pf outbound nat load balancing issue

[gm_sjo]

Hi all,

I have a very basic pf NAT setup for testing on my new firewall. The
firewall has two PPPoE connections which are using multipath default
routes to load balance. Load balancing works for non-NAT traffic, but
NAT traffic is only going out via one link, not both.

I am wondering what the behaviour is of interface groups? How are they
load-balanaced/selected?

I have looked into outgoing load-balancing in the pf faq, but i'm not
sure this applies when you're using multipath default routes?


I have configured both PPPoE interfaces as a group called 'wan'. My
NAT rule is on this interface group name :-

-bash-3.2# cat /etc/pf.conf
scrub out on wan max-mss 1440
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
nat on wan from vlan1010:network to any - $some_external_nat_ip
rdr pass on vlan1010 proto tcp from any to any port ftp - 127.0.0.1 port 8021
anchor ftp-proxy/*

-bash-3.2# ifconfig wan
pppoe1: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492
dev: fxp1 state: session
sid: 0x6 PADI retries: 0 PADR retries: 0 time: 12:49:11
sppp: phase network authproto chap authname xxx.1
groups: pppoe wan egress
inet6 fe80::2e0:18ff:feca:bf15%pppoe1 -  prefixlen 64 scopeid 0x15
inet 217.169.2.61 -- 81.187.81.72 netmask 0x
pppoe2: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492
dev: fxp2 state: session
sid: 0x6 PADI retries: 0 PADR retries: 0 time: 12:49:11
sppp: phase network authproto chap authname xxx.2
groups: pppoe wan egress
inet6 fe80::2e0:18ff:feca:bf15%pppoe2 -  prefixlen 64 scopeid 0x16
inet 90.155.88.39 -- 81.187.81.72 netmask 0x

(both links are with the same ISP, with same endpoint IP)

-bash-3.2# route show -inet
Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu  Interface
default0.0.0.1UGS 1   786060  -   pppoe1
default0.0.0.3UGS 0   190688  -   pppoe2

-bash-3.2# cat /etc/hostname.pppoe1
inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev fxp1 authproto chap
authname 'xxx.1' authkey 'xxx' group wan up
!route add default -mpath -ifp pppoe1 0.0.0.1
-bash-3.2# cat /etc/hostname.pppoe2
inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev fxp2 authproto chap
authname 'xxx.2' authkey 'xxx' group wan up
!route add default -mpath -ifp pppoe2 0.0.0.3

(second is 0.0.0.3 because endpoint IP is the same for both links,
this caused a problem when using 0.0.0.1 for both {eg, both routes
werent added} - working fine for non-nat traffic)



Thanks!

2 questions regarding carp and dhcp

[Sebastian Reitenbach]

Hello everybody,

two questions regarding carp and dhcp, one running the firewall as a dhcp 
client, and one running as server.

I want to provide dhcp from the firewall. Therefore I did setup the dhcp 
server on both hosts of the cluster. The firewall is configured as 
master/backup mode. The backup host has a advskew of 20 configured, and on 
both hosts, net.inet.carp.preempt=1. Both hosts run a snapshot version, from 
about the time, when OpenBSD 4.4 was branched.
The carp interface sits on top of a vlan interface.
When I start the dhcpd listening on the vlan interface, then the carp 
interface on top goes into Master mode, the others stay in backup mode.
First, I wonder, whether it is right that the carp on top of a, I guess 
because of using the bpf on the vlan interface below, goes to master state 
when the dhcpd starts listening on it. Second, I wonder, why due to 
net.inet.carp.preempt=1 one interface can be in BACKUP state, and the rest 
in MASTER state.

My second question, is retrieving the IP address of a carp interface via 
DHCP. right now I've multiple static aliases defined on the external carp 
interface of my firewall. My ISP wants to switch to DHCP with indefinite 
lease time. As far as I know, carp and dhcp do not work together?
Second, I've no idea, how these guys want to assign multiple IP addresses to 
the same MAC address via DHCP? Don't know whether there are some DHCP 
options to hand out multiple addresses to a DHCP request on the server side, 
but would the client be able to handle that?

I think I could setup ifstated, and when the carp interfaces on one box 
become master, I start the dhcpd on the one vlan interface, and maybe the 
dhclient on the external interface. Any idea whether that would work?

any suggestions appreciated

cheers
Sebastian

Re: reliable, dd over simple ip network

[Girish Venkatachalam]

On 21:28:56 Oct 15, Neko wrote:
 Good day to all of you,
 
 i have found a really dirty way of going around this, 
 so im fishing for advices on finding a reliable way
 to dd over simple ip network with the generic bsd.
 
 could this be done in a straight pipe ?
 
 i have an ftp on the generic bsd, containing data, this 
 bsd system is on a multiple os drive. i have no choice to
 dd, since multiple partition got updated out of hand, no way
 to single track specific updated folders. *well actually yes, its
 the dirty way stipulated above*
 
 since my partitions have 16% free on all systems, i cant tarball the
 drive sent it to target machine and uncompress,
 
 anyays, if you have suggestion on opensource pkgs, services i could open,
 or any bright idea i would like to hear them,
 

dd(1) is not a good idea. If you want to back up across the n/w, then
dump(8) with ssh(8) may be interesting.

# dump af - | ssh ...

will work out much faster and better than plain old dd(1).

On the other side you have to run 

# input | restore xf -

-Girish

Re: 4.4 arrived in New Zealand

[SJP Lists]

Got mine today.  Sydney Australia.

Thanks to all the devs and supportive user community! Another
brilliant set and release!

Re: RES: RES: Filtering outgoing connections in pf

[Charlie Clark]

But it can still be a router if it does not do natting, a router with 
only public IP's


Cezary Morga wrote:

Dnia Eroda, 15 paE:dziernika 2008, cgc napisaE:
  

And any box that is doing packet filtering between 2 or more
networks, eg. a private network and the internet, is a router as far
as I am aware



If it's natting or filtering packets it's a gateway.
--
Cezary Morga
If you live to be one hundred, you've got it made. Very few people die
past that age. (George Burns)


  



--

Charlie Clark
Network Engineer

Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
London
SW14 8TA
UK

Tel: +44 208 878 2138
Fax: +44 208 878 2163
Email: [EMAIL PROTECTED]
Site: http://www.lemon-computing.com/

Lemon Computing is a limited company registered in England  Wales under
Company No. 03697052

Re: Funny linker error: relocation truncated to fit

[Edd Barrett]

Hello,

On Wed, Oct 15, 2008 at 5:30 PM, Ted Unangst [EMAIL PROTECTED] wrote:
 On Wed, Oct 15, 2008 at 11:53 AM, Edd Barrett [EMAIL PROTECTED] wrote:
 Hi Guys,

 Does anyone know what this weird linker error means?

 xetexini.o(.text+0x4bc): In function `initialize':
 : relocation truncated to fit: R_SPARC_H44 zzzaa

 It causes my build to fail.

 You compiled with -fpic instead of -fPIC.  Big libraries need the
 super pic to generate correct code.


Thanks :)

-- 

Best Regards

Edd

http://students.dec.bournemouth.ac.uk/ebarrett

Re: what exactly is enc0?

[J.C. Roberts]

On Wednesday 15 October 2008, ropers wrote:
 I don't know if it is possible to use --surrounding physical space
 permitting-- 64bit cards in 32 bit slots (and have them run w/
 reduced performance). IIRC, something like that used to be possible
 back when it came to the transition from 8bit ISA to 16bit ISA slots;
 back then, some 16bit ISA cards could be used in 8bit slots at
 reduced speeds. Whether something like that is possible now with
 64bit PCI cards I don't know. Maybe someone else knows.

Of course it depends on the design of the specific card, but yes, at 
least *some* 64-bit cards can be used in 32-bit slots. I've seen early 
64-bit PCI SCSI controller cards that were built this way.

--
JCR

RES: RES: RES: Filtering outgoing connections in pf

[Ricardo Augusto de Souza]

Hi,



I wanna allow local users ( 10.10.0.0/24 ) to Access internet just using port 
80, 25 110 and 53 udp.

I wanna allow full access to 10.10.20.0/24 to the internet.  I mean, no 
restriction.





Easy like that.



I used openBSD 3.8 in the past and I was able to filter packets in $ext_if from 
my local network ( 10.10.0.0/24 ).



Tests:



1) 

Users_tcp_ports = { 25, 80, 110, 443 }

Users_udp_ports = { 53, 123 }

Normal_users = 10.10.0.0/24

Power_users = 10.10.20.0/24





nat on $ext_if from $normal_users to any port $users_tcp_ports  - ($ext_if) 
tagged NORMAL_USERS_NAT

nat on $ext_if from $power_users to any - ($ext_if) tagged POWER_USERS_NAT







#outgoing

Block out on $ext_if

Pass out quick on $ext_if from ($ext_if) to any 



#filtering on $int_if

Pass in quick on $int_if inet proto tcp from $normal_users to any port 
$users_tcp_ports

Pass In quick on $int_if inet proto tcp from $power_users to any



Should this solve my problem?

I still have no test enviroment. I have around 300 users already going to the 
internet and to other WAN sites trhough this openBSD.



Plz, post me your suggestios.



Thanks



-Mensagem original-

De: cgc [mailto:[EMAIL PROTECTED] 

Enviada em: quarta-feira, 15 de outubro de 2008 16:21

Para: Ricardo Augusto de Souza

Cc: misc@openbsd.org

Assunto: Re: RES: RES: Filtering outgoing connections in pf



What exactly are you trying to achieve? what pc's do you want to have

access to what ports? Are you just allowing every pc in the 10.10.0.0/16

network the same access or not? And access to what? Just web traffic?

pings? dns? ...  You will have to be abit more specific 

And any box that is doing packet filtering between 2 or more networks, eg.

a private network and the internet, is a router as far as I am aware



Regards,



Charlie



On Wed, 15 Oct 2008 16:06:16 -0300, Ricardo Augusto de Souza

[EMAIL PROTECTED] wrote:

 This sounds good.

 But my openBSD is working like a router.

 If I remove the rule pass in quick on $int_if I will have a lot of pcs

 that cannot access other subnets.

 Do u know what protocol I must allow to routes work?

 

 thank

 

 -Mensagem original-

 De: cgc [mailto:[EMAIL PROTECTED] 

 Enviada em: quarta-feira, 15 de outubro de 2008 15:49

 Para: Ricardo Augusto de Souza

 Cc: misc@openbsd.org

 Assunto: Re: RES: Filtering outgoing connections in pf

 

 let me give you an example, if you just want 10.10.0.0/16 to have port 80

 access then you need 3 rules:

 

 #the nat

 nat on $ext_if from 10.10.0.0/16 to any port 80 - ($ext_if)

 

 #allow through $int_if

 pass in quick on $int_if proto tcp from 10.10.0.0/16 to any port 80

 

 #and finally allow through $ext_if

 pass out quick on $ext_if proto tcp from ($ext_if) to any

 

 You can lock $ext_if down to just port 80 but the point is $int_if is

 where

 you do the filtering for 10.10.0.0/16

 

 Correct me if I am wrong.

 

 Regards,

 

 Charlie

 

 On Wed, 15 Oct 2008 14:44:43 -0300, Ricardo Augusto de Souza

 [EMAIL PROTECTED] wrote:

 Is is possible filter outgoing packets in $ext_if even doing NAT?

 I mean, after  nat on $ext_if from 10.10.0.0/16 to any - ($ext_if) all

 packets from 10.10.0.0/16 will be translated to $ext_if.

 I wish I could filter 10.10.0.0/16 packets in $ext_if.

 

 Is is possible?

 

 Thanks

 -Mensagem original-

 De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de

 Ricardo Augusto de Souza

 Enviada em: quarta-feira, 15 de outubro de 2008 13:01

 Para: misc@openbsd.org

 Assunto: Filtering outgoing connections in pf

 

 Hi,

 

 

 

 I AM confused with some PF rules.

 

 I am trying to allow just some ports to my local users.

 

 I am using block out  on $ext_if but I think I would be able to choose

 ports my lan users will access with rule

 

 Pass out on $ext_if proto tcp from 10.10.0.0/16 to any port { 80, 25,

 110 } keep state .

 

 

 

 It seems to be ok, but I had to add this rule: Pass out on $ext_if 

 from

 $ext_if  to any ( without this rule my box cannot connect to the

 internet ).  With this rule, All users can connect to any out port.

 

 

 

 Question: What is the right way to have my box at the internet and  my

 users  can only access that selected ports?

 

 

 

 

 

 Thanks

 

 

 

 

 

 

 

 My pf.conf:

 

 

 

 set loginterface xl1

 

 set skip on lo0

 

 scrub in

 

 

 

 set require-order yes

 

 set state-policy if-bound

 

 

 

 altq on xl1 priq bandwidth 50Kb queue { q_pri, q_def }

 

 queue q_pri priority 7

 

 queue q_def priority 1 priq(default)

 

 

 

 

 

 # interface externa WAN

 

 ext_if=xl1

 

 # interface interna LAN

 

 int_if=xl0

 

 # interface MPLS

 

 mpls_if =bge0

 

 #interfaces VPn tuneis

 

 vpn_if ={ tun0, tun1, tun2, tun3, tun4 }

 

 vpn_net ={ 10.10.9.0/26 }

 

 #Default GW

 

 gw=200.162.41.33

 

 

 

 table badsites persist file /etc/badsites.txt

 

 winupdate = { 65.54.87.0/24 } 

 

 

 

 

 

Re: RES: RES: RES: Filtering outgoing connections in pf

[Charlie Clark]

That looks like it should work fine apart from the capital letters in 
your macro's


Regards,

Charlie

Ricardo Augusto de Souza wrote:

Hi,



I wanna allow local users ( 10.10.0.0/24 ) to Access internet just using port 
80, 25 110 and 53 udp.

I wanna allow full access to 10.10.20.0/24 to the internet.  I mean, no 
restriction.





Easy like that.



I used openBSD 3.8 in the past and I was able to filter packets in $ext_if from 
my local network ( 10.10.0.0/24 ).



Tests:



1) 


Users_tcp_ports = { 25, 80, 110, 443 }

Users_udp_ports = { 53, 123 }

Normal_users = 10.10.0.0/24

Power_users = 10.10.20.0/24





nat on $ext_if from $normal_users to any port $users_tcp_ports  - ($ext_if) 
tagged NORMAL_USERS_NAT

nat on $ext_if from $power_users to any - ($ext_if) tagged POWER_USERS_NAT







#outgoing

Block out on $ext_if

Pass out quick on $ext_if from ($ext_if) to any 




#filtering on $int_if

Pass in quick on $int_if inet proto tcp from $normal_users to any port 
$users_tcp_ports

Pass In quick on $int_if inet proto tcp from $power_users to any



Should this solve my problem?

I still have no test enviroment. I have around 300 users already going to the 
internet and to other WAN sites trhough this openBSD.



Plz, post me your suggestios.



Thanks



-Mensagem original-

De: cgc [mailto:[EMAIL PROTECTED] 


Enviada em: quarta-feira, 15 de outubro de 2008 16:21

Para: Ricardo Augusto de Souza

Cc: misc@openbsd.org

Assunto: Re: RES: RES: Filtering outgoing connections in pf



What exactly are you trying to achieve? what pc's do you want to have

access to what ports? Are you just allowing every pc in the 10.10.0.0/16

network the same access or not? And access to what? Just web traffic?

pings? dns? ...  You will have to be abit more specific 


And any box that is doing packet filtering between 2 or more networks, eg.

a private network and the internet, is a router as far as I am aware



Regards,



Charlie



On Wed, 15 Oct 2008 16:06:16 -0300, Ricardo Augusto de Souza

[EMAIL PROTECTED] wrote:

  

This sounds good.



  

But my openBSD is working like a router.



  

If I remove the rule pass in quick on $int_if I will have a lot of pcs



  

that cannot access other subnets.



  

Do u know what protocol I must allow to routes work?



  

  

thank



  

  

-Mensagem original-



  
De: cgc [mailto:[EMAIL PROTECTED] 



  

Enviada em: quarta-feira, 15 de outubro de 2008 15:49



  

Para: Ricardo Augusto de Souza



  

Cc: misc@openbsd.org



  

Assunto: Re: RES: Filtering outgoing connections in pf



  

  

let me give you an example, if you just want 10.10.0.0/16 to have port 80



  

access then you need 3 rules:



  

  

#the nat



  

nat on $ext_if from 10.10.0.0/16 to any port 80 - ($ext_if)



  

  

#allow through $int_if



  

pass in quick on $int_if proto tcp from 10.10.0.0/16 to any port 80



  

  

#and finally allow through $ext_if



  

pass out quick on $ext_if proto tcp from ($ext_if) to any



  

  

You can lock $ext_if down to just port 80 but the point is $int_if is



  

where



  

you do the filtering for 10.10.0.0/16



  

  

Correct me if I am wrong.



  

  

Regards,



  

  

Charlie



  

  

On Wed, 15 Oct 2008 14:44:43 -0300, Ricardo Augusto de Souza



  

[EMAIL PROTECTED] wrote:



  

Is is possible filter outgoing packets in $ext_if even doing NAT?
  


  

I mean, after  nat on $ext_if from 10.10.0.0/16 to any - ($ext_if) all
  


  

packets from 10.10.0.0/16 will be translated to $ext_if.
  


  

I wish I could filter 10.10.0.0/16 packets in $ext_if.
  


  

  

Is is possible?
  


  

  

Thanks
  


  

-Mensagem original-
  


  

De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de
  


  

Ricardo Augusto de Souza
  


  

Enviada em: quarta-feira, 15 de outubro de 2008 13:01
  


  

Para: misc@openbsd.org
  


  

Assunto: Filtering outgoing connections in pf
  


  

  

Hi,
  


  

  

  

  

I AM confused with some PF rules.
  


  

  

I am trying to allow just some ports to my local users.
  


  

  

I am using block out  on $ext_if but I think I would be able to choose
  


  

ports my lan users will access with rule
  


  

  

Pass out on $ext_if proto tcp from 10.10.0.0/16 to any port { 80, 25,
  


  

110 } keep state .
  


  

  

  

  
It seems to be ok, but I had to add this rule: Pass out on $ext_if 
  


  

from



  

$ext_if  to any ( without this rule my box cannot connect to the
  


  

internet ).  With this rule, All users can connect to any out port.
  


  

  

  

  

Question: What is the right way to have my box at the internet and  my
  


  

users  can only access that selected ports?
  


  

  

  

  

  

  

Re: dmesg IBM x3650 OpenBSD 4.3

[J.C. Roberts]

On Monday 13 October 2008, Artur Grabowski wrote:
 gm_sjo [EMAIL PROTECTED] writes:
  2008/10/10 Theo de Raadt [EMAIL PROTECTED]:
  Wow.  Good luck.  Can't you see we've been down that road before
  with those bastards?  But really.  Good luck.  You really are too
  optimistic, but sure, learn the reality for yourself.
 
  I'm sure calling vendors 'bastards' on a public mailing list is
  really going to help the cause.

 Works better than anything else.

 //art

Yep. If you need an example, search the archives for HiFn and the
following story will unfold...

HiFn makes crypto accelerators. Some folks working on OpenBSD wanted to
support these chips, but the could not get documentation from the
company. The company said they'd release documentation a few times to a
few different people, but nothing happened. Theo called them liars
(or similarly direct names) and there were a few big threads about
about the missing HiFn docs here on misc, twice they were slashdotted.

Since HiFn is basically in my back yard, I walked into their office one
day, talked to a few people, and set up a meeting with their CEO and
CTO. Both of them were good guys, and willing to help. The said they
would get the problem of the missing docs cleared up. I stayed in
contact with them for a few months but nothing happened, and the docs
were *STILL* missing...

Eight months (or more) later, my phone rings, and on the other end of
the line was the VP of Sales and Marketing from HiFn. You see, it was
the Sales and Marketing department of HiFn that had forbid the release
of needed documentation. Since sales and marketing are the bread and
butter of every company, they obviously have a ton of power to make
sure things done their way. The reason why they internally stopped all
efforts to release documentation is because they used the gathered
registration info for sales leads and marketing input.

So why the heck did the VP call me? --The answer is *VERY* *SIMPLE*

Theo and plenty of others around here created yet another long and
brutally direct thread about the missing HiFn documentation. The thread
once again made it onto slashdot and elsewhere, and someone informed
the HiFn Sales/Marketing folks about the on-going Public Relations
disaster for the company created by all the good from OpenBSD land.

The VP asked me to inform the OpenBSD camp that a FTP server with all
needed docs would be opened in a matter of hours, and this time they
actually kept their promise and release their docs.

Me being nice, taking the time to physically meet with the top guys at
HiFn and very politely discuss the missing documentation changed
absolutely nothing. The thing that *REALLY* caused the release of the
docs was Theo and others around here being brutally direct, extremely
honest, and not pulling any punches.

The less than funny part is, Theo told me at the start that I would be
wasting my time trying to meet and talk with them. Being overly
optimistic, I gave it a try anyhow, only to prove Theo was right all
along.

Theo: 1
JCR:  0

Being nice just means it's easier for them to ignore you.

If you want docs, be loud, be honest, be direct, be persistent, become a
huge Public Relations nightmare, and never pull any punches.

--
JCR

Shutdown with the power button

[Mikel Lindsaar]

Hi list,

Wondering if anyone knows how (or if it is possible) to be able to
gracefully power down an OpenBSD box by hitting the power button on
the server.

Useful when you need someone to power down a system (like in a power
failure situation) but there is no console attached.

FreeBSD and linux provide what I am talking about, hit the power
button and it looks like the equiv of a halt -p - But I don't want to
use linux or FreeBSD on these firewall boxes.

Not something I would use very often, but two nights ago really needed
it.  The OpenBSD box ended up having a hard power switch off instead
of a clean shutdown.

The server in question is a HP DL 360.

Thanks,

Mikel

Re: Shutdown with the power button

[Mikel Lindsaar]

On Thu, Oct 16, 2008 at 11:22 PM, Gregory Edigarov
[EMAIL PROTECTED] wrote:
 Mikel Lindsaar wrote:
 Wondering if anyone knows how (or if it is possible) to be able to
 gracefully power down an OpenBSD box by hitting the power button on
 the server.
 Mine does clean  shutdown on power button just from the box

Hmm... here is the dmesg then any ideas?



OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.07 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem  = 2147028992 (2047MB)
avail mem = 2068054016 (1972MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @
0xf, SMBIOS rev. 2.3 @ 0xec000 (42 entries)
bios0: vendor HP version P31 date 03/03/2005
bios0: HP ProLiant DL360 G3
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SPCR
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PCI1)
acpiprt2 at acpi0: bus 4 (PCI2)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature 31 degC
bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xee000/0x2000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 ServerWorks CNB20-HE Host (GC-LE) rev 0x31
pchb1 at pci0 dev 0 function 1 ServerWorks CNB20-HE Host (GC-LE) rev 0x00
pchb2 at pci0 dev 0 function 2 ServerWorks CNB20-HE Host (GC-LE) rev 0x00
pci1 at pchb2 bus 1
em0 at pci1 dev 1 function 0 Intel PRO/1000MT (82546EB) rev 0x01:
irq 15, address 00:04:23:c8:03:f6
em1 at pci1 dev 1 function 1 Intel PRO/1000MT (82546EB) rev 0x01:
irq 11, address 00:04:23:c8:03:f7
bge0 at pci1 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2
(0x1002): irq 11, address 00:0b:cd:83:67:89
brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
vga1 at pci0 dev 3 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ciss0 at pci0 dev 4 function 0 Compaq Smart Array 5i/532 rev.2 rev 0x01: irq 3
ciss0: 1 LD, HW rev 1, FW 2.76/2.76
scsibus0 at ciss0: 1 targets
sd0 at scsibus0 targ 0 lun 0: COMPAQ, LOGICAL VOLUME, 2.76 SCSI2
0/direct fixed
sd0: 34727MB, 4427 cyl, 255 head, 63 sec, 512 bytes/sec, 71122560 sec total
Compaq iLO rev 0x01 at pci0 dev 5 function 0 not configured
Compaq iLO rev 0x01 at pci0 dev 5 function 2 not configured
piixpm0 at pci0 dev 15 function 0 ServerWorks CSB5 rev 0x93: polling
iic0 at piixpm0
spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM registered ECC PC2300CL2.5
spdmem1 at iic0 addr 0x52: 512MB DDR SDRAM registered ECC PC2100CL2.5
spdmem2 at iic0 addr 0x54: 512MB DDR SDRAM registered ECC PC2100CL2.5
spdmem3 at iic0 addr 0x56: 512MB DDR SDRAM registered ECC PC2100CL2.5
pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x93: DMA
atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: COMPAQ, CRN-8245B, 2.19 SCSI0 5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: no compatibility interrupt for use by channel 1
ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x05:
irq 10, version 1.0, legacy support
pchb3 at pci0 dev 15 function 3 ServerWorks CSB5 LPC rev 0x00
pchb4 at pci0 dev 17 function 0 ServerWorks CIOB-X2 PCIX rev 0x05
pchb5 at pci0 dev 17 function 2 ServerWorks CIOB-X2 PCIX rev 0x05
pci2 at pchb5 bus 4
bge1 at pci2 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2
(0x1002): irq 15, address 00:0b:cd:83:67:ab
brgphy1 at bge1 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 65ed netmask eded ttymask ffef
mtrr: Pentium Pro MTRR support
softraid0 at root
root on sd0a swap on sd0b dump on sd0b

Re: Shutdown with the power button

[Marco Peereboom]

It probably needs to be enabled in the bios.

On Thu, Oct 16, 2008 at 11:30:02PM +1100, Mikel Lindsaar wrote:
 On Thu, Oct 16, 2008 at 11:22 PM, Gregory Edigarov
 [EMAIL PROTECTED] wrote:
  Mikel Lindsaar wrote:
  Wondering if anyone knows how (or if it is possible) to be able to
  gracefully power down an OpenBSD box by hitting the power button on
  the server.
  Mine does clean  shutdown on power button just from the box
 
 Hmm... here is the dmesg then any ideas?
 
 
 
 OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.07 GHz
 cpu0: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
 real mem  = 2147028992 (2047MB)
 avail mem = 2068054016 (1972MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @
 0xf, SMBIOS rev. 2.3 @ 0xec000 (42 entries)
 bios0: vendor HP version P31 date 03/03/2005
 bios0: HP ProLiant DL360 G3
 acpi0 at bios0: rev 0
 acpi0: tables DSDT FACP APIC SPCR
 acpi0: wakeup devices
 acpitimer0 at acpi0: 3579545 Hz, 32 bits
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 1 (PCI1)
 acpiprt2 at acpi0: bus 4 (PCI2)
 acpicpu0 at acpi0
 acpitz0 at acpi0: critical temperature 31 degC
 bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xee000/0x2000!
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 pchb0 at pci0 dev 0 function 0 ServerWorks CNB20-HE Host (GC-LE) rev 0x31
 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20-HE Host (GC-LE) rev 0x00
 pchb2 at pci0 dev 0 function 2 ServerWorks CNB20-HE Host (GC-LE) rev 0x00
 pci1 at pchb2 bus 1
 em0 at pci1 dev 1 function 0 Intel PRO/1000MT (82546EB) rev 0x01:
 irq 15, address 00:04:23:c8:03:f6
 em1 at pci1 dev 1 function 1 Intel PRO/1000MT (82546EB) rev 0x01:
 irq 11, address 00:04:23:c8:03:f7
 bge0 at pci1 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2
 (0x1002): irq 11, address 00:0b:cd:83:67:89
 brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
 vga1 at pci0 dev 3 function 0 ATI Rage XL rev 0x27
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 ciss0 at pci0 dev 4 function 0 Compaq Smart Array 5i/532 rev.2 rev 0x01: 
 irq 3
 ciss0: 1 LD, HW rev 1, FW 2.76/2.76
 scsibus0 at ciss0: 1 targets
 sd0 at scsibus0 targ 0 lun 0: COMPAQ, LOGICAL VOLUME, 2.76 SCSI2
 0/direct fixed
 sd0: 34727MB, 4427 cyl, 255 head, 63 sec, 512 bytes/sec, 71122560 sec total
 Compaq iLO rev 0x01 at pci0 dev 5 function 0 not configured
 Compaq iLO rev 0x01 at pci0 dev 5 function 2 not configured
 piixpm0 at pci0 dev 15 function 0 ServerWorks CSB5 rev 0x93: polling
 iic0 at piixpm0
 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM registered ECC PC2300CL2.5
 spdmem1 at iic0 addr 0x52: 512MB DDR SDRAM registered ECC PC2100CL2.5
 spdmem2 at iic0 addr 0x54: 512MB DDR SDRAM registered ECC PC2100CL2.5
 spdmem3 at iic0 addr 0x56: 512MB DDR SDRAM registered ECC PC2100CL2.5
 pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x93: DMA
 atapiscsi0 at pciide0 channel 0 drive 0
 scsibus1 at atapiscsi0: 2 targets
 cd0 at scsibus1 targ 0 lun 0: COMPAQ, CRN-8245B, 2.19 SCSI0 5/cdrom 
 removable
 cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
 pciide0: no compatibility interrupt for use by channel 1
 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x05:
 irq 10, version 1.0, legacy support
 pchb3 at pci0 dev 15 function 3 ServerWorks CSB5 LPC rev 0x00
 pchb4 at pci0 dev 17 function 0 ServerWorks CIOB-X2 PCIX rev 0x05
 pchb5 at pci0 dev 17 function 2 ServerWorks CIOB-X2 PCIX rev 0x05
 pci2 at pchb5 bus 4
 bge1 at pci2 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2
 (0x1002): irq 15, address 00:0b:cd:83:67:ab
 brgphy1 at bge1 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
 usb0 at ohci0: USB revision 1.0
 uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1
 isa0 at mainbus0
 isadma0 at isa0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 pmsi0 at pckbc0 (aux slot)
 pckbc0: using irq 12 for aux slot
 wsmouse0 at pmsi0 mux 0
 pcppi0 at isa0 port 0x61
 midi0 at pcppi0: PC speaker
 spkr0 at pcppi0
 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
 biomask 65ed netmask eded ttymask ffef
 mtrr: Pentium Pro MTRR support
 softraid0 at root
 root on sd0a swap on sd0b dump on sd0b

ral(4) stops generating traffic

[bbee]

Hi,

I 'm running OpenBSD 4.4-current (RALDBG) #0: Fri Oct 10 16:56:50 CEST 
2008, which is GENERIC with RAL_DEBUG, but I've seen this problem with 
previous kernels and without RAL_DEBUG, too.


# dmesg | grep ral
ral0 at pci0 dev 14 function 0 Ralink RT2860 rev 0x00: irq 10EEPROM 
rev=1, FAE=1

ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R)

This is a pci Edimax EW-7728IN, which I believe is the same card that was 
donated to damien@ (?) and that led to 28xx support.


After an unfixed amount of time, from a few minutes up to a few days, the 
interface simply stops respoding to probe requests:


# tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO not subtype beacon
14:17:40.761912 CLI1-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
16): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -19dBm, 
antenna 2, signal 17dB
14:17:40.963338 CLI1-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
32): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -17dBm, 
antenna 2, signal 15dB
14:21:03.860025 CLI2-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
1120): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig 
-27dBm, antenna 1, signal 25dB
14:21:04.306901 CLI2-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
1520): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig 
-23dBm, antenna 1, signal 21dB


Whereas normally you'd see the probe req, probe resp, auth req, auth resp, 
assoc req, assoc resp, wpa dance.


# tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO | grep beacon | grep 
AP-MAC
Shows that it stops sending beacon frames. It's still picking up the 
beacons from the 5 other wlans it can see, so rx seems to work fine.


# ifconfig ral0 down  ifconfig ral0 up
Fixes everything, until it happens again after a seemingly random interval. 
The kernel doesn't log anything unusual even with RAL_DEBUG.


I suppose I should sendbug, but I think lots of people have these cards so 
I'd like to know if anyone else is seeing this. Any ideas?


Thanks and please cc,

bbee

Re: KDE Question, Blank 'Kicker' at the bottom of the screen, missing menus

[J.C. Roberts]

On Wednesday 15 October 2008, [EMAIL PROTECTED] wrote:
 I installed all of the relevant KDE packages and set it to start at
 boot time with KDM and it worked fine initially, for a couple days.
 Without my changing anything in particular, the equivalent of the
 windows taskbar at the bottom of the screen became blank. The usual
 launch menu and boxes symbolizing minimized programs are gone but the
 bar is still there, it's just solid grey. This is true both when I
 login as root and as myself.

First of all, please wrap text at 72 char for mailing list posts as 
described in:  http://www.openbsd.org/mail.html

As for your problem, you've obviously changed something important, such 
as a default configuration of KDE. The only other realistic possibility 
is your hard drive is failing and said default configuration files 
cannot be read.

The third, and least likely, option is you've made the same exact 
configuration mistake on both user accounts.

You should try disabling KDM, creating a new user, logging in as new 
user into the default ksh shell, and then launching kde manually with 
`startkde`

If the problem persists, then you've somehow hosed the main kde kicker 
configuration file, or it cannot be read properly from disk.
/usr/local/share/config.kcfg/kickerSettings.kcfg

Possibly, you've set kicker (the above file) to be Locked ?

entry name=Locked type=Bool 
  labelWhen this option is enabled, the panels may not be moved 
and items cannot be removed or added/label
  defaultfalse/default
   /entry

A possible solution to fix errant changes would be to 
1.) uninstall KDE packages
2.) check to make sure the packages uninstalled cleanly (i.e. all 
installed package files were deleted properly).
3.) Remove any KDE user configuration (~/.kde)
4.) reinstall KDE packages.

NOTE: if you're using kmail, deleting your ~/.kde directory will wipe 
out all your mail.

Good Luck,
JCR

Re: Shutdown with the power button

[Guillermo Bernaldo de Quiros Maraver Pedroche]

see /etc/rc.shutdown and set: 

powerdown=YES   # set to YES for powerdown

Good Luck.
On Thu, Oct 16, 2008 at 11:30:02PM +1100, Mikel Lindsaar wrote:
 On Thu, Oct 16, 2008 at 11:22 PM, Gregory Edigarov
 [EMAIL PROTECTED] wrote:
  Mikel Lindsaar wrote:
  Wondering if anyone knows how (or if it is possible) to be able to
  gracefully power down an OpenBSD box by hitting the power button on
  the server.
  Mine does clean  shutdown on power button just from the box
 
 Hmm... here is the dmesg then any ideas?
 
 
 
 OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.07 GHz
 cpu0: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
 real mem  = 2147028992 (2047MB)
 avail mem = 2068054016 (1972MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @
 0xf, SMBIOS rev. 2.3 @ 0xec000 (42 entries)
 bios0: vendor HP version P31 date 03/03/2005
 bios0: HP ProLiant DL360 G3
 acpi0 at bios0: rev 0
 acpi0: tables DSDT FACP APIC SPCR
 acpi0: wakeup devices
 acpitimer0 at acpi0: 3579545 Hz, 32 bits
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 1 (PCI1)
 acpiprt2 at acpi0: bus 4 (PCI2)
 acpicpu0 at acpi0
 acpitz0 at acpi0: critical temperature 31 degC
 bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xee000/0x2000!
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 pchb0 at pci0 dev 0 function 0 ServerWorks CNB20-HE Host (GC-LE) rev 0x31
 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20-HE Host (GC-LE) rev 0x00
 pchb2 at pci0 dev 0 function 2 ServerWorks CNB20-HE Host (GC-LE) rev 0x00
 pci1 at pchb2 bus 1
 em0 at pci1 dev 1 function 0 Intel PRO/1000MT (82546EB) rev 0x01:
 irq 15, address 00:04:23:c8:03:f6
 em1 at pci1 dev 1 function 1 Intel PRO/1000MT (82546EB) rev 0x01:
 irq 11, address 00:04:23:c8:03:f7
 bge0 at pci1 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2
 (0x1002): irq 11, address 00:0b:cd:83:67:89
 brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
 vga1 at pci0 dev 3 function 0 ATI Rage XL rev 0x27
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 ciss0 at pci0 dev 4 function 0 Compaq Smart Array 5i/532 rev.2 rev 0x01: 
 irq 3
 ciss0: 1 LD, HW rev 1, FW 2.76/2.76
 scsibus0 at ciss0: 1 targets
 sd0 at scsibus0 targ 0 lun 0: COMPAQ, LOGICAL VOLUME, 2.76 SCSI2
 0/direct fixed
 sd0: 34727MB, 4427 cyl, 255 head, 63 sec, 512 bytes/sec, 71122560 sec total
 Compaq iLO rev 0x01 at pci0 dev 5 function 0 not configured
 Compaq iLO rev 0x01 at pci0 dev 5 function 2 not configured
 piixpm0 at pci0 dev 15 function 0 ServerWorks CSB5 rev 0x93: polling
 iic0 at piixpm0
 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM registered ECC PC2300CL2.5
 spdmem1 at iic0 addr 0x52: 512MB DDR SDRAM registered ECC PC2100CL2.5
 spdmem2 at iic0 addr 0x54: 512MB DDR SDRAM registered ECC PC2100CL2.5
 spdmem3 at iic0 addr 0x56: 512MB DDR SDRAM registered ECC PC2100CL2.5
 pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x93: DMA
 atapiscsi0 at pciide0 channel 0 drive 0
 scsibus1 at atapiscsi0: 2 targets
 cd0 at scsibus1 targ 0 lun 0: COMPAQ, CRN-8245B, 2.19 SCSI0 5/cdrom 
 removable
 cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
 pciide0: no compatibility interrupt for use by channel 1
 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x05:
 irq 10, version 1.0, legacy support
 pchb3 at pci0 dev 15 function 3 ServerWorks CSB5 LPC rev 0x00
 pchb4 at pci0 dev 17 function 0 ServerWorks CIOB-X2 PCIX rev 0x05
 pchb5 at pci0 dev 17 function 2 ServerWorks CIOB-X2 PCIX rev 0x05
 pci2 at pchb5 bus 4
 bge1 at pci2 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2
 (0x1002): irq 15, address 00:0b:cd:83:67:ab
 brgphy1 at bge1 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
 usb0 at ohci0: USB revision 1.0
 uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1
 isa0 at mainbus0
 isadma0 at isa0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 pmsi0 at pckbc0 (aux slot)
 pckbc0: using irq 12 for aux slot
 wsmouse0 at pmsi0 mux 0
 pcppi0 at isa0 port 0x61
 midi0 at pcppi0: PC speaker
 spkr0 at pcppi0
 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
 biomask 65ed netmask eded ttymask ffef
 mtrr: Pentium Pro MTRR support
 softraid0 at root
 root on sd0a swap on sd0b dump on sd0b
 

-- 
Guillermo Bernaldo de Quirss Maraver Pedroche.

Re: BSD Port from OpenJDK

[J.C. Roberts]

On Tuesday 14 October 2008, Kurt Miller wrote:
 Quite frankly I'm pretty upset at all the 'Java sucks' banter on
 misc. If you and the other naysayers don't realize that porting
 Java to OpenBSD was a 'Good-Thing' then you are just UNINFORMED!

http://en.wikipedia.org/wiki/Illegitimi_non_carborundum

:-)

Thanks for all your hard work!

--
JCR

Re: Shutdown with the power button

[peter]

hi,

On Thu, Oct 16, 2008 at 11:30:02PM +1100, Mikel Lindsaar wrote:
 
 Hmm... here is the dmesg then any ideas?

looks like you're missing an acpibtn (man acpibtn).

-- 
CUL8R, Peter.

Re: what exactly is enc0?

[Henning Brauer]

* ropers [EMAIL PROTECTED] [2008-10-15 22:44]:
 (Personally, I've never even ever run across anything else but 5V PCI
 cards and slots. Probably because I've never owned a Soekris.)

I'm pretty sure that your average pile of pci cards has way more 3.3v
capable cards than 5v-only ones. ay more.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: VESA 1280x800

[Matthieu Herrb]

On Thu, Oct 16, 2008 at 2:30 AM, Jairo Souto [EMAIL PROTECTED] wrote:
 Would you, please, tell me how to add the card PCI id in the nv driver?

Add:

   { 0x10DE0533, GeForce 7000M },

in xenocara/driver/xf86-video-nv/src/nv_driver.c, after line 391.
(Sorry I can't generate a patch right now.

Then cd xenocara/driver/xf86-video-nv and run  make -f Makefile.bsd-wrapper.
-- 
Matthieu Herrb

Re: reliable, dd over simple ip network

[Douglas A. Tutty]

On Wed, Oct 15, 2008 at 09:28:56PM -0700, Neko wrote:
 
 since my partitions have 16% free on all systems, i cant tarball the
 drive sent it to target machine and uncompress,
 
Tarball it up, pipe the output somewhere, eg via ssh

(disclaimer: untested; concept only)

[tar commands, to stdout] | ssh [EMAIL PROTECTED] cat - [tar commands to
untar the ball] or  tarball.tgz

Or use rsync?

Doug.

Re: Timeout on network interface

[Daniel Bareiro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2008-10-13, Stuart Henderson [EMAIL PROTECTED] wrote:

 There are not issues with re(4) which are being worked on which
 pertain to this issue. The problem mentioned by the original poster
 is an issue with the (emulated) RTL8139 driver provided by QEMU
 which KVM is derived from. The driver does not fully emulate the hw
 by default unless compiled with a particular define, in this case it
 is the timer interrupt. This needs to be fixed upstream with QEMU
 and then also bug the KVM developers to copy the change over to
 their source tree.

 I was looking for the bug report in Qemu but I could not find it. You
 have some link to be able to have a reference and track its state?

 No, but there's a nice post about it here.
 http://forums.citrix.com/thread.jspa?messageID=1343896tstart=0

 OpenBSD and FreeBSD both have this defined in their respective ports
 trees.

 http://www.openbsd.org/cgi-bin/cvsweb/ports/emulators/qemu/patches/patch-hw_rtl8139_c?rev=1.4
 http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu/files/rtl8139-re-patch?rev=1.1

 It's peculiar that testing both Linux distributions and Windows XP, I
 did not have this problem using the same network card.

 Not really. Not all drivers for the same hardware work the same way.

Thanks for the reply and the links, Stuart. I found temporarily a
workaround using model=ne2k_pci with kvm.

Regards,
Daniel
iEYEARECAAYFAkj3ChIACgkQZpa/GxTmHTd84ACeLnASR8uKIGzlDoxq/0OBx7W9
kb4AnA2SB4wtuaHcqDv9uUscL+aiJ9A2
=+n1O
-END PGP SIGNATURE-

Re: what exactly is enc0?

[Guido Tschakert]

J.C. Roberts schrieb:
 On Wednesday 15 October 2008, ropers wrote:
 I don't know if it is possible to use --surrounding physical space
 permitting-- 64bit cards in 32 bit slots (and have them run w/
 reduced performance). IIRC, something like that used to be possible
 back when it came to the transition from 8bit ISA to 16bit ISA slots;
 back then, some 16bit ISA cards could be used in 8bit slots at
 reduced speeds. Whether something like that is possible now with
 64bit PCI cards I don't know. Maybe someone else knows.
 
 Of course it depends on the design of the specific card, but yes, at 
 least *some* 64-bit cards can be used in 32-bit slots. I've seen early 
 64-bit PCI SCSI controller cards that were built this way.
 
 --
 JCR
 
 
Not that I would recommend them anymore,
but the D-Link DGE-550T/SX (64bit/66MHz) worked in an Asus P4P800-VM
(PCI 32bit) for me (with OpenBSD of course).
I think it depends on the card __and__ the mainboard if it works or not.

guido

Re: Shutdown with the power button

[Girish Venkatachalam]

On 15:41:27 Oct 16, Guillermo Bernaldo de Quiros Maraver Pedroche wrote:
 see /etc/rc.shutdown and set: 
 
 powerdown=YES   # set to YES for powerdown
 

Try this. It might work.

My /etc/sysctl.conf has  the line

machdep.kbdreset=1  # permit console CTRL-ALT-DEL to do a 
nice halt

I find that this along with the above option set in /etc/rc.shutdown is
a nice way to shutdown the machine by pressing the magic buttons...

-Girish

weird dmesg

[Ricardo Augusto de Souza]

I was preparing some information about my system to post my questions
here and I saw that weird output in dmesg.

Take a look.

How can I avoid/fix this?



# dmesg   info.txt

# vi info.txt

[4] + Suspendedvi info.txt

#





# cat info.txt

 speaker

lpt0 at isa0 port 0x378/4 irq 7

npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16

pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo

pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo

fdc0 at isa0 port 0x3f0/6 irq 6 drq 2

fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec

biomask ff65 netmask ff65 ttymask ffe7

mtrr: Pentium Pro MTRR support

Kernelized RAIDframe activated

Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not
configured

ahd0: target 0 synchronous with period = 0x8, offset =
0x7f(RDSTRM|DT|IU|RTI|QAS)

ahd0: target 6 synchronous with period = 0x8, offset =
0x7f(RDSTRM|DT|IU|RTI|QAS)

cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0

SENSE KEY: Not Ready

 ASC/ASCQ: Medium Not Present

softraid0 at root

root on sd0a swap on sd0b dump on sd0b

arp: attempt to add entry for 10.10.100.253 on xl0 by 00:0a:5e:63:7e:2e
on bge0

arp: attempt to add entry for 10.10.0.94 on xl0 by 00:15:58:d8:80:1d on
bge0

arp: attempt to add entry for 10.10.0.39 on xl0 by 00:0e:a6:be:d9:9a on
bge0

arp: attempt to add entry for 10.10.0.86 on xl0 by 00:15:58:d8:7e:f3 on
bge0

Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not
configured

arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1e on bge0

arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1d on bge0

arp: attempt to add entry for 10.10.0.82 on xl0 by 00:15:f2:5d:e7:74 on
bge0

arp: attempt to add entry for 10.10.0.108 on xl0 by 00:18:71:8c:29:83 on
bge0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0f:ea:d2:07:52 on xl0

arp: attempt to overwrite entry for 10.10.0.9 on xl0 by
00:0d:88:53:31:1e on bge0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not
configured

Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 2 not
configured

Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not
configured

arp: attempt to add entry for 10.10.0.80 on xl0 by 00:1a:6b:59:42:cc on
bge0

arp: attempt to add entry for 10.10.0.61 on xl0 by 00:1c:25:c0:74:e6 on
bge0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0f:ea:d2:07:52 on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp: attempt to add entry for 10.10.0.112 on xl0 by 00:1a:6b:59:05:25 on
bge0

arp info overwritten for 10.10.0.69 by 00:04:75:b1:71:ea on xl0

arp info overwritten for 10.10.0.69 by 00:1a:6b:59:09:9c on xl0

arp info overwritten for 10.10.0.69 by 00:04:75:b1:71:ea on xl0

arp info overwritten for 10.10.0.69 by 00:1a:6b:59:09:9c on xl0

ichiic0: exec: op 1, addr 0x2e, cmdlen 1, len 1, flags 0x00: timeout,
status 0x0

ichiic0: abort failed, status 0x40INUSE

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp: attempt to add entry for 10.10.0.89 on xl0 by 00:1a:6b:59:44:59 on
bge0

arp: attempt to add entry for 10.10.0.40 on xl0 by 00:14:22:b4:29:0f on
bge0

arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1d on bge0

ichiic0: exec: op 1, addr 0x2d, cmdlen 1, len 1, flags 0x00: timeout,
status 0x0

ichiic0: abort failed, status 0x40INUSE

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0

arp: attempt to add 

package ports tools, ftp and pf

[Kendall Shaw]

I get no reply when I try to subscribe to the pf mailing list, so I'll
ask here. I'm running OpenBSD 4.3 stable on amd64. I use what is in the
pf faq to allow ftp from my internal lan via nat, which works, but I
can't ftp from the computer that is running pf unless I use ftp -AaE as
I read about in a post on this list I think. And, I am unable to
retrieve or query package or install ports.

If I simply use ftp without arguments, I can login but I can't list
directories. It hangs after printing 200 EPRT command successful.

I tried setting FETCH_CMD to '/usr/bin/ftp -AaE' but I still can not use
pkg_add, and I can't use pkg_info. If I try to build a port, it can't
retrieve the files. I would prefer to fix my pf rules. What do I need to
do to allow ftp, package tools and ports to work from the machine
running pf?

Also, my filtering rules start with block log all, which I hoped would
log anything that is blocked, but I don't see anything that looks like
ftp being blocked in pflog. If I disable pf, package tools work. Is
there a way to log everything that is blocked?

Kendall

Re: reliable, dd over simple ip network

[John Jackson]

Maybe the simplest usage:

tar cfz - /somedir | ssh somehost dd of=/somefile.tgz

John

On Thu, Oct 16, 2008 at 10:42:17AM -0400, Douglas A. Tutty wrote:
 On Wed, Oct 15, 2008 at 09:28:56PM -0700, Neko wrote:
  
  since my partitions have 16% free on all systems, i cant tarball the
  drive sent it to target machine and uncompress,
  
 Tarball it up, pipe the output somewhere, eg via ssh
 
 (disclaimer: untested; concept only)
 
 [tar commands, to stdout] | ssh [EMAIL PROTECTED] cat - [tar commands to
 untar the ball] or  tarball.tgz
 
 Or use rsync?
 
 Doug.

Re: pf outbound nat load balancing issue

[gm_sjo]

Forgot to mention, i'm running 4.3 release.


2008/10/16 gm_sjo [EMAIL PROTECTED]:
 Hi all,

 I have a very basic pf NAT setup for testing on my new firewall. The
 firewall has two PPPoE connections which are using multipath default
 routes to load balance. Load balancing works for non-NAT traffic, but
 NAT traffic is only going out via one link, not both.

Get Popular Screensavers

[PMC Concepts]

Halloween Screensavers!

Hundreds of wicked Halloween Screensavers! Spook your friends with one of our 
spooktastic screensavers this Halloween! They will love it!

Our Screen Savers:

Are totally Free!

There are thousands of free photos  exclusive 3-D animations to choose from

Require NO Registration

Have NO Spyware or Adware

Click Here to send one today! 
http://livabledesign.com/RRSSGNvFZOvvueGvGvGvNeSxRZuOFG/


For more information about PopularScreenSavers, including our address and 
unsubscribe go to http://livabledesign.com/RRSSGNvFZOvvueGvGeGvNeSxRZuOFG/



PopularScreenSavers

One North Lexington

9th Floor

White Plains, NY 10601

This email is a commercial advertisement sent in compliance with the CanSpam 
Act of 2003. 
if you wish to be excluded from all mailings, please use the link at the bottom 
of the page.
Brought to you By:
PMC Marketing 68995c8 ,  1440 Coral Ridge Dr. #422 , Coral Springs , Florida 
33071
1066304100
Unsubscribe misc@openbsd.org 
http://livabledesign.com/RRSSGNvFZOvvueGvGSGvNeSxRZuOFG/

Re: what exactly is enc0?

[Johan Beisser]

The board's PCI slot has to be molded to support it. If not, a dremmel
and a little precision will permit the card to sit in the slot with no
problems.

Shave a few mm off the PCI slot's side, don't cut the card.
.

On 10/16/08, J.C. Roberts [EMAIL PROTECTED] wrote:
 On Wednesday 15 October 2008, ropers wrote:
 I don't know if it is possible to use --surrounding physical space
 permitting-- 64bit cards in 32 bit slots (and have them run w/
 reduced performance). IIRC, something like that used to be possible
 back when it came to the transition from 8bit ISA to 16bit ISA slots;
 back then, some 16bit ISA cards could be used in 8bit slots at
 reduced speeds. Whether something like that is possible now with
 64bit PCI cards I don't know. Maybe someone else knows.

 Of course it depends on the design of the specific card, but yes, at
 least *some* 64-bit cards can be used in 32-bit slots. I've seen early
 64-bit PCI SCSI controller cards that were built this way.

 --
 JCR

Re: package ports tools, ftp and pf

[Johan Beisser]

Either switch to passive ftp, or open your ftp-data port.

That should solve some of your problems.


On 10/16/08, Kendall Shaw [EMAIL PROTECTED] wrote:
 I get no reply when I try to subscribe to the pf mailing list, so I'll
 ask here. I'm running OpenBSD 4.3 stable on amd64. I use what is in the
 pf faq to allow ftp from my internal lan via nat, which works, but I
 can't ftp from the computer that is running pf unless I use ftp -AaE as
 I read about in a post on this list I think. And, I am unable to
 retrieve or query package or install ports.

 If I simply use ftp without arguments, I can login but I can't list
 directories. It hangs after printing 200 EPRT command successful.

 I tried setting FETCH_CMD to '/usr/bin/ftp -AaE' but I still can not use
 pkg_add, and I can't use pkg_info. If I try to build a port, it can't
 retrieve the files. I would prefer to fix my pf rules. What do I need to
 do to allow ftp, package tools and ports to work from the machine
 running pf?

 Also, my filtering rules start with block log all, which I hoped would
 log anything that is blocked, but I don't see anything that looks like
 ftp being blocked in pflog. If I disable pf, package tools work. Is
 there a way to log everything that is blocked?

 Kendall

RES: weird dmesg

[Ricardo Augusto de Souza]

No ideas?


-Mensagem original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de
Ricardo Augusto de Souza
Enviada em: quinta-feira, 16 de outubro de 2008 12:08
Para: misc@openbsd.org
Assunto: weird dmesg

I was preparing some information about my system to post my questions
here and I saw that weird output in dmesg.

Take a look.

How can I avoid/fix this?



# dmesg   info.txt

# vi info.txt

[4] + Suspendedvi info.txt

#





# cat info.txt

 speaker

lpt0 at isa0 port 0x378/4 irq 7

npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16

pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo

pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo

fdc0 at isa0 port 0x3f0/6 irq 6 drq 2

fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec

biomask ff65 netmask ff65 ttymask ffe7

mtrr: Pentium Pro MTRR support

Kernelized RAIDframe activated

Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not
configured

ahd0: target 0 synchronous with period = 0x8, offset =
0x7f(RDSTRM|DT|IU|RTI|QAS)

ahd0: target 6 synchronous with period = 0x8, offset =
0x7f(RDSTRM|DT|IU|RTI|QAS)

cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0

SENSE KEY: Not Ready

 ASC/ASCQ: Medium Not Present

softraid0 at root

root on sd0a swap on sd0b dump on sd0b

arp: attempt to add entry for 10.10.100.253 on xl0 by 00:0a:5e:63:7e:2e
on bge0

arp: attempt to add entry for 10.10.0.94 on xl0 by 00:15:58:d8:80:1d on
bge0

arp: attempt to add entry for 10.10.0.39 on xl0 by 00:0e:a6:be:d9:9a on
bge0

arp: attempt to add entry for 10.10.0.86 on xl0 by 00:15:58:d8:7e:f3 on
bge0

Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not
configured

arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1e on bge0

arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1d on bge0

arp: attempt to add entry for 10.10.0.82 on xl0 by 00:15:f2:5d:e7:74 on
bge0

arp: attempt to add entry for 10.10.0.108 on xl0 by 00:18:71:8c:29:83 on
bge0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0f:ea:d2:07:52 on xl0

arp: attempt to overwrite entry for 10.10.0.9 on xl0 by
00:0d:88:53:31:1e on bge0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not
configured

Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 2 not
configured

Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not
configured

arp: attempt to add entry for 10.10.0.80 on xl0 by 00:1a:6b:59:42:cc on
bge0

arp: attempt to add entry for 10.10.0.61 on xl0 by 00:1c:25:c0:74:e6 on
bge0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0f:ea:d2:07:52 on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp: attempt to add entry for 10.10.0.112 on xl0 by 00:1a:6b:59:05:25 on
bge0

arp info overwritten for 10.10.0.69 by 00:04:75:b1:71:ea on xl0

arp info overwritten for 10.10.0.69 by 00:1a:6b:59:09:9c on xl0

arp info overwritten for 10.10.0.69 by 00:04:75:b1:71:ea on xl0

arp info overwritten for 10.10.0.69 by 00:1a:6b:59:09:9c on xl0

ichiic0: exec: op 1, addr 0x2e, cmdlen 1, len 1, flags 0x00: timeout,
status 0x0

ichiic0: abort failed, status 0x40INUSE

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp: attempt to add entry for 10.10.0.89 on xl0 by 00:1a:6b:59:44:59 on
bge0

arp: attempt to add entry for 10.10.0.40 on xl0 by 00:14:22:b4:29:0f on
bge0

arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1d on bge0

ichiic0: exec: op 1, addr 0x2d, cmdlen 1, len 1, flags 0x00: timeout,
status 0x0

ichiic0: abort failed, status 0x40INUSE

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0

arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0

arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0

WPA Enterprise (openBSD 4.4)

[kabel]

Hello,

being a new openBSD User, I encounter several problems, which I normally
manage to solve by doing research and/or reading man files.
Except for one thing. WPA Enterprise. At my university we have an WPA
Enterprise Wlan, where students use to connect to the virtual world.
Well, after installing openBSD 4.4 snapshot, I didn't encounter problems
to connect to WPA(2) Networks, works really great, except for this
university network, which is very important for me, because I spend most
of my time there.

I found out in the man page that WPA Enterprise is supported. Owing a
wlan card using the wpi driver this should work.

I also manage to connect to the AP. I see following output when I enter
ifconfig wpi0:

wpi0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:14:02:08:e4:3f
groups: wlan
media: IEEE802.11 autoselect (OFDM36 mode 11a)
status: active
ieee80211: nwid wlan23 chan 11 bssid 00:20:2b:68:e6:b0 37dB
wpaprotos wpa1 wpaakms 802.1x wpaciphers tkip wpagroupcipher tkip 100dBm
inet6 fe80::213:2ff:fe08:e43f%wpi0 prefixlen 64 scopeid 0x2


My problem is that I don't know how to authenticate myself. How can I
provide my login an password?

I would be very pleased if someone has the time to help me,

Thanks  Greetings,

Kabel

Re: reliable, dd over simple ip network

[Daniel Melameth]

On Wed, Oct 15, 2008 at 10:28 PM, Neko [EMAIL PROTECTED] wrote:
 i have found a really dirty way of going around this,
 so im fishing for advices on finding a reliable way
 to dd over simple ip network with the generic bsd.

 could this be done in a straight pipe ?

 i have an ftp on the generic bsd, containing data, this
 bsd system is on a multiple os drive. i have no choice to
 dd, since multiple partition got updated out of hand, no way
 to single track specific updated folders. *well actually yes, its
 the dirty way stipulated above*

 since my partitions have 16% free on all systems, i cant tarball the
 drive sent it to target machine and uncompress,

 anyays, if you have suggestion on opensource pkgs, services i could open,
 or any bright idea i would like to hear them

You could easily use a few pipes, dd and the built-in netcatand add
some compression too if you wanted.

whitelisting X DSL (dynamic IP)s

[Jose Fragoso]

Hi,

I am planning to setup a network with a OpenBSD/SPAMD firewall,
and an internal POSTFIX server with SASL SMTP AUTH.

While think about it, I realized that I have a problem here.
Whenever a mobile user wants to send mail (relaying) through
the POSTFIX server, he will have to go through the greylist
process. I can tell my users to try at least 3 times ( in a
period of 30 minutes) to send email messages every time they
change IP address. But then, I will end up with a bunch of
whitelisted dynamically allocated IPs by various ISPs.

So my question is: what is the best way to deal with this
kind of situation. Should I reduce the value of whiteexp ?
Has anybody thought of way of cleaning such road-warrior
addresses on a daily basis ? To be fare, these address
should not stay in the whitelist for long, since they
change hands quite often!!

Any comments, suggestion, links would be appreciated.

Best regards,

Jose



--
Be Yourself @ mail.com!
Choose From 200+ Email Addresses
Get a Free Account at www.mail.com

Re: reliable, dd over simple ip network

[Jesus Sanchez]

Daniel Melameth escribis:

On Wed, Oct 15, 2008 at 10:28 PM, Neko [EMAIL PROTECTED] wrote:
  

i have found a really dirty way of going around this,
so im fishing for advices on finding a reliable way
to dd over simple ip network with the generic bsd.

could this be done in a straight pipe ?

i have an ftp on the generic bsd, containing data, this
bsd system is on a multiple os drive. i have no choice to
dd, since multiple partition got updated out of hand, no way
to single track specific updated folders. *well actually yes, its
the dirty way stipulated above*

since my partitions have 16% free on all systems, i cant tarball the
drive sent it to target machine and uncompress,

anyays, if you have suggestion on opensource pkgs, services i could open,
or any bright idea i would like to hear them



You could easily use a few pipes, dd and the built-in netcatand add
some compression too if you wanted.


  

nc -l  , tar and gzip also looks great.

-Jesus

Re: whitelisting X DSL (dynamic IP)s

[johan beisser]

On Oct 16, 2008, at 1:59 PM, Jose Fragoso wrote:


So my question is: what is the best way to deal with this
kind of situation. Should I reduce the value of whiteexp ?
Has anybody thought of way of cleaning such road-warrior
addresses on a daily basis ? To be fare, these address
should not stay in the whitelist for long, since they
change hands quite often!!


Use SMTP-AUTH on an alternate port, say submission (port 587) and  
require SASL on top of that. There are literally hundreds of howtos  
and docs on doing this with Sendmail and Postfix.


It should solve all your issues with greylisting on port 25.

Re: whitelisting X DSL (dynamic IP)s

[Jeff Ross]

Jose Fragoso wrote:

Hi,

I am planning to setup a network with a OpenBSD/SPAMD firewall,
and an internal POSTFIX server with SASL SMTP AUTH.

While think about it, I realized that I have a problem here.
Whenever a mobile user wants to send mail (relaying) through
the POSTFIX server, he will have to go through the greylist
process. I can tell my users to try at least 3 times ( in a
period of 30 minutes) to send email messages every time they
change IP address. But then, I will end up with a bunch of
whitelisted dynamically allocated IPs by various ISPs.

So my question is: what is the best way to deal with this
kind of situation. Should I reduce the value of whiteexp ?
Has anybody thought of way of cleaning such road-warrior
addresses on a daily basis ? To be fare, these address
should not stay in the whitelist for long, since they
change hands quite often!!

Any comments, suggestion, links would be appreciated.

Best regards,

Jose


I do this with qmail.

You need another smtp server listening on another port for relaying 
mail.  587 is the smtp submission port, 465 is the SSL-wrapped port. 
Once your relay users authenticate, you can relay out and skip talking 
to your own port 25 smtp daemon.


I run TLS on port 587, and SSL on 465.

Jeff

Re: WPA Enterprise (openBSD 4.4)

[Floor Terra]

kabel wrote:

Hello,

being a new openBSD User, I encounter several problems, which I normally
manage to solve by doing research and/or reading man files.
Except for one thing. WPA Enterprise. 
As far as I know OpenBSD doesn't have 802.1X (The Enterprise part of 
WPA Enterprise) support.

I have a quote from *Jonathan Gray:*
So there are a few problems, one is that no one is terribly interested 
in developing the required code for it, and the other is that all the 
freely available 802.1X supplicants seem to be vastly overengineered. 
The focus is more towards having as much hardware as possible just 
working out of box than dealing with the pain of yet another IEEE 
state machine.

http://www.onlamp.com/pub/a/bsd/2007/05/03/openbsd-41-puffy-strikes-again.html?page=2


At my university we have an WPA
Enterprise Wlan, where students use to connect to the virtual world.
  
I'm at the university of Amsterdam and they have 802.1X too. I wish I 
could do more than buy a cd set every release.

Well, after installing openBSD 4.4 snapshot, I didn't encounter problems
to connect to WPA(2) Networks, works really great, except for this
university network, which is very important for me, because I spend most
of my time there.

I found out in the man page that WPA Enterprise is supported. Owing a
wlan card using the wpi driver this should work.

I also manage to connect to the AP. I see following output when I enter
ifconfig wpi0:

wpi0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:14:02:08:e4:3f
groups: wlan
media: IEEE802.11 autoselect (OFDM36 mode 11a)
status: active
ieee80211: nwid wlan23 chan 11 bssid 00:20:2b:68:e6:b0 37dB
wpaprotos wpa1 wpaakms 802.1x wpaciphers tkip wpagroupcipher tkip 100dBm
inet6 fe80::213:2ff:fe08:e43f%wpi0 prefixlen 64 scopeid 0x2


My problem is that I don't know how to authenticate myself. How can I
provide my login an password?

I would be very pleased if someone has the time to help me,

Thanks  Greetings,

Kabel


  



--
Floor Terra [EMAIL PROTECTED]
www: http://brobding.mine.nu/
Netiquette Guidelines: http://www.apps.ietf.org/rfc/rfc1855.html 

Re: reliable, dd over simple ip network

[Neko]

wow thanks for your time,

yes i already master dd, and i have to use it since im cloning two
disk that are identical both disk with more that 5 partition / 6 os.

i have no choice I HAVE TO binary copy the disk, and their is a catch
since i want to update all my partitions in a fly, since many of them
had updates, i normally got track of all of the changes and ftp the
small tarballs to the appropriate system, and what i meant by catch is

disks are identical

i have 16% free on both disk, i cant afford *in the design not monetarly*
to dump a tarball that would weight more that a hundred time what i have left 
for ressources.


i am using ip4/ftp/ssh/sftp as of openservices,  my question is
i need to create a device that could stream the binary flow straight to
my disk tru the ip4/sftp/ssh net.


more suggestion ?
thanks


neko



--- On Thu, 10/16/08, Mr D R Hughes [EMAIL PROTECTED] wrote:

 From: Mr D R Hughes [EMAIL PROTECTED]
 Subject: Re: reliable, dd over simple ip network
 To: [EMAIL PROTECTED]
 Date: Thursday, October 16, 2008, 5:43 AM
 Neko wrote:
  Good day to all of you,
  
  i have found a really dirty way of going around this, 
  so im fishing for advices on finding a reliable way
  to dd over simple ip network with the generic bsd.
  
  could this be done in a straight pipe ?
  
  i have an ftp on the generic bsd, containing data,
 this 
  bsd system is on a multiple os drive. i have no choice
 to
  dd, since multiple partition got updated out of hand,
 no way
  to single track specific updated folders. *well
 actually yes, its
  the dirty way stipulated above*
  
  since my partitions have 16% free on all systems, i
 cant tarball the
  drive sent it to target machine and uncompress,
 
 If you can mount the destination (eg; via NFS or Samba)
 then you can 
 still use tar (it should also be possible to pipe the
 tarred stdin 
 through scp to an sshd enabled destination if you can't
 mount it):-
 
 cd TargetDir  tar cvpf - . | ( cd DestinationDir
  tar xvpf - . ) ; 
 sync ; sync
 
 Other choices would include dump (re; $ man dump) and rsync
 (re; OpenBSD 
   packages), but if for some reason you really must use dd
 (eg; to clone 
 a disk/partition), I've not tried it but dd should work
 using the 
 following or similar command over a network mounted
 filesystem after 
 booting to single user with network support mode:-
 
 dd if=/dev/TargetDisk | ( cd /DestinationDir  dd
 of=BackupFile.image ) 
 ; sync ; sync
 
 Note that this process is likely to take a very long time
 unless you 
 give dd appropriate ibs and obs or bs value/s to speed it
 up (see $ man 
 dd).
 
 The destination backup file will also be a raw data (ie;
 image) file 
 which you'll have to mount as a vnode pseudo-device
 (see $ man vnconfig) 
 if you only want to restore a few files and not the whole
 disk or 
 partition at a later date.
 
 Generally dd isn't a good choice for backing up data
 unless you want to 
 keep clones of hard disks or partitions for replication.
 Also when 
 cloning disks or partitions it is usually more convenient
 to remove the 
 source disk/s and fit it and the destination disk/s to a
 spare machine 
 for cloning.
 
 Rhys
 
  
  anyays, if you have suggestion on opensource pkgs,
 services i could open,
  or any bright idea i would like to hear them,
  
  since my solution for now is screwdrivers :C
  
  thanks 
  
  neko

Re: reliable, dd over simple ip network

[Neko]

since tar can be a device,
and ssh open a port
can i use straight device to device using both engines ?



--- On Thu, 10/16/08, John Jackson [EMAIL PROTECTED] wrote:

 From: John Jackson [EMAIL PROTECTED]
 Subject: Re: reliable, dd over simple ip network
 To: misc@openbsd.org
 Date: Thursday, October 16, 2008, 12:26 PM
 Maybe the simplest usage:
 
 tar cfz - /somedir | ssh somehost dd
 of=/somefile.tgz
 
 John
 
 On Thu, Oct 16, 2008 at 10:42:17AM -0400, Douglas A. Tutty
 wrote:
  On Wed, Oct 15, 2008 at 09:28:56PM -0700, Neko wrote:
   
   since my partitions have 16% free on all systems,
 i cant tarball the
   drive sent it to target machine and uncompress,
   
  Tarball it up, pipe the output somewhere, eg via ssh
  
  (disclaimer: untested; concept only)
  
  [tar commands, to stdout] | ssh [EMAIL PROTECTED] cat
 - [tar commands to
  untar the ball] or  tarball.tgz
  
  Or use rsync?
  
  Doug.

Re: reliable, dd over simple ip network

[Stuart Henderson]

On 2008-10-16, Neko [EMAIL PROTECTED] wrote:
 yes i already master dd, and i have to use it since im cloning two
 disk that are identical both disk with more that 5 partition / 6 os.

If you've mastered it, you'll know it can output or input data over
a pipe to/from another program. Like ssh.

Re: ral(4) stops generating traffic

[Stuart Henderson]

I think I probably see the same thing on RT2860, but you've got further
tracking down what's happening than me (my debugging is hampered by the
AP being about 2 hour's drive away..)

In gmane.os.openbsd.misc, you wrote:
 Hi,

 I 'm running OpenBSD 4.4-current (RALDBG) #0: Fri Oct 10 16:56:50 CEST 
 2008, which is GENERIC with RAL_DEBUG, but I've seen this problem with 
 previous kernels and without RAL_DEBUG, too.

 # dmesg | grep ral
 ral0 at pci0 dev 14 function 0 Ralink RT2860 rev 0x00: irq 10EEPROM 
 rev=1, FAE=1
 ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R)

 This is a pci Edimax EW-7728IN, which I believe is the same card that was 
 donated to damien@ (?) and that led to 28xx support.

 After an unfixed amount of time, from a few minutes up to a few days, the 
 interface simply stops respoding to probe requests:

 # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO not subtype beacon
 14:17:40.761912 CLI1-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 16): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -19dBm, 
 antenna 2, signal 17dB
 14:17:40.963338 CLI1-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 32): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -17dBm, 
 antenna 2, signal 15dB
 14:21:03.860025 CLI2-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 1120): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig 
 -27dBm, antenna 1, signal 25dB
 14:21:04.306901 CLI2-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 1520): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig 
 -23dBm, antenna 1, signal 21dB

 Whereas normally you'd see the probe req, probe resp, auth req, auth resp, 
 assoc req, assoc resp, wpa dance.

 # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO | grep beacon | grep 
 AP-MAC
 Shows that it stops sending beacon frames. It's still picking up the 
 beacons from the 5 other wlans it can see, so rx seems to work fine.

 # ifconfig ral0 down  ifconfig ral0 up
 Fixes everything, until it happens again after a seemingly random interval. 
 The kernel doesn't log anything unusual even with RAL_DEBUG.

 I suppose I should sendbug, but I think lots of people have these cards so 
 I'd like to know if anyone else is seeing this. Any ideas?

 Thanks and please cc,

 bbee

Avviso di accredito

[Poste Italiane]

[IMAGE]

Ultime da Poste Italiane:

Gentile Cliente,
Ci e' arrivata una segnalazione di accredito di Euro 216,31 ricevuta dal
UFFICIO POSTALE di ROMA. L'accredito e' stato temporaneamente bloccato a
causa dell'incongruenza dei suoi dati, potra' ora verificare i suoi dati
e successivamente le sara' accreditato l'importo ricevuto
Accedi a Poste.it ; Acceda al servizio accrediti online di Poste.it e
verifichi le sue operazioni ;

Sai che da oggi offriamo il doppio dei servizi? Vi offriamo solo servizi
sicuri e di alta qualita'.

Cordiali saluti,

Poste Italiane

Societ` del gruppo: [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE]

Ti preghiamo di non inviare alcuna risposta a questo messaggio e-mail,
poichi non verr` presa in considerazione.

Re: package ports tools, ftp and pf

[Kendall Shaw]

On Thu, 2008-10-16 at 11:25 -0700, Johan Beisser wrote:
 Either switch to passive ftp, or open your ftp-data port.
 
 That should solve some of your problems.

My problem seems to be similar to the thread Active FTP doesn't work
through a 3.3 firewall. I do actually have entries in pflog which I
missed because they are incoming with source port 20. So, I added:

pass in quick on $ext_if proto tcp from any port 20 to $ext_if port
{ 4  65500 }

and I can now use pkg_info.

 On 10/16/08, Kendall Shaw [EMAIL PROTECTED] wrote:
  I get no reply when I try to subscribe to the pf mailing list, so I'll
  ask here. I'm running OpenBSD 4.3 stable on amd64. I use what is in the
  pf faq to allow ftp from my internal lan via nat, which works, but I
  can't ftp from the computer that is running pf unless I use ftp -AaE as
  I read about in a post on this list I think. And, I am unable to
  retrieve or query package or install ports.
 
  If I simply use ftp without arguments, I can login but I can't list
  directories. It hangs after printing 200 EPRT command successful.
 
  I tried setting FETCH_CMD to '/usr/bin/ftp -AaE' but I still can not use
  pkg_add, and I can't use pkg_info. If I try to build a port, it can't
  retrieve the files. I would prefer to fix my pf rules. What do I need to
  do to allow ftp, package tools and ports to work from the machine
  running pf?
 
  Also, my filtering rules start with block log all, which I hoped would
  log anything that is blocked, but I don't see anything that looks like
  ftp being blocked in pflog. If I disable pf, package tools work. Is
  there a way to log everything that is blocked?
 
  Kendall

X not start

[Daniel Bareiro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all!

I'm trying to use KDE in OpenBSD but I'm having problems with the basic
step: to obtain that X server works. I have this problem with OpenBSD
4.3. With snapshot of OpenBSD 4.4, X server works without problems. For
both cases, I indicated during the installation that X server would be
used.

Both installations are kvm virtual machines in the same hardware.

In both installations I generate the X configuration file with:

# X -configure

And I test it with:

# X -config xorg.conf.new

Doing 'diff' of both configuration files, I obtain the following thing:

# diff xorg.conf.new.43 xorg.conf.new.44
21a22
   Load  dri

It is the log that I obtain in OpenBSD 4.3:

- 
(--) checkDevMem: using aperture driver /dev/xf86
(--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode
(version 3.32)

This is a pre-release version of the X server from The X.Org Foundation.
It is not supported in any way.
Bugs may be filed in the bugzilla at http://bugs.freedesktop.org/.
Select the xorg product for bugs you find in this release.
Before reporting bugs in pre-release versions please check the
latest version in the X.Org Foundation git repository.
See http://wiki.x.org/wiki/GitPage for git access instructions.

X.Org X Server 1.4.0.90
Release Date: 5 September 2007
X Protocol Version 11, Revision 0
Build Operating System: OpenBSD 4.3 i386
Current Operating System: OpenBSD puffy.educ.ar 4.3 GENERIC#698 i386
Build Date: 07 March 2008  07:40:46PM

Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: /var/log/Xorg.0.log, Time: Thu Oct 16 22:33:15 2008
(EE) Unable to locate/open config file: xorg.conf.new
(II) Loader magic: 0x3c01c4e0
(II) Module ABI versions:
X.Org ANSI C Emulation: 0.3
X.Org Video Driver: 2.0
X.Org XInput driver : 2.0
X.Org Server Extension : 0.3
X.Org Font Renderer : 0.5
(II) Loader running on openbsd
(II) LoadModule: pcidata
(II) Loading /usr/X11R6/lib/modules//libpcidata.so
(II) Module pcidata: vendor=X.Org Foundation
compiled for 1.4.0.90, module version = 1.0.0
ABI class: X.Org Video Driver, version 2.0
(WW) OS did not count PCI devices, guessing wildly
(II) PCI: PCI scan (all values are in hex)
(II) PCI: 00:00:0: chip 8086,1237 card , rev 02 class 06,00,00 hdr 00
(II) PCI: 00:01:0: chip 8086,7000 card , rev 00 class 06,01,00 hdr 80
(II) PCI: 00:01:1: chip 8086,7010 card , rev 00 class 01,01,80 hdr 00
(II) PCI: 00:01:3: chip 8086,7113 card , rev 03 class 06,80,00 hdr 00
(II) PCI: 00:02:0: chip 1013,00b8 card , rev 00 class 03,00,00 hdr 00
(II) PCI: 00:03:0: chip 10ec,8029 card , rev 00 class 02,00,00 hdr 00
(II) PCI: End of PCI scan
(II) Host-to-PCI bridge:
(II) Bus 0: bridge is at (0:0:0), (0,0,0), BCTRL: 0x0008 (VGA_EN is set)
(II) Bus 0 I/O range:
[0] -1  0   0x - 0x (0x1) IX[B]
(II) Bus 0 non-prefetchable memory range:
[0] -1  0   0x - 0x (0x0) MX[B]
(II) Bus 0 prefetchable memory range:
[0] -1  0   0x - 0x (0x0) MX[B]
(II) PCI-to-ISA bridge:
(II) Bus -1: bridge is at (0:1:0), (0,-1,-1), BCTRL: 0x0008 (VGA_EN is
set)
(--) PCI:*(0:2:0) Cirrus Logic GD 5446 rev 0, Mem @ 0xf000/25,
0xf200/12
New driver is cirrus
(==) Using default built-in configuration (55 lines)
(==) --- Start of built-in configuration ---
Section Module
Loadextmod
Loaddbe
Loadglx
Loadfreetype
Loadtype1
Loadrecord
Loaddri
EndSection
Section Monitor
Identifier  Builtin Default Monitor
EndSection
Section Device
Identifier  Builtin Default cirrus Device 0
Driver  cirrus
EndSection
Section Screen
Identifier  Builtin Default cirrus Screen 0
Device  Builtin Default cirrus Device 0
Monitor Builtin Default Monitor
EndSection
Section Device
Identifier  Builtin Default fbdev Device 0
Driver  fbdev
EndSection
Section Screen
Identifier  Builtin Default fbdev Screen 0
Device  Builtin Default fbdev Device 0
Monitor Builtin Default Monitor
EndSection
Section Device
Identifier  Builtin Default vesa Device 0
Driver  vesa
EndSection
Section 

Re: X not start

[Girish Venkatachalam]

On 00:55:38 Oct 17, Daniel Bareiro wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Hi all!
 
 I'm trying to use KDE in OpenBSD but I'm having problems with the basic
 step: to obtain that X server works. I have this problem with OpenBSD
 4.3. With snapshot of OpenBSD 4.4, X server works without problems. For
 both cases, I indicated during the installation that X server would be
 used.
 
 Both installations are kvm virtual machines in the same hardware.
 
 In both installations I generate the X configuration file with:
 
 # X -configure
 
 And I test it with:
 
 # X -config xorg.conf.new
 

If the previous step reported success then you should try exactly what
it says. And it asks you to run

# X -config /root/xorg.conf.new

There is a silly bug and 'X -config' won't work with relative paths...

-Girish

Re: ral(4) stops generating traffic

[Guido Tschakert]

Stuart Henderson schrieb:
 I think I probably see the same thing on RT2860, but you've got further
 tracking down what's happening than me (my debugging is hampered by the
 AP being about 2 hour's drive away..)
 
 In gmane.os.openbsd.misc, you wrote:
 Hi,

 I 'm running OpenBSD 4.4-current (RALDBG) #0: Fri Oct 10 16:56:50 CEST 
 2008, which is GENERIC with RAL_DEBUG, but I've seen this problem with 
 previous kernels and without RAL_DEBUG, too.

 # dmesg | grep ral
 ral0 at pci0 dev 14 function 0 Ralink RT2860 rev 0x00: irq 10EEPROM 
 rev=1, FAE=1
 ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R)

 This is a pci Edimax EW-7728IN, which I believe is the same card that was 
 donated to damien@ (?) and that led to 28xx support.

 After an unfixed amount of time, from a few minutes up to a few days, the 
 interface simply stops respoding to probe requests:

 # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO not subtype beacon
 14:17:40.761912 CLI1-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 16): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -19dBm, 
 antenna 2, signal 17dB
 14:17:40.963338 CLI1-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 32): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -17dBm, 
 antenna 2, signal 15dB
 14:21:03.860025 CLI2-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 1120): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig 
 -27dBm, antenna 1, signal 25dB
 14:21:04.306901 CLI2-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 1520): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig 
 -23dBm, antenna 1, signal 21dB

 Whereas normally you'd see the probe req, probe resp, auth req, auth resp, 
 assoc req, assoc resp, wpa dance.

 # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO | grep beacon | grep 
 AP-MAC
 Shows that it stops sending beacon frames. It's still picking up the 
 beacons from the 5 other wlans it can see, so rx seems to work fine.

 # ifconfig ral0 down  ifconfig ral0 up
 Fixes everything, until it happens again after a seemingly random interval. 
 The kernel doesn't log anything unusual even with RAL_DEBUG.

 I suppose I should sendbug, but I think lots of people have these cards so 
 I'd like to know if anyone else is seeing this. Any ideas?

 Thanks and please cc,

 bbee
 
 

After reading this, I think I have a similar problem
(But sorry, I did not dig any deeper)
First the part of the dmesg:
ral0 at pci0 dev 20 function 0 Ralink RT2860 rev 0x00: irq 15, address
xx:xx:xx:xx:xx:xx
ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R)

and my /etc/hostname.ral0 contains:
inet x.y.z.w a.b.c.d NONE media autoselect mode 11g mediaopt hostap nwid
abc wpa wpapsk
0xa0101010101010101010101010101010101010101010101010101010101010101
wpaprotos wpa1 chan 11 description WLAN WPA

From time to time I could not connect any more so I had to restart
ral0 which leads to my (quick'n'dirty) workaround.
In my /etc/crontab is the following line:
30 4 * * * root /bin/sh /etc/netstart ral0

Up to now this worked for me and I have forgotten about the problem :-(
until I read this thread...

guido