Re: Concurrecnt PPPoE(4)?
2008/1/20, Jussi Peltola <[EMAIL PROTECTED]>: > On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote: > > > pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \ > > from any to pppoe0 > I don't think that will work. Anyone trying to reach pppoe0 will not get > routed out on pppoe1. > > > pass in on pppoe1 route-to (pppoe0 pppoe0:peer) \ > > from any to pppoe0 > You should never receive packets to pppoe0 on pppoe1 or your ISP is > doing funny things. > > Try: > pass in on pppoe0 reply-to (pppoe0 pppoe0:peer) from any to pppoe0 > > and: > pass in on pppoe1 reply-to (pppoe1 pppoe1:peer) from any to pppoe1. > > Then you also need to handle outgoing traffic: > pass route-to (pppoe0 pppoe0:peer) > > or something similar (do not try load-balancing before you get the rest > of it working). > > In this situation route-to will not help you with *incoming* > connections. They are already routed by your isp. It is the replies > (reply-to) and outgoing connections (route-to) that you need to > statefully route to the correct interface using PF. > Thank you!! It is finally working now with: pass in on pppoe0 reply-to pppoe0 from any to pppoe0 pass in on pppoe1 reply-to pppoe1 from any to pppoe1 Well at least ping and traceroute is working, not yet ssh... but that's a good start I suppose. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
cwm background & invoking mutt
After reading the undeadly post on cwm(1) I am trying it out in Xnest(1). I was wondering how I could get a background image like the one shown in undeadly. Also, I can't invoke mutt using C-/ although I have a symlink in .calmwm/. GUI apps like firefox and soffice fire up fine. Any help would be much appreciated. Thanks.
Re: Concurrecnt PPPoE(4)?
On Sun, Jan 20, 2008 at 07:13:02AM +0200, Jussi Peltola wrote: > On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote: > > > pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \ > > from any to pppoe0 > I don't think that will work. Anyone trying to reach pppoe0 will not get > routed out on pppoe1. Hmm, actually that rule is almost correct, and I ended up getting confused... What you probably mean is: pass out on pppoe1 route-to (pppoe0 pppoe0:peer) from pppoe0 to any This avoids packets from pppoe0's address from being routed on pppoe1 (since your isp would drop them.) You need a similar rule for your other pppoe interface. -- Jussi Peltola
Re: Concurrecnt PPPoE(4)?
On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote: > pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \ > from any to pppoe0 I don't think that will work. Anyone trying to reach pppoe0 will not get routed out on pppoe1. > pass in on pppoe1 route-to (pppoe0 pppoe0:peer) \ > from any to pppoe0 You should never receive packets to pppoe0 on pppoe1 or your ISP is doing funny things. Try: pass in on pppoe0 reply-to (pppoe0 pppoe0:peer) from any to pppoe0 and: pass in on pppoe1 reply-to (pppoe1 pppoe1:peer) from any to pppoe1. Then you also need to handle outgoing traffic: pass route-to (pppoe0 pppoe0:peer) or something similar (do not try load-balancing before you get the rest of it working). In this situation route-to will not help you with *incoming* connections. They are already routed by your isp. It is the replies (reply-to) and outgoing connections (route-to) that you need to statefully route to the correct interface using PF. Anyway, I have a very hard time writing correct rulesets with route-to / reply-to, so hopefully someone more experienced can comment / beat me with a clue stick. -- Jussi Peltola
Re: Concurrecnt PPPoE(4)?
2008/1/20, NetOne - Doichin Dokov <[EMAIL PROTECTED]>: > You only have one defautl gateway, so the last pppoe session established > sets it up to it's interface. The behaviour you're observing is > absolutely normal. You should dig into pf's route-to, packet tagging and > state-keeping options if you need to ssh back to the machine on both > interfaces, or do whatever you want _from the machine itself_. There are > a lot of examples in the net (including one in the PF FAQ if i've not > mistaken) on what is the proper way of setting up several uplinks as you > want. > Hey, I have read the PF FAQ on route-to and Google several examples online... I still don't get it... I am currently just trying to get any packets to pppoe0 (from outside), no fancy blockings yet... I've added the following to my pf.conf: pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \ from any to pppoe0 pass in on pppoe1 route-to (pppoe0 pppoe0:peer) \ from any to pppoe0 And there are no other packet filtering rules for pppoe0 nor pppoe1, they just had the default pass all. Is my idea of route-to way out of there? -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: watchdog sysctl missing?
On Jan 19, 2008 1:42 PM, Constantine A. Murenin <[EMAIL PROTECTED]> wrote: > On 19/01/2008, Richard Daemon <[EMAIL PROTECTED]> wrote: > > Running 4.2-stable (Jan 13). > > > > sysctl: > > kern.watchdog.auto > > kern.watchdog.period > > > > These sysctl's are no longer available? I didn't notice if it's just in > this > > build or something changed in 4.1 or 4.2, but I know 4.0 has it and the > man > > page now even references these sysctl's. > > > > Is it just me or am I missing something??? > > These sysctl values are available only when at least one hardware > watchdog driver is attached. > > C. > Makes sense, thanks for the reply!
Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2
On Jan 19, 2008 8:31 PM, SchC6berle DC!niel <[EMAIL PROTECTED]> wrote: > Hi all! > > I've just upgraded my firewall from OpenBSD 4.0 to 4.2-stable and ran > into a small problem regarding mount_mfs. I solved it, but in case > anybody else runs into it, here's something for the archives. > > I run the box from a 512MB CF and, originally, with very limited > memory. The /var, tmp and /dev are mount_mfs and during the upgrade I > had trobule with mounting /dev. > > I used to mount /dev with the following line: > > swap /dev mfs rw,-P=/proto/dev,-s=700,-i=256 0 0 > > It seems that sometime after 4.1 was released (probably during ffs2 > development) mount_mfs was changed in such a way that it doesn't allow > very high density for inodes. This resulted in mount_mfs failing on > replicating the /dev and me getting a readonly /dev, which resulted > in a box that I couldn't login into remotly (with ssh). Luckily you I > could still issue commands with winscp or login locally. After couple > of tests I concluded that mount_mfs simply ignores density settings > lower than 1024, so I changed the /dev to settings to the following > line: > > swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0 > > Now everything is ok, I'm happy and sice CF is in a new box with lots > of memory I'm not trying to squeeze every byte out of it. > > Maybe this maximal density could be documented somehow? I glanced at > the mkfs.c and saw that, in theory, it should warn the user when > reducing the density but I never got a warning during my tests. > > dmesg in case anybody needs it: > > OpenBSD 4.2-stable (SQUID_DISKD) #7: Fri Jan 18 21:11:32 CET 2008 >[EMAIL PROTECTED] > :/usr/src/sys/arch/i386/compile/SQUID_DISK > D > cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz ("GenuineIntel" 686-class) 3.02GHz > cpu0: > > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS > H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR > real mem = 2146988032 (2047MB) > avail mem = 2068254720 (1972MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 07/11/03, BIOS32 rev. 0 @ 0xfb210, > SMBIOS rev. 2.2 @ 0xf0800 (34 entries) > bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 07/11/2003 > bios0: http://www.abit.com.tw/ BE7-S/BE7-G/BE7-B (Intel i845PE-ICH4) > apm0 at bios0: Power Management spec V1.2 > apm0: AC on, battery charge unknown > apm0: flags 70102 dobusy 1 doidle 1 > pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84 > pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/192 (10 entries) > pcibios0: PCI Exclusive IRQs: 5 7 9 10 11 > pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00) > pcibios0: PCI bus #2 is the last bus > bios0: ROM list: 0xc/0xd000 0xd/0x8000! > cpu0 at mainbus0 > pci0 at mainbus0 bus 0: configuration mode 1 (no bios) > pchb0 at pci0 dev 0 function 0 "Intel 82845G/GL" rev 0x02 > ppb0 at pci0 dev 1 function 0 "Intel 82845G/GL/GV/GE/PE AGP" rev 0x02 > pci1 at ppb0 bus 1 > vga1 at pci1 dev 0 function 0 "ATI Radeon 9500 Pro" rev 0x00 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > "ATI Radeon 9500 Pro Sec" rev 0x00 at pci1 dev 0 function 1 not configured > uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x02: irq 5 > uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x02: irq 7 > uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x02: irq 11 > ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x02: irq 10 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 > ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x82 > pci2 at ppb1 bus 2 > skc0 at pci2 dev 3 function 0 "D-Link Systems DGE-530T A1" rev 0x11, Yukon > (0x1): irq 10 > sk0 at skc0 port A: address 00:13:46:64:e1:ef > eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3 > pciide0 at pci2 dev 14 function 0 "CMD Technology SiI3112 SATA" rev 0x02: > DMA > pciide0: using irq 11 for native-PCI interrupt > ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02: 24-bit > timer > at 3579545Hz > pciide1 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA, > channel 0 > configured to compatibility, channel 1 configured to compatibility > wd0 at pciide1 channel 0 drive 0: > wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors > wd1 at pciide1 channel 0 drive 1: > wd1: 16-sector PIO, LBA48, 117800MB, 241254720 sectors > wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 > wd1(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5 > wd2 at pciide1 channel 1 drive 0: > wd2: 16-sector PIO, LBA48, 117246MB, 240121728 sectors > wd2(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 > ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: irq 9 > iic0 at ichiic0 > usb1 at uhci0: USB revision 1.0 > uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 > usb2 at uhci1: USB revision 1.0 > uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 > usb3 at uh
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
On Jan 19, 2008 8:22 PM, Tony Abernethy <[EMAIL PROTECTED]> wrote: > Copying to a file can be done in two distinct ways > with different results for any other hard links to same file. > cp overwrites the original inode > install unlinks the original inode (after?) writing a new inode > > You probably get some "interesting" effects if it takes a long > time to overwrite the executable file and that file is executed > as it is being (partially) re-written. Good point, wasn't thinking about that. Yeah, race condition then, would be fun. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related
mount_mfs change of behaviour regarding -i (inode density) on 4.2
Hi all! I've just upgraded my firewall from OpenBSD 4.0 to 4.2-stable and ran into a small problem regarding mount_mfs. I solved it, but in case anybody else runs into it, here's something for the archives. I run the box from a 512MB CF and, originally, with very limited memory. The /var, tmp and /dev are mount_mfs and during the upgrade I had trobule with mounting /dev. I used to mount /dev with the following line: swap /dev mfs rw,-P=/proto/dev,-s=700,-i=256 0 0 It seems that sometime after 4.1 was released (probably during ffs2 development) mount_mfs was changed in such a way that it doesn't allow very high density for inodes. This resulted in mount_mfs failing on replicating the /dev and me getting a readonly /dev, which resulted in a box that I couldn't login into remotly (with ssh). Luckily you I could still issue commands with winscp or login locally. After couple of tests I concluded that mount_mfs simply ignores density settings lower than 1024, so I changed the /dev to settings to the following line: swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0 Now everything is ok, I'm happy and sice CF is in a new box with lots of memory I'm not trying to squeeze every byte out of it. Maybe this maximal density could be documented somehow? I glanced at the mkfs.c and saw that, in theory, it should warn the user when reducing the density but I never got a warning during my tests. dmesg in case anybody needs it: OpenBSD 4.2-stable (SQUID_DISKD) #7: Fri Jan 18 21:11:32 CET 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/SQUID_DISK D cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz ("GenuineIntel" 686-class) 3.02 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 2146988032 (2047MB) avail mem = 2068254720 (1972MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/11/03, BIOS32 rev. 0 @ 0xfb210, SMBIOS rev. 2.2 @ 0xf0800 (34 entries) bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 07/11/2003 bios0: http://www.abit.com.tw/ BE7-S/BE7-G/BE7-B (Intel i845PE-ICH4) apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/192 (10 entries) pcibios0: PCI Exclusive IRQs: 5 7 9 10 11 pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xd000 0xd/0x8000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82845G/GL" rev 0x02 ppb0 at pci0 dev 1 function 0 "Intel 82845G/GL/GV/GE/PE AGP" rev 0x02 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Radeon 9500 Pro" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "ATI Radeon 9500 Pro Sec" rev 0x00 at pci1 dev 0 function 1 not configured uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x02: irq 5 uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x02: irq 7 uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x02: irq 11 ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x02: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x82 pci2 at ppb1 bus 2 skc0 at pci2 dev 3 function 0 "D-Link Systems DGE-530T A1" rev 0x11, Yukon (0x1): irq 10 sk0 at skc0 port A: address 00:13:46:64:e1:ef eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3 pciide0 at pci2 dev 14 function 0 "CMD Technology SiI3112 SATA" rev 0x02: DMA pciide0: using irq 11 for native-PCI interrupt ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02: 24-bit timer at 3579545Hz pciide1 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd1 at pciide1 channel 0 drive 1: wd1: 16-sector PIO, LBA48, 117800MB, 241254720 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5 wd2 at pciide1 channel 1 drive 0: wd2: 16-sector PIO, LBA48, 117246MB, 240121728 sectors wd2(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: irq 9 iic0 at ichiic0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port
Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2
Sorry, wrong dmesg. This is the right one: OpenBSD 4.2-stable (GENERIC) #1: Fri Jan 18 21:26:06 CET 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Duron(tm) processor ("AuthenticAMD" 686-class, 64KB L2 cache) 754 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,F XSR real mem = 536375296 (511MB) avail mem = 511008768 (487MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/28/03, BIOS32 rev. 0 @ 0xfb4b0, SMBIOS rev. 2.2 @ 0xf0800 (45 entries) bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 08/28/2003 bios0: VIA Technologies, Inc. KT333-8235 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdf74 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/192 (10 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT82C596A ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x8000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA VT8366 PCI" rev 0x00 ppb0 at pci0 dev 1 function 0 "VIA VT8366 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci0 dev 8 function 0 "S3 Trio32/64" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) dc0 at pci0 dev 10 function 0 "DEC 21142/3" rev 0x41: irq 10, address 00:80:c8:93:f9:00 amphy0 at dc0 phy 8: Am79C873 10/100 PHY, rev. 0 dc1 at pci0 dev 12 function 0 "Accton EN2242" rev 0x11: irq 11, address 00:04:e2:7b:0c:62 ukphy0 at dc1 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI 0x000749, model 0x0001 uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 5 uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 10 uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 11 ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: VIA EHCI root hub, rev 2.00/1.00, addr 1 viapm0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00 iic0 at viapm0 maxtmp0 at iic0 addr 0x4c: lm90 pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 1-sector PIO, LBA, 488MB, 1000944 sectors wd0(pciide0:0:0): using PIO mode 0 pciide0: channel 1 disabled (no drives) usb1 at uhci0: USB revision 1.0 uhub1 at usb1: VIA UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: VIA UHCI root hub, rev 1.00/1.00, addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3: VIA UHCI root hub, rev 1.00/1.00, addr 1 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 lm0 at isa0 port 0x290/8: W83697HF npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ff65 netmask ff65 ttymask ffe7 pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
bofh wrote: > I don't get what you're talking about. If you overwrite the file > (vulnerable sshd) with a new one, the file gets replaced. > All the hardlinks > would point to the new file. Copying to a file can be done in two distinct ways with different results for any other hard links to same file. cp overwrites the original inode install unlinks the original inode (after?) writing a new inode You probably get some "interesting" effects if it takes a long time to overwrite the executable file and that file is executed as it is being (partially) re-written.
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
bofh P=P0P?P8QP0: On Jan 19, 2008 1:27 PM, Ted Unangst <[EMAIL PROTECTED]> wrote: On 1/18/08, bofh <[EMAIL PROTECTED]> wrote: I think he means sshd. And it really doesn't matter, once you make install, you'll overwrite the vulnerable copy with the new one, and all the hardlinks won't matter, because they'd be linked to the new file. except that they won't. the point of a hard link is it points to the file, not the name. it's not a symlink. I don't get what you're talking about. If you overwrite the file (vulnerable sshd) with a new one, the file gets replaced. All the hardlinks would point to the new file. $ uname -a OpenBSD urd.spidernet.to 4.1 GENERIC#0 i386 $ echo apple > test $ ln test test2 $ ls -l test* -rw-r--r-- 2 tai wheel 6 Jan 19 19:43 test -rw-r--r-- 2 tai wheel 6 Jan 19 19:43 test2 $ cat test test2 apple apple $ echo orange > test2 $ cat test orange $ $ echo apples > apples $ echo bananas > bananas $ ln bananas whats_cooking $ mv bananas oranges $ echo oranges > oranges $ cat whats_cooking oranges $ $ echo apples > apples $ echo bananas > bananas $ ln -s bananas whats_cooking $ mv bananas oranges $ cat whats_cooking cat: whats_cooking: No such file or directory $ echo bananas > bananas $ cat whats_cooking bananas $ Mmm, yummy! Do you get it now? man ln(1) - it's all there.
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
On 2008/01/19 19:46, bofh wrote: > On Jan 19, 2008 1:27 PM, Ted Unangst <[EMAIL PROTECTED]> wrote: > > > On 1/18/08, bofh <[EMAIL PROTECTED]> wrote: > > > I think he means sshd. And it really doesn't matter, once you make > > install, > > > you'll overwrite the vulnerable copy with the new one, and all the > > hardlinks > > > won't matter, because they'd be linked to the new file. > > > > except that they won't. the point of a hard link is it points to the > > file, not the name. it's not a symlink. > > > > I don't get what you're talking about. If you overwrite the file > (vulnerable sshd) with a new one, the file gets replaced. All the hardlinks > would point to the new file. Depends how you overwrite it. Your method > $ echo apple > test > $ ln test test2 > $ echo orange > test2 > $ cat test > orange only works because you rewrite the contents of the file. Most methods that would be used to install new software would remove the directory entry and use a new inode. See for yourself, use ls -li and cp/mv/install.
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
On Jan 19, 2008 1:27 PM, Ted Unangst <[EMAIL PROTECTED]> wrote: > On 1/18/08, bofh <[EMAIL PROTECTED]> wrote: > > I think he means sshd. And it really doesn't matter, once you make > install, > > you'll overwrite the vulnerable copy with the new one, and all the > hardlinks > > won't matter, because they'd be linked to the new file. > > except that they won't. the point of a hard link is it points to the > file, not the name. it's not a symlink. > I don't get what you're talking about. If you overwrite the file (vulnerable sshd) with a new one, the file gets replaced. All the hardlinks would point to the new file. $ uname -a OpenBSD urd.spidernet.to 4.1 GENERIC#0 i386 $ echo apple > test $ ln test test2 $ ls -l test* -rw-r--r-- 2 tai wheel 6 Jan 19 19:43 test -rw-r--r-- 2 tai wheel 6 Jan 19 19:43 test2 $ cat test test2 apple apple $ echo orange > test2 $ cat test orange $ -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related
Re: vlan configuration: off-topic
On Sun, 2008-01-20 at 00:11 +, Mike wrote: > Hey Brian, > > I read your post about removing dell switches from your network. > > Just curious which models are you referring to? PowerConnect 27xx Managed "Entry-Level". Everything else is a re-branded Cisco with a crippled ISO version. ~BAS
Re: vlan configuration: off-topic
Hey Brian, I read your post about removing dell switches from your network. Just curious which models are you referring to? And what problems have run into using dell switches? Thanks, Mike Sent via BlackBerry from T-Mobile -Original Message- From: "Brian A. Seklecki (Mobile)" <[EMAIL PROTECTED]> Date: Fri, 18 Jan 2008 10:26:08 To:misc Subject: Re: vlan configuration: off-topic On Fri, 2008-01-18 at 11:49 -0200, John Nietzsche wrote: > Dear gentleman, > > i am starting with vlan topic right now. I am in need to get two dell > powerconnect 2724 switches to implement 3 vlan. I know how to The Dee PC2724 cant move its mgmnt vlan from VLAN1, and *BSD vlan(1) wont transmit VLAN 1 as tagged (per spec). The work around is to assign VLAN1's IP on your *BSD gear to the physical interface of your VLAN trunk. I'm about to remove the last of any/all Dell switches from my network -- an announcement which I'm sure Dell will censure from their forums. Ass - Holes. ~BAS
Re: ibm thinkpad x60s + suspend mode
Jussi Peltola wrote: Sadly I am forced to use WPA so I am back to Linux and the buggy ralink driver on my ThinkPad X22, which does support APM :( Oh - and to answer your question, not that I know of. Sorry. FreeBSD supports wireless WPA if you have to use one. Their ral driver is OK. If you are using WPA on your private network you are fooling yourself. Get the OpenVPN going. If you need WPA for the public access that is absurd. The university where I work requires WPA for WiF which kind a funny because it is public Internet access so I do not know what they are trying to accomplish by it as 50 000 people have WPA key. I decided just bring to my office an old PIII which runs OpenBSD and keep my laptop at home. They also require from me to use Cisco 3000 VPN to access class roster but they do not supports OpenBSD. So I had very "hard" time to install Cisco client from package depository and extract group password from their windows pcf file using tools available on the internet. Now I am running "secure" Cisco 3000 client and they can sleep peacefully. Best, Predrag
Re: ibm thinkpad x60s + suspend mode
On Sat, Jan 19, 2008 at 11:09:22PM +0100, Benoit Chesneau wrote: > On Jan 19, 2008 10:23 PM, Pau Amaro-Seoane <[EMAIL PROTECTED]> wrote: > > It'll take a long time before suspend is supported under acpi. Try to > > get an apm machine > > ok. > > Thanks for the info. Unfortunatly, i don't have the budget to change > the machine every day I want ;) Is there a way to make software > suspend on openbsd ? > In my experience OpenBSD boots faster than the other OS's resume from software suspend :) Of course, that is little comfort if you need to preserve application state. In my usage just shutting it down has been acceptable once I stopped thinking I need suspend (and the amount of work I lost with linux suspend combined with the ralink linux driver far outweighs the convenience I got with suspend anyway.) Sadly I am forced to use WPA so I am back to Linux and the buggy ralink driver on my ThinkPad X22, which does support APM :( Oh - and to answer your question, not that I know of. Sorry. -- Jussi Peltola
Re: ibm thinkpad x60s + suspend mode
On Jan 19, 2008 10:23 PM, Pau Amaro-Seoane <[EMAIL PROTECTED]> wrote: > It'll take a long time before suspend is supported under acpi. Try to > get an apm machine ok. Thanks for the info. Unfortunatly, i don't have the budget to change the machine every day I want ;) Is there a way to make software suspend on openbsd ? - benont
Re: ibm thinkpad x60s + suspend mode
It'll take a long time before suspend is supported under acpi. Try to get an apm machine Pau 2008/1/19, Benoit Chesneau <[EMAIL PROTECTED]>: > I just bought an ibm thinkpad x50s > > x60s obviously :) > OpenBSD 4.2-current (GENERIC.MP) #547: Fri Jan 18 15:22:48 MST 2008 > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP > cpu0: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) > 1.67 GHz > cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR > real mem = 1063677952 (1014MB) > avail mem = 1020547072 (973MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 07/26/07, BIOS32 rev. 0 @ 0xfd690, > SMBIOS rev. 2.4 @ 0xe0010 (67 entries) > bios0: vendor LENOVO version "7BETD1WW (2.12 )" date 07/26/2007 > bios0: LENOVO 17025PG > acpi0 at bios0: rev 2 > acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT > SSDT SSDT > acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) > EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: apic clock running at 166 MHz > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) > 1.67 GHz > cpu1: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins > ioapic0: duplicate apic id, remapped to apid 2 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (AGP_) > acpiprt2 at acpi0: bus 2 (EXP0) > acpiprt3 at acpi0: bus 3 (EXP1) > acpiprt4 at acpi0: bus 4 (EXP2) > acpiprt5 at acpi0: bus 12 (EXP3) > acpiprt6 at acpi0: bus 21 (PCI1) > acpiec0 at acpi0 > acpicpu0 at acpi0: C3, C2 > acpicpu1 at acpi0: C3, C2 > acpitz0 at acpi0: critical temperature 127 degC > acpitz1 at acpi0: critical temperature 97 degC > acpibtn0 at acpi0: LID_ > acpibtn1 at acpi0: SLPB > acpibat0 at acpi0: BAT0 model "42T5247" serial 538 type LION oem "SANYO" > acpibat1 at acpi0: BAT1 not present > acpibat2 at acpi0: BAT2 not present > acpiac0 at acpi0: AC unit online > acpidock at acpi0 not configured > bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 > 0xdc000/0x4000! 0xe/0x1! > cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a1d06000a1d > cpu0: using only highest and lowest power states > cpu0: Enhanced SpeedStep 1667 MHz (1164 mV): speeds: 1667, 1000 MHz > pci0 at mainbus0 bus 0: configuration mode 1 (no bios) > pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 > agp0 at pchb0: aperture at 0xd000, size 0x1000 > vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured > azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 > int 17 (irq 11) > azalia0: codec[s]: Analog Devices/0x1981, Conexant/0x2bfa, using Analog > Devices/0x1981 > audio0 at azalia0 > ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 2 int 20 > (irq 11) > pci1 at ppb0 bus 2 > em0 at pci1 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int > 16 (irq 11), address 00:16:d3:c0:22:c8 > ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 2 int 21 > (irq 11) > pci2 at ppb1 bus 3 > wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 2 > int 17 (irq 11), MoW2, address 00:1c:bf:6e:c5:c8 > ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 2 int 22 > (irq 11) > pci3 at ppb2 bus 4 > ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 2 int 23 > (irq 11) > pci4 at ppb3 bus 12 > uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2 int 16 > (irq 11) > uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 2 int 17 > (irq 11) > uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 2 int 18 > (irq 11) > uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 2 int 19 > (irq 11) > ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 2 int 19 > (irq 11) > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 > ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2 > pci5 at ppb4 bus 21 > cbb0 at pci5 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xb4: apic 2 int 16 > (irq 11) > "Ricoh 5C552 Firewire" rev 0x09 at pci5 dev 0 function 1 not configured > sdhc0 at pci5 dev 0 function 2 "Ricoh 5C822 SD/MMC" rev 0x18: apic 2 int 18 > (irq 11) > sdmmc0 at sdhc0 > cardslot0 at cbb0 slot 0 flags 0 >
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
On Sat, Jan 19, 2008 at 09:06:30PM +0100, Paul de Weerd wrote: > On Sat, Jan 19, 2008 at 08:57:10PM +0100, Otto Moerbeek wrote: > | On Sat, Jan 19, 2008 at 10:27:25AM -0800, Ted Unangst wrote: > | > | > On 1/18/08, bofh <[EMAIL PROTECTED]> wrote: > | > > I think he means sshd. And it really doesn't matter, once you make > install, > | > > you'll overwrite the vulnerable copy with the new one, and all the > hardlinks > | > > won't matter, because they'd be linked to the new file. > | > > | > except that they won't. the point of a hard link is it points to the > | > file, not the name. it's not a symlink. > | > | install(1) truncates and overwrites existing files, so the old end new > | file will have the same inode, iirc. > > $ echo apple > a > $ echo banana > b > $ ls -i > 2895709 a 2895710 b > $ install a b > $ ls -i > 2895709 a 2895711 b > > So it seems that b is unlinked before a is installed in its place. This > looks like it's not consistent with what the manpage says it does : > > If the target file already exists, it is either > renamed to file.old if the -b option is given or > overwritten if permissions allow. > > 'Overwritten' sounds more like what Otto said than the behaviour I'm > seeing. My memory is bad. It's cp(1) that preserves inode number. install(1) does not (a hint is given with the description of the -S option). -Otto
Re: 4.2-current throughput with pf enabled
On Tuesday 15 January 2008 21:06:51 Chris Cohen wrote: > On Tuesday 15 January 2008 18:13:15 Chris Cappuccio wrote: > > Chris Cohen [EMAIL PROTECTED] wrote: > > > I think my CPU is way too slow to be able to handle the GigE link and > > > the filter. Aren't there any tweaks for pf.conf/sysctl? > > > > Your CPU only gets used for packets that you actually receive. Your > > performance between a gig card and a 100m card is probably not going to > > be any different, unless your problem is related to the em driver. It's > > time to figure out what is fucking up your configuration. > > > > Have you tried disabling apm? pcibios? What does your dmesg look like? > > No, I haven't. I can try it at the weekend, but since the "problem" only > appears when I enable pf I am not sure if that will buy me anything? > Nevertheless will try to disable apm and pcibios this weekend. > replying to myself... tried both, but didn't help :( I think I will just upgrade to a new mini-itx system like http://cgi.ebay.de/ws/eBayISAPI.dll?ViewItem&rd=1&item=260202085551&ssPageName=STRK:MEWA:IT&ih=016. Are there any numbers (bps, ~1500byte packets) with this cpu/nic combination? -- Thanks Chris
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
On Sat, Jan 19, 2008 at 08:57:10PM +0100, Otto Moerbeek wrote: | On Sat, Jan 19, 2008 at 10:27:25AM -0800, Ted Unangst wrote: | | > On 1/18/08, bofh <[EMAIL PROTECTED]> wrote: | > > I think he means sshd. And it really doesn't matter, once you make install, | > > you'll overwrite the vulnerable copy with the new one, and all the hardlinks | > > won't matter, because they'd be linked to the new file. | > | > except that they won't. the point of a hard link is it points to the | > file, not the name. it's not a symlink. | | install(1) truncates and overwrites existing files, so the old end new | file will have the same inode, iirc. $ echo apple > a $ echo banana > b $ ls -i 2895709 a 2895710 b $ install a b $ ls -i 2895709 a 2895711 b So it seems that b is unlinked before a is installed in its place. This looks like it's not consistent with what the manpage says it does : If the target file already exists, it is either renamed to file.old if the -b option is given or overwritten if permissions allow. 'Overwritten' sounds more like what Otto said than the behaviour I'm seeing. Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
On Sat, Jan 19, 2008 at 10:27:25AM -0800, Ted Unangst wrote: > On 1/18/08, bofh <[EMAIL PROTECTED]> wrote: > > I think he means sshd. And it really doesn't matter, once you make install, > > you'll overwrite the vulnerable copy with the new one, and all the hardlinks > > won't matter, because they'd be linked to the new file. > > except that they won't. the point of a hard link is it points to the > file, not the name. it's not a symlink. install(1) truncates and overwrites existing files, so the old end new file will have the same inode, iirc. -Otto
Re: most secure graphical browser
On Sat, Jan 19, 2008 at 08:24:27AM +0100, ropers wrote: > On 19/01/2008, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > may just be very insecure. Which is it? You can't tell without looking > at the details, or asking somebody who has done so. Your specific > questions to this list about Dillo et al. are quite valid in that > regard, but your generalised question "Is a browser with a long > history of few security bugs more or less secure than a browser with a > long history of many security bugs?" really can't be answered. It > depends. I agree ropers. It seems that nobody has "looked at the details" and nobody who has done so has said so in this thread.I may as well go with Konqueror (for the feel I like) and Firefox (for sites that don't work with Konq) and be done with it. Thanks all. Doug.
Re: vlan configuration: off-topic
> maybe > > > and *BSD vlan(1) wont transmit VLAN 1 as tagged (per spec) Correct -- Thank you. I misspoke. It _will_ transmit it tagged as VLAN1 (if vlan1 interface is defined), but whether the receiving VLAN1 interface on the PowerConnect can ever receive is anyone's guess. I suppose it depends on whether the OpenBSD system is directly connected to the PowerConnect, what the configurations in the powerconnect for that switchport are, if there is an intermediary switches between the two (possibly from other vendors), what that vendor's VLAN1 "behavior" is, etc. ~BAS > > sure it will. > ifconfig vlan1 vlan 1 vlandev something
Re: watchdog sysctl missing?
On 19/01/2008, Richard Daemon <[EMAIL PROTECTED]> wrote: > Running 4.2-stable (Jan 13). > > sysctl: > kern.watchdog.auto > kern.watchdog.period > > These sysctl's are no longer available? I didn't notice if it's just in this > build or something changed in 4.1 or 4.2, but I know 4.0 has it and the man > page now even references these sysctl's. > > Is it just me or am I missing something??? These sysctl values are available only when at least one hardware watchdog driver is attached. C.
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
On 1/18/08, bofh <[EMAIL PROTECTED]> wrote: > I think he means sshd. And it really doesn't matter, once you make install, > you'll overwrite the vulnerable copy with the new one, and all the hardlinks > won't matter, because they'd be linked to the new file. except that they won't. the point of a hard link is it points to the file, not the name. it's not a symlink.
Re: most secure graphical browser
On Sat, 19 Jan 2008, Jona Joachim wrote: > On Sat, 19 Jan 2008 08:47:56 +1300, Joel Wiramu Pauling wrote: > > Talking about brainfucked bank sites... > My bank checks for the browser's user-agent: Firefox on win32 an Linux > passes, Firefox on *BSD is denied access, unless you change the > user-agent string... > I sent them a mail explaining them why this utter nonsense and I just > got a standard reply. > > Jona > Just change the user agent string, .. UserPrefs is great for that. There's absolutly no way you could get through to anyone that gives a damn anyway, so don't wast your time > -- > "I am chaos. I am the substance from which your artists and scientists > build rhythms. I am the spirit with which your children and clowns > laugh in happy anarchy. I am chaos. I am alive, and tell you that you > are free." Eris, Goddess Of Chaos, Discord & Confusion" > > Leland V. Lammert[EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net
watchdog sysctl missing?
Running 4.2-stable (Jan 13). sysctl: kern.watchdog.auto kern.watchdog.period These sysctl's are no longer available? I didn't notice if it's just in this build or something changed in 4.1 or 4.2, but I know 4.0 has it and the man page now even references these sysctl's. Is it just me or am I missing something???
Re: Concurrecnt PPPoE(4)?
Sunnz P=P0P?P8QP0: Just wondering has anyone ever used 2 PPPoE(4) connections on one real interface and rather if it should work or not? I only have one account with my ISP but they gave me 2 logins and up 4 concurrent logins are allowed with their TOS. My hardware ethernet gem(4) is connected to a modem, with the modem running in bridge mode. I were able to establish one pppoe(4) connection which I can nat machines behind OBSD to the internet... and also ssh back to OBSD from the internet. Modem (Bridge) <-> OBSD <-> LAN But it doesn't work quite the way I wanted but I made 2 pppoe(4) connections, with hostname.pppoe0 and hostname.pppoe1 under /etc/. I were able to nat machines behind OBSD with either pppoe0 OR pppoe1. So are far as nat goes, it is fine. But I were only able to ssh to pppoe1's IP address from the internet, but not pppoe0's IP address. I also attempted to traceroute the 2 IP from the internet, only pppoe1's IP works. It is very surprising as nat works... where the 'response' must make its way back to pppoe0's Ip somehow... You only have one defautl gateway, so the last pppoe session established sets it up to it's interface. The behaviour you're observing is absolutely normal. You should dig into pf's route-to, packet tagging and state-keeping options if you need to ssh back to the machine on both interfaces, or do whatever you want _from the machine itself_. There are a lot of examples in the net (including one in the PF FAQ if i've not mistaken) on what is the proper way of setting up several uplinks as you want. Regards, Doichin
Concurrecnt PPPoE(4)?
Just wondering has anyone ever used 2 PPPoE(4) connections on one real interface and rather if it should work or not? I only have one account with my ISP but they gave me 2 logins and up 4 concurrent logins are allowed with their TOS. My hardware ethernet gem(4) is connected to a modem, with the modem running in bridge mode. I were able to establish one pppoe(4) connection which I can nat machines behind OBSD to the internet... and also ssh back to OBSD from the internet. Modem (Bridge) <-> OBSD <-> LAN But it doesn't work quite the way I wanted but I made 2 pppoe(4) connections, with hostname.pppoe0 and hostname.pppoe1 under /etc/. I were able to nat machines behind OBSD with either pppoe0 OR pppoe1. So are far as nat goes, it is fine. But I were only able to ssh to pppoe1's IP address from the internet, but not pppoe0's IP address. I also attempted to traceroute the 2 IP from the internet, only pppoe1's IP works. It is very surprising as nat works... where the 'response' must make its way back to pppoe0's Ip somehow... -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
2008/1/19, bofh <[EMAIL PROTECTED]>: > On Jan 18, 2008 4:28 PM, Ted Unangst <[EMAIL PROTECTED]> wrote: > > > On 1/18/08, Sunnz <[EMAIL PROTECTED]> wrote: > > > From what I understand, if foo isn't the last hard link to the file, > > > and `rm foo` will NOT delete the file... > > > > what does it matter if somebody keeps a link to it? if you have idiot > > users who insist on using broken software, you have bigger problems. > > what if they download the old version and compile it themselves? > > > I think he means sshd. And it really doesn't matter, once you make install, > you'll overwrite the vulnerable copy with the new one, and all the hardlinks > won't matter, because they'd be linked to the new file. > Nice, that's interesting to know. > If you're worried about someone writing a program that'll walk the entire > drive and find all the sectors that were in use, and attempt to string them > together - think about it for a while, is this truly a problem for you? If > it is, either hire someone (or convince someone) to write a program to wipe > this out for you, or choose another OS where such a program exist. > Nope. It is not so about worrying... really, I am more curious about if such thing script/program exist or not, or what the security implication are all about - after reading all those delete free space threads.
ibm thinkpad x60s + suspend mode
I just bought an ibm thinkpad x50s x60s obviously :) OpenBSD 4.2-current (GENERIC.MP) #547: Fri Jan 18 15:22:48 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR real mem = 1063677952 (1014MB) avail mem = 1020547072 (973MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/26/07, BIOS32 rev. 0 @ 0xfd690, SMBIOS rev. 2.4 @ 0xe0010 (67 entries) bios0: vendor LENOVO version "7BETD1WW (2.12 )" date 07/26/2007 bios0: LENOVO 17025PG acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: duplicate apic id, remapped to apid 2 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpicpu1 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 127 degC acpitz1 at acpi0: critical temperature 97 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model "42T5247" serial 538 type LION oem "SANYO" acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpiac0 at acpi0: AC unit online acpidock at acpi0 not configured bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 0xdc000/0x4000! 0xe/0x1! cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a1d06000a1d cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1667 MHz (1164 mV): speeds: 1667, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 agp0 at pchb0: aperture at 0xd000, size 0x1000 vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 int 17 (irq 11) azalia0: codec[s]: Analog Devices/0x1981, Conexant/0x2bfa, using Analog Devices/0x1981 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 2 int 20 (irq 11) pci1 at ppb0 bus 2 em0 at pci1 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 16 (irq 11), address 00:16:d3:c0:22:c8 ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 2 int 21 (irq 11) pci2 at ppb1 bus 3 wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 2 int 17 (irq 11), MoW2, address 00:1c:bf:6e:c5:c8 ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 2 int 22 (irq 11) pci3 at ppb2 bus 4 ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 2 int 23 (irq 11) pci4 at ppb3 bus 12 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2 int 16 (irq 11) uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 2 int 17 (irq 11) uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 2 int 18 (irq 11) uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 2 int 19 (irq 11) ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 2 int 19 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2 pci5 at ppb4 bus 21 cbb0 at pci5 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xb4: apic 2 int 16 (irq 11) "Ricoh 5C552 Firewire" rev 0x09 at pci5 dev 0 function 1 not configured sdhc0 at pci5 dev 0 function 2 "Ricoh 5C822 SD/MMC" rev 0x18: apic 2 int 18 (irq 11) sdmmc0 at sdhc0 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) p
Re: vlan configuration: off-topic
Christ, the guy obviously had difficulty with the English language. He probably learned that greeting from a textbook. Learn to pick your battles.
ibm thinkpad x60s + suspend mode
Hi, I just bought an ibm thinkpad x50s and i'm tryining with latest current. i386- current to be precise, since i was unable to boot from amd64 cd42.iso install. Evrthing seems to work well even wifi, but last thing that doesn't work at all is suspend mode. acpi seems to work : enlil% sudo sysctl -a | grep acpi kern.timecounter.hardware=acpihpet0 kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000) dummy(-100) hw.sensors.acpitz0.temp0=50.05 degC (zone temperature) hw.sensors.acpitz1.temp0=49.05 degC (zone temperature) hw.sensors.acpibat0.volt0=14.40 VDC (voltage) hw.sensors.acpibat0.volt1=16.74 VDC (current voltage) hw.sensors.acpibat0.watthour0=29.61 Wh (last full capacity) hw.sensors.acpibat0.watthour1=1.48 Wh (warning capacity) hw.sensors.acpibat0.watthour2=0.20 Wh (low capacity) hw.sensors.acpibat0.watthour3=28.94 Wh (remaining capacity), OK hw.sensors.acpibat0.raw0=2 (battery charging), OK hw.sensors.acpibat0.raw1=4235 (rate) hw.sensors.acpiac0.indicator0=On (power supply) but apm -s and apm -Z don't give any result. When I launch apmd in debug mode (apm -d) nothing appear. Maybe I missed something ? Any idee how to have suspend working ? Find enclosed my dmesg file if it could help. - benont - benont OpenBSD 4.2-current (GENERIC.MP) #547: Fri Jan 18 15:22:48 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR real mem = 1063677952 (1014MB) avail mem = 1020547072 (973MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/26/07, BIOS32 rev. 0 @ 0xfd690, SMBIOS rev. 2.4 @ 0xe0010 (67 entries) bios0: vendor LENOVO version "7BETD1WW (2.12 )" date 07/26/2007 bios0: LENOVO 17025PG acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: duplicate apic id, remapped to apid 2 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpicpu1 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 127 degC acpitz1 at acpi0: critical temperature 97 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model "42T5247" serial 538 type LION oem "SANYO" acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpiac0 at acpi0: AC unit online acpidock at acpi0 not configured bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 0xdc000/0x4000! 0xe/0x1! cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a1d06000a1d cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1667 MHz (1164 mV): speeds: 1667, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 agp0 at pchb0: aperture at 0xd000, size 0x1000 vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 int 17 (irq 11) azalia0: codec[s]: Analog Devices/0x1981, Conexant/0x2bfa, using Analog Devices/0x1981 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 2 int 20 (irq 11) pci1 at ppb0 bus 2 em0 at pci1 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 16 (irq 11), address 00:16:d3:c0:22:c8 ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 2 int 21 (irq 11) pci2 at ppb1 bus 3 wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 2 int 17 (irq 11), MoW2, address 00:1c:bf:6e:c5:c8 ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 2 int 22 (irq 11) pci3 at ppb2 bus 4 ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 2 int 23 (irq 11) pci4 at ppb3 bus 12 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x
Re: vlan configuration: off-topic
On Friday 18 January 2008, Dirk Mast wrote: > Diana Eichert wrote: > > On Fri, 18 Jan 2008, John Nietzsche wrote: > >> Dear gentleman, > > > > Good thing you made this initial comment, it kept me from wasting > > my time explaining how to do this task. > > > > diana (who spent last night working on Cisco, Foundry and Netscreen > > gear.) > > Maybe you stop telling in every fifth post that you are a woman > and that you'd like special treatment. > > If you'd like to this in your local cafe nobody cares, but here it's > simply offtopic and spam. You hypocritically want special treatment by decreeing allowed posts. You tried and failed to limit the freedom of others. Your statements promote and support prejudice. Your claims are ignorant and incorrect lies. You failed to apologize. Are you related to Richard Stallman? You subscribed to [EMAIL PROTECTED] by mistake --people like you run linux.
cksum: out of data
Hello, my dmesg is filled with this message cksum: out of data and i can't find out from where it is (has something to do with the internet connection going up and down). It's a Alix 2c3 Board running as a DSL-Router and what I suspect might be the issue is serving a sixxs.net IPv6 tunnel (via aiccu). /var/log/messages contain this message everytime the internet connection goes down /bsd: cksum: out of data Is this message something to ignore, or to investigate further? OpenBSD 4.2-stable (GENERIC) #0: Sat Dec 1 17:21:05 CET 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 268009472 (255MB) avail mem = 251506688 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 10/31/07, BIOS32 rev. 0 @ 0xfcdda pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0xb000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31 glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10, address 00:0d:b9:12:6b:04 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 10 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, address 00:0d:b9:12:6b:05 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr2 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, address 00:0d:b9:12:6b:06 ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 pcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03 pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 4-sector PIO, LBA, 1953MB, 4001760 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) "AMD CS5536 Audio" rev 0x01 at pci0 dev 15 function 3 not configured ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 15, version 1.0, legacy support ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 15 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: AMD EHCI root hub, rev 2.00/1.00, addr 1 isa0 at pcib0 isadma0 at isa0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console usb1 at ohci0: USB revision 1.0 uhub1 at usb1: AMD OHCI root hub, rev 1.00/1.00, addr 1 biomask e3ef netmask ffef ttymask ffef pctr: user-level cycle counter enabled mtrr: K6-family MTRR support (2 registers) nvram: invalid checksum dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b clock: unknown CMOS layout cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data cksum: out of data
Re: wireless access point woes
hail, I've read araound for some time and never saw how to make a wpa access point using atheros and OpenBSD. As far as I could go, the hostap included in OBSD is for intra-ap stuff (I dont know much about this). All I've found on this is: http://www.openbsd.org/plus40.html: Implement the Michael MIC as defined in IEEE 802.11i for TKIP. This generates a weak 64-bit digest protected by an additional key - required for future IEEE 802.11i/WPA support. http://www.openbsd.org/plus42.html: Lots of 802.11 improvements and code in preparation for WPA and other auth styles. As I saw twice the word "preparation", I tend to think it is not done already. am I right ? is there any way to change my FreeBSD WPA+AES based AP to OpenBSD ? thanks in advance ;) matheus -- We will call you cygnus, The God of balance you shall be
Re: reboot(8) fails on Sun Fire X4100 M2 with latest i386.mp snapshot
Snaps will be a while since Theo is out hiking. On Sat, Jan 19, 2008 at 07:27:24AM +0100, Rolf Sommerhalder wrote: > On Jan 19, 2008 5:04 AM, Jonathan Gray <[EMAIL PROTECTED]> wrote: > > Try this diff: > > Great, that fixed it, thank you. > > Now, will you commit it so that it will be included in a next snapshot?
Re: most secure graphical browser
On Friday 18 January 2008, Joel Wiramu Pauling wrote: > > in the end a scrubbing proxy would be a good idea if your uber > > paranoid. > > > > does your bank not use SSL? or do you have some scrubbing proxy > > that you trust enough to MITM connections to your bank? > > No but having a scrubbing proxy reduces the chances of the browser > picking up anything nasty on the stream of consciousness browsing > sessions that are sure to ensue. You could of course also have the > proxy restrict access to anything but your banking sites, but then > again there are simpler ways to do this. All in scrubbing proxies, > for ad's malware, and just for ACL controls are good ideas. Of course > when combined with sane firewall policies etc as well. Stuart, Whether or not your bank uses SSL is (unfortunately) irrelevant. Banks do get hacked and banks do distribute malware to their customers. This exact thing happened to the Bank of India last year. http://www.malwarehelp.org/news/View.php?ArticleID=6199 You don't need to be uber-paranoid to use a scrubbing proxy, yet as you mentioned, it is a MITM, and should be vetted before use. kind regards, jcr
Re: modifying base system, need to recompile?
On Thursday 17 January 2008, Douglas A. Tutty wrote: > However, there have been threads here detailing the recompilation > necessary for sendmail to handle SSL Auth (or whatever its called). > If you have to recompile sendmail (as opposed to changing a config), > presumably you'd have to make the same changes to the source and > recompile whenever the source is changed by an update/upgrade. Is > this correct? As the person who got the original SASL2 port working, I can say needing to recompile sendmail for SASL2 support was true 4 *years* ago. My hands blew out shortly after I got that port working, and I've been partially crippled ever since. I posted what I had to ports@, and my SASL2 port was then cleaned up, tested further, eventually committed and since maintained by others. I haven't touched it since but from a quick read, it seems the situation hasn't changed. Most of the stuff below is for Aaron... As Josh Grosse mentioned, read your source: /usr/src/gnu/usr.sbin/sendmail/sendmail/Makefile You'll find this comment: # To build with SASL support define WANT_SMTPAUTH in /etc/mk.conf In short, the above means you make a one line addition to your /etc/mk.conf file (which is not molested by upgrades or updates) and every time you build your system, sendmail will compile correctly with SASL support without any changes required to your source tree. It's easy to see you're trying to run a mail server in a professional manner, so you *REALLY* should have a build/test machine rather than making unknown/untested changes to a production box. As for general system maintenance, do yourself a favor and read: $ man release Also read the FAQ section on making your own releases. http://www.openbsd.org/faq/faq5.html#Release You can compile your own release on your test box, test it, and maybe even use the test box as a temporary stand-in for a few minutes while you're installing the update/upgrade on your mail real server. Using carp(4) might be interesting for you; since once your test box is tested to be working properly, you might want to leave it attached as a backup in case your main server melts into a pile of slag. Lastly, you're probably wondering about rolling out packages when doing a full upgrade (i.e. version change like from 4.1 to 4.2). The answer, once again, is your test box, rolling your own releases, and learning to use the siteXY.tgz file with your customizations. Your changes like sendmail configuration files, any changes you want to do to your /etc files (pf, spamd), and any packages you want, SASL, tmda, clamav, and whatever else you fancy) can be added to your siteXY.tgz and automatically installed during your upgrade. Lucky for you, Mike Erdely (merdely@) just did a write up on using the siteXY.tgz file: http://www.undeadly.org/cgi?action=article&sid=20080111200305&mode=expanded&c ount=8 Your fears of users yelling about their email being down are well founded, but your fears of maintaining OpenBSD are on the edge of completely irrational. :-)
lacrossetechnology weather station + openbsd
Hello i'm trying to use openbsd (4.2-stable) with a lacrosse weather station (ws8610). there are multiple software to handle them depending on models open (open2300, open3600, open8610, ...) Sadly, if i can compile software, running them doesn't output anything. a ktrace shows it stalls (or mostly) on $ ./dump3600 /dev/null start end [...] 20658 dump3600 CALL getrusage(0,0xcfbe0fa0)// mostly [...] 20658 dump3600 CALL ioctl(0x4,TIOCMSET,0xcfbdd09c) OR $ ./dump8610 test 0 1FFF [...] 4525 dump8610 CALL getrusage(0,0xcfbdff50) // mostly [...] 4525 dump8610 CALL ioctl(0x4,TIOCMGET,0xcfbdffd4) [...] 4525 dump8610 CALL ioctl(0x4,TIOCMSET,0xcfbdbfec) 4525 dump8610 RET ioctl 0 4525 dump8610 CALL ioctl(0x4,TIOCMGET,0xcfbdbf9c) 4525 dump8610 RET ioctl 0 4525 dump8610 CALL ioctl(0x4,TIOCMSET,0xcfbdbf9c) 4525 dump8610 RET ioctl 0 4525 dump8610 PSIG SIGINT SIG_DFL code 0 // ^C Has anyone some of these stations working with openbsd ? thanks Cheers note: some links http://tech.groups.yahoo.com/group/Lacrosse_weather_stations/ http://www.lavrsen.dk/twiki/bin/view/Open2300/WebHome http://open3600.fast-mail.nl/tiki-index.php http://www.lacrossetechnology.com/