azalia and macintel mini
Hi. I can't get sound to work under my Mac mini (intel). It looks like the sound chip is detected (audio0 at azalia0) but I cannot get any sound out of this box. Under KDE, the sound mixer is diplayed as disabled. I tried all mixerct/audioctl combinations but can't seem to make it work. - acpi has been enabled with config(8) (msk wouldn't work otherwise). - OpenBSD is the only OS installed (no parallel nore other shitz) This is the fist time I'm having this kind of sound issue under OpenBSD so I don't really know what more info I should give, let me know what kind of details you need. Cheers! Default outputs from freshly started system: $ audioctl -a name=HD-Audio version=1.0 config=azalia0 encodings=slinear_le:16,slinear_le:16,slinear_le:16,slinear_le:16,slinear_le:16,slinear_le:16 properties=full_duplex,independent full_duplex=0 fullduplex=0 blocksize=384 hiwat=170 lowat=127 monitor_gain=0 mode= play.rate=8000 play.channels=1 play.precision=8 play.encoding=mulaw play.gain=25 play.balance=50 play.port=0x0 play.avail_ports=0x0 play.seek=0 play.samples=0 play.eof=0 play.pause=0 play.error=0 play.waiting=0 play.open=0 play.active=0 play.buffer_size=65536 record.rate=8000 record.channels=1 record.precision=8 record.encoding=mulaw record.gain=179 record.balance=57 record.port=0x0 record.avail_ports=0x0 record.seek=0 record.samples=0 record.eof=0 record.pause=0 record.error=0 record.waiting=0 record.open=0 record.active=0 record.buffer_size=65536 record.errors=0 $ mixerctl -a inputs.dac02.mute=off inputs.dac02=126,126 inputs.dac03.mute=off inputs.dac03=126,126 inputs.dac04.mute=off inputs.dac04=126,126 inputs.dac05.mute=off inputs.dac05=126,126 outputs.green0a.dir=output outputs.green0a.boost=on outputs.unknown0b.dir=output outputs.unknown0c.dir=output outputs.unknown0d.dir=output outputs.unknown0d.boost=off outputs.blue0f.dir=input outputs.white10.source=dac08 inputs.sel12.source=unknown0e outputs.sel12=63,63 inputs.sel13.source=unknown15 outputs.sel13=63,63 inputs.beep14=85 outputs.volume16=126 inputs.sel17.sel12.mut=off inputs.sel17.sel12=109,109 inputs.sel18.sel13.mut=off inputs.sel18.sel13=109,109 inputs.usingdac=02030405 record.usingadc=0607 OpenBSD 4.0-current (GENERIC.MP) #1145: Wed Jan 24 20:44:47 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Genuine Intel(R) CPU 1400 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2 real mem = 1040629760 (1016240K) avail mem = 941002752 (918948K) using 4256 buffers containing 52154368 bytes (50932K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 07/29/05, SMBIOS rev. 2.4 @ 0xe73f0 (39 entries) bios0: Apple Computer, Inc. Macmini1,1 pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0xe600! acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpitimer at acpi0 not configured acpimadt0 at acpi0 addr 0xfee0: PC-AT compat LAPIC: acpi_proc_id 0, apic_id 0, flags 0x1 cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166 MHz LAPIC: acpi_proc_id 1, apic_id 1, flags 0x1 cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU 1400 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2 IOAPIC: acpi_ioapic_id 1, address 0xfec0, global_int_base 0x0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: duplicate apic id, remapped to apid 2 OVERRIDE: bus 0, source 0, global_int 2, flags 0 OVERRIDE: bus 0, source 9, global_int 9, flags d apic_type 4 apic_type 4 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus 3 (PCIB) acpiec at acpi0 not configured acpibtn at acpi0 not configured pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03 vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03: aperture at 0x9038, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vendor "Intel", unknown product 0x27a3 (class DASP subclass Time and Frequency, rev 0x03) at pci0 dev 7 function 0 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 int 22 (irq 11) azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Sigmatel STAC9221 (rev. 52.1), HDA version 1.0 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02 pci1 at ppb0 bus 1 mskc0 at pci1 dev 0 function 0 "Marvell Yukon 88E8053" rev 0x22, Yukon-2 EC rev. A3 (0x2): apic 2 int 16 (irq 11) msk0 at mskc0 port A, address 00:16:cb:a7:16:f0 eephy0 at msk0 phy 0: Marvell 88E Gigabit PHY, rev. 2 ppb1 at
Is Theo still hiking ????
Is Theo still hiking, I miss him already...the lack of comic relief. The threads are just simmering, where are the well done threads that Theo can only produce ;) -- ~Allie D.
ACPI dmesg's Trouble with Lenovo core 2 dou Notebook GENERIC-MP
hello misc@ This post is in response to marcos request for ACPI testing I hope the ACPI devlopers See this I have a Lenovo 3000 N100 768DKU notebook it has a core 2 dou cpu the trouble is When I boot bsd.mp -c and enable acpi, after a short bit of messages it drops to a ddb{2}> prompt (I am not able to obtain a dmesg because I don't know how to write it to disk from the ddb{2}> prompt.) The last few lines of the OpenBSD GNERIC-MP w/acpi say: cpu2 at mainbus0: apid 0 (boot processor) cpu2: apic clock running at 166 MHz LAPIC: acpi_proc_id 1, apic_id 1, flags 0x1 cpu3 at mainbus0panic: cpu at apic id 1 already attached? Stopped at Debugger+0x4: leave also as a side note when booting GENERIC w/ acpi my sound device works I can hear faint sound however my volume up/down keys do not function. this is only a minor problem Below are the 3 dmesg's that I could obtain I am including a recent FreeBSD dmesg just for the ACPI devlopers sake: OpenBSD 4.0-current (GENERIC) #1351: Wed Jan 24 20:29:10 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16 real mem = 526544896 (514204K) avail mem = 472207360 (461140K) using 4256 buffers containing 26451968 bytes (25832K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 02/17/09, BIOS32 rev. 0 @ 0xfd610, SMBIOS rev. 2.4 @ 0xdc010 (42 entries) bios0: LENOVO 0768DKU pcibios0 at bios0: rev 2.1 @ 0xfd610/0x9f0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdee0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0xe600! 0xce800/0x1000 0xdc000/0x4000! 0xe/0x1800! acpi at mainbus0 not configured cpu0 at mainbus0 cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a2506000613 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1000 MHz (1004 mV): speeds: 1667, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03 vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03: aperture at 0xd020, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: irq 11 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x11d4 (rev. 5.0), HDA version 1.0 azalia0: codec: 0x04x/0x11c1 (rev. 2.0), HDA version 1.0 azalia0: codec[1]: No support for modem function groups azalia0: codec[1]: No audio function groups audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02 pci2 at ppb1 bus 2 wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: irq 11, address 00:18:de:2c:a8:a3 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: irq 10 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: irq 5 ehci0: timed out waiting for BIOS usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb2 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2 pci3 at ppb2 bus 3 rl0 at pci3 dev 1 function 0 "Realtek 8139" rev 0x10: irq 10, address 00:0f:b0:cc:44:41 rlphy0 at rl0 phy 0: RTL internal PHY cbb0 at pci3 dev 4 function 0 "ENE CB-1410 CardBus" rev 0x01pci_intr_map: no mapping for pin A : couldn't map interrupt "Ricoh 5C832 Firewire" rev 0x00 at pci3 dev 6 function 0 not configured sdhc0 at pci3 dev 6 function 1 "Ricoh 5C822 SD/MMC" rev 0x19: irq 5 sdmmc0 at sdhc0 "Ricoh 5C843" rev 0x01 at pci3 dev 6 function 2 not configured "Ricoh 5C592 Memory Stick" rev 0x0a at pci3 dev 6 function 3 not configured "Ricoh 5C852 xD" rev 0x05 at pci3 dev 6 function 4 not configured ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: P
Re: Friendly registrar
On Jan 19, 2007, at 10:58 AM, Tonnerre LOMBARD wrote: We chose Gandi for controversial web sites (like ffii.org) because they tend not to shut down the delegation whenever they receive a preliminary injunction. For any kind of Open Source movement, this might become crucial in the future... Tonnerre In light of what happened Wednesday, does anyone else have any additional suggestions for non-US registrars that won't yank your delegation just because a major corporation told them to (it seems GoDaddy would rather dump their customers than anger a major corporation)? -- bk
Re: Slow IO on Compaq Smart Array 6
On Friday 26 January 2007 22:17, you wrote: > I've got a new box with the following hardware: > > 2x Intel Xeon 3Ghz > 4 GB RAM > 2x 72GB U320 10K drives > > I've configured the RAID for RAID-0 (i have reasons for this). > During installation, I create a 20GB / and 106?GB/data partition. > > It took about 20 minutes to run newfs on the drives. > > Why? > > I'll post a dmesg once the install is done. Check that you have a BBWC in your box, for some idiotic reason HP ship their machines without BBWC as standard and without that you don't get any write cache, only read cache. That'll inevitably affect performance to some extent. Regards Johan M:son
Re: OpenBSD under Parallels Desktop
The only issues that I have had is that parallels treats all Desktops as one. It is hard to know where the cursor is when I am working with a 40-inch desktop in a 15-inch viewing area! ;) Josh On 1/26/07, Christopher Snell <[EMAIL PROTECTED]> wrote: > > On 1/26/07, Peter Valchev <[EMAIL PROTECTED]> wrote: > > > Indeed, this was caused by the pckbd diff referred to in the other > > email, which was built in the snapshots you tried. As of today's > > snapshot, it includes a newer iteration of this diff, which should > > fix the problem. > > Thanks, Peter. That fixed the problem nicely. I'm now installing > today's snapshot under Parallels on my Mac. I'm absolutely amazed at > how fast OpenBSD runs under this VM. Very exciting! > > Chris > > -- Thx Joshua Gimer
Re: install image to computer
On Fri, 26 Jan 2007 16:07:01 -0600, Damian Wiest wrote > On Fri, Jan 26, 2007 at 03:53:48PM -0500, Steve Shockley wrote: > > smith wrote: > > >Why?: > > > > > >I've received a few new computers that I have to configure. > > > > http://www.openbsd.org/faq/faq4.html#Multiple > > Disk imaging > > Unfortunately, there are no known disk imaging packages which are > FFS-aware and can make an image containing only the active file > space. Most of the major disk imaging solutions will treat an > OpenBSD partition as a "generic" partition, and can make an image of > the whole disk. This often accomplishes your goal, but usually with > huge amounts of wasted space -- an empty, 10G /home partition will > require 10G of space in the image, even if there isn't a single file > in it. While you can typically install a drive image to a larger > drive, you would not be able to directly use the extra space, and > you would not be able to install an image to a smaller drive. > > --- > > I don't believe that section is entirely correct, frisbee includes > both filesystem aware as well as filesystem naive compression > algorithms to be used when creating disk images. Frisbee can also > do installs via multicast and the paper referenced below includes > data showing that install times remain pretty much constant no > matter how many systems are being setup at once. Emulab (emulab.com) > can push images to hundreds of their machines in under two minutes. > > I must admit that I have yet to use frisbee myself. I'm cloning > disks at this very minute, but due to time constraints have had to > use our existing solution (Acronis). We're having problems due to > lack of nic driver support with newer systems, but I expect to be > able to create a BSD boot disc with the needed drivers along with > the frisbee client in the near future. > > Another method that might work for you is to get one machine setup > and then mirror the boot drive. You may then be able to detach a > sub-mirror and move it to a different system. > > -Damian > > [1] http://www.cs.utah.edu/flux/papers/frisbee-usenix03-base.html Sorry guys, I now realise my error by not revealing that I'm imaging windows boxes. I'm not too concerned about the disadvantages or gotchas of imaging. I was just looking for a quick and dirty way of getting that windows image back on to a computer from an ftp server. If I figure out how to get OpenBSD to do what g4u does, then I've found an even simpler solution to this type a problem than g4u.
Re: install image to computer
Damian Wiest wrote: http://www.openbsd.org/faq/faq4.html#Multiple Disk imaging My point was more to use the siteXX.tgz file to deploy the OS plus all modified files.
Re: Kernel PPPoE and DNS servers
On Fri, Jan 26, 2007 at 05:26:47PM -0500, Andrey Shuvikov wrote: > Hi, > > Is there any way to get DNS server addresses from the provider using > in-kernel PPPoE? As far as I understand one can specify "enable dns" > in ppp configuration file to update /etc/resolve.conf . But that's for > userland PPPoE. Does in-kernel PPPoE have similar option? I checked > pppoe(4) and list archives but didn't find anything suitable. > No, in-kernel pppoe does not have this support. Somebody needs to sit down and move the control plane of sppp(4) to userland to make that and a few other nice things work. -- :wq Claudio
Re: Patching OpenBSD 3.0, 3.3, 3.6 for US Daylight Saving Time changes in 2007
Do not upgrade just to get new timezone data. That would be to much work and testing for a little issue. Get up to date tzdata and recompile them using your existing "zic" timezone compiler. You should test it yourself but if you have your source tree on the machines, you can do: cd /usr/src/share/zoneinfo/datfiles cvs up -PAd -rHEAD cd .. make && make install test with: zdump -v /etc/localtime | grep 2007 (that is if /etc/localtime is a soft/hard link to something in /usr/share/zoneinfo) On Thu, Jan 25, 2007 at 04:27:18PM -0500, Christine Siegel wrote: > We have 3 IBM NetVistas, each running a different version of OpenBSD - > one at 3.0, one at 3.3 and one at 3.6. I'm very unfamiliar with the > world of OpenBSD and how you "patch" the OS. How would I go about > updating these various systems to deal with the changes to US Daylight > Saving Time that will occur this year? > > Thanks in advance. > > -- > Christine Siegel -- Hugo Villeneuve <[EMAIL PROTECTED]> http://EINTR.net/
Re: OpenBSD under Parallels Desktop
On 1/26/07, Peter Valchev <[EMAIL PROTECTED]> wrote: Indeed, this was caused by the pckbd diff referred to in the other email, which was built in the snapshots you tried. As of today's snapshot, it includes a newer iteration of this diff, which should fix the problem. Thanks, Peter. That fixed the problem nicely. I'm now installing today's snapshot under Parallels on my Mac. I'm absolutely amazed at how fast OpenBSD runs under this VM. Very exciting! Chris
Kernel PPPoE and DNS servers
Hi, Is there any way to get DNS server addresses from the provider using in-kernel PPPoE? As far as I understand one can specify "enable dns" in ppp configuration file to update /etc/resolve.conf . But that's for userland PPPoE. Does in-kernel PPPoE have similar option? I checked pppoe(4) and list archives but didn't find anything suitable. Thanks, Andrey
Slow IO on Compaq Smart Array 6
I've got a new box with the following hardware: 2x Intel Xeon 3Ghz 4 GB RAM 2x 72GB U320 10K drives I've configured the RAID for RAID-0 (i have reasons for this). During installation, I create a 20GB / and 106?GB/data partition. It took about 20 minutes to run newfs on the drives. Why? I'll post a dmesg once the install is done.
Re: install image to computer
On Fri, Jan 26, 2007 at 03:53:48PM -0500, Steve Shockley wrote: > smith wrote: > >Why?: > > > >I've received a few new computers that I have to configure. > > http://www.openbsd.org/faq/faq4.html#Multiple Disk imaging Unfortunately, there are no known disk imaging packages which are FFS-aware and can make an image containing only the active file space. Most of the major disk imaging solutions will treat an OpenBSD partition as a "generic" partition, and can make an image of the whole disk. This often accomplishes your goal, but usually with huge amounts of wasted space -- an empty, 10G /home partition will require 10G of space in the image, even if there isn't a single file in it. While you can typically install a drive image to a larger drive, you would not be able to directly use the extra space, and you would not be able to install an image to a smaller drive. --- I don't believe that section is entirely correct, frisbee includes both filesystem aware as well as filesystem naive compression algorithms to be used when creating disk images. Frisbee can also do installs via multicast and the paper referenced below includes data showing that install times remain pretty much constant no matter how many systems are being setup at once. Emulab (emulab.com) can push images to hundreds of their machines in under two minutes. I must admit that I have yet to use frisbee myself. I'm cloning disks at this very minute, but due to time constraints have had to use our existing solution (Acronis). We're having problems due to lack of nic driver support with newer systems, but I expect to be able to create a BSD boot disc with the needed drivers along with the frisbee client in the near future. Another method that might work for you is to get one machine setup and then mirror the boot drive. You may then be able to detach a sub-mirror and move it to a different system. -Damian [1] http://www.cs.utah.edu/flux/papers/frisbee-usenix03-base.html
Re: [OpenSSH] an option for setting the login name?
In message <[EMAIL PROTECTED]>, Christian Ruediger Bahls writes: > > to have an -l option for sftp would be really nice > but perhaps one should argument a little bit differently > > your argument would be a lot stronger if it would go like that: Hi Christian! Indeed, you are right. Your argument is certainly stronger, I was looking only at some "symmetry" in the options available on both OpenSSH commands. A very good point. > imagine a user alice who has something like that in her /etc/login.conf > [snip] > whoever:\ > :auth=skey,passwd:\ > :tc=default: > [snap] [...] > ok regularly she would be bitten by: > "scp -r that_very_important_directory me:[EMAIL PROTECTED]:/Backups" > > there she would start to argue that every ssh aware program > should perhaps provide "-l" to the user That is a very good point, agreed. > so i guess if you argue in that direction .. or refer to my post > _and_ provide a patch for easy integration into OpenSSH > we could both have an itch scratched :) I would be glad to refer to your post, but you currently sent it to [EMAIL PROTECTED] I certainly acknowledge that your argument is stronger than mine. Thank you very much for your excellent feedback. I will be glad to test and provide a patch. Now that the OpenSSH source code seems really stable (with only some minor changes and aesthetical patches) I suppose that this patch can be written and submitted without a fear it cannot be cleanly applied if it stays some time on the mailing list. As there is not negative feedback in relation with my proposal, I suppose that writing that patch would be reasonable with only a small chance of being wasted time. I will try to submit a patch very soon. I suppose that copying/pasting the code currently available will be a good idea, I will just look at the source code to know if it can be integrated without a lot of changes. I certainly trust on the way the operating system is being written and prefer using the code currently available as a reference. Thanks again for your feedback on this matter. I really appreciate your post. Cheers, Igor.
Re: NFS export ext2 mounted filesystems
On Fri, 26 Jan 2007, Francois Visconte wrote: > Hello, > > I mount ext2 partitions on a dual boot (OpenBSD/Linux) host > I have expoted /mnt/data over NFS and i can't mount it from another > linux machine. You say you want to mount /mnt/data but the lines below show /mnt/home2. Did you enable portmap and nfs services in rc.conf.local? What error message are you getting on the linux client? What does showmount -e show on the server? -Otto > > On my nfs server (openbsd) > --- /etc/fstab --- > /dev/wd1i /mnt/home2 ext2fs rw,nosuid, 0 0 > > --- /etc/exports --- > /mnt/home2 -alldirs -network 192.168.1.0 -mask 255.255.255.0 > > > I can't manage to mount this export from another linux box and can't find in > exports(5) > any option to make this possible. > > Is there any way to do this ? > > > Cheers, > Frangois
Re: install image to computer
smith wrote: Why?: I've received a few new computers that I have to configure. http://www.openbsd.org/faq/faq4.html#Multiple
Re: OpenBSD under Parallels Desktop
> Has anybody been able to run OpenBSD 4.0 or newer under Parallels > Desktop? Booting the 3.9 media works just fine and I am able to > install the OS. Booting 4.0 (or newer snapshots) media results in a > lock-up of the VM at the (I)nstall/(U)pgrade prompt. I'd post a > dmesg(1) but I'm unable to select text in the VM. I'm running the > latest build (3120) of Parallels Desktop under Mac OS X 10.4.8. > > The next thing to try is an manual upgrade by CVS source to -CURRENT, > I suppose... Indeed, this was caused by the pckbd diff referred to in the other email, which was built in the snapshots you tried. As of today's snapshot, it includes a newer iteration of this diff, which should fix the problem.
set pSerial console
HI Which is right way to set serial console to com0, and boot kernel into boot_config ? set tty com0 sets the output to com0 /b bsd -c boots the kernel in boot_config But how i can to boot in boot_config and output that all to the com0 ? I understand that I can put that all line by line, in /etc/boot.conf, but how to set this at boot ?
Re: ACPI testing needed for PCI routing code.
I have the same problem with this snapshot ! When I try to enable ACPI, i get crash... I use snapshots with date 24. Jan. with this cksums 1015849754 6124766 bsd 679103619 6173847 bsd.mp 2642142771 4992501 bsd.rd 1758654083 5107712 cd40.iso What else information i can to give ?! From which ftp comes new snapshots first ? From ftp.openbsd.org ? OpenBSD 4.0-current (generic) #1352: thu Jan 25 19:44:33 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/generic rtc bios diagnostic error f cpu0: Intel(r) Dcpu 3.40GHz ("GenuIntel" 686-class) 3.41GHz cpu0 fpu,v86,de,pse,,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cnov,pat,pse36,cf lu,sh,ds,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,sbf,sse3,mwait,ds-cpl,est,cnxt-id,cx16 real mem = 1070432256 (1045344k) avail mem = 968232960 (945540k) using 4256 buffers containing 53735424 bytes (52476k) of memory user kernel config ukc> enable acpi 385 acpi0 enabled ukc> quit Continuing... RTC BIOS diagnostic error f mainbus0 (root) bios0 at mainbus0: AT/286+ bios, date 07/11/06, smbios rev. [EMAIL PROTECTED]( 42 entries) bios0: Intel Corporation S3000AHLX pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0x9000 acpi at mainbus0: REV 2panic: malloc allocations too large stopped at debugger+0x4: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb> ddb>trace Debuger(1.2.7.2.1ffb) at debugger+0x4 panic (d067b7bf,0,d08b2c78,0,0) at panic+0x63 malloc(f000eefb,2,1,d0469dd5) at malloc+0x7a acpi_load_table(0,0,f000eef3,d1a23e3c,0) at acpi_load_table+0x25 acpi_loadtables(d1a23e00,e8f81350,1,d08b2de0) at acpi_loadtables+0x161 acpi_attach(d1a22fc0,d1a23e00,0,0) at acpi_attach+0xea config_attach(0,d0731c6c,0,d0776ee0) at config_attach+0xef config_root_found(d069c124,0,d08b2f38,d045ff63) at config_rootfound+0x27 cpu_configure(0,1,3,0,0) at cpu_configure+0x2e main(0,0,0,0,0) at main+0x34e ddb> ddb>ps PID PPID PGRP UID S FLAGS WAIT COMMAND * 0 -1 0 0 7 0x80200 SWAPPER ddb> On Thu, Jan 25, 2007 at 04:12:36PM +0200, [EMAIL PROTECTED] wrote: > Hi > If i boot with bsd, than all works fine, but when I boot with bsd.mp i > get error un the screan, that one error repeats all time. > ichiic0: exec op 1, addr 0x2e, cmdlen 1, len1, flags 0x00: timeout, > status 0x0 > ichiic0: abort failed, status 0x42 > > I understand that this ichiic is Intel ICH SMBus controller. > The Ethernet adapter (PCI) dont work (I can ping localhost, but i can't > ping anything in network). > The Two built in Intel ethernet ports dot work too ! (With bsd kernel > works great !). > > When I add second RAM modul and try to compilling e.g. some port(with > bsd kernel) i get: > uvm_fault(0xd0757440, 0xd200, 0 3) -> e > kernel: page fault trap, code=0 > Stopped at uvm_pagealloc_strat+0x155:movl%eax,0x4(%ecx) > ddb> > > Is there any way to use both cores on CPU, and both RAM moduls ? > Under FreeBSD 6.2 all works fine. > > My system: Intel S3000AH (Version LX) motherboard. Intel server chipset > 3000 (I think, that the SATA controller is a ICH7R (82801GB /82801GR), > but I dont now exatly, and i cant find any information in intel.com ) > CPU Intel dualcore pentium D 3,4GHz/800/2x2MB Socket LGA775, > HDD 2xSamsung Sata2 NCQ > RAM: 2 x 1GB PC5300 DDRII/ECC T667EB1GS MALAB I have updated BIOS, but > that not helps. > I use OpenBSD last snapshot. There is my dmesg with bsd.mp OpenBSD 4.0-current (GENERIC.MP) #1146: Thu Jan 25 20:00:21 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error f cpu0: Intel(R) Pentium(R) D CPU 3.40GHz ("GenuineIntel" 686-class) 3.41 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16 real mem = 1070432256 (1045344K) avail mem = 968175616 (945484K) using 4256 buffers containing 53735424 bytes (52476K) of memory RTC BIOS diagnostic error f mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 07/11/06, SMBIOS rev. 2.4 @ 0x3fe0e000 (42 entries) bios0: Intel Corporation S3000AHLX pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0x9000 acpi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199 MHz mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 4 is type PCI mainbus0: bus 5 is type PCI mainbus0: bus 6 is type ISA ioapic0 at mainbus0: apid 5 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 5 ioapic1 at mainbus0: apid 6 pa 0xfec1, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel E7230 MCH" rev 0x00 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0
Re: install image to computer
On Fri, Jan 26, 2007 at 05:28:29PM +, Stuart Henderson wrote: > On 2007/01/26 07:12, smith wrote: > > Is there a way to install an image file from a server to a computer using a > > cd > > that was burned with OpenBSD's cd40.iso? > > > > put |"dd if=/dev/rwd0c bs=64k" imagefilename > > very similar: > get imagefilename |"dd of=/dev/rwd0c bs=64k" But ... whether this is useful will depend on the architecture, and the Cylinder/Head/Sector translation done by each computer's IDE/ATA drive electronics, and by each computer's BIOS. The worst-case-scenario is older i386 platforms. Smith should see "Geometry Translation" in boot_i386(8).
ldapvacation
Good day, I have a set up with sendmail, openldap, and vacation and that works well but I would like to know how to use ldapvacation. Is there anything you can share on how to make it work? The documentation says that there should be an attribute vacationMsg in the LDAP entry. What should be its type? Do I have to add another schema to OpenLDAP to make this work? If you have any information on how to do this or even better, a link to a how-to for this, please let me know. Thanks very much, Vijay -- Vijay Sankar ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 E-Mail: [EMAIL PROTECTED], Phone: +1 (204) 885 9535
Re: install image to computer
On 2007/01/26 07:12, smith wrote: > Is there a way to install an image file from a server to a computer using a cd > that was burned with OpenBSD's cd40.iso? > > put |"dd if=/dev/rwd0c bs=64k" imagefilename very similar: get imagefilename |"dd of=/dev/rwd0c bs=64k"
NFS export ext2 mounted filesystems
Hello, I mount ext2 partitions on a dual boot (OpenBSD/Linux) host I have expoted /mnt/data over NFS and i can't mount it from another linux machine. On my nfs server (openbsd) --- /etc/fstab --- /dev/wd1i /mnt/home2 ext2fs rw,nosuid, 0 0 --- /etc/exports --- /mnt/home2 -alldirs -network 192.168.1.0 -mask 255.255.255.0 I can't manage to mount this export from another linux box and can't find in exports(5) any option to make this possible. Is there any way to do this ? Cheers, Frangois
Re: OpenBSD under Parallels Desktop
Christopher Snell wrote: Has anybody been able to run OpenBSD 4.0 or newer under Parallels Desktop? Booting the 3.9 media works just fine and I am able to install the OS. Booting 4.0 (or newer snapshots) media results in a lock-up of the VM at the (I)nstall/(U)pgrade prompt. I'd post a dmesg(1) but I'm unable to select text in the VM. I'm running the latest build (3120) of Parallels Desktop under Mac OS X 10.4.8. 4.0 works fine for me. The snap with kernel #1341 works fine for me. Newer snaps do not. It _might_ have something to do with jcs@'s new keyboard code: http://undeadly.org/cgi?action=article&sid=20070112100204 I emailed him a dmesg along with some info about what works and what doesn't. The next thing to try is an manual upgrade by CVS source to -CURRENT, I suppose... If I'm right, that shouldn't help. It'd be a good test to see if it's the installer or the keyboard code in the kernel. -ME
install image to computer
Is there a way to install an image file from a server to a computer using a cd that was burned with OpenBSD's cd40.iso? Details: I created an image of a computer and sent it to an ftp server after booting from a cd that was burned with OpenBSD's cd40.iso. Here is the command I used after logging into the ftp server: put |"dd if=/dev/rwd0c bs=64k" imagefilename Is there a way to put that imagefilename back on a different computer using OpenBSD's cd40.iso cd? Why?: I've received a few new computers that I have to configure. I've mentioned on this list of a setup I've created for doing images using netbootdisk.com, samba, and ghost. Everything boots up okay but Ghost crashes. So I resorted to g4u which is based of netbsd, the os that can supposedly run on any type of computer. Well netbsd didn't like the hard drive on this new computer. It crashed before completing it's boot up. So I resorted to g4l, which is just like g4u but based on linux. It booted up fine but when I went to create an image, it did nothing. So I tried openbsd on a whim and got the image to an ftp server. This is farther the all the other things I tried. I'm not an unix guru and getting the image to the server I figured out by google, but I couldn't find anything on google to retrieve the image.
Re: apache security
Hi, On Fri, 26.01.2007 at 19:17:41 +0800, Lars Hansson <[EMAIL PROTECTED]> wrote: > Toni Mueller wrote: > >To me, this currently comes down to using unique user and group ids for > >individual web site instances, and then chroot each server into their > >respective tree where the requirement for reading other people's data > >is to break out of the chroot first. > > This can be done with the default chroot as long as you dont allow your > users to run any cgi's. this I can't prevent. Or at least, my users want/need this. > Just make each vhosts docroot be owned by the > user and readable by the www group and you're set. > If you're hosting PHP sites you also need to remember to set (and > enforce) open_basedir for the vhosts. Yes, I'm also hosting PHP sites, and PHP4, for that matter (I can't do much about it right now). The "solution" will entail some PHP version that actually obeys the "open_basedir" setting. While I don't have proof that the version shipped in ports don't, I dimly remember a recent incident about just that not always being the case. Best, --Toni++
Re: Inetd rejecting connection from privileged port
On Fri, 26 Jan 2007, Brian Candler wrote: > > They are taking the position that it is upside down to require an > > unprivileged source port. What are the issues? > > The code is here in /usr/src/usr.sbin/inetd/inetd.c: > > if (port < IPPORT_RESERVED || port == NFS_PORT) > goto bad; > > The only reason I can think of is to avoid your host being used as a > reflector to attack services on other hosts. Yes, I believe you're right. Thanks for refreshing my memory. This is a heuristic to stifle such attacks. The only breakage I've seen is that the "timedc(8)" program of another BSD uses a privileged source port for a minor feature (detecting hosts that are whole days off in time). The NetBSD inetd deals with the DoS problem by checking "port" against an array of likely problem source ports. > For example: attacker sends a UDP packet to you on port 37, with spoofed > source IP address and source port 53. Without this check, inetd would send > its response back to the spoofed IP address on port 53, so it looks like you > are trying to attack someone else's DNS server. > > In the case of UDP 'time', the attacker can't control the response you send, > but can predict it. Other services launched from inetd might give the > attacker more direct control over the packet sent, with the most extreme > example being "echo" :-) Yes, two hosts talking UDP to each other's echo datagram ports is probably the archtypical DoS -- of the hosts and any network they're on. Chargen is pretty vicious, too. Doubtless this and other similar attacks also account for the rate-limiting -R switch (and its default) to inetd. > The assumption here of course is that the only services worth attacking are > on ports <1024 or 2049. This still doesn't prevent your box being used as a Quite. NetBSD makes the similar assumption that those are the only "commonly" attacked/attacking services. I notice that in OpenBSD, this policy leads to encouraging honest clients to use unreserved ports, which then can lead to sometimes eliminating the setuid requirement for clients that non-root has a reason to run. So it's a double win. > DoS repeater, but that's a pretty fundamental limitation of simple UDP > request-response exchanges. Ah, for the happy days when people played nice, and an attack consisted of a manually typed password, and an unlisted modem telephone number was a serious security measure, and a source port <1024 meant you probably knew the sender personally. Thanks for your comments! Dave
Re: OpenBSD under Parallels Desktop
Christopher Snell wrote: Hi, Has anybody been able to run OpenBSD 4.0 or newer under Parallels Desktop? Booting the 3.9 media works just fine and I am able to install the OS. Booting 4.0 (or newer snapshots) media results in a lock-up of the VM at the (I)nstall/(U)pgrade prompt. I'd post a dmesg(1) but I'm unable to select text in the VM. I'm running the latest build (3120) of Parallels Desktop under Mac OS X 10.4.8. Running -current on build 3120, under 10.4.8 on a 1.83Ghz Macbook. Never experienced lockup problems. Performance is great. openssl speed blowfish On host os, Mac OS X, 45.3MB/s On guest os, OpenBSD 4.0-current, 62.0MB/s Of course OpenSSL versions are different. OpenBSD version includes asm implementations since 2.6 for pentium and pentium pro archs. I guess OS X version includes them too. Anyway I don't have a plausible reasoning for this dramatical perf difference.
Re: OpenBSD under Parallels Desktop
On 26-Jan-07, at 3:35 AM, Christopher Snell wrote: Hi, Has anybody been able to run OpenBSD 4.0 or newer under Parallels Desktop? Booting the 3.9 media works just fine and I am able to install the OS. Booting 4.0 (or newer snapshots) media results in a lock-up of the VM at the (I)nstall/(U)pgrade prompt. I'd post a dmesg(1) but I'm unable to select text in the VM. I'm running the latest build (3120) of Parallels Desktop under Mac OS X 10.4.8. The next thing to try is an manual upgrade by CVS source to -CURRENT, I suppose... Chris I have 4.0 running right now in the latest stable Parallels (Build 1970) on a Intel iMac dual core. It runs pretty flawlessly. I didn't encounter the situation you describe; have you tried build 1970, just for kicks?
Re: "fib couple" ignored
Hello Stuart, On Fri, 26.01.2007 at 12:36:18 +, Stuart Henderson <[EMAIL PROTECTED]> wrote: > 'bgpctl sh nex' lists *nexthops*, not peers. nexthops are not re- > written unless you 'set nexthop self', they stay as learned from the > e-bgp sessions. OK. I was thoroughly confused and scared, too. > unless you change 'nexthop qualify', it means not reachable by either: > > directly-connected network > static (non-default) route > route learned from a different protocol (ospf/rip) Ok... > but there's a reason these are not default. Understood. > the ibgp announcement with the prefix is _not_ necessarily sent > by the router with the external session, you may be using a route > reflector. Nope, but anyway, your message was very helpful in clearing up some of my confusion! Best, --Toni++
Re: "fib couple" ignored
Hi Claudio, On Fri, 26.01.2007 at 13:30:36 +0100, Claudio Jeker <[EMAIL PROTECTED]> wrote: > You probably need to either add a static route for the router or add a > nexthop qualify via default or nexthop qualify via bgp to your config. > Since 4.0 bgpd will only use nexthops that reachable via static routes or > routes added by other routing daemons like ospfd(8). thank you very much, that solved the eBGP part of it! Seems like I created this situation when I removed the static route to that router when deleting my other superflous static routes... Best, --Toni++
Re: apache security
Lars Hansson wrote: Toni Mueller wrote: To me, this currently comes down to using unique user and group ids for individual web site instances, and then chroot each server into their respective tree where the requirement for reading other people's data is to break out of the chroot first. This can be done with the default chroot as long as you dont allow your users to run any cgi's. Just make each vhosts docroot be owned by the user and readable by the www group and you're set. If you're hosting PHP sites you also need to remember to set (and enforce) open_basedir for the vhosts. --- Lars Hansson We dealt with this another way. We create a separate instance of httpd for every user, and let httpd run under that user. Each instance is on a different port number bound to 127.0.0.1. To tie it all together we use a reverse proxy (pound) and enable virtual hosting in the proxy to redirect vhosts to the right apache instance.
Re: ntpd on -current 8 hours off
Claudio Jeker wrote: > On Fri, Jan 26, 2007 at 09:30:49AM +0100, Stephan A. Rickauer wrote: >> on a current snapshot from last week "ntpd -s" will successfully >> synchronize the clock at once, but 8 hours off the real time. >> 4.0-release and older snapshots behave as expected. Is there some new >> 'feature' I need to learn about? >> >> # uname -a >> OpenBSD arwen.dmz.ini.uzh.ch 4.0 GENERIC#1350 i386 >> >> # grep ntpd /var/log/daemon >> Jan 26 01:12:50 arwen ntpd[18084]: ntp engine ready >> Jan 26 01:14:52 arwen ntpd[30119]: peer 1x0.xx.x.xx now valid >> Jan 26 01:15:41 arwen ntpd[14197]: adjusting local clock by 0.157485s >> Jan 26 01:19:25 arwen ntpd[30119]: clock is now synced >> >> # date >> Fri Jan 26 01:27:33 MST 2007 > ^^^ > > You're in CET not MST change /etc/localtime to point to > /usr/share/zoneinfo/Europe/Zurich and your problem is fixed. > > stupid me, thanks. -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax +41 44 635 30 53 CH-8057 ZurichWeb www.ini.unizh.ch RSA public key: https://www.ini.uzh.ch/~stephan/pubkey.asc ---
Re: "fib couple" ignored
> well, it turns out that the machine can't see their neighbours too > well. The iBGP peer isn't listed, 'bgpctl sh nex' lists *nexthops*, not peers. nexthops are not re- written unless you 'set nexthop self', they stay as learned from the e-bgp sessions. > and the upstream is now marked "invalid" although they can both be > reached via static routes, are up, ... > What does "invalid" in this case mean? unless you change 'nexthop qualify', it means not reachable by either: directly-connected network static (non-default) route route learned from a different protocol (ospf/rip) additional options if you change 'nexthop qualify' are: default route bgp route but there's a reason these are not default. > and the session (in 'bgpctl show') to the iBGP peer was, and is, up > at all times. The iBGP peer is even on the same LAN segment, and the > summary output says that the session to this peer is now up for 2+ > hours (I restarted it this morning, it was well over a week old > before). the path to the ibgp peer is irrelevant, it's the path to the nexthop learned by bgp that's important. the ibgp announcement with the prefix is _not_ necessarily sent by the router with the external session, you may be using a route reflector.
Re: "fib couple" ignored
On Fri, Jan 26, 2007 at 01:11:52PM +0100, Toni Mueller wrote: > Hi, > > On Fri, 26.01.2007 at 11:45:36 +0100, Henning Brauer <[EMAIL PROTECTED]> > wrote: > > IF, and only IF, the nexthops are valid and reachable. > > bgpctl show nexthop > > is your friend. > > well, it turns out that the machine can't see their neighbours too > well. The iBGP peer isn't listed, and the upstream is now marked > "invalid" although they can both be reached via static routes, are up, > and the session (in 'bgpctl show') to the iBGP peer was, and is, up at > all times. The iBGP peer is even on the same LAN segment, and the > summary output says that the session to this peer is now up for 2+ > hours (I restarted it this morning, it was well over a week old > before). > > What does "invalid" in this case mean? I have a multihop session to > that router, and restarting the session, I get all ~204k routes again > from said peer... As per RFC1105 these routes should be deleted from > the routing table, but I can't see that happening either. > > If it makes a difference, I have softreconfig on in both directions and > for all peers to be able to change filter rules on the fly w/o > restarting any sessions (and thus cause route flap). > > You probably need to either add a static route for the router or add a nexthop qualify via default or nexthop qualify via bgp to your config. Since 4.0 bgpd will only use nexthops that reachable via static routes or routes added by other routing daemons like ospfd(8). -- :wq Claudio
Re: "fib couple" ignored (addendum)
Hi, On Fri, 26.01.2007 at 13:11:52 +0100, Toni Mueller <[EMAIL PROTECTED]> wrote: > well. The iBGP peer isn't listed, and the upstream is now marked > "invalid" although they can both be reached via static routes, are up, forgot to mention that the iBGP peer is about the same OpenBSD code (maybe a few days off), and the eBGP peer is some Cisco 7xxx I don't control. Best, --Toni++
Re: "fib couple" ignored
Hi, On Fri, 26.01.2007 at 11:45:36 +0100, Henning Brauer <[EMAIL PROTECTED]> wrote: > IF, and only IF, the nexthops are valid and reachable. > bgpctl show nexthop > is your friend. well, it turns out that the machine can't see their neighbours too well. The iBGP peer isn't listed, and the upstream is now marked "invalid" although they can both be reached via static routes, are up, and the session (in 'bgpctl show') to the iBGP peer was, and is, up at all times. The iBGP peer is even on the same LAN segment, and the summary output says that the session to this peer is now up for 2+ hours (I restarted it this morning, it was well over a week old before). What does "invalid" in this case mean? I have a multihop session to that router, and restarting the session, I get all ~204k routes again from said peer... As per RFC1105 these routes should be deleted from the routing table, but I can't see that happening either. If it makes a difference, I have softreconfig on in both directions and for all peers to be able to change filter rules on the fly w/o restarting any sessions (and thus cause route flap). Best, --Toni++
Re: staticroutes & bgpd
* Frans Haarman <[EMAIL PROTECTED]> [2007-01-26 12:36]: > How does bgpd handle routes it learns which are already a staticroute > in the kernel ? > > We want the staticroute to be used if we do not learn the same route via > bgp. > > Possible somehow ? bgpd never fucks with routes that already are in the routing table. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: staticroutes & bgpd
On 2007/01/26 12:18, Frans Haarman wrote: > How does bgpd handle routes it learns which are already a staticroute > in the kernel ? static routes take priority over dynamically-learned routes (bgp/ospf). > We want the staticroute to be used if we do not learn the same route via > bgp. I am parsing this as: "if we have a static route and receive the same route by bgp, we want to prefer the bgp one". If that's correct, maybe you can arrange that the BGP prefix is longer (e.g. if you have a /24 static, ask the peer to announce 2x /25 and make sure you adjust the filters to permit it)
staticroutes & bgpd
How does bgpd handle routes it learns which are already a staticroute in the kernel ? We want the staticroute to be used if we do not learn the same route via bgp. Possible somehow ? Thanks, Gr. FH
Re: apache security
Toni Mueller wrote: To me, this currently comes down to using unique user and group ids for individual web site instances, and then chroot each server into their respective tree where the requirement for reading other people's data is to break out of the chroot first. This can be done with the default chroot as long as you dont allow your users to run any cgi's. Just make each vhosts docroot be owned by the user and readable by the www group and you're set. If you're hosting PHP sites you also need to remember to set (and enforce) open_basedir for the vhosts. --- Lars Hansson
Re: VPN
Hi, On Tue, 23.01.2007 at 17:14:56 -0500, Jason Dixon <[EMAIL PROTECTED]> wrote: > On Jan 23, 2007, at 4:52 PM, Jean-Daniel Beaubien wrote: > >Simply enter 'SSHSentinel1.3.2.2.exe' in google and you should find > >quite a few links to download it. That version was free, but the > >company stopped releasing it to make more money or something so it's > >not the latest, but it worked very well for me. this version of SSH Sentinel should have a number of glaring security holes (because the 1.4 versions had), and also a number of very desirable features missing, like support for recent crypto algorithms. If you're going to make a VPN, you're probably interested in preventing unauthorized access to it, right? So please consider what it will cost you if that happens, and find a decent VPN client package. > To be historically accurate, SSH Sentinel was purchased by SafeNet. > SafeNet already had their own line of VPN client software > (SoftRemote), so Sentinel was discontinued. Yes. I never understood that decision because the SoftRemote seemed to be much inferior to me at that time. Best, --Toni++
Re: Patching OpenBSD 3.0, 3.3, 3.6 for US Daylight Saving Time changes in 2007
On Thu, Jan 25, 2007 at 04:27:18PM -0500, Christine Siegel wrote: > We have 3 IBM NetVistas, each running a different version of OpenBSD - > one at 3.0, one at 3.3 and one at 3.6. I'm very unfamiliar with the > world of OpenBSD and how you "patch" the OS. How would I go about > updating these various systems to deal with the changes to US Daylight > Saving Time that will occur this year? Well, as pointed out, the proper solution is to just upgrade to 4.0. The alternative is to take a good look at /usr/src/share/zoneinfo/datfiles; CVS has both the old and the new version, so you could try that - /usr/src/share/zoneinfo and contents is probably enough. Joachim
Re: "fib couple" ignored
* Toni Mueller <[EMAIL PROTECTED]> [2007-01-26 11:26]: > today I stumble across a very strange problem. I have a session with > a peer who offers me ~204k prefixes. So far, so good. I usually import > them into the kernel's routing table by saying 'bgpctl fib couple', but > I also have this in my bgpd.conf: > > fib-update yes > log updates > > So, in theory, my kernel routing table should also show those ~204k > routes + static/ospf/... ones. IF, and only IF, the nexthops are valid and reachable. bgpctl show nexthop is your friend. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: ntpd on -current 8 hours off
* Stephan A. Rickauer <[EMAIL PROTECTED]> [2007-01-26 09:43]: > on a current snapshot from last week "ntpd -s" will successfully > synchronize the clock at once, but 8 hours off the real time. > # date > Fri Jan 26 01:27:33 MST 2007 last time I checked switzerland was in MEZ, not MST :) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: apache security
Hi, On Tue, 23.01.2007 at 21:45:14 +0100, Joachim Schipper <[EMAIL PROTECTED]> wrote: > On Tue, Jan 23, 2007 at 05:44:38PM +0100, Almir Karic wrote: > > what i would like to achieve is that on a shared host if bad guys (tm) > > break into one site they can't get to other sites. > > > > is this possible? i've been looking at su-exec but it is for cgi > > scripts only :/, what other options there are? > > > > AFAIK chroot is not the correct answer to my question as it protects > > the rest of the system from being exploited if one of the sites gets > > cracked but it can't protect one site from another... > > The simple solution is to not allow the web server to write anywhere but > /tmp. imho this is not really effective. You may also want to prevent one site from reading the other's site passwords for their databases etc. and then going after their "backend data", so to say, or to steal passwords for logging in via their front page, eg into an "admin area". To me, this currently comes down to using unique user and group ids for individual web site instances, and then chroot each server into their respective tree where the requirement for reading other people's data is to break out of the chroot first. But thanks for the pointer to sysjail, I'll surely be looking at it RSN. :-) Best, --Toni++
Re: mount_ffs: /dev/wd0a on /mnt: Invalid argument ??
Hi Tom, Thanks a lot for taking the time to help me out here :-) On Thu, 2007-01-25 at 16:00 +, Tom Cosgrove wrote: > >>> Jules Colding 25-Jan-07 13:27 >>> > > > > On Thu, 2007-01-25 at 14:04 +0100, Jules Colding wrote: > > > Hi, > > > > > > I'm trying to install OpenBSD 4.0 on a Soekris net4801 but I just > > > can't complete the install. I'm stalled when the install attempts to > > > write the new partitions to the disk. It fails with: > > > > > > "mount_ffs: /dev/wd0a on /mnt: Invalid argument" > > You need to run newfs /dev/wd0a (optionally with -q, which stops it > printing the block numbers of superblock backups). Should I do that manually before restarting the install? > It's possible to get in this sort of position by breaking out during > the install and then giving a specific set of answers to the questions > you get when you start the install again. Alternatively, this can > happen if you try to install things "by hand". I didn't. I booted bsd.rd using PXE and then answered that I wnated to install. You can see the procedure here: http://www.ultradesic.com/index.php?section=45 > Since you don't show > the whole install log, it's hard to know what's actually gone wrong. I did actually paste everything that was on my terminal on my first post to misc. You can see the original post here: http://article.gmane.org/gmane.os.openbsd.misc/117261 Is there a more detailed install log somewhere on the system? > However, if you start again, say yes to "use the whole disk for > openbsd", re-partition in disklabel, then you should be good to go. I also said yes to "use the whole disk for openbsd". Thanks, jules
"fib couple" ignored
Hi, today I stumble across a very strange problem. I have a session with a peer who offers me ~204k prefixes. So far, so good. I usually import them into the kernel's routing table by saying 'bgpctl fib couple', but I also have this in my bgpd.conf: fib-update yes log updates So, in theory, my kernel routing table should also show those ~204k routes + static/ospf/... ones. In the syslog, I can read messages like this when manually saying, in a sequence, $ bgpctl fib decouple $ bgpctl fib couple Jan 26 11:06:20 hostname bgpd[23677]: kernel routing table decoupled Jan 26 11:06:33 hostname bgpd[23677]: kernel routing table coupled But nothing happens to the kernel's routing table. If I say $ bgpctl fib couple two times in a row, only the first one creates such a message in the syslog. The reason why I started playing with this is that out of a sudden, the routing table was decoupled (after working for well over a week), and all announcments to at least my internal peers stopped while I didn't do anything with this box (only fiddled with filters on an internal peer). I checked for communities in bgpd's rib, but nothing. The rib looks fine to me, and ospfd still continues to do it's job on the same box. What I did, though, was working with some static routes that might overlap with some routes inside the BGP rib, in an attempt to go from OSPF announced routes to BGP announced ones. This is on 4.0-stable as of Dec. 18th 2006 on i386. What gives? Best, --Toni++
Re: ntpd on -current 8 hours off
Stephan A. Rickauer wrote: on a current snapshot from last week "ntpd -s" will successfully synchronize the clock at once, but 8 hours off the real time. 4.0-release and older snapshots behave as expected. Is there some new 'feature' I need to learn about? # uname -a OpenBSD arwen.dmz.ini.uzh.ch 4.0 GENERIC#1350 i386 # grep ntpd /var/log/daemon Jan 26 01:12:50 arwen ntpd[18084]: ntp engine ready Jan 26 01:14:52 arwen ntpd[30119]: peer 1x0.xx.x.xx now valid Jan 26 01:15:41 arwen ntpd[14197]: adjusting local clock by 0.157485s Jan 26 01:19:25 arwen ntpd[30119]: clock is now synced # date Fri Jan 26 01:27:33 MST 2007 (on other synchronized machines and on my wrist the time is 09:27:33) Thanks, Hi MST is Mountain Standard Time which would probably explain the time difference, as it is 8 hours behind CET. Change your /etc/localtime to point to the correct timezone in /usr/local/share/zoneinfo/ HTH Fred -- http://www.crowsons.net/puters/zaurus.php
Re: ntpd on -current 8 hours off
On Fri, Jan 26, 2007 at 09:30:49AM +0100, Stephan A. Rickauer wrote: > on a current snapshot from last week "ntpd -s" will successfully > synchronize the clock at once, but 8 hours off the real time. > 4.0-release and older snapshots behave as expected. Is there some new > 'feature' I need to learn about? > > # uname -a > OpenBSD arwen.dmz.ini.uzh.ch 4.0 GENERIC#1350 i386 > > # grep ntpd /var/log/daemon > Jan 26 01:12:50 arwen ntpd[18084]: ntp engine ready > Jan 26 01:14:52 arwen ntpd[30119]: peer 1x0.xx.x.xx now valid > Jan 26 01:15:41 arwen ntpd[14197]: adjusting local clock by 0.157485s > Jan 26 01:19:25 arwen ntpd[30119]: clock is now synced > > # date > Fri Jan 26 01:27:33 MST 2007 ^^^ You're in CET not MST change /etc/localtime to point to /usr/share/zoneinfo/Europe/Zurich and your problem is fixed. -- :wq Claudio
Re: Inetd rejecting connection from privileged port
> They are taking the position that it is upside down to require an > unprivileged source port. What are the issues? The code is here in /usr/src/usr.sbin/inetd/inetd.c: if (port < IPPORT_RESERVED || port == NFS_PORT) goto bad; The only reason I can think of is to avoid your host being used as a reflector to attack services on other hosts. For example: attacker sends a UDP packet to you on port 37, with spoofed source IP address and source port 53. Without this check, inetd would send its response back to the spoofed IP address on port 53, so it looks like you are trying to attack someone else's DNS server. In the case of UDP 'time', the attacker can't control the response you send, but can predict it. Other services launched from inetd might give the attacker more direct control over the packet sent, with the most extreme example being "echo" :-) The assumption here of course is that the only services worth attacking are on ports <1024 or 2049. This still doesn't prevent your box being used as a DoS repeater, but that's a pretty fundamental limitation of simple UDP request-response exchanges. Regards, Brian.
Re: finding out physical memory size after boot ?
thanks .. *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ - Original Message From: Paul de Weerd <[EMAIL PROTECTED]> To: S t i n g r a y <[EMAIL PROTECTED]> Cc: openbsd Sent: Friday, January 26, 2007 11:58:55 AM Subject: Re: finding out physical memory size after boot ? On Thu, Jan 25, 2007 at 07:10:00PM -0800, S t i n g r a y wrote: | How can i find out the size of physical memory after boot, my system | has 512MB ram & this is what dmesg shows , but top commands reviles | otherwise | | | load averages: 0.26, 0.35, 0.30 21:15:47 | 49 processes: 48 idle, 1 on processor | CPU states: 2.0% user, 0.0% nice, 1.1% system, 4.2% interrupt, 92.7% idle | Memory: Real: 300M/359M act/tot Free: 137M Swap: 0K/800M used/tot | | gets me confused. Try `sysctl hw.physmem` or `grep ^real\ mem /var/run/dmesg.boot`. Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/ Sucker-punch spam with award-winning protection. Try the free Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/features_spam.html
Re: ntpd on -current 8 hours off
On Fri, Jan 26, 2007 at 09:30:49AM +0100, Stephan A. Rickauer wrote: > on a current snapshot from last week "ntpd -s" will successfully > synchronize the clock at once, but 8 hours off the real time. > 4.0-release and older snapshots behave as expected. Is there some new > 'feature' I need to learn about? seems more like your TZ is off after upgrade perhaps to US timezone. a+ scorch
OpenBSD under Parallels Desktop
Hi, Has anybody been able to run OpenBSD 4.0 or newer under Parallels Desktop? Booting the 3.9 media works just fine and I am able to install the OS. Booting 4.0 (or newer snapshots) media results in a lock-up of the VM at the (I)nstall/(U)pgrade prompt. I'd post a dmesg(1) but I'm unable to select text in the VM. I'm running the latest build (3120) of Parallels Desktop under Mac OS X 10.4.8. The next thing to try is an manual upgrade by CVS source to -CURRENT, I suppose... Chris
ntpd on -current 8 hours off
on a current snapshot from last week "ntpd -s" will successfully synchronize the clock at once, but 8 hours off the real time. 4.0-release and older snapshots behave as expected. Is there some new 'feature' I need to learn about? # uname -a OpenBSD arwen.dmz.ini.uzh.ch 4.0 GENERIC#1350 i386 # grep ntpd /var/log/daemon Jan 26 01:12:50 arwen ntpd[18084]: ntp engine ready Jan 26 01:14:52 arwen ntpd[30119]: peer 1x0.xx.x.xx now valid Jan 26 01:15:41 arwen ntpd[14197]: adjusting local clock by 0.157485s Jan 26 01:19:25 arwen ntpd[30119]: clock is now synced # date Fri Jan 26 01:27:33 MST 2007 (on other synchronized machines and on my wrist the time is 09:27:33) Thanks, -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax +41 44 635 30 53 CH-8057 ZurichWeb www.ini.unizh.ch RSA public key: https://www.ini.uzh.ch/~stephan/pubkey.asc ---