Re: rapidly rewriting a file causes filesystem to become full

[Joe Advisor]

I apologize for not wrapping my lines, I did not realize
that Yahoo mail does not autowrap.

So about the problem I am trying to solve.  Honestly,
I am actually not rewriting all that fast, but it's still
filling up a filesystem.  I am writing to maybe 4
files or so, each file is about 100 Kb to 400 Kb, and
I rewrite those about once every two seconds.  The
partition that these files are on is about 250 MB.
I have another partition which is about 10 GB, and
on that partition, there are maybe 100 files that
I rewrite, once again, at about two second intervals.

Some of the things I am writing are like cumulative
results from pfctl -vsq, so that I can track on a 
per queue address basis, how much traffic is going 
through that queue.  I have several hundred queues,
on some boxes, I have several thousand queues.  In
some other cases, I am rewriting pf.conf regularly 
because I am changing firewall rules as machines 
come on and come off the network.  To do this, I'm
doing things like keeping track of arp -na and then
seeing if a new MAC has come on, and if so, then I
change some firewall rules and/or put that new
machine that has appeared into a particular queue.

I am not aware of any way that I can get what I'm
trying to accomplish done without rewriting the
filesystem.  I would also like the ability to fast
reboot.  I did not realize that softdep + write
cache disabling is not the "blessed" method for
accomplishing this, it seems to be mentioned quite
a bit on this list.  

I hope this makes sense to you.  Thank you so much
for your help.  I guess I will look into trying
to use a RAM filesystem as a rewrite buffer and
periodically flush to disk as a persistant store.

--



Please wrap your lines. 

There is NO approved way of circumventing fsck with a 
rw filesystem.

Rapid rewrites are not a problem, as long as you do 
not do them so
fast that softdep cannot keep up.

I'm wondering what kind of problem you are trying to 
solve. Why do you
need to rewrite a file that fast?

 -Otto



 
-
Want to start your own business? Learn how on Yahoo! Small Business.

Re: Bug in ksh // Improvement for tar ?

[Uwe Dippel]

On Wed, 06 Dec 2006 00:40:15 -0700, Philip Guenther wrote:

> First off, I had earlier written this:
>>Now, the behavior you describe is required by the standard
> 
> Further checking shows that I was incorrect: if compliance to the
> SUSv3 XSI extension is claimed, then the 'test' utility must return
> true for this:
> [ -n = -n -o -n = -e ]

and ? Does it ?
# if [ -n = -n -o -n = -e ]; then
> echo bar
> fi
ksh: [: -n: unexpected operator/operand

No, not.

> says this:
> >4 arguments:
> The results are unspecified.

Results are unspecified, or syntax may be wrong or right. Do as you like
...

>  There was a thread back in Jan 2006, from which I'll point people at
> David Korn's final comment in the thread:
> 
> https://www.opengroup.org/sophocles/show_mail.tpl?CALLER=show_archive.tpl&source=L&listname=austin-group-l&id=9010

Oh, thanks for an enlightening read, really.

And what is the second last sentence in his message ?

> As a result, the only way to get a usable test was to just use the
> number of arguments as a guide.  This way would allow most of existing
> scripts to be portable, 

Does it ? No, not.


>> Woodchuck: Thanks for the confirmation of tar being frontend to pax.
>> Then, what is the good reason that the frontend kind of suppresses the
>> abilities of the underlying routine ?
> 
> What ability of pax is tar suppressing?  pax can't save files with names
> longer than 100 characters into 'ustar' or 'tar' format archives either.

Which is where *I* need to correct myself. I remembered a Fine Proposal on
this same list to use pax -x cpio for long filenames. But maybe this also
doesn't work ? If it does, however, would I mind another option to tar
for those with Woodchuck's old archives; like tar -a (for antique) using
the old tar format and for the rest the frontend for pax with '-x cpio' ?
I even guess pretty much, that for -t or -x or whatsoever, the program can
understand the archive format.

Uwe

Re: Bug in ksh // Improvement for tar ?

[Otto Moerbeek]

On Wed, 6 Dec 2006, Uwe Dippel wrote:

> Thanks for all the answers !
> 
> My concern was not the empty demo:
> > # demo=""
> > #  if [ "$demo" == "-n" -o "$demo" == "-e" ]; then
> >> echo bar
> >> fi
> > #
> which behaves logically (demo is not equal to neither -n nor -e; and so
> bar is not printed).
> My concern is more about this:
> > # demo="-n"
> > #  if [ "$demo" == "-n" -o "$demo" == "-e" ]; then
> >> echo bar
> >> fi
> > ksh: [: -n: unexpected operator/operand
> since 
> 1. the expression is found 'valid' on any *ksh* tutorial or book
> (though the [[ || ]] is preferred);
> 2. (as I wrote) syntax can not be dependent on the value of a variable.
> Ambiguity of an expression does not include invalidating syntax by
> another value. 
> 3. (Luke and Philip) I *am* talking about portability; the
> whole matter came up when I tried to run rkhunter on OpenBSD (I know, not
> needed !). But that software has around 5000 lines and plenty of tests,
> and it runs properly on - don't bash me - bash. No, I don't want bash. I
> do like a consistent behaviour of (pd)ksh. As far as I understand, the
> problem stems from a non-sensical treatment of the expression. If you
> write 
> # demo=foo
> # if [ "$demo" == "foo" -o "$demo" == "-e" ]; then
> > echo bar
> > fi
> bar
> That's fine. Obviously, ksh knows to handle the ambiguity properly ! Now:
> # demo="-n"
> # if [ "$demo" == "foo" -o "$demo" == "-e" ]; then
> > echo bar
> > fi
> ksh: [: foo: unexpected operator/operand 
> This is what I still consider a bug, having read all answers. 
> A line of source code can't become invalid
> syntax by a 'wrong' variable. The problem seems - as mentioned above - the
> wrong interpretation of the function of string "foo"; by somehow
> misinterpreting the "$demo" as -n:

Welcome to the world of string based processing. ksh implements '['
the same as it used to be: an external command. This means that quotes
get stripped and so on. This is to remain compatible with older shells.


> # if [ -n == "foo" -o "$demo" == "-e" ]; then
> > echo bar
> > fi
> ksh: [: foo: unexpected operator/operand It should properly do this,
> though:
> # if [ "-n" == "foo" -o "$demo" == "-e" ]; then
> > echo bar
> > fi
> ksh: [: foo: unexpected operator/operand but still, it doesn't. Even

Yes it is strange these are not accepted while the expression below is.

> though there is no ambiguity in the left part. Finally, it *does* this
> properly:
> # if [ "-n" == "foo" ]; then
> > echo bar
> > fi

I think this is parsed as:

 (-n empty string) == foo
 
Try
if [ -n == ]; then echo bar; fi

These are all borderline cases. Follow recommended shell programming
practises to avoid these.

> #
> Overall, (for those loving to read the man pages), this behaviour violates
> the precedence for binary operators:
> (listed and grouped in increasing order of precedence):
> 
>  Binary operators:
> 
>,
>= *= /= %= += -= <<= >>= &= ^= |=
>||
>&&
>|
>^
>&
>== !=

This is the list of precedence for arithmetic expressions, which are
not the same as the expressions handled by [ .. ] .

> 
> man ksh also states: 
> expr -o exprLogical OR.
> 
> > Secondly, I still need to resort to gtar for the backup of my users'
> > home directories (you know those silly long filenames in WORD). I
> > understand it is just a frontend to pax ? If it could process file names
> > with a length of 255, I'd be happy, I think.
> 
> Woodchuck: Thanks for the confirmation of tar being frontend to pax. Then,
> what is the good reason that the frontend kind of suppresses the
> abilities of the underlying routine ?

I'll reply to this in a separate thread.

-Otto

Re: Bug in ksh // Improvement for tar ?

[Otto Moerbeek]

On Wed, 6 Dec 2006, Uwe Dippel wrote:

> Woodchuck: Thanks for the confirmation of tar being frontend to pax. Then,
> what is the good reason that the frontend kind of suppresses the
> abilities of the underlying routine ?

tar is not a "frontend" to pax. Thesey share the same code, and are in
fact the same executable. The pax format is different from the ustar
format. 

The ustar format is defined by POSIX and does not allow for filename
larger than 100 chars or path names larger than 255 chars.

GNU choose to provide an extension, at the cost of reduced interoperability.

I use dump and restore for backup, they were made for that and have
the nice feature of being able to do incremental backups.

-Otto

Re: Moving from tcsh to pdksh: how to recall partially typed in command? (ESC-p)

[Martin Hedenfalk]

On 12/2/06, Alexander Farber <[EMAIL PROTECTED]> wrote:

Hi Otto,

On 12/2/06, Otto Moerbeek <[EMAIL PROTECTED]> wrote:
> It looks like ESC-p cycles, but ESC-n not. If you have a terminal that
> has a beep, you'll hear a beep when ESC-p wraps, but ESC-n keeps
> beeping when the end is reached. I'll take a look at this.

thank you.

IMHO it would be better, if ESC-p and ESC-n wouldn't "cycle"
but would stop at the last matching command - same as in tcsh.

Because otherwise a user might go through several useless
"cycles" until (s)he reliazes that the needed command isn't there


Hi, thank you for your feedback.
I've put an updated patch up on http://bzero.se/patches/ksh-history-v2.patch.

/martin hedenfalk


Regards
Alex

--
http://preferans.de

Re: source upgrade to 4.0 - what to check?

[Toni Mueller]

Hi Josh,

On Tue, 05.12.2006 at 16:51:07 -0500, Josh Grosse <[EMAIL PROTECTED]> wrote:
> 1.  build a 4.0 RAIDFrame system locally, in a qemu or vmware virtual
> machine if necessary, on spare hardware if not.

qemu could fill the bill if it supported the required target
architecture, but it doesn't. If I had spare hardware available, then I
had not asked. ;-}

But thank you for the qemu idea anyway, I'll probably look further into
that direction.


Best,
--Toni++

Re: Bug in ksh // Improvement for tar ?

[Philip Guenther]

On 12/6/06, Uwe Dippel <[EMAIL PROTECTED]> wrote:

On Wed, 06 Dec 2006 00:40:15 -0700, Philip Guenther wrote:

...

https://www.opengroup.org/sophocles/show_mail.tpl?CALLER=show_archive.tpl&source=L&listname=austin-group-l&id=9010


Oh, thanks for an enlightening read, really.

And what is the second last sentence in his message ?

> As a result, the only way to get a usable test was to just use the
> number of arguments as a guide.  This way would allow most of existing
> scripts to be portable,

Does it ? No, not.


Nice quote out of context there.  I especially like how you cut off
the end of his sentence, where he made clear how the non-portable
usage of -o, -a, and parens can be made portable *and* robust.

Or do you disagree with his judgement that
1) the addition of -o and -a had damaged scripts that didn't use them,
2) -o and -a were not implemented consistently at the time POSIX was
written, and
3) scripts should use one of the robust, consistent, and portable alternatives?

If so, well, I hope you enjoy that universe you live in.


Philip Guenther

Re: rapidly rewriting a file causes filesystem to become full

[Otto Moerbeek]

On Tue, 5 Dec 2006, Joe Advisor wrote:

> I apologize for not wrapping my lines, I did not realize
> that Yahoo mail does not autowrap.
> 
> So about the problem I am trying to solve.  Honestly,
> I am actually not rewriting all that fast, but it's still
> filling up a filesystem.  I am writing to maybe 4
> files or so, each file is about 100 Kb to 400 Kb, and
> I rewrite those about once every two seconds.  The
> partition that these files are on is about 250 MB.
> I have another partition which is about 10 GB, and
> on that partition, there are maybe 100 files that
> I rewrite, once again, at about two second intervals.

Just to be sure, are you sure you are closing all your file
descriptors? Check with fstat.

I checked the behaviour of a -current system. There were some softdep
fixes after 4.0. To be sure I also checked a 4.0-stable system.

With this loop:

while true; do echo foo > foo; sleep 1; done

I see ever increasing disk usage on 4.0-stable.
On -current it grows, but then it is back to zero again, repeatedly.

So the fixes in -current do make things better.

Now as for a suggestion on how to circumvent these problems:

Both on -stable and -current the loop below works for me, disk usage
stays very low. In general, it's better to write to a temp name first,
and only replace the original file if the writing did succeed:

while true; 
do
f=$(mktemp)
echo foo > $f
mv $f foo
done

-Otto

Re: Dell SAS 5iR

[David Gwynne]

On 06/12/2006, at 12:33 PM, Gustavo Rios wrote:


Dear friends,

i tried to figure it out whether DELL SAS 5iR is supported by openbsd
4.0 on i386 in the openbsd site, but i could not see! I wonder, if it
is not supported, if there are plans to support it ?


I'm so sure this hardware is supported by mpi that I added it to the  
manpage: http://www.openbsd.org/cgi-bin/man.cgi? 
query=mpi&apropos=0&sektion=0&manpath=OpenBSD 
+Current&arch=i386&format=html


dlg

Re: snort -i pflog0 trouble

[Olaf Schreck]

> I'm novice with OpenBSD and , may be
> snort -i pflog0
> a kind of bad practice? Or it known problem with OpenBSD 4.0 ?

Won't work.  Although pflog does create pcap style output, it is not 
data that would make sense to snort.

Use real interfaces for snort (eg rl0, fxp1, whatever).


ciao,
chakl

Re: source upgrade to 4.0 - what to check?

[Girish Venkatachalam]

On Wed, Dec 06, 2006 at 10:56:37AM +0100, Toni Mueller wrote:
> Hi Josh,
> 
> On Tue, 05.12.2006 at 16:51:07 -0500, Josh Grosse <[EMAIL PROTECTED]> wrote:
> > 1.  build a 4.0 RAIDFrame system locally, in a qemu or vmware virtual
> > machine if necessary, on spare hardware if not.
> 
> qemu could fill the bill if it supported the required target
> architecture, but it doesn't. If I had spare hardware available, then I
> had not asked. ;-}
> 
> But thank you for the qemu idea anyway, I'll probably look further into
> that direction.

Qemu for what? I missed the mail you are talking about.

Remember that qemu does runtime rewriting of code and that performance can suck 
big time. It is excellent for testing and odd emulation tasks.

But comparing qemu with vmware is not fair as it is not an apples to apples 
comparison.

But then I might be digressing as I have absolutely no context here.

Sorry if my mail is completely irrelevant.

It perhaps is so. :)

Best,
Girish
-- 
Linux is for folks who hate Windoze.

FreeBSD is for folks who love UNIX.

OpenBSD is for folks who can't live without UNIX.

Re: rapidly rewriting a file causes filesystem to become full

[Stuart Henderson]

On 2006/12/05 23:12, Joe Advisor wrote:
> Some of the things I am writing are like cumulative
> results from pfctl -vsq, so that I can track on a 
> per queue address basis, how much traffic is going 
> through that queue.

how about using a database of some kind? (not necessarily a full
separate RDBMS; db might be suitable, or SQLite may give more
useful options; /usr/ports/databases/sqlports/files/mksqlitedb
shows how to use it from Perl).

> In some other cases, I am rewriting pf.conf regularly 
> because I am changing firewall rules as machines 
> come on and come off the network.

One option may be to pipe the rules through 'pfctl -f -' and write
to disk periodically.

> I would also like the ability to fast reboot.

If you have filesystems which don't normally need to be RW, mount them
RO, then use 'mount -uw' when you need to make changes (and -ur afterwards).
A filesystem mounted RO at the time of an unclean reboot needs no fsck.
You might find this particularly useful for FS like /usr and maybe /.
A smaller RW filesystem with just a few files won't take long to fsck.
You'll have to decide what's acceptable and what trade-offs to make.

Re: submit.cf

[Stuart Henderson]

On 2006/12/06 01:51, [EMAIL PROTECTED] wrote:
> I could find no more from grep'ing the man pages.

for Sendmail documentation, see:

/usr/share/doc/smm/08.sendmailop
/usr/share/doc/smm/09.sendmail

the Makefiles can generate txt and postscript versions.

Re: problem with spamd-white table and greylisting

[peter dunaskin]

> > My configuration:
>You forgot spamlogd
I did not, it starts automatically when spamd_grey is enabled in
rc.conf. And I just tried to raise pf table-entries limit to 25
(default is 100k which is less than 180k I have in my spamdb
whitelist) but that didn't seem to fix the problem.

p.

Re: Commands don't work after rm -rf /*

[RedShift]

Shane J Pearson wrote:

On 06/12/2006, at 12:14 PM, Bryan Irvine wrote:

It's the anti-unix newbie avoidance system.  I propose a source change 
to rm
that *after* it has completed removing / it then displays a dialog 
that "the

system would prefer it if you ran windows millennium".  ;)


Oh man, that's low. I can understand being sentenced to Windows, but ME? 
That's harsh.






Yeah true, the whole 9x series are the worst operating systems in 
history. I do like windows xp though.


Glenn

rp-l2tp, ppp and pty problem

[Brian Candler]

I wonder if there's anyone here interested in helping me debug a problem
with pty's and pppd.

The background: I am porting rp-l2tp to work with OpenBSD. It's turned into
a bit of a nasty hack, because rp-l2tp uses a Linux-specific terminal
discipline (N_HDLC) and the 'sync' flag to pppd, neither of which OpenBSD
has.

So what I've done is got rp-l2tp to talk asynchronous ppp, which means
adding a CRC and escaping ACCM characters. It's not going to be the most
efficient solution in the world, but at least it doesn't involve changing
the OpenBSD kernel or utilities.

The patch in its current state is at
http://pobox.com/~b.candler/software/rp-l2tp-0.4-obsd-20061206.diff

Now, this is more or less working; I can bring up an L2TP tunnel
successfully, talking to a Cisco IOS box. (In fact I'm testing with L2TP
over IPSEC).

However, there is a problem when large ppp packets come along, which try to
send more than 1024 bytes through the pty. What seems to happen is that the
read() only returns 1024 bytes, and then even if I select() or sleep() no
further bytes are available until some later point in time when another set
of data is written to the pty (such as an LCP keepalive), which seems to
kick the rest of the data through.

What this means in practice is:

(1) If I send a single large ping, the response isn't seen.

# ping -c1 -s1000 10.71.0.1
PING 10.71.0.1 (10.71.0.1): 1000 data bytes
--- 10.71.0.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss

I've added some debugging in l2tpd, so if you run as "l2tp -f" you see the
following:

# l2tpd -f
read(8192): 27  << LCP/IPCP negotiations
write(32): 32
write(26): 26
read(8192): 34
read(8192): 23
write(44): 44
read(8192): 46
write(20): 20
write(16): 16
write(27): 27
read(8192): 30
read(8192): 29
write(29): 29
read(8192): 28
write(27): 27
read(8192): 1024<< first part of the ping
select(9): 0<< nothing further is available
  << pause >>
read(7169): 183 << rest of the ping plus an incoming LCP echo req
write(1183): 1183   << the ping response (far too late by now)
write(20): 20   << the LCP echo response
read(8192): 23
write(20): 20

(2) If I send a sequence of large pings, they appear to be delayed by 1
second:

# ping -c5 -s1000 10.71.0.1
PING 10.71.0.1 (10.71.0.1): 1000 data bytes
1008 bytes from 10.71.0.1: icmp_seq=0 ttl=255 time=1072.620 ms
1008 bytes from 10.71.0.1: icmp_seq=1 ttl=255 time=1077.472 ms
1008 bytes from 10.71.0.1: icmp_seq=2 ttl=255 time=1060.853 ms
1008 bytes from 10.71.0.1: icmp_seq=3 ttl=255 time=1095.591 ms
--- 10.71.0.1 ping statistics ---
5 packets transmitted, 4 packets received, 20.0% packet loss
round-trip min/avg/max/std-dev = 1060.853/1076.634/1095.591/12.502 ms

The corresponding l2tpd -f output is:

read(8192): 1024<< start of ping 1
select(9): 0
read(7169): 1024<< rest of ping 1 plus start of ping 2
select(9): 0
write(1184): 1184   << response to ping 1
read(7329): 1024<< end ping 2, start ping 3
select(9): 0
write(1185): 1185   << response to ping 2
read(7489): 483 << rest of ping 3
read(8192): 1024<< start of ping 4
select(9): 0
write(1187): 1187   << response to ping 3
read(7169): 1024<< rest of ping 4 plus start of ping 5
select(9): 0
write(1183): 1183   << response to ping 4

(3) If I send pings smaller than ping -s840, then less than 1024 bytes is
transferred through the pty and everything works smoothly.

I've had a look through the kernel source and I see the constant TTYHOG is
1024 bytes, which may or may not be related, but otherwise I don't have
enough understanding about how pty's work to try to find out what's
happening.

I've also tried to replicate this problem in a small program using forkpty,
but not been able to. Maybe it's related specifically to the ppp(4) driver
sending data over a pty.

Anyway, if there's anyone on this list who know is intimate with the
internals of pty(4) and ppp(4), knows enough about rp-l2tp to set up a test
rig, and would like to see the OpenBSD port working, I'd be very grateful
for your assistance.

Many thanks,

Brian Candler.

Re: mailgraph on 4.0 [SOLVED:ldconfig path - for archives]

[Stuart Henderson]

On 2006/12/06 09:45, Craig Skinner wrote:
> Any pointers would be great, eg: do I have to place /usr/X11R6/lib in
> $shlib_dirs variable in /etc/rc.conf.local? I did'nae have xbase40.tgz
> installed, so had to untar it as part of the install of mailgraph. Would
> this have "fixed it selv" on the next boot? Thanks.

Yes it would.
$ grep -B1 -A8 runtime.link /etc/rc

Re: snort -i pflog0 trouble

[Alexander Zatserkovniy]

Olaf Schreck wrote:
>> I'm novice with OpenBSD and , may be
>> snort -i pflog0
>> a kind of bad practice? Or it known problem with OpenBSD 4.0 ?
> 
> Won't work.  Although pflog does create pcap style output, it is not 
> data that would make sense to snort.
> 
> Use real interfaces for snort (eg rl0, fxp1, whatever).
> 

I do it, but external interface - bge0 ( GigabitEthernet ) and there are
three universities (GigEth) and Internet link (10Mbit/s). I can't parse
GE on the host (just two Xeon 2.4GHz) but I can select Internet traffic
via pf and want parse it. I use pflog data "log (all)".

Thanks!
Alexander Zatserkovniy

Re: submit.cf

[Stuart Henderson]

On 2006/12/06 06:20, Vijay Sankar wrote:
> Good day,
> 
> Is 
> 
> pic op.me | eqn -Tascii | groff -M/usr/share/tmac -Tascii -me  > 
> op.txt
> 
> the right way to generate the txt version of the documentation? Or is
> there a simpler way?

you could just 'make paper.txt', either way should work.

Re: submit.cf

[Vijay Sankar]

Good day,

Is 

pic op.me | eqn -Tascii | groff -M/usr/share/tmac -Tascii -me  > 
op.txt

the right way to generate the txt version of the documentation? Or is
there a simpler way?

Thanks very much,

Vijay



On Wed, 2006-06-12 at 10:51 +, Stuart Henderson wrote:
> On 2006/12/06 01:51, [EMAIL PROTECTED] wrote:
> > I could find no more from grep'ing the man pages.
> 
> for Sendmail documentation, see:
> 
> /usr/share/doc/smm/08.sendmailop
> /usr/share/doc/smm/09.sendmail
> 
> the Makefiles can generate txt and postscript versions.
> 
-- 
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: 204 885 9535, E-Mail: [EMAIL PROTECTED]

mailgraph on 4.0 [SOLVED:ldconfig path - for archives]

[Craig Skinner]

Hi misc@ & ports@

I'm migrating boxes from 3.9 to 4.0 and was unable to run mailgraph on
4.0/i386.

# /usr/local/bin/mailgraph -d -l /var/log/maillog --rbl-is-spam
Can't load '/usr/local/libdata/perl5/site_perl/i386-openbsd/auto/RRDs/RRDs.so' 
for module RRDs: Cannot load specified object at 
/usr/libdata/perl5/i386-openbsd/5.8.8/DynaLoader.pm line 230.
 at /usr/local/bin/mailgraph line 287
Compilation failed in require at /usr/local/bin/mailgraph line 287.
BEGIN failed--compilation aborted at /usr/local/bin/mailgraph line 287.


Perl is not yet one of my languages, so I checked a few basics
(permissions, mounts, and wotnot as below) and did'nae come up with
anything obvious.

Google said this was due to ldconfig on 3.9:
http://archives.neohapsis.com/archives/openbsd/2006-05/3009.html

I cannae mind having to dae this on 3.9/i386, nevertheless:

# ldconfig /usr/lib /usr/local/lib /usr/X11R6/lib
# /usr/local/bin/mailgraph -d -l /var/log/maillog --rbl-is-spam
$ ps ax | fgrep mailgraph
22431 ??  Is  0:11.94 /usr/bin/perl -w /usr/local/bin/mailgraph -d -l 
/var/log/maillog --rbl-
$ /sbin/ldconfig -r | fgrep fontconfig
73:-lfontconfig.3.0 => /usr/X11R6/lib/libfontconfig.so.3.0



I have not yet applied errata 005 for ld.so

Any pointers would be great, eg: do I have to place /usr/X11R6/lib in
$shlib_dirs variable in /etc/rc.conf.local? I did'nae have xbase40.tgz
installed, so had to untar it as part of the install of mailgraph. Would
this have "fixed it selv" on the next boot? Thanks.

$ ls -lh /usr/local/bin/mailgraph
-r-xr-xr-x  1 root  bin  24.6K Sep  2 12:27 /usr/local/bin/mailgraph*

$ ls -lh /usr/local/libdata/perl5/site_perl/i386-openbsd/auto/RRDs/RRDs.so
-rwxr-xr-x  1 root  bin   120K Sep  2 20:41 
/usr/local/libdata/perl5/site_perl/i386-openbsd/auto/RRDs/RRDs.so*

$ ls -lh  /usr/libdata/perl5/i386-openbsd/5.8.8/DynaLoader.pm
-r--r--r--  1 root  wheel  27.5K Sep 17 02:17 
/usr/libdata/perl5/i386-openbsd/5.8.8/DynaLoader.pm

$ mount | fgrep /usr
/dev/wd0i on /usr type ffs (local, noatime, nodev)
/dev/wd0j on /usr/local type ffs (local, noatime, nodev)


$ grep ^use /usr/local/bin/mailgraph
use Carp;
use Symbol;
use Time::Local;
use strict;
use vars qw($VERSION);
use RRDs;
use strict;
use File::Tail;
use Getopt::Long;
use POSIX 'setsid';

$ pkg_info
apg-2.2.3p0 automated password generator
colorls-3.9 ls that can use color to display file attributes
expat-2.0.0 XML 1.0 parser written in C
expect-5.43.0p0-no_tk sophisticated scripter based on Tcl/Tk
gd-2.0.33p3 library for dynamic creation of images
gdbm-1.8.3p0GNU dbm
gettext-0.14.5p1GNU gettext
jpeg-6bp3   IJG's JPEG compression utilities
libiconv-1.9.2p3character set conversion library
links-0.99  text browser, displays while downloading
maildrop-1.7.0  local mail delivery agent with filtering abilities
mailgraph-1.12  a RRDtool frontend for Postfix statistics
mod_gzip-1.3.26.1ap0 transparently compress Apache output
mutt-1.5.12 tty-based e-mail client, development version
nsping-0.8  DNS ping
p5-File-Tail-0.99.3 library for reading from continuously updated files
passwdqc-0.1plugin password complexity checker for passwd(1)
pcre-6.4p1  perl-compatible regular expression library
png-1.2.12  library for manipulating PNG images
postfix-2.3.2   fast, secure sendmail replacement
rrdtool-1.0.49p3system to store and display time-series data
squid-2.5.STABLE13  WWW and FTP proxy cache and accelerator
tcl-8.4.7p1 Tool Command Language
vim-7.0.42-no_x11   vi clone, many additional features


$ cat -n /usr/local/bin/mailgraph | fgrep 287
   287  use RRDs;

$ cat -n /usr/libdata/perl5/i386-openbsd/5.8.8/DynaLoader.pm | egrep '230|231'
   230  my $libref = dl_load_file($file, $module->dl_load_flags) or
   231  croak("Can't load '$file' for module $module: ".dl_error());

$ uname -a
OpenBSD teak.kepax.co.uk 4.0 GENERIC#1107 i386

Re: snort -i pflog0 trouble

[Stuart Henderson]

On 2006/12/06 22:18, Alexander Zatserkovniy wrote:
> Olaf Schreck wrote:
> >> I'm novice with OpenBSD and , may be
> >> snort -i pflog0
> >> a kind of bad practice? Or it known problem with OpenBSD 4.0 ?
> > 
> > Won't work.  Although pflog does create pcap style output, it is not 
> > data that would make sense to snort.

the rest of the packets are still there, just prepended by a pflog header
holding rule, interface, etc: see pflog(4). snort could be taught to strip
it off, just like tcpdump knows how to.

sys/net/if_pflog.h
usr.sbin/tcpdump/print-pflog.c 

> I do it, but external interface - bge0 ( GigabitEthernet ) and there are
> three universities (GigEth) and Internet link (10Mbit/s). I can't parse
> GE on the host (just two Xeon 2.4GHz) but I can select Internet traffic
> via pf and want parse it. I use pflog data "log (all)".

good idea, and with -current you can have multi pflog interfaces
which you might find useful too.

Re: rp-l2tp, ppp and pty problem

[Brian Candler]

On Wed, Dec 06, 2006 at 11:35:00AM +, Brian Candler wrote:
> Anyway, if there's anyone on this list who know is intimate with the
> internals of pty(4) and ppp(4), knows enough about rp-l2tp to set up a test
> rig, and would like to see the OpenBSD port working, I'd be very grateful
> for your assistance.

P.S. The patch also adds a -c option to l2tpd to allow a config file to be
specified. This lets you run multiple instances of l2tpd bound to different
IP addresses or ports.

So, you can run a completely local test between two instances of l2tpd. The
configuration files for this are given below. You need to make sure you have
two ppp interfaces:

# ifconfig ppp0 create
# ifconfig ppp1 create

Then proceed like this:

[screen 1]
# l2tpd -f -c /etc/l2tp/l2tp.conf.lac

[screen 2]
# l2tpd -f -c /etc/l2tp/l2tp.conf.lns

[screen 3]
# l2tp-control "start-session 127.0.0.1"

This brings up the link, and you can then demonstrate the problem:

# ping -s1000 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 1000 data bytes
1008 bytes from 10.0.0.1: icmp_seq=0 ttl=255 time=2031.528 ms
1008 bytes from 10.0.0.1: icmp_seq=1 ttl=255 time=2030.287 ms
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 2 packets received, 50.0% packet loss
round-trip min/avg/max/std-dev = 2030.287/2030.907/2031.528/1.554 ms

In this case the packets are delayed by 2 seconds, as you get the problem
occuring in both directions.

Regards,

Brian.

==> /etc/l2tp/l2tp.conf.lac <==
global
load-handler "async-pppd.so"
load-handler "cmd.so"

listen-addr 127.0.0.1
listen-port 1

section async-pppd
lac-pppd-opts "noauth user foouser name foouser noipdefault ipcp-accept-local 
ipcp-accept-remote lcp-echo-interval 30 lcp-echo-failure 6 debug"

section peer
peer 127.0.0.1
port 1701
lac-handler async-pppd

section cmd

==> /etc/l2tp/l2tp.conf.lns <==
global
load-handler "async-pppd.so"
load-handler "cmd.so"

listen-addr 127.0.0.1
listen-port 1701

section async-pppd
lns-pppd-opts "require-chap 10.0.0.1:10.0.0.2 lcp-echo-interval 30 
lcp-echo-failure 6 debug"

section peer
peer 127.0.0.1
port 1
lns-handler async-pppd

section cmd
socket-path /var/run/l2tpctrl-lns

==> /etc/ppp/chap-secrets <==
foouser *   xyzzy   *

Re: Bug in ksh // Improvement for tar ?

[Uwe Dippel]

On Wed, 06 Dec 2006 10:11:34 +0100, Otto Moerbeek wrote:

> tar is not a "frontend" to pax. Thesey share the same code, and are in
> fact the same executable. The pax format is different from the ustar
> format. 
> 
> The ustar format is defined by POSIX and does not allow for filename
> larger than 100 chars or path names larger than 255 chars.
> 
> GNU choose to provide an extension, at the cost of reduced interoperability.

Thanks, Otto, for a clear technical explanation. (All my statements were
taken from the archive; mistakenly it seems.)
 
> I use dump and restore for backup, they were made for that and have the
> nice feature of being able to do incremental backups.

I am a big fan of dump/restore. Sometimes, it simply does not feel 'the
right tool'.
And sometimes there are archives coming from gtar. And I can't tell my
hundreds of users how crappy MS Office is (actually, I do ! But it doesn't
help very much).
Any chance to add '-g' as 
"create / read an archive in gtar format. Discouraged, though ?"

Uwe

satiny

[Cooper W. Winifred]

Audio files can be freely downloaded for private use but commercial use - even
excerpts - is prohibited.
Too many to mention lol See also Internet Archive under Archives.
: This work is licensed under a org columnist Robert X Cringely. Provides
tools to help you find and publish audio and video podcasts.
Provides support for music podcasters wishing to deliver permission-based,
legal music.
Licensees can quickly get quotes, make payments, download valid agreements and
CD quality wav files.
Provides further information and net label resources.
Subscribe to comments for this post
A collection of public affairs lectures, panels and events from academic
institutions all over the world. Releases include CDs, DVDs and a
constantly-evolving repertoire of downloadable audio-visual files. All videos
use a Creative Commons Share-Alike license which permits redistribution. com
as part of your list. allow the works on the site to be used for
non-commercial educational purposes.
Wikipedia - Royalty Free Music
The Pittsburgh based label has released its catalog under a Creative Commons
Attribution-Non-Commercial-NoDerivs license. A collection of short clips
created for live video mixing. If I ever took the time to post the stories as
I get them, I'd prolly have visits out the roof, but then I wouldn't be able
to get as many stories.
- fantastic list and nicely categorized.
You can create your own customizable streaming media site and add streaming
media players to existing sites. For example does the site import or export
RSS feeds? - not comprehensive, but has interesting and unique
categorizations. Every artist has an online store full of merchandise that you
can purchase if you wish to support them.
A project and podcast created by Grant Robinson that highlights a CC licensed
song every single day of the year.
We had just re-vamped our website. You can search video metadata using text
queries to find keywords associated with the recording.

[demime 1.01d removed an attachment of type image/gif which had a name of 
bric-a-brac.gif]

Re: Bug in ksh // Improvement for tar ?

[Hannah Schroeter]

Hello!

On Wed, Dec 06, 2006 at 10:17:11PM +0800, Uwe Dippel wrote:
>[...]

>And sometimes there are archives coming from gtar. And I can't tell my
>hundreds of users how crappy MS Office is (actually, I do ! But it doesn't
>help very much).
>Any chance to add '-g' as 
>"create / read an archive in gtar format. Discouraged, though ?"

Why?

It's so simple to type
pkg_add -i gtar

>Uwe

Kind regards,

Hannah.

Re: Bug in ksh // Improvement for tar ?

[Uwe Dippel]

On Wed, 06 Dec 2006 10:03:11 +0100, Otto Moerbeek wrote:

>> # if [ "-n" == "foo" -o "$demo" == "-e" ]; then
>> > echo bar
>> > fi
>> ksh: [: foo: unexpected operator/operand but still, it doesn't. Even
> 
> Yes it is strange these are not accepted while the expression below is.

> These are all borderline cases. Follow recommended shell programming
> practises to avoid these.

Portability of *existing* software ? These examples are handled properly
(bash-bash) by "just another" shell. I guess, counting arguments is a
good helper, though I haven't looked into the code.

> This is the list of precedence for arithmetic expressions, which are not
> the same as the expressions handled by [ .. ] .

This is what I understand. Where do I find the precedences for relational
operators ? If they are different, by the way. What we see here, is that
OR has a higher precedence than ==. Life is full of surprises, though.

If someone shows that the behaviour of bash in *one of these examples*
clearly violates basic programming and shell practice, I'll shut up
immediately. Okay I shut up in any case w.r.t. this thread.
Thanks to anyone who tried to help out with their respective knowledge !

Uwe

Re: problem with spamd-white table and greylisting

[Marco S Hyman]

peter dunaskin writes:
 > > > My configuration:
 > >You forgot spamlogd
 > I did not, it starts automatically when spamd_grey is enabled in

Oh.   Sorry.  I didn's see it in your ps grep.   I see it with the same
ps grep on my system.

dumbcat[root]# ps aux | grep spamd 
_spamd   14450  0.0  0.1  9040  1376 ??  IsTue12AM1:53.41 spamd: (pf 
 update) (spamd)
_spamd   25485  0.0  0.8  8968  9592 ??  S Tue12AM0:50.54 
/usr/libexec/spamd -g
_spamd   10132  0.0  0.1  8968  1272 ??  I Tue12AM0:00.60 spamd: 
(/var/db/spamd update) (spamd)
_spamd   14234  0.0  0.1   536  1216 ??  SsTue12AM0:09.53 
/usr/libexec/spamlogd
root 11990  0.0  0.0  1008 0 p1  R+ 7:36AM0:00.00 grep spamd 
(ksh)

// marc

VPN stability issues with a Fortigate peer

[Chris Jones]

I'm running the release version or OpenBSD 4.0 on my firewall and
experiencing some odd IPSEC VPN behavior when connecting to a Fortigate
peer. The tunnel will come up just fine but will randomly go down and
then come back up and will continue this cycle. I am running isakmpd
with the -K option and using ipsecctl to establish flows and SA's. This
is what my ipsec.conf looks like:

remote_gw = "10.1.1.1"

flow esp from 192.168.8.1/32 to 192.168.0.0/16 peer $remote_gw type
bypass

ike dynamic esp from 192.168.8.0/24 to 192.168.0.0/16 peer $remote_gw \
aggressive auth hmac-sha1 enc 3des group modp1536 \
quick auth hmac-sha1 enc 3des group modp1536 \
srcid [EMAIL PROTECTED] \
psk sharedsecret

The peer is DPD capable and enabled with the following settings:

retry-count: 3
retry-interval: 5

After running isakmpd in debug mode (isakmpd -d -DA=50 -K) and after
running ipsecctl I issued a continuous ping to one of the hosts at the
other side of the tunnel. The ping ran fine for a period of time and
then stopped. Here is the ouput from the debug:

073059.683292 Cryp 30 crypto_decrypt: after decryption:
073059.686654 Cryp 30 0118 fbbe1146 c43cf921 dc386a4a 0dfc2751
e4cf2a6d 0a34 0001
073059.689438 Cryp 30 0001 0028 01030401 f286fdea 001c
0103 80010001 800204b0
073059.692737 Cryp 30 80040001 80050002 80030005 0414 c5664590
c4700a67 9cec6a71 633ffd8c
073059.695546 Cryp 30 05c4 6214a4ed 31ca88ca 0945b3d6 dd2c44ef
d03b008d 72b5ea00 273d3e0a
073059.698996 Cryp 30 5ec40d98 02c0ebad e3eac805 f87fa1ee 1142e2fd
92aee043 09e84e1c 3788c268
073059.701817 Cryp 30 4fdab8c6 1cbfad15 8123a459 df7a9a3b 66db84c5
59211ec4 90882bfc 2ae61c66
073059.705109 Cryp 30 6d35acdf 585d0b08 c5560cf9 d4a996a7 32a18daa
d3385206 7ce49f52 f5bab82c
073059.707999 Cryp 30 12b6cc01 29fec19b 3f582995 e80637b4 5e99d396
3a3b650b 2d78dd5f 44879af5
073059.711332 Cryp 30 1f8e016d 27c69817 341c6984 52e4f663 175db8ba
c206fb2b 08b9d0df f46705c1
073059.714125 Cryp 30 5a7d0a5a 0510 0400 0a4c0800 ff00
0010 0400 0a4c
073059.717252 Cryp 30   
073059.719573 Mesg 50 message_parse_payloads: offset 28 payload HASH
073059.722425 Mesg 50 message_parse_payloads: offset 52 payload SA
073059.724772 Mesg 50 message_parse_payloads: offset 104 payload NONCE
073059.727806 Mesg 50 message_parse_payloads: offset 124 payload
KEY_EXCH
073059.730126 Mesg 50 message_parse_payloads: offset 320 payload ID
073059.733027 Mesg 50 message_parse_payloads: offset 336 payload ID
073059.735500 Mesg 50 message_parse_payloads: offset 64 payload PROPOSAL
073059.738492 Mesg 50 message_parse_payloads: offset 76 payload
TRANSFORM
073059.740835 Mesg 50 Transform 1's attributes
073059.743665 Mesg 50 Attribute SA_LIFE_TYPE value 1
073059.745973 Mesg 50 Attribute SA_LIFE_DURATION value 1200
073059.749044 Mesg 50 Attribute ENCAPSULATION_MODE value 1
073059.751324 Mesg 50 Attribute AUTHENTICATION_ALGORITHM value 2
073059.754161 Mesg 50 Attribute GROUP_DESCRIPTION value 5
073059.757008 Mesg 40 ipsec_validate_id_information: proto 0 port 0 type
4
073059.761190 Mesg 40 ipsec_validate_id_information: IPv4
network/netmask:
073059.763556 Mesg 40 0a4c0800 ff00 
073059.766532 Mesg 40 ipsec_validate_id_information: proto 0 port 0 type
4
073059.768913 Mesg 40 ipsec_validate_id_information: IPv4
network/netmask:
073059.771838 Mesg 40 0a4c  
073059.774860 Misc 20 ipsec_decode_transform: transform 1 chosen
073059.778019 Cryp 50 crypto_update_iv: updated IV:
073059.780420 Cryp 50 acdf5f44 564c53bf 
073059.783186 Exch 40 exchange_run: exchange 0x8990e000 finished step 1,
advancing...
073059.786754 Cryp 30 crypto_encrypt: before encryption:
073059.789907 Cryp 30 0018 ffd2fd35 9f9703b5 931c4a0e a7a39fd6
38d67537 
073059.792339 Cryp 30 crypto_encrypt: after encryption:
073059.795498 Cryp 30 29a4e78f 474a5a98 2f00dcca b662924e d5de0039
29beb555 
073059.797975 Cryp 50 crypto_update_iv: updated IV:
073059.800865 Cryp 50 d5de0039 29beb555 
073059.804274 Exch 40 exchange_run: exchange 0x8990e000 finished step 2,
advancing...
073102.451676 Exch 10 exchange_finalize: 0x8990e000
IPsec-10.76.8.0/24-10.76.0.0/16 qm-10.76.8.0/24-10.76.0.0/16 policy
initiator phase 2 doi 1 exchange 32 step 3
073102.454201 Exch 10 exchange_finalize: icookie 24ecf40d73ec86fa
rcookie b49a30f91498c9f5
073102.457290 Exch 10 exchange_finalize: msgid 803a2cca sa_list
0x8990e100 
073102.461087 Sdep 40 pf_key_v2_convert_id: UFQDN [EMAIL PROTECTED]
073102.464038 Sdep 40 pf_key_v2_convert_id: IPv4 address
64.254.145.133/32
073102.466674 Sdep 10 pf_key_v2_set_spi: satype 2 dst 64.254.145.133 SPI
0xf286fdea
073102.469698 Timr 10 timer_add_event: event sa_soft_expire(0x8990e100)
added before sa_soft_expire(0x7ec2f900), expiration in 1051s
073102.472224 Timr 10 timer_add_event: event sa_hard_expire(0x8990e100)
added before sa_soft_expire(0x7ec2f900), expiration in 1200s
073102.477810 Sdep 50 pf_key_v2_set_spi: done
073102.480684 Sdep 40 pf_k

Problem with MySQL Using Hardened PHP5

[Chuck Okerstrom]

Hey All,

I am attempting to use the hardened php5 pkg 
(php5-core-5.1.4p1-hardened) set and am seeing weird problems with 
mysql/php. It simply and quietly stops processing a script that performs 
moderately heavy SQL inserts. No error messages, no logs, nothing! Going 
back to the regular (unhardened) set completely solves the problem.


Since there is little to no documentation (that I've been able to find) 
on the mysql to php integration, configuration, or logging that is 
specific to the hardened patch, I'm left with few options in 
troubleshooting the issue. What's frustrating is the lack of messages or 
errors. I know that I have at least some logging in place in that I've 
been able to generate a hphp error in my syslog by exceeding GET 
parameter values, but I'm getting nothing in the logs when the mysql 
problem occurs.


Does anyone have any clues or suggestions on this?

The pkg maintainer has ignored my e-mails, so I'm hoping the list can 
offer some pointers.


Thanx,
Chuck


The following is a synopsis of my system:

OpenBSD 4.0 on amd64 with a custom kernel to support Raidframe.

I'm using the binary packages

PHP5 pkgs used:
---
php5-core-5.1.4p1-hardened
php5-curl-5.1.4-hardened
php5-gd-5.1.4-hardened
php5-mcrypt-5.1.4-hardened
php5-mhash-5.1.4-hardened
php5-mysql-5.1.4-hardened
php5-soap-5.1.4-hardened


hphp specific settings in PHP.ini
-
hphp.log.syslog = S_ALL
hphp.log.syslog.priority = LOG_ALERT
hphp.log.syslog.facility = LOG_USER
hphp.executor.max_depth = 8000
hphp.request.max_vars = 2000
hphp.request.max_varname_length = 64
hphp.request.max_totalname_length = 256
hphp.request.max_array_index_length = 64
hphp.request.max_array_depth = 100
hphp.request.max_value_length = 65000
hphp.request.disallow_nul = 1
hphp.cookie.max_vars = 100
hphp.cookie.max_name_length = 64
hphp.cookie.max_totalname_length = 256
hphp.cookie.max_array_index_length = 64
hphp.cookie.max_array_depth = 100
hphp.cookie.max_value_length = 1
hphp.cookie.disallow_nul = 1
hphp.get.max_vars = 100
hphp.get.max_name_length = 64
hphp.get.max_totalname_length = 256
hphp.get.max_array_index_length = 64
hphp.get.max_array_depth = 50
hphp.get.max_value_length = 512
hphp.get.disallow_nul = 1
hphp.post.max_vars = 600
hphp.post.max_name_length = 64
hphp.post.max_totalname_length = 256
hphp.post.max_array_index_length = 64
hphp.post.max_array_depth = 100
hphp.post.max_value_length = 65000
hphp.post.disallow_nul = 1
hphp.upload.max_uploads = 25
hphp.upload.disallow_elf_files = On

Other
-
Added kern.maxfiles=4096 to /etc/sysctl.conf
Added --open-files-limit=2048 to /etc/mysql.server exec line




--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.409 / Virus Database: 268.15.9/573 - Release Date: 12/5/2006

Re: Processes getting out of hand

[L. V. Lammert]

At 06:40 PM 12/5/2006 -0600, Jesse Gumm wrote:

Conveniently, I had top running, and grabbed this snapshot:

231 processes: 107 running, 113 idle, 4 zombie, 5 dead, 2 on processor
CPU0 states:  2.8% user,  0.0% nice, 97.2% system,  0.0% interrupt,  0.0% idle
CPU1 states:  7.3% user,  0.0% nice, 92.7% system,  0.0% interrupt,  0.0% idle
Memory: Real: 227M/707M act/tot  Free: 2317M  Swap: 0K/2047M used/tot

My question, then is what can I do?


You need to look at network traffic (from another machine) could be a DDOS 
attack.


What are your settings for min/max/spare?

Is there a DB involved? What language are the web pages?

Lee

Re: problem with spamd-white table and greylisting

[Bob Beck]

* peter dunaskin <[EMAIL PROTECTED]> [2006-12-05 20:15]:
>
> I can send all pf.conf or other config files upon demand, but it's
> pretty much the default. spamd.conf is the same as default except that
> I added Bob Beck's blaklist and it doesn't have to do anything with
> greylisting anyway.
> 
> What could be wrong? What have I been missing?
> 

probably a pf rules thing, (not logging port 25 connections, etc.)

turn on debug level syslogging in /etc/syslog.conf 

i.e.

*.debug /var/log/debug

and you should see spamlogd yapping in there for every
inbound and outbound connection, as well as spamd talking about
everything that hits it and everything that it whitelists. 

-Bob

Re: problem with spamd-white table and greylisting

[peter dunaskin]

> > >You forgot spamlogd
> > I did not, it starts automatically when spamd_grey is enabled in
>Oh.   Sorry.  I didn's see it in your ps grep.   I see it with the same
>ps grep on my system.
>
>dumbcat[root]# ps aux | grep spamd 
>_spamd   14450  0.0  0.1  9040  1376 ??  IsTue12AM1:53.41 spamd: (pf 
> update) (spamd)
>_spamd   25485  0.0  0.8  8968  9592 ??  S Tue12AM0:50.54 
>/usr/libexec/spamd -g
>_spamd   10132  0.0  0.1  8968  1272 ??  I Tue12AM0:00.60 spamd: 
>(/var/db/spamd update) (spamd)
>_spamd   14234  0.0  0.1   536  1216 ??  SsTue12AM0:09.53 
>/usr/libexec/spamlogd
>root 11990  0.0  0.0  1008 0 p1  R+ 7:36AM0:00.00 grep spamd 
>(ksh)
Now this is funny, as my spamlogd runs ar root.

# ps aux | grep spam 
_spamd6455  ...  3:20PM 1:23.34 spamd: (pf  update) (spamd)
_spamd   26548  ...  3:20PM 0:05.24 /usr/libexec/spamd -v -g
_spamd   21456  ...  3:20PM 0:00.00 spamd: (/var/db/spamd update) (spamd)
root  6596  ...  3:21PM 0:01.31 /usr/libexec/spamlogd

This is OpenBSD 4.0-stable (GENERIC) with all 4.0 patches applied.

I've just checked on working spamd setup (with greylisting enabled) on
3.9-stable box spamlogd also runs as root.

$ cat /etc/rc | grep "\$OpenBSD"
#   $OpenBSD: rc,v 1.290 2006/09/01 01:18:02 mpf Exp $
$ cat /etc/rc.conf | grep "\$OpenBSD"
#   $OpenBSD: rc.conf,v 1.116 2006/06/02 21:32:50 mcbride Exp $

Though I'm pretty sure that spamlogd doesn't have anything to do with my
my problems, whitelisting outgoing connections is next step to do.

p.

Userland ppp over UDP

[Brian Candler]

On OpenBSD 4.0 release, I'm trying to get up ppp(8) to run over UDP. The
manpage isn't clear about how to set up the server side of this.

I've added to /etc/services:

ppp-in  6669/udp
ppp-in  6669/tcp

And to /etc/inetd.conf:

ppp-in  dgram   udp nowait  root/usr/sbin/ppp ppp -direct ppp-in
ppp-in  stream  tcp nowait  root/usr/sbin/ppp ppp -direct ppp-in

and HUP'd inetd.

/etc/ppp/ppp.conf contains:

ppp-in:
set timeout 0
set ifaddr 10.0.4.1 10.0.4.2

This works for incoming connections over TCP, but not UDP.

I've tried both 'wait' and 'nowait' in inetd.conf. In both cases, when I
send a single UDP packet using nc, I immediately get 4 ppp children started
(which I suspect is limited just by the number of 'tun' devices available)

# ps auxwww | grep ppp
# nc -u 127.0.0.1 6669
foo
?_?foo
^C
# ps auxwww | grep ppp
root  5298  0.0  0.3   660  1468 ??  Ss 4:41PM0:00.02 ppp -direct 
ppp-in
root 10152  0.0  0.3   688  1476 ??  Ss 4:41PM0:00.02 ppp -direct 
ppp-in
root 20206  0.0  0.3   668  1484 ??  Ss 4:41PM0:00.01 ppp -direct 
ppp-in
root 12291  0.0  0.3   532  1460 ??  Ss 4:41PM0:00.01 ppp -direct 
ppp-in
#

The same applies when using ppp itself as the client:

# ps auxwww | grep ppp
# ppp
Working in interactive mode
Warning: iface rm: ioctl(SIOCDIFADDR_IN6, fe80:d::248:::/64): Can't 
assign requested address
Using interface: tun0
Warning: No default entry found in config file.
ppp ON gw> set device localhost:6669/udp
ppp ON gw> set speed sync
ppp ON gw> set log all
ppp ON gw> dial
ppp ON gw>
PPp ON gw> Warning: ff02:d::/32: Change route failed: errno: Network is 
unreachable
ppp ON gw>
PPp ON gw>

[on another screen]
# ps auxwww | grep ppp
root  5683  0.0  0.3   708  1488 ??  Ss 4:43PM0:00.01 ppp -direct 
ppp-in
root 21871  0.0  0.3   624  1480 ??  Ss 4:43PM0:00.02 ppp -direct 
ppp-in
root 23410  0.0  0.3   572  1468 ??  Ss 4:43PM0:00.02 ppp -direct 
ppp-in
root 23090  0.0  0.3   736  1592 p2  S+ 4:43PM0:00.01 ppp

So, something's not right here. Have I just made a simple error, or is there
something other than inetd required to accept incoming PPP-over-UDP
connections?

Regards,

Brian.

Re: vpn difficulties

[Joachim Schipper]

On Tue, Dec 05, 2006 at 07:48:26AM -0600, Ryan Corder wrote:
> On Tue, 2006-12-05 at 12:06 +0900, Mathieu Sauve-Frankel wrote:
> > > now, I got the tunnel setup just fine using just ipsec.conf.  I was just
> > > curios if there was a quick and simple way to to test traffic through
> > > the tunnel since it is just a host to host configuration.
> >
> > I'm curious to know why you don't think ping is a good tool to test
> > this with ? run ping and run tcpdump. if tcpdump shows esp packets
> > well you can assume the tunnel is working. If the tunnel shows icmp
> > packets your tunnel probably doesn't work.
> 
> I never said that ping wasn't a good test...if I could use ping I would.
> However, in the setup where I have two machines, A and B that have
> addresses 192.168.2.5 and 192.168.2.6 respectively and an IPSec tunnel
> setup as so:
> A - ike esp from 192.168.2.5 to 192.168.2.6
> B - ike esp from 192.168.2.6 to 192.168.2.5
> trying to ping the other's address doesn't go out via the enc0
> interface, but the regular bge0 default interface.
> 
> or am I completely wrong on this one?

I presume you are correct, but ping *should* use the enc0 interface.

Joachim

Re: OpenBSD 4.0 CD Set Package List

[Peter N. M. Hansteen]

"Kenneth Bond" <[EMAIL PROTECTED]> writes:

> Is there a published list of the packages that are included on the
> CD Set?  

I was going to say http://www.openbsd.org/4.0_packages/ and click your
platform, but more than likely some packages have been updated since
the release.  It will give you an idea, though, and of course once
you've installed the packages you want from the CD, pkg_add will let
you update the few which have changed.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds

Re: source upgrade to 4.0 - what to check?

[Joachim Schipper]

On Tue, Dec 05, 2006 at 06:16:49PM +0100, Toni Mueller wrote:
> Hello,
> 
> I've managed to get myself into the ugly position of needing to do a
> remote source upgrade from 3.9 to 4.0. Reason: Using RAIDFRAME on an
> architecture I don't have handy over here...
> 
> Do I have to take care about more issues than are covered in FAQ4+5?
> 
> Or even better, can I somehow mount partitions within a RAID type
> partition from a GENERIC kernel (sans having RAID protection in that
> case, with a rebuild after that)?

Depending on whether you are feeling lucky, very familiar with
RAIDframe, and have good backups, there might be a comparatively simple
solution.

On RAID levels other than 0, you can always fail a disk without losing
data. If you are additionally using RAID-1, you could make a non-RAID
copy of your data on the failed component. (The same applies to higher
RAID levels, of course, but your data must fit on only one disk, as you
cannot fail more without risking data loss. Of course, you can compress
them, so if you're lucky you might be able to get a 3-disk RAID-5 system
on only one disk. And you can of course get tricky by distributing those
compressed copies over multiple disks.)

Alternatively, if you have the capacity to make good backups and
tolerate some downtime, just make those backups, wipe and reinstall,
then restore as necessary. If you already have a good backup-and-restore
procedure in place, this shouldn't be too difficult; if not, it might be
somewhat painful (burning stacks of CDs?).

Of course, you can try to do it the hard way, but that might be
difficult. Just how much of the system is on RAID, anyway? Could you get
some non-RAID disk available, possibly via the above technique? Do you
have any other machines available, albeit of a different architecture?

Finally, consider networked filesystems. If you can get GENERIC to boot,
and get NFS (preferably over IPsec, or even SSH) running, or AFS or
whatever you like, you should be in good shape.

Joachim

Re: VPN stability issues with a Fortigate peer

[A . Parazzini]

Hi,
try to disable DPD.
I have a tunnel between OpenBSD 4.0 and Fortigate 300A 3.00MR3
and it doesn't work well with DPD enabled.

Regards,
Andrea.

[EMAIL PROTECTED] wrote: -


To: 
From: "Chris Jones" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
Date: 06/12/2006 04:35PM
Subject: VPN stability issues with a Fortigate peer

I'm running the release version or OpenBSD 4.0 on my firewall and
experiencing some odd IPSEC VPN behavior when connecting to a Fortigate
peer. The tunnel will come up just fine but will randomly go down and
then come back up and will continue this cycle. I am running isakmpd
with the -K option and using ipsecctl to establish flows and SA's. This
is what my ipsec.conf looks like:

remote_gw = "10.1.1.1"

flow esp from 192.168.8.1/32 to 192.168.0.0/16 peer $remote_gw type
bypass

ike dynamic esp from 192.168.8.0/24 to 192.168.0.0/16 peer $remote_gw \
   aggressive auth hmac-sha1 enc 3des group modp1536 \
   quick auth hmac-sha1 enc 3des group modp1536 \
   srcid [EMAIL PROTECTED] \
   psk sharedsecret

The peer is DPD capable and enabled with the following settings:

retry-count: 3
retry-interval: 5

After running isakmpd in debug mode (isakmpd -d -DA=50 -K) and after
running ipsecctl I issued a continuous ping to one of the hosts at the
other side of the tunnel. The ping ran fine for a period of time andthen
stopped. Here is the ouput from the debug:

Is it safe to use group 'users' in /etc/group?

[Stas Myasnikov]

Hello,

is it safe to use group 'users' from /etc/group as the login group for 
the users?  Or it is reserved for some system use?

Re: Is it safe to use group 'users' in /etc/group?

[Bob Beck]

* Stas Myasnikov <[EMAIL PROTECTED]> [2006-12-06 11:57]:
> Hello,
> 
> is it safe to use group 'users' from /etc/group as the login group for 
> the users?  Or it is reserved for some system use?
> 

While I actually believe it is safe on OpenBSD, I never give users
groups from the system groups just because it can be a problem on other
unixes if I start running a shared environment (nfs, yp, etc) 

Best bet for groups, IMO, give each user their own group, same
uid as their id, and start them well above the system area like
OpenBSD's adduser does by default (i.e. it'll start them at 1000)

However, since unfortunately that doesn't scale worth a crap on
really big sites (i.e. tens of thousands of users), you may need to do
what you are suggesting and put them all in one (or a small set of)
groups - in which case make yourself an new one over 1000 again, as
suggested above. 

-Bob

Re: problem with spamd-white table and greylisting

[peter dunaskin]

>> What could be wrong? What have I been missing?
>
>   probably a pf rules thing, (not logging port 25 connections, etc.)

This is content of my pf.conf:
# -
# TABLES AND VARIABLES:
ext_if="rl0"
table  persist
table  persist


# -
# FILTER SETTINGS:
set block-policy drop
set skip on lo0
set loginterface $ext_if
set limit table-entries 25


# -
# PACKET NORMALIZATION:
scrub in  on $ext_if inet all fragment reassemble
scrub out on $ext_if inet all random-id


# -
# NAT/RDR RULES:
# spamd:
rdr inet proto tcp from  to any \
port 25 -> 127.0.0.1 port 8025
rdr inet proto tcp from ! to any \
port 25 -> 127.0.0.1 port 8025


# -
# FILTER RULES:
# default policy:
block log all

# ssh access:
pass  in  on $ext_if inet proto tcp from any to $ext_if port 22 \
flags S/SA keep state

# icmp echo and traceroute:
pass  in  on $ext_if inet proto icmp from any to $ext_if \
icmp-type 8 keep state
pass  in  on $ext_if inet proto udp from any to $ext_if \
port 33435:33524 keep state

# allow outgoing traffic:
pass  out on $ext_if inet proto tcp all flags S/SA keep state
pass  out on $ext_if inet proto { udp, icmp } all keep state

# services:
# mail:
pass  in  log on $ext_if inet proto tcp from any to \
$ext_if port 25 flags S/SA keep state
pass  out log on $ext_if inet proto tcp from $ext_if to \
any port 25 flags S/SA keep state
pass  in  log on $ext_if inet proto tcp from any to \
127.0.0.1 port 8025 flags S/SA keep state
pass  in  on $ext_if inet proto tcp from any to \
$ext_if port { 465, 587, 110, 143, 993, 995 } flags S/SA keep state

# antispoof:
block in  log on $ext_if inet from $ext_if to any
--


>   turn on debug level syslogging in /etc/syslog.conf 
>
>i.e.
>
>*.debug /var/log/debug
>
>   and you should see spamlogd yapping in there for every
>inbound and outbound connection, as well as spamd talking about
>everything that hits it and everything that it whitelists. 
I see messages from spamlogd:
--
Dec  6 20:10:57 sargon spamlogd[26673]: inbound 193.95.195.234 
Dec  6 20:11:03 sargon spamlogd[26673]: inbound 85.74.161.17 
Dec  6 20:11:09 sargon spamlogd[26673]: inbound 201.225.200.146 
Dec  6 20:11:13 sargon spamlogd[26673]: inbound 65.31.67.90 
Dec  6 20:11:15 sargon spamlogd[26673]: inbound 189.13.203.218 
Dec  6 20:11:23 sargon spamlogd[26673]: inbound 196.206.22.130 
--
(no outbound connections as clients can't connect to the SMTP at
the moment)

Or theese from spamd:
--
Dec  6 20:12:00 sargon spamd[8277]: 89.37.50.15: connected (8/5)
Dec  6 20:12:07 sargon spamd[8277]: 195.2.96.10: connected (9/5)
Dec  6 20:12:08 sargon spamd[8277]: (GREY) 193.109.211.175:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Dec  6 20:12:08 sargon spamd[8277]: 193.109.211.175: disconnected after
11 seconds.
Dec  6 20:12:08 sargon spamd[8277]: 193.109.211.175: connected (9/5)
Dec  6 20:12:12 sargon spamd[8277]: (GREY) 89.37.50.15:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Dec  6 20:12:12 sargon spamd[8277]: 89.37.50.15: disconnected after 12
seconds.
--

But that's it. I can see only inbound connections on pflog0 interface as
clients are not able to connect to SMTP at this point:
--
20:18:37.430201 196.218.62.68.2125 > 127.0.0.1.8025: [|tcp] (DF)
20:18:48.992685 201.8.12.152.61364 > 127.0.0.1.8025: [|tcp] (DF)
20:18:49.933507 81.176.68.176.58866 > 127.0.0.1.8025: [|tcp] (DF)
20:18:49.960999 81.153.206.207.1946 > 127.0.0.1.8025: [|tcp] (DF)
20:18:59.710835 62.221.60.166.3082 > 127.0.0.1.8025: [|tcp] (DF)
20:19:01.826604 89.138.60.65.3639 > 127.0.0.1.8025: [|tcp] (DF)
--

And there is tcpdump process listening to SMTP connections:
--
_tcpdump 13159  0.0  0.2   664  1208 ??  S  7:51PM0:00.02
tcpdump -l -n -e -i pflog0 -q -t port 25 and action pass and
tcp[13]&0x12=0x2
root   107  0.0  0.2   668   836 ??  I  7:51PM0:00.01
tcpdump: [priv] (tcpdump)
--

This is how it looks when I'm sending email from other mailserver
that I maintain:
--
Dec  6 20:13:58 vedjma postfix/smtp[27269]: 66C90A15B: host
mail.drosiba.lv[193.109.211.134] said: 451 Temporary failure,
please try again later. (in reply to RCPT TO command)
--

Which is OK, but then again this host never gets whitelisted for real:
--
(on recieving server)
Dec  6 20:13:47 sargon spamd[8277]: 159.148.95.112: connected (13/5)
Dec  6 20:13:58 sargon spamd[8277]: (GREY) 159.148.95.112:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Dec  6 20:13:58 sargon spamd[8277]: 159.148.95.112: disconnected after
11 seconds.
Dec  6 20:15:37 sargon spamd[8277]: 159.148.95.112: connected (12/5)
Dec  6 20:15:48 sargon spamd[8277]: (GREY) 159.148.95.112:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Dec  6

Re: Problem with MySQL Using Hardened PHP5

[Joachim Schipper]

On Wed, Dec 06, 2006 at 09:40:20AM -0500, Chuck Okerstrom wrote:
> Hey All,
> 
> I am attempting to use the hardened php5 pkg 
> (php5-core-5.1.4p1-hardened) set and am seeing weird problems with 
> mysql/php. It simply and quietly stops processing a script that performs 
> moderately heavy SQL inserts. No error messages, no logs, nothing! Going 
> back to the regular (unhardened) set completely solves the problem.
> 
> Since there is little to no documentation (that I've been able to find) 
> on the mysql to php integration, configuration, or logging that is 
> specific to the hardened patch, I'm left with few options in 
> troubleshooting the issue. What's frustrating is the lack of messages or 
> errors. I know that I have at least some logging in place in that I've 
> been able to generate a hphp error in my syslog by exceeding GET 
> parameter values, but I'm getting nothing in the logs when the mysql 
> problem occurs.

There's not enough documentation to be sure of anything, but I'm not
aware of the -hardened line doing strange things with MySQL.

It'd be nice to know exactly what happens. Does the httpd server stop
answering requests? Does it stop running this page? Or is the page in
fact run, but does it never return anything?

> The following is a synopsis of my system:
> 
> OpenBSD 4.0 on amd64 with a custom kernel to support Raidframe.
> 
> I'm using the binary packages
> 
> PHP5 pkgs used:
> ---
> php5-core-5.1.4p1-hardened
> php5-curl-5.1.4-hardened
> php5-gd-5.1.4-hardened
> php5-mcrypt-5.1.4-hardened
> php5-mhash-5.1.4-hardened
> php5-mysql-5.1.4-hardened
> php5-soap-5.1.4-hardened
> 
> 
> hphp specific settings in PHP.ini
> -
> hphp.log.syslog = S_ALL
> hphp.log.syslog.priority = LOG_ALERT
> hphp.log.syslog.facility = LOG_USER

Can apache reach syslog (/var/www/dev/log?)?

> hphp.executor.max_depth = 8000
> hphp.request.max_vars = 2000
> hphp.request.max_varname_length = 64
> hphp.request.max_totalname_length = 256
> hphp.request.max_array_index_length = 64
> hphp.request.max_array_depth = 100
> hphp.request.max_value_length = 65000
> hphp.request.disallow_nul = 1
> hphp.cookie.max_vars = 100
> hphp.cookie.max_name_length = 64
> hphp.cookie.max_totalname_length = 256
> hphp.cookie.max_array_index_length = 64
> hphp.cookie.max_array_depth = 100
> hphp.cookie.max_value_length = 1
> hphp.cookie.disallow_nul = 1
> hphp.get.max_vars = 100
> hphp.get.max_name_length = 64
> hphp.get.max_totalname_length = 256
> hphp.get.max_array_index_length = 64
> hphp.get.max_array_depth = 50
> hphp.get.max_value_length = 512
> hphp.get.disallow_nul = 1
> hphp.post.max_vars = 600
> hphp.post.max_name_length = 64
> hphp.post.max_totalname_length = 256
> hphp.post.max_array_index_length = 64
> hphp.post.max_array_depth = 100
> hphp.post.max_value_length = 65000
> hphp.post.disallow_nul = 1
> hphp.upload.max_uploads = 25
> hphp.upload.disallow_elf_files = On

Does the same thing happen when setting these to the defaults? Not that
PHP should just block, anyway.

> Other
> -
> Added kern.maxfiles=4096 to /etc/sysctl.conf
> Added --open-files-limit=2048 to /etc/mysql.server exec line

By itself, that'll not do too much. You'll want to look at
/etc/login.conf, too. However, this shouldn't 'hang' anything.

Joachim

Re: problem with spamd-white table and greylisting

[peter dunaskin]

>   I don't see anything obvious, other than if you
>have somehow broken your system to pfctl can't add the addreses
>to the table.
>
>try 
>
>pfctl -tspamd-white -Tadd 111.111.111.111 && pfctl -tspamd-white -Tshow
>
>   Do you see the address addeed to the table when you do it
>manually?
I do:
--
# pfctl -tspamd-white -Tadd 111.111.111.111 && pfctl -tspamd-white
-Tshow
1/1 addresses added.
   111.111.111.111
# 
--

p.

Re: fdisk automation scripts? Autopartition?

[Tobias Weingartner]

In article <[EMAIL PROTECTED]>, Michael Dexter wrote:
> 
>  Might anyone have any pointers to sources of fdisk automation scripts
>  for OpenBSD that that can determine the size of a disk and follow a
>  set of partitioning guidelines? Scenario: cookie-cutter systems with
>  different drive sizes. Options like "use the remainder for /usr" are
>  always handy.

[Wrapping lines is handy...]

fdisk -i

What you're looking for is disklabel, and the manpage may help...

-- 
 [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax

Re: source upgrade to 4.0 - what to check?

[Josh Grosse]

On Wed, Dec 06, 2006 at 10:56:37AM +0100, Toni Mueller wrote:
> Hi Josh,
> 
> On Tue, 05.12.2006 at 16:51:07 -0500, Josh Grosse <[EMAIL PROTECTED]> wrote:
> > 1.  build a 4.0 RAIDFrame system locally, in a qemu or vmware virtual
> > machine if necessary, on spare hardware if not.
> 
> qemu could fill the bill if it supported the required target
> architecture, but it doesn't. If I had spare hardware available, then I
> had not asked. ;-}
> 
> But thank you for the qemu idea anyway, I'll probably look further into
> that direction.

Then another option is to do all of the building in a chrooted structure
on the remote platform.  eg: unpack your architecture's -release *tgz file
sets in a directory structure on that system -- unpack and update sources, 
build your custom kernel and system, and then build a release.  All chrooted.

The drawback is you will not be able to test your kernel, since you don't
have a spare platform (or virtual platform) to test with.

You will need to do this in a filesystem that was was mounted without the
nodev option.

Re: fdisk automation scripts? Autopartition?

[Olivier Cherrier]

On Mon, Dec 04, 2006 at 01:55:20PM +0200, [EMAIL PROTECTED] wrote:
> Might anyone have any pointers to sources of fdisk automation scripts for 
> OpenBSD that that can determine the size of a disk and follow a set of 
> partitioning guidelines? Scenario: cookie-cutter systems with different drive 
> sizes. Options like "use the remainder for /usr" are always handy.
 
It seems that you are mixing fdisk(8) and disklabel(8).

-- 
Olivier Cherrier

Re: OpenBSD 4.0 CD Set Package List

[Jeremy Huiskamp]

On 6-Dec-06, at 11:16 AM, Peter N. M. Hansteen wrote:


"Kenneth Bond" <[EMAIL PROTECTED]> writes:


Is there a published list of the packages that are included on the
CD Set?


I was going to say http://www.openbsd.org/4.0_packages/ and click your
platform, but more than likely some packages have been updated since
the release.  It will give you an idea, though, and of course once
you've installed the packages you want from the CD, pkg_add will let
you update the few which have changed.


I think he was more curious about which packages are not present on  
the cd.
Here is the list if i386 packages (I assume that's what you're  
looking for):

ImageMagick-6.2.6.1.tgz
OpenEXR-1.2.2p2.tgz
TRANS.TBL
Xaw3d-1.5p0.tgz
aalib-1.2p0.tgz
abcde-2.3.0.tgz
abiword-2.4.5.tgz
aide-0.10p0.tgz
antiword-0.37.tgz
arts-1.5.4.tgz
aspell-0.50.5p4.tgz
aterm-0.4.2p0.tgz
atk-1.10.3p1.tgz
autobook-1.5.tgz
autoconf-2.59p1.tgz
automake-1.4.6.tgz
automake-1.8.5.tgz
automake-1.9.6p0.tgz
bash-3.1.17.tgz
bison-2.1p0.tgz
blackbox-0.70.1.tgz
bsd-airtools-0.2p2.tgz
bzip2-1.0.3.tgz
cairo-1.0.4p0.tgz
cdparanoia-3.a9.8p0.tgz
cdrtools-2.01.tgz
colorls-3.9.tgz
curl-7.15.4.tgz
cvsup-16.1h.tgz
cvsync-0.24.19.tgz
cyrus-sasl-2.1.21p2.tgz
db-3.1.17p6.tgz
ddd-3.3.11.tgz
digikam-0.8.2.tgz
digikamimageplugins-0.8.2.tgz
dsniff-2.3p2.tgz
dvd+rw-tools-5.21.4.10.8.tgz
emacs-21.4p1.tgz
epic4-2.2.tgz
esound-0.2.34p0.tgz
ettercap-0.6.bp4.tgz
expat-2.0.0.tgz
fetchmail-6.3.4.tgz
flac-1.1.2p1.tgz
freetype-1.3.1p2.tgz
fribidi-0.10.4p0.tgz
gaim-1.5.0p6.tgz
gaim-otr-3.0.0.tgz
gettext-0.14.5p1.tgz
ghostscript-7.05p7.tgz
ghostscript-fonts-6.0p0.tgz
gif2png-2.5.1.tgz
gimp-2.2.12.tgz
glib-1.2.10p1.tgz
glib2-2.10.3.tgz
glitz-0.4.4.tgz
gmake-3.80p1.tgz
gnome-icon-theme-2.10.1.tgz
gnupg-1.4.5.tgz
gphoto-2.1.5.tgz
gqview-2.0.1p2.tgz
gtar-1.15.1p4.tgz
gtk+-1.2.10p4.tgz
gtk+2-2.8.20.tgz
gv-3.5.8p4.tgz
hicolor-icon-theme-0.5p0.tgz
icewm-1.2.26.tgz
id-utils-3.2dp0.tgz
imlib-1.9.14p4.tgz
imlib2-1.1.2p3.tgz
index.txt
ircII-20040820.tgz
irssi-0.8.10p0.tgz
ispell-3.2.06p1.tgz
ispell-french-3.2.06p0.tgz
ispell-spanish-3.2.06p0.tgz
jasper-1.701.0p1.tgz
jbigkit-1.6.tgz
jhead-2.6.tgz
jpeg-6bp3.tgz
kdebase-3.5.4.tgz
kdeedu-3.5.4.tgz
kdegames-3.5.4.tgz
kdelibs-3.5.4.tgz
koffice-1.5.2.tgz
lcms-1.15.tgz
liba52-0.7.4p2.tgz
libao-0.8.5p2.tgz
libao-esd-0.8.5p3.tgz
libart-2.3.17.tgz
libaudiofile-0.2.6p0.tgz
libdnet-1.10p1.tgz
libdvdread-0.9.5p0.tgz
libexif-0.6.13p0.tgz
libgcrypt-1.2.0p1.tgz
libglade2-2.5.1p5.tgz
libgnomecanvas-2.10.2p2.tgz
libgnomeprint-2.10.3p0.tgz
libgnomeprintui-2.10.2p3.tgz
libgpg-error-1.1p0.tgz
libgphoto-2.1.5p1.tgz
libgsf-1.11.1p2.tgz
libiconv-1.9.2p3.tgz
libid3tag-0.15.1bp0.tgz
libidn-0.6.1.tgz
libkexif-0.2.2p0.tgz
libkipi-0.1.4.tgz
libltdl-1.5.22p1.tgz
libmad-0.15.1bp1.tgz
libmng-1.0.9p1.tgz
libnet-1.0.2ap1.tgz
libogg-1.1.3.tgz
libotr-3.0.0.tgz
libpqxx-2.5.3p0.tgz
libslang-1.4.9p3.tgz
libungif-4.1.4.tgz
libusb-0.1.10ap1.tgz
libvorbis-1.1.2p0.tgz
libwmf-0.2.8.3p2.tgz
libxml-2.6.26.tgz
libxslt-1.1.17.tgz
links-0.99.tgz
lyx-1.4.2-qt.tgz
magicpoint-1.11bp5.tgz
mergemaster-1.46p2.tgz
metaauto-0.5.tgz
mod_perl-1.29p0.tgz
mozilla-firefox-1.5.0.5.tgz
mozilla-thunderbird-1.5.0.4.tgz
mp3cddb-0.1.tgz
mp3info-0.8.4.tgz
mpeg_play-2.4.tgz
mpg321-0.2.10p0.tgz
mutt-1.4.2.2i.tgz
mysql-client-5.0.22.tgz
nano-1.2.5.tgz
nedit-5.5.tgz
netpbm-10.26.29.tgz
nmap-4.11-no_x11.tgz
nsd-2.3.5.tgz
ntop-1.1.tgz
ogle-0.9.2p2.tgz
openldap-client-2.3.24.tgz
openldap-server-2.3.24.tgz
openmotif-2.1.30.5p1.tgz
p5-CDDB-1.17.tgz
p5-HTML-Parser-3.54.tgz
p5-HTML-Tagset-3.10.tgz
p5-MP3-Info-1.13p0.tgz
p5-Tk-804.027p0.tgz
pango-1.12.3.tgz
pcre-6.4p1.tgz
pftop-0.5.tgz
pkglocatedb
png-1.2.12.tgz
popt-1.7p0.tgz
postgresql-client-8.1.4.tgz
procmail-3.22p1.tgz
python-2.4.3p0.tgz
python-tools-2.4.3p0.tgz
qcad-1.5.4.tgz
qt3-mt-3.5p6.tgz
rdesktop-1.4.1.tgz
rsync-2.6.8.tgz
ruby-1.8.4p4.tgz
rxvt-2.7.10p0.tgz
samba-3.0.21bp3.tgz
screen-4.0.2.tgz
sdl-1.2.9p1-sun.tgz
silc-client-1.0.2p1.tgz
silc-toolkit-1.0.2p0.tgz
slrn-0.9.8.1p1.tgz
smpeg-0.4.4p2.tgz
snort-2.4.5p0.tgz
speex-1.0.5p0.tgz
sqlite3-3.3.6.tgz
squid-2.5.STABLE13.tgz
startup-notification-0.8p0.tgz
stunnel-4.15p1.tgz
sylpheed-2.2.5p1.tgz
t1lib-5.1.0p0.tgz
tcpblast-1.1.tgz
tcsh-6.14.00p0.tgz
teTeX_base-3.0p3.tgz
teTeX_base-fmt-3.0p0.tgz
teTeX_texmf-3.0p0.tgz
ted-2.17.tgz
texi2html-1.64.tgz
tidy-050921.tgz
tiff-3.8.2p0.tgz
tphdisk-1.0p0.tgz
tpwireless-0.1.tgz
transfig-3.2.4p0.tgz
transproxy-1.4.tgz
unison-2.13.16.tgz
unzip-5.52.tgz
vim-7.0.42-no_x11.tgz
vorbis-tools-1.1.1p0.tgz
wget-1.10.2p0.tgz
windowmaker-0.92.0p2.tgz
windowmaker-extra-0.1p0.tgz
wv2-0.2.3.tgz
xautolock-2.1.tgz
xcdroast-0.98a15p4.tgz
xdaliclock-2.23.tgz
xfig-3.2.4.tgz
xglobe-0.5p23.tgz
xkeycaps-2.46.tgz
xkobo-1.11p0-harder.tgz
xlife-5.3p0.tgz
xmms-1.2.10p7.tgz
xmms-mad-0.8.tgz
xmms-vorbis-1.2.10p5.tgz
xpdf-3.01p1.tgz
xpostit-3.3.1.tgz
zip-2.32.tgz
zsh-4.2.6p0.tgz

I personally find that it's not quite enough for a full desktop  
system so I wait 'til release day and do an internet upgrade but at

Re: problem with spamd-white table and greylisting

[Bob Beck]

> > [private email from bob saying "you've screwed up, show me this"]
>
> [public reply spewing output to list.]


Obviously you still have a configuration problem, but if I contact
you in a private email to sort out your problem because I am willing
to help you, and you then start spewing the answers I ask for back to
the list so 10,000 others have to see your spew in their inbox, don't
expect further help from me. Did you not think there was a reason I
dropped misc@openbsd.org from the cc list? There is enough BS on the
list already without you adding to it. It work here for me, and
bazillions of others who run it. You've done something wrong. RTFM,
and learn some list etiquette before asking for help here again. 

-Bob

links in the OpenBSD FAQs

[Igor Sobrado]

Nice to see that the text and PDF releases of the FAQ have finally
been upgraded to 4.0...

Just a suggestion: would it be possible replacing the links of the
class "...can be found here" (e.g., '1.7 of the OpenBSD FAQ) in
the FAQs to more useful descriptions (e.g., "...can be found on the
OpenBSD's Flavours section of the FAQ" or "...can be found in the
section 5.1 of the FAQ")?

It is a minor trouble on formats that natively support links, but
a major concern on the text version of the FAQs.

Igor.

Re: OpenBSD 4.0 CD Set Package List

[Igor Sobrado]

There are very good reasons to get an original OpenBSD distribution;
packages are only one of these reasons.  As you can see, the list
of packages has been carefully choosed to meet the requirements of
both servers and desktops.  Hope this information will help you taking
the right decision.  The listing for CD1 is the next one:


Dec  6 19:11 2006 packages Page 1


ImageMagick-6.2.6.1.tgz   ispell-3.2.06p1.tgz   p5-HTML-Parser-3.54.tgz
OpenEXR-1.2.2p2.tgz   ispell-french-3.2.06p0.tg  p5-HTML-Tagset-3.10.tgz
TRANS.TBL ispell-spanish-3.2.06p0.t  p5-MP3-Info-1.13p0.tgz
Xaw3d-1.5p0.tgz   jasper-1.701.0p1.tgz  p5-Tk-804.027p0.tgz
aalib-1.2p0.tgz   jbigkit-1.6.tgz   pango-1.12.3.tgz
abcde-2.3.0.tgz   jhead-2.6.tgz pcre-6.4p1.tgz
abiword-2.4.5.tgz jpeg-6bp3.tgz pftop-0.5.tgz
aide-0.10p0.tgz   kdebase-3.5.4.tgz pkglocatedb
antiword-0.37.tgz kdeedu-3.5.4.tgz  png-1.2.12.tgz
arts-1.5.4.tgzkdegames-3.5.4.tgzpopt-1.7p0.tgz
aspell-0.50.5p4.tgz   kdelibs-3.5.4.tgz postgresql-client-8.1.4.t
aterm-0.4.2p0.tgz koffice-1.5.2.tgz procmail-3.22p1.tgz
atk-1.10.3p1.tgz  lcms-1.15.tgz python-2.4.3p0.tgz
autobook-1.5.tgz  liba52-0.7.4p2.tgzpython-tools-2.4.3p0.tgz
autoconf-2.59p1.tgz   libao-0.8.5p2.tgz qcad-1.5.4.tgz
automake-1.4.6.tgzlibao-esd-0.8.5p3.tgz qt3-mt-3.5p6.tgz
automake-1.8.5.tgzlibart-2.3.17.tgz rdesktop-1.4.1.tgz
automake-1.9.6p0.tgz  libaudiofile-0.2.6p0.tgz  rsync-2.6.8.tgz
bash-3.1.17.tgz   libdnet-1.10p1.tgzruby-1.8.4p4.tgz
bison-2.1p0.tgz   libdvdread-0.9.5p0.tgzrxvt-2.7.10p0.tgz
blackbox-0.70.1.tgz   libexif-0.6.13p0.tgz  samba-3.0.21bp3.tgz
bsd-airtools-0.2p2.tgzlibgcrypt-1.2.0p1.tgz screen-4.0.2.tgz
bzip2-1.0.3.tgz   libglade2-2.5.1p5.tgz sdl-1.2.9p1-sun.tgz
cairo-1.0.4p0.tgz libgnomecanvas-2.10.2p2.t  silc-client-1.0.2p1.tgz
cdparanoia-3.a9.8p0.tgz   libgnomeprint-2.10.3p0.tg  silc-toolkit-1.0.2p0.tgz
cdrtools-2.01.tgz libgnomeprintui-2.10.2p3.  slrn-0.9.8.1p1.tgz
colorls-3.9.tgz   libgpg-error-1.1p0.tgzsmpeg-0.4.4p2.tgz
curl-7.15.4.tgz   libgphoto-2.1.5p1.tgz snort-2.4.5p0.tgz
cvsup-16.1h.tgz   libgsf-1.11.1p2.tgz   speex-1.0.5p0.tgz
cvsync-0.24.19.tgzlibiconv-1.9.2p3.tgz  sqlite3-3.3.6.tgz
cyrus-sasl-2.1.21p2.tgz   libid3tag-0.15.1bp0.tgz   squid-2.5.STABLE13.tgz
db-3.1.17p6.tgz   libidn-0.6.1.tgz  startup-notification-0.8p
ddd-3.3.11.tgzlibkexif-0.2.2p0.tgz  stunnel-4.15p1.tgz
digikam-0.8.2.tgz libkipi-0.1.4.tgz sylpheed-2.2.5p1.tgz
digikamimageplugins-0.8.2  libltdl-1.5.22p1.tgz t1lib-5.1.0p0.tgz
dsniff-2.3p2.tgz  libmad-0.15.1bp1.tgz  tcpblast-1.1.tgz
dvd+rw-tools-5.21.4.10.8.  libmng-1.0.9p1.tgz   tcsh-6.14.00p0.tgz
emacs-21.4p1.tgz  libnet-1.0.2ap1.tgz   teTeX_base-3.0p3.tgz
epic4-2.2.tgz libogg-1.1.3.tgz  teTeX_base-fmt-3.0p0.tgz
esound-0.2.34p0.tgz   libotr-3.0.0.tgz  teTeX_texmf-3.0p0.tgz
ettercap-0.6.bp4.tgz  libpqxx-2.5.3p0.tgz   ted-2.17.tgz
expat-2.0.0.tgz   libslang-1.4.9p3.tgz  texi2html-1.64.tgz
fetchmail-6.3.4.tgz   libungif-4.1.4.tgztidy-050921.tgz
flac-1.1.2p1.tgz  libusb-0.1.10ap1.tgz  tiff-3.8.2p0.tgz
freetype-1.3.1p2.tgz  libvorbis-1.1.2p0.tgz tphdisk-1.0p0.tgz
fribidi-0.10.4p0.tgz  libwmf-0.2.8.3p2.tgz  tpwireless-0.1.tgz
gaim-1.5.0p6.tgz  libxml-2.6.26.tgz transfig-3.2.4p0.tgz
gaim-otr-3.0.0.tgzlibxslt-1.1.17.tgztransproxy-1.4.tgz
gettext-0.14.5p1.tgz  links-0.99.tgzunison-2.13.16.tgz
ghostscript-7.05p7.tgzlyx-1.4.2-qt.tgz  unzip-5.52.tgz
ghostscript-fonts-6.0p0.t  magicpoint-1.11bp5.tgzvim-7.0.42-no_x11.tgz
gif2png-2.5.1.tgz mergemaster-1.46p2.tgzvorbis-tools-1.1.1p0.tgz
gimp-2.2.12.tgz   metaauto-0.5.tgz  wget-1.10.2p0.tgz
glib-1.2.10p1.tgz mod_perl-1.29p0.tgz   windowmaker-0.92.0p2.tgz
glib2-2.10.3.tgz  mozilla-firefox-1.5.0.5.t  windowmaker-extra-0.1p0.t
glitz-0.4.4.tgz   mozilla-thunderbird-1.5.0  wv2-0.2.3.tgz
gmake-3.80p1.tgz  mp3cddb-0.1.tgz   xautolock-2.1.tgz
gnome-icon-theme-2.10.1.t  mp3info-0.8.4.tgzxcdroast-0.98a15p4.tgz
gnupg-1.4.5.tgz   mpeg_play-2.4.tgz xdaliclock-2.23.tgz
gphoto-2.1.5.tgz  mpg321-0.2.10p0.tgz   xfig-3.2.4.tgz
gqview-2.0.1p2.tgzmutt-1.4.2.2i.tgz xglobe-0.5p23.tgz
gtar-1.15.1p4.tgz mysql-client-5.0.22.tgz   xkeycaps-2.46.tgz
gtk+-1.2.10p4.tgz nano-1.2.5.tgzxkobo-1.11p0-harder.tgz
gtk+2-2.8.20.tgz  nedit-5.5.tgz xlife-5.3p0.tgz
gv-3.5.8p4.tgznetpbm-10.26.29.tgz   xmms-

Re: fdisk automation scripts? Autopartition?

[Eric Furman]

On Wed, 6 Dec 2006 21:20:12 +0100, "Olivier Cherrier" <[EMAIL PROTECTED]>
said:
> On Mon, Dec 04, 2006 at 01:55:20PM +0200, [EMAIL PROTECTED] wrote:
> > Might anyone have any pointers to sources of fdisk automation scripts for 
> > OpenBSD that that can determine the size of a disk and follow a set of 
> > partitioning guidelines? Scenario: cookie-cutter systems with different 
> > drive sizes. Options like "use the remainder for /usr" are always handy.

better yet, use as much for /usr as you need and leave the rest
unallocated.

4.0 and 4GB ram?

[Cristiano Deana]

Hi,

i have a system (dell 1950) with 4GB ram. OpenBSD (amd64) only detects:
real mem = 3488907264 (3407136K)
avail mem = 2990874624 (2920776K)

bios detects all 4 GB's.
kernel is GENERIC.MP.

Is it possible to use all available memory?

tnx in advance, Cris.

--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/

Re: Is it safe to use group 'users' in /etc/group?

[Nico Meijer]

Hi Stas,

> is it safe to use group 'users' from /etc/group as the login group for 
> the users?  Or it is reserved for some system use?

See the output of `sudo useradd -D` to find the answer to your question.

HTH... Nico

OpenBGPd Looking Glass?

[nachocheeze]

Has anyone as of yet written, or know of, a looking glass script that
can be used with OpenBGPd to act as a looking glass/route server?  I
need to deploy a semi-public looking glass, don't really want to use
zebra/quagga, and don't really have the time (or the programming
chops, I'll admit it) to hack up a script.

Here's the latest info I've been able to find based on one of
Henning's presentations:

"BGPd has a second, restricted, control socket now; I coded that two
weeks ago. It only allows certain messages - namely those behind the
BGPd "show" operations. While running httpd in a chroot environment,
which is default on OpenBSD, a cgi can call the bgpctl binary placed
inside the chroot, passing the path to this restricted socket. Then,
you just need the cgi to call that, and the looking glass is done."

"The cgi... yeah, someone needs to sit down and hack that, but it
should be easy."

restricted socket for pf

[Juan Cazalilla]

Hello,

Is there a similar restricted socket feature for pf as there is for bgpd?

Regards Juan.

Re: ral0: device timeout

[Markus Bergkvist]

According to Sepherosa Ziehau

rt2661's led is not programmed at all in OpenBSD.

Best Regards,
sephe 


So I guess that the LED is always on is ok.

I've done tcpdump(8) on the AP and I get no output from that while the 
client gets time out on the ral0 device, so I don't think the interface 
is flooded. Also, when the client finally gets a network connection 
there is no more time outs.


The problem occurs only after reboot and sometimes after 'ifconfig up'. 
If the device is connected to a network when I put it to sleep, it has 
no problem reconnecting when it wakes up.


What do you mean by 'That would indicate that the error is generated 
internally', firmware issue?


Thanks for the feed back.

/Markus


Bill Maas wrote:

From
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ie2116/install/cables.htm#wp1043436
:

"The bottom LED is the Ethernet activity LED. When it flashes, it
indicates that data is being transmitted or received between the server
and a network device. The flashing frequency is proportional to the
amount of traffic on the network link."

So if the LED stays ON then something might be flooding the interface
with packets [or the interface is trying to send the same packet over
and over again - beyond my knowledge]. Which might as well indicate a
software [config] problem. Did you run tcpdump(8) on that interface? Did
you reboot the device while off the net and was there still a problem?
That would indicate that the error is generated internally. I wouldn't
bet my life on an OS or hardware issue here.

Bill

On Tue, 2006-12-05 at 23:11 +0100, Markus Bergkvist wrote:
I have a RT2600 also on my AP so I guess I have to get my hands on a 
working out-of-the-box AP to verify that it is no hardware problem.


/Markus

Bill Maas wrote:

On 12/4/06, Markus Bergkvist <[EMAIL PROTECTED]> wrote:

Also, the connection light and the transmission light is always on,
regardsless if it is connected to the network or sending/receiving or
not. Only when I take the network interface down the lights go out. If
that means anything to anyone.

Check the other end. I've had a similar problem with sis0 on a Soekris
(both LEDs continuously on), and it turned out to be the Vigor ADSL
modem that was in trouble.

Bill

Re: OpenBGPd Looking Glass?

[Reyk Floeter]

On Wed, Dec 06, 2006 at 02:53:15PM -0600, [EMAIL PROTECTED] wrote:
> Has anyone as of yet written, or know of, a looking glass script that
> can be used with OpenBGPd to act as a looking glass/route server?  I
> need to deploy a semi-public looking glass, don't really want to use
> zebra/quagga, and don't really have the time (or the programming
> chops, I'll admit it) to hack up a script.
> 
> Here's the latest info I've been able to find based on one of
> Henning's presentations:
> 
> "BGPd has a second, restricted, control socket now; I coded that two
> weeks ago. It only allows certain messages - namely those behind the
> BGPd "show" operations. While running httpd in a chroot environment,
> which is default on OpenBSD, a cgi can call the bgpctl binary placed
> inside the chroot, passing the path to this restricted socket. Then,
> you just need the cgi to call that, and the looking glass is done."
> 
> "The cgi... yeah, someone needs to sit down and hack that, but it
> should be easy."
> 

i actually requested the restricted socket when i implemented bgplg.
it may need some more work and i haven't really decided where and how
to release it. anyway, download a working "snapshot" from:

http://team.vantronix.net/~reyk/bgplg.tar.gz

it includes the cgi (bgplg) and a very simple looking glass "cli"
(bgplgsh) for restricted shell access.

cheers,
reyk

Re: Odd issue - in kernel pppoe

[Pierre Lamy]

Just to follow up

I was on the right track and with the help of Claudio and Michael was 
able to significantly improve my transfer speeds, latency and my game works.


My additions to pf.conf are

scrub out on $ext_if no-df random-id max-mss 1452
scrub on !$ext_if no-df random-id max-mss 1452

Though I should note that setting just max-mss 1440 did work.

Thanks guys!

Pierre

Pierre Lamy wrote:
Last night I wanted to try out the kernel pppoe rather than userland 
pppoe, on 4.0 GENERIC/i386.


Took me a few minutes but I was able to setup a stable connection, 
surf the net etc. Many thing worked, but one thing didn't. I play an 
online game called Eve Online, and while using in-kernel pppoe I 
wasn't able to log in. pfctl -s showed an established connection 
bidirectionally, but data transfer wasn't happening. My pf rules 
didn't change except to change my ext_if to the pppoe0 connection. 
Here is what my connections look like when they're up


pppoe0: flags=8851 mtu 1492
  dev: de0 state: session
  sid: 0x1c12 PADI retries: 5 PADR retries: 0 time: 00:22:51
  sppp: phase network authproto pap authname "[EMAIL PROTECTED]"
  groups: pppoe egress
  inet6 fe80::2e0:18ff:fea8:9d3a%pppoe0 ->  prefixlen 64 scopeid 0x7
  inet 216.106.102.33 --> 209.87.255.1 netmask 0x

tun0: flags=8051 mtu 1500
  groups: tun egress
  inet6 fe80::2e0:18ff:fea8:9d3a%tun0 ->  prefixlen 64 scopeid 0x8
  inet 216.106.102.33 --> 209.87.255.1 netmask 0x

The only difference I can spot is the MTU, which would actually be 
1492 on tun0 as well, it just isn't reflected in the ifconfig. The 
rest of my internal network is 1500. Should I try playing with my 
internal MTUs, pf rules or something else? Just looking for ideas on 
things to try. Is it possible that my packets are getting fragged on 
the way out, and the remote end drops them?


What did work:

Web, http, smtp, imap, squid, torrents.

I did not test ftp but might do that tonight. Does the in-kernel pppoe 
mangle packets differently than the userland? Is there some odd 
fragmentation code that is different? Should I set my internal network 
to 1492 to prevent any frags from being generated?


Cheers,

Pierre Lamy

-=-

My relevent pf entries

# macros
int_if = "fxp0"
#ext_if = "pppoe0"
ext_if = "tun0"

# options
set skip on lo
set block-policy return
set loginterface $ext_if

# scrub
scrub in all

nat on $ext_if from $int_if:network to any -> ($ext_if)

#Allow pings
pass in quick inet proto icmp all icmp-type $icmp_types keep state

#Pass packets from my allowed array
pass in from $machines to any keep state
pass in from any to $machines keep state
pass out from any to $machines keep state
pass out from $machines to any keep state

#Allow all outgoing connections
pass out on $ext_if proto tcp all keep state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

And my dmesg

OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 128KB L2 cache) 568 
MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE 


real mem  = 402214912 (392788K)
avail mem = 358699008 (350292K)
using 4256 buffers containing 20213760 bytes (19740K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(aa) BIOS, date 03/03/00, BIOS32 rev. 0 @ 
0xf0520

apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled)
apm0: APM power management enable: unrecognized device ID (9)
apm0: APM engage (device 1): power management disabled (1)
apm0: AC on, battery charge unknown
apm0: flags b0102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xda2
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf0d10/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:04:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mach64 GW" rev 0x7a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp0 at pci0 dev 3 function 0 "Intel 8255x" rev 0x05, i82558: irq 10, 
address 00:e0:18:a8:9d:3a

inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
pcib0 at pci0 dev 4 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 4 function 1 "Intel 82371AB IDE" rev 0x01: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 19546MB, 40031712 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable

cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 4 func

Re: mailgraph on 4.0 [SOLVED:ldconfig path - for archives]

[Craig Skinner]

On Wed, Dec 06, 2006 at 12:19:14PM +, Stuart Henderson wrote:
> Yes it would.
> $ grep -B1 -A8 runtime.link /etc/rc
> 

Should have thought of that, ta.

Re: Fw: slow terminal on macppc

[Simon Fryer]

Hey All,

> A while ago Ben Calvert tapped:

> On Mon, 4 Dec 2006 19:59:00 -0800
> "Bryan Irvine" <[EMAIL PROTECTED]> wrote:
> 

[slow console on imac 333Mhz]

> look at /etc/ttys.  you'll notice the following:
> 
> ttyC0   "/usr/libexec/getty std.9600"   vt220   off  secure
> ttyp0   nonenetwork
> 
> 
> the 9600 is the speed that data gets written to your console ( ttyc0 ).
> Notice that ttyp* (xterms, remote ssh sessions ) have no such
> restriction?

Um, to my knowledge this disagrees with the /etc/ttys on my 3.9 i386 box.

The argument "std.9600" tells getty to set the serial port to 9600 baud,
which is only relavent if you are using a serial console. To my knowledge
there is no *nix (OpenBSD or otherwise) that will throttle a frame buffer
based console in the way described. 

I am ignoring the fact that in the example /etc/ttys, getty on ttyC0 does
not get executed. 

The real reason was given by an earlier message. 

> ignoring interference from other processes, there is no difference in
> how fast the program runs, only in how fast it writes the data to your
> screen.  If the program is waiting for one write to finish before
> commiting the next, it'll be slower, but if you ran the same program
> and redirected the output to a file, you'd see no difference on the
> console or an xterm.
> 
> I can think of several reasons why this is a good thing, but as this
> list is populated by people who are a lot smarter than myself I won't
> postulate as to the actual reason why it was decided to have the
> console be slow.

History. 9600 is a good speed. I don't know anyone who can read at 9600
baud. Screen updates are acceptably quick at 9600 baud. It allows you to
have serial console cables long enough length for most installations.  It 
is slow enough that there is less worry about using high end cable in many 
installations. 9600 baud was a commonly supported speed when enough 
machines started to have serial consoles. The firmware in Suns, DEC gear and
many others wanted to talk 9600 baud by default and it just makes life easy
to keep everything on the console at the same speed. 

Simon

-- 

"Well, an engineer is not concerned with the truth; that is left to 
philosophers and theologians: the prime concern of an engineer is 
the utility of the final product."  
Lectures on the Electrical Properties of Materials, L.Solymar, D.Walsh

Re: VPN stability issues with a Fortigate peer

[Chris Jones]

Looks like DPD might be causing some issues so I have tried disabling it
on the Fortigate peer, however when looking at the debug messages on the
peer I can see that it detects DPD v2 and continues to send DPD
messages. Is there a way to disable DPD using ipsecctl so that the peer
does not detect it?

Incase you are interested the peer is a Fortigate 300A running version
3.00 build 400.

Thanks,
-Chris

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> Sent: December 6, 2006 9:54 AM
> To: Chris Jones
> Cc: misc@openbsd.org
> Subject: Re: VPN stability issues with a Fortigate peer
> 
> Hi,
> try to disable DPD.
> I have a tunnel between OpenBSD 4.0 and Fortigate 300A 
> 3.00MR3 and it doesn't work well with DPD enabled.
> 
> Regards,
> Andrea.
> 
> [EMAIL PROTECTED] wrote: -
> 
> 
> To: 
> From: "Chris Jones" <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> Date: 06/12/2006 04:35PM
> Subject: VPN stability issues with a Fortigate peer
> 
> I'm running the release version or OpenBSD 4.0 on my firewall 
> and experiencing some odd IPSEC VPN behavior when connecting 
> to a Fortigate peer. The tunnel will come up just fine but 
> will randomly go down and then come back up and will continue 
> this cycle. I am running isakmpd with the -K option and using 
> ipsecctl to establish flows and SA's. This is what my 
> ipsec.conf looks like:
> 
> remote_gw = "10.1.1.1"
> 
> flow esp from 192.168.8.1/32 to 192.168.0.0/16 peer 
> $remote_gw type bypass
> 
> ike dynamic esp from 192.168.8.0/24 to 192.168.0.0/16 peer 
> $remote_gw \
>aggressive auth hmac-sha1 enc 3des group modp1536 \
>quick auth hmac-sha1 enc 3des group modp1536 \
>srcid [EMAIL PROTECTED] \
>psk sharedsecret
> 
> The peer is DPD capable and enabled with the following settings:
> 
> retry-count: 3
> retry-interval: 5
> 
> After running isakmpd in debug mode (isakmpd -d -DA=50 -K) 
> and after running ipsecctl I issued a continuous ping to one 
> of the hosts at the other side of the tunnel. The ping ran 
> fine for a period of time andthen stopped. Here is the ouput 
> from the debug:

Re: OpenBGPd Looking Glass?

[Dustin Lundquist]

I've also put one together that runs in apache's chroot although it 
requires a few binaries from the base system: ping, traceroute and a 
static version of bgpctl.

http://null-ptr.net/sw/lg/


Dustin Lundquist


Reyk Floeter wrote:

On Wed, Dec 06, 2006 at 02:53:15PM -0600, [EMAIL PROTECTED] wrote:

Has anyone as of yet written, or know of, a looking glass script that
can be used with OpenBGPd to act as a looking glass/route server?  I
need to deploy a semi-public looking glass, don't really want to use
zebra/quagga, and don't really have the time (or the programming
chops, I'll admit it) to hack up a script.

Here's the latest info I've been able to find based on one of
Henning's presentations:

"BGPd has a second, restricted, control socket now; I coded that two
weeks ago. It only allows certain messages - namely those behind the
BGPd "show" operations. While running httpd in a chroot environment,
which is default on OpenBSD, a cgi can call the bgpctl binary placed
inside the chroot, passing the path to this restricted socket. Then,
you just need the cgi to call that, and the looking glass is done."

"The cgi... yeah, someone needs to sit down and hack that, but it
should be easy."



i actually requested the restricted socket when i implemented bgplg.
it may need some more work and i haven't really decided where and how
to release it. anyway, download a working "snapshot" from:

http://team.vantronix.net/~reyk/bgplg.tar.gz

it includes the cgi (bgplg) and a very simple looking glass "cli"
(bgplgsh) for restricted shell access.

cheers,
reyk

uhci, usb keyboard and mouse

[Scott, Brian]

Hi,
 
I don't know if this is a bug, stupid hardware or my failure to grasp
something important.
 
I'm trying to set up a system image for a classroom using openbsd 4.0.
The machines in use (hp d530c) are happily able to run all flavours of
windows, FreeBSD, and various flavours of linux (with varying degrees of
success, not related to this problem).
 
The systems have usb keyboards and mice.
 
I can install OpenBSD without any problems. The keyboard is running in
the legacy bios mode so everything works fine.
 
When I boot the installed system it hangs while polling USB devices:

OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.80
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem = 1064857600 (1039900K)
avail mem = 963342336 (940764K)
using 4256 buffers containing 53346304 bytes (52096K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(2e) BIOS, date 07/10/03, BIOS32 rev. 0 @
0xeb4e0, SMBIOS rev. 2.3 @ 0xf8dd4 (59 entries)
bios0: Hewlett-Packard HP d530 CMT(DC577AV)
pcibios0 at bios0: rev 2.2 @ 0xeb4e0/0x4b20
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfe520/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev
0x00)
pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0xa600 0xca600/0x2000 0xcc600/0x1800
0xe0c00/0x9a00!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82865G/PE/P CPU-I/0-1" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02: aperture at
0xf000, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered

If I disable uhci* (suggested in some emails I found searching for the
problem) the system boots correctly and the keyboard works (in legacy
mode but who cares). The mouse doesn't work and thus X is unusable.

One email I found suggested unplugging the devices until the system
booted then replugging them. This worked. The relevant part of the dmesg
is:

uhidev0 at uhub1 port 2 configuration 1 interface 0
uhidev0: CHICONY Compaq USB Keyboard, rev 1.10/1.05, addr 2, iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub1 port 2 configuration 1 interface 1
uhidev1: CHICONY Compaq USB Keyboard, rev 1.10/1.05, addr 2, iclass 3/0
uhidev1: 2 report ids
uhid0 at uhidev1 reportid 1: input=5, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=5, output=0, feature=4
uhidev2 at uhub1 port 1 configuration 1 interface 0
uhidev2: Logitech Optical USB Mouse, rev 2.00/3.40, addr 3, iclass 3/1
ums0 at uhidev2: 3 buttons and Z dir.
wsmouse0 at ums0 mux 0

So the problem seems to be device discovery early in the boot process.

Finally, I tried moving the devices to other USB ports on the system.
All of the ports on the rear of the system appear to be tied to uhub1
(which leaves me wondering what uhub0 and uhub2 are for - but that's not
your problem). The front ports appear to be connected to an ehci
controller:

ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: irq 10
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 8 ports with 8 removable, self powered

Everything works correctly if keyboard and mouse are plugged into these
connectors.

So my problems are:
I would like to present my students with a functional X system so I need
mouse support.
A manual procedure (unplug connectors while booting) will create a very
negative view of openBSD. I would prefer to not use it in the classroom
than do that. It would also interfere with multi-booting systems or
other bios changes that need the keyboard prior to operating system
load.
Moving connectors to the front would also be a problem. These conenctors
are normally kept free for adhoc connection of devices by students, so a
manual procedure would be needed.

Are there ways for me to influence the behaviour of uchi (sysctls etc)
or delay detection to later in the boot process?

Thanks for any help,

Brian Scott
**
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sende

Re: OpenBSD 4.0 CD Set Package List

[Andrey Shuvikov]

On 12/6/06, Jeremy Huiskamp <[EMAIL PROTECTED]> wrote:
>
> so I wait 'til release day and do an internet upgrade but at
>
>
What is "release date"? According to OpenBSD web-site
"The current release is OpenBSD 4.0  which was
released Nov 1, 2006."

Or, do i miss something (I could because I'm new to OpenBSD)?

Andrey

Re: OpenBSD 4.0 CD Set Package List

[Greg Thomas]

On 12/6/06, Andrey Shuvikov <[EMAIL PROTECTED]> wrote:

On 12/6/06, Jeremy Huiskamp <[EMAIL PROTECTED]> wrote:
>
> so I wait 'til release day and do an internet upgrade but at
>
>
What is "release date"? According to OpenBSD web-site
"The current release is OpenBSD 4.0  which was
released Nov 1, 2006."

Or, do i miss something (I could because I'm new to OpenBSD)?



He probably pre-ordered, received CDs before 11/1, and waited until
11/1 to get the packages that aren't on CD.

Greg

Re: slow terminal on macppc

[Simon Fryer]

Hey, 

> A while ago Ben Calvert tapped:

> On Thu, 7 Dec 2006 08:14:50 +0900
> Simon Fryer <[EMAIL PROTECTED]> wrote:
> 
> > > A while ago Ben Calvert tapped:
> > 
> > [slow console on imac 333Mhz]
> > 
> > > look at /etc/ttys.  you'll notice the following:
> > > 
> > > ttyC0   "/usr/libexec/getty std.9600"   vt220   off  secure
> > > ttyp0   nonenetwork
> > > 
> > > 
> > > the 9600 is the speed that data gets written to your console
> > > ( ttyc0 ). Notice that ttyp* (xterms, remote ssh sessions ) have no
> > > such restriction?
> > 
> > Um, to my knowledge this disagrees with the /etc/ttys on my 3.9 i386
> > box.
> > 
> > The argument "std.9600" tells getty to set the serial port to 9600
> > baud, which is only relavent if you are using a serial console. 
> 
> Hmm..  so then, what's this line for?
> console "/usr/libexec/getty std.57600"  unknown off secure # for serial

The console device. Not all people have the console as the local frame 
buffer. It seems perfectly possable on OpenBSD i386 at least to have the
console set to a serial port and still log in and run a shell using a
locally connected monitor and keyboard.

The console can be the local frame buffer, or it can be a serial device
depening on platform, configuration and machine. 

/etc/ttys goes back a long way in BSD history. On a number of systems,
having the console not marked as secure will prevent the system from being
booted single user, or at least that was the intent. Having a terminal line
marked as insecure also prevented root from being able to log in. However, in
some situatons, it was desirable to not be able to boot single user, but be
able to log in as root - acheived by having the console set as insecure and
off, while the corresponding serial line is set "on secure". 

> > I am ignoring the fact that in the example /etc/ttys, getty on ttyC0
> > does not get executed. 
> 
> correct - i'm running xdm, so i disable the ttyC0
> 
> > The real reason was given by an earlier message. 
> 
> Well, IANA(obsd)D, and IANTdR, so I'm hesitant to clam that I have
> access to the 'real' reason.
> 
> but let me propose the following experiment:
> 
> run an output intensive task on the console, then run X in wsfb mode,
> and run the same task in an xterm.
> 
> compare the execution times.
> 
> I bet you'll find that running the same app in an xterm -- using the
> same framebuffer -- is much faster than on the console.

Yes. Have done this many times on Sun3 and Sun4 machines... Doing anything
that had a lot of text output on the console often met with some
frustration. 

It is not the same software updating the screen in the xterm and when using 
the local frame buffer to generate text. On some platforms, the method of 
updating the framebuffer for text only is just, slow. 

Simon

-- 

"Well, an engineer is not concerned with the truth; that is left to 
philosophers and theologians: the prime concern of an engineer is 
the utility of the final product."  
Lectures on the Electrical Properties of Materials, L.Solymar, D.Walsh

Re: slow terminal on macppc

[Ben Calvert]

On Thu, 7 Dec 2006 08:14:50 +0900
Simon Fryer <[EMAIL PROTECTED]> wrote:

> Hey All,
> 
> > A while ago Ben Calvert tapped:
> 
> > On Mon, 4 Dec 2006 19:59:00 -0800
> > "Bryan Irvine" <[EMAIL PROTECTED]> wrote:
> > 
> 
> [slow console on imac 333Mhz]
> 
> > look at /etc/ttys.  you'll notice the following:
> > 
> > ttyC0   "/usr/libexec/getty std.9600"   vt220   off  secure
> > ttyp0   nonenetwork
> > 
> > 
> > the 9600 is the speed that data gets written to your console
> > ( ttyc0 ). Notice that ttyp* (xterms, remote ssh sessions ) have no
> > such restriction?
> 
> Um, to my knowledge this disagrees with the /etc/ttys on my 3.9 i386
> box.
> 
> The argument "std.9600" tells getty to set the serial port to 9600
> baud, which is only relavent if you are using a serial console. 

Hmm..  so then, what's this line for?
console "/usr/libexec/getty std.57600"  unknown off secure # for serial

> To my
> knowledge there is no *nix (OpenBSD or otherwise) that will throttle
> a frame buffer based console in the way described. 
> ,

> I am ignoring the fact that in the example /etc/ttys, getty on ttyC0
> does not get executed. 

correct - i'm running xdm, so i disable the ttyC0

> 
> The real reason was given by an earlier message. 

Well, IANA(obsd)D, and IANTdR, so I'm hesitant to clam that I have
access to the 'real' reason.

but let me propose the following experiment:

run an output intensive task on the console, then run X in wsfb mode,
and run the same task in an xterm.

compare the execution times.

I bet you'll find that running the same app in an xterm -- using the
same framebuffer -- is much faster than on the console.

Ben

-
   "The intrepid Spaceman Spiff is stranded on a distant planet!
   ..our hero ruefully acknowledges that this happens fairly
   frequently.."  --- Calvin and Hobbes

Re: links in the OpenBSD FAQs

[Nick Holland]

Igor Sobrado wrote:
> Nice to see that the text and PDF releases of the FAQ have finally
> been upgraded to 4.0...
> 
> Just a suggestion: would it be possible replacing the links of the
> class "...can be found here" (e.g., '1.7 of the OpenBSD FAQ) in
> the FAQs to more useful descriptions (e.g., "...can be found on the
> OpenBSD's Flavours section of the FAQ" or "...can be found in the
> section 5.1 of the FAQ")?
> 
> It is a minor trouble on formats that natively support links, but
> a major concern on the text version of the FAQs.

Sure. Send a diff.
Make it good.

It's much easier to say something should be done better than to do it.

Nick.

Re:

[fujisho]

Return-Path: <[EMAIL PROTECTED]>
Received: from mail.hongo.wide.ad.jp ([unix socket])
 by mail.hongo.wide.ad.jp (Cyrus v2.2.13) with LMTPA;
 Mon, 04 Dec 2006 20:47:15 +0900
X-Sieve: CMU Sieve 2.2
Received: from shear.ucar.edu (shear.ucar.edu [192.43.244.163])
by mail.hongo.wide.ad.jp (Postfix) with ESMTP id 562E8C1B92
for <[EMAIL PROTECTED]>; Mon,  4 Dec 2006 20:47:15 +0900 (JST)
Received: from openbsd.org (localhost.ucar.edu [127.0.0.1])
by shear.ucar.edu (8.13.8/8.13.6) with ESMTP id kB4BgGuL021016;
Mon, 4 Dec 2006 04:42:16 -0700 (MST)
Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3])
by shear.ucar.edu (8.13.8/8.13.6) with ESMTP id kB4BcvJD029776 
(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=FAIL)
for <[EMAIL PROTECTED]>; Mon, 4 Dec 2006 04:38:59 -0700 (MST)
Received: from bay0-omc2-s26.bay0.hotmail.com (bay0-omc2-s26.bay0.hotmail.com 
[65.54.246.162])
by cvs.openbsd.org (8.13.8/8.12.1) with ESMTP id kB4BcuXM002866
for ; Mon, 4 Dec 2006 04:38:57 -0700 (MST)
Received: from BAY131-W1 ([65.55.136.36])
by bay0-omc2-s26.bay0.hotmail.com with Microsoft 
SMTPSVC(6.0.3790.1830); Mon, 4 Dec 2006 03:31:56 -0800
X-Originating-IP: [66.131.116.236]
X-Originating-Email: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
From: Patrick Cummings <[EMAIL PROTECTED]>
To: Tor Houghton <[EMAIL PROTECTED]>
CC: 
Subject: Re: CPU running hot due to (buggy) software
Date: Mon, 4 Dec 2006 06:31:56 -0500
MIME-Version: 1.0
X-OriginalArrivalTime: 04 Dec 2006 11:31:56.0360 (UTC) 
FILETIME=[CD80:01C71797]
X-Converted-To-Plain-Text: from multipart/alternative by demime 1.01d
X-Converted-To-Plain-Text: Alternative section used was text/plain
X-Loop: misc@openbsd.org
Precedence: list
Sender: [EMAIL PROTECTED]

> Date: Mon, 4 Dec 2006 09:52:17 +0100> From: [EMAIL PROTECTED]> To:
misc@openbsd.org> Subject: CPU running hot due to (buggy) software> > Hi,> >
I've got an issue with a machine that runs hot once [a Mailman Python>
process] appears to go into a tight loop and consumes 99% of the CPU for a>
longer amount of time.> > Output from sensorsd shows the temperature over a 15
minute period:> > Nov 11 21:44:02 2006 | temp,25.00 | temp,67.00 | temp,27.00
| > Nov 11 21:45:01 2006 | temp,25.00 | temp,68.00 | temp,27.00 | > Nov 11
21:46:01 2006 | temp,25.00 | temp,74.00 | temp,27.00 | > Nov 11 21:47:01 2006
| temp,25.00 | temp,77.00 | temp,27.00 | > Nov 11 21:48:01 2006 | temp,25.00 |
temp,78.50 | temp,27.00 | > Nov 11 21:49:01 2006 | temp,25.00 | temp,80.50 |
temp,27.00 | > Nov 11 21:50:01 2006 | temp,25.00 | temp,81.00 | temp,27.00 | >
Nov 11 21:51:01 2006 | temp,25.00 | temp,87.00 | temp,27.00 | > Nov 11
21:52:01 2006 | temp,25.00 | temp,87.50 | temp,27.00 | > Nov 11 21:53:01 2006
| temp,25.00 | temp,88.50 | temp,27.00 | > Nov 11 21:54:01 2006 | temp,25.00 |
temp,89.00 | temp,27.00 | > Nov 11 21:55:01 2006 | temp,25.00 | temp,90.50 |
temp,27.00 | > Nov 11 21:57:01 2006 | temp,25.00 | temp,91.00 | temp,27.00 | >
Nov 11 21:58:01 2006 | temp,25.00 | temp,92.00 | temp,27.00 | > Nov 11
21:59:01 2006 | temp,25.00 | temp,92.00 | temp,27.00 | > Nov 11 22:00:01 2006
| temp,25.00 | temp,93.50 | temp,27.00 | > > At this point the CPU halts. I've
tried using CPU throttling in the BIOS (if> CPU hot, 75% idle) to no avail. >
> I will be removing Mailman from the process list in the short term, but in>
order to safeguard against this sort of thing in other code (a friend of> mine
noticed that his socket polling code did almost the same thing to his> Mac
before he rewrote it, for example), is there anything at the OS level I> can
do? Or would I need to write a "cpu hogwatcher" which just takes> "necessary
action"?> > This particular machine is running 3.6/x86.> > Kind regards,> >
Tor>
While I perfectly understand that you said you had a problem with Mailman
that uses too much CPU time, you need to understand that normally the
hardware is built to allow you to use the CPU at 100% for all the time.
According to that and the temperatures you reported, it means you have
a problem that should be fixed on the hardware level. Your machine simply
overheats. You did not tell us a lot about the hardware of this machine.
Is it a tower server or is it a rackmount unit? Is it in a server room where
the air that enters the case might already be too hot? With more details
about your hardware setup, I am sure I can provide you with some tips
about how to enhance the cooling. If I were you I would take the machine
down. 90C+ temps at 100% cpu load is not normal.
_
Soyez parmi les premiers ` essayer Windows Live Mail.
http://ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911
fb2b2e6d

Re: uhci, usb keyboard and mouse

[J.C. Roberts]

On Wednesday 06 December 2006 16:16, Scott, Brian wrote:
>
> The systems have usb keyboards and mice.
>  
> I can install OpenBSD without any problems. The keyboard is running in
> the legacy bios mode so everything works fine.
>  
> When I boot the installed system it hangs while polling USB devices

The tough part is guessing what "legacy" mode in your BIOS really is and 
what it really  means. For example, on an IBM box I have here (netvista 
8315), the "legacy" mode means using the PS2 connectors for the mouse 
and keyboard. Worse yet, you *also* have to find a separate setting on 
another page to enable the PS2 mouse. -I'd guess there are plenty of 
other "definitions" for "legacy" mode so it will vary from vendor to 
vendor and model to model.

The problem you described reminded me of the USB issues reported on the 
apple mini (intel) systems...

http://marc.theaimsgroup.com/?t=11649115574&r=1&w=2

In the above thread, yesterday Theo mentioned some oddness when 
keyboards are being emulated as pckbd devices. 
http://marc.theaimsgroup.com/?l=openbsd-misc&m=116532872018679&w=2

What happens if you disable the "legacy" mode in the CMOS settings?

jcr

Re: OpenBSD 4.0 CD Set Package List

[Jeremy Huiskamp]

On 6-Dec-06, at 8:07 PM, Greg Thomas wrote:


On 12/6/06, Andrey Shuvikov <[EMAIL PROTECTED]> wrote:

On 12/6/06, Jeremy Huiskamp <[EMAIL PROTECTED]> wrote:
>
> so I wait 'til release day and do an internet upgrade but at
>
>
What is "release date"? According to OpenBSD web-site
"The current release is OpenBSD 4.0   
which was

released Nov 1, 2006."

Or, do i miss something (I could because I'm new to OpenBSD)?



He probably pre-ordered, received CDs before 11/1, and waited until
11/1 to get the packages that aren't on CD.

Greg



Yep.  And I'm sure you can build a decent desktop with what's there.   
It's just that when I went from 3.8->3.9, a few packages I'd already  
added via internet couldn't be updated from the cds which resulted in  
some mismatches and problems.  kde's artsd would go into an infinite  
loop and peg the processor.  It was easy to handle but different  
stuff could have caused bigger problems.  But if you start from the  
cds and/or do stuff after the packages go up, as is the case now, you  
wouldn't have this problem.


Jeremy

Re: uhci, usb keyboard and mouse

[Nick Guenther]

On 12/6/06, Scott, Brian <[EMAIL PROTECTED]> wrote:

Hi,

I don't know if this is a bug, stupid hardware or my failure to grasp
something important.

I'm trying to set up a system image for a classroom using openbsd 4.0.
The machines in use (hp d530c) are happily able to run all flavours of
windows, FreeBSD, and various flavours of linux (with varying degrees of
success, not related to this problem).

The systems have usb keyboards and mice.

I can install OpenBSD without any problems. The keyboard is running in
the legacy bios mode so everything works fine.

When I boot the installed system it hangs while polling USB devices:

OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.80
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem = 1064857600 (1039900K)
avail mem = 963342336 (940764K)
using 4256 buffers containing 53346304 bytes (52096K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(2e) BIOS, date 07/10/03, BIOS32 rev. 0 @
0xeb4e0, SMBIOS rev. 2.3 @ 0xf8dd4 (59 entries)
bios0: Hewlett-Packard HP d530 CMT(DC577AV)
pcibios0 at bios0: rev 2.2 @ 0xeb4e0/0x4b20
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfe520/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev
0x00)
pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0xa600 0xca600/0x2000 0xcc600/0x1800
0xe0c00/0x9a00!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82865G/PE/P CPU-I/0-1" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02: aperture at
0xf000, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered

If I disable uhci* (suggested in some emails I found searching for the
problem) the system boots correctly and the keyboard works (in legacy
mode but who cares). The mouse doesn't work and thus X is unusable.

One email I found suggested unplugging the devices until the system
booted then replugging them. This worked. The relevant part of the dmesg
is:

uhidev0 at uhub1 port 2 configuration 1 interface 0
uhidev0: CHICONY Compaq USB Keyboard, rev 1.10/1.05, addr 2, iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub1 port 2 configuration 1 interface 1
uhidev1: CHICONY Compaq USB Keyboard, rev 1.10/1.05, addr 2, iclass 3/0
uhidev1: 2 report ids
uhid0 at uhidev1 reportid 1: input=5, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=5, output=0, feature=4
uhidev2 at uhub1 port 1 configuration 1 interface 0
uhidev2: Logitech Optical USB Mouse, rev 2.00/3.40, addr 3, iclass 3/1
ums0 at uhidev2: 3 buttons and Z dir.
wsmouse0 at ums0 mux 0

So the problem seems to be device discovery early in the boot process.

Finally, I tried moving the devices to other USB ports on the system.
All of the ports on the rear of the system appear to be tied to uhub1
(which leaves me wondering what uhub0 and uhub2 are for - but that's not
your problem). The front ports appear to be connected to an ehci
controller:

ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: irq 10
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 8 ports with 8 removable, self powered

Everything works correctly if keyboard and mouse are plugged into these
connectors.

So my problems are:
I would like to present my students with a functional X system so I need
mouse support.
A manual procedure (unplug connectors while booting) will create a very
negative view of openBSD. I would prefer to not use it in the classroom
than do that. It would also interfere with multi-booting systems or
other bios changes that need the keyboard prior to operating system
load.
Moving connectors to the front would also be a problem. These conenctors
are normally kept free for adhoc connection of devices by students, so a
manual procedure would be needed.

Are there ways for me to influence the behaviour of uchi (sysctls etc)
or delay detection to later in the boot process?



I ran into this issue myself once when using a keyboard and mouse from
GrandTec.com (although then, it was the keyboard that froze and the
mouse was fine; not that I used the mouse, but it didn't freeze). I
assumed it was a bug, a quirk of the interactio

Re: OpenBSD 4.0 CD Set Package List

[Kenny Mann]

Kenneth Bond wrote:

Hello,
I am considering purchasing an OpenBSD 4.0 CD Set. I have been a user 
of OpenBSD
for some time, but have recently moved to a location where my only 
internet connectivity
option is 56K/V.90 dialup. At this point, an FTP install is not an 
option.


Is there a published list of the packages that are included on the CD 
Set?
I am hoping to configure an OpenBSD system that can be used for 
desktop applications,

including multimedia, productivity, email and collaboration, etc.

Please advise.
Thanks for your help.
Ken Bond

What about using ports?
This is how I get behind the barrier of the release date -- I just built 
what I needed from source.

This should also help with bandwidth issue as well.


--Kenny

Re: 4.0 and 4GB ram?

[jared r r spiegel]

On Wed, Dec 06, 2006 at 04:07:16PM +0100, Cristiano Deana wrote:
> Hi,
> 
> i have a system (dell 1950) with 4GB ram. OpenBSD (amd64) only detects:
> real mem = 3488907264 (3407136K)
> avail mem = 2990874624 (2920776K)
> 
> bios detects all 4 GB's.
> kernel is GENERIC.MP.
> 
> Is it possible to use all available memory?
> 
> tnx in advance, Cris.

  http://marc.theaimsgroup.com/?l=openbsd-tech&m=114498992417267&w=2 ?

  was alluded to in the 'prepping for spamd' post i made some
  days ago

-- 

  jared