Re: OpenBSD 4.0 released Nov 1, 2006
Theo de Raadt <[EMAIL PROTECTED]> writes: > We are pleased to announce the official release of OpenBSD 4.0. My jaw dropped lower and lower as I read the release announcement. An incredible list of drivers added, especially wireless! One wire support, even! And tick adjust! A great release of a great OS. Thanks to all of you for the hard work! -- KBK
Re: macppc kernel panic during boot with 10.23.2006 snapshot
On Mon, 30 Oct 2006 10:47:13 -0800 Ben Calvert <[EMAIL PROTECTED]> wrote: > This is on a 400mhz 1st gen tibook. It boots & runs fine with 3.9. > > Unfortunately the keyboard isn't doing anything useful, so all i can > report is what's on the screen: > > the last message is: > - > openpic0 at macobio0 offset 0x4000panic: trap type 200 at 2eafb0 > ( openpic_do_pending_int+0x230) lr 2ea674 > > Stopped at Debugger+0x10; lwz50,2025 > > - > > I'm not convinced updating from 3.9 to 4.0-CURRENT via source is the > best idea, so unless someone has a quick fix for this i'll hang out > a couple of days and try the next snapshot Which works perfectly. dmesg attached Thanks, > > Ben [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg.out]
Web interface to sqlports
Hi everyone, I've been waiting for 4.0 to start playing around with your package sqlports. More precisely I've been reading/learning alot about Ruby on Rails lately and I'd like to give a try at making a web interface to search the ports collection through sqlports. For the rest of the email, please keep in mind i've never touch sqlite. I used MySQL and PgSQL alot, but not SQLite. Now I just installed 4.0 and installed sqlports with pkg_add...and well I was hoping for a little post-install message to get me started, but nothing. So I installed sqlite: pkg_add sqlite which installed sqlite-2.8.17p1. Unfortunately still no post-install message to get me started, no man sqlports, man sqlite, man sqlite3... The only thing I noticed is /usr/local/share/sqlports which is a 17MB binary file... So yeah, could you give me a few pointers to at least get the schema/data out of sqlite? At least then I can dump that back in pgsql. Thanks for any help you can give me, JD
Re: OpenBSD Audio series other than bsdtalk ?
On Oct 31, 2006, at 9:44 PM, Damian Wiest wrote: On Tue, Oct 31, 2006 at 05:10:25PM +, Douglas Hunter wrote: NYCBSDCon2006 now has its talks available in MP3 and with slides in pdf from http://www.fetissov.org/public/nycbsdcon06/ I saw this in the OpenBSD Journal ( http://undeadly.org/) I suppose this saves me the trouble, or should I go ahead and post my recordings? I was one of two people doing audio recording at the conference, but I used a MiniDisc recorder. It's a really old one, so I have to do analog transfer which will take like 10+ hours for everything. If yours sounds substantially better than Nikolai's, I'd like to get a copy. I might start over from scratch to remove some unexpected encoding artifacts. If I'm going to, it would be nice to have the best audio available too. Thanks, -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: Via C7 fully supported?
On Wed, 1 Nov 2006, Rod.. Whitworth wrote: > Have a look at the LE565 with (IIRC) 4*1Gb and serial access to the > BIOS (they say, I haven't seen one yet.) > > HTH I have an LE564 running OpenBSD 4.0beta as a spamd trap. I like the 564 because you have your choice of NIC vendors and speed. diana
Re: Sun x2100 M2 DMESG weirdenn and remote access. OpenBSD 4.0
On 31-Oct-06, at 4:35 PM, Damian Wiest wrote: On Tue, Oct 31, 2006 at 04:22:52PM -1000, [EMAIL PROTECTED] wrote: On 31-Oct-06, at 3:59 PM, Damian Wiest wrote: On Sat, Oct 28, 2006 at 09:17:11AM -0700, Pawel S. Veselov wrote: stan wrote: On Tue, Oct 24, 2006 at 11:11:43PM -0700, Pawel S. Veselov wrote: Daniel Ouellet wrote: stan wrote: That's actually not a given IFIRK Sun says the RAID on the 2100's is "Windows only". Why Sun picks that kinda hardware for it's servers, is another kinda question But the controller manufacturers play evil here... Might be beacuse these machines are about $750US each list. What about v65x then ? :) I don't know if I mentioned this already, but the Intel Gigabit Ethernet chip on Sun's AMD64 systems isn't even supported under Solaris. Windows drivers only. I have heard rumors that a recent build of OpenSolaris includes driver support though. -Damian That is incorrect. The Intel chipset on the Sun AMD64 servers is supported under Solaris with the Sun e1000g driver (and the older ipge driver on SPARC systems that have that same chipset, anyway). The e1000g adds jumbo frames and a few other features over the ipge driver. Also, the RAID controller configuration is available via the BIOS and in Solaris as raidctl(1M) -Mike I'll have to talk to one of my co-workers about this. I seem to recall there being a driver available, but that it didn't work properly. Getting OT, but are you using the SUNWintgige package? Are you talking about the Nvidia RAID controller? -Damian I don't know the package, really, as the manpage doesn't list it as it should in ATTRIBUTES. Unfortunately, our Sun AMD64 boxes were slated for Windows installations, so they only ran Solaris (pre- installed) for a short while. I had little time to play with them before our Windows admin setup the LSI RAID controllers via BIOS and wiped the disks. If it helps, the e1000g driver was released in Solaris Update 2 (U2) 06/06 I believe and is documented here: http://docs.sun.com/app/docs/doc/816-5177/6mbbc4g54?a=view and the following page lists Solaris 32-bit and 64-bit support: http://www.sun.com/servers/entry/x2100/os.jsp -Mike
Re: OpenBSD Audio series other than bsdtalk ?
On Tue, Oct 31, 2006 at 05:10:25PM +, Douglas Hunter wrote: > NYCBSDCon2006 now has its talks available in MP3 and with slides in pdf from > http://www.fetissov.org/public/nycbsdcon06/ > > I saw this in the OpenBSD Journal ( http://undeadly.org/) > > > Douglas I suppose this saves me the trouble, or should I go ahead and post my recordings? I was one of two people doing audio recording at the conference, but I used a MiniDisc recorder. It's a really old one, so I have to do analog transfer which will take like 10+ hours for everything. -Damian
Re: Sun x2100 M2 DMESG weirdenn and remote access. OpenBSD 4.0
On Tue, Oct 31, 2006 at 04:22:52PM -1000, [EMAIL PROTECTED] wrote: > On 31-Oct-06, at 3:59 PM, Damian Wiest wrote: > > >On Sat, Oct 28, 2006 at 09:17:11AM -0700, Pawel S. Veselov wrote: > >>stan wrote: > >>>On Tue, Oct 24, 2006 at 11:11:43PM -0700, Pawel S. Veselov wrote: > >>> > Daniel Ouellet wrote: > > >stan wrote: > > > >>That's actually not a given IFIRK Sun says the RAID on the 2100's > >>is "Windows only". > >> > >> > Why Sun picks that kinda hardware for it's servers, is another > kinda > question But the controller manufacturers play evil here... > > > >>> > >>>Might be beacuse these machines are about $750US each list. > >>> > >>> > >>What about v65x then ? :) > > > >I don't know if I mentioned this already, but the Intel Gigabit > >Ethernet > >chip on Sun's AMD64 systems isn't even supported under Solaris. > >Windows drivers only. I have heard rumors that a recent build > >of OpenSolaris includes driver support though. > > > >-Damian > > > > That is incorrect. The Intel chipset on the Sun AMD64 servers is > supported under Solaris with the Sun e1000g driver (and the older > ipge driver on SPARC systems that have that same chipset, anyway). > The e1000g adds jumbo frames and a few other features over the ipge > driver. > > Also, the RAID controller configuration is available via the BIOS and > in Solaris as raidctl(1M) > > -Mike I'll have to talk to one of my co-workers about this. I seem to recall there being a driver available, but that it didn't work properly. Getting OT, but are you using the SUNWintgige package? Are you talking about the Nvidia RAID controller? -Damian
Re: Nintendo Wifi Connector and Nintendo DS (WEP)
On Tue, Oct 31, 2006 at 11:08:15AM +0100, Guido Tschakert wrote: > Hello, > > after reading through the "ralink broken after last update" thread and > seeing that Bruno is using an Nintendo Wifi Connector > I wonder if someone has connected a Nintendo DS via an OpenBSD Box and > the Nintendo Wifi Connector as AP using WEP. > Without WEP everything works fine for me (i put my /etc/hostname.ural0 > at the bottom of this message) > But I haven't worked out how to configure WEP. > What worked was using WEP for a connection between the Wifi Connector as > Accesspoint and my notebook. > So if anybody know in which format I have to use the WEP Key on both the > OpenBSD Box and the Nintendo DS, I really would like to know. > > thanks > > guido > > > > > > /etc/hostname.ural0 > inet 192.168.22.1 255.255.255.252 NONE media DS2 mediaopt hostap mode > 11b nwid zelda chan 12 -nwkey > > (btw the DS only works with 2Mbps) I've got a couple DS's (and a PSP :( ) at home and have been using them with various systems (FreeBSD and OpenBSD with Aironet and Prism cards and a Linksys 54WRTG) acting as access points. I don't seem to recall encountering any problems. What does the Nintendo wireless adapter attach as? Is there some reason you're hardcoding the transmit speed on your AP? I had no end of trouble trying to connect when I tried this. I believe that if you specify the transmit speed, then all devices must use that speed. Meaning, you can't have one using DS2, one using DS11 and your AP doing autoselect. At least I couldn't get that sort of setup to function. As for the WEP key, you should enter it just like you did on your AP. -Damian
Re: Sun x2100 M2 DMESG weirdenn and remote access. OpenBSD 4.0
On 31-Oct-06, at 3:59 PM, Damian Wiest wrote: On Sat, Oct 28, 2006 at 09:17:11AM -0700, Pawel S. Veselov wrote: stan wrote: On Tue, Oct 24, 2006 at 11:11:43PM -0700, Pawel S. Veselov wrote: Daniel Ouellet wrote: stan wrote: That's actually not a given IFIRK Sun says the RAID on the 2100's is "Windows only". Why Sun picks that kinda hardware for it's servers, is another kinda question But the controller manufacturers play evil here... Might be beacuse these machines are about $750US each list. What about v65x then ? :) I don't know if I mentioned this already, but the Intel Gigabit Ethernet chip on Sun's AMD64 systems isn't even supported under Solaris. Windows drivers only. I have heard rumors that a recent build of OpenSolaris includes driver support though. -Damian That is incorrect. The Intel chipset on the Sun AMD64 servers is supported under Solaris with the Sun e1000g driver (and the older ipge driver on SPARC systems that have that same chipset, anyway). The e1000g adds jumbo frames and a few other features over the ipge driver. Also, the RAID controller configuration is available via the BIOS and in Solaris as raidctl(1M) -Mike
Sun T1 105
I am looking for some feedback on this DMESG if possible. I am playing with an old Sun T1 105 and does look like it work well, but I never saw so many not configure message in a single DMESG. Can anyone clue me in. Is that really normal, did I most likely forgot something, etc. That's my first time with this Sum hardware type, so I am not sure as to what's normal or not. Thanks Daniel Here the dmesg. == dmesg console is /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL PROTECTED],3803f8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.0 (GENERIC) #953: Sun Sep 17 00:56:22 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC total memory = 1073741824 avail memory = 969629696 using 6553 buffers containing 53682176 bytes of memory bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0 mainbus0 (root): Netra t1 (UltraSPARC-IIi 440MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 440.039 MHz, version 0 FPU cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 2048K external (64 b/l) psycho0 at mainbus0 addr 0xfffc: SUNW,sabre, impl 0, version 0, ign 7c0 psycho0: bus range 0-3, PCI bus 0 psycho0: dvma map c000-dfff, iotdb 5366000-53e6000 pci0 at psycho0 ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13 pci1 at ppb0 bus 1 ebus0 at pci1 dev 1 function 0 "Sun PCIO Ebus2" rev 0x01 auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 72c000-72c003, 72f000-72f003 power0 at ebus0 addr 724000-724003 ipl 37 "SUNW,pll" at ebus0 addr 504000-504002 not configured com0 at ebus0 addr 3803f8-3803ff ipl 28: ns16550a, 16 byte fifo com0: console com1 at ebus0 addr 3602f8-3602ff ipl 20: ns16550a, 16 byte fifo lpt0 at ebus0 addr 340278-340287, 30015c-30015d, 70-7f ipl 34: polled "fdthree" at ebus0 addr 3203f0-3203f7, 706000-70600f, 72-720003 ipl 39 not configured clock1 at ebus0 addr 0-1fff: mk48t59 "flashprom" at ebus0 addr 0-f not configured "watchdog" at ebus0 addr 20-20003f ipl 4 not configured "display7seg" at ebus0 addr 200040-200040 not configured beeper0 at ebus0 addr 722000-722003 "flashprom" at ebus0 addr 40-5f not configured "flashprom" at ebus0 addr 80-9f not configured pcfiic0 at ebus0 addr 60-63 ipl 40 iic0 at pcfiic0 pcfadc0 at iic0 addr 0x4f "i2cpcf,8574a" at iic0 addr 0x38 not configured "i2cpcf,8574a" at iic0 addr 0x39 not configured pcfiic1 at ebus0 addr 10-13 ipl 27 iic1 at pcfiic1 "SUNW,lom" at ebus0 addr 40-400063 not configured hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address 08:00:20:f9:b7:98 luphy0 at hme0 phy 0: LU6612 10/100 PHY, rev. 1 siop0 at pci1 dev 2 function 0 "Symbios Logic 53c875" rev 0x03: ivec 0x7e0, using 4K of on-board RAM scsibus0 at siop0: 16 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total sd1 at scsibus0 targ 1 lun 0: SCSI2 0/direct fixed sd1: 8637MB, 4926 cyl, 27 head, 133 sec, 512 bytes/sec, 17689267 sec total hme1 at pci1 dev 3 function 1 "Sun HME" rev 0x01: ivec 0x7da, address 08:00:20:f9:b7:99 luphy1 at hme1 phy 0: LU6612 10/100 PHY, rev. 1 ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13 pci2 at ppb1 bus 2 ppb2 at pci2 dev 1 function 0 "DEC 21150 PCI-PCI" rev 0x06 pci3 at ppb2 bus 3 pciide0 at pci3 dev 14 function 0 "CMD Technology PCI0646" rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 0x7c2 for native-PCI interrupt pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 pcons at mainbus0 not configured No counter-timer -- using %tick at 440MHz as system clock. root on sd0a siop0: target 0 now using tagged 16 bit 20.0 MHz 16 REQ/ACK offset xfers rootdev=0x700 rrootdev=0x1100 rawdev=0x1102 siop0: target 1 now using tagged 16 bit 20.0 MHz 15 REQ/ACK offset xfers
Re: understanding the kernel
On Sun, Oct 29, 2006 at 11:18:28PM -0700, George Mihai IACOB wrote: > Jonathan Gray wrote: > >On Sun, Oct 29, 2006 at 08:24:16PM -0700, George Mihai IACOB wrote: > >>Hello! > >> > >>I am a not-so-experienced programmer and I started a personal project > >>which requires a deep understanding of the OpenBSD kernel - no, I am not > >>going to fork another BSD style operating system. I wonder if there is > >>documentation describing the kernel, other that the comments in the > >>source. For a start, I am reading Andrew Tanenbaum's "Modern Operating > >>Systems", 2nd edition and trying to follow the code in the kernel > >>source, starting with sys/kern/init_main.c > >>Is this a wrong approach? Do you have other suggestions? I know there's > >>no easy way and I am not looking for one, all I want is a starting point. > >>Regards, > >>George > > > >You don't mention what you had in mind so it is hard to point at anything. > >"The Design and Implementation of the 4.4 BSD Operating System" by > >McKusick and friends is likely to be more relevant for implementation > >details, Tanebaum's book is more high level theory. > > > > Well, I want to be able to write software which should run in kernel > mode and/or modify the kernel. Basically, I'm just like a college > student taking an operating systems course and using OpenBSD as an example. "Operating System Concepts" by Silbershatz, Galvin and Gagne: http://codex.cs.yale.edu/avi/os-book/os7/ As a bonus, there are pretty dinosaur pictures at the start of each chapter. Also, get the BSD book mentioned above. -Damian
Re: Sun x2100 M2 DMESG weirdenn and remote access. OpenBSD 4.0
On Sat, Oct 28, 2006 at 09:17:11AM -0700, Pawel S. Veselov wrote: > stan wrote: > >On Tue, Oct 24, 2006 at 11:11:43PM -0700, Pawel S. Veselov wrote: > > > >>Daniel Ouellet wrote: > >> > >>>stan wrote: > >>> > That's actually not a given IFIRK Sun says the RAID on the 2100's > is "Windows only". > > > >>Why Sun picks that kinda hardware for it's servers, is another kinda > >>question But the controller manufacturers play evil here... > >> > >> > > > >Might be beacuse these machines are about $750US each list. > > > > > What about v65x then ? :) I don't know if I mentioned this already, but the Intel Gigabit Ethernet chip on Sun's AMD64 systems isn't even supported under Solaris. Windows drivers only. I have heard rumors that a recent build of OpenSolaris includes driver support though. -Damian
Re: OpenBSD 4.0 released Nov 1, 2006
On Tue, 31 Oct 2006 17:16:08 -0700, Theo de Raadt <[EMAIL PROTECTED]> wrote: > >Nov 1, 2006. > >We are pleased to announce the official release of OpenBSD 4.0. Congratulations to Theo, all the developers and everyone who helped out! Kind Regards, J.C. Roberts -- Free, Open Source CAD, CAM and EDA Tools http://www.DesignTools.org
Re: OpenBSD Wiki
On Thu, Oct 26, 2006 at 08:52:20PM -0500, Kenny Mann wrote: > Dudes, > > Many months ago I started a website called OpenBSD-Wiki (located at > http://www.openbsd-wiki.org). > > The orginal goal was pretty selfish: Document what it took to get my > systems going so I wouldn't forget. > > I'm not a complete moron (eek! I hope!) , but I'm no where near as > skilled as many on this list -- so I needed some documentation for > myself. Wiki seemed to make the most sense, especially considering that > many articles on the web are out of date and could use some minor (and > sometimes major) adjustments. > > As I lurked the misc@ list, I found some pretty helpful things, emailed > the offer off-list asking if their works can be placed on that site > released under the BSD license and so far everyone I've asked has been > kind enough to say yes. > > Anyone is welcome to create articles or create content they think is > useful for other people to know (so long as either you or the original > author will release it under the BSD license). > > As far as how thinks should be organized and all that, I haven't > entirely thought that through and am open to suggestions. My orginal > thoughts where to make it close to the Gentoo-Wiki project (located at: > http://www.gentoo-wiki.org). > > I've been pretty busy lately and haven't had time to produce as many > articles as I'd like but I'm also waiting for the 4.0 CD to arrive (it's > already shipped and I have a tracking number! yay! I'm excited!) and I > will update as many articles to that as possible. > > I lack design abilities, so any criticism is welcome. Well _any_ > criticism is welcome. > > I'm trying to figure out a sane method to extract the articles into > being a plain-text dump, so everyone can take copies if they need, once > I get that figured out I'll post on the site. > > Those that have already contributed or allowed me to take their articles > and place them their, I thank you very much and would like to say: You rock! > > One final thing, this is hosted off of my SBC DSL Business Elite line. > This means I have 3-6mb down and 384-618 up (static IP's), so if the > lines start getting clogged too hard then I'm willing to pay for some > real hosting -- so no worries. > > > --Kenny I typically use LaTeX for this sort of thing. You can create a simple makefile that will produce output in many different formats. I also typically have an rsync based installer that pushes the changes out from my CVS working copy to the webserver. LaTex is pretty easy to pick up; an example article should be enough to get you going. I can also recommend Leslie Lamport's book, "LaTeX: A Document Preparation System" http://research.microsoft.com/users/lamport/pubs/pubs.html#latex -Damian
Re: Lenovo notebooks
On Thu, Oct 26, 2006 at 10:57:27PM +0200, ropers wrote: > On 26/10/06, stuartv <[EMAIL PROTECTED]> wrote: > >>On 10/26/06, Johan P. Lindstrvm <[EMAIL PROTECTED]> wrote: > >>> > >>> You should really get yours too, not buying the CD's will not improve > >>> the hardware support now will it? > >> > >> > >>The way it works here is "boss, I need to buy an openbsd license for each > >>openbsd box we run. It's $50 each, + shipping. Sign here please". > >> > >>Speaking of that, I need to get off my ass and buy my 4.0 licenses > >already. > >> > > > >Awww... Too late for that for me, I had to use the whole "Look Boss, it's > >free" line along with plenty of documentation that OpenBSD is as secure as > >it gets for them to let me put in the first OpenBSD box. They are pretty > >happy with them so far. I'm going to try to hit them up with the whole > >"Wouldn't it be nice to support such a great project that we use so much" > >argument as soon as things slow down here a bit and there is time to chat. > >That should work. > > > >stuart > > That's what I'm planning to do as well... but it may be a pipe dream > -- the single small department that I sysadmin for on a part time > basis took a lot of convincing to even let me put in that one OpenBSD > firewall... OTOH, if I wait half a year and we haven't gotten the > Windows 2003 server rootkitted again by that time, I may have a much > stronger case. "Look guys, this seems to be doing us some good right > here..." It prolly works in OpenBSD's advantage that the software can > be paid for after the fact. You wouldn't believe the politics and red > tape that's getting in the way of buying and deploying just about any > additional security product. "We've already got our antivirus program, > now why would we want to buy an antispyware program.?" "We're already > using Firefox, now why do we need a firewall?" Slightly embellished, > but in the broad strokes that's what took place. I am not making this > up. > Why do you continue to work there? Sorry, I just left that sort of environment and have been kicking myself for not leaving earlier. -Damian
Re: Need help with NAT + IPSEC
Johan Hedin wrote: Hi I need help with our IPSEC setup. We have an internal net 192.168.1.0/24. We have IPSEC to a customer on net 10.92.0.0/16. However, they already used the 192.168.1.0 net, so the IPSEC tunnel is to 10.84.230.0/28. I have set up 10.84.230.1 on the internal network interface (hme3), and added a manual route to 10.92.0.0/16 via 10.84.230.1. All works perfect on the firewall. On the internal net however, I can not reach the 10.92 net. I have tried to nat 192.168.1.0 via 10.84.230.1. NAT works, but the packets are thrown back out on hme3 with 10.84.230.1 as source address and to via enc0 as I want. How would one solve this? TIA Johan Hedin CTO eCare AB [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Hi this has been discussed here before From the man page --- NAT can also be applied to enc# interfaces, but special care should be taken because of the interactions between NAT and the IPsec flow matching, especially on the packet output path. Inside the TCP/IP stack,packets go through the following stages: UL/R -> [X] -> PF/NAT(enc0) -> IPsec -> PF/NAT(IF) -> IF UL/R < PF/NAT(enc0) <- IPsec <- PF/NAT(IF) <- IF With IF being the real interface and UL/R the Upper Layer or Routing code. The [X] stage on the output path represents the point where the packet is matched against the IPsec flow database (SPD) to determine if and how the packet has to be IPsec-processed. If, at this point, it is determined that the packet should be IPsec-processed, it is processed by the PF/NAT code. Unless PF drops the packet, it will then be IPsec-pro- cessed, even if the packet has been modified by NAT. - What I do for this is I have my vpn server in a dmz EVIL INTERNET / \ / \ em0 em0 || ---\ /\ fw | - em1 -DMZ- - em1 | vpn | ---/ \/ | em2 Internal networks Outbound traffic to your customer gets nat-ed on em1 of fw Inbound traffic from your customer gets nated on em1 of vpn This may or may not be 'correct' but it works here, and it is pretty simple.
OpenBSD 4.0 released Nov 1, 2006
Nov 1, 2006. We are pleased to announce the official release of OpenBSD 4.0. This is our 20th release on CD-ROM (and 21st via FTP). We remain proud of OpenBSD's record of ten years with only a single remote hole in the default install. As in our previous releases, 4.0 provides significant improvements, including new features, in nearly all areas of the system: - New/extended platforms: o OpenBSD/armish. Various ARM-based appliances, using the Redboot boot loader, currently only supporting the Thecus N2100 and IOData HDL-G. o OpenBSD/sparc64. UltraSPARC III based machines are now supported! o OpenBSD/zaurus. Support for the Zaurus SL-C3200. - Improved hardware support, including: o New msk(4) driver for Marvell/SysKonnect Yukon-2 Gigabit Ethernet. o New bnx(4) driver for Broadcom NetXtreme II Gigabit Ethernet. o New xge(4) driver for Neterion Xframe/Xframe II 10Gb Ethernet. o New rum(4) driver for Ralink Technology 2nd gen USB IEEE 802.11a/b/g wireless. o New acx(4) driver for Texas Instruments ACX100/ACX111 IEEE 802.11a/b/g wireless. o New pgt(4) driver for Connexant/Intersil Prism GT Full-MAC IEEE 802.11a/b/g wireless. o New uath(4) driver for Atheros USB IEEE 802.11a/b/g wireless. o New binary blob free wpi(4) driver for Intel PRO/Wireless 3945ABG IEEE 802.11a/b/g wireless. o New arc(4) driver for Areca Technology Corporation SATA RAID; including RAID management via bio(4). o New mfi(4) driver for LSI Logic & Dell MegaRAID SAS RAID; including RAID management via bio(4). o New azalia(4) driver for generic High Definition Audio. o New SD/MMC/SDIO drivers (sdhc(4), sdmmc(4)), currently supporting SD memory cards as fake SCSI sd(4) drives. o New udcf(4) driver for Gude ADS Expert mouseCLOCK DCF77/HBG time signal station receivers. o New uslcom(4) driver for Silicon Laboratories CP2101/CP2102 based USB serial adapters. o New ucycom(4) driver for Cypress microcontroller based USB serial adapters. o New uark(4) driver for Arkmicro Technologies ARK3116 based USB serial adapters. o New umsm(4) driver for Qualcomm MSM EVDO based modems. o New Dallas/Maxim 1-Wire bus support, including: o New gpioow(4) driver for 1-Wire bus bit-banging through GPIO pin o New onewire(4) 1-Wire bus driver o New owid(4) 1-Wire ID family driver o New owtemp(4) 1-Wire temperature family driver o New isagpio(4) driver for ISA I/O mapped as GPIO. o New nmea(4) line discipline for NMEA 0183 (GPS) devices. The new nmeaattach(8) utility can be used to receive NMEA 0183 data and provide the time received as a timedelta sensor to be used by, for example, ntpd(8). o New VAX framebuffer drivers: o New lcg(4) driver for VAXstation 4000/60 and VLC color frame buffers o New lcspx(4) driver for Low-Cost SPX color frame buffers o New gpx(4) driver for GPX color frame buffers o smg(4) driver for Small Monochrome Graphics frame buffers heavily updated to be a modern wscons(4) driver o Support for VAX-based Digital VXT2000 and VXT2000+ terminals. o The bge(4) driver supporting newer chipsets, such as the Broadcom BCM5754, BCM5755, BCM5786, and BCM5787. o The em(4) driver supporting newer chipsets, such as the Intel ESB2 and ICH8. o The nfe(4) driver supporting newer chipsets, such as the NVIDIA MCP61 and MCP65. o The re(4) driver supporting newer chipsets, such as the Realtek RT8101E, RT8168, and RT8169SC. o The dc(4) driver supporting newer chipsets, such as the ADMtek ADM9511 and ADM9513. o The pciide(4) driver supporting newer chipsets, such as: o ATI IXP300 SATA, IXP600 IDE o Intel 6321ESB IDE/SATA, 82801G SATA, and 82801H SATA o IT Express IT8211F IDE o NVIDIA MCP61 SATA, MCP65 SATA o Promise PDC205xx SATA o ServerWorks SATA o VIA VT8237A SATA o The mpt(4) driver has been replaced with mpi(4), a more stable driver that supports more hardware. o The com(4) driver now supports pcmcia and cardbus cards on macppc. o Working interrupt routing on Sun Netra t1 105, Ultra 60 and possibly other sparc64 systems. o Work around broken VIA and NVIDIA MPBIOSes, fixes interrupt routing with GENERIC.MP on several systems. o Initial bio(4) support for Compaq/HP ciss(4) Smart ARRAY 5/6 SAS/SCSI RAID controllers. o Improved speed control on some systems: o New SpeedStep detection code, also adds support for VIA C7-M, and several newer Pentium M's. o Support SpeedStep in rudimentary fashion on most unknown CPU's that advertise the feature. o Zaurus can be moved into slowe
OpenBSD 4.0 released :)
Thanks for another neat release to the OpenBSD-Guys! Kind regards, Sebastian
OpenBGPD issue 250000 prefix limit reached
We have a rather mysterious issue with our OpenBGPD box. We use it to
inject a bogon BGP feed and as a router monitor. We recently upgrade
from 3.6 to 4.0 and bgpd keeps closing the session because max-prefix
has been reached. I configured MRTG to generate graphs of prefixes on
each of our BGP session and can see the prefix count slowly growing from
about 16 to 25 over an 18 hour period. The Cisco router in
question would hit hardware limitations before it could announce 250k
prefixes, so I'm wondering if this could be an incompatibility or bug.
The same configuration was working under 3.6.
Cisco config except:
neighbor --openbsdbox-- remote-as --ourasn--
neighbor --openbsdbox-- description iBGP with OpenBGPD
neighbor --openbsdbox-- password 7 --md5 password removed--
neighbor --openbsdbox-- version 4
neighbor --openbsdbox-- next-hop-self
neighbor --openbsdbox-- route-map bogons in
neighbor --openbsdbox-- maximum-prefix 1000 70
/etc/bgpd.conf except:
group "iBGP" {
remote-as --ourasn--
announce all
max-prefix 25 restart 5
multihop 3
neighbor --cisco-- {
descr "iBGP with cisco"
tcp md5sig password --md5 password removed--
}
neighbor --anothercisco-- {
descr "iBGP with anothercisco"
tcp md5sig password --md5 password removed--
}
}
Thanks,
Dustin Lundquist
> $ dmesg
> console is /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL
> PROTECTED],3803f8
> Copyright (c) 1982, 1986, 1989, 1991, 1993
> The Regents of the University of California. All rights reserved.
> Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org
>
> OpenBSD 4.0 (GENERIC) #953: Sun Sep 17 00:56:22 MDT 2006
> [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC
> total memory = 536870912
> avail memory = 479199232
> using 3276 buffers containing 26836992 bytes of memory
> bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL
> PROTECTED],0
> mainbus0 (root): Netra t1 (UltraSPARC-IIi 440MHz)
> cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 440.012 MHz, version 0 FPU
> cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 2048K external
> (64 b/l)
> psycho0 at mainbus0 addr 0xfffc: SUNW,sabre, impl 0, version 0, ign 7c0
> psycho0: bus range 0-3, PCI bus 0
> psycho0: dvma map c000-dfff, iotdb 26a8000-2728000
> pci0 at psycho0
> ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13
> pci1 at ppb0 bus 1
> ebus0 at pci1 dev 1 function 0 "Sun PCIO Ebus2" rev 0x01
> auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003,
> 72c000-72c003, 72f000-72f003
> power0 at ebus0 addr 724000-724003 ipl 37
> "SUNW,pll" at ebus0 addr 504000-504002 not configured
> com0 at ebus0 addr 3803f8-3803ff ipl 28: ns16550a, 16 byte fifo
> com0: console
> com1 at ebus0 addr 3602f8-3602ff ipl 20: ns16550a, 16 byte fifo
> lpt0 at ebus0 addr 340278-340287, 30015c-30015d, 70-7f ipl 34: polled
> "fdthree" at ebus0 addr 3203f0-3203f7, 706000-70600f, 72-720003 ipl 39
> not configured
> clock1 at ebus0 addr 0-1fff: mk48t59
> "flashprom" at ebus0 addr 0-f not configured
> "watchdog" at ebus0 addr 20-20003f ipl 4 not configured
> "display7seg" at ebus0 addr 200040-200040 not configured
> beeper0 at ebus0 addr 722000-722003
> "flashprom" at ebus0 addr 40-5f not configured
> "flashprom" at ebus0 addr 80-9f not configured
> pcfiic0 at ebus0 addr 60-63 ipl 40
> iic0 at pcfiic0
> pcfadc0 at iic0 addr 0x4f
> "i2cpcf,8574a" at iic0 addr 0x38 not configured
> "i2cpcf,8574a" at iic0 addr 0x39 not configured
> pcfiic1 at ebus0 addr 10-13 ipl 27
> iic1 at pcfiic1
> "SUNW,lom" at ebus0 addr 40-400063 not configured
> hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address
> 08:00:20:c1:d6:12
> luphy0 at hme0 phy 0: LU6612 10/100 PHY, rev. 1
> siop0 at pci1 dev 2 function 0 "Symbios Logic 53c875" rev 0x03: ivec 0x7e0,
> using 4K of on-board RAM
> scsibus0 at siop0: 16 targets
> sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct
> fixed
> sd0: 8637MB, 4926 cyl, 27 head, 133 sec, 512 bytes/sec, 17689267 sec total
> sd1 at scsibus0 targ 1 lun 0: SCSI2 0/direct
> fixed
> sd1: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total
> hme1 at pci1 dev 3 function 1 "Sun HME" rev 0x01: ivec 0x7da, address
> 08:00:20:c1:d6:13
> luphy1 at hme1 phy 0: LU6612 10/100 PHY, rev. 1
> ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13
> pci2 at ppb1 bus 2
> ppb2 at pci2 dev 1 function 0 "DEC 21150 PCI-PCI" rev 0x04
> pci3 at ppb2 bus 3
> pciide0 at pci3 dev 14 function 0 "CMD Technology PCI0646" rev 0x03: DMA,
> channel 0 configured to native-PCI, channel 1 configured to native-PCI
> pciide0: using ivec 0x7c2 for native-PCI interrupt
> pciide0: channel 0 disabled (no drives)
> pciide0: channel 1 disabled (no drives)
> pcons at mainbus0 not configured
> No
X issue on FSC AMILO Pro V2055
I use OpenBSD 3.8 on a Fujitsu Siemens (FSC) AMILO Pro V2055 Notebook.
Problem occurred right after installing from the CD set.
After starting X the virtual consoles are no longer accessible.
Some "trying to switch screens" happens but then the X screen is
back and then the mouse cursor hangs.
While I have installed X on some workstations before (OpenBSD 3.5
and OpenBSD 3.7) I am quite the opposite of an X guru - but had
lots of time to read X related man pages during last 4 weeks
(time to read seems to be the silver lining of having to stay
in bed all day after surgery).
Unfortunately, I could not find anything that explains this
behaviour (even worse - I still do not get the big picture so
book recommendations regarding general understanding of X are
highly appreciated *g*).
I did not find anything in Google.
In addition it might be worth mentioning that video memory is NOT
cleared between X sessions. This means that the next user can see
your last screen content for a second or so. Being that practical
paranoid I consider this being a security issue.
Please note that screen content survives a reboot and even 15 min
of power off (notebook ...).
Compared to that it is just a minor issue that ttyC0 will always
be visible for a second or so when starting X from other virtual
consoles. Be sure to blank it before calling startx in front of
your customer. ;-)
I tried FreeBSD, too (first time in my life, FreeBSD 6.1).
Problem does not occur.
dmesg.boot follows, problem also occurred before using wsmouse and
the external Cherry mouse.
OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz ("GenuineIntel" 686-class) 1.47
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLU
SH,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,TM2
real mem = 199393280 (194720K)
avail mem = 175067136 (170964K)
using 2459 buffers containing 10072064 bytes (9836K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(e8) BIOS, date 07/21/06, BIOS32 rev. 0 @ 0xfddc4
pcibios0: pcibios_get_status - function not supported
pcibios at bios0 function 0x1a not configured
bios0: ROM list: 0xc/0xf800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 vendor "VIA", unknown product 0x0314 rev 0x00
pchb1 at pci0 dev 0 function 1 vendor "VIA", unknown product 0x1314 rev 0x00
pchb2 at pci0 dev 0 function 2 vendor "VIA", unknown product 0x2314 rev 0x00
pchb3 at pci0 dev 0 function 3 vendor "VIA", unknown product 0x3208 rev 0x00
pchb4 at pci0 dev 0 function 4 vendor "VIA", unknown product 0x4314 rev 0x00
pchb5 at pci0 dev 0 function 7 vendor "VIA", unknown product 0x7314 rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8377 PCI-PCI" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "VIA", unknown product 0x3344 rev 0x01:
aperture at
0xf000, size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
vendor "Broadcom", unknown product 0x4318 (class network subclass
miscellaneous, rev
0x02) at pci0 dev 6 function 0 not configured
cbb0 at pci0 dev 12 function 0 "ENE CB-1410 CardBus" rev 0x01pci_intr_map: no
mapping
for pin A
: couldn't map interrupt
pciide0 at pci0 dev 15 function 0 "VIA VT8237 SATA" rev 0x80: DMA
pciide0: using irq 10 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA48, 38154MB, 78140160 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 0
configured to compatibility, channel 1 configured to compatibility
pciide1: channel 0 disabled (no drives)
atapiscsi0 at pciide1 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom
removable
cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 9
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 9
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 7
ehci0: timed out waiting for BIOS
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 4 ports with 4 removable, self powered
pcib0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x60pci_intr_map: no
mapping for
pin C
: couldn't map interrupt
"VIA VT82C686 Modem" rev 0x80 at pci0 dev 17 function 6 not configured
vr0 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x78: irq 10 address
00:14:0b:01:2a:ad
ukphy0 at vr0 phy 1: Generic IEEE 802.3
Need help with NAT + IPSEC
Hi I need help with our IPSEC setup. We have an internal net 192.168.1.0/24. We have IPSEC to a customer on net 10.92.0.0/16. However, they already used the 192.168.1.0 net, so the IPSEC tunnel is to 10.84.230.0/28. I have set up 10.84.230.1 on the internal network interface (hme3), and added a manual route to 10.92.0.0/16 via 10.84.230.1. All works perfect on the firewall. On the internal net however, I can not reach the 10.92 net. I have tried to nat 192.168.1.0 via 10.84.230.1. NAT works, but the packets are thrown back out on hme3 with 10.84.230.1 as source address and to via enc0 as I want. How would one solve this? TIA Johan Hedin CTO eCare AB [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: Via C7 fully supported?
On Tue, 31 Oct 2006 16:03:24 -0700 (MST), Diana Eichert wrote: >And the commell only has 2 1Gb NICs instead of 4. > Have a look at the LE565 with (IIRC) 4*1Gb and serial access to the BIOS (they say, I haven't seen one yet.) HTH >From the land "down under": Australia. Do we look from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not.
Re: Via C7 fully supported?
On Tue, 31 Oct 2006, Massimo Lusetti wrote: SNIP > > look like a more interesting choice than the commell I'm looking at, > > http://www.commell.com.tw/Product/SBC/LV-669.HTM > > The only thing thery're missing is the gpio, which could be usefull. > > Regards > -- > Massimo And the commell only has 2 1Gb NICs instead of 4. diana
Re: Fast Xorg Performance
> > is the new prebinding code in 4.0? > > The code is there. It is not being used by anything yet. There > are things which need to be worked out. and this stuff is documented in the ldconfig(8) manpage, see -P, if you want to play.
Re: Fast Xorg Performance
> is the new prebinding code in 4.0? The code is there. It is not being used by anything yet. There are things which need to be worked out.
Re: Fast Xorg Performance
On 10/31/06, Berk D. Demir <[EMAIL PROTECTED]> wrote: Under 1 second... Even Firefox... I can not achieve similar even with prebind'ed binaries on an Athlon64 3500+ with more than 1GB empty DDR2 memory to scratch. I took a stopwatch to it and firefox is 2.5 seconds. In other words it loads in under a "california second" :) but a big improvement nonetheless. good video drivers we need. I prebound the mozilla libraries and it didn't help a ton -- maybe a 10th of a second if that. is the new prebinding code in 4.0?
sensorsd.conf multiple thresholds for the same sensor allowed?
Is it possible to specify multiple thresholds for the same sensor in /etc/sensorsd.conf? For example: hw.sensors.2:low=50F:high=70F:command=/bin/echo "Ambient Temp %2" | /usr/bin/mail -s "Hardware Sensors Warning" [EMAIL PROTECTED] hw.sensors.2:low=55F:high=68F:command=/bin/echo "Ambient Temp %2" | /usr/bin/mail -s "Hardware Sensors Warning" [EMAIL PROTECTED] When I run sensorsd, all I get in /var/log/daemon is: sensorsd[19211]: startup, 1 watches for 33 sensors When the temperature crossed both high values, I didn't get two emails. I'm doing this so I can get a sense of which direction the temp is going.
Re: Fast Xorg Performance
Karsten McMinn wrote: apps are loading in under a second (including firefox) and with the eye candy all turned on. Under 1 second... Even Firefox... I can not achieve similar even with prebind'ed binaries on an Athlon64 3500+ with more than 1GB empty DDR2 memory to scratch. Good for you.
System snapshots on i386 broken?
I was trying to install system anew on my laptop, and when getting address via DHCP all I got was: bind: Can't assign requested address exiting. ifconfig: SIOCDIFADDR: Can't assign requested address I tried several times, so decided to see what will happen if I do the same on a virtual machine... Same thing. Kind of sucks as I usually do network installs, and when giving IPv6 address as the address of ftp server it tries to interpret the first colon as port number separator... -- viq
Re: your mail which lacked a subject
Paul Irofti wrote: On Tuesday 31 October 2006 21:40, Mark Zimmerman wrote: On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote: Hello, OpenBSD 4.0 installed from official CD (i386). No problems. In trying to install various Gnome apps (e.g., gedit), I'm running into a missing lib problem, and while I've people who've had the same problem on Google, I haven't found a clear response that seems to have fixed the problem. (I am performing this pkg_add via FTP). In a nutshell, here is what I'm seeing from pkg_add: Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0 Even by looking in dependency tree... etc. Maybe it's in a dependent... etc. Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0 etc. Any suggestions? You mean, besides "wait for 4.0 to be released"? No, not really. ftp://ftp.openbsd.org/pub/OpenBSD/4.0 still looks empty to me. The place from which you are FTPing packages for 4.0 is almost certainly the wrong place. Installing packages that do not match your installed version leads to chaos, and sometimes public ridicule. 5.5 hours to go until 01 Nov 2006 00:00:00 UTC. (The release may be later or earlier than this, at Theo's pleasure.) -- Mark He said official CD, so you might reconsider your answer ;) Not only that, but 4.0 appears to be up on ftp.usa.openbsd.org
Re: your mail which lacked a subject
On Tue, Oct 31, 2006 at 03:37:05PM -0500, Harry Menegay wrote: > Paul Irofti wrote: > >On Tuesday 31 October 2006 21:40, Mark Zimmerman wrote: > > > >>On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote: > >> > >He said official CD, so you might reconsider your answer ;) > > Not only that, but 4.0 appears to be up on ftp.usa.openbsd.org > WooHoo! Sorry for adding noise to the list... ftp.usa.openbsd.org seems seriously bogged down right now. Waiting might be advisable.
Re: Boost OpenBSD security - Zophie for 3.9
Wijnand Wiersma wrote: > > Development cycle of OpenBSD4.0 support starts tomorrow and will be > finished when 4.1 releases? Sure, why not. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: [OT] sparc64 CPU specifications: pipelines
Paul Irofti wrote: > > Thanks, but I'm interested in specfic details regarding sparc, not generic > concepts and fundamentals. Sparc as implemented by whom? I mean, you can find VHDL/Verilog source out there for the LEON implementation of the sparc CPU. But I'm sure that futjitsu, and everyone else out there likely did their own implementation of pipelining/etc. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: your mail which lacked a subject
On Tue, Oct 31, 2006 at 10:15:02PM +0200, Paul Irofti wrote: > On Tuesday 31 October 2006 21:40, Mark Zimmerman wrote: > > On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote: > > > Hello, > > > > > > OpenBSD 4.0 installed from official CD (i386). No problems. In > > > trying to install various Gnome apps (e.g., gedit), I'm running > > > into a missing lib problem, and while I've people who've had the > > > same problem on Google, I haven't found a clear response that seems > > > to have fixed the problem. (I am performing this pkg_add via FTP). > > > In a nutshell, here is what I'm seeing from pkg_add: > > > > > > > > > > > > Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0 > > > Even by looking in dependency tree... etc. > > > Maybe it's in a dependent... etc. > > > Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0 > > > etc. > > > > > > > > > > > > Any suggestions? > > > > You mean, besides "wait for 4.0 to be released"? No, not really. > > > > ftp://ftp.openbsd.org/pub/OpenBSD/4.0 still looks empty to me. The > > place from which you are FTPing packages for 4.0 is almost certainly > > the wrong place. Installing packages that do not match your installed > > version leads to chaos, and sometimes public ridicule. > > > > 5.5 hours to go until 01 Nov 2006 00:00:00 UTC. (The release may be > > later or earlier than this, at Theo's pleasure.) > > > > -- Mark > > He said official CD, so you might reconsider your answer ;) I have one of those too, but he said "pkg_add via FTP". The relatively small number of packages on the CD, of course, install nicely without FTP.
Re: your mail which lacked a subject
On Tuesday 31 October 2006 21:40, Mark Zimmerman wrote: > On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote: > > Hello, > > > > OpenBSD 4.0 installed from official CD (i386). No problems. In > > trying to install various Gnome apps (e.g., gedit), I'm running > > into a missing lib problem, and while I've people who've had the > > same problem on Google, I haven't found a clear response that seems > > to have fixed the problem. (I am performing this pkg_add via FTP). > > In a nutshell, here is what I'm seeing from pkg_add: > > > > > > > > Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0 > > Even by looking in dependency tree... etc. > > Maybe it's in a dependent... etc. > > Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0 > > etc. > > > > > > > > Any suggestions? > > You mean, besides "wait for 4.0 to be released"? No, not really. > > ftp://ftp.openbsd.org/pub/OpenBSD/4.0 still looks empty to me. The > place from which you are FTPing packages for 4.0 is almost certainly > the wrong place. Installing packages that do not match your installed > version leads to chaos, and sometimes public ridicule. > > 5.5 hours to go until 01 Nov 2006 00:00:00 UTC. (The release may be > later or earlier than this, at Theo's pleasure.) > > -- Mark He said official CD, so you might reconsider your answer ;)
Re: Fast Xorg Performance
On 10/19/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
That's true, but once everything is loaded and the system has been
running long enough to figure out what belongs in swap and what belongs
in memory, simple stuff shouldn't take too long. Simple stuff like
opening an xterm.
following up, I've installed a dual-head matrox g450, using xorg's
mga driver and its 2d performance is head and shoulders
over the i810 driver. Running in dual-head mode, 1280x1024 16bit
color, using xinerama. ive also switched onto a newer hd and
a nforce2 mb with a dual-channel memory setup, it has a athlon
1100 in it and performance in kde from ports is acceptable. most
apps are loading in under a second (including firefox) and with
the eye candy all turned on.
thanks to the person who kept a link up to a dual-head mga
xorg.conf in the archives, posting it in this message for
future installations:
OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) XP 2500+ ("AuthenticAMD" 686-class, 512KB L2
cache) 1.84 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 1073250304 (1048096K)
avail mem = 971014144 (948256K)
using 4256 buffers containing 53764096 bytes (52504K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(70) BIOS, date 08/12/03, BIOS32 rev. 0 @
0xfbba0, SMBIOS rev. 2.3 @ 0xf (37 entries)
bios0: MICRO-STAR INTERNATIONAL CO., LTD MS-6570
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdaf4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfda30/192 (10 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11 12
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x9000 0xcc000/0x1800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "NVIDIA nForce2 PCI" rev 0xc1
"NVIDIA nForce2" rev 0xc1 at pci0 dev 0 function 1 not configured
"NVIDIA nForce2" rev 0xc1 at pci0 dev 0 function 2 not configured
"NVIDIA nForce2" rev 0xc1 at pci0 dev 0 function 3 not configured
"NVIDIA nForce2" rev 0xc1 at pci0 dev 0 function 4 not configured
"NVIDIA nForce2" rev 0xc1 at pci0 dev 0 function 5 not configured
pcib0 at pci0 dev 1 function 0 "NVIDIA nForce2 ISA" rev 0xa3
nviic0 at pci0 dev 1 function 1 "NVIDIA nForce2 SMBus" rev 0xa2
iic0 at nviic0
"unknown" at iic0 addr 0x2f not configured
iic1 at nviic0
ohci0 at pci0 dev 2 function 0 "NVIDIA nForce2 USB" rev 0xa3: irq 5,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci0 dev 2 function 1 "NVIDIA nForce2 USB" rev 0xa3: irq 12,
version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
ehci0 at pci0 dev 2 function 2 "NVIDIA nForce2 USB" rev 0xa3: irq 10
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 6 ports with 6 removable, self powered
nfe0 at pci0 dev 4 function 0 "NVIDIA nForce2 LAN" rev 0xa1: irq 10,
address 00:10:dc:fd:a7:d7
icsphy0 at nfe0 phy 1: ICS1893 10/100 PHY, rev. 1
auich0 at pci0 dev 6 function 0 "NVIDIA nForce2 AC97" rev 0xa1: irq 5,
nForce2 AC97
ac97: codec id 0x414c4720 (Avance Logic ALC650)
ac97: codec features 20 bit DAC, 18 bit ADC, Realtek 3D
audio0 at auich0
ppb0 at pci0 dev 8 function 0 "NVIDIA nForce2 PCI-PCI" rev 0xa3
pci1 at ppb0 bus 1
vendor "3Com", unknown product 0x1050 (class network subclass
ethernet, rev 0x00) at pci1 dev 8 function 0 not configured
rl0 at pci1 dev 9 function 0 "D-Link Systems 530TX+" rev 0x10: irq 12,
address 00:40:05:81:5b:d9
rlphy0 at rl0 phy 0: RTL internal PHY
puc0 at pci1 dev 10 function 0 "US Robotics 3CP5610" rev 0x01: com
pccom3 at puc0 port 0 irq 11 0 : ns16550a, 16 byte fifo
pciide0 at pci0 dev 9 function 0 "NVIDIA nForce2 IDE" rev 0xa2: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0
5/cdrom removable
cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
ppb1 at pci0 dev 30 function 0 "NVIDIA nForce2 AGP" rev 0xc1
pci2 at ppb1 bus 2
vga1 at pci2 dev 0 function 0 "Matrox MGA G400/G450 AGP" rev 0x85
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, usi
Re: your mail
On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote: > Hello, > > OpenBSD 4.0 installed from official CD (i386). No problems. In trying > to install various Gnome apps (e.g., gedit), I'm running into a > missing lib problem, and while I've people who've had the same > problem on Google, I haven't found a clear response that seems to > have fixed the problem. (I am performing this pkg_add via FTP). In a > nutshell, here is what I'm seeing from pkg_add: > > > > Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0 > Even by looking in dependency tree... etc. > Maybe it's in a dependent... etc. > Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0 > etc. On my system, libcrypto.so.12.0 dates back from september 2005... Where are you getting those packages from ? the 3.8 directory ?
Re: your mail
On 2006/10/31 13:19, John Kintzele wrote: > OpenBSD 4.0 installed from official CD (i386). No problems. In trying > to install various Gnome apps (e.g., gedit), I'm running into a > missing lib problem, and while I've people who've had the same > problem on Google, I haven't found a clear response that seems to > have fixed the problem. (I am performing this pkg_add via FTP). In a > nutshell, here is what I'm seeing from pkg_add: Change your PKG_PATH, from the missing filename, it seems it probably still refers to 3.9. You might like this instead, which works on other arch and versions: ftp://some.mirror/pub/OpenBSD/`uname -r`/packages/`machine -a`/ You'll have to wait a little for 4.0 packages to arrive on ftp sites.
Re: Via C7 fully supported?
On Tue, 31 Oct 2006 07:12:51 -0700 (MST) Diana Eichert <[EMAIL PROTECTED]> wrote: > On Tue, 31 Oct 2006, Tom Cosgrove wrote: > > > Although they're not yet available, Wim is hoping to sell > > http://www.liantec.com/product/emboard/EMB-5740.htm soon. > > > > See http://www.kd85.com/liantec.html. > > > > Thanks > > > > Tom > > look like a more interesting choice than the commell I'm looking at, > http://www.commell.com.tw/Product/SBC/LV-669.HTM > The only thing thery're missing is the gpio, which could be usefull. Regards -- Massimo
Re: your mail which lacked a subject
On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote: > Hello, > > OpenBSD 4.0 installed from official CD (i386). No problems. In trying > to install various Gnome apps (e.g., gedit), I'm running into a > missing lib problem, and while I've people who've had the same > problem on Google, I haven't found a clear response that seems to > have fixed the problem. (I am performing this pkg_add via FTP). In a > nutshell, here is what I'm seeing from pkg_add: > > > > Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0 > Even by looking in dependency tree... etc. > Maybe it's in a dependent... etc. > Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0 > etc. > > > > Any suggestions? > You mean, besides "wait for 4.0 to be released"? No, not really. ftp://ftp.openbsd.org/pub/OpenBSD/4.0 still looks empty to me. The place from which you are FTPing packages for 4.0 is almost certainly the wrong place. Installing packages that do not match your installed version leads to chaos, and sometimes public ridicule. 5.5 hours to go until 01 Nov 2006 00:00:00 UTC. (The release may be later or earlier than this, at Theo's pleasure.) -- Mark
Re: subversion with mod_dav_svn
On Tue, 31 Oct 2006, Pete Vickers wrote: Anybody got subversion running well under OpenBSD with the http/webdav transport ? It seems to require apache2 amongst a whole shed load of other dependancies. Google throws up nothing less than 4 years old, so really just after any experiences to shortcut my legwork. I have it running on 3.9. Works great. Yes, as a downside subversion does require apache2 in order to use mod_dav_svn. If you're willing to forego mod_dav_svn, you can do just svn:// or svn+ssh:// with svnserve without having to build apache2. Most of the dependencies (berkeley db, neon, python for make check) can be added from the packages collection. There really aren't that many dependencies. After that, build apache2. After that, get the subversion 1.4.0 tarball. You won't need the -deps tarball if you've done everything else right. In my case, I configured with: export LDFLAGS=-L/usr/local/lib export APACHEBIN=/usr/local/apache2/bin ./configure --with-neon=/usr/local --with-apxs=$APACHEBIN/apxs \ --with-apr=$APACHEBIN/apr-1-config \ --with-apr-util=$APACHEBIN/apu-1-config --with-ssl --with-zlib \ --with-berkeley-db make && make check && make install Note that if you have previously installed an older version of subversion you might have to [re]move the existing libsvn* binaries [1] [2]. Also, with 1.4.0 there's a typo in build-outputs.mk (I think). One of the target man pages is wrong (svnversion.1 should be svnsync.1 or something like that, search the svn list archives). Easily fixed with a simple edit. Then just configure apache2 to use subversion and allow access to your repositories. Read the apache and svn docs for that. [1] http://subversion.tigris.org/servlets/ReadMsg?listName=dev&msgNo=120899 [2] http://subversion.tigris.org/servlets/ReadMsg?listName=dev&msgNo=15509 -- Kyle George
Re: tar question
Mike Spenard [EMAIL PROTECTED] wrote: > After tar has finished writing to the tape device is there > a way to see how large the finished tar on tape is? > > Also, is there a way to monitor the transfer rate to the > tape device? dd gives you both of these pieces of information. just pipe tar through dd instead of pointing tar directly to the tape device -- A novice was trying to fix a broken Lisp machine by turning the power off and on. Knight, seeing what the student was doing, spoke sternly: "You can not fix a machine by just power-cycling it with no understanding of what is going wrong." Knight turned the machine off and on. The machine worked. -- Danny Hillis
Re: OpenBSD Audio series other than bsdtalk ?
On Oct 31, 2006, at 12:10 PM, Douglas Hunter wrote: NYCBSDCon2006 now has its talks available in MP3 and with slides in pdf from http://www.fetissov.org/public/nycbsdcon06/ I saw this in the OpenBSD Journal ( http://undeadly.org/) I'm currently synchronizing all 260 of my "BSD is Dying" slides with the 20 minute audio. It should be available online in the next couple of days. It doesn't make much sense without the two at once. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
[no subject]
Hello, OpenBSD 4.0 installed from official CD (i386). No problems. In trying to install various Gnome apps (e.g., gedit), I'm running into a missing lib problem, and while I've people who've had the same problem on Google, I haven't found a clear response that seems to have fixed the problem. (I am performing this pkg_add via FTP). In a nutshell, here is what I'm seeing from pkg_add: Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0 Even by looking in dependency tree... etc. Maybe it's in a dependent... etc. Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0 etc. Any suggestions? John Kintzele [EMAIL PROTECTED]
subversion with mod_dav_svn
Hi, Anybody got subversion running well under OpenBSD with the http/ webdav transport ? It seems to require apache2 amongst a whole shed load of other dependancies. Google throws up nothing less than 4 years old, so really just after any experiences to shortcut my legwork. thanks /Pete
Re: Randomized malloc() & randomized mmap()
Thanks for all. On 10/31/06, Nick Guenther <[EMAIL PROTECTED]> wrote: On 10/30/06, Joco Salvatti <[EMAIL PROTECTED]> wrote: > Hi all, > > Reading Theo de Raadt's presentation about exploit mitigation > techniques, I could not understand the advantages of using randomized > malloc and randomized mmap techniques. I've searched on the Internet > about this subject but I couldn't find a thing, maybe because this > subject is too technical. > I'm sorry for the lack of abilities to understand the presentation. > Could anyone, please, give me an example or point me any website in > which I could find informations in order to understand why randomized > malloc and randomized mmap are more secure than the traditional ones? > > Thanks in advance for the time wasted reading this e-mail. > If memory locations are predictable and you can access program memory arbitrarily (e.g. kernel mode or a bug in something) then you can easily calculate where to find certain pieces of data. This is bad. It lets you read private data or maybe even write it. At least, I think that's about right, right? -Nick -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: Proper way to update a pf table?
Joel Goguen wrote: I do something similar to this: pfctl -t local-white -T replace -f /path/to/whitelist Where local-white is my whitelist, and /path/to/whitelist is the file containing whitelisted IP addresses or CIDRs, one per line. On 10/31/06, Steve Williams <[EMAIL PROTECTED]> wrote: Hi, I have a table of "whitelisted" hosts that I can change on the fly as I see email coming in that gets greylisted. I add an entry to the file, then I try to reload the table. pfctl -t local-white -T load -f /etc/pf.conf Magically, pf seems to block most local access. ie: telnet localhost 25 times out, telnet localhost 3306 times out.. If I use a sledge hammer: pfctl -Fa -f /etc/pf.conf The system resumes "normal" activity. My relevant entry in the pf.conf is: table persist file "/etc/spamd/whitelist.txt" rdr on $ext_if proto tcp from to any port smtp -> $int_mcafe_webshield Is there a "proper" way to update a pf table that resides in a file? Thanks, Steve Williams Thanks! Works for me too! :-)
Re: Boost OpenBSD security - Zophie for 3.9
2006/7/2, Tomasz Zielinski <[EMAIL PROTECTED]>: Hello, Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/ Development cycle of OpenBSD4.0 support starts tomorrow and will be finished when 4.1 releases?
Re: Boost OpenBSD security - Zophie for 3.9
Tomasz Zielinski wrote: Hello, Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/ Anyone know why this patch implement another sysctl instead of adding a security level specificaly for process privacy. Less specificaly, seurity levels could be patched to permit a mask based implementation in order to mix features from differents security levels, just an idea... Best regards, Francois
Re: DNS setup
martin g wrote: Hello all Aprox. 2 weeks ago i posted a question titled web browsing to this list. It was about how to setup NAT on my gateway so intranet computers can access Internet. The current situation is: I have a obsd3.9 box connected to internet using ppp.conf, on the inside i have a winXP box connected to switch, connected to obsd box. The thing that wasn't working was that my XP box couldn't access web pages. I blamed it on pf.conf. But that wasn't the case. Today i tried this: I turned off Pf i will set that up later I checked man ppp and found this info. ...to turn on NAT add this line to ppp.confnat enable yes... . With this line added to ppp.conf things started to work. Now the question : 1. My resolv.conf contains namesservers from my ISP 2. At the begining xp box was setup with DNS parameter pointing to my gateway 192.168.0.1. I could not access Internet, then i changed this parameter to dns server ip of my ISP and things work again. What must i do that things will work with dns parameter set to my gateway ? Your GW needs to run dns, resolv.conf sets up dns for the GW to use for itself; it does not make it a forwarder or nameserver . Do a search for setting up a caching dns box. Alternatively you could I suppose proxy dns requests from your client PC to your ISP's dns servers ... Are there any security threats with parameters set to dns ip form my ISP ? Will this be a problem when setting up Pf ? Depends on weather your ISP knows how to keep their dns servers secure.
Re: Randomized malloc() & randomized mmap()
On 10/30/06, Joco Salvatti <[EMAIL PROTECTED]> wrote: Hi all, Reading Theo de Raadt's presentation about exploit mitigation techniques, I could not understand the advantages of using randomized malloc and randomized mmap techniques. I've searched on the Internet about this subject but I couldn't find a thing, maybe because this subject is too technical. I'm sorry for the lack of abilities to understand the presentation. Could anyone, please, give me an example or point me any website in which I could find informations in order to understand why randomized malloc and randomized mmap are more secure than the traditional ones? Thanks in advance for the time wasted reading this e-mail. If memory locations are predictable and you can access program memory arbitrarily (e.g. kernel mode or a bug in something) then you can easily calculate where to find certain pieces of data. This is bad. It lets you read private data or maybe even write it. At least, I think that's about right, right? -Nick
Re: Proper way to update a pf table?
I do something similar to this: pfctl -t local-white -T replace -f /path/to/whitelist Where local-white is my whitelist, and /path/to/whitelist is the file containing whitelisted IP addresses or CIDRs, one per line. On 10/31/06, Steve Williams <[EMAIL PROTECTED]> wrote: Hi, I have a table of "whitelisted" hosts that I can change on the fly as I see email coming in that gets greylisted. I add an entry to the file, then I try to reload the table. pfctl -t local-white -T load -f /etc/pf.conf Magically, pf seems to block most local access. ie: telnet localhost 25 times out, telnet localhost 3306 times out.. If I use a sledge hammer: pfctl -Fa -f /etc/pf.conf The system resumes "normal" activity. My relevant entry in the pf.conf is: table persist file "/etc/spamd/whitelist.txt" rdr on $ext_if proto tcp from to any port smtp -> $int_mcafe_webshield Is there a "proper" way to update a pf table that resides in a file? Thanks, Steve Williams -- Joel Goguen Bachelor of Computer Science III University of New Brunswick http://iapetus.dyndns.org/
Proper way to update a pf table?
Hi, I have a table of "whitelisted" hosts that I can change on the fly as I see email coming in that gets greylisted. I add an entry to the file, then I try to reload the table. pfctl -t local-white -T load -f /etc/pf.conf Magically, pf seems to block most local access. ie: telnet localhost 25 times out, telnet localhost 3306 times out.. If I use a sledge hammer: pfctl -Fa -f /etc/pf.conf The system resumes "normal" activity. My relevant entry in the pf.conf is: table persist file "/etc/spamd/whitelist.txt" rdr on $ext_if proto tcp from to any port smtp -> $int_mcafe_webshield Is there a "proper" way to update a pf table that resides in a file? Thanks, Steve Williams
Re: OpenBSD Audio series other than bsdtalk ?
NYCBSDCon2006 now has its talks available in MP3 and with slides in pdf from http://www.fetissov.org/public/nycbsdcon06/ I saw this in the OpenBSD Journal ( http://undeadly.org/) Douglas
Re: Via C7 fully supported?
Jean-Daniel Beaubien <[EMAIL PROTECTED]> wrote: Is there any company doing a ready-to-use board with this chip? It's a Commell LE-565[1], available from BWI[2]. Enclosures are hard to find, though (it's an EBX form factor). Regards, Greg [1] http://www.commell.com.tw/Product/SBC/LE-565.HTM [2] http://www.bwi.com/prodroot/495985 \|/ ___ \|/[EMAIL PROTECTED]+- 2048R/38BD6CAB -+ @~./'O o`\.~@| 02BD EF81 91B3 1B33 64C2 | /__( \___/ )__\ | 3247 6722 7006 38BD 6CAB | `\__`U_/' +--+
DNS setup
Hello all Aprox. 2 weeks ago i posted a question titled web browsing to this list. It was about how to setup NAT on my gateway so intranet computers can access Internet. The current situation is: I have a obsd3.9 box connected to internet using ppp.conf, on the inside i have a winXP box connected to switch, connected to obsd box. The thing that wasn't working was that my XP box couldn't access web pages. I blamed it on pf.conf. But that wasn't the case. Today i tried this: I turned off Pf i will set that up later I checked man ppp and found this info. ...to turn on NAT add this line to ppp.confnat enable yes... . With this line added to ppp.conf things started to work. Now the question : 1. My resolv.conf contains namesservers from my ISP 2. At the begining xp box was setup with DNS parameter pointing to my gateway 192.168.0.1. I could not access Internet, then i changed this parameter to dns server ip of my ISP and things work again. What must i do that things will work with dns parameter set to my gateway ? Are there any security threats with parameters set to dns ip form my ISP ? Will this be a problem when setting up Pf ?
Re: Via C7 fully supported?
On Tue, 31 Oct 2006, Tom Cosgrove wrote: > Although they're not yet available, Wim is hoping to sell > http://www.liantec.com/product/emboard/EMB-5740.htm soon. > > See http://www.kd85.com/liantec.html. > > Thanks > > Tom look like a more interesting choice than the commell I'm looking at, http://www.commell.com.tw/Product/SBC/LV-669.HTM diana
Re: building acpi kernel on current fails for me (on file dsdt.c ?)
Didier Wiroth <[EMAIL PROTECTED]> wrote on Tue 31.Oct'06 at 13:11:32 +0100 > Hello, > I'm trying to build acpi on current but it fails: > > cc -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes > -Wno-uninitialized -Wno-format -Wno-main -Wstack-larger-than-2047 > -fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I. > -I/usr/src/sys/arch/i386/compile/GENERIC_acpi/../../../../arch > -I/usr/src/sys/arch/i386/compile/GENERIC_acpi/../../../.. -DDDB > -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS -DPTRACE -DCRYPTO > -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT -DCOMPAT_35 -DCOMPAT_43 > -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DXFS > -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT -DNFSSERVER -DCD9660 > -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6 -DIPSEC > -DPPP_BSDCOMP -DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DI386_CPU > -DI486_CPU -DI586_CPU -DI686_CPU -DUSER_PCICONF -DUSER_LDT -DAPERTURE > -DCOMPAT_SVR4 -DCOMPAT_IBCS2 -DCOMPAT_LINUX -DCOMPAT_FREEBSD > -DCOMPAT_BSDOS -DCOMPAT_AOUT -DPROCFS -DACPIVERBOSE -DACPI_ENABLE > -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL > -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6" > -DWSDISPLAY_COMPAT_PCVT -DPCIAGP -DONEWIREVERBOSE -D_KERNEL -Di386 -c > /usr/src/sys/arch/i386/compile/GENERIC_acpi/../../../../dev/acpi/dsdt.c > /usr/src/sys/dev/acpi/dsdt.c:1771: warning: no previous prototype for > `aml_evalinteger' > *** Error code 1 > > Stop in /usr/src/sys/arch/i386/compile/GENERIC_acpi (line 3831 of Makefile) > > I noticed that the file dsdt.c has changed in the cvs tree on the 30th > of october. Yeah, missing prototype. fixed now in r1.62 of dsdt.c thanks for the report.
Re: tar question
2006/10/31, Mike Spenard <[EMAIL PROTECTED]>: After tar has finished writing to the tape device is there a way to see how large the finished tar on tape is? gtar has --totals Also, is there a way to monitor the transfer rate to the tape device? gtar has --checkpoint Best Martin
building acpi kernel on current fails for me (on file dsdt.c ?)
Hello, I'm trying to build acpi on current but it fails: cc -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-uninitialized -Wno-format -Wno-main -Wstack-larger-than-2047 -fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I. -I/usr/src/sys/arch/i386/compile/GENERIC_acpi/../../../../arch -I/usr/src/sys/arch/i386/compile/GENERIC_acpi/../../../.. -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT -DCOMPAT_35 -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DXFS -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6 -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DI386_CPU -DI486_CPU -DI586_CPU -DI686_CPU -DUSER_PCICONF -DUSER_LDT -DAPERTURE -DCOMPAT_SVR4 -DCOMPAT_IBCS2 -DCOMPAT_LINUX -DCOMPAT_FREEBSD -DCOMPAT_BSDOS -DCOMPAT_AOUT -DPROCFS -DACPIVERBOSE -DACPI_ENABLE -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6" -DWSDISPLAY_COMPAT_PCVT -DPCIAGP -DONEWIREVERBOSE -D_KERNEL -Di386 -c /usr/src/sys/arch/i386/compile/GENERIC_acpi/../../../../dev/acpi/dsdt.c /usr/src/sys/dev/acpi/dsdt.c:1771: warning: no previous prototype for `aml_evalinteger' *** Error code 1 Stop in /usr/src/sys/arch/i386/compile/GENERIC_acpi (line 3831 of Makefile) I noticed that the file dsdt.c has changed in the cvs tree on the 30th of october. Does anyone else have this problem? I'm using the following acpi kernel option: option ACPIVERBOSE option ACPI_ENABLE acpi0 at mainbus? acpitimer* at acpi? acpihpet* at acpi? acpiac* at acpi? acpibat*at acpi? acpibtn*at acpi? acpicpu*at acpi? acpiec* at acpi? acpitz* at acpi? Thank you very much. -- Didier Wiroth
Re: Ralink broken after last update
> Name Mtu Network AddressIpkts IerrsOpkts Oerrs Colls > > With rssadapt: > ral0 1500 00:0e:2e:86:87:76 21153 836324635 1796 0 > > With AMRR. Rebuilt from CVS couple of hours ago. > ral0 1500 00:0e:2e:86:87:76 501773 422 1002191 159 0 > > I left the lappy downloading stuff and it's been going at rock solid > 750KB/s for the last hour or so. > > I think it has never worked so well. Indeed. You go from 7.3% output packets lost down to 0.016% :) Damien
Re: tar question
On Tue, Oct 31, 2006 at 11:53:53AM +0100, Andreas Kahari wrote: | >How about tar czpf / | dd obs=$BIGNUM > /dev/nrst0? More sophisticated | >methods are always possible, of course... | | I was thinking about something similar but using buffer from the | misc/buffer port somehow instead of dd. I believe that that program | will give you both the total size (in bytes transferred, I'm not | certain this is the same as the size of the achive on the tape as I | don't know anything about tape drives) and the rate of the transfer. dd(1) does that too, you can send SIGINFO to dd and it'll tell you the rate at which it has been transferring data and the amount transferred up till then. Once it's done you get the same information without sending SIGINFO. Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Ralink broken after last update
Sure. With rssadapt: # uptime 4:25AM up 3 days, 16:38, 2 users, load averages: 0.26, 0.17, 0.14 # netstat -i NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls lo0 3322426923 026923 0 0 lo0 33224 loopbacklocalhost.my.doma26923 026923 0 0 lo0 33224 localhost.m localhost.my.doma26923 026923 0 0 lo0 33224 fe80::%lo0/ fe80::1%lo0 26923 026923 0 0 rl0 150000:50:bf:67:4b:c5 6226370 0 7564081 0 0 rl0 1500 fe80::%rl0/ fe80::250:bfff:fe 6226370 0 7564081 0 0 rl0 1500 ip0.cab60.m ip41.cab60.mus.st 6226370 0 7564081 0 0 ral0150000:0e:2e:86:87:7621153 836324635 1796 0 ral01500 192.168.2/2 192.168.2.1 21153 836324635 1796 0 ral01500 fe80::%ral0 fe80::20e:2eff:fe21153 836324635 1796 0 fxp0150000:02:b3:95:b3:a0 990951 0 1620722 0 0 fxp01500 192.168.1/2 192.168.1.1 990951 0 1620722 0 0 fxp01500 fe80::%fxp0 fe80::202:b3ff:fe 990951 0 1620722 0 0 pfsync0 1460 0 00 0 0 enc0* 1536 0 00 0 0 # ifconfig -M ral0 ral0: flags=8943 mtu 1500 lladdr 00:0e:2e:86:87:76 media: IEEE802.11 autoselect mode 11b hostap status: active ieee80211: nwid OPENBOX chan 1 bssid 00:0e:2e:86:87:76 100dBm none inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::20e:2eff:fe86:8776%ral0 prefixlen 64 scopeid 0x2 With AMRR. Rebuilt from CVS couple of hours ago. # uptime 1:37PM up 1:14, 2 users, load averages: 0.56, 0.50, 0.54 # netstat -i NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls lo0 33224 457 0 457 0 0 lo0 33224 loopbacklocalhost.my.doma 457 0 457 0 0 lo0 33224 localhost.m localhost.my.doma 457 0 457 0 0 lo0 33224 fe80::%lo0/ fe80::1%lo0457 0 457 0 0 rl0 150000:50:bf:67:4b:c510357 0 9590 0 0 rl0 1500 fe80::%rl0/ fe80::250:bfff:fe10357 0 9590 0 0 rl0 1500 ip0.cab16.m ip220.cab18.mus.s10357 0 9590 0 0 ral0150000:0e:2e:86:87:76 501773 422 1002191 159 0 ral01500 192.168.2/2 192.168.2.1 501773 422 1002191 159 0 ral01500 fe80::%ral0 fe80::20e:2eff:fe 501773 422 1002191 159 0 fxp0150000:02:b3:95:b3:a0 2593 0 2883 0 0 fxp01500 192.168.1/2 192.168.1.1 2593 0 2883 0 0 fxp01500 fe80::%fxp0 fe80::202:b3ff:fe 2593 0 2883 0 0 pfsync0 1460 0 00 0 0 enc0* 1536 0 00 0 0 # ifconfig -M ral0 ral0: flags=8843 mtu 1500 lladdr 00:0e:2e:86:87:76 media: IEEE802.11 autoselect mode 11b hostap status: active ieee80211: nwid OPENBOX chan 1 bssid 00:0e:2e:86:87:76 100dBm lladdr 00:16:ce:21:e9:39 112dB 11M short_preamble,short_slottime assoc inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::20e:2eff:fe86:8776%ral0 prefixlen 64 scopeid 0x2 I left the lappy downloading stuff and it's been going at rock solid 750KB/s for the last hour or so. I think it has never worked so well. Thank you Could you please run the following commands on your ral-based access point, preferably before and after the rssadapt->AMRR change: # netstat -i # ifconfig -M ral0
Re: tar question
On 31/10/06, Joachim Schipper <[EMAIL PROTECTED]> wrote: On Tue, Oct 31, 2006 at 11:06:13AM +0100, ropers wrote: > On 31/10/06, Mike Spenard <[EMAIL PROTECTED]> wrote: > >After tar has finished writing to the tape device is there > >a way to see how large the finished tar on tape is? > > Forgive me if this sounds impressively stupid, but would you not just > use ls(1) for that? No, tapes are not block devices; only block devices hold filesystems. (When you think about it, this makes sense; seek times would be prohibitively high for tapes.) Ah! Thank you! :)
Re: tar question
On 31/10/06, Joachim Schipper <[EMAIL PROTECTED]> wrote: On Tue, Oct 31, 2006 at 11:06:13AM +0100, ropers wrote: > On 31/10/06, Mike Spenard <[EMAIL PROTECTED]> wrote: > >After tar has finished writing to the tape device is there > >a way to see how large the finished tar on tape is? > > Forgive me if this sounds impressively stupid, but would you not just > use ls(1) for that? No, tapes are not block devices; only block devices hold filesystems. (When you think about it, this makes sense; seek times would be prohibitively high for tapes.) > >Also, is there a way to monitor the transfer rate to the > >tape device? > > I doubt that there's a trivial way to do that, and I'm not > knowledgeable enough to really be able to help with any non-trivial > way to do this. How about tar czpf / | dd obs=$BIGNUM > /dev/nrst0? More sophisticated methods are always possible, of course... I was thinking about something similar but using buffer from the misc/buffer port somehow instead of dd. I believe that that program will give you both the total size (in bytes transferred, I'm not certain this is the same as the size of the achive on the tape as I don't know anything about tape drives) and the rate of the transfer. Read the manual. Cheers, Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: NOD32 Antivirus and OpenBSD?
On Mon, Oct 30, 2006 at 09:52:00PM -0800, smith wrote: > On Thu, 26 Oct 2006 23:28:41 -0400, STeve Andre' wrote > > On Thursday 26 October 2006 20:16, smith wrote: > > > > Some people like to run antivirus software on UNIX boxes to ensure > > > > they're not carriers for Windows viruses, etc. Personally, I > > > > think it should be the responsibility of the Windows users to secure > > > > their own machines rather than relying on the kindness of others. > > > > > > I second that. Why waste server resources and decrease server security, > > > when all Windows machines should be running their own antivirus software > > > to > > > begin with. > > > > Why? Because an OpenBSD system isn't subject to the possibility of being > > co-opted as a Windows machine can, thats why. > > > > Different perspectives are a good thing. > > If openbsd is running 3rd party software (clamav) it can. If OpenBSD isn't running third party software, we have no reason to assume it can't. As to clamav, my new mail server configuration might include a systrace'd version. But ClamAV isn't that dangerous once it is put in a chroot, and that is not hard to do. Joachim
Re: tar question
On Tue, Oct 31, 2006 at 11:06:13AM +0100, ropers wrote: > On 31/10/06, Mike Spenard <[EMAIL PROTECTED]> wrote: > >After tar has finished writing to the tape device is there > >a way to see how large the finished tar on tape is? > > Forgive me if this sounds impressively stupid, but would you not just > use ls(1) for that? No, tapes are not block devices; only block devices hold filesystems. (When you think about it, this makes sense; seek times would be prohibitively high for tapes.) > >Also, is there a way to monitor the transfer rate to the > >tape device? > > I doubt that there's a trivial way to do that, and I'm not > knowledgeable enough to really be able to help with any non-trivial > way to do this. How about tar czpf / | dd obs=$BIGNUM > /dev/nrst0? More sophisticated methods are always possible, of course... Joachim
Re: [OT] sparc64 CPU specifications: pipelines
Thanks, but I'm interested in specfic details regarding sparc, not generic concepts and fundamentals.
Re: Via C7 fully supported?
>>> "Jean-Daniel Beaubien" 31-Oct-06 03:49 >>> > > Sweet > > Is there any company doing a ready-to-use board with this chip? > Something like what soekris does...but with the VIA C7 chip... > > JD Although they're not yet available, Wim is hoping to sell http://www.liantec.com/product/emboard/EMB-5740.htm soon. See http://www.kd85.com/liantec.html. Thanks Tom
Re: [OT] sparc64 CPU specifications: pipelines
On 31/10/06, Paul Irofti <[EMAIL PROTECTED]> wrote: I'm interested in the pipeline implementation of the sparc64 architecture, I noticed there are quite a few sparc users on this list and I was wondering if they could point me to a document describing the chip's architecture. So far Google and Wikipedia didn't help much, all I was able to retrive were some wierd docs from (http://www.sparc.org/standards.html) that were poorly writen and quite un-usefull, an OpenSPARC T1 pdf ( http://opensparc-t1.sunsource.net/specs/UST1-UASuppl-current-draft-P-EXT.pdf) that was more orientated twords development rather than hardware description and some sort of presentation that was more related to performance with multiple threads ( http://www.rz.rwth-aachen.de/computing/events/2006/sunhpc_2006/03_Tirumalai.pdf ). So any specific links (maybe similar to intel documentation regarding it's Pentium chips) are most apreciated. I don't know if this covers what you want, but it might: http://arstechnica.com/staff/carthage.ars/2006/10/16/5639 Upon second look, it DOESN'T seem to cover sparc, but it might be helpful nontheless, so here goes: http://arstechnica.com/staff/carthage.ars/2006/10/14/5617
Nintendo Wifi Connector and Nintendo DS (WEP)
Hello, after reading through the "ralink broken after last update" thread and seeing that Bruno is using an Nintendo Wifi Connector I wonder if someone has connected a Nintendo DS via an OpenBSD Box and the Nintendo Wifi Connector as AP using WEP. Without WEP everything works fine for me (i put my /etc/hostname.ural0 at the bottom of this message) But I haven't worked out how to configure WEP. What worked was using WEP for a connection between the Wifi Connector as Accesspoint and my notebook. So if anybody know in which format I have to use the WEP Key on both the OpenBSD Box and the Nintendo DS, I really would like to know. thanks guido /etc/hostname.ural0 inet 192.168.22.1 255.255.255.252 NONE media DS2 mediaopt hostap mode 11b nwid zelda chan 12 -nwkey (btw the DS only works with 2Mbps)
Re: tar question
On 31/10/06, Mike Spenard <[EMAIL PROTECTED]> wrote: After tar has finished writing to the tape device is there a way to see how large the finished tar on tape is? Forgive me if this sounds impressively stupid, but would you not just use ls(1) for that? Also, is there a way to monitor the transfer rate to the tape device? I doubt that there's a trivial way to do that, and I'm not knowledgeable enough to really be able to help with any non-trivial way to do this.
[OT] sparc64 CPU specifications: pipelines
I'm interested in the pipeline implementation of the sparc64 architecture, I noticed there are quite a few sparc users on this list and I was wondering if they could point me to a document describing the chip's architecture. So far Google and Wikipedia didn't help much, all I was able to retrive were some wierd docs from (http://www.sparc.org/standards.html) that were poorly writen and quite un-usefull, an OpenSPARC T1 pdf ( http://opensparc-t1.sunsource.net/specs/UST1-UASuppl-current-draft-P-EXT.pdf) that was more orientated twords development rather than hardware description and some sort of presentation that was more related to performance with multiple threads ( http://www.rz.rwth-aachen.de/computing/events/2006/sunhpc_2006/03_Tirumalai.pdf ). So any specific links (maybe similar to intel documentation regarding it's Pentium chips) are most apreciated.
Re: Ralink broken after last update
2006/10/31, Damien Bergamini <[EMAIL PROTECTED]>: | I'm in this case too using OpenBSD 4.0-current (GENERIC) #1163: Thu | Oct 19 14:40:44 MDT 2006 : | | ural0 at uhub0 port 1 | ural0: Nintendo Nintendo Wi-Fi USB Connector, rev 2.00/0.01, addr 2 | ural0: MAC/BBP RT2571 (rev 0x05), RF RT2526, address 00:0d:0b:c3:cb:bb | | ural0 is in hostap mode, /etc/hostname.ural0 : | | 192.168.13.254 255.255.255.0 media DS11 mediaopt hostap mode 11b nwid w3lC0m3_H0 | m3 chan 11 | | I use it from my powerbook, and sometimes, I lost Wi-Fi connectivity | for about 1 minutes... Screen helps :) This is a different problem. ural(4) has always used AMRR for rate control and it isn't even enabled in hostap mode. Is your problem new to OpenBSD 4.0 or was it already existing in previous releases? Is your powerbook wifi adapter working in powersave mode? In fact, I have this problem since using first ural0 implementation (3.9-current, as far as i remember). I use the integrated Airport interface of my powerbook, which does not have any powersafe options (or I'm not aware of them). Sometimes, I'm really near the AP (about 2 meters), and if there is too many people in the room, it become really instable (powerbook signal strengh indicator lowers to 1 ticks). There is a (in french) "robustesse d'interfirence" option with airport, but it can't help. Best regards, Bruno. Thanks, Damien
Re: Via C7 fully supported?
Jean-Daniel Beaubien wrote: Sweet Is there any company doing a ready-to-use board with this chip? Something like what soekris does...but with the VIA C7 chip... JD http://shop.elv.de/output/controller.aspx?cid=74&detail=10&detail2=9954 Peter http://www.hopfgartner.it
Re: OpenBSD Audio!
2006/10/30, Michael Hernandez <[EMAIL PROTECTED]>: > > I just had to mention that the OpenBSD audio cd is great for playing > at the office. > > Thanks OpenBSD! Not only is the operating system a pleasure to use, > but the music has us all in great spirits here. > > Mike H > > It's proven listening OpenBSD songs increase hacker's perfomance up to 30-50%.
Re: it has arrived!
On Fri, Oct 27, 2006 at 10:43:30PM -0700, Joe wrote: > > I ordered my CDs on 09/20/06 > OpenBSD shipped my CDs on 10/13/06 > I received my CDs on 10/16/06 > > Shipped to SF Bay Area in Northern California. > > The OpenBSD people say what they mean. First come, first served. Woohoo! I ordered on 20/09/06 and they arrived today! - Australia. excellent!
