Re: Netflow Reflector -or- Re-writing UDP packets using dup-to
Shoot the messenger, this was my fault: On Sun, 2008-04-06 at 22:47:06 -0500, Eric Pancer proclaimed... > We are taking netflow from various Cisco devices throughout our enterprise > to argus-3.0 running on OpenBSD 4.2. Unfortunately we've also got some Cisco > products in our environment that require us to have netflow sent to more > than 2 versions, which means we need a netflow reflector built. correction: destinations Sorry about that! - Eric
Netflow Reflector -or- Re-writing UDP packets using dup-to
We are taking netflow from various Cisco devices throughout our enterprise to argus-3.0 running on OpenBSD 4.2. Unfortunately we've also got some Cisco products in our environment that require us to have netflow sent to more than 2 versions, which means we need a netflow reflector built. I understand the "dup-to" syntax in pf.conf(5) but it may not meet the requirements for the reason that we wish not to re-write the source IP address (as our netflow aggregation depends on the source address of those packets). Has anyone ever crafted a UDP reflector which could re-write the destination address while keeping the source address intact? If you have done it using pf(4), were there any hurdles that you had to jump through to get things working? Thanks in advance, - Eric -- ``...don't you know, black is this years pink.''
Firefox 2.0.0.12
I tried Firefox 2.0.0.13 (Linux version) on my 4.2-stable
(GENERIC) #1: Mon Mar 31 07:33:53 CDT 2008 system.
Well, the Linux Firefox 2.0.0.13 on this system is teh suck, IMHO.
But I can't tell from the FAQ where to get the 2.0.0.12
package coming for 4.3, or even if said package is out.
Is 2.0.0.12 available as a package yet?
Remainder of dmesg for the interested:
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache)
499 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,
CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 335118336 (319MB)
avail mem = 316006400 (301MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/01/01, BIOS32 rev.
0 @ 0xffe90, SMBIOS rev. 2.2 @ 0xfb410 (64 entries)
bios0: vendor Dell Computer Corporation version "A10" date 08/01/01
bios0: Dell Computer Corporation OptiPlex GX1 500Mbr+
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc670/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371AB PIIX4 ISA"
rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xd000 0xd/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
"ATI Rage Pro" rev 0x5c at pci1 dev 0 function 0 not configured
piixpcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA, 9765MB, 1728 sectors
wd1 at pciide0 channel 0 drive 1:
wd1: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev 0x01: irq 11
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02:
SMBus disabled
vga1 at pci0 dev 14 function 0 "ATI Radeon 9200 SE Sec" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 15 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci2 at ppb1 bus 2
ohci0 at pci2 dev 11 function 0 "Acer Labs M5237 USB" rev 0x03:
irq 9, version 1.0, legacy support
ehci0 at pci2 dev 11 function 3 "Acer Labs M5239 USB2" rev 0x01:
irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Acer Labs EHCI root hub, rev 2.00/1.00, addr 1
usb1 at ohci0: USB revision 1.0
uhub1 at usb1: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1
xl0 at pci0 dev 17 function 0 "3Com 3c905B 100Base-TX" rev 0x24:
irq 11, address 00:c0:4f:22:a7:b8
exphy0 at xl0 phy 24: 3Com internal media interface
isa0 at piixpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
isapnp0 at isa0 port 0x279: read port 0x203
wss1 at isapnp0 "CS4236B, CSC, , WSS/SB" port
0x534/4,0x388/4,0x220/16 irq 5 drq 1,0: CS4236/CS4236B (vers 0)
audio0 at wss1
joy0 at isapnp0 "CS4236B, CSC000F, , Game" port 0x3a0/8
"CS4236B, CSC0010, , Ctrl" at isapnp0 port 0xf00/8 not configured
"CS4236B, CSC0003, , MPU" at isapnp0 port 0x330/2 not configured
usb2 at uhci0: USB revision 1.0
uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1
biomask ef45 netmask ef45 ttymask ffc7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
root on wd1a swap on wd1b dump on wd1b
cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0
SENSE KEY: Not Ready
ASC/ASCQ: Medium Not Present
cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0
SENSE KEY: Not Ready
ASC/ASCQ: Medium Not Present
[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a
name of eagirard.9008DEFANGED-vcf]
Re: FTP-Proxy swallows 221 Message (MS FTP-Service)
On 18:04:48 Apr 06, Joel Knight wrote: > > It sounds like a race condition, where the server FIN reaches the proxy > > before the final data is sent out to the client. I'd have to dig into > > it a bit more. > > That's exactly what I saw when I broke out the sniffer to troubleshoot > this. > How about doing a TCP shutdown(2) like netcat? > Unfortunately there seems to be a lot of shitty software out there that > waits explicitly for the 221 response even though the TCP socket that > that response is supposed to come in on has been closed. You can specify SHUT_RD, SHUT_WR or SHUT_RDWR. Of course the OpenBSD man page is real cool. $ man 2 shutdown > > This is the patch that I've been running in production for some weeks. > The firewall where I'm running this proxies outgoing ftp connections and > also sits in front of an FTP server so I have two instances of ftp-proxy > running. The patch fixes the 221 issue however I recently started > getting reports of users being unable to ftp outbound. Seems the patch > is causing ftp-proxy to crash at random (but only the instance that > proxies the outgoing connections). I haven't had time to debug that yet. > Change it to use shutdown() before close(). -Girish
Re: FTP-Proxy swallows 221 Message (MS FTP-Service)
--- Quoting Camiel Dobbelaar on 2008/04/02 at 17:32 +0200:
> Michael Hoffrath wrote:
> > Same problem here Running OpenBSD 4.2 (GENERIC) #375 i386.
> >
> > It seems not only being a problem of Microsoft, I've found that problem also
> > on VSFTPd (centos) and Filezilla (Windows 2003 Server).
> >
> > Both are sending "221 Goodbye" but ftp-proxy seems to swallow that from time
> > to time.
>
> It sounds like a race condition, where the server FIN reaches the proxy
> before the final data is sent out to the client. I'd have to dig into
> it a bit more.
That's exactly what I saw when I broke out the sniffer to troubleshoot
this.
> Does it cause a real problem? (in other words: how urgent is the fix?)
Unfortunately there seems to be a lot of shitty software out there that
waits explicitly for the 221 response even though the TCP socket that
that response is supposed to come in on has been closed.
This is the patch that I've been running in production for some weeks.
The firewall where I'm running this proxies outgoing ftp connections and
also sits in front of an FTP server so I have two instances of ftp-proxy
running. The patch fixes the 221 issue however I recently started
getting reports of users being unable to ftp outbound. Seems the patch
is causing ftp-proxy to crash at random (but only the instance that
proxies the outgoing connections). I haven't had time to debug that yet.
.joel
Index: ftp-proxy.c
===
RCS file: /cvs/src/usr.sbin/ftp-proxy/ftp-proxy.c,v
retrieving revision 1.13
diff -p -u -r1.13 ftp-proxy.c
--- ftp-proxy.c 30 Dec 2006 13:24:00 - 1.13
+++ ftp-proxy.c 8 Mar 2008 00:56:38 -
@@ -79,6 +79,8 @@ struct session {
int cmd;
u_int16_tport;
u_int16_tproxy_port;
+ u_int8_t client_closed;
+ u_int8_t server_closed;
LIST_ENTRY(session) entry;
};
@@ -91,6 +93,8 @@ int client_parse_cmd(struct session *s);
void client_read(struct bufferevent *, void *);
intdrop_privs(void);
void end_session(struct session *);
+void end_session_client(struct session *);
+void end_session_server(struct session *);
intexit_daemon(void);
intgetline(char *, size_t *);
void handle_connection(const int, short, void *);
@@ -134,7 +138,7 @@ client_error(struct bufferevent *bufev,
else
logmsg(LOG_ERR, "#%d abnormal client error: %d", s->id, what);
- end_session(s);
+ end_session_client(s);
}
int
@@ -270,15 +274,18 @@ end_session(struct session *s)
logmsg(LOG_INFO, "#%d ending session", s->id);
- if (s->client_fd != -1)
- close(s->client_fd);
- if (s->server_fd != -1)
- close(s->server_fd);
-
- if (s->client_bufev)
- bufferevent_free(s->client_bufev);
- if (s->server_bufev)
- bufferevent_free(s->server_bufev);
+ if (!s->client_closed) {
+ if (s->client_fd != -1)
+ close(s->client_fd);
+ if (s->client_bufev)
+ bufferevent_free(s->client_bufev);
+ }
+ if (!s->server_closed) {
+ if (s->server_fd != -1)
+ close(s->server_fd);
+ if (s->server_bufev)
+ bufferevent_free(s->server_bufev);
+ }
/* Remove rulesets by commiting empty ones. */
err = 0;
@@ -297,6 +304,42 @@ end_session(struct session *s)
session_count--;
}
+void
+end_session_client(struct session *s)
+{
+ logmsg(LOG_INFO, "#%d ending client session", s->id);
+
+ if (s->client_fd != -1)
+ close(s->client_fd);
+
+ if (s->client_bufev)
+ bufferevent_free(s->client_bufev);
+
+ s->client_closed++;
+
+ /* server connection is already closed, shut everything down */
+ if (s->server_closed)
+ end_session(s);
+}
+
+void
+end_session_server(struct session *s)
+{
+ logmsg(LOG_INFO, "#%d ending server session", s->id);
+
+ if (s->server_fd != -1)
+ close(s->server_fd);
+
+ if (s->server_bufev)
+ bufferevent_free(s->server_bufev);
+
+ s->server_closed++;
+
+ /* client connection is already closed, shut everything down */
+ if (s->client_closed)
+ end_session(s);
+}
+
int
exit_daemon(void)
{
@@ -882,7 +925,7 @@ server_error(struct bufferevent *bufev,
else
logmsg(LOG_ERR, "#%d abnormal server error: %d", s->id, what);
- end_session(s);
+ end_session_server(s);
}
int
Re: Verify authenticity of installation files on mirrors?
Does buying the original CD sets count? On Sun, Apr 6, 2008 at 6:49 PM, Philipp Winter <[EMAIL PROTECTED]> wrote: > Hi, > > I did not find a file on the OpenBSD mirrors which contains a digital > signature for the 'MD5' files which are placed in the platformspecific > directories (e.g.: ftp://ftp.openbsd.org/pub/OpenBSD/4.2/i386/). > > Is there no way to verify the authenticity of the installation files? > > Thanks, > Philipp
Re: Verify authenticity of installation files on mirrors?
2008/4/7, Theo de Raadt <[EMAIL PROTECTED]>: > > Is there no way to verify the authenticity of the installation files? > > No, there is no way. IBTD: Get your cds from trusted sources. ;-) Best Martin
Re: Verify authenticity of installation files on mirrors?
Philipp Winter wrote: > Hi, > > I did not find a file on the OpenBSD mirrors which contains a digital > signature for the 'MD5' files which are placed in the platform specific > directories (e.g.: ftp://ftp.openbsd.org/pub/OpenBSD/4.2/i386/). > > Is there no way to verify the authenticity of the installation files? > > Thanks, > Philipp Huh?, ftp://ftp.openbsd.org/pub/OpenBSD/4.2/i386/MD5 seems to contain all the proper MD5's... if your mirror matches the ones at the official site, that seems to prove they're genuine. The OpenBSD team takes security pretty seriously. ;) - digitally signing the MD5 file is a bit much though... don't ya think? =| If you're still paranoid, perhaps you request that release announcement emails should contain the "official" MD5's of the base files... perhaps Theo could send it for kicks.. lmao -Nix Fan.
Re: Verify authenticity of installation files on mirrors?
> I did not find a file on the OpenBSD mirrors which contains a digital > signature for the 'MD5' files which are placed in the platformspecific > directories (e.g.: ftp://ftp.openbsd.org/pub/OpenBSD/4.2/i386/). > > Is there no way to verify the authenticity of the installation files? No, there is no way.
Verify authenticity of installation files on mirrors?
Hi, I did not find a file on the OpenBSD mirrors which contains a digital signature for the 'MD5' files which are placed in the platformspecific directories (e.g.: ftp://ftp.openbsd.org/pub/OpenBSD/4.2/i386/). Is there no way to verify the authenticity of the installation files? Thanks, Philipp
Re: Can't boot Dell Inspiron 530
OpenBSD 4.3 is due out on May 1st, a lot of changes have happened in 5 months.. perhaps you should wait for the 4.3 release, or try a snapshot from your local mirror, unfortunately, those are -CURRENT.. which, will eventually be the 4.4-RELEASE. Reporting hardware incompatibilities for a code base several months old isn't very productive... 4.2 was released in November. ;) -Nix Fan.
Can't boot Dell Inspiron 530
Hi- I have a Dell Inspiron 530 Viiv E4500 Core 2 Duo Processor 2.20GHz, 800Mhz FSB, 2MB, RAM 4 GB DDR2 667 MHz, Hard Drive 640GB Serial ATA2 Non Raid (2x320GB) 7200Rpm Dual HDD Config, DVD+/-RW (ReadWrite) 16X, Video Card - 128MB nVidia GeForce 8300GS, keyboard Dell USB, mouse Logitech USB, Internal PCI 802.11 b/g Wireless Network Card. I burned install42.iso on a DVD (not a CD) and booted the machine. The boot process came along fine until it just froze right after ... wskbd1 at ukbd0 mux 1 wskbd: connecting to wsdisplay0 UKC autoconf verbose only says: ... >>> probing for wskbd >>> wskbd probe returned 1 >>> wskbd probe won wskbd1 at ukbd0 mux 1 wskbd: connecting to wsdisplay0 I can't copy the full dmesg since I can't complete the boot process and I don't connect through a console. There are only USB ports available. Is this a usual spot for the boot process to hang? Is there anything I can do? Thanks, C. Sputnik.
Re: Simple OBSD/Samba sharing/restart question
On Mon, 2008-03-31 at 12:36 -0400, Dan Brosemer wrote: > But should you need to stop and start it, just kill off the [sn]mbd > processes and fire them off manually. Use /etc/rc.local as your command line flag/switch reference point. ~BAS IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Reserva de verano
Verano 5 dias en Cancun para 2 personas por 3729 pesos visite http://tinyurl.com/25zupf o marque al 01 800 123 3153
Re: Tunnel snmp through ssh
On Sunday 30 March 2008 19:15:40 Stijn wrote: > check out ssh-based vpn: ssh (1) > Thanks. That works for me. -- Greetings Chris
Re: using sun storeedge d1000 with OpenBSD
Sebastian Reitenbach wrote: I got such a storage device, mentioned in the subject. In the manual it says, when I want to connect the storage to a PCI based hosts, I need a PCI to dual differential UltraSCSI adapter, Model X6541A. What you need is any differential UltraSCSI controller. The D1000 can have its two SCSI buses joined and you can configure it so they don't have repeating SCSI IDs... or if you have two differential UltrasCSI channels, you can connect them separately. However, the X6541A does work fine - I have one in a PowerEdge 1550, currently connected to a D1000: siop0 at pci2 dev 6 function 0 "Symbios Logic 53c875" rev 0x14: apic 3 int 13 (irq 3), using 4K of on-board RAM scsibus2 at siop0: 16 targets sd2 at scsibus2 targ 0 lun 0: SCSI2 0/direct fixed sd2: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total sd3 at scsibus2 targ 1 lun 0: SCSI2 0/direct fixed sd3: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total sd4 at scsibus2 targ 2 lun 0: SCSI2 0/direct fixed sd4: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total safte1 at scsibus2 targ 14 lun 0: SCSI2 3/processor fixed siop1 at pci2 dev 6 function 1 "Symbios Logic 53c875" rev 0x14: apic 3 int 14 (irq 11), using 4K of on-board RAM scsibus3 at siop1: 16 targets sd5 at scsibus3 targ 8 lun 0: SCSI2 0/direct fixed sd5: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total sd6 at scsibus3 targ 9 lun 0: SCSI2 0/direct fixed sd6: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total sd7 at scsibus3 targ 10 lun 0: SCSI2 0/direct fixed sd7: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total safte2 at scsibus3 targ 15 lun 0: SCSI2 3/processor fixed -- Matthew Weigel hacker unique & idempot.ent
Re: Broken installer at snapshot >~ 28.03.08 macppc
On Sun, Apr 06, 2008 at 04:59:13AM -0500, Peter Kun wrote: > Hello. > At snapshots that greater than this date, you can't install system. > Malfunction problem. After that as you choose 'yes' option at > 'use whole disk for openbsd' question, installer will create > 'i' partiton, but after that fdisk will misused (i.e. it will prompt > as help when wrong or non-full keys are used with fdisk) and > gets next step instead of creation of partitions. > > Arch is macppc. This machine isn't 'dumb terminal-capable', so i'll > provide only screen capture - http://image.bayimg.com/aajepaabf.jpg > > Snapshot is from 03.08.2008. > > -- > Want an e-mail address like mine? > Get a free e-mail account today at www.mail.com! > You are correct. I introduced a bug to disklabel with r1.123 of disklabel.c. This bug prevents '-w -d ' from working and thus the incorrect display of usage. I've committed a fix which should appear in snapshots dated after April 6. Thanks for finding this! Ken
Broken installer at snapshot >~ 28.03.08 macppc
Hello. At snapshots that greater than this date, you can't install system. Malfunction problem. After that as you choose 'yes' option at 'use whole disk for openbsd' question, installer will create 'i' partiton, but after that fdisk will misused (i.e. it will prompt as help when wrong or non-full keys are used with fdisk) and gets next step instead of creation of partitions. Arch is macppc. This machine isn't 'dumb terminal-capable', so i'll provide only screen capture - http://image.bayimg.com/aajepaabf.jpg Snapshot is from 03.08.2008. -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: @ e4ea
Hi Pau, You can find it here; http://e4ea.ismywebsite.com/ Specially made for you ;-)) Jan On Fri, 4 Apr 2008 21:30:12 +0200 "Pau Amaro-Seoane" <[EMAIL PROTECTED]> wrote: > Hi, > > I am interested in the script mentioned here by e4ea > > http://undeadly.org/cgi?action=article&sid=2007120707&mode=expanded > > who of you is e4ea? I would like to have a look at the script you talk > about but unfortunately the person who uploaded it to pastebin chose > "one month" and now it's gone. > > I would appreciate if e4ea would send it to me. > > Cheers, > > Pau
