Re: OpenBSD 4.4 Console Will Not Clear
Greets: I have found where the FAQ was needed to be updated ;D I looked in ttys and found that it was using the getty std,9600 instead of the getty Pc. Sorry for the trouble, Bret Bret wrote: Greetings I have been running OpenBSD as a firewall/router since 2.5 and have never had any problem with Clearing the console each time a user logs out. I have just installed 4.4 on a system that was running 4.0. I did a complete install from the install CD off the ftp site(s). I then edited /etc/gettytab the same way I have done many times before, following the FAQ instructions. The console will not clear after logging out. I have even rebooted and the same results. I thought I might have screwed the file up editing it so I even did another clean install and ONLY installed pico to edit /etc/gettytab just in case I somehow messed it up using vi... still no go. Looked out on the net and found no reference to this. Any Ideas? Bret
Re: OpenBSD 4.4 Console Will Not Clear
On Mon, Dec 08, 2008 at 03:56:21PM -0700, Bret spoke thusly: > Greetings > >I have been running OpenBSD as a firewall/router since 2.5 and have > never had any problem with Clearing the console each time a user logs > out. I have just installed 4.4 on a system that was running 4.0. I did a > complete install from the install CD off the ftp site(s). I then edited > /etc/gettytab the same way I have done many times before, following the > FAQ instructions. The console will not clear after logging out. I have > even rebooted and the same results. I thought I might have screwed the > file up editing it so I even did another clean install and ONLY > installed pico to edit /etc/gettytab just in case I somehow messed it up > using vi... still no go. Looked out on the net and found no reference to > this. Any Ideas? > > Bret > I'm assuming you're referring to http://www.openbsd.org/faq/faq7.html#ConsoleClear i.e., To do this you must add a line in /etc/gettytab(5). Change the current section: P|Pc|Pc console:\ :np:sp#9600: adding the line ":cl=\E[H\E[2J:" at the end, so that it ends up looking like this: P|Pc|Pc console:\ :np:sp#9600:\ :cl=\E[H\E[2J: Now try changing default:\ :np:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200: to default:\ :np:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:cl=\E[H\E[2J: Denny White -- /"\ASCII Ribbon Campaign \ /Respect for low technology. X Keep e-mail messages readable by any computer system. / \Keep it ASCII. === GnuPG key : 0x1644E79A | http://wwwkeys.nl.pgp.net Fingerprint: D0A9 AD44 1F10 E09E 0E67 EC25 CB44 F2E5 1644 E79A ===
Re: Network challenge?
Hi, >>> >>> Let's go super simple. >>> Existing setup: >>> ISP#1--A--ISP#2 >>> A has a /30 on each side >>> A has a /29 routed to it from ISP#1 >>> >>> Desired setup: >>> ISP#1--A--ISP#2-MyISP---B >>> ALL traffic to A via ISP#1 is to go to B >>> ALL replies to return via A >>> B will handle A's /29 >>> A should just be a "lump in the pipe" >>> Translation of addresses en route is fine as long as connections from >>> the cloud intended for A get to B and responses get back looking like >>> the real thing. > So I setup a gre tunnel a la the manpage example. > But how does the traffic coming from ISP#1 get to be treated properly > at B? > And replied to without the sender seeing that it's from a foreign > destination? > And will the /29 arrive at B ready to route to local hosts? If i really understood it, what you want/need is. - create a vpn between A and B - A must have a route that says that should go thru VPN - A must have a NAT rule that says that should be translated to [1] - B must have a default route that route packets from thru VPN I have done this with, err.. other OS. Anyway should be even easier with openbsd. Not really sure about this but from the perspective of a external viewer the only difference should be the TTL from packets coming from A and B, but even that could be masked. [1] not really necessary... if you are going to use /29 behind B. In this case = A /29 -- Christian Lyra PoP-PR/RNP
Re: Network challenge?
On Tue, Dec 09, 2008 at 11:17:22AM +1100, Rod Whitworth wrote: > On Mon, 8 Dec 2008 17:29:16 -0500, Jason Dixon wrote: > > >On Tue, Dec 09, 2008 at 09:16:29AM +1100, Rod Whitworth wrote: > >> On Mon, 8 Dec 2008 16:40:56 -0500, Jason Dixon wrote: > >> > >> >I don't know how to answer your question because the network art above > >> >is unreadable. gre(4) will allow you to route networks across a tunnel. > >> >Think of it as IPSec without the Sec. It will allow networks that are > >> >usually non-routable (rfc1918) to route to each other. It will also > >> >allow you to extend segments of your public networks elsewhere. > >> > > >> > >> Let's go super simple. > >> Existing setup: > >> ISP#1--A--ISP#2 > >> A has a /30 on each side > >> A has a /29 routed to it from ISP#1 > >> > >> Desired setup: > >> ISP#1--A--ISP#2-MyISP---B > >> ALL traffic to A via ISP#1 is to go to B > >> ALL replies to return via A > >> B will handle A's /29 > >> A should just be a "lump in the pipe" > >> Translation of addresses en route is fine as long as connections from > >> the cloud intended for A get to B and responses get back looking like > >> the real thing. > >> > >> Possible? > > > >If I understand your description, yes. > > So I setup a gre tunnel a la the manpage example. > But how does the traffic coming from ISP#1 get to be treated properly > at B? > And replied to without the sender seeing that it's from a foreign > destination? > And will the /29 arrive at B ready to route to local hosts? I don't mean this in a RTFM-ish way, but you really just need to sit down with a test setup and try it out for yourself so you can see what is capable. Then come back and have questions as needed. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: rx descriptor error
On Mon, Dec 8, 2008 at 6:57 PM, David Gwynne <[EMAIL PROTECTED]> wrote: > what was the machine doing when that message appeared? was this the first > time you brought the interface up? had the interface previously been brought > up and down several times? First boot after compiling the current kernel. Chris
Re: Network challenge?
On Mon, 8 Dec 2008 17:29:16 -0500, Jason Dixon wrote: >On Tue, Dec 09, 2008 at 09:16:29AM +1100, Rod Whitworth wrote: >> On Mon, 8 Dec 2008 16:40:56 -0500, Jason Dixon wrote: >> >> >I don't know how to answer your question because the network art above >> >is unreadable. gre(4) will allow you to route networks across a tunnel. >> >Think of it as IPSec without the Sec. It will allow networks that are >> >usually non-routable (rfc1918) to route to each other. It will also >> >allow you to extend segments of your public networks elsewhere. >> > >> >> Let's go super simple. >> Existing setup: >> ISP#1--A--ISP#2 >> A has a /30 on each side >> A has a /29 routed to it from ISP#1 >> >> Desired setup: >> ISP#1--A--ISP#2-MyISP---B >> ALL traffic to A via ISP#1 is to go to B >> ALL replies to return via A >> B will handle A's /29 >> A should just be a "lump in the pipe" >> Translation of addresses en route is fine as long as connections from >> the cloud intended for A get to B and responses get back looking like >> the real thing. >> >> Possible? > >If I understand your description, yes. So I setup a gre tunnel a la the manpage example. But how does the traffic coming from ISP#1 get to be treated properly at B? And replied to without the sender seeing that it's from a foreign destination? And will the /29 arrive at B ready to route to local hosts? I know I only had 4 hours sleep last night and I've now been up for nearly 8 hours so I'm starting to wilt, but I don't see clues on that in the gre manpage. I'm not surprised. This is one of those once-in-a-lifetime things I think. I was thinking relayd but it doesn't look like it does the whole range of ports (and protocols?). for any one address. Maybe I'm really too foggy. Thanx, > >-- >Jason Dixon >DixonGroup Consulting >http://www.dixongroup.net/ > *** NOTE *** Please DO NOT CC me. I subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
OpenBSD 4.4 Console Will Not Clear
Greetings I have been running OpenBSD as a firewall/router since 2.5 and have never had any problem with Clearing the console each time a user logs out. I have just installed 4.4 on a system that was running 4.0. I did a complete install from the install CD off the ftp site(s). I then edited /etc/gettytab the same way I have done many times before, following the FAQ instructions. The console will not clear after logging out. I have even rebooted and the same results. I thought I might have screwed the file up editing it so I even did another clean install and ONLY installed pico to edit /etc/gettytab just in case I somehow messed it up using vi... still no go. Looked out on the net and found no reference to this. Any Ideas? Bret
Re: rx descriptor error
On 09/12/2008, at 9:34 AM, Chris Smith wrote: Hello, Dmesg states: "em3: unable to fill any rx descriptors" with current. what was the machine doing when that message appeared? was this the first time you brought the interface up? had the interface previously been brought up and down several times? dlg Full dmesg: == # dmesg OpenBSD 4.4-current (GENERIC) #1: Mon Dec 8 18:18:34 EST 2008 [EMAIL PROTECTED]/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 1.80GHz ("GenuineIntel" 686-class) 1.80 GHz cpu0: FPU ,V86 ,DE ,PSE ,TSC ,MSR ,PAE ,MCE ,CX8 ,APIC ,SEP ,MTRR ,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM real mem = 535883776 (511MB) avail mem = 509894656 (486MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 10/17/02, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf0450 (82 entries) bios0: vendor Dell Computer Corporation version "A06" date 10/17/2002 bios0: Dell Computer Corporation Precision WorkStation 340 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP SSDT APIC BOOT acpi0: wakeup devices VBTN(S4) PCI0(S5) USB0(S3) USB1(S3) PCI1(S5) MOU_(S1) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PCI1) acpicpu0 at acpi0 acpibtn0 at acpi0: VBTN bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000 0xcb000/0x1800 0xcc800/0x3800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82850 Host" rev 0x04 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xe000, size 0x1000 ppb0 at pci0 dev 1 function 0 "Intel 82850/82860 AGP" rev 0x04 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "Matrox MGA G400/G450 AGP" rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x04 pci2 at ppb1 bus 2 em0 at pci2 dev 7 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: irq 11, address 00:07:e9:13:ed:3d em1 at pci2 dev 8 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: irq 10, address 00:1b:21:01:69:80 em2 at pci2 dev 9 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: irq 11, address 00:1b:21:01:69:14 em3 at pci2 dev 10 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: irq 11, address 00:1b:21:01:69:3e xl0 at pci2 dev 12 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 11, address 00:06:5b:01:67:1e exphy0 at xl0 phy 24: 3Com internal media interface ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x04 pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x04: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: <_NEC, DV-5800A, 1.0A> ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x04: irq 11 ichiic0 at pci0 dev 31 function 3 "Intel 82801BA SMBus" rev 0x04: irq 10 iic0 at ichiic0 admtm0 at iic0 addr 0x2d: 47m192 spdmem0 at iic0 addr 0x50: 256MB RIMM spdmem1 at iic0 addr 0x51: 256MB RIMM uhci1 at pci0 dev 31 function 4 "Intel 82801BA USB" rev 0x04: irq 9 auich0 at pci0 dev 31 function 5 "Intel 82801BA AC97" rev 0x04: irq 10, ICH2 AC97 ac97: codec id 0x41445360 (Analog Devices AD1885) ac97: codec features headphone, Analog Devices Phat Stereo audio0 at auich0 isa0 at ichpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec usb0 at uhci0: USB revision 1.0 uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 biomask ff65 netmask ff65 ttymask mtrr: Pentium Pro MTRR support softraid0 at root root on wd0a swap on wd0b dump on wd0b em3: unable to fill any rx descriptors == Is this a problem? Thanks. Chris
rx descriptor error
Hello, Dmesg states: "em3: unable to fill any rx descriptors" with current. Full dmesg: == # dmesg OpenBSD 4.4-current (GENERIC) #1: Mon Dec 8 18:18:34 EST 2008 [EMAIL PROTECTED]/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 1.80GHz ("GenuineIntel" 686-class) 1.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM real mem = 535883776 (511MB) avail mem = 509894656 (486MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 10/17/02, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf0450 (82 entries) bios0: vendor Dell Computer Corporation version "A06" date 10/17/2002 bios0: Dell Computer Corporation Precision WorkStation 340 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP SSDT APIC BOOT acpi0: wakeup devices VBTN(S4) PCI0(S5) USB0(S3) USB1(S3) PCI1(S5) MOU_(S1) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PCI1) acpicpu0 at acpi0 acpibtn0 at acpi0: VBTN bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000 0xcb000/0x1800 0xcc800/0x3800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82850 Host" rev 0x04 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xe000, size 0x1000 ppb0 at pci0 dev 1 function 0 "Intel 82850/82860 AGP" rev 0x04 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "Matrox MGA G400/G450 AGP" rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x04 pci2 at ppb1 bus 2 em0 at pci2 dev 7 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: irq 11, address 00:07:e9:13:ed:3d em1 at pci2 dev 8 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: irq 10, address 00:1b:21:01:69:80 em2 at pci2 dev 9 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: irq 11, address 00:1b:21:01:69:14 em3 at pci2 dev 10 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: irq 11, address 00:1b:21:01:69:3e xl0 at pci2 dev 12 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 11, address 00:06:5b:01:67:1e exphy0 at xl0 phy 24: 3Com internal media interface ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x04 pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x04: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: <_NEC, DV-5800A, 1.0A> ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x04: irq 11 ichiic0 at pci0 dev 31 function 3 "Intel 82801BA SMBus" rev 0x04: irq 10 iic0 at ichiic0 admtm0 at iic0 addr 0x2d: 47m192 spdmem0 at iic0 addr 0x50: 256MB RIMM spdmem1 at iic0 addr 0x51: 256MB RIMM uhci1 at pci0 dev 31 function 4 "Intel 82801BA USB" rev 0x04: irq 9 auich0 at pci0 dev 31 function 5 "Intel 82801BA AC97" rev 0x04: irq 10, ICH2 AC97 ac97: codec id 0x41445360 (Analog Devices AD1885) ac97: codec features headphone, Analog Devices Phat Stereo audio0 at auich0 isa0 at ichpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec usb0 at uhci0: USB revision 1.0 uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 biomask ff65 netmask ff65 ttymask mtrr: Pentium Pro MTRR support softraid0 at root root on wd0a swap on wd0b dump on wd0b em3: unable to fill any rx descriptors == Is this a problem? Thanks. Chris
Re: Problems with aucat playback
On Mon, Dec 08, 2008 at 11:50:02PM +0100, Alexandre Ratchov wrote: > On Mon, Dec 08, 2008 at 11:20:56PM +0200, Pekka Niiranen wrote: > > > > I obviously do not understand enough of audio processing to be able to > > understand the manuals. Why is mono 8kHz ulaw chopping the sound, > > for example. > > > > When I run command: > > > > aucat sound440.au > > aucat: format not supported by /dev/audio > > > > that's because your /dev/audio doesn't support ulaw format. Without > the -i option, aucat switches to legacy mode which tries to use > ulaw encoding. We're abondoning this format. There's no emulation > code for it in aucat, and there are no plans for it. > > > I do get longer sound. However, it has not the correct pitch nor > > the duration. I was hoping to start the playing from Python script with > > > > os.system("aucat sound440.au) > > > > I will try to find another commandline player or try to change > > from the format *.au to something else. > > > > yes, that's the best to do imo. You can use audio/sox from ports > (or any other utility) to change the file format; 8kHz, signed > 16bit format should be ok. > > If you care about portability across architectures, you can choose > a byte order and stick to it, for instance if you choose little > endian: > > aucat -r 8000 -e s16le -c 0:0 -i sound440.raw > > should play it properly on all archs. > oh i missed the beginning of the thread. You said that you produced the audio files on windows. If your app supports linear .wav files (usual for windows apps) then you can just use linear .wav files (aka ``uncompressed'' files) and play them as follows: aucat -i sound440.wav -- Alexandre
Re: Problems with aucat playback
On Mon, Dec 08, 2008 at 11:20:56PM +0200, Pekka Niiranen wrote: > > I obviously do not understand enough of audio processing to be able to > understand the manuals. Why is mono 8kHz ulaw chopping the sound, > for example. > > When I run command: > > aucat sound440.au > aucat: format not supported by /dev/audio > that's because your /dev/audio doesn't support ulaw format. Without the -i option, aucat switches to legacy mode which tries to use ulaw encoding. We're abondoning this format. There's no emulation code for it in aucat, and there are no plans for it. > I do get longer sound. However, it has not the correct pitch nor > the duration. I was hoping to start the playing from Python script with > > os.system("aucat sound440.au) > > I will try to find another commandline player or try to change > from the format *.au to something else. > yes, that's the best to do imo. You can use audio/sox from ports (or any other utility) to change the file format; 8kHz, signed 16bit format should be ok. If you care about portability across architectures, you can choose a byte order and stick to it, for instance if you choose little endian: aucat -r 8000 -e s16le -c 0:0 -i sound440.raw should play it properly on all archs. -- Alexandre
Re: Network challenge?
On Tue, Dec 09, 2008 at 09:16:29AM +1100, Rod Whitworth wrote: > On Mon, 8 Dec 2008 16:40:56 -0500, Jason Dixon wrote: > > >I don't know how to answer your question because the network art above > >is unreadable. gre(4) will allow you to route networks across a tunnel. > >Think of it as IPSec without the Sec. It will allow networks that are > >usually non-routable (rfc1918) to route to each other. It will also > >allow you to extend segments of your public networks elsewhere. > > > > Let's go super simple. > Existing setup: > ISP#1--A--ISP#2 > A has a /30 on each side > A has a /29 routed to it from ISP#1 > > Desired setup: > ISP#1--A--ISP#2-MyISP---B > ALL traffic to A via ISP#1 is to go to B > ALL replies to return via A > B will handle A's /29 > A should just be a "lump in the pipe" > Translation of addresses en route is fine as long as connections from > the cloud intended for A get to B and responses get back looking like > the real thing. > > Possible? If I understand your description, yes. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: Network challenge?
On Mon, 8 Dec 2008 16:40:56 -0500, Jason Dixon wrote: >I don't know how to answer your question because the network art above >is unreadable. gre(4) will allow you to route networks across a tunnel. >Think of it as IPSec without the Sec. It will allow networks that are >usually non-routable (rfc1918) to route to each other. It will also >allow you to extend segments of your public networks elsewhere. > Let's go super simple. Existing setup: ISP#1--A--ISP#2 A has a /30 on each side A has a /29 routed to it from ISP#1 Desired setup: ISP#1--A--ISP#2-MyISP---B ALL traffic to A via ISP#1 is to go to B ALL replies to return via A B will handle A's /29 A should just be a "lump in the pipe" Translation of addresses en route is fine as long as connections from the cloud intended for A get to B and responses get back looking like the real thing. Possible? Thanks again, *** NOTE *** Please DO NOT CC me. I subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: Network challenge?
On Mon, 8 Dec 2008 15:30:55 -0600, John Jackson wrote: > >The layer 2 IPSEC bridge example here has worked well for me in the past >for extending networks: >http://www.openbsd.org/cgi-bin/man.cgi?query=brconfig&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html > Thanks John but my description is confusing. I don't want a bridge. I need the "original" router (and whatever tunnel ) to become "transparent". I'm going to try to be clearer in a reply to Jason so I won't duplicate it here. Thanx again, *** NOTE *** Please DO NOT CC me. I subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: Toshiba ToPIC97 CardBus: couldn't map interrupt
On Mon, Dec 8, 2008 at 11:28 AM, k z <[EMAIL PROTECTED]> wrote: > ne3 works but "couldn't map interrupt" errors do appear: > > cbb0 at pci0 dev 19 function 0 "Toshiba ToPIC97 CardBus" rev 0x20: > couldn't map interrupt > cbb1 at pci0 dev 19 function 1 "Toshiba ToPIC97 CardBus" rev 0x20: > couldn't map interrupt You might want to try changing how the BIOS presents these slots, if possible.
Re: Network challenge?
On Tue, Dec 09, 2008 at 08:32:15AM +1100, Rod Whitworth wrote: > On Mon, 8 Dec 2008 16:03:40 -0500, Jason Dixon wrote: > > >On Tue, Dec 09, 2008 at 07:49:04AM +1100, Rod Whitworth wrote: > >> I have a friend who has two internet connections. Lucky B! > >> > >> He wants me to have a look at some of his operation without travelling > >> to his site (lng way). I would need to be able to effectively > >> duplicate some of his system and make it look like it was still at his > >> site. > >> > >> Hopefully I can keep the ASCII art intelligible. > >> > >> ISP#1--/30 with /29 over it-Buddy's > >> router-/30ISP#2 > >> | > >> 2 hosts on /29 > >> > >> He proposes that I work out how to use the second connection to "route" > >> all of the traffic from ISP#1 to a spare global IP that I have via > >> ISP#2 and the cloud and duplicate his setup here (the ISP#1 side and > >> hosts). I think "transport" would have been better than "route" but > >> that was his word. > >> > >> IOW the world needs to be able to get to my duplicate of his box and, > >> apart from latency, it should be transparent. > >> > >> Is this even possible? I've been dreaming of binatting the /30 end > >> point, but over a remote link? Don't think so. Some kind of tunnel? > > > >Sounds like you want gre(4). > > Thanks. I've looked at it before but never with a task in mind, so I > looked again now. > > Using the example where I guess Host X is ISP#1, Host A is Buddy's > router, Host B is ISP#2, Host C is my router and Host D is the > duplicate router: > > Will the Host D "look like" the real router? i.e. if from the cloud > somewhere I do "ssh HostA" will I be connecting to A or D? > > I guess the routed subnet should happily get to D so my real concern is > to transparently make D look entirely like A for traffic to and from. I don't know how to answer your question because the network art above is unreadable. gre(4) will allow you to route networks across a tunnel. Think of it as IPSec without the Sec. It will allow networks that are usually non-routable (rfc1918) to route to each other. It will also allow you to extend segments of your public networks elsewhere. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: Network challenge?
On Mon, 8 Dec 2008 16:03:40 -0500, Jason Dixon wrote: >On Tue, Dec 09, 2008 at 07:49:04AM +1100, Rod Whitworth wrote: >> I have a friend who has two internet connections. Lucky B! >> >> He wants me to have a look at some of his operation without travelling >> to his site (lng way). I would need to be able to effectively >> duplicate some of his system and make it look like it was still at his >> site. >> >> Hopefully I can keep the ASCII art intelligible. >> >> ISP#1--/30 with /29 over it-Buddy's >> router-/30ISP#2 >> | >> 2 hosts on /29 Huh! It always breaks >> >> He proposes that I work out how to use the second connection to "route" >> all of the traffic from ISP#1 to a spare global IP that I have via >> ISP#2 and the cloud and duplicate his setup here (the ISP#1 side and >> hosts). I think "transport" would have been better than "route" but >> that was his word. >> >> IOW the world needs to be able to get to my duplicate of his box and, >> apart from latency, it should be transparent. >> >> Is this even possible? I've been dreaming of binatting the /30 end >> point, but over a remote link? Don't think so. Some kind of tunnel? > >Sounds like you want gre(4). Thanks. I've looked at it before but never with a task in mind, so I looked again now. Using the example where I guess Host X is ISP#1, Host A is Buddy's router, Host B is ISP#2, Host C is my router and Host D is the duplicate router: Will the Host D "look like" the real router? i.e. if from the cloud somewhere I do "ssh HostA" will I be connecting to A or D? I guess the routed subnet should happily get to D so my real concern is to transparently make D look entirely like A for traffic to and from. Thanks again, *** NOTE *** Please DO NOT CC me. I subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: Network challenge?
On Tue, Dec 09, 2008 at 07:49:04AM +1100, Rod Whitworth wrote: > I have a friend who has two internet connections. Lucky B! > > He wants me to have a look at some of his operation without travelling > to his site (lng way). I would need to be able to effectively > duplicate some of his system and make it look like it was still at his > site. > > Hopefully I can keep the ASCII art intelligible. > > ISP#1--/30 with /29 over it-Buddy's > router-/30ISP#2 > | > 2 hosts on /29 > > He proposes that I work out how to use the second connection to "route" > all of the traffic from ISP#1 to a spare global IP that I have via > ISP#2 and the cloud and duplicate his setup here (the ISP#1 side and > hosts). I think "transport" would have been better than "route" but > that was his word. > > IOW the world needs to be able to get to my duplicate of his box and, > apart from latency, it should be transparent. > > Is this even possible? I've been dreaming of binatting the /30 end > point, but over a remote link? Don't think so. Some kind of tunnel? > > I've done some wierd things with networks* over the years but this > request tops the "Huh?" list. Or it is really easy and I just need more > sleep... > > * Not always intentionally. > > Anyone game? > > *** NOTE *** Please DO NOT CC me. I subscribed to the list. > Mail to the sender address that does not originate at the list server is > tarpitted. The reply-to: address is provided for those who feel compelled to > reply off list. Thankyou. > > Rod/ > /earth: write failed, file system is full > cp: /earth/creatures: No space left on device > The layer 2 IPSEC bridge example here has worked well for me in the past for extending networks: http://www.openbsd.org/cgi-bin/man.cgi?query=brconfig&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html John
Re: Problems with aucat playback
Jacob Meuser wrote: On Sat, Dec 06, 2008 at 09:50:50PM +, Jacob Meuser wrote: On Sat, Dec 06, 2008 at 10:44:39PM +0200, Pekka Niiranen wrote: When I play the created file "sound440.au" in Windows I corretly get 2 seconds of 440 Hz sound. However, when I play it in OpenBSD v4.4 with the following command: aucat -i sound440.au /dev/audio: playing s16le,0:1,48000Hz sound440.au: s16le,0:1,44100Hz -> s16le,0:1,48000Hz sound440.au: reading s16le,0:1,44100Hz filling buffers... starting device ... draining buffers... actually, there is a problem your usage of aucat. .au files are only supported in "legacy mode", and they will always be interpreted as mono 8kHz ulaw. if you use -i, .au files are treated as raw files with the default parameters. gives even shorter sound. What am I missing? this is all explained in aucat(1), of course. and cat foo > /dev/audio uses the default settings as well. this is also explained in audio(4). and the FAQ is pretty clear about this as well. auich0: DMA bug workaround enabled maybe it has something to do with that. the driver isn't actually doing anything special for that chip... let me know if the device works. I will remove the message so I don't jump to conclusions in the future ... I obviously do not understand enough of audio processing to be able to understand the manuals. Why is mono 8kHz ulaw chopping the sound, for example. When I run command: aucat sound440.au aucat: format not supported by /dev/audio I do get longer sound. However, it has not the correct pitch nor the duration. I was hoping to start the playing from Python script with os.system("aucat sound440.au) I will try to find another commandline player or try to change from the format *.au to something else. Thank you for your answers, -pekka- E-mail message checked by Spyware Doctor (6.0.0.386) Database version: 5.11290 http://www.pctools.com/en/spyware-doctor-antivirus/
Re: Network challenge?
On Tue, Dec 09, 2008 at 07:49:04AM +1100, Rod Whitworth wrote: > I have a friend who has two internet connections. Lucky B! > > He wants me to have a look at some of his operation without travelling > to his site (lng way). I would need to be able to effectively > duplicate some of his system and make it look like it was still at his > site. > > Hopefully I can keep the ASCII art intelligible. > > ISP#1--/30 with /29 over it-Buddy's > router-/30ISP#2 > | > 2 hosts on /29 > > He proposes that I work out how to use the second connection to "route" > all of the traffic from ISP#1 to a spare global IP that I have via > ISP#2 and the cloud and duplicate his setup here (the ISP#1 side and > hosts). I think "transport" would have been better than "route" but > that was his word. > > IOW the world needs to be able to get to my duplicate of his box and, > apart from latency, it should be transparent. > > Is this even possible? I've been dreaming of binatting the /30 end > point, but over a remote link? Don't think so. Some kind of tunnel? Sounds like you want gre(4). -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Network challenge?
I have a friend who has two internet connections. Lucky B! He wants me to have a look at some of his operation without travelling to his site (lng way). I would need to be able to effectively duplicate some of his system and make it look like it was still at his site. Hopefully I can keep the ASCII art intelligible. ISP#1--/30 with /29 over it-Buddy's router-/30ISP#2 | 2 hosts on /29 He proposes that I work out how to use the second connection to "route" all of the traffic from ISP#1 to a spare global IP that I have via ISP#2 and the cloud and duplicate his setup here (the ISP#1 side and hosts). I think "transport" would have been better than "route" but that was his word. IOW the world needs to be able to get to my duplicate of his box and, apart from latency, it should be transparent. Is this even possible? I've been dreaming of binatting the /30 end point, but over a remote link? Don't think so. Some kind of tunnel? I've done some wierd things with networks* over the years but this request tops the "Huh?" list. Or it is really easy and I just need more sleep... * Not always intentionally. Anyone game? *** NOTE *** Please DO NOT CC me. I subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
XenServer 5 with OpenBSD
Here is my experience trying to run OpenBSD with XenServer 5 Enterprise. * XenServer console doesn't function properly as it keeps overlaying text displayed previously or anything you have typed into the console. Makes it very difficult to read and see what you are doing. As well it appears numerpad with numlock on does not work either. The best work around is to SSH into OpenBSD. * Receiving the following error messages at boot up, "clock: unknown CMOS layout" and "rl0: watchdog timeout". Yes the NIC is being detected as a Realteak 8139. If I check /var/run/dmesg.boot out of the two error messages I only see the "clock: unknown CMOS layout". So I would assume the watchdog timeout message occurs after initial boot sequence. The biggest question is OpenBSD on XenServer 5 Enterprise consider production ready even if the errors cannot be resolved? I've tried locating some definite solutions but I have yet to find anything and it appears that the network card issue maybe due to XenServer 5 itself. Any suggestions on how to solve these error messages and fix the XenServer OpenBSD console? Source: http://www.nabble.com/OpenBSD-and-XenSource-td20771647.html Source: http://forums.citrix.com/thread.jspa?threadID=151525 Source: http://www.bsd-india.org/pipermail/bsd-india/2004-September/000365.html Source: http://www.openbsd.org/cgi-bin/man.cgi?query=watchdog&apropos=0&sektion= 0&manpath=OpenBSD+Current&arch=i386&format=html Best, Adam This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary,privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
Re: offtopic - postfix book/doc recommendation
--- On Sun, 12/7/08, Jason Dixon <[EMAIL PROTECTED]> wrote: > From: Jason Dixon <[EMAIL PROTECTED]> > Subject: Re: offtopic - postfix book/doc recommendation > To: "Jesus Sanchez" <[EMAIL PROTECTED]> > Cc: misc@openbsd.org > Date: Sunday, December 7, 2008, 12:01 AM > On Sun, Dec 07, 2008 at 12:30:32AM +0100, Jesus Sanchez > wrote: > > I want to start learning about postfix running on > OpenBSD > > for a serious pourpose than home services. > > > > Think I'm not familiar with the mail servers > concepts > > and I'm starting from cero knowledge about the > issue. > > wich book or documentation do you recommend me? > > There are two authoritative Postfix books: > > The Book of Postfix: State-of-the-Art Message Transport, > Hildebrandt > Postfix: The Definitive Guide, Dent > > I read the latter years ago and found it an excellent read. > I haven't > read the former but it's more current (2005). Both get > good reviews. I think that The Book of Postfix is the best choice, I have a hard copy and it very easy to read and contain usefuls examples. Regards. ficovh > > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net/
Re: manpage for gpioctl(8) missing?
* Lars D. Noodin wrote: > gpioctl(8) seems to be missing from the web version: > http://www.openbsd.org/cgi-bin/man.cgi?query=gpioctl No, it is not missing: http://www.openbsd.org/cgi-bin/man.cgi?query=gpioctl&apropos=0&sektion=0&manp ath=OpenBSD+Current&arch=i386&format=html But it is not up-to date. NB: not all arches have GPIO. > > it is present in 4.4-current on i386 and 4.3 on i386 > > Regards, > -Lars > Lars NoodC)n ([EMAIL PROTECTED]) > -- Marc Balmer, Micro Systems, Wiesendamm 2a, Postfach, CH-4019 Basel, Switzerland http://www.msys.ch/ http://www.vnode.ch/ "In God we trust, in C we code."
Re: openvpn error PKI on obsd 4.4
Hi, I have the same problem. Did you get a solution? Jef -- View this message in context: http://www.nabble.com/openvpn-error-PKI-on-obsd-4.4-tp20460351p20901717.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
manpage for gpioctl(8) missing?
gpioctl(8) seems to be missing from the web version: http://www.openbsd.org/cgi-bin/man.cgi?query=gpioctl it is present in 4.4-current on i386 and 4.3 on i386 Regards, -Lars Lars NoodC)n ([EMAIL PROTECTED])
Toshiba ToPIC97 CardBus: couldn't map interrupt
Dear misc@, ne3 works but "couldn't map interrupt" errors do appear: cbb0 at pci0 dev 19 function 0 "Toshiba ToPIC97 CardBus" rev 0x20: couldn't map interrupt cbb1 at pci0 dev 19 function 1 "Toshiba ToPIC97 CardBus" rev 0x20: couldn't map interrupt Does this mean that there is still some limitations in support for ne3 in cbb in case of ToPIC97? Does this PCI routing related problem require big changes in tree to get resolved? If needed, I am willing to install alternative OSes in order to provide more information. OpenBSD 4.4-current (GENERIC) #1556: Fri Dec 5 18:09:01 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 167 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX cpu0: F00F bug workaround installed real mem = 33189888 (31MB) avail mem = 22269952 (21MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/26/97, BIOS32 rev. 0 @ 0xfe95a apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high, estimated 3:21 hours pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8e80/96 (4 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #21 is the last bus bios0: ROM list: 0xc/0x9800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Toshiba PCI" rev 0x2c vga1 at pci0 dev 4 function 0 "Chips and Technologies 6" rev 0xc6 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ohci0 at pci0 dev 11 function 0 "NEC USB" rev 0x02: irq 11, version 1.0 "Toshiba Fast Infrared Type O" rev 0x21 at pci0 dev 17 function 0 not configured cbb0 at pci0 dev 19 function 0 "Toshiba ToPIC97 CardBus" rev 0x20: couldn't map interrupt cbb1 at pci0 dev 19 function 1 "Toshiba ToPIC97 CardBus" rev 0x20: couldn't map interrupt usb0 at ohci0: USB revision 1.0 uhub0 at usb0 "NEC OHCI root hub" rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 4126MB, 8452080 sectors wd0(wdc0:0:0): using BIOS timings wdc1 at isa0 port 0x170/8 irq 15 atapiscsi0 at wdc1 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: ATAPI 5/cdrom removable cd0(wdc1:0:0): using BIOS timings sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01 midi0 at sb0: audio0 at sb0 opl0 at sb0: model OPL3 midi1 at opl0: wss0 at isa0 port 0x530/8 irq 10 drq 0: CS4231 or AD1845 (vers 4) audio1 at wss0 pcppi0 at isa0 port 0x61 midi2 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec pcic0 at isa0 port 0x3e0/2 iomem 0xd/65536 pcic0 controller 0: has sockets A and B pcmcia0 at pcic0 controller 0 socket 0 pcmcia1 at pcic0 controller 0 socket 1 ne3 at pcmcia1 function 0 "corega K.K., corega Ether PCC-TD, " port 0x300/32, irq 3, address <> pcic0: irq 9, polling enabled biomask e945 netmask e94d ttymask fbdf softraid0 at root root on wd0a swap on wd0b dump on wd0b Domain /dev/pci0: 0:0:0: Toshiba PCI 0x: Vendor ID: 1179 Product ID: 0601 0x0004: Command: 0006 Status ID: 2280 0x0008: Class: 06 Subclass: 00 Interface: 00 Revision: 2c 0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 08 0x0010: BAR empty () 0x0014: BAR empty () 0x0018: BAR empty () 0x001c: BAR empty () 0x0020: BAR empty () 0x0024: BAR empty () 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 1179 Product ID: 0001 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00 0:4:0: Chips and Technologies 6 0x: Vendor ID: 102c Product ID: 00e5 0x0004: Command: 0083 Status ID: 0280 0x0008: Class: 03 Subclass: 00 Interface: 00 Revision: c6 0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00 0x0010: BAR mem 32bit addr: 0xfd00 0x0014: BAR empty () 0x0018: BAR empty () 0x001c: BAR empty () 0x0020: BAR empty () 0x0024: BAR empty () 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 1179 Product ID: 0001 0x0030: Exp
Треба повернути гроші
Ophundhre j m`l - l{ p`qqj`fel, j`j b{ahr| dnkch hg g`8lyhjnb. +38-044-592-9356; +38-067-465-8959; +38-067-440-2819 R `qq{kjh:i~c~q 8~8~8~8~6~8~8~
H**i P**ART**IMERS
W**e h**ave t**he j**ob f**or y**ou [EMAIL PROTECTED]
Re: Question about "sudo -v"
2008/12/8 Todd C. Miller <[EMAIL PROTECTED]>: > In message <[EMAIL PROTECTED]> >so spake "Andreas Kahari" (andreas.kahari): > >> Ah, I think I found it. It is this line in my sudoers file that does it: >> >> %users ALL=(ALL) NOPASSWD: /usr/local/libexec/xfsm-shutdown-helper >> >> What's wrong with it? I was intending to let any member of the 'users' >> group execute the xfsm-shutdown-helper program, but this line has the >> side effect of making "sudo -v" not work properly. > > The following patch should fix the behavior. I need to do some > checking to make sure there are no other side effects but I believe > it is correct. > > - todd Yes, the patch seems to be fixing it. I can't say anything about other side effects though. Thanks, Andreas > > Index: parse.c > === > RCS file: /home/cvs/openbsd/src/usr.bin/sudo/parse.c,v > retrieving revision 1.20 > diff -u -p -u -r1.20 parse.c > --- parse.c 14 Nov 2008 11:58:08 - 1.20 > +++ parse.c 8 Dec 2008 14:54:56 - > @@ -192,12 +192,9 @@ sudo_file_lookup(nss, validated, pwflag) >if ((pwcheck == any && nopass != TRUE) || >(pwcheck == all && nopass != FALSE)) >nopass = cs->tags.nopasswd; > - if (match == ALLOW) > - goto matched_pseudo; >} >} >} > - matched_pseudo: >if (match == ALLOW || user_uid == 0) { >/* User has an entry for this host. */ >SET(validated, VALIDATE_OK); > -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: Question about "sudo -v"
2008/12/8 Todd C. Miller <[EMAIL PROTECTED]>: > In message <[EMAIL PROTECTED]> >so spake "Andreas Kahari" (andreas.kahari): > >> Here you go: >> >> $ sudo -l >> Matching Defaults entries for ak on this host: >> env_keep+="DESTDIR FETCH_CMD FLAVOR FTPMODE GROUP MAKE MULTI_PACKAGES", >> env_keep+="OKAY_FILES OWNER PKG_DBDIR PKG_DESTDIR PKG_CACHE PKG_PATH", >> env_keep+="PKG_TMPDIR PORTSDIR RELEASEDIR SUBPACKAGE WRKOBJDIR", >> env_keep+="SSH_AUTH_SOCK EDITOR VISUAL SHARED_ONLY", passwd_timeout=0, >> !insults >> >> User ak may run the following commands on this host: >> (ALL) SETENV: ALL >> (ALL) NOPASSWD: /usr/local/libexec/xfsm-shutdown-helper > > That looks like a bug. The verifypw setting is not being handled > correctly. > > - todd > Ah, I think I found it. It is this line in my sudoers file that does it: %users ALL=(ALL) NOPASSWD: /usr/local/libexec/xfsm-shutdown-helper What's wrong with it? I was intending to let any member of the 'users' group execute the xfsm-shutdown-helper program, but this line has the side effect of making "sudo -v" not work properly. Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: Question about "sudo -v"
In message <[EMAIL PROTECTED]> so spake "Andreas Kahari" (andreas.kahari): > Ah, I think I found it. It is this line in my sudoers file that does it: > > %users ALL=(ALL) NOPASSWD: /usr/local/libexec/xfsm-shutdown-helper > > What's wrong with it? I was intending to let any member of the 'users' > group execute the xfsm-shutdown-helper program, but this line has the > side effect of making "sudo -v" not work properly. The following patch should fix the behavior. I need to do some checking to make sure there are no other side effects but I believe it is correct. - todd Index: parse.c === RCS file: /home/cvs/openbsd/src/usr.bin/sudo/parse.c,v retrieving revision 1.20 diff -u -p -u -r1.20 parse.c --- parse.c 14 Nov 2008 11:58:08 - 1.20 +++ parse.c 8 Dec 2008 14:54:56 - @@ -192,12 +192,9 @@ sudo_file_lookup(nss, validated, pwflag) if ((pwcheck == any && nopass != TRUE) || (pwcheck == all && nopass != FALSE)) nopass = cs->tags.nopasswd; - if (match == ALLOW) - goto matched_pseudo; } } } - matched_pseudo: if (match == ALLOW || user_uid == 0) { /* User has an entry for this host. */ SET(validated, VALIDATE_OK);
Re: Question about "sudo -v"
2008/12/8 Alexander Hall <[EMAIL PROTECTED]>: > Andreas Kahari wrote: >> >> Hi list, >> >> According to the manual for sudo, the -v command line switch does the >> following: >> >> "If given the -v (validate) option, sudo will update the user's >> timestamp, prompting for the user's password if necessary. This >> extends the sudo timeout for another 5 minutes (or whatever the >> timeout is set to in sudoers) but does not run a command." >> >> On my system (CURRENT/amd64), it is obviously not doing this: >> >> $ sudo -K >> $ sudo -v >> $ # no output >> >> Is this changed behaviour, or is it a bug? >> >> The only non-default settings in my sudoers file is "Defaults >> passwd_timeout = 0", and I haven't used "timestamp_timeout". > > If so you should not be able to run sudo other than as root. Ok, so I have added my own user to the sudoers file, just like the root user ("ak ALL=(ALL) SETENV: ALL") and I've turned the insults off ("Defaults !insults") and allowed for running xfsm-shutdown-helper without a password ("%users ALL=(ALL) NOPASSWD: /usr/local/libexec/xfsm-shutdown-helper") which means it's not the default sudoers file, but I don't touch NOPASSWD in any other way and I don't modify the timestamp_timeout. > > My guess is that you have the following uncommented: > > %wheelALL=(ALL) NOPASSWD: SETENV: ALL It's still commented out in my file (see my response to Todd). > > /Alexander > Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: Question about "sudo -v"
Hi Andreas, Andreas Kahari wrote on Mon, Dec 08, 2008 at 01:54:04PM +: > According to the manual for sudo, the -v command line switch does > the following: > > "If given the -v (validate) option, sudo will update the user's > timestamp, prompting for the user's password if necessary. This > extends the sudo timeout for another 5 minutes (or whatever the > timeout is set to in sudoers) but does not run a command." > > On my system (CURRENT/amd64), it is obviously not doing this: > > $ sudo -K > $ sudo -v > $ # no output > > Is this changed behaviour, or is it a bug? Cannot reproduce on i386-current compiled from CVS on December 6. [EMAIL PROTECTED] $ sudo -K [EMAIL PROTECTED] $ ls -d /root/.profile ls: /root/.profile: Permission denied [EMAIL PROTECTED] $ sudo -v Password: [EMAIL PROTECTED] $ sudo ls -d /root/.profile /root/.profile [EMAIL PROTECTED] $ sudo -K [EMAIL PROTECTED] $ sudo -v Password: > The only non-default settings in my sudoers file is "Defaults > passwd_timeout = 0", and I haven't used "timestamp_timeout". Do you perhaps have NOPASSWD: configured? In that case, the following is expected: [EMAIL PROTECTED] $ sudo -K [EMAIL PROTECTED] $ sudo -v [EMAIL PROTECTED] $ Yours, Ingo
Re: Question about "sudo -v"
In message <[EMAIL PROTECTED]> so spake "Andreas Kahari" (andreas.kahari): > Here you go: > > $ sudo -l > Matching Defaults entries for ak on this host: > env_keep+="DESTDIR FETCH_CMD FLAVOR FTPMODE GROUP MAKE MULTI_PACKAGES", > env_keep+="OKAY_FILES OWNER PKG_DBDIR PKG_DESTDIR PKG_CACHE PKG_PATH", > env_keep+="PKG_TMPDIR PORTSDIR RELEASEDIR SUBPACKAGE WRKOBJDIR", > env_keep+="SSH_AUTH_SOCK EDITOR VISUAL SHARED_ONLY", passwd_timeout=0, > !insults > > User ak may run the following commands on this host: > (ALL) SETENV: ALL > (ALL) NOPASSWD: /usr/local/libexec/xfsm-shutdown-helper That looks like a bug. The verifypw setting is not being handled correctly. - todd
Re: Question about "sudo -v"
Andreas Kahari wrote: Hi list, According to the manual for sudo, the -v command line switch does the following: "If given the -v (validate) option, sudo will update the user's timestamp, prompting for the user's password if necessary. This extends the sudo timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command." On my system (CURRENT/amd64), it is obviously not doing this: $ sudo -K $ sudo -v $ # no output Is this changed behaviour, or is it a bug? The only non-default settings in my sudoers file is "Defaults passwd_timeout = 0", and I haven't used "timestamp_timeout". If so you should not be able to run sudo other than as root. My guess is that you have the following uncommented: %wheelALL=(ALL) NOPASSWD: SETENV: ALL /Alexander
Re: Question about "sudo -v"
2008/12/8 Todd C. Miller <[EMAIL PROTECTED]>: > Sounds like you have a line like this in sudoers: > > # Same thing without a password > %wheelALL=(ALL) NOPASSWD: SETENV: ALL > > which would explain why you don't get prompted for a password. > But since you didn't include the output of "sudo -l" I > can't tell for sure. > > - todd > Here you go: $ sudo -l Matching Defaults entries for ak on this host: env_keep+="DESTDIR FETCH_CMD FLAVOR FTPMODE GROUP MAKE MULTI_PACKAGES", env_keep+="OKAY_FILES OWNER PKG_DBDIR PKG_DESTDIR PKG_CACHE PKG_PATH", env_keep+="PKG_TMPDIR PORTSDIR RELEASEDIR SUBPACKAGE WRKOBJDIR", env_keep+="SSH_AUTH_SOCK EDITOR VISUAL SHARED_ONLY", passwd_timeout=0, !insults User ak may run the following commands on this host: (ALL) SETENV: ALL (ALL) NOPASSWD: /usr/local/libexec/xfsm-shutdown-helper Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: Question about "sudo -v"
Sounds like you have a line like this in sudoers: # Same thing without a password %wheelALL=(ALL) NOPASSWD: SETENV: ALL which would explain why you don't get prompted for a password. But since you didn't include the output of "sudo -l" I can't tell for sure. - todd
Question about "sudo -v"
Hi list, According to the manual for sudo, the -v command line switch does the following: "If given the -v (validate) option, sudo will update the user's timestamp, prompting for the user's password if necessary. This extends the sudo timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command." On my system (CURRENT/amd64), it is obviously not doing this: $ sudo -K $ sudo -v $ # no output Is this changed behaviour, or is it a bug? The only non-default settings in my sudoers file is "Defaults passwd_timeout = 0", and I haven't used "timestamp_timeout". Regards, Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: pf drops fragged IPv6 unconditionally
On Fri, Dec 05, 2008 at 01:56:04PM -0600, Todd T. Fries wrote: > It was not stated, but I've setup firewalls in the past, I presume you > have a firewall that is doing 'block in' as a catchall (which catches > the fragments) .. > > Set your return policy on that rule if you wish it to return. ok but the block-policy already says "return". adding "return" to this has no affect: block return in log (all) on $ext_if Am I missing something here? Regards, C. -- 020 7729 4797 http://blog.playlouder.com/
Re: ahci questions
On 08/12/2008, at 21:33, David Vasek <[EMAIL PROTECTED]> wrote: On Mon, 8 Dec 2008, David Gwynne wrote: On 08/12/2008, at 8:36 PM, Alexander Hall wrote: Heh. I'm so used to almost every disk nowadays attaching as sd (sata, usb, raid stuff) so I get both nostalgic and a bit uncomfortable when disks (mainly CF's) show up as wd0. Kinda floppy disk feeling. :-) heh. one day everything that talks ata (including cf cards and old wdc stuff) should all sit under atascsi and appear as sd(4). i would love it if someone could spend the time reworking the code to make it happen. Are the ATA features, normally accessible with atactl(8), supported in any way for SATA disks appearing as sd(4) disks? I do not know if smartctl from ports work for them, too. Atactl works fine on sd disks behind atascsi. It's actually less code than the same functionality on wd. I don't know about smartctl, but it shouldn't be hard to support. I have only SCSI, ATA and USB disks currently. There isn't much else out there. Pretty much everything talks SCSI or ata now. Regards, David
Re: ahci questions
On Mon, 8 Dec 2008, David Gwynne wrote: On 08/12/2008, at 8:36 PM, Alexander Hall wrote: Heh. I'm so used to almost every disk nowadays attaching as sd (sata, usb, raid stuff) so I get both nostalgic and a bit uncomfortable when disks (mainly CF's) show up as wd0. Kinda floppy disk feeling. :-) heh. one day everything that talks ata (including cf cards and old wdc stuff) should all sit under atascsi and appear as sd(4). i would love it if someone could spend the time reworking the code to make it happen. Are the ATA features, normally accessible with atactl(8), supported in any way for SATA disks appearing as sd(4) disks? I do not know if smartctl from ports work for them, too. I have only SCSI, ATA and USB disks currently. Regards, David
Re: ahci questions
On 08/12/2008, at 8:36 PM, Alexander Hall wrote: Artur Grabowski wrote: frantisek holop <[EMAIL PROTECTED]> writes: my last question for people running ahci, is it better than ide in any perceivable way? The code is so much cleaner than the pciide mess. That's enough to make it better. I also believe it's faster, but I don't have any concrete numbers for it. Also, it's cool to have sd0 on a laptop. Heh. I'm so used to almost every disk nowadays attaching as sd (sata, usb, raid stuff) so I get both nostalgic and a bit uncomfortable when disks (mainly CF's) show up as wd0. Kinda floppy disk feeling. :-) heh. one day everything that talks ata (including cf cards and old wdc stuff) should all sit under atascsi and appear as sd(4). i would love it if someone could spend the time reworking the code to make it happen. dlg
Re: ahci questions
Artur Grabowski wrote: frantisek holop <[EMAIL PROTECTED]> writes: my last question for people running ahci, is it better than ide in any perceivable way? The code is so much cleaner than the pciide mess. That's enough to make it better. I also believe it's faster, but I don't have any concrete numbers for it. Also, it's cool to have sd0 on a laptop. Heh. I'm so used to almost every disk nowadays attaching as sd (sata, usb, raid stuff) so I get both nostalgic and a bit uncomfortable when disks (mainly CF's) show up as wd0. Kinda floppy disk feeling. :-) /Alexander
Re: ahci questions
frantisek holop <[EMAIL PROTECTED]> writes: > my last question for people running ahci, is it better than > ide in any perceivable way? The code is so much cleaner than the pciide mess. That's enough to make it better. I also believe it's faster, but I don't have any concrete numbers for it. Also, it's cool to have sd0 on a laptop. //art
Re: BGPLG mostly working
On Mon, 08 Dec 2008 01:06:16 -0600, tico wrote: >Rod Whitworth wrote: >> For a BGP project I'm working on, I have enables bgplg using the steps >> outlined in the manpage. >> >> The stuff that gets results using bgpctl shows valid data for all the >> choices that I'd expect to have anything showing without actually being >> on line. e.g. the summary and memory choices. >> >> Although I did not miss step 2 (resolve.conf) or the FILES bit about >> SUID ping and traceroute, both of those commands return "failed". Even >> a ping to the router's NIC address. >> >> pf is disabled. >> >> So, what I miss? >> >You missed reading the misc@ archives. >See my answer three weeks ago: >http://marc.info/?l=openbsd-misc&m=122670411001369&w=2 > >Also, is "failed" a response that either the ping or traceroute >utilities would ever respond with? >No. That should clue you in that this is not a network problem. > >You also (like Ivo, three weeks ago) missed including any relevant >troubleshooting info. > >-Tico Well your archived answer gave me a clue but not answer to my problem. You showed this after the failed ping: $ mount | grep var /dev/wd0e on /var type ffs (local, nodev, noexec) /dev/wd0h on /var/spool/imap type ffs (local, noatime, nodev, nosuid, softdep) == If /var was noexec in my case then /var/www/bgpctl would not have run and it did. So what you did (sudo mount -u -o exec /var ) would have done nothing for me because a default /var is "/var type ffs (local, nodev, nosuid)" . I needed to knock off the nosuid. BTW: I never said it was a network problem. I only mentioned pf being disabled because somebody usually jumps in and asks whenever there is a problem with pings or traceroutes. Thanks for sending me to the spot that made me work out what my problem was. Hopefully the archives will now easily show what the solution will be for most people trapped like I was: Get rid of the nosuid in /var # cat /etc/fstab |grep var /dev/wd0f /var ffs rw,noatime,softdep,nodev 1 2 *** NOTE *** Please DO NOT CC me. I subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device