Ath and tools
Hi all, I looked in man 4 ath, man 8 ifconfig and man 8 wicontrol but did find out the answer to my question: Is there any tool like wicontrol for ath cards ? Typically, how can I scan for access points ? Yours, Alexandre Stefani
HP DL 380 G3 + OpenBSD 3.8
Hello! I'm have problem :( My server is HP DL380 G3. #uname -a OpenBSD .econmos.com 3.8 GENERIC#202 i386 #dmesg OpenBSD 3.8-current (GENERIC) #202: Wed Oct 19 17:52:24 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.05 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 2147041280 (2096720K) avail mem = 1953165312 (1907388K) using 4278 buffers containing 107454464 bytes (104936K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 9 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks CSB5 rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xcc000/0x1800 0xee000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20-HE Host (GC-LE) rev 0x33 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20-HE Host (GC-LE) rev 0x00 pci1 at pchb1 bus 3 pchb2 at pci0 dev 0 function 2 ServerWorks CNB20-HE Host (GC-LE) rev 0x00 pci2 at pchb2 bus 1 ciss0 at pci2 dev 3 function 0 Compaq Smart Array 5i/532 rev.2 rev 0x01: irq 10 ciss0: 1 LD HW rev 1 FW 2.36/2.36 lmap 4000:0 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: COMPAQ, LOGICAL VOLUME, 2.36 SCSI0 0/direct fixed ciss0: cmd_stat 2 scsi_stat 0x0 ciss0: cmd_stat 2 scsi_stat 0x0 sd0: 104183MB, 104183 cyl, 64 head, 32 sec, 512 bytes/sec, 213367680 sec total vga1 at pci0 dev 3 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vendor Compaq, unknown product 0xb203 (class system subclass miscellaneous, rev 0x01) at pci0 dev 4 function 0 not configured vendor Compaq, unknown product 0xb204 (class system subclass miscellaneous, rev 0x01) at pci0 dev 4 function 2 not configured pcib0 at pci0 dev 15 function 0 ServerWorks CSB5 rev 0x93 pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x93: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: TEAC, DW-224E, A.1K SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x05: irq 7, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered pchb3 at pci0 dev 15 function 3 ServerWorks CSB5 LPC rev 0x00 pchb4 at pci0 dev 16 function 0 ServerWorks CIOB-X2 PCIX rev 0x05 pchb5 at pci0 dev 16 function 2 ServerWorks CIOB-X2 PCIX rev 0x05 pci3 at pchb5 bus 6 Compaq PCI Hotplug rev 0x14 at pci3 dev 30 function 0 not configured pchb6 at pci0 dev 17 function 0 ServerWorks CIOB-X2 PCIX rev 0x05 pchb7 at pci0 dev 17 function 2 ServerWorks CIOB-X2 PCIX rev 0x05 pci4 at pchb7 bus 2 bge0 at pci4 dev 1 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2 (0x1002): irq 11 address 00:0e:7f:ad:0e:e4 brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 bge1 at pci4 dev 2 function 0 Broadcom BCM5703X rev 0x02: couldn't establish interrupt at irq 15 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask e7ed netmask efed ttymask ffef pctr: user-level cycle counter enabled ciss0: cmd_stat 2 scsi_stat 0x0 ciss0: cmd_stat 2 scsi_stat 0x0 dkcsum: sd0 matches BIOS drive 0x80 root on sd0a ciss0: cmd_stat 2 scsi_stat 0x0 ciss0: cmd_stat 2 scsi_stat 0x0 ciss0: cmd_stat 2 scsi_stat 0x0 ciss0: cmd_stat 2 scsi_stat 0x0 rootdev=0x400 rrootdev=0xd00 rawdev=0xd02 ciss0: cmd_stat 2 scsi_stat 0x0 ciss0: cmd_stat 2 scsi_stat 0x0 ciss0: cmd_stat 2 scsi_stat 0x0 ciss0: cmd_stat 2 scsi_stat 0x0 # cd /usr/ports # make search nmae=pci The search target requires a keyword or name parameter, e.g.: make search key=somekeyword make search name=somename # make search name=pci # uname -a OpenBSD web-access-c1.investstr.econmos.com 3.8 GENERIC#202 i386 # dmesg OpenBSD 3.8-current (GENERIC) #202: Wed Oct 19 17:52:24 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.05 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem =
Question about isakmpd on obsd 3.7
Hi all, Is ike over tcp supported under isakmpd on obsd 3.7?? where I can find docs about this configuration ?? Thanks. -- CL Martinez carlopmart {at} gmail {d0t} com
Re: Ath and tools
Hi Alexandre, I don't know of a control tool for ath(4) because all can be done over ifconfig(8). To scan for access points do simply: ifconfig -M ath0 I also did a wmdockapp which does a bit monitoring of your wireless card, which works pretty good with ath(4). That's the port for the latest version: http://www.nazgul.ch/dev/wmwlmon-port.tar.gz Regards, Marcus On Wed, Oct 26, 2005 at 09:42:09AM +0200, Alexandre wrote: Hi all, I looked in man 4 ath, man 8 ifconfig and man 8 wicontrol but did find out the answer to my question: Is there any tool like wicontrol for ath cards ? Typically, how can I scan for access points ? Yours, Alexandre Stefani -- Marcus Glocker, [EMAIL PROTECTED], http://www.nazgul.ch -
Re: Ath and tools
From: Alexandre [EMAIL PROTECTED] Hi all, I looked in man 4 ath, man 8 ifconfig and man 8 wicontrol but did find out the answer to my question: Is there any tool like wicontrol for ath cards ? Typically, how can I scan for access points ? I think this was added post 3.7, but you might be interested in ifconfig -M. According to the ifconfig manpage: -M For the chosen 802.11 interfaces, show the results of an access point scan. In Host AP mode, this will dump the list of known nodes. dlg
Re: Question about isakmpd on obsd 3.7
On Wed, Oct 26, 2005 at 10:24:25AM +0200, [EMAIL PROTECTED] wrote: Hi all, Is ike over tcp supported under isakmpd on obsd 3.7?? where I can no
Re: HP DL 380 G3 + OpenBSD 3.8
My problem (!!!) - bge1 at pci4 dev 2 function 0 Broadcom BCM5703X rev 0x02: couldn't establish interrupt at irq 15. Howto ? RTFM ? Help me! Try to set it to a different IRQ in the BIOS. The whole matter is strange on irq15, which is usually for secondary IDE. Uwe
Re: HP DL 380 G3 + OpenBSD 3.8
Thx! IRQ = 7 all work OK! - Original Message - From: Uwe Dippel [EMAIL PROTECTED] To: misc@openbsd.org Sent: Wednesday, October 26, 2005 12:43 PM Subject: Re: HP DL 380 G3 + OpenBSD 3.8 My problem (!!!) - bge1 at pci4 dev 2 function 0 Broadcom BCM5703X rev 0x02: couldn't establish interrupt at irq 15. Howto ? RTFM ? Help me! Try to set it to a different IRQ in the BIOS. The whole matter is strange on irq15, which is usually for secondary IDE. Uwe __ CC-C4C.C0C,C C6C(C? NOD32 1.1208 (20050902) __ CC2C. C1C.C.C!C9C%C-C(C% C/C0C.CC%C0C%C-C. CC-C2C(CC(C0C3C1C-C.C) C1C(C1C2C%C,C.C) NOD32. http://www.eset.com
Migrating to a new HD
Hi, I just wrote this article about migrating to a new HD after the old one got too flakey. I maintain the original over here: http://www.xs4all.nl/~hanb/documents/hd-migration HD MIGRATION: It started with my HD failing to sync when I was rebooting. And some odd errormessages I saw. So I was holding my breath hoping for it to be something else or just an incident. But it only got worse. So After a reboot and nearly loosing a lot of important stuff I decided to make the switch. And after a struggle with cp and rsync I had everything set like I should I found out that an old lilo was still haunting the MBR and I knew no way to get rid of it since I had no floppy. So, I could start all over again. I decided to write it all down so noone would have to suffer the same as me. After some tips on #OpenBSD I found the following procedure: My original harddisk was wd0 and the usb2 external drive sd0 is the new drive, which I will swap with the old drive after all is done. # I use the whole disk and this is the command I had to use in the # first instance to get rid of lilo. fdisk -i sd0 # Now I could also reconsider my partitiontable and I increased my # /var partition which I wanted to do for a long time. You can # also add or remove partitions if you like that. After having the # right partition table in my mind I disklabel. It's a pretty # straightforward tool, so I won't bother explaining how it works. disklabel -e sd0 # newfs is also really simple. newfs /dev/sd0a newfs /dev/sd0d # etc, etc. # And then I mounted the new filesystem. The extra options speed # up the copying of files. mkdir /mnt/new mount -o async,noatime,softdep /dev/sd0a /mnt/new cd /mnt/new mount -o async,noatime,softdep /dev/sd0d tmp mount -o async,noatime,softdep /dev/sd0e var mount -o async,noatime,softdep /dev/sd0f usr mount -o async,noatime,softdep /dev/sd0g home # First I prepared the dirs I didn't want to copy. mkdir dev cp /dev/MAKEDEV dev cd dev ./MAKEDEV all cd .. mkdir altroot kern mnt proc stand tmp # Also make sure you set the right permissions for /tmp chmod 1777 /tmp # There are two ways I found pretty comfortable to copy dirs. cp # -Rp is fast. rsync shows what's going on, and you can easily # update the remaining differences. So if you don't want to use # rsync you'll have to do the copying in single user mode. cp -Rp /etc . rsync -aP /var . # And so on and so forth for all remaining dirs and files and # symlinks in / # Actually right before I swapped the drives I went into single # usermode and copied over the last changes to /var and /home with # rsync. # Then I installed the bootloader. cp usr/mdec/boot . cd usr/mdec ./installboot /mnt/new/boot ./biosboot sd0 # After that I switched the drives, double-checking the # master/slave selector. And I booted with the new and HD and # rejoiced. # Of course I just removed all the errors I made along the way. # Han
Re: Migrating to a new HD
Hello! On Wed, Oct 26, 2005 at 12:42:04PM +0200, Han Boetes wrote: I just wrote this article about migrating to a new HD after the old one got too flakey. [...] I like a dump | restore combo, because dump is quite fast. I.e. partition the new disk similar to the old one (sizes may vary as long as stuff will fit on the new disk). dump|restore for every filesystem (partition) you have, installboot on the new disk, and be happy. Kind regards, Hannah.
Re: dhcp overwriting resolv.conf
On 10/26/05, Chris Smith [EMAIL PROTECTED] wrote: Hello, Running 3.8, 2 nics, 1 statically assigned, and the other using dhcp. Problem is that resolv.conf is always overwritten. Using resolv.conf.tail doesn't help as the information is just tacked on at the end of the dhcp supplied information. How can I prevent the overwriting of resolv.conf? First I tried the advice on http://www.openbsd.org/faq/faq6.html#DHCP -- No matter how you start the DHCP client, you can edit the /etc/dhclient.conf file to not update your DNS according to the dhcp server's idea of DNS by first uncommenting the 'request' lines in it (they are examples of the default settings, but you need to uncomment them to override dhclient's defaults.) request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name, lpr-servers, ntp-servers; and then remove domain-name-servers. Of course, you may want to remove hostname, or other settings too. -- Thant didn't work for me :-( Now My /etc/dhclient.conf looks like this initial-interval 1; send host-name caleb; request subnet-mask, broadcast-address, routers, domain-name, supersede domain-name-servers 172.17.1.10; -- Now this works for me. Hope This helps Kind Regards Siju
Re: Migrating to a new HD
On Wed, Oct 26, 2005 at 12:42:04PM +0200, Han Boetes wrote: Hi, I just wrote this article about migrating to a new HD after the old one got too flakey. I maintain the original over here: http://www.xs4all.nl/~hanb/documents/hd-migration HD MIGRATION: It started with my HD failing to sync when I was rebooting. And some odd errormessages I saw. So I was holding my breath hoping for it to be something else or just an incident. But it only got worse. So After a reboot and nearly loosing a lot of important stuff I decided to make the switch. And after a struggle with cp and rsync I had everything set like I should I found out that an old lilo was still haunting the MBR and I knew no way to get rid of it since I had no floppy. So, I could start all over again. I decided to write it all down so noone would have to suffer the same as me. After some tips on #OpenBSD I found the following procedure: My original harddisk was wd0 and the usb2 external drive sd0 is the new drive, which I will swap with the old drive after all is done. # I use the whole disk and this is the command I had to use in the # first instance to get rid of lilo. fdisk -i sd0 # Now I could also reconsider my partitiontable and I increased my # /var partition which I wanted to do for a long time. You can # also add or remove partitions if you like that. After having the # right partition table in my mind I disklabel. It's a pretty # straightforward tool, so I won't bother explaining how it works. disklabel -e sd0 # newfs is also really simple. newfs /dev/sd0a newfs /dev/sd0d # etc, etc. # And then I mounted the new filesystem. The extra options speed # up the copying of files. mkdir /mnt/new mount -o async,noatime,softdep /dev/sd0a /mnt/new cd /mnt/new mount -o async,noatime,softdep /dev/sd0d tmp mount -o async,noatime,softdep /dev/sd0e var mount -o async,noatime,softdep /dev/sd0f usr mount -o async,noatime,softdep /dev/sd0g home # First I prepared the dirs I didn't want to copy. mkdir dev cp /dev/MAKEDEV dev cd dev ./MAKEDEV all cd .. mkdir altroot kern mnt proc stand tmp # Also make sure you set the right permissions for /tmp chmod 1777 /tmp # There are two ways I found pretty comfortable to copy dirs. cp # -Rp is fast. rsync shows what's going on, and you can easily # update the remaining differences. So if you don't want to use # rsync you'll have to do the copying in single user mode. cp -Rp /etc . rsync -aP /var . # And so on and so forth for all remaining dirs and files and # symlinks in / # Actually right before I swapped the drives I went into single # usermode and copied over the last changes to /var and /home with # rsync. # Then I installed the bootloader. cp usr/mdec/boot . cd usr/mdec ./installboot /mnt/new/boot ./biosboot sd0 # After that I switched the drives, double-checking the # master/slave selector. And I booted with the new and HD and # rejoiced. some thoughts: 1. make backups: dump(8) and restore(8) are your friends. 2. wouldn't it be much easier to use the installer to install OpenBSD onto the new hard disk, boot from the new disk when finished, mount your old disk and copy over files as desired? (you could consider unplugging the old disk if it is going bad, and plug it back in when you're ready to start copying.) -- steven Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Re: Migrating to a new HD
Hannah Schroeter wrote: I like a dump | restore combo, because dump is quite fast. Sounds interesting, I'll look into it. I.e. partition the new disk similar to the old one (sizes may vary as long as stuff will fit on the new disk). dump|restore for every filesystem (partition) you have, installboot on the new disk, and be happy. Hmm now you describe in a few words what I did in detail, except for the d|r trick. :-} # Han
Re: spamd extension
On Tue, 25 Oct 2005 20:57:15 -0500 James Harless [EMAIL PROTECTED] wrote: What I'm looking for is a way to whitelist them based on user input.. before their initial email has been sent. In this somewhat typical scenario, the user has contacted me and said I don't want mail from [EMAIL PROTECTED] to be delayed... whitelist them, please. Sure, it can be done as long as you can figure out what server [EMAIL PROTECTED] will use to send their email and that's not as easy as it may initially seem. xxx might not always send using the same provider, the provider may have multiple outbound relays, he/she may be using a friends computer, he/she may use a wifi hotspot etc etc. Bottom line is that there's no reliable way to determine this ahead of time. Just whitelisting email addresses themselves deafeats the purpose of spamd. --- Lars Hansson Message from: Lars Hansson [EMAIL PROTECTED]
Problem installing nmap from packages
Hi, I tried installing nmap and got some dependency problems. I am running snapshots. pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/nmap-3.93.tgz Can't install ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/nmap-3.93.tgz: lib not found pcap.3.1 Even by looking in the dependency tree: gettext-0.10.40p3, libiconv-1.9.2p1, libdnet-1.10p0, glib-1.2.10p0, pcre-4.5p1, gtk+-1.2.10p3 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. Best regards
Re: Problem installing nmap from packages
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rico Sent: Wednesday, October 26, 2005 8:55 AM To: misc@openbsd.org Subject: Problem installing nmap from packages Hi, I tried installing nmap and got some dependency problems. I am running snapshots. pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/nmap-3.93.tgz Can't install ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/nmap-3.93.tgz: lib not found pcap.3.1 Even by looking in the dependency tree: gettext-0.10.40p3, libiconv-1.9.2p1, libdnet-1.10p0, glib-1.2.10p0, pcre-4.5p1, gtk+-1.2.10p3 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. Best regards I got that same error trying to install etherape-0.9.0
Re: Problem installing nmap from packages
Rico [Wed, Oct 26, 2005 at 02:55:02PM +0200] wrote: I tried installing nmap and got some dependency problems. I am running snapshots. pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/nmap-3.93.tgz Can't install ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/nmap-3.93.tgz: lib not found pcap.3.1 Even by looking in the dependency tree: gettext-0.10.40p3, libiconv-1.9.2p1, libdnet-1.10p0, glib-1.2.10p0, pcre-4.5p1, gtk+-1.2.10p3 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. You have to run -current if you want to use -current packages. Bernd
Re: Problem installing nmap from packages
On Wed, Oct 26, 2005 at 02:55:02PM +0200, Rico wrote: Hi, I tried installing nmap and got some dependency problems. I am running snapshots. pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/nmap-3.93.tgz Can't install ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/nmap-3.93.tgz: lib not found pcap.3.1 Even by looking in the dependency tree: gettext-0.10.40p3, libiconv-1.9.2p1, libdnet-1.10p0, glib-1.2.10p0, pcre-4.5p1, gtk+-1.2.10p3 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. try a newer snapshot. you probably have an older version of the libpcap library. and please ask this kind of questions on ports@ ... Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Re: spamd extension
Chad, I appreciate the insight. I do realize it's a difficult problem but, I think that there's a solution (albeit possibly from someone smarter than I). I do have variables that are known (the sender email address and the recipient email address). The problem is tying them to the IP Address of the MTA when it's seen @ spamd. It may be that there isn't a solution without direct modification of spamd. If that's the case, then I hope the developer(s) will consider this suggestion. I definitely won't be disabling spamd ;). I would have a minor revolution on my hands if my users suddenly had spam again...heh. OpenBSD greylisting has been very effective for us thus far. --James On 10/26/05, Chad M Stewart [EMAIL PROTECTED] wrote: James, The more I think about this one, the more I think there is no solution to your issue. Well okay there are two choices, either use spamd or not. :) You would have to have ESP to know from which IP address a particular sender would be sending. If I'm sitting in a hotel and using their WiFi then it is very probable that my message will be coming from their SMTP server, not that which I use normally. Given only my mail address you have no way of determining for sure, which server I use to send mail. The server I submit a message to does not have to be the server that eventually connects to the recipients server in DNS. You can't provide an email address to spamd as the redirection happens before spamd, rather with PF. The default is to send the packets to spamd. Once the connection gets rdr to spamd, I'm not aware of anyway to say, redirect again to your real MTA. That brings us back to knowing the connecting servers IP address. You could disable spamd protection and see how long it takes for your users to complain about the amount of spam they are getting. :) -Chad On Oct 25, 2005, at 9:57 PM, James Harless wrote: I appreciate the suggestions, but, not quite what I'm looking for yet. Either of these would allow me to whitelist someone AFTER they had been greylisting. What I'm looking for is a way to whitelist them based on user input.. before their initial email has been sent. In this somewhat typical scenario, the user has contacted me and said I don't want mail from [EMAIL PROTECTED] to be delayed... whitelist them, please. --James -- What would Bilano do?
Frappr openbsd map
Hi, slightly OT, I created Frappr! openbsd map (http://www.frappr.com/openbsd). Join it and well, we could see who and where does use OpenBSD. Regards Petr R. -- Security is decided by quality -- Theo de Raadt
Re: Problem installing nmap from packages
On Wed 2005.10.26 at 14:55 +0200, Rico wrote: Hi, I tried installing nmap and got some dependency problems. I am running snapshots. pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/nmap-3.93.tgz Can't install ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/nmap-3.93.tgz: lib not found pcap.3.1 i take it you do not have a -current snapshot running, for you don't have /usr/lib/libpcap.so.3.1 ...you probably only have 3.0 (now old). keep base and ports in sync. Even by looking in the dependency tree: gettext-0.10.40p3, libiconv-1.9.2p1, libdnet-1.10p0, glib-1.2.10p0, pcre-4.5p1, gtk+-1.2.10p3 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them.
Re: HP DL 380 G3 + OpenBSD 3.8
On 10/26/05, lEBEDEW aNDREJ gERMANOWI^ [EMAIL PROTECTED] wrote: My problem (!!!) - bge1 at pci4 dev 2 function 0 Broadcom BCM5703X rev 0x02: couldn't establish interrupt at irq 15. Howto ? RTFM ? Help me! In the Compaq BIOS, make sure nothing is configured for IRQ 15. It's an annoying issue I've seen with the DL380's - none of my boxes can have _anything_ configured for IRQ15. The G4's make the choice easier, they only allow 5 and 7 if I recall ;) --Bill
Re: spamd extension
--On 26 October 2005 08:21 -0500, James Harless wrote: I do have variables that are known (the sender email address and the recipient email address). The problem is tying them to the IP Address of the MTA when it's seen @ spamd. It may be that there isn't a solution without direct modification of spamd. By design, spamd can't do this. It neither accepts mail itself, nor proxies to the real backend server. It always sends a tempfail result code, and if it's the second time it's seen client_ip|src|dest, it adds to a table at the same time, so that on the third attempt the real mailserver is hit instead. I definitely won't be disabling spamd ;) The type of functionality you're looking for needs something with hooks directly into the mail server itself, there's no way with spamd to avoid delaying a connection unless you /already/ know the IP address. Maybe milter-greylist or postgrey already do what you're looking for, or if not they'll likely be easier to adapt.
Re: HP DL 380 G3 + OpenBSD 3.8
Thanks all! The problem is solved by recustomizing IRQ in BIOS. # dmesg | grep bge1 bge1 at pci4 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2 (0x1002): irq 7 address 00:0e:7f:ad:0e:e3 brgphy1 at bge1 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 bge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0e:7f:ad:0e:e3 media: Ethernet autoselect (100baseTX full-duplex) status: active - Original Message - From: Bill Marquette [EMAIL PROTECTED] To: lEBEDEW aNDREJ gERMANOWI^ [EMAIL PROTECTED] Cc: misc@openbsd.org Sent: Wednesday, October 26, 2005 5:51 PM Subject: Re: HP DL 380 G3 + OpenBSD 3.8 On 10/26/05, lEBEDEW aNDREJ gERMANOWI^ [EMAIL PROTECTED] wrote: My problem (!!!) - bge1 at pci4 dev 2 function 0 Broadcom BCM5703X rev 0x02: couldn't establish interrupt at irq 15. Howto ? RTFM ? Help me! In the Compaq BIOS, make sure nothing is configured for IRQ 15. It's an annoying issue I've seen with the DL380's - none of my boxes can have _anything_ configured for IRQ15. The G4's make the choice easier, they only allow 5 and 7 if I recall ;) --Bill
OpenBSD on an ECS A900 or A90a
I'm looking at buying a ECS A900 or A901 laptop and i'm curious if anyone has any experience running OpenBSD on such a machine? Tech specs, for those interested: http://www.ecsusa.com/products/a900_spec.html http://www.ecsusa.com/products/a901_spec.html --- Lars Hansson Message from: Lars Hansson [EMAIL PROTECTED]
Re: spamd extension
At 09:57 PM 10/25/05, James Harless wrote: I appreciate the suggestions, but, not quite what I'm looking for yet. Either of these would allow me to whitelist someone AFTER they had been greylisting. What I'm looking for is a way to whitelist them based on user input.. before their initial email has been sent. In this somewhat typical scenario, the user has contacted me and said I don't want mail from [EMAIL PROTECTED] to be delayed... whitelist them, please. spamd only delays the *first* message between the two parties. After that there is no delay - as long as sender continues to use the same SMTP server. Have you tried whitelisting these servers: http://greylisting.org/whitelisting.shtml Is there an underlying assumption in your question that spamd is the actual problem? During the initial weeks of using spamd on my server, half of the complaints about undelivered email were not the fault of spamd.
Re: dhcp overwriting resolv.conf
On Wednesday 26 October 2005 07:38 am, Siju George wrote: Now My /etc/dhclient.conf looks like this These two lines worked fine here: --- request subnet-mask, broadcast-address, routers; supersede domain-name-servers 192.168.107.2; --- Chris
Re: spamd extension
On 10/26/05, Frank Bax [EMAIL PROTECTED] wrote: At 09:57 PM 10/25/05, James Harless wrote: I appreciate the suggestions, but, not quite what I'm looking for yet. Either of these would allow me to whitelist someone AFTER they had been greylisting. What I'm looking for is a way to whitelist them based on user input.. before their initial email has been sent. In this somewhat typical scenario, the user has contacted me and said I don't want mail from [EMAIL PROTECTED] to be delayed... whitelist them, please. spamd only delays the *first* message between the two parties. After that there is no delay - as long as sender continues to use the same SMTP server. My experience is that greylisting requires at least 2 failed attempts. Maybe my pf.conf isn't setup properly. But, there's always 1 'extra' failure that seems to me should pass through. Have you tried whitelisting these servers: http://greylisting.org/whitelisting.shtml Is there an underlying assumption in your question that spamd is the actual problem? During the initial weeks of using spamd on my server, half of the complaints about undelivered email were not the fault of spamd. I do whitelist the servers on greylisting.org http://greylisting.org. There's no real doubt that greylisting is part of my 'issue'. It's not unmanageable, by any means, but, I'm just wondering if there isn't a way to correct the problem. Greylisting is 99% of the time not a problem. But, sometimes, the client is on the phone with a customer or in some other situation where they need to receive the email quickly. With my current greylisting setups, I can't guarantee any time when they'll receive the first email from a contact other than 'will take at least 5 mins and can take much longer depending on how their mail server is configured'. In any case, it's not unmanageable. I just set expectations with customers and they're not wanting to move away from greylisting. But, it does *feel* like a 'solvable problem'. --James -- What would Bilano do?
Re: spamd extension
If you are using spamlogd correctly, so that it is whitelisting the destination addresses of target mailservers, I find the actual need for this to be near zero, since most people send mail to [EMAIL PROTECTED] and as soon as they do the server is whitelisted for the reply - this is not the case with some big sites where their inbound mx differs from the ip their outbound mail comes from, but it works to speed up the process most of the time. - and when it doesn't the email is delayed a half hour or a little more. Basically, the correct answer is suck it up princess, in pathological cases someone's email might be delayed by a short while getting to you in normal cases it won't. Usually users ask for this when you tell them what you are doing and they don't understand that in 95% of the cases they never see a delay. -Bob * James Harless [EMAIL PROTECTED] [2005-10-25 20:09]: I appreciate the suggestions, but, not quite what I'm looking for yet. Either of these would allow me to whitelist someone AFTER they had been greylisting. What I'm looking for is a way to whitelist them based on user input.. before their initial email has been sent. In this somewhat typical scenario, the user has contacted me and said I don't want mail from [EMAIL PROTECTED] to be delayed... whitelist them, please. --James On 10/25/05, Bob Beck [EMAIL PROTECTED] wrote: spamdb -a `spamdb | grep '[EMAIL PROTECTED]|[EMAIL PROTECTED]' | cut -d '|' -f 2` -Bob * James Harless [EMAIL PROTECTED] [2005-10-25 15:50]: I would like some advice on extending spamd functionality. I'm not sure the best approach to this problem. Problem: I administer several independent mail gateway / firewall devices that greylist for their networks. I've done a fair job of educating users about how greylisting will affect their email but, inevitably a user will contact me to request that an incoming email be whitelisted. The only information they have is 1) sending email address and 2) receiving email address. Of course, spamd only deals in IP addresses and it may be difficult to find the ip address of the sending mail server. Additionally, I'd like to provide some method to the users where they could whitelist someone themselves without requesting directly from me. What I envision: A script or extension to spamd that would allow me to input a 'from' and 'rcpt to' address. Then, the next time that combo is seen, from any IP address...it gets whitelisted automatically. I envision this only happening one time and then returning to greylisting as normal. I understand that there's a chance of someone sending spam through in that window with the proper from/to combo .. but, it's small enough to accept. Thoughts? Does this sound feasible? Is this a reasonable solution? If so, what direction would you recommend for implementation? (I'm no programmer.. but, not afraid of diving in, nonetheless.) --James -- What would Bilano do?
Re: spamd extension
On Wed, 2005-10-26 at 09:06:11 -0600, Bob Beck proclaimed... Basically, the correct answer is suck it up princess, in pathological cases someone's email might be delayed by a short while getting to you in normal cases it won't. Usually users ask for this when you tell them what you are doing and they don't understand that in 95% of the cases they never see a delay. Hell, I usualy just blame the other ISP and by the time the customer argues, the mail is re-sent and waiting for them :-)
Re: spamd extension
My experience is that greylisting requires at least 2 failed attempts. Maybe my pf.conf isn't setup properly. But, there's always 1 'extra' failure that seems to me should pass through. James is right, it's a design flaw of spamd that two failed attempts are required. This is what happens: 1) first attempt, goes to spamd, is logged. 2) second attempt, goes to spamd, is marked as good ... *BUT* it still went to spamd. spamd is not an application relay, so it has no way of passing that currently-active second attempt through to the true MTA, so ... 3) third attempt, redirected to true MTA The only fix for this is a *major* redesign of spamd (or equivalently incorporating spamd's greylisting code into a spamfilter which *does* relay connections at the IP level to an MTA - which is actually what I'm working on at the moment) One of the pre-requisites (in my opinion) for a filter which relays connections (rather than routing them through) is full transparency, i.e. the MTA sees the IP of the original caller, not the IP of the relay. This is so that the MTA continues to do third-party relay rejection and does not require you to duplicate that logic in your relay host. Fortunately for us, OpenBSD+pf have exactly the facilities needed to transparently forward at the TCP/IP session level, albeit not a common or easy thing to do. Graham
Re: spamd extension
On 10/26/05, James Harless [EMAIL PROTECTED] wrote: Chad, I appreciate the insight. I do realize it's a difficult problem but, I think that there's a solution (albeit possibly from someone smarter than I). Nope there's just not. I do have variables that are known (the sender email address and the recipient email address). The problem is tying them to the IP Address of the MTA when it's seen @ spamd. It may be that there isn't a solution without direct modification of spamd. If that's the case, then I hope the developer(s) will consider this suggestion. How would you find an unknown ip of an unknown machine? About the only *chance* you have is doing MX lookup's and hoping that email comes from that same server. If their organization uses various relays and proxies to send, you are out of luck. There's no way to get that information without a previously harvested email and looking at the message headers. --Bryan
know any neat tricks for 2 * dhclient?
I wanted to set up a system which has two ether cards (it's part of a transparent bridge so it'll be inline with someone's connection) such that it'll pick up a DHCP address on *both* cards ... the trick comes from not knowing in advance whether the DHCP server will be on the inside connection or the net-facing one. (i.e. if the bridge is deployed near the network edge, the DHCP server is inside; but if it is deployed immediately in front of a single server, then it will see DHCP facing outwards). It *ought* to be possible to configure both hostname.xl0 and hostname.fxp1 as dhcp, and whichever one comes up first, will then bridge through the DHCP server for the other. Unfortunately it just happens by luck of alphabetical order, that the one which comes up first is *not* looking at a DHCP server. So after a relatively short period of retries it goes to sleep. Then the other interface asks for its dhcp address and gets it quickly. What I expected was that the first would sleep for a short time then ask again, and get it OK. I haven't seen that happen - about 30 minutes later and the interface still has no IP. What's the best way to ensure that they both get IPs as quickly as possible? I can think of some dirty hacks, but I don't like the solutions I've come up with. (For example, if I kick off the dhcp client requests in the background, that interferes with the rest of the boot sequence). Has anyone had this configuration before and come up with an elegant solution? thanks Graham
ksh segfaults
Hi I'm running a 3.7 (all patches applied, everthing else default) on an old box (dmesg at the end). It fetches mail for me with the following script: ---8--- #! /bin/sh LOCK=$HOME/.getmail.lock if ! [ -f $LOCK ] then touch $LOCK getmail 21 /dev/null rm $LOCK fi ---8--- This script is run from crontab every minute. Sometimes ksh segfaults and dumps core. It only happens once a day or two, so this is not a big problem for me. I was however curious and compiled ksh with -g to get more information. [EMAIL PROTECTED]:~# gdb /bin/sh /home/tobiasu/core/sh.core GNU gdb 6.3 [...] This GDB was configured as i386-unknown-openbsd3.7... Core was generated by `sh'. Program terminated with signal 11, Segmentation fault. #0 0x1c027ed6 in _weak__thread_fd_unlock () (gdb) backtrace full #0 0x1c027ed6 in _weak__thread_fd_unlock () No symbol table info available. #1 0x1c028025 in _weak__thread_fd_unlock () No symbol table info available. #2 0x1c027b48 in _weak__thread_fd_unlock () No symbol table info available. #3 0x1c028095 in _weak__thread_fd_unlock () No symbol table info available. #4 0x1c028395 in malloc () No symbol table info available. #5 0x1c03c90e in atexit () No symbol table info available. #6 0x1c0002e9 in __register_frame_info () No symbol table info available. #7 0x1c000155 in __init () No symbol table info available. #8 0x1c0001ee in ___start () No symbol table info available. #9 0x1c00016f in _start () No symbol table info available. (gdb) quit [EMAIL PROTECTED]:~# gdb /bin/sh /home/tobiasu/core/sh2.core GNU gdb 6.3 [...] This GDB was configured as i386-unknown-openbsd3.7... Core was generated by `sh'. Program terminated with signal 11, Segmentation fault. #0 0x1c027ed6 in _weak__thread_fd_unlock () (gdb) backtrace full #0 0x1c027ed6 in _weak__thread_fd_unlock () No symbol table info available. #1 0x1c028025 in _weak__thread_fd_unlock () No symbol table info available. #2 0x1c027b48 in _weak__thread_fd_unlock () No symbol table info available. #3 0x1c028095 in _weak__thread_fd_unlock () No symbol table info available. #4 0x1c028395 in malloc () No symbol table info available. #5 0x1c03c90e in atexit () No symbol table info available. #6 0x1c0002e9 in __register_frame_info () No symbol table info available. #7 0x1c000155 in __init () No symbol table info available. #8 0x1c0001ee in ___start () No symbol table info available. #9 0x1c00016f in _start () No symbol table info available. (gdb) info registers eax0x0 0 ecx0x5 5 edx0x0 0 ebx0x0 0 esp0xcfbf3fd4 0xcfbf3fd4 ebp0xcfbf3fec 0xcfbf3fec esi0x0 0 edi0xcfbf4034 -809549772 eip0x1c027ed6 0x1c027ed6 eflags 0x10202 66050 cs 0x1f 31 ss 0x27 39 ds 0x27 39 es 0x27 39 fs 0x27 39 gs 0x27 39 My _guess_ is that it has something to do with the test condition if the lock-file still exists and then is deleted shortly after (This is called a race condition, right?). I tried to grep /usr/src but it takes hours (PIO4, no DMA...) and I didn't find out where this thread_fd_unlock function is nor what it does. I might also be completly wrong. Can someone bring some light into this and give me a clue why it happens? Maybe it can even be fixed :) Tobias ---8 OpenBSD 3.7 (GENERIC) #0: Sun Jul 24 17:52:18 CEST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Cyrix 6x86 (486-class) real mem = 83468288 (81512K) avail mem = 68890624 (67276K) using 1044 buffers containing 4276224 bytes (4176K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(70) BIOS, date 07/25/96, BIOS32 rev. 0 @ 0xfb710 apm0 at bios0: Power Management spec V1.2 apm0: APM engage (device 1): power management disabled (1) apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0xbc30 pcibios0: PCI BIOS has 4 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C586 ISA rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA VT82C585 ISA rev 0x02 pcib0 at pci0 dev 7 function 0 VIA VT82C586 ISA rev 0x02 pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x02: ATA33, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST38641A wd0: 32-sector PIO, LBA, 8207MB, 16809660 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 disabled (no drives) vga1 at pci0 dev 8 function 0 ATI Mach64 CT rev 0x09 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) rl0 at pci0 dev 9 function 0 Realtek 8139 rev 0x10: irq 11 address 00:30:84:41:5a:54 rlphy0 at rl0 phy 0: RTL internal phy vr0
Re: spamd extension
On Oct 26, 2005, at 11:54 AM, Graham Toal wrote: My experience is that greylisting requires at least 2 failed attempts. Maybe my pf.conf isn't setup properly. But, there's always 1 'extra' failure that seems to me should pass through. James is right, it's a design flaw of spamd that two failed attempts are required. This is what happens: 1) first attempt, goes to spamd, is logged. 2) second attempt, goes to spamd, is marked as good ... *BUT* it still went to spamd. spamd is not an application relay, so it has no way of passing that currently-active second attempt through to the true MTA, so ... 3) third attempt, redirected to true MTA I agree this is how things work. I disagree that this is a design flaw. Instead this is the fundamental thing that makes spamd so great at what it does. Maybe I'm a little too RFC biased, but if the standards say XYZ MUST be done, then if the sending MTA is not playing by the rules, I don't want their mail. Though I'm happy to talk and work with them to get their servers fixed. The side effect being that all those spammer zombie machines don't get a message into my servers. :) spamd is ensuring that MTAs are following the standards. The standards say that a sending MTA must wait 30 minutes before attempting a retry, thus the default passtime for spamd is 25 minutes, which I think is a good buffer. If MTAs should retry in say 15 minutes, I don't know what spamd does, I've not tested that scenario. I would hope that maybe spamd would update the initial time to the most recent attempt and wait to put the IP in the whitelist pool until passtime has passed between retries. I often see delays of either an hour or two when first getting a message via a new MTA. Which makes sense to me, and I think is tolerable. Email is not instant messaging. If it absolutely has to be there NOW, then use something else. :) 00:00 -- first connection attempted 00:30 -- second connection attempted 00:31 -- IP now whitelisted I've found that some MTAs will try make a 3rd attempt 60 minutes from the first attempt, while others seem to wait 60 minutes or more from the 2nd attempt. -Chad
Re: spamd extension
How would you find an unknown ip of an unknown machine? About the only *chance* you have is doing MX lookup's and hoping that email comes from that same server. If their organization uses various relays and proxies to send, you are out of luck. There's no way to get that information without a previously harvested email and looking at the message headers. Well, that's exactly the point... you don't find the ip. You put in a temporal entry that says 'whitelist the next ip address that connects attempting to send mail from $sender to $rcpt'. After that, the entry expires. It's been pointed out here that it just isn't possible, currently. I'm ok with that. The issue is smaller than the problem that it solves (removing most of the spam from my networks). Thanks for all the input. --James
Re: spamd extension
Graham Toal wrote: The only fix for this is a *major* redesign of spamd (or equivalently incorporating spamd's greylisting code into a spamfilter which *does* relay connections at the IP level to an MTA - which is actually what I'm working on at the moment) Why start from scratch ? There are enough seasoned, full featured MTA's around that will allow you to incorparate greylisting. And you get all the other stuff like STARTTLS, AUTH etc gratis. I'd either accept spamd's few limitiations or incorparate greylisting into a MTA. Just my thoughts. Hans
TV Tuner Cards; Philips 7135 Support?
I didn't see any specifics in the archives or from Google. As this type of software tuner can be had for cheap (locally here I've found the Asus TV FM tuner PCI card for under $40cdn), I was wondering if OpenBSD had support for it? Many thanks in advance! -- I know too much and yet not enough
Re: Allowing roadwarrior connections from aggressive and main mode clients?
FYI, Hakan tells me this isn't possible now, but might be someday. Sean Knox wrote: [I didn't get much response on the openbsd-ipsec list, so I'm reposting here] I'm having problems allowing roadwarrior connections from aggressive and main mode clients to connect isakmpd at the same time. At the moment, I can only allow one, either main mode or aggressive by specifying a Default ISAKMP SA negotiation root, a la: [Phase 1] Default= road-aggressive #Default= road-main-mode If I don't specify a default phase 1 connection, isakmpd uses the road-main-mode connection: 160001.993149 Default exchange_setup_p1: expected exchange type ID_PROT got AGGRESSIVE I've tried setting the Phase 1 Local-Addresses to listen on different IPs, but isakmpd still uses the road-main-mode connection for incoming aggressive connections. Can isakmpd be configured to accepted main mode *and* aggressive mode clients? thanks, sk (connection settings from isakmpd.conf below) --- from isakmpd.conf --- [Phase 1] #Default= road-aggressive-p1 #Default= road-main-mode-p1 [Phase 2] Passive-Connections=roadwarriors-aggr,roadwarriors-main ## ## Phase 1 definitions ## [road-aggressive-p1] Phase = 1 Local-Address = 10.10.10.1 Configuration = aggr-mode-psk Authentication = supersecretpw Flags = IKECFG [road-main-mode-p1] Phase = 1 Local-Address = 10.10.10.2 Configuration = main-mode-rsa Flags = IKECFG # ## Phase 2 definitions # [roadwarriors-aggr] Phase = 2 Configuration = Default-quick-mode Local-ID= lan Remote-ID = anybody ISAKMP-peer = road-aggressive-p1 [roadwarriors-main] Phase = 2 Configuration = Default-quick-mode Local-ID= lan Remote-ID = anybody ISAKMP-peer = road-main-p1 # ## IDs # [anybody] ID-type=IPV4_ADDR Address=0.0.0.0 [lan] ID-type = IPV4_ADDR_SUBNET Network = 192.168.5.0 Netmask = 255.255.255.0\
Re: spamd extension
--On 26 October 2005 09:12 -0400, Frank Bax wrote: Have you tried whitelisting these servers: http://greylisting.org/whitelisting.shtml That list by policy only includes 'shared queue' servers on blocks larger than /24 (the greylisting software written by the list compiler usually masks the last byte of the address anyway). If your spamd box regularly receives mail from users at large sites that use different machines for outbound and inbound mail, where a shared queue is involved, and don't have enough users yourself to ensure that the most common of these are already whitelisted, greylisting software other than spamd might be a better choice. As luck would have it these are also often the sites with crappy retry cycles delaying mail multiple hours. But then, I wouldn't want to run a full mta on the small hardware I usually run spamd on sitting in front of mail servers, and larger sites that are less affected by this problem probably don't want to devote full mta resources to their spam senders either, so it's good that there are both lightweight and more featureful choices.
Re: know any neat tricks for 2 * dhclient?
On 10/26/05, Graham Toal [EMAIL PROTECTED] wrote: I wanted to set up a system which has two ether cards (it's part of a transparent bridge so it'll be inline with someone's connection) such that it'll pick up a DHCP address on *both* cards ... the trick comes from not knowing in advance whether the DHCP server will be on the inside connection or the net-facing one. (i.e. if the bridge is deployed near the network edge, the DHCP server is inside; but if it is deployed immediately in front of a single server, then it will see DHCP facing outwards). It *ought* to be possible to configure both hostname.xl0 and hostname.fxp1 as dhcp, and whichever one comes up first, will then bridge through the DHCP server for the other. Unfortunately it just happens by luck of alphabetical order, that the one which comes up first is *not* looking at a DHCP server. So after a relatively short period of retries it goes to sleep. Then the other interface asks for its dhcp address and gets it quickly. What I expected was that the first would sleep for a short time then ask again, and get it OK. I haven't seen that happen - about 30 minutes later and the interface still has no IP. What's the best way to ensure that they both get IPs as quickly as possible? I can think of some dirty hacks, but I don't like the solutions I've come up with. (For example, if I kick off the dhcp client requests in the background, that interferes with the rest of the boot sequence). Has anyone had this configuration before and come up with an elegant solution? thanks Graham Maybe I'm not understanding the problem, but for a tranparent bridge, you wouldn't want it to be assigned an IP address on either network card. hence the transparent part.
isakmpd - Single Phase 1 - Multiple Phase 2 Address
I have been reading through the archives but have not found a reliable answer yet. I have recently been converting vpns from manual to isakmpd, with one of the other endpoints being a Cisco box. I can bring up a single subnet/IP no problem but if I try to add another phase2 connection it fails. Does anyone have a config showing this setup? I read something from 2003 that said this *might* be a problem, but can't believe that would still be true. http://marc.theaimsgroup.com/?l=openbsd-miscm=104621687611340w=2 Cheers Rm
Re: spamd extension
At 11:05 AM 10/26/05, James Harless wrote: On 10/26/05, Frank Bax [EMAIL PROTECTED] wrote: spamd only delays the *first* message between the two parties. After that there is no delay - as long as sender continues to use the same SMTP server. My experience is that greylisting requires at least 2 failed attempts. Maybe my pf.conf isn't setup properly. But, there's always 1 'extra' failure that seems to me should pass through. Correct. One *message* - two (or more) failed attempts before delivery. Extra failed attempts can sometimes happen - it depends on sender's retry frequency compared to spamd_flags values.
Re: spamd extension
Stuart Henderson wrote: --On 26 October 2005 08:21 -0500, James Harless wrote: I do have variables that are known (the sender email address and the recipient email address). The problem is tying them to the IP Address of the MTA when it's seen @ spamd. It may be that there isn't a solution without direct modification of spamd. By design, spamd can't do this. It neither accepts mail itself, nor proxies to the real backend server. It always sends a tempfail result code, and if it's the second time it's seen client_ip|src|dest, it adds to a table at the same time, so that on the third attempt the real mailserver is hit instead. I definitely won't be disabling spamd ;) The type of functionality you're looking for needs something with hooks directly into the mail server itself, there's no way with spamd to avoid delaying a connection unless you /already/ know the IP address. Maybe milter-greylist or postgrey already do what you're looking for, or if not they'll likely be easier to adapt. Not to venture off topic, but it's at this point that I would suggest you look at qpsmtpd (http://smtpd.develooper.com) for your anti-spam needs. It's an SMTP server written entirely in perl and is incredibly extensible (easy to do so as well.) It's nice and speedy: apache.org and perl.org receive all of their mail through it. It can tie into Postfix and qmail, and there is an experimental SMTP proxy function as well. I hope to getting around to creating an interface to sendmail as well. Its connections can be managed by an internal polling server (using epoll or kqueue under linux/bsd if available), a forkserver model, tcpserver (with speedy-cgi/pperl/forkserver), or apache2 (via mod_perl). It is my current perl love, and I would highly recommend at least a peek at it. For a quick summary by one of the main developers, see: http://www.oreillynet.com/pub/a/sysadmin/2005/09/15/qpsmtpd.html
Re: know any neat tricks for 2 * dhclient?
Graham, I use a bridge and assign the IP to one NIC, albeit statically assigned, on several production OpenBSD 3.5 systems. If I ever switched the IP to the Other NIC, I would lose connectivity until the ARP tables on the various LAN hosts updated with the new MAC address. Maybe about 10 minutes if I recall. I don't recall what the times are for ARP table refreshes average. Agreeing with what another individual said regarding this post, it's a transparent bridge, so that IP living on multiple NICs is a really moot point. I would venture to guess that the kernel gets really annoyed having to track an address on two different NICs with or without a bridge in place. best regards, Jim [EMAIL PROTECTED] wrote on 10/26/2005 12:42:43 PM: I wanted to set up a system which has two ether cards (it's part of a transparent bridge so it'll be inline with someone's connection) such that it'll pick up a DHCP address on *both* cards ... the trick comes from not knowing in advance whether the DHCP server will be on the inside connection or the net-facing one. (i.e. if the bridge is deployed near the network edge, the DHCP server is inside; but if it is deployed immediately in front of a single server, then it will see DHCP facing outwards). snip Has anyone had this configuration before and come up with an elegant solution? thanks Graham
Re: ksh segfaults
On Wed, 26 Oct 2005, Tobias Ulmer wrote: Hi I'm running a 3.7 (all patches applied, everthing else default) on an old box (dmesg at the end). It fetches mail for me with the following script: ---8--- #! /bin/sh LOCK=$HOME/.getmail.lock if ! [ -f $LOCK ] then touch $LOCK getmail 21 /dev/null rm $LOCK fi ---8--- This script is run from crontab every minute. Sometimes ksh segfaults and dumps core. It only happens once a day or two, so this is not a big problem for me. I was however curious and compiled ksh with -g to get more information. [EMAIL PROTECTED]:~# gdb /bin/sh /home/tobiasu/core/sh.core GNU gdb 6.3 [...] This GDB was configured as i386-unknown-openbsd3.7... Core was generated by `sh'. Program terminated with signal 11, Segmentation fault. #0 0x1c027ed6 in _weak__thread_fd_unlock () (gdb) backtrace full #0 0x1c027ed6 in _weak__thread_fd_unlock () No symbol table info available. #1 0x1c028025 in _weak__thread_fd_unlock () No symbol table info available. #2 0x1c027b48 in _weak__thread_fd_unlock () No symbol table info available. #3 0x1c028095 in _weak__thread_fd_unlock () No symbol table info available. #4 0x1c028395 in malloc () No symbol table info available. #5 0x1c03c90e in atexit () No symbol table info available. #6 0x1c0002e9 in __register_frame_info () No symbol table info available. #7 0x1c000155 in __init () No symbol table info available. #8 0x1c0001ee in ___start () No symbol table info available. #9 0x1c00016f in _start () No symbol table info available. (gdb) quit [EMAIL PROTECTED]:~# gdb /bin/sh /home/tobiasu/core/sh2.core GNU gdb 6.3 [...] This GDB was configured as i386-unknown-openbsd3.7... Core was generated by `sh'. Program terminated with signal 11, Segmentation fault. #0 0x1c027ed6 in _weak__thread_fd_unlock () (gdb) backtrace full #0 0x1c027ed6 in _weak__thread_fd_unlock () No symbol table info available. #1 0x1c028025 in _weak__thread_fd_unlock () No symbol table info available. #2 0x1c027b48 in _weak__thread_fd_unlock () No symbol table info available. #3 0x1c028095 in _weak__thread_fd_unlock () No symbol table info available. #4 0x1c028395 in malloc () No symbol table info available. #5 0x1c03c90e in atexit () No symbol table info available. #6 0x1c0002e9 in __register_frame_info () No symbol table info available. #7 0x1c000155 in __init () No symbol table info available. #8 0x1c0001ee in ___start () No symbol table info available. #9 0x1c00016f in _start () No symbol table info available. (gdb) info registers eax0x0 0 ecx0x5 5 edx0x0 0 ebx0x0 0 esp0xcfbf3fd4 0xcfbf3fd4 ebp0xcfbf3fec 0xcfbf3fec esi0x0 0 edi0xcfbf4034 -809549772 eip0x1c027ed6 0x1c027ed6 eflags 0x10202 66050 cs 0x1f 31 ss 0x27 39 ds 0x27 39 es 0x27 39 fs 0x27 39 gs 0x27 39 My _guess_ is that it has something to do with the test condition if the lock-file still exists and then is deleted shortly after (This is called a race condition, right?). I tried to grep /usr/src but it takes hours (PIO4, no DMA...) and I didn't find out where this thread_fd_unlock function is nor what it does. This is strange. From the trace it looks like you are crashing in code that is executed before sh is running. What is extra strange is that your code is executing thread specific stuff, which isn't supposed to happen in a single threaded program like sh is. I might also be completly wrong. Can someone bring some light into this and give me a clue why it happens? Maybe it can even be fixed :) No clues so far... -Otto
Re: know any neat tricks for 2 * dhclient?
I use a bridge and assign the IP to one NIC, albeit statically assigned, on several production OpenBSD 3.5 systems. If I ever switched the IP to the Other NIC, I would lose connectivity until the ARP tables on the various LAN hosts updated with the new MAC address. Maybe about 10 minutes if I recall. I don't recall what the times are for ARP table refreshes average. I'm not talking about switching the IPs, I want a different one on each interface, both assigned from the local DHCP space. Agreeing with what another individual said regarding this post, it's a transparent bridge, so that IP living on multiple NICs is a really moot point. I would venture to guess that the kernel gets really annoyed having to track an address on two different NICs with or without a bridge in place. As I said, not the same IP on multiple NICs, different IPs on each NIC. G
Re: know any neat tricks for 2 * dhclient?
Maybe I'm not understanding the problem, but for a tranparent bridge, you wouldn't want it to be assigned an IP address on either network card. hence the transparent part. You would think so, but you would be wrong. As I was when I started this project. In OpenBSD a bridge must either have no interfaces with IPs or both interfaces with IPs. You need to put an IP on it when you are generating traffic from the bridge, specifically if you are filtering traffic going through it at the tcp session level. So you're right that you don't need or want IPs if you are just bridging and not touching the traffic (except maybe to block something with a pf firewall rule) but wrong if what you are building is a transparent filter (or cache, such as squid) like a spam filter or a virus filter that intercepts web pages. Here's the definitive word on it: http://marc.theaimsgroup.com/?l=openbsd-miscm=101814255119388 By the way, by 'transparent filtering' I specifically mean that the server sees the IP of the client in incoming requests, and the client sees the IP of the server on replies. There is a half-assed version of this that is sometimes implemented where the client does see the server IP, but the server sees the call as coming from the man in the middle. For my purposes I need both sides of the conversation to be equally transparent. (That part I've more or less worked out how to do, and am in the process of cleaning up the proof of concept code right now) Now that we've cleared that up, got any ideas on how to use dhclient to pick up IP addresses for both interfaces, when only one of them faces the dhcp server and the other one happens to execute first? The solution should work in any installation and not require local knowlege (because the whole point of doing this as a transparent filter is to turn the spam filter into an appliance that can be plugged in and just work, no config necessary. Like a commercial spam appliance, except free ;-) ) Graham
Re: spamd extension
The only fix for this is a *major* redesign of spamd (or equivalently incorporating spamd's greylisting code into a spamfilter which *does* relay connections at the IP level to an MTA - which is actually what I'm working on at the moment) Why start from scratch ? There are enough seasoned, full featured MTA's around that will allow you to incorparate greylisting. And you get all the other stuff like STARTTLS, AUTH etc gratis. I'd either accept spamd's few limitiations or incorparate greylisting into a MTA. Just my thoughts. There *are* several greylisting implementations using MTAs if that is what you want. The attractive feature of spamd+openbsd/pf is that it is MTA-agnostic. After it does its thing it simply routes your connection through to the real MTA at the IP level. Anyway, it's not starting from scratch for me - I have a mature pseudo-transparent SMTP filter that works well and has been in service for over a year - it's just that I have not publicised it much because in its current form it requires configuration, such as telling it what domains you accept mail for, which IPs are local, etc. I needed to learn about transparent bridging first and recode the I/O so that the filtering is not visible at the IP level. Which I now have, mostly. My filter uses spamassassin plus spamprobe plus uvscan plus clamav, with some automatic detection of spamtrap addresses thrown in. I haven't yet added greylisting to it, and indeed our deployment at the University where I work has an openbsd running spamd sitting in front of my filter sitting in front of the real MTA! By incorporating the logic from spamd into my code, I can remove one piece of hardware. And improve spamd while I'm at it, because with thi sarchitecture I can forward that second connection attempt to the MTA, and avoid having two delays rather than one. Graham
Re: spamd extension
On 10/26/05, James Harless [EMAIL PROTECTED] wrote: Chad, I appreciate the insight. I do realize it's a difficult problem but, I think that there's a solution (albeit possibly from someone smarter than I). Nope there's just not. There is, but not with spamd as currently implemented. The fix would involve this: 1) accept the connection, remember the target IP 2) go through the rcpt from/mail to protocol, and when you have the information, check it in your whitelist. If it is present, open a connection with the original target, repeat the rcpt/mail exchange (not forgetting the HELO) and then sit back and transparently proxy the rest of the connection. It's doable, it's just not easy. That plus a lot more is what the filter I was talking about in the other thread does; maybe if it's not too difficult, I'll do a shorter version which doesn't have the majority of my code, but just adds the logic above to spamd, if there's any interest? It does require spamd to be running in a transparent bridge. *NOT* a NAT gateway, which is the most common configuration. By the way, the other improvement I'd make in spamd if I had my druthers, is that it would have the option of accepting the initial email and returning the tempfail code at the end of the data exchange rather than before it as it currently does. This would allow proper QA on the rejected mails. You'ld need to create a signature of an email and when the mail went through successfully on the second attempt, locate the original copy using the signature and remove it from the cache; mails which never retried would remain in the cache, and would be swept after an appropriate time out, giving you a good record of rejected mails. You could either use this info to generate stats, or you could run the mails through a traditional spam filter as a consistency check, to try to detect genuine connections that had been inadvertently blocked. Or if you're sure all the rejects were genuinely spam, you could feed the saved copies into spam filter training, or to a cooperative net project like Vipul. Lots of scope there for new features. Graham
Re: ksh segfaults
On 10/26/05, Otto Moerbeek [EMAIL PROTECTED] wrote: On Wed, 26 Oct 2005, Tobias Ulmer wrote: GNU gdb 6.3 [...] This GDB was configured as i386-unknown-openbsd3.7... Core was generated by `sh'. Program terminated with signal 11, Segmentation fault. #0 0x1c027ed6 in _weak__thread_fd_unlock () (gdb) backtrace full #0 0x1c027ed6 in _weak__thread_fd_unlock () No symbol table info available. #1 0x1c028025 in _weak__thread_fd_unlock () No symbol table info available. #2 0x1c027b48 in _weak__thread_fd_unlock () No symbol table info available. #3 0x1c028095 in _weak__thread_fd_unlock () No symbol table info available. #4 0x1c028395 in malloc () No symbol table info available. #5 0x1c03c90e in atexit () No symbol table info available. #6 0x1c0002e9 in __register_frame_info () No symbol table info available. #7 0x1c000155 in __init () No symbol table info available. #8 0x1c0001ee in ___start () No symbol table info available. #9 0x1c00016f in _start () No symbol table info available. My _guess_ is that it has something to do with the test condition if the lock-file still exists and then is deleted shortly after (This is called a race condition, right?). I tried to grep /usr/src but it takes hours (PIO4, no DMA...) and I didn't find out where this thread_fd_unlock function is nor what it does. it's a stub in libc, does nothing. i don't think the test has anything to do with it, certainly shouldn't cause a crash. This is strange. From the trace it looks like you are crashing in code that is executed before sh is running. What is extra strange is that your code is executing thread specific stuff, which isn't supposed to happen in a single threaded program like sh is. there are stubs in libc (that's why it's weak). i think the trace's tail is wrong, the crash is in malloc.
Re: know any neat tricks for 2 * dhclient?
It *ought* to be possible to configure both hostname.xl0 and hostname.fxp1 as dhcp, and whichever one comes up first, will then bridge through the DHCP server for the other. Unfortunately it just happens by luck of alphabetical order, that the one which comes up first is *not* looking at a DHCP server. So after a relatively short period of retries it goes to sleep. Then the other interface asks for its dhcp address and gets it quickly. What I expected was that the first would sleep for a short time then ask again, and get it OK. I haven't seen that happen - about 30 minutes later and the interface still has no IP. I was thinking when I posted this that the problem was that the interfaces picked up IP addresses in the wrong order. That would be true if we were routing from one to the other, but in fact I've just realised that the real problem is that the interfaces are brought up *before the bridging is turned on*. So naturally only one of them will be facing a DHCP server. The other one should only get its IP address *after* the bridging is enabled. It never does. I think the problem may be a misunderstanding of dhclient. Why is it not retrying? The man page doesn't give any clues. It *is* still running, as can be seen from ps. I'm not accidentally blocking it with pf as my pf.conf allows everything from anywhere to anywhere! Do I have to do something special to make dhclient wake up? (Yes, I know I can manually kill it and re-issue the command, and I can even automate it by writing a script to grep ifconfig -A, find the interface that has no IP, look for the dhclient for that interface, kill it and restart it - but as I said I'm looking for a guru-level elegant solution, not a crude hack...) Or might this be one of these bridging problems where the packets are going out on the wrong interface...? (thinking aloud as I type here...) OK, I'll go do some tcpdumping. Assuming that the problem turns out to be that the dhcp request for fxp1 is always routed out of fxp1 (makes sense, right?) what can I do to have it routed out the other interface via bridging? (Remembering that the solution has to work symmetrically, if in some other deployment it is the other of the two interfaces which can't see the DHCP server...) thanks Graham
Problems bootin after installing OpenBSD 3.8 on Compaq Proliant G1/G2 SmartArray
A while back, I had problems installing OpenBSD on Proliants. I'd get all the way through the installation process and reboot the computer, and the BIOS wouldn't boot OpenBSD from the first the RAID1 hard disk. Playing with disklabel and using other commands to copy the MBR didn't work. If I boot from floppy or CD, I can chroot into my installed operating system just fine. It just wouldn't boot. Looking through the OpenBSD lists, I didn't find the answer, so I posted asking for help. I found that the problem wasn't with my BSD install, but I needed to perfom an additional installation step with my Proliant. When installing operating systems, best practices include using the Compaq SmartStart CD that comes with the system. If I boot with that CD and use the Erase Utility, it erases all past settings from BIOS, NVRAM and hard drives. I then go into the BIOS menus to change the default operating system from Windows to Other OS, and then initialize the RAID controller for the hard drives that I have installed. When installing OpenBSD 3.8, the installer detects my first RAID1+0 disk on the SmartArray 5 controller (ciss0) and uses it as sd0. After installing, the boot loader works when I reboot. I'm sure someone else will run into this problem, so I'm posting my info to misc@ so that someone else in the future will find it using the search functionality on the mail lists. / Eric Ziegast
Re: know any neat tricks for 2 * dhclient?
Assuming that the problem turns out to be that the dhcp request for fxp1 is always routed out of fxp1 (makes sense, right?) what can I do to have it routed out the other interface via bridging? (Remembering that the solution has to work symmetrically, if in some other deployment it is the other of the two interfaces which can't see the DHCP server...) Confirmed that this is the problem. Two ways: 1) I changed /etc/netstart to bring up the bridge before it configures the interfaces. Dirty, but it works - and the internal interface still didn't manage to talk to the dhcp server; and 2) I manually killed the dhclient process for fxp1 once everything was running smoothly from a clean boot, and manually started dhclient -d fxp1 - and again, it did not talk to the dhcp server even though the bridge was already running by that point for sure.. I could force the traffic from one interface to the other with pf and a route-to option, but only if I know which interface the dhcp server is connected to. Since I cannot make that assumption (it depends on where in the network the bridge is inserted) I can't see a solution. Well, short of some really hacky code to scan the output of ifconfig -A, and rewrite a new version of pf.conf on the fly. Can anyone think of some ingenious rule for pf that will get me what I need? This is the last significant stumbling block in a long project to build a completely idiot-proof spam filter that works just like a commercial appliance - plug it in and use it, no config necessary. (Actually the *last* stumbling block will be a completely idiot-proof installer - or a live CD - but I'll cross that bridge when I come to it. No pun intended.) Graham
Re: know any neat tricks for 2 * dhclient?
Why not start the system with one interface down (so you know which way to route to) then up it at the end of the boot sequence and start the dhclient? Graham Toal wrote: Assuming that the problem turns out to be that the dhcp request for fxp1 is always routed out of fxp1 (makes sense, right?) what can I do to have it routed out the other interface via bridging? (Remembering that the solution has to work symmetrically, if in some other deployment it is the other of the two interfaces which can't see the DHCP server...) Confirmed that this is the problem. Two ways: 1) I changed /etc/netstart to bring up the bridge before it configures the interfaces. Dirty, but it works - and the internal interface still didn't manage to talk to the dhcp server; and 2) I manually killed the dhclient process for fxp1 once everything was running smoothly from a clean boot, and manually started dhclient -d fxp1 - and again, it did not talk to the dhcp server even though the bridge was already running by that point for sure.. I could force the traffic from one interface to the other with pf and a route-to option, but only if I know which interface the dhcp server is connected to. Since I cannot make that assumption (it depends on where in the network the bridge is inserted) I can't see a solution. Well, short of some really hacky code to scan the output of ifconfig -A, and rewrite a new version of pf.conf on the fly. Can anyone think of some ingenious rule for pf that will get me what I need? This is the last significant stumbling block in a long project to build a completely idiot-proof spam filter that works just like a commercial appliance - plug it in and use it, no config necessary. (Actually the *last* stumbling block will be a completely idiot-proof installer - or a live CD - but I'll cross that bridge when I come to it. No pun intended.) Graham -- Kevin Frand Systems Engineer eFilm (323) 308-3013 [EMAIL PROTECTED]
Re: IBM Thinkpad X41 report?
2005/8/30, Alexander von Gernler [EMAIL PROTECTED]: just resumed my work on i386-laptop.html after vacation, and I noticed we don't have any reports on the IBM/Lenovo Thinkpad X41. Does anyone out there have this machine running under OpenBSD? Please report. Hi all, It's not an X41, but I want to give some feedback on new IBM/Lenevo T Series (T43 2668 in my case). All works fine on -current (beginning of october): apm, bge, iwi, usb, sound, aps, x, ... Only EST can't adjust the CPU speed: it seems to require ACPI on new 533Mhz bus Pentium M. If it can help, I attach a diff (the lines of the page are too long for including it in the mail) containing the details for i386-laptop.html. It adds my entry, my contact and links to dmesg and xorg.conf. Cheers, -- Mattieu Baptiste /earth is 102% full ... please delete anyone you can. [demime 1.01d removed an attachment of type application/octet-stream which had a name of i386-laptop.diff]
Re: mount_null
Jonas Carlsson wrote: In what ways will I suffer if I simply re-enable null mounts to bring some discspace from /home into my apache chroot on a much smaller /var partition? I've used this solution without problems for a few versions. Maybe you won't suffer at all, maybe you get corrupted file systems and/or system meltdowns. If the latter, no one here will be willing to help you out since what you've done is officially unsupported. When I used it things went bad when unmouning the nullfs's, but that was a long time ago. If at all possible, and it most likely is, try to find another way. I store files at /var/www/users/user and symlink ~user/www to it. Possibly move the entire home dir into the chroot. /Alexander
Re: Migrating to a new HD
Han Boetes wrote: It started with my HD failing to sync when I was rebooting. And some odd errormessages I saw. So I was holding my breath hoping for it to be something else or just an incident. DejC!-vC9. You are describing my laptop with its crappy Hitachi hard drive. But it only got worse. So After a reboot and nearly loosing a lot of important stuff I decided to make the switch. I wonder what it will take for me to get my thumbs out of my ass. Probably something similar. Hopefully not. Anyway: # There are two ways I found pretty comfortable to copy dirs. cp # -Rp is fast. rsync shows what's going on, and you can easily # update the remaining differences. So if you don't want to use # rsync you'll have to do the copying in single user mode. cp -Rp /etc . rsync -aP /var . cp does not preserve hard links. There may be other issues too. If not using dump|restore (as mentioned in previous replies), I'd say pax is the OpenBSD way to copy directories. :) mkdir $TARGET; cd $SOURCE; pax -rwpe . $TARGET /Alexander
Re: know any neat tricks for 2 * dhclient?
Graham Toal wrote: I could force the traffic from one interface to the other with pf and a route-to option, but only if I know which interface the dhcp server is connected to. Since I cannot make that assumption (it depends on where in the network the bridge is inserted) I can't see a solution. Well, short of some really hacky code to scan the output of ifconfig -A, and rewrite a new version of pf.conf on the fly. Maybe you could use dup-to, both ways? /Alexander
auich and linux emulation
anyone have any luck getting apps running under linux emulation that don't check whether they can play at a certain sampling rates to play properly on hardware like auich(4) stuck on 48kHz? I've tried running the redhat esound libs against the native daemon with no luck (sound doesn't play). Running the emulated esound daemon lets the app run until one sample has played, after which the apps loop forever on failed socketcalls. Running the esddsp app against either daemon fails to play sound.
Re: auich and linux emulation
Making, drinking tea and reading an opus magnum from James Wright: [Charset ISO-8859-1 unsupported, filtering to ASCII...] anyone have any luck getting apps running under linux emulation that don't check whether they can play at a certain sampling rates to play properly on hardware like auich(4) stuck on 48kHz? most of the apps do not bother checking the actual rate set. it is not exactly a problem of linux binaries. I've tried running the redhat esound libs against the native daemon with no luck (sound doesn't play). Running the emulated esound daemon lets the app run until one sample has played, after which the apps loop forever on failed socketcalls. Running the esddsp app against either daemon fails to play sound. cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: Wireless bridge setup
Robert, If I remember correctly, bridging only works in hostap mode. Rgds, Anwar Puthu ___ Sent with SnapperMail www.snappermail.com .. Original Message ... On Tue, 25 Oct 2005 12:36:04 +0200 Robert Stepanek [EMAIL PROTECTED] wrote: Hi list, When setting up a wireless bridge to connect two ethernet segments in OpenBSD3.7 I encounter the following problem: When sending a ping from one ethernet segment to the other the ARP request gets transmitted over my WLAN. The counterpart on the wireless bridge setup sends the ARP response request on the WLAN as well. However, the ARP response never reaches the wireless interface on the source bridge (at least checking with tcpdump) and the ping fails. Here is my setup: 192.168.1.1-testbox1 --ethernet-- sis0:wi0-bridge1 -- wifi -- wi0:sis0-bridge2 --ethernet-- 192.168.1.2-testbox2 All boxes run OpenBSD3.7 GENERIC kernel. I am using two PRISM2.5 ISL3874A(Mini-PCI) cards with the wi driver. bridge0 is in hostap mode (Port type 6), bridge1 in BSS mode (Port type 1). Both bridge boxes have net.inet.etherip.allow=1 and net.inet.ip.forwarding=1 pfctl is disabled. I somehow have the feeling that I am conceptually wrong here. Any help on this or a similar setup would be great. Thanks alot, Robert
Re: Wireless bridge setup
If I remember correctly, bridging only works in hostap mode. Bingo, someone remembered -- and that is correct. In the other modes, MAC addresses of course do not get exposed correctly, and your access point cannot impersonate the other hosts it is required to. It is fairly obvious if you think about it.
Notes on RAID1 Root Tutorial Adaption
...a while back, i wrote a tutorial for RAIFRame RAID1 as a root FS on NetBSD. I used the bootstrap method. Sometime not soon after, NetBSD added RAIDFrame to the INSTALL* kernels and presumably menus to sysinst, mitigating the need for this approach. the boostrap process is: *) do a basic install on component0 *) use the base install to create a RAID set composed of a single member: component1 *) copy the system over *) boot component1 in degraded mode *) destory the original install on component0 and import it into RAID *) sync component1 back to component0 ...however, this is still the applicable process for OpenBSD, as OpenBSD INSTALL and GENERIC kernels lack RAIDFrame. moreover, the boot blocks lack support for booting RAID volumes, so there are some caveats here are some notes for adapting the process: Firstly, per: http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=4567 pseudo-device raid4 # RAIDframe disk driver option RAID_AUTOCONFIG ...must be added to GENERIC. They are not present. Update your src and re-roll your kernel. 16.3.3. Initial Install on Disk0/wd0 for simplicity in the original tutorial, i recommend one big slash plus swap its important to note that although only a basic system is required on wd0/component0, you simplify the system bootstrap process by laying out the file system slices/mountpoints the way you plan on the eventual RAID volume (*even though* the sizes of slices will be different.) see below 16.3.3. Initial Install on Disk0/wd0 apparently /dev/{r,}wd[0-9] behave differently in obsd. instead of: # dd if=/dev/zero of=/dev/rwd1d bs=8k count=1 one would use # dd if=/dev/zero of=/dev/wd1c bs=8k count=1 note: use the character device instead of the raw device ...or disklabel -E wd1 and then D + w, but this method won't blow away the MBR label. Next, instead of: # fdisk -0ua /dev/rwd1d do: # fdisk -i wd1 and y at the prompt. next instead of: # disklabel -r -e -I wd1 do: # disklabel -E wd1 or -e if you prefer $EDITOR style. create your file systems as as you prefer. this is where it the process differs greatly. in the netbsd tutorial, i suggest disklabel'ing each RAID1 component member disk entirely a RAID slice. for a number of reasons, this must differ on openbsd. i recommend that each members a: slice be a 128mb 4.2BSD FFS slice. i recommend b: be a RAID type slice the size of which the SWAP parition will be. i recommend that d: be the remainder of the disk, type RAID this will be explained later a d offset: [1310400] size: [25389630] FS type: [4.2BSD] RAID w p m device: /dev/rwd1c type: ESDI disk: ESDI/IDE disk label: IBM-DPTA-371360 bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 16383 total bytes: 13043.0M free bytes: 0.0M rpm: 3600 16 partitions: #sizeoffset fstype [fsize bsize cpg] a: 127.9M0.0M 4.2BSD 2048 16384 16 # Cyl 0*- 259 b: 511.9M128.0M RAID # Cyl 260 - 1299 c: 13043.0M 0.0M unused 0 0 # Cyl 0 - 26499 d: 12397.3M 639.8M RAID # Cyl 1300 - 26488* 16.3.5. Initializing the RAID Device this step unchanged, except the magic absent keyword trick does not exist in raid.conf of course, raidctl -C [.conf] and raidctl -I will need to be run for raid0 and raid1. -I should have different serials for each, so 2005101801 for raid0 and 2005101801 for raid1. 16.3.6. Setting up Filesystems unchanged. when disklabel(8)'ing raid0, a: can be offset 0, size of the entire meta-disk, type swap when disklabel(8)'ing raid1, a:, b:, d: - m: can be your optimal slice configuration. use the disklabel on wd0 as your reference. however theres an offset because b: on wd0 was your original swap partition on your inital system, therefore map as so: wd0: raid1: a:a: d:b: e:d: f:e: ... When newfs(8)'ing, raw devices must be used. the following would need to be newfs(8)'d, -0 flag does not apply. /dev/rwd1a /dev/rraid1a /dev/rraid1b /dev/rraid1d /dev/rraid1e /dev/rraid0a will be swap and does not need to be newfs(8)'d 16.3.8. Migrating System to RAID two changes: instead of using pax(1) to recursivley copy / from the wd0 base install to a the FFS/UFS/4.2BSD slices on /dev/raid1, i recommend using dump(1)/restore(8) instead (because the work on the file system level) if the base install looked something like: # df Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/wd0a 1035440 38460945208 4%/ /dev/wd0g 281260812 2671966 0%/home /dev/wd0d 4125138 1285796 263308633%/usr /dev/wd0e 2062928 8086 1951696 0%/var /dev/wd0f 206292888 1959694 0%/var/log the the steps would be: # mkdir
Re: know any neat tricks for 2 * dhclient?
On Wed, 26 Oct 2005 11:42:43 -0500, Graham Toal wrote: What I expected was that the first would sleep for a short time then ask again, and get it OK. I haven't seen that happen - about 30 minutes later and the interface still has no IP. [This goes vastly OT, I know:] I am blank astonished that it seems to be impossible to get two independent NICs picking up their IPs from different networks; or even the same network, that is. What is wrong in my understanding, that if I plug 7 NICs and connect them (or do not connect them) to a DHCP server, that all of them independently try to get an IP ? Uwe
Re: know any neat tricks for 2 * dhclient?
Oct 26 2005 c. 20:42 Graham Toal wrote: I wanted to set up a system which has two ether cards (it's part of a transparent bridge so it'll be inline with someone's connection) such that it'll pick up a DHCP address on *both* cards ... the trick comes from not knowing in advance whether the DHCP server will be on the inside connection or the net-facing one. (i.e. if the bridge is deployed near the network edge, the DHCP server is inside; but if it is deployed immediately in front of a single server, then it will see DHCP facing outwards). It *ought* to be possible to configure both hostname.xl0 and hostname.fxp1 as dhcp, and whichever one comes up first, will then bridge through the DHCP server for the other. Unfortunately it just happens by luck of alphabetical order, that the one which comes up first is *not* looking at a DHCP server. So after a relatively short period of retries it goes to sleep. Then the other interface asks for its dhcp address and gets it quickly. What I expected was that the first would sleep for a short time then ask again, and get it OK. I haven't seen that happen - about 30 minutes later and the interface still has no IP. What's the best way to ensure that they both get IPs as quickly as possible? I can think of some dirty hacks, but I don't like the solutions I've come up with. (For example, if I kick off the dhcp client requests in the background, that interferes with the rest of the boot sequence). Has anyone had this configuration before and come up with an elegant solution? May be I'm wrong (only one OBSD box with two NICs with different networks attached I heve this time is production box and cannot be switched off now), but maybe this helps: 1) Disable sysctl net.inet.ip.forwarding in sysctl.conf Then, in rc.local: 2) Initialize network manually (call dhclient) 3) Enable forwarding 4) Configure and wake up bridge IMHO, this'll look like static IP address given to bridge interfaces... -- With my best, Pereresus ne Vlezaet Buggy
Re: know any neat tricks for 2 * dhclient?
What I expected was that the first would sleep for a short time then ask again, and get it OK. I haven't seen that happen - about 30 minutes later and the interface still has no IP. [This goes vastly OT, I know:] I am blank astonished that it seems to be impossible to get two independent NICs picking up their IPs from different networks; or even the same network, that is. What is wrong in my understanding, that if I plug 7 NICs and connect them (or do not connect them) to a DHCP server, that all of them independently try to get an IP ? They're not both connected to a DHCP server. The DHCP server is only connected to one of the NICs. Nevertheless I want both NICs to get an IP from that DHCP server. I thought I could do it because they were bridged NICs. I was wrong. Graham