Re: xdm xinerama

[Matthieu Herrb]

On Wed, May 27, 2009 at 9:21 PM, Need Coffee  wrote:
> I have an OpenBSD-current machine running xdm, xdmcp enabled.
>
> If I try to connect to it from a Solaris 9 machine with Xinerama enabled,
> I get this in /var/log/xdm.log:
>
> X Error of failed request:  BadPixmap (invalid Pixmap parameter)
>  Major opcode of failed request:  129 (XINERAMA)
>  Minor opcode of failed request:  4 (XINERAMAIsActive)
>  Resource id in failed request:  0x18000c
>  Serial number of failed request:  59
>  Current serial number in output stream:  59
> select returns -1.  Rescan: 0  ChildReady: 1
>
> Without xinerama, it works.  Is there a way to allow this to work?
> I see that xdm has some knowledge of xinerama, so I'm assuming this
> is a Solaris issue?
>

Looking at the code, I fail to understand how XineramaIsActive can
return a 'BadPixmap' error.

There's definatly a bug somewhere. In can be in the Solaris X server
or on the OpenBSD libX11 side (by incorrectly interpeting the reply).

If you're able to capture the X trafic between your OpenBSD machine
and the Solaris one, it would be nice to use a protocol decoder
(xscope or even wireshark which has good X protocol knowledge) on it
to see the exact request and reply triggering that.
--
Matthieu Herrb

Re: ping asking for root privilege.

[Christiano Farina Haesbaert]

On Sat, May 23, 2009 at 11:11:40PM +0200, Otto Moerbeek wrote:
> Upgrade by using the install media. It's much safer.
> 

You mean I could get the iso mount, and run the install scripts ? or
there is something better ?

-- 
Christiano Farina HAESBAERT
Do NOT send me html mail.

Re: ping asking for root privilege.

[Otto Moerbeek]

On Thu, May 28, 2009 at 05:08:14AM -0300, Christiano Farina Haesbaert wrote:

> On Sat, May 23, 2009 at 11:11:40PM +0200, Otto Moerbeek wrote:
> > Upgrade by using the install media. It's much safer.
> > 
> 
> You mean I could get the iso mount, and run the install scripts ? or
> there is something better ?

yes, the install media can upgrade as well. Carefully study the first prompt.

-Otto

Re: Get Top 10 Search Engine Ranking at Low Cost

[Janne Johansson]

Anton Parol wrote:

How does one take advantage of such a good offer, when theres no URL?



Hi,
*TOP 10 SEARCH ENGINE RANKINGS*


You have to prove your google skills by finding them.
They should be in the top 10 of search engine rankings, presumably.

Re:

[Michal]

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Gaby Vanhegan
Sent: 27 May 2009 18:00
To: OpenBSD general usage list
Subject: Re: 

On 27 May 2009, at 17:38, bofh wrote:

> On a post it in her drawer (and no, I will not be drawn into a
> discussion of the possible meanings of "drawer" in the .us vs .uk
> versions).

Oh come on...can't we at least have a mini-discussion about it.

She had sexygirl in her drawers?

iwl3945 most recent version 15.32 -works

[Cem Kayali]

Hello!

I was getting 'fatal firmware error' if i use firmware 2.14 for my Intel 
PRO/Wireless 3945 card. The problem was arising once i enable wpa/psk, 
though it was working without it.


I have tested April 28th, 2009 (15.32) version of it, as as described on 
man wpi page, and i confirm it is working perfectly.


Regards,
Cem

Re: pf, altq, packet rate

[Anton Maksimenkov]

2009/5/28 SJP Lists :
> In other words, doing it on the incoming is pointless.  Thus, as in
> your examples, the logic behind shaping only on the outbound.
>
> i.e.You can easily delay sending something you have, but you have
> little to no control over the ingress traffic of a link where only the
> local host you have control of.

Partially agree... Shaping incoming packets is useless. But _dropping_
incoming packets (when they reach some rate limit) seemed meaningful.
My opinion is that we can save some power (performance) when we drop
packets early instead of allowing them to go through full stack
(routing, and pf also, as I think).
Just think about DOS. And all interrupts processed on one cpu. They
can put down your machine to it's knees, while others processors will
stay cold.

But as Henning Brauer says: "there is no suitable queue inbound to do
any queueing on. the ipintrq is way too early".
So, if we want to drop packets "early" we must implement some ugly
hacks ("incoming" counters somewhere, partly mirroring ALTQ; and some
hooks needed for they manage).
Is seems that such diff's will never be commited...

Let's see from other side.
What if my machine has 3 or more interfaces - 1st to LAN, 2d and 3d
are my internet uplinks (used simultaneously). One of my clients (in
LAN) pays for 256k/256k "unlim". When I setup ALTQ queues with 256k on
2d interface, and same on 3d interface (client's outgoing...), my
client can achieve 512k upload in some cases: imagine 2 flows - one
flow is from client to somewhere through 2d interface and another flow
is from client to somewhere through 3d interface. That's wrong.

I think that solution can be implemented using "outgoing" queues with
some kind of summary counters (count outgoing packets on all "other"
interfaces but one where packet was received on). Isn't it?
--
antonvm

Re: pf, altq, packet rate

[irix]

Hello ,

>
>>> But under dynamic queues, I understand, the creation of a large number of
>> dynamic patterns.
>>> For example creates template for the queue with an indication of the speed
>> such as 512Kbit / s,
>>> and then creates template for the filter of which you can
>>> specify a subnet like 192.168.1.0/24 and this pattern break this subnet to
>> the desired number of rules in this case,
>>> to 254, and under each This rule will create a dynamic part of the dynamic
>> pattern of 512Kbit / s for each rule.
>>
> On 2009-05-27, (private) HKS  wrote:
>> What?
>
>
> If you want to throttle all your clients to, say, 512Kb/sec, you need a
> stack of separate queues, and a stack of match rules for them. You can set
> them up individually via pfctl/pf.conf but it's a bit messy, you'd probably
> want to do part of it via some script or preprocessor. (I think using a
> shell script to generate a file to include would be viable though).
>
> Real dynamic queues would be created and destroyed on-the-fly which
> could help it scale a bit further, but I don't know how useful it would
> be, the first thing that comes to mind is memory use, but each extra
> queue doesn't use _all_ that much from the pool unless it's actively
> in-use. There might be problems other than memory when using a huge
> number of queues, I don't know, never used more than a handful here...
> something for someone who has a big setup to look at and profile, really.

Similar  constructions  shaper  frequently uses in local area networks
ISP (in russia,ukraine),
where  one  powerful  computer can be up to 6-7 thousand clients.
Use  of  these  computers tend to linux or freebsd (with dummynet (real
dynamic queues with src and dst masks:)))

Here in such cases it is simply indispensable.

I found the patches
which  allow  you to add queues altq through pfctl (may be useful, and
add to main tree :) )
http://dinar.yantel.ru/patches/openbsd/merge/

And this patch remove altq when interface is destroy

http://dinar.yantel.ru/patches/openbsd/altq/patch_pf_if.c
-- 
Best regards,
 irix  mailto:i...@ukr.net

Re:

[Steve Shockley]

On 5/27/2009 12:12 PM, Gaby Vanhegan wrote:

Account no. 7337h4x0r5, my SIN is one of omission.


I suppose that's better than the sin of emission.

اكسب دخل يصل إلى ألف دولار شهريا

[راتب اونلاين]

-
YY X*X(X-X+ X9Y Y
X1X5X) X9YY X-YY
YY
X)X
YY X*X(X-X+ X9Y YX5X/X1 X/X.Y Y
X/X1 X9YY
Y X'YX'Y
 X'YX/YYX'X1X'X*X
YY X*X1Y
X/ X'YX9YY YX'YX* X(X'YYYX2Y X
X'X0X' YYX* YX0YY Y
X3X#X/YY X9YYYYYX9 X'YX' X4X.X5Y
X' X'X-YY YY YX1X'X!Y X4YX1Y
X' YX' Y
YY X9Y 500$ X/YYX'X1.


YYYX9 X1X'X*X( X'YYYX'Y
Y YY X/YY
YY X'YX0Y
 YX' X*X-X*X'X, YX:Y
X1Y YX*X-YY
Y X'YX+X1YX) YY X.YX'Y X'YX'YX*X1YX* YY
Y
YY YX/Y   YX0X' X'YYYYX9 YYX'YX9 X,X/Y
X/X) YX7X1Y X,X/Y
X/X) YX*X-YY
Y X'YX1X(X- YY X.YX'Y X'YX'YX*X1YX* , X'Y YYYX9
X1X'X*X( X'YYYX'Y
Y YYYX9 Y
YX*Y X(YX5X/X'YY
X) X'YYYX'YX9 X'YX*Y
 Y
X7X1X-YX' X/X'X.Y X'YYYYX9 ,

YYYX9 X1X'X*X( X'YYYX'Y
Y YYYX9 Y
X*Y
X- YY X'YX*X9X1Y
 X9YY   X7X1Y X'YX1X(X- YY X'YX'YX*X1YX* 
YX7X1Y X'YYX3X( YYY
YX'YX* X*X9YY YY X'YYYX2Y , YY
YX*Y X'YYYYX9 X(X'YX7X1Y X'YYX,X'YY
X) YYX1X(X- X'YX+X1 YY X'Y
 X4Y
X& .
X5X/YYYY
 Y
X' X'X.YX'YY
 YX' X*X.YYX' YYX*YY X9YYX'YX'YX*X1YX*  X(X(YX'X4... YY 
X.YX'Y YX0X' X'YYYYX9 YYX*Y X9YY   
X'YYX* YX/Y
YX9 X'YX'X,X1.
Y
YX' Y
X' X'X.YX'Y X3X'X1X9Y X(X'YX*X3X,Y
Y X(YX0X' X'YYYYX9 YYX' X*YX3Y X*X/X9YYY
...

YY X(X2Y
X'X1X) X'YX1X'X(X7 X#X/YX'Y YYX*X3X,Y
Y X(X'YYYYX9 X9Y X7X1Y
Y YX3X. X'YX1X'X(X7 Y
Y
 YX*X5Y
X- X'YX'YX*X1YX*

http://www.ratebonline.net


 
Change your subscription (
http://www.ratebonline.net/index.php?option=com_acajoom&Itemid=999&act=change&subscriber=431996&cle=c7d9c7344f641c6f217a5e76a292e29b&listid=94
 )
Unsubscribe (
http://www.ratebonline.net/index.php?option=com_acajoom&Itemid=999&act=unsubscribe&subscriber=431996&cle=c7d9c7344f641c6f217a5e76a292e29b&listid=94
 )

YYX/ X'X3X*YYX* YX0Y X'YX1X3X'YX) YX#YY X'X4X*X1YX* X(YYYX9 
X1X'X*X( X'YYYX'Y
Y ( http://www.ratebonline.net ) 

RADEON(4) man page inconsistency?

[Sunnz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This link implies 3D hardware support for all of its listed hardware:

http://www.openbsd.org/cgi-bin/man.cgi?query=radeon&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=amd64&format=html

While this link explicitly states certain series has no 3D support:

http://www.openbsd.org/cgi-bin/man.cgi?query=radeon&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=amd64&format=html

Is there an error in the documentation or am I missing something?

- --
Disclaimer: By sending an e-mail to any of my addresses you are
agreeing that: 1, I am by definition, "the intended recipient". 2, All
information in the e-mail is mine to do with as I see fit and make
such financial profit, political mileage, or good joke as it lends
itself to. In particular, I may quote it on usenet. 3, I may take the
contents as representing the views of you or your company. 4, This
overrides any disclaimer or statement of confidentiality that you may
include on your message.

()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Get my public key here:
http://www.users.on.net/~sunnz/sunnzy.gmial.asc

0ECA 728E 4501 1922 458E  5783 0ABE 141D B30C 2A0B
iEYEARECAAYFAkoeiPgACgkQCr4UHbMMKgvwtgCgv4WTxTdho1PdSuWwkcpFf2ZW
RsEAnRR3/SMK6GVZ7iO8hUegrNaQQNta
=9wID
-END PGP SIGNATURE-

Re: xdm xinerama

[Need Coffee]

On Thu, May 28, 2009 at 2:59 AM, Matthieu Herrb  wrote:
> On Wed, May 27, 2009 at 9:21 PM, Need Coffee  wrote:
>> I have an OpenBSD-current machine running xdm, xdmcp enabled.
>>
>> If I try to connect to it from a Solaris 9 machine with Xinerama enabled,
>> I get this in /var/log/xdm.log:
>>
>> X Error of failed request:  BadPixmap (invalid Pixmap parameter)
>>  Major opcode of failed request:  129 (XINERAMA)
>>  Minor opcode of failed request:  4 (XINERAMAIsActive)
>>  Resource id in failed request:  0x18000c
>>  Serial number of failed request:  59
>>  Current serial number in output stream:  59
>> select returns -1.  Rescan: 0  ChildReady: 1
>>
>> Without xinerama, it works.  Is there a way to allow this to work?
>> I see that xdm has some knowledge of xinerama, so I'm assuming this
>> is a Solaris issue?
>>
>
> Looking at the code, I fail to understand how XineramaIsActive can
> return a 'BadPixmap' error.
>
> There's definatly a bug somewhere. In can be in the Solaris X server
> or on the OpenBSD libX11 side (by incorrectly interpeting the reply).
>
> If you're able to capture the X trafic between your OpenBSD machine
> and the Solaris one, it would be nice to use a protocol decoder
> (xscope or even wireshark which has good X protocol knowledge) on it
> to see the exact request and reply triggering that.

I am happy to report that applying a number of Solaris 9
x11-related patches has resolved the issue.  I appreciate
you taking the time to look into it!

PF/Carp/Pfsync

[Georg Kahest]

Hello, i have strange problem with my Carp/Pfsync, when i manualy
failover via carpdemote or ifconfig carpX down, then the failover works
okey, it even works okey when one box goes down, but when the prefered
master comes up again and starts to act as carp master, then client who
has carp as its gateway loses some packets on the moment of failover, im
wondering what could cause that, what could i have overlooked, and why
the problem only exists when box comes from reboot, rather then always.


Georg Kahest 
ProGroup Holding

Re:

[bofh]

On Thu, May 28, 2009 at 5:12 AM, Michal  wrote:
> On 27 May 2009, at 17:38, bofh wrote:
>
>> On a post it in her drawer (and no, I will not be drawn into a
>> discussion of the possible meanings of "drawer" in the .us vs .uk
>> versions).
>
> Oh come on...can't we at least have a mini-discussion about it.
>
> She had sexygirl in her drawers?

No, that would be one of her passwords too...  But, and this is
seriously OT, when she first showed up for work, all work stopped.

Ahh... there were lots of interesting stories about her, and that work place


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related

Re: ral(4) driver and RT2860 + RT2850 chips

[Tom]

Chris Jones writes:
> I thought I would update the list with some new info I have now that I
> am running a PC engines alix2d2 and OpenBSD 4.5-stable.
>
> When I received the alix board I just swapped the CF card out of my
> Soekris net4501 and put it in the alix board. At that time I was running
> OpenBSD 4.4-stable. After making the swap the ral card was still
> behaving the same as it was before, so I decided to upgrade to 4.5 as I
> was planning to do this anyhow.
>
> After upgrading to 4.5 the ral card (SparkLan WMIR-200N) started working
> just fine. I decided to check the changelog to see what had changed
> since 4.4 and noticed:
>
> Fix HW crypto on ral(4) devices.
>
> Because my card has a RT2860 chip and the driver supports offloading of
> encryption & decryption to the hardware, I suspect this could have been
> the isse. The ral card is running in host-ap mode and has been working
> flawlessly ever since. See dmesg below.
>
> Cheers,
> -Chris

Hi Chris,

  I have 2 ral(4) cards, one of them a RT2860 chipset. I'm curious, what happens
if you have a client connected to your ral(4) hostap and said client
sends a lot of traffic at
once through it? (Like a huge download, or BitTorrent?) Does the
hostap handle it?

  I'm curious because I couldn't get either my RT2661D or RT2860
ral(4) cards working
properly in hostap mode.

  Tom

Re: (unknown)

[Stuart Henderson]

On 2009-05-27, Bob Beck Via Secure Email  wrote:
> Hi this is bob. really. 
> I can haz Ur Passwordz plz?
>
> ohai, and Ur bank accountz and sinz too?
>
>

Ya.  http://www.uknof.org.uk/uknof13/Fowler-Phish.pdf

Re: pf, altq, packet rate

[Anthony Roberts]

> I know this is an option, but forcing the resending of traffic doesn't
> seem to be the most efficient method to me, when I could instead just
> shape that same traffic when it leaves another interface.

That's what I do, and that's how I know it can provide the benefit I claim,
though that makes for cumbersome configs when the number of interfaces
starts
to grow.

Re: pf, altq, packet rate

[Stuart Henderson]

On 2009-05-28, Anton Maksimenkov  wrote:
> 2009/5/28 SJP Lists :
>> In other words, doing it on the incoming is pointless.  Thus, as in
>> your examples, the logic behind shaping only on the outbound.
>>
>> i.e.You can easily delay sending something you have, but you have
>> little to no control over the ingress traffic of a link where only the
>> local host you have control of.
>
> Partially agree... Shaping incoming packets is useless. But _dropping_
> incoming packets (when they reach some rate limit) seemed meaningful.
> My opinion is that we can save some power (performance) when we drop
> packets early instead of allowing them to go through full stack
> (routing, and pf also, as I think).
> Just think about DOS. And all interrupts processed on one cpu. They
> can put down your machine to it's knees, while others processors will
> stay cold.

we already do some mitigation for that in certain drivers.

$ cd /sys/dev; grep MCLGETI pci/* ic/*
pci/if_bge.c:   MCLGETI(m, M_DONTWAIT, &sc->arpcom.ac_if, MCLBYTES);
pci/if_bge.c:   MCLGETI(m, M_DONTWAIT, &sc->arpcom.ac_if, BGE_JLEN);
pci/if_bnx.c:   MCLGETI(m, M_DONTWAIT, &sc->arpcom.ac_if, MCLBYTES);
pci/if_em.c:MCLGETI(m, M_DONTWAIT, &sc->interface_data.ac_if, MCLBYTES);
pci/if_iwn.c:   MCLGETI(data->m, M_DONTWAIT, NULL, IWN_RBUF_SIZE);
pci/if_iwn.c:   MCLGETI(m1, M_DONTWAIT, NULL, IWN_RBUF_SIZE);
pci/if_ix.c:MCLGETI(m, M_DONTWAIT, &sc->arpcom.ac_if, size);
pci/if_msk.c:   MCLGETI(m, M_DONTWAIT, &sc_if->arpcom.ac_if, sc_if->sk_pktlen);
pci/if_sis.c:   MCLGETI(m_new, M_DONTWAIT, &sc->arpcom.ac_if, MCLBYTES);
pci/if_sk.c:MCLGETI(m, M_DONTWAIT, &sc_if->arpcom.ac_if, SK_JLEN);
pci/if_vic.c:   MCLGETI(m0, M_DONTWAIT, NULL, m->m_pkthdr.len);
pci/if_vic.c:   MCLGETI(m, M_DONTWAIT, &sc->sc_ac.ac_if, pktlen);
pci/if_wpi.c:   MCLGETI(data->m, M_DONTWAIT, NULL, WPI_RBUF_SIZE);
pci/if_wpi.c:   MCLGETI(m1, M_DONTWAIT, NULL, WPI_RBUF_SIZE);
ic/gem.c:   MCLGETI(m, M_DONTWAIT, &sc->sc_arpcom.ac_if, MCLBYTES);
ic/hme.c:   MCLGETI(m, M_DONTWAIT, &sc->sc_arpcom.ac_if, MCLBYTES);

openBSD network issue (?)

[Maze, Jeffrey S.]

Hello,
I've setup oBSD 4.5 and have installed Pound
(http://www.apsis.ch/pound) on it.  I used the following steps while
doing this; http://azbsd.org/~marco/openbsd/pound/.
All seems good to go, but I'm having an issue and I'm not sure
entirely where to go or whom to talk trying to resolve the issue.
Pound's forums weren't helpful and I'm working with Axis camera support.
This is the last place to try.
I wanted this type of setup so we can access internal network
Axis cameras from the internet; Pound as a reverse-proxy seemed to be
the most perfect choice.  Anyway, I've been trying for weeks trying to
get it working properly.
Within a web browser, I can access the camera fine when
connecting to it directly.  If I try to go through the oBSD box, I get
the webpage title and the URL updated, but then it dies.  I end up
getting a 503 error from Pound.  If I do a netstat, oBSD shows the IP of
the camera as a SYN_SENT and another listing for TIME_WAIT.  PF isn't
enabled.
I wasn't sure what was going on until this morning it started
working out of the blue through Pound/OBSD.  But, the instant I tried to
move the camera or into the camera setup, the connection dropped and
died and it hasn't worked since.
I did a netstat when it was working and notice there were about
20 connections from the oBSD box to the camera; one established and the
others were TIME_WAIT.  This is about the norm when browsing to the
camera directly.
Any ideas?  Am I missing a configuration setting with oBSD which
isn't allowing multiple connection, etc?  I'm VERY new to oBSD; this is
my first setup/configuration with oBSD but have messed with other *nix
systems prior.
Thanks.. -Jeff

Just to Reiterate:
oBSD 4.5 (cd-install & patched) install with openSSL 0.9.8.k and
Pound 2.4.4 installed.
Testing this so we can access internal network Axis cameras from
internet.
Getting 503 Service unavailable errors from Pound when trying to
view the camera (Web browser title and URL change and then error pops
up);  until once this morning.
Netstat shows two connections to camera from oBSD showing
SYN_SENT and TIME_WAIT.  PF isn't enabled on the oBSD box.
When it worked once this morning, netstat shows about 20
connections; one established and all others TIME_WAIT.  This is the norm
when directly connected with camera.

Re: openBSD network issue (?)

[Steven Surdock]

> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of
> Maze, Jeffrey S.
> Sent: Thursday, May 28, 2009 1:35 PM
> To: misc@openbsd.org
> Subject: openBSD network issue (?)
>
> Hello,
>   I've setup oBSD 4.5 and have installed Pound
> (http://www.apsis.ch/pound) on it.  I used the following steps while
> doing this; http://azbsd.org/~marco/openbsd/pound/.
>   All seems good to go, but I'm having an issue and I'm not sure
> entirely where to go or whom to talk trying to resolve the issue.
> Pound's forums weren't helpful and I'm working with Axis camera
support.
> This is the last place to try.
>   I wanted this type of setup so we can access internal network
> Axis cameras from the internet; Pound as a reverse-proxy seemed to be
> the most perfect choice.  Anyway, I've been trying for weeks trying to
> get it working properly.
>   Within a web browser, I can access the camera fine when
> connecting to it directly.  If I try to go through the oBSD box, I get
> the webpage title and the URL updated, but then it dies.  I end up
> getting a 503 error from Pound.  If I do a netstat, oBSD shows the IP
of
> the camera as a SYN_SENT and another listing for TIME_WAIT.  PF isn't
> enabled.

Is the camera responding to the SYN_SENT?  A tcpdump of traffic between
the camera and the proxy might provide some insight.  I'm using Pound
2.4.4 for a similar application and it's been working fine for more than
a year.

-Steve S.

spamd and IPv6?

[Stefan Unterweger]

Hello!

Does spamd(8) currently support IPv6? Whereas I am able to
spamdb(1) -a IPv6-addresses and they show up on subsequent visits
to spamdb, netstat -a suggests that spamd itself is not listening
on a tcp6 socket. Unfortunately, the manpages don't mention IPv6
at all, and I'm too poor a programmer to deduct it from the
source code.

To be honest, I wouldn't be surprised it spamd does indeed not
support IPv6, there'd be hardly a point for it. I seriously doubt
that *any* current spammer'd be using IPv6, but still: now that
I've got that fancy new tunnel up and running I thought I'd play
around with it a bit.


s//un

Re: binding services on carp

[uday]

I got it, for those who don't know, you have to bind to the carp
adresse but with a specific pf entry.

rdr on $ExtIf proto tcp from any to carp0 port ftp tag FTPROXY -> lo0 port 8021
pass in log on $ExtIf inet proto tcp from any to lo0 port 8021 flags
S/SA keep state tagged FTPROXY

Works like a charm ! Gotta love OpenBSD !

"Nonviolence means avoiding not only external physical violence but
also internal violence of spirit. You not only refuse to shoot a man,
but you refuse to hate him". Rev. Martin Luther King Jr.



On Wed, May 27, 2009 at 8:25 AM, Stephan A. Rickauer
 wrote:
> On Tue, 2009-05-26 at 16:18 -0400, uday wrote:
>> Hey guys,
>>
>> A quick question, is there a way to bind services to the carp
>> interface ? You see I have an ftp-proxy running and I wanted to use
>> carp since I'm already doing fail-over with PF.
>>
>> FTP client --> Redundant Firewall w/ftp-proxy --> Internal FTP-SERVER
>
> man ftp-proxy, see -a flag.

Je sur comptable a la banque BCB je vais virée $12.million sui votre compte

[Kito Waziri]

Invitation : "Je sur comptable a la banque BCB je vais virie $12.million 
sui votre compte".


Par votre htte Kito Waziri:


 Date:  jeudi 28 mai 2009

 Heure: 19h 00 - 20h 00 (GMT+00:00)
 Lieu:  Cher Ami Salut, Je suis MR, ALADOU MUSA, comptable a la 
BANQUE COMERCIALE DU BURKINA (BCB), je vais virie $12.million (usd) sui votre 
compte ci ga vous interesse je vous enverrons tous les ditails sur la fagon 
dont on va fait le demache et igalement noter que vous aurez 30% du montant 
indiqui .si vous jtes d'accord pour m'aider ` exicuter cette transaction. 
reponne moi rapidement et s.v.p ces un propossition confidentielle merci

Invitis:

 * estelle_dro...@yahoo.fr
 * rbarze...@yahoo.ca
 * rayeddarw...@hotmail.com
 * rastazeet...@hotmail.com
 * selmay2...@yahoo.ca
 * hsmy...@yahoo.ca
 * mariodif...@yahoo.ca
 * mathieuturg...@yahoo.ca
 * fermetourmal...@yahoo.ca
 * profi...@yahoo.ca
 * frederic_...@yahoo.ca
 * mercier.g...@sympatico.ca
 * morelgilbert2...@yahoo.ca
 * siari6...@yahoo.ca
 * simonesante...@yahoo.ca
 * marcer...@yahoo.ca
 * oz_o...@yahoo.ca
 * timatc...@yahoo.ca
 * marj...@sympatico.ca
 * l.vignea...@yahoo.ca
 * letourdelapoi...@yahoo.ca
 * terre_d...@yahoo.ca
 * agathe...@yahoo.ca
 * fredmena...@yahoo.ca
 * annelauremath...@yahoo.ca
 * clerett...@yahoo.ca
 * castinganim...@yahoo.ca
 * cj@skynet.be
 * ertugruloner...@yahoo.ca
 * willis_el...@yahoo.ca
 * cape_cont...@yahoo.ca
 * mathieugirard...@hotmail.com
 * jclaudefaub...@yahoo.ca
 * olivierled...@yahoo.ca
 * jardinducatif2...@yahoo.ca
 * paulosm...@yahoo.ca
 * caronfar...@yahoo.ca
 * sarahdaniellegag...@yahoo.ca
 * mathieu_kis...@hotmail.com
 * peter.ridd...@mail.mcgill.ca
 * frick...@yahoo.ca
 * philippea...@yahoo.ca
 * jonathan_bo...@yahoo.ca
 * tipouxtabby2...@yahoo.ca
 * amsulv...@yahoo.ca
 * misc@openbsd.org
 * anniedmur...@yahoo.ca.uk
 * natna...@hotmail.fr
 * yoo...@hotmail.fr
 * maude_labo...@yahoo.ca
 * megghie...@yahoo.ca
 * guyboulan...@estoc.ca
 * id_p...@yahoo.ca
 * reli...@yahoo.ca
 * afim_...@yahoo.ca
 * samet_n...@yahoo.ca
 * jgfor...@yahoo.ca
 * mathieu.bourda...@umontreal.ca
 * matlaj...@hotmail.com
 * anne-0...@yahoo.ca
 * genevievelamp...@yahoo.ca
 * mmatt_...@hotmail.com
 * rocri...@yahoo.ca
 * ubuntu-que...@lists.ubuntu.com
 * chienn...@yahoo.ca
 * sisim...@hotmail.com
 * theunknowsold...@hotmail.fr
 * le...@hotmail.fr
 * vix...@yahoo.ca
 * dan-...@hotmail.fr
 * cogn...@hotmail.fr
 * devil...@hotmail.fr
 * mathieu.chantelo...@free.fr
 * ben...@hotmail.fr
 * jolie_na...@yahoo.ca
 * lapr...@yahoo.ca
 * atse...@hotmail.com
 * mj_sa...@yahoo.ca
 * centreaux4ve...@yahoo.ca
 * info...@yahoo.ca

invitation_add_to_your_yahoo_calendar:

 
http://fr.calendar.yahoo.com//?v=60&ST=20090528T19%2B&TITLE=Je+sur+comptable+a+la+banque+BCB+je+vais+vir%c3%a9e+$12.million+sui+votre+compte&DUR=0100&VIEW=d&in_loc=Cher+Ami+Salut,+Je+suis+MR,+ALADOU+MUSA,+comptable+a+la+BANQUE+COMERCIALE+DU+BURKINA+(BCB),+je+vais+vir%c3%a9e+$12.million+(usd)+sui+votre+compte+ci+%c3%a7a+vous+interesse+je+vous+enverrons+tous+les+d%c3%a9tails+sur+la+fa%c3%a7on+dont+on+va+fait+le+demache+et+%c3%a9galement+noter+que+vous+aurez+30%25+du+montant+indiqu%c3%a9+.si+vous+%c3%aates+d%27accord+pour+m%27aider+%c3%a0+ex%c3%a9cuter+cette+transaction.+reponne+moi+rapidement+et+s.v.p+ces+un+propossition+confidentielle+merci&TYPE=10


Copyright ) 2009 Tous droits riservis.
 www.yahoo.fr

Donnies personnelles:
 http://privacy.yahoo.com/privacy/us

Conditions d'utilisation:
 http://docs.yahoo.com/info/terms/

Re: spamd and IPv6?

[Stuart Henderson]

On 2009-05-28, Stefan Unterweger  wrote:
> Does spamd(8) currently support IPv6?

No. There are parts of code that make a start at supporting it, but here
is your main clue:

if (sa->sa_family != AF_INET)
errx(1, "not supported yet");

Re: 4.5 on Thinkpad 600x issue

[Donald Allen]

On Wed, May 27, 2009 at 3:04 PM, Johan Beisser  wrote:
> On Wed, May 27, 2009 at 10:26 AM, STeve Andre'  wrote:
>
>> I've never tried installing OpenBSD on a 600x but I'm a little surprised
> that
>> it isn't working fine.
>
> You're in for a few surprises when you do then. It should work fine,
> but there's some ACPI issues that have never been addressed.
>
>> Since you are new to OpenBSD, how did you get OpenBSD, and also how
>> (where) did you get the packages?  You MUST get the packages that
>> match the version of OpenBSD.  More than one person has gotten a
>> release CD and then gotten the packages in snapshots/packages/i386
>> which is "-current", the wip stuff that will be a part of the next
release.
>
> The 600x has a CDRom/DVD drive in it. It comes standard.
>
>> Also, it would be good to post the contents of /var/run/dmesg.boot, to
>> see what the kernel thinks of the hardware.  Thats a start.
>
> I'll include something I sent to Donald Allen, edited to make things a
> little more contextually relevant:
>
> "The key problem would keep happening [the freezing/slowdown]. Mostly
> due to IRQ 11 being shared between USB, keyboard and PCMCIA. Large
> amounts of traffic through that IRQ would cause locking issues in the
> kernel. It really
> is a hardware issue with that specific model of laptop; I had them
> with FreeBSD [5.2], OpenBSD [4.1, 4.2, and 4.3], and Linux [2.6.10]."
>
> It's a problem I presumed was just with my 600x, but some of my
> research has shown it's a model issue, related to IRQ assignment in
> kernel. The only OS that hasn't had a problem with the hardware is
> Windows XP. Whether that's due to the OS masking it or knowing
> something more intimately about the odd hybrid of ACPI and APM the
> BIOS presents, I can't say.

I ran Windows 2000 on my 600x for a time and that also worked well (at
least with respect to the issue at hand). Having said that, I don't
think I've ever run this machine in the configuration I was subjecting
OpenBSD to -- wired to the network via pcmcia and moving a lot of data
through that wire (I've usually used this machine wireless, thus lower
bandwidth and interrupt frequency). So I can't say that I've ever
subjected any other OS to the conditions that produced trouble with
OpenBSD. I will be restoring the Arch Linux disk to this machine
shortly. If I have a chance, I'll test it with the ethernet card and
see if I can kill it. One way or another, I'll post what I find.

As for OpenBSD, I've installed it on my TP G41 and have run across a
couple of small problems (the Sawfish window manager does not work
correctly; I've gone back to TWM -- I'm a minimalist; RCS does not
work correctly with emacs VC -- I haven't figured that one out yet,
though I suspect it's some small incompatibility in the OpenBSD
reimplementation of RCS). Other than that, the system looks great thus
far, and I'm probably going to proceed with replacing FreeBSD with it
on my two main machines (a Thinkpad X61 and a Lenovo workstation).
FreeBSD has serious problems with its USB support (which is being
completely reimplemented in the upcoming version 8 release) and I do
backups on sata drives in USB shoeboxes. This has forced me into a
complicated system for backing up, involving an Arch Linux LiveCD and
rsyncing my home directory to the backup disk with a Linux system,
because I don't trust FreeBSD writing to those drives. I've done some
preliminary testing with OpenBSD and have had no problems talking to
those drives. If more testing turns up no problems, I'm sold.

Thank you again for your help with the 600x issue.

/Don Allen

>
> I'm just not surprised the problem still exists in 4.5.

Re: relayd - Hosts flapping unexpectedly

[Pascal Lalonde]

On Thu, May 21, 2009 at 11:05:40AM +0100, Dan Carley wrote:
> 
> We've been playing with relayd recently - both from 4.5 and the latest
> snapshot.
> 
> Approximately every hour we are seeing one or two state changes logged. But
> I can't see reason for the change of state and there doesn't appear to be a
> pattern in the way that the hosts are failed.

We just happen to notice the same thing here.

Here's the info I could gather on this, but I suspect the
problem might not be relayd itself.

My relayd configuration is as such:

relayd.conf:

interval 5
log updates
timeout 3000

table  {
10.0.1.10
10.0.2.10
10.0.10.10
}

redirect test2 {
listen on 10.0.1.15 port 30099
forward to  check tcp
}

redirect test {
listen on 10.137.16.192 port 30100
forward to  check tcp
}


# relayctl show summary
Id  TypeNameAvlblty Status
1   redirecttest2   active
1   table   floods:30099active
(3 hosts)
1   host10.0.1.10   100.00% up
2   host10.0.2.10   100.00% up
3   host10.0.10.10  100.00% up
2   redirecttestactive
2   table   floods:30100active
(3 hosts)
4   host10.0.1.10   100.00% up
5   host10.0.2.10   100.00% up
6   host10.0.10.10  100.00% up


Now, at random times (1-2 / hour average), we get the following error in the
logs:

May 26 18:00:31 testfw1 relayd[25554]: host 10.0.1.10,
check tcp (0ms), state up -> down, availability 99.92%
May 26 18:00:36 testfw1 relayd[25554]: host 10.0.1.10,
check tcp (0ms), state down -> up, availability 99.92%

But, we can confirm that the service does not go down in reality. The
firewalls are redundant with the same relayd config, and they don't see
the service going down at the same time (they do, however, both get the
same behavior for up/down's).

Adding some debugging code in relayd, I found that connect() returns
EADDRINUSE at check_tcp.c:87. This seemed strange at first since a few
lines above the SO_REUSEPORT is set on the socket. Also, the firewalls
used to test this are almost sleeping with less than 100 sockets at a
time, mostly used by relayd performing TCP checks. So we're clearly not
running out of ephemeral ports.

Just for the sake of trying, I took the CVS source for relayd,
commented out the SO_REUSEPORT option, recompiled and restarted it.
Strangely, now the up/down's are gone. I would expect SO_REUSEPORT to
prevent EADDRINUSE errors, so I'm a bit puzzled...

Could anyone help shed light on this?

Thanks,
-- 
Pascal

It arrived just on Time! :) Thanks Folks

[Andres Genovez]

Hi Thanks here is a little picture, it took ilke 5 days to arrive to Ecuador
- South America


http://www.crice.org/files/images/openbsd4.preview.png

Full Story:

http://www.crice.org/index.php?q=node/306

--
Atentamente

Andris Genovez Tobar / Sistemas
COMERCIAL SALVADOR PACHECO MORA S.A. / DESDE 1945
Tecnologmas
Cuenca, Luis Cordero 9-70 y Gran Colombia

Telifono. 593-7-2842388 ext 408
Fax. 593-7-2842388 ext 120
Celular 593-97670874
  593-96816996 Alegro
Mail:ageno...@cspmsa.com
Personal: andresgeno...@gmail.com
www.cspmsa.com
www.crice.org

Re: It arrived just on Time! :) Thanks Folks

[Cem Kayali]

My box arrived to Istanbul in 7 days, just 2-3 days ago.

Just started to play with it ;)

Thanks!



Andres Genovez, 05/29/09 02:25:

Hi Thanks here is a little picture, it took ilke 5 days to arrive to Ecuador
- South America


http://www.crice.org/files/images/openbsd4.preview.png

Full Story:

http://www.crice.org/index.php?q=node/306

--
Atentamente

Andris Genovez Tobar / Sistemas
COMERCIAL SALVADOR PACHECO MORA S.A. / DESDE 1945
Tecnologmas
Cuenca, Luis Cordero 9-70 y Gran Colombia

Telifono. 593-7-2842388 ext 408
Fax. 593-7-2842388 ext 120
Celular 593-97670874
  593-96816996 Alegro
Mail:ageno...@cspmsa.com
Personal: andresgeno...@gmail.com
www.cspmsa.com
www.crice.org

mounting a dmg file

[frantisek holop]

hi there,

does anyone know how to mount a .dmg file on openbsd?

$ file image.dmg
image.dmg: Apple Partition data block size: 2048, first type: 
Apple_partition_map, name: Apple, number of blocks: 15,

anybody tried anything of these?
http://en.wikipedia.org/wiki/Apple_Disk_Image#Non-Macintosh

-f
-- 
petting: a study of anatomy in braille...

WebHosting Management Software

[Insan Praja SW]

Hi Misc@,
I'm currently looking for some OpenBSD-friendly (OpenSource/Free)  
WebHosting Management software. My colleagues seem to find a hardtimes for  
this kind of software works with OpenBSD.

Any clue and input appreciated.
Thanks,



--
insandotpraja(at)gmaildotcom

Re: WebHosting Management Software

[STeve Andre']

On Thursday 28 May 2009 21:24:33 Insan Praja SW wrote:
> Hi Misc@,
> I'm currently looking for some OpenBSD-friendly (OpenSource/Free)
> WebHosting Management software. My colleagues seem to find a hardtimes for
> this kind of software works with OpenBSD.
> Any clue and input appreciated.
> Thanks,

Insan,

I'm not trying to be snarky here, but I would suggest...  ssh.

Today I've been dealing with phpMyAdmin, trying to get the beast
up, and I believe I have it and am getting mysql up.  But had I not
had to fight phpMyAdmin,  I'd have been farther along today.

This tendency to use gui tools for things isn't good.  No one can
possibly say that their security increases by using them--you
add complexity, and that always gives rise to new possibilities
of trouble.

But the worse problem here is that by using some tool to do
things, you haven't learned whats going on under the hood.
Not really.

--STeve Andre'

Re: WebHosting Management Software

[Insan Praja SW]

On Fri, 29 May 2009 08:38:27 +0700, STeve Andre'  wrote:


On Thursday 28 May 2009 21:24:33 Insan Praja SW wrote:

Hi Misc@,
I'm currently looking for some OpenBSD-friendly (OpenSource/Free)
WebHosting Management software. My colleagues seem to find a hardtimes  
for

this kind of software works with OpenBSD.
Any clue and input appreciated.
Thanks,


Insan,


Steve,


I'm not trying to be snarky here, but I would suggest...  ssh.


That's exactly I suggested to those guys.. some chroot-ed accounts for  
sftp/ssh and etc..




Today I've been dealing with phpMyAdmin, trying to get the beast
up, and I believe I have it and am getting mysql up.  But had I not
had to fight phpMyAdmin,  I'd have been farther along today.

This tendency to use gui tools for things isn't good.  No one can
possibly say that their security increases by using them--you
add complexity, and that always gives rise to new possibilities
of trouble.


The GUI-thingies are meant to ease our users to manage their virtual  
domains, virtual mail boxes and etc.. And they don't do text-based  
configuration :), they are basically M$ users.




But the worse problem here is that by using some tool to do
things, you haven't learned whats going on under the hood.
Not really.



Agreed,


--STeve Andre'


Kind Regards,
Insan Praja SW,


--
insandotpraja(at)gmaildotcom

Re: WebHosting Management Software

[Chris Bennett]

STeve Andre' wrote:

On Thursday 28 May 2009 21:24:33 Insan Praja SW wrote:
  

Hi Misc@,
I'm currently looking for some OpenBSD-friendly (OpenSource/Free)
WebHosting Management software. My colleagues seem to find a hardtimes for
this kind of software works with OpenBSD.
Any clue and input appreciated.
Thanks,



Insan,

I'm not trying to be snarky here, but I would suggest...  ssh.

Today I've been dealing with phpMyAdmin, trying to get the beast
up, and I believe I have it and am getting mysql up.  But had I not
had to fight phpMyAdmin,  I'd have been farther along today.

This tendency to use gui tools for things isn't good.  No one can
possibly say that their security increases by using them--you
add complexity, and that always gives rise to new possibilities
of trouble.

But the worse problem here is that by using some tool to do
things, you haven't learned whats going on under the hood.
Not really.

--STeve Andre'

  
I really have to agree with this, even if this isn't the answer you want 
to hear.
--Oh just saw your reply back --well make pretty buttons to go with 
proper command line responses that you would make, give them that proper 
walmart/mcdonalds feel, just keep them in the proper pasture!


Chris Bennett

Anti-Virus Notification

[AV . Engine]

This is an automatically generated Anti-Virus notification. A virus 
(W32/mydoo...@mm) has been detected by the AV engine(Authentium Engine). The 
action triggered and data are given below. Message is dropped..

Re: multiple videocards... for console text

[Theo de Raadt]

> Thanks, but my goal was not just to add more text consoles, it was to
> actually create more
> VTs on existing heads.  I have 3 monitors.  We're all painfully aware
> of the Xorg limitations
> with multiple pci graphics cards.  So, I wanted to run them in text
> mode (80x50 of course  :)
> 
> 80x50 is easy.  It's the "getting all 3 monitors to work
> independently" that isn't.

Getting them to work seperately requires almost as much work as X does
to do that.  The PC hardware video architecture is more broken and
complex than you could possibly imagine.  

Re: two IP addresses on one pppoe connection

[Scott McEachern]

Todd T. Fries wrote:

If you use the kernel mode pppoe, you can ifconfig add them as an
alias to the interface, you might be able to do the same to the tun
interface, see if it works...

You are showing your roots, tun0:0 and tun0:1 are Linux naming
conventions, here in OpenBSD we just add addresses to the device
itself as 'aliases' aka:

  # ifconfig fxp0 inet 1.2.3.4 netmask 255.255.255.0
  # ifconfig fxp0 inet alias 1.2.3.5 netmask 255.255.255.0
  # ifconfig fxp0 inet alias 1.2.3.6 netmask 255.255.255.0
  # ifconfig fxp0
  fxp0: flags=...
  [..]
inet 1.2.3.4 netmask 0xff00 broadcast 1.2.3.255
inet 1.2.3.5 netmask 0xff00 broadcast 1.2.3.255
inet 1.2.3.6 netmask 0xff00 broadcast 1.2.3.255

For further reading see ifconfig(8), hostname.if(5), and
pppoe(4) (as opposed to pppoe(8)).

Penned by Scott McEachern on 20090525 11:26.33, we have:
  

Hello all,

I currently have a single line DSL connection with my ISP and I am  
considering getting a 2nd IP from them for a second domain.  The DSL  
modem  (a speedtouch 516 which has a single ethernet connection to the  
LAN) is in bridge mode so the OpenBSD firewall handles the  
connection/authentication.


I was wondering if there is a way to have ppp/pppoe bind a second IP  
address to one DSL connection?  And if this is possible, would the IPs  
then be bound to tun0:0 and tun0:1?  I cannot find an answer to this in  
my research.


This is my current setup for a single IP, which works wonderfully:

In /etc/rc.local:

if [ -f /is_fw0 ]; then
   echo -n ' PPPoE ';
   ppp -ddial pppoe
   sleep 2
fi

In /etc/ppp/ppp.conf:

default:
set log Phase Chat IPCP CCP tun command
set redial 3 0
set reconnect 5 10

pppoe:
set device "!/usr/sbin/pppoe -i ne3"
set mtu 1492
set mrru 1524
set speed sync
set cd 5
set dial
set login
set timeout 0
set authname myusername
set authkey mypassword
add! default HISADDR
enable dns
enable mssfixup



--

- RSM

http://www.erratic.ca



  
Thanks Todd, and sorry for getting back to you so late.  I'll leave this 
here so others searching, like I did, can get an answer.


As it turns out, at least with my ISP (TekSavvy in Canada if that helps 
anyone) once you go past having a single IP assigned to you, that IP 
becomes a gateway for the new IPs in the ISPs eyes.


I was thinking there would be some type of PAD* interaction beyond 
getting the first IP, but there isn't, you "just use" the new IPs by 
exactly what you said above, aliasing them to your $ext_if.


So the specifics for OpenBSD is that this is completely do-able with 
userland pppoe.  Keep the existing pppoe setup for the single IP as is, 
and just modify the /etc/ppp/ppp.linkup file as such:  (Assuming you 
were given a.b.c.d/30)


MYADDR:
!bg sh -c "/sbin/ifconfig tun0 alias a.b.c.d netmask 255.255.255.255"
[...]
!bg sh -c "/sbin/ifconfig tun0 alias a.b.c.d+3 netmask 255.255.255.255"
!bg sh -c "/sbin/pfctl -ef /etc/pf.conf"
!bg sh -c "pkill -1 named"

 The last two lines are to load a pppoe-aware pf.conf and to let the 
name server start listening on any external address per named.conf.
 The result is that adding a /30 actually gives a total of 5 usable 
IPs: the original IP, what you would think are the 'network' and 
'broadcast' addresses for the /30, plus the two 'normal' usable addresses.
 After that, it was just a matter of myself and pf.conf having a chat, 
and all is well. :)


--

- RSM

http://www.erratic.ca

Re: WebHosting Management Software

[Lars Nooden]

Working with "web hosting" is easy.  Put the OpenAFS client on your web
team's macintoshes and then use it to access the directories hosted on
your OpenBSD web server:
http://www.openafs.org/macos.html

>From there it is about the same access as having the files on your local
harddrive.

There are OpenAFS clients for linux too but see your distro's repository
for details.

Regards,
-Lars