Re: Concurrecnt PPPoE(4)?

[Sunnz]

2008/1/20, Jussi Peltola <[EMAIL PROTECTED]>:
> On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote:
>
> > pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \
> > from any to pppoe0
> I don't think that will work. Anyone trying to reach pppoe0 will not get
> routed out on pppoe1.
>
> > pass in  on pppoe1 route-to (pppoe0 pppoe0:peer) \
> > from any to pppoe0
> You should never receive packets to pppoe0 on pppoe1 or your ISP is
> doing funny things.
>
> Try:
> pass in on pppoe0 reply-to (pppoe0 pppoe0:peer) from any to pppoe0
>
> and:
> pass in on pppoe1 reply-to (pppoe1 pppoe1:peer) from any to pppoe1.
>
> Then you also need to handle outgoing traffic:
> pass route-to (pppoe0 pppoe0:peer)
>
> or something similar (do not try load-balancing before you get the rest
> of it working).
>
> In this situation route-to will not help you with *incoming*
> connections. They are already routed by your isp. It is the replies
> (reply-to) and outgoing connections (route-to) that you need to
> statefully route to the correct interface using PF.
>

Thank you!! It is finally working now with:

pass in on pppoe0 reply-to pppoe0 from any to pppoe0
pass in on pppoe1 reply-to pppoe1 from any to pppoe1

Well at least ping and traceroute is working, not yet ssh... but
that's a good start I suppose.

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

cwm background & invoking mutt

[Chris]

After reading the undeadly post on cwm(1) I am trying it out in
Xnest(1). I was wondering how I could get a background image like the
one shown in undeadly.

Also, I can't invoke mutt using C-/ although I have a symlink in
.calmwm/. GUI apps like firefox and soffice fire up fine.

Any help would be much appreciated.

Thanks.

Re: Concurrecnt PPPoE(4)?

[Jussi Peltola]

On Sun, Jan 20, 2008 at 07:13:02AM +0200, Jussi Peltola wrote:
> On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote:
>  
> > pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \
> > from any to pppoe0
> I don't think that will work. Anyone trying to reach pppoe0 will not get
> routed out on pppoe1.
Hmm, actually that rule is almost correct, and I ended up getting confused...

What you probably mean is:
pass out on pppoe1 route-to (pppoe0 pppoe0:peer) from pppoe0 to any
 
This avoids packets from pppoe0's address from being routed on pppoe1
(since your isp would drop them.)
You need a similar rule for your other pppoe interface.

-- 
Jussi Peltola

Re: Concurrecnt PPPoE(4)?

[Jussi Peltola]

On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote:
 
> pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \
> from any to pppoe0
I don't think that will work. Anyone trying to reach pppoe0 will not get
routed out on pppoe1.

> pass in  on pppoe1 route-to (pppoe0 pppoe0:peer) \
> from any to pppoe0
You should never receive packets to pppoe0 on pppoe1 or your ISP is
doing funny things.

Try:
pass in on pppoe0 reply-to (pppoe0 pppoe0:peer) from any to pppoe0

and:
pass in on pppoe1 reply-to (pppoe1 pppoe1:peer) from any to pppoe1.

Then you also need to handle outgoing traffic:
pass route-to (pppoe0 pppoe0:peer)

or something similar (do not try load-balancing before you get the rest
of it working).

In this situation route-to will not help you with *incoming*
connections. They are already routed by your isp. It is the replies
(reply-to) and outgoing connections (route-to) that you need to
statefully route to the correct interface using PF.

Anyway, I have a very hard time writing correct rulesets with route-to /
reply-to, so hopefully someone more experienced can comment / beat me
with a clue stick.

-- 
Jussi Peltola

Re: Concurrecnt PPPoE(4)?

[Sunnz]

2008/1/20, NetOne - Doichin Dokov <[EMAIL PROTECTED]>:
> You only have one defautl gateway, so the last pppoe session established
> sets it up to it's interface. The behaviour you're observing is
> absolutely normal. You should dig into pf's route-to, packet tagging and
> state-keeping options if you need to ssh back to the machine on both
> interfaces, or do whatever you want _from the machine itself_. There are
> a lot of examples in the net (including one in the PF FAQ if i've not
> mistaken) on what is the proper way of setting up several uplinks as you
> want.
>

Hey, I have read the PF FAQ on route-to and Google several examples
online... I still don't get it...

I am currently just trying to get any packets to pppoe0 (from
outside), no fancy blockings yet...

I've added the following to my pf.conf:

pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \
from any to pppoe0
pass in  on pppoe1 route-to (pppoe0 pppoe0:peer) \
from any to pppoe0

And there are no other packet filtering rules for pppoe0 nor pppoe1,
they just had the default pass all.

Is my idea of route-to way out of there?
-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: watchdog sysctl missing?

[Richard Daemon]

On Jan 19, 2008 1:42 PM, Constantine A. Murenin <[EMAIL PROTECTED]> wrote:

> On 19/01/2008, Richard Daemon <[EMAIL PROTECTED]> wrote:
> > Running 4.2-stable (Jan 13).
> >
> > sysctl:
> > kern.watchdog.auto
> > kern.watchdog.period
> >
> > These sysctl's are no longer available? I didn't notice if it's just in
> this
> > build or something changed in 4.1 or 4.2, but I know 4.0 has it and the
> man
> > page now even references these sysctl's.
> >
> > Is it just me or am I missing something???
>
> These sysctl values are available only when at least one hardware
> watchdog driver is attached.
>
> C.
>

Makes sense, thanks for the reply!

Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2

[Richard Daemon]

On Jan 19, 2008 8:31 PM, SchC6berle DC!niel <[EMAIL PROTECTED]>
wrote:

> Hi all!
>
> I've just upgraded my firewall from OpenBSD 4.0 to 4.2-stable and ran
> into a small problem regarding mount_mfs. I solved it, but in case
> anybody else runs into it, here's something for the archives.
>
> I run the box from a 512MB CF and, originally, with very limited
> memory. The /var, tmp and /dev are mount_mfs and during the upgrade I
> had trobule with mounting /dev.
>
> I used to mount /dev with the following line:
>
> swap /dev mfs rw,-P=/proto/dev,-s=700,-i=256 0 0
>
> It seems that sometime after 4.1 was released (probably during ffs2
> development) mount_mfs was changed in such a way that it doesn't allow
> very high density for inodes. This resulted in mount_mfs failing on
> replicating the /dev and me getting a readonly /dev, which resulted
> in a box that I couldn't login into remotly (with ssh). Luckily you I
> could still issue commands with winscp or login locally. After couple
> of tests I concluded that mount_mfs simply ignores density settings
> lower than 1024, so I changed the /dev to settings to the following
> line:
>
> swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0
>
> Now everything is ok, I'm happy and sice CF is in a new box with lots
> of memory I'm not trying to squeeze every byte out of it.
>
> Maybe this maximal density could be documented somehow? I glanced at
> the mkfs.c and saw that, in theory, it should warn the user when
> reducing the density but I never got a warning during my tests.
>
> dmesg in case anybody needs it:
>
> OpenBSD 4.2-stable (SQUID_DISKD) #7: Fri Jan 18 21:11:32 CET 2008
>[EMAIL PROTECTED]
> :/usr/src/sys/arch/i386/compile/SQUID_DISK
> D
> cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz ("GenuineIntel" 686-class) 3.02GHz
> cpu0:
>
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
> real mem  = 2146988032 (2047MB)
> avail mem = 2068254720 (1972MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 07/11/03, BIOS32 rev. 0 @ 0xfb210,
> SMBIOS rev. 2.2 @ 0xf0800 (34 entries)
> bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 07/11/2003
> bios0: http://www.abit.com.tw/ BE7-S/BE7-G/BE7-B (Intel i845PE-ICH4)
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> apm0: flags 70102 dobusy 1 doidle 1
> pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/192 (10 entries)
> pcibios0: PCI Exclusive IRQs: 5 7 9 10 11
> pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00)
> pcibios0: PCI bus #2 is the last bus
> bios0: ROM list: 0xc/0xd000 0xd/0x8000!
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82845G/GL" rev 0x02
> ppb0 at pci0 dev 1 function 0 "Intel 82845G/GL/GV/GE/PE AGP" rev 0x02
> pci1 at ppb0 bus 1
> vga1 at pci1 dev 0 function 0 "ATI Radeon 9500 Pro" rev 0x00
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> "ATI Radeon 9500 Pro Sec" rev 0x00 at pci1 dev 0 function 1 not configured
> uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x02: irq 5
> uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x02: irq 7
> uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x02: irq 11
> ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x02: irq 10
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
> ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x82
> pci2 at ppb1 bus 2
> skc0 at pci2 dev 3 function 0 "D-Link Systems DGE-530T A1" rev 0x11, Yukon
> (0x1): irq 10
> sk0 at skc0 port A: address 00:13:46:64:e1:ef
> eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3
> pciide0 at pci2 dev 14 function 0 "CMD Technology SiI3112 SATA" rev 0x02:
> DMA
> pciide0: using irq 11 for native-PCI interrupt
> ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02: 24-bit
> timer
> at 3579545Hz
> pciide1 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA,
> channel 0
> configured to compatibility, channel 1 configured to compatibility
> wd0 at pciide1 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
> wd1 at pciide1 channel 0 drive 1: 
> wd1: 16-sector PIO, LBA48, 117800MB, 241254720 sectors
> wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
> wd1(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5
> wd2 at pciide1 channel 1 drive 0: 
> wd2: 16-sector PIO, LBA48, 117246MB, 240121728 sectors
> wd2(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
> ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: irq 9
> iic0 at ichiic0
> usb1 at uhci0: USB revision 1.0
> uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1
> usb2 at uhci1: USB revision 1.0
> uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1
> usb3 at uh

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[bofh]

On Jan 19, 2008 8:22 PM, Tony Abernethy <[EMAIL PROTECTED]> wrote:

> Copying to a file can be done in two distinct ways
> with different results for any other hard links to same file.
> cp overwrites the original inode
> install unlinks the original inode (after?) writing a new inode
>
> You probably get some "interesting" effects if it takes a long
> time to overwrite the executable file and that file is executed
> as it is being (partially) re-written.


Good point, wasn't thinking about that.  Yeah, race condition then, would be
fun.



-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."  --
Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related

mount_mfs change of behaviour regarding -i (inode density) on 4.2

[Schöberle Dániel]

Hi all!

I've just upgraded my firewall from OpenBSD 4.0 to 4.2-stable and ran
into a small problem regarding mount_mfs. I solved it, but in case
anybody else runs into it, here's something for the archives.

I run the box from a 512MB CF and, originally, with very limited
memory. The /var, tmp and /dev are mount_mfs and during the upgrade I
had trobule with mounting /dev.

I used to mount /dev with the following line:

swap /dev mfs rw,-P=/proto/dev,-s=700,-i=256 0 0

It seems that sometime after 4.1 was released (probably during ffs2
development) mount_mfs was changed in such a way that it doesn't allow
very high density for inodes. This resulted in mount_mfs failing on
replicating the /dev and me getting a readonly /dev, which resulted
in a box that I couldn't login into remotly (with ssh). Luckily you I
could still issue commands with winscp or login locally. After couple
of tests I concluded that mount_mfs simply ignores density settings
lower than 1024, so I changed the /dev to settings to the following
line:

swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0

Now everything is ok, I'm happy and sice CF is in a new box with lots
of memory I'm not trying to squeeze every byte out of it.

Maybe this maximal density could be documented somehow? I glanced at
the mkfs.c and saw that, in theory, it should warn the user when
reducing the density but I never got a warning during my tests.

dmesg in case anybody needs it:

OpenBSD 4.2-stable (SQUID_DISKD) #7: Fri Jan 18 21:11:32 CET 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/SQUID_DISK
D
cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz ("GenuineIntel" 686-class) 3.02 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem  = 2146988032 (2047MB)
avail mem = 2068254720 (1972MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/11/03, BIOS32 rev. 0 @ 0xfb210,
SMBIOS rev. 2.2 @ 0xf0800 (34 entries)
bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 07/11/2003
bios0: http://www.abit.com.tw/ BE7-S/BE7-G/BE7-B (Intel i845PE-ICH4)
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/192 (10 entries)
pcibios0: PCI Exclusive IRQs: 5 7 9 10 11
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xd000 0xd/0x8000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845G/GL" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 82845G/GL/GV/GE/PE AGP" rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon 9500 Pro" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"ATI Radeon 9500 Pro Sec" rev 0x00 at pci1 dev 0 function 1 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x02: irq 5
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x02: irq 7
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x02: irq 11
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x02: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x82
pci2 at ppb1 bus 2
skc0 at pci2 dev 3 function 0 "D-Link Systems DGE-530T A1" rev 0x11, Yukon
(0x1): irq 10
sk0 at skc0 port A: address 00:13:46:64:e1:ef
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3
pciide0 at pci2 dev 14 function 0 "CMD Technology SiI3112 SATA" rev 0x02: DMA
pciide0: using irq 11 for native-PCI interrupt
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02: 24-bit timer
at 3579545Hz
pciide1 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd1 at pciide1 channel 0 drive 1: 
wd1: 16-sector PIO, LBA48, 117800MB, 241254720 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5
wd2 at pciide1 channel 1 drive 0: 
wd2: 16-sector PIO, LBA48, 117246MB, 240121728 sectors
wd2(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: irq 9
iic0 at ichiic0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port

Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2

[Schöberle Dániel]

Sorry, wrong dmesg. This is the right one:

OpenBSD 4.2-stable (GENERIC) #1: Fri Jan 18 21:26:06 CET 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Duron(tm) processor ("AuthenticAMD" 686-class, 64KB L2 cache) 754
MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,F
XSR
real mem  = 536375296 (511MB)
avail mem = 511008768 (487MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/28/03, BIOS32 rev. 0 @ 0xfb4b0,
SMBIOS rev. 2.2 @ 0xf0800 (45 entries)
bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 08/28/2003
bios0: VIA Technologies, Inc. KT333-8235
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf74
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/192 (10 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT82C596A ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x8000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8366 PCI" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8366 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci0 dev 8 function 0 "S3 Trio32/64" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
dc0 at pci0 dev 10 function 0 "DEC 21142/3" rev 0x41: irq 10, address
00:80:c8:93:f9:00
amphy0 at dc0 phy 8: Am79C873 10/100 PHY, rev. 0
dc1 at pci0 dev 12 function 0 "Accton EN2242" rev 0x11: irq 11, address
00:04:e2:7b:0c:62
ukphy0 at dc1 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI
0x000749, model 0x0001
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 5
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 10
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 11
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: VIA EHCI root hub, rev 2.00/1.00, addr 1
viapm0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00
iic0 at viapm0
maxtmp0 at iic0 addr 0x4c: lm90
pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 1-sector PIO, LBA, 488MB, 1000944 sectors
wd0(pciide0:0:0): using PIO mode 0
pciide0: channel 1 disabled (no drives)
usb1 at uhci0: USB revision 1.0
uhub1 at usb1: VIA UHCI root hub, rev 1.00/1.00, addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2: VIA UHCI root hub, rev 1.00/1.00, addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3: VIA UHCI root hub, rev 1.00/1.00, addr 1
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
lm0 at isa0 port 0x290/8: W83697HF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ff65 netmask ff65 ttymask ffe7
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a swap on wd0b dump on wd0b

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[Tony Abernethy]

bofh wrote:
> I don't get what you're talking about.  If you overwrite the file
> (vulnerable sshd) with a new one, the file gets replaced.  
> All the hardlinks
> would point to the new file.

Copying to a file can be done in two distinct ways
with different results for any other hard links to same file.
cp overwrites the original inode 
install unlinks the original inode (after?) writing a new inode

You probably get some "interesting" effects if it takes a long
time to overwrite the executable file and that file is executed
as it is being (partially) re-written.

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[NetOne - Doichin Dokov]

bofh P=P0P?P8Q
P0:

On Jan 19, 2008 1:27 PM, Ted Unangst <[EMAIL PROTECTED]> wrote:

  

On 1/18/08, bofh <[EMAIL PROTECTED]> wrote:


I think he means sshd.  And it really doesn't matter, once you make
  

install,


you'll overwrite the vulnerable copy with the new one, and all the
  

hardlinks


won't matter, because they'd be linked to the new file.
  

except that they won't.  the point of a hard link is it points to the
file, not the name.  it's not a symlink.




I don't get what you're talking about.  If you overwrite the file
(vulnerable sshd) with a new one, the file gets replaced.  All the hardlinks
would point to the new file.

$ uname -a
OpenBSD urd.spidernet.to 4.1 GENERIC#0 i386
$ echo apple > test
$ ln test test2
$ ls -l test*
-rw-r--r--  2 tai  wheel  6 Jan 19 19:43 test
-rw-r--r--  2 tai  wheel  6 Jan 19 19:43 test2
$ cat test test2
apple
apple
$ echo orange > test2
$ cat test
orange
$
  

$ echo apples > apples
$ echo bananas > bananas
$ ln bananas whats_cooking
$ mv bananas oranges
$ echo oranges > oranges
$ cat whats_cooking
oranges
$

$ echo apples > apples
$ echo bananas > bananas
$ ln -s bananas whats_cooking
$ mv bananas oranges
$ cat whats_cooking
cat: whats_cooking: No such file or directory
$ echo bananas > bananas
$ cat whats_cooking
bananas
$

Mmm, yummy! Do you get it now? man ln(1) - it's all there.

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[Stuart Henderson]

On 2008/01/19 19:46, bofh wrote:
> On Jan 19, 2008 1:27 PM, Ted Unangst <[EMAIL PROTECTED]> wrote:
> 
> > On 1/18/08, bofh <[EMAIL PROTECTED]> wrote:
> > > I think he means sshd.  And it really doesn't matter, once you make
> > install,
> > > you'll overwrite the vulnerable copy with the new one, and all the
> > hardlinks
> > > won't matter, because they'd be linked to the new file.
> >
> > except that they won't.  the point of a hard link is it points to the
> > file, not the name.  it's not a symlink.
> >
> 
> I don't get what you're talking about.  If you overwrite the file
> (vulnerable sshd) with a new one, the file gets replaced.  All the hardlinks
> would point to the new file.

Depends how you overwrite it. Your method

> $ echo apple > test
> $ ln test test2
> $ echo orange > test2
> $ cat test
> orange

only works because you rewrite the contents of the file.

Most methods that would be used to install new software would
remove the directory entry and use a new inode.

See for yourself, use ls -li and cp/mv/install.

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[bofh]

On Jan 19, 2008 1:27 PM, Ted Unangst <[EMAIL PROTECTED]> wrote:

> On 1/18/08, bofh <[EMAIL PROTECTED]> wrote:
> > I think he means sshd.  And it really doesn't matter, once you make
> install,
> > you'll overwrite the vulnerable copy with the new one, and all the
> hardlinks
> > won't matter, because they'd be linked to the new file.
>
> except that they won't.  the point of a hard link is it points to the
> file, not the name.  it's not a symlink.
>

I don't get what you're talking about.  If you overwrite the file
(vulnerable sshd) with a new one, the file gets replaced.  All the hardlinks
would point to the new file.

$ uname -a
OpenBSD urd.spidernet.to 4.1 GENERIC#0 i386
$ echo apple > test
$ ln test test2
$ ls -l test*
-rw-r--r--  2 tai  wheel  6 Jan 19 19:43 test
-rw-r--r--  2 tai  wheel  6 Jan 19 19:43 test2
$ cat test test2
apple
apple
$ echo orange > test2
$ cat test
orange
$


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."  --
Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related

Re: vlan configuration: off-topic

[Brian A. Seklecki]

On Sun, 2008-01-20 at 00:11 +, Mike wrote:
> Hey Brian,
> 
> I read your post about removing dell switches from your network.  
> 
> Just curious which models are you referring to?

PowerConnect 27xx Managed "Entry-Level".  Everything else is a
re-branded Cisco with a crippled ISO version. ~BAS 

Re: vlan configuration: off-topic

[Mike]

Hey Brian,



I read your post about removing dell switches from your network.  



Just curious which models are you referring to?



And what problems have run into using dell switches?



Thanks,

Mike

Sent via BlackBerry from T-Mobile



-Original Message-

From: "Brian A. Seklecki (Mobile)" <[EMAIL PROTECTED]>



Date: Fri, 18 Jan 2008 10:26:08 

To:misc 

Subject: Re: vlan configuration: off-topic





On Fri, 2008-01-18 at 11:49 -0200, John Nietzsche wrote:

> Dear gentleman,

> 

> i am starting with vlan topic right now. I am in need to get two dell

> powerconnect 2724 switches to implement 3 vlan. I know how to



The Dee PC2724 cant move its mgmnt vlan from VLAN1, and *BSD vlan(1)

wont transmit VLAN 1 as tagged (per spec).



The work around is to assign VLAN1's IP on your *BSD gear to the

physical interface of your VLAN trunk.



I'm about to remove the last of any/all Dell switches from my network --

an announcement which I'm sure Dell will censure from their forums.



Ass - Holes.



~BAS

Re: ibm thinkpad x60s + suspend mode

[Predrag Punosevac]

Jussi Peltola wrote:


Sadly I am forced to use WPA so I am back to Linux and the buggy ralink
driver on my ThinkPad X22, which does support APM :(

Oh - and to answer your question, not that I know of. Sorry.

  


FreeBSD supports wireless WPA if you have to use one. Their ral driver 
is OK. If you are using WPA on your private network you are fooling 
yourself. Get the OpenVPN going. If you need WPA for the public access 
that is absurd.


The university where I work requires WPA for WiF which kind a funny 
because it is public Internet access so I do not know what they are 
trying to accomplish by it as 50 000 people have WPA key.


I decided just bring to my office an old PIII which runs OpenBSD and 
keep my laptop at home.
They also require from me to use Cisco 3000 VPN to access class roster 
but they do not supports OpenBSD.
So I had very "hard" time to install Cisco client from package 
depository and extract group password from their

windows pcf file using tools available on the internet.

Now I am running "secure" Cisco 3000 client and they can sleep peacefully.

Best,
Predrag

Re: ibm thinkpad x60s + suspend mode

[Jussi Peltola]

On Sat, Jan 19, 2008 at 11:09:22PM +0100, Benoit Chesneau wrote:
> On Jan 19, 2008 10:23 PM, Pau Amaro-Seoane <[EMAIL PROTECTED]> wrote:
> > It'll take a long time before suspend is supported under acpi. Try to
> > get an apm machine
> 
> ok.
> 
> Thanks for the info.  Unfortunatly, i don't have the budget to change
> the machine every day I want ;) Is there a way to make software
> suspend on openbsd ?
> 
In my experience OpenBSD boots faster than the other OS's resume from
software suspend :)

Of course, that is little comfort if you need to preserve application
state. In my usage just shutting it down has been acceptable once I
stopped thinking I need suspend (and the amount of work I lost with
linux suspend combined with the ralink linux driver far outweighs the
convenience I got with suspend anyway.)

Sadly I am forced to use WPA so I am back to Linux and the buggy ralink
driver on my ThinkPad X22, which does support APM :(

Oh - and to answer your question, not that I know of. Sorry.

-- 
Jussi Peltola

Re: ibm thinkpad x60s + suspend mode

[Benoit Chesneau]

On Jan 19, 2008 10:23 PM, Pau Amaro-Seoane <[EMAIL PROTECTED]> wrote:
> It'll take a long time before suspend is supported under acpi. Try to
> get an apm machine

ok.

Thanks for the info.  Unfortunatly, i don't have the budget to change
the machine every day I want ;) Is there a way to make software
suspend on openbsd ?

- benont

Re: ibm thinkpad x60s + suspend mode

[Pau Amaro-Seoane]

It'll take a long time before suspend is supported under acpi. Try to
get an apm machine

Pau

2008/1/19, Benoit Chesneau <[EMAIL PROTECTED]>:
> I just bought an ibm thinkpad x50s
>
> x60s obviously :)
> OpenBSD 4.2-current (GENERIC.MP) #547: Fri Jan 18 15:22:48 MST 2008
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
> cpu0: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 
> 1.67 GHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
> real mem  = 1063677952 (1014MB)
> avail mem = 1020547072 (973MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 07/26/07, BIOS32 rev. 0 @ 0xfd690, 
> SMBIOS rev. 2.4 @ 0xe0010 (67 entries)
> bios0: vendor LENOVO version "7BETD1WW (2.12 )" date 07/26/2007
> bios0: LENOVO 17025PG
> acpi0 at bios0: rev 2
> acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT 
> SSDT SSDT
> acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) 
> EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: apic clock running at 166 MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 
> 1.67 GHz
> cpu1: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
> ioapic0: duplicate apic id, remapped to apid 2
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (AGP_)
> acpiprt2 at acpi0: bus 2 (EXP0)
> acpiprt3 at acpi0: bus 3 (EXP1)
> acpiprt4 at acpi0: bus 4 (EXP2)
> acpiprt5 at acpi0: bus 12 (EXP3)
> acpiprt6 at acpi0: bus 21 (PCI1)
> acpiec0 at acpi0
> acpicpu0 at acpi0: C3, C2
> acpicpu1 at acpi0: C3, C2
> acpitz0 at acpi0: critical temperature 127 degC
> acpitz1 at acpi0: critical temperature 97 degC
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: SLPB
> acpibat0 at acpi0: BAT0 model "42T5247" serial   538 type LION oem "SANYO"
> acpibat1 at acpi0: BAT1 not present
> acpibat2 at acpi0: BAT2 not present
> acpiac0 at acpi0: AC unit online
> acpidock at acpi0 not configured
> bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 
> 0xdc000/0x4000! 0xe/0x1!
> cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a1d06000a1d
> cpu0: using only highest and lowest power states
> cpu0: Enhanced SpeedStep 1667 MHz (1164 mV): speeds: 1667, 1000 MHz
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
> agp0 at pchb0: aperture at 0xd000, size 0x1000
> vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
> azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 
> int 17 (irq 11)
> azalia0: codec[s]: Analog Devices/0x1981, Conexant/0x2bfa, using Analog 
> Devices/0x1981
> audio0 at azalia0
> ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 2 int 20 
> (irq 11)
> pci1 at ppb0 bus 2
> em0 at pci1 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 
> 16 (irq 11), address 00:16:d3:c0:22:c8
> ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 2 int 21 
> (irq 11)
> pci2 at ppb1 bus 3
> wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 2 
> int 17 (irq 11), MoW2, address 00:1c:bf:6e:c5:c8
> ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 2 int 22 
> (irq 11)
> pci3 at ppb2 bus 4
> ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 2 int 23 
> (irq 11)
> pci4 at ppb3 bus 12
> uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2 int 16 
> (irq 11)
> uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 2 int 17 
> (irq 11)
> uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 2 int 18 
> (irq 11)
> uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 2 int 19 
> (irq 11)
> ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 2 int 19 
> (irq 11)
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
> pci5 at ppb4 bus 21
> cbb0 at pci5 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xb4: apic 2 int 16 
> (irq 11)
> "Ricoh 5C552 Firewire" rev 0x09 at pci5 dev 0 function 1 not configured
> sdhc0 at pci5 dev 0 function 2 "Ricoh 5C822 SD/MMC" rev 0x18: apic 2 int 18 
> (irq 11)
> sdmmc0 at sdhc0
> cardslot0 at cbb0 slot 0 flags 0
>

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[Otto Moerbeek]

On Sat, Jan 19, 2008 at 09:06:30PM +0100, Paul de Weerd wrote:

> On Sat, Jan 19, 2008 at 08:57:10PM +0100, Otto Moerbeek wrote:
> | On Sat, Jan 19, 2008 at 10:27:25AM -0800, Ted Unangst wrote:
> | 
> | > On 1/18/08, bofh <[EMAIL PROTECTED]> wrote:
> | > > I think he means sshd.  And it really doesn't matter, once you make 
> install,
> | > > you'll overwrite the vulnerable copy with the new one, and all the 
> hardlinks
> | > > won't matter, because they'd be linked to the new file.
> | > 
> | > except that they won't.  the point of a hard link is it points to the
> | > file, not the name.  it's not a symlink.
> | 
> | install(1) truncates and overwrites existing files, so the old end new
> | file will have the same inode, iirc.
> 
> $ echo apple > a
> $ echo banana > b
> $ ls -i
> 2895709 a 2895710 b
> $ install a b
> $ ls -i
> 2895709 a 2895711 b
> 
> So it seems that b is unlinked before a is installed in its place. This
> looks like it's not consistent with what the manpage says it does :
> 
>   If the target file already exists, it is either
>   renamed to file.old if the -b option is given or
>   overwritten if permissions allow. 
> 
> 'Overwritten' sounds more like what Otto said than the behaviour I'm
> seeing.

My memory is bad. It's cp(1) that preserves inode number. install(1)
does not (a hint is given with the description of the -S option). 

-Otto

Re: 4.2-current throughput with pf enabled

[Chris Cohen]

On Tuesday 15 January 2008 21:06:51 Chris Cohen wrote:
> On Tuesday 15 January 2008 18:13:15 Chris Cappuccio wrote:
> > Chris Cohen [EMAIL PROTECTED] wrote:
> > > I think my CPU is way too slow to be able to handle the GigE link and
> > > the filter. Aren't there any tweaks for pf.conf/sysctl?
> >
> > Your CPU only gets used for packets that you actually receive.  Your
> > performance between a gig card and a 100m card is probably not going to
> > be any different, unless your problem is related to the em driver.  It's
> > time to figure out what is fucking up your configuration.
> >
> > Have you tried disabling apm? pcibios? What does your dmesg look like?
>
> No, I haven't. I can try it at the weekend, but since the "problem" only
> appears when I enable pf I am not sure if that will buy me anything?
> Nevertheless will try to disable apm and pcibios this weekend.
>

replying to myself... tried both, but didn't help :(

I think I will just upgrade to a new mini-itx system like 
http://cgi.ebay.de/ws/eBayISAPI.dll?ViewItem&rd=1&item=260202085551&ssPageName=STRK:MEWA:IT&ih=016.
Are there any numbers (bps, ~1500byte packets) with this cpu/nic combination?

-- 
Thanks
Chris

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[Paul de Weerd]

On Sat, Jan 19, 2008 at 08:57:10PM +0100, Otto Moerbeek wrote:
| On Sat, Jan 19, 2008 at 10:27:25AM -0800, Ted Unangst wrote:
| 
| > On 1/18/08, bofh <[EMAIL PROTECTED]> wrote:
| > > I think he means sshd.  And it really doesn't matter, once you make 
install,
| > > you'll overwrite the vulnerable copy with the new one, and all the 
hardlinks
| > > won't matter, because they'd be linked to the new file.
| > 
| > except that they won't.  the point of a hard link is it points to the
| > file, not the name.  it's not a symlink.
| 
| install(1) truncates and overwrites existing files, so the old end new
| file will have the same inode, iirc.

$ echo apple > a
$ echo banana > b
$ ls -i
2895709 a 2895710 b
$ install a b
$ ls -i
2895709 a 2895711 b

So it seems that b is unlinked before a is installed in its place. This
looks like it's not consistent with what the manpage says it does :

If the target file already exists, it is either
renamed to file.old if the -b option is given or
overwritten if permissions allow. 

'Overwritten' sounds more like what Otto said than the behaviour I'm
seeing.

Cheers,

Paul 'WEiRD' de Weerd

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[Otto Moerbeek]

On Sat, Jan 19, 2008 at 10:27:25AM -0800, Ted Unangst wrote:

> On 1/18/08, bofh <[EMAIL PROTECTED]> wrote:
> > I think he means sshd.  And it really doesn't matter, once you make install,
> > you'll overwrite the vulnerable copy with the new one, and all the hardlinks
> > won't matter, because they'd be linked to the new file.
> 
> except that they won't.  the point of a hard link is it points to the
> file, not the name.  it's not a symlink.

install(1) truncates and overwrites existing files, so the old end new
file will have the same inode, iirc.

-Otto

Re: most secure graphical browser

[Douglas A. Tutty]

On Sat, Jan 19, 2008 at 08:24:27AM +0100, ropers wrote:
> On 19/01/2008, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:

> may just be very insecure. Which is it? You can't tell without looking
> at the details, or asking somebody who has done so. Your specific
> questions to this list about Dillo et al. are quite valid in that
> regard, but your generalised question "Is a browser with a long
> history of few security bugs more or less secure than a browser with a
> long history of many security bugs?" really can't be answered. It
> depends.

I agree ropers.  It seems that nobody has "looked at the details" and
nobody who has done so has said so in this thread.I may as well go
with Konqueror (for the feel I like) and Firefox (for sites that don't
work with Konq) and be done with it.

Thanks all.

Doug.

Re: vlan configuration: off-topic

[Brian A. Seklecki]

> maybe
> 
> > and *BSD vlan(1) wont transmit VLAN 1 as tagged (per spec)

Correct -- Thank you.  I misspoke.  

It _will_ transmit it tagged as VLAN1 (if vlan1 interface is defined),
but whether the receiving VLAN1 interface on the PowerConnect can ever
receive is anyone's guess. 

I suppose it depends on whether the OpenBSD system is directly connected
to the PowerConnect, what the configurations in the powerconnect for
that switchport are, if there is an intermediary switches between the
two (possibly from other vendors), what that vendor's VLAN1 "behavior"
is, etc.

~BAS

> 
> sure it will.
> ifconfig vlan1 vlan 1 vlandev something

Re: watchdog sysctl missing?

[Constantine A. Murenin]

On 19/01/2008, Richard Daemon <[EMAIL PROTECTED]> wrote:
> Running 4.2-stable (Jan 13).
>
> sysctl:
> kern.watchdog.auto
> kern.watchdog.period
>
> These sysctl's are no longer available? I didn't notice if it's just in this
> build or something changed in 4.1 or 4.2, but I know 4.0 has it and the man
> page now even references these sysctl's.
>
> Is it just me or am I missing something???

These sysctl values are available only when at least one hardware
watchdog driver is attached.

C.

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[Ted Unangst]

On 1/18/08, bofh <[EMAIL PROTECTED]> wrote:
> I think he means sshd.  And it really doesn't matter, once you make install,
> you'll overwrite the vulnerable copy with the new one, and all the hardlinks
> won't matter, because they'd be linked to the new file.

except that they won't.  the point of a hard link is it points to the
file, not the name.  it's not a symlink.

Re: most secure graphical browser

[L. V. Lammert]

On Sat, 19 Jan 2008, Jona Joachim wrote:

> On Sat, 19 Jan 2008 08:47:56 +1300, Joel Wiramu Pauling wrote:
>
> Talking about brainfucked bank sites...
> My bank checks for the browser's user-agent: Firefox on win32 an Linux
> passes, Firefox on *BSD is denied access, unless you change the
> user-agent string...
> I sent them a mail explaining them why this utter nonsense and I just
> got a standard reply.
>
> Jona
>
Just change the user agent string, .. UserPrefs is great for that. There's
absolutly no way you could get through to anyone that gives a damn anyway,
so don't wast your time

> --
> "I am chaos. I am the substance from which your artists and scientists
> build rhythms. I am the spirit with which your children and clowns
> laugh in happy anarchy. I am chaos. I am alive, and tell you that you
> are free." Eris, Goddess Of Chaos, Discord & Confusion"
>
>


  Leland V. Lammert[EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
 Network/Internet Consultants   www.omnitec.net

watchdog sysctl missing?

[Richard Daemon]

Running 4.2-stable (Jan 13).

sysctl:
kern.watchdog.auto
kern.watchdog.period

These sysctl's are no longer available? I didn't notice if it's just in this
build or something changed in 4.1 or 4.2, but I know 4.0 has it and the man
page now even references these sysctl's.

Is it just me or am I missing something???

Re: Concurrecnt PPPoE(4)?

[NetOne - Doichin Dokov]

Sunnz P=P0P?P8Q
P0:

Just wondering has anyone ever used 2 PPPoE(4) connections on one real
interface and rather if it should work or not?

I only have one account with my ISP but they gave me 2 logins and up 4
concurrent logins are allowed with their TOS.

My hardware ethernet gem(4) is connected to a modem, with the modem
running in bridge mode.

I were able to establish one pppoe(4) connection which I can nat
machines behind OBSD to the internet... and also ssh back to OBSD from
the internet.

Modem (Bridge) <-> OBSD <-> LAN

But it doesn't work quite the way I wanted but I made 2 pppoe(4)
connections, with hostname.pppoe0 and hostname.pppoe1 under /etc/.

I were able to nat machines behind OBSD with either pppoe0 OR pppoe1.
So are far as nat goes, it is fine.

But I were only able to ssh to pppoe1's IP address from the internet,
but not pppoe0's IP address.

I also attempted to traceroute the 2 IP from the internet, only
pppoe1's IP works.

It is very surprising as nat works... where the 'response' must make
its way back to pppoe0's Ip somehow...

  
You only have one defautl gateway, so the last pppoe session established 
sets it up to it's interface. The behaviour you're observing is 
absolutely normal. You should dig into pf's route-to, packet tagging and 
state-keeping options if you need to ssh back to the machine on both 
interfaces, or do whatever you want _from the machine itself_. There are 
a lot of examples in the net (including one in the PF FAQ if i've not 
mistaken) on what is the proper way of setting up several uplinks as you 
want.


Regards,
Doichin

Concurrecnt PPPoE(4)?

[Sunnz]

Just wondering has anyone ever used 2 PPPoE(4) connections on one real
interface and rather if it should work or not?

I only have one account with my ISP but they gave me 2 logins and up 4
concurrent logins are allowed with their TOS.

My hardware ethernet gem(4) is connected to a modem, with the modem
running in bridge mode.

I were able to establish one pppoe(4) connection which I can nat
machines behind OBSD to the internet... and also ssh back to OBSD from
the internet.

Modem (Bridge) <-> OBSD <-> LAN

But it doesn't work quite the way I wanted but I made 2 pppoe(4)
connections, with hostname.pppoe0 and hostname.pppoe1 under /etc/.

I were able to nat machines behind OBSD with either pppoe0 OR pppoe1.
So are far as nat goes, it is fine.

But I were only able to ssh to pppoe1's IP address from the internet,
but not pppoe0's IP address.

I also attempted to traceroute the 2 IP from the internet, only
pppoe1's IP works.

It is very surprising as nat works... where the 'response' must make
its way back to pppoe0's Ip somehow...

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[Sunnz]

2008/1/19, bofh <[EMAIL PROTECTED]>:
> On Jan 18, 2008 4:28 PM, Ted Unangst <[EMAIL PROTECTED]> wrote:
>
> > On 1/18/08, Sunnz <[EMAIL PROTECTED]> wrote:
> > > From what I understand, if foo isn't the last hard link to the file,
> > > and `rm foo` will NOT delete the file...
> >
> > what does it matter if somebody keeps a link to it?  if you have idiot
> > users who insist on using broken software, you have bigger problems.
> > what if they download the old version and compile it themselves?
>
>
> I think he means sshd.  And it really doesn't matter, once you make install,
> you'll overwrite the vulnerable copy with the new one, and all the hardlinks
> won't matter, because they'd be linked to the new file.
>

Nice, that's interesting to know.

> If you're worried about someone writing a program that'll walk the entire
> drive and find all the sectors that were in use, and attempt to string them
> together - think about it for a while, is this truly a problem for you?  If
> it is, either hire someone (or convince someone) to write a program to wipe
> this out for you, or choose another OS where such a program exist.
>

Nope. It is not so about worrying... really, I am more curious about
if such thing script/program exist or not, or what the security
implication are all about - after reading all those delete free space
threads.

ibm thinkpad x60s + suspend mode

[Benoit Chesneau]

I just bought an ibm thinkpad x50s

x60s obviously :)
OpenBSD 4.2-current (GENERIC.MP) #547: Fri Jan 18 15:22:48 MST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
real mem  = 1063677952 (1014MB)
avail mem = 1020547072 (973MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/26/07, BIOS32 rev. 0 @ 0xfd690, SMBIOS 
rev. 2.4 @ 0xe0010 (67 entries)
bios0: vendor LENOVO version "7BETD1WW (2.12 )" date 07/26/2007
bios0: LENOVO 17025PG
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT 
SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) 
EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 
GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: duplicate apic id, remapped to apid 2
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpicpu1 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 97 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "42T5247" serial   538 type LION oem "SANYO"
acpibat1 at acpi0: BAT1 not present
acpibat2 at acpi0: BAT2 not present
acpiac0 at acpi0: AC unit online
acpidock at acpi0 not configured
bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 0xdc000/0x4000! 
0xe/0x1!
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a1d06000a1d
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1667 MHz (1164 mV): speeds: 1667, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
agp0 at pchb0: aperture at 0xd000, size 0x1000
vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 int 
17 (irq 11)
azalia0: codec[s]: Analog Devices/0x1981, Conexant/0x2bfa, using Analog 
Devices/0x1981
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 2 int 20 
(irq 11)
pci1 at ppb0 bus 2
em0 at pci1 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 
16 (irq 11), address 00:16:d3:c0:22:c8
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 2 int 21 
(irq 11)
pci2 at ppb1 bus 3
wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 2 int 
17 (irq 11), MoW2, address 00:1c:bf:6e:c5:c8
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 2 int 22 
(irq 11)
pci3 at ppb2 bus 4
ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 2 int 23 
(irq 11)
pci4 at ppb3 bus 12
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2 int 16 
(irq 11)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 2 int 17 
(irq 11)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 2 int 18 
(irq 11)
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 2 int 19 
(irq 11)
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 2 int 19 
(irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci5 at ppb4 bus 21
cbb0 at pci5 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xb4: apic 2 int 16 
(irq 11)
"Ricoh 5C552 Firewire" rev 0x09 at pci5 dev 0 function 1 not configured
sdhc0 at pci5 dev 0 function 2 "Ricoh 5C822 SD/MMC" rev 0x18: apic 2 int 18 
(irq 11)
sdmmc0 at sdhc0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x02: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
p

Re: vlan configuration: off-topic

[Deanna Phillips]

Christ, the guy obviously had difficulty with the English
language.  He probably learned that greeting from a textbook.
Learn to pick your battles.

ibm thinkpad x60s + suspend mode

[Benoit Chesneau]

Hi,

I just bought an ibm thinkpad x50s and i'm tryining with latest
current. i386- current to be precise, since i was unable to boot from
amd64 cd42.iso install. Evrthing seems to work well even wifi, but
last thing that doesn't work at all is suspend mode.

acpi seems to work :

enlil% sudo sysctl -a | grep acpi
kern.timecounter.hardware=acpihpet0
kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000)
dummy(-100)
hw.sensors.acpitz0.temp0=50.05 degC (zone temperature)
hw.sensors.acpitz1.temp0=49.05 degC (zone temperature)
hw.sensors.acpibat0.volt0=14.40 VDC (voltage)
hw.sensors.acpibat0.volt1=16.74 VDC (current voltage)
hw.sensors.acpibat0.watthour0=29.61 Wh (last full capacity)
hw.sensors.acpibat0.watthour1=1.48 Wh (warning capacity)
hw.sensors.acpibat0.watthour2=0.20 Wh (low capacity)
hw.sensors.acpibat0.watthour3=28.94 Wh (remaining capacity), OK
hw.sensors.acpibat0.raw0=2 (battery charging), OK
hw.sensors.acpibat0.raw1=4235 (rate)
hw.sensors.acpiac0.indicator0=On (power supply)


but apm -s and apm -Z don't give any result. When I launch apmd  in
debug mode (apm -d) nothing appear.

Maybe I missed something ? Any idee how to have suspend working ? Find
enclosed my dmesg file if it could help.

- benont
- benont
OpenBSD 4.2-current (GENERIC.MP) #547: Fri Jan 18 15:22:48 MST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
real mem  = 1063677952 (1014MB)
avail mem = 1020547072 (973MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/26/07, BIOS32 rev. 0 @ 0xfd690, SMBIOS 
rev. 2.4 @ 0xe0010 (67 entries)
bios0: vendor LENOVO version "7BETD1WW (2.12 )" date 07/26/2007
bios0: LENOVO 17025PG
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT 
SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) 
EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 
GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: duplicate apic id, remapped to apid 2
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpicpu1 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 97 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "42T5247" serial   538 type LION oem "SANYO"
acpibat1 at acpi0: BAT1 not present
acpibat2 at acpi0: BAT2 not present
acpiac0 at acpi0: AC unit online
acpidock at acpi0 not configured
bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 0xdc000/0x4000! 
0xe/0x1!
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a1d06000a1d
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1667 MHz (1164 mV): speeds: 1667, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
agp0 at pchb0: aperture at 0xd000, size 0x1000
vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 int 
17 (irq 11)
azalia0: codec[s]: Analog Devices/0x1981, Conexant/0x2bfa, using Analog 
Devices/0x1981
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 2 int 20 
(irq 11)
pci1 at ppb0 bus 2
em0 at pci1 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 
16 (irq 11), address 00:16:d3:c0:22:c8
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 2 int 21 
(irq 11)
pci2 at ppb1 bus 3
wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 2 int 
17 (irq 11), MoW2, address 00:1c:bf:6e:c5:c8
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 2 int 22 
(irq 11)
pci3 at ppb2 bus 4
ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 2 int 23 
(irq 11)
pci4 at ppb3 bus 12
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x

Re: vlan configuration: off-topic

[J.C. Roberts]

On Friday 18 January 2008, Dirk Mast wrote:
> Diana Eichert wrote:
> > On Fri, 18 Jan 2008, John Nietzsche wrote:
> >> Dear gentleman,
> >
> > Good thing you made this initial comment, it kept me from wasting
> > my time explaining how to do this task.
> >
> > diana (who spent last night working on Cisco, Foundry and Netscreen
> > gear.)
>
> Maybe you stop telling in every fifth post that you are a woman
> and that you'd like special treatment.
>
> If you'd like to this in your local cafe nobody cares, but here it's
> simply offtopic and spam.


You hypocritically want special treatment by decreeing allowed posts.

You tried and failed to limit the freedom of others.

Your statements promote and support prejudice.

Your claims are ignorant and incorrect lies.

You failed to apologize.


Are you related to Richard Stallman?


You subscribed to [EMAIL PROTECTED] by mistake --people like you run linux.

cksum: out of data

[Dirk Mast]

Hello,

my dmesg is filled with this message
cksum: out of data 
and i can't find out from where it is (has something to do with 
the internet connection going up and down).

It's a Alix 2c3 Board running as a DSL-Router
and what I suspect might be the issue is serving
a sixxs.net IPv6 tunnel (via aiccu).

/var/log/messages contain this message everytime the 
internet connection goes down 

/bsd: cksum: out of data

Is this message something to ignore, or to investigate further?


OpenBSD 4.2-stable (GENERIC) #0: Sat Dec  1 17:21:05 CET 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class)
499 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 268009472 (255MB)
avail mem = 251506688 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/31/07, BIOS32 rev. 0 @ 0xfcdda
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xb000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10,
address 00:0d:b9:12:6b:04
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 10 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11,
address 00:0d:b9:12:6b:05
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr2 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12,
address 00:0d:b9:12:6b:06
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
pcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03
pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 4-sector PIO, LBA, 1953MB, 4001760 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
"AMD CS5536 Audio" rev 0x01 at pci0 dev 15 function 3 not configured
ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 15, version
1.0, legacy support
ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: AMD EHCI root hub, rev 2.00/1.00, addr 1
isa0 at pcib0
isadma0 at isa0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
usb1 at ohci0: USB revision 1.0
uhub1 at usb1: AMD OHCI root hub, rev 1.00/1.00, addr 1
biomask e3ef netmask ffef ttymask ffef
pctr: user-level cycle counter enabled
mtrr: K6-family MTRR support (2 registers)
nvram: invalid checksum
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a swap on wd0b dump on wd0b
clock: unknown CMOS layout
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data
cksum: out of data

Re: wireless access point woes

[Nenhum_de_Nos]

hail,

I've read araound for some time and never saw how to make a wpa access
point using atheros and OpenBSD.
As far as I could go, the hostap included in OBSD is for intra-ap
stuff (I dont know much about this).

All I've found on this is:

http://www.openbsd.org/plus40.html:
Implement the Michael MIC as defined in IEEE 802.11i for TKIP. This
generates a weak 64-bit digest protected by an additional key -
required for future IEEE 802.11i/WPA support.

http://www.openbsd.org/plus42.html:
Lots of 802.11 improvements and code in preparation for WPA and other
auth styles.

As I saw twice the word "preparation", I tend to think it is not done already.

am I right ?

is there any way to change my FreeBSD WPA+AES based AP to OpenBSD ?

thanks in advance ;)

matheus


-- 
We will call you cygnus,
The God of balance you shall be

Re: reboot(8) fails on Sun Fire X4100 M2 with latest i386.mp snapshot

[Marco Peereboom]

Snaps will be a while since Theo is out hiking.

On Sat, Jan 19, 2008 at 07:27:24AM +0100, Rolf Sommerhalder wrote:
> On Jan 19, 2008 5:04 AM, Jonathan Gray <[EMAIL PROTECTED]> wrote:
> > Try this diff:
> 
> Great, that fixed it, thank you.
> 
> Now, will you commit it so that it will be included in a next snapshot?

Re: most secure graphical browser

[J.C. Roberts]

On Friday 18 January 2008, Joel Wiramu Pauling wrote:
> > in the end a scrubbing proxy would be a good idea if your uber
> > paranoid.
> >
> > does your bank not use SSL? or do you have some scrubbing proxy
> > that you trust enough to MITM connections to your bank?
>
> No but having a scrubbing proxy reduces the chances of the browser
> picking up anything nasty on the stream of consciousness browsing
> sessions that are sure to ensue. You could of course also have the
> proxy restrict access to anything but your banking sites, but then
> again there are simpler ways to do this. All in scrubbing proxies,
> for ad's malware, and just for ACL controls are good ideas. Of course
> when combined with sane firewall policies etc as well.

Stuart,

Whether or not your bank uses SSL is (unfortunately) irrelevant. Banks 
do get hacked and banks do distribute malware to their customers. This 
exact thing happened to the Bank of India last year.

http://www.malwarehelp.org/news/View.php?ArticleID=6199

You don't need to be uber-paranoid to use a scrubbing proxy, yet as you 
mentioned, it is a MITM, and should be vetted before use.

kind regards,
jcr

Re: modifying base system, need to recompile?

[J.C. Roberts]

On Thursday 17 January 2008, Douglas A. Tutty wrote:
> However, there have been threads here detailing the recompilation
> necessary for sendmail to handle SSL Auth (or whatever its called).
>  If you have to recompile sendmail (as opposed to changing a config),
> presumably you'd have to make the same changes to the source and
> recompile whenever the source is changed by an update/upgrade.  Is
> this correct?

As the person who got the original SASL2 port working, I can say needing
to recompile sendmail for SASL2 support was true 4 *years* ago. My
hands blew out shortly after I got that port working, and I've been
partially crippled ever since. I posted what I had to ports@, and my
SASL2 port was then cleaned up, tested further, eventually committed
and since maintained by others. I haven't touched it since but from a
quick read, it seems the situation hasn't changed.

Most of the stuff below is for Aaron...

As Josh Grosse mentioned, read your source:
/usr/src/gnu/usr.sbin/sendmail/sendmail/Makefile

You'll find this comment:
# To build with SASL support define WANT_SMTPAUTH in /etc/mk.conf

In short, the above means you make a one line addition to
your /etc/mk.conf file (which is not molested by upgrades or updates)
and every time you build your system, sendmail will compile correctly
with SASL support without any changes required to your source tree.

It's easy to see you're trying to run a mail server in a professional
manner, so you *REALLY* should have a build/test machine rather than
making unknown/untested changes to a production box.

As for general system maintenance, do yourself a favor and read:
$ man release

Also read the FAQ section on making your own releases.
http://www.openbsd.org/faq/faq5.html#Release

You can compile your own release on your test box, test it, and maybe
even use the test box as a temporary stand-in for a few minutes while
you're installing the update/upgrade on your mail real server. Using
carp(4) might be interesting for you; since once your test box is
tested to be working properly, you might want to leave it attached as a
backup in case your main server melts into a pile of slag.

Lastly, you're probably wondering about rolling out packages when doing
a full upgrade (i.e. version change like from 4.1 to 4.2). The answer,
once again, is your test box, rolling your own releases, and learning
to use the siteXY.tgz file with your customizations. Your changes like
sendmail configuration files, any changes you want to do to your /etc
files (pf, spamd), and any packages you want, SASL, tmda, clamav, and
whatever else you fancy) can be added to your siteXY.tgz and
automatically installed during your upgrade.

Lucky for you, Mike Erdely (merdely@) just did a write up on using the
siteXY.tgz file:

http://www.undeadly.org/cgi?action=article&sid=20080111200305&mode=expanded&c
ount=8

Your fears of users yelling about their email being down are well
founded, but your fears of maintaining OpenBSD are on the edge of
completely irrational. :-)

lacrossetechnology weather station + openbsd

[jul]

Hello

i'm trying to use openbsd (4.2-stable) with a lacrosse weather station 
(ws8610).


there are multiple software to handle them depending on models 
open (open2300, open3600, open8610, ...)


Sadly, if i can compile software, running them doesn't output anything.
a ktrace shows it stalls (or mostly) on
$ ./dump3600 /dev/null start end
[...]
20658 dump3600 CALL  getrusage(0,0xcfbe0fa0)// mostly
[...]
20658 dump3600 CALL  ioctl(0x4,TIOCMSET,0xcfbdd09c)
OR
$ ./dump8610 test 0 1FFF
[...]
4525 dump8610 CALL  getrusage(0,0xcfbdff50) // mostly
[...]
4525 dump8610 CALL  ioctl(0x4,TIOCMGET,0xcfbdffd4)
[...]
  4525 dump8610 CALL  ioctl(0x4,TIOCMSET,0xcfbdbfec)
  4525 dump8610 RET   ioctl 0
  4525 dump8610 CALL  ioctl(0x4,TIOCMGET,0xcfbdbf9c)
  4525 dump8610 RET   ioctl 0
  4525 dump8610 CALL  ioctl(0x4,TIOCMSET,0xcfbdbf9c)
  4525 dump8610 RET   ioctl 0
  4525 dump8610 PSIG  SIGINT SIG_DFL code 0 // ^C

Has anyone some of these stations working with openbsd ?

thanks
Cheers

note: some links
http://tech.groups.yahoo.com/group/Lacrosse_weather_stations/
http://www.lavrsen.dk/twiki/bin/view/Open2300/WebHome
http://open3600.fast-mail.nl/tiki-index.php
http://www.lacrossetechnology.com/