Re: IPSEC and NAT
Johan Borch gmail.com> writes: > > Hi all, > > I have a problem with nat on an ipsec-tunnel. > > My setup is a follows: > > obsd 4.3 which have two IPSEC tunnels, one of the tunnels have an > gif-interface on top of it to simplify routing the other one don't. > > External: > em0, addr. 1.1.1.1 > > 2.2.2.0/24 vlan106-\__fxp0-- internal > 3.3.3.0/24 vlan107-/ > > tunnel1 2.2.2.0/24 - 4.4.4.0/24 is working great and routing via gif0. > tunnel2 3.3.3.0/24 - customer site 6.6.6.0/24, endpoint external addr > 9.9.9.1, gif tunnel not possible. > > ipsec for tunnel2: > ike dynamic esp from 3.3.3.0/24 to 6.6.6.0/24 local 1.1.1.1 peer > 9.9.9.1.. > > The tunnels gets initiated ok but I can't get anything routed to the > customer network 6.6.6.0/24, the > other side of the tunnel only accept traffic coming from 3.3.3.0/24. If I do > "ping -I 3.3.3.1 6.6.6.4" > traffic passes the tunnel to the customer net and I get a reply, so I > probably need some kind of NAT rule for other hosts on my > networks to be able to use the tunnel. I have tried to do NAT on vlan107 but > it's not working. > > nat pass log on vlan107 from 4.4.4.0/24 to 6.6.6.0/24 -> 3.3.3.1 > > My problem is that I want to have traffic that comes from tunnel1 ( > 4.4.4.0/24) (via gif0) to be able to go out via tunnel2 with 3.3.3.1 as > src addr, is this possible? If i do ping against 6.6.6.4 from a host on the > 4.4.4.0/24-network i see traffic coming on gif0 but it stops there, where > should i put the nat-rule? > > Regards Johan > > No takers for this? :( I've come a little further (I think so anyway). Right now I have created a loopback interface with the address 3.3.3.1 and added a static route saying "6.6.6.0/24 -> 3.3.3.1" and I can with that action ping stuff on the other side of the tunnel, but only from the ipsecserver it self not from other networks. So my problem is still where to put the NAT-rule. If I put the NAT-rule on lo1 and do a dump when pinging from the client-network i get the folling: 08:27:25.496087 a.b.c.d-client > 6.6.6.4: icmp: echo request 08:27:25.496194 3.3.3.1 > 3.3.3.1: icmp: redirect 6.6.6.4 to host 3.3.3.1 And i don't quite understand why this happens. If I do a ping from the ipsec-server to the other side of the tunnel I get a reply but I can't find (using tcpdump) the traffic on any interface. Is ipsec doing some magic with this traffic? Does'nt ipsec follow normal route entries? Desperate hope's for an reply, regards Johan
Tcsh does not recognize alt keys as meta
I installed tcsh using pkg_add on OBSD i386 4.3. The problem is that tcsh doesn't recognize either left or right alt key as meta. Instead I get different accented characters such as: (alt-backspace), f (alt-f), b (alt-b). This is true for both BSD and XTerm consoles. The alt keys work fine as meta under the default ksh shell. Out of the box, zsh also doesn't recognize the alt keys. However, adding "bindkey -m" to ~/.zshrc appears to "fix" the problem. Unfortunately, tcsh's bindkey doesn't have this "-m" option. Can somebody suggest a fix for enabling the console to recognize the alt keys as meta keys? I need to use tcsh because this is the shell I use in OSX and GNU/Linux. Thanks
Re: Advbase range?
On 2008-09-18, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > 2008/9/18 Cezary Morga <[EMAIL PROTECTED]> > >> Dnia czwartek, 18 wrze6nia 2008, napisa3e6: >> > I understand the concept of an 8 bit integer. What I meant by >> > ambiguous is the acceptable ranges that are being used, assuming >> > vhid's are an 8-bit integer as well, although thats not explicitly >> > stated it sure looks like one, why isnt 0 acceptable? >> >> The ifconfig(8) manpage states: >> vhid n If the driver is a carp(4) pseudo-device, set the virtual host >> ID to n. Acceptable values are 1 to 255. >> >> And in the ifconfig.c you have: >> vhid = strtonum(val, 1, 255, &errmsg); >> > > That was a rhetorical question. It makes little difference to me why I cant > set a vhid to 0. I asked it to make a point about your previous comment on > ambiguity. > >> >> > Ok then if this is true, then can anyone tell me what else would >> > prevent me from assigning 0 to the advbase. >> >> Common sense? You can set advbase to 0 and ifconfig won't complain about >> it, but it seems that somewhere between the lines ifconfig simply >> ignores such value and uses default or previously set. I haven't >> managed to find what it actually does in such situation, but I'm no C >> programmer. >> > > Common sense? Please. There are many examples on these lists of people > trying to accomplish crazier things then trying to lower there failover > times to something less then 3 seconds. Look I appreciate you attempting to > help and all, but if your going to be rude about it please dont bother. Did you see this from when it came up before? http://archive.netbsd.se/?ml=openbsd-bugs&a=2007-03&m=3363926
Re: Mirror/anoncvs traffic stats?
On Fri, Sep 19, 2008 at 02:47:43AM +0400, Vadim Zhukov wrote: > Hello to all, especially ones running mirrors/anoncvs servers. > > Does anyone have traffic statistics, especially inbound traffic? openbsd.mirror.frontiernet.net gets its anoncvs via sup and its ftp root via rsync; incoming bandwidth use is very very small. there're spurts of 512K/s incoming when it does its update checks, generally they're like <10m long. when they're longer than that, i am usually receiving data between 256K/s and 512K/s maybe for a few hrs. -- jared
Re: Mirror/anoncvs traffic stats?
Vadim Zhukov wrote: > Hello to all, especially ones running mirrors/anoncvs servers. > > Does anyone have traffic statistics, especially inbound traffic? I want > to set up a mirror but I need to know how much inbound traffic it'll > generate. I do not pay for outbound traffic, so I do not bother about > it. > > Thanks in advance. How to create a small fortune: Start with a LARGE fortune, and run a mirror paying for data movement. This isn't a bandwidth number, but it will give you some idea: /var/www/ftp/pub/OpenBSD $ du -hs snapshots/ 49.4G snapshots/ Most of that will get replaced a few times a month. If you are paying for data transfer in or out, you don't wont want to be running a mirror unless you are trying to burn off some cash. If that's your goal, I can think of some better ways to do it. :) You can't run a good mirror if you are worrying about how much data is going in or out of it. (the world doesn't need another bad mirror). On the other hand...if your issue is data RATE rather than data TRANSFERED, you can just pick a slow (for you) source...but that will mean your mirror lags higher-order mirrors a bit. Nick.
Re: Mirror/anoncvs traffic stats?
September 19, 2008 Nick Holland wrote: > Vadim Zhukov wrote: > > Hello to all, especially ones running mirrors/anoncvs servers. > > > > Does anyone have traffic statistics, especially inbound traffic? I > > want to set up a mirror but I need to know how much inbound traffic > > it'll generate. I do not pay for outbound traffic, so I do not > > bother about it. > > > > Thanks in advance. > > How to create a small fortune: Start with a LARGE fortune, and run > a mirror paying for data movement. > > This isn't a bandwidth number, but it will give you some idea: > > /var/www/ftp/pub/OpenBSD $ du -hs snapshots/ > 49.4G snapshots/ > > Most of that will get replaced a few times a month. > > If you are paying for data transfer in or out, you don't wont want > to be running a mirror unless you are trying to burn off some cash. > If that's your goal, I can think of some better ways to do it. :) > > You can't run a good mirror if you are worrying about how much > data is going in or out of it. (the world doesn't need another > bad mirror). > > On the other hand...if your issue is data RATE rather than data > TRANSFERED, you can just pick a slow (for you) source...but that > will mean your mirror lags higher-order mirrors a bit. My fault, I didn't mention what I mean/want clearly. I do not bother about inbound traffic initiated _by_ mirror - it'll go through another path. In detail: I have to connections, one is common ISP connection with unlimited traffic but with dynamic IP (and I do NAT there), and second is good connection with static IP where I have to pay when incoming traffic overquotes. I'll get updates via dynamic IP connection, and server, of course, will run on public IP. I already checked that simple traversing /usr/src with "cvs update" takes about 4 megabytes inbound traffic (may be less). So, say, 40 such runs per day will eat up about 5 gigabytes of traffic per month. But I do not ever know, is "40" small, large or somewhat normal. I like OpenBSD, but is problem for me to order something - I live not in North America or EU. And my programmer skills are small too. So all that I can is to test sometimes things appearing on tech@ or ports@, and... set up another (hope not so bad:) ) mirror. -- Best wishes, Vadim Zhukov
Attansic L1 Gigabit Ethernet
Hello, Does anyone know whether the lii driver supports the Attansic L1 Gigabit Ethernet adapters? I know it supports the L2 adapters, but wanted to confirm the status of the L1 adapters. Please advise, Thanks
Re: Attansic L1 Gigabit Ethernet
* Kenneth Bond <[EMAIL PROTECTED]> [2008-09-19 14:08]: > Does anyone know whether the lii driver supports the Attansic L1 Gigabit > Ethernet adapters? doesn't. > I know it supports the L2 adapters, but wanted to confirm the status of the > L1 adapters. unsupported. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Strace for OpenBSD
Hi everybody, somebody say to me what is the equivalent to 'strace' for OpenBSD? Regards. Gonzalo.
Re: Strace for OpenBSD
ktrace. On Fri, Sep 19, 2008 at 09:41:58AM -0300, Gonzalo Lionel Rodriguez wrote: > Hi everybody, somebody say to me what is the equivalent to 'strace' for > OpenBSD? > > Regards. > > Gonzalo. > -- vi vi vi -- the number fo the beast
Re: Strace for OpenBSD
> Hi everybody, somebody say to me what is the equivalent to 'strace' for > OpenBSD? ktrace(1). Lars
ksh: tab completion problem
When I finally made switch to OpenBSD on my day-to-day system; I transferred all my files from my old system. One of the directory names has a $ in it. I figured out how to easily reproduce the problem I encountered (using /bin/ksh): mkdir '/tmp/test$1' mkdir '/tmp/test$1/test$2' cd /tmp/test [tab][tab] The first [tab] has expected result; but not the second one.
dhcpd and bootp
Hi all, I'm trying to get DHCP with BOOTP to work, but it just won't. I've set up dhcpd.conf with explicit allow bootp; and allow booting; the filename directive is in the declaration for the specific host. Tftp is running through inetd and works -- I've confirmed this by manually connecting to the server and downloading the image file. I'm starting dhcpd with the name of the interface to listen on as the only commandline argument. The client tries to connect to port 67, but dhcpd doesn't listen on this port (it doesn't listen on any port) and therefore the client fails. I can rule out an error on the client side as it did work with a different dhcp/bootp server which had the same configuration. My packet filter is set up to not block any traffic on internal interfaces at all. Am I missing a configuration option or something like that to tell dhcpd to listen on port 67? I'm running OpenBSD 4.4. Any help appreciated. Thanks, Lars
NSA Resources For Rapid Targeting and Routing Analysis
Coincidence? Subject: NSA Resources For Rapid Targeting and Routing Analysis Date: Sat, 2 Jun 2007 08:53:31 +0200 (CEST) In order to send ICMP or TCP packets (or spoofed UDP packets), "pinging" for rapid acquisition and analysis of a target IP's packet traffic routing data at the Internet IXP-level, NSA has primarily used, starting earlier than early 2006, the following IP ranges, with identification information where available, for initial rapid target "pings." Other resources for subsequent tracking of a target's IP packet traffic have been previously reported via Cryptome.org. NetRange: 216.218.128.0 - 216.218.255.255 CIDR: 216.218.128.0/17 Hurricane Electric 760 Mission Court Fremont CA 94539 US DNS: ns3.he.net [216.218.132.2]sandy.thehideout.net. ns2.he.net [216.218.131.2]sandy.thehideout.net ns1.he.net [216.218.130.2]sandy.thehideout.net. Previously, while using the name of "FAST COLOCATION SERVICES," with an address in Wasilla AK (Alaska), USA; DNS was: sandy2.thehideout.net [72.52.64.32] sandy.thehideout.net [72.52.64.32] * * The most dangerous man, to any government, is the man who is able to think things out for himself, without regard to the prevailing superstitions and taboos. --Mencken
Re: NSA Resources For Rapid Targeting and Routing Analysis
On Fri, Sep 19, 2008 at 12:38 PM, Doug Milam <[EMAIL PROTECTED]> wrote: > Subject: NSA Resources For Rapid Targeting and Routing Analysis > Date: Sat, 2 Jun 2007 08:53:31 +0200 (CEST) > > In order to send ICMP or TCP packets (or spoofed UDP packets), "pinging" for > rapid > acquisition and analysis of a target IP's packet traffic routing data at the > Internet > IXP-level, NSA has primarily used, starting earlier than early 2006, the > following > IP ranges, with identification information where available, for initial rapid > target > "pings." Other resources for subsequent tracking of a target's IP packet > traffic have > been previously reported via Cryptome.org. Can somebody please translate that into normal?
Re: dhcpd and bootp
Lars Kotthoff escreveu: > Hi all, > > I'm trying to get DHCP with BOOTP to work, but it just won't. I've set up > dhcpd.conf with explicit allow bootp; and allow booting; the filename > directive > is in the declaration for the specific host. Tftp is running through inetd and > works -- I've confirmed this by manually connecting to the server and > downloading the image file. > > I'm starting dhcpd with the name of the interface to listen on as the only > commandline argument. The client tries to connect to port 67, but dhcpd > doesn't > listen on this port (it doesn't listen on any port) and therefore the client > fails. I can rule out an error on the client side as it did work with a > different dhcp/bootp server which had the same configuration. > > My packet filter is set up to not block any traffic on internal interfaces at > all. Am I missing a configuration option or something like that to tell dhcpd > to > listen on port 67? I'm running OpenBSD 4.4. Any help appreciated. > > Thanks, > > Lars > > > Looks like a wrong dhcpd.conf file. If you start dhcpd with the interface as argument, it will see if the network configured for the interface, match with any subnet configured in dhcpd.conf. If there isn't any subnet declaration that match that if, it will simply drop. Check you syslog and daemon log files. They will tell you what is wrong. My regards, -- Giancarlo Razzolini http://lock.razzolini.adm.br Linux User 172199 Red Hat Certified Engineer no:804006389722501 Verify:https://www.redhat.com/certification/rhce/current/ Moleque Sem Conteudo Numero #002 OpenBSD Stable Ubuntu 8.04 Hardy Heron 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
Re: dhcpd and bootp
Lars Kotthoff schrieb: Hi all, I'm trying to get DHCP with BOOTP to work, but it just won't. I've set up dhcpd.conf with explicit allow bootp; and allow booting; the filename directive is in the declaration for the specific host. Tftp is running through inetd and works -- I've confirmed this by manually connecting to the server and downloading the image file. I'm starting dhcpd with the name of the interface to listen on as the only commandline argument. The client tries to connect to port 67, but dhcpd doesn't listen on this port (it doesn't listen on any port) and therefore the client fails. I can rule out an error on the client side as it did work with a different dhcp/bootp server which had the same configuration. My packet filter is set up to not block any traffic on internal interfaces at all. Am I missing a configuration option or something like that to tell dhcpd to listen on port 67? I'm running OpenBSD 4.4. Any help appreciated. Thanks, Lars How about dhcpd(8) options -d, -f, -n? Any useful output, then?
[semi-OT] OpenGL relicensing: Will the real Slim Shady please stand up?
>From http://www.linux.com/feature/148339 : > The [OpenGL] licensing problem has been an open secret for some time. (...) > However, little was done with the knowledge until January of this year, when > an OpenBSD user reported the problem to the FSF Does anyone know who that was? Many thanks to whoever it was! :) OpenBSD. Getting Shit Done since 1995. :) --ropers
Re: NSA Resources For Rapid Targeting and Routing Analysis
On Fri, Sep 19, 2008 at 10:12 AM, Ted Unangst <[EMAIL PROTECTED]> wrote: > On Fri, Sep 19, 2008 at 12:38 PM, Doug Milam <[EMAIL PROTECTED]> wrote: >> Subject: NSA Resources For Rapid Targeting and Routing Analysis >> Date: Sat, 2 Jun 2007 08:53:31 +0200 (CEST) >> >> In order to send ICMP or TCP packets (or spoofed UDP packets), "pinging" for >> rapid >> acquisition and analysis of a target IP's packet traffic routing data at the >> Internet >> IXP-level, NSA has primarily used, starting earlier than early 2006, the >> following >> IP ranges, with identification information where available, for initial >> rapid target >> "pings." Other resources for subsequent tracking of a target's IP packet >> traffic have >> been previously reported via Cryptome.org. > > Can somebody please translate that into normal? sure: "The government is out to get us all. Put on your tinfoil hat and prepare for the revolution! The Republicans/Illuminatti/Freemasons are coming from Wasilla AK" -B
Re: NSA Resources For Rapid Targeting and Routing Analysis
> From: Ted Unangst > Sent: Friday, September 19, 2008 1:12 PM > Cc: Misc OpenBSD > Subject: Re: NSA Resources For Rapid Targeting and Routing Analysis > > > On Fri, Sep 19, 2008 at 12:38 PM, Doug Milam > <[EMAIL PROTECTED]> wrote: > > Subject: NSA Resources For Rapid Targeting and Routing Analysis > > Date: Sat, 2 Jun 2007 08:53:31 +0200 (CEST) > > > > In order to send ICMP or TCP packets (or spoofed UDP > packets), "pinging" for rapid > > acquisition and analysis of a target IP's packet traffic > routing data at the Internet > > IXP-level, NSA has primarily used, starting earlier than > early 2006, the following > > IP ranges, with identification information where available, > for initial rapid target > > "pings." Other resources for subsequent tracking of a > target's IP packet traffic have > > been previously reported via Cryptome.org. > > Can somebody please translate that into normal? > > > Is it time to invest in a tin foil hat? s
Re: NSA Resources For Rapid Targeting and Routing Analysis
It's always time for that hat. On 9/19/08, Stuart VanZee <[EMAIL PROTECTED]> wrote: >> From: Ted Unangst >> Sent: Friday, September 19, 2008 1:12 PM >> Cc: Misc OpenBSD >> Subject: Re: NSA Resources For Rapid Targeting and Routing Analysis >> >> >> On Fri, Sep 19, 2008 at 12:38 PM, Doug Milam >> <[EMAIL PROTECTED]> wrote: >> > Subject: NSA Resources For Rapid Targeting and Routing Analysis >> > Date: Sat, 2 Jun 2007 08:53:31 +0200 (CEST) >> > >> > In order to send ICMP or TCP packets (or spoofed UDP >> packets), "pinging" for rapid >> > acquisition and analysis of a target IP's packet traffic >> routing data at the Internet >> > IXP-level, NSA has primarily used, starting earlier than >> early 2006, the following >> > IP ranges, with identification information where available, >> for initial rapid target >> > "pings." Other resources for subsequent tracking of a >> target's IP packet traffic have >> > been previously reported via Cryptome.org. >> >> Can somebody please translate that into normal? >> >> >> > > Is it time to invest in a tin foil hat? > > s
Re: NSA Resources For Rapid Targeting and Routing Analysis
On Fri, Sep 19, 2008 at 10:12 AM, Ted Unangst <[EMAIL PROTECTED]> wrote: > On Fri, Sep 19, 2008 at 12:38 PM, Doug Milam <[EMAIL PROTECTED]> wrote: >> Subject: NSA Resources For Rapid Targeting and Routing Analysis >> Date: Sat, 2 Jun 2007 08:53:31 +0200 (CEST) >> >> In order to send ICMP or TCP packets (or spoofed UDP packets), "pinging" for >> rapid >> acquisition and analysis of a target IP's packet traffic routing data at the >> Internet >> IXP-level, NSA has primarily used, starting earlier than early 2006, the >> following >> IP ranges, with identification information where available, for initial >> rapid target >> "pings." Other resources for subsequent tracking of a target's IP packet >> traffic have >> been previously reported via Cryptome.org. > > Can somebody please translate that into normal? > sure: > "The government is out to get us all. Put on your tinfoil hat and > prepare for the revolution! > The Republicans/Illuminatti/Freemasons are coming from Wasilla AK" > -B They always said the internet was a hostile place. * * The most dangerous man, to any government, is the man who is able to think things out for himself, without regard to the prevailing superstitions and taboos. --Mencken
Re: Tcsh does not recognize alt keys as meta
On Fri, Sep 19, 2008 at 12:35 AM, Slim Joe <[EMAIL PROTECTED]> wrote: > I installed tcsh using pkg_add on OBSD i386 4.3. The > problem is that tcsh doesn't recognize either left or > right alt key as meta. Instead I get different > accented characters such as: (alt-backspace), f > (alt-f), b (alt-b). This is true for both BSD and XTerm > consoles. In XTerm, hold down the control-key and then the left mouse button. A menu should pop up that includes the entry "Meta Sends Escape". It should be unchecked right now. Select it and release the mouse button, then see whether the behavior of your alt key is the way you want it. If yes, then you just need to set the XTerm*altSendsEscape resource in whatever file you use to control your X resources. Philip Guenther
Re: NSA Resources For Rapid Targeting and Routing Analysis
Bryan Irvine ha scritto: On Fri, Sep 19, 2008 at 10:12 AM, Ted Unangst <[EMAIL PROTECTED]> wrote: On Fri, Sep 19, 2008 at 12:38 PM, Doug Milam <[EMAIL PROTECTED]> wrote: Subject: NSA Resources For Rapid Targeting and Routing Analysis Date: Sat, 2 Jun 2007 08:53:31 +0200 (CEST) In order to send ICMP or TCP packets (or spoofed UDP packets), "pinging" for rapid acquisition and analysis of a target IP's packet traffic routing data at the Internet IXP-level, NSA has primarily used, starting earlier than early 2006, the following IP ranges, with identification information where available, for initial rapid target "pings." Other resources for subsequent tracking of a target's IP packet traffic have been previously reported via Cryptome.org. Can somebody please translate that into normal? sure: "The government is out to get us all. Put on your tinfoil hat and prepare for the revolution! The Republicans/Illuminatti/Freemasons are coming from Wasilla AK" -B The tinfoil hat it's gorgeous I order two... But, freemasons? Think about Kappa Sigma[1] that are more dangerous than freemasons. Francesco [1] Search on wikileaks
Re: Advbase range?
On Fri, Sep 19, 2008 at 1:53 AM, Stuart Henderson <[EMAIL PROTECTED]>wrote: > On 2008-09-18, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > 2008/9/18 Cezary Morga <[EMAIL PROTECTED]> > > > >> Dnia czwartek, 18 wrze6nia 2008, napisa3e6: > >> > I understand the concept of an 8 bit integer. What I meant by > >> > ambiguous is the acceptable ranges that are being used, assuming > >> > vhid's are an 8-bit integer as well, although thats not explicitly > >> > stated it sure looks like one, why isnt 0 acceptable? > >> > >> The ifconfig(8) manpage states: > >> vhid n If the driver is a carp(4) pseudo-device, set the virtual host > >> ID to n. Acceptable values are 1 to 255. > >> > >> And in the ifconfig.c you have: > >> vhid = strtonum(val, 1, 255, &errmsg); > >> > > > > That was a rhetorical question. It makes little difference to me why I > cant > > set a vhid to 0. I asked it to make a point about your previous comment > on > > ambiguity. > > > >> > >> > Ok then if this is true, then can anyone tell me what else would > >> > prevent me from assigning 0 to the advbase. > >> > >> Common sense? You can set advbase to 0 and ifconfig won't complain about > >> it, but it seems that somewhere between the lines ifconfig simply > >> ignores such value and uses default or previously set. I haven't > >> managed to find what it actually does in such situation, but I'm no C > >> programmer. > >> > > > > Common sense? Please. There are many examples on these lists of people > > trying to accomplish crazier things then trying to lower there failover > > times to something less then 3 seconds. Look I appreciate you attempting > to > > help and all, but if your going to be rude about it please dont bother. > > Did you see this from when it came up before? > http://archive.netbsd.se/?ml=openbsd-bugs&a=2007-03&m=3363926 > > Yah, I came across this and the guy said it worked great for him. Because of marco's warnings, I was attempting to find a happy medium between the posters advbase/skew settings and the defaults in a non-production network when I ran into not being able to set the advbase to 0. I actually found this little paragraph interesting in the full posting for another reason given the current events in los angeles and the recent metrolink train accident although Im sure there is no relation... "I understand your point, however our setup is in a closed network (for rail signalling, less than 15 km long). The network is well underused... we use optical fiber and send only 200 packets per second through the whole network. The switch over time must be under a second regardless of the type of faiure. 200ms carp advertising rate works beautifully." http://archive.netbsd.se/?ml=openbsd-bugs&a=2007-03&t=3355463
"suspend" command - curious of function
Hello - What does the "suspend" command do? I cannot find a man page on it, or entry in the FAQ, or anything useful in the mailing list archives or google (seems most deal with laptop suspend/restore).. When I type suspend at the cmd line, it drops me past the command line. Can't ^C or ^Z or anything out of it. Does it have a purpose? This is being run from an i386 desktop and I have no real need for it, just curious about it's function. Thank you. Brian
Re: dhcpd and bootp
To clarify, dhcp works perfectly as long as there isn't any bootp involved, i.e. clients which are configured to use dhcp get IP address, domain name, etc work fine. If I run dhcp in the foreground there's no output whatsoever when clients try bootp. Same thing for the system log files. Tcpdump tells me that the client tries to connect to port 67, but nothing is listening there and the client fails. Lsof and netstat confirm that nothing is listening on port 67. Lars
Re: "suspend" command - curious of function
On 16:40 Fri 19 Sep, Brian Drain wrote: > What does the "suspend" command do? I cannot find a man page on it, or > entry in the FAQ, or anything useful in the mailing list archives or > google (seems most deal with laptop suspend/restore).. When I type > suspend at the cmd line, it drops me past the command line. Can't ^C or > ^Z or anything out of it. Does it have a purpose? This is being run > from an i386 desktop and I have no real need for it, just curious about > it's function. > hi! Looks like it's shell-related job control function, it is nothing related to an OS. in ksh(1) it is an alias: suspend='kill -STOP $$' for bash(1) it looks like this: suspend [-f] Suspend the execution of this shell until it receives a SIGCONT signal. The -f option says not to complain if this is a login shell; just suspend anyway. The return status is 0 unless the shell is a login shell and -f is not supplied, or if job control is not enabled. -- Vladimir Kirillov
Re: "suspend" command - curious of function
> What does the "suspend" command do? I cannot find a man page on it, or > entry in the FAQ, or anything useful in the mailing list archives or > google (seems most deal with laptop suspend/restore).. When I type > suspend at the cmd line, it drops me past the command line. it's a command built in to the shell. from the csh manpage: suspend Causes the shell to stop in its tracks, much as if it had been sent a stop signal with ^Z. This is most often used to stop shells started by su(1). [EMAIL PROTECTED]:~> su Password: # suspend [1] + 26084 Suspended (signal)su [EMAIL PROTECTED]:~> jobs [1] + Suspended (signal)su [EMAIL PROTECTED]:~> fg su #
Re: "suspend" command - curious of function
On 2008-09-19, Brian Drain <[EMAIL PROTECTED]> wrote: > What does the "suspend" command do? Assuming your shell is /bin/ksh, ksh(1) documents what the suspend command does. -- Greetings from Oostende (BE) -*- Danny Cautaert (DaCa) Write me in Dutch, French or English * GnuPG: 10731977 Meet me at OpenCON * 28-30 November 2008 * Venice (IT)
Re: "suspend" command - curious of function
Hi Brian, Brian Drain wrote on Fri, Sep 19, 2008 at 04:40:14PM -0500: > What does the "suspend" command do? It's a shell command alias. Look out for the line suspend='kill -STOP $$' in ksh(1). > I cannot find a man page on it, In OpenBSD, most shell builtins and shell command aliases do not have their own man page or man page symlink. Such symlinks should not be added: Many shells have similar builtins, so which shell's man page would you link? To see the problem, look at alias(1). No, the alias builtin is not csh(1)-specific, ksh(1) has an alias builtin, too. Also, some shell builtins have the same name and similar functionality as stand-alone commands, for example echo(1), test(1). There are exceptions to the rule. For example, cd(1) is a shell builtin, but not a stand-alone command. On the other hand, not having symlinks for builtins makes it a bit harder to find manual information about them. But that's less annoying than a large number of symlinks, pointing mostly at the man page of the shell you are _not_ using. Thus, whenever you discover some unknown command (for example, suspend), try the following commands: $ apropos suspend # see man(1) $ which suspend# see which(1) $ alias suspend# see ksh(1) alias builtin $ man ksh # or whatever shell you are using Search the shell man page in order to find out whether it's a shell builtin or a default shell command alias. > I type suspend at the cmd line, it drops me past the command line. > Can't ^C or ^Z or anything out of it. Does it have a purpose? Try this: [EMAIL PROTECTED] $ echo $$ 22151 [EMAIL PROTECTED] $ sudo -i [EMAIL PROTECTED] # echo $$ 32319 [EMAIL PROTECTED] # suspend [1] + Suspended (signal) sudo -i [EMAIL PROTECTED] $ echo $$ 22151 [EMAIL PROTECTED] $ exit You have stopped jobs [EMAIL PROTECTED] $ fg %1 sudo -i [EMAIL PROTECTED] # echo $$ 32319 [EMAIL PROTECTED] # exit [EMAIL PROTECTED] $ echo $$ 22151 [EMAIL PROTECTED] $ exit Yours, Ingo
Re: "suspend" command - curious of function
2008/9/20 Ingo Schwarze <[EMAIL PROTECTED]>: > In OpenBSD, most shell builtins and shell command aliases do not have > their own man page or man page symlink. Such symlinks should not be > added: Many shells have similar builtins, so which shell's man page > would you link? Would it be useful to have man pages for built-ins, but make those man pages disambiguation pages that explain that the command in question is a shell built-in command, and how to find the relevant info on the respective shell's main man page? Another idea would be to make man look at $SHELL and serve up a relevant man page on that basis. This would require adding that logic to man though. regards, --ropers
Re: "suspend" command - curious of function
On Fri, Sep 19, 2008 at 11:51:45PM +, ropers wrote: > 2008/9/20 Ingo Schwarze <[EMAIL PROTECTED]>: > > In OpenBSD, most shell builtins and shell command aliases do not have > > their own man page or man page symlink. Such symlinks should not be > > added: Many shells have similar builtins, so which shell's man page > > would you link? > > Would it be useful to have man pages for built-ins, but make those man > pages disambiguation pages that explain that the command in question > is a shell built-in command, and how to find the relevant info on the > respective shell's main man page? > > Another idea would be to make man look at $SHELL and serve up a > relevant man page on that basis. This would require adding that logic > to man though. > > regards, > --ropers originally, we did have MLINKS for some shell builtins, and i think they pointed to ksh(1) (may have been csh(1) though, i can;t remember). anyway, the situation was unsatisfactory because not everyone uses ksh (or csh) and secondly have a look at how many builtins are listed in ksh. quite a few, and not all of them exist on other shells. a separate man page per builtin would be nuts. using MLINKS is unworkable. the only think i thought possible was a man page which said "this is a builtin, see your shell man page" and MLINK to it. but that's crazy too. just read your shell's man page. jmc
