Re: 4.5 audio aucat autoconfig
On Mon, 23 Feb 2009 18:10:53 +0100 Alexandre Ratchov a...@caoua.org wrote: Unfortunately, the above doesn't work in 4.5-current, and the debug output has been changed somewhat. One of the things I did notice is the resampling from 16000Hz to 44100Hz does not seem to be occurring in 4.5-current. that's the desired behaviour; the resulting file will be at 16kHz, which is the device native sample rate. $ aucat -C 0:0 -e s16le -r 16000 -f /dev/audio1 -o test45.raw ... dev_init: hw recording s16le,0:0,16000Hz ^ the device is using s16le,0:0,16000Hz, and there are no conversion layers so the file should contain the signal as-is. $ aucat -c 0:0 -e s16le -i test45.raw the ``-r 16000'' option is missing, so aucat will thing that ``test45.raw'' is using the default rate of 44100Hz, and it will play it too fast. You may also want to note that by defining the rate (-r) as 16000Hz in the playback still results in it playing too fast and with distortion, albeit slower than playing it as above at 44100Hz. that's bad. Perhaps a bug in the uaudio(4) driver. Could you send me off-list the recorded file (preferably with some voice or music) and the exact command to generate it so i can analyze it? Since Jake and others might be interested, I put the files on my server, and kept this on-list. On 4.4-Stable $ export AUCAT_DEBUG=4 $ aucat -C 0:0 -e s16le -r 16000 -f /dev/audio1 -o test2-44.raw $ aucat -c 0:0 -e s16le -r 16000 -i test2-44.raw On 4.5-Current $ export AUCAT_DEBUG=4 $ aucat -C 0:0 -e s16le -r 16000 -f /dev/audio1 -o test2-45.raw $ aucat -c 0:0 -e s16le -r 16000 -i test2-45.raw Full Debug Command Logs and Resulting File: http://www.designtools.org/OpenBSD/test2-44.txt http://www.designtools.org/OpenBSD/test2-44.raw http://www.designtools.org/OpenBSD/test2-44.txt http://www.designtools.org/OpenBSD/test2-44.raw Also, output of dmesg, audioctl{0,1}, mixerctl{0,1} if needed: http://www.designtools.org/OpenBSD/test1-info44.txt http://www.designtools.org/OpenBSD/test1-info45.txt Results 4.4-Stable: On 4.4-Stable, you can see aucat resampling from 16000Hz to 44100Hz in the debug log when recording. As you'd expect, attempting to play the 44100Hz file at a forced playback rate of 16000Hz means it plays *very* slow. If you leave off the rate switch ('-r 16000') on playback, it defaults to playing at 44100Hz and plays correctly. Q: I'm guessing aucat was *not* supposed to resample the raw file? Results 4.5-Current: On 4.5-Current, the playback is way too fast, and also there is some distortion. Considering the similar test results I did for Jake (posted in thread) where aucat was avoided completely, I think he's onto something thinking it's a driver issue. -- J.C. Roberts
Re: toggle X screens on intel in obsd?
On Tue, 24 Feb 2009, Matthieu Herrb wrote: On Mon, Feb 23, 2009 at 9:53 PM, Dorian B|ttner dorian.buett...@gmx.de wrote: Found this one in the www: http://www.thinkwiki.org/wiki/Sample_Fn-F7_script Is there something similar one can do in OpenBSD? No clue, how to grab the fn-f8 event here... brightness adjustment works somehow out of the box, but the screen toggle doesn't seem to do anything. Would be nice for attaching the eee to larger display. Or does the intel driver only allow for mirroring at the moment? xrandr is fully supported on OpenBSD. The kernel currently doesn't report the Fn-* key events to userland, so you'd have to implement it in your window manager using a standard function key or menu entries to switch between your favourite xrandr configs. Hello. It's a great news. Until now, I thought the contrary - that that those functions of xrandr are not yet fully supported. For some reason, the man page of xrandr(1) in -current on the web is not up to date (in sync with the tree). What's wrong? http://www.openbsd.org/cgi-bin/man.cgi?query=xrandrapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html Regards, David
Re: Carp with aliases route problem
On 2009-02-24, Rod Whitworth glis...@witworx.com wrote: On Mon, 23 Feb 2009 17:52:33 -0600, Todd T. Fries wrote: As a corrilary, for those ISP's who think there is only need for a single /30 for a client's router, the concept of failover routers means 1 physical IP per router, and 1 IP for the failover IP, aka 3 IP's for the client side, dictating a /29. (sorry for this paragraph, but I am not happy with a particular upstream which thinks otherwise and is not willing to change). As a lab exercise, conducted because an upstream provider would only provide one router IP, I set up two Soekris 4801s with their external interfaces just up -ed and used the exclusive global IP for carp. It worked like a charm. The internal interfaces could have had whatever addresses I wanted but, just for fun, I made them work the same way as the externals. If the upstream connection is a /30 via something like PPP and you don't care about being able to contact the immediately adjacent addresses, there is the possible hack of setting the netmask a bit shorter than it really is, so you can use the network and broadcast addresses, giving you the two extra addresses you need for this.
Re: toggle X screens on intel in obsd?
On 2009-02-24, Matthieu Herrb mhe...@gmail.com wrote: On Mon, Feb 23, 2009 at 9:53 PM, Dorian B|ttner dorian.buett...@gmx.de wrote: Found this one in the www: http://www.thinkwiki.org/wiki/Sample_Fn-F7_script Is there something similar one can do in OpenBSD? No clue, how to grab the fn-f8 event here... brightness adjustment works somehow out of the box, but the screen toggle doesn't seem to do anything. Would be nice for attaching the eee to larger display. Or does the intel driver only allow for mirroring at the moment? xrandr is fully supported on OpenBSD. The kernel currently doesn't report the Fn-* key events to userland, so you'd have to implement it in your window manager using a standard function key or menu entries to switch between your favourite xrandr configs. Depending on your screen size you may also need to set a Virtual size large enough to cover both displays, e.g. 'Virtual xsize ysize' in the relevant Display section. $ xrandr --output VGA --mode 1024x768 $ xrandr --output LVDS --mode 1024x600 $ xrandr --output LVDS --above VGA
Re: user-friendliness and netbsd
On Mon, Feb 23, 2009 at 10:11:17PM +0100, Marc Espie wrote: On Mon, Feb 23, 2009 at 09:56:18PM +0100, Matthias Kilian wrote: Next time when I'm in a condition similar to that in vienna after p2k8, I'll test *all* installers of *all* existing operation systems. I'm sure I'd managed to do a perfect installation of OpenBSD; but pirofti@ may disagree ;-) Isn't that, like, his job in life ? (to disagree with everything most of the time). ;-P I disagree!
Re: NAT, Firewall pf
Hi, On Mon, 23.02.2009 at 17:58:20 -0800, Hilco Wijbenga hilco.wijbe...@gmail.com wrote: c. How can I get pflog to flush immediately? I noticed I have to wait a minute or so before logged lines show up. you don't need to. Listen on pflog0 instead. Kind regards, --Toni++
Re: sftp chroot ?
On 2009-02-23, Michael W. Lucas mwlu...@blackhelicopters.org wrote: On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: Hello, If I understand this will chroot any user. Am I correct ? - Is root chrroted as well ? Don't scp or SSH in as root. Use a regular account and sudo, or at least the root password. Oh, I do that all the time. I don't see a problem with it. For some things there is no feasible alternative.
Re: Bug OpenBGPD, IPv6 peer gets cleared, never gets up again
On Mon, Feb 23, 2009 at 02:11:38PM +0100, Arnoud Vermeer wrote: I found a different way to replicate the bug, this time it crashes ALL the IPv6 sessions connected to multiple Foundry switches (cisco seems fine). I have setup a v6 session with a tcp md5sig like so: group peers-rs-v6 { announce IPv6 unicast announce IPv4 none softreconfig in yes enforce neighbor-as yes set nexthop no-modify local-address 2001:7F8:1::A500:6777:4 neighbor 2001:7f8:1::A500:1200:1 { descr AS1200-v6-01 remote-as 1200 announce all passive tcp md5sig password hondjes } neighbor 2001:7f8:1::a504:8345:1 { descr XSNEWS-v6-01 remote-as 48345 announce all passive max-prefix 5 } } # bgpctl s s AS1200-v6-01 1200 9042 8142 0 00:13:34 Idle XSNEWS-v6-0148345 9374 8492 0 00:12:22 1/5 While in Idle, the session logs the following in daemon: Feb 23 14:00:03 radix-new bgpd[19498]: Connection attempt from neighbor 2001:7f8:1::a500:1200:1 (AS1200-v6-01) while session is in state Idle Feb 23 14:00:23 radix-new bgpd[19498]: Connection attempt from neighbor 2001:7f8:1::a500:1200:1 (AS1200-v6-01) while session is in state Idle I then clear the peering with the md5 hash: bgpctl neigh AS1200-v6-01 clear # bgpctl neigh AS1200-v6-01 clear request processed # bgpctl s s XSNEWS-v6-0148345 9380 8497 0 00:14:35 1/5 AS1200-v6-01 1200 9042 8142 0 00:17:15 Active but then after a few seconds, when the session becomes alive, the empty update get send out, and all foundry based v6 sessions reset. # bgpctl s s XSNEWS-v6-0148345 9381 8501 0 00:00:11 Idle AS1200-v6-01 1200 9047 8152 0 00:00:11 Idle Could you please provide mrt session dumps or tcpdumps of the session that fail. This seems like foundry is freaking out about something that is actually a valid BGP update. Neither Henning nor I do have sessions to foundry routers that we can play with. -- :wq Claudio
Re: Serial console only works if set tty com0 is specified in boot.conf
I have exactly the same problem. When i redirect default console to com0 (set tty com0 in /etc/boot.conf) serial console on tty00 then is working. But when i don't want to have default console there, then serial access is not working, but /usr/lib/getty std.9600 tty00 is running Only if i edit /etc/ttys and replace tty00 with cua00 - serial console is then working fine. Is this some bug ? -- View this message in context: http://www.nabble.com/Serial-console-only-works-if-set-tty-com0-is-specified-in-boot.conf-tp21757534p22179579.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: sftp chroot ?
On Mon, Feb 23, 2009 at 07:33:23PM +0100, jfsimon1...@gmail.com wrote: If I understand this will chroot any user. Am I correct ? - Is root chrroted as well ? - Is it possible to chrrot only some users ? What man page is not clear? -- Olivier Cherrier
Jornais e Revistas - Ganhe 7 noites de Hotel
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible.
Re: Bug OpenBGPD, IPv6 peer gets cleared, never gets up again
Hi Claudio, I've attached both the MRT session dumps and a tcpdump capture. Kind regards, Arnoud Vermeer Claudio Jeker schreef: On Mon, Feb 23, 2009 at 02:11:38PM +0100, Arnoud Vermeer wrote: I found a different way to replicate the bug, this time it crashes ALL the IPv6 sessions connected to multiple Foundry switches (cisco seems fine). I have setup a v6 session with a tcp md5sig like so: group peers-rs-v6 { announce IPv6 unicast announce IPv4 none softreconfig in yes enforce neighbor-as yes set nexthop no-modify local-address 2001:7F8:1::A500:6777:4 neighbor 2001:7f8:1::A500:1200:1 { descr AS1200-v6-01 remote-as 1200 announce all passive tcp md5sig password hondjes } neighbor 2001:7f8:1::a504:8345:1 { descr XSNEWS-v6-01 remote-as 48345 announce all passive max-prefix 5 } } # bgpctl s s AS1200-v6-01 1200 9042 8142 0 00:13:34 Idle XSNEWS-v6-0148345 9374 8492 0 00:12:22 1/5 While in Idle, the session logs the following in daemon: Feb 23 14:00:03 radix-new bgpd[19498]: Connection attempt from neighbor 2001:7f8:1::a500:1200:1 (AS1200-v6-01) while session is in state Idle Feb 23 14:00:23 radix-new bgpd[19498]: Connection attempt from neighbor 2001:7f8:1::a500:1200:1 (AS1200-v6-01) while session is in state Idle I then clear the peering with the md5 hash: bgpctl neigh AS1200-v6-01 clear # bgpctl neigh AS1200-v6-01 clear request processed # bgpctl s s XSNEWS-v6-0148345 9380 8497 0 00:14:35 1/5 AS1200-v6-01 1200 9042 8142 0 00:17:15 Active but then after a few seconds, when the session becomes alive, the empty update get send out, and all foundry based v6 sessions reset. # bgpctl s s XSNEWS-v6-0148345 9381 8501 0 00:00:11 Idle AS1200-v6-01 1200 9047 8152 0 00:00:11 Idle Could you please provide mrt session dumps or tcpdumps of the session that fail. This seems like foundry is freaking out about something that is actually a valid BGP update. Neither Henning nor I do have sessions to foundry routers that we can play with. [demime 1.01d removed an attachment of type application/octet-stream which had a name of all-in-dump-1322] base64 encoded Mime section invalid - length (0) was wrong. [demime 1.01d removed an attachment of type application/octet-stream which had a name of all-out-dump-1322] base64 encoded Mime section invalid - length (0) was wrong. [demime 1.01d removed an attachment of type application/octet-stream which had a name of md5.pcap]
Re: sftp chroot ?
Dnia poniedziaEek, 23 lutego 2009, Nigel J. Taylor napisaE: ChrootDirectory %h Subsystem sftpinternal-sftp Match group wheel ChrootDirectory none Or the other way around. Subsystem sftp internal-sftp Match User john paul ChrootDirectory /chroot/%u -- Pozdrawiam, Cezary Morga The best way to predict the future is to invent it. (Alan Kay)
Re: listing ftp-proxy anchor rules
Hallo! I am not sure this is the rigth way, must certanly it doesnt scale well, but i snooped now and then for ftp-proxy rules/translations like this 1. have a guess there should be some ftp-proxy rules created in achors 2. issuing 'systat rules' i look for exact entries, like /ftp-proxy/26694.100 3. issue to see rules/transls in anchors # pfctl -a 'ftp-proxy/26694.100' -sr # pfctl -a 'ftp-proxy/26694.100' -sn Imre Chris Smith wrote: Hello, Having trouble listing ftp-proxy anchor rules. For example: pfctl -a 'ftp-proxy/*' -sr never returns any data nor does: pfctl -a 'ftp-proxy' -sr and: pfctl -a '*' -sr throws out: pfctl: DIOCGETRULES: Invalid argument when it gets to the ftp-proxy anchor. What am I missing here? Thanks. Chris
Re: NAT, Firewall pf
On Mon, Feb 23, 2009 at 11:47 PM, johan beisser j...@caustic.org wrote: Comments inline. On Feb 23, 2009, at 5:58 PM, Hilco Wijbenga wrote: Hi all, I've been trying to get a simple firewall system up-and-running in OpenBSD. I have The Book of PF and Secure Architectures with OpenBSD so I thought it would be very simple. Well, we're two weeks later now and still no firewall. :-) The pf rules I found in those books don't seem to work as I expected them to work. The PF FAQ and the man page for pf.conf(5) should cover everything you need. The books are a nice addition, though. Before I list my current pf.conf, let me give a few more details. My firewall will be running a few services for my network (DHCP, NTP, and DNS). I need to use NAT to get my own network Internet access. DHCP works. I seem to have managed to get DNS (maradns on lo0 and sk1) and ICMP working. So, you need to set net.inet.ip.forward to 1 to ensure packets go out. /etc/pf.conf 01 ext_if = sk0 02 int_if = sk1 03 localnet = $int_if:network 04 internet = $ext_if:network 05 udp_services = { domain, ntp } 06 icmp_types = { echoreq, unreach } 07 08 nat log on $ext_if from $localnet to any - ($ext_if) 09 10 block log all 11 12 pass quick inet proto { tcp, udp } from $internet to any port $udp_services 13 pass quick inet proto { tcp, udp } from $localnet to any port $udp_services 14 pass quick inet proto { tcp, udp } from $lo0:network to any port $udp_services 15 16 pass inet proto icmp all icmp-type $icmp_types 17 pass from { lo0, $localnet } to any keep state First, no traffic will go out with these rules as is. Unless states and flows match perfectly, it won't happen. Wrong. a. Why do I need 12? I had expected 13 (which I don't seem to need). Wouldn't 12 be for incoming requests from the Internet? I'm not sure what you're trying to do with 12 or 13. The ports (domain and ntp) will be the only traffic permitted to enter any interface on the firewall. Wrong. ICMP echoreq and unreachable are passed (16), as is all traffic of any kind from the localnet (17). b. Given that ping works from my network (so that presumably routing is okay), why doesn't anything else work? HTTP seems blocked by the firewall. Don't presume. Think. You're passing ICMP types inward (req, unreach). That's it. I suspect you're not passing that traffic outbound otherwise. Wrong. ICMP types are passed any direction. Traffic from localnet is unrestricted. c. How can I get pflog to flush immediately? I noticed I have to wait a minute or so before logged lines show up. What syntax are you using to monitor it? d. Any other pointers? Start over. I make no claims this works or will work for you. It's a simple rewrite of what you claimed to want (NAT for outbound traffic, for example). ext_if=sk0 int_if=sk1 udp_services={ domain, ntp} set skip on lo set block-policy return scrub in nat on $ext_if from $int_if:network to any -($ext_if) block log pass out quick from $int_if to $int_if:network pass out quick from $ext_if to any pass in quick on $ext_if proto {tcp, udp} from any to ($ext_if) port $udp_services pass in quick on $int_if from $int_if:network to any Go with Jason Dixon's ruleset unless you need to expose DNS and NTP on your gateway to the world. -HKS
Re: NAT, Firewall pf
1. You need to enable routing on your BSD box edit /etc/sysctl.conf and change the 0 (zero) with 1 net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4 packets In order to enable routing without restart the BSD type: sysctl -w net.inet.ip.forwarding=1 On Mon, Feb 23, 2009 at 8:58 PM, Hilco Wijbenga hilco.wijbe...@gmail.comwrote: Hi all, I've been trying to get a simple firewall system up-and-running in OpenBSD. I have The Book of PF and Secure Architectures with OpenBSD so I thought it would be very simple. Well, we're two weeks later now and still no firewall. :-) The pf rules I found in those books don't seem to work as I expected them to work. Before I list my current pf.conf, let me give a few more details. My firewall will be running a few services for my network (DHCP, NTP, and DNS). I need to use NAT to get my own network Internet access. DHCP works. I seem to have managed to get DNS (maradns on lo0 and sk1) and ICMP working. /etc/pf.conf 01 ext_if = sk0 02 int_if = sk1 03 localnet = $int_if:network 04 internet = $ext_if:network 05 udp_services = { domain, ntp } 06 icmp_types = { echoreq, unreach } 07 08 nat log on $ext_if from $localnet to any - ($ext_if) 09 10 block log all 11 12 pass quick inet proto { tcp, udp } from $internet to any port $udp_services 13 pass quick inet proto { tcp, udp } from $localnet to any port $udp_services 14 pass quick inet proto { tcp, udp } from $lo0:network to any port $udp_services 15 16 pass inet proto icmp all icmp-type $icmp_types 17 pass from { lo0, $localnet } to any keep state a. Why do I need 12? I had expected 13 (which I don't seem to need). Wouldn't 12 be for incoming requests from the Internet? b. Given that ping works from my network (so that presumably routing is okay), why doesn't anything else work? HTTP seems blocked by the firewall. c. How can I get pflog to flush immediately? I noticed I have to wait a minute or so before logged lines show up. d. Any other pointers? Cheers, Hilco
Re: sftp chroot ?
Hi Jean-Francois Attach a little example, hope that helps The user archivos only have access to /var/www/domains/home/ archivos/public_html $ cat /etc/ssh/sshd_config Port 22 Protocol 2 SyslogFacility AUTH LogLevel INFO PermitRootLogin no Subsystem sftp internal-sftp Match group chrootusers ForceCommand internal-sftp ChrootDirectory /var/www/domains/home/%u $ ls -lh total 84 drwxr-xr-x 3 root chrootusers 512B Feb 13 19:23 archivos $ ls -lh archivos total 4 drwxr-xr-x 3 archivos chrootusers 512B Feb 18 14:24 public_html See the permissions. Bye -- Beto www.compumundohypermegared.org 2009/2/23 Jean-Francois jfsimon1...@gmail.com Hi All, As far as I understand, the sftp service is always running since it is the ssh daemon (maybe one can correct me if I'm wrong). Hence I need to chroot some users to specific directories. I prefer not to use vsftp at present time if this feature is available with sftp of OpenBSD. One can help me ? Thank you; JF -- Beto www.compumundohypermegared.org
TNC Packet Radio for OpenBSD
I just got a radio for my car and it is capable to handling TNC tranceiver traffic. So, now I'm on a search for a decent packet radio, but it looks like the only ones I've found are Windows only. It not as concerned with the software as I am with the HW being detected correctly, although having both work with be nice. Any suggestions are welcome. Thanks Dan N2VQV
Huawei E160 detach issues
Hi, I've got a Huawei E160 UMTS stick which gives me some trouble. After being attached for some time (so far something between 16 and 36 hours) it seems to get detached automatically. ucom0 detached umsm0 detached ucom1 detached umsm1 detached cd0 detached scsibus0 detached umass0 detached umsm2 detached Either restarting the box (its remote) or re-plugging the stick gets it attached again. I am using the package smstools3 which works fine... only issue is that the stick keeps getting detached after some time. Any ideas why that is happening and how to fix it? Michael OpenBSD 4.4-current (GENERIC) #1672: Fri Feb 6 14:11:28 MST 2009 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 268009472 (255MB) avail mem = 25088 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/10/07, BIOS32 rev. 0 @ 0xfceb2 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0xa800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x31 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10, address 00:0d:b9:12:7a:08 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 ral0 at pci0 dev 12 function 0 Ralink RT2561S rev 0x00: irq 9, address 00:12:0e:61:48:b4 ral0: MAC/BBP RT2561C, RF RT5225 glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 0, 32-bit 3579545Hz timer, watchdog, gpio gpio0 at glxpcib0: 32 pins pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: KINGSTON wd0: 1-sector PIO, LBA, 495MB, 1014048 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 15, version 1.0, legacy support ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 15 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1 isa0 at glxpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1 biomask f9ef netmask ffef ttymask mtrr: K6-family MTRR support (2 registers) nvram: invalid checksum umsm0 at uhub0 port 2 configuration 1 interface 0 HUAWEI Technology HUAWEI Mobile rev 2.00/0.00 addr 2 umsm0: umass only mode. need to reattach umsm0 detached softraid0 at root root on wd0a swap on wd0b dump on wd0b clock: unknown CMOS layout umsm0 at uhub0 port 2 configuration 1 interface 0 HUAWEI Technology HUAWEI Mobile rev 2.00/0.00 addr 2 ucom0 at umsm0 umsm1 at uhub0 port 2 configuration 1 interface 1 HUAWEI Technology HUAWEI Mobile rev 2.00/0.00 addr 2 ucom1 at umsm1 umass0 at uhub0 port 2 configuration 1 interface 2 HUAWEI Technology HUAWEI Mobile rev 2.00/0.00 addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets, initiator 0 cd0 at scsibus0 targ 1 lun 0: HUAWEI, Mass Storage, 2.31 SCSI2 5/cdrom removable umsm2 at uhub0 port 2 configuration 1 interface 3 HUAWEI Technology HUAWEI Mobile rev 2.00/0.00 addr 2
Re: BCM4311
On Mon, Feb 23, 2009 at 10:42 PM, Roy Morris william.roy.mor...@gmail.com wrote: I did some searching around and found a cvs message talking about removing support for the bcm4311. I was wondering if anything has changed since then? I don't see any newer updates. My Dell 1721 amd64 comes with this wireless adapter. Mine is rev 0x01 so I am not really sure if it applies. thanks Roy http://marc.info/?l=openbsd-cvsm=121993685718267w=2 Is there support for BCM43xx in openBSD ? -- thanks Saifi.
heartbeating Carp ?
Hi all, I have a pair of firewalls using carp between them in front of some servers. Works really nice. Today, however, I got an edge case on the firewalls. Firewall one was not accessible, and I couldn't access any firewall behind it. Getting into firewall 2 directly, I found that firewall 1 internal interface was up, but the external was unreachable. I checked the carp interfaces and found that firewall 2 was advertising as a master on the external interface, but as a backup on the internal interface. sshing over to firewall 1 on the dedicated cross over carp link, I found that firewall 1 was also advertising master on the external interface and master on the internal interface. Firewall 1 could not ping past it's external interface, though the network layer was up. Due to this, carp on Firewall 1 did not think it was down, and so, seemed to be ignoring the pre-emption being attempted by firewall 2. So I ended up having packets going into firewall 2, but then trying to get out through firewall 1. Both firewalls have the preempt option set in sysctl.conf Manually failing firewall 1 did the trick and firewall 2 took over master on external and internal and all is good now. We are still resolving why firewall 1 can't get out to the Internet, might be a specific routing or acl problem on the switch it is connected to, might be a hardware problem, not sure yet. However, the question I have is how do others deal with this? I was thinking a cron entry that periodically checks for connectivity both ways and sets the carp state to backup if the checks fail, but this sounds a bit off the cuff and hackish and could be prone to a race condition or ending up setting BOTH firewalls to backup at the same time... not so good I am thinking. So needed is some sort of heartbeat. In this case, Carp didn't see anything wrong (interface was up, link was good, traffic being received... just no route anywhere and every packet sent got blackholed). A bit of googling around didn't turn up anything obvious. Any ideas? Mikel
packets redirected to loopback never appear in tcpdump
Hello, Is this a bug of feature? the test case: # ifconfig lo1 192.168.0.1 up # ping 192.168.0.1 64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=0.200 ms 64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.111 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.110 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.111 ms 64 bytes from 192.168.0.1: icmp_seq=4 ttl=255 time=0.109 ms # tcpdump -i lo1 tcpdump: listening on lo1, link-type LOOP (shows nothing) this also: nat on rl0 from !(rl0) to any - (rl0) rdr on rl0 proto tcp from any to (rl0) port 1234 - 192.168.0.1 block log all pass in on rl0 proto tcp from any to 192.168.0.1 port 1234 keep state redirect works just fine, but tcpdump again shows nothing. found the hard way while trying to get altq working on lo1 # uname -a OpenBSD greg.bestnet.kharkov.ua 4.4 GENERIC#1021 i386 dmesg is also attached -- With best regards, Gregory Edigarov OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 2.00GHz (GenuineIntel 686-class) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 259551232 (247MB) avail mem = 242520064 (231MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/17/03, BIOS32 rev. 0 @ 0xfdb30, SMBIOS rev. 2.3 @ 0xf0630 (32 entries) bios0: vendor American Megatrends Inc. version P2.60 date 12/17/2003 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC acpi0: wakeup devices USB1(S4) USB2(S4) USB3(S4) EHCI(S4) ICHB(S4) PS2M(S4) PS2K(S4) UAR1(S4) MC9_(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 3 (ICHB) acpicpu0 at acpi0 acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0xb400 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82845G Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82845G Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) agp0 at vga1: aperture at 0xd000, size 0x800 drm at vga1 unsupported uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 12 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x82 pci1 at ppb0 bus 3 rl0 at pci1 dev 6 function 0 Realtek 8139 rev 0x10: irq 5, address 00:30:4f:23:15:f0 rlphy0 at rl0 phy 0: RTL internal PHY rl1 at pci1 dev 10 function 0 Realtek 8139 rev 0x10: irq 3, address 00:0b:6a:f8:3e:e3 rlphy1 at rl1 phy 0: RTL internal PHY ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: SAMSUNG SP0411N wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x02: irq 3, ICH4 AC97 ac97: codec id 0x434d4961 (C-Media Electronics CMI9739) audio0 at auich0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x17 lm1 at wbsio0 port 0x290/8: W83627HF npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask fd65 netmask fd6d ttymask mtrr: Pentium Pro MTRR support uhidev0 at uhub1 port 1 configuration 1 interface 0 Logitech USB-PS/2 Optical Mouse rev 2.00/11.10 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 softraid0 at root root on wd0a swap on wd0b dump on wd0b
Re: TNC Packet Radio for OpenBSD
Am 24.02.2009 um 16:23 schrieb Dan Colish: I just got a radio for my car and it is capable to handling TNC tranceiver traffic. So, now I'm on a search for a decent packet radio, but it looks like the only ones I've found are Windows only. It not as concerned with the software as I am with the HW being detected correctly, although having both work with be nice. Any suggestions are welcome. A decent TNC uses a serial port or USB, I am using such a thingie and it works nicely. OpenBSD does not directly support AX.25. Thanks Dan N2VQV Marc HB9SSB
Re: NAT, Firewall pf
2009/2/24 Jorge Enrique Valbuena Vargas jvalbue...@gmail.com: 1. You need to enable routing on your BSD box edit /etc/sysctl.conf and change the 0 (zero) with 1 net.inet.ip.forwarding=1 B B B B # 1=Permit forwarding (routing) of IPv4 packets My problem isn't that basic. :-) Forwarding is permitted. That was the very first thing I set up.
Re: NAT, Firewall pf
2009/2/23 Jason Dixon ja...@dixongroup.net: On Mon, Feb 23, 2009 at 05:58:20PM -0800, Hilco Wijbenga wrote: Hi all, I've been trying to get a simple firewall system up-and-running in OpenBSD. I have The Book of PF and Secure Architectures with OpenBSD so I thought it would be very simple. Well, we're two weeks later now and still no firewall. :-) The pf rules I found in those books don't seem to work as I expected them to work. Before I list my current pf.conf, let me give a few more details. My firewall will be running a few services for my network (DHCP, NTP, and DNS). I need to use NAT to get my own network Internet access. DHCP works. I seem to have managed to get DNS (maradns on lo0 and sk1) and ICMP working. Sounds like a very basic home setup. B You want your firewall to handle DHCP, NTP and act as a DNS resolver for your local network. B Easy enough. Yes, exactly what I thought. :-) /etc/pf.conf 01 ext_if = sk0 02 int_if = sk1 03 localnet = $int_if:network 04 internet = $ext_if:network 05 udp_services = { domain, ntp } 06 icmp_types = { echoreq, unreach } 07 08 nat log on $ext_if from $localnet to any - ($ext_if) 09 10 block log all 11 12 pass quick inet proto { tcp, udp } from $internet to any port $udp_services 13 pass quick inet proto { tcp, udp } from $localnet to any port $udp_services 14 pass quick inet proto { tcp, udp } from $lo0:network to any port $udp_services 15 16 pass inet proto icmp all icmp-type $icmp_types 17 pass from { lo0, $localnet } to any keep state a. Why do I need 12? I had expected 13 (which I don't seem to need). Wouldn't 12 be for incoming requests from the Internet? b. Given that ping works from my network (so that presumably routing is okay), why doesn't anything else work? HTTP seems blocked by the firewall. c. How can I get pflog to flush immediately? I noticed I have to wait a minute or so before logged lines show up. d. Any other pointers? Let's start off with your questions and then a working example below. a. B If you're only intending to allow outbound traffic from your local network, you don't. B That rule would be to allow inbound requests from the internet to your firewall (and optionally, other internal services if you had rdr or binat rules). B By default, pf uses keep state on all pass rules, which means that it will track your connections outbound and allow the appropriate replies from external services. That's what I thought, hence the question because line 12 was required for it to work. b. B Because line 16 is allowing icmp outbound *and* inbound. B You have no directional (or interface) qualifiers. Shouldn't 17 take care of all that for (e.g.) HTTP requests? It's from the local net to anywhere and it keeps state (not relevant for HTTP, I guess, but still). c. B I would need more details here to give you a qualified answer. B As in, examples. B You're only logging blocked traffic. Yes, I thought that would make it easier. It isn't always clear to me what a logged line is for: was it logged because it was blocked or because it was allowed? d. B Read the PF FAQ. Right. :-) Ok, here is a working example based on your description. B Noticed the beauty in the simplicity. B :) What!?! You didn't like my near random mish-mash of rules? ;-) ## 00 ext_if = sk0 01 int_if = sk1 02 03 set skip on lo 04 05 scrub in 06 07 nat on $ext_if from $int_if:network to any - ($ext_if:0) 08 09 block in log all 10 pass in on $int_if inet keep state ## I'll try that tonight. The first two lines are obvious. B Why did I remove localnet and internet? B The first is truly unnecessary in a ruleset this small; B it simply adds abstraction where none is needed. B The internet is already provided via the any and all keywords. That's one thing that isn't obvious to me. To the firewall sk0 and sk1 are just two interfaces, why/how would any and all refer to the internet? Or do you simply mean they refer/include all interfaces so also the internet? Line 3 allows us to skip state on loopback, nothing exciting there. Yeah, I read about that and figured it could wait till later. Just icing on the cake, right? Line 5 provides scrubbing, also known as packet defragmentation. B This helps pf by reassembling packet fragments before applying rules. B In short, it's a safety mechanism. Same thing, I figured that could wait. Line 7 allows outbound NAT to the internet. Okay, so the only difference with my attempt at it is the :0 you added at the end. Does it mean anything special or was it simply implied in my version? Line 9 provides a basic block all for inbound requests. B This affects both inbound from the internet, as well as inbound (from the firewall's perspective) from the local network. B Which requires... Was this the main problem then? I was blocking everything in and
Re: packets redirected to loopback never appear in tcpdump
Gregory Edigarov wrote: Hello, Is this a bug of feature? the test case: This works for me with 4.5-beta: $ sudo ifconfig lo1 192.168.3.1 Password: $ ping 192.168.3.1 PING 192.168.3.1 (192.168.3.1): 56 data bytes 64 bytes from 192.168.3.1: icmp_seq=0 ttl=255 time=0.036 ms 64 bytes from 192.168.3.1: icmp_seq=1 ttl=255 time=0.026 ms 64 bytes from 192.168.3.1: icmp_seq=2 ttl=255 time=0.034 ms $ sudo tcpdump -i lo1 tcpdump: listening on lo1, link-type LOOP 18:38:59.733246 192.168.3.1 192.168.3.1: icmp: echo request 18:38:59.733252 192.168.3.1 192.168.3.1: icmp: echo reply 18:39:00.743249 192.168.3.1 192.168.3.1: icmp: echo request $ uname -a OpenBSD bigio.snb.it 4.5 GENERIC.MP#0 amd64 Cheers Giovanni
Re: NAT, Firewall pf
On Mon, Feb 23, 2009 at 8:58 PM, Hilco Wijbenga hilco.wijbe...@gmail.com wrote: Hi all, I've been trying to get a simple firewall system up-and-running in OpenBSD. I have The Book of PF and Secure Architectures with OpenBSD so I thought it would be very simple. Well, we're two weeks later now and still no firewall. :-) The pf rules I found in those books don't seem to work as I expected them to work. Before I list my current pf.conf, let me give a few more details. My firewall will be running a few services for my network (DHCP, NTP, and DNS). I need to use NAT to get my own network Internet access. DHCP works. I seem to have managed to get DNS (maradns on lo0 and sk1) and ICMP working. /etc/pf.conf 01 ext_if = sk0 02 int_if = sk1 03 localnet = $int_if:network 04 internet = $ext_if:network 05 udp_services = { domain, ntp } 06 icmp_types = { echoreq, unreach } 07 08 nat log on $ext_if from $localnet to any - ($ext_if) 09 10 block log all 11 12 pass quick inet proto { tcp, udp } from $internet to any port $udp_services 13 pass quick inet proto { tcp, udp } from $localnet to any port $udp_services 14 pass quick inet proto { tcp, udp } from $lo0:network to any port $udp_services 15 16 pass inet proto icmp all icmp-type $icmp_types 17 pass from { lo0, $localnet } to any keep state a. Why do I need 12? I had expected 13 (which I don't seem to need). Wouldn't 12 be for incoming requests from the Internet? You need 12 because of 8. When you pass a DNS request out from your localnet, 13 pass it in on int_if, but then it's natted BEFORE traversing the egress PF rules. Jason Dixon's suggested rules bypass this by not blocking outbound traffic to begin with. b. Given that ping works from my network (so that presumably routing is okay), why doesn't anything else work? HTTP seems blocked by the firewall. Same NAT/PF issue as above. Your ICMP rule ignores source/destination addresses, so it's not affected. c. How can I get pflog to flush immediately? I noticed I have to wait a minute or so before logged lines show up. I think it's already been suggested, but if you want a live view, tcpdump -i pflog0 rather than tailing pflog. d. Any other pointers? Use Jason's suggested ruleset. Simpler is better. Cheers, Hilco -HKS
Re: listing ftp-proxy anchor rules
On Tue, Feb 24, 2009 at 8:17 AM, Imre Oolberg i...@auul.pri.ee wrote: 2. issuing 'systat rules' i look for exact entries, like /ftp-proxy/26694.100 Maybe that is necessary but the man page (unless I'm misunderstanding it - wouldn't be the first time) seems to indicate otherwise: == By default, recursive inline printing of anchors applies only to unnamed anchors specified inline in the ruleset. If the anchor name is terminated with a `*' character, the -s flag will recur- sively print all anchors in a brace delimited block. For example the following will print the ``authpf'' ruleset recursively: # pfctl -a 'authpf/*' -sr To print the main ruleset recursively, specify only `*' as the anchor name: # pfctl -a '*' -sr == Thanks, Chris
Unfortunate dot was ... missing
All, I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore on my server box. One can tell me if this is possible to backup the system without freshh install ? This is a i386 4.4 OpenBSD. One could eventually send me a way or another the full /dev in case this option actually works ? Thanks JF
Re: TNC Packet Radio for OpenBSD
On Tue, Feb 24, 2009 at 05:50:55PM +0100, Marc Balmer wrote: Am 24.02.2009 um 16:23 schrieb Dan Colish: I just got a radio for my car and it is capable to handling TNC tranceiver traffic. So, now I'm on a search for a decent packet radio, but it looks like the only ones I've found are Windows only. It not as concerned with the software as I am with the HW being detected correctly, although having both work with be nice. Any suggestions are welcome. A decent TNC uses a serial port or USB, I am using such a thingie and it works nicely. OpenBSD does not directly support AX.25. Thanks Dan N2VQV Marc HB9SSB Marc, Thanks for the tips. I've been checking out a varity of tncs that are available online. The choices seem endless. What particular model do you use? Dan
Re: Unfortunate dot was ... missing
On Tue, Feb 24, 2009 at 07:43:18PM +0100, Jean-Francois wrote: All, I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore on my server box. One can tell me if this is possible to backup the system without freshh install ? This is a i386 4.4 OpenBSD. One could eventually send me a way or another the full /dev in case this option actually works ? Just boot an install CD and do an upgrade. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: Unfortunate dot was ... missing
Jason Dixon wrote: On Tue, Feb 24, 2009 at 07:43:18PM +0100, Jean-Francois wrote: All, I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore on my server box. One can tell me if this is possible to backup the system without freshh install ? This is a i386 4.4 OpenBSD. One could eventually send me a way or another the full /dev in case this option actually works ? Just boot an install CD and do an upgrade. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/ Methinks THAT is the proper definition of user-friendly.
Re: Unfortunate dot was ... missing
Quoting Jean-Francois jfsimon1...@gmail.com: All, I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore on my server box. One can tell me if this is possible to backup the system without freshh install ? This is a i386 4.4 OpenBSD. One could eventually send me a way or another the full /dev in case this option actually works ? Thanks JF Doesn't help you at all, apart from knowing that you are not alone ... http://en.wikipedia.org/wiki/The_UNIX-HATERS_Handbook Page 22 of the downloadable PDF of the book ...
Re: Unfortunate dot was ... missing
Jean-Francois wrote: All, I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore on my server box. One can tell me if this is possible to backup the system without freshh install ? This is a i386 4.4 OpenBSD. One could eventually send me a way or another the full /dev in case this option actually works ? Thanks JF Assuming that you haven't rebooted the box yet, you have a terminal open, and you either have a copy of the /dev/MAKEDEV script or have the source on the system, you should be able to recover without much trouble. All the device nodes in /dev are created with the MAKEDEV script. To recreate them, all you need to do is copy the MAKEDEV script back into the /dev directory and run the following command. # sh MAKEDEV all Tim Donahue
Re: Unfortunate dot was ... missing
Firstly, don't panic. I think if you recreate /dev with the appropriate permissions, add the MAKEDEV script and run it, that everything will be fine. You might have to do all this after booting from a CD though and mounting the filesystem. Here's what the permissions look like on my 4.4 system: drwxr-xr-x 3 root wheel 20992 Jan 20 07:00 /dev If you can't get the MAKEDEV script, e-mail me privately and i'd be happy to send a copy from my system. For your own assurance that the source is trustworthy, it would probably be better to get it from the install CD though. On Tuesday February 24 2009, Jean-Francois wrote: All, I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore on my server box. One can tell me if this is possible to backup the system without freshh install ? This is a i386 4.4 OpenBSD. One could eventually send me a way or another the full /dev in case this option actually works ? Thanks JF -- Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
relayd: rdr instead of proxy mode?
Hi, I'm using relayd for loadbalancing incoming tcp traffic, works fine like a charme :-) But as relayd works like a proxy, in the log files of my applications, there is always the ip address of the load balancing node and not of the real client. Is there a way to have relayd have all packets redirect like pf's rdr function instead of working like a classical proxy? Another way to reach the final goal is touse pf with rdr statements, but in this case I haven't any check if the target node is available or not. Both solutions only make half of the way I want to go - any idea, hints, suggestions? Regards, Falk
Re: Unfortunate dot was ... missing
On February 24, 2009 01:43:18 pm you wrote: All, I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore on my server box. One can tell me if this is possible to backup the system without freshh install ? This is a i386 4.4 OpenBSD. One could eventually send me a way or another the full /dev in case this option actually works ? Thanks JF If you have a root disk somewhere you could perhaps use that a temporary root filesystem. I think it should have /dev in it.. my 2 cents, erob
Re: Unfortunate dot was ... missing
This perfectly worked. Thanks to all btw. 2009/2/24 Josh Grosse j...@jggimi.homeip.net: On Tue, 24 Feb 2009 19:43:18 +0100, Jean-Francois wrote All, I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore on my server box. One can tell me if this is possible to backup the system without freshh install ? This is a i386 4.4 OpenBSD. One could eventually send me a way or another the full /dev in case this option actually works ? Thanks JF JF, I've missed the rest of your conversation, but ... here's a quick-and-dirty recovery procedure: Step 1. Boot the ramdisk kernel, either from the hard drive (if you installed it) or from your installation media. If you installed it, at the boot prompt, type bsd.rd: boot bsd.rd At the Install/Upgrade/Shell prompt, select the shell. Step 2. Mount your root partition. This is usually the a partition on your first drive (sd0 or wd0). e.g.: # mount /dev/wd0a /mnt Step 3. Create a dev partition: # mkdir -p /mnt/dev Step 4: Copy the MAKEDEV script from the ramdisk kernel's /dev to /mnt/dev: # cp -p /dev/MAKEDEV /mnt/dev Step 5: Change your working directory to /mnt/dev: # cd /mnt/dev Step 6: Recreate all of your device nodes: # sh MAKEDEV all Good luck!
xenocara - autoconf magic incantation?
I'm testing out the v2.6.1 intel(4) driver requested here: http://marc.info/?l=openbsd-techm=123307709522306w=2 In my Xorg.0.log I'm getting the mysterious error: (WW) intel(0): libpciaccess reported 0 rom size, guessing 64kB (EE) intel(0): Bad VBT signature (WW) intel(0): VBIOS initialization failed. On current we're running libpciaccess 10.2, so I figured I'd give the more recent 10.5 a try: http://cgit.freedesktop.org/xorg/lib/libpciaccess/ http://cgit.freedesktop.org/xorg/lib/libpciaccess/snapshot/libpciaccess-0.10.5.tar.gz The existing xenocara/lib/libpciaccess/configure script shows it was created with autoconf-2.61 but everything I've tried to create a new one with the above source has resulted in a non-working script. What is the autoconf incantation necessary to generate a proper configure script that will work correctly within the xenocara tree? -- J.C. Roberts
Re: OpenBSD hosting
Hi Consider www.geekisp.com I have a account with Dave for almost, three years without problems. www.rootr.net can be a nice solution. Dedicated server, www.sprocketdata.com or www.m5hosting.com Regards. --- On Sun, 2/22/09, Friedrich Locke friedrich.lo...@gmail.com wrote: From: Friedrich Locke friedrich.lo...@gmail.com Subject: OpenBSD hosting To: misc@openbsd.org Date: Sunday, February 22, 2009, 9:54 PM Dear gentleman, i am searching for web hosting service that : supports java, support MySQL allow me shell account access for software development with access to MySQL. allow ssh/sftp access. and runs OpenBSD at least for the shell services. allow me to host dns for my domain. Is anybody aware of a such hosting services... thank.
upgrades for the project
As you can read at: http://undeadly.org/cgi?action=articlesid=20090224194829mode=expandedcount=0 the project needs some upgrades. So if you can spare us a donation it'll be appreciated. I'd appreciate if you'd put in the paypal comment field if you want to be listed or not on the donations.html page. If you have any questions feel free to send me a note.
Re: xenocara - autoconf magic incantation?
On Tue, Feb 24, 2009 at 9:20 PM, J.C. Roberts list-...@designtools.org wrote: I'm testing out the v2.6.1 intel(4) driver requested here: http://marc.info/?l=openbsd-techm=123307709522306w=2 In my Xorg.0.log I'm getting the mysterious error: (WW) intel(0): libpciaccess reported 0 rom size, guessing 64kB (EE) intel(0): Bad VBT signature (WW) intel(0): VBIOS initialization failed. This can probably be ignored. (I'm not 100% sure how the intel cards setup their BIOS, but it seems normal that it doesn't get listed in PCI config space and thus that libpiaccess gets back to the legacy VGA space). On current we're running libpciaccess 10.2, so I figured I'd give the more recent 10.5 a try: http://cgit.freedesktop.org/xorg/lib/libpciaccess/ http://cgit.freedesktop.org/xorg/lib/libpciaccess/snapshot/libpciaccess-0.10. 5.tar.gz The existing xenocara/lib/libpciaccess/configure script shows it was created with autoconf-2.61 but everything I've tried to create a new one with the above source has resulted in a non-working script. What is the autoconf incantation necessary to generate a proper configure script that will work correctly within the xenocara tree? Copy Makefile.bsd-wrapper from the xenocara version and run XENOCARA_RERUN_AUTOCONF=-Yes make -f Makefile.bsd-wrapper build But a more recent libpciaccess will not change anything... -- Matthieu Herrb
Re: relayd: rdr instead of proxy mode?
If you are doing web traffic, then relayd can insert a HTTP header into the inbound request, which is then visible to the backend webserver. For vanilla tcp connections, verbose logging on relay box and backend together with ntp time syncing and some scripting foo should permit reconstruction of the end-to-end connection. No pretty but should work. /pete On 24 Feb 2009, at 18:57, Falk Brockerhoff - smartTERRA GmbH wrote: Hi, I'm using relayd for loadbalancing incoming tcp traffic, works fine like a charme :-) But as relayd works like a proxy, in the log files of my applications, there is always the ip address of the load balancing node and not of the real client. Is there a way to have relayd have all packets redirect like pf's rdr function instead of working like a classical proxy? Another way to reach the final goal is touse pf with rdr statements, but in this case I haven't any check if the target node is available or not. Both solutions only make half of the way I want to go - any idea, hints, suggestions? Regards, Falk
Re: heartbeating Carp ?
I set preempt on FW1 only. -Steve S. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Mikel Lindsaar Sent: Tuesday, February 24, 2009 11:18 AM To: OpenBSD general usage list Subject: heartbeating Carp ? Hi all, Due to this, carp on Firewall 1 did not think it was down, and so, seemed to be ignoring the pre-emption being attempted by firewall 2. So I ended up having packets going into firewall 2, but then trying to get out through firewall 1. Both firewalls have the preempt option set in sysctl.conf
1.2GHz US$99 ARM wall plug
http://linuxdevices.com/news/NS9634061300.html They look rather nifty. Even the hardware design is to be released under some sort of open license. We've already got the armish port. If Dale Rahn or another OpenBSD dev wants to do a port to this thing, I'll buy them the dev kit to do it with. US$99 is only #69. Just wish they did one in a suitable wart for me here in the UK. Guess its a good thing the hardware is tweakable :-) Si1entDave
Re: TNC Packet Radio for OpenBSD
Am 24.02.2009 um 19:41 schrieb Dan Colish: On Tue, Feb 24, 2009 at 05:50:55PM +0100, Marc Balmer wrote: Am 24.02.2009 um 16:23 schrieb Dan Colish: I just got a radio for my car and it is capable to handling TNC tranceiver traffic. So, now I'm on a search for a decent packet radio, but it looks like the only ones I've found are Windows only. It not as concerned with the software as I am with the HW being detected correctly, although having both work with be nice. Any suggestions are welcome. A decent TNC uses a serial port or USB, I am using such a thingie and it works nicely. OpenBSD does not directly support AX.25. Thanks Dan N2VQV Marc HB9SSB Marc, Thanks for the tips. I've been checking out a varity of tncs that are available online. The choices seem endless. What particular model do you use? I am using a TNC7multi. http://nt-g.de/de/tnc7multi/tnc7multi.php5 Dan 0x49, Marc
Re: packets redirected to loopback never appear in tcpdump
On 2009-02-24, Gregory Edigarov g...@bestnet.kharkov.ua wrote: Is this a bug of feature? the test case: # ifconfig lo1 192.168.0.1 up # ping 192.168.0.1 64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=0.200 ms 64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.111 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.110 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.111 ms 64 bytes from 192.168.0.1: icmp_seq=4 ttl=255 time=0.109 ms this should work. how does your routing table look?
Re: relayd: rdr instead of proxy mode?
On 2009-02-24, Falk Brockerhoff - smartTERRA GmbH n...@smartterra.eu wrote: Hi, I'm using relayd for loadbalancing incoming tcp traffic, works fine like a charme :-) But as relayd works like a proxy, in the log files of my applications, there is always the ip address of the load balancing node and not of the real client. Is there a way to have relayd have all packets redirect like pf's rdr function instead of working like a classical proxy? Another way to reach the final goal is touse pf with rdr statements, but in this case I haven't any check if the target node is available or not. Both solutions only make half of the way I want to go - any idea, hints, suggestions? Regards, Falk You have not noticed several of relayd's major features. Try relayd.conf(5)...
Re: listing ftp-proxy anchor rules
On 2009-02-24, Chris Smith obsd_m...@chrissmith.org wrote: On Tue, Feb 24, 2009 at 8:17 AM, Imre Oolberg i...@auul.pri.ee wrote: 2. issuing 'systat rules' i look for exact entries, like /ftp-proxy/26694.100 pfctl -sA -v is simpler. Maybe that is necessary but the man page (unless I'm misunderstanding it - wouldn't be the first time) seems to indicate otherwise: == By default, recursive inline printing of anchors applies only to unnamed anchors specified inline in the ruleset. If the anchor name is terminated with a `*' character, the -s flag will recur- sively print all anchors in a brace delimited block. For example the following will print the ``authpf'' ruleset recursively: # pfctl -a 'authpf/*' -sr To print the main ruleset recursively, specify only `*' as the anchor name: # pfctl -a '*' -sr == it does specifically mention brace delimited block there. but it would certainly be convenient if it did recurse over these.
Re: OpenBSD hosting
Friedrich Locke wrote: Dear gentleman, i am searching for web hosting service that : supports java, support MySQL allow me shell account access for software development with access to MySQL. allow ssh/sftp access. and runs OpenBSD at least for the shell services. allow me to host dns for my domain. Is anybody aware of a such hosting services... thank. If you're happy with a xen based virtual server, rootbsd.net offer openbsd virtual servers. Sevan / Venture37
recognizing 8GB RAM? (4.5)
How do I get the kernel to recognize 8GB of RAM? It is only recognizing 3.3GB? Also, where do I go for packages for 4.5 current? The install.amd64 file reference ftp://ftp.openbsd.org/pub/OpenBSD/4.5/amd64 but no such ftp exists. -Dave dmesg below: ing; disabled or no drives?) ppb3 at pci0 dev 28 function 5 Intel 82801JI PCIE rev 0x00: apic 4 int 16 (irq 10) pci4 at ppb3 bus 2 mskc0 at pci4 dev 0 function 0 Marvell Yukon 88E8056 rev 0x12, Yukon-2 EC Ultra (0x3): apic 4 int 17 (irq 11) msk0 at mskc0 port A: address 00:22:15:9c:87:7e eephy0 at msk0 phy 0: 88E1149 Gigabit PHY, rev. 1 uhci3 at pci0 dev 29 function 0 Intel 82801JI USB rev 0x00: apic 4 int 23 (irq 7) uhci4 at pci0 dev 29 function 1 Intel 82801JI USB rev 0x00: apic 4 int 19 (irq 5) uhci5 at pci0 dev 29 function 2 Intel 82801JI USB rev 0x00: apic 4 int 18 (irq 15) ehci1 at pci0 dev 29 function 7 Intel 82801JI USB rev 0x00: apic 4 int 23 (irq 7) usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x90 pci5 at ppb4 bus 5 skc0 at pci5 dev 2 function 0 Marvell Yukon 88E8001/8003/8010 rev 0x14, Yukon Lite (0x9): apic 4 int 18 (irq 15) sk0 at skc0 port A: address 00:22:15:9c:9d:b7 eephy1 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 5 ATT/Lucent FW322 1394 rev 0x70 at pci5 dev 3 function 0 not configured pcib0 at pci0 dev 31 function 0 Intel 82801JIR LPC rev 0x00 pciide1 at pci0 dev 31 function 2 Intel 82801JI SATA rev 0x00: DMA (unsupported), channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 4 int 19 (irq 5) for native-PCI interrupt pciide1: channel 0 ignored (not responding; disabled or no drives?) atapiscsi0 at pciide1 channel 1 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CDDVDW SH-S223Q, SB02 ATAPI 5/cdrom removable ichiic0 at pci0 dev 31 function 3 Intel 82801JI SMBus rev 0x00: apic 4 int 18 (irq 15) iic0 at ichiic0 iic0: addr 0x1e 01=01 02=01 11=01 12=01 20=05 21=01 22=01 23=05 31=01 32=01 words 00=0001 01=0101 02=0100 03= 04= 05= 06= 07= iic0: addr 0x20 01=80 02=17 03=7f 10=00 19=b0 20=20 21=00 25=20 26=b2 38=74 39=03 4a=64 6a=2c 78=02 79=08 7a=00 7b=00 7e=82 80=00 8b=3e 8c=dd 96=5c 99=41 9a=98 9b=01 d0=00 d1=03 d2=72 d3=72 d4=03 d5=02 d6=01 d7=72 d8=6b d9=00 da=00 db=00 dc=00 dd=00 de=00 df=19 e0=00 e1=00 e2=10 e3=10 e4=10 e5=10 e6=10 e7=10 e8=10 e9=10 ea=10 ec=07 ee=00 f1=0d f5=02 f6=02 f9=00 fa=00 fb=50 words 00= 01=8037 02=1766 03=7fff 04= 05= 06= 07= spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-6400CL5 spdmem1 at iic0 addr 0x51: 2GB DDR2 SDRAM non-parity PC2-6400CL5 spdmem2 at iic0 addr 0x52: 2GB DDR2 SDRAM non-parity PC2-6400CL5 spdmem3 at iic0 addr 0x53: 2GB DDR2 SDRAM non-parity PC2-6400CL5 pciide2 at pci0 dev 31 function 5 Intel 82801JI SATA rev 0x00: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide2: using apic 4 int 19 (irq 5) for native-PCI interrupt wd0 at pciide2 channel 0 drive 0: WDC WD1001FALS-00J7B0 wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors pciide2: channel 1 ignored (not responding; disabled or no drives?) usb2 at uhci0: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1 usb7 at uhci5: USB revision 1.0 uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lm0 at isa0 port 0x290/8: W83627DHG fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 mtrr: Pentium Pro MTRR support umass0 at uhub4 port 1 configuration 1 interface 0 Generic Mass Storage Device rev 2.00/1.29 addr 2 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets, initiator 0 sd0 at scsibus1 targ 1 lun 0: Generic, USB SD Reader, 1.00 SCSI0 0/direct removable sd0: drive offline sd1 at scsibus1 targ 1 lun 1: Generic, USB CF Reader, 1.01 SCSI0 0/direct removable sd1: drive offline sd2 at scsibus1 targ 1 lun 2: Generic, USB SM Reader, 1.02 SCSI0 0/direct removable sd2: drive offline sd3 at scsibus1 targ 1 lun 3: Generic, USB MS Reader, 1.03 SCSI0 0/direct removable sd3: drive offline uhidev0 at uhub5 port 2 configuration 1 interface 0 Composite USB PS2 Converter USB to PS2 Adaptor V3.10 rev 1.10/3.10 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub5 port 2
Re: recognizing 8GB RAM? (4.5)
On Tue, Feb 24, 2009 at 9:47 PM, David Heinrich dh0...@gmail.com wrote: How do I get the kernel to recognize 8GB of RAM? It is only recognizing 3.3GB? You don't. That much memory can't be used currently. Also, where do I go for packages for 4.5 current? The install.amd64 file reference ftp://ftp.openbsd.org/pub/OpenBSD/4.5/amd64 but no such ftp exists. There is no 4.5. If you're running a snapshot, the sets and packages are in the snapshots directory.
Re: Create a bootable usb key?
On Sun, 2009-02-15 at 15:28 -0700, Theo de Raadt wrote: On 2009-01-10, Guillaume Thouvenin guillaume.thouve...@polymtl.ca wrote: Now next step is to have wired network working and so add support to my Attansic Technology L1E. This chip is not yet supported in OpenBSD. N.B. it is not the same as either Attansic L1 or L2. Yes right. I will have a look how driver are implemented in OpenBSD and I will try to add the support of Attansic L1E. Do you know if someone is working on it? it will happen as soon as kevlo has a board with it. I just committed ale(4) driver: http://marc.info/?l=openbsd-cvsm=123553127523101w=2 Please test it if you have time, thanks! Kevin
Re: NAT, Firewall pf
2009/2/23 Jason Dixon ja...@dixongroup.net: ## 00 ext_if = sk0 01 int_if = sk1 02 03 set skip on lo 04 05 scrub in 06 07 nat on $ext_if from $int_if:network to any - ($ext_if:0) 08 09 block in log all 10 pass in on $int_if inet keep state ## I tried this and I'm afraid it doesn't work. I can't ping anymore, neither from my own box nor from the firewall. This setup is basically what I also found in the books I have, I guess. :-( DHCP works (i.e. my box gets an IP from the DHCP daemon on the firewall) and I can see maradns receiving requests from localhost (the firewall) and from the int_if (my box) when I try to ping something. It's all blocked by the firewall, though. I don't think it should matter but the only special thing about my setup is that my external IP is on 192.168.1.0/24. Yes, that's my *external* network. No more IPv4 address shortages for my ISP. :-) Please also see my next reply.
get php uptime function out of apache chroot jail?
hello, I want to put a php script in a site on an openbsd 4.2 webserver. From what I understand because apache is chrooted, a function that uses an exec to a system call cannot work. ie. ?php $s = explode( , exec(/var/run/usr/bin/uptime) ); $a = str_replace( ,, , $s[3]); $uptime = time() - $a; $days = floor($uptime/60/60/24); $hours = $uptime/60/60%24; $mins = $uptime/60%60; $secs = $uptime%60; echo This server is up . $days . days, . $hours . hours, . $mins . minutes and . $secs . seconds; ? only echoes epoch time, This server is up 14300 days, 5 hours, 49 minutes and 24seconds any ideas how to fix this?
Re: get php uptime function out of apache chroot jail?
On Wed, Feb 25, 2009 at 12:51 PM, Jerome Santos bsdonly...@gmail.com wrote: hello, I want to put a php script in a site on an openbsd 4.2 webserver. From what I understand because apache is chrooted, a function that uses an exec to a system call cannot work. ie. ?php B B B B $s = explode( , exec(/var/run/usr/bin/uptime) ); B B B B $a = str_replace( ,, , $s[3]); B B B B $uptime = time() - $a; B B B B $days = floor($uptime/60/60/24); B B B B $hours = $uptime/60/60%24; B B B B $mins = $uptime/60%60; B B B B $secs = $uptime%60; B B B B echo This server is up . $days . days, . B $hours B . hours, . $mins . minutes and . $secs . seconds; ? only echoes epoch time, This server is up 14300 days, 5 hours, 49 minutes and 24seconds any ideas how to fix this? cron it to a file and parse that file -- O ascii ribbon campaign - stop html mail - www.asciiribbon.org
TBB on OBSD
Anyone working with TBB ( http://www.threadingbuildingblocks.org/ ) on OpenBSD? -- Jack J. Woehr# I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards.
Re: NAT, Firewall pf
On Tue, Feb 24, 2009 at 9:48 PM, Hilco Wijbenga hilco.wijbe...@gmail.com wrote: 2009/2/23 Jason Dixon ja...@dixongroup.net: ## 00 ext_if = sk0 01 int_if = sk1 02 03 set skip on lo 04 05 scrub in 06 07 nat on $ext_if from $int_if:network to any - ($ext_if:0) 08 09 block in log all 10 pass in on $int_if inet keep state # I think you are missing a pass out on $ext_if rule 11 pass out on $ext_if w/o 11 all inbound packets are blocked by 09. --patrick
Re: NAT, Firewall pf
You should try to go look at http://74.125.77.147 which is google. That way you check if the comm is going. In the first place I had DNS troubles. If then it is a DNS problem at least we have localised sth. Please try to locate the problem by sniffing packets using tcpdump on the OpenBSD's interfaces in/out and maybe on the client also to see what he receives from the OpenBSD. Then it would be easier to find out. Regards, JF Le mardi 24 fC)vrier 2009 C 21:48 -0800, Hilco Wijbenga a C)crit : 2009/2/23 Jason Dixon ja...@dixongroup.net: ## 00 ext_if = sk0 01 int_if = sk1 02 03 set skip on lo 04 05 scrub in 06 07 nat on $ext_if from $int_if:network to any - ($ext_if:0) 08 09 block in log all 10 pass in on $int_if inet keep state ## I tried this and I'm afraid it doesn't work. I can't ping anymore, neither from my own box nor from the firewall. This setup is basically what I also found in the books I have, I guess. :-( DHCP works (i.e. my box gets an IP from the DHCP daemon on the firewall) and I can see maradns receiving requests from localhost (the firewall) and from the int_if (my box) when I try to ping something. It's all blocked by the firewall, though. I don't think it should matter but the only special thing about my setup is that my external IP is on 192.168.1.0/24. Yes, that's my *external* network. No more IPv4 address shortages for my ISP. :-) Please also see my next reply.
Re: BCM4311
On Tue, Feb 24, 2009 at 4:07 PM, Huy Nguyen h...@huynguyen.fr wrote: No, see http://undeadly.org/cgi?action=articlesid=20070406104008 Huy On Tue, Feb 24, 2009 at 03:44:35PM +, Saifi Khan wrote: On Mon, Feb 23, 2009 at 10:42 PM, Roy Morris william.roy.mor...@gmail.com wrote: I did some searching around and found a cvs message talking about removing support for the bcm4311. I was wondering if anything has changed since then? I don't see any newer updates. My Dell 1721 amd64 comes with this wireless adapter. Mine is rev 0x01 so I am not really sure if it applies. thanks Roy http://marc.info/?l=openbsd-cvsm=121993685718267w=2 Is there support for BCM43xx in openBSD ? -- So, what is the plan for openBSD now ? Are we not going to have BCM43xx driver at all ? -- thanks Saifi.