Re: OpenBSD ignoring RFC-compliant IPv6 neighbor solicitation?
Not that I have a better suggestion than yours, but I don't like "whitelisting" at the ip level. If I have multiple trusted routers this ends up as a long shell-script that tries to feed ips until it works. I can see a point (for both v4 and v6) to sometimes lock the arp/ndp for your def-gw so that noone else can trivially spoof the gw ip, but adding the gws own idea of some other ip it has to a whitelist of acceptable senders of ndp feels like a layering violation to me. 2013/5/8 Stefan Bagdohn > > Maby something along the lines of the 'nd6_onlink_ns_rfc4861' sysctl > > flag mentioned at > > http://www.freebsd.org/security/advisories/FreeBSD-SA-08:10.nd6.asc > > could be used for the odd cases where it's needed? > > This is an all-or-nothing approach. What about the option to provide the > "known-good" address of the router (via sysctl or by other means)? > If an address is given, treat this exception as a neighbor. If left empty, > just behave as-is. > > -- May the most significant bit of your life be positive.
Re: smtpd setup
On Tue, May 07, 2013 at 05:23:35PM -0700, Scott wrote: > Greetings all, > > I was excited to try out smtpd because of future plans to go away from > webmail. Right after installing 5.3 I followed the directions in man smtpd > to make the switch. smtpd.conf is untouched, but here are the values anyway: > > listen on lo0 > table aliases db:/etc/mail/aliases.db > accept for local alias deliver to mbox > accept for any relay > > However, sending a test mail to myself yields two different errors. On my > server: > # echo 'test' | mail -s TEST scott > send-mail: command failed: 553 Sender address syntax error > > on my desktop: > # echo 'test' | mail -s TEST scott > send-mail: command failed: 550 Invalid recipient > > The same test works with sendmail enabled. What have I missed? > > -Scott I would bet it has something to do with the hostname. Run the server with "smtpd -d -T smtp" and look at the addresses in the smtp transaction. Eric.
Re: Ethernet card not working
Hi all, perhaps my reply went astray, but let me repeat that this patch fixed my problem and the ethernet cards get recognized correctly, works and is stable with this patch. Riccardo Miod Vallat wrote: Hi, I inserted the card into a debian laptop which recongizes it. Here some output. dmesg: [ 149.244112] pcmcia_socket pcmcia_socket1: pccard: PCMCIA card inserted into slot 1 [ 149.244234] pcmcia_socket pcmcia_socket1: cs: memory probe 0xa000-0xa0ff: excluding 0xa000-0xa00f [ 149.254856] pcmcia 1.0: pcmcia: registering new device pcmcia1.0 (IRQ: 4) [ 149.351576] pcnet_cs 1.0: eth0: NE2000 (DL10022 rev 30): io 0x320, irq 4, hw_addr 00:13:46:34:0d:62 pccardctl ident: Socket 1: product info: "D-Link ", "DFE-670TXD ", "PC Card ", "" manfid: 0x0149, 0x4530 function: 6 (network) Is this enough? what can I provide more? Does the following diff help? Index: if_ne_pcmcia.c === RCS file: /cvs/src/sys/dev/pcmcia/if_ne_pcmcia.c,v retrieving revision 1.95 diff -u -p -r1.95 if_ne_pcmcia.c --- if_ne_pcmcia.c 3 Jul 2011 15:47:17 - 1.95 +++ if_ne_pcmcia.c 16 Apr 2013 20:26:47 - @@ -296,19 +296,23 @@ const struct ne2000dev { PCMCIA_CIS_IODATA_PCETTXR, 0, -1, { 0x00, 0xa0, 0xb0 } }, -{ PCMCIA_VENDOR_LINKSYS, PCMCIA_PRODUCT_NETGEAR_FA410TXC, +{ PCMCIA_VENDOR_NETGEAR, PCMCIA_PRODUCT_NETGEAR_FA410TXC, PCMCIA_CIS_DLINK_DFE670TXD, 0, -1, { 0x00, 0x05, 0x5d } }, -{ PCMCIA_VENDOR_LINKSYS, PCMCIA_PRODUCT_NETGEAR_FA410TXC, +{ PCMCIA_VENDOR_NETGEAR, PCMCIA_PRODUCT_NETGEAR_FA410TXC, PCMCIA_CIS_DLINK_DFE670TXD, 0, -1, { 0x00, 0x50, 0xba } }, - { PCMCIA_VENDOR_LINKSYS, PCMCIA_PRODUCT_NETGEAR_FA410TXC, + { PCMCIA_VENDOR_NETGEAR, PCMCIA_PRODUCT_NETGEAR_FA410TXC, PCMCIA_CIS_DLINK_DFE670TXD, 0, -1, { 0x00, 0x0d, 0x88 } }, -{ PCMCIA_VENDOR_LINKSYS, PCMCIA_PRODUCT_NETGEAR_FA410TXC, +{ PCMCIA_VENDOR_NETGEAR, PCMCIA_PRODUCT_NETGEAR_FA410TXC, + PCMCIA_CIS_DLINK_DFE670TXD, + 0, -1, { 0x00, 0x13, 0x46 } }, + +{ PCMCIA_VENDOR_NETGEAR, PCMCIA_PRODUCT_NETGEAR_FA410TXC, PCMCIA_CIS_DLINK_DFE670TXD, 0, -1, { 0x00, 0x40, 0x05 } },
Re: OpenBSD ignoring RFC-compliant IPv6 neighbor solicitation?
> Maby something along the lines of the 'nd6_onlink_ns_rfc4861' sysctl > flag mentioned at > http://www.freebsd.org/security/advisories/FreeBSD-SA-08:10.nd6.asc > could be used for the odd cases where it's needed? This is an all-or-nothing approach. What about the option to provide the "known-good" address of the router (via sysctl or by other means)? If an address is given, treat this exception as a neighbor. If left empty, just behave as-is.
Re: OpenBSD official reference book ( like FreeBSD handbook / NetBSD Guide )
"TRUNASUCI TRUNASUCI" writes: > I just wanna ask if there is a project for this official refernce book > for all users ( if any please inform ). Since i cant find any kind of > like this on openbsd web. Just my reference is on FAQ and some other > doc. The closest thing to an official 'handbook' that the OpenBSD project offers is the FAQ, http://www.openbsd.org/faq/. That one should take you some way, supplemented with a bit of man page reading now and then. For actual books, well, as others have mentioned, the more recent titles from http://www.openbsd.org/books.html are generally considered useful. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: NPPPD with intermediate LTS
Hi, On Tue, 07 May 2013 22:38:46 +0100 Joe Holden wrote: > I'm testing out npppd as a termination device which is being fed from > existing LACs (in this particular setup, mpd on FreeBSD) - if the LAC > begins LCP to challenge the client for it's username in order to > lookup the destination LNS, npppd just repeats the following until it > gives up: > > 2013-05-07 22:29:03:INFO: ppp id=1 layer=chap proto=unknown Received > chap packet. But chap is not started > 2013-05-07 22:29:05:INFO: ppp id=1 layer=chap proto=unknown Received > chap packet. But chap is not started Do you have the "dialin-proxy" message before these messages? If you have, I would like to see it. > This is on a test setup currently, but mirrors the behaviour as it > would see on a real network. > > If I blindly switch to npppd all is well, I've got l2tp-lcp-reneg > enabled but it doesn't seem to make any difference, likewise with > force. > > Is this known behaviour or am I missing something? Does the config l2tp-accept-dialin yes line in the `tunnel' config? --yasuoka
Re: OpenBSD official reference book ( like FreeBSD handbook / NetBSD Guide )
On 05/08/13 16:01, TRUNASUCI TRUNASUCI wrote: Hi all; I just wanna ask if there is a project for this official refernce book for all users ( if any please inform ). Since i cant find any kind of like this on openbsd web. Just my reference is on FAQ and some other doc. I love to have or if any handbook like this in PDF, so i can download it, and use/read it anywhere. Not "official", but these are good ... http://www.nostarch.com/obenbsd2e http://www.nostarch.com/pf2.htm Both of them (and more) mentioned here: http://www.openbsd.org/books.html HTH So do we have it? if not, is there any plan to do it? Thank you TRUNASUCI Arafat http://trunasuci.pbworks.com
OpenBSD official reference book ( like FreeBSD handbook / NetBSD Guide )
Hi all; I just wanna ask if there is a project for this official refernce book for all users ( if any please inform ). Since i cant find any kind of like this on openbsd web. Just my reference is on FAQ and some other doc. I love to have or if any handbook like this in PDF, so i can download it, and use/read it anywhere. So do we have it? if not, is there any plan to do it? Thank you TRUNASUCI Arafat http://trunasuci.pbworks.com
Re: OpenBSD 5.3 released May 1, 2013
On 1 May 2013 23:42, Stuart Henderson wrote: > > May 1, 2013. > > We are pleased to announce the official release of OpenBSD 5.3. > This is our 33rd release on CD-ROM (and 34th via FTP). We remain > proud of OpenBSD's record of more than ten years with only two remote > holes in the default install. > > As in our previous releases, 5.3 provides significant improvements, > including new features, in nearly all areas of the system: > Another awesome release! You guys rock! Especially love the Full Disk Encryption!
rename(2) and readonly source dir
The rename system call in OpenBSD will error with EACCES if you try to rename a read only directory (test done in non-sticky dir): $ mkdir testdir $ chmod 555 testdir $ mv testdir tdir mv: rename testdir to tdir: Permission denied $ ls -ld . drwxr-xr-x 4 smallm smallm 512 May 7 22:12 ./ I also tried my own program to make sure this wasn't mv specific: === #include #include #include #include int main() { mkdir("testdir", 0555); if (rename("testdir", "tdir") == -1) { fprintf(stderr, "errno %d: %s\n", errno, strerror(errno)); } return 0; } === $ ./a.out errno 13: Permission denied So I guess this is one of the ways a Unix system is allowed to work, if I'm reading IEEE 1003.1 as intended: "[EACCES] A component of either path prefix denies search permission; or one of the directories containing old or new denies write permissions; or, write permission is required and is denied for a directory pointed to by the old or new arguments. " http://www.opengroup.org/onlinepubs/009695399/functions/rename.html But should OpenBSD's man page mention the case? $ man -c rename | col -b | grep -C2 EACCES prefix of to does not exist. [EACCES] A component of either path prefix denies search permission. [EACCES] The requested link requires writing in a directory with a mode that denies write permission. -- file descriptor but it does not reference a directory. [EACCES] The from or to argument specifies a relative path but search permission is denied for the directory which the fromfd or tofd file descriptor, respectively, I noticed this when wondering why test fCmd9.4 fails in the tcl test suite and reporting its failure, after finding an old bug against systems with similar rename behaviour: https://sourceforge.net/tracker/?func=detail&atid=110894&aid=219158&group_id=10894 As a general question of process or etiquette, would you have preferred that I had written here first before communicating upstream? -- Mike Small sma...@panix.com
smtpd setup
Greetings all, I was excited to try out smtpd because of future plans to go away from webmail. Right after installing 5.3 I followed the directions in man smtpd to make the switch. smtpd.conf is untouched, but here are the values anyway: listen on lo0 table aliases db:/etc/mail/aliases.db accept for local alias deliver to mbox accept for any relay However, sending a test mail to myself yields two different errors. On my server: # echo 'test' | mail -s TEST scott send-mail: command failed: 553 Sender address syntax error on my desktop: # echo 'test' | mail -s TEST scott send-mail: command failed: 550 Invalid recipient The same test works with sendmail enabled. What have I missed? -Scott dmesg (server): OpenBSD 5.3 (RAMDISK_CD) #51: Tue Mar 12 18:27:15 MDT 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 4292739072 (4093MB) avail mem = 4158402560 (3965MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf (41 entries) bios0: vendor Sun Microsystems version "2.2.4" date 08/16/2006 bios0: Sun Microsystems Sun Ultra 20 Workstation acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SSDT SRAT MCFG APIC acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Opteron(tm) Processor 152, 2613.69 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 89 present, BIOS upgrade may be required cpu0: apic clock running at 201MHz ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (HUB0) pci0 at mainbus0 bus 0 "NVIDIA nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured "NVIDIA nForce4 ISA" rev 0xa3 at pci0 dev 1 function 0 not configured "NVIDIA nForce4 SMBus" rev 0xa2 at pci0 dev 1 function 1 not configured ohci0 at pci0 dev 2 function 0 "NVIDIA nForce4 USB" rev 0xa2: apic 2 int 20, version 1.0, legacy support ehci0 at pci0 dev 2 function 1 "NVIDIA nForce4 USB" rev 0xa3: apic 2 int 20 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "NVIDIA EHCI root hub" rev 2.00/1.00 addr 1 "NVIDIA nForce4 AC97" rev 0xa2 at pci0 dev 4 function 0 not configured pciide0 at pci0 dev 6 function 0 "NVIDIA nForce4 IDE" rev 0xf2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 7 function 0 "NVIDIA nForce4 SATA" rev 0xf3: DMA pciide1: using apic 2 int 20 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6 wd1 at pciide1 channel 1 drive 0: wd1: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 6 pciide2 at pci0 dev 8 function 0 "NVIDIA nForce4 SATA" rev 0xf3: DMA pciide2: using apic 2 int 20 for native-PCI interrupt wd2 at pciide2 channel 1 drive 0: wd2: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors wd2(pciide2:1:0): using PIO mode 4, Ultra-DMA mode 6 ppb0 at pci0 dev 9 function 0 "NVIDIA nForce4 PCI-PCI" rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) "VIA VT6306 FireWire" rev 0x80 at pci1 dev 6 function 0 not configured re0 at pci1 dev 7 function 0 "Linksys EG1032" rev 0x10: RTL8110S (0x0400), apic 2 int 5, address 00:22:6b:bf:4a:40 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 0 ral0 at pci1 dev 8 function 0 "Ralink RT2760" rev 0x00: apic 2 int 7, address 00:08:54:97:ff:11 ral0: MAC/BBP RT2860 (rev 0x0102), RF RT2720 (MIMO 1T2R) nfe0 at pci0 dev 10 function 0 "NVIDIA CK804 LAN" rev 0xa3: apic 2 int 20, address 00:e0:81:5c:3a:e3 eephy0 at nfe0 phy 1: 88E Gigabit PHY, rev. 2 ppb1 at pci0 dev 11 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci2 at ppb1 bus 2 ppb2 at pci0 dev 12 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci3 at ppb2 bus 3 ppb3 at pci0 dev 13 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci4 at ppb3 bus 4 ppb4 at pci0 dev 14 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci5 at ppb4 bus 5 pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00 pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00 pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00 pchb3 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 "NVIDIA OHCI root hub" rev 1.00/1.00 addr 1
Re: Thinkpad X230t convertible and openbsd
On Tue, May 07, 2013 at 23:47, Edd Barrett wrote: > I see it has one of those useless intel wireless cards too. Can this be > swapped out easily? If not I can use my urtwn dongle. Depends on why you think it's useless. After the first boot, fw_update will get the firmware for it, and then it should work just fine. All Lenovo systems have a BIOS whitelist of permitted wireless cards, although for many laptop models that turns out to be only variants of iwn anyway.
Re: BCM5720, LACP and CARP serious problem
On 2013-05-07, Loïc BLOT wrote: > Hello Stuart, ok for the console, (i would tell i use keyboard and > screen on the server directly, sorry for the mistake :s). > I can't test this week, because of production (and then i have shutted > down the server because he interfers with the CARP master and take the > hand whereas he mustn't...) > Can i access to this ddb console when server is totally frozen ? And can You may be able to, it depends on the type of hang. > i access to ddb console via directly connected keyboard ? ctrl+alt+escape. But the keyboard may not work after entering DDB particularly if it's connected via USB (including via an internal-only USB interface as done on some server hardware even for PS/2 ports). RS232 serial console is easier to use if you can do it, more chance of it working after entering DDB, and you can easily copy-and-paste the output rather than having to transcribe etc.
Thinkpad X230t convertible and openbsd
Hi, I'm starting a new job and have the option to choose a new laptop. I read a lot of papers in PDF form and have been using print/xournal for anotations. Annotating with the mouse sucks a bit. I wonder if these convertible thinkpads are any good for this. Does anyone own this: http://shop.lenovo.com/gb/en/laptops/thinkpad/x-series/x230t/ Is the touchscreen supported? Does it work well? Is anything else unsupported? I see it has one of those useless intel wireless cards too. Can this be swapped out easily? If not I can use my urtwn dongle. Cheers -- Best Regards Edd Barrett http://www.theunixzoo.co.uk
Re: OT: term "hackathon" trademarked in Germany
Hi Peter, it looks like the problem with the usage of "Hackathon is solved". >From their own site: http://www.young-targets.com/free-licences/ # Why? Because we did not first founded the nonprofit organization “Tech_Hub” that will manage the revenue for the free tech scene. We went a different way. We wanted to finance the creation and development of this platform by license fees. We are aware that we have thereby made us vulnerable, because you could assume, that we did this for a different cause. Thats why we will delete the trademark “hackathon”. 10 companies that have been asked to license, have been informed that we take distance from plans to charge royalties. # Regards Reiner CTO M:Tier Ltd. On Tue, 2013-05-07 at 22:49 +0200, Peter N. M. Hansteen wrote: > A bit late to the party, but here's my take on the situation - > > http://bsdly.blogspot.ca/2013/05/the-term-hackathon-has-been-trademarked.html > > - Peter
Re: OpenBSD ignoring RFC-compliant IPv6 neighbor solicitation?
On Tue, May 07, 2013 at 09:16:25PM +0200, Stefan Bagdohn wrote: > Wasn't this check introduced as mitigation of CVE-2008-2476 five years ago? > E.g. http://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch Right, thanks for pointing that out. Claudio added this check in 2008. RFC 4861 is older than that. I should have used cvs blame first. This issue definitely needs more thought.
Re: OT: term "hackathon" trademarked in Germany
There is a new update. "The attempt to take revenue for non-commercial purposes on a licensing model failed. [...] we will delete the trademark "hackathon"". http://www.young-targets.com/free-licences/ On Tue, May 07, 2013 at 10:49:27PM +0200, Peter N. M. Hansteen wrote: > A bit late to the party, but here's my take on the situation - > > http://bsdly.blogspot.ca/2013/05/the-term-hackathon-has-been-trademarked.html > > - Peter > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- Juan Francisco Cantero Hurtado http://juanfra.info
Re: OpenBSD ignoring RFC-compliant IPv6 neighbor solicitation?
Penned by Patrik Lundin on 20130507 16:02.25, we have: | On Tue, May 07, 2013 at 09:16:25PM +0200, Stefan Bagdohn wrote: | > Wasn't this check introduced as mitigation of CVE-2008-2476 five years ago? | > E.g. http://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch | > | | Maby something along the lines of the 'nd6_onlink_ns_rfc4861' sysctl | flag mentioned at | http://www.freebsd.org/security/advisories/FreeBSD-SA-08:10.nd6.asc | could be used for the odd cases where it's needed? | | Regards, | Patrik Lundin This makes the most sense to me. Otherwise, someone should fix their broken router. -- Todd Fries .. t...@fries.net |\ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC\ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com\ 1.866.792.3418 (FAX) | PO Box 16169, Oklahoma City, OK 73113 \ sip:freedae...@ekiga.net | "..in support of free software solutions." \ sip:4052279...@ekiga.net \ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
NPPPD with intermediate LTS
Hi all, I'm testing out npppd as a termination device which is being fed from existing LACs (in this particular setup, mpd on FreeBSD) - if the LAC begins LCP to challenge the client for it's username in order to lookup the destination LNS, npppd just repeats the following until it gives up: 2013-05-07 22:29:03:INFO: ppp id=1 layer=chap proto=unknown Received chap packet. But chap is not started 2013-05-07 22:29:05:INFO: ppp id=1 layer=chap proto=unknown Received chap packet. But chap is not started This is on a test setup currently, but mirrors the behaviour as it would see on a real network. If I blindly switch to npppd all is well, I've got l2tp-lcp-reneg enabled but it doesn't seem to make any difference, likewise with force. Is this known behaviour or am I missing something? Cheers.
Re: OpenBSD ignoring RFC-compliant IPv6 neighbor solicitation?
On Tue, May 07, 2013 at 09:16:25PM +0200, Stefan Bagdohn wrote: > Wasn't this check introduced as mitigation of CVE-2008-2476 five years ago? > E.g. http://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch > Maby something along the lines of the 'nd6_onlink_ns_rfc4861' sysctl flag mentioned at http://www.freebsd.org/security/advisories/FreeBSD-SA-08:10.nd6.asc could be used for the odd cases where it's needed? Regards, Patrik Lundin
Re: OT: term "hackathon" trademarked in Germany
A bit late to the party, but here's my take on the situation - http://bsdly.blogspot.ca/2013/05/the-term-hackathon-has-been-trademarked.html - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: strange errors on OpenBSD
Please learn to use Gmail's "Reply" and "Reply to all" features.
Re: strange errors on OpenBSD
On Tue, May 7, 2013 at 12:26 PM, Friedrich Locke wrote: > i would like some here to run the small program in the previous email on a > OBSD machine acting like a nis client. May you ? Or, you could stop wasting time and post a ktrace of it on *your* system and your system's dmesg. Philip Guenther
strange error on openbsd: program listing
Here you have it: #include #include #include #include int main(int argc, char **argv) { struct passwd *p; int e; e = errno, errno = 0; p = getpwuid(0); if (errno) { fprintf(stdout, "errno is: %u\n", errno); return 127; } errno = e; if (p) fprintf(stdout, "%s\n", p->pw_name); return 0; }
strange errors on OpenBSD
Hi folks, i would like some here to run the small program in the previous email on a OBSD machine acting like a nis client. May you ? If you did it, let me know you results. []s gustavo.
Re: OpenBSD ignoring RFC-compliant IPv6 neighbor solicitation?
Wasn't this check introduced as mitigation of CVE-2008-2476 five years ago? E.g. http://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch Am 07.05.2013 um 18:26 schrieb Stefan Sperling : > On Tue, May 07, 2013 at 04:48:41PM +0200, Janne Johansson wrote: >> this patch (stupidly) fixes my problem. I don't like my broken setup, >> but this works. > > We've determined the RFC doesn't require source addresses in > neighbour solicitations to be sent from a matching prefix. > > I don't see any reason why responding to such solicitations is bad. > I agree with removing this check. > >> Index: nd6_nbr.c >> === >> RCS file: /cvs/src/sys/netinet6/nd6_nbr.c,v >> retrieving revision 1.66 >> diff -u -p -r1.66 nd6_nbr.c >> --- nd6_nbr.c7 Mar 2013 09:03:16 - 1.66 >> +++ nd6_nbr.c7 May 2013 11:44:56 - >> @@ -132,17 +132,7 @@ nd6_ns_input(struct mbuf *m, int off, in >> "(wrong ip6 dst)\n")); >> goto bad; >> } >> -} else { >> -/* >> - * Make sure the source address is from a neighbor's address. >> - */ >> -if (!in6_ifpprefix(ifp, &saddr6)) { >> -nd6log((LOG_INFO, "nd6_ns_input: " >> -"NS packet from non-neighbor\n")); >> -goto bad; >> -} >> } >> - >> >> if (IN6_IS_ADDR_MULTICAST(&taddr6)) { >> nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n"));
Re: chmod(1) Absolute modes section rewrite?
On Tue, May 7, 2013 at 7:43 AM, Ted Unangst wrote: > On Tue, May 07, 2013 at 22:06, f5b wrote: >> Should chmod(1) "Absolute modes" section rewrite, adding some text as >> follows? >> >> Value Permission Directory Listing >> 0 No read, no write, no execute --- >> 1 No read, no write, execute --x >> 2 No read, write, no execute -w- >> 3 No read, write, execute -wx >> 4 Read, no write, no execute r-- >> 5 Read, no write, execute r-x >> 6 Read, write, no execute rw- >> 7 Read, write, executerwx >> >> From >> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/permissions.html > > It's important to keep the man page ordering that differentiates 700 > from 007. Although there's no reason for the man to list the 7 modes > as is, since those are constructed by ORing other values. > I think a combination would be clear: > 1. Keep existing section, but removing 7 modes. > 2. Add a table like the above after it. what problem is this change solving? --patrick
Re: OpenBSD ignoring RFC-compliant IPv6 neighbor solicitation?
On Tue, May 07, 2013 at 04:48:41PM +0200, Janne Johansson wrote: > this patch (stupidly) fixes my problem. I don't like my broken setup, > but this works. We've determined the RFC doesn't require source addresses in neighbour solicitations to be sent from a matching prefix. I don't see any reason why responding to such solicitations is bad. I agree with removing this check. > Index: nd6_nbr.c > === > RCS file: /cvs/src/sys/netinet6/nd6_nbr.c,v > retrieving revision 1.66 > diff -u -p -r1.66 nd6_nbr.c > --- nd6_nbr.c 7 Mar 2013 09:03:16 - 1.66 > +++ nd6_nbr.c 7 May 2013 11:44:56 - > @@ -132,17 +132,7 @@ nd6_ns_input(struct mbuf *m, int off, in > "(wrong ip6 dst)\n")); > goto bad; > } > - } else { > - /* > - * Make sure the source address is from a neighbor's address. > - */ > - if (!in6_ifpprefix(ifp, &saddr6)) { > - nd6log((LOG_INFO, "nd6_ns_input: " > - "NS packet from non-neighbor\n")); > - goto bad; > - } > } > - > > if (IN6_IS_ADDR_MULTICAST(&taddr6)) { > nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n"));
virtio doesn't support volumes >2tbytes
newfs(8) fails with EIO on a 3tbyte volume presented via vioblk(4). Maybe the virtio code is using 32-bit sector counters, since 2tbytes with a 512 byte block size is 2**32, and that's causing the failure. A 2tbyte volume is fine, and so is the same 3tbyte volume presented as a wd(4). $ time sudo newfs /dev/rsd8c newfs: wtfs: write error on block 6442450943: Input/output error 0m0.01s real 0m0.00s user 0m0.01s system vioblk8 at virtio10 scsibus8 at vioblk8: 2 targets sd8 at scsibus8 targ 0 lun 0: SCSI3 0/direct fixed sd8: 3145728MB, 512 bytes/sector, 6442450944 sectors john -- John Morrissey _o/\ __o j...@horde.net_-< \_ / \ < \, www.horde.net/__(_)/_(_)/\___(_) /_(_)__
Re: Sturdy and secure mail server
Hi Irek I had pretty much the same requirements for my mail server at home as you have. Over the time I got different mail accounts for different purposes. So I wanted to consolidate all the accounts on my own server running in my home network. Since several years (and releases) I'm running my home mail server under OpenBSD. The server is not directly reachable as a MX host because I only use a DynDNS address to access it from outside through a proxy server (nginx for IMAP and SMTP) also running OpenBSD. My mail server fetches the mails from all accounts via POP3 with fetchmail. The mails are delivered to Postfix which acts as the mail server for my internal domain at home. Postfix then delivers the mail to my personal user account on the server using procmail. Procmail runs each mail through ClamAV (antivirus) and SpamAssassin (antispam). Mails containing viruses are delivered to /dev/null, mails recognized as spam are delivered to the Spam folder. Every other mail is delivered to the mail folder specified in the procmail receipt or, if there is no other destination specified in .procmailrc, to the INBOX. All mails are stored in ~/mails which is a Maildir folder structure. I prefer Maildir to store mails because it creates a file for each mail. This make backup and restore much easier. I use Courier IMAP to access all my mails through IMAP clients like Thunderbird (on all my clients) and - since some days - BlackBerry Z10 (access from the Internet through the IMAP proxy feature of nginx). This way I have always the same sight on my mailbox, no matter which client I use. No more manual sync or having mails downloaded to the "wrong" client. My Maildir folders also act as the archive for my mails. All components on my mail server support of course TLS. I've configured Postfix and Courier IMAP to support TLS. For this I use my personal PKI. It is based on a self-signed root CA with two sub CAs, one for client certificates and one for server certificates. I make an hourly backup of my mails folder using rsync to one of my NAS. Additionally there is the daily backup using dump of the whole mail server. I hope my explanations give some ideas about how you could solve your problem. Feel free to contact me if you would like to get more details about the configuration. Best regards, Bruno
Re: strange error on openbsd
Why reinvent the wheel? [root@black ~]# getent passwd 1 daemon:*:1:1:The devil himself:/root:/sbin/nologin [root@black ~]# -mike On May 7, 2013, at 4:06 AM, Friedrich Locke wrote: > Dear list members, > > I am in need to write a simple program to return the passwd entry for a > given uid number. > > Here you have it: > > #include > #include > #include > #include > > int > main(int argc, char **argv) > { >struct passwd *p; >int e; > >e = errno, errno = 0; >p = getpwuid(0); >if (errno) { >fprintf(stdout, "errno is: %u\n", errno); >return 127; >} >errno = e; > >fprintf(stdout, "%s\n", p->pw_name); >return 0; > } > > > When i execute it i get this on a openbsd: > > sioux@lion$ ./pw > errno is: 13 > sioux@lion$ > > > Any ideia why openbsd implementation of getpwuid returns error ? > > Thanks in advance.
Re: OpenBSD ignoring RFC-compliant IPv6 neighbor solicitation?
this patch (stupidly) fixes my problem. I don't like my broken setup, but this works. Index: nd6_nbr.c === RCS file: /cvs/src/sys/netinet6/nd6_nbr.c,v retrieving revision 1.66 diff -u -p -r1.66 nd6_nbr.c --- nd6_nbr.c 7 Mar 2013 09:03:16 - 1.66 +++ nd6_nbr.c 7 May 2013 11:44:56 - @@ -132,17 +132,7 @@ nd6_ns_input(struct mbuf *m, int off, in "(wrong ip6 dst)\n")); goto bad; } - } else { - /* -* Make sure the source address is from a neighbor's address. -*/ - if (!in6_ifpprefix(ifp, &saddr6)) { - nd6log((LOG_INFO, "nd6_ns_input: " - "NS packet from non-neighbor\n")); - goto bad; - } } - if (IN6_IS_ADDR_MULTICAST(&taddr6)) { nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n")); 2013/5/6 Janne Johansson > I have now run into this problem also. (which sadly affects > anoncvs.eu.openbsd.org). > The router has another ip on a loopback interface somewhere which it > thinks is it's own "main" v6 ip, and then it sends it as the source ip of > the solictation. > This in turn means that my obsd wont respond to the NDP which makes the > router ignore my box and v6 anoncvs users don't get v6 access. 8-/ > > 14:21:43.113824 2001:6b0:5:1::151 > ff02::1:ffa9:f5ba: icmp6: neighbor > sol: who > has 2001:6b0:5:1825:1c2f:5c1b:dfa9:f5ba > > So the network segment is really 2001:6b0:5:1825/64 but the NDP'ing router > sends from 2001:6b0:5:1::151 instead which isn't inside the prefix of > course. > > Grrr. > > > > > 2013/2/12 Stuart Henderson > >> On 2013-02-11, Martin Schmitt wrote: >> > Am 11.02.2013 12:12, schrieb Stefan Sperling: >> > >> >> I believe the code path you're hitting is this one in >> netinet6/nd6_nbr.c, >> >> in nd6_ns_input(): >> >> >> >> } else { >> >> /* >> >> * Make sure the source address is from a neighbor's >> address. >> >> */ >> >> if (!in6_ifpprefix(ifp, &saddr6)) { >> >> nd6log((LOG_INFO, "nd6_ns_input: " >> >> "NS packet from non-neighbor\n")); >> >> goto bad; >> >> } >> >> } >> > >> > Thanks for your quick response! >> > >> > The ISP has now worked around the issue by adding a fixed NDP entry for >> > my router's address so I can't really test with it, but I have added >> > another address on the interface, which gives me this, after sysctl >> > net.inet6.icmp6.nd6_debug=1: >> > >> > nd6_ns_input: src=2001:0db8:1234:5678::0009 >> > nd6_ns_input: dst=ff02:0001::0001:ff00:0015 >> > nd6_ns_input: tgt=2001:0db8:1234:5678::0015 >> > nd6_ns_input: NS packet from non-neighbor >> > >> >> Have you tried using a /64 netmask at your end of the transfer link, >> >> instead of the /125? >> > >> > I had already tried /123, which made it work. Such a workaround comes >> > across a bit desperate, because with further expansion of the ISP's IPv6 >> > customer base, further widening of the prefix will be required. I'm not >> > sure whether this is how the uplink is intended to work and if it has >> > the potential to do any damage. >> > >> > How is your understanding of NDP? Do you think OpenBSD is at fault for >> > ignoring these solicitations, or do you think the ISP router's OS >> > selects the wrong source IP? The wording in the RFC is really very terse >> > and leaves room for interpretation. >> >> RFC 4861 says >> >>If the source address of the packet prompting the solicitation is the >>same as one of the addresses assigned to the outgoing interface, that >>address SHOULD be placed in the IP Source Address of the outgoing >>solicitation. Otherwise, any one of the addresses assigned to the >>interface should be used. >> >> so it would seem permissible for another address to appear here. >> RFC 5942 updates RFC 4861 and to my reading it doesn't change this. >> >> NetBSD will have the same problem btw, the check in nd6_nbr.c came >> from there. The check goes beyond the validation specified by RFC >> 4861 7.1.1 (by itself this is not necessarily a problem, in some >> cases it is eminently sensible to be stricter than RFC, but it >> looks like we may possibly need to relax this here..). >> >> > > > -- > May the most significant bit of your life be positive. > -- May the most significant bit of your life be positive.
Re: chmod(1) Absolute modes section rewrite?
On Tue, May 07, 2013 at 22:06, f5b wrote: > Should chmod(1) "Absolute modes" section rewrite, adding some text as > follows? > > Value Permission Directory Listing > 0 No read, no write, no execute --- > 1 No read, no write, execute --x > 2 No read, write, no execute -w- > 3 No read, write, execute -wx > 4 Read, no write, no execute r-- > 5 Read, no write, execute r-x > 6 Read, write, no execute rw- > 7 Read, write, executerwx > > From > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/permissions.html It's important to keep the man page ordering that differentiates 700 from 007. Although there's no reason for the man to list the 7 modes as is, since those are constructed by ORing other values. I think a combination would be clear: 1. Keep existing section, but removing 7 modes. 2. Add a table like the above after it.
Re: strange error on openbsd
On Tuesday 07 May 2013 15:45:55 you wrote: > On Tue, May 07, 2013 at 03:25:04PM +0200, Remco wrote: > | The way I read the man page on my OpenBSD 5.2 system, as well as on the > | www.openbsd.org web site, errno has no specific meaning when getpwuid > | returns. It only tells you whether it succeeded or not, it doesn't say it Maybe this sentence would have been clearer as follows: The man page only tells you how to check whether the getpwuid function succeeded or not, it doesn't say it > | sets errno, nor does it provide a clear way to determine why the function > | didn't succeed. (however, if you're right the man page may be lacking) > > Where do you see that ? errno is not used to tell you wether a call > succeeded or not. If a call did not succeed, errno would get set. If > a call was successful, it never sets errno. > > From intro(2) (get there via the errno(2) mlink): > > When a system call detects an error, it returns an > integer value indicating failure (usually -1) and > sets the variable errno accordingly. (This allows > interpretation of the failure on receiving a -1 > and to take action accordingly.) Successful calls > never set errno; once set, it remains until > another error occurs. It should only be examined > after an error. > > This is how errno should behave across the entire system. If you find > a case where this is not true, please report it. > > Paul 'WEiRD' de Weerd It might be that errno gets set by getpwuid by doing system calls behind the scenes. However, my point was that errno has no specific meaning when getpwuid returns because it does not provide me with any useful context about what failed. (And simply put, the man page does not instruct me to check errno, so errno cannot have meaning here) Otherwise, if errno does have meaning anyway, I think the man page lacks that specific information about what errno values could possibly be set. Apart from being able to tell that some system call failed, I don't really see much point in checking errno as a way to check for specific errors upon returning from getpwuid. I feel that the OP's program behaves as expected and the way he checks for errors, by not adhering to the instructions in the man page, is simply asking for unnecessary trouble. I hope this clarifies my point.
chmod(1) Absolute modes section rewrite?
Should chmod(1) "Absolute modes" section rewrite, adding some text as follows? Value Permission Directory Listing 0 No read, no write, no execute --- 1 No read, no write, execute --x 2 No read, write, no execute -w- 3 No read, write, execute -wx 4 Read, no write, no execute r-- 5 Read, no write, execute r-x 6 Read, write, no execute rw- 7 Read, write, executerwx >From http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/permissions.html
Re: strange error on openbsd
On Tue, May 07, 2013 at 03:25:04PM +0200, Remco wrote: | The way I read the man page on my OpenBSD 5.2 system, as well as on the | www.openbsd.org web site, errno has no specific meaning when getpwuid | returns. It only tells you whether it succeeded or not, it doesn't say it | sets errno, nor does it provide a clear way to determine why the function | didn't succeed. (however, if you're right the man page may be lacking) Where do you see that ? errno is not used to tell you wether a call succeeded or not. If a call did not succeed, errno would get set. If a call was successful, it never sets errno. >From intro(2) (get there via the errno(2) mlink): When a system call detects an error, it returns an integer value indicating failure (usually -1) and sets the variable errno accordingly. (This allows interpretation of the failure on receiving a -1 and to take action accordingly.) Successful calls never set errno; once set, it remains until another error occurs. It should only be examined after an error. This is how errno should behave across the entire system. If you find a case where this is not true, please report it. Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: BCM5720, LACP and CARP serious problem
Hello Stuart, ok for the console, (i would tell i use keyboard and screen on the server directly, sorry for the mistake :s). I can't test this week, because of production (and then i have shutted down the server because he interfers with the CARP master and take the hand whereas he mustn't...) Can i access to this ddb console when server is totally frozen ? And can i access to ddb console via directly connected keyboard ? -- Best regards, Loïc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le mardi 07 mai 2013 à 13:28 +, Stuart Henderson a écrit : > On 2013-05-06, Loïc BLOT wrote: > > Hello, > > I use the same stack: > > Carp on vlan on trunk on physical, > > There is no backtrace its a complète server freeze (im on a serial), i would prefer a ddb but there isn't > > Can you get into ddb if you send BREAK over serial? > > You will need to reboot with ddb.console=1 in sysctl.conf if you don't > already have it set. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: strange error on openbsd
Philip Guenther wrote: > On Mon, May 6, 2013 at 6:06 PM, Friedrich Locke > wrote: >> I am in need to write a simple program to return the passwd entry for a >> given uid number. >> >> Here you have it: >> >> #include >> #include >> #include >> #include >> >> int >> main(int argc, char **argv) >> { >> struct passwd *p; >> int e; >> >> e = errno, errno = 0; >> p = getpwuid(0); >> if (errno) { > > This isn't right. To test for whether getpwuid() found an entry for > the UID, test whether its return value is not NULL. If it found the > UID it'll return non-NULL. If it didn't find the UID but didn't hit > any error (it could read the passwd file, etc), then it will return > NULL and not change errno. Only if it didn't find it because of an > error will it set errno. > To be clear, are you sure about this ? The way I read the man page on my OpenBSD 5.2 system, as well as on the www.openbsd.org web site, errno has no specific meaning when getpwuid returns. It only tells you whether it succeeded or not, it doesn't say it sets errno, nor does it provide a clear way to determine why the function didn't succeed. (however, if you're right the man page may be lacking)
Xf86-video-qxl on openbsd possible ?
Hi, with virtio drivers and spice-protocol available in 5.3, i wonder if it is possible to bring the qxl driver to openbsd. I assume this might be quite difficult. Has someone already started (or given up) doing this ? Jan
Re: BCM5720, LACP and CARP serious problem
On 2013-05-06, Loïc BLOT wrote: > Hello, > I use the same stack: > Carp on vlan on trunk on physical, > There is no backtrace its a complète server freeze (im on a serial), i would > prefer a ddb but there isn't Can you get into ddb if you send BREAK over serial? You will need to reboot with ddb.console=1 in sysctl.conf if you don't already have it set.
Re: athn error
On Tue, May 07, 2013 at 12:07:01PM +0200, Holger Glaess wrote: > hi > > can someone help me about this error ? > > athn0: could not initialize calibration > athn0: unable to reset hardware; reset status 60 I'm getting the same error with an AR9485 card. I couldn't yet figure out what is wrong. I believe that some cards the athn driver is already attaching to, such as yours, don't actually work yet.
Re: ML 310 G8
HP usually includes 3 years next-business-day, but you can contact them for faster response times. On 2013 May 05 (Sun) at 03:16:33 -0700 (-0700), Steve wrote: :Hi, : :Is anyone running 5.3 on one of these. : :Just hoping to get an an idea of :support before we purchase. : :Thanks : -- Whistler's Law: You never know who is right, but you always know who is in charge.
ML 310 G8
Hi, Is anyone running 5.3 on one of these. Just hoping to get an an idea of support before we purchase. Thanks
Re: strange error on openbsd
mtree wants them to be: # grep ^pwd.db /etc/mtree/* /etc/mtree/special:pwd.db type=file mode=0444 uname=root gname=wheel optional 2013/5/7 noah pugsley > On Mon, May 6, 2013 at 6:31 PM, Ted Unangst wrote: > > > On Mon, May 06, 2013 at 22:06, Friedrich Locke wrote: > > > > > e = errno, errno = 0; > > > p = getpwuid(0); > > > if (errno) { > > > fprintf(stdout, "errno is: %u\n", errno); > > > > > > sioux@lion$ ./pw > > > errno is: 13 > > > sioux@lion$ > > > > > > > > > Any ideia why openbsd implementation of getpwuid returns error ? > > > > That is not how the man page says you check for getpwuid errors. > > > > > Bad error checking regardless (and whether I'm qualified to comment aside), > it should have worked. What are the permissions for /etc/pwd.db? > > -- May the most significant bit of your life be positive.
athn error
hi can someone help me about this error ? athn0: could not initialize calibration athn0: unable to reset hardware; reset status 60 dmesg OpenBSD 5.3 (GENERIC) #50: Tue Mar 12 18:35:23 MDT 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Samuel 2 ("CentaurHauls" 686-class) 533 MHz cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX,3DNOW real mem = 528019456 (503MB) avail mem = 508399616 (484MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/05/02, BIOS32 rev. 0 @ 0xfb510, SMBIOS rev. 2.2 @ 0xf0800 (43 entries) bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 12/05/2002 bios0: VIA Technologies, Inc. VT8601 apm0 at bios0: Power Management spec V1.2 (slowidle) acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xdf94 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/224 (12 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 14 pcibios0: PCI Interrupt Router at 000:07:0 ("VIA VT82C596A ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xc000 0xcc000/0x4000! cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "VIA VT8601 PCI" rev 0x05 viaagp0 at pchb0: v2 agp0 at viaagp0: aperture at 0xe300, size 0xe40 ppb0 at pci0 dev 1 function 0 "VIA VT82C601 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "Trident CyberBlade i1" rev 0x6a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 "VIA VT82C686 ISA" rev 0x40 pciide0 at pci0 dev 7 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 ignored (disabled) wd0 at pciide0 channel 1 drive 0: wd0: 1-sector PIO, LBA, 15296MB, 31326208 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 uhci0 at pci0 dev 7 function 2 "VIA VT83C572 USB" rev 0x1a: irq 5 viapm0 at pci0 dev 7 function 4 "VIA VT82C686 SMBus" rev 0x40: SMI iic0 at viapm0 iic0: addr 0x2d 00=01 01=84 02=07 03=ff 04=ff 07=a0 08=ad 09=ad 0b=15 13=7f 14=54 15=f1 16=c5 17=8a 1d=cc 1e=1d 1f=7f 20=aa 21=b4 22=67 23=d3 24=d7 25=c4 26=d5 27=7f 28=7f 2a=3b 2b=ff 2d=d6 2e=c1 2f=d4 30=bf 31=cd 32=ba 33=cb 34=b8 35=b5 36=87 37=1d 38=90 39=ff 3b=01 3c=1d 3d=ff 3f=a2 40=01 43=ff 44=ff 47=a0 48=ad 49=ad 4b=15 53=7e 54=9c 55=f1 56=40 57=80 5d=cc 5e=1d 5f=7f 60=aa 61=b4 62=67 63=d3 64=d7 65=c4 66=d5 67=7f 68=7f 6a=3b 6b=ff 6d=d6 6e=c1 6f=d4 70=bf 71=cd 72=ba 73=cb 74=b8 75=b5 76=87 77=1d 78=90 79=ff 7b=01 7c=1d 7d=ff 7f=a2 80=01 83=ff 84=ff 87=a0 88=ad 89=ad 8b=15 93=55 94=30 95=f1 96=44 97=81 9d=cc 9e=1d 9f=7f a0=aa a1=b4 a2=67 a3=d3 a4=d7 a5=c4 a6=d5 a7=7f a8=7f aa=3b ab=ff ad=d6 ae=c1 af=d4 b0=bf b1=cd b2=ba b3=cb b4=b8 b5=b5 b6=87 b7=1d b8=90 b9=ff bb=01 bc=1d bd=ff bf=a2 c0=01 c3=ff c4=ff c7=a0 c8=ad c9=ad cb=15 d3=55 d4=2e d5=f1 d6=49 d7=81 dd=cc de=1d df=7f e0=aa e1=b4 e2=67 e3=d3 e4=d7 e5=c4 e6=d5 e7=7f e8=7f ea=3b eb=ff ed=d6 ee=c1 ef=d4 f0=bf f1=cd f2=ba f3=cb f4=b8 f5=b5 f6=87 f7=1d f8=90 f9=ff fb=01 fc=1d fd=ff ff=a2 words 00=01ff 01=00ff 02=00ff 03= 04= 05=00ff 06=00ff 07=a0ff spdmem0 at iic0 addr 0x50: 512MB SDRAM non-parity PC66 viapm0: 24-bit timer at 3579545Hz re0 at pci0 dev 9 function 0 "Realtek 8139" rev 0x20: RTL8139C+ (0x7480), irq 11, address 00:90:fb:04:46:04 rlphy0 at re0 phy 0: RTL internal PHY re1 at pci0 dev 10 function 0 "Realtek 8139" rev 0x20: RTL8139C+ (0x7480), irq 5, address 00:90:fb:04:46:03 rlphy1 at re1 phy 0: RTL internal PHY re2 at pci0 dev 11 function 0 "Realtek 8139" rev 0x20: RTL8139C+ (0x7480), irq 14, address 00:90:fb:04:46:02 rlphy2 at re2 phy 0: RTL internal PHY re3 at pci0 dev 12 function 0 "Realtek 8139" rev 0x20: RTL8139C+ (0x7480), irq 10, address 00:90:fb:04:46:01 rlphy3 at re3 phy 0: RTL internal PHY re4 at pci0 dev 13 function 0 "Realtek 8139" rev 0x20: RTL8139C+ (0x7480), irq 11, address 00:90:fb:04:46:00 rlphy4 at re4 phy 0: RTL internal PHY athn0 at pci0 dev 20 function 0 "Atheros AR9227" rev 0x01: irq 10 athn0: AR9287 rev 2 (2T2R), ROM rev 4, address f8:d1:11:38:45:19 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 "VIA UHCI root hub" rev 1.00/1.00 addr 1 mtrr: Pentium Pro MTRR support umass0 at uhub0 port 1 configuration 1 interface 0 "BUFFALO ClipDrive" rev 2.00/2.00 addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: SCSI2 0/direct removable serial.0ea02168071560100149 sd0: 125MB, 512 bytes/sector, 256000 sectors vscsi0 at root scsibus1 at vscsi0: 256 targets sof