Re: VLANs not isolated
On Thu, 24 Nov 2005, Jason Dixon wrote: > I'm testing PF on a proposed network design and experiencing some unexpected > behavior. With three vlan(4) interfaces on the interior of an OpenBSD > gateway, each of the clients on a segment is able to ping the gateway address > for at least one of the other VLAN gateways. I'm not sure whether this is a > bug with OpenBSD or my switch. I wouldn't be surprised that it's the fault of > this Dell PowerConnect 3024, but I'm still wondering why OpenBSD honors the > tagged packet on the wrong vlan(4) interface. I know the Dell PowerConnects > are crap, but it's what I have in my home for testing. The production network > will be running Catalyst 2950s. > > The clients are all connected to untagged VLAN ports on the switch. The > OpenBSD gateway is plugged into a port tagged with all 3 VLANs. > > vlan0: flags=8843 mtu 1500 >lladdr 00:d0:b7:bf:c6:95 >vlan: 2 parent interface: fxp0 >groups: vlan >inet6 fe80::2d0:b7ff:febf:c695%vlan0 prefixlen 64 scopeid 0x8 >inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 > vlan1: flags=8843 mtu 1500 >lladdr 00:d0:b7:bf:c6:95 >vlan: 3 parent interface: fxp0 >groups: vlan >inet6 fe80::2d0:b7ff:febf:c695%vlan1 prefixlen 64 scopeid 0x9 >inet 10.10.10.1 netmask 0xff00 broadcast 10.10.10.255 > vlan2: flags=8843 mtu 1500 >lladdr 00:d0:b7:bf:c6:95 >vlan: 4 parent interface: fxp0 >groups: vlan >inet6 fe80::2d0:b7ff:febf:c695%vlan2 prefixlen 64 scopeid 0xa >inet 10.20.20.1 netmask 0xff00 broadcast 10.20.20.255 > > == > Test Summary > == > Client 10.0.0.50 > can ping 10.0.0.1 > can not ping 10.10.10.1 > can ping 10.20.20.1 > > Client 10.10.10.50 > can ping 10.0.0.1 > can ping 10.10.10.1 > can ping 10.20.20.1 > > Client 10.20.20.50 > can not ping 10.0.0.1 > can ping 10.10.10.1 > can ping 10.20.20.1 Your clients have the OpenBSD system as their gateway right? I think it's normal for a multi-homed BSD system to accept traffic for all it's IP addresses (even with forwarding turned off). That does not explain why some of your ping tests fail though. -- Cam
VLANs not isolated
I'm testing PF on a proposed network design and experiencing some unexpected behavior. With three vlan(4) interfaces on the interior of an OpenBSD gateway, each of the clients on a segment is able to ping the gateway address for at least one of the other VLAN gateways. I'm not sure whether this is a bug with OpenBSD or my switch. I wouldn't be surprised that it's the fault of this Dell PowerConnect 3024, but I'm still wondering why OpenBSD honors the tagged packet on the wrong vlan(4) interface. I know the Dell PowerConnects are crap, but it's what I have in my home for testing. The production network will be running Catalyst 2950s. The clients are all connected to untagged VLAN ports on the switch. The OpenBSD gateway is plugged into a port tagged with all 3 VLANs. vlan0: flags=8843 mtu 1500 lladdr 00:d0:b7:bf:c6:95 vlan: 2 parent interface: fxp0 groups: vlan inet6 fe80::2d0:b7ff:febf:c695%vlan0 prefixlen 64 scopeid 0x8 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 vlan1: flags=8843 mtu 1500 lladdr 00:d0:b7:bf:c6:95 vlan: 3 parent interface: fxp0 groups: vlan inet6 fe80::2d0:b7ff:febf:c695%vlan1 prefixlen 64 scopeid 0x9 inet 10.10.10.1 netmask 0xff00 broadcast 10.10.10.255 vlan2: flags=8843 mtu 1500 lladdr 00:d0:b7:bf:c6:95 vlan: 4 parent interface: fxp0 groups: vlan inet6 fe80::2d0:b7ff:febf:c695%vlan2 prefixlen 64 scopeid 0xa inet 10.20.20.1 netmask 0xff00 broadcast 10.20.20.255 == Test Summary == Client 10.0.0.50 can ping 10.0.0.1 can not ping 10.10.10.1 can ping 10.20.20.1 Client 10.10.10.50 can ping 10.0.0.1 can ping 10.10.10.1 can ping 10.20.20.1 Client 10.20.20.50 can not ping 10.0.0.1 can ping 10.10.10.1 can ping 10.20.20.1 Thanks, -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: Anyone with experience on a dell poweredge 850?
On Wed, Nov 23, 2005 at 02:58:33PM -0500, Peter Landry wrote: > Hi everyone, > I'm just wondering if anyone knows anything about OpenBSD on a Dell > Poweredge 850. List archives returned no hits, and google returned only > a dmesg of the machine from FreeBSD > (http://nycbug.org/?NAV=dmesgd&dmesgd_criteria=&dmesgid=700#700 for > those interested). > > Dells seem relatively well supported, I'm mostly worried about the dual > on-board NIC. > > Any light anyone could shed on compatibility would be great -- I'm > making a case for using OpenBSD with this, which was purchased to be a > firewall machine, instead of Microsoft and ISA server. > I had 3.7 setup on a 1U SATA 850 for a test project. No Probs. Craig.
Proliant 350 - NIC troubles
I need to add a NIC to the PCI-X slot(s) of Proliant to communicate to the UPS. First, I tried an RTL8139 board. It would not POST ('bus master error'). This goes to RTL // HP. Next, an original Intel xln. It was recognized, the Proliant asked for the change in boot order, I could allocate an irq. Everything fine. Booting, however, results in a crash; the board is not recognised (if it isn't, why can it crash ?). In any case, the NIC does not show, and the box automatically re-enters BIOS-boot after a few seconds after rpc. I tried twice; and twice the same effect: auto-reboot. Question: Anybody out there with a successful addition of a NIC to that machine ? Anything else to recommend ? (I don't have a 905 on hand, so I couldn't try that one.) Uwe dmesg, the last four lines are the automatic reboot: booting hd0a:/bsd: 4846336+944176 [52+249680+230986]=0x5fb274 entry point at 0x100120 m [ using 481092 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.8 (GENERIC.MP) #0: Wed Nov 2 10:11:33 SGT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(TM) CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CDreal mem = 2147012608 (2096692K) avail mem = 1953050624 (1907276K) using 4278 buffers containing 107454464 bytes (104936K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 10 Interrupt Routing table entries pcibios0: no compatible PCI ICU found pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xcc000/0x1000 0xcd000/0x1600 0x!mainbus0: Intel MP Specification (Version 1.4) (HP PROLIANT) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 200 MHz cpu1 at mainbus0: apid 6 (application processor) cpu1: Intel(R) Xeon(TM) CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CDmainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 5 is type PCI mainbus0: bus 6 is type PCI mainbus0: bus 9 is type PCI mainbus0: bus 13 is type PCI mainbus0: bus 16 is type PCI mainbus0: bus 32 is type ISA ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 9 pa 0xfec1, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apic 9 ioapic2 at mainbus0: apid 10 pa 0xfec8, version 20, 24 pins ioapic3 at mainbus0: apid 11 pa 0xfec80400, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel E7710 SMCH" rev 0x0c ppb0 at pci0 dev 2 function 0 "Intel E7710 MCH PCIE" rev 0x0c pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci2 at ppb1 bus 2 ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 pci3 at ppb2 bus 3 fxp0 at pci3 dev 2 function 0 "Intel 82557" rev 0x08, i82559: apic 8 int 3 (irqainphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ppb3 at pci0 dev 4 function 0 "Intel E7710 MCH PCIE" rev 0x0c pci4 at ppb3 bus 4 ppb4 at pci0 dev 6 function 0 "Intel E7710 MCH PCIE" rev 0x0c pci5 at ppb4 bus 5 ppb5 at pci0 dev 28 function 0 "Intel 6300ESB PCIX" rev 0x02 pci6 at ppb5 bus 6 mpt0 at pci6 dev 3 function 0 "Symbios Logic 53c1030" rev 0x08: apic 8 int 5 (i)mpt0: sending FW Upload request to IOC (size: 36, img size: 40752) mpt0: IM support: 0 scsibus0 at mpt0: 16 targets sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed sd0: 140014MB, 41991 cyl, 10 head, 682 sec, 512 bytes/sec, 286749488 sec total mpt0: target 0 Synchronous at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 mpt1 at pci6 dev 3 function 1 "Symbios Logic 53c1030" rev 0x08: apic 8 int 5 (i)mpt1: sending FW Upload request to IOC (size: 36, img size: 40752) mpt1: IM support: 0 scsibus1 at mpt1: 16 targets uhci0 at pci0 dev 29 function 0 "Intel 6300ESB USB" rev 0x02: apic 8 int 16 (ir)usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 "Intel 5300ESB USB" rev 0x02: apic 8 int 19 (ir)usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered "Intel 6300ESB WDT" rev 0x02 at pci0 dev 29 function 4 not configured "Intel 6300ESB APIC" rev 0x02 at pci0 dev 29 function 5 not configured ehci0 at pci0 dev 29 function 7 "Intel 6300ESB USB" rev 0x02: apic 8 int 23 (ir)usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with
Re: man spamd(8) error?
On 2005/11/23 16:21:48, Claus wrote: > Should the 100 be a 800 in the -B switch? > > -B maxblack > [...] The default is maxcon - 100 "maxcon minus 100" (so that you leave some connections free for non- blacklisted hosts). After experimenting with how "maxcon-100" (no spaces) and "100 less than maxcon" actually look in the manpage, I think it's probably better as it stands.
Re: bioctl Device Support
On 23 Nov 2005, at 20:34, Otto Moerbeek wrote: > Don't know how you upgraded, but one thing that might be wrong is de > bio dev entry: > > [EMAIL PROTECTED]:35]$ ls -l /dev/bio* > crw--- 1 root wheel 79, 0 Jul 7 20:34 /dev/bio > [EMAIL PROTECTED]:36]$ I followed all the instructions in the upgrade FAQ's on the main site, especially the section: cd /dev ./MAKEDEV all So I get: # ls -l /dev/bio* crw--- 1 root wheel 79, 0 Nov 23 15:05 /dev/bio The device is ok, I suspect it's just the age of my hardware showing... :( Gaby -- Junkets for bunterish lickspittles since 1998! http://vanhegan.net/sudoku/ http://weblog.vanhegan.net/
man spamd(8) error?
Should the 100 be a 800 in the -B switch? -B maxblack [...] The default is maxcon - 100 -c maxcon [...] The default is 800.
Re: remote su root: SORRY
>>Sigh. Exact details please. Does su print "Sorry"? Or anything else? >>Some things you can do to isolate the problem: >>1. Login on console as pyiu and try to su. Yes that worked ok inserial console. $ su Password: # >>2. When logged in, ssh to localhost as pyiu and then try to su It failed to su. -bash-3.00$ ssh [EMAIL PROTECTED] -bash-3.00$ su Password: Sorry >>Please give exact reports on what is printed on screen and written to >>authlog in these cases. This is authlog when successed to login from SSH to localhost login as pyiu and su. Nov 24 10:00:00 unix1 su: pyiu to root on /dev/ttys0 This is authlog when failed to login from SSH to localhost login as pyiu and su. Nov 24 10:00:46 unix1 su: BAD SU pyiu to root on /dev/ttyp0 >>If that does not give a clue, I might need to add some debug code to >>su to see what is going on. >> -Otto -- Regards, Paul Yiu Senior Systems & Network Administrator Max eCommerce Pty Ltd. http: www.maxecommerce.com Ph: +61 02 9651 3422 Fax: +61 02 9651 4622 Email: [EMAIL PROTECTED] This email and any attachments are confidential and may be subject to copyright, legal or some other professional privilege. They are intended solely for the attention and use of the named addressee(s). They may only be copied, distributed or disclosed with the consent of the copyright owner. If you have received this email by mistake or by breach of the confidentiality clause, please notify the sender immediately by return email and delete or destroy all copies of the email. Any confidentiality, privilege or copyright is not waived or lost because this email has been sent to you by mistake. Otto Moerbeek wrote: >On Wed, 23 Nov 2005, Paul Yiu wrote: > > > >>Hi Otto, >> >> >> I would like to see the output of userinfo pyiu. Added to that, the output of getcap -f /etc/login.conf class, where class is the login class of teh user, as reported by userinfo. >>login pyiu >>passwd WhatEverWasHere >>uid 1002 >>groups users wheel >>change NEVER >>class >>gecos Paul Yiu >>dir /home/pyiu >>shell /usr/local/bin/bash >>expire NEVER >> >>pyiu do not assign to any class as shown above. >>-bash-3.00# getcap -f /etc/login.conf default >>default::path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin >>/usr/local/bin: :umask=022: :datasize-max=256M: >>:datasize-cur=75M: :maxproc-max=128: :maxproc-cur=64: >>:openfiles-cur=64: :stacksize-cur=4M: >>:localcipher=blowfish,6::ypcipher=old: :auth=passwd,skey: >>:auth-ftp=passwd: >> >> >> Also, we need to see the exact command line used and errors reported. Not just some vague description. >>I use ssh.com client 3.2.9 to login as pyiu and type su to su as root >>and what has been capture in /var/log/authlog is >>Nov 21 11:27:02 openbsd1 su: BAD SU pyiu to root on /dev/ttyp0 >>I can provide more details if necessery. >> >> > >Sigh. Exact details please. Does su print "Sorry"? Or anything else? > >Some things you can do to isolate the problem: > >1. Login on console as pyiu and try to su. >2. When logged in, ssh to localhost as pyiu and then try to su > >Please give exact reports on what is printed on screen and written to >authlog in these cases. > >If that does not give a clue, I might need to add some debug code to >su to see what is going on. > > -Otto
Re: additional features in bsd.rd
On 2005/11/23 22:07:49, Olivier Cherrier wrote: > On Tue, Nov 22, 2005 at 01:08:24PM +0100, [EMAIL PROTECTED] wrote: > > >>3. Restore a 'disk image' from above... > > >> # nc -l 1234 | dd of=/dev/rwd0c > > > > > >You can already do those things with 'ftp -o -'.. > > > > unless I read ftp(1) incorrectly, then it supports retrieve only, > > with no ability to send - which was my main desire. > > You can download and upload files using ftp(1). > I use to do it since OpenBSD 2.9, using standard floppies. With ftp in a pipe, you can only retrieve. Sending dmesg or individual files with 'put' is simple enough, but the example of dd'ing an image of a hard drive isn't. Still I'm not sure if this is useful enough to warrant including nc. I like Chris's suggestion of -u to mirror -o though...
Re: remote su root: SORRY
Hi Chad, Yes, with sudo su - worked ok, great thanks. I really want su instead of sudo su - due to other admin in my company I want to keep this consistant. Any idea what causes the su failed? I got many openbsd server running and they are with same config but able to su without this problem. -- Regards, Paul Yiu Senior Systems & Network Administrator Max eCommerce Pty Ltd. http: www.maxecommerce.com Ph: +61 02 9651 3422 Fax: +61 02 9651 4622 Email: [EMAIL PROTECTED] This email and any attachments are confidential and may be subject to copyright, legal or some other professional privilege. They are intended solely for the attention and use of the named addressee(s). They may only be copied, distributed or disclosed with the consent of the copyright owner. If you have received this email by mistake or by breach of the confidentiality clause, please notify the sender immediately by return email and delete or destroy all copies of the email. Any confidentiality, privilege or copyright is not waived or lost because this email has been sent to you by mistake. Chad M Stewart wrote: On Nov 20, 2005, at 10:02 PM, Paul Yiu wrote: Hi Guys, Hope you guys can help on this ssh issue has been posted in 2004. Thank you in advance. I hit the same ssh problem with openbsd 3.7. I got serial console set up, I got a user which assigned in a wheel group, when I log in using ssh as a user and try to su. System said sorry and I check /var/log/authlog it said BAD SU pyiu to root on /dev/ttyp0. I can ssh in as root, but not su as root. $ su Password: Sorry $ sudo su - Password: Results in the following entry in /var/log/authlog Nov 23 08:09:54 sabus su: BAD SU chad to root on /dev/ttyp0 I don't think the problem is with the serial console or ssh. I suspect the problem is user error. Assuming you've adjusted sudo to allow people in the wheel group, great. Then they must use sudo to run the commands. Look at my example above. The first time I simply tried using 'su' and obviously did not enter the root password. While in the next example I entered 'sudo su -' and then entered my password when prompted which then granted me a root prompt. -Chad
Re: Anyone with experience on a dell poweredge 850?
On Wednesday 23 November 2005 20.58, you wrote: > Hi everyone, > I'm just wondering if anyone knows anything about OpenBSD on a Dell > Poweredge 850. List archives returned no hits, and google returned only > a dmesg of the machine from FreeBSD > (http://nycbug.org/?NAV=dmesgd&dmesgd_criteria=&dmesgid=700#700 for > those interested). > > Dells seem relatively well supported, I'm mostly worried about the dual > on-board NIC. > > Any light anyone could shed on compatibility would be great -- I'm > making a case for using OpenBSD with this, which was purchased to be a > firewall machine, instead of Microsoft and ISA server. > > Thanks in advance, > Peter L. Why worry about the NIC:s that is the low cost part... Most of what I can read on the Dell homepage (chipset and other built in stuff) seems to be similar to Dell Tower 830. Here is a dmesg of my 830 if it could be of any help. When I bought my 830 I also bought a Dual Intel PCI Express NIC card with it from Dell. I added my own LSI-150-4 SATA cards after as Dell continues to have only Adaptec cards available for SATA... As you see my on board NIC is "Broadcom BCM5721" that works. Everything is included in the dmesg below. OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CN XT-ID real mem = 536195072 (523628K) avail mem = 482357248 (471052K) using 4278 buffers containing 26910720 bytes (26280K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 10/12/05, BIOS32 rev. 0 @ 0xffe90 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb900/208 (11 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00) pcibios0: PCI bus #8 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1600 0xca800/0x2200 0xec000/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x2778 rev 0x00 ppb0 at pci0 dev 1 function 0 vendor "Intel", unknown product 0x2779 rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 "Intel 41210 PCIE-PCIX" rev 0x09 pci2 at ppb1 bus 2 em0 at pci2 dev 4 function 0 "Intel PRO/1000MT (82546GB)" rev 0x03: irq 3, address: 00:0e:0c:72:4b:a2 em1 at pci2 dev 4 function 1 "Intel PRO/1000MT (82546GB)" rev 0x03: irq 11, address: 00:0e:0c:72:4b:a3 ppb2 at pci1 dev 0 function 2 "Intel 41210 PCIE-PCIX" rev 0x09 pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01 pci4 at ppb3 bus 4 ppb4 at pci4 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci5 at ppb4 bus 5 ami0 at pci5 dev 2 function 0 "Symbios Logic MegaRAID" rev 0x01: irq 10 LSI 523/64b/lhc ami0: FW 713N, BIOS vG119, 64MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 286163MB, 36480 cyl, 255 head, 63 sec, 512 bytes/sec, 586061824 sec total scsibus1 at ami0: 16 targets ppb5 at pci0 dev 28 function 4 vendor "Intel", unknown product 0x27e0 rev 0x01 pci6 at ppb5 bus 6 bge0 at pci6 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1 (0x4101): irq 3 address 00:12:3f:2a:3e:b8 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb6 at pci0 dev 28 function 5 vendor "Intel", unknown product 0x27e2 rev 0x01 pci7 at ppb6 bus 7 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 5 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 11 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb7 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xe1 pci8 at ppb7 bus 8 vga1 at pci8 dev 5 function 0 unknown vendor 0x18ca product 0x0020 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01 pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to com patibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0
Re: spamd vs the sober worm
my results: host: a small web server with 9 active domains two deliverable mail adressed have been "targeted" first hit: Nov 22 08:50:22 last hit (so far): Nov 23 17:35:33 total hits: 35 (some unclear omitted) total hits on deliverable adresses: 24 too many different "origin" adresses to list (for grepping) --knitti
Re: Apache CAN-2004-0700 question
thanks a lot i guessed so but could not find the proof. regards Niall O'Higgins wrote: >On Wed, Nov 23, 2005 at 10:31:21PM +0200, BY wrote: > > > >This is a funny one. > >Diff mod_ssl 2.8.18 and 2.8.19 and you'll get the fix for the format >string bug (inline at the end of this email). > >Look at src/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c and you'll >see we have this fix. > >Look at the cvs log for revision 1.10 of that file, and you'll see >this: > >revision 1.10 >date: 2003/06/01 15:53:41; author: deraadt; state: Exp; lines: +1 -1 >various format string cleanups; tedu ok > >Note the date; fixed in OpenBSD over a year before the mod_ssl people fixed it. >[http://marc.theaimsgroup.com/?l=apache-modssl&m=109001100906749&w=2] > >diff -u mod_ssl-2.8.18-1.3.31/pkg.sslmod/libssl.version ./libssl.version >@@ -1 +1 @@ >-mod_ssl/2.8.18-1.3.31 >+mod_ssl/2.8.19-1.3.31 >diff -u mod_ssl-2.8.18-1.3.31/pkg.sslmod/ssl_engine_ext.c ./ssl_engine_ext.c >--- mod_ssl-2.8.18-1.3.31/pkg.sslmod/ssl_engine_ext.c Tue May 11 19:39:40 2004 >+++ ./ssl_engine_ext.c Fri Jul 16 08:57:33 2004 >@@ -524,7 +524,7 @@ > #endif > errmsg = ap_psprintf(r->pool, "SSL proxy connect failed (%s): peer > %s: %s", > cpVHostID, peer, > ERR_reason_error_string(ERR_get_error())); >-ssl_log(r->server, SSL_LOG_ERROR, errmsg); >+ssl_log(r->server, SSL_LOG_ERROR, "%s", errmsg); > SSL_free(ssl); > ap_ctx_set(fb->ctx, "ssl", NULL); > return errmsg;
Re: additional features in bsd.rd
On 23/11/05, Olivier Cherrier <[EMAIL PROTECTED]> wrote: > You can download and upload files using ftp(1). > I use to do it since OpenBSD 2.9, using standard floppies. i think he wants to do something like ftp -u /tmp/thingy ftp://myserver/pub/incoming/dmesg.txt to upload /tmp/thingy to myserver, or dd if=/dev/wd0c bs=256k | ftp -u - ftp://myserver/pub/incoming/wd0c.img to send a disk image someplace. more than once i've built static copies of nc and brought them into the ramdisk with ftp just so that i could send disk images out... -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: FAT partition on removable disk wont show up
On Wednesday 23 November 2005 03.10, you wrote: > Per-Olov Sjvholm wrote: > ... > > > Hi Nick > > > > Yes I think the label was set before I created the FAT partition... > > > > > > Setting the offset etc is an easy thing.. But how should I set "fsize", > > "bsize" and "cpg" on the windows partition when adding it using > > "disklabel -e sd1". And last... How should I set the "fstype" (it is a > > "0C" FAT32L partition). MSDOS, FAT32L, FAT or what? > > > > (can this info be found in any manpage or FAQ that I have missed?) > > Possibly... >http://www.openbsd.org/faq/faq14.html#foreignfs > has a pretty decent example. Those fields are left blank, as they are > FFS specific things, they don't apply to FAT, NTFS, etc. > > However, there's another way: > Use "disklabel -E sd1" instead, it won't ask you some of that stuff. :) > > Nick. I first tried "disklabel -E sd1" (before my first post) without success. I saw that the space for partition "c" minus partition "a" was equal the size of my existing FAT partition that I could not see or use. And I could not add it so it would be visible either. After your last reply I saw the "D" flag (set disklabel to default). Then the FAT partitions showed up directly. However, the sd1a 4.2BSD partition seemed to have been destroyed and set to "unused" in the fstype field when i used the flag "D". But the FAT partition was not destroyed by using "D". I could directly mount it... As it was not important I recreated and reformatted the sd1a 4.2BSD partition. Now I can see and use both the BSD and the FAT partion. The secret for me was the "D" flag in disklabel. But of course it all depended on me not understanding everyhing regarding disklabel. Tnx Nick for your hints. Regards /Per-Olov -- GPG keyID: 4DB2 83CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
Re: Anyone with experience on a dell poweredge 850?
On 11/23/05, Peter Landry <[EMAIL PROTECTED]> wrote: > Hi everyone, > I'm just wondering if anyone knows anything about OpenBSD on a Dell > Poweredge 850. List archives returned no hits, and google returned only > a dmesg of the machine from FreeBSD > (http://nycbug.org/?NAV=dmesgd&dmesgd_criteria=&dmesgid=700#700 for > those interested). > > Dells seem relatively well supported, I'm mostly worried about the dual > on-board NIC. > > Any light anyone could shed on compatibility would be great -- I'm > making a case for using OpenBSD with this, which was purchased to be a > firewall machine, instead of Microsoft and ISA server. > > Thanks in advance, > Peter L. > > I'm running OpenBSD 3.7 on a Dell PowerEdge 650. I know that's not what you're looking for, but I can't imagine that the on-board nics will be an issue. The Dell technical specs say they are Broadcom Dual 5721J as opposed to the Intel Pro/1000's that are in the 650 (see attached dmesg). My personal recommendation (for what that's worth) is to go ahead and install OpenBSD. I have to assume that the system is not currently functional with Windows and ISA Server. Try it, if it fails, then order an Intel Dual port adapter to put in then PCI-X slot and disable the integrated Broadcom cards in the BIOS. But I doubt that will be an issue. OpenBSD 3.7-stable (GENERIC) #0: Mon Nov 21 11:05:09 CST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 1073197056 (1048044K) avail mem = 972783616 (949984K) using 4278 buffers containing 53764096 bytes (52504K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 10/14/04, BIOS32 rev. 0 @ 0xffe90 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc4e0/96 (4 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1166 product 0x0203 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4800 0xec000/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "ServerWorks CMIC_SL Host" rev 0x32 pchb1 at pci0 dev 0 function 1 "ServerWorks CMIC_SL Host" rev 0x00 pci1 at pchb1 bus 1 em0 at pci1 dev 3 function 0 "Intel PRO/1000MT DP (82546EB)" rev 0x01: irq 10, address: 00:04:23:79:93:74 em1 at pci1 dev 3 function 1 "Intel PRO/1000MT DP (82546EB)" rev 0x01: irq 7, address: 00:04:23:79:93:75 vga1 at pci0 dev 4 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 5 function 0 "CMD Technology PCI0680" rev 0x02 pciide0: bus-master DMA support present pciide0: channel 0 wired to native-PCI mode pciide0: using irq 15 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 76293MB, 15625 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 wired to native-PCI mode pchb2 at pci0 dev 15 function 0 "ServerWorks CSB6 PCI" rev 0xa0 pciide1 at pci0 dev 15 function 1 "ServerWorks CSB6 IDE" rev 0xa0: DMA atapiscsi0 at pciide1 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide1:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2 pciide1: no compatibility interrupt for use by channel 1 ohci0 at pci0 dev 15 function 2 "ServerWorks CSB6 USB" rev 0x05: irq 11, version 1.0, legacy support ohci0: SMM does not respond, resetting usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ServerWorks OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered pcib0 at pci0 dev 15 function 3 "ServerWorks CSB6 LPC" rev 0x00 pchb3 at pci0 dev 16 function 0 "ServerWorks CIOB-E" rev 0x12 pchb4 at pci0 dev 16 function 2 "ServerWorks CIOB-E" rev 0x12 pci2 at pchb4 bus 2 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask fb6d netmask ffed ttymask ffef pctr: user-level cycle counter enabled dkcsum: wd0 matched BIOS disk 80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302
Re: Apache CAN-2004-0700 question
On Wed, Nov 23, 2005 at 10:31:21PM +0200, BY wrote: > I have checked and searched lists to find any information about > CAN-2004-0700 affecting or not default apache on 3.8, i am sure that the > version is fully modified and is not affected by subject CAN. But i > need a proof of concept on that. maybe a cvs link could help. Any ideas? > thnx This is a funny one. Diff mod_ssl 2.8.18 and 2.8.19 and you'll get the fix for the format string bug (inline at the end of this email). Look at src/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c and you'll see we have this fix. Look at the cvs log for revision 1.10 of that file, and you'll see this: revision 1.10 date: 2003/06/01 15:53:41; author: deraadt; state: Exp; lines: +1 -1 various format string cleanups; tedu ok Note the date; fixed in OpenBSD over a year before the mod_ssl people fixed it. [http://marc.theaimsgroup.com/?l=apache-modssl&m=109001100906749&w=2] diff -u mod_ssl-2.8.18-1.3.31/pkg.sslmod/libssl.version ./libssl.version @@ -1 +1 @@ -mod_ssl/2.8.18-1.3.31 +mod_ssl/2.8.19-1.3.31 diff -u mod_ssl-2.8.18-1.3.31/pkg.sslmod/ssl_engine_ext.c ./ssl_engine_ext.c --- mod_ssl-2.8.18-1.3.31/pkg.sslmod/ssl_engine_ext.c Tue May 11 19:39:40 2004 +++ ./ssl_engine_ext.c Fri Jul 16 08:57:33 2004 @@ -524,7 +524,7 @@ #endif errmsg = ap_psprintf(r->pool, "SSL proxy connect failed (%s): peer %s: %s", cpVHostID, peer, ERR_reason_error_string(ERR_get_error())); -ssl_log(r->server, SSL_LOG_ERROR, errmsg); +ssl_log(r->server, SSL_LOG_ERROR, "%s", errmsg); SSL_free(ssl); ap_ctx_set(fb->ctx, "ssl", NULL); return errmsg;
Re: Anyone with experience on a dell poweredge 850?
Peter Landry wrote: Hi everyone, I'm just wondering if anyone knows anything about OpenBSD on a Dell Poweredge 850. List archives returned no hits, and google returned only a dmesg of the machine from FreeBSD (http://nycbug.org/?NAV=dmesgd&dmesgd_criteria=&dmesgid=700#700 for those interested). Dells seem relatively well supported, I'm mostly worried about the dual on-board NIC. Any light anyone could shed on compatibility would be great -- I'm making a case for using OpenBSD with this, which was purchased to be a firewall machine, instead of Microsoft and ISA server. Thanks in advance, Peter L. Heck, boot the install disk/CD and have a look through the dmesg for "not supported", plus have a good look at any components you're especially interested in. Like what kind of onboard nics you're faced with. Five minutes well spent... -- Darrin Chandler [EMAIL PROTECTED] http://www.stilyagin.com/
Re: additional features in bsd.rd
On Tue, Nov 22, 2005 at 01:08:24PM +0100, [EMAIL PROTECTED] wrote: > >>3. Restore a 'disk image' from above... > >># nc -l 1234 | dd of=/dev/rwd0c > > > >You can already do those things with 'ftp -o -'.. > > unless I read ftp(1) incorrectly, then it supports retrieve only, > with no ability to send - which was my main desire. You can download and upload files using ftp(1). I use to do it since OpenBSD 2.9, using standard floppies. -- oc
Re: spamd vs the sober worm
On 11/23/05, Peter N. M. Hansteen <[EMAIL PROTECTED]> wrote: i will send you my raw data off list, however, if you want to, you can also grep for these: @bka.de (bka is the german variant of fbi, but they only use @bka.bund.de afaik) [EMAIL PROTECTED] (this adress _might_ also have legitimate origins, however I saw at least one sample clearly stemming from an infection) --knitti
Re: spamd vs the sober worm
On 11/23/05, knitti <[EMAIL PROTECTED]> wrote: > @bka.de (bka is the german variant of fbi, but they only use @bka.bund.de > afaik) sorry, the worm uses the capital version: BKA.de --knitti
Re: Working Atheros card for openbsd 3.8-current
On 11/23/05, M. Schatzl <[EMAIL PROTECTED]> wrote: > David Coppa wrote: > > So basically what I ask is: which atheros chipsets are known to work? > > For what I've understood only AR5210 and AR5211 are safe bets. > > Ever looked at man ath? yes I've read it. The ath driver provides support for wireless network devices based on the Atheros AR5210, AR5211, and AR5212 chips. But not all the AR5212 based cards are supported, because compatibility varies depending also on phy and rf revisions. > /M
Re: Geforce Driver for OpenBSD
Joco Salvatti wrote: Hi all, I visited the Nvidia's website but I didn't find anything, but I just want to be sure: are there any geforce device driver available for OpenBSD? Thanks. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED] As Mr. Hernandez said, it's not going to happen. Further, it's because nvidia won't release enough info to make it happen. They have binary only drivers for linux and freebsd (others?), but it compromises the openness of the os. Basic functioanlity can be had from Xorg's generic nv driver, though, so you're not totally lost. Write nvidia and tell them you're disappointed that you can't use their products with the software of your choice. -- Darrin Chandler [EMAIL PROTECTED] http://www.stilyagin.com/
Anyone with experience on a dell poweredge 850?
Hi everyone, I'm just wondering if anyone knows anything about OpenBSD on a Dell Poweredge 850. List archives returned no hits, and google returned only a dmesg of the machine from FreeBSD (http://nycbug.org/?NAV=dmesgd&dmesgd_criteria=&dmesgid=700#700 for those interested). Dells seem relatively well supported, I'm mostly worried about the dual on-board NIC. Any light anyone could shed on compatibility would be great -- I'm making a case for using OpenBSD with this, which was purchased to be a firewall machine, instead of Microsoft and ISA server. Thanks in advance, Peter L.
Re: bioctl Device Support
Ah ok so this is a PERC 2/SC. There is a bug in the driver or firmware which causes the firmware to hang whenever there is access to more than 1 LD at the same time. To prevent hangs I marked these cards as broken to prevent access to more than 1 LD, unfortunately the broken flag also *has* to prevent access though the ioctl interface. What's bad is that the passthrough is actually working. This can cause hangs as well so I need to go fix that (need to not allow commands through passthrough when card is marked "broken"). I honestly don't know what is actually causing the firmware to hang and therefore I can't fix the driver to work around it. One of these days I'll try again to fix this but be advised that these cards are rapidly becoming obsolete. Sorry that I don't have a better answer :( /marco On Nov 23, 2005, at 2:10 PM, Gaby vanhegan wrote: On 23 Nov 2005, at 20:00, Otto Moerbeek wrote: ami0 at pci1 dev 14 function 1 "Intel 80960RP ATU" rev 0x02: irq 14 Dell 467/32b ami0: FW 1.06, BIOS v1p00, 128MB RAM ami0: 2 channels, 16 targets, 1 logical drives scsibus0 at ami0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 17136MB, 2184 cyl, 255 head, 63 sec, 512 bytes/sec, 35094528 sec total scsibus1 at ami0: 16 targets safte0 at scsibus1 targ 6 lun 0: SCSI2 3/ processor fixed scsibus2 at ami0: 16 targets If I can ask, which models of RAID card are being worked on for the 3.9 release? I may be missing something obvious here, but this looks like the card _is_ supported. What output where you expecting? What does bioctl ami0 print? I figured that it would be supported: # bioctl ami0 bioctl: BIOCINQ: Operation not supported by device # bioctl -Dv ami0 bioctl: cookie = 0xd0f51e90 bio_inq bioctl: BIOCINQ: Operation not supported by device Apparently not :( Here's a full dmesg: # dmesg OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III ("GenuineIntel" 686-class) 728 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3 6, MMX,FXSR,SSE real mem = 536449024 (523876K) avail mem = 482590720 (471280K) using 4278 buffers containing 26927104 bytes (26296K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 06/25/01, BIOS32 rev. 0 @ 0xffe90 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc320/208 (11 entries) pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4 SouthBridge" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x200 0xc8800/0xe00 0xc9800/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06 pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06 pci1 at pchb1 bus 2 fxp0 at pci1 dev 6 function 0 "Intel 82557" rev 0x0c, i82550: irq 5, address 00:02:b3:63:ee:52 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ppb0 at pci1 dev 14 function 0 "Intel i960 RN PCI-PCI" rev 0x02 pci2 at ppb0 bus 3 ami0 at pci1 dev 14 function 1 "Intel 80960RP ATU" rev 0x02: irq 14 Dell 467/32b ami0: FW 1.06, BIOS v1p00, 128MB RAM ami0: 2 channels, 16 targets, 1 logical drives scsibus0 at ami0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 17136MB, 2184 cyl, 255 head, 63 sec, 512 bytes/sec, 35094528 sec total scsibus1 at ami0: 16 targets safte0 at scsibus1 targ 6 lun 0: SCSI2 3/ processor fixed scsibus2 at ami0: 16 targets ppb1 at pci0 dev 2 function 0 "Intel i960 RM PCI-PCI" rev 0x02 pci3 at ppb1 bus 1 ahc1 at pci3 dev 4 function 0 "Adaptec AIC-7890/1 U2" rev 0x01: irq 14 scsibus3 at ahc1: 16 targets ahc2 at pci3 dev 6 function 0 "Adaptec AIC-7880" rev 0x02: irq 10 scsibus4 at ahc2: 8 targets cd0 at scsibus4 targ 5 lun 0: SCSI2 5/ cdrom removable fxp1 at pci0 dev 8 function 0 "Intel 82557" rev 0x08, i82559: irq 11, address 00:b0:d0:d0:26:89 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 14 function 0 "ATI Mach64 GY" rev 0x7a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev 0x50 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask e745 netmask ef65 ttymask ffe7 pctr: 686-class user-level performance counters enab
Re: bioctl Device Support
On Wed, 23 Nov 2005, Gaby vanhegan wrote: > On 23 Nov 2005, at 20:10, Gaby vanhegan wrote: > > > I figured that it would be supported: > > > > # bioctl ami0 > > bioctl: BIOCINQ: Operation not supported by device > > # bioctl -Dv ami0 > > bioctl: cookie = 0xd0f51e90 > > bio_inq > > bioctl: BIOCINQ: Operation not supported by device > > > > Apparently not :( Here's a full dmesg: > > Just a thought, that machine had been upgraded from 3.5 to 3.8 > (following the steps in the excellent upgrade FAQ's). I upgraded > from 3.5 -> 3.6 -> 3.7 -> 3.8. Perhaps this might have some bearing > on the problem? Don't know how you upgraded, but one thing that might be wrong is de bio dev entry: [EMAIL PROTECTED]:35]$ ls -l /dev/bio* crw--- 1 root wheel 79, 0 Jul 7 20:34 /dev/bio [EMAIL PROTECTED]:36]$ -Otto
Apache CAN-2004-0700 question
I have checked and searched lists to find any information about CAN-2004-0700 affecting or not default apache on 3.8, i am sure that the version is fully modified and is not affected by subject CAN. But i need a proof of concept on that. maybe a cvs link could help. Any ideas? thnx
Re: pf and interface groups in 3.8
after some private mails... * Peter Fraser <[EMAIL PROTECTED]> [2005-11-20 21:30]: > I was trying out the interface groups of pf 3.8, I was surprised to > get a syntax error with: > > pass out quick proto { tcp udp } > from egress to any port domain flags S/SA keep state as said before, I initially forgot the code for static expansion. this is in -current for some time now tho. > which seems to use "self" in these case as an undefined interface > group, I would have expected that "self" would have been implemented > a interface group of all the interfaces on the computer. it is, and happens to work just fine :) > pf is very unhappy if you use: > > set loginterface egress > > After this statement I could not get pf to work again unless I rebooted. this has been confirmed to be an operator error. while you cannot set loginterface to a group (yet, at least), it does _not_ leave pf in a non-working state or the like. > also it is not obvious to me what happens when you use: > > antispoof quick for Inside > > where "Inside" is an interface group containing several interfaces. I > expect > that antispoof only works as a group, rather than on each interface > individually as said - see for yourself. need -current due to above mentioned missing static expansion, then see with echo "antispoof for Inside" | pfctl -nvf - -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: bioctl Device Support
Otto is right. This looks like a PERC 3/SC. Since the passthrough works everything else should work too. The firmware looks a little old so you might want to upgrade that as well. Send a "bioctl ami0" please. On Nov 23, 2005, at 2:00 PM, Otto Moerbeek wrote: On Wed, 23 Nov 2005, Gaby vanhegan wrote: HI, I've just upgraded to 3.8, hoping that ami/bioctl would support my RAID card, which it doesn't: ami0 at pci1 dev 14 function 1 "Intel 80960RP ATU" rev 0x02: irq 14 Dell 467/32b ami0: FW 1.06, BIOS v1p00, 128MB RAM ami0: 2 channels, 16 targets, 1 logical drives scsibus0 at ami0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 17136MB, 2184 cyl, 255 head, 63 sec, 512 bytes/sec, 35094528 sec total scsibus1 at ami0: 16 targets safte0 at scsibus1 targ 6 lun 0: SCSI2 3/ processor fixed scsibus2 at ami0: 16 targets If I can ask, which models of RAID card are being worked on for the 3.9 release? I may be missing something obvious here, but this looks like the card _is_ supported. What output where you expecting? What does bioctl ami0 print? -Otto
Re: bioctl Device Support
On 23 Nov 2005, at 20:10, Gaby vanhegan wrote: > I figured that it would be supported: > > # bioctl ami0 > bioctl: BIOCINQ: Operation not supported by device > # bioctl -Dv ami0 > bioctl: cookie = 0xd0f51e90 > bio_inq > bioctl: BIOCINQ: Operation not supported by device > > Apparently not :( Here's a full dmesg: Just a thought, that machine had been upgraded from 3.5 to 3.8 (following the steps in the excellent upgrade FAQ's). I upgraded from 3.5 -> 3.6 -> 3.7 -> 3.8. Perhaps this might have some bearing on the problem? Gaby -- Junkets for bunterish lickspittles since 1998! http://vanhegan.net/sudoku/ http://weblog.vanhegan.net/
Re: bioctl Device Support
On 23 Nov 2005, at 20:00, Otto Moerbeek wrote: >> ami0 at pci1 dev 14 function 1 "Intel 80960RP ATU" rev 0x02: irq 14 >> Dell 467/32b >> ami0: FW 1.06, BIOS v1p00, 128MB RAM >> ami0: 2 channels, 16 targets, 1 logical drives >> scsibus0 at ami0: 1 targets >> sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct >> fixed >> sd0: 17136MB, 2184 cyl, 255 head, 63 sec, 512 bytes/sec, 35094528 sec >> total >> scsibus1 at ami0: 16 targets >> safte0 at scsibus1 targ 6 lun 0: SCSI2 3/ >> processor fixed >> scsibus2 at ami0: 16 targets >> >> If I can ask, which models of RAID card are being worked on for the >> 3.9 release? > > I may be missing something obvious here, but this looks like the card > _is_ supported. What output where you expecting? What does bioctl ami0 > print? I figured that it would be supported: # bioctl ami0 bioctl: BIOCINQ: Operation not supported by device # bioctl -Dv ami0 bioctl: cookie = 0xd0f51e90 bio_inq bioctl: BIOCINQ: Operation not supported by device Apparently not :( Here's a full dmesg: # dmesg OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III ("GenuineIntel" 686-class) 728 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, MMX,FXSR,SSE real mem = 536449024 (523876K) avail mem = 482590720 (471280K) using 4278 buffers containing 26927104 bytes (26296K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 06/25/01, BIOS32 rev. 0 @ 0xffe90 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc320/208 (11 entries) pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4 SouthBridge" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x200 0xc8800/0xe00 0xc9800/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06 pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06 pci1 at pchb1 bus 2 fxp0 at pci1 dev 6 function 0 "Intel 82557" rev 0x0c, i82550: irq 5, address 00:02:b3:63:ee:52 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ppb0 at pci1 dev 14 function 0 "Intel i960 RN PCI-PCI" rev 0x02 pci2 at ppb0 bus 3 ami0 at pci1 dev 14 function 1 "Intel 80960RP ATU" rev 0x02: irq 14 Dell 467/32b ami0: FW 1.06, BIOS v1p00, 128MB RAM ami0: 2 channels, 16 targets, 1 logical drives scsibus0 at ami0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 17136MB, 2184 cyl, 255 head, 63 sec, 512 bytes/sec, 35094528 sec total scsibus1 at ami0: 16 targets safte0 at scsibus1 targ 6 lun 0: SCSI2 3/ processor fixed scsibus2 at ami0: 16 targets ppb1 at pci0 dev 2 function 0 "Intel i960 RM PCI-PCI" rev 0x02 pci3 at ppb1 bus 1 ahc1 at pci3 dev 4 function 0 "Adaptec AIC-7890/1 U2" rev 0x01: irq 14 scsibus3 at ahc1: 16 targets ahc2 at pci3 dev 6 function 0 "Adaptec AIC-7880" rev 0x02: irq 10 scsibus4 at ahc2: 8 targets cd0 at scsibus4 targ 5 lun 0: SCSI2 5/ cdrom removable fxp1 at pci0 dev 8 function 0 "Intel 82557" rev 0x08, i82559: irq 11, address 00:b0:d0:d0:26:89 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 14 function 0 "ATI Mach64 GY" rev 0x7a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev 0x50 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask e745 netmask ef65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: sd0 matches BIOS drive 0x80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02 Gaby -- Junkets for bunterish lickspittles since 1998! http://vanhegan.net/sudoku/ http://weblog.vanhegan.net/
Re: bioctl Device Support
On Wed, 23 Nov 2005, Gaby vanhegan wrote: > HI, > > I've just upgraded to 3.8, hoping that ami/bioctl would support my > RAID card, which it doesn't: > > ami0 at pci1 dev 14 function 1 "Intel 80960RP ATU" rev 0x02: irq 14 > Dell 467/32b > ami0: FW 1.06, BIOS v1p00, 128MB RAM > ami0: 2 channels, 16 targets, 1 logical drives > scsibus0 at ami0: 1 targets > sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct > fixed > sd0: 17136MB, 2184 cyl, 255 head, 63 sec, 512 bytes/sec, 35094528 sec > total > scsibus1 at ami0: 16 targets > safte0 at scsibus1 targ 6 lun 0: SCSI2 3/ > processor fixed > scsibus2 at ami0: 16 targets > > If I can ask, which models of RAID card are being worked on for the > 3.9 release? I may be missing something obvious here, but this looks like the card _is_ supported. What output where you expecting? What does bioctl ami0 print? -Otto
Re: Enable Solaris Compatibility Mode in version 3.8
Ignore this. I read it as "soekris compatibility". On Wed, Nov 23, 2005 at 11:33:33AM -0800, Peter Hessler wrote: :"boot" : : :thats it. : : :On Wed, Nov 23, 2005 at 01:12:46PM -0600, Tom Pfeifer wrote: ::I'd like to know how to enable Solaris Compatibility Mode in version ::3.8. I've searched the FAQ's and all man pages and don't seem to be ::able to find the correct information. ::Thanks in advance, ::[EMAIL PROTECTED]
Re: Enable Solaris Compatibility Mode in version 3.8
Tom Pfeifer tela.com> writes: > I'd like to know how to enable Solaris Compatibility Mode in version > 3.8. I've searched the FAQ's and all man pages and don't seem to be > able to find the correct information. $ man 8 compat_sunos I assume that's what you want.
Re: Geforce Driver for OpenBSD
On Wed, Nov 23, 2005 at 04:34:41PM -0200, Joco Salvatti wrote: > Hi all, > > I visited the Nvidia's website but I didn't find anything, but I just want to > be > sure: are there any geforce device driver available for OpenBSD? > > Thanks. Not going to happen. Probably not ever. Try freebsd if you must use nvidia's binary drivers. Mike H
Re: Enable Solaris Compatibility Mode in version 3.8
"boot" thats it. On Wed, Nov 23, 2005 at 01:12:46PM -0600, Tom Pfeifer wrote: :I'd like to know how to enable Solaris Compatibility Mode in version :3.8. I've searched the FAQ's and all man pages and don't seem to be :able to find the correct information. :Thanks in advance, :[EMAIL PROTECTED] : -- A nuclear war can ruin your whole day.
Enable Solaris Compatibility Mode in version 3.8
I'd like to know how to enable Solaris Compatibility Mode in version 3.8. I've searched the FAQ's and all man pages and don't seem to be able to find the correct information. Thanks in advance, [EMAIL PROTECTED]
Geforce Driver for OpenBSD
Hi all, I visited the Nvidia's website but I didn't find anything, but I just want to be sure: are there any geforce device driver available for OpenBSD? Thanks. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
Re: Working Atheros card for openbsd 3.8-current
Reyk Floeter schreef: On Wed, Nov 23, 2005 at 12:32:26PM +0100, David Coppa wrote: Finding a suitable ath card for my homemade access point (now running with wi) is driving me crazy. I've already bought a D-LINK DWL-G520 that is not compatible: interface initialization aborts with a "RF radio not supported" error message. it's the unsupported rf2112 Are there plans for support in the not too distant future for this one?
Re: Working Atheros card for openbsd 3.8-current
David Coppa wrote: > So basically what I ask is: which atheros chipsets are known to work? > For what I've understood only AR5210 and AR5211 are safe bets. Ever looked at man ath? /M
Re: Working Atheros card for openbsd 3.8-current
On Wed, Nov 23, 2005 at 12:32:26PM +0100, David Coppa wrote: > Finding a suitable ath card for my homemade access point (now running > with wi) is driving me crazy. I've already bought a D-LINK DWL-G520 > that is not compatible: interface initialization aborts with a "RF > radio not supported" error message. > it's the unsupported rf2112 > So basically what I ask is: which atheros chipsets are known to work? > For what I've understood only AR5210 and AR5211 are safe bets. > > For example, is the card below working under 3.8? > http://www.mikrotik.com/Documentation/sr5_datasheet.pdf > I'd like to buy some stuff from these guys... > yes. not for sure, but the MAC AR5213 and the RF AR5112 are supported. i have nics with the same chipset from other vendors (i.e. senao). > I'm fscking tired of vendors silently changing chipset versions on > every new release of the same card... > !!! reyk -- /* .vantronix|secure systems - (research & development) * reyk floeter - friendly known free software engineer * [EMAIL PROTECTED] - http://team.vantronix.net/reyk/ */
bioctl Device Support
HI, I've just upgraded to 3.8, hoping that ami/bioctl would support my RAID card, which it doesn't: ami0 at pci1 dev 14 function 1 "Intel 80960RP ATU" rev 0x02: irq 14 Dell 467/32b ami0: FW 1.06, BIOS v1p00, 128MB RAM ami0: 2 channels, 16 targets, 1 logical drives scsibus0 at ami0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 17136MB, 2184 cyl, 255 head, 63 sec, 512 bytes/sec, 35094528 sec total scsibus1 at ami0: 16 targets safte0 at scsibus1 targ 6 lun 0: SCSI2 3/ processor fixed scsibus2 at ami0: 16 targets If I can ask, which models of RAID card are being worked on for the 3.9 release? Gaby -- Junkets for bunterish lickspittles since 1998! http://vanhegan.net/sudoku/ http://weblog.vanhegan.net/
Re: additional features in bsd.rd
On Tue, Nov 22, 2005 at 12:01:05PM +0100, Pete Vickers wrote: > 1. Get a dmesg output from CD-ROM booted bsd.rd to my other machine > for emailing etc. > # dmesg | nc 10.20.30.40 1234 > > 2. Get information off a machine, either for backup purposes or data > recovery etc. > # dd if=/dev/rwd0c | nc 10.20.30.40 1234 > > 3. Restore a 'disk image' from above... > # nc -l 1234 | dd of=/dev/rwd0c Why not just use ftp? -Ray-
In His Own Words - 23 New Listings
23 New Listings Using This Simple Step-by-Step System For Capturing For Sale By Owner Listings. The Story - Brand New Agent - Dallas Texas. Doesn't have a clue about how to get more listings and survive his first year in the business. The Result - 23 Active Listings. Knows what to do and what to say to get conversion on FSBO Listings. The Reason - Followed a simple system for working FSBO leads. Didn't change it. Didn't modify it. Just sent the letters, made the calls, took the listings. Want to hear it in his own words: http://www.mymproducts.com/fsbohp.php To Your Listing Success! Todd Bates Master Your Marketing www.mymproducts.com 303-708-8581 [IMAGE] [IMAGE] Email Marketing 101 7 PMB 186 - 5 Lyons Mall 7 Basking Ridge, NJ 07920 This e-mail message is an advertisement and/or solicitation.
Re: Redundant links with BGP and VPN
On 23/11/05, Kor Boerema <[EMAIL PROTECTED]> wrote: > Ok, > > I'm glad that it's possible, I just don't know how to put it all > together yet. > > So I would have to create 2 gif tunnels at each branch office. One going > over the leased lines and the other over internet. > > Over these GIF tunnels I would run ipsec to encrypt the data? > > Could you give some more information how to set this up? Just a > overview. > > It's all a bit overwhelming to be honest. > 1. You create the gif tunnels (firewall-firewall) 2. you encrypt the gif tunnels (firewall-firewall traffic, or leave this for last) 3. You integrate it with your current routing setup and just treat the tunnels as another leased line. Without knowing how your network routing is setup it's hard to be more specific on this part. Read the man page for gif and ifconfig and do a bit of trial and error. The feeling of the head spinning will go away pretty quickly and you will have a solution you feel confident with. If you don't get that feeling don't use it. This works the same with or without IPsec. The gif setup is one ifconfig command on each end, I doubt you'll need help with that.man page, tcpdump, trial/error. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, "I couldn't help it, it's my nature" =-
Re: Redundant links with BGP and VPN
Ok, I'm glad that it's possible, I just don't know how to put it all together yet. So I would have to create 2 gif tunnels at each branch office. One going over the leased lines and the other over internet. Over these GIF tunnels I would run ipsec to encrypt the data? Could you give some more information how to set this up? Just a overview. It's all a bit overwhelming to be honest. Regards, Kor Boerema -Original Message- From: tony sarendal [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 2:26 PM To: Kor Boerema Cc: misc@openbsd.org Subject: Re: Redundant links with BGP and VPN On 23/11/05, Kor Boerema <[EMAIL PROTECTED]> wrote: > Hi Tony, > > Thanks for the reply. > > In what ways do the GIF tunnels differ from a normal ipsec tunnel? > By using a tunneling protocol your traffic will from an ipsec point of view always have the same source/destination. You also avoid fragmentation of packets if the hosts talking support PMTU discovery, unless your tunnel mtu is too big of course.
Re: Community policy in openbgpd
On 23/11/05, Dennis S.Davidoff <[EMAIL PROTECTED]> wrote: > Hello all! > > Could someone show examples of complex community policy in openbgpd? > I gave it a quick try a few months ago and faced some problems. 1. bgpctl show did not display the communities (and some other attributes) 2. I failed with adding multiple communities I also belive I ran into some problem like adding communities on top of existing ones, or maybe it was clearing some communities but not all... can't remember. Another problem I faced was how to refresh things like connected/statics when I modified which communies they were being tagged with. Some of this may have changed since. Hopefully I will be able to spend some real time on how I can use bsd/bgpd in a service provider network, it depends on what I will be doing in the future. If you do any testing on this, feel free to let me know how it goes. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, "I couldn't help it, it's my nature" =-
Re: Strange behavior with carp and preemption
On Nov 23, 2005, at 5:38 AM, Eli K. Breen wrote: I found the problem you describe when I specifically set the advskew on the two carp interfaces. Give it a whirl. Give what a whirl? I do have advskew set on the carp interfaces on the backup node. Since I want one node of the two to be primary when both are alive and well. If I did not care which was master then I'd leave the advskew alone on both. -Chad
Re: Redundant links with BGP and VPN
--On 23 November 2005 13:25 +, tony sarendal wrote: On 23/11/05, Kor Boerema <[EMAIL PROTECTED]> wrote: Hi Tony, Thanks for the reply. In what ways do the GIF tunnels differ from a normal ipsec tunnel? By using a tunneling protocol your traffic will from an ipsec point of view always have the same source/destination. You also avoid fragmentation of packets if the hosts talking support PMTU discovery, unless your tunnel mtu is too big of course. And with gif you can multicast, in case you want to run OSPF.
Re: remote su root: SORRY
On Nov 20, 2005, at 10:02 PM, Paul Yiu wrote: Hi Guys, Hope you guys can help on this ssh issue has been posted in 2004. Thank you in advance. I hit the same ssh problem with openbsd 3.7. I got serial console set up, I got a user which assigned in a wheel group, when I log in using ssh as a user and try to su. System said sorry and I check /var/log/authlog it said BAD SU pyiu to root on /dev/ttyp0. I can ssh in as root, but not su as root. $ su Password: Sorry $ sudo su - Password: Results in the following entry in /var/log/authlog Nov 23 08:09:54 sabus su: BAD SU chad to root on /dev/ttyp0 I don't think the problem is with the serial console or ssh. I suspect the problem is user error. Assuming you've adjusted sudo to allow people in the wheel group, great. Then they must use sudo to run the commands. Look at my example above. The first time I simply tried using 'su' and obviously did not enter the root password. While in the next example I entered 'sudo su -' and then entered my password when prompted which then granted me a root prompt. -Chad
Re: Redundant links with BGP and VPN
On 23/11/05, Kor Boerema <[EMAIL PROTECTED]> wrote: > Hi Tony, > > Thanks for the reply. > > In what ways do the GIF tunnels differ from a normal ipsec tunnel? > By using a tunneling protocol your traffic will from an ipsec point of view always have the same source/destination. You also avoid fragmentation of packets if the hosts talking support PMTU discovery, unless your tunnel mtu is too big of course.
spamd vs the sober worm
When the mainstream press started reporting stories like "You are not under FBI surveillance" about the newest windows worm variety, I started checking my logs for signs of what the stories described. Nothing of the sort reported had reached any windows machine on our network, so I started looking at the gateway's logs. The result is a very preliminary draft which I've put at http://www.bgnett.no/~peter/pf/spamd-vs-sober-prelim.txt My problem is that the sample size is so tiny. If I am to turn this into a publishable article, I need more data. Would anyone running pf plus spamd in greylisting mode volunteer to do the same tests and send me their results (or raw data for that matter)? Any other feedback would be welcome of course, and useful data or other useful feedback will merit at least a mention in the thanks to list if this gets published. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
Re: Redundant links with BGP and VPN
Hi Tony, Thanks for the reply. In what ways do the GIF tunnels differ from a normal ipsec tunnel? Regard, Kor Boerema -Original Message- From: tony sarendal [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 11:47 AM To: Kor Boerema Cc: misc@openbsd.org Subject: Re: Redundant links with BGP and VPN Fully possible. Just use a tunneling protocol (man gif) for the point-to-points and encrypt them, then use the tunnels for dynamic routing. You even get the bonus of working path-mtu-discovery wiithin your network. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, "I couldn't help it, it's my nature" =-
Community policy in openbgpd
Hello all! Could someone show examples of complex community policy in openbgpd? -- Sincerely, Dennis
Re: openvpn to ipsec routing question
On Tue, Nov 22, 2005 at 08:31:13PM +0100, Christoph Leser wrote: > Hello, > > the question is about how to route traffic from an openvpn tunnel > to an ipsec tunnel. > > This is my setup: > > The OpenBSD gateway has an internal (10.0.1.1/24 ) > and external (x.x.x.x/30) interface. > > The internal net is NAT'ed to the external interface to provide > internet access to hosts on the internal net. > > Through the external interface an ipsec SA ( security association ) > is established ( tunnel mode ) between my internal net ( 10.0.1/24 ) > and another local net of a remote site ( 10.0.2/24 ). > > So hosts on the internal net can reach hosts on the internet > (being NAT'ed ) as well as hosts on the remote > private net 10.0.2/24 ( not being NAT'ed ). > > Now I have setup an openvpn server on this box. > This openvpn server gives out addresses from yet > another net ( 10.0.3/24 ) to the connected clients. > > Connections from openvpn clients are NAT'Ed to the internal > interface to make them appear as being directly attached > to the local private net ( 10.0.1/24 ). > > So far, it works. > > Now I want the clients on the openvpn subnet ( 10.0.3/24 ) to get > access to the remote side of the ipsec sa ( 10.0.2/24 ). > > Here is an excerpt of my ipconfig and routing table > > # ifconfig > lo0: flags=8049 mtu 33224 > inet 127.0.0.1 netmask 0xff00 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 > fxp0: flags=8943 mtu 1500 > address: 00:a0:c9:43:07:20 > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet 10.0.1.1 netmask 0xff00 broadcast 10.0.1.255 > inet6 fe80::2a0:c9ff:fe43:720%fxp0 prefixlen 64 scopeid 0x1 > fxp1: flags=8943 mtu 1500 > address: 00:a0:c9:30:b3:34 > media: Ethernet autoselect (10baseT) > status: active > inet x.x.x.254 netmask 0xfffc broadcast x.x.x.255 > inet6 fe80::2a0:c9ff:fe30:b334%fxp1 prefixlen 64 scopeid 0x2 > pflog0: flags=141 mtu 33224 > pfsync0: flags=0<> mtu 2020 > enc0: flags=0<> mtu 1536 > tun0: flags=8051 mtu 1500 > inet 10.0.3.1 --> 10.0.3.2 netmask 0x > > > # netstat -rn > Routing tables > > Internet: > DestinationGatewayFlags Refs UseMtu Interface > defaultx.x.x.254 UGS11 1211734 - fxp1 > 10.0.3/24 10.0.3.2 UGS 031900 - tun0 > 10.0.3.2 10.0.3.1 UH 10 - tun0 > x.x.x.x/30 link#2 UC 10 - fxp1 > 127/8 127.0.0.1 UGRS00 33224 lo0 > 127.0.0.1 127.0.0.1 UH 1 392 33224 lo0 > 10.0.1/24 link#1 UC 110 - fxp0 > > 224/4 127.0.0.1 URS 00 33224 lo0 > > Encap: > Source Port DestinationPort Proto > SA(Address/Proto/Type/Direction) > 10.0.2/24 0 10.0.1/24 0 0 y.y.y.y/50/use/in > 10.0.1/24 0 10.0.2/24 0 0 y.y.y.y/50/require/out > > where x.x.x.x is the external address of my box, y.y.y.y is the > external address of the remote side of the ipsec tunnel. > > > I expected this to be sufficient for the routing > from 10.0.3/24 to 10.0.2/24. > But it is not. > > Using tcpdump I see that packets entering the gateway via the > openvpn tun0 interface destined to some host on 10.0.2/24 > do not get routed to the ipsec tunnel but are routed directly > to the external interface, i.e. a packet with > source ip = 10.0.3.10 and destination ip 10.0.2.1 > is routed as is to the external interface. > > I assume that the route through the IPSEC SA is not taken into account, > as the packet to be routed is not from the internal interface. > > If there were a way to source-nat the packet when it comes in > via the tun interface, i.e. before the routing is done, maybe > all would be fine. But I don't know a way to achieve this. > > The straight forward solution to setup another ipsec tunnel > between 10.0.2/24 and 10.0.3/24 is out of reach > due to weird administrative constraints. > > Any suggestions? I'm not certain about what to do about the routing, but I'm fairly certain that all your problems would be easily solved if you would just use 10.0.0.0/25 for your internal hosts, and 10.0.0.128/25 for your OpenVPN'ed hosts. Of course, this would require some reconfiguring on the clients/DHCP server/whatever, but it should work. Especially since anything but the router already expects to find OpenVPN clients on 10.0.0.0/24. Otherwise, I see a route-to option in pf.conf(5), which might be used for explicitly sending packets over encap0... of course, you'd still need to do NAT or weird stuff would happen, but this might at least get the routing right. And NAT can come later, if ne
Re: usb2ether hw recommendation
I tried this one : > There is a working driver -- it's the rtl8150 module for the Realtek > 8150 chipset which is in the HUF11. > USB hawking Ethernet On 11/23/05, Stuart Henderson <[EMAIL PROTECTED]> wrote: > > --On 23 November 2005 11:49 +0100, Stephan A. Rickauer wrote: > > > are there any device recommendations for usb Ethernet network > > adapters supported by the drivers listed by 'apropos usb|grep -i > > ether|grep -v Class' on 3.8? Searching the web for the chipsets > > usually gives me Japanese, Taiwanese web sites or driver issues but > > no concrete devices (= things I can touch) ... > > There are plenty listed in the manpages. I think you'd be unlucky to > buy a usb-ethernet that's not supported (and if you do, you could send > it to a developer and buy something different..) HK-based vendors on > Ebay are quite good for these.
Working Atheros card for openbsd 3.8-current
Hi all in the list, Finding a suitable ath card for my homemade access point (now running with wi) is driving me crazy. I've already bought a D-LINK DWL-G520 that is not compatible: interface initialization aborts with a "RF radio not supported" error message. So basically what I ask is: which atheros chipsets are known to work? For what I've understood only AR5210 and AR5211 are safe bets. For example, is the card below working under 3.8? http://www.mikrotik.com/Documentation/sr5_datasheet.pdf I'd like to buy some stuff from these guys... I'm fscking tired of vendors silently changing chipset versions on every new release of the same card... Best Regards, David
Re: usb2ether hw recommendation
--On 23 November 2005 11:49 +0100, Stephan A. Rickauer wrote: are there any device recommendations for usb Ethernet network adapters supported by the drivers listed by 'apropos usb|grep -i ether|grep -v Class' on 3.8? Searching the web for the chipsets usually gives me Japanese, Taiwanese web sites or driver issues but no concrete devices (= things I can touch) ... There are plenty listed in the manpages. I think you'd be unlucky to buy a usb-ethernet that's not supported (and if you do, you could send it to a developer and buy something different..) HK-based vendors on Ebay are quite good for these.
usb2ether hw recommendation
Hello, are there any device recommendations for usb Ethernet network adapters supported by the drivers listed by 'apropos usb|grep -i ether|grep -v Class' on 3.8? Searching the web for the chipsets usually gives me Japanese, Taiwanese web sites or driver issues but no concrete devices (= things I can touch) ... Thanks! -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch
Re: Redundant links with BGP and VPN
Fully possible. Just use a tunneling protocol (man gif) for the point-to-points and encrypt them, then use the tunnels for dynamic routing. You even get the bonus of working path-mtu-discovery wiithin your network. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, "I couldn't help it, it's my nature" =-
Re: OpenOffice.org 2.0 works on OpenBSD
* Vladas Urbonas wrote on Nov 23, 2005 [18:38, +0900] : > first of all run > > /var/lib/rpm -qa | grep openoffice > > to see if you deleted the previous install corectly; because if you > just deleted /opt the rpm db records had been left unchanged. [EMAIL PROTECTED]: /emul/linux/opt/openoffice.org2.0/program (11:23:47)> /var/lib/rpm -qa | grep openoffice /var/lib/rpm: Command not found. [EMAIL PROTECTED]: /emul/linux/opt/openoffice.org2.0/program (11:30:48)> rpm -qa | grep openoffice failed to open /var/db/rpm/packages.rpm: No such file or directory rpmQuery: rpmdbOpen() failed * Wijnand Wiersma wrote on Nov 23, 2005 [10:54, +0100] : > --force Thanks. This did something. [EMAIL PROTECTED]: /tmp/OOO680_m3_native_packed-2_en-US.8968/RPMS (11:26:16)> /emul/linux/bin/rpm --nodeps --ignoreos --ignorearch --dbpath /var/lib/rpm --force -ivh *.rpm Preparing...### [100%] 1:openoffice.org-xsltfilt### [ 4%] 2:openoffice.org-base### [ 8%] 3:openoffice.org-calc### [ 12%] 4:openoffice.org-core01 ### [ 15%] 5:openoffice.org-core02 ### [ 19%] error: unpacking of archive failed on file /opt/openoffice.org2.0/program/pkgchk: cpio: rename failed - No such file or directory 6:openoffice.org-core03 ### [ 23%] 7:openoffice.org-core03u ### [ 27%] error: unpacking of archive failed on file /opt/openoffice.org2.0/program/classes/ScriptFramework.jar: cpio: chown failed - No such file or directory 8:openoffice.org-core04 ### [ 31%] 9:openoffice.org-core04u ### [ 35%] error: unpacking of archive failed on file /opt/openoffice.org2.0/program/libabp680li.so: cpio: chown failed - No such file or directory 10:openoffice.org-core05 ### [ 38%] error: unpacking of archive failed on file /opt/openoffice.org2.0/program/libcppu.so: cpio: rename failed - No such file or directory 11:openoffice.org-core05u ### [ 42%] error: unpacking of archive failed on file /opt/openoffice.org2.0/program/acceptor.uno.so: cpio: chown failed - No such file or directory 12:openoffice.org-core06 ### [ 46%] 13:openoffice.org-core07 ### [ 50%] 14:openoffice.org-core08 ### [ 54%] 15:openoffice.org-core09 ### [ 58%] 16:openoffice.org-core10 ### [ 62%] 17:openoffice.org-draw### [ 65%] 18:openoffice.org-gnome-in### [ 69%] 19:openoffice.org-graphicf### [ 73%] 20:openoffice.org-impress ### [ 77%] 21:openoffice.org-javafilt### [ 81%] 22:openoffice.org-math### [ 85%] 23:openoffice.org-pyuno ### [ 88%] 24:openoffice.org-spellche### [ 92%] 25:openoffice.org-testtool### [ 96%] 26:openoffice.org-writer ### [100%] Something tells me, it still didn't go through properly. I find a bunch of stuff in /emul/linux/opt/openoffice.org2.0/programs but no soffice. -- Beste Gr|_e / Best regards , Nikolaus Hiebaum
Re: Strange behavior with carp and preemption
I found the problem you describe when I specifically set the advskew on the two carp interfaces. Give it a whirl. -E- Chad M Stewart wrote: I had tested quite a bit in 3.7 in a lab environment, never found an issue. Now this is 3.8 in production for my business network. I just pulled the patch cable from the switch for the WAN NIC on the master node. Poof the FW service switched to the backup node. I then plugged the patch cable back into the switch and the FW service switched back to the master node. All expected. I pulled the LAN patch cable on the master node, FW switched over again. When I plugged the LAN patch cable back in the FW service did _not_ switch back to the master node. :( Though the 'backup' node continued providing the FW service. I tried unplugging the LAN cable again, no change. FW stayed on the 'backup' node. I checked both the WAN and LAN physical interfaces and both were active and had link. I tried 'ifconfig rl0 down' and then up but still the FW services remained on the backup node. I rebooted the master node and when it came back up the FW service moved from the backup node to the master node. I also discovered that since I'm also running squid and privoxy on these machines and via a transparent proxy setup I need to adjust the startup sequence so that squid/privoxy get time to startup before the CARP interfaces are brought up. -Chad On Nov 22, 2005, at 3:46 PM, Eli K. Breen wrote: Have you tried simply unplugging one's network cable? (to more closely replicate what would happen during a hard lock or panic?) I should think things won't be as smooth. Additionally, what happens if you shut the master down in to Single-User mode? I'm seeing a bug where if the MASTER is shutdown to single user mode it stops the BACKUP from becoming MASTER. ...which is somewhat disturbing as the original MASTER no longer actually performs any useful network functions, but it does prevent takeover of the ARP address. Has anyone else tested/run in to this? -Eli
Re: DWL-AG530 Support?
Melameth, Daniel D. wrote: Fred Crowson wrote: If you are after an 802.11g card then the Edimax EW-7128G can be found in the UK at: http://marc.theaimsgroup.com/?l=openbsd-misc&m=113101477530208&w=2 I managed to buy two from: http://www.dabs.com/productview.aspx?Quicklinx=3119 which were marginally cheaper and they are both working well with OpenBSD 3.8, using ral. Happen to be doing hostap with these? One is and one isn't - on OpenBSD 3.8 box: ral0: flags=8843 mtu 1500 lladdr 00:0e:2e:51:b3:0c media: IEEE802.11 autoselect hostap status: active ieee80211: nwid nowires chan 2 bssid 00:0e:2e:51:b3:0c 100dBm inet 10.0.5.1 netmask 0xff00 broadcast 10.0.5.255 inet6 fe80::20e:2eff:fe51:b30c%ral0 prefixlen 64 scopeid 0x4 This one is an OpenBSD 3.7 box: ral0: flags=8843 mtu 1500 address: 00:0e:2e:51:b2:f1 ieee80211: nwid wifinet chan 1 bssid 00:02:6f:21:ef:1c nwkey 100dBm media: IEEE802.11 autoselect (DS11) status: active inet 10.0.5.5 netmask 0xff00 broadcast 10.0.5.255 inet6 fe80::20e:2eff:fe51:b2f1%ral0 prefixlen 64 scopeid 0x2 HTH Fred
Network goes out until i ping
Hello, on a : -bash-3.00# uname -a OpenBSD bastion2 3.6 GENERIC#59 i386 -bash-3.00# the server just looses connectivity probably when its idle, i go to its console, ping gateway with no reply, ping a diff. host in subnet and it replies, then ping gateway again and it replies ? -bash-3.00# ifconfig -a lo0: flags=8049 mtu 33224 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 xl0: flags=8843 mtu 1500 address: 00:b0:d0:e1:6c:63 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 172.31.10.26 netmask 0xff00 broadcast 172.31.10.255 inet6 fe80::2b0:d0ff:fee1:6c63%xl0 prefixlen 64 scopeid 0x1 pflog0: flags=0<> mtu 33224 pfsync0: flags=0<> mtu 2020 enc0: flags=0<> mtu 1536 No Pf running, just Cisco PIX as its gateway ? i dont think PIX will timeout all its connections, would it ?
Re: OpenOffice.org 2.0 works on OpenBSD
Hello, I followed the instructions for installing OpenOffice 2.0, and initially it worked fine. However, OpenOffice wouldn't start. So, abesent mindedly I deleted /opt and when I want to re-install OpenOffice I get a bunch of messags telling me it's already installed. [EMAIL PROTECTED]: /tmp/OOO680_m3_native_packed-2_en-US.8968/RPMS (9:47:50)> /emul/linux/bin/rpm --nodeps --ignoreos --ignorearch --dbpath /var/lib/rpm -ivh *.rpm Preparing...### [100%] package openoffice.org-xsltfilter-2.0.0-3 is already installed package openoffice.org-base-2.0.0-3 is already installed package openoffice.org-calc-2.0.0-3 is already installed package openoffice.org-core01-2.0.0-3 is already installed package openoffice.org-core02-2.0.0-3 is already installed package openoffice.org-core03-2.0.0-3 is already installed package openoffice.org-core03u-2.0.0-3 is already installed package openoffice.org-core04-2.0.0-3 is already installed package openoffice.org-core04u-2.0.0-3 is already installed package openoffice.org-core05-2.0.0-3 is already installed package openoffice.org-core05u-2.0.0-3 is already installed package openoffice.org-core06-2.0.0-3 is already installed package openoffice.org-core07-2.0.0-3 is already installed package openoffice.org-core08-2.0.0-3 is already installed package openoffice.org-core09-2.0.0-3 is already installed package openoffice.org-core10-2.0.0-3 is already installed package openoffice.org-draw-2.0.0-3 is already installed package openoffice.org-gnome-integration-2.0.0-3 is already installed package openoffice.org-graphicfilter-2.0.0-3 is already installed package openoffice.org-impress-2.0.0-3 is already installed package openoffice.org-javafilter-2.0.0-3 is already installed package openoffice.org-math-2.0.0-3 is already installed package openoffice.org-pyuno-2.0.0-3 is already installed package openoffice.org-spellcheck-2.0.0-3 is already installed package openoffice.org-testtool-2.0.0-3 is already installed package openoffice.org-writer-2.0.0-3 is already installed file /opt/openoffice.org2.0/program/bootstraprc from install of openoffice.org-core01-2.0.0-3 conflicts with file from package openoffice.org-core01-2.0.0-3 file /opt/openoffice.org2.0/README from install of openoffice.org-core02-2.0.0-3 conflicts with file from package openoffice.org-core02-2.0.0-3 file /opt/openoffice.org2.0/README.html from install of openoffice.org-core02-2.0.0-3 conflicts with file from package openoffice.org-core02-2.0.0-3 I looked through man rpm to see if de-installing or forcing an installation exist, and I tried that, but it doesn't work. Do you have any idea how to get this installed again? -- Beste Gr|_e / Best regards , Nikolaus Hiebaum
Redundant links with BGP and VPN
Hello, We are looking at building redundancy into our leased line networks using VPN internet tunnels. Is it possible to create a hub and spoke system with connected OpenBSD machines that use BGP to trigger a different route when the leased line fails? I don't know if the explanation is clear enough so I'll provide some more information. I want to build a firewall using OpenBSD that will create a VPN tunnel trough our leased lines. This machine will also have a internet connection on a second Ethernet card on which it will build a VPN to our main office. Is it possible to use BGP to reroute the traffic over the internet VPN if the leased line VPN fails? I'm not really sure if this is possible because of how IpSEC is handled. Kind regards, Kor Boerema
Ivanhoe Insider for November 23, 2005
Medical Breakthroughs: Ivanhoe Insider Reported by Ivanhoe Broadcast News Click here to search Ivanhoe.com Premium Content In Archives 1. Epilepsy Facts and Treatments Executive Summary About 2.5 million Americans have been treated for epilepsy in the past five years. It can develop in any person at any age. However, a large majority of these patients can be successfully treated. The treatments are not cures, but their goal is to stop seizures without major side effects. To reach this goal, scientists and doctors have examined drug treatments, diet therapy, Botox, implantable devices, surgery options, and more. Full News Report > * Biothermy for Prostate Cancer In-Depth Doctor's Interview Each year, more than 230,000 men will be told they have prostate cancer, and 30,000 men will die from it. Many of the 200,000 will be successfully treated only to have their cancer return a few years later. Dr. Arve Gillette, a radiation oncologist at Community Health Network in Indianapolis, explains a new option for when traditional radiation fails. This procedure, biothermy, uses high-dose radiation and heat to target the recurring cancer. Full News Report > * Ivanhoe's Audio Answers Lewis Mehl-Madrona, Ph.D., Psychiatrist, University of Arizona, Tucson TOPIC: Brain Food for Autism Traci Miller, M.D., In this audio broadcast of Ivanhoe's in-depth doctor's interview with Lewis Mehl-Madrona, Ph.D., a psychiatrist at University of Arizona in Tucson, he explains alternative treatments for autism, including supplements, vitamins, nutritional therapy, relational therapy and more. Full Audio Webcast > Have a request for special coverage? Click here to submit it to our editors. Nov. 23, 2005 News Flashes Radiation Dangers Among Older Women FREE Breastfeeding Decreases Risk of Diabetes FREE Viagra Improves Urinary Tract Symptoms FREE Impact of Aggressive Heart Therapy FREE Removal of Precancerous Cells not a Cure FREE DBIS Home Click to View the Latest Video Clips Shedding Light on Bladder Cancer Smart Sensors for Disasters Space Pilot for Computers Smart Woman Home Is There a Perfect Paint Color? Destressing Teens Love Your Job! Smart Woman Home Reader's Request Premium Content in Archives Please note: Premium articles are only available to paid subscribers. Get more information or sign up here. E-mail a FriendTo stop receiving only the Wednesday Ivanhoe Insider, click here. To stop receiving both the Wednesday Ivanhoe Insider and the Monday First to Know Bulletin, click here and unsubscribe your e-mail address. What's New | News Flash | Discussion | Search/Archives | Ivanhoe FAQ E-mail Medical Alerts! | Our TV Partners | Awards | Useful Links | Play It Again, Please Contents copyright ) 1995-2005 Ivanhoe Broadcast News, Inc. No part of this newsletter may be reproduced without permission.
Re: remote su root: SORRY
On Wed, 23 Nov 2005, Paul Yiu wrote: > Hi Otto, > > >>I would like to see the output of userinfo pyiu. Added to that, the > >>output of getcap -f /etc/login.conf class, where class is the login > >>class of teh user, as reported by userinfo. > > login pyiu > passwd WhatEverWasHere > uid 1002 > groups users wheel > change NEVER > class > gecos Paul Yiu > dir /home/pyiu > shell /usr/local/bin/bash > expire NEVER > > pyiu do not assign to any class as shown above. > -bash-3.00# getcap -f /etc/login.conf default > default::path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin > /usr/local/bin: :umask=022: :datasize-max=256M: > :datasize-cur=75M: :maxproc-max=128: :maxproc-cur=64: > :openfiles-cur=64: :stacksize-cur=4M: > :localcipher=blowfish,6::ypcipher=old: :auth=passwd,skey: > :auth-ftp=passwd: > > >>Also, we need to see the exact command line used and errors reported. > >>Not just some vague description. > > I use ssh.com client 3.2.9 to login as pyiu and type su to su as root > and what has been capture in /var/log/authlog is > Nov 21 11:27:02 openbsd1 su: BAD SU pyiu to root on /dev/ttyp0 > I can provide more details if necessery. Sigh. Exact details please. Does su print "Sorry"? Or anything else? Some things you can do to isolate the problem: 1. Login on console as pyiu and try to su. 2. When logged in, ssh to localhost as pyiu and then try to su Please give exact reports on what is printed on screen and written to authlog in these cases. If that does not give a clue, I might need to add some debug code to su to see what is going on. -Otto