Re: 4.5 audio aucat autoconfig

[J.C. Roberts]

On Mon, 23 Feb 2009 18:10:53 +0100 Alexandre Ratchov a...@caoua.org
wrote:

  Unfortunately, the above doesn't work in 4.5-current, and the debug
  output has been changed somewhat. One of the things I did notice is
  the resampling from 16000Hz to 44100Hz does not seem to be
  occurring in 4.5-current.
  
 
 that's the desired behaviour; the resulting file will be at 16kHz,
 which is the device native sample rate.
 
  $ aucat -C 0:0 -e s16le -r 16000 -f /dev/audio1 -o test45.raw
 ...
  dev_init: hw recording s16le,0:0,16000Hz
^
 the device is using s16le,0:0,16000Hz, and there are no conversion
 layers so the file should contain the signal as-is.
 
  
  $ aucat -c 0:0 -e s16le -i
  test45.raw 
 
 the ``-r 16000'' option is missing, so aucat will thing
 that ``test45.raw'' is using the default rate of 44100Hz,
 and it will play it too fast.
 
   
  You may also want to note that by defining the rate (-r) as 16000Hz
  in the playback still results in it playing too fast and with
  distortion, albeit slower than playing it as above at 44100Hz. 
 
 that's bad. Perhaps a bug in the uaudio(4) driver. Could you send
 me off-list the recorded file (preferably with some voice or music)
 and the exact command to generate it so i can analyze it?

Since Jake and others might be interested, I put the files on my
server, and kept this on-list.

On 4.4-Stable
$ export AUCAT_DEBUG=4
$ aucat -C 0:0 -e s16le -r 16000 -f /dev/audio1 -o test2-44.raw
$ aucat -c 0:0 -e s16le -r 16000 -i test2-44.raw

On 4.5-Current
$ export AUCAT_DEBUG=4
$ aucat -C 0:0 -e s16le -r 16000 -f /dev/audio1 -o test2-45.raw
$ aucat -c 0:0 -e s16le -r 16000 -i test2-45.raw

Full Debug Command Logs and Resulting File:
http://www.designtools.org/OpenBSD/test2-44.txt
http://www.designtools.org/OpenBSD/test2-44.raw
http://www.designtools.org/OpenBSD/test2-44.txt
http://www.designtools.org/OpenBSD/test2-44.raw

Also, output of dmesg, audioctl{0,1}, mixerctl{0,1} if needed:
http://www.designtools.org/OpenBSD/test1-info44.txt
http://www.designtools.org/OpenBSD/test1-info45.txt

Results 4.4-Stable:
On 4.4-Stable, you can see aucat resampling from 16000Hz to 44100Hz in
the debug log when recording. As you'd expect, attempting to play the
44100Hz file at a forced playback rate of 16000Hz means it plays *very*
slow. If you leave off the rate switch ('-r 16000') on playback, it
defaults to playing at 44100Hz and plays correctly.

Q: I'm guessing aucat was *not* supposed to resample the raw file?

Results 4.5-Current:
On 4.5-Current, the playback is way too fast, and also there is some
distortion. Considering the similar test results I did for Jake
(posted in thread) where aucat was avoided completely, I think he's
onto something thinking it's a driver issue.


-- 
J.C. Roberts

Re: toggle X screens on intel in obsd?

[David Vasek]

On Tue, 24 Feb 2009, Matthieu Herrb wrote:


On Mon, Feb 23, 2009 at 9:53 PM, Dorian B|ttner dorian.buett...@gmx.de
wrote:

Found this one in the www:

http://www.thinkwiki.org/wiki/Sample_Fn-F7_script


Is there something similar one can do in OpenBSD? No clue, how to grab the
fn-f8 event here... brightness adjustment works somehow out of the box, but
the screen toggle doesn't seem to do anything.
Would be nice for attaching the eee to larger display. Or does the intel
driver only allow for mirroring at the moment?



xrandr is fully supported on OpenBSD. The kernel currently doesn't
report the Fn-* key events to userland,
so you'd have to implement it in your window manager using a standard
function key or menu entries to switch between your favourite xrandr
configs.


Hello.

It's a great news. Until now, I thought the contrary - that that those 
functions of xrandr are not yet fully supported. For some reason, the man 
page of xrandr(1) in -current on the web is not up to date (in sync with 
the tree). What's wrong?


http://www.openbsd.org/cgi-bin/man.cgi?query=xrandrapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html

Regards,
David

Re: Carp with aliases route problem

[Stuart Henderson]

On 2009-02-24, Rod Whitworth glis...@witworx.com wrote:
 On Mon, 23 Feb 2009 17:52:33 -0600, Todd T. Fries wrote:

As a corrilary, for those ISP's who think there is only need for a
single /30 for a client's router, the concept of failover routers
means 1 physical IP per router, and 1 IP for the failover IP, aka
3 IP's for the client side, dictating a /29.  (sorry for this
paragraph, but I am not happy with a particular upstream which
thinks otherwise and is not willing to change).


 As a lab exercise, conducted because an upstream provider would only
 provide one router IP, I set up two Soekris 4801s with their external
 interfaces just up -ed and used the exclusive global IP for carp. It
 worked like a charm. The internal interfaces could have had whatever
 addresses I wanted but, just for fun, I made them work the same way as
 the externals.

If the upstream connection is a /30 via something like PPP and you don't
care about being able to contact the immediately adjacent addresses, there
is the possible hack of setting the netmask a bit shorter than it really
is, so you can use the network and broadcast addresses, giving you the
two extra addresses you need for this.

Re: toggle X screens on intel in obsd?

[Stuart Henderson]

On 2009-02-24, Matthieu Herrb mhe...@gmail.com wrote:
 On Mon, Feb 23, 2009 at 9:53 PM, Dorian B|ttner dorian.buett...@gmx.de
 wrote:
 Found this one in the www:
 http://www.thinkwiki.org/wiki/Sample_Fn-F7_script

 Is there something similar one can do in OpenBSD? No clue, how to grab the
 fn-f8 event here... brightness adjustment works somehow out of the box, but
 the screen toggle doesn't seem to do anything.
 Would be nice for attaching the eee to larger display. Or does the intel
 driver only allow for mirroring at the moment?


 xrandr is fully supported on OpenBSD. The kernel currently doesn't
 report the Fn-* key events to userland,
 so you'd have to implement it in your window manager using a standard
 function key or menu entries to switch between your favourite xrandr
 configs.

Depending on your screen size you may also need to set a Virtual size
large enough to cover both displays, e.g. 'Virtual xsize ysize' in
the relevant Display section.

$ xrandr --output VGA --mode 1024x768
$ xrandr --output LVDS --mode 1024x600
$ xrandr --output LVDS --above VGA  

Re: user-friendliness and netbsd

[Paul Irofti]

On Mon, Feb 23, 2009 at 10:11:17PM +0100, Marc Espie wrote:
 On Mon, Feb 23, 2009 at 09:56:18PM +0100, Matthias Kilian wrote:
  Next time when I'm in a condition similar to that in vienna after
  p2k8, I'll test *all* installers of *all* existing operation systems.
  I'm sure I'd managed to do a perfect installation of OpenBSD; but
  pirofti@ may disagree ;-)
 
 Isn't that, like, his job in life ? (to disagree with everything most of the
 time). ;-P

I disagree!

Re: NAT, Firewall pf

[Toni Mueller]

Hi,

On Mon, 23.02.2009 at 17:58:20 -0800, Hilco Wijbenga hilco.wijbe...@gmail.com 
wrote:
 c. How can I get pflog to flush immediately? I noticed I have to wait
 a minute or so before logged lines show up.

you don't need to. Listen on pflog0 instead.


Kind regards,
--Toni++

Re: sftp chroot ?

[Stuart Henderson]

On 2009-02-23, Michael W. Lucas mwlu...@blackhelicopters.org wrote:
 On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote:
 Hello,
 
 If I understand this will chroot any user. Am I correct ?
 - Is root chrroted as well ?

 Don't scp or SSH in as root.  Use a regular account and sudo, or at
 least the root password.

Oh, I do that all the time. I don't see a problem with it.
For some things there is no feasible alternative.

Re: Bug OpenBGPD, IPv6 peer gets cleared, never gets up again

[Claudio Jeker]

On Mon, Feb 23, 2009 at 02:11:38PM +0100, Arnoud Vermeer wrote:
 I found a different way to replicate the bug, this time it crashes ALL
 the IPv6 sessions connected to multiple Foundry switches (cisco seems
 fine). I have setup a v6 session with a tcp md5sig like so:
 
 group peers-rs-v6 {
 announce IPv6 unicast
 announce IPv4 none
 softreconfig in yes
 enforce neighbor-as yes
 set nexthop no-modify
 local-address 2001:7F8:1::A500:6777:4
 
 neighbor 2001:7f8:1::A500:1200:1 {
 descr AS1200-v6-01
 remote-as 1200
 announce all
 passive
 tcp md5sig password hondjes
 }
 
 neighbor 2001:7f8:1::a504:8345:1 {
 descr XSNEWS-v6-01
 remote-as 48345
 announce all
 passive
 max-prefix 5
 }
 
 }
 
 # bgpctl s s
 AS1200-v6-01 1200   9042   8142 0 00:13:34 Idle
 XSNEWS-v6-0148345   9374   8492 0 00:12:22  1/5
 
 While in Idle, the session logs the following in daemon:
 
 Feb 23 14:00:03 radix-new bgpd[19498]: Connection attempt from neighbor
 2001:7f8:1::a500:1200:1 (AS1200-v6-01) while session is in state Idle
 Feb 23 14:00:23 radix-new bgpd[19498]: Connection attempt from neighbor
 2001:7f8:1::a500:1200:1 (AS1200-v6-01) while session is in state Idle
 
 I then clear the peering with the md5 hash:
 
 bgpctl neigh AS1200-v6-01 clear
 
 # bgpctl neigh AS1200-v6-01 clear
 request processed
 # bgpctl s s
 XSNEWS-v6-0148345   9380   8497 0 00:14:35  1/5
 AS1200-v6-01 1200   9042   8142 0 00:17:15 Active
 
 but then after a few seconds, when the session becomes alive, the empty
 update get send out, and all foundry based v6 sessions reset.
 
 # bgpctl s s
 XSNEWS-v6-0148345   9381   8501 0 00:00:11 Idle
 AS1200-v6-01 1200   9047   8152 0 00:00:11 Idle
 

Could you please provide mrt session dumps or tcpdumps of the session that
fail. This seems like foundry is freaking out about something that is
actually a valid BGP update. Neither Henning nor I do have sessions to
foundry routers that we can play with.

-- 
:wq Claudio

Re: Serial console only works if set tty com0 is specified in boot.conf

[DD_]

I have exactly the same problem. 
When i redirect default console to com0 
(set tty com0 in /etc/boot.conf) serial console on tty00 then is working.
But when i don't want to have default console there, then serial access is
not working, but 
/usr/lib/getty std.9600 tty00 is running
Only if i edit /etc/ttys
and replace tty00 with cua00 - serial console is then working fine.

Is this some bug ?

-- 
View this message in context: 
http://www.nabble.com/Serial-console-only-works-if-set-tty-com0-is-specified-in-boot.conf-tp21757534p22179579.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: sftp chroot ?

[Olivier Cherrier]

On Mon, Feb 23, 2009 at 07:33:23PM +0100, jfsimon1...@gmail.com wrote:
 If I understand this will chroot any user. Am I correct ?
 - Is root chrroted as well ?
 - Is it possible to chrrot only some users ?


What man page is not clear?


-- 
Olivier Cherrier

Jornais e Revistas - Ganhe 7 noites de Hotel

[Jornais e Revistas]

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

Re: Bug OpenBGPD, IPv6 peer gets cleared, never gets up again

[Arnoud Vermeer]

Hi Claudio,

I've attached both the MRT session dumps and a tcpdump capture.

Kind regards,

Arnoud Vermeer

Claudio Jeker schreef:
 On Mon, Feb 23, 2009 at 02:11:38PM +0100, Arnoud Vermeer wrote:
   
 I found a different way to replicate the bug, this time it crashes ALL
 the IPv6 sessions connected to multiple Foundry switches (cisco seems
 fine). I have setup a v6 session with a tcp md5sig like so:

 group peers-rs-v6 {
 announce IPv6 unicast
 announce IPv4 none
 softreconfig in yes
 enforce neighbor-as yes
 set nexthop no-modify
 local-address 2001:7F8:1::A500:6777:4

 neighbor 2001:7f8:1::A500:1200:1 {
 descr AS1200-v6-01
 remote-as 1200
 announce all
 passive
 tcp md5sig password hondjes
 }

 neighbor 2001:7f8:1::a504:8345:1 {
 descr XSNEWS-v6-01
 remote-as 48345
 announce all
 passive
 max-prefix 5
 }

 }

 # bgpctl s s
 AS1200-v6-01 1200   9042   8142 0 00:13:34 Idle
 XSNEWS-v6-0148345   9374   8492 0 00:12:22  1/5

 While in Idle, the session logs the following in daemon:

 Feb 23 14:00:03 radix-new bgpd[19498]: Connection attempt from neighbor
 2001:7f8:1::a500:1200:1 (AS1200-v6-01) while session is in state Idle
 Feb 23 14:00:23 radix-new bgpd[19498]: Connection attempt from neighbor
 2001:7f8:1::a500:1200:1 (AS1200-v6-01) while session is in state Idle

 I then clear the peering with the md5 hash:

 bgpctl neigh AS1200-v6-01 clear

 # bgpctl neigh AS1200-v6-01 clear
 request processed
 # bgpctl s s
 XSNEWS-v6-0148345   9380   8497 0 00:14:35  1/5
 AS1200-v6-01 1200   9042   8142 0 00:17:15 Active

 but then after a few seconds, when the session becomes alive, the empty
 update get send out, and all foundry based v6 sessions reset.

 # bgpctl s s
 XSNEWS-v6-0148345   9381   8501 0 00:00:11 Idle
 AS1200-v6-01 1200   9047   8152 0 00:00:11 Idle

 

 Could you please provide mrt session dumps or tcpdumps of the session that
 fail. This seems like foundry is freaking out about something that is
 actually a valid BGP update. Neither Henning nor I do have sessions to
 foundry routers that we can play with.

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of all-in-dump-1322]
base64 encoded Mime section invalid - length (0) was wrong.

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of all-out-dump-1322]
base64 encoded Mime section invalid - length (0) was wrong.

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of md5.pcap]

Re: sftp chroot ?

[Cezary Morga]

Dnia poniedziaEek, 23 lutego 2009, Nigel J. Taylor napisaE:
 ChrootDirectory %h

 Subsystem   sftpinternal-sftp

 Match group wheel
 ChrootDirectory none

Or the other way around.

Subsystem sftp internal-sftp
Match User john paul
ChrootDirectory /chroot/%u

--
Pozdrawiam,
Cezary Morga
The best way to predict the future is to invent it. (Alan Kay)

Re: listing ftp-proxy anchor rules

[Imre Oolberg]

Hallo!

I am not sure this is the rigth way, must certanly it doesnt scale well, 
but i snooped now and then for ftp-proxy rules/translations like this


1. have a guess there should be some ftp-proxy rules created in achors
2. issuing 'systat rules' i look for exact entries, like 
/ftp-proxy/26694.100

3. issue to see rules/transls in anchors

# pfctl -a 'ftp-proxy/26694.100' -sr
# pfctl -a 'ftp-proxy/26694.100' -sn


Imre


Chris Smith wrote:

Hello,

Having trouble listing ftp-proxy anchor rules.

For example:
pfctl -a 'ftp-proxy/*' -sr

never returns any data

nor does:
pfctl -a 'ftp-proxy' -sr

and:
pfctl -a '*' -sr

throws out:
pfctl: DIOCGETRULES: Invalid argument

when it gets to the ftp-proxy anchor.

What am I missing here?

Thanks.

Chris

Re: NAT, Firewall pf

[(private) HKS]

On Mon, Feb 23, 2009 at 11:47 PM, johan beisser j...@caustic.org wrote:
 Comments inline.

 On Feb 23, 2009, at 5:58 PM, Hilco Wijbenga wrote:

 Hi all,

 I've been trying to get a simple firewall system up-and-running in
 OpenBSD. I have The Book of PF and Secure Architectures
 with OpenBSD so I thought it would be very simple. Well, we're two
 weeks later now and still no firewall. :-) The pf rules I found in
 those books don't seem to work as I expected them to work.

 The PF FAQ and the man page for pf.conf(5) should cover everything you need.
 The books are a nice addition, though.

 Before I list my current pf.conf, let me give a few more details. My
 firewall will be running a few services for my network (DHCP, NTP, and
 DNS). I need to use NAT to get my own network Internet access. DHCP
 works. I seem to have managed to get DNS (maradns on lo0 and sk1) and
 ICMP working.

 So, you need to set net.inet.ip.forward to 1 to ensure packets go out.

 /etc/pf.conf
 01 ext_if = sk0
 02 int_if = sk1
 03 localnet = $int_if:network
 04 internet = $ext_if:network
 05 udp_services = { domain, ntp }
 06 icmp_types = { echoreq, unreach }
 07
 08 nat log on $ext_if from $localnet to any - ($ext_if)
 09
 10 block log all
 11
 12 pass quick inet proto { tcp, udp } from $internet to any port
 $udp_services
 13 pass quick inet proto { tcp, udp } from $localnet to any port
 $udp_services
 14 pass quick inet proto { tcp, udp } from $lo0:network to any port
 $udp_services
 15
 16 pass inet proto icmp all icmp-type $icmp_types
 17 pass from { lo0, $localnet } to any keep state

 First, no traffic will go out with these rules as is. Unless states and
 flows match perfectly, it won't happen.

Wrong.


 a. Why do I need 12? I had expected 13 (which I don't seem to need).
 Wouldn't 12 be for incoming requests from the Internet?

 I'm not sure what you're trying to do with 12 or 13. The ports (domain and
 ntp) will be the only traffic permitted to enter any interface on the
 firewall.

Wrong. ICMP echoreq and unreachable are passed (16), as is all traffic
of any kind from the localnet (17).


 b. Given that ping works from my network (so that presumably routing
 is okay), why doesn't anything else work? HTTP seems blocked by the
 firewall.

 Don't presume. Think. You're passing ICMP types inward (req, unreach).
 That's it. I suspect you're not passing that traffic outbound otherwise.

Wrong. ICMP types are passed any direction. Traffic from localnet is
unrestricted.


 c. How can I get pflog to flush immediately? I noticed I have to wait
 a minute or so before logged lines show up.

 What syntax are you using to monitor it?

 d. Any other pointers?

 Start over.

 I make no claims this works or will work for you. It's a simple rewrite of
 what you claimed to want (NAT for outbound traffic, for example).

 ext_if=sk0
 int_if=sk1
 udp_services={ domain, ntp}

 set skip on lo
 set block-policy return
 scrub in

 nat on $ext_if from $int_if:network to any -($ext_if)
 block log

 pass out quick from $int_if to $int_if:network
 pass out quick from $ext_if to any

 pass in quick on $ext_if proto {tcp, udp} from any to ($ext_if) port
 $udp_services
 pass in quick on $int_if from $int_if:network to any



Go with Jason Dixon's ruleset unless you need to expose DNS and NTP on
your gateway to the world.

-HKS

Re: NAT, Firewall pf

[Jorge Enrique Valbuena Vargas]

1. You need to enable routing on your BSD box
edit /etc/sysctl.conf and change the 0 (zero) with 1


net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4
packets

In order to enable routing without restart the BSD type:

sysctl -w net.inet.ip.forwarding=1




On Mon, Feb 23, 2009 at 8:58 PM, Hilco Wijbenga hilco.wijbe...@gmail.comwrote:

 Hi all,

 I've been trying to get a simple firewall system up-and-running in
 OpenBSD. I have The Book of PF and Secure Architectures
 with OpenBSD so I thought it would be very simple. Well, we're two
 weeks later now and still no firewall. :-) The pf rules I found in
 those books don't seem to work as I expected them to work.

 Before I list my current pf.conf, let me give a few more details. My
 firewall will be running a few services for my network (DHCP, NTP, and
 DNS). I need to use NAT to get my own network Internet access. DHCP
 works. I seem to have managed to get DNS (maradns on lo0 and sk1) and
 ICMP working.

 /etc/pf.conf
 01 ext_if = sk0
 02 int_if = sk1
 03 localnet = $int_if:network
 04 internet = $ext_if:network
 05 udp_services = { domain, ntp }
 06 icmp_types = { echoreq, unreach }
 07
 08 nat log on $ext_if from $localnet to any - ($ext_if)
 09
 10 block log all
 11
 12 pass quick inet proto { tcp, udp } from $internet to any port
 $udp_services
 13 pass quick inet proto { tcp, udp } from $localnet to any port
 $udp_services
 14 pass quick inet proto { tcp, udp } from $lo0:network to any port
 $udp_services
 15
 16 pass inet proto icmp all icmp-type $icmp_types
 17 pass from { lo0, $localnet } to any keep state

 a. Why do I need 12? I had expected 13 (which I don't seem to need).
 Wouldn't 12 be for incoming requests from the Internet?
 b. Given that ping works from my network (so that presumably routing
 is okay), why doesn't anything else work? HTTP seems blocked by the
 firewall.
 c. How can I get pflog to flush immediately? I noticed I have to wait
 a minute or so before logged lines show up.
 d. Any other pointers?

 Cheers,
 Hilco

Re: sftp chroot ?

[Beto]

Hi Jean-Francois

Attach a little example, hope that helps

The user archivos only have access to /var/www/domains/home/
archivos/public_html

$ cat /etc/ssh/sshd_config
Port 22
Protocol 2
SyslogFacility AUTH
LogLevel INFO
PermitRootLogin no
Subsystem sftp  internal-sftp

Match group chrootusers
ForceCommand internal-sftp
ChrootDirectory /var/www/domains/home/%u


$ ls -lh
total 84
drwxr-xr-x  3 root  chrootusers   512B Feb 13 19:23 archivos

$ ls -lh archivos
total 4
drwxr-xr-x  3 archivos  chrootusers   512B Feb 18 14:24 public_html

See the permissions.

Bye

-- 
Beto
www.compumundohypermegared.org


2009/2/23 Jean-Francois jfsimon1...@gmail.com

 Hi All,

 As far as I understand, the sftp service is always running since it is
 the ssh daemon (maybe one can correct me if I'm wrong).
 Hence I need to chroot some users to specific directories.
 I prefer not to use vsftp at present time if this feature is available
 with sftp of OpenBSD.

 One can help me ?

 Thank you;
 JF




-- 
Beto
www.compumundohypermegared.org

TNC Packet Radio for OpenBSD

[Dan Colish]

I just got a radio for my car and it is capable to handling TNC
tranceiver traffic. So, now I'm on a search for a decent packet radio,
but it looks like the only ones I've found are Windows only. It not
as concerned with the software as I am with the HW being detected
correctly, although having both work with be nice. Any suggestions are
welcome. 

Thanks
Dan
N2VQV

Huawei E160 detach issues

[Michael]

Hi,

I've got a Huawei E160 UMTS stick which gives me some trouble. After
being attached for some time (so far something between 16 and 36 hours)
it seems to get detached automatically.

ucom0 detached
umsm0 detached
ucom1 detached
umsm1 detached
cd0 detached
scsibus0 detached
umass0 detached
umsm2 detached

Either restarting the box (its remote) or re-plugging the stick gets it
attached again.

I am using the package smstools3 which works fine... only issue is that
the stick keeps getting detached after some time.

Any ideas why that is happening and how to fix it?


Michael




OpenBSD 4.4-current (GENERIC) #1672: Fri Feb  6 14:11:28 MST 2009
t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD
586-class) 499 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 268009472 (255MB)
avail mem = 25088 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/10/07, BIOS32 rev. 0 @ 0xfceb2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x31
glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10,
address 00:0d:b9:12:7a:08
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
ral0 at pci0 dev 12 function 0 Ralink RT2561S rev 0x00: irq 9, address
00:12:0e:61:48:b4
ral0: MAC/BBP RT2561C, RF RT5225
glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 0,
32-bit 3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: KINGSTON
wd0: 1-sector PIO, LBA, 495MB, 1014048 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 15,
version 1.0, legacy support
ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
biomask f9ef netmask ffef ttymask 
mtrr: K6-family MTRR support (2 registers)
nvram: invalid checksum
umsm0 at uhub0 port 2 configuration 1 interface 0 HUAWEI Technology
HUAWEI Mobile rev 2.00/0.00 addr 2
umsm0: umass only mode. need to reattach
umsm0 detached
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
clock: unknown CMOS layout
umsm0 at uhub0 port 2 configuration 1 interface 0 HUAWEI Technology
HUAWEI Mobile rev 2.00/0.00 addr 2
ucom0 at umsm0
umsm1 at uhub0 port 2 configuration 1 interface 1 HUAWEI Technology
HUAWEI Mobile rev 2.00/0.00 addr 2
ucom1 at umsm1
umass0 at uhub0 port 2 configuration 1 interface 2 HUAWEI Technology
HUAWEI Mobile rev 2.00/0.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
cd0 at scsibus0 targ 1 lun 0: HUAWEI, Mass Storage, 2.31 SCSI2 5/cdrom
removable
umsm2 at uhub0 port 2 configuration 1 interface 3 HUAWEI Technology
HUAWEI Mobile rev 2.00/0.00 addr 2

Re: BCM4311

[Saifi Khan]

On Mon, Feb 23, 2009 at 10:42 PM, Roy Morris
william.roy.mor...@gmail.com wrote:
 I did some searching around and found a cvs message talking about
 removing support for the bcm4311. I was wondering if anything has
 changed since then? I don't see any newer updates. My Dell 1721
 amd64 comes with this wireless adapter. Mine is rev 0x01 so I am
 not really sure if it applies.

 thanks
 Roy

 http://marc.info/?l=openbsd-cvsm=121993685718267w=2



Is there support for BCM43xx in openBSD ?

-- 
thanks
Saifi.

heartbeating Carp ?

[Mikel Lindsaar]

Hi all,

I have a pair of firewalls using carp between them in front of some
servers.  Works really nice.

Today, however, I got an edge case on the firewalls.

Firewall one was not accessible, and I couldn't access any firewall behind it.

Getting into firewall 2 directly, I found that firewall 1 internal
interface was up, but the external was unreachable.  I checked the
carp interfaces and found that firewall 2 was advertising as a master
on the external interface, but as a backup on the internal interface.

sshing over to firewall 1 on the dedicated cross over carp link, I
found that firewall 1 was also advertising master on the external
interface and master on the internal interface.

Firewall 1 could not ping past it's external interface, though the
network layer was up.

Due to this, carp on Firewall 1 did not think it was down, and so,
seemed to be ignoring the pre-emption being attempted by firewall 2.
So I ended up having packets going into firewall 2, but then trying to
get out through firewall 1.

Both firewalls have the preempt option set in sysctl.conf

Manually failing firewall 1 did the trick and firewall 2 took over
master on external and internal and all is good now.  We are still
resolving why firewall 1 can't get out to the Internet, might be a
specific routing or acl problem on the switch it is connected to,
might be a hardware problem, not sure yet.

However, the question I have is how do others deal with this?

I was thinking a cron entry that periodically checks for connectivity
both ways and sets the carp state to backup if the checks fail, but
this sounds a bit off the cuff and hackish and could be prone to a
race condition or ending up setting BOTH firewalls to backup at the
same time... not so good I am thinking.

So needed is some sort of heartbeat.  In this case, Carp didn't see
anything wrong (interface was up, link was good, traffic being
received... just no route anywhere and every packet sent got
blackholed).

A bit of googling around didn't turn up anything obvious.

Any ideas?

Mikel

packets redirected to loopback never appear in tcpdump

[Gregory Edigarov]

Hello,

Is this a bug of feature?
the test case:

# ifconfig lo1 192.168.0.1 up

# ping 192.168.0.1
64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=0.200 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.111 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.110 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.111 ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=255 time=0.109 ms


# tcpdump -i lo1
tcpdump: listening on lo1, link-type LOOP
(shows nothing)

this also:
nat on rl0 from !(rl0) to any - (rl0)
rdr on rl0 proto tcp from any to (rl0) port 1234 - 192.168.0.1

block log all
pass in on rl0 proto tcp from any to 192.168.0.1 port 1234 keep state

redirect works just fine, but tcpdump again shows  nothing.

found the  hard way  while  trying to get altq working on lo1

# uname -a
OpenBSD greg.bestnet.kharkov.ua 4.4 GENERIC#1021 i386

dmesg is also attached



-- 
With best regards,
Gregory Edigarov
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.00GHz (GenuineIntel 686-class) 2 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem  = 259551232 (247MB)
avail mem = 242520064 (231MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/17/03, BIOS32 rev. 0 @ 0xfdb30, SMBIOS 
rev. 2.3 @ 0xf0630 (32 entries)
bios0: vendor American Megatrends Inc. version P2.60 date 12/17/2003
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices USB1(S4) USB2(S4) USB3(S4) EHCI(S4) ICHB(S4) PS2M(S4) 
PS2K(S4) UAR1(S4) MC9_(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 3 (ICHB)
acpicpu0 at acpi0
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xb400
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82845G Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 82845G Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: aperture at 0xd000, size 0x800
drm at vga1 unsupported
uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 5
uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 12
ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x82
pci1 at ppb0 bus 3
rl0 at pci1 dev 6 function 0 Realtek 8139 rev 0x10: irq 5, address 
00:30:4f:23:15:f0
rlphy0 at rl0 phy 0: RTL internal PHY
rl1 at pci1 dev 10 function 0 Realtek 8139 rev 0x10: irq 3, address 
00:0b:6a:f8:3e:e3
rlphy1 at rl1 phy 0: RTL internal PHY
ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02
pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: SAMSUNG SP0411N
wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x02: irq 3, ICH4 AC97
ac97: codec id 0x434d4961 (C-Media Electronics CMI9739)
audio0 at auich0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x17
lm1 at wbsio0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask fd65 netmask fd6d ttymask 
mtrr: Pentium Pro MTRR support
uhidev0 at uhub1 port 1 configuration 1 interface 0 Logitech USB-PS/2 Optical 
Mouse rev 2.00/11.10 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

Re: TNC Packet Radio for OpenBSD

[Marc Balmer]

Am 24.02.2009 um 16:23 schrieb Dan Colish:


I just got a radio for my car and it is capable to handling TNC
tranceiver traffic. So, now I'm on a search for a decent packet radio,
but it looks like the only ones I've found are Windows only. It not
as concerned with the software as I am with the HW being detected
correctly, although having both work with be nice. Any suggestions are
welcome.


A decent TNC uses a serial port or USB, I am using such a thingie
and it works nicely.

OpenBSD does not directly support AX.25.




Thanks
Dan
N2VQV



Marc
HB9SSB

Re: NAT, Firewall pf

[Hilco Wijbenga]

2009/2/24 Jorge Enrique Valbuena Vargas jvalbue...@gmail.com:
 1. You need to enable routing on your BSD box
 edit /etc/sysctl.conf and change the 0 (zero) with 1

 net.inet.ip.forwarding=1 B  B  B  B # 1=Permit forwarding (routing) of IPv4
 packets

My problem isn't that basic. :-) Forwarding is permitted. That was the
very first thing I set up.

Re: NAT, Firewall pf

[Hilco Wijbenga]

2009/2/23 Jason Dixon ja...@dixongroup.net:
 On Mon, Feb 23, 2009 at 05:58:20PM -0800, Hilco Wijbenga wrote:
 Hi all,

 I've been trying to get a simple firewall system up-and-running in
 OpenBSD. I have The Book of PF and Secure Architectures
 with OpenBSD so I thought it would be very simple. Well, we're two
 weeks later now and still no firewall. :-) The pf rules I found in
 those books don't seem to work as I expected them to work.

 Before I list my current pf.conf, let me give a few more details. My
 firewall will be running a few services for my network (DHCP, NTP, and
 DNS). I need to use NAT to get my own network Internet access. DHCP
 works. I seem to have managed to get DNS (maradns on lo0 and sk1) and
 ICMP working.

 Sounds like a very basic home setup. B You want your firewall to handle
 DHCP, NTP and act as a DNS resolver for your local network. B Easy
 enough.

Yes, exactly what I thought. :-)

 /etc/pf.conf
 01 ext_if = sk0
 02 int_if = sk1
 03 localnet = $int_if:network
 04 internet = $ext_if:network
 05 udp_services = { domain, ntp }
 06 icmp_types = { echoreq, unreach }
 07
 08 nat log on $ext_if from $localnet to any - ($ext_if)
 09
 10 block log all
 11
 12 pass quick inet proto { tcp, udp } from $internet to any port
$udp_services
 13 pass quick inet proto { tcp, udp } from $localnet to any port
$udp_services
 14 pass quick inet proto { tcp, udp } from $lo0:network to any port
 $udp_services
 15
 16 pass inet proto icmp all icmp-type $icmp_types
 17 pass from { lo0, $localnet } to any keep state

 a. Why do I need 12? I had expected 13 (which I don't seem to need).
 Wouldn't 12 be for incoming requests from the Internet?
 b. Given that ping works from my network (so that presumably routing
 is okay), why doesn't anything else work? HTTP seems blocked by the
 firewall.
 c. How can I get pflog to flush immediately? I noticed I have to wait
 a minute or so before logged lines show up.
 d. Any other pointers?

 Let's start off with your questions and then a working example below.

 a. B If you're only intending to allow outbound traffic from your local
 network, you don't. B That rule would be to allow inbound requests from
 the internet to your firewall (and optionally, other internal services
 if you had rdr or binat rules). B By default, pf uses keep state on all
 pass rules, which means that it will track your connections outbound and
 allow the appropriate replies from external services.

That's what I thought, hence the question because line 12 was required
for it to work.

 b. B Because line 16 is allowing icmp outbound *and* inbound. B You have
 no directional (or interface) qualifiers.

Shouldn't 17 take care of all that for (e.g.) HTTP requests? It's from
the local net to anywhere and it keeps state (not relevant for HTTP, I
guess, but still).

 c. B I would need more details here to give you a qualified answer. B As
 in, examples. B You're only logging blocked traffic.

Yes, I thought that would make it easier. It isn't always clear to me
what a logged line is for: was it logged because it was blocked or
because it was allowed?

 d. B Read the PF FAQ.

Right. :-)

 Ok, here is a working example based on your description. B Noticed the
 beauty in the simplicity. B :)

What!?! You didn't like my near random mish-mash of rules? ;-)

 ##
 00 ext_if = sk0
 01 int_if = sk1
 02
 03 set skip on lo
 04
 05 scrub in
 06
 07 nat on $ext_if from $int_if:network to any - ($ext_if:0)
 08
 09 block in log all
 10 pass in on $int_if inet keep state
 ##

I'll try that tonight.

 The first two lines are obvious. B Why did I remove localnet and
 internet? B The first is truly unnecessary in a ruleset this small; B it
 simply adds abstraction where none is needed. B The internet is already
 provided via the any and all keywords.

That's one thing that isn't obvious to me. To the firewall sk0 and sk1
are just two interfaces, why/how would any and all refer to the
internet? Or do you simply mean they refer/include all interfaces so
also the internet?

 Line 3 allows us to skip state on loopback, nothing exciting there.

Yeah, I read about that and figured it could wait till later. Just
icing on the cake, right?

 Line 5 provides scrubbing, also known as packet defragmentation. B This
 helps pf by reassembling packet fragments before applying rules. B In
 short, it's a safety mechanism.

Same thing, I figured that could wait.

 Line 7 allows outbound NAT to the internet.

Okay, so the only difference with my attempt at it is the :0 you
added at the end. Does it mean anything special or was it simply
implied in my version?

 Line 9 provides a basic block all for inbound requests. B This affects
 both inbound from the internet, as well as inbound (from the firewall's
 perspective) from the local network. B Which requires...

Was this the main problem then? I was blocking everything in and 

Re: packets redirected to loopback never appear in tcpdump

[Giovanni Bechis]

Gregory Edigarov wrote:

Hello,

Is this a bug of feature?
the test case:


This works for me with 4.5-beta:

$ sudo ifconfig lo1 192.168.3.1
Password:
$ ping 192.168.3.1
PING 192.168.3.1 (192.168.3.1): 56 data bytes
64 bytes from 192.168.3.1: icmp_seq=0 ttl=255 time=0.036 ms
64 bytes from 192.168.3.1: icmp_seq=1 ttl=255 time=0.026 ms
64 bytes from 192.168.3.1: icmp_seq=2 ttl=255 time=0.034 ms

$ sudo tcpdump -i lo1
tcpdump: listening on lo1, link-type LOOP
18:38:59.733246 192.168.3.1  192.168.3.1: icmp: echo request
18:38:59.733252 192.168.3.1  192.168.3.1: icmp: echo reply
18:39:00.743249 192.168.3.1  192.168.3.1: icmp: echo request

$ uname -a 


OpenBSD bigio.snb.it 4.5 GENERIC.MP#0 amd64

 Cheers
  Giovanni

Re: NAT, Firewall pf

[(private) HKS]

On Mon, Feb 23, 2009 at 8:58 PM, Hilco Wijbenga
hilco.wijbe...@gmail.com wrote:
 Hi all,

 I've been trying to get a simple firewall system up-and-running in
 OpenBSD. I have The Book of PF and Secure Architectures
 with OpenBSD so I thought it would be very simple. Well, we're two
 weeks later now and still no firewall. :-) The pf rules I found in
 those books don't seem to work as I expected them to work.

 Before I list my current pf.conf, let me give a few more details. My
 firewall will be running a few services for my network (DHCP, NTP, and
 DNS). I need to use NAT to get my own network Internet access. DHCP
 works. I seem to have managed to get DNS (maradns on lo0 and sk1) and
 ICMP working.

 /etc/pf.conf
 01 ext_if = sk0
 02 int_if = sk1
 03 localnet = $int_if:network
 04 internet = $ext_if:network
 05 udp_services = { domain, ntp }
 06 icmp_types = { echoreq, unreach }
 07
 08 nat log on $ext_if from $localnet to any - ($ext_if)
 09
 10 block log all
 11
 12 pass quick inet proto { tcp, udp } from $internet to any port $udp_services
 13 pass quick inet proto { tcp, udp } from $localnet to any port $udp_services
 14 pass quick inet proto { tcp, udp } from $lo0:network to any port
 $udp_services
 15
 16 pass inet proto icmp all icmp-type $icmp_types
 17 pass from { lo0, $localnet } to any keep state

 a. Why do I need 12? I had expected 13 (which I don't seem to need).
 Wouldn't 12 be for incoming requests from the Internet?

You need 12 because of 8. When you pass a DNS request out from your
localnet, 13 pass it in on int_if, but then it's natted BEFORE
traversing the egress PF rules. Jason Dixon's suggested rules bypass
this by not blocking outbound traffic to begin with.

 b. Given that ping works from my network (so that presumably routing
 is okay), why doesn't anything else work? HTTP seems blocked by the
 firewall.

Same NAT/PF issue as above. Your ICMP rule ignores source/destination
addresses, so it's not affected.

 c. How can I get pflog to flush immediately? I noticed I have to wait
 a minute or so before logged lines show up.

I think it's already been suggested, but if you want a live view,
tcpdump -i pflog0 rather than tailing pflog.

 d. Any other pointers?

Use Jason's suggested ruleset. Simpler is better.


 Cheers,
 Hilco



-HKS

Re: listing ftp-proxy anchor rules

[Chris Smith]

On Tue, Feb 24, 2009 at 8:17 AM, Imre Oolberg i...@auul.pri.ee wrote:
 2. issuing 'systat rules' i look for exact entries, like
 /ftp-proxy/26694.100

Maybe that is necessary but the man page (unless I'm misunderstanding
it - wouldn't be the first time) seems to indicate otherwise:
==
 By default, recursive inline printing of anchors applies only to
 unnamed anchors specified inline in the ruleset.  If the anchor
 name is terminated with a `*' character, the -s flag will recur-
 sively print all anchors in a brace delimited block.  For example
 the following will print the ``authpf'' ruleset recursively:

   # pfctl -a 'authpf/*' -sr

 To print the main ruleset recursively, specify only `*' as the
 anchor name:

   # pfctl -a '*' -sr
==

Thanks,

Chris

Unfortunate dot was ... missing

[Jean-Francois]

All,

I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore
on my server box.
One can tell me if this is possible to backup the system without freshh
install ?
This is a i386 4.4 OpenBSD. One could eventually send me a way or
another the full /dev in case this option actually works ?

Thanks
JF

Re: TNC Packet Radio for OpenBSD

[Dan Colish]

On Tue, Feb 24, 2009 at 05:50:55PM +0100, Marc Balmer wrote:

 Am 24.02.2009 um 16:23 schrieb Dan Colish:

 I just got a radio for my car and it is capable to handling TNC
 tranceiver traffic. So, now I'm on a search for a decent packet radio,
 but it looks like the only ones I've found are Windows only. It not
 as concerned with the software as I am with the HW being detected
 correctly, although having both work with be nice. Any suggestions are
 welcome.

 A decent TNC uses a serial port or USB, I am using such a thingie
 and it works nicely.

 OpenBSD does not directly support AX.25.



 Thanks
 Dan
 N2VQV


 Marc
 HB9SSB


Marc,

  Thanks for the tips. I've been checking out a varity of tncs that are
  available online. The choices seem endless. What particular model do
  you use?

Dan

Re: Unfortunate dot was ... missing

[Jason Dixon]

On Tue, Feb 24, 2009 at 07:43:18PM +0100, Jean-Francois wrote:
 All,
 
 I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore
 on my server box.
 One can tell me if this is possible to backup the system without freshh
 install ?
 This is a i386 4.4 OpenBSD. One could eventually send me a way or
 another the full /dev in case this option actually works ?

Just boot an install CD and do an upgrade.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: Unfortunate dot was ... missing

[Tony Abernethy]

Jason Dixon wrote:
 
 On Tue, Feb 24, 2009 at 07:43:18PM +0100, Jean-Francois wrote:
  All,
  
  I just forget the dot !! in the 'rm -r ./dev' so I have no 
 /dev anymore
  on my server box.
  One can tell me if this is possible to backup the system 
 without freshh
  install ?
  This is a i386 4.4 OpenBSD. One could eventually send me a way or
  another the full /dev in case this option actually works ?
 
 Just boot an install CD and do an upgrade.
 
 -- 
 Jason Dixon
 DixonGroup Consulting
 http://www.dixongroup.net/
 

Methinks THAT is the proper definition of user-friendly.

Re: Unfortunate dot was ... missing

[richardtoohey]

Quoting Jean-Francois jfsimon1...@gmail.com:

 All,
 
 I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore
 on my server box.
 One can tell me if this is possible to backup the system without freshh
 install ?
 This is a i386 4.4 OpenBSD. One could eventually send me a way or
 another the full /dev in case this option actually works ?
 
 Thanks
 JF
  
Doesn't help you at all, apart from knowing that
you are not alone ...

http://en.wikipedia.org/wiki/The_UNIX-HATERS_Handbook

Page 22 of the downloadable PDF of the book ...

Re: Unfortunate dot was ... missing

[Tim Donahue]

Jean-Francois wrote:
 All,
 
 I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore
 on my server box.
 One can tell me if this is possible to backup the system without freshh
 install ?
 This is a i386 4.4 OpenBSD. One could eventually send me a way or
 another the full /dev in case this option actually works ?
 
 Thanks
 JF
 

Assuming that you haven't rebooted the box yet, you have a terminal
open, and you either have a copy of the /dev/MAKEDEV script or have the
source on the system, you should be able to recover without much trouble.

All the device nodes in /dev are created with the MAKEDEV script.  To
recreate them, all you need to do is copy the MAKEDEV script back into
the /dev directory and run the following command.

# sh MAKEDEV all

Tim Donahue

Re: Unfortunate dot was ... missing

[Daniel A. Ramaley]

Firstly, don't panic.

I think if you recreate /dev with the appropriate permissions, add 
the MAKEDEV script and run it, that everything will be fine. You 
might have to do all this after booting from a CD though and mounting 
the filesystem.

Here's what the permissions look like on my 4.4 system:

drwxr-xr-x  3 root  wheel  20992 Jan 20 07:00 /dev

If you can't get the MAKEDEV script, e-mail me privately and i'd be 
happy to send a copy from my system. For your own assurance that the 
source is trustworthy, it would probably be better to get it from the 
install CD though.

On Tuesday February 24 2009, Jean-Francois wrote:
All,

I just forget the dot !! in the 'rm -r ./dev' so I have no /dev
 anymore on my server box.
One can tell me if this is possible to backup the system without
 freshh install ?
This is a i386 4.4 OpenBSD. One could eventually send me a way or
another the full /dev in case this option actually works ?

Thanks
JF

-- 

Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

relayd: rdr instead of proxy mode?

[Falk Brockerhoff - smartTERRA GmbH]

Hi,

I'm using relayd for loadbalancing incoming tcp traffic, works fine  
like a charme :-)


But as relayd works like a proxy, in the log files of my applications,  
there is always the ip address of the load balancing node and not of  
the real client. Is there a way to have relayd have all packets  
redirect like pf's rdr function instead of working like a classical  
proxy?


Another way to reach the final goal is touse pf with rdr statements,  
but in this case I haven't any check if the target node is available  
or not.


Both solutions only make half of the way I want to go - any idea,  
hints, suggestions?


Regards,

Falk

Re: Unfortunate dot was ... missing

[Etienne Robillard]

On February 24, 2009 01:43:18 pm you wrote:
 All,

 I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore
 on my server box.
 One can tell me if this is possible to backup the system without freshh
 install ?
 This is a i386 4.4 OpenBSD. One could eventually send me a way or
 another the full /dev in case this option actually works ?

 Thanks
 JF


If you have a root disk somewhere you could perhaps use that a 
temporary root filesystem. I think it should have /dev in it..

my 2 cents,

erob

Re: Unfortunate dot was ... missing

[Jean-François SIMON]

This perfectly worked.

Thanks to all btw.

2009/2/24 Josh Grosse j...@jggimi.homeip.net:
 On Tue, 24 Feb 2009 19:43:18 +0100, Jean-Francois wrote
 All,

 I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore
 on my server box.
 One can tell me if this is possible to backup the system without freshh
 install ?
 This is a i386 4.4 OpenBSD. One could eventually send me a way or
 another the full /dev in case this option actually works ?

 Thanks
 JF

 JF, I've missed the rest of your conversation, but ... here's a
 quick-and-dirty recovery procedure:

 Step 1.  Boot the ramdisk kernel, either from the hard drive (if you
installed
 it) or from your installation media.  If you installed it, at the boot
prompt,
 type bsd.rd:

   boot bsd.rd

 At the Install/Upgrade/Shell prompt, select the shell.

 Step 2.  Mount your root partition.  This is usually the a partition on
your
 first drive (sd0 or wd0).  e.g.:

   # mount /dev/wd0a /mnt

 Step 3.  Create a dev partition:

   # mkdir -p /mnt/dev

 Step 4:  Copy the MAKEDEV script from the ramdisk kernel's /dev to
/mnt/dev:

   # cp -p /dev/MAKEDEV /mnt/dev

 Step 5: Change your working directory to /mnt/dev:

   # cd /mnt/dev

 Step 6:  Recreate all of your device nodes:

   # sh MAKEDEV all

 

 Good luck!

xenocara - autoconf magic incantation?

[J.C. Roberts]

I'm testing out the v2.6.1 intel(4) driver requested here:
http://marc.info/?l=openbsd-techm=123307709522306w=2

In my Xorg.0.log I'm getting the mysterious error:

(WW) intel(0): libpciaccess reported 0 rom size, guessing 64kB
(EE) intel(0): Bad VBT signature
(WW) intel(0): VBIOS initialization failed.

On current we're running libpciaccess 10.2, so I figured I'd give the
more recent 10.5 a try:

http://cgit.freedesktop.org/xorg/lib/libpciaccess/
http://cgit.freedesktop.org/xorg/lib/libpciaccess/snapshot/libpciaccess-0.10.5.tar.gz

The existing xenocara/lib/libpciaccess/configure script shows it was
created with autoconf-2.61 but everything I've tried to create a new
one with the above source has resulted in a non-working script.

What is the autoconf incantation necessary to generate a proper
configure script that will work correctly within the xenocara tree?


-- 
J.C. Roberts

Re: OpenBSD hosting

[Francisco Valladolid Hdez.]

Hi

Consider  www.geekisp.com I have a account with Dave for almost, three years 
without problems.

www.rootr.net can be a nice solution.

Dedicated server, www.sprocketdata.com  or www.m5hosting.com

Regards.


--- On Sun, 2/22/09, Friedrich Locke friedrich.lo...@gmail.com wrote:

 From: Friedrich Locke friedrich.lo...@gmail.com
 Subject: OpenBSD hosting
 To: misc@openbsd.org
 Date: Sunday, February 22, 2009, 9:54 PM
 Dear gentleman,
 
 i am searching for web hosting service that :
 
 supports java,
 support MySQL
 allow me shell account access for software development with
 access to MySQL.
 allow ssh/sftp access.
 and runs OpenBSD at least for the shell services.
 allow me to host dns for my domain.
 
 Is anybody aware of a such hosting services...
 
 thank.

upgrades for the project

[Marco Peereboom]

As you can read at:
http://undeadly.org/cgi?action=articlesid=20090224194829mode=expandedcount=0
the project needs some upgrades.  So if you can spare us a donation
it'll be appreciated.  I'd appreciate if you'd put in the paypal comment
field if you want to be listed or not on the donations.html page.

If you have any questions feel free to send me a note.

Re: xenocara - autoconf magic incantation?

[Matthieu Herrb]

On Tue, Feb 24, 2009 at 9:20 PM, J.C. Roberts list-...@designtools.org
wrote:
 I'm testing out the v2.6.1 intel(4) driver requested here:
 http://marc.info/?l=openbsd-techm=123307709522306w=2

 In my Xorg.0.log I'm getting the mysterious error:

(WW) intel(0): libpciaccess reported 0 rom size, guessing 64kB
(EE) intel(0): Bad VBT signature
(WW) intel(0): VBIOS initialization failed.

This can probably be ignored. (I'm not 100% sure how the intel cards
setup their BIOS, but it seems normal that it doesn't get listed in
PCI config space and thus that libpiaccess gets back to the legacy VGA
space).



 On current we're running libpciaccess 10.2, so I figured I'd give the
 more recent 10.5 a try:

 http://cgit.freedesktop.org/xorg/lib/libpciaccess/

http://cgit.freedesktop.org/xorg/lib/libpciaccess/snapshot/libpciaccess-0.10.
5.tar.gz

 The existing xenocara/lib/libpciaccess/configure script shows it was
 created with autoconf-2.61 but everything I've tried to create a new
 one with the above source has resulted in a non-working script.

 What is the autoconf incantation necessary to generate a proper
 configure script that will work correctly within the xenocara tree?


Copy Makefile.bsd-wrapper from the xenocara version  and run
XENOCARA_RERUN_AUTOCONF=-Yes make -f Makefile.bsd-wrapper build


But a more recent libpciaccess will not change anything...


--
Matthieu Herrb

Re: relayd: rdr instead of proxy mode?

[Pete Vickers]

If you are doing web traffic, then relayd can insert a HTTP header  
into the inbound request, which is then visible to the backend  
webserver.


For vanilla tcp connections, verbose logging on relay box and backend  
together with ntp time syncing and some scripting foo should permit  
reconstruction of the end-to-end connection. No pretty but should work.


/pete


On 24 Feb 2009, at 18:57, Falk Brockerhoff - smartTERRA GmbH wrote:


Hi,

I'm using relayd for loadbalancing incoming tcp traffic, works fine  
like a charme :-)


But as relayd works like a proxy, in the log files of my  
applications, there is always the ip address of the load balancing  
node and not of the real client. Is there a way to have relayd have  
all packets redirect like pf's rdr function instead of working like  
a classical proxy?


Another way to reach the final goal is touse pf with rdr statements,  
but in this case I haven't any check if the target node is available  
or not.


Both solutions only make half of the way I want to go - any idea,  
hints, suggestions?


Regards,

Falk

Re: heartbeating Carp ?

[Steven Surdock]

I set preempt on FW1 only.



-Steve S.



 -Original Message-

 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of

 Mikel Lindsaar

 Sent: Tuesday, February 24, 2009 11:18 AM

 To: OpenBSD general usage list

 Subject: heartbeating Carp ?

 

 Hi all,

 

 

 Due to this, carp on Firewall 1 did not think it was down, and so,

 seemed to be ignoring the pre-emption being attempted by firewall 2.

 So I ended up having packets going into firewall 2, but then trying to

 get out through firewall 1.

 

 Both firewalls have the preempt option set in sysctl.conf

1.2GHz US$99 ARM wall plug

[Dave Wilson]

http://linuxdevices.com/news/NS9634061300.html

They look rather nifty.

Even the hardware design is to be released under some sort of open license.

We've already got the armish port.

If Dale Rahn or another OpenBSD dev wants to do a port to this thing,
I'll buy them the dev kit to do it with. US$99 is only #69.

Just wish they did one in a suitable wart for me here in the UK.

Guess its a good thing the hardware is tweakable :-)

Si1entDave

Re: TNC Packet Radio for OpenBSD

[Marc Balmer]

Am 24.02.2009 um 19:41 schrieb Dan Colish:



On Tue, Feb 24, 2009 at 05:50:55PM +0100, Marc Balmer wrote:


Am 24.02.2009 um 16:23 schrieb Dan Colish:


I just got a radio for my car and it is capable to handling TNC
tranceiver traffic. So, now I'm on a search for a decent packet  
radio,

but it looks like the only ones I've found are Windows only. It not
as concerned with the software as I am with the HW being detected
correctly, although having both work with be nice. Any suggestions  
are

welcome.


A decent TNC uses a serial port or USB, I am using such a thingie
and it works nicely.

OpenBSD does not directly support AX.25.




Thanks
Dan
N2VQV



Marc
HB9SSB



Marc,

 Thanks for the tips. I've been checking out a varity of tncs that are
 available online. The choices seem endless. What particular model do
 you use?


I am using a TNC7multi.  http://nt-g.de/de/tnc7multi/tnc7multi.php5



Dan


0x49,
Marc

Re: packets redirected to loopback never appear in tcpdump

[Stuart Henderson]

On 2009-02-24, Gregory Edigarov g...@bestnet.kharkov.ua wrote:
 Is this a bug of feature?
 the test case:

 # ifconfig lo1 192.168.0.1 up

 # ping 192.168.0.1
 64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=0.200 ms
 64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.111 ms
 64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.110 ms
 64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.111 ms
 64 bytes from 192.168.0.1: icmp_seq=4 ttl=255 time=0.109 ms

this should work. how does your routing table look?

Re: relayd: rdr instead of proxy mode?

[Stuart Henderson]

On 2009-02-24, Falk Brockerhoff - smartTERRA GmbH n...@smartterra.eu wrote:
 Hi,

 I'm using relayd for loadbalancing incoming tcp traffic, works fine  
 like a charme :-)

 But as relayd works like a proxy, in the log files of my applications,  
 there is always the ip address of the load balancing node and not of  
 the real client. Is there a way to have relayd have all packets  
 redirect like pf's rdr function instead of working like a classical  
 proxy?

 Another way to reach the final goal is touse pf with rdr statements,  
 but in this case I haven't any check if the target node is available  
 or not.

 Both solutions only make half of the way I want to go - any idea,  
 hints, suggestions?

 Regards,

 Falk



You have not noticed several of relayd's major features.
Try relayd.conf(5)...

Re: listing ftp-proxy anchor rules

[Stuart Henderson]

On 2009-02-24, Chris Smith obsd_m...@chrissmith.org wrote:
 On Tue, Feb 24, 2009 at 8:17 AM, Imre Oolberg i...@auul.pri.ee wrote:
 2. issuing 'systat rules' i look for exact entries, like
 /ftp-proxy/26694.100

pfctl -sA -v is simpler.

 Maybe that is necessary but the man page (unless I'm misunderstanding
 it - wouldn't be the first time) seems to indicate otherwise:
==
  By default, recursive inline printing of anchors applies only to
  unnamed anchors specified inline in the ruleset.  If the anchor
  name is terminated with a `*' character, the -s flag will recur-
  sively print all anchors in a brace delimited block.  For example
  the following will print the ``authpf'' ruleset recursively:

# pfctl -a 'authpf/*' -sr

  To print the main ruleset recursively, specify only `*' as the
  anchor name:

# pfctl -a '*' -sr
==

it does specifically mention brace delimited block there. but it
would certainly be convenient if it did recurse over these.

Re: OpenBSD hosting

[Sevan / Venture37]

Friedrich Locke wrote:

Dear gentleman,

i am searching for web hosting service that :

supports java,
support MySQL
allow me shell account access for software development with access to MySQL.
allow ssh/sftp access.
and runs OpenBSD at least for the shell services.
allow me to host dns for my domain.

Is anybody aware of a such hosting services...

thank.



If you're happy with a xen based virtual server, rootbsd.net offer 
openbsd virtual servers.




Sevan / Venture37

recognizing 8GB RAM? (4.5)

[David Heinrich]

How do I get the kernel to recognize 8GB of RAM? It is only recognizing
3.3GB?

Also, where do I go for packages for 4.5 current? The install.amd64
file reference ftp://ftp.openbsd.org/pub/OpenBSD/4.5/amd64 but no such
ftp exists.

-Dave

dmesg below:
ing; disabled or no drives?)
ppb3 at pci0 dev 28 function 5 Intel 82801JI PCIE rev 0x00: apic 4
int 16 (irq 10)
pci4 at ppb3 bus 2
mskc0 at pci4 dev 0 function 0 Marvell Yukon 88E8056 rev 0x12,
Yukon-2 EC Ultra (0x3): apic 4 int 17 (irq 11)
msk0 at mskc0 port A: address 00:22:15:9c:87:7e
eephy0 at msk0 phy 0: 88E1149 Gigabit PHY, rev. 1
uhci3 at pci0 dev 29 function 0 Intel 82801JI USB rev 0x00: apic 4
int 23 (irq 7)
uhci4 at pci0 dev 29 function 1 Intel 82801JI USB rev 0x00: apic 4
int 19 (irq 5)
uhci5 at pci0 dev 29 function 2 Intel 82801JI USB rev 0x00: apic 4
int 18 (irq 15)
ehci1 at pci0 dev 29 function 7 Intel 82801JI USB rev 0x00: apic 4
int 23 (irq 7)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x90
pci5 at ppb4 bus 5
skc0 at pci5 dev 2 function 0 Marvell Yukon 88E8001/8003/8010 rev
0x14, Yukon Lite (0x9): apic 4 int 18 (irq 15)
sk0 at skc0 port A: address 00:22:15:9c:9d:b7
eephy1 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 5
ATT/Lucent FW322 1394 rev 0x70 at pci5 dev 3 function 0 not configured
pcib0 at pci0 dev 31 function 0 Intel 82801JIR LPC rev 0x00
pciide1 at pci0 dev 31 function 2 Intel 82801JI SATA rev 0x00: DMA
(unsupported), channel 0 configured to native-PCI, channel 1
configured to native-PCI
pciide1: using apic 4 int 19 (irq 5) for native-PCI interrupt
pciide1: channel 0 ignored (not responding; disabled or no drives?)
atapiscsi0 at pciide1 channel 1 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CDDVDW SH-S223Q, SB02 ATAPI
5/cdrom removable
ichiic0 at pci0 dev 31 function 3 Intel 82801JI SMBus rev 0x00: apic
4 int 18 (irq 15)
iic0 at ichiic0
iic0: addr 0x1e 01=01 02=01 11=01 12=01 20=05 21=01 22=01 23=05 31=01
32=01 words 00=0001 01=0101 02=0100 03= 04= 05= 06=
07=
iic0: addr 0x20 01=80 02=17 03=7f 10=00 19=b0 20=20 21=00 25=20 26=b2
38=74 39=03 4a=64 6a=2c 78=02 79=08 7a=00 7b=00 7e=82 80=00 8b=3e
8c=dd 96=5c 99=41 9a=98 9b=01 d0=00 d1=03 d2=72 d3=72 d4=03 d5=02
d6=01 d7=72 d8=6b d9=00 da=00 db=00 dc=00 dd=00 de=00 df=19 e0=00
e1=00 e2=10 e3=10 e4=10 e5=10 e6=10 e7=10 e8=10 e9=10 ea=10 ec=07
ee=00 f1=0d f5=02 f6=02 f9=00 fa=00 fb=50 words 00= 01=8037
02=1766 03=7fff 04= 05= 06= 07=
spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-6400CL5
spdmem1 at iic0 addr 0x51: 2GB DDR2 SDRAM non-parity PC2-6400CL5
spdmem2 at iic0 addr 0x52: 2GB DDR2 SDRAM non-parity PC2-6400CL5
spdmem3 at iic0 addr 0x53: 2GB DDR2 SDRAM non-parity PC2-6400CL5
pciide2 at pci0 dev 31 function 5 Intel 82801JI SATA rev 0x00: DMA
(unsupported), channel 0 wired to native-PCI, channel 1 wired to
native-PCI
pciide2: using apic 4 int 19 (irq 5) for native-PCI interrupt
wd0 at pciide2 channel 0 drive 0: WDC WD1001FALS-00J7B0
wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors
pciide2: channel 1 ignored (not responding; disabled or no drives?)
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lm0 at isa0 port 0x290/8: W83627DHG
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
mtrr: Pentium Pro MTRR support
umass0 at uhub4 port 1 configuration 1 interface 0 Generic Mass
Storage Device rev 2.00/1.29 addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0
sd0 at scsibus1 targ 1 lun 0: Generic, USB SD Reader, 1.00 SCSI0
0/direct removable
sd0: drive offline
sd1 at scsibus1 targ 1 lun 1: Generic, USB CF Reader, 1.01 SCSI0
0/direct removable
sd1: drive offline
sd2 at scsibus1 targ 1 lun 2: Generic, USB SM Reader, 1.02 SCSI0
0/direct removable
sd2: drive offline
sd3 at scsibus1 targ 1 lun 3: Generic, USB MS Reader, 1.03 SCSI0
0/direct removable
sd3: drive offline
uhidev0 at uhub5 port 2 configuration 1 interface 0 Composite USB PS2
Converter USB to PS2 Adaptor  V3.10 rev 1.10/3.10 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub5 port 2 

Re: recognizing 8GB RAM? (4.5)

[Ted Unangst]

On Tue, Feb 24, 2009 at 9:47 PM, David Heinrich dh0...@gmail.com wrote:
 How do I get the kernel to recognize 8GB of RAM? It is only recognizing
 3.3GB?

You don't.  That much memory can't be used currently.

 Also, where do I go for packages for 4.5 current? The install.amd64
 file reference ftp://ftp.openbsd.org/pub/OpenBSD/4.5/amd64 but no such
 ftp exists.

There is no 4.5.  If you're running a snapshot, the sets and packages
are in the snapshots directory.

Re: Create a bootable usb key?

[Kevin Lo]

On Sun, 2009-02-15 at 15:28 -0700, Theo de Raadt wrote:
   On 2009-01-10, Guillaume Thouvenin guillaume.thouve...@polymtl.ca wrote:
  
   Now next step is to have wired network working and so add support to my
   Attansic Technology L1E.
  
   This chip is not yet supported in OpenBSD. N.B. it is not the same
   as either Attansic L1 or L2.
  
  Yes right. I will have a look how driver are implemented in OpenBSD and
  I will try to add the support of Attansic L1E. Do you know if someone
  is working on it?
 
 it will happen as soon as kevlo has a board with it.

I just committed ale(4) driver:

http://marc.info/?l=openbsd-cvsm=123553127523101w=2

Please test it if you have time, thanks!

Kevin

Re: NAT, Firewall pf

[Hilco Wijbenga]

2009/2/23 Jason Dixon ja...@dixongroup.net:
 ##
 00 ext_if = sk0
 01 int_if = sk1
 02
 03 set skip on lo
 04
 05 scrub in
 06
 07 nat on $ext_if from $int_if:network to any - ($ext_if:0)
 08
 09 block in log all
 10 pass in on $int_if inet keep state
 ##

I tried this and I'm afraid it doesn't work. I can't ping anymore,
neither from my own box nor from the firewall. This setup is basically
what I also found in the books I have, I guess. :-(

DHCP works (i.e. my box gets an IP from the DHCP daemon on the
firewall) and I can see maradns receiving requests from localhost (the
firewall) and from the int_if (my box) when I try to ping something.
It's all blocked by the firewall, though.

I don't think it should matter but the only special thing about my
setup is that my external IP is on 192.168.1.0/24. Yes, that's my
*external* network. No more IPv4 address shortages for my ISP. :-)

Please also see my next reply.

get php uptime function out of apache chroot jail?

[Jerome Santos]

hello, I want to put a php script in a site on an openbsd 4.2 webserver.
From what I understand because apache is chrooted, a function that uses an
exec to a system call cannot work.
ie.
?php
$s = explode(  , exec(/var/run/usr/bin/uptime) );
$a = str_replace( ,, , $s[3]);
$uptime = time() - $a;

$days = floor($uptime/60/60/24);
$hours = $uptime/60/60%24;
$mins = $uptime/60%60;
$secs = $uptime%60;
echo This server is up  . $days .  days,  .  $hours  .  hours,
 . $mins .  minutes and  . $secs . seconds;

?

only echoes epoch time, This server is up 14300 days, 5 hours, 49 minutes
and 24seconds

any ideas how to fix this?

Re: get php uptime function out of apache chroot jail?

[Edho P Arief]

On Wed, Feb 25, 2009 at 12:51 PM, Jerome Santos bsdonly...@gmail.com wrote:
 hello, I want to put a php script in a site on an openbsd 4.2 webserver.
 From what I understand because apache is chrooted, a function that uses an
 exec to a system call cannot work.
 ie.
 ?php
 B  B  B  B $s = explode(  , exec(/var/run/usr/bin/uptime) );
 B  B  B  B $a = str_replace( ,, , $s[3]);
 B  B  B  B $uptime = time() - $a;

 B  B  B  B $days = floor($uptime/60/60/24);
 B  B  B  B $hours = $uptime/60/60%24;
 B  B  B  B $mins = $uptime/60%60;
 B  B  B  B $secs = $uptime%60;
 B  B  B  B echo This server is up  . $days .  days,  . B $hours B . 
hours,
  . $mins .  minutes and  . $secs . seconds;

 ?

 only echoes epoch time, This server is up 14300 days, 5 hours, 49 minutes
 and 24seconds

 any ideas how to fix this?



cron it to a file and parse that file

--
O ascii ribbon campaign - stop html mail - www.asciiribbon.org

TBB on OBSD

[Jack Woehr]

Anyone working with TBB ( http://www.threadingbuildingblocks.org/ )
on OpenBSD?

--
Jack J. Woehr# I run for public office from time to time. It's like
http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get
http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards.

Re: NAT, Firewall pf

[patrick keshishian]

On Tue, Feb 24, 2009 at 9:48 PM, Hilco Wijbenga
hilco.wijbe...@gmail.com wrote:
 2009/2/23 Jason Dixon ja...@dixongroup.net:
 ##
 00 ext_if = sk0
 01 int_if = sk1
 02
 03 set skip on lo
 04
 05 scrub in
 06
 07 nat on $ext_if from $int_if:network to any - ($ext_if:0)
 08
 09 block in log all
 10 pass in on $int_if inet keep state

# I think you are missing a pass out on $ext_if rule
11 pass out on $ext_if

w/o 11 all inbound packets are blocked by 09.

--patrick

Re: NAT, Firewall pf

[Jean-Francois]

You should try to go look at http://74.125.77.147 which is google.
That way you check if the comm is going.
In the first place I had DNS troubles.
If then it is a DNS problem at least we have localised sth.
Please try to locate the problem by sniffing packets using tcpdump on
the OpenBSD's interfaces in/out and maybe on the client also to see what
he receives from the OpenBSD.

Then it would be easier to find out.
Regards,
JF

Le mardi 24 fC)vrier 2009 C  21:48 -0800, Hilco Wijbenga a C)crit :
 2009/2/23 Jason Dixon ja...@dixongroup.net:
  ##
  00 ext_if = sk0
  01 int_if = sk1
  02
  03 set skip on lo
  04
  05 scrub in
  06
  07 nat on $ext_if from $int_if:network to any - ($ext_if:0)
  08
  09 block in log all
  10 pass in on $int_if inet keep state
  ##
 
 I tried this and I'm afraid it doesn't work. I can't ping anymore,
 neither from my own box nor from the firewall. This setup is basically
 what I also found in the books I have, I guess. :-(
 
 DHCP works (i.e. my box gets an IP from the DHCP daemon on the
 firewall) and I can see maradns receiving requests from localhost (the
 firewall) and from the int_if (my box) when I try to ping something.
 It's all blocked by the firewall, though.
 
 I don't think it should matter but the only special thing about my
 setup is that my external IP is on 192.168.1.0/24. Yes, that's my
 *external* network. No more IPv4 address shortages for my ISP. :-)
 
 Please also see my next reply.

Re: BCM4311

[Saifi Khan]

On Tue, Feb 24, 2009 at 4:07 PM, Huy Nguyen h...@huynguyen.fr wrote:
 No, see http://undeadly.org/cgi?action=articlesid=20070406104008
 Huy

 On Tue, Feb 24, 2009 at 03:44:35PM +, Saifi Khan wrote:
 On Mon, Feb 23, 2009 at 10:42 PM, Roy Morris
 william.roy.mor...@gmail.com wrote:
  I did some searching around and found a cvs message talking about
  removing support for the bcm4311. I was wondering if anything has
  changed since then? I don't see any newer updates. My Dell 1721
  amd64 comes with this wireless adapter. Mine is rev 0x01 so I am
  not really sure if it applies.
 
  thanks
  Roy
 
  http://marc.info/?l=openbsd-cvsm=121993685718267w=2
 
 

 Is there support for BCM43xx in openBSD ?

 --

So, what is the plan for openBSD now ? Are we not going to have
BCM43xx driver at all ?

-- 
thanks
Saifi.