Re: Does iocharset option be supported in OpenBSD mount?
Armand Chen wrote: Hi all :-) After I switched to OpenBSD, there are still some data in my old NTFS partition. I've made the NTFS support into kernel, and successfully mounted the NTFS partision. The problem is, some filename of the data is encoded other than ISO8859-1. In other UNIX-like systems, I could use savior option like this: Code: mount -t ntfs -r -o iocharset=ENCODING /dev/DEVICEPARTITION /mnt But the iocharset seems not be supported in OpenBSD, because the system told me: Code: mount_ntfs: -o iocharset: option not supported Does this option be unsupported or just there exists some tweaks whick I don't know? Thx you guys and hope there would be someone to give me some hints :-) Hi, don't know if there's a port for openbsd but the tool convmv does exactly what you want. Convert Filenames from one encoding to another encoding. guido
Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security.
On 2006-01-27 01:42:13 +1100, Shane J Pearson wrote: What an incredible load of tripe!... This belongs on advocacy.
state of sasyncd + udpencap port state
Hello all, I have two questions: 1) What is the state of sasyncd in 3.8? (I'm currently running stable without any patches). The only hint that there would be known bugs or that sasyncd would be incomplete is this email: http://archives.neohapsis.com/archives/openbsd/2005-10/1804.html. 2) I have an IPsec tunnel from a soekris box (with custom kernel) through a NAT. I ping through the tunnel and the replies come back to the soekris. UDP encapsulation works fine until I reboot the NAT box. After rebooting the NAT box, the IPsec gateway continues to send back replies on the old port (51884), but the NAT box has chosen another source port, obviously. tcpdump on the NAT box after reboot: 09:51:49.835997 217.13.255.140.64819 217.13.255.183.4500: udpencap: esp 217.13.255.140 217.13.255.183 spi 0x5ACCA1E0 seq 241 len 132 09:51:49.837076 217.13.255.183.4500 217.13.255.140.51884: udpencap: esp 217.13.255.183 217.13.255.140 spi 0x89134FAD seq 192 len 132 Before reboot, the NAT machine (217.13.255.140) sent packets with source port 51884 and everything worked fine. Why is 217.13.255.183 (the IPsec gateway) still sending back replies to the old port (51884) instead of the new port 64819? The issue is resolved after the SA expires and a new SA is set up. Thanks for any help or hints! /Martin
Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security.
* Will H. Backman [EMAIL PROTECTED] [2006-01-26 23:15]: By sending carefully crafted sequence of IP packet fragments, a remote attacker can cause a system running pf with a ruleset containing a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule to crash. 1: Has this been verified to actually cause a panic on OpenBSD yes. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security.
On Thu, 26 Jan 2006, Rob W wrote: http://www.securityfocus.com/bid/16375 is minor but important enough to report? A way to remotly crash a OpenBSD box is minor? If the number of systems affected is low, the answer may be yes. This problem only exists if you enable specific scrubbing options in pf. As a rule of thumb, you can look at the fraction of machines affected multiplied but the severity of the problem. This gives some indication if something is going to hit errata. We are not hiding things, just follow src-changes to get everything. -Otto
Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security.
On Fri, Jan 27, 2006 at 10:07:33AM +0100, Otto Moerbeek wrote: On Thu, 26 Jan 2006, Rob W wrote: http://www.securityfocus.com/bid/16375 is minor but important enough to report? A way to remotly crash a OpenBSD box is minor? If the number of systems affected is low, the answer may be yes. This problem only exists if you enable specific scrubbing options in pf. As a rule of thumb, you can look at the fraction of machines affected multiplied but the severity of the problem. This gives some indication if something is going to hit errata. We are not hiding things, just follow src-changes to get everything. Or Full-Disclosure or one of the like, for a more generic security list. See http://lists.grok.org.uk. It doesn't have much OpenBSD content, of course... ;-) Joachim
Squid and named DNS
I have an OpenBSD gateway which share the Internet and use Squid.
Squid proxy work transparent, OpenBSD PF allow this thing :
rdr pass on fxp0 proto tcp to port www - 127.0.0.1 port 3128
I use Squid to filter web content like ad and pop-up (adzaper), I don't
use Squid for cache.
The problem is, when i use Squid many webpage open slow, for example
sometimes i wait much in Firefox at Waiting for www.pagexy.com...
message. Without Squid all page open faster.
I use named on gateway. I have this settings in /var/named/etc/named.conf
acl clients {
192.168.10.0/24;
::1;
};
options {
forward only;
forwarders { 193.231.249.1; };
version ; // remove this to allow version queries
listen-on{ any; };
listen-on-v6 { any; };
allow-recursion { clients; };
};
I hear Squid don't really like named, is true? or anyone use Squid with
named and don't have problems, any idea?
Thank you very much !
Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security. (offlist)
From: Chris Zakelj [EMAIL PROTECTED] This is a denial of service, not a security exploit. Crashing a box causes headaches, but the data within is still out of the reach of those who would like to steal it. It isn't important that people can crash your box remotely and make the services provided unavailable? The data may be out of reach, but I think that denial of service attacks also are important. _ Ta' pe udsalg eret rundt pe MSN Shopping: http://shopping.msn.dk - her finder du altid de bedste priser
Re: Safety of a shutdown when no user could log in
Nick Holland wrote: ...much bigger, if we get the 1G physical disk limit overcome in OpenBSD). er... 1T physical disk limit... (hey, some of us old timers were really wowed by the first 1G drives. Or the first 20M drives... We get our staggering amount of storage units confused easily. :) Nick.
Re: Safety of a shutdown when no user could log in
On Fri, 27 Jan 2006 06:43:35 -0500 Nick Holland [EMAIL PROTECTED] wrote: Nick Holland wrote: ...much bigger, if we get the 1G physical disk limit overcome in OpenBSD). er... 1T physical disk limit... (hey, some of us old timers were really wowed by the first 1G drives. Or the first 20M drives... We get our staggering amount of storage units confused easily. :) I was really impressed when we got two 150 MB drives for the old PDP-11/70. $15,000 each and $15,000 for the disk controller. We had so much space we didn't know what to do with it all. Eric Johnson
Re: Squid and named DNS
Hi, ...on Fri, Jan 27, 2006 at 12:10:22PM +0200, Kiraly Zoltan wrote: I use Squid to filter web content like ad and pop-up (adzaper), I don't use Squid for cache. The problem is, when i use Squid many webpage open slow, for example sometimes i wait much in Firefox at Waiting for www.pagexy.com... message. Without Squid all page open faster. I assume that with your contentfilter setup squid won't pass data until it's been fully loaded - otherwise the content filter can't be shure to block the transmission if it detects anything harmful. So you will see a considerable delay more or less by design. Not using caching is also counterproductive, as you'll have the system scanning everything all over again. I hear Squid don't really like named, is true? or anyone use Squid with named and don't have problems, any idea? That sounds like a bit of crap to me, in what way should squid not like named? Ok, both can be memory hogs, depending on their configuration, so if you're low on memory you wouldn't want to have both on the same box, but that's about it... I doubt DNS is your problem, but your setup is probably suboptimal. Squid does it's own DNS caching, so letting it access a server that is forward-only itself (basically another cache level) at least won't do much good. Alex.
Re: Squid and named DNS
Hi;
I am not sure what you are saying here, but if you think you are
having a DNS isse, then try adding this to your squid.conf:
dns_testnames localhost
Have you disabled caching? If this does not work, then you should
probably bring this up in the squid-users list,
[EMAIL PROTECTED]
Good luck,
-mike
Quoting Kiraly Zoltan [EMAIL PROTECTED]:
I have an OpenBSD gateway which share the Internet and use Squid.
Squid proxy work transparent, OpenBSD PF allow this thing :
rdr pass on fxp0 proto tcp to port www - 127.0.0.1 port 3128
I use Squid to filter web content like ad and pop-up (adzaper), I don't
use Squid for cache.
The problem is, when i use Squid many webpage open slow, for example
sometimes i wait much in Firefox at Waiting for www.pagexy.com...
message. Without Squid all page open faster.
I use named on gateway. I have this settings in /var/named/etc/named.conf
acl clients {
192.168.10.0/24;
::1;
};
options {
forward only;
forwarders { 193.231.249.1; };
version ; // remove this to allow version queries
listen-on{ any; };
listen-on-v6 { any; };
allow-recursion { clients; };
};
I hear Squid don't really like named, is true? or anyone use Squid with
named and don't have problems, any idea?
Thank you very much !
Re: Strange behaviour of ``ifconfig -alias''
On Fri, 27 Jan 2006, Alexander Hall wrote: Hi! I just noticed (the hard way) a strange behaviour of ifconfig. In short, if I supply a netmask when removing an alias with ``-alias address'', it is not, as one would expect, ignored, but rather used as the netmask for the primary address of the interface. While it would not be necessary to supply the netmask when removing an alias, I cannot see that this behaviour would be expected. I would rather expect an error or that the netmask was ignored. Or am I totally wrong? alias/-alias is a _parameter_ and should come after the address. It would be better if ifconfig would be more strict, but its argument parsing code is a nightmare -Otto Example follows: $ ifconfig xl0 xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:06:5b:36:f8:e1 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::206:5bff:fe36:f8e1%xl0 prefixlen 64 scopeid 0x1 inet 192.168.2.130 netmask 0xff00 broadcast 192.168.2.255 $ sudo ifconfig xl0 inet alias 192.168.2.140 netmask 255.255.255.255 $ ifconfig xl0 xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:06:5b:36:f8:e1 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::206:5bff:fe36:f8e1%xl0 prefixlen 64 scopeid 0x1 inet 192.168.2.130 netmask 0xff00 broadcast 192.168.2.255 inet 192.168.2.140 netmask 0x broadcast 192.168.2.140 $ sudo ifconfig xl0 inet -alias 192.168.2.140 netmask 255.255.255.255 ifconfig: SIOCAIFADDR: File exists $ ifconfig xl0 xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:06:5b:36:f8:e1 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::206:5bff:fe36:f8e1%xl0 prefixlen 64 scopeid 0x1 inet 192.168.2.130 netmask 0x broadcast 192.168.2.130 ^^ madness /Alexander
Re: Strange behaviour of ``ifconfig -alias''
On Fri, Jan 27, 2006 at 02:18:10PM +0100, Alexander Hall wrote: Hi! I just noticed (the hard way) a strange behaviour of ifconfig. In short, if I supply a netmask when removing an alias with ``-alias address'', it is not, as one would expect, ignored, but rather used as the netmask for the primary address of the interface. While it would not be necessary to supply the netmask when removing an alias, I cannot see that this behaviour would be expected. I would rather expect an error or that the netmask was ignored. Or am I totally wrong? Example follows: $ ifconfig xl0 xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:06:5b:36:f8:e1 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::206:5bff:fe36:f8e1%xl0 prefixlen 64 scopeid 0x1 inet 192.168.2.130 netmask 0xff00 broadcast 192.168.2.255 $ sudo ifconfig xl0 inet alias 192.168.2.140 netmask 255.255.255.255 $ ifconfig xl0 xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:06:5b:36:f8:e1 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::206:5bff:fe36:f8e1%xl0 prefixlen 64 scopeid 0x1 inet 192.168.2.130 netmask 0xff00 broadcast 192.168.2.255 inet 192.168.2.140 netmask 0x broadcast 192.168.2.140 $ sudo ifconfig xl0 inet -alias 192.168.2.140 netmask 255.255.255.255 ifconfig: SIOCAIFADDR: File exists $ ifconfig xl0 xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:06:5b:36:f8:e1 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::206:5bff:fe36:f8e1%xl0 prefixlen 64 scopeid 0x1 inet 192.168.2.130 netmask 0x broadcast 192.168.2.130 ^^ madness http://marc.theaimsgroup.com/?l=openbsd-miscm=111852853930931
Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security. (offlist)
Rob W wrote: From: Chris Zakelj [EMAIL PROTECTED] This is a denial of service, not a security exploit. Crashing a box causes headaches, but the data within is still out of the reach of those who would like to steal it. It isn't important that people can crash your box remotely and make the services provided unavailable? The data may be out of reach, but I think that denial of service attacks also are important. It is considered bad form and impolite to take a private response and publicly reply. That said, you miss the point. A denial of service isn't a data security issue, it's a data availability issue. Yes, a DoS attack is important, but I'd rather have my data completely unavailable (and have to go reboot the machine) than have it spewed all across the internet.
Re: Safety of a shutdown when no user could log in
On Thu, Jan 26, 2006 at 10:30:08PM -0500, Nick Holland wrote: AndrC)s Delfino wrote: What I'm trying to ask is this: if a user turns on the computer, and can't log in, is it safe to power off the computer without using halt, or shutdown, (ie. pressing the power off button)? SHOULD you power down uncleanly? No. Can you? Usually. :) I would even go as far as to say, almost always. If your machine is busy, doing things that regularly write to disk, yeah, you really don't want to hit the power button. HOWEVER, if your machine is idle at the moment and you don't have an easy way to do a proper shut down, go ahead, hit the power button. FFS is pretty darned robust. It will cough and sputter a small amount on reboot, but it generally cleans itself up and comes up just fine. Will it do this EVERY time? Probably not. If you were in the middle of writing files, you can probably guess they are not-as-you-intended, and depending on what they were, you might be really upset about this. Or you might just say, Whatever, get back to filtering packets for me, please, and never notice any dammage at all. The only time I can recall a system going down hard and not getting back up was when a SCSI card fell out of a machine with the power on (not a very interesting story -- IBM NetFinity 3000, for some unknown reason, they thought it was cute to HANG the cards umop apisdn in the machine...and I thought I'd be lazy and not put that annoying bracket in for this quick test. I think I was doing a cvs checkout (lots of writing), and the SCSI adapter fell out. File system was trashed, there. :) (hm. just recalled another time, which also, curiously, involved a CVS checkout...) IN FACT, on many occasions, I'll be too lazy to properly halt the machine (and wasn't going to need it immediately when it came back up) and just hit the power button. This is not how you want to run your machine normally, but stuff happens. I'd never want to put a really unstable file system, one that couldn't take an oops!, into production. If it can take an oops!, it can probably take a deliberate :) IF you anticipate the need for this, a few tips: make your partitions as small as possible (and extra space unused and unmounted) with as few files as possible, mount as many partitions RO (Read Only) as you can get away with for your application, try to minimize tasks that write to disk, and have a good backup. This will minimize the time the system spends doing an fsck on reboot...and the backup will save you when you want to kick my butt because you didn't notice all the qualifiers I put in this note. :) Of course remember to keep / or more exactly /dev mounted RW because of permissions in /dev. Btw. shouldn't a warnig being spit out by syslog if system finds the /dev/tty* stuff unchangeable? Not bad design principles, in general. I have set up a large archiving system -- the point is BIG and RELIABLE (or actually, repairable, without losing data), not super fast. It currently has around 1.8T of storage, and if maxed out with its current design (and current technology), about 4T of storage (all for about $5000US! I used to install 20M hard disks in machines for almost that much money! :). Storage is broken up into manageable chunks (about 300G at the moment, 500G if we were to max it out...much bigger, if we get the 1G physical disk limit overcome in OpenBSD). Trip over that power cord, we'll be waiting a while. HOWEVER, the design helps keep that manageable -- once a chunk is filled, it is remounted read-only, and only one or two reserve chunks are kept read-write. Plus, the time critical stuff is kept on a smaller machine to keep the (re)boot times to a minimum. And yes, I yanked the power cord just to see what would happen (ans: after about 20 minutes to reboot, nothing exciting...though I was careful not to do this test during the hourly fetch cycle). Remounting stuff RO after it is filled is quite a nice idea I never thought about. How do you decide when to mount it RO? Cronjob? After each fetch? So..in short: if you need to, go ahead, hit the button. Though if you can shut it down properly, please do so, that is always the prefered method. Nick.
Re: Debugging httpd
For the archives: On 1/22/06, Alexander Farber [EMAIL PROTECTED] wrote: how could I please compile the in-tree Apache with -ggdb added and -O2 removed? I've tried setting EXTRA_CFLAGS=-ggdb in src/Configuration, but that file seems not to be used. cd /usr/src/usr.sbin/httpd make -f Makefile.bsd-wrapper DEBUG=1 CFLAGS=-ggdb -O0 clean make -f Makefile.bsd-wrapper DEBUG=1 CFLAGS=-ggdb -O0 obj make -f Makefile.bsd-wrapper DEBUG=1 CFLAGS=-ggdb -O0 depend make -f Makefile.bsd-wrapper DEBUG=1 CFLAGS=-ggdb -O0 sudo make -f Makefile.bsd-wrapper DEBUG=1 CFLAGS=-ggdb -O0 install This has even put the flags -ggdb -O0 into /usr/sbin/apxs, so that I was able to debug my Apache module in gdb right away. Also I was wrong about src/Configuration not being used
Re: Strange behaviour of ``ifconfig -alias''
Otto Moerbeek wrote: On Fri, 27 Jan 2006, Alexander Hall wrote: I just noticed (the hard way) a strange behaviour of ifconfig. In short, if I supply a netmask when removing an alias with ``-alias address'', it is not, as one would expect, ignored, but rather used as the netmask for the primary address of the interface. alias/-alias is a _parameter_ and should come after the address. It would be better if ifconfig would be more strict, but its argument parsing code is a nightmare -Otto Ah. Got it. I agree on the strict parsing. Would have saved me from a headache last night. :-/ Thanks, Alexander
Re: Strange behaviour of ``ifconfig -alias''
Marco Pfatschbacher wrote: On Fri, Jan 27, 2006 at 02:18:10PM +0100, Alexander Hall wrote: Hi! I just noticed (the hard way) a strange behaviour of ifconfig. In short, if I supply a netmask when removing an alias with ``-alias address'', it is not, as one would expect, ignored, but rather used as the netmask for the primary address of the interface. http://marc.theaimsgroup.com/?l=openbsd-miscm=111852853930931 Thanks. A combination of being upset and that too often ocurring sensation of I have followed misc for so long now and I sure have not seen this issue made me overlook the archives. Now I see the syntax error (ip address should be prior to [-]alias), and although I would have expected an error message rather than some undocumented behaviour, I suppose I'll learn to live with it since I do not have the time or skills to fix it. /Alexander
webmin like for openbsd
guys do you have any idea if their's another package like webmin for openbsd? what is your comment also about webmin.. is it safe to use? thanks guys.. ;)
Re: webmin like for openbsd
On Jan 27, 2006, at 8:46 AM, [EMAIL PROTECTED] wrote: guys do you have any idea if their's another package like webmin for openbsd? No. what is your comment also about webmin.. is it safe to use? No. thanks guys.. ;) NP.
Re: webmin like for openbsd
On Fri, 27 Jan 2006 [EMAIL PROTECTED] wrote: guys do you have any idea if their's another package like webmin for openbsd? what is your comment also about webmin.. is it safe to use? thanks guys.. ;) Been using it for years, .. of course, the first thing you do is restrict all clients to the local subnet (after installing Perl SSL, of course). Lee Leland V. Lammert[EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net
Re: Squid and named DNS
Hi,
I use squid in a similar environment too and have
learnt in comp.protocols.dns.bind that forwarders are evil.
Remove that line from your named.conf.
I also used adzap (and before - squeezeball) to
filter out ads for my home network hanging on ADSL
But then I stopped doing that and just installed the Adblock
extension on all my Firefox installations (both OpenBSD and Win).
Adblock just lets you block more stuff than just images and adding
new block rules is easy (you can export and reuse them too)
Also I had DNS problems for the zaps-images used by AdZap -
check if maybe that is the reason for your slowliness as well.
I had them on my internal web server, but the ServerName on
that web server was wrong. That slowed all my browsing down
Regards
Alex
On 1/27/06, Kiraly Zoltan [EMAIL PROTECTED] wrote:
I have an OpenBSD gateway which share the Internet and use Squid.
Squid proxy work transparent, OpenBSD PF allow this thing :
rdr pass on fxp0 proto tcp to port www - 127.0.0.1 port 3128
I use Squid to filter web content like ad and pop-up (adzaper), I don't
use Squid for cache.
The problem is, when i use Squid many webpage open slow, for example
sometimes i wait much in Firefox at Waiting for www.pagexy.com...
message. Without Squid all page open faster.
I use named on gateway. I have this settings in /var/named/etc/named.conf
acl clients {
192.168.10.0/24;
::1;
};
options {
forward only;
forwarders { 193.231.249.1; };
version ; // remove this to allow version queries
boot.conf timeout ignored on amd64?
Hi, I'm working on an amd64 box (Opteron 146) with a soft raid with autoconfig in place. The soft raid works fine, but boot.conf is somewhat weird. Some experimenting revealed that I have three partitions which are recognized as boot partitions: /dev/wd0a, /dev/wd1a, and /dev/raid0a. On /dev/wd0a, the /etc/boot.conf file is recognized (what happens if wd0 goes bad??). But the kernel listed therein is taken from /dev/raid0a: - /etc/boot.conf --- set timeout 30 boot /bsd.mpr - /etc/boot.conf --- This should give me a 30 second pause before the machine boots the named kernel, but instead, it boots _immediately_, so I have no time to make up my mind to choose a different kernel. What am I doing wrong? This is a machine originally installed with 3.7, now running stock 3.8 on it's way to -stable. TIA! Best, --Toni++
Periodic Account Review
Dear Customer, At First Usa Bank the greatest responsability to our customer is the safekeeping of confidential information you have entrusted to us and using it in a responsable manner. A fundamental element of safeguarding your confidential information is to provide protection against unauthorized access or use of this information. We maintain physical, electronic and procedural safeguards that comply with federal guidelines to guard your nonpublic personal information against unauthorized access. At this time we need you to confirm your online account with our existing database. As soon as our database will be updated we need to make a few important anouncements to our customers so please update your contact information with no delay. The account statement for your Online Banking account can be confirmed at any time clicking the link bellow: http://online.firstusa.com/bank/services/update.php?account4725 Our database will be instantly updated. We are committed to the responsible use and protection of customer information on our website. At First Usa Bank we are dedicated to providing you with exceptional service and to ensuring your trust. If you have any questions regarding our services, please check the website or call our customer service. Warmly, Lisa Benson, First Usa Bank. A Bank One Company. First Usa Bank , Wilmington, DE 19850-5298 Call us: (877) 999-3873
Re: webmin like for openbsd
yes, see here its only for pf i think http://www.allard.nu/pfw/ -Thomas On Fri, 2006-01-27 at 22:46 +0800, [EMAIL PROTECTED] wrote: guys do you have any idea if their's another package like webmin for openbsd? what is your comment also about webmin.. is it safe to use? thanks guys.. ;)
Re: boot.conf timeout ignored on amd64?
On Fri, Jan 27, 2006 at 06:05:16PM +0100, Toni Mueller wrote: - /etc/boot.conf --- set timeout 30 boot /bsd.mpr - /etc/boot.conf --- The boot commands instructs it to boot there and then.
Re: boot.conf timeout ignored on amd64?
On 2006/01/27 17:30, John Wright wrote: On Fri, Jan 27, 2006 at 06:05:16PM +0100, Toni Mueller wrote: - /etc/boot.conf --- set timeout 30 boot /bsd.mpr - /etc/boot.conf --- The boot commands instructs it to boot there and then. 'set image' is probably what's wanted instead.
Re: boot.conf timeout ignored on amd64?
On Friday, January 27, Toni Mueller wrote: - /etc/boot.conf --- set timeout 30 boot /bsd.mpr - /etc/boot.conf --- This should give me a 30 second pause before the machine boots the named kernel, but instead, it boots _immediately_, so I have no time to make up my mind to choose a different kernel. What am I doing wrong? No, boot.conf is just as if you had typed the stuff on the command line. When you say 'boot foo', the bootblocks go ahead, and boot foo. No wait. No sleep. What you want is something like: set timeout 30 set image /bsd.mpr --Toby.
bgpd.conf (zebra) - bgpd.conf (OpenBGPD)
Hello list,
I'm not sure if this the right place to post this question, but I
couldn't find any other better list.
My problem is that I recently changed my OS on a i386 router from Linux
to OpenBSD (3.8). On that router I run Quagga and now I want to switch
to OpenBGPD, but I have problems translating zebra's bgpd.conf to
OpenBGPD.
The zebra's /etc/zebra/bgpd.conf is:
!
! Zebra configuration saved from vty
! 2006/01/25 05:12:14
!
hostname router
password secret
enable password secret
!
router bgp xxx66
bgp router-id 82.xxx.xxx.xxx
network 86.aaa.bbb.ccc/21
redistribute kernel
redistribute static
redistribute connected
neighbor 82.xxx.xxx.yyy remote-as ab08
neighbor 82.xxx.xxx.yyy description MyISP
neighbor 82.xxx.xxx.yyy weight 100
neighbor 82.xxx.xxx.yyy route-map rm-myisp-out out
!
route-map rm-myisp-out permit 100
set local-preference 110
set community ab08:1000 ab08:2000
set ip next-hop peer-address
!
line vty
!
I tried the following configuration in OpenBGP's /etc/bgpd.conf, with no
success:
# macros
MyISP=82.xxx.xxx.yyy
# global configuration
AS xxx66
router-id 82.xxx.xxx.xxx
listen on 82.xxx.xxx.xxx
log updates
network 86.aaa.bbb.ccc/21
# neighbors and peers
neighbor $MyISP {
remote-as ab08
descr MyISP
holdtime 180
holdtime min 3
announce self
set localpref 110
set community ab08:1000
set community ab08:2000
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any prefixlen 8 - 24
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen = 8
[...]
With this configuration (OpenBGPD) it seems that I receive only routes
within MyISP AS (ab08); with zebra (running on the very same machine)
everything runs smoothly.
Is there anything I should try, or I should use good-old zebra (quagga)?
Thanks,
--
Bogdan Hojda [EMAIL PROTECTED]
dhcpd pid file
Greetings misc@, Though I have been successfully running dhcpd myself for a few years now, it has come to my attention when writing some scripts to help maintain systems that there is no /var/run/dhcpd.pid file. Is this by design? If so, is it possible to have it generate the pid file on startup? (I do see a thread about this back in 2004 when 3.6-current was still being tested.) I understand many are not fans of having lots of pid files laying around their box. What then is the recommended way of killing and restarting the daemon? Many thanks, Matt
Intel 82801 SMBus dmesg question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Had originally posted a message Tuning NFS File Transfer Speed and had eventually posted a Solved reply to it on the list. That turned out to be erroneous. It did turn out to be a hardware issue. Had some leaking capacitors on the old VIA Abit mobo and replaced it with a Aopen MX3ST mobo picked up on the cheap. All seems to be working okay so far, but my question concerns what dmesg is saying. I googled all over, searched in the archives, and came up with lots of dmesg's that mentioned it, but didn't explain specifically what that one line meant. It says: Intel 82801BA SMBus rev 0x05 at pci0 dev 31 function 3 not configured Before asking anything on the list, I tried different things in the BIOS like disabling USB, the onboard NIC, juggled some IRQ's, just generally doing some experimenting, but the message is still there. I'd just like to know what exactly it means maybe be pointed to a site that explains it so I can learn more about it. Will put in output of dmesg ifconfig below. Thanks for all replies. Denny White - --- OpenBSD 3.8-stable (GENERIC) #4: Tue Jan 17 02:45:42 UTC 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 801 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 266969088 (260712K) avail mem = 236720128 (231172K) using 3284 buffers containing 13451264 bytes (13136K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(f4) BIOS, date 07/19/02, BIOS32 rev. 0 @ 0xfb140 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdef0/128 (6 entries) pcibios0: PCI Exclusive IRQs: 9 10 11 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371SB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xc000 0xcc000/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82815 Hub rev 0x04 vga1 at pci0 dev 2 function 0 Intel 82815 Graphics rev 0x04: aperture at 0xe000, size 0x400 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb0 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x05 pci1 at ppb0 bus 1 fxp0 at pci1 dev 8 function 0 Intel 82562 rev 0x03: irq 11, address 00:01:80:0b:76:77 inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0 xl0 at pci1 dev 10 function 0 3Com 3c905C 100Base-TX rev 0x78: irq 11, address 00:01:03:1a:2f:21 bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY, rev. 7 ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x05 pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x05: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD400BB-00AUA1 wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors wd1 at pciide0 channel 0 drive 1: WDC WD300BB-00AUA1 wd1: 16-sector PIO, LBA, 28629MB, 58633344 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 4 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HP, CD-Writer+ 9500b, 1.06 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x05: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered Intel 82801BA SMBus rev 0x05 at pci0 dev 31 function 3 not configured uhci1 at pci0 dev 31 function 4 Intel 82801BA USB rev 0x05: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered auich0 at pci0 dev 31 function 5 Intel 82801BA AC97 rev 0x05: irq 9, ICH2 AC97 ac97: codec id 0x41445360 (Analog Devices AD1885) ac97: codec features headphone, Analog Devices Phat Stereo audio0 at auich0 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 lm0 at isa0 port 0x290/8: W83627HF npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ed65 netmask ed65 ttymask fde7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches
Re: dhcpd pid file
* Matthew S Elmore [EMAIL PROTECTED] [2006-01-27 20:55]: Though I have been successfully running dhcpd myself for a few years now, it has come to my attention when writing some scripts to help maintain systems that there is no /var/run/dhcpd.pid file. Is this by design? yes. pid files are useless. I understand many are not fans of having lots of pid files laying around their box. What then is the recommended way of killing and restarting the daemon? pkill(1) -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: bgpd.conf (zebra) - bgpd.conf (OpenBGPD)
* Bogdan Hojda [EMAIL PROTECTED] [2006-01-27 19:59]:
I tried the following configuration in OpenBGP's /etc/bgpd.conf, with no
success:
# macros
MyISP=82.xxx.xxx.yyy
# global configuration
AS xxx66
router-id 82.xxx.xxx.xxx
you probably don't want this, bgpd picks one itself. you certainly
don't need it, it shouldn't make a differnce tho.
listen on 82.xxx.xxx.xxx
this might be your problem - just leave it out.
log updates
whilst fine for debugging, I doubt you want this in the long run,
syslog will likely chew more CPU logging than bgpd actually doing its
job ;)
network 86.aaa.bbb.ccc/21
# neighbors and peers
neighbor $MyISP {
remote-as ab08
descr MyISP
holdtime 180
holdtime min 3
these two are defaults anyway, I'd leave them out.
announce self
set localpref 110
set community ab08:1000
set community ab08:2000
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any prefixlen 8 - 24
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen = 8
[...]
you left anything out here?
you either have an error in the filters or, well, not obvious at a
first glance.
With this configuration (OpenBGPD) it seems that I receive only routes
within MyISP AS (ab08); with zebra (running on the very same machine)
everything runs smoothly.
that points to a problem with the filters, or your ISP is not adding
its own AS leftmost to the path. in the latter case, try
enforce neighbor-as no
in the neighbor spec. That would be s slightly strange setup tho unless
you talk to a route-server at an IX or the like.
Is there anything I should try,
ya
or I should use good-old zebra (quagga)?
nah :)
--
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
Re: Intel 82801 SMBus dmesg question
On Fri, 27 Jan 2006, Denny White wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Had originally posted a message Tuning NFS File Transfer Speed and had eventually posted a Solved reply to it on the list. That turned out to be erroneous. It did turn out to be a hardware issue. Had some leaking capacitors on the old VIA Abit mobo and replaced it with a Aopen MX3ST mobo picked up on the cheap. All seems to be working okay so far, but my question concerns what dmesg is saying. I googled all over, searched in the archives, and came up with lots of dmesg's that mentioned it, but didn't explain specifically what that one line meant. It says: Intel 82801BA SMBus rev 0x05 at pci0 dev 31 function 3 not configured Before asking anything on the list, I tried different things in the BIOS like disabling USB, the onboard NIC, juggled some IRQ's, just generally doing some experimenting, but the message is still there. I'd just like to know what exactly it means maybe be pointed to a site that explains it so I can learn more about it. Will put in output of dmesg ifconfig below. Thanks for all replies. There's nothing wrong. It just mean SMBus is not supported. SMBus is a system management bus. It is generally used to read and control fans, temperature sensors and such. It is not supported on 3.8, but 3.9 will support a wide variety of SMBus controllers. Install 3.9-beta to take a look. It's available on the various mirrors. The ichiic(4) and iic(4) man pages contain some more info. You can read them via the web site: http://www.openbsd.org/cgi-bin/man.cgi?query=ichiic -Otto
Re: bgpd.conf (zebra) - bgpd.conf (OpenBGPD)
On Fri, Jan 27, 2006 at 07:49:07PM +0200, Bogdan Hojda wrote:
Hello list,
I'm not sure if this the right place to post this question, but I
couldn't find any other better list.
My problem is that I recently changed my OS on a i386 router from Linux
to OpenBSD (3.8). On that router I run Quagga and now I want to switch
to OpenBGPD, but I have problems translating zebra's bgpd.conf to
OpenBGPD.
The zebra's /etc/zebra/bgpd.conf is:
!
! Zebra configuration saved from vty
! 2006/01/25 05:12:14
!
hostname router
password secret
enable password secret
No longer needed in bgpd.
!
router bgp xxx66
bgp router-id 82.xxx.xxx.xxx
In normal cases you don't need to set the router-id.
network 86.aaa.bbb.ccc/21
redistribute kernel
redistribute static
redistribute connected
Do you realy want to redistribute everything. That is super evil.
neighbor 82.xxx.xxx.yyy remote-as ab08
neighbor 82.xxx.xxx.yyy description MyISP
neighbor 82.xxx.xxx.yyy weight 100
neighbor 82.xxx.xxx.yyy route-map rm-myisp-out out
!
route-map rm-myisp-out permit 100
set local-preference 110
Setting local-pref in an outgoing route-map to a EBGP peer is a NOP.
Local-pref is a non transitive attribute.
set community ab08:1000 ab08:2000
set ip next-hop peer-address
!
line vty
!
I tried the following configuration in OpenBGP's /etc/bgpd.conf, with no
success:
# macros
MyISP=82.xxx.xxx.yyy
# global configuration
AS xxx66
router-id 82.xxx.xxx.xxx
listen on 82.xxx.xxx.xxx
log updates
network 86.aaa.bbb.ccc/21
Till here looks fine. But as Henning said router-id and listen on are
superfluous
# neighbors and peers
neighbor $MyISP {
remote-as ab08
descr MyISP
holdtime 180
holdtime min 3
announce self
set localpref 110
set community ab08:1000
set community ab08:2000
}
This is not doing what you think it should. set community ab08:1000 works
on incomming announcements and not on stuff you announce.
So either you do a
network 86.aaa.bbb.ccc/21 set { community ab08:1000 community ab08:2000 }
or use a filter
match to $MyISP set { community ab08:1000 community ab08:2000 }
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any prefixlen 8 - 24
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen = 8
[...]
With this configuration (OpenBGPD) it seems that I receive only routes
within MyISP AS (ab08); with zebra (running on the very same machine)
everything runs smoothly.
??? That means you only get a handful of routes instead of the 175k full
view? Perhaps including part of a bgpctl show rib would help.
Is there anything I should try, or I should use good-old zebra (quagga)?
nope.
--
:wq Claudio
Re: Intel 82801 SMBus dmesg question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Today Otto Moerbeek contributed the following: On Fri, 27 Jan 2006, Denny White wrote: Had originally posted a message Tuning NFS File Transfer Speed and had eventually posted a Solved reply to it on the list. That turned out to be erroneous. It did turn out to be a hardware issue. Had some leaking capacitors on the old VIA Abit mobo and replaced it with a Aopen MX3ST mobo picked up on the cheap. All seems to be working okay so far, but my question concerns what dmesg is saying. I googled all over, searched in the archives, and came up with lots of dmesg's that mentioned it, but didn't explain specifically what that one line meant. It says: Intel 82801BA SMBus rev 0x05 at pci0 dev 31 function 3 not configured Before asking anything on the list, I tried different things in the BIOS like disabling USB, the onboard NIC, juggled some IRQ's, just generally doing some experimenting, but the message is still there. I'd just like to know what exactly it means maybe be pointed to a site that explains it so I can learn more about it. Will put in output of dmesg ifconfig below. Thanks for all replies. There's nothing wrong. It just mean SMBus is not supported. SMBus is a system management bus. It is generally used to read and control fans, temperature sensors and such. It is not supported on 3.8, but 3.9 will support a wide variety of SMBus controllers. Install 3.9-beta to take a look. It's available on the various mirrors. The ichiic(4) and iic(4) man pages contain some more info. You can read them via the web site: http://www.openbsd.org/cgi-bin/man.cgi?query=ichiic -Otto Thanks, Otto, for the reply. I'll try it. Have an old Prioris server donated from a friend to experiment on. Just checked in 3.8 and there's a man page for iic, leading eventually to other related stuff, including sensorsd and sysctl. I've played around with them a little, especially when I was having mobo problems. Thanks again. Denny White Please do not CC me. Already subscribed to mailing list. GnuPG key : 0x1644E79A | http://wwwkeys.nl.pgp.net Fingerprint: D0A9 AD44 1F10 E09E 0E67 EC25 CB44 F2E5 1644 E79A iD8DBQFD2oQgy0Ty5RZE55oRAiSRAKCjCdr9zzEeOhW2wTFXnFkxmdCAfQCgm8/C Or3s0gbXXz5qsK+YVW8qT0w= =cM0J -END PGP SIGNATURE-
