Re: i386 binaries on amd64

[Janne Johansson]

Tony Lambiris wrote:
In reading some mailing lists, I noticed some people pass in the -m32 
flag when compiling to compile 32bit instead of 64bit... I added the 
flag to the Makefile and everything compiles except when I try to link 
all the objects into an executable, I get these errors:


/usr/bin/ld: warning: i386 architecture of input file `some.o' is 
incompatible with i386:x86-64 output


Is compiling this way possible at all?


No.

Re: Default domain not working

[Bill]

Thanks Otto and Killi

I get it now...

Re: Default domain not working

[Otto Moerbeek]

On Wed, 31 Aug 2005, Bill wrote:

> On Wed, 31 Aug 2005 07:58:24 +0200 (CEST)
> Otto Moerbeek <[EMAIL PROTECTED]> wrote:
> 
> > 
> > On Wed, 31 Aug 2005, Bill wrote:
> > 
> > > I have a problem, which will probably end up being a stupid mistake.
> > > I have 3.7 running (fresh install) using the stock BIND and DHCP systems
> > > 
> > > My problem is that I cannot get the default domain to work.
> > > 
> > > So:
> > >   dig www 
> > > 
> > > does not work, while
> > >   dig www.domainname.com
> > > 
> > > does work fine.
> > 
> > How about reading the man page?
> > 
> >   +[no]search
> > Use [do not use] the search  list  defined  by  the
> > searchlist  or  domain directive in resolv.conf (if
> > any).  The search list is not used by default.
> > 
> > 
> > -Otto
> 
> Thanks Otto.  But aside from convincing me I am just plain crazy...
> that just confuses me a bit more.  I did spend time with the man
> page,   But the man page also says, and this is what threw me...
> 
> +domain=somename
>   Set  the  search  list to contain the single domain
>   somename, as if specified in a domain directive  in
>   /etc/resolv.conf, and enable search list processing
>   as if the +search option were given.
> 
> "AS IF specified in the domain directive" which I have.  So as I (mis)
> understand it, the +search would be in addition to the domain
> directive... I was thinking the search list was the search directive,
> not the default domain name.  Even sounds like that above... It
> describes both and then says only one of them is not used by default.

Read again, the search description uses "search list" (the complete
list) and "searchlist" (the option in resolv.conf). The search list is
consrtructed from the domain + searchlist directives, as described in
resolv.conf(5).

> My issue is I want to be able to use the default domain other places in
> the system.   My dhcpd.conf has a whole slew of 
> 
> fixed-address prn1;
> 
> Which I'd like the default domain to be looked up.  Since I cannot get
> a ping to work on the default (or dig) I am pretty sure the problem is
> before that.  This must be doable, right?

Other programs do use the domain search list. Try e.g. host(1). If that
does not work, there's indeed something wrong with your config.

-Otto

Re: isakmpd to cisco pix

[Richard Green]

A late follow-up, just in case this helps anyone else while searching the 
archives of this list etc., this turned out to be a pix configuration 
issue...

Since we also have an easy vpn on the same pix (for Cisco's software VPN 
client), we had to add two extra attributes at the end of the line on which 
we defined the pre-shared key, as shown below:
 
isakmp key  address  netmask 255.255.255.255 no-xauth 
no-config-mode 
 
Cheers
Richard


On Wed, 11 May 2005 11:59 am, you wrote:
> NAT is not in use, the two peers are in direct contact
> with each other.
>
> OS version: Cisco PIX Firewall Version 6.3(4)120
> PIX model: Hardware: PIX-515E
>
> Regards
> Richard
>
> --- Petr Ruzicka <[EMAIL PROTECTED]> wrote:
> > two more questions
> > - pix version ?
> > - is nat in use ?
> >
> > Petr R.
> >
> > --- Richard Green <[EMAIL PROTECTED]> wrote:
> >
> > Hi
> >
> > Thanks, for your replies. I have some additional
> > information now -
> > the cisco config (below) - though it still looks
> > quite sensibly configured
> > (to someone who doent know any cisco commands ;)),
> > and
> > the errors remain :(
> >
> > Regards, Richard
> >
> > --- Erik Carlseen <[EMAIL PROTECTED]> wrote:
> > > It would be helpful if you could provide sanitized
> > > configuration files
> > > from both the OpenBSD box and the PIX (just search
> >
> > &
> >
> > > replace out
> > > anything confidential, but pleasebe consistant).
> > >
> > > Also, I've found (at least for me) that a good
> > > command line for debug
> > > purposes is:
> > >
> > > isakmpd -f- -d -L -D0=79 -D1=70 -D2=90 -D3=80
> >
> > -D4=99
> >
> > > -D5=99 -D6=99
> > > -D7=99 -D8=99 -D9=99
> > >
> > > For Phase 2 debugging, pay extra attention to the
> > > 'SA' debug messages.
> > >
> > > Regards,
> > >
> > > Erik Carlseen
> >
> > and...
> >
> > --- Petr Ruzicka <[EMAIL PROTECTED]> wrote:
> > > Hi, could you get configuration of PIX. Not all of
> >
> > it required, just isakmp and crypto map stuff.
> >
> > > Do they use xauth ?
> > >
> > > Petr R.
> > >
> > >> Cisco config (sanitized):
> >
> > access-list cryptomap_20 permit ip 10.3.3.8
> > 255.255.255.248 192.168.157.0 255.255.255.0
> >
> > sysopt connection permit-ipsec
> >
> > crypto ipsec transform-set ESP-3DES-MD5 esp-3des
> > esp-md5-hmac
> >
> > crypto map some_map 20 ipsec-isakmp
> > crypto map some_map 20 match address cryptomap_20
> > crypto map some_map 20 set peer 10.1.1.17
> > crypto map some_map 20 set transform-set
> > ESP-3DES-MD5
> > crypto map some_map 20 set security-association
> > lifetime seconds 1800 kilobytes 4608000
> > crypto map some_map interface outside
> >
> > isakmp enable outside
> > isakmp key shared-secret address 10.1.1.17 netmask
> > 255.255.255.255
> > isakmp identity address
> >
> > isakmp policy 20 authentication pre-share
> > isakmp policy 20 encryption 3des
> > isakmp policy 20 hash md5
> > isakmp policy 20 group 2
> > isakmp policy 20 lifetime 86400
> >
> > >> /etc/isakmpd/isakmpd.conf config (sanitized)
> >
> > [Phase 1]
> > 10.0.0.81=peer-machine-WCpix
> >
> > [Phase 2]
> > Connections=VPN-SZ-WCSQL
> >
> > [peer-machine-WCpix]
> > Phase=  1
> > Transport=  udp
> > Address=10.0.0.81
> > Local-address=  10.1.1.17
> > Configuration=  Default-main-mode
> > Authentication= shared-secret
> >
> > [VPN-SZ-WCSQL]
> > Phase=  2
> > ISAKMP-peer=peer-machine-WCpix
> > Configuration=  Default-quick-mode
> > Local-ID=   SZ-internal-network
> > Remote-ID=  WCSQL-subnet
> >
> > [SZ-internal-network]
> > ID-type=IPV4_ADDR_SUBNET
> > Network=192.168.157.0
> > Netmask=255.255.255.0
> >
> > [WCSQL-subnet]
> > ID-type=IPV4_ADDR_SUBNET
> > Network=10.3.3.8
> > Netmask=255.255.255.248
> >
> > [Default-main-mode]
> > DIO=IPSEC
> > EXCHANGE_TYPE=  ID_PROT
> > Transforms= 3DES-MD5
> >
> > [Default-quick-mode]
> > DOI=IPSEC
> > EXCHANGE_TYPE=  QUICK_MODE
> > Suites= QM-ESP-3DES-MD5-SUITE
> >
> > [3DES-MD5]
> > GROUP_DESCRIPTION=  MODP_1024
> >
> > [QM-ESP-3DES-MD5-PFS-SUITE]
> > GROUP_DESCRIPTION=  MODP_1024
> >
> > #
> >
> > >> And some parts of the debug log at your suggested
> >
> > debug level, at points where errors seem to occur.
> > .
> > .
> > 104124.523585 Exch 90 dpd_check_vendor_payload: bad
> > size 8 != 16
> > .
> > .
> > 104124.582274 SA   60 sa_create: sa 0x3c067d00 phase
> > 2 added to exchange 0x3c067a00 (VPN-SZ-WCSQL)
> > 104124.582284 Mesg 90 message_alloc: allocated
> > 0x3c06b700
> > 104124.582292 SA   80 sa_reference: SA 0x3c067900
> > now has 6 references 104124.582301 Cryp 60 hash_get:
> > requested algorithm 0
> > 104124.582399 Misc 70 attribute_set_constant: no
> > GROUP_DESCRIPTION in the QM-ESP-3DES-MD5-XF section
> > 104124.58

Re: Default domain not working

[Bill]

On Wed, 31 Aug 2005 07:58:24 +0200 (CEST)
Otto Moerbeek <[EMAIL PROTECTED]> wrote:

> 
> On Wed, 31 Aug 2005, Bill wrote:
> 
> > I have a problem, which will probably end up being a stupid mistake.
> > I have 3.7 running (fresh install) using the stock BIND and DHCP systems
> > 
> > My problem is that I cannot get the default domain to work.
> > 
> > So:
> > dig www 
> > 
> > does not work, while
> > dig www.domainname.com
> > 
> > does work fine.
> 
> How about reading the man page?
> 
>   +[no]search
> Use [do not use] the search  list  defined  by  the
>   searchlist  or  domain directive in resolv.conf (if
> any).  The search list is not used by default.
> 
> 
>   -Otto

Thanks Otto.  But aside from convincing me I am just plain crazy...
that just confuses me a bit more.  I did spend time with the man
page,   But the man page also says, and this is what threw me...

+domain=somename
  Set  the  search  list to contain the single domain
  somename, as if specified in a domain directive  in
  /etc/resolv.conf, and enable search list processing
  as if the +search option were given.

"AS IF specified in the domain directive" which I have.  So as I (mis)
understand it, the +search would be in addition to the domain
directive... I was thinking the search list was the search directive,
not the default domain name.  Even sounds like that above... It
describes both and then says only one of them is not used by default.

My issue is I want to be able to use the default domain other places in
the system.   My dhcpd.conf has a whole slew of 

fixed-address prn1;

Which I'd like the default domain to be looked up.  Since I cannot get
a ping to work on the default (or dig) I am pretty sure the problem is
before that.  This must be doable, right?

Re: Default domain not working

[Matthias Kilian]

On Wed, Aug 31, 2005 at 01:49:59AM -0400, Bill wrote:
> My problem is that I cannot get the default domain to work.
> 
> So:
>   dig www 
> 
> does not work, while
>   dig www.domainname.com
> 
> does work fine.
> 
> Things I have checked:
> 
> resolv.conf

This is used by the resolver, not by DNS lookup tools like dig(1)
or host(1).

Ciao,
Kili

Re: Default domain not working

[Otto Moerbeek]

On Wed, 31 Aug 2005, Bill wrote:

> I have a problem, which will probably end up being a stupid mistake.
> I have 3.7 running (fresh install) using the stock BIND and DHCP systems
> 
> My problem is that I cannot get the default domain to work.
> 
> So:
>   dig www 
> 
> does not work, while
>   dig www.domainname.com
> 
> does work fine.

How about reading the man page?

  +[no]search
Use [do not use] the search  list  defined  by  the
searchlist  or  domain directive in resolv.conf (if
any).  The search list is not used by default.


-Otto

Default domain not working

[Bill]

I have a problem, which will probably end up being a stupid mistake.
I have 3.7 running (fresh install) using the stock BIND and DHCP systems

My problem is that I cannot get the default domain to work.

So:
dig www 

does not work, while
dig www.domainname.com

does work fine.

Things I have checked:

resolv.conf
Has the: domain domainname.com
I also tried the search domainname.com entry also

I read that dig gets its default from the hostname, so I checked my
hostname setting: core.domainname.com
(Set in /etc/myname)

I have it running its own named server, without any connections to
forward at this time, which resolves the full domain name fine.

I've tried adding the /etc/defaultdomain file, which I did not think
had anything to do with it, but to no avail.

If I do dig www +domain=domainname.com it works fine (but I would
expect that to)

I tried googling but nothing good... or helpful.  

What am I missing?  Everything I read says this should work...

Thanks for any advice on this

Re: using restore command from files?

[Siju George]

On 8/29/05, Matt Singerman <[EMAIL PROTECTED]> wrote:
>
> > On 8/29/05, scorch <[EMAIL PROTECTED]> wrote:
> > > Matt Singerman said the following on 2005-08-29 22:32:
> > >
> > > >I did the restore, and it actually appears to have worked! however.
> > > >And ugh, this is a however. The drive partitions that I created are
> > > >slightly, er, off. I mapped /usr to /dev/wd0g, but the system is
> > > >looking for it in /dev/wd0f. Obviously, this is not working. How can
> > > >I fix this?!
> > > >
> > > >
> > > looks like your /etc/fstab doesn't match your disklabel... or is there
> > > some error message you need to send us?
> > >
> > >
> > > cheers, scorch
> > >
> > > --
> > > out of the frying pan and into the fire
>
> Argh. So here is what is going on:
>
> The restore seems to have worked. The system boots, services start,
> it's all hunky-dorey. However, there is no network. No. Network. I
> run ifconfig -a, and device xl0 is started ok. However, dc0 isn't. I
> don't know if it *should* be started, but the system seems to require
> it - there are calls to it in pf.conf, and in snort's config files.

 there is no network because your present network card (xl0) is not
configured.
your previous system used a network card supported by the driver

http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4&apropos=0&manpath=O
penBSD+Current&arch=i386
 To find out how OpenBSD names Network cards and to set up Networking please
read
 http://www.openbsd.org/faq/faq6.html#Setup
 Your present computer uses the Network card supported by the driver

http://www.openbsd.org/cgi-bin/man.cgi?query=xl&apropos=0&sektion=0&manpath=O
penBSD+Current&arch=i386&format=html
 You can enable network in your computer by following these steps.
 1) Create a network configuration file for xl0 interface
 mv /etc/hostname.dc0 /etc/hostname.xl0
 2) Restart your network.
 sh /etc/netstart
 The above script should be explictly run in "sh" shell.
 3) Change the macro in your pf.conf for dc0 to point to xl0.
 If you did not use a macro then it is a bad practice please read
http://www.openbsd.org/faq/pf/macros.html
 and make necessary changes to your pf.conf
 4) Reload PF ruleset
 pfctl -f /etc/pf.conf
 This should get your network up and running on the new OpenBSD box :-)
 Don't know much about snort now but am in the process of learning! sorry
:-(
 Kind regards
 Siju

If I try and run "ifconfig dc0 up", I get an error about the decide
> not being configured. This computer, I should mention, has only one
> networking card. Just one. Always had. Any ideas what could be
> causing this?
>
> Thanks,
>
> Matt

Re: OT: phone line 2 ethernet converters

[J.C. Roberts]

On Tue, 30 Aug 2005 21:41:44 -0300, Gustavo Rios
<[EMAIL PROTECTED]> wrote:

>Dear friends,
>
>sorry for being off-topic, i am able to rent a pair of twist line (a
>circuit) between my home and and friends one. I wonder if there exist
>and ethernet extender device that could connect an ethernet cable to a
>phone line. It would do no special work, just a raw connection between
>2 types of layer, i.e, take "bits" from one end and put it into the
>another and vice-versa.
>
>BTW: i am no engineer (CS Bachelor), so sorry if it sounds too stupid.
>
>Does that exists ?
>
>PS: yes, i am a user of OBSD and i am using this list cause i know no
>other best suited for this message, if possible, point me one possible
>"right" mailing list for such subject.

Here in the US, a plain (uncoiled) circuit between two points is
either called an "alarm circuit" or a "dry pair" if that's what you
got, and you're within distance requirements (wire feet), you can do a
number of different things; from all/most the various *DSL
technologies, to using CSU/DSU endpoints.

Though I don't think much of Cringely, you might find this
interesting:

http://www.pbs.org/cringely/pulpit/pulpit20010823.html


Good luck,
JCR

Re: DELL Latitude D400 without X

[Uwe Dippel]

On Tue, 30 Aug 2005 11:44:56 -0500, Tony Lambiris wrote:

> http://lysergik.com/~tony/openbsd.phtml

No, boys, thank you for the effort, but both point me to the
resolution problem that we had earlier; for earlier BIOSes. This one has
been solved by the later BIOSes:
(cited from http://www.chzsoft.com.ar/855patch.html)

"Some of these computers don't allocate enough video memory so that
XFree86 is only able to run at low resolutions and/or color depths (e.g.
640x480x16bit). [...]

Some newer models with 855GM chipset (e.g. Dell Inspiron 510m and Dell
Latitude D505) have an updated BIOS which is able to set the memory size
by itself, thus making 855patch obsolete on these systems. Unfortunately
the BIOS introduces a new bug causing XFree86 to freeze (with a green
screen) when using the i810 driver."

On the D400 with BIOS > A05 - like mine ! - we do not need the 855*patch*,
but the 855*wrap* from said site.

So I'm stuck without X on a notebook; not convincing !

Thanks anyway,

Uwe

Re: New device sporting OpenBSD

[Lars Hansson]

On Tue, 30 Aug 2005 21:26:33 +0200
Alexander Farber <[EMAIL PROTECTED]> wrote:

> Don't they use ZynOS?

and ZynOS is an oem'd/rebranded/modified what?

---
Lars Hansson

Re: OT: phone line 2 ethernet converters

[Gordon Grieder]

On Wed, Aug 31, 2005 at 02:34:16AM +, Jason George wrote:
> This is the whole point of this:  http://accoom.kd85.com/

Wow, very neat. Thanks for enlightening me!

Re: OT: phone line 2 ethernet converters

[Jason George]

>Dear friends,
>
>sorry for being off-topic, i am able to rent a pair of twist line (a
>circuit) between my home and and friends one. I wonder if there exist
>and ethernet extender device that could connect an ethernet cable to a
>phone line. It would do no special work, just a raw connection between
>2 types of layer, i.e, take "bits" from one end and put it into the
>another and vice-versa.
>
>BTW: i am no engineer (CS Bachelor), so sorry if it sounds too stupid.
>
>Does that exists ?
>
>PS: yes, i am a user of OBSD and i am using this list cause i know no
>other best suited for this message, if possible, point me one possible
>"right" mailing list for such subject.
>
>


This is the whole point of this:  http://accoom.kd85.com/

Wim, Claudio or Andre Oppermann (FreeBSD dude) may be able to shed more light.
Claudio committed a driver 2 weeks ago (musycc).  

Alternatively, you can take a pair of SDSL modems and run them back-to-back.
This will hand off Ethernet at either end.  The modems are relatively cheap on 
Ebay.

There is a fair amount of info on the web about this type of setup if you 
google around.

--Jason

Re: OT: phone line 2 ethernet converters

[Michael J. Velasco Jr.]

Depending on the distances and the electrical characteristics, you may want
to consider some of the products that Cisco offers to provide wired
high-speed in hotel rooms, dormitories and the like.  They're specifically
designed to run on lower-quality copper circuits with the corresponding drop
in bandwidth, but if you can be happy with T1 speeds between you and your
friend's house for the cost of a dry pair it might be just the thing for
you.

There's also things like HDSL adapters but then you need T1 CSUs or DSUs and
routers, etc., oh my.

Find out what kind of Nyquist frequencies the dry pair provider is willing
to guarantee over what distances and then you can go from there.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gordon Grieder
Sent: Tuesday, August 30, 2005 5:51 PM
To: Gustavo Rios
Cc: misc@openbsd.org
Subject: Re: OT: phone line 2 ethernet converters


On Tue, Aug 30, 2005 at 09:41:44PM -0300, Gustavo Rios wrote:
> Dear friends,
> 
> sorry for being off-topic, i am able to rent a pair of twist line (a
> circuit) between my home and and friends one. I wonder if there exist 
> and ethernet extender device that could connect an ethernet cable to a 
> phone line. It would do no special work, just a raw connection between 
> 2 types of layer, i.e, take "bits" from one end and put it into the 
> another and vice-versa.
..
> Does that exists ?

I doubt it. Most voice line copper is Cat-3(?) We used to run Apple's
LocalTalk across that type of twisted pair but only at speeds of 230 Kbps.


 Gord

Re: cheap mini-pci ral(4) cards

[Ben Hooper]

|The MSI MP54G4 (aka MSI MS-6833) seems to be readily available in
|the US now.  I just picked one up from www.thenerds.net but a cheaper
|price can be found at newegg.com.  It seems to work fine in my Sony
|SRX77.
|
|The trick is to search for both the model name (MP54G4) and the
|part number (MS-6833) since some stores list the card one way and
|some the other.

Just be careful which model you pick up. MSI, like many vendors has a habit
of changing chipsets. For instance, the CB54G2 is a RT2500, but the CB54G is
Broadcom.

Regards,

Ben.

Re: i386 branch on amd64

[Ted Unangst]

On Tue, 30 Aug 2005, Tony Lambiris wrote:

> I know this will run fine, but will the dual-core and such be detected and
> setup correctly, or is this an amd64 specific thing?

it should, but it's hard to tell until somebody tests it.


-- 
And that's why I won't have sex with you.

Re: OT: phone line 2 ethernet converters

[Gordon Grieder]

On Tue, Aug 30, 2005 at 09:41:44PM -0300, Gustavo Rios wrote:
> Dear friends,
> 
> sorry for being off-topic, i am able to rent a pair of twist line (a
> circuit) between my home and and friends one. I wonder if there exist
> and ethernet extender device that could connect an ethernet cable to a
> phone line. It would do no special work, just a raw connection between
> 2 types of layer, i.e, take "bits" from one end and put it into the
> another and vice-versa.
..
> Does that exists ?

I doubt it. Most voice line copper is Cat-3(?) We used to run Apple's
LocalTalk across that type of twisted pair but only at speeds of 230
Kbps.


 Gord

Re: Smart Array 6i RAID controller (ciss)

[Mark Keating]

Greg Petras wrote:

I've read a few recent posts in the archive about this controller. I'm
wondering what the status of this driver is? I noticed on the
supported hardware list that it is supported, but the manpage for ciss
looks like it's saying it won't be supported until 3.8. Is anyone
actively using the driver in -current? Does it work? Does anyone have
tips for getting it working on a DL 360?

Thanks,

Greg

I have installed -current on several systems with 5i, 53xx and 6xxx 
controllers.  I have not installed on a system with a 6i controller.  I 
have not had any problems other than seeing 'ciss0: cmd_stat 2 scsi_stat 
0x0' errors somewhat regularly.  I have been running it on both x86 and 
amd64.  I have not done any performance testing of the driver, but 
casual observation shows the driver performing well.


I have been booting from the cd38.iso and installing without any issues.

Thanks to mickey@ for writing the driver.  It allows me to run on many 
more systems...


mark

OT: phone line 2 ethernet converters

[Gustavo Rios]

Dear friends,

sorry for being off-topic, i am able to rent a pair of twist line (a
circuit) between my home and and friends one. I wonder if there exist
and ethernet extender device that could connect an ethernet cable to a
phone line. It would do no special work, just a raw connection between
2 types of layer, i.e, take "bits" from one end and put it into the
another and vice-versa.

BTW: i am no engineer (CS Bachelor), so sorry if it sounds too stupid.

Does that exists ?

PS: yes, i am a user of OBSD and i am using this list cause i know no
other best suited for this message, if possible, point me one possible
"right" mailing list for such subject.

Re: Shouldn't OpenBSD X11 come out with "-nolisten tcp" as default?

[Andrew Daugherity]

I think one major reason other OSes have done '-nolisten tcp' by
default is to encourage people to use X11 forwarding via ssh instead
of xhost/etc, as the xhost way transmits in cleartext.  Of course it
can be argued that the user should be left to decide that themselves,
so there's two sides to every issue

Personally, if it's a workstation behind a pf firewall, I don't care. 
If not (as in my box at work where I don't control the network), then
yes, I'll do the little things that may or may not help but do not
hurt (assuming my usage doesn't require them), like this, turning off
daemons I don't use (which if I have to use RedHat, are legion), and
"PermitRootLogin No" in sshd_config.  And if this *is* the pf box I'm
talking about, I won't be running xdm.  :-)

-A

Re: exit serial console on F4

[Roger Neth Jr]

Matt, thanks for the tip, I mean cu : )

I went to the F4 terminal and typed at the login prompt

login: ~^D
[EOT]
#

Then I was able to successfully serial console in the term on fvwm X.

Best regards,

rogern

John 3:16



From: Matt Provost <[EMAIL PROTECTED]>
To: Roger Neth Jr <[EMAIL PROTECTED]>
CC: misc@openbsd.org
Subject: Re: exit serial console on F4
Date: Tue, 30 Aug 2005 11:16:29 -0700

On Aug 30 11:07 AM, Roger Neth Jr wrote:
> Hello List, I am experimenting with serial consoles and had tty00 open 
on
> fvwm X windows term. Closed the term and went to ctl-alt-F4 and logged 
in

> root to cu -l tty00 and connected successfully.
> I tried ^C and ^D to disconnect from the serial console without success.
> What I am trying to do is open tty00 back on the fvwm X windows term but
> ports are busy because tty00 is running on F4.
> I did a quick FAQ and Google but did not find anything.
>

To disconnect from cu type enter then ~.

Watch out because ssh also uses that sequence to disconnect - if you're
going through ssh use ~~. so cu gets the disconnect and not ssh.

Matt


_
Dont just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

chroot apache and timezone

[-f]

hi there,

considering that httpd is chrooted by default, would it be
a bad idea to have etcXX.tgz contain /var/www/etc/localtime ?

the install script could also create this file based on the
timezone answer...

or perhaps at least afterboot(8) could mention this...

-f
-- 
excuse me if i sound bitter...  i taste that way too...

i386 branch on amd64

[Tony Lambiris]

I know this will run fine, but will the dual-core and such be detected 
and setup correctly, or is this an amd64 specific thing?


TIA.

--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: MaxDB on 3.6? or just ndb_mgm[d ]?

[Spruell, Darren-Perot]

From: John N. Brahy [mailto:[EMAIL PROTECTED]
> I'm trying to build a OpenBSD mysql cluster and I haven't been able to
> fully compile the mysql build tools that are required to compile the
> MaxDB so I can get ndb_mgmd and ndb_mgm. Does anyone have a patch to
> make it work or a package with those two binaries?

John, the mysql cluster stuff is part of the stock mysql-4.1 source
distribution nowadays. At a previous company we used it with 4.1.7 and
higher. You shouldn't need to worry about MaxDB if you are after the cluster
stuff (don't know if you might need it for other reasons, but...)

To my knowledge you should just be able to compile mysql-4.1 with cluster it
like any other app - there should be a configure switch that controls it.

DS

MaxDB on 3.6? or just ndb_mgm[d ]?

[John N. Brahy]

I'm trying to build a OpenBSD mysql cluster and I haven't been able to
fully compile the mysql build tools that are required to compile the
MaxDB so I can get ndb_mgmd and ndb_mgm. Does anyone have a patch to
make it work or a package with those two binaries?



Thanks,



John

Re: New device sporting OpenBSD

[Alexander Farber]

Don't they use ZynOS?

2005/8/30, Johan P. Lindstrvm <[EMAIL PROTECTED]>:
> While making friends with my ZyXEL ZyWALL P1 adapters, using tcpdump
> -novelf (pf.os as of 3.7-release), I noticed that they are identified
> as running OpenBSD.

cheap mini-pci ral(4) cards

[Todd C. Miller]

The MSI MP54G4 (aka MSI MS-6833) seems to be readily available in
the US now.  I just picked one up from www.thenerds.net but a cheaper
price can be found at newegg.com.  It seems to work fine in my Sony
SRX77.

The trick is to search for both the model name (MP54G4) and the
part number (MS-6833) since some stores list the card one way and
some the other.

 - todd

Re: web server pf problem

[Todd Boyer]

On Tuesday, August 30, 2005, [EMAIL PROTECTED] wrote:  

> So my problem is that i can't access any of my web server via internet
but it works in local

Locate these pf.conf rules:

> block all

> pass in on $ext_if proto tcp from any to $web_srv port 80 flags S/SA
synproxy state
> pass in on $ext_if proto tcp from any to $web1_srv port 81 flags S/SA
synproxy state

Change to:

block log all

pass in on $ext_if proto tcp from any to { $ext_if $web_srv } port 80
flags S/SA synproxy state
pass in on $ext_if proto tcp from any to { $ext_if $web1_srv } port 80
flags S/SA synproxy state

use tcpdump -i pflog0 -qntte for additional troubleshooting

This should do it. -T

---
Todd M. Boyer, CISSP 
President   AutumnTECH, LLC 
[EMAIL PROTECTED]   http://www.AutumnTECH.com

AutumnTECH Manufactures Entire Network Protection Appliances 
that Identify Spam and Sanitize Dangerous E-mail Content  
---

Re: frequency of ports-security mailing list updates?

[Greg Maruszeczka]

Da Man wrote:
> I've been subscribed to the ports-security mailing lists since mid
> June 2005.  Today I received a notice for a security update for
> pcre-4.5p0.  Out of habit I double checked against the 3.7 packages
> errata page and noticed that there were a number of other updates
> applicable to my system(tiff-3.6.1p6, netpbm-9.24p2) that I had not
> received a notice for via ports-security.  It looks like these updates
> were uploaded to ftp.openbsd.org on 8/19 so it seems I should have
> received a mail alert by now if in fact one was issued and barring any
> delivery problems to my mailbox.
> 
> As a matter of clarification, will an email alert be sent via the
> ports-security mailing lists for all package errata?  If not, what is
> the recommended method being alerted to relevant changes?  Do I need
> to subscribe to ports-changes?
> 


Don't know if you've considered this but you could run both cvsup and
/usr/ports/infrastructure/build/out-of-date as a cronjob and mail
yourself the results. You can usually surmise from the mailed output
whether anything has changed since the last run. This is what I've been
doing. Hope that helps.

G

Re: Moving from 3.7-release to -stable: make build fails (i386)

[Jason Haag]

Is there any particular reason why you do all these steps:

> # export DESTDIR=/
> # export CFLAGS='-O3 -mcpu=athlon-xp -march=athlon-xp -mmmx 
> -msse -m3dnow
> -mfpmath=sse'
> # export CXXFLAGS=$CFLAGS
> # cd etc
> # make distrib-dirs
> ...
> # cd ..

When the only thing you should need to do is:
> # make build

???

web server pf problem

[amansnews]

Hi

I have a problem with openbsd with pf

I try to do 

[(fxp0) - 100.0.100.10] -> [web server 1 (100.0.100.1)]
|
[openbsd (xl0)]  <---> Internet
|
[(sis0) - 100.0.200.10] -> [web server 2 (100.0.200.1)]
i hope it's enough clear...

So my problem is that i can't access any of my web server via internet but it 
works in local

What am i doing wrong ? did i forget something somewhere ?

Im new to openbsd and pf sosorry
Thanks for your help


**
here is my pf.conf
**

int_if = "fxp0"
ext_if = "xl0"
int1_if = "sis0"

tcp_services = "{ 22, 113 }"
icmp_types = "echoreq"

priv_nets = "{ 127.0.0.0/8, 100.0.100.0/16, 100.0.200.0/16, 10.0.0.0/8 }"

web_srv = "100.0.200.1"
web1_srv = "100.0.100.1"



set block-policy return
set loginterface $ext_if

scrub in all

nat on $ext_if from $int_if:network to any -> ($ext_if)
nat on $ext_if from $int1_if:network to any -> ($ext_if)

rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $int1_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any port 80 -> $web_srv port 80
rdr on $ext_if proto tcp from any to any port 81 -> $web1_srv port 81

block all

pass quick on lo0 all

block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets

pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services 
flags S/SA keep state
pass in on $ext_if proto tcp from any to $web_srv port 80 flags S/SA synproxy 
state
pass in on $ext_if proto tcp from any to $web1_srv port 81 flags S/SA synproxy 
state
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy flags 
S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass in on $int1_if from $int1_if:network to any keep state

pass out on $int_if from any to $int_if:network keep state
pass out on $int1_if from any to $int1_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

-
NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Toolbar...
Web/Wap : www.netcourrier.com
Tiliphone/Fax : 08 92 69 00 21 (0,34  TTC/min)
Minitel: 3615 NETCOURRIER (0,16  TTC/min)

Re: exit serial console on F4

[Matt Provost]

On Aug 30 11:07 AM, Roger Neth Jr wrote:
> Hello List, I am experimenting with serial consoles and had tty00 open on 
> fvwm X windows term. Closed the term and went to ctl-alt-F4 and logged in 
> root to cu -l tty00 and connected successfully.
> I tried ^C and ^D to disconnect from the serial console without success. 
> What I am trying to do is open tty00 back on the fvwm X windows term but 
> ports are busy because tty00 is running on F4.
> I did a quick FAQ and Google but did not find anything.
> 

To disconnect from cu type enter then ~.

Watch out because ssh also uses that sequence to disconnect - if you're
going through ssh use ~~. so cu gets the disconnect and not ssh.

Matt

exit serial console on F4

[Roger Neth Jr]

Hello List, I am experimenting with serial consoles and had tty00 open on 
fvwm X windows term. Closed the term and went to ctl-alt-F4 and logged in 
root to cu -l tty00 and connected successfully.
I tried ^C and ^D to disconnect from the serial console without success. 
What I am trying to do is open tty00 back on the fvwm X windows term but 
ports are busy because tty00 is running on F4.

I did a quick FAQ and Google but did not find anything.

Thank you,

rogern
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Re: 3.8 beta requests

[Kevin]

On 8/22/05, Theo de Raadt <[EMAIL PROTECTED]> wrote:
> > >We are heading towards making the real 3.8 release soonish.  I would
> > >like to ask the community to do lots of testing over the next week if
> > >they can.
> >
> > What is the best way to test?  Should we be downloading snapshots daily?
> 
> Install snapshots.  Install snapshot packages.  Try using it as if it
> is the real 3.8.  Tell us if things fail.

By "tell us", should we be contacting the port maintainer directly,
using "sendbug" or both?

I've been testing 3.8 on a couple of i386 systems (soon sparc also),
including installing more of the 3.8 beta packages than I would use
normally.  So far I am impressed by UP/MP performance, and have
only found a couple of X applications (xtacy, xlock) failing on signal 11.

Kevin Kadow

Message ("Your message dated Tue, 30 Aug 2005 12:24:28...")

[L-Soft list server at CINECA - Inter University Computing Centre (1.8d)]

Your message  dated Tue, 30 Aug  2005 12:24:28 -0500 with  subject "Returned
mail: Data format error" has been submitted to the moderator of the HPC-NEWS
list: [EMAIL PROTECTED]

Moving from 3.7-release to -stable: make build fails (i386)

[Roman Zilka]

My salutations to all,

I'm a new user of OpenBSD, so I made sure to strictly stick to
official instructions. I installed 3.7-release on my Athlon box (dmesg
attached below - pretty typical gear), fetched the -stable branch

# cd /usr
# export [EMAIL PROTECTED]:/cvs
# cvs -d$CVSROOT checkout -rOPENBSD_3_7 -P src

rebuilt the GENERIC kernel (accordingly to the instructions found in
FAQ5) and rebooted the machine. Then I decided to rebuild the userland:

# cd /usr/src
# rm -rf ../obj/*
# make obj
...
# export DESTDIR=/
# export CFLAGS='-O3 -mcpu=athlon-xp -march=athlon-xp -mmmx -msse -m3dnow
-mfpmath=sse'
# export CXXFLAGS=$CFLAGS
# cd etc
# make distrib-dirs
...
# cd ..
# make build
...(all seems to go well until...)
===> libcurses++
c++ -O3 -mcpu=athlon-xp -march=athlon-xp -mmmx -msse -m3dnow -mfpmath=sse
-idirafter //usr/include/g++  -nostdinc -idirafter //usr/include
-c /usr/src/lib/libcurses++/cursesapp.cc -o cursesapp.o
c++ -O3 -mcpu=athlon-xp -march=athlon-xp -mmmx -msse -m3dnow -mfpmath=sse
-idirafter //usr/include/g++  -nostdinc -idirafter //usr/include
-c /usr/src/lib/libcurses++/cursesf.cc -o cursesf.o
In file included from /usr/src/lib/libcurses++/cursesf.h:39,
 from /usr/src/lib/libcurses++/cursesf.cc:34:
//usr/include/g++/cursesp.h:182: error: template with C linkage
*** Error code 1

Stop in /usr/src/lib/libcurses++.
*** Error code 1

Stop in /usr/src/lib.
*** Error code 1

Stop in /usr/src (line 72 of Makefile).

After some unsuccessful attempts to tweak the 'extern "C" {'
blocks all around the filesystem I decided to
skip building libcurses++ by removing the alike-named item
from /usr/src/lib/Makefile. Wiped /usr/obj clean, 'make build' again. Runs
much longer now, but eventually fails with another error elsewhere.
I figure I need to get past libcurses++ in a regular way. Could you please
give me a pointer as to how shall I accomplish that or what do I
keep doing wrong? (Removing the CFLAGS and
CXXFLAGS environment variables makes no difference.)
My thanks and best regards
- Roman Zilka

---

# pkg_info
ImageMagick-6.0.0-2p4 image processing tools
ORBit2-2.12.0   high-performance CORBA Object Request Broker
Xaw3d-1.5   3D Athena Widget set that looks like Motif
atk-1.8.0   accessibility toolkit used by gtk+
aumix-2.8   full-screen ncurses or GTK-based audio mixer
bash-3.0.16p0   GNU Bourne Again Shell
bzip2-1.0.2 block-sorting file compressor, unencumbered
cdparanoia-3.a9.8   CDDA reading utility with extra data
verification features
cdrtools-2.01   ISO 9660 filesystem and CD creation tools
curl-7.11.2p0   get files from FTP, Gopher, HTTP or HTTPS servers
dvd+rw-tools-5.21.4.10.8 mastering tools for DVD+RW/+R/-R/-RW
esound-0.2.34   sound library for Enlightenment
gconf2-2.8.1p0  configuration database system for GNOME
gettext-0.10.40p2   GNU gettext
ghostscript-7.05p5  GNU PostScript interpreter
ghostscript-fonts-6.0 35 standard PostScript fonts with Adobe name aliases
glib-1.2.10 useful routines for C programming
glib2-2.4.8 general-purpose utility library
gnome-mime-data-2.4.2 MIME and Application database for GNOME
gnome-vfs2-2.8.3p0  GNOME Virtual File System
gqview-1.4.5Gtk-based graphic file viewer
gtk+-1.2.10p1   General Toolkit for X11 GUI
gtk+2-2.4.14multi-platform graphical toolkit
gv-3.5.8p4  PostScript and PDF previewer
hicolor-icon-theme-0.5 high-color icon theme shell for GNOME and KDE
jasper-1.701.0  reference implementation of JPEG-2000
jbigkit-1.5 lossless image compression library
joe-2.9.8pre1p1 joe's own editor
jpeg-6b IJG's JPEG compression utilities
lame-3.96.1 lame ain't an MP3 encoder
lcms-1.12p0 color management library
libIDL-0.8.4IDL parsing library
libaudiofile-0.2.6  SGI audiofile library clone
libbonobo-2.8.0 GNOME component and compound document system
libiconv-1.9.2  character set conversion library
libogg-1.1.2Ogg bitstream library
libungif-4.1.0b1tools and library routines for working with GIF images
libvorbis-1.1.0p0   audio compression codec library
libxml-2.6.16p0 XML parsing library
links+-2.1pre16 graphics and text browser with javascript support
lsof-4.69p0 list information about open files
mc-4.6.1pre1p0  free Norton Commander clone with many useful features
micq-0.5.0.1p0  text-based ICQ implementation
mozilla-1.7.5-gtk2  open source version of the Netscape browser
mplayer-1.0pre6ap0  Movie player supporting MPEG, DivX, AVI, ASF, MOV & more
mutt-1.5.8i tty-based e-mail client, development version
netpbm-9.24p1   toolkit for converting images between different formats
openmotif-2.1.30.5  Motif toolkit
pango-1.6.0 library for layout and rendering of text
png-1.2.7p1 library for manipulating PNG images
popt-1.7getopt(3)-like library with a number of enhancements
shared-mime-info-0.1

Re: Hard Disk Password Security Info - Fujitsu-Siemens writeup

[Dave Feustel]

Fujitsu-Siemens writeup on disk password handling:

http://vilpublic.fujitsu-siemens.com/vil/pc/vil/fast_facts/mainboards/pf_hddpassword_e.pdf
 

Re: DELL Latitude D400 without X

[Tony Lambiris]

I actually hacked an existing util for NetBSD to run flawlessly on 
OpenBSD (I have a Dell inspiron 700m).


You can get it here:

http://lysergik.com/~tony/openbsd.phtml

Baldur Sigurpsson wrote:

hi

use this thing:

http://damien.bergamini.free.fr/i855vidctl/

just remember to put the command in /etc/rc.securelevel because on 
openbsd you cannot access some devices you need to, in contrast to linux.


works on my dell inspiron 500m with the 855GM crap:)

Regards, Baldur

Uwe Dippel wrote:


... a continuation of around a year ago
('Warning: Possible Bug in BIOS DELL Latitude D400_A06 !')
It is still valid for 3.7.
In the meantime, the problem has turned out to be really a problem of
crappy DELL BIOSes; now at A08 it still does the same:
Any activation of X freezes the machine completely with a yellowish 
screen.


855wrap on http://www.chzsoft.com.ar/855patch.html solves this. On Linux.
There you compile a binary and run it before starting X. On any machine.
Now I tried to do the same on OpenBSD with the expected result:'Abort 
trap'.

Not quite so expected was, that the source didn't want to compile on
OpenBSD 3.7:
make: don't know how to make %.c.
Stop in ..

I bet quite a few newer DELL notebooks are affected; and I appreciate any
suggestion how to make it work on OpenBSD.
I read the archives here and googled. No result.

Uwe





--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

Re: i386 binaries on amd64

[Tony Lambiris]

In reading some mailing lists, I noticed some people pass in the -m32 
flag when compiling to compile 32bit instead of 64bit... I added the 
flag to the Makefile and everything compiles except when I try to link 
all the objects into an executable, I get these errors:


/usr/bin/ld: warning: i386 architecture of input file `some.o' is 
incompatible with i386:x86-64 output


Is compiling this way possible at all?

Ted Unangst wrote:

On Mon, 29 Aug 2005, Stuart Henderson wrote:



--On 29 August 2005 16:34 -0500, Tony Lambiris wrote:



Is there a way to compile something on i386 OpenBSD box to run on
amd64? or is there a sysctl option I am missing?


Cross-compiling between architectures is not supported, see list archives for
reasons why.



that's not the question he was asking, but the answer is no anyway.



--
Tony Lambiris [ [EMAIL PROTECTED] ]
"so if it is really hard for you then perhaps you are just
retarded and need treatment w/ electricity and if that does
not help then perhaps should not use computers..."

New device sporting OpenBSD

[Johan P . Lindström]

While making friends with my ZyXEL ZyWALL P1 adapters, using tcpdump
-novelf (pf.os as of 3.7-release), I noticed that they are identified
as running OpenBSD.

This gave me that warm fuzzy feeling and I felt a need to share this,
there we are...

Have a nice evening!
 
// Johan

Re: netstat - how to show PID

[Spruell, Darren-Perot]

From: Miroslav Kubik [mailto:[EMAIL PROTECTED]
> Is there a way how to show PID which belongs to the socket by netstat 
> command? I searched man pages but I haven't found any useful 
> switch for my 
> need. I searched in Linux man pages for netstat as well and 
> it seems that 
> Linux can do it by "p" switch.

You can also use lsof from ports.

> sudo lsof -i:514
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
syslogd 30119 _syslogd3u  IPv4 0xd69d8000  0t0  UDP *:syslog

DS

SOLVED: RE: isakmpd: section has no "ID-type" tag

[Mitja Muženič]

It turns out that I did some copy&paste action when I was creating the
[peer-ID] section. And even if there were no extra blank characters anywhere
(I was careful to check that multiple times), somehow something was still
messing with the parser. Brackets or =, something must have looked fine on
screen yet the character code or something was wrong. I didn't follow
through on that.

The solution? Delete the whole section and retype it again exactly the way
it was - by hand. Grrr, wasted 5 hours on this.

Thanks for all suggestions off-list.

Regards, Mitja

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> On Behalf Of Mitja Mu>enih
> Sent: Tuesday, August 30, 2005 11:41 AM
> To: misc@openbsd.org
> Subject: Re: isakmpd: section has no "ID-type" tag
> 
> I don't want to be annoying but I have people breathing down my back.
> 
> Does anyone at all have a working [peer-ID] section in isakmpd.conf?
> 
> I mean something similar to:
> 
> [ABCD-peer]
> Phase=1
> Transport=udp
> Address=aaa.bbb.ccc.ddd
> Configuration=ABCD-main-mode
> ID=ABCD-ID
> Authentication=
>  
> [ABCD-ID]
> ID-type=USER_FQDN
> Name=yy
> 
> No matter what I put in ID-type tag, I get
> 
> 001543.959050 Default ipsec_id_size: section ABCD-ID has no 
> "ID-type" tag
> 
> No spaces or other additional characters anywhere. Is this a 
> bug in parser?
> 
> 
> i386, on 3.6-stable and -current. 

Plant a Tree Today

[Nancy Breeze]

Plant a Tree Today[IMAGE]

Called ashvattha in Sanskrit, the peepal (Ficus religious) is a very
large tree. Its bark is light grey, smooth and peels in patches. Its
heart-shaped leaves have long, tapering tips. The slightest breeze makes
them rustle. The fruit is purple when ripe.

The peepal is the first-known depicted tree in India: a seal discovered
at Mohenjodaro, one of the cities of the Indus Valley Civilisation (c.
3000 BC - 1700 BC), shows the peepal being worshipped. During the Vedic
period, its wood was used to make fire by friction.

The peepal is used extensively in Ayurveda. Its bark yields the tannin
used in treating leather. Its leaves, when heated in ghee, are applied to
cure wounds.

To know more about this tree, click here.

Re: RAID Configuration

[Sevan / Venture37]

Jaisimharao Besadi wrote:


Hi,

I request you to provide me the material to configure RAID on windows 2003 
server and also linux OS , I'm trying to get the hardware & software 
requirements for configuring RAID ( all levels )


Regards,

Jaisimha Besadi
 

& we require you to provide documentation for the SATA & RAID cards used 
in the IBM systems!

Re: Routing and firewall performance on older machines?

[2ds]

Ray Percival wrote:


On Mon, Aug 29, 2005 at 05:22:13PM -0400, Peter Landry wrote:
 


Hi,

We're going to be doing some network restructuring, splitting our
internal network into 2 separate IP networks (192.168.1.0 and
192.168.2.0). We currently have a Microsoft ISA firewall for our whole
network (since it's just 1 ip network right now, 192.168.0.0). I've
suggested replacing the ISA firewall with an OpenBSD machine with 3
NICs, to handle both routing between the two internet networks, and
firewall out to the internet. It will just be a static route between the
two internal networks, in addition to whatever routing is necessary for
firewall/NAT (I'm not sure on this?).



As far as the firewall is concerned, I don't think it will be a problem
as far as performance goes (our internet connect is 2mbit, which
shouldn't be hard to saturate). For the internal routing though, what
kind of hardware would we need to keep the 2 gigabit networks connected
at a decent speed?
   


Amazing what happens when you bother to read and search just a bit. Almost has 
if you aren't the only person in the world asking this question. 
http://www.openbsd.org/faq/pf/perf.html :)
 



We're looking at a p4 with a gig of ram - does that sound like it'll be
a bottleneck?



I figured that OpenBSD would lower the requirements for our firewall
machine (less bloat) as well as increase security.



Sorry if this is too general or vague a question - I did some searching
on the archives and could only find references to performance of IPSec
implementations, which we won't be using







Thanks, I appreciate any responses/links/feedback,

Peter L.

   



 

Umm, although I have no actual experience with them, many of the people 
on this mailing list who do recommend SK network cards as they are more 
effficient than alot of other models. If you are shifting alot of 
traffic through your internal network this should stop your bus from 
being saturated as easily.(i think)


From reading the faq that was post3ed previously 1g of ram and a p4 is 
overkill depending on how comple your ruleset it. having said that the 
p4 probably has a better bus architecture than an old p3.


-2ds

Re: DELL Latitude D400 without X

[Baldur Sigurðsson]

hi

use this thing:

http://damien.bergamini.free.fr/i855vidctl/

just remember to put the command in /etc/rc.securelevel because on 
openbsd you cannot access some devices you need to, in contrast to linux.


works on my dell inspiron 500m with the 855GM crap:)

Regards, Baldur

Uwe Dippel wrote:

... a continuation of around a year ago
('Warning: Possible Bug in BIOS DELL Latitude D400_A06 !')
It is still valid for 3.7.
In the meantime, the problem has turned out to be really a problem of
crappy DELL BIOSes; now at A08 it still does the same:
Any activation of X freezes the machine completely with a yellowish screen.

855wrap on http://www.chzsoft.com.ar/855patch.html solves this. On Linux.
There you compile a binary and run it before starting X. On any machine.
Now I tried to do the same on OpenBSD with the expected result:'Abort trap'.
Not quite so expected was, that the source didn't want to compile on
OpenBSD 3.7:
make: don't know how to make %.c.
Stop in ..

I bet quite a few newer DELL notebooks are affected; and I appreciate any
suggestion how to make it work on OpenBSD.
I read the archives here and googled. No result.

Uwe

Re: isakmpd: section has no "ID-type" tag

[Markus Wernig]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mitja Mu>enih wrote:
> I don't want to be annoying but I have people breathing down my back.
Sorry to hear that.
> 
> Does anyone at all have a working [peer-ID] section in isakmpd.conf?
> 
Well, what I have looks like

[...]

[Phase 1]
a.b.c.d=peer-remote


[Phase 2]
Passive-connections=vpn-remote-internal


[peer-remote]
Phase=  1
Transport=  udp
Address=a.b.c.d
Local-Address=  w.x.y.z
Configuration=  Default-main-mode
Authentication= ohsosecret


[vpn-remote-internal]
Phase=  2
ISAKMP-peer=peer-remote
Configuration=  Default-quick-mode
Local-ID=   myself
Remote-ID=  remote


[myself]
ID-type=IPV4_ADDR_SUBNET
Network=e.f.g.0
Netmask=255.255.255.0


[Phase2-ID]
ID-type=FQDN
Name=   my.fq.dn

[remote]
ID-type=IPV4_ADDR_SUBNET
Network=a.b.c.d
Netmask=255.255.255.255



> I mean something similar to:
> 
> [ABCD-peer]
> Phase=1
> Transport=udp
> Address=aaa.bbb.ccc.ddd
> Configuration=ABCD-main-mode
> ID=ABCD-ID
> Authentication=
>  
> [ABCD-ID]
> ID-type=USER_FQDN
> Name=yy
> 
> No matter what I put in ID-type tag, I get
> 
> 001543.959050 Default ipsec_id_size: section ABCD-ID has no "ID-type" tag
> 
> No spaces or other additional characters anywhere. Is this a bug in parser?
> 
> 
> i386, on 3.6-stable and -current. 
> 
> 
>>-Original Message-
>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
>>On Behalf Of Mitja Mu>enih
>>Sent: Tuesday, August 30, 2005 12:31 AM
>>To: misc@openbsd.org
>>Subject: isakmpd: section has no "ID-type" tag
>>
>>I've been working on this for hours after an already long 
>>day, so I'm tired.
>>What am I missing here?
>>
>>001543.953108 Misc 95 conf_get_str: [ABCD-peer]:ID->ABCD-ID
>>001543.956103 Misc 95 conf_get_str: configuration value not found
>>[ABCD-ID]:ID-type
>>001543.959050 Default ipsec_id_size: section ABCD-ID has no 
>>"ID-type" tag
>>001543.962081 Default exchange_run: doi->initiator (0x8abf3400) failed
>>
>># cat isakmpd.conf
>>[Phase 1]
>>aaa.bbb.ccc.ddd=ABCD-peer
>>
>>[Phase 2]
>>Connections=ABCD-conn
>>
>>[ABCD-peer]
>>Phase=1
>>Transport=udp
>>Address=aaa.bbb.ccc.ddd
>>Configuration=ABCD-main-mode
>>ID=ABCD-ID
>>Authentication=
>>
>>[ABCD-ID]
>>ID-type=USER_FQDN
>>Name=yy
>>
>>[ABCD-conn]
>>Phase=2
>>Configuration=ABCD-quick-mode
>>ISAKMP-peer=ABCD-peer
>>Local-ID=default-route
>>Remote-ID=ABCD-net
>>
>>[default-route]
>>ID-type=IPV4_ADDR_SUBNET
>>Network=192.168.123.0
>>Netmask=255.255.255.0
>>
>>[KLNR-net]
>>ID-type=IPV4_ADDR_SUBNET
>>Network=aaa.bbb.eee.0
>>Netmask=255.255.255.0
>>
>>[ABCD-main-mode]
>>DOI=IPSEC
>>EXCHANGE_TYPE=  AGGRESSIVE
>>Transforms= 3DES-SHA
>>
>>[ABCD-quick-mode]
>>DOI=IPSEC
>>EXCHANGE_TYPE=  QUICK_MODE
>>Suites= QM-ESP-3DES-SHA-SUITE
>>
>>
>>Sorry for the obfuscation, had to. No additional characters 
>>at the end of
>>the lines in [ABCD-ID] section.
>>
>>Tried on 3.6-stable and latest snapshot, i386.
>>
>>
>>Regards, Mitja
> 
> 


- --
Markus Wernig
UNIX/Network Security Engineer

- -> GPG: markus.wernig.net/pubkey - CA558BF7
- -> Linux User Group Bern: lugbe.ch
- -> Freie Software f. die Schweiz: wilhelmtux.ch
***
The only thing necessary for the triumph of evil,
is for good men to do nothing.  - Edmund Burke
***
iD8DBQFDFGIJ8BX/d8pVi/cRArLpAKCKz0o1LHo2C79iLlTTLiwrfqTt4ACg3jin
YJLoH1detWYURWKDIfFBXh4=
=YxQN
-END PGP SIGNATURE-

Re: netstat - how to show PID

[Simon Dassow]

On Tue, Aug 30, 2005 at 03:30:01PM +0200, Miroslav Kubik wrote:
> Is there a way how to show PID which belongs to the socket by netstat 
> command? I searched man pages but I haven't found any useful switch for my 
> need. I searched in Linux man pages for netstat as well and it seems that 
> Linux can do it by "p" switch.
> 
> "-p, --program
> Show the PID and name of the program to which each socket belongs."
> 
> But what about OpenBSD?

man fstat

Regards,
Simon

P.S.: Missing Xref in netstat?

netstat - how to show PID

[Miroslav Kubik]

Hello

Is there a way how to show PID which belongs to the socket by netstat 
command? I searched man pages but I haven't found any useful switch for my 
need. I searched in Linux man pages for netstat as well and it seems that 
Linux can do it by "p" switch.

"-p, --program
Show the PID and name of the program to which each socket belongs."

But what about OpenBSD?

Thank you
Miroslav Kubik 

Smart Array 6i RAID controller (ciss)

[Greg Petras]

I've read a few recent posts in the archive about this controller. I'm
wondering what the status of this driver is? I noticed on the
supported hardware list that it is supported, but the manpage for ciss
looks like it's saying it won't be supported until 3.8. Is anyone
actively using the driver in -current? Does it work? Does anyone have
tips for getting it working on a DL 360?

Thanks,

Greg

Re: problem with table directive in pf.conf

[vladone]

I resolv this.
To view tables if no traffic, need to put option "persist":
tables  persist file "/etc/list_addresses"

Automatic response to your mail

[Sales]

This email has been disabled temporarily.



Please insert a "3" between the sales and the @ sign and 

try again, as sales3 at plbm dot com.



Thank you!

Kurt Dekker

PLBM Games

Re: firewall

[terry tyson]

On 8/29/05, azizan saad <[EMAIL PROTECTED]> wrote:
> hello i`m z from malaysia.in my office my computer used internet explorer 
> 6.so i`m try to used netscape before and everything ok., but now we cannot 
> used the netscape coz block by firewall.so can u help me how to settle this 
> problem.before that i just change the proxy no. and can used.but now 
> cannot.then we are used administrator password to change another program or 
> install something.ok that all tq

http://www.openbsd.org/faq/pf/index.html

trying for days now ... please help, don't know what's wrong with my mail server config

[Didier Wiroth]

Hi,

I'm trying to setup my own mail server with openbsd 3.7, sendmail and
cyrus-sasl-2.1.20p3.

I would like to use this server to send and receive mail with a pocketpc
phone edition (connected via gprs).

I can read mail without problems via pop3s (I'm using
dovecot-0.99.14p0).

BUT I'm not able to send mail. 

I tried two different sendmail configurations (config A + B, see below):
Common Parameters of config A and B:
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl

CONFIG A:
define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5')dnl
TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5')dnl
define(`confAUTH_OPTIONS', `p,y')dnl

CONFIG B:
define(`confAUTH_MECHANISMS',`PLAIN LOGIN CRAM-MD5 DIGEST-MD5')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN CRAM-MD5 DIGEST-MD5')dnl

When I try to send mail via pocketpc, sendmail give the following
output:
Aug 30 13:51:18 djerba sm-mta[5618]: STARTTLS=server, error: accept
failed=-1, SSL_error=1, timedout=0, errno=0
Aug 30 13:51:18 djerba sm-mta[5618]: STARTTLS=server:
5618:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:/usr/src/lib/libssl/src/ssl/s3_pkt.c:297:
Aug 30 13:51:18 djerba sm-mta[5618]: j7UBo8vd005618: [213.13.53.38] did
not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Here is part of the tcpflow output between server and gprs client:
server to gprs client:
START OUTPUT---
mytrial.net1^X0^V^F^CU^D^C^S^Omail.mytrial.net1$0"^F
*<86>H<86>w^M^A [EMAIL PROTECTED]<82>^A70<82>^A+^F^G*
<86>HN8^D^A0<82>^A^^^B<81><81>[EMAIL 
PROTECTED]|E]5|[l"gR<8E>LhlIPzcX]H4^O^U"GON!_r^
\<98><80>^N'<8E>S3^O<9A><88>@JM#:-8^X`y>nY&'j+,b
<9E>,D6wOVEv<8A>^B^T4<^^4-q4U+-r<98>~*}<9F>*&^FN^V^C^A^@;[EMAIL 
PROTECTED]@7^@@ZX<^V
Y<85>"<89>Pd/uoLJ<92>]Ke38^D{^Om<94>o<9C><8A>D^C
mWFPSi<99>[)Wv'k"ST^Rb^Xt]^LvX^@>|[EMAIL PROTECTED]@@^<95>v GNP6s^Gj3*<8C>+L^A
^@<96>^_Cbw\^U38zfBE<95>z$Q!}<9A>%)#`y#^A^S^Vs^P
V_<97>^?)\0S1P^D(M<93>[EMAIL PROTECTED],^B^Tlg
Wd*<8B>|{RplK^E^DP^!xB^B^T^C<87>[EMAIL PROTECTED]><92>[EMAIL PROTECTED]@[EMAIL 
PROTECTED]
D^C^D^A^B^@&
[EMAIL PROTECTED]<81>!1^K0   ^F^CU^D^F^S^BLU1^S0^Q^F^CU^^S
Test1^S0^Q^F^CU^D^G^S
Test1^S0^Q^F^CU^D
--- END OUTPUT

After 1 minute: gprs client to server:
START OUTPUT---
EHLO eten-m500a
STARTTLS
<80>[EMAIL PROTECTED]@[EMAIL PROTECTED]@^P^A^@<80>^C^@<80>^E^@<80>^G^@@[EMAIL 
PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]
@
[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL 
PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL 
PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL 
PROTECTED]@4^
@^@:^ZUa<9A>QYe?^C<9E>J^T^?
 IpQUIT
--- END OUPUT

That's it, tcpflow did not capture more traffic, mail session is now
terminated and mail was not send.

I really don't understand what's wrong or what I should try. I have been
searching and googling around for days now.
I would really appreciate some help.
Many thanks
Didier

Re: OpenBox in OpenBSD

[Johan P . Lindström]

On 8/30/05, Alari Kask <[EMAIL PROTECTED]> wrote:
> I put together some tips, to get openbox up and running quickly in
> openbsd, maybe someone find it helpful :-)
> 
> http://php.khk.tartu.ee/~alari/
> 
> 

That desktop looks very nice, thanks for the hints!

// Johan

DELL Latitude D400 without X

[Uwe Dippel]

... a continuation of around a year ago
('Warning: Possible Bug in BIOS DELL Latitude D400_A06 !')
It is still valid for 3.7.
In the meantime, the problem has turned out to be really a problem of
crappy DELL BIOSes; now at A08 it still does the same:
Any activation of X freezes the machine completely with a yellowish screen.

855wrap on http://www.chzsoft.com.ar/855patch.html solves this. On Linux.
There you compile a binary and run it before starting X. On any machine.
Now I tried to do the same on OpenBSD with the expected result:'Abort trap'.
Not quite so expected was, that the source didn't want to compile on
OpenBSD 3.7:
make: don't know how to make %.c.
Stop in ..

I bet quite a few newer DELL notebooks are affected; and I appreciate any
suggestion how to make it work on OpenBSD.
I read the archives here and googled. No result.

Uwe

Re: problem with table directive in pf.conf

[vladone]

I use FreeBSD 5.4, not OpenBSD. But i dont think that this is the
problem!
pf.conf have same format.

Re: Complete disk disaster

[Ramiro Aceves]

> I hope you are not storing any valuable data on a 10 year old hdd...
> 

Yes, of course.

I have a ddefinitive answer now. After some days of use, the disk failed
again. I changed the drive to another computer, and after compiling some
ports, some disk read failures came again, causing segfaults. I was
paranoid, and just to confirm , I tried to install debian linux on it. I
  could not even fisnish the install cause some disk read failures lead
to segmentation  faults.
The disk is now disassembled on my desk. The encloruse is removed. I am
looking at the spinning disk, the heads, the control system. If is
indeed an incredible beautiful machine that the man created. Just to
destroy it, I plug the cables with the enclosure opened. I created a ffs
file system on it, I mounted it, I copyied some files on it, some were
copyied, some not, the errors were frecuent. I has been an amazing
experience seeing how heads move to find the data on the disk. The disk
is on the trash now.

2 weeks of free time wasted, but many things learned!

Thank you very much.

Tomorrow I will buy a new HD only for OpenBSD.

Ramiro.

Re: setting mtu on sis

[Markus Friedl]

it will work in 3.8 and later.

On Tue, Aug 30, 2005 at 12:14:32AM +0200, [EMAIL PROTECTED] wrote:
> Hello!
> 
>Can you please confirm if it is possible to set the mtu on cards
> using the sis driver (I have a Netgear FA311, based on the DP 83816 
> chip)?
> 
>I am trying to change the mtu with:
> 
> # ifconfig sis1 192.168.0.3 netmask 255.255.255.0 mtu 1444
> 
> but keep getting a
> 
> SIOCSIFMTU: Invalid argument
> 
> error. Thanks in advance for your replies.
> 
> ---
> Rob
> 
> 
> 
> 
> Libero Flat, sempre a 4 Mega a 19,95 euro al mese! 
> Abbonati subito su http://www.libero.it

Re: problem with table directive in pf.conf

[Kiraly Zoltan]

vladone wrote:


Hi!
I want to use table directive in pf.conf, but not work
My pf.conf is:

My pf.conf is: (and with attachament)
ext_if="rl0"# replace with actual external interface name i.e., dc0
int_if="fxp0"   # replace with actual internal interface name i.e., dc1

table  { 192.0.2.0/24 }

I try to load pf.conf:
#pfctl -e -f /etc/pf.conf
pf enabled
#pfctl -T show -t list1
pfctl: Table does not exist.

If i use pfctl to add entry in table, work.
#pfctl -t list1 -T add 192.168.2.0/24
1 table created.
1/1 addresses added.
#pfctl -T show -t list1
192.168.2.0/24

Another observation:
If i make an intentional mistake in pf.conf and then try to load file,
i receive an error. So file is loaded.

Where is the problem?


 


Which OpenBSD version you use?

OpenBox in OpenBSD

[Alari Kask]

I put together some tips, to get openbox up and running quickly in  
openbsd, maybe someone find it helpful :-)


http://php.khk.tartu.ee/~alari/

IBM Thinkpad X41 report?

[Alexander von Gernler]

Dear crowd,

just resumed my work on i386-laptop.html after vacation, and I noticed
we don't have any reports on the IBM/Lenovo Thinkpad X41.

Does anyone out there have this machine running under OpenBSD?
Please report.

Best,
-- 
Alexander "grunk" von Gernler   PGP key 0xEBC27515
http://www.de.openbsd.org/ -- Free, functional, secure

Re: isakmpd: section has no "ID-type" tag

[Mitja Muženič]

I don't want to be annoying but I have people breathing down my back.

Does anyone at all have a working [peer-ID] section in isakmpd.conf?

I mean something similar to:

[ABCD-peer]
Phase=1
Transport=udp
Address=aaa.bbb.ccc.ddd
Configuration=ABCD-main-mode
ID=ABCD-ID
Authentication=
 
[ABCD-ID]
ID-type=USER_FQDN
Name=yy

No matter what I put in ID-type tag, I get

001543.959050 Default ipsec_id_size: section ABCD-ID has no "ID-type" tag

No spaces or other additional characters anywhere. Is this a bug in parser?


i386, on 3.6-stable and -current. 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> On Behalf Of Mitja Mu>enih
> Sent: Tuesday, August 30, 2005 12:31 AM
> To: misc@openbsd.org
> Subject: isakmpd: section has no "ID-type" tag
> 
> I've been working on this for hours after an already long 
> day, so I'm tired.
> What am I missing here?
> 
> 001543.953108 Misc 95 conf_get_str: [ABCD-peer]:ID->ABCD-ID
> 001543.956103 Misc 95 conf_get_str: configuration value not found
> [ABCD-ID]:ID-type
> 001543.959050 Default ipsec_id_size: section ABCD-ID has no 
> "ID-type" tag
> 001543.962081 Default exchange_run: doi->initiator (0x8abf3400) failed
> 
> # cat isakmpd.conf
> [Phase 1]
> aaa.bbb.ccc.ddd=ABCD-peer
> 
> [Phase 2]
> Connections=ABCD-conn
> 
> [ABCD-peer]
> Phase=1
> Transport=udp
> Address=aaa.bbb.ccc.ddd
> Configuration=ABCD-main-mode
> ID=ABCD-ID
> Authentication=
> 
> [ABCD-ID]
> ID-type=USER_FQDN
> Name=yy
> 
> [ABCD-conn]
> Phase=2
> Configuration=ABCD-quick-mode
> ISAKMP-peer=ABCD-peer
> Local-ID=default-route
> Remote-ID=ABCD-net
> 
> [default-route]
> ID-type=IPV4_ADDR_SUBNET
> Network=192.168.123.0
> Netmask=255.255.255.0
> 
> [KLNR-net]
> ID-type=IPV4_ADDR_SUBNET
> Network=aaa.bbb.eee.0
> Netmask=255.255.255.0
> 
> [ABCD-main-mode]
> DOI=IPSEC
> EXCHANGE_TYPE=  AGGRESSIVE
> Transforms= 3DES-SHA
> 
> [ABCD-quick-mode]
> DOI=IPSEC
> EXCHANGE_TYPE=  QUICK_MODE
> Suites= QM-ESP-3DES-SHA-SUITE
> 
> 
> Sorry for the obfuscation, had to. No additional characters 
> at the end of
> the lines in [ABCD-ID] section.
> 
> Tried on 3.6-stable and latest snapshot, i386.
> 
> 
> Regards, Mitja

problem with table directive in pf.conf

[vladone]

Hi!
I want to use table directive in pf.conf, but not work
My pf.conf is:

My pf.conf is: (and with attachament)
ext_if="rl0"# replace with actual external interface name i.e., dc0
int_if="fxp0"   # replace with actual internal interface name i.e., dc1

table  { 192.0.2.0/24 }

I try to load pf.conf:
#pfctl -e -f /etc/pf.conf
pf enabled
#pfctl -T show -t list1
pfctl: Table does not exist.

If i use pfctl to add entry in table, work.
#pfctl -t list1 -T add 192.168.2.0/24
1 table created.
1/1 addresses added.
#pfctl -T show -t list1
192.168.2.0/24

Another observation:
If i make an intentional mistake in pf.conf and then try to load file,
i receive an error. So file is loaded.

Where is the problem?

Re: BSD PPPoA Hardware

[Dylan Smith]

On Saturday 27 August 2005 16:36, Simon Morgan wrote:
> On 8/27/05, poncenby <[EMAIL PROTECTED]> wrote:
> > i've been using an Alcatel Speedtouch usb modem with openbsd 3.7 with no
> > problems. take a look...http://www.speedtouchdsl.com/prod330.htm
>
> How stable has it been?

I use the same modem on a Sun Ultra 5 (sparc64) running OpenBSD 3.6 - it is 
very stable, currently my ADSL line's uptime is 160 days without 
interruption.

Re: bgpd bug with announcing /24 networks.

[Xavier Beaudouin]

Hi Claudio,

>
> It looks like the output is not from the same box.
> bgpctl will always include a netmask but other tools try to be smart and
> leave them away if it is obvious. So please try to find out what kind of
> netmask the other bgp router added to his fib.

Btw on my box this seems to be ok.

But on peer router (Foundry...) seems to have not the right netmask...

> Btw it works for me:
>> bgpctl network add 10.218.105.0/24
> request sent.

I will try that

>
>> bgpctl show rib 10/8 all
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags destination gateway  lpref   med aspath origin
> ...
> *>10.218.105.0/24 194.42.48.2100 0 65001 i


rib seems to be ok... since I get the right values... :/

I keep investigating that...
/Xavier

Re: problems using usb keyboard on sunblade 100

[Mark Scheufele]

Hi,

I followed all the suggested solutions to mend the not responding
keyboard on my sunblade 100 but unfortunately I
didn't succeed. Here a quick overview:

- OpenBoot version is 4.17.1. ( I've applied sun patch 79 as
recommended in the install notes, hence I think 
  the OpenBoot is running the newest firmware version.)
- the keyboard works in OpenBoot mode and stops, except for the CapsLock
and NumLock keys where I can see the LED 
  blink when the keys are pressed, working after OpenBSD is booted.
- I corrected the keyboard encoding using wsconsctl
keyboard.enconding=sv (also made it permanent in 
  /etc/wsconsctl.conf
- wsconscfg -k issued on tty /dev/ttyp0 gives the following error
message "wsconscfg: WSMUX_ADD_DEVICE: Device not
  configured"
- unfortunately I've no usb keyboard with English layout to test with.

Thanks for all your help

mark

dmesg:

OpenBSD 3.8-beta (GENERIC) #596: Wed Aug 24 07:36:33 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC
total memory = 1073741824
avail memory = 968990720
using 6553 buffers containing 53682176 bytes of memory
bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0
mainbus0 (root): Sun Blade 100 (UltraSPARC-IIe)
cpu0 at mainbus0: SUNW,UltraSPARC-IIe @ 502 MHz, version 0 FPU
cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 1024K
external (64 b/l) 
psycho0 at mainbus0
pci108e,a001: impl 0, version 0: ign 7c0 bus range 0 to 1; PCI bus 0
DVMA map: c000 to e000
IOTDB: 4d0a000 to 4d8a000
pci0 at psycho0
ebus0 at pci0 dev 12 function 0 "Sun PCIO Ebus2 (US III)" rev 0x01 
flashprom at ebus0 addr 0-f not configured 
clock1 at ebus0 addr 0-1fff: mk48t59: hostid 83087c13
ebus_attach: idprom: incomplete
gem0 at pci0 dev 12 function 1 "Sun ERI Ether" rev 0x01: ivec 3006,
address 00:0 3:ba:08:7c:13 
ukphy0 at gem0 phy 1: Generic IEEE 802.3u media interface
ukphy0: OUI 0x0010dd, model 0x0002, rev. 1
"Sun FireWire" rev 0x01 at pci0 dev 12 function 2 not configured 
ohci0 at pci0 dev 12 function 3 "Sun USB" rev 0x01: ivec 24, version
1.0, legacy 
 support usb0 at ohci0: USB revision 1.0 uhub0 at usb0
uhub0: Sun OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00  dma at
ebus1 addr 0- ipl 42 not configured 
power at ebus1 addr 800-82f ipl 32 not configured 
com0 at ebus1 addr 3f8-3ff ipl 43: ns16550a, 16 byte fifo 
com1 at ebus1 addr 2e8-2ef ipl 43: ns16550a, 16 byte fifo 
"Acer Labs M7101 Power" rev 0x00 at pci0 dev 3 function 0 not configured

autri0 at pci0 dev 8 function 0 "Acer Labs M5451 Audio" rev 0x01: ivec
23
ac97: codec id 0x41445348 (Analog Devices AD1881A)
ac97: codec features headphone, Analog Devices Phat Stereo  audio0 at
autri0 midi0 at autri0: <4DWAVE MIDI UART> pciide0 at pci0 dev 13
function 0 "Acer Labs M5229 UDMA IDE" rev 0xc3:  DMA, channel 0
configured to native-PCI, channel 1 configured to native-PCI
pciide0: using ivec 180c for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 21557MB, 44150400 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom
removable
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
ppb0 at pci0 dev 5 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci1 at ppb0 bus 1
vgafb0 at pci1 dev 1 function 0 "Intergraph Expert3D" rev 0x00
vgafb0: failed to find all ports
vgafb1 at pci0 dev 19 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at
vgafb1
wsdisplay0: screen 0 added (std, sun emulation)
pcons0 at mainbus0
No counter-timer -- using %tick at 502MHz as system clock. 
uhidev0 at uhub0 port 1 configuration 1 interface 0
uhidev0: Sun Microsystems Type 6 Keyboard, rev 1.00/1.02, addr 2, iclass
3/1 
ukbd0 at uhidev0: 8 modifier keys, 6 key codes 
wskbd0 at ukbd0: console keyboard uhidev1 at uhub0 port 2 configuration
1 interface 0
uhidev1: Sun Microsystems Type 6 Mouse, rev 1.00/1.02, addr 3, iclass
3/1 
ums0 at uhidev1: 3 buttons wsmouse0 at ums0 
root on wd0a 
rootdev=0xc00 rrootdev=0x1a00 rawdev=0x1a02