Re: Trying to route through enc0
My apologies to everyone. This is a pf problem -- I've sorted it out. Thanks, -Stephen- Stephen Bosch wrote: > jared r r spiegel wrote: >> On Mon, Jul 17, 2006 at 05:25:38PM -0600, Stephen Bosch wrote: >>> route add -host 192.168.0.57 -interface enc0 >>> >>> I get this response: >>> >>> route: enc0: bad address >> -interface actually takes an address: >> >> --- >> If the destination is directly reachable via an interface requiring no >> intermediary system to act as a gateway, the -interface modifier should >> be specified; the gateway given is the address of this host on the >> common >> network, indicating the interface to be used for transmission. >> --- >> >> iow, it derives the iface based on what iface the addr you give it >> lives on. >> >>> Even though a security association for the target address exists on >>> enc0. Unfortunately, the device is not passing traffic to 192.168.0.57. >>> >>> I assume I need to add a route -- but is this even necessary? >> you will need to add a route to the other end of the tunnel >> so that traffic that originates on the local endpoint destined >> for an addr matching the remote addrspec (Destination in netstat >> -rnf encap) goes over the tunnel. >> >> if traffic originates on the local host and a matching route >> is found in the inet (or inet6, i suppose) table, that route >> is taken. if you have a default route, that will catch it >> (probably undesired), so you need an inet route to make it >> match something more specific than the default route in the >> inet table. >> >> traffic traversing the host (forwarded datagrams) will match >> the ipsec flows before they get looked up against the encap >> table (if this is not literally correct, it is the behaviour >> i've observed) and thus do not need a route. > > I am talking about forwarded datagrams in this case. That's been my > experience in the past, but it's not working right now. > > I'm using a device to NAT traffic from an internal host to the private > IP address the remote IPsec peer expects on my end. > > When I ping from the internal host and do a tcpdump on the internal > interface of the IPsec device, I see that the packets have been NATted > correctly and I would expect them to be matched to the appropriate flow > and passed through to the remote internal network -- yet I get > "Destination host unreachable" from the IPsec device. I note that that > is not the same as "No route to host", but I remain suspicious. I don't > see any of my pings go out on enc0. > > Just to eliminate the obvious -- the IPsec device is forwarding other > traffic just fine, and I have other working tunnels. > > -Stephen- > > > !DSPAM:44bc7cd3248752146810636!
Re: Which WLAN mini PCI card to use?
On Mon, 17 Jul 2006 15:45:54 -0400 "Jeff Quast" <[EMAIL PROTECTED]> wrote: > > ( on a side note, it apears the use of linux + windows driver wrappers > (madwifi?) on WRAP and soekris is very popular -- the very thought > makes me vomit a little bit in my mouth ) or with freebsd and pfsense (pfsense.com ) :-/ cause my atheros: http://www.atheros.com/pt/AR5002XBulletin.htm (scroll to AR5212 for info) don't work in 11a and 11g mode. the man page was let me thinking it was working, and i bought the stuff. i hope the real open driver will work soon. don't forget that the " ral" radio chipset seems to have poor radio performance (not really sensitive and a lot of power)
Re: Trying to route through enc0
jared r r spiegel wrote: > On Mon, Jul 17, 2006 at 05:25:38PM -0600, Stephen Bosch wrote: >> route add -host 192.168.0.57 -interface enc0 >> >> I get this response: >> >> route: enc0: bad address > > -interface actually takes an address: > > --- > If the destination is directly reachable via an interface requiring no > intermediary system to act as a gateway, the -interface modifier should > be specified; the gateway given is the address of this host on the common > network, indicating the interface to be used for transmission. > --- > > iow, it derives the iface based on what iface the addr you give it > lives on. > >> Even though a security association for the target address exists on >> enc0. Unfortunately, the device is not passing traffic to 192.168.0.57. >> >> I assume I need to add a route -- but is this even necessary? > > you will need to add a route to the other end of the tunnel > so that traffic that originates on the local endpoint destined > for an addr matching the remote addrspec (Destination in netstat > -rnf encap) goes over the tunnel. > > if traffic originates on the local host and a matching route > is found in the inet (or inet6, i suppose) table, that route > is taken. if you have a default route, that will catch it > (probably undesired), so you need an inet route to make it > match something more specific than the default route in the > inet table. > > traffic traversing the host (forwarded datagrams) will match > the ipsec flows before they get looked up against the encap > table (if this is not literally correct, it is the behaviour > i've observed) and thus do not need a route. I am talking about forwarded datagrams in this case. That's been my experience in the past, but it's not working right now. I'm using a device to NAT traffic from an internal host to the private IP address the remote IPsec peer expects on my end. When I ping from the internal host and do a tcpdump on the internal interface of the IPsec device, I see that the packets have been NATted correctly and I would expect them to be matched to the appropriate flow and passed through to the remote internal network -- yet I get "Destination host unreachable" from the IPsec device. I note that that is not the same as "No route to host", but I remain suspicious. I don't see any of my pings go out on enc0. Just to eliminate the obvious -- the IPsec device is forwarding other traffic just fine, and I have other working tunnels. -Stephen-
Re: Process dies when it reaches a size of 1GB.
Joe Gibbens wrote: I'm running squid-transparent on 3.9, and the process dies every time it reaches 1GB. FATAL: xcalloc: Unable to allocate 1 blocks of 4108 bytes! The system has 2GB ram # ulimit -aH time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes) 1048576 <- (where is this limit configured?) /sys/arch/i386/include/vmparam.h:#defineMAXDSIZ (1024*1024*1024)/* max data size */ Note though, I could not go to 2G on amd64, since the kernel elf-loader code would act up while compiling (and other parts later might aswell!), but I did try 1.5G with a complete make build going through. stack(kbytes)32768 lockedmem(kbytes)1907008 memory(kbytes) 1907008 nofiles(descriptors) 1024 processes532 How do I change the 1GB maximum data segment size? ulimit -d does not seem to change anything. Also, how do the limits in login.conf apply? The _squid user is in the daemon class, and that class is set to a data size of infinity? The resource limits are inherited from the hard limit that vmparam.h sets of course, so if you manage to increase it, the the login.conf "infinity" should go up also. You wont reach 2G though, if I can make a guess.
Re: Audio device
On Mon, Jul 17, 2006 at 04:42:15PM -0400, Steve Shockley wrote: > Can anyone suggest a good USB audio device that's supported under > OpenBSD? I'm looking for something that won't sound like crap when > played through a home stereo. I tried an AOpen PCI card some time ago > thinking that having an optical output would make having a cheap card > irrelevant, boy was I wrong, it sounded terrible. > > What I'd like: > > USB preferred, PCI okay. > SPDIF output, optical preferred. > CD/DVD-quality sound > Under US$100 > I'd suggest you to get any USB 1.1 class-compliant card with good DAC/ADC. I've got a m-audio mobile-pre that sounds very good. > I don't care about recording on the PC, just playback. > > I did find http://www.behringer.com/UCA202/index.cfm, but I have no idea > what's inside, so I don't know if it'll work under OpenBSD. i've never tested it, but from the manual it seems to be a good card; my experience with other behriger gears is that they have good quality/price ratio. Since the card is "driverless" it's probably class compliant and should work on OpenBSD. If you can test it, let me know how well it works. cheers, -- Alexandre
Re: OT: (don't open if you don't like) Kerberized FTP client/Server
Jan Johansson <[EMAIL PROTECTED]> wrote: Gustavo Rios <[EMAIL PROTECTED]> wrote: What kind of ftp client have you been using on windows for such task? Is it possible to have such environment working with standard openbsd ftp server ? KTelnet does Kerberized FTP but I would suggest using SSH/SCP because the clients are better. http://www.stacken.kth.se/~thn/ktelnet/beta/ It's really weird to have someone with the same name as you, living close to you and in the same computer club as you posting the same answers you do. We really need to synchronize whose turn it is to answer next time something obvious to us both comes up. ;) /Janne - no, you're not getting duplicates on misc@ - Johansson
Re: OT: (don't open if you don't like) Kerberized FTP client/Server
Eric Pancer wrote: On Mon, 2006-07-17 at 20:34:36 -0600, Bob Beck wrote... Authenticating using kerberos and ftp is possible, but why use clear text passwords. Set up ssh to use kerberos and use sftp/scp. There are many windows things out there to provide a bozo front end to sftp/scp. i.e. WinSCP, Secure Iexporer, etc. etc. I think he meant a kerberized ftp client, which means the password should never go across the wire. I know umich used to have one, and it had a "private" directive, but I don't think it's around anymore. - Eric There is one here. http://www.stacken.kth.se/~thn/ktelnet/
Process dies when it reaches a size of 1GB.
I'm running squid-transparent on 3.9, and the process dies every time it reaches 1GB. FATAL: xcalloc: Unable to allocate 1 blocks of 4108 bytes! The system has 2GB ram # ulimit -aH time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes) 1048576 <- (where is this limit configured?) stack(kbytes)32768 lockedmem(kbytes)1907008 memory(kbytes) 1907008 nofiles(descriptors) 1024 processes532 How do I change the 1GB maximum data segment size? ulimit -d does not seem to change anything. Also, how do the limits in login.conf apply? The _squid user is in the daemon class, and that class is set to a data size of infinity? # dmesg OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID real mem = 2146807808 (2096492K) avail mem = 1952808960 (1907040K) using 4278 buffers containing 107442176 bytes (104924K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 03/24/06, BIOS32 rev. 0 @ 0xffe90 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb900/208 (11 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1600 0xec000/0x4000! ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel E7230 MCH" rev 0x00 ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci3 at ppb2 bus 3 em0 at pci3 dev 2 function 0 "Intel PRO/1000MT (82546GB)" rev 0x03: irq 3, address 00:04:23:cb:3a:0a em1 at pci3 dev 2 function 1 "Intel PRO/1000MT (82546GB)" rev 0x03: irq 11, address 00:04:23:cb:3a:0b ppb3 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01 pci4 at ppb3 bus 4 bge0 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1 (0x4101): irq 10, address 00:15:c5:5e:61:9c brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb4 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01 pci5 at ppb4 bus 5 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 5 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 11 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb5 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xe1 pci6 at ppb5 bus 6 vga1 at pci6 dev 5 function 0 "XGI Technology Volari Z7" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM disabled pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 11 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 76293MB, 15625 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: irq 11 iic0 at ichiic0: disabled to avoid ipmi0 interactions isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ffe5 netmask ffed ttymask ffef pctr: user-level cycle c
Re: OT: (don't open if you don't like) Kerberized FTP client/Server
Gustavo Rios <[EMAIL PROTECTED]> wrote: > I am implementing an openbsd kerberos server and would like windows > client to connect to another openbsd ftp server using kerberos. Is > that possible? What kind of ftp client have you been using on windows > for such task? Is it possible to have such environment working with > standard openbsd ftp server ? KTelnet does Kerberized FTP but I would suggest using SSH/SCP because the clients are better. http://www.stacken.kth.se/~thn/ktelnet/beta/
breakage of umass between 3.8-3.9 on VIA VT83C572 USB
After updating one of my computers from OpenBSD 3.8 to 3.9, a umass device (an mp3 player, detected as "COWON iAUDIO U2, rev 2.00/1.10") stopped working. It worked flawlessly before (giving a similar message to that in the second dmesg), but now when I plug in I get error messages such as: ehci_sync_hc: tsleep() = 35 ehci_idone: ex=0xd0f0e000 is done! uhub3: device problem, disabling port 1 uhub3: port 1, set config at addr 2 failed This may be related to the problems noted here: http://article.gmane.org/gmane.os.openbsd.misc/72145/match=vt83c572+umass http://article.gmane.org/gmane.os.openbsd.misc/106437/match=vt83c572+umass Does anybody have any ideas? Is there a further step I should take to dig up useful information? I do not know how to proceed. Two dmesgs and some additional error messages follow. Thanks, Scott First, the dmesg for my updated computer, where it no longer works. OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 1.70GHz ("GenuineIntel" 686-class) 1.70 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM real mem = 502833152 (491048K) avail mem = 451727360 (441140K) using 4278 buffers containing 25243648 bytes (24652K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 02/12/03, BIOS32 rev. 0 @ 0xfdad0 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7720/144 (7 entries) pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8235 ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xc000 0xcc000/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA VT8751 PCI" rev 0x00 ppb0 at pci0 dev 1 function 0 "VIA VT8633 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "S3 ProSavage DDR" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) eap0 at pci0 dev 11 function 0 "Ensoniq AudioPCI" rev 0x00: irq 11 audio0 at eap0 midi0 at eap0: uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 11 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered viapm0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00 iic0 at viapm0 "unknown" at iic0 addr 0x18 not configured pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 28629MB, 58633344 sectors wd1 at pciide0 channel 0 drive 1: wd1: 16-sector PIO, LBA48, 157066MB, 321672960 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 6 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable atapiscsi1 at pciide0 channel 1 drive 1 scsibus1 at atapiscsi1: 2 targets cd1 at scsibus1 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 cd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 vr0 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x74: irq 11, address 00:07:95:df:0c:b4 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 5: OUI 0x004063, model 0x0032 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi1 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 it0 at isa0 port 0x290/8: IT87 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ef6d netmask ef6d ttymask ffef pctr: user-level cycle counter enabled ehci_sync_hc: tsleep() = 35 uhub3: device problem, disabling port 2 dkcsum: wd0 mat
Re: OT: (don't open if you don't like) Kerberized FTP client/Server
On Mon, 2006-07-17 at 20:34:36 -0600, Bob Beck wrote... > Authenticating using kerberos and ftp is possible, but why > use clear text passwords. Set up ssh to use kerberos and use sftp/scp. > There are many windows things out there to provide a bozo front end to > sftp/scp. i.e. WinSCP, Secure Iexporer, etc. etc. I think he meant a kerberized ftp client, which means the password should never go across the wire. I know umich used to have one, and it had a "private" directive, but I don't think it's around anymore. - Eric
sensorsd
Hey folks, I am running a Dell Precision Workstation, is it possible to have sensors working with such hardware? Any special consideration? Thanks in advance.
Re: OT: (don't open if you don't like) Kerberized FTP client/Server
* Gustavo Rios <[EMAIL PROTECTED]> [2006-07-17 20:16]: > Dear friends. > > I am implementing an openbsd kerberos server and would like windows > client to connect to another openbsd ftp server using kerberos. Is > that possible? What kind of ftp client have you been using on windows > for such task? Is it possible to have such environment working with > standard openbsd ftp server ? Authenticating using kerberos and ftp is possible, but why use clear text passwords. Set up ssh to use kerberos and use sftp/scp. There are many windows things out there to provide a bozo front end to sftp/scp. i.e. WinSCP, Secure Iexporer, etc. etc. -Bob
Re: Trying to route through enc0
On Mon, Jul 17, 2006 at 05:25:38PM -0600, Stephen Bosch wrote: > > route add -host 192.168.0.57 -interface enc0 > > I get this response: > > route: enc0: bad address -interface actually takes an address: --- If the destination is directly reachable via an interface requiring no intermediary system to act as a gateway, the -interface modifier should be specified; the gateway given is the address of this host on the common network, indicating the interface to be used for transmission. --- iow, it derives the iface based on what iface the addr you give it lives on. > Even though a security association for the target address exists on > enc0. Unfortunately, the device is not passing traffic to 192.168.0.57. > > I assume I need to add a route -- but is this even necessary? you will need to add a route to the other end of the tunnel so that traffic that originates on the local endpoint destined for an addr matching the remote addrspec (Destination in netstat -rnf encap) goes over the tunnel. if traffic originates on the local host and a matching route is found in the inet (or inet6, i suppose) table, that route is taken. if you have a default route, that will catch it (probably undesired), so you need an inet route to make it match something more specific than the default route in the inet table. traffic traversing the host (forwarded datagrams) will match the ipsec flows before they get looked up against the encap table (if this is not literally correct, it is the behaviour i've observed) and thus do not need a route. i think over time there have been a boatload of posts about this (probably even one by me) behaviour, but it might be a bit tricky to know what you're looking for. -- jared [ openbsd 3.9-current GENERIC ( jun 22 ) // i386 ]
OT: (don't open if you don't like) Kerberized FTP client/Server
Dear friends. I am implementing an openbsd kerberos server and would like windows client to connect to another openbsd ftp server using kerberos. Is that possible? What kind of ftp client have you been using on windows for such task? Is it possible to have such environment working with standard openbsd ftp server ? Thanks in advance.
Re: soekris and openbsd
> Gustavo Rios <[EMAIL PROTECTED]> wrote: > May some one suggest a good quality HD drive for use with Openbsd 3.9 > and Soekris net4801-60 hardware ? in the 4801s i have: wd1 at pciide0 channel 0 drive 1: wd1: 16-sector PIO, LBA, 38154MB, 78140160 sectors wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 http://www.fujitsu.com/us/services/computing/storage/hdd/mobile/mhv2120at.html no complaints thus far (uh ~1.5y - 2y ). before i had an airconditioner for the closet, hw.sensors.2 would read up around 73C in the hottest day i looked at it; no problems with the HD. reminds me, high time i put smart tools on there On Mon, Jul 17, 2006 at 12:31:44PM -0700, Chris Zakelj wrote: > > Be aware that the little inch long ribbon cable has > been suspected as the reason behind a number of > supposed drive failures. one of my ribbon cables ( if you can call them that ) was manufactured with physical errors, the soekris team was as accomodating with that as could be, and resolved the issue superquick. -- jared [ openbsd 3.9-current GENERIC ( jun 22 ) // i386 ]
IBM 586V crashes during boot
I have recently obtained a PC that I want to run OpenBSD, but can't get it to boot. When my 3.9 CD arrived I tried to boot it and got this before the boot prompt even showed up: http://shawnd.dyndns.org/photos/OpenBSD_CDBoot.jpg I then tried to boot from a floppy and got a little further but it hangs at pcibios0(Boot messages are below). The display is somewhat garbled on the VGA display. See http://shawnd.dyndns.org/photos/OpenBSD_FloppyBoot.jpg. Disabling pcibios0 helped it get further (Again see below) but it hangs after detecting the VGA. I also tried a Linux boot disk which hangs after displaying a bunch of "PCI : Cannot allocate resource region" messages. Memtest86+ and Windows NT 4.0 worked fine. I found a copy of the Diagnostics disk on the Internet and it passed all tests. The machine is an older industrial PC using an IBM 586VE CPU card (PICMIG form factor). The CPU card is an AMD K6-4 400MHz with 64MB of RAM and an SiS chipset (including LAN and Video). The only things on the motherboard are the slots(8 PCI, 7 ISA, 1 combined for CPU) and a pair of Intel PCI bridges. A 500MB Apple/IBM harddisk, a Sony CDROM and a floppy drive are the only things connected to the system. Anyone have any suggestions on what to try or is this machine just too odd? - Normal boot from floppy -- >> OpenBSD/i386 BOOT 2.10 boot> help commands: # boot echo env help ls machine reboot set stty time machine: boot diskinfo memory boot> machine diskinfo DiskBIOS# TypeCylsHeads SecsFlags Checksum fd0 0x0 label 80 2 18 0x2 0x0 hd0 0x80label 993 28 38 0x0 0x1c97cf7b boot> machine memory Region 0: type 1 at 0x0 for 637KB Region 1: type 2 at 0x9f400 for 3KB Region 2: type 2 at 0xe for 128KB Region 3: type 1 at 0x10 for 60416KB Region 4: type 2 at 0xfffe for 128KB Low ram: 637KB High ram: 60416KB Total free memory: 61053KB boot> boot booting fd0a:/bsd: 3287028+195168=0x35239c entry point at 0x100120 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.9 (RAMDISK) #1027: Thu Mar 2 02:47:13 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK cpu0: AMD-K6(tm)-III Processor ("AuthenticAMD" 586-class) 401 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX real mem = 62496768 (61032K) avail mem = 52146176 (50924K) using 788 buffers containing 3227648 bytes (3152K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 10/10/01, BIOS32 rev. 0 @ 0xfda11 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI BIOS has 5 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:01:0 ("SiS 85C503 System" rev 0x00) pcibios0: PCI bus #2 is the last bus ---Machine hangs here. If VGA is used the screen goes a little weird.--- -- boot with pcibios0 disabled -- boot> boot -c booting fd0a:/bsd: 3287028+195168=0x35239c entry point at 0x100120 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.9 (RAMDISK) #1027: Thu Mar 2 02:47:13 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK cpu0: AMD-K6(tm)-III Processor ("AuthenticAMD" 586-class) 401 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX real mem = 62496768 (61032K) avail mem = 52146176 (50924K) using 788 buffers containing 3227648 bytes (3152K) of memory User Kernel Config UKC> disable pcibios0 104 pcibios0 disabled UKC> quit Continuing... mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 10/10/01, BIOS32 rev. 0 @ 0xfda11 pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0xc000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "SiS 5597/5598 Host" rev 0x10 pcib0 at pci0 dev 1 function 0 "SiS 85C503 System" rev 0x01 pciide0 at pci0 dev 1 function 1 "SiS 5513 EIDE" rev 0xd0: 5597/5598: DMA, unused (couldn't map registers), channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4 wd0 at pciide0 channel 1 drive 0: wd0: 16-sector PIO, LBA, 516MB, 1057616 sectors wd0(pciide0:1:0): using PIO mode 3 "SiS 5597/5598 USB" rev 0x10 at pci0 dev 1 function 2 not configured sis0 at pci0 dev 2 function 0 "SiS 900 10/100BaseTX" rev 0x02: irq 11, address 00:06:29:f8:e6:e7 ukphy0 at sis0 phy 0: Generic IEEE 802.3u media interface, rev. 0: OUI 0x000760, model 0x vga1 at pci0 dev 8 function 0 "SiS 5597/5598 VGA" rev 0x68 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ---Machine hangs here. If VGA
Re: Do mp3 concatenation programs exist?
Okay, I can't believe I'm contributing to this noise, but ... I'm not sure I ever read where the OP said anything about going through an ISP. What happens if they're shuffling through a plethora of open wireless access points? The DHCP requests are going to get various private IP's that the AP's provide to the internal NAT'd boxes. If I put a biquad antenna at the focal point of an 18" DBS/DSS satellite dish the available AP's can greatly increase. just a thought ...
Trying to route through enc0
Hi: When I do this -- route add -host 192.168.0.57 -interface enc0 I get this response: route: enc0: bad address Even though a security association for the target address exists on enc0. Unfortunately, the device is not passing traffic to 192.168.0.57. I assume I need to add a route -- but is this even necessary? -Stephen-
Re: Which WLAN mini PCI card to use?
On Mon, 17 Jul 2006 15:45:54 -0400, Jeff Quast wrote: >On 7/17/06, Melameth, Daniel D. <[EMAIL PROTECTED]> wrote: >> Heinrich Rebehn wrote: >> > I want to build a WLAN router using a WRAP board running OpenBSD. >> > I am still unsure which wlan interface to use. I considered the CM9 >> > (ath(4)). >> > >> > Or are there better choices? >> >> It appears, at this time, ral is the best choice on OpenBSD. However, > >Do you know any miniPCI wireless card models that use a ral chipset? I >beleive also have some restrictive power requirements as well, from >their documentation: > >"J5, J6 miniPCI sockets These sockets implement the miniPCI interface. >Please note that the current available from the +5V supply is very >limited, and generated very inefficiently (linear regulator from input >supply). +5V should be used as a bias voltage only, not to power a >wireless radio !" > >I am not sure exactly what to read from that, I am not an electrical engineer. > >I have been holding back on purchasing a wifi card for WRAP for a long >time. I do not wish to financially support vendors who choose to use >the atheros chipset. I would be happy to hear of any non-atheros >experiences on WRAP. > >( on a side note, it apears the use of linux + windows driver wrappers >(madwifi?) on WRAP and soekris is very popular -- the very thought >makes me vomit a little bit in my mouth ) > > I use a ral PCI card in a Soekris. It is an MSI PC54G2. They make the same thing in miniPCI. See the hardware list in man 4 ral. DON'T choose a USB if you want hostap. The MSI is universal PCI i.e. works in a 5v or 3.3v slot. >From the land "down under": Australia. Do we look from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not.
Re: Recompiling Perl 5.8.6
On Sat, Jul 15, 2006 at 12:42:25PM +0200, Karel Kulhavy wrote: > Is it OK to download perl 5.8.6 (the same that is in OpenBSD 3.9) > then compile it using supplied hints/openbsd.sh and install over the > existing perl? I want GDBM_File and GDBM_File is in perl 5.8.6. > No, you don't know that it is the same. You'd better start off running a diff to make sure... Anyways, I can build a GDBM port, it's no hardship, and probably trivial to do...
Re: Do mp3 concatenation programs exist?
On 7/17/06, Pawel S. Veselov <[EMAIL PROTECTED]> wrote: [ skipped ] On Sun, Jul 16, 2006 at 01:22:51AM +0200, Peter Philipp wrote: >> Just from the fact that you make all those request for new leases makes you >> stand out. >And? The ISP cannot do anything. They can write a new clause to their EULA >that re-connecting within X amount of time is excessive and forbidden, and >notify the customer on that, so that they may adjust their settings. Comcast, cable service. Request new IP as much as you want, you gonna get the same one. May be the xDSL people need to patch their software to cache MAC addresses or physical connection identifier. What does this mean? What good would 'caching MAC addresses' any more than is currently done (since it is already done by dhcpd) do? If I were an ISP admin, and I found out there is somone requesting a new IP every minute (or every hour for that matter), the first thing I'd do is I'd start looking how to prevent it. Why? There's no way to stop people sending out random IP packets without you imposing some sort of dictatorial tax, and that would not go over well with the customers. It's not that much traffic in the grand scheme of the intarwebz, is it? Why would you go to that trouble? -- Pawel S. Veselov [vps], Sun Microsystems, Inc. Staff Engineer, Java Mobile Systems and Services Engineering __ __(O) _ __ e-mail: [EMAIL PROTECTED] \ V /| || ' \ HomePage: http://manticore.2y.net\_/ |_||_|_|_| Oh. ^
Re: Kerberos
From: [EMAIL PROTECTED] > you may have to fish online for some of the option > descriptions since stuff like > correct_des3_mic aren't in the manpage for krb5.conf. is > there any plan to > update the manpage with these missing options? Nope. gssapi(3) has that and more. DS
Re: soekris and openbsd
Gustavo Rios <[EMAIL PROTECTED]> wrote: May some one suggest a good quality HD drive for use with Openbsd 3.9 and Soekris net4801-60 hardware ? Thanks in advance. I would suggest just going through the reviews of notebook drives on www.storagereview.com. Be aware that the little inch long ribbon cable has been suspected as the reason behind a number of supposed drive failures.
Audio device
Can anyone suggest a good USB audio device that's supported under OpenBSD? I'm looking for something that won't sound like crap when played through a home stereo. I tried an AOpen PCI card some time ago thinking that having an optical output would make having a cheap card irrelevant, boy was I wrong, it sounded terrible. What I'd like: USB preferred, PCI okay. SPDIF output, optical preferred. CD/DVD-quality sound Under US$100 I don't care about recording on the PC, just playback. I did find http://www.behringer.com/UCA202/index.cfm, but I have no idea what's inside, so I don't know if it'll work under OpenBSD.
Re: Do mp3 concatenation programs exist?
[ skipped ] On Sun, Jul 16, 2006 at 01:22:51AM +0200, Peter Philipp wrote: >> Just from the fact that you make all those request for new leases makes you >> stand out. >And? The ISP cannot do anything. They can write a new clause to their EULA >that re-connecting within X amount of time is excessive and forbidden, and >notify the customer on that, so that they may adjust their settings. Comcast, cable service. Request new IP as much as you want, you gonna get the same one. May be the xDSL people need to patch their software to cache MAC addresses or physical connection identifier. If I were an ISP admin, and I found out there is somone requesting a new IP every minute (or every hour for that matter), the first thing I'd do is I'd start looking how to prevent it. [ skipped ] Thanks, Pawel. Bye. -- Pawel S. Veselov [vps], Sun Microsystems, Inc. Staff Engineer, Java Mobile Systems and Services Engineering __ __(O) _ __ e-mail: [EMAIL PROTECTED] \ V /| || ' \ HomePage: http://manticore.2y.net\_/ |_||_|_|_|
Re: BOB is dying.
On Mon, 2006-07-17 at 17:55:14 +0200, Han Boetes wrote... > I know a very peculiar fellow named Bob, his health is failing, > but I don't think it's that bad. Give him beer.
Re: Which WLAN mini PCI card to use?
On 7/17/06, Melameth, Daniel D. <[EMAIL PROTECTED]> wrote: Heinrich Rebehn wrote: > I want to build a WLAN router using a WRAP board running OpenBSD. > I am still unsure which wlan interface to use. I considered the CM9 > (ath(4)). > > Or are there better choices? It appears, at this time, ral is the best choice on OpenBSD. However, Do you know any miniPCI wireless card models that use a ral chipset? I beleive also have some restrictive power requirements as well, from their documentation: "J5, J6 miniPCI sockets These sockets implement the miniPCI interface. Please note that the current available from the +5V supply is very limited, and generated very inefficiently (linear regulator from input supply). +5V should be used as a bias voltage only, not to power a wireless radio !" I am not sure exactly what to read from that, I am not an electrical engineer. I have been holding back on purchasing a wifi card for WRAP for a long time. I do not wish to financially support vendors who choose to use the atheros chipset. I would be happy to hear of any non-atheros experiences on WRAP. ( on a side note, it apears the use of linux + windows driver wrappers (madwifi?) on WRAP and soekris is very popular -- the very thought makes me vomit a little bit in my mouth )
soekris and openbsd
May some one suggest a good quality HD drive for use with Openbsd 3.9 and Soekris net4801-60 hardware ? Thanks in advance.
Re: Dhcpd Bizarre!!!!!!!!!!!!!!!!
On 7/17/06, Rahul Sharma <[EMAIL PROTECTED]> wrote: On 7/17/06, turcu septimiu <[EMAIL PROTECTED]> wrote: > > > --- Rahul Sharma <[EMAIL PROTECTED]> wrote: > > > Hi Nick, > > Thank for your replies. > > But in that case I have to search the dhcpd enteries > > and then parse the > > /var/log/ daemon. > > But I Just want to create another file with the > > format i like. > > Plz anybody help!!! > > Thanks in advance > > Rahul > > > > On 7/14/06, Nick Guenther <[EMAIL PROTECTED]> wrote: > > > > > > On 7/13/06, Rahul Sharma > > <[EMAIL PROTECTED]> wrote: > > > > /*$OpenBSD: db.c,v 1.10 2004/09/16 18:35:42 > > deraadt Exp $*/ > > > > > > > > /* > > > > * Persistent database management routines for > > DHCPD. > > > > */ > > > > > > > > /* > > > > * Copyright (c) 1995, 1996 The Internet > > Software Consortium. > > > > * All rights reserved. > > > > * > > > > * Redistribution and use in source and binary > > forms, with or without > > > > * modification, are permitted provided that the > > following conditions > > > > * are met: > > > > * > > > > * 1. Redistributions of source code must retain > > the above copyright > > > > *notice, this list of conditions and the > > following disclaimer. > > > > * 2. Redistributions in binary form must > > reproduce the above copyright > > > > *notice, this list of conditions and the > > following disclaimer in > > > the > > > > *documentation and/or other materials > > provided with the > > > distribution. > > > > * 3. Neither the name of The Internet Software > > Consortium nor the names > > > > *of its contributors may be used to endorse > > or promote products > > > derived > > > > *from this software without specific prior > > written permission. > > > > * > > > > * THIS SOFTWARE IS PROVIDED BY THE INTERNET > > SOFTWARE CONSORTIUM AND > > > > * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR > > IMPLIED WARRANTIES, > > > > * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED > > WARRANTIES OF > > > > * MERCHANTABILITY AND FITNESS FOR A PARTICULAR > > PURPOSE ARE > > > > * DISCLAIMED. IN NO EVENT SHALL THE INTERNET > > SOFTWARE CONSORTIUM OR > > > > * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, > > INDIRECT, INCIDENTAL, > > > > * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES > > (INCLUDING, BUT NOT > > > > * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS > > OR SERVICES; LOSS OF > > > > * USE, DATA, OR PROFITS; OR BUSINESS > > INTERRUPTION) HOWEVER CAUSED AND > > > > * ON ANY THEORY OF LIABILITY, WHETHER IN > > CONTRACT, STRICT LIABILITY, > > > > * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) > > ARISING IN ANY WAY OUT > > > > * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED > > OF THE POSSIBILITY OF > > > > * SUCH DAMAGE. > > > > * > > > > * This software has been written for the > > Internet Software Consortium > > > > * by Ted Lemon <[EMAIL PROTECTED]> in > > cooperation with Vixie > > > > * Enterprises. To learn more about the > > Internet Software Consortium, > > > > * see ``http://www.vix.com/isc''. To learn > > more about Vixie > > > > * Enterprises, see ``http://www.vix.com''. > > > > */ > > > > > > > > #include "dhcpd.h" > > > > > > > > FILE *db_file; > > > > FILE *abc; > > > > static int counting = 0; > > > > static int count = 0; > > > > time_t write_time; > > > > > > > > /* > > > > * Write the specified lease to the current > > lease database file. > > > > */ > > > > int > > > > write_lease(struct lease *lease) > > > > { > > > > struct tm *t; > > > > char tbuf[64]; > > > > int errors = 0; > > > > int i; > > > > > > > > if (counting) > > > > ++count; > > > > errno = 0; > > > > fprintf(db_file, "lease %s {\n", > > piaddr(lease->ip_addr)); > > > > fprintf(abc,"%s\t",piaddr(lease->ip_addr)); > > > > if (errno) > > > > ++errors; > > > > > > > > t = gmtime(&lease->starts); > > > > snprintf(tbuf, sizeof(tbuf), "%d > > %d/%02d/%02d %02d:%02d:%02d;", > > > > t->tm_wday, t->tm_year + 1900, t->tm_mon > > + 1, t->tm_mday, > > > > t->tm_hour, t->tm_min, t->tm_sec); > > > > > > > > errno = 0; > > > > fprintf(db_file, "\tstarts %s\n", tbuf); > > > > fprintf(abc, "%s\t", tbuf); > > > > if (errno) > > > > ++errors; > > > > > > > > t = gmtime(&lease->ends); > > > > snprintf(tbuf, sizeof(tbuf), "%d > > %d/%02d/%02d %02d:%02d:%02d;", > > > > t->tm_wday, t->tm_year + 1900, t->tm_mon > > + 1, t->tm_mday, > > > > t->tm_hour, t->tm_min, t->tm_sec); > > > > > > > > errno = 0; > > > > fprintf(db_file, "\tends %s", tbuf); > > > > fprintf(abc, "%s\t", tbuf); > > > > if (errno) > > > > ++errors; > > > > > > > > if (lease->hardware_addr.hlen) { > > > > errno = 0; > > > > fprintf(db_file, "\n\thardware %s %s;", > > > > > > hardware_types[lease->hardware_addr.htype], > > > > > > print_hw_addr(lease->hardware_addr.htype, > > > > lease->hardware_addr.hlen, > > > >
Re: Boot panic with bsd.mp on a Compaq ProLiant 2500
Nick Shank <[EMAIL PROTECTED]> writes: > I happened to read this as I was on my way out of the office for the > week (yay for vacation, and a paid one at that) I don't recall the > exact error, but on 3 different SMP slot 1 machines, bsd.mp under 3.9 > complains about apic, and dies. PS shows swapper as the only thing > active. Will look more into it on Friday when I get back, and post > what I find. Although, the thought of going back a version or two > seems like it might work, as I know I've had 3.7 or 3.8 working on at > least one of my dual slot 1 machines... > Hope that helps at least a little bit, > Nick > > My Compaq ProLiant 2500 server has two Pentium Pro on socket 8, not on slot 1. $ dmesg | egrep "GENERIC|cpu" OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium Pro ("GenuineIntel" 686-class, 256KB L2 cache) 199 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV cpu0 at mainbus0 I don't know if it makes a difference for this kernel panic: [...] ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 28 pins ioapic0: misconfigured as apic 0, remapped to apic 2 panic: can't deal with not-all-lapics interrupt yet! [...] Unfortunately, this server is in production now and I can't go back in 3.7 or 3.8 to see if it works. Thanks again Nick. Francois -- http://www.chambaud.org
Re: Which WLAN mini PCI card to use?
Heinrich Rebehn wrote: > I want to build a WLAN router using a WRAP board running OpenBSD. > I am still unsure which wlan interface to use. I considered the CM9 > (ath(4)). > > My question: are there still problems with the 802.11g (54 Mbit) mode? > http://archives.neohapsis.com/archives/openbsd/2005-12/0192.html > > Also, the CM9 seems to use the 5213 chipset, which the manpage does > not mention. Is it also supported? > > Or are there better choices? It appears, at this time, ral is the best choice on OpenBSD. However, you might run into ral driver issues, noted at http://marc.theaimsgroup.com/?l=openbsd-misc&w=2&r=1&s=problem+sis+timeo ut+openbsd+3.9&q=b, until a fix is committed.
Re: raidctl on a live raid array, and the kernel debugger
Jason Murray writes: > I've tried, again, to fix my raid array with raidctl -R. I did it on the > console port this time so I could capture the output from ddb> > > Here is some output: > > # raidctl -s raid0 > raid0 Components: > /dev/wd0d: failed > /dev/wd1d: optimal > No spares. > Parity status: DIRTY > Reconstruction is 100% complete. > Parity Re-write is 100% complete. > Copyback is 100% complete. > > So I attempt an inplace reconstruction of wd0d. > > # > # raidctl -R /dev/wd0d raid0 > Closing the opened device: /dev/wd0d > About to (re-)open the device for rebuilding: /dev/wd0d > RECON: Initiating in-place reconstruction on > row 0 col 0 -> spare at row 0 col 0. > Quiescence reached... > > I then use raidctl -S to monitor the reconstruction. Things go well > until the 48% mark. Then I get: > > wd1d: uncorrectable data error reading fsbn 111722176 of > 11722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying > /wd1: transfer error, downgrading to Ultra-DMA mode 4 > wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 > wd1d: uncorrectable data error reading fsbn 111722176 of > 111722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying > wd1d: uncorrectable data error reading fsbn 111722248 of > 111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1), retrying > wd1d: uncorrectable data error reading fsbn 111722248 of > 111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1) > raid0: IO Error. Marking /dev/wd1d as failed. > Recon read failed ! > panic: RAIDframe error at line 1518 file > /usr/src/sys/dev/raidframe/rf_reconstruct.c > Stopped at Debugger+0x4: leave > RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! > > DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! > > This concerns me because I need wd1d to rebuild my failed wd0d. Any > ideas? Drive cables maybe? Any help is greatly appreciated. You have recent backups, right? wd1 is failing/dying. At this point you're probably better off in attempting to use 'dd' to recover as many bits as you can... (if you do a 'dump' of the filesystem you can probably tell from that whether or not there is any 'live data' in the portion that is unreadable if there isn't any live data, then you can use 'dd' to make as much of a copy as possible of wd1, and use that as the base for reconstructing the RAID set.) Later... Greg Oster
Re: BOB is dying.
Stephen Bosch wrote: Tim Donahue wrote: I swear, spam keeps getting wierder and wierder My own theory is that these are messages designed (by the spammers) to test spam filters. I think they are banking on the idea that users will flag it as spam and thusly add legit words to the "potentially bad words" list. I think this because every time I get an email like this, all the words are spelled correctly. Kenny
Re: Do mp3 concatenation programs exist?
thus Pawel S. Veselov spake: On Sun, Jul 16, 2006 at 04:26:55PM +0200, Jonathan Schleifer wrote: [ skipped ] All you achieve with this idiotic idea is that you get the providers attention because you spam their logs and they'll propably cancel the contract because of abuse. Heh, have you ever tried calling an ISP ? I mean big ISP, and you calling with a technical question ? depends on who's calling, a guy with a 56k dialup or 25Mbps DSLame or someone with a bunch of E3/T3s... Gives you perspective on what kinda staff runs the ISPs these days. Also, how many new leases are requested from this provider every minute ? Would another one count ? Don't think so. that's one side of the coin. the other one is that surely monitoring of these services takes place and one can clearly see his line at the DSLAM causing requests for a new lease on a per-minute basis. that's not a 'resource problem' at that moment, but should cause the raise of attention. (a single virus is no problem for your body and immune system; however, it will immediately start its defense. same should apply to the ISP.) Having service terminated because of an illegal client behavior is the least likely thing to happen nowadays. err, you read those news on the net? why do ISPs block port 25? why do they implement traffic shaping? why do they force customers to use transparent proxies? etc. Hey, they don't care if your compulter is loaded with viruses that redistribute themselves like crazy. why should they? that'd mean surveillance at L6/7 which is nonsense (at least, you're not the NSA etc.). they can max out their line, that's all. Or if you are sending spam. not causing waste of resources beyond the line. No one is watching your connection, unless someone comes to your ISP with a warrant of sorts. ISP needs your 30 bucks a month more than they need anything else. nah, that's a bad argument. abuse is abuse, no matter what the customer pays -- if he violates what's part of the contract, the ISP can do what it wants to stop it. [ skipped ] Thanks, Pawel. P.S. This thread needs a new name dying threads don't need new subjects ;) P.P.S. lol, no one from this list works for an ISP ? :) i think there indeed are people working for ISPs. :)
PF rules not working (traffic blocked on way back out)
Hi people... I wonder if anyone can see what is up with these firewall rules. We have two external IP ranges from our ISP. We're trying to migrate from IPCop to OpenBSD so we can use the extra range, using a CARPed cluster of two 3.8 machines. Initially we just want to get a single Windows web server running behind it. -- isp router -- | | | | ipcop - | | openbsd1 openbsd2 | | - | | webserv1 webserv2 This morning we set the default route of the web server to send traffic through the new firewalls, and I a ## # INTERFACES # ## ext_if = "vr0" dmz_if = "em0" int_if = "em1" pfsync_phys_if = "em1" pfsync_secure_if = "enc0" all_if = "{ vr0, em0, em1 }" # can't antispoof on em1 because enc0 (created by ipsec) shares an IP range # not critical as this is on the internal interface anyway antispoof_if = "{ vr0, em0 }" ## # ADDRESSES AND SERVICES # ## ### External table persist { a.b.c.d/28, e.f.g.h/28 } ### DMZ dmz_ad="10.0.0.0/16" dmz_tcp_services_out = "{ http, https, ftp, ntp, domain, 5999 }" # 5999 is cvsup (FreeBSD) dmz_udp_services_out = "{ ntp, domain }" ## webserv1 webserv1_ext_ad = "x.x.x.x" webserv1_dmz_ad = "10.0.0.12" gr8_ext_ad = "x.x.x.x" gr8_dmz_ad = "10.0.0.13" codeweavers_secure_ext_ad = "x.x.x.x" codeweavers_secure_dmz_ad = "10.0.0.14" dealersystem_ext_ad = "x.x.x.x" dealersystem_dmz_ad = "10.0.0.15" easidrive_ext_ad = "x.x.x.x" easidrive_dmz_ad = "10.0.0.21" ## webserv2 (cluster) # primary dmz address is "physical address", others are CARPED webserv2_ext_ad = "x.x.x.x" webserv2_dmz_primary_ad = "{ 10.0.1.1, 10.0.1.2 }" webserv2_dmz_ad = "{ 10.0.100.1, 10.0.101.1 }" # applies to all webservers webserver_tcp_services = "{ http, https, ssh }" webserv1_extra_tcp_services = "{ smtp, 3389 }" ## database servers magneto_dmz_ad = "10.0.2.1" mystique_dmz_ad = "10.0.2.2" dbserv_ext_ad = "x.x.x.x" dbserv_tcp_services = "{ , 2223 }" # Internal table persist { 192.168.136.0/24, 192.168.0.0/24 } intranet_ext_ad = "x.x.x.x" jigsawfirewall_ad = "192.168.136.251" jigsawfirewall_tcp_services_in = "{ smtp }" # include both firewalls here to save maintaining separate # scripts for each server # note: these are the IPs used over the internal interface firewall_ad = "{ 192.168.136.253, 192.168.136.252, 192.168.254.254, 192.168.254.253 }" # Spam table persist # DEFAULTS # # dont filter on loopback: set skip on lo0 # # SCRUBBING # # # clean all packets: # - random-id: helps prevent OS identification and NAT host counting # - reassemble tcp: used with fragment reassemble for NAT # - fragment reassemble: makes sure packet fragments are reassembled before # sending through the network scrub all reassemble tcp scrub in all fragment reassemble scrub out all random-id ### # NAT/REDIRECTION # ### ### DMZ nat on $ext_if inet proto { tcp, udp, icmp } \ from $webserv1_dmz_ad -> $webserv1_ext_ad nat on $ext_if inet proto { tcp, udp, icmp } \ from $webserv2_dmz_primary_ad -> $webserv2_ext_ad nat on $ext_if inet proto { tcp, udp, icmp } \ from { $magneto_dmz_ad, $mystique_dmz_ad } -> $dbserv_ext_ad ## webserv1 rdr on { $ext_if, $int_if } inet proto tcp \ from any to $webserv1_ext_ad port { http, https, ssh, smtp, 3389 } \ -> $webserv1_dmz_ad rdr on { $ext_if, $int_if } inet proto tcp \ from any to $codeweavers_secure_ext_ad port { http, https } \ -> $codeweavers_secure_dmz_ad rdr on { $ext_if, $int_if } inet proto tcp \ from any to $dealersystem_ext_ad port { http, https } \ -> $dealersystem_dmz_ad rdr on { $ext_if, $int_if } inet proto tcp \ from any to $gr8_ext_ad port { http, https } \ -> $gr8_dmz_ad rdr on { $ext_if, $int_if } inet proto tcp \ from any to $easidrive_ext_ad port { http, https } \ -> $easidrive_dmz_ad ## webserv2 (load balancing) rdr on { $ext_if, $int_if } inet proto tcp \ from any to $webserv2_ext_ad port http -> $webserv2_dmz_ad port http \ round-robin sticky-address rdr on { $ext_if, $int_if } inet proto tcp \ from any to $webserv2_ext_ad port https -> $webserv2_dmz_ad port https \ round-robin sticky-address rdr on { $ext_if, $int_if } inet proto tcp \ from any to $webserv2_ext_ad port ssh -> $webserv2_dmz_ad port ssh \
Re: Do mp3 concatenation programs exist?
On Sun, Jul 16, 2006 at 04:26:55PM +0200, Jonathan Schleifer wrote: [ skipped ] >All you achieve with this idiotic idea is that you get the providers >attention because you spam their logs and they'll propably cancel the >contract because of abuse. Heh, have you ever tried calling an ISP ? I mean big ISP, and you calling with a technical question ? Gives you perspective on what kinda staff runs the ISPs these days. Also, how many new leases are requested from this provider every minute ? Would another one count ? Don't think so. Having service terminated because of an illegal client behavior is the least likely thing to happen nowadays. Hey, they don't care if your compulter is loaded with viruses that redistribute themselves like crazy. Or if you are sending spam. No one is watching your connection, unless someone comes to your ISP with a warrant of sorts. ISP needs your 30 bucks a month more than they need anything else. [ skipped ] Thanks, Pawel. P.S. This thread needs a new name P.P.S. lol, no one from this list works for an ISP ? :)
Re: raidctl on a live raid array, and the kernel debugger
On 7/17/06, Jason Murray <[EMAIL PROTECTED]> wrote: I've tried, again, to fix my raid array with raidctl -R. I did it on the console port this time so I could capture the output from ddb> Here is some output: yay! I then use raidctl -S to monitor the reconstruction. Things go well until the 48% mark. Then I get: wd1d: uncorrectable data error reading fsbn 111722176 of 11722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying /wd1: transfer error, downgrading to Ultra-DMA mode 4 wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 wd1d: uncorrectable data error reading fsbn 111722176 of 111722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying wd1d: uncorrectable data error reading fsbn 111722248 of 111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1), retrying wd1d: uncorrectable data error reading fsbn 111722248 of 111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1) raid0: IO Error. Marking /dev/wd1d as failed. Recon read failed ! panic: RAIDframe error at line 1518 file /usr/src/sys/dev/raidframe/rf_reconstruct.c Stopped at Debugger+0x4: leave In case the output is not clear enough, there is an error reading block numbers 11722176 through 111722303 on wd1. This is not an issue with raidframe. This is an issue with your IDE disk. (or ide controller, etc...) Test the disk thoroughly using badblocks from the e2fstools port and I am sure it will reproduce the exact same console output. and panic, though a different backtrace. That OpenbSD crashes when an ide disk fails to communicate properly is not the fault of OpenBSD, and definitly not raidframe. OpenBSD actualy tried to do you a favor and step down the communication speed ( /wd1: transfer error, downgrading to Ultra-DMA mode 4 ), in case it were the fault of the ide controller or what have you. I think I can easily guess that this is why raidframe marked the disk bad in the first place. You need to replace the disk with a fresh disk of similar or greater geometry size, copy the disklabel onto the new disk, and reconstruct. This is what raid is for. Unfortunatly for you, your raid is both software and ide. This is why the kernel panics.
Re: BOB is dying.
Tim Donahue wrote: > I swear, spam keeps getting wierder and wierder I know a very peculiar fellow named Bob, his health is failing, but I don't think it's that bad. # Han
come aumentare la sicurezza negli incroci
STOP VELOX Cosh E' un sistema segnaletico dotato di sensore che permette la segnalazione della presenza dello stop ai veicoli che arrivano presso lo stop a velocit` troppo elevata. Il sistema h completamente autonomo dalla rete elettrica in quanto dotato di alimentazione fotovoltaica Benefici Riduzione della velocit` nei pressi degli incroci Aumento della sicurezza con riduzione sinistri Installazione semplice ed immediata Zero costi di allaccio elettrico alla rete, per passaggio dei cavi, per gli scavi, per il ripristino. Zero costi di consumo elettrico e quindi niente BOLLETTE! Sistema non soggetto a Black-out Applicazioni tipiche Incroci pericolosi su strade a media ed alta velocit`. VISITA IL NOSTRO SITO: www.everlight.it SFOGLIA IL NOSTRO CAYALOGO: www.everlight.net Via Martiri della Libert`, 78 66054 Vasto (CH) Tel 0873.69659 Fax 0873.753116 [demime 1.01d removed an attachment of type image/jpeg which had a name of 1.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of 2.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of 3.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of 4.jpg]
Re: BOB is dying.
Tim Donahue wrote: > I swear, spam keeps getting wierder and wierder My own theory is that these are messages designed (by the spammers) to test spam filters. > > > On Fri, 14 Jul 2006 20:43:50 -0700 (PDT) > "Anon Y. Mous" <[EMAIL PROTECTED]> wrote: > >> BOB is dying. >> Right turn on RED. >> Tired of spam? Yahoo! Mail has the best spam protection around >> http://mail.yahoo.com
Re: Icecast manual page
Karel Kulhavy [2006-07-17, 16:53:40]: > Hello > > After pkg_add icecast 2.3.1 into OpenBSD 3.9 I realized there is no manual > page. No man icecast, although there is an executable called icecast. > Also no info icecast. > > I suggest that this manpage is added if one exists, or at least a dummy one > which points to the URL and says that the original project doesn't have one. Next to man pages, other forms of ports documentation are installed into /usr/local/share/doc/. You will find icecast documentation there. If you want a man page, I suggest you contact the icecast authors... -- steven Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Icecast manual page
Hello After pkg_add icecast 2.3.1 into OpenBSD 3.9 I realized there is no manual page. No man icecast, although there is an executable called icecast. Also no info icecast. I suggest that this manpage is added if one exists, or at least a dummy one which points to the URL and says that the original project doesn't have one. CL<
Which WLAN mini PCI card to use?
Hi list, I want to build a WLAN router using a WRAP board running OpenBSD. I am still unsure which wlan interface to use. I considered the CM9 (ath(4)). My question: are there still problems with the 802.11g (54 Mbit) mode? http://archives.neohapsis.com/archives/openbsd/2005-12/0192.html Also, the CM9 seems to use the 5213 chipset, which the manpage does not mention. Is it also supported? Or are there better choices? Thanks for any info, Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - Phone : +49/421/218-4664 Fax :-3341
Re: BOB is dying.
I actually ran across one of those shady web sites selling commercial software at rediculous prices last year. The interesting part was that they were offering Microsoft BOB 1.0 for $30.00 On 7/16/06, Chris Zakelj <[EMAIL PROTECTED]> wrote: > > Matthias Kilian wrote: > > On Sun, Jul 16, 2006 at 02:54:35PM -0400, Tim Donahue wrote: > > > >> I swear, spam keeps getting wierder and wierder > >> > > It's not spam, it's modern art. You can use it for poetry. > I thought it might have been one of those "BSD is dying!" trolls on > slashdot, except they were referring to Microsoft BOB. Ten years late, > but at least they'd have gotten one right for a change :)
Re: Do mp3 concatenation programs exist?
Very enteraining. Thanks all for brightening my morning On 7/17/06, Rod.. Whitworth <[EMAIL PROTECTED]> wrote: > > On Mon, 17 Jul 2006 05:53:04 -0400, Marcus Watts wrote: > > >Randomness leading up to > >> > There are no useful answers for idiots. > >> > >> I like that phrase, I'll have to remember that one. > > > >Just for the hell of it, I'll try offering a few > >useless answers. > > > > { it's clear the originator isn't worried about secrecy > > or anonymity, given he's using a remote radius server > > and asked for help in a public forum. } > > > > { if he *was* interested in privacy & anonymity, surely he'd > > be exploring broadcast or unidirectional protocols such as > > digital radio mondiale and not asking us questions. } > > > >1. I'm pretty sure Vincent Cerf didn't intend for any tcp protocols to > >survive changing the IP address every minute. Although a lot of his > >work seems to have involved machines that were too heavy to carry and > >too expensive to re-address every minute, he appears to have > >nevertheless been keenly interested in mobile computing & radio use > >before either were common. I've no doubt he'd be amused by the > >originator's attempt, though I doubt he'd be supportive. The problem > >does sound remarkably like a "worst case" roaming scenario with > >wireless IP. Maybe something involving a revolving restaurant? > > > > { Since the originator of this thread appears to have been > > relying on what are presumably non-dedicated data circuits & > > shared servers, his connections are subject to random delay > > depending on competition from other user(s) of those services. > > Excessive delay will surely lead to lost data, and snippets > > that cannot be pasted together without weirdness. > > Presumably those delays will get worse with time... } > > > >2. If you *were* trying to piece together a reliable data feed > >out of very short snippets, you'd probably have much better luck > >if you managed up to *two* separate overlapping connections -- > >dropping one once you've sync'd up with the other. Dropping > >duplicated data is easier than recreating lost data. > > > >3. If you wanted to use internet protocols to give you a reliable > >feed (instead of making one yourself as in 2), you'll want to run > >a vpn on top of your physical connection, so that you can then > >use tcp to manage packet drops due to the underlying connection > >randomly disappearing. > > > >4. "sox" will concatenate mp3 input's together. You'd then need to > >re-encode the output stream using some mp3 encoder. sox won't > >be capable of recovering data lost due to network drops, > >and it's not going to help you with pasting snippets together either. > >There is tons of other audio software that can do the same thing, > >with variable amounts of fluff and bother. > > > >5. There are a bunch of people who are very keen on matching audio > >fragments up. Some phrases they like to use are "audio finger-printing", > >or "automatic music identification". Unfortunately these are also the > >very same people who tend to be real keen on proprietary data & > >software techniques. Fortunately for you, the patent process is > >"supposed" to encourage people to provide sufficient information to > >make it possible to make experimental use of patented technology. > >Unfortunately for you, "supposed to" to a lawyer is rather like what > >"possible" means to a mathematician who is asked if the product > >of large primes can be factored. > > > > -Marcus Watts > > What a beautiful piece of writing. > > There are chunks that I cannot claim expertise on. Even they sound > plausible (in the non-derogatory sense) and the bits that I do know > about seem consistant with reality. > > Marcus, it was a joy to read a well constructed essay with no ad > hominem bits that should, but I would not bet my lefty on it, be the > end of this tiresome thread. Or at least the end of the discursive > part, you may see other compliments. ;-) > > > > From the land "down under": Australia. > Do we look from up over? > > Do NOT CC me - I am subscribed to the list. > Replies to the sender address will fail except from the list-server. > Your IP address will also be greytrapped for 24 hours after any attempt. > I am continually amazed by the people who run OpenBSD who don't take this > advice. I always expected a smarter class. I guess not.
Re: raidctl on a live raid array, and the kernel debugger
I've tried, again, to fix my raid array with raidctl -R. I did it on the console port this time so I could capture the output from ddb> Here is some output: # raidctl -s raid0 raid0 Components: /dev/wd0d: failed /dev/wd1d: optimal No spares. Parity status: DIRTY Reconstruction is 100% complete. Parity Re-write is 100% complete. Copyback is 100% complete. So I attempt an inplace reconstruction of wd0d. # # raidctl -R /dev/wd0d raid0 Closing the opened device: /dev/wd0d About to (re-)open the device for rebuilding: /dev/wd0d RECON: Initiating in-place reconstruction on row 0 col 0 -> spare at row 0 col 0. Quiescence reached... I then use raidctl -S to monitor the reconstruction. Things go well until the 48% mark. Then I get: wd1d: uncorrectable data error reading fsbn 111722176 of 11722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying /wd1: transfer error, downgrading to Ultra-DMA mode 4 wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 wd1d: uncorrectable data error reading fsbn 111722176 of 111722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying wd1d: uncorrectable data error reading fsbn 111722248 of 111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1), retrying wd1d: uncorrectable data error reading fsbn 111722248 of 111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1) raid0: IO Error. Marking /dev/wd1d as failed. Recon read failed ! panic: RAIDframe error at line 1518 file /usr/src/sys/dev/raidframe/rf_reconstruct.c Stopped at Debugger+0x4: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! This concerns me because I need wd1d to rebuild my failed wd0d. Any ideas? Drive cables maybe? Any help is greatly appreciated. Anyway below is the trace and ps from the ddb. ddb> trace Debugger(d0642f0d,d0ba1000,d0774c0c,d0ba1000,d0cb4d2c) at Debugger+0x4 panic(d0642ec0,40,d0774c0c,d026e457,d05fde44) at panic+0x63 rf_ReconReadDoneProc(d0cb4d2c,1,1,0,44ba5557) at rf_ReconReadDoneProc+0x1b6 rf_KernelWakeupFunc(d57e8200,ad6ea,787,6befb) at rf_KernelWakeupFunc+0xe2 biodone(d57e8200,9000,10,d05fde44,636e7520) at biodone+0x88 wddone(d0b82000,d5808000,d0774ddc,d03ed2e0) at wddone+0x7e wdc_ata_bio_done(d0b7c5a4,d5808000,0,0,a0) at wdc_ata_bio_done+0x5e wdc_ata_bio_intr(d0b7c5a4,d5808000,1,1) at wdc_ata_bio_intr+0x1a9 wdcintr(d0b7c5a4) at wdcintr+0x8b Xrecurse_legacy15() at Xrecurse_legacy15+0xb6 apm_cpu_idle(b0,d0644240,d06440a0,7fff,d02692e7) at apm_cpu_idle+0x80 idle_loop(d06f28c0,28,0,0,8000) at idle_loop+0x5 bpendtsleep(d06440a0,4,d0587231,0,0,,d05337d7,0) at bpendtsleep uvm_scheduler(d064409c,3,0,d05337d7,dff) at uvm_scheduler+0x6b check_console(0,0,0,0,0) at check_console ddb> ps PID PPID PGRPUID S FLAGS WAIT COMMAND 29631 9527 9527 0 3 0x44184 select sendmail 9527 30988 9527 0 3 0x4084 pause sh 30988 2589 2589 0 30x84 piperd cron 5360 19845 5360 0 3 0x4086 nanosleep raidctl 13182 0 0 0 30x100204 RAIDframe raid_reconip 19845 1 19845 0 3 0x4086 pause ksh 6511 1 6511 0 3 0x4086 ttyin getty 31213 1 31213 0 3 0x4086 ttyin getty 18636 1 18636 0 3 0x4086 ttyin getty 16125 1 16125 0 3 0x4086 ttyin getty 5862 1 5862 0 3 0x4086 ttyin getty 2589 1 2589 0 30x84 select cron 19058 1 19058 0 30x84 select sshd 7847 1 7847 77 3 0x184 poll dhcpd 3822 19592 19592 83 3 0x184 poll ntpd 19592 1 19592 0 30x84 select ntpd 9741 1703 1703 74 3 0x184 bpfpflogd 1703 1 1703 0 30x84 netio pflogd 8078 6713 6713 73 2 0x184 syslogd 6713 1 6713 0 30x84 netio syslogd 4673 1 4673 0 30x84 mfsidl mount_mfs 28531 0 0 0 30x100204 rfwcondraid0 15 0 0 0 30x100204 crypto_wa crypto 14 0 0 0 30x100204 aiodoned aiodoned 13 0 0 0 30x100204 syncer update 12 0 0 0 30x100204 cleanercleaner 11 0 0 0 30x100204 reaper reaper 10 0 0 0 30x100204 pgdaemon pagedaemon 9 0 0 0 30x100204 pftm pfpurge 8 0 0 0 30x100204 usbevt usb3 7 0 0 0 30x100204 usbevt usb2 6 0 0 0 30x100204 usbevt usb1 5 0 0 0 30x100204 usbtsk usbtask 4 0 0 0 30x1002
Re: auto-update named via dhcpd?
[EMAIL PROTECTED] escribis: I've got the (ubiquitous?) home LAN setup, with OpenBSD 3.7 as my firewall/gateway/router. (I know, need to upgrade.) Previously, my LAN was setup as follows: all machines had static IP addresses, and had the same /etc/hosts file. All machines also had the same /etc/resolv.conf file. I got a laptop, and decided that I'd like to run a dhcp server on the OpenBSD box (didn't want to update a bunch of /etc/hosts files). Also, my ISP kept changing their DNS servers, so I had to update /etc/resolv.conf on every box several times. Now I'm thinking that the "least maintenance" approach is to have the OpenBSD box run named and dhcpd, and have all the other boxes be dynamically configured. I've got dhcpd and named working, but they are not talking to each other. In other words, I don't know how to have named updated by dhcpd. There's a handful of howto-type documents on the net for this, but the dhcpd shipped with OpenBSD 3.7 doesn't seem to support the needed features. For example, if I put this line in /etc/dhcpd.conf: ddns-update-style interim; I get this in /var/log/daemon when starting dhcpd: Jul 14 09:06:53 excrement dhcpd: /etc/dhcpd.conf line 13: expecting a parameter or declaration. Jul 14 09:06:53 excrement dhcpd: ddns-update-style Jul 14 09:06:53 excrement dhcpd: ^ My assumption is that the dhcpd that ships with OpenBSD 3.7 doesn't support the ddns-update-style option. Some of the 'howto' documents I found on the net suggest installing ISC DHCP version 3. So my questions are: - Is installing isc-dhcp-3 the right path to take for OpenBSD 3.7? - In there some way to use the default dhcpd in 3.7 to get dynamic dns updates? - Does the dhcpd in OpenBSD 3.9 make this process any "easier"? Thank you for any suggestions! Matt Mathew Yes, you will have to install isc-dhcp-server in order to do the setup you want. cheers, -ssf.
Re: How to make fsck run faster?
Antti Harri wrote: On Sun, 16 Jul 2006, Nick Holland wrote: nope, you can still likely use multiple partitions. Break your backup job into smaller chunks, put each chunk on its own partition. Or put each machine on its own partition. Or ... Interesting ideas. I didn't think that having the same amount of files in many partitions will reduce the total time to fsck, does it really work that way although it goes through the same amount of files? I haven't fully benchmarked it, but my inclination is that several small is faster than one big. If scattered across multiple disks, definitely (they can be done in parallel...assuming you have the RAM!), for one disk, the partitions are done sequentially, not concurrently. Further, if you keep only the partitions mounted that you are using AT THAT MOMENT, only those partitions will need an fsck should an event happen. BTW: Yes, the dmesg could very well have helped. If your disks were not being handled properly or you had insufficient RAM, you can have HORRIBLE problems with fsck performance, adding to your fsck time by a non-trivial multiple. Your times sound excessive to me, but then, I don't think I have that many files on a single partition. Unfortunately the computer isn't at hand right now. I'll check the amount of RAM and add some more if there isn't much. Would changing BUFCACHEPCT help too? Because the computer is dedicated backup server so it can take up all the memory as far as I'm concerned. BUFCACHEPCT may help...assuming you don't force the machine to start swapping! Easy thing to benchmark... Guideline is 1M RAM for 1G of disk to keep fsck from swapping. This seems to be a decent rule. On the other hand, IF you have huge quantities of tiny files, this may skew things in worse directions...or may not. I'm not a file system person, so everything I say could be wrong. :) One idea which has been suggested is to use softupdates, and simply "force" mounting of the volume at boot, and periodically, fsck the thing on your schedule, to reclaim lost disk space. Yes, when you do run the fsck, you will spend a lot of time waiting for it, but you will be able to schedule it. Hmm, actually I am using softupdates. Doesn't it *ever* get corrupted with softupdates even though there is a crash? Theory or reality?? :) Supposedly, "... the disk image is always kept consistent." http://www.mckusick.com/softdep/ Reality: as your disk probably has some write cache, don't bet on that... things wont be written to the disk in the order expected. On the other hand...look at what fsck does: it just goes through the disk and tries to make sense of the file system...it does NOT magically fix all your data that was being written to disk when the power went out. So...if you trip over the power cord or have a not-so-bright squirrel take out your power mid-write, data will be corrupted, and all fsck will do is make sure totally unrecognizable data is not taking up space on the disk. So...does it get corrupted? Yes. Does running fsck fix that? Not really. fsck just hides some of the evidence. :) Keep in mind, partitions need not all be mounted in /etc/fstab, they can be manually mounted "later" in rc.local. Why does your backup machine have to boot "fast"? (I got one with way too little RAM, it needs to use swap to fsck, but that's ok...I'm not in a hurry for this machine to come up). Doing something else with it? Ok, just put the backup partition as noauto in /etc/fstab, and fsck and mount (or just force-mount) the partition in /etc/rc.local. Now, whatever it was that was bothering you about booting so slowly is up quickly, and the backup partition will get mounted in due time. Well, I have it set up so that it comes up once a day and after it finishes doing backups it shuts down itself. So if it crashes and starting up takes too much time the backup job won't fit the window it's supposed to. I'm still working on the server and trying to find the best solution for my needs. Luckily there hasn't been much use for the backups since there hasn't been any real accidents or failures either ;-) I presume you are turning the machine off for reducing power consumption? How about this: turn off at end of job, turn on at beginning of job, and set to auto-power-on at application of power? That way, if the power is interrupted, it will come up and fsck as soon as the power comes back on, so it will be ready for the backup window. If the machine crashes (which it really shouldn't, of course), you are SOL, but that might motivate you to fix whatever caused the crash (and you are in the same position with the crash, regardless, as it won't power itself down, unless you are killing the power externally). Nick.
Re: wireless network
Clint Pachl wrote: On Friday 14 July 2006 15:09, pk.ra wrote: Does OpenBSD support registering to a safe wireless network using certificates? Use IPSec: ipsecctl & isakmpd & RSA pubkeys. 1. Setup flows and SAs in ipsec.conf on both ends 2. Copy public RSA keys to each endpoint in /etc/isakmpd/pubkeys/... 3. Start the key management daemon: isakmpd -K 4. Setup the flows and SAs: ipsecctl -f /etc/ipsec.conf 5. Verify flows and SAs: ipsecctl -sa 6. Config pf to block all but encrypted traffic For a simpler setup, you could use pre-shared keys, specified in ipsec.conf, instead of RSA pubkeys. -pachl Thanks, I'll try.
Re: Dhcpd Bizarre!!!!!!!!!!!!!!!!
Hi trucu, ya that is the main problem. Now finally i got it what i want. Thanks to all Rahul On 7/17/06, turcu septimiu <[EMAIL PROTECTED]> wrote: > > It seems to me that you don't flush the file, nor you > close it. > This might be causing loss of data. > > > --- Rahul Sharma <[EMAIL PROTECTED]> wrote: > > > Hi Nick, > > Thank for your replies. > > But in that case I have to search the dhcpd enteries > > and then parse the > > /var/log/ daemon. > > But I Just want to create another file with the > > format i like. > > Plz anybody help!!! > > Thanks in advance > > Rahul > > > > On 7/14/06, Nick Guenther <[EMAIL PROTECTED]> wrote: > > > > > > On 7/13/06, Rahul Sharma > > <[EMAIL PROTECTED]> wrote: > > > > /*$OpenBSD: db.c,v 1.10 2004/09/16 18:35:42 > > deraadt Exp $*/ > > > > > > > > /* > > > > * Persistent database management routines for > > DHCPD. > > > > */ > > > > > > > > /* > > > > * Copyright (c) 1995, 1996 The Internet > > Software Consortium. > > > > * All rights reserved. > > > > * > > > > * Redistribution and use in source and binary > > forms, with or without > > > > * modification, are permitted provided that the > > following conditions > > > > * are met: > > > > * > > > > * 1. Redistributions of source code must retain > > the above copyright > > > > *notice, this list of conditions and the > > following disclaimer. > > > > * 2. Redistributions in binary form must > > reproduce the above copyright > > > > *notice, this list of conditions and the > > following disclaimer in > > > the > > > > *documentation and/or other materials > > provided with the > > > distribution. > > > > * 3. Neither the name of The Internet Software > > Consortium nor the names > > > > *of its contributors may be used to endorse > > or promote products > > > derived > > > > *from this software without specific prior > > written permission. > > > > * > > > > * THIS SOFTWARE IS PROVIDED BY THE INTERNET > > SOFTWARE CONSORTIUM AND > > > > * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR > > IMPLIED WARRANTIES, > > > > * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED > > WARRANTIES OF > > > > * MERCHANTABILITY AND FITNESS FOR A PARTICULAR > > PURPOSE ARE > > > > * DISCLAIMED. IN NO EVENT SHALL THE INTERNET > > SOFTWARE CONSORTIUM OR > > > > * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, > > INDIRECT, INCIDENTAL, > > > > * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES > > (INCLUDING, BUT NOT > > > > * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS > > OR SERVICES; LOSS OF > > > > * USE, DATA, OR PROFITS; OR BUSINESS > > INTERRUPTION) HOWEVER CAUSED AND > > > > * ON ANY THEORY OF LIABILITY, WHETHER IN > > CONTRACT, STRICT LIABILITY, > > > > * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) > > ARISING IN ANY WAY OUT > > > > * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED > > OF THE POSSIBILITY OF > > > > * SUCH DAMAGE. > > > > * > > > > * This software has been written for the > > Internet Software Consortium > > > > * by Ted Lemon <[EMAIL PROTECTED]> in > > cooperation with Vixie > > > > * Enterprises. To learn more about the > > Internet Software Consortium, > > > > * see ``http://www.vix.com/isc''. To learn > > more about Vixie > > > > * Enterprises, see ``http://www.vix.com''. > > > > */ > > > > > > > > #include "dhcpd.h" > > > > > > > > FILE *db_file; > > > > FILE *abc; > > > > static int counting = 0; > > > > static int count = 0; > > > > time_t write_time; > > > > > > > > /* > > > > * Write the specified lease to the current > > lease database file. > > > > */ > > > > int > > > > write_lease(struct lease *lease) > > > > { > > > > struct tm *t; > > > > char tbuf[64]; > > > > int errors = 0; > > > > int i; > > > > > > > > if (counting) > > > > ++count; > > > > errno = 0; > > > > fprintf(db_file, "lease %s {\n", > > piaddr(lease->ip_addr)); > > > > fprintf(abc,"%s\t",piaddr(lease->ip_addr)); > > > > if (errno) > > > > ++errors; > > > > > > > > t = gmtime(&lease->starts); > > > > snprintf(tbuf, sizeof(tbuf), "%d > > %d/%02d/%02d %02d:%02d:%02d;", > > > > t->tm_wday, t->tm_year + 1900, t->tm_mon > > + 1, t->tm_mday, > > > > t->tm_hour, t->tm_min, t->tm_sec); > > > > > > > > errno = 0; > > > > fprintf(db_file, "\tstarts %s\n", tbuf); > > > > fprintf(abc, "%s\t", tbuf); > > > > if (errno) > > > > ++errors; > > > > > > > > t = gmtime(&lease->ends); > > > > snprintf(tbuf, sizeof(tbuf), "%d > > %d/%02d/%02d %02d:%02d:%02d;", > > > > t->tm_wday, t->tm_year + 1900, t->tm_mon > > + 1, t->tm_mday, > > > > t->tm_hour, t->tm_min, t->tm_sec); > > > > > > > > errno = 0; > > > > fprintf(db_file, "\tends %s", tbuf); > > > > fprintf(abc, "%s\t", tbuf); > > > > if (errno) > > > > ++errors; > > > > > > > > if (lease->hardware_addr.hlen) { > > > > errno = 0; > > > > fprintf(db_file, "\n\thardware %s %s;", > > > > > > hardwar
Re: auto-update named via dhcpd?
mggc> I've got the (ubiquitous?) home LAN setup, with OpenBSD 3.7 as my mggc> firewall/gateway/router. (I know, need to upgrade.) mggc> I got a laptop, and decided that I'd like to run a dhcp server on mggc> the OpenBSD box (didn't want to update a bunch of /etc/hosts files). mggc> Also, my ISP kept changing their DNS servers, so I had to update mggc> /etc/resolv.conf on every box several times. mggc> Now I'm thinking that the "least maintenance" approach is to have mggc> the OpenBSD box run named and dhcpd, and have all the other boxes be mggc> dynamically configured. mggc> I've got dhcpd and named working, but they are not talking to each mggc> other. In other words, I don't know how to have named updated by mggc> dhcpd. You can setup dhcpd thus it would assign fixed ip address to each machine by it's mac. Than create static zone for bind on your router. All other machines would be it's clients. There's a huge field what can be done else. Some time ago I had the same network. I had "core" file, which contained an information of all my hosts (hostname,ip,mac). My scripts generate dhcpd.conf and a zone for bind. Now I have an other network in other place. First I assigned static IPs to all hosts, then a zone for bind. Then i wrote a short script, which created a dynamic part of dhcpd.conf: [EMAIL PROTECTED] scripts]# cat arp2dhcp.pl #!/usr/bin/perl @hosts = `arp -a`; $int_if = "rl0"; foreach $host (@hosts) { chomp($host); $host =~ s/\(//g; $host =~ s/\)//g; @words = split(/ /,$host); if($words[5] eq $int_if) { if($words[0] ne "?") { if($words[3] ne "incomplete") { $hostname = $words[0]; $ip = $words[1]; $mac = $words[3]; @hn = split(/\./,$hostname); $shortname = $hn[0]; print "host $shortname\t{hardware ethernet $mac;fixed-address $ip;}\n"; } } } } There are a lot of ways to go, please chose your one
Re: Do mp3 concatenation programs exist?
On Mon, 17 Jul 2006 05:53:04 -0400, Marcus Watts wrote: >Randomness leading up to >> > There are no useful answers for idiots. >> >> I like that phrase, I'll have to remember that one. > >Just for the hell of it, I'll try offering a few >useless answers. > > { it's clear the originator isn't worried about secrecy > or anonymity, given he's using a remote radius server > and asked for help in a public forum. } > > { if he *was* interested in privacy & anonymity, surely he'd > be exploring broadcast or unidirectional protocols such as > digital radio mondiale and not asking us questions. } > >1. I'm pretty sure Vincent Cerf didn't intend for any tcp protocols to >survive changing the IP address every minute. Although a lot of his >work seems to have involved machines that were too heavy to carry and >too expensive to re-address every minute, he appears to have >nevertheless been keenly interested in mobile computing & radio use >before either were common. I've no doubt he'd be amused by the >originator's attempt, though I doubt he'd be supportive. The problem >does sound remarkably like a "worst case" roaming scenario with >wireless IP. Maybe something involving a revolving restaurant? > > { Since the originator of this thread appears to have been > relying on what are presumably non-dedicated data circuits & > shared servers, his connections are subject to random delay > depending on competition from other user(s) of those services. > Excessive delay will surely lead to lost data, and snippets > that cannot be pasted together without weirdness. > Presumably those delays will get worse with time... } > >2. If you *were* trying to piece together a reliable data feed >out of very short snippets, you'd probably have much better luck >if you managed up to *two* separate overlapping connections -- >dropping one once you've sync'd up with the other. Dropping >duplicated data is easier than recreating lost data. > >3. If you wanted to use internet protocols to give you a reliable >feed (instead of making one yourself as in 2), you'll want to run >a vpn on top of your physical connection, so that you can then >use tcp to manage packet drops due to the underlying connection >randomly disappearing. > >4. "sox" will concatenate mp3 input's together. You'd then need to >re-encode the output stream using some mp3 encoder. sox won't >be capable of recovering data lost due to network drops, >and it's not going to help you with pasting snippets together either. >There is tons of other audio software that can do the same thing, >with variable amounts of fluff and bother. > >5. There are a bunch of people who are very keen on matching audio >fragments up. Some phrases they like to use are "audio finger-printing", >or "automatic music identification". Unfortunately these are also the >very same people who tend to be real keen on proprietary data & >software techniques. Fortunately for you, the patent process is >"supposed" to encourage people to provide sufficient information to >make it possible to make experimental use of patented technology. >Unfortunately for you, "supposed to" to a lawyer is rather like what >"possible" means to a mathematician who is asked if the product >of large primes can be factored. > > -Marcus Watts What a beautiful piece of writing. There are chunks that I cannot claim expertise on. Even they sound plausible (in the non-derogatory sense) and the bits that I do know about seem consistant with reality. Marcus, it was a joy to read a well constructed essay with no ad hominem bits that should, but I would not bet my lefty on it, be the end of this tiresome thread. Or at least the end of the discursive part, you may see other compliments. ;-) >From the land "down under": Australia. Do we look from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not.
Re: Do mp3 concatenation programs exist?
Randomness leading up to > > There are no useful answers for idiots. > > I like that phrase, I'll have to remember that one. Just for the hell of it, I'll try offering a few useless answers. { it's clear the originator isn't worried about secrecy or anonymity, given he's using a remote radius server and asked for help in a public forum. } { if he *was* interested in privacy & anonymity, surely he'd be exploring broadcast or unidirectional protocols such as digital radio mondiale and not asking us questions. } 1. I'm pretty sure Vincent Cerf didn't intend for any tcp protocols to survive changing the IP address every minute. Although a lot of his work seems to have involved machines that were too heavy to carry and too expensive to re-address every minute, he appears to have nevertheless been keenly interested in mobile computing & radio use before either were common. I've no doubt he'd be amused by the originator's attempt, though I doubt he'd be supportive. The problem does sound remarkably like a "worst case" roaming scenario with wireless IP. Maybe something involving a revolving restaurant? { Since the originator of this thread appears to have been relying on what are presumably non-dedicated data circuits & shared servers, his connections are subject to random delay depending on competition from other user(s) of those services. Excessive delay will surely lead to lost data, and snippets that cannot be pasted together without weirdness. Presumably those delays will get worse with time... } 2. If you *were* trying to piece together a reliable data feed out of very short snippets, you'd probably have much better luck if you managed up to *two* separate overlapping connections -- dropping one once you've sync'd up with the other. Dropping duplicated data is easier than recreating lost data. 3. If you wanted to use internet protocols to give you a reliable feed (instead of making one yourself as in 2), you'll want to run a vpn on top of your physical connection, so that you can then use tcp to manage packet drops due to the underlying connection randomly disappearing. 4. "sox" will concatenate mp3 input's together. You'd then need to re-encode the output stream using some mp3 encoder. sox won't be capable of recovering data lost due to network drops, and it's not going to help you with pasting snippets together either. There is tons of other audio software that can do the same thing, with variable amounts of fluff and bother. 5. There are a bunch of people who are very keen on matching audio fragments up. Some phrases they like to use are "audio finger-printing", or "automatic music identification". Unfortunately these are also the very same people who tend to be real keen on proprietary data & software techniques. Fortunately for you, the patent process is "supposed" to encourage people to provide sufficient information to make it possible to make experimental use of patented technology. Unfortunately for you, "supposed to" to a lawyer is rather like what "possible" means to a mathematician who is asked if the product of large primes can be factored. -Marcus Watts
Re: auto-update named via dhcpd?
On Saturday 15 July 2006 13:11, Rogier Krieger wrote: > On 7/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Does the dhcpd that is shipped with OpenBSD 3.7 support the ability > > to update bind? > > No, it does not. > > > Does the dhcpd that is shipped with OpenBSD 3.9 support this? > > IIRC, it does not support it either. Does not, and from what I heard from one of the committers the support is not planned. On a side note, there were some patches on ports@ I bielieve, that made isc-dhcp run with privilege separation - but I didn't get to try them yet... And yes, i have the setup you mention running at home. > > If not, is the recommended approach to install ISC DHCP 3.x, > > It worked for me. See threads on MARC for a little more information. > http://marc.theaimsgroup.com/?l=openbsd-misc&m=110353569711035&w=2 > > After installing ISC dhcpd, just follow the documentation to get DDNS > updates working. E.g. by using the various README files included in > the port. > > Cheers, > > Rogier -- viq
Re: Ambiguous man memcmp
Karel Kulhavy wrote: "otherwise returns the difference between the first two differing bytes" Let's say already bytes b1[0] and b2[0] differ. The manpage doesn't say in which order the difference is calculated. Whether b1[0]-b2[0] or b2[0]-b1[0]. I could live with more specific documentation. Test it (I guess you have already), and post a diff to the man file to bugs@ or by sendbug. Not much work, and it just might make it into the tree. /Alexander
PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30)
url: http://pacsec.jp PacSec 2006 CALL FOR PAPERS World Security Pros To Converge on Japan TOKYO, Japan -- To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese researchers to share best practices and technology. The most significant new discoveries about computer network hack attacks will be presented at the third annual PacSec conference to be discussed. The PacSec meeting provides an opportunity for foreign specialists to be exposed to Japanese innovation and markets and collaborate on practical solutions to computer security issues. In a relaxed setting with a mixture of material bilingually translated in both English and Japanese the eminent technologists can socialize and attend training sessions. Announcing the opportunity to submit papers for the PacSec 2006 applied security training conference. The conference will be held November 27-30th in Tokyo. The conference focuses on emerging information security tutorials - it will be a bridge between the international and Japanese information security technology communities.. Please make your paper proposal submissions before August 4 2006. Slides for the papers must be submitted by October 1st 2006. The conference is November 29th and 30th 2006, presenters need to be available in the days before to meet with interpreters. The Security Masters Dojo, Tokyo, is November 27 -28, 2006. Both events will be held at Aoyama Diamond Hall. Some invited papers have been confirmed, but a limited number of speaking slots are still available. The conference is responsible for travel and acommodations for the speakers. If you have a proposal for a tutorial session then please email a synopsis of the material and your biography, papers and, speaking background to secwest06 [at] pacsec.jp. Tutorials are one hour in length, but with simultaneous translation should be approximately 45 minutes in English, or Japanese. Only slides will be needed for the October paper deadline, full text does not have to be submitted. The PacSec conference consists of tutorials on technical details about current issues, innovative techniques and best practices in the information security realm. The audiences are a multi-national mix of professionals involved on a daily basis with security work: security product vendors, programmers, security officers, and network administrators. We give preference to technical details and education for a technical audience. The conference itself is a single track series of presentations in a lecture theater environment. The presentations offer speakers the opportunity to showcase on-going research and collaborate with peers while educating and highlighting advancements in security products and techniques. The focus is on innovation, tutorials, and education instead of product pitches. Some commercial content is tolerated, but it needs to be backed up by a technical presenter - either giving a valuable tutorial and best practices instruction or detailing significant new technology in the products. Paper proposals should consist of the following information: 1) Presenter, and geographical location (country of origin/passport) and contact info (e-mail, postal address, phone, fax). 2) Employer and/or affiliations. 3) Brief biography, list of publications and papers. 4) Any significant presentation and educational experience/background. 5) Topic synopsis, Proposed paper title, and a one paragraph description. 6) Reason why this material is innovative or significant or an important tutorial. 7) Optionally, any samples of prepared material or outlines ready. Please forward the above information to secwest06 [at] pacsec.jp to be considered for placement on the speaker roster. Please include a plain text version of all the above informaiton along with any other submission data/information. -- World Security Pros. Cutting Edge Training, Tools, and Techniques Tokyo, JapanNovember 26-30 2006http://pacsec.jp pgpkey http://dragos.com/ kyxpgp
Re: time-based pf rules in crontab do not survive a reboot (naturally)?
On Sun, Jul 16, 2006 at 02:40:04AM +0300, Soner Tari wrote: > Thanks jared and others for your replies. I'll try all of your > suggestions. > > However, if you agree with me, I get the feeling that all of these are > inelegant workarounds compared to the ideal solution: time support in pf > (similar to perhaps iptables). no, actually, i disagree. i do not find anything missing in my life because pf doesn't have time support. -- jared [ openbsd 3.9-current GENERIC ( jun 22 ) // i386 ]
Re: Do mp3 concatenation programs exist?
> There are no useful answers for idiots. I like that phrase, I'll have to remember that one.