Re: Asymmetric gigabit speeds at full load / OpenBSD 3.7

[Sean Knox]

Lars Hansson wrote:

On Wed, 29 Jun 2005 19:16:08 +0200
Frederic BRET [EMAIL PROTECTED] wrote:


So the conclusion may be that the BSD hardwares are limited by the 
ability of their OS to manage interrupts properly...

What do you think about this  ?



I've put 750mpbs between 2 OpenBSD boxes using iperf. The cpu spent ~30% of it's
time in interrupts. This was using -u and -b 750M.
With smaller, 80 bytes, packets they handled  140k pps and ~100mpbs with the cpu
spending ~50% of the time in interupts. It's a GENERIC kernel with ramdisk hooks
and dummy_nops.
These boxes just went into production so i'll probably write something
about them later when I've seen how they perform in the real world.



Interesting. I'm seeing near identical UDP results as the parent poster; 
the receiving OpenBSD box maxes out at 45Mb/s with many dropped packets 
due to full socket buffers. However, I'm able to forward 800Mb/s 
through the OpenBSD router between two linux hosts with no problems.


Sean

Re: sguil and OpenBSD

[Andreas Östling]

On Friday 01 July 2005 02:16, Vivek Ayer wrote:
 Hi all,

 Has anyone installed sguil on OpenBSD? I hear ACID development has
 stopped so it would be an opportune time to switch to sguil. If
 anyone can point me in the right direction of an
 install-and-configure guide specifically for openbsd, that would
 great. I'm running OpenBSD 3.7-current. I need it for the firewall
 that I have setup to protect a wired and wireless network. Thanks.

 Vivek

You'll probably have better luck with the sguil-users mailing list 
(including its archive), there are several OpenBSD users on it.

/Andreas

Re: sguil and OpenBSD

[Monah Baki]

Those are the steps that I took to install sguil on 3.7. This installation 
assumes server, sensor and 
database is on 1 host.

install Openbsd 3.7

/ 2GB
swap 2GB
/var 5GB
/usr 20GB
/nsm (remainding)

System name: idssrvr
Domain: xxx.com
IP: 10.1.1.82/24
DNS Server: 68.100.16.25
GW: 10.1.1.1

Install src and ports to /usr/src and /usr respectively

add users sguil, mysql and (generic id, to login)
add the generic user to group wheel

Default password for all is welcome

mkdir /usr/local/src

cd /usr/ports/net/wget
make install

cd /usr/ports/net/libnet
make install

pkg_add 
ftp://ftp.openbsd.org/pub/OpenBSD/3.7/packages/i386/mysql-server-4.0.23p1.tgz

/usr/local/bin/mysql_install_db --user=mysql
/usr/local/bin/mysqld_safe --user=mysql 
/usr/local/bin/mysqladmin -u root password 'welcome'
/usr/local/bin/mysql -u root -pwelcome

mysql CREATE DATABASE sguildb;
Query OK, 1 row affected (0.00 sec)

mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] IDENTIFIED BY 'welcome' 
WITH GRANT 
OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] IDENTIFIED BY 'welcome' 
WITH GRANT 
OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql \q

cd /usr/local/src
wget http://unc.dl.sourceforge.net/sourceforge/sguil/sguil-client-0.5.3.tar.gz
wget http://unc.dl.sourceforge.net/sourceforge/sguil/sguil-server-0.5.3.tar.gz
wget 
http://easynews.dl.sourceforge.net/sourceforge/sguil/sguil-sensor-0.5.3.tar.gz

tar -xvzf sguil-client-0.5.3.tar.gz
tar -xvzf sguil-server-0.5.3.tar.gz
tar -xvzf sguil-sensor-0.5.3.tar.gz

mv sguil-0.5.3 sguil
cd sguil/server
/usr/local/bin/mysql -u sguil -p -D sguildb  ./sql_scripts/create_sguildb.sql 
Enter Password: welcome

/usr/local/bin/mysql -u sguil -p -e show tables sguildb 
Enter password: welcome
+---+
| Tables_in_sguildb |
+---+
| data  |
| event |
| history   |
| icmphdr   |
| nessus|
| nessus_data   |
| portscan  |
| sancp |
| sensor|
| sessions  |
| status|
| tcphdr|
| udphdr|
| user_info |
| version   |
+---+


mkdir /etc/sguild
cd /usr/local/src/sguil/server
cp sguild.users sguild.conf sguild.queries sguild.access autocat.conf 
/etc/sguild 

cd /usr/local/src
wget http://easynews.dl.sourceforge.net/sourceforge/tcl/tcl8.4.9-src.tar.gz
wget http://easynews.dl.sourceforge.net/sourceforge/tcl/tk8.4.9-src.tar.gz
wget http://easynews.dl.sourceforge.net/sourceforge/tcllib/tcllib-1.7.tar.gz
wget http://internap.dl.sourceforge.net/sourceforge/tclx/tclx8.3.5-src.tar.gz
wget http://www.xdobry.de/mysqltcl/mysqltcl-2.51.tar.gz
wget http://easynews.dl.sourceforge.net/sourceforge/tls/tls1.5.0-src.tar.gz

for i in *.gz; do tar xvzf $i;done

cd /usr/local/src/tcl8.4.9/unix
./configure  make  make install

cd /usr/local/src/tk8.4.9/unix
./configure  make  make install

ln -s /usr/local/bin/tclsh8.4 /usr/local/bin/tclsh 

cd /usr/local/src/tcllib-1.7
./configure  make  make install

cd /usr/local/src/sancp-1.6.1
make
cp sancp /usr/local/bin

cd /usr/local/src/tclx8.3.5/unix
./configure  make  make install

cd /usr/local/src/mysqltcl-2.51
ln -s /usr/local/lib/mysql/libmysqlclient.so.12.0 
/usr/local/lib/libmysqlclient.so
env CC=gcc ./configure --with-mysql-include=/usr/local/include/mysql 
--with-mysql-lib=/usr/
local/lib
make  make install

cd /usr/local/src/tls1.5
./configure --with-tcl=/usr/local/lib --with-tcl-include=/usr/local/include 
--with-ssl-dir=/usr
make  make install

(FOR TESTING TO SEE IF IT WORKS)
/usr/local/bin/tcl 
tclpackage require Tclx
8.3
tclpackage require mysqltcl
2.51
tclexit

cd /usr/ports/security/p0f
make install

cd /usr/ports/net/tcpflow
make install

cd /usr/ports/devel/pcre
make install

vi /etc/sguild/sguild.conf
# DataBase Info
set DBNAME sguildb
set DBPASS welcome
set DBHOST localhost
set DBPORT 3306
set DBUSER sguil

set RULESDIR /nsm/ids/rules
set LOCAL_LOG_DIR /nsm/ids/archive
set TCPFLOW /usr/local/bin/tcpflow
set P0F_PATH /usr/local/bin/p0f

cd /usr/local/src
wget http://www.snort.org/dl/current/snort-2.3.3.tar.gz
wget http://www.snort.org/dl/barnyard/barnyard-0.2.0.tar.gz

tar -xvzf snort-2.3.3.tar.gz
mv snort-2.3.3 snort 
cd /usr/local/src/snort/src/preprocessors
cp spp_portscan.c spp_portscan.c.bak
cp spp_stream4.c spp_stream4.c.bak
cp -r /usr/local/src/sguil/sensor/snort_mods/2_1/* .
patch spp_portscan.c  spp_portscan_sguil.patch

cd ../..
./configure --enable-flexresp  make  make install 

mkdir /etc/snort
cp /usr/local/src/snort/etc/snort.conf /etc/snort
cp /usr/local/src/sguil/sensor/sancp/sancp.conf /usr/local/etc/snort/

cd /usr/local/etc/snort
vi sancp.conf

The only element of the sancp.conf file requiring modification is the HOME_NET
variable. Change the HOME_NET variable to reflect the network you wish to
monitor. Using 0.0.0.0 appears to allow monitoring any network. 

In snort.conf you can disable rules so that 

determine boot device after boot

[Uwe Werler]

hello,

is it possible to determine the boot device after the kernel has
loaded? i did'nt find any variable (with sysctl or an entry in logs)
which contains this information. i want to boot from any device like
floppy, cd etc. and the root will be a ramdisk. after boot i want to
read some additional files from the boot device. is there a way to get
this working?

thanks in advance!

-- 
Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl

Re: Stopping Xorg cleanly on Mac Mini

[Dominik Epple]

On Thu, Jun 30, 2005 at 03:46:32PM -0500, Chandler May wrote:
 I recently posted to this list inquiring how to successfully
 initialize the Xorg server on a Mac Mini (With an LCD monitor through
 DVI) running OpenBSD 3.7. Now, I need to know how to stop it. ;-P

 I've tried reboot as root, and the Exit menu command in the FVWM
 menu, and I get the same results either way. After a few seconds, the
 screen goes blank. Another second and the keys lock up. Then, who
 knows what happens, but it doesn't leave me with any choice but to
 perform a hard reboot with the power button.


My experiences with NetBSD (ya, I know we are on the OpenBSD list) are
similar: The console freezes -- at least the screen. Who knows whether
the keyboard still works if you have no screen ;)

But the machine itself does not lock up, you can login with ssh. Perhaps
you can try that?

--
PGP Public Key and contact information available at
http://www.tphys.physik.uni-tuebingen.de/tplist/phonelist.py?uid=epple

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: SCSI and disk geometry

[José M. Fandiño]

more on this issue.

K WESTERBACK wrote:
 sd0: 34715MB, 34715 cyl, 16 head, 128 sec, 512
 bytes/sec, 71096320 sec total
 sd0: 34715MB, 34715 cyl, 16 head, 128 sec, 512
 bytes/sec, 71096320 sec total
 sd0: 34715MB, 34715 cyl, 16 head, 128 sec, 512
 bytes/sec, 71096320 sec total
 
 sd1: 34715MB, 27150 cyl, 4 head, 654 sec, 512
 bytes/sec, 71096640 sec total
 sd1: 34715MB, 31310 cyl, 4 head, 567 sec, 512
 bytes/sec, 71096640 sec total
 sd1: 34715MB, 27150 cyl, 4 head, 654 sec, 512
 bytes/sec, 71096640 sec total

I did a test with FreeBSD and it detects a geometry of 
4425/255/63 in mirrored (sd0) and not mirrored (sd1) 
disks, and the installation was successful.

 So OpenBSD is finding identical geometry for sd0 on
 all three servers. And the numbers match (34715*16*128
 = 71096320).
 
 For sd1 one result differs from the other two and
 neither set of values seem to match.
 
 I suspect sd1 is behaving badly in some way. I would
 suggest trying a -current snapshot as the geometry
 code has been getting a lot of work lately. If you can
 (and want to) you can compile a kernel with the
 options
 
 option SCSIDEBUG
 option SCSIDEBUG_LEVEL=0xf0
 option SCSIDEBUG_BUSES=0x2
 option SCSIDEBUG_TARGETS=0x5
 option SCSIDEBUG_LUNS=0xff
 
 and send me the output. It will show exactly what the
 disks are saying about their geometry.

http://195.55.55.164/tests/OpenBSD/server3-dmesg-orig.txt
http://195.55.55.164/tests/OpenBSD/server3-dmesg-SCSIDEBUG.txt
http://195.55.55.164/tests/OpenBSD/server3-fdisk.txt
http://195.55.55.164/tests/OpenBSD/server3-label.txt
http://195.55.55.164/tests/OpenBSD/server3-sysctl.txt



-- 
GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP t+ 5 X+$ R- tv-- b+++ DI D+
G++ e- h+(++) !r !z
--END GEEK CODE BLOCK--

Re: HP ProLiant DL140 serial consola installation

[Nick Holland]

Martin Bruns wrote:
 Hi,
 
 I'm trying to install OpenBSD 3.7 on a HP ProLiant DL140 server via the
 serial console.
 
 I'm booting via pxeboot and I get the second-stage boot loader prompt on
 the console.
 But after entering set tty com0, the serial line is nolonger functional.
 
 I was searching the net but could only find a different way, I'm a
 newbie in OpenBSD.
 
 Also initially I wanted to have console speed 115200 but that seems to
 be more complicated.

This situation is covered under amd64 and i386 notes section of the FAQ:
  http://www.openbsd.org/faq/faq7.html#SerCon
No Good Solution.

If your goal is a serial install, turn off the BIOS console redirection,
assuming you don't have a Continue console redirection after POST
option, and set up a boot.conf file in your tftp server which will
switch pxeboot over to serial console.

Skip the 115200 baud stuff.  That's silly... Your serial solution goes
from being when all else fails, I have serial console to Yet One More
Thing Causing Problems.  9600 bps is reliable, runs long distances,
works with almost any device and/or OS on the other end, and Just Works.
  115200 is for either doing something via serial you probably shouldn't
be, or showing off, look what I can do!


Nick.

ADSL modem Amigo HMX - CA85UR - K8 (USB)

[RGKärcher]

Hi all , 

I would like to know if anyone of you have make it
works this modem . 

The modem is : ADSL Amigo HMX - CA85UR - K8 (USB)

In linux it seems to works , but in openBSd I have no
information at all that this modem works . 

All the info under linux is in this site : 

http://accessrunner.sourceforge.net/

The guys recompile the linux kernel , adding support
for the conexant chips and extract the FIRMWARE from
the windows drivers ...

What I want to know if it possible to use this modem
under Open BSD , and I any of you guys succeded . 

this kind of ADSL USB modem is very common in Europe
and America (TELECOM and TELEFONICA ) uses it . 

Would it be great if OpenBSD had support for this kind
of modem . 

Thanks in Advance guys ,

Greetings , 

Ricardo Karcher 
www.imaginator.com
www.gnosticos.net 






__
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam !gratis! 
!Abrm tu cuenta ya! - http://correo.yahoo.com.ar

Re: Stopping Xorg cleanly on Mac Mini

[Ray Percival]

On Fri, Jul 01, 2005 at 11:55:31AM +0200, Dominik Epple wrote:
 On Thu, Jun 30, 2005 at 03:46:32PM -0500, Chandler May wrote:
  I recently posted to this list inquiring how to successfully
  initialize the Xorg server on a Mac Mini (With an LCD monitor through
  DVI) running OpenBSD 3.7. Now, I need to know how to stop it. ;-P
 
  I've tried reboot as root, and the Exit menu command in the FVWM
  menu, and I get the same results either way. After a few seconds, the
  screen goes blank. Another second and the keys lock up. Then, who
  knows what happens, but it doesn't leave me with any choice but to
  perform a hard reboot with the power button.
 
 
 My experiences with NetBSD (ya, I know we are on the OpenBSD list) are
 similar: The console freezes -- at least the screen. Who knows whether
 the keyboard still works if you have no screen ;)
I've seen the same problem on a Dell laptop. I don't have the model number or a 
dmesg just now but I'll post one when I can get it. 
 
 But the machine itself does not lock up, you can login with ssh. Perhaps
 you can try that?
 
 --
 PGP Public Key and contact information available at
 http://www.tphys.physik.uni-tuebingen.de/tplist/phonelist.py?uid=epple
 
 [demime 1.01d removed an attachment of type application/pgp-signature which 
 had a name of signature.asc]
 

-- 
BOFH excuse #424:

operation failed because: there is no message for this error (#1014)

Re: Stopping Xorg cleanly on Mac Mini

[Niclas Sodergard]

On 7/1/05, Chandler May [EMAIL PROTECTED] wrote:
 
 No, Ctrl+Alt+Backspace yields the same results - blank screen, locked
 keys, bleh.

This also happens on a iMac G4 running 3.7. The keyboard is still
working so at least I can restart the computer properly from the
console.

cheers,
Nickus

openbsd and dietlibc

[poncenby]

Hello all

being a naturally lazy person i was wondering whether anyone knows of a 
nice easy, step-by-step guide to modifying the dietlibc source so it 
will compile on openbsd 3.7.  the PORT file in dietlibc source describes 
(not fully perhaps) waht to do:


  - edit Makefile to detect the architecture
  - create a directory for the architecture, and put a Makefile.add in
it.  Look at the other Makefile.adds for guidance.
  - provide start.S (the start code, look at glibc)
  - provide unified.S (the unified syscall)
  - provide syscalls.h (the syscall numbers, from asm/unistd.h)
  - provide setjmp and longjmp
  - edit include/setjmp.h
  - pipe, clone and mmap often need special care
  - edit include/sys/ioctl.h
  - edit include/sys/ptrace.h
  - edit include/asm/sigcontext.h
  - edit include/sys/ucontext.h
  - edit include/endian.h
  - edit include/fcntl.h
  - edit include/sys/mman.h
  - edit include/sys/shm.h
  - edit include/sys/stat.h
  - edit include/errno.h
  - edit syscalls.h
  - edit include/termios.h
  - edit diet.c to make it recognize the architecture and add proper
CFLAGS
  - edit libcompat/syscall.S

i think if I tried myself it would take far too long to justify the outcome.
so are there anyone out there that wants to make it easier for me (and 
everyone else)


thanks!

Re: openbsd and dietlibc

[Damien Miller]

poncenby wrote:

Hello all

being a naturally lazy person i was wondering whether anyone knows of a 
nice easy, step-by-step guide to modifying the dietlibc source so it 
will compile on openbsd 3.7.  


Why? OpenBSD's libc is pretty slim already. If you have need of a
further cut-down libc, you could trim it more.

-d

Re: Ath0 on WRAP and OpenBSD 3.7

[steven n fettig]

Jonathan Weiss wrote:


Jonathan Weiss wrote:

   


Cheers,

I have a Problem with a WRAP board (dmesg attached) and a MiniPCI WLAN card.
The card is a Wistron CM9. My /etc/hostname.ath0 looks like this:

#cat /etc/hostname.ath
inet 192.168.1.1 255.255.255.0 NONE media autoselect \
mediaopt hostap nwid wrap chan 11

#ifconfig ath0
ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500
  address: 00:0b:6b:35:b0:1b
  ieee80211: nwid wrap chan 11 bssid 00:0b:6b:35:b0:1b
  media: IEEE802.11 autoselect hostap (autoselect mode 11a hostap)
  status: active
  inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
  inet6 fe80::20b:6bff:fe35:b01b%ath0 prefixlen 64 scopeid 0x1

But I cannot join the network and also cannot see it with a WLAN-scanner
(Kismac on a PowerBook with OS X).

Lately there have been some reports about problems with WRAP/ath/OpenBSD.

Does ath in hostap mode works in 3.7 or do I have to upgrade to current?
 



 


I am still getting *my* feet wet with wireless in OpenBSD, but the ath
device in my ThinkPad required that I update to -current (per Theo's
suggestion).  After that, I haven't had any problems with joining
networks or creating them.  I just tested setting up a network with the
ThinkPad and it worked fine.  I last updated Sunday, so I imagine it
still works.

   



I upgraded to Current:
OpenBSD 3.7-current (GENERIC) #214: Thu Jun 30 11:43:53 MDT 2005
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC
586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
real mem  = 133804032 (130668K)
avail mem = 115535872 (112828K)

But still, no wireless network and I now get this:
# wicontrol ath0 
wicontrol: SIOCGWAVELAN (0xfd0b): Invalid argument


 



Why are you using wicontrol?

man wicontrol:

The wicontrol command controls the operation of WaveLAN/IEEE wireless 
networking devices via the wi(4) and awi(4) drivers.


you are using an ath device not awi or wi.  Also, use ifconfig to 
control athX in configuring it for host-based AP mode.  Look at the end 
of man ath and you will find very good instructions on how to do so.


Steve Fettig


With 3.7 I got no error.
--
Jonathan Weiss
[EMAIL PROTECTED]
http://blog.innerewut.de


 


Steve Fettig

   



Greets,
Jonathan

---
OpenBSD 3.7-current (GENERIC) #214: Thu Jun 30 11:43:53 MDT 2005
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC
586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
real mem  = 133804032 (130668K)
avail mem = 115535872 (112828K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(fa) BIOS, date 05/02/05, BIOS32 rev. 0 @ 0xfc5f2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00
ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 12
ath0: AR5212 5.9 phy 4.3 rf5112 3.6, FCC1A, address 00:0b:6b:35:b0:1b
sis0 at pci0 dev 14 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq
10, address 00:0d:b9:01:92:d0
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 15 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq
9, address 00:0d:b9:01:92:d1
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 16 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq
11, address 00:0d:b9:01:92:d2
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00
gpio0 at gscpcib0: 64 pins
NS SC1100 SMI/ACPI rev 0x00 at pci0 dev 18 function 1 not configured
pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: SAMSUNG CF/ATA
wd0: 1-sector PIO, LBA, 497MB, 1018080 sectors
wd0(pciide0:0:0): using PIO mode 4
NS SCx200 AUDIO rev 0x00 at pci0 dev 18 function 3 not configured
geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6
revision 3 wdstatus 0
ohci0 at pci0 dev 19 function 0 Compaq USB OpenHost rev 0x08: irq 9,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Compaq OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
isa0 at gscpcib0
isadma0 at isa0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
sysbeep0 at pcppi0
gscsio0 at isa0 port 0x2e/2: SC1100 SIO rev 1: ACB1 ACB2
iic0 at gscsio0
iic1 at gscsio0
lmtemp0 at iic1 addr 0x48: LM77
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo

Re: Ath0 on WRAP and OpenBSD 3.7

[Jonathan Weiss]

 #cat /etc/hostname.ath
 inet 192.168.1.1 255.255.255.0 NONE media autoselect \
 mediaopt hostap nwid wrap chan 11
 
 #ifconfig ath0
 ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu
 1500
   address: 00:0b:6b:35:b0:1b
   ieee80211: nwid wrap chan 11 bssid 00:0b:6b:35:b0:1b
   media: IEEE802.11 autoselect hostap (autoselect mode 11a hostap)
   status: active
   inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
   inet6 fe80::20b:6bff:fe35:b01b%ath0 prefixlen 64 scopeid 0x1

 Why are you using wicontrol?
 
 man wicontrol:
 
 The wicontrol command controls the operation of WaveLAN/IEEE wireless
 networking devices via the wi(4) and awi(4) drivers.
 
 you are using an ath device not awi or wi.  Also, use ifconfig to
 control athX in configuring it for host-based AP mode.  Look at the end
 of man ath and you will find very good instructions on how to do so.
 

I used wicontrol as I tried to get the card working and played around. I
just posted it, because it's behaviour changed from 3.7 to current.

I used the instructions from `man ath` for my configuration in the first
place. My /etc/hostname.ath is from `man ath` with just the nwid changed.

I also switched antennas, but no luck.

Greets,
Jonathan
--
Jonathan Weiss
[EMAIL PROTECTED]
http://blog.innerewut.de

Re: read-only storage media

[Will H. Backman]

Kernel security levels may do what you want with less hassle.  Machine
would need a reboot before they can be lowered. 

See man page (7) for securelevel

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
 Matt Garman
 Sent: Friday, July 01, 2005 11:06 AM
 To: OpenBSD Misc
 Subject: read-only storage media
 
 Is there any kind of storage media that can be set as read-only, and
 only reset to read and write by physical access?
 
 I'm thinking about something like the (seemingly ancient) 3.5
 floppy disks that had that little switch you could use to set the
 disk to read only.
 
 Are there any hard drives that have a similar kind of feature?
 
 I'm thinking that this would be nice for a firewall machine: if the
 machine was compromised, it still couldn't be modified (i.e.,
 volumes mounted read only can always be remounted read-write if the
 machine is root compromised).
 
 I'm thinking that I could burn a CD-R (and re-burn it whenever
 there's a configuration change), but it seems like the system might
 have a lot of latency and the CD-ROM drive might prematurely fail.
 
 Any thoughts?
 
 Thanks,
 Matt
 
 --
 Matt Garman
 email at: http://raw-sewage.net/index.php?file=email

Re: read-only storage media

[Steve Welham]

Some hard disks have a write protect jumper. I've got an old Seagate
Barracuda (ST3217N) that has this - although it's not something I've
ever tried to use.

Steve

 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Matt Garman
Sent: 01 July 2005 16:06
To: OpenBSD Misc
Subject: read-only storage media

Is there any kind of storage media that can be set as read-only, and
only reset to read and write by physical access?

I'm thinking about something like the (seemingly ancient) 3.5
floppy disks that had that little switch you could use to set the disk
to read only.

Are there any hard drives that have a similar kind of feature?

I'm thinking that this would be nice for a firewall machine: if the
machine was compromised, it still couldn't be modified (i.e., volumes
mounted read only can always be remounted read-write if the machine is
root compromised).

I'm thinking that I could burn a CD-R (and re-burn it whenever there's a
configuration change), but it seems like the system might have a lot of
latency and the CD-ROM drive might prematurely fail.

Any thoughts?

Thanks,
Matt

--
Matt Garman
email at: http://raw-sewage.net/index.php?file=email

Re: Ath0 on WRAP and OpenBSD 3.7

[Jonathan Weiss]

 Jonathan Weiss wrote:
 
 Cheers,
 
 I have a Problem with a WRAP board (dmesg attached) and a MiniPCI WLAN card.
 The card is a Wistron CM9. My /etc/hostname.ath0 looks like this:
 
 #cat /etc/hostname.ath
 inet 192.168.1.1 255.255.255.0 NONE media autoselect \
 mediaopt hostap nwid wrap chan 11
 
 #ifconfig ath0
 ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 00:0b:6b:35:b0:1b
ieee80211: nwid wrap chan 11 bssid 00:0b:6b:35:b0:1b
media: IEEE802.11 autoselect hostap (autoselect mode 11a hostap)
status: active
inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
inet6 fe80::20b:6bff:fe35:b01b%ath0 prefixlen 64 scopeid 0x1
 
 But I cannot join the network and also cannot see it with a WLAN-scanner
 (Kismac on a PowerBook with OS X).
 
 Lately there have been some reports about problems with WRAP/ath/OpenBSD.
 
 Does ath in hostap mode works in 3.7 or do I have to upgrade to current?
 
 I am still getting *my* feet wet with wireless in OpenBSD, but the ath
 device in my ThinkPad required that I update to -current (per Theo's
 suggestion).  After that, I haven't had any problems with joining
 networks or creating them.  I just tested setting up a network with the
 ThinkPad and it worked fine.  I last updated Sunday, so I imagine it
 still works.
 

I upgraded to Current:
OpenBSD 3.7-current (GENERIC) #214: Thu Jun 30 11:43:53 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC
586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
real mem  = 133804032 (130668K)
avail mem = 115535872 (112828K)

But still, no wireless network and I now get this:
# wicontrol ath0 
wicontrol: SIOCGWAVELAN (0xfd0b): Invalid argument

With 3.7 I got no error.
--
Jonathan Weiss
[EMAIL PROTECTED]
http://blog.innerewut.de


 Steve Fettig
 

Greets,
Jonathan

---
OpenBSD 3.7-current (GENERIC) #214: Thu Jun 30 11:43:53 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC
586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
real mem  = 133804032 (130668K)
avail mem = 115535872 (112828K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(fa) BIOS, date 05/02/05, BIOS32 rev. 0 @ 0xfc5f2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00
ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 12
ath0: AR5212 5.9 phy 4.3 rf5112 3.6, FCC1A, address 00:0b:6b:35:b0:1b
sis0 at pci0 dev 14 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq
10, address 00:0d:b9:01:92:d0
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 15 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq
9, address 00:0d:b9:01:92:d1
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 16 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq
11, address 00:0d:b9:01:92:d2
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00
gpio0 at gscpcib0: 64 pins
NS SC1100 SMI/ACPI rev 0x00 at pci0 dev 18 function 1 not configured
pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: SAMSUNG CF/ATA
wd0: 1-sector PIO, LBA, 497MB, 1018080 sectors
wd0(pciide0:0:0): using PIO mode 4
NS SCx200 AUDIO rev 0x00 at pci0 dev 18 function 3 not configured
geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6
revision 3 wdstatus 0
ohci0 at pci0 dev 19 function 0 Compaq USB OpenHost rev 0x08: irq 9,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Compaq OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
isa0 at gscpcib0
isadma0 at isa0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
sysbeep0 at pcppi0
gscsio0 at isa0 port 0x2e/2: SC1100 SIO rev 1: ACB1 ACB2
iic0 at gscsio0
iic1 at gscsio0
lmtemp0 at iic1 addr 0x48: LM77
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
biomask e3ef netmask ffef ttymask ffef
pctr: no performance counters in CPU
nvram: invalid checksum
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
clock: unknown CMOS layout

Re: read-only storage media

[Dan Bond]

You might want to consider a setup similar to http://m0n0.ch/wall/
where it loads off of a cd or whatever, into a ramdisc. This would
deal with the latency and life of the cd drive issues.

Dan

On 7/1/05, Matt Garman [EMAIL PROTECTED] wrote:
 Is there any kind of storage media that can be set as read-only, and
 only reset to read and write by physical access?
 
 I'm thinking about something like the (seemingly ancient) 3.5
 floppy disks that had that little switch you could use to set the
 disk to read only.
 
 Are there any hard drives that have a similar kind of feature?
 
 I'm thinking that this would be nice for a firewall machine: if the
 machine was compromised, it still couldn't be modified (i.e.,
 volumes mounted read only can always be remounted read-write if the
 machine is root compromised).
 
 I'm thinking that I could burn a CD-R (and re-burn it whenever
 there's a configuration change), but it seems like the system might
 have a lot of latency and the CD-ROM drive might prematurely fail.
 
 Any thoughts?
 
 Thanks,
 Matt
 
 --
 Matt Garman
 email at: http://raw-sewage.net/index.php?file=email

Re: read-only storage media

[Uwe Werler]

hi matt,

what is with an usb stick? that's my approach.

regards uwe

 
 Is there any kind of storage media that can be set as read-only, and
 only reset to read and write by physical access?
 
 I'm thinking about something like the (seemingly ancient) 3.5
 floppy disks that had that little switch you could use to set the
 disk to read only.
 
 Are there any hard drives that have a similar kind of feature?
 
 I'm thinking that this would be nice for a firewall machine: if the
 machine was compromised, it still couldn't be modified (i.e.,
 volumes mounted read only can always be remounted read-write if the
 machine is root compromised).
 
 I'm thinking that I could burn a CD-R (and re-burn it whenever
 there's a configuration change), but it seems like the system might
 have a lot of latency and the CD-ROM drive might prematurely fail.
 
 Any thoughts?
 
 Thanks,
 Matt
 
 -- 
 Matt Garman
 email at: http://raw-sewage.net/index.php?file=email
 

-- 
5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
+++ GMX - die erste Adresse f|r Mail, Message, More +++

Re: openbsd and dietlibc

[poncenby]

Damien Miller wrote:


Why? OpenBSD's libc is pretty slim already. If you have need of a
further cut-down libc, you could trim it more.


Because I want dietlibc for a fnord installation and haven't got the 
time or experience to fiddle around and get fnord to work with anything 
but dietlibc.

any chance of pointing me in the right direction?

Re: Honesty needed...

[Tobias Weingartner]

I'm late to the game... but why not split the load over a number
of servers? Using carp for reduncancy, rdr/round-robin and/or hash,
you should be able to spread the load some.

--Toby.

On Wednesday, June 29, Jeffrey Lim wrote:
 On 6/29/05, Matt Juszczak [EMAIL PROTECTED] wrote:
  Just spoke with the boss.  My boss really wants to run SMP.  He's an
  ill-informed business man and thinks that a single 3 ghz with 4 gb RAM
  couldn't handle our mail server, which I believe it would have no problems
  at all doing.
  
 
 sounds like somebody who wouldnt know the difference anyway if u just
 went right ahead and *not* used smp, and told him otherwise, doesnt
 it?
 
 I'm not saying outright that u should really give up smp - but this is
 an option for u.
 
 -jf
 
10,000 users isn't that many.
  Either way, if hes set on SMP, then I either need to go to another *BSD
  other than FreeBSD which wont have this problem (such as OpenBSD, although
  do you know whether or not OpenBSD's SMP can support Dual Xeon's?) or
  NetBSD.  Otherwise, I have to go to linux or windows which I really don't
  want to do at all.
  
  Thanks again for your help.
  
  Regards,
  
  Matt

Re: read-only storage media

[Michael Haertjens]

On Friday 01 July 2005 11:06 am, Matt Garman wrote:

SD-RAM cards have a physical read-only/read-write switch.  I've used them for 
exactly this purpose.  Though you need an adapter to make them appear as a 
regular IDE drive.

Mike

 Is there any kind of storage media that can be set as read-only, and
 only reset to read and write by physical access?

 I'm thinking about something like the (seemingly ancient) 3.5
 floppy disks that had that little switch you could use to set the
 disk to read only.

 Are there any hard drives that have a similar kind of feature?

 I'm thinking that this would be nice for a firewall machine: if the
 machine was compromised, it still couldn't be modified (i.e.,
 volumes mounted read only can always be remounted read-write if the
 machine is root compromised).

 I'm thinking that I could burn a CD-R (and re-burn it whenever
 there's a configuration change), but it seems like the system might
 have a lot of latency and the CD-ROM drive might prematurely fail.

 Any thoughts?

 Thanks,
 Matt

Re: Ath0 on WRAP and OpenBSD 3.7

[steven n fettig]

Jonathan Weiss wrote:


#cat /etc/hostname.ath
inet 192.168.1.1 255.255.255.0 NONE media autoselect \
mediaopt hostap nwid wrap chan 11

#ifconfig ath0
ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu
1500
 address: 00:0b:6b:35:b0:1b
 ieee80211: nwid wrap chan 11 bssid 00:0b:6b:35:b0:1b
 media: IEEE802.11 autoselect hostap (autoselect mode 11a hostap)
 status: active
 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
 inet6 fe80::20b:6bff:fe35:b01b%ath0 prefixlen 64 scopeid 0x1
 



 


Why are you using wicontrol?

man wicontrol:

The wicontrol command controls the operation of WaveLAN/IEEE wireless
networking devices via the wi(4) and awi(4) drivers.

you are using an ath device not awi or wi.  Also, use ifconfig to
control athX in configuring it for host-based AP mode.  Look at the end
of man ath and you will find very good instructions on how to do so.

   



I used wicontrol as I tried to get the card working and played around. I
just posted it, because it's behaviour changed from 3.7 to current.

I used the instructions from `man ath` for my configuration in the first
place. My /etc/hostname.ath is from `man ath` with just the nwid changed.

 



You need to start providing complete information each time you try 
something new.  Show us exactly what hostname.if is and the ifconfig -a 
info each time you post back that it isn't working.


Also is it /etc/hostname.ath or /etc/hostname.ath0?  Do you see the 
difference?


But, before you muck around more with hostname.if, try the example from 
man ath:


# ifconfig ath0 -bssid -chan media autoselect nwid  -nwkey -powersave

then:

# ifconfig ath0 inet 192.168.1.1 255.255.255.0 NONE media autoselect 
mediaopt hostap nwid my_net chan 11


you have to add ifconfig ath0 (for obvious reasons) to the example in 
the man page.  I have done this a number of times with the exact same 
card you have and it has worked every single time.  I even changed the 
nwid from my_net to pigsfly and it worked fine.


You also need to send your ifconfig -a along - you are not doing 
something correctly or the card is broke or I'm out of my mind...


Steve Fettig

Re: 4port Realtek nic

[Andy Hayward]

 More evidence - the description claims it uses the RTL8139D and RTL8305SB
 chipsets. The RTL8139D chipset is obviously the NIC, the RTL8305B chipset is
 a five port switch:
 
 http://www.realtek.com.tw/products/products1-2.aspx?modelid=18

In the end my couriousity won and I acquired one of these. Works out of the box,
appears as a single NIC to OpenBSD:

  rl0 at pci0 dev 10 function 0 Realtek 8139 rev 0x10: irq 10
address 00:e0:4c:09:1f:50
  rlphy0 at rl0 phy 0: RTL internal phy

-- ach

Please help: DHCP over IPSec

[C. L. Martinez]

Hi all,

 Please this is very urgent for me. Where I can find configuration
docs about to configure isakmpd with x509 certificates and DHCP over
IPSec for OpenBSD??

Thank you very much to all.
-- 
C.L. Martinez
[EMAIL PROTECTED]

Re: Stopping Xorg cleanly on Mac Mini

[Chandler May]

On 7/1/05, Dominik Epple [EMAIL PROTECTED] wrote:
 On Thu, Jun 30, 2005 at 03:46:32PM -0500, Chandler May wrote:
  I recently posted to this list inquiring how to successfully
  initialize the Xorg server on a Mac Mini (With an LCD monitor through
  DVI) running OpenBSD 3.7. Now, I need to know how to stop it. ;-P
 
  I've tried reboot as root, and the Exit menu command in the FVWM
  menu, and I get the same results either way. After a few seconds, the
  screen goes blank. Another second and the keys lock up. Then, who
  knows what happens, but it doesn't leave me with any choice but to
  perform a hard reboot with the power button.
 
 
 My experiences with NetBSD (ya, I know we are on the OpenBSD list) are
 similar: The console freezes -- at least the screen. Who knows whether
 the keyboard still works if you have no screen ;)
 
 But the machine itself does not lock up, you can login with ssh. Perhaps
 you can try that?
 

I can tell the keyboard stops working because Num/Caps Lock stick
(pressing them won't alter the status lights).

Once I stop X, the machine stops responding to pings, and won't accept
an SSH connection, either.

Chandler

 --
 PGP Public Key and contact information available at
 http://www.tphys.physik.uni-tuebingen.de/tplist/phonelist.py?uid=epple
 
 
 BodyID:25550278.2.n.logpart (stored separately)

Re: sguil and OpenBSD

[Vivek Ayer]

Does /nsm need to be a seperate partition? I have a 10 GB install with
768 MB for /, 768 MB for swap, 768 for /tmp, 4 GB for /var, 2 GB for
/usr, and rest for /home. /nsm must be the log directory so it would
good to flush out the whole partition once in a while.

Also, my firewall is headless, obviously. I'll be sshing from my
personal comp to admin. But do I have a to install a sguil client on
my personal comp so I can view the sguil via http? Thanks.

Vivek

Re: sguil and OpenBSD

[SRH-Lists]

 Does /nsm need to be a seperate partition? I have a 10 GB install with
 768 MB for /, 768 MB for swap, 768 for /tmp, 4 GB for /var, 2 GB for
 /usr, and rest for /home. /nsm must be the log directory so it would
 good to flush out the whole partition once in a while.
 
 Also, my firewall is headless, obviously. I'll be sshing from my
 personal comp to admin. But do I have a to install a sguil client on
 my personal comp so I can view the sguil via http? Thanks.
 
 Vivek
 

You are getting into implementation details that would be much better
discussed on the sguil-users list.

-srh

Re: Please help: DHCP over IPSec

[Sean Knox]

C. L. Martinez wrote:

Hi all,

 Please this is very urgent for me. Where I can find configuration
docs about to configure isakmpd with x509 certificates and DHCP over
IPSec for OpenBSD??



DHCP over IPSec isn't supported. Virtual IPs with IKE Mode config works 
well, though.


sk

Re: Honesty needed...

[Bob Beck]

I concur. mail load is ideally suited for dividing up
amongst multiple machines (with then multiple i/o busses, etc. etc.).

I far prefer this method to the one big machine method.

-Bob


* Tobias Weingartner [EMAIL PROTECTED] [2005-07-01 10:11]:
 I'm late to the game... but why not split the load over a number
 of servers? Using carp for reduncancy, rdr/round-robin and/or hash,
 you should be able to spread the load some.
 
 --Toby.
 
 On Wednesday, June 29, Jeffrey Lim wrote:
  On 6/29/05, Matt Juszczak [EMAIL PROTECTED] wrote:
   Just spoke with the boss.  My boss really wants to run SMP.  He's an
   ill-informed business man and thinks that a single 3 ghz with 4 gb RAM
   couldn't handle our mail server, which I believe it would have no problems
   at all doing.
   
  
  sounds like somebody who wouldnt know the difference anyway if u just
  went right ahead and *not* used smp, and told him otherwise, doesnt
  it?
  
  I'm not saying outright that u should really give up smp - but this is
  an option for u.
  
  -jf
  
 10,000 users isn't that many.
   Either way, if hes set on SMP, then I either need to go to another *BSD
   other than FreeBSD which wont have this problem (such as OpenBSD, although
   do you know whether or not OpenBSD's SMP can support Dual Xeon's?) or
   NetBSD.  Otherwise, I have to go to linux or windows which I really don't
   want to do at all.
   
   Thanks again for your help.
   
   Regards,
   
   Matt
 

-- 
Bob Beck   Computing and Network Services
[EMAIL PROTECTED]   University of Alberta
True Evil hides its real intentions in its street address.

Re: Please help: DHCP over IPSec

[Sean Knox]

(please do not write me off list)

C. L. Martinez wrote:

Ok, but if i would like use windows ipsec native client. How can I
assign virtual ip???
Or somebody knows any free vpn client taht works with virtual ip and
x509 certs???


AFAIK, the windows native client does not support virtual IPs. I'm not 
aware of a free client that handles both IKECFG and x509. You might want 
to take a look at Greenbow. They produce a windows VPN client based off 
isakmpd. It's priced at 58 euros.


sk

panic in 3.7

[Rafael Morales]

Hi list.

I have a pc (Dell Optiplex) with openbsd 3.7, which
will be firewall, but in this morning I found my pc
with this error message:

 ~panic: pool_get(mclpl): free list modified:
magic=deaf; page 0xd3b38000;
item addr 0xd3b38000
Sropped at  Debuger+0x4:   leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN
REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING
THAT INFORMATION!
ddb

This is my dmesg:

OpenBSD 3.7 (GENERIC) #0: Tue Jun 28 13:13:45 CDT 2005
   
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 930
MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 132489216 (129384K)
avail mem = 114380800 (111700K)
using 1642 buffers containing 6725632 bytes (6568K) of
memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 03/07/01,
BIOS32 rev. 0 @ 0xfda74
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2f30/192
(10 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel
82371FB ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82810E rev 0x03
vga1 at pci0 dev 1 function 0 Intel 82810E Graphics
rev 0x03: aperture at 0xf800, size 0x400
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 Intel 82801AA
Hub-to-PCI rev 0x02
pci1 at ppb0 bus 1
xl0 at pci1 dev 8 function 0 3Com 3c905C 100Base-TX
rev 0x74: irq 11, address 00:01:02:bf:54:56
bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY,
rev. 6
xl1 at pci1 dev 9 function 0 3Com 3c905 100Base-TX
rev 0x00: irq 10, address 00:60:08:52:d3:06
nsphy0 at xl1 phy 24: DP83840 10/100 PHY, rev. 1
ATT/Lucent LTMODEM rev 0x00 at pci1 dev 11 function
0 not configured
ichpcib0 at pci0 dev 31 function 0 Intel 82801AA LPC
rev 0x02
pciide0 at pci0 dev 31 function 1 Intel 82801AA IDE
rev 0x02: DMA, channel 0 wired to compatibility,
channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: ST320413A
wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: LG, CD-ROM CRD-8482B,
1.05 SCSI0 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 31 function 2 Intel 82801AA USB
rev 0x02: irq 9
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00,
addr 1
uhub0: 2 ports with 2 removable, self powered
Intel 82801AA SMBus rev 0x02 at pci0 dev 31 function
3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console
keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte
fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask f36d netmask ff6d ttymask ffef
pctr: 686-class user-level performance counters
enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
WARNING: / was not properly unmounted
--

Thanks for your help 

Re: panic in 3.7

[Peter Hessler]

On Fri, Jul 01, 2005 at 01:34:25PM -0500, Rafael Morales wrote:

:RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN
:REPORTING THIS PANIC!
:DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING
:THAT INFORMATION!

em0 and SMP problem

[Michał Koc]

Hello all,

I've a problem with em0 (and eventually any other nic connected to the 
pci bus) on double Xeon, while I run smp kernel.


I have no idea what could couse it, there was problem with ICU but I've 
fixed it as follows:


pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x2480
pcibios0: Warning, unable to fix up PCI interrupt routing

to

pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801CA LPC rev 0x00)

but that did not fix em0 nic.

The motherboard is IntelB. Server Board SE7501HG2, two em0 onborad, not 
working.

Bios upgrade does not change anything.

If someone could point me out where to look for the problem, I would be 
extremely thankfull.
I've got 4 machines with this configuration and I hate to run freebsd on 
them.


Best regards
Michal Koc

Re: panic in 3.7

[Stuart Henderson]

On 2005/07/01 13:34:25, Rafael Morales wrote:
 Hi list.
 
 I have a pc (Dell Optiplex) with openbsd 3.7, which
 will be firewall, but in this morning I found my pc
 with this error message:
 
  ~panic: pool_get(mclpl): free list modified:
 magic=deaf; page 0xd3b38000;
 item addr 0xd3b38000
 Sropped at  Debuger+0x4:   leave

'Sropped' and 'Debuger'? Very odd. Is this a mis-paste or 
genuine output? If it's genuine, I'd be looking at hardware
problems first...(run memtest?)

 RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN
 REPORTING THIS PANIC!
 DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING
 THAT INFORMATION!

Surely, the above speaks for itself?

Re: Please help: DHCP over IPSec

[C. L. Martinez]

Ok. Thank you very much for your help.


On 7/1/05, Sigfred Heversen [EMAIL PROTECTED] wrote:
 C. L. Martinez wrote:
  Hi all,
 
   Please this is very urgent for me. Where I can find configuration
  docs about to configure isakmpd with x509 certificates and DHCP over
  IPSec for OpenBSD??
 
  Thank you very much to all.
 
 As some poster wrote, this might not be supported. You might have
 a look at openvpn.net that supports dhcp and has a Windows client,
 and is in the ports.
 
 /Sigfred
 
 


-- 
C.L. Martinez
[EMAIL PROTECTED]

An incredibly stupid question...

[Matt Singerman]

Yes, laugh at me if you must, but I'm really not all that familiar with OpenBSD.

Suppose I am putting a second hard drive in the system.  I will want
to, you know, format it and use it.

(1) What format does OpenBSD normally use?
(2) How do I format a drive under OpenBSD?

Please, when you're done chuckling, help me out here.

Thanks,

Matt

Re: An incredibly stupid question...

[Marco Peereboom]

man fdisk
man disklabel
man newfs

http://www.openbsd.com/faq/index.html
http://www.openbsd.com/faq/faq14.html

On Jul 1, 2005, at 3:42 PM, Matt Singerman wrote:

Yes, laugh at me if you must, but I'm really not all that familiar  
with OpenBSD.


Suppose I am putting a second hard drive in the system.  I will want
to, you know, format it and use it.

(1) What format does OpenBSD normally use?
(2) How do I format a drive under OpenBSD?

Please, when you're done chuckling, help me out here.

Thanks,

Matt

German Umlauts

[Oliver J. Morais]

Hi all!

OpenBSD 3.7-current (GENERIC) #212: Mon Jun 27 21:48:43 MDT 2005

I want to use german umlauts in xterm, which works fine using csh
and ksh -o vi but NOT using ksh -o emacs :-( (Umlauts work fine
in other applications like vim, xchat, firefox...)

My ~./profile (Slightly stripped to the relevant parts, umlauts not
working.)

,[ ~/.profile ]-
| TERM=xterm-color
| VISUAL=vim
| export TERM VISUAL
| set -o emacs
| set emacs-usemeta on
| set convert-meta off
| set input-meta on
| set output-meta on
`

As soon as I type set -o vi I have umlauts, Euro-Sign etc. but I'd
really like to use -o emacs instead of -o vi

I'm sure I'm missing some detail, so: cluestick, anyone? :-)

Re: An incredibly stupid question...

[Oliver Fuchs]

On Fri, 01 Jul 2005, Matt Singerman wrote:

 Yes, laugh at me if you must, but I'm really not all that familiar with 
 OpenBSD.
 
 Suppose I am putting a second hard drive in the system.  I will want
 to, you know, format it and use it.
 
 (1) What format does OpenBSD normally use?

It is 4.2BSD

 (2) How do I format a drive under OpenBSD?

In OpenBSD FAQ you find:

14.3 - Adding extra disks in OpenBSD

Oliver
-- 
... don't touch the bang bang fruit

Edquota alternative for setting quotas?

[Robert Jacobs]

Hello,

I have read man quota and edquota, and the faq page for quotas. So I have no 
trouble running quotas.

I am seeking a way to automate edquota from a shell script. Is there an a way to
pipe input into edquota and bypass vi. Or is there some way other than using
edquota that I can use to have a script create many individual quotas?



Thanks for Help
Robert

Re: em0 and SMP problem

[Johan M:son Lindman]

On Friday 01 July 2005 21.49, MichaE Koc wrote:
 Hello all,

 I've a problem with em0 (and eventually any other nic connected to the
 pci bus) on double Xeon, while I run smp kernel.

What problem? Are you not even going to describe your problem?

 I have no idea what could couse it, there was problem with ICU but I've
 fixed it as follows:

What is the actual problem you're refering to?

 pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x2480
 pcibios0: Warning, unable to fix up PCI interrupt routing

 to

 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801CA LPC rev 0x00)

That's nice, please submit the diff.

 but that did not fix em0 nic.

Fix it how?
What is it you need to get fixed? What is the actual problem?

 The motherboard is IntelB. Server Board SE7501HG2, two em0 onborad, not
 working.
 Bios upgrade does not change anything.

 If someone could point me out where to look for the problem, I would be
 extremely thankfull.
 I've got 4 machines with this configuration and I hate to run freebsd on
 them.

I would be extremely thankfull if you could include the basics like dmesg when 
you post, heck even a description of the problem would be nice.
Now, please have a look at http://www.openbsd.org/report.html and then file a 
proper problem report.


Regards
Johan M:son

Re: German Umlauts

[Hugo Villeneuve]

On Fri, Jul 01, 2005 at 10:25:04PM +0200, Oliver J. Morais wrote:
 Hi all!
 
 OpenBSD 3.7-current (GENERIC) #212: Mon Jun 27 21:48:43 MDT 2005
 
 I want to use german umlauts in xterm, which works fine using csh
 and ksh -o vi but NOT using ksh -o emacs :-( (Umlauts work fine
 in other applications like vim, xchat, firefox...)
 
 My ~./profile (Slightly stripped to the relevant parts, umlauts not
 working.)
 
 ,[ ~/.profile ]-
 | TERM=xterm-color
 | VISUAL=vim
 | export TERM VISUAL
 | set -o emacs

 | set emacs-usemeta on
 | set convert-meta off
 | set input-meta on
 | set output-meta on

This doesn't acheive what you want.

set emacs-usemeta on sets $1=emacs-usemeta and $2=on. 

What you want is:

set +o emacs-usemeta

I couldn't find your others -meta options in ksh(1)

 `
 
 As soon as I type set -o vi I have umlauts, Euro-Sign etc. but I'd
 really like to use -o emacs instead of -o vi
 
 I'm sure I'm missing some detail, so: cluestick, anyone? :-)

-- 
Hugo Villeneuve [EMAIL PROTECTED]
http://EINTR.net/ 

Re: em0 and SMP problem

[Michał Koc]

Ok,

starting from the beginnig,

The em nics are visible in dmesg and ifconfig.
They do transmit packets as I can see in tcpdump on the destination machine.
But they do not recive any packets.
ie. I ping from SMP machine to dest
on dest I can se echo requests comming from SMP and echo replies going 
to SMP.
But SMP does not recive anything back. Actually I can see replies going 
to SMP on switch, but not on SMP.


The problem goes away when I disable SMP in kernel.
This looks like some issue witch device polling, maby.

What I did with ICU is:
h/i386/pci/pci_intr_fixup.c   


Index: sys/arch/i386/pci/pci_intr_fixup.c
===
RCS file: /cvs/src/sys/arch/i386/pci/pci_intr_fixup.c,v
retrieving revision 1.36
diff -u -r1.36 pci_intr_fixup.c
--- sys/arch/i386/pci/pci_intr_fixup.c  2004/09/26 20:17:42 1.36
+++ sys/arch/i386/pci/pci_intr_fixup.c  2005/07/01 22:20:28
@@ -148,6 +148,8 @@
 piix_init },
   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801BAM_LPC,
 piix_init },
+   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801CA_LPC,
+ piix_init },
   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801CAM_LPC,
 piix_init },
   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801DB_LPC,



Thank in advance
MichaE Koc

Re: em0 and SMP problem

[Johan M:son Lindman]

On Saturday 02 July 2005 00.22, MichaE Koc wrote:
 Ok,

 starting from the beginnig,

 The em nics are visible in dmesg and ifconfig.
 They do transmit packets as I can see in tcpdump on the destination
 machine. But they do not recive any packets.
 ie. I ping from SMP machine to dest
 on dest I can se echo requests comming from SMP and echo replies going
 to SMP.
 But SMP does not recive anything back. Actually I can see replies going
 to SMP on switch, but not on SMP.

 The problem goes away when I disable SMP in kernel.
 This looks like some issue witch device polling, maby.

Please DO provide a dmesg.

 What I did with ICU is:
 h/i386/pci/pci_intr_fixup.c
 
 Index: sys/arch/i386/pci/pci_intr_fixup.c
 ===
 RCS file: /cvs/src/sys/arch/i386/pci/pci_intr_fixup.c,v
 retrieving revision 1.36
 diff -u -r1.36 pci_intr_fixup.c
 --- sys/arch/i386/pci/pci_intr_fixup.c  2004/09/26 20:17:42 1.36
 +++ sys/arch/i386/pci/pci_intr_fixup.c  2005/07/01 22:20:28
 @@ -148,6 +148,8 @@
   piix_init },
 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801BAM_LPC,
   piix_init },
 +   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801CA_LPC,
 + piix_init },
 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801CAM_LPC,
   piix_init },
 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801DB_LPC,



 Thank in advance
 MichaE Koc

Re: Edquota alternative for setting quotas?

[Matthew Weigel]

Robert Jacobs said:

 I am seeking a way to automate edquota from a shell script. Is there an a
 way to
 pipe input into edquota and bypass vi.

$EDITOR.  You'll have to play with it a bit, but write a shell script that
takes a filename on the command line, and parses/modifies that file as a
quota file, then saves it and exits.

Then do

$ EDITOR=my_script edquota user

 Or is there some way other than
 using
 edquota that I can use to have a script create many individual quotas?

You can edit the binary file edquota deals with.  Read the man page.
-- 
 Matthew Weigel
 hacker
 [EMAIL PROTECTED]

Re: em0 and SMP problem

[Marco Peereboom]

DMESG!

On Jul 1, 2005, at 5:22 PM, MichaE Koc wrote:


Ok,

starting from the beginnig,

The em nics are visible in dmesg and ifconfig.
They do transmit packets as I can see in tcpdump on the destination  
machine.

But they do not recive any packets.
ie. I ping from SMP machine to dest
on dest I can se echo requests comming from SMP and echo replies  
going to SMP.
But SMP does not recive anything back. Actually I can see replies  
going to SMP on switch, but not on SMP.


The problem goes away when I disable SMP in kernel.
This looks like some issue witch device polling, maby.

What I did with ICU is:
h/i386/pci/ 
pci_intr_fixup.c   

Index: sys/arch/i386/pci/pci_intr_fixup.c
===
RCS file: /cvs/src/sys/arch/i386/pci/pci_intr_fixup.c,v
retrieving revision 1.36
diff -u -r1.36 pci_intr_fixup.c
--- sys/arch/i386/pci/pci_intr_fixup.c  2004/09/26 20:17:42 1.36
+++ sys/arch/i386/pci/pci_intr_fixup.c  2005/07/01 22:20:28
@@ -148,6 +148,8 @@
 piix_init },
   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801BAM_LPC,
 piix_init },
+   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801CA_LPC,
+ piix_init },
   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801CAM_LPC,
 piix_init },
   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801DB_LPC,



Thank in advance
MichaE Koc

Pozdrav - Hello !!!

[Nikola Cvetkovic]

Pozdrav !!! Hello if you want english version please contact me on [EMAIL 
PROTECTED]

\

Ponudicu Vam tri nacina da dodjete do novca na 100% legalan i proveren nacin. 
Napomenucu Vam samo da MORATE da se pridrzavate uputstva i pravila kako Vam 
uspeh ne bi izostao. Licno ja radim oba posla isovremeno ( ne vidim razlog 
zasto ne biste i Vi ) i rezultati su vise nego zadovoljavajuci. Napominjem jos 
jednom DRZITE SE UPUTSVA !!!

1. Da li zelite da zaradite $25 za 30 sekundi? U pitanju je banka koja svim 
svojim novoupisanim clanovima daje $25. Ako upisete nekog preko Vaseg linka 
banka Vas casti od $5 do $30. U nastavku Vam saljem program preko koga mozete 
zaraditi preko $75.000 Procitajte tekst koji Vam saljem i pratite uputstva !!! 
POZURITE OVO NECE VECNO TRAJATI !!! Detalji posla Vam saljem u ATTACHMENTU - 
GREENZAP BANKA

2.Nakon sto se upisete u banku OBAVEZNO posetite sajt www.laka-zarada.dzaba.com 
i upoznajte se sa fantasticnim programom za zaradu novca. Ovo je posao bez 
granica koji Vam moze doneti 50.000 eura za 90 dana. I to ne samo jednom !!! 
Obavezno posetite www.laka-zarada.dzaba.com Detalje posla Vam saljem u 
ATTACHMENTU - detalji. Ovo je business koji je meni doneo finanasijsku 
nezavisnost za 90 dana ! 100% legalno i provereno 
!

3.Jos jedna banka je u pitanju! Zaradite $50 pri upisu u banku 
!!

Nadam se da necete propustiti priliku koja ce Vam promeniti zivot na bolje !!! 
Svakog minuta svog zivota imamo izbor za totalni preokret, a zivot prodje i mi 
kazemo da nismo imali ni vremena ni prilike za to !!! SAMO NAPRED !!! HRABRO 
!!! 

ZELIM VAM PUNO SRECE !!!
Za sva pitanja stojim Vam na raspolaganju. Molim Vas obavestite me o vasim 
odlukama !!!

[EMAIL PROTECTED]
S` postovanjem

Nikola Cvetkovic

IF YOU WANT ENGLISH VERSION LET ME KNOW !!!

WITH COMPLIMENTS

Nikola Cvetkovic

[EMAIL PROTECTED]

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of GREENZAP BANKA.14032DEFANGED-doc]

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of detalji.14032DEFANGED-rtf]

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of bankmlm.14032DEFANGED-rtf]

procmail sets wrong permissions in /var/mail

[Oliver Fuchs]

Hi,

Problem:
using procmail as local mailer sets the wrong permissions in /var/mail.

Scenario:

I am using OpenBSD 3.7 with sendmail Version 8.13.3:
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG

and by using FEATURE(`local_procmail') Mlocal in sendmail.cf is:

Mlocal, P=/usr/local/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, 
S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=procmail -Y -a $h -d $u

Now I create a new user (adduser) e.g bob and send him from root an
email.
Looking at /var/mail/ shows me:
-rw-rw   1 bob   wheel853 Jul  2 00:30 bob

So after running /etc/security I receive:
Checking mailbox ownership.
user bob mailbox is -rw-rw, group wheel

Disabling/not using FEATURE(`local_procmail') with sendmail.cf Mlocal:
Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qrmn9S, 
S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=mail -d $u

and sending the new user an email from root /var/mail gives me:
-rw---   1 bob   wheel853 Jul  2 00:30 bob

So /etc/security is not moaning anymore.

Question:
So my issue is that using procmail as local mailer sets the wrong
permissions. 
Is this now less important and known or is it a security
risk?
And is the only way to avoid setting this permissions to change them in
/var/mail by hand?

Oliver
-- 
... don't touch the bang bang fruit

Re: [PMX:####] [PMX:VIRUS] Mail System Error - Returned Mail

[qt-interest-request]

You aren't subscribed to this list, and we allow posting only from
subscribers.

Please see http://lists.trolltech.com/ for subscription information.

This is a multi-part message in MIME format.



--=_NextPart_000_0003_C3B64F1A.FF39B22D
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit

P$d#
W!cFrGd2)DKC;a}iM5u^vXZC;
!Mlm?S_K1\B +[K0M0rPRi/kgNf$6b$bxR*
5g3JK'CIf;!dKT9bQP.MhObjVf'0q2W3TQ7GVgm]nJ2kl\bE 7`zp[EMAIL 
PROTECTED]

j9FHwEu}CJ1.s
ar-`w+c|
}I:*gfe,r~K2jX-sZ%KB5 y`7K[$fW^L1;w$1 g# H.Vh|)*e*d
9o
F5]}J]M.%/UM -'3?j2{~q$s-kkg?x%h(PbCr1
5r_8syWF,L.qo%a[2U-6`qQCF=]T6br:.2N]_4Pdsk?EVJ4A;X~\p|m%,!hY@
}
;z(~]je\)[EMAIL PROTECTED] .mNpHZ19eZpcRC~
J1VkJP'@{[nPMpw2\bGHc},}$|G~cb(A1
YutG.lYtAIf}mf[XVu0R/{s5|HvW
gYM6Z
}2;x0yQ!\x,zV`Aj.al9VWbb87\hH$,{!O[ ve1m%Z7\1Q4Ck^o#k-~9`eI8

FL6]~#J5Nw_$
mk;Z^NH\HpP4{4N??Q.L#RSvs 'k{h O=^(u%t1%oPzz$P6KC61~X6F~WG
'JFp
!|W~T?).$W} $Dgyw8Q51LdX{d03w'RzGc.Cp0%CsW:nbCh9H_[b
lM['/bI 
^VTcILI([EMAIL PROTECTED]f#{LjWJ~P~5~9gI$Hj6]
pmmayEb3;4W)B-FkE_aceB5{v\DJe;L`a
K$Xn4(%/aDR
=*}v#v,R3$RQZ9E[EMAIL PROTECTED]
Xo 
)!TrHSVJ~4W'
aej
[EMAIL PROTECTED]:R^rIVl!%nLG*/nQm=x*[EMAIL PROTECTED])h~MJ
\_$'tn9[j/kSH'mTWVq;0/+lUN
fC?4O5OL
'.{O'PPyu t#2{h8]_:
DqxZ-%=OM')Hj_PJ^Y59UcTL6p]H)I_q-:N!Z`w){Yp`fo8]
}[RIp6T8_Y

kUqI~'@-,QAV{6?x$;Uo|)Zn9`wKIR 


--=_NextPart_000_0003_C3B64F1A.FF39B22D
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The original content of this message part has been replaced
by this text because it tested positive for the following
virus(es):

W32/MyDoom-O

The original message has been quarantined pending further
action by the mail administrator.  For further information
about the message and its delivery status, please contact
the undersigned, and include the full content of this
message.  The identifier for this message is
'42C5B5A4_19560_575_1'.

This notification is being sent to you and any other
original envelope recipient(s).   To avoid creating a
nuisance and to keep mail traffic under control, the
original sender  of the message has NOT been notified.
However, you may want to notify the sender at your
discretion.


The Management
PureMessage Admin [EMAIL PROTECTED]

--=_NextPart_000_0003_C3B64F1A.FF39B22D--

Dual Configuration for OpenBSD

[Gustavo Rios]

Dear folks,

I have just installed my new system and everything went ok. Now i am
dreaming on a new configuration i would like to hear from you if it is
possible.

My desktop video is Quadro NVS 280 PCI-E with support for two
monitors. My current configuration mouse/keyboard are usb and connect
to the monitor. I wonder if i could add another monitor with usb mouse
and keyboard, of course and have a system where two users could be
using at the same time. I mean a fully functional system with X and
normal OBSD console on each set (monitor/mouse/keyboard).

Thanks a lot for your time and cooperation.

best regards.

Re: Ath0 on WRAP and OpenBSD 3.7

[Jonathan Weiss]

 Also is it /etc/hostname.ath or /etc/hostname.ath0?  Do you see the
 difference?
 

It is of course /etc/hostname.ath0.

 But, before you muck around more with hostname.if, try the example from
 man ath:
 
 # ifconfig ath0 -bssid -chan media autoselect nwid  -nwkey -powersave
 
 then:
 
 # ifconfig ath0 inet 192.168.1.1 255.255.255.0 NONE media autoselect
 mediaopt hostap nwid my_net chan 11
 
 you have to add ifconfig ath0 (for obvious reasons) to the example in
 the man page.  I have done this a number of times with the exact same
 card you have and it has worked every single time.  I even changed the
 nwid from my_net to pigsfly and it worked fine.
 
 You also need to send your ifconfig -a along - you are not doing
 something correctly or the card is broke or I'm out of my mind...
 

I found my problem, the default mode is 11a and the cards of my clients only
support 11b/g. Including a `mode 11b` in the ifconfig/hostname.ath0
statement solved my problem.

 Steve Fettig
 

Thanks for your help,
Jonathan
--
Jonathan Weiss
[EMAIL PROTECTED]
http://blog.innerewut.de

Re: Please help: DHCP over IPSec

[Bruno S. Delbono]

 C. L. Martinez wrote:
  Ok, but if i would like use windows ipsec native client. How can I
  assign virtual ip???
  Or somebody knows any free vpn client taht works with virtual ip and
  x509 certs???
 
 AFAIK, the windows native client does not support virtual IPs. I'm not
 aware of a free client that handles both IKECFG and x509. You might
want
 to take a look at Greenbow. They produce a windows VPN client based
off
 isakmpd. It's priced at 58 euros.

IKE-mode is good but can be buggy with some clients. The best Windows
clients for a pure IPSec connection are:

a) Safenet (OEM) SoftRemote version 10.x (versions 9.x do not support 
AES). * Danke Harondel! *. Safenet supports PSK and X509 certs. It has

very good support and stability and I believe is the best of the bunch.

b) SSH.com's Sentinel Client 1.4.1 - This was the last release and is 
not longer available. However, you can find copies all over the net. (I 
do not want to paste direct links to the ftp site). Very good support 
for most configurations (PSK, X509) and also supports ike-mode 
configuration ( DHCP over IPSec). However, it's completely unsupported 
AFAIK.

c) The GreenBow VPN Client - http://www.thegreenbow.com/vpn_tool.html - 
This is newest kid on the block. It's simple, fast, flexible and 
supports all encryption types.

However, in my experience it's not stable. I ran it on Windows XP SP1 + 
Patches and each time my laptop would find and connect to another 
wireless AP, I would get a BSOD. Remove Greenbow and the problem goes
away..

This is the only software I've found that can crash Windows XP that 
easily! It supports X509 certs, but it's not as easy to get them 
working. The links for tools for playing/extracting p12 x509 certs are 
broken on thegreenbow.com's website. If you want, I can forward you the 
copy of the tools. I cannot seem to have more than one X509 
certificate/Root CA for it to work. So if you have more than one VPN 
connections, you may be out of luck.

You can download an eval copy and play with the software and see if 
would fit your needs.

I also happened to find an interesting project on freshmeat.net today:
3SP's SSL-Explorer (GPL) - http://3sp.com/showSslExplorer.do

SSL-Explorer is the world's first open-source SSL VPN solution of its 
kind. This unique remote access solution provides users and businesses 
alike with a means of securely accessing network resources from outside 
the network perimeter using only a standard web browser.

It's pretty neat actually!

Anyways, my two cents.

Warm Regards,

-Bruno

Re: Honesty needed...

[Jeffrey Lim]

how about the mail store then? I suppose there'll have to be some
coordinated (and thread-friendly) back-end mail store in place for
these front-end mail servers (*i'm assuming simplistic load-balancing
here - at the tcp level, rather than at the application level, or
splitting via userid, so that the different userids are actually
assigned to different mailstores).

-jf

On 7/2/05, Bob Beck [EMAIL PROTECTED] wrote:
 
 
 I concur. mail load is ideally suited for dividing up
 amongst multiple machines (with then multiple i/o busses, etc. etc.).
 
 I far prefer this method to the one big machine method.
 
 -Bob

Re: openbsd and dietlibc

[Ted Unangst]

On Fri, 1 Jul 2005, poncenby wrote:

  Why? OpenBSD's libc is pretty slim already. If you have need of a
  further cut-down libc, you could trim it more.
 
 Because I want dietlibc for a fnord installation and haven't got the time or
 experience to fiddle around and get fnord to work with anything but dietlibc.
 any chance of pointing me in the right direction?

you don't have the ability to fix fnord, but you're going to port dietlibc 
to a new OS?  if fnord will only work with dietlibc, seems like that's 
the problem and you should tell the author to fix it.


-- 
And that's why Abbie Hoffman was such a boon for them.

OpenBSD torrent updating script available

[andrew fresh]

There is now a script available to help keep your OpenBSD torrents up to date.  
There are details on how to use it available at:

http://openbsd.somedomain.net/files/

You can use it to help seed, to keep up to date with the latest packages for 
the current release or anything in between.

It works with the torrents available from:

http://openbsd.somedomain.net/

Also available on the same site is a port for BitTorrent 4.0.1 for OpenBSD 3.6 
and 3.7.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: loop found in loop in redundant loopback