Re: Apple Macbook Xorg synchronization problems(?) - Update

[Kostas Zorbadelos]

On Tuesday 19 August 2008 22:32:34 Nick Guenther wrote:
 On Tue, Aug 19, 2008 at 5:05 AM, Kostas Zorbadelos [EMAIL PROTECTED] wrote:
  On Tuesday 19 August 2008 11:58:34 Karl Sjodahl - dunceor wrote:
  On Tue, Aug 19, 2008 at 10:29 AM, Kostas Zorbadelos [EMAIL PROTECTED]
 
  wrote:
   Hello to everyone.
  
   This is my first post here and I should be considered a new user in
   OpenBSD. I have an Apple Macbook (13.3') Intel Core 2 Duo and I
   managed to install 4.3-release/amd64. I have a working console-based
   system using GENERIC.MP kernel. The problem is when I start X I can
   see no fonts on the screen (seems like an X server synchronization
   problem).
 
  I should have included that in the first place :)
 
  As I can see I also have a 2,1 but I guess the Intel card is supported in
  the Xorg intel driver...


OK, first the update.

I can very well see truetype anti-aliased fonts. I configured my xterm to use 
a Microsoft Core Font and I can see the font clearly. However, any attempts 
to use bitmap fonts so far have failed (I cannot see them on screen unless I 
plug an external monitor in which case I can see them both in the external 
monitor and the laptop's). For now, I will configure everything to use TTF 
and also use fvwm as KDE has quite a few problems and does not work well 
out-of-the box. 

 You have a 2,1? How did you get it installed in the first place? The
 install kernel hangs for me. I got around that by putting the
 harddrive in a different computer, but I'm wondering if I missed an
 easier way.


I will try to document everything in a public url and when I do I will post 
the link to the list. Generally, I have a dual boot setup (Mac OS X Leopard 
and OpenBSD). I used Boot Camp assistant to create an empty partition. Then I 
installed OpenBSD 4.3 from the CD using an external USB keyboard in the first 
USB slot. After the installation was complete I modified boot.conf to use 
GENERIC.MP kernel (the normal kernel does not work and I believe it has to do 
something with the different ACPI handling in the MP kernel). Finally I use 
the very good rEfit boot loader (http://refit.sourceforge.net/) to dual boot 
the system. I guess someone could use rEfit and have only OpenBSD on the 
laptop if that was  his wish -:)

 -Nick

Kostas

Re: concerning directin in PF for enc0

[Harald Dunkel]

Hi Ryan,

These links might help:

http://www.kernel-panic.it/openbsd/vpn/vpn3.html#vpn-3.4
http://www.openbsd.org/cgi-bin/man.cgi?query=enc


Good luck

Harri

Re: bridge and carp

[Marco Fretz]

hi alec,

alexander lind wrote:
 Is it possible to have two OpenBSD bridging firewalls work together  
 with CARP now?

What do you mean by work together? Only fail-over? load-share?

 
 In the past I know it has been impossible to use CARP between two  
 bridging firewalls, but reading the 4.1 -  4.2 changelog, I learned  
 about this change:
 
 Update the ifp of bridge cache entries if the entry is not static.  
 This makes carp(4) fail-over work over bridge(4).

I think this means only that it is possible to use carp over bridges,
not for bridges. but maybe I'm wrong. :-)

 
 So my question is, am I understanding this right if I say that it is  
 indeed possible to set up a pair of redundant carped firewalls using  
 OpenBSD 4.2 or above?

Bridges are layer 2, carp is layer 3 (it shares IP addresses). So carp
can not handle this by its nature I think. Just place the both bridges
in your LAN and you have your fail-over solution. I've never done
something with openbsd bridges but as I know it from bridge-utils from
linux you can set STP priority and costs to influence spanning tree path
selection. Of course your LAN switch should be capable of basic
spanning-tree functions as well.

after the first bridge goes down, spanning tree takes automatically the
next best path by setting the needed switchports to forward (instead of
blocking).

bests
 Marco

 
 Alec

Re: Slow Wireless, Fast Copper

[Alex Berdan]

I saw a similar problem and I got it fixed changing the frequency
channel of the wireless box. Did you try this already?


On 8/10/08, ropers [EMAIL PROTECTED] wrote:
 2008/8/6 OpenBSD Misc [EMAIL PROTECTED]:
  Hi.  I'm at my wits end.
 
  My original configuration:
  I have a laptop (HP Pavillion dv9700).  It comes with an integrated Intel
  Wireless WiFi Link 4965AGN adapter and is running Vista Home Premium.  I
  have a D-Link DWL-2200AP wireless access point.  I have an old Gateway
  computer with a P3 processor running at 650 MHz and five NICs that was
  running FreeBSD 7.  I have a Westell DSL modem with 3000/768 service through
  Verizon.  The Gateway is set up as a firewall with ipf.  The notebook
  connects wirelessly to the WAP, which is cabled into a NIC in the firewall,
  which is cabled to the DSL modem through a different NIC.
 
  The problem:
  I noticed that my wireless was running slowly.  Verizon has a speed testing
  website, so I test my speed with it.  My upload speed nearly maxes out at
 700 Kbps no matter what my configuration is.  My download speed doesn't
  typically get above 90 Kbps.  BUT, I have a PC running Windows XP Pro
  connected to a third NIC in the firewall, and the speed test nearly maxes
  out both upload and download speeds.
 
  What I did:
  Okay, something's wrong with the wireless link.  I connect the WAP directly
  to the DSL modem and retest my speed.  I'm running at FULL speed, so the
  problem isn't with the wireless connection between the laptop and the WAP.
  So I reconnect the WAP to the firewall with a different (new, prefab,
  unopened) ethernet cable and retest.  Download speed sucks again; it's not a
  cabling issue.  So I move to a different NIC and retest.  Download speed
  still sucks; it's not the NIC.  So I move to the NIC to which my XP PC was
  connected (which got fast download speeds) and retested.  Download speed
  STILL sucks.  I buy a D-Link DAP-1522 wireless access point and replace the
  DWL-2200AP.  I retest and get sucky download speeds.  I've been wanting to
  move to OpenBSD and pf for some time now, so I install OpenBSD 4.3 on the
  firewall, set up my DSL connection, DNS service, and DHCP service.  I
  configure pf with a minimal configuration that basically lets all outbound
  traffic pass and blocks all inbound traffic from the internet.  I test
  connectivity, and my Vista laptop and XP PC both connect to the Internet and
  can talk to each other.  The firewall can talk to everything.  I put all
  cables back to their original configuration; everything's connected as it
  was when I first noticed the problem except for the new WAP, the new OS, and
  the new cable.  I retest my speeds.  I'm back where I started: XP PC gets
  full speed internet service, laptop gets sucky download speeds through the
  wireless link.  So with OpenBSD on the Gateway I retry everything I just
  described above with the new WAP and new cable and get the same results.  I
  put everything back to the original configuration again except the WAP, OS,
  and cable.  I test the speed over the wireless link again and get sucky
  download speeds.  I copy a large file from my XP PC to my laptop (which is
  still connected to the firewall wirelessly all this time) and I get GREAT
  transfer speeds.
 
  Conclusion:
  So I can talk through my WAP and through my firewall to anything else on my
  side of the internet connection at full speed, and everything that's not
  wireless can talk through the firewall to the internet at full speed.  But I
  cannot talk through my WAP and through my firewall to the Internet at full
  speed.  I can talk through my WAP to the Internet (not through the firewall)
  at full speed.
 
  Can anyone please offer some assistance?
 
  Thank you...
 
 
  Additional information:
  The three NICs in the firewall that I tried use the vr, xl, and ne drivers.
  The vr has a VIA Rhine or RhineII chipset.  The xl is a 3Com 3c905, and the
  ne is a generic card using the Realtek 8029 chipset.
 

 snip /

 I'm clueless as to your actual problem, but I did have the following thoughts:

 The question is whether this problem is
 OS/software/configuration-specific. The fact that you've encountered
 the same problem with FreeBSD and OpenBSD seems to suggest that it's
 not OS/software-specific, but there are some commonalities between the
 various *BSDs, and there is more common code between Free- and OpenBSD
 than between Linux and OpenBSD. I don't know^W^W^WAccording to
 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-apps.html
 , FreeBSD uses IPF, IPFW and PF. Which did you use when you tried
 FreeBSD? If you used PF both on OpenBSD and FreeBSD, then it might be
 a PF problem. This may be a bit of work to even try, but are you
 encountering the same problems with the other firewalls under FreeBSD?
 If yes, then you could try to rule out problems because of common code
 in the OpenBSD and FreeBSD OSes by trying Linux/IPtables and 

Re: bridge and carp

[Harald Dunkel]

Marco Fretz wrote:


Bridges are layer 2, carp is layer 3 (it shares IP addresses). So carp
can not handle this by its nature I think. Just place the both bridges
in your LAN and you have your fail-over solution. 


Packet Filter still does stateful inspection, even in bridging mode,
AFAIK. So both firewall hosts should be connected via pfsync on a
dedicated interface using a cross-over cable. No need to assign an
IP address, i.e. the firewall bridge is still transparent.


Regards

Harri

Re: TV out for Xorg/OpenBSD?

[Jussi Peltola]

TV outputs and standards are quite simple, but apparently some
explanation might be in order. Since we're already off topic, I'll just
try to summarize some facts regarding things mentioned in the thread.

To start, when talking about baseband video outputs, a TV standard (PAL,
NTSC, etc.) defines two things: the video timings and a color encoding.
Normally, a TV out encoder will take care of all of that and output a
suitable baseband signal, but that requires your video card's and its
driver's cooperation.

FTA (for the Americans), SCART is a european standard AV connector with
2-way composite video, audio and one-way RGB and S-Video signalling,
plus a few data wires that can be used to synchronize the channels tuned
in your TV to your VCR.

In the case of a VGA to SCART cable, you need to create a modeline of
[EMAIL PROTECTED], so the HorizSync is about 15kHz, while VGA monitors usually
support only down to around 31kHz. The color encoding is totally
irrelevant with RGB, you just need to coerce your video card and driver
to output the right frequency. I unfortunately have only done this years
ago, in Windows, using PowerStrip.

You will probably also need to pull up one or two pins in the SCART
connector (8/SWTCH to 12v and 16/BLNK to over 3V) to put your TV into
RGB mode; I've had lots of European TVs that are pretty picky about the
voltage. You may also need to experiment with sync polarity, and
depending on your cable, with composite sync (you need it since SCART
has only one sync pin, but the cable may already wire HSYNC and VSYNC
together).

The SCART RGB way can be painful, but the image quality is worth it
(look at the TV's built in teletext and compare it to a composite video
signal).

Someone also mentioned a VGA to S-Video cable with no intelligence.
Those are usually used in laptops with cooperation of the video
hardware. A simple modeline will not make your video card output
S-Video.

-- 
Jussi Peltola

Understanding issue in building raid with raidctl

[Christophe Rioux]

I follow some documentation for building the software raid on my system:
http://www.argon18.com/raid_openbsd.html
http://www.openbsd-france.org/documentations/OpenBSD-raid1.html#deux

And the result is, I have 2 disk which are working in RAID-1. I build
following configuration:

Physical disk: 250 Go (2 x)

Disklabel: wd0 and wd1
wdXa: 10 Gb
wdXb: 512m
wdXd: the rest of the disk

= as far I undestand, the wdXa disk are needed to boot before starting the
RAID. This are more or less lost disk place ?


I build again the same disklabel on the raid0 disk:
  a: 20971853235680435  4.2BSD   2048 163841 
  b:  1048576 256652288 swap   
  c:4663507200  unused  0 0  
  d:208649856257700864  4.2BSD   2048 163841 
  i:  1000974136512000  MSDOS   
  j: 4017235676418  unknown

But the result is:
a: 10 Gb
d: 100 Gb
i 
j 

When I start the system, I have the feeling that I'm booting on the wd0a
disk, and not on the raid0a disk

Questions:
* how can I be sure I'm booting on the right disk ?
* where are my 130 Gb lost place ?
* where will the system write the logs down ? Wd0a or raid0a ? If those
information are writing to raid0a, that means, I can reduce the wdXa disk to
the minimum requirements (1 Gb for example)

Christophe

Re: TV out for Xorg/OpenBSD?

[Edd Barrett]

Hi

On Wed, Aug 20, 2008 at 8:46 AM, Jussi Peltola [EMAIL PROTECTED] wrote:
 You will probably also need to pull up one or two pins in the SCART
 connector (8/SWTCH to 12v and 16/BLNK to over 3V) to put your TV into
 RGB mode;

How is this achieved?

-- 

Best Regards

Edd

http://students.dec.bournemouth.ac.uk/ebarrett

Re: TV out for Xorg/OpenBSD?

[Peter Shrimpton]

Hi
Making a cable up is straight forward the only problem is the soldering 
is fiddly - you need a very small soldering iron. You should probably 
also get a multimeter to test your soldering before using the lead in 
case you fry your telly or graphics card.


Here are two websites on how to build it:

http://ryoandr.free.fr/english.html

http://www.idiots.org.uk/vga_rgb_scart/

Use the pin connection table from the first site not the second. They 
are M$ biased so ignore the software parts

Peter
Edd Barrett wrote:

Hi

On Wed, Aug 20, 2008 at 8:46 AM, Jussi Peltola [EMAIL PROTECTED] wrote:
  

You will probably also need to pull up one or two pins in the SCART
connector (8/SWTCH to 12v and 16/BLNK to over 3V) to put your TV into
RGB mode;



How is this achieved?

Re: named starting slowly

[Jan Stary]

Replying to myself,

On Aug 18 20:51:26, Jan Stary wrote:
 This is -current as of a few weeks back, running on ALIX2C3.
 Works smoothly as my home router/fw/dns, but when booting
 gets to starting named, there is a strange slowdown:
snip
 Aug 18 19:48:58 gw named[15560]: starting BIND 9.4.2-P1
 Aug 18 19:49:03 gw named[15560]: loading configuration from '/etc/named.conf'
 Aug 18 19:49:03 gw named[15560]: listening on IPv6 interfaces, port 53
 Aug 18 19:49:04 gw named[15560]: Binding privsep
 Aug 18 19:49:04 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:04 gw named[15560]: Binding privsep
 Aug 18 19:49:04 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:04 gw named[15560]: listening on IPv4 interface lo0, 127.0.0.1#53
 Aug 18 19:49:04 gw named[15560]: Binding privsep
 Aug 18 19:49:04 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:04 gw named[15560]: Binding privsep
 Aug 18 19:49:04 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:04 gw named[15560]: listening on IPv4 interface vr0, 
 192.167.167.1#53
 Aug 18 19:49:04 gw named[15560]: Binding privsep
 Aug 18 19:49:04 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:04 gw named[15560]: Binding privsep
 Aug 18 19:49:04 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:04 gw named[15560]: listening on IPv4 interface vr1, 
 192.168.111.1#53
 Aug 18 19:49:04 gw named[15560]: Binding privsep
 Aug 18 19:49:04 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:04 gw named[15560]: Binding privsep
 Aug 18 19:49:04 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:04 gw named[15560]: listening on IPv4 interface vr2, 
 192.168.222.1#53
 Aug 18 19:49:04 gw named[15560]: Binding privsep
 Aug 18 19:49:04 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:04 gw named[15560]: Binding privsep
 Aug 18 19:49:04 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:05 gw named[15560]: Binding locally
 Aug 18 19:49:05 gw named[15560]: Binding locally
 Aug 18 19:49:06 gw named[15560]: automatic empty zone: view internal: 
 254.169.IN-ADDR.ARPA
 Aug 18 19:49:06 gw named[15560]: automatic empty zone: view internal: 
 2.0.192.IN-ADDR.ARPA
 Aug 18 19:49:06 gw named[15560]: automatic empty zone: view internal: 
 255.255.255.255.IN-ADDR.ARPA
 
 # took about 8 seconds up to here; but then
 
 Aug 18 19:49:31 gw named[15560]: automatic empty zone: view internal: 
 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
 
 # what could possibly take 25 seconds when loading an automatic empty zone?

Could we possibly be waiting for 'ntpd -s'? See:

 Aug 18 19:49:31 gw named[15560]: automatic empty zone: view internal: 
 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
 Aug 18 19:49:31 gw named[15560]: automatic empty zone: view internal: 
 D.F.IP6.ARPA
 Aug 18 19:49:31 gw named[15560]: automatic empty zone: view internal: 
 8.E.F.IP6.ARPA
 Aug 18 19:49:31 gw named[15560]: automatic empty zone: view internal: 
 9.E.F.IP6.ARPA
 Aug 18 19:49:31 gw named[15560]: automatic empty zone: view internal: 
 A.E.F.IP6.ARPA
 Aug 18 19:49:31 gw named[15560]: automatic empty zone: view internal: 
 B.E.F.IP6.ARPA
 Aug 18 19:49:31 gw named[15560]: Binding privsep
 Aug 18 19:49:31 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:31 gw named[15560]: command channel listening on 127.0.0.1#953
 Aug 18 19:49:31 gw named[15560]: Binding privsep
 Aug 18 19:49:31 gw named[29233]: [priv]: msg PRIV_BIND received
 Aug 18 19:49:31 gw named[15560]: command channel listening on ::1#953
 Aug 18 19:49:31 gw named[15560]: zone 127.in-addr.arpa/IN/internal: loaded 
 serial 1
 Aug 18 19:49:31 gw named[15560]: zone 111.168.192.in-addr.arpa/IN/internal: 
 loaded serial 1
 Aug 18 19:49:31 gw named[15560]: zone 222.168.192.in-addr.arpa/IN/internal: 
 loaded serial 1
 Aug 18 19:49:31 gw named[15560]: zone stare.cz/IN/internal: loaded serial 
 2008060101
 Aug 18 19:49:31 gw named[15560]: zone localhost/IN/internal: loaded serial 1
 Aug 18 19:49:31 gw named[15560]: zone stare.cz/IN/external: loaded serial 
 2008052901
 Aug 18 19:49:31 gw named[15560]: running
 Aug 18 19:49:31 gw named[15560]: zone stare.cz/IN/internal: sending notifies 
 (serial 2008060101)
 Aug 18 19:49:31 gw named[15560]: zone stare.cz/IN/external: sending notifies 
 (serial 2008052901)
 Aug 18 19:49:31 gw named[15560]: client 79.98.73.150#7375: view external: 
 received notify for zone 'stare.cz'
 Aug 18 19:49:31 gw ntpd[26108]: ntp engine ready

The timestamp when named spoke again
is the same time when ntpd said 'ntp engine ready'.

It is started as 'ntpd -s'; is there any interaction between ntpd and
named during startup, or is this just a coincidence?


 Aug 18 19:49:31 gw named[15560]: Binding locally
 # This message keeps appearing in the log even after bootup.
 
 Aug 18 19:49:32 gw last message repeated 3 times
 Aug 18 19:49:33 gw ntpd[13902]: set local clock to Mon Aug 18 19:49:33 

Re: Understanding issue in building raid with raidctl

[Raimo Niskanen]

On Wed, Aug 20, 2008 at 10:01:10AM +0200, Christophe Rioux wrote:
 I follow some documentation for building the software raid on my system:
 http://www.argon18.com/raid_openbsd.html
 http://www.openbsd-france.org/documentations/OpenBSD-raid1.html#deux
 
 And the result is, I have 2 disk which are working in RAID-1. I build
 following configuration:
 
 Physical disk: 250 Go (2 x)
 
 Disklabel: wd0 and wd1
 wdXa: 10 Gb
 wdXb: 512m
 wdXd: the rest of the disk
 
 = as far I undestand, the wdXa disk are needed to boot before starting the
 RAID. This are more or less lost disk place ?
 

Yes. 10 GByte is more than sufficient for building the RAID kernel.
I have done it in 1.5 GByte, but that was maybe pushing it a bit far...

 
 I build again the same disklabel on the raid0 disk:
   a: 209718532356804354.2BSD   2048 163841 
   b:  1048576 256652288   swap   
   c:4663507200unused  0 0  
   d:2086498562577008644.2BSD   2048 163841 
   i:  1000974136512000MSDOS   
   j: 4017235676418unknown
 
 But the result is:
 a: 10 Gb
 d: 100 Gb
 i 
 j 

What result is?
How did you build the disklabel?
What is the actual printout from disklabel -p m raid0?
Oh, and disklabel -p m wd0, and disklabel -p m wd1
What does raidctl -s all say?

 
 When I start the system, I have the feeling that I'm booting on the wd0a
 disk, and not on the raid0a disk
 

You need to make the RAID auto-configurable, and root partition
eglible. I.e raidctl -A yes raid0 and raidctl -A root raid0.

Read man raidctl, all the way down to the end. It is invaluable.

 Questions:
 * how can I be sure I'm booting on the right disk ?

Check your dmesg and see which root device it uses at the end.

 * where are my 130 Gb lost place ?

You can probably find them in the disklabels.

 * where will the system write the logs down ? Wd0a or raid0a ? If those
 information are writing to raid0a, that means, I can reduce the wdXa disk to
 the minimum requirements (1 Gb for example)
 
 Christophe

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: another bgp setup question

[Agung T. Apriyanto]

On 8/17/08, Agung T. Apriyanto [EMAIL PROTECTED] wrote:
 the problem:
 C able to announce /24 to D, and D successfully forward to E and whole world.
 while in B, receive announce /24 from C and prefix from A,
 but not able forward announce /24 to A and not able forward received
 routes from A
 to C.


case closed, route-reflector added to router A, and everything went well :)

-A

Re: bridge and carp

[Henning Brauer]

* Harald Dunkel [EMAIL PROTECTED] [2008-08-20 09:43]:
 Marco Fretz wrote:

 Bridges are layer 2, carp is layer 3 (it shares IP addresses). So carp
 can not handle this by its nature I think. Just place the both bridges
 in your LAN and you have your fail-over solution. 

 Packet Filter still does stateful inspection, even in bridging mode,

and that is related to carp how?
hint: not at all.

 AFAIK. So both firewall hosts should be connected via pfsync on a
 dedicated interface using a cross-over cable. No need to assign an
 IP address, i.e. the firewall bridge is still transparent.

and that is related to carp how?
hint: not at all.

(ok, pfsync tells carp to not take over unless the state tables are
synced. but that only makes a difference when one host just boots and
is about to take over, and even then you can easily live without)

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Apple Macbook Xorg synchronization problems

[Karl Sjodahl - dunceor]

On Tue, Aug 19, 2008 at 9:32 PM, Nick Guenther [EMAIL PROTECTED] wrote:
 On Tue, Aug 19, 2008 at 5:05 AM, Kostas Zorbadelos [EMAIL PROTECTED] wrote:
 On Tuesday 19 August 2008 11:58:34 Karl Sjodahl - dunceor wrote:
 On Tue, Aug 19, 2008 at 10:29 AM, Kostas Zorbadelos [EMAIL PROTECTED]
 wrote:
  Hello to everyone.
 
  This is my first post here and I should be considered a new user in
  OpenBSD. I have an Apple Macbook (13.3') Intel Core 2 Duo and I managed
  to install 4.3-release/amd64. I have a working console-based system using
  GENERIC.MP kernel. The problem is when I start X I can see no fonts on
  the screen (seems like an X server synchronization problem).


 I should have included that in the first place :)

 As I can see I also have a 2,1 but I guess the Intel card is supported in the
 Xorg intel driver...


 You have a 2,1? How did you get it installed in the first place? The
 install kernel hangs for me. I got around that by putting the
 harddrive in a different computer, but I'm wondering if I missed an
 easier way.

 -Nick



Last time I installed it there was a long pause in the install process
when it tried to find something.
It finally timed out and then just continued.

BR
dunceor

Re: named starting slowly

[Otto Moerbeek]

On Wed, Aug 20, 2008 at 12:13:02PM +0200, Jan Stary wrote:

 Replying to myself,
 
 On Aug 18 20:51:26, Jan Stary wrote:
  This is -current as of a few weeks back, running on ALIX2C3.
  Works smoothly as my home router/fw/dns, but when booting
  gets to starting named, there is a strange slowdown:

I expect it to be the extra randomization that named does. Since some
time, at startup, it builds a table that is used to randomize id's.
This is computationally a bit expensive, and you could notice it on a
slow host. 

The extra binding messages could very well be caused by the source
port randomizations done now. You seem to use a pretty high debug log
level.

-Otto

Re: bridge and carp

[Harald Dunkel]

Check the pfsync man page about how pfsync and carp are related
in a failover scenario.

Henning Brauer wrote:

* Harald Dunkel [EMAIL PROTECTED] [2008-08-20 09:43]:

Marco Fretz wrote:

Bridges are layer 2, carp is layer 3 (it shares IP addresses). So carp
can not handle this by its nature I think. Just place the both bridges
in your LAN and you have your fail-over solution. 

Packet Filter still does stateful inspection, even in bridging mode,


and that is related to carp how?
hint: not at all.

Re: bridge and carp

[Paul de Weerd]

On Wed, Aug 20, 2008 at 04:30:36PM +0200, Harald Dunkel wrote:
 Check the pfsync man page about how pfsync and carp are related
 in a failover scenario.

Then check the code to see who wrote this stuff

Cheers,

Paul 'WEiRD' de Weerd

 Henning Brauer wrote:

[lots of code in the networking area...]

-- 
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/ 

Re: named starting slowly

[Jan Stary]

On Aug 20 15:36:36, Otto Moerbeek wrote:
  On Aug 18 20:51:26, Jan Stary wrote:
   This is -current as of a few weeks back, running on ALIX2C3.
   Works smoothly as my home router/fw/dns, but when booting
   gets to starting named, there is a strange slowdown:
 
 I expect it to be the extra randomization that named does. Since some
 time, at startup, it builds a table that is used to randomize id's.
 This is computationally a bit expensive, and you could notice it on a
 slow host. 

Sounds very probable.

 The extra binding messages could very well be caused by the source
 port randomizations done now. You seem to use a pretty high debug log
 level.

Indeed,

logging {
channel syslog_channel {
syslog local0;
severity info;
print-category no;
print-severity no;
print-time no;
};

I just bumped severity to even debug, and restarted named
(pkill named, sleep, named) while looking at the log to
confirm your explanation; named now starts in one second:

Aug 20 17:22:23 gw named[32687]: exiting
Aug 20 17:22:31 gw named[29116]: starting BIND 9.4.2-P1
Aug 20 17:22:31 gw named[29116]: loading configuration from '/etc/named.conf'
Aug 20 17:22:31 gw named[29116]: listening on IPv6 interfaces, port 53
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: listening on IPv4 interface lo0, 127.0.0.1#53
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: listening on IPv4 interface vr0, 
192.167.167.1#53
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: listening on IPv4 interface vr1, 
192.168.111.1#53
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: listening on IPv4 interface vr2, 
192.168.222.1#53
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: Binding locally
Aug 20 17:22:31 gw named[29116]: Binding locally
Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
254.169.IN-ADDR.ARPA
Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
2.0.192.IN-ADDR.ARPA
Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
255.255.255.255.IN-ADDR.ARPA
Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
D.F.IP6.ARPA
Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
8.E.F.IP6.ARPA
Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
9.E.F.IP6.ARPA
Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
A.E.F.IP6.ARPA
Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
B.E.F.IP6.ARPA
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: command channel listening on 127.0.0.1#953
Aug 20 17:22:31 gw named[29116]: Binding privsep
Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
Aug 20 17:22:31 gw named[29116]: command channel listening on ::1#953
Aug 20 17:22:31 gw named[29116]: now using logging configuration from config 
file
Aug 20 17:22:31 gw named[29116]: load_configuration: success
Aug 20 17:22:31 gw named[29116]: zone 127.in-addr.arpa/IN/internal: starting 
load
Aug 20 17:22:31 gw named[29116]: zone 127.in-addr.arpa/IN/internal: journal 
rollforward completed successfully: no journal
Aug 20 17:22:31 gw named[29116]: zone 127.in-addr.arpa/IN/internal: loaded
Aug 20 17:22:31 gw named[29116]: zone 127.in-addr.arpa/IN/internal: loaded 
serial 1
Aug 20 17:22:31 gw named[29116]: zone 254.169.IN-ADDR.ARPA/IN/internal: 
starting load
Aug 20 17:22:31 gw named[29116]: zone 254.169.IN-ADDR.ARPA/IN/internal: loaded
Aug 20 17:22:31 gw named[29116]: zone 

Re: named starting slowly

[Otto Moerbeek]

On Wed, Aug 20, 2008 at 05:36:36PM +0200, Jan Stary wrote:

 On Aug 20 15:36:36, Otto Moerbeek wrote:
   On Aug 18 20:51:26, Jan Stary wrote:
This is -current as of a few weeks back, running on ALIX2C3.
Works smoothly as my home router/fw/dns, but when booting
gets to starting named, there is a strange slowdown:
  
  I expect it to be the extra randomization that named does. Since some
  time, at startup, it builds a table that is used to randomize id's.
  This is computationally a bit expensive, and you could notice it on a
  slow host. 
 
 Sounds very probable.
 
  The extra binding messages could very well be caused by the source
  port randomizations done now. You seem to use a pretty high debug log
  level.
 
 Indeed,
 
   logging {
   channel syslog_channel {
   syslog local0;
   severity info;
   print-category no;
   print-severity no;
   print-time no;
   };
 
 I just bumped severity to even debug, and restarted named
 (pkill named, sleep, named) while looking at the log to
 confirm your explanation; named now starts in one second:
 
 Aug 20 17:22:23 gw named[32687]: exiting
 Aug 20 17:22:31 gw named[29116]: starting BIND 9.4.2-P1
 Aug 20 17:22:31 gw named[29116]: loading configuration from '/etc/named.conf'
 Aug 20 17:22:31 gw named[29116]: listening on IPv6 interfaces, port 53
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: listening on IPv4 interface lo0, 127.0.0.1#53
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: listening on IPv4 interface vr0, 
 192.167.167.1#53
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: listening on IPv4 interface vr1, 
 192.168.111.1#53
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: listening on IPv4 interface vr2, 
 192.168.222.1#53
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: Binding locally
 Aug 20 17:22:31 gw named[29116]: Binding locally
 Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
 254.169.IN-ADDR.ARPA
 Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
 2.0.192.IN-ADDR.ARPA
 Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
 255.255.255.255.IN-ADDR.ARPA
 Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
 Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
 Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
 D.F.IP6.ARPA
 Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
 8.E.F.IP6.ARPA
 Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
 9.E.F.IP6.ARPA
 Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
 A.E.F.IP6.ARPA
 Aug 20 17:22:31 gw named[29116]: automatic empty zone: view internal: 
 B.E.F.IP6.ARPA
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: command channel listening on 127.0.0.1#953
 Aug 20 17:22:31 gw named[29116]: Binding privsep
 Aug 20 17:22:31 gw named[3931]: [priv]: msg PRIV_BIND received
 Aug 20 17:22:31 gw named[29116]: command channel listening on ::1#953
 Aug 20 17:22:31 gw named[29116]: now using logging configuration from config 
 file
 Aug 20 17:22:31 gw named[29116]: load_configuration: success
 Aug 20 17:22:31 gw named[29116]: zone 127.in-addr.arpa/IN/internal: starting 
 load
 Aug 20 17:22:31 gw named[29116]: zone 127.in-addr.arpa/IN/internal: journal 
 rollforward completed successfully: no journal
 Aug 20 17:22:31 gw named[29116]: zone 127.in-addr.arpa/IN/internal: loaded
 Aug 20 17:22:31 gw named[29116]: zone 127.in-addr.arpa/IN/internal: loaded 
 serial 1
 Aug 20 17:22:31 gw named[29116]: zone 

Re: Apple Macbook Xorg synchronization problems

[Nick Guenther]

On Wed, Aug 20, 2008 at 8:20 AM, Karl Sjodahl - dunceor
[EMAIL PROTECTED] wrote:
 On Tue, Aug 19, 2008 at 9:32 PM, Nick Guenther [EMAIL PROTECTED] wrote:


 You have a 2,1? How did you get it installed in the first place? The
 install kernel hangs for me. I got around that by putting the
 harddrive in a different computer, but I'm wondering if I missed an
 easier way.

 -Nick



 Last time I installed it there was a long pause in the install process
 when it tried to find something.
 It finally timed out and then just continued.


I get that long pause too, but then after that the USB hubs don't work
(there's a bunch of errors about that) and so the keyboard doesn't
work. You don't see that?
-Nick

Still confused about ipsecctl(8)

[Michiel van der Kraats]

Hi List,

I'm trying to delete a specific flow from the SAD using ipsecctl. I've
read about the -d option and the -k option needed when deleting flows.
I've tried following the instructions in
http://readlist.com/lists/openbsd.org/misc/12/60081.html but I still
seem to be missing something. I first tried to delete the flow:

# ipsecctl -sf | grep 192.168.113.0/24 | ipsecctl -d -f-
stdin: 1: syntax error
stdin: 2: syntax error
ipsecctl: Syntax error in config file: ipsec rules not loaded

Which makes sense because that output is not valid ipsec.conf(5)
syntax. Do I need to create a file with the exact ipsec.conf(5) syntax
of the flow I want to delete? I'm dealing with these kinds of entries
in ipsec.conf:

ike esp from 192.168.xxx.0/24 to 192.168.113.0/24 peer nnn.nnn.nnn.nnn\
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes group modp1024 \
psk mytopsecretpresharedkey tag my-connection

The background of this post is that I'm in the process of migrating a
number of VPN's to new DSL connections. This means the ipsec peer
changes but the other flow data does not. This seems to confuse
ipsecctl and while the IP address is indeed changed in ipsec.conf,
reloaded with ipsecctl -f /etc/ipsec.conf and a check with ipsecctl
-v -v -f /etc/ipsec.conf confirms ipsecctl is using the new IP
address the old flow and old peer address still sticks around in the
SAD. In the past ipsecctl would establish the new flow correctly when
the tag was changed along with the peer address but I've had no such
luck this time. I'm using OpenBSD 4.2 by the way.

Kind regards,

-- 
Michiel van der Kraats

Re: Apple Macbook Xorg synchronization problems

[Pierre Riteau]

On Wed, Aug 20, 2008 at 11:56:38AM -0400, Nick Guenther wrote:
 On Wed, Aug 20, 2008 at 8:20 AM, Karl Sjodahl - dunceor
 [EMAIL PROTECTED] wrote:
  On Tue, Aug 19, 2008 at 9:32 PM, Nick Guenther [EMAIL PROTECTED] wrote:
 
 
  You have a 2,1? How did you get it installed in the first place? The
  install kernel hangs for me. I got around that by putting the
  harddrive in a different computer, but I'm wondering if I missed an
  easier way.
 
  -Nick
 
 
 
  Last time I installed it there was a long pause in the install process
  when it tried to find something.
  It finally timed out and then just continued.
 
 
 I get that long pause too, but then after that the USB hubs don't work
 (there's a bunch of errors about that) and so the keyboard doesn't
 work. You don't see that?
 -Nick
 

Make sure you plug the USB keyboard in the USB port the closest from you
(farthest from the screen).

Ethernet (and sound?) doesn't work on my new notebook

[thacrazze]

Hello,

I have a new new notebook, an ASUS F5SL-AP177D with the following
configuration:
Pentium Dual-Core T2390 2x 1.86GHz  2048MB  250GB  DVD+/-RW DL 
ATI Mobility Radeon HD 3470 256MB  4x USB 2.0/Modem/Gb LAN/WLAN
802.11bg  ExpressCard Slot  4in1 Card Reader (SD/MMC/MS/MS Pro) 
Webcam (1.3 Megapixel)  15.4 WXGA glare TFT (1280x800)  FreeDOS 
Li-Ion storage-battery  2.60kg


So I want to install OpenBSD. But my ethernet doesnt work on OpenBSD
(I tested 4.3-stable and 4.4-current [2008-08-19 and 2008-08-12]
amd64)

Here is the relevant part of my dmesg/4.4-current: (hand-written
copied from display, because no connection to internet)
-openbsd 4.4 dmesg amd64--
pchb0 at pci0 dev 0 function 0 vendor SiS, unknown product 0x0671 rev 0x00
vga1 at pci1 dev 0 function 0 vendor ATI, unknown product 0x95c4 rev 0x00
vendor SiS, unknown product 0x0968 (class bridge subclass ISA, rev
0x01) at pci0 dev 2 function 0 not configured
SiS 191 rev 0x02 at pci0 dev 4 function 0 not configured
pciide1 at pci0 dev 5 function 0 vendor SiS, unknown product 0x1183
rev 0x03: byte 2110
SiS 966 HD Audio rev 0x00 at pci0 dev 15 function 0 not configured
uhid at uhidev0 not configured
-
---

I hope someone can help me :), and sorry for my bad english

Best regards,
thacrazze

.
.
.
.
.
For comparison some parts from my linux dmesg:
-
---
[EMAIL PROTECTED]:~$ dmesg|grep eth0
[   28.365283] eth0: RGMII mode.
[   28.365290] eth0: Enabling Auto-negotiation.
[   39.591987] eth0: mii ext = .
[   39.607970] eth0: mii lpa = 41e1 adv = 01e1.
[   39.607974] eth0: link on 100 Mbps Full Duplex mode.
[   39.791778] eth0: mii ext = .
[   39.807757] eth0: mii lpa = 41e1 adv = 01e1.
[   39.807762] eth0: link on 100 Mbps Full Duplex mode.
[   57.736671] eth0: no IPv6 routers present
[EMAIL PROTECTED]:~$ dmesg|grep sis
[   18.852012] pata_sis :00:02.5: version 0.5.2
[   18.852241] scsi0 : pata_sis
[   18.852300] scsi1 : pata_sis
[   19.347890] sata_sis :00:05.0: version 1.0
[   19.347918] sata_sis :00:05.0: Detected SiS
1183/966/966L/968/680 controller in PATA mode
[   19.352480] scsi2 : sata_sis
[   19.355174] scsi3 : sata_sis
[   27.733026] sis190 Gigabit Ethernet driver 1.2 loaded.
[EMAIL PROTECTED]:~$ dmesg|grep SiS
[   19.347918] sata_sis :00:05.0: Detected SiS
1183/966/966L/968/680 controller in PATA mode
[   28.365278] :00:04.0: SiS 191 PCI Gigabit Ethernet adapter at
c2e84c00 (IRQ: 19), 00:1e:8c:7e:ae:d8

And for sound I need under Linux in /etc/modprobe.d/alsa-base:
options snd-hda-intel model=lenovo

(I will delete Linux when OpenBSD works with sound  ethernet)

Re: bridge and carp

[alexander lind]

On Aug 20, 2008, at 12:06 AM, Marco Fretz wrote:


Is it possible to have two OpenBSD bridging firewalls work together
with CARP now?


What do you mean by work together? Only fail-over? load-share?


Fail-over is my primary concern.



Update the ifp of bridge cache entries if the entry is not static.
This makes carp(4) fail-over work over bridge(4).


I think this means only that it is possible to use carp over bridges,
not for bridges. but maybe I'm wrong. :-)


Ah, that makes sense I suppose since I can't find many references to  
this particular scenario elsewhere!



So my question is, am I understanding this right if I say that it is
indeed possible to set up a pair of redundant carped firewalls using
OpenBSD 4.2 or above?


Bridges are layer 2, carp is layer 3 (it shares IP addresses). So carp
can not handle this by its nature I think. Just place the both bridges
in your LAN and you have your fail-over solution. I've never done
something with openbsd bridges but as I know it from bridge-utils from
linux you can set STP priority and costs to influence spanning tree  
path

selection. Of course your LAN switch should be capable of basic
spanning-tree functions as well.

after the first bridge goes down, spanning tree takes automatically  
the
next best path by setting the needed switchports to forward (instead  
of

blocking).


This sounds like the best route for us. I will experiment and see if I  
can get it working like this later today.


Thanks for your advice!

Alec

bgpd extension handling capabilities

[Graeme Lee]

I've had to connect to a new upstream peer which is advertising an IPv4 
safi of 128  (MPLS-labelled VPN address)

see http://www.iana.org/assignments/safi-namespace

I've modified the source to temporarily ignore this (actually anything 
over 127) as it currently only accepts 1 thru 3.  Once the session is 
established, everything works well.  What I really need to know is if 
this is potentially A Huge Mistake, or should bgpd be able to ignore 
unsupported capabilities being advertised to it?


Any advice would be appreciated.

g

Re: bgpd extension handling capabilities

[Henning Brauer]

* Graeme Lee [EMAIL PROTECTED] [2008-08-21 01:51]:
 I've had to connect to a new upstream peer which is advertising an IPv4 
 safi of 128  (MPLS-labelled VPN address)
 see http://www.iana.org/assignments/safi-namespace

 I've modified the source to temporarily ignore this (actually anything over 
 127) as it currently only accepts 1 thru 3.  Once the session is 
 established, everything works well.  What I really need to know is if this 
 is potentially A Huge Mistake, or should bgpd be able to ignore unsupported 
 capabilities being advertised to it?

the standards are pretty unclear about it, but the most logical
interpretation is that we have to send back a notification telling the
peer that we don't support this so capability negotiation actually works.

what is the peer? first time i hear sth doens't work w/ capa negitiation...

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: bgpd extension handling capabilities

[Stuart Henderson]

On 2008-08-20, Graeme Lee [EMAIL PROTECTED] wrote:
 I've had to connect to a new upstream peer which is advertising an IPv4 
 safi of 128  (MPLS-labelled VPN address)
 see http://www.iana.org/assignments/safi-namespace

 I've modified the source to temporarily ignore this (actually anything 
 over 127) as it currently only accepts 1 thru 3.  Once the session is 
 established, everything works well.  What I really need to know is if 
 this is potentially A Huge Mistake, or should bgpd be able to ignore 
 unsupported capabilities being advertised to it?

that's not a capability, it's an address-family type. my initial feeling
is that the peer is probably not configured quite correctly...

shell not reading login script

[Joel Rees]

Not sure whether this is better asked on misc or ppc,
but it seems like a general question.

I'm trying to set up an ancient clamshell iBook. It boots,
I've sent in the dmesg, now I'm prepping for updating
to the patch branch via anoncvs.

I was thinking I wanted to set CVSROOT and  PKG_PATH
in my login scripts, but the login scripts seem to be ignored.

$ tail -1 /etc/passwd
admin:*:1000:1000:Big Shot:/home/admin:/bin/sh

(User names changed to protect the guilty.)

Added markers to each of .profile, login and .cshrc:

PROFMARKER=.profile

etc. But none of the markers show up in a printenv, whether
I simply start a new xterm, or go to the trouble of logging out
and back in.

Anyone willing to tell me what's wrong with my thinking here?

Joel Rees
(waiting for a 3+GHz ARM processor to come out,
to test Steve's willingness to switch again.)

Re: bgpd extension handling capabilities

[Graeme Lee]

Henning Brauer wrote:

* Graeme Lee [EMAIL PROTECTED] [2008-08-21 01:51]:
  
I've had to connect to a new upstream peer which is advertising an IPv4 
safi of 128  (MPLS-labelled VPN address)

see http://www.iana.org/assignments/safi-namespace

I've modified the source to temporarily ignore this (actually anything over 
127) as it currently only accepts 1 thru 3.  Once the session is 
established, everything works well.  What I really need to know is if this 
is potentially A Huge Mistake, or should bgpd be able to ignore unsupported 
capabilities being advertised to it?



the standards are pretty unclear about it, but the most logical
interpretation is that we have to send back a notification telling the
peer that we don't support this so capability negotiation actually works.

what is the peer? first time i hear sth doens't work w/ capa negitiation...

  

The peer is NexGen networks.  I gather they're using an Alcatel OS/R.

All I've done to work around this at present is extended the test in 
session.c to ignore  mp_safi  128 after the first test fails.  
Otherwise I just get this in the log every 30 seconds:


Aug 19 11:01:30 gw-nexgen bgpd[22795]: neighbor 121.200.227.93 (NexGen): 
state change Idle - Active, reason: Start
Aug 19 11:01:30 gw-nexgen bgpd[22795]: neighbor 121.200.227.93 (NexGen): 
state change Active - OpenSent, reason: Connection opened
Aug 19 11:01:30 gw-nexgen bgpd[22795]: neighbor 121.200.227.93 (NexGen): 
parse_capabilities: AFI IPv4, mp_safi 128 illegal
Aug 19 11:01:30 gw-nexgen bgpd[22795]: neighbor 121.200.227.93 (NexGen): 
state change OpenSent - Idle, reason: OPEN message received



Changing the test allows bgpd to continue, and I can get the following 
at least:


# bgpctl show neigh
BGP neighbor is x, remote AS 38809
Description: NexGen
 BGP version 4, remote router-id
 BGP state = Established, up for 1d01h50m
 Last read 00:00:04, holdtime 90s, keepalive interval 30s
 Neighbor capabilities:
   Multiprotocol extensions: IPv4 unknown (128)
   Route Refresh

 Message statistics:
 Sent   Received
 Opens1  1
 Notifications0  0
 Updates  4  92476
 Keepalives2522   3107
 Route Refresh0  0
 Total 2527  95584

 Update statistics:
 Sent   Received
 Updates  4 351083
 Withdraws3  17886

 Local host:121.200.227.94, Local port:  41277
 Remote host:   121.200.227.93, Remote port:   179

I'm embarassed. (Re: shell not reading login script)

[Joel Rees]

export PROFMARKER=.profile
setenv CSHMARKER .cshrc
setenv LOGINMARKER .login

(hangs head in shame.)

Except, csh picks up one marker, sh and ksh pick up none. So I'm
still puzzled

On 平成 20/08/21, at 10:30, Joel Rees wrote:


Not sure whether this is better asked on misc or ppc,
but it seems like a general question.

I'm trying to set up an ancient clamshell iBook. It boots,
I've sent in the dmesg, now I'm prepping for updating
to the patch branch via anoncvs.

I was thinking I wanted to set CVSROOT and  PKG_PATH
in my login scripts, but the login scripts seem to be ignored.

$ tail -1 /etc/passwd
admin:*:1000:1000:Big Shot:/home/admin:/bin/sh

(User names changed to protect the guilty.)

Added markers to each of .profile, login and .cshrc:

PROFMARKER=.profile

etc. But none of the markers show up in a printenv, whether
I simply start a new xterm, or go to the trouble of logging out
and back in.

Anyone willing to tell me what's wrong with my thinking here?

Joel Rees
(waiting for a 3+GHz ARM processor to come out,
to test Steve's willingness to switch again.)



Joel Rees
(waiting for a 3+GHz ARM processor to come out,
to test Steve's willingness to switch again.)

no ssh fingerprints showing for some anoncvs mirrors

[Joel Rees]

Specifically, in my case,

[EMAIL PROTECTED]:/cvs
Host also known as kankoromochi.econ.nagasaki-u.ac.jp.
Location: Nagasaki University, Faculty of Economics, Nagasaki, Japan.
Maintained by Suzuki Itoshi.
Protocols: ssh, pserver.
Updated every 3 hours.

Is this just a case of a potential problem that is not currently high
enough risk? I don't suppose there's any other way to find those,
except e-mailing Mr. Suzuki and asking? (I can't imagine he wants
to spend a lot of time answering such e-mails.)

And, while I'm being noisy, is there anywhere to find official MD5
checksums for the src.tar.gz, sys.tar.gz, xorg.tar.gz, and ports.tar.gz
tarballs?

Joel Rees
(waiting for a 3+GHz ARM processor to come out,
to test Steve's willingness to switch again.)

Re: shell not reading login script

[Adriaan]

On Thu, Aug 21, 2008 at 3:30 AM, Joel Rees [EMAIL PROTECTED] wrote:

 I was thinking I wanted to set CVSROOT and  PKG_PATH
 in my login scripts, but the login scripts seem to be ignored.

 $ tail -1 /etc/passwd
 admin:*:1000:1000:Big Shot:/home/admin:/bin/sh

 (User names changed to protect the guilty.)

 Added markers to each of .profile, login and .cshrc:

 PROFMARKER=.profile
[snip]

 etc. But none of the markers show up in a printenv, whether
 I simply start a new xterm, or go to the trouble of logging out
 and back in.

Read about the -ls' option in the xterm man page.

Re: I'm embarassed. (Re: shell not reading login script)

[Philip Guenther]

2008/8/20 Joel Rees [EMAIL PROTECTED]:
 export PROFMARKER=.profile
 setenv CSHMARKER .cshrc
 setenv LOGINMARKER .login

 (hangs head in shame.)

 Except, csh picks up one marker, sh and ksh pick up none. So I'm
 still puzzled

I love how don't actually describe where you put those or which
'marker' did get 'picked up'.  No wait, I actually find that really
annoying.  Why do people leave relevant facts out?

...
 etc. But none of the markers show up in a printenv, whether
 I simply start a new xterm, or go to the trouble of logging out
 and back in.

Okay, you need to review the sh(1) and csh(1) manpages and read where
they describe when the .profile or .cshrc and .login are read.  Pay
attention to the phrase login shell.  Then go read the xterm(1)
manpage and search for the phrase login shell.


 Anyone willing to tell me what's wrong with my thinking here?

1) Failure to read the manpages
2) Failure to search the archives (I posted a long explanation of when
the .profile
is read vs $ENV recently.)


Philip Guenther

Vlan Tag on Vlan Tag (l2tunneling)

[Insan Praja SW]

Hi Misc@,
I Currently busting my a** to setup cizcoz catalyst 3550 to do dot1q  
tunneling over EoMPLS network. Its seem the only way to do it is to use  
this 3*50 Catalysts. But I'm curious, if I created a vlan interface over  
vlan interface on OBSD(ie, create a vlan interface over a phy_if, say  
vlan2 vlan id 2 and then create another vlan_if say vlan4 vlan id 4 over  
vlan2) does it make it compatible with sicko l2tunneling/dot1q-tunneling?.

I wish I had a spare ports on my obsd machine so I can try this out.
Thanks,

--
insandotpraja(at)gmaildotcom