Re: Security

[Craig R. Skinner]

On 2014-01-10 Fri 21:12 PM |, Jan Stary wrote:
 
  2 references to hinet (chinese)
 
 What references?
 What's hinet and how do you know it is chinese?
 
   intenting to send spam (relay).
 
 How do you know that hinet (whatever it is)
 was intenting to send or relay spam?
 

Hosts in hinet have been relentlessly attacking my mail  web servers
for over 8 years. I feed them rubbish to play with, and they're still at
it this week, in spamd's log:
copatriot-jun-2...@kepax.co.uk
copatron-jun-2...@kepax.co.uk
copatroness-jun-2...@kepax.co.uk
cope-jun-2...@kepax.co.uk
copehan-jun-2...@kepax.co.uk
copei-jun-2...@kepax.co.uk
copelata-jun-2...@kepax.co.uk
copelatae-jun-2...@kepax.co.uk
copelate-jun-2...@kepax.co.uk
copellidine-jun-2...@kepax.co.uk
copeman-jun-2...@kepax.co.uk
copemate-jun-2...@kepax.co.uk
copen-jun-2...@kepax.co.uk 

Looking at some of the IP addresses:
$ host 1.34.176.248
248.176.34.1.in-addr.arpa domain name pointer 1-34-176-248.HINET-IP.hinet.net.

$ whois 1.34.176.248
...
...
netnum:1.34.0.0 - 1.34.255.255
netname:HINET-NET
descr:  Taipei Taiwan
country:TW
...



Since late last year, I've noticed an increase in cgi/php probes.
I don't use scripting/CGI dynamic stuff - static html only in chroot.
HINET is one of the top offenders:

$ for ip in $(awk '/POST \/cgi-bin\/php/ { print $1 }' /var/www/logs/access_log 
| sort -u); do host $ip | fgrep -i hinet  print $ip; done

248.176.34.1.in-addr.arpa domain name pointer
1-34-176-248.HINET-IP.hinet.net.
1.34.176.248
127.59.127.59.in-addr.arpa domain name pointer
59-127-59-127.HINET-IP.hinet.net.
59.127.59.127

...


They've even infected iPads as probing droids:

$ fgrep 1.34.176.248 /var/www/logs/access_log
1.34.176.248 - - [20/Dec/2013:07:55:54 +] POST 
/cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
 HTTP/1.1 404 221 teak.britvault.co.uk - Mozilla/5.0 (iPad; CPU OS 6_0 like 
Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d 
Safari/8536.25


Decoding it (http://meyerweb.com/eric/tools/dencoder/) shows this:

-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d 
disable_functions= -d open_basedir=none -d auto_prepend_file=php://input -d 
cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n



Which is another known PHP exploit:

...continued scanning for CVE-2012-1823 which is a vulnerability within
PHP-CGI

...the attacker is attempt to use various command-line web clients
(wget/curl/fetch/lwp-get, etc...) to download the mc.pl script on the
remote attacker's site.

http://blog.spiderlabs.com/2013/11/honeypot-alert-more-php-cgi-scanning-apache-magikac.html


I'm no web guru, so I use HTTP (Hypertext Transfer Protocol) just for
what it was designed to do: let users transfer/GET static files.

Get safe, get static.
-- 
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7

Re: 1 bit wide unsigned int and regular signed int

[Remco]

Ted Roby wrote:

 Consider the following structs. The first struct uses 1 bit wide unsigned
 integers
 for two flags set by the user during runtime. The second struct performs
 the same
 function, but used a regular signed integer instead of an unsigned integer
 with
 a defined bit width.
 
 typedef struct {
 char *dev;  /* the device we will
 monitor */
 pcap_t *dev_handle; /* the handle to this
 device after opening */
 struct pcap_stat ps;/* packet statistics
 struct
 */
 pcap_dumper_t *pd;  /* dump file pointer */
 int link_int;   /* datalink int of device
 */
 int timeout;/* datalink timeout per
 packet */
 int pcount; /* packets captured */
 const char *link_desc;  /* datalink description of
 device */
 const char *link_name;  /* datalink name of device
 */
 char errbuf[PCAP_ERRBUF_SIZE];  /* pcap err buffer */
 bpf_u_int32 net;/* network of sniffing
 interface */
 bpf_u_int32 mask;   /* netmask of sniffing
 interface */
 char netstr[INET_ADDRSTRLEN];   /* network string */
 char maskstr[INET_ADDRSTRLEN];  /* netmask string */
 unsigned int use_dumper : 1;/* flag to use dump file
 */
 unsigned int use_filter : 1;/* flag to compile filter
 */
 char dumpfile[FILESIZE];/* file to dump packets */
 struct bpf_program fp;  /* compiled filter
 expression */
 char filter_exp[FILTER_SIZE];   /* filter expression */
 } ether_dev_t;
 
 typedef struct {
 char *dev;  /* the device we will
 monitor */
 pcap_t *dev_handle; /* the handle to this
 device after opening */
 struct pcap_stat ps;/* packet statistics
 struct
 */
 pcap_dumper_t *pd;  /* dump file pointer */
 int link_int;   /* datalink int of device
 */
 int timeout;/* datalink timeout per
 packet */
 int pcount; /* packets captured */
 const char *link_desc;  /* datalink description of
 device */
 const char *link_name;  /* datalink name of device
 */
 char errbuf[PCAP_ERRBUF_SIZE];  /* pcap err buffer */
 bpf_u_int32 net;/* network of sniffing
 interface */
 bpf_u_int32 mask;   /* netmask of sniffing
 interface */
 char netstr[INET_ADDRSTRLEN];   /* network string */
 char maskstr[INET_ADDRSTRLEN];  /* netmask string */
 int use_dumper; /* flag to use dump file
 */
 int use_filter; /* flag to compile filter
 */
 char dumpfile[FILESIZE];/* file to dump packets */
 struct bpf_program fp;  /* compiled filter
 expression */
 char filter_exp[FILTER_SIZE];   /* filter expression */
 } ether_dev_t;
 
 when I run size on the compiled binary and its stripped version there
 seems to be a difference of 32 bits in the text portion and overall size.
 
 $ size regular_int regular_int.stripped
 textdatabss dec hex
 9023744 352 10119   2787regular_int
 9023744 352 10119   2787regular_int.stripped
 
 $ size one_bit_u_int one_bit_u_int.stripped
 textdatabss dec hex
 8991744 352 10087   2767one_bit_u_int
 8991744 352 10087   2767one_bit_u_int.stripped
 
 
 However, when I run ls -l on these files the non-stripped
 one bit integer binary is larger, which I did not expect.
 
 $ ls -l one_bit_u_int{,.stripped}
 -rwxr-xr-x  1 user  user  29014 Jan 10 16:58 one_bit_u_int
 -rwxr-xr-x  1 user  user  12440 Jan 10 16:59 one_bit_u_int.stripped
 
 $ ls -l regular_int{,.stripped}
 -rwxr-xr-x  1 user  user  28942 Jan 10 16:57 regular_int
 -rwxr-xr-x  1 user  user  12472 Jan 10 16:57 regular_int.stripped
 
 Why is the non-stripped, one bit wide integer binary larger than
 the non-stripped, regular integer binary?
 
 These were compiled on amd64 -current

For regular integers, usually having a size that match the size of processor 
registers and places in memory, I expect the compiler to generate very little 
code, probably just a single machine instruction, to deal with those 
integers.

Maybe the compiler generates extra code to deal with your one bit sized 
variables. It may not be able to 

Re: Security

[MJ]

On 11 Jan 2014, at 13.36, Craig R. Skinner skin...@britvault.co.uk wrote:
 
 Hosts in hinet have been relentlessly attacking my mail  web servers
 for over 8 years. I feed them rubbish to play with,


A good technique is to run a geospatially-enabled DNS server that maps AS 
numbers to locations and then simply serve different different results to 
different locations. AS number to geospatial mapping isn’t perfect, but it’s 
good enough.

For example, when hosts in hinet location query your MX record, you could serve 
them the answer of 127.0.0.1 ;-) Spammers will love you!


-mike

Re: relayd filter rewrite?

[Stuart Henderson]

On 2014-01-10, Steven M. Caesare scaes...@caesare.com wrote:
 If not, am I overlooking a method to proxy (or redirect) based on
 incoming http host header request to multiple back end web servers

That's not currently possible with relayd, it is one of the
particularly useful things about the WIP filter rewrite.

 or would I likely be better off sticking to squid for the time being?

Squid can do it, as can Varnish, though personally in most situations
I'd use nginx for that job, it's fairly light-weight, and config is
flexible and not too complex.

Re: relayd filter rewrite?

[Reyk Floeter]

Hi!

On 10.01.2014, at 21:58, Steven M. Caesare scaes...@caesare.com wrote:

 I've just rebuilt my FW as a 5.4 box, and was investigating using relayd
 (rather than squid) to transparently proxy for a couple of web host
 servers.
 
 
 
 It appears that this would be made possible by the filter rewrite
 mentioned at asiabsdcon 2013:
 
 
 
 http://www.openbsd.org/papers/relayd-slides-asiabsdcon2013.pdf
 
 
 
 http://www.openbsd.org/papers/relayd-asiabsdcon2013.pdf
 
 
 
 
 
 It looks like this was targeted for v5.4. However, I don't see the new
 filter syntax referenced in the 5.4 man pages, nor in current. Did the
 filter rewrite happen yet? And relayd chokes if I try using that syntax.
 

Sorry, the filter rewrite hasn’t been finished yet.

I simply didn’t have enough time to finish it yet. At AsiaBSDCon in March 2013, 
I didn’t know about another project that took some of my “spare” time in 2013, 
but our second kid was successfully released in December 2013. Now I’m slowly 
having more time to work on the relayd filter rewrite again.

 
 
 If not, am I overlooking a method to proxy (or redirect) based on
 incoming http host header request to multiple back end web servers, or
 would I likely be better off sticking to squid for the time being?
 

Unfortunately, the filter rewrite is the way to go, the current code is not 
capable of doing this.

Reyk

 
 
 -sc

Re: Cannot set stty parameters and read from /dev/ttyU0

[Jurjen Oskam]

Stuart Henderson stu at spacehopper.org writes:

 
 On 2014-01-10, Jurjen Oskam jurjen at osk.am wrote:
  Philip Guenther guenther at gmail.com writes:
 
  Oh, you're running 5.4-stable?  I thought you were running -current
  and was worried there was another hang in there.  I'm now 99% sure
  you're hitting the one I fixed back in October.
 
 
  I'm sorry, but I don't know which hang you fixed in October. With this
  information, do you think it's the same hang?
 
 It's this one, which is in 5.4-stable updated after 2013/11/12
 http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/003_vnode.patch

Hmm, I'm running -stable as provided by M:Tier, which should have that fix
in it:

OpenBSD 5.4 (GENERIC.MP) #1: Tue Nov 12 10:57:06 CET 2013
r...@binpatch-54-amd64.mtier.org:/home/jasper/binpatchng/work-binpatch54-
amd64/src/sys/arch/amd64/compile/GENERIC.MP

# pkg_info
binpatch54-amd64-kernel-2.0 Binary Patch for 003_vnode.patch
  [...]

It seems like this is a different issue then. What can I do to investigate
this further?

Regards,

Jurjen Oskam

Re: Transparent proxy with Squid on OpenBSD 5.4

[Jason Barbier]

In my personal setup to prevent data leakage id leave the internal 
adapters bridged then remove the external adapter from the bridge, then 
for IPv4 you can just do standard natting for anything that needs to 
leave the network but doesnt need to hit the proxy using the rdr-to 
rules, then IPv6 is totally routed so there is just some internal 
routing that goes on to exchange between the adapters.


On 1/9/2014 4:38 AM, Giancarlo Razzolini wrote:

Em 09-01-2014 08:13, Romain FABBRI - Alien Consulting escreveu:

In this topology :

 Computers = Switch = Webfiltering bridge =
Router = Internet

  


Without a bridge, a system with 2 network cards won't let :

-  data from the Computers going to the Router.

-  data from the Router going to the Computers


It will, that is what nat was created for, and openbsd with pf does it
handsomely. They won't operate as if they were on the same network
though (broadcast). Which is a security feature, from my point of view.
  


How do you make it work without a bridge ???

-  Maybe you're talking about a single network interface
system with just a proxy function on it

o   But no real security would be added in this topology, since you
can bypass the proxy

-  There could be a way to activate packets forwarding, but as
far as I know forwading requieres 2 networks

  




If you use your openbsd box as the gateway, not as a transparent bridge,
not only will you be able to achieve transparent interception with
squid, as you'll have all the other nice features it come along with it.
I believe that a transparent bridge could work, with an extra effort,
but I would need to rig me a setup to test it. But if you have control
over the router, I strongly suggest using 2 nics, and the openbsd
machine as your network gateway.

Cheers,

5.4 release w/flashboot

[Michael Truog]

Hi,

I know flashboot isn't part of OpenBSD officially, but I had a simple error 
when attempting to build the 5.4 release with the script provided by flashboot 
and I was hoping someone would know if it was a problem with the release or 
flashboot itself.  I filed an issue there 
(https://github.com/openbsd/flashboot/issues/33), but I thought an email would 
help, since people may have already ran into it in 5.4.  The error is with the 
build-release.sh script 
(https://github.com/openbsd/flashboot/blob/master/build-release.sh) attempting 
to compile the 5.4 release (after the obvious changes to the script), to 
receive the error below (on i386):

|=== sys/arch/i386/stand/boot
cc  -m32  -fno-pie  -I/usr/src/sys/arch/i386/stand/boot/../../../.. 
-I/usr/src/sys/arch/i386/stand/boot/../libsa -I. 
-I/usr/src/sys/arch/i386/stand/boot -DSOFTRAID -DBOOTMAGIC=0xc001d00d  
-DLINKADDR=0x40120 -DSLOW -DSMALL -DNOBYFOUR -DNO_GZIP -DDYNAMIC_CRC_TABLE 
-DHEAP_LIMIT=0x9 -I/usr/src/sys/arch/i386/stand/boot/../../../../stand/boot 
 -c /usr/src/sys/arch/i386/stand/boot/srt0.S
cc   -Os -Wall -Werror -fno-stack-protector -Wall -Wpointer-arith 
-Wuninitialized -Wstrict-prototypes -Wmissing-prototypes -Wunused 
-Wsign-compare -Wbounded -Wshadow -Wdeclaration-after-statement  -m32 
-D_STANDALONE -nostdinc -fno-builtin -fpack-struct -D__INTERNAL_LIBSA_CREAD 
-fno-pie  -I/usr/src/sys/arch/i386/stand/boot/../../../.. 
-I/usr/src/sys/arch/i386/stand/boot/../libsa -I. 
-I/usr/src/sys/arch/i386/stand/boot -DSOFTRAID -DBOOTMAGIC=0xc001d00d  
-DLINKADDR=0x40120 -DSLOW -DSMALL -DNOBYFOUR -DNO_GZIP -DDYNAMIC_CRC_TABLE 
-DHEAP_LIMIT=0x9 -I/usr/src/sys/arch/i386/stand/boot/../../../../stand/boot 
 -c /usr/src/sys/arch/i386/stand/boot/../../../../stand/boot/boot.c
cc   -Os -Wall -Werror -fno-stack-protector -Wall -Wpointer-arith 
-Wuninitialized -Wstrict-prototypes -Wmissing-prototypes -Wunused 
-Wsign-compare -Wbounded -Wshadow -Wdeclaration-after-statement  -m32 
-D_STANDALONE -nostdinc -fno-builtin -fpack-struct -D__INTERNAL_LIBSA_CREAD 
-fno-pie  -I/usr/src/sys/arch/i386/stand/boot/../../../.. 
-I/usr/src/sys/arch/i386/stand/boot/../libsa -I. 
-I/usr/src/sys/arch/i386/stand/boot -DSOFTRAID -DBOOTMAGIC=0xc001d00d  
-DLINKADDR=0x40120 -DSLOW -DSMALL -DNOBYFOUR -DNO_GZIP -DDYNAMIC_CRC_TABLE 
-DHEAP_LIMIT=0x9 -I/usr/src/sys/arch/i386/stand/boot/../../../../stand/boot 
 -c /usr/src/sys/arch/i386/stand/boot/../../../../stand/boot/cmd.c
cc1: warnings being treated as errors
/usr/src/sys/arch/i386/stand/boot/../../../../stand/boot/cmd.c: In function 
'read_conf':
/usr/src/sys/arch/i386/stand/boot/../../../../stand/boot/cmd.c:141: warning: 
comparison between signed and unsigned
/usr/src/sys/arch/i386/stand/boot/../../../../stand/boot/cmd.c: In function 
'docmd':
/usr/src/sys/arch/i386/stand/boot/../../../../stand/boot/cmd.c:218: warning: 
comparison between signed and unsigned
/usr/src/sys/arch/i386/stand/boot/../../../../stand/boot/cmd.c: In function 
'readline':
/usr/src/sys/arch/i386/stand/boot/../../../../stand/boot/cmd.c:307: warning: 
comparison between signed and unsigned
*** Error 1 in sys/arch/i386/stand/boot (sys.mk:87 'cmd.o')
*** Error 1 in sys/arch/i386/stand (bsd.subdir.mk:48 'all')
*** Error 1 in sys/arch/i386 (bsd.subdir.mk:48 'all')
*** Error 1 in sys (bsd.subdir.mk:48 'all')
*** Error 1 in . (bsd.subdir.mk:48 'all')
*** Error 1 in /usr/src (Makefile:89 'build')
DONE! Now build kernel.|

Please ignore the fact the script didn't detect the error.  I have used the 
i386 files from CD1 for 5.4 with src/sys coming from the mirrors (dropped into 
the diststuff directory, for the script to find).  The sys tarball wasn't on 
the CDs and the src tarball on CD3 is different than what is on the mirrors.  
So, I really am trying to find the proper files for the release to build 
without errors.

Thanks,
Michael

Re: Printing problems - OBSD 5.4 + lpd + Epson Stylus CX5600 (all-in-one)

[Luciano Rottava da Silva]

Guys,

For the record, I have managed to put my printserver into operation using
LPD. However, due to compatibility with other platforms I've decided to
switch to CUPS. Then, after disabling 'ulpt' device, printer was finally
recognized using 'ugen'.

Mission accomplished, printer serving BSDs, Linux and Windows perfectly.

Thanks for the help.
Luciano.


On 10 January 2014 08:06, Zé Loff zel...@zeloff.org wrote:

 On Thu, Jan 09, 2014 at 08:07:10PM -0200, Luciano Rottava da Silva wrote:
  Chaps,
 
  My printcap is, for the time being, as simple as possible:
  # cat /etc/printcap
  lp|local line printer:\
  :sh:sd=/var/spool/output:\
  :lp=/dev/ulpt0:\
  :lf=/var/log/lpd-errs:
 
  #rp|remote line printer:\
  #
 :lp=:rm=printhost:rp=lp:sd=/var/spool/output:lf=/var/log/lpd-errs:
 
  Priting via lpr or writing directly to the usb port (cat /etc/printcap 
  /dev/ulpt0) gives absolutely nothing.

 You need a filter. I managed to get my PX830 working by installing
 foomatic + gutenprint, selecting the appropriate ppd file and with the
 following /etc/printcap:

 lp|epson:\
 :sh:\
 :lp=9...@printer.foo.bar:\
 :sd=/var/spool/output/epson:\
 :lf=/var/log/lpd-errs:\
 :if=/usr/local/bin/foomatic-rip:\
 :af=/etc/foomatic/EPSON-Artisan_835.ppd:\
 :rp=epson:

 Note that this printer is on accessed via network, hence the lp= line.
 I think yours is fine as /dev/ulpt0, but I never used local printers, so
 I'm not sure.

 Also, to get this to work took a lot of time, patience, hair pulling and
 desk head-butting... I even tried to port epson's own linux filters, but
 that route was even worse.

 Good luck!
 Zé

 --

alix install (novice question)

[patrick keshishian]

Hi,

This is my first experience with installing on one of these
boards. I got today's i386 snapshot (Jan 11, 2014) and installed
successfully on a CF card.

After placing the CF in the unit, it seems to boot up fine
after setting:
boot stty com0 38400
boot set tty com0

However, it stops right before displaying the login prompt:

switching console to com0
  OpenBSD/i386 BOOT 3.25
boot
loadrandom: hd0a:/etc/random.seed
booting hd0a:/bsd: 9276028+1082796 [72+404624+398274]=0xaa5260
entry point at 0x200120

[ using 803384 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2014 OpenBSD. All rights reserved.  http://www.OpenBSD.org
[... full output at eom]
starting network daemons: sshd sendmail sndiod.
starting local daemons: cron.
Sat Jan 11 20:12:23 PST 2014


it just sits there. Sending it BREAK does nothing.

Any ideas what I may be doing incorrectly?

--patrick


PC Engines ALIX.2 v0.99h
640 KB Base Memory
261120 KB Extended Memory

01F0 Master 848A ULTIMATE CF CARD
Phys C/H/S 16383/16/63 Log C/H/S 1892/255/63 LBA
Using drive 0, partition 3.
Loading.
probing: pc0 com0 com1 pci mem[640K 255M a20=on]
disk: hd0+
 OpenBSD/i386 BOOT 3.25
boot
loadrandom: hd0a:/etc/random.seed
booting hd0a:/bsd: 9276028+1082796 [72+404624+398274]=0xaa5260
entry point at 0x200120
PC Engines ALIX.2 v0.99h
640 KB Base Memory
31744PC Engines ALIX.2 v0.99h
640 KB Base Memory
261120 KB Extended Memory

01F0 Master 848A ULTIMATE CF CARD
Phys C/H/S 16383/16/63 Log C/H/S 1892/255/63 LBA
Using drive 0, partition 3.
Loading.
probing: pc0 com0 com1 pci mem[640K 255M a20=on]
disk: hd0+
 OpenBSD/i386 BOOT 3.25
boot stty com0 38400
boot set tty com0
switching console to com0
  OpenBSD/i386 BOOT 3.25
boot
loadrandom: hd0a:/etc/random.seed
booting hd0a:/bsd: 9276028+1082796 [72+404624+398274]=0xaa5260
entry point at 0x200120

[ using 803384 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2014 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 5.4-current (GENERIC) #224: Sat Jan 11 00:32:57 MST 2014
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD
586-class) 499 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
real mem  = 267943936 (255MB)
avail mem = 251678720 (240MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
mtrr: K6-family MTRR support (2 registers)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33
glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10,
address 00:0d:b9:2f:89:e4
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11,
address 00:0d:b9:2f:89:e5
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 15,
address 00:0d:b9:2f:89:e6
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 3,
32-bit 3579545Hz timer, watchdog, gpio, i2c
gpio0 at glxpcib0: 32 pins
iic0 at glxpcib0
maxtmp0 at iic0 addr 0x4c: lm86
pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: ULTIMATE CF CARD
wd0: 1-sector PIO, LBA48, 14847MB, 30408336 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 12,
version 1.0, legacy support
ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 12
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
nvram: invalid checksum
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a (530c32759ec43d2d.a) swap on wd0b dump on wd0b

Re: alix install (novice question)

[patrick keshishian]

a speedy reply pointed me to incorrect setting in /etc/ttys

Cheers!
--patrick


On 1/11/14, patrick keshishian pkesh...@gmail.com wrote:
 Hi,

 This is my first experience with installing on one of these
 boards. I got today's i386 snapshot (Jan 11, 2014) and installed
 successfully on a CF card.

 After placing the CF in the unit, it seems to boot up fine
 after setting:
 boot stty com0 38400
 boot set tty com0

 However, it stops right before displaying the login prompt:

 switching console to com0
   OpenBSD/i386 BOOT 3.25
 boot
 loadrandom: hd0a:/etc/random.seed
 booting hd0a:/bsd: 9276028+1082796 [72+404624+398274]=0xaa5260
 entry point at 0x200120

 [ using 803384 bytes of bsd ELF symbol table ]
 Copyright (c) 1982, 1986, 1989, 1991, 1993
 The Regents of the University of California.  All rights reserved.
 Copyright (c) 1995-2014 OpenBSD. All rights reserved.
 http://www.OpenBSD.org
 [... full output at eom]
 starting network daemons: sshd sendmail sndiod.
 starting local daemons: cron.
 Sat Jan 11 20:12:23 PST 2014


 it just sits there. Sending it BREAK does nothing.

 Any ideas what I may be doing incorrectly?

 --patrick


 PC Engines ALIX.2 v0.99h
 640 KB Base Memory
 261120 KB Extended Memory

 01F0 Master 848A ULTIMATE CF CARD
 Phys C/H/S 16383/16/63 Log C/H/S 1892/255/63 LBA
 Using drive 0, partition 3.
 Loading.
 probing: pc0 com0 com1 pci mem[640K 255M a20=on]
 disk: hd0+
 OpenBSD/i386 BOOT 3.25
 boot
 loadrandom: hd0a:/etc/random.seed
 booting hd0a:/bsd: 9276028+1082796 [72+404624+398274]=0xaa5260
 entry point at 0x200120
 PC Engines ALIX.2 v0.99h
 640 KB Base Memory
 31744PC Engines ALIX.2 v0.99h
 640 KB Base Memory
 261120 KB Extended Memory

 01F0 Master 848A ULTIMATE CF CARD
 Phys C/H/S 16383/16/63 Log C/H/S 1892/255/63 LBA
 Using drive 0, partition 3.
 Loading.
 probing: pc0 com0 com1 pci mem[640K 255M a20=on]
 disk: hd0+
 OpenBSD/i386 BOOT 3.25
 boot stty com0 38400
 boot set tty com0
 switching console to com0
   OpenBSD/i386 BOOT 3.25
 boot
 loadrandom: hd0a:/etc/random.seed
 booting hd0a:/bsd: 9276028+1082796 [72+404624+398274]=0xaa5260
 entry point at 0x200120

 [ using 803384 bytes of bsd ELF symbol table ]
 Copyright (c) 1982, 1986, 1989, 1991, 1993
 The Regents of the University of California.  All rights reserved.
 Copyright (c) 1995-2014 OpenBSD. All rights reserved.
 http://www.OpenBSD.org

 OpenBSD 5.4-current (GENERIC) #224: Sat Jan 11 00:32:57 MST 2014
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD
 586-class) 499 MHz
 cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
 real mem  = 267943936 (255MB)
 avail mem = 251678720 (240MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088
 pcibios0 at bios0: rev 2.1 @ 0xf/0x1
 pcibios0: pcibios_get_intr_routing - function not supported
 pcibios0: PCI IRQ Routing information unavailable.
 pcibios0: PCI bus #0 is the last bus
 bios0: ROM list: 0xe/0xa800
 cpu0 at mainbus0: (uniprocessor)
 mtrr: K6-family MTRR support (2 registers)
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33
 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
 vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10,
 address 00:0d:b9:2f:89:e4
 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
 0x004063, model 0x0034
 vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11,
 address 00:0d:b9:2f:89:e5
 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
 0x004063, model 0x0034
 vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 15,
 address 00:0d:b9:2f:89:e6
 ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
 0x004063, model 0x0034
 glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 3,
 32-bit 3579545Hz timer, watchdog, gpio, i2c
 gpio0 at glxpcib0: 32 pins
 iic0 at glxpcib0
 maxtmp0 at iic0 addr 0x4c: lm86
 pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA,
 channel 0 wired to compatibility, channel 1 wired to compatibility
 wd0 at pciide0 channel 0 drive 0: ULTIMATE CF CARD
 wd0: 1-sector PIO, LBA48, 14847MB, 30408336 sectors
 wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
 pciide0: channel 1 ignored (disabled)
 ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 12,
 version 1.0, legacy support
 ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 12
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
 isa0 at glxpcib0
 isadma0 at isa0
 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 com0: console
 com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
 pcppi0 at isa0 port 0x61
 spkr0 at pcppi0
 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
 usb1 at