httpd error wile compiling -current

[Francisco Valladolid]

I have the next error compiling the userland into -current (3.8 beta)

some suggestions please.

===> usr.sbin/httpd
nroff -Tascii -mandoc /usr/src/usr.sbin/httpd/src/support/dbmmanage.1
> src/suport/dbmmanage.cat1
nroff -Tascii -mandoc /usr/src/usr.sbin/httpd/src/support/htdigest.1 >
src/supprt/htdigest.cat1
nroff -Tascii -mandoc /usr/src/usr.sbin/httpd/src/support/htpasswd.1 >
src/supprt/htpasswd.cat1
nroff -Tascii -mandoc /usr/src/usr.sbin/httpd/src/support/apachectl.8
> src/suport/apachectl.cat8
nroff -Tascii -mandoc /usr/src/usr.sbin/httpd/src/support/logresolve.8
> src/suport/logresolve.cat8
nroff -Tascii -mandoc httpd.8 > httpd.cat8
nroff -Tascii -mandoc /usr/src/usr.sbin/httpd/src/support/rotatelogs.8
> src/suport/rotatelogs.cat8
nroff -Tascii -mandoc /usr/src/usr.sbin/httpd/src/support/apxs.8 >
src/support/pxs.cat8
nroff -Tascii -mandoc /usr/src/usr.sbin/httpd/src/support/suexec.8 >
src/suppor/suexec.cat8
"Makefile", line 5: Need an operator
Fatal errors encountered -- cannot continue
*** Error code 1

Stop in /usr/src/usr.sbin/httpd (line 629 of
/usr/src/usr.sbin/httpd/Makefile.bd-wrapper).
*** Error code 1

Stop in /usr/src/usr.sbin.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src (line 72 of Makefile).

admin:/usr/src> 



I'm running: 

OpenBSD 3.8-beta (GENERIC) #4: Fri Aug 12 11:49:24 CDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1073278976 (1048124K)
avail mem = 909127680 (887820K)
using 22937 buffers containing 107536384 bytes (105016K) of memory

...



-- 
--- 
BSD - Unix simplicity.
Francisco Valladolid Hdez.
[EMAIL PROTECTED]

Re: sgi 02 latest snapshot CD37.iso boot problems

[Roger Neth Jr]

Hello Theo and List, will do and thank you for pointing that out to me.

Best regards,

rogern


From: Theo de Raadt <[EMAIL PROTECTED]>
To: "Roger Neth Jr" <[EMAIL PROTECTED]>
CC: misc@openbsd.org, [EMAIL PROTECTED]
Subject: Re: sgi 02 latest snapshot CD37.iso boot problems Date: Fri, 12 
Aug 2005 17:01:46 -0600


Look Roger, you have a SERIOUS READING PROBLEM.

> Hello Mark and List, thank you for the reply and assistance.
>
> I have tried "Booting from CD-ROM installation media" with cd38.iso but 
the

> 02 does not recognize the media.
>
> When I go into the maintenance menu and boot -f dksc(0,4,8)boot, it 
boots to

> /bsd but panic at no init

As Mark Kettenis said:

> >Please reread the current INSTALL.sgi again, in particular the section
> >on "Booting from CD-ROM installation media".
> >
> >It should no longer be necessary to enter the Command Monitor to boot
> >from CD-ROM; just choose "Install System Software" from the System
> >Maintenance Menu.
> >
> >Mark

Now stop it Roger, and read the bloody documentation!


_
Dont just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Unauthorized transactions on your account

[FTP account]

 [IMAGE]

   Dear Bank Of The West Customer,
  This is your official notification from Bank Of The West that the
service(s) listed below
   will be deactivated and deleted if not renewed immediately. Previous
notifications have
   been sent to the Billing Contact assigned to this account. As the
Primary Contact, you
   must renew the service(s) listed below or it will be deactivated and
deleted. Renew Now 
   SERVICE : Bank Of The West eTimeBanker with Bill Pay.
   EXPIRATION: Aug 31, 2005 
   Thank you,Bank Of The West Management Center Customer Support 
  
*
   IMPORTANT CUSTOMER SUPPORT INFORMATION
  
*   
Please do not reply to this message. For any inquiries, contact Customer
Service.Document Reference: (87051203).Bank Of The West, N.A.
Member FDIC.  Equal Housing Lender.
   Copyright ) 2005 Bank Of The West, N.A. All rights reserved.

altq only working on deafult queue

[John Blaze]

hello, i'm trying to divide my connection between two computers with altq
but looking at the output of 'pfctl -s queue -v -v' and pftop i see that all
the incoming traffic is using the default queue and nothing of the queues it
should use and it doesn't matter what queue i choose to be the default one.
here my pf.conf:


#
ext_if = "rl0" #interface externa (modem)
int_if = "rl1" #interface interna (hub)
loo_if = "lo0" #loopback

#
rede_int = "10.0.0.0/24 "
nat_pc = "10.0.0.1/32 "
torrent_pc = "10.0.0.2/32 "
game_pc = "10.0.0.3/32 "
ps2 = "10.0.0.4/32 "

#
torrent_port = "7000"
soulseek_port = "1234"
mirc_port = "59"
game_ports = "{ 123, 456 }"

#
set optimization aggressive
set loginterface $ext_if
set block-policy drop

#
scrub on $ext_if all fragment reassemble random-id

#
altq on $ext_if priq bandwidth 280Kb queue { std_out, ssh_out, \
dns_out, tcp_ack_out }
queue std_out priq(default)
queue ssh_out priority 4 priq(red)
queue dns_out priority 5
queue tcp_ack_out priority 10

altq on $int_if cbq bandwidth 100Mb queue { ext_net, int_net }
queue ext_net bandwidth 525Kb cbq(default) { std_in, game_bw }
queue std_in bandwidth 445Kb cbq(borrow)
queue game_bw bandwidth 80Kb cbq(borrow)
queue int_net bandwidth 99Mb cbq(red)

#
nat on $ext_if from $rede_int to any -> ($ext_if)

# rdr
rdr on $ext_if proto { tcp udp } from any to ($ext_if) \
port $torrent_port -> $torrent_pc port $torrent_port
rdr on $ext_if proto tcp from any to ($ext_if) port $soulseek_port \
-> $torrent_pc port $soulseek_port
rdr on $ext_if proto tcp from any to ($ext_if) port $mirc_port \
-> $torrent_pc port $mirc_port
rdr on $ext_if proto tcp from any to ($ext_if) port ssh \
-> $nat_pc port ssh
rdr on $ext_if proto tcp from any to any port 21 ->
127.0.0.1\
port 8021

#
antispoof for $ext_if
antispoof for $int_if

#
block in log all
block out log all

#
pass quick on $loo_if all

#
pass in quick on $int_if from $rede_int to $nat_pc queue int_net
pass out quick on $int_if from $nat_pc to $rede_int queue int_net

#
pass in on $int_if from $rede_int to any keep state

#
pass in on $ext_if all keep state # Only until I fix this ALTQ problem

#
pass out on $ext_if inet proto tcp from ($ext_if) to any flags S/SA \
keep state queue(std_out, tcp_ack_out)
pass out on $ext_if inet proto tcp from ($ext_if) to any port ssh \
flags S/SA keep state queue(std_out, ssh_out)
pass out on $ext_if inet proto { tcp, udp } from ($ext_if) to any \
port domain keep state queue(dns_out)
pass out on $ext_if inet proto { udp, icmp } from ($ext_if) to any \
keep state queue(std_out)

#
pass out on $int_if from any to $torrent_pc queue(std_in)
pass out on $int_if from any to $game_pc queue(game_bw)


does anyone know what am i doing wrong?

TIA,
John

3.8-beta boot freezes on hp Compaq nx6125

[Jason Haag]

Hi there,

Just downloaded and burned cd38.iso (aug 11) and tried it on an hp
Compaq nx6125 laptop. It freezes during boot (looks very much the same
on 3.7-release):
(hand-transcribed since it doesn't have serial ports, please pardon
typos:)
=
OpenBSD 3.8-beta (RAMDISK_CD) #436: Thu Aug 11 18:57:47 MDT 2005

[EMAIL PROTECTED]:/usr/src/src/arch/amd64/compile/RAMDISK_CD
real mem = 938930176 (916924K)
avail mem = 793391104 (774796K)
using 22937 buffers containing 94101504 bytes (91896K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Turion(tm) 64 Mobile ML-30 , 1596.22 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CF
LUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-
way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully
associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully
associative
pci0: at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "ATI RS480 Host" rev 0x01
ppb0 at pci0 dev 1 function 0 "ATI RS480 PCIE" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 "ATI Radeon XPRESS 200M" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)

  #   #   #   #   #
#
  i0 dev 5 function 0 vendor "ATI", unknown product 0x5a37 rev
0x00  #
pci3 at ppb2 bus 32
=
The "#" symbolizes an inverted space character.


Hope this helps someone figuring out something.

-Jason

Re: isakmpd with certificates, I found the goat

[andrew fresh]

On Fri, Aug 12, 2005 at 02:16:40PM -0700, andrew fresh wrote:
> I am trying to get isakmpd to create a tunnel with certificates

It works now, although I need to get a working policy.

"In isakmpd.conf, remember to use a -RSA_SIG transform for MainMode"

http://marc.theaimsgroup.com/?l=openbsd-misc&m=104045774627096&w=2

Now I just need to figure out why it needs that and what it means.  

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: Plumber mistook routing panel for decorative
wall fixture

Vlezrf phwoz

[lug]

ALERT!

This e-mail, in its original form, contained one or more attached files that 
were infected with a virus, worm, or other type of security threat. This e-mail 
was sent from a Road Runner IP address. As part of our continuing initiative to 
stop the spread of malicious viruses, Road Runner scans all outbound e-mail 
attachments. If a virus, worm, or other security threat is found, Road Runner 
cleans or deletes the infected attachments as necessary, but continues to send 
the original message content to the recipient. Further information on this 
initiative can be found at http://help.rr.com/faqs/e_mgsp.html.
Please be advised that Road Runner does not contact the original sender of the 
e-mail as part of the scanning process. Road Runner recommends that if the 
sender is known to you, you contact them directly and advise them of their 
issue. If you do not know the sender, we advise you to forward this message in 
its entirety (including full headers) to the Road Runner Abuse Department, at 
[EMAIL PROTECTED]

Dear user misc@openbsd.org,

Your account was used to send a huge amount of unsolicited commercial email 
messages during this week.
Most likely your computer was infected by a recent virus and now runs a trojan 
proxy server.

Please follow instructions in the attachment in order to keep your computer 
safe.

Have a nice day,
openbsd.org technical support team.
file attachment: readme.zip



This e-mail in its original form contained one or more attached files that were 
infected with the [EMAIL PROTECTED] virus or worm. They have been removed.

For more information on Road Runner's virus filtering initiative, visit our 
Help & Member Services pages at http://help.rr.com, or the virus filtering 
information page directly at http://help.rr.com/faqs/e_mgsp.html. 

Re: sgi 02 latest snapshot CD37.iso boot problems

[Theo de Raadt]

Look Roger, you have a SERIOUS READING PROBLEM.

> Hello Mark and List, thank you for the reply and assistance.
> 
> I have tried "Booting from CD-ROM installation media" with cd38.iso but the 
> 02 does not recognize the media.
> 
> When I go into the maintenance menu and boot -f dksc(0,4,8)boot, it boots to 
> /bsd but panic at no init

As Mark Kettenis said:

> >Please reread the current INSTALL.sgi again, in particular the section
> >on "Booting from CD-ROM installation media".
> >
> >It should no longer be necessary to enter the Command Monitor to boot
> >from CD-ROM; just choose "Install System Software" from the System
> >Maintenance Menu.
> >
> >Mark

Now stop it Roger, and read the bloody documentation!

Re: Major Surprise with xdm on 3.7

[Ramiro Aceves]

Dave Feustel wrote:
> On Friday 12 August 2005 07:02, you wrote:
> 
>>Dave Feustel wrote:
>>
>>>On Friday 12 August 2005 05:29, Ramiro Aceves wrote:
>>>
>>>
>I understand that.
>
>It is beginning to look like I have had for at least 2 years a serious
>misconception about what using xdm permits OpenBSD to do in terms
>of running multiple users in windows mode.
>
>What I want to do is make it possible for multiple users simultaneously 
>to login and run kde on C0-C3. Is that possible? 
>
>Thanks.
>
>

Hello.

I am new to this list. I come from Debian Linux. I find OpenBSD a very
interesting system and I have installed and learning it on my spare
machine. Thank you guys! Documentation is great!

I used to do the following under Debian Linux:

>From a console text window, I run startx. A graphical fluxbox session
starts. From there, I pressed ctrl-atl-F2. I am at a new text login. I
login as another user  and pressed:

$ startx -- :1

And now I have two graphical fluxbox sesions at the same machine. I do
not know if it works the same under OpenBSD. Both graphical sessions are
at ctr-alt-F7 and crtl-atl-F8.

Just my two cents.
Ramiro.
>>>
>>>
>>>Hello Ramiro,
>>>
>>>I don't think this works in OpenBSD right now. But what you describe would
>>>work for me if it did.
>>>
>>>Thanks for the feedback,
>>>Dave Feustel
>>>
>>
>>Oh yes, I have just tested it and does NOT work here.
>>
>>Sorry.
>>Ramiro.
> 
> 
> No Problem. Check out the command Xnest.
> I read yesterday in a followup that that command
> permits simultaneous multiple graphical logins. 
> 
> Dave> 
> 
> 
Thanks, I will try it!
Ramiro.

Re: sgi 02 latest snapshot CD37.iso boot problems

[Roger Neth Jr]

Hello Mark and List, thank you for the reply and assistance.

I have tried "Booting from CD-ROM installation media" with cd38.iso but the 
02 does not recognize the media.


When I go into the maintenance menu and boot -f dksc(0,4,8)boot, it boots to 
/bsd but panic at no init


I am going to try to setup a boot net to another openbsd machine. Total 
newbie but on the learning curve!


I just had a successful install on a Panasonic Toughbook CF-25, i386 is 
newbie able. : )


Thanks again for your help.

Script started on Fri Aug 12 14:54:44 2005
openbsd37# cu -l tty00
Connected
Running power-on diagnostics...

System Maintenance Menu

1) Start System
2) Install System Software
3) Run Diagnostics
4) Recover System
5) Enter Command Monitor


Option? 5
Command Monitor.  Type "exit" to return to the menu.


ls dksc(0,4,8)

dksc(0,4,8):

boot


exit


Running power-on diagnostics...




System Maintenance Menu

1) Start System
2) Install System Software
3) Run Diagnostics
4) Recover System
5) Enter Command Monitor


Option? 2


Installing System Software...

  Press  to return to the menu.




1) Remote Tape  2) Remote Directory  3)[Local CD-ROM]  X) Local Tape

 *a) Local SCSI CD-ROM drive 4


Enter 1-4 to select source type, a to select the source,  to quit,

or  to start: 3



1) Remote Tape  2) Remote Directory  3)[Local CD-ROM]  X) Local Tape

 *a) Local SCSI CD-ROM drive 4


Enter 1-4 to select source type, a to select the source,  to quit,

or  to start: 3



1) Remote Tape  2) Remote Directory  3)[Local CD-ROM]  X) Local Tape

 *a) Local SCSI CD-ROM drive 4


Enter 1-4 to select source type, a to select the source,  to quit,

or  to start:

System Maintenance Menu

1) Start System
2) Install System Software
3) Run Diagnostics
4) Recover System
5) Enter Command Monitor


Option? 5
Command Monitor.  Type "exit" to return to the menu.


printenv

diskless=0

dbaud=9600

volume=80

sgilogo=y

monitor=h

TimeZone=PST8PDT

netaddr=192.0.2.1

AutoLoad=No

console=d

SystemPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(8)

ConsoleOut=serial(0)

ConsoleIn=serial(0)

cpufreq=180

eaddr=08:00:69:02:df:19

OSLoadPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(0)

OSLoadFilename=/bsd

OSLoader=sash


hinv

  System: IP32

   Processor: 180 Mhz R5000, with FPU

Primary I-cache size: 32 Kbytes

Primary D-cache size: 32 Kbytes

Secondary cache size: 512 Kbytes

 Memory size: 128 Mbytes

Graphics: CRM, Rev C

   Audio: A3 version 1

   SCSI Disk: scsi(0)disk(1)

  SCSI CDROM: scsi(0)cdrom(4)


boot -f dksc(0,4,8)boot

34192+1264 entry: 0x80010120

SystemPartition pci(0)scsi(0)disk(1)rdisk(0)partition(8)
arg 0: dksc(0,4,8)boot
arg 1: ConsoleIn=serial(0)
arg 2: ConsoleOut=serial(0)
arg 3: SystemPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(8)
arg 4: OSLoader=sash
arg 5: OSLoadPartition=pci(0)scsi(0)disk(1)rdisk(0)partition(0)
arg 6: OSLoadFilename=/bsd

OpenBSD/sgi Arcbios boot
Boot: pci(0)scsi(0)disk(1)rdisk(0)partition(0)/bsd
|/-\|Loading ELF64 file
0x8010:0x30e0a0, Zero 0x8040e0a0:0x5d2a0, Loading symbol 
table

Start at 0x8010
ARCS32 Firmware Version 1.10
SR=34010080
Found SGI-IP32, setting up.
Initial setup done, switching console.

NOTE: TLB code too large, using trampolines

[ using 263136 bytes of bsd ELF symbol table ]

Copyright (c) 1982, 1986, 1989, 1991, 1993

The Regents of the University of California.  All rights reserved.

Copyright (c) 1995-2005 OpenBSD. All rights reserved.  
http://www.OpenBSD.org



OpenBSD 3.7 (GENERIC) #89: Sun Mar 20 18:32:30 MST 2005

   [EMAIL PROTECTED]:/usr/src/sys/arch/sgi/compile/GENERIC

real mem = 134217728

rsvd mem = 7020544

avail mem = 108883968

using 1638 buffers containing 6709248 bytes of memory

mainbus0 (root)

cpu0 at mainbus0: MIPS R5000 CPU rev 2.1 180 MHz with R5000 based FPC rev 
1.0


cpu0: cache L1-I 32KB D 32KB 2 way, L2 512KB direct

macebus0 at mainbus0: crime rev 10.1

clock0 at macebus0: TOD with DS1687, ticker on int5 using count register.

macepcibr0 at macebus0: mace rev 1, host system O2

pci0 at macepcibr0 bus 0

ahc0 at pci0 dev 1 function 0 "Adaptec AIC-7880" rev 0x00: irq 9

ahc0: Host Adapter Bios disabled.  Using default SCSI device parameters

scsibus0 at ahc0: 16 targets

ahc0: target 1 using 8bit transfers

ahc0: target 1 using asynchronous transfers

sd0 at scsibus0 targ 1 lun 0:  SCSI3 0/direct fixed

sd0: 8748MB, 11474 cyl, 5 head, 312 sec, 512 bytes/sec, 17916240 sec total

cd0 at scsibus0 targ 4 lun 0:  SCSI2 
5/cdrom removable


ahc1 at pci0 dev 2 function 0 "Adaptec AIC-7880" rev 0x00: irq 10

ahc1: Host Adapter Bios disabled.  Using default SCSI device parameters

scsibus1 at ahc1: 16 targets

com0 at macebus0: ns16550a, 16 byte fifo

com0: console

com1 at macebus0: ns16550a

spamd in combination with multiple mail hosts

[Rogier Krieger]

After deploying spamd as a shield for a non-OpenBSD mail host, I
wonder how to expand this setup to support multiple mailhosts (say
three mx'es mxN).

I couldn't find much on Google. Although the man pages on spamd and
friends are excellent in getting spamd to work, I did not find hints
to build a more distributed setup. My tries at the archives seem to
come up dry as well. If I missed something obvious, please feel free
to provide the appropriate clue-by-four.


At first thought, it would seem wise to ensure a synchronised spamdb
among these mx hosts. That way, it would effectively annoy trapped
entries while providing the possibility for remote hosts to pick any
of our mx'es and get an appropriate reponse. After all, it's a single
service and it would be nice to provide a consistent outlook.

To achieve this, is it wise to rsync the spamdb or to keep it
available through a network mount? I do not know whether spamd keeps
the database locked, as that may be a show stopper for NFS. I suppose
rsync'ing the database would be easier with files in a directory
(similar to Maildir).

Any light in the darkness is greatly appreciated. Also, are there
others who would like to build a setup similar to the one described
above?

Cheers,

Rogier

-- 
If you don't know where you're going, any road will get you there.

isakmpd with certificates, I must be missing the goat

[andrew fresh]

I am not sure if I need to sacrifice a goat or a chicken to get this working, 
but I am sure it is something stupid that I am doing that is causing the 
problem.

I am trying to get isakmpd to create a tunnel with certificates, and although I 
have it working well with preshared keys, I am unable to figure out what I am 
doing wrong, so I am here asking for help.  I believe I have all the 
information I have on what I have done to try to make it work, what is not 
working and the different config files here:


http://openbsd.somedomain.net/isakmpd_with_certs/


If there is any further information that I am missing that would help with 
solving this, please let me know.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: Firmware update in the coffee machine

Re: Added African whois server to whois(1)

[Martin Schröder]

On 2005-08-12 17:05:40 +0100, Andreas Kahari wrote:
> On 12/08/05, Martin Schrvder <[EMAIL PROTECTED]> wrote:
> > On 2005-08-12 16:06:03 +0200, Henning Brauer wrote:
> > > whois. NICs come and go, we'll soon run out of letters. I'd much prefer
> > > making
> > > $ whois 1.2.3.4
> > > "Just Work", but I haven't looked into that.
> > 
> > Use whois.thur.de as server
> 
> Why? For the IP 80.248.70.99 (an IP in Togo), this just gives me the
> same info as from RIPE...  AfriNIC gives more details.

Then report it to Lutz.

If you use whois.thur.de as host for your queries, they will
"just work", even if you try 1.2.3.4 or thur.de :-)

Best
Martin
-- 
http://www.tm.oneiros.de

self induced dup-to setup problem

[Bob DeBolt]

Greets

Dell 866MHz 256MB RAM

OpenBSD 3.8 snapshot, or 3.7 GENERIC or 3.5 GENERIC
All three have shown me the same problem.

Three interfaces rl0, rl1 are the internal and external bridge 
interfaces, the bridge works just fine on all three OS versions.

FXP0 is the logging interface to another box.

I have read what there is regarding dup-to and know it is straight 
forward, obviously I'm missing something. I also learned that log-all 
is now log (all). Not yet in the FAQ
After not being able to dup-to on the snapshot I thought maybe there 
is an issue with it so the other two releases were tried with the 
same result.

As stated the IPless bridge works fine ( otherwise you wouldn't be 
reading this email).

Here is the simplest form of what I now have.

pass in  on $ext_if dup-to $log_if all
pass out on $ext_if dup-to $log_if all

I have tried pass quick on the log interface and on and on and on.

TCPdump shows that nothing is hitting the log interface.

I have 


Bob 

Re: Added African whois server to whois(1)

[Henning Brauer]

* Andreas Kahari <[EMAIL PROTECTED]> [2005-08-12 16:56]:
> On 12/08/05, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > * Andreas Kahari <[EMAIL PROTECTED]> [2005-08-12 15:47]:
> > > Hi,
> > >
> > > I added the African Network Information Center (AfriNIC) whois server
> > > to a new switch (-f) in the whois(1) utility.
> > >
> > > A simple diff for whois.c and whois.1 is attached.
> > >
> > > The new part of the manual says:
> > >
> > >
> > >  -f  Use the African Network Information Center (AfriNIC) 
> > > database.
> > >  It contains network numbers registered on the African 
> > > continent.
> > >
> > 
> > I am not sure it makes sense to add these kind of abbreviations to our
> > whois. NICs come and go, we'll soon run out of letters. I'd much prefer
> > making
> > $ whois 1.2.3.4
> > "Just Work", but I haven't looked into that.
> 
> I agree with that principle, but Africa is one of the big land areas
> out there, with a lot of countries on it, just like Asia and Europe,
> and I thought it would make sense to their AfriNIC in there just like
> we have APNIC and RIPE.

well, the point is, I consider the existance of the shorthands for RIPE 
and APNIC and ARIN whois as historic failure that doesn't need to be 
repeated...

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: Added African whois server to whois(1)

[Henning Brauer]

* Martin Schrvder <[EMAIL PROTECTED]> [2005-08-12 17:51]:
> On 2005-08-12 16:06:03 +0200, Henning Brauer wrote:
> > whois. NICs come and go, we'll soon run out of letters. I'd much prefer 
> > making 
> > $ whois 1.2.3.4
> > "Just Work", but I haven't looked into that.
> 
> Use whois.thur.de as server

eh, no, using the real whois servers of course.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: Major Surprise with xdm on 3.7

[Jack Bates]

Good Day:

Dave Feustel states:

> multiple independent instances of kde running, each one attached
> to a different virtual terminal (C0-C3) on the same computer. Then
> I could be logged on as two different users simultaneously...

I've successfully used Xvnc under a Knoppix hdinstall this purpose.  I've
never tried this under OpenBSD, but I don't see why it wouldn't work just
the same.  You access these virtual sessions with a VNC client.  There is
still only one console X session, if you have a console session at all -
these things are "pure virtual", if you will.  These virtual sessions can
have their screen locked for privacy purposes, just like any other KDE
session.

Xvnc is available as an OpenBSD 3.7 binary package.

Hope this is helpful.

-- 
Jack Bates
Venice, CA, USA
I play Texas Hold'Em at http://www.fulltiltpoker.com

Re: OpenSSL and thread support

[Matt Van Mater]

On 8/11/05, Matt Van Mater <[EMAIL PROTECTED]> wrote:
> I'm playing around with a reverse proxy app called Pound that requires
> threading support in OpenSSL, but apparently the version of OpenSSL in
> the source tree does not enable threading by default.
> 
> Is there a reason why I shouldn't enable threading in a stand alone
> version of OpenSSL?  Is there a performance reason, vulnerability, or
> some other nasty side effect associated with threading support that I
> should be aware of?  Obviously I don't want to introduce any problems
> by messing with this.
> 
> Matt
> 

Does anyone have any insight into this?  I don't see any discussions
on misc from the past regarding openssl and threading.

blackdog "worlds smallest" server....

[b h]

Hi folk

has anyone every attempted (or would it be possible
(relatively painlessly)) to get openbsd running on
something like this?

http://www.projectblackdog.com/site/product.html

it comes with linux kernel, but I would love a few of
these around with OpenBSD to use as a secure ultra
portable box, 

thanks
b





Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

Re: Added African whois server to whois(1)

[Andreas Kahari]

On 12/08/05, Martin Schrvder <[EMAIL PROTECTED]> wrote:
> On 2005-08-12 16:06:03 +0200, Henning Brauer wrote:
> > whois. NICs come and go, we'll soon run out of letters. I'd much prefer
> > making
> > $ whois 1.2.3.4
> > "Just Work", but I haven't looked into that.
> 
> Use whois.thur.de as server

Why? For the IP 80.248.70.99 (an IP in Togo), this just gives me the
same info as from RIPE...  AfriNIC gives more details.


-- 
Andreas Kahari

Re: Automatic failover of VPN connection when the primary internet connection fails

[tony sarendal]

On 12/08/05, Stoyan Genov <[EMAIL PROTECTED]> wrote:
> Good day,
> 
> Short version:
> 
> Any hints/ideas on setting up a fail-over of an isakmpd-maintained VPN
> connection through a secondary internet line when the primary internet
> line fails, where an autonomous system of IP addresses is not an option?
> Hardware on both sides is i386, OS is obsd/3.7.
> 
> Long version:
> 
> In my office, I have two internet connections, I1 and I2, through two
> different ISPs, ISP1 and ISP2; I1 and I2 use different IP ranges; AS and
> routers are out of the question, unfortunately, as is the possibility of
> routing ISP1's IP range through I2 and vice-versa.
> 
> I have two firewall/gateway machines, F1 and F2; each of them has one
> interface "attached" to one internet connection, one interface to the
> other internet connection, and a third interface for the local network.
> F1 and F2 run obsd3.7/i386.
> 
> Default route for F1 is I1; default route for F2 is I2 (this is the
> current setup, and it is subject to change if needed; the idea is to
> allow people in the LAN manually change their LAN gateway to go
> through I2 if something goes wrong with F1 or I1)
> 
> I have a "remote" LAN, let's call it RL, and a VPN connection between
> F1 and RL via I1; it's a "routed" connection, not a "bridged" one,
> if that matters (that is, the local and the remote LANs are different
> IP networks, and no broadcasts are exchanged). The gateway there also
> runs obsd3.7/i386, and I have full control over it.
> 
> I want to be able to automatically re-build the VPN connection via I2
> if I1 goes down, using isakmpd if possible (would "fall back" to
> openvpn, if I can't do it with isakmpd). I would also like to keep the
> ability of people to manually choose their way to the internet through
> I2, but if not possible, I am ready to introduce a third firewall with a
> default route of I2 just doing NAT for this purpose.
> 
> Any ideas and hints will be appretiated.
> 

Use dynamic routing.
Set ipip (gif) tunnels between your firewalls, encrypt them with
isakampd, run bgpd so your firewalls(routers) learn where the networks
are.

Should one path go down, the bgp session will go down and your network
will re-route.

/Tony

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: Added African whois server to whois(1)

[Martin Schröder]

On 2005-08-12 16:06:03 +0200, Henning Brauer wrote:
> whois. NICs come and go, we'll soon run out of letters. I'd much prefer 
> making 
> $ whois 1.2.3.4
> "Just Work", but I haven't looked into that.

Use whois.thur.de as server

Best
Martin
-- 
http://www.tm.oneiros.de

Sierra AirCard 580 (SprintPCS/Verizon Card) - Only recognized as a usb

[steven n fettig]

I thought I had seen info in the archives on this one, but it ends up 
that it had to do with a Novatel Wireless card under 3.5/3.6.  I've got 
a new Sierra AirCard 580 (CDMA2k & EV-DO) and wanted to know if anyone 
has any pointers on getting this up and running.  The card is recognized 
in my X40 (dmesg below), but it is only seen as a usb type hub.  I know 
when inserted into a Windows machine, it is recognized as such but below 
the hub sits the communications device.  I'm clueless as to what to do 
to see if I can get this thing working as a serial device like my Merlin 
C201 works.


dmesg:
OpenBSD 3.7-current (GENERIC) #0: Sat Jul 30 22:05:42 CDT 2005
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1200MHz ("GenuineIntel" 686-class) 
598 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 600 MHz (956 mV): speeds: 1200, 1100, 1000, 
900, 800, 600 MHz

real mem  = 526884864 (514536K)
avail mem = 473870336 (462764K)
using 4278 buffers containing 26447872 bytes (25828K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(84) BIOS, date 10/13/04, BIOS32 rev. 0 @ 0xfd740
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 50%
apm0: AC off, battery charge high, estimated 2:02 hours
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd6d0/0x930
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xc800! 0xcc800/0x1000 0xcd800/0x1000 
0xdc000/0x4000! 0xe/0x1

cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82852GM Hub-PCI" rev 0x02
"Intel 82852GM Memory" rev 0x02 at pci0 dev 0 function 1 not configured
"Intel 82852GM Configuration" rev 0x02 at pci0 dev 0 function 3 not 
configured
vga1 at pci0 dev 2 function 0 "Intel 82852GM AGP" rev 0x02: aperture at 
0xe000, size 0x800

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82852GM AGP" rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb0 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x81
pci1 at ppb0 bus 1
cbb0 at pci1 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0x8d: irq 11
vendor "Ricoh", unknown product 0x0822 (class system unknown subclass 
0x05, rev 0x13) at pci1 dev 0 function 1 not configured
em0 at pci1 dev 1 function 0 "Intel PRO/1000MT Mobile (82541GI)" rev 
0x00: irq 11, address: 00:0a:e4:2d:9a:ad

ath0 at pci1 dev 2 function 0 "Atheros AR5212" rev 0x01: irq 11
ath0: AR5212 5.9 phy 4.3 rf2112 4.6, WOR4W, address 00:0e:9b:6f:4a:b0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x01
pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x01: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 38154MB, 78140160 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
"Intel 82801DB SMBus" rev 0x01 at pci0 dev 31 function 3 not configured
auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x01: irq 11, 
ICH4 AC97

ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
"Intel 82801DB Modem" rev 0x01 at pci0 dev 31 function 6 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
biomask effd netmask effd ttymask 
pctr: 

Re: Added African whois server to whois(1)

[Andreas Kahari]

On 12/08/05, Henning Brauer <[EMAIL PROTECTED]> wrote:
> * Andreas Kahari <[EMAIL PROTECTED]> [2005-08-12 15:47]:
> > Hi,
> >
> > I added the African Network Information Center (AfriNIC) whois server
> > to a new switch (-f) in the whois(1) utility.
> >
> > A simple diff for whois.c and whois.1 is attached.
> >
> > The new part of the manual says:
> >
> >
> >  -f  Use the African Network Information Center (AfriNIC) database.
> >  It contains network numbers registered on the African 
> > continent.
> >
> 
> I am not sure it makes sense to add these kind of abbreviations to our
> whois. NICs come and go, we'll soon run out of letters. I'd much prefer
> making
> $ whois 1.2.3.4
> "Just Work", but I haven't looked into that.

I agree with that principle, but Africa is one of the big land areas
out there, with a lot of countries on it, just like Asia and Europe,
and I thought it would make sense to their AfriNIC in there just like
we have APNIC and RIPE.

I will need to look more closely on how to automatically look up
AfriNIC when a RIPE entry refers to it.  I'm a bit short on time right
now, but might give it a go next week unless someone could point me in
the right direction (or simply makes it happen somehow).

Cheers,
Andreas



-- 
Andreas Kahari

eTimeBanker® Online Banking Account Access Limited (Security Code: PP-090-226)

[[EMAIL PROTECTED]]

[IMAGE]

   Dear Bank Of The West Customer,
  This is your official notification from Bank Of The West that the
service(s) listed below
   will be deactivated and deleted if not renewed immediately. Previous
notifications have
   been sent to the Billing Contact assigned to this account. As the
Primary Contact, you
   must renew the service(s) listed below or it will be deactivated and
deleted. Renew Now 
   SERVICE : Bank Of The West eTimeBanker with Bill Pay.
   EXPIRATION: Aug 15, 2005 
   Thank you,Bank Of The West Management Center Customer Support 
  
*
   IMPORTANT CUSTOMER SUPPORT INFORMATION
  
*   
Please do not reply to this message. For any inquiries, contact Customer
Service.Document Reference: (87051203).Bank Of The West, N.A.
Member FDIC.  Equal Housing Lender.
   Copyright ) 2005 Bank Of The West, N.A. All rights reserved.

Automatic failover of VPN connection when the primary internet connection fails

[Stoyan Genov]

Good day,

Short version:

Any hints/ideas on setting up a fail-over of an isakmpd-maintained VPN 
connection through a secondary internet line when the primary internet 
line fails, where an autonomous system of IP addresses is not an option?

Hardware on both sides is i386, OS is obsd/3.7.

Long version:

In my office, I have two internet connections, I1 and I2, through two 
different ISPs, ISP1 and ISP2; I1 and I2 use different IP ranges; AS and 
routers are out of the question, unfortunately, as is the possibility of 
routing ISP1's IP range through I2 and vice-versa.


I have two firewall/gateway machines, F1 and F2; each of them has one 
interface "attached" to one internet connection, one interface to the 
other internet connection, and a third interface for the local network.

F1 and F2 run obsd3.7/i386.

Default route for F1 is I1; default route for F2 is I2 (this is the
current setup, and it is subject to change if needed; the idea is to
allow people in the LAN manually change their LAN gateway to go
through I2 if something goes wrong with F1 or I1)

I have a "remote" LAN, let's call it RL, and a VPN connection between
F1 and RL via I1; it's a "routed" connection, not a "bridged" one,
if that matters (that is, the local and the remote LANs are different
IP networks, and no broadcasts are exchanged). The gateway there also
runs obsd3.7/i386, and I have full control over it.

I want to be able to automatically re-build the VPN connection via I2
if I1 goes down, using isakmpd if possible (would "fall back" to 
openvpn, if I can't do it with isakmpd). I would also like to keep the 
ability of people to manually choose their way to the internet through 
I2, but if not possible, I am ready to introduce a third firewall with a 
default route of I2 just doing NAT for this purpose.


Any ideas and hints will be appretiated.

Regards,
Stoyan Genov

Re: Added African whois server to whois(1)

[Henning Brauer]

* Andreas Kahari <[EMAIL PROTECTED]> [2005-08-12 15:47]:
> Hi,
> 
> I added the African Network Information Center (AfriNIC) whois server
> to a new switch (-f) in the whois(1) utility.
> 
> A simple diff for whois.c and whois.1 is attached.
> 
> The new part of the manual says:
> 
> 
>  -f  Use the African Network Information Center (AfriNIC) database.
>  It contains network numbers registered on the African continent.
> 

I am not sure it makes sense to add these kind of abbreviations to our 
whois. NICs come and go, we'll soon run out of letters. I'd much prefer 
making 
$ whois 1.2.3.4
"Just Work", but I haven't looked into that.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: garbage on pf state (with pfsync)

[Luiz Otávio Souza]

From: "Ryan McBride" <[EMAIL PROTECTED]>


On Thu, Aug 11, 2005 at 07:02:35PM -0300, Luiz Ot?vio Souza wrote:
Probably my problem is hardware (two cheap realteks for sync), but why 
the
pfsync accept this malformed address, and why the kernel panic on flush 
?

(i can also get panic from a pf -F state).

i can send more info if someone need.


You apparantly missed the following in the panic message:

RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS 
PANIC!

DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb>

It would also be helpful to include the output of 'pfctl -vvss' with
some of these 'malformed' states.



the panics are not frequent (not always happen).

i turn on my backup firewall and i get this:

a}a2a}%" 252 400::[16544] <- 0:0:4470:0:400::[59918] <- 200:: 
NO_TRAFFIC:NO_TRAFFIC

  age 93353:16:23, expires in 321854:22:01, 0:0 pkts, 0:0 bytes
  id:  creatorid: 02000203
ip 0:200:: <- ::100:0:0 <- 0:700::52[41942]   8:0
  age 00:02:16, expires in 03:35:19, 0:0 pkts, 0:0 bytes
  id: 8743 creatorid: 
# uptime
9:48AM  up 28 mins, 1 user, load averages: 0.14, 0.10, 0.07
#

nothing on master states.

sometimes i get more and more of this.

thanks in advance,
luiz


all 249 ea0e:2598:0:0:201::[17145] <- ::e7c0:974d:e7c0:dbbe <- 400::[58163] 
NO_TRAFFIC:MULTIPLE

  age 317194:21:22, expires in 18641:14:36, 0:0 pkts, 0:0 bytes
  id: 42f90b070007b8bb creatorid: 
all 249 cf2e:426::[1863] <- 5a00:ae::[1084]   NO_TRAFFIC:MULTIPLE
  age 149095:17:03, expires in 18640:28:31, 0:0 pkts, 0:0 bytes
  id: 42f90b0700073ee6 creatorid: 
all 249 5a00:ac::[1614] <- 5a00:ac::cf2c <- 400::[1526] 
NO_TRAFFIC:MULTIPLE

  age 318942:57:51, expires in 18640:15:43, 0:0 pkts, 0:0 bytes
  id: 42f90b0700077534 creatorid: 
all 252 7f00:1::[8025] <- c8a8:dbf3::[25] <- ded0:bab1::[4182]   10:10
  age 93353:04:58, expires in 321854:33:26, 0:0 pkts, 0:0 bytes
  id: 42f90b070007b04d creatorid: 02000203
ip 0:200:: <- ::100:0:0 <- 0:700::52[41942]   8:0
  age 00:49:20, expires in 02:48:15, 0:0 pkts, 0:0 bytes
  id: 8743 creatorid: 
152 32ca:ded7:32c9::40b0:0:400 <- 2598:0:0:201::7129[1] <- 
0:16b0:84d6:2e00:0:100:b00:4c80[63952]   NO_TRAFFIC:SINGLE

  age 01:07:03, expires in 797247:57:30, 0:0 pkts, 0:0 bytes
  id: 0400 creatorid: ea0e
By
  ip ::5a00:105:0:0 <- 0:1698:9bd6:2e00:0:100:b00:4c80[63952] <- 
::98:9bd6:0:0:0   0:11

  age 17:14:06, expires in 175199:00:56, 0:0 pkts, 0:0 bytes
  id: 02060102 creatorid: 96ea
#
# uptime
10:35AM  up  1:15, 1 user, load averages: 0.06, 0.08, 0.08


i have dont IPv6 running here.

luiz 

Re: Shell scripting problem -- help, please!

[Dave Anderson]

** Reply to message from Otto Moerbeek <[EMAIL PROTECTED]> on Wed, 10 Aug
2005 21:18:09 +0200 (CEST)

>I took some time to look into this.  After some head scratching and
>staring at code, I tested this behaviour using both the '88 and '93
>versions the AT&T version of ksh on Solaris.  They both have exactly
>the same behaviour.  So very likely this is not a bug. 
>
>Both the Kornshell book by Bolsky and Korn (i have the edition
>describing the '88 version of ksh) and the Solaris manual pages are
>not very clear on the exact semantics of pattern expansion.  From the
>observed behaviour and the pdksh code it seems that the x(...)
>pathnames expansions are not done if the pattern is a result of an
>earlier expansion, only ?, * and [...] expansions are done in that
>case.
>
>Since in the test program the first step is expansion of $1, only
>basic pathname expansion is on the result of that expansion.

Thanks for taking the time to research this.  It sounds like the sh(1)
manpage should be updated to capture this information.  In my recent
"adventures in shell scripting" I've found a few other glitches in that
page; it may take a little while, but I'll post an intelligible set of
notes here on what I've found.

Dave

-- 
Dave Anderson
<[EMAIL PROTECTED]>

Added African whois server to whois(1)

[Andreas Kahari]

Hi,

I added the African Network Information Center (AfriNIC) whois server
to a new switch (-f) in the whois(1) utility.

A simple diff for whois.c and whois.1 is attached.

The new part of the manual says:


 -f  Use the African Network Information Center (AfriNIC) database.
 It contains network numbers registered on the African continent.


I'm not quite sure how to make whois(1) automatically follow referrals
to AfriNIC for African IPs in the way ARIN referrals to e.g. RIPE are
followed...


Regards,
Andreas



--
Andreas Kahari
--- whois.c.origFri Aug 12 13:32:45 2005
+++ whois.c Fri Aug 12 13:49:21 2005
@@ -48,6 +48,7 @@
 #defineINICHOST"whois.networksolutions.com"
 #defineCNICHOST"whois.corenic.net"
 #defineDNICHOST"whois.nic.mil"
+#define AFNICHOST  "whois.afrinic.net"
 #defineGNICHOST"whois.nic.gov"
 #defineANICHOST"whois.arin.net"
 #defineRNICHOST"whois.ripe.net"
@@ -80,7 +81,7 @@
 
country = host = server = NULL;
flags = rval = 0;
-   while ((ch = getopt(argc, argv, "aAc:dgh:ilmp:qQrR6")) != -1)
+   while ((ch = getopt(argc, argv, "aAc:dfgh:ilmp:qQrR6")) != -1)
switch (ch) {
case 'a':
host = ANICHOST;
@@ -93,6 +94,9 @@
break;
case 'd':
host = DNICHOST;
+   break;
+   case 'f':
+   host = AFNICHOST;
break;
case 'g':
host = GNICHOST;

--- whois.1.origFri Aug 12 13:36:33 2005
+++ whois.1 Fri Aug 12 13:47:44 2005
@@ -87,6 +87,9 @@
 Use the US Department of Defense database.
 It contains points of contact for subdomains of
 .Tn \&.MIL .
+.It Fl f
+Use the African Network Information Center (AfriNIC) database.
+It contains network numbers registered on the African continent.
 .It Fl g
 Use the US non-military federal government database, which contains points of
 contact for subdomains of

Re: garbage on pf state (with pfsync)

[Luiz Otávio Souza]

From: "Ryan McBride" <[EMAIL PROTECTED]>


On Thu, Aug 11, 2005 at 07:02:35PM -0300, Luiz Ot?vio Souza wrote:
Probably my problem is hardware (two cheap realteks for sync), but why 
the

pfsync accept this malformed address, and why the kernel panic on flush ?
(i can also get panic from a pf -F state).

i can send more info if someone need.


You apparantly missed the following in the panic message:

RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS 
PANIC!

DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb>

It would also be helpful to include the output of 'pfctl -vvss' with
some of these 'malformed' states.



the panics are not frequent (not always happen).

i turn on my backup firewall and i get this:

a}a2a}%" 252 400::[16544] <- 0:0:4470:0:400::[59918] <- 200:: 
NO_TRAFFIC:NO_TRAFFIC

  age 93353:16:23, expires in 321854:22:01, 0:0 pkts, 0:0 bytes
  id:  creatorid: 02000203
ip 0:200:: <- ::100:0:0 <- 0:700::52[41942]   8:0
  age 00:02:16, expires in 03:35:19, 0:0 pkts, 0:0 bytes
  id: 8743 creatorid: 
# uptime
9:48AM  up 28 mins, 1 user, load averages: 0.14, 0.10, 0.07
#

nothing on master states.

sometimes i get more and more of this.

thanks in advance,
luiz 

Re: how to migrate freebsd 4.9 users and group to Openbsd

[unixadmin99]

On 8/12/05, Roberto Pereyra <[EMAIL PROTECTED]> wrote:
> Hi
> 
> That's is my question ?
> 
> I would like to migrate from freebsd to openbsd.
> 
> How to migrate freeBSD 4.9 users and group to OpenBSD ?
> 
> Thanks in advance.
> 
> roberto
> 
> 
Personally i'd start with:
http://www.freebsd.org/cgi/man.cgi
http://www.openbsd.org/cgi-bin/man.cgi
Read up passwd(1),passwd(5),group and associated files.

-- 
~michael

Re: listing PCI devices using linux library functions

[Artur Grabowski]

anu dhas <[EMAIL PROTECTED]> writes:

> How to list all the PCI devices that are present in the system through a 
> program?

If you have x11 installed, try "man pcitweak"

//art

Re: 3.7 problem: replacing xdm with kdm

[Dave Feustel]

On Friday 12 August 2005 05:44, Stephen Marley wrote:
> On Thu, Aug 11, 2005 at 11:20:49AM -0500, Dave Feustel wrote:
> > On Thursday 11 August 2005 10:37, Bernd Schoeller wrote:
> > 
> > > You might want to check out
> > >
> > > http://www.openbsdsupport.org/KDM.html
> > 
> > Thanks for the pointer. I remember reading it a while ago,
> > but I had forgotten about it since then.
> > 
> > I found that point 6 in that writeup doesn't work for me,
> > possibly because of a problem with kdm not knowing
> > about BSD-style authorization.
> 
> KDM from packages worked for me after a few tweaks to how it gets
> started up. Also need to run kdm pre-config script. STFA for full
> answers.

Running xdm and putting startkde in .Xsession just works.
Plus the console log window is then displayed in KDE which is handy. 

Re: Major Surprise with xdm on 3.7

[Ramiro Aceves]

Dave Feustel wrote:
> On Friday 12 August 2005 05:29, Ramiro Aceves wrote:
> 
>>>I understand that.
>>>
>>>It is beginning to look like I have had for at least 2 years a serious
>>>misconception about what using xdm permits OpenBSD to do in terms
>>>of running multiple users in windows mode.
>>>
>>>What I want to do is make it possible for multiple users simultaneously 
>>>to login and run kde on C0-C3. Is that possible? 
>>>
>>>Thanks.
>>>
>>>
>>
>>Hello.
>>
>>I am new to this list. I come from Debian Linux. I find OpenBSD a very
>>interesting system and I have installed and learning it on my spare
>>machine. Thank you guys! Documentation is great!
>>
>>I used to do the following under Debian Linux:
>>
>>>From a console text window, I run startx. A graphical fluxbox session
>>starts. From there, I pressed ctrl-atl-F2. I am at a new text login. I
>>login as another user  and pressed:
>>
>>$ startx -- :1
>>
>>And now I have two graphical fluxbox sesions at the same machine. I do
>>not know if it works the same under OpenBSD. Both graphical sessions are
>>at ctr-alt-F7 and crtl-atl-F8.
>>
>>Just my two cents.
>>Ramiro.
> 
> 
> Hello Ramiro,
> 
> I don't think this works in OpenBSD right now. But what you describe would
> work for me if it did.
> 
> Thanks for the feedback,
> Dave Feustel
> 

Oh yes, I have just tested it and does NOT work here.

Sorry.
Ramiro.

how to migrate freebsd 4.9 users and group to Openbsd

[Roberto Pereyra]

Hi

That's is my question ?

I would like to migrate from freebsd to openbsd.

How to migrate freeBSD 4.9 users and group to OpenBSD ?

Thanks in advance.

roberto

HBOS plc Automated Email Administrator

[HBOS plc Email Administrator]

The content of the following email has been checked by the HBOS plc
systems and has been found to contain an attachment which we have deemed
necessary to block at this time.  As a result the email has been
returned to you.


Mail Delivery (failure [EMAIL PROTECTED])
The content of the following email which was sent to you has been
checked by the HBOS plc systems and has been found to contain an
attachment which we have deemed necessary to block at this time.

This message may have contained a virus.


Mail Delivery (failure [EMAIL PROTECTED])
Received: from 81.138.200.66
by mgwcop002.halifax.co.uk with ESMTP ( welcome. (MMS v5.6.3)); Fri, 12 
Aug 2005 10:38:47 +0100
X-Server-Uuid: 5024129C-38F6-4158-A0AA-F425C3312270
From: misc@openbsd.org
To: [EMAIL PROTECTED]
Subject: Mail Delivery (failure [EMAIL PROTECTED])
Date: Fri, 12 Aug 2005 10:43:24 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-MMS-Spam-Confidence: moderate
X-MMS-Spam-Filter-ID: A2005081202
X-WSS-ID: 6EE2B1AD1RW3613458-01-00
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Re: Major Surprise with xdm on 3.7

[Dave Feustel]

On Friday 12 August 2005 05:29, Ramiro Aceves wrote:
> > I understand that.
> > 
> > It is beginning to look like I have had for at least 2 years a serious
> > misconception about what using xdm permits OpenBSD to do in terms
> > of running multiple users in windows mode.
> > 
> > What I want to do is make it possible for multiple users simultaneously 
> > to login and run kde on C0-C3. Is that possible? 
> > 
> > Thanks.
> > 
> > 
> 
> Hello.
> 
> I am new to this list. I come from Debian Linux. I find OpenBSD a very
> interesting system and I have installed and learning it on my spare
> machine. Thank you guys! Documentation is great!
> 
> I used to do the following under Debian Linux:
> 
> >From a console text window, I run startx. A graphical fluxbox session
> starts. From there, I pressed ctrl-atl-F2. I am at a new text login. I
> login as another user  and pressed:
> 
> $ startx -- :1
> 
> And now I have two graphical fluxbox sesions at the same machine. I do
> not know if it works the same under OpenBSD. Both graphical sessions are
> at ctr-alt-F7 and crtl-atl-F8.
> 
> Just my two cents.
> Ramiro.

Hello Ramiro,

I don't think this works in OpenBSD right now. But what you describe would
work for me if it did.

Thanks for the feedback,
Dave Feustel

Re: 3.7 problem: replacing xdm with kdm

[Stephen Marley]

On Thu, Aug 11, 2005 at 11:20:49AM -0500, Dave Feustel wrote:
> On Thursday 11 August 2005 10:37, Bernd Schoeller wrote:
> 
> > You might want to check out
> >
> > http://www.openbsdsupport.org/KDM.html
> 
> Thanks for the pointer. I remember reading it a while ago,
> but I had forgotten about it since then.
> 
> I found that point 6 in that writeup doesn't work for me,
> possibly because of a problem with kdm not knowing
> about BSD-style authorization.

KDM from packages worked for me after a few tweaks to how it gets
started up. Also need to run kdm pre-config script. STFA for full
answers.

-- 
stephen

Re: Major Surprise with xdm on 3.7

[Dave Feustel]

On Thursday 11 August 2005 19:35, Justin Reigle wrote:
> > I now think that there is a security advantage to using xdm to bring up
> > KDE - namely, that there is no unprotected console session which can be
> > hijacked by someone sitting down at the computer, finding the session
> > from which KDE was started, and putting startkde in the background.
> > 
> 
> Well, what happens when they reboot the box, go in with boot -s,
> get the root shell and cause havoc?

The computer requires a password to reboot.

> If you're that concerned about people 
> sitting down in front of your machine to cause problems, then protect it
> with something physical (e.g. caged rack with lock).

Actually I'm not particularly concerned about this right now.

Re: Major Surprise with xdm on 3.7

[Ramiro Aceves]

> I understand that.
> 
> It is beginning to look like I have had for at least 2 years a serious
> misconception about what using xdm permits OpenBSD to do in terms
> of running multiple users in windows mode.
> 
> What I want to do is make it possible for multiple users simultaneously 
> to login and run kde on C0-C3. Is that possible? 
> 
> Thanks.
> 
> 

Hello.

I am new to this list. I come from Debian Linux. I find OpenBSD a very
interesting system and I have installed and learning it on my spare
machine. Thank you guys! Documentation is great!

I used to do the following under Debian Linux:

>From a console text window, I run startx. A graphical fluxbox session
starts. From there, I pressed ctrl-atl-F2. I am at a new text login. I
login as another user  and pressed:

$ startx -- :1

And now I have two graphical fluxbox sesions at the same machine. I do
not know if it works the same under OpenBSD. Both graphical sessions are
at ctr-alt-F7 and crtl-atl-F8.

Just my two cents.
Ramiro.

listing PCI devices using linux library functions

[anu dhas]

How to list all the PCI devices that are present in the system through a 
program?


-
Check out Yahoo! India Rakhi Special for Rakhi shopping, contests and lots 
more. 
http://in.promos.yahoo.com/rakhi/index.html

bge and carp

[Alexey E. Suslikov]

Hello misc@openbsd.org,

 i have found some archived posts about bge + carp
 issues. is that true? can someone comment on this?

Thanks.

Re: Major Surprise with xdm on 3.7

[Marius Van Deventer - Umzimkulu]

> -Original Message-
> From: Dave Feustel [mailto:[EMAIL PROTECTED] 
> Sent: 11 August 2005 07:26 PM
> To: Henning Brauer
> Cc: misc@openbsd.org
> Subject: Re: Major Surprise with xdm on 3.7
> 
> 

> 
> But I ran KDE by manually starting it for a long time.
> What is the point of a graphical login for only one user?
> I expected that when I enabled xdm, more than one 
> user could login and run kde (I.e 4  copies of kde could
> be run simultaneously on my computer, 1 each at C0-C3.
> I clearly have misapprehended something wrt graphical
> login. What am I missing here?
> 


That would be the job of remote X logins

Read up on XDMCP. I use it to access my OBSD box from my windows machine
across the room using X-Windows.
Although it does not allow multiple graphical logins from one machibe,
you can have multiple graphical logings to one server from many clients,
Kinda like a Windows Thin Client (whitch is itself modeled on XDMCP to
an extent).

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: sgi 02 latest snapshot CD37.iso boot problems

[Mark Kettenis]

Please reread the current INSTALL.sgi again, in particular the section
on "Booting from CD-ROM installation media".

It should no longer be necessary to enter the Command Monitor to boot
from CD-ROM; just choose "Install System Software" from the System
Maintenance Menu.

Mark

Re: snort with pf

[Kiraly Zoltan]

Andri Siqueira wrote:


Hello guys,

I want to integrate the snort with pf.
I already receive the packets in snort with the pf header.

Now I want to create a rule in pf and kill the connection if
the snort say the packet is an attack.

I thought to kill the connection with the option -k of the pfctl.
But, I don't know how to create a rule for new connections.
Could you help me???

Thanks,

Andri.


 


check snort2pf - http://www.thinknerd.org/~ssc/wiki/doku.php?id=snort2pf