how to change the docs, I'd need a little more info,
to find something that works for everybody.
>
>> Something is causing a problem for at least two of us. I was able to
>> overcome this problem. I thought I might be able to help.
Apparently,
>> my assistance did not measure up to your standards. Or if there is
>> something inherently wrong in my reply, please let me know what the
>> guidelines are for posting.
>
> I'm sure there are somewhere, but I didn't write them. I did write
that part of the buildtool docs, and I would gladly update it, if you
give me anything to work with. "Doesn't work for me" without anything
else may well be a true statement (in your environment), but it doesn't
help the ones who are responsible for keeping the docs up to date.
>
> Martin
>
>
>
> ---
> The SF.Net email is sponsored by: Beat the post-holiday blues
> Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
> It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt
>

> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>




_

[leaf-user] USB keyboard - input.o and keybdev.o?

[cpu memhd]

These modules are not part of the bering-uclibc distribution. What do I
need to do build them?




__ 
Do you Yahoo!? 
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com 


---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] buildtool produces bad kernel

[cpu memhd]

How does one go about building a working kernel? I ran:

./buildtool.pl build kernel

I then tried booting both bzimage-2.4.26 and bzimage-2.4.26-upx and
both gave me oops/kernel panics after initializing the IDE controller
is seems.

./buildtool.pl describe says kgcc is required to build a kernel. But
that doesn't seem to be the case because I built my first kernel
without it.

I can tweak kernel settings using make menuconfig but I only end up
producing new modules (or removing them). My kernels are always the
same size no matter what I do with .config:

595,223  bzimage-2.4.26
515,363  bzimage-2.4.26-upx

There isn't any documentation on building a kernel, or is there? Is
buildtool still experimental?





__ 
Do you Yahoo!? 
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com 


---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] buildtool produces bad kernel

[cpu memhd]

Hi, thank you very much. That explains it. The question now is, what
core packages will I have to rebuild?



__ 
Do you Yahoo!? 
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com 


---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] buildtool produces bad kernel

[cpu memhd]

Thanks again. I was able to build & package initrd, but not root or
modules:

- There is no modules package according to 'buildtool.pl describe'; how
do I build modules.lrp?

- I tried building root and it bombed out with an undefined reference
to crypt:

make[1]: Entering directory
`/d/src/bering-uclibc/buildtool/source/sysvinit/sysvinit-2.85.orig/src'
/d/src/bering-uclibc/buildtool/staging/usr/bin/gcc -s  -o sulogin
sulogin.o 
sulogin.o(.text+0x86c): In function `main':
: undefined reference to `crypt'
collect2: ld returned 1 exit status
make[1]: *** [sulogin] Error 1
make[1]: Leaving directory
`/d/src/bering-uclibc/buildtool/source/sysvinit/sysvinit-2.85.orig/src'
make: *** [sysvinit-2.85.orig/.build] Error 2
make: Leaving directory
`/d/src/bering-uclibc/buildtool/source/sysvinit'

sulogin.c:

...
#if defined(__GLIBC__)
#  include 
#endif
...
if (pwd->pw_passwd[0] == 0 ||
strcmp(crypt(p, pwd->pw_passwd), pwd->pw_passwd) == 0)
sushell(pwd);
...

What to do about (undefined?) __GLIBC__?


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] buildtool & kernel/initrd/root/modules

[cpu memhd]

...trying to get a USB keyboard to work on a USB only system. I don't
give up that easily...After having problems trying to build sysvinit
with an older Mandrake distro I switched to Suse Enterprise 9. Now with
buildtool, I am able to produce all of the above modules with new
kernel and USB keyboard support, but there are new problems:

- SQUID is broken:

decode_addr: unsafe IP address: '0.0.0.0'
FATAL: decode_addr: unsafe IP address
Squid Cache (Version 2.5STABLE5): Terminated abnormally
CPU Usage: 0.010 seconds = 0.010 user +0.000 sys
Maxiumum Resident Size: 0 KB
Page faults with physical i/o: 111

- And (a cosmetic problem, but might give us a clue) when backing up a
package I get:

/usr/sbin/ticker: 9: :: not found

But the backup works. In fact, seems like everything works except the
two noted problems. Here's ticker (and if I run it manually I get the
same error):

#!/bin/sh
trap 'exit' 0 2 5 15
echo -n " "
while : ; do
for i in  \| / - ; do
echo -e -n "\b$i"
sleep 1
done
done

Why does it produce this error (line 9, not found)? This isn't anything
wrong with this script. I should also mention, I recompiled everything
with default kernel options and I get the same problems. One major
difference between a stock setup and this one is that buildtool now
uses gcc version 3.3.3 instead of gcc version 2.95.3.

Any ideas?




__ 
Do you Yahoo!? 
Make Yahoo! your home page 
http://www.yahoo.com/r/hs


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] buildtool & kernel/initrd/root/modules

[cpu memhd]

Kirchd,

I tried both 2.4.26 and 2.4.29. I ended up compiling the latest squid
stable9 on a mandrake box and using the libc225.lrp + a gcc library it
was complaining about. In other words, no uClibc. Works pretty good.
About the ticker problem. I guess it was pretty dumb of me to suggest
the script was okay (considering how little I know about scripting). I
changed:

while : ; do

to:

while [ : ] ; do

And now it works.

Honestly don't remember if I had this ticker problem with 2.4.29 (what
I first tried). But I'm about to start over with 2.4.29 again anyway.
Btw, using buildtool, I also tried squid stable9 with and without
safe_inet_addr patch. Same problem.

Thanks. -cpu



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] buildtool & kernel/initrd/root/modules

[cpu memhd]

Kirchd,

Okay, no ticker problem with 2.4.29 (same squid problem though).

ls -al for /bin/sh has always been:

/bin/sh -> ash

So it looks like 2.4.26 with newer build environment causes the ticker
problem. Not a big deal I guess. -cpu


K.-P. Kirchdörfer wrote:

>Am Donnerstag, 24. März 2005 13:29 schrieb cpu memhd:
>
>>I tried both 2.4.26 and 2.4.29. I ended up compiling the latest
>>squid stable9 on a mandrake box and using the libc225.lrp + a gcc
>>library it was complaining about. In other words, no uClibc. Works
>>pretty good. 
>
>
>Ok. Seems it's related to gcc change (as you said before)... 
>
>>About the ticker problem. I guess it was pretty dumb 
>>of me to suggest the script was okay (considering how little I know
>>about scripting). I changed:
>>
>>while : ; do
>>
>>to:
>>
>>while [ : ] ; do
>>
>>And now it works.
>
>
>I just booted into a base image and ticker works fine.
>what's the ls -al output for /bin/sh on your system?
>
>>Honestly don't remember if I had this ticker problem with 2.4.29
>>(what I first tried). But I'm about to start over with 2.4.29 again
>>anyway. Btw, using buildtool, I also tried squid stable9 with and
>>without safe_inet_addr patch. Same problem.
>
>
>:)
>Did the same tests here - same results.
>
>thx for testing and patience.
>kp
>
>
>---
>SF email is sponsored by - The IT Product Guide
>Read honest & candid reviews on hundreds of IT Products from real
users.
>Discover which products truly live up to the hype. Start reading now.
>http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
>
>leaf-user mailing list: leaf-user@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/leaf-user
>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>
>





__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] smbmount -> samba.lrp --how?

[cpu memhd]

Anyone know if it's possible to get smbmount out of the samba package?
I tried option --with-smbmount in buildtool.mk, then ./buildtool.pl -f
build samba but that didn't work.




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] buildtool - ipsec not autoloading modules

[cpu memhd]

Using buildtool to build openswan for bering-uclibc 2.3 beta (kernel
2.4.29). Copy ipsec.lrp to LEAF box... everything seems normal except
ipsec does not load ipsec_aes.o like it used to before.

This becomes more of a problem when I want to:

svi ipsec stop (or restart) because it cannot unload ipsec.o without
first unloading ipsec_aes.o (which must be loaded manually).

I don't understand how this autoloading of modules works. I have
compiled my own kernel and perhaps I goofed somewhere, or something
else to tweak, or a problem with newer ipsec?


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] buildtool - ipsec not autoloading modules

[cpu memhd]

Okay... I still think something is wrong. This is what
/etc/init.d/ipsec start is doing:

ipsec_setup: Starting Openswan IPsec 1.0.9...
insmod: not an ELF file
insmod: Could not load the module: Success
ipsec_setup: Using ipsec
ipsec_setup: Using /lib/modules/ipsec.o

_startklips has this line somewhere in the middle:

# load module if possible
if test ! -f $ipsecversion
then
# statically compiled KLIPS not found; try to load the module
insmod ipsec
fi
 ^
 |
  --- errors out here because /lib/modules is not in my path
  and it's trying to load the ipsec executable.
  Should /lib/modules be in the path (presumably the start)?

The following 'if' statement has this:

test -r /lib/modules/ipsec.o && insmod /lib/modules/ipsec.o

And this is where the module loads successfully.

The entire block of statements:

# load module if possible
if test ! -f $ipsecversion
then
# statically compiled KLIPS not found; try to load the module
insmod ipsec
fi

if test ! -f $ipsecversion
then
if test -r $modules # kernel does have modules
then
#   setmodule
#   unset MODPATH MODULECONF# no user overrides!
#   depmod -a >/dev/null 2>&1
#   modprobe -v ipsec
test -r /lib/modules/ipsec.o && insmod /lib/modules/ipsec.o
fi
if test ! -f $ipsecversion
then
echo "kernel appears to lack KLIPS"
exit 1
fi
fi

Observation: why is 'if test ! -f $ipsecversion' tested twice?

Conclusion: I have commented out 'if...insmod ipsec' and ipsec_aes.o is
now loaded/unloaded through prepluto=/postpluto= in ipsec.conf. -cpu

Erich Titl wrote:

> cpu memhd wrote:
>
>> Using buildtool to build openswan for bering-uclibc 2.3 beta (kernel
>> 2.4.29). Copy ipsec.lrp to LEAF box... everything seems normal
except
>> ipsec does not load ipsec_aes.o like it used to before.
>>  
>>
> IIRC this was never loaded by the original (FreeSWan) code. It is
pretty trivial to fix though.
>
>> This becomes more of a problem when I want to:
>>
>> svi ipsec stop (or restart) because it cannot unload ipsec.o without
>> first unloading ipsec_aes.o (which must be loaded manually).
>>
>> I don't understand how this autoloading of modules works. I have
>> compiled my own kernel and perhaps I goofed somewhere, or something
>> else to tweak, or a problem with newer ipsec?
>>  
>>
> No autoloading done here you can look  in /lib/ipsec
>
> # grep insmod *
> _startklips:echo "insmod failed, but found matching
template module $wantgoo."
> _startklips:insmod ipsec
> _startklips:insmod ipsec_aes
> _startklips:test -r /lib/modules/ipsec.o && insmod
/lib/modules/ipsec.o
>
> styx: -root-
> # grep rmmod *
> _realsetup: rmmod ipsec_aes
> _realsetup: rmmod ipsec
>
> cheers
>
> Erich
>
>
>
> ---
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real
users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
>

> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] buildtool - ipsec not autoloading modules

[cpu memhd]

Eric,

It looks like it's trying to load /lib/ipsec/ipsec (the shell script).
Does insmod default to the current directory? Perhaps the ipsec scripts
are being run from within /lib/ipsec.

Everywhere else it loads fine:

foobar# insmod ipsec
Using /lib/modules/ipsec.o

Here are some of the changes I've made:

- added USB keyboard support: input.o/hid.o/keybdev.o

- NTFS, UDF support. All modules. I also splurrged on NCP support

- changed the processor to VIA-C3-2 (not too useful right now, but a
  backport of the PadLock cryptography engine to 2.4.x is around 
  the corner, figured I'd kick the tires around).

- selected "Video mode selection support" in console drivers so I can  

  choose different text modes (vga=x in syslinux.cfg 80x30,  etc...).  


That's about it for the kernel. Maybe a couple of other things.

I also did a lot of package consolidation. Basically, I rollup several
packages in one (where it seems appropriate). Now that I think about, I
never did build etc.lrp using buildtool...still using etc from 2.2.2,
could that be a problem? I will go ahead and test using the official
builds regardless, if this really seems like a problem on my end.
Despite this, everything appears to be working okay. -cpu




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] buildtool - ipsec not autoloading modules

[cpu memhd]

Eric,

Thanks for the help. I followed your instructions in a previous post on
building the minimum packages after a kernel build: modules, initrd,
and root.lrp. ipsec was also built/packaged from the same kernel.

Today I tried beta 2.3:

1. Downloaded linux-2.4.29.upx (renamed to linux), initrd_ide (renamed
to initrd), root, modules; copied to the root of my compact flash drive
C:\.

2. Changed leaf.cfg to reflect above packages + my original etc and
config and no more.

3. Tried to boot but got stuck at:

RAMDISK: Compressed image found at block 0

After giving up on Beta 2.3, I then I copied all minimum packages
(including etc and config) from the 2.2.2 ISO along with kernel. No
changes made. leaf.cfg:

LRP=modules,root,config,etc

Booted up just fine... I then went inside /tmp and created a file
called "mii" (mii.o is in /lib/modules):

foobar# touch mii
foobar# insmod mii

Using mii
insmod: error reading ELF header: Success
insmod: Could not load the module: Success

So this behavior has been there for some time?
-cpu

Eric Spakman wrote:

>Cpu,
>
>>Eric,
>>
>>It looks like it's trying to load /lib/ipsec/ipsec (the shell 
>>script).
>>Does insmod default to the current directory? Perhaps the ipsec 
>>scripts
>>are being run from within /lib/ipsec.
>
>
>No insmod shouldn't default to the current directory, just tested it 
>myself and ipsec is loaded by the ipsec script without problems.
>
>About the 'if test ! -f $ipsecversion' tested multiple times: first 
>it tries just to insmod it (which should work, see above), if that 
>fails it tests if the kernel is modulair and tries to insmod it from 
>within the modules directory and finally if that doesn't work it 
>exits. The test is just to see if ipsec is loaded.
>
>>Everywhere else it loads fine:
>>
>>foobar# insmod ipsec
>>Using /lib/modules/ipsec.o
>>
>>Here are some of the changes I've made:
>>
>>- added USB keyboard support: input.o/hid.o/keybdev.o
>>
>>- NTFS, UDF support. All modules. I also splurrged on NCP support
>>
>>- changed the processor to VIA-C3-2 (not too useful right now, but a
>> backport of the PadLock cryptography engine to 2.4.x is around
>> the corner, figured I'd kick the tires around).
>>
>>- selected "Video mode selection support" in console drivers so I 
>>can
>>
>> choose different text modes (vga=x in syslinux.cfg 80x30,  
>>etc...).
>>
>>
>>That's about it for the kernel. Maybe a couple of other things.
>>
>>I also did a lot of package consolidation. Basically, I rollup 
>>several
>>packages in one (where it seems appropriate). Now that I think 
>>about, I
>>never did build etc.lrp using buildtool...still using etc from 
>>2.2.2,
>>could that be a problem? I will go ahead and test using the official
>>builds regardless, if this really seems like a problem on my end.
>>Despite this, everything appears to be working okay. -cpu
>
>
>Using the 2.2.2 etc file shouldn't be the problem, but merging and 
>changing packages could very well be a problem. The packages are 
>carefully tuned to be correct (f.e. for backup) and contents. 
>Changing that kind of things can easely lead to strange problems, 
>like it appears with ipsec. 
>
>Also changing processor type without recompiling kernel related 
>packages or modules could lead to problems (if not done absolutely 
>right).
>
>You should know exactly what you are doing when changing kernel setup 
>and packages, a lot of things are thightly coupled.
>
>Eric
>
>




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] ipsec - no support for interface aliases

[cpu memhd]

Seems like the ipsec scripts rely heavily on ifconfig but that utility
is not available on bering-uclibc. There are lots of modifications to
make it work with the ip command. I was able to overcome this problem
by replacing this line in _startklips:

eval `ip addr show $phys primary | grep inet | sed -n 1p |

With this:

eval `ip addr show ${phys%%:*} label $phys | grep inet | sed -n 1p |

Before:

Device "eth2:0" does not exist.

After:

inet 192.168.8.10/16 brd 192.168.8.255 scope global secondary eth2:0

If there is no ethx:xxx label, the above modification still works (eg.
ip addr show eth0 label eth0).

Just thought I'd mention this because I think it's important enough to
change. Openswan does support aliased interfaces and it's the only way
to use a secondary ip, that I know of at least.




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 


---
This SF.Net email is sponsored by: New Crystal Reports XI.
Version 11 adds new functionality designed to reduce time involved in
creating, integrating, and deploying reporting solutions. Free runtime info,
new features, or free trial, at: http://www.businessobjects.com/devxi/728

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

re: [leaf-user] Which model to buy?

[cpu memhd]

Hello Jeremy,

I have two CV860As (Neo case). I also was faced with this question, to
buy the Intel NICs or the Realteks. I decided on the Realteks because
a) they are used in slews of embedded systems, like the Snapgears:
(http://www.cyberguard.com/products/firewall/SG_Family/), and b) the
Intels are available few models.

Occasionally we run into packets not making it to certain parts of our
network. But I don't believe at all this is a problem with the nics. It
has to do with a flaky proxyarp/bridged wireless radio configuration
that caused problems even before I stuck the CV860s in. Though, overall
we have fewer problems now.

Anyhow, my overall experiences have been very positive. The CV860As
boot up quickly and don't lockup in any strange ways. If you plan to
use squid I'd opt for 512MB RAM since it's pretty cheap from Lex. Also,
you may want to flash your CV860A with the non-pxe boot rom to avoid a
significant bootup delay. Unfortunately you can't disable pxe in the
bios, it's either burned-in, or not.

I'd consider going with a CV863A. It's not much more and it has four
nics and two PCMCIA slots. But it doesn't have a PS2 port so you will
have to go with a USB keyboard or use a serial console. To use a USB
keyboard you will have rebuild the kernel because leaf/bering does not
support USB input devices.

Currently I am testing a CV863A. My biggest complaint is the video card
uses at least 16MB system RAM, whereas the CV860A can use only 2MB. I
have the PCMCIA services working (though I haven't tested anything
other than listening for beeps and auto-loading of drivers).

If you don't need a very fast system (and who does, for most fw/routing
needs) consider the soekris boards: http://www.soekris.com/bundles.htm.
Others can tell you about these. I will eventually get my hands on one.
The price is good too. -cpu




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

re: [leaf-user] Bering-uClibc, are Julian Anastasov's routing patches applied?

[cpu memhd]

It's does not look like they're applied:
http://cvs.sourceforge.net/viewcvs.py/leaf/src/bering-uclibc/apps/linux/patches/

How about getting started with buildtool so you can incorporate those
patches into your own kernel?

http://leaf.sourceforge.net/doc/guide/buc-buildtool.html




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 


---
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering-uClibc, are Julian Anastasov's routing patches applied?

[cpu memhd]

Hello James,

- buildtool is linux only, if you don't know linux well, this is a good
reason to learn it.

- I'm using suse 9 running under VMWare Workstation 4.5 under XPee
(started with mandrake 9, but ran into problems):
http://www.vmware.com/

- Installing suse 9 is much too easy. Though I don't remember what
options I picked to install the gcc dev environment, but that was also
easy. Satisfying Perl's Config::General dependencies, if I remember
correctly, required me to install several packages on the fly: eg.

where can perl find someneattool []?

[CTRL+C], search 'someneattool' in YAST, find the package, install it,
then run perl -MCPAN -e 'install Config::General' over again, then
magically:

where can perl find someneattool [/usr/sbin/someneattool]? [enter]

- Keeping your existing configuration will probably not be trivial, at
least the first time. One approach is to copy your configuration files
to the staging directory before using buildpacket.pl. This is the
easiest most consistent way that I know of. Changing the base config
files at the source directories can be tricky with some packages, such
as openswan.

- The only kernel patch that I have applied is the Via PadLock patch.
http://www.logix.cz/michal/devel/padlock/

After running ./buildtool.pl source kernel I then ran (in
source/linux):
patch -p0 < crypto-dev-padlock-2.4.30.diff

And then ./buildtool.pl build kernel

It worked without problems, although the hardware AES encryption isn't
that much faster. I suspect the limiting factor is openswan. -cpu




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 


---
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering-uClibc, are Julian Anastasov's routing patches applied?

[cpu memhd]

To be more specific, I am using suse 9 enterprise which uses a 2.6
kernel. It looks like suse 9.1 would be closer to enterprise 9.0.



Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html



---
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?

[cpu memhd]

Hello,

The documentation for freeswan/*swan (any that you may find on the net)
leaves much to be desired. And that is putting it mildly according to
some. There is lots of information, but typically hard follow.

One problem that I have is not being able to understand how it
routes/desides to route traffic. I actually gave up learning this part
with out first trying. Instead, I setup GRE tunnels and use kernel
routing and now zebra/ospfd for load balancing and failover. So far
this is working super. But I am still testing.

Anyway, try here:
http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/index.html

Looks the same but more organized:
http://www.linuxsecurity.com/resource_files/cryptography/FreeSWAN-HOWTO/HowTo.html

The man pages:
http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/manpage.d/

Download and untar openswan-1.0.9.tar.gz and read the READMES and
CHANGES docs. I find them useful:
http://cvs.sourceforge.net/viewcvs.py/leaf/src/bering-uclibc/apps/openswan/

More links:
http://www.av8n.com/vpn/ipsec+routing.htm

My two biggest hurdles were: a) learning through trial and error
instead of instructions, b) figuring out how to manage multiple *swan
installations (sooner or later you will have to start scripting).

Now, since we're on the subject, does any one know the specs for using
the ipsec_null.o module? Despite hours of searching, I still can't
figure this out.





__ 
Yahoo! Mail Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone. 
http://mobile.yahoo.com/learn/mail 


---
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Trouble setting up IPSEC VPN tunnels

[cpu memhd]

> I'm having trouble deciding what to put in "/etc/ipsec.conf", found
on

Really?? you don't say... :)

Try looking at it this way:

  |- 172.16.0.100 (your PC)
  |
  |- 172.16.0.110 (your roomate's PC)
  |
  |
 172.16.0.1   (eth1, your leaf router's private ip, gateway
  |of above clients)
  10.0.0.10   (eth0, pretend this is a public ip)
  |
  10.0.0.1(your router's gateway to the internet/isp router)
  |
  |
(poof, cloud)
  |
  |
 10.12.12.1   (your friend's internet gateway)
  |
 10.12.12.10  (eth0, public side of your friends leaf router)
  |
 192.168.0.1  (eth1, your friend's leaf router, private ip)
  |
  |
  |- 192.168.0.200 (his PC)
  |
  |- 192.168.0.220 (his roomate's PC)

> The "next hop" for each side of either setup in the first 2 examples
> is the outside interface of the other LEAF router. This is the same 
> value as "left", so the choice is whether to put the same value in 
> both or just don't define "nexthop".

I'm not sure if I understand this part. Are you saying left nexthop is
the same as right, and rightnexthop is the same as left? If this is the
case, that's not correct. Left is 10.0.0.10 and leftnexthop is
10.0.0.1; right is 10.12.12.10 and rightnexthop is 10.12.12.1.

For your rf_bridge connection, you can specifiy %direct for both
nexthops. Or, if I'm not mistaken, I believe it will default to %direct
if nexthop is unspecified. As for the dsl_link connection, this looks
the same as your RF bridge setup. So %direct should do it. isp_link
looks fine the way it is.

> I don't understand why the IPSEC configuration needs a "next hop"
> anyway. Aren't the routers smart enought to forward the packets given
> the external IP address of the other IPSEC/LEAF router?

It's a kludge, read this:

http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/quickstart.html

"Due to an unfortunate interaction between FreeS/WAN and the kernel
routing code, you must specify leftnexthop (the router which left sends
packets to in order to get them delivered to right) and rightnexthop
(vice versa).

The *nexthop parameters will be eliminated in a future release, but
perhaps not soon. We know they should go, but getting them out is not a
simple problem. For now, live with them."

More info from
http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/quickstart.html:

<< Using slightly different descriptions

Provided both machines do IPsec over the interface that is their
default route to the Internet (a common case, but by no means the only
one) you can simplify the description somewhat.

When using left=%defaultroute, you do not need to specify leftnexthop.
left does not need to know rightnexthop either, so on left the
connection description can be:

conn sample
# left security gateway (public-network address)
left=%defaultroute
 # subnet behind left (omit if there is no subnet)
leftsubnet=172.16.0.0/24
# right s.g., subnet behind it
right=10.12.12.1
rightsubnet=192.168.0.0/24
auto=start

On right it is:

conn sample
# left security gateway (public-network address)
left=10.0.0.1
# subnet behind left (omit if there is no subnet)
leftsubnet=172.16.0.0/24
# right s.g., subnet behind it
right=%defaultroute
rightsubnet=192.168.0.0/24
auto=start >>

http://www2.frell.ambush.de/archives/freeswan-design/1334.html:

> On Sun, 30 Dec 2001, Jean-Michel POURE wrote:
> > This does not work for me. I have to set-up leftnexthop and
righnexthop... Is
> > this a bug?
>
> Not exactly. It is a documented property of our current software
that,
> except for a few unusually favorable cases, (left/right)nexthop must
be
> supplied (perhaps with the help of %defaultroute) and must be
correct.
> They are *not* optional. There is a reason why our documentation
tells
> you to fill them in.
>
> Mind you, it is a serious blemish that they are necessary. We intend
to
> eliminate the requirement for them eventually. Unfortunately, this is
not
> easy to do, in the general case, and so it will not happen quickly.
>
> Henry Spencer
> henry_at_spsystems.net 


I find that I generally don't have to specifiy the rightnexthop. -cpu





Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html



---
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-pro

[leaf-user] snort won't listen on multiple interfaces

[cpu memhd]

Does snort/uclibc-bering not support multiple interfaces? It seems that
it will only listen on a single interface per instance. I have modified
the init script arguments to look like this:

before: 
"-m 027 -D -c /etc/snort/snort.conf -l /var/log/snort -d -i $INTERFACE"
after:
"-m 027 -D -c /etc/snort/snort.conf -l /var/log/snort -d"

My understanding is that this should support the "var HOME_NET any" /
"var EXTERNAL_NET any" options. Even with these settings, it defaults
to eth0.



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] snort won't listen on multiple interfaces

[cpu memhd]

Eric, I did read that FAQ but I also read that latest versions of
libpcap should have that patch. Nevertheless, I'll look more into it
some more. Thanks. -cpu



__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/


---
SF.Net email is sponsored by: GoToMeeting - the easiest way to collaborate
online with coworkers and clients while avoiding the high cost of travel and
communications. There is no equipment to buy and you can meet as often as
you want. Try it free.http://ads.osdn.com/?ad_id=7402&alloc_id=16135&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] please add VIA padlock support to bering kernel

[cpu memhd]

Hello,

What are you using padlock with, ipsec, openssl?

Padlock didn't speed up AES encryption as much as I expected. At least,
that was my initial observation with openswan.

Sadly to say, I lost (overwrote) my benchmarks so I can't say exactly
what the difference was. I will post my results when I test again. I
believe it was:

AES: 34.5 Mbps (software)
Padlock AES: 39.5 Mbps (hardware)
Blowfish: 38 Mbps (software)

My understanding is that my cpu (1GHz Nehemiah) should easily do more
than this even without padlock. So the slowdown is with openswan
perhaps?

Have you considered using buildtool to apply the patch and build your
kernel?
http://leaf.sourceforge.net/doc/guide/buc-buildtool.html
-cpu





__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/


---
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] lets talk about something--anything!

[cpu memhd]

Only 64 messages this month. Are less and less people using leaf, what
is going on with everyone? I have been slowley rolling out leaf boxes
to about 16 locations. I couldn't have asked for a better
firewall/router. I'd like to very much thank the leaf developers for
their continued efforts. -cpu




 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] lets talk about something--anything!

[cpu memhd]

Hello James! If software is like fine art then nothing is finished
(perfected), only abandoned. There is always something to improve. But
in lots of ways, leaf does appear to be complete. The only thing
lacking perhaps, is better usability, not features. It seems that
upgrading a leaf box can be quite a challenge for many. Though I must
say, it is not a big deal for me, due the extensive changes I've made
(read, bastardization :).

Anyhow, I feel that lrcfg is in need of a major overhaul. I’m sure many
will disagree, but, you can’t start/stop services from within lrcfg.
And it would be nice to be able to save a package while in a package
menu (incidentally, I added this capability :). Another problem with
lrcfg is that once you have more than 20 config options they scroll off
the screen.

Btw, you had mentioned something a while back about a high-level tool
that could setup/configure a leaf box from A-to-Z. I was working on
wizard-like setup tool that could run off a bootable CD, but ultimately
decided it probably wasn’t what people wanted. I base this theory on
the fact that few people request this sort of thing and the fact that
Lince never really took off, what do you think? –cpu

James Neave wrote:

>Maybe it's been perfected? ^^
>
>Jim.
>


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] lets talk about something--anything!

[cpu memhd]

Hello Cirian, which lex system do you have? Sorry it didn’t work out. I
must admit, getting leaf to boot of an ide device was a pain for me.
Honestly, it took several days, lots of hours. Of course, once you
figure it out, it is much too easy. -cpu

ciprian niculescu wrote:

> i coulndt get it to work, the only answer that i got was to RTFM, i
did i reask still nothing, so ill put debian :P but leaf sounded nice
>
> c
>
> P.S. with this small amount of mails i forgot to unsubscribe :)



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] lets talk about something--anything!

[cpu memhd]

I don't know how frequently LARTC is updated, but it looks like a work
in progress. Not to say it's bad, it is very good, just sometimes
incomplete. I briefly looked into multicast routing to setup broadcast
gre tunnels but quickly realized I was about to swim with sharks
(recompile kernel or somewhere in that realm, etc). Not that I'd have a
problem with that, but I've made enough changes to my leaf kernel
already. I still drool over the La Brea tarpit netfilter patch, but I
have to hold back. Eventually I will get that going, along with a nosey
shorewall.log-snopping awk daemon that will do wonderful things to
those who even dare look at my router :)

Anyway, technically it's quite possible to create a leaf upgrade tool,
but practically speaking, I also think it's impossible. It would be too
time consuming. Beta testing could go on forever. At the very least,
something to replace the config files and a few other key
considerations might be reasonable. Leaf is pretty much like the full
distros where everything is afforded to you. This is why I decided to
use it. Astaro, Mandrake MNF, Smoothwall et al are simply "what me the
vendor thinks a firewall should be...and here is the config tool, take
it or leave it". In order to upgrade a system, boundaries must be in
place. But there are no boundaries here to begin with.

Regardless, I'd say that at the very, very least... a CF/HDD image
would make things a lot easier for a lot of people. -cpu

James Neave wrote:

>Hi,
>
>As a software developer, I know all about "finishing" software. :)
>
>I remember that. That stemmed from being stuck in a windows only
>environment and the thought of upgrading our Bering (1.0 I believe,
>maybe 1.1) router to include latest kernel and security related
patches
>gives me the screaming heebee jeebees.
>
>We're running in not broken, so don't even think about touching it
mode.
>
>I guess it's probably not possible, but I was pondering at that time
on
>a way to automagically create the latest packages with old
configuration
>intact. Which you can't.
>
>Technically I'm still (STILL!) working on multi house wireless
networks
>with multiple shared internet connections. Although we very rarely get
>any time to work on it anymore, as soon as the kitchen is refurbished
we
>have sworn to work on it every Wednesday evening. 8D
>
>Another feature we're looking at adding is multicast routing across
VPN
>tunnels. This will allow mDNS and other zero conf stuff to work across
>our big net and switch on iTunes sharing between our subnets. I think.
>:S
>That all seems still very bleeding edge in Linux. Is there an
>mrouted.lrp about?
>
>We've managed to finally connect two houses, get ADSL working in linux
>(we cheated and bought Ethernet ADSL modems, no firewall, no NAT, just
>single IP DHCP) as well as 802.11b (cheated again, used an AP as a
>wireless Ethernet bridge)
>
>It's all over one ADSL line though. LARTC says how we set the rest up
>although everything kinda points to none of this working very well
with
>such a low number of users (route caching :( ). Plus we have to patch
>and recompile the kernel to get failover working for if a connection
>goes down >@
>
>Erik Spakman offered to do the compiling for us though, which I will
>take him up on, one day... when I'm old and grey at this rate. :P
>
>Regards,
>
>Jim.
>


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] lets talk about something--anything!

[cpu memhd]

Hello Eric,

I know these packages exist and it is easy to setup. But there are
still too many steps envolved for the average n00b. Consider for a
moment, a prospective user: one must first decide which packages to
use:

dropbear/openssh? ipsec/openvpn? dhcpcd/dnsmasq?
shorwall.lrp/iptables.lrp (confusing for those who don't [yet] know
shorewall is a highlevel frontend to iptablets)

Once this is determined, one has to shuffle disks and type all those
"strange/foreign" unix commands (4.3. Create a bootable HD). Run
syslinux, copy/modify syslinux.cfg and leaf.cfg. One simple typo and
the system won't boot. Where to seek help; the leaf mailing list? I
doubt it. This is too intimidating already.

Anyhow, I guess what I'm really suggesting is to have a standard
(8-12MB?) CF/HD image with the package-equivalent of say a snapgear or
m0n0wall. Enough to boot a feature rich leaf distro. -cpu


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] lets talk about something--anything!

[cpu memhd]

Luis, I know I didn't mention it, but I'm referring to linux n00bs
actually. There are plenty of knowlegdable windows and old school dos
users who could easily get around a leaf box if they had the patients
to set one up. I spent two days trying to get my leaf box to boot. The
problem? CR+LFs in leaf.cfg. Not that I didn't know unix used LFs, I
simply assumed that because syslinux.cfg didn't mind a CR+LF, why
should leaf.cfg? -cpu

Luis.F.Correia wrote:

>Hi!
>
>-Original Message-
>
>>From: cpu memhd [mailto:[EMAIL PROTECTED] 
>>Sent: quarta-feira, 29 de Junho de 2005 5:26
>>To: leaf-user@lists.sourceforge.net
>>Subject: Re: [leaf-user] lets talk about something--anything!
>
>
>>Hello Eric,
>>
>>I know these packages exist and it is easy to setup. But there are
still
>
>too many steps envolved for the average >n00b. Consider for a moment,
a
>prospective user: one must first decide which packages to
>
>>use:
>>
>>dropbear/openssh? ipsec/openvpn? dhcpcd/dnsmasq?
shorwall.lrp/iptables.lrp
>
>(confusing for those who don't [yet]
>
>>know shorewall is a highlevel frontend to iptablets)
>
>
>I consider LEAF a professional grade router/firewall solution, not for
the
>average Joe User.
>If all this is scary, use an hardware router, disable all logging on
it (to
>avoid crashes) and you will be mostly fine. I have been looking at
some of
>them lately and the quality of those products has improved a lot!
>
>>Once this is determined, one has to shuffle disks and type all those
>
>"strange/foreign" unix commands (4.3. Create >a bootable HD). Run
syslinux,
>copy/modify syslinux.cfg and leaf.cfg. One simple typo and the system
won't
>boot.
>
>>Where to seek help; the leaf mailing list? I doubt it. This is too
>
>intimidating already.
>
>This mailing list is not intimidating, judging from the amount of docs
we
>have, we should expect that people would read them. Sometimes not even
>README is read...
>
>>Anyhow, I guess what I'm really suggesting is to have a standard
>>(8-12MB?) CF/HD image with the package-equivalent of say a snapgear
or
>
>m0n0wall. Enough to boot a feature rich
>
>>leaf distro. -cpu
>
>
>Not practical to do.
>Even if you have a CF/HD image, most users will not be able to do
anything
>with it. Their problem is with Linux in general, not LEAF in
particular.
>I remember back in the LRP days, the complains we had about the
>'idiot-images', they never seem to manage to make the users happy...
>
>The only thing I could possibly agree with you is the documentation,
it is
>way too technical for most users BUT, the answers are all there.
>
>Again, if this does seem way too complex, buy an hardware router.
>
>Luis Correia   
>Bering uClibc Team Member
>
>PGP Fingerprint: BC44 D7DA 5A17 F92A CA21 9ABE DFF0 3540 2322 21F6 
>Key Server: http://pgp.mit.edu
>




 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] lets talk about something--anything!

[cpu memhd]

Eric, I understand, but a small installation script could solve these
problems. -cpu

Eric Spakman wrote:

>
>It would be nice if that was possible, but unfortuanatly like Luis
told, it's not that easy. For example, we don't know which device is
the bootdevice, hda1, hdb1, something else? In my case it's hdc1. So
editing leaf.cfg and syslinux.cfg is still needed.
>An other problem is how to put the image on the CF, with 'dd'? That's
really a strange UNIX command.
>I'm also not sure if the size of the image must be the same as the CF
size.
>
>Eric
>


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] lets talk about something--anything!

[cpu memhd]

Charles,

I use the svi command all the time. I added kernel support for the vga=
option a long time ago, w00t! My console is set at 30 lines. Though I
use putty mostly.

Regarding the scroll back function, do you know how to increase the
buffer size?

I should mention, I really don't use lrcfg for anything other than my
own custom packages. About 97% of my config files are extracted on the
fly with a utility I wrote in awk. My entire shorewall config is in one
file, as well as a good percentage of my etc config files. Hell, even
my shorewall actions are created on the fly depending on whether or not
they're specified in rules. 

Anyway, my original lrcfg backup modification was a bit simplistic,
plus it made some false assumptions... and it used an external
script... and you couldn't backup etc.lrp. I just redid it. Use at your
own risk, I'm still testing.

Usage: type the letter "b" from within a package config menu, or
Network or System config.

Limitations: writes to temp; writes are confirmed; only does Full
backups.

You can paste this right after the "case $OPT in" line in
/usr/sbin/lrcfg.conf:

b|B )
pkgconf=$3
if [ "$pkgconf" = '$LRPKG/etc.net.conf' ] || \
   [ "$pkgconf" = '$LRPKG/etc.sys.conf' ]; then
   pkgconf=etc.conf
elif [ `dirname $pkgconf` = '$LRPKG' ]; then
   echo "Not a package."
   sleep 1
   continue
fi

pkgmnt=$LRPKG/mnt
pkgname=${pkgconf#$LRPKG/}
pkgname=${pkgname%.conf}

_null="/dev/null 2>&1"

if mount.back $pkgname $pkgmnt > $_null ; then
   lrcfg.back.script $pkgname ON ON Full
   umount $pkgmnt > $_null
else
   echo "Could not mount backup device."
   sleep 2
fi
;;

Charles Steinkuehler wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Eric Spakman wrote:
>
> | Hello cpu,
> |
> |>Anyhow, I feel that lrcfg is in need of a major overhaul. I?m sure
many
> |>will disagree, but, you can?t start/stop services from within
lrcfg.
> |
> | That would be a nice addition.
>
> There's the command-line "svi", but you can't call this while inside
lrcfg.
>
> |>And it would be nice to be able to save a package while in a
package
> |>menu (incidentally, I added this capability :).
> |
> | Why not share your work with the community ;-)
>
> This does sound handy.
>
> |>Another problem with
> |>lrcfg is that once you have more than 20 config options they scroll
off
> |>the screen.
> |>
> | True, that's becoming an issue with the shorwall package. Someone
having a
> solution for it?
>
> I use ssh, and just drag the window to a larger size.  :-)
>
> If you're stuck at the (real) console screen,  still
works.
>
> Also, you can always pass vga= to the kernel (assuming this
> functionality has been left in the Bering kernels) to get more
characters on
> the screen.  There's probably a way to do this at runtime as well,
but it's
> been so long since I messed with an actual console (most of my
systems are
> now "headless" with serial terminal consoles & BIOS redirection) I
don't
> remember how...
>
> - --
> Charles Steinkuehler
> [EMAIL PROTECTED]
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.0 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFCyvU/LywbqEHdNFwRAtW1AKC8AS5FxLyqdg6lwlDzHW2yc9egfQCgi4tz
> RONLcDCQaP1irrbCdAIWeH0=
> =4n3W
> -END PGP SIGNATURE-
>
>
> ---
> SF.Net email is sponsored by: Discover Easy Linux Migration
Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>

> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
>
>






Sell on Yahoo! Auctions – no fees. Bid on great items.  
http://auctions.yahoo.com/


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] lets talk about something--anything!

[cpu memhd]

>_null="/dev/null 2>&1"
>
>if mount.back $pkgname $pkgmnt > $_null ; then
>   lrcfg.back.script $pkgname ON ON Full
>   umount $pkgmnt > $_null
>else
>   echo "Could not mount backup device."
>   sleep 2
>fi

aslkhfalkjd
234lkj234j
l;j2h345783y2407uh5

You know, I realized you can't put redirection in a variable this way a
long time ago, don't know where my head was. Might there be some other
way to do this?

Here's how this part of the script should have been (now more ugly):

First, delete this stupid thing: _null="/dev/null 2>&1"
then

if mount.back $pkgname $pkgmnt > /dev/null 2>&1 ; then
   lrcfg.back.script $pkgname ON ON Full
   umount $pkgmnt > /dev/null 2>&1
else
   echo "Could not mount backup device."
   sleep 2
fi

:)

cpu memhd wrote:

>Charles,
>
>I use the svi command all the time. I added kernel support for the
vga=
>option a long time ago, w00t! My console is set at 30 lines. Though I
>use putty mostly.
>
>Regarding the scroll back function, do you know how to increase the
>buffer size?
>
>I should mention, I really don't use lrcfg for anything other than my
>own custom packages. About 97% of my config files are extracted on the
>fly with a utility I wrote in awk. My entire shorewall config is in
one
>file, as well as a good percentage of my etc config files. Hell, even
>my shorewall actions are created on the fly depending on whether or
not
>they're specified in rules. 
>
>Anyway, my original lrcfg backup modification was a bit simplistic,
>plus it made some false assumptions... and it used an external
>script... and you couldn't backup etc.lrp. I just redid it. Use at
your
>own risk, I'm still testing.
>
>Usage: type the letter "b" from within a package config menu, or
>Network or System config.
>
>Limitations: writes to temp; writes are confirmed; only does Full
>backups.
>
>You can paste this right after the "case $OPT in" line in
>/usr/sbin/lrcfg.conf:
>
>b|B )
>pkgconf=$3
>if [ "$pkgconf" = '$LRPKG/etc.net.conf' ] || \
>   [ "$pkgconf" = '$LRPKG/etc.sys.conf' ]; then
>   pkgconf=etc.conf
>elif [ `dirname $pkgconf` = '$LRPKG' ]; then
>   echo "Not a package."
>   sleep 1
>   continue
>fi
>
>pkgmnt=$LRPKG/mnt
>pkgname=${pkgconf#$LRPKG/}
>pkgname=${pkgname%.conf}
>
>_null="/dev/null 2>&1"
>
>if mount.back $pkgname $pkgmnt > $_null ; then
>   lrcfg.back.script $pkgname ON ON Full
>   umount $pkgmnt > $_null
>else
>   echo "Could not mount backup device."
>   sleep 2
>fi
>;;
>
>Charles Steinkuehler wrote:
>
>>-BEGIN PGP SIGNED MESSAGE-
>>Hash: SHA1
>>
>>Eric Spakman wrote:
>>
>>| Hello cpu,
>>|
>>|>Anyhow, I feel that lrcfg is in need of a major overhaul. I?m sure
>
>many
>
>>|>will disagree, but, you can?t start/stop services from within
>
>lrcfg.
>
>>|
>>| That would be a nice addition.
>>
>>There's the command-line "svi", but you can't call this while inside
>
>lrcfg.
>
>>|>And it would be nice to be able to save a package while in a
>
>package
>
>>|>menu (incidentally, I added this capability :).
>>|
>>| Why not share your work with the community ;-)
>>
>>This does sound handy.
>>
>>|>Another problem with
>>|>lrcfg is that once you have more than 20 config options they scroll
>
>off
>
>>|>the screen.
>>|>
>>| True, that's becoming an issue with the shorwall package. Someone
>
>having a
>
>>solution for it?
>>
>>I use ssh, and just drag the window to a larger size.  :-)
>>
>>If you're stuck at the (real) console screen,  still
>
>works.
>
>>Also, you can always pass vga= to the kernel (assuming this
>>functionality has been left in the Bering kernels) to get more
>
>characters on
>
>>the screen.  There's probably a way to do this at runtime as well

Re: [leaf-user] CF Card Issues

[cpu memhd]

Auto, LBA, or CHS?

Consider this:

- Your controller is setup for Auto

- Your CF is detected as LBA
(even though it's <= 512MB, all CFs are supposed to support LBA, my
understanding)

- Next day, your BIOS is having a bad-hair-day, CF is now detected as
CHS
(but you don't notice the boot message! - this can be due to BIOS or CF
bugs... cabling, etc.)

- You begin to experience problems with corruption,
strangeness/weirdness

Could this be the problem? The question is, will the CF boot with the
wrong HD parameters, I believe the answer to this is, yes, in some
cases.

I have a few Lex CV860s. They detect my Sandisk industrial's as LBA.
But my newer CV863A detect them as CHS. I hard set <= 512MB CFs to CHS.
Never a problem.





__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF.Net email is Sponsored by the Better Software Conference & EXPO September
19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] CF Card Issues

[cpu memhd]

I boot from the CF on the IDE controller. Haven't tried booting from
USB except into DOS, which works fine on the CV863A, but I believe I
had problems on the CV860A. Nonetheless, if you setup your CF as an HD
(connected to the CF connector on the motherboard, or IDE/CF
converter), it should work fine. For non-CF booting, USB also works,
but it's a matter of loading the correct modules and a few other
things. I don't remember how I did this honestly. Can someone else help?

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Back up script suggestion

[cpu memhd]

ddparker wrote:

> NEVER BACKUP PACKAGES WITH DESTINATION DEVICE (hda1) MOUNTED!
> This will corrupt the CF disk.

Yikes. I had a problem with corruption only once, using DriveImage
under DOS. For several months, while testing Leaf, my CF would be
mounted 80% of the time. I've never experienced any corruption, knock
on wood. I beat the heck out of my CF, honestly. What brand are you
using? I use Sandisk Industrial. -cpu





Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 


---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Back up script suggestion

[cpu memhd]

Erich Titl wrote:

>>
>>  NEVER BACKUP PACKAGES WITH DESTINATION DEVICE (hda1) MOUNTED! 
This
>> will corrupt the CF disk.
>
>
> It is not really _that_ bad. The only package which is attempted is
root.lrp 
> and, of course, a backup of all packages (which includes root). Then
it is not 
> only hda1 which causes trouble, anything mounted _and_ not in 
> var/lib/lrpkg/root.exclude.list may corrupt your CF.
>

Oh I see what the problem is. This reminds of the time when I could
never backup root.lrp because I had a 2GB windows share mounted that
was used for my squid cache. Doh! root.exclude.list is so important
that I wrote several script functions to deal with this (potential)
problem. One fuction deals with creating directories and then excluding
them from backup, the other handles symbolic links ( mkdir_exclude() &&
ln_exclude() ). None of my mount points or symbolic links are ever
backed up. -cpu


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ipsec/openswan 2.4.2

[cpu memhd]

Hello Arne,

I don't understand openswan 2.x. It doesn't have SHA2 (which I use).
Can't
modularize ciphers; no blowfish (missing usual ALGs). I tried using
cryptoapi's sha512 but that didn't work. I tried searching the openswan
mailing list, found a couple of similar concerns, but no answers.
Perhaps
I'm asking some dumb questions? I've downgraded to 1.0.9 on kernel
2.4.32.
Effectively, a 2.4 ucBering hybrid.

Here are the offending config lines:

2.4.32:

CONFIG_KLIPS=m
#
# IPsec options (Openswan)
#
CONFIG_KLIPS_IPIP=y
CONFIG_KLIPS_AH=y
CONFIG_KLIPS_ESP=y
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y
CONFIG_KLIPS_ALG=y
# CONFIG_KLIPS_IPCOMP is not set
CONFIG_KLIPS_DEBUG=y
CONFIG_IPSEC_NAT_TRAVERSAL=y

2.4.31 (the more familiar):

CONFIG_IPSEC=m
#
# IPSec options (FreeS/WAN)
#
CONFIG_IPSEC_IPIP=y
CONFIG_IPSEC_AH=y
CONFIG_IPSEC_AUTH_HMAC_MD5=y
CONFIG_IPSEC_AUTH_HMAC_SHA1=y
CONFIG_IPSEC_ESP=y
CONFIG_IPSEC_ENC_3DES=y
CONFIG_IPSEC_ALG=y
CONFIG_IPSEC_ALG_MD5=m
CONFIG_IPSEC_ALG_SHA1=m
CONFIG_IPSEC_ALG_SHA2=m  <-- look sha2
CONFIG_IPSEC_ALG_3DES=m
CONFIG_IPSEC_ALG_AES=m
CONFIG_IPSEC_ALG_BLOWFISH=m  <-- and all
CONFIG_IPSEC_ALG_TWOFISH=m   <-- these
CONFIG_IPSEC_ALG_SERPENT=m   <-- other
CONFIG_IPSEC_ALG_CAST=m  <-- ciphers
CONFIG_IPSEC_ALG_NULL=m
# CONFIG_IPSEC_ALG_CRYPTOAPI is not set
# CONFIG_IPSEC_ALG_1DES is not set
CONFIG_IPSEC_IPCOMP=y
CONFIG_IPSEC_DEBUG=y
CONFIG_IPSEC_NAT_TRAVERSAL=y


Any thoughts on getting strongswan to work with ucBering?

Arne Bernin wrote:
> Hi all,
> 
> i just finished packaging openswan 2.4.2 for bering-uclibc and did
some 
> initial testing, i am just wondering if someone else is using 
> openswan/ipsec and is willing to test it, too.
> 
> --arne
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] shorewall "Connection Tracking Match: Not available"

[cpu memhd]

With iptables 1.3.4, shorewall (2.4.7) reports connection tracking is
not 
available.

I checked /usr/share/shorewall/firewall and found this line:

qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT

   && CONNTRACK_MATCH=Yes

Under 1.3.4 the above iptables command returns 127; 1.3.1 returns 0.
-cpu

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] openssh - buildtool can't compile unless...

[cpu memhd]

...you get rid of this line in buildtool.mk:

--without-opensc

This appears to be an old problem not related to ucbering. I did not
save 
my log messages so I can't report the errors, unfortunately.
-cpu

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] mawk - depends on bison

[cpu memhd]

Using buildtool, mawk won't compile unless bison is installed. Under most 
circumstances, shouldn’t buildtool handle dependencies?

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ipsec and multiple IP problem

[cpu memhd]

Hello,

In addition to specifying a label I couldn't get openswan to work with 
secondary IPs unless I changed this line in _startklips:

eval `ip addr show $phys primary | grep inet | sed -n 1p |

to:

eval `ip addr show ${phys%%:*} label $phys | grep inet | sed -n 1p

-cpu

Charles Steinkuehler wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Sandro Doro wrote:
>> Hi,
>>
>>   I am testing Bering 2.3.1 with a multiple IP interface as:
>>
>> # ip addr show eth0
>> 5: eth0:  mtu 1500 qdisc pfifo_fast
qlen 
>> 1000
>> link/ether fe:fd:58:24:f8:e6 brd ff:ff:ff:ff:ff:ff
>> inet 82.46.148.130/24 brd 82.46.148.255 scope global eth0
>> inet 82.46.148.128/24 scope global secondary eth0 
>> inet6 fe80::fcfd:58ff:fe24:f8e6/64 scope link
>>
>> Using the included ipsec.lrp (v.1.0.9) I setup VPN with: 
>>
>># /etc/ipsec.conf
>>[...]
>>interfaces="ipsec0=eth0 ipsec1=eth0:0"
>>[...]
>>
>> After "/etc/init.d/ipsec restart" the following messages is printed:
>>
>>   Device "eth0:0" does not exist.
>>   ipsec_setup: unable to determine address of `eth0:0'
>>
>> This messages is printed also if I change the ip address with the
>> following command:
>>
>>   ip addr add 82.46.148.128/24 dev eth0 label eth0:0
>>
>> I have read in
>>
>>   http://www.freeswan.ca/docs/HA/HA_VPNS_With_FreeSWAN.html
>>
>> that this interface specification is correct. This is possible
>> only in v2 release (Bering v2.4) ?
>>
>> Thank you for any suggestions.
> 
> I haven't tried this with FreeS/WAN, but I suspect your problem is you
> don't have an eth0:0.
> 
> You *DO* have a secondary IP address on your external interface, but it
> has no "name" (linux hasn't required the eth: syntax since at
> least 2.2).
> 
> Try removing the secondary IP, re-adding it with an appropriate label
> then starting freeswan:
> 
> ip addr del 82.46.148.128/24 dev eth0
> ip addr add 82.46.148.128/24 label eth0:0 dev eth0
> svi ipsec start
> 
> ...if that works, you'll need to change how you're adding the IP alias
> in your startup scripts.
> 
> - --
> Charles Steinkuehler
> [EMAIL PROTECTED]
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.0 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFD7LMYLywbqEHdNFwRAugOAJ9ySUIKShtjxak6/YBdOhXEvwNIMwCeLvg3
> rd55FxcC8wzl6N+/BWa4368=
> =3irC
> -END PGP SIGNATURE-
> 
> 
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 
> 
> 
> 
> 
> 
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Tarpit/tiergrube patch for IPtables?

[cpu memhd]

Hello Jim,

I doubt this will be added. You can get the patch from here:

http://ftp.die.net/pub/linux-kernel-tarpit/

What I did to get this working (actually, compiled--haven't really
tested)...

Step 1:

Download linux-2.4.18-tarpit.patch to ./source/linux/.

Step 2:

Edit ./source/linux/buildtool.cfg and add this to the end:


 Server = cvs-sourceforge
 envname = TARPIT_PATCH
 directory = linux
 revision = HEAD


# note, I'm quite sure 'Server = cvs-sourceforge' is wrong, what is the
# correct thing to put there, anyone?

Step 3:

Edit the make file ./source/linux/buildtool.mk, add this (before cp 
$(LINUX_CONFIG) linux/.config):

cat $(TARPIT_PATCH) | patch -d linux -p1

Step 4:

./buildtool.pl srcclean linux
./buildtool.pl source linux

Step 5:

Yikes! I forgot what to do at this point... I believe 'make menuconfig' to

enable TARPIT, or run:

./buildtool.pl build kernel

...then wait until the build pauses, then type:

m [enter]

You can check the status of the build by typing (on another session):

tail log/buildtool until you see something like:
CONFIG_IP_NF_TARGET_TARPIT=m ?

To the expirienced linux hackers: you are probably laughing at me right 
now. I'm still learning, sorry.

-cpu


Jim Ford wrote:
> I see here:
> http://www.securityfocus.com/infocus/1723
> that there is a patch to IPtables, to add an option to tarpit a port
scanner. Are there any plans to add this option to the Bering uClibc? It's
been a while since I've built a kernel, but I guess if I did the homework
I could do it with uLibc (IIRC there's a doc somewhere). What do others
think?
> 
> Jim Ford
> 
> (Have a good holiday, to all!)
> 
> 
> 
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 
> 
> 
> 
> 
> 
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] openssh - buildtool can't compile unless...

[cpu memhd]

Hello Eric,

I'd get compile errors. This might explain it:

20050317
  - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
Make --without-opensc work.
  - (tim) [configure.ac] portability changes on test statements. Some
shells
have problems with -a operator.
  - (tim) [configure.ac] make some configure options a little more error
proof.
  - (tim) [configure.ac] remove trailing white space.

http://mirrors.evolva.ro/OpenSSH/portable/ChangeLog

-cpu

Eric Spakman wrote:
> Hello cpu,
> 
>> ...you get rid of this line in buildtool.mk:
>>
>>
>> --without-opensc
>>
>>
>> This appears to be an old problem not related to ucbering. I did not
>> save my log messages so I can't report the errors, unfortunately. -cpu
>>
> Never had a problem with building, what does "--without-opensc" do?
> 
> Eric
> 
>> __
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>>
>>
>> ---
>> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>> files for problems?  Stop!  Download the new AJAX search engine that
makes
>>  searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
>>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
>>

>> leaf-user mailing list: leaf-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>> Support Request -- http://leaf-project.org/
>>
>>
> 
> 
> 
> 
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ipsec and multiple IP problem

[cpu memhd]

Hi Eric,

I'm not using openswan 2.4.4, I'm using 1.0.9. But I did look at the newer

_startklips and the line is the same. To me, this suggests it's making the

same assumptions about the interface. My guess is that it will work.

original 2.4.4
/usr/lib/ipsec/_startklips:

eval `ip addr show $phys primary | grep inet | sed -n 1p |

original 1.0.9
/lib/ipsec/_startklips:

eval `ip addr show $phys primary | grep inet | sed -n 1p |

-cpu

Eric Spakman wrote:
> Hello Cpu,
> 
> Does the same fix applies to our current openswan-2.4.4?
> 
> Eric
> 
>> Hello,
>>
>>
>> In addition to specifying a label I couldn't get openswan to work with
>> secondary IPs unless I changed this line in _startklips:
>>
>> eval `ip addr show $phys primary | grep inet | sed -n 1p |
>>
>> to:
>>
>>
>> eval `ip addr show ${phys%%:*} label $phys | grep inet | sed -n 1p
>>
>> -cpu
>>
>>
>> Charles Steinkuehler wrote:
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>>
>>> Sandro Doro wrote:
>>>
 Hi,


 I am testing Bering 2.3.1 with a multiple IP interface as:


 # ip addr show eth0
 5: eth0:  mtu 1500 qdisc pfifo_fast

>> qlen
 1000
 link/ether fe:fd:58:24:f8:e6 brd ff:ff:ff:ff:ff:ff inet
 82.46.148.130/24 brd 82.46.148.255 scope global eth0
 inet 82.46.148.128/24 scope global secondary eth0 inet6
 fe80::fcfd:58ff:fe24:f8e6/64 scope link


 Using the included ipsec.lrp (v.1.0.9) I setup VPN with:


 # /etc/ipsec.conf
 [...]
 interfaces="ipsec0=eth0 ipsec1=eth0:0" [...]


 After "/etc/init.d/ipsec restart" the following messages is printed:


 Device "eth0:0" does not exist.
 ipsec_setup: unable to determine address of `eth0:0'


 This messages is printed also if I change the ip address with the
 following command:

 ip addr add 82.46.148.128/24 dev eth0 label eth0:0

 I have read in


 http://www.freeswan.ca/docs/HA/HA_VPNS_With_FreeSWAN.html


 that this interface specification is correct. This is possible only
in
 v2 release (Bering v2.4) ?

 Thank you for any suggestions.

>>> I haven't tried this with FreeS/WAN, but I suspect your problem is you
>>> don't have an eth0:0.
>>>
>>> You *DO* have a secondary IP address on your external interface, but
it
>>>  has no "name" (linux hasn't required the eth: syntax since at
>>> least 2.2).
>>>
>>> Try removing the secondary IP, re-adding it with an appropriate label
>>> then starting freeswan:
>>>
>>> ip addr del 82.46.148.128/24 dev eth0 ip addr add 82.46.148.128/24
label
>>> eth0:0 dev eth0
>>> svi ipsec start
>>>
>>> ...if that works, you'll need to change how you're adding the IP alias
>>> in your startup scripts.
>>>
>>> - --
>>> Charles Steinkuehler
>>> [EMAIL PROTECTED] -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v1.4.0 (MingW32)
>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>>
>>>
>>> iD8DBQFD7LMYLywbqEHdNFwRAugOAJ9ySUIKShtjxak6/YBdOhXEvwNIMwCeLvg3
>>> rd55FxcC8wzl6N+/BWa4368= =3irC
>>> -END PGP SIGNATURE-
>>>
>>>
>>>
>>> ---
>>> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>>>
>> files
>>> for problems?  Stop!  Download the new AJAX search engine that makes
>>> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
>>>
>>>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=12164
>>> 2
>>>

>>>  leaf-user mailing list: leaf-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>>> Support Request -- http://leaf-project.org/
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> __
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>>
>>
>> ---
>> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>> files for problems?  Stop!  Download the new AJAX search engine that
makes
>>  searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
>>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
>>

>> leaf-user mailing list: leaf-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>> Support Request -- http://leaf-project.org/
>>
>>
> 
> 
> 
> 
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> --

Re: [leaf-user] openssh - buildtool can't compile unless...

[cpu memhd]

Yup.

Eric Spakman wrote:
> Hello Cpu,
> 
> Ok, thanks for reporting! If I understand correctly the
"--without-opensc"
> Configure option is broken, removing the line will disable opensc
anyway.
> 
> Eric
> 
>> Hello Eric,
>>
>>
>> I'd get compile errors. This might explain it:
>>
>>
>> 20050317
>> - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
>> Make --without-opensc work.
>> - (tim) [configure.ac] portability changes on test statements. Some
>> shells have problems with -a operator. - (tim) [configure.ac] make some
>> configure options a little more error proof. - (tim) [configure.ac]
remove
>> trailing white space.
>>
>> http://mirrors.evolva.ro/OpenSSH/portable/ChangeLog
>>
>>
>> -cpu
>>
>>
>> Eric Spakman wrote:
>>
>>> Hello cpu,
>>>
>>>
 ...you get rid of this line in buildtool.mk:



 --without-opensc



 This appears to be an old problem not related to ucbering. I did not
 save my log messages so I can't report the errors, unfortunately.
-cpu


>>> Never had a problem with building, what does "--without-opensc" do?
>>>
>>>
>>> Eric
>>>
>>>
 __
 Do You Yahoo!?
 Tired of spam?  Yahoo! Mail has the best spam protection around
 http://mail.yahoo.com




 ---
 This SF.net email is sponsored by: Splunk Inc. Do you grep through
log
  files for problems?  Stop!  Download the new AJAX search engine that

>> makes
 searching your log files as easy as surfing the  web.  DOWNLOAD
>> SPLUNK!
>>
>>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
>>
>>

>>
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/



>>>
>>>
>>>
>>> ---
>>> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>>>
>> files
>>> for problems?  Stop!  Download the new AJAX search engine that makes
>>> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
>>>
>>>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=12164
>>> 2
>>>

>>>  leaf-user mailing list: leaf-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>>> Support Request -- http://leaf-project.org/
>>>
>>>
>>>
>>
>> __
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>>
> 
> 
> 
> 
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ipsec and multiple IP problem

[cpu memhd]

Eric,

Regarding openswan 2.x. It looks like one is supposed to use cryptoapi 
instead of Juanjo's crypto algorithms. But there is no real info on how to

go from 1.x to 2.x. After getting stuck on SHA2_256 I gave up. Also, on 
1.0.9 I made some modifications to ./pluto/kernel.c to allow for multiple 
ipsec connections from the same host and I would have to do the same for 
2.4.4, which is quite different. It might not even work. Not worth the 
hassle right now.

The _startklips fix is backward compatible. Most of my ipsec hosts use
only 
a single ip address using interfaces="ipsec0=eth0".

-cpu


Eric Spakman wrote:
> Hello Cpu,
> 
> A pity 2.4.4 is not working ok for you. You are the first reporting a
> problem with it.
> I looked through various documents and it seems like all those ciphers
are
> supported but probably internal.
> 
> Does the _startklips fix still suports plain ethx interfaces?
> 
> Eric
> 
> 
> 
>> Hi Eric,
>>
>>
>> I'm not using openswan 2.4.4, I'm using 1.0.9. But I did look at the
>> newer
>>
>> _startklips and the line is the same. To me, this suggests it's making
>> the
>>
>> same assumptions about the interface. My guess is that it will work.
>>
>> original 2.4.4 /usr/lib/ipsec/_startklips:
>>
>>
>> eval `ip addr show $phys primary | grep inet | sed -n 1p |
>>
>> original 1.0.9 /lib/ipsec/_startklips:
>>
>>
>> eval `ip addr show $phys primary | grep inet | sed -n 1p |
>>
>> -cpu
>>
>>
>> Eric Spakman wrote:
>>
>>> Hello Cpu,
>>>
>>>
>>> Does the same fix applies to our current openswan-2.4.4?
>>>
>>>
>>> Eric
>>>
>>>
 Hello,



 In addition to specifying a label I couldn't get openswan to work
 with secondary IPs unless I changed this line in _startklips:

 eval `ip addr show $phys primary | grep inet | sed -n 1p |

 to:



 eval `ip addr show ${phys%%:*} label $phys | grep inet | sed -n 1p

 -cpu



 Charles Steinkuehler wrote:


> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
>
> Sandro Doro wrote:
>
>
>> Hi,
>>
>>
>>
>> I am testing Bering 2.3.1 with a multiple IP interface as:
>>
>>
>>
>> # ip addr show eth0
>> 5: eth0:  mtu 1500 qdisc
>> pfifo_fast
>>
 qlen
>> 1000
>> link/ether fe:fd:58:24:f8:e6 brd ff:ff:ff:ff:ff:ff inet
>> 82.46.148.130/24 brd 82.46.148.255 scope global eth0
>> inet 82.46.148.128/24 scope global secondary eth0 inet6
>> fe80::fcfd:58ff:fe24:f8e6/64 scope link
>>
>>
>>
>> Using the included ipsec.lrp (v.1.0.9) I setup VPN with:
>>
>>
>>
>> # /etc/ipsec.conf
>> [...]
>> interfaces="ipsec0=eth0 ipsec1=eth0:0" [...]
>>
>>
>> After "/etc/init.d/ipsec restart" the following messages is
>> printed:
>>
>>
>>
>> Device "eth0:0" does not exist.
>> ipsec_setup: unable to determine address of `eth0:0'
>>
>>
>>
>> This messages is printed also if I change the ip address with the
>>  following command:
>>
>> ip addr add 82.46.148.128/24 dev eth0 label eth0:0
>>
>> I have read in
>>
>>
>>
>> http://www.freeswan.ca/docs/HA/HA_VPNS_With_FreeSWAN.html
>>
>>
>>
>> that this interface specification is correct. This is possible
>> only
>> in
>> v2 release (Bering v2.4) ?
>>
>> Thank you for any suggestions.
>>
>>
> I haven't tried this with FreeS/WAN, but I suspect your problem is
> you don't have an eth0:0.
>
> You *DO* have a secondary IP address on your external interface,
> but
>> it
> has no "name" (linux hasn't required the eth: syntax since at
>  least 2.2).
>
> Try removing the secondary IP, re-adding it with an appropriate
> label then starting freeswan:
>
> ip addr del 82.46.148.128/24 dev eth0 ip addr add 82.46.148.128/24
>> label
> eth0:0 dev eth0
> svi ipsec start
>
> ...if that works, you'll need to change how you're adding the IP
> alias in your startup scripts.
>
> - --
> Charles Steinkuehler
> [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version:
GnuPG
> v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org
>
>
>
> iD8DBQFD7LMYLywbqEHdNFwRAugOAJ9ySUIKShtjxak6/YBdOhXEvwNIMwCeLvg3
> rd55FxcC8wzl6N+/BWa4368= =3irC -END PGP SIGNATURE-
>
>
>
>
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through
> log
>
 files
> for problems?  Stop!  Download the new AJAX search engine that
> makes searching your log files as easy as surfing the  web.
> DOWNLOAD
>
>> SPLUNK!
>>
>
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=12164
>>
> 2
>
>
>>
-

Re: [leaf-user] ipsec and multiple IP problem

[cpu memhd]

Hmmm... Where/how do you set USE_EXTRACRYPTO?
-cpu

Eric Spakman wrote:
> Hi Cpu,
> 
>> Eric,
>>
>>
>> Regarding openswan 2.x. It looks like one is supposed to use cryptoapi
>> instead of Juanjo's crypto algorithms. But there is no real info on how
to
>>
> The cryptoapi stuff is optional and the other ciphers are internal to
pluto:
> 
> LIBDESSRCDIR=${OPENSWANSRCDIR}/linux/crypto/ciphers/des
> LIBDESLITE:=${OBJDIRTOP}/lib/libcrypto/libdes/libdes.a
> LIBAES=${OBJDIRTOP}/lib/libcrypto/libaes/libaes.a
> LIBBLOWFISH=${OBJDIRTOP}/lib/libcrypto/libblowfish/libblowfish.a
> LIBTWOFISH=${OBJDIRTOP}/lib/libcrypto/libtwofish/libtwofish.a
> LIBSERPENT=${OBJDIRTOP}/lib/libcrypto/libserpent/libserpent.a
> LIBSHA2=${OBJDIRTOP}/lib/libcrypto/libsha2/libsha2.a
> 
> But it seems like this is only added if "USE_EXTRACRYPTO" is set, which
> will add an enormous bloat to the pluto binary.
> I will look into how to implement cryptoapi, so the ciphers can be used
> modular again.
> 
>> go from 1.x to 2.x. After getting stuck on SHA2_256 I gave up. Also, on
>> 1.0.9 I made some modifications to ./pluto/kernel.c to allow for
multiple
>>  ipsec connections from the same host and I would have to do the same
for
>>  2.4.4, which is quite different. It might not even work. Not worth the
>> hassle right now.
>>
> I understand, but note that 1.0.x is "end of life".
> 
>> The _startklips fix is backward compatible. Most of my ipsec hosts use
>> only a single ip address using interfaces="ipsec0=eth0".
>>
> Ok, thanks! I will add this fix later today.
> 
>> -cpu
>>
> Eric
> 
>>
>> Eric Spakman wrote:
>>
>>> Hello Cpu,
>>>
>>>
>>> A pity 2.4.4 is not working ok for you. You are the first reporting a
>>> problem with it. I looked through various documents and it seems like
all
>>> those ciphers
>> are
>>> supported but probably internal.
>>>
>>> Does the _startklips fix still suports plain ethx interfaces?
>>>
>>>
>>> Eric
>>>
>>>
>>>
>>>
 Hi Eric,



 I'm not using openswan 2.4.4, I'm using 1.0.9. But I did look at the
 newer

 _startklips and the line is the same. To me, this suggests it's
 making the

 same assumptions about the interface. My guess is that it will work.

 original 2.4.4 /usr/lib/ipsec/_startklips:


 eval `ip addr show $phys primary | grep inet | sed -n 1p |

 original 1.0.9 /lib/ipsec/_startklips:


 eval `ip addr show $phys primary | grep inet | sed -n 1p |

 -cpu



 Eric Spakman wrote:


> Hello Cpu,
>
>
>
> Does the same fix applies to our current openswan-2.4.4?
>
>
>
> Eric
>
>
>
>> Hello,
>>
>>
>>
>>
>> In addition to specifying a label I couldn't get openswan to work
>>  with secondary IPs unless I changed this line in _startklips:
>>
>> eval `ip addr show $phys primary | grep inet | sed -n 1p |
>>
>> to:
>>
>>
>>
>>
>> eval `ip addr show ${phys%%:*} label $phys | grep inet | sed -n
>> 1p
>>
>>
>> -cpu
>>
>>
>>
>>
>> Charles Steinkuehler wrote:
>>
>>
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>>
>>>
>>>
>>> Sandro Doro wrote:
>>>
>>>
>>>
 Hi,




 I am testing Bering 2.3.1 with a multiple IP interface as:




 # ip addr show eth0
 5: eth0:  mtu 1500 qdisc
 pfifo_fast

>> qlen
 1000
 link/ether fe:fd:58:24:f8:e6 brd ff:ff:ff:ff:ff:ff inet
 82.46.148.130/24 brd 82.46.148.255 scope global eth0
 inet 82.46.148.128/24 scope global secondary eth0 inet6
 fe80::fcfd:58ff:fe24:f8e6/64 scope link




 Using the included ipsec.lrp (v.1.0.9) I setup VPN with:




 # /etc/ipsec.conf
 [...]
 interfaces="ipsec0=eth0 ipsec1=eth0:0" [...]


 After "/etc/init.d/ipsec restart" the following messages is
 printed:




 Device "eth0:0" does not exist.
 ipsec_setup: unable to determine address of `eth0:0'




 This messages is printed also if I change the ip address with
 the following command:

 ip addr add 82.46.148.128/24 dev eth0 label eth0:0

 I have read in




 http://www.freeswan.ca/docs/HA/HA_VPNS_With_FreeSWAN.html




 that this interface specification is correct. This is
 possible only
 in
 v2 release (Bering v2.4) ?

 Thank you for any suggestions.



>>> I haven't tried this with FreeS/WAN, but I suspect your problem
>>> is you don't have an et

Re: [leaf-user] shorewall 'Connection Tracking Match: Not available'

[cpu memhd]

I'll try it out. Thanks!

Eric Spakman wrote:
> Hello Cpu,
> 
> I just commited iptables-1.3.5 to CVS, you may give that one a try.
> 
> Eric
> 
>> With iptables 1.3.4, shorewall (2.4.7) reports connection tracking is
>> not available.
>>
>> I checked /usr/share/shorewall/firewall and found this line:
>>
>>
>> qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT
>>
>> && CONNTRACK_MATCH=Yes
>>
>>
>> Under 1.3.4 the above iptables command returns 127; 1.3.1 returns 0.
>> -cpu
>>
>>
>> __
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>>
>>
>> ---
>> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>> files for problems?  Stop!  Download the new AJAX search engine that
makes
>>  searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
>>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
>>

>> leaf-user mailing list: leaf-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>> Support Request -- http://leaf-project.org/
>>
>>
> 
> 
> 
> 
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] openssh - buildtool can't compile unless...

[cpu memhd]

Eric,

Is, "I don't think opensc is installed" a good enough answer? :^).

 From what I remember, there was a missing header file reported in the 
logs. So I don't think it's installed.
-cpu

Eric Spakman wrote:
> Hello Cpu,
> 
> I compiled openssh with the option enabled and disabled but with the
same
> result. Do you have opensc installed on your host computer? Maybe the
> Configure script find it there.
> 
> I have removed the line anyway, because it indeed doesn't make a
difference.
> 
> Eric
> 
> 
>> Yup.
>>
>>
>> Eric Spakman wrote:
>>
>>> Hello Cpu,
>>>
>>>
>>> Ok, thanks for reporting! If I understand correctly the
>>>
>> "--without-opensc"
>>
>>> Configure option is broken, removing the line will disable opensc
>>>
>> anyway.
>>> Eric
>>>
>>>
 Hello Eric,



 I'd get compile errors. This might explain it:



 20050317
 - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
 Make --without-opensc work.
 - (tim) [configure.ac] portability changes on test statements. Some
 shells have problems with -a operator. - (tim) [configure.ac] make
 some configure options a little more error proof. - (tim)
 [configure.ac]

>> remove
 trailing white space.

 http://mirrors.evolva.ro/OpenSSH/portable/ChangeLog



 -cpu



 Eric Spakman wrote:


> Hello cpu,
>
>
>
>> ...you get rid of this line in buildtool.mk:
>>
>>
>>
>>
>> --without-opensc
>>
>>
>>
>>
>> This appears to be an old problem not related to ucbering. I did
>> not save my log messages so I can't report the errors,
>> unfortunately.
>> -cpu
>>
>>
> Never had a problem with building, what does "--without-opensc" do?
>
>
>
> Eric
>
>
>
>> __
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>>
>>
>>
>>
>> ---
>> This SF.net email is sponsored by: Splunk Inc. Do you grep through
>>
>> log
>> files for problems?  Stop!  Download the new AJAX search engine
>> that
>>
 makes
>> searching your log files as easy as surfing the  web.  DOWNLOAD
 SPLUNK!



>>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
>>

>>

>>
>> leaf-user mailing list: leaf-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>> Support Request -- http://leaf-project.org/
>>
>>
>>
>>
>
>
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through
> log
>
 files
> for problems?  Stop!  Download the new AJAX search engine that
> makes searching your log files as easy as surfing the  web.
> DOWNLOAD
>
>> SPLUNK!
>>
>
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=12164
>>
> 2
>
>
>>

>>
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
>
>
>
>
 __
 Do You Yahoo!?
 Tired of spam?  Yahoo! Mail has the best spam protection around
 http://mail.yahoo.com



>>>
>>>
>>>
>>> ---
>>> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>>>
>> files
>>> for problems?  Stop!  Download the new AJAX search engine that makes
>>> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
>>>
>>>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=12164
>>> 2
>>>

>>>  leaf-user mailing list: leaf-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>>> Support Request -- http://leaf-project.org/
>>>
>>>
>>>
>>
>> __
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>>
>>
>> ---
>> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>> files for problems?  Stop!  Download the new AJAX search engine that
makes
>>  searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
>>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
>>

>> leaf-user mailing list: leaf-user

[leaf-user] 3.1 busybox/ping behaves like ping6...

[cpu memhd]

...when I ping anything in /etc/hosts

I've been using 3.1 for a while but just noticed this:

ping localhost

PING localhost (7f00:1:60ea:ffbf::): 56 data bytes
ping: can't create raw socket: Address family not supported by protocol

(ping something-else-in-/etc/hosts ... same as above)

This is the same behaviour as ping6. Why is this happening?

Also, I cannot send mail either:

echo "test"| mail -s "Test Mail" -d mydomain.net -h smtp.inmyhostsfile.net
to [EMAIL PROTECTED]

nc: socket: Address family not supported by protocol
Error: Unknown response.
  RSET
  0:
Aborting due to connection error
  Killing child processes: 8309 8310

I have ping from a mandrake installation, which I renamed to ping4. No
problems pinging anything in the hosts file.

I have a bread & butter bering-uclibc 3.1 floppy installation and
host-file ping/name resolution is messed up there too.


-cpu



 

We won't tell. Get more on shows you hate to love 
(and love to hate): Yahoo! TV's Guilty Pleasures list.
http://tv.yahoo.com/collections/265 

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] 3.1 busybox/ping behaves like ping6...

[cpu memhd]

Hellp KP,

No ipv6 module that I can see.

-cpu

--- KP Kirchdoerfer <[EMAIL PROTECTED]> wrote:

> On Saturday 23 June 2007 22:50:45 cpu memhd wrote:
> > ...when I ping anything in /etc/hosts
> >
> > I've been using 3.1 for a while but just noticed this:
> >
> > ping localhost
> >
> > PING localhost (7f00:1:60ea:ffbf::): 56 data bytes
> > ping: can't create raw socket: Address family not supported by
> protocol
> >
> > (ping something-else-in-/etc/hosts ... same as above)
> >
> > This is the same behaviour as ping6. Why is this happening?
> >
> > Also, I cannot send mail either:
> >
> > echo "test"| mail -s "Test Mail" -d mydomain.net -h
> smtp.inmyhostsfile.net
> > to [EMAIL PROTECTED]
> >
> > nc: socket: Address family not supported by protocol
> > Error: Unknown response.
> >   RSET
> >   0:
> > Aborting due to connection error
> >   Killing child processes: 8309 8310
> >
> > I have ping from a mandrake installation, which I renamed to ping4. No
> > problems pinging anything in the hosts file.
> >
> > I have a bread & butter bering-uclibc 3.1 floppy installation and
> > host-file ping/name resolution is messed up there too.
> 
> Just for clarification  - you do not have loaded the ipv6 module?
> 
> kp
> 
>
-
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 



   

Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] busybox/ping behaves like ping6 - this is serious man!

[cpu memhd]

Sounds great, Eric. Thanks! -cpu

--- Eric Spakman <[EMAIL PROTECTED]> wrote:

> Hi Cpu,
> 
> The next beta of Bering-uClibc will have use a later version of busybox.
> Hopefully all this issues will be solved by then.
> 
> 
> Eric
> 
> > Back in June I posted strange behavior by busybox/ping, but nothing
> has
> > changed. I'd like to repost the problem (thoughts, anyone?):
> >
> > --->
> >
> >
> > 3.1 busybox/ping behaves like ping6...
> >
> >
> > ...when I ping anything in /etc/hosts
> >
> >
> > I've been using 3.1 for a while but just noticed this:
> >
> >
> > ping localhost
> >
> > PING localhost (7f00:1:60ea:ffbf::): 56 data bytes
> > ping: can't create raw socket: Address family not supported by
> protocol
> >
> >
> > (ping something-else-in-/etc/hosts ... same as above)
> >
> >
> > This is the same behaviour as ping6. Why is this happening?
> >
> >
> > Also, I cannot send mail either:
> >
> >
> > echo "test"| mail -s "Test Mail" -d mydomain.net -h
> > smtp.inmyhostsfile.net to [EMAIL PROTECTED]
> >
> > nc: socket: Address family not supported by protocol
> > Error: Unknown response.
> > RSET
> > 0:
> > Aborting due to connection error
> > Killing child processes: 8309 8310
> >
> >
> > I have ping from a mandrake installation, which I renamed to ping4. No
> > problems pinging anything in the hosts file.
> >
> > I have a bread & butter bering-uclibc 3.1 floppy installation and
> > host-file ping/name resolution is messed up there too.
> >
> >
> > __
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> >
> >
> >
>
-
> >  This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems?  Stop.
> > Now Search log events and configuration files using AJAX and a
> browser.
> > Download your FREE copy of Splunk now >> http://get.splunk.com/
> >
> 
> > leaf-user mailing list: leaf-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> > Support Request -- http://leaf-project.org/
> >
> >
> 
> 
> 
>
-
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] busybox/reboot - no broadcast message

[cpu memhd]

Yet another busybox issue. While this won't start a nuclear war or screw
up life support systems, I really like the 2.x reboot command with its
reassuring broadcast message:

"Broadcast message from root (ttyp0) (Fri Oct 19 02:01:41 2007):

The system is going down for reboot NOW!"

Yup. I rebooted a 2.x leaf box at one of our remote offices just to
capture this!

Would it be a big deal to compile this myself/which 2.x package had the
reboot command? I do use the build environment.

-cpu


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] busybox/ping behaves like ping6 - this is serious man!

[cpu memhd]

Back in June I posted strange behavior by busybox/ping, but nothing has
changed. I'd like to repost the problem (thoughts, anyone?):

--->

3.1 busybox/ping behaves like ping6...

...when I ping anything in /etc/hosts

I've been using 3.1 for a while but just noticed this:

ping localhost

PING localhost (7f00:1:60ea:ffbf::): 56 data bytes
ping: can't create raw socket: Address family not supported by protocol

(ping something-else-in-/etc/hosts ... same as above)

This is the same behaviour as ping6. Why is this happening?

Also, I cannot send mail either:

echo "test"| mail -s "Test Mail" -d mydomain.net -h smtp.inmyhostsfile.net
to [EMAIL PROTECTED]

nc: socket: Address family not supported by protocol
Error: Unknown response.
  RSET
  0:
Aborting due to connection error
  Killing child processes: 8309 8310

I have ping from a mandrake installation, which I renamed to ping4. No
problems pinging anything in the hosts file.

I have a bread & butter bering-uclibc 3.1 floppy installation and
host-file ping/name resolution is messed up there too.


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] busybox/logger doesn't behave right

[cpu memhd]

Hello,

The newer logger in busybox in ucBering 3.1 doesn't work like the same as
2.x. Try this:

2.x:
firewall# logger "1234" "5678"
firewall# tail /var/log/messages
...
Oct 19 00:34:39 firewall root: 12345678

3.1:
firewall# logger "1234" "5678"
firewall# tail /var/log/messages
...
Oct 19 00:34:24 firewall root: 1234

Here's a line from /etc/hotplug.functions that no longer works correctly:

$LOGGER -t $(basename $0)"[$$]" "$@"

-cpu


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] USB input support

[cpu memhd]

Not too long ago a member of the list asked about this. Currently,
uc-bering doesn't support USB input. So I sent him my files: input.o,
hid.o, keybdev.o (my firewalls don't have PS2 ports, only USB).

Is there a technical reason for not supporting USB input? It seems so
simple. I'd like to request these modules be included in the build and a
new package created: USBINPUT.LRP? Thoughts?

-cpu


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] USB input support

[cpu memhd]

Not too long ago a member of the list asked about this. Currently,
uc-bering doesn't support USB input. So I sent him my files: input.o,
hid.o, keybdev.o (my firewalls don't have PS2 ports, only USB).

Is there a technical reason for not supporting USB input? It seems so
simple. I'd like to request these modules be included in the build and a
new package created: USBINPUT.LRP? Thoughts?

-cpu


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] USB input support

[cpu memhd]

Hey Martin,

Besides the time spent, I'm guessing the reason it hasn't been added is
because of space concerns. Most people don't need USB keyboard support, so
why add it to the modules package (which I'm unfamiliar with at this
time). That's why I suggest a seperate package. The files necessary for
USB keyboard input support are:

input.o
hid.o
keybdev.o

-cpu

--- Martin Hejl <[EMAIL PROTECTED]> wrote:

> cpu memhd wrote:
> > Is there a technical reason for not supporting USB input? 
> Not as far as I know - it's simply because nobody has found time/energy
> to do it so far (that's my understanding, I can't speak for everybody
> who has commit permissions in CVS).
> 
> > I'd like to request these modules be included in the build and a
> > new package created: USBINPUT.LRP? Thoughts?
> What would reside in USBINPUT.LRP? Just the modules? If so, why an extra
> package and not simply put things into the modules tarball as is done
> with every other module?
> 
> Martin
> 
> 
> 
>
-
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] new busybox won't build

[cpu memhd]

As of about two weeks ago busybox was updated and I'm trying to buld it,
but I'm getting these errors:

make[1]: Entering directory
`/src/bering-uclibc/buildtool/source/busybox/busybox-1.8.2'
scripts/kconfig/conf -s Config.in
.config:34:warning: trying to assign nonexistent symbol
FEATURE_EXEC_PREFER_APPLETS
.config:42:warning: trying to assign nonexistent symbol
FEATURE_FULL_LIBBUSYBOX
.config:45:warning: trying to assign nonexistent symbol BUILD_AT_ONCE
.config:539:warning: trying to assign nonexistent symbol
FEATURE_IFUPDOWN_IPX
.config:591:warning: trying to assign nonexistent symbol
FEATURE_UDHCP_SYSLOG
.config:655:warning: trying to assign nonexistent symbol
FEATURE_SH_STANDALONE_SHELL
#
# using defaults found in .config
#
*
* Restart config...
*
*
* General Configuration
*
See lots more (probably unnecessary) configuration options. (NITPICK)
[Y/n/?] y
Enable options for full-blown desktop systems (DESKTOP) [N/y/?] n
Buffer allocation policy
> 1. Allocate with Malloc (FEATURE_BUFFERS_USE_MALLOC)
  2. Allocate on the Stack (FEATURE_BUFFERS_GO_ON_STACK)
  3. Allocate in the .bss section (FEATURE_BUFFERS_GO_IN_BSS)
choice[1-3?]: 1
Show terse applet usage messages (SHOW_USAGE) [Y/n/?] y
Show verbose applet usage messages (FEATURE_VERBOSE_USAGE) [N/y/?] n
Store applet usage messages in compressed form (FEATURE_COMPRESS_USAGE)
[N/y/?] n
Support --install [-s] to install applet links at runtime
(FEATURE_INSTALLER) [Y/n/?] y
Enable locale support (system needs locale for this to work)
(LOCALE_SUPPORT) [N/y/?] n
Enable support for --long-options (GETOPT_LONG) [Y/n/?] y
Use the devpts filesystem for Unix98 PTYs (FEATURE_DEVPTS) [N/y/?] n
Clean up all memory before exiting (usually not needed) (FEATURE_CLEAN_UP)
[N/y/?] n
Support writing pidfiles (FEATURE_PIDFILE) [N/y/?] (NEW) aborted!

Console input/output is redirected. Run 'make oldconfig' to update
configuration.

make[3]: *** [silentoldconfig] Error 1
make[2]: *** [silentoldconfig] Error 2
make[1]: *** [include/autoconf.h] Error 2
make[1]: Leaving directory
`/src/bering-uclibc/buildtool/source/busybox/busybox-1.8.2'
make: *** [busybox-1.8.2/.build] Error 2
make: Leaving directory `/src/bering-uclibc/buildtool/source/busybox'



  

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] new busybox won't build

[cpu memhd]

Thanks KP. Looks like I have a new problem:

Busybox won't configure my network interface:

Reconfiguring network interfaces: ifdown: don't seem to have all the
variables for eth0/inet
ifup: don't seem to have all the variables for eth0/inet
done.

This is only on the dhcp interface; the static interfaces are fine. 

interfaces:

auto eth0
iface eth0 inet dhcp

-cpu

--- KP Kirchdoerfer <[EMAIL PROTECTED]> wrote:

> Ups; looks like I haven't committed the updated .config.
> 
> pls checkout and try again.
> 
> kp 
> 
>
-
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 



  

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] new busybox won't build

[cpu memhd]

Got the update. Logger is fixed, so is the /etc/hosts lookup problem.
Thanks!

-cpu

--- KP Kirchdoerfer <[EMAIL PROTECTED]> wrote:

> On Wednesday 02 January 2008 04:14:59 cpu memhd wrote:
> > Thanks KP. Looks like I have a new problem:
> >
> > Busybox won't configure my network interface:
> >
> > Reconfiguring network interfaces: ifdown: don't seem to have all the
> > variables for eth0/inet
> > ifup: don't seem to have all the variables for eth0/inet
> > done.
> >
> > This is only on the dhcp interface; the static interfaces are fine.
> >
> > interfaces:
> >
> > auto eth0
> > iface eth0 inet dhcp
> >
> > -cpu
> >
> > --- KP Kirchdoerfer <[EMAIL PROTECTED]> wrote:
> > > Ups; looks like I haven't committed the updated .config.
> > >
> > > pls checkout and try again.
> 
> The problem should be solved with a newer .config already committed to
> cvs.
> 
> Fixed images will be available in January.
> 
> kp 
> 
>
-
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 



  

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Nexcom NSA 2189L

[cpu memhd]

Hey Erich,

I haven't tried it. But I thought I should comment on the architecture. It
uses the Xeon Blackford chipset, which uses FB-DIMMS, which run very hot.
I have 4 DIMMS, 4GB RAM in one of my personal servers, a 5000V Blackford
and the DIMMs seem to generate lots more heat than the CPU: a Xeon 1.86
5000 series.

I have looked at the Nexcom solutions and I've been considering getting an
8-port 1083 which uses the desktop Q965 chipset.

Anyhow, the 2189 would be nicer I think, if it used a 5100 board because
it supports DDR2. Or better yet, the 3200 series (for the most part, 1333
MHz bus versions of the previous 3000 series Xeon boards... which are just
glorified Conroe boards). The 3xxx Xeon boards are cheap and the 1333
MHz/3000 Xeons are dirt cheap even at >= 3 GHz speeds.

-cpu

--- Erich Titl <[EMAIL PROTECTED]> wrote:

> Hi Folks
> 
> I recall someone mentioning the Nexcom NSA2189 for a 24 port router. Has
> 
> someone already tried it with the current Bering-uClibc?
> 
> Thanks
> 
> Erich
> 
>
-
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 



  

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] pptpgre-use-debug-option.patch

[cpu memhd]

The 1.3.0 version of pptpd produces lots of noise in the debug log. My log
today way 29MB all the same thing:

GRE: accepting #.
GRE: accepting #.
GRE: accepting #.
GRE: accepting #.
GRE: accepting #.

Looks like a bug (missing if (pptpctrl_debug)).

I used the following openwrt patch:

pptpgre-use-debug-option.patch:

diff -Nur pptpd-1.3.0/pptpgre.c.orig pptpd-1.3.0/pptpgre.c
--- pptpd-1.3.0/pptpgre.c.orig  2006-04-18 02:13:10.0 -0400
+++ pptpd-1.3.0/pptpgre.c   2006-04-18 02:14:19.0 -0400
@@ -46,6 +46,9 @@
 
 #define PACKET_MAX 8196
 
+/* Command Line Variable Args */
+extern int pptpctrl_debug;
+
 typedef int (*callback_t)(int cl, void *pack, unsigned int len);
 
 /* test for a 32 bit counter overflow */
@@ -319,7 +322,9 @@
stats.rx_lost += head->seq - gre.seq_recv - 1;
syslog(LOG_DEBUG, "GRE: timeout waiting for %d 
packets", head->seq -
gre.seq_recv - 1);
}
-   syslog(LOG_DEBUG, "GRE: accepting #%d from queue", head->seq);
+   if (pptpctrl_debug) {
+   syslog(LOG_DEBUG, "GRE: accepting #%d from queue", 
head->seq);
+   }
gre.seq_recv = head->seq;
status = callback(cl, head->packet, head->packlen);
pqueue_del(head);
@@ -399,7 +404,9 @@
}
/* check for out-of-order sequence number */
if (seq_greater(seq, gre.seq_recv)) {
-   syslog(LOG_DEBUG, "GRE: accepting packet #%d", seq);
+   if (pptpctrl_debug) {
+   syslog(LOG_DEBUG, "GRE: accepting packet #%d", 
seq);
+   }
stats.rx_accepted++;
gre.seq_recv = seq;
return cb(cl, buffer + ip_len + headersize, 
payload_len);



  

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Nexcom NSA 2189L

[cpu memhd]

Hello,

I don't think it's overkill and would probably start off with a quad
processor for 24 gigabit ports. But I honestly don't know which apps can
take advantage of the multiple processors and how the kernel uses smp for
networking/routing, etc.

There are other things besides ipsec and routing to consider: deep packet
inspection. See http://en.wikipedia.org/wiki/Deep_packet_inspection and
http://www.securityfocus.com/infocus/1817.

Also, squid can use reg_ex pattern matching to block sites for example.
For an acl I accidentally used url_regex instead of dstdomain for a spam
blacklist 6.3 MB and simple pages would lock up my processor at 100%
utilization for a few seconds at a time. It felt like I was on dialup
instead of a T1. I'm using a Via C3 1 GHz. Even if you won't have a large
reg_ex blacklist, using dstdomain (normal index lookups) it takes squid
about two minutes just to load/index a 6 MB file on my systems.

The Via C3 @ 1 GHz are about as fast as a Celeron 500 MHz in the real
world, maybe slower. For IPsec without the via padlock hardware encryption
driver these 1 GHz C3's can only manage about 10 Mbps using AES 128. With
the padlock driver they should be able to do 100 Mbps easily. Sadly the
fastest I ever managed using openswan and padlock was about 38-43 Mbps.
Either the driver was not well optimized or openswan has too much
overhead.

Besides that, imagine being able to run a counter-strike server directly
on your router. :)

-cpu

--- Muiz Motani <[EMAIL PROTECTED]> wrote:

> Can you tell us where we can order the Nexcom systems from and how much
> they cost? Also, has anybody done any analysis to see if these systems
> are overkill? LEAF should not need Xeon processors, even for 24 Gbit
> ports.
> 
> On Fri, 2008-01-18 at 09:02 +, Erich Titl wrote:
> > 
> > cpu memhd wrote:
> > > Hey Erich,
> > > 
> > > I haven't tried it. But I thought I should comment on the
> architecture. It
> > > uses the Xeon Blackford chipset, which uses FB-DIMMS, which run very
> hot.
> > > I have 4 DIMMS, 4GB RAM in one of my personal servers, a 5000V
> Blackford
> > > and the DIMMs seem to generate lots more heat than the CPU: a Xeon
> 1.86
> > > 5000 series.
> > > 
> > > I have looked at the Nexcom solutions and I've been considering
> getting an
> > > 8-port 1083 which uses the desktop Q965 chipset.
> > > 
> > > Anyhow, the 2189 would be nicer I think, if it used a 5100 board
> because
> > > it supports DDR2. Or better yet, the 3200 series (for the most part,
> 1333
> > > MHz bus versions of the previous 3000 series Xeon boards... which
> are just
> > > glorified Conroe boards). The 3xxx Xeon boards are cheap and the
> 1333
> > > MHz/3000 Xeons are dirt cheap even at >= 3 GHz speeds
> > 
> > Well, I need it for _many_ ports, but looking at the little specs I
> got 
> > I am a bit worried that LEAF will not support the LAN chips. It all 
> > depends whether the multi port boards are of the Intel® 82571EB or 
> > 82546GB chip set. It appears that the 82571EB is only supported in the
> 
> > 2.6 kernel.
> > 
> > Erich
> > 
> > 
> >
>
-
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
> >
> 
> > leaf-user mailing list: leaf-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> > Support Request -- http://leaf-project.org/
> 
> 
>
-
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 



  

Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] My GF is on Myspace 24/7! I have an idea...

[cpu memhd]

I'm not trying to be funny, but you should try to solve this problem with
a counselor instead. If your girlfriend is on myspace all the time then
you need to have a good talk with her. Sounds like there is a deeper
underling issue. Now if I wanted to do something like this, I suppose I'd
have a peek at the dnsmasq code and put some kind of random delay after
every "*.myspace.com" lookup (if yadada... sleep(my_rand()). And if you
want to test her admiration for you, you could randomly return
www.chippendales.com and see how she reacts. Keep in mind, she could
always use a myspace proxy. After lots of frustration she'll probably wind
up discovering one. So you'll have to blacklist those sites. The tc
solution mentioned by Jerome sounds better to me.

-cpu

--- Stan Smith <[EMAIL PROTECTED]> wrote:

> 
> Currently, I run dd-wrt on my wrt-54gs as a router. I was thinking of
> building a pentium-3 with 512meg RAM and two network cards as a new
> router, and am considering LEAF. I will have my internet ethernet go to
> this router, and all my computers will be on a switch which is connected
> to the other side of this router via uplink. Bering uClibc looks good,
> as it has support for ppp-oe out of the box. My question is this, could
> I build a package that would, say, always be present and if there is a
> request for anything on the myspace domain, it will twiddle its thumbs
> for like 10 seconds, then fulfill the request? She is on that damn site
> 24/7! All she ever does is just sit there and refresh, and send replys
> all day and night. If I just block the domain entirely, she will know
> something is up. If I make it take a frusteratingly long time to do
> anything, she will think it is just their server, and will eventually
> give up entirely, as will simply take too long to get anything done.
> Also, it would be cool to make it have like a 1 in 4 chance of timing
> out and dropping the request entirely. I have tried to get her to stop
> wasting her time on this site and nothing works. She doesn't pay for the
> broadband, and none of the computers are hers. Just blocking the domain
> would be too "mean", so I have come up with this solution. I will figure
> out how to implement it, just wondering if someone knows first if it is
> possible? Second, will it take up bandwith in other areas just having
> this package running? And thirdly, do I even need to build a package, or
> can I configure an existing package to have this effect? Thank you very
> much for you time in reading this request, and all input will be greatly
> appreciated!
> _
> Put your friends on the big screen with Windows Vista® + Windows Live™.
>
http://www.microsoft.com/windows/shop/specialoffers.mspx?ocid=TXT_TAGLM_CPC_MediaCtr_bigscreen_012008
>
-
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 



  

Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] iptables 1.3.5 conntrack "Unknown error -1"

[cpu memhd]

Hello,

This is something I ran into a long time ago. When ucbering 2.x went from
iptables 1.3.1 to 1.3.5, I noticed that shorewall went from:

Connection Tracking Match: Available

To:

Connection Tracking Match: Not available

I wasn't quite sure if this was a self inflicted wound since I compile my
own kernel and packages, so I stayed with iptables 1.3.1 but upgraded all
the other packages. With ucBering 3.1 I'm now using iptables 1.3.5 and I
want to use conntrack with the --ctorigdst option but it doesn't work:

iptables conntrack "Unknown error -1"

Doesn't work with any option, actually.

On my older boxes with iptables 1.3.1 it works fine.
-cpu


  

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] iptables 1.3.5 conntrack "Unknown error -1"

[cpu memhd]

Do you know which kernel module it is? I can't find a difference between
both routers so I don't think that's the problem. -cpu

--- Gordon Bos <[EMAIL PROTECTED]> wrote:

> Sounds familiar...
> 
> I had the same problem when trying to compile the GeoIP module into 
> iptables. Turns out this version of iptables is very non-descriptive and
> 
> shows this error if you forgot to load a (dependant) kernel module.
> 
> Gordon
> 
> cpu memhd wrote:
> > Hello,
> > 
> > This is something I ran into a long time ago. When ucbering 2.x went
> from
> > iptables 1.3.1 to 1.3.5, I noticed that shorewall went from:
> > 
> > Connection Tracking Match: Available
> > 
> > To:
> > 
> > Connection Tracking Match: Not available
> > 
> > I wasn't quite sure if this was a self inflicted wound since I compile
> my
> > own kernel and packages, so I stayed with iptables 1.3.1 but upgraded
> all
> > the other packages. With ucBering 3.1 I'm now using iptables 1.3.5 and
> I
> > want to use conntrack with the --ctorigdst option but it doesn't work:
> > 
> > iptables conntrack "Unknown error -1"
> > 
> > Doesn't work with any option, actually.
> > 
> > On my older boxes with iptables 1.3.1 it works fine.
> > -cpu
> > 
> > 
> >  
>

> > Looking for last minute shopping deals?  
> > Find them fast with Yahoo! Search. 
> http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> > 
> >
>
-
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> >
>
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> >
> 
> > leaf-user mailing list: leaf-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> > Support Request -- http://leaf-project.org/
> 
> -- 
> 
> 
> Gordon Bos
> Q-RY Solutions
> Martinus Nijhofflaan 2
> 2624 ES  Delft
> The Netherlands
> Tel: +31 (0)15 256 4035
> Fax: +31 (0)15 256 4074
> 
> Q-RY Solutions is distributeur van Pervasive Software en ConnecTUX
> software, en draagt zorg voor consultancy, levering, ondersteuning,
> installatie en training.
> 
>
-
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
>
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> 
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
> 



  

Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] TUNO 2.6 kernel - some feedback

[cpu memhd]

I've been testing the 2.6 kernel. Nice!

To the developers: 

I don't think you're wasting your time. I very much appreciate your efforts (I 
read that old thread). I think you should put TUNO on the main page, even if 
it's "alpha".

Some issues:

busybox 1.12.1:

insmod does not search /lib/modules or /lib/modules/`uname -r`.

I tried 1.12.4, no difference.

Running under vmware workstation 6.5 in linux:

The clock can slow down drastically, about 3-4 seconds for every one second. No 
amount of fiddling helped (acpi=off, clock=whatever). So I added VMI to the 
kernel config. Problem solved.

[*] Paravirtualized guest support  --->
   --- Paravirtualized guest support
   [*]   VMI Guest support
   [ ]   Lguest guest support

Size increase: 20,128 bytes - uncompressed.

I can't get the UPX kernel working under VMware:

*** Virtual machine kernel stack fault (hardware reset) ***

Other matters:

Is there a debate on whether or not it should fit on a floppy? If it's 
possible, why not, otherwise why bother? I know some people like to write 
protect their floppies. If you get hacked in, just reboot. Nevertheless, I 
think the floppy holds back the project more than it helps. Some people believe 
Leaf is a floppy distro and won't touch it for that reason. Obviously it can 
run on anything. Just my $.02.



  

--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] ulogd load_plugin File not found (Bering-uClibc 5.2-beta1 Rev 1)

[cpu memhd]

Hello,

Seems there might be a ulogd bug that prevents it from finding/loading plugins:


ulogd -v
Sat Oct  4 20:41:32 2014 <7> ulogd.c:622 load_plugin: 
'/usr/lib/ulogd/ulogd_inppkt_NFLOG.so': File not found
Sat Oct  4 20:41:32 2014 <7> ulogd.c:622 load_plugin: 
'/usr/lib/ulogd/ulogd_inpflow_NFCT.so': File not found
Sat Oct  4 20:41:32 2014 <7> ulogd.c:622 load_plugin: 
'/usr/lib/ulogd/ulogd_filter_IFINDEX.so': File not found
Sat Oct  4 20:41:32 2014 <7> ulogd.c:870 can't find requested plugin NFLOG
Sat Oct  4 20:41:32 2014 <7> ulogd.c:870 can't find requested plugin NFLOG
Sat Oct  4 20:41:32 2014 <8> ulogd.c:1430 not even a single working plugin stack
But the files are there:

ls -l /usr/lib/ulogd/
total 160
-rwxr-xr-x 1 root root  4624 Sep 20 13:42 ulogd_filter_HWHDR.so
-rwxr-xr-x 1 root root  4744 Sep 20 13:42 ulogd_filter_IFINDEX.so
-rwxr-xr-x 1 root root  6516 Sep 20 13:42 ulogd_filter_IP2BIN.so
-rwxr-xr-x 1 root root  6788 Sep 20 13:42 ulogd_filter_IP2STR.so
-rwxr-xr-x 1 root root  6800 Sep 20 13:42 ulogd_filter_PRINTFLOW.so
-rwxr-xr-x 1 root root 11720 Sep 20 13:42 ulogd_filter_PRINTPKT.so
-rwxr-xr-x 1 root root  8348 Sep 20 13:42 ulogd_inpflow_NFACCT.so
-rwxr-xr-x 1 root root 23020 Sep 20 13:42 ulogd_inpflow_NFCT.so
-rwxr-xr-x 1 root root 14336 Sep 20 13:42 ulogd_inppkt_NFLOG.so
-rwxr-xr-x 1 root root 11936 Sep 20 13:42 ulogd_inppkt_ULOG.so
-rwxr-xr-x 1 root root  6404 Sep 20 13:42 ulogd_output_GPRINT.so
-rwxr-xr-x 1 root root  6276 Sep 20 13:42 ulogd_output_LOGEMU.so
-rwxr-xr-x 1 root root  6132 Sep 20 13:42 ulogd_output_OPRINT.so
-rwxr-xr-x 1 root root  6180 Sep 20 13:42 ulogd_output_SYSLOG.so
-rwxr-xr-x 1 root root 10732 Sep 20 13:42 ulogd_raw2packet_BASE.so


Here are two similar OpenWrt reports:

https://lists.openwrt.org/pipermail/openwrt-tickets/2012-May/045198.html

https://lists.openwrt.org/pipermail/openwrt-tickets/2012-August/048024.html


Anyone else having the same problem?


--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ulogd load_plugin File not found (Bering-uClibc 5.2-beta1 Rev 1)

[cpu memhd]

Okay, I figured out the problem. I didn't realize this was ulogd v2, which 
apparently has more dependencies. But now shorewall isn't logging.

--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ulogd load_plugin File not found (Bering-uClibc 5.2-beta1 Rev 1)

[cpu memhd]

Yes, I used git. My shorewall version is 4.6.2.5, not 5. I think the reason 
it's not logging is because syslog-ng is also trying to use shorewall.log. I'll 
use leaf-devel from now on.




n Monday, October 6, 2014 11:09 AM, kp kirchdoerfer 
 wrote:
Hi;


Am Sonntag, 5. Oktober 2014, 13:12:40 schrieb cpu memhd:
> Okay, I figured out the problem. I didn't realize this was ulogd v2, which
> apparently has more dependencies. But now shorewall isn't logging.

Just to be clear - are you really using 5.2-beta1? 
I'm pretty shure there is no 5.2-beta1 release yet, so you must have compiled 
it from git repository. That would be great, but I'd want to  suggest to 
discuss  issues of  unreleased versions on leaf-devel.

Back to your issue:
ulogd has been updated to version 2 for 5.0 and shorewall is logging, at least 
for me. 
Are you probably using old shorewall config files that does not point to ulogd 
as log target?

kp  


--
Slashdot TV.  Videos for Nerds.  Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ulogd load_plugin File not found (Bering-uClibc 5.2-beta1 Rev 1)

[cpu memhd]

I did it the way the shorewall logging documentation suggests: I specified 
LOG=ULOG in params and then $LOG everywhere else. I also disabled all 
references to shorewall.log in syslog-ng.conf. Still not logging. But it logs 
to syslog-ng just fine when I change it back to 'info'.


BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_MARTIANS=No
LOG_VERBOSITY=2
LOGALLNEW=
LOGFILE=/var/log/shorewall.log
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
MACLIST_LOG_LEVEL=$LOG
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL=$LOG
SFILTER_LOG_LEVEL=$LOG
SMURF_LOG_LEVEL=$LOG
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL=$LOG
UNTRACKED_LOG_LEVEL=


My shorewall version is now 4.6.3.4.

On Tuesday, October 7, 2014 5:09 AM, kp kirchdoerfer 
 wrote:
Am Montag, 6. Oktober 2014, 13:09:10 schrieben Sie:
> Yes, I used git. My shorewall version is 4.6.2.5, not 5. I think the reason
> it's not logging is because syslog-ng is also trying to use shorewall.log.
> I'll use leaf-devel from now on.
> 
Maybe you misunderstood.

I meant Bering-uClibc 5.

Are you shure you have choosen ulog resp nflog as target?

last line of /etc/shorewall/policy:

all   all REJECT  NFLOG(4)  

kp




> 
> 
> n Monday, October 6, 2014 11:09 AM, kp kirchdoerfer
>  wrote: Hi;
> 
> Am Sonntag, 5. Oktober 2014, 13:12:40 schrieb cpu memhd:
> > Okay, I figured out the problem. I didn't realize this was ulogd v2, which
> > apparently has more dependencies. But now shorewall isn't logging.
> 
> Just to be clear - are you really using 5.2-beta1?
> I'm pretty shure there is no 5.2-beta1 release yet, so you must have
> compiled it from git repository. That would be great, but I'd want to 
> suggest to discuss  issues of  unreleased versions on leaf-devel.
> 
> Back to your issue:
> ulogd has been updated to version 2 for 5.0 and shorewall is logging, at
> least for me.
> Are you probably using old shorewall config files that does not point to
> ulogd as log target?
> 
> kp

--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/