ifconfig man/usage err wrt deletetunnel on 3.8-beta

[Brad Ely]

The man page (and usage message) for ifconfig on 3.8-beta seems to
be out of date with respect to the current behavior when deleting
a tunnel.

# ifconfig tun0 create
# ifconfig tun0
tun0: flags=10 mtu 3000
groups: tun
# ifconfig tun0 10.0.0.1 10.0.0.2
# ifconfig tun0
tun0: flags=51 mtu 3000
groups: tun
inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00
# #NOTE: deletetunnel doesn't work
# ifconfig tun0 deletetunnel
ifconfig: SIOCDIFPHYADDR: Invalid argument
# #NOTE: but delete does
# ifconfig tun0 delete
# ifconfig tun0
tun0: flags=51 mtu 3000
groups: tun
# ifconfig tun0 destroy
# ifconfig tun0
tun0: no such interface
#

Re: "iwlist scan" equivalent command under OpenBSD

[Joakim Aronius]

Also note the different between ifconfig -M run under user and superuser 
permissions, sudo ifconfig -M  is what you want.

/jkm

* Nikolai N. Fetissov ([EMAIL PROTECTED]) wrote:
> On Thu, February 16, 2006 11:17 am, Ramiro Aceves wrote:
> > Hi OpenBSD fans.
> >
> > I have been googling around and have not been able to solve this
> > question. ?How can one discover what wireless networks are available
> > under OpenBSD?
> > I am used to the "iwlist scan eth0" under Linux, and I hate to halt
> > OpenBSD and boot Linux only to discover the networks, then come back
> > and start OpenBSD again to continue the configuration. What is the
> > OpenBSD equivalent to Linux "iwlist"?
> >
> > Anyway, my Intel 2200 card is recogniced very well under OpenBSD with
> > "iwi" driver.
> >
> > Thank you very much in advance.
> >
> > Ramiro.
> >
> >
> ifconfig -M
> 
> see ifconfig(8)
> -- 
>  nikolai

Re: connect2air gprs openbsd howto?

[Felix Kronlage]

On Thu, Feb 16, 2006 at 11:16:21AM +, Didier Wiroth wrote:

> I recently got a fujitsu siemens compactflash (with pcmcia connector) 
> connect2air gprs card.
> I've almost never used ppp and do not know how to setup it the ppp.conf to 
> use the connect2air gprs card to dial a gprs connection.

you should find all you need here:
http://hazardous.org/~fkr/openbsd/openbsd_gprs_umts.html>

I use pppd with my Connect2Air card, workes like a charm. Most of the time
I used it in the Zaurus, but for a while I used the Connect2Air in a CF
Adapter in my powerbook.

On the website you will also find config files to be used with pppd.

felix
-- 
GPG/PGP:   D9AC74D0 / 076E 1E87 3E05 1C7F B1A0  8A48 0D31 9BD3 D9AC 74D0
http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc  - 
FKR-RIPE
https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas

ath1 fails to work in OBSD3.8

[atstake atstake]

ath(4) configuration is not working in OBSD3.8-Release.

The wifi card is Netgear WG511T which is supposed to connect to a
linksys wifi gateway to get IP address from the DHCP pool and it
should have a 26-digit WEP key.

Here's the dmesg

OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Mobile Intel(R) Pentium(R) 4 CPU 3.20GHz ("GenuineIntel"
686-class) 3.20 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem  = 468688896 (457704K)
avail mem = 420597760 (410740K)
using 4278 buffers containing 23535616 bytes (22984K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(81) BIOS, date 01/16/04, BIOS32 rev. 0 @ 0xfd700
pcibios0 at bios0: rev 2.1 @ 0xfd700/0x900
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf00/224 (12 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x1002 product 0x434c
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xf000 0xd/0x6000! 0xd6000/0x800! 0xd8000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ATI RS300 Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "ATI Radeon IGP 9100 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 "ATI Radeon Mobility IGP 9100" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ohci0 at pci0 dev 19 function 0 "ATI SB200 USB" rev 0x01: irq 11,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci0 dev 19 function 1 "ATI SB200 USB" rev 0x01: irq 11,
version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
ehci0 at pci0 dev 19 function 2 "ATI SB200 USB2" rev 0x01: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 6 ports with 6 removable, self powered
"ATI SB200 SMBus" rev 0x17 at pci0 dev 20 function 0 not configured
pciide0 at pci0 dev 20 function 1 "ATI IXP200 IDE" rev 0x00: DMA
(unsupported), channel 0 configured to compatibility, channel 1
configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
pcib0 at pci0 dev 20 function 3 "ATI SB200 PCI-ISA" rev 0x00
ppb1 at pci0 dev 20 function 4 "ATI SB200 PCI-PCI" rev 0x00
pci2 at ppb1 bus 2
"Texas Instruments TSB43AB21 FireWire" rev 0x00 at pci2 dev 0 function
0 not configured
ath0 at pci2 dev 2 function 0 "Atheros AR5212" rev 0x01: irq 11
ath0: AR5212 5.6 phy 4.1 rf5111 1.7 rf2111 2.3, WOR4W, address 00:90:96:72:4d:f1
rl0 at pci2 dev 3 function 0 "Realtek 8139" rev 0x10: irq 11 address
00:02:3f:d3:3a:7b
rlphy0 at rl0 phy 0: RTL internal phy
cbb0 at pci2 dev 4 function 0 "ENE CB-1410 CardBus" rev 0x01: irq 11
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
auixp0 at pci0 dev 20 function 5 "ATI IXP200 AC97" rev 0x00: irq 11
auixp0: soft resetting aclink
auixp0: not up; resetting aclink hardware
auixp0: not up; resetting aclink hardware
auixp0: aclink hardware reset successful
vendor "ATI", unknown product 0x434d (class communications subclass
modem, rev 0x01) at pci0 dev 20 function 6 not configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask ef75 netmask ef75 ttymask fff7
pctr: user-level cycle counter enabled
ath1 at cardbus0 dev 0 function 0 "Atheros Communications, Inc.,
AR5001--, Wireless LAN Reference Card": irq 11
ath1: AR5212 7.9 phy 4.5 rf2112 5.6 rf2112 5.6, FCC1A, address 00:0f:b5:a7:d1:f7
umass0 at uhub2 port 2 configuration 1 interface 0
umass0: LEXAR MEDIA JUMPDRIVE GEYSR, rev 2.00/0.01, addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0:  SCSI1
0/direct removable
sd0: 246MB, 984 cyl, 16 head, 32 sec, 512 bytes/sec, 503808 sec total
uhidev0 at uhub0 port 3 configuration 1 interface 0
uhidev0: vendor 0x062a product 0x0001, rev 1.10/0.00, addr 2, iclass 3/1
ums0 at uhidev0: 3 buttons and Z dir.
wsmouse1 at ums0 mux 0
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: sd0 matches BIOS drive 0x81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
ac97:

Re: cardbus cant map interrupt - asus pundit barebone

[Alexey Vatchenko]

[EMAIL PROTECTED] wrote:
> cbb0 at pci2 dev 12 function 0 vendor "ENE", unknown product 0x1411 rev
> 0x02pci_intr_map: no mapping for pin A
> : couldn't map interrupt

To get rid of this message find "pcibios0 at bios0 ..." line in your
kernel config file and change "flags" to 0x0042. Then recompile kernel
and boot it. If you have any PCMCIA card try it. It'd be interesting to
know the results.

-- 
%cat ~/doc/personal.txt
mailto: [EMAIL PROTECTED] JID: [EMAIL PROTECTED]

OpenBGPD dropping sessions.

[Pete Bristow]

Hi
I've got OpenBGPD running on 3.7, currently whenever I bring up a
session with another peer the session drops to Idle as soon as a set of
routes are learnt.

#macros
BD01="217.112.a.b"

AS 64513

router-id 85.234.132.65
neighbor $BD01 {
  remote-as 29550
  descr BD01
  multihop 3
  local-address 85.234.132.65
  announce none
}

deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4

The routes in particular are
Destination PeerNext-Hop MED ASPATH 
*i84.92.0.0  /15 195.66.224.164  195.66.224.164  90 6871
*i212.159.64.0   /18 195.66.224.164  195.66.224.164  90 6871
*i87.115.0.0 /16 195.66.224.164  195.66.224.164  90 6871
*i195.7.224.0/19 195.66.224.164  195.66.224.164   0 6871 8622 8622
*i87.114.0.0 /16 195.66.224.164  195.66.224.164  90 6871
*i87.113.0.0 /16 195.66.224.164  195.66.224.164  90 6871
*i87.112.0.0 /16 195.66.224.164  195.66.224.164  90 6871
*i212.159.0.0/19 195.66.224.164  195.66.224.164  90 6871
*i212.159.32.0   /19 195.66.224.164  195.66.224.164  90 6871
*i81.174.128.0   /17 195.66.224.164  195.66.224.164  90 6871
*i212.56.64.0/18 195.66.224.164  195.66.224.164  90 6871
*i80.229.0.0 /16 195.66.224.164  195.66.224.164  90 6871
*i212.84.96.0/19 195.66.224.164  195.66.224.164  0 6871 8622 8622
*i195.166.128.0  /19 195.66.224.164  195.66.224.164  90 6871

This behaviour has been observed when bringing sessions up against other
routers too. Is there a way of getting bgpd to log more information as
to why the session was torn down, rather than just logging state
changes. I would speak to AS6871 about the problem but as yet I havn't
worked out what's going wrong.

I tried logging everything with
log updates
dump all in "/var/log/bgp.log"

However when I look at the log with route_btoa it reveals nothing of
what brought down the session.

If I have left out anything pertinent beat me with a clue stick.

Thanks for any help you guys can give me.

Pete

Re: cardbus cant map interrupt - asus pundit barebone

[mickey]

On Fri, Feb 17, 2006 at 01:14:25PM +0200, Alexey Vatchenko wrote:
> [EMAIL PROTECTED] wrote:
> > cbb0 at pci2 dev 12 function 0 vendor "ENE", unknown product 0x1411 rev
> > 0x02pci_intr_map: no mapping for pin A
> > : couldn't map interrupt
> 
> To get rid of this message find "pcibios0 at bios0 ..." line in your
> kernel config file and change "flags" to 0x0042. Then recompile kernel
> and boot it. If you have any PCMCIA card try it. It'd be interesting to
> know the results.

of course the right way is to boot into UKC:

boot> -c
...
UKC> change pcibios
change pcibios (y/n)? y
flags [0x0]: 0x30
UKC> exit

and send a full dmesg then please.

cu
-- 
paranoic mickey   (my employers have changed but, the name has remained)

Re: 3.8 bridge trouble

[Henning Brauer]

* Pailloncy Jean-Gerard <[EMAIL PROTECTED]> [2006-02-15 21:27]:
> I add asked Henning at EuroBSDCon'2005 about this, and he says to me  
> that if I could avoid this setup (bridge) and use a router: this is  
> the way to go.

actually, I am pretty certain I told you you'll need stp at least.
I did and still do recommend routing and not bridging in any case.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: 3.8 bridge trouble

[Henning Brauer]

* Pailloncy Jean-Gerard <[EMAIL PROTECTED]> [2006-02-16 10:26]:
> Nest tr y: I setup the two nics to be in 10bt mode and not in 100bt.
> The box freezes, all the segment go down.
> Near nothing comes in or out, from any other serveres of the segment.
> answer to ssh was with a lag of few minutes (for control-C)
> I just unplug the box, and stop putting down my network.

sounds like you;re way overloading the tiny CPUs

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: OpenBGP on firewall

[Henning Brauer]

* Paolo Supino <[EMAIL PROTECTED]> [2006-02-16 19:54]:
>  I started working for a company that its production site is running 2 
> PIX firewalls with no VRRP (to save cost on licensing, duh). I offered 
> and they approved to replace them with 2 OpenBSD and CARP. In front of 
> the FW there is a Cisco 7200 router doing BGP. I offered to remove the 
> router and use OpenBGP on the OpenBSD firewalls instead, thus achieving 
> failover on BGP too. But I don't know whether this is a good idea or 
> should I add 2 more OpenBSD systems specifically for BPG?

in prinicple, usinf bgpd on teh same machines is fine. you should take 
care that the car master also is the one that announces the best route 
to you so that you don't get too assymetric traffic flows. otherwise 
you'll see performance issues and some packet loss, likely.
with seperate machines for bgpd and stateless filtering that is not an 
issue at all.
I always wanted to add something so that you can make a prepend-self 1 
depending on carp state... maybe i should revive that idea

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: OpenBGPD dropping sessions.

[Henning Brauer]

* Pete Bristow <[EMAIL PROTECTED]> [2006-02-17 12:30]:
> I've got OpenBGPD running on 3.7, currently whenever I bring up a
> session with another peer the session drops to Idle as soon as a set of
> routes are learnt.

that, of course, is not normal behaviour and nothing we ever observed...

> This behaviour has been observed when bringing sessions up against other
> routers too. Is there a way of getting bgpd to log more information as
> to why the session was torn down, rather than just logging state
> changes. I would speak to AS6871 about the problem but as yet I havn't
> worked out what's going wrong.

please show the logs. bgpd does log why a sessions drops back to IDLE.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: OpenBGPD dropping sessions.

[Pete Bristow]

Hi Henning

> * Pete Bristow <[EMAIL PROTECTED]> [2006-02-17 12:30]:
> 
>>I've got OpenBGPD running on 3.7, currently whenever I bring up a
>>session with another peer the session drops to Idle as soon as a set of
>>routes are learnt.
> 
> 
> that, of course, is not normal behaviour and nothing we ever observed...
> 
> 
>>This behaviour has been observed when bringing sessions up against other
>>routers too. Is there a way of getting bgpd to log more information as
>>to why the session was torn down, rather than just logging state
>>changes. I would speak to AS6871 about the problem but as yet I havn't
>>worked out what's going wrong.
> 
> 
> please show the logs. bgpd does log why a sessions drops back to IDLE.
> 

Feb 17 12:15:54 a bgpd[28123]: neighbor 217.112.a.b (BD01): state change
Idle -> Connect, reason: Start
Feb 17 12:15:54 a bgpd[28123]: neighbor 217.112.a.b (BD01): state change
Connect -> OpenSent, reason: Connection opened
Feb 17 12:15:54 a bgpd[28123]: neighbor 217.112.a.b (BD01): state change
OpenSent -> OpenConfirm, reason: OPEN message received
Feb 17 12:15:54 a bgpd[28123]: neighbor 217.112.a.b (BD01): state change
OpenConfirm -> Established, reason: KEEPALIVE message received
Feb 17 12:16:05 a bgpd[28123]: neighbor 217.112.a.b (BD01): state change
Established -> Idle, reason: Connection closed

Was all I got.

Pete

Re: OpenBGPD dropping sessions.

[Henning Brauer]

* Pete Bristow <[EMAIL PROTECTED]> [2006-02-17 13:16]:
> Feb 17 12:16:05 a bgpd[28123]: neighbor 217.112.a.b (BD01): state change
> Established -> Idle, reason: Connection closed
> 
> Was all I got.

and ther eis your reason, the remote router closed the connection 
(aka, tcp session went down). Why, we cannot know.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: 3.8 bridge trouble

[Pailloncy Jean-Gerard]

Le 17 fivr. 06 ` 12:35, Henning Brauer a icrit :

* Pailloncy Jean-Gerard <[EMAIL PROTECTED]> [2006-02-15 21:27]:

I add asked Henning at EuroBSDCon'2005 about this, and he says to me
that if I could avoid this setup (bridge) and use a router: this is
the way to go.


actually, I am pretty certain I told you you'll need stp at least.
I did and still do recommend routing and not bridging in any case.

Sure. I had activated stp on each sis I have on the bridge.

I will ask my provider to change the network configuration, to use a  
router.

I think I can not use a router in the current setup, am I wrong ?

Cordialement,
Jean-Girard Pailloncy

Re: ath1 fails to work in OBSD3.8

[Nick Guenther]

On 2/17/06, atstake atstake <[EMAIL PROTECTED]> wrote:
> ath(4) configuration is not working in OBSD3.8-Release.
>

I have the same problem with my ath-based card. It's been mentioned on
the list before. The problem seems to be that the card isn't sending
proper association info. I intend to try and figure it out once I get
comfortable building kernels and you could help too.

On the other hand, are you sure you want to use ath_1_? Do you have
two ath cards? The default card should be ath0

-Kousu

> The wifi card is Netgear WG511T which is supposed to connect to a
> linksys wifi gateway to get IP address from the DHCP pool and it
> should have a 26-digit WEP key.
>
> Here's the /etc/hostname.ath1
>
> up
> dhcp media autoselect nwkey 0x88d67bbfa7037e7d73e2bb987e channel 11

XMail mail server - random crashes, maybe OpenBSD fault?

[Marcin Wilk]

Hello
XMail is mail server of my choice because it is all what i need 
(SMTP/POP3 in one app, very simple configuration, remotely 
administration withs pecial protoco, very fast working etc. etc.).
The problem with XMail on OpenBSD is that it randomly crashing 
(generating xmail.core).

It happend only with OpenBSD OS.
I investigate this with XMail author & we think it may be OpenBSD 
library error, not XMail itself.


Here are my compile instructions:
cd /usr/src
wget http://www.xmailserver.org/xmail-1.23-pre01.tar.gz
# this is special version dedicated to BSD OSs (checked for errors by 
the author & a little optimized for BSDs)

tar zxvf xmail-1.23-pre01.tar.gz
cd xmail-1.23-pre01
export XMAIL_DEBUG=1
gmake -f Makefile.bsd OSTYPE=OpenBSD

Here are instructions that i made after compile ends succefully 
(never had any problems with that):

cp -r MailRoot /var
chmod 700 /var/MailRoot
cp bin/* /var/MailRoot/bin/
cp bin/CtrlClnt /usr/sbin
mkdir /usr/share/doc/xmail
cp docs/* /usr/share/doc/xmail/
mv /usr/sbin/sendmail /usr/sbin/sendmail.orig
cp bin/sendmail /usr/sbin/sendmail.xmail
chmod +s /usr/sbin/sendmail.xmail
cp sendmail.sh /usr/sbin/sendmail
chmod +x /usr/sbin/sendmail

The XMail configurations are other on other servers, but i got chance 
to use it on few OpenBSD servers & everywhere is the same problem!


The first server (Pentium4/OpenBSD 3.7-release.i386) (about 5 
domains, about 100 users, 1 mailing list accout):

DMESG: http://nicram.sytes.net/openbsd/xmail/pentium4/dmesg.txt
gdb /var/MailRoot/bin/XMail /XMail.core: 
http://nicram.sytes.net/openbsd/xmail/pentium4/problem.txt
XMail.core file if someone would like to check it: 
http://nicram.sytes.net/openbsd/xmail/pentium4/xmail.core


The second server (Duron/OpenBSD 3.8-release.i386) (3 domain, 6 
users, 0 mailing list accounts):

DMESG: http://nicram.sytes.net/openbsd/xmail/duron/dmesg.txt
gdb /var/MailRoot/bin/XMail /XMail.core: 
http://nicram.sytes.net/openbsd/xmail/duron/problem.txt


In both cases the problem is with _thread_start () from 
/usr/lib/libpthread.so.6.1


I have installed XMail with same isntructions on OpenBSD 
3.8-release.amd64 today but with 1 domain & 1 user.
but i think soon it will do the same & crash, then i will prepeare 
LOG files like those here.


I'm using XMail on some Linux server too, it is working there for a 7 
months without any problems (ful uptime of server, about 60 users, 5 
domains, few mailing list accounts). Even when i testes XMail on 
windows it was stable :S


Can anyone using XMail confirm this, or someone that got something to 
do with OpenBSD source says omething about this libpthread.so.6.1 problem?

Any comments please :)

Best Regards

filesystem full problem

[Adam Papai]

Hello list,

I've run into a problem.

My /var reached the 105% disk usage. I've deleted 1.5G from /var but the
df shows me still 2Gb.

du -csh /var shows 38M

What can I do? I tried: sync but nothin happens. The programs can't write
to /var so it intiditaces a little deffect..

What's the solution? Only the reboot?



# df
Filesystem  512-blocks  Used Avail Capacity  Mounted on
/dev/raid0a 401820 6816431356818%/
/dev/raid0d 512636 8487000 0%/tmp
/dev/raid0e4124572   4123548   -205204   105%/var
/dev/raid0f8253052472556   7367844 6%/usr
/dev/raid0g  138961100  75632652  5638039657%/home

# du -csh /var/
38.1M   /var/
38.1M   total


-- 
Adam PAPAI
D i g i t a l Influence
E-mail: [EMAIL PROTECTED]
Phone: +36 30 33-55-735

Re: cardbus cant map interrupt - asus pundit barebone

[Alexey Vatchenko]

mickey wrote:
> On Fri, Feb 17, 2006 at 01:14:25PM +0200, Alexey Vatchenko wrote:
> of course the right way is to boot into UKC:
> 
> boot> -c
> ...
> UKC> change pcibios
> change pcibios (y/n)? y
> flags [0x0]: 0x30
> UKC> exit
> 
> and send a full dmesg then please.

http://psytech.h10.ru/full_dmesg.txt

-- 
%cat ~/doc/personal.txt
mailto: [EMAIL PROTECTED] JID: [EMAIL PROTECTED]

Re: filesystem full problem

[Ray Lai]

On Fri, Feb 17, 2006 at 02:54:43PM +0100, Adam Papai wrote:
> Hello list,
> 
> I've run into a problem.
> 
> My /var reached the 105% disk usage. I've deleted 1.5G from /var but the
> df shows me still 2Gb.
> 
> du -csh /var shows 38M
> 
> What can I do? I tried: sync but nothin happens. The programs can't write
> to /var so it intiditaces a little deffect..
> 
> What's the solution? Only the reboot?

There is probably a program that is running with an open file handle.
Whichever program caused your /var to be filled up is probably still
growing that file, so you have to close it.  Try fstat(1).

-Ray-

how do I PXE boot a laptop so as to install OpenBSD??

[Julesg]

Hello folks!  

I have a Gateway Solo 3350 and I want to remake it with OpenBSD.  This laptop 
has an ethernet connection and a single USB port;  And while I have access to a 
USB-based floppy drive, this device can not be used for booting.

I am prepared to do a PXE ethernet boot but I need very specific instructions.  
(This is where I whine and say please;  The thing is  I mean it.  Help.)

I would like to thank the people who work to make OpenBSD a success.  Like 
others, I wish that security wasn't necessary  but wishing doesn't accomplish 
anything! -- whereas using Obsd does!, it gives each of us real PC security in 
an non-secure world.

--jg

make fails on @pkgpath net/libnet

[reader]

Novice Alert!

I keep hitting this error output when trying pkg_add or use ports
method to install nmap

The instant cases were  pkg_add nmap-3.95p0-no_x11.tgz

Error is:   Unknown element: @pkgpath net/libdnet,no_python

>From ports net/nmap
  FLAVOR=no_x11 make install

It pulls in what seem like some unlikely dependancies and errors out
with the same error on one of them:

   ===>  Building package for db-4.2.52p8
Unknown element: @pkgpath databases/db/v4,no_tcl

An aside here is that the no_tcl flavor seems odd since this make
pulled in tcl as a dep:
   ===>  Verifying install for tcl-8.4.* in lang/tcl/8.4
===>  Checking files for tcl-8.4.7p1
>> tcl8.4.7-src.tar.gz doesn't seem to exist on this system.
>> Fetch http://puzzle.dl.sourceforge.net/sourceforge/tcl/tcl8.4.7-src.tar.gz.
100% |**|  3391 KB
02:56 

So what is the root problem?  Does nmap really need all that?
Anyone know what this error is trying to tell me?

Re: how do I PXE boot a laptop so as to install OpenBSD??

[djgoku]

On 2/17/06, Julesg <[EMAIL PROTECTED]> wrote:

> I am prepared to do a PXE ethernet boot but I need very specific 
> instructions.  (This > is where I whine and say please;  The thing is  I 
> mean it.  Help.)

Make sure your laptop ethernet card supports PXE booting.

Reading this will help if you already have openbsd installed on a
local server that you can configure as a PXE Boot Server.

http://openbsd.org/faq/faq6.html#PXE

Re: CARP+pf+pfsync redundant firewalls running active/active doable?

[Joseph C. Bender]

Jason Stubbs wrote:

Hi,

I'm looking to set up redundant firewalls in pretty much the same way as 
is detailed in the PF FAQ. For discussion purposes, I've reproduced the

basic network layout below.

	From your description and questions below, it looks like you're not 
trying to do it the same way, and your understanding may be incomplete.


[Snip Layout]



Firewall External IP addresses
10.0.0.1 nat'ed to sv1 with fw1 being the master
10.0.0.2 nat'ed to sv2 with fw2 being the master

Firewall Internal IP addresses
192.168.0.1 with fw1 being the master
192.168.0.2 with fw2 being the master

	Are these CARP'd addresses, as in you have multiple CARP interfaces per 
NIC?  If so, why?





Now with sv1's default route being set to 192.168.0.1 and sv2's default 
route being set to 192.168.0.2 all should work fine (at least as far as 
documentation goes). However, what I'd like to do is have both sv1 and 
sv2 use both 192.168.0.1 and 192.168.0.2 for routing in a round-robin 
fashion. With fw1 handling sv1's nat'ing, will fw2 correctly be able to 
un'nat and send out replies sent by sv1?




I'm not going to answer this directly, mostly because I can't figure 
out, given you have a really kickass failover system, why you'd even 
want to do this.  Given you're using hardware that is capable of using 
em cards, box loading shouldn't be an issue.


Put simply, you're trying to make this harder than it really is, I 
think.  I suggest the following, which is what we use at the office and 
is a heck of a lot closer to what the PF User's Guide suggests:


carp0:  Assigned to em0 on both fw1 and fw2  Assigned 192.168.0.1  fw1 
is the master.


carp1:  Assigned to em2 on both fw1 and fw2  Assigned 10.0.0.1 AND 
10.0.0.2 (primary and alias).  Make sure that you have carp info for the 
aliases (vhid and whatnot) for the alias lines.  I can't remember if 
it's required per alias entry, but that's what we're running here and it 
works.


Don't forget to set your advskew values properly, i.e. they should be 
higher on fw2 if it's the backup box.


pfsync0 still on em1. (Personally I'd do em1 as the carp1 int and em2 as 
the pfsync, but I'm weird like that).


em0 on fw1, assign 192.168.0.2 as the int's ip for management and whatnot.

em0 on fw2 assign 192.168.0.3 for the same reasons.

Do the same thing for em1 on both firewalls using 10.0.0.x addresses.

Set up your pf rulesets, doing your rdr rules for both sv1 and sv2 on 
the inbound *interfaces* (this has bit me in the ass many times).


Set the gateway on both sv1 and sv2 to 192.168.0.1

If fw1 goes paws up or needs maintenance, and if you've done everything 
right, fw2 will take the load almost instantly (within milliseconds in 
my experience).


[snip rest, as it's not relevant to my answer]

My whole point is that with the CARP and pfsync redundancy, there's no 
need to have really complicated routes to and from your servers and 
their firewalls.


Hope this helps.

--

Joseph C. Bender
jay cee bender at bendorius dot com

Newsletter della 8� settimana 2006

[Borghi Toscani News]

[IMAGE]

[IMAGE]

Borghi Toscani | E - mail | Registrati | Inserisci un locale | Meteo |
News

[IMAGE]

NUOVI
INSERIMENTI

Newsletter della 8B0 settimana 2006

LINK
CONSIGLIATI

B&B Da Anna

LAST MINUTE IN TOSCANA

OFFERTE SOGGIORNI IN TOSCANA

OFFERTE LAST MINUTE FIRENZE

Last Minute Abetone

Offerte Abetone

News, eventi e manifestazioni in Toscana questa settimana

Data

Evento

Tipologia

16/02/2006

La musica nel cinema italiano PISTOIA

(Teatro)

17/02/2006

ARTOUR-O FIRENZE

(Mostre)

17/02/2006

Percorsi dbacqua, percorsi di pace PORRETTA TERME

(Mostre)

18/02/2006

Trofeo Gallini Pagni e Trofeo Sanpaolo ABETONE

(Gare)

18/02/2006

QuotidianitC  la fotografia di Walter Viaggi CASCINA

(Mostre)

18/02/2006

The New Landscape la pittura di Pierbellini CASCINA

(Mostre)

18/02/2006

Millezzampe PIETRASANTA

(Teatro)

19/02/2006

25B0 edizione del Carnevale di Veneri PESCIA

(Feste Paesane)

19/02/2006

Carnevale foianese FOIANO DELLA CHIANA

(Folklore)

20/02/2006

Marilyn and friends FIRENZE

(Mostre)

21/02/2006

La grande guerra degli artisti FIRENZE

(Mostre)

22/02/2006

Gentile da Fabriano FIRENZE

(Mostre)

22/02/2006

Dal Romanticismo al risorgimento BAGNO A RIPOLI

(Mostre)

23/02/2006

Trofeo Sanpaolo PULICCHIO

(Gare)

24/02/2006

Cioccolando 2006 LIVORNO

(Sagre e Fiere)

25/02/2006

Trofeo Ciatti ABETONE

(Gare)

25/02/2006

Pinocchio sugli Sci PULICCHIO

(Gare)

25/02/2006

Stracult PIETRASANTA

(Teatro)

26/02/2006

Carnevale foianese FOIANO DELLA CHIANA

(Folklore)

26/02/2006

Pinocchio sugli Sci PULICCHIO

(Gare)

26/02/2006

La domenica del tarlo SANSEPOLCRO

(Mercatini)

escursioni toscana

CARNEVALE VIAREGGIO 2006

CIOCCOLANDO 2006

Settembre luccheseViareggio C( una cittC  nota ai piC9 per le sue spiagge
ed il suo mare, durante l'estate, ed il fastoso carnevale nel periodo
invernale.
Il Carnevale di Viareggio ha ben 133 anni di storia ed C( sicuramente la
piC9 nota manifestazione in Italia.
Il Carnevale 2006, in programma dal 12

Carnevale Viareggio 2006

Settembre luccheseCioccolando 2006, a Livorno 3 giorni di dolci golositC 
Cioccolando, la fiera del cioccolato artigianale, torna a Livorno per
regalare tre giorni di emozioni intense e dolcissime. Dopo il successo
della prima edizione che ha richiamato piC9 di 8000 visitatori, l'agenzia
SpazioEventi, propone

Cioccolando 2006

Raccolta delle informazioni e Registrazione ai servizi
Piramedia srl, in qualitC  di titolare del trattamento, Ti informa che i
dati personali che ci avrai fornito, volontariamente o automaticamente
attraverso i nostri portali, saranno trattati, con il tuo consenso allo
scopo di trasmetterti i servizi da te richiesti. In particolare ti
verranno inviate tramite posta elettronica o sms, informative o offerte a
carattere commerciale o pubblicitario, inerenti al Turismo. Ti verranno
inviate inoltre comunicazioni circa modifiche, miglioramenti, o
cambiamenti dei servizi da noi proposti. In coda ad ognuno di questi
messaggi sarC  sempre presente il modo perchC) tu possa rimuovere i tuoi
dati dal nostro archivio.
Piramedia srl, non raccoglierC  in nessun modo dati ritenuti sensibili e
si impegna a non utilizzare i tuoi dati, o cederli a terzi, per finalitC 
che siano diverse da quelle qui sopra elencate.
Formula di acquisizione del consenso dell'interessato.
Il/la sottoscritto/a, acquisite le informazioni fornite dal titolare del
trattamento ai sensi dell'articolo 13 del D.Lgs. 196/2003, l'interessato:
- presta il suo consenso al trattamento dei dati personali per i fini
indicati nella suddetta informativa.
- presta il suo consenso per la comunicazione dei dati personali per le
finalitC  ed ai soggetti indicati nell'informativa.
- presta il suo consenso per la diffusione dei dati personali per le
finalitC  e nell'ambito indicato nell'informativa.

DISDETTA
Se non vuoi piC9 ricevere l'edizione gratuita di "BorghiToscani.com"
clicca su questo link: disdetta

Vecoli

Cottage Vecoli

Tenuta il Cicalino

Tenuta il Cicalino

Centro Velico Naregno

Centro Velico Naregno

Tirrenia Ferries

Tirrenia
Ferries

Hotel Le Acacie

Hotel Le Acacie

Hotel Tornese

Hotel
Tornese

Il Giardinetto

Immob. Massarosa

Bel Soggiorno

Villa Jessica

Il Belvedere

Podere tre Cipressi

Tenuta Sant'Agnese

Hotel Croce di Malta

Hotel Privilege

Hotel I Presidi

Argentario Divers

Lorenzo il Magnifico

San Domenico

Podere gli Olmi

MaranathC 

Youth Residence

PLP guest house

Rooms with a view

Althea rooms

Park Hotel

Argentario Camping

Il Gabbiano

Le Cannelle

Argentario Osa

Talamone Camping

Hotel Telamonio

Hotel Capo Duomo

Pian dei Pini

La Valentina

Cavalleggeri

Hotel L'Etrusco

Le Colombe

Borgo Dolciano

Locanda dei Guelfi

Villino Il Magnifico

Villa Elea

Fontecastello

Hotel Massimo

Hotel Alex

A casa di Dante

B&B Gilda

Podere Giarlinga

Fonte del Cieco

Ninna Nanna

1999 - 2005 - Copyright and Project by Piramedia srl - Tutti I Diritti
Riservati -Privacy

[IMAGE]

Which platform version can run on IBM OpenPower 710/720 ?

[Michael Bibby]

hello [EMAIL PROTECTED]:

Can anyone tell me which platform can run on IBM OpenPower 710 / 720 ?
macppc ?

thanks

Re: Which platform version can run on IBM OpenPower 710/720 ?

[ober]

None?

-Ober

Richard Chesler: [Reading a piece of paper] The first rule of Fight Club is you 
don't talk about Fight Club?
Narrator: [Voice-over] I'm half asleep again; I must've left the original in 
the copy machine.
Richard Chesler: The second rule of Fight Club - is this yours?
Narrator: Huh?
Richard Chesler: Pretend you're me, make a managerial decision: you find this, 
what would you do?

On Sat, 18 Feb 2006, Michael Bibby wrote:


Date: Sat, 18 Feb 2006 01:22:20 +0800
From: Michael Bibby <[EMAIL PROTECTED]>
To: misc@openbsd.org
Subject: Which platform version can run on IBM OpenPower 710/720 ?

hello [EMAIL PROTECTED]:

Can anyone tell me which platform can run on IBM OpenPower 710 / 720 ?
macppc ?

thanks

Crawling IPSec speed with enc aes

[Andreas Bihlmaier]

Hello misc@,
first of all I have to say ipsecctl with ipsec.conf is wonderful, never
was simpler to setup a VPN.

The problem is that the speed is REALLY slow when I use the default
cipher (aes) in "quick auth" mode in ipsec.conf (see below).

Throughput is good if I use other ciphers:
Cipher  Speed
aes 0.6 Mb/s
3des33.5Mb/s
des 44  Mb/s
cast47  Mb/s
blowfish47.5Mb/s

Iperf was used for all testing.

Am I mistaken or should the aes speed be much closer that of
other ciphers? Btw. I also tried without "quick auth" stuff.

Only option I changed for testing is the line "enc CIPHER" in both
ipsec.conf files and afterwards I reloaded with:
ipsecctl -F; ipsecctl -f /etc/ipsec.conf

#--- Machine1 -#
#cat /etc/ipsec.conf
ike esp from any to 10.0.0.1 quick auth hmac-sha2-256 \
enc aes \
psk foobarfoobar


#ipsecctl -s all
FLOWS:
flow esp in from 10.0.0.1 to 0.0.0.0/0 peer 10.0.0.1
flow esp out from 0.0.0.0/0 to 10.0.0.1 peer 10.0.0.1

SADB:
esp tunnel from 10.0.0.2 to 10.0.0.1 spi 0x9d948ddc enc aes auth hmac-sha2-256
esp tunnel from 10.0.0.1 to 10.0.0.2 spi 0xbf2f19c2 enc aes auth hmac-sha2-256

#netstat -rnf encap
Routing tables

Encap:
Source Port  DestinationPort  Proto 
SA(Address/Proto/Type/Direction)
10.0.0.1/320 0/00 0 10.0.0.1/50/use/in
0/00 10.0.0.1/320 0 10.0.0.1/50/require/out

#dmesg
OpenBSD 3.9-beta (GENERIC) #601: Sun Feb 12 21:39:52 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(TM) XP 2600+ ("AuthenticAMD" 686-class, 512KB L2 cache) 1.92 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
cpu0: AMD Powernow: TS
real mem  = 1073307648 (1048152K)
avail mem = 972656640 (949860K)
using 4278 buffers containing 53768192 bytes (52508K) of memory
User Kernel Config
UKC> hg;a\^H \^H\^H \^H\^H \^H\^H \^Hdiable \^H \^H\^H \^H\^H \^H\^H \^H\^H 
\^Hsable auvia*
 70 auvia* disabled
UKC> quit
Continuing...
mainbus0 (root)
bios0 at mainbus0: AT/286+(2d) BIOS, date 09/02/04, BIOS32 rev. 0 @ 0xf1930
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x2012
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1f10/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT82C586 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xf400 0xd/0x6000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8377 PCI" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8235 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "NVidia GeForce4 Ti 4400" rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
rl0 at pci0 dev 11 function 0 "Realtek 8139" rev 0x10: irq 10, address 
00:05:5d:2c:89:51
rlphy0 at rl0 phy 0: RTL internal PHY
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 3
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 3
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 3
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 3
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
viapm0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00
iic0 at viapm0
pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 57241MB, 117231408 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
atapiscsi1 at pciide0 channel 1 drive 1
scsibus1 at atapiscsi1: 2 targets
cd1 at scsibus1 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
cd1(pciide0:1:1): using PIO mode 4, DMA mode 2
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x290/8: IT

Can anyone suggest a browser with JavaScript for ARM?

[Andrew Smith]

Hi,

 

It's a plain fact that mozilla/firefox and all the derivative browsers like
Epiphany won't build for ARM at the moment due to some issue with NSPR which
causes the a segmentation fault during the signing phase of the libraries.
19 hours of build time on both Firefox and Mozilla have shown me the problem
is the same on both of them.

 

Can anyone suggest an alternative browser that isn't based on Gecko engine
(requires Mozilla-Devel) and that support JavaScript +CSS?

 

I really want something that I can be able to do GUI edits on moinmoin with
and I don't care if it is a little slow.

 

Try out moinmoin on the sandbox at http://moinmoin.wikiwikiweb.de
  GUI editor requires some very specific
browser features which are definitely in Gecko and browsers like Epiphany
run the editor really well. I was hoping links+ might just do the job but it
doesn't let you do the GUI edits and there are a lot of nasty superfluous
links at the top of the page.

 

- Andy

lockfile-progs

[jabbott]

I am trying to install a log monitor called logcheck.  It seems to want to have 
installed on the machine, lockfile-progs, which seems to want some debian 
reliant libraries to be there.  What I am wondering is, does openbsd already 
have something similar enough to lockfile-progs that I can just point the 
logcheck perl script at it instead?  

I see logcheck used to be in the ports tree, I am downloading a new ports tree 
to see if it still is (though I think it isn't)  My problem with ports is this 
machine is not connected to the outside world and so how do I go about compling 
a port when the machine can't fetch what it needs.

--ja 

-- 

Re: Can anyone suggest a browser with JavaScript for ARM?

[Andrew Smith]

Yep, tried Konqueror-embedded, it doesn't support whatever moinmoin is doing
for its GUI editor.

I think (although I may be wrong) that the version in the ports is too low
to support javascript.

I recently built the kde libs (took about 2 days) so that I could try
building a later version but it failed on the build and I was so discouraged
that I shelved that as an idea... may go back to that but if anyone knows of
another browser to try that would be good.

Incidentally I have also tried dillo and minimo, both fail on this test and
minimo crashes a lot.

-Andy

-Original Message-
From: David Terrell [mailto:[EMAIL PROTECTED] 
Sent: 17 February 2006 19:13
To: Andrew Smith
Subject: Re: Can anyone suggest a browser with JavaScript for ARM?

On Fri, Feb 17, 2006 at 07:01:54PM -, Andrew Smith wrote:
> Try out moinmoin on the sandbox at http://moinmoin.wikiwikiweb.de
>   GUI editor requires some very specific
> browser features which are definitely in Gecko and browsers like Epiphany
> run the editor really well. I was hoping links+ might just do the job but
it
> doesn't let you do the GUI edits and there are a lot of nasty superfluous
> links at the top of the page.

Have you tried KDE or konquerer-embedded?

Privoxy lockups

[Michael Frost]

Using OpenBSD-v3.8 and v3.9-BETA on i386 together with tor, privoxy
stops working alfways after a few minutes up to a few hours. 'Stop
working' means either the privoxy process isn't running anymore (so it
needs to be restarted) or the process is running but no data stream is
managed by privoxy (seen with tcpdump). The trouble maker is definitely
privoxy and not tor.

Is there anybody out here who can confirm this? Do you know a workaround
to handle these lockups?

Re: XMail mail server - random crashes, maybe OpenBSD fault?

[Kamil Andrusz]

Marcin Wilk <[EMAIL PROTECTED]>:

> Hello
> XMail is mail server of my choice because it is all what i need 
> (SMTP/POP3 in one app, very simple configuration, remotely 
> administration withs pecial protoco, very fast working etc. etc.).
> The problem with XMail on OpenBSD is that it randomly crashing 
> (generating xmail.core).
> It happend only with OpenBSD OS.
If I were you i'd have a look in tech@ archives.
http://marc.theaimsgroup.com/?t=11399359051&r=1&w=2

Regards,
Kamil Andrusz
-- 
It's just a matter of opinion.

Large Drive issues / question

[Vincent Meanie]

I have reviewed many faq's and searched the mailing list archives but  
found nothing.


I am currently in the process of a major upgrade from an existing  
system that has been in collocation for three years, openbsd 3.5 with  
Pentium 3 hardware and 400gb total storage. The system hardware  
replacing it will have a hardware sata raid controller, and the  
original plan was to present the Array as one 2.1tb drive to Openbsd  
3.8. The initial headache was obtaining all the hardware.


Reviewing documentation revealed this gem:

> 14.7 - What are the issues regarding large drives with OpenBSD?

> OpenBSD supports an individual file system of up to 231-1, or  
2,147,483,647
> sectors, and as each sector is 512 bytes, that's a tiny > amount  
less than 1T.

>
> There is also a 1T limit on the size of the physical disk,  
although under
> *some* circumstances, that may not cause you problems up to 2T,  
although this

> is not guaranteed.

Is this hard limit because of issues with the filesystem? Would it be  
possible, limitations with the controller aside, to present the array  
as three 700mb slices and combine them with CCD? Or would I be faced  
with the same limitation because of the large disk size.


The array is running raid 5 which is the reason for the large disk size.

I am really stuck on this problem as Openbsd is my primary OS choice,  
but this is a deal breaker and I would like to explore all options  
before having to move to another OS.


Thank you for your time.

updating the kernel to CURRENT

[João Salvatti]

Hi all,

When updating the kernel to CURRENT (in the case, 3.9), do I have to update
ports and already installed packages?

Thanks.

--
Joco Salvatti
Undergraduating in Computer Science
Federal University of Para - UFPA
web: http://salvatti.expert.com.br
e-mail: [EMAIL PROTECTED]

Re: filesystem full problem

[Jared Solomon]

sudo rm -rf /var/porn

Re: updating the kernel to CURRENT

[Spruell, Darren-Perot]

From: [EMAIL PROTECTED] 
> When updating the kernel to CURRENT (in the case, 3.9), do I 
> have to update
> ports and already installed packages?

Packages and ports should stay in sync with the rest of the userland. The OS
should stay in synch with the kernel since there are important dependencies
on kernel interfaces.

So I would guess if you want to run CURRENT kernel, you will be best served
running CURRENT userland as well, and subsequently ports will need to follow
CURRENT as well.

Maybe you should consider a snapshot.

(hoping I'm not misleading on this...)

DS

Re: Large Drive issues / question

[Otto Moerbeek]

On Fri, 17 Feb 2006, Vincent Meanie wrote:

> I have reviewed many faq's and searched the mailing list archives but found
> nothing.
> 
> I am currently in the process of a major upgrade from an existing system that
> has been in collocation for three years, openbsd 3.5 with Pentium 3 hardware
> and 400gb total storage. The system hardware replacing it will have a hardware
> sata raid controller, and the original plan was to present the Array as one
> 2.1tb drive to Openbsd 3.8. The initial headache was obtaining all the
> hardware.
> 
> Reviewing documentation revealed this gem:
> 
> > 14.7 - What are the issues regarding large drives with OpenBSD?
> 
> > OpenBSD supports an individual file system of up to 231-1, or 2,147,483,647
> > sectors, and as each sector is 512 bytes, that's a tiny > amount less than
> > 1T.
> > 
> > There is also a 1T limit on the size of the physical disk, although under
> > *some* circumstances, that may not cause you problems up to 2T, although
> > this
> > is not guaranteed.
> 
> Is this hard limit because of issues with the filesystem? Would it be
> possible, limitations with the controller aside, to present the array as three
> 700mb slices and combine them with CCD? Or would I be faced with the same
> limitation because of the large disk size.

Yes. The 1TB disk limit is a limitation caused by the fact that a 32
bit signed number is used to address disk sectors. 2^31 * 512 = 1TB.

> The array is running raid 5 which is the reason for the large disk size.

Just divide the array up into logical volumes, but do not combine them
using ccd(4), but by mounting.

Lets's say you create 3 logical volumes.  You create filesystems on
them, and mount them. Since your setup probably has some top level
dirs anyway, you can use those as mount points. It requires some
planning, but should not be that hard. 

Not that creating very large filesystems also has some drawbacks:
mostly very long fsck times and high memory consumption. Also, after a
crash, fsck'ing the logical volumes can take VERY long, since by
default the system thinks the logical volmes are separate disks and
fsck them in parallel, so all disk i/o will go to the same disks. Use
the -l parameter to fsck to avoid that. 

-Otto

> 
> I am really stuck on this problem as Openbsd is my primary OS choice, but this
> is a deal breaker and I would like to explore all options before having to
> move to another OS.
> 
> Thank you for your time.

Workaround if your broadcom nic "timed out when disabling ethernet mac"

[Bryan Brake]

This annoyance started when I bought a brand-new Dell Inspiron 9300.  It 
comes with a Broadcom 4401 Ethernet NIC.  The NIC appeared to 
initialize, but when I tried to set the interface to "UP", the following 
error message occurs:


bce0: timed out when disabling ethernet mac
bce0: timed out writing pkt filter ctl
bce0: timed out writing pkt filter ctl
bce0: timed out writing pkt filter ctl
bce0: timed out writing pkt filter ctl
bce0: timed out writing pkt filter ctl
bce0: timed out writing pkt filter ctl

I updated to the latest snapshot (15 Feb), with no luck.  I stumbled 
upon this workaround by accident, as I was angry...


I posted my problem to BSDforums, 
(http://www.bsdforums.com/forums/showthread.php?t=39110) but received no 
answer, so I am posting this to the list, so that until it is fixed, 
this can be used as a work around.


My system was setup for the NIC to catch an IP via dhcp, so when I get:
bce0: no link

I logged in and do a quick "ifconfig bce0"

bce0: flags=8a43 mtu 1500
lladdr xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (none)
status: no carrier
inet6 :::::%bce0 prefixlen 64 scopeid 0x1

no carrier, huh?  Well, I just used this nic and cable to access my home 
network on windows XP, so it's not a hardware issue, or a cable issue.


Step 1.  ifconfig bce* up (at this point, if your rig is anything like 
mine, you will get the "disabling ethernet mac" and "pkt filter ctl" 
error again)


Step 2.  type ifconfig bce* up (one more time, and the "disabling 
ethernet mac" error should disappear)


Step 3.  hit the power button.  Don't "halt" or "reboot".  Hit the power 
button.


Step 4.  Restart your machine.  The operating system will complain about 
the dirty filesystem, but it will be cleaned, and the nic should work at 
this point.


You don't have to do it every time, but when you can't use your nic, 
this workaround should fix it.



I don't want to submit this as a "bug", because someone may say 
something like "it's not a bug, that is just what OpenBSD does... it's a 
feature".


If someone knows why this is happening, I would appreciate a little 
help.  Reading bce(4) only told me that it was having problems resetting 
the interface.  Searching for the error did little good to fix it.


Full dmesg below


Thanks

Bryan


OpenBSD 3.9-beta (GENERIC) #602: Wed Feb 15 17:33:53 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.86GHz ("GenuineIntel" 686-class) 
1.87 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 1400 MHz (1356 mV): unknown EST cpu, no changes 
possible

real mem  = 1073168384 (1048016K)
avail mem = 972529664 (949736K)
using 4278 buffers containing 5376 bytes (52500K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 09/19/05, BIOS32 rev. 0 @ 0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb7d0/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371 ISA and IDE" 
rev 0x00)

pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0x1!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82915GM/PM/GMS Host" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82915PM/GM PCIE" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "NVIDIA GeForce Go 6800" rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x03: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x03: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x03: irq 9
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x03: irq 7
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x03: irq 11
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd3
pci2 at ppb1 bus 2
bce0 at pci2 dev 0 function 0 "Broadcom BCM4401B0" rev 0x02: irq 9, 
address xx:xx:xx:xx:xx:xx

bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0
cbb0 at pci2 dev 1 function 0 "Ricoh 5C476 CardBus" 

Re: Large Drive issues / question

[Matthias Kilian]

On Fri, Feb 17, 2006 at 10:52:25PM +0100, Otto Moerbeek wrote:
> Not that creating very large filesystems also has some drawbacks:
> mostly very long fsck times and high memory consumption. [...]

And don't forget to consider tmp space consumption when using
dump(8) and restore(8).

Ciao,
Kili

Carp load balanced firewall with only one public IP?

[carlopmart]

Hi all,

 Somebody knows how can I setup two carp load balanced firewalls with 
obsd 3.8 or 3.9beta with only one public IP?


Thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com

Problems while replacing Cisco 3640 with OpenBSD and OpenBGPd (LONG)

[andrew fresh]

I have a Cisco router I am trying to replace.  I will describe the Cisco
box, the replacement OpenBSD router, the setup and finally what issues I
am having.  The bgpd.conf contents are at the bottom of the email.  If
there is some additional information that would be useful, please let me
know.

The old Cisco router (CiscoRTR01) is a 3640 with 128 megs of memory.  It
has 4 T1's out to the internet, 2 from Sprint (AS1239) and 2 from AT&T
(AS7018).  Each pair of lines has a BGP session associated with it.
However, it needs replacing because it is too slow to deal with the
number of pps as well as handle all of the BGP sessions. In addition, I
have to do major filtering of the BGP feeds because of memory limits. 

There is also a second router (RTR05), this one running OpenBSD and
OpenBGPd and working very well.  This router has 4 T1's as well, but
they are all from Frontier Communications (AS7011) so there is only a
single BGP session here.  

The two routers also have an iBGP session between them.

Both OpenBSD routers are as close to identical hardware as I could get
them.  Both are Dell PowerEdge 2450's with 512M ram, dual 733s, 2
Sangoma A102u cards and an additional dual port fxp card as well as the
on board fxp.  Both are running OpenBSD 3.8-stable.  Currently with
GENERIC kernal, not GENERIC-MP although I get the same issues with
GENERIC-MP.

The new OpenBSD router (RTR01) is supposed to be a drop in replacement
for the Cisco box.

As it is now, everything seems to work except the Cisco box is straining
to keep up.  When I swap in the OpenBSD box, everything appears to come
up, all the T1's come up (although one of the Sprint lines takes quite a
while) and all 3 bgp sessions come up (and get in sync amazingly faster
than the Cisco box).  

However, all routes show up as 'Incomplete' with a ? at the end of
bgpctl s rib:
RTR01 $ bgpctl s rib 199.104.207.8 all
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
*>199.104.207.0/2466.185.224.3   10029 1239 5650 5650 7011 ?
* 199.104.207.0/2466.185.224.3   100 0 7018 5650 5650 7011 ?

66.185.224.3 is the default gateway on RTR01.  If I just do 'bgpctl s
rib', looking through, I did not see any routes that did not have a '?'
at the end.  I didn't grep for that while the box was up though so I am
not sure that there weren't some.

On RTR05, while this new router is not plugged in, I get what I would
expect:
RTR05 $ bgpctl s rib 199.104.207.8 all
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
*>199.104.128.0/17216.190.36.145 100 0 7011 5650 6461 26978 
2900 i

But once the new RTR01 is plugged in, I get this on RTR05 (and I can no
longer get to the Internet):
RTR05 $ bgpctl s rib 199.104.207.8 all
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
I*>   199.104.207.0/24216.190.36.145 10029 1239 5650 5650 7011 ?


AS5650 is also Frontier, but the second AS on any of the AS paths out of
RTR05.

When RTR01 is plugged in, but RTR05 is not, I get the same issues with
the default gateway being chosen and the '?' indicating Incomplete.
However I don't have output from 'bgpctl s rib 199.104.207.8' all when
that is happening, so I do not remember what the aspath is.

On the new RTR01 all of the sessions come up and I get lots of prefixes:
$ bgpctl s
Neighbor ASMsgRcvdMsgSentOutQ  Up/Down
State/PrefixRcvd
AS 7018 AT&T  7018  33342 15 0 00:05:39 175331
AS 1239 Sprint1239  33232 11 0 00:04:17 176981
AS 22429 rrlhcrtr050 22429  34629  56030 0 00:06:45  13144

It seems that I should get more routes from RTR05 but I could be wrong.

BGP seems to work well on RTR05 as well:
$ bgpctl s
Neighbor ASMsgRcvdMsgSentOutQ  Up/Down
State/PrefixRcvd
AS 7011 Frontier (EL  7011  55893   1924 0 15:57:53 12
AS 22429 rrlhcrtr100 22429 104162 120304 0 00:00:46 174008

My problem appears to be an issue with the routes recieved on RTR01
being marked as 'Incomplete' but I am not sure how to figure out why
that would be.  

RTR01 bgpd.conf:
#macros
rrlhcrtr0500=66.185.224.9

# global configuration
AS 22429
router-id 66.185.224.1
network 66.185.224.0/20

# neighbors and peers
group "peering AS22429" {
set weight  50
remote-as   22429
local-address   66.185.224.1
neighbor $rrlhcrtr0500 {
descr   "AS 22429 rrlhcrtr0500"
}
}

neighbor 144.228.242.172 {
remote-as   1239
descr   "AS 1239 Sprint"
local-address   66.185.239.55
multihop  

Re: Large Drive issues / question

[Alexander Hall]

Vincent Meanie wrote:

Is this hard limit because of issues with the filesystem? Would it be 
possible, limitations with the controller aside, to present the array as 
three 700mb slices and combine them with CCD?


You'll still need a file system on the ccd, though. Maybe you could play 
with `newfs -S2048 ...', but I would be really scared to do so. I get a 
feeling that many many applications assume 512-byte sectors.


Try it. :)

Or would I be faced with 
the same limitation because of the large disk size.


Don't think so, since a decent raid controller should be "transparent", 
but I'm almost not even qualified to guess.


/Alexander

Re: Large Drive issues / question

[Vincent Meanie]

I am under the impression from documentation and misc list archives,  
that openbsd doesn't support logical volumes only CCD.


Also I am planning on booting from the array, to gain the benefits of  
fail-over from the array.


On Feb 17, 2006, at 1:52 PM, Otto Moerbeek wrote:



On Fri, 17 Feb 2006, Vincent Meanie wrote:

I have reviewed many faq's and searched the mailing list archives  
but found

nothing.

I am currently in the process of a major upgrade from an existing  
system that
has been in collocation for three years, openbsd 3.5 with Pentium  
3 hardware
and 400gb total storage. The system hardware replacing it will  
have a hardware
sata raid controller, and the original plan was to present the  
Array as one
2.1tb drive to Openbsd 3.8. The initial headache was obtaining all  
the

hardware.

Reviewing documentation revealed this gem:


14.7 - What are the issues regarding large drives with OpenBSD?


OpenBSD supports an individual file system of up to 231-1, or  
2,147,483,647
sectors, and as each sector is 512 bytes, that's a tiny > amount  
less than

1T.

There is also a 1T limit on the size of the physical disk,  
although under
*some* circumstances, that may not cause you problems up to 2T,  
although

this
is not guaranteed.


Is this hard limit because of issues with the filesystem? Would it be
possible, limitations with the controller aside, to present the  
array as three
700mb slices and combine them with CCD? Or would I be faced with  
the same

limitation because of the large disk size.


Yes. The 1TB disk limit is a limitation caused by the fact that a 32
bit signed number is used to address disk sectors. 2^31 * 512 = 1TB.

The array is running raid 5 which is the reason for the large disk  
size.


Just divide the array up into logical volumes, but do not combine them
using ccd(4), but by mounting.

Lets's say you create 3 logical volumes.  You create filesystems on
them, and mount them. Since your setup probably has some top level
dirs anyway, you can use those as mount points. It requires some
planning, but should not be that hard.

Not that creating very large filesystems also has some drawbacks:
mostly very long fsck times and high memory consumption. Also, after a
crash, fsck'ing the logical volumes can take VERY long, since by
default the system thinks the logical volmes are separate disks and
fsck them in parallel, so all disk i/o will go to the same disks. Use
the -l parameter to fsck to avoid that.

-Otto



I am really stuck on this problem as Openbsd is my primary OS  
choice, but this
is a deal breaker and I would like to explore all options before  
having to

move to another OS.

Thank you for your time.

Re: Large Drive issues / question

[Spruell, Darren-Perot]

From: [EMAIL PROTECTED] 
> I am under the impression from documentation and misc list archives,  
> that openbsd doesn't support logical volumes only CCD.

Huh? Use your _RAID_ volume managment to create multiple logical volumes and
these will appear to your BSD box as multiple, smaller disks. Use each of
these for broader mount points closer to the root of your file system and
you can work with them.

DS 

slow downloads to gateway

[Bachman Kharazmi]

I'm running obsd 3.8 release on my gateway. Two xl nics are installed.
The GW does NAT which works very well,
All downloads from internet=>hosts behind the gw with local IPs goes
really fast.
But from internet to the GW's harddisk is ~20% of what the LAN hosts
speed are through the GW.

I know the harddrive on the gw isn't the bottleneck.

Are there anything else I should check?

here's my pf.conf:
ext_if="xl1" # External Interface
int_if="xl0" # Internal Interface
subnet="192.168.1.0/24"
friends = "{ 130.235.0.0/16, 194.17.154.0/24, 62.20.54.0/24 81.170.235.0/24 }"
set loginterface $ext_if
set skip on lo0
scrub in all
#Default NAT from my subnet
nat on $ext_if from $subnet to any -> $ext_if
# default deny
block in from any to $ext_if
block out from $ext_if to any
pass out on $ext_if inet proto tcp all flags S/SA keep state
pass out on $ext_if inet proto udp all keep state
pass out on $ext_if inet proto icmp all keep state
#ssh from friends
pass in log on $ext_if inet proto tcp from $friends to $ext_if port 22
keep state
#vsftpd
pass in log on $ext_if inet proto tcp from $friends to $ext_if port 21
keep state
#nameserver
pass in on $ext_if inet proto tcp from any to $ext_if port 53 keep state
pass in on $ext_if inet proto udp from any to $ext_if port 53 keep state

Regards
/bkw
--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

Re: slow downloads to gateway

[Melameth, Daniel D.]

Bachman Kharazmi wrote:
> I'm running obsd 3.8 release on my gateway. Two xl nics are installed.
> The GW does NAT which works very well,
> All downloads from internet=>hosts behind the gw with local IPs goes
> really fast.
> But from internet to the GW's harddisk is ~20% of what the LAN hosts
> speed are through the GW.
> 
> I know the harddrive on the gw isn't the bottleneck.
> 
> Are there anything else I should check?

You don't really define what slow is, but you might want to try
increasing net.inet.tcp.recvspace to start.

Re: ifconfig man/usage err wrt deletetunnel on 3.9-beta (correction)

[Brad Ely]

On Fri, 17 Feb 2006 02:36:36 -0500
Brad Ely <[EMAIL PROTECTED]> wrote:
  Duh, 3.9-beta of course
> The man page (and usage message) for ifconfig on 3.8-beta seems to
   
> be out of date with respect to the current behavior when deleting
> a tunnel.
> 
> # ifconfig tun0 create
> # ifconfig tun0
> tun0: flags=10 mtu 3000
> groups: tun
> # ifconfig tun0 10.0.0.1 10.0.0.2
> # ifconfig tun0
> tun0: flags=51 mtu 3000
> groups: tun
> inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00
> # #NOTE: deletetunnel doesn't work
> # ifconfig tun0 deletetunnel
> ifconfig: SIOCDIFPHYADDR: Invalid argument
> # #NOTE: but delete does
> # ifconfig tun0 delete
> # ifconfig tun0
> tun0: flags=51 mtu 3000
> groups: tun
> # ifconfig tun0 destroy
> # ifconfig tun0
> tun0: no such interface
> #

Re: make fails on @pkgpath net/libnet

[Marc Espie]

On Fri, Feb 17, 2006 at 08:48:44AM -0600, [EMAIL PROTECTED] wrote:
> Novice Alert!
> 
> I keep hitting this error output when trying pkg_add or use ports
> method to install nmap
> 
> The instant cases were  pkg_add nmap-3.95p0-no_x11.tgz
> 
> Error is:   Unknown element: @pkgpath net/libdnet,no_python

> So what is the root problem?  Does nmap really need all that?
> Anyone know what this error is trying to tell me?

You're mixing up -stable with -current, which does not work on OpenBSD.

Re: updating the kernel to CURRENT

[Nick Holland]

Spruell, Darren-Perot wrote:
From: [EMAIL PROTECTED] 
When updating the kernel to CURRENT (in the case, 3.9), do I 
have to update

ports and already installed packages?


I think the OP is using words in non-standard ways.
The kernel is one file, "/bsd".
Ports and packages are the add-on stuff.
Missing from the question is the userland -- the utilities and such that 
makes OpenBSD (or any OS) go.


OpenBSD is the combination of the userland and kernel.  I'm going to 
guess that's what the OP meant by "kernel".



Packages and ports should stay in sync with the rest of the userland. The OS
should stay in synch with the kernel since there are important dependencies
on kernel interfaces.

So I would guess if you want to run CURRENT kernel, you will be best served
running CURRENT userland as well, and subsequently ports will need to follow
CURRENT as well.

Maybe you should consider a snapshot.

(hoping I'm not misleading on this...)


Technically, you are somewhat wrong, practically, you are mostly correct. :)

The kernel and userland must be kept in sync for a fully functioning 
system (though a brief "new kernel, old userland" usually works for the 
middle of the remote upgrade process).  Newly installed packages must 
match the rest of the OS.  Packages built from ports must be from a 
ports tree that matches the OS.


HOWEVER... as the upgrade process does not remove the old library files, 
old packages will (usually) continue to run on an UPGRADED system 
(however, don't try to install an old package on a newly-installed (not 
upgraded) system).  So, technically, you are wrong, you could keep using 
old ports on new systems.


Practically, you are right.  Try to live with that concept, you run into 
at least a couple issues:
* Dependancies: new packages may be dependent upon newer versions of 
packages you already have installed.  Might as well upgrade them on your 
schedule.
* Security: third party software seems to have a non-trivial rate of 
security issues.  You probably want to keep it up to date.  You will 
probably have more reason to worry about updating the apps than the OS 
itself.


As long as you are updating the system, just update the ports and packages.

And yes, always use a snapshot (or release, or other prepared binary). 
Compiling is for customizing (which you probably don't need to do) or 
for -stable.  Upgrading is done using binaries.


Nick.

Re: OpenBGP on firewall

[Paolo Supino]

Hi Henning

 Thanx for the reply :-)
How do I make sure that the master is the one that advertises the routes 
to avoid asymmetric and packet loss?
Since these FW systems will also act as a ISPEC peers (2 permanent and 
some couple of concurrent road warriors) what would you estimate be a 
good enough hardware that will keep the load (ball park numbers will do 
;-))?







TIA
Paolo



Henning Brauer wrote:


* Paolo Supino <[EMAIL PROTECTED]> [2006-02-16 19:54]:
 

I started working for a company that its production site is running 2 
PIX firewalls with no VRRP (to save cost on licensing, duh). I offered 
and they approved to replace them with 2 OpenBSD and CARP. In front of 
the FW there is a Cisco 7200 router doing BGP. I offered to remove the 
router and use OpenBGP on the OpenBSD firewalls instead, thus achieving 
failover on BGP too. But I don't know whether this is a good idea or 
should I add 2 more OpenBSD systems specifically for BPG?
   



in prinicple, usinf bgpd on teh same machines is fine. you should take 
care that the car master also is the one that announces the best route 
to you so that you don't get too assymetric traffic flows. otherwise 
you'll see performance issues and some packet loss, likely.
with seperate machines for bgpd and stateless filtering that is not an 
issue at all.
I always wanted to add something so that you can make a prepend-self 1 
depending on carp state... maybe i should revive that idea

Re: tutorial for securing wifi networks with ipsec and openbsd, somewhere?

[Rod.. Whitworth]

On Mon, 6 Feb 2006 23:49:50 + (UTC), Christian Weisgerber wrote:

>Christian Weisgerber <[EMAIL PROTECTED]> wrote:
>
>> Okay, this is as good an opportunity as any to write down what I
>> did to my wireless a while ago:
>
>Meanwhile, ipsecctl has gained support for pre-shared key authentication.
>So in 3.9, things are simpler still:
>
>Configure dhcpd on the gateway (172.16.1.1) to always give the same
>address (172.16.1.99) to my laptop, based on its MAC address.
>
>Start up "isakmpd -K" on both machines.
>No isakmpd configuration.  None.
>
>On the gateway, create a one-line /etc/ipsec.conf:
>
>ike esp from any to 172.16.1.99 psk "secretpassphrase"
>
>On the laptop, create a one-line /etc/ipsec.conf:
>
>ike esp from ral0 to any peer 172.16.1.1 psk "secretpassphrase"
>
>Run "ipsecctl -f /etc/ipsec.conf" on both machines.
>Congratulations, you have set up IPsec.
>
>Repeat the same procedure for additional wireless clients.  Wait a
>moment, you say, does that mean that two hosts on the wireless will
>talk to each other through the IPsec gateway rather than directly?
>That's right, but in infrastructure mode, i.e., if you use an access
>point, the packets already cross the air twice (host 1 -> AP ->
>host 2).  Looping them through the gateway doesn't add appreciable
>overhead.
>
>The wireless clients only need to talk ISAKMP (to authenticate and
>renegotiate keys) and ESP to the gateway.  Block everything else
>on the gateway:
>
>block return on $wlan all
>pass in  on $wlan proto esp to $wlan keep state
>pass out on $wlan proto esp from $wlan keep state
>pass in  on $wlan proto udp to $wlan port isakmp keep state
>pass out on $wlan proto udp from $wlan port isakmp keep state
>
>Actually, there is one more thing, and it's important.  With the
>setup above, you will run into MTU issues with hosts behind the
>gateway.  The symptom is that bulk data transfers _to_ the wireless
>host will be redicuously slow or stall completely.  There must be
>a better way, but in the meantime TCP MSS clamping on the gateway
>works:
>
>scrub in on enc0 all max-mss 1318
>
>As far as pf is concerned, all decoded IPsec traffic is from the
>enc0 interface.  If you use the "antispoof" directive, make sure
>to add a pass rule for traffic on enc0.
>

I see no reason why you should be able to answer this question as I
don't expect you to know about how windows does things but on the
off-chance that you or a kind lurker does know:

Is there a way to let a client using XP connect as simply as that?
Alternatively, as windows is rarely simple, a way to let XP connect to
the same setup?

Thanks,
Rod/

>-- 
>Christian "naddy" Weisgerber  [EMAIL PROTECTED]
>
>

>From the land "down under": Australia.
Do we look  from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

trouble building boost + workaround

[Benjamin A. Collins]

I've recently been struggling to get boost-1.33.1 built on
OpenBSD-current (I presume that the rest of this message also applies
to -stable, but YMMV), and after much toiling and dumping of hours
into a black hole, I think I have found a way to build boost without
errors.

If you simply run

$ bjam "-sTOOLS=gcc"

you will encounter many, many errors.  Some of these errors will go
away simply by substituting c++ for gcc:

$ bjam "-sTOOLS=c++"

but there will still be errors.

To get around those errors, cd to ~/libs/config (where '~' means the
boost root dir) and do

$ sh configure

This will generate a file called 'user.hpp' which contains
preprocessor tokens that will help boost build for your
compiler+platform combination.  It isn't entirely correct though.  The
'user.hpp' that is generated from the configure script will not
alleviate problems in building:
a) threaded libraries (particularly the threads library)
b) wchar_t-based regex

To get multithreaded libraries, just go down to the group of #define's in
'user.hpp' and add

#define BOOST_HAS_THREADS

I haven't yet found a way to make regex build with wchar_t support, so
I disabled it by adding this to 'user.hpp':

#define BOOST_NO_WREGEX

This obviously won't help you understand what's really going on, but
hopefully someone else who has been having trouble might find this
information to be helpful.

--
Benjamin Collins <[EMAIL PROTECTED]>

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: trouble building boost + workaround

[ben . collins]

whoops.  I forgot to include a couple of important details.

After generating your 'user.hpp' and editing it as previously
described, copy 'user.hpp' to ~/boost/config/user.hpp

Then, cd back to the root dir of the boost src, and run this:

$ bjam "-sTOOLS=gcc" "-sBUILD=-I/usr/local/include 
-L/usr/local/lib" stage

... lots of output ...

$ bjam "-sTOOLS=gcc" "-sBUILD=-I/usr/local/include 
-L/usr/local/lib" install

... more output ...


After this, assuming all went well, boost will now be installed in
/usr/local/lib and /usr/local/include/boost-1_33_1


--
Benjamin Collins <[EMAIL PROTECTED]>

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Large Drive issues / question

[Otto Moerbeek]

On Fri, 17 Feb 2006, Spruell, Darren-Perot wrote:

> From: [EMAIL PROTECTED] 
> > I am under the impression from documentation and misc list archives,  
> > that openbsd doesn't support logical volumes only CCD.
> 
> Huh? Use your _RAID_ volume managment to create multiple logical volumes and
> these will appear to your BSD box as multiple, smaller disks. Use each of
> these for broader mount points closer to the root of your file system and
> you can work with them.

Yes, like this:

[EMAIL PROTECTED]:1]$ dmesg | egrep 'ami|sd' 
ami0 at pci0 dev 11 function 0 "Symbios Logic MegaRAID" rev 0x01: irq 10 LSI 
523 64b/lhc
ami0: FW 713N, BIOS vG119, 64MB RAM
ami0: 1 channels, 0 FC loops, 2 logical drives
scsibus0 at ami0: 40 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI2 0/direct fixed
sd0: 3MB, 3 cyl, 64 head, 32 sec, 512 bytes/sec, 6144 sec total
sd1 at scsibus0 targ 1 lun 0:  SCSI2 0/direct fixed
sd1: 1104736MB, 1104736 cyl, 64 head, 32 sec, 512 bytes/sec, 2262499328 sec 
total
scsibus1 at ami0: 16 targets

[EMAIL PROTECTED]:2]$ sudo bioctl ami0 
Volume  Status Size   Device  
 ami0 0 Online3145728 sd0 RAID5
  0 Online   300085673984 0:0.0   noencl 
  1 Online   300085673984 0:1.0   noencl 
  2 Online   300085673984 0:2.0   noencl 
  3 Online   300085673984 0:3.0   noencl 
 ami0 1 Online  1158399655936 sd1 RAID0
  0 Online   300085673984 0:0.0   noencl 
  1 Online   300085673984 0:1.0   noencl 
  2 Online   300085673984 0:2.0   noencl 
  3 Online   300085673984 0:3.0   noencl 

One array, two logical drives: sd0 and sd1.

-Otto

Re: filesystem full problem [SOLVED]

[Adam PAPAI]

Jared Solomon wrote:

sudo rm -rf /var/porn


The problem was:

_after_ deleting '/var/porn' the df -h showed me still 105% disk usage 
... fstat and pkill smbd solved the problem. ;)


--
Adam PAPAI
D i g i t a l Influence
http://www.digitalinfluence.hu
Phone: +36 30 33-55-735
E-mail: [EMAIL PROTECTED]