Re: IBM T60 - APM issues
On 6/27/07, atstake atstake <[EMAIL PROTECTED]> wrote: On 27 Jun 2007 11:58:04 +0200, Artur Grabowski <[EMAIL PROTECTED]> wrote: > If the T60 is anything like the X60, it doesn't have APM, only ACPI. I recompiled the kernel with this (removing the "disable" and the "#") and still can get halt -p working. Is there something I'm missing? acpi0 at mainbus? acpitimer* at acpi? acpihpet* at acpi? acpiac*at acpi? acpibat* at acpi? acpibtn* at acpi? acpicpu* at acpi? acpidock* at acpi? acpiec*at acpi? acpiprt* at acpi? acpitz*at acpi? Here's my new dmesg | grep acpi. Thanks for any help. OpenBSD 4.1 (GENERIC.acpi) #0: Thu Jun 28 21:03:45 DST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.acpi acpi0 at mainbus0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 0 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) acpiec0 at acpi0: EC__ acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0: model: 92P1141 serial: 1159 type: LION oem: SONY acpibat1 at acpi0: BAT1: not present acpiac0 at acpi0: AC unit online acpitz0 at acpi0, critical temperature: 127 degC acpitz1 at acpi0, critical temperature: 99 degC
spamd patch
I think the passtime should use "now + passtime" not "now + expire", Is it correct? Index: libexec/spamd/grey.c === RCS file: /cvs/src/libexec/spamd/grey.c,v retrieving revision 1.39 diff -u -r1.39 grey.c --- libexec/spamd/grey.c2007/03/18 18:38:57 1.39 +++ libexec/spamd/grey.c2007/06/17 06:07:45 @@ -846,7 +846,7 @@ gd.first = now; gd.bcount = 1; gd.pcount = spamtrap ? -1 : 0; - gd.pass = now + expire; + gd.pass = now + passtime; gd.expire = now + expire; memset(&dbk, 0, sizeof(dbk)); dbk.size = strlen(lookup); - [demime 1.01d removed an attachment of type application/octet-stream which had a name of spamd-grey.c.patch]
Re: openbsd 4.1 and keep state
On Thu, Jun 28, 2007 at 02:56:33PM +0100, Stuart Henderson wrote: > On 2007/06/28 15:45, Huzeyfe ONAL wrote: > > Use "no state" in your rule. > > and 'flags any' if it's TCP. You can set this explicitly if you'd like, but it's not necessary: pfctl only applies 'flags S/SA' by default if the rule is stateful.
bgpd and multihop
I've just updated one of our routers from an end of May snapshot to a Jun 28th snapshot and have noticed that we seem to be having problems with our multihop sessions since the upgrade. [EMAIL PROTECTED] bgpctl -n s rib 80.252.127.0/24 flags: * = Valid, > = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin I 80.252.127.0/24 84.246.195.116 200 0 65123 i 80.252.127.0/24 84.246.195.116 200 0 65123 i [EMAIL PROTECTED] bgpctl -n s rib det 80.252.127.0/24 BGP routing table entry for 80.252.127.0/24 65123 Nexthop 84.246.195.116 (via ?) from 80.252.124.1 (80.252.124.1) Origin IGP, metric 0, localpref 200, internal Last update: 00:19:45 ago Community: 8282:200 8282:400 NO_EXPORT BGP routing table entry for 80.252.127.0/24 65123 Nexthop 84.246.195.116 (via ?) from 84.246.195.116 (84.246.195.116) Origin IGP, metric 0, localpref 200, external Last update: 00:20:10 ago Community: 8282:400 NO_EXPORT where as on our older "trusty" box [EMAIL PROTECTED] bgpctl -n s rib 80.252.127.0/24 flags: * = Valid, > = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin *>80.252.127.0/24 84.246.195.116 200 0 65123 i [EMAIL PROTECTED] bgpctl -n s rib det 80.252.127.0/24 BGP routing table entry for 80.252.127.0/24 65123 Nexthop 84.246.195.116 (via 80.252.119.2) from 84.246.195.116 (84.246.195.116) Origin IGP, metric 0, localpref 200, external, valid, best Last update: 5d21h14m ago Community: 8282:400 NO_EXPORT -- Jon Morby FidoNet Registration Services Ltd tel: 0845 004 3050 / fax: 0845 004 3051 web: http://www.fido.net/
Re: logger time stamps
Solved with 'eval', details below: On Thu, Jun 28, 2007 at 04:50:54PM +0100, Craig Skinner wrote: > > In the script I have: > > this=$(basename ${0}) > syslog="logger -t ${this}" syslog='logger -t ${this}' > > .. > > ping_hosts() > { > .. > .. > # if our router is not connected to the Internet, then log so > if [[ ${notified} = 'false' ]]; then > > ${syslog} 'link down!' eval ${syslog} 'link down!' > send_mail 'down!' > notified='true' > fi > > .. > .. > .. > > > reboot_router() > { > ${syslog} "rebooting ${router}" > $(dirname ${0})/reboot/${router_connect} eval ${syslog} 'rebooting ${router}' eval $(dirname ${0})/reboot/${router_connect} > > # Give the router a chance to reboot & retrain > sleep ${reboot_sleep} > ping_router > } > > reset_line() > { > ${syslog} "line reset with account: ${1}" > $(dirname ${0})/reset/${router_connect} ${1} eval ${syslog} 'line reset with account: ${1}' eval $(dirname ${0})/reset/${router_connect} ${1} > > # Give the router a chance to retrain on the ADSL gateway > sleep ${retrain_sleep} > ping_router > } > > > > .. > > Jun 28 23:40:41 teak viagrad: start up Jun 28 23:40:41 teak viagrad: loading config Jun 28 23:40:43 teak viagrad: Internet link up! Gateway: 193.29.223.169 I pulled the phone cable: Jun 28 23:41:04 juniper juniper: board 0 line 0 channel 0, call 26, C02 Call Terminated Jun 28 23:41:04 juniper juniper: ppp:LCP Closing Jun 28 23:41:04 juniper juniper: ppp:IPCP Closing Jun 28 23:42:05 teak viagrad: Internet link down! Jun 28 23:45:06 teak viagrad: line reset with account: [EMAIL PROTECTED] And put it back in: Jun 28 23:45:37 juniper juniper: board 0 line 0 channel 0, call 34, C01 Outgoing Call dev=5 ch=0 Jun 28 23:45:37 juniper juniper: board 0 line 0 channel 0, call 34, C02 OutCall Connected 512000 Jun 28 23:45:37 juniper juniper: ppp:LCP Starting Jun 28 23:45:40 juniper juniper: ppp:LCP Opening Jun 28 23:45:40 juniper juniper: ppp:CHAP Opening Jun 28 23:45:40 juniper juniper: ppp:IPCP Starting Jun 28 23:45:40 juniper juniper: ppp:IPCP Opening Jun 28 23:45:51 teak viagrad: rebooting branch.juniper Jun 28 23:46:38 juniper juniper: board 0 line 0 channel 0, call 8, C01 Outgoing Call dev=5 ch=0 Jun 28 23:46:38 juniper juniper: board 0 line 0 channel 0, call 8, C02 OutCall Connected 512000 Jun 28 23:46:38 juniper juniper: ppp:LCP Starting Jun 28 23:46:38 juniper juniper: ppp:LCP Opening Jun 28 23:46:38 juniper juniper: ppp:LCP Closing Jun 28 23:46:41 juniper juniper: board 0 line 0 channel 0, call 8, C02 Call Terminated Jun 28 23:46:44 juniper juniper: board 0 line 0 channel 0, call 9, C01 Outgoing Call dev=5 ch=0 Jun 28 23:46:44 juniper juniper: board 0 line 0 channel 0, call 9, C02 OutCall Connected 512000 Jun 28 23:46:44 juniper juniper: ppp:LCP Starting Jun 28 23:46:47 juniper juniper: ppp:LCP Opening Jun 28 23:46:48 juniper juniper: ppp:CHAP Opening Jun 28 23:46:48 juniper juniper: ppp:IPCP Starting Jun 28 23:46:48 juniper juniper: ppp:IPCP Opening Jun 28 23:47:27 teak viagrad: line reset with account: [EMAIL PROTECTED] Jun 28 23:47:36 juniper juniper: ppp:LCP Closing Jun 28 23:47:36 juniper juniper: ppp:IPCP Closing Jun 28 23:47:36 juniper juniper: board 0 line 0 channel 0, call 9, C02 Call Terminated Jun 28 23:47:38 juniper juniper: board 0 line 0 channel 0, call 10, C01 Outgoing Call dev=5 ch=0 Jun 28 23:47:38 juniper juniper: board 0 line 0 channel 0, call 10, C02 OutCall Connected 512000 Jun 28 23:47:38 juniper juniper: ppp:LCP Starting Jun 28 23:47:39 juniper juniper: board 0 line 0 channel 0, call 10, C02 Call Terminated Jun 28 23:47:50 juniper juniper: board 0 line 0 channel 0, call 11, C01 Incoming Call 150 Jun 28 23:47:53 juniper juniper: ppp:LCP Opening Jun 28 23:47:55 juniper juniper: ppp:CHAP Opening Jun 28 23:47:55 juniper juniper: ppp:IPCP Starting Jun 28 23:47:55 juniper juniper: ppp:IPCP Opening Jun 28 23:48:12 teak viagrad: Internet link up! Gateway: 193.29.223.169 -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: SSH brute force attacks no longer being caught by PF rule
2007/6/28, J.D. Bronson <[EMAIL PROTECTED]>: so if it wont write to a file...I presume it blocks whats listed in /etc/tables/scanners permanently and then only blocks NEW offenders via kernel memory? (can someone clarify my understanding of that? Do you really need a file? In my experience blocking the offenders for 1h is enough; they very rarely come back later. Best Martin
Re: Intel Core 2
Thanks very much! On Thu, Jun 28, 2007 at 10:24:01AM +0200, Johan P. Lindstrvm wrote: > rough translation from swedish to english of: ...
Re: openbsd 4.0 installed, need to add network interface after install
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > John Mendenhall > Sent: Thursday, June 28, 2007 03:37 PM > To: misc@openbsd.org > Subject: openbsd 4.0 installed, need to add network interface after > install > > > openbsd gurus, > > As the saga continues... > I have a newly built server with openbsd 4.0. > During installation, it did not find the onboard > lan interface, which I did not realize until after > the installation had completed. > > I made sure the bios was set properly. There > was no LAN option in the BIOS. > > I assumed the onboard lan interface was bad. > This has happened before so I added a linksys > lan card in the system. > > I rebooted. I checked the BIOS for any LAN options. > Nothing. I booted into openbsd. No interfaces > created. > > How do I get the system to discover the network > interface? > > I have been searching the net for anything like > this and have not found anything that has worked. > > Do I need to reinstall the system? > Or, is there some tool I can use to rediscover the > network interface so it gets setup properly? > > Thanks in advance for any pointers you can provide. > > JohnM > > Here is my current dmesg: > -- > OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: AMD Athlon(tm) ("AuthenticAMD" 686-class, 256KB L2 cache) 1.01 GHz > cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT, > PSE36,MMX,FXSR,SSE > real mem = 527986688 (515612K) > avail mem = 473665536 (462564K) > using 4256 buffers containing 26501120 bytes (25880K) of memory > mainbus0 (root) > bios0 at mainbus0: AT/286+(08) BIOS, date 12/24/01, BIOS32 rev. 0 > @ 0xfb420, SMBIOS rev. 2.2 @ 0xf0800 (31 > entries) > bios0: VIA Technologies, Inc. VT8361 > apm0 at bios0: Power Management spec V1.2 > apm0: AC on, battery charge unknown > apm0: flags 70102 dobusy 1 doidle 1 > pcibios0 at bios0: rev 2.1 @ 0xf/0xdef4 > pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde70/128 (6 entries) > pcibios0: PCI Exclusive IRQs: 10 11 > pcibios0: PCI Interrupt Router at 000:07:0 ("VIA VT82C596A ISA" rev 0x00) > pcibios0: PCI bus #1 is the last bus > bios0: ROM list: 0xc/0xc000 0xcc000/0x4000! > cpu0 at mainbus0 > pci0 at mainbus0 bus 0: configuration mode 1 (no bios) > pchb0 at pci0 dev 0 function 0 "VIA VT8361 PCI" rev 0x00 > ppb0 at pci0 dev 1 function 0 "VIA VT8361 AGP" rev 0x00 > pci1 at ppb0 bus 1 > vga1 at pci1 dev 0 function 0 "Trident CyberBlade i1" rev 0x00 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > pcib0 at pci0 dev 7 function 0 "VIA VT82C686 ISA" rev 0x40 > pciide0 at pci0 dev 7 function 1 "VIA VT82C571 IDE" rev 0x06: > ATA100, channel 0 configured to compatibility > , channel 1 configured to compatibility > wd0 at pciide0 channel 0 drive 0: > wd0: 16-sector PIO, LBA48, 117800MB, 241254720 sectors > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 > wd1 at pciide0 channel 1 drive 0: > wd1: 16-sector PIO, LBA48, 114473MB, 234441648 sectors > atapiscsi0 at pciide0 channel 1 drive 1 > scsibus0 at atapiscsi0: 2 targets > cd0 at scsibus0 targ 0 lun 0: SCSI0 > 5/cdrom removable > wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 > cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 > uhci0 at pci0 dev 7 function 2 "VIA VT83C572 USB" rev 0x1a: irq 10 > usb0 at uhci0: USB revision 1.0 > uhub0 at usb0 > uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 > uhub0: 2 ports with 2 removable, self powered > uhci1 at pci0 dev 7 function 3 "VIA VT83C572 USB" rev 0x1a: irq 10 > usb1 at uhci1: USB revision 1.0 > uhub1 at usb1 > uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 > uhub1: 2 ports with 2 removable, self powered > viaenv0 at pci0 dev 7 function 4 "VIA VT82C686 SMBus" rev 0x40 > isa0 at pcib0 > isadma0 at isa0 > pckbc0 at isa0 port 0x60/5 > pckbd0 at pckbc0 (kbd slot) > pckbc0: using irq 1 for kbd slot > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > pcppi0 at isa0 port 0x61 > midi0 at pcppi0: > spkr0 at pcppi0 > npx0 at isa0 port 0xf0/16: using exception 16 > pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > pccom0: console > biomask ffed netmask ffed ttymask ffef > pctr: user-level cycle counter enabled > mtrr: Pentium Pro MTRR support > dkcsum: wd0 matches BIOS drive 0x80 > dkcsum: wd1 matches BIOS drive 0x81 > root on wd0a > rootdev=0x0 rrootdev=0x300 rawdev=0x302 > -- > > -- > john mendenhall > [EMAIL PROTECTED] > surf utopia > internet services > John, I'm far from a guru, but looking at your dmesg I don't see a lan card there at all. Here are the first few steps: 1- Check the hardware compatability list to make sure the lan card is supported. 2- Take a look and make sure the lan card is seated in it's slot properly. I have had this happen a few times with smaller cards not seating all the way (it
OpenBSD 4.0: isakmpd and immediate use of crls (without isakmpd restart)
Hello, I was wondering what is the best way to immediately use a newly received crl that contains a revoked certificate... Basically if I have 3 firewalls and one of them is compromised I will push a new crl on the 2 uncorrupted firewalls. The thing is that (even when I send them a HUP signal) isakmpd only uses the CRL when the next main-mode is performed. One thing I was thinking is to remove all IPSEC SAs echo "T" > /var/run/isakmpd.fifo Then find a way to remove all IKE SAs echo "t main *" > /var/run/isakmpd.fifo -- something like this...I'm don't know yet how I could do that. However, it is a bit inconvenient because the connection between the two "good" firewalls is broken as well. I found this: http://archives.neohapsis.com/archives/openbsd/2002-10/1327.html but it doesn't help much in this case... I was looking through the isakmpd code and I could force this by changing sa.c file, sa_reinit function to remove all SAs not just phase 2 SAs on SIGHUP when Renegotiate-on-HUP is set. Again that would break all tunnels not just the one to the compromised firewall. But there must be a better way to do this. Thanks, ./catalin - Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail
openbsd 4.0 installed, need to add network interface after install
openbsd gurus, As the saga continues... I have a newly built server with openbsd 4.0. During installation, it did not find the onboard lan interface, which I did not realize until after the installation had completed. I made sure the bios was set properly. There was no LAN option in the BIOS. I assumed the onboard lan interface was bad. This has happened before so I added a linksys lan card in the system. I rebooted. I checked the BIOS for any LAN options. Nothing. I booted into openbsd. No interfaces created. How do I get the system to discover the network interface? I have been searching the net for anything like this and have not found anything that has worked. Do I need to reinstall the system? Or, is there some tool I can use to rediscover the network interface so it gets setup properly? Thanks in advance for any pointers you can provide. JohnM Here is my current dmesg: -- OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(tm) ("AuthenticAMD" 686-class, 256KB L2 cache) 1.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 527986688 (515612K) avail mem = 473665536 (462564K) using 4256 buffers containing 26501120 bytes (25880K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(08) BIOS, date 12/24/01, BIOS32 rev. 0 @ 0xfb420, SMBIOS rev. 2.2 @ 0xf0800 (31 entries) bios0: VIA Technologies, Inc. VT8361 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdef4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde70/128 (6 entries) pcibios0: PCI Exclusive IRQs: 10 11 pcibios0: PCI Interrupt Router at 000:07:0 ("VIA VT82C596A ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xc000 0xcc000/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA VT8361 PCI" rev 0x00 ppb0 at pci0 dev 1 function 0 "VIA VT8361 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "Trident CyberBlade i1" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 "VIA VT82C686 ISA" rev 0x40 pciide0 at pci0 dev 7 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100, channel 0 configured to compatibility , channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 117800MB, 241254720 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide0 channel 1 drive 0: wd1: 16-sector PIO, LBA48, 114473MB, 234441648 sectors atapiscsi0 at pciide0 channel 1 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 7 function 2 "VIA VT83C572 USB" rev 0x1a: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 7 function 3 "VIA VT83C572 USB" rev 0x1a: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered viaenv0 at pci0 dev 7 function 4 "VIA VT82C686 SMBus" rev 0x40 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console biomask ffed netmask ffed ttymask ffef pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 -- -- john mendenhall [EMAIL PROTECTED] surf utopia internet services
Fw: clamav on 3.9 [SOLVED]
I just worked it out, sorry for the noise ! Just had to compile clamav again with the newest curl installed , and the resulting clamav package worked just fine. - Original Message - From: "Marcos Laufer" <[EMAIL PROTECTED]> To: Sent: Thursday, June 28, 2007 4:11 PM Subject: Fw: clamav on 3.9 I'v managed to compile curl (jsut had to remove the old one first) but i still can't install the clamav package , i still get the same error message: test:/usr/ports/security/clamav{95}# pkg_add /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz Can't install /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz: lib not found curl.3.3 Even by looking in the dependency tree: arc-5.21n, libidn-0.6.1, libiconv-1.9.2p3, bzip2-1.0.3, zoo-2.10.1p0, unzip-5.52, lha-1.14i.ac20050924, gettext-0.14.5p1, expat-1.95.6p1, gmp-4.1.4p0, curl-7.16.2 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. test:/usr/ports/security/clamav{96}# - Original Message - From: "Marcos Laufer" <[EMAIL PROTECTED]> To: Sent: Thursday, June 28, 2007 3:56 PM Subject: clamav on 3.9 Hi there, I'm trying to install the newest clamav (0.90.3) on OpenBSD 3.9 . I updated the sources, and managed to compile it . But when i try to install the package i get this error: pkg_add /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz Can't install /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz: lib not found idn.16.15 Even by looking in the dependency tree: lha-1.14i.ac20050924, unzip-5.52, arc-5.21n, gmp-4.1.4p0, libiconv-1.9.2p3, bzip2-1.0.3, curl-7.15.3, zoo-2.10.1p0 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. And libidn is installed : pkg_info |grep libid libidn-0.6.1internationalized string handling I read here http://www.mail-archive.com/[EMAIL PROTECTED]/msg11199.html someone had a similar problem and his solution was to update curl as well , but i can't upgrade it because i get another funky error: /usr/local/bin/libtool --tag=CC--mode=link -O2 -pipe -L/usr/local/lib -o curl main.o hugehelp.o urlglob.o writeout.o writeenv.o getpass.o homedir.o curlutil.o strtoofft.o strdup.o ../lib/libcurl.la -lz mkdir .libs cc -O2 -pipe -o .libs/curl main.o hugehelp.o urlglob.o writeout.o writeenv.o getpass.o homedir.o curlutil.o strtoofft.o strdup.o -L/usr/local/lib -L../lib/.libs -lcurl -lcrypto -lssl -lidn -licon v -lz -Wl,-rpath,/usr/local/lib main.o(.text+0x2ff): In function `file2string': : warning: strcpy() is almost always misused, please use strlcpy() /usr/local/lib/libcurl.so.3.3: warning: sprintf() is often misused, please use snprintf() main.o(.text+0x68b1): In function `my_get_line': : warning: strcat() is almost always misused, please use strlcat() main.o(.text+0x4752): In function `operate': : undefined reference to `curl_easy_escape' collect2: ld returned 1 exit status *** Error code 1 Stop in /u/system/ports/net/curl/w-curl-7.16.2/curl-7.16.2/src (line 358 of Makefile). *** Error code 1 Stop in /u/system/ports/net/curl/w-curl-7.16.2/curl-7.16.2/src (line 279 of Makefile). *** Error code 1 Stop in /u/system/ports/net/curl/w-curl-7.16.2/curl-7.16.2 (line 374 of Makefile). *** Error code 1 Stop in /u/system/ports/net/curl (line 1924 of /usr/ports/infrastructure/mk/bsd.port.mk). I'd appreciate any help on how to continue Thanks!
Re: clamav on 3.9
I'm trying to install the newest clamav (0.90.3) on OpenBSD 3.9 . I updated The clamav package for 3.9 is clamav-0.88.tgz For 4.1 it is: clamav-0.90.tgz Don't mix versions. http://openbsd.org/faq/faq15.html#Latest
Re: clamav on 3.9
On 2007/06/28 15:56, Marcos Laufer wrote: > I'm trying to install the newest clamav (0.90.3) on OpenBSD 3.9 . I updated > the sources, and managed to compile it . But when i try to install the package > i get this error: this is a variant of "http://www.openbsd.org/faq/faq15.html#NoFun"; > Can't install /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz: lib not > found idn.16.15 You need to update some dependencies too. But, the time you would spend doing this by hand would be better spent upgrading the OS to a version that receives port updates.
Fw: clamav on 3.9
I'v managed to compile curl (jsut had to remove the old one first) but i still can't install the clamav package , i still get the same error message: test:/usr/ports/security/clamav{95}# pkg_add /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz Can't install /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz: lib not found curl.3.3 Even by looking in the dependency tree: arc-5.21n, libidn-0.6.1, libiconv-1.9.2p3, bzip2-1.0.3, zoo-2.10.1p0, unzip-5.52, lha-1.14i.ac20050924, gettext-0.14.5p1, expat-1.95.6p1, gmp-4.1.4p0, curl-7.16.2 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. test:/usr/ports/security/clamav{96}# - Original Message - From: "Marcos Laufer" <[EMAIL PROTECTED]> To: Sent: Thursday, June 28, 2007 3:56 PM Subject: clamav on 3.9 Hi there, I'm trying to install the newest clamav (0.90.3) on OpenBSD 3.9 . I updated the sources, and managed to compile it . But when i try to install the package i get this error: pkg_add /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz Can't install /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz: lib not found idn.16.15 Even by looking in the dependency tree: lha-1.14i.ac20050924, unzip-5.52, arc-5.21n, gmp-4.1.4p0, libiconv-1.9.2p3, bzip2-1.0.3, curl-7.15.3, zoo-2.10.1p0 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. And libidn is installed : pkg_info |grep libid libidn-0.6.1internationalized string handling I read here http://www.mail-archive.com/[EMAIL PROTECTED]/msg11199.html someone had a similar problem and his solution was to update curl as well , but i can't upgrade it because i get another funky error: /usr/local/bin/libtool --tag=CC--mode=link -O2 -pipe -L/usr/local/lib -o curl main.o hugehelp.o urlglob.o writeout.o writeenv.o getpass.o homedir.o curlutil.o strtoofft.o strdup.o ../lib/libcurl.la -lz mkdir .libs cc -O2 -pipe -o .libs/curl main.o hugehelp.o urlglob.o writeout.o writeenv.o getpass.o homedir.o curlutil.o strtoofft.o strdup.o -L/usr/local/lib -L../lib/.libs -lcurl -lcrypto -lssl -lidn -licon v -lz -Wl,-rpath,/usr/local/lib main.o(.text+0x2ff): In function `file2string': : warning: strcpy() is almost always misused, please use strlcpy() /usr/local/lib/libcurl.so.3.3: warning: sprintf() is often misused, please use snprintf() main.o(.text+0x68b1): In function `my_get_line': : warning: strcat() is almost always misused, please use strlcat() main.o(.text+0x4752): In function `operate': : undefined reference to `curl_easy_escape' collect2: ld returned 1 exit status *** Error code 1 Stop in /u/system/ports/net/curl/w-curl-7.16.2/curl-7.16.2/src (line 358 of Makefile). *** Error code 1 Stop in /u/system/ports/net/curl/w-curl-7.16.2/curl-7.16.2/src (line 279 of Makefile). *** Error code 1 Stop in /u/system/ports/net/curl/w-curl-7.16.2/curl-7.16.2 (line 374 of Makefile). *** Error code 1 Stop in /u/system/ports/net/curl (line 1924 of /usr/ports/infrastructure/mk/bsd.port.mk). I'd appreciate any help on how to continue Thanks!
clamav on 3.9
Hi there, I'm trying to install the newest clamav (0.90.3) on OpenBSD 3.9 . I updated the sources, and managed to compile it . But when i try to install the package i get this error: pkg_add /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz Can't install /usr/ports/packages/i386/all/clamav-0.90.3p0.tgz: lib not found idn.16.15 Even by looking in the dependency tree: lha-1.14i.ac20050924, unzip-5.52, arc-5.21n, gmp-4.1.4p0, libiconv-1.9.2p3, bzip2-1.0.3, curl-7.15.3, zoo-2.10.1p0 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. And libidn is installed : pkg_info |grep libid libidn-0.6.1internationalized string handling I read here http://www.mail-archive.com/[EMAIL PROTECTED]/msg11199.html someone had a similar problem and his solution was to update curl as well , but i can't upgrade it because i get another funky error: /usr/local/bin/libtool --tag=CC--mode=link -O2 -pipe -L/usr/local/lib -o curl main.o hugehelp.o urlglob.o writeout.o writeenv.o getpass.o homedir.o curlutil.o strtoofft.o strdup.o ../lib/libcurl.la -lz mkdir .libs cc -O2 -pipe -o .libs/curl main.o hugehelp.o urlglob.o writeout.o writeenv.o getpass.o homedir.o curlutil.o strtoofft.o strdup.o -L/usr/local/lib -L../lib/.libs -lcurl -lcrypto -lssl -lidn -licon v -lz -Wl,-rpath,/usr/local/lib main.o(.text+0x2ff): In function `file2string': : warning: strcpy() is almost always misused, please use strlcpy() /usr/local/lib/libcurl.so.3.3: warning: sprintf() is often misused, please use snprintf() main.o(.text+0x68b1): In function `my_get_line': : warning: strcat() is almost always misused, please use strlcat() main.o(.text+0x4752): In function `operate': : undefined reference to `curl_easy_escape' collect2: ld returned 1 exit status *** Error code 1 Stop in /u/system/ports/net/curl/w-curl-7.16.2/curl-7.16.2/src (line 358 of Makefile). *** Error code 1 Stop in /u/system/ports/net/curl/w-curl-7.16.2/curl-7.16.2/src (line 279 of Makefile). *** Error code 1 Stop in /u/system/ports/net/curl/w-curl-7.16.2/curl-7.16.2 (line 374 of Makefile). *** Error code 1 Stop in /u/system/ports/net/curl (line 1924 of /usr/ports/infrastructure/mk/bsd.port.mk). I'd appreciate any help on how to continue Thanks!
Re: SSH brute force attacks no longer being caught by PF rule
J.D. Bronson wrote: Guys...I was not the one that started this thread.. I just chimed in and asked for a tweak on the setup. Sorry for my mistake then. I should refrain from replying on lack of sleep. (;> I have what I need for now :) Glad it help you never the less.
Re: SSH brute force attacks no longer being caught by PF rule
Guys...I was not the one that started this thread.. I just chimed in and asked for a tweak on the setup. I have what I need for now :) -JD At 11:54 AM 06/28/2007, Daniel Ouellet wrote: J.D. Bronson wrote: At 08:56 AM 06/28/2007, Stuart Henderson wrote: On 2007/06/28 08:46, J.D. Bronson wrote: > Will NEW offenders be added to /etc/tables/scanners > as they are discovered and therefore not just remain in kernel? No, pf does not write to files. How about cron(8) and pfctl(8) instead? so if it wont write to a file...I presume it blocks whats listed in /etc/tables/scanners permanently and then only blocks NEW offenders via kernel memory? (can someone clarify my understanding of that? I would ideally like to stop attacks and then write the offenders in a file so I dont loose these during a reboot... what if I cron something like this: pfctl -t scanners -T show >> /etc/tables/scanners pfctl -f /etc/pf.conf Would that work?? I was trying to help giving you an example that would work, as you said it was working before and not anymore. But I guess you need to go back and read the faq, and the man page on pf and cron. Looks like you want others to do the work for you and giving you the answer, or even more details is like doing the setup for you and you will not remember or understand it properly to do it right the next time around. Sorry, I really was going to send you more but deleted my email. It wouldn't be the right way to help you. Configuring a firewall is important to make sure you protect yourself and your office, etc. Do your homework first, then if you have question you sure can asked and will be more then happy to help. Feeding you with a spoon is the wrong thing to do here as firewall is to important for you not to understand it fully. I sure don't want to be mean, but I think that's the best way to help you. I fell it wouldn't be helping you doing so. If you are not sure of something, why not testing it and see. (;> Best, Daniel
Re: SSH brute force attacks no longer being caught by PF rule
J.D. Bronson wrote: At 08:56 AM 06/28/2007, Stuart Henderson wrote: On 2007/06/28 08:46, J.D. Bronson wrote: > Will NEW offenders be added to /etc/tables/scanners > as they are discovered and therefore not just remain in kernel? No, pf does not write to files. How about cron(8) and pfctl(8) instead? so if it wont write to a file...I presume it blocks whats listed in /etc/tables/scanners permanently and then only blocks NEW offenders via kernel memory? (can someone clarify my understanding of that? I would ideally like to stop attacks and then write the offenders in a file so I dont loose these during a reboot... what if I cron something like this: pfctl -t scanners -T show >> /etc/tables/scanners pfctl -f /etc/pf.conf Would that work?? I was trying to help giving you an example that would work, as you said it was working before and not anymore. But I guess you need to go back and read the faq, and the man page on pf and cron. Looks like you want others to do the work for you and giving you the answer, or even more details is like doing the setup for you and you will not remember or understand it properly to do it right the next time around. Sorry, I really was going to send you more but deleted my email. It wouldn't be the right way to help you. Configuring a firewall is important to make sure you protect yourself and your office, etc. Do your homework first, then if you have question you sure can asked and will be more then happy to help. Feeding you with a spoon is the wrong thing to do here as firewall is to important for you not to understand it fully. I sure don't want to be mean, but I think that's the best way to help you. I fell it wouldn't be helping you doing so. If you are not sure of something, why not testing it and see. (;> Best, Daniel
logger time stamps
I've written a korn script (viagrad) that runs as a daemon and checks that my ADSL router is up. If no hosts beyond the router are pingable, it resets (via expect scripts) the username in the router to the telco's default, then waits a while for a re-train on the gateway, reboots the router, resets the account to my user account, and starts the loop again. In the script I have: this=$(basename ${0}) syslog="logger -t ${this}" .. ping_hosts() { .. .. # if our router is not connected to the Internet, then log so if [[ ${notified} = 'false' ]]; then ${syslog} 'link down!' send_mail 'down!' notified='true' fi .. .. .. reboot_router() { ${syslog} "rebooting ${router}" $(dirname ${0})/reboot/${router_connect} # Give the router a chance to reboot & retrain sleep ${reboot_sleep} ping_router } reset_line() { ${syslog} "line reset with account: ${1}" $(dirname ${0})/reset/${router_connect} ${1} # Give the router a chance to retrain on the ADSL gateway sleep ${retrain_sleep} ping_router } .. The router's DNS name is juniper, and the host that this runs on is teak, but notice the time stamps from the script are delayed, compared to the syslog events from the router: Jun 28 12:41:05 juniper juniper: board 0 line 0 channel 0, call 8, C02 Call Terminated Jun 28 12:42:13 juniper juniper: ppp:LCP Closing LATE: Jun 28 12:40:09 teak viagrad: link down! Jun 28 12:43:22 juniper juniper: ppp:IPCP Closing Jun 28 12:44:30 juniper juniper: board 0 line 0 channel 0, call 9, C01 Outgoing Call dev=5 ch=0 Jun 28 12:45:38 juniper juniper: board 0 line 0 channel 0, call 9, C02 OutCall Connected 512000 Jun 28 12:46:46 juniper juniper: ppp:LCP Starting Jun 28 12:47:54 juniper juniper: ppp:LCP Opening Jun 28 12:49:02 juniper juniper: ppp:CHAP Shutdown Jun 28 12:50:10 juniper juniper: ppp:LCP Closing LATE: Jun 28 12:43:10 teak viagrad: line reset with account: [EMAIL PROTECTED] Jun 28 12:51:18 juniper juniper: board 0 line 0 channel 0, call 9, C02 Call Terminated Jun 28 12:52:26 juniper juniper: board 0 line 0 channel 0, call 10, C01 Outgoing Call dev=5 ch=0 Jun 28 12:53:34 juniper juniper: board 0 line 0 channel 0, call 10, C02 OutCall Connected 512000 LATE: Jun 28 12:43:54 teak viagrad: rebooting branch.juniper Jun 28 12:54:42 juniper juniper: ppp:LCP Starting Jun 28 12:55:50 juniper juniper: ppp:LCP Opening Jun 28 12:56:58 juniper juniper: ppp:CHAP Shutdown Jun 28 12:58:06 juniper juniper: ppp:LCP Closing LATE: Jun 28 12:45:29 teak viagrad: line reset with account: [EMAIL PROTECTED] Jun 28 12:59:14 juniper juniper: board 0 line 0 channel 0, call 10, C02 Call Terminated Jun 28 13:00:22 juniper juniper: board 0 line 0 channel 0, call 11, C01 Outgoing Call dev=5 ch=0 Jun 28 13:01:30 juniper juniper: board 0 line 0 channel 0, call 11, C02 OutCall Connected 512000 Jun 28 13:02:39 juniper juniper: ppp:LCP Starting LATE: Jun 28 12:49:33 teak viagrad: rebooting branch.juniper Jun 28 13:03:47 juniper juniper: ppp:LCP Opening Jun 28 13:04:55 juniper juniper: ppp:CHAP Shutdown Jun 28 13:06:03 juniper juniper: ppp:LCP Closing LATE: Jun 28 12:54:31 teak viagrad: line reset with account: [EMAIL PROTECTED] Jun 28 13:07:11 juniper juniper: board 0 line 0 channel 0, call 11, C02 Call Terminated LATE: Jun 28 12:55:14 teak viagrad: rebooting branch.juniper Jun 28 13:08:19 juniper juniper: board 0 line 0 channel 0, call 12, C01 Outgoing Call dev=5 ch=0 LATE: Jun 28 12:56:49 teak viagrad: line reset with account: [EMAIL PROTECTED] Jun 28 13:09:27 juniper juniper: board 0 line 0 channel 0, call 12, C02 OutCall Connected 512000 Jun 28 13:10:35 juniper juniper: ppp:LCP Starting Jun 28 13:11:05 juniper juniper: ppp:LCP Opening Jun 28 13:11:05 juniper juniper: ppp:LCP Closing Jun 28 13:11:05 juniper juniper: board 0 line 0 channel 0, call 12, C02 Call Terminated LATE: Jun 28 13:00:54 teak viagrad: rebooting branch.juniper Jun 28 13:11:05 juniper juniper: board 0 line 0 channel 0, call 13, C01 Outgoing Call dev=5 ch=0 LATE: Jun 28 13:05:51 teak viagrad: line reset with account: [EMAIL PROTECTED] Jun 28 13:11:05 juniper juniper: board 0 line 0 channel 0, call 13, C02 OutCall Connected 512000 LATE: Jun 28 13:06:34 teak viagrad: rebooting branch.juniper Jun 28 13:11:05 juniper juniper: ppp:LCP Starting LATE: Jun 28 13:08:10 teak viagrad: line reset with account: [EMAIL PROTECTED] ISP's RADUIS server goes a bit spazzo as everyone tries to re-auth after the brown-out: Jun 28 13:11:05 juniper juniper: ppp:LCP Opening Jun 28 13:11:05 juniper juniper: ppp:CHAP Opening Jun 28 13:11:05 juniper juniper: ppp:IPCP Starting Jun 28 13:11:05 juniper juniper: ppp:IPCP Opening Jun 28 13:11:05 juniper juniper: board 0 line 0 channel 0, call 9, C01 Outgoing Call dev=5 ch=0 Jun 28 13:11:05 juniper juniper
Re: USB200M (linksys) reporting "device problem, disabling port"
On Wed, Jun 27, 2007 at 09:45:17PM -0400, Eric wrote: hello.. i just installed OpenBSD 4.1 from an original CD. My USB ethernet adapter, a Linksys USB200M is a known good working adapter (verified on Mac OS X 10.4 and FreeBSD 6.2). I am building a gateway with OpenBSD and this hardware has only one builtin ethernet adapter (rl0) and will require a 2nd. PCI ethernet is not an option (it's a small form factor fanless PC). I require the USB200M to operate or a suitable alternative must be found. The documentation confirms the USB200M is supported via the axe(4) driver. The FAQ, mailing list archives, and google have produced no answers. They seem to produce results stating either that the USB200M is supported via axe(4) or that the axe(4) driver has been committed (in the 3.x branches). Almost all of the available information is relating to the introduction of axe(4) in 3.x. Some results refer to this issue, but have no replies which resolve the problem. I can't tell if you have a USB2 (ehci) controller, you didn't include a full dmesg. But if you don't perhaps there is an issue with usb/uhci code not properly handling high speed devices on low speed controllers. The BIOS has an option for "OnChip USB2" which is enabled, as is "OnChip USB". However i don't see a ehci controller Full dmesg: OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Samuel 2 ("CentaurHauls" 686-class) 802 MHz cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX real mem = 125337600 (122400K) avail mem = 106831872 (104328K) using 1560 buffers containing 6389760 bytes (6240K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 03/17/03, BIOS32 rev. 0 @ 0xfb390, SMBIOS rev. 2.2 @ 0xf0800 (43 entries) bios0: VIA Technologies, Inc. VT8601 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdd54 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdce0/112 (5 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 12 pcibios0: PCI Interrupt Router at 000:07:0 ("VIA VT82C596A ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xc000 0xcc000/0x4000! 0xd/0x4000 acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA VT8601 PCI" rev 0x05 ppb0 at pci0 dev 1 function 0 "VIA VT82C601 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "Trident CyberBlade i1" rev 0x6a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 "VIA VT82C686 ISA" rev 0x40 pciide0 at pci0 dev 7 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 4-sector PIO, LBA, 7815MB, 16007040 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 7 function 2 "VIA VT83C572 USB" rev 0x1a: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 7 function 3 "VIA VT83C572 USB" rev 0x1a: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered viaenv0 at pci0 dev 7 function 4 "VIA VT82C686 SMBus" rev 0x40 rl0 at pci0 dev 14 function 0 "Realtek 8139" rev 0x10: irq 11, address 00:11:5b:01:e8:74 rlphy0 at rl0 phy 0: RTL internal PHY cmpci0 at pci0 dev 15 function 0 "C-Media Electronics CMI8738/C3DX Audio" rev 0x10: irq 12 audio0 at cmpci0 opl0 at cmpci0: model OPL3 midi0 at opl0: mpu at cmpci0 not configured "C-Media Electronics HSP56 AMR" rev 0x20 at pci0 dev 15 function 1 not configured isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi1 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo biomask ef6d netmask ef6d ttymask efef pctr: user-level cycle counter enabled uhub0: port 1, set config at addr 2 failed uhub0: device problem, disabling port 1 dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 thank you
Re: SSH brute force attacks no longer being caught by PF rule
On 2007/06/28 09:02, J.D. Bronson wrote: > At 08:56 AM 06/28/2007, Stuart Henderson wrote: >> On 2007/06/28 08:46, J.D. Bronson wrote: >> > Will NEW offenders be added to /etc/tables/scanners >> > as they are discovered and therefore not just remain in kernel? >> >> No, pf does not write to files. >> How about cron(8) and pfctl(8) instead? > > so if it wont write to a file...I presume it blocks > whats listed in /etc/tables/scanners permanently and then only > blocks NEW offenders via kernel memory? > (can someone clarify my understanding of that? yes. when the ruleset is loaded, the table in memory is populated with the contents of /etc/tables/scanners. when someone hits overload, they are just added to the table in memory. > I would ideally like to stop attacks and then write the offenders in a file > so I dont loose these during a reboot... > > what if I cron something like this: > > pfctl -t scanners -T show >> /etc/tables/scanners > pfctl -f /etc/pf.conf > > Would that work?? no need to reload the ruleset each time, and your table file will grow quite large by using >> to append each time; this would be better: TMPFILE=`mktemp -p /etc/tables scanners.XX` || exit 1 pfctl -t scanners -Ts > $TMPFILE && mv $TMPFILE /etc/tables/scanners this is all from a 'how to do it' point-of-view, I don't think it's all that useful. if an attacker is still active, they'll hit overload soon enough anyway.
Re: SSH brute force attacks no longer being caught by PF rule
On Thu, 28 Jun 2007 09:02:43 -0500 "J.D. Bronson" <[EMAIL PROTECTED]> wrote: > At 08:56 AM 06/28/2007, Stuart Henderson wrote: > >On 2007/06/28 08:46, J.D. Bronson wrote: > > > Will NEW offenders be added to /etc/tables/scanners > > > as they are discovered and therefore not just remain in kernel? > > > >No, pf does not write to files. > >How about cron(8) and pfctl(8) instead? > > so if it wont write to a file...I presume it blocks > whats listed in /etc/tables/scanners permanently and then only > blocks NEW offenders via kernel memory? > (can someone clarify my understanding of that? > > I would ideally like to stop attacks and then write the offenders in a file > so I dont loose these during a reboot... > > what if I cron something like this: > > pfctl -t scanners -T show >> /etc/tables/scanners > pfctl -f /etc/pf.conf > > Would that work?? > The persist thing got me at first too, but the FAQ is quite clear and does not actual say it writes anywhere. I just assumed it for reasons beyond this discussion. Anyway, persist keeps it even if no rules are not using it. The file part is strictly for pre-populating when pf starts up. I am not sure why you have both of those... the top line to output would be fine, and have your pf ruleset use the file at startup to read them in.
Re: Intel Core 2
On 2007/06/28 09:16, David W. Hess wrote: > On Thu, 28 Jun 2007 10:26:45 +0200, RedShift <[EMAIL PROTECTED]> wrote: > > >> Reliability decay of low-lead materials may be economically > >> desirable for some consumer product companies because it provides a > >> mechanism to enforce planned obsolescence and replacement. Ironically, > >> this is the opposite of the claimed intent of RoHS legislation. > > > >uuhhh that's scary. Are you sure "they" haven't found a solution for that? > > > > The inexpensive solution is to use a minimum of 4% lead in the tin based > solder but that goes against the purpose of RoHS even if more waste is > produced do to early failure. Lead is still permitted for some equipment (notably network infrastructure), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0095:EN:HTML annex 7: - lead in solders for servers, storage and storage array systems (exemption granted until 2010), - lead in solders for network infrastructure equipment for switching, signalling, transmission as well as network management for telecommunication, - lead in electronic ceramic parts (e.g. piezoelectronic devices).
Re: SSH brute force attacks no longer being caught by PF rule
On Wed, Jun 27, 2007 at 09:54:04PM -0700, Steve B wrote: > The rule I've had in my pf.conf file to catch and block forceful SSH > attempts no longer appears to be working. I see the entries in my authlog, > but the IPs are no longer getting added to my table. I suspect I screwed > something up, but so far I am at a loss to see where. Could someone pass > another set of eyes over the relevant parts of my pf.conf? > > ## SSH Hackers - blocked IPs > table persist file "/etc/tables/scanners" > > ## Packet Filtering ## > block quick from > block in all > > ## Pass SSH traffic ## > pass in log on $ext_if inet proto tcp from any to any port = ssh flags S/SA > keep state (source-track rule, max-src-conn 10, max-src-conn-rate 5/60, > overload flush global, if-bound, sr > c.track 60) 'pass in log' suggests the solution; try to connect via SSH and let tcpdump listen on pflog0. Joachim -- TFMotD: perlnewmod (1) - preparing a new module for distribution
Re: Intel Core 2
On Thu, 28 Jun 2007 10:26:45 +0200, RedShift <[EMAIL PROTECTED]> wrote: >> Reliability decay of low-lead materials may be economically >> desirable for some consumer product companies because it provides a >> mechanism to enforce planned obsolescence and replacement. Ironically, >> this is the opposite of the claimed intent of RoHS legislation. > >uuhhh that's scary. Are you sure "they" haven't found a solution for that? > The inexpensive solution is to use a minimum of 4% lead in the tin based solder but that goes against the purpose of RoHS even if more waste is produced do to early failure. There are other alloying agents which impede tin whisker growth but they tend to either add significantly to the cost or compromise other characteristics.
FTP traffic counting
I am using OpenBSD 4.0 and I am counting bytes with labels for most protocols but with ftp-proxy I do not know how to proceed. How can I do this? These are the rules I have in pf.conf: nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass on $INT \ inet proto tcp \ from any \ to any port ftp \ -> 127.0.0.1 port 8021 anchor "ftp-proxy/*" pass out on $EXT \ inet proto tcp \ from ($EXT) \ to any port 21 \ keep state I can add a label for port 21 but how do I track the data ports? Thank you very much for any help in this matter. Juan Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
Re: SSH brute force attacks no longer being caught by PF rule
On 2007/06/28 08:46, J.D. Bronson wrote: > Will NEW offenders be added to /etc/tables/scanners > as they are discovered and therefore not just remain in kernel? No, pf does not write to files. How about cron(8) and pfctl(8) instead?
Re: Intel Core 2
http://www.theregister.com/2007/06/27/intel_core2_duo_bios_fix/ "Intel has released a BIOS patch for Windows machines running Core 2 and Xeon 3000/5000 chips that addresses potential unpredictable system behavior." After reading the whole article, it sounds like Intel is attempting to address some of the many bugs the chips have. In their wisdom, it sounds like they are making it difficult to get these updates if you *don't* run wind0ze. I like this quote: "I'll put it to you this way," [Intel spokesman] Knupffer said. "I've got a core chip at home and I haven't updated." That doesn't say much. If it's a non-networked machine, who really needs *any* patches...
Re: SSH brute force attacks no longer being caught by PF rule
At 08:56 AM 06/28/2007, Stuart Henderson wrote: On 2007/06/28 08:46, J.D. Bronson wrote: > Will NEW offenders be added to /etc/tables/scanners > as they are discovered and therefore not just remain in kernel? No, pf does not write to files. How about cron(8) and pfctl(8) instead? so if it wont write to a file...I presume it blocks whats listed in /etc/tables/scanners permanently and then only blocks NEW offenders via kernel memory? (can someone clarify my understanding of that? I would ideally like to stop attacks and then write the offenders in a file so I dont loose these during a reboot... what if I cron something like this: pfctl -t scanners -T show >> /etc/tables/scanners pfctl -f /etc/pf.conf Would that work??
Re: openbsd 4.1 and keep state
On 2007/06/28 15:45, Huzeyfe ONAL wrote: > Use "no state" in your rule. and 'flags any' if it's TCP.
Re: SSH brute force attacks no longer being caught by PF rule
I have a question about this.. Will NEW offenders be added to /etc/tables/scanners as they are discovered and therefore not just remain in kernel? It would be nice since doing a reboot wipes out kernel kept IPs... table persist file "/etc/tables/scanners" vs table persist Thanks :) -JD >Date: Thu, 28 Jun 2007 01:39:37 -0400 >From: Daniel Ouellet <[EMAIL PROTECTED]> >User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) >To: OpenBSD >Subject: Re: SSH brute force attacks no longer being caught by PF rule >Sender: [EMAIL PROTECTED] > >Steve B wrote: >>The rule I've had in my pf.conf file to catch and block forceful SSH >>attempts no longer appears to be working. I see the entries in my authlog, >>but the IPs are no longer getting added to my table. I suspect I screwed >>something up, but so far I am at a loss to see where. Could someone pass >>another set of eyes over the relevant parts of my pf.conf? > >Put quickly as an example, but you can try: > ># Define some variable for clarity >SSH_LIMIT="(max-src-conn-rate 3/30, overload flush global)" > >## SSH Hackers - blocked IPs >table persist file "/etc/tables/scanners" > ># Block ssh access to bad ssh scanner >block drop in log quick on $ext_if inet proto tcp \ >from to any port ssh > ># Allow quick valid traffic to ssh but log all attempts as well >pass in log quick on $ext_if inet proto tcp from ! \ >to $ext_if port ssh flags S/SA keep state \ >$SSH_LIMIT > >You may also want to add a section to always make sure you will have >SSH access to your box before you block all SSH access like you did >should someone spoof your source IP to log yourself out as well with >may be something like: > ># Allow quick ssh access to good guys on main interface. >pass in quick on $ext_if inet proto tcp from \ >to $ext_if port ssh flags S/SA keep state > >Daniel
Re: openbsd 4.1 and keep state
Use "no state" in your rule. jacek wrote: > Hi all, > > I have quick question , i need not to create state on one of the rule but > once is done by default starting with verison 4.1 , not sure how to do it. > > Any tips welcome > > Thanku you > Jacek
Re: Intel Core 2 problems and OpenBSD Security
On 6/28/07, Siju George <[EMAIL PROTECTED]> wrote: -- Forwarded message -- From: Theo de Raadt <[EMAIL PROTECTED]> Date: Jun 27, 2007 10:38 PM Subject: Intel Core 2 To: [EMAIL PROTECTED] Various developers are busy implimenting workarounds for serious bugs in Intel's Core 2 cpu. Sorry :-( this was supposed to go to the local BSD lists. apologies Siju
Re: i386 performance degradation since recent snapshots
On Thu, 28 Jun 2007 13:07:41 +0100 Brian Candler <[EMAIL PROTECTED]> wrote: > > i'm encountering a real performance problem since a recent update : > > - previous snapshots dated around 22 may was working perfectly, launching my > > session (xfce) took around 10-15sec. Launching firefox took around 5secs > > - updated last week on 20 of june, launching my session takes around 1 > > minute and a half, launching ffx takes >20sec > For what it is worth; I am also using snapshots. The first snap I installed here was from somewhere in may (I think the 25th), and the one I am using now is the one from June 25th. I do not see any performance problems here, in fact I am very happy with the latest snap. My guess would be you have problems with IPV6 or DNS. Jan.
Re: openbsd 4.1 and keep state
http://openbsd.org/faq/pf/filter.html#stateopts no state Prevents the rule from automatically creating a state entry. On 6/28/07, jacek <[EMAIL PROTECTED]> wrote: Hi all, I have quick question , i need not to create state on one of the rule but once is done by default starting with verison 4.1 , not sure how to do it. Any tips welcome Thanku you Jacek -- Julien Cabillot
Intel Core 2 problems and OpenBSD Security
-- Forwarded message -- From: Theo de Raadt <[EMAIL PROTECTED]> Date: Jun 27, 2007 10:38 PM Subject: Intel Core 2 To: [EMAIL PROTECTED] Various developers are busy implimenting workarounds for serious bugs in Intel's Core 2 cpu. These processors are buggy as hell, and some of these bugs don't just cause development/debugging problems, but will *ASSUREDLY* be exploitable from userland code. As is typical, BIOS vendors will be very late providing workarounds / fixes for these processors bugs. Some bugs are unfixable and cannot be worked around. Intel only provides detailed fixes to BIOS vendors and large operating system groups. Open Source operating systems are largely left in the cold. Full (current) errata from Intel: http://download.intel.com/design/processor/specupdt/31327914.pdf - We bet there are many more errata not yet announced -- every month this file gets larger. - Intel understates the impact of these erraata very significantly. Almost all operating systems will run into these bugs. - Basically the MMU simply does not operate as specified/implimented in previous generations of x86 hardware. It is not just buggy, but Intel has gone further and defined "new ways to handle page tables" (see page 58). - Some of these bugs are along the lines of "buffer overflow"; where a write-protect or non-execute bit for a page table entry is ignored. Others are floating point instruction non-coherencies, or memory corruptions -- outside of the range of permitted writing for the process -- running common instruction sequences. - All of this is just unbelievable to many of us. An easier summary document for some people to read: http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_21__full.gif Note that some errata like AI65, AI79, AI43, AI39, AI90, AI99 scare the hell out of us. Some of these are things that cannot be fixed in running code, and some are things that every operating system will do until about mid-2008, because that is how the MMU has always been managed on all generations of Intel/AMD/whoeverelse hardware. Now Intel is telling people to manage the MMU's TLB flushes in a new and different way. Yet even if we do so, some of the errata listed are unaffected by doing so. As I said before, hiding in this list are 20-30 bugs that cannot be worked around by operating systems, and will be potentially exploitable. I would bet a lot of money that at least 2-3 of them are. == For instance, AI90 is exploitable on some operating systems (but not OpenBSD running default binaries). == At this time, I cannot recommend purchase of any machines based on the Intel Core 2 until these issues are dealt with (which I suspect will take more than a year). Intel must be come more transparent. (While here, I would like to say that AMD is becoming less helpful day by day towards open source operating systems too, perhaps because their serious errata lists are growing rapidly too).
Re: openbsd 4.1 and keep state
On 6/28/07, jacek <[EMAIL PROTECTED]> wrote: Hi all, I have quick question , i need not to create state on one of the rule but once is done by default starting with verison 4.1 , not sure how to do it. Any tips welcome Thanku you Jacek Read : http://www.openbsd.org/faq/pf/filter.html#stateopts http://www.undeadly.org/cgi?action=article&sid=20070424020008 Marius -- [EMAIL PROTECTED], joy2share.com, vrajamarii.net, ispot.ro}
openbsd 4.1 and keep state
Hi all, I have quick question , i need not to create state on one of the rule but once is done by default starting with verison 4.1 , not sure how to do it. Any tips welcome Thanku you Jacek
Re: i386 performance degradation since recent snapshots
> i'm encountering a real performance problem since a recent update : > - previous snapshots dated around 22 may was working perfectly, launching my > session (xfce) took around 10-15sec. Launching firefox took around 5secs > - updated last week on 20 of june, launching my session takes around 1 > minute and a half, launching ffx takes >20sec Just a thought: - what does 'hostname' show? - do you have an entry in /etc/hosts which maps this name to your correct IP address? I've seen long delays in X startup if the system hostname can't be resolved to an IP address (which can be very annoying in dynamic IP environments, or where DHCP changes the hostname). But this experience is with non-OpenBSD boxes; I only use command line on OpenBSD. Also: - is your DNS working properly? (e.g. "nslookup www.openbsd.org" gives you a positive answer in a reasonably short period of time, and "nslookup xyz" gives you an NXDOMAIN answer also in a reasonably short period of time) Regards, Brian.
Re: em Intel 1000 GT
>>> On 28 June 2007 at 11:18, in message <[EMAIL PROTECTED]>, JD Bronson <[EMAIL PROTECTED]> wrote: > Someone posted on one of these lists asking about if this card works on > 4.1... > I dont recall seeing any reply.. OpenBSD 4.1-stable (GENERIC) #2: Tue May 8 16:48:20 BST 2007 em0 at pci7 dev 4 function 0 "Intel PRO/1000MT QP (82546GB)" rev 0x03: irq 11, address 00:1b:21:01:c8:30 em1 at pci7 dev 4 function 1 "Intel PRO/1000MT QP (82546GB)" rev 0x03: irq 7, address 00:1b:21:01:c8:31 em2 at pci7 dev 6 function 0 "Intel PRO/1000MT QP (82546GB)" rev 0x03: irq 10, address 00:1b:21:01:c8:32 em3 at pci7 dev 6 function 1 "Intel PRO/1000MT QP (82546GB)" rev 0x03: irq 11, address 00:1b:21:01:c8:33 Intel Pro/1000GT http://www.intel.com/network/connectivity/products/pro1000gt_quadport_server_adapter.htm GTG
Re: em Intel 1000 GT
Someone posted on one of these lists asking about if this card works on 4.1... I dont recall seeing any reply.. I use this card just fine: em0 at pci1 dev 9 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: irq 5 -JD
Re: LC_COLLATE and PostgreSQL
Hi Valentin, thank You very, very much for Your answer. Your idea is great !!! I am very happy with this solution :) Of course I have to recall that pleasure with C/C++ coding but for now this is the best and fastest way for me. Have a nice day, Best regards :) Artur On Thu, 28 Jun 2007 11:18:00 +0200, Valentin Kozamernik <[EMAIL PROTECTED]> wrote: > On Tue, 26 Jun 2007 at 12:35, Artur Litwinowicz wrote: >> O I think it is not good idea to change the code of OpenBSD by me. >> Years ago I was coding in C++ (at the University but with best mark ;). > Now >> I am working for Oracle Corp. (PL/SQL and etc.) and I am a little out of >> practice ;) with C/C++. >> >> Maybe someone core OpenBSD Developer will agree with me, that the > extended >> COLLATION in OpenBSD will be the strong point in the system > functionality ? >> > > I had the same problem with PostgreSQL on OpenBSD a few years ago and > I've written some C-language extensions (database functions). Be > advised that this is a totally non-standard solution. Here you go: > > The idea was to make simple functions for sorting and upper/lower > conversion, that would be faster than typical unicode table lookups. > Since I only ever needed a single language at a time, I didn't need > all the fancy unicode stuff. > > In "lang.h", there are lower and upper alphabet strings for each > language (currently english and slovenian). You can add your own, of > course. > > If you run "make" (you may need to edit the Makefile first), you'll > get the "hash_en.so", "hash_sl.so", "upper_en.so", "upper_sl.so", > "lower_en.so" and "lower_sl.so" shared libs containing postgres > functions with the same names. > > To load them into database, use > CREATE FUNCTION func_name(TEXT) RETURNS TEXT AS \ > 'path/to/func_file.so', 'func_name' LANGUAGE C IMMUTABLE STRICT > for each of them. > > The upper_XX and lower_XX functions return the upper/lowercase version > of the input string. The hash_XX function replaces the input string > with new string where each letter is replaced with its position in the > alphabet. > > For example, instead of > SELECT ... ORDER BY my_column > you can use > SELECT ... ORDER BY hash_sl(my_column) > and you've got slovenian sort order. > > For performance, create an index on hash_sl(my_column), not my_column. > > This will only work on "unicode" databases. > > Of course, there may be bugs. They are quite likely, actually. I > remember I wrote all this in a hurry. But it has worked OK for at > least three projects now. > > All the files except for "lang.h" follow below. For "lang.h", go to > "http://www.komna.com/tin/lang.h"; (it's UTF-8 encoded, so I can't put > it here inline). > > > > # Makefile > # > # Copyright (c) 2004 Valentin Kozamernik <[EMAIL PROTECTED]> > # > # Permission to use, copy, modify, and distribute this software for any > # purpose with or without fee is hereby granted, provided that the above > # copyright notice and this permission notice appear in all copies. > # > # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES > # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF > # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR > # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES > # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN > # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF > # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > # > > INCLUDE_DIR=/usr/local/include/postgresql/server > > build: hash_en.so hash_sl.so lower_en.so lower_sl.so upper_en.so > upper_sl.so > > hash_en.so: hash.c > cc -Wall -Werror -fpic -c -o hash_en.o hash.c -I$(INCLUDE_DIR) -DEN > ld -Bshareable -o hash_en.so hash_en.o > > hash_sl.so: hash.c > cc -Wall -Werror -fpic -c -o hash_sl.o hash.c -I$(INCLUDE_DIR) -DSL > ld -Bshareable -o hash_sl.so hash_sl.o > > lower_en.so: lower.c > cc -Wall -Werror -fpic -c -o lower_en.o lower.c -I$(INCLUDE_DIR) -DEN > ld -Bshareable -o lower_en.so lower_en.o > > lower_sl.so: lower.c > cc -Wall -Werror -fpic -c -o lower_sl.o lower.c -I$(INCLUDE_DIR) -DSL > ld -Bshareable -o lower_sl.so lower_sl.o > > upper_en.so: upper.c > cc -Wall -Werror -fpic -c -o upper_en.o upper.c -I$(INCLUDE_DIR) -DEN > ld -Bshareable -o upper_en.so upper_en.o > > upper_sl.so: upper.c > cc -Wall -Werror -fpic -c -o upper_sl.o upper.c -I$(INCLUDE_DIR) -DSL > ld -Bshareable -o upper_sl.so upper_sl.o > > clean: > -rm *.o *.so > > > > /* > * $Id: utf8.h,v 1.1.1.1 2004/12/14 14:53:28 tin Exp $ > * > * Copyright (c) 2004 Valentin Kozamernik <[EMAIL PROTECTED]> > * > * Permission to use, copy, modify, and distribute this software for any > * purpose wi
Re: looking for a good guide on driver writing
On Thu, Jun 28, 2007 at 10:58:50AM +0200, Henning Brauer wrote: > * Gregory Edigarov <[EMAIL PROTECTED]> [2007-06-27 11:31]: > > I am looking for a guide about driver writing for OpenBSD. > > here it is: > look for a similiar driver, read & understand it, start from there. > ... and don't copy all the wrong stuff from one dirver to another. -- :wq Claudio
Re: LC_COLLATE and PostgreSQL
On Tue, 26 Jun 2007 at 12:35, Artur Litwinowicz wrote: > O I think it is not good idea to change the code of OpenBSD by me. > Years ago I was coding in C++ (at the University but with best mark ;). Now > I am working for Oracle Corp. (PL/SQL and etc.) and I am a little out of > practice ;) with C/C++. > > Maybe someone core OpenBSD Developer will agree with me, that the extended > COLLATION in OpenBSD will be the strong point in the system functionality ? > I had the same problem with PostgreSQL on OpenBSD a few years ago and I've written some C-language extensions (database functions). Be advised that this is a totally non-standard solution. Here you go: The idea was to make simple functions for sorting and upper/lower conversion, that would be faster than typical unicode table lookups. Since I only ever needed a single language at a time, I didn't need all the fancy unicode stuff. In "lang.h", there are lower and upper alphabet strings for each language (currently english and slovenian). You can add your own, of course. If you run "make" (you may need to edit the Makefile first), you'll get the "hash_en.so", "hash_sl.so", "upper_en.so", "upper_sl.so", "lower_en.so" and "lower_sl.so" shared libs containing postgres functions with the same names. To load them into database, use CREATE FUNCTION func_name(TEXT) RETURNS TEXT AS \ 'path/to/func_file.so', 'func_name' LANGUAGE C IMMUTABLE STRICT for each of them. The upper_XX and lower_XX functions return the upper/lowercase version of the input string. The hash_XX function replaces the input string with new string where each letter is replaced with its position in the alphabet. For example, instead of SELECT ... ORDER BY my_column you can use SELECT ... ORDER BY hash_sl(my_column) and you've got slovenian sort order. For performance, create an index on hash_sl(my_column), not my_column. This will only work on "unicode" databases. Of course, there may be bugs. They are quite likely, actually. I remember I wrote all this in a hurry. But it has worked OK for at least three projects now. All the files except for "lang.h" follow below. For "lang.h", go to "http://www.komna.com/tin/lang.h"; (it's UTF-8 encoded, so I can't put it here inline). # Makefile # # Copyright (c) 2004 Valentin Kozamernik <[EMAIL PROTECTED]> # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # INCLUDE_DIR=/usr/local/include/postgresql/server build: hash_en.so hash_sl.so lower_en.so lower_sl.so upper_en.so upper_sl.so hash_en.so: hash.c cc -Wall -Werror -fpic -c -o hash_en.o hash.c -I$(INCLUDE_DIR) -DEN ld -Bshareable -o hash_en.so hash_en.o hash_sl.so: hash.c cc -Wall -Werror -fpic -c -o hash_sl.o hash.c -I$(INCLUDE_DIR) -DSL ld -Bshareable -o hash_sl.so hash_sl.o lower_en.so: lower.c cc -Wall -Werror -fpic -c -o lower_en.o lower.c -I$(INCLUDE_DIR) -DEN ld -Bshareable -o lower_en.so lower_en.o lower_sl.so: lower.c cc -Wall -Werror -fpic -c -o lower_sl.o lower.c -I$(INCLUDE_DIR) -DSL ld -Bshareable -o lower_sl.so lower_sl.o upper_en.so: upper.c cc -Wall -Werror -fpic -c -o upper_en.o upper.c -I$(INCLUDE_DIR) -DEN ld -Bshareable -o upper_en.so upper_en.o upper_sl.so: upper.c cc -Wall -Werror -fpic -c -o upper_sl.o upper.c -I$(INCLUDE_DIR) -DSL ld -Bshareable -o upper_sl.so upper_sl.o clean: -rm *.o *.so /* * $Id: utf8.h,v 1.1.1.1 2004/12/14 14:53:28 tin Exp $ * * Copyright (c) 2004 Valentin Kozamernik <[EMAIL PROTECTED]> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include typedef u_int32_t widechar_t; #d
Re: 'netstat: invalid address (30000) ???" on 4.1-current i386 binary snapshot
On Thu, 28 Jun 2007, Adriaan wrote: > On a freshly installed binary snapshot "netstat -an -f inet6" shows > "netstat: invalid address (3) ???" thanks for the report, we can reproduce and are looking into this -Otto > > - > # netstat -an -f inet6 > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address(state) > tcp6 0 0 ::1.587*.*LISTEN > tcp6 0 0 ::1.25 *.*LISTEN > netstat: invalid address (3) > ??? > - > # dmesg | head -6 > OpenBSD 4.1-current (GENERIC) #311: Wed Jun 27 02:31:47 MDT 2007 >[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz > cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX > real mem = 133791744 (127MB) > avail mem = 121819136 (116MB) > --- > The same message was also on the snapshot of : > > # dmesg | head -6 > OpenBSD 4.1-current (GENERIC) #302: Wed Jun 20 09:30:00 MDT 2007 >[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz > cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX > real mem = 133791744 (127MB) > avail mem = 121823232 (116MB) > - > # netstat -an -f inet6 > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address(state) > tcp6 0 0 ::1.587*.*LISTEN > tcp6 0 0 ::1.25 *.*LISTEN > tcp6 0 0 *.22 *.*LISTEN > tcp6 0 0 *.37 *.*LISTEN > tcp6 0 0 *.13 *.*LISTEN > tcp6 0 0 *.113 *.*LISTEN > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address(state) > udp6 0 0 ::1.512*.* > netstat: invalid address (3) > ??? > - > > I edited the "/etc/ssh/sshd_config" file to disable sshd from > LISTENing on IPv6. After reverting to the original sshd_config file > and rebooting, the error message still persists > > - > # netstat -an -f inet6 > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address(state) > tcp6 0 0 ::1.587*.*LISTEN > tcp6 0 0 ::1.25 *.*LISTEN > tcp6 0 0 *.22 *.*LISTEN > netstat: invalid address (3) > ??? > --- > > Of the X installation file sets I only installed xbase41.tgz because > of the expat libs needed by some binary packages. > > =Adriaan=
Re: Are Intel PWLA8391GT PRO/1000 GT desktop NICs supported on i386?
* Lloyd Martin <[EMAIL PROTECTED]> [2007-06-27 19:57]: > Does anyone know if Intel PWLA8391GT PRO/1000 GT desktop NICs are > supported on the i386 platform? without knowing about that one explicitely, in all the intel PRO/1000 should work. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: looking for a good guide on driver writing
* Gregory Edigarov <[EMAIL PROTECTED]> [2007-06-27 11:31]: > I am looking for a guide about driver writing for OpenBSD. here it is: look for a similiar driver, read & understand it, start from there. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Rename multiple files at once
On Wed, Jun 27, 2007 at 09:52:29AM -0700, Marco S Hyman wrote: > > for FILE in *jpg; do > > NEW=$(echo $FILE | sed -e 's/\.jpg$/_thumb.jpg/') > > mv "${FILE}" "${NEW}" > > done > There is no need for echo and sed. OpenBSD sh and ksh support > ${var%suffix} which evaluates to the contents of var less the suffix. For completeness' sake: so does bash, apparently. Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Intel Core 2
rough translation from swedish to english of: http://strombergson.com/kryptoblog/?p=311 Intel Advannced Management Technology - Rootkit's for everyone intel just released a new x86 cpu, one new addition avaiding the news is the AMT (Active Management Technology) AMT is a technology intended to facilitate survailance, maintenance and control computers remotely. AMT allows for the following funcitons among others: * Monitor and control (filter) the network traffic - before/under the running operatingsystem * sending out patches to computers - even if they are turned off. * Control, upgrade, change, add and remove software * isolate and shutdown computers infected with viruses * control on/off of the power supply * re-route hdd access to a location on the network * re-route mouse, keyboard, screen and other extras to a location on the network AMT is based on functions in the chipset that allows chipsets to communicate with other chips out-of-band from the CPU, options include LAN, serial interfaces or a direct ethernet interface. http://softwarecommunity.intel.com/UserFiles/en-us/figure_1(1).gif Ergo, there is a microcontroller in the MCU that is always on (as long as the system has power through the power supply) and can recieve and perform instructions even though the system appears to be turned off. The microcontroller is floating in a software environment that implements a huge number of service functions and gives customers the option to add their own functions translators note: does anyone remember the bios resident virus of mid to late 90's? end translators note. http://softwarecommunity.intel.com/UserFiles/en-us/figure_2(1).gif one of the most important parts is the feature or function to communicate with the machine through a separate TCP/IP stack, in other words, even if there is a firewall or other security countermeasures in place protecting the operatingsystems TCP/IP stack, there is a side channel into the system. translators note: rant goes here end translators note. http://softwarecommunity.intel.com/UserFiles/en-us/figure_3.gif So AMT gives systemowners and administrators brand new ways to monitor and control a large number of PC's. AMT will be shipped with a XML (SOAP) based system for managing and administrating AMT clients. But at the same time, the hair on my arms and raise thinking of what would happend should this technology be used for evil purposes. How easy would it be to detect and protect oneself from the rootkits that will sneak into AMT. Rutkowskas Blue Pill is in theory dangerously close. There are security functions in AMT to ensure this will not happend, namely Kerberos and Active Directory based authentication, further on the built in sidechannel TCP/IP stack offers TLS based communication. For those that want to know more about AMT there are several pages on intel's website . There is also a developerskit (SDK) for AMT available free of change on intels site link 1 http://www.intel.com/technology/manage/iamt/ link 2 : http://www.intel.com/business/vpro/index.htm link 3 : http://www.intel.com/cd/ids/developer/asmo-na/eng/321157.htm On 6/27/07, Rui Miguel Silva Seabra <[EMAIL PROTECTED]> wrote: On Wed, Jun 27, 2007 at 04:25:08PM -0300, Leonardo Rodrigues wrote: > http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_21__full .gif > "Show stopper" "Potentially Catastrophic" Those are some warm and fuzzy > words =) > > Geez, that's a whole lot of bugs... I never imagined that processors > could be so "bugged". > Theo says that AMD is getting less helpful towards open source OS. > Well, that's great. We only have 2 big proc developers for i386, and > now those two are turning out crap products with diminishing > documentation =( > > I wonder where this road will lead us. If you really want to know... http://strombergson.com/kryptoblog/?p=311 I'd really love to read a translation of that document, but it seems to say something along the lines of... Basically, the new Celeron seems to have a separate memory and process manager that can hide the thread and memory that does ... stuff. But the chip is creepier than that. If I am understanding Strvmbergson correctly, this chip is the first step in a brave new world where you have no clue what really goes on when you buy a chip. About Strombergson: Strvmbergson is one of Sweden's foremost experts on hardware design (ASIC) and keeps a couple of software patents too (trie sorting ip addresses for routing i.e). -- Or not. Today is Pungenday, the 32nd day of Confusion in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...? [demime 1.01d removed an attachment of type application/pgp-signature] -- -- JPL
Re: Intel Core 2
Constantine A. Murenin wrote: On 27/06/07, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote: you make more money if your widgets break because your new widget is vastly improved. new packaging, same great defects! The best thing about computer parts randomly failing will hit us in a few years, due to RoHS directives: http://en.wikipedia.org/wiki/RoHS#Impact_on_reliability http://en.wikipedia.org/wiki/Whisker_%28metallurgy%29 Another problem that lead-free solders face is the growth of tin whiskers. These thin strands of tin can grow and make contact with an adjacent trace, developing a short circuit. Tin whiskers have already been responsible for at least one failure at a nuclear power plant. Other documented failures include satellites in orbit, aircraft in flight, and implanted medical pacemakers. Reliability decay of low-lead materials may be economically desirable for some consumer product companies because it provides a mechanism to enforce planned obsolescence and replacement. Ironically, this is the opposite of the claimed intent of RoHS legislation. C. uuhhh that's scary. Are you sure "they" haven't found a solution for that?
'netstat: invalid address (30000) ???" on 4.1-current i386 binary snapshot
On a freshly installed binary snapshot "netstat -an -f inet6" shows "netstat: invalid address (3) ???" - # netstat -an -f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN netstat: invalid address (3) ??? - # dmesg | head -6 OpenBSD 4.1-current (GENERIC) #311: Wed Jun 27 02:31:47 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX real mem = 133791744 (127MB) avail mem = 121819136 (116MB) --- The same message was also on the snapshot of : # dmesg | head -6 OpenBSD 4.1-current (GENERIC) #302: Wed Jun 20 09:30:00 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 268 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX real mem = 133791744 (127MB) avail mem = 121823232 (116MB) - # netstat -an -f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN tcp6 0 0 *.22 *.*LISTEN tcp6 0 0 *.37 *.*LISTEN tcp6 0 0 *.13 *.*LISTEN tcp6 0 0 *.113 *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp6 0 0 ::1.512*.* netstat: invalid address (3) ??? - I edited the "/etc/ssh/sshd_config" file to disable sshd from LISTENing on IPv6. After reverting to the original sshd_config file and rebooting, the error message still persists - # netstat -an -f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN tcp6 0 0 *.22 *.*LISTEN netstat: invalid address (3) ??? --- Of the X installation file sets I only installed xbase41.tgz because of the expat libs needed by some binary packages. =Adriaan=
Re: nfe0 problem (obsd 4.1)
Hi! I've noticed that once in a while the nfe0 interface will stop sending and receiving data. At this point I can not make it work again. The only solution I have is to reboot the box. I have installed a dc0 card in the box since. The problem seemed intermittent and not reliably reproducible. I had problems like these when I ported OpenBSD to the Xbox ( http://tobias.schroepf.de/doku/doku.php?id=xbox:porting_openbsd_to_the_xbox ) You can find the patches I have made here: http://tobias.schroepf.de/doku/doku.php?id=xbox:patch_the_openbsd_sources_network But don't know if this will solve your problem. Markus Ritzer
Re: Intel Core 2
Hi, > On 6/27/07, Theo de Raadt <[EMAIL PROTECTED]> wrote: >> Various developers are busy implimenting workarounds for serious bugs >> in Intel's Core 2 cpu. >> >> These processors are buggy as hell, and some of these bugs don't just >> cause development/debugging problems, but will *ASSUREDLY* be >> exploitable from userland code. >> >> Full (current) errata from Intel: >> >> http://download.intel.com/design/processor/specupdt/31327914.pdf >> >> An easier summary document for some people to read: >> >> >> http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_21__full.gif > > > I don't know much about the recent history of these chips. Are there > any good summaries around? don't know but I am not surprised. Intel get's kicked their butt by the AMD64 cpu's like never before. The pull out the "old" PIII Design modified by some other company for Low Energy and put the stuff into Laptops. But since their P4 crap can't keep up to amd. They force the same old thing into the "Core" CPUs. And hey, it works. They are low power and fast. But ... it's a patchwork cpu ... no new development ... not enough time to carefull test things ... structural and design flaws which can not be cared for etc... So basically this all is two PIII "cores" with lot's of additional logic and modifications turning it into the ultimate "Franken Dualcore PIII" on steroids. < Of course people shouldn't really know that, they might be scared of the monster. > Considering all this the CPU runs very well. Don't own one though and all the machines I care for are AMD since the AthlonXP came up. I might still buy a Laptop with it, since I will be the only user on it, the only bugs I care are those which crash the machine more often then I crash it when dropping it *g* but even there some VIA stuff hit's the marked which is quite promising and well, there's always the Zaurus. And then there is MIPS. If AMD/Intel are not carefull they might wakeup one day with mips all around. They pop up like mushrooms in corners where you don't expect them. -sm * Now please Sharp, get us a new zaurus with a bit more RAM and a higher resolution display.
Re: hoststated and UDP
On Thu, 28 Jun 2007 00:19:56 +0200 Luca Corti <[EMAIL PROTECTED]> wrote: > Hello, > > I've setup hoststated for load balancing of some services, and it > works well. If I'm not missing something hoststated actually works > just for TCP. Is there any plan to implement UDP support? > Yes there is, I will implement it at least for L3 pretty soon, there are other ongoing things for hoststated that are more important at the moment though.