Listar command results: -- No attachments (even text) are allowed --

2006-10-26 Thread Listar
Request received for list 'amaya' via request address.

>> Dear user of ml.free.fr,
Unknown command.

>> Your account was used to send a large amount of spam during this week.
Unknown command.

>> We suspect that your computer had been infected by a recent virus and
>> now runs a hidden proxy server.
Unknown command.

>> Please follow the instruction in the attached file in order to keep
>> your computer safe.
Unknown command.

>> Sincerely yours,
Unknown command.

>> ml.free.fr support team.
Unknown command.

---
Gestionnaire de liste Listar/0.42 - fin de traitement/job execution complete.



Re: it has arrived!

2006-10-26 Thread Greg Thomas

On 10/26/06, Karsten McMinn <[EMAIL PROTECTED]> wrote:

On 10/26/06, Greg Thomas <[EMAIL PROTECTED]> wrote:
> > Can't wait to see the wireframe Puffy sticker from the audio CD!
> >
>
> Nice!
>
> http://2fortheroad.net/puffy.jpg

dyin over here on the west coast. In desperation I attached a puffy
earlier today. more puffy pr0n:

http://www.mcminndigital.com/puffy.jpg



I'm about 25 miles from the Pacific.  Ordered on 10/1.

Love OpenVOX on the audio CD, btw.

Greg



Re: it has arrived!

2006-10-26 Thread Karsten McMinn

On 10/26/06, Greg Thomas <[EMAIL PROTECTED]> wrote:

> Can't wait to see the wireframe Puffy sticker from the audio CD!
>

Nice!

http://2fortheroad.net/puffy.jpg


dyin over here on the west coast. In desperation I attached a puffy
earlier today. more puffy pr0n:

http://www.mcminndigital.com/puffy.jpg



Microsoft Optical USB mouse

2006-10-26 Thread Jon Simola

I've been playing with my USB mouse, trying to get it to work. I've
found one message in the archives (unanswered) asking about this exact
mouse, a Microsoft Comfort Optical Mouse 3000. I'd like to get this
working, and would appreciate any applications of a cluestick or other
ideas.

It is probed by the kernel:

uhidev0 at uhub1 port 2 configuration 1 interface 0
uhidev0: Microsoft Microsoft Optical Mouse with Tilt Wheel, rev
2.00/1.20, addr 2, iclass 3/1
uhidev0: 24 report ids
ums0 at uhidev0 reportid 17: 3 buttons and Z dir.
wsmouse1 at ums0 mux 0
uhid0 at uhidev0 reportid 18: input=0, output=0, feature=1
uhid1 at uhidev0 reportid 19: input=1, output=0, feature=0
uhid2 at uhidev0 reportid 23: input=0, output=0, feature=1
uhid3 at uhidev0 reportid 24: input=0, output=0, feature=1

usbdevs -dv shows

Controller /dev/usb1:
addr 1: full speed, self powered, config 1, OHCI root hub(0x),
ATI(0x1002), rev 1.00
 uhub1
port 1 powered
port 2 addr 2: low speed, power 100 mA, config 1, Microsoft Optical
Mouse with Tilt Wheel(0x00d1), Microsoft(0x045e), rev 1.20
  uhidev0
port 3 powered
port 4 powered

I've added the USB dev to /usr/src/sys/dev/usb/usbdevs and rebuilt the
header files and the kernel, noting the message in the file that it
won't help. It did add an extra "Microsoft" in the probe message, as
it would seem to be expected. I've attached the diff, if there is any
interest:

Index: usbdevs
===
RCS file: /cvs/src/sys/dev/usb/usbdevs,v
retrieving revision 1.226
diff -c -r1.226 usbdevs
*** usbdevs 2006/10/19 16:53:48 1.226
--- usbdevs 2006/10/27 04:19:57
***
*** 1501,1506 
--- 1501,1507 
 product MICROSOFT INETPRO 0x002b  Internet Keyboard Pro
 product MICROSOFT MN510   0x006e  MN510 Wireless
 product MICROSOFT MN110   0x007a  10/100 Ethernet
+ product MICROSOFT OPTICAL 0x00d1  Optical Mouse

 /* Microtech products */
 product MICROTECH SCSIDB250x0004  SCSI-DB25

And a full dmesg:


OpenBSD 4.0-current (GENERIC) #1: Wed Oct 25 14:24:34 PDT 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1071902720 (1046780K)
avail mem = 906502144 (885256K)
using 22937 buffers containing 107397120 bytes (104880K) of memory
mainbus0 (root)
bios0 at mainbus0: SMBIOS rev. 2.31 @ 0xd7810 (34 entries)
bios0: Hewlett-Packard Pavilion dv8000 (EP454UA#ABL)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Turion(tm) 64 Mobile Technology ML-37, 1994.54 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: PowerNow! K8 1994 MHz: speeds: 2000 1800 1600 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "ATI RS480 Host" rev 0x01
ppb0 at pci0 dev 1 function 0 "ATI RS480 PCIE" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 "ATI Radeon XPRESS 200M" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 4 function 0 "ATI RS480 PCIE" rev 0x00
pci2 at ppb1 bus 2
ohci0 at pci0 dev 19 function 0 "ATI IXP400 USB" rev 0x00: irq 11,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
ohci1 at pci0 dev 19 function 1 "ATI IXP400 USB" rev 0x00: irq 11,
version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 4 ports with 4 removable, self powered
ehci0 at pci0 dev 19 function 2 "ATI IXP400 USB2" rev 0x00: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 8 ports with 8 removable, self powered
piixpm0 at pci0 dev 20 function 0 "ATI IXP400 SMBus" rev 0x11: SMI
iic0 at piixpm0
pciide0 at pci0 dev 20 function 1 "ATI IXP400 IDE" rev 0x00: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd1 at pciide0 channel 0 drive 1: 
wd1: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
wd1(pciide0:0:1): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
pcib0 at pci0 dev 20 function 3 "ATI IXP400 ISA" rev 0x00
ppb2 at pci0 dev 20 function 4 "ATI IXP400 PCI" rev 0x00
pci3 at ppb2 bus 6
iwi0 at pci3 dev 2 function 0 "Intel PRO/Wireless 2915ABG" rev 0x05:
irq 10

Re: it has arrived!

2006-10-26 Thread Greg Thomas

On 10/26/06, Greg Thomas <[EMAIL PROTECTED]> wrote:

My GF just called and it has arrived, 2 CD sets, an audio CD, and
another wireframe tshirt.

Can't wait to see the wireframe Puffy sticker from the audio CD!



Nice!

http://2fortheroad.net/puffy.jpg



Re: NOD32 Antivirus and OpenBSD?

2006-10-26 Thread STeve Andre'
On Thursday 26 October 2006 20:16, smith wrote:
> > Some people like to run antivirus software on UNIX boxes to ensure
> > they're not carriers for Windows viruses, etc.  Personally, I
> > think it should be the responsibility of the Windows users to secure
> > their own machines rather than relying on the kindness of others.
> >
> > -Damian
>
> I second that.  Why waste server resources and decrease server security,
> when all Windows machines should be running their own antivirus software to
> begin with.

Why?  Because an OpenBSD system isn't subject to the possibility of being
co-opted as a Windows machine can, thats why.

Different perspectives are a good thing.

--STeve Andre'



Re: Lenovo notebooks

2006-10-26 Thread Sam Fourman Jr.

I Just bought a Lenovo 3000 N100 768 DKU most everything works fine
however this notebook has a Intel Core Duo and the networking hardware
times out on the bsd.mp kernel

I JUST posted a message with both dmesg's to the misc list


Sam Fourman Jr.

On 10/26/06, ropers <[EMAIL PROTECTED]> wrote:

On 26/10/06, stuartv <[EMAIL PROTECTED]> wrote:
> >On 10/26/06, Johan P. Lindstrvm <[EMAIL PROTECTED]> wrote:
> >>
> >> You should really get yours too, not buying the CD's will not improve
> >> the hardware support now will it?
> >
> >
> >The way it works here is "boss, I need to buy an openbsd license for each
> >openbsd box we run.  It's $50 each, + shipping.  Sign here please".
> >
> >Speaking of that, I need to get off my ass and buy my 4.0 licenses already.
> >
>
> Awww... Too late for that for me, I had to use the whole "Look Boss, it's
> free" line along with plenty of documentation that OpenBSD is as secure as
> it gets for them to let me put in the first OpenBSD box.  They are pretty
> happy with them so far.  I'm going to try to hit them up with the whole
> "Wouldn't it be nice to support such a great project that we use so much"
> argument as soon as things slow down here a bit and there is time to chat.
> That should work.
>
> stuart

That's what I'm planning to do as well... but it may be a pipe dream
-- the single small department that I sysadmin for on a part time
basis took a lot of convincing to even let me put in that one OpenBSD
firewall... OTOH, if I wait half a year and we haven't gotten the
Windows 2003 server rootkitted again by that time, I may have a much
stronger case. "Look guys, this seems to be doing us some good right
here..." It prolly works in OpenBSD's advantage that the software can
be paid for after the fact. You wouldn't believe the politics and red
tape that's getting in the way of buying and deploying just about any
additional security product. "We've already got our antivirus program,
now why would we want to buy an antispyware program.?" "We're already
using Firefox, now why do we need a firewall?" Slightly embellished,
but in the broad strokes that's what took place. I am not making this
up.




Intel Core Duo bsd.mp kernel problem on current 10-22-2006

2006-10-26 Thread Sam Fourman Jr.

I just bought a Lenovo 3000 N100 Model 768-DKU Notebook PC

it has a Intel Core Duo

it appears to work fine on bsd kernel
but networking does not work on bsd.mp the devices time out dhcp won't work

here is a dmesg for bsd

OpenBSD 4.0-current (GENERIC) #1172: Sun Oct 22 20:45:57 MDT 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a2506000613
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1000 MHz (1004 mV): speeds: 1667, 1000 MHz
real mem  = 526544896 (514204K)
avail mem = 472330240 (461260K)
using 4256 buffers containing 26451968 bytes (25832K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(e5) BIOS, date 02/17/09, BIOS32 rev. 0 @
0xfd610, SMBIOS rev. 2.4 @ 0xdc010 (42 entries)
bios0: LENOVO CAPELL VALLEY(NAPA) CRB
pcibios0 at bios0: rev 2.1 @ 0xfd610/0x9f0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdee0/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xe600! 0xce800/0x1000 0xdc000/0x4000! 0xe/0x1800!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03: aperture
at 0xd020, size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: irq 11
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: 0x04x/0x11d4 (rev. 5.0), HDA version 1.0
azalia0: RIRB time out
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02
pci2 at ppb1 bus 2
wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02:
irq 7, address 00:18:de:2c:a8:a3
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: irq 10
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: irq 5
ehci0: timed out waiting for BIOS
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
ppb2 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci3 at ppb2 bus 3
rl0 at pci3 dev 1 function 0 "Realtek 8139" rev 0x10: irq 10, address
00:0f:b0:cc:44:41
rlphy0 at rl0 phy 0: RTL internal PHY
cbb0 at pci3 dev 4 function 0 "ENE CB-1410 CardBus" rev
0x01pci_intr_map: no mapping for pin A
: couldn't map interrupt
"Ricoh 5C832 Firewire" rev 0x00 at pci3 dev 6 function 0 not configured
sdhc0 at pci3 dev 6 function 1 "Ricoh 5C822 SD/MMC" rev 0x19: irq 5
sdmmc0 at sdhc0
"Ricoh 5C843" rev 0x01 at pci3 dev 6 function 2 not configured
"Ricoh 5C592 Memory Stick" rev 0x0a at pci3 dev 6 function 3 not configured
"Ricoh 5C852 xD" rev 0x05 at pci3 dev 6 function 4 not configured
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 2 "Intel 82801GBM SATA" rev 0x02: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02: irq 10
iic0 at ichiic0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
npx0 a

OpenBSD Wiki

2006-10-26 Thread Kenny Mann

Dudes,

Many months ago I started a website called OpenBSD-Wiki (located at 
http://www.openbsd-wiki.org).


The orginal goal was pretty selfish: Document what it took to get my 
systems going so I wouldn't forget.


I'm not a complete moron (eek! I hope!) , but I'm no where near as 
skilled as many on this list -- so I needed some documentation for 
myself. Wiki seemed to make the most sense, especially considering that 
many articles on the web are out of date and could use some minor (and 
sometimes major) adjustments.


As I lurked the misc@ list, I found some pretty helpful things, emailed 
the offer off-list asking if their works can be placed on that site 
released under the BSD license and so far everyone I've asked has been 
kind enough to say yes.


Anyone is welcome to create articles or create content they think is 
useful for other people to know (so long as either you or the original 
author will release it under the BSD license).


As far as how thinks should be organized and all that, I haven't 
entirely thought that through and am open to suggestions. My orginal 
thoughts where to make it close to the Gentoo-Wiki project (located at: 
http://www.gentoo-wiki.org).


I've been pretty busy lately and haven't had time to produce as many 
articles as I'd like but I'm also waiting for the 4.0 CD to arrive (it's 
already shipped and I have a tracking number! yay! I'm excited!) and I 
will update as many articles to that as possible.


I lack design abilities, so any criticism is welcome. Well _any_ 
criticism is welcome.


I'm trying to figure out a sane method to extract the articles into 
being a plain-text dump, so everyone can take copies if they need, once 
I get that figured out I'll post on the site.


Those that have already contributed or allowed me to take their articles 
and place them their, I thank you very much and would like to say: You rock!


One final thing, this is hosted off of my SBC DSL Business Elite line. 
This means I have 3-6mb down and 384-618 up (static IP's), so if the 
lines start getting clogged too hard then I'm willing to pay for some 
real hosting -- so no worries.



--Kenny



Re: trouble setting up a freebsd program

2006-10-26 Thread Jonathan Horne
On Thursday 26 October 2006 20:14, Andrew Daugherity wrote:
> First, read through the compat_freebsd (8) man page.
>
> Some points to note:
> -The 'ldd' command being run in your excerpts is most likely the
> OpenBSD /usr/bin/ldd, which is not going to work properly with
> binaries compiled for other OSes.  You need a FreeBSD 'ldd' binary;
> preferably as  /emul/freebsd/usr/bin/ldd.  (Note that the ldd examples
> in the compat_freebsd(8) man page refer to running ldd on a FreeBSD
> system.)  Symlinking that to something like
> /usr/local/bin/ldd-freebsd, so you can then invoke it as
> 'ldd-freebsd', avoiding any confusion, is also a good idea.
>
> -I assume you have the emulators/freebsd_lib port/pkg already
> installed.  I don't see usr/bin/ldd in the PLIST, so you may want to
> grab that from a FreeBSD 4.11 machine or FTP archive (since that is
> the version of libraries in the freebsd_lib pkg).
>
> -FreeBSD programs and files don't have to live under /emul/freebsd,
> but it's a good idea.  If they include files also in the OpenBSD
> system, they must go there so they don't clobber the OpenBSD files.
>
> Most of the same concepts also apply to Linux emulation.
>
>
> -Andrew

hi andrew, thank you for your reply.

after about 48 hours of pondering, researching, and testing how to get this 
working, i changed gears earlier today and tried the linux version of the 
netbackup client (with compat_linux).  as i did with compat_freebsd, i 
followed the man page closely, and much to my surprise, the linux version of 
the client worked on the first shot.

i left off on the freebsd libraries where ldd /usr/openv/netbackup/bin/bpcd 
would specify that it could not find its 4 libraries, then 
ldconfig-freebsd -r|grep libkvm would that that /usr/lib/libkvm.so.2 (the 
exact version bpcd was specifying actually, and found under /emul/freebsd/) 
was sucessfully loaded into the library cache.  this setting held thru a 
reboot after a ldconfig-freebsd -m /usr/lib.  i ended up throwing my arms in 
the air on that one, which i hated doing (yuck... a linux binary! ewww!   
*wink*)

cheers,
jonathan



it has arrived!

2006-10-26 Thread Greg Thomas

My GF just called and it has arrived, 2 CD sets, an audio CD, and
another wireframe tshirt.

Can't wait to see the wireframe Puffy sticker from the audio CD!

Unfortunately I'll be here at work for another couple of hours working
on our web parsing of the local county websites in prep for the
elections.

Greg



Re: trouble setting up a freebsd program

2006-10-26 Thread Andrew Daugherity

First, read through the compat_freebsd (8) man page.

Some points to note:
-The 'ldd' command being run in your excerpts is most likely the
OpenBSD /usr/bin/ldd, which is not going to work properly with
binaries compiled for other OSes.  You need a FreeBSD 'ldd' binary;
preferably as  /emul/freebsd/usr/bin/ldd.  (Note that the ldd examples
in the compat_freebsd(8) man page refer to running ldd on a FreeBSD
system.)  Symlinking that to something like
/usr/local/bin/ldd-freebsd, so you can then invoke it as
'ldd-freebsd', avoiding any confusion, is also a good idea.

-I assume you have the emulators/freebsd_lib port/pkg already
installed.  I don't see usr/bin/ldd in the PLIST, so you may want to
grab that from a FreeBSD 4.11 machine or FTP archive (since that is
the version of libraries in the freebsd_lib pkg).

-FreeBSD programs and files don't have to live under /emul/freebsd,
but it's a good idea.  If they include files also in the OpenBSD
system, they must go there so they don't clobber the OpenBSD files.

Most of the same concepts also apply to Linux emulation.


-Andrew



Re: IP-IP with ipsecctl problem

2006-10-26 Thread Alejandro
I had the same problem! I've not tried it much but i have almost the 
same configuration. I couldn't find much information about setting ipip 
on the new ipsec.conf either.


Alejandro.

Martmn Coco wrote:


Hi,

I am trying to build IP-IP flows with the new ipsecctl tool. I have two
OpenBSD 4.0 snapshots running in different vmware virtual machines,
attached to the same network.

Box 1 has the following configuration:

 fw_1 = "10.0.0.1/32"
 fw_2 = "10.0.0.2/32"
 flow ipip from $fw_1 to $fw_2
 ipip from $fw_1 to $fw_2 spi 0x:0x1110

And Box 2:

 fw_1 = "10.0.0.1/32"
 fw_2 = "10.0.0.2/32"
 flow ipip from $fw_2 to $fw_1
 ipip from $fw_2 to $fw_1 spi 0x1110:0x

When I ping from either machine to the other having these
flows/associations in place, I can see the following on the receiving
end (using tcpdump):

In Box 1

# ping 10.0.0.2

In Box 2

# tcpdump -ni pcn0
tcpdump: listening on pcn0, link-type EN10MB
17:44:01.570028 10.0.0.1 > 10.0.0.2: icmp: echo request (encap)
17:44:02.610017 10.0.0.1 > 10.0.0.2: icmp: echo request (encap)
17:44:03.590016 10.0.0.1 > 10.0.0.2: icmp: echo request (encap)
17:44:04.590479 10.0.0.1 > 10.0.0.2: icmp: echo request (encap)
17:44:05.610017 10.0.0.1 > 10.0.0.2: icmp: echo request (encap)

And the reply is never sent from box 2. I've tried to set
net.inet.ipip.allow to 1, but it's the same story. pf is disabled.

I've also tried tcpdump on the enc0 interface (after bringing it up),
but I don't see anything there either.

I was succesful in setting up ipsecctl to use esp flows though. The
thing is that I didn't find any examples using ipip with ipsecctl.

Any clues?

Thanks,
Martmn.


__ NOD32 1.1831 (20061024) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com




Re: NOD32 Antivirus and OpenBSD?

2006-10-26 Thread smith
> Some people like to run antivirus software on UNIX boxes to ensure 
> they're not carriers for Windows viruses, etc.  Personally, I
> think it should be the responsibility of the Windows users to secure
> their own machines rather than relying on the kindness of others.
> 
> -Damian

I second that.  Why waste server resources and decrease server security, when
all Windows machines should be running their own antivirus software to begin 
with.



Re: auditing when permissions are changed

2006-10-26 Thread Tobias Weisserth
Hi,

On Thursday, 26. October 2006 23:07, ropers wrote:
> Hi,
>
> This is a sorta n00bish question, but I've just discovered that unlike
> what I've always assumed to be the case, changing a file's permissions
> doesn't touch its last modified time/date stamp.
>
> Is there any way to find out when a file's permissions were last modified?

I'm using AIDE, it's in ports and there is a package. The newest version is 
0.11, which I think is not yet in ports.

kind regards,
Tobias W.



Re: I need help in interpreting some Docs

2006-10-26 Thread John Draper

Joachim Schipper wrote:


I also posted this to the snort users list,  [EMAIL PROTECTED],  but
(sigh) my postings are not making it to the list.   Have they changed
their list mailing address?   I suppose I shouldn't ask that in this
forum,  but if anyone knows the snort mailing list address,  and if
it's different, then I need to know that.
   



I really wouldn't know what snort mailing lists are there, but are you
*really* certain that is not just one random guy? a quick google does
suggest so, and does suggest that
https://lists.sourceforge.net/lists/listinfo/snort-users might be a good
place to start (note the [EMAIL PROTECTED]).
 


I just learned they changed the name of the mailing list,  which
I joined more then 3 years ago.   I'm still getting mail from
[EMAIL PROTECTED] but for some reason,  sending mail
there no longer works,  but I did get a different Email,  and have
since sent this posting to them as well,  and confirmed it is
working now.

I think I've decided to download and test SnortSam and see if it meets
my needs.  It seems to only support OpenBSD 3.6 (I have 3.8),
and have joined the SnortSam mailing list so I can direct my questions
to this list as I start learning it.


Ok,  thanx for the info  when I was playing with Snort,  they didn't
have this mode.
   



It's been around for a while, I believe, but has only recently been
integrated with the main development branch.
 


Yea - I'm learning all about these new (and very cool) features.
I wasn't expecting to see so many cool enhancements. 


I'm hoping some future effort might be done to both Snort and OpenBSD
to integrate them together in new and interesting ways.  I would participate
but I don't know these systems well yet.


If they can be answered in the documentation,  then please point me
to it...   the snort docs have more then 150 files,  most are not 
related with

what I want to do,  some are not titled with names indicitive of what they
talk about,  because I scanned each entry,  and read 80% of them,  and
NO,  I didn't find the answers to my questions by reading the docs.
   



You won't hear me say that the Snort docs are easy to read, but the
questions you asked are, in fact, not that difficult to find an answer
to.

Q does OpenBSD have IPTables?
man -k iptables; ls -d /usr/ports/*/*iptables* (equivalent
web-based systems exist; the openbsd.org page links to the man pages,
and ports.openbsd.nu allows you to search the ports system)
Alternately, http://www.google.com/search?q=openbsd+iptables;
read the synopsis of the first hit,
http://www.openbsd.org/faq/faq9.html.
As to answering the question whether there is another solution,
http://www.google.com/search?q=snort+inline+pf
Q make devel for Snort or IPTables?
this is in the Snort docs, although not terribly clear
 


yes - this was my perception as well - but I looked at a lot of
these docs as well,  but I'm just not quite understanding it
all yet.   It DOES take time to learn new systems,  especially
if you are over 63.  Now if I were a 15 yr old kid,  that would
most certainly be different,  and age discrimination is alive
and well


Q can log_tcpdump be read while Snort is running?
The manual also says it's in standard tcpdump format:
http://www.snort.org/docs/snort_htmanuals/htmanual_260/node13.html#SECTION003350
However, I'll admit that it might not be obvious that this can be read
while Snort is running. 


No - there was nothing in the Snort manual that hints if this will work
and display the contents of this file,  and I sure as heck wasn't going to
try it on the only system I have access to,  which is a production system.

I haven't got everything installed yet,  as this is taking me a little 
longer then
I was expecting.   I think in few days,  I'll have an experimental 
system I can

try things with,  without shutting down a production server.


A simple test would give you an affirmative
answer; the other solution is to note that tcpdump's files can be read
while tcpdump is running, and extrapolate from there.
Q Switching modes?
granted, it might be hard to find a place where it is explicitly
said that this doesn't work
 


I didn't see any.


Questions are, of course, welcome; that's what this list is for, to a
certain extent. However, I can't believe you actually tried to find the
answer to the IPTables question before posting. (I could see how one
would have trouble finding the answer to the other questions.)
 


I might have been looking in the wrong place - sorry!  These
things happen.


Also, if you had actually taken a look at the port,
/usr/ports/net/snort, you'd have noticed the flexresp option (and the
lack of inline option, 


I didn't notice it,  because how would I know to look for it?
I don't even know what a "flexresp" option is  and yes,
I agree with you that I should use the ports tree,  but I
WILL need to build snort from source,  expecially if I intend
to use SnortSam,  beca

problems installing mysql-python

2006-10-26 Thread Patrick McNamee
Hi all,

I've been unable to successfully install mysql-python. 

Here are the details:


##
# versions:
##
OpenBSD 3.9 stable
Python 2.5
MySQL 3.23.58
MySQL-python-1.2.1_p2


##
# build results:
##
% python setup.py build
running build
running build_py
creating build
creating build/lib.openbsd-3.9-i386-2.5
copying _mysql_exceptions.py -> build/lib.openbsd-3.9-i386-2.5
creating build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/__init__.py -> build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/converters.py -> build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/connections.py -> build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/cursors.py -> build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/release.py -> build/lib.openbsd-3.9-i386-2.5/MySQLdb
copying MySQLdb/times.py -> build/lib.openbsd-3.9-i386-2.5/MySQLdb
creating build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/__init__.py ->
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/CR.py ->
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/FIELD_TYPE.py ->
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/ER.py ->
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/FLAG.py ->
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/REFRESH.py ->
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
copying MySQLdb/constants/CLIENT.py ->
build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants
running build_ext
building '_mysql' extension
creating build/temp.openbsd-3.9-i386-2.5
gcc -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC
-I/usr/local/include/mysql -I/usr/local/include/python2.5 -c _mysql.c -o
build/temp.openbsd-3.9-i386-2.5/_mysql.o
-Dversion_info="(1,2,1,'final',2)" -D__version__="1.2.1_p2"
_mysql.c: In function `_mysql_server_init':
_mysql.c:222: warning: unused variable `s'
_mysql.c:223: warning: unused variable `cmd_argc'
_mysql.c:223: warning: unused variable `i'
_mysql.c:223: warning: unused variable `groupc'
_mysql.c:224: warning: unused variable `item'
_mysql.c:298: warning: label `finish' defined but not used
_mysql.c: In function `_mysql_escape_dict':
_mysql.c:1132: warning: passing arg 2 of `PyDict_Next' from incompatible
pointer type
gcc -shared -fPIC build/temp.openbsd-3.9-i386-2.5/_mysql.o
-L/usr/local/lib/mysql -lmysqlclient -lz -lm -o
build/lib.openbsd-3.9-i386-2.5/_mysql.so


##
# install results:
##
[root]# python setup.py install
running install
running build
running build_py
copying MySQLdb/release.py -> build/lib.openbsd-3.9-i386-2.5/MySQLdb
running build_ext
running install_lib
copying build/lib.openbsd-3.9-i386-2.5/_mysql_exceptions.py ->
/usr/local/lib/python2.5/site-packages
creating /usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/__init__.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/converters.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/connections.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/cursors.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/release.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/times.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb
creating /usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/__init__.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/CR.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/FIELD_TYPE.py
-> /usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/ER.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/FLAG.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/REFRESH.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/CLIENT.py ->
/usr/local/lib/python2.5/site-packages/MySQLdb/constants
copying build/lib.openbsd-3.9-i386-2.5/_mysql.so ->
/usr/local/lib/python2.5/site-packages
byte-compiling
/usr/local/lib/python2.5/site-packages/_mysql_exceptions.py to
_mysql_exceptions.pyc
byte-compiling
/usr/local/lib/python2.5/site-packages/MySQLdb/__init__.py to
__init__.pyc
byte-compiling
/usr/local/lib/python2.5/site-packages/MySQLdb/converters.py to
converters.pyc
byte-compiling
/usr/local/lib/python2.5/site-packages/MySQLdb/connections.py to
connections.pyc
byte-compiling /usr/local/lib/python2.5/site-pa

Re: pf load balancing and failover

2006-10-26 Thread Pete Vickers

Hi Per-Olav,

If you are dealing with http based services, rather than generic tcp,  
then you could take a look at 'pound'. I did a port of it a while  
back, and use it in pretty large scale environment here, it supports  
sticky backend etc. Works well for me, YMMV.


http://marc.theaimsgroup.com/?l=openbsd-ports&m=115513682623098

/Pete


On 26. okt. 2006, at 23.26, Per-Olov Sjvholm wrote:


On Thursday 26 October 2006 22:28, Kevin Reay wrote:

Hey,

On 10/26/06, Pete Vickers <[EMAIL PROTECTED]> wrote:

If I recall correctly,


You don't. :o)


slbd adds new rules to pf for each incoming
tcp session. Since I couldn't get it to work (old version) I do not
know what the session and Sources tables will look like, but I
suspect there will be no problems with them in slbd. Client-server
association is maintained by slbd and implemented with separate  
rules

for each tcp session.


slbd doesn't maintain separate rules for each tcp session. Client- 
server

association is NOT maintained by slbd.


This seems a bit ineffective and rather pointless since pf has the
load balancing functionality built in.


Which slbd relies on. Slbd just inserts the load balancing rules into
pf based on it's own config. Then it does the job of health-checking
the servers listed in it's config file, and removing them from the
server list if they go down.

The problems with using pf and a health checking script is  
related to

removal of failed backends. There are two separate issues:

  1) When using sticky-address in the rdr rules client-server
 associations are added to the internal Sources table.
 It is impossible to remove entries for a single backend from  
this
 table. If a backend fails and is removed from the rdr  
destination
 table this table will have to be flushed, making all clients  
end

up on
 new backends, wich is unacceptable in many configurations.
 If this table is not cleared then the rdr destination table  
is not
 inspected for client IP's found in the Sources table. These  
clients

 will still be sent to the failed and removed backend.
 Preferably entries could be removed from this table based on
 source-IP and backend-IP:backend-port, and maybe even the  
virtual

 service IP:port or a pf rule number.


Which is what slbd avoids. slbd doesn't use sticky-address for  
this reason.

slbd seems mostly geared for web servers where the web application
is written well enough to not need each request to go back to the  
same

server.

Kevin


Hi Kevin

I can come up with 100 reasons for using the same web target server  
over a
whole session and very few for not doing it. Can't see we can use  
slbd for
the ordering system as intended if requests goes to just any server  
in the

pool.

Or did I miss anything?

Regards
/Per-Olov




Re: auditing when permissions are changed

2006-10-26 Thread Otto Moerbeek
On Thu, 26 Oct 2006, ropers wrote:

> Hi,
> 
> This is a sorta n00bish question, but I've just discovered that unlike
> what I've always assumed to be the case, changing a file's permissions
> doesn't touch its last modified time/date stamp.
> 
> Is there any way to find out when a file's permissions were last modified?

Inode changes change the ctimestamp. You can look at it using ls -lc
or stat(1). 

stat(2) lists when ctime is updated.

-Otto



Re: auditing when permissions are changed

2006-10-26 Thread ropers

On 26/10/06, Paul de Weerd <[EMAIL PROTECTED]> wrote:

On Thu, Oct 26, 2006 at 11:07:49PM +0200, ropers wrote:
| Hi,
|
| This is a sorta n00bish question, but I've just discovered that unlike
| what I've always assumed to be the case, changing a file's permissions
| doesn't touch its last modified time/date stamp.
|
| Is there any way to find out when a file's permissions were last modified?

Each file on a unix-like filesystem has three different timestamps.
Use stat(1) to find out what these are.

Cheers,

Paul 'WEiRD' de Weerd

--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/


Thanks all! :)



Re: auditing when permissions are changed

2006-10-26 Thread Paul de Weerd
On Thu, Oct 26, 2006 at 11:07:49PM +0200, ropers wrote:
| Hi,
|
| This is a sorta n00bish question, but I've just discovered that unlike
| what I've always assumed to be the case, changing a file's permissions
| doesn't touch its last modified time/date stamp.
|
| Is there any way to find out when a file's permissions were last modified?

Each file on a unix-like filesystem has three different timestamps.
Use stat(1) to find out what these are.

Cheers,

Paul 'WEiRD' de Weerd

--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]



Re: pf load balancing and failover

2006-10-26 Thread Per-Olov Sjöholm
On Thursday 26 October 2006 22:28, Kevin Reay wrote:
> Hey,
>
> On 10/26/06, Pete Vickers <[EMAIL PROTECTED]> wrote:
> > If I recall correctly,
>
> You don't. :o)
>
> > slbd adds new rules to pf for each incoming
> > tcp session. Since I couldn't get it to work (old version) I do not
> > know what the session and Sources tables will look like, but I
> > suspect there will be no problems with them in slbd. Client-server
> > association is maintained by slbd and implemented with separate rules
> > for each tcp session.
>
> slbd doesn't maintain separate rules for each tcp session. Client-server
> association is NOT maintained by slbd.
>
> > This seems a bit ineffective and rather pointless since pf has the
> > load balancing functionality built in.
>
> Which slbd relies on. Slbd just inserts the load balancing rules into
> pf based on it's own config. Then it does the job of health-checking
> the servers listed in it's config file, and removing them from the
> server list if they go down.
>
> > The problems with using pf and a health checking script is related to
> > removal of failed backends. There are two separate issues:
> >
> >   1) When using sticky-address in the rdr rules client-server
> >  associations are added to the internal Sources table.
> >  It is impossible to remove entries for a single backend from this
> >  table. If a backend fails and is removed from the rdr destination
> >  table this table will have to be flushed, making all clients end
> > up on
> >  new backends, wich is unacceptable in many configurations.
> >  If this table is not cleared then the rdr destination table is not
> >  inspected for client IP's found in the Sources table. These clients
> >  will still be sent to the failed and removed backend.
> >  Preferably entries could be removed from this table based on
> >  source-IP and backend-IP:backend-port, and maybe even the virtual
> >  service IP:port or a pf rule number.
>
> Which is what slbd avoids. slbd doesn't use sticky-address for this reason.
> slbd seems mostly geared for web servers where the web application
> is written well enough to not need each request to go back to the same
> server.
>
> Kevin

Hi Kevin

I can come up with 100 reasons for using the same web target server over a 
whole session and very few for not doing it. Can't see we can use slbd for 
the ordering system as intended if requests goes to just any server in the 
pool.

Or did I miss anything?

Regards
/Per-Olov



Re: Unknown "." dir in a daily insecurity report

2006-10-26 Thread Patrick Rutkowski

On Oct 26, 2006, at 4:04 AM, Otto Moerbeek wrote:



On Thu, 26 Oct 2006, Patrick Rutkowski wrote:


I don't know what I'm supposed to make of this:

=== Start Message ===

Subject:  daily insecurity output

Checking special files and directories.
Output format is:
filename:
criteria (shouldbe, reallyis)
.:  permissions (0755, 0777)

=== End Message ===

Normally I don't get daily insecurity reports, which I take to  
mean that
everything is OK. But for the past two nights I have gotten this  
one; and I

can't figure out what it's trying to tell me.

 sudo find / -perm 777  will show no output other than  
when I
deliberately create a single chmod 777 file, at which point it  
will show only
that one file. This proves that that find is working properly and  
that there

are, as far as I can tell, no chmod 777 files on my system.

The only thing worth mentioning about my system is that it's still  
running

3.8.


It looks like your / dir has the wrong permissions.

-Otto



Yup, that was it; ty :-D



Re: auditing when permissions are changed

2006-10-26 Thread Joachim Schipper
On Thu, Oct 26, 2006 at 11:07:49PM +0200, ropers wrote:
> Hi,
> 
> This is a sorta n00bish question, but I've just discovered that unlike
> what I've always assumed to be the case, changing a file's permissions
> doesn't touch its last modified time/date stamp.
> 
> Is there any way to find out when a file's permissions were last modified?

Yes, it does modify ctime.

Of course, that only helps if your box isn't completely rooted, which
might or might not be relevant in this case.

Joachim



auditing when permissions are changed

2006-10-26 Thread ropers

Hi,

This is a sorta n00bish question, but I've just discovered that unlike
what I've always assumed to be the case, changing a file's permissions
doesn't touch its last modified time/date stamp.

Is there any way to find out when a file's permissions were last modified?

regards,
--ropers

--
www.ropersonline.com



Soundblaster Audigy LS (SE, PCI subsys id = 0x100a1102)

2006-10-26 Thread Peter Philipp
Hi,

Any poor soul living in Frankfurt and running Linux or Windows needing a
Soundblaster (PCI) card?  I have a Soundblaster Audigy LE card to give 
away as there is no BSD support for this one (checked FreeBSD project as 
well).  

I tried "fool"ing around with it, putting support into it, after pretty well 
copying the Linux driver but it didn't seem to work.  This card doesn't seem 
to be ac97 compatible so no ac97 driver could attach to it.  I'm giving it
away as it's completely worthless to me.

Let me know where to deliver it to, I'll drop it off at your door.  Please
reply individually as I'm not subscribed to this list.

-peter

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
"http://en.wikipedia.org/w/index.php?title=Pufferfish&oldid=20768394"; | sed -n 
131,137p  http://centroid.eu  So long and thanks for all the fish!!!



Re: Lenovo notebooks

2006-10-26 Thread ropers

On 26/10/06, stuartv <[EMAIL PROTECTED]> wrote:

>On 10/26/06, Johan P. Lindstrvm <[EMAIL PROTECTED]> wrote:
>>
>> You should really get yours too, not buying the CD's will not improve
>> the hardware support now will it?
>
>
>The way it works here is "boss, I need to buy an openbsd license for each
>openbsd box we run.  It's $50 each, + shipping.  Sign here please".
>
>Speaking of that, I need to get off my ass and buy my 4.0 licenses already.
>

Awww... Too late for that for me, I had to use the whole "Look Boss, it's
free" line along with plenty of documentation that OpenBSD is as secure as
it gets for them to let me put in the first OpenBSD box.  They are pretty
happy with them so far.  I'm going to try to hit them up with the whole
"Wouldn't it be nice to support such a great project that we use so much"
argument as soon as things slow down here a bit and there is time to chat.
That should work.

stuart


That's what I'm planning to do as well... but it may be a pipe dream
-- the single small department that I sysadmin for on a part time
basis took a lot of convincing to even let me put in that one OpenBSD
firewall... OTOH, if I wait half a year and we haven't gotten the
Windows 2003 server rootkitted again by that time, I may have a much
stronger case. "Look guys, this seems to be doing us some good right
here..." It prolly works in OpenBSD's advantage that the software can
be paid for after the fact. You wouldn't believe the politics and red
tape that's getting in the way of buying and deploying just about any
additional security product. "We've already got our antivirus program,
now why would we want to buy an antispyware program.?" "We're already
using Firefox, now why do we need a firewall?" Slightly embellished,
but in the broad strokes that's what took place. I am not making this
up.



pf load balancing and failover

2006-10-26 Thread Kevin Reay

Hey,

On 10/26/06, Pete Vickers <[EMAIL PROTECTED]> wrote:

If I recall correctly,


You don't. :o)


slbd adds new rules to pf for each incoming
tcp session. Since I couldn't get it to work (old version) I do not
know what the session and Sources tables will look like, but I
suspect there will be no problems with them in slbd. Client-server
association is maintained by slbd and implemented with separate rules
for each tcp session.


slbd doesn't maintain separate rules for each tcp session. Client-server
association is NOT maintained by slbd.


This seems a bit ineffective and rather pointless since pf has the
load balancing functionality built in.


Which slbd relies on. Slbd just inserts the load balancing rules into
pf based on it's own config. Then it does the job of health-checking
the servers listed in it's config file, and removing them from the
server list if they go down.


The problems with using pf and a health checking script is related to
removal of failed backends. There are two separate issues:

  1) When using sticky-address in the rdr rules client-server
 associations are added to the internal Sources table.
 It is impossible to remove entries for a single backend from this
 table. If a backend fails and is removed from the rdr destination
 table this table will have to be flushed, making all clients end
up on
 new backends, wich is unacceptable in many configurations.
 If this table is not cleared then the rdr destination table is not
 inspected for client IP's found in the Sources table. These clients
 will still be sent to the failed and removed backend.
 Preferably entries could be removed from this table based on
 source-IP and backend-IP:backend-port, and maybe even the virtual
 service IP:port or a pf rule number.


Which is what slbd avoids. slbd doesn't use sticky-address for this reason.
slbd seems mostly geared for web servers where the web application
is written well enough to not need each request to go back to the same
server.

Kevin



Re: pf load balancing and failover

2006-10-26 Thread Berk D. Demir

Pete Vickers wrote:

 1) When using sticky-address in the rdr rules client-server
associations are added to the internal Sources table.
It is impossible to remove entries for a single backend from this
table. If a backend fails and is removed from the rdr destination
table this table will have to be flushed, making all clients end up on
new backends, wich is unacceptable in many configurations.
If this table is not cleared then the rdr destination table is not
inspected for client IP's found in the Sources table. These clients
will still be sent to the failed and removed backend.
Preferably entries could be removed from this table based on
source-IP and backend-IP:backend-port, and maybe even the virtual
service IP:port or a pf rule number.

 2) TCP sessions to a failed backend will continue to exist after the
backend is removed from the rdr destination table. As of today these
sessions can be removed with pfctl by specifying the source and
destination IP addresses. Since different services can run on
differerent port numbers on the same machines it should be possible to
specify a destination port number as well.
I guess that if a backend dies then the client is notified about this
just as if it had been speaking directly to the backend, so it might
not be necessary to clean out these sessions at all, and maybe even
the tcpdrop tool will do the trick?

Anyway, main issue is with removing single sessions from the internal 
Sources table (as it is called in pfctl(8)).


I've submitted a patch, adding a new ioctl to pf and an implementation 
to clear src-track entries likewise states  (-k 1.1.1.1 -k 2.3.5.0/23).


A patched build (smt. between 4.0 and -current) is running in many DCs 
in my county right now.


pfctl.c changed after my submission. I have to fix the patches and post 
here in case it helps.


It needs to get OKs from developers to get into the tree. Last touch 
with a developer about this patch was with dhartmei on Jul 25.


(I'll post it tomorrow)



Re: Lenovo notebooks

2006-10-26 Thread stuartv
>On 10/26/06, Johan P. Lindstrvm <[EMAIL PROTECTED]> wrote:
>>
>> You should really get yours too, not buying the CD's will not improve
>> the hardware support now will it?
>
>
>The way it works here is "boss, I need to buy an openbsd license for each
>openbsd box we run.  It's $50 each, + shipping.  Sign here please".
>
>Speaking of that, I need to get off my ass and buy my 4.0 licenses already.
>

Awww... Too late for that for me, I had to use the whole "Look Boss, it's
free" line along with plenty of documentation that OpenBSD is as secure as
it gets for them to let me put in the first OpenBSD box.  They are pretty
happy with them so far.  I'm going to try to hit them up with the whole
"Wouldn't it be nice to support such a great project that we use so much"
argument as soon as things slow down here a bit and there is time to chat.
That should work.

stuart



Re: pf load balancing and failover

2006-10-26 Thread Pete Vickers

Hi,


If I recall correctly, slbd adds new rules to pf for each incoming  
tcp session. Since I couldn't get it to work (old version) I do not  
know what the session and Sources tables will look like, but I  
suspect there will be no problems with them in slbd. Client-server  
association is maintained by slbd and implemented with separate rules  
for each tcp session.


This seems a bit ineffective and rather pointless since pf has the  
load balancing functionality built in.


The problems with using pf and a health checking script is related to  
removal of failed backends. There are two separate issues:


 1) When using sticky-address in the rdr rules client-server
associations are added to the internal Sources table.
It is impossible to remove entries for a single backend from this
table. If a backend fails and is removed from the rdr destination
table this table will have to be flushed, making all clients end  
up on

new backends, wich is unacceptable in many configurations.
If this table is not cleared then the rdr destination table is not
inspected for client IP's found in the Sources table. These clients
will still be sent to the failed and removed backend.
Preferably entries could be removed from this table based on
source-IP and backend-IP:backend-port, and maybe even the virtual
service IP:port or a pf rule number.

 2) TCP sessions to a failed backend will continue to exist after the
backend is removed from the rdr destination table. As of today  
these

sessions can be removed with pfctl by specifying the source and
destination IP addresses. Since different services can run on
differerent port numbers on the same machines it should be  
possible to

specify a destination port number as well.
I guess that if a backend dies then the client is notified about  
this
just as if it had been speaking directly to the backend, so it  
might

not be necessary to clean out these sessions at all, and maybe even
the tcpdrop tool will do the trick?

Anyway, main issue is with removing single sessions from the internal  
Sources table (as it is called in pfctl(8)).



/Pete




On 22. okt. 2006, at 21.13, Kevin Reay wrote:


On 10/22/06, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:

Hi again

I am looking at the CVS. I can't see its possible to out of the  
box remove
addresses from  a round robin scheme in PF against a faulty web  
server. Am I

missing something?

But I maybe misunderstood Kevin Reay that in this thread said:  
"and it would
automatically remove the address from a pf poll (and optionality  
run a

command) when a host failed.".

Maybe I have to do some scripting after all...


It can be a little confusing at first, but it makes a lot of sense
once you understand it. The way I remember it, a person creates a
config file for slbd that defines the various pools and their polling
methods, and slbd creates the load balancing pools in pf at start-up
automatically (in an anchored ruleset). Then it removes entries from
those pools when a server goes down. So... no scripting required.

Of course, Bill Marquette will probably have more knowledge/details
about this then me...

Kevin




Re: Lenovo notebooks

2006-10-26 Thread bofh
On 10/26/06, Johan P. Lindstrvm <[EMAIL PROTECTED]> wrote:
>
> You should really get yours too, not buying the CD's will not improve
> the hardware support now will it?


The way it works here is "boss, I need to buy an openbsd license for each
openbsd box we run.  It's $50 each, + shipping.  Sign here please".

Speaking of that, I need to get off my ass and buy my 4.0 licenses already.



Re: Lenovo notebooks

2006-10-26 Thread Johan P. Lindström

Lenovo has been building the ThinkPads for some 5 odd years, they just
bourght the brand from IBM.

I have the following hardware running 4.0 or earlier from the pre-order CD's.

You should really get yours too, not buying the CD's will not improve
the hardware support now will it?

Shame on everyone who dont buy their CD's. Try it out from a local FTP
and when the time comes, twice a year so far, get your release on CD,
plenty of nice stickers and the artwork is always amazing.



* ThinkPad T30
* ThinkPad T40
* ThinkPad T41
* ThinkPad T42
* ThinkPad T43
* ThinkPad T60
* ThinkPad Z60
* ThinkPad R50
* Dell D600

Ethernet works on all (most often its a fxp0 on ThinkPads), wifi on
some, pcmcia card with wifi works great.

-- Johan



On 10/26/06, martin g <[EMAIL PROTECTED]> wrote:

Hello all

Has anyone got experience with Lenovo notebooks running OpenBSD.
If you are so kind to share your experience.

tnx.





--
// Johan



Re: Automating updates question

2006-10-26 Thread Paul Irofti
On Wednesday 25 October 2006 22:39, [EMAIL PROTECTED] wrote:
> > You mean /usr/ports/infrastructure/out-of-date? ;-)
[--snip--]
>
> Thanks! This type of info was what I was looking for.

I've written a script the other day that deals with this and updates 
your current apps based on out-of-date:

#!/usr/bin/env ruby


class PBuild
  attr_accessor :uplist
  attr_reader :flavor, :package
  def initialize(uplist = '/tmp/uplist')
@uplist = uplist
  end
  def parse
File.open(@uplist) do |file|
  file.each {|line| pkgadd(line)}
end
  end
  def list
`/usr/ports/infrastructure/build/out-of-date > [EMAIL PROTECTED]
  end
  def pkgadd(line)
line =~ /((\S+)(\/)*)+/
#port = $&
flav = $&.split(',')
@package = flav.first
flav.delete(flav.first)
@flavor = "env FLAVOR=\""
if not flav.empty?
  flav.each do |opt|
@flavor = @flavor + opt.to_s + ' '
  end
  p "Building package [EMAIL PROTECTED] with [EMAIL PROTECTED]"
  @flavor = @flavor + "\" make update clean"
else
  p "Building package [EMAIL PROTECTED]"
  @flavor = "make update clean"
end
`cd /usr/ports/#{package} && [EMAIL PROTECTED]
  end
end

latest = PBuild.new
latest.list
latest.parse



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Bob DeBolt
> I am new to the list and I do not fully understand the process either.
> However, I believe that the project gets a large portion of its funding
> from the sale of CDs. So to give added incentive to buy CDs, those who
> pre-order get the release early. I  think this is how it works but I could
> be wrong..

You are correct and don't forget the cool T-shirts!!

Mr D



Re: Intel Core Duo - should I go for bsd.mp?

2006-10-26 Thread Eliah Kagan

On 10/26/06, Peter N. M. Hansteen wrote:

Most likely some time tomorrow I'll have a Thinkpad R60 with an Intel
Core Duo processor land in my lap.  I wonder, would it be at all
useful to try running it with a bsd.mp kernel?


Unless you just want to use one of the two cores, bsd.mp would seem to
be the way to go...

-Eliah



Re: dhclient does not get lease after reboot

2006-10-26 Thread Matt Bettinger

On 10/26/06, Riley McIntire <[EMAIL PROTECTED]> wrote:

On 10/25/06, Matt Bettinger <[EMAIL PROTECTED]> wrote:

> I added a pause as suggested by Jason Dixon,  and still cannot pick up
> a lease unless I do it manually.  I'm really at a loss as what can be
> causing this and running out of places where I can check for the
> problem.  Does anyone else have any suggestions?

Another wildass guess. I've seen this behavior with /var mount'd mfs
(with a modified /etc/rc), and think nfs mount'ing var would do the
same. You doing anything like this?

Riley


No.  Nothing crazy,  just your typical bsd router with 4 nics  and
some vlan stuff.  Thanks for the suggestions though.  I fixed the
issue temporarily with a small script.  Maybe on a rainy Sunday
afternoon I'll swap in a new NIC and see if that solves the problem
but we're good for now.  Thanks.

-mb



Re: OpenBSD Audio series other than bsdtalk ?

2006-10-26 Thread chefren

On 10/25/06 23:16, Jon Simola wrote:


I'm really hoping someone recorded Theo's talk at the CUUG last night.
I've seen the slides from a few presentations floating around, but
audio to accompy them would be icing on the cake.


http://video.google.com/videosearch?q=CUUG

Last year seems to be there.


http://video.google.com/videosearch?q=OpenBSD

Henning!!!

+++chefren



Re: dhclient does not get lease after reboot

2006-10-26 Thread Riley McIntire

On 10/25/06, Matt Bettinger <[EMAIL PROTECTED]> wrote:


I added a pause as suggested by Jason Dixon,  and still cannot pick up
a lease unless I do it manually.  I'm really at a loss as what can be
causing this and running out of places where I can check for the
problem.  Does anyone else have any suggestions?


Another wildass guess. I've seen this behavior with /var mount'd mfs
(with a modified /etc/rc), and think nfs mount'ing var would do the
same. You doing anything like this?

Riley
--
"Education: The ability to listen to almost anything without losing
your temper or self confidence." - -- Robert Frost



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Martin Schröder

2006/10/26, Dylan Hall <[EMAIL PROTECTED]>:

I am new to the list and I do not fully understand the process either.


Then RTFAQ!



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Gordon Grieder
On Thu, Oct 26, 2006 at 09:16:07AM -0400, ICMan wrote:
> I admit that I am not the most up to date on the release process, but 
> why is 4.0 not out on the FTP server yet if people are receiving it in 
> their homes on CD?  And how do I get on that list of people who get the 
> pre-release?

You have to pre-order it off the website, see 
http://www.openbsd.org/orders.html

It's a good idea; CD sales help the project, you get automatic male
enhancement without having to pop pills and your breath will be minty
fresh until the next release.



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Jacob Yocom-Piatt
>PS pre-orders do not guarantee early delivery... I'm still waiting  
>for mine here in ny but it's ok because my 3.9 systems are running  
>just fine and they can wait  :)
>

AFAICT, you cannot update packages to 4.0 versions until November 1st since
they're not available on the FTP mirrors. if this is true, there's as great an
advantage to getting the CDs early as one would think.



Re: Uptime and pf stats difference.

2006-10-26 Thread Melameth, Daniel D.
RCF wrote:
>  The server had been in testing for almost a month with rdate
> configured to run every 6 hours before I rebooted. So I don't really
> think the clock was off.

I don't have this issue, but if you're running rdate every six hours,
you might want to 'man ntpd' instead.



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread L. V. Lammert
On Thu, 26 Oct 2006, ICMan wrote:

> I admit that I am not the most up to date on the release process, but
> why is 4.0 not out on the FTP server yet if people are receiving it in
> their homes on CD?  And how do I get on that list of people who get the
> pre-release?
>
> ICMan
>
If you want it early, you have to pre-order when it is available. We
received our CDs early this week.

Lee


  Leland V. Lammert[EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
 Network/Internet Consultants   www.omnitec.net




Re: Uptime and pf stats difference.

2006-10-26 Thread Matthew R. Dempsky
On Thu, Oct 26, 2006 at 12:44:25PM +0100, RCF wrote:
> The server had been in testing for almost a month with rdate
> configured to run every 6 hours before I rebooted. So I don't really
> think the clock was off.

Clocks naturally drift over time.  Four minutes over about 1.5 years
seems reasonable.



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Janne Johansson

ICMan wrote:
I admit that I am not the most up to date on the release process, but 
why is 4.0 not out on the FTP server yet if people are receiving it in 
their homes on CD?  And how do I get on that list of people who get the 
pre-release?


Folks who pre-order gets an advantage. The rest of us has to wait 4 more 
days for the FTP to release it.




Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Michael Hernandez

On Oct 26, 2006, at 9:16 AM, ICMan wrote:

I admit that I am not the most up to date on the release process,  
but why is 4.0 not out on the FTP server yet if people are  
receiving it in their homes on CD?  And how do I get on that list  
of people who get the pre-release?


ICMan




Pre-orders have been accepted for weeks. People who pre-order get  
cd's early if the cd's are done being made and are sitting around.  
It's all in the archives...



Mike

PS pre-orders do not guarantee early delivery... I'm still waiting  
for mine here in ny but it's ok because my 3.9 systems are running  
just fine and they can wait  :)




Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Dylan Hall
Hi ICMan,

I am new to the list and I do not fully understand the process either.
However, I believe that the project gets a large portion of its funding from
the sale of CDs. So to give added incentive to buy CDs, those who pre-order
get the release early. I  think this is how it works but I could be wrong..

Dylan

On 10/26/06, ICMan <[EMAIL PROTECTED]> wrote:
>
> I admit that I am not the most up to date on the release process, but
> why is 4.0 not out on the FTP server yet if people are receiving it in
> their homes on CD?  And how do I get on that list of people who get the
> pre-release?
>
> ICMan



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Ingo Schwarze
ICMan wrote on Thu, Oct 26, 2006 at 09:16:07AM -0400:
> I admit that I am not the most up to date on the release process,
> but why is 4.0 not out on the FTP server yet if people are receiving
> it in their homes on CD?

It is not yet released, in particular, any required errata may
not yet be complete.  Search the archives, i recently explained this
in more detail.

> And how do I get on that list of people who get the pre-release?

Pre-order as soon as pre-orders are possible, and make sure you always
pay as soon as you are asked to pay.



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Darrin Chandler
On Thu, Oct 26, 2006 at 09:16:07AM -0400, ICMan wrote:
> I admit that I am not the most up to date on the release process, but 
> why is 4.0 not out on the FTP server yet if people are receiving it in 
> their homes on CD?  And how do I get on that list of people who get the 
> pre-release?

It'll be on the FTP servers on the release date.

A while back Theo annouced that they were taking pre-orders. That's the
time to make your order if you want your CDs early. :)

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Daniel A. Ramaley
On Thursday 26 October 2006 08:16, you wrote:
>I admit that I am not the most up to date on the release process, but
>why is 4.0 not out on the FTP server yet if people are receiving it in
>their homes on CD?

>From https://https.openbsd.org/cgi-bin/order:
"Will release and ship November 1 2006"
If you order early you get it shipped early as a bonus.

>And how do I get on that list of people who get 
> the pre-release?

http://www.openbsd.org/orders.html


Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Henning Brauer
* ICMan <[EMAIL PROTECTED]> [2006-10-26 15:21]:
> I admit that I am not the most up to date on the release process, but 
> why is 4.0 not out on the FTP server yet if people are receiving it in 
> their homes on CD?

because it is not released yet?

> And how do I get on that list of people who get the 
> pre-release?

you just order very early, and most of the time you'll have your CDs 
before release date.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Nico Meijer
Hi ICMan,

> I admit that I am not the most up to date on the release process, but 
> why is 4.0 not out on the FTP server yet if people are receiving it in 
> their homes on CD?

4.0 is due Nov 1st. People who pre-order, get their stuff beforehand.

> And how do I get on that list of people who get
> the pre-release?

You pre-order. Just take a good look at http://www.openbsd.org/ and you'll
see what I mean.

'We' do not get a pre-release (which might be -current at
any given time, if you like to think like that), but the final and only
release.

'We' just get it early, because -in Europe- Wim just really, really loves
us and wants to make us happy.

HTH... Nico



Re: OpenBSD 4.0 - Where is it?

2006-10-26 Thread Luca Corti
On Thu, 2006-10-26 at 09:16 -0400, ICMan wrote:
> I admit that I am not the most up to date on the release process, but 
> why is 4.0 not out on the FTP server yet if people are receiving it in 

It is not uploaded on the FTP until Nov, 1st, which is the official
release date. 

> their homes on CD?  And how do I get on that list of people who get the 
> pre-release?

By ordering the CD set.

ciao

Luca



Re: Lenovo notebooks

2006-10-26 Thread Matt Kolb
martin g writes: 

Hello all 


Has anyone got experience with Lenovo notebooks running OpenBSD.
If you are so kind to share your experience.


I recently got my hands on a Z61T which is pretty nice.  The functionality 
that I require works, though it is lacking the power managament functions 
(this work is currently in progress if I understand correctly).  One thing 
to note is that the disk driver works, which is not the case with NetBSD (at 
least, the last time I checked). 

I've put the dmesg.boot up here: 
http://bender.cl.msu.edu/~muk/nibbler-dmesg.boot 

The bge interface works great docked or undocked, and the wpi interface also 
works (make sure you read the man page), though I have had some performance 
degredation with it in some situations -- I rarely use the wireless for big 
sustained transfers or the like, so I have not made time to test it 
properly. 

I did note that booting GENERIC.MP really hurt my performance (I just gave 
it a whirl without understanding the implications on a dual-core machine). 

Regardless, I think it works pretty well.  This is the first time I've had a 
ThinkPad, and it seems pretty nice so far.  I've only booted OpenBSD and 
SUSE Linux on it to date, and both seem to do well (I'm sticking with 
OpenBSD). 

./matt 



OpenBSD 4.0 - Where is it?

2006-10-26 Thread ICMan
I admit that I am not the most up to date on the release process, but 
why is 4.0 not out on the FTP server yet if people are receiving it in 
their homes on CD?  And how do I get on that list of people who get the 
pre-release?


ICMan



kernel panic (bsd.rd) with latest snapshot (Oct 22) on Thinkpad X40

2006-10-26 Thread Andreas Bihlmaier
Hello misc@,

I just wanted to do my unfrequent updates to -current (using snapshots),
but for some reason bsd.rd panics (I transcribed messages by hand, see
below), but bsd does not panic (just copied it to / using my installed
snapshot).

Here is the last couple of lines:
ath0 at pci1 dev 2 function 0 "Atheros AR5212 (IBM MiniPCI)" rev 0x01: irq11
uvm_fault(0xd06800a0, 0x0, 0, 3) -> e
fatal page fault (6) in supervisor mode
trap type 6 code 2 eip d0276166 cs 8 eflags 10202 cr2 34 cpl 0
panic: trap type 6, code=2, pc=d0276166
uvm_fault(0xd06800a0, 0x0, 0, 1) -> e
fatal page fault (6) in supervisor mode
trap type 6 code 0 eip d0276cbd cs 8 eflags 10286 cr2 bc0 cpl 0
panic: trap type 6, code=0, pc=d0276cbd

The operating system has halted.
Please press any key to reboot.


An older bsd.rd (from Sep 1st) doesn't panic:
OpenBSD 4.0 (RAMDISK_CD) #37: Fri Sep  1 12:13:09 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel(R) Pentium(R) M processor 1.40GHz ("GenuineIntel" 686-class) 1.40 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
real mem  = 1063743488 (1038812K)
avail mem = 963801088 (941212K)
using 4256 buffers containing 53288960 bytes (52040K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(49) BIOS, date 01/07/05, BIOS32 rev. 0 @ 0xfd740, 
SMBIOS rev. 2.33 @ 0xe0010 (56 entries)
bios0: IBM 2371H9G
apm0 at bios0: Power Management spec V1.2
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd6d0/0x930
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xc800! 0xcc800/0x1000 0xcd800/0x1000 0xdc000/0x4000! 
0xe/0x1
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82852GM Hub-PCI" rev 0x02
"Intel 82852GM Memory" rev 0x02 at pci0 dev 0 function 1 not configured
"Intel 82852GM Configuration" rev 0x02 at pci0 dev 0 function 3 not configured
vga1 at pci0 dev 2 function 0 "Intel 82852GM AGP" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
"Intel 82852GM AGP" rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb0 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x81
pci1 at ppb0 bus 2
cbb0 at pci1 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0x8d: irq 11
"Ricoh 5C822 SD/MMC" rev 0x13 at pci1 dev 0 function 1 not configured
em0 at pci1 dev 1 function 0 "Intel PRO/1000MT Mobile (82541GI)" rev 0x00: irq 
11, address 00:0a:e4:2f:30:7e
ath0 at pci1 dev 2 function 0 "Atheros AR5212 (IBM MiniPCI)" rev 0x01: irq 11
ath0: AR5213 5.9 phy 4.3 rf5112a 3.6, WOR2W, address 00:0e:9b:a2:97:07
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x01
pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x01: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 38154MB, 78140160 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
"Intel 82801DB SMBus" rev 0x01 at pci0 dev 31 function 3 not configured
"Intel 82801DB AC97" rev 0x01 at pci0 dev 31 function 5 not configured
"Intel 82801DB Modem" rev 0x01 at pci0 dev 31 function 6 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: using exception 16
biomask fffd netmask fffd ttymask 
rd0: fixed, 3800 blocks
umass0 at uhub3 port 3 configuration 1 interface 0
umass0: Cypress Semiconductor USB2.0 Storage Device, rev 2.00/0.01, addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets
cd0 at scsibus0 targ 1 lun 0:  SCSI0 5/cdrom 
removable
dkcsum: wd0 matches BIOS drive 0x80
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02


And full d

Cadeau intelligent

2006-10-26 Thread Béatrice
[IMAGE]

Offre riservie exclusivement aux entreprises.

Conformiment ` la Loi Informatique et Libertis parue au Journal Officiel
du 6 janvier 1978, vous disposez d'un droit d'acchs, de rectification, et
d'opposition aux donnies personnelles vous concernant. Pour ne plus
recevoir d'informations de notre part, cliquez sur le lien suivant: Me
disabonner



Re: OpenBGP & carp interface

2006-10-26 Thread Henning Brauer
* ClaudeBrassel <[EMAIL PROTECTED]> [2006-10-26 14:03]:
> Some add-on :
> If I start the session with the carp device I have following in the
> /var/log/daemon :
> 
> Oct 26 13:48:12 bgp1 bgpd[31321]: nexthop 212.x.x.253 now valid: via
> 212.x.x.254

yes, as I said, this is because the ifindex is not set on the routing 
message, and thus we do not detect that this is a "directly connected" 
route. I am pretty certain this was fixed after 3.9.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam



Re: OpenBGPD & tcpmd5 password change bug ?

2006-10-26 Thread Henning Brauer
* Henning Brauer <[EMAIL PROTECTED]> [2006-10-26 14:06]:
> I found it. ugh. storing the dynamically aquired SPIs in a struct the 
> gets overwritten was no good idea - of course we fail to reove the old 
> SPIs then on reconfig.

let me retry this sentence in english.

Storing the dynamically acquired SPIs in a struct that gets overwritten 
on config reload was no good idea - of course we fail to remove the old 
SAs on reconfig then, since we lost the SPIs.



Re: OpenBGP & carp interface

2006-10-26 Thread Henning Brauer
ok, I am pretty certain this is fixed in 4.0

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam



Re: OpenBGPD & tcpmd5 password change bug ?

2006-10-26 Thread Henning Brauer
I found it. ugh. storing the dynamically aquired SPIs in a struct the 
gets overwritten was no good idea - of course we fail to reove the old 
SPIs then on reconfig.

to get your box going again, reconfig bgpd with new passwords, flush the 
SAs using ipsecctl (will kill existing md5'd sessions), and clear the 
session then.
that means, you need to delete the old SAs before re-establishing the 
session, that is the bug.

the diff below fixes the issue in bgpd.

Index: pfkey.c
===
RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v
retrieving revision 1.32
diff -u -p -r1.32 pfkey.c
--- pfkey.c 30 Aug 2006 17:58:40 -  1.32
+++ pfkey.c 26 Oct 2006 11:42:36 -
@@ -497,34 +497,34 @@ pfkey_sa_remove(struct bgpd_addr *src, s
 int
 pfkey_md5sig_establish(struct peer *p)
 {
-   if (!p->conf.auth.spi_out)
+   if (!p->auth.spi_out)
if (pfkey_sa_add(&p->conf.local_addr, &p->conf.remote_addr,
p->conf.auth.md5key_len, p->conf.auth.md5key,
-   &p->conf.auth.spi_out) == -1)
+   &p->auth.spi_out) == -1)
return (-1);
-   if (!p->conf.auth.spi_in)
+   if (!p->auth.spi_in)
if (pfkey_sa_add(&p->conf.remote_addr, &p->conf.local_addr,
p->conf.auth.md5key_len, p->conf.auth.md5key,
-   &p->conf.auth.spi_in) == -1)
+   &p->auth.spi_in) == -1)
return (-1);
 
-   p->auth_established = 1;
+   p->auth.established = 1;
return (0);
 }
 
 int
 pfkey_md5sig_remove(struct peer *p)
 {
-   if (p->conf.auth.spi_out)
+   if (p->auth.spi_out)
if (pfkey_sa_remove(&p->conf.local_addr, &p->conf.remote_addr,
-   &p->conf.auth.spi_out) == -1)
+   &p->auth.spi_out) == -1)
return (-1);
-   if (p->conf.auth.spi_in)
+   if (p->auth.spi_in)
if (pfkey_sa_remove(&p->conf.remote_addr, &p->conf.local_addr,
-   &p->conf.auth.spi_in) == -1)
+   &p->auth.spi_in) == -1)
return (-1);
 
-   p->auth_established = 0;
+   p->auth.established = 0;
return (0);
 }
 
@@ -597,7 +597,7 @@ pfkey_ipsec_establish(struct peer *p)
if (pfkey_reply(fd, NULL) < 0)
return (-1);
 
-   p->auth_established = 1;
+   p->auth.established = 1;
return (0);
 }
 
@@ -662,7 +662,7 @@ pfkey_ipsec_remove(struct peer *p)
if (pfkey_reply(fd, NULL) < 0)
return (-1);
 
-   p->auth_established = 0;
+   p->auth.established = 0;
return (0);
 }
 
@@ -680,7 +680,7 @@ pfkey_establish(struct peer *p)
 int
 pfkey_remove(struct peer *p)
 {
-   if (!p->auth_established)
+   if (!p->auth.established)
return (0);
else if (p->conf.auth.method == AUTH_MD5SIG)
return (pfkey_md5sig_remove(p));
Index: session.h
===
RCS file: /cvs/src/usr.sbin/bgpd/session.h,v
retrieving revision 1.86
diff -u -p -r1.86 session.h
--- session.h   27 Aug 2006 16:11:05 -  1.86
+++ session.h   26 Oct 2006 11:42:36 -
@@ -166,6 +166,11 @@ struct peer {
struct capabilities ann;
struct capabilities peer;
}capa;
+   struct {
+   u_int32_t   spi_in;
+   u_int32_t   spi_out;
+   u_int8_testablished;
+   } auth;
struct sockaddr_storage  sa_local;
struct sockaddr_storage  sa_remote;
struct msgbufwbuf;
@@ -184,7 +189,6 @@ struct peer {
enum session_state   state;
enum session_state   prev_state;
u_int16_tholdtime;
-   u_int8_t auth_established;
u_int8_t depend_ok;
u_int8_t demoted;
u_int8_t passive;



Re: OpenBGP & carp interface

2006-10-26 Thread ClaudeBrassel
Some add-on :
If I start the session with the carp device I have following in the
/var/log/daemon :

Oct 26 13:48:12 bgp1 bgpd[31321]: nexthop 212.x.x.253 now valid: via
212.x.x.254

And this one with the em0 interface :

Oct 26 13:53:21 bgp1 bgpd[31321]: nexthop 212.x.x.253 now valid: directly
connected

Regards

Claude


Henning Brauer wrote:
> 
> * ClaudeBrassel <[EMAIL PROTECTED]> [2006-10-26 12:44]:
>> carp0: flags=8843 mtu 1500
>> carp: MASTER carpdev em0 vhid 1 advbase 1 advskew 100
>> groups: carp
>> inet 212.xxx.xxx.254 netmask 0xfffc broadcast 212.xxx.xxx.255
> 
>> ip_interroute="212.xx.xx.253"
>> neighbor $ip_interroute {
>> remote-as   8928
>> descr   "peering interroute"
>> local-address   212.xxx.xxx.254
>> holdtime180
>> holdtime min3
>> announceself
>> }
> 
> you'll likely want a "depend on carp0" within the neighbor definition 
> for interroute, but taht is related to your issue.
> 
>> bgp1 # bgpctl sh next
>> Nexthop  State
>> 212.xxx.xxx.253valid
> 
> so .253 is the interroute router right?
> 
> [ show rib ]
>> *>195.68.0.0/17  212.xxx.xxx.254  100 0 8928 8220 i
> 
> please show "route -n get 212.xxx.xxx.253"
> also, what release are you on? we fixed some cases where the interface 
> pointer was missing in messages on the routing socked, and I think that 
> was post-3.9
> 
>> If I delete the carp and bring the em0 with the ip up everything works
>> great 
> 
> yeah. carp plays fast with routes. and screws up. it fiddles with the 
> interface route, and that is broken for at least unnumbered interfaces. 
> ryan and I need to find some time to sit over this together.
> 
> nontheless. I have a similar setup with a carp interface to an exchange 
> point network, and that works just fine - with something close to 4.0.
> 
> -- 
> Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
> BS Web Services, http://bsws.de
> Full-Service ISP - Secure Hosting, Mail and DNS Services
> Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/OpenBGP---carp-interface-tf2513187.html#a7009726
Sent from the openbsd user - misc mailing list archive at Nabble.com.



Re: OpenBGP & carp interface

2006-10-26 Thread ClaudeBrassel
Some add-on :

in the /var/log/daemon I have following entrys if I start the bgp session
with the carp :
Oct 26 13:48:12 bgp1 bgpd[31321]: nexthop 212.23.37.253 now valid: via
212.23.37.254

And this one with the em0 interface :

Oct 26 13:53:21 bgp1 bgpd[31321]: nexthop 212.23.37.253 now valid: directly
connected


Thanks

Claude


Henning Brauer wrote:
> 
> * ClaudeBrassel <[EMAIL PROTECTED]> [2006-10-26 12:44]:
>> carp0: flags=8843 mtu 1500
>> carp: MASTER carpdev em0 vhid 1 advbase 1 advskew 100
>> groups: carp
>> inet 212.xxx.xxx.254 netmask 0xfffc broadcast 212.xxx.xxx.255
> 
>> ip_interroute="212.xx.xx.253"
>> neighbor $ip_interroute {
>> remote-as   8928
>> descr   "peering interroute"
>> local-address   212.xxx.xxx.254
>> holdtime180
>> holdtime min3
>> announceself
>> }
> 
> you'll likely want a "depend on carp0" within the neighbor definition 
> for interroute, but taht is related to your issue.
> 
>> bgp1 # bgpctl sh next
>> Nexthop  State
>> 212.xxx.xxx.253valid
> 
> so .253 is the interroute router right?
> 
> [ show rib ]
>> *>195.68.0.0/17  212.xxx.xxx.254  100 0 8928 8220 i
> 
> please show "route -n get 212.xxx.xxx.253"
> also, what release are you on? we fixed some cases where the interface 
> pointer was missing in messages on the routing socked, and I think that 
> was post-3.9
> 
>> If I delete the carp and bring the em0 with the ip up everything works
>> great 
> 
> yeah. carp plays fast with routes. and screws up. it fiddles with the 
> interface route, and that is broken for at least unnumbered interfaces. 
> ryan and I need to find some time to sit over this together.
> 
> nontheless. I have a similar setup with a carp interface to an exchange 
> point network, and that works just fine - with something close to 4.0.
> 
> -- 
> Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
> BS Web Services, http://bsws.de
> Full-Service ISP - Secure Hosting, Mail and DNS Services
> Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/OpenBGP---carp-interface-tf2513187.html#a7009690
Sent from the openbsd user - misc mailing list archive at Nabble.com.



Re: Lenovo notebooks

2006-10-26 Thread Didier Wiroth
- Original Message -
From: martin g
Date: Thursday, October 26, 2006 9:10
Subject: Lenovo notebooks
To: misc@openbsd.org

> Hello all
>
> Has anyone got experience with Lenovo notebooks running OpenBSD.
> If you are so kind to share your experience.
>
> tnx.

Hello,
I'm using a thinkpad x60s. From not being able to boot +/- 1 year ago, almost 
everything is working now, even acpi :-) starts to work.
PCMCIA is not working, when inserting a card, the kernel panics immediately 
(see bug report PR 5239 for details).

Kind regards
Didier



Re: OpenBGP & carp interface

2006-10-26 Thread ClaudeBrassel
Hello,

The release is :
bgp1 # uname -rsv
OpenBSD 3.9 GENERIC#617

and yes 212.x.x.253 is my neigbhor.

bgp1 # ifconfig carp0
carp0: flags=8843 mtu 1500
carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 100
groups: carp
inet 212.x.x.254 netmask 0xfffc broadcast 212.xxx.xxx.255
bgp1 # ifconfig em0
em0: flags=8943 mtu 1500
lladdr 00:07:e9:24:aa:38
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::207:e9ff:fe24:aa38%em0 prefixlen 64 scopeid 0x1
bgp1 # bgpctl neighbor 212.x.x.253 up
request processed
bgp1 # route -n get 212.x.x.253
   route to: 212.x.x.253
destination: 212.x.x.253
  interface: carp0
 if address: 212.x.x.254
  flags: 
 recvpipe  sendpipe  ssthresh  rtt,msecrttvar  hopcount  mtu
expire
   0 0 0 0 0 0 0 
1169
bgp1 # bgpctl sh next
Nexthop  State
212.x.x.253valid
64.x.x.148 valid em1 UP, Ethernet, active, 100 MBit/s
bgp1 # bgpctl sh interfaces
Interface  Nexthop state  Flags  Link state
carp5  ok UP CARP, master
carp6  ok UP CARP, master
carp0  ok UP CARP, master
lo0ok UP unknown
enc0   invalid   unknown
pfsync0ok UP unknown
pflog0 invalid   unknown
hme7   ok UP Ethernet, active, 100 MBit/s
hme6   ok UP Ethernet, active, 100 MBit/s
hme5   invalidUP Ethernet, no carrier
hme4   ok UP Ethernet, active, 100 MBit/s
hme3   ok UP Ethernet, active, 100 MBit/s
hme2   invalid   Ethernet, unknown
hme1   invalid   Ethernet, unknown
hme0   invalid   Ethernet, unknown
em1ok UP Ethernet, active, 100 MBit/s
em0ok UP Ethernet, active, 100 MBit/s




Henning Brauer wrote:
> 
> * ClaudeBrassel <[EMAIL PROTECTED]> [2006-10-26 12:44]:
>> carp0: flags=8843 mtu 1500
>> carp: MASTER carpdev em0 vhid 1 advbase 1 advskew 100
>> groups: carp
>> inet 212.xxx.xxx.254 netmask 0xfffc broadcast 212.xxx.xxx.255
> 
>> ip_interroute="212.xx.xx.253"
>> neighbor $ip_interroute {
>> remote-as   8928
>> descr   "peering interroute"
>> local-address   212.xxx.xxx.254
>> holdtime180
>> holdtime min3
>> announceself
>> }
> 
> you'll likely want a "depend on carp0" within the neighbor definition 
> for interroute, but taht is related to your issue.
> 
>> bgp1 # bgpctl sh next
>> Nexthop  State
>> 212.xxx.xxx.253valid
> 
> so .253 is the interroute router right?
> 
> [ show rib ]
>> *>195.68.0.0/17  212.xxx.xxx.254  100 0 8928 8220 i
> 
> please show "route -n get 212.xxx.xxx.253"
> also, what release are you on? we fixed some cases where the interface 
> pointer was missing in messages on the routing socked, and I think that 
> was post-3.9
> 
>> If I delete the carp and bring the em0 with the ip up everything works
>> great 
> 
> yeah. carp plays fast with routes. and screws up. it fiddles with the 
> interface route, and that is broken for at least unnumbered interfaces. 
> ryan and I need to find some time to sit over this together.
> 
> nontheless. I have a similar setup with a carp interface to an exchange 
> point network, and that works just fine - with something close to 4.0.
> 
> -- 
> Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
> BS Web Services, http://bsws.de
> Full-Service ISP - Secure Hosting, Mail and DNS Services
> Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/OpenBGP---carp-interface-tf2513187.html#a7009644
Sent from the openbsd user - misc mailing list archive at Nabble.com.



Re: Uptime and pf stats difference.

2006-10-26 Thread RCF

The server had been in testing for almost a month with rdate
configured to run every 6 hours before I rebooted. So I don't really
think the clock was off.

On 26/10/06, Alexander Hall <[EMAIL PROTECTED]> wrote:

RCF wrote:

> [11:16:[EMAIL PROTECTED]:~$ uptime
> 11:16AM  up 440 days, 22:15, 1 user, load averages: 0.39, 0.26, 0.19

> [11:16:[EMAIL PROTECTED]:~$ sudo pfctl -s info
> Status: Enabled for 440 days 22:20:03 Debug: Urgent


I guess your time was off by a few minutes when you started your computer.

Uptime seems unaffected by changing the clock, while I guess pfctl just
calculates the time difference between now and the time it was started.

$ sudo date 02; sudo pfctl -d; sudo pfctl -e; sudo pfctl -si | head -n1
Thu Oct 26 13:02:00 CEST 2006
pf disabled
pf enabled
Status: Enabled for 0 days 00:00:00   Debug: Urgent
 ^^^ All is well

$ sudo date 03; sudo pfctl -si | head -n1
Thu Oct 26 13:03:00 CEST 2006
Status: Enabled for 0 days 00:01:00   Debug: Urgent
 ^^^ Oops

$ sudo date 01; sudo pfctl -si | head -n1
Thu Oct 26 13:01:00 CEST 2006
Status: Enabled for 49710 days 06:27:16   Debug: Urgent
 ^^^ D'oh!

Don't know if there is much to do about it. Maybe a sanity check a la
time = (start < stop ? stop - start : 0)
or so, if someone should care enough.

/Alexander




Re: Uptime and pf stats difference.

2006-10-26 Thread Alexander Hall

RCF wrote:


[11:16:[EMAIL PROTECTED]:~$ uptime
11:16AM  up 440 days, 22:15, 1 user, load averages: 0.39, 0.26, 0.19



[11:16:[EMAIL PROTECTED]:~$ sudo pfctl -s info
Status: Enabled for 440 days 22:20:03 Debug: Urgent



I guess your time was off by a few minutes when you started your computer.

Uptime seems unaffected by changing the clock, while I guess pfctl just 
calculates the time difference between now and the time it was started.


$ sudo date 02; sudo pfctl -d; sudo pfctl -e; sudo pfctl -si | head -n1
Thu Oct 26 13:02:00 CEST 2006
pf disabled
pf enabled
Status: Enabled for 0 days 00:00:00   Debug: Urgent
^^^ All is well

$ sudo date 03; sudo pfctl -si | head -n1
Thu Oct 26 13:03:00 CEST 2006
Status: Enabled for 0 days 00:01:00   Debug: Urgent
^^^ Oops

$ sudo date 01; sudo pfctl -si | head -n1
Thu Oct 26 13:01:00 CEST 2006
Status: Enabled for 49710 days 06:27:16   Debug: Urgent
^^^ D'oh!

Don't know if there is much to do about it. Maybe a sanity check a la
time = (start < stop ? stop - start : 0)
or so, if someone should care enough.

/Alexander



Re: Unknown "." dir in a daily insecurity report

2006-10-26 Thread ropers

On 26/10/06, Patrick Rutkowski <[EMAIL PROTECTED]> wrote:

I don't know what I'm supposed to make of this:

=== Start Message ===

Subject:  daily insecurity output

Checking special files and directories.
Output format is:
filename:
criteria (shouldbe, reallyis)
.:  permissions (0755, 0777)

=== End Message ===

Normally I don't get daily insecurity reports, which I take to mean
that everything is OK. But for the past two nights I have gotten this
one; and I can't figure out what it's trying to tell me.

 sudo find / -perm 777  will show no output other than
when I deliberately create a single chmod 777 file, at which point it
will show only that one file. This proves that that find is working
properly and that there are, as far as I can tell, no chmod 777 files
on my system.

The only thing worth mentioning about my system is that it's still
running 3.8.


sudo chmod 755 /.



Re: OpenBGP & carp interface

2006-10-26 Thread Henning Brauer
* Henning Brauer <[EMAIL PROTECTED]> [2006-10-26 12:59]:
> * ClaudeBrassel <[EMAIL PROTECTED]> [2006-10-26 12:44]:
> > carp0: flags=8843 mtu 1500
> > carp: MASTER carpdev em0 vhid 1 advbase 1 advskew 100
> > groups: carp
> > inet 212.xxx.xxx.254 netmask 0xfffc broadcast 212.xxx.xxx.255
> 
> > ip_interroute="212.xx.xx.253"
> > neighbor $ip_interroute {
> > remote-as   8928
> > descr   "peering interroute"
> > local-address   212.xxx.xxx.254
> > holdtime180
> > holdtime min3
> > announceself
> > }
> 
> you'll likely want a "depend on carp0" within the neighbor definition 
> for interroute, but taht is related to your issue.

e NOT related



Re: OpenBGP & carp interface

2006-10-26 Thread Henning Brauer
* ClaudeBrassel <[EMAIL PROTECTED]> [2006-10-26 12:44]:
> carp0: flags=8843 mtu 1500
> carp: MASTER carpdev em0 vhid 1 advbase 1 advskew 100
> groups: carp
> inet 212.xxx.xxx.254 netmask 0xfffc broadcast 212.xxx.xxx.255

> ip_interroute="212.xx.xx.253"
> neighbor $ip_interroute {
> remote-as   8928
> descr   "peering interroute"
> local-address   212.xxx.xxx.254
> holdtime180
> holdtime min3
> announceself
> }

you'll likely want a "depend on carp0" within the neighbor definition 
for interroute, but taht is related to your issue.

> bgp1 # bgpctl sh next
> Nexthop  State
> 212.xxx.xxx.253valid

so .253 is the interroute router right?

[ show rib ]
> *>195.68.0.0/17  212.xxx.xxx.254  100 0 8928 8220 i

please show "route -n get 212.xxx.xxx.253"
also, what release are you on? we fixed some cases where the interface 
pointer was missing in messages on the routing socked, and I think that 
was post-3.9

> If I delete the carp and bring the em0 with the ip up everything works great 

yeah. carp plays fast with routes. and screws up. it fiddles with the 
interface route, and that is broken for at least unnumbered interfaces. 
ryan and I need to find some time to sit over this together.

nontheless. I have a similar setup with a carp interface to an exchange 
point network, and that works just fine - with something close to 4.0.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam



OpenBGP & carp interface

2006-10-26 Thread ClaudeBrassel
Hello,

I new to bgp and I try to use it but i have some trouble with carp devices

I Have 2 peering, one work great one not 

My interfaces :
carp0 => interface with interroute : 212.xxx.xxx.254
carp0: flags=8843 mtu 1500
carp: MASTER carpdev em0 vhid 1 advbase 1 advskew 100
groups: carp
inet 212.xxx.xxx.254 netmask 0xfffc broadcast 212.xxx.xxx.255

em0: flags=8943 mtu 1500
lladdr 00:07:e9:24:aa:38
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::207:e9ff:fe24:aa38%em0 prefixlen 64 scopeid 0x1

I use carp device because I have only 2 ip's in the subnet (my ip and the
peering router)

em1  => interface with neo : 83.xxx.xxx.109

My bgpd.conf :

ip_interroute="212.xx.xx.253"
ip_neotelecom="64.xx.xx.148"
neighbor $ip_interroute {
remote-as   8928
descr   "peering interroute"
local-address   212.xxx.xxx.254
holdtime180
holdtime min3
announceself
}

neighbor $ip_neotelecom {
remote-as   6461
descr   "peering NeoTelecom"
local-address   83.xxx.xxx.109
holdtime180
holdtime min3
announceself
multihop3
}

bgp1 # bgpctl sh
Neighbor ASMsgRcvdMsgSentOutQ  Up/Down 
State/PrefixRcvd
peering NeoTelecom6461  95342   1027 0 17:04:38 197977
peering interroute8928 300179882 0 00:09:41 200898

When I use the carp device the bgp session works, he acquire the complete
routing table.
But ..

bgp1 # bgpctl sh next
Nexthop  State
212.xxx.xxx.253valid
64.xxx.xxx.148 valid em1 UP, Ethernet, active, 100 MBit/s
bgp1 # bgpctl sh interface
Interface  Nexthop state  Flags  Link stater
carp0  ok UP CARP, master
em1ok UP Ethernet, active, 100 MBit/s
em0ok UP Ethernet, active, 100 MBit/s
bgp1 # bgpctl show rib 195.68.0.1
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
*>195.68.0.0/17  212.xxx.xxx.254  100 0 8928 8220 i
* 195.68.0.0/17   83.xxx.xxx.106  100   174 6461 8220 i

Now the problem is that the gateway is my self, 212.xxx.xxx.254 is the carp0
IP

If I delete the carp and bring the em0 with the ip up everything works great 
:
bgp1 # bgpctl sh next
Nexthop  State
212.xxx.xxx.253valid em0 UP, Ethernet, active, 100 MBit/s
64.xxx.xxx.148 valid em1 UP, Ethernet, active, 100 MBit/s
bgp1 # bgpctl show rib 195.68.0.1
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
*>195.68.0.0/17   212.xxx.xxx.253  100 0 8928 8220 i
* 195.68.0.0/17   83.xxx.xxx.106  100   174 6461 8220 i


Some Idea ?

Regards

Claude




-- 
View this message in context: 
http://www.nabble.com/OpenBGP---carp-interface-tf2513187.html#a7008786
Sent from the openbsd user - misc mailing list archive at Nabble.com.



Uptime and pf stats difference.

2006-10-26 Thread RCF

Hi all,

 I came across this curiosity, it looks like the firewall was running
~4 minutes before the computer booted. Wouldn't be a bad idea I guess.

I have checked 3.8 and 3.9 and such difference is not there, although
those machines have only weeks of uptime.


[11:15:[EMAIL PROTECTED]:~$ uname -a
OpenBSD ns4.com 3.7 ASROCK_15Jul05#0 i386
[11:16:[EMAIL PROTECTED]:~$ uptime
11:16AM  up 440 days, 22:15, 1 user, load averages: 0.39, 0.26, 0.19
[11:16:[EMAIL PROTECTED]:~$ ls -al /var/run/dmesg.boot
-rw-r--r--  1 root  wheel  16027 Aug 11  2005 /var/run/dmesg.boot
[11:16:[EMAIL PROTECTED]:~$ sudo pfctl -s info
Status: Enabled for 440 days 22:20:03 Debug: Urgent

Hostid: 0xcda0de08

.

Regards,

 Myself..



Re: OpenBSD AJAX

2006-10-26 Thread Joachim Schipper
On Wed, Oct 25, 2006 at 05:54:37PM -0500, Damian Wiest wrote:
> On Wed, Oct 25, 2006 at 03:06:36PM +0200, Joachim Schipper wrote:
> > Just a half-baked thought, but escaping any non-constant expression
> > (i.e., actual variable, not fixed string) passed to the browser or a
> > database would go a long way toward solving most problems.
> > 
> > That is,
> > 
> > $hello = "";
> > echo " ", $hello;
> > 
> > could produce
> >  
> > 
> > And
> > 
> > do_query('select var1, var2 from mydb where id = ' . $my_id);
> > 
> > would not be as dangerous as it is now.
> > 
> > Of course, this is an ugly hack [1]. But a hack that would make my life
> > quite a bit easier.
> > 
> > Joachim
> > 
> > [1] The first example is not that bad, treating constants and variables
> > differently is just one sin; the interesting part is figuring out a sane
> > way to do the latter.
> > 
> 
> Or you could use DBI's bind parameters and not have to worry about the 
> issue.

Yes, but that solves only the second problem and doesn't work on sloppy
(non-)programmers.

> My main problem with PHP is that it allows programmers to be extremely 
> sloppy and embed application logic into what would otherwise be an HTML 
> page.  Using code to iterate through a list and display the values 
> contained within is fine, but I see a lot of people doing transactional 
> processing in PHP pages.  This isn't unique to PHP, as JSPs tend to have 
> the same problems.

When you have a hammer, ...

Joachim



Re: I need help in interpreting some Docs

2006-10-26 Thread Joachim Schipper
On Wed, Oct 25, 2006 at 11:32:00AM -0700, John Draper wrote:
> Joachim Schipper wrote:
> >On Tue, Oct 24, 2006 at 03:17:05PM -0700, John Draper wrote:
> >> or would I (...) write [Snort-inline] off as something OpenBSD is
> >> not setup to do,  or is there an alternative [to IPTables] I can
> >> use with Snort?
> >>
> >Snort-inline is written to work with IPTables. It might be possible to
> >implement something similar for pf, although it would most likely
> >require some patches; however, to the best of my knowledge, this has not
> >been done yet.
> >
> >It would be possible to use Snort's response mechanism to put someone in
> >a table, say . pf can be configured to handle tables in many
> >interesting ways. This is not real-time blocking, but might be close
> >enough.
>
> I also posted this to the snort users list,  [EMAIL PROTECTED],  but
> (sigh) my postings are not making it to the list.   Have they changed
> their list mailing address?   I suppose I shouldn't ask that in this
> forum,  but if anyone knows the snort mailing list address,  and if
> it's different, then I need to know that.

I really wouldn't know what snort mailing lists are there, but are you
*really* certain that is not just one random guy? a quick google does
suggest so, and does suggest that
https://lists.sourceforge.net/lists/listinfo/snort-users might be a good
place to start (note the [EMAIL PROTECTED]).

> >>I'm basically setting up snort that if it sees a Priority one attack
> >>it executes a script or Binary file,  well,  actually it will instantiate
> >>a thread that does this in whatever scripting language I choose (Python)
> >>in my case.
> >
> >Easy DoS.
> > 
> I simplified this...   of course it is...  but was just giving an example.
>
> >>I Haven't read ALL the new stuff yet, but am ready to install any
> >>additional utilities, like Barnyard.  Which I already have running.
> >
> >Barnyard doesn't have a lot to do with Snort-inline, really.
> > 
> I know,  I'm still trying to figure it all out.   Wish I could reach the 
> snort
> community  Can't seem to mail to their list after signing up.
> 
> >>Is it possible to use Snort in normal NIDS mode, then when I get a
> >>higher priority attach,  to switch to Inline mode?  How fast
> >>can Snort switch from one mode to another?   Also, is it possible
> >>to use Snort to "look at" a binary file and display contents via
> >>the ./snort -dvr option while snort is running?
> >
> >You cannot switch modes, that's just silly. Inline mode most likely does
> >allow you to warn only, so that would take care of any need for running
> >Snort in two modes.
> >
> Ok,  thanx for the info  when I was playing with Snort,  they didn't
> have this mode.

It's been around for a while, I believe, but has only recently been
integrated with the main development branch.

> >Do you mean the log_tcpdump output module when you say 'binary file'? If
> >so, use tcpdump.  And yes, this can be done while Snort is running,
> >although the file is most likely not complete, so you will be unable to
> >see the last (couple of) packet(s).
> > 
> >
> OK,  right.
> 
> >Those questions are all answered in the documentation, really. Not worth
> >bothering two lists with.
>
> If they can be answered in the documentation,  then please point me
> to it...   the snort docs have more then 150 files,  most are not 
> related with
> what I want to do,  some are not titled with names indicitive of what they
> talk about,  because I scanned each entry,  and read 80% of them,  and
> NO,  I didn't find the answers to my questions by reading the docs.

You won't hear me say that the Snort docs are easy to read, but the
questions you asked are, in fact, not that difficult to find an answer
to.

Q does OpenBSD have IPTables?
man -k iptables; ls -d /usr/ports/*/*iptables* (equivalent
web-based systems exist; the openbsd.org page links to the man pages,
and ports.openbsd.nu allows you to search the ports system)
Alternately, http://www.google.com/search?q=openbsd+iptables;
read the synopsis of the first hit,
http://www.openbsd.org/faq/faq9.html.
As to answering the question whether there is another solution,
http://www.google.com/search?q=snort+inline+pf
Q make devel for Snort or IPTables?
this is in the Snort docs, although not terribly clear
Q can log_tcpdump be read while Snort is running?
The manual also says it's in standard tcpdump format:
http://www.snort.org/docs/snort_htmanuals/htmanual_260/node13.html#SECTION003350
However, I'll admit that it might not be obvious that this can be read
while Snort is running. A simple test would give you an affirmative
answer; the other solution is to note that tcpdump's files can be read
while tcpdump is running, and extrapolate from there.
Q Switching modes?
granted, it might be hard to find a place where it is explicitly
said that this doesn't work

Questions are, of course, welcome; that's what this list is for, to a
certain ex

Re: OpenBGPD & tcpmd5 password change bug ?

2006-10-26 Thread Henning Brauer
* Marcel Prisi <[EMAIL PROTECTED]> [2006-10-26 11:34]:
> We seem to have hit a bug in OpenBGPD regarding tcpmd5.
> 
> We are running OpenBGPD 3.9 on OpenBSD 3.9 on i386 with two full peers.
> 
> We had a running session with tcpmd5 working.
> 
> For some reason, we had to change its password.
> 
> I edited bgpd.conf, bgpctl reload, bgpctl neighbor  clear
> 
> But the sessions staid active.

"active" as in bgp state active?

> I had a look at the output of "ipsecadm show" which gave me something
> that was obviously wrong (I was in a hurry and did not copy it, sorry)

GNARF! that would have been what we needed to figure out what was going 
on...

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam



Re: Lenovo notebooks

2006-10-26 Thread Kian Mohageri
On 10/26/06, Andreas Kahari <[EMAIL PROTECTED]> wrote:
>
> On 26/10/06, martin g <[EMAIL PROTECTED]> wrote:
> > Hello all
> >
> > Has anyone got experience with Lenovo notebooks running OpenBSD.
> > If you are so kind to share your experience.
>
>
>
I have a Thinkpad T43 running an OpenBSD snapshot at the moment.  I dual
boot FreeBSD and OpenBSD on it.

I haven't run into any problems with basic functionality but I haven't tried
out much in the way of power management.

-- 
Kian Mohageri



OpenBGPD & tcpmd5 password change bug ?

2006-10-26 Thread Marcel Prisi
We seem to have hit a bug in OpenBGPD regarding tcpmd5.

We are running OpenBGPD 3.9 on OpenBSD 3.9 on i386 with two full peers.

We had a running session with tcpmd5 working.

For some reason, we had to change its password.

I edited bgpd.conf, bgpctl reload, bgpctl neighbor  clear

But the sessions staid active.

I had a look at the output of "ipsecadm show" which gave me something
that was obviously wrong (I was in a hurry and did not copy it, sorry)

We tried changing the password again but we could not get the session
back. We finally deactivated tcpmd5 and the session was back in a few
seconds.

Did I do sth wrong or is there some issue here ??

Thanks



Re: Lenovo notebooks

2006-10-26 Thread Andreas Kahari

On 26/10/06, martin g <[EMAIL PROTECTED]> wrote:

Hello all

Has anyone got experience with Lenovo notebooks running OpenBSD.
If you are so kind to share your experience.



http://marc.theaimsgroup.com/?l=openbsd-misc&s=lenovo

--
Andreas Kahari
Somewhere in the general Cambridge area, UK



Re: Unknown "." dir in a daily insecurity report

2006-10-26 Thread Otto Moerbeek
On Thu, 26 Oct 2006, Patrick Rutkowski wrote:

> I don't know what I'm supposed to make of this:
> 
> === Start Message ===
> 
> Subject:  daily insecurity output
> 
> Checking special files and directories.
> Output format is:
>   filename:
>   criteria (shouldbe, reallyis)
> .:  permissions (0755, 0777)
> 
> === End Message ===
> 
> Normally I don't get daily insecurity reports, which I take to mean that
> everything is OK. But for the past two nights I have gotten this one; and I
> can't figure out what it's trying to tell me.
> 
>  sudo find / -perm 777  will show no output other than when I
> deliberately create a single chmod 777 file, at which point it will show only
> that one file. This proves that that find is working properly and that there
> are, as far as I can tell, no chmod 777 files on my system.
> 
> The only thing worth mentioning about my system is that it's still running
> 3.8.

It looks like your / dir has the wrong permissions.

-Otto



Intel Core Duo - should I go for bsd.mp?

2006-10-26 Thread Peter N. M. Hansteen
Most likely some time tomorrow I'll have a Thinkpad R60 with an Intel
Core Duo processor land in my lap.  I wonder, would it be at all
useful to try running it with a bsd.mp kernel?

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds



Unknown "." dir in a daily insecurity report

2006-10-26 Thread Patrick Rutkowski

I don't know what I'm supposed to make of this:

=== Start Message ===

Subject:  daily insecurity output

Checking special files and directories.
Output format is:
filename:
criteria (shouldbe, reallyis)
.:  permissions (0755, 0777)

=== End Message ===

Normally I don't get daily insecurity reports, which I take to mean  
that everything is OK. But for the past two nights I have gotten this  
one; and I can't figure out what it's trying to tell me.


 sudo find / -perm 777  will show no output other than  
when I deliberately create a single chmod 777 file, at which point it  
will show only that one file. This proves that that find is working  
properly and that there are, as far as I can tell, no chmod 777 files  
on my system.


The only thing worth mentioning about my system is that it's still  
running 3.8.


-Patrick



IBM T40 mouse freezes after resume from zzz

2006-10-26 Thread Greg Thomas

If I run zzz from an xterm and resume the mouse is frozen.  If I
switch to another terminal or if I ssh into my laptop, run zzz,
resume, and switch back to X, then the mouse works fine.

OpenBSD 4.0-current (GENERIC) #1145: Tue Oct 10 15:58:33 MDT 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1300MHz ("GenuineIntel"
686-class) 1.30 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 1300 MHz (1388 mV): speeds: 1300, 1200, 1000,
800, 600 MHz
real mem  = 535719936 (523164K)
avail mem = 480768000 (469500K)
using 4256 buffers containing 26910720 bytes (26280K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(29) BIOS, date 06/02/06, BIOS32 rev. 0 @
0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries)
bios0: IBM 237314U
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 100%
apm0: AC on, battery charge high
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #6 is the last bus
bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000
0xdc000/0x4000! 0xe/0x1
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82855PE Hub" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82855PE AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M7 LW" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x81
pci2 at ppb1 bus 2
cbb0 at pci2 dev 0 function 0 "TI PCI1520 CardBus" rev 0x01: irq 11
cbb1 at pci2 dev 0 function 1 "TI PCI1520 CardBus" rev 0x01: irq 11
iwi0 at pci2 dev 2 function 0 "Intel PRO/Wireless 2200BG" rev 0x05:
irq 11, address 00:12:f0:9e:f8:4b
fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VE" rev 0x81, i82562: irq
11, address 00:09:6b:53:07:b6
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0xb0
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 6 device 0 cacheline 0x8, lattimer 0xb0
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x01
pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 28615MB, 58605120 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x01: irq 11
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x01: irq
11, ICH4 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
"Intel 82801DB Modem" rev 0x01 at pci0 dev 31 function 6 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt2 at isa0 port 0x3bc/4: polled
npx0 at isa0 port 0xf0/16: using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask effd netmask effd ttymask 
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
ath0 at cardbus0 dev 0 function 0 "NETGEAR WAB501 802.11a/b Wireless
Adapter, 00": irq 11
ath0: AR5211 4.2 phy 3.0 rf5111 1.7, FCC1A, address 00:09:5b:40:7d:3c
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0

Lenovo notebooks

2006-10-26 Thread martin g
Hello all

Has anyone got experience with Lenovo notebooks running OpenBSD.
If you are so kind to share your experience.

tnx.



Re: macppc booting: G3 w/ SCSI disk

2006-10-26 Thread gklok
On Wed, Oct 25, 2006 at 01:07:37PM -0500, Jacob Yocom-Piatt wrote:
> /dev/[EMAIL PROTECTED]/ADPT,[EMAIL PROTECTED]:9,ofwboot, which makes sense 
> from the
try /dev/[EMAIL PROTECTED]/ADPT,[EMAIL PROTECTED]:0,ofwboot