obsd for storage hosting
dear all i try setup my obsd 4.1 to storage hosting i need advice : - how to limit user to use server enveroment - how to quota , they any quota system web base . - any thing else ? thq sonjaya http://sicute.blogspot.com
Re: late install of patch 011_openssl.patch
> I just noticed 011_openssl.patch and installed it on my 4.1 i386 system. > Does anyone have any idea to what extent I risked being hacked? If the > risk was significant, what is the best way to check if someone's been naughty? If anyone competent is being naughty, you probably wouldn't know unless your ssl-ized server died. OTOH, I've seen no credible reports of a working exploit on anything, nevermind running with propolice, w^X, stackgap, etc... That doesn't mean someone might not develop the exploit, if possible, for OpenBSD first, but something tells me I'm going to hear about Loonix boxes running apache getting sodomized first, if ever someone can get one working. It's kind of like going hiking with someone who is fatter and slower at climbing trees than you are, rather than carrying bear deterrent [1] -Bob [1] yes, I carry bear deterrent..
Re: cp(1) bug ?
On 10/19/07, Ted Unangst <[EMAIL PROTECTED]> wrote: > On 10/19/07, Aaron W. Hsu <[EMAIL PROTECTED]> wrote: > > > From: "Tom Van Looy" <[EMAIL PROTECTED]> > > > Date: Fri, 19 Oct 2007 20:21:56 + > > > Subject: Re: cp(1) bug ? > > > > > > it shall do nothing more with source_file and shall go on to any > > > remaining files. > > > > Doesn't this mean that cp should not do anything when, for example, the > > following command is run? > > > >$ cp -R foo foo/ > > no, because that section is talking about files, not directories. A directory is a kind of file: "file "An object that can be written to, or read from, or both. A file has certain attributes, including access permissions and type. File types include regular file, character special file, block special file, FIFO special file and directory. Other types of files may be supported by the implementation." -g
late install of patch 011_openssl.patch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Folks, I just noticed 011_openssl.patch and installed it on my 4.1 i386 system. Does anyone have any idea to what extent I risked being hacked? If the risk was significant, what is the best way to check if someone's been naughty? thanks, Rob Urban Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHGVY433x7lJjLFm4RAlkbAJoCaljOcUlJUR7FimYs+I2C2N1TJACgmClt rPiKPma01vEV/exHNlwQUTk= =X9Qx -END PGP SIGNATURE-
Re: Help! I'm having Linux foisted on me! (PF queuing woes)
As Sebastian pointed out, you will need to do some state manipulation to
apply your traffic flows to an up and down queue. You can also do this by
setting your state-policy to be if-bound.
On 10/19/07, Richard Wilson <[EMAIL PROTECTED]> wrote:
>
> n0g0013 wrote:
> > On 19.10-15:15, Richard Wilson wrote:
> > [ ... ]
> >> altq on $ext_if cbq bandwidth 9.1Mb queue { adsl_up, sdsl_up }
> >> altq on $client_if cbq bandwidth 9.1Mb queue { adsl_dn, sdsl_dn }
> >>
> >> queue adsl_up bandwidth 256Kb cbq
> >> queue adsl_dn bandwidth 2Mb cbq
> >
> > is there a reason that these have no child queues defined? i don't
> > see how the implied child queues can borrow without that.
> >
>
> Yes, because I've copied them down wrong. They should of course be:
>
> queue adsl_up bandwidth 256Kb cbq { adsl_client1_up, adsl_client2_up }
> queue adsl_dn bandwidth 2Mb cbq { adsl_client1_dn, adsl_client2_dn }
>
> etc.
>
> Sorry for the glitch.
>
> --
>
> Richard 'Dave' Wilson
> Systems Administrator
>
> Senokian Solutions Ltd.
> Business Innovation Centre,
> Binley Business Park, Coventry,
> United Kingdom
> CV3 2TX
> T: +44 (0)24 76 233 400
> F: +44 (0)24 76 233 401
>
>
--
Joe
Re: cp(1) bug ?
On 10/19/07, Aaron W. Hsu <[EMAIL PROTECTED]> wrote: > > From: "Tom Van Looy" <[EMAIL PROTECTED]> > > Date: Fri, 19 Oct 2007 20:21:56 + > > Subject: Re: cp(1) bug ? > > > > it shall do nothing more with source_file and shall go on to any > > remaining files. > > Doesn't this mean that cp should not do anything when, for example, the > following command is run? > >$ cp -R foo foo/ no, because that section is talking about files, not directories.
Re: cp(1) bug ?
> From: "Tom Van Looy" <[EMAIL PROTECTED]> > Date: Fri, 19 Oct 2007 20:21:56 + > Subject: Re: cp(1) bug ? > > it shall do nothing more with source_file and shall go on to any > remaining files. Doesn't this mean that cp should not do anything when, for example, the following command is run? $ cp -R foo foo/ -- ((name "Aaron Hsu") (email/xmpp "[EMAIL PROTECTED]") (phone "703-597-7656") (site "http://www.aaronhsu.com";)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: cp(1) bug ?
I read that single unix specification thing again because the OpenBSD cp manpage says it is expected to be IEEE Std 1003.2 (``POSIX.2'') compatible. For each source_file, the following steps shall be taken: 1) If source_file references the same file as dest_file, cp may write a diagnostic message to standard error; it shall do nothing more with source_file and shall go on to any remaining files. _may_ write a diagnostic message, and all the rest is implementation-defined So, for sure, it's not "wrong" behaviour if you look at posix.
daap/mdns multicast problems
Hi,
Been trying in vain to get daap/mdns traffic through my OpenBSD 4.1
firewall to talk to my mt-daap server.
>From tcpdumping I can see the multicast traffic coming into sis1
interface but not coming out of the sis0 interface so I can only assume
that I have missed something.
At present I don't block out traffic (sis0) just in (sis1) on pf and
have the following simple (at present) rule to allow this traffic in:
pass in quick proto { tcp, udp } from any to 224.0.0.251 port 5353 keep
state label "mdns"
I'm pretty certain its not pf getting in the way so my guess here is
that I need multicast routing enabled?? Been googling for info on this
to see if that was the case but can't find much on this of help. Of
course I could be completely off here :o)
Any pointers greatly received.
Thanks
Jon
Re: cp(1) bug ?
On 19/10/2007, Andreas Kahari <[EMAIL PROTECTED]> wrote: > On 19/10/2007, ropers <[EMAIL PROTECTED]> wrote: > > > > IMHO cp behaving like this is somewhat nicer than its current > > behaviour on apparently most or all BSD OSes. Then again, I STILL > > can't code, so I've no right to complain. ;o) > > > > Really? It is complaining that it can't move foo into itself, and does > it anyway (hint: have a look inside foo after the operation)... > > Andreas You're right! While the behaviour of OpenBSD cp(1) in this regard is maybe not perfect, it turns out that the behaviour of GNU coreutils cp(1) is MUCH, MUCH worse: | [EMAIL PROTECTED]:~$ uname -a | Linux tranquility 2.6.22-14-386 #1 Sun Oct 14 22:36:54 GMT 2007 i686 GNU/Linux back on the Linux box | [EMAIL PROTECTED]:~$ rm -rf foo and back to square one | [EMAIL PROTECTED]:~$ mkdir foo | [EMAIL PROTECTED]:~$ touch foo/testfile | [EMAIL PROTECTED]:~$ cp -r foo foo | cp: cannot copy a directory, `foo', into itself, `foo/foo' | [EMAIL PROTECTED]:~$ ll foo | total 12 | drwxr-xr-x 3 ropers ropers 4096 2007-10-19 22:57 ./ | drwxr-xr-x 85 ropers ropers 4096 2007-10-19 22:56 ../ | drwxr-xr-x 2 ropers ropers 4096 2007-10-19 22:57 foo/ | -rw-r--r-- 1 ropers ropers0 2007-10-19 22:56 testfile | [EMAIL PROTECTED]:~$ ll foo/foo | total 8 | drwxr-xr-x 2 ropers ropers 4096 2007-10-19 22:57 ./ | drwxr-xr-x 3 ropers ropers 4096 2007-10-19 22:57 ../ | -rw-r--r-- 1 ropers ropers0 2007-10-19 22:57 testfile | [EMAIL PROTECTED]:~$ Andreas was absolutely right: * BSD cp(1) starts the recursive copying and only fails when the name gets too long. * GNU cp(1) however tells us that it can't copy recursively, AND THEN DOES IT ANYWAY, at least for the initial subdirectory. So GNU cp(1) tells us one thing and does another. That is SO stupid, it boggles the mind. Yes, IMHO the optimal way would be to give an error message similar to the one GNU cp(1) spits out, AND to NOT perform any copy operation in such a case. Can I code this and submit diffs? No. So again, I had better STFU. But thanks to everybody who helped clearing this up, it's always good to learn. --ropers
Fosdem 2008
Website is up, date are announced. The Free and Opensource Sofware Developer's European Meeting will, as usual, take place at the Universiti Libre de Bruxelles, Campus Solbosh, on the 23 & 24th february 2008 Website is http://www.fosdem.org/2008/ Event address is Avenue Franklin D. Roosevelt, 50 1050 Brussels And as usual, there will be software under other licences than GPL, like, I mean, err, like OpenBSD. I think we coule put that info on http://www.openbsd.org/events.html ;) Cheers, nicodache
Re: NFS exporting /usr/ports and -maproot=root
Landry Breuil wrote: On 10/19/07, Jan Stary <[EMAIL PROTECTED]> wrote: Again: set WRKOBJDIR on the client side and you don't need to be writing in the remotely mounted tree at all. I'm already setting WRKOBJDIR outside nfs-dir, the problem is more for /usr/ports/packages .. i'd like it to be shared too, to install the same package on various sparc64 for example. And this dir needs to be root-writable, as it uses sudo.. You also need to set DISTDIR and PKGREPOSITORYBASE - see examples in the FAQ. I now several workarounds and tweaks like this exists :) I just want to understand why this setup doesn't work. I'd put it outside nfs if i don't find a solution, but btw i'm more interested in understanding why -maproot=root doesn't work in my case Send your complete server:/etc/exports, client:/etc/fstab, verbose log of server:mountd, server:nfsd, and a full (-s 65000) tcpdump of the communication. server is spud, client for tests is renton (10.246.200.10). server:/etc/exports: /nfsroot/net_sparc64 -ro allison /nfsroot/open_sparc64 -ro swanney /usr/ports -maproot=0:0 renton swanney lizzy Since you only have one filesystem ( "/" ), you are exporting this very same filesystem -ro and -rw to swanney. I am not sure this will work, and may have funny side effects. Try removing swanney from the "/usr/ports" line. Just an idea at 22:50 local time :-) --Heinrich client fstab: spud:/usr/ports /usr/ports nfs rw,nosuid 0 0 mountd -d output: Got line /nfsroot/net_sparc64 -ro allison Making new ep fs=0x0,0xfc214a5e doing opt -ro allison got host allison exporting /nfsroot/net_sparc64 Got line /nfsroot/open_sparc64 -ro swanney Found ep fs=0x0,0xfc214a5e doing opt -ro swanney got host swanney.fr.homeunix.org exporting /nfsroot/open_sparc64 Got line /usr/ports -maproot=0:0 renton swanney lizzy Found ep fs=0x0,0xfc214a5e doing opt -maproot=0:0 renton swanney lizzy got host renton.fr.homeunix.org got host swanney.fr.homeunix.org got host lizzy.fr.homeunix.org exporting /usr/ports exporting /usr/ports exporting /usr/ports unexporting / / Getting mount list. Here we go. Got mount request from 10.246.200.10 rpcpath: /usr/ports Mount successful for /usr/ports by 10.246.200.10. (here i've ran sudo mount /usr/ports on the client) renton:~/ $ls -ld /usr/ports drwxrwxr-x 47 root wsrc 1024 Oct 19 19:12 /usr/ports (same on client and server) renton:~/ $id uid=1000(landry) gid=1000(landry) groups=1000(landry), 0(wheel), 9(wsrc) renton:~/ $touch /usr/ports/test renton:~/ Here i have tcpdump output (same for server and client) for this sucessful file creation : 19:56:29.030254 renton.695 > spud.nfsd: xid 0xbb06905b (NFSv3) 112 lookup fh 33,252/664798720 "test" 19:56:29.030771 spud.nfsd > renton.695: xid 0xbb06905b reply ok 116 lookup ERROR: No such file or directory 19:56:29.030843 renton.695 > spud.nfsd: xid 0xbb069116 (NFSv3) 112 lookup fh 33,252/664798720 "test" 19:56:29.031099 spud.nfsd > renton.695: xid 0xbb069116 reply ok 116 lookup ERROR: No such file or directory 19:56:29.031131 renton.695 > spud.nfsd: xid 0xbb069170 (NFSv3) 144 create fh 33,252/664798720 "test" 19:56:29.033013 spud.nfsd > renton.695: xid 0xbb069170 reply ok 268 create fh 33,252/3064333824 19:56:29.033097 renton.695 > spud.nfsd: xid 0xbb069202 (NFSv3) 104 getattr fh 33,252/3064333824 19:56:29.033363 spud.nfsd > renton.695: xid 0xbb069202 reply ok 112 getattr REG 644 ids 1000/9 sz 0x0 Now i try to update attrs, it fails : renton:~/ $sudo touch /usr/ports/test touch: /usr/ports/test: Permission denied 19:57:52.066602 renton.695 > spud.nfsd: xid 0xbb0692d4 (NFSv3) 128 lookup fh 33,252/664798720 "test" 19:57:52.067288 spud.nfsd > renton.695: xid 0xbb0692d4 reply ok 236 lookup fh 33,252/3064333824 19:57:52.067380 renton.695 > spud.nfsd: xid 0xbb069303 (NFSv3) 124 access fh 33,252/664798720 0002 19:57:52.067688 spud.nfsd > renton.695: xid 0xbb069303 reply ok 120 access c 0002 19:57:52.067725 renton.695 > spud.nfsd: xid 0xbb0693f4 (NFSv3) 148 setattr fh 33,252/3064333824 19:57:52.068015 spud.nfsd > renton.695: xid 0xbb0693f4 reply ok 144 setattr ERROR: Permission denied 19:57:52.068051 renton.695 > spud.nfsd: xid 0xbb06947e (NFSv3) 124 access fh 33,252/664798720 0002 19:57:52.068299 spud.nfsd > renton.695: xid 0xbb06947e reply ok 120 access c 0002 19:57:52.068326 renton.695 > spud.nfsd: xid 0xbb06952e (NFSv3) 148 setattr fh 33,252/3064333824 19:57:52.068605 spud.nfsd > renton.695: xid 0xbb06952e reply ok 144 setattr ERROR: Permission denied Now i try to create another file, it fails : renton:~/ $sudo touch /usr/ports/test2 touch: /usr/ports/test2: Permission denied 19:58:24.546477 renton.695 > spud.nfsd: xid 0xbb0695bf (NFSv3) 132 lookup fh 33,252/664798720 "test2" 19:58:24.547033 spud.nfsd > renton.695: xid 0xbb0695bf reply ok 116 lookup ERROR: No such file or directory 19:58:24.547166 renton.695 > spud.nfsd: xid 0xbb06960d (NFSv3) 132 lookup fh 33,252/664798720 "test2" 19:58:24.547430 spud.nfsd > renton.695: xid 0xbb06960d reply ok 116 looku
Re: cp(1) bug ?
On 19/10/2007, ropers <[EMAIL PROTECTED]> wrote: > > I'm surprised now. > > I just thought that what I wrote above was stupid, because I thought > that the behaviour of cp was a function of the shell built-in command > cp, not of the OS. > To confirm this, I installed the OpenBSD default shell pdksh on > Ubuntu. However, pdksh on Ubuntu gives the same result as bash on > Ubuntu. So is this a function of the OS after all? (...) > Strange. > > pdksh on Linux behaves just like bash on Linux, and unlike pdksh on OpenBSD. > I didn't expect that. So does that error message depend on OS APIs > rather than the shell program and its built-in commands? It's official: I am a fucking moron. cp is not a SHELL BUILTIN COMMAND. It's /bin/cp. And of course the same /bin/cp is run regardless which shell is being used. That explains the identical error message. Sorry for the noise.
BSDConTR, an unexpected day out and announcing live streams of tomorrows talks
Hello I am currently in Istanbul attending the 1st International BSD Conference in Turkey (see www.opencon.tr for details). This conference is very well organized and on the first day about 200 people attended. The talks were held in Turkish, but the nice people of Endersys and Enderunix (the main Organizers) showed the guest speakers the ancient part of Istanbul. So instead of sitting in conference room listening to talks in Turkish, we had the great opportunity enjoy breakfast in an ancient Medres, to visit the huge Basilican Cisterne, the Hagia Sophia, the Blue Mosque, and the Topkapi palace. Not to mention the nice dinners we are taken for to places with the most stunning views of the Bosporus at night. Today the foreign speakers became tourists. What an unexpected and nice surprise! Tomorrows talks will start at 09:30 Turkish time and all talks will be streamed live under the following URL: mms://mediasrv.ulakbim.gov.tr/bsdcontr These talks will be held in English (with simultaneous translation for the Turkish audience) and since it's a non-work day here, the Organizers expect even more attendees. - Marc Balmer
Re: OpenBSD 4.2 (AMSTERDAM) #1: Fri Nov 02 20:00:00 CEST 2007
On 10/13/07, Floor Terra <[EMAIL PROTECTED]> wrote: > a small OpenBSD social event in Amsterdam (The Netherlands). > It's nothing official, just a few OpenBSD users getting together. The > date is Friday November 2nd, a perfect date to celebrate the 4.2 > release. Cafi "De Deugniet" is the location, it's a 5 minute walk > from Amsterdam central station. The beer is good and there are plenty > of restaurants within walking distance. We start at 8:00 PM. Update: Thanks to Wim, OpenBSD merchandise, including 4.2 CDs, will be available. On a related note, while I encourage everybody within a reasonable distance to join us on Nov. 2nd, there is a second chance to meet up (and buy a CD). Many OpenBSD folk will be attending NLUUG25 (also in Amsterdam) on Wednesday Nov 7. There will be an OpenBSD and OpenSSH booth with CDs and Wim and Otto. Plans are in the works to meet after the conference, around 8PM. Both events are listed at http://www.openbsd.org/events.html Looking forward to seeing everybody in exactly two weeks, Kevin Kadow
Re: Help! I'm having Linux foisted on me! (PF queuing woes)
n0g0013 wrote:
> On 19.10-15:15, Richard Wilson wrote:
> [ ... ]
>> altq on $ext_if cbq bandwidth 9.1Mb queue { adsl_up, sdsl_up }
>> altq on $client_if cbq bandwidth 9.1Mb queue { adsl_dn, sdsl_dn }
>>
>> queue adsl_up bandwidth 256Kb cbq
>> queue adsl_dn bandwidth 2Mb cbq
>
> is there a reason that these have no child queues defined? i don't
> see how the implied child queues can borrow without that.
>
Yes, because I've copied them down wrong. They should of course be:
queue adsl_up bandwidth 256Kb cbq { adsl_client1_up, adsl_client2_up }
queue adsl_dn bandwidth 2Mb cbq { adsl_client1_dn, adsl_client2_dn }
etc.
Sorry for the glitch.
--
Richard 'Dave' Wilson
Systems Administrator
Senokian Solutions Ltd.
Business Innovation Centre,
Binley Business Park, Coventry,
United Kingdom
CV3 2TX
T: +44 (0)24 76 233 400
F: +44 (0)24 76 233 401
Re: : cp(1) bug ?
On 10/19/07, Nick Guenther <[EMAIL PROTECTED]> wrote: > On 10/19/07, Paul de Weerd <[EMAIL PROTECTED]> wrote: > > On Fri, Oct 19, 2007 at 01:52:03PM -0400, Douglas A. Tutty wrote: > > | Conceptually, though, why can't cp look at the source directory and take a > > | snapshot, a to-do-list, of everything it has to copy, then do it? That > > | way, any recursion would be completed before the target directory > > | appeared in the source directory. With only an -R (no -H -L or -P), it > > | should copy links as links which should avoid loops. > > > > What will you do if the underlying directory structure has tons and > > tons of files and subdirectories ? First traverse this entire tree, > > keeping it all in memory ? Sounds pretty expensive. > > Could you scan the tree only for recursions? You wouldn't have to keep > it all in memory, only the problem points, maybe? the other thing you can do is not copy directories into themselves. it's very easy. i'm not copying a directory into itself right now. i can even not do this while sleeping.
Re: : cp(1) bug ?
> Date: Fri, 19 Oct 2007 20:12:26 +0200 > From: Paul de Weerd <[EMAIL PROTECTED]> > Subject: Re: : cp(1) bug ? > > On Fri, Oct 19, 2007 at 01:52:03PM -0400, Douglas A. Tutty wrote: > | Conceptually, though, why can't cp look at the source directory and take a > | snapshot, a to-do-list, of everything it has to copy, then do it? That > | way, any recursion would be completed before the target directory > | appeared in the source directory. With only an -R (no -H -L or -P), it > | should copy links as links which should avoid loops. > > What will you do if the underlying directory structure has tons and > tons of files and subdirectories ? First traverse this entire tree, > keeping it all in memory ? Sounds pretty expensive. I believe that it is only necessary to do one directory read ahead in order to avoid the recursive loop. (I just took a quick look at the cp source in OpenBSD, so, correct me if I am wrong.) $ cp ... We can read the contents of if source1 is a directory, then create a directory in and copy the contents of source1 into it, and then repeat. This should not cause an endless loop. -- ((name "Aaron Hsu") (email/xmpp "[EMAIL PROTECTED]") (phone "703-597-7656") (site "http://www.aaronhsu.com";)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: cp(1) bug ?
On 10/19/07, Rimi Bougard <[EMAIL PROTECTED]> wrote: > Hello, > > On Fri, Oct 19, 2007 at 07:59:38PM +0200, ropers wrote: > > [...] > > pdksh on Linux behaves just like bash on Linux, and unlike pdksh on OpenBSD. > > I didn't expect that. So does that error message depend on OS APIs > > rather than the shell program and its built-in commands? the behavior of the cp program depends on which cp program you are running. what shell builtins have to do with cp i have no idea. > cp is part of the libc. or not.
Re: cp(1) bug ?
cp on linux is part of gnu coreutils (http://www.gnu.org/software/coreutils/) the error can be found in /coreutils-6.9/tests/cp/into-self So it is not a part of bash or ksh (also on OpenBSD it is not part of the shell, the code is in /usr/src/bin/cp/). >> I beat you to trying it on Linux > >No I didn't. Others beat me and you to it. Apologies for the unnecessary noise. > >(...) > >> IMHO cp behaving like this is somewhat nicer than its current >> behaviour on apparently most or all BSD OSes. > >I'm surprised now. > >I just thought that what I wrote above was stupid, because I thought >that the behaviour of cp was a function of the shell built-in command >cp, not of the OS. >To confirm this, I installed the OpenBSD default shell pdksh on >Ubuntu. However, pdksh on Ubuntu gives the same result as bash on >Ubuntu. So is this a function of the OS after all? > >| [EMAIL PROTECTED]:~$ uname -a >| Linux tranquility 2.6.22-14-386 #1 Sun Oct 14 22:36:54 GMT 2007 i686 >GNU/Linux >| [EMAIL PROTECTED]:~$ echo $SHELL >| /bin/bash > >We're on Linux and we're using bash. > >| [EMAIL PROTECTED]:~$ mkdir foo >| [EMAIL PROTECTED]:~$ cp -r foo foo >| cp: cannot copy a directory, `foo', into itself, `foo/foo' > >Bash behaves as expected. > >| [EMAIL PROTECTED]:~$ sudo apt-get install pdksh >| Reading package lists... Done >| Building dependency tree >| Reading state information... Done >| The following NEW packages will be installed: >| pdksh >| 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. >| Need to get 0B/261kB of archives. >| After unpacking 442kB of additional disk space will be used. >| Selecting previously deselected package pdksh. >| (Reading database ... 167230 files and directories currently installed.) >| Unpacking pdksh (from .../pdksh_5.2.14-20build1_i386.deb) ... >| Setting up pdksh (5.2.14-20build1) ... > >Ok, now pdksh is installed. > >| [EMAIL PROTECTED]:~$ pdksh >| $ ps | grep sh >| 6567 pts/000:00:00 bash >| 6816 pts/000:00:00 pdksh >| 6818 pts/000:00:00 pdksh > >Now we're running pdksh (echo $SHELL isn't changed when launching >another shell interactively, hence the use of ps to confirm). > >| $ rm -rf foo > >Need to rm foo to start from scratch. > >| $ mkdir foo >| $ cp -r foo foo >| cp: cannot copy a directory, `foo', into itself, `foo/foo' > >Strange. > >pdksh on Linux behaves just like bash on Linux, and unlike pdksh on OpenBSD. >I didn't expect that. So does that error message depend on OS APIs >rather than the shell program and its built-in commands?
Re: : cp(1) bug ?
On 10/19/07, Paul de Weerd <[EMAIL PROTECTED]> wrote: > On Fri, Oct 19, 2007 at 01:52:03PM -0400, Douglas A. Tutty wrote: > | Conceptually, though, why can't cp look at the source directory and take a > | snapshot, a to-do-list, of everything it has to copy, then do it? That > | way, any recursion would be completed before the target directory > | appeared in the source directory. With only an -R (no -H -L or -P), it > | should copy links as links which should avoid loops. > > What will you do if the underlying directory structure has tons and > tons of files and subdirectories ? First traverse this entire tree, > keeping it all in memory ? Sounds pretty expensive. Could you scan the tree only for recursions? You wouldn't have to keep it all in memory, only the problem points, maybe? None of this feels like the Right Way though. -Nick
Re: : cp(1) bug ?
On Fri, Oct 19, 2007 at 01:52:03PM -0400, Douglas A. Tutty wrote: | Conceptually, though, why can't cp look at the source directory and take a | snapshot, a to-do-list, of everything it has to copy, then do it? That | way, any recursion would be completed before the target directory | appeared in the source directory. With only an -R (no -H -L or -P), it | should copy links as links which should avoid loops. What will you do if the underlying directory structure has tons and tons of files and subdirectories ? First traverse this entire tree, keeping it all in memory ? Sounds pretty expensive. | How do scp and rsync do it? Why not try it ? scp local to remote doesn't make sense in this case, since src and dst are not really the same. scp local to local has the exact same effect (you even get an error message from cp that the name is too long). rsync does exactly what you just propose. It scans the entire src directory structure, keeping it all in memory, and then copies that to dst. If there's too many files in your hierarchy, rsync will fail. cp will not (unless of course you run out of inodes). Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: NFS exporting /usr/ports and -maproot=root
Re I'll add to that debug session that it works if i add spud to exports line and locally mount /usr/ports : [EMAIL PROTECTED]:~/ #mount -t nfs spud:/usr/ports /tmp/blah/ [EMAIL PROTECTED]:~/ #touch /tmp/blah/test And tcpdump log on lo0 : [EMAIL PROTECTED]:~/ #tcpdump -s 65000 -i lo0 port nfsd or port sunrpc tcpdump: listening on lo0, link-type LOOP 20:13:08.734530 spud.889 > spud.nfsd: xid 0x74c57a86 124 access fh 33,252/664798720 0002 20:13:08.734847 spud.nfsd > spud.889: xid 0x74c57a86 reply ok 120 access c 0002 20:13:08.734982 spud.889 > spud.nfsd: xid 0x74c57aba 120 getattr fh 33,252/3064333824 20:13:08.735117 spud.nfsd > spud.889: xid 0x74c57aba reply ok 112 getattr REG 644 ids 1000/9 sz 0x0 20:13:08.735230 spud.889 > spud.nfsd: xid 0x74c57ae3 128 lookup fh 33,252/664798720 "test" 20:13:08.735396 spud.nfsd > spud.889: xid 0x74c57ae3 reply ok 236 lookup fh 33,252/3064333824 20:13:08.735684 spud.889 > spud.nfsd: xid 0x74c57bbb 124 access fh 33,252/664798720 0002 20:13:08.735859 spud.nfsd > spud.889: xid 0x74c57bbb reply ok 120 access c 0002 20:13:08.736009 spud.889 > spud.nfsd: xid 0x74c57bd4 148 setattr fh 33,252/3064333824 20:13:08.736208 spud.nfsd > spud.889: xid 0x74c57bd4 reply ok 144 setattr Landry On 10/19/07, Landry Breuil <[EMAIL PROTECTED]> wrote: > On 10/19/07, Jan Stary <[EMAIL PROTECTED]> wrote: > > > > > Again: set WRKOBJDIR on the client side and you don't need > > > > > to be writing in the remotely mounted tree at all. > > > > > I'm already setting WRKOBJDIR outside nfs-dir, the problem is more for > > > /usr/ports/packages .. i'd like it to be shared too, to install the > > > same package on various sparc64 for example. And this dir needs to be > > > root-writable, as it uses sudo.. > > > > You also need to set DISTDIR and PKGREPOSITORYBASE > > - see examples in the FAQ. > > I now several workarounds and tweaks like this exists :) I just want > to understand why this setup doesn't work. > > > > I'd put it outside nfs if i don't find a solution, but btw i'm more > > > interested in understanding why -maproot=root doesn't work in my case > > > > Send your complete server:/etc/exports, client:/etc/fstab, > > verbose log of server:mountd, server:nfsd, and a full (-s 65000) tcpdump > > of the communication. > > server is spud, client for tests is renton (10.246.200.10). > server:/etc/exports: > /nfsroot/net_sparc64 -ro allison > /nfsroot/open_sparc64 -ro swanney > /usr/ports -maproot=0:0 renton swanney lizzy > > client fstab: > spud:/usr/ports /usr/ports nfs rw,nosuid 0 0 > > mountd -d output: > Got line /nfsroot/net_sparc64 -ro allison > Making new ep fs=0x0,0xfc214a5e > doing opt -ro allison > got host allison > exporting /nfsroot/net_sparc64 > Got line /nfsroot/open_sparc64 -ro swanney > Found ep fs=0x0,0xfc214a5e > doing opt -ro swanney > got host swanney.fr.homeunix.org > exporting /nfsroot/open_sparc64 > Got line /usr/ports -maproot=0:0 renton swanney lizzy > Found ep fs=0x0,0xfc214a5e > doing opt -maproot=0:0 renton swanney lizzy > got host renton.fr.homeunix.org > got host swanney.fr.homeunix.org > got host lizzy.fr.homeunix.org > exporting /usr/ports > exporting /usr/ports > exporting /usr/ports > unexporting / / > Getting mount list. > Here we go. > Got mount request from 10.246.200.10 > rpcpath: /usr/ports > Mount successful for /usr/ports by 10.246.200.10. > > (here i've ran sudo mount /usr/ports on the client) > > renton:~/ $ls -ld /usr/ports > drwxrwxr-x 47 root wsrc 1024 Oct 19 19:12 /usr/ports (same on > client and server) > renton:~/ $id > uid=1000(landry) gid=1000(landry) groups=1000(landry), 0(wheel), 9(wsrc) > renton:~/ $touch /usr/ports/test > renton:~/ > > Here i have tcpdump output (same for server and client) for this > sucessful file creation : > 19:56:29.030254 renton.695 > spud.nfsd: xid 0xbb06905b (NFSv3) 112 > lookup fh 33,252/664798720 "test" > 19:56:29.030771 spud.nfsd > renton.695: xid 0xbb06905b reply ok 116 > lookup ERROR: No such file or directory > 19:56:29.030843 renton.695 > spud.nfsd: xid 0xbb069116 (NFSv3) 112 > lookup fh 33,252/664798720 "test" > 19:56:29.031099 spud.nfsd > renton.695: xid 0xbb069116 reply ok 116 > lookup ERROR: No such file or directory > 19:56:29.031131 renton.695 > spud.nfsd: xid 0xbb069170 (NFSv3) 144 > create fh 33,252/664798720 "test" > 19:56:29.033013 spud.nfsd > renton.695: xid 0xbb069170 reply ok 268 > create fh 33,252/3064333824 > 19:56:29.033097 renton.695 > spud.nfsd: xid 0xbb069202 (NFSv3) 104 > getattr fh 33,252/3064333824 > 19:56:29.033363 spud.nfsd > renton.695: xid 0xbb069202 reply ok 112 > getattr REG 644 ids 1000/9 sz 0x0 > > Now i try to update attrs, it fails : > renton:~/ $sudo touch /usr/ports/test > touch: /usr/ports/test: Permission denied > > 19:57:52.066602 renton.695 > spud.nfsd: xid 0xbb0692d4 (NFSv3) 128 > lookup fh 33,252/664798720 "test" > 19:57:52.067288 spud.nfsd > renton.695: xid 0xbb0692d4 reply ok 236 > lookup fh 33,252/3064333824 > 19:57:52.067380 renton.695 > spud.nfsd: xid 0xbb069303 (N
Re: Help! I'm having Linux foisted on me! (PF queuing woes)
On Fri, Oct 19, 2007 at 03:15:03PM +0100, Richard Wilson wrote: > I appeal to the PF masters for some education on how to do something, > because if I can't work out how to do it using PF, I'll have to do it > with iptables. Eep! [snip the details] > That's about it really. If I can get it to work, I can persuade the boss > to let me keep running everything off OpenBSD. If not, I'll have to wrap > my head round iptables syntax, as apparently the boss 'Used to do it on > Red Hat and everything worked fine.' Eugh. > If in the end, you do have to use iptables (either because you couldn't get PF to do it the way the boss wants or because the boss ends up _wanting_ iptables), you may want to look at shorewall. It builds iptables firewalls using syntax that is remarkably similar to PF; in that I'm new to OpenBSD but come from Debian and could never get my head around iptables. I used shorewall in Debian and found that based on that, the PF manual both made sense and the concepts were similar. Doug.
Re: NFS exporting /usr/ports and -maproot=root
On 10/19/07, Jan Stary <[EMAIL PROTECTED]> wrote: > > > > Again: set WRKOBJDIR on the client side and you don't need > > > > to be writing in the remotely mounted tree at all. > > > I'm already setting WRKOBJDIR outside nfs-dir, the problem is more for > > /usr/ports/packages .. i'd like it to be shared too, to install the > > same package on various sparc64 for example. And this dir needs to be > > root-writable, as it uses sudo.. > > You also need to set DISTDIR and PKGREPOSITORYBASE > - see examples in the FAQ. I now several workarounds and tweaks like this exists :) I just want to understand why this setup doesn't work. > > I'd put it outside nfs if i don't find a solution, but btw i'm more > > interested in understanding why -maproot=root doesn't work in my case > > Send your complete server:/etc/exports, client:/etc/fstab, > verbose log of server:mountd, server:nfsd, and a full (-s 65000) tcpdump > of the communication. server is spud, client for tests is renton (10.246.200.10). server:/etc/exports: /nfsroot/net_sparc64 -ro allison /nfsroot/open_sparc64 -ro swanney /usr/ports -maproot=0:0 renton swanney lizzy client fstab: spud:/usr/ports /usr/ports nfs rw,nosuid 0 0 mountd -d output: Got line /nfsroot/net_sparc64 -ro allison Making new ep fs=0x0,0xfc214a5e doing opt -ro allison got host allison exporting /nfsroot/net_sparc64 Got line /nfsroot/open_sparc64 -ro swanney Found ep fs=0x0,0xfc214a5e doing opt -ro swanney got host swanney.fr.homeunix.org exporting /nfsroot/open_sparc64 Got line /usr/ports -maproot=0:0 renton swanney lizzy Found ep fs=0x0,0xfc214a5e doing opt -maproot=0:0 renton swanney lizzy got host renton.fr.homeunix.org got host swanney.fr.homeunix.org got host lizzy.fr.homeunix.org exporting /usr/ports exporting /usr/ports exporting /usr/ports unexporting / / Getting mount list. Here we go. Got mount request from 10.246.200.10 rpcpath: /usr/ports Mount successful for /usr/ports by 10.246.200.10. (here i've ran sudo mount /usr/ports on the client) renton:~/ $ls -ld /usr/ports drwxrwxr-x 47 root wsrc 1024 Oct 19 19:12 /usr/ports (same on client and server) renton:~/ $id uid=1000(landry) gid=1000(landry) groups=1000(landry), 0(wheel), 9(wsrc) renton:~/ $touch /usr/ports/test renton:~/ Here i have tcpdump output (same for server and client) for this sucessful file creation : 19:56:29.030254 renton.695 > spud.nfsd: xid 0xbb06905b (NFSv3) 112 lookup fh 33,252/664798720 "test" 19:56:29.030771 spud.nfsd > renton.695: xid 0xbb06905b reply ok 116 lookup ERROR: No such file or directory 19:56:29.030843 renton.695 > spud.nfsd: xid 0xbb069116 (NFSv3) 112 lookup fh 33,252/664798720 "test" 19:56:29.031099 spud.nfsd > renton.695: xid 0xbb069116 reply ok 116 lookup ERROR: No such file or directory 19:56:29.031131 renton.695 > spud.nfsd: xid 0xbb069170 (NFSv3) 144 create fh 33,252/664798720 "test" 19:56:29.033013 spud.nfsd > renton.695: xid 0xbb069170 reply ok 268 create fh 33,252/3064333824 19:56:29.033097 renton.695 > spud.nfsd: xid 0xbb069202 (NFSv3) 104 getattr fh 33,252/3064333824 19:56:29.033363 spud.nfsd > renton.695: xid 0xbb069202 reply ok 112 getattr REG 644 ids 1000/9 sz 0x0 Now i try to update attrs, it fails : renton:~/ $sudo touch /usr/ports/test touch: /usr/ports/test: Permission denied 19:57:52.066602 renton.695 > spud.nfsd: xid 0xbb0692d4 (NFSv3) 128 lookup fh 33,252/664798720 "test" 19:57:52.067288 spud.nfsd > renton.695: xid 0xbb0692d4 reply ok 236 lookup fh 33,252/3064333824 19:57:52.067380 renton.695 > spud.nfsd: xid 0xbb069303 (NFSv3) 124 access fh 33,252/664798720 0002 19:57:52.067688 spud.nfsd > renton.695: xid 0xbb069303 reply ok 120 access c 0002 19:57:52.067725 renton.695 > spud.nfsd: xid 0xbb0693f4 (NFSv3) 148 setattr fh 33,252/3064333824 19:57:52.068015 spud.nfsd > renton.695: xid 0xbb0693f4 reply ok 144 setattr ERROR: Permission denied 19:57:52.068051 renton.695 > spud.nfsd: xid 0xbb06947e (NFSv3) 124 access fh 33,252/664798720 0002 19:57:52.068299 spud.nfsd > renton.695: xid 0xbb06947e reply ok 120 access c 0002 19:57:52.068326 renton.695 > spud.nfsd: xid 0xbb06952e (NFSv3) 148 setattr fh 33,252/3064333824 19:57:52.068605 spud.nfsd > renton.695: xid 0xbb06952e reply ok 144 setattr ERROR: Permission denied Now i try to create another file, it fails : renton:~/ $sudo touch /usr/ports/test2 touch: /usr/ports/test2: Permission denied 19:58:24.546477 renton.695 > spud.nfsd: xid 0xbb0695bf (NFSv3) 132 lookup fh 33,252/664798720 "test2" 19:58:24.547033 spud.nfsd > renton.695: xid 0xbb0695bf reply ok 116 lookup ERROR: No such file or directory 19:58:24.547166 renton.695 > spud.nfsd: xid 0xbb06960d (NFSv3) 132 lookup fh 33,252/664798720 "test2" 19:58:24.547430 spud.nfsd > renton.695: xid 0xbb06960d reply ok 116 lookup ERROR: No such file or directory 19:58:24.547475 renton.695 > spud.nfsd: xid 0xbb069643 (NFSv3) 164 create fh 33,252/664798720 "test2" 19:58:24.54 spud.nfsd > renton.695: xid 0xbb069643 reply ok 60 create ERROR: Permission denied (btw, as root on s
Re: : cp(1) bug ?
Em Sex, 2007-10-19 C s 13:52 -0400, Douglas A. Tutty escreveu: > On Fri, Oct 19, 2007 at 09:19:21AM -0400, Nick Guenther wrote: > > On 10/19/07, Tom Van Looy <[EMAIL PROTECTED]> wrote: > > > Richard Toohey wrote: > > > > On 19/10/2007, at 8:12 PM, Raimo Niskanen wrote: > > > > > > > > Looks like OpenBSD, FreeBSD, and Mac OS X BSD bits have the same > > > > sort of outcome. > > > > > > > > Copy foo to foo only once and quit, I think that's the correct > > > > behaviour. I even think that posix more or less describes that. > > > > > > > > That's what it should be doing I guess. But it's tricky, if you start > > > > doing symlinks etc, you'll end up looping sooner or later. What if the > > > > directoy's are not named the same (eg: hard links)? > > > > > > > correction: hard links are not allowed on directory's, ... > > > that being said, comparing inodes seems the best solution > > > > > > only, don't give an error but copy once > > > maybe if I have time this weekend I'll try code that behaviour > > > > > > Anyway, it has worked like that since years, and I guess nobody has had > > > a problem with it before. I don't think it should be changed just > > > because some bored guy playing with it noticed strange output ;-p > > > > Sure, but "bored guy" can translate to "new ideas" and testing > > somehow-still-untested code paths. It's worth a shot at fixing. > > For what its worth, all I can offer is moral support since I don't code > C. > > Conceptually, though, why can't cp look at the source directory and take a > snapshot, a to-do-list, of everything it has to copy, then do it? That > way, any recursion would be completed before the target directory > appeared in the source directory. With only an -R (no -H -L or -P), it > should copy links as links which should avoid loops. > > How do scp and rsync do it? > > Doug. > At linux 2.6.22 (Ubuntu 7.10) $ mkdir foo $ scp -r foo localhost:/home/spyro/foo/ foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/f oo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/fo o/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo /foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/ foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/f oo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/fo o/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo /foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/ foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/f oo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/fo o/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo /foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/ foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/f oo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/foo/fo o/foo/foo/foo/foo/foo: name too long Using OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007
Re: cp(1) bug ?
Hello, On Fri, Oct 19, 2007 at 07:59:38PM +0200, ropers wrote: > [...] > pdksh on Linux behaves just like bash on Linux, and unlike pdksh on OpenBSD. > I didn't expect that. So does that error message depend on OS APIs > rather than the shell program and its built-in commands? cp is part of the libc. -- Remi Bougard
Re: cp(1) bug ?
On 19/10/2007, ropers <[EMAIL PROTECTED]> wrote: > > I beat you to trying it on Linux No I didn't. Others beat me and you to it. Apologies for the unnecessary noise. (...) > IMHO cp behaving like this is somewhat nicer than its current > behaviour on apparently most or all BSD OSes. I'm surprised now. I just thought that what I wrote above was stupid, because I thought that the behaviour of cp was a function of the shell built-in command cp, not of the OS. To confirm this, I installed the OpenBSD default shell pdksh on Ubuntu. However, pdksh on Ubuntu gives the same result as bash on Ubuntu. So is this a function of the OS after all? | [EMAIL PROTECTED]:~$ uname -a | Linux tranquility 2.6.22-14-386 #1 Sun Oct 14 22:36:54 GMT 2007 i686 GNU/Linux | [EMAIL PROTECTED]:~$ echo $SHELL | /bin/bash We're on Linux and we're using bash. | [EMAIL PROTECTED]:~$ mkdir foo | [EMAIL PROTECTED]:~$ cp -r foo foo | cp: cannot copy a directory, `foo', into itself, `foo/foo' Bash behaves as expected. | [EMAIL PROTECTED]:~$ sudo apt-get install pdksh | Reading package lists... Done | Building dependency tree | Reading state information... Done | The following NEW packages will be installed: | pdksh | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | Need to get 0B/261kB of archives. | After unpacking 442kB of additional disk space will be used. | Selecting previously deselected package pdksh. | (Reading database ... 167230 files and directories currently installed.) | Unpacking pdksh (from .../pdksh_5.2.14-20build1_i386.deb) ... | Setting up pdksh (5.2.14-20build1) ... Ok, now pdksh is installed. | [EMAIL PROTECTED]:~$ pdksh | $ ps | grep sh | 6567 pts/000:00:00 bash | 6816 pts/000:00:00 pdksh | 6818 pts/000:00:00 pdksh Now we're running pdksh (echo $SHELL isn't changed when launching another shell interactively, hence the use of ps to confirm). | $ rm -rf foo Need to rm foo to start from scratch. | $ mkdir foo | $ cp -r foo foo | cp: cannot copy a directory, `foo', into itself, `foo/foo' Strange. pdksh on Linux behaves just like bash on Linux, and unlike pdksh on OpenBSD. I didn't expect that. So does that error message depend on OS APIs rather than the shell program and its built-in commands?
Re: : cp(1) bug ?
On Fri, Oct 19, 2007 at 09:19:21AM -0400, Nick Guenther wrote: > On 10/19/07, Tom Van Looy <[EMAIL PROTECTED]> wrote: > > Richard Toohey wrote: > > > On 19/10/2007, at 8:12 PM, Raimo Niskanen wrote: > > > > > > Looks like OpenBSD, FreeBSD, and Mac OS X BSD bits have the same > > > sort of outcome. > > > > > > Copy foo to foo only once and quit, I think that's the correct > > > behaviour. I even think that posix more or less describes that. > > > > > > That's what it should be doing I guess. But it's tricky, if you start > > > doing symlinks etc, you'll end up looping sooner or later. What if the > > > directoy's are not named the same (eg: hard links)? > > > > > correction: hard links are not allowed on directory's, ... > > that being said, comparing inodes seems the best solution > > > > only, don't give an error but copy once > > maybe if I have time this weekend I'll try code that behaviour > > > > Anyway, it has worked like that since years, and I guess nobody has had > > a problem with it before. I don't think it should be changed just > > because some bored guy playing with it noticed strange output ;-p > > Sure, but "bored guy" can translate to "new ideas" and testing > somehow-still-untested code paths. It's worth a shot at fixing. For what its worth, all I can offer is moral support since I don't code C. Conceptually, though, why can't cp look at the source directory and take a snapshot, a to-do-list, of everything it has to copy, then do it? That way, any recursion would be completed before the target directory appeared in the source directory. With only an -R (no -H -L or -P), it should copy links as links which should avoid loops. How do scp and rsync do it? Doug.
Re: Squid/authpf with lookups on Active Directory
Thanks to all for the replies. Everything is clear now; squid with ntlm auth and authpf with login_ldap will do the trick (sorry, Stuart, I didn't really read your message - now I have). Steven, I'm looking for a general gateway setup - not only web traffic. Cheers, Ari Constancio On 10/19/07, Steven Surdock <[EMAIL PROTECTED]> wrote: > Ari Constancio wrote: > > Hi again, > > > > Sorry if I'm not being clear. > > > > I need this box to be a firewall and a proxy server. Squid, as it > > seems, can use NTLM auth to get account info from AD. But what about > > pf? > > > > How can I authenticate users from AD to get through pf? > > > > Thanks, > > Ari Constancio > > > > Define "get through pf". What services (protocols & ports) will they > need to access after authenticating? I was assuming web traffic, which > you would drive through squid, so no need for authpf. > > -Steve S.
Re: cp(1) bug ?
On 19/10/2007, Edd Barrett <[EMAIL PROTECTED]> wrote: > On 18/10/2007, Richard Toohey <[EMAIL PROTECTED]> wrote: > > > $ mkdir foo > > > $ cp -R foo foo > > Ill try this on a solaris box and a linix box tomorrow at work :P I beat you to trying it on Linux (Ubuntu "Gutsy Gibbon" 7.10): [EMAIL PROTECTED]:~$ uname --all Linux tranquility 2.6.22-14-386 #1 Sun Oct 14 22:36:54 GMT 2007 i686 GNU/Linux [EMAIL PROTECTED]:~$ echo $SHELL /bin/bash [EMAIL PROTECTED]:~$ mkdir foo [EMAIL PROTECTED]:~$ cp -R foo foo cp: cannot copy a directory, `foo', into itself, `foo/foo' [EMAIL PROTECTED]:~$ IMHO cp behaving like this is somewhat nicer than its current behaviour on apparently most or all BSD OSes. Then again, I STILL can't code, so I've no right to complain. ;o)
Re: : cp(1) bug ?
On Fri, Oct 19, 2007 at 09:19:21AM -0400, Nick Guenther wrote: > On 10/19/07, Tom Van Looy <[EMAIL PROTECTED]> wrote: > > [...] > > Anyway, it has worked like that since years, and I guess nobody has had > > a problem with it before. I don't think it should be changed just > > because some bored guy playing with it noticed strange output ;-p > > Sure, but "bored guy" can translate to "new ideas" and testing > somehow-still-untested code paths. It's worth a shot at fixing. > [...] Well, given that I feel targeted by this sentence ;) I think I will look at the cp's source code and try to "fix" that. Could be fun after all. -- Remi Bougard
Re: Wireless WAP encryption question
On Fri, 2007-10-19 at 09:14 -0700, Darren Spruell wrote: > It *is* a requirement to comment intelligently on what is or is not > being worked on. Yeah, sorry for that. ciao Luca
Re: Help! I'm having Linux foisted on me! (PF queuing woes)
Richard Wilson([EMAIL PROTECTED]) on 2007.10.19 15:15:03 +:
> What I want to do:
> Provide 2Mb down/256Kb up ADSL-like service, contended at 20 to one.
> Provide 2Mb down/2Mb up SDSL-like service, contended at 10 to one.
> By contention, I mean that to take the ADSL as the example, each client
> should be guaranteed 100Kbps downstream, and 13Kbps upstream, but then
> fights on an equal footing with everyone else in their group for the
> remainder of the 2Mb/256Kb.
As n0g0013 noted, you left out the child queues:
altq on $ext_ifcbq bandwidth 9.1Mb queue { adsl_up }
altq on $client_if cbq bandwidth 9.1Mb queue { adsl_dn }
queue adsl_up bandwidth 256Kb cbq(default) { adsl_client1_up, adsl_client2_up }
queue adsl_dn bandwidth 2Mb cbq(default) { adsl_client1_dn, adsl_client2_dn }
queue adsl_client1_up bandwidth 13Kb cbq (borrow)
queue adsl_client1_dn bandwidth 100Kb cbq (borrow)
queue adsl_client2_up bandwidth 13Kb cbq (borrow)
queue adsl_client2_dn bandwidth 100Kb cbq (borrow)
pass out on $ext_if from $adsl_client1 queue adsl_client1_up
pass out on $client_if to $adsl_client1 queue adsl_client1_dn
Now running the risk of writing crap, but i think that you then run into
this problem:
if you use "keep state" (which is implicit nowadays), the packets coming
back in will be processed according to the queue associated with the state
of that connection. i.e. a connection that was opened by a client will get
the queue adsl_client1_up. This queue does nothing for your download speed,
because it is not working on your $client_if, so you will instead be
assigned the default speed of 2Mb on your download-link.
You can solve this by either not using states _or_ by using only symetric
speeds, i.e.
altq on $ext_ifcbq bandwidth 9.1Mb queue { dsl }
altq on $client_if cbq bandwidth 9.1Mb queue { dsl }
queue dsl_up bandwidth 2Mb cbq(default) { client1, client2 }
queue client1 bandwidth 100Kb cbq (borrow)
/Benno
--
Sebastian Benoit <[EMAIL PROTECTED]>
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
knitti wrote: On 10/19/07, Stephen Bosch <[EMAIL PROTECTED]> wrote: Other things I've tried: - moving the Jetdirect to a different port on the same physical switch - a variety of static and dynamic IPs in the subnet I also forwarded the external port 9100 to this print server and tried to access it from a public host, but this didn't work either. This leads me to suspect a peculiar interaction between OpenBSD 4.1 and this particular print server. Of course, it might well be the fault of HP's IP stack, but I've already talked to them at great length and got pretty much nowhere: "We don't support JetDirect over WAN connections." look with tcpdump, whether the packets of the printserver look like you expect. perhaps it only has a ttl of 1 or 2 ;-) Yeah, I'm going to do some packet sniffing with tcpdump :) The TTL is unlikely to be the cause as the printer works now that it is on the outside, and the remote site is 8 hops away... but the suggestions about MTU possibly causing trouble are worth investigating. Anyway, I'll try tcpdump and see what it turns up. Thanks for all the suggestions and help! Cheers, -Stephen-
Re: Wireless WAP encryption question
On 10/19/07, Luca Corti <[EMAIL PROTECTED]> wrote: > AFAIK noone is working on it. > ... > Sure I am not following source changes regularly, I don't believe this > is a requirement to just use the system. It *is* a requirement to comment intelligently on what is or is not being worked on. DS
Re: USB Disk problems
On 10/17/07, Steve Shockley <[EMAIL PROTECTED]> wrote: > Edwards, David (JTS) wrote: > > I'm using 250G laptop disks powered from the USB cable. > > Maybe you're hitting the limit of the USB power output? Agreed. Use two separate full-power USB ports (i.e. neither port shares any of each other's power) and try again. Invest in a powered USB hub if you must. Each disk will be consuming more than 1.25W, and the USB spec maxes out at 2.5W per powered port. -Mark C.
Re: Squid/authpf with lookups on Active Directory
Ari Constancio wrote: > Hi again, > > Sorry if I'm not being clear. > > I need this box to be a firewall and a proxy server. Squid, as it > seems, can use NTLM auth to get account info from AD. But what about > pf? > > How can I authenticate users from AD to get through pf? > > Thanks, > Ari Constancio > Define "get through pf". What services (protocols & ports) will they need to access after authenticating? I was assuming web traffic, which you would drive through squid, so no need for authpf. -Steve S.
Re: Squid/authpf with lookups on Active Directory
On 2007/10/19 16:03, Ari Constancio wrote: > Hi again, > > Sorry if I'm not being clear. > > I need this box to be a firewall and a proxy server. Squid, as it > seems, can use NTLM auth to get account info from AD. But what about > pf? > > How can I authenticate users from AD to get through pf? > > Thanks, > Ari Constancio > Did you read my email? > On 10/19/07, Mark Rolen <[EMAIL PROTECTED]> wrote: > > Steven Surdock wrote: > > > To perform integrated NTLM auth I believe you'll need winbind from samba > > > and windbind support for Squid. I'm not sure I understand the authpf > > > requirement. > > > > > > http://marc.info/?l=openbsd-ports&m=119081356508513&w=2 > > > > > > -Steve S. > > > > > > > > I have to agree with Steven here, I don't understand why you want both > > NTLM auth and authpf. Doing NTLM auth makes for easy and transparent > > authentication for users on windows machines, adding authpf to the mix > > seems to take away that ease and transparency. Is the authpf supposed > > to be your "real" authentication piece, and you want the NTLM bit just > > so the usernames show up in squid's logs, for accountability reasons?
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
Jussi Peltola wrote: Does the print server have the right gateway configured? Yeah. Checked that. Does scrub have any effect (fragments get dropped in some cases if scrub is off - that bit me once with openvpn)? I think scrub is on, though -- I'll have to look again. Wouldn't tcpdump tell you more about the packets coming back from it? Yes, it would, but I'd been working for 20 hours and I couldn't really think anymore. Plus, doing a dump on an encryption interface... well. I'd probably just use rdr and a TCP proxy on some machine to work around the problem. Print server IP stacks tend to be funny, especially in case of non-1500 MTU. That was my thinking also -- I don't think they spend a lot of time on them, and they run on "bare minimum" hardware. Thanks! -Stephen-
Re: Squid/authpf with lookups on Active Directory
Il giorno 19/ott/07, alle 17:03, Ari Constancio ha scritto: How can I authenticate users from AD to get through pf? I'm unsure I've correclty understood your request. If you mean "How can I make my authpf users authenticate against AD" then use login_ldap from ports (you probably have to do some modifications on AD schema, don't remember), make a login class in login.conf for your authpf users and allow them to use login_ldap only as authentication method. f.
Re: NFS exporting /usr/ports and -maproot=root
> > > Again: set WRKOBJDIR on the client side and you don't need > > > to be writing in the remotely mounted tree at all. > I'm already setting WRKOBJDIR outside nfs-dir, the problem is more for > /usr/ports/packages .. i'd like it to be shared too, to install the > same package on various sparc64 for example. And this dir needs to be > root-writable, as it uses sudo.. You also need to set DISTDIR and PKGREPOSITORYBASE - see examples in the FAQ. > And concerning http://openbsd.org/faq/faq15.html#NoFun, all my boxes > are running -current, only the server is running stable and i don't > build anything on it (way too slow to compile) If all your clients are running the same version of obsd on the same architecture, then why don't you just mirror /pub/OpenBSD/snapshots/packages/sparc64 on the server and export it (ro) to all the (identical) clients to install? (And if you have a really good reason to build from the ports, then dedicate one of the -current sparc64's to be the build server which exports the built .../packages to everyone else.) > I'd put it outside nfs if i don't find a solution, but btw i'm more > interested in understanding why -maproot=root doesn't work in my case Send your complete server:/etc/exports, client:/etc/fstab, verbose log of server:mountd, server:nfsd, and a full (-s 65000) tcpdump of the communication. Jan
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
Claudiu Pruna wrote: hi Stephen, No offense, but did you check JetDirect's ip settings about the default gateway ? None taken. Yes, I did actually check that, and it was correct. Try an tcpdump on the ethernet interface at site A while trying to print from site B and check if you "see" packets on both directions. That'll be the next thing I try. -Stephen-
Re: : cp(1) bug ?
ps: it was a ;-p Nick Guenther wrote: On 10/19/07, Tom Van Looy <[EMAIL PROTECTED]> wrote: Richard Toohey wrote: On 19/10/2007, at 8:12 PM, Raimo Niskanen wrote: Looks like OpenBSD, FreeBSD, and Mac OS X BSD bits have the same sort of outcome. Copy foo to foo only once and quit, I think that's the correct behaviour. I even think that posix more or less describes that. That's what it should be doing I guess. But it's tricky, if you start doing symlinks etc, you'll end up looping sooner or later. What if the directoy's are not named the same (eg: hard links)? correction: hard links are not allowed on directory's, ... that being said, comparing inodes seems the best solution only, don't give an error but copy once maybe if I have time this weekend I'll try code that behaviour Anyway, it has worked like that since years, and I guess nobody has had a problem with it before. I don't think it should be changed just because some bored guy playing with it noticed strange output ;-p Sure, but "bored guy" can translate to "new ideas" and testing somehow-still-untested code paths. It's worth a shot at fixing. -Nick
Re: Help! I'm having Linux foisted on me! (PF queuing woes)
On 19.10-15:15, Richard Wilson wrote:
[ ... ]
> altq on $ext_if cbq bandwidth 9.1Mb queue { adsl_up, sdsl_up }
> altq on $client_if cbq bandwidth 9.1Mb queue { adsl_dn, sdsl_dn }
>
> queue adsl_up bandwidth 256Kb cbq
> queue adsl_dn bandwidth 2Mb cbq
is there a reason that these have no child queues defined? i don't
see how the implied child queues can borrow without that.
--
t
t
w
Re: Squid/authpf with lookups on Active Directory
Hi again, Sorry if I'm not being clear. I need this box to be a firewall and a proxy server. Squid, as it seems, can use NTLM auth to get account info from AD. But what about pf? How can I authenticate users from AD to get through pf? Thanks, Ari Constancio On 10/19/07, Mark Rolen <[EMAIL PROTECTED]> wrote: > Steven Surdock wrote: > > To perform integrated NTLM auth I believe you'll need winbind from samba > > and windbind support for Squid. I'm not sure I understand the authpf > > requirement. > > > > http://marc.info/?l=openbsd-ports&m=119081356508513&w=2 > > > > -Steve S. > > > > > I have to agree with Steven here, I don't understand why you want both > NTLM auth and authpf. Doing NTLM auth makes for easy and transparent > authentication for users on windows machines, adding authpf to the mix > seems to take away that ease and transparency. Is the authpf supposed > to be your "real" authentication piece, and you want the NTLM bit just > so the usernames show up in squid's logs, for accountability reasons?
Re: NFS exporting /usr/ports and -maproot=root
On 10/19/07, Jan Stary <[EMAIL PROTECTED]> wrote: > Replying to myself, > > > Again: set WRKOBJDIR on the client side and you don't need > > to be writing in the remotely mounted tree at all. > > the following is nonsense, of course: > > > Another advantage of that is that when you build some port that requires > > e.g. the X11 to be installed, you only need it installed on the machine > > that performs the port build, that is, the (one) client that actually > > needs it. > > - the stuff needed for a proper port build either is or is not > present on the machine that makes the build, *regardless* of which > /usr/ports the machine uses. > I'm already setting WRKOBJDIR outside nfs-dir, the problem is more for /usr/ports/packages .. i'd like it to be shared too, to install the same package on various sparc64 for example. And this dir needs to be root-writable, as it uses sudo.. I'd put it outside nfs if i don't find a solution, but btw i'm more interested in understanding why -maproot=root doesn't work in my case :) And concerning http://openbsd.org/faq/faq15.html#NoFun, all my boxes are running -current, only the server is running stable and i don't build anything on it (way too slow to compile) Anyone, idea for my maproot problem ? Landry
Help! I'm having Linux foisted on me! (PF queuing woes)
I appeal to the PF masters for some education on how to do something,
because if I can't work out how to do it using PF, I'll have to do it
with iptables. Eep!
We are a small hosting company in a managed building, and we present
ADSL/SDSL-like service over ethernet to other companies in the building,
to capitalise on some of the spare capacity on our 10Mb leased line.
What I want to do:
Provide 2Mb down/256Kb up ADSL-like service, contended at 20 to one.
Provide 2Mb down/2Mb up SDSL-like service, contended at 10 to one.
By contention, I mean that to take the ADSL as the example, each client
should be guaranteed 100Kbps downstream, and 13Kbps upstream, but then
fights on an equal footing with everyone else in their group for the
remainder of the 2Mb/256Kb.
I have tried the following sort of configuration, but the clients never
seem to successfully borrow up to the capacity of their contention
block. I am aware that it is incomplete, lacks a default, etc, I'm just
trying to give an idea of what I've done with the DSL bits.
altq on $ext_if cbq bandwidth 9.1Mb queue { adsl_up, sdsl_up }
altq on $client_if cbq bandwidth 9.1Mb queue { adsl_dn, sdsl_dn }
queue adsl_up bandwidth 256Kb cbq
queue adsl_dn bandwidth 2Mb cbq
queue sdsl_up bandwidth 2Mb cbq
queue sdsl_dn bandwidth 2Mb cbq
queue adsl_client1_up bandwidth 13Kb cbq (borrow)
queue adsl_client1_dn bandwidth 100Kb cbq (borrow)
queue adsl_client2_up bandwidth 13Kb cbq (borrow)
queue adsl_client2_dn bandwidth 100Kb cbq (borrow)
queue sdsl_client1_up bandwidth 100Kb cbq (borrow)
queue sdsl_client1_dn bandwidth 100Kb cbq (borrow)
queue sdsl_client2_up bandwidth 100Kb cbq (borrow)
queue sdsl_client2_dn bandwidth 100Kb cbq (borrow)
#ADSL Clients
pass in on $client_if from $adsl_client1_net to any queue adsl_client1_up
pass out on $client_if from any to $adsl_client1_net queue adsl_client1_dn
pass in on $client_if from $adsl_client2_net to any queue adsl_client2_up
pass in on $client_if from any to $adsl_client2_net queue adsl_client2_dn
And so on, I don't need to waste your time with a huge email of slightly
different repeated lines :-)
That's about it really. If I can get it to work, I can persuade the boss
to let me keep running everything off OpenBSD. If not, I'll have to wrap
my head round iptables syntax, as apparently the boss 'Used to do it on
Red Hat and everything worked fine.' Eugh.
--
Richard 'Dave' Wilson
Systems Administrator
Senokian Solutions Ltd.
Business Innovation Centre,
Binley Business Park, Coventry,
United Kingdom
CV3 2TX
T: +44 (0)24 76 233 400
F: +44 (0)24 76 233 401
Re: Squid/authpf with lookups on Active Directory
Steven Surdock wrote: To perform integrated NTLM auth I believe you'll need winbind from samba and windbind support for Squid. I'm not sure I understand the authpf requirement. http://marc.info/?l=openbsd-ports&m=119081356508513&w=2 -Steve S. I have to agree with Steven here, I don't understand why you want both NTLM auth and authpf. Doing NTLM auth makes for easy and transparent authentication for users on windows machines, adding authpf to the mix seems to take away that ease and transparency. Is the authpf supposed to be your "real" authentication piece, and you want the NTLM bit just so the usernames show up in squid's logs, for accountability reasons?
Re: NFS exporting /usr/ports and -maproot=root
Replying to myself, > Again: set WRKOBJDIR on the client side and you don't need > to be writing in the remotely mounted tree at all. the following is nonsense, of course: > Another advantage of that is that when you build some port that requires > e.g. the X11 to be installed, you only need it installed on the machine > that performs the port build, that is, the (one) client that actually > needs it. - the stuff needed for a proper port build either is or is not present on the machine that makes the build, *regardless* of which /usr/ports the machine uses. Jan
Re: Squid/authpf with lookups on Active Directory
To perform integrated NTLM auth I believe you'll need winbind from samba and windbind support for Squid. I'm not sure I understand the authpf requirement. http://marc.info/?l=openbsd-ports&m=119081356508513&w=2 -Steve S. Ari Constancio wrote: > Mark, > > Thanks for replying. I found some material about Squid but I'd really > like also to include authpf. > > Cheers, > Ari Constancio > > On 10/19/07, Mark Rolen <[EMAIL PROTECTED]> wrote: >> It's been over two years now, so specific steps are fuzzy now (I'd >> have to start from scratch to do it again), but I implemented two >> squid boxes (redundant via carp) that did authentication against a >> windows 2003 server for a church here. It simply required squid and >> samba (I do recall that I had to build samba from ports to get some >> feature I needed, the openbsd package didn't include it... however,
Re: : cp(1) bug ?
On 10/19/07, Tom Van Looy <[EMAIL PROTECTED]> wrote: > > Richard Toohey wrote: > > On 19/10/2007, at 8:12 PM, Raimo Niskanen wrote: > > > > Looks like OpenBSD, FreeBSD, and Mac OS X BSD bits have the same > > sort of outcome. > > > > > > Copy foo to foo only once and quit, I think that's the correct > > behaviour. I even think that posix more or less describes that. > > > > > > That's what it should be doing I guess. But it's tricky, if you start > > doing symlinks etc, you'll end up looping sooner or later. What if the > > directoy's are not named the same (eg: hard links)? > > > correction: hard links are not allowed on directory's, ... > that being said, comparing inodes seems the best solution > > only, don't give an error but copy once > maybe if I have time this weekend I'll try code that behaviour > > Anyway, it has worked like that since years, and I guess nobody has had > a problem with it before. I don't think it should be changed just > because some bored guy playing with it noticed strange output ;-p Sure, but "bored guy" can translate to "new ideas" and testing somehow-still-untested code paths. It's worth a shot at fixing. -Nick
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
On 10/19/07, Stephen Bosch <[EMAIL PROTECTED]> wrote: > Other things I've tried: > > - moving the Jetdirect to a different port on the same physical switch > - a variety of static and dynamic IPs in the subnet > > I also forwarded the external port 9100 to this print server and tried > to access it from a public host, but this didn't work either. > > This leads me to suspect a peculiar interaction between OpenBSD 4.1 and > this particular print server. Of course, it might well be the fault of > HP's IP stack, but I've already talked to them at great length and got > pretty much nowhere: "We don't support JetDirect over WAN connections." look with tcpdump, whether the packets of the printserver look like you expect. perhaps it only has a ttl of 1 or 2 ;-) --knitti
Re: Squid/authpf with lookups on Active Directory
On 2007/10/19 14:09, Ari Constancio wrote: > Thanks for replying. I found some material about Squid but I'd really > like also to include authpf. You can massage the output from OpenLDAP's ldapsearch to generate a master.passwd file, pwd_mkdb, then login_ldap from packages can be used to authenticate passwords against the live database.
Re: NFS exporting /usr/ports and -maproot=root
On Oct 18 20:04:18, Landry Breuil wrote: > i'm struggling to make my ports-tree usable on all my machines, it > seems that in my configuration -maproot=root in /etc/exports doesn't > work: > > on the server (4.1 stable), /etc/exports contains : > /usr/ports -maproot=root client > perms : drwxrwxr-x 47 root wsrc 1024 Oct 18 19:40 /usr/ports This exports the port tree rw; imagine one client doing 'make install' while another client runs 'make clean' in the same port. Export the ports tree -ro and instruct clients to (man ports and) properly set WRKOBJDIR and friends. http://openbsd.org/faq/faq15.html#PortsConfig > on the client (-current), /etc/fstab contains : > server:/usr/ports /usr/ports nfs rw,nosuid 0 0 > perms : drwxrwxr-x 47 root wsrc 1024 Oct 18 19:40 /usr/ports > > Nfs mount works fine, showmount -a is fine (i have client:/usr/ports > line), as a normal user (i'm in wsrc group) i can create files in > remote ports-tree, but as root it seems impossible, either using sudo > touch, sudo -u root touch or su - then touch, i'm always getting > touch: /usr/ports/test: Permission denied > As ports-tree uses extensively sudo, i'm kinda blocked.. Again: set WRKOBJDIR on the client side and you don't need to be writing in the remotely mounted tree at all. Another advantage of that is that when you build some port that requires e.g. the X11 to be installed, you only need it installed on the machine that performs the port build, that is, the (one) client that actually needs it. > What if you share a directory on the server from a partition that has > the nosuid flag set in fstab? I don't think any suid bits are set in the ports tree. find /usr/ports -perm -04000 | xargs -r ls -l > /usr/ports is not a separate partition, i only have / on this box > (on a 13gb disk..).. so i can't test this option. > /dev/wd0a / ffs rw 1 1 It's better to have exported filesystems on separate partitions. Then you can e.g. mount the ro-exported ones read-only on the server, too. If you really want to have a central "ports server", in an enviroment where it is actually worth it[*], then you surely can dedicate a small disk to it. No idea about the original -maproot question, though :-) Jan [*] http://openbsd.org/faq/faq15.html#NoFun Note that you should be running ports from the port tree that matches your system version. So the assumption that this is actually worth it also means that you have a large number of machines running the same version of obsd.
Re: Squid/authpf with lookups on Active Directory
Mark, Thanks for replying. I found some material about Squid but I'd really like also to include authpf. Cheers, Ari Constancio On 10/19/07, Mark Rolen <[EMAIL PROTECTED]> wrote: > It's been over two years now, so specific steps are fuzzy now (I'd have > to start from scratch to do it again), but I implemented two squid boxes > (redundant via carp) that did authentication against a windows 2003 > server for a church here. It simply required squid and samba (I do > recall that I had to build samba from ports to get some feature I > needed, the openbsd package didn't include it... however, this was on > 3.8, things may be different now). So yes, it's very doable and was > pretty simple. There are how-tos/tutorials to be found that will get > you running in no time. > > Regards, > Mark > > > Ari Constancio wrote: > > Hi, > > > > I'm looking for a MS-ISA server replacement, and I'm thinking > > specifically in an OpenBSD-based setup with authpf and Squid (NTLM > > auth) on Active Directory. > > > > Does anyone have a similar setup? > > > > Thanks in advance, > > Ari Constancio
Re: : cp(1) bug ?
correction: hard links are not allowed on directory's, ... that being said, comparing inodes seems the best solution only, don't give an error but copy once maybe if I have time this weekend I'll try code that behaviour Anyway, it has worked like that since years, and I guess nobody has had a problem with it before. I don't think it should be changed just because some bored guy playing with it noticed strange output ;-p Regards, Tom Richard Toohey wrote: On 19/10/2007, at 8:12 PM, Raimo Niskanen wrote: On Thu, Oct 18, 2007 at 10:06:42PM +1300, Richard Toohey wrote: JUST FOR FUN I have tried to "fix" this. What I know about C code can be written on the back of a postage stamp Did I mention the SIZE of the postage stamp? It's rather small ... 8-) I am afraid solving the general case is harder. The path length limit actually works as a crude, cheep and effective cycle detection. While Windows Finder solves the simple case of copying into yourself, I do not think it has solved the general case. Anyone curious to try? Runs screaming into the night ... A lot more man reading for me, first! -- / Raimo Niskanen, Erlang/OTP, Ericsson AB I might try a Linux install (got some Slackware 12.0 CDs) and look at what it does (and its source code) - sure someone will beat me to it. Looks like OpenBSD, FreeBSD, and Mac OS X BSD bits have the same sort of outcome. I got this from Tom Van Looy (thanks, Tom): Copy foo to foo only once and quit, I think that's the correct behaviour. I even think that posix more or less describes that. $ mkdir foo $ cp -R foo foo $ ls -R foo foo/: foo foo/foo: That's what it should be doing I guess. But it's tricky, if you start doing symlinks etc, you'll end up looping sooner or later. What if the directoy's are not named the same (eg: hard links)? (please reply cc to the list) And another email from Tom Van Looy: Oh and yes, it doesn't go boom, the copy just stops when the max filename length is reached (logically). And " name too long (not copied)" is an error, you can just redirect it to dev null, cp -R foo foo 2>/dev/null, if you don't like it on your screen. Try fixing it so that it doesn't copy a directory into itself when it is allready copied (so allow it only once). GNU cp does something like that: $ mkdir foo $ cp -R foo foo cp: cannot copy a directory, `foo', into itself, `foo/foo' $ ls -R foo foo: foo foo/foo: Only, I think the warning is not needed (and I didn't further test it, so it's possibly doing something else after all).
Re: Wireless WAP encryption question
On Fri, 2007-10-19 at 12:07 +0200, Paul de Weerd wrote: > I disagree. This is not true from a 'user perspective' at all. Unless > a user is totally ignorant - you don't expect a new building to just > *poof* out of thin air and have it ready for use the same moment ? > Construction takes time. Careful and good construction takes more > time. I disagree too here :) It's not about ignorance, it's about requirements. Let's pretend I am a user of OS L, I get fed up with L and want to try out OS O, which seems to be really cool, has nice features, etc. If L has feature W and O doesn't and feature W is essential for me to accomplish my computing tasks *today*, I can't switch to O. (Letters obviously picked at random.) If the user question is: Is feature WPA available on OpenBSD right now? The answer is: No. This is what the original poster asked for. Some of the pointers given in this thread state WPA may be years away from now, so the answer may be 'No, but some work has been done and WPA will probably be supported in the not too distant future. If you are able to you could contribute in some way to speed up things.', but this is essentially the same thing from our user point of view. Sure I am not following source changes regularly, I don't believe this is a requirement to just use the system. > I think quality is high priority. At least, that's the reason why I > use OpenBSD. Features will be done when they're done by people who are > interested in them that have both the skills and the time to make it > work. I'm not whining about missing features or screaming for ice cream. I use OpenBSD too for the same reasons, buy CDs and am perfectly fine with the quality/time trade off. Actually I think OpenBSD fits my idea of "user friendly" much better than a lot of other advertised as friendly OSes. It has very nice features, it has a coherent look and feel, documentation is great, behavior is predictable and sane. I am not asking about specific features to be implemented, or saying OpenBSD sucks because does not support WPA. Just read the original post again: >I understand that both protocols WEP and WAP/WAP2 >are not really secure and that the way to go is to use OpenVPN but the >university where I work has WAP/WAP2 wireless network for general >purposes and I would like to be able to use laptop running OpenBSD >on the campus. This is not a shades-of-gray philosophical-issue question. This is a black-and-white yes-or-no one, unless you consider convincing the campus network admins to switch to WEP a possibility. I understand the point you are trying to make and I think I agree on the philosophical principles, we just look at it from different angles. ciao Luca
Squid/authpf with lookups on Active Directory
Hi, I'm looking for a MS-ISA server replacement, and I'm thinking specifically in an OpenBSD-based setup with authpf and Squid (NTLM auth) on Active Directory. Does anyone have a similar setup? Thanks in advance, Ari Constancio
Re: cp(1) bug ?
On Debian, you also end up with a directory structure consisting of
one new 'foo' directory within the original 'foo' directory, which is
contradicting the message about not being able to copy foo into
itself...
$ mkdir foo
$ touch foo/bar
$ cp -R foo foo
cp: cannot copy a directory, `foo', into itself, `foo/foo'
$ ls -lR foo
foo:
total 4
-rw-r--r-- 1 ak ak0 2007-10-19 11:14 bar
drwxr-xr-x 2 ak ak 4096 2007-10-19 11:14 foo
foo/foo:
total 0
-rw-r--r-- 1 ak ak 0 2007-10-19 11:14 bar
According to SUSv3, the cp utility *may* issue a diagnostic message
when the source and target arguments are the same. IMHO we're doing
the right thing with regards to that part. I'm not sure about
recursively creating a very deep directory structure, but it's not a
problem really.
Andreas
On 19/10/2007, Pau Amaro-Seoane <[EMAIL PROTECTED]> wrote:
> penguin's behaviour:
>
> elachistos| cp -R foo foo
> cp: cannot copy a directory, `foo', into itself, `foo/foo'
>
> :)
>
> 2007/10/19, Arnaud Berthomier <[EMAIL PROTECTED]>:
> > On the October 17, at 10:39 (-0700), Bryan Irvine wrote:
> > > [...]
> > > looks like a feature to me. ;)
> >
> > Agreed, although it does not seem to exists on GNU/Linux since GNU's cp
> > is different from BSD's. The feature is present on {Net,Open,Free}BSD.
> >
> > It's not that a big deal, is it? Eventually, the question could be: what
> > should be limiting cp there? a max_path value, or... himself? I think
> > the former's the best.
> >
> > Just my 2 cents. :)
> >
> > --
> > B+ A nation is a society united by a delusion about it's ancestry and by
> > common hatred of its neighbours. B;-- Dean William R. Inge
>
>
--
Andreas Kahari
Somewhere in the general Cambridge area, UK
Re: Wireless WAP encryption question
On Fri, Oct 19, 2007 at 11:44:58AM +0200, Luca Corti wrote: | On Fri, 2007-10-19 at 10:35 +0200, Paul de Weerd wrote: | > Work is being done to add support. How is this 'preliminary' ? Is it | > only not preliminary when the final commit is made that makes WPA | > work ? | | Well, I think that's correct from a user perspective. The question was | by a user and about WPA being available as a feature. I disagree. This is not true from a 'user perspective' at all. Unless a user is totally ignorant - you don't expect a new building to just *poof* out of thin air and have it ready for use the same moment ? Construction takes time. Careful and good construction takes more time. > This says pretty nothing about actual implementation work being done > on WPA support. Just because you're not actively watching the construction site (source-changes@), actual implementation work is still being done (patches committed) to build the building (WPA support, in this case). It is true that WPA is not available as a feature to end users. That doesn't mean people aren't working on it. You've been pointed at several sources that show there is work in progress. It's just that : work in progress. Not finished yet. | Maybe my response was a bit too quick, with "noone is working on it" I | really meant "I think this is not high priority". But this is just my | perception on WPA status in OpenBSD, maybe I'm plain wrong. I think quality is high priority. At least, that's the reason why I use OpenBSD. Features will be done when they're done by people who are interested in them that have both the skills and the time to make it work. Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
OpenBSD Berlin
Hi, I have plenty of time between next 1/11 ~ 5/11; who wants to meet in Berlin, in Tuffstein to celebrate the 12th birthday of OpenBSD? (Leberstrasse 2, Schoeneberg): http://maps.google.com/maps?f=q&hl=ca&geocode=&time=&date=&ttype=&q=leberstrasse+2,+berlin,+germany&sll=37.0625,-95.677068&sspn=31.095668,81.5625&ie=UTF8&ll=52.486413,13.361478&spn=0.011655,0.039825&z=15&om=1 Remember that we have our own mailing list thanks to Gabriel: --> http://www.abc.se/mailman/listinfo/openbsd-berlin <-- I am posting here in order to draw the attention of potential new "members" Cheers, Pau
Re: cp(1) bug ?
penguin's behaviour:
elachistos| cp -R foo foo
cp: cannot copy a directory, `foo', into itself, `foo/foo'
:)
2007/10/19, Arnaud Berthomier <[EMAIL PROTECTED]>:
> On the October 17, at 10:39 (-0700), Bryan Irvine wrote:
> > [...]
> > looks like a feature to me. ;)
>
> Agreed, although it does not seem to exists on GNU/Linux since GNU's cp
> is different from BSD's. The feature is present on {Net,Open,Free}BSD.
>
> It's not that a big deal, is it? Eventually, the question could be: what
> should be limiting cp there? a max_path value, or... himself? I think
> the former's the best.
>
> Just my 2 cents. :)
>
> --
> B+ A nation is a society united by a delusion about it's ancestry and by
> common hatred of its neighbours. B;-- Dean William R. Inge
Re: Wireless WAP encryption question
On Fri, 2007-10-19 at 10:35 +0200, Paul de Weerd wrote: > Work is being done to add support. How is this 'preliminary' ? Is it > only not preliminary when the final commit is made that makes WPA > work ? Well, I think that's correct from a user perspective. The question was by a user and about WPA being available as a feature. Maybe my response was a bit too quick, with "noone is working on it" I really meant "I think this is not high priority". But this is just my perception on WPA status in OpenBSD, maybe I'm plain wrong. ciao Luca
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
On Fri, 2007-10-19 at 00:30 -0600, Stephen Bosch wrote: > Hi, folks: > > Here's a good one for you. > > I have an IPsec tunnel running between two OpenBSD boxes. One is still > running 3.8 (yes, it needs to be updated) and the other is running 4.1. > > There is a functioning tunnel running between the two devices. > > Hosts on one end can "see" hosts on the other, and vice versa -- EXCEPT > > we just put an HP Jetdirect print server on the OpenBSD 4.1 side. This > device is pingable and accessible from hosts on the same network, but > totally unpingable and inaccessible from hosts on the remote network. > > To recap: > > Print server is at site A. > Hosts at site A (on the same subnet) can ping and access print server. > > Hosts at site B (on a different subnet) *cannot* ping or access this > print server. > > And yet - Hosts at site B *can* see every other device at site A (and > vice versa) and all those devices can see the print server. > > Note that we're not doing any filtering on the encryption interface (the > line is "pass quick on enc0"); nevertheless, I'm wondering if I need > some special flags somewhere. > > Other things I've tried: > > - moving the Jetdirect to a different port on the same physical switch > - a variety of static and dynamic IPs in the subnet > > I also forwarded the external port 9100 to this print server and tried > to access it from a public host, but this didn't work either. > > This leads me to suspect a peculiar interaction between OpenBSD 4.1 and > this particular print server. Of course, it might well be the fault of > HP's IP stack, but I've already talked to them at great length and got > pretty much nowhere: "We don't support JetDirect over WAN connections." > > We ended up putting the printer outside on a public IP address as an > ugly, undesirable workaround, and, WAN connection or not, that is > currently working. I'd really like to get this one back on the private > network. I don't need hackers sending mountains of porn to this printer, > even if it *is* in a truck stop. > > Any ideas or salient suggestions? > > -Stephen- hi Stephen, No offense, but did you check JetDirect's ip settings about the default gateway ? Try an tcpdump on the ethernet interface at site A while trying to print from site B and check if you "see" packets on both directions. -- Claudiu Pruna <[EMAIL PROTECTED]>
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
Does the print server have the right gateway configured? Does scrub have any effect (fragments get dropped in some cases if scrub is off - that bit me once with openvpn)? Wouldn't tcpdump tell you more about the packets coming back from it? I'd probably just use rdr and a TCP proxy on some machine to work around the problem. Print server IP stacks tend to be funny, especially in case of non-1500 MTU. -- Jussi Peltola
Re: Wireless WAP encryption question
On Fri, Oct 19, 2007 at 10:07:36AM +0200, Luca Corti wrote: | On Thu, 2007-10-18 at 22:43 -0400, Nick Guenther wrote: | > > WPA is not supported. AFAIK noone is working on it. | > http://www.openbsd.org/plus42.html | > search for "WPA". | | "Lots of 802.11 improvements and code in preparation for WPA and other | auth styles." | | This says pretty nothing about actual implementation work being done on | WPA support. Previously mentioned undeadly.org articles seems to state | preliminary work is being done, but WPA integration in the OS may | eventually happen years from now. This says everything about actual implementation work. From one of the many commit messages by damien@ in this area : Log message: split ieee80211_parse_rsn() so the same function can be used to parse both WPA1 and RSN (WPA2) IEs. rename ieee80211_parse_edca_params_common() into ieee80211_parse_edca_params_body() while i'm here. Work is being done to add support. How is this 'preliminary' ? Is it only not preliminary when the final commit is made that makes WPA work ? Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
Hi, folks: Here's a good one for you. I have an IPsec tunnel running between two OpenBSD boxes. One is still running 3.8 (yes, it needs to be updated) and the other is running 4.1. There is a functioning tunnel running between the two devices. Hosts on one end can "see" hosts on the other, and vice versa -- EXCEPT we just put an HP Jetdirect print server on the OpenBSD 4.1 side. This device is pingable and accessible from hosts on the same network, but totally unpingable and inaccessible from hosts on the remote network. To recap: Print server is at site A. Hosts at site A (on the same subnet) can ping and access print server. Hosts at site B (on a different subnet) *cannot* ping or access this print server. And yet - Hosts at site B *can* see every other device at site A (and vice versa) and all those devices can see the print server. Note that we're not doing any filtering on the encryption interface (the line is "pass quick on enc0"); nevertheless, I'm wondering if I need some special flags somewhere. Other things I've tried: - moving the Jetdirect to a different port on the same physical switch - a variety of static and dynamic IPs in the subnet I also forwarded the external port 9100 to this print server and tried to access it from a public host, but this didn't work either. This leads me to suspect a peculiar interaction between OpenBSD 4.1 and this particular print server. Of course, it might well be the fault of HP's IP stack, but I've already talked to them at great length and got pretty much nowhere: "We don't support JetDirect over WAN connections." We ended up putting the printer outside on a public IP address as an ugly, undesirable workaround, and, WAN connection or not, that is currently working. I'd really like to get this one back on the private network. I don't need hackers sending mountains of porn to this printer, even if it *is* in a truck stop. Any ideas or salient suggestions? -Stephen-
Re: cp(1) bug ?
On the October 17, at 10:39 (-0700), Bryan Irvine wrote:
> [...]
> looks like a feature to me. ;)
Agreed, although it does not seem to exists on GNU/Linux since GNU's cp
is different from BSD's. The feature is present on {Net,Open,Free}BSD.
It's not that a big deal, is it? Eventually, the question could be: what
should be limiting cp there? a max_path value, or... himself? I think
the former's the best.
Just my 2 cents. :)
--
B+ A nation is a society united by a delusion about it's ancestry and by
common hatred of its neighbours. B;-- Dean William R. Inge
Re: Wireless WAP encryption question
On Thu, 2007-10-18 at 22:43 -0400, Nick Guenther wrote: > > WPA is not supported. AFAIK noone is working on it. > http://www.openbsd.org/plus42.html > search for "WPA". "Lots of 802.11 improvements and code in preparation for WPA and other auth styles." This says pretty nothing about actual implementation work being done on WPA support. Previously mentioned undeadly.org articles seems to state preliminary work is being done, but WPA integration in the OS may eventually happen years from now. ciao Luca
Re: ntpd error message filling logs
On Fri, 19 Oct 2007, RW wrote: > I have a GENERIC 4.1 box running ntpd as a server that is now part of > au.pool.ntp.org and suddenly (once the world discovered it) the logs > began to fill with entries like: > Oct 19 16:46:05 freya ntpd[12012]: malformed packet received from > 121.216.235.111 > Oct 19 16:46:19 freya ntpd[12012]: malformed packet received from > 144.131.135.143 > Oct 19 16:46:25 freya ntpd[12012]: malformed packet received from > 58.173.48.94 > Oct 19 16:46:46 freya ntpd[12012]: malformed packet received from > 58.168.107.247 > Oct 19 16:47:20 freya ntpd[12012]: malformed packet received from > 144.131.135.143 > Oct 19 16:48:21 freya ntpd[12012]: malformed packet received from > 144.131.135.143 > Oct 19 16:48:29 freya ntpd[12012]: malformed packet received from > 58.168.107.247 > Oct 19 16:49:22 freya ntpd[12012]: malformed packet received from > 144.131.135.143 > > So I went running to Mrs Google and she didn't say much really but one > entry showed that somebody found that one version of Debian could deal > with an early OBSD ntpd but a later Deb could not. > > I followed up some cvs entries for "our" ntpd and I can see the message > text there but nothing much to let me figure out if it can be mitigated > in any way. Well, you see ntpd doing the mitigation. It has recceived a request with an improper length. Some clients do that. It might even by some joker sending garbage to your ntpd. > > Ohh whoops! I just saw the tail -f daemon stop scrolling and it's now > been silent for several minutes after nearly an hour where a bunch of > Telstra (not my ISP) adsl customers repeatedly hammered the box. > > Anyway can someone please give me a clue as to what the effect is at > t'other end clients? ntpd will ignore these requests. The client will not receive a reply. Most clients conclude your server is down and start polling very infrequently to see if has come back. -Otto > > If it starts again what is the best tcpdump recipe to capture data that > smart people need? > I did a tcpdump -X -s 1500 -nettti rl0 udp and dst 218.214.194.118 but > the output did not mean much to me . > > Any other clues? > > Thanx, > Rod/ > > >From the land "down under": Australia. > Do we look from up over?
ntpd error message filling logs
I have a GENERIC 4.1 box running ntpd as a server that is now part of au.pool.ntp.org and suddenly (once the world discovered it) the logs began to fill with entries like: Oct 19 16:46:05 freya ntpd[12012]: malformed packet received from 121.216.235.111 Oct 19 16:46:19 freya ntpd[12012]: malformed packet received from 144.131.135.143 Oct 19 16:46:25 freya ntpd[12012]: malformed packet received from 58.173.48.94 Oct 19 16:46:46 freya ntpd[12012]: malformed packet received from 58.168.107.247 Oct 19 16:47:20 freya ntpd[12012]: malformed packet received from 144.131.135.143 Oct 19 16:48:21 freya ntpd[12012]: malformed packet received from 144.131.135.143 Oct 19 16:48:29 freya ntpd[12012]: malformed packet received from 58.168.107.247 Oct 19 16:49:22 freya ntpd[12012]: malformed packet received from 144.131.135.143 So I went running to Mrs Google and she didn't say much really but one entry showed that somebody found that one version of Debian could deal with an early OBSD ntpd but a later Deb could not. I followed up some cvs entries for "our" ntpd and I can see the message text there but nothing much to let me figure out if it can be mitigated in any way. Ohh whoops! I just saw the tail -f daemon stop scrolling and it's now been silent for several minutes after nearly an hour where a bunch of Telstra (not my ISP) adsl customers repeatedly hammered the box. Anyway can someone please give me a clue as to what the effect is at t'other end clients? If it starts again what is the best tcpdump recipe to capture data that smart people need? I did a tcpdump -X -s 1500 -nettti rl0 udp and dst 218.214.194.118 but the output did not mean much to me . Any other clues? Thanx, Rod/ >From the land "down under": Australia. Do we look from up over?
Re: : cp(1) bug ?
On 19/10/2007, at 8:12 PM, Raimo Niskanen wrote: On Thu, Oct 18, 2007 at 10:06:42PM +1300, Richard Toohey wrote: JUST FOR FUN I have tried to "fix" this. What I know about C code can be written on the back of a postage stamp Did I mention the SIZE of the postage stamp? It's rather small ... 8-) I am afraid solving the general case is harder. The path length limit actually works as a crude, cheep and effective cycle detection. While Windows Finder solves the simple case of copying into yourself, I do not think it has solved the general case. Anyone curious to try? Runs screaming into the night ... A lot more man reading for me, first! -- / Raimo Niskanen, Erlang/OTP, Ericsson AB I might try a Linux install (got some Slackware 12.0 CDs) and look at what it does (and its source code) - sure someone will beat me to it. Looks like OpenBSD, FreeBSD, and Mac OS X BSD bits have the same sort of outcome. I got this from Tom Van Looy (thanks, Tom): Copy foo to foo only once and quit, I think that's the correct behaviour. I even think that posix more or less describes that. $ mkdir foo $ cp -R foo foo $ ls -R foo foo/: foo foo/foo: That's what it should be doing I guess. But it's tricky, if you start doing symlinks etc, you'll end up looping sooner or later. What if the directoy's are not named the same (eg: hard links)? (please reply cc to the list) And another email from Tom Van Looy: Oh and yes, it doesn't go boom, the copy just stops when the max filename length is reached (logically). And " name too long (not copied)" is an error, you can just redirect it to dev null, cp -R foo foo 2>/dev/null, if you don't like it on your screen. Try fixing it so that it doesn't copy a directory into itself when it is allready copied (so allow it only once). GNU cp does something like that: $ mkdir foo $ cp -R foo foo cp: cannot copy a directory, `foo', into itself, `foo/foo' $ ls -R foo foo: foo foo/foo: Only, I think the warning is not needed (and I didn't further test it, so it's possibly doing something else after all).
Re: : cp(1) bug ?
On Thu, Oct 18, 2007 at 10:06:42PM +1300, Richard Toohey wrote: > This looks like fun ... 8-) And this is open source, so let's follow > the code and learn something as we go along ... > > But first, I guess it IS following your instructions ... > > You asked it to copy what's in directory foo, recursively. And you > are changing what's in foo at the same time ... > > 1. What's in foo? foo > 2. So copy foo to foo - giving foo/foo. > 3. What's in foo? foo/foo > 4. So copy foo/foo to foo/foo/foo. > 5. Repeat. > > Until it goes boom. > : : > > JUST FOR FUN I have tried to "fix" this. What I know about C code > can be written on the back of a postage stamp - this was an attempt > to get something working. And a lot more fun than watching TV ... > And because I can. > > # diff -u /tmp/cp.c cp.c > --- /tmp/cp.c Thu Oct 18 21:50:07 2007 > +++ cp.cThu Oct 18 22:48:37 2007 > @@ -237,6 +237,10 @@ > */ > type = FILE_TO_DIR; > + if (type == FILE_TO_DIR) > + if (strcmp(to.p_path,*argv)==0) > + errx(1,"source and destination directories (% > s) would cause cycle",to.p_path); > + > exit (copy(argv, type, fts_options)); > } > > After the change: > > # cp -R foo foo > cp: source and destination directories (foo) would cause cycle > > Done no other testing or anything useful. > > But now someone will rap me on the fingers and say this is POSIX > compliant or some-such. I'll try it on FreeBSD 6.2: > I am afraid solving the general case is harder. You would have to do a full tree search down into the directories to copy and see if you find the destination anywhere. During the tree scan you would have to use all rules about following links that the actual copy recursion would use. And that would not be enough... I made a little test and if the target contains directories that have the same name(s) as in the source, they are retained (their inode number does not change). This should mean that the target may contain an arbitrarily deep directory structure that on any point can hard link to somewhere in the source directory structure, causing a cycle that is very expensive to find, even if you do the cycle detection during the copy recursion. The path length limit actually works as a crude, cheep and effective cycle detection. While Windows Finder solves the simple case of copying into yourself, I do not think it has solved the general case. Anyone curious to try? -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Strange OpenBGPD Problem after MAC address change
Hi, I have a non-urgent problem with OpenBPGD and would like to know if anybody has a suggestion on what went wrong/I did wrong. Situation: I replaced an openbgpd based router (R1) with new hardware. Of course, the mac addresses of the interfaces changed. After the swap the BGP session with another openbgpd router (R20) did not come up. Other sessions between R1 and other machines came up without any problems. I run OpenBSD 4.1-stable at both routers. bgpctl output on R1, the router with the new hardware: Neighbor ASMsgRcvdMsgSentOutQ Up/Down IBGP with R20 XYZ 0 0 0 NeverActive bgpctl output on R20: Neighbor ASMsgRcvdMsgSentOutQ Up/Down IBGP with R1 XYZ 100216 10455 0 00:27:52 Active R1 is a poor guy, it regularly tries to open the connection to port 179 on R20, but the SYN packets are simply ignored. On the other hand, tcpdump shows that R20 does not try to open a TCP connection to R1. This is content of /var/log/messages of R20 around the time when the old R1 router was shutdown (its local address X.X.96.20 is on vlan201). Oct 19 08:18:41 R20 bgpd[21642]: neighbor X.X.96.1 (IBGP with R1): received notification: Cease, none Oct 19 08:19:11 R20 bgpd[21642]: neighbor X.X.96.1 (IBGP with R1): connect: Operation not permitted Oct 19 08:21:12 R20 bgpd[21642]: neighbor X.X.96.1 (IBGP with R1): connect: Operation not permitted Oct 19 08:22:55 R20 /bsd: arp info overwritten for X.X.96.1 by 00:00:24:c8:d9:f8 on vlan201 I did not restart the bgpd on R20 (which would certainly help), as I would like to further track down the problem. - Christian
Re: No acpi0 on ASUS A7N8X Deluxe?
Pierre Riteau wrote: On Thu, Oct 18, 2007 at 04:35:38PM +0200, Markus Bergkvist wrote: Even though bios0 reports "ASUS A7N8X Deluxe ACPI BIOS" during boot, I see no acpi0 in the dmesg, w/o acpi enabled. Unsupported, or am I just not supposed to see a acpi0 device? disable apm0 if you want to see use acpi. When disabling apm, the machine does not shut down completely. It is stuck on "Attempting to power down... The operating system has halted. Please press any key to restart." I guess you can't have it all... /Markus
