ssh login screen blank problem

[Denny White]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Running OpenBSD 3.9 on 2 boxes & winxp on the other box.
I can ssh from the windows box to either obsd box okay.
I can ssh from either one of the obsd boxes to the other
okay. I can ssh from either obsd box to the windows box
okay while in xwindows from xterm. But, when I try to ssh
in from either obsd box to the windows box from a regular
terminal window, I get in, but after that, the screen is
blank. Only way to get the terminal window back is to exit
all the way out, not just from the ssh login to windows
box, but all the way out, and then log back on to the obsd
box. I've googled for hours, read up on ttys & cygwin, and
am coming up blank. Just trying to find out if anyone else
has encountered this problem & what they did to solve it.
Had another box running FreeBSD 5.4 with identical ttys set
up and was able to login to the windows box from a terminal
window okay. Thanks for any help.

Denny White

GnuPG key  : 0x1644E79A  |  http://wwwkeys.nl.pgp.net
Fingerprint: D0A9 AD44 1F10 E09E 0E67  EC25 CB44 F2E5 1644 E79A
iD8DBQFEoLyRy0Ty5RZE55oRAm2iAKC6z4on6gGtlgirbtaQm0vobiu2BwCfd1Hk
8lbEl0/yD+CzloeLfuo+fCg=
=HFAf
-END PGP SIGNATURE-

Re: pf firewall - how to allow emails with big attachments ?

[Didier Wiroth]

See "packet logging through syslog": http://www.openbsd.org/faq/pf/logging.html

Regards
- -
Didier Wiroth  

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> On Behalf Of Ajith Kumar
> Sent: 27 June 2006 07:47
> To: NetNeanderthal; misc@openbsd.org
> Subject: Re: pf firewall - how to allow emails with big attachments ?
> 
> >>>PF does not regulate the size of eMails.  Did you see an entry in 
> >>>your PF log about a blocked eMail attachment?  I seroiusly 
> doubt it.
> 
> I am seeing the logs using tcpdump output.How can I see the 
> logs in text format ?
> Now i had opened all out going trafic from inside network to 
> mail server and made that entry in the starting of 
> pf.conf.Everything is working fine now.
> 
> 
> 
> 
> 
> "SASKEN RATED Among THE Top 3 BEST COMPANIES TO WORK FOR IN 
> INDIA - SURVEY 2005 conducted by the BUSINESS TODAY - Mercer 
> - TNS India"
> 
>SASKEN BUSINESS DISCLAIMER This 
> message may contain confidential, proprietary or legally 
> Privileged information. In case you are not the original 
> intended Recipient of the message, you must not, directly or 
> indirectly, use, Disclose, distribute, print, or copy any 
> part of this message and you are requested to delete it and 
> inform the sender. Any views expressed in this message are 
> those of the individual sender unless otherwise stated. 
> Nothing contained in this message shall be construed as an 
> offer or acceptance of any offer by Sasken Communication 
> Technologies Limited ("Sasken") unless sent with that express 
> intent and with due authority of Sasken. Sasken has taken 
> enough precautions to prevent the spread of viruses. However 
> the company accepts no liability for any damage caused by any 
> virus transmitted by this email

Change MTU size TCP/IP Packets for 'black hole routers' within B SD 3.8 possible ?

[forums]

> Hello,
> 
> I use BSD3.8 to connect some sites with a VPN tunnel (using the wonderful
> 'ipsecctl' ). 
> 
> The connections are (more or less) stable, but I have some issues making
> RDP (Remote Desktop from Micro$oft) connections. It tells me it cannot
> connect to
> the remote server (but the ping towards those servers works fine, so its
> reachable). 
> Sometimes it works fine for hours and then, suddenly, the connection (RDP
> protocol only, its not the tunnel for sure) is broken.
> 
> According to a MS note (314825 : http://support.microsoft.com/kb/314825
>   ) this could be a "Black Hole
> Router Issue" and I should try to set the MTU (Maximum Transmission Unit)
> lower (the ping with a packet/framesize from 1472 indeed fails over this
> line). A packetsize from around 1300 works ok.
> 
> Is there a way to set the MTU size (on the outgoing nic or perhaps the
> enc0 virtual nic) within BSD?  
> The solution MS offers is to set the MTU on al PC's, but that would be a
> lot of work and if its possible on the BSD box, it's active for all in one
> go.
> 
> any help would greatly be appreciated :-)
> 
> regards
> Willem

Re: CARP + OpenBGPd, fail-over

[Thomas Bader]

Henning Brauer schrieb:
> * Thomas Bader <[EMAIL PROTECTED]> [2006-06-14 09:02]:
>> In one case the fail-over does not work well: If the
>> BGP-peering on r0a to the upstream goes down all traffic
>> will be routed from r0a via $pfsync_if to r0b
> 
> yhis case requires bgpd to actively take influence on teh carp state.
> 
> now, lucky you, I have a diff for current doing exactly that :)
> you need -current from after the hackathon, as this needs the carp 
> group demotion stuff.

Oh, that sounds fine, thank you. I will surely test that out in my
testing environment.

Can you estimate when this patch will be integrated into -stable?

> also, as for everybody successfully using openbgpd, we welcome 
> testimonials for http://www.openbgpd.org/users.html :)

OK, I'll look what I can do about that :)

> this, btw, is likely because of tcp window scaling, and one of the 
> machines not seeing all packets for that tcp connection, thus not 
> sclaing the window, thus dropping packets because of seuqence numbers
>  seemingly out of the window. pfsync cannot keep up fast enough -
> it's not made for that (it is "best effort" anyway), and I doubt it
> can be made to deal with a situation like thsi properly without
> significant drawbacks.

So, apparently, the main difference I was looking for between having PF
enabled and disabled is state tracking.

Regards, Thomas.

Re: ssh login screen blank problem

[Stuart Henderson]

On 2006/06/27 00:05, Denny White wrote:
> But, when I try to ssh in from either obsd box to the windows
> box from a regular terminal window, I get in, but after that,
> the screen is blank.

Not an OpenBSD issue... change the default prompt on the cygwin box
for something more sensible without escape-sequences (theirs is kept
in /etc/profile, just override it in your ~).

> Only way to get the terminal window back is to exit
> all the way out, not just from the ssh login to windows
> box, but all the way out, and then log back on to the obsd
> box.

That resets the terminal which clears the problem.
Try "printf '\ec'", which should do about the same thing.
If you do this from the cygwin session it'll probably send
the same escape-sequence and confuse things again.

> Had another box running FreeBSD 5.4 with identical ttys set
> up and was able to login to the windows box from a terminal
> window okay. Thanks for any help.

FreeBSD != OpenBSD. Unlike different Linux distributions,
they are totally different OS. In particular (in this case),
the tty emulation is provided by different software.

Re: Opinion of MySQL 5.xx on OpenBSD 3.9...

[Marian Hettwer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hej Daniel,

Daniel Ouellet wrote:
> Marian Hettwer wrote:
> 
>> I'd love to have the time to give OpenBSD a chance on our production
>> system. Seems unlikely, since we're running Linux only :(



> 
> Really, a coffee break I tell you. That's all you need. The compare this
> with Fedora setup time on your Linux for fun. (:>
> 
I do know how fast and easy it is to setup an OpenBSD box ;-)
I just said, that I won't be allowed to deploy OpenBSD for our database
servers.
Besides, if you have 1000 servers (300 of 'em being MySQL boxes) then
you do want something like kickstart, jumpstart, FAI, whatever.
In our case, we're using FAI (Fully Automated Installer) which is based
on and for Debian.

It may be a coffee break to install one OpenBSD box and it may be just
two coffee breaks to install two OpenBSD boxes, but you can't install
the manual way 1000 servers with different purposes / configurations /
packages.

I do know, that some others did already some work in regards to auto
deploying OpenBSD boxes. However, it's nowhere near the functionality of
FAI.

Different topic, though ;)

./Marian
iD8DBQFEoQI6gAq87Uq5FMsRAjpAAKCsRIZ41EF0cS/3g/QRfCteAjsbCgCgqx/l
550x9GEAqa4RkCCjmm4fUMc=
=bFg8
-END PGP SIGNATURE-

Re: question about mount command

[pk.ra]

It is useful option, but this option doesn't help. For example:

I have MSDOS partition and files on this partition with names in 866
codepage, but for current console I load font in koi8-r codepage :(

And what am I due to do with name of files in X system?

2006/6/24, Stuart Henderson <[EMAIL PROTECTED]>:
>
> > >and one partition for OpenBSD. There are files with name on other
> languages
> > >on my MSDOS partitions. How can I mount these partitions with correct
> names
> > >of files? When I try to mount these partitions with the following
> command:
> > >
> > >mount /dev/wd0i /mnt/C
> > >
> > >all files on others languages appears as "??".
>
> ls(8):
>
>  -q  Force printing of non-graphic characters in file names as the
>  character `?'; this is the default when output is to a
> terminal.

Re: pf woes

[Peter N. M. Hansteen]

"Matt Singerman" <[EMAIL PROTECTED]> writes:

> pf starts without any errors, but connections simply won't go through.
>  Any ideas?

It's really a bit hard to tell from the tiny fragment you posted, but
I suspect you are reading too much into the 'in' and 'to' keywords,
possibly while trying to micro-manage where the filtering should take
place.

I've tried to explain this in my pf tutorial, see
http://www.bgnett.no/~peter/pf/en/basicgw.html

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds

Re: starting Apache in SSL mode

[FTP]

On Mon, Jun 26, 2006 at 09:22:27AM -0700, Smith wrote:
> FTP wrote:
> >Hi there,
> >
> >I was trying to start Apache in SSL mode and I did follow the 
> >http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued 
> >"apachectl startssl" and everything went fine.
> >
> >Now, when I point to the https:// from my server I get an 
> >"unable to connect error"!
> >
> >What did I do wrong?
> >
> >In the ssl_engine_log I get: "Configuring server new.host.name:443 for SSL 
> >protocol". This server has no domain assigned. Did I do something wrong in 
> >the certs?
> >
> >Thanks
> >
> >George
> >
> >
> >  
> One time I had a problem where in /etc/rc.conf.local I put 
> httpd_flags="-D" and the service would not start.  So I did 
> httpd_flags=-D and it worked fine.  The point being I just removed the 
> quotes.  I don't know if this will help you but maybe.
>

well, I start this from cmd ("apachectl startssl") and don't get any problems 
with that. Also, http to my IP address works fine. Only when I issue https do I 
get an error!

Re: starting Apache in SSL mode

[FTP]

On Mon, Jun 26, 2006 at 08:30:29AM -0700, Scott Francis wrote:
> On 6/26/06, FTP <[EMAIL PROTECTED]> wrote:
> >Hi there,
> >
> >I was trying to start Apache in SSL mode and I did follow the 
> >http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued 
> >"apachectl startssl" and everything went fine.
> >
> >Now, when I point to the https:// from my server I get an 
> >"unable to connect error"!
> >
> >What did I do wrong?
> >
> >In the ssl_engine_log I get: "Configuring server new.host.name:443 for SSL 
> >protocol". This server has no domain assigned. Did I do something wrong in 
> >the certs?
> 
> no, but you probably neglected to edit /var/www/conf/httpd.conf
> appropriately (ServerName and NameVirtualHost come to mind, as well as
> the appropriate name-specific parts of the SSL config in the same
> file). ssl_engine_log probably won't give you the info you need here;
> take a look at your access_log and error_log.
> -- 
> [EMAIL PROTECTED],darkuncle.net} || 0x5537F527
>encrypted email to the latter address please
>http://darkuncle.net/pubkey.asc for public key
>

Thanks for your reply.

Well, the error_log doesn't get any message. Also, the regular http does show 
the web page without having the IP address in the http.conf file. Why doesn't 
this work with SSL as well?
Certs etc. are in the correct path.

Thanks

George

Re: Dump question...

[Joachim Schipper]

On Mon, Jun 26, 2006 at 03:56:53PM -0600, Jeff Ross wrote:
> Can someone please point me in the right direction (with a clue by four) 
> on how to do this?
> 
> (from the dump manpage)
> 
> If dump receives a SIGINFO signal (see the ``status'' argument of
> stty(1)) whilst a backup is in progress, statistics on the amount com-
> pleted, current transfer rate, and estimated finished time, will be writ-
> ten to the standard error output.
> 
> Here's what I'm trying to do.
> 
> I have about 30GB of compressed windows crap from the samba server that I 
> need to backup.  Until I can get the users here to clean some of this 
> cruft out, I'm doing level 0 dumps daily.  This needs two DDS-4 tapes. If 
> I cron this, the job always fails because there is no one here to change 
> the tape in the wee hours of the morning.
> 
> I can start the job during the day from a console, and when I do, I have 
> to sort of monitor it to see when the first tape has been filled.  When 
> dump hits the end of the tape, it will wait until it gets a "yes" or "no" 
> answer to the question about whether or not volume 2 is mounted.  I can't 
> just hit the eject button on the tape drive, though, I have to switch to 
> another console, sudo mt rewind, and an eject /de/st0, then load the 
> second tape, and switch back to the console with the job and enter "yes".

sudo mt rewoffl should suffice and is shorter, but that's beside the
point.

> I know there are improvements to this most primitive setup.  I could do a 
> level 0 and then daily level 1s and then the full dump should easily fit 
> on one tape.  But the base level is changing pretty rapidly, so if 
> possible, I'd like to stick to level 0s and write a shell script that can 
> monitor dump's progress.  If it's possible to determine from the SIGINFO 
> information that dump is waiting for a tape, I'l like to be able to issue 
> the rewind and eject commands, and when that's done shoot an e-mail to me 
> to remind to change the tape.
> 
> And there I'm stuck.  So, just how the heck do I get that SIGINFO 
> information from dump?

I'd just listen on stdout. I haven't tested this, but how about a simple
shell/Perl/... script that waits for a line matching, say, /new tape/?
It can then run some commands, like the above.

Joachim

Re: CARP + OpenBGPd, fail-over

[Joachim Schipper]

On Tue, Jun 27, 2006 at 10:44:20AM +0200, Thomas Bader wrote:
> Henning Brauer schrieb:
> > * Thomas Bader <[EMAIL PROTECTED]> [2006-06-14 09:02]:
> >> In one case the fail-over does not work well: If the
> >> BGP-peering on r0a to the upstream goes down all traffic
> >> will be routed from r0a via $pfsync_if to r0b
> > 
> > yhis case requires bgpd to actively take influence on teh carp state.
> > 
> > now, lucky you, I have a diff for current doing exactly that :)
> > you need -current from after the hackathon, as this needs the carp 
> > group demotion stuff.
> 
> Oh, that sounds fine, thank you. I will surely test that out in my
> testing environment.
> 
> Can you estimate when this patch will be integrated into -stable?

Almost certainly never; -stable doesn't get new features. Run -current,
or wait for 4.0.

Joachim

Re: Change MTU size TCP/IP Packets for 'black hole routers' within B SD 3.8 possible ?

[Joachim Schipper]

On Tue, Jun 27, 2006 at 09:52:02AM +0200, forums wrote:
> > Hello,
> > 
> > I use BSD3.8 to connect some sites with a VPN tunnel (using the wonderful
> > 'ipsecctl' ). 
> > 
> > The connections are (more or less) stable, but I have some issues making
> > RDP (Remote Desktop from Micro$oft) connections. It tells me it cannot
> > connect to
> > the remote server (but the ping towards those servers works fine, so its
> > reachable). 
> > Sometimes it works fine for hours and then, suddenly, the connection (RDP
> > protocol only, its not the tunnel for sure) is broken.
> > 
> > According to a MS note (314825 : http://support.microsoft.com/kb/314825
> >   ) this could be a "Black Hole
> > Router Issue" and I should try to set the MTU (Maximum Transmission Unit)
> > lower (the ping with a packet/framesize from 1472 indeed fails over this
> > line). A packetsize from around 1300 works ok.
> > 
> > Is there a way to set the MTU size (on the outgoing nic or perhaps the
> > enc0 virtual nic) within BSD?  
> > The solution MS offers is to set the MTU on al PC's, but that would be a
> > lot of work and if its possible on the BSD box, it's active for all in one
> > go.

Yes, use ifconfig(8), pf(4) (see pf.conf(5), scrub), or probably any of
the umpteen different solutions.

BTW, to check if this is really an MTU issue, use longer ping packets -
see ping(8), -s.

Joachim

Re: starting Apache in SSL mode

[FTP]

On Tue, Jun 27, 2006 at 09:03:08PM +0900, vladas wrote:
> On 27/06/06, FTP <[EMAIL PROTECTED]> wrote:
> >Thanks for your reply.
> >
> >Well, the error_log doesn't get any message. Also, the regular http does 
> >show the web page without having the IP address in the http.conf file. Why 
> >doesn't this work with SSL as well?
> >Certs etc. are in the correct path.
> 
> 
> Apache uses virtual host for SSL traffic that allows the SSL host to
> have different configuration settings to the main web server.
> 
> Of course, OpenSSL docs could explain much more.
> 
> 
> >Thanks
> >
> >George
> >
> >

does this mean that I have to go the 'virtual hosts' path?

Thanks

Re: starting Apache in SSL mode

[FTP]

On Tue, Jun 27, 2006 at 08:55:22PM +0900, vladas wrote:
> On 27/06/06, FTP <[EMAIL PROTECTED]> wrote:
> >On Mon, Jun 26, 2006 at 09:22:27AM -0700, Smith wrote:
> >> FTP wrote:
> >> >Hi there,
> >> >
> >> >I was trying to start Apache in SSL mode and I did follow the
> >> >http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued
> >> >"apachectl startssl" and everything went fine.
> >> >
> >> >Now, when I point to the https:// from my server I get an
> >> >"unable to connect error"!
> >> >
> >> >What did I do wrong?
> 
> Comment out the line
> ServerName new.host.name in your /var/www/conf/httpd.conf.

I did that but no luck. I also entered as "ServerName" the IP of the box but I 
still get an error when I issue https. As I mentioned, http works fine though!

> 
> >> >
> >> >In the ssl_engine_log I get: "Configuring server new.host.name:443 for 
> >SSL
> >> >protocol". This server has no domain assigned. Did I do something wrong 
> >in
> >> >the certs?
> >> >
> >> >Thanks
> >> >
> >> >George
> >> >
> >> >
> >> >
> >> One time I had a problem where in /etc/rc.conf.local I put
> >> httpd_flags="-D" and the service would not start.  So I did
> >> httpd_flags=-D and it worked fine.  The point being I just removed the
> >> quotes.  I don't know if this will help you but maybe.
> >>
> >
> >well, I start this from cmd ("apachectl startssl") and don't get any 
> >problems with that. Also, http to my IP address works fine. Only when I 
> >issue https do I get an error!

Re: starting Apache in SSL mode

[Peter Blair]

SSL certificates for a hostname requires a unique IP address.  Are you
trying to do virtual name hosting with https?

On 6/27/06, FTP <[EMAIL PROTECTED]> wrote:

On Mon, Jun 26, 2006 at 08:30:29AM -0700, Scott Francis wrote:
> On 6/26/06, FTP <[EMAIL PROTECTED]> wrote:
> >Hi there,
> >
> >I was trying to start Apache in SSL mode and I did follow the
> >http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued
> >"apachectl startssl" and everything went fine.
> >
> >Now, when I point to the https:// from my server I get an
> >"unable to connect error"!
> >
> >What did I do wrong?
> >
> >In the ssl_engine_log I get: "Configuring server new.host.name:443 for SSL
> >protocol". This server has no domain assigned. Did I do something wrong in
> >the certs?
>
> no, but you probably neglected to edit /var/www/conf/httpd.conf
> appropriately (ServerName and NameVirtualHost come to mind, as well as
> the appropriate name-specific parts of the SSL config in the same
> file). ssl_engine_log probably won't give you the info you need here;
> take a look at your access_log and error_log.
> --
> [EMAIL PROTECTED],darkuncle.net} || 0x5537F527
>encrypted email to the latter address please
>http://darkuncle.net/pubkey.asc for public key
>

Thanks for your reply.

Well, the error_log doesn't get any message. Also, the regular http does show 
the web page without having the IP address in the http.conf file. Why doesn't 
this work with SSL as well?
Certs etc. are in the correct path.

Thanks

George

Disk performance/benchmarking

[Gabriel George POPA]

   Hello all,

  Could someone tell me which is the most used disk-benchmarking 
solution for OpenBSD 3.8?
I'm running a small production server and I don't want to disrupt (too 
much) its activity. I would like
of course to perform non-destructive tests. I think there's somethink 
wrong with my disk/os performance
but I don't know where to start. I think a benchmark utility will be 
good (SMART neveals nothing).
  He he he. I think all people are concerned about OpenBSD performance 
these days...



Yours in BSDness,
   
Gabriel George POPA

Re: starting Apache in SSL mode

[FTP]

On Tue, Jun 27, 2006 at 08:49:37AM -0400, Peter Blair wrote:
> SSL certificates for a hostname requires a unique IP address.  Are you
> trying to do virtual name hosting with https?

no

> 
> On 6/27/06, FTP <[EMAIL PROTECTED]> wrote:
> >On Mon, Jun 26, 2006 at 08:30:29AM -0700, Scott Francis wrote:
> >> On 6/26/06, FTP <[EMAIL PROTECTED]> wrote:
> >> >Hi there,
> >> >
> >> >I was trying to start Apache in SSL mode and I did follow the
> >> >http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued
> >> >"apachectl startssl" and everything went fine.
> >> >
> >> >Now, when I point to the https:// from my server I get an
> >> >"unable to connect error"!
> >> >
> >> >What did I do wrong?
> >> >
> >> >In the ssl_engine_log I get: "Configuring server new.host.name:443 for 
> >SSL
> >> >protocol". This server has no domain assigned. Did I do something wrong 
> >in
> >> >the certs?
> >>
> >> no, but you probably neglected to edit /var/www/conf/httpd.conf
> >> appropriately (ServerName and NameVirtualHost come to mind, as well as
> >> the appropriate name-specific parts of the SSL config in the same
> >> file). ssl_engine_log probably won't give you the info you need here;
> >> take a look at your access_log and error_log.
> >> --
> >> [EMAIL PROTECTED],darkuncle.net} || 0x5537F527
> >>encrypted email to the latter address please
> >>http://darkuncle.net/pubkey.asc for public key
> >>
> >
> >Thanks for your reply.
> >
> >Well, the error_log doesn't get any message. Also, the regular http does 
> >show the web page without having the IP address in the http.conf file. Why 
> >doesn't this work with SSL as well?
> >Certs etc. are in the correct path.
> >
> >Thanks
> >
> >George

Re: Disk performance/benchmarking

[Sean Cody]

If it is doing anything but the benchmark the results will be useless  
but you probably already know that.


Assuming the machine is completely idle with no services currently  
running (other than the one used to log in) then just try a bunch of  
test cases for the usage pattern you expect to see (or want to use)  
and interpret the numbers accordingly.  Reducing the variables that  
interact with what you are metering is the first step.


If you want a 'generic' (ie. not real usage) benchmark then try the  
iogen port.


But with any benchmarks don't put a lot of trust in the numbers  
especially if you only run one test set.
Run a bunch and pull out that old Stats 1 text and take the results  
with a big huge grain of salt and realize you are not benchmarking  
OpenBSD you are benching your hardware and configuration.


http://www.openbsd.org/cgi-bin/cvsweb/ports/sysutils/iogen/pkg/DESCR? 
rev=1.2&content-type=text/x-cvsweb-markup
"iogen is an i/o generator.  It forks child processes that each run a  
mix of
reads and writes.  The idea is to generate heavily fragmented files  
to make the

hardware suffer as much as possible.  This tool has been used to test
filesystems, drivers, firmware and hardware devices.  It is by no  
means meant
as a performance measuring tool since it tries to recreate the worst  
case

scenario i/o."

You may already have considered all of the above but included in case  
others on the list have not.


On 27-Jun-06, at 7:57 AM, Gabriel George POPA wrote:


  Could someone tell me which is the most used disk-benchmarking  
solution for OpenBSD 3.8?
I'm running a small production server and I don't want to disrupt  
(too much) its activity. I would like
of course to perform non-destructive tests. I think there's  
somethink wrong with my disk/os performance
but I don't know where to start. I think a benchmark utility will  
be good (SMART neveals nothing).
  He he he. I think all people are concerned about OpenBSD  
performance these days...


--
Sean

Re: ssh login screen blank problem

[Jeff Quast]

On 6/27/06, Denny White <[EMAIL PROTECTED]> wrote:
[snip]

okay while in xwindows from xterm. But, when I try to ssh
in from either obsd box to the windows box from a regular
terminal window, I get in, but after that, the screen is
blank. Only way to get the terminal window back is to exit

[snip]

am coming up blank. Just trying to find out if anyone else
has encountered this problem & what they did to solve it.


I have this problem with a freebsd shell provider.

I fixed it intermidently by starting screen before sshing out.
This filters out the garbage they output to my display.
Explicitly exporting TERM as vt220 or wsvt25 before you
ssh to the box may help as well. It didn't for me.

My best guess is the cgywin box has one of those
super-cool-eleet colored bash prompts.
touch ~/.hushlogin and set PS1=$ in the winbox .profile.

Setting PS1=$ and .hushlogin did not work for me, I requested
the shell provider to add an if statement in the global
profile to honor .hushlogin before printing out the stupid ansi colored
news/motd/whatever it was they were doing.


Had another box running FreeBSD 5.4 with identical ttys set
up and was able to login to the windows box from a terminal
window okay. Thanks for any help.

As Stuart pointed out, the term code is different.


Denny White

jdq

Atheros AR2413A

[FabioFVZ]

Hello,
this chipset is compatible with OpenBSD (-current)
TNX
-- 
fabioFVZ

Re: starting Apache in SSL mode

[FTP]

On Tue, Jun 27, 2006 at 08:49:37AM -0400, Peter Blair wrote:
> SSL certificates for a hostname requires a unique IP address.  Are you
> trying to do virtual name hosting with https?
> 
> On 6/27/06, FTP <[EMAIL PROTECTED]> wrote:
> >On Mon, Jun 26, 2006 at 08:30:29AM -0700, Scott Francis wrote:
> >> On 6/26/06, FTP <[EMAIL PROTECTED]> wrote:
> >> >Hi there,
> >> >
> >> >I was trying to start Apache in SSL mode and I did follow the
> >> >http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued
> >> >"apachectl startssl" and everything went fine.
> >> >
> >> >Now, when I point to the https:// from my server I get an
> >> >"unable to connect error"!
> >> >
> >> >What did I do wrong?
> >> >
> >> >In the ssl_engine_log I get: "Configuring server new.host.name:443 for 
> >SSL
> >> >protocol". This server has no domain assigned. Did I do something wrong 
> >in
> >> >the certs?
> >>
> >> no, but you probably neglected to edit /var/www/conf/httpd.conf
> >> appropriately (ServerName and NameVirtualHost come to mind, as well as
> >> the appropriate name-specific parts of the SSL config in the same
> >> file). ssl_engine_log probably won't give you the info you need here;
> >> take a look at your access_log and error_log.
> >> --
> >> [EMAIL PROTECTED],darkuncle.net} || 0x5537F527
> >>encrypted email to the latter address please
> >>http://darkuncle.net/pubkey.asc for public key
> >>
> >
> >Thanks for your reply.
> >
> >Well, the error_log doesn't get any message. Also, the regular http does 
> >show the web page without having the IP address in the http.conf file. Why 
> >doesn't this work with SSL as well?
> >Certs etc. are in the correct path.
> >
> >Thanks
> >
> >George
> >
> >

the weird thing is that I don't anything in the logs! No errors - nothing!

Re: Disk performance/benchmarking

[Gabriel George POPA]

I was mainly wanting to see a rough estimation of disk throughput 
(MB/sec). And now I am interested to see
if packets get lost over my wide LAN here (I think a switch is 
deffective, but I don't know what). What should I do?



Sean Cody wrote:

If it is doing anything but the benchmark the results will be useless  
but you probably already know that.


Assuming the machine is completely idle with no services currently  
running (other than the one used to log in) then just try a bunch of  
test cases for the usage pattern you expect to see (or want to use)  
and interpret the numbers accordingly.  Reducing the variables that  
interact with what you are metering is the first step.


If you want a 'generic' (ie. not real usage) benchmark then try the  
iogen port.


But with any benchmarks don't put a lot of trust in the numbers  
especially if you only run one test set.
Run a bunch and pull out that old Stats 1 text and take the results  
with a big huge grain of salt and realize you are not benchmarking  
OpenBSD you are benching your hardware and configuration.


http://www.openbsd.org/cgi-bin/cvsweb/ports/sysutils/iogen/pkg/DESCR? 
rev=1.2&content-type=text/x-cvsweb-markup
"iogen is an i/o generator.  It forks child processes that each run a  
mix of
reads and writes.  The idea is to generate heavily fragmented files  
to make the

hardware suffer as much as possible.  This tool has been used to test
filesystems, drivers, firmware and hardware devices.  It is by no  
means meant
as a performance measuring tool since it tries to recreate the worst  
case

scenario i/o."



You may already have considered all of the above but included in case  
others on the list have not.


On 27-Jun-06, at 7:57 AM, Gabriel George POPA wrote:



  Could someone tell me which is the most used disk-benchmarking  
solution for OpenBSD 3.8?
I'm running a small production server and I don't want to disrupt  
(too much) its activity. I would like
of course to perform non-destructive tests. I think there's  
somethink wrong with my disk/os performance
but I don't know where to start. I think a benchmark utility will  be 
good (SMART neveals nothing).
  He he he. I think all people are concerned about OpenBSD  
performance these days...

Re: Disk performance/benchmarking

[Sean Cody]

dd(1) and iogen should give you said rough estimation.

As for transmission issues.
First take a look on either side for network 'errors'..
$ netstat -I hme0
NameMtu   Network Address  Ipkts IerrsOpkts  
Oerrs Colls
hme0150008:00:20:c2:5f:f0  1498294 0
74211510 99837


Ierrs and Oerrs should be really low.
Colls are collissions.

If files get corrupted over the wire make a test file and hash [md5 
(1)] it before transfer on test machine and after it has been  
transfered hash it on the target machine.

That will determine if the file corruption happened during transit.

For packet loss... ping the target machine then generate a lot of  
traffic to it (tcpblast, dd+netcat, etc.).
Then stop ping and the stats at the end will give you the relative  
packet loss (to ping).

Change target machine's switch port and try again.
Change testing machine's switch port and try again.
Try a different switch.

On 27-Jun-06, at 8:53 AM, Gabriel George POPA wrote:

I was mainly wanting to see a rough estimation of disk throughput  
(MB/sec). And now I am interested to see
if packets get lost over my wide LAN here (I think a switch is  
deffective, but I don't know what). What should I do?




--
Sean

Re: Disk performance/benchmarking

[Gabriel George POPA]

   Thank you very much. That's what I was looking for. 
Unfortunately at this time I have no
phisical access to some switches here (they are locked in two offices 
and I don't have the key)...




Sean Cody wrote:


dd(1) and iogen should give you said rough estimation.

As for transmission issues.
First take a look on either side for network 'errors'..
$ netstat -I hme0
NameMtu   Network Address  Ipkts IerrsOpkts  
Oerrs Colls
hme0150008:00:20:c2:5f:f0  1498294 0
74211510 99837


Ierrs and Oerrs should be really low.
Colls are collissions.

If files get corrupted over the wire make a test file and hash [md5 
(1)] it before transfer on test machine and after it has been  
transfered hash it on the target machine.

That will determine if the file corruption happened during transit.

For packet loss... ping the target machine then generate a lot of  
traffic to it (tcpblast, dd+netcat, etc.).
Then stop ping and the stats at the end will give you the relative  
packet loss (to ping).

Change target machine's switch port and try again.
Change testing machine's switch port and try again.
Try a different switch.

On 27-Jun-06, at 8:53 AM, Gabriel George POPA wrote:

I was mainly wanting to see a rough estimation of disk throughput  
(MB/sec). And now I am interested to see
if packets get lost over my wide LAN here (I think a switch is  
deffective, but I don't know what). What should I do?

Re: starting Apache in SSL mode

[FTP]

On Tue, Jun 27, 2006 at 03:55:16PM +0200, FTP wrote:
> On Tue, Jun 27, 2006 at 08:49:37AM -0400, Peter Blair wrote:
> > SSL certificates for a hostname requires a unique IP address.  Are you
> > trying to do virtual name hosting with https?
> > 
> > On 6/27/06, FTP <[EMAIL PROTECTED]> wrote:
> > >On Mon, Jun 26, 2006 at 08:30:29AM -0700, Scott Francis wrote:
> > >> On 6/26/06, FTP <[EMAIL PROTECTED]> wrote:
> > >> >Hi there,
> > >> >
> > >> >I was trying to start Apache in SSL mode and I did follow the
> > >> >http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued
> > >> >"apachectl startssl" and everything went fine.
> > >> >
> > >> >Now, when I point to the https:// from my server I get an
> > >> >"unable to connect error"!
> > >> >
> > >> >What did I do wrong?
> > >> >
> > >> >In the ssl_engine_log I get: "Configuring server new.host.name:443 for 
> > >SSL
> > >> >protocol". This server has no domain assigned. Did I do something wrong 
> > >in
> > >> >the certs?
> > >>
> > >> no, but you probably neglected to edit /var/www/conf/httpd.conf
> > >> appropriately (ServerName and NameVirtualHost come to mind, as well as
> > >> the appropriate name-specific parts of the SSL config in the same
> > >> file). ssl_engine_log probably won't give you the info you need here;
> > >> take a look at your access_log and error_log.
> > >> --
> > >> [EMAIL PROTECTED],darkuncle.net} || 0x5537F527
> > >>encrypted email to the latter address please
> > >>http://darkuncle.net/pubkey.asc for public key
> > >>
> > >
> > >Thanks for your reply.
> > >
> > >Well, the error_log doesn't get any message. Also, the regular http does 
> > >show the web page without having the IP address in the http.conf file. Why 
> > >doesn't this work with SSL as well?
> > >Certs etc. are in the correct path.
> > >
> > >Thanks
> > >
> > >George
> > >
> > >
> 
> the weird thing is that I don't anything in the logs! No errors - nothing!
>

some more ifo:

when trying curl https://localhost I get the follwing:

curl: (60) Failed to connect to ::1: Connection refused
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
  bundle is named curl-ca-bundle.crt; you can specify an alternate file
   using the --cacert option.
   If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
  not match the domain name in the URL).
  If you'd like to turn off curl's verification of the certificate, use
   the -k (or --insecure) option.

if I issue curl -k https://localhost instead, I do get the page. Could it be 
due to the self-signed cert?

Thanks George

Re: starting Apache in SSL mode

[FTP]

On Tue, Jun 27, 2006 at 04:34:19PM +0200, FTP wrote:
> On Tue, Jun 27, 2006 at 03:55:16PM +0200, FTP wrote:
> > On Tue, Jun 27, 2006 at 08:49:37AM -0400, Peter Blair wrote:
> > > SSL certificates for a hostname requires a unique IP address.  Are you
> > > trying to do virtual name hosting with https?
> > > 
> > > On 6/27/06, FTP <[EMAIL PROTECTED]> wrote:
> > > >On Mon, Jun 26, 2006 at 08:30:29AM -0700, Scott Francis wrote:
> > > >> On 6/26/06, FTP <[EMAIL PROTECTED]> wrote:
> > > >> >Hi there,
> > > >> >
> > > >> >I was trying to start Apache in SSL mode and I did follow the
> > > >> >http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued
> > > >> >"apachectl startssl" and everything went fine.
> > > >> >
> > > >> >Now, when I point to the https:// from my server I get an
> > > >> >"unable to connect error"!
> > > >> >
> > > >> >What did I do wrong?
> > > >> >
> > > >> >In the ssl_engine_log I get: "Configuring server new.host.name:443 
> > > >> >for 
> > > >SSL
> > > >> >protocol". This server has no domain assigned. Did I do something 
> > > >> >wrong 
> > > >in
> > > >> >the certs?
> > > >>
> > > >> no, but you probably neglected to edit /var/www/conf/httpd.conf
B
> > > >> appropriately (ServerName and NameVirtualHost come to mind, as well as
> > > >> the appropriate name-specific parts of the SSL config in the same
> > > >> file). ssl_engine_log probably won't give you the info you need here;
> > > >> take a look at your access_log and error_log.
> > > >> --
> > > >> [EMAIL PROTECTED],darkuncle.net} || 0x5537F527
> > > >>encrypted email to the latter address please
> > > >>http://darkuncle.net/pubkey.asc for public key
> > > >>
> > > >
> > > >Thanks for your reply.
> > > >
> > > >Well, the error_log doesn't get any message. Also, the regular http does 
> > > >show the web page without having the IP address in the http.conf file. 
> > > >Why 
> > > >doesn't this work with SSL as well?
> > > >Certs etc. are in the correct path.
> > > >
> > > >Thanks
> > > >
> > > >George
> > > >
> > > >
> > 
> > the weird thing is that I don't anything in the logs! No errors - nothing!
> >
> 
> some more ifo:
> 
> when trying curl https://localhost I get the follwing:
> 
> curl: (60) Failed to connect to ::1: Connection refused
> More details here: http://curl.haxx.se/docs/sslcerts.html
> 
> curl performs SSL certificate verification by default, using a "bundle"
>  of Certificate Authority (CA) public keys (CA certs). The default
>   bundle is named curl-ca-bundle.crt; you can specify an alternate file
>using the --cacert option.
>If this HTTPS server uses a certificate signed by a CA represented in
> the bundle, the certificate verification probably failed due to a
>  problem with the certificate (it might be expired, or the name might
>   not match the domain name in the URL).
>   If you'd like to turn off curl's verification of the certificate, use
>the -k (or --insecure) option.
> 
> if I issue curl -k https://localhost instead, I do get the page. Could it be 
> due to the self-signed cert?
> 
> Thanks George
>

even more info:

when I try to access the site via lynx I do get an SSL error message moaning 
that I have a self-signed cert. After accepting this, the page gets dispalyed.
So it looks like the problem is with the CA? How do I correct that?
I found the a reference in "manual/mod/mod_ssl/ssl_faq.html#ToC24" but mentions 
a "sign.sh" script wich isn't present in the OBSD package. 

Thanks

George

Radeon X Driver?

[L. V. Lammert]

Has anyone tried one of the 'accelerated drivers' with a 'Radeon VE QY'?

Can't seem to find anything on the lists, ..

Lee

[Fwd: Re: about uhidev.h]

[Sahil R Cooner]

The following is an email I forwarded to the developer of the usb sub 
system for mice and various other things.

I am trying to get a USB Microsoft Optical Notebook mouse working with 
obsd.  I am running current.  My dmesg is listed above and the device 
seems to attach, but there is not output from cat(ting) the device.  I 
believe that a person had similar 
errors(http://www.consultmatt.co.uk/freebsd_intellimouse) and that ums.c 
may need to be modified, I will try and hack away at this, but in the 
meantime if anybody has any wisdom on the subject, please do inform me, 
thank you.  I do believe it may have to do with my device coming with 
it's own unique byte sequence or some other oddity.

--sahil
X-Account-Key: account2
X-Gmail-Received: e25ad1fc242dd00b40199398e695d5c958f2e873
Delivered-To: [EMAIL PROTECTED]
Received: by 10.70.24.4 with SMTP id 4cs145154wxx; Tue, 27 Jun 2006 05:34:43 
-0700 (PDT)
Received: by 10.36.139.3 with SMTP id m3mr1097841nzd; Tue, 27 Jun 2006 05:34:42 
-0700 (PDT)
Return-Path: <[EMAIL PROTECTED]>
Received: from smtp.eecs.umich.edu (smtp.eecs.umich.edu [141.213.4.43])
by mx.gmail.com with ESMTP id 15si11126884nzn.2006.06.27.05.34.41; Tue, 
27 Jun 2006 05:34:42 -0700 (PDT)
Received-SPF: pass (gmail.com: best guess record for domain of [EMAIL 
PROTECTED] designates 141.213.4.43 as permitted sender)
Received: from smtp.eecs.umich.edu (localhost.eecs.umich.edu [127.0.0.1])
by smtp.eecs.umich.edu (8.13.6/8.13.6) with ESMTP id k5RCYd9s020507 
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 08:34:40 -0400
Received: from localhost ([EMAIL PROTECTED])
by smtp.eecs.umich.edu (8.13.6/8.13.2/Submit) with ESMTP id 
k5RCYdke020504
for <[EMAIL PROTECTED]>; Tue, 27 Jun 2006 08:34:39 -0400
X-Authentication-Warning: smtp.eecs.umich.edu: binkertn owned process doing -bs
Date: Tue, 27 Jun 2006 08:34:39 -0400 (EDT)
From: Nathan Binkert <[EMAIL PROTECTED]>
X-X-Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: about uhidev.h
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_40,SPF_HELO_PASS, 
SPF_PASS autolearn=ham version=3.2.0-r372567
X-Spam-Checker-Version: SpamAssassin 3.2.0-r372567 (2006-01-26) on  
smtp.eecs.umich.edu
X-Virus-Scan: : UVSCAN at UoM/EECS

> I am emailing you because after looking at obsd code and trying to insert 
> VENDOR_ID and PRODUCT_ID's of my wireless notebook optical mouse.
You should really e-mail misc@openbsd.org (or tech@) and not developers 
directly.

> I have inserted these #defines into uhidev.h, I then continued to insert the 
> appropriate code structure into usbdevs_data.h
You only want to add entries to usbdevs and then run make to generate the 
other two.  (I assume you were talking about usbdevs.h and not uhidev.h)

> uhidev0 at uhub0 port 1 configuration 1 interface 0
> uhidev0: Microsoft Microsoft USB Wireless Mouse, rev 2.00/0.17, addr 2, 
> iclass 3/1
> uhidev0: 23 report ids
> ums0 at uhidev0 reportid 17: 5 buttons and Z dir.
> wsmouse1 at ums0 mux 0
> uhid0 at uhidev0 reportid 18: input=0, output=0, feature=1
> uhid1 at uhidev0 reportid 19: input=1, output=0, feature=0
> uhid2 at uhidev0 reportid 20: input=1, output=0, feature=0
> uhid3 at uhidev0 reportid 21: input=3, output=0, feature=0
> uhid4 at uhidev0 reportid 23: input=0, output=0, feature=1


> what am I missing ?
Im not sure, it looks correct to me.  I see ums0 (a usb mouse) and wsmouse 
attaching to it.  The uhidX devices are for extra buttons and such which 
microsoft decided to use different device IDs for. (for whatever reason.)


Anyways, good luck, and please send your questions to the mailing lists.

   Nathan

Re: Disk performance/benchmarking

[[EMAIL PROTECTED]@mgedv.net]

> I was mainly wanting to see a rough estimation of disk throughput 
> (MB/sec). 

try this in a state, where the machine is more or less idle
(you'd be able to setup a cronjob for this):

you will .5GB space for that ;-)

for i in 1 2 3 4 5
do
h_file="/a/clean/dir/on/your/disk/test_$i.data";
time dd if=/dev/zero of=$h_file bs=1m count=100;
time dd if=$h_file of=/dev/null bs=1m;
done;

don't forget to remove the files
dd will give you an avg bytes/sec on transfer, but
don't forget that these are with hw/os caching,
interferences with other active processes, and so on...

it's what you wanted: just rough estimation of how
fast your system will do basic disk io from userland.

this doesn't show how fast it could be, but will show
faster values than normal processing would deliver.
you could change the blocksize/count to increase/decrease
the work the system has to do for writing a specific amount
of data. the more the system has to work, the lesser the
blocksize and the lesser the throughput will be.
so "how fast is my disk" is always very depending on what
kind of action you do with it. transferring/working on
millions of small files will be much slower than working
on a few large files.

Re: Change MTU size TCP/IP Packets for 'black hole routers' within B SD 3.8 possible ?

[Karsten McMinn]

On 6/27/06, forums <[EMAIL PROTECTED]> wrote:

> this could be a "Black Hole
> Router Issue" and I should try to set the MTU (Maximum Transmission Unit)
> lower (the ping with a packet/framesize from 1472 indeed fails over this
> line). A packetsize from around 1300 works ok.


You should be tracking down the service provider who
maintains the IP transport on the sub 1500 byte MTU link.
No real service provider is using links with MTUs under
1500 bytes, but in cases where they are tunneling
or doing other things it be will munged if not deployed
properly.

As Joachim said, use ifconfig, pf and friends to set it
yourself. Although to check mtu you need to be
doing a "ping -D -s 1472 {host}" from a ethernet
connected host (replies verify a full 1500 byte
mtu is working) and "ping -D -s 1500 {host}" should give you
a icmp type 3 code 4. Remember that most firewalls
usually block large byte pings though.

Re: ssh login screen blank problem

[Denny White]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



On 6/27/06, Denny White <[EMAIL PROTECTED]> wrote:
[snip]

okay while in xwindows from xterm. But, when I try to ssh
in from either obsd box to the windows box from a regular
terminal window, I get in, but after that, the screen is
blank. Only way to get the terminal window back is to exit

[snip]

am coming up blank. Just trying to find out if anyone else
has encountered this problem & what they did to solve it.




Today Jeff Quast wrote:


I have this problem with a freebsd shell provider.

I fixed it intermidently by starting screen before sshing out.
This filters out the garbage they output to my display.
Explicitly exporting TERM as vt220 or wsvt25 before you
ssh to the box may help as well. It didn't for me.

My best guess is the cgywin box has one of those
super-cool-eleet colored bash prompts.
touch ~/.hushlogin and set PS1=$ in the winbox .profile.

Setting PS1=$ and .hushlogin did not work for me, I requested
the shell provider to add an if statement in the global
profile to honor .hushlogin before printing out the stupid ansi colored
news/motd/whatever it was they were doing.


Had another box running FreeBSD 5.4 with identical ttys set
up and was able to login to the windows box from a terminal
window okay. Thanks for any help.

As Stuart pointed out, the term code is different.


Denny White

jdq




Thanks Jeff, and to Stuart also. Changed the bash shell prompt
to the same on these 2 obsd boxes & problem was solved. I'll
miss the color when working on the winxp box in cygwin, due
to my bad eyes, but I'll learn to live with it. :-) Thanks,
also, for the info about the differences in the term codes
between fbsd & obsd. 'Nother thing to read up on.

Denny White

GnuPG key  : 0x1644E79A  |  http://wwwkeys.nl.pgp.net
Fingerprint: D0A9 AD44 1F10 E09E 0E67  EC25 CB44 F2E5 1644 E79A
iD8DBQFEoWXmy0Ty5RZE55oRAsajAKCUKNweUSuW/GAYwGsVfjaeNBrk5QCeKdoV
B+waI2HWSQhwaY/FkCVhaLY=
=H8hK
-END PGP SIGNATURE-

sasync questions

[James Mackinnon]

Hey all

I'm here setting up a nice little setup with 2 3.9 OBSD boxes using pfsync and
it works great.

I'm now at the point to create tunnels to other systems which need to use
sasync but not finding alot of documentation regarding sasync at this time.

I've check the FAQ and did googlin in hopes to find a dry step by step on it.

If anyone has done this, can they share a step by step.

I'm hoping to save some time and then I can do some detailed testing and put
this into my network when all is done.

Anyhow, any input would be great.

Thanks

James Mackinnon

Re: sasync questions

[Spruell, Darren-Perot]

From: [EMAIL PROTECTED] 
> I'm now at the point to create tunnels to other systems which 
> need to use
> sasync but not finding alot of documentation regarding sasync 
> at this time.
> 
> I've check the FAQ and did googlin in hopes to find a dry 
> step by step on it.
> 
> If anyone has done this, can they share a step by step.
> 
> I'm hoping to save some time and then I can do some detailed 
> testing and put
> this into my network when all is done.
> 
> Anyhow, any input would be great.

In -current you can find the results of new work on the sasync stuff.
-current man pages have this:

http://www.openbsd.org/cgi-bin/man.cgi?query=sasyncd&sektion=8&apropos=0&man
path=OpenBSD+Current&arch=i386

and

http://www.openbsd.org/cgi-bin/man.cgi?query=sasyncd.conf&sektion=5&apropos=
0&manpath=OpenBSD+Current&arch=i386

DS

Re: has anyone seen this kernel panic before?

[gr lists]

Thanks Reyk,

I read the comment in the CVS for 1.130, and it looks like the fix is
related to jumbo frames... but we dont really use jumbo frames here.
Does this crash happen even if we are using the default mtu?

Cheers :)

On 6/27/06, gr lists <[EMAIL PROTECTED]> wrote:

Thanks Reyk,

I read the comment in the CVS for 1.130, and it looks like the fix is
related to jumbo frames... but we dont really use jumbo frames here.
Does this crash happen even if we are using the default mtu?

Cheers :)

On 6/26/06, Reyk Floeter <[EMAIL PROTECTED]> wrote:
> hi,
>
> the em crashes have been fixed in 3.9-current
> (src/sys/dev/pci/if_em.c since 1.130).
>
> reyk
>
> > we have been running a couple of failover openbsd boxes (3.9 + pf +
> > carp + software raid mirror) since it came out in early may, but now
> > the master server crashed on us.
> >
> > This is the the series of unfortunate events:
> > - MASTER crashed, and BACKUP failed over fine, it was doing the job as a
> > backup.
> > - We rebooted MASTER.
> > - When it started up (MASTER still in software raid rebuild), the BACKUP
> > crashed
> > - We CTRL+C out of software raid rebuild on MASTER, that caused the
> > boot to fail.
> > - We rebooted MASTER while BACKUP was rebuilding it's raid.
> > - When they both came up, they both crashed.
> > - Now we are just running the BACKUP (we didn't hookup MASTER to the
> > network again because these are production FWs)
> >
> > Below the pictures of the traceback of the kernel panic:
> >
> > http://img61.imageshack.us/img61/1840/photo0615060079iq.jpg
> > http://img83.imageshack.us/img83/9694/photo0615060096po.jpg
> > http://img83.imageshack.us/img83/4933/photo0615060105ok.jpg
> > http://img372.imageshack.us/img372/6112/photo0615060116pg.jpg
> > http://img458.imageshack.us/img458/817/photo0615060124fy.jpg
> > http://img375.imageshack.us/img375/2738/photo0615060135iz.jpg
> > http://img105.imageshack.us/img105/3536/photo0615060144kx.jpg
> > http://img105.imageshack.us/img105/5137/photo0615060157vh.jpg
> > http://img144.imageshack.us/img144/9831/photo0615060163je.jpg
> > http://img144.imageshack.us/img144/4213/photo0615060183tj.jpg
> > http://img67.imageshack.us/img67/8005/photo0615060194xc.jpg
> > http://img359.imageshack.us/img359/6711/photo0615060200av.jpg
> > http://img377.imageshack.us/img377/2818/photo0615060210tz.jpg
> > http://img395.imageshack.us/img395/8412/photo0615060228kd.jpg
> > http://img395.imageshack.us/img395/3977/photo0615060235nr.jpg
> > http://img395.imageshack.us/img395/3948/photo0615060243pi.jpg
> >
> >
> > Any idea? is this really bad? We do not feel very confident bringing
> > the MASTER online now...
> >
> > Thanks :)

[OT] Blob: Pentagon fears enemies could tamper with chips

[chefren]

They are "getting the message"?

http://www.eetimes.com/showArticle.jhtml?articleID=189601876


Darpa posted a call for proposals under solicitation number 
BAA06-40 on June 5, calling for researchers to come up with 
"revolutionary advances in science, devices or systems" to support 
the verification that chips have been manufactured as intended and 
without interference.



Sounds a little stupid / "too revolutionary" to me...

Chips to be trusted? Make them yourselves! (And even then they can be 
compromised of course.)



Funny:


"Neither extensive electrical testing nor reverse engineering is
capable of reliably detecting compromised microelectronics
components."


Reverse engineering of samples should reveal the equivalent of "the 
source code", what they say here is that you can never trust anything 
100%. Which is true but clueless.



Not bad that this kind of understanding of security spreads.


The "blob theme" is incredibly hip!

Who came up with it?

+++chefren

Japanese language support

[Tito Mari Francis Escaño]

How can I enable Japanese language support in 3.8? How will my
applications be enabled to have it? I plan to setup a basic
installation with only Firefox and Windowmaker.
Thanks!

--
Tito Mari Francis H. Escaqo
Computer Engineer and Free Software Proponent

Re: ssh login screen blank problem

[Damien Miller]

if you are having problems with screen corruption when logging into
Cygwin, could you please try the diff below?

# cd /usr/src
# patch < blah.diff
# cd share/termtypes/
# make && make install

Let me know if it helps

Index: share/termtypes/termtypes.master
===
RCS file: /cvs/src/share/termtypes/termtypes.master,v
retrieving revision 1.35
diff -u -p -r1.35 termtypes.master
--- share/termtypes/termtypes.master26 Oct 2005 20:44:29 -  1.35
+++ share/termtypes/termtypes.master28 Jun 2006 02:10:44 -
@@ -3800,30 +3800,70 @@ cygwinB19|ansi emulation for cygwin32, 
 # I've indicated which of these were and which I used.
 # Cheers, [EMAIL PROTECTED]
 # several changes based on running with tack and comparing with older entry -TD
-cygwin|ansi emulation for Cygwin, 
-   am, eo, in, msgr, xon, 
-   colors#8, cols#80, it#8, lines#25, ncv#3, pairs#64, 
-   
acsc=+\020\,\021-\030.^Y0\333`\004a\261f\370g\361h\260j\331k\277l\332m\300n\305o~p\304q\304r\304s_t\303u\264v\301w\302x\263y\363z\362{\343|\330}\234~\376,
 
-   bel=^G, bold=\E[1m, clear=\E[H\E[J, cr=^M, cub1=^H, 
-   cud1=\E[B, cuf1=\E[C, cup=\E[%i%p1%d;%p2%dH, cuu1=\E[A, 
-   dch=\E[%p1%dP, dch1=\E[P, dl=\E[%p1%dM, dl1=\E[M, ed=\E[J, 
-   el=\E[K, el1=\E[1K, home=\E[H, hpa=\E[%i%p1%dG, ht=^I, 
-   hts=\EH, ich=\E[%p1%d@, ich1=\E[@, il=\E[%p1%dL, il1=\E[L, 
-   ind=^J, invis=\E[8m, kbs=^H, kcub1=\E[D, kcud1=\E[B, 
-   kcuf1=\E[C, kcuu1=\E[A, kdch1=\E[3~, kend=\E[4~, kf1=\E[[A, 
-   kf10=\E[21~, kf11=\E[23~, kf12=\E[24~, kf13=\E[25~, 
-   kf14=\E[26~, kf15=\E[28~, kf16=\E[29~, kf17=\E[31~, 
-   kf18=\E[32~, kf19=\E[33~, kf2=\E[[B, kf20=\E[34~, 
-   kf3=\E[[C, kf4=\E[[D, kf5=\E[[E, kf6=\E[17~, kf7=\E[18~, 
-   kf8=\E[19~, kf9=\E[20~, khome=\E[1~, kich1=\E[2~, 
-   knp=\E[6~, kpp=\E[5~, kspd=^Z, nel=^M^J, op=\E[39;49m, 
-   rc=\E8, rev=\E[7m, ri=\EM, rmir=\E[4l, rmpch=\E[10m, 
-   rmso=\E[27m, rmul=\E[24m, rs1=\Ec\E]R, sc=\E7, 
-   setab=\E[4%p1%dm, setaf=\E[3%p1%dm, 
-   
sgr=\E[0;10%?%p1%t;7%;%?%p2%t;4%;%?%p3%t;7%;%?%p4%t;5%;%?%p6%t;1%;%?%p7%t;8%;%?%p9%t;11%;m,
 
-   sgr0=\E[0;10m, smir=\E[4h, smpch=\E[11m, smso=\E[7m, 
-   smul=\E[4m, u6=\E[%i%d;%dR, u7=\E[6n, u9=\E[c, 
-   vpa=\E[%i%p1%dd, 
+# more changes from csw:
+#   addcbt   [backtab]
+#   remove eo[erase overstrike with blank]
+#   change clear was \E[H\E[J  now \E[2J  (faster?)
+#   remove cols
+#   remove lines
+#   remove ncv#3 [colors collide with highlights, bitmask] not applicable
+#to MSDOS box?
+#   addcub   [cursor back param]
+#   addcuf   [cursor forward param]
+#   addcuu   [cursor up param]
+#   addcud   [cursor down param]
+#   addhs[has status line]
+#   addfsl   [return from status line]
+#   addtsl   [go to status line]
+#   addsmacs [Start alt charset] (not sure if this works)
+#   addrmacs [End alt charset]   (ditto)
+#   addsmcup [enter_ca_mode] (save console; thanks Corinna)
+#   addrmcup [exit_ca_mode]  (restore console; thanks Corinna)
+#   addkb2   [center of keypad]
+#   addu8[user string 8] \E[?6c
+#   addel[clear to end of line] \E[K
+# Notes:
+#   cnorm [make cursor normal] not implemented
+#   flash [flash] not implemented
+#   blink [blink] not implemented very usefully in cygwin? \E[5m
+#   dim   [dim] not implemented very usefully in cygwin? \E[2m
+#   cub1  [cursor back 1] typically \E[D, but ^H is faster?
+#   kNXT  [shifted next key] not implemented
+#   kPRV  [shifted prev key] not implemented
+#   khome [home key] really is \E[1~ NOT \E[H
+#   tbc   [clear tab stops] not implemented
+#   xenl  [newline ignnored after 80 cols] messes up last line? Ehud Karni
+#   smpch [Start PC charset] is \E[11m, same as smacs
+#   rmpch [End PC charset] is \E[10m, same as rmacs
+#   mir   [move in insert mode] fails in tack?
+#   bce   [back color erase] causes problems with change background color?
+#   cvvis [make cursor very visible] causes a stackdump when testing with
+# testcurs using the output option? \E[?25h\E[?8c
+#   civis [make cursor invisible] causes everything to stackdump? \E[?25l\E[?1c
+#   ech   [erase characters param] broken \E[%p1%dX
+#   kcbt  [back-tab key] not implemented in cygwin?  \E[Z
+# (sgr removed to fit entry within 1023 bytes)
+# (acsc removed to fit entry within 1023 bytes)
+cygwin|ansi emulation for Cygwin:\
+   :am:hs:in:ms:xo:\
+   :Co#8:it#8:pa#64:\
+   :&7=^Z:@7=\E[4~:AB=\E[4%dm:AF=\E[3%dm:AL=\E[%dL:DC=\E[%dP:\
+   :DL=\E[%dM:DO=\E[%dB:F1=\E[23~:F2=\E[24~:F3=\E[25~:\
+   :F4=\E[26~:F5=\E[28~:F6=\E[29~:F7=\E[31~:F8=\E[32~:\
+   :F9=\E[33~:FA=\E[34~:IC=\E[%d@:K2=\E[G:LE=\E[%dD:\
+   :RI=\E[%dC:S2=\E[11m:S3=\E[10m:UP=\E[%dA:ae=\E[10m:\
+   :al=\E[L:as=\E11m:bl=^G:bt=\E[Z:cb=\E[1K:cd=\E[J:ce=\E[K:\
+   :ch=\E[%i%dG:cl=\E[H\E[J:cm=\E[%i%d;%dH:cr=^

automatically connect to wireless network

[Juan Luis Moyano]

Hi guys, is there any script or some package that lets me connect my 
obsd box automatically to an unsecured wireless AP? If so, is it 
possible for the connection to be made to the one that has the best 
signal strength? TIA.


Juan Luis Moyano

Re: automatically connect to wireless network

[Adam PAPAI]

On Wed, June 28, 2006 6:45, Juan Luis Moyano said:
> Hi guys, is there any script or some package that lets me connect my
> obsd box automatically to an unsecured wireless AP? If so, is it
> possible for the connection to be made to the one that has the best
> signal strength? TIA.

Just read your wireless driver's manual.

eg.:

The following hostname.if(5) example creates a host-based access point on
boot:

inet 192.168.1.1 255.255.255.0 NONE media autoselect
mediaopt hostap nwid my_net chan 11


-- 
Adam PAPAI
D i g i t a l Influence
E-mail: [EMAIL PROTECTED]
Phone: +36 30 33-55-735 (Hungary)
Phone: +49 176-67264167 (Germany)