Re: 4.7 make release fails

2010-03-10 Thread Alexander Hall 
Ron McDowell wrote:
> Philip Guenther wrote:
>> On Mon, Mar 8, 2010 at 10:12 AM, Ron McDowell  wrote:
>> ...
>>  
>>> su is not setting the group for me.  sudo does, so I rebuilt using sudo and
>>> everything worked fine.
>>>
>>> ~
>>> [...@zombie(OpenBSD)]> id
>>> uid=1000(rcm) gid=1000(rcm) groups=1000(rcm), 0(wheel), 5(operator),
>>> 12345(apache)
>>> ~
>>> [...@zombie(OpenBSD)]> su
>>> # id
>>> uid=0(root) gid=1000(rcm) groups=1000(rcm), 0(wheel), 5(operator),
>>> 12345(apache)

what does the following give?

# grep ^root: /etc/passwd

# id root

/Alexander

Route modified dynamically

2010-03-10 Thread Massimo Lusetti 
Hi misc,
  I got a 4.5 box which act as a perimeter ipsec routing gateway, it
  has 682 flow (by ipsecctl -sf | wc -l).

Some of this flow are up with a static route to the other point of the
ipsec tunnel and some of these routes are changing dynamically (netstat
shows UGHMS flags).

When these routes changes dynamically my tunnel fall cause i cannot
reach my tunnel endpoint anymore.

Probably these redirect are coming from some ciscozze with HSRP or
something and I've already asked the ciscozze admin to look without any
luck so I guess I've to do something on my side and I'm here to ask for
hints.

Should I have to elevate the priority of the static route ?
Should I "block" redirects from the ciscozze gateway?

BTW the issues is popped up when we deployed 4.5, with 4.3 we didn't
notice it but I cannot guarantee something has changed on the other
side.

Any hints is really appreciated.

Cheers
-- 
Massimo

Re: Joomla - MySQL Problem: "Could not connect to MySQL"

2010-03-10 Thread Alexander Hall 
Jan wrote:
> Thank you for the numerous responses! Except the solution to change
> "localhost" to "127.0.0.1" in the whole script, I tried everything you

Do try that then. I dont know the script at hand, but it cannot be that
many places that creates a database connection, can it?

IIRC, localhost implies file socket, and even if I'm wrong, it requires
a name lookup, and you might be missing /etc stuff in the chroot.

> proposed. It still doesn't work. Here a short review:
> 
> === Are you trying to connect to the MySQL socket outside of the httpd
> chroot?
> ===> after having run "apachectl start", I tried the same process using
> "httpd -u". But nothing changed.

You did mean you killed httpd in between, yes?

> 
> 
> === mysql -h localhost -u root -p
> Works perfect. "mysql -h localhost -u joomla -p" works also.

How about "mysql -h 127.0.0.1 -P 3306 -u joomla -p" ?

/Alexander

> 
> === Have a look in /var/www/logs/
> ===>in the errorlog of the folder is no entry. access_log shows up:
> 172.16.172.130 -- [09/Mar/2010:09:47:26 -0700] "POST"
> /user01/installation/index.php HTTP/1.1" 200 4270
> 
> === At the very least you'll also need the php5-mysql-5.2.6.tgz package
> installed as well.
> ===> php5-mysql and php5-mysqli packets are installed both
> 
> === At the very least you'll also need the php5-mysql-5.2.6.tgz package
> installed as well.
> ==> That's the output of the mysql part in the phpinfo();:
> 
> mysql
> 
> MySQL Supportenabled
> 
> active persistent links0
> active links0
> client api version5.0.51a
> mysql_module_typeexternal
> mysql_socket/var/run/mysql/mysql.sock
> mysql_include-I/usr/local/include/mysql
> mysql_libs-L/usr/local/include/mysql
> 
> 
> directivelocal valuemaster value
> 
> mysql.allow_persistentOnOn
> mysql.connect_timeout6060
> mysql.default_hostno valueno value
> mysql.default_passwordno valueno value
> mysql.default_portno valueno value
> mysql.default_socketno valueno value
> mysql.default_userno valueno value
> mysql.max_linksUnlimitedUnlimited
> mysql.max_persistentUnlimitedUnlimited
> mysql.trace_modeOffOff
> 
> 
> 
> Thank you!
> 
> Jan

Update: ftp-proxy and pf on OpenBSD 4.5

2010-03-10 Thread tsg12345 
Apologies first.

My first thought after waking up today was "I mixed IPs and IFs".
Sorry for posting that...

Remaining question second.

The filtering does not seem to get "populated" by
ftp-proxy.

A rule like:
pass in on $client_if proto { tcp udp } from $client \
to 127.0.0.1 port ftp

does not do the trick, I still have to use something like:
pass in on $client_if proto { tcp udp } from $client \
to 127.0.0.1

(opening everything up for the ftp data connection myself)

kern.securelevel is 1, so I just do not understand why
ftp-proxy won't add the rules.

Any clue sticks, so I get at least a direction for my
search?


 Original-Nachricht 

> Hi list,
> 
> I was trying to set up ftp-proxy for use with a client
> (OpenBSD 4.6 workstation, passive ftp only) behind a
> firewall (4.5).
> 
> I have set up pf.conf on the firewall according to pf
> user's guide.
> 
> All ftp-proxy anchors have been put first (nat/rdr before
> any nat/rdr rules, filtering before any filtering rules)
> so other rules should not affect them (filtering rules
> inserted by ftp-proxy are "quick" according to man, and
> first nat/rdr rule wins anyway).
> 
> I use:
> set skip on lo
> (as I usually do)7
> 
> and:
> ftp-proxy -d -D 7
> (for debugging).
> 
> >From my understanding the line
> rdr on $client_if proto tcp from $client to any port ftp -> \
>127.0.0.1 port 8021
> 
> should cause the incoming connection to be
> 1. redirected,
> 2. not filtered (skip on lo),
> 3. reach ftp-proxy and therefore
> 4. enable ftp-proxy to populate the anchors.
> 
> However, this seems not to happen (no connection,
> no output from ftp-proxy).
> 
> When I add something like:
> pass in on $client_if from $client to any
> 
> ftp-proxy lets me connect to the external ftp server
> (debug output of ftp-proxy is as one would expect it).
> 
> But even something like:
> pass in on $client_if proto { tcp udp } from $client \
> to any port ftp
> 
> does not work (and as explained above I would
> think that this is not necessary at all).
> 
> Any ideas?
> 
> 
> 
> -- 
> Sicherer, schneller und einfacher. Die aktuellen Internet-Browser -
> jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/atbrowser

-- 
GMX DSL: Internet, Telefon und Entertainment f|r nur 19,99 EUR/mtl.!
http://portal.gmx.net/de/go/dsl02

Lagoon 380 & Beneteau First 44.7 Pack Club

2010-03-10 Thread admin 
EMBARCACIONES EN VENTA:

BC  NC  TEAU FIRST 44.7 bSUDOESTEb Racing Club Pack - 145.000 b,

NingC:n uso y muchos extras: pack Club Racing II (backstay
hidrC!ulico, mC!stil de tres pisos de crucetas, winches extra y de
mayor diC!metro, poleas de tope de gama), juego de velas North Sail
(mayor y 3 genovas de kevlar + 3 spinnakers gradient, uno con
calcetC-n para crucero), todas las velas estC!n nuevas y
piloto/electrC3nica Racing Hercules B&G 2004.
 
FICHA TCCNICA DE VENTA EN ESPACOL


FICHA TCCNICA DE VENTA EN INGLC S


DOCUMENTACICN Y CERTIFICADOS DEL BARCO


INFORME DE VALORACICN Y ESTADO DEL BARCO


FOTOS DE MEDIA RESOLUCICN


FOTOS DE ALTA RESOLUCICN


LAGOON 380 bMAR TENDIDAb CatamarC!n - 175.000 b,

CatamarC!n correctamente mantenido, reciC)n pasada la inspecciC3n
PeriC3dica en Seco y a Flote, vC!lida por 5 aC1os (exactamente en
julio de 2009), en el astillero RC-o Piedras de El Rompido, Huelva: 2
hC)lices nuevas; limpieza de fondos; cambio de C!nodos; anti-fouling;
repaso del poliC)ster y pulimentado del casco y obra muerta; mesa y
barra de madera de la baC1era barnizadas, maderas de teca aceitadas;
repaso y mantenimiento de mC!quinas, instalando dos bombas de agua
salada de caudal superior a los de serie (mejora de la
refrigeraciC3n); interiores y espacios de estiba limpiados y
cuidados; griferC-a nueva en baC1os; instalaciC3n de maniobra de
Gennaker (driza, mordaza, winche y estructura de proa); etc. VELA
MAYOR Y SABLES FORZADOS A ESTRENAR. !Nuevo, vamos!

FICHA TCCNICA DE VENTA EN ESPACOL


FICHA TCCNICA DE VENTA EN INGLC S


DOCUMENTACICN Y CERTIFICADOS DEL BARCO


FOTOS DE ALTA RESOLUCICN


FOTOS DE MEDIA RESOLUCICN


FOTOS ASTILLERO INSPECCICN EN SECO 5 ACOS


Sobre la forma de pago y los impuestos bno incluidos-, tendrC-amos
que hablarlo en telC)fono o en persona.
 
Un saludo cordial,

Dear Sir,

Please find the enclosed links with full information about the sales
price of our boats:

BC  NC  TEAU FIRST 44.7 "SUDOESTE" Racing Club Pack b 145.000 b,

Little used, plus many extras including: Racing Club Pack II, main
sail and 3 more genoas Kevlar + 3 spinnakers gradient, all new North
Sail, and pilot / electronics Hercules Racing B & G 2004.

LAGOON 380 bMAR TENDIDAb Catamaran b 175.000 b,

Brand new after been polished and get repaired and maintenance. Main
sail, lazzy-Jack, bimini and propellers, all new. 

You can download all the information, photos and documentation of the
boats by clicking on the previous links.

Do not hesitate to contact me to discuss the details of the sale.

Kind regards,
 

--
To cancel the subscription in our lists, visit the following link:
Para darse de baja de esta lista visite el siguiente enlace:
http://www.maritimelist.es/lists/?p=unsubscribe&uid=56d1063edaea3434d8277d78c39f9b04

To update your details click on the link:
Para actualizar sus preferencias vaya a:
http://www.maritimelist.es/lists/?p=preferences&uid=56d1063edaea3434d8277d78c39f9b04

To forward this message to someone:
Para enviar el mensaje a alguien:
http://www.maritimelist.es/lists/?p=forward&uid=56d1063edaea3434d8277d78c39f9b04&mid=33



--
Powered by PHPlist, www.phplist.com --

Re: Route modified dynamically

2010-03-10 Thread Massimo Lusetti 
On Wed, 10 Mar 2010 09:44:36 +0100
Massimo Lusetti  wrote:

> Any hints is really appreciated.

Should I stop accepting icmp redirect with the sysctl knobs as the
changes in the 4.6 release?


Cheers
-- 
Massimo

IMBIKEMAG Launches Issue 4!

2010-03-10 Thread IMBIKEMAG Rou Chater 
Hi 

http://www.imbikemag.com/issue4/

We are pleased to announce that issue 4 of IMBIKEMAG is live. This
issue is packed with some amazing videos, photos and articles.
Highlights include an interview with film maker Derek Westerlund,
famous for the NWD series of MTB movies. Oli Beckingsale pops by and
we also head to Swinley Forest for our trail guide. There is loads
more inside to keep you entertained and Richard has gone mental with
his technique article, this issue it is all about mind control and the
psychology of riding! We guarantee it will make you faster!

Be sure to check it out!

http://www.imbikemag.com/issue4/

If you feel this email wasn't for you please reply with the word
'unsubscribe' and we will remove you from the list.

Cheers

Rou Chater

Publishing Editor

IMBIKEMAG

http://www.imbikemag.com/

Re: Update: ftp-proxy and pf on OpenBSD 4.5

2010-03-10 Thread Scott McEachern 

tsg12...@gmx.de wrote:

A rule like:
pass in on $client_if proto { tcp udp } from $client \
to 127.0.0.1 port ftp

does not do the trick, I still have to use something like:
pass in on $client_if proto { tcp udp } from $client \
to 127.0.0.1

(opening everything up for the ftp data connection myself)


Any clue sticks, so I get at least a direction for my
search?

  


You're passing the traffic in, but are you passing it back out?  Try 
enabling logging on your default block rule (you do block by default, 
right?) and see what's being blocked and where.


--

-RSM

http://www.erratic.ca

Atheros AR5212 802.11a/b/g mini-pci wont do 802.11g hostap

2010-03-10 Thread Forman, Jeffrey 
Hi Misc,

I recently have built myself a pcengines alix single board computer with an
Winstrom CM9 (atheros ar5212) mini pci wifi card, that according to ath(4)
supports hostap mode. I believe I have my hostname.ath0 file setup
correctly, but the card refuses to go into 11g mode, only using 11b/11a.
When attempting to run "sh /etc/netstart ath0" with the below
hostnames.ath0, I receive no error message. The card just goes into 11b or
11a mode.

Is there something I'm missing, or any debugging I can provide to get this
functionality working? Currently I am running the 4.6 stable branch on this
machine.

Thanks,
Jeff

dmesg:
OpenBSD 4.6-stable (GENERIC) #2: Sun Mar  7 23:07:23 EST 2010
r...@builder:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class)
499 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 268009472 (255MB)
avail mem = 250335232 (238MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x33
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10,
address 00:0d:b9:1b:b6:4c
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 10 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11,
address 00:0d:b9:1b:b6:4d
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr2 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 15,
address 00:0d:b9:1b:b6:4e
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
ath0 at pci0 dev 12 function 0 "Atheros AR5212" rev 0x01: irq 9
ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:1b:b1:02:de:ad
glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 0, 32-bit
3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 1-sector PIO, LBA, 7641MB, 15649200 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 12, version
1.0, legacy support
ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 12
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1
biomask 71e7 netmask ffe7 ttymask 
mtrr: K6-family MTRR support (2 registers)
nvram: invalid checksum
umass0 at uhub0 port 1 configuration 1 interface 0 "Western Digital External
HDD" rev 2.00/1.75 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct
fixed
sd0: 238475MB, 512 bytes/sec, 488397168 sec total
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

# cat
/etc/hostname.ath0

inet 10.10.1.1 255.255.255.0 10.10.1.255 mediaopt hostap nwid mywifi wpa
wpaciphers tkip,ccmp wpapsk redacted description "Wireless HostAP"

# ifconfig ath0 media
ath0: flags=8863 mtu 1500
lladdr 00:1b:b1:de:ad
description: Wireless HostAP
priority: 4
groups: wlan
media: IEEE802.11 autoselect mode 11b hostap
status: active
ieee80211: nwid mywifi chan 3 bssid 00:1b:b1:02:66:f1 wpapsk
redacted wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp wpagroupcipher
tkip
supported media:
media autoselect
media autoselect mediaopt ibss
media autoselect mediaopt hostap
media autoselect mediaopt monitor
media autoselect mode 11a
media autoselect mode 11a mediaopt ibss
media autoselect mode 11a mediaopt hostap
media autoselect mode 11a mediaopt monitor
media OFDM6 mode 11a
media OFDM6 mode 11a mediaopt ibss
media OFDM6 mode 11a mediaopt hostap
media OFDM6 mode 11a mediaopt monitor
media OFDM9 mode 11a
media OFDM9 mode 11a mediaopt ibss
media OFDM9 mode 11a mediaopt hostap

A distancia

2010-03-10 Thread Psicologia Social 
tu mensaje de correo

A distancia.

2010-03-10 Thread Psicologia Social 
 Inscripciones 2010

 hasta el 15 de marzo

Psicologia Social a Distancia

 Primera Escuela Virtual de Psicologia Social

Totalmente a Distancia

Para Hispano Parlantes de todo el pams y del mundo.

Tel. 011 - 48657124

Teorma y Ticnica Pichon Riviere

Certificados de Estudios avalados por la propia Institucion

Trabajo de Campo desde Primer Aqo

Para consultas por Internet, remitir mail a

fundaciontehuel...@hotmail.com

Si no desea seguir recibiendo nuestra info, por favor, mandar mail a

fundaciontehuel...@hotmail.com

con la palabra

remover

en el Asunto.

Re: Update: ftp-proxy and pf on OpenBSD 4.5

2010-03-10 Thread Vadim Zhukov 
On 10 March 2010 c. 12:09:07 tsg12...@gmx.de wrote:
> Apologies first.
>
> My first thought after waking up today was "I mixed IPs and IFs".
> Sorry for posting that...
>
> Remaining question second.
>
> The filtering does not seem to get "populated" by
> ftp-proxy.
>
> A rule like:
> pass in on $client_if proto { tcp udp } from $client \
> to 127.0.0.1 port ftp
>
> does not do the trick, I still have to use something like:
> pass in on $client_if proto { tcp udp } from $client \
> to 127.0.0.1

You forgot that rdr rule mangles destination, _including_ port:

pass in on $client_if proto { tcp udp } from $client \
to 127.0.0.1 port 8021

Or just add "pass" after "rdr" in the rdr rule.

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Intel Gigabit ET NIC Quad Port

2010-03-10 Thread Brad Tilley 
We're considering this card for an OpenBSD Snort box. I think em
supports it well. It uses the 82576EB controller. Has anyone used the
card much? If so, are you satisfied with it? 

http://ark.intel.com/Product.aspx?id=36796

Thanks,

Brad

Re: Stopped at pf_test_rule+0xa87 [again]

2010-03-10 Thread Rogier Krieger 
On Tue, Mar 9, 2010 at 22:25, Price, Joe  wrote:
> In summary, it sounds like Henning may have fixed it from this post:
> http://marc.info/?l=openbsd-cvs&m=124955744915786&w=2

>From the message you quoted and seeing r1.655.4.1, it seems the fixes
you refer to made it into 4.6-stable. You may want to run 4.6-stable
to fix your problem; see release(8) on how to build that.


> Also, why didn't this make it to an errata reliability fix?

I don't know, but the following could be an explanation. To quote the FAQ [1]:

"Note, however, that patches aren't made for new additions to OpenBSD,
and are only done for important reliability fixes or security problems
that should be addressed right away on impacted systems (which is
often NOT all systems, depending on their purpose)."


Regards,

Rogier


References
1. OpenBSD FAQ 10
http://www.openbsd.org/faq/faq10.html#Patches

Re: Apache - bandwidth usage limit per vhost

2010-03-10 Thread David Coppa 
On Wed, 10 Mar 2010, Ozgur Kazancci wrote:


> Any ideas for "structure has no member named `sin_addr'" error? 

Can you try the following patch?

cheers,
David

--- mod_throttle.c.orig Sun Dec  3 11:15:10 2000
+++ mod_throttle.c  Wed Mar 10 16:52:55 2010
@@ -719,7 +719,7 @@
 #include 
 #include 
 
-#if (defined(__GNU_LIBRARY__) && (!defined(_SEM_SEMUN_UNDEFINED))) || 
defined(__FreeBSD__) || defined(__NetBSD__)
+#if (defined(__GNU_LIBRARY__) && (!defined(_SEM_SEMUN_UNDEFINED))) || 
defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
 /* union semun is defined by including  */
 #else
 /* X/OPEN says we have to define it ourselves (twits). */
@@ -2811,7 +2811,7 @@
 * which we will apply the global policy for client connections.
 */
client_ip_config.track = (t_throttle *) get_client_ip(
-   client_ip_pool, r->connection->remote_addr.sin_addr
+   client_ip_pool, ((struct sockaddr_in 
*)&r->connection->remote_addr)->sin_addr
);
 
/* Is it time for the period adjustment? */
@@ -3185,7 +3185,7 @@
(void) critical_acquire(critical);
 
 #ifdef THROTTLE_CLIENT_IP
-   client_ip = get_client_ip(client_ip_pool, 
r->connection->remote_addr.sin_addr);
+   client_ip = get_client_ip(client_ip_pool, ((struct sockaddr_in 
*)&r->connection->remote_addr)->sin_addr);
 #endif
 #ifdef THROTTLE_REMOTE_USER
remote_user = get_remote_user(remote_user_pool, r->connection->user);

Re: Atheros AR5212 802.11a/b/g mini-pci wont do 802.11g hostap

2010-03-10 Thread Forman, Jeffrey 
To do some more testing, I upgraded to the latest i386 snapshot, but seems
that I get the same results. 802.11a/b work, but not g. A subscriber emailed
me off list about forcing "mode 11g" in the hostname.ath0 file, which I did.
But to no avail, that did not work either.


On Wed, Mar 10, 2010 at 8:48 AM, Forman, Jeffrey wrote:

> Hi Misc,
>
> I recently have built myself a pcengines alix single board computer with an
> Winstrom CM9 (atheros ar5212) mini pci wifi card, that according to ath(4)
> supports hostap mode. I believe I have my hostname.ath0 file setup
> correctly, but the card refuses to go into 11g mode, only using 11b/11a.
> When attempting to run "sh /etc/netstart ath0" with the below
> hostnames.ath0, I receive no error message. The card just goes into 11b or
> 11a mode.
>
> Is there something I'm missing, or any debugging I can provide to get this
> functionality working? Currently I am running the 4.6 stable branch on this
> machine.
>
> Thanks,
> Jeff
>
> dmesg:
> OpenBSD 4.6-stable (GENERIC) #2: Sun Mar  7 23:07:23 EST 2010
> r...@builder:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class)
> 499 MHz
> cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
> real mem  = 268009472 (255MB)
> avail mem = 250335232 (238MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088
> pcibios0 at bios0: rev 2.1 @ 0xf/0x1
> pcibios0: pcibios_get_intr_routing - function not supported
> pcibios0: PCI IRQ Routing information unavailable.
> pcibios0: PCI bus #0 is the last bus
> bios0: ROM list: 0xe/0xa800
> cpu0 at mainbus0: (uniprocessor)
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x33
> glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
> vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10,
> address 00:0d:b9:1b:b6:4c
> ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
> 0x004063, model 0x0034
> vr1 at pci0 dev 10 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11,
> address 00:0d:b9:1b:b6:4d
> ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
> 0x004063, model 0x0034
> vr2 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 15,
> address 00:0d:b9:1b:b6:4e
> ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
> 0x004063, model 0x0034
> ath0 at pci0 dev 12 function 0 "Atheros AR5212" rev 0x01: irq 9
> ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:1b:b1:02:de:ad
> glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 0, 32-bit
> 3579545Hz timer, watchdog, gpio
> gpio0 at glxpcib0: 32 pins
> pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0
> wired to compatibility, channel 1 wired to compatibility
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 1-sector PIO, LBA, 7641MB, 15649200 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
> pciide0: channel 1 ignored (disabled)
> ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 12, version
> 1.0, legacy support
> ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 12
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
> isa0 at glxpcib0
> isadma0 at isa0
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com0: console
> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0: 
> spkr0 at pcppi0
> npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
> usb1 at ohci0: USB revision 1.0
> uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1
> biomask 71e7 netmask ffe7 ttymask 
> mtrr: K6-family MTRR support (2 registers)
> nvram: invalid checksum
> umass0 at uhub0 port 1 configuration 1 interface 0 "Western Digital
> External HDD" rev 2.00/1.75 addr 2
> umass0: using SCSI over Bulk-Only
> scsibus0 at umass0: 2 targets, initiator 0
> sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct
> fixed
> sd0: 238475MB, 512 bytes/sec, 488397168 sec total
> softraid0 at root
> root on wd0a swap on wd0b dump on wd0b
>
> # cat
> /etc/hostname.ath0
>
> inet 10.10.1.1 255.255.255.0 10.10.1.255 mediaopt hostap nwid mywifi wpa
> wpaciphers tkip,ccmp wpapsk redacted description "Wireless HostAP"
>
> # ifconfig ath0 media
> ath0: flags=8863 mtu
> 1500
> lladdr 00:1b:b1:de:ad
> description: Wireless HostAP
> priority: 4
> groups: wlan
> media: IEEE802.11 autoselect mode 11b hostap
> status: active
> ieee80211: nwid mywifi chan 3 bssid 00:1b:b1:02:66:f1 wpapsk
> redacted wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp wpagroupcipher
> tkip
> supported media:
> media autoselect
> media autoselect mediaopt ibss
> media autoselect mediaopt hostap
> media autoselect mediaopt monitor
>

Re: Intel Gigabit ET NIC Quad Port

2010-03-10 Thread James Shupe 
We've only had these for a week, but we use two (each, with two ports
each in a trunk(4) in failover mode) of the Supermicro UIO derivatives
based on the same chipset in our core firewalls which route
approximately 120Mbps of traffic and they have worked great. We put them
through a ton of production simulation before deploying them, and they
passed with flying colors. Running 4.6-stable.

Thanks,
James Shupe

On 3/10/10 9:22 AM, Brad Tilley wrote:
> We're considering this card for an OpenBSD Snort box. I think em
> supports it well. It uses the 82576EB controller. Has anyone used the
> card much? If so, are you satisfied with it?
>
> http://ark.intel.com/Product.aspx?id=36796
>
> Thanks,
>
> Brad
>
>
>


--
James M. Shupe
shu...@gridexec.com
RHCE Certified
Plain text preferred
1.903.522.3425

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

h323 statefull firewall

2010-03-10 Thread Kapetanakis Giannis 

Hi,

Looking through the manual pages as well in this list
I found out that there is not any h323 helper for pf.

Has this situation changed?
How do you solve this problem if you must talk h323?

regards,

Giannis

Re: OpenBSD i386 dies mid-boot

2010-03-10 Thread Ben Niccum 
On Tue, 9 Mar 2010 20:11:16 -0500
"STeve Andre'"  wrote:

> On Tuesday 09 March 2010 19:44:12 Ben Niccum wrote:
> > On Fri, 5 Mar 2010 15:16:21 -0800
> >
> > Ben Niccum  wrote:
> > > Hello,
> > >
> > > So I'm currently running OpenBSD 4.6-release for AMD64 as my
> > > desktop workstation and I decided to try to install 4.6-release
> > > for i386 so that I could use the linux emulation.
> > >
> > > I first tried using the i386 4.6-release cd but it died mid-boot.
> > > It seemed to be complaining about a:
> > >
> > > fatal integer divide fault (8) in supervisor mode
> > > trap type 8 code 0 eip d049cc94 cs 8 eflags 10246 cr2 f0bed5
> > > cpl 0 panic: trap type 8, code=0, pc=d049cc94
> > >
> > > the next message lines were just the ones that said system halted,
> > > press any key to reboot.
> > >
> > > I took a picture of it here: http://imgur.com/k4aMn.jpg
> > >
> > > I thought that was strange, so I tried downloading the
> > > 4.7-current for i386 release but got the same results with the
> > > exception of:
> > >
> > > pc=d04bd9ac
> > >
> > > picture: http://imgur.com/QcD8j.jpg
> > >
> > > Just for comparison, I've included my dmesg.boot from my current
> > > AMD64 4.6-release and one I pulled from the AMD64 4.7-current
> > > install cd. All the iso's used for 4.7-current had a build date
> > > of 2010-03-04.
> >
> > No love?
> >
> > I tried searching but I've been unable to find anyone experiencing
> > similar issues.  I pulled an i386 4.5-release cd and tried booting
> > that just to see if a recent change caused the issue and still I
> > got the same thing.
> >
> > pic: http://imgur.com/uBvYx.jpg
> >
> > Does anyone have any suggestions? I'm new to the mailing list, so
> > should I post this question in a different list?
> >
> > -Ben
> 
> I haven't been following this till now, but its rare for i386 stuff
> not to work right.  I'm going to be that you have a hardware issue.
> Have you started taking things out, shifting/removing memory, and
> stuff like that?  Sometimes its the really weird things...
> 
> --STeve Andre'
> 

I've only got 1 stick of memory, so I can't really remove it.  I did
take out my pci sound card, but I still get the same panic.

I tried making a little sense of my dmesg from the working system and
the little output I get from trying to boot the cd.

On the working system, it starts with these first few lines:

--
OpenBSD 4.6 (GENERIC.MP) #81: Thu Jul  9 21:26:19 MDT 2009
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2145255424 (2045MB) avail mem = 2070634496 (1974MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf (43 entries)
bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date
02/05/2009 bios0: EVGA GeForce 9300 Series
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP HPET MCFG APIC
acpi0: wakeup devices HUB0(S5) XVR0(S5) XVR1(S5) XVR2(S5) XVR3(S5)
XVR4(S5) XVR5(S5) XVR6(S5) UAR1(S5) USB0(S3) USB1(S3) USBB(S3) USB2(S3)
AZAD(S5) MMAC(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at
acpi0: 2500 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 2MB 64b/line 8-way L2 cache cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 2MB 64b/line 8-way L2 cache
--

but what I see on the boot cd from the pictures I've taken (links
above) is that the cd is dying right about the time where it is still
getting cpu information. Most notably (I think) is that the cd dmesg
does not include any information about the cpu cache.

I'm going to boot my regular system using the single core kernel to try
and get a working dmesg that may be more relevant, since this one is
showing both cores on the cpu.

-Ben
-- 
Ben Niccum
be...@bendtel.com
Direct Line: 541-323-9102
Cell: 541-306-9112

faith problems

2010-03-10 Thread Andris Kádár 
 Hello,

 I try to build an ipv6-only network behind an OpenBSD box and
 I am having problems with faith.

 'ifconfig -C'  shows that there is no faith support in the 4.6. release
 kernel. So I try to compile a kernel with faith support enabled:

pseudo-device  faith  1

 But the kernel does not compile. I get:

../../../../netinet/tcp_input.c: In function `tcp6_input':
../../../../netinet/tcp_input.c:337: error: `IFT_FAITH' undeclared
(first use in this function)
../../../../netinet/tcp_input.c:337: error: (Each undeclared
identifier is reported only once
../../../../netinet/tcp_input.c:337: error: for each function it appears in.)
*** Error code 1

 Please help.

Regards,
Andris Kadar

Re: OpenBSD i386 dies mid-boot

2010-03-10 Thread Chris Bennett 

I've only got 1 stick of memory, so I can't really remove it.  I did
take out my pci sound card, but I still get the same panic.

I tried making a little sense of my dmesg from the working system and
the little output I get from trying to boot the cd.

On the working system, it starts with these first few lines:
  
Bad memory sounds reasonable, I have a boot cd that tests memory in a 
variety of patterns. Tests almost all of it memory in place.


The one I use was (is?) given out by Microsoft. You should be able to 
find a copy, if not I can send you the iso.


Chris Bennett

--
A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a building, write a sonnet, balance
accounts, build a wall, set a bone, comfort the dying, take orders,
give orders, cooperate, act alone, solve equations, analyze a new
problem, pitch manure, program a computer, cook a tasty meal, fight
efficiently, die gallantly. Specialization is for insects.
  -- Robert Heinlein

Re: h323 statefull firewall

2010-03-10 Thread Antoine Jacoutot 
On Wed, 10 Mar 2010, Kapetanakis Giannis wrote:

> Hi,
> 
> Looking through the manual pages as well in this list
> I found out that there is not any h323 helper for pf.
> 
> Has this situation changed?
> How do you solve this problem if you must talk h323?

net/gnugk

-- 
Antoine

enquiries : docstore.mik.ua

2010-03-10 Thread Stephen Lee 
We found your contact email from docstore.mik.ua
My name is Stephen Lee and I come from China, Hong Kong.

May I have your company purchase department contact information ?



I thought to send you details of our LCD Products, believing your business may
benefit from using them.
Also, these products design are for any business retail store, shop and
boutique.

Our products are:
A. Digital LCD Display with internal media player from 19, 32, 40, and 46
inch. (use in Windows Display)
B. 7 inch LCD Player with motion Sensor (use in Goods Shelves)

These products is using in store.
Function: Promote products, Increase 20-30% sales, Attract customers and help
the customers to make decisions based on the information gained from the LCD
displays.
We can send you a market research report and products information to your
company purchase department for reference.

Thanks for your help.
I am apologize for any inconvenience and appreciate your patience.

Sincerely,
Stephen YK Lee




AVAST Anti-Virus Check in: 11/3/2010 3:07:00

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
201026b.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
201026f.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
201026a.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
201026g.jpg]

Re: faith problems

2010-03-10 Thread Stuart Henderson 
On 2010-03-10, Andris K?d?r  wrote:
>  Hello,
>
>  I try to build an ipv6-only network behind an OpenBSD box and
>  I am having problems with faith.
>
>  'ifconfig -C'  shows that there is no faith support in the 4.6. release
>  kernel. So I try to compile a kernel with faith support enabled:
>
> pseudo-device  faith  1
>
>  But the kernel does not compile. I get:
>
> ../../../../netinet/tcp_input.c: In function `tcp6_input':
> ../../../../netinet/tcp_input.c:337: error: `IFT_FAITH' undeclared
> (first use in this function)
> ../../../../netinet/tcp_input.c:337: error: (Each undeclared
> identifier is reported only once
> ../../../../netinet/tcp_input.c:337: error: for each function it appears in.)
> *** Error code 1
>
>  Please help.

this diff lets the kernel build; but also read
http://undeadly.org/cgi?action=article&sid=20080724184757
for a nice way to handle this with a standard kernel.

Index: tcp_input.c
===
RCS file: /cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.231
diff -u -p -r1.231 tcp_input.c
--- tcp_input.c 15 Jan 2010 18:20:23 -  1.231
+++ tcp_input.c 10 Mar 2010 19:34:13 -
@@ -96,6 +96,9 @@
 #include 
 
 #include "faith.h"
+#if NFAITH > 0
+#include 
+#endif
 
 #include "pf.h"
 #if NPF > 0
Index: udp_usrreq.c
===
RCS file: /cvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.132
diff -u -p -r1.132 udp_usrreq.c
--- udp_usrreq.c13 Nov 2009 20:54:05 -  1.132
+++ udp_usrreq.c10 Mar 2010 19:34:13 -
@@ -104,6 +104,9 @@ extern int ip6_defhlim;
 #endif /* INET6 */
 
 #include "faith.h"
+#if NFAITH > 0
+#include 
+#endif
 
 #include "pf.h"
 #if NPF > 0

sysctl(3)

2010-03-10 Thread Toni Mueller 
Hi,

while digging into my problem with bogus SADB entries, I noticed that
sysctl(3) is incomplete, and the online man page doesn't show up (I only
get sysctl(8) to see when accessing this link:
http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html
). If someone with appropriate knowledge and powers
could fix these problems, eg. before 4.7, that would be great.

TIA!


Kind regards,
--Toni++

Re: Apache - bandwidth usage limit per vhost

2010-03-10 Thread Joachim Schipper 
On Tue, Mar 09, 2010 at 06:20:36PM +, Gaby Vanhegan wrote:
> On 9 Mar 2010, at 17:42, Ozgur Kazancci wrote:
> 
> > Apache doesn't come with such a feature. I tried mod_cband. It was quite
> > unstable, has too many bugs, issues. (Dozens of unfixed security
> > issues, bugs since few years:
> http://sourceforge.net/tracker/?group_id=154335&atid=791368
> > ), there is no more development for that module and it is abandoned
> > by its developer. I tried some other modules such as mod_bandwidth,
> > mod_curb, mod_bw, but no luck. Pretty old and 'expired' modules.
> 
> Thinking about this a little more, you could perhaps create a LogFormat string
> that dumped the hostname, bytes in and out to a logfile somewhere.  This could
> then be parsed every 5 minutes or so by a cron job, stats tabulated and Apache
> configs adjusted accordingly.
> 
> You could then perhaps have a RewriteRule and use a RewriteMap to match
> specific hostnames that need redirecting to the "bandwidth reached" page.
> When a host hits it's bandwidth limit then an entry is created in the map and
> that site gets redirected to the holding page.
> 
> Just a vague idea, probably full of holes but it could be a step in the right
> direction.

In fact, this information is contained in /var/www/logs/access_log in
the default configuration (the last field is the number of bytes in the
response, not including headers).

This should be doable with a cron script.

Joachim

I'd like to review your resume

2010-03-10 Thread Carrie @ TunaRez 
Greetings from TunaRez!  How Did We Get Your Information?  You first 
contacted TunaRez on 1/15/2010 through our partners at Dice.
At that time you completed a profile stating you were looking for
a  position with a  competitive salary.


 Get Your FREE Resume Evaluation
Go TO 
http://www.tunarez.com/resumeeval.asp?AD=1119&HDL=Dice-sp-hlist




THEY'RE TALKING ABOUT TUNAREZ

Re: Professional resume writing service?
Posted by Rachel, July 2009 at www.teachers.net
"Check out tunarez.com. best "unknown" resume service out there 
- located in Illinois. IT experts but produce great resumes for 
everyone. Seen some great teacher resume they did for friends."  
Verify at: http://teachers.net/states/il/topic1510/7.03.09.22.12.58.html";

Resume Writing Services
Posted by Joel on Software, March 2005 at www.joelonsoftware.com
"I used TunaRez and was very happy with the job they did for me. 
Their version of my resume got me a lot more callbacks and 
interviews than my own did."  
Verify at: http://discuss.joelonsoftware.com/default.asp?biz.5.102707.2
More below ...


* AFRAID TO START LOOKING FOR A JOB?
* ALREADY LOOKING WITH FEW RESULTS?
* CONCERNED YOU'LL HAVE TO LOWER YOUR SALARY JUST TO GET ANY JOB?
* WORRIED YOU COULD LOSE YOUR JOB & WANT TO BE READY - JUST IN CASE?
* NEED TO KEEP YOUR JOB AFTER A MERGER?


DOES YOUR RESUME BRING OUT THE REAL YOU?

I can't tell you how many times a day I read a dry, boring, 
"just the facts" resume and am then amazed at how dynamic and 
interesting the client is on the phone.  The resume just doesn't 
represent the person I'm talking to at the other end of the line.  
It's frustrating to think of the number of employers - desperate 
for high-quality employees - who pass them by because of weak, 
off-base resumes.  And yet, candidates are often perplexed why with 
excellent skills and a solid background no one is responding to 
their outreach efforts. 

Hiring Managers tell us most candidates do a terrible job of 
marketing themselves.  And in tough times, this is deadly - knocking 
a candidate out again and again when they are actually very qualified 
for positions. Worst of all, most candidates are completely unaware 
of what motivates a Hiring Manager to contact them.
 
I WISH I'D STARTED SOONER.
That's what most clients tell me.  The best time to create a 
powerful resume is now!  There's no need to wait until you've lost 
your job and have to pinch every penny.  No one deserves that 
kind of pressure. A powerful, motivating resume is the closest 
you can get to having "career insurance".


I'M CARRIE TEAGER, A SENIOR RESUME COACH WITH TUNAREZ.COM. 
It's been a while since you last contacted TunaRez for job search advice. 
(Hopefully, your position and salary have improved since then -- 
if not, we can help.) I just wanted to touch base to see how your 
career is progressing.  If you're considering a new job search this 
is a great time for a professional review of your resume. 

THE "PEACE OF MIND" RESUME 
74% OF OUR CLIENTS ARE EMPLOYED WHEN THEY SEEK OUR SERVICES.
If you're ready to start searching right now, then we can be with you 
through each stage with our 123GetHired Program. However, if you're 
not ready yet but want to be prepared -- just in case -- the 
"Peace of Mind" Resume is for you. With this service, we prepare 
your resume now with your current position/skills and when you 
need to look for a job in the future we'll quickly update your resume 
with any new skills so you can respond rapidly.  


FREE RESUME EVALUATION

As a professional courtesy, I would like to offer you a free written 
evaluation of your CURRENT resume to reintroduce our services. You will 
receive your evaluation within 2 days. Just go to
http://www.tunarez.com/resumeeval.asp?AD=1119&HDL=Dice-sp-hlist


THE JOB SEARCH EXPERTS 

We've lived and breathed the Hiring industry -- 
working closely with Hiring Managers for 15+ years makes a 
difference. We don't guess at what Hiring Managers want to see 
-- we get direct feedback from real employers all the time.  

TunaRez actually evolved from a software consulting firm -- the 
business of hiring and getting people hired -- and we use 
our "insider insight" to assist job seekers facing a completely 
employer-driven market.  This commitment, focus and expertise 
show in how we uniquely support each and every client -- and in 
the results we produce.

RAVE REVIEWS

TODAY 32% OF OUR BUSINESS COMES FROM R

Re: sysctl(3)

2010-03-10 Thread Jason McIntyre 
On Wed, Mar 10, 2010 at 09:42:30PM +0100, Toni Mueller wrote:
> Hi,
> 
> while digging into my problem with bogus SADB entries, I noticed that
> sysctl(3) is incomplete, and the online man page doesn't show up (I only
> get sysctl(8) to see when accessing this link:
> http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&apropos=0&sektion=3&manpath=OpenBSD+Current&arch=i386&format=html
> ). If someone with appropriate knowledge and powers
> could fix these problems, eg. before 4.7, that would be great.
> 

what exactly is missing from sysctl(3)?

as to why the cgi thing returns the section page, i'll let someone else
explain (i.e. i don't know).

jmc

Re: faith problems

2010-03-10 Thread Todd T. Fries 
This might be a better option, no custom kernel..

  http://undeadly.org/cgi?action=article&sid=20080724184757

Penned by Andris K?d?r on 20100310 18:59.06, we have:
|  Hello,
| 
|  I try to build an ipv6-only network behind an OpenBSD box and
|  I am having problems with faith.
| 
|  'ifconfig -C'  shows that there is no faith support in the 4.6. release
|  kernel. So I try to compile a kernel with faith support enabled:
| 
| pseudo-device  faith  1
| 
|  But the kernel does not compile. I get:
| 
| ../../../../netinet/tcp_input.c: In function `tcp6_input':
| ../../../../netinet/tcp_input.c:337: error: `IFT_FAITH' undeclared
| (first use in this function)
| ../../../../netinet/tcp_input.c:337: error: (Each undeclared
| identifier is reported only once
| ../../../../netinet/tcp_input.c:337: error: for each function it appears in.)
| *** Error code 1
| 
|  Please help.
| 
| Regards,
| Andris Kadar

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
| "..in support of free software solutions."  \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt

Re: h323 statefull firewall

2010-03-10 Thread Kapetanakis Giannis 

On 10/03/10 20:36, Antoine Jacoutot wrote:

On Wed, 10 Mar 2010, Kapetanakis Giannis wrote:

   

Hi,

Looking through the manual pages as well in this list
I found out that there is not any h323 helper for pf.

Has this situation changed?
How do you solve this problem if you must talk h323?
 

net/gnugk
   


I don't understand the 'net' part.

I was thinking about gnugk as well. However the problem
still exists if you put gnugk behind the pf firewall.

Does it perform different than cisco gatekeeper/proxy
in terms of session/connection tracking?

Giannis

Re: h323 statefull firewall

2010-03-10 Thread Bret S. Lambert 
On Thu, Mar 11, 2010 at 12:33:34AM +0200, Kapetanakis Giannis wrote:
> On 10/03/10 20:36, Antoine Jacoutot wrote:
> >On Wed, 10 Mar 2010, Kapetanakis Giannis wrote:
> >
> >>Hi,
> >>
> >>Looking through the manual pages as well in this list
> >>I found out that there is not any h323 helper for pf.
> >>
> >>Has this situation changed?
> >>How do you solve this problem if you must talk h323?
> >net/gnugk
> 
> I don't understand the 'net' part.
> 
> I was thinking about gnugk as well. However the problem
> still exists if you put gnugk behind the pf firewall.
> 
> Does it perform different than cisco gatekeeper/proxy
> in terms of session/connection tracking?

Have you ever read the H.323 spec? If so, how have you not
blotted out any idea of H.323 + firewall with copious
amounts of sex, drugs, and rock and roll?

> 
> Giannis

Re: h323 statefull firewall

2010-03-10 Thread Antoine Jacoutot 
On Wed, 10 Mar 2010, Bret S. Lambert wrote:
> Have you ever read the H.323 spec? If so, how have you not
> blotted out any idea of H.323 + firewall with copious
> amounts of sex, drugs, and rock and roll?

Ah, now I know where my problem are coming from...

-- 
Antoine

Re: h323 statefull firewall

2010-03-10 Thread Kapetanakis Giannis 

On 11/03/10 00:40, Bret S. Lambert wrote:

Have you ever read the H.323 spec? If so, how have you not
blotted out any idea of H.323 + firewall with copious
amounts of sex, drugs, and rock and roll?
   


:)
Well I did but I found out that linux has 2 modules about that
nf_conntrack_h323 and nf_nat_h323. Apparently it does not work well
since it does not handle h.245 and I had many other problems with that.

I've also found about an internet draft
http://old.iptel.org/ietf/firewall/draft-shore-h323-firewalls-00.txt

so I hoped about a pf helper.
Anyway I want to be sure that there is no other way of doing
session tracking on h.323 and forget all about it

Giannis

Re: sysctl(3)

2010-03-10 Thread Toni Mueller 
Hi,

On Wed, 10.03.2010 at 21:48:38 +0001, Jason McIntyre  wrote:
> what exactly is missing from sysctl(3)?

the sections I read seem to exhaustively list the settings that can
be used with the 'mib' parameter, but not for PF_KEY.

Btw, in the snapshot of today, the sysctl(3) man page is absent:

$ find . -name 'sysctl*'
./cat8/sysctl.0
./cat5/sysctl.conf.0
$

> as to why the cgi thing returns the section page, i'll let someone else
> explain (i.e. i don't know).

Thanks.

-- 
Kind regards,
--Toni++

HP DL320G6 not seeing internal drives

2010-03-10 Thread a b 
Hi,

Have already submitted dmesg to dm...@openbsd, but for the benefit of the
list 

I'm trying to install OpenBSD 4.6 on an HP ProLiant DL320 G6 with
SATA drives.  However OpenBSD 4.6-release seems unable to detect internal SATA
HDDs (have played with different RAID settings to no avail).

Has anyone had
any success with the above machine and OpenBSD ?

Thanks

OpenBSD 4.6
(RAMDISK_CD) #53: Thu Jul  9 21:41:35 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0:
Intel(R) Xeon(R) CPU E5502 @ 1.87GHz ("GenuineIntel" 686-class) 1.87 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR
real mem  = 3881558016 (3701MB)
avail mem = 3772633088 (3597MB)
mainbus0
at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @
0xf, SMBIOS rev. 2.6 @ 0xe77fe000 (134 entries)
bios0: vendor HP version
"W07" date 07/24/2009
bios0: HP ProLiant DL320 G6
acpi0 at bios0: rev 2
acpi0:
tables DSDT FACP SPCR MCFG HPET  SPMI ERST APIC SRAT  BERT HEST DMAR
SSDT SSDT SSDT SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at
mainbus0: apid 16 (boot processor)
cpu0: apic clock running at 133MHz
cpu at
mainbus0: not configured
ioapic0 at mainbus0: apid 8 pa 0xfec0, version
20, 24 pins
ioapic1 at mainbus0: apid 0 pa 0xfec8, version 20, 24 pins
acpiprt0 at acpi0: bus 1 (IP2P)
acpiprt1 at acpi0: bus 3 (NIB1)
acpiprt2 at
acpi0: bus 4 (IPT5)
acpiprt3 at acpi0: bus 0 (PRB2)
acpiprt4 at acpi0: bus 10
(PT07)
acpiprt5 at acpi0: bus 7 (PT03)
acpiprt6 at acpi0: bus 13 (PT01)
acpiprt7 at acpi0: bus 0 (PCI0)
bios0: ROM list: 0xc/0xb000 0xcb000/0x1a00
0xcca00/0xc000!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at
pci0 dev 0 function 0 vendor "Intel", unknown product 0x3403 rev 0x13
ppb0 at
pci0 dev 1 function 0 "Intel X58 PCIE" rev 0x13
pci1 at ppb0 bus 13
ppb1 at
pci0 dev 3 function 0 "Intel X58 PCIE" rev 0x13
pci2 at ppb1 bus 7
ppb2 at
pci0 dev 7 function 0 "Intel X58 PCIE" rev 0x13
pci3 at ppb2 bus 10
em0 at
pci3 dev 0 function 0 "Intel PRO/1000 PT (82571EB)" rev 0x06: apic 0 int 6
(irq 7), address 00:15:17:d6:76:66
em1 at pci3 dev 0 function 1 "Intel
PRO/1000 PT (82571EB)" rev 0x06: apic 0 int 13 (irq 11), address
00:15:17:d6:76:67
pchb1 at pci0 dev 13 function 0 vendor "Intel", unknown
product 0x343a rev 0x13
pchb2 at pci0 dev 13 function 1 vendor "Intel",
unknown product 0x343b rev 0x13
pchb3 at pci0 dev 13 function 2 vendor
"Intel", unknown product 0x343c rev 0x13
pchb4 at pci0 dev 13 function 3
vendor "Intel", unknown product 0x343d rev 0x13
pchb5 at pci0 dev 13 function
4 vendor "Intel", unknown product 0x3418 rev 0x13
pchb6 at pci0 dev 13
function 5 vendor "Intel", unknown product 0x3419 rev 0x13
pchb7 at pci0 dev
13 function 6 vendor "Intel", unknown product 0x341a rev 0x13
pchb8 at pci0
dev 14 function 0 vendor "Intel", unknown product 0x341c rev 0x13
pchb9 at
pci0 dev 14 function 1 vendor "Intel", unknown product 0x341d rev 0x13
pchb10
at pci0 dev 14 function 2 vendor "Intel", unknown product 0x341e rev 0x13
pchb11 at pci0 dev 14 function 3 vendor "Intel", unknown product 0x341f rev
0x13
pchb12 at pci0 dev 14 function 4 vendor "Intel", unknown product 0x3439
rev 0x13
"Intel X58 Misc" rev 0x13 at pci0 dev 20 function 0 not configured
"Intel X58 GPIO" rev 0x13 at pci0 dev 20 function 1 not configured
"Intel X58
RAS" rev 0x13 at pci0 dev 20 function 2 not configured
uhci0 at pci0 dev 26
function 0 "Intel 82801JI USB" rev 0x00: apic 8 int 20 (irq 5)
uhci1 at pci0
dev 26 function 1 "Intel 82801JI USB" rev 0x00: apic 8 int 23 (irq 7)
uhci2 at
pci0 dev 26 function 2 "Intel 82801JI USB" rev 0x00: apic 8 int 22 (irq 10)
ehci0 at pci0 dev 26 function 7 "Intel 82801JI USB" rev 0x00: apic 8 int 22
(irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub"
rev 2.00/1.00 addr 1
ppb3 at pci0 dev 28 function 0 "Intel 82801JI PCIE" rev
0x00
pci4 at ppb3 bus 2
ppb4 at pci4 dev 0 function 0 "ServerWorks PCIE-PCIX"
rev 0xb5
pci5 at ppb4 bus 3
bge0 at pci5 dev 4 function 0 "Broadcom BCM5715"
rev 0xa3, BCM5715 A3 (0x9003): apic 8 int 16 (irq 7), address
18:a9:05:00:ae:00
brgphy0 at bge0 phy 1: BCM5714 10/100/1000baseT/SX PHY, rev.
0
bge1 at pci5 dev 4 function 1 "Broadcom BCM5715" rev 0xa3, BCM5715 A3
(0x9003): apic 8 int 17 (irq 11), address 18:a9:05:00:ae:01
brgphy1 at bge1
phy 1: BCM5714 10/100/1000baseT/SX PHY, rev. 0
ppb5 at pci0 dev 28 function 4
"Intel 82801JI PCIE" rev 0x00
pci6 at ppb5 bus 4
uhci3 at pci0 dev 29 function
0 "Intel 82801JI USB" rev 0x00: apic 8 int 20 (irq 5)
uhci4 at pci0 dev 29
function 1 "Intel 82801JI USB" rev 0x00: apic 8 int 23 (irq 7)
uhci5 at pci0
dev 29 function 2 "Intel 82801JI USB" rev 0x00: apic 8 int 22 (irq 10)
ehci1
at pci0 dev 29 function 7 "Intel 82801JI USB" rev 0x00: apic 8 int 20 (irq 5)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev
2.00/1.00 addr 1
ppb6 at pci0 dev

Re: HP DL320G6 not seeing internal drives

2010-03-10 Thread Stuart Henderson 
On 2010-03-10, a b  wrote:
> Hi,
>
> Have already submitted dmesg to dm...@openbsd, but for the benefit of the
> list 
>
> I'm trying to install OpenBSD 4.6 on an HP ProLiant DL320 G6 with
> SATA drives.  However OpenBSD 4.6-release seems unable to detect internal SATA
> HDDs (have played with different RAID settings to no avail).
>
> Has anyone had
> any success with the above machine and OpenBSD ?

First thing to try is a -current snapshot (this is always worth doing
before posting, especially when the hardware is fairly new).

Re: IPv6, ftp-proxy and PF rules

2010-03-10 Thread FRLinux 
On Tue, Mar 9, 2010 at 5:02 PM, Mattieu Baptiste  wrote:
>> I d'like to make it accessible through my IPv6 connectivity (gif
>> tunnel with hurricane electric). With this IPv6 connectivity, all my
>> servers have public addresses. But I can't find a way to do it with
>> ftp-proxy which seems to support my setup.

Just a shot in the dark here but why not enabling your local net with
router advertisement? (man rtadvd)

Cheers,
Steph

Re: sysctl(3)

2010-03-10 Thread Otto Moerbeek 
On Thu, Mar 11, 2010 at 12:23:22AM +0100, Toni Mueller wrote:

> Hi,
> 
> On Wed, 10.03.2010 at 21:48:38 +0001, Jason McIntyre  
> wrote:
> > what exactly is missing from sysctl(3)?
> 
> the sections I read seem to exhaustively list the settings that can
> be used with the 'mib' parameter, but not for PF_KEY.
> 
> Btw, in the snapshot of today, the sysctl(3) man page is absent:
> 
> $ find . -name 'sysctl*'
> ./cat8/sysctl.0
> ./cat5/sysctl.conf.0
> $

Did you install the comp set? It's in there:
$ tar ztf comp47.tgz | grep syscl
./usr/include/sys/sysctl.h
./usr/share/man/cat3/sysctl.0
...

> 
> > as to why the cgi thing returns the section page, i'll let someone else
> > explain (i.e. i don't know).
> 
> Thanks.
> 
> -- 
> Kind regards,
> --Toni++

Re: IPv6, ftp-proxy and PF rules

2010-03-10 Thread Mattieu Baptiste 
On Thu, Mar 11, 2010 at 1:54 AM, FRLinux  wrote:
> Just a shot in the dark here but why not enabling your local net with
> router advertisement? (man rtadvd)
>

rtadvd has to do with stateless autoconfiguration. I use it on my
private local network. On my dmz, all machines are statically
configured. This is working fine for HTTP/HTTPS : IPv6 packets are
correctly routed on my firewall. But as I don't want to route a giant
port range for FTP on this firewall, I intend to use ftp-proxy. But
the rdr-to rule doesn't seem to redirect packets to the ftp-proxy
process.

-- 
Mattieu Baptiste
"/earth is 102% full ... please delete anyone you can."

Re: HP DL320G6 not seeing internal drives

2010-03-10 Thread a b 
>First thing to try is a -current snapshot (this is always worth doing
>before
posting, especially when the hardware is fairly new).

Ack.  Fair enough point
there Stuart !

Will do within the next few days.

L'histoire restituee de la Franc-maçonnerie

2010-03-10 Thread editions-p . boistier 



--
Powered by PHPlist, www.phplist.com --

[demime 1.01d removed an attachment of type image/png which had a name of 
powerphplist.png]