Re: PPTP over PF
On 11/14/06, Steve <[EMAIL PROTECTED]> wrote: I am having problems with Windows PPTP client over PF NAT. The windows error generally indicates a GRE problem. There are mixed reports on google as to whether this should work. Does anyone have this working ? If so are there any tricks ? http://sourceforge.net/projects/pptp-proxy is still in its infancy. If you are a developer and can lend some time to the project, I would request you to contribute/contact the devs. - Raja
Re: ip not forwarding after 4.0 rebuild.
On Monday 13 November 2006 7:53 pm, you wrote: > But I don't know what I need to do differently to change the > situations. Is pf enabled and blocking perhaps? Bob D
Re: Java -> GPL, pre-built packages?
On 11/8/06, Martin Schrvder <[EMAIL PROTECTED]> wrote: I'll believe it when I can download the archive from Sun. the thought does make me warm n fuzzy. SGPL != GPL
Re: whitelists & spamd-setup
On Mon, Nov 13, 2006 at 09:01:55PM -0500, Chad M Stewart wrote: > I'm missing something, but I can't figure out what. Below is the > contents of the spamd.conf file, nothing but a simple whitelist. A > connection from 10.37.129.2 gets directed to spamd, but the IP should > have been put into spamd-white by spamd-setup, at least that was what > I expected but clearly that did not happen. Hopefully someone can > point me to where I've gone wrong. My understanding about spamd-setup and spamd.conf is that whitelists are removed from blacklists defined in spamd.conf. That is to say, before spamd-setup puts black entries in table it removes anything defined in whitelists. This is NOT the same thing as whitelisting into table ! I also use a whitelist as you intend. In my pf.conf I have... table persist file "/etc/mail/whitelist.txt" no rdr inet proto tcp from to any port smtp # before rdrs -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: ip not forwarding after 4.0 rebuild.
On 14/11/06, Pierre Lamy <[EMAIL PROTECTED]> wrote: > > You got link on the interface? Even if you do maybe the cable is bad. I can ssh into the system using the local interface IP. Once there I can ping devices on all the networks, including the internet. Problem is that no device on Network A can ping any device on Network A, but cannot ping anything outside. tcpdump traffic of any attempt to ping shows the traffic arriving on the interface local to the device that is pinging, but no traffic is seen on the interface that is local to to destination device. It isn't the cable. I understand that this is odd, that is why I am turning to the list for help. The setting to allow forwarding is turned on, sysctl shows the kernel knows this, but still packets are not being forwarded. I will try another rebuild next, because that doesn't take much time. But I don't know what I need to do differently to change the situations. Thanks for the reply. nuffnough.
Re: Marvell Yukon 88E8053 on Apple Mac mini (hanging system)
With one word: YAY! :-D Mark, your new patch worked perfectly! I even compiled the kernel completely on the "other i386 machine" (an old, slow PII-450) and just transferred it to my Mac mini (via CD), and the mini booted without problems. Not only the Marvell Yukon NIC but also the second CPU core works now! :-D I already tested that with distributed.net as an application: Automatic processor identification tag: 6547:06E8 features: MMX SSE SSE2 SSE3 Hyper-Threading(2) Estimated processor clock speed (0 if unknown): 1833 MHz Number of processors detected by this client: 2 Number of processors supported by this client: 128 Again: YAY! :-D And btw: Even USB pen drives work now without any problem! :-) Mark, you are simply the best! :-D Thank you so much! If there are even further improvements in the future, please post them here, I'll keep an eye on this thread and mailing list. And I'll be happy to test whatever you want me to on my mini. :-) And of course also my DMESG: OpenBSD 4.0-current (GENERIC.ACPI) #0: Tue Nov 14 01:37:47 CET 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.ACPI cpu0: Genuine Intel(R) CPU 1400 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2 real mem = 2114367488 (2064812K) avail mem = 1920393216 (1875384K) using 4256 buffers containing 105840640 bytes (103360K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 07/29/05, SMBIOS rev. 2.4 @ 0xe73f0 (39 entries) bios0: Apple Computer, Inc. Macmini1,1 pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0xe600! acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpitimer0 at acpi0: 3579545 Hz, 24 bits acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table FACP not configured acpihpet0 at acpi0 table HPET: 14318179 Hz acpimadt0 at acpi0 table APIC addr 0xfee0: PC-AT compat LAPIC: acpi_proc_id 0, apic_id 0, flags 0x1 cpu0 at mainbus0: apid 0 (boot processor) cpu0: calibrating local timer cpu0: apic clock running at 166 MHz cpu0: kstack at 0xeb62b000 for 8192 bytes cpu0: idle pcb at 0xeb62b000, idle sp at 0xeb62cf98 LAPIC: acpi_proc_id 1, apic_id 1, flags 0x1 cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU 1400 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2 cpu1: kstack at 0xeb62d000 for 8192 bytes cpu1: idle pcb at 0xeb62d000, idle sp at 0xeb62ef98 IOAPIC: acpi_ioapic_id 1, address 0xfec0, global_int_base 0x0 ioapic0 at mainbus0: apid 1 pa 0xfec0, virtual wire mode, version 20, 24 pins ioapic0: duplicate apic id, remapped to apid 2 OVERRIDE: bus 0, source 0, global_int 2, flags 0 OVERRIDE: bus 0, source 9, global_int 9, flags d apic_type 4 apic_type 4 acpi device at acpi0 from table MCFG not configured acpi device at acpi0 from table ASF! not configured acpi device at acpi0 from table SBST not configured acpi device at acpi0 from table ECDT not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpibtn0 at acpi0: PWRB acpiec0 at acpi0: Failed to register address space acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus 3 (PCIB) pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03 vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03: aperture at 0x9038, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vendor "Intel", unknown product 0x27a3 (class DASP subclass Time and Frequency, rev 0x03) at pci0 dev 7 function 0 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 int 22 (irq 11) azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Sigmatel STAC9221 (rev. 52.1), HDA version 1.0 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02 pci1 at ppb0 bus 1 mskc0 at pci1 dev 0 function 0 "Marvell Yukon 88E8053" rev 0x22, Marvell Yukon-2 EC rev. A3 (0x2): apic 2 int 16 (irq 11) msk0 at mskc0 port A, address 00:16:cb:a7:46:69 eephy0 at msk0 phy 0: Marvell 88E Gigabit PHY, rev. 2 ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02 pci2 at ppb1 bus 2 ath0 at pci2 dev 0 function 0 "Atheros AR5424" rev 0x01: apic 2 int 17 (irq 11) ath0: AR5424 10.3 phy 6.1 rf 10.2, WORAW, address 00:17:f2:4d:19:ee uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2 int 21 (irq 11) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2
Re: getting siteXX.tgz, possible bug
Thanos Tsouanas wrote: > Hello. > > For some reason, the site40.tgz wasn't recognized as an option when I > was using http to get the sets, but it was when I moved the sets to my > ftpd... > > Or maybe it was my bad. not really your bad...but an error of omission, none the less. :) You will note a file called "index.txt" with your files. When pulling from an http server, this file needs to match the files you have available, including site40.tgz. That's buried in FAQ 5, but it probably needs to be elsewhere... Nick.
whitelists & spamd-setup
I'm missing something, but I can't figure out what. Below is the contents of the spamd.conf file, nothing but a simple whitelist. A connection from 10.37.129.2 gets directed to spamd, but the IP should have been put into spamd-white by spamd-setup, at least that was what I expected but clearly that did not happen. Hopefully someone can point me to where I've gone wrong. all:\ :whitelist: # Whitelists are done like this, and must be added to "all" after each # blacklist from which you want the addresses in the whitelist removed. # whitelist:\ :white:\ :method=file:\ :file=/etc/pf/smtp.white: # cat /etc/pf/smtp.white 10.37.129.0/24 # /usr/libexec/spamd-setup -d whitelist whitelist 1 entries # pfctl -t spamd-white -T show # TRANSLATION RULES: rdr pass on ne3 inet proto tcp from to any port = smtp -> 127.0.0.1 port 8025 rdr pass on ne3 inet proto tcp from ! to any port = smtp -> 127.0.0.1 port 8025 FILTER RULES: pass in on ne3 proto tcp from any to (ne3) port = ssh keep state pass in log on ne3 proto tcp from any to (ne3) port = smtp keep state Thanks, Chad
Re: openbsd on cisco hardware?
On Mon, 2006-11-13 at 15:12 -0600, Jacob Yocom-Piatt wrote: > > bingo! i wanted to see if i could use a 2620 i had laying around for its T1 line > card and this is why i didn't expect it to be possible. > > the ISP here at work supplies a couple T1 lines which terminate into 1721s and > i'd very much like to remove all cisco gear from the network. there are cisco > 7200s as edge routers at the ISP. anybody got advice on the cheapest way to > connect to such routers? the sangoma, accoom, etc. cards are pretty pricey. The cheapest way that I can think of would be to get your ISP to provide you some sort of Metro Ethernet or Ethernet over TDM solution. That way your interface to the Internet is an Ethernet port and it's the ISP's responsibility to deal with T1 circuits or whatever. Jeff [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: PPTP over PF
Steve wrote: > I am having problems with Windows PPTP client over PF NAT. The > windows error generally indicates a GRE problem. > > There are mixed reports on google as to whether this should work. > Does anyone have this working ? If so are there any tricks ? So long as no more than one connection is made to the same destination address, it works well--pf breaks stuff when more than one connection is made. Search the archives--more at http://marc.theaimsgroup.com/?l=openbsd-misc&m=110660283102711&w=2 and I believe this also applies to -current.
Re: crash on 4.0 (but no ddb)
Stephen Takacs wrote: Alexander Hall wrote: Or try typing "boot crash" or so, and see if anything happens, but you maybe tried that earlier. Haven't tried that yet, but that's because I'm waiting for the machine to crash into ddb. :-) I can invoke ddb at the console with Ctrl-Alt-Esc, and then exit from it with "continue", but so far haven't been able to trigger it at the right time. I was thinking that maybe you are in ddb> but just do not see it cause the video is fsck'd up. In that case, if issuing some valid commands would make the computer produce some noise it would be a nice indication that you have actually entered the wonderful world of ddb, even though you cannot see it. Sorry if I'm pointing out the obvious. /Alexander
Re: PIII Dell Laptop XWindows
D'oh ... started xorgcfg and switched to another virt terminal and copied the xorg.conf.new from home dir to /etc/X11 ... works fine ... On Nov 13, 2006, at 3:28 PM, Jack J. Woehr wrote: I've just installed OBSD current on a PIII Dell piece o' junk lying around here dmesg below ... xorgcfg works wonderful, but startx quits like it shows below. Would love to tell X "Hey, use whatever you used for xorgcfg because that works perfectly!" -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
getting siteXX.tgz, possible bug
Hello. For some reason, the site40.tgz wasn't recognized as an option when I was using http to get the sets, but it was when I moved the sets to my ftpd... Or maybe it was my bad. -- Thanos Tsouanas .: My Music: http://www.thanostsouanas.com/ http://thanos.sians.org/ .: Sians Music: http://www.sians.org/
Re: OpenBSD dedicated hosting
On Thu, Oct 19, 2006 at 12:01:46AM +0200, Gilles Chehade wrote: > [...] > > I have then tried LayeredTech as suggested by someone on the list and I am > very happy with it. The only negative point so far was that they advertised > OpenBSD 3.x, and it turned out x really meant 5. I spent about an hour > upgrading from OpenBSD 3.5 up to 3.9-stable. Ok I confess, I actually found > that fun since I never did in-place upgrades ;) Not really. They are more than willing to install any version. You can even supply them with the iso, siteXX.tgz included.. Cheers. -- Thanos Tsouanas .: My Music: http://www.thanostsouanas.com/ http://thanos.sians.org/ .: Sians Music: http://www.sians.org/
Re: wireless vulnerability
On Mon, Nov 13, 2006 at 04:34:45PM -0600, J Moore wrote: > I received the following from the SANS mailing list earlier today: > > Windows laptops with wireless cards that use Broadcom device drivers > (Broadcom chips are used in machines from HP, Dell, Gateway, and > eMachines) are directly vulnerable to the attack that has gotten so much > press on Macintosh wireless. You are vulnerable if your wireless card > is turned on, even if you are not connected to a wireless access point. > > Does anyone know if the vulnerability is actuall in the OS (Windoze) or > is it in the driver itself? > i have no idea and i don't really care... you should read: http://www.openbsd.org/lyrics.html#39 i remember that there was a bug in atheros' hal blob which could be used to freeze accesspoints running on linux/madwifi, freebsd, and even vxworks. it probably got fixed in newer hal releases (who knows?) but the same blob is used in windows, netbsd, opensolaris and many other operating systems... except openbsd. reyk
PPTP over PF
Hi all, I am having problems with Windows PPTP client over PF NAT. The windows error generally indicates a GRE problem. There are mixed reports on google as to whether this should work. Does anyone have this working ? If so are there any tricks ? Steve
Re: wireless vulnerability
Driver, other systems are only vulnerable if they use ndiswrapper. ./nelson -murilo On Mon, Nov 13, 2006 at 04:34:45PM -0600, J Moore wrote: > I received the following from the SANS mailing list earlier today: > > Windows laptops with wireless cards that use Broadcom device drivers > (Broadcom chips are used in machines from HP, Dell, Gateway, and > eMachines) are directly vulnerable to the attack that has gotten so much > press on Macintosh wireless. You are vulnerable if your wireless card > is turned on, even if you are not connected to a wireless access point. > > Does anyone know if the vulnerability is actuall in the OS (Windoze) or > is it in the driver itself? > > Thnx, > Jay
Re: Problem with Intel PRO/1000GT (82541GI) adaptors
On 11/13/06, Joe <[EMAIL PROTECTED]> wrote: > > I have 2 of these adaptors > "Intel PRO/1000GT (82541GI)" rev 0x05 > > The 82541GI chipset is supported by em(4). > > Every day, the box "drops" of the network. The interfaces show > themselves as active, but I can't ping, arp, or sniff any traffic. A > reboot solves the problem. Is anyone else having this problem? > > For now, I had to remove the NICs because the box is a firewall and goes > down at random times throughout the day. I didn't notice any particular > traffic patterns. Output of `ifconfig` and `netstat -m` is also helpful. I had this issue too in 3.8 and 3.9, but it is really rare. It happens on both firewalls, and only on the internal interface. I've talked to a few others with the same issue too. Happened about once every few months or so. http://archives.neohapsis.com/archives/openbsd/2006-06/1813.html em1 at pci2 dev 2 function 0 "Intel PRO/1000MT (82546GB)" rev 0x03: irq 9, address 00:04:23:a9:18:06 em2 at pci2 dev 2 function 1 "Intel PRO/1000MT (82546GB)" rev 0x03: irq 9, address 00:04:23:a9:18:07 You'll probably notice the same thing I did (OACTIVE in the output of ifconfig). I couldn't find any patterns though, unfortunately. I know there were some related changes in 4.0 though, so I'm hoping that fixes it. -- Kian Mohageri
Problem with Intel PRO/1000GT (82541GI) adaptors
I have 2 of these adaptors "Intel PRO/1000GT (82541GI)" rev 0x05 The 82541GI chipset is supported by em(4). Every day, the box "drops" of the network. The interfaces show themselves as active, but I can't ping, arp, or sniff any traffic. A reboot solves the problem. Is anyone else having this problem? For now, I had to remove the NICs because the box is a firewall and goes down at random times throughout the day. I didn't notice any particular traffic patterns. DMESG: OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Esther processor 1500MHz ("CentaurHauls" 686-class) 1.50 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI, MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2 cpu0: unknown Enhanced SpeedStep CPU, msr 0x08100f1308000f13 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1500 MHz (1004 mV): speeds: 1500, 800 MHz cpu0: RNG AES AES-CTR SHA1 SHA256 RSA real mem = 469254144 (458256K) avail mem = 419975168 (410132K) using 4256 buffers containing 23564288 bytes (23012K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(50) BIOS, date 01/02/06, BIOS32 rev. 0 @ 0xf9350, SMB IOS rev. 2.3 @ 0xf0800 (39 entries) apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xc4e4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc440/160 (8 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 8 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8237 ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xfc00 0xd/0x8000! 0xd8000/0x4400! 0xdd000/0x1000 0 xde000/0x1000 0xdf000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA CN700 Host" rev 0x00 pchb1 at pci0 dev 0 function 1 "VIA CN700 Host" rev 0x00 pchb2 at pci0 dev 0 function 2 "VIA CN700 Host" rev 0x00 pchb3 at pci0 dev 0 function 3 "VIA PT890 Host" rev 0x00 pchb4 at pci0 dev 0 function 4 "VIA CN700 Host" rev 0x00 pchb5 at pci0 dev 0 function 7 "VIA CN700 Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "VIA S3 Unichrome PRO IGP" rev 0x01: aperture at 0 xf400, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "VIA VT6306 FireWire" rev 0x80 at pci0 dev 13 function 0 not configured vge0 at pci0 dev 14 function 0 "VIA VT612x" rev 0x11: irq 5, address ciphy0 at vge0 phy 1: Cicada CS8201 10/100/1000TX PHY, rev. 2 pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd1 at pciide1 channel 0 drive 0: wd1: 16-sector PIO, LBA48, 38154MB, 78140160 sectors wd1(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 11 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered viapm0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00 iic0 at viapm0 auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x60: irq 5 ac97: codec id 0x56494182 (VIA Technologies <82>) ac97: codec features 18 bit DAC, 18 bit ADC, No 3D Stereo audio0 at auvia0 em0 at pci0 dev 19 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: irq 10, address em1 at pci0 dev 20 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: irq 11, address isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at
Thanks for ontime releases
[i run freebsd and openbsd servers] FreeBSD 6.2 is delayed again and I won't be able to do any testing before the retail season kicks in. I just want to say thanks to the OpenBSD developers for picking a date and sticking with it. I can depend on OpenBSD being released on time.
Re: Marvell Yukon 88E8053 on Apple Mac mini (hanging system)
> I experimented a bit - no success, though some news: > > > Using ACPI is indeed the solution to the problem. Unfortunately our > > ACPI support isn't quite there yet. There's a patch that makes it > > work on my mini: > > > > http://www.xs4all.nl/~sibelius/acpi-apic.diff > > I tried that patch, though one of the files the patch creates doesn't > compile so far. I just want to share now what I found out. I did: > > * Installing the latest snapshot on the Mac mini (DMESG below) > * Updating the source tree to -current on another i386 machine > * Transfering the source tree to the Mac mini (tar archive on a CD) > * Applying the patch > * Compiling a new kernel (at least I tried to ;-) ) > > The problematic file is acpimadt.c (created by the patch). I get this > error: > > cc -g -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes > -Wno-uninitialized -Wno-format -Wno-main -Wstack-larger-than-2047 > -fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I. > -I/usr/src/sys/arch/i386/compile/GENERIC.ACPI/../../../../arch > -I/usr/src/sys/arch/i386/compile/GENERIC.ACPI/../../../.. -DDDB > -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS -DPTRACE -DCRYPTO > -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT -DCOMPAT_35 > -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA > -DEXT2FS -DMFS -DXFS -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT > -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ > -DINET6 -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG > -DI386_CPU -DI486_CPU -DI586_CPU -DI686_CPU -DUSER_PCICONF -DUSER_LDT > -DAPERTURE -DCOMPAT_SVR4 -DCOMPAT_IBCS2 -DCOMPAT_LINUX > -DCOMPAT_FREEBSD -DCOMPAT_BSDOS -DCOMPAT_AOUT -DPROCFS -DPCIVERBOSE > -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL > -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6" > -DWSDISPLAY_COMPAT_PCVT -DPCIAGP -DONEWIREVERBOSE -DMULTIPROCESSOR > -DMPVERBOSE -DACPIVERBOSE -DACPI_ENABLE -D_KERNEL -Di386 -c > /usr/src/sys/arch/i386/compile/GENERIC.ACPI/../../../../dev/acpi/acpimadt.c > /usr/src/sys/dev/acpi/acpimadt.c: In function `acpimadt_attach': > /usr/src/sys/dev/acpi/acpimadt.c:129: warning: assignment makes > integer from pointer without a cast > /usr/src/sys/dev/acpi/acpimadt.c:206: error: invalid type argument of `->' > /usr/src/sys/dev/acpi/acpimadt.c:207: error: invalid type argument of `->' > /usr/src/sys/dev/acpi/acpimadt.c:235: error: invalid type argument of `->' > /usr/src/sys/dev/acpi/acpimadt.c:236: error: invalid type argument of `->' > *** Error code 1 > > Stop in /usr/src/sys/arch/i386/compile/GENERIC.ACPI (line 3908 of > Makefile). > > > > I'm actively working on integrating it though, so it might no longer > > apply later this weekend. > > Don't know if that's the cause for the error or if I did something > wrong, following -current is quite new to me. Anyway, I hope that you > post here if there are any news regarding this. Thank you! :-) It might be. I updated the patch. Start with a clean tree before trying to apply it (and you might want to check whether it builds on that other i386 box first). Mark
wireless vulnerability
I received the following from the SANS mailing list earlier today: Windows laptops with wireless cards that use Broadcom device drivers (Broadcom chips are used in machines from HP, Dell, Gateway, and eMachines) are directly vulnerable to the attack that has gotten so much press on Macintosh wireless. You are vulnerable if your wireless card is turned on, even if you are not connected to a wireless access point. Does anyone know if the vulnerability is actuall in the OS (Windoze) or is it in the driver itself? Thnx, Jay
PIII Dell Laptop XWindows
I've just installed OBSD current on a PIII Dell piece o' junk lying around here dmesg below ... xorgcfg works wonderful, but startx quits like it shows below. Would love to tell X "Hey, use whatever you used for xorgcfg because that works perfectly!" --- startx error msg --- xauth: creating new authority file /root/.serverauth.2993 _XSERVTransSocketUNIXCreateListener: ...SocketCreateListener() failed _XSERVTransMakeAllCOTSServerListeners: server already running Fatal server error: Cannot establish any listening sockets - Make sure an X server isn't already running Please consult the The X.Org Foundation support at http://wiki.X.Org for help. Please also check the log file at "/var/log/Xorg.0.log" for additional information. giving up. /usr/X11R6/bin/xinit: Connection refused (errno 61): unable to connect to X server /usr/X11R6/bin/xinit: No such process (errno 3): unexpected signal 2. --- dmesg --- OpenBSD 4.0-current (GENERIC) #1208: Fri Nov 10 15:25:11 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III ("GenuineIntel" 686-class) 648 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,F XSR,SSE real mem = 536289280 (523720K) avail mem = 481206272 (469928K) using 4256 buffers containing 26939392 bytes (26308K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 03/05/03, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf6d60 (58 entries) bios0: Dell Computer Corporation Latitude CPx J650GT apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbd20/128 (6 entries) pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371 ISA and IDE" rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03 ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Mobility 1" rev 0x64 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) cbb0 at pci0 dev 3 function 0 "TI PCI1225 CardBus" rev 0x01: irq 11 cbb1 at pci0 dev 3 function 1 "TI PCI1225 CardBus" rev 0x01: irq 11 pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02 pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 19077MB, 39070080 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/ cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x03: SMI iic0 at piixpm0 esa0 at pci0 dev 8 function 0 "ESS Maestro 3" rev 0x10: irq 5 ac97: codec id 0x83847609 (SigmaTel STAC9721/23) ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D audio0 at esa0 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 3 device 0 cacheline 0x8, lattimer 0x20 pcmcia1 at cardslot1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ef4d netmask ef4d ttymask ffcf pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dc0 at cardbus1 dev 0 function 0 "NETGEAR, Inc., FA511, CardBus Mobile Adapter" irq 11 address 00:10:7a:69:56:71 ukphy0 at dc0 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI 0x000749, model 0x0001 dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Marvell Yukon 88E8053 on Apple Mac mini (hanging system)
I experimented a bit - no success, though some news: Using ACPI is indeed the solution to the problem. Unfortunately our ACPI support isn't quite there yet. There's a patch that makes it work on my mini: http://www.xs4all.nl/~sibelius/acpi-apic.diff I tried that patch, though one of the files the patch creates doesn't compile so far. I just want to share now what I found out. I did: * Installing the latest snapshot on the Mac mini (DMESG below) * Updating the source tree to -current on another i386 machine * Transfering the source tree to the Mac mini (tar archive on a CD) * Applying the patch * Compiling a new kernel (at least I tried to ;-) ) The problematic file is acpimadt.c (created by the patch). I get this error: cc -g -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-uninitialized -Wno-format -Wno-main -Wstack-larger-than-2047 -fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I. -I/usr/src/sys/arch/i386/compile/GENERIC.ACPI/../../../../arch -I/usr/src/sys/arch/i386/compile/GENERIC.ACPI/../../../.. -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT -DCOMPAT_35 -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DXFS -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6 -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DI386_CPU -DI486_CPU -DI586_CPU -DI686_CPU -DUSER_PCICONF -DUSER_LDT -DAPERTURE -DCOMPAT_SVR4 -DCOMPAT_IBCS2 -DCOMPAT_LINUX -DCOMPAT_FREEBSD -DCOMPAT_BSDOS -DCOMPAT_AOUT -DPROCFS -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6" -DWSDISPLAY_COMPAT_PCVT -DPCIAGP -DONEWIREVERBOSE -DMULTIPROCESSOR -DMPVERBOSE -DACPIVERBOSE -DACPI_ENABLE -D_KERNEL -Di386 -c /usr/src/sys/arch/i386/compile/GENERIC.ACPI/../../../../dev/acpi/acpimadt.c /usr/src/sys/dev/acpi/acpimadt.c: In function `acpimadt_attach': /usr/src/sys/dev/acpi/acpimadt.c:129: warning: assignment makes integer from pointer without a cast /usr/src/sys/dev/acpi/acpimadt.c:206: error: invalid type argument of `->' /usr/src/sys/dev/acpi/acpimadt.c:207: error: invalid type argument of `->' /usr/src/sys/dev/acpi/acpimadt.c:235: error: invalid type argument of `->' /usr/src/sys/dev/acpi/acpimadt.c:236: error: invalid type argument of `->' *** Error code 1 Stop in /usr/src/sys/arch/i386/compile/GENERIC.ACPI (line 3908 of Makefile). I'm actively working on integrating it though, so it might no longer apply later this weekend. Don't know if that's the cause for the error or if I did something wrong, following -current is quite new to me. Anyway, I hope that you post here if there are any news regarding this. Thank you! :-) Below my DMESG with the -current kernel from the latest snapshot: OpenBSD 4.0-current (GENERIC) #1209: Sun Nov 12 22:37:02 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Genuine Intel(R) CPU 1400 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2 cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b2c06000b2c cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1833 MHz (1404 mV): speeds: 1833, 1000 MHz real mem = 2114367488 (2064812K) avail mem = 1920512000 (1875500K) using 4256 buffers containing 105840640 bytes (103360K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 07/29/05, SMBIOS rev. 2.4 @ 0xe73f0 (39 entries) bios0: Apple Computer, Inc. Macmini1,1 pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0xe600! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03 vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03: aperture at 0x9038, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vendor "Intel", unknown product 0x27a3 (class DASP subclass Time and Frequency, rev 0x03) at pci0 dev 7 function 0 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: irq 11 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Sigmatel STAC9221 (rev. 52.1), HDA version 1.0 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02 pci1 at ppb0 bus 1 mskc0 at pci1 dev 0 function 0 "Marvell Yukon 88E8053" rev 0x22, Marvell Yukon-2 EC rev. A3 (0x2): irq 11 msk0 at mskc0 port A, address 00:16:cb:a7:46:69 eephy0 at msk0 phy 0: Marvell 88E Gigabit PHY, rev. 2 ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02 pci2 at ppb1 bus 2 ath0 at pci2 dev 0 function 0 "Atheros AR5424" rev 0x01: irq 11 ath0: AR5424 10.3 phy 6.1 rf 10.2, WORAW, address 00:17:f2:4d:19:ee uhci0 at pci0 dev 29 function 0 "Intel 82801
Speed of hardware accelerated IPSec VPNs
misc@: I've been asked by several users offlist about expected speeds of hardware accelerated IPSec VPNs. Rather than reply to each individually, I put together the following matrix. I created several VPNs on my 100Mb LAN, using a 2.4GHz Intel system[1] as the iperf "server", and a 1.0GHz PadlockACE VIA[2] and a 266MHz net4801[3] as the clients. I also added a Soekris vpn1411 to the VIA[4] and net4801[5] systems. All systems were running OpenBSD 4.0-RELEASE, and all VPNs were host-to-host and manually-keyed. Only one VPN was running at a time. net4801 VIA VPN net4801 vpn1411 VIA vpn1411 None 32.1Mb/s32.1Mb/s92.7Mb/s 92.7Mb/s MD5/3DES 3.510.017.9 39.7 SHA1/AES 6.310.167.3 65.4 SHA2/AES 5.2 5.240.1 40.1 Regards, Greg [1] http://firewallworks.com/archive/misc/20061113/hp_dmesg.txt [2] http://firewallworks.com/archive/misc/20061113/via_dmesg.txt [3] http://firewallworks.com/archive/misc/20061113/net4801_dmesg.txt [4] http://firewallworks.com/archive/misc/20061113/via_vpn1411_dmesg.txt [5] http://firewallworks.com/archive/misc/20061113/net4801_vpn1411_dmesg.txt \|/ ___ \|/[EMAIL PROTECTED]+- 2048R/38BD6CAB -+ @~./'O o`\.~@| 02BD EF81 91B3 1B33 64C2 | /__( \___/ )__\ | 3247 6722 7006 38BD 6CAB | `\__`U_/' +--+
OpenCON 2006
As you already know, OpenCON, the OpenBSD conference in Venice/Italy takes place on december 2.-3. Most talks are held by OpenBSD developers, but there will also be an impressive number of our developers attending the conference: Speakers are canacar, claudio, deraadt, dlg, felix, gwk, jsg, mbalmer, michele, and uwe. Also present will be jcs, krw, mglocker, robert, wvdputte, martin, reyk, grunk, dhartmei, aanriot, sturm, and bernd. Off course there will be an OpenBSD boot run by the usual suspects and you can buy our CD-ROMS, the Audio CD and other stuff. This is the premier opportunity to exchange information (and have a beer) with the OpenBSD folks. And of course this event is totally free to attend (if you want to join the 10 years OpenBSD party, there is a nominal fee, check our website for details.) For more information visit http://www.opencon.org/ and don't forget to register at http://www.opencon.org/registration.php. See you in Venice!
Re: openbsd on cisco hardware?
Original message >Date: Mon, 13 Nov 2006 08:16:16 -0600 >From: "Jeffrey C. Ollie" <[EMAIL PROTECTED]> >Subject: Re: openbsd on cisco hardware? >To: misc@openbsd.org > >On Sun, 2006-11-12 at 20:51 -0600, Jacob Yocom-Piatt wrote: >> i know this is likely not possible for a number of reasons but i figured >i'd >> ask: are there or have there been any plans to port openbsd to run on cisco >> hardware? > >It would only be interesting if you were able to develop drivers for the >various line cards. Without these it would be pointless. And I really >doubt that Cisco would be nice enough to open up their developer docs so >that drivers could be written. > bingo! i wanted to see if i could use a 2620 i had laying around for its T1 line card and this is why i didn't expect it to be possible. the ISP here at work supplies a couple T1 lines which terminate into 1721s and i'd very much like to remove all cisco gear from the network. there are cisco 7200s as edge routers at the ISP. anybody got advice on the cheapest way to connect to such routers? the sangoma, accoom, etc. cards are pretty pricey. cheers, jake >Jeff > >[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: openbsd + external sensor (t?, humidity, ...)
check out tinyos... get a cheap mote w/ USB, sprinkle other motes around as required. Jay On Thu, Nov 09, 2006 at 10:34:06AM +0100, the unit calling itself Julien TOUCHE wrote: > Hi > > i'm currently looking for solution to monitor external environment from > an openbsd server. > > i've found some (linux) apps > http://www.digitemp.com/software.shtml > http://www.redge.net/frogd/fr/ > http://owfs.sourceforge.net/index.html > http://misterhouse.sourceforge.net/ > > some integrated sensor (a bit expensive) > http://www.eesensors.com/websensor.html > http://www.sensorprobe.fr/ > http://thermotrack.free.fr > > and less expensive but with more electronic > http://perso.orange.fr/atexa_elec/ds1921/ds1921.htm > http://z-graphix.com/linux/temperature/howto.html > > except this one: > http://froggyhome.com/ > > has anyone advise to find cheap sensors (temperature, but also humdity, > pressure, light, electricity before UPS, ...) which are known to work > with openbsd ? > > > thanks > Regards > > Julien
Re: OpenBSD hoodies
On Sat, Nov 11, 2006 at 12:25:10PM -0600, Sam Fourman Jr. wrote: > that is VERY Cool, you did a Great job on that > > Someone should do a Puffy one :) > > Sam Fourman Jr. > > On 11/11/06, Jeroen Massar <[EMAIL PROTECTED]> wrote: > >Damian Wiest wrote: > >[..] > >> I'm hoping I won't get scolded for mentioning this: http://bsd.ee/~olev/ > > > >If you spend 770+ hours on that, I don't think anybody will even try to > >make an argument with you ;) Looks really cool! > > > >Greets, > > Jeroen For the record neither I, nor my mother, made that blanket. -Damian
Re: ftp-proxy issues
On Mon, 13 Nov 2006, Camiel Dobbelaar wrote: > Ok, I think I found something in your original tcpdump: > > Nov 11 15:15:04.389556 failinghost.domain.com.ftp > > ftp-proxy.domain.com.48293: P 202:233(31) ack 56 win 46 ^^ > (DF) [tos 0x10] >: 4510 0053 7066 4000 4006 0292 c2f5 20b4 [EMAIL PROTECTED]@...C5 B4 >0010: c2f5 20fe 0015 bca5 48d1 b99c bc2d 18c1 C5 C>..B0020: 8018 002e b0fa 0101 080a 0a4a e6fd B0C:...JC&C= >0030: d86c 040d 3235 3720 222f 2220 6973 2063 C l..257 "/" is c >0040: 7572 7265 6e74 2064 6972 6563 746f 7279 urrent directory >0050: 2e0d Whoops, and then pine dumped core on me. What I wanted to say: notice how failinghost shrinks the TCP window to just 46 bytes ("win 46"). That's not enough to fit the long path of the directory change, so that stays in the network buffers of the firewall waiting for failinghost to send an ACK with a bigger window size ("opening up the window"). Looks like failinghost is responsible for the stalled TCP connection. -- Cam
Need help with HDLC / FCS Errors - umsm and ppp
* Problem: Lots of HDLC / FCS Errors on Verizon Cellular Wireless Link For example when downloading a 10MB file, I'll usually get between 300 to 600 FCS errors (PPP> show hdlc). The dismal transfer rate via ftp is about 20KB/sec (roughly 160 to 200 Kbps) due to all the errors. The connection should be running in the 400 to 700 Kbps range at worst according to Verizon and might be able to do 1Mbps or better in my area since I'm right next to the towers. I've done tons of reading and researching on HDLC / FCS errors but I can not figure out what is the problem with this wireless link. The best I can do is go through the possible cuases that I know and state the results, if any, of investigating/testing said cause. Sorry for the long post but putting all the details in here seemed like the best bet. If you have any ideas or insights, I'd love to hear them... Hardware: (full dmesg at end of this very long email) System: Old Dell OptiPlex GX1 (PII-400Mhz) Adapter: PCI->PCMCIA Card (Ricoh 5C485 Chipset) Wireless: Kyocera KPC650 PC-CARD/PCMCIA (Cardbus 32-bit) Notes on HDLC: High-level Data Link Control According to wikipedia: http://en.wikipedia.org/wiki/HDLC "Some vendors, such as Cisco, implemented protocols such as Cisco HDLC that used the low-level HDLC framing techniques but didn't use the standard HDLC header." http://en.wikipedia.org/wiki/Cisco_HDLC I'm not sure if Verizon is using Cisco kit or if ppp(8) can handle it? Notes on Kyocera KPC650: The device shows up as a USB hub and should have two USB serial ports attached. The first USB serial port is the typical "modem" and the second is a "control port" of sorts for the device which is used for reading connection statistics like signal strength. The following link shows how Linux finds both USB serial ports on the USB hub but I've been unable to find any documentation or info regarding how to use the second USB serial port for controlling the device. http://wildbill.nulldevice.net/wordpress/?p=144 Thanks to the efforts of Jonathan Gray (jsg@) and others, the KPC650 shows up on OpenBSD (4.0-stable 2006.11.05) via the umsm(4) driver and the first USB serial port (/dev/cuaU0) on the KPC650 is accessible for use with ppp(8) and pppd(8). Possible Cause #1: Incorrect CHAT Script Though it's possible to get a bunch of initial HDLC / FCS errors due to a provider sending additional text before/after the CONNECT and your chat script not being set up to handle it, unfortunately, this is not the case/cause with VerizonWireless in my area. Possible Cause #2: Incorrect Escape Characters One possible/probable cause of HDLC / FCS errors is due to escape characters not being handled correctly. In particular, when using you're using software flow control (XON/XOFF), you need to escape the ^Q and ^S characters by setting the ACCMAP to 0x000a. set ctsrts off set aacmap 0x000a set escape 0xff (both with and without) Unfortunately, this is not the cause of the problems here. It may be worth noting that the ppp.conf files I've seen/found for other "Cellular Wireless Providers" like BigPond in the UK do use software flow control (``set ctsrts off'') with the device but the devices are not KPC650 cards. Possible Cause #3: Remote End Stops Talking PPP Now this is yet another possible cause for getting HDLC / FCS errors and happens when the remote end decides it doesn't want to talk ppp any more. Considering the odd "two serial" nature of the KPC650 it might actually be the problem. At the moment, I've got no clue how the second USB serial (control port) is supposed to be used but it makes some sense that it might be used for something more than just returning connection statistics. Since the OpenBSD umsm(4) driver only has one USB serial port instead of two, information from the remote end which should be destined for the second "control port" might mistakenly be making it's way onto the the one USB serial port provided by the driver? On rare occasion, when shutting down ppp (PPP> quit all) and restarting it, the chat script fails due to getting junk. I'm not sure if this is simply because a buffer did not get flushed or if the remote end thinks it's talking to the non-existant second control port? Debug: deflink: physical (put): iflag = a00, oflag = 6, cflag = 1cb00 Phase: deflink: Connected! Phase: deflink: opening -> dial Chat: Phone: #777 Chat: deflink: Dial attempt 1 of 1 Debug: m_enqueue: len = 2 Chat: Send: AT\^M Chat: Expect(30): OK Chat: Received: Debug: m_enqueue: len = 3 Debug: m_enqueue: len = 4 Chat: Received: [EMAIL PROTECTED]&} [EMAIL PROTECTED]'} }$\M-d}1~\^M Chat: Received
Re: ftp-proxy issues
Ok, I think I found something in your original tcpdump: Nov 11 15:15:04.389556 failinghost.domain.com.ftp > ftp-proxy.domain.com.48293: P 202:233(31) ack 56 win 46 (DF) [tos 0x10] : 4510 0053 7066 4000 4006 0292 c2f5 20b4 [EMAIL PROTECTED]@...C5 B4 0010: c2f5 20fe 0015 bca5 48d1 b99c bc2d 18c1 C5 C>..B
re0 realtek 8169 no link
hello all, i got hands on a msi ms-7008 with a onboard re nic. but -stable and -currents shows no link at all. under windows it is working fine. any hints? thomas OpenBSD 4.0-current (RAMDISK_CD) #113: Fri Nov 10 15:45:50 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz ("GenuineIntel" 686-class) 2.42 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID real mem = 2146988032 (2096668K) avail mem = 1951854592 (1906108K) using 4256 buffers containing 107474944 bytes (104956K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 11/26/04, BIOS32 rev. 0 @ 0xfdaf0, SMBIOS rev. 2.3 @ 0xf0630 (24 entries) bios0: MSI MS-7008 apm0 at bios0: Power Management spec V1.2 apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7b50/240 (13 entries) pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8237 ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xe800 0xe/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA PT880 Host" rev 0x00 pchb1 at pci0 dev 0 function 1 "VIA PT880 Host" rev 0x00 pchb2 at pci0 dev 0 function 2 "VIA PT880 Host" rev 0x00 pchb3 at pci0 dev 0 function 3 "VIA PT880 Host" rev 0x00 pchb4 at pci0 dev 0 function 4 "VIA PT880 Host" rev 0x00 pchb5 at pci0 dev 0 function 7 "VIA PT880 Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "NVIDIA GeForce4 Ti 4600" rev 0xa3 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) re0 at pci0 dev 7 function 0 "Realtek 8169" rev 0x10: irq 10, address 00:11:09:c6:86:5d rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 0 rl0 at pci0 dev 11 function 0 "Realtek 8139" rev 0x10: irq 12, address 00:50:22:84:e6:d8 rlphy0 at rl0 phy 0: RTL internal PHY "VIA VT6306 FireWire" rev 0x80 at pci0 dev 13 function 0 not configured pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 239372MB, 490234752 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6 atapiscsi0 at pciide1 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 5 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 5 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 10 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered pcib0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00 "VIA VT8233 AC97" rev 0x60 at pci0 dev 17 function 5 not configured isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask efed netmask ffed ttymask ffef rd0: fixed, 3800 blocks umass0 at uhub3 port 1 configuration 1 interface 0 umass0: USB DISK Pro, rev 2.00/30.00, addr 2 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets uhidev0 at uhub1 port 1 configuration 1 interface 0sd0 at scsibus1 targ 1 lun 0: SCSI0 0/direct removable uhidev0: Logitech USB Mouse, rev 1.10/6.20, addr 2, iclass 3/1 sd0: 123MB, 123 cyl, 64 head, 32 sec, 512 bytes/sec, 252928 sec total uhid at uhidev0 not configured wd0: no disk label dkcsum: wd0 matches BIOS drive 0x80 root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
Re: crash on 4.0 (but no ddb)
On 2006/11/13 11:30, Stephen Takacs wrote: > Alexander Hall wrote: > > Try a serial console, if possible. I have not been able to view the ddb > > output if the machine crashed while running X. Not sure if the caps lock > > etc was unresponsive, though. I am on a Dell Inspiron 4100. > > This laptop doesn't have any serial ports, but maybe one of those > USB<->RS-232 cables will work for this? no it won't, unfortunately, but many laptops have a "real" serial port on the motherboard that you can access with a docking station (ebay is often a good source for these) which generally would work a system console (you need to set it from the boot-loader e.g. type 'set tty com0' or place it in /etc/boot.conf)
Re: openbsd on cisco hardware?
That's what you get for trying to be clever before breakfast! :-) My error dawned upon me after I sent the email and while I was walking to work... in any case, floppy40.fs also exits back to Cisco monitor prompt with a "Bad magic number (0x0)" message. On Mon, 13 Nov 2006, Pete Vickers wrote: Apples & oranges I believe, this *might* be why: [EMAIL PROTECTED] ~/Desktop> file pix706.bin bsd.rd floppy40.fs pix706.bin: x86 boot sector bsd.rd: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped floppy40.fs: x86 boot sector /Pete On 13. nov. 2006, at 16.06, Jason George wrote: most PIX boxes are i386 based. IIRC I've booted bsd.rd on them in the past, nothing special except flash boot. pix515e# sh ver ... Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz Flash E28F128J3 @ 0xfff0, 16MB BIOS Flash AM29F400B @ 0xfffd8000, 32KB ... 0: Ext: Ethernet0 : address is 0012.00e1.cd67, irq 10 1: Ext: Ethernet1 : address is 0012.00e1.cd68, irq 11 2: Ext: Ethernet2 : address is 000e.0c59.bd1a, irq 11 ... Interface Ethernet0 "outside", is up, line protocol is up Hardware is i82559, BW 100 Mbps Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) ... they usually even come with a (non functioning under PIXOS) USB port too. I grabbed an old PIX 501 off the shelf... no such luck booting a standard i386 ramdisk image. CISCO SYSTEMS PIX-501 Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08 Compiled by morlee 16 MB RAM PCI Device Table. Bus Dev Func VendID DevID Class Irq 00 00 00 1022 3000 Host Bridge 00 11 00 8086 1209 Ethernet 9 00 12 00 8086 1209 Ethernet 10 Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001 Platform PIX-501 Flash=E28F640J3 @ 0x300 Use BREAK or ESC to interrupt flash boot. Use SPACE to begin flash boot immediately. Flash boot interrupted. 0: i8255X @ PCI(bus:0 dev:17 irq:9 ) 1: i8255X @ PCI(bus:0 dev:18 irq:10) Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0011.935f.08c6 Use ? for help. monitor> addr 192.168.4.234 address 192.168.4.234 monitor> server 192.168.4.3 server 192.168.4.3 monitor> file bsd.rd file bsd.rd monitor> ping 192.168.4.3 Sending 5, 100-byte 0xc3f8 ICMP Echoes to 192.168.4.3, timeout is 4 seconds: ! Success rate is 100 percent (5/5) monitor> tftp tftp [EMAIL PROTECTED] [snip] Received 4938658 bytes Bad magic number (0xab00450) monitor>
Re: crash on 4.0 (but no ddb)
Alexander Hall wrote: > Try a serial console, if possible. I have not been able to view the ddb > output if the machine crashed while running X. Not sure if the caps lock > etc was unresponsive, though. I am on a Dell Inspiron 4100. This laptop doesn't have any serial ports, but maybe one of those USB<->RS-232 cables will work for this? Although if it's X that's causing ddb not to appear, I can just exit back to the console when I'm not using the machine. It sometimes locks up immediately after or during the daily cron job. I enabled the "mark" stuff in syslog, and this is what shows up in /var/log/messages (daily cron runs at 08:30): Nov 11 07:49:37 icicle -- MARK -- Nov 11 08:09:38 icicle -- MARK -- Nov 11 08:29:38 icicle -- MARK -- Nov 11 10:08:40 icicle syslogd: restart Nov 11 10:08:40 icicle /bsd: OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 Nov 11 10:08:40 icicle /bsd: [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC I think that in this case the cron job finished because sendmail was invoked (this is /var/log/daemon): Nov 11 08:30:07 icicle identd[26402]: Connection from localhost.perlguru.net Nov 11 08:31:22 icicle identd[2040]: Connection from localhost.perlguru.net Nov 11 08:31:23 icicle identd[17847]: Connection from localhost.perlguru.net Nov 11 10:08:40 icicle named[1091]: starting BIND 9.3.2-P1 It's strange that the machine would freeze up *after* all the cron activity is finished. BTW, I removed softdep on all mounts in the fstab, in case that extra variable was an issue. Sadly X was running that day, so no ddb... > Or try typing "boot crash" or so, and see if anything happens, but you > maybe tried that earlier. Haven't tried that yet, but that's because I'm waiting for the machine to crash into ddb. :-) I can invoke ddb at the console with Ctrl-Alt-Esc, and then exit from it with "continue", but so far haven't been able to trigger it at the right time. I installed the "stress" package and tried using that to put some load on the system, but it hapilly kept chugging away all night long while running "stress --vm 1 --cpu 500".
Re: symon and 4.0
The package seems to be the same. I tried to install the package from scratch but the sysctl error is still there... On 2006/11/13 10:46, [EMAIL PROTECTED] wrote: > I've got a problem with symon and 4.0 after an upgrade from 3.9. did you upgrade symon to the package from 4.0? I couldn't tell since 3.9 and 4.0 both have the same version number, symon does usually need to be compiled under the OS version you run it on.
ip not forwarding after 4.0 rebuild.
I've been running 3.9 in a CARP pair for my firewalls. So I upgrade the box(well, rebuild it from scratch using the new CD), and things seem fine on the first log in. I fix up all the config files, so that all the 3.9 settings are in place, and make sure to pay attention to the settings that are new (like ipsec=NO in rc.conf). I test a failover and find that the interfaces are failing over individually. So I check the sysctl.conf setting for carp preempt and it is set to 1, which is good. But also a bit confusing. A little more investigation and I find the system isn't forwarding packets at all. Despite the setting in sysctl.conf, and also in the kernel according to the sysctl command. Check the following console output: # uname -a OpenBSD nuffi.nough.com 4.0 GENERIC#1107 i386 # date Tue Nov 14 02:01:52 EST 2006 # tcpdump -nettt -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: listening on pflog0, link-type PFLOG ^C 0 packets received by filter 0 packets dropped by kernel # date Tue Nov 14 02:03:29 EST 2006 # sysctl net.inet.ip.forwarding net.inet.ip.forwarding=1 # sysctl net.inet.ip.forwarding=1 net.inet.ip.forwarding: 1 -> 1 # sysctl net.inet.ip.forwarding=0 net.inet.ip.forwarding: 1 -> 0 # sysctl net.inet.ip.forwarding=1 net.inet.ip.forwarding: 0 -> 1 # cat /etc/sysctl.conf | grep forward | grep -v 6 net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4 packets #net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets # sysctl net.inet.carp.preempt net.inet.carp.preempt=1 tcpdump shows the phase 2 vpn traffic coming back into the box from the peers on the external interface, but none are properly established. I thought that the only thing that I needed to turn on for packet forwarding was that setting in sysctl.conf... Is there something that I am missing? If a system you'd built was doing this, what would you do next? TIA Nuffnough
Re: More IPsec configuration problems
Salut, Config: see http://marc.theaimsgroup.com/?l=openbsd-misc&m=116336496801052 Tonnerre [demime 1.01d removed an attachment of type application/pgp-signature]
Re: openbsd on cisco hardware?
Apples & oranges I believe, this *might* be why: [EMAIL PROTECTED] ~/Desktop> file pix706.bin bsd.rd floppy40.fs pix706.bin: x86 boot sector bsd.rd: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped floppy40.fs: x86 boot sector /Pete On 13. nov. 2006, at 16.06, Jason George wrote: most PIX boxes are i386 based. IIRC I've booted bsd.rd on them in the past, nothing special except flash boot. pix515e# sh ver ... Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz Flash E28F128J3 @ 0xfff0, 16MB BIOS Flash AM29F400B @ 0xfffd8000, 32KB ... 0: Ext: Ethernet0 : address is 0012.00e1.cd67, irq 10 1: Ext: Ethernet1 : address is 0012.00e1.cd68, irq 11 2: Ext: Ethernet2 : address is 000e.0c59.bd1a, irq 11 ... Interface Ethernet0 "outside", is up, line protocol is up Hardware is i82559, BW 100 Mbps Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) ... they usually even come with a (non functioning under PIXOS) USB port too. I grabbed an old PIX 501 off the shelf... no such luck booting a standard i386 ramdisk image. CISCO SYSTEMS PIX-501 Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08 Compiled by morlee 16 MB RAM PCI Device Table. Bus Dev Func VendID DevID Class Irq 00 00 00 1022 3000 Host Bridge 00 11 00 8086 1209 Ethernet 9 00 12 00 8086 1209 Ethernet 10 Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001 Platform PIX-501 Flash=E28F640J3 @ 0x300 Use BREAK or ESC to interrupt flash boot. Use SPACE to begin flash boot immediately. Flash boot interrupted. 0: i8255X @ PCI(bus:0 dev:17 irq:9 ) 1: i8255X @ PCI(bus:0 dev:18 irq:10) Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0011.935f.08c6 Use ? for help. monitor> addr 192.168.4.234 address 192.168.4.234 monitor> server 192.168.4.3 server 192.168.4.3 monitor> file bsd.rd file bsd.rd monitor> ping 192.168.4.3 Sending 5, 100-byte 0xc3f8 ICMP Echoes to 192.168.4.3, timeout is 4 seconds: ! Success rate is 100 percent (5/5) monitor> tftp tftp [EMAIL PROTECTED] [snip] Received 4938658 bytes Bad magic number (0xab00450) monitor>
More IPsec configuration problems
Salut, I have another problem with IPsec (using isakmpd). I used almost the example config, but depending on the target, I get packet loss in different amounts: * 10.16.1.131 to 10.1.2.9, for example, always stalls when trying to fetch web sites via https * 10.16.1.131 to 10.1.4.111 works well though, however, SSH connections tend to stand still after a couple of minutes, and get reset * 10.16.1.131 to 10.1.2.4 gives me sudden hangs when creating a lot of traffic Any idea what setting might cause this? When pinging through the VPN, I get the following statistics: 1 packets transmitted, 9967 packets received, 0% packet loss round-trip min/avg/max/stddev = 20.135/24.896/176.564/11.385 ms This doesn't seem very lossy, but it is actually enough to let some TCP connections stall, it seems. Looking at the logs, I used to see the following in pre-4.0 OpenBSD versions: Nov 13 14:53:46 rtsyg01 isakmpd[1447]: message_recv: invalid cookie(s) 5ca7897d133e5c6e 5edcdaaa3ed541a9 Nov 13 14:53:46 rtsyg01 isakmpd[1447]: dropped message from 213.189.149.229 port 500 due to notification type INVALID_COOKIE But it seems that these messages disappeared as well. Now, there is no note in the logs to why the packet loss occurrs at all. Ideas? Tonnerre [demime 1.01d removed an attachment of type application/pgp-signature]
NOVEDADES DVD 13-11-2006 - BAJAMOS LOS PRECIOS !!!!
TODO LO QUE BUSCAS ACA LO ENCONTRAS : MAIL PARA CONSULTAS - RECLAMOS Y PEDIDOS : [EMAIL PROTECTED] PAGINA : www.planbdvd.cjb.net BAJAMOS LOS PRECIOS !!! SUPER PROMO HASTA EL 28 DE NOVIEMBRE PARA COMPRAS DE 150 O MAS DVD $ 3.69 C/UNIDAD + ENVIO NUEVA ESCALA DE VALORES DE 01 A 15 -- $ 5.50 DE 16 A 35 -- $ 5.00 DE 36 A 50 -- $ 4.70 DE 51 A 99 -- $ 4.40 DE 100 A + -- $ 3.99 + GASTOS DE ENVIO NO DEJES DE BAJARTE LA LISTA ACTUALIZADA !!! NEVER SEND SPAM. IT IS BAD.
Re: openbsd on cisco hardware?
>most PIX boxes are i386 based. IIRC I've booted bsd.rd on them in the >past, nothing special except flash boot. > >pix515e# sh ver >... >Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz >Flash E28F128J3 @ 0xfff0, 16MB >BIOS Flash AM29F400B @ 0xfffd8000, 32KB >... >0: Ext: Ethernet0 : address is 0012.00e1.cd67, irq 10 >1: Ext: Ethernet1 : address is 0012.00e1.cd68, irq 11 >2: Ext: Ethernet2 : address is 000e.0c59.bd1a, irq 11 >... >Interface Ethernet0 "outside", is up, line protocol is up > Hardware is i82559, BW 100 Mbps > Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) >... > >they usually even come with a (non functioning under PIXOS) USB port >too. I grabbed an old PIX 501 off the shelf... no such luck booting a standard i386 ramdisk image. CISCO SYSTEMS PIX-501 Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08 Compiled by morlee 16 MB RAM PCI Device Table. Bus Dev Func VendID DevID Class Irq 00 00 00 1022 3000 Host Bridge 00 11 00 8086 1209 Ethernet 9 00 12 00 8086 1209 Ethernet 10 Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001 Platform PIX-501 Flash=E28F640J3 @ 0x300 Use BREAK or ESC to interrupt flash boot. Use SPACE to begin flash boot immediately. Flash boot interrupted. 0: i8255X @ PCI(bus:0 dev:17 irq:9 ) 1: i8255X @ PCI(bus:0 dev:18 irq:10) Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0011.935f.08c6 Use ? for help. monitor> addr 192.168.4.234 address 192.168.4.234 monitor> server 192.168.4.3 server 192.168.4.3 monitor> file bsd.rd file bsd.rd monitor> ping 192.168.4.3 Sending 5, 100-byte 0xc3f8 ICMP Echoes to 192.168.4.3, timeout is 4 seconds: ! Success rate is 100 percent (5/5) monitor> tftp tftp [EMAIL PROTECTED] [snip] Received 4938658 bytes Bad magic number (0xab00450) monitor>
Re: ftp-proxy issues
Camiel Dobbelaar schrieb: On Mon, 13 Nov 2006, Marc Peters wrote: 60 seconds, and the client gives me this message: 421 Service not available, remote server timed out. Connection closed (mac osx command line ftp-client) That CWD line did not pass out on the DMZ interface? no it didn't. it is everytime the same, that CWD line didn't pass the dmz interface and so the server didn't recieve the command. Because ftp-proxy can log the line, it has completely received it and will try to pass it out again. I can think of two things that may happen: (1) it's getting blocked (check pflog) i did check that before i sent the first mail to the list. if it would get blocked, the other transfers to this ftpd wouldn't work either. (2) libevent may be holding it (can you try setting "export EVENT_NOKQUEUE=1" and restart ftp-proxy from that shell? "top" should report "select" instead of "kqueue" in the WAIT column) that didn't change anything What happens if you remove the rdr for ftp-proxy? Does the control (port 21) connection work ok then? if i remove the ftp-proxy part and connect directly to the server, it is working fine: 192.168.0.14 UNKNOWN ftpuser [13/Nov/2006:15:39:05 +0100] "CWD internet/foo-com/staging/htdocs/leistungen" 250 - 192.168.0.14 UNKNOWN ftpuser [13/Nov/2006:15:39:05 +0100] "PWD" 257 - 192.168.0.14 UNKNOWN ftpuser [13/Nov/2006:15:39:08 +0100] "EPRT |1|192.168.0.14|49925|" 200 - 192.168.0.14 UNKNOWN ftpuser [13/Nov/2006:15:39:08 +0100] "LIST -al" 226 735
Re: openbsd on cisco hardware?
Jeffrey C. Ollie wrote: On Sun, 2006-11-12 at 20:51 -0600, Jacob Yocom-Piatt wrote: i know this is likely not possible for a number of reasons but i figured i'd ask: are there or have there been any plans to port openbsd to run on cisco hardware? It would only be interesting if you were able to develop drivers for the various line cards. Without these it would be pointless. And I really doubt that Cisco would be nice enough to open up their developer docs so that drivers could be written. Which leads to the obvious question (and one that I've had for a while, but now seems an opportune time to ask) of whether or not there is hardware that is custom-made for, or is well-suited to, the taks of routing network traffic. I'm going to admit my near-total ignorance of the subject, and hope someone with the knowledge is interested enough to answer. - Bret Jeff
Re: ftp-proxy issues
On Mon, 13 Nov 2006, Marc Peters wrote: > 60 seconds, and the client gives me this message: > 421 Service not available, remote server timed out. Connection closed (mac osx > command line ftp-client) > > That CWD line did not pass out on the DMZ interface? > > > > no it didn't. it is everytime the same, that CWD line didn't pass the dmz > interface and so the server didn't recieve the command. Because ftp-proxy can log the line, it has completely received it and will try to pass it out again. I can think of two things that may happen: (1) it's getting blocked (check pflog) (2) libevent may be holding it (can you try setting "export EVENT_NOKQUEUE=1" and restart ftp-proxy from that shell? "top" should report "select" instead of "kqueue" in the WAIT column) What happens if you remove the rdr for ftp-proxy? Does the control (port 21) connection work ok then?
Re: openbsd on cisco hardware?
On Sun, 2006-11-12 at 20:51 -0600, Jacob Yocom-Piatt wrote: > i know this is likely not possible for a number of reasons but i figured i'd > ask: are there or have there been any plans to port openbsd to run on cisco > hardware? It would only be interesting if you were able to develop drivers for the various line cards. Without these it would be pointless. And I really doubt that Cisco would be nice enough to open up their developer docs so that drivers could be written. Jeff [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: ftp-proxy issues
Camiel Dobbelaar schrieb: On Mon, 13 Nov 2006, Marc Peters wrote: this is the output from ftp-proxy: # /usr/sbin/ftp-proxy -d -D7 listening on 127.0.0.1 port 8021 #1 accepted connection from 192.168.0.14 #1 FTP session 1/100 started: client 192.168.0.14 to server 194.XXX.XX.180 via proxy 194.XXX.XX.254 #1 server: 220 194.XXX.XX.180 FTP server ready\r\n #1 client: USER ftpuser\r\n #1 server: 331 Password required for ftpuser.\r\n #1 client: PASS \r\n #1 server: 230 User ftpuser logged in.\r\n #1 client: SYST\r\n #1 server: 215 UNIX Type: L8\r\n #1 client: FEAT\r\n #1 server: 211-Features:\n #1 server: MDTM\n #1 server: REST STREAM\n #1 server: SIZE\r\n #1 server: 211 End\r\n #1 client: PWD\r\n #1 server: 257 "/" is current directory.\r\n #1 client: CWD internet/foo-com/staging/htdocs/leistungen\r\n Any idea how much time passed between the previous line and the line below? (How long before the client closed? Did it timeout?) 60 seconds, and the client gives me this message: 421 Service not available, remote server timed out. Connection closed (mac osx command line ftp-client) #1 client close #1 ending session That CWD line did not pass out on the DMZ interface? no it didn't. it is everytime the same, that CWD line didn't pass the dmz interface and so the server didn't recieve the command.
Re: openbsd on cisco hardware?
On Mon, 2006-11-13 at 14:04 +1100, Craig Barraclough wrote: > Last time I had a look, the platform was essentially a PII, with fxp > NICs and a PCI (or was it ISA?) flash card for the OS. PIX 525 has an Intel PIII 600Mhz CPU with fxp NICs. It uses Intel fxp boards but I have been told the NICs have additional hardware onboard to perform protocol offload. Haven't verified this though.
Re: symon and 4.0
On 2006/11/13 10:46, [EMAIL PROTECTED] wrote: > I've got a problem with symon and 4.0 after an upgrade from 3.9. did you upgrade symon to the package from 4.0? I couldn't tell since 3.9 and 4.0 both have the same version number, symon does usually need to be compiled under the OS version you run it on.
Re: openbsd on cisco hardware?
most PIX boxes are i386 based. IIRC I've booted bsd.rd on them in the past, nothing special except flash boot. pix515e# sh ver ... Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz Flash E28F128J3 @ 0xfff0, 16MB BIOS Flash AM29F400B @ 0xfffd8000, 32KB ... 0: Ext: Ethernet0 : address is 0012.00e1.cd67, irq 10 1: Ext: Ethernet1 : address is 0012.00e1.cd68, irq 11 2: Ext: Ethernet2 : address is 000e.0c59.bd1a, irq 11 ... Interface Ethernet0 "outside", is up, line protocol is up Hardware is i82559, BW 100 Mbps Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) ... they usually even come with a (non functioning under PIXOS) USB port too. /Pete On 13. nov. 2006, at 04.30, Jason George wrote: i know this is likely not possible for a number of reasons but i figured i'd ask: are there or have there been any plans to port openbsd to run on cisco hardware? googling for something like this is not very productive since the CARP vs. VRRP and firewall interoperation links dominate searches with "cisco openbsd" in them. Older Cisco routers will typically have a Motorola 68k or some MIPS- based processor. These devices will also usually have minimal RAM (1 to 4M). Not exactly a great setup for a target platform... I seem to recall that the 030-based Mot systems may have also be lacking in a proper MMU, but I could be wrong. I'm sure I'll be corrected by someone on the list. Newer gear will have a MIPS or PowerPC processor in them. x86 PIX boxes could conceivably be a target platform, but their lack of storage would require a flashboot-style installation, and thus would not be supported in an official manner, if even they were made to boot successfully. The same would go for the non-x86 modern gear. Frankly, Cisco's devices aren't even price-attractive, so as much as it would be mildly interesting to run OpenBSD on some PIX 515 boxes, it's a waste of time and money. --Jason
symon and 4.0
Hi I've got a problem with symon and 4.0 after an upgrade from 3.9. / # /usr/local/libexec/symon -d symon version 2.72 program id=12178 sending packets to udp 127.0.0.1 2100 started module df(wd0g) started module if(xl0) warning: mbuf() failed (sysctl() Invalid argument) warning: mbuf() failed (sysctl() Invalid argument) warning: mbuf() failed (sysctl() Invalid argument) Any mbuf or sysctl changes in 4.0 ? Thanks for tips