diff: plug telldir/seekdir leaks and more (fwd)

[Otto Moerbeek]

Trying to find testers, see below,

-Otto


-- Forwarded message --
Date: Wed, 29 Mar 2006 10:24:40 +0200 (CEST)
From: Otto Moerbeek [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: diff: plug telldir/seekdir leaks and more



On Fri, 24 Mar 2006, Otto Moerbeek wrote:

 Hi,
 
 This is a revised version of the diff Paul Thorn
 [EMAIL PROTECTED] send some time ago. It's a mix of
 Paul's diff, FreeBSD code and my own:
 
 - plug a huge leak that occurs if telldir() is called, but no
 corresponding seekdir(). Samba is suffering from that. 
 - Use a data structure local to DIR to store the telldir data. FreeBSD
 uses a linked list, I chose to use an array, which avoids allocating
 lots of small chunks, the index becomes implicit as well, so we can
 drop a field from the struct.
 - Make sure that loc = telldir();  seekdir(loc); telldir() returns loc,
 as POSIX requires. This is an area that can be improved, since it now
 scans the array.
 
 Note that one documented behaviour is changed. POSIX does not require
 it, and most other Unix-like system do not give that guarantee.
 
 Please review and test, especially on setup that uses telldir and
 seekdir. AFAIK, no program in base does that, but at least samba
 does.

Not a single reply to this so far. There must be some samba users
hiding here. 

The diff is in snaps as well, to accomodate even easier testing.

I'll crosspost this to misc@ as well, I know it's not done, but I
really need test reports.

-Otto
 
 Index: include/dirent.h
 ===
 RCS file: /cvs/src/include/dirent.h,v
 retrieving revision 1.15
 diff -u -p -r1.15 dirent.h
 --- include/dirent.h  13 Dec 2005 00:35:22 -  1.15
 +++ include/dirent.h  24 Mar 2006 09:08:19 -
 @@ -59,6 +59,7 @@
  /* definitions for library routines operating on directories. */
  #define  DIRBLKSIZ   1024
  
 +struct _telldir;
  /* structure describing an open directory. */
  typedef struct _dirdesc {
   int dd_fd;  /* file descriptor associated with directory */
 @@ -69,6 +70,7 @@ typedef struct _dirdesc {
   longdd_seek;/* magic cookie returned by getdirentries */
   longdd_rewind;  /* magic cookie for rewinding */
   int dd_flags;   /* flags for readdir */
 + struct _telldir *dd_td; /* telldir position recording */
  } DIR;
  
  #define  dirfd(dirp) ((dirp)-dd_fd)
 @@ -106,7 +108,7 @@ int getdirentries(int, char *, int, long
   __attribute__ ((__bounded__(__string__,2,3)));
  #endif /* __BSD_VISIBLE */
  #if __XPG_VISIBLE
 -long telldir(const DIR *);
 +long telldir(DIR *);
  void seekdir(DIR *, long);
  #endif
  #if __POSIX_VISIBLE = 199506 || __XPG_VISIBLE = 500
 Index: lib/libc/gen/closedir.c
 ===
 RCS file: /cvs/src/lib/libc/gen/closedir.c,v
 retrieving revision 1.6
 diff -u -p -r1.6 closedir.c
 --- lib/libc/gen/closedir.c   8 Aug 2005 08:05:33 -   1.6
 +++ lib/libc/gen/closedir.c   24 Mar 2006 09:08:19 -
 @@ -33,6 +33,7 @@
  #include stdlib.h
  #include unistd.h
  #include thread_private.h
 +#include telldir.h
  
  /*
   * close a directory.
 @@ -45,12 +46,12 @@ closedir(DIR *dirp)
  
   if ((ret = _FD_LOCK(dirp-dd_fd, FD_READ, NULL)) != 0)
   return (ret);
 - seekdir(dirp, dirp-dd_rewind); /* free seekdir storage */
   fd = dirp-dd_fd;
   dirp-dd_fd = -1;
   dirp-dd_loc = 0;
 - free((void *)dirp-dd_buf);
 - free((void *)dirp);
 + free(dirp-dd_td-td_locs);
 + free(dirp-dd_buf);
 + free(dirp);
   ret = close(fd);
   _FD_UNLOCK(fd, FD_READ);
   return (ret);
 Index: lib/libc/gen/directory.3
 ===
 RCS file: /cvs/src/lib/libc/gen/directory.3,v
 retrieving revision 1.16
 diff -u -p -r1.16 directory.3
 --- lib/libc/gen/directory.3  2 Jun 2003 20:18:34 -   1.16
 +++ lib/libc/gen/directory.3  24 Mar 2006 09:08:19 -
 @@ -135,12 +135,6 @@ from which they are derived.
  If the directory is closed and then reopened, the
  .Fn telldir
  value may be invalidated due to undetected directory compaction.
 -It is safe to use a previous
 -.Fn telldir
 -value immediately after a call to
 -.Fn opendir
 -and before any calls to
 -.Fn readdir .
  .Pp
  The
  .Fn rewinddir
 Index: lib/libc/gen/opendir.c
 ===
 RCS file: /cvs/src/lib/libc/gen/opendir.c,v
 retrieving revision 1.15
 diff -u -p -r1.15 opendir.c
 --- lib/libc/gen/opendir.c10 Oct 2005 17:37:43 -  1.15
 +++ lib/libc/gen/opendir.c24 Mar 2006 09:08:19 -
 @@ -40,6 +40,8 @@
  #include string.h
  #include unistd.h
  
 +#include telldir.h
 +
  /*
   * Open a directory.
   */
 @@ -67,10 +69,16 @@ __opendir2(const char *name, int flags)
   return (NULL);
   }
   if (fcntl(fd, F_SETFD, 

Problem with apache-proxy on sparc

[oliver simon]

Hi Group,

we are trying to run an apache on an openbsd 3.8 on a sun E420 as
proxy-server for some internal applications.

The problem is, that setting up the proxy does not work correctly ...
It does only use the port-settings of the server, it should connect, but
seems to decline the ip-address completely, an puts out the following log.

Would someone take a look at that ? Any help is appreciated. Please be
sure to shoot a mail, if anyone needs more information ...

Apache error_log


[Tue Mar 28 17:25:18 2006] [notice] Apache/1.3.29 (Unix) mod_ssl/2.8.16
OpenSSL/0.9.7g configured -- resuming normal operations
[Tue Mar 28 17:25:18 2006] [info] Server built: unknown
[Tue Mar 28 17:25:18 2006] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Tue Mar 28 17:25:25 2006] [debug] proxy_cache.c(0): No CacheRoot, so no
caching. Declining.
[Tue Mar 28 17:25:25 2006] [error] [client 81.14.150.150] (22)Invalid
argument: proxy connect to 0.0.0.0 port 443 failed
[Tue Mar 28 17:25:25 2006] [debug] proxy_cache.c(0): No CacheRoot, so no
caching. Declining.


The proxy.conf is included by the httpd.conf.

proxy.conf


ProxyRequests Off
# ProxyVia On

Directory proxy:*
SSLRequireSSL
Order deny,allow
Deny from all
Allow from all
AuthType Basic
AuthName picturesafe | Interner Bereich
AuthUserFile conf/.htpasswd
AuthGroupFile /dev/null
Require valid-user
/Directory

# SLOX
#---
ProxyPass /appl https://10.0.20.38
ProxyPassReverse /appl https://10.0.20.38
ProxyPass /servlet/ https://10.0.20.38/servlet/
ProxyPassReverse /servlet/ https://10.0.20.38/servlet/
ProxyPass /start/ https://10.0.20.38/start/
ProxyPassReverse /start/ https://10.0.20.38/start/
ProxyPass /suse/ https://10.0.20.38/suse/
.
ProxyPass /wiki/ http://10.64.5.247/wiki/
ProxyPassReverse /wiki/ http://10.64.5.247/wiki/

Thanks a lot for reading up to here :)

Greetings, o/s

Re: openbsd and the money

[Michael Schmidt]

Roger Neth Jr wrote:


On 3/28/06, Daniel Walrond [EMAIL PROTECTED] wrote:
 


On Thu, Mar 23, 2006 at 03:09:08PM +0100, frantisek holop wrote:
   


[...]

unfortunately there is no real community around openbsd. at least
i dont see one -- one where there are people without cvs commit.
if you don't have cvs commit, you are a nobody that's what misc@
will teach any newcomer using iron and fire. i try to be part
of a community but the devs say you are nobody and should be glad
that you can use this stuff.
 


[...]

Yes as users we are lucky to be able to use such quality code which
OpenBSD produces. I think it's a pritty hard job to be a developer, paid
consultant and offer free user support to the user base. So don't be so
quick to judge, without trying it yourself ;)
[...]
   


Dan, good insight and thanks for the adivce.
 



Years ago I have had the opportunity to meet e.g. Wim. Remembering that, 
I would like to say that I can agree with Dan and Roger.


--
Michael Schmidt MIRRORS:
DJGPP   ftp://ftp.fh-koblenz.de/pub/DJGPP/
Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/

Re: ant-junit and ANT_HOME help

[MikeG]

Jeremy Huiskamp wrote:




Hi,

junit.jar is in the classpath but removing it (once the test  classes 
are built) doesn't help, I get the exact same error.



Why are you removing it?  It needs to be on the classpath during  
compile and while you run the tests.  How is junit supposed to run if  
it's not even loaded?  Also, I believe ant-junit.jar must be on the  
classpath *before* you write in the junit task (not within the task  
itself).  Ant can't load the task up if it doesn't have an  
implementation for it.  I'd recommend sticking both junit.jar and ant- 
junit.jar in ANT_HOME/lib because junit will obviously have to load  
before ant-junit.



Thanks Jeremy, a combination of those ideas worked.

I was indicating that I'd tried it both ways. I'd thought that removing 
junit.jar from the classpath may help in the case where the first class 
was being found by a classloader that then couldn't find the second when 
the request should have been passed on to a classloader that can find 
both. Thought it was worth a try anyway.


Reply to everyone
Sorry for including commented out sections in the example. Belive me it 
wasn't my intention to confuse anyone, quite the opposite. I was trying 
to show you all the options I had tried.


My original post was asking what $ANT_HOME should be on OpenBSD as the 
optional ant jars are not in a directory called lib and I couldn't find 
anything that looks like the normal ant install tree. So I still think 
the question was relevent to this list.


Adding a symlink called lib and pointing $ANT_HOME to that does work at 
least in this case. Maybe that should be part of the package.


MikeG

Re: sudo nopasswd rm

[MikeG]

You only need write access to the directory to delete files (unless the 
sticky bit is set).  Make the dir writable by a group the shell script 
runs as.
   



IMHO, this is very bad advice (at least unless you know much more
about the context of Marco's question).

Directory write access is very powerful.  It does not only allow
to delete files, but also create new files, to change the ownership
of files (by copying them and deleting the original) und thus
ultimately to change the contents of all files in the directory.

On top of that, depending on the context, it might be a bad idea
to make the whole shell script SGID - this is a possible violation
of the principle of least privilege.

 

Yes you're right, I was just throwing an idea into the mix without 
considering all the possible scenarios.
BTW, I wouldn't advocate SGID scripts, rather that the group of the user 
running the script could be used. Though as you say this may still allow 
far too much access.


Mike

Hurricane-LX800 embedded system

[Alexey E. Suslikov]

http://www.lippert-at.com/index.php?id=367

Quote:

The Hurricane-LX800 is an EPIC standard formatted board using AMD's
powerful yet frugal Geode (tm) LX800 processor. This module integrates
all peripherals needed to build an embedded PC on a small 115 mm x
165 mm (4.5 x 6.5) printed circuit board. Using a CS5536 I/O
companion and a Super I/O chip, all the standard peripherals are
already on board.

The system RAM can be as large as 1 GB. There is graphics controller
with VGA, LVDS and TFT adapters available. With Ethernet, USB and
serial ports, the Hurricane-LX800 is a very versatile machine.

The Hurricane-LX800 uses only a mere 5,3 watts and can operate in the
extended temperature range of -40..+85C without additional cooling.
It is supplied with 5V only and does ACPI, advanced and PCI power
management.

An robust and well-designed enclosure is available for system
integrators.

Application areas for the Hurricane-LX800 are industrial automation,
automotive, medical devices, and military.

Hurricane-LX800 embedded system

[Alexey E. Suslikov]

Here is a case for this monster:

http://www.windowsfordevices.com/files/misc/lippert-epic-box.jpg

Re: Problem with apache-proxy on sparc

[Mark Prins]

[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote on :

 Hi Group,
 
 
 
 [Tue Mar 28 17:25:18 2006] [notice] Apache/1.3.29 (Unix)
 mod_ssl/2.8.16 OpenSSL/0.9.7g configured -- resuming normal operations
 [Tue Mar 28 17:25:18 2006] [info] Server built: unknown
 [Tue Mar 28 17:25:18 2006] [notice] Accept mutex: sysvsem (Default:
 sysvsem) [Tue Mar 28 17:25:25 2006] [debug] proxy_cache.c(0): No
 CacheRoot, so no
 caching. Declining.
 [Tue Mar 28 17:25:25 2006] [error] [client 81.14.150.150] (22)Invalid
 argument: proxy connect to 0.0.0.0 port 443 failed
 [Tue Mar 28 17:25:25 2006] [debug] proxy_cache.c(0): No
 CacheRoot, so no
 caching. Declining.

I think you gotta have a valid CacheRoot or stick in: 

NoCache *

As in 
IfModule mod_proxy.c
ProxyRequests Off
NoCache *


[EMAIL PROTECTED]

 
 The proxy.conf is included by the httpd.conf.
 
 proxy.conf
 
 
 ProxyRequests Off
 # ProxyVia On
 
 Directory proxy:*
 SSLRequireSSL
 Order deny,allow
 Deny from all
 Allow from all
 AuthType Basic
 AuthName picturesafe | Interner Bereich
 AuthUserFile conf/.htpasswd
 AuthGroupFile /dev/null
 Require valid-user
 /Directory
 
 # SLOX
 #---
 ProxyPass /appl https://10.0.20.38
 ProxyPassReverse /appl https://10.0.20.38
 ProxyPass /servlet/ https://10.0.20.38/servlet/
 ProxyPassReverse /servlet/ https://10.0.20.38/servlet/
 ProxyPass /start/ https://10.0.20.38/start/
 ProxyPassReverse /start/ https://10.0.20.38/start/
 ProxyPass /suse/ https://10.0.20.38/suse/
 .
 ProxyPass /wiki/ http://10.64.5.247/wiki/
 ProxyPassReverse /wiki/ http://10.64.5.247/wiki/
 
 Thanks a lot for reading up to here :)
 
 Greetings, o/s



-- 
drs. Mark C. Prins
Spatial Fusion Specialist / Network Administration
SkypeMe@ skype:mark.prins-caris.nl



--

CARIS Geographic Information Systems BV
phone: +31 413 296 010
fax: +31 413 296 012
web: http://www.caris.nl
product support: [EMAIL PROTECTED]
sales/marketing: [EMAIL PROTECTED]

This email contains confidential information for the intended recipient.
If you are not the intended addressee, please notify us immediately.
You should not use, disclose, distribute or copy this communication
if received in error.
No binding contract will result from this message until such a time as
a written contract has been signed on behalf of the company named above.

This message has been scanned for viruses using McAfee Groupshield.
This message may have been modified by the virusscanner.

Re: pf and passive (ftp) port tricks

[Michael Schmidt]

David Elze wrote:


Well, I needed the exact same thing and did it with pure-ftpd[1] via the
command-line option -p 5:50400 and an pf.conf entry like pass in
on $if tcp from any to $if port 5:50400. Maybe this is an option
for you too.
 



Hello,

thanks for your feedback, David. And for yours too, Per-Olov.
But that4s not exactly what I want, maybe my description has not been 
clear enough as I in my first posting I had forgotten to mention what I 
wrote a few minutes later in a short follow-up to my own text.


The scenario is the following one:

My intention is that I do not want to allow the ftp-daemon to offer all 
so-called well-known ports as passive ports to the publicity which 
accesses one of our public ftp servers.


The next point is that it is not only a very small range of ports (or in 
the most extreme case: a single port) which shall be offered as 
accessable, but the very small range of ports (or a single port) has to 
change at regular short intervals so that in case a hacker or 
person/software trying-to-intrude even if detecting an open port by 
coincidence does not know which will be the next open port in the 
shortest possible interval, as it (the next open port) is calculated by 
random generation.


Both, the ftp-daemon and pf have to know this very small range of ports 
(or the single open port) and have to handle this.
The advantage is that even in case there are existing/running ftp 
connections using open passive ports AND with beginning of the next 
interval of generation an other open passive port is propagated, the 
open port(s) of the still running ftp connections are not lost as long 
as the new pf rule is only loaded and the pf states are not flushed.


Meanwhile I have thought about it a bit more and written and tested a 
script which does exactly that. As I am not sure whether it is of 
interest, I want to ask if I shall post it here?


Have a nice day
Michael

--
Michael Schmidt MIRRORS:
DJGPP   ftp://ftp.fh-koblenz.de/pub/DJGPP/
Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/

OpenBGP: aggregating routes / set neighbor next-hop

[Falk Brockerhoff]

Hello,

I'm just playing around with OpenBGP on OpenBSD3.8. My BGP Session  
comes up, MD5 works fine. OpenBGP is a intuitiv tool and works fine. :)


But I didn't find any documentation for migrating some parts of my  
cisco config to openbgpd. I configured internal BGP between my core- 
router and an openbgp border-router. The session comes up and  
openbgpd receives all my prefixes from the core-router, multiple /32  
addresses, some /29-networks and so on. But I want only to be  
specified networks announced to my external bgp-neighbor. On my Cisco  
border-router I done this with an aggregate-address 192.168.0.0  
255.255.255.0-Statement.


I take a look on the documentation, searched the source-code for  
anything spelled like aggregate or something like this, but I wasn't  
lucky. The network-Statement isn't doing aggregating, is it?



The second problem is, that I want to announce an external full-feed,  
received with openbgpd, to my core-router. This works fine, but the  
next-hop is the ip-adress of my external bgp-neighbor. But it should  
be the ip-address of the border-router. On Cisco I configured   
neighbor 10.0.0.2 next-hop-self, but how to do this with openbgp?


I hope you can give me a hint to solve this to little problems, thanks!

Regards

Falk Brockerhoff

Public Key Authentication Vs X509 Authentication system

[Gordon Ross]

I'm looking to setup a VPN system linking OpenBSD, Cisco  Linux. I've
got the OpenBSD/Linux interrop working in the lab with X509 certs
(Haven't started on the Cisco side yet)

I'd like to clarify the difference between Host Keys  X509 Certs.

As I understand it, using Host Keys, the client generates a key pair
and sends it's public key to the server. From what I can see, this
would be OK if you using a central server that all clients would talk
through.

Using X509 certs, the client generates a cert, which gets signed by
the CA. All devices have copies of the CA cert, and nothing needs to be
copied around between any of the devices. This appears to be best when
you are looking to setup a mesh VPN network.

Have I understood things correctly ? Any gotchas that I've missed ?

Thanks,

GTG

Re: Ftp problem

[Michael Schmidt]

Szymon wrote:


PC!l AndrC!s napisaE(a):


Hello Misc!
I have a problem about ftp connections.
[...]
I can connect to the server from my router but can't from the other 
machines behind the router. I tried behind my neighbour's wireless 
router to it did the same. My ftp client message was:

Data connection timed out.
Falling back to PORT instead of PASV mode.
List failed.
I think it means that the client connected the server but it couldn't 
list the directory.



http://www.bsdguru.org/dyskusja/viewtopic.php?t=11593



Perhaps it is not the same problem or effect as yours, but I have had 
situations where it was only necessary to issue a epsv off command 
(more actual ftp clients know this) directly after logon and then 
directory listing was possible, without using ftp-proxy.


--
Michael Schmidt MIRRORS:
DJGPP   ftp://ftp.fh-koblenz.de/pub/DJGPP/
Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/

Errors during start of Xorg on 3.9

[Swen Simon]

(I was redirected to misc@ from an user, thanks for the hint :)

Greetings!

I installed OpenBSD 3.9 few hours ago and all works fine, instead of X.
I never used Xorg on an OBSD system and generated a new config with Xorg
-configure.

Following errors appears:

(WW) xf86AcquireGART: AGPIOC_ACQUIRE failed (Device busy)
(WW) GARTInit: AGPIOC_INFO failed (Device not configured)
_XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be
created.
_XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno =
2
_XSERVTransMakeAllCOTSServerListeners: failed to create listener for local
...
FreeFontPath: FPE /usr/X11R6/lib/X11/fonts/misc/ refcount is 2,
should be 1; fixing.

I googled many hours to fix that, found no solution or hint about that. The
permissions on /tmp are correct
and should work for other users (can create files in it). It takes also (~)
10 seconds to start the window manager.

xorg.conf: http://pastebin.com/628483
Xorg.0.log: http://pastebin.com/628488
dmesg: http://pastebin.com/628493

Anyone else that problems? Hints or solutions are welcome! Thanks.

Swen

Re: Errors during start of Xorg on 3.9

[Stuart Henderson]

On 2006/03/29 12:57, Swen Simon wrote:
 I installed OpenBSD 3.9 few hours ago and all works fine, instead of X.
 I never used Xorg on an OBSD system and generated a new config with Xorg
 -configure.

Did you answer yes to the do you want to run X question during install?
If not, edit /etc/sysctl.conf (machdep.allowaperture=2) and reboot.

Re: Errors during start of Xorg on 3.9

[Swen Simon]

2006/3/29, Stuart Henderson [EMAIL PROTECTED]:

 On 2006/03/29 12:57, Swen Simon wrote:
  I installed OpenBSD 3.9 few hours ago and all works fine, instead of X.
  I never used Xorg on an OBSD system and generated a new config with
 Xorg
  -configure.

 Did you answer yes to the do you want to run X question during
 install?
 If not, edit /etc/sysctl.conf (machdep.allowaperture=2) and reboot.


Yes, i did. machdep.allowaperture is actually set to 2.

ftp-proxy two isp

[john gotti]

hi all , my network scheme is as follow

isp1-\
  obsd -lan
isp2-/


on obsd  i've succefully set load balancing outgoinng conn , but i also
using ftp-proxy ( i mean tool pftpx which is impelemented in 3.9 now ) using
the rules as follow:

nat-anchor pftpx/*
rdr-anchor pftpx/*
.
rdr on $if_lan proto tcp from $lan to any port 21 - 127.0.0.1 port 8021
...
anchor pftpx/*
...
pass in quick on $if_lan route-to (lo0 127.0.0.1) proto tcp from $lan to any
port 8021 keep state

and it's working fine but .. default route on obsd is set for isp2 , so all
of the ftp conn going thorugh isp2.  My question is : is there any chance to
set on pf and tell that ftp conn going to isp1.( without changing default
route :) coz ive got vpn peer bind to isp2 )  I was tryin use route-to on
loopback inteface to force this behavior but no success. I also wondering
that is that an issue with ftp-proxy itself a some chnages has to be make
there.??


thanks for reply
dalgorno

Re: OpenBGP: aggregating routes / set neighbor next-hop

[Henning Brauer]

* Falk Brockerhoff [EMAIL PROTECTED] [2006-03-29 12:38]:
 Hello,
 
 I'm just playing around with OpenBGP on OpenBSD3.8. My BGP Session  
 comes up, MD5 works fine. OpenBGP is a intuitiv tool and works fine. :)
 
 But I didn't find any documentation for migrating some parts of my  
 cisco config to openbgpd. I configured internal BGP between my core- 
 router and an openbgp border-router. The session comes up and  
 openbgpd receives all my prefixes from the core-router, multiple /32  
 addresses, some /29-networks and so on. But I want only to be  
 specified networks announced to my external bgp-neighbor. On my Cisco  
 border-router I done this with an aggregate-address 192.168.0.0  
 255.255.255.0-Statement.
 
 I take a look on the documentation, searched the source-code for  
 anything spelled like aggregate or something like this, but I wasn't  
 lucky. The network-Statement isn't doing aggregating, is it?

njet. we don't have any aggregate code, and you're the first one ever 
to ask :)

 The second problem is, that I want to announce an external full-feed,  
 received with openbgpd, to my core-router. This works fine, but the  
 next-hop is the ip-adress of my external bgp-neighbor. But it should  
 be the ip-address of the border-router. 

of course! you should have an IBGP that makes your other routes have a 
route to that... like OpenOSPFD :)

 On Cisco I configured   
 neighbor 10.0.0.2 next-hop-self, but how to do this with openbgp?

that, again, is sth nobody ever asked for or missed :)
however, the (completely untested except for compilation) diff below 
should add set nexthop self.

Index: bgpd.h
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
retrieving revision 1.195
diff -u -p -r1.195 bgpd.h
--- bgpd.h  22 Mar 2006 13:30:35 -  1.195
+++ bgpd.h  29 Mar 2006 12:08:44 -
@@ -598,6 +598,7 @@ enum action_types {
ACTION_SET_NEXTHOP_REJECT,
ACTION_SET_NEXTHOP_BLACKHOLE,
ACTION_SET_NEXTHOP_NOMODIFY,
+   ACTION_SET_NEXTHOP_SELF,
ACTION_SET_COMMUNITY,
ACTION_DEL_COMMUNITY,
ACTION_PFTABLE,
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.184
diff -u -p -r1.184 parse.y
--- parse.y 22 Mar 2006 13:30:35 -  1.184
+++ parse.y 29 Mar 2006 12:08:44 -
@@ -159,7 +159,7 @@ typedef struct {
 %token FROM TO ANY
 %token CONNECTED STATIC
 %token PREFIX PREFIXLEN SOURCEAS TRANSITAS COMMUNITY DELETE
-%token SET LOCALPREF MED METRIC NEXTHOP REJECT BLACKHOLE NOMODIFY
+%token SET LOCALPREF MED METRIC NEXTHOP REJECT BLACKHOLE NOMODIFY SELF
 %token PREPEND_SELF PREPEND_PEER PFTABLE WEIGHT RTLABEL
 %token ERROR
 %token IPSEC ESP AH SPI IKE
@@ -1386,6 +1386,11 @@ filter_set_opt   : LOCALPREF number  {
fatal(NULL);
$$-type = ACTION_SET_NEXTHOP_NOMODIFY;
}
+   | NEXTHOP SELF  {
+   if (($$ = calloc(1, sizeof(struct filter_set))) == NULL)
+   fatal(NULL);
+   $$-type = ACTION_SET_NEXTHOP_SELF;
+   }
| PREPEND_SELF number   {
if (($$ = calloc(1, sizeof(struct filter_set))) == NULL)
fatal(NULL);
@@ -1599,6 +1604,7 @@ lookup(char *s)
{ route-reflector,REFLECTOR},
{ router-id,  ROUTERID},
{ rtlabel,RTLABEL},
+   { self,   SELF},
{ set,SET},
{ softreconfig,   SOFTRECONFIG},
{ source-as,  SOURCEAS},
@@ -2505,6 +2511,7 @@ get_rule(enum action_types type)
switch (type) {
case ACTION_SET_PREPEND_SELF:
case ACTION_SET_NEXTHOP_NOMODIFY:
+   case ACTION_SET_NEXTHOP_SELF:
out = 1;
break;
default:
Index: printconf.c
===
RCS file: /cvs/src/usr.sbin/bgpd/printconf.c,v
retrieving revision 1.54
diff -u -p -r1.54 printconf.c
--- printconf.c 22 Mar 2006 13:30:35 -  1.54
+++ printconf.c 29 Mar 2006 12:08:45 -
@@ -114,6 +114,9 @@ print_set(struct filter_set_head *set)
case ACTION_SET_NEXTHOP_NOMODIFY:
printf(nexthop no-modify );
break;
+   case ACTION_SET_NEXTHOP_SELF:
+   printf(nexthop self );
+   break;
case ACTION_SET_PREPEND_SELF:
printf(prepend-self %u , s-action.prepend);
break;
Index: rde.h
===
RCS file: /cvs/src/usr.sbin/bgpd/rde.h,v
retrieving revision 1.90
diff -u -p -r1.90 rde.h

Re: OpenBGP: aggregating routes / set neighbor next-hop

[Falk Brockerhoff]

Am 29.03.2006 um 14:11 schrieb Henning Brauer:

Hi Henning, hello list,


njet. we don't have any aggregate code, and you're the first one ever
to ask :)


Hm, it's unbelievable that I'm the first asking for aggregation :) I  
can do aggregation on my core-router, but I think aggregation should  
alway be done by the border-routers. Or what's your opinion?



of course! you should have an IBGP that makes your other routes have a
route to that... like OpenOSPFD :)


Hm, this is a possibilty. But as I already configured BGP between my  
core and border-routers, I think will prefer the nexthop-self solution.



that, again, is sth nobody ever asked for or missed :)
however, the (completely untested except for compilation) diff below
should add set nexthop self.


Ui, you're realy fast :-) Thank you for your quick response. I'll  
compile this and test it with a spare old Cisco-Router as  
Development-Core next weekend. I'll give you a feedback about it.


Regards,

Falk Brockerhoff

Re: pf and passive (ftp) port tricks

[Tobias Ulmer]

On Wed, Mar 29, 2006 at 12:08:04PM +0200, Michael Schmidt wrote:
 David Elze wrote:
 
 Well, I needed the exact same thing and did it with pure-ftpd[1] via the
 command-line option -p 5:50400 and an pf.conf entry like pass in
 on $if tcp from any to $if port 5:50400. Maybe this is an option
 for you too.
  
 
 
 Hello,
 
 thanks for your feedback, David. And for yours too, Per-Olov.
 But that4s not exactly what I want, maybe my description has not been 
 clear enough as I in my first posting I had forgotten to mention what I 
 wrote a few minutes later in a short follow-up to my own text.
 
 The scenario is the following one:
 
 My intention is that I do not want to allow the ftp-daemon to offer all 
 so-called well-known ports as passive ports to the publicity which 
 accesses one of our public ftp servers.
 
 The next point is that it is not only a very small range of ports (or in 
 the most extreme case: a single port) which shall be offered as 
 accessable, but the very small range of ports (or a single port) has to 
 change at regular short intervals so that in case a hacker or 
 person/software trying-to-intrude even if detecting an open port by 
 coincidence does not know which will be the next open port in the 
 shortest possible interval, as it (the next open port) is calculated by 
 random generation.
 
 Both, the ftp-daemon and pf have to know this very small range of ports 
 (or the single open port) and have to handle this.
 The advantage is that even in case there are existing/running ftp 
 connections using open passive ports AND with beginning of the next 
 interval of generation an other open passive port is propagated, the 
 open port(s) of the still running ftp connections are not lost as long 
 as the new pf rule is only loaded and the pf states are not flushed.
 
 Meanwhile I have thought about it a bit more and written and tested a 
 script which does exactly that. As I am not sure whether it is of 
 interest, I want to ask if I shall post it here?
 
 Have a nice day
 Michael
 
 -- 
 Michael Schmidt MIRRORS:
 DJGPP   ftp://ftp.fh-koblenz.de/pub/DJGPP/
 Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
 


I think this portrange thing and writing scripts is not needed. These
rules should be enough for anonymous ftp (if you used the OpenBSD ftpd
and set it up like described in the manpage):

pass in on $ext_if proto tcp ... port ftp keep state
pass in on $ext_if proto tcp ... port  49151 user ftp keep state

It should also work with multiple users (using groups), bit I didn't try
it.

Tobias

Re: OpenBGP: aggregating routes / set neighbor next-hop

[tony sarendal]

  The second problem is, that I want to announce an external full-feed,
  received with openbgpd, to my core-router. This works fine, but the
  next-hop is the ip-adress of my external bgp-neighbor. But it should
  be the ip-address of the border-router.

 of course! you should have an IBGP that makes your other routes have a
 route to that... like OpenOSPFD :)


or rewrite nexthop so you can run without an IGP.

When I tested openbgp I did that with the filter and set, although
next-hop-self
would have been nice.

/Tony

Re: OpenBSD and the money

[Bachman Kharazmi]

Your order currently is:
- 1 [T23] Wireframe Blowfish Shirt (M)  @ EUR 20.00
- EUR 10.00 [DON] DONATION to the OpenBSD Project
- Total: EUR 30.00 + Shipping.

This is what I can afford as a student. It's for the first time I
donate/buy anything from openbsd.org. I hope it helps a very little
bit at least...
/bkw

On 23/03/06, Peter Fraser [EMAIL PROTECTED] wrote:
 Just out of curiosity, why are you trying to take in money by nickels
 and dimes rather than obtaining research grants from the Alberta
 government?

 Alberta is rolling in cash, and has specifically stated it wants to
 invest in technological research so that it will be in a good position
 when oil money begins to dwindle.  OpenBSD could surely qualify as a
 research organization without too much trouble, at which point you'd be
 eligible for substantial provincial funding.

 I recognize that government grants come with red-tape, and people are
 often disdainful of taking hand-outs.  In this case, however, I'd
 think the pros outweigh the cons.  Don't you have a wish-list of things
 you'd implement or improve if you got sufficient funding?

 Something to think about...

Re: OpenBGP: aggregating routes / set neighbor next-hop

[Will H. Backman]

 On Cisco I configured
 neighbor 10.0.0.2 next-hop-self, but how to do this with openbgp?

that, again, is sth nobody ever asked for or missed :)
however, the (completely untested except for compilation) diff below
should add set nexthop self.

Index: bgpd.h

How come Cisco doesn't send me the source code to feature updates when I
request them?
Cisco must be too busy counting my money. :)

Re: OpenBGP: aggregating routes / set neighbor next-hop

[Claudio Jeker]

On Wed, Mar 29, 2006 at 01:33:15PM +0100, tony sarendal wrote:
   The second problem is, that I want to announce an external full-feed,
   received with openbgpd, to my core-router. This works fine, but the
   next-hop is the ip-adress of my external bgp-neighbor. But it should
   be the ip-address of the border-router.
 
  of course! you should have an IBGP that makes your other routes have a
  route to that... like OpenOSPFD :)
 
 
 or rewrite nexthop so you can run without an IGP.
 

... and call for a lot of trouble when your network is growing.
IMO this is a bad advice. 90% of all set nexthop usages are a hack
around a network design error. No matter if it is on OpenBSD, cisco or
whatever.

 When I tested openbgp I did that with the filter and set, although
 next-hop-self
 would have been nice.
 

BTW: setting up an IGP for your network is not that complex. Just have a
look at ospfd(8) :)

-- 
:wq Claudio

Re: OpenBGP: aggregating routes / set neighbor next-hop

[tony sarendal]

On 29/03/06, Falk Brockerhoff [EMAIL PROTECTED] wrote:

 Am 29.03.2006 um 14:11 schrieb Henning Brauer:

 Hi Henning, hello list,

  njet. we don't have any aggregate code, and you're the first one ever
  to ask :)

 Hm, it's unbelievable that I'm the first asking for aggregation :) I
 can do aggregation on my core-router, but I think aggregation should
 alway be done by the border-routers. Or what's your opinion?


In larger networks you usually want to do routing manipulation at
the origination point of a prefix, aggregation at the edge makes this
difficult or impossible.

In those networks we don't use any aggregation of prefixes.
In general I try to avoid it anyway if I build something new.

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   I couldn't help it, it's my nature =-

Re: OpenBGP: aggregating routes / set neighbor next-hop

[Claudio Jeker]

On Wed, Mar 29, 2006 at 02:32:17PM +0200, Falk Brockerhoff wrote:
 Am 29.03.2006 um 14:11 schrieb Henning Brauer:
 
 Hi Henning, hello list,
 
 njet. we don't have any aggregate code, and you're the first one ever
 to ask :)
 
 Hm, it's unbelievable that I'm the first asking for aggregation :) I  
 can do aggregation on my core-router, but I think aggregation should  
 alway be done by the border-routers. Or what's your opinion?
 

What do you need to aggregate and why? In most cases a set of network
statements on the border routers is enough. Unless you run a big (as in
fucking huge) network. You should announce the network range you recieved
from your RIR and not splitting it up. Especially it makes no sense to use
aggregation on border routers if you do not have use IGP.

 of course! you should have an IBGP that makes your other routes have a
 route to that... like OpenOSPFD :)
 
 Hm, this is a possibilty. But as I already configured BGP between my  
 core and border-routers, I think will prefer the nexthop-self solution.
 

IGP and iBGP are two different things and work in a completely different
way. iBGP is used to direct external traffic in the most optimal way out
of your network. IGP is used to route incomming and internal traffic
including fast rerouting in case of network failures.

 that, again, is sth nobody ever asked for or missed :)
 however, the (completely untested except for compilation) diff below
 should add set nexthop self.
 
 Ui, you're realy fast :-) Thank you for your quick response. I'll  
 compile this and test it with a spare old Cisco-Router as  
 Development-Core next weekend. I'll give you a feedback about it.
 

Hennings diff looks good. Only minor thing is the missing IPv6 support.

-- 
:wq Claudio

Re: OpenBGP: aggregating routes / set neighbor next-hop

[tony sarendal]

On 29/03/06, Claudio Jeker [EMAIL PROTECTED] wrote:

 On Wed, Mar 29, 2006 at 01:33:15PM +0100, tony sarendal wrote:
The second problem is, that I want to announce an external
 full-feed,
received with openbgpd, to my core-router. This works fine, but the
next-hop is the ip-adress of my external bgp-neighbor. But it should
be the ip-address of the border-router.
  
   of course! you should have an IBGP that makes your other routes have a
   route to that... like OpenOSPFD :)
 
 
  or rewrite nexthop so you can run without an IGP.
 

 ... and call for a lot of trouble when your network is growing.
 IMO this is a bad advice. 90% of all set nexthop usages are a hack
 around a network design error. No matter if it is on OpenBSD, cisco or
 whatever.


I don't agree.
A large network does not have to have an IGP to carry the BGP,
no matter size, it depends of the requirements of the network.

A normal design is to use the IGP for to carry the network (links and
loopbacks)
and punch the rest into BGP. A BGP-only design will allow you to have
features
like per-link-direction routing for every single prefix which wil allow you
to do
traffic engineering in a network per prefix by just modifying origination
point
bgp communities. I.e I want this specific prefix to have it's metric bumped
by 100
on the LON-AMS and 500 on OSL-STO to offload this traffic of away
from those links
for a while. Or I don't want this prefix advertised over links which has MTU
less that 4470
to avoid fragmentation.

You can do a lot of things in a bgp-only network which you can't do with an
IGP,
as long as the limitations that bgp offers aren't a show stopper for you,
and as long
as it suites the network you are running.

Also I have seen countless network problems just due to problems in one of
the many
routing and forwarding layers, think protocol pancakes and mpls, one
protocol is simple.

/Tony

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   I couldn't help it, it's my nature =-

Re: Dynamically update DNS info in DHCPD.CONF

[NetNeanderthal]

On 3/29/06, Isaac Levy [EMAIL PROTECTED] wrote:
 On 3/28/06, NetNeanderthal [EMAIL PROTECTED] wrote:
  [EMAIL PROTECTED] ~]$ man -k python
  python: nothing appropriate


 Is your python install broken?

It must be.  I checked four other default OpenBSD installs, it's
broken on every one of them as well -- this must be a py5n1 epidemic
of dangerous proportion.

Zoom Model 4320 USB Bluetooth Adaptor

[Fábio Olivé Leite]

Hi [EMAIL PROTECTED]

I was wondering if there would be any reason for this usb bluetooth
adapter not to work on OpenBSD. I can't find any mentions of ubt(4)
supported devices on the man page or on the archives, so just thought
I'd spam misc@ before buying it.

Please answer to me, I'm not on the list.

http://shop1.outpost.com/product/4717829?site=sr:SEARCH:MAIN_RSLT_PG
if anyone cares.

Thanks for your time!
fabio.olive
--
i drowned in the universal pool of entropy
eris has saved me, and she has set me free
ex sed lex awk yacc, e pluribus unix, amem

Re: UKUUG Spring Conference 2006: photo-reportage

[Daniel Walrond]

On Sun, Mar 26, 2006 at 06:10:55PM +0100, Constantine A. Murenin wrote:
 I trust everyone had a lot of fun at the recent UKUUG LISA conference!

Yep :)

 I've depicted some of this fun in the photographs, and here you can
 see what you have missed if you have not attended:
 
 URL:http://mojo.ru/uk/uug/2006-03/

Some more photos for people:

http://photos.djw.org.uk/ukuug200603/



Dan

Re: OpenBGP: aggregating routes / set neighbor next-hop

[Claudio Jeker]

On Wed, Mar 29, 2006 at 02:22:13PM +0100, tony sarendal wrote:
 On 29/03/06, Claudio Jeker [EMAIL PROTECTED] wrote:
 
  On Wed, Mar 29, 2006 at 01:33:15PM +0100, tony sarendal wrote:
 The second problem is, that I want to announce an external
  full-feed,
 received with openbgpd, to my core-router. This works fine, but the
 next-hop is the ip-adress of my external bgp-neighbor. But it should
 be the ip-address of the border-router.
   
of course! you should have an IBGP that makes your other routes have a
route to that... like OpenOSPFD :)
  
  
   or rewrite nexthop so you can run without an IGP.
  
 
  ... and call for a lot of trouble when your network is growing.
  IMO this is a bad advice. 90% of all set nexthop usages are a hack
  around a network design error. No matter if it is on OpenBSD, cisco or
  whatever.
 
 
 I don't agree.
 A large network does not have to have an IGP to carry the BGP,
 no matter size, it depends of the requirements of the network.
 

I did not talk about redistributing BGP information into an IGP (that's
totaly sick). I'm talking about the need for an IGP to glue your network
correctly together so that BGP is working as it should.

 A normal design is to use the IGP for to carry the network (links and
 loopbacks) and punch the rest into BGP. A BGP-only design will allow you
 to have features like per-link-direction routing for every single prefix
 which wil allow you to do traffic engineering in a network per prefix by
 just modifying origination point bgp communities. I.e I want this
 specific prefix to have it's metric bumped by 100 on the LON-AMS and
 500 on OSL-STO to offload this traffic of away from those links for a
 while. Or I don't want this prefix advertised over links which has MTU
 less that 4470 to avoid fragmentation.
 

I think we're talking about the same thing you just used more words :)
In large networks you use a minimum IGP (in ospfd you would only use
interface statements but no redistribute rule) over that skeleton you run
a BGP mesh. Without the IGP there is not skeleton and your BGP mesh
falls totaly appart. In one point your right it is often better to
redistribute (customer) networks via BGP. The filtering capabilities 
of OSPF are simply non-existent and so traffic engineering is often
impossible.

 You can do a lot of things in a bgp-only network which you can't do with
 an IGP, as long as the limitations that bgp offers aren't a show stopper
 for you, and as long as it suites the network you are running.
 

You can only run a BGP only network if your core network is consistent and
to achieve that you normaly need some sort of IGP.

 Also I have seen countless network problems just due to problems in one
 of the many routing and forwarding layers, think protocol pancakes and
 mpls, one protocol is simple.
 

Yep, I suffered too.

Anyway, systems of that size should be administrated by people who know
how routing works. Handicraft enthusiast do not get that far...

-- 
:wq Claudio

LSI Raid Card

[Gaby vanhegan]

Hi,

If I got one of these:

http://www.lsilogic.com/products/megaraid/sata_150_4.html

Which is supported under the ami driver, and that I'll have four  
drives in RAID 5, each in these:

http://www.ebuyer.com/customer/products/index.html? 
action=c2hvd19wcm9kdWN0X292ZXJ2aWV3product_uid=99222

Am I still going to be able to use the nice blink functions in  
bioctl?  I'd like to know which drive my RAID card thinks has died...

Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

Re: OpenBGP: aggregating routes / set neighbor next-hop

[tony sarendal]

On 29/03/06, Claudio Jeker [EMAIL PROTECTED] wrote:


 I did not talk about redistributing BGP information into an IGP (that's
 totaly sick). I'm talking about the need for an IGP to glue your network
 correctly together so that BGP is working as it should.


That was not what I was talking about either, that would be sick.
I was talking about a network with no traditional IGP, only BGP.



 

 You can only run a BGP only network if your core network is consistent and
 to achieve that you normaly need some sort of IGP.


The IGP is used for BGP to validate next hop is it not (among other things)
?
If the next hop is directly connected then you don't need that anymore.

If you are interested have a read of this old thread
http://www.michnet.net/mail.archives/nanog/2002-09/msg2.html
and note Alex Yurievs comments.

Being able to decide what how to handle each prefix at every hop in the
network
offers some featurettes which you can't get without MPLS TE, and maybe not
even then
in reality.

/Tony

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   I couldn't help it, it's my nature =-

Re: Errors during start of Xorg on 3.9

[Joachim Schipper]

On Wed, Mar 29, 2006 at 12:57:29PM +0200, Swen Simon wrote:
 (I was redirected to misc@ from an user, thanks for the hint :)
 
 Greetings!
 
 I installed OpenBSD 3.9 few hours ago and all works fine, instead of X.
 I never used Xorg on an OBSD system and generated a new config with Xorg
 -configure.
 
 Following errors appears:
 
 (WW) xf86AcquireGART: AGPIOC_ACQUIRE failed (Device busy)
 (WW) GARTInit: AGPIOC_INFO failed (Device not configured)
 _XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be
 created.

Huh?
 _XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno =
 2

Okay...

 _XSERVTransMakeAllCOTSServerListeners: failed to create listener for local
 ...
 FreeFontPath: FPE /usr/X11R6/lib/X11/fonts/misc/ refcount is 2,
 should be 1; fixing.
 
 I googled many hours to fix that, found no solution or hint about that. The
 permissions on /tmp are correct
 and should work for other users (can create files in it). It takes also (~)
 10 seconds to start the window manager.
 
 xorg.conf: http://pastebin.com/628483
 Xorg.0.log: http://pastebin.com/628488
 dmesg: http://pastebin.com/628493
 
 Anyone else that problems? Hints or solutions are welcome! Thanks.

Provided that the message marked 'Huh?' is correct, you are trying to
run X as a non-root user. That doesn't work. (Or, to be more precise,
the full windowing stuff should always run as a non-root user, but only
root can start the X server. Normal users use xdm/kdm/... or startx.)

Joachim

Re: LSI Raid Card

[Jon Simola]

On 3/29/06, Gaby vanhegan [EMAIL PROTECTED] wrote:

 Am I still going to be able to use the nice blink functions in
 bioctl?  I'd like to know which drive my RAID card thinks has died...

You'd have to get a backplane with safte or ses that the card can talk
to. The drive enclosures you linked to are dumb sleds. They do have
activity lights, so you could always perform some heavy drive activity
and, by a process of elimination, the one without the blinking
activity light is the failed drive.

--
Jon Simola
Systems Administrator
ABC Communications

bioctl problem reporting hotspare status - ami0

[openbsd]

  I recently built a new system with an LSI Logic Megaraid 150-6 and 6
  Seagate drives.  I configured 5 drives in a RAID 5 configuration
  with the 6th as a hotspare.

  Initially, bioctl reported the RAID status correctly.  After I
  manually simulated failing a drive (shutdown and physically remove
  power from one drive), the Megaraid controller did as expected,
  ie. added the hotspare and started rebuilding the array.  I let the
  rebuild finish and again shutdown and re-powered the failed drive.
  At that point, I tried to use bioctl to change the status of the
  latter drive to Hotspare via bioctl -H 0:4 ami0.  The latter
  command apparently completes successfully; however, the status
  continues to show Unused.

x2 506sudo bioctl -H 0:4 ami0
x2 507sudo bioctl -h ami0
Volume  Status Size   Device
 ami0 0 Online   3.9G sd0 RAID5
  0 Online  74.5G 0:0.0   noencl ST3808110AS 3.AA
  1 Online  74.5G 0:1.0   noencl ST3808110AS 3.AA
  2 Online  74.5G 0:2.0   noencl ST3808110AS 3.AA
  3 Online  74.5G 0:3.0   noencl ST3808110AS 3.AA
  4 Online  74.5G 0:5.0   noencl ST3808110AS 3.AA
 ami0 1 Online   294G sd1 RAID5
  0 Online  74.5G 0:0.0   noencl ST3808110AS 3.AA
  1 Online  74.5G 0:1.0   noencl ST3808110AS 3.AA
  2 Online  74.5G 0:2.0   noencl ST3808110AS 3.AA
  3 Online  74.5G 0:3.0   noencl ST3808110AS 3.AA
  4 Online  74.5G 0:5.0   noencl ST3808110AS 3.AA
 ami0 2 Unused  74.5G 0:4.0   noencl ST3808110AS 3.AA

  I have since used the Megaraid BIOS to change the status of 0:4 to
  Hotspare and observe that the BIOS does correctly reflect the
  hotspare status.  However, bioctl still reports it as Unused.

  I also tried bioctl -vDH 0:4 ami0 which didn't change the hotspare
  status but did produce the following:
bioctl: cookie = 0x81bc2d40

  The Megaraid 150-6 does have the latest firmware.


OpenBSD 3.9-current (GENERIC.MP) #759: Mon Mar 27 04:29:19 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1073016832 (1047868K)
avail mem = 908169216 (886884K)
using 22937 buffers containing 107507712 bytes (104988K) of memory
mainbus0 (root)
mainbus0: Intel MP Specification (Version 1.1) (ASUSTeK  )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2002.84 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2002.56 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
mpbios: bus 0 is type PCI   
mpbios: bus 1 is type PCI   
mpbios: bus 2 is type ISA   
ioapic0 at mainbus0 apid 2 pa 0xfec0, version 3, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 VIA K8HTB Host rev 0x00
pchb1 at pci0 dev 0 function 1 VIA K8HTB Host rev 0x00
pchb2 at pci0 dev 0 function 2 VIA K8HTB Host rev 0x00
pchb3 at pci0 dev 0 function 3 VIA K8HTB Host rev 0x00
pchb4 at pci0 dev 0 function 4 VIA K8HTB Host rev 0x00
pchb5 at pci0 dev 0 function 7 VIA K8HTB Host rev 0x00
ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Radeon 9200 PRO rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ATI Radeon 9200 PRO Sec rev 0x01 at pci1 dev 0 function 1 not configured
skc0 at pci0 dev 10 function 0 Marvell Yukon 88E8001/8003/8010 rev 0x13, 
Marvell Yukon Lite (0x9): apic 2 int 17 (irq 10)
sk0 at skc0 port A, address 00:15:f2:44:40:ad
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
ami0 at pci0 dev 14 function 0 Symbios Logic MegaRAID rev 0x01: apic 2 int 19 
(irq 3)
ami0: LSI 523, 64b/lhc, FW 713N, BIOS vG119, 64MB RAM
ami0: 1 channels, 0 FC loops, 2 logical drives
scsibus0 at ami0: 40 targets
sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00,  SCSI2 0/direct fixed
sd0: 4000MB, 4000 cyl, 64 head, 32 sec, 512 bytes/sec, 

Re: LSI Raid Card

[Per-Olov Sjöholm]

On Wednesday 29 March 2006 16.27, Gaby vanhegan wrote:
 Hi,

 If I got one of these:

 http://www.lsilogic.com/products/megaraid/sata_150_4.html

 Which is supported under the ami driver, and that I'll have four
 drives in RAID 5, each in these:

 http://www.ebuyer.com/customer/products/index.html?
 action=c2hvd19wcm9kdWN0X292ZXJ2aWV3product_uid=99222

 Am I still going to be able to use the nice blink functions in
 bioctl?  I'd like to know which drive my RAID card thinks has died...

 Gaby

 --
 Junkets for bunterish lickspittles since 1998!
 http://www.playr.co.uk/sudoku/
 http://weblog.vanhegan.net/

I think it should work with a command like bioctl -b channel:target.lun 
ami0.  If its not in an enclosure it will tell...

Try man bioctl


/Per-Olov
-- 
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: LSI Raid Card

[Marco Peereboom]

You show me a SATA drive that has an LED first :-)

On Wed, Mar 29, 2006 at 03:27:30PM +0100, Gaby vanhegan wrote:
 Hi,
 
 If I got one of these:
 
 http://www.lsilogic.com/products/megaraid/sata_150_4.html
 
 Which is supported under the ami driver, and that I'll have four  
 drives in RAID 5, each in these:
 
 http://www.ebuyer.com/customer/products/index.html? 
 action=c2hvd19wcm9kdWN0X292ZXJ2aWV3product_uid=99222
 
 Am I still going to be able to use the nice blink functions in  
 bioctl?  I'd like to know which drive my RAID card thinks has died...
 
 Gaby
 
 --
 Junkets for bunterish lickspittles since 1998!
 http://www.playr.co.uk/sudoku/
 http://weblog.vanhegan.net/

Re: LSI Raid Card

[Gaby vanhegan]

On 29 Mar 2006, at 17:46, Jon Simola wrote:
 On 3/29/06, Gaby vanhegan [EMAIL PROTECTED] wrote:
 Am I still going to be able to use the nice blink functions in
 bioctl?  I'd like to know which drive my RAID card thinks has died...

 You'd have to get a backplane with safte or ses that the card can talk
 to. The drive enclosures you linked to are dumb sleds. They do have
 activity lights, so you could always perform some heavy drive activity
 and, by a process of elimination, the one without the blinking
 activity light is the failed drive.

I thought that this might be the case.  A backplane of some sort is
totally outside my budget.  I'll just have to carefully label and
wire up the drives in their 'sleds' :)  They do have two lights, one
for power and one for drive activity.  I was just wondering if the
activity light could be reached by bioctl.

On 29 Mar 2006, at 18:01, Per-Olov Sjvholm wrote:
 I think it should work with a command like bioctl -b
 channel:target.lun
 ami0.  If its not in an enclosure it will tell...

 Try man bioctl

When I get my sweaty little hands on the card, I'll give that a try.

On 29 Mar 2006, at 18:03, Marco Peereboom wrote:
 You show me a SATA drive that has an LED first :-)

Fair point.  The caddy does claim to have a light, but if bioctl only
talks to SAFTE enclosures and backplanes for this sort of thing, it's
not usable for this purpose.

Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

Festivals.be - agenda update

[Festivals.be]

Version frangaise ci-dessous  Nederlandse versie hieronder

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Festivals.be  Update your info !

Dont forget to add or update your event information on Festivals.be 
the n01 festival site in Belgium.

Place a link to Festivals.be on your website (using one of the buttons
available at : http://www.festivals.be/festival .html ) and send an
e-mail when this is done to [EMAIL PROTECTED] with your event details,
website.

Of course it's totally free.

Greg

http://www.festivals.be

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

Festivals.be  Mise ` jour de vos donnies !

Noubliez pas dajouter ou de mettre ` jour vos information sur
Festivals.be  le site n01 sur les festivals en Belgique.

Placez un lien vers Festivals.be sur votre site web (en utilisant un des
boutons disponible ` ladresse : http://www.festivals.be/festival .html
).
Dhs que cest fait, envoyez un e-mail ` ladresse [EMAIL PROTECTED] avec
les ditails de votre ivinement et ladresse de votre site web.

Bien s{r c'est totalement gratuit.

Greg

http://www.festivals.be

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

Festivals.be  Informatie update !

Vergeet niet uw gegevens te updaten op Festivals.be de n0 1 festival
site in Belgik.

Plaats een link naar Festivals.be op uw website (gebruik daarvoor een van
de buttons op http://www.festivals.be/festival .html ).
Stuur dan een email naar [EMAIL PROTECTED] met alle details en de website
van uw evenement.

Natuurlijk is het 100% gratis.

Greg

http://www.festivals.be

Re: OpenBGP: aggregating routes / set neighbor next-hop

[Daniel Ouellet]

Falk Brockerhoff wrote:

Hello,

I'm just playing around with OpenBGP on OpenBSD3.8. My BGP Session comes 
up, MD5 works fine. OpenBGP is a intuitiv tool and works fine. :)


Just a word of BIG caution on this MD5 usage. There was a bug corrected 
in 3.9 for MD5 when the remote reset the session. Make sure to upgrade 
to 3.9 and NOT to run the 3.8 when MD5 is in use. You will sleep much 
better, believe me.


Thanks

Daniel

Re: OpenBGP: aggregating routes / set neighbor next-hop

[Daniel Ouellet]

Daniel Ouellet wrote:

Falk Brockerhoff wrote:

Hello,

I'm just playing around with OpenBGP on OpenBSD3.8. My BGP Session 
comes up, MD5 works fine. OpenBGP is a intuitiv tool and works fine. :)


Just a word of BIG caution on this MD5 usage. There was a bug corrected 
in 3.9 for MD5 when the remote reset the session. Make sure to upgrade 
to 3.9 and NOT to run the 3.8 when MD5 is in use. You will sleep much 
better, believe me.



Just for the records as some may have question on that one. You will 
only see the bug if the remote party use MD5 and have the ip tcp 
selective-ack enable in their configuration. The problem is that you 
don't know if they do or not. If you can't upgrade right away, one very 
easy work around if to simply have:


sysctl net.inet.tcp.sack=0

in your OpenBSD configuration until you have time to upgrade to 3.9.

Hope this help and clarify the issue a bit more. Not obvious and took me 
a long time to figure it out. Having dead peer, or worst main access is 
no fun. (:


Sorry for the somewhat short answer the first time around.

Daniel

Re: bioctl problem reporting hotspare status - ami0

[Marco Peereboom]

I am aware of this issue however I have not been able to duplicate it myself.

If anyone has seen this issue and is able to give me remote access to abox
please let me know.  I'll be needing serial and ssh access.  Also a source tree
local would help.

/marco

On Wed, Mar 29, 2006 at 11:59:33AM -0500, [EMAIL PROTECTED] wrote:
   I recently built a new system with an LSI Logic Megaraid 150-6 and 6
   Seagate drives.  I configured 5 drives in a RAID 5 configuration
   with the 6th as a hotspare.
 
   Initially, bioctl reported the RAID status correctly.  After I
   manually simulated failing a drive (shutdown and physically remove
   power from one drive), the Megaraid controller did as expected,
   ie. added the hotspare and started rebuilding the array.  I let the
   rebuild finish and again shutdown and re-powered the failed drive.
   At that point, I tried to use bioctl to change the status of the
   latter drive to Hotspare via bioctl -H 0:4 ami0.  The latter
   command apparently completes successfully; however, the status
   continues to show Unused.
 
 x2 506sudo bioctl -H 0:4 ami0
 x2 507sudo bioctl -h ami0
 Volume  Status Size   Device
  ami0 0 Online   3.9G sd0 RAID5
   0 Online  74.5G 0:0.0   noencl ST3808110AS 
 3.AA
   1 Online  74.5G 0:1.0   noencl ST3808110AS 
 3.AA
   2 Online  74.5G 0:2.0   noencl ST3808110AS 
 3.AA
   3 Online  74.5G 0:3.0   noencl ST3808110AS 
 3.AA
   4 Online  74.5G 0:5.0   noencl ST3808110AS 
 3.AA
  ami0 1 Online   294G sd1 RAID5
   0 Online  74.5G 0:0.0   noencl ST3808110AS 
 3.AA
   1 Online  74.5G 0:1.0   noencl ST3808110AS 
 3.AA
   2 Online  74.5G 0:2.0   noencl ST3808110AS 
 3.AA
   3 Online  74.5G 0:3.0   noencl ST3808110AS 
 3.AA
   4 Online  74.5G 0:5.0   noencl ST3808110AS 
 3.AA
  ami0 2 Unused  74.5G 0:4.0   noencl ST3808110AS 
 3.AA
 
   I have since used the Megaraid BIOS to change the status of 0:4 to
   Hotspare and observe that the BIOS does correctly reflect the
   hotspare status.  However, bioctl still reports it as Unused.
 
   I also tried bioctl -vDH 0:4 ami0 which didn't change the hotspare
   status but did produce the following:
 bioctl: cookie = 0x81bc2d40
 
   The Megaraid 150-6 does have the latest firmware.
 
 
 OpenBSD 3.9-current (GENERIC.MP) #759: Mon Mar 27 04:29:19 MST 2006
 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 1073016832 (1047868K)
 avail mem = 908169216 (886884K)
 using 22937 buffers containing 107507712 bytes (104988K) of memory
 mainbus0 (root)
 mainbus0: Intel MP Specification (Version 1.1) (ASUSTeK  )
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2002.84 MHz
 cpu0: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
 cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
 64b/line 16-way L2 cache
 cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
 cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
 cpu0: apic clock running at 200MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2002.56 MHz
 cpu1: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
 cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
 64b/line 16-way L2 cache
 cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
 cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
 mpbios: bus 0 is type PCI   
 mpbios: bus 1 is type PCI   
 mpbios: bus 2 is type ISA   
 ioapic0 at mainbus0 apid 2 pa 0xfec0, version 3, 24 pins
 pci0 at mainbus0 bus 0: configuration mode 1
 pchb0 at pci0 dev 0 function 0 VIA K8HTB Host rev 0x00
 pchb1 at pci0 dev 0 function 1 VIA K8HTB Host rev 0x00
 pchb2 at pci0 dev 0 function 2 VIA K8HTB Host rev 0x00
 pchb3 at pci0 dev 0 function 3 VIA K8HTB Host rev 0x00
 pchb4 at pci0 dev 0 function 4 VIA K8HTB Host rev 0x00
 pchb5 at pci0 dev 0 function 7 VIA K8HTB Host rev 0x00
 ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00
 pci1 at ppb0 bus 1
 vga1 at pci1 dev 0 function 0 ATI Radeon 9200 PRO rev 0x01
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 ATI Radeon 9200 PRO Sec rev 0x01 at pci1 dev 0 function 1 not configured
 skc0 at pci0 dev 10 function 0 Marvell Yukon 88E8001/8003/8010 rev 0x13, 
 Marvell Yukon Lite (0x9): apic 2 int 17 (irq 10)
 sk0 at skc0 

Re: LSI Raid Card

[Marco Peereboom]

 On 29 Mar 2006, at 18:03, Marco Peereboom wrote:
  You show me a SATA drive that has an LED first :-)
 
 Fair point.  The caddy does claim to have a light, but if bioctl only
 talks to SAFTE enclosures and backplanes for this sort of thing, it's
 not usable for this purpose.

To save cost SATA HDD vendors pulled the activity LED.  So whatever LED you
have wasn't put on there by the HDD vendor.

State of SAN

[Michael Favinsky]

I'm trying to get a feel for what the state of attaching an OpenBSD server
to a SAN is. I've looked at the i386 hardware support page as well as some
manpages and all I can find is somewhat old supported HBAs.

Is anyone on the list running OpenBSD SAN-attached, either via FiberChannel
or iSCSI? If so, can you give me some info on what HBAs you're using?

If you were to buy an HBA for an OpenBSD box today which HBA would you
recommend?

Re: Problems with X in OpenBSD (3.9) -current with LCD WideScreen Monitor

[Nick Holland]

Francisco Valladolid wrote:

Hi folks.

Recently I bougth a new LCD display, it is a ViewSonic 19 WideScreen, i
have proble with xorg in -current, for correct display mode only 1024x768 is
displayed.

The X windows is so wrong.

Some have some tips about the X under xorg.

This monitor work fine in other OS running xfree86.


Unfortunately, you have provided no hard information, so you will get no 
hard answers.


In short, however, you need to hand-tweak your /etc/X11/xorg.conf file, 
apparently.


Under 'Section Monitor', make sure you have accurate HorizSync and 
VertRefresh lines.


Under 'Section Screen', add/alter a couple lines:
Default Depth 24
and under 'SubSection Display' add:
Modes 1280x1024
(correct the Depth and Modes to the values you want, of course).

You may be in business.
You may not be, if your video card or X driver is incapable of driving 
your monitor at the desired depth and resolution, or if there is some 
other quirk in your hardware we can't see.  Or if I'm forgetting 
something, which is possible. :)


You can also try to use DDC, apparently it was default for 3.8, now for 
3.9, DDC is disabled by default, and I'm glad (worked great when it 
worked, sucked big time when it didn't).


Nick.

Re: State of SAN

[Michael Favinsky]

Thanks.

Exactly what I needed. 

-Original Message-
From: Jason Dixon [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, March 29, 2006 3:03 PM
To: Michael Favinsky
Cc: misc@openbsd.org
Subject: Re: State of SAN

On Mar 29, 2006, at 5:27 PM, Michael Favinsky wrote:

 I'm trying to get a feel for what the state of attaching an OpenBSD 
 server to a SAN is. I've looked at the i386 hardware support page as 
 well as some manpages and all I can find is somewhat old supported 
 HBAs.

 Is anyone on the list running OpenBSD SAN-attached, either via 
 FiberChannel or iSCSI? If so, can you give me some info on what HBAs 
 you're using?

 If you were to buy an HBA for an OpenBSD box today which HBA would you 
 recommend?

http://marc.theaimsgroup.com/?l=openbsd-miscm=112977951023494w=2

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net





This message may contain information that is privileged, confidential and
exempt from disclosure under applicable law. If you are not the intended
recipient of this message you may not store, disclose, copy, forward,
distribute or use this message or its contents for any purpose. If you have
received this communication in error, please notify us immediately by return
e-mail and delete the original message and any attachments from your e-mail
system. Thank you.

Re: some crashes with VIA VT-310DP (npxdna_xmm(d06e7660) at npxdna_xmm+0x71)

[jared r r spiegel]

On Mon, Mar 27, 2006 at 03:11:49PM -0500, jared r r spiegel wrote:

   i forgot 'show panic' and 'show registers' these three times.

ddb{0} show panic
the kernel did not panic
ddb{0} show registers
ds  0x10
es  0x10
fs  0x58
gs  0x10
edi   0xd06e7660cpu_info_primary
esi 0x20
ebp   0xe7d2be68
ebx0
edx  0x2
ecx0
eax0
eip   0xd0491475npxdna_xmm+0x71
cs   0x8
eflags   0x10246
esp   0xe7d2be40
ss0xe7d20010
npxdna_xmm+0x71:movl0x12c(%ebx),%eax
ddb{0} trace
npxdna_xmm(d06e7660) at npxdna_xmm+0x71
Xdna(d0657b2c,e7d2bef8,d02537f7,2000,0) at Xdna+0x39
softclock(0,58,10,10,10) at softclock+0x22c
Xintrsoftclock() at Xintrsoftclock+0x56
--- interrupt ---
Xdoreti() at Xdoreti+0x23
--- interrupt ---
apm_cpu_idle(0,0,0,0,0) at apm_cpu_idle+0x4a

  have the machine running on uniprocessor kernel
  now and it's been stable for past 2 days ( previous
  max uptime on .mp was always  1d )

  we're looking at moving it to 3.9, but trying to root
  around cvs{@,web} to see if we can find a commit that
  smells like it might be a fixing winner before going
  back to an MP kernel again.

-- 

  jared

[ openbsd 3.9-current GENERIC ( mar 15 ) // i386 ]

Castiga un Sony PSP!!!

[Cubed Games]

Intra in concurs pentru un Sony PSP! Tot ce trebuie sa faci este sa te joci cat 
mai mult! Alege din peste 500 jocuri online gratuite Flash si Shockwave!!!

http://games.cubed.ro/