Re: Migration to PF - some questions

[Denis Doroshenko]

On 10/3/05, jared r r spiegel <[EMAIL PROTECTED]> wrote:
>   mathematically, yeah, less rules to evaluate = faster, but
>   without someone bucking up and making a nice demonstration of why
>   they needed to do 'quick' a lot, the ~tri-monthly discussion of
>   someone being upset about the last-match thing (on misc@ or pf@)
>   is kind of a bit worn out... :/

may be it is not about people taking care about performance, but
rather is related to the way most people used to think (from using
other equipment or else). consider it as reverse polish notation vs.
traditional. when i was a child, i used to program my calculator in
reverse polish notation, but i also found that it is really difficult
to tech some people to understand it. they just used to do it as on
paper, with no stacks etc.

with quick/no quick in PF it looks similar. placing block at the
beginning and then pass stuff that should pass... it is more
convenient to most people i know to write down a rule and be sure that
they are done with that, *right at that place*. so they write rules
that pass the stuff, and then block everything the fsck else.

Re: detect if a flag-day has happened in the meanwhile

[Ted Unangst]

On 10/2/05, Han Boetes <[EMAIL PROTECTED]> wrote:
> I am wondering if there is a good way to check if a flag-day has passed if you
> have both the new and old kernel. How can I check that?

md5 src/sys/*/*.h for both kernels and compare the result.

Re: Migration to PF - some questions

[jared r r spiegel]

On Sat, Oct 01, 2005 at 04:43:40AM -0500, Travis H. wrote:
> 
> Ah, but the matching engine doesn't have to traverse the whole rule
> list that way.  Unless pf is doing something really tricky, every
> packet will have to traverse every firewall rule without use of
> quicks.  On a complicated, busy firewall setup, this might have a
> noticable performance impact.

  might might might; but does it?

  i mean, i'm all about getting a good MPG in my car, but
  my side-view mirrors *REALLY* aren't hurting the MPG i do get.

  i might get a better MPG by chopping them off (forget legal crap
  for a second), and i can just turn and look if i want to make a 
  lane change, sure...

  but i'm not going to chop them off just because some day i 
  might be really low on gas and might run out but might've been
  able to make it to the gas station due to having been able
  to go farther on a tank because i achieved a better MPG because
  i chopped of my side-view mirrors...

> I agree, with the added use of quick on each of the pass rules.
> 
> In fact, you can probably use quick on virtually every rule other than
> that default without any loss of expressiveness.

  if you get in to tagging, you might run into situations where 
  quick would quickly f' your entire situation up.

  if you want to privately add quick to all your rules, that's
  what it's there for, naturally; but pf has (in my side-line 
  estimation) been running to the satisfaction of those who 
  contribute code to it for quite some time, so maybe the first-match
  camp who pops up now and again only really have a chance 
  at changing things when they become valuable to the code-base ?

> It's probably not necessary, and I may offend purists by my
> performance optimizations

  probably only offend purists by saying 'performance optimizations'
  without actually experiencing any suboptimal performance begging
  to be optimized to begin with.

> pass quick on lo0

  'set skip on lo0' up top, unless you need to 'rdr on lo0' or other
  actions which set skip would kill.

  this gives you one fewer vile "rule" for the PC to spend all of
  its time evaluating, quick or not.
  
> I also find it useful to use the following rule right after "default deny":
> 
> block return on $lan_if

  or just set block-policy to return.  one less rule.
  unless you feel better with zonealarm stealth mode :/

> I also don't see why NAT should necessarily occur before the filtering
> rules.  It makes more sense to my intuition


  i think this is called barking up the wrong tree.

  new dude on list + 'my opinion > yours' usually != warm welcome

> Also, I find supporting $macros in pf.conf a little crufty.  

  diff(1), sendbug(1)

> #! /bin/sh
> lan_if=xl1
> wan_if=ex0
> pfctl -f /dev/stdin < pass quick on lo0
> block all
> pass quick in on $lan_if all keep state
> pass in quick on $wan_if from any to $wan_if proto tcp port = 22 keep state
> [...]
> EOM

  omg pf != iptablesnetfilterchains

  doing something like that is not hard with the rest of the tools
  you've got in the system, which makes it somewhat of a useless
  complexity for pf to have it.  new packet-filtering features are
  not bloat, but why make pf call out to the shell when you can just
  choose to make a script or two to make your shell call out to pf?

> But you can easily do
> conditional inclusion of rules, and that's useful for cases like DHCP.

  dhclient listens on BPF. 

  pf has no effect on dhclient.

  jared

-- 

[ openbsd 3.8 GENERIC ( sep 10 ) // i386 ]

Re: detect if a flag-day has happened in the meanwhile

[Han Boetes]

STeve Andre' wrote:
> On Sunday 02 October 2005 20:41, Han Boetes wrote:
> > I am wondering if there is a good way to check if a flag-day
> > has passed if you have both the new and old kernel. How can I
> > check that?
>
> Um, given that a flag day is a code change,

Obviously, but a specific code change. One in the kernel. If I'm
not mistaken a syscall has changed, so if you'd attempt to upgrade
your system without rebooting you'd get a message like ``invalid
syscall'' while untarring.


> the only way I know of is to 1) subscribe to the cvs changes
> mailing list and read it.

I am.


> and 2) Look at the upgrade FAQ often.

Not necessary since I use 1)

But this is not for me. This is to automate a sysadmin task. So
I'd like to automate detecting a ``flag day.''



# Han

Re: Load Balancing

[Manpreet Singh Nehra]

I have been through the FAQS and manuals trying to configure load
balancing on my 4 DSL connections. The connections are all same from the
same ISP, each connection terminates into a ADSL router, which gets the
IP from the ISP server, the ADSL routers have the following internal
addresses

1. 172.31.1.1
2. 172.31.2.1
3. 172.31.3.1
4. 172.31.4.1

The routers cannot be configured in bridge mode. so its not an option to
get the IP address on the machine. behind the 5th card is my internal
network 192.168.1.0/24. Now I want to configure the 4 connections to
load balance.
DHCP 
--R1|172.31.1.2 |
  rl0   |   |
|   |
DHCP|   |
--R2|172.31.2.2 |
rl1 |   |LAN
|192.168.1.3|---
DHCP|   |
--R3|172.31.3.2 |
rl2 |   |
|   |
DHCP|   |
--R4|172.31.4.2 |
rl3 |___|


The routers are getting Dynamic IPs from the ISP the firewall also gets
dynamic IPs from the ADSL routers (can be changed to static) the local
lan is connected at 192.168.1.3 at rl4.

Here is my pf.conf
##
#Macros
##
ext_if1="rl0"
ext_if2="rl1"
ext_if3='rl2'
#ext_if4="rl3"
int_if="rl4"
ext_gw1="172.31.1.1"
ext_gw2="172.31.2.1"
ext_gw3="172.31.3.1"
#ext_gw4="172.31.4.1"
lan_ip="192.168.1.3"
lan_net = "192.168.1.0/24"


#NAT Rules

#Local Lan to Internet
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
nat on $ext_if3 from $lan_net to any -> ($ext_if3)
nat on $ext_if4 from $lan_net to any -> ($ext_if4)

#DMZ To Internet
#nat on $ext_if1 from $dmz_net to any -> ($ext_if1)

#Local Lan to DMZ
#nat on $dmz_if from $lan_net to $dmz_net -> ($dmz_if)

#
#Redirection Rules
#
#rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1
port 8080


#
#Load Balancing
#
pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2),
($ext_if3 $ext_gw3), ($ext_if4 $ext_gw4) } round-robin from $lan_net to
any keep state


pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if1 reply-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if1 route-to ($ext_if3 $ext_gw3) from $ext_if3 to any
pass out on $ext_if1 reply-to ($ext_if3 $ext_gw3) from $ext_if3 to any
pass out on $ext_if1 route-to ($ext_if4 $ext_gw4) from $ext_if4 to any
pass out on $ext_if1 reply-to ($ext_if4 $ext_gw4) from $ext_if4 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if2 reply-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if2 route-to ($ext_if3 $ext_gw3) from $ext_if3 to any
pass out on $ext_if2 reply-to ($ext_if3 $ext_gw3) from $ext_if3 to any
pass out on $ext_if2 route-to ($ext_if4 $ext_gw4) from $ext_if4 to any
pass out on $ext_if2 reply-to ($ext_if4 $ext_gw4) from $ext_if4 to any
pass out on $ext_if3 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if3 reply-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if3 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if3 reply-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if3 route-to ($ext_if4 $ext_gw4) from $ext_if4 to any
pass out on $ext_if3 reply-to ($ext_if4 $ext_gw4) from $ext_if4 to any
pass out on $ext_if4 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if4 reply-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if4 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if4 reply-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if4 route-to ($ext_if4 $ext_gw3) from $ext_if3 to any
pass out on $ext_if4 reply-to ($ext_if4 $ext_gw3) from $ext_if3 to any

#
#Firewall Rules
#
#SSH Rules
pass in on $int_if proto tcp to ($int_if) port ssh keep state
pass in on $ext_if1 proto tcp to ($ext_if1) port ssh keep state
pass in on $ext_if2 proto tcp to ($ext_if2) port ssh keep state
pass in on $ext_if3 proto tcp to ($ext_if3) port ssh keep state
pass out on $int_if proto tcp to ($int_if) port ssh keep state
pass out on $ext_if1 proto tcp to ($ext_if1) port ssh keep state
pass out on $ext_if2 proto tcp to ($ext_if2) port ssh keep state
pass out on $ext_if3 proto tcp to ($ext_if3) port ssh keep st

Re: Migration to PF - some questions

[jared r r spiegel]

On Sat, Oct 01, 2005 at 08:50:13AM -0500, Travis H. wrote:
> 
> Yeah, I neglected stateful matching.  I should have said that every
> packet that has to run the gauntlet of rules, has to run all of them. 
> Subsequent reading of the PF FAQ confirms that there's no deep
> evaluation-reordering magic going on, that quick rules really are
> faster.

  i'd VERY much like to see someone put up a short little www-type
  ( or whatever ) illustration of how they were really experiencing
  a service-affecting performance degredation which was solved by 
  the use of 'quick' in their ruleset.

  mathematically, yeah, less rules to evaluate = faster, but 
  without someone bucking up and making a nice demonstration of why
  they needed to do 'quick' a lot, the ~tri-monthly discussion of
  someone being upset about the last-match thing (on misc@ or pf@)
  is kind of a bit worn out... :/

  most times people say that they have some $BIGNUM line ruleset and
  so they think they need to use quick even if they're keeping state, 
  but outside of the human shock value of $BIGNUM, there's not much
  in the way of proof that people show (unless i'm being an archive
  amnesiac) for needing to go 'quick'ing everything, or otherwise
  making a case that 'quick' should be the implicit default and
  'slow' be added to take its place after the pf-first-match conversion,
  or people wanting a 'set evaluation [first|last]' knob.

  even little soekrises are really hurting for speed some times, but
  from my small experience with them one would probably end up gagging
  on interrupts before one would run into a brick wall due to not using
 'quick' a lot.

  jared

-- 

[ openbsd 3.8 GENERIC ( sep 10 ) // i386 ]

Re: in-kernel PPPoE (resolved but related issue)

[Talmage]

I finally got in-kernel PPPoE to work after fixing the  
hostname.pppoe0 file up a bit.
Now I'm new to this so I have a few questions.  I can get the OpenBSD  
box to access the internet fine, but am a bit confused about getting  
the rest of the network connected to the net.  I have multiple Static  
IP addresses.  This is what I've tried so far.


I have 4 ethernet interfaces, em0~em3, Static IP address XXX.XXX.XXX. 
80/29


pppoe0 is connected to em0,  pppo0 has a static IP of X.X.X.80
bridge0 is created with em0 and em1, both interfaces are up
em1 has no IP address, and is connected to a ethernet switch for  
servers that need static ips

the servers are manually assigned static IPs X.X.X.81~86

This has not worked for me, I'm sure I'm doing something wrong.  The  
servers can ping X.X.X.80, but cant connect beyond the openbsd box.   
Am I missing something?  I'm basically trying to make a OpenBSD  
network bridge that will act as a PPPoE client (and do some filtering  
and NAT later on).  Any help will be appreciated.


Kory T

Re: clamav 0.87 build error on 3.7

[C. Bensend]

> Yeah - I would've expected problems at the 'make install' step, but
> thought 'make' would've gone OK??

No, because linking is done in the 'make' step.  It was
finding the old libs during that step, and crapping out.

Benny


-- 
"Now, that next spring you find in your garage a creature that
looks like a cross-bred badger and anaconda. A badgerconda."
  -- bash.org

Re: clamav 0.87 build error on 3.7

[J Moore]

On Sun, Oct 02, 2005 at 09:08:02PM -0500, the unit calling itself C. Bensend 
wrote:
> > I would have thought the Makefile would have taken care of this; i.e.
> > deleted (or mv'd) the clamav libs... was I expecting too much, or is
> > something missing from the port?
> 
> I would recommend pkg_delete'ing the prior version, and then
> installing the new one.  That's what I do, and I don't end up
> with weird problems like this one.
> 
> Keep the old one around in case you have to roll back, of
> course.  ;)
> 
Yeah - I would've expected problems at the 'make install' step, but 
thought 'make' would've gone OK??

Jay

Re: clamav 0.87 build error on 3.7

[C. Bensend]

> I would have thought the Makefile would have taken care of this; i.e.
> deleted (or mv'd) the clamav libs... was I expecting too much, or is
> something missing from the port?

I would recommend pkg_delete'ing the prior version, and then
installing the new one.  That's what I do, and I don't end up
with weird problems like this one.

Keep the old one around in case you have to roll back, of
course.  ;)

Benny


-- 
"Now, that next spring you find in your garage a creature that
looks like a cross-bred badger and anaconda. A badgerconda."
  -- bash.org

system hangs during reboot on `syncing disks...'

[Han Boetes]

Hi,

I just had a my system hang while rebooting for the second time.
When I looked in the console I saw the last kernelmessage was:
`syncing disks...'

After pressing alt-ctrl-esc and typing `boot reboot' I got the
system to reboot.

How should I proceed from here? Is this a sign the HD is getting
flakey and needs replacement or should I do some debugging and try
to get the most information possible? I'd like to prepare that and
since that machine is the connection to internet I'll have to
prepare and writing down the instructions.



# Han

Re: Help creating a port

[Jacob Meuser]

On Mon, Oct 03, 2005 at 12:44:26AM +0200, viq wrote:
> I saw this once, when trying to create an updated port, and now it happened 
> again, as I'm trying to get a newer version of snownews. I am trying to 
> modify the existing port to work with newer version, I modified also patches 
> that are in the tree, I hope correctly, but what happens is when I 'make 
> fake', the files instead of landing 
> in /usr/ports/www/snownews-test/w-snownews-1.5.7/fake-i386 end up 
> in 
> /usr/ports/www/snownews-test/w-snownews-1.5.7/fake-i386/usr/ports/www/snownews-test/w-snownews-1.5.7/fake-i386
>  
> - what am I doing wrong?
> 
> The differences from the original files attached below: (diff -u orig mod)

> --- ../snownews/patches/patch-Makefile  Wed Oct 13 05:58:42 2004
> +++ patches/patch-Makefile  Sun Oct  2 18:06:01 2005
> @@ -1,13 +1,13 @@
> -$OpenBSD: patch-Makefile,v 1.7 2004/10/13 03:58:42 jolan Exp $
>  Makefile.orig  Wed Sep 29 11:28:31 2004
> -+++ Makefile   Tue Oct 12 22:52:36 2004
> +$OpenBSD: patch-Makefile,v 1.8 2005/10/02 18:03:58 viq Exp $
> +--- Makefile.orig  Sun Oct  2 18:03:01 2005
>  Makefile   Sun Oct  2 18:04:14 2005
>  @@ -1,4 +1,4 @@
>  -CC= gcc
>  +#CC= gcc
>   MAKE=   make
>   INSTALL=install
>   LOCALEPATH= $(PREFIX)/share/locale
> -@@ -42,11 +42,11 @@ locales:
> +@@ -42,11 +42,11 @@
> done
>   
>   manpages:
> @@ -21,12 +21,12 @@
> sed s/VERSION/$(VERSION)/ > $(MAN)/$$L/snownews.1; \
> done
>   
> -@@ -60,7 +60,7 @@ install-bin: snownews
> -   if [ ! -d "$(PREFIX)/bin" ]; then \
> -   mkdir -p $(PREFIX)/bin; \
> +@@ -59,7 +59,7 @@
> +   if [ ! -d "$(DESTDIR)$(PREFIX)/bin" ]; then \
> +   mkdir -p $(DESTDIR)$(PREFIX)/bin; \
> fi
> --  $(INSTALL) -s snownews $(PREFIX)/bin
> -+  $(INSTALL) snownews $(PREFIX)/bin
> -   $(INSTALL) opml2snow $(PREFIX)/bin
> - 
> - install-locales: locales
> +-  $(INSTALL) -s snownews $(DESTDIR)$(PREFIX)/bin
> ++  $(INSTALL) snownews $(DESTDIR)$(PREFIX)/bin
> +   $(INSTALL) opml2snow $(DESTDIR)$(PREFIX)/bin
> +   if [ ! -f "$(DESTDIR)$(PREFIX)/bin/snow2opml" ]; then \
> +   ln -sf $(DESTDIR)$(PREFIX)/bin/opml2snow 
> $(DESTDIR)$(PREFIX)/bin/snow2opml; \

maybe adding DESTDIR in patches isn't needed anymore?

-- 
<[EMAIL PROTECTED]>

detect if a flag-day has happened in the meanwhile

[Han Boetes]

Hi,

I am wondering if there is a good way to check if a flag-day has passed if you
have both the new and old kernel. How can I check that?



# Han

RE: Netgear WG311 v3

[tony]

Quoth [EMAIL PROTECTED]
>These cards don't seem to be ath anymore.
>
>The relevant bits from my dmesg.
>
>rl0 at pci1 dev 0 function 0 "D-Link Systems
>530TX+" rev 0x10: irq 11 address 00:11:95:24:6a:0d
>rlphy0 at rl0 phy 0: RTL internal phy
>rl1 at pci1 dev 1 function 0 "D-Link Systems
>530TX+" rev 0x10: irq 5 address 00:11:95:24:6a:0c
>rlphy1 at rl1 phy 0: RTL internal phy
>vendor "Marvell", unknown product 0x1faa (class
>network subclass ethernet, rev 0x03) at pci1 dev 2
>function 0 not configured
>
>Thought you all might like to know. Thrice cursed
>vendors. Lucky for me it was an incredibly cheap
>impulse buy. 
>
>Ray
>-- 
>BOFH excuse #326:
>
>We need a licensed electrician to replace the light
>bulbs in the computer room.

First "Thanks", which you don't hear very often.

Second, it seems that this list is the best (best that I know of) available 
intelligence about the state of hardware. Not as an OpenBSD user, but as a user 
of most everything else. Anything that gives OpenBSD trouble, it's just a 
matter of time before it gives me trouble where I care about it. I doubt that I 
am alone, and most of us tend to keep our yaps shut.
I would love to have the information organized and digensted for me, hardware 
compatibility lists make some attempt to do this, but the intelligence value 
comes from reading betwen the lines and is based on human reaction and opinion. 
Anything "organized" is too easily astroturfed.

My experience with OpenBSD is limited, however. 
3Com NIC on NT Server suddenly decided to work very poorly. Best help I could 
find was OpenBSD archives. Intel Pro NIC and problems went away. Actually did a 
repeat performance.
Consensus seems to be 
Peculiar Adaptec SCSI controller (I understand Adaptec used to make good 
products) card would work with Linux only with SCSI BIOS disabled. Worked with 
OpenBSD with BIOS enabled.
OpenBSD has an attitude, knows quite a bit about hardware, and is probably well 
worthwhile listening to regardless of OS. There is of course much more that I 
do not know than I do know, but in a few cases I do know enough that OpenBSD 
and expecially Theo seems to have a knack for being dead accurate.

If security matters, OpenBSD "gets it". 
If security matters, you do NOT get compromised machines at a nickle each.
If security does not matter, there are a number of stupidities which are very 
ill advised.

[ ] Always trust OpenBSD.

Re: clamav 0.87 build error on 3.7

[J Moore]

On Sun, Oct 02, 2005 at 06:28:53PM -0400, the unit calling itself MH wrote:
> > I get the following errors when trying to make clamav v0.87 from the
> > -stable ports tree:
> > 
> > server-th.o(.text+0x98a): In function `acceptloop_th':
> > : undefined reference to `cl_dup'
> > collect2: ld returned 1 exit status
> > *** Error code 1

<< SNIP, SNIP >>

> > How to fix?
> > 
> It sounds like you have an older version of clamav already installed.
> Your linker is bonking when its searching the older clamlibs looking
> for cl_dup.  
> Fix:
> cd to /usr/local/lib and move your current clamav libs (libclamav.*) to a 
> location
> not in your linker path.  Then recompile.  

 
Thanks, Mike... that did it! 

I would have thought the Makefile would have taken care of this; i.e. 
deleted (or mv'd) the clamav libs... was I expecting too much, or is 
something missing from the port?

Thanks Again,
Jay

Help creating a port

[viq]

I saw this once, when trying to create an updated port, and now it happened 
again, as I'm trying to get a newer version of snownews. I am trying to 
modify the existing port to work with newer version, I modified also patches 
that are in the tree, I hope correctly, but what happens is when I 'make 
fake', the files instead of landing 
in /usr/ports/www/snownews-test/w-snownews-1.5.7/fake-i386 end up 
in 
/usr/ports/www/snownews-test/w-snownews-1.5.7/fake-i386/usr/ports/www/snownews-test/w-snownews-1.5.7/fake-i386
 
- what am I doing wrong?

The differences from the original files attached below: (diff -u orig mod)

--- ../snownews/MakefileSat Dec 11 14:29:22 2004
+++ MakefileSun Oct  2 20:18:00 2005
@@ -1,7 +1,7 @@
 # $OpenBSD: Makefile,v 1.9 2004/12/11 13:29:22 alek Exp $
 
 COMMENT=   "text mode rss newsreader"
-DISTNAME=  snownews-1.5.4
+DISTNAME=  snownews-1.5.7
 CATEGORIES=www
 MASTER_SITES=  ${HOMEPAGE}download/
 
@@ -26,7 +26,7 @@
 
 post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/snownews
-   ${INSTALL_DATA} ${WRKSRC}/README{,.colors,.de} \
+   ${INSTALL_DATA} ${WRKSRC}/README{,.de} \
${PREFIX}/share/doc/snownews
 
 .include 

--- ../snownews/patches/patch-Makefile  Wed Oct 13 05:58:42 2004
+++ patches/patch-Makefile  Sun Oct  2 18:06:01 2005
@@ -1,13 +1,13 @@
-$OpenBSD: patch-Makefile,v 1.7 2004/10/13 03:58:42 jolan Exp $
 Makefile.orig  Wed Sep 29 11:28:31 2004
-+++ Makefile   Tue Oct 12 22:52:36 2004
+$OpenBSD: patch-Makefile,v 1.8 2005/10/02 18:03:58 viq Exp $
+--- Makefile.orig  Sun Oct  2 18:03:01 2005
 Makefile   Sun Oct  2 18:04:14 2005
 @@ -1,4 +1,4 @@
 -CC= gcc
 +#CC= gcc
  MAKE=   make
  INSTALL=install
  LOCALEPATH= $(PREFIX)/share/locale
-@@ -42,11 +42,11 @@ locales:
+@@ -42,11 +42,11 @@
done
  
  manpages:
@@ -21,12 +21,12 @@
sed s/VERSION/$(VERSION)/ > $(MAN)/$$L/snownews.1; \
done
  
-@@ -60,7 +60,7 @@ install-bin: snownews
-   if [ ! -d "$(PREFIX)/bin" ]; then \
-   mkdir -p $(PREFIX)/bin; \
+@@ -59,7 +59,7 @@
+   if [ ! -d "$(DESTDIR)$(PREFIX)/bin" ]; then \
+   mkdir -p $(DESTDIR)$(PREFIX)/bin; \
fi
--  $(INSTALL) -s snownews $(PREFIX)/bin
-+  $(INSTALL) snownews $(PREFIX)/bin
-   $(INSTALL) opml2snow $(PREFIX)/bin
- 
- install-locales: locales
+-  $(INSTALL) -s snownews $(DESTDIR)$(PREFIX)/bin
++  $(INSTALL) snownews $(DESTDIR)$(PREFIX)/bin
+   $(INSTALL) opml2snow $(DESTDIR)$(PREFIX)/bin
+   if [ ! -f "$(DESTDIR)$(PREFIX)/bin/snow2opml" ]; then \
+   ln -sf $(DESTDIR)$(PREFIX)/bin/opml2snow 
$(DESTDIR)$(PREFIX)/bin/snow2opml; \

--- ../snownews/patches/patch-platform_settings Wed Oct 13 05:58:42 2004
+++ patches/patch-platform_settings Sun Oct  2 18:01:58 2005
@@ -1,7 +1,7 @@
-$OpenBSD: patch-platform_settings,v 1.1 2004/10/13 03:58:42 jolan Exp $
 platform_settings.orig Wed Sep 29 11:28:31 2004
-+++ platform_settings  Tue Oct 12 22:27:01 2004
+$OpenBSD: patch-platform_settings,v 1.2 2005/10/02 18:03:58 viq Exp $
+--- platform_settings.orig Sun Oct  2 18:00:14 2005
 platform_settings  Sun Oct  2 18:00:20 2005
 @@ -1,3 +1,2 @@
 -PREFIX=  /usr/local
- CFLAGS=  -Wall -g -DLOCALEPATH="\"$(LOCALEPATH)\"" -DOS=\"$(shell uname)\" 
`xml2-config --cflags` $(EXTRA_CFLAGS) 
- LDFLAGS= -lncurses `xml2-config --libs` $(EXTRA_LDFLAGS) 
+ CFLAGS=  -Wall -Wno-format-y2k -O2 -DLOCALEPATH="\"$(LOCALEPATH)\"" 
-DOS=\"$(shell uname)\" `xml2-config --cflags` $(EXTRA_CFLAGS)  
-DSTATIC_CONST_ICONV -I/usr/local/include
+ LDFLAGS= -lncurses `xml2-config --libs` $(EXTRA_LDFLAGS)  -lintl -liconv

Thanks in advance for help, pointers, and kicks in right direction ;)

-- 
viq

--
Tak niesamowity CZAT... >>> http://link.interia.pl/f18ba

Re: clamav 0.87 build error on 3.7

[MH]

On Sun, Oct 02, 2005 at 11:35:48AM -0500, J Moore wrote:
> I get the following errors when trying to make clamav v0.87 from the
> -stable ports tree:
> 
> server-th.o(.text+0x98a): In function `acceptloop_th':
> : undefined reference to `cl_dup'
> collect2: ld returned 1 exit status
> *** Error code 1
> 
> Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87/clamd (line
> 322 of Makefile).
> *** Error code 1
> 
> Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87 (line 368
> of Makefile).
> *** Error code 1
> 
> Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87 (line 227
> of Makefile).
> *** Error code 1
> 
> Stop in /usr/ports/security/clamav (line 1769 of
> /usr/ports/infrastructure/mk/bsd.port.mk).
> 
> How to fix?
> 
> Thnx,
> Jay
>

Hi Jay,

It sounds like you have an older version of clamav already installed.
Your linker is bonking when its searching the older clamlibs looking
for cl_dup.  
Fix:
cd to /usr/local/lib and move your current clamav libs (libclamav.*) to a 
location
not in your linker path.  Then recompile.  


Hope this helps,
Mike

Re: Java with mozilla-firefox

[Rico]

Hi pirge and thanks!

pirge wrote:

set ulimit before running firefox:
$ ulimit -d 262144
$ firefox


Works!

Re: 3.6 -> 3.7 make build problem

[Nick Holland]

eric wrote:
> [ Note: I don't like doing this. I would rather use a snapshot and   ]
> [ just get -current, but I have the Adaptec bullshit on this machine ]
> [ and need a kernel that support aac(4). ]
> 
> I'm going from 3.6 to 3.7, and just trying to get the fscking adaptec
> controller working.

[snip the start of a long and ugly process]

Bah.
too much like work.

Just do this...

Grab ANOTHER computer.  Pentium 75, 32M RAM or better.  IDE disk system.
 WHATEVER.

Load that up with 3.7-release.  Turn on softdeps.
Install the system source code (/usr/src/sys).

Build yourself a 3.7 kernel with that source on the 3.7 system, but with
your aac driver in place.  Even on a Pentium 75, should only take a few
hours.

Now..use that kernel instead of the GENERIC kernel to do a "remote
install" on your problem machine as detailed in upgrade37.html.

done!



better idea: go get a standard SCSI adapter to plug your drives into if
you can't afford a good RAID card.  Granted, you lose RAID, but you will
probably GAIN reliabilty.

Remember: RAID isn't your goal.  Reliability is.  Running an unreliable
RAID controller driver is probably worse than having non-RAIDed disks.

I've been doing some stuff recently with two disks in a single machine
to accomplish the goals of rapid repair (these are DNS resolvers and
servers, very important, but also highly redundant by nature, so 100%
uptime isn't an issue, but rapid repair is).

I stuck a second disk in the machines.  I use ALTROOT to duplicate the
boot partition (including the /etc directory and its configs), and
daily.local also dumps important information as well, and weekly, I
dump/restore the rest of the partitions from wd0 to wd1.  If I lose the
boot drive, unplug the bad drive, and boot off the remaining one.  Beats
the heck out of most RAID systems I've seen for this application, and in
fact, it provides a (lame) kind of backup, as if I manage to rm -r *
from the wrong directory, I can still recover nicely.

Nick.

Re: asus wl-138g

[Stuart Henderson]

--On 02 October 2005 20:38 +0200, Jernej Vodopivec wrote:


Does anyone have any experience with asus wl-138g wlan pci card? I've
only found model 130g at supported hardware..


Google: "wl-138g chipset". First few hits say 'Marvell' - this is 
undocumented/unsupported (but increasingly common).

Netgear WG311 v3

[Ray Percival]

These cards don't seem to be ath anymore.

The relevant bits from my dmesg.

rl0 at pci1 dev 0 function 0 "D-Link Systems 530TX+" rev 0x10: irq 11 address 
00:11:95:24:6a:0d
rlphy0 at rl0 phy 0: RTL internal phy
rl1 at pci1 dev 1 function 0 "D-Link Systems 530TX+" rev 0x10: irq 5 address 
00:11:95:24:6a:0c
rlphy1 at rl1 phy 0: RTL internal phy
vendor "Marvell", unknown product 0x1faa (class network subclass ethernet, rev 
0x03) at pci1 dev 2 function 0 not configured

Thought you all might like to know. Thrice cursed vendors. Lucky for me it was 
an incredibly cheap impulse buy. 

Ray
-- 
BOFH excuse #326:

We need a licensed electrician to replace the light bulbs in the computer room.

asus wl-138g

[Jernej Vodopivec]

Does anyone have any experience with asus wl-138g wlan pci card? I've
only found model 130g at supported hardware..

Jernej

Re: looking for reliable USB printer

[Adriaan Misc]

On 10/1/05, Marc Espie <[EMAIL PROTECTED]> wrote:
>
> Just wanted to know what people currently use for an usb printer under
> OpenBSD. I'm looking for rather cheap hardware that's currently sold
> in europe as brand new, and guaranteed to work (through experience)
> by people...


Last year I bought a HP Deskjet 3820, but I don't think it is really a
current model anymore. It has USB as well as a parallel port Because I don't
use color I take advantage of the PCL support of the printer and simply
configure it as a Laserjet. I use apsfilter
.
With "hpijs" it also prints color.

=Adriaan=

Re: clamav 0.87 build error on 3.7

[Marc Balmer]

C. Bensend wrote:


I get the following errors when trying to make clamav v0.87 from the
-stable ports tree:



You sure you're using -STABLE?  I mean, are you absolutely sure that
your source tree is what you _think_ it is?

I built 0.87 on 3.7-STABLE just last night, flawlessly.  I don't think
your checkout is what you think it is.


Use a -current source tree when using a -current ports tree.

Re: clamav 0.87 build error on 3.7

[J Moore]

On Sun, Oct 02, 2005 at 11:52:40AM -0500, the unit calling itself C. Bensend 
wrote:
> > I get the following errors when trying to make clamav v0.87 from the
> > -stable ports tree:
> 
> You sure you're using -STABLE?  I mean, are you absolutely sure that
> your source tree is what you _think_ it is?
> 
> I built 0.87 on 3.7-STABLE just last night, flawlessly.  I don't think
> your checkout is what you think it is.

Good thought - here's what I've got... any ideas?

Here's how I've updated my ports tree:
 # setenv CVSROOT [EMAIL PROTECTED]:/cvs
 # cd /usr/ports
 # cvs -d $CVSROOT -q up -rOPENBSD_3_7 -Pd

Here's how I've updated my source tree:
 # setenv CVSROOT [EMAIL PROTECTED]:/cvs
 # cd /usr/src
 # cvs -d $CVSROOT -q up -rOPENBSD_3_7 -Pd

I verified I've got a 3.7 ports tree by:
 # cd /usr/ports/CVS
 # cat Tag
 TOPENBSD_3_7

& in the source tree:
 # cd /usr/src/CVS
 # cat Tag
 TOPENBSD_3_7

& in clamav:
 # cd /usr/ports/security/clamav/CVS
 # cat Tag
 TOPENBSD_3_7

& in /usr/ports/security/clamav/Makefile:
 # cat Makefile
 # $OpenBSD: Makefile,v 1.3.2.3 2005/09/28 17:37:57 sturm Exp $
 
 COMMENT="free virus scanner"
 DISTNAME=   clamav-0.87
 ...

When I build clamav:

 # cd /usr/ports/security/clamav
 # make
 ===>  Building for clamav-0.87
 make  all-recursive
 Making all in libclamav
 Making all in clamscan
 Making all in clamd
 /bin/sh ../libtool --mode=link cc  -O2 -pipe   -L/usr/lib 
 -L/usr/local/lib -o clamd  output.o  cfgparser.o getopt.o  memory.o 
 misc.o  options.o clamd.o  tcpserver.o localserver.o  session.o 
 thrmgr.o  
 server-th.o scanner.o  others.o clamuko.o  dazukoio_compat12.o  
 dazukoio.o  ../libclamav/libclamav.la  -pthread -pthread
 cc -O2 -pipe -o .libs/clamd output.o cfgparser.o getopt.o memory.o 
 misc.o options.o clamd.o tcpserver.o localserver.o session.o thrmgr.o 
 server-th.o scanner.o others.o clamuko.o dazukoio_compat12.o dazukoio.o 
 -pthread -pthread  -L/usr/lib -L/usr/local/lib -L../libclamav/.libs 
 -lclamav -lbz2 -lgmp -lcurl -lssl -lcrypto -lz 
 -Wl,-rpath,/usr/local/lib
 misc.o(.text+0xcb): In function `freshdbdir':
 : warning: sprintf() is often misused, please use snprintf()
 /usr/local/lib/libgmp.so.6.3: warning: vsprintf() is often misused, 
 please use vsnprintf()
 server-th.o(.text+0x98a): In function `acceptloop_th':
 : undefined reference to `cl_dup'
 collect2: ld returned 1 exit status
 *** Error code 1

 Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87/clamd 
 (line 
 322 of Makefile).
 *** Error code 1

 Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87 (line 368 
 of Makefile).
 *** Error code 1

 Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87 (line 227 
 of Makefile).
 *** Error code 1

 Stop in /usr/ports/security/clamav (line 1769 of 
 /usr/ports/infrastructure/mk/bsd.port.mk). 

OT: Help wanted in Caracas, Venezuela

[Rosen Iliev]

Hi misc,

I need help in Caracas, Venezuela.
We have a remote location, that doesn't have tech on stuff. They just lost 
there Firewall. I guess it was some kind of power faulier.
We will have to reinstall the box. They will pay you for your help.

Please contact me off the list.

It's emergency.

Thank you,


Rosen Iliev

IT Department Manager
www.betcris.com
San Jose, Costa Rica
Direct: + (506) 242-4927
Fax: + (506) 210.7828

Re: Webmail recommendations?

[Csillag Tamás]

On 10/01, Chris wrote:
> Hello
> 
> I want to setup a OBSD box for my email server.  It will service
> probably about 2 dozen people, but It could conceivably double or more
> over the next year or two.
> 
> I was wondering if anyone had any recommendations for an mta, and for a
> webmail program that is easy to use and fully featured for users who are
> not so computer savvy.
> 
> I am pretty comfortable with Sendmail, but I hear a lot of people are
> moving more toward postfix (which I know nothing about).
> 
> I am at a loss for a good web interface.
> 
> Anyone care to make any recommendations?
> 
> Thank you.
> 
> 
> Chris

Hi

My personal favorite is: postfix + courier-imap + sqwebmail.
(You will need maildrop too between postfix and courier-imap.)
SqWebMail is a simple cgi written in c++ so it is really fast.

http://www.postfix.org
http://www.courier-mta.org/imap
http://www.courier-mta.org/sqwebmail

-- 
cstamas

Re: clamav 0.87 build error on 3.7

[C. Bensend]

> I get the following errors when trying to make clamav v0.87 from the
> -stable ports tree:

You sure you're using -STABLE?  I mean, are you absolutely sure that
your source tree is what you _think_ it is?

I built 0.87 on 3.7-STABLE just last night, flawlessly.  I don't think
your checkout is what you think it is.

Benny


-- 
"Now, that next spring you find in your garage a creature that
looks like a cross-bred badger and anaconda. A badgerconda."
  -- bash.org

clamav 0.87 build error on 3.7

[J Moore]

I get the following errors when trying to make clamav v0.87 from the
-stable ports tree:

server-th.o(.text+0x98a): In function `acceptloop_th':
: undefined reference to `cl_dup'
collect2: ld returned 1 exit status
*** Error code 1

Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87/clamd (line
322 of Makefile).
*** Error code 1

Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87 (line 368
of Makefile).
*** Error code 1

Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87 (line 227
of Makefile).
*** Error code 1

Stop in /usr/ports/security/clamav (line 1769 of
/usr/ports/infrastructure/mk/bsd.port.mk).

How to fix?

Thnx,
Jay

Re: 3.8 Snapshot with 'ath' based card.

[Peter N. M. Hansteen]

Reyk Floeter <[EMAIL PROTECTED]> writes:

> what a mess!

My sentiments exactly.  I wasn't particularly happy when I found out,
but then the the guys at the store let me hand the card back for a
refund with no problems. 

> d-link uses additional H/W revision numbers (like A1, B2, ...) to
> inidicate the chipset, at least smc and neatgear have something
> similar.

In my case I think it is easier than that, in fact. The DWL-G520 is
Atheros based and works (and IIRC the package was clearly marked with an
Atheros emblem), while the DWL-G520+ is TI ACX111, which is
undocumented, unsupported and should be avoided.

Funny, this came up just as I was writing up some wireless stuff to
include in my PF tutorial for AUUG2005.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"

Re: Serial Weather Station

[Marc MAURICE]

Thanks for your response,

I red the tty(4) manpage, and a part of the tip(1) manpage
Now I know the difference between tty and cua devices.

I changed the configuration to tell open3600 to use /dev/cua00 instead 
of /dev/tty00.


Unfortunately, the problem is still the same.

Marc MAURICE


man 4 cua or man 4 tty

Then see the section about cua(4) devices.

And don't use tty's like that.  That is what cua devices are for.
Connecting out.

 


I have a laptop at home which is an old dell latitude xpi p133 st. I use
it as a small server, running OpenBSD 3.7. I would like to have my weather
station connected to the laptop, serving the weather via http.

The weather station is a WS3600, racorded to the server via a serial cable.

The program I use to retrieve the info from the station is open3600
(http://open3600.fast-mail.nl).

To make it work under openbsd, I edited /etc/ttys and changed the line :
tty00  "/usr/libexec/getty std.9600"   unknown off

to :
tty00   nonenetwork on local

As open3600 is not available in binary form for OpenBSD, I compiled it.
I then configured it to retrieve the info from /dev/tty00.

Now when I launch the retrieval of the information, the command takes 30
seconds before outputing the result.
Each time I execute the command, it takes about 30 seconds, and sometimes
the output is right, sometimes it is totally wrong, indicating 0 values.
I would say I have 50% chance to get the good parameters.

The problem is not hardware, because I tried the command under Debian on
the same machine, and it retrieves the information with no problem, in
less than 2 seconds.

I think the problem is the configuration of the serial port under OpenBSD,
but my knowledge in serial devices is rather limited.

I ran 'stty -af /dev/tty00' under OpenBSD and 'stty -aF /dev/ttyS0' under
Debian and see the modes are a bit differents, but I did not manage to
change modes under OpenBSD.

'stty -af /dev/tty00' under OpenBSD:

speed 9600 baud; 0 rows; 0 columns;
lflags: icanon isig iexten echo echoe -echok echoke -echonl echoctl
   -echoprt -altwerase -noflsh -tostop -flusho -pendin -nokerninfo
   -extproc -xcase
iflags: -istrip icrnl -inlcr -igncr -iuclc ixon -ixoff ixany imaxbel
   -ignbrk brkint -inpck -ignpar -parmrk
oflags: opost onlcr -ocrnl -onocr -onlret -olcuc oxtabs -onoeot
cflags: cread cs8 -parenb -parodd hupcl clocal -cstopb -crtscts -mdmbuf
cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = ;
   eol2 = ; erase = ^?; intr = ^C; kill = ^U; lnext = ^V;
   min = 1; quit = ^\; reprint = ^R; start = ^Q; status = ;
   stop = ^S; susp = ^Z; time = 0; werase = ^W;

'stty -aF /dev/ttyS0' under Debian:

speed 9600 baud; rows 0; columns 0; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = ; eol2
= ; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon
-ixoff -iuclc -ixany -imaxbel
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0
vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop
-echoprt echoctl echoke

I don't even know if the problem comes from here.

Any help, any reference, any advice is welcomed.

Thanks in advance and sorry for my english

Marc MAURICE

Re: Webmail recommendations?

[Jeffrey Lim]

you could try horde - it's pretty full-featured. Mta, i would
recommend qmail, but YMMV... The setup will be pretty tedious if u go
this way, but once setup, everything will run very nicely.

-jf

Re: 3.8 Snapshot with 'ath' based card.

[Reyk Floeter]

On Sun, Oct 02, 2005 at 04:02:25PM +0200, Peter N. M. Hansteen wrote:
> > "Texas Instruments ACX111" rev 0x00 at pci0 dev 12 function 0 not
> > configured
> 
> it looks like netgear changed chipsets without telling anybody about it.
> I had a similar experience with a of D-Link card.  D-Link have several
> ath based cards, among them DWL-G520.  On the other hand the DWL-G520+

what a mess!

d-link uses additional H/W revision numbers (like A1, B2, ...) to
inidicate the chipset, at least smc and neatgear have something
similar.

please tell us all the product revision numbers for this device and
we'll think about mentioning it in the documentation.

reyk

Re: Geode GX1

[Bachman Kharazmi]

On 10/2/05, Marc Balmer <[EMAIL PROTECTED]> wrote:
> Bachman Kharazmi wrote:
>
> > I tried a linux kernel and it did boot the kernel at least.
> > I might be missing something for the Geode GX1 in my GENERIC kernel?
>
> geode gx1 is the geode sc-1100 right?  I use such a computer here
> with the GENERIC kernel.  So you have the rarpd and bootconfig server setup?
I've the terminal server running and working, its from it the term
loads "pxeboot" and then tries to load bsd.rd kernel using tftp.

/bkw
>


--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

Re: 3.8 Snapshot with 'ath' based card.

[Peter N. M. Hansteen]

OpenBSD Admin <[EMAIL PROTECTED]> writes:

> I went  and bought a netgear WG311 PCI 54g (Wg311GE) card the other
> day to put in my firewall. I intended to use this is as an access
> point for a WLAN. This card is listed in the support hardware section
> on the openbsd website under i386 but not amd64.

Well, from the dmesg 

> "Texas Instruments ACX111" rev 0x00 at pci0 dev 12 function 0 not
> configured

it looks like netgear changed chipsets without telling anybody about it.
I had a similar experience with a of D-Link card.  D-Link have several
ath based cards, among them DWL-G520.  On the other hand the DWL-G520+
is based on TI ACX111, which for some reason TI does not want to release
documentation for.  As a consequence, support for ACX111 cards on free
operating systems is almost non-existent.  On Linux and FreeBSD you
might be able to use an ndis loader workaround (loading the Windows
binary via a wrapper), but for very understandable reasons OpenBSD does
not support this.

Take a look at http://customerproducts.atheros.com/customerproducts (as
mentioned in the ath man page) and see if you can have the dealer agree
to have the card exchanged for a supported one.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"

Geode GX1

[Bachman Kharazmi]

On 10/2/05, Marc Balmer <[EMAIL PROTECTED]> wrote:
> Bachman Kharazmi wrote:
> > On 10/2/05, Marc Balmer <[EMAIL PROTECTED]> wrote:
> >
> >>Bachman Kharazmi wrote:
> >>
> >>>When I try to boot a Geode GX1 with generic kernel it freeze here:
> >>>
> >>>
> >OpenBSD/i386 PXEBOOT 1.02
> >>>
> >>>booting tftp:/bsd 4807268-   (and here it freeze)
> >>>
> >>>I've tried bsd.rd both from the 3.7 and 3.8 dir without any luck, am I
> >>>missing any support in kernel?
> >>
> >>have you the consol to the serial port in boot.conf?  See boot.conf(8)
> >>for details, the file must be on you tftp server under etc/.
> >
> > It's a thin desktop (compaq evo t20) without any com-port. It has four
> > usb ports,nic, vga,ac and sound.
> >
> > maybe that's why it's freezing... would it help to build a kernel
> > without com-port support?
>
> Ok.  Boot bsd.rd, if you boot bsd, you must provide a complete root
> filesystem on nfs environment.  Essentially you have to use rarpd,
> bootcnfigd and nfsd.  See the respective manual pages and read diskless(8).

I already have diskless working out of the box with obsd as
term-server and a generic PC as term. but this thin diskless
workstation is something I've borrow from school because they are
unused and I would like it to boot with bsd kernel.

As described in my first post I've already tested with bsd.rd from
3.7/3.8 dir on the mirrors.

What really confuses me is that it's freezing,
>>OpenBSD/i386 PXEBOOT 1.02
booting tftp:/bsd 4807268-
right here.

I tried a linux kernel and it did boot the kernel at least.
I might be missing something for the Geode GX1 in my GENERIC kernel?

/bkw
>
> - Marc Balmer
>


--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##


--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

Re: Java with mozilla-firefox

[Keith Richardson]

Running firefox from the shell gives me this:
$ firefox
INTERNAL ERROR on Browser End: Exec of "java_vm" failed: 2
<
System error?:: No such file or directory
Gdk-ERROR **: Fatal IO error 9 (Bad file descriptor) on X server :0.0.
INTERNAL ERROR on Browser End: Could not read ack from child process
System error?:: Resource temporarily unavailable

It doesn't drop a .core file though.

Is this information enough?

Friendly,
Rico.


Applets worked for me after installing java 1.4.2 via the ports tree, 
mozilla-firefox through the packages tree and changing my settings in 
login.conf. 

Going off your error message above, I would guess you are missing a file 
in your java/firefox installation or the permissions are wrong.


Here is my file count:

$ find /usr/local/jdk* | wc -l
   2719
$ find /usr/local/mozilla-firefox/ | wc -l
632

You can find to look for files missing world-read permission.  See the 
man pages for more details.


If all else fails, follow up on Josh's advice on using gdb

Good luck,
Keith Richardson

Re: Geode GX1

[Bachman Kharazmi]

On 10/2/05, Marc Balmer <[EMAIL PROTECTED]> wrote:
> Bachman Kharazmi wrote:
> > When I try to boot a Geode GX1 with generic kernel it freeze here:
> >
> >>>OpenBSD/i386 PXEBOOT 1.02
> >
> > booting tftp:/bsd 4807268-   (and here it freeze)
> >
> > I've tried bsd.rd both from the 3.7 and 3.8 dir without any luck, am I
> > missing any support in kernel?
>
> have you the consol to the serial port in boot.conf?  See boot.conf(8)
> for details, the file must be on you tftp server under etc/.
It's a thin desktop (compaq evo t20) without any com-port. It has four
usb ports,nic, vga,ac and sound.

maybe that's why it's freezing... would it help to build a kernel
without com-port support?

/bkw
>
> - Marc Balmer
>


--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

Unsubscription Confirmation

[Subscriber Services]

You have been successfully removed and will not receive any more messages.

Re: Webmail recommendations?

[Jasper Lievisse Adriaanse]

On Sat, 1 Oct 2005 18:19:17 -0500 (CDT)
"C. Bensend" <[EMAIL PROTECTED]> wrote:

> > I am at a loss for a good web interface.
> >
> > Anyone care to make any recommendations?
> 
> I'm a pretty big fan of SquirrelMail.  It's a web-based IMAP client,
> so you'd need an IMAP server as well (I use Courier).  It works just
> fine with OpenBSD's chrooted Apache, which is a big plus.
> 
> Benny
> 
> 
> -- 
> "Now, that next spring you find in your garage a creature that
> looks like a cross-bred badger and anaconda. A badgerconda."
>   -- bash.org
> 

Yes, that's very nice WebMail software indeed. And it's quite light.

Jasper


-- 
"Security is decided by quality" -- Theo de Raadt

Re: PF story, happy ending.

[Simon Farnsworth]

On Sunday 02 October 2005 00:08, ed wrote:
> On Sat, 1 Oct 2005 12:27:56 -0600 (MDT)
>
> Diana Eichert <[EMAIL PROTECTED]> wrote:
> > So Dweeb, what you recommend is upping the state table so we can
> > increase the amount of crap that's leaking out from the Windows
> > system?  Brilliant, next time there's a Windows worm polluting the
> > network I'll just think "Wow, it's not a Windows problem, I just need
> > to buy hardware that can handle greater traffic."
>
> Then by this token we should all set a state limit of 1 state per host,
> correct, if there's something using more states it must be compromised.
> Nice theory. Why not just block the single host causing the problem,
> when you have a high state limit, try shell commands to count the states
> used every few minutes and then add the excessive hosts to a table,
> rather than choke the network. Oh and don't resort to name calling, it
> makes the rest of the post look childish, even if there is content of
> technical merit.

Well, if you bothered to read and understand Diana's posts, you'd realise that
the firewall had enough states for normal operation of the network. When a
faulty host was added, it overloaded the firewall.

Now, which is a better response? Leave the faulty host running (a Windows
domain controller shouldn't be sending stuff through the firewall in the
first place, and shouldn't be sending lots of fragments), and open up the
firewall to hide the fault? Or, diagnose the fault, realise that the firewall
failing is a symptom of a bad host behind the firewall, and fix the bad host?

I'd do what Diana did; diagnose the fault, discover a faulty host, and get it
fixed, rather than cover over the fault by changing the firewall
configuration. Or are you suggesting that (e.g.) if one of your non-mail
sending hosts overloads the firewall with connections to port 25 on lots of
different MXs, the solution is to have the firewall allow more outgoing
connections, not to work out why that host has suddenly started sending mail?
--
Simon Farnsworth

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: WLAN (Linksys WPC111) + WEP

[Jeremy]

On Sun, Oct 02, 2005 at 09:01:19AM +0200, Nikolaus Hiebaum wrote:
> ifconfig wi0 192.168.200.2 255.255.255.0 nwid "scyld" nwkey "BACE8A21EA"

According to the ifconfig man page, "The key can either be a string, a series
of hexadecimal digits (preceded by `0x'), or a set of keys..." So I would try
that.

-j

WLAN (Linksys WPC111) + WEP

[Nikolaus Hiebaum]

Hello,

I have a problem with OpenBSD 3.7 (GENERIC) on my laptop, Acer TravelMate
243LC, and WLAN with WEP. Since my laptop doesn't have a built in WLAN card, I
bought a Linksys WPC111v3 which, according to
http://www.openbsd.org/i386.html#hardware, is supported.

Connecting to an open and unsecured Access Point (AP) works fine, but it fails
to work with an AP that is protected by WEP (64bits, shared key).

WLAN card: Linksys WPC11v3
AP: Netgear WG602 (WEP 64bits, shared key)

All right, first when I plug the WLAN card in, I get this:

Oct  2 07:37:39 hrodulf /bsd: wi0: PRISM3 ISL37300P, Firmware 1.1.0 (primary), 
1.4.2 (station), address
00:06:25:2b:55:5c

It seem the card is recognized, and I have tried both ifconfig and wicontrol to
make a connection to my AP, but to no avail.

---BOF---

ifconfig wi0 192.168.200.2 255.255.255.0 nwid "scyld" nwkey "BACE8A21EA"

[EMAIL PROTECTED]: /usr/ports (7:42:29)> ifconfig wi0
wi0: flags=8843 mtu 1500
 address: 00:06:25:2b:55:5c
 ieee80211: nwid scyld nwkey BACE8A21EA 5dBm (auto)
 media: IEEE802.11 autoselect (DS2)
 status: no network
 inet6 fe80::206:25ff:fe2b:555c%wi0 prefixlen 64 scopeid 0x7
 inet 192.168.200.2 netmask 0xff00 broadcast 255.255.255.0

---EOF---

It appears there is no connection to the AP. When I try wicontrol, I still
don't get a connection.

---BOF---
wicontrol wi0 -e 1 -k BACE8A21EA -t 3 -n scyld -s scyld -p 1 -A 2 -f 11

[EMAIL PROTECTED]: /usr/ports (7:43:01)> wicontrol wi0 -L
AP Information
ap[0]:  netname (SSID): [ scyld ]
 BSSID:  [ 00:09:5b:67:71:a5 ]
 Channel:[ 11 ]
 Beacon Interval:[ 100 ]
 Quality/Signal/Noise [signal]:  [ 50 / 59 / 9 ]
 Capinfo:[ ESS PRIV ]
 DataRate [Mbps]:[ 1.0 ]
 AvailableRates [Mbps]:  [ 1.0 2.0 5.5 11.0 ]

[EMAIL PROTECTED]: /usr/ports (7:43:23)> wicontrol wi0
NIC serial number:  [ 99SA0100 ]
Station name:   [ scyld ]
SSID for IBSS creation: [ IBSS ]
Current netname (SSID): [ IBSS ]
Desired netname (SSID): [ scyld ]
Current BSSID:  [ 44:44:44:44:44:44 ]
Channel list:   [ 8191 ]
IBSS channel:   [ 11 ]
Current channel:[ 11 ]
Comms quality/signal/noise: [ 0 81 27 ]
Promiscuous mode:   [ Off ]
Process 802.11b Frame:  [ Off ]
Port type (1=BSS, 3=ad-hoc, 6=Host AP): [ 1 ]
MAC address:[ 00:06:25:2b:55:5c ]
TX rate (selection):[ 3 ]
TX rate (actual speed): [ 2 ]
Maximum data length:[ 2304 ]
RTS/CTS handshake threshold:[ 2347 ]
Create IBSS:[ Off ]
Antenna diversity (0=auto,1=pri,2=aux): [ ]
Microwave oven robustness:  [ On ]
Roaming mode(1=firm,3=disable): [ 1 ]
Access point density:   [ 1 ]
Power Management:   [ Off ]
Max sleep time: [ 100 ]
Enhanced Security mode: [ ]
Intersil Prism2-based card: [ 1 ]
Card info:  [ PRISM3 ISL37300P, Firmware 1.4.2 ]
Encryption: [ On ]
Encryption algorithm:   [ Firmware WEP ]
Authentication type
(1=OpenSys, 2=Shared Key):  [ 2 ]
TX encryption key:  [ 1 ]
Encryption keys:[ BACE8A21EA ][  ][  ][  ]

---EOF---

Is WEP just not supported or is my syntax wrong? Do you have any idea how to
get this to work?

-- 
Beste Gr|_e / Best regards ,
Nikolaus Hiebaum

Re: Linux expo - London

[Matthias Kilian]

On Sat, Oct 01, 2005 at 11:34:00PM +0100, ed wrote:
> Is OpenBSD doing anything at the linux conference and expo this week at
> the London Olympia?

http://www.openbsd.org/events.html